github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-10-27 11:09:24 +00:00
Code Issues Projects Releases Wiki Activity
2,884 Commits 1 Branch 31 Tags
a06e6bbb37e0a20ef35d78d64e145f891db1cb15
Commit Graph

174 Commits

Author SHA1 Message Date
Mickaël Salaün
792238f5cb landlock: Add kernel_config{,.debug} 
Based on kernel_config{,.debug} from commit
724561bf69

Enable Landlock and userland sandbox example:
* CONFIG_SECURITY_LANDLOCK=y
* CONFIG_SAMPLES=y

Signed-off-by: Mickaël Salaün <mic@digikod.net>
 2017-04-09 19:45:24 +02:00
Mickaël Salaün
c6b3c62b83 landlock: Link to project 
Signed-off-by: Mickaël Salaün <mic@digikod.net>
 2017-04-09 19:45:24 +02:00
Rolf Neugebauer
733e8f3307 config: Remove unused binfmt container 
A few YAML files include the binfmt container, where it's not really
needed. Remove it to make the samples simpler.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-09 10:09:00 +01:00
Riyaz Faizullabhoy
9effac329a landlock: start project, add roadmap doc 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-08 20:05:39 -07:00
Justin Cormack
fb5d6a8fad Add an (empty) config file for containerd 
It needs one now.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-08 21:38:31 +01:00
Rolf Neugebauer
875cb565e3 demo: Update etcd README 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:38:53 +01:00
Rolf Neugebauer
31a4156686 demo: Add formatting and mounting to etcd image 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:38:53 +01:00
Rolf Neugebauer
a3d20abdb6 demo: Add a disk to the etcd image 
etcd works better with a persistent storage. So configure a
disk and add the formatting container to the image.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:38:53 +01:00
Rolf Neugebauer
6407cf360b demo: Update YAML files to new init section layout 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:37:17 +01:00
Rolf Neugebauer
b5dd0315e2 demo: Make sure the infrakit 'cli' directory exists 
Otherwise there is a warning on first use.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:32:25 +01:00
Justin Cormack
eb22d6909f system → onboot daemon → services 
As suggested by @shykes these are clearer

- onboot for things that are run at boot time to completion
- services for persistent services

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-08 16:56:47 +01:00
Ilya Dmitrichenko
54835a1d67 Fix typo 
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
 2017-04-08 05:53:31 +01:00
Ilya Dmitrichenko
12d6e38b48 Use directory: true instead fo writing a dummy file 
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
 2017-04-08 05:53:22 +01:00
Rolf Neugebauer
4520daa753 demo: Updated docs and added socat forwarding container 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 15:43:03 +01:00
Rolf Neugebauer
57f41c4b5a demo: Update YAMLS files 
New init for RO filesystem, updated DHCPD

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 15:43:03 +01:00
Rolf Neugebauer
f718d4195f demo: Add URL to modified VPNKit 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 15:43:03 +01:00
Rolf Neugebauer
f0961b8897 demo: Add a dockerfile to run etcdctl agains the local cluster 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 15:43:03 +01:00
Rolf Neugebauer
c660ca5ac4 demo: Create a cluster of 5 etcd daemons 
Also tweak the shell script a little and give the local and GCP
infrakit group different names.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 15:43:03 +01:00
Rolf Neugebauer
9878cabd1e demo: Add script to start infrakit 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 15:43:02 +01:00
Justin Cormack
d9faecdee9 Make init accept a list of images not just a single one. 
fix #1527

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-07 14:25:28 +01:00
Thomas Gazagnaire
81debfcd74 miragesdk: update README with moby build/run instructions 
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-07 12:13:06 +02:00
Thomas Gazagnaire
914d27bed9 miragesdk: remove CAP_SYS_PTRACE 
Since https://github.com/opencontainers/runc/pull/774 we don't need this anymore.

Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-07 12:10:35 +02:00
Thomas Gazagnaire
d289de6416 miragesdk: update to latest runc 
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-07 12:10:35 +02:00
Rolf Neugebauer
93a9a827b6 demo: Update documentation 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 10:52:40 +01:00
Rolf Neugebauer
01e39a16ac demo: Tweak etcd start script 
Try joining a new cluster initially. If that fails try to join
an existing cluster.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 10:52:40 +01:00
Rolf Neugebauer
17e4aa3e58 demo: Increase memory of etcd VMs to 1G 
512MB is too small to install etcd via apk in the RAM disk.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 10:52:40 +01:00
Justin Cormack
f4127faec3 Merge pull request #1526 from samoht/runc-calf 
miragesdk: start the calf using runc
 2017-04-07 10:42:58 +01:00
Ilya Dmitrichenko
961acc4c21 Working Kubernetes master 
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
 2017-04-07 10:09:10 +01:00
Thomas Gazagnaire
a60ac17233 miragesdk: start the calf using runc 
`nested runc` unfortunately needs a lot of caps/privileged. The removal of `readonly: true` is also a bit unfortunate.

Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-06 19:39:21 +02:00
Thomas Gazagnaire
05089f9249 Merge pull request #1469 from samoht/system-handlers 
mirage-sdk: add system handlers
 2017-04-06 19:28:36 +02:00
Justin Cormack
0511e13bd4 Merge pull request #1523 from rneugeba/demo-cloud 
Update demo files/config/docs
 2017-04-06 18:10:27 +01:00
Ilya Dmitrichenko
e68e42c0fa WIP Kubernetes 
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
 2017-04-06 17:57:48 +01:00
Rolf Neugebauer
dca2b4d223 demo: Add files/instructions for a GCP based etcd cluster 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-06 17:44:19 +01:00
Rolf Neugebauer
2bd75a621d demo: Switch etcd bootstrap from discovery service to static IPs 
This makes the configuration simpler but requires us to be able
to set IP addresses on instances.

This also, for simplicity, reduces the number of nodes to 3.

The script does not make assumption about specific IP addresses,
but does assume that the nodes have IP addresses such as:
a.b.c.200, a.b.c.201, and a.b.c.202.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-06 17:22:56 +01:00
Thomas Gazagnaire
bb536803be miragesdk: use the latest image dhcp-client image 
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-06 17:44:25 +02:00
Thomas Gazagnaire
f44e2ffbcb miragesdk: cleaner errors 
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-06 17:44:25 +02:00
Thomas Gazagnaire
fd447ee082 miragesdk: really allow to configure the DB path with the CLI 
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-06 17:44:24 +02:00
Thomas Gazagnaire
4437c4a23b miragesdk: add a config.json file for the calf 
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-06 17:44:24 +02:00
Thomas Gazagnaire
f5306b23ef miragesdk: fix the fork/exec init code and add a test 
Make all the low-level init code synchronous to avoid weird blocks on `close`.
Also move the net and ctl file descriptor at the beginning of the fd space for
the calf.

The SDK also allow to spamn multiple exec calves, which will all have the same
fd map:

- 0: stdin  = /dev/null
- 1: stdout = pipe to parent stdout
- 2: stderr = pipe to parent stderr
- 3: net    = socketpair to parent "net" pipe
- 4: ctl    = socketpair to parent "ctl" pipe

Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-06 17:44:24 +02:00
Thomas Gazagnaire
3cec2b1f5e miragesdk: refactor the SDK 
Expose a non-unix dependent flow-like API, so it is easier to test/use in a
unikernel.

Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-06 17:44:24 +02:00
Thomas Gazagnaire
a07952d4e6 miragesdk: shell out to ifconfig and ip to set the IP and routes 
This forces us to bind mount /lib but will be replaced by calling the proper
bindings later on.

Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-06 17:44:24 +02:00
Thomas Gazagnaire
0938ae44f6 miragesdk: fail early on short read/write returning 0 
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-06 17:44:24 +02:00
Thomas Gazagnaire
25d3e42204 miragesdk: update init image 
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-06 17:44:24 +02:00
Justin Cormack
0a030dc219 Clean up dhcpcd container 
It is not necessary to bring up `eth0`, the program does it fine.

This means we can remove shell script, clean up build.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-06 15:32:22 +01:00
Justin Cormack
6917f6d23a Merge pull request #1488 from t-koulouris/master 
[WIP] Support launching containers in outer-kernel mode for moby-okernel demo
 2017-04-06 11:48:06 +01:00
Rolf Neugebauer
fdee4a099c demo: Fix JSON file 
This was corrupted broken by a previous commit.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-06 11:32:26 +01:00
Ian Campbell
2b54e18f9f Drop unnecessary use of start-stop-daemon with containerd. 
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
 2017-04-06 09:34:38 +01:00
Ian Campbell
8270bdfe33 Use exec in a couple of places to avoid needless lingering /bin/sh processes 
```
$ apk -U add procps
$ ps xf
    1 ?        Ss     0:05 /sbin/init
  357 ?        Ss     0:00 /bin/sh /etc/init.d/containerd
  359 ?        Sl     0:00  \_ /usr/bin/containerd
  360 ?        Ss     0:00 /bin/sh /etc/init.d/containers
  432 ?        Sl     0:00  \_ /usr/bin/runc run --bundle /containers/daemon/swa
  466 ?        Ssl    0:00  |   \_ /usr/bin/swarmd --containerd-addr=/run/contai
  427 ?        Sl     0:00  \_ /usr/bin/runc run --bundle /containers/daemon/dhc
  457 ?        Ss     0:00  |   \_ bin/sh /usr/local/bin/start_dhcpcd.sh
  474 ?        S      0:00  |       \_ /sbin/dhcpcd --nobackground
  429 ?        Sl     0:00  \_ /usr/bin/runc run --bundle /containers/daemon/rng
  576 ?        Ss     0:00      \_ /bin/tini /usr/sbin/rngd -f
  580 ?        S      0:00          \_ /usr/sbin/rngd -f
```

becomes

```
$ ps xf
    1 ?        Ss     0:06 /sbin/init
  358 ?        Ss     0:00 /bin/sh /etc/init.d/containers
  426 ?        Sl     0:00  \_ /usr/bin/runc run --bundle /containers/daemon/dhc
  458 ?        Ss     0:00  |   \_ /sbin/dhcpcd --nobackground
  431 ?        Sl     0:00  \_ /usr/bin/runc run --bundle /containers/daemon/swa
  460 ?        Ssl    0:00  |   \_ /usr/bin/swarmd --containerd-addr=/run/contai
  428 ?        Sl     0:00  \_ /usr/bin/runc run --bundle /containers/daemon/rng
  574 ?        Ss     0:00      \_ /bin/tini /usr/sbin/rngd -f
  578 ?        S      0:00          \_ /usr/sbin/rngd -f
  356 ?        Ssl    0:00 /usr/bin/containerd

```

Specifically these are gone:
  357 ?        Ss     0:00 /bin/sh /etc/init.d/containerd
  457 ?        Ss     0:00  |   \_ bin/sh /usr/local/bin/start_dhcpcd.sh

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
 2017-04-06 09:34:38 +01:00
Rolf Neugebauer
df5c858d38 demo: Use IP addresses as Logical IDs in etcd infrakit config 
Instead of specifying the number of instances, provide a list
of IP addresses for instances. These are passed to the instance
plugin as LogicalID.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-05 18:01:52 +01:00
Rolf Neugebauer
dd58bd75eb Merge pull request #1495 from rneugeba/demo-up 
Update demo project
 2017-04-05 11:12:28 +01:00