TipsAndTricks/DockerOnImage: Difference between revisions

From Yocto Project
Jump to navigationJump to search
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 50: Line 50:
== Current Hacks Needed ==
== Current Hacks Needed ==
Some of this is not upstreamed yet, so here's some patches you may need to apply. Check and see of they have been accepted upstream or not, first...
Some of this is not upstreamed yet, so here's some patches you may need to apply. Check and see of they have been accepted upstream or not, first...
=== Additional kernel module needed for docker ===
See [[https://lists.yoctoproject.org/pipermail/meta-virtualization/2017-July/002625.html mailing list patch]].  This adds a kernel config module NETFILTER_XT_MATCH_ADDRTYPE so it can start up.
=== Proxy problems ===
=== Proxy problems ===
Once on the target board, you need to tell docker about your proxy (if you have one). This is a little hard to do by hand, so here are a couple of files you can insert into meta-virtualization to help you along.
Once on the target board, you need to tell docker about your proxy (if you have one). This is a little hard to do by hand, so here are a couple of files you can insert into meta-virtualization to help you along.
Line 117: Line 115:
  Debug Mode (client): false
  Debug Mode (client): false
  Debug Mode (server): false
  Debug Mode (server): false
  Http Proxy: http://proxy-chain.intel.com:911/
  Http Proxy: http://foo.com:123/
  Registry: https://index.docker.io/v1/
  Registry: https://index.docker.io/v1/
  WARNING: No cpu cfs quota support
  WARNING: No cpu cfs quota support
Line 126: Line 124:
  Live Restore Enabled: false
  Live Restore Enabled: false


$ systemctl docker status
  $ docker pull busybox
  $ docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
27144aa8f1b9: Pull complete
Digest: sha256:be3c11fdba7cfe299214e46edc642e09514dbb9bbefcd0d3836c05a1e0cd0642
Status: Downloaded newer image for busybox:latest
  $ docker run -it --rm busybox sh
  $ docker run -it --rm busybox sh
/ #
If there are issues try <code> systemctl status docker </code> to see what went wrong.

Latest revision as of 19:54, 14 July 2017

This assumes you'd like to build an image that supports docker on a YP image. This is pretty straightforward due to the great work done on the meta-virtualization layer, mostly by people at Wind River. This document will show how to get docker running on a Nuc. I have run the same image on a Minnowboard (Turbot) successfully as well. Note, these layers change, so this is accurate as of July 2017.

What Layers Do You Need?

The main layer is meta-virtualization. This can be found using the layers.openembedded search app, Here's the [meta-virtualiation] entry. As you can see from the dependency list, this layer requires oe-core,meta-oe, meta-networking, and meta-filesystems. Some of these (like meta-networking) have additional dependencies. Here's the complete list of additional layers you need:

You need to add these (with absolute paths) to your build/conf/bblayers.conf file. BBLAYERS should look something like this:

BBLAYERS ?= " \                                                                                                                                          
 <AbsPath>/poky/meta \                                                                                                                                  
 <AbsPath>/poky/meta-poky \                                                                                                                             
 <AbsPath>/poky/meta-yocto-bsp \                                                                                                                        
 <AbsPath>/meta-openembedded/meta-oe \                                                                                                                  
 <AbsPath>/meta-openembedded/meta-python \                                                                                                              
 <AbsPath>/meta-openembedded/meta-networking \                                                                                                          
 <AbsPath>/meta-openembedded/meta-filesystems \                                                                                                         
 <AbsPath>/meta-virtualization \                        

What Configuration Changes Do you Need?

There are a number of configuration settings you need in your build/conf/local.conf in order to make this work. I'll list them below and try to explain why you need them:

# this gives us the linux-yocto kernel for an x86-64 machine like minnowboard                                                                            
MACHINE = "genericx86-64"
# Docker presumes systemd                                                                                                                                 
DISTRO_FEATURES_append = " systemd"
VIRTUAL-RUNTIME_init_manager = "systemd"
DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"
VIRTUAL-RUNTIME_initscripts = "systemd-compat-units"
# we need space for images                                                                                                                               
IMAGE_ROOTFS_EXTRA_SPACE = "10000000"
# The extra space takes us above 4gb, so                                                                                                                 
# turn off hdd and iso images so they do                                                                                                                 
# not break                                                                                                                                              
NOHDD="1"
NOISO="1"
# pick a kernel I know works:                                                                                                                            
PREFERRED_PROVIDER_virtual/kernel="linux-yocto"
PREFERRED_VERSION_linux-yocto="4.9%"
# add docker to the image                                                                                                                                
# connman to manage the networking                                                                                                                       
IMAGE_INSTALL_append = "  docker docker-contrib connman connman-client \                                                                                 
"

Current Hacks Needed

Some of this is not upstreamed yet, so here's some patches you may need to apply. Check and see of they have been accepted upstream or not, first...

Proxy problems

Once on the target board, you need to tell docker about your proxy (if you have one). This is a little hard to do by hand, so here are a couple of files you can insert into meta-virtualization to help you along.

meta-virtualization$ cat recipes-containers/docker/docker_git.bbappend

SRC_URI += "file://http-proxy.conf"
do_install_append() {
   if [ -n "${http_proxy}" ]; then
       docker_config_dir=${sysconfdir}/systemd/system/docker.service.d
       install -d ${D}/$docker_config_dir
       sed -e s_{URL}_${http_proxy}_ ${WORKDIR}/http-proxy.conf > ${D}/$docker_config_dir/http-proxy.conf
   fi
}
meta-virtualization$ cat recipes-containers/docker/files/http-proxy.conf
[Service]
Environment="HTTP_PROXY={URL}/"

What To Build

Once these are all in place, you are ready to make your image. I'd suggest building core-image-base. Note: core-image-mininal will NOT work since it does not include the kernel module packages by default.

$bitbake core-image-base

How to get the image onto your usb key

You need to check (lsusb or dmesg) to see that /dev/sdX your usb key showed up as.

  • sudo umount /dev/sdX1;sudo umount /dev/sdX2; <unmount any others as well>
    • slow way
      • sudo dd if=tmp/deploy/images/genericx86-64/core-image-base-genericx86-64.wic of=/dev/sdX
    • fast way
      • bitbake bmap-tools-native -caddto_recipe_sysroot
      • sudo chmod 666 /dev/sdX
      • oe-run-native bmap-tools-native bmaptool copy ./tmp/deploy/images/genericx86-64/core-image-base-genericx86-64.wic /dev/sdX

How to Test

You can now log onto your target Minnowboard, and you can test out docker, which should be running.

$root@genericx86-64:~# docker info
Containers: 0
 Running: 0
 Paused: 0
Stopped: 0
Images: 0
Server Version: 1.13.0
Storage Driver: vfs
Logging Driver: json-file
Cgroup Driver: cgroupfs
 Plugins: 
 Volume: local
 Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 03e5862ec0d8d3b3f750e19fca3ee367e13c090e
runc version: 2f7393a47307a16f8cee44a37b262e8b81021e3e
init version: N/A (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Kernel Version: 4.9.31-yocto-standard
 Operating System: Poky (Yocto Project Reference Distro) 2.3 (pyro)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
Total Memory: 7.618 GiB
Name: genericx86-64
ID: JIJP:ZUBZ:BC3J:JNVQ:3EOV:SVUP:RDO3:XGFN:WB5X:XIUH:34PX:EHBM
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Http Proxy: http://foo.com:123/
Registry: https://index.docker.io/v1/
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
$ docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
27144aa8f1b9: Pull complete 
Digest: sha256:be3c11fdba7cfe299214e46edc642e09514dbb9bbefcd0d3836c05a1e0cd0642
Status: Downloaded newer image for busybox:latest

$ docker run -it --rm busybox sh
/ #

If there are issues try systemctl status docker to see what went wrong.