In order to support not running containers as root, allocate
each of them a uid and gid, a bit like traditional Unix system
service IDs. These can be referred to elsewhere by the name of
the container, eg if you wish to create a file owned by a
particular esrvice.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- Use the new style kernel tags with the full kernel version
- Update packages with new alpine base and new/simplified Makefiles.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- Combine 'sign' and 'push' targets like it is done for
package builds.
- Append '-dirty' to the tag if the repository is dirty.
- Don't push to hub if the repository is dirty.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Use a microformat eg `nofile,100,200`. You can use `unlimited`
to set no limit.
Needed for https://github.com/linuxkit/linuxkit/issues/1852
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- Use 'flags' for the subcommand FlagSet
- Use %v to print errors
- Use 'path' for the path
- Fix cases where the 'path' refers to a different directory
- Don't use CamelCase for command line options
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Adds /pkg/vpnkit-forwarder which downloads and builds vpnkit-forwarder
and vpnkit-expose-port from moby/vpnkit. Also includes an example for
forwarding `sshd` and updates the documentation for `hyperkit` to
include a `vpnkit` section.
`vpnkit` still requires a 9P mount for coordination, so the `socat`
forwarding is simpler to set up at the moment.
Signed-off-by: Magnus Skjegstad <magnus@skjegstad.com>
- Introduce a table of supported platforms in top-level README
- Add stub files for un-documented platforms using a standard template
- Update HyperKit doc to follow a standard template
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Most cloud providers allow disk size allocation on in units
of GB. Make it the default for linuxkit disk "size" arguments.
Users can override the unit by appending a M to the disk size.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- rename img→raw and gcp-img→gcp
- support creating `docker` outputs, see https://github.com/moby/tool/tree/master/examples
- less memory usage via streaming outputs
- allow specification of multiple yaml files in a single command line, improves modularity
- notary fixes and local cache, so does not pull as much
- you now have to specify the full filename of the yaml file, you cannot omit the suffix
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- Prefix platform documentation with 'platform-'
- Add/Correct links from top-level README.md
- Tweak the Azure documentation
- Move the vsudd README to platform-hyperkit.md
- Add a dummy document for qemu/kvm
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
azure: React to change requests
azure: Fix push and run message and update example
azure: Remove docker dependency and upload VHD
Modify %s to %v for Go errors
Signed-off-by: radu-matei <matei.radu94@gmail.com>
This changes the CLI specification for disks, as it needs to be able to
be repeated.
```
linuxkit run qemu -disk name,size=1G,format=qcow2 ...
```
Options may be omitted.
Currently other local backends may not support multiple disks, but this
can be added in future. Code for cloud backends has not changed as the
disk support is specific to the platform.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The latest version of the `moby` tool now requires that the output formats
be specified in the CLI not in the yaml file.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- '-disk-size' is now defaults to MB (but can be GB when appending 'G')
- The disk will be created if it doesn't exist (didn't happen in qemu)
Update the documentation.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Only subcommand is currently `create` which is a thin wrapper to create an iso
file in the format expected by `pkg/metadata`.
Currently very basic and just takes the content on the command line but could
be extended to read from a file etc.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
If a file is a simple string (as opposed to a map) then write it with the
default perms. This makes for slightly terser metadata when creating a simple
datafile.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Building debug kernels (with additional run time checks and debugging)
was broken a few commits back. This adds back support for building debug
kernels.
In addition, it builds and uploads debug kernels for selected kernel
series (4.9.x LTS and latest stable). The tag for these kernels has
a "_dbg" suffix.
Update documentation.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- Use multi-stage builds
- Use a single Dockerfile for all kernels
Kernel version and series are passed in as arguments
- Use a separate kernel config per kernel version
These have been copied from kernel_config and ran
through oldconfig to tidy them up
- Rename patch directories
- Refactor the Makefile to use a template
- Allows building of all kernels without arguments to make
- Use git tree hash as the image tag
- Don't build the image if the tag already exists
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
We had serveral files with instructions, in particular for
networking, for macOS/Docker for Mac. Let's have just one place.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This currently only changes the `gcp` target, but is the new
model - the `build` command will only do things locally, then
you need to `push` to an image store such as GCP or other ones
in order to `run` for platforms that cannot boot directly from
a local image.
Fix#1618
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This covers the base docs; I also did a bunch of cleanup and
remove old docs that are no longer needed.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This package handles meta and user data for different cloud
and other platforms. It should be easy to extend to new
platforms.
Currently, it handles GCP metadata and a simple CDROM userdata
provider.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This commit implements `moby run gcp` which allows for testing of moby
images on the Google Cloud Platform
This backend attaches (via SSH) to the serial console.
It generates instance-only SSH keys and adds the public key to the
image metadata. These are used by the `moby` tool only.
It will also automatically upload a file and creates an image if the prefix
given to `moby run` is a filename
Signed-off-by: Dave Tucker <dt@docker.com>
In the same vein as [1], let's start talking about security events. I
suppose we want to talk about security events as well as non-events,
though, to give a little discussion about post moretem. But we can rename
this to security-non-events if we want.
[1]: https://github.com/docker/docker.github.io/blob/master/engine/security/non-events.md
Signed-off-by: Tycho Andersen <tycho@docker.com>
It's useful for cherry-picked patches to know which tree
they got patched from. Include a "Origin:" line.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
docker-compose and other utilities use the .yml extension.
For consistency rename all .yaml to .yml
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- The tools directory ideally should not contain source code
- Removes double vendoring of packagages
- Makes it easer to hook the build into the top-level Makefile
Eventually, the plugin should be moved to the infrakit repo.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- the image upload uses the cloud API
- currently auth and image creation need the `gcloud` CLI tool.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Move to the development track of `containerd` not the legacy 0.2
branch. The commands have changed a bit.
This does increase the image size as we are bundling the Docker
copy and our copy, and the new one is larger as it is growing features.
Hopefully Docker will shrink eventually. Also we may replace `ctr`
with a library.
Fix#1029
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
A lot of the `iovisor/bcc` tools take a pid as a command line option and using
`--pid=host` allows you to use `$(pgrep foo)`
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
See `docs/ebpf.md` for how to use. This is built by CI or you can build
manually if you customise the kernel.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Replaces https://github.com/docker/moby/pull/282
Use mobyplatform=xxx to specify platform in boot command
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
