For now the backends for the different formats do not yet
use the extracted ucode cpio archive, but '// TODO' are
placed for the backends which should eventually handle it.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This extends the kernel filter to also look for the CPU microcode
file if specified in the YAML. If found, the ucode cpio archive
is placed into the intermediate tar file as '/boot/ucode.cpio'.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This optional option will allow users to specify a CPU
microcode cpio archive to be prepended to the initrd file.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Pulls in:
f816553 Merge pull request #195 from ijc/prepend-rootfs-mounts
0a6d69d Prepend the rootfs mounts to the user specified runtime.mounts.
Signed-off-by: Ian Campbell <ijc@docker.com>
User specified mounts should be able to rely on the rootfs being mounted, in
particular for a writeable container they should expect the writeable overlay
to already be in place.
Signed-off-by: Ian Campbell <ijc@docker.com>
Will return the list of all hosts that are part of a vCenter DataCenter
and choose one at random to use.
Signed-off-by: Dan Finneran <daniel.finneran@gmail.com>
This simply starts a web server serving the specified directory.
It's useful for PXE booting.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This currently just copies the kernel/initrd to a destination
and writes the iPXE script there as well. The scheme is flexible
enough to support scp or other means for pushing in the future.
The kernel/initrd are conditionally decompressed (default for arm64).
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Using the userdat to pass the iPXE script precludes us from passing
actual userdata to the instance. Instead pass a URL to the iPXE script.
The script is expected to be a <base-url>/<name>-packet.ipxe.
When starting a server also serve the iPXE script from memory (not
the file system). The http server needed extending to differentiate
between the serving files and the iPXE script and ServeMux is used
to differentiate based on path.
A subsequent commit will provide an option to write the iPXE script
to disk.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
prefix packet.net specific functions with 'packet' and make
non-packet specific functions, such as validateHTTPURL()
more generic so that they can easily be moved to 'utils.go'
should they be needed elsewhere.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
656bd87fd2...d9d2a91780d9d2a91 Merge pull request #193 from ijc/bugfix-191
307f13b Defer dockerRm until we are finished with the contents
ebd7228 Merge pull request #191 from ijc/reduce-memory-via-tempfiles
3045a80 Stream `docker export` directly to consumer
9f44acf Generate intermediate image into a temp file
9558740 Add cpu and mem profiling options
Reduces the memory usage substantially.
While here make some notes about the need to update src/cmd/linuxkit/build.go
where people might see them.
Signed-off-by: Ian Campbell <ijc@docker.com>
Rather than queueing up into a `bytes.Buffer`.
In my test case (building kube master image) this reduces Maximum RSS (as
measured by time(1)) compared with the previous patch from 2.8G to 110M. The
tar output case goes from 2.1G to 110M also. Overall allocations are ~715M in
both cases.
Signed-off-by: Ian Campbell <ijc@docker.com>
All of the `output*` functions took a `[]byte` and immediately wrapped it in a
`bytes.Buffer` to produce an `io.Reader`. Make them take an `io.Reader` instead
and satisfy this further up the call chain by directing `moby.Build` to output
to a temp file instead of another `bytes.Buffer`.
In my test case (building kube master image) this reduces Maximum RSS (as
measured by time(1)) from 6.7G to 2.8G and overall allocations from 9.7G to
5.3G. When building a tar (output to /dev/null) the Maximum RSS fell slightly
from 2.2G to 2.1G. Overall allocations remained stable at around 5.3G.
Signed-off-by: Ian Campbell <ijc@docker.com>
The log.Fatal* calls will leak the vpnkit process since
defer functions are not invoked when os.Exit(int) is invoked
We register an ExitHandler with logrus - that'll be invoke when
log.Fatal* is called
Signed-off-by: Steve Hiehn <shiehn@pivotal.io>
Signed-off-by: Dave Protasowski <dprotaso@gmail.com>
This allows the `linuxkit/kubernetes` "image-cache" packages to use a standard
`linuxkit pkg build` based flow rather than requiring surrounding scaffolding.
Fixes#2766. Compared with the original (actually, the second) proposal made in
issue #2766, the field is `docker-images` rather than `images` to allow for
future inclusion of e.g. `containerd-images`.
Signed-off-by: Ian Campbell <ijc@docker.com>
You can use `linuxkit run vbox ...` to run using Oracle VirtualBox.
ISO or raw should be supported, and you can specify EFI.
Some more options may be useful in future.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
vpnkit mode has one or two arguments (eth socket and port control socket).
If splitting into only 2 then
vpnkit,vpnkit-state/eth.sock,vpnkit-state/port.sock
becomes
2: vpnkit
1: vpnkit-state/eth.sock,vpnkit-state/port.sock
rather than
0: vpnkit
1: vpnkit-state/eth.sock
2: vpnkit-state/port.sock
as desired.
Signed-off-by: Ian Campbell <ijc@docker.com>
- ENA networking is what the very new (and bare metal) machines have
- sriov "simple" mode is Intel VF passthrough
I reflect the underlying APIs, which is bool for ENA and a string
for sriov even though there is currently only one valid sriov option...
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This is a `moby.ImageConfig` struct which is marshalled into JSON and added as
the `org.mobyproject.config` label on the built image.
Convert `pkg/sysctl` as PoC.
Signed-off-by: Ian Campbell <ijc@docker.com>
The syntax used for the yaml definitions is changed by the need to include the
substruct in the struct literal.
For the label switch to `ImageConfig` directly, which is actually more correct
in that it avoids spurious `name` and `image` fields in the label.
Signed-off-by: Ian Campbell <ijc@docker.com>
Where "config-related" here means "ones you might find in the
"org.mobyproject.config" label on an image.
By making this new struct an anonymous member of the existing Image struct the
Go json parser does the right thing (i.e. inlines into the parent) when parsing
a complete image (from a yml assembly) by default. The Go yaml library which we
use requires a tag on the anonymous field to achieve the same.
Signed-off-by: Ian Campbell <ijc@docker.com>
