By default we want qemu to use the EFI firmware image in the qemu
container. However the logic in the code would always bind mount
the FW image into the container.
This commit changes the logic to only bind mount the FW image if
it was specified on the commandline.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The previous commit moved ovmf to the packages instead
of stashing it on the filesystem. This requires the
package to be installed here.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
We add the 'ovmf' to the mirror instead of installing
it in the rootfs. This way we record the version we are
using.
We already pull a few images (go, tini) from community
so may as well pull ovmf directly via 'packages.x86_64'.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
At present they use a small shared function called "prepare"
that does the read-write remounts, that I will switch to doing overlay
mounts soon.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
After #2289 we need to bind /etc/resolv.conf into the docker and kubelet
containers on both node and master.
Also since #2289 the metadata container requires /etc/resolv.conf to be
populated on the host, which means running DHCP earlier in oneshot onboot mode,
do so.
Signed-off-by: Ian Campbell <ijc@docker.com>
This commit adds a myriad of test cases to ensure the format and mount
and extend packages are working as expected
Signed-off-by: Dave Tucker <dt@docker.com>
This was split out from pkg/format into its own package.
It has the ability to extend ext4, btrfs and xfs partitions.
Signed-off-by: Dave Tucker <dt@docker.com>
This commit rewrites the mount package in Go.
It adds the ability to mount the by label, UUID or name.
It also fixes the automatic mount logic to check that a drive isn't
already mounted before attempting to mount it. This allows for multiple
uses of the mount pkg in a single YAML file.
Signed-off-by: Dave Tucker <dt@docker.com>
This commit re-writes the format package in Go and adds the ability to
add partition labels and also specify either ext4, btrfs or xfs
Signed-off-by: Dave Tucker <dt@docker.com>
This moves most of the initialisation of containers to the
service init in the `service` command.
Still leaves remounting root file systems read only but this
will go away shortly. Another step closer to removing shell
scripts in base system.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This is like the `push` target but omits the pulls and depends on forcetag
instead. With the git commit now being embedded into the image this is now a
necessary part of rebasing a PR for which images have already been pushed.
Also adds PHONY targets for existing forcetag and push targets which were
missing.
NB $(error) appends a "." to omit the final one from the error message
Signed-off-by: Ian Campbell <ijc@docker.com>
These tests run individual and a mix of namespace stress tests
mostly around networking and unix domain sockets where either
the client or the server of socket echo application is run inside
a container in different configurations:
- different protocols
- short or long lived connections
- different levels of concurrency
Tests are only run if the 'kernel' label is specified and more
detailed tests are run if the additional 'kernel-extra' label
is specified.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The previous version just created a network name space which does
not allow us to also test additional namespaces, e.g. for unix
domain sockets.
This commit uses runc to create a fully namespaced container to
run a test in. It creates a container, configures the network
interfaces in the new network namespace before starting the
container.
A OCI config.json template is used and then customised for a
given test based on command line arguments.
Finally, instead of iperf, we use the socket stress test from
https://github.com/linuxkit/virtsock as it provides finer-grained
control over the traffic patterns (e.g. long lived vs lots of
short lived connections).
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
We should always pull and push linuxkit/alpine with content trust
irrespective of architecture, unless explicitly disabled.
Currently, we have to dance around various other issues on arm64,
which are now documented in the Makefile.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
These contribute ~140M to the common image cache but do not appear to be used
by either the base system nor the sock-shop demo. They can/will still be pulled
on demands as necessary.
Signed-off-by: Ian Campbell <ijc@docker.com>
Bumps kubernetes and associated tools and images to v1.6.7 (from v1.6.1).
Updates weave from v1.9.4 to v2.0.1
Updates cni from a snapshot to v0.5.2. Note that the download location has
changed and the tarball no longer includes the `bin` subdirectory, so adjust
build to compensate.
Signed-off-by: Ian Campbell <ijc@docker.com>
Much smaller than the CentOS based one.
Note that ijc25/alpine-ssh has entrypoint==ssh.
Drop Compression=yes, this is used for local ssh so no point compressing (just uses CPU).
Signed-off-by: Ian Campbell <ijc@docker.com>
Remove `-publish` (which is currently Linux/QEMU specific) and replace with a
generic $KUBE_RUN_ARGS envvar. Usage:
KUBE_RUN_ARGS="-publish 2222:22" ./boot.sh
KUBE_PORT_BASE is thus obsolete and removed.
Signed-off-by: Ian Campbell <ijc@docker.com>
This follows the model in the hyperkit runner, although the options are
different.
The options are:
- `user`: the existing user mode networking (the default).
- `tap,«device»`: replaces the previous `-tap-device «device»` option.
- `bridge,«name»`: tap device on (preexisting) named bridge.
- `none`: No networking at all.
If not running as root then `bridge` mode requires host configuration
http://wiki.qemu.org/Features/HelperNetworking. TL;DR: you need to `chmod u+s`
the `qemu-bridge-helper` and to whitelist specific bridges in
`/etc/qemu/bridge.conf`.
Pass an explicit virtio nic and configure a random MAC since QEMU seems to use
the same one by default.
In the hyperkit runner the various `networking*` constants become
`hyperkitNetworking*` to avoid namespace clashes (e.g. for `None`). The QEMU
equivalents are `qemuNetworking*`.
Both hyperkit and qemu now support an explicit `-networking default` or
`-networking ''` to make scripting easier.
Signed-off-by: Ian Campbell <ijc@docker.com>
This is the same behaviour as the LinuxKit backend.
This populates /sys/class/dmi/id/product_uuid, which newer version of weave-net
appears to require.
Signed-off-by: Ian Campbell <ijc@docker.com>
