- Update VMBus lockup patch (0009) based on the one submitted to LKML
- Remove hack to forcea TimeSync protocol to version 3 (0005)
- Properly cherry-pick patch 0008 (was missing the cherry-pick reference)
- Add a new patch which properly negotiates the TimeSync protocol (0012)
- The latter required cherry-picking 0010 and 0011
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- simplify the process by having the riddler container build the rootfs and config
- output tarred up rootfs and config.json as otherwise file ownership not preserved
- allow easy build of a collection of container tarballs with another conversion script
This makes it easy to choose which container images you want and just convert any
set to a initrd image
```
tar cf - container1.tar container2.tar | docker run -i tartar2initrd > initrd.img
```
Next stage will use a manifest to select the ones to add for each edition.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This is mainly for testing.
You can run with something like
```
docker run -v ~/.ssh/id_rsa.pub:/root/.ssh/authorized_keys -p 2222:22 -e TINI_SUBREAPER=1 --pid=host mobylinux/sshd:36c44542d8120e384c724a078e3e489f7a58382c
```
if you want to run in the host pid namespace. You must provide an
authorized key, you may provide a host key.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Using docker build is slower and needs lots of Dockerfiles,
while a single image with a careful script can accept any type
of image, either with `-v` to share into `/tmp` for interactive
use (where you need the input and a tty, or by adding a tarball
for cases where there is no login such as running tests, so you
can still use a remote daemon in these cases.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Move to the development track of `containerd` not the legacy 0.2
branch. The commands have changed a bit.
This does increase the image size as we are bundling the Docker
copy and our copy, and the new one is larger as it is growing features.
Hopefully Docker will shrink eventually. Also we may replace `ctr`
with a library.
Fix#1029
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Add basic database setup for AWS, GCP although these are not yet used
by the setup code but will be useful later.
Currently each is gated by `mobyplatform` but this can be removed once we
construct Moby per platform, and once these are containerised so they
are not run from `openrc`.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Previously we allocated `sizeof(struct ring) + size`. This patch
allocates `sizeof(struct ring)` and then `size` for the payload
separately. Hopefully the payload will be better aligned.
Signed-off-by: David Scott <dave.scott@docker.com>
This patch adds a simple ring buffer implementation and uses it to buffer
the reads and writes to/from the AF_HYPERV socket and tap file descriptor.
This removes the need to perform small reads and writes for the per-packet
headers and allows a read on the Hyper-V socket to block at the same time
as a write to the tap device (and vice-versa)
The configuration in the init.d script is:
- a max message size (individual read or write) of 8192. Experimentally
this seems to be the largest completely reliable size across the Windows
versions we can support. Messages of length 16384 sometimes fail.
- a buffer size of 256KiB in each direction.
Single stream TCP throughput as measured by iperf increases modestly, by
another 100Mbit/sec.
Signed-off-by: David Scott <dave.scott@docker.com>
In #1057 removed the 9p paths from the database mount
but that broke some users accessing them directly. Fix these.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The four new patches prevent swamping VMBus with too many
notifications which, eventually, let Hyper-V assume there is
a DoS attempt and would thus throttle the VM for up to 5s.
The first three new patches were cherry-picked from upstream.
The final patch was received by email. Will update once it
has been submitted/accepted upstream.
Generated from: https://github.com/rneugeba/linux-stable/tree/v4.9.5-moby
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
