WIP: chore: upgrade to containerd/v2

The shim seems to start up and checkpoint/restore works but several
things are broken:

* Exec hangs
* Port-Forward does not work
* logs are not restored due to move of some containerd packages to
  internal. It has simply been disabled as I need to find a new way to
  restore these logs

cmd/installer/main.go

@@ -12,8 +12,8 @@ import (
 	"path/filepath"
 	"time"
 
-	"github.com/containerd/containerd"
-	"github.com/containerd/containerd/services/server/config"
+	"github.com/containerd/containerd/v2/client"
+	"github.com/containerd/containerd/v2/cmd/containerd/server/config"
 	"github.com/coreos/go-systemd/v22/dbus"
 	nodev1 "k8s.io/api/node/v1"
 	kerrors "k8s.io/apimachinery/pkg/api/errors"
@@ -116,20 +116,20 @@ func main() {
 }
 
 func installCriu(ctx context.Context) error {
-	client, err := containerd.New("/run/containerd/containerd.sock", containerd.WithDefaultNamespace("k8s"))
+	containerdClient, err := client.New("/run/containerd/containerd.sock", client.WithDefaultNamespace("k8s"))
 	if err != nil {
 		return err
 	}
 
-	image, err := client.Pull(ctx, *criuImage)
+	image, err := containerdClient.Pull(ctx, *criuImage)
 	if err != nil {
 		return err
 	}
 
-	if err := client.Install(
-		ctx, image, containerd.WithInstallLibs,
-		containerd.WithInstallReplace,
-		containerd.WithInstallPath(optPath),
+	if err := containerdClient.Install(
+		ctx, image, client.WithInstallLibs,
+		client.WithInstallReplace,
+		client.WithInstallPath(optPath),
 	); err != nil {
 		return err
 	}
@@ -171,7 +171,7 @@ func installRuntime(ctx context.Context, runtime containerRuntime) error {
 		return fmt.Errorf("unable to write shim file: %w", err)
 	}
 
-	restartRequired, err := configureContainerd(runtime, containerdConfig)
+	restartRequired, err := configureContainerd(ctx, runtime, containerdConfig)
 	if err != nil {
 		return fmt.Errorf("unable to configure containerd: %w", err)
 	}
@@ -219,17 +219,15 @@ func restartUnit(ctx context.Context, conn *dbus.Conn, service string) error {
 	return nil
 }
 
-func configureContainerd(runtime containerRuntime, containerdConfig string) (restartRequired bool, err error) {
+func configureContainerd(ctx context.Context, runtime containerRuntime, containerdConfig string) (restartRequired bool, err error) {
 	conf := &config.Config{}
-	if err := config.LoadConfig(containerdConfig, conf); err != nil {
+	if err := config.LoadConfig(ctx, containerdConfig, conf); err != nil {
 		return false, err
 	}
 
-	if criPlugins, ok := conf.Plugins[criPluginKey]; ok {
-		if criPlugins.Has(zeropodRuntimeKey) {
-			log.Println("runtime already configured, no need to restart containerd")
-			return false, nil
-		}
+	if zeropodConfigured(conf) {
+		log.Println("runtime already configured, no need to restart containerd")
+		return false, nil
 	}
 
 	// backup the original config
@@ -256,15 +254,12 @@ func configureContainerd(runtime containerRuntime, containerdConfig string) (res
 		return false, err
 	}
 
-	configured, err := optConfigured(containerdConfig)
-	if err != nil {
-		return false, err
-	}
-
-	if !configured {
+	if !optConfigured(conf) {
 		if _, err := cfg.WriteString(fmt.Sprintf(optPlugin, *hostOptPath)); err != nil {
 			return false, err
 		}
+	} else {
+		log.Println("opt plugin is already configured")
 	}
 
 	return true, nil
@@ -301,18 +296,45 @@ func copyConfig(from, to string) error {
 	return nil
 }
 
-func optConfigured(containerdConfig string) (bool, error) {
-	conf := &config.Config{}
-	if err := config.LoadConfig(containerdConfig, conf); err != nil {
-		return false, err
+// zeropodConfigured travereses the containerd config and returns true if the
+// zeropod runtime plugin is already configured.
+func optConfigured(conf *config.Config) bool {
+	if optPlugins, ok := conf.Plugins[containerdOptKey]; ok {
+		pluginMap, ok := optPlugins.(map[string]interface{})
+		if !ok {
+			return false
+		}
+
+		if _, ok := pluginMap["path"]; ok {
+			return true
+		}
 	}
-	if opt, ok := conf.Plugins[containerdOptKey]; ok {
-		if opt.Has("path") {
-			return true, nil
+
+	return false
+}
+
+// zeropodConfigured travereses the containerd config and returns true if the
+// zeropod runtime plugin is already configured.
+func zeropodConfigured(conf *config.Config) bool {
+	if criPlugins, ok := conf.Plugins[criPluginKey]; ok {
+		pluginMap, ok := criPlugins.(map[string]interface{})
+		if !ok {
+			return false
+		}
+		for _, v := range pluginMap {
+			containerdPlugins, ok := v.(map[string]interface{})
+			if !ok {
+				continue
+			}
+
+			runtime := containerdPlugins["runtimes"].(map[string]interface{})
+			if _, ok := runtime[runtimeHandler]; ok {
+				return true
+			}
 		}
 	}
 
-	return false, nil
+	return false
 }
 
 func installRuntimeClass(ctx context.Context, client kubernetes.Interface) error {

cmd/installer/main_test.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"context"
 	"os"
 	"testing"
 
@@ -60,8 +61,9 @@ func TestConfigureContainerd(t *testing.T) {
 
 	require.NoError(t, os.WriteFile(configFile.Name(), []byte(kindContainerdConfig), os.ModePerm))
 
-	restart, err := configureContainerd(runtimeContainerd, configFile.Name())
+	restart, err := configureContainerd(context.Background(), runtimeContainerd, configFile.Name())
 	require.NoError(t, err)
+	assert.True(t, restart)
 
 	newFile, err := os.ReadFile(configFile.Name())
 	require.NoError(t, err)
@@ -71,5 +73,8 @@ func TestConfigureContainerd(t *testing.T) {
 
 	assert.NotEmpty(t, backupInfo.Size())
 	assert.NotEmpty(t, newFile)
-	assert.True(t, restart)
+
+	restart, err = configureContainerd(context.Background(), runtimeContainerd, configFile.Name())
+	require.NoError(t, err)
+	assert.False(t, restart, "calling configureContainerd a second time should not require a restart")
 }

cmd/shim/main.go

@@ -3,12 +3,12 @@ package main
 import (
 	"context"
 
-	"github.com/containerd/containerd/runtime/v2/runc/manager"
-	"github.com/containerd/containerd/runtime/v2/shim"
+	"github.com/containerd/containerd/v2/cmd/containerd-shim-runc-v2/manager"
+	"github.com/containerd/containerd/v2/pkg/shim"
 	_ "github.com/ctrox/zeropod/runc/task/plugin"
 	"github.com/ctrox/zeropod/zeropod"
 )
 
 func main() {
-	shim.RunManager(context.Background(), manager.NewShimManager(zeropod.RuntimeName))
+	shim.Run(context.Background(), manager.NewShimManager(zeropod.RuntimeName))
 }

go.mod

@@ -1,37 +1,40 @@
 module github.com/ctrox/zeropod
 
-go 1.21.0
+go 1.22.0
 
 toolchain go1.22.1
 
 require (
 	github.com/cilium/ebpf v0.15.0
 	github.com/containerd/cgroups v1.1.0
-	github.com/containerd/cgroups/v3 v3.0.2
-	github.com/containerd/containerd v1.7.12
-	github.com/containerd/go-runc v1.0.0
+	github.com/containerd/cgroups/v3 v3.0.3
+	github.com/containerd/containerd/api v1.8.0-rc.2
+	github.com/containerd/containerd/v2 v2.0.0-rc.2
+	github.com/containerd/errdefs v0.1.0
+	github.com/containerd/go-runc v1.1.0
 	github.com/containerd/log v0.1.0
-	github.com/containerd/ttrpc v1.2.2
+	github.com/containerd/plugin v0.1.0
+	github.com/containerd/ttrpc v1.2.4
 	github.com/containerd/typeurl/v2 v2.1.1
-	github.com/containernetworking/plugins v1.2.0
+	github.com/containernetworking/plugins v1.4.1
 	github.com/coreos/go-systemd/v22 v22.5.0
 	github.com/fsnotify/fsnotify v1.7.0
 	github.com/mitchellh/mapstructure v1.5.0
-	github.com/opencontainers/runtime-spec v1.1.0
+	github.com/opencontainers/runtime-spec v1.2.0
 	github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v1.18.0
+	github.com/prometheus/client_golang v1.19.1
 	github.com/prometheus/client_model v0.5.0
-	github.com/prometheus/common v0.45.0
+	github.com/prometheus/common v0.48.0
 	github.com/prometheus/procfs v0.12.0
-	github.com/sirupsen/logrus v1.9.3
-	github.com/stretchr/testify v1.8.4
+	github.com/stretchr/testify v1.9.0
 	github.com/vishvananda/netlink v1.2.1-beta.2
-	golang.org/x/sys v0.19.0
-	google.golang.org/protobuf v1.33.0
-	k8s.io/api v0.29.0
-	k8s.io/apimachinery v0.29.0
-	k8s.io/client-go v0.29.0
+	golang.org/x/sys v0.20.0
+	google.golang.org/protobuf v1.34.1
+	k8s.io/api v0.30.0
+	k8s.io/apimachinery v0.30.0
+	k8s.io/client-go v0.30.0
+	k8s.io/cri-api v0.30.0
 	k8s.io/utils v0.0.0-20240102154912-e7106e64919e
 	sigs.k8s.io/controller-runtime v0.16.3
 	sigs.k8s.io/kind v0.19.0
@@ -43,101 +46,98 @@ require (
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
-	github.com/BurntSushi/toml v1.3.2 // indirect
-	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/Microsoft/hcsshim v0.11.4 // indirect
+	github.com/BurntSushi/toml v1.0.0 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/Microsoft/hcsshim v0.12.3 // indirect
 	github.com/alessio/shellescape v1.4.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/container-orchestrated-devices/container-device-interface v0.6.1 // indirect
-	github.com/containerd/console v1.0.3 // indirect
-	github.com/containerd/continuity v0.4.2 // indirect
+	github.com/containerd/console v1.0.4 // indirect
+	github.com/containerd/continuity v0.4.3 // indirect
 	github.com/containerd/fifo v1.1.0 // indirect
+	github.com/containerd/platforms v0.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
-	github.com/docker/go-metrics v0.0.1 // indirect
+	github.com/distribution/reference v0.6.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.11.2 // indirect
-	github.com/evanphx/json-patch/v5 v5.7.0 // indirect
-	github.com/felixge/httpsnoop v1.0.3 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-openapi/jsonpointer v0.20.2 // indirect
-	github.com/go-openapi/jsonreference v0.20.4 // indirect
-	github.com/go-openapi/swag v0.22.7 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/godbus/dbus/v5 v5.1.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/google/uuid v1.5.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
-	github.com/hashicorp/errwrap v1.1.0 // indirect
-	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/imdario/mergo v0.3.16 // indirect
+	github.com/imdario/mergo v0.3.13 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.16.0 // indirect
+	github.com/klauspost/compress v1.17.8 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/mattn/go-isatty v0.0.17 // indirect
-	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mdlayher/socket v0.5.0 // indirect
+	github.com/mdlayher/vsock v1.2.1 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
-	github.com/moby/sys/mountinfo v0.6.2 // indirect
+	github.com/moby/sys/mountinfo v0.7.1 // indirect
 	github.com/moby/sys/sequential v0.5.0 // indirect
 	github.com/moby/sys/signal v0.7.0 // indirect
-	github.com/moby/sys/symlink v0.2.0 // indirect
 	github.com/moby/sys/user v0.1.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626 // indirect
 	github.com/opencontainers/selinux v1.11.0 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/spf13/cobra v1.7.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
 	github.com/vishvananda/netns v0.0.4 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect
-	go.opentelemetry.io/otel v1.19.0 // indirect
-	go.opentelemetry.io/otel/metric v1.19.0 // indirect
-	go.opentelemetry.io/otel/trace v1.19.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect
+	go.opentelemetry.io/otel v1.26.0 // indirect
+	go.opentelemetry.io/otel/metric v1.26.0 // indirect
+	go.opentelemetry.io/otel/trace v1.26.0 // indirect
 	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
-	golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f // indirect
+	golang.org/x/exp v0.0.0-20231214170342-aacd6d4b4611 // indirect
 	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/net v0.24.0 // indirect
-	golang.org/x/oauth2 v0.16.0 // indirect
+	golang.org/x/oauth2 v0.17.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
 	golang.org/x/term v0.19.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.20.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
-	google.golang.org/grpc v1.58.3 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be // indirect
+	google.golang.org/grpc v1.63.2 // indirect
 	gopkg.in/evanphx/json-patch.v5 v5.6.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.29.0 // indirect
-	k8s.io/cri-api v0.27.1 // indirect
-	k8s.io/klog/v2 v2.120.0 // indirect
-	k8s.io/kube-openapi v0.0.0-20240105020646-a37d4de58910 // indirect
+	k8s.io/klog/v2 v2.120.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
+	tags.cncf.io/container-device-interface v0.7.2 // indirect
+	tags.cncf.io/container-device-interface/specs-go v0.7.0 // indirect
 )