Shift to development track containerd

Move to the development track of `containerd` not the legacy 0.2 branch. The commands have changed a bit. This does increase the image size as we are bundling the Docker copy and our copy, and the new one is larger as it is growing features. Hopefully Docker will shrink eventually. Also we may replace `ctr` with a library. Fix #1029 Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2025-07-22 10:31:35 +00:00 · 2017-01-24 15:39:44 +00:00 · 2017-01-24 15:39:44 +00:00 · 89e98eefa0
commit 89e98eefa0
parent d4416e1b93
14 changed files with 132 additions and 17 deletions
--- a/alpine/Dockerfile
+++ b/alpine/Dockerfile
@ -11,11 +11,6 @@ RUN \

 COPY . .
 RUN rm Dockerfile
-RUN cd /usr/bin && \
-  ln -s docker-runc runc && \
-  ln -s docker-containerd-shim containerd-shim && \
-  ln -s docker-containerd-ctr containerd-ctr && \
-  ln -s docker-containerd containerd

 RUN \
  rc-update add sysctl boot && \
--- a/alpine/Dockerfile.efi
+++ b/alpine/Dockerfile.efi
@ -21,7 +21,7 @@ RUN cp /usr/lib/gummiboot/linuxx64.efi.stub . && \

 # create a ISO with a EFI boot partition
 RUN mkdir -p iso && \
-    dd if=/dev/zero of=iso/efi.raw bs=1024 count=70000 && \
+    dd if=/dev/zero of=iso/efi.raw bs=1024 count=78000 && \
    mkfs.vfat iso/efi.raw

 RUN echo "mtools_skip_check=1" >> /etc/mtools.conf && \
--- a/alpine/Makefile
+++ b/alpine/Makefile
@ -51,7 +51,7 @@ moby.img: Dockerfile mkinitrd.sh init $(ETCFILES)
 	  -C packages/9pmount-vsock sbin -C ../.. \
 	  -C packages/test etc -C ../.. \
 	  -C packages/iptables usr -C ../.. \
-	  -C packages/containerd etc -C ../.. \
+	  -C packages/containerd etc usr -C ../.. \
 	  -C packages/aws etc -C ../.. \
 	  -C packages/azure etc -C ../.. \
 	  -C packages/gcp etc -C ../.. \
--- a/alpine/base/containerd/Dockerfile
+++ b/alpine/base/containerd/Dockerfile
@ -0,0 +1,19 @@
+FROM golang:1.7-alpine3.5
+RUN \
+  apk update && apk upgrade -a && \
+  apk add --no-cache \
+  gcc \
+  git \
+  libc-dev \
+  make \
+  && true
+ENV CONTAINERD_COMMIT=3b79682548339895fcf9976f60ddea8abc5fc97e
+RUN mkdir -p $GOPATH/src/github.com/docker && \
+  cd $GOPATH/src/github.com/docker && \
+  git clone https://github.com/docker/containerd.git
+WORKDIR $GOPATH/src/github.com/docker/containerd
+RUN git checkout $CONTAINERD_COMMIT
+RUN make binaries GO_GCFLAGS="-buildmode pie --ldflags '-extldflags \"-fno-PIC -static\"'"
+RUN cp bin/containerd bin/ctr bin/containerd-shim /usr/bin/
+WORKDIR /
+COPY . .
--- a/alpine/base/containerd/Makefile
+++ b/alpine/base/containerd/Makefile
@ -0,0 +1,29 @@
+.PHONY: tag push
+
+BASE=golang:1.7-alpine3.5
+IMAGE=containerd
+
+default: push
+
+hash: Dockerfile
+	DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
+	tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
+	docker run --rm $(IMAGE):build sh -c 'cat Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@
+
+push: hash
+	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
+		(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
+		 docker push mobylinux/$(IMAGE):$(shell cat hash))
+	docker rmi $(IMAGE):build
+	rm -f hash
+
+tag: hash
+	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
+		docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
+	docker rmi $(IMAGE):build
+	rm -f hash
+
+clean:
+	rm -f hash
+
+.DELETE_ON_ERROR:
--- a/alpine/base/runc/Dockerfile
+++ b/alpine/base/runc/Dockerfile
@ -0,0 +1,23 @@
+FROM golang:1.7-alpine3.5
+RUN \
+  apk update && apk upgrade -a && \
+  apk add --no-cache \
+  bash \
+  gcc \
+  git \
+  libc-dev \
+  libseccomp-dev \
+  linux-headers \
+  make \
+  && true
+ENV RUNC_COMMIT=51371867a01c467f08af739783b8beafc154c4d7
+RUN mkdir -p $GOPATH/src/github.com/opencontainers && \
+  cd $GOPATH/src/github.com/opencontainers && \
+  git clone https://github.com/opencontainers/runc.git
+WORKDIR $GOPATH/src/github.com/opencontainers/runc
+RUN git checkout $RUNC_COMMIT
+# TODO static pie, currently no easy way to change build options
+RUN make static BUILDTAGS="seccomp"
+RUN cp runc /usr/bin/
+WORKDIR /
+COPY . .
--- a/alpine/base/runc/Makefile
+++ b/alpine/base/runc/Makefile
@ -0,0 +1,29 @@
+.PHONY: tag push
+
+BASE=golang:1.7-alpine3.5
+IMAGE=runc
+
+default: push
+
+hash: Dockerfile
+	DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
+	tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
+	docker run --rm $(IMAGE):build sh -c 'cat Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@
+
+push: hash
+	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
+		(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
+		 docker push mobylinux/$(IMAGE):$(shell cat hash))
+	docker rmi $(IMAGE):build
+	rm -f hash
+
+tag: hash
+	docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
+		docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
+	docker rmi $(IMAGE):build
+	rm -f hash
+
+clean:
+	rm -f hash
+
+.DELETE_ON_ERROR:
--- a/alpine/packages/Makefile
+++ b/alpine/packages/Makefile
@ -1,4 +1,4 @@
-DEPS=proxy diagnostics transfused tap-vsockd docker nc-vsock vsudd 9pmount-vsock iptables
+DEPS=proxy diagnostics transfused tap-vsockd docker nc-vsock vsudd 9pmount-vsock iptables containerd
 .PHONY: clean $(DEPS)

 default: $(DEPS)
--- a/alpine/packages/containerd/.gitignore
+++ b/alpine/packages/containerd/.gitignore
@ -0,0 +1 @@
+usr
--- a/alpine/packages/containerd/Makefile
+++ b/alpine/packages/containerd/Makefile
@ -0,0 +1,22 @@
+# Tag: cd9f1788bb2e8e7a342f32dd8ba70f450ff7ae2c
+CONTAINERD_IMAGE=mobylinux/containerd@sha256:96a96f60751a1bb762e285f36e0cf9c5b4126933bb91475b7369efc990539165
+CONTAINERD_BINARIES=usr/bin/containerd usr/bin/containerd-shim usr/bin/ctr
+
+# Tag: 1a72d872ae97b90ae52482e4cb33a2778e168358
+RUNC_IMAGE=mobylinux/runc@sha256:2ea83d68baa57d547ec6d407d09cd495e4ef9cd6b0207ec3525fb2752b4a197e
+RUNC_BINARY=usr/bin/runc
+
+default: $(RUNC_BINARY) $(CONTAINERD_BINARIES)
+
+$(RUNC_BINARY):
+	mkdir -p $(dir $@)
+	docker run --rm --net=none $(RUNC_IMAGE) tar cf - $@ | tar xf -
+
+$(CONTAINERD_BINARIES):
+	mkdir -p $(dir $@)
+	docker run --rm --net=none $(CONTAINERD_IMAGE) tar cf - $@ | tar xf -
+
+clean:
+	rm -rf usr
+
+.DELETE_ON_ERROR:
--- a/alpine/packages/containerd/etc/init.d/containerd
+++ b/alpine/packages/containerd/etc/init.d/containerd
@ -26,7 +26,7 @@ start()

 	for f in /containers/*
 	do
-		containerd-ctr containers start --no-pivot --attach "$(basename $f)" "$f" 2>$LOG >$LOG &
+		ctr run --bundle "$f" "$(basename $f)" 2>$LOG >$LOG &
 		printf " $(basename $f)"
 	done

--- a/alpine/packages/diagnostics/usr/bin/diagnostics
+++ b/alpine/packages/diagnostics/usr/bin/diagnostics
@ -41,7 +41,7 @@ DIAGNOSTICS=$(ps -eo args | grep '^/usr/bin/diagnostics-server')
 [ $? -eq 0 ] && ok "Diagnostics server running: $DIAGNOSTICS\n" || fail "No diagnostics server\n"
 CONTAINERD=$(ps -eo args | grep '^/usr/bin/containerd')
 [ $? -eq 0 ] && ok "System containerd server running: $CONTAINERD\n" || fail "No containerd server\n"
-CONTAINERPS=$(containerd-ctr containers 2>&1)
+CONTAINERPS=$(ctr list 2>&1)
 [ $? -eq 0 ] && ok "System containerd working\n" || fail "containerd failed: $CONTAINERPS\n"

 exit $EXIT_STATUS
--- a/alpine/packages/test/etc/init.d/test
+++ b/alpine/packages/test/etc/init.d/test
@ -11,7 +11,7 @@ start()

 	ebegin "Running tests"

-	if containerd-ctr containers start --no-pivot --attach test /test
+	if ctr run --bundle /test test
 	then
 		printf "Moby test suite PASSED\n"
 	else
--- a/docs/containerd.md
+++ b/docs/containerd.md
@ -19,12 +19,9 @@ docker rm ${CONTAINER}

 mkdir -p /var/log/nginx /var/cache/nginx

-containerd-ctr containers start ${NAME} .
-containerd-ctr containers
+ctr run --bundle . ${NAME}
+ctr list
 ```

-For debugging it helps to run `containerd-ctr containers start --attach ${NAME} .` It may
-well turn out that you need to create directories that are empty volumes in docker.
-
 For production, you will want to create the `config.json` offline and bundle it in with your
-intii script, but you can create the rootfs online.
+init script, but you can create the rootfs online.