Merge pull request #1950 from ijc25/swarmd

projects/swarmd updates

projects/swarmd/swarmd.yml

@@ -9,6 +9,8 @@ init:
 onboot:
   - name: sysctl
     image: "linuxkit/sysctl:3aa6bc663c2849ef239be7d941d3eaf3e6fcc018"
+    binds:
+     - /etc/sysctl.d/01-swarmd.conf:/etc/sysctl.d/01-swarmd.conf
   - name: dhcpcd
     image: "linuxkit/dhcpcd:7d2b8aaaf20c24ad7d11a5ea2ea5b4a80dc966f1"
     command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
@@ -29,27 +31,16 @@ services:
   - name: ntpd
     image: "linuxkit/openntpd:45deeb05f736162d941c9bf494983f655ab80aa5"
   - name: swarmd
-    image: "linuxkit/swarmd:a2f57f14f07fb6d7cded7832b2dabe878b28554e"
+    image: "linuxkit/swarmd:1002422b78339a767559058d704b086889e90447"
     command: ["/usr/bin/swarmd", "--containerd-addr=/run/containerd/containerd.sock", "--log-level=debug", "--state-dir=/var/lib/swarmd"]
     capabilities:
-     - CAP_CHOWN
+     - all
-     - CAP_DAC_OVERRIDE
-     - CAP_FSETID
-     - CAP_FOWNER
-     - CAP_MKNOD
-     - CAP_NET_RAW
-     - CAP_SETGID
-     - CAP_SETUID
-     - CAP_SETFCAP
-     - CAP_SETPCAP
-     - CAP_NET_BIND_SERVICE
-     - CAP_SYS_CHROOT
-     - CAP_KILL
-     - CAP_AUDIT_WRITE
     pid: host
-    net: host
     binds:
       - /run/containerd/containerd.sock:/run/containerd/containerd.sock
       - /var/lib/containerd:/var/lib/containerd
       - /var/lib/swarmd:/var/lib/swarmd
       - /etc/resolv.conf:/etc/resolv.conf
+files:
+  - path: /etc/sysctl.d/01-swarmd.conf
+    contents: 'net.ipv4.ip_forward = 1'

projects/swarmd/swarmd/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.7-alpine3.5 AS build
+FROM linuxkit/alpine:630ee558e4869672fae230c78364e367b8ea67a9 AS build
 
 RUN \
   apk update && apk upgrade && \
@@ -6,31 +6,42 @@ RUN \
   ca-certificates \
   gcc \
   git \
+  go \
   libc-dev \
   make \
   && true
 
-# PR https://github.com/docker/swarmkit/pull/1965 from ijc25/containerd
+ENV GOPATH=/root/go
-ENV SWARMKIT_PR=1965
+
-ENV SWARMKIT_COMMIT=321b9c6600a9422c3245b277a1b3ae599244d4b7
+# https://github.com/ijc25/swarmkit/tree/containerd-wip
+ENV SWARMKIT_REPO=https://github.com/ijc25/swarmkit
+ENV SWARMKIT_BRANCH=containerd-wip
+ENV SWARMKIT_COMMIT=cb429323fa86df0c279a8d629e674f79a20e01e3
 
 RUN mkdir -p $GOPATH/src/github.com/docker && \
   cd $GOPATH/src/github.com/docker && \
-  git clone https://github.com/docker/swarmkit.git
+  git clone $SWARMKIT_REPO
 WORKDIR $GOPATH/src/github.com/docker/swarmkit
-RUN [ -z "$SWARMKIT_PR" ] || git fetch origin pull/$SWARMKIT_PR/head
+RUN [ -z "$SWARMKIT_BRANCH" ] || git fetch origin $SWARMKIT_BRANCH
 RUN git checkout $SWARMKIT_COMMIT
 
 RUN make binaries GO_GCFLAGS="-buildmode pie --ldflags '-extldflags \"-fno-PIC -static\"'"
 
-RUN mkdir -p /build/dist/usr/bin/ /build/dist/etc
+RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
-RUN cp bin/swarmd bin/swarmctl /build/dist/usr/bin/
+RUN apk add --no-cache --initdb -p /out \
-RUN strip /build/dist/usr/bin/swarmd /build/dist/usr/bin/swarmctl
+    alpine-baselayout \
+    busybox \
+    ca-certificates \
+    iptables \
+    musl \
+    util-linux
 
-RUN cp -r /etc/ssl /build/dist/etc/ssl
+RUN mkdir -p /out/usr/bin/ /out/etc
+RUN cp bin/swarmd bin/swarmctl /out/usr/bin/
+RUN strip /out/usr/bin/swarmd /out/usr/bin/swarmctl
 
 FROM scratch
 WORKDIR /
 ENTRYPOINT []
-COPY --from=build /build/dist /
+COPY --from=build /out /
 CMD ["/usr/bin/swarmd", "--containerd-addr=/run/containerd/containerd.sock", "--log-level=debug", "--state-dir=/var/lib/swarmd"]

projects/swarmd/swarmd/Makefile

@@ -1,6 +1,7 @@
 .PHONY: tag push
 all: push
 
+ORG?=linuxkit
 IMAGE=swarmd
 
 HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}')
@@ -8,7 +9,7 @@ HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}')
 default: push
 
 tag: Dockerfile
-	docker build -t linuxkit/$(IMAGE):$(HASH) .
+	docker build --no-cache -t $(ORG)/$(IMAGE):$(HASH) .
 
 push: tag
-	docker pull linuxkit/$(IMAGE):$(HASH) || docker push linuxkit/$(IMAGE):$(HASH)
+	docker pull $(ORG)/$(IMAGE):$(HASH) || docker push $(ORG)/$(IMAGE):$(HASH)