Merge pull request #439 from balena-os/lmb/v2runtime

Update to the containerd shim runtime v2

DEVELOPMENT.md

@@ -31,20 +31,46 @@ Project](https://github.com/moby/moby/) repo.
 ### Unique features
 
 This is an incomplete list of features unique to balenaEngine. I hope to make
-this more complete over time, with pointers to the relevant code.
+this more complete over time.
 
 #### Delta updates
 
 With deltas we allow users to pull only the differences between an image they
 already have (the *basis*) and one they want to have (the *target*). Spares
 bandwidth from users and balena alike!
 
+Relevant code:
+
+* The delta algorithms themselves are implemented in balena's [librsync-go
+  library](https://github.com/balena-os/librsync-go). This is the library that supports
+* On the Engine side, delta creation is implemented in the
+  [`ImageService.DeltaCreate()`](https://github.com/balena-os/balena-engine/blob/2cd17c44b267813dfc1153f7d08306024d1fc032/daemon/images/image_delta.go#L29)
+  function (at `daemon/images/image_delta.go`). This code is pretty much
+  self-contained.
+* Applying deltas is a bit more complicated, as our code is "mixed" with Moby's
+  code. The main point of interest is the
+  `LayerDownloadManager.makeDownloadFunc()` function (at
+  `distribution/xfer/download.go`), particularly the code around the [call to
+  `DecorateWithDeltaPatcher()`](https://github.com/balena-os/balena-engine/blob/2cd17c44b267813dfc1153f7d08306024d1fc032/distribution/xfer/download.go#L364C55-L364C55).
+  In a nutshell, what we have here is a pipeline of operations: downloading the
+  layer data, decompressing it, etc. What we do is adding our own step into this
+  pipeline. This step takes the delta itself on the input and produces the
+  target layer on the output.
+
 #### Resilient image pulls
 
 In the event of network issues while pulling an image, balenaEngine will keep
-trying to resume the interrupted download for some time without the need of
-restarting from scratch. This is very useful for devices working with an
-unstable Internet connection.
+trying to resume the interrupted download without the need of restarting from
+scratch. This is very useful for devices working with an unstable Internet
+connection.
+
+Relevant code: Our changes have been to the [`v2LayerDescriptor.Read()`
+function](https://github.com/balena-os/balena-engine/blob/2cd17c44b267813dfc1153f7d08306024d1fc032/distribution/pull_v2.go#L196)
+(`distribution/pull_v2.go`), which basically implements Go's `Reader` interface
+with data coming from an HTTP source. The idea behind our changes is simple:
+instead of returning an `error` when a download error happens, we return `nil`.
+This will cause the caller to keep trying until the network connectivity is
+reestablished.
 
 #### Alternative delta data root
 
@@ -324,7 +350,6 @@ Finally your should bump the version found in [`VERSION`](./VERSION) to the new
 
 ### Random tips
 
-* As I write this (balenaEngine 20.10.18), we support only cgroups v1.
 * This is something we need to look deeper, but I have seen some errors in
   automated tests when using very recent kernel versions. This happens because
   of changes in some kernel interface. AFAIR, this was fixed upstream, but yet

cmd/balena-engine/main.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 
 	"github.com/containerd/containerd/cmd/containerd"
-	containerdShim "github.com/containerd/containerd/cmd/containerd-shim"
+	containerdShimRuncV2 "github.com/containerd/containerd/cmd/containerd-shim-runc-v2"
 	"github.com/containerd/containerd/cmd/ctr"
 	"github.com/docker/cli/cmd/docker"
 	"github.com/docker/docker/cmd/dockerd"
@@ -30,8 +30,8 @@ func main() {
 		dockerd.Main()
 	case "balena-containerd", "balena-engine-containerd":
 		containerd.Main()
-	case "balena-containerd-shim", "balena-engine-containerd-shim":
-		containerdShim.Main()
+	case "balena-containerd-shim-runc-v2":
+		containerdShimRuncV2.Main()
 	case "balena-containerd-ctr", "balena-engine-containerd-ctr":
 		ctr.Main()
 	case "balena-runc", "balena-engine-runc":

daemon/runtime_unix.go

@@ -38,7 +38,7 @@ func configureRuntimes(conf *config.Config) {
 	}
 	conf.Runtimes[config.LinuxV1RuntimeName] = types.Runtime{Path: defaultRuntimeName, Shim: defaultV1ShimConfig(conf, defaultRuntimeName)}
 	conf.Runtimes[config.LinuxV2RuntimeName] = types.Runtime{Path: defaultRuntimeName, Shim: defaultV2ShimConfig(conf, defaultRuntimeName)}
-	conf.Runtimes[config.StockRuntimeName] = conf.Runtimes[config.LinuxV1RuntimeName]
+	conf.Runtimes[config.StockRuntimeName] = conf.Runtimes[config.LinuxV2RuntimeName]
 }
 
 func defaultV2ShimConfig(conf *config.Config, runtimePath string) *types.ShimConfig {

hack/make/.binary-symlinks

@@ -9,10 +9,10 @@ symlink_binaries() {
         balenad
         balena-engine-daemon
         balena-engine-containerd
-        balena-engine-containerd-shim
         balena-engine-containerd-ctr
         balena-engine-runc
         balena-engine-proxy
+        balena-containerd-shim-runc-v2
     )
 
     for file in "${binaries[@]}"; do

vendor.conf

@@ -131,7 +131,7 @@ github.com/googleapis/gax-go                        bd5b16380fd03dc758d11cef74ba
 google.golang.org/genproto                          e50cd9704f63023d62cd06a1994b98227fc4d21a
 
 # containerd
-github.com/containerd/containerd                    2412f5439937b966cdd7fa4a83656371254bdc4f https://github.com/balena-os/balena-containerd # 20.10.17-balena branch, equivalent to upstream's v1.6.6
+github.com/containerd/containerd                    3f37c5e44a31060155bd4ca26624032d6049b0d7 https://github.com/balena-os/balena-containerd # 20.10.17-balena branch (which is based on upstream's v1.6.6)
 github.com/containerd/fifo                          650e8a8a179d040123db61f016cb133143e7a581 # v1.0.0
 github.com/containerd/continuity                    092b2c8f580622aee465fd5d6aba1dc8fad58b56 # v0.2.2
 github.com/containerd/cgroups                       1df78138f1e1e6ee593db155c6b369466f577651 # v1.0.3