This is temporary, it should be under `containers/` just as soon
as we have a manifest setup.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Do not build by default, as we are not using yet.
Clean up the gitignores at the same time as they were affected.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This means the base system build and kernel build can be split
without dependencies, and just assembled later.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- simplify the process by having the riddler container build the rootfs and config
- output tarred up rootfs and config.json as otherwise file ownership not preserved
- allow easy build of a collection of container tarballs with another conversion script
This makes it easy to choose which container images you want and just convert any
set to a initrd image
```
tar cf - container1.tar container2.tar | docker run -i tartar2initrd > initrd.img
```
Next stage will use a manifest to select the ones to add for each edition.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Move to the development track of `containerd` not the legacy 0.2
branch. The commands have changed a bit.
This does increase the image size as we are bundling the Docker
copy and our copy, and the new one is larger as it is growing features.
Hopefully Docker will shrink eventually. Also we may replace `ctr`
with a library.
Fix#1029
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Add basic database setup for AWS, GCP although these are not yet used
by the setup code but will be useful later.
Currently each is gated by `mobyplatform` but this can be removed once we
construct Moby per platform, and once these are containerised so they
are not run from `openrc`.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Missed these before, noticed while making a new one.
Also a copy paste error left one shasum incorrect.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
See `docs/ebpf.md` for how to use. This is built by CI or you can build
manually if you customise the kernel.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
+ Use `make gce-upload` to auth and upload
+ Use `FORCE_GSUTIL_AUTH=0 make gce-upload` to
reuse previous auth information
Signed-off-by: David Gageot <david@gageot.net>
This way it runs as root so files always owned by root.
Fix#887
This is the simplest fix for 1.13, we can also use this for
creating the main system initrd, but that needs more changes
so leaving for 1.14.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- this is a raw 1GB filesystem image with syslinux for booting
- built with libguestfs so does not need any privileges
- need not be built on GCE
- there is a target that runs the image in qemu for local tests
Does not yet have a script to upload the image to cloud storage or create image from it.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- run test suite under containerd
- in future this should be converted to Go not shell see #860
- test suite is now in its own initrd, can be run on any platform not just qemu
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Allows appending another initrd.
Also build initrd on tmpfs as should be a bit faster now we have to do
another copy.
Fix#618
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- this needs an init as it does not respond to stop signals, so include tini
- needs CAP_SYS_ADMIN to write to kernel entropy estimate
- set kernel.random.write_wakeup_threshold so that rngd does not need sysctl write access
- build patches from Alpine, but statically linked
- remove rngd from base image, means we no longer need community repository
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- statically make containerd symlinks so rootfs can be read only
- run binfmt_misc in a containerd container
- ship arm, aarch64, ppc64le qemu static versions that always "just work" as this is supported in Linux 4.8
fix#53
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This means that multiple builds will not conflict, so we can
remove the lock from the CI. Also quieter when no errors.
Some still left to do, only done the ones used in build and CI
initially. Some of the others will be cleaned up anyway later.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
