From a59e24b4fae66363963fab92b4b0cb9a76cbba22 Mon Sep 17 00:00:00 2001
From: Rolf Neugebauer <rolf.neugebauer@docker.com>
Date: Wed, 12 Apr 2017 11:24:57 +0100
Subject: [PATCH 1/3] example: Don't use the full @sha25t version of images

The sha1 tag should be sufficient to uniquely identify the image
and the sha256 versions are just very long...

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
---
 examples/docker.yml                       | 2 +-
 examples/gcp.yml                          | 2 +-
 examples/sshd.yml                         | 2 +-
 examples/vmware.yml                       | 2 +-
 linuxkit.yml                              | 2 +-
 projects/landlock/landlock.yml            | 2 +-
 projects/selinux/selinux.yml              | 2 +-
 projects/swarmd/swarmd.yml                | 4 ++--
 projects/wireguard/examples/wireguard.yml | 2 +-
 test/docker-bench/test-docker-bench.yml   | 2 +-
 test/virtsock/test-virtsock-server.yml    | 2 +-
 11 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/examples/docker.yml b/examples/docker.yml
index e691ff254..4371e90b3 100644
--- a/examples/docker.yml
+++ b/examples/docker.yml
@@ -40,7 +40,7 @@ onboot:
     command: ["/mount.sh", "/var/lib/docker"]
 services:
   - name: rngd
-    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92"
+    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9"
     capabilities:
      - CAP_SYS_ADMIN
     oomScoreAdj: -800
diff --git a/examples/gcp.yml b/examples/gcp.yml
index 68460cb7e..0571f8371 100644
--- a/examples/gcp.yml
+++ b/examples/gcp.yml
@@ -38,7 +38,7 @@ onboot:
      - CAP_SYS_ADMIN
 services:
   - name: rngd
-    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92"
+    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9"
     capabilities:
      - CAP_SYS_ADMIN
     oomScoreAdj: -800
diff --git a/examples/sshd.yml b/examples/sshd.yml
index 87a106aa7..fe77f1e78 100644
--- a/examples/sshd.yml
+++ b/examples/sshd.yml
@@ -16,7 +16,7 @@ onboot:
      - CAP_SYS_ADMIN
 services:
   - name: rngd
-    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92"
+    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9"
     capabilities:
      - CAP_SYS_ADMIN
     oomScoreAdj: -800
diff --git a/examples/vmware.yml b/examples/vmware.yml
index a25df911d..4d4978f81 100644
--- a/examples/vmware.yml
+++ b/examples/vmware.yml
@@ -17,7 +17,7 @@ onboot:
     readonly: true
 services:
   - name: rngd
-    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92"
+    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9"
     capabilities:
      - CAP_SYS_ADMIN
     oomScoreAdj: -800
diff --git a/linuxkit.yml b/linuxkit.yml
index 8e0c6ae19..70a910241 100644
--- a/linuxkit.yml
+++ b/linuxkit.yml
@@ -33,7 +33,7 @@ onboot:
     command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
 services:
   - name: rngd
-    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92"
+    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9"
     capabilities:
      - CAP_SYS_ADMIN
     oomScoreAdj: -800
diff --git a/projects/landlock/landlock.yml b/projects/landlock/landlock.yml
index a6c39db28..d7921a272 100644
--- a/projects/landlock/landlock.yml
+++ b/projects/landlock/landlock.yml
@@ -17,7 +17,7 @@ onboot:
     readonly: true
 services:
   - name: rngd
-    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92"
+    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9"
     capabilities:
      - CAP_SYS_ADMIN
     oomScoreAdj: -800
diff --git a/projects/selinux/selinux.yml b/projects/selinux/selinux.yml
index 800521f6e..12cdff883 100644
--- a/projects/selinux/selinux.yml
+++ b/projects/selinux/selinux.yml
@@ -14,7 +14,7 @@ onboot:
     readonly: true
 services:
   - name: rngd
-    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92"
+    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9"
     capabilities:
      - CAP_SYS_ADMIN
     oomScoreAdj: -800
diff --git a/projects/swarmd/swarmd.yml b/projects/swarmd/swarmd.yml
index 13f7587b9..8b6cd261e 100644
--- a/projects/swarmd/swarmd.yml
+++ b/projects/swarmd/swarmd.yml
@@ -14,7 +14,7 @@ onboot:
     readonly: true
 services:
   - name: rngd
-    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92"
+    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9"
     capabilities:
      - CAP_SYS_ADMIN
     oomScoreAdj: -800
@@ -31,7 +31,7 @@ services:
     net: host
     oomScoreAdj: -800
   - name: swarmd
-    image: "mobylinux/swarmd:cf11a7626278ebf17efe2780c138b4e626b02c73@sha256:7b31bb4482e6823d2aec291d13782669c22bc03c9fac1dfd7ed207d942c3c061"
+    image: "mobylinux/swarmd:cf11a7626278ebf17efe2780c138b4e626b02c73"
     command: ["/usr/bin/swarmd", "--containerd-addr=/run/containerd/containerd.sock", "--log-level=debug", "--state-dir=/var/lib/containerd/swarmd"]
     capabilities:
      - CAP_CHOWN
diff --git a/projects/wireguard/examples/wireguard.yml b/projects/wireguard/examples/wireguard.yml
index 2e6548068..9c02540b3 100644
--- a/projects/wireguard/examples/wireguard.yml
+++ b/projects/wireguard/examples/wireguard.yml
@@ -14,7 +14,7 @@ onboot:
     readonly: true
 services:
   - name: rngd
-    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92"
+    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9"
     capabilities:
      - CAP_SYS_ADMIN
     oomScoreAdj: -800
diff --git a/test/docker-bench/test-docker-bench.yml b/test/docker-bench/test-docker-bench.yml
index b07086398..83a2710ee 100644
--- a/test/docker-bench/test-docker-bench.yml
+++ b/test/docker-bench/test-docker-bench.yml
@@ -40,7 +40,7 @@ onboot:
     command: ["/mount.sh", "/var/lib/docker"]
 services:
   - name: rngd
-    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92"
+    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9"
     capabilities:
      - CAP_SYS_ADMIN
     oomScoreAdj: -800
diff --git a/test/virtsock/test-virtsock-server.yml b/test/virtsock/test-virtsock-server.yml
index 14b374518..4a66d37cc 100644
--- a/test/virtsock/test-virtsock-server.yml
+++ b/test/virtsock/test-virtsock-server.yml
@@ -21,7 +21,7 @@ onboot:
     readonly: true
 services:
   - name: rngd
-    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92"
+    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9"
     capabilities:
      - CAP_SYS_ADMIN
     oomScoreAdj: -800

From b0629176abb25be15276db02bb70da7e85bb10d7 Mon Sep 17 00:00:00 2001
From: Rolf Neugebauer <rolf.neugebauer@docker.com>
Date: Wed, 12 Apr 2017 11:29:05 +0100
Subject: [PATCH 2/3] examples: Don't use a file section if you don't need it

Exception is ./moby.yaml where it serves as an example.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
---
 examples/docker.yml                       | 3 +++
 examples/gcp.yml                          | 3 ---
 examples/vmware.yml                       | 3 ---
 projects/landlock/landlock.yml            | 3 ---
 projects/selinux/selinux.yml              | 3 ---
 projects/swarmd/swarmd.yml                | 3 ---
 projects/wireguard/examples/wireguard.yml | 3 ---
 7 files changed, 3 insertions(+), 18 deletions(-)

diff --git a/examples/docker.yml b/examples/docker.yml
index 4371e90b3..e0dc654b3 100644
--- a/examples/docker.yml
+++ b/examples/docker.yml
@@ -76,6 +76,9 @@ services:
     binds:
      - /var/lib/docker:/var/lib/docker
      - /lib/modules:/lib/modules
+files:
+  - path: etc/docker/daemon.json
+    contents: '{"debug": true}'
 trust:
   image:
     - mobylinux/kernel
diff --git a/examples/gcp.yml b/examples/gcp.yml
index 0571f8371..628e282dd 100644
--- a/examples/gcp.yml
+++ b/examples/gcp.yml
@@ -64,9 +64,6 @@ services:
 trust:
   image:
     - mobylinux/kernel
-files:
-  - path: etc/docker/daemon.json
-    contents: '{"debug": true}'
 outputs:
   - format: kernel+initrd
   - format: gcp
diff --git a/examples/vmware.yml b/examples/vmware.yml
index 4d4978f81..295cb9e1f 100644
--- a/examples/vmware.yml
+++ b/examples/vmware.yml
@@ -45,8 +45,5 @@ services:
 trust:
   image:
     - mobylinux/kernel
-files:
-  - path: etc/docker/daemon.json
-    contents: '{"debug": true}'
 outputs:
   - format: vmdk
diff --git a/projects/landlock/landlock.yml b/projects/landlock/landlock.yml
index d7921a272..728b3c38e 100644
--- a/projects/landlock/landlock.yml
+++ b/projects/landlock/landlock.yml
@@ -22,9 +22,6 @@ services:
      - CAP_SYS_ADMIN
     oomScoreAdj: -800
     readonly: true
-files:
-  - path: etc/docker/daemon.json
-    contents: '{"debug": true}'
 outputs:
   - format: kernel+initrd
   - format: iso-bios
diff --git a/projects/selinux/selinux.yml b/projects/selinux/selinux.yml
index 12cdff883..86f6dbe1f 100644
--- a/projects/selinux/selinux.yml
+++ b/projects/selinux/selinux.yml
@@ -19,9 +19,6 @@ services:
      - CAP_SYS_ADMIN
     oomScoreAdj: -800
     readonly: true
-files:
-  - path: etc/docker/daemon.json
-    contents: '{"debug": true}'
 outputs:
   - format: kernel+initrd
   - format: iso-bios
diff --git a/projects/swarmd/swarmd.yml b/projects/swarmd/swarmd.yml
index 8b6cd261e..a3013a8f6 100644
--- a/projects/swarmd/swarmd.yml
+++ b/projects/swarmd/swarmd.yml
@@ -53,9 +53,6 @@ services:
       - /run/containerd/containerd.sock:/run/containerd/containerd.sock
       - /var/lib/containerd:/var/lib/containerd
       - /etc/resolv.conf:/etc/resolv.conf
-files:
-  - path: etc/docker/daemon.json
-    contents: '{"debug": true}'
 outputs:
   - format: kernel+initrd
   - format: iso-bios
diff --git a/projects/wireguard/examples/wireguard.yml b/projects/wireguard/examples/wireguard.yml
index 9c02540b3..0d0c408a4 100644
--- a/projects/wireguard/examples/wireguard.yml
+++ b/projects/wireguard/examples/wireguard.yml
@@ -19,9 +19,6 @@ services:
      - CAP_SYS_ADMIN
     oomScoreAdj: -800
     readonly: true
-files:
-  - path: etc/docker/daemon.json
-    contents: '{"debug": true}'
 outputs:
   - format: kernel+initrd
   - format: iso-bios

From 5541d5840f96009e542282ad23f4b62d83b170f1 Mon Sep 17 00:00:00 2001
From: Rolf Neugebauer <rolf.neugebauer@docker.com>
Date: Wed, 12 Apr 2017 12:17:53 +0100
Subject: [PATCH 3/3] gcp: Set up DHCP and resolv.conf bind mount properly

The DHCP client updates /tmp/etc/resolv.conf and this needs
to be bind mounted into the other containers.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
---
 examples/gcp.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/examples/gcp.yml b/examples/gcp.yml
index 628e282dd..517ad7320 100644
--- a/examples/gcp.yml
+++ b/examples/gcp.yml
@@ -19,7 +19,7 @@ onboot:
     image: "mobylinux/dhcpcd:0d4012269cb142972fed8542fbdc3ff5a7b695cd"
     binds:
      - /var:/var
-     - /tmp:/etc
+     - /tmp/etc:/etc
     capabilities:
      - CAP_NET_ADMIN
      - CAP_NET_BIND_SERVICE
@@ -30,7 +30,7 @@ onboot:
     image: "mobylinux/metadata-gcp:7fc3dd5ef92e0408fb3f76048bbaae88bbb55ad9"
     binds:
      - /tmp:/etc/ssh
-     - /etc/resolv.conf:/etc/resolv.conf
+     - /tmp/etc/resolv.conf:/etc/resolv.conf
     readonly: true
     net: host
     uts: host
@@ -51,7 +51,7 @@ services:
     pid: host
     binds:
      - /tmp/authorized_keys:/root/.ssh/authorized_keys
-     - /etc/resolv.conf:/etc/resolv.conf
+     - /tmp/etc/resolv.conf:/etc/resolv.conf
   - name: nginx
     image: "nginx:alpine"
     capabilities: