From 89e98eefa0cd48733368c7ae42a02fff2ea80e87 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Tue, 24 Jan 2017 15:39:44 +0000 Subject: [PATCH] Shift to development track containerd Move to the development track of `containerd` not the legacy 0.2 branch. The commands have changed a bit. This does increase the image size as we are bundling the Docker copy and our copy, and the new one is larger as it is growing features. Hopefully Docker will shrink eventually. Also we may replace `ctr` with a library. Fix #1029 Signed-off-by: Justin Cormack --- alpine/Dockerfile | 5 ---- alpine/Dockerfile.efi | 2 +- alpine/Makefile | 2 +- alpine/base/containerd/Dockerfile | 19 ++++++++++++ alpine/base/containerd/Makefile | 29 +++++++++++++++++++ alpine/base/runc/Dockerfile | 23 +++++++++++++++ alpine/base/runc/Makefile | 29 +++++++++++++++++++ alpine/packages/Makefile | 2 +- alpine/packages/containerd/.gitignore | 1 + alpine/packages/containerd/Makefile | 22 ++++++++++++++ .../packages/containerd/etc/init.d/containerd | 2 +- .../packages/diagnostics/usr/bin/diagnostics | 2 +- alpine/packages/test/etc/init.d/test | 2 +- docs/containerd.md | 9 ++---- 14 files changed, 132 insertions(+), 17 deletions(-) create mode 100644 alpine/base/containerd/Dockerfile create mode 100644 alpine/base/containerd/Makefile create mode 100644 alpine/base/runc/Dockerfile create mode 100644 alpine/base/runc/Makefile create mode 100644 alpine/packages/containerd/.gitignore create mode 100644 alpine/packages/containerd/Makefile diff --git a/alpine/Dockerfile b/alpine/Dockerfile index 2f3bf4a7f..b39976069 100644 --- a/alpine/Dockerfile +++ b/alpine/Dockerfile @@ -11,11 +11,6 @@ RUN \ COPY . . RUN rm Dockerfile -RUN cd /usr/bin && \ - ln -s docker-runc runc && \ - ln -s docker-containerd-shim containerd-shim && \ - ln -s docker-containerd-ctr containerd-ctr && \ - ln -s docker-containerd containerd RUN \ rc-update add sysctl boot && \ diff --git a/alpine/Dockerfile.efi b/alpine/Dockerfile.efi index af422ae86..98c29c3eb 100644 --- a/alpine/Dockerfile.efi +++ b/alpine/Dockerfile.efi @@ -21,7 +21,7 @@ RUN cp /usr/lib/gummiboot/linuxx64.efi.stub . && \ # create a ISO with a EFI boot partition RUN mkdir -p iso && \ - dd if=/dev/zero of=iso/efi.raw bs=1024 count=70000 && \ + dd if=/dev/zero of=iso/efi.raw bs=1024 count=78000 && \ mkfs.vfat iso/efi.raw RUN echo "mtools_skip_check=1" >> /etc/mtools.conf && \ diff --git a/alpine/Makefile b/alpine/Makefile index ef7cc5670..8ca77955c 100644 --- a/alpine/Makefile +++ b/alpine/Makefile @@ -51,7 +51,7 @@ moby.img: Dockerfile mkinitrd.sh init $(ETCFILES) -C packages/9pmount-vsock sbin -C ../.. \ -C packages/test etc -C ../.. \ -C packages/iptables usr -C ../.. \ - -C packages/containerd etc -C ../.. \ + -C packages/containerd etc usr -C ../.. \ -C packages/aws etc -C ../.. \ -C packages/azure etc -C ../.. \ -C packages/gcp etc -C ../.. \ diff --git a/alpine/base/containerd/Dockerfile b/alpine/base/containerd/Dockerfile new file mode 100644 index 000000000..c4e0ce51e --- /dev/null +++ b/alpine/base/containerd/Dockerfile @@ -0,0 +1,19 @@ +FROM golang:1.7-alpine3.5 +RUN \ + apk update && apk upgrade -a && \ + apk add --no-cache \ + gcc \ + git \ + libc-dev \ + make \ + && true +ENV CONTAINERD_COMMIT=3b79682548339895fcf9976f60ddea8abc5fc97e +RUN mkdir -p $GOPATH/src/github.com/docker && \ + cd $GOPATH/src/github.com/docker && \ + git clone https://github.com/docker/containerd.git +WORKDIR $GOPATH/src/github.com/docker/containerd +RUN git checkout $CONTAINERD_COMMIT +RUN make binaries GO_GCFLAGS="-buildmode pie --ldflags '-extldflags \"-fno-PIC -static\"'" +RUN cp bin/containerd bin/ctr bin/containerd-shim /usr/bin/ +WORKDIR / +COPY . . diff --git a/alpine/base/containerd/Makefile b/alpine/base/containerd/Makefile new file mode 100644 index 000000000..9dd2c5017 --- /dev/null +++ b/alpine/base/containerd/Makefile @@ -0,0 +1,29 @@ +.PHONY: tag push + +BASE=golang:1.7-alpine3.5 +IMAGE=containerd + +default: push + +hash: Dockerfile + DOCKER_CONTENT_TRUST=1 docker pull $(BASE) + tar cf - $^ | docker build --no-cache -t $(IMAGE):build - + docker run --rm $(IMAGE):build sh -c 'cat Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@ + +push: hash + docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ + (docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \ + docker push mobylinux/$(IMAGE):$(shell cat hash)) + docker rmi $(IMAGE):build + rm -f hash + +tag: hash + docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ + docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) + docker rmi $(IMAGE):build + rm -f hash + +clean: + rm -f hash + +.DELETE_ON_ERROR: diff --git a/alpine/base/runc/Dockerfile b/alpine/base/runc/Dockerfile new file mode 100644 index 000000000..3a86c6574 --- /dev/null +++ b/alpine/base/runc/Dockerfile @@ -0,0 +1,23 @@ +FROM golang:1.7-alpine3.5 +RUN \ + apk update && apk upgrade -a && \ + apk add --no-cache \ + bash \ + gcc \ + git \ + libc-dev \ + libseccomp-dev \ + linux-headers \ + make \ + && true +ENV RUNC_COMMIT=51371867a01c467f08af739783b8beafc154c4d7 +RUN mkdir -p $GOPATH/src/github.com/opencontainers && \ + cd $GOPATH/src/github.com/opencontainers && \ + git clone https://github.com/opencontainers/runc.git +WORKDIR $GOPATH/src/github.com/opencontainers/runc +RUN git checkout $RUNC_COMMIT +# TODO static pie, currently no easy way to change build options +RUN make static BUILDTAGS="seccomp" +RUN cp runc /usr/bin/ +WORKDIR / +COPY . . diff --git a/alpine/base/runc/Makefile b/alpine/base/runc/Makefile new file mode 100644 index 000000000..27c740302 --- /dev/null +++ b/alpine/base/runc/Makefile @@ -0,0 +1,29 @@ +.PHONY: tag push + +BASE=golang:1.7-alpine3.5 +IMAGE=runc + +default: push + +hash: Dockerfile + DOCKER_CONTENT_TRUST=1 docker pull $(BASE) + tar cf - $^ | docker build --no-cache -t $(IMAGE):build - + docker run --rm $(IMAGE):build sh -c 'cat Dockerfile /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@ + +push: hash + docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ + (docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \ + docker push mobylinux/$(IMAGE):$(shell cat hash)) + docker rmi $(IMAGE):build + rm -f hash + +tag: hash + docker pull mobylinux/$(IMAGE):$(shell cat hash) || \ + docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) + docker rmi $(IMAGE):build + rm -f hash + +clean: + rm -f hash + +.DELETE_ON_ERROR: diff --git a/alpine/packages/Makefile b/alpine/packages/Makefile index b2166e303..89400c450 100644 --- a/alpine/packages/Makefile +++ b/alpine/packages/Makefile @@ -1,4 +1,4 @@ -DEPS=proxy diagnostics transfused tap-vsockd docker nc-vsock vsudd 9pmount-vsock iptables +DEPS=proxy diagnostics transfused tap-vsockd docker nc-vsock vsudd 9pmount-vsock iptables containerd .PHONY: clean $(DEPS) default: $(DEPS) diff --git a/alpine/packages/containerd/.gitignore b/alpine/packages/containerd/.gitignore new file mode 100644 index 000000000..73752c9ae --- /dev/null +++ b/alpine/packages/containerd/.gitignore @@ -0,0 +1 @@ +usr diff --git a/alpine/packages/containerd/Makefile b/alpine/packages/containerd/Makefile new file mode 100644 index 000000000..6887ff339 --- /dev/null +++ b/alpine/packages/containerd/Makefile @@ -0,0 +1,22 @@ +# Tag: cd9f1788bb2e8e7a342f32dd8ba70f450ff7ae2c +CONTAINERD_IMAGE=mobylinux/containerd@sha256:96a96f60751a1bb762e285f36e0cf9c5b4126933bb91475b7369efc990539165 +CONTAINERD_BINARIES=usr/bin/containerd usr/bin/containerd-shim usr/bin/ctr + +# Tag: 1a72d872ae97b90ae52482e4cb33a2778e168358 +RUNC_IMAGE=mobylinux/runc@sha256:2ea83d68baa57d547ec6d407d09cd495e4ef9cd6b0207ec3525fb2752b4a197e +RUNC_BINARY=usr/bin/runc + +default: $(RUNC_BINARY) $(CONTAINERD_BINARIES) + +$(RUNC_BINARY): + mkdir -p $(dir $@) + docker run --rm --net=none $(RUNC_IMAGE) tar cf - $@ | tar xf - + +$(CONTAINERD_BINARIES): + mkdir -p $(dir $@) + docker run --rm --net=none $(CONTAINERD_IMAGE) tar cf - $@ | tar xf - + +clean: + rm -rf usr + +.DELETE_ON_ERROR: diff --git a/alpine/packages/containerd/etc/init.d/containerd b/alpine/packages/containerd/etc/init.d/containerd index 9f2fb9c4f..0b4aa225f 100755 --- a/alpine/packages/containerd/etc/init.d/containerd +++ b/alpine/packages/containerd/etc/init.d/containerd @@ -26,7 +26,7 @@ start() for f in /containers/* do - containerd-ctr containers start --no-pivot --attach "$(basename $f)" "$f" 2>$LOG >$LOG & + ctr run --bundle "$f" "$(basename $f)" 2>$LOG >$LOG & printf " $(basename $f)" done diff --git a/alpine/packages/diagnostics/usr/bin/diagnostics b/alpine/packages/diagnostics/usr/bin/diagnostics index 3953c2be7..03ed450d9 100755 --- a/alpine/packages/diagnostics/usr/bin/diagnostics +++ b/alpine/packages/diagnostics/usr/bin/diagnostics @@ -41,7 +41,7 @@ DIAGNOSTICS=$(ps -eo args | grep '^/usr/bin/diagnostics-server') [ $? -eq 0 ] && ok "Diagnostics server running: $DIAGNOSTICS\n" || fail "No diagnostics server\n" CONTAINERD=$(ps -eo args | grep '^/usr/bin/containerd') [ $? -eq 0 ] && ok "System containerd server running: $CONTAINERD\n" || fail "No containerd server\n" -CONTAINERPS=$(containerd-ctr containers 2>&1) +CONTAINERPS=$(ctr list 2>&1) [ $? -eq 0 ] && ok "System containerd working\n" || fail "containerd failed: $CONTAINERPS\n" exit $EXIT_STATUS diff --git a/alpine/packages/test/etc/init.d/test b/alpine/packages/test/etc/init.d/test index f0f5e4747..09d560145 100755 --- a/alpine/packages/test/etc/init.d/test +++ b/alpine/packages/test/etc/init.d/test @@ -11,7 +11,7 @@ start() ebegin "Running tests" - if containerd-ctr containers start --no-pivot --attach test /test + if ctr run --bundle /test test then printf "Moby test suite PASSED\n" else diff --git a/docs/containerd.md b/docs/containerd.md index 6a9e0a835..21d4c021f 100644 --- a/docs/containerd.md +++ b/docs/containerd.md @@ -19,12 +19,9 @@ docker rm ${CONTAINER} mkdir -p /var/log/nginx /var/cache/nginx -containerd-ctr containers start ${NAME} . -containerd-ctr containers +ctr run --bundle . ${NAME} +ctr list ``` -For debugging it helps to run `containerd-ctr containers start --attach ${NAME} .` It may -well turn out that you need to create directories that are empty volumes in docker. - For production, you will want to create the `config.json` offline and bundle it in with your -intii script, but you can create the rootfs online. +init script, but you can create the rootfs online.