diff --git a/blueprints/README.md b/blueprints/README.md deleted file mode 100644 index 3615284d3..000000000 --- a/blueprints/README.md +++ /dev/null @@ -1,49 +0,0 @@ -# Blueprints - -This directory will contain the blueprints for base systems on the platforms that we support with LinuxKit. - -These will be used for running tests, and for the low level parts of blueprints for higher level systems. - -These include all the platforms that Docker has editions on, and all platforms that our community supports. -The detailed blueprints will be addded soon for at least the following platforms. There are WIP versions in -the [examples/](../examples/) directory. - -- MacOS -- Windows Hyper-V -- VMWare -- KVM -- AWS -- Azure -- GCP -- BlueMix -- Packet.net -- ... - - -### Docker for Mac - -An initial blueprint for the open source components of Docker for Mac is available in [docker-for-mac](docker-for-mac). The blueprint has support for controlling `dockerd` from the host via `vsudd` and port forwarding with VPNKit. It requires HyperKit, VPNKit and a Docker client on the host to run. The easiest way to install these at the moment is to install a recent version of Docker for Mac. - -To build it with the latest Docker CE: - -``` -$ linuxkit build -name docker-for-mac base.yml docker-ce.yml -``` - -To run the VM with a 4G disk: - -``` -linuxkit run hyperkit -networking=vpnkit -vsock-ports=2376 -disk size=4096M -data-file ./metadata.json docker-for-mac -``` - -In another terminal you should now be able to access docker via the socket `guest.00000947` in the state directory (`docker-for-mac-state/` by default): - -``` -$ docker -H unix://docker-for-mac-state/guest.00000948 ps -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -``` - -### Linux Containers On Windows (LCOW) - -The LCOW blueprint has moved to [its own -repository](https://github.com/linuxkit/lcow). diff --git a/blueprints/docker-for-mac/docker-ce.yml b/blueprints/docker-for-mac/docker-ce.yml deleted file mode 100644 index 0d7da4cdf..000000000 --- a/blueprints/docker-for-mac/docker-ce.yml +++ /dev/null @@ -1,31 +0,0 @@ -services: - # Run dockerd with the vpnkit userland proxy from the vpnkit-forwarder container. - # Bind mounts /var/run to allow vsudd to connect to docker.sock, /var/vpnkit - # for vpnkit coordination and /run/config/docker for the configuration file. - - name: docker-dfm - image: docker:17.07.0-ce-dind - capabilities: - - all - net: host - mounts: - - type: cgroup - options: ["rw","nosuid","noexec","nodev","relatime"] - binds: - - /etc/resolv.conf:/etc/resolv.conf - - /var/lib/docker:/var/lib/docker - - /lib/modules:/lib/modules - - /var/vpnkit:/port # vpnkit control 9p mount - - /var/run:/var/run - - /run/config/docker:/var/config/docker - - /usr/bin/vpnkit-expose-port:/usr/bin/vpnkit-expose-port # userland proxy - - /usr/bin/vpnkit-iptables-wrapper:/usr/bin/iptables # iptables wrapper - command: [ "/usr/local/bin/docker-init", "/usr/local/bin/dockerd", "--", - "--config-file", "/var/config/docker/daemon.json", - "--swarm-default-advertise-addr=eth0", - "--userland-proxy-path", "/usr/bin/vpnkit-expose-port", - "--storage-driver", "overlay2" ] - runtime: - mkdir: ["/var/lib/docker"] -trust: - org: - - library diff --git a/blueprints/docker-for-mac/metadata.json b/blueprints/docker-for-mac/metadata.json deleted file mode 100644 index c82963ee3..000000000 --- a/blueprints/docker-for-mac/metadata.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "docker": { - "entries": { - "daemon.json": { - "perm": "0644", - "content": "{ \"debug\": true }" - } - } - } -} \ No newline at end of file diff --git a/scripts/Vagrantfile b/contrib/Vagrantfile similarity index 100% rename from scripts/Vagrantfile rename to contrib/Vagrantfile diff --git a/scripts/kernels/Dockerfile.deb b/contrib/foreign-kernels/Dockerfile.deb similarity index 100% rename from scripts/kernels/Dockerfile.deb rename to contrib/foreign-kernels/Dockerfile.deb diff --git a/scripts/kernels/Dockerfile.rpm b/contrib/foreign-kernels/Dockerfile.rpm similarity index 100% rename from scripts/kernels/Dockerfile.rpm rename to contrib/foreign-kernels/Dockerfile.rpm diff --git a/scripts/kernels/README.md b/contrib/foreign-kernels/README.md similarity index 100% rename from scripts/kernels/README.md rename to contrib/foreign-kernels/README.md diff --git a/scripts/kernels/centos.sh b/contrib/foreign-kernels/centos.sh similarity index 100% rename from scripts/kernels/centos.sh rename to contrib/foreign-kernels/centos.sh diff --git a/scripts/kernels/debian.sh b/contrib/foreign-kernels/debian.sh similarity index 100% rename from scripts/kernels/debian.sh rename to contrib/foreign-kernels/debian.sh diff --git a/scripts/kernels/fedora.sh b/contrib/foreign-kernels/fedora.sh similarity index 100% rename from scripts/kernels/fedora.sh rename to contrib/foreign-kernels/fedora.sh diff --git a/scripts/kernels/mainline.sh b/contrib/foreign-kernels/mainline.sh similarity index 100% rename from scripts/kernels/mainline.sh rename to contrib/foreign-kernels/mainline.sh diff --git a/scripts/kernels/ubuntu.sh b/contrib/foreign-kernels/ubuntu.sh similarity index 100% rename from scripts/kernels/ubuntu.sh rename to contrib/foreign-kernels/ubuntu.sh diff --git a/docs/kernels.md b/docs/kernels.md index 406548de9..0ba7ed999 100644 --- a/docs/kernels.md +++ b/docs/kernels.md @@ -23,8 +23,8 @@ The perf package is called `kernel-perf` and is tagged the same way as the kernel packages. In addition to the official images, there are also some -[scripts](../scripts/kernels) which repackage kernels packages from -some Linux distributions into LinuxKit kernel packages. These are +[scripts](../contrib/foreign-kernels) which repackage kernels packages +from some Linux distributions into LinuxKit kernel packages. These are mostly provided for testing purposes. diff --git a/docs/platform-hyperkit.md b/docs/platform-hyperkit.md index 81b169805..97f22c0f0 100644 --- a/docs/platform-hyperkit.md +++ b/docs/platform-hyperkit.md @@ -35,7 +35,7 @@ supported and the disks are in raw format. HyperKit sends an ACPI power event when it receives SIGTERM to allow the VM to shut down properly. The VM has to be able to receive ACPI events to initiate the shutdown. This is provided by the [`acpid` package](../pkg/acpid). An example -is available in the [Docker for Mac blueprint](../blueprints/docker-for-mac/base.yml). +is available in the [Docker for Mac example](../examples/docker-for-mac.yml). ## Networking @@ -177,7 +177,7 @@ domain socket inside the VM to the host via virtio or Hyper-V sockets. With HyperKit, the virtio sockets can be exposed as unix domain sockets on the host, enabling access to other daemons, like `containerd` and `dockerd`, from the host. An example configuration -file is available in [examples/vsudd.yml](/examples/vsudd.yml). +file is available in [examples/vsudd-containerd.yml](/examples/vsudd-containerd.yml). After building the example, run it with `linuxkit run hyperkit -vsock-ports 2374 vsudd`. This will create a unix domain socket in the state directory that maps to the `containerd` control socket. The socket is called `guest.00000946`. diff --git a/examples/docker-for-mac.md b/examples/docker-for-mac.md new file mode 100644 index 000000000..a625e69ee --- /dev/null +++ b/examples/docker-for-mac.md @@ -0,0 +1,29 @@ +# Docker for Mac + +[`docker-for-mac.yml`](./docker-for-mac.yml) contains an example use +of the open source components of Docker for Mac. The example has +support for controlling `dockerd` from the host via `vsudd` and port +forwarding with VPNKit. It requires HyperKit, VPNKit and a Docker +client on the host to run. The easiest way to install these at the +moment is to install a recent version of Docker for Mac. + +To build it with the latest Docker CE: + +``` +$ linuxkit build docker-for-mac.yml +``` + +To run the VM with a 4G disk: + +``` +linuxkit run hyperkit -networking=vpnkit -vsock-ports=2376 -disk size=4096M -data-file ./metadata.json docker-for-mac +``` + +In another terminal you should now be able to access docker via the +socket `guest.00000947` in the state directory +(`docker-for-mac-state/` by default): + +``` +$ docker -H unix://docker-for-mac-state/guest.00000948 ps +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +``` diff --git a/blueprints/docker-for-mac/base.yml b/examples/docker-for-mac.yml similarity index 74% rename from blueprints/docker-for-mac/base.yml rename to examples/docker-for-mac.yml index 1ea617680..89c9a3669 100644 --- a/blueprints/docker-for-mac/base.yml +++ b/examples/docker-for-mac.yml @@ -1,4 +1,4 @@ -# This is a blueprint for building the open source components of Docker for Mac +# This is an example for building the open source components of Docker for Mac kernel: image: linuxkit/kernel:4.9.77 cmdline: "console=ttyS0 page_poison=1" @@ -79,7 +79,35 @@ services: # When the host resumes from sleep, force a clock resync - name: host-timesync-daemon image: linuxkit/host-timesync-daemon:085e1910de6f311f96a823eaa10ffd6d92ec9679 + # Run dockerd with the vpnkit userland proxy from the vpnkit-forwarder container. + # Bind mounts /var/run to allow vsudd to connect to docker.sock, /var/vpnkit + # for vpnkit coordination and /run/config/docker for the configuration file. + - name: docker-dfm + image: docker:17.07.0-ce-dind + capabilities: + - all + net: host + mounts: + - type: cgroup + options: ["rw","nosuid","noexec","nodev","relatime"] + binds: + - /etc/resolv.conf:/etc/resolv.conf + - /var/lib/docker:/var/lib/docker + - /lib/modules:/lib/modules + - /var/vpnkit:/port # vpnkit control 9p mount + - /var/run:/var/run + - /run/config/docker:/var/config/docker + - /usr/bin/vpnkit-expose-port:/usr/bin/vpnkit-expose-port # userland proxy + - /usr/bin/vpnkit-iptables-wrapper:/usr/bin/iptables # iptables wrapper + command: [ "/usr/local/bin/docker-init", "/usr/local/bin/dockerd", "--", + "--config-file", "/var/config/docker/daemon.json", + "--swarm-default-advertise-addr=eth0", + "--userland-proxy-path", "/usr/bin/vpnkit-expose-port", + "--storage-driver", "overlay2" ] + runtime: + mkdir: ["/var/lib/docker"] trust: org: - linuxkit + - library diff --git a/examples/vsudd.yml b/examples/vsudd-containerd.yml similarity index 100% rename from examples/vsudd.yml rename to examples/vsudd-containerd.yml diff --git a/scripts/signing/avi.crt b/scripts/certs/avi.crt similarity index 100% rename from scripts/signing/avi.crt rename to scripts/certs/avi.crt diff --git a/scripts/signing/avi_arm.crt b/scripts/certs/avi_arm.crt similarity index 100% rename from scripts/signing/avi_arm.crt rename to scripts/certs/avi_arm.crt diff --git a/scripts/signing/ian.crt b/scripts/certs/ian.crt similarity index 100% rename from scripts/signing/ian.crt rename to scripts/certs/ian.crt diff --git a/scripts/signing/ian_arm.crt b/scripts/certs/ian_arm.crt similarity index 100% rename from scripts/signing/ian_arm.crt rename to scripts/certs/ian_arm.crt diff --git a/scripts/signing/justin.crt b/scripts/certs/justin.crt similarity index 100% rename from scripts/signing/justin.crt rename to scripts/certs/justin.crt diff --git a/scripts/signing/riyaz.crt b/scripts/certs/riyaz.crt similarity index 100% rename from scripts/signing/riyaz.crt rename to scripts/certs/riyaz.crt diff --git a/scripts/signing/rolf.crt b/scripts/certs/rolf.crt similarity index 100% rename from scripts/signing/rolf.crt rename to scripts/certs/rolf.crt diff --git a/scripts/signing/init_signing.sh b/scripts/signing/init_signing.sh deleted file mode 100755 index f79a3571d..000000000 --- a/scripts/signing/init_signing.sh +++ /dev/null @@ -1,25 +0,0 @@ -# USAGE: ./init_signing.sh linuxkit/repo - -if [[ -z $DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE ]] -then - echo "must set DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE" - exit 1 -fi - -if [[ -z $DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE ]] -then - echo "must set DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE" - exit 1 -fi - -docker trust signer add justin $1 --key justin.crt - -docker trust signer add rolf $1 --key rolf.crt - -docker trust signer add ian $1 --key ian.crt --key ian_arm.crt - -docker trust signer add avi $1 --key avi.crt --key avi_arm.crt - -docker trust signer add riyaz $1 --key riyaz.crt - -echo "Successfully set up signing for $1" diff --git a/test/cases/000_build/200_blueprints/010_docker_for_mac/test.sh b/test/cases/000_build/100_examples/090_docker_for_mac/test.sh similarity index 57% rename from test/cases/000_build/200_blueprints/010_docker_for_mac/test.sh rename to test/cases/000_build/100_examples/090_docker_for_mac/test.sh index a6e06182b..289a00e5c 100644 --- a/test/cases/000_build/200_blueprints/010_docker_for_mac/test.sh +++ b/test/cases/000_build/100_examples/090_docker_for_mac/test.sh @@ -1,5 +1,5 @@ #!/bin/sh -# SUMMARY: Test the Docker for Mac blueprint +# SUMMARY: Test the Docker for Mac example # LABELS: amd64 set -e @@ -17,7 +17,7 @@ clean_up() { trap clean_up EXIT # Test code goes here -linuxkit build -name "${NAME}" "${LINUXKIT_BLUEPRINTS_DIR}/${NAME}/base.yml" "${LINUXKIT_BLUEPRINTS_DIR}/${NAME}/docker-ce.yml" +linuxkit build "${LINUXKIT_EXAMPLES_DIR}/${NAME}.yml" exit 0 diff --git a/test/cases/000_build/200_blueprints/group.sh b/test/cases/000_build/200_blueprints/group.sh deleted file mode 100644 index ca0695d9d..000000000 --- a/test/cases/000_build/200_blueprints/group.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh -# SUMMARY: Check that the blueprint YAML files work -# LABELS: - -group_init() { - # Group initialisation code goes here - return 0 -} - -group_deinit() { - # Group de-initialisation code goes here - return 0 -} - -CMD=$1 -case $CMD in -init) - group_init - res=$? - ;; -deinit) - group_deinit - res=$? - ;; -*) - res=1 - ;; -esac - -exit $res - diff --git a/test/cases/group.sh b/test/cases/group.sh index 8f0229595..732805cec 100644 --- a/test/cases/group.sh +++ b/test/cases/group.sh @@ -11,7 +11,6 @@ group_init() { [ -r "${LINUXKIT_TMPDIR}" ] && rm -rf "${LINUXKIT_TMPDIR}" mkdir "${LINUXKIT_TMPDIR}" echo "export LINUXKIT_EXAMPLES_DIR=${RT_PROJECT_ROOT}/../../examples" >> "${LINUXKIT_TMPDIR}/env.sh" - echo "export LINUXKIT_BLUEPRINTS_DIR=${RT_PROJECT_ROOT}/../../blueprints" >> "${LINUXKIT_TMPDIR}/env.sh" if rt_label_set "gcp"; then # If we run GCP tests, make sure it is configured