diff --git a/pkg/init-container/Dockerfile b/pkg/init-container/Dockerfile new file mode 100644 index 000000000..08f620890 --- /dev/null +++ b/pkg/init-container/Dockerfile @@ -0,0 +1,14 @@ +FROM linuxkit/alpine:630ee558e4869672fae230c78364e367b8ea67a9 AS mirror +RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ +RUN apk add --no-cache --initdb -p /out alpine-baselayout busybox musl tini + +# Remove apk residuals. We have a read-only rootfs, so apk is of no use. +RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache + +FROM scratch +ENTRYPOINT [] +CMD [] +WORKDIR / +COPY --from=mirror /out/ / +COPY etc etc/ +COPY bin bin/ diff --git a/pkg/init-container/Makefile b/pkg/init-container/Makefile new file mode 100644 index 000000000..0a4d78637 --- /dev/null +++ b/pkg/init-container/Makefile @@ -0,0 +1,15 @@ +.PHONY: tag push +default: push + +ORG?=mobytest +IMAGE=init-container +DEPS=Dockerfile $(wildcard etc/init.d/*) $(wildcard bin/*) + +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') + +tag: $(DEPS) + docker build --no-cache --network=none -t $(ORG)/$(IMAGE):$(HASH) . + +push: tag + DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(HASH) diff --git a/pkg/init-container/bin/rc.init b/pkg/init-container/bin/rc.init new file mode 100755 index 000000000..77d898a42 --- /dev/null +++ b/pkg/init-container/bin/rc.init @@ -0,0 +1,10 @@ +#!/bin/sh + +# execute other init processes +INITS="$(find /etc/init.d -type f | sort)" +for f in $INITS +do + $f & +done + +wait diff --git a/pkg/init-container/etc/init.d/010-containerd b/pkg/init-container/etc/init.d/010-containerd new file mode 100755 index 000000000..9fcccb64f --- /dev/null +++ b/pkg/init-container/etc/init.d/010-containerd @@ -0,0 +1,46 @@ +#!/bin/sh + +# set global ulimits TODO move to /etc/limits.conf +ulimit -n 1048576 +ulimit -p unlimited + +# bring up containerd +printf "\nStarting containerd\n" +/usr/bin/containerd & + +# wait for socket to be there +while [ ! -S /run/containerd/containerd.sock ] +do + sleep 0.1 +done + +# start onboot containers, run to completion + +if [ -d /containers/onboot ] +then + for f in $(find /containers/onboot -mindepth 1 -maxdepth 1 | sort) + do + base="$(basename $f)" + #/bin/mount --bind "$f/rootfs" "$f/rootfs" + #mount -o remount,rw "$f/rootfs" + /usr/bin/runc run --bundle "$f" "$(basename $f)" + printf " - $base\n" + done +fi + +# start service containers + +if [ -d /containers/services ] +then + for f in $(find /containers/services -mindepth 1 -maxdepth 1 | sort) + do + base="$(basename $f)" + #/bin/mount --bind "$f/rootfs" "$f/rootfs" + #mount -o remount,rw "$f/rootfs" + log="/var/log/$base.log" + ctr run --runtime-config "$f/config.json" --rootfs "$f/rootfs" --id "$(basename $f)" $log >$log & + printf " - $base\n" + done +fi + +wait