The binary is used in tandem with CONFIG_STATIC_USERMODEHELPER=y in 4.11+,
see the big comment in the binary for the current whitelist of binaries.
Signed-off-by: Tycho Andersen <tycho@docker.com>
mdev only supports hot-plug, ie devices which are added
after the kernel booted. For cold-plugged devices, ie devices
present when the kernel boots, we need to modprobe the drivers
differently. The additions to rc.init does just that.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Adds /pkg/vpnkit-forwarder which downloads and builds vpnkit-forwarder
and vpnkit-expose-port from moby/vpnkit. Also includes an example for
forwarding `sshd` and updates the documentation for `hyperkit` to
include a `vpnkit` section.
`vpnkit` still requires a 9P mount for coordination, so the `socat`
forwarding is simpler to set up at the moment.
Signed-off-by: Magnus Skjegstad <magnus@skjegstad.com>
This at least checks for buildability of packages, even if we
are not yet pushing them.
See https://github.com/linuxkit/linuxkit/issues/1991 for what it mitigates.
Will not pass until this is fixed.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
0eb21735ae accidentally broke some package
builds by switching linuxkit/alpine to linuxkit/containerd. Let's revert
the ones that shouldn't be there.
Closes#1991
Signed-off-by: Tycho Andersen <tycho@docker.com>
This can be turned on if required but we'll default to leaving it off
It's been enabled in the top-level linuxkit.yml
This port is also non-standard and there doesn't appear to be a standard
port for this as yet.
Signed-off-by: Dave Tucker <dt@docker.com>
- Prefix platform documentation with 'platform-'
- Add/Correct links from top-level README.md
- Tweak the Azure documentation
- Move the vsudd README to platform-hyperkit.md
- Add a dummy document for qemu/kvm
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Note that this is not the latest (which was 95efd45db073 at time of writing)
but the next commit 6428b4bad0c2 merges "Port ctr to use client package" breaks
the use of `ctr run --runtime-config` (by removing that option).
This contains https://github.com/containerd/containerd/pull/954 which was
causing some services to fail to start.
All previous uses of 15541037b9 are updated to
5749f2e9e6.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Update everything including the current
linuxkit/containerd:b1766e4c4c09f63ac4925a6e4612852a93f7e73b to the new
linuxkit/containerd:deaf5bf838bf7f131c2287ecff3ed9835b0497e2.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
This should make it easier to switch out `init` for other versions,
although the `getty` config still needs to be removed.
- use `/bin/rc.init` for start
- use `rc.shutdown` for stop
- make `rc.init` run other code.
- merge `containers` and `containerd` startup code
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
We don't actually build it here, we just use the alpine package, which is
already included in the linuxkit/alpine base.
Can be instantiated with a service stanza such as:
- name: qemu-ga
image: "linuxkit/qemu-ga:e5fbcf55926f6e1a96b3e49a392e547e8be1022c"
binds:
- /dev/vport0p1:/dev/vport0p1
The only functionality I've tested is to report IP addresses to the host (e.g.
via `virsh domifaddr`).
The image is configured to use `/dev/vport0p1` by default. If your VM image is
using a different port number then you can either incorporate the rename into
the bind ("/dev/vport1p1:/dev/vport0p1") or override the command with:
command: ["/usr/bin/qemu-ga", "-p", "/dev/vport1p1"]
The mdev tool appears to not create the symlinks which udev would provide
`/dev/virtio-ports/org.qemu.guest_agent.0` hence the need to hardcode the
potentially unstable `/dev/vportNp1`, `N` seems to depend on the number and
order of virtio devices in use. I don't know if it is possible to get mdev to
create these links. For reference the udev rule is:
SUBSYSTEM=="virtio-ports", KERNEL=="vport*", ATTR{name}=="?*", SYMLINK+="virtio-ports/$attr{name}"
See https://wiki.libvirt.org/page/Qemu_guest_agent for more info on the guest
agent.
A suitable stanza is added to `projects/swarmd/swarmd.yml` since that is where
I am using it.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Note this also removes 'net:host' and 'pid:host' as
this does not seem to be necessary.
Also update to latest Alpine base image.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The remaining packages will be updated with subsequent commits
to also include the config label.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This specifies the capabilities and bind mounts the dhcpcd daemon
needs.
While at it also update the Alpine base image
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- use new Makefile flags to add our build flags correctly now
- restore `dist` for now as it is useful for testing still, for now
Will remove both `dist` and `ctr` once we have our own tool, but will add
them to dev container instead.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This makes the package slightly bigger as tini from Alpine
is not statically linked but removes the dependency on
./tools/tini
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Also convert it to a multi-stage build and make
the HUB org/registry build time configurable.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Also convert to a multi-stage build and make the
make the HUB org/registry build time configurable.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The dhcpcd package only needs a basic alpine-baselayout and
dhcpcd. This reduces the size of the package from 4.3MB to 1.8MB.
Also make the HUB org/registry build time configurable.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
We only need the alpine-baselayout packe to run init. This also
removes the sha256 import from alpine:edge.
This also reduces the size of the init package by more than
50% to just 1.5MB.
Also make the HUB org/registry build time configurable.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Also make the HUB org/registry build time configurable
for these packages.
Others will be reworked in sub sequent commits.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Works around https://github.com/moby/moby/issues/33176 and fixes#1807.
Updated al users of linuxkit/runc:2649198589ef0020d99f613adaeda45ce0093a38 to
this new build.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
If a file is a simple string (as opposed to a map) then write it with the
default perms. This makes for slightly terser metadata when creating a simple
datafile.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
`ok` was not assigned when type casting to `map[string]interface{}` so the
subsequent check was testing a stale value.
Also, the error message upon failure had the wrong sense.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
There is no need for start-stop-daemon since this package
is using containerd. Remove it and update the init
package to alpine:edge
Also use the git tree hash for the package hash while at it.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Directly install the required packages from the Alpine base
image to compile the rngd package.
Also use the git tree hash for the package hash while at it.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This builds the dhcpcd package from a fixed Alpine 3.5 base and adds
the dhcpcd daemon from the Alpine base image. This should make the
build reproducible and allows us to use the git tree hash.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Bring it into line with official images: remove `jq`, `sfdisk` which
are not needed; we used them for disk mounting but this is down standalone.
Add the tools for other filesystems, which are needed for `dm`, `btrfs`.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Update examples/swap.yml to use latest linuxkit/swap image
Add comment to examples/swap.yml how to enable encryption
Add encrypt options to README
Make encrypted swap the default
Signed-off-by: Avi Deitcher <avi@deitcher.net>
for swap.sh, take any command-line options, not just those with an arg
that in turn requires a new hash on the example
Use latest 4.9.x kernel to keep in line with other examples
Replace (bash) herestring with (posix) heredoc in swap.sh, and update hash to match
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Not sure when this arrived but it was stopping anything running.
Appears not to be in the older test `init` containers.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Fix spaces after commas
Remove MAINTAINER
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Simplify swap.yml example to remove files section
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Switch swap.sh to sh from bash and remove bash from image
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Replace fallocate with dd and update calculation function to support it
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Fix indentation
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Change link to swap to just swap.sh
Signed-off-by: Avi Deitcher <avi@deitcher.net>
Fix indent
Signed-off-by: Avi Deitcher <avi@deitcher.net>
We were using Debian but Alpine more consistent. Use nested build.
Currently extract the hash in a nasty way but this can be fixed later
when we switch over hashing method.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This was missed when things were renamed.
The intention with this code was (apparently) to provide a (pseudo)unique
hostname in the case where something more specific was not provided (e.g. by
DHCP). Make this a little clearer by using '(none)' rather than 'linuxkit' as
the default, in the normal case this will be overwritten by something more
specific and if it isn't we will change it to something somewhat unique derived
from the MAC address (as before). nb: '(none)' is already used by Debian so I
think it is a safe choice as the sentinel value.
The use of both CONFIG_DEFAULT_HOSTNAME and the explicit /etc/hostname from
mkimage.sh is likely to be redundant in some cases, but neither seems to
completely cover all cases so keep both.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Previously the "tini" contained the entire build. Using the
multi-stage build creates a new "tini" base image, which only
contains the "/bin/tini". This image can be used as the base
image for packages requiring "tini".
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Because we are not yet using the image store, this requires a
patched `ctr` that can run a specified rootfs rather than an
image.
We will switch to the image store later, but this requires
extensive build changes.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Implementing a String() interface for each provider makes it
easier for users to prefix log strings with the provider.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Previously only `/var` was `rshared` but some people need to share
mounts in `/opt` etc so let us make everything `rshared` for now.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This package handles meta and user data for different cloud
and other platforms. It should be easy to extend to new
platforms.
Currently, it handles GCP metadata and a simple CDROM userdata
provider.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This is needed for cloud environments that want to get their metadata in
the onboot phase over the network.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Added to Docker example as Swarm mode likes time sync.
Note uses pool.ntp.org at present, on some providers it
should use a different source.
Constraints not enabled as they seem to have an issue;
possibly trying to set before network is up.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Instead of mounting a new filesystem, revert to doing a `rw` bind.
However do not make `/` `rshared`, just `/var` as that is where we expect
filesystems to be mounted for persistence. Also only make the actual
container rootfs writeable, not the whole directory.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
As suggested by @shykes these are clearer
- onboot for things that are run at boot time to completion
- services for persistent services
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Also add ca-certificates to base, needed to use `dist` to pull.
Make two stage builds for `containerd` and `runc` so they have a
from `scratch` second stage.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
It is not necessary to bring up `eth0`, the program does it fine.
This means we can remove shell script, clean up build.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This works and runs containers now, if you eg `runc exec` into it.
Needs a few tweaks for rlimits, but will pull and run containers.
Will integrate better with ssh/dev containers to make more usable.
For a simple test use
```
./bin/moby build examples/docker.yml
./bin/moby run hyperkit -disk-size 100 docker
```
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This is based on the code we used for Docker Editions, and
will format an external drive, to be used for example for
`/var` for Docker image persistence.
It does not `mount` the drive yet, as splitting format and mount
gives better modularity.
Example yaml fragment:
```
- name: format
image: "mobylinux/format:097d4f22b20f976b1f89d8f0b8a5d074d35b856c"
binds:
- /dev:/dev
capabilities:
- CAP_SYS_ADMIN
- CAP_MKNOD
```
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This is compatible with containerd 8353da59c6ae7e1933aac2228df23541ef8b163f
which was picked up by d2caae4c1a.
This required jiggering with riddler output some more to update to new OCI
config.json format for capabilities.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Since Makefile contains the hashes we need a dependency otherwise changing the
hashes does not necessarily result in the binaries getting updated.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
- now supports image pull and run end to end
- update runc to last version before spec update fix#1302
- remove ext2 utils from init
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This does not get everything where we want it finally, see #1266
nor the optimal way of building, but it gets it out of top level.
Added instructions to build if you have a Go installation.
Not moving `vendor` yet.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- remove remainder of editions code
- add a new check container to run tests without Docker
- switch over `make test` to use new command to build tests
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
