Tweak the config to use RDSEED or (fallback) RDRAND. Makes sure
we have initial random seed in cases where there is no other
random source if these are supported.
The default config in Alpine currently disables these, which makes
it pretty useless, as there is no motherboard rng support any more.
Replaces #517Fix#514Fix#183
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Previously we used the defaults (main and community) but we
currently only need main, but are likely to need some packages
from edge soon.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Model for the others, make sure dependencies are correct and that
only the exactly correct things are passed to Docker. No longer copy
vendor directory.
Signed-off-by: Justin Cormack <justin@specialbusservice.com>
This was added in #87 to support Kubernetes, but they no longer
support install via Docker so can remove.
Hopefully we have not started requiring this for anything else.
Signed-off-by: Justin Cormack <justin@specialbusservice.com>
This tags a base Alpine image with the packages we use by finding
the has of the package install manifest and using that to tag
the image on hub.
Hub org needs changing, and not sure how this will work out yet.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This uses the new Alpine sysfs.conf service to allow config of sysfs.
Default file that sets transparent huge pages to only be used on request
to fix#368
Database setting available for user configuration.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Several people have asked for this for processing JSON config
data, and about to do some myself and parsing with a regex is
not so nice.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
We want be able to build kernels for different archs without that they
clash with each other so we but the generated files into an $arch subdir.
Signed-off-by: Natanael Copa <natanael.copa@docker.com>
Not really required as ports exposed on localhost. If users
want to connext to VM ports they can use the IP address, as
this is discouraged. llmnr names are very slow to access,
so not nice to use.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This was there to workaround an issue with vmnet, not applicable now.
A user reported that they were getting unexpected 8.8.8.8 addresses
and it could possible be applied erroneously under some circumstances.
Signed-off-by: Justin Cormack <justin@specialbusservice.com>
fix#153
For now, just create the default remap user, rather than trying
to fix the command emulation. The existing code in docker is not
ideal, as it is GNU specific, try to find a better option for
1.13.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Beginning of a proper test suite, using qemu. Test just runs docker
for now, will add further integration tests.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This is less to do with installing modules (which we generally don't expect to
use in Moby) but to populate /lib/modules/`uname -r`/modules.builtin which
turns:
moby:~# modprobe ip_vs
modprobe: FATAL: Module ip_vs not found in directory /lib/modules/4.4.14-moby
moby:~# modprobe nf_nat
modprobe: FATAL: Module nf_nat not found in directory /lib/modules/4.4.14-moby
moby:~#
into:
moby:~# modprobe ip_vs
moby:~# modprobe nf_nat
moby:~#
which reduces the amount noise in the logs, e.g. in docker.log:
time="2016-07-04T11:21:58Z" level=warning msg="Running modprobe nf_nat failed with message: `modprobe: WARNING: Module nf_nat not found in directory /lib/modules/4.4.14-moby`, error: exit status 1"
A fair number of these appear in the logs.
This also stops various tools logging about /lib/modules/`uname -r` not
existing (there was one in the boot log until recently I think)
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
This is mac only (for now) and will not actually do anything until syslogd is
told to forward to /var/run/syslog.vsock.
syslog uses a SOCK_DGRAM connection to /var/run/syslog.vsock, however vsock
today is SOCK_STREAM only, so we need to "packetise" the stream. Do so by
writing the datagram length as a (little-endian) uint32 before the data itself.
This is slightly modelled after rfc6587 (syslog over TCP) but simplified by
using a 4-byte binary value rather than ASCII digits.
Arrange for vsudd to start before the logger so it is ready and waiting.
Note that the code in vsyslog.go needs to be rather careful about its own
logging, in particular logging forwarding failures over syslog seems likely to
make things worse. Instead this file logs to the console when errors occur,
this will be captured by the logging of the hyperkit VM console.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Reconfigure chronyd in a udhcpc post-bound hook and restart it, but use
conditionalrestart so it is not started if it isn't running, which is the case
during boot when this hook happens from init.d/networking via ifup, running
"service ... start" in that context results in the daemon running but the
service db saying it isn't.
Doing it in the udhcpc hook leaves a nice hole where support for getting the
NTP server via DHCP can fit in once it is available.
This also switches from using "initstepslew" to "makestep", the former was
responsible for the long delay starting chronyd (meaning we can now drop
"before chronyd" from Docker's init dependencies), while the later will force a
step if the time is out by more than the configured amount (half a second
here), meaning it will be corrected on resume. The rest of the time it chrony
will do the usual slewing to keep the clock accurate. Passing -1 as the limit
to "makestep" ensures the step will always occur, if it were positive it would
only be done that number of times.
We add "iburst" and "minpoll 2" to the default configuration file to speed up
initial sync and resync after sleep respectively, resync after sleep happens in
a couple of seconds. In "ntp=gateway" mode we also patch in "trust", this isn't
in the default config file since we won't be so sure about DHCP provided
servers, but when talking to a host provided NTP we want to use its time (for
sync accross host mounts) even if it has a crazy idea about what the time is.
With this we can also remove the 15min ntp sync, which in turn gets rid of the
need for cron.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
