Hi Antonio,

I've just raised a 1.9.0 PR: https://github.com/docker/docker/pull/17441. It includes your Dockerfile change.

Kind regards,

James.


On 23 October 2015 at 16:59, Antonio Murdaca <amurdaca@redhat.com> wrote:
Thanks Dimitri, got it working following your steps. Any idea about the instructions on https://clearlinux.org/documentation/running-clear-linux-os-intel%C2%AE-architecture-virtualized-environment?
I'm still stuck at the firmware screen and I can't actually connect via SSH, it just times out. An explanation on how to get going with that would be useful as well.
Thanks
Antonio

----- Messaggio originale -----
Da: "Dimitri John Ledkov" <dimitri.j.ledkov@intel.com>
A: "Antonio Murdaca" <amurdaca@redhat.com>
Cc: "James O Hunt" <james.o.hunt@intel.com>, "William Douglas" <william.douglas@intel.com>, Dev@ml01.clearlinux.org
Inviato: Venerdì, 23 ottobre 2015 17:47:27
Oggetto: Re: [Dev] Clear Linux containers with Docker

On 23 October 2015 at 12:00, Antonio Murdaca <amurdaca@redhat.com> wrote:
> 1. Great, I was thinking about that as well. Having an SSH server always on and per-container ssh keys auto-injected in container to "proxy" exec seems good (even if it may sounds hacky). I'll have another think in these days and come up with something maybe.
>
> 2. Yes, demo from https://download.clearlinux.org/demos/containers/ with newer Clear Containers
>

Well. I got it running after doing the following.

1) Install linux-container from OBS repository
2) Install kvmtool from OBS repository
3) Tweak the boot.sh scripts:
- use "lkvm" rather than ./lkvm
- use /usr/lib/kernel/vmlinux.container rather than ./vmlinux.container
- use root=/dev/plkvm0p1 rather than root=/dev/plkvm0p3, as we dropped
unused partitions

I guess we should ship boot.sh/boot-cow.sh scripts in like kvmtool
package that do the same as the demo, due to above changes and now
published repositories.

That works fine, and the two trigger units that fail to run "are
mostly harmless" -> i should fix that.

Regards,

Dimitri.


> 3., 4., 5., Thanks!
>
> And thanks again!
> Antonio
>
> ----- Messaggio originale -----
> Da: "Dimitri John Ledkov" <dimitri.j.ledkov@intel.com>
> A: "Antonio Murdaca" <amurdaca@redhat.com>
> Cc: Dev@ml01.clearlinux.org, "James O Hunt" <james.o.hunt@intel.com>, "William Douglas" <william.douglas@intel.com>
> Inviato: Venerdì, 23 ottobre 2015 12:50:42
> Oggetto: Re: [Dev] Clear Linux containers with Docker
>
> On 23 October 2015 at 11:25, Antonio Murdaca <amurdaca@redhat.com> wrote:
>> Great. Thanks for the answers.
>>
>> Few points. Just a suggestion, as a Docker core maintainer myself (being in charge of reviews), I don't understand why you made the latest PR against Docker 1.8.3 given we're almost releasing 1.9 (I'm not sure it will be merged in Docker 1.8.3, unless you already talked to someone at Docker), so I think it would be better to adapt the code to 1.9 and be ready for 1.10. The Pull Request itself looks good though and I'm happy to continue reviewing it and give suggestions.
>> I've already experimented with clr exec-driver on other hosts and I can confirm it's working great with the opensuse repo you provided. I've also made some PRs to better improve Docker integration(you can cherry-pick this if you are interested https://github.com/runcom/docker/commit/bd967bd3c542559b1c985eeca6e33e8845633e39) and clearcontainer/kvmtool (https://github.com/clearlinux/kvmtool/pull/2).
>>
>
> Looks good, I've asked James Hunt to review and merge/cherry-pick these things.
>
>> More questions I'd like to ask are:
>>
>> 1. (Already asked but I'm copying it over here) Will Clear Containers support Docker exec? The question was answered saying no for security implications. Could you explain which ones are we talking about?
>>
>
> At the moment we don't have exec support. When brainstorming about it,
> I was envisioning opening/maintaining a second serial console to the
> VM for the exec case. However, kvmtool doesn't currently support
> having dynamic serial consoles added/removed from the VM or mean to
> connect to them as far as I can tell. A second alternative is to add
> openssh-server to the container base image, and keep ssh open with
> injected/pre-generated per-container ssh keys to allow `docker exec`
> via ssh protocol. The VMs are running systemd-networkd and are
> discoverable via LLMNR, so I was also pondering how to start linking
> journals for the VMs and/or registering with machined - to gain
> ability to control systemd inside the VM from the host over serial/ssh
> connections. But all of these are just ideas at this stage. How would
> you go about implementing exec? If there are better ideas, we might be
> able to implement that quickly.
>
>> 2. I've seen the demo you provided on your site to run a plain container with kvmtool is pretty outdated and I'm having troubles making it work correctly with newer ClearContianers images (4300, 4340). Could you update it with more instructions maybe?
>>
>
> To run a plain VM, do you mean demo from
> https://download.clearlinux.org/demos/containers/ ? I'll look into
> updating that.
>
>> 3. does the original kvmtool (lkvm) from the kernel work with ClearContainers or it needs your patched version? (is it https://github.com/clearlinux/kvmtool right?)
>>
>
> The version in github.com/clearlinux/kvmtool is experimental
> development work which has OCI support developed. We do need patched
> lkvm for now, as not everything has been contributed upstream yet.
> There are quite a few feature patches that the docker exec-driver
> relies on.
>
>> 4. Where is the source code for vmlinux.container? I'd like to build it myself but I can't find it anywhere
>>
>
> We are not currently publishing git trees with packaging, and all
> patches for all packages. However, we do publish .src.rpm
> repositories:
> In e.g.:
> https://download.clearlinux.org/releases/4340/clear/source/SRPMS/
>
> You should be able to find:
> https://download.clearlinux.org/releases/4340/clear/source/SRPMS/linux-container-4.2.1-39.src.rpm
> https://download.clearlinux.org/releases/4340/clear/source/SRPMS/kvmtool-1.43d2781-11.src.rpm
> https://download.clearlinux.org/releases/4340/clear/source/SRPMS/clear-containers-docker-1.8.1-39.src.rpm
>
>> 5. doc at https://clearlinux.org/documentation/running-clear-linux-os-intel%C2%AE-architecture-virtualized-environment isn't working as well, it displays a firmware menu and it hangs there. Is it possible to enhance the doc?
>>
>
> I'm not sure about who owner of this documentation is. William, would
> you be able to help out with this request?
>
>> Many thanks for the answers and sorry in advance for all of this questions!
>>
>
> No worries!
>
> Regards,
>
> Dimitri.
>
>> ----- Messaggio originale -----
>> Da: "Dimitri John Ledkov" <dimitri.j.ledkov@intel.com>
>> A: "Antonio Murdaca" <amurdaca@redhat.com>
>> Cc: Dev@ml01.clearlinux.org
>> Inviato: Venerdì, 23 ottobre 2015 11:57:56
>> Oggetto: Re: [Dev] Clear Linux containers with Docker
>>
>> Hello,
>>
>> On 21 October 2015 at 18:40, Antonio Murdaca <amurdaca@redhat.com> wrote:
>>> Hello and nice to meet you all (and great work on Clear Linux!),
>>>
>>> I was reviewing the Pull Request you made against docker/docker on github (https://github.com/docker/docker/pull/17244, I'm "runcom").
>>> I have a few questions I'd like to ask you, (I prefer the ML instead of leaving qa on github, I'll report some from github also):
>>>
>>> 1. Is this PR meant for testing purpose as the old one you made some time ago?
>>>
>>
>> We are in progress to merge this work upstream. There are pull
>> requests mostly for docker, and smaller things for libnetwork.
>>
>>
>>> 2. Is the clr execdriver you implemented available for non Clean Linux hosts as well? (I guess not, because I get `fork/exec lkvm: no such file or directory` while testing your PR on my machine which is Fedora)
>>>
>>
>> In addition to the docker-execdriver, one needs patched kvmtool,
>> compatible kernel, and clear linux container image.
>>
>> The whole lot is packaged for clearlinux, but also for
>> Ubuntu/Debian/Fedora/Centos/Suse at:
>> https://software.opensuse.org/download.html?project=home%3Aclearlinux%3Apreview&package=clear-containers-docker
>>
>> I have validated for the whole lot to work correctly on Fedora 22.
>>
>> You may also refer to getting started docs we are starting to publish at:
>> https://clearlinux.org/documentation/clear-containers-getting-started-guide
>>
>>
>>
>>> 3. Are there any plan to make Docker with the clr execdriver available on non Clear Linux hosts? If yes, is there anything I can look at or help out with in some way?
>>>
>>
>> Yes and already done on the OBS. If support for more OSes and/or e.g.
>> Rawhide do let us know. The .src.rpms for Clearlinux should be
>> directly re-buildable on e.g. Fedora. The bits one must have on the
>> host for now are: clear-containers-docker, kvmtool, linux-container.
>>
>>> 4. Also, are there any plans to move the clr execdriver to opencontainers/runc|specs?
>>>
>>
>> Yes. We have a working OCI compatible executor (essentially making
>> lkvm binary parse the OCI configs and launch things), however there is
>> no OCI capable docker available publicly yet, hence we are limited in
>> testing/validating said work. There is also hyper.sh & runv, which has
>> some additional integration - OCI capable and has `pull' from
>> dockerhub ability.
>>
>>> Thanks a lot in advance, I hope my questions make sense.
>>> Antonio
>>
>> Hope this helps. The questions are very sensible =) and we should make
>> more information available to make Clear Containers work more
>> accessible.
>>
>> --
>> Regards,
>>
>> Dimitri.
>> 63 sleeps till Christmas, or less
>>
>> https://clearlinux.org
>> Open Source Technology Center
>> Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.
>
>
>
> --
> Regards,
>
> Dimitri.
> 73 sleeps till Christmas, or less
>
> https://clearlinux.org
> Open Source Technology Center
> Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.



--
Regards,

Dimitri.
63 sleeps till Christmas, or less

https://clearlinux.org
Open Source Technology Center
Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.
---------------------------------------------------------------------
Intel Corporation (UK) Limited
Registered No. 1134945 (England)
Registered Office: Pipers Way, Swindon SN3 1RJ
VAT No: 860 2173 47

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.



--
James
-----
https://clearlinux.org
Open Source Technology Center
Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.