diff --git a/.github/workflows/ci-vm.yml b/.github/workflows/ci-vm.yml deleted file mode 100644 index 74d94ed..0000000 --- a/.github/workflows/ci-vm.yml +++ /dev/null @@ -1,63 +0,0 @@ -# based on https://github.com/ruzickap/ansible-my_workstation/blob/main/.github/workflows/fedora.yml - -name: CI in Virtualbox (slow) -on: - push: - branches: - - main - paths: - - 'Vagrantfile' - - '.github/workflows/ci-vm.yml' - - '.playbook.yaml' - - 'git-repos.txt' - - 'vm-resources/**' - workflow_dispatch: - inputs: - uploadVmImage: - description: 'Upload image of the built vm' - required: true - default: 'false' - -env: - VAGRANT_DEFAULT_PROVIDER: virtualbox - -jobs: - virtualbox: - runs-on: macos-12 - timeout-minutes: 100 - steps: - - uses: actions/checkout@v3 - - - name: Start VM to build tools from source - run: | - vagrant up || ( vagrant destroy --force && vagrant up ) - - - name: Check systemd version - run: vagrant ssh --command "systemctl --version" - - - name: Check systemd status - run: vagrant ssh --command "systemctl status" - - - name: Check version of built tools - run: vagrant ssh --command "bash test-scripts/versions.sh" - - - name: Check basic podman functionality - run: vagrant ssh --command "bash test-scripts/podman.sh" - - - name: Check basic skopeo functionality - run: vagrant ssh --command "bash test-scripts/skopeo.sh" - - - name: Run pytest tests - run: | - vagrant ssh --command "cd ~/test-scripts/ && pytest -sv" - - - name: Package VM - run: | - vagrant package --debug --no-tty --output containers-lab.box --info info.json - - run: ls -la - - - uses: actions/upload-artifact@v3 - if: github.event.inputs.uploadVmImage - with: - name: containers-lab-vagrant-box - path: containers-lab.box diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 14a4140..34e62a6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,9 +2,9 @@ name: CI in Docker (fast, no full system-access) on: push: paths-ignore: - - '**.md' - - '.github/workflows/ci-vm.yml' - - 'vm-resources/**' + - "**.md" + - ".github/workflows/ci-vm.yml" + - "vm-resources/**" workflow_dispatch: jobs: diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml index af1eb86..5939ef5 100644 --- a/.github/workflows/update.yml +++ b/.github/workflows/update.yml @@ -3,7 +3,7 @@ on: workflow_dispatch: schedule: # At 07:00 UTC on Sunday - - cron: '0 7 * * 0' + - cron: "0 7 * * 0" jobs: build: runs-on: ubuntu-latest @@ -11,4 +11,4 @@ jobs: - uses: actions/checkout@v3 - run: python3 update-forks.py env: - GITHUB_TOKEN: ${{ secrets.PAT }} \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.PAT }} diff --git a/.gitignore b/.gitignore index ef919d0..ed8ebf5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1 @@ -.vagrant -code -package.box -containers-lab*.box __pycache__ \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..c0e4511 --- /dev/null +++ b/Makefile @@ -0,0 +1,20 @@ +build: + cat container-lab.yaml | limactl create --name=container-lab-vm - + +start: + limactl start container-lab-vm + +shell: + limactl shell container-lab-vm + +stop: + limactl stop container-lab-vm + +delete: + limactl delete container-lab-vm + +playbook: + ansible-playbook -v --inventory "localhost," --connection=local playbook.yaml + cp vm-resources/container-socket.service /etc/systemd/system/container-socket.service + systemctl enable container-socket.service + systemctl start container-socket.service \ No newline at end of file diff --git a/README.md b/README.md index 0a44121..1529302 100644 --- a/README.md +++ b/README.md @@ -51,10 +51,27 @@ Layering, Builder Pattern, Multi-Arch builds ## Playground Environment -[`Vagrantfile`](./Vagrantfile) provides a reproducible development environment built via [an Ansible playbook](./playbook.yaml). +[`container-lab.yaml`](./container-lab.yaml) provides a reproducible development environment built via [an Ansible playbook](./playbook.yaml). So far there is not much to see there, but the vision is to produce an environment with all needs to tinker with container software, to change it and to learn about it. +It's built using [lima](https://github.com/lima-vm/lima/). +The `Makefile` has some shortcuts for using it. + +This can be used with the [ssh remote plugin for vs code](https://code.visualstudio.com/docs/remote/ssh) to work with the repos inside the vm. + +Configuration for vs code ssh remote plugin: + +You need a local ssh key for this. + +Run the following command to allow easy access: + +``` +echo "Include ${LIMA_HOME:-$HOME/.lima}/container-lab-vm/ssh.config" >> ~/.ssh/config +``` + +After this you can connect to the host `lima-container-lab-vm`. + ## Talks [Containers at Facebook - Lindsay Salisbury](https://youtu.be/_Qc9jBk18w8) diff --git a/Vagrantfile b/Vagrantfile deleted file mode 100644 index 755f64c..0000000 --- a/Vagrantfile +++ /dev/null @@ -1,38 +0,0 @@ -Vagrant.configure(2) do |config| - config.vm.box = "generic/ubuntu2210" - - config.vm.synced_folder ".", "/vagrant", disabled: false - - config.vm.provider 'libvirt' do |provider| - provider.memory = 4096 - provider.cpus = 8 - end - - config.vm.provider "virtualbox" do |provider| - provider.memory = 4096 - provider.cpus = 8 - end - - config.vm.provision "ansible_local" do |ansible| - ansible.playbook = "playbook.yaml" - ansible.compatibility_mode = "2.0" - ansible.raw_arguments = [ - '-vv' - ] - end - - # Install non-container related convinience tools to the vm - config.vm.provision "shell", inline: "apt-get install -yqq jq" - - config.vm.provision "file", source: "vm-resources", destination: "/home/vagrant" - config.vm.provision "shell", inline: "cp container-socket.service /etc/systemd/system/container-socket.service && sudo systemctl enable container-socket.service" - - # Pytest for running tests - config.vm.provision "shell", inline: "DEBIAN_FRONTEND=noninteractive apt-get -yqq install python3-pip && pip --no-input install pytest" - - config.vm.provision :shell do |shell| - shell.privileged = true - shell.inline = 'echo rebooting after provisioning' - shell.reboot = true - end -end \ No newline at end of file diff --git a/container-lab.yaml b/container-lab.yaml new file mode 100644 index 0000000..80152c6 --- /dev/null +++ b/container-lab.yaml @@ -0,0 +1,40 @@ +# SPDX-FileCopyrightText: Florian Wilhelm +# SPDX-License-Identifier: Apache-2.0 + +# Based on the examples by Akihiro Suda and the lima contributors, see https://github.com/lima-vm/lima, distributed under Apache-2.0 license + +images: +- location: "https://cloud.debian.org/images/cloud/trixie/daily/latest/debian-13-genericcloud-amd64-daily.qcow2" + arch: "x86_64" +- location: "https://cloud.debian.org/images/cloud/trixie/daily/latest/debian-13-genericcloud-arm64-daily.qcow2" + arch: "aarch64" + +mounts: +- location: "~" +- location: "/tmp/lima" + writable: true + +provision: +- mode: system + script: | + #!/bin/bash + set -eux -o pipefail + export DEBIAN_FRONTEND=noninteractive + apt-get update + apt-get -y install git jq python3-pip python-is-python3 ansible python3-pytest + +- mode: user + script: | + #!/bin/bash + set -eux -o pipefail + + curl https://raw.githubusercontent.com/fwilhe2/lima-vms/main/provision.sh | bash + mkdir -p code; cd code + +ssh: + localPort: 44444 + loadDotSSHPubKeys: true + +containerd: + system: false + user: false \ No newline at end of file diff --git a/export-vm-snapshot.sh b/export-vm-snapshot.sh deleted file mode 100755 index 4c308e6..0000000 --- a/export-vm-snapshot.sh +++ /dev/null @@ -1 +0,0 @@ -vagrant package --debug --no-tty --output containers-lab-$(date +%Y-%m-%d-%H-%M).box --info info.json \ No newline at end of file diff --git a/git-repos.txt b/git-repos.txt index ef732d7..e356c19 100644 --- a/git-repos.txt +++ b/git-repos.txt @@ -8,9 +8,11 @@ https://github.com/fwilhe-containers/crun https://github.com/fwilhe-containers/ctop https://github.com/fwilhe-containers/gvisor https://github.com/fwilhe-containers/ignite +https://github.com/fwilhe-containers/incus https://github.com/fwilhe-containers/nodejs-container-image-builder https://github.com/fwilhe-containers/plugins https://github.com/fwilhe-containers/podman +https://github.com/fwilhe-containers/Quark https://github.com/fwilhe-containers/rootlesskit https://github.com/fwilhe-containers/runc https://github.com/fwilhe-containers/skopeo diff --git a/info.json b/info.json deleted file mode 100644 index f481048..0000000 --- a/info.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "author": "Florian Wilhelm (@fwilhe)", - "info": "Environment for playing with linux containers, contains various open source repos with source code and binaries. Code is built from the forks at https://github.com/fwilhe-containers.", - "source-repo": "https://github.com/fwilhe2/containers-knowledge-base/" -} \ No newline at end of file diff --git a/playbook.yaml b/playbook.yaml index 39c36ab..937d2b7 100644 --- a/playbook.yaml +++ b/playbook.yaml @@ -5,61 +5,12 @@ home: "{{ lookup('env', 'HOME') }}" tasks: - - name: Create ~/code Directory - file: - path: "{{ home }}/code" - state: directory - mode: "750" - - name: Clone container-related git repos ansible.builtin.git: - repo: "{{ item }}" - dest: '{{ home }}/code/{{ item | urlsplit("path") }}' - depth: 1 + repo: "https://github.com/fwilhe-containers/code" + dest: '{{ home }}/code/' + recursive: true tags: containers - loop: "{{ lookup('file', 'git-repos.txt').splitlines() }}" - - - name: Add source repository into sources list - ansible.builtin.apt_repository: - repo: deb-src https://mirrors.kernel.org/ubuntu/ jammy main restricted - state: present - become: true - - - name: Install systemd build dependencies - apt: - state: build-dep - name: systemd - become: true - when: ansible_os_family == 'Debian' - - - name: Create systemd/build Directory - file: - path: "{{ home }}/code/fwilhe-containers/systemd/build" - state: directory - mode: "750" - - - name: Create systemd/build Directory - file: - path: "{{ home }}/code/fwilhe-containers/systemd/destdir" - state: directory - mode: "750" - - - name: configue systemd - ansible.builtin.shell: meson build - args: - chdir: "{{ home }}/code/fwilhe-containers/systemd" - - - name: Build systemd - community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/systemd" - - - name: Install systemd - become: true - community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/systemd" - target: install - params: - DESTDIR: "/" - name: Install build dependencies for runc apt: @@ -97,7 +48,7 @@ - name: Build container-image community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/container-image" + chdir: "{{ home }}/code/container-image" - name: Install build dependencies for skopeo apt: @@ -160,66 +111,66 @@ - name: Build runc community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/runc" + chdir: "{{ home }}/code/runc" - name: Install runc become: true community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/runc" + chdir: "{{ home }}/code/runc" target: install - name: configue crun ansible.builtin.shell: ./autogen.sh && ./configure args: - chdir: "{{ home }}/code/fwilhe-containers/crun" + chdir: "{{ home }}/code/crun" - name: Build crun community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/crun" + chdir: "{{ home }}/code/crun" - name: Install crun become: true community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/crun" + chdir: "{{ home }}/code/crun" target: install - name: configue bubblewrap ansible.builtin.shell: ./autogen.sh args: - chdir: "{{ home }}/code/fwilhe-containers/bubblewrap" + chdir: "{{ home }}/code/bubblewrap" - name: Build bubblewrap community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/bubblewrap" + chdir: "{{ home }}/code/bubblewrap" - name: Install bubblewrap become: true community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/bubblewrap" + chdir: "{{ home }}/code/bubblewrap" target: install - name: Build ignite community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/ignite" + chdir: "{{ home }}/code/ignite" target: ignite params: GO_MAKE_TARGET: local - name: Install ignite community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/ignite" + chdir: "{{ home }}/code/ignite" target: install params: GO_MAKE_TARGET: local - name: Build containerd community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/containerd" + chdir: "{{ home }}/code/containerd" - name: Build CNI plugins ansible.builtin.shell: ./build_linux.sh args: - chdir: "{{ home }}/code/fwilhe-containers/plugins" + chdir: "{{ home }}/code/plugins" - name: Create /usr/local/libexec/cni Directory become: true @@ -232,83 +183,52 @@ become: true ansible.builtin.shell: cp bin/* /usr/local/libexec/cni args: - chdir: "{{ home }}/code/fwilhe-containers/plugins" + chdir: "{{ home }}/code/plugins" - name: Install containerd become: true community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/containerd" + chdir: "{{ home }}/code/containerd" target: install - # - name: Build docker cli - # community.general.make: - # chdir: ~/code/docker/cli - # target: binary - - name: Build skopeo community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/skopeo" + chdir: "{{ home }}/code/skopeo" - name: Install skopeo become: true community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/skopeo" + chdir: "{{ home }}/code/skopeo" target: install - - name: Install build dependencies for gvisor - apt: - state: present - name: "{{ item }}" - loop: - - clang - - gcc-aarch64-linux-gnu - - g++ - - - name: Download bazel to build gvisor - become: true - get_url: - url: https://releases.bazel.build/6.1.1/release/bazel-6.1.1-linux-x86_64 - dest: /usr/local/bin/bazel - mode: "0777" - - - name: Build gvisor - ansible.builtin.shell: - cmd: bazel build -c opt //debian:debian - chdir: "{{ home }}/code/fwilhe-containers/gvisor" - - - name: install the runsc binary - become: true - ansible.builtin.apt: - deb: "{{ home }}/code/fwilhe-containers/gvisor/bazel-bin/debian/debian.deb" - - name: Build cri-o community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/cri-o" + chdir: "{{ home }}/code/cri-o" - name: Install cri-o become: true community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/cri-o" + chdir: "{{ home }}/code/cri-o" target: install - name: Build conmon community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/conmon" + chdir: "{{ home }}/code/conmon" - name: Install conmon become: true community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/conmon" + chdir: "{{ home }}/code/conmon" target: install - name: Build rootlesskit community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/rootlesskit" + chdir: "{{ home }}/code/rootlesskit" - name: Install rootlesskit become: true community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/rootlesskit" + chdir: "{{ home }}/code/rootlesskit" target: install - name: Install build dependencies for slirp4netns @@ -326,35 +246,35 @@ - name: configue slirp4netns ansible.builtin.shell: ./autogen.sh && ./configure --prefix=/usr args: - chdir: "{{ home }}/code/fwilhe-containers/slirp4netns" + chdir: "{{ home }}/code/slirp4netns" - name: Build slirp4netns for rootless networking in podman community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/slirp4netns" + chdir: "{{ home }}/code/slirp4netns" - name: Install slirp4netns become: true community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/slirp4netns" + chdir: "{{ home }}/code/slirp4netns" target: install - name: Build ctop community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/ctop" + chdir: "{{ home }}/code/ctop" target: build - name: Build ctop become: true ansible.builtin.shell: cmd: cp ctop /usr/local/bin - chdir: "{{ home }}/code/fwilhe-containers/ctop" + chdir: "{{ home }}/code/ctop" - name: Build podman community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/podman" + chdir: "{{ home }}/code/podman" - name: Install podman become: true community.general.make: - chdir: "{{ home }}/code/fwilhe-containers/podman" + chdir: "{{ home }}/code/podman" target: install diff --git a/scratch.txt b/scratch.txt new file mode 100644 index 0000000..57e6d95 --- /dev/null +++ b/scratch.txt @@ -0,0 +1,3 @@ +ansible-playbook --connection=local --inventory 127.0.0.1, playbook.yaml + +ssh lima-container-lab-vm \ No newline at end of file diff --git a/vm-resources/container-socket.service b/vm-resources/container-socket.service index 3e94eeb..b0f31fb 100644 --- a/vm-resources/container-socket.service +++ b/vm-resources/container-socket.service @@ -7,8 +7,8 @@ StartLimitIntervalSec=0 Type=simple Restart=always RestartSec=1 -User=vagrant -ExecStart=nc -lkU /home/vagrant/code/fwilhe-containers/container-image/mySocket.sock +User=florian +ExecStart=nc -lkU /tmp/mySocket.sock [Install] WantedBy=multi-user.target diff --git a/vm-resources/test-scripts/test_crun.py b/vm-resources/test-scripts/test_crun.py index 730a25f..2f0ffd7 100644 --- a/vm-resources/test-scripts/test_crun.py +++ b/vm-resources/test-scripts/test_crun.py @@ -6,7 +6,7 @@ def crun(args): command = ["crun"] + args print(command) - output = subprocess.run(command, capture_output=True, cwd=abspath(expanduser('~/code/fwilhe-containers/container-image'))) + output = subprocess.run(command, capture_output=True, cwd=abspath(expanduser('~/code/container-image'))) stdout = output.stdout.decode("utf-8").rstrip() stderr = output.stderr.decode("utf-8").rstrip() return (stdout, stderr) @@ -17,7 +17,7 @@ def test_crun_container_lifecycle(): assert len(parsed_stdout) == 0 assert stderr == "" - stdout, stderr = crun(['create', '--console-socket=mySocket.sock', 'myContainer']) + stdout, stderr = crun(['create', '--console-socket=/tmp/mySocket.sock', 'myContainer']) assert stdout == "" assert stderr == "" diff --git a/vm-resources/test-scripts/test_tools_installed.py b/vm-resources/test-scripts/test_tools_installed.py index 7618477..6f6f61a 100644 --- a/vm-resources/test-scripts/test_tools_installed.py +++ b/vm-resources/test-scripts/test_tools_installed.py @@ -21,7 +21,6 @@ def run_command(command): ('podman info', 0), ('rootlesskit --version', 0), ('runc --version', 0), - ('runsc --version', 0), ('skopeo --version', 0), ]) def test_crun_container_lifecycle(command, expected):