1a87aca209
Extends container-base to create a systemd enabled container that is
an appropriate starting point if a systemd applciation is being run
or a mulit-user style environment is required.
The application specified in SYSTEMD_CONTAINER_APP will be installed
and be available to be executed.
The rootfs of this container type is post processed to enable and
disable services as specified by the containeer definition. This allows
service that are not appropriate in a containerized environemnt to
be disabled (i.e. getty login)
The list of services can be found in the recipes themselves.
This container enables ssh by default, so that it can be executed
in the background and then accessed as a full environment.
Note: this is currently a priviledged container if run under docker.
There are multiple ways to add/remove permissions from the container,
and most are configurable during launch:
% root@qemuarm64-54:~# docker run -d --rm --name systemd_test --privileged --cap-add SYS_ADMIN \
--security-opt seccomp=unconfined --cgroup-parent=docker.slice --cgroupns private \
--tmpfs /tmp --tmpfs /run --tmpfs /run/lock zeddii/systemd-container-base
or
% docker run -d --rm --name systemd_test --privileged --cgroup-parent=docker.slice \
--cgroupns private zeddii/c3-systemd-container
% root@qemuarm64-54:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4b07cc907e26 zeddii/c3-systemd-container "/sbin/init" 5 minutes ago Up 5 minutes systemd_test
% podman run -d --name systemd_test --privileged --cgroupns=host --tmpfs /tmp --tmpfs /run --tmpfs /run/lock \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro zeddii/systemd-container-base
% ctr container create --privileged --runtime="io.containerd.runc.v2" \
--mount type=bind,src=/sys/fs/cgroup,dst=/sys/fs/cgroup,options=rbind:rw \
docker.io/zeddii/systemd-container-base:latest my_systemd_container /sbin/init
% ctr task start --detach my_systemd_container
% ctr task ls
TASK PID STATUS
my_systemd_container 690 RUNNING
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|---|---|---|
| classes | ||
| conf | ||
| docs | ||
| dynamic-layers | ||
| files | ||
| lib/oeqa/runtime/cases | ||
| recipes-containers | ||
| recipes-core | ||
| recipes-demo | ||
| recipes-devtools | ||
| recipes-extended | ||
| recipes-graphics/xorg-xserver | ||
| recipes-kernel | ||
| recipes-networking | ||
| scripts | ||
| wic | ||
| .gitignore | ||
| COPYING.MIT | ||
| MAINTAINERS | ||
| meta-virt-roadmap.txt | ||
| README.md | ||
| SECURITY.md | ||
meta-virtualization
This layer provides support for building Xen, KVM, Libvirt, and associated packages necessary for constructing OE-based virtualized solutions.
The bbappend files for some recipes (e.g. linux-yocto) in this layer need to have 'virtualization' in DISTRO_FEATURES to have effect. To enable them, add in configuration file the following line.
DISTRO_FEATURES:append = " virtualization"
If meta-virtualization is included, but virtualization is not enabled as a distro feature a warning is printed at parse time:
You have included the meta-virtualization layer, but
'virtualization' has not been enabled in your DISTRO_FEATURES. Some bbappend files
may not take effect. See the meta-virtualization README for details on enabling
virtualization support.
If you know what you are doing, this warning can be disabled by setting the following variable in your configuration:
SKIP_META_VIRT_SANITY_CHECK = 1
Depending on your use case, there are other distro features in meta-virtualization that may also be enabled:
- xen: enables xen functionality in various packages (kernel, libvirt, etc)
- kvm: enables KVM configurations in the kernel and autoloads modules
- k8s: enables kubernets configurations in the kernel, tools and configuration
- aufs: enables aufs support in docker and linux-yocto
- x11: enable xen and libvirt functionality related to x11
- selinux: enables functionality in libvirt and lxc
- systemd: enable systemd services and unit files (for recipes for support)
- sysvinit: enable sysvinit scripts (for recipes with support)
- seccomp: enable seccomp support for packages that have the capability.
Dependencies
This layer depends on:
URI: git://github.com/openembedded/openembedded-core.git branch: master revision: HEAD prio: default
URI: git://github.com/openembedded/meta-openembedded.git branch: master revision: HEAD layers: meta-oe meta-networking meta-filesystems meta-python
Required for Xen XSM policy: URI: git://git.yoctoproject.org/meta-selinux branch: master revision: HEAD prio: default
Required for Ceph: URI: git://git.yoctoproject.org/meta-cloud-services branch: master revision: HEAD prio: default
Required for cri-o: URI: git://git.yoctoproject.org/meta-selinux branch: master revision: HEAD prio: default
Community / Colaboration
Repository: https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/ Mailing list: https://lists.yoctoproject.org/g/meta-virtualization IRC: libera.chat #meta-virt channel
Maintenance
Send pull requests, patches, comments or questions to meta-virtualization@lists.yoctoproject.org
Maintainer: Bruce Ashfield bruce.ashfield@gmail.com see MAINTAINERS for more specific information
When sending single patches, please using something like: $ git send-email -1 -M --to meta-virtualization@lists.yoctoproject.org --subject-prefix='meta-virtualization][PATCH'
License
All metadata is MIT licensed unless otherwise stated. Source code included in tree for individual recipes is under the LICENSE stated in each recipe (.bb file) unless otherwise stated.