Solv: Updated documentation to point out limits of
files section regarding /var, /run, and /tmp dirs.
Signed-off-by: Tristan Slominski <tristan.slominski@gmail.com>
- Add getty to get access to the serial console
- Add a arm64 example for baremetal type 2a
- Update documentation (and use example in documentation)
I've tested the PXE boot on arm64 and the bond interface gets
set up and seems usable.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
It's kinda obvious that these are kernel configuration files
and, looking at various other distros it seems more common
to call the files 'config-<foo>'.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Could be e.g.:
```
pkg:
content-trust-passphrase-command: "lpass show <key> --password"
```
or
```
pkg:
content-trust-passphrase-command: "gpg -d ~/.notary/passphrase.gpg"
```
Signed-off-by: Ian Campbell <ijc@docker.com>
Done as follows:
find -name build.yml | xargs dirname | while read d ; do
t=$(linuxkit pkg show-tag $d)
./scripts/update-component-sha.sh --image ${t%:*} ${t#*:}
done
git commit -s test pkg tools blueprints examples projects/kubernetes projects/swarmd docs linuxkit.yml Makefile src
This explicitly excludes projects/* which I did not know whether to update.
Then:
git reset --hard
for i in init runc containerd ca-certificates sysctl dhcpcd getty rngd ; do
o=$(git grep -h "\(image:\|-\) *linuxkit/$i:[0-9a-f]\{40\}" origin/master:linuxkit.yml | awk '// { print $2 }')
n=$(linuxkit pkg show-tag pkg/$i)
./scripts/update-component-sha.sh "$o" "$n"
done
git commit --amend projects
This updates any projects which were using components with the same hash as the
top-level linuxkit.yml.
Signed-off-by: Ian Campbell <ijc@docker.com>
This implements the proposal in #2564 and converts a handful of representative
or especially interesting (from a build PoV) packages to use it.
For now those pkg/* affected get a stub-`Makefile`, once all packages are
converted then `pkg/Makefile` can be adjusted and those stubs can be removed.
For now only `pkg/package.mk`'s functionality is implemented. In particular:
- `push-manifest.sh` remains a separate script, to enable calling it on systems
with just the LinuxKit tools installed arrange to install it under a less
generic name.
- `kernel` and `tools/alpine` do not use `pkg/package.mk` and those cases are
not yet fully considered/covered.
I have updated the documentation assuming that the existing uses of
`pkg/package.mk` will be removed quite soon in a follow up PR rather than
trying to document the situation which results after just this commit.
Due to `cmd/linuxkit` now gaining a library the build needs adjusting slightly to
allow both `make bin/linuxkit` and `go build` to work.
`go vet` has forced me to write some rather asinine comments for things that
are rather obvious from the name.
Signed-off-by: Ian Campbell <ijc@docker.com>
In particular also fix the wireguard test whose kernel
tag hasn't been updated for quite some time...
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- Added new argument -force to the format utility. This will force formatting of the specified single device if it exists and is a block device
- By default, the format package will no longer format the specified single device if content exists on that device
- Added new blkid-based check for content, in addition to the existing check for partitions on autoformat candidate devices.
- Cleanup of old unused code.
- Refactoring of block device verification.
- Added test/cases/040_packages/006_format_mount/005_by_device_force
- Added document of new arguments to /docs/external-disk.md. Also sorted the arguments in the doc alphabetically and added them as bullets so they do not run together on the page.
Signed-off-by: Isaac Rodman <isaac@eyz.us>
This commit introduces a new option - `keyname` - to the OpenStack
runner, which allows the user to specify the name of a keypair they want
to associate with the instance at the time of creation.
Signed-off-by: Nick Jones <nick@dischord.org>
This is less confusing as there is also an output option to set the file.
See https://github.com/moby/tool/pull/146
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This could be used in LinuxKit now, as there are some examples, eg
https://github.com/linuxkit/linuxkit/blob/master/blueprints/docker-for-mac/base.yml#L33
which are creating containers to do a mount.
The main reason though is to in future change the ad hoc code that generates
overlay mounts for writeable containers with a runtime config which does
the same thing; this code needs to create both tmpfs and overlay mounts.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- Update section on how to change the kernel config
- Reword kernel module section. It was messy
- General tidying up:
- empty lines around quoted areas
- two empty line above and one empty line below section headings
- Limit line length.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This adds a `runtime` section in the config that can be used
to move network interfaces into a container, create directories,
and bind mount container namespaces into the filesystem.
See also https://github.com/linuxkit/linuxkit/pull/2413
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The PR to enable notary signing has been merged. Also update
documentation as `got get` should now also work.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This now completes the steps to bootstrap the other
packages with multi-arch as we now have the tools both
on arm64 and amd64.
Also update vendoring doc with new hash
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This commit updates the support for pushing images into OpenStack by
inheriting environment variables for endpoint and authentication
information, when available.
It also attempts to make the `openstack run` support more consistent
with other providers (specifically GCP and AWS), i.e just take the name
of the image as the argument and launch an instance using that.
Finally, it also updates the relevant documentation for OpenStack
support.
Signed-off-by: Nick Jones <nick@dischord.org>
The document showed the incorrect sub-command options for LinuxKit run azure which needs to be updated and hence fixed it.
Signed-off-by: Ajeet Raina <ajeetraina@gmail.com>
- Adding NFS debug modules to kernel_config.debug
- Also updating some dead links in the kernels.md doc file
Signed-off-by: Dave Freitag <dcfreita@us.ibm.com>
This commit refactors the OpenStack push support to make use of the
Gophercloud library in order to handle authentication and talking to the
right image service as defined in the service catalogue.
Signed-off-by: Nick Jones <nick@dischord.org>
I noticed that running the runes in docs/vendoring.md made a bunch of files
which are omitted by modern vndr come back, presumably due to the old version
of vndr referenced there. So update the go-compile package to the current
version everywhere.
Also correct the use of `make` variable syntax (`$(PWD)`) where shell syntax
command substitution for `pwd` was desired.
Signed-off-by: Ian Campbell <ijc@docker.com>
This is a list of images to run on a clean shutdown. Note that you must not rely on these
being run at all, as machines may be be powered off or shut down without having time to run
these scripts. If you add anything here you should test both in the case where they are
run and when they are not. Most systems are likely to be "crash only" and not have any setup here,
but you can attempt to deregister cleanly from a network service here, rather than relying
on timeouts, for example.
Fix https://github.com/linuxkit/linuxkit/issues/1988
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Previously I was forcing them to be strings, which is horrible. Now you
can either specify a numeric uid or the name of a service to use the
allocated id for that service.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Latest `vndr` has changed its algorithm a bit. It also pointed out that we were missing
some things.
Move the `vendor` directory up to the `linuxkit` command, else it gets confused by packages
that have Go code in.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
These are not needed, but we are inconsistent. Been waiting for a
quiet moment to fix this since I noticed while doing a presentation...
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Formatting was incorrect due to mismatched mark; also, it appears that
qemu also uses the state directory now for the created disk image. Also
used the same italicized style for param reference in text instead of
some bracketed and some italicized.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
This adds the OCI parts needed into the yaml, but there are still
permissions issues in practise so marked as experimental.
It may just need further documentation to resolve the issues.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
In order to support not running containers as root, allocate
each of them a uid and gid, a bit like traditional Unix system
service IDs. These can be referred to elsewhere by the name of
the container, eg if you wish to create a file owned by a
particular esrvice.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- Use the new style kernel tags with the full kernel version
- Update packages with new alpine base and new/simplified Makefiles.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- Combine 'sign' and 'push' targets like it is done for
package builds.
- Append '-dirty' to the tag if the repository is dirty.
- Don't push to hub if the repository is dirty.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Use a microformat eg `nofile,100,200`. You can use `unlimited`
to set no limit.
Needed for https://github.com/linuxkit/linuxkit/issues/1852
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- Use 'flags' for the subcommand FlagSet
- Use %v to print errors
- Use 'path' for the path
- Fix cases where the 'path' refers to a different directory
- Don't use CamelCase for command line options
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Adds /pkg/vpnkit-forwarder which downloads and builds vpnkit-forwarder
and vpnkit-expose-port from moby/vpnkit. Also includes an example for
forwarding `sshd` and updates the documentation for `hyperkit` to
include a `vpnkit` section.
`vpnkit` still requires a 9P mount for coordination, so the `socat`
forwarding is simpler to set up at the moment.
Signed-off-by: Magnus Skjegstad <magnus@skjegstad.com>
- Introduce a table of supported platforms in top-level README
- Add stub files for un-documented platforms using a standard template
- Update HyperKit doc to follow a standard template
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Most cloud providers allow disk size allocation on in units
of GB. Make it the default for linuxkit disk "size" arguments.
Users can override the unit by appending a M to the disk size.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- rename img→raw and gcp-img→gcp
- support creating `docker` outputs, see https://github.com/moby/tool/tree/master/examples
- less memory usage via streaming outputs
- allow specification of multiple yaml files in a single command line, improves modularity
- notary fixes and local cache, so does not pull as much
- you now have to specify the full filename of the yaml file, you cannot omit the suffix
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- Prefix platform documentation with 'platform-'
- Add/Correct links from top-level README.md
- Tweak the Azure documentation
- Move the vsudd README to platform-hyperkit.md
- Add a dummy document for qemu/kvm
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
azure: React to change requests
azure: Fix push and run message and update example
azure: Remove docker dependency and upload VHD
Modify %s to %v for Go errors
Signed-off-by: radu-matei <matei.radu94@gmail.com>
This changes the CLI specification for disks, as it needs to be able to
be repeated.
```
linuxkit run qemu -disk name,size=1G,format=qcow2 ...
```
Options may be omitted.
Currently other local backends may not support multiple disks, but this
can be added in future. Code for cloud backends has not changed as the
disk support is specific to the platform.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The latest version of the `moby` tool now requires that the output formats
be specified in the CLI not in the yaml file.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- '-disk-size' is now defaults to MB (but can be GB when appending 'G')
- The disk will be created if it doesn't exist (didn't happen in qemu)
Update the documentation.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Only subcommand is currently `create` which is a thin wrapper to create an iso
file in the format expected by `pkg/metadata`.
Currently very basic and just takes the content on the command line but could
be extended to read from a file etc.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
If a file is a simple string (as opposed to a map) then write it with the
default perms. This makes for slightly terser metadata when creating a simple
datafile.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Building debug kernels (with additional run time checks and debugging)
was broken a few commits back. This adds back support for building debug
kernels.
In addition, it builds and uploads debug kernels for selected kernel
series (4.9.x LTS and latest stable). The tag for these kernels has
a "_dbg" suffix.
Update documentation.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- Use multi-stage builds
- Use a single Dockerfile for all kernels
Kernel version and series are passed in as arguments
- Use a separate kernel config per kernel version
These have been copied from kernel_config and ran
through oldconfig to tidy them up
- Rename patch directories
- Refactor the Makefile to use a template
- Allows building of all kernels without arguments to make
- Use git tree hash as the image tag
- Don't build the image if the tag already exists
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
We had serveral files with instructions, in particular for
networking, for macOS/Docker for Mac. Let's have just one place.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This currently only changes the `gcp` target, but is the new
model - the `build` command will only do things locally, then
you need to `push` to an image store such as GCP or other ones
in order to `run` for platforms that cannot boot directly from
a local image.
Fix#1618
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This covers the base docs; I also did a bunch of cleanup and
remove old docs that are no longer needed.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This package handles meta and user data for different cloud
and other platforms. It should be easy to extend to new
platforms.
Currently, it handles GCP metadata and a simple CDROM userdata
provider.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This commit implements `moby run gcp` which allows for testing of moby
images on the Google Cloud Platform
This backend attaches (via SSH) to the serial console.
It generates instance-only SSH keys and adds the public key to the
image metadata. These are used by the `moby` tool only.
It will also automatically upload a file and creates an image if the prefix
given to `moby run` is a filename
Signed-off-by: Dave Tucker <dt@docker.com>
