- Introduction
- License
- Hardware requirements
- Quick start for users
- Quick start for developers
- Community
- Configuration
- Logging
- Debugging
- Limitations
- Home Page
cc-runtime
is the next generation of Intel® Clear Containers runtime.
This tool, henceforth referred to simply as "the runtime", builds upon the virtcontainers project to provide a high-performance standards-compliant runtime that creates hardware-virtualized containers which leverage Intel's VT-x technology.
It is a re-implementation of cc-oci-runtime
written in the go language and supersedes cc-oci-runtime
starting from 3.0.0.
The runtime is both OCI-compatible and CRI-O-compatible, allowing it to work seamlessly with both Docker and Kubernetes respectively.
The code is licensed under an Apache 2.0 license.
See the license file for further details.
The runtime has a built-in command to determine if your host system is capable of running an Intel® Clear Container. Simply run:
$ cc-runtime cc-check
Note:
If you run the command above as the root
user, further checks will be
performed (e.g. check if another incompatible hypervisor is running):
$ sudo cc-runtime cc-check
See the installation guides available for various operating systems.
See the developer's installation guide.
See the contributing document.
The runtime uses a single configuration file called configuration.toml
.
Since the runtime supports a stateless system,
it checks for this configuration file in multiple locations. The default
location is /usr/share/defaults/clear-containers/configuration.toml
for a
standard system. However, if /etc/clear-containers/configuration.toml
exists, this will take priority.
To see which paths the runtime will check for a configuration source, run:
$ cc-runtime --cc-show-default-config-paths
To see details of your systems runtime environment (including the location of the configuration file being used), run:
$ cc-runtime cc-env
The runtime provides --log=
and --log-format=
options. However, you can
also configure it to log to the system log (syslog or journald
) such that
all log data is sent to both the specified logfile and the system log. The
latter is useful as it is independent of the lifecycle of each container.
To view runtime log output:
$ sudo journalctl -t cc-runtime
To view shim log output:
$ sudo journalctl -t cc-shim
To view proxy log output:
$ sudo journalctl -t cc-proxy
Note:
The proxy log entries also include output from the agent (cc-agent
) and the
hypervisor, which includes the guest kernel boot-time messages.
The runtime, the shim (cc-shim
), the proxy (cc-proxy
),
and the hypervisor all have separate enable_debug=
debug
options in the configuration file. All of these debug
options are disabled by default. See the comments in the installed
configuration file for further details.
If you want to enable debug for all components, assuming a standard configuration file path, run:
$ sudo sed -i -e 's/^#\(enable_debug\).*=.*$/\1 = true/g' /usr/share/defaults/clear-containers/configuration.toml
See the agent debug document and the kernel debug document for further details.
See the limitations file for further details.
The canonical home page for the project is: https://github.com/clearcontainers