containers
/
conmon
mirror of https://github.com/containers/conmon.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
An OCI container runtime monitor.
606 Commits 5 Branches 50 Tags 3.5 MiB
C 74.3%
Shell 20.1%
Makefile 2.6%
Meson 1.5%
Nix 1.2%
Other 0.3%
Go to file
Sascha Grunert e21e7c85b7 Build s390x binaries using musl libc 
Building using musl until NixOS/nixpkgs#306473 is resolved.

Refers to cri-o/cri-o#7911

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 		2024-04-26 11:04:10 -04:00
.github Merge pull request #486 from containers/renovate/actions-cache-4.x 2024-01-26 09:42:18 +01:00
.rpmbuild Initial PAPR CI check-in 2018-10-02 17:02:45 -05:00
cmd/conmon-config Fail if conmon config could not be written 2020-08-26 09:10:10 -04:00
contrib/spec Cirrus: Remove disused scripts 2021-09-28 09:41:55 -04:00
docs docs/Makefile: softcode GOMD2MAN 2024-01-05 12:51:32 +05:30
hack Update nixos image and dependencies' version. 2023-05-15 14:03:48 -04:00
nix Build s390x binaries using musl libc 2024-04-26 11:04:10 -04:00
rpm update packit config, enable downstream tasks 2024-01-26 10:02:54 -05:00
runner vendor: bump to latest packages 2023-05-01 14:39:27 -04:00
src drop --tty on exec 2024-01-08 11:29:30 -05:00
tools Lint/format fixes for golang 1.19 2023-02-01 14:41:20 -05:00
.cirrus.yml Merge pull request #492 from saschagrunert/s390x 2024-02-28 09:37:06 -05:00
.clang-format Add .clang-format file 2019-05-22 08:40:52 +02:00
.dir-locals.el .dir-locals.el: new file 2020-03-20 08:43:12 -04:00
.gitignore Remove go.sum file and add go.mod 2020-08-27 09:12:36 -04:00
.packit.yaml update packit config, enable downstream tasks 2024-01-26 10:02:54 -05:00
CODE-OF-CONDUCT.md Fix docs links due to branch rename 2021-06-10 13:15:32 -04:00
Containerfile Use Podman for building 2020-08-05 11:18:54 -04:00
LICENSE remove appendix 2019-06-17 09:13:38 -04:00
Makefile Remove checks for (long)deprecated libsystemd-journal in favor of libsystemd 2024-01-26 10:03:37 -05:00
README.md README.md: update the correct Nix channel 2023-12-13 09:21:17 +08:00
SECURITY.md Fix docs links due to branch rename 2021-06-10 13:15:32 -04:00
VERSION bump to 2.1.10 2023-12-18 14:50:14 -05:00
changelog.txt Add Changelog 2019-08-05 10:02:57 -04:00
go.mod fix(deps): update module github.com/onsi/gomega to v1.31.1 2024-01-26 08:43:22 +00:00
go.sum fix(deps): update module github.com/onsi/gomega to v1.31.1 2024-01-26 08:43:22 +00:00
meson.build Remove checks for (long)deprecated libsystemd-journal in favor of libsystemd 2024-01-26 10:03:37 -05:00

README.md

conmon

An OCI container runtime monitor.

Conmon is a monitoring program and communication tool between a container manager (like Podman or CRI-O) and an OCI runtime (like runc or crun) for a single container.

Upon being launched, conmon (usually) double-forks to daemonize and detach from the parent that launched it. It then launches the runtime as its child. This allows managing processes to die in the foreground, but still be able to watch over and connect to the child process (the container).

While the container runs, conmon does two things:

  • Provides a socket for attaching to the container, holding open the container's standard streams and forwarding them over the socket.
  • Writes the contents of the container's streams to a log file (or to the systemd journal) so they can be read after the container's death.

Finally, upon the containers death, conmon will record its exit time and code to be read by the managing programs.

Written in C and designed to have a low memory footprint, conmon is intended to be run by a container managing library. Essentially, conmon is the smallest daemon a container can have.

In most cases, conmon should be packaged with your favorite container manager. However, if you'd like to try building it from source, follow the steps below.

Dependencies

These dependencies are required for the build:

Fedora, CentOS, RHEL, and related distributions:

sudo yum install -y \
  gcc \
  git \
  glib2-devel \
  glibc-devel \
  libseccomp-devel \
  make \
  pkgconfig \
  runc

Debian, Ubuntu, and related distributions:

sudo apt-get install \
  gcc \
  git \
  libc6-dev \
  libglib2.0-dev \
  libseccomp-dev \
  pkg-config \
  make \
  runc

Build

Once all the dependencies are installed:

make

There are three options for installation, depending on your environment. Each can have the PREFIX overridden. The PREFIX defaults to /usr/local for most Linux distributions.

  • make install installs to $PREFIX/bin, for adding conmon to the path.
  • make podman installs to $PREFIX/libexec/podman, which is used to override the conmon version that Podman uses.
  • make crio installs to $PREFIX/libexec/crio, which is used to override the conmon version that CRI-O uses.

Note, to run conmon, you'll also need to have an OCI compliant runtime installed, like runc or crun.

Static build

It is possible to build a statically linked binary of conmon by using the officially provided nix package and the derivation of it within this repository. The builds are completely reproducible and will create a x86_64/amd64 stripped ELF binary for glibc.

Nix

To build the binaries by locally installing the nix package manager:

nix build -f nix/

Ansible

An Ansible Role is also available to automate the installation of the above statically linked binary on its supported OS:

sudo su -
mkdir -p ~/.ansible/roles
cd ~/.ansible/roles
git clone https://github.com/alvistack/ansible-role-conmon.git conmon
cd ~/.ansible/roles/conmon
pip3 install --upgrade --ignore-installed --requirement requirements.txt
molecule converge
molecule verify