Move to the development track of `containerd` not the legacy 0.2
branch. The commands have changed a bit.
This does increase the image size as we are bundling the Docker
copy and our copy, and the new one is larger as it is growing features.
Hopefully Docker will shrink eventually. Also we may replace `ctr`
with a library.
Fix#1029
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Add basic database setup for AWS, GCP although these are not yet used
by the setup code but will be useful later.
Currently each is gated by `mobyplatform` but this can be removed once we
construct Moby per platform, and once these are containerised so they
are not run from `openrc`.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Previously we allocated `sizeof(struct ring) + size`. This patch
allocates `sizeof(struct ring)` and then `size` for the payload
separately. Hopefully the payload will be better aligned.
Signed-off-by: David Scott <dave.scott@docker.com>
This patch adds a simple ring buffer implementation and uses it to buffer
the reads and writes to/from the AF_HYPERV socket and tap file descriptor.
This removes the need to perform small reads and writes for the per-packet
headers and allows a read on the Hyper-V socket to block at the same time
as a write to the tap device (and vice-versa)
The configuration in the init.d script is:
- a max message size (individual read or write) of 8192. Experimentally
this seems to be the largest completely reliable size across the Windows
versions we can support. Messages of length 16384 sometimes fail.
- a buffer size of 256KiB in each direction.
Single stream TCP throughput as measured by iperf increases modestly, by
another 100Mbit/sec.
Signed-off-by: David Scott <dave.scott@docker.com>
In #1057 removed the 9p paths from the database mount
but that broke some users accessing them directly. Fix these.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The four new patches prevent swamping VMBus with too many
notifications which, eventually, let Hyper-V assume there is
a DoS attempt and would thus throttle the VM for up to 5s.
The first three new patches were cherry-picked from upstream.
The final patch was received by email. Will update once it
has been submitted/accepted upstream.
Generated from: https://github.com/rneugeba/linux-stable/tree/v4.9.5-moby
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
These never got an interface on any platform, and I don't think they
ever will, we can increase global limits or you can set something
with a privileged container. Can add back later if required.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Use a bind mount for OSX and Windows for 9p filesystem.
This makes it easier to use a different database source,
and to share database into system containers.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
In most places we use the Alpine one, which is already here, but
make sure this is updated, as we may use it more (yes, we should be
consistent).
Change the hash to just use the ca-cert hash, not the apt hash.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
