rkt: initial run working #1

philips · 2014-11-12T05:46:49Z

Take an already mounted and setup stage1 and stage2 filesystem and run it. The basic steps involve:

Generating unit files from the container manifest
Placing unit files into the stage1 filesystem
Exec'ing systemd nspawn

This should all work as a service file and be cleaned up.

philips · 2014-11-26T00:42:54Z

w00t, this is done.

fix(CONTRIBUTING.md): Fix title case

thebyrd · 2014-12-01T20:52:14Z

@philips I ran into

david@ubuntu:~/rocket-v0.1.0$ sudo ./rkt run sha256-701c24b2d275f0e291b807a464ae2390bcd8d7c5b4f2d7e47e6fd917cd5e5588
stage1/usr/bin/systemd-nspawn: error while loading shared libraries: libseccomp.so.2: cannot open shared object file: No such file or directory

Here's some system info:

david@ubuntu:~/rocket-v0.1.0$ uname -a
Linux ubuntu 3.13.0-39-generic #66-Ubuntu SMP Tue Oct 28 13:30:27 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
david@ubuntu:~/rocket-v0.1.0$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:   trusty

thebyrd · 2014-12-01T21:00:32Z

ah, Ubuntu 14.04 doesn't come with systemd... nvm

jonboulle · 2014-12-01T21:02:08Z

@thebyrd We are actively working on this - see #69

thebyrd · 2014-12-01T21:06:16Z

perfect. thanks!

philips · 2014-12-01T22:38:36Z

@thebyrd Just install libseccomp as a workaround until we get the static or chrooted nspawn working. I tested it on ubuntu and it works fine after that.

philips · 2014-12-01T22:39:38Z

@thebyrd To be very specific simply: sudo apt-get install libseccomp2

thebyrd · 2014-12-01T22:41:16Z

Thx

Move the pid logic back to stage1/rootfs/enter/enter.c (revert part of rkt#826), so the pid logic is an implementation detail of stage1, as it does not appear in Documentation/devel/stage1-implementors-guide.md See rkt#910 and rkt#826 Tests: there are no functional tests to check that the race in rkt#826 is correctly fixed. However, I tested manually in the following way: * Test rkt#1: 1. Start a pod: sudo bin/rkt --debug --insecure-skip-verify run --interactive docker://busybox 2. Pretend that rkt is slow and the ppid file is not yet written: cd /var/lib/rkt/pods/run/$uuid && mv ppid ppid-disabled 3. Enter the pod: sudo bin/rkt enter abbc9f3d /bin/sh 4. Notice that the enter command is waiting (without taking much cpu) 5. Pretend that rkt finished its job: cd /var/lib/rkt/pods/run/$uuid && mv ppid-disabled ppid 6. Notice that the enter command succeeds * Test rkt#2: 1. Repeat steps 1-4 from test rkt#1 2. Stop the pod: ^]^]^] 3. Notice that the enter command stops too * Test rkt#3: 1. patch stage1/init/init.go: + ioutil.WriteFile("/tmp/rkt-waiting", []byte(""), 0644) + for { + if _, err := os.Stat("/tmp/rkt-waiting"); os.IsNotExist(err) { + break + } + time.Sleep(100 * time.Millisecond) + } 2. Start a pod 3. Enter the pod 4. Notice that the enter command is waiting (without taking much cpu) 5. Let nspawn start: rm /tmp/rkt-waiting 6. Notice that the enter command succeeds

Move the pid logic back to stage1/rootfs/enter/enter.c (revert part of rkt#826), so the pid logic is an implementation detail of stage1, as it does not appear in Documentation/devel/stage1-implementors-guide.md Some stage1 might not have pid: stage1 based on virtual machines. See rkt#910 and rkt#826 Tests: there are no functional tests to check that the race in rkt#826 is correctly fixed. However, I tested manually in the following way: * Test rkt#1: 1. Start a pod: sudo bin/rkt --debug --insecure-skip-verify run --interactive docker://busybox 2. Pretend that rkt is slow and the ppid file is not yet written: cd /var/lib/rkt/pods/run/$uuid && mv ppid ppid-disabled 3. Enter the pod: sudo bin/rkt enter abbc9f3d /bin/sh 4. Notice that the enter command is waiting (without taking much cpu) 5. Pretend that rkt finished its job: cd /var/lib/rkt/pods/run/$uuid && mv ppid-disabled ppid 6. Notice that the enter command succeeds * Test rkt#2: 1. Repeat steps 1-4 from test rkt#1 2. Stop the pod: ^]^]^] 3. Notice that the enter command stops too FIXME: does not work yet * Test rkt#3: 1. patch stage1/init/init.go: + ioutil.WriteFile("/tmp/rkt-waiting", []byte(""), 0644) + for { + if _, err := os.Stat("/tmp/rkt-waiting"); os.IsNotExist(err) { + break + } + time.Sleep(100 * time.Millisecond) + } 2. Start a pod 3. Enter the pod 4. Notice that the enter command is waiting (without taking much cpu) 5. Let nspawn start: rm /tmp/rkt-waiting 6. Notice that the enter command succeeds

Move the pid logic back to stage1/rootfs/enter/enter.c (revert part of rkt#826), so the pid logic is an implementation detail of stage1, as it does not appear in Documentation/devel/stage1-implementors-guide.md Some stage1 might not have pid: stage1 based on virtual machines. See rkt#910 and rkt#826. Tests: there are no functional tests to check that the race in rkt#826 is correctly fixed. However, I tested manually in the following way: * Test #1: 1. Start a pod: sudo bin/rkt --debug --insecure-skip-verify run --interactive docker://busybox 2. Pretend that rkt is slow and the ppid file is not yet written: cd /var/lib/rkt/pods/run/$uuid && mv ppid ppid-disabled 3. Enter the pod: sudo bin/rkt enter abbc9f3d /bin/sh 4. Notice that the enter command is waiting (without taking much cpu) 5. Pretend that rkt finished its job: cd /var/lib/rkt/pods/run/$uuid && mv ppid-disabled ppid 6. Notice that the enter command succeeds * Test rkt#2: 1. Repeat steps 1-4 from test #1 2. Stop the pod: ^]^]^] 3. Notice that the enter command stops too FIXME: does not work yet * Test rkt#3: 1. patch stage1/init/init.go: + ioutil.WriteFile("/tmp/rkt-waiting", []byte(""), 0644) + for { + if _, err := os.Stat("/tmp/rkt-waiting"); os.IsNotExist(err) { + break + } + time.Sleep(100 * time.Millisecond) + } 2. Start a pod 3. Enter the pod 4. Notice that the enter command is waiting (without taking much cpu) 5. Let nspawn start: rm /tmp/rkt-waiting 6. Notice that the enter command succeeds

philips added the core label Nov 12, 2014

philips added this to the MVP milestone Nov 12, 2014

philips closed this as completed Nov 26, 2014

philips added a commit that referenced this issue Dec 1, 2014

Merge pull request #1 from bcwaldon/fix-case

c7aef5f

fix(CONTRIBUTING.md): Fix title case

bitshark mentioned this issue Jul 2, 2015

*: build with old glibc so rkt runs on CentOS 6? #1063

Open

joshix mentioned this issue Jan 11, 2016

stage1-implementors-guide.md: Add filesystem layout assumptions. #1832

Merged

trusch mentioned this issue Mar 8, 2016

rkt 1.0 not working when /var/lib/rkt is on btrfs #2175

Closed

pskrzyns mentioned this issue Apr 20, 2016

Volume mounting witk rkt-kvm doesn't work #2469

Closed

Shashwatsh mentioned this issue Jun 24, 2017

warning: resource/memory isolator set but support disabled in the kernel, skipping #3728

Closed

This was referenced Jul 1, 2017

glide update: Could not find /root/work/src/github.com/rkt/rkt/api/v1alpha #3734

Closed

--net=containers:IP=192.168.0.1 not working! #3735

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

rkt: initial run working #1

rkt: initial run working #1

philips commented Nov 12, 2014

philips commented Nov 26, 2014

thebyrd commented Dec 1, 2014

thebyrd commented Dec 1, 2014

jonboulle commented Dec 1, 2014

thebyrd commented Dec 1, 2014

philips commented Dec 1, 2014

philips commented Dec 1, 2014

thebyrd commented Dec 1, 2014

rkt: initial run working #1

rkt: initial run working #1

Comments

philips commented Nov 12, 2014

philips commented Nov 26, 2014

thebyrd commented Dec 1, 2014

thebyrd commented Dec 1, 2014

jonboulle commented Dec 1, 2014

thebyrd commented Dec 1, 2014

philips commented Dec 1, 2014

philips commented Dec 1, 2014

thebyrd commented Dec 1, 2014