Support for systemd cgroup driver

[utam0k]

I'm considering supporting podman, but I don't know the details of podman, so I'm looking for opinions.
I don't know what features youki lacks to support podman yet.
I'm also looking for people to support this issue.

[stappersg]

If I understand correct opens podman the path to IPv6 support.

[utam0k]

@stappersg
Thank you for your valuable information! I don't understand much about it yet, but what kind of implemental do you need to accomplish this?

If I understand correct opens podman the path to IPv6 support.

[tsturzl]

Has anyone tried dropping Youki into Podman as a runtime? I've only used Podman a handful of times, but I don't believe there is a whole lot different from docker. It seems like a good starting off point would be to see if how they work together.

[tsturzl]

@stappersg I'm actually working on the network cgroup controller right now. So far as I can tell the network subsystem of cgroups doesn't really seem to be concerned with the transport layer you're mostly configuring the priority of each interface irrespective to the IP layer. So I wouldn't assume anything special needs to be done to support IPv6, but I could be wrong. I believe most of that higher level stuff is handled outside of the container runtime.

[utam0k]

I've rarely tried the podman, and when I tried it this past weekend, it seemed to lack support for some of the arguments passing to the youki.
I haven't looked deeper into the details yet.

[utam0k]

Unlike docker, the podman allows you to specify a container runtime when creating a container, which is useful when using container runtimes other than the runc. For this reason, I think it is good to support it as much as possible.

[stappersg]

Elaborating my humble

If I understand correct opens podman the path to IPv6 support.

I do like the idea of an OCI runtime implemented in Rust.
Please do things different (and possible better) as Docker. One such thing is supporting IPv6.

My websearch on "Podman IPv6" learnt me that it would make sense to tell about a possible road to success on IPv6 support in youki.

[utam0k]

@stappersg
Thanks for the advice! Let me clarify the situation a bit.
It is the same container layer software as youki and runc. This means that youki is the software used by Docker, and podman is software in the same layer as Docker. This issue tries to support podman.
Is it correct that if youki will support podman, then podman has IPv6 support and therefore youki has IPv6 support?

[nimrodshn]

@utam0k It looks like podman is using conmon to run the container runtime[1][2].

From what I understand it seems like theortically it is suffices to make sure that youki can run on conmon ?

[utam0k]

@nimrodshn Thanks for your advice! hmm... I failed starting container by podman :_(
However, I feel that it is not that difficult to deal with.

$ sudo podman --runtime /home/utam0k/ghq/github.com/utam0k/youki/target/x86_64-unknown-linux-gnu/debug/youki run --rm --memory 4M fedora echo it works
Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.
error: Found argument '--force' which wasn't expected, or isn't valid in this context

If you tried to supply `--force` as a PATTERN use `-- --force`

USAGE:
    youki delete <container-id>

For more information try --help
ERRO[0000] Error removing container d51831f0852cb51df36c2138abe3d7572a72bdb64bf188f5b6148b69871e1949 from runtime after creation failed 
Error: OCI runtime error: error: Found argument '--systemd-cgroup' which wasn't expected, or isn't valid in this context

If you tried to supply `--systemd-cgroup` as a PATTERN use `-- --systemd-cgroup`

USAGE:
    youki [OPTIONS] <SUBCOMMAND>

For more information try --help

[nimrodshn]

@utam0k I agree. I will try as well locally.

BTW is there a slack channel for youki?

[utam0k]

@nimrodshn
Thanks! Can you submit a PR or write a comment, If you notice something,

I agree. I will try as well locally.

I haven't prepared it yet. I'm thinking about the communication place, but I don't think it's the right time yet. If you have any interesting ideas or questions, please feel free to use the issue.
If you have any interesting ideas or questions, please feel free to use this issue in particular.
utam0k#10

BTW is there a slack channel for youki?

[utam0k]

@nimrodshn
If you are interested, I can assign this issue to you, would you like to try? Of course I'll help you if you need anything.

[nimrodshn]

@utam0k
For me podman ps works out of the box:

$ podman --runtime $(pwd)/target/x86_64-unknown-linux-gnu/debug/youki ps
CONTAINER ID  IMAGE                              COMMAND   CREATED      STATUS           PORTS                   NAMES
e4071a901968  docker.io/library/postgres:latest  postgres  2 weeks ago  Up 45 hours ago  0.0.0.0:5432->5432/tcp  db

[nimrodshn]

Ah but I see the same error on podman run:

$ podman --runtime $(pwd)/target/x86_64-unknown-linux-gnu/debug/youki run hello-world
error: Found argument '--force' which wasn't expected, or isn't valid in this context

If you tried to supply `--force` as a PATTERN use `-- --force`

USAGE:
    youki delete <container-id>

For more information try --help
ERRO[0010] Error removing container ebe48b63d0ad21875d8c1113d5995627ac22bff39d4e7c1586ad1c029631250a from runtime after creation failed 
Error: error: Found argument '--systemd-cgroup' which wasn't expected, or isn't valid in this context

If you tried to supply `--systemd-cgroup` as a PATTERN use `-- --systemd-cgroup`

USAGE:
    youki [OPTIONS] <SUBCOMMAND>

For more information try --help: OCI runtime error

[nimrodshn]

@utam0k Yeah sure I can try and hack at it 🤞

[utam0k]

@nimrodshn i'm looking forward your PR! i assigned this issue to you.

[nimrodshn]

@utam0k With you're permission - I have created a slack channel for youki; https://join.slack.com/t/youki-group/shared_invite/zt-r7n7tnfn-Xv2uWSz312OAiPXnlmvbOA

[utam0k]

@nimrodshn Thanks! I just felt that it was time for youki to have a place where we could communicate lightly.
However, in OSS cases like this, I find Discord to be preferable. What do you think about it?
Also, can I ask you to help me run a Discord or Slack community?

[nimrodshn]

Also, can I ask you to help me run a Discord or Slack community?

Yes of course, I haven't used Discord but am happy to try it out - let me create a Discord channel.

[utam0k]

@nimrodshn It's not so different from slack, so I don't think you'll have that much trouble. I would love to have you do this for me.

[nimrodshn]

@utam0k here you go: https://discord.gg/ZnMEPfY2

[jcgruenhage]

I know I'm no contributor and haven't interacted with you people at all so far, but as containers and rust are topics very near to my heart, this project hits just right.

Seeing the communication for this project move from one silo (slack) to another one (discord) feels a bit meh, as there are FOSS alternatives available too. My suggestion (full disclosure: I used to be employed by the company behind this, but we've parted ways a few years ago) would be matrix (protocol) / Element (Client/Frontend), which provides a similar user experience as Discord (in the sense that you have a bunch of channels (or rooms as matrix calls them) grouped together in a Community/Server/Guild/Space or whatever you might call it.

It might not have some of the bells and whistles that Discord has (especially around audio chat), but it makes up for that by providing a federated network where people can host their own infrastructure (if they want to), choose a vendor or register on a public instance. It supports end-to-end encryption if you want it, has open APIs and a spec that's being worked on in the open, with a few different servers available, a thriving ecosystem and a plethora of available clients. In contrast to this, Discord is openly banning people running custom clients (if they get caught) and do lots of other stuff to keep users under control.

I'd be really happy if we could host this on matrix instead, to really embrace open platforms instead of requiring the use of proprietary tools for communication about FOSS software. And yeah, I do see the irony of posting this on Github :D

[jcgruenhage]

Oh, and btw: If you need any help regarding setting up channels on matrix, hosting your own infra, managing or moderating the channels or anything else related, I'd be happy to help.

[ShadowJonathan]

One thing i think was forgotten to mention; With matrix it's possible to "bridge" channels/rooms together from one platform to another, so even if a decision cant be reached between full-matrix or full-discord, it is possible to make compromise by still merging both communities together.

[utam0k]

@jcgruenhage @ShadowJonathan
Thank you for your input. I am not familiar with the communication tools in this area, so I didn't think about it particularly deeply.
This is a bit far from the topic of this issue, so I would be happy to discuss it here.
#10
As the author of youki, one of my opinions is that I would prefer to have basic discussions in an open place. youki's discord is currently being used as a place to solve light questions, and I think this is a good place to communicate. (This is not to say that discord is good, but rather that a test-based communication tool for light questions is good).
If there is a better place I would definitely be interested in hearing about it. However, I may not be able to spend the time to manage such a thing.

[unknowndevQwQ]

$ sudo podman --runtime /bin/youki --runtime-flag log=/tmp/youki run --rm hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

It looks like youki is working fine on podman

[nimrodshn]

@unknowndevQwQ youki is setting up the cgroups properly but isn't setting the container unit under systemd. (See detailed information here). That is WIP under #120 .

[unknowndevQwQ]

@unknowndevQwQ youki is setting up the cgroups properly but isn't setting the container unit under systemd. (See detailed information here). That is WIP under #120 .

Let me know if the problem is solved and I will add youki at https://github.com/containers/common/containers.conf

[utam0k]

@nimrodshn @Furisto @unknowndevQwQ
Perhaps podman already works with youki. Isn't the purpose of this issue actually to support systemd-cgroup?

[utam0k]

I have changed the title of this issue to be more accurate. cc: @Furisto