This commit fixes an issue reported on Slack where `linuxkit run` will
assume that a file that is neither a kernel or iso must be a disk image
without first checking that it exists. This would result in `qemu-img`
attempting to create a disk with 0 size due to the default behaviour of
creating disk images that do not exist.
Signed-off-by: Dave Tucker <dt@docker.com>
Latest `vndr` has changed its algorithm a bit. It also pointed out that we were missing
some things.
Move the `vendor` directory up to the `linuxkit` command, else it gets confused by packages
that have Go code in.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Continue to allow onboot to have duplicates as we do not run simultaneously
so that is ok (and we number them anyway), but services are run together
so we will get a runtime error if duplicated as this is the containerd/runc
id.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
We were pulling in this whole stack of packages just for `trust.ReleasesRole`.
Just define it locally.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Current implementation hardcodes the virtual machine as
"q35" for x86, this patch remove this hardcode and config
the machine type according to the arch the VM is running.
Also, in order to make sure the qemu can run on arm64 platform,
we need to specify the vcpu type in the command line.
Signed-off-by: Dennis Chen <dennis.chen@arm.com>
Note that various fields have changed moved around in the JSON as a result:
* `Platform` has been removed.
* `Process` is now a pointer.
* `OOMScoreAdj` has moved into `Process`, from `Linux.Resources` (resolving a
TODO here).
Also updates golang.org/x/sys which is less critical.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
This adds the OCI parts needed into the yaml, but there are still
permissions issues in practise so marked as experimental.
It may just need further documentation to resolve the issues.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
In order to support not running containers as root, allocate
each of them a uid and gid, a bit like traditional Unix system
service IDs. These can be referred to elsewhere by the name of
the container, eg if you wish to create a file owned by a
particular esrvice.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Allow setting ambient capabilities, as a seperate option to the standard
ones. If you are running as a non root user you should use these.
Note that unless you add `CAP_DAC_OVERRIDE` and similar permissions you
need to be careful about file ownership. Added support to set ownership
in the `files` section to help out with this.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Rather than build the image and have something weird happen, let's check
that the capabilities specified are actually valid capabilities.
Signed-off-by: Tycho Andersen <tycho@docker.com>
The default is set by probing for /dev/kvm. Use of KVM can be forcibly disabled
with `-enable-kvm=false`. Note that passing `-enable-kvm=true` when `/dev/kvm` is
not present still boots but complains:
Could not access KVM kernel module: No such file or directory
failed to initialize KVM: No such file or directory
Back to tcg accelerator.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
- this is pretty much the smallest change to split this out and it
exposes a few things that can be improved later
- no change to logging yet
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Allows routed networking, so long as you runhyperkit as root.
This has quite a few downsides, including the requirement to
run as root in order to set up the networking, but some people
really want VMs that are routable from the host.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- Use 'flags' for the subcommand FlagSet
- Use %v to print errors
- Use 'path' for the path
- Fix cases where the 'path' refers to a different directory
- Don't use CamelCase for command line options
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Based on the hyperkit runner's code.
project/kubernetes/boot.sh now works, although lack of network connectivity
between individual VMs remains an issue.
Also manually validated containerized operation with:
rm -rf kube-node-0-state && ../../bin/linuxkit run qemu --containerized -cpus 2 -mem 4096 -state kube-node-0-state -disk size=4G -data "foo bar" kube-node
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Modelled on the Hyperkit runner, for now only used for the disk.
This is one step closer to having project/kubernetes/boot.sh work on Linux.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
In the WIP code in `moby` we now have a standard base tarball format,
that includes the kernel and cmdline as files in `/boot` so that the
entire output of the yaml file can default to a single tarball. Then
this can be split back up by LinuxKit into initrd, kernel and cmdline
as needed. This will probably become the only output of the `moby build`
stage, with a `moby package` stage dealing with output formats.
We may remove the output format specification from the yaml file as well,
and just have it in the command.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Instead, make a hard link a symlink. This isn't much better, but it allows
some cases (e.g. installing GCC on moby via alpine) to work.
Signed-off-by: Tycho Andersen <tycho@docker.com>
This does not get everything where we want it finally, see #1266
nor the optimal way of building, but it gets it out of top level.
Added instructions to build if you have a Go installation.
Not moving `vendor` yet.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The Hyper-V backend is loosly based on the docker-machine code
as well as ./scripts/LinuxKit.ps1. It shells out to Powershell
for most of the configuration.
Console is provided by github.com/Azure/go-ansiterm/winterm
and the ode surrounding it is loosely based on the equivalent
code in containerd and moby/moby.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
commit bdf9b1f31a introduced a bug with disk size handling
where GB was not handled correctly. Fix it.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Most cloud providers allow disk size allocation on in units
of GB. Make it the default for linuxkit disk "size" arguments.
Users can override the unit by appending a M to the disk size.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This makes it easier to identify where a new backend should be added.
It's also simpler to match help text and case statements.
Signed-off-by: Dave Tucker <dt@docker.com>
- no longer uses several of the `mkimage-*` tools in favour of dogfooding
with `linuxkit` and using the `mkimage` package.
- fix the qemu docker container fallbacks to work better when multiple
paths are used for disks and the image.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
