diff --git a/alpine/Dockerfile b/alpine/Dockerfile index 2f3bf4a7f..b39976069 100644 --- a/alpine/Dockerfile +++ b/alpine/Dockerfile @@ -11,11 +11,6 @@ RUN \ COPY . . RUN rm Dockerfile -RUN cd /usr/bin && \ - ln -s docker-runc runc && \ - ln -s docker-containerd-shim containerd-shim && \ - ln -s docker-containerd-ctr containerd-ctr && \ - ln -s docker-containerd containerd RUN \ rc-update add sysctl boot && \ diff --git a/alpine/Dockerfile.efi b/alpine/Dockerfile.efi index af422ae86..98c29c3eb 100644 --- a/alpine/Dockerfile.efi +++ b/alpine/Dockerfile.efi @@ -21,7 +21,7 @@ RUN cp /usr/lib/gummiboot/linuxx64.efi.stub . && \ # create a ISO with a EFI boot partition RUN mkdir -p iso && \ - dd if=/dev/zero of=iso/efi.raw bs=1024 count=70000 && \ + dd if=/dev/zero of=iso/efi.raw bs=1024 count=78000 && \ mkfs.vfat iso/efi.raw RUN echo "mtools_skip_check=1" >> /etc/mtools.conf && \ diff --git a/alpine/Makefile b/alpine/Makefile index ef7cc5670..8ca77955c 100644 --- a/alpine/Makefile +++ b/alpine/Makefile @@ -51,7 +51,7 @@ moby.img: Dockerfile mkinitrd.sh init $(ETCFILES) -C packages/9pmount-vsock sbin -C ../.. \ -C packages/test etc -C ../.. \ -C packages/iptables usr -C ../.. \ - -C packages/containerd etc -C ../.. \ + -C packages/containerd etc usr -C ../.. \ -C packages/aws etc -C ../.. \ -C packages/azure etc -C ../.. \ -C packages/gcp etc -C ../.. \ diff --git a/alpine/base/containerd/Dockerfile b/alpine/base/containerd/Dockerfile new file mode 100644 index 000000000..c4e0ce51e --- /dev/null +++ b/alpine/base/containerd/Dockerfile @@ -0,0 +1,19 @@ +FROM golang:1.7-alpine3.5 +RUN \ + apk update && apk upgrade -a && \ + apk add --no-cache \ + gcc \ + git \ + libc-dev \ + make \ + && true +ENV CONTAINERD_COMMIT=3b79682548339895fcf9976f60ddea8abc5fc97e +RUN mkdir -p $GOPATH/src/github.com/docker && \ + cd $GOPATH/src/github.com/docker && \ + git clone https://github.com/docker/containerd.git +WORKDIR $GOPATH/src/github.com/docker/containerd +RUN git checkout $CONTAINERD_COMMIT +RUN make binaries GO_GCFLAGS="-buildmode pie --ldflags '-extldflags \"-fno-PIC -static\"'" +RUN cp bin/containerd bin/ctr bin/containerd-shim /usr/bin/ +WORKDIR / +COPY . . diff --git a/alpine/base/containerd/Makefile b/alpine/base/containerd/Makefile new file mode 100644 index 000000000..9dd2c5017 --- /dev/null +++ b/alpine/base/containerd/Makefile @@ -0,0 +1,29 @@ +.PHONY: tag push + +BASE=golang:1.7-alpine3.5 +IMAGE=containerd + +default: push + +hash: Dockerfile + DOCKER_CONTENT_TRUST=1 docker pull $(BASE) + tar cf - $^ | docker build --no-cache -t $(IMAGE):build - + docker run --rm $(IMAGE):build sh -c 'cat Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@ + +push: hash + docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ + (docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \ + docker push mobylinux/$(IMAGE):$(shell cat hash)) + docker rmi $(IMAGE):build + rm -f hash + +tag: hash + docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ + docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) + docker rmi $(IMAGE):build + rm -f hash + +clean: + rm -f hash + +.DELETE_ON_ERROR: diff --git a/alpine/base/runc/Dockerfile b/alpine/base/runc/Dockerfile new file mode 100644 index 000000000..3a86c6574 --- /dev/null +++ b/alpine/base/runc/Dockerfile @@ -0,0 +1,23 @@ +FROM golang:1.7-alpine3.5 +RUN \ + apk update && apk upgrade -a && \ + apk add --no-cache \ + bash \ + gcc \ + git \ + libc-dev \ + libseccomp-dev \ + linux-headers \ + make \ + && true +ENV RUNC_COMMIT=51371867a01c467f08af739783b8beafc154c4d7 +RUN mkdir -p $GOPATH/src/github.com/opencontainers && \ + cd $GOPATH/src/github.com/opencontainers && \ + git clone https://github.com/opencontainers/runc.git +WORKDIR $GOPATH/src/github.com/opencontainers/runc +RUN git checkout $RUNC_COMMIT +# TODO static pie, currently no easy way to change build options +RUN make static BUILDTAGS="seccomp" +RUN cp runc /usr/bin/ +WORKDIR / +COPY . . diff --git a/alpine/base/runc/Makefile b/alpine/base/runc/Makefile new file mode 100644 index 000000000..27c740302 --- /dev/null +++ b/alpine/base/runc/Makefile @@ -0,0 +1,29 @@ +.PHONY: tag push + +BASE=golang:1.7-alpine3.5 +IMAGE=runc + +default: push + +hash: Dockerfile + DOCKER_CONTENT_TRUST=1 docker pull $(BASE) + tar cf - $^ | docker build --no-cache -t $(IMAGE):build - + docker run --rm $(IMAGE):build sh -c 'cat Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@ + +push: hash + docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ + (docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \ + docker push mobylinux/$(IMAGE):$(shell cat hash)) + docker rmi $(IMAGE):build + rm -f hash + +tag: hash + docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ + docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) + docker rmi $(IMAGE):build + rm -f hash + +clean: + rm -f hash + +.DELETE_ON_ERROR: diff --git a/alpine/packages/Makefile b/alpine/packages/Makefile index b2166e303..89400c450 100644 --- a/alpine/packages/Makefile +++ b/alpine/packages/Makefile @@ -1,4 +1,4 @@ -DEPS=proxy diagnostics transfused tap-vsockd docker nc-vsock vsudd 9pmount-vsock iptables +DEPS=proxy diagnostics transfused tap-vsockd docker nc-vsock vsudd 9pmount-vsock iptables containerd .PHONY: clean $(DEPS) default: $(DEPS) diff --git a/alpine/packages/containerd/.gitignore b/alpine/packages/containerd/.gitignore new file mode 100644 index 000000000..73752c9ae --- /dev/null +++ b/alpine/packages/containerd/.gitignore @@ -0,0 +1 @@ +usr diff --git a/alpine/packages/containerd/Makefile b/alpine/packages/containerd/Makefile new file mode 100644 index 000000000..6887ff339 --- /dev/null +++ b/alpine/packages/containerd/Makefile @@ -0,0 +1,22 @@ +# Tag: cd9f1788bb2e8e7a342f32dd8ba70f450ff7ae2c +CONTAINERD_IMAGE=mobylinux/containerd@sha256:96a96f60751a1bb762e285f36e0cf9c5b4126933bb91475b7369efc990539165 +CONTAINERD_BINARIES=usr/bin/containerd usr/bin/containerd-shim usr/bin/ctr + +# Tag: 1a72d872ae97b90ae52482e4cb33a2778e168358 +RUNC_IMAGE=mobylinux/runc@sha256:2ea83d68baa57d547ec6d407d09cd495e4ef9cd6b0207ec3525fb2752b4a197e +RUNC_BINARY=usr/bin/runc + +default: $(RUNC_BINARY) $(CONTAINERD_BINARIES) + +$(RUNC_BINARY): + mkdir -p $(dir $@) + docker run --rm --net=none $(RUNC_IMAGE) tar cf - $@ | tar xf - + +$(CONTAINERD_BINARIES): + mkdir -p $(dir $@) + docker run --rm --net=none $(CONTAINERD_IMAGE) tar cf - $@ | tar xf - + +clean: + rm -rf usr + +.DELETE_ON_ERROR: diff --git a/alpine/packages/containerd/etc/init.d/containerd b/alpine/packages/containerd/etc/init.d/containerd index 9f2fb9c4f..0b4aa225f 100755 --- a/alpine/packages/containerd/etc/init.d/containerd +++ b/alpine/packages/containerd/etc/init.d/containerd @@ -26,7 +26,7 @@ start() for f in /containers/* do - containerd-ctr containers start --no-pivot --attach "$(basename $f)" "$f" 2>$LOG >$LOG & + ctr run --bundle "$f" "$(basename $f)" 2>$LOG >$LOG & printf " $(basename $f)" done diff --git a/alpine/packages/diagnostics/usr/bin/diagnostics b/alpine/packages/diagnostics/usr/bin/diagnostics index 3953c2be7..03ed450d9 100755 --- a/alpine/packages/diagnostics/usr/bin/diagnostics +++ b/alpine/packages/diagnostics/usr/bin/diagnostics @@ -41,7 +41,7 @@ DIAGNOSTICS=$(ps -eo args | grep '^/usr/bin/diagnostics-server') [ $? -eq 0 ] && ok "Diagnostics server running: $DIAGNOSTICS\n" || fail "No diagnostics server\n" CONTAINERD=$(ps -eo args | grep '^/usr/bin/containerd') [ $? -eq 0 ] && ok "System containerd server running: $CONTAINERD\n" || fail "No containerd server\n" -CONTAINERPS=$(containerd-ctr containers 2>&1) +CONTAINERPS=$(ctr list 2>&1) [ $? -eq 0 ] && ok "System containerd working\n" || fail "containerd failed: $CONTAINERPS\n" exit $EXIT_STATUS diff --git a/alpine/packages/test/etc/init.d/test b/alpine/packages/test/etc/init.d/test index f0f5e4747..09d560145 100755 --- a/alpine/packages/test/etc/init.d/test +++ b/alpine/packages/test/etc/init.d/test @@ -11,7 +11,7 @@ start() ebegin "Running tests" - if containerd-ctr containers start --no-pivot --attach test /test + if ctr run --bundle /test test then printf "Moby test suite PASSED\n" else diff --git a/docs/containerd.md b/docs/containerd.md index 6a9e0a835..21d4c021f 100644 --- a/docs/containerd.md +++ b/docs/containerd.md @@ -19,12 +19,9 @@ docker rm ${CONTAINER} mkdir -p /var/log/nginx /var/cache/nginx -containerd-ctr containers start ${NAME} . -containerd-ctr containers +ctr run --bundle . ${NAME} +ctr list ``` -For debugging it helps to run `containerd-ctr containers start --attach ${NAME} .` It may -well turn out that you need to create directories that are empty volumes in docker. - For production, you will want to create the `config.json` offline and bundle it in with your -intii script, but you can create the rootfs online. +init script, but you can create the rootfs online.