Shift to development track containerd

Move to the development track of `containerd` not the legacy 0.2
branch. The commands have changed a bit.

This does increase the image size as we are bundling the Docker
copy and our copy, and the new one is larger as it is growing features.
Hopefully Docker will shrink eventually. Also we may replace `ctr`
with a library.

Fix #1029

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack 2017-01-24 15:39:44 +00:00
parent d4416e1b93
commit 89e98eefa0
14 changed files with 132 additions and 17 deletions

View File

@ -11,11 +11,6 @@ RUN \
COPY . .
RUN rm Dockerfile
RUN cd /usr/bin && \
ln -s docker-runc runc && \
ln -s docker-containerd-shim containerd-shim && \
ln -s docker-containerd-ctr containerd-ctr && \
ln -s docker-containerd containerd
RUN \
rc-update add sysctl boot && \

View File

@ -21,7 +21,7 @@ RUN cp /usr/lib/gummiboot/linuxx64.efi.stub . && \
# create a ISO with a EFI boot partition
RUN mkdir -p iso && \
dd if=/dev/zero of=iso/efi.raw bs=1024 count=70000 && \
dd if=/dev/zero of=iso/efi.raw bs=1024 count=78000 && \
mkfs.vfat iso/efi.raw
RUN echo "mtools_skip_check=1" >> /etc/mtools.conf && \

View File

@ -51,7 +51,7 @@ moby.img: Dockerfile mkinitrd.sh init $(ETCFILES)
-C packages/9pmount-vsock sbin -C ../.. \
-C packages/test etc -C ../.. \
-C packages/iptables usr -C ../.. \
-C packages/containerd etc -C ../.. \
-C packages/containerd etc usr -C ../.. \
-C packages/aws etc -C ../.. \
-C packages/azure etc -C ../.. \
-C packages/gcp etc -C ../.. \

View File

@ -0,0 +1,19 @@
FROM golang:1.7-alpine3.5
RUN \
apk update && apk upgrade -a && \
apk add --no-cache \
gcc \
git \
libc-dev \
make \
&& true
ENV CONTAINERD_COMMIT=3b79682548339895fcf9976f60ddea8abc5fc97e
RUN mkdir -p $GOPATH/src/github.com/docker && \
cd $GOPATH/src/github.com/docker && \
git clone https://github.com/docker/containerd.git
WORKDIR $GOPATH/src/github.com/docker/containerd
RUN git checkout $CONTAINERD_COMMIT
RUN make binaries GO_GCFLAGS="-buildmode pie --ldflags '-extldflags \"-fno-PIC -static\"'"
RUN cp bin/containerd bin/ctr bin/containerd-shim /usr/bin/
WORKDIR /
COPY . .

View File

@ -0,0 +1,29 @@
.PHONY: tag push
BASE=golang:1.7-alpine3.5
IMAGE=containerd
default: push
hash: Dockerfile
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sh -c 'cat Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

View File

@ -0,0 +1,23 @@
FROM golang:1.7-alpine3.5
RUN \
apk update && apk upgrade -a && \
apk add --no-cache \
bash \
gcc \
git \
libc-dev \
libseccomp-dev \
linux-headers \
make \
&& true
ENV RUNC_COMMIT=51371867a01c467f08af739783b8beafc154c4d7
RUN mkdir -p $GOPATH/src/github.com/opencontainers && \
cd $GOPATH/src/github.com/opencontainers && \
git clone https://github.com/opencontainers/runc.git
WORKDIR $GOPATH/src/github.com/opencontainers/runc
RUN git checkout $RUNC_COMMIT
# TODO static pie, currently no easy way to change build options
RUN make static BUILDTAGS="seccomp"
RUN cp runc /usr/bin/
WORKDIR /
COPY . .

29
alpine/base/runc/Makefile Normal file
View File

@ -0,0 +1,29 @@
.PHONY: tag push
BASE=golang:1.7-alpine3.5
IMAGE=runc
default: push
hash: Dockerfile
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm $(IMAGE):build sh -c 'cat Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

View File

@ -1,4 +1,4 @@
DEPS=proxy diagnostics transfused tap-vsockd docker nc-vsock vsudd 9pmount-vsock iptables
DEPS=proxy diagnostics transfused tap-vsockd docker nc-vsock vsudd 9pmount-vsock iptables containerd
.PHONY: clean $(DEPS)
default: $(DEPS)

1
alpine/packages/containerd/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
usr

View File

@ -0,0 +1,22 @@
# Tag: cd9f1788bb2e8e7a342f32dd8ba70f450ff7ae2c
CONTAINERD_IMAGE=mobylinux/containerd@sha256:96a96f60751a1bb762e285f36e0cf9c5b4126933bb91475b7369efc990539165
CONTAINERD_BINARIES=usr/bin/containerd usr/bin/containerd-shim usr/bin/ctr
# Tag: 1a72d872ae97b90ae52482e4cb33a2778e168358
RUNC_IMAGE=mobylinux/runc@sha256:2ea83d68baa57d547ec6d407d09cd495e4ef9cd6b0207ec3525fb2752b4a197e
RUNC_BINARY=usr/bin/runc
default: $(RUNC_BINARY) $(CONTAINERD_BINARIES)
$(RUNC_BINARY):
mkdir -p $(dir $@)
docker run --rm --net=none $(RUNC_IMAGE) tar cf - $@ | tar xf -
$(CONTAINERD_BINARIES):
mkdir -p $(dir $@)
docker run --rm --net=none $(CONTAINERD_IMAGE) tar cf - $@ | tar xf -
clean:
rm -rf usr
.DELETE_ON_ERROR:

View File

@ -26,7 +26,7 @@ start()
for f in /containers/*
do
containerd-ctr containers start --no-pivot --attach "$(basename $f)" "$f" 2>$LOG >$LOG &
ctr run --bundle "$f" "$(basename $f)" 2>$LOG >$LOG &
printf " $(basename $f)"
done

View File

@ -41,7 +41,7 @@ DIAGNOSTICS=$(ps -eo args | grep '^/usr/bin/diagnostics-server')
[ $? -eq 0 ] && ok "Diagnostics server running: $DIAGNOSTICS\n" || fail "No diagnostics server\n"
CONTAINERD=$(ps -eo args | grep '^/usr/bin/containerd')
[ $? -eq 0 ] && ok "System containerd server running: $CONTAINERD\n" || fail "No containerd server\n"
CONTAINERPS=$(containerd-ctr containers 2>&1)
CONTAINERPS=$(ctr list 2>&1)
[ $? -eq 0 ] && ok "System containerd working\n" || fail "containerd failed: $CONTAINERPS\n"
exit $EXIT_STATUS

View File

@ -11,7 +11,7 @@ start()
ebegin "Running tests"
if containerd-ctr containers start --no-pivot --attach test /test
if ctr run --bundle /test test
then
printf "Moby test suite PASSED\n"
else

View File

@ -19,12 +19,9 @@ docker rm ${CONTAINER}
mkdir -p /var/log/nginx /var/cache/nginx
containerd-ctr containers start ${NAME} .
containerd-ctr containers
ctr run --bundle . ${NAME}
ctr list
```
For debugging it helps to run `containerd-ctr containers start --attach ${NAME} .` It may
well turn out that you need to create directories that are empty volumes in docker.
For production, you will want to create the `config.json` offline and bundle it in with your
intii script, but you can create the rootfs online.
init script, but you can create the rootfs online.