diff options
-rw-r--r-- | doc/note/docker/Docker-Daemon-Install.txt | 36 | ||||
-rw-r--r-- | doc/note/qemu/docker-microVM.txt | 97 |
2 files changed, 100 insertions, 33 deletions
diff --git a/doc/note/docker/Docker-Daemon-Install.txt b/doc/note/docker/Docker-Daemon-Install.txt index 1bfa6bb..0bbe7eb 100644 --- a/doc/note/docker/Docker-Daemon-Install.txt +++ b/doc/note/docker/Docker-Daemon-Install.txt @@ -1,26 +1,23 @@ -How to install a docker daemon eg in a VM or so -=============================================== +How to install docker daemon on debian +====================================== -Setup a VM (eg debian bullseye) +Set proxy settings in environ if needed. -Add auth proxy in "/etc/environment" -Make sure "apt update" works. + && SUDO=sudo \ + && $SUDO apt install -y --no-install-recommends ca-certificates curl gnupg lsb-release \ + && `# TODO what is this step for? ` \ + && `# sudo install -m 0755 -d /etc/apt/keyrings ` \ + && $SUDO curl -fsSL -o /etc/apt/keyrings/docker.asc 'https://download.docker.com/linux/debian/gpg' \ + && $SUDO chmod a+r /etc/apt/keyrings/docker.asc + && printf %s\\n \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc]" \ + "https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \ + | $SUDO tee /etc/apt/sources.list.d/docker.list > /dev/null \ + && $SUDO apt update \ + && $SUDO apt install -y --no-install-recommends docker-ce docker-ce-cli containerd.io \ -Install docker as described on "https://docs.docker.com/engine/install/debian/" - - sudo apt update - sudo apt-get install -y --no-install-recommends ca-certificates curl gnupg lsb-release - - # I had to download that gpg on my host and then pasting it into the vm - # to use it there - curl -sSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg - - echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null - - sudo apt update - sudo apt install -y --no-install-recommends docker-ce docker-ce-cli containerd.io Edit "/lib/systemd/system/docker.service" and add environ config in "service" section (HINT: "/etc/environment" does not work) @@ -50,4 +47,7 @@ HINT: Maybe 'insecure' not needed, ToBeTested. +## Links + +[Install Docker Engine on Debian](https://docs.docker.com/engine/install/debian/) diff --git a/doc/note/qemu/docker-microVM.txt b/doc/note/qemu/docker-microVM.txt index 9bbcff7..378dac7 100644 --- a/doc/note/qemu/docker-microVM.txt +++ b/doc/note/qemu/docker-microVM.txt @@ -2,7 +2,13 @@ # # Use qemu to host dockerimages. # -# [Execute Docker Containers as QEMU MicroVMs](https://mergeboard.com/blog/2-qemu-microvm-docker/) +# TODO: Write helpers to pull/convert docker image to qcow2 +# TODO: Impl host shared dirs. Should be possible using 9pfs (see link). +# +# for "virt-make-fs" install "guestfs-tools". +# +# Some Links: +# - [Execute Docker Containers as QEMU MicroVMs](https://mergeboard.com/blog/2-qemu-microvm-docker/) # true \ @@ -65,22 +71,83 @@ EOF true \ && make olddefconfig \ && make -j$(nproc) \ - && base64 -d <<EOF | gunzip > "${CACHEDIR:?}/gagainit.c" && -H4sIACTh02UAA41UTYvbMBC9+1cIlwY7JKtsYSlsNoVSAj1s0x62pzQsijxORCzJq4+wacl/35Ed -u85HS3ywnp5n5j2NJNP+3Bq+SNbOlfaeUglmBUvNTHbDtaTLQq/oh+ELSD+Ughu9lcNM8w0YmvZp -9E4oXvgMyAMYo/TN+lOHsi4T51QhlsecVwLpk7idpVJ75c5p69h/2IivmSF9rpV1JIOc+cI9g9oK -o5UE5eYLMiF/IoJP/OPz09cJ9dbQQnNW0KVQ952pbectqKnqFWA8qArNfj4+DqL9OIq2WmSk8v3M -18A3SfW9NlMbs9obDoMjzjFsuRucxeaiAFybA+l2JeZ4ZcVKQUYKrVa1TF6wle1mVg76GXMsSg/r -tM547kjoEBEq1+gz0CInSeCSgzzphY8pmUzI8Jb0eqTa0TCdzr5PZ09NufCURqB2En8xwJxAM+/t -L+wGqUul4zYwiMhNJkyrMvp4d5eSBzLq1qtqop42nZqYBdxpsyM5w05kcadueOBVuOS2Q+6j+h11 -LX4LbfqXxcpeCEiafWlsnva+020Sunu2hMZ+pXfB8ZHbfYQu0R+RTKgkAJTlg8O+I97OF03x7nGK -lVaAi4hpaTQP4DCOEDZqlxMy2NLS2YAR1ui6LPniwVfTFl2XaNcyYCfL/Do1bHgYcbg+geaW8pXR -vgxMi5rc+gaAW2vrFJOQxIe/GMZY8Rt0/pdJm3h4BV5gaLjpuIpKqoXVbb/0azk4bQ7CFIucnAMD -zhtFbse4/W9r76rneAUAAA== + && `# Create our own pseudo 'init' system` \ + && `# TODO fix zombie processes (aka add waitpid() SIGCHILD handling to init)` \ + && mkdir "${WORKDIR:?}/myinit" \ + && cd "${WORKDIR:?}/myinit" \ + && base64 -d <<EOF | gunzip > "./myinit.c" && +H4sIAIsP+GYAA41Uy27bMBC88ysWKmrIgVvZh6BAHRcoCgM9pG4P6SkNAoZa2UQkUuXDiFv437Ok +LEV+JDAP0nC0uzNckmLvpBKlzxGu0BilP66+sBfKulweU6V82Oe8kkQfxG1sVmmv3DFtHX+DZWLF +DVwIrayDHAvuS3ePai2NVhUqd3sHM/jPgEby6+vN91nmrclKLXiZPUj1uTe13bwDDRUfASajWGjx ++/p6xLZTxtZa5hB934sVisc0fm/MNMas9kbgaI9z3CzRjY5iC1kirc1h5TY15Xhl5VJhDqVWy0am +KPnS9jOjg4ucO86Gu3VaZ7xwEDoEUhWafAZaFpAGLt3JwyB8HMJsBh8mMBhA3NEwnS9+zhc3bbkw +aiNJO02+GeROkpn39g91A5pSw2kXGESqx1yaTmX86fJyCFcw7teLNUlPm15NykLhtNlAwakTedKr +GwY+SZdOeuSWNU/Wt/gjtOk1i9FeCEjbfWltHva+120I3T1aQms/6p1wvOd2y8gl+YOKS5UGQLJi +tNt3wuvbu7Z4/zglSiukRSRZbbQIYPceE2zVTifkuM5qZwMm2KDzsqq/Hn2cdui8RLuqAnZVXZyn +Rg0Pb3qdn5AVNhNLo30dmA61uc0NQLfS1ileYZpUUhi9Ds6s/Ie6eGGGbTw+oSgpNNx0WkWU6mC8 +7ad+LTun7UGYU5GDc2DQeaNgMg3b/wwcaf4fPAUAAA== EOF true \ - && gcc -Wall -static -o "${CACHEDIR:?}/gagainit" "${CACHEDIR:?}/gagainit.c" \ + && CFLAGS="-Wall -Werror -pedantic -static" `# TODO maybe add "-Os -s"` \ + && gcc -o myinit myinit.c ${CFLAGS?}\ && echo "[ERROR] TODO Need more steps here" && false \ - && true + && echo _script_is_DONE_kx1n2kgNWRdpBYTP_ \ + + + + + +## Test launch pure kernel (kernel panic expected) + +qemu-system-x86_64 \ + -M microvm,x-option-roms=off,isa-serial=off,rtc=off -no-acpi -cpu host \ + -accel kvm -nodefaults -no-user-config -nographic -no-reboot \ + -device virtio-serial-device \ + -chardev stdio,id=virtiocon0 -device virtconsole,chardev=virtiocon0 \ + -kernel kernel/bzImage -append "console=hvc0 acpi=off reboot=t panic=-1" \ + ; + + +## Test launch full VM + +KERNEL="${WORKDIR:?}/linux-*/arch/x86_64/boot/bzImage" +HOST_SHARE_DIR="/path/to/host/share" +QEMU_IMAGE="dockerimage.qcow2" +qemu-system-x86_64 \ + -M microvm,x-option-roms=off,isa-serial=off,rtc=off -no-acpi -no-reboot \ + -accel kvm -cpu host -nodefaults -no-user-config -nographic \ + -m 1G -smp $(nproc) \ + -device virtio-serial-device \ + -chardev stdio,id=virtiocon0 -device virtconsole,chardev=virtiocon0 \ + -kernel "${KERNEL:?}" \ + -append "console=hvc0 root=/dev/vda rw acpi=off reboot=t panic=-1 quiet" \ + -drive id=root,file=${QEMU_IMAGE:?},format=qcow2,if=none \ + -device virtio-blk-device,drive=root \ + -netdev user,id=mynet0,hostfwd=tcp:127.0.0.1:8080-10.0.2.15:80 \ + -device virtio-net-device,netdev=mynet0 \ + -fsdev local,path=${HOST_SHARE_DIR:?},security_model=none,id=www,readonly=on \ + -device virtio-9p-device,fsdev=www,mount_tag=www \ + -device virtio-rng-device + ; + + +## Example docker image transformation + + && rm -rf "${WORKDIR:?}/dockerbuild" \ + && mkdir "${WORKDIR:?}/dockerbuild" \ + && cd "${WORKDIR:?}/dockerbuild" \ + && cp "${WORKDIR:?}/myinit/myinit" init \ + && base64 -d <<EOF | gzip -d > "Dockerfile" && +H4sIAMsc+GYAA3ML8vdVyEvPzKuwMtQzMtQz4AoK9VNILChRKC1ISSxJhXMz84pLEnNyFHQrFTKL +k3VTMpILdJNzMlPzSsBKinIVdNMU9IuTMvP0M/MyS7ic/QMiFUAsZEEAfPYPR24AAAA= +EOF +true \ + && DOCKER_BUILDKIT=1 docker build -f ./Dockerfile --output "type=tar,dest=dockerimage.tar" . \ + && virt-make-fs --format=qcow2 --size=+200M dockerimage.tar dockerimage-large.qcow2 \ + && qemu-img convert dockerimage-large.qcow2 -O qcow2 dockerimage.qcow2 \ + && rm dockerimage-large.qcow2 \ + + + |