vpnkit mode has one or two arguments (eth socket and port control socket).
If splitting into only 2 then
vpnkit,vpnkit-state/eth.sock,vpnkit-state/port.sock
becomes
2: vpnkit
1: vpnkit-state/eth.sock,vpnkit-state/port.sock
rather than
0: vpnkit
1: vpnkit-state/eth.sock
2: vpnkit-state/port.sock
as desired.
Signed-off-by: Ian Campbell <ijc@docker.com>
- ENA networking is what the very new (and bare metal) machines have
- sriov "simple" mode is Intel VF passthrough
I reflect the underlying APIs, which is bool for ENA and a string
for sriov even though there is currently only one valid sriov option...
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This is a `moby.ImageConfig` struct which is marshalled into JSON and added as
the `org.mobyproject.config` label on the built image.
Convert `pkg/sysctl` as PoC.
Signed-off-by: Ian Campbell <ijc@docker.com>
This code was identical in the QEMU and HyperKit cases. Move it to util.go and
wrap it in a function, with minimal changes for returning an error.
Signed-off-by: Ian Campbell <ijc@docker.com>
This is not in most examples, but is in the Packet example, and
causes a duplicated console.
fix#2735
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
With the switch to github.com/satori/go.uuid this is no
longer needed. Strangely, it was not in vendor.conf...
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
When hyperkit is used with VPNKit we can "publish" VM ports
on localhost by using an API to the VPNKit process.
This commit adds a "-publish" flag to the hyperkit backend
exposing this functionality. "-publish" can be used multiple
times and is used the same way as for the qemu backend.
Other changes:
- Use 'github.com/google/uuid' as the 'uuid' package since
VPKNkit uses it
- use 'vpnkit' prefix instead of 'vpnKit'
- Improve logging
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
The type of the guest and host ports should be uint16 not int. Also
make them public member of the PublishPort structure.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This code will soon be shared by other backends.
While at it, also rename the type to PublishPort (from publishPorts)
as it is just one Port and the function from splitPublish() to
NewPublishPort() as this seems more go like.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
On Linux the default is /dev/random which may block if there
is not enough entropy (and it determines lack of entropy
conservatively). /dev/urandom never blocks but is fed from
the same entropy source as /dev/random so this change should
not affect platforms which have hardware RNGs but helps to
prevent stalls on platforms, in particular some arm64 platforms,
where the hardware RNG is either not present or not enabled.
If you really care about proper entropy inside a VM do not use
'linuxkit run', it's mostly for testing and shouldn't be used
for production anyway.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This fixes issue #2635 related to no network being passed during an
image upload as no network is required. However a hostname is still
required due to vCenter handing the upload to a vSphere server and it’s
DataStore.
Signed-off-by: Dan Finneran <daniel.finneran@gmail.com>
Pulling the arch suffixed version does not provide any assurance that a
previous build was actually completed.
Signed-off-by: Ian Campbell <ijc@docker.com>
There is more to do on these, but clean up some unused variables,
missing args, stray `\n` etc.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Detect if this is the case by checking if the given path is not in git and
conditionalising anything which would touch git.
Images built from outside git will, in the absence of options to force
otherwise, get tagged "latest".
Fixes: #2613
Signed-off-by: Ian Campbell <ijc@docker.com>
Currently all forward it to os.Stderr, but in my next patch I will want to
direct to /dev/null for one command.
Signed-off-by: Ian Campbell <ijc@docker.com>
Ensure that all git commands are run as if from the package directory using the
`-C` option. Otherwise the various attempts to use git fail if `linuxkit pkg`
is invoked from outside the git repo.
Signed-off-by: Ian Campbell <ijc@docker.com>
