Add LinuxContainerExecutor to Wasmtime and WasmEdge shims

.github/workflows/ci.yml

@@ -83,6 +83,13 @@ jobs:
         run: |
           sudo apt -y update
           sudo apt install -y pkg-config libsystemd-dev libdbus-glib-1-dev build-essential libelf-dev libseccomp-dev libclang-dev
+      -
+        # Add support for more platforms with QEMU (optional)
+        # https://github.com/docker/setup-qemu-action
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
       - name: run
         run: |
           make test/k8s

Makefile

@@ -67,10 +67,16 @@ bin/kind: test/k8s/Dockerfile
 test/k8s/_out/img: test/k8s/Dockerfile Cargo.toml Cargo.lock $(shell find . -type f -name '*.rs')
 	mkdir -p $(@D) && $(DOCKER_BUILD) -f test/k8s/Dockerfile --iidfile=$(@) --load  .
 
+.PHONY: test/py-flask
+test/py-flask:
+	$(DOCKER_BUILD) -t py-flask-app:latest -f $@/Dockerfile --load $@
+	mkdir -p $@/out && docker save -o $@/out/img.tar py-flask-app:latest 
+
 .PHONY: test/k8s/cluster
-test/k8s/cluster: target/wasm32-wasi/$(TARGET)/img.tar bin/kind test/k8s/_out/img bin/kind
+test/k8s/cluster: target/wasm32-wasi/$(TARGET)/img.tar bin/kind test/k8s/_out/img bin/kind test/py-flask
 	bin/kind create cluster --name $(KIND_CLUSTER_NAME) --image="$(shell cat test/k8s/_out/img)" && \
 	bin/kind load image-archive --name $(KIND_CLUSTER_NAME) $(<)
+	bin/kind load image-archive --name $(KIND_CLUSTER_NAME) test/py-flask/out/img.tar
 
 .PHONY: test/k8s
 test/k8s: test/k8s/cluster

crates/containerd-shim-wasmtime/src/executor.rs

@@ -1,5 +1,5 @@
 use nix::unistd::{dup, dup2};
-use std::{fs::OpenOptions, os::fd::RawFd};
+use std::{fs::OpenOptions, os::fd::RawFd, path::PathBuf};
 
 use anyhow::{anyhow, Result, Context};
 use containerd_shim_wasm::sandbox::oci;
@@ -39,8 +39,35 @@ impl Executor for WasmtimeExecutor {
         };
     }
 
-    fn can_handle(&self, _spec: &Spec) -> bool {
-        true
+    fn can_handle(&self, spec: &Spec) -> bool {
+        // check if the entrypoint of the spec is a wasm binary.
+        let args = oci::get_args(spec);
+        if args.is_empty() {
+            return false;
+        }
+
+        let start = args[0].clone();
+        let mut iterator = start.split('#');
+        let mut cmd = iterator.next().unwrap().to_string();
+        let stripped = cmd.strip_prefix(std::path::MAIN_SEPARATOR);
+        if let Some(strpd) = stripped {
+            cmd = strpd.to_string();
+        }
+
+        let mut path = PathBuf::from(cmd);
+        if path.is_relative() {
+            path = std::env::current_dir().unwrap().join(path);
+        }
+
+        // TODO: do we need to validate the wasm binary?
+        // ```rust
+        //   let bytes = std::fs::read(path).unwrap();
+        //   wasmparser::validate(&bytes).is_ok()
+        // ```
+
+        path.extension()
+            .map(|ext| ext == "wasm" || ext == "wat")
+            .unwrap_or(false)
     }
 
     fn name(&self) -> &'static str {

crates/containerd-shim-wasmtime/src/instance.rs

@@ -4,6 +4,7 @@ use containerd_shim_wasm::sandbox::instance_utils::{
 };
 use libcontainer::container::builder::ContainerBuilder;
 use libcontainer::container::{Container, ContainerStatus};
+use libcontainer::workload::default::DefaultExecutor;
 use nix::errno::Errno;
 use nix::sys::wait::waitid;
 use serde::{Deserialize, Serialize};
@@ -19,7 +20,7 @@ use chrono::{DateTime, Utc};
 use containerd_shim_wasm::sandbox::error::Error;
 use containerd_shim_wasm::sandbox::instance::Wait;
 use containerd_shim_wasm::sandbox::{EngineGetter, Instance, InstanceConfig};
-use libc::{dup2, STDERR_FILENO, STDIN_FILENO, STDOUT_FILENO};
+use libc::{dup, dup2, STDERR_FILENO, STDIN_FILENO, STDOUT_FILENO};
 use libc::{SIGINT, SIGKILL};
 use libcontainer::syscall::syscall::create_syscall;
 use log::error;
@@ -243,13 +244,35 @@ impl Wasi {
         let stdout = maybe_open_stdio(stdout).context("could not open stdout")?;
         let stderr = maybe_open_stdio(stderr).context("could not open stderr")?;
 
+        let wasmtime_executor = Box::new(WasmtimeExecutor {
+            engine,
+            stdin,
+            stdout,
+            stderr,
+        });
+        let default_executor = Box::<DefaultExecutor>::default();
+
+        if let Some(stdin) = stdin {
+            unsafe {
+                STDIN_FD = Some(dup(STDIN_FILENO));
+                dup2(stdin, STDIN_FILENO);
+            }
+        }
+        if let Some(stdout) = stdout {
+            unsafe {
+                STDOUT_FD = Some(dup(STDOUT_FILENO));
+                dup2(stdout, STDOUT_FILENO);
+            }
+        }
+        if let Some(stderr) = stderr {
+            unsafe {
+                STDERR_FD = Some(dup(STDERR_FILENO));
+                dup2(stderr, STDERR_FILENO);
+            }
+        }
+
         let container = ContainerBuilder::new(self.id.clone(), syscall.as_ref())
-            .with_executor(vec![Box::new(WasmtimeExecutor {
-                stdin,
-                stdout,
-                stderr,
-                engine,
-            })])?
+            .with_executor(vec![wasmtime_executor, default_executor])?
             .with_root_path(self.rootdir.clone())?
             .as_init(&self.bundle)
             .with_systemd(false)

test/k8s/deploy.yaml

@@ -24,4 +24,7 @@ spec:
       containers:
       - name: demo
         image: ghcr.io/containerd/runwasi/wasi-demo-app:latest
+        imagePullPolicy: Never
+      - name: py-demo
+        image: py-flask-app:latest
         imagePullPolicy: Never

test/py-flask/Dockerfile

@@ -0,0 +1,18 @@
+# syntax=docker/dockerfile:1.4
+FROM --platform=$BUILDPLATFORM python:3.10-alpine AS builder
+
+WORKDIR /app
+
+COPY requirements.txt /app
+RUN --mount=type=cache,target=/root/.cache/pip \
+    pip3 install -r requirements.txt
+
+COPY . /app
+
+ENTRYPOINT ["python3"]
+CMD ["app.py"]
+
+FROM builder as dev-envs
+
+RUN apk update && \
+    apk add git

test/py-flask/app.py

@@ -0,0 +1,9 @@
+from flask import Flask
+app = Flask(__name__)
+
+@app.route('/')
+def hello():
+	return "Hello World!"
+
+if __name__ == '__main__':
+	app.run(host='0.0.0.0', port=8000)

test/py-flask/requirements.txt

@@ -0,0 +1 @@
+flask