diff --git a/README.md b/README.md index f6a46e4..4cddcc7 100644 --- a/README.md +++ b/README.md @@ -17,32 +17,39 @@ The following packages are needed to run bocker. Because most distributions do not ship a new enough version of util-linux you will probably need grab the sources from [here](https://www.kernel.org/pub/linux/utils/util-linux/v2.25/) and compile it yourself. -Additionally `/var/bocker` needs to be on a btrfs filesystem. +Additionally your system will need to be configured with the following. + +* A btrfs filesystem mounted under `/var/bocker` +* A network bridge called `bridge0` and an IP of 10.0.0.1/24 +* IP forwarding enabled in `/proc/sys/net/ipv4/ip_forward` +* A firewall routing traffic from `bridge0` to a physical interface. For ease of use a Vagrantfile is included which will build the needed environment. +Even if you meet the above prerequisites you probably still want to **run bocker in a virtual machine**. Bocker runs as root and among other things needs to make changes to your network interfaces, routing table, and firewall rules. **I can make no guarantees that it wont trash your system**. + ## Example Usage ``` -$ ./bocker init base-image/ -img_e6b698c1-513d-4a40-807c-23b0fe54353a +$ bocker init base-image/ +img_74432 -$ ./bocker images +$ bocker images IMAGE_ID -img_e6b698c1-513d-4a40-807c-23b0fe54353a +img_74432 -$ ./bocker run img_e6b698c1-513d-4a40-807c-23b0fe54353a uname -sro +$ bocker run img_74432 uname -sro Linux 3.10.0-123.20.1.el7.x86_64 GNU/Linux -$ ./bocker ps -CONTAINER_ID COMMAND -ps_349bf646-06cf-4d98-bcf8-744f59e7e6bb uname -sro +$ bocker ps +CONTAINER_ID COMMAND +ps_43529 uname -sro -$ ./bocker rm ps_349bf646-06cf-4d98-bcf8-744f59e7e6bb -ps_349bf646-06cf-4d98-bcf8-744f59e7e6bb +$ bocker rm ps_43529 +ps_43529 -$ ./bocker rm img_e6b698c1-513d-4a40-807c-23b0fe54353a -img_e6b698c1-513d-4a40-807c-23b0fe54353a +$ bocker rm img_74432 +img_74432 ``` ## Functionality: Currently Implemented @@ -52,12 +59,13 @@ img_e6b698c1-513d-4a40-807c-23b0fe54353a * `docker ps` * `docker run` * `docker rm` / `docker rmi` +* Networking † `bocker init` provides a very limited implemetation of `docker build` ## Functionality: Not Yet Implemented -* Networking +* DNS * Port Forwarding * Data Volumes * Data Volume Containers diff --git a/Vagrantfile b/Vagrantfile index 9e0d655..d27a7c7 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -10,8 +10,8 @@ mount -o loop ~/btrfs.img /var/bocker pip install git+https://github.com/larsks/undocker systemctl start docker.service -docker pull busybox -docker save busybox | undocker -o base-image +docker pull centos +docker save centos | undocker -o base-image git clone https://github.com/karelzak/util-linux.git cd util-linux @@ -23,6 +23,15 @@ mv unshare /usr/bin/unshare cd .. ln -s /vagrant/bocker /usr/bin/bocker + +echo 1 > /proc/sys/net/ipv4/ip_forward +iptables --flush +iptables -t nat -A POSTROUTING -o bridge0 -j MASQUERADE +iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE + +ip link add bridge0 type bridge +ip addr add 10.0.0.1/24 dev bridge0 +ip link set bridge0 up ) 2>&1 SCRIPT diff --git a/bocker b/bocker index c3d6ea3..24f2a9c 100755 --- a/bocker +++ b/bocker @@ -1,9 +1,8 @@ #!/usr/bin/env bash set -o errexit -o nounset -o pipefail; shopt -s nullglob -btrfs_path='/var/bocker'; -basename=$(which basename); btrfs=$(which btrfs); cat=$(which cat); -unshare=$(which unshare); umount=$(which umount); chroot=$(which chroot) +btrfs_path='/var/bocker'; basename=$(which basename); btrfs=$(which btrfs); +cat=$(which cat); unshare=$(which unshare); chroot=$(which chroot) function CHECK_VOLUME() { if $btrfs subvolume list "$btrfs_path" | grep -qw "$1"; then @@ -16,7 +15,7 @@ fi function INIT() { if [[ -d "$1" ]]; then - uuid="img_$(uuidgen)" + uuid="img_$(shuf -i 10000-99999 -n 1)" $btrfs subvolume create "$btrfs_path/$uuid" > /dev/null cp -rf --reflink=auto "$1"/* "$btrfs_path/$uuid" > /dev/null echo "$uuid" @@ -47,13 +46,23 @@ done function RUN() { CHECK_VOLUME "$1" -uuid="ps_$(uuidgen)" +uuid="ps_$(shuf -i 10000-99999 -n 1)" +ip link add dev veth0_"$uuid" type veth peer name veth1_"$uuid" +ip link set dev veth0_"$uuid" up +ip link set veth0_"$uuid" master bridge0 +ip netns add netns_"$uuid" +ip link set veth1_"$uuid" netns netns_"$uuid" +ip netns exec netns_"$uuid" ip link set dev lo up +ip netns exec netns_"$uuid" ip addr add 10.0.0.2/24 dev veth1_"$uuid" +ip netns exec netns_"$uuid" ip link set dev veth1_"$uuid" up +ip netns exec netns_"$uuid" ip route add default via 10.0.0.1 $btrfs subvolume snapshot "$btrfs_path/$1" "$btrfs_path/$uuid" > /dev/null echo "$2" > "$btrfs_path/$uuid/$uuid.cmd" -"$unshare" -fp --mount-proc "$chroot" "$btrfs_path/$uuid" \ - /bin/sh -c "/bin/mount -t proc proc /proc && /bin/$2" \ - 2>&1 | tee "$btrfs_path/$uuid/$uuid.log" -$umount "$btrfs_path/$uuid/proc" +ip netns exec netns_"$uuid" "$unshare" -fp --mount-proc "$chroot" \ + "$btrfs_path/$uuid" /bin/sh -c "/bin/mount -t proc proc /proc && $2" \ + 2>&1 | tee "$btrfs_path/$uuid/$uuid.log" || true +ip link del dev veth0_"$uuid" +ip netns del netns_"$uuid" } function LOGS() {