1. 16 Aug, 2018 1 commit
  2. 15 Aug, 2018 2 commits
  3. 08 Aug, 2018 1 commit
    • David Johnson's avatar
      Add Docker container blockstore support. · 9bf09981
      David Johnson authored
      Docker containers may be (and default to, and in the shared host case,
      must be) deprivileged; thus, they cannot mount devices, much less tell
      the kernel (via iscsi userspace tools, etc) to make devices.
      Therefore, we must setup any storage backing devices (temp LVs, iscsi
      attachments) outside the container.  This commit makes that possible for
      rc.storage and linux liblocstorage.  Basically, rc.storage now supports
      (for the Linux liblocstorage and Docker) the -j vnodeid calling
      convention; and if it's being called on behalf of a vnodeid, it uses
      per-vnodeid fstab for any mounts, storage.conf for its state; etc.
      I modified libvnode_docker to *not* create virtual networks for
      remote blockstore links, because those are pinned to /30s, and thus I
      have no client blockstore link address to place on a device in the root
      context.  However, I (ab)used the existing Docker network setup for the
      blockstore links, and that all happens the same as it used to; we just
      no longer create the Docker virtual network nor attach the container to
      Finally, I modified tmcd dostorageconfig slightly to return
      HOSTIP/HOSTMASK for remote blockstores; and now
      libsetup::getstorageconfig will use HOSTIP in preference to its own
      HOSTID->HOSTIP translation.  I had to do this so that libvnode_docker in
      the root context would not have to go through the mess of translating
      HOSTID on behalf of a vnode.
  4. 07 Aug, 2018 1 commit
  5. 06 Aug, 2018 2 commits
    • David Johnson's avatar
      Fix a couple minor Docker clientside bugs. · 2a9160f0
      David Johnson authored
    • David Johnson's avatar
      In docker image emulabization, attempt to combine COPY instructions. · 18361092
      David Johnson authored
      We now try to emulate any simple COPY <src> <dst> instructions via rsync
      prior to image build.
      This *does* mean that artifact builder scripts must be careful to create
      all necessary dirs according to the base image semantics, because the
      base image content is not there when we emulate the COPY instructions.
      For instance, many of the modified Dockerfile-runit and
      runit-artifacts.sh files depended on built runit packages being
      installed into /tmp in the final image -- but they didn't create the
      /tmp dir because the COPY instruction they used was running atop a
      fully-populated base image that already had /tmp.  Thus, the
      runit-artifacts.sh scripts had to be changed to create /tmp with the
      proper permissions.
  6. 07 Jun, 2018 2 commits
  7. 06 Jun, 2018 1 commit
  8. 05 Jun, 2018 3 commits
  9. 01 Jun, 2018 1 commit
    • David Johnson's avatar
      Add more docker clientside tools. · b0f17e8e
      David Johnson authored
      Especially libvnode_docker::analyzeImageWithBusyboxCommand, which runs
      the busybox-static binary from the root context in the container with
      the given command (and extra container run API configuration).
  10. 31 May, 2018 1 commit
  11. 18 May, 2018 6 commits
  12. 09 May, 2018 3 commits
    • Elijah Grubb's avatar
      Fixing errors in emulabizing Docker images · b6e0952e
      Elijah Grubb authored
      Fixed issue with cmd and entrypoint values being set
      Fixed issue with rcS init.d process negatively hurting
      our networking settings.
      Better handling of whitespace in Environment variable
      Squashed commit of the following:
      commit 9aff9b12aa6a60ebb66f10f0a044bf2288b492be
      Author: Elijah Grubb <u0894728@utah.edu>
      Date:   Wed May 9 19:15:40 2018 -0600
          Handling environment variable values with whitespace
      commit c9a16bbd53c183d7f8259d878efb0be07bc8703c
      Author: Elijah Grubb <u0894728@utah.edu>
      Date:   Wed May 9 17:07:43 2018 -0600
          Fixing racing issue and rcs issue
      commit 10bf4517c419fc82f89d084c4f45d60c05a67834
      Author: Elijah Grubb <u0894728@utah.edu>
      Date:   Wed May 9 16:00:45 2018 -0600
          Setting cmd to be empty and entrypoint to be runit
    • Elijah Grubb's avatar
      Fixing bugs to support entrypoint/cmd from Docker · ff25cdf8
      Elijah Grubb authored
      Fixed issue involving alternate users being set in
      the image's Dockerfile.
      Fixed issue with accurate permissions to run runit service.
      Fixed issue with quotes to properly handle sh commands.
      Fixed issue where Docker images based on scratch are not in
      an array like other Docker images, so config attributes are
    • David Johnson's avatar
  13. 08 May, 2018 5 commits
  14. 07 May, 2018 4 commits
    • David Johnson's avatar
      Do not run ddjikstra while holding the global lock in docker clientside. · ee3694f4
      David Johnson authored
      (All we need to do while holding the global lock is allocated IFBs; the
      generation of routing scripts and traffic shaping scripts is both
      unlikely to fail and potentially slow due to running djikstra.  So, also
      let the vnode early release prior to those things, immediately after IFB
    • David Johnson's avatar
    • David Johnson's avatar
      Fix docker vnode rebuilds; return supporting image path info from tmcd. · 186c6b7b
      David Johnson authored
      Docker vnodes require the full image path anytime the vnode is created,
      even if the image in question already exists on the vhost.  This is
      because emulab custom docker images are fully-qualified with their
      hosting private registry, so we need that detail even if we're not
      re-pulling the image; i.e., if the vnode gets destroyed and recreated
      after its initial reload.
    • David Johnson's avatar
      Improve docker clientside net setup: hold global lock less. · 1f5ff983
      David Johnson authored
      Prior to this commit, I had reused all the libvnode:: network functions,
      but that requires these system-wide indexes to be built (i.e. bridges,
      ifaces) before using the helpers -- and on any network state change.
      Those indexing functions take a long time on heavily-loaded systems
      (i.e., 5k processes, hundreds of ifaces).  The helpers become very fast;
      but for the case of large numbers of vnodes on one vhost, it is better
      to hold the global lock for less time, and pay a higher per-helper cost,
      instead of making use of a nicely-indexed cache.
      So now we cache nothing and (hopefully) use /sys intelligently to avoid
      forking unnecessarily.
  15. 06 May, 2018 2 commits
  16. 05 May, 2018 3 commits
  17. 04 May, 2018 2 commits