github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2026-02-03 12:23:49 +00:00
Code Issues Projects Releases Wiki Activity
3,334 Commits 1 Branch 31 Tags
c3d16e7289360a167df6484fb418dd0f00a6fd9a
Commit Graph

55 Commits

Author SHA1 Message Date
Rolf Neugebauer
6bea56c185 Update all YAML files to use the new packages 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-05-18 18:55:22 +01:00
Justin Cormack
60500940ab Merge pull request #1816 from ijc25/swarmd 
projects/swarmd: Updates
 2017-05-12 23:06:21 +01:00
Ian Campbell
5eee4c0607 pkg/runc: WORKDIR as first item in second stage 
Works around https://github.com/moby/moby/issues/33176 and fixes #1807.

Updated al users of linuxkit/runc:2649198589ef0020d99f613adaeda45ce0093a38 to
this new build.

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
 2017-05-12 19:23:27 +01:00
Ian Campbell
6c87493ec5 swarmd: Add metadata service 
Also update other users of linuxkit/metadata to the newest build while I'm
here.

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
 2017-05-12 19:10:49 +01:00
Justin Cormack
6a5f8099a4 Remove extra files from init 
fix #1807

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-05-12 15:36:13 +01:00
Justin Cormack
66d6d3a6e3 Update containers to use containerd 
Now the issues seem fixed, switch over to containerd.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-05-11 11:25:06 +01:00
Justin Cormack
61bbbf0808 Change containerd and runc to use multistage builds from new Alpine base 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-05-08 22:37:59 +01:00
Rolf Neugebauer
423957cfef Update YAML files to new packages 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-05-08 16:49:39 +01:00
Rolf Neugebauer
21f1646ce2 Update YAML files with new package hashes 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-05-04 22:27:59 +01:00
Justin Cormack
3bd53067fb Update yaml files with new ca-certificates 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-05-03 16:43:24 +01:00
Riyaz Faizullabhoy
664ebae2bd Verify newly signed binfmt and/or rngd images on build for examples and 
tests

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-26 12:09:33 -07:00
Justin Cormack
713046e158 Update ca-certificates to be based on Alpine and use nested build 
We were using Debian but Alpine more consistent. Use nested build.

Currently extract the hash in a nasty way but this can be fixed later
when we switch over hashing method.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-26 15:24:26 +01:00
Rolf Neugebauer
3ba9d8064b YAML: Update standard yml files to use the new rngd image 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-24 18:41:27 +01:00
Justin Cormack
2709ee88bc Split build and push, and remove push code from run 
This currently only changes the `gcp` target, but is the new
model - the `build` command will only do things locally, then
you need to `push` to an image store such as GCP or other ones
in order to `run` for platforms that cannot boot directly from
a local image.

Fix #1618

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-24 17:12:05 +01:00
Justin Cormack
f8a6193845 Move more images to new hub org 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-16 20:28:33 -05:00
Rolf Neugebauer
24ff9b75d8 examples: Don't make the metadata container readonly 
It needs to create the /cdrom mountpoint

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-14 11:57:24 -05:00
Justin Cormack
72c3f9cfa2 More renames to LinuxKit 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-14 11:47:24 -05:00
Riyaz Faizullabhoy
9609010ea8 Also update ymls 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-13 09:17:14 -07:00
Rolf Neugebauer
a1ce71cd0a Update YAML files with new metadata package 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-12 16:20:41 +01:00
Rolf Neugebauer
27a3eee6dc gcp: Switch GCP to the new metadata package 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-12 15:39:08 +01:00
Justin Cormack
e4213f1582 Merge pull request #1602 from justincormack/slash-rshared 
Make / rshared
 2017-04-12 13:39:31 +01:00
Justin Cormack
3c326bebdf Make / rshared 
Previously only `/var` was `rshared` but some people need to share
mounts in `/opt` etc so let us make everything `rshared` for now.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-12 13:10:46 +01:00
Rolf Neugebauer
5541d5840f gcp: Set up DHCP and resolv.conf bind mount properly 
The DHCP client updates /tmp/etc/resolv.conf and this needs
to be bind mounted into the other containers.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-12 12:26:30 +01:00
Rolf Neugebauer
b0629176ab examples: Don't use a file section if you don't need it 
Exception is ./moby.yaml where it serves as an example.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-12 12:26:30 +01:00
Rolf Neugebauer
a59e24b4fa example: Don't use the full @sha25t version of images 
The sha1 tag should be sufficient to uniquely identify the image
and the sha256 versions are just very long...

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-12 12:24:02 +01:00
Justin Cormack
2c7628c101 Support dhcpcd in one shot mode as well 
This is needed for cloud environments that want to get their metadata in
the onboot phase over the network.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-11 14:58:57 +01:00
Riyaz Faizullabhoy
5f90faeafa init: update main moby example and tests 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-10 11:59:23 -07:00
Justin Cormack
bc23fde1c2 Use the real default containerd toml config 
Rather than an empty one.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-10 16:25:13 +01:00
Justin Cormack
9ee52aa966 Rework how /var is mounted 
Instead of mounting a new filesystem, revert to doing a `rw` bind.

However do not make `/` `rshared`, just `/var` as that is where we expect
filesystems to be mounted for persistence. Also only make the actual
container rootfs writeable, not the whole directory.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-10 11:28:00 +01:00
Justin Cormack
f079f7a7cd Update to new init container with mount changes 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-09 13:52:45 +01:00
Rolf Neugebauer
733e8f3307 config: Remove unused binfmt container 
A few YAML files include the binfmt container, where it's not really
needed. Remove it to make the samples simpler.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-09 10:09:00 +01:00
Justin Cormack
e0aced6be0 Merge pull request #1550 from justincormack/rootfs-mountpoint 
Make each rootfs a mountpoint by binding
 2017-04-09 09:52:23 +01:00
Justin Cormack
fb5d6a8fad Add an (empty) config file for containerd 
It needs one now.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-08 21:38:31 +01:00
Justin Cormack
c40351a0a8 Make each rootfs a mountpoint by binding 
Otherwise shared mounts do not work correctly with `runc`.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-08 21:10:30 +01:00
Justin Cormack
eb22d6909f system → onboot daemon → services 
As suggested by @shykes these are clearer

- onboot for things that are run at boot time to completion
- services for persistent services

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-08 16:56:47 +01:00
Ilya Dmitrichenko
a3638a2b8f Make sshd example usefull for debugging 
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
 2017-04-08 12:49:51 +01:00
Riyaz Faizullabhoy
a947ded0fb Enforce content trust with trust key and yaml subkeys for image and org 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-07 16:29:25 -07:00
Justin Cormack
a54a694772 Split out init to have standalone runc, containerd 
Also add ca-certificates to base, needed to use `dist` to pull.

Make two stage builds for `containerd` and `runc` so they have a
from `scratch` second stage.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-07 16:25:18 +01:00
Justin Cormack
d9faecdee9 Make init accept a list of images not just a single one. 
fix #1527

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-07 14:25:28 +01:00
Thomas Gazagnaire
226d394d15 update runc to version ac50e77bbb440dcab354a328c79754e2502b79ca 
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-07 11:46:34 +02:00
Justin Cormack
dbb67e969b Merge pull request #1298 from riyazdf/readonly-rootfs 
Remount rootfs as read-only after init, /var and /containers mounted as rw
 2017-04-06 18:35:44 +01:00
Riyaz Faizullabhoy
8ba64546eb Remount rootfs as read-only after init, /var and /containers mounted as 
read-write

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-06 09:30:46 -07:00
Justin Cormack
dc1818147c Merge pull request #1522 from dave-tucker/gce-gcp 
Use GCP everywhere for consistency
 2017-04-06 17:27:15 +01:00
Dave Tucker
df1c66dd04 moby: Replace references to GCE with GCP 
Signed-off-by: Dave Tucker <dt@docker.com>
 2017-04-06 17:00:53 +01:00
Justin Cormack
0a030dc219 Clean up dhcpcd container 
It is not necessary to bring up `eth0`, the program does it fine.

This means we can remove shell script, clean up build.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-06 15:32:22 +01:00
Ian Campbell
2b54e18f9f Drop unnecessary use of start-stop-daemon with containerd. 
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
 2017-04-06 09:34:38 +01:00
Ian Campbell
8270bdfe33 Use exec in a couple of places to avoid needless lingering /bin/sh processes 
```
$ apk -U add procps
$ ps xf
    1 ?        Ss     0:05 /sbin/init
  357 ?        Ss     0:00 /bin/sh /etc/init.d/containerd
  359 ?        Sl     0:00  \_ /usr/bin/containerd
  360 ?        Ss     0:00 /bin/sh /etc/init.d/containers
  432 ?        Sl     0:00  \_ /usr/bin/runc run --bundle /containers/daemon/swa
  466 ?        Ssl    0:00  |   \_ /usr/bin/swarmd --containerd-addr=/run/contai
  427 ?        Sl     0:00  \_ /usr/bin/runc run --bundle /containers/daemon/dhc
  457 ?        Ss     0:00  |   \_ bin/sh /usr/local/bin/start_dhcpcd.sh
  474 ?        S      0:00  |       \_ /sbin/dhcpcd --nobackground
  429 ?        Sl     0:00  \_ /usr/bin/runc run --bundle /containers/daemon/rng
  576 ?        Ss     0:00      \_ /bin/tini /usr/sbin/rngd -f
  580 ?        S      0:00          \_ /usr/sbin/rngd -f
```

becomes

```
$ ps xf
    1 ?        Ss     0:06 /sbin/init
  358 ?        Ss     0:00 /bin/sh /etc/init.d/containers
  426 ?        Sl     0:00  \_ /usr/bin/runc run --bundle /containers/daemon/dhc
  458 ?        Ss     0:00  |   \_ /sbin/dhcpcd --nobackground
  431 ?        Sl     0:00  \_ /usr/bin/runc run --bundle /containers/daemon/swa
  460 ?        Ssl    0:00  |   \_ /usr/bin/swarmd --containerd-addr=/run/contai
  428 ?        Sl     0:00  \_ /usr/bin/runc run --bundle /containers/daemon/rng
  574 ?        Ss     0:00      \_ /bin/tini /usr/sbin/rngd -f
  578 ?        S      0:00          \_ /usr/sbin/rngd -f
  356 ?        Ssl    0:00 /usr/bin/containerd

```

Specifically these are gone:
  357 ?        Ss     0:00 /bin/sh /etc/init.d/containerd
  457 ?        Ss     0:00  |   \_ bin/sh /usr/local/bin/start_dhcpcd.sh

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
 2017-04-06 09:34:38 +01:00
Justin Cormack
c21996fc0b Fix indentation in examples/gcp.yml 
Yaml is fussy...

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-05 16:24:03 +01:00
Ian Campbell
decc6b46ff Update example DHCP containers with oom_score_adj -> oomScoreAdj 
Looks like this was missed when #1316 was rebased over #1474.

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
 2017-04-05 10:28:13 +01:00
Riyaz Faizullabhoy
a33b9ff4b1 dhcpcd system container 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-04 08:23:47 -07:00