Continue qemu docker microVM setup.

2 files changed, 100 insertions, 33 deletions

diff --git a/doc/note/docker/Docker-Daemon-Install.txt b/doc/note/docker/Docker-Daemon-Install.txt
index 1bfa6bb..0bbe7eb 100644
--- a/doc/note/docker/Docker-Daemon-Install.txt
+++ b/doc/note/docker/Docker-Daemon-Install.txt
@@ -1,26 +1,23 @@
 
-How to install a docker daemon eg in a VM or so
-===============================================
+How to install docker daemon on debian
+======================================
 
-Setup a VM (eg debian bullseye)
+Set proxy settings in environ if needed.
 
-Add auth proxy in "/etc/environment"
 
-Make sure "apt update" works.
+  && SUDO=sudo \
+  && $SUDO apt install -y --no-install-recommends ca-certificates curl gnupg lsb-release \
+  && `# TODO what is this step for? ` \
+  && `# sudo install -m 0755 -d /etc/apt/keyrings ` \
+  && $SUDO curl -fsSL -o /etc/apt/keyrings/docker.asc 'https://download.docker.com/linux/debian/gpg' \
+  && $SUDO chmod a+r /etc/apt/keyrings/docker.asc
+  && printf %s\\n \
+      "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc]" \
+      "https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
+      | $SUDO tee /etc/apt/sources.list.d/docker.list > /dev/null \
+  && $SUDO apt update \
+  && $SUDO apt install -y --no-install-recommends docker-ce docker-ce-cli containerd.io \
 
-Install docker as described on "https://docs.docker.com/engine/install/debian/"
-
-  sudo apt update
-  sudo apt-get install -y --no-install-recommends ca-certificates curl gnupg lsb-release
-
-  # I had to download that gpg on my host and then pasting it into the vm
-  # to use it there
-  curl -sSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
-
-  echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-
-  sudo apt update
-  sudo apt install -y --no-install-recommends docker-ce docker-ce-cli containerd.io
 
 Edit "/lib/systemd/system/docker.service" and add environ config in "service"
 section (HINT: "/etc/environment" does not work)
@@ -50,4 +47,7 @@ HINT: Maybe 'insecure' not needed, ToBeTested.
 
 
 
+## Links
+
+[Install Docker Engine on Debian](https://docs.docker.com/engine/install/debian/)
 
diff --git a/doc/note/qemu/docker-microVM.txt b/doc/note/qemu/docker-microVM.txt
index 9bbcff7..378dac7 100644
--- a/doc/note/qemu/docker-microVM.txt
+++ b/doc/note/qemu/docker-microVM.txt
@@ -2,7 +2,13 @@
 #
 # Use qemu to host dockerimages.
 #
-# [Execute Docker Containers as QEMU MicroVMs](https://mergeboard.com/blog/2-qemu-microvm-docker/)
+# TODO: Write helpers to pull/convert docker image to qcow2
+# TODO: Impl host shared dirs. Should be possible using 9pfs (see link).
+#
+# for "virt-make-fs" install "guestfs-tools".
+#
+# Some Links:
+# - [Execute Docker Containers as QEMU MicroVMs](https://mergeboard.com/blog/2-qemu-microvm-docker/)
 #
 
 true \
@@ -65,22 +71,83 @@ EOF
 true \
   && make olddefconfig \
   && make -j$(nproc) \
-  && base64 -d <<EOF | gunzip > "${CACHEDIR:?}/gagainit.c" &&
-H4sIACTh02UAA41UTYvbMBC9+1cIlwY7JKtsYSlsNoVSAj1s0x62pzQsijxORCzJq4+wacl/35Ed
-u85HS3ywnp5n5j2NJNP+3Bq+SNbOlfaeUglmBUvNTHbDtaTLQq/oh+ELSD+Ughu9lcNM8w0YmvZp
-9E4oXvgMyAMYo/TN+lOHsi4T51QhlsecVwLpk7idpVJ75c5p69h/2IivmSF9rpV1JIOc+cI9g9oK
-o5UE5eYLMiF/IoJP/OPz09cJ9dbQQnNW0KVQ952pbectqKnqFWA8qArNfj4+DqL9OIq2WmSk8v3M
-18A3SfW9NlMbs9obDoMjzjFsuRucxeaiAFybA+l2JeZ4ZcVKQUYKrVa1TF6wle1mVg76GXMsSg/r
-tM547kjoEBEq1+gz0CInSeCSgzzphY8pmUzI8Jb0eqTa0TCdzr5PZ09NufCURqB2En8xwJxAM+/t
-L+wGqUul4zYwiMhNJkyrMvp4d5eSBzLq1qtqop42nZqYBdxpsyM5w05kcadueOBVuOS2Q+6j+h11
-LX4LbfqXxcpeCEiafWlsnva+020Sunu2hMZ+pXfB8ZHbfYQu0R+RTKgkAJTlg8O+I97OF03x7nGK
-lVaAi4hpaTQP4DCOEDZqlxMy2NLS2YAR1ui6LPniwVfTFl2XaNcyYCfL/Do1bHgYcbg+geaW8pXR
-vgxMi5rc+gaAW2vrFJOQxIe/GMZY8Rt0/pdJm3h4BV5gaLjpuIpKqoXVbb/0azk4bQ7CFIucnAMD
-zhtFbse4/W9r76rneAUAAA==
+  && `# Create our own pseudo 'init' system` \
+  && `# TODO fix zombie processes (aka add waitpid() SIGCHILD handling to init)` \
+  && mkdir "${WORKDIR:?}/myinit" \
+  && cd "${WORKDIR:?}/myinit" \
+  && base64 -d <<EOF | gunzip > "./myinit.c" &&
+H4sIAIsP+GYAA41Uy27bMBC88ysWKmrIgVvZh6BAHRcoCgM9pG4P6SkNAoZa2UQkUuXDiFv437Ok
+LEV+JDAP0nC0uzNckmLvpBKlzxGu0BilP66+sBfKulweU6V82Oe8kkQfxG1sVmmv3DFtHX+DZWLF
+DVwIrayDHAvuS3ePai2NVhUqd3sHM/jPgEby6+vN91nmrclKLXiZPUj1uTe13bwDDRUfASajWGjx
++/p6xLZTxtZa5hB934sVisc0fm/MNMas9kbgaI9z3CzRjY5iC1kirc1h5TY15Xhl5VJhDqVWy0am
+KPnS9jOjg4ucO86Gu3VaZ7xwEDoEUhWafAZaFpAGLt3JwyB8HMJsBh8mMBhA3NEwnS9+zhc3bbkw
+aiNJO02+GeROkpn39g91A5pSw2kXGESqx1yaTmX86fJyCFcw7teLNUlPm15NykLhtNlAwakTedKr
+GwY+SZdOeuSWNU/Wt/gjtOk1i9FeCEjbfWltHva+120I3T1aQms/6p1wvOd2y8gl+YOKS5UGQLJi
+tNt3wuvbu7Z4/zglSiukRSRZbbQIYPceE2zVTifkuM5qZwMm2KDzsqq/Hn2cdui8RLuqAnZVXZyn
+Rg0Pb3qdn5AVNhNLo30dmA61uc0NQLfS1ileYZpUUhi9Ds6s/Ie6eGGGbTw+oSgpNNx0WkWU6mC8
+7ad+LTun7UGYU5GDc2DQeaNgMg3b/wwcaf4fPAUAAA==
 EOF
 true \
-  && gcc -Wall -static -o "${CACHEDIR:?}/gagainit" "${CACHEDIR:?}/gagainit.c" \
+  && CFLAGS="-Wall -Werror -pedantic -static" `# TODO maybe add "-Os -s"` \
+  && gcc -o myinit myinit.c ${CFLAGS?}\
   && echo "[ERROR] TODO Need more steps here" && false \
-  && true
+  && echo _script_is_DONE_kx1n2kgNWRdpBYTP_ \
+
+
+
+
+
+## Test launch pure kernel (kernel panic expected)
+
+qemu-system-x86_64 \
+    -M microvm,x-option-roms=off,isa-serial=off,rtc=off -no-acpi -cpu host \
+    -accel kvm -nodefaults -no-user-config -nographic -no-reboot \
+    -device virtio-serial-device \
+    -chardev stdio,id=virtiocon0 -device virtconsole,chardev=virtiocon0 \
+    -kernel kernel/bzImage -append "console=hvc0 acpi=off reboot=t panic=-1" \
+    ;
+
+
+## Test launch full VM
+
+KERNEL="${WORKDIR:?}/linux-*/arch/x86_64/boot/bzImage"
+HOST_SHARE_DIR="/path/to/host/share"
+QEMU_IMAGE="dockerimage.qcow2"
+qemu-system-x86_64 \
+    -M microvm,x-option-roms=off,isa-serial=off,rtc=off -no-acpi -no-reboot \
+    -accel kvm -cpu host -nodefaults -no-user-config -nographic \
+    -m 1G -smp $(nproc) \
+    -device virtio-serial-device \
+    -chardev stdio,id=virtiocon0 -device virtconsole,chardev=virtiocon0 \
+    -kernel "${KERNEL:?}" \
+    -append "console=hvc0 root=/dev/vda rw acpi=off reboot=t panic=-1 quiet" \
+    -drive id=root,file=${QEMU_IMAGE:?},format=qcow2,if=none \
+    -device virtio-blk-device,drive=root \
+    -netdev user,id=mynet0,hostfwd=tcp:127.0.0.1:8080-10.0.2.15:80 \
+    -device virtio-net-device,netdev=mynet0 \
+    -fsdev local,path=${HOST_SHARE_DIR:?},security_model=none,id=www,readonly=on \
+    -device virtio-9p-device,fsdev=www,mount_tag=www \
+    -device virtio-rng-device
+    ;
+
+
+## Example docker image transformation
+
+  && rm -rf "${WORKDIR:?}/dockerbuild" \
+  && mkdir "${WORKDIR:?}/dockerbuild" \
+  && cd "${WORKDIR:?}/dockerbuild" \
+  && cp "${WORKDIR:?}/myinit/myinit" init \
+  && base64 -d <<EOF | gzip -d > "Dockerfile" &&
+H4sIAMsc+GYAA3ML8vdVyEvPzKuwMtQzMtQz4AoK9VNILChRKC1ISSxJhXMz84pLEnNyFHQrFTKL
+k3VTMpILdJNzMlPzSsBKinIVdNMU9IuTMvP0M/MyS7ic/QMiFUAsZEEAfPYPR24AAAA=
+EOF
+true \
+  && DOCKER_BUILDKIT=1 docker build -f ./Dockerfile --output "type=tar,dest=dockerimage.tar" . \
+  && virt-make-fs --format=qcow2 --size=+200M dockerimage.tar dockerimage-large.qcow2 \
+  && qemu-img convert dockerimage-large.qcow2 -O qcow2 dockerimage.qcow2 \
+  && rm dockerimage-large.qcow2 \
+
+
+