I have multiple Docker images and containers running on a VM. But commands like "runc list" doesn't list any of these.
How can I make runc/containerd aware of my existing docker images?
I have multiple Docker images and containers running on a VM. But commands like "runc list" doesn't list any of these.
How can I make runc/containerd aware of my existing docker images?
The runtime (runc
) uses so-called runtime root directory to store and obtain the information about containers. Under this root directory, runc
places sub-directories (one per container), and each of them contains the state.json
file, where the container state description resides.
The default location for runtime root directory is either /run/runc
(for non-rootless containers) or $XDG_RUNTIME_DIR/runc
(for rootless containers) - the latter also usually points to somewhere under /run
(e.g. /run/user/$UID/runc
).
When the container engine invokes runc
, it may override the default runtime root directory and specify the custom one (--root
option of runc
). Docker uses this possibility, e.g. on my box, it specifies /run/docker/runtime-runc/moby
as the runtime root.
That said, to make runc list
see your Docker containers, you have to point it to Docker's runtime root directory by specifying --root
option. Also, given that Docker containers are not rootless by default, you will need the appropriate privileges to access the runtime root (e.g. with sudo
).
So, that's how this should work:
$ docker run -d alpine sleep 1000
4acd4af5ba8da324b7a902618aeb3fd0b8fce39db5285546e1f80169f157fc69
$ sudo runc --root /run/docker/runtime-runc/moby/ list
ID PID STATUS BUNDLE CREATED OWNER
4acd4af5ba8da324b7a902618aeb3fd0b8fce39db5285546e1f80169f157fc69 18372 running /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/4acd4af5ba8da324b7a902618aeb3fd0b8fce39db5285546e1f80169f157fc69 2019-07-12T17:33:23.401746168Z root
As to images, you can not make runc
see them, as it has no notion of image at all - instead, it operates on bundles. Creating the bundle (e.g. based on image) is responsibility of the caller (in your case - containerd).