rootless: support stargz

.github/workflows/test.yml

@@ -42,7 +42,7 @@ jobs:
     timeout-minutes: 20
     strategy:
       matrix:
-        containerd: [1.4.4, 1.5.0-beta.3]
+        containerd: [1.4.4, 1.5.0-beta.4]
     env:
       CONTAINERD_VERSION: "${{ matrix.containerd }}"
     steps:

Dockerfile

@@ -25,7 +25,7 @@ ARG CNI_ISOLATION_VERSION=0.0.3
 # Extra deps: Build
 ARG BUILDKIT_VERSION=0.8.2
 # Extra deps: Lazy-pulling
-ARG STARGZ_SNAPSHOTTER_VERSION=0.4.1
+ARG STARGZ_SNAPSHOTTER_VERSION=0.5.0
 # Extra deps: Encryption
 ARG IMGCRYPT_VERSION=1.1.0
 # Extra deps: Rootless

docs/rootless.md

@@ -58,7 +58,7 @@ To enable `fuse-overlayfs` snapshotter, run the following command:
 $ containerd-rootless-setuptool.sh install-fuse-overlayfs
 ```
 
-Then, add the following config to `~/.config/containerd/config.toml`:
+Then, add the following config to `~/.config/containerd/config.toml`, and run `systemctl --user restart containerd.service`:
 ```toml
 [proxy_plugins]
   [proxy_plugins."fuse-overlayfs"]
@@ -75,6 +75,36 @@ $ nerdctl run -it --rm alpine
 
 If `fuse-overlayfs` does not work, try `export CONTAINERD_SNAPSHOTTER=native`.
 
+### Stargz Snapshotter
+[Stargz Snapshotter](./stargz.md) enables lazy-pulling of images.
+
+As of Stargz Snapshotter 0.5.0, Rootless Stargz Snapshotter supports the following hosts:
+- Any distro, with kernel >= 5.11
+- Ubuntu (>= 15.XX)
+- Debian (>= 10)
+
+To enable Stargz snapshotter, run the following command:
+```console
+$ containerd-rootless-setuptool.sh install-stargz
+```
+
+Then, add the following config to `~/.config/containerd/config.toml` and run `systemctl --user restart containerd.service`:
+```toml
+[proxy_plugins]
+  [proxy_plugins."stargz"]
+      type = "snapshot"
+# NOTE: replace "1000" with your actual UID
+      address = "/run/user/1000/containerd-stargz-grpc/containerd-stargz-grpc.sock"
+```
+
+The snapshotter can be specified as `$CONTAINERD_SNAPSHOTTER`.
+```console
+$ export CONTAINERD_SNAPSHOTTER=stargz
+$ nerdctl run -it --rm ghcr.io/stargz-containers/alpine:3.10.2-esgz
+```
+
+See https://github.com/containerd/stargz-snapshotter/blob/master/docs/pre-converted-images.md for the image list.
+
 ## Troubleshooting
 
 ### Hint to Fedora 33 users

docs/stargz.md

@@ -7,6 +7,10 @@ See https://github.com/containerd/stargz-snapshotter to learn further informatio
 [![asciicast](https://asciinema.org/a/378377.svg)](https://asciinema.org/a/378377)
 
 ## Enable lazy-pulling for `nerdctl run`
+
+> **NOTE**
+> For rootless installation, see [`rootless.md`](./rootless.md#stargz-snapshotter)
+
 - Install Stargz plugin (`containerd-stargz-grpc`) from https://github.com/containerd/stargz-snapshotter 
 
 - Add the following to `/etc/containerd/config.toml`:

extras/rootless/containerd-rootless-setuptool.sh

@@ -48,6 +48,7 @@ CONTAINERD_ROOTLESS_SH="containerd-rootless.sh"
 SYSTEMD_CONTAINERD_UNIT="containerd.service"
 SYSTEMD_BUILDKIT_UNIT="buildkit.service"
 SYSTEMD_FUSE_OVERLAYFS_UNIT="containerd-fuse-overlayfs.service"
+SYSTEMD_STARGZ_UNIT="stargz-snapshotter.service"
 
 # global vars
 ARG0="$0"
@@ -301,7 +302,7 @@ cmd_entrypoint_install_fuse_overlayfs() {
 		[Install]
 		WantedBy=default.target
 	EOT
-	INFO "Add the following lines to \"${XDG_CONFIG_HOME}/containerd/config.toml\" manually:"
+	INFO "Add the following lines to \"${XDG_CONFIG_HOME}/containerd/config.toml\" manually, and then run \`systemctl --user restart ${SYSTEMD_CONTAINERD_UNIT}\`:"
 	cat <<-EOT
 		### BEGIN ###
 		[proxy_plugins]
@@ -313,6 +314,50 @@ cmd_entrypoint_install_fuse_overlayfs() {
 	INFO "Set \`export CONTAINERD_SNAPSHOTTER=\"fuse-overlayfs\"\` to use the fuse-overlayfs snapshotter."
 }
 
+# CLI subcommand: "install-stargz"
+cmd_entrypoint_install_stargz() {
+	init
+	if ! command -v "containerd-stargz-grpc" >/dev/null 2>&1; then
+		ERROR "containerd-stargz-grpc (https://github.com/containerd/stargz-snapshotter) needs to be present under \$PATH"
+		exit 1
+	fi
+	if ! systemctl --user --no-pager status "${SYSTEMD_CONTAINERD_UNIT}" >/dev/null 2>&1; then
+		ERROR "Install containerd first (\`$ARG0 install\`)"
+		exit 1
+	fi
+	if [ ! -f "${XDG_CONFIG_HOME}/containerd-stargz-grpc/config.toml" ]; then
+		mkdir -p "${XDG_CONFIG_HOME}/containerd-stargz-grpc"
+		touch "${XDG_CONFIG_HOME}/containerd-stargz-grpc/config.toml"
+	fi
+	cat <<-EOT | install_systemd_unit "${SYSTEMD_STARGZ_UNIT}"
+		[Unit]
+		Description=stargz snapshotter (Rootless)
+		PartOf=${SYSTEMD_CONTAINERD_UNIT}
+
+		[Service]
+		Environment=PATH=$BIN:/sbin:/usr/sbin:$PATH
+		ExecStart="$REALPATH0" nsenter -- containerd-stargz-grpc -address "${XDG_RUNTIME_DIR}/containerd-stargz-grpc/containerd-stargz-grpc.sock" -root "${XDG_DATA_HOME}/containerd-stargz-grpc" -config "${XDG_CONFIG_HOME}/containerd-stargz-grpc/config.toml"
+		ExecReload=/bin/kill -s HUP \$MAINPID
+		RestartSec=2
+		Restart=always
+		Type=simple
+		KillMode=mixed
+
+		[Install]
+		WantedBy=default.target
+	EOT
+	INFO "Add the following lines to \"${XDG_CONFIG_HOME}/containerd/config.toml\" manually, and then run \`systemctl --user restart ${SYSTEMD_CONTAINERD_UNIT}\`:"
+	cat <<-EOT
+		### BEGIN ###
+		[proxy_plugins]
+		  [proxy_plugins."stargz"]
+		    type = "snapshot"
+		    address = "${XDG_RUNTIME_DIR}/containerd-stargz-grpc/containerd-stargz-grpc.sock"
+		###  END  ###
+	EOT
+	INFO "Set \`export CONTAINERD_SNAPSHOTTER=\"stargz\"\` to use the stargz snapshotter."
+}
+
 # CLI subcommand: "uninstall"
 cmd_entrypoint_uninstall() {
 	init
@@ -340,6 +385,14 @@ cmd_entrypoint_uninstall_fuse_overlayfs() {
 	INFO "To remove data, run: \`$BIN/rootlesskit rm -rf ${XDG_DATA_HOME}/containerd-fuse-overlayfs"
 }
 
+# CLI subcommand: "uninstall-stargz"
+cmd_entrypoint_uninstall_stargz() {
+	init
+	uninstall_systemd_unit "${SYSTEMD_STARGZ_UNIT}"
+	INFO "This uninstallation tool does NOT remove data."
+	INFO "To remove data, run: \`$BIN/rootlesskit rm -rf ${XDG_DATA_HOME}/containerd-stargz-grpc"
+}
+
 # text for --help
 usage() {
 	echo "Usage: ${ARG0} [OPTIONS] COMMAND"
@@ -359,6 +412,10 @@ usage() {
 	echo "Add-on commands (fuse-overlayfs):"
 	echo "  install-fuse-overlayfs      Install the systemd unit for fuse-overlayfs snapshotter"
 	echo "  uninstall-fuse-overlayfs    Uninstall the systemd unit for fuse-overlayfs snapshotter"
+	echo
+	echo "Add-on commands (stargz):"
+	echo "  install-stargz              Install the systemd unit for stargz snapshotter"
+	echo "  uninstall-stargz            Uninstall the systemd unit for stargz snapshotter"
 }
 
 # parse CLI args

go.mod

@@ -5,11 +5,11 @@ go 1.16
 require (
 	github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68
 	github.com/containerd/console v1.0.1
-	github.com/containerd/containerd v1.5.0-beta.3
+	github.com/containerd/containerd v1.5.0-beta.4
 	github.com/containerd/go-cni v1.0.1
-	github.com/containerd/imgcrypt v1.1.0
-	github.com/containerd/stargz-snapshotter v0.4.1
-	github.com/containerd/stargz-snapshotter/estargz v0.4.1
+	github.com/containerd/imgcrypt v1.1.1-0.20210312161619-7ed62a527887
+	github.com/containerd/stargz-snapshotter v0.5.0
+	github.com/containerd/stargz-snapshotter/estargz v0.5.0
 	github.com/containerd/typeurl v1.0.1
 	github.com/containernetworking/cni v0.8.1
 	github.com/containernetworking/plugins v0.9.1