Merge pull request #73 from justincormack/docker

Add an output format for running images with Docker
2025-07-21 01:59:07 +00:00 · 2017-06-07 16:38:14 +01:00 · 2017-06-07 16:38:14 +01:00 · d906292096
commit d906292096
parent ca677b3c40 9a3ac36236
10 changed files with 192 additions and 4 deletions
--- a/cmd/moby/build.go
+++ b/cmd/moby/build.go
@ -35,7 +35,37 @@ func (o *outputList) Set(value string) error {
 }
 var streamable = map[string]bool{
-	"tar": true,
+	"docker": true,
 	"tar":    true,
 }
 type addFun func(*tar.Writer) error
 const dockerfile = `
 FROM scratch
 COPY . ./
 RUN rm -f Dockerfile
 ENTRYPOINT ["/sbin/tini", "--", "/bin/rc.init"]
 `
 var additions = map[string]addFun{
 	"docker": func(tw *tar.Writer) error {
 		log.Infof("  Adding Dockerfile")
 		hdr := &tar.Header{
 			Name: "Dockerfile",
 			Mode: 0644,
 			Size: int64(len(dockerfile)),
 		}
 		if err := tw.WriteHeader(hdr); err != nil {
 			return err
 		}
 		if _, err := tw.Write([]byte(dockerfile)); err != nil {
 			return err
 		}
 		return nil
 	},
 }
 // Process the build arguments and execute build
@ -127,6 +157,7 @@ func build(args []string) {
 	}
 	var outputFile *os.File
 	var addition addFun
 	if *buildOutputFile != "" {
 		if len(buildOut) > 1 {
 			log.Fatal("The -output option can only be specified when generating a single output format")
@ -150,6 +181,7 @@ func build(args []string) {
 			}
 			defer outputFile.Close()
 		}
 		addition = additions[buildOut[0]]
 	}
 	size, err := getDiskSizeMB(*buildSize)
@ -194,7 +226,7 @@ func build(args []string) {
 		buf = new(bytes.Buffer)
 		w = buf
 	}
-	buildInternal(moby, w, *buildPull)
+	buildInternal(moby, w, *buildPull, addition)
 	if outputFile == nil {
 		image := buf.Bytes()
@ -272,7 +304,7 @@ func enforceContentTrust(fullImageName string, config *TrustConfig) bool {
 // Perform the actual build process
 // TODO return error not panic
-func buildInternal(m Moby, w io.Writer, pull bool) {
+func buildInternal(m Moby, w io.Writer, pull bool, addition addFun) {
 	iw := tar.NewWriter(w)
 	if m.Kernel.Image != "" {
@ -341,6 +373,15 @@ func buildInternal(m Moby, w io.Writer, pull bool) {
 	if err != nil {
 		log.Fatalf("failed to add filesystem parts: %v", err)
 	}
 	// add anything additional for this output type
 	if addition != nil {
 		err = addition(iw)
 		if err != nil {
 			log.Fatalf("Failed to add additional files")
 		}
 	}
 	err = iw.Close()
 	if err != nil {
 		log.Fatalf("initrd close error: %v", err)
--- a/cmd/moby/linuxkit.go
+++ b/cmd/moby/linuxkit.go
@ -60,7 +60,7 @@ func ensureLinuxkitImage(name string) error {
 	}
 	// TODO pass through --pull to here
 	buf := new(bytes.Buffer)
-	buildInternal(m, buf, false)
+	buildInternal(m, buf, false, nil)
 	image := buf.Bytes()
 	kernel, initrd, cmdline, err := tarToInitrd(image)
 	if err != nil {
--- a/examples/README.md
+++ b/examples/README.md
@ -0,0 +1,23 @@
 Examples of building an image to run on LinuxKit or on a host
 Currently the `moby` tool can output formats suitable for LinuxKit to boot on
 a VM, and also some formats for running natively.
 The `docker` format adds a `Dockerfile` to the tarball and expects a similar
 file structure to `LinuxKit` but with the low level system setup pieces removed
 as this will already be set up in a container.
 The `mobytest/init-container` image in this repository has an example setup that
 initialises `containerd` in exactly the same way as it runs in LinuxKit, which will
 then start the `onboot` and `service` containers. The example below shows how you
 can run `nginx` on either of these base configs.
 ```
 moby build -output docker -o - docker.yml nginx.yml | docker build -t dockertest -
 docker run -d -p 80:80 --privileged dockertest
 moby build -output kernel+initrd linuxkit.yml nginx.yml
 linuxkit run nginx
 ```
 Both of these will run the same `nginx` either in a VM or a container.
--- a/examples/docker.yml
+++ b/examples/docker.yml
@ -0,0 +1,9 @@
 init:
  - mobytest/init-container:b5de246b2790d74d53bae583a95c87869ca003e6
  - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f
  - linuxkit/containerd:5749f2e9e65395cc6635229e8da0e0d484320ddf
  - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d
 trust:
  org:
    - linuxkit
    - mobytest
--- a/examples/linuxkit.yml
+++ b/examples/linuxkit.yml
@ -0,0 +1,18 @@
 kernel:
  image: "linuxkit/kernel:4.9.x"
  cmdline: "console=ttyS0"
 init:
  - linuxkit/init:1b8a7e394d2ec2f1fdb4d67645829d1b5bdca037
  - linuxkit/runc:3a4e6cbf15470f62501b019b55e1caac5ee7689f
  - linuxkit/containerd:5749f2e9e65395cc6635229e8da0e0d484320ddf
  - linuxkit/ca-certificates:75cf419fb58770884c3464eb687ec8dfc704169d
 onboot:
  - name: dhcpcd
    image: "linuxkit/dhcpcd:7d2b8aaaf20c24ad7d11a5ea2ea5b4a80dc966f1"
    command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
 services:
  - name: rngd
    image: "linuxkit/rngd:1fa4de44c961bb5075647181891a3e7e7ba51c31"
 trust:
  org:
    - linuxkit
--- a/examples/nginx.yml
+++ b/examples/nginx.yml
@ -0,0 +1,12 @@
 services:
  - name: nginx
    image: "nginx:alpine"
    capabilities:
     - CAP_NET_BIND_SERVICE
     - CAP_CHOWN
     - CAP_SETUID
     - CAP_SETGID
     - CAP_DAC_OVERRIDE
 trust:
  org:
    - library
--- a/pkg/init-container/Dockerfile
+++ b/pkg/init-container/Dockerfile
@ -0,0 +1,14 @@
 FROM linuxkit/alpine:630ee558e4869672fae230c78364e367b8ea67a9 AS mirror
 RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
 RUN apk add --no-cache --initdb -p /out alpine-baselayout busybox musl tini
 # Remove apk residuals. We have a read-only rootfs, so apk is of no use.
 RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
 FROM scratch
 ENTRYPOINT []
 CMD []
 WORKDIR /
 COPY --from=mirror /out/ /
 COPY etc etc/
 COPY bin bin/
--- a/pkg/init-container/Makefile
+++ b/pkg/init-container/Makefile
@ -0,0 +1,15 @@
 .PHONY: tag push
 default: push
 ORG?=mobytest
 IMAGE=init-container
 DEPS=Dockerfile $(wildcard etc/init.d/*) $(wildcard bin/*)
 HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}')
 tag: $(DEPS)
 	docker build --no-cache --network=none -t $(ORG)/$(IMAGE):$(HASH) .
 push: tag
 	DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(HASH) || \
 	DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(HASH)
--- a/pkg/init-container/bin/rc.init
+++ b/pkg/init-container/bin/rc.init
@ -0,0 +1,10 @@
 #!/bin/sh
 # execute other init processes
 INITS="$(find /etc/init.d -type f | sort)"
 for f in $INITS
 do
 	$f &
 done
 wait
--- a/pkg/init-container/etc/init.d/010-containerd
+++ b/pkg/init-container/etc/init.d/010-containerd
@ -0,0 +1,46 @@
 #!/bin/sh
 # set global ulimits TODO move to /etc/limits.conf
 ulimit -n 1048576
 ulimit -p unlimited
 # bring up containerd
 printf "\nStarting containerd\n"
 /usr/bin/containerd &
 # wait for socket to be there
 while [ ! -S /run/containerd/containerd.sock ]
 do
 	sleep 0.1
 done
 # start onboot containers, run to completion
 if [ -d /containers/onboot ]
 then
 	for f in $(find /containers/onboot -mindepth 1 -maxdepth 1 | sort)
 	do
 		base="$(basename $f)"
 		#/bin/mount --bind "$f/rootfs" "$f/rootfs"
 		#mount -o remount,rw "$f/rootfs"
 		/usr/bin/runc run --bundle "$f" "$(basename $f)"
 		printf " - $base\n"
 	done
 fi
 # start service containers
 if [ -d /containers/services ]
 then
 	for f in $(find /containers/services -mindepth 1 -maxdepth 1 | sort)
 	do
 		base="$(basename $f)"
 		#/bin/mount --bind "$f/rootfs" "$f/rootfs"
 		#mount -o remount,rw "$f/rootfs"
 		log="/var/log/$base.log"
 		ctr run --runtime-config "$f/config.json" --rootfs "$f/rootfs" --id "$(basename $f)" </dev/null 2>$log >$log &
 		printf " - $base\n"
 	done
 fi
 wait