We were using Debian but Alpine more consistent. Use nested build.
Currently extract the hash in a nasty way but this can be fixed later
when we switch over hashing method.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This was missed when things were renamed.
The intention with this code was (apparently) to provide a (pseudo)unique
hostname in the case where something more specific was not provided (e.g. by
DHCP). Make this a little clearer by using '(none)' rather than 'linuxkit' as
the default, in the normal case this will be overwritten by something more
specific and if it isn't we will change it to something somewhat unique derived
from the MAC address (as before). nb: '(none)' is already used by Debian so I
think it is a safe choice as the sentinel value.
The use of both CONFIG_DEFAULT_HOSTNAME and the explicit /etc/hostname from
mkimage.sh is likely to be redundant in some cases, but neither seems to
completely cover all cases so keep both.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
We had serveral files with instructions, in particular for
networking, for macOS/Docker for Mac. Let's have just one place.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This currently only changes the `gcp` target, but is the new
model - the `build` command will only do things locally, then
you need to `push` to an image store such as GCP or other ones
in order to `run` for platforms that cannot boot directly from
a local image.
Fix#1618
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Previously only `/var` was `rshared` but some people need to share
mounts in `/opt` etc so let us make everything `rshared` for now.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This uses the Packet.net API and iPXE to boot a Moby host.
There are several enhancements coming soon, such as SSH key
customisation, but this PR is sufficient to boot a host and
then use the web interface to get console access.
The user must currently upload the built artefacts to a public
URL and specify it via --base-url, e.g.:
moby run packet --api-key <key> --project-id <id> \
--base-url http://recoil.org/~avsm/ipxe --hostname test-moby packet
See #1424#1245 for related issues.
Signed-off-by: Anil Madhavapeddy <anil@docker.com>
The DHCP client updates /tmp/etc/resolv.conf and this needs
to be bind mounted into the other containers.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The sha1 tag should be sufficient to uniquely identify the image
and the sha256 versions are just very long...
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This is needed for cloud environments that want to get their metadata in
the onboot phase over the network.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Added to Docker example as Swarm mode likes time sync.
Note uses pool.ntp.org at present, on some providers it
should use a different source.
Constraints not enabled as they seem to have an issue;
possibly trying to set before network is up.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Instead of mounting a new filesystem, revert to doing a `rw` bind.
However do not make `/` `rshared`, just `/var` as that is where we expect
filesystems to be mounted for persistence. Also only make the actual
container rootfs writeable, not the whole directory.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
A few YAML files include the binfmt container, where it's not really
needed. Remove it to make the samples simpler.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
As suggested by @shykes these are clearer
- onboot for things that are run at boot time to completion
- services for persistent services
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Also add ca-certificates to base, needed to use `dist` to pull.
Make two stage builds for `containerd` and `runc` so they have a
from `scratch` second stage.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
It is not necessary to bring up `eth0`, the program does it fine.
This means we can remove shell script, clean up build.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This works and runs containers now, if you eg `runc exec` into it.
Needs a few tweaks for rlimits, but will pull and run containers.
Will integrate better with ssh/dev containers to make more usable.
For a simple test use
```
./bin/moby build examples/docker.yml
./bin/moby run hyperkit -disk-size 100 docker
```
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
In the riddler change I changed "command" in the yaml to "args"
but did not change the files. In fact we basically used the
default command everywhere so this did not actually break.
Remove the unnecessary "command" lines to simplify yaml.
Revert the command to args change for now as I think I prefer
command, but its easier to switch now. Need to think if the
entrypoint/command distinction matters before finalizing.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Generated largely from the specified config; small parts taken from `docker image inspect`,
such as the command line.
Renamed some of the yaml keys to match the OCI spec rather than Docker Compose as
we decided they are more readable, no more underscores.
Add some extra functionality
- tmpfs specification
- fully general mount specification
- no new privileges can be specified now
For nostalgic reasons, using engine-api to talk to the docker cli as
we only need an old API version, and it is nice and easy to vendor...
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This is compatible with containerd 8353da59c6ae7e1933aac2228df23541ef8b163f
which was picked up by d2caae4c1a.
This required jiggering with riddler output some more to update to new OCI
config.json format for capabilities.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
docker-compose and other utilities use the .yml extension.
For consistency rename all .yaml to .yml
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- now supports image pull and run end to end
- update runc to last version before spec update fix#1302
- remove ext2 utils from init
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Corrected naming from vmware->vmdk and fixed Makfile
Fixed mistake outputting a vhd instead of a vmdk in output.go
Build vmdk image and added to Docker Hub, corrected link in output.go
Modified directories to confirm to standard mkimage-<imgType>
Signed-off-by: Dan Finneran <dan@thebsdbox.co.uk>
- this needs improvements to make it more "platform native", in
particular GCP supports multiple users and more ssh key mangement
options.
- at present you can login as root with any platform ssh key
- add support for uts=host and ipc=host
- set the hostname from the metadata as well
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- the `public` option was not previously implemented
- add `replace` only for GCP images which will error otherwise. Only
recommended for use in development, in production use the `--name` option
to provide a different name eaxch time. Note only applies to GCP images,
will document these options properly soon.
- add a `family` option; this allows you to upload many images and the
user can select the latest using the `family` option instead of a specific
image.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- the image upload uses the cloud API
- currently auth and image creation need the `gcloud` CLI tool.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- Currently only works if you add your ssh key in the example yaml, but will replace
with metadata support shortly.
- sshd logging not yet configured (needs to share syslog socket).
Signed-off-by: Justin Cormack <justin.cormack@docker.com>