Split create and start

Signed-off-by: Doug Davis <[email protected]>

Author: Doug Davis

config.md

@@ -27,13 +27,15 @@ Each container has exactly one *root filesystem*, specified in the *root* object
 
 * **`path`** (string, required) Specifies the path to the root filesystem for the container. A directory MUST exist at the path declared by the field.
 * **`readonly`** (bool, optional) If true then the root filesystem MUST be read-only inside the container. Defaults to false.
+* **`autoremove`** (bool, optional) If true then the container will be automatically deleted once the PID namespace is deleted. This removes the need for an explicit call to the `delete` operation. Defaults to false.
 
 ### Example
 
 ```json
 "root": {
     "path": "rootfs",
-    "readonly": true
+    "readonly": true,
+	"autoremove":  true
 }
 ```
 

runtime.md

@@ -13,8 +13,6 @@ The state of a container MUST include, at least, the following properties:
 * **`id`**: (string) is the container's ID.
 This MUST be unique across all containers on this host.
 There is no requirement that it be unique across hosts.
-The ID is provided in the state because hooks will be executed with the state as the payload.
-This allows the hooks to perform cleanup and teardown logic after the runtime destroys its own state.
 * **`pid`**: (int) is the ID of the main process within the container, as seen by the host.
 * **`bundlePath`**: (string) is the absolute path to the container's bundle directory.
 This is provided so that consumers can find the container's configuration and root filesystem on the host.
@@ -34,22 +32,25 @@ See [Query State](#query-state) for information on retrieving the state of a con
 
 ## Lifecycle
 The lifecycle describes the timeline of events that happen from when a container is created to when it ceases to exist.
-
-1. OCI compliant runtime is invoked with a reference to the location of the bundle.
-   How this reference is passed to the runtime is an implementation detail.
-2. The container's runtime environment MUST be created according to the configuration in [`config.json`](config.md).
-   Any updates to `config.json` after container is running MUST not affect the container.
-3. The prestart hooks MUST be invoked by the runtime.
-   If any prestart hook fails, then the container MUST be stopped and the lifecycle continues at step 7.
-4. The user specified process MUST be executed in the container.
-5. The poststart hooks MUST be invoked by the runtime.
-   If any poststart hook fails, then the container MUST be stopped and the lifecycle continues at step 7.
-6. Additional actions such as pausing the container, resuming the container or signaling the container MAY be performed using the runtime interface.
-   The container MAY also error out, exit or crash.
-7. The container MUST be destroyed by undoing the steps performed during create phase (step 2).
-8. The poststop hooks MUST be invoked by the runtime and errors, if any, SHOULD be logged.
-
-Note: The lifecycle is a WIP and it will evolve as we have more use cases and more information on the viability of a separate create phase.
+1. OCI compliant runtime's `create` command is invoked with a reference to the location of the bundle and a unique identifier.
+   How these references are passed to the runtime is an implementation detail.
+2. The container's runtime environment (namespaces, mounts, etc.) MUST be created according to the configuration in [`config.json`](config.md).
+   If a new PID namespace is requested in the [`config.json`](config.md), a PID namespace MUST created at this time.
+   However, the user-specified code (from [`process`](config.md#process-configuration) MUST NOT be run at this time.
+   With the exception of the user-specified process, any updates to `config.json` after container is created MUST NOT affect the container.
+3. Once the container is created additional actions MAY be performed based on the features the runtime chooses to support.
+  However, some actions might only be available based on the current state of the container (e.g. only available while it is started).
+4. Runtime's `start` command is invoked with the unique identifier of the container.
+   The runtime MUST run the user-specified code, as specified by [`process`](config.md#process-configuration), in the container's PID namespace.
+   Any updates to the user-specified code in [`process`](config.md#process-configuration) after this point MUST NOT have any effect on the container.
+5. The container's processes are stopped.
+   This MAY happen due to them erroring out, exiting or crashing.
+   The runtime's `stop` operation MAY also be used to stop the processes running within the container.
+6. If the [`autoremove`](config.md#root-configuration) property is present with a value of `true` the runtime's `delete` operation is automatically invoked.
+6. Runtime's `delete` command is invoked with the identifier of the container.
+   The container MUST be destroyed by undoing the steps performed during create phase (step 2).
+   For clarity, the runtime MUST make a best-effort attempt to delete all resources that were create in step 2.
+   The phrase "best-effort" is to allow for situations where some other processes, or container, is "holding on" to a resource and the runtime is therefore unable to delete it.
 
 ## Operations
 
@@ -64,34 +65,60 @@ Unless otherwise stated, generating an error MUST leave the state of the environ
 `state <container-id>`
 
 This operation MUST generate an error if it is not provided the ID of a container.
+Attempting to query a container that does not exist MUST generate an error.
 This operation MUST return the state of a container as specified in the [State](#state) section.
-In particular, the state MUST be serialized as JSON.
+The state MUST be serialized as JSON.
 
 
-### Start
+### Create
 
-`start <container-id> <path-to-bundle>`
+`create <container-id> <path-to-bundle>`
 
 This operation MUST generate an error if it is not provided a path to the bundle and the container ID to associate with the container.
-If the ID provided is not unique across all containers within the scope of the runtime, or is not valid in any other way, the implementation MUST generate an error.
-Using the data in `config.json`, that are in the bundle's directory, this operation MUST create a new container.
-This includes creating the relevant namespaces, resource limits, etc and configuring the appropriate capabilities for the container.
-A new process within the scope of the container MUST be created as specified by the `config.json` file otherwise an error MUST be generated.
+If the ID provided is not unique across all containers within the scope of the runtime, or is not valid in any other way, the implementation MUST generate an error and a new container MUST not be created.
+Using the data in [`config.json`](config.md), this operation MUST create a new container.
+This includes creating, or entering, the namespaces specified in the [`config.json`](config.md), resource limits, etc. and configuring the appropriate capabilities for the container.
+If the `config.json` specifies that a PID namespace is to be created then one MUST be created, but the user-specified code within that namespace MUST NOT be run at this time.
+In some implementations this means that a temporary process is created in the PID namespace but it pauses until the `start` operation is invoked before replacing the process with the user-specified code.
 
-Attempting to start an already running container MUST have no effect on the container and MUST generate an error.
+### Start
+`start <container-id>`
 
-### Stop
+This operation MUST generate an error if it is not provided the container ID.
+Attempting to start a container that does not exist MUST generate an error.
+This operation MUST run the user-specified code as specified by [`process`](config.md#process-configuration) in the configuration file at start-time (the values may have changed since [create](#create)-time).
+If the runtime fails to run code as specified, an error MUST be generated.
+For the purpose of the `start` command, the runtime MUST ignore `config.json` properties outside of `process`.
+This process MUST be run in the PID namespace associated with the container.
+
+Attempting to start an already started container MUST have no effect on the container and MUST generate an error.
+
+### Run
+`run <container-id>`
 
+This operation MUST generate an error if it is not provided the container ID.
+Attempting to run a container that does not exist MUST generate an error.
+This operation MUST invoke the `create` operation, and if there are no errors, then invoke the `start` operation.
+The implementation MAY immediately execute `start` without any pause after `create` completes.
+For example if the implementation used a temporary process to implement `create`, it need not do this in the implementation of `run`.
+
+### Stop
 `stop <container-id>`
 
 This operation MUST generate an error if it is not provided the container ID.
-This operation MUST stop and delete a running container.
-Stopping a container MUST stop all of the processes running within the scope of the container.
-Deleting a container MUST delete the associated namespaces and resources associated with the container.
-Once a container is deleted, its `id` MAY be used by subsequent containers.
 Attempting to stop a container that is not running MUST have no effect on the container and MUST generate an error.
+This operation MUST stop all of the processes running within the container.
+If the [`autoremove`](config.md#root-configuration) property is is set to `false` then this operation MUST NOT delete any resources associated with the container, except for the PID namespace.
+If the [`autoremove`](config.md#root-configuration) property is is set to `true` then the `delete` operation MUST automatically be invoked by the runtime.
 
-## Hooks
+### Delete
 
-Many of the operations specified in this specification have "hooks" that allow for additional actions to be taken before or after each operation.
-See [runtime configuration for hooks](./config.md#hooks) for more information.
+`delete <container-id>`
+
+This operation MUST generate an error if it is not provided the container ID.
+Attempting to delete a container that does not exist MUST generate an error.
+If the container is running then this operation MUST first stop it, per the `stop` operation defined above.
+If the stopping of the container fails then the container MUST NOT be deleted and an error MUST be generated.
+Deleting a container MUST delete the namespaces, and resources, that were created during the `create` step.
+Note that namespaces associated with the container but not created by this container MUST NOT be deleted.
+Once a container is deleted, its `id` MAY be used by subsequent containers.