From 4069c399499f53249768653afefd50d7db97da68 Mon Sep 17 00:00:00 2001 From: Chris Guest Date: Wed, 22 Feb 2023 23:03:06 +0000 Subject: [PATCH 01/13] Play with containerd --- 90_containerd/README.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 90_containerd/README.md diff --git a/90_containerd/README.md b/90_containerd/README.md new file mode 100644 index 0000000..8ded1e2 --- /dev/null +++ b/90_containerd/README.md @@ -0,0 +1,22 @@ +# CONTAINERD + +TODO: + +* dive does not work with containerd? + +## nerdctl + +```sh +brew install nerdctl +``` + +## Resources + +https://www.mankier.com/8/ctr + +https://github.com/containerd/containerd/blob/main/docs/getting-started.md + +https://github.com/opencontainers/runc/releases + + +https://iximiuz.com/en/posts/containerd-command-line-clients/ From 71eac8a6647d3a9fabb71ede52ffbda3139e9564 Mon Sep 17 00:00:00 2001 From: Chris Guest Date: Wed, 29 Mar 2023 19:45:11 +0100 Subject: [PATCH 02/13] Looking at containerd --- 90_containerd/README.md | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/90_containerd/README.md b/90_containerd/README.md index 8ded1e2..f616893 100644 --- a/90_containerd/README.md +++ b/90_containerd/README.md @@ -1,22 +1,40 @@ # CONTAINERD +Demonstrate how to use `dontainerd` + TODO: -* dive does not work with containerd? +* dive does not work with containerd. Why is this? +* -## nerdctl +## Install Docker Desktop + +On MacOS Docker Desktop it is possible to set docker to use containerd as the default backend. + +## Install Ubuntu ```sh -brew install nerdctl -``` +# install docker prereqs +sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -## Resources +# check containerd is running +sudo systemctl status containerd -https://www.mankier.com/8/ctr +# ctr will be installed +ctr +ctr plugins ls +``` -https://github.com/containerd/containerd/blob/main/docs/getting-started.md +## nerdctl -https://github.com/opencontainers/runc/releases +```sh +brew install nerdctl +``` +## Resources -https://iximiuz.com/en/posts/containerd-command-line-clients/ +* ctr - Man Page [here](https://www.mankier.com/8/ctr) +* nerdctl: Docker-compatible CLI for containerd [here](https://github.com/containerd/nerdctl) +* Getting started with containerd [here](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) +* runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. [here](https://github.com/opencontainers/runc) +* Why and How to Use containerd From Command Line [here](https://iximiuz.com/en/posts/containerd-command-line-clients/) From fecc297df9fc58aa9427b7dce8ba119843f34ea3 Mon Sep 17 00:00:00 2001 From: Chris Guest Date: Thu, 30 Mar 2023 00:14:24 +0100 Subject: [PATCH 03/13] Add some containerd findings. --- 90_containerd/README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/90_containerd/README.md b/90_containerd/README.md index f616893..58e3f55 100644 --- a/90_containerd/README.md +++ b/90_containerd/README.md @@ -23,11 +23,34 @@ sudo systemctl status containerd # ctr will be installed ctr ctr plugins ls + + +# run nginx +docker run -d -p 8080:80 nginx + +# docker +docker ps +# runc +runc list +# containerd +sudo ctr containers ls +sudo ctr namespaces ls +sudo ctr --namespace moby containers ls +sudo ctr --namespace moby containers info 0a5ef6d3a499e420c00692ac04cfe84fbc5f1d96ebde8bf4765c0f5f3c9088dd + + +sudo /home/linuxbrew/.linuxbrew/bin/nerdctl ps + +dockerd --help + +# it looks like it is running containerd sock +ps -aux | grep dockerd ``` ## nerdctl ```sh +# on linux or mac brew install nerdctl ``` @@ -38,3 +61,6 @@ brew install nerdctl * Getting started with containerd [here](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) * runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. [here](https://github.com/opencontainers/runc) * Why and How to Use containerd From Command Line [here](https://iximiuz.com/en/posts/containerd-command-line-clients/) +* Extending Docker’s Integration with containerd [here](https://www.docker.com/blog/extending-docker-integration-with-containerd/) + +https://docs.docker.com/engine/reference/commandline/dockerd/ \ No newline at end of file From 10a876b10322b5e0911053fe1c1d67a26e146a6d Mon Sep 17 00:00:00 2001 From: Chris Guest Date: Thu, 30 Mar 2023 00:42:09 +0100 Subject: [PATCH 04/13] Update notes --- 87_lazy_pulling/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/87_lazy_pulling/README.md b/87_lazy_pulling/README.md index bb4759f..165ba2b 100644 --- a/87_lazy_pulling/README.md +++ b/87_lazy_pulling/README.md @@ -8,6 +8,7 @@ TODO: * nerdctl * does slim ai use it? * Test time to pull and run from registry. +* NOTE: This does not work on linux - even using containerd. ## Reason From 1bf7805c460e74b1cabb53a3cc1a1bc09505a6f7 Mon Sep 17 00:00:00 2001 From: Chris Guest Date: Tue, 4 Apr 2023 09:32:42 +0100 Subject: [PATCH 05/13] Update some links to investigate --- 90_containerd/README.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/90_containerd/README.md b/90_containerd/README.md index 58e3f55..ef20b75 100644 --- a/90_containerd/README.md +++ b/90_containerd/README.md @@ -1,11 +1,15 @@ # CONTAINERD -Demonstrate how to use `dontainerd` +Demonstrate how to use `containerd` TODO: * dive does not work with containerd. Why is this? -* +* Get Estargz compression working on linux +https://www.usenix.org/system/files/conference/fast16/fast16-papers-harter.pdf +https://link.medium.com/Jl8qGEQPGyb +https://github.com/containerd/stargz-snapshotter/issues/258 +* https://github.com/containerd/stargz-snapshotter/blob/main/docs/ctr-remote.md ## Install Docker Desktop From 147381e5677283baf66169cae74d3dd1b7729718 Mon Sep 17 00:00:00 2001 From: Chris Guest Date: Fri, 7 Apr 2023 21:43:06 +0100 Subject: [PATCH 06/13] Trying to configure estargz plugin --- 90_containerd/.gitignore | 1 + 90_containerd/README.md | 102 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 90_containerd/.gitignore diff --git a/90_containerd/.gitignore b/90_containerd/.gitignore new file mode 100644 index 0000000..10d00b5 --- /dev/null +++ b/90_containerd/.gitignore @@ -0,0 +1 @@ +*.gz diff --git a/90_containerd/README.md b/90_containerd/README.md index ef20b75..bc2aef6 100644 --- a/90_containerd/README.md +++ b/90_containerd/README.md @@ -4,12 +4,23 @@ Demonstrate how to use `containerd` TODO: +* firecracker can be containerd plugin * dive does not work with containerd. Why is this? * Get Estargz compression working on linux https://www.usenix.org/system/files/conference/fast16/fast16-papers-harter.pdf https://link.medium.com/Jl8qGEQPGyb https://github.com/containerd/stargz-snapshotter/issues/258 * https://github.com/containerd/stargz-snapshotter/blob/main/docs/ctr-remote.md +* https://github.com/containerd/containerd/blob/main/docs/rootless.md + + +https://github.com/containerd/stargz-snapshotter/blob/main/docs/INSTALL.md +Checked vendor/modules.txt to see what version was included +https://github.com/moby/moby/tree/219f21bf07502b447095649b5a2764661737f164 + +https://github.com/containerd/stargz-snapshotter/blob/main/docs/overview.md + +https://manpages.ubuntu.com/manpages/jammy/man8/mount.fuse.8.html ## Install Docker Desktop @@ -25,6 +36,8 @@ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin sudo systemctl status containerd # ctr will be installed +sudo ctr version + ctr ctr plugins ls @@ -51,6 +64,87 @@ dockerd --help ps -aux | grep dockerd ``` +## Configuration + +```sh +cat /etc/docker/daemon.json +cat /etc/containerd/config.toml + + + +``` + + +## Plugins + +Instructions for installing estargz snapshotter [here](https://github.com/containerd/stargz-snapshotter/blob/main/docs/INSTALL.md) +https://github.com/containerd/stargz-snapshotter/blob/main/script/config/etc/containerd/config.toml + +```sh +sudo nano /etc/docker/daemon.json +sudo nano /etc/containerd/config.toml +``` + +```sh +version=v0.14.3 +arch=amd64 +# GET THE CORRECT SYNTAX +# curl -l -o stargz-snapshotter-${version}-linux-${arch}.tar.gz https://github.com/containerd/stargz-snapshotter/releases/download/${version}/stargz-snapshotter-${version}-linux-${arch}.tar.gz + +sudo -s + +tar -C /usr/local/bin -xvf stargz-snapshotter-${version}-linux-${arch}.tar.gz containerd-stargz-grpc ctr-remote +wget -O /etc/systemd/system/stargz-snapshotter.service https://raw.githubusercontent.com/containerd/stargz-snapshotter/${version}/script/config/etc/systemd/system/stargz-snapshotter.service +systemctl enable --now stargz-snapshotter +systemctl restart containerd +systemctl restart docker + +``` +https://github.com/containerd/stargz-snapshotter/releases + + +```ini +[Unit] +Description=stargz snapshotter +After=network.target +Before=containerd.service + +[Service] +Type=notify +Environment=HOME=/root +ExecStart=/usr/local/bin/containerd-stargz-grpc --log-level=debug --config=/etc/containerd-stargz-grpc/config.toml +Restart=always +RestartSec=1 + +[Install] +WantedBy=multi-user.target +``` + +```toml +# explicitly use v2 config format +version = 2 + +# - Set default runtime handler to v2, which has a per-pod shim +# - Enable to use stargz snapshotter +[plugins."io.containerd.grpc.v1.cri".containerd] + default_runtime_name = "runc" + snapshotter = "stargz" + disable_snapshot_annotations = false +[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + runtime_type = "io.containerd.runc.v2" + +# Setup a runtime with the magic name ("test-handler") used for Kubernetes +# runtime class tests ... +[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.test-handler] + runtime_type = "io.containerd.runc.v2" + +# Use stargz snapshotter +[proxy_plugins] + [proxy_plugins.stargz] + type = "snapshot" + address = "/run/containerd-stargz-grpc/containerd-stargz-grpc.sock" +``` + ## nerdctl ```sh @@ -67,4 +161,10 @@ brew install nerdctl * Why and How to Use containerd From Command Line [here](https://iximiuz.com/en/posts/containerd-command-line-clients/) * Extending Docker’s Integration with containerd [here](https://www.docker.com/blog/extending-docker-integration-with-containerd/) -https://docs.docker.com/engine/reference/commandline/dockerd/ \ No newline at end of file +https://docs.docker.com/engine/reference/commandline/dockerd/ + +https://medium.com/nttlabs/startup-containers-in-lightning-speed-with-lazy-image-distribution-on-containerd-243d94522361 + +https://www.tutorialworks.com/difference-docker-containerd-runc-crio-oci/?utm_content=cmp-true + +https://docs.docker.com/engine/install/linux-postinstall/ \ No newline at end of file From 1e17d67ea834b010f21a45299e0f6c96ded4597b Mon Sep 17 00:00:00 2001 From: Chris Guest Date: Fri, 7 Apr 2023 22:10:37 +0100 Subject: [PATCH 07/13] Updating containerd examples --- 87_lazy_pulling/README.md | 2 +- 90_containerd/README.md | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/87_lazy_pulling/README.md b/87_lazy_pulling/README.md index 165ba2b..2775016 100644 --- a/87_lazy_pulling/README.md +++ b/87_lazy_pulling/README.md @@ -53,7 +53,7 @@ export BASEIMAGE=scratch #export BASEIMAGE=gcr.io/distroless/nodejs16-debian11 export IMAGE_NAME_ZSTD=ttl.sh/$(uuidgen):1h export IMAGE_NAME_ZSTD=${IMAGE_NAME_ZSTD:l} -export COMPRESSION_LEVEL=15 +export COMPRESSION_LEVEL=5 docker build --build-arg=baseimage=$BASEIMAGE --build-arg=NIX_FILE=ffmpeg-full.nix --build-arg=PROGRAM_FILE=ffmpeg --progress=plain -f Dockerfile.ffmpeg --target PRODUCTION --output type=image,name=$IMAGE_NAME_ZSTD,oci-mediatypes=true,compression=zstd,compression-level=$COMPRESSION_LEVEL,force-compression=true,push=true . diff --git a/90_containerd/README.md b/90_containerd/README.md index bc2aef6..28bdd47 100644 --- a/90_containerd/README.md +++ b/90_containerd/README.md @@ -83,6 +83,9 @@ https://github.com/containerd/stargz-snapshotter/blob/main/script/config/etc/con ```sh sudo nano /etc/docker/daemon.json sudo nano /etc/containerd/config.toml + +# list plugins +sudo ctr plugins ls ``` ```sh From 32304cf88947deb4b7017ccd69a65423fd4f9ba4 Mon Sep 17 00:00:00 2001 From: Chris Guest Date: Sun, 9 Apr 2023 10:46:40 +0100 Subject: [PATCH 08/13] Troubleshooting stargz mount failure --- 90_containerd/README.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/90_containerd/README.md b/90_containerd/README.md index 28bdd47..62efac1 100644 --- a/90_containerd/README.md +++ b/90_containerd/README.md @@ -69,7 +69,7 @@ ps -aux | grep dockerd ```sh cat /etc/docker/daemon.json cat /etc/containerd/config.toml - +cat /etc/containerd-stargz-grpc/config.toml ``` @@ -148,6 +148,17 @@ version = 2 address = "/run/containerd-stargz-grpc/containerd-stargz-grpc.sock" ``` +journalctl -xeu stargz-snapshotter.service + +sudo /usr/local/bin/containerd-stargz-grpc  0.06     07:52   1.44G  +{"error":"failed to mount overlay: invalid argument","level":"fatal","msg":"snapshotter is not supported","time":"2023-04-08T19:53:06.916442927+01:00"} + +# it seems to create this folder. +sudo ls -la /var/lib/containerd-stargz-grpc/snapshotter + +sudo strace /usr/local/bin/containerd-stargz-grpc + + ## nerdctl ```sh From 0049a5c0977726bab911993539921ecefb5b96b5 Mon Sep 17 00:00:00 2001 From: Chris Guest Date: Sun, 9 Apr 2023 13:05:58 +0100 Subject: [PATCH 09/13] Add containerd.sock to a group to prevent having to be root all the time. --- 87_lazy_pulling/README.md | 1 + 90_containerd/README.md | 12 +++++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/87_lazy_pulling/README.md b/87_lazy_pulling/README.md index 2775016..bca47f9 100644 --- a/87_lazy_pulling/README.md +++ b/87_lazy_pulling/README.md @@ -9,6 +9,7 @@ TODO: * does slim ai use it? * Test time to pull and run from registry. * NOTE: This does not work on linux - even using containerd. +* Check how to get these examples working on ubuntu with containerd ## Reason diff --git a/90_containerd/README.md b/90_containerd/README.md index 62efac1..cf20edf 100644 --- a/90_containerd/README.md +++ b/90_containerd/README.md @@ -6,7 +6,7 @@ TODO: * firecracker can be containerd plugin * dive does not work with containerd. Why is this? -* Get Estargz compression working on linux +* Get Estargz compression working on linux. https://www.usenix.org/system/files/conference/fast16/fast16-papers-harter.pdf https://link.medium.com/Jl8qGEQPGyb https://github.com/containerd/stargz-snapshotter/issues/258 @@ -35,6 +35,16 @@ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin # check containerd is running sudo systemctl status containerd + +sudo groupadd containerd +sudo usermod -a -G containerd $(whoami) +sudo chown :containerd /var/run/containerd/containerd.sock +sudo chmod 660 /var/run/containerd/containerd.sock +sudo ls -l /var/run/containerd/containerd.sock +id +ctr version + + # ctr will be installed sudo ctr version From 2088e9992b7c2d41db54905eed3e1f97f5d4efe5 Mon Sep 17 00:00:00 2001 From: Chris Guest Date: Mon, 17 Apr 2023 00:03:16 +0100 Subject: [PATCH 10/13] Making progress - seems to be a ZFS issue --- 90_containerd/README.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/90_containerd/README.md b/90_containerd/README.md index cf20edf..dbe755b 100644 --- a/90_containerd/README.md +++ b/90_containerd/README.md @@ -163,11 +163,40 @@ journalctl -xeu stargz-snapshotter.service sudo /usr/local/bin/containerd-stargz-grpc  0.06     07:52   1.44G  {"error":"failed to mount overlay: invalid argument","level":"fatal","msg":"snapshotter is not supported","time":"2023-04-08T19:53:06.916442927+01:00"} +overlayfs: upper fs does not support RENAME_WHITEOUT. +overlayfs: upper fs is missing required features. + +# kernel 5.19 +sudo apt-get install --install-recommends linux-generic-hwe-22.04 + + + +https://github.com/canonical/microk8s/issues/1378 + +https://discuss.linuxcontainers.org/t/run-docker-on-lxd-container/11575/7 + +https://discuss.linuxcontainers.org/t/docker-overlay2-on-btrfs-supported/16771 + + + # it seems to create this folder. sudo ls -la /var/lib/containerd-stargz-grpc/snapshotter sudo strace /usr/local/bin/containerd-stargz-grpc +ZFS is sadly quite painful with Docker in Docker and similar scenarios. It might be best to avoid the problem by creating a volume in your ZFS pool, formatting that volume to ext4, and having docker use "overlay2" on top of that, instead of "zfs". + +zfs create -s -V 20GB zroot/docker +mkfs.ext4 /dev/zvol/zroot/docker +# add the mount to /etc/fstab +mount /dev/zvol/zroot/docker /var/lib/docker +The zfs create -s is for sparse volumes. Analogous to thin provisioning on LVM. + +I just finished setting this up and it nicely solves my problems with k3s and also kind. I use these for testing and development, and there the volume should be just fine. + +https://github.com/k3s-io/k3s/issues/66 + + ## nerdctl From 7f710291a702c193b3d6cd3e41f1f174bed31cc7 Mon Sep 17 00:00:00 2001 From: Chris Guest Date: Tue, 2 May 2023 22:57:38 +0100 Subject: [PATCH 11/13] Tidy up a bit. estargz still not working. --- 90_containerd/README.md | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/90_containerd/README.md b/90_containerd/README.md index dbe755b..6d48a26 100644 --- a/90_containerd/README.md +++ b/90_containerd/README.md @@ -35,7 +35,7 @@ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin # check containerd is running sudo systemctl status containerd - +# sort outaa group for using non-root containerd socket sudo groupadd containerd sudo usermod -a -G containerd $(whoami) sudo chown :containerd /var/run/containerd/containerd.sock @@ -44,7 +44,6 @@ sudo ls -l /var/run/containerd/containerd.sock id ctr version - # ctr will be installed sudo ctr version @@ -74,14 +73,18 @@ dockerd --help ps -aux | grep dockerd ``` +## Upgrade to Kernel 5.19 + +```sh +sudo apt-get install --install-recommends linux-generic-hwe-22.04 +``` + ## Configuration ```sh cat /etc/docker/daemon.json cat /etc/containerd/config.toml cat /etc/containerd-stargz-grpc/config.toml - - ``` @@ -98,6 +101,8 @@ sudo nano /etc/containerd/config.toml sudo ctr plugins ls ``` +Goto stargz-snapshotter [releases](https://github.com/containerd/stargz-snapshotter/releases) + ```sh version=v0.14.3 arch=amd64 @@ -111,9 +116,7 @@ wget -O /etc/systemd/system/stargz-snapshotter.service https://raw.githubusercon systemctl enable --now stargz-snapshotter systemctl restart containerd systemctl restart docker - ``` -https://github.com/containerd/stargz-snapshotter/releases ```ini @@ -160,14 +163,14 @@ version = 2 journalctl -xeu stargz-snapshotter.service -sudo /usr/local/bin/containerd-stargz-grpc  0.06     07:52   1.44G  +sudo /usr/local/bin/containerd-stargz-grpc +sudo dmesg + {"error":"failed to mount overlay: invalid argument","level":"fatal","msg":"snapshotter is not supported","time":"2023-04-08T19:53:06.916442927+01:00"} overlayfs: upper fs does not support RENAME_WHITEOUT. overlayfs: upper fs is missing required features. -# kernel 5.19 -sudo apt-get install --install-recommends linux-generic-hwe-22.04 @@ -186,8 +189,14 @@ sudo strace /usr/local/bin/containerd-stargz-grpc ZFS is sadly quite painful with Docker in Docker and similar scenarios. It might be best to avoid the problem by creating a volume in your ZFS pool, formatting that volume to ext4, and having docker use "overlay2" on top of that, instead of "zfs". -zfs create -s -V 20GB zroot/docker -mkfs.ext4 /dev/zvol/zroot/docker +zfs create -s -V 20GB rpool/docker +mkfs.ext4 /dev/zvol/rpool/docker + +mkdir -p /mnt/docker + +sudo mount /dev/zvol/zroot/docker /mnt/docker + + # add the mount to /etc/fstab mount /dev/zvol/zroot/docker /var/lib/docker The zfs create -s is for sparse volumes. Analogous to thin provisioning on LVM. @@ -220,4 +229,9 @@ https://medium.com/nttlabs/startup-containers-in-lightning-speed-with-lazy-image https://www.tutorialworks.com/difference-docker-containerd-runc-crio-oci/?utm_content=cmp-true -https://docs.docker.com/engine/install/linux-postinstall/ \ No newline at end of file +https://docs.docker.com/engine/install/linux-postinstall/ + + +https://github.com/containerd/nerdctl/blob/main/docs/stargz.md + + From 63974dcba298f03a268d177ba3b129c702b93e6b Mon Sep 17 00:00:00 2001 From: Chris Guest Date: Sun, 4 Jun 2023 22:39:31 +0100 Subject: [PATCH 12/13] Update containerd instructions --- 90_containerd/README.md | 14 ++++++++------ TODO.md | 31 ++++++++++++++++--------------- 2 files changed, 24 insertions(+), 21 deletions(-) diff --git a/90_containerd/README.md b/90_containerd/README.md index 6d48a26..beebd5d 100644 --- a/90_containerd/README.md +++ b/90_containerd/README.md @@ -87,7 +87,6 @@ cat /etc/containerd/config.toml cat /etc/containerd-stargz-grpc/config.toml ``` - ## Plugins Instructions for installing estargz snapshotter [here](https://github.com/containerd/stargz-snapshotter/blob/main/docs/INSTALL.md) @@ -104,20 +103,23 @@ sudo ctr plugins ls Goto stargz-snapshotter [releases](https://github.com/containerd/stargz-snapshotter/releases) ```sh +sudo -s + version=v0.14.3 arch=amd64 -# GET THE CORRECT SYNTAX -# curl -l -o stargz-snapshotter-${version}-linux-${arch}.tar.gz https://github.com/containerd/stargz-snapshotter/releases/download/${version}/stargz-snapshotter-${version}-linux-${arch}.tar.gz - -sudo -s +# get plugin +curl -Lo stargz-snapshotter-${version}-linux-${arch}.tar.gz https://github.com/containerd/stargz-snapshotter/releases/download/${version}/stargz-snapshotter-${version}-linux-${arch}.tar.gz tar -C /usr/local/bin -xvf stargz-snapshotter-${version}-linux-${arch}.tar.gz containerd-stargz-grpc ctr-remote -wget -O /etc/systemd/system/stargz-snapshotter.service https://raw.githubusercontent.com/containerd/stargz-snapshotter/${version}/script/config/etc/systemd/system/stargz-snapshotter.service +curl -Lo ./stargz-snapshotter.service https://raw.githubusercontent.com/containerd/stargz-snapshotter/$version/script/config/etc/systemd/system/stargz-snapshotter.service +cp ./stargz-snapshotter.service /etc/systemd/system/stargz-snapshotter.service + systemctl enable --now stargz-snapshotter systemctl restart containerd systemctl restart docker ``` +Example stargz-snapshotter.service ```ini [Unit] diff --git a/TODO.md b/TODO.md index 3e50109..60f4dd1 100644 --- a/TODO.md +++ b/TODO.md @@ -1,19 +1,20 @@ # 📝 TODO -1. pipewire?? -1. cgroups and namespaces -1. Start a cgroup manually using an unpacked container. -1. Can I use a cgroup command inside a container? -1. quay.io and special labels -1. botb - break out the box image https://github.com/brompwnie/botb -1. Show how multistage builds work for testing -1. Demo using cache-from..... Use a timed layer. -1. Use different CAPS_SYS parameters. -1. Build a apt-mirror https://www.tecmint.com/setup-local-repositories-in-ubuntu/ -1. Speed of different file system layers. i.e. If we have a 1000 layers how fast is it to find a file? -1. Diffing using different tools https://docs.docker.com/engine/reference/commandline/diff/ -1. Kaniko. Caching, speed? -2. Docker container escape with docker copy. +1. Use packer to create an image. +2. cgroups and namespaces +3. Start a cgroup manually using an unpacked container. +4. Can I use a cgroup command inside a container? +5. quay.io and special labels +6. botb - break out the box image https://github.com/brompwnie/botb +7. Show how multistage builds work for testing +8. Demo using cache-from..... Use a timed layer. +9. Use different CAPS_SYS parameters. +10. Build a apt-mirror https://www.tecmint.com/setup-local-repositories-in-ubuntu/ +11. Speed of different file system layers. i.e. If we have a 1000 layers how fast is it to find a file? +12. Diffing using different tools https://docs.docker.com/engine/reference/commandline/diff/ +13. Kaniko. Caching, speed? +14. Calculating accurate image sizes - looks like container-diff can output this. +15. Docker container escape with docker copy. https://www.andreafortuna.org/2019/11/26/cve-2019-14271-a-docker-cp-container-escape-vulnerability/ 1. Add procdump to the sidecar 2. mounting volumes and permissions. @@ -35,4 +36,4 @@ https://www.andreafortuna.org/2019/11/26/cve-2019-14271-a-docker-cp-container-es 18. https://github.com/tonistiigi/xx 19. https://pythonspeed.com/articles/podman-buildkit/ 20. https://github.com/reproducible-containers/repro-sources-list.sh -21. https://github.com/containers/toolbox \ No newline at end of file +21. https://github.com/containers/toolbox From f647bc3ae831228b0dd50d66a0736da33140d995 Mon Sep 17 00:00:00 2001 From: Chris Guest Date: Tue, 18 Mar 2025 19:52:17 +0000 Subject: [PATCH 13/13] feat: Update containerd instructions and examples --- 90_containerd/README.md | 37 ++++++++++++------------------------- 90_containerd/flake.lock | 27 +++++++++++++++++++++++++++ 90_containerd/flake.nix | 35 +++++++++++++++++++++++++++++++++++ 90_containerd/justfile | 11 +++++++++++ 4 files changed, 85 insertions(+), 25 deletions(-) create mode 100644 90_containerd/flake.lock create mode 100644 90_containerd/flake.nix create mode 100644 90_containerd/justfile diff --git a/90_containerd/README.md b/90_containerd/README.md index beebd5d..4736d77 100644 --- a/90_containerd/README.md +++ b/90_containerd/README.md @@ -7,20 +7,15 @@ TODO: * firecracker can be containerd plugin * dive does not work with containerd. Why is this? * Get Estargz compression working on linux. -https://www.usenix.org/system/files/conference/fast16/fast16-papers-harter.pdf -https://link.medium.com/Jl8qGEQPGyb -https://github.com/containerd/stargz-snapshotter/issues/258 +* https://www.usenix.org/system/files/conference/fast16/fast16-papers-harter.pdf +* https://link.medium.com/Jl8qGEQPGyb +*https://github.com/containerd/stargz-snapshotter/issues/258 * https://github.com/containerd/stargz-snapshotter/blob/main/docs/ctr-remote.md * https://github.com/containerd/containerd/blob/main/docs/rootless.md - - -https://github.com/containerd/stargz-snapshotter/blob/main/docs/INSTALL.md -Checked vendor/modules.txt to see what version was included -https://github.com/moby/moby/tree/219f21bf07502b447095649b5a2764661737f164 - -https://github.com/containerd/stargz-snapshotter/blob/main/docs/overview.md - -https://manpages.ubuntu.com/manpages/jammy/man8/mount.fuse.8.html +* https://github.com/containerd/stargz-snapshotter/blob/main/docs/INSTALL.md +* Checked vendor/modules.txt to see what version was included https://github.com/moby/moby/tree/219f21bf07502b447095649b5a2764661737f164 +* https://github.com/containerd/stargz-snapshotter/blob/main/docs/overview.md +* https://manpages.ubuntu.com/manpages/jammy/man8/mount.fuse.8.html ## Install Docker Desktop @@ -224,16 +219,8 @@ brew install nerdctl * runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. [here](https://github.com/opencontainers/runc) * Why and How to Use containerd From Command Line [here](https://iximiuz.com/en/posts/containerd-command-line-clients/) * Extending Docker’s Integration with containerd [here](https://www.docker.com/blog/extending-docker-integration-with-containerd/) - -https://docs.docker.com/engine/reference/commandline/dockerd/ - -https://medium.com/nttlabs/startup-containers-in-lightning-speed-with-lazy-image-distribution-on-containerd-243d94522361 - -https://www.tutorialworks.com/difference-docker-containerd-runc-crio-oci/?utm_content=cmp-true - -https://docs.docker.com/engine/install/linux-postinstall/ - - -https://github.com/containerd/nerdctl/blob/main/docs/stargz.md - - +* https://docs.docker.com/engine/reference/commandline/dockerd/ +* https://medium.com/nttlabs/startup-containers-in-lightning-speed-with-lazy-image-distribution-on-containerd-243d94522361 +* https://www.tutorialworks.com/difference-docker-containerd-runc-crio-oci/?utm_content=cmp-true +* https://docs.docker.com/engine/install/linux-postinstall/ +* https://github.com/containerd/nerdctl/blob/main/docs/stargz.md diff --git a/90_containerd/flake.lock b/90_containerd/flake.lock new file mode 100644 index 0000000..f7b02fa --- /dev/null +++ b/90_containerd/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1742069588, + "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/90_containerd/flake.nix b/90_containerd/flake.nix new file mode 100644 index 0000000..fda0f72 --- /dev/null +++ b/90_containerd/flake.nix @@ -0,0 +1,35 @@ +# flake.nix +{ + description = "A flake for working with containerd"; + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + + outputs = {nixpkgs, ...}: let + system = "x86_64-linux"; + # ↑ Swap it for your system if needed + # "aarch64-linux" / "x86_64-darwin" / "aarch64-darwin" + pkgs = nixpkgs.legacyPackages.${system}; + in { + devShells.${system}.default = pkgs.mkShell { + + packages = [ + pkgs.containerd + pkgs.runc + ]; + + env = { + #NIXPKGS_ALLOW_UNFREE=1; + }; + + shellHook = '' + echo "***************************************************" + echo "*** Welcome to containerd" + echo "***************************************************" + echo "" + ctr --version + runc --version + ''; + }; + }; +} diff --git a/90_containerd/justfile b/90_containerd/justfile new file mode 100644 index 0000000..490e1aa --- /dev/null +++ b/90_containerd/justfile @@ -0,0 +1,11 @@ +set dotenv-load := true + +# default lists actions +default: + @just -f example.justfile --list + +nix: + #!/usr/bin/env bash + set -eufo pipefail + nix develop --command zsh +