Comments (16)
I see now that we set the binary setuid
, but I can't remember why. It looks like it is not necessary, in which case I would rather drop it than make it conditional, but I would have to test first.
from alpine-lima.
Apparently it is not possible to use containerd from nerdctl, so use apk instead:
bin/containerd: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=adf6f2a2a47bd9f2ae142cf08ae6de787138d8bf, for GNU/Linux 3.2.0, stripped
bin/buildkitd: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=X2aFQsdVAvRxWnSawzAH/1Hw0V0nkfjHgYf9usyh3/fFM6G3pQuF8I1Z801d1I/7c0ogZwxeBYT3Q_A6vyA, not stripped
from alpine-lima.
Here is a nice soundtrack, while building the image:
https://www.youtube.com/watch?v=WKSFmP_16V0
See https://en.wikipedia.org/wiki/MC_Frontalot
https://frontalot.bandcamp.com/track/nerdcore-rising
from alpine-lima.
52M iso/alpine-lima-std-3.14.3-x86_64.iso
157M iso/alpine-lima-nc-3.14.3-x86_64.iso
173M iso/alpine-lima-rd-3.14.3-x86_64.iso
EDIT: Had missed the "containerd" package, oops. 100M
And the "cni-plugins" package, too 135M
from alpine-lima.
Contributing buildkit to alpine as an apk would be a nice future improvement.
https://git.alpinelinux.org/aports/tree/community/containerd?h=3.14-stable
I prepared the scripts for it, by making the boolean separate from the nerdctl:
LIMA_INSTALL_BUILDKIT
from alpine-lima.
Think I also need to install cni-plugins, because they're in the wrong path now.
genapkovl-lima.sh: cp "${tmp}/nerdctl/libexec/cni/${plugin}" "${tmp}/usr/local/libexec/cni/${plugin}"
"$pkgdir"/usr/bin/containerd config default | sed "s|/opt/cni/bin|/usr/libexec/cni|g" > "$pkgdir"/etc/containerd/config.toml
That is, the containerd
package will need the cni-plugins
package as well.
from alpine-lima.
I still want to make the "regular" containerd installation work (for "system"), but this "nc" ISO could be a workaround/optimization.
images:
- location: https://github.com/lima-vm/alpine-lima/releases/download/v0.2.2/alpine-lima-std-3.14.3-x86_64.iso
arch: "x86_64"
digest: "sha512:573964991fb135aac18e44c444c1c924cd6110d4c823e887451e134adbecd7abb98bb84d22872cec1c9ed5b2cd9d87f664817adb15938ca3a69a9a2c70d66837"
- location: https://github.com/lima-vm/alpine-lima/releases/download/v0.2.2/alpine-lima-std-3.14.3-aarch64.iso
arch: "aarch64"
digest: "sha512:6ff651023fbc4ec56c437124392d29cfa8eb8fe6d34c0e797b85b21734a6629aec38226c298f475b9ed63bef7664d49ba1bd5adc667c621efd7aa43e7020cc27"
containerd:
system: true
user: false
images:
- location: https://github.com/lima-vm/alpine-lima/releases/download/v0.2.x/alpine-lima-nc-3.14.3-x86_64.iso
arch: "x86_64"
- location: https://github.com/lima-vm/alpine-lima/releases/download/v0.2.x/alpine-lima-nc-3.14.3-aarch64.iso
arch: "aarch64"
containerd:
system: false
user: false
Will try to learn more about the Alpine distribution (interesting in itself), but no idea how long that will take (for apk etc)
from alpine-lima.
Note: I set buildkitd to use the containerd worker, so I don't think it needs the CNI plugins by itself (for OCI worker) ?
--oci-worker=false --containerd-worker=true
And I don't think nerdctl needs it either, but please correct me if I am wrong - then we could try some other approach.
The plan was to have containerd do everything.
EDIT: nerdctl uses nerdctl CNI* for nerdctl0
network.
* that is: /usr/local/libexec/cni
https://github.com/containerd/nerdctl/blob/master/docs/cni.md
But /etc/cni/net.d
is empty, unless installing cri-containerd-cni.
This is so that it is possible to save the images directly to containerd, without having so save and load them first...
https://github.com/moby/buildkit#containerd-image-store
buildctl build ... --output type=image,name=localhost/myimage
ctr --namespace=buildkit images ls
from alpine-lima.
Note: the versions for docker and podman were much easier to do, because of proper apk packaging.
Once nerdctl (and containerd and buildkit) are also available in Alpine, this would become trivial too.
from alpine-lima.
Maybe we (you?) should submit the packages for upstream first, and we delay this PR until they are available?
Or do you need this image rather "sooner"?
from alpine-lima.
Or do you need this image rather "sooner"?
There is no rush, I think one can use the current (std) alpine image and do the install from there if in a hurry.
I'm not even sure if all these (well, three) images should be built by default, or if they are just "examples" ?
Although it will be hard to link to them if they are not built and checksummed and provided automatically.
images:
- location: https://github.com/lima-vm/alpine-lima/releases/download/v0.2.2/alpine-lima-std-3.14.3-x86_64.iso
arch: "x86_64"
digest: "sha512:573964991fb135aac18e44c444c1c924cd6110d4c823e887451e134adbecd7abb98bb84d22872cec1c9ed5b2cd9d87f664817adb15938ca3a69a9a2c70d66837"
- location: https://github.com/lima-vm/alpine-lima/releases/download/v0.2.2/alpine-lima-std-3.14.3-aarch64.iso
arch: "aarch64"
digest: "sha512:6ff651023fbc4ec56c437124392d29cfa8eb8fe6d34c0e797b85b21734a6629aec38226c298f475b9ed63bef7664d49ba1bd5adc667c621efd7aa43e7020cc27"
It was just that the current "alpine.yaml" example doesn't work (for nerdctl), and that was a bit disappointing...
containerd:
system: false
user: false
And with both docker-machine
and podman-machine
being deprecated, there were no lightweight alternatives.
One would have to go full Docker Desktop (LinuxKit) or Podman Desktop (CoreOS), to run them on Mac or Win.
But it (containerd:
) can be fixed in limactl, as well.
These lima ISO images were just an "optimization".
52M iso/alpine-lima-std-3.14.3-x86_64.iso
91M iso/alpine-lima-pm-3.14.3-x86_64.iso
125M iso/alpine-lima-de-3.14.3-x86_64.iso
157M iso/alpine-lima-nc-3.14.3-x86_64.iso
Initially I even tried to build my own ISO with nerdctl, but I'm not sure that OS effort would be worthwhile anymore...
Would just end up re-creating alpine-lima and lima-init or something very similar, which seems like a waste of time.
from alpine-lima.
I was looking at nerdctl vs. the other container runtimes, and wondering why running "ctr" failed but "nerdctl" worked.
Then I remembered that Rancher Desktop runs nerdctl as set-uid, should make this optional so that it matches the apk.
i.e. when install from apk, you are supposed to run them with sudo nerdctl
, sudo docker
, sudo podman
You can set up local changes such as root suid or root groups, but that's not the way it comes out-of-the-box.
from alpine-lima.
Then I remembered that Rancher Desktop runs nerdctl as set-uid, should make this optional so that it matches the apk.
This doesn't sound right; it runs it with sudo:
LIMA_HOME="$HOME/Library/Application Support/rancher-desktop/lima" "${scriptdir}/../lima/bin/limactl" shell 0 sudo --preserve-env=CONTAINERD_ADDRESS nerdctl "$@"
from alpine-lima.
If you want it drop-in replacement for docker
, then I guess users would not expect to run it with sudo
?
Assuming that they added themselves to the root-equivalent "docker" group earlier, to access the socket.
https://docs.docker.com/engine/install/linux-postinstall/
Some distributions (or people?) prefer the explicit sudo.
from alpine-lima.
Back to "normal" again.
lima-nc:~$ sudo nerdctl version
Client:
Version: v0.16.0
Git commit: 0ddaffd2ce304dd917267470883898feff9463dc
Server:
containerd:
Version: v1.5.8
GitCommit: 1e5ef943eb76627a6d3b6de8cd1ef6537f393a71
lima-nc:~$ nerdctl version
WARN[0000] environment variable XDG_RUNTIME_DIR is not set, see https://rootlesscontaine.rs/getting-started/common/login/
WARN[0000] environment variable XDG_RUNTIME_DIR is not set, see https://rootlesscontaine.rs/getting-started/common/login/
FATA[0000] rootless containerd not running? (hint: use `containerd-rootless-setuptool.sh install` to start rootless containerd): environment variable XDG_RUNTIME_DIR is not set, see https://rootlesscontaine.rs/getting-started/common/login/
lima-nc:~$ sudo ctr version
Client:
Version: v1.5.8
Revision: 1e5ef943eb76627a6d3b6de8cd1ef6537f393a71
Go version: go1.16.10
Server:
Version: v1.5.8
Revision: 1e5ef943eb76627a6d3b6de8cd1ef6537f393a71
UUID: 1b318a9d-50f7-433d-abe2-36a8ecd0e92a
lima-nc:~$ ctr version
Client:
Version: v1.5.8
Revision: 1e5ef943eb76627a6d3b6de8cd1ef6537f393a71
Go version: go1.16.10
ctr: failed to dial "/run/containerd/containerd.sock": connection error: desc = "transport: error while dialing: dial unix /run/containerd/containerd.sock: connect: permission denied"
from alpine-lima.
Let's do the apk packages first, and then try again with Alpine 3.15 or something.
from alpine-lima.
Related Issues (20)
- Alpine does not keep the installed packages after a new start HOT 1
- Real cloud-init is not guaranteed to run after qemu-binfmt
- Make editions that install the regular alpine packages HOT 3
- Include kernel config file HOT 11
- Bump to Alpine 3.19 HOT 3
- The new 3.19 images do not import /etc/environment
- The image should be a hard drive image, not ISO9660 HOT 7
- Audit the rancher-sandbox/alpine-lima fork
- Add curl to the rd edition HOT 1
- Move to Alpine 3.16 HOT 1
- Make sure the boot ISO is mounted to `/media/cdrom`
- Security Policy violation Branch Protection HOT 2
- Security Policy violation SECURITY.md HOT 2
- Let Lima install nerdctl instead of bundling it in the ISO HOT 6
- Running qemu-emulated binaries passes wrong arguments.
- Add git to rd edition
- Add support for boot provisioning scripts to lima-init
- File /etc/localtime missing HOT 6
- vz driver not mounting data disk HOT 2
- DNS hang
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from alpine-lima.