build icon indicating copy to clipboard operation
build copied to clipboard
verified publisher icon containers

*: recipe for running acbuild in container

Open jonboulle opened this issue 10 years ago • 9 comments

We should have acbuild packaged in an ACI and then be able to invoke it using any appc runtime, e.g. rkt. I expect this would just mount in the user's project/asset directly to a known location (/data or whatever) and then run the script they pass to it.

For example with rkt this might look like:

$ ls
app.js
build-nodejs.sh
$ rkt run --volume data,kind=host,source=$(pwd) appc.io/acbuild ./build-nodejs.sh

Where "data" would be defined as a mountpoint in the appc.io/acbuild image. Then this would output the ACI in the same directory.

$ ls
app.js
build-nodejs.sh
nodejs-latest-linux-amd64.aci

jonboulle avatar Oct 30 '15 18:10 jonboulle

In a fedora 22 container:

[root@rkt-a29fb369-a1dd-498d-863f-5de4eb5fe7f7 /]# systemd-nspawn
Not running on a systemd system.

Perhaps once alternate execution environments is implemented this will be possible, but it doesn't look like this is feasible with the current state of acbuild.

cgonyeo avatar Nov 02 '15 23:11 cgonyeo

@dgonyeo how about a container based on CoreOS or something to pick up a more modern systemd-nspawn? That check was removed a while ago: https://github.com/systemd/systemd/commit/4f923a1984476de3441922ee5bf7102ebdd250ef

jonboulle avatar Nov 03 '15 15:11 jonboulle

I made a container out of coreos_developer_container.bin.bz2 from http://alpha.release.core-os.net/amd64-usr/current/, but when I attempt to run the nginx example in it I get the following:

root@rkt-98235c83-868a-48a4-8d17-8ce7dd5da102 ~ # acbuild begin
root@rkt-98235c83-868a-48a4-8d17-8ce7dd5da102 ~ # acbuild dep add quay.io/coreos/alpine-sh
root@rkt-98235c83-868a-48a4-8d17-8ce7dd5da102 ~ # acbuild run -- apk update
Downloading quay.io/coreos/alpine-sh: [========================] 2.65 MB/2.65 MB
Failed to open system bus: No such file or directory
Failed to create directory /root/.acbuild/target/sys/fs/selinux: Read-only file system
Failed to create directory /root/.acbuild/target/sys/fs/selinux: Read-only file system
/etc/localtime is not a symlink, not updating container timezone.
Failed to copy /etc/resolv.conf to /root/.acbuild/target/etc/resolv.conf: No such device or address
Attempted to remove disk file system, and we can't allow that.
run: exit status 1

Any clue what's going on here? I can't figure out why it would be a read-only file system.

cgonyeo avatar Nov 03 '15 18:11 cgonyeo

Weird. Can you narrow it down to an explicit systemd nspawn invocation case to reproduce?

On Tue, Nov 3, 2015, 19:40 Derek Gonyeo [email protected] wrote:

I made a container out of coreos_developer_container.bin.bz2 from http://alpha.release.core-os.net/amd64-usr/current/, but when I attempt to run the nginx example in it I get the following:

root@rkt-98235c83-868a-48a4-8d17-8ce7dd5da102 ~ # acbuild begin root@rkt-98235c83-868a-48a4-8d17-8ce7dd5da102 ~ # acbuild dep add quay.io/coreos/alpine-sh root@rkt-98235c83-868a-48a4-8d17-8ce7dd5da102 ~ # acbuild run -- apk update Downloading quay.io/coreos/alpine-sh: [========================] 2.65 MB/2.65 MB Failed to open system bus: No such file or directory Failed to create directory /root/.acbuild/target/sys/fs/selinux: Read-only file system Failed to create directory /root/.acbuild/target/sys/fs/selinux: Read-only file system /etc/localtime is not a symlink, not updating container timezone. Failed to copy /etc/resolv.conf to /root/.acbuild/target/etc/resolv.conf: No such device or address Attempted to remove disk file system, and we can't allow that. run: exit status 1

Any clue what's going on here? I can't figure out why it would be a read-only file system.

— Reply to this email directly or view it on GitHub https://github.com/appc/acbuild/issues/86#issuecomment-153449319.

jonboulle avatar Nov 03 '15 19:11 jonboulle

Yup. The directory I'm pointing systemd-nspawn at here is the rootfs from quay.io/coreos/alpine-sh.

root@rkt-98235c83-868a-48a4-8d17-8ce7dd5da102 ~ # systemd-nspawn -D ./rootfs/ /sbin/apk update   
Spawning container rootfs on /root/rootfs.
Press ^] three times within 1s to kill container.
Failed to open system bus: No such file or directory
Failed to create directory /root/rootfs/sys/fs/selinux: Read-only file system
Failed to create directory /root/rootfs/sys/fs/selinux: Read-only file system
/etc/localtime is not a symlink, not updating container timezone.
Attempted to remove disk file system, and we can't allow that.

cgonyeo avatar Nov 03 '15 19:11 cgonyeo

I just tried this in an ACI made out of gentoo's stage 3, and get a different, but similar output to when it was in the coreos ACI.

root@rkt-983d74af-c0f5-4c36-a39f-4d0e2350a9e2 ~ # systemd-nspawn -D ./rootfs/ /sbin/apk update
Spawning container rootfs on /root/rootfs.
Press ^] three times within 1s to kill container.
Failed to open system bus: No such file or directory
/etc/localtime is not a symlink, not updating container timezone.
Parent died too earlyAttempted to remove disk file system, and we can't allow that.

cgonyeo avatar Nov 03 '15 22:11 cgonyeo

Any luck troubleshooting this further? perhaps ping upstream systemd?

jonboulle avatar Nov 11 '15 02:11 jonboulle

You might try invoking nspawn with --boot so it starts an init. On Tue, Nov 10, 2015 at 6:17 PM Jonathan Boulle [email protected] wrote:

Any luck troubleshooting this further? perhaps ping upstream systemd?

— Reply to this email directly or view it on GitHub https://github.com/appc/acbuild/issues/86#issuecomment-155633035.

chancez avatar Nov 11 '15 07:11 chancez

I really want this. Not sure how this'll be solved given the need for OverlayFS… Is it even possible to interact with kernel-level stuff like that in an ACE container?

blalor avatar Dec 07 '15 21:12 blalor