Hi Bruce,
following up an old thread with some more toughts...
On 2022-02-09 19:51, Bruce Ashfield wrote:
On Wed, Feb 9, 2022 at 1:29 PM Peter Bergin <[email protected]> wrote:
Hi,
I'm exploring the world of containers combined with Yocto. I can build a
container image and bundle that one with my rootfs image. The container
image is stored in the rootfs as a tar-file of a OCI image spec with the
content blobs, index.json and oci-layout. As per the description in
classes/image-oci.bbclass the way to run the container is to unpack the
file and the create the OCI runtime bundle and start it with runc.
I have played around with docker and tried to import OCI image directly
in to docker store but have not succeeded. Anyone that knows if it is
possible? 'docker image import <oci-image>.tar does not give any errors
and the image shows up in 'docker images' but does not import the
correct rootfs.
There's no viable way to do this on the build side, and then have it appear
in the image. I've experimented several times with this, and haven't found
a decent solution. Running docker on the build host is a non-starter, which
rules out many options.
There's more options if you use podman versus docker for the container
runtime, but I also haven't had time to finish anything there yet.
To get the OCI images into docker, I bounce them through a registry and
use docker pull. You can see the logs of that process in several of my
yocto summit presentations.
I have found another solution that I would like to have your input on.
I'm installing the OCI-image output from Yocto in my image for the host.
Then running `docker import` on it the first boot, then it is possible
to start. I don't know what I tried the last time but this seems to work
now:
root@qemuarm64:~# ls -la
/var/lib/machines/container-hello-image-qemuarm64.rootfs.tar.bz2
-rw-r--r-- 1 root root 1981366 Mar 9 2018
/var/lib/machines/container-hello-image-qemuarm64.rootfs.tar.bz2
root@qemuarm64:~# docker import
/var/lib/machines/container-hello-image-qemuarm64.rootfs.tar.bz2 hello
[ 35.155151] Initializing XFRM netlink socket
sha256:9db6cb5ce8f772caebf6ca430dd8de452e36320af861635f81f75cd4b9089f33
root@qemuarm64:~# docker run -it --rm hello /bin/sh
[ 54.109667] docker0: port 1(vethe5c8c2b) entered blocking state
[ 54.110127] docker0: port 1(vethe5c8c2b) entered disabled state
[ 54.112606] device vethe5c8c2b entered promiscuous mode
[ 54.218708] IPv6: ADDRCONF(NETDEV_CHANGE): vethd1bfa4c: link becomes
ready
[ 54.219547] IPv6: ADDRCONF(NETDEV_CHANGE): vethe5c8c2b: link becomes
ready
[ 54.220098] docker0: port 1(vethe5c8c2b) entered blocking state
[ 54.220464] docker0: port 1(vethe5c8c2b) entered forwarding state
[ 54.221866] IPv6: ADDRCONF(NETDEV_CHANGE): docker0: link becomes ready
[ 54.349014] device vethe5c8c2b left promiscuous mode
[ 54.349629] docker0: port 1(vethe5c8c2b) entered disabled state
[ 56.939373] eth0: renamed from vethd1bfa4c
/ #
I see it could be hard to have ´docker import` in the Yocto build flow
but I think it is okay to have one step on first boot to import the
image to docker on target. With this it doesn't seems necessary to
push/pull through a registry. What do you think about this process? Any
drawback to have in mind?
Thanks,
/Peter
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#7082):
https://lists.yoctoproject.org/g/meta-virtualization/message/7082
Mute This Topic: https://lists.yoctoproject.org/mt/89028209/21656
Group Owner: [email protected]
Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
