Hello and nice to meet you all (and great work on Clear Linux!),
I was reviewing the Pull Request you made against docker/docker on github (https://github.com/docker/docker/pull/17244, I'm "runcom").
I have a few questions I'd like to ask you, (I prefer the ML instead of leaving qa on github, I'll report some from github also):
1. Is this PR meant for testing purpose as the old one you made some time ago?
2. Is the clr execdriver you implemented available for non Clean Linux hosts as well? (I guess not, because I get `fork/exec lkvm: no such file or directory` while testing your PR on my machine which is Fedora)
3. Are there any plan to make Docker with the clr execdriver available on non Clear Linux hosts? If yes, is there anything I can look at or help out with in some way?
4. Also, are there any plans to move the clr execdriver to opencontainers/runc|specs?
Thanks a lot in advance, I hope my questions make sense.
Antonio
As part of installation on ubuntu, I see a kernel image under /usr/lib/kernel.
* For me to have a different kernel image, do I have to use the config** file under /usr/lib?
* And are there any suggestions as how kernel modules can be loaded for the kernel running in the container?
Thanks
Hello Dimitri
The /var/lib/docker under my installation looks like following:
/var/lib/docker# ls -al
total 87636
drwx------ 8 root root 4096 Oct 30 06:45 .
drwxr-xr-x 46 root root 4096 Oct 30 06:41 ..
drwxr-xr-x 5 root root 4096 Oct 30 06:41 aufs
-rw-r--r-- 1 root root 235929600 Oct 30 06:41 clear-4740-containers.img
drwx------ 3 root root 4096 Oct 30 06:45 containers
drwx------ 7 root root 4096 Oct 30 06:45 graph
-rw-r--r-- 1 root root 5 Oct 30 06:43 latest
-rw-r--r-- 1 root root 5120 Oct 30 06:45 linkgraph.db
-rw------- 1 root root 105 Oct 30 06:45 repositories-aufs
drwx------ 2 root root 4096 Oct 30 06:45 tmp
drwx------ 2 root root 4096 Oct 30 06:44 trust
drwx------ 2 root root 4096 Oct 30 06:41 volumes
As you can see there is no .lkvm file and neither execdriver/clr?
My reason of using lkvm, was to verify if clear containers are actually
installed. I don¹t plan to use lkvm otherwise.
Thanks
On 10/30/15, 1:06 PM, "Dimitri John Ledkov" <dimitri.j.ledkov(a)intel.com>
wrote:
>Hello,
>
>On 30 October 2015 at 18:33, Khanduja, Vaibhav <vaibhav.khanduja(a)emc.com>
>wrote:
>> Hi
>>
>> I have installed clear containers as given in the instructions over
>>here:
>>
>>
>>https://software.opensuse.org/download.html?project=home%3Aclearlinux%3Ap
>>review&package=clear-containers-docker
>>
>> After installation, I was able to run a container using docker cli
>>
>> docker run it ubuntu bash
>>
>> On a different shell, I am checking if there a vm image running, but I
>>don¹t
>> see any thing with lkvm
>>
>> PID NAME STATE
>> ‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹
>>
>> Am I missing something?
>
>lkvm usage is internal to the implementation of Clear Containers for
>Docker Engine. One thing we do, is change the home directory when
>invoking lkvm commands. Thus normal lkvm socket control commands can
>be done with:
>
>sudo HOME=/var/lib/docker/execdriver/clr lkvm list
>
>or something like that. Check subfolders in /var/lib/docker, to find
>the one that has .lkvm.
>
>However, I don't recommend you to use lkvm commands at all. As most
>things are hooked up into docker commands. E.g. $ docker stop, should
>work and do lkvm stop on the VM, and etc. Pause / unpause / terminate
>are also hooked up. There is no gurantees of this lkvm api at all, the
>only API guarantees one has is via docker API at the moment.
>
>--
>Regards,
>
>Dimitri.
>63 sleeps till Christmas, or less
>
>https://clearlinux.org
>Open Source Technology Center
>Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3
>1RJ.
Hi
I have installed clear containers as given in the instructions over here:
https://software.opensuse.org/download.html?project=home%3Aclearlinux%3Apre…
After installation, I was able to run a container using docker cli
docker run –it ubuntu bash
On a different shell, I am checking if there a vm image running, but I don’t see any thing with lkvm
PID NAME STATE
——————————————————
Am I missing something?
Thanks
Great, though I think it's worth to rebase everything on master because code is freezed for 1.9 currently (Docker is at 1.9-RC3 already)
----- Messaggio originale -----
Da: "James O Hunt" <james.o.hunt(a)intel.com>
A: "Antonio Murdaca" <amurdaca(a)redhat.com>
Cc: "Dimitri John Ledkov" <dimitri.j.ledkov(a)intel.com>, "William Douglas" <william.douglas(a)intel.com>, Dev(a)ml01.clearlinux.org
Inviato: Mercoledì, 28 ottobre 2015 17:12:51
Oggetto: Re: [Dev] Clear Linux containers with Docker
Hi Antonio,
I've just raised a 1.9.0 PR: https://github.com/docker/docker/pull/17441.
It includes your Dockerfile change.
Kind regards,
James.
On 23 October 2015 at 16:59, Antonio Murdaca <amurdaca(a)redhat.com> wrote:
> Thanks Dimitri, got it working following your steps. Any idea about the
> instructions on
> https://clearlinux.org/documentation/running-clear-linux-os-intel%C2%AE-arc…
> ?
> I'm still stuck at the firmware screen and I can't actually connect via
> SSH, it just times out. An explanation on how to get going with that would
> be useful as well.
> Thanks
> Antonio
>
> ----- Messaggio originale -----
> Da: "Dimitri John Ledkov" <dimitri.j.ledkov(a)intel.com>
> A: "Antonio Murdaca" <amurdaca(a)redhat.com>
> Cc: "James O Hunt" <james.o.hunt(a)intel.com>, "William Douglas" <
> william.douglas(a)intel.com>, Dev(a)ml01.clearlinux.org
> Inviato: Venerdì, 23 ottobre 2015 17:47:27
> Oggetto: Re: [Dev] Clear Linux containers with Docker
>
> On 23 October 2015 at 12:00, Antonio Murdaca <amurdaca(a)redhat.com> wrote:
> > 1. Great, I was thinking about that as well. Having an SSH server always
> on and per-container ssh keys auto-injected in container to "proxy" exec
> seems good (even if it may sounds hacky). I'll have another think in these
> days and come up with something maybe.
> >
> > 2. Yes, demo from https://download.clearlinux.org/demos/containers/
> with newer Clear Containers
> >
>
> Well. I got it running after doing the following.
>
> 1) Install linux-container from OBS repository
> 2) Install kvmtool from OBS repository
> 3) Tweak the boot.sh scripts:
> - use "lkvm" rather than ./lkvm
> - use /usr/lib/kernel/vmlinux.container rather than ./vmlinux.container
> - use root=/dev/plkvm0p1 rather than root=/dev/plkvm0p3, as we dropped
> unused partitions
>
> I guess we should ship boot.sh/boot-cow.sh scripts in like kvmtool
> package that do the same as the demo, due to above changes and now
> published repositories.
>
> That works fine, and the two trigger units that fail to run "are
> mostly harmless" -> i should fix that.
>
> Regards,
>
> Dimitri.
>
>
> > 3., 4., 5., Thanks!
> >
> > And thanks again!
> > Antonio
> >
> > ----- Messaggio originale -----
> > Da: "Dimitri John Ledkov" <dimitri.j.ledkov(a)intel.com>
> > A: "Antonio Murdaca" <amurdaca(a)redhat.com>
> > Cc: Dev(a)ml01.clearlinux.org, "James O Hunt" <james.o.hunt(a)intel.com>,
> "William Douglas" <william.douglas(a)intel.com>
> > Inviato: Venerdì, 23 ottobre 2015 12:50:42
> > Oggetto: Re: [Dev] Clear Linux containers with Docker
> >
> > On 23 October 2015 at 11:25, Antonio Murdaca <amurdaca(a)redhat.com>
> wrote:
> >> Great. Thanks for the answers.
> >>
> >> Few points. Just a suggestion, as a Docker core maintainer myself
> (being in charge of reviews), I don't understand why you made the latest PR
> against Docker 1.8.3 given we're almost releasing 1.9 (I'm not sure it will
> be merged in Docker 1.8.3, unless you already talked to someone at Docker),
> so I think it would be better to adapt the code to 1.9 and be ready for
> 1.10. The Pull Request itself looks good though and I'm happy to continue
> reviewing it and give suggestions.
> >> I've already experimented with clr exec-driver on other hosts and I can
> confirm it's working great with the opensuse repo you provided. I've also
> made some PRs to better improve Docker integration(you can cherry-pick this
> if you are interested
> https://github.com/runcom/docker/commit/bd967bd3c542559b1c985eeca6e33e88456…)
> and clearcontainer/kvmtool (https://github.com/clearlinux/kvmtool/pull/2).
> >>
> >
> > Looks good, I've asked James Hunt to review and merge/cherry-pick these
> things.
> >
> >> More questions I'd like to ask are:
> >>
> >> 1. (Already asked but I'm copying it over here) Will Clear Containers
> support Docker exec? The question was answered saying no for security
> implications. Could you explain which ones are we talking about?
> >>
> >
> > At the moment we don't have exec support. When brainstorming about it,
> > I was envisioning opening/maintaining a second serial console to the
> > VM for the exec case. However, kvmtool doesn't currently support
> > having dynamic serial consoles added/removed from the VM or mean to
> > connect to them as far as I can tell. A second alternative is to add
> > openssh-server to the container base image, and keep ssh open with
> > injected/pre-generated per-container ssh keys to allow `docker exec`
> > via ssh protocol. The VMs are running systemd-networkd and are
> > discoverable via LLMNR, so I was also pondering how to start linking
> > journals for the VMs and/or registering with machined - to gain
> > ability to control systemd inside the VM from the host over serial/ssh
> > connections. But all of these are just ideas at this stage. How would
> > you go about implementing exec? If there are better ideas, we might be
> > able to implement that quickly.
> >
> >> 2. I've seen the demo you provided on your site to run a plain
> container with kvmtool is pretty outdated and I'm having troubles making it
> work correctly with newer ClearContianers images (4300, 4340). Could you
> update it with more instructions maybe?
> >>
> >
> > To run a plain VM, do you mean demo from
> > https://download.clearlinux.org/demos/containers/ ? I'll look into
> > updating that.
> >
> >> 3. does the original kvmtool (lkvm) from the kernel work with
> ClearContainers or it needs your patched version? (is it
> https://github.com/clearlinux/kvmtool right?)
> >>
> >
> > The version in github.com/clearlinux/kvmtool is experimental
> > development work which has OCI support developed. We do need patched
> > lkvm for now, as not everything has been contributed upstream yet.
> > There are quite a few feature patches that the docker exec-driver
> > relies on.
> >
> >> 4. Where is the source code for vmlinux.container? I'd like to build it
> myself but I can't find it anywhere
> >>
> >
> > We are not currently publishing git trees with packaging, and all
> > patches for all packages. However, we do publish .src.rpm
> > repositories:
> > In e.g.:
> > https://download.clearlinux.org/releases/4340/clear/source/SRPMS/
> >
> > You should be able to find:
> >
> https://download.clearlinux.org/releases/4340/clear/source/SRPMS/linux-cont…
> >
> https://download.clearlinux.org/releases/4340/clear/source/SRPMS/kvmtool-1.…
> >
> https://download.clearlinux.org/releases/4340/clear/source/SRPMS/clear-cont…
> >
> >> 5. doc at
> https://clearlinux.org/documentation/running-clear-linux-os-intel%C2%AE-arc…
> isn't working as well, it displays a firmware menu and it hangs there. Is
> it possible to enhance the doc?
> >>
> >
> > I'm not sure about who owner of this documentation is. William, would
> > you be able to help out with this request?
> >
> >> Many thanks for the answers and sorry in advance for all of this
> questions!
> >>
> >
> > No worries!
> >
> > Regards,
> >
> > Dimitri.
> >
> >> ----- Messaggio originale -----
> >> Da: "Dimitri John Ledkov" <dimitri.j.ledkov(a)intel.com>
> >> A: "Antonio Murdaca" <amurdaca(a)redhat.com>
> >> Cc: Dev(a)ml01.clearlinux.org
> >> Inviato: Venerdì, 23 ottobre 2015 11:57:56
> >> Oggetto: Re: [Dev] Clear Linux containers with Docker
> >>
> >> Hello,
> >>
> >> On 21 October 2015 at 18:40, Antonio Murdaca <amurdaca(a)redhat.com>
> wrote:
> >>> Hello and nice to meet you all (and great work on Clear Linux!),
> >>>
> >>> I was reviewing the Pull Request you made against docker/docker on
> github (https://github.com/docker/docker/pull/17244, I'm "runcom").
> >>> I have a few questions I'd like to ask you, (I prefer the ML instead
> of leaving qa on github, I'll report some from github also):
> >>>
> >>> 1. Is this PR meant for testing purpose as the old one you made some
> time ago?
> >>>
> >>
> >> We are in progress to merge this work upstream. There are pull
> >> requests mostly for docker, and smaller things for libnetwork.
> >>
> >>
> >>> 2. Is the clr execdriver you implemented available for non Clean Linux
> hosts as well? (I guess not, because I get `fork/exec lkvm: no such file or
> directory` while testing your PR on my machine which is Fedora)
> >>>
> >>
> >> In addition to the docker-execdriver, one needs patched kvmtool,
> >> compatible kernel, and clear linux container image.
> >>
> >> The whole lot is packaged for clearlinux, but also for
> >> Ubuntu/Debian/Fedora/Centos/Suse at:
> >>
> https://software.opensuse.org/download.html?project=home%3Aclearlinux%3Apre…
> >>
> >> I have validated for the whole lot to work correctly on Fedora 22.
> >>
> >> You may also refer to getting started docs we are starting to publish
> at:
> >>
> https://clearlinux.org/documentation/clear-containers-getting-started-guide
> >>
> >>
> >>
> >>> 3. Are there any plan to make Docker with the clr execdriver available
> on non Clear Linux hosts? If yes, is there anything I can look at or help
> out with in some way?
> >>>
> >>
> >> Yes and already done on the OBS. If support for more OSes and/or e.g.
> >> Rawhide do let us know. The .src.rpms for Clearlinux should be
> >> directly re-buildable on e.g. Fedora. The bits one must have on the
> >> host for now are: clear-containers-docker, kvmtool, linux-container.
> >>
> >>> 4. Also, are there any plans to move the clr execdriver to
> opencontainers/runc|specs?
> >>>
> >>
> >> Yes. We have a working OCI compatible executor (essentially making
> >> lkvm binary parse the OCI configs and launch things), however there is
> >> no OCI capable docker available publicly yet, hence we are limited in
> >> testing/validating said work. There is also hyper.sh & runv, which has
> >> some additional integration - OCI capable and has `pull' from
> >> dockerhub ability.
> >>
> >>> Thanks a lot in advance, I hope my questions make sense.
> >>> Antonio
> >>
> >> Hope this helps. The questions are very sensible =) and we should make
> >> more information available to make Clear Containers work more
> >> accessible.
> >>
> >> --
> >> Regards,
> >>
> >> Dimitri.
> >> 63 sleeps till Christmas, or less
> >>
> >> https://clearlinux.org
> >> Open Source Technology Center
> >> Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon
> SN3 1RJ.
> >
> >
> >
> > --
> > Regards,
> >
> > Dimitri.
> > 73 sleeps till Christmas, or less
> >
> > https://clearlinux.org
> > Open Source Technology Center
> > Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon
> SN3 1RJ.
>
>
>
> --
> Regards,
>
> Dimitri.
> 63 sleeps till Christmas, or less
>
> https://clearlinux.org
> Open Source Technology Center
> Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3
> 1RJ.
> ---------------------------------------------------------------------
> Intel Corporation (UK) Limited
> Registered No. 1134945 (England)
> Registered Office: Pipers Way, Swindon SN3 1RJ
> VAT No: 860 2173 47
>
> This e-mail and any attachments may contain confidential material for
> the sole use of the intended recipient(s). Any review or distribution
> by others is strictly prohibited. If you are not the intended
> recipient, please contact the sender and delete all copies.
>
--
James
-----
https://clearlinux.org
Open Source Technology Center
Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3
1RJ.
Thanks Dimitri, got it working following your steps. Any idea about the instructions on https://clearlinux.org/documentation/running-clear-linux-os-intel%C2%AE-arc…
I'm still stuck at the firmware screen and I can't actually connect via SSH, it just times out. An explanation on how to get going with that would be useful as well.
Thanks
Antonio
----- Messaggio originale -----
Da: "Dimitri John Ledkov" <dimitri.j.ledkov(a)intel.com>
A: "Antonio Murdaca" <amurdaca(a)redhat.com>
Cc: "James O Hunt" <james.o.hunt(a)intel.com>, "William Douglas" <william.douglas(a)intel.com>, Dev(a)ml01.clearlinux.org
Inviato: Venerdì, 23 ottobre 2015 17:47:27
Oggetto: Re: [Dev] Clear Linux containers with Docker
On 23 October 2015 at 12:00, Antonio Murdaca <amurdaca(a)redhat.com> wrote:
> 1. Great, I was thinking about that as well. Having an SSH server always on and per-container ssh keys auto-injected in container to "proxy" exec seems good (even if it may sounds hacky). I'll have another think in these days and come up with something maybe.
>
> 2. Yes, demo from https://download.clearlinux.org/demos/containers/ with newer Clear Containers
>
Well. I got it running after doing the following.
1) Install linux-container from OBS repository
2) Install kvmtool from OBS repository
3) Tweak the boot.sh scripts:
- use "lkvm" rather than ./lkvm
- use /usr/lib/kernel/vmlinux.container rather than ./vmlinux.container
- use root=/dev/plkvm0p1 rather than root=/dev/plkvm0p3, as we dropped
unused partitions
I guess we should ship boot.sh/boot-cow.sh scripts in like kvmtool
package that do the same as the demo, due to above changes and now
published repositories.
That works fine, and the two trigger units that fail to run "are
mostly harmless" -> i should fix that.
Regards,
Dimitri.
> 3., 4., 5., Thanks!
>
> And thanks again!
> Antonio
>
> ----- Messaggio originale -----
> Da: "Dimitri John Ledkov" <dimitri.j.ledkov(a)intel.com>
> A: "Antonio Murdaca" <amurdaca(a)redhat.com>
> Cc: Dev(a)ml01.clearlinux.org, "James O Hunt" <james.o.hunt(a)intel.com>, "William Douglas" <william.douglas(a)intel.com>
> Inviato: Venerdì, 23 ottobre 2015 12:50:42
> Oggetto: Re: [Dev] Clear Linux containers with Docker
>
> On 23 October 2015 at 11:25, Antonio Murdaca <amurdaca(a)redhat.com> wrote:
>> Great. Thanks for the answers.
>>
>> Few points. Just a suggestion, as a Docker core maintainer myself (being in charge of reviews), I don't understand why you made the latest PR against Docker 1.8.3 given we're almost releasing 1.9 (I'm not sure it will be merged in Docker 1.8.3, unless you already talked to someone at Docker), so I think it would be better to adapt the code to 1.9 and be ready for 1.10. The Pull Request itself looks good though and I'm happy to continue reviewing it and give suggestions.
>> I've already experimented with clr exec-driver on other hosts and I can confirm it's working great with the opensuse repo you provided. I've also made some PRs to better improve Docker integration(you can cherry-pick this if you are interested https://github.com/runcom/docker/commit/bd967bd3c542559b1c985eeca6e33e88456…) and clearcontainer/kvmtool (https://github.com/clearlinux/kvmtool/pull/2).
>>
>
> Looks good, I've asked James Hunt to review and merge/cherry-pick these things.
>
>> More questions I'd like to ask are:
>>
>> 1. (Already asked but I'm copying it over here) Will Clear Containers support Docker exec? The question was answered saying no for security implications. Could you explain which ones are we talking about?
>>
>
> At the moment we don't have exec support. When brainstorming about it,
> I was envisioning opening/maintaining a second serial console to the
> VM for the exec case. However, kvmtool doesn't currently support
> having dynamic serial consoles added/removed from the VM or mean to
> connect to them as far as I can tell. A second alternative is to add
> openssh-server to the container base image, and keep ssh open with
> injected/pre-generated per-container ssh keys to allow `docker exec`
> via ssh protocol. The VMs are running systemd-networkd and are
> discoverable via LLMNR, so I was also pondering how to start linking
> journals for the VMs and/or registering with machined - to gain
> ability to control systemd inside the VM from the host over serial/ssh
> connections. But all of these are just ideas at this stage. How would
> you go about implementing exec? If there are better ideas, we might be
> able to implement that quickly.
>
>> 2. I've seen the demo you provided on your site to run a plain container with kvmtool is pretty outdated and I'm having troubles making it work correctly with newer ClearContianers images (4300, 4340). Could you update it with more instructions maybe?
>>
>
> To run a plain VM, do you mean demo from
> https://download.clearlinux.org/demos/containers/ ? I'll look into
> updating that.
>
>> 3. does the original kvmtool (lkvm) from the kernel work with ClearContainers or it needs your patched version? (is it https://github.com/clearlinux/kvmtool right?)
>>
>
> The version in github.com/clearlinux/kvmtool is experimental
> development work which has OCI support developed. We do need patched
> lkvm for now, as not everything has been contributed upstream yet.
> There are quite a few feature patches that the docker exec-driver
> relies on.
>
>> 4. Where is the source code for vmlinux.container? I'd like to build it myself but I can't find it anywhere
>>
>
> We are not currently publishing git trees with packaging, and all
> patches for all packages. However, we do publish .src.rpm
> repositories:
> In e.g.:
> https://download.clearlinux.org/releases/4340/clear/source/SRPMS/
>
> You should be able to find:
> https://download.clearlinux.org/releases/4340/clear/source/SRPMS/linux-cont…
> https://download.clearlinux.org/releases/4340/clear/source/SRPMS/kvmtool-1.…
> https://download.clearlinux.org/releases/4340/clear/source/SRPMS/clear-cont…
>
>> 5. doc at https://clearlinux.org/documentation/running-clear-linux-os-intel%C2%AE-arc… isn't working as well, it displays a firmware menu and it hangs there. Is it possible to enhance the doc?
>>
>
> I'm not sure about who owner of this documentation is. William, would
> you be able to help out with this request?
>
>> Many thanks for the answers and sorry in advance for all of this questions!
>>
>
> No worries!
>
> Regards,
>
> Dimitri.
>
>> ----- Messaggio originale -----
>> Da: "Dimitri John Ledkov" <dimitri.j.ledkov(a)intel.com>
>> A: "Antonio Murdaca" <amurdaca(a)redhat.com>
>> Cc: Dev(a)ml01.clearlinux.org
>> Inviato: Venerdì, 23 ottobre 2015 11:57:56
>> Oggetto: Re: [Dev] Clear Linux containers with Docker
>>
>> Hello,
>>
>> On 21 October 2015 at 18:40, Antonio Murdaca <amurdaca(a)redhat.com> wrote:
>>> Hello and nice to meet you all (and great work on Clear Linux!),
>>>
>>> I was reviewing the Pull Request you made against docker/docker on github (https://github.com/docker/docker/pull/17244, I'm "runcom").
>>> I have a few questions I'd like to ask you, (I prefer the ML instead of leaving qa on github, I'll report some from github also):
>>>
>>> 1. Is this PR meant for testing purpose as the old one you made some time ago?
>>>
>>
>> We are in progress to merge this work upstream. There are pull
>> requests mostly for docker, and smaller things for libnetwork.
>>
>>
>>> 2. Is the clr execdriver you implemented available for non Clean Linux hosts as well? (I guess not, because I get `fork/exec lkvm: no such file or directory` while testing your PR on my machine which is Fedora)
>>>
>>
>> In addition to the docker-execdriver, one needs patched kvmtool,
>> compatible kernel, and clear linux container image.
>>
>> The whole lot is packaged for clearlinux, but also for
>> Ubuntu/Debian/Fedora/Centos/Suse at:
>> https://software.opensuse.org/download.html?project=home%3Aclearlinux%3Apre…
>>
>> I have validated for the whole lot to work correctly on Fedora 22.
>>
>> You may also refer to getting started docs we are starting to publish at:
>> https://clearlinux.org/documentation/clear-containers-getting-started-guide
>>
>>
>>
>>> 3. Are there any plan to make Docker with the clr execdriver available on non Clear Linux hosts? If yes, is there anything I can look at or help out with in some way?
>>>
>>
>> Yes and already done on the OBS. If support for more OSes and/or e.g.
>> Rawhide do let us know. The .src.rpms for Clearlinux should be
>> directly re-buildable on e.g. Fedora. The bits one must have on the
>> host for now are: clear-containers-docker, kvmtool, linux-container.
>>
>>> 4. Also, are there any plans to move the clr execdriver to opencontainers/runc|specs?
>>>
>>
>> Yes. We have a working OCI compatible executor (essentially making
>> lkvm binary parse the OCI configs and launch things), however there is
>> no OCI capable docker available publicly yet, hence we are limited in
>> testing/validating said work. There is also hyper.sh & runv, which has
>> some additional integration - OCI capable and has `pull' from
>> dockerhub ability.
>>
>>> Thanks a lot in advance, I hope my questions make sense.
>>> Antonio
>>
>> Hope this helps. The questions are very sensible =) and we should make
>> more information available to make Clear Containers work more
>> accessible.
>>
>> --
>> Regards,
>>
>> Dimitri.
>> 63 sleeps till Christmas, or less
>>
>> https://clearlinux.org
>> Open Source Technology Center
>> Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.
>
>
>
> --
> Regards,
>
> Dimitri.
> 73 sleeps till Christmas, or less
>
> https://clearlinux.org
> Open Source Technology Center
> Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.
--
Regards,
Dimitri.
63 sleeps till Christmas, or less
https://clearlinux.org
Open Source Technology Center
Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.
1. Great, I was thinking about that as well. Having an SSH server always on and per-container ssh keys auto-injected in container to "proxy" exec seems good (even if it may sounds hacky). I'll have another think in these days and come up with something maybe.
2. Yes, demo from https://download.clearlinux.org/demos/containers/ with newer Clear Containers
3., 4., 5., Thanks!
And thanks again!
Antonio
----- Messaggio originale -----
Da: "Dimitri John Ledkov" <dimitri.j.ledkov(a)intel.com>
A: "Antonio Murdaca" <amurdaca(a)redhat.com>
Cc: Dev(a)ml01.clearlinux.org, "James O Hunt" <james.o.hunt(a)intel.com>, "William Douglas" <william.douglas(a)intel.com>
Inviato: Venerdì, 23 ottobre 2015 12:50:42
Oggetto: Re: [Dev] Clear Linux containers with Docker
On 23 October 2015 at 11:25, Antonio Murdaca <amurdaca(a)redhat.com> wrote:
> Great. Thanks for the answers.
>
> Few points. Just a suggestion, as a Docker core maintainer myself (being in charge of reviews), I don't understand why you made the latest PR against Docker 1.8.3 given we're almost releasing 1.9 (I'm not sure it will be merged in Docker 1.8.3, unless you already talked to someone at Docker), so I think it would be better to adapt the code to 1.9 and be ready for 1.10. The Pull Request itself looks good though and I'm happy to continue reviewing it and give suggestions.
> I've already experimented with clr exec-driver on other hosts and I can confirm it's working great with the opensuse repo you provided. I've also made some PRs to better improve Docker integration(you can cherry-pick this if you are interested https://github.com/runcom/docker/commit/bd967bd3c542559b1c985eeca6e33e88456…) and clearcontainer/kvmtool (https://github.com/clearlinux/kvmtool/pull/2).
>
Looks good, I've asked James Hunt to review and merge/cherry-pick these things.
> More questions I'd like to ask are:
>
> 1. (Already asked but I'm copying it over here) Will Clear Containers support Docker exec? The question was answered saying no for security implications. Could you explain which ones are we talking about?
>
At the moment we don't have exec support. When brainstorming about it,
I was envisioning opening/maintaining a second serial console to the
VM for the exec case. However, kvmtool doesn't currently support
having dynamic serial consoles added/removed from the VM or mean to
connect to them as far as I can tell. A second alternative is to add
openssh-server to the container base image, and keep ssh open with
injected/pre-generated per-container ssh keys to allow `docker exec`
via ssh protocol. The VMs are running systemd-networkd and are
discoverable via LLMNR, so I was also pondering how to start linking
journals for the VMs and/or registering with machined - to gain
ability to control systemd inside the VM from the host over serial/ssh
connections. But all of these are just ideas at this stage. How would
you go about implementing exec? If there are better ideas, we might be
able to implement that quickly.
> 2. I've seen the demo you provided on your site to run a plain container with kvmtool is pretty outdated and I'm having troubles making it work correctly with newer ClearContianers images (4300, 4340). Could you update it with more instructions maybe?
>
To run a plain VM, do you mean demo from
https://download.clearlinux.org/demos/containers/ ? I'll look into
updating that.
> 3. does the original kvmtool (lkvm) from the kernel work with ClearContainers or it needs your patched version? (is it https://github.com/clearlinux/kvmtool right?)
>
The version in github.com/clearlinux/kvmtool is experimental
development work which has OCI support developed. We do need patched
lkvm for now, as not everything has been contributed upstream yet.
There are quite a few feature patches that the docker exec-driver
relies on.
> 4. Where is the source code for vmlinux.container? I'd like to build it myself but I can't find it anywhere
>
We are not currently publishing git trees with packaging, and all
patches for all packages. However, we do publish .src.rpm
repositories:
In e.g.:
https://download.clearlinux.org/releases/4340/clear/source/SRPMS/
You should be able to find:
https://download.clearlinux.org/releases/4340/clear/source/SRPMS/linux-cont…https://download.clearlinux.org/releases/4340/clear/source/SRPMS/kvmtool-1.…https://download.clearlinux.org/releases/4340/clear/source/SRPMS/clear-cont…
> 5. doc at https://clearlinux.org/documentation/running-clear-linux-os-intel%C2%AE-arc… isn't working as well, it displays a firmware menu and it hangs there. Is it possible to enhance the doc?
>
I'm not sure about who owner of this documentation is. William, would
you be able to help out with this request?
> Many thanks for the answers and sorry in advance for all of this questions!
>
No worries!
Regards,
Dimitri.
> ----- Messaggio originale -----
> Da: "Dimitri John Ledkov" <dimitri.j.ledkov(a)intel.com>
> A: "Antonio Murdaca" <amurdaca(a)redhat.com>
> Cc: Dev(a)ml01.clearlinux.org
> Inviato: Venerdì, 23 ottobre 2015 11:57:56
> Oggetto: Re: [Dev] Clear Linux containers with Docker
>
> Hello,
>
> On 21 October 2015 at 18:40, Antonio Murdaca <amurdaca(a)redhat.com> wrote:
>> Hello and nice to meet you all (and great work on Clear Linux!),
>>
>> I was reviewing the Pull Request you made against docker/docker on github (https://github.com/docker/docker/pull/17244, I'm "runcom").
>> I have a few questions I'd like to ask you, (I prefer the ML instead of leaving qa on github, I'll report some from github also):
>>
>> 1. Is this PR meant for testing purpose as the old one you made some time ago?
>>
>
> We are in progress to merge this work upstream. There are pull
> requests mostly for docker, and smaller things for libnetwork.
>
>
>> 2. Is the clr execdriver you implemented available for non Clean Linux hosts as well? (I guess not, because I get `fork/exec lkvm: no such file or directory` while testing your PR on my machine which is Fedora)
>>
>
> In addition to the docker-execdriver, one needs patched kvmtool,
> compatible kernel, and clear linux container image.
>
> The whole lot is packaged for clearlinux, but also for
> Ubuntu/Debian/Fedora/Centos/Suse at:
> https://software.opensuse.org/download.html?project=home%3Aclearlinux%3Apre…
>
> I have validated for the whole lot to work correctly on Fedora 22.
>
> You may also refer to getting started docs we are starting to publish at:
> https://clearlinux.org/documentation/clear-containers-getting-started-guide
>
>
>
>> 3. Are there any plan to make Docker with the clr execdriver available on non Clear Linux hosts? If yes, is there anything I can look at or help out with in some way?
>>
>
> Yes and already done on the OBS. If support for more OSes and/or e.g.
> Rawhide do let us know. The .src.rpms for Clearlinux should be
> directly re-buildable on e.g. Fedora. The bits one must have on the
> host for now are: clear-containers-docker, kvmtool, linux-container.
>
>> 4. Also, are there any plans to move the clr execdriver to opencontainers/runc|specs?
>>
>
> Yes. We have a working OCI compatible executor (essentially making
> lkvm binary parse the OCI configs and launch things), however there is
> no OCI capable docker available publicly yet, hence we are limited in
> testing/validating said work. There is also hyper.sh & runv, which has
> some additional integration - OCI capable and has `pull' from
> dockerhub ability.
>
>> Thanks a lot in advance, I hope my questions make sense.
>> Antonio
>
> Hope this helps. The questions are very sensible =) and we should make
> more information available to make Clear Containers work more
> accessible.
>
> --
> Regards,
>
> Dimitri.
> 63 sleeps till Christmas, or less
>
> https://clearlinux.org
> Open Source Technology Center
> Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.
--
Regards,
Dimitri.
73 sleeps till Christmas, or less
https://clearlinux.org
Open Source Technology Center
Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.
On Oct 23, 2015 3:51 AM, "Dimitri John Ledkov" <dimitri.j.ledkov(a)intel.com>
wrote:
>
> On 23 October 2015 at 11:25, Antonio Murdaca <amurdaca(a)redhat.com> wrote:
> > Great. Thanks for the answers.
> >
> > Few points. Just a suggestion, as a Docker core maintainer myself
(being in charge of reviews), I don't understand why you made the latest PR
against Docker 1.8.3 given we're almost releasing 1.9 (I'm not sure it will
be merged in Docker 1.8.3, unless you already talked to someone at Docker),
so I think it would be better to adapt the code to 1.9 and be ready for
1.10. The Pull Request itself looks good though and I'm happy to continue
reviewing it and give suggestions.
> > I've already experimented with clr exec-driver on other hosts and I can
confirm it's working great with the opensuse repo you provided. I've also
made some PRs to better improve Docker integration(you can cherry-pick this
if you are interested
https://github.com/runcom/docker/commit/bd967bd3c542559b1c985eeca6e33e88456…)
and clearcontainer/kvmtool (https://github.com/clearlinux/kvmtool/pull/2).
> >
>
> Looks good, I've asked James Hunt to review and merge/cherry-pick these
things.
>
> > More questions I'd like to ask are:
> >
> > 1. (Already asked but I'm copying it over here) Will Clear Containers
support Docker exec? The question was answered saying no for security
implications. Could you explain which ones are we talking about?
> >
>
> At the moment we don't have exec support. When brainstorming about it,
> I was envisioning opening/maintaining a second serial console to the
> VM for the exec case. However, kvmtool doesn't currently support
> having dynamic serial consoles added/removed from the VM or mean to
> connect to them as far as I can tell. A second alternative is to add
> openssh-server to the container base image, and keep ssh open with
> injected/pre-generated per-container ssh keys to allow `docker exec`
> via ssh protocol. The VMs are running systemd-networkd and are
> discoverable via LLMNR, so I was also pondering how to start linking
> journals for the VMs and/or registering with machined - to gain
> ability to control systemd inside the VM from the host over serial/ssh
> connections. But all of these are just ideas at this stage. How would
> you go about implementing exec? If there are better ideas, we might be
> able to implement that quickly.
>
> > 2. I've seen the demo you provided on your site to run a plain
container with kvmtool is pretty outdated and I'm having troubles making it
work correctly with newer ClearContianers images (4300, 4340). Could you
update it with more instructions maybe?
> >
>
> To run a plain VM, do you mean demo from
> https://download.clearlinux.org/demos/containers/ ? I'll look into
> updating that.
>
> > 3. does the original kvmtool (lkvm) from the kernel work with
ClearContainers or it needs your patched version? (is it
https://github.com/clearlinux/kvmtool right?)
> >
>
> The version in github.com/clearlinux/kvmtool is experimental
> development work which has OCI support developed. We do need patched
> lkvm for now, as not everything has been contributed upstream yet.
> There are quite a few feature patches that the docker exec-driver
> relies on.
>
> > 4. Where is the source code for vmlinux.container? I'd like to build it
myself but I can't find it anywhere
> >
>
> We are not currently publishing git trees with packaging, and all
> patches for all packages. However, we do publish .src.rpm
> repositories:
> In e.g.:
> https://download.clearlinux.org/releases/4340/clear/source/SRPMS/
>
> You should be able to find:
>
https://download.clearlinux.org/releases/4340/clear/source/SRPMS/linux-cont…
>
https://download.clearlinux.org/releases/4340/clear/source/SRPMS/kvmtool-1.…
>
https://download.clearlinux.org/releases/4340/clear/source/SRPMS/clear-cont…
>
> > 5. doc at
https://clearlinux.org/documentation/running-clear-linux-os-intel%C2%AE-arc…
isn't working as well, it displays a firmware menu and it hangs there. Is
it possible to enhance the doc?
> >
>
> I'm not sure about who owner of this documentation is. William, would
> you be able to help out with this request?
>
Will do.
> > Many thanks for the answers and sorry in advance for all of this
questions!
> >
>
> No worries!
>
> Regards,
>
> Dimitri.
>
> > ----- Messaggio originale -----
> > Da: "Dimitri John Ledkov" <dimitri.j.ledkov(a)intel.com>
> > A: "Antonio Murdaca" <amurdaca(a)redhat.com>
> > Cc: Dev(a)ml01.clearlinux.org
> > Inviato: Venerdì, 23 ottobre 2015 11:57:56
> > Oggetto: Re: [Dev] Clear Linux containers with Docker
> >
> > Hello,
> >
> > On 21 October 2015 at 18:40, Antonio Murdaca <amurdaca(a)redhat.com>
wrote:
> >> Hello and nice to meet you all (and great work on Clear Linux!),
> >>
> >> I was reviewing the Pull Request you made against docker/docker on
github (https://github.com/docker/docker/pull/17244, I'm "runcom").
> >> I have a few questions I'd like to ask you, (I prefer the ML instead
of leaving qa on github, I'll report some from github also):
> >>
> >> 1. Is this PR meant for testing purpose as the old one you made some
time ago?
> >>
> >
> > We are in progress to merge this work upstream. There are pull
> > requests mostly for docker, and smaller things for libnetwork.
> >
> >
> >> 2. Is the clr execdriver you implemented available for non Clean Linux
hosts as well? (I guess not, because I get `fork/exec lkvm: no such file or
directory` while testing your PR on my machine which is Fedora)
> >>
> >
> > In addition to the docker-execdriver, one needs patched kvmtool,
> > compatible kernel, and clear linux container image.
> >
> > The whole lot is packaged for clearlinux, but also for
> > Ubuntu/Debian/Fedora/Centos/Suse at:
> >
https://software.opensuse.org/download.html?project=home%3Aclearlinux%3Apre…
> >
> > I have validated for the whole lot to work correctly on Fedora 22.
> >
> > You may also refer to getting started docs we are starting to publish
at:
> >
https://clearlinux.org/documentation/clear-containers-getting-started-guide
> >
> >
> >
> >> 3. Are there any plan to make Docker with the clr execdriver available
on non Clear Linux hosts? If yes, is there anything I can look at or help
out with in some way?
> >>
> >
> > Yes and already done on the OBS. If support for more OSes and/or e.g.
> > Rawhide do let us know. The .src.rpms for Clearlinux should be
> > directly re-buildable on e.g. Fedora. The bits one must have on the
> > host for now are: clear-containers-docker, kvmtool, linux-container.
> >
> >> 4. Also, are there any plans to move the clr execdriver to
opencontainers/runc|specs?
> >>
> >
> > Yes. We have a working OCI compatible executor (essentially making
> > lkvm binary parse the OCI configs and launch things), however there is
> > no OCI capable docker available publicly yet, hence we are limited in
> > testing/validating said work. There is also hyper.sh & runv, which has
> > some additional integration - OCI capable and has `pull' from
> > dockerhub ability.
> >
> >> Thanks a lot in advance, I hope my questions make sense.
> >> Antonio
> >
> > Hope this helps. The questions are very sensible =) and we should make
> > more information available to make Clear Containers work more
> > accessible.
> >
> > --
> > Regards,
> >
> > Dimitri.
> > 63 sleeps till Christmas, or less
> >
> > https://clearlinux.org
> > Open Source Technology Center
> > Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon
SN3 1RJ.
>
>
>
> --
> Regards,
>
> Dimitri.
> 73 sleeps till Christmas, or less
>
> https://clearlinux.org
> Open Source Technology Center
> Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3
1RJ.
2015-10-23 11:50 GMT+01:00 Dimitri John Ledkov <dimitri.j.ledkov(a)intel.com>:
> On 23 October 2015 at 11:25, Antonio Murdaca <amurdaca(a)redhat.com> wrote:
> > Great. Thanks for the answers.
> >
> > Few points. Just a suggestion, as a Docker core maintainer myself (being
> in charge of reviews), I don't understand why you made the latest PR
> against Docker 1.8.3 given we're almost releasing 1.9 (I'm not sure it will
> be merged in Docker 1.8.3, unless you already talked to someone at Docker),
> so I think it would be better to adapt the code to 1.9 and be ready for
> 1.10. The Pull Request itself looks good though and I'm happy to continue
> reviewing it and give suggestions.
> > I've already experimented with clr exec-driver on other hosts and I can
> confirm it's working great with the opensuse repo you provided. I've also
> made some PRs to better improve Docker integration(you can cherry-pick this
> if you are interested
> https://github.com/runcom/docker/commit/bd967bd3c542559b1c985eeca6e33e88456…)
> and clearcontainer/kvmtool (https://github.com/clearlinux/kvmtool/pull/2).
> >
>
> Looks good, I've asked James Hunt to review and merge/cherry-pick these
> things.
>
Thanks very much Antonio - both patches accepted. I've added the latter to
the 1.8.3 PR. We are intending to rework the PR against the 1.9 branch.
> > More questions I'd like to ask are:
> >
> > 1. (Already asked but I'm copying it over here) Will Clear Containers
> support Docker exec? The question was answered saying no for security
> implications. Could you explain which ones are we talking about?
> >
>
> At the moment we don't have exec support. When brainstorming about it,
> I was envisioning opening/maintaining a second serial console to the
> VM for the exec case. However, kvmtool doesn't currently support
> having dynamic serial consoles added/removed from the VM or mean to
> connect to them as far as I can tell. A second alternative is to add
> openssh-server to the container base image, and keep ssh open with
> injected/pre-generated per-container ssh keys to allow `docker exec`
> via ssh protocol. The VMs are running systemd-networkd and are
> discoverable via LLMNR, so I was also pondering how to start linking
> journals for the VMs and/or registering with machined - to gain
> ability to control systemd inside the VM from the host over serial/ssh
> connections. But all of these are just ideas at this stage. How would
> you go about implementing exec? If there are better ideas, we might be
> able to implement that quickly.
>
> > 2. I've seen the demo you provided on your site to run a plain container
> with kvmtool is pretty outdated and I'm having troubles making it work
> correctly with newer ClearContianers images (4300, 4340). Could you update
> it with more instructions maybe?
> >
>
> To run a plain VM, do you mean demo from
> https://download.clearlinux.org/demos/containers/ ? I'll look into
> updating that.
>
> > 3. does the original kvmtool (lkvm) from the kernel work with
> ClearContainers or it needs your patched version? (is it
> https://github.com/clearlinux/kvmtool right?)
> >
>
> The version in github.com/clearlinux/kvmtool is experimental
> development work which has OCI support developed. We do need patched
> lkvm for now, as not everything has been contributed upstream yet.
> There are quite a few feature patches that the docker exec-driver
> relies on.
>
> > 4. Where is the source code for vmlinux.container? I'd like to build it
> myself but I can't find it anywhere
> >
>
> We are not currently publishing git trees with packaging, and all
> patches for all packages. However, we do publish .src.rpm
> repositories:
> In e.g.:
> https://download.clearlinux.org/releases/4340/clear/source/SRPMS/
>
> You should be able to find:
>
> https://download.clearlinux.org/releases/4340/clear/source/SRPMS/linux-cont…
>
> https://download.clearlinux.org/releases/4340/clear/source/SRPMS/kvmtool-1.…
>
> https://download.clearlinux.org/releases/4340/clear/source/SRPMS/clear-cont…
>
> > 5. doc at
> https://clearlinux.org/documentation/running-clear-linux-os-intel%C2%AE-arc…
> isn't working as well, it displays a firmware menu and it hangs there. Is
> it possible to enhance the doc?
> >
>
> I'm not sure about who owner of this documentation is. William, would
> you be able to help out with this request?
>
> > Many thanks for the answers and sorry in advance for all of this
> questions!
> >
>
> No worries!
>
> Regards,
>
> Dimitri.
>
> > ----- Messaggio originale -----
> > Da: "Dimitri John Ledkov" <dimitri.j.ledkov(a)intel.com>
> > A: "Antonio Murdaca" <amurdaca(a)redhat.com>
> > Cc: Dev(a)ml01.clearlinux.org
> > Inviato: Venerdì, 23 ottobre 2015 11:57:56
> > Oggetto: Re: [Dev] Clear Linux containers with Docker
> >
> > Hello,
> >
> > On 21 October 2015 at 18:40, Antonio Murdaca <amurdaca(a)redhat.com>
> wrote:
> >> Hello and nice to meet you all (and great work on Clear Linux!),
> >>
> >> I was reviewing the Pull Request you made against docker/docker on
> github (https://github.com/docker/docker/pull/17244, I'm "runcom").
> >> I have a few questions I'd like to ask you, (I prefer the ML instead of
> leaving qa on github, I'll report some from github also):
> >>
> >> 1. Is this PR meant for testing purpose as the old one you made some
> time ago?
> >>
> >
> > We are in progress to merge this work upstream. There are pull
> > requests mostly for docker, and smaller things for libnetwork.
> >
> >
> >> 2. Is the clr execdriver you implemented available for non Clean Linux
> hosts as well? (I guess not, because I get `fork/exec lkvm: no such file or
> directory` while testing your PR on my machine which is Fedora)
> >>
> >
> > In addition to the docker-execdriver, one needs patched kvmtool,
> > compatible kernel, and clear linux container image.
> >
> > The whole lot is packaged for clearlinux, but also for
> > Ubuntu/Debian/Fedora/Centos/Suse at:
> >
> https://software.opensuse.org/download.html?project=home%3Aclearlinux%3Apre…
> >
> > I have validated for the whole lot to work correctly on Fedora 22.
> >
> > You may also refer to getting started docs we are starting to publish at:
> >
> https://clearlinux.org/documentation/clear-containers-getting-started-guide
> >
> >
> >
> >> 3. Are there any plan to make Docker with the clr execdriver available
> on non Clear Linux hosts? If yes, is there anything I can look at or help
> out with in some way?
> >>
> >
> > Yes and already done on the OBS. If support for more OSes and/or e.g.
> > Rawhide do let us know. The .src.rpms for Clearlinux should be
> > directly re-buildable on e.g. Fedora. The bits one must have on the
> > host for now are: clear-containers-docker, kvmtool, linux-container.
> >
> >> 4. Also, are there any plans to move the clr execdriver to
> opencontainers/runc|specs?
> >>
> >
> > Yes. We have a working OCI compatible executor (essentially making
> > lkvm binary parse the OCI configs and launch things), however there is
> > no OCI capable docker available publicly yet, hence we are limited in
> > testing/validating said work. There is also hyper.sh & runv, which has
> > some additional integration - OCI capable and has `pull' from
> > dockerhub ability.
> >
> >> Thanks a lot in advance, I hope my questions make sense.
> >> Antonio
> >
> > Hope this helps. The questions are very sensible =) and we should make
> > more information available to make Clear Containers work more
> > accessible.
> >
> > --
> > Regards,
> >
> > Dimitri.
> > 63 sleeps till Christmas, or less
> >
> > https://clearlinux.org
> > Open Source Technology Center
> > Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon
> SN3 1RJ.
>
>
>
> --
> Regards,
>
> Dimitri.
> 73 sleeps till Christmas, or less
>
> https://clearlinux.org
> Open Source Technology Center
> Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3
> 1RJ.
>
--
James
-----
https://clearlinux.org
Open Source Technology Center
Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3
1RJ.
Great. Thanks for the answers.
Few points. Just a suggestion, as a Docker core maintainer myself (being in charge of reviews), I don't understand why you made the latest PR against Docker 1.8.3 given we're almost releasing 1.9 (I'm not sure it will be merged in Docker 1.8.3, unless you already talked to someone at Docker), so I think it would be better to adapt the code to 1.9 and be ready for 1.10. The Pull Request itself looks good though and I'm happy to continue reviewing it and give suggestions.
I've already experimented with clr exec-driver on other hosts and I can confirm it's working great with the opensuse repo you provided. I've also made some PRs to better improve Docker integration(you can cherry-pick this if you are interested https://github.com/runcom/docker/commit/bd967bd3c542559b1c985eeca6e33e88456…) and clearcontainer/kvmtool (https://github.com/clearlinux/kvmtool/pull/2).
More questions I'd like to ask are:
1. (Already asked but I'm copying it over here) Will Clear Containers support Docker exec? The question was answered saying no for security implications. Could you explain which ones are we talking about?
2. I've seen the demo you provided on your site to run a plain container with kvmtool is pretty outdated and I'm having troubles making it work correctly with newer ClearContianers images (4300, 4340). Could you update it with more instructions maybe?
3. does the original kvmtool (lkvm) from the kernel work with ClearContainers or it needs your patched version? (is it https://github.com/clearlinux/kvmtool right?)
4. Where is the source code for vmlinux.container? I'd like to build it myself but I can't find it anywhere
5. doc at https://clearlinux.org/documentation/running-clear-linux-os-intel%C2%AE-arc… isn't working as well, it displays a firmware menu and it hangs there. Is it possible to enhance the doc?
Many thanks for the answers and sorry in advance for all of this questions!
----- Messaggio originale -----
Da: "Dimitri John Ledkov" <dimitri.j.ledkov(a)intel.com>
A: "Antonio Murdaca" <amurdaca(a)redhat.com>
Cc: Dev(a)ml01.clearlinux.org
Inviato: Venerdì, 23 ottobre 2015 11:57:56
Oggetto: Re: [Dev] Clear Linux containers with Docker
Hello,
On 21 October 2015 at 18:40, Antonio Murdaca <amurdaca(a)redhat.com> wrote:
> Hello and nice to meet you all (and great work on Clear Linux!),
>
> I was reviewing the Pull Request you made against docker/docker on github (https://github.com/docker/docker/pull/17244, I'm "runcom").
> I have a few questions I'd like to ask you, (I prefer the ML instead of leaving qa on github, I'll report some from github also):
>
> 1. Is this PR meant for testing purpose as the old one you made some time ago?
>
We are in progress to merge this work upstream. There are pull
requests mostly for docker, and smaller things for libnetwork.
> 2. Is the clr execdriver you implemented available for non Clean Linux hosts as well? (I guess not, because I get `fork/exec lkvm: no such file or directory` while testing your PR on my machine which is Fedora)
>
In addition to the docker-execdriver, one needs patched kvmtool,
compatible kernel, and clear linux container image.
The whole lot is packaged for clearlinux, but also for
Ubuntu/Debian/Fedora/Centos/Suse at:
https://software.opensuse.org/download.html?project=home%3Aclearlinux%3Apre…
I have validated for the whole lot to work correctly on Fedora 22.
You may also refer to getting started docs we are starting to publish at:
https://clearlinux.org/documentation/clear-containers-getting-started-guide
> 3. Are there any plan to make Docker with the clr execdriver available on non Clear Linux hosts? If yes, is there anything I can look at or help out with in some way?
>
Yes and already done on the OBS. If support for more OSes and/or e.g.
Rawhide do let us know. The .src.rpms for Clearlinux should be
directly re-buildable on e.g. Fedora. The bits one must have on the
host for now are: clear-containers-docker, kvmtool, linux-container.
> 4. Also, are there any plans to move the clr execdriver to opencontainers/runc|specs?
>
Yes. We have a working OCI compatible executor (essentially making
lkvm binary parse the OCI configs and launch things), however there is
no OCI capable docker available publicly yet, hence we are limited in
testing/validating said work. There is also hyper.sh & runv, which has
some additional integration - OCI capable and has `pull' from
dockerhub ability.
> Thanks a lot in advance, I hope my questions make sense.
> Antonio
Hope this helps. The questions are very sensible =) and we should make
more information available to make Clear Containers work more
accessible.
--
Regards,
Dimitri.
63 sleeps till Christmas, or less
https://clearlinux.org
Open Source Technology Center
Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.
