diff --git a/build_debian.sh b/build_debian.sh index b4384113a114..1010fbc26e0f 100755 --- a/build_debian.sh +++ b/build_debian.sh @@ -29,7 +29,7 @@ set -x -e ## docker engine version (with platform) -DOCKER_VERSION=1.11.1-0~stretch_amd64 +DOCKER_VERSION=5:18.09.0~3-0~debian-stretch LINUX_KERNEL_VERSION=4.9.0-8 ## Working directory to prepare the file system @@ -63,6 +63,11 @@ mkdir -p $FILESYSTEM_ROOT/$PLATFORM_DIR mkdir -p $FILESYSTEM_ROOT/$PLATFORM_DIR/x86_64-grub touch $FILESYSTEM_ROOT/$PLATFORM_DIR/firsttime +## make / as a mountpoint in chroot env, needed by dockerd +pushd $FILESYSTEM_ROOT +sudo mount --bind . . +popd + ## Build a basic Debian system by debootstrap echo '[INFO] Debootstrap...' sudo http_proxy=$http_proxy debootstrap --variant=minbase --arch amd64 stretch $FILESYSTEM_ROOT http://debian-archive.trafficmanager.net/debian @@ -159,12 +164,19 @@ echo '[INFO] Install docker' ## Install apparmor utils since they're missing and apparmor is enabled in the kernel ## Otherwise Docker will fail to start sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install apparmor -docker_deb_url=https://apt.dockerproject.org/repo/pool/main/d/docker-engine/docker-engine_${DOCKER_VERSION}.deb -docker_deb_temp=`mktemp` -trap_push "rm -f $docker_deb_temp" -wget $docker_deb_url -qO $docker_deb_temp -sudo dpkg --root=$FILESYSTEM_ROOT -i $docker_deb_temp || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f +sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install apt-transport-https \ + ca-certificates \ + curl \ + gnupg2 \ + software-properties-common +sudo LANG=C chroot $FILESYSTEM_ROOT curl -o /tmp/docker.gpg -fsSL https://download.docker.com/linux/debian/gpg +sudo LANG=C chroot $FILESYSTEM_ROOT apt-key add /tmp/docker.gpg +sudo LANG=C chroot $FILESYSTEM_ROOT rm /tmp/docker.gpg +sudo LANG=C chroot $FILESYSTEM_ROOT add-apt-repository \ + "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable" +sudo LANG=C chroot $FILESYSTEM_ROOT apt-get update +sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install docker-ce=${DOCKER_VERSION} +sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y remove software-properties-common gnupg2 ## Add docker config drop-in to select aufs, otherwise it may select other storage driver sudo mkdir -p $FILESYSTEM_ROOT/etc/systemd/system/docker.service.d/ diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2 index 3294068e71a6..ed8df864cd06 100644 --- a/files/build_templates/sonic_debian_extension.j2 +++ b/files/build_templates/sonic_debian_extension.j2 @@ -43,7 +43,8 @@ clean_sys() { trap_push clean_sys sudo LANG=C chroot $FILESYSTEM_ROOT mount sysfs /sys -t sysfs -sudo bash -c "echo \"DOCKER_OPTS=\"--storage-driver=overlay\"\" >> $FILESYSTEM_ROOT/etc/default/docker" +sudo bash -c "echo \"DOCKER_OPTS=\"--storage-driver=overlay2\"\" >> $FILESYSTEM_ROOT/etc/default/docker" +sudo cp files/docker/docker $FILESYSTEM_ROOT/etc/init.d/ sudo chroot $FILESYSTEM_ROOT service docker start # Apply apt configuration files @@ -280,6 +281,7 @@ sudo LANG=C chroot $FILESYSTEM_ROOT docker load < {{image}} sudo LANG=C chroot $FILESYSTEM_ROOT docker tag {{imagename}}:latest {{imagename}}:$(sonic_get_version) {% endfor %} sudo chroot $FILESYSTEM_ROOT service docker stop +sudo rm $FILESYSTEM_ROOT/etc/init.d/docker {% for script in installer_start_scripts.split(' ') -%} sudo cp {{script}} $FILESYSTEM_ROOT/usr/bin/ {% endfor %} diff --git a/files/docker/README b/files/docker/README new file mode 100644 index 000000000000..d6a1ef008c2a --- /dev/null +++ b/files/docker/README @@ -0,0 +1,2 @@ +docker file is extracted from docker-ce 17.03.0~ce-0~debian-stretch to +enable 'service docker start' in the build chroot env. diff --git a/files/docker/docker b/files/docker/docker new file mode 100755 index 000000000000..4f9d38dda5c6 --- /dev/null +++ b/files/docker/docker @@ -0,0 +1,152 @@ +#!/bin/sh +set -e + +### BEGIN INIT INFO +# Provides: docker +# Required-Start: $syslog $remote_fs +# Required-Stop: $syslog $remote_fs +# Should-Start: cgroupfs-mount cgroup-lite +# Should-Stop: cgroupfs-mount cgroup-lite +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Create lightweight, portable, self-sufficient containers. +# Description: +# Docker is an open-source project to easily create lightweight, portable, +# self-sufficient containers from any application. The same container that a +# developer builds and tests on a laptop can run at scale, in production, on +# VMs, bare metal, OpenStack clusters, public clouds and more. +### END INIT INFO + +export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin + +BASE=docker + +# modify these in /etc/default/$BASE (/etc/default/docker) +DOCKERD=/usr/bin/dockerd +# This is the pid file managed by docker itself +DOCKER_PIDFILE=/var/run/$BASE.pid +# This is the pid file created/managed by start-stop-daemon +DOCKER_SSD_PIDFILE=/var/run/$BASE-ssd.pid +DOCKER_LOGFILE=/var/log/$BASE.log +DOCKER_OPTS= +DOCKER_DESC="Docker" + +# Get lsb functions +. /lib/lsb/init-functions + +if [ -f /etc/default/$BASE ]; then + . /etc/default/$BASE +fi + +# Check docker is present +if [ ! -x $DOCKERD ]; then + log_failure_msg "$DOCKERD not present or not executable" + exit 1 +fi + +check_init() { + # see also init_is_upstart in /lib/lsb/init-functions (which isn't available in Ubuntu 12.04, or we'd use it directly) + if [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; then + log_failure_msg "$DOCKER_DESC is managed via upstart, try using service $BASE $1" + exit 1 + fi +} + +fail_unless_root() { + if [ "$(id -u)" != '0' ]; then + log_failure_msg "$DOCKER_DESC must be run as root" + exit 1 + fi +} + +cgroupfs_mount() { + # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount + if grep -v '^#' /etc/fstab | grep -q cgroup \ + || [ ! -e /proc/cgroups ] \ + || [ ! -d /sys/fs/cgroup ]; then + return + fi + if ! mountpoint -q /sys/fs/cgroup; then + mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup + fi + ( + cd /sys/fs/cgroup + for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do + mkdir -p $sys + if ! mountpoint -q $sys; then + if ! mount -n -t cgroup -o $sys cgroup $sys; then + rmdir $sys || true + fi + fi + done + ) +} + +case "$1" in + start) + check_init + + fail_unless_root + + cgroupfs_mount + + touch "$DOCKER_LOGFILE" + chgrp docker "$DOCKER_LOGFILE" + + ulimit -n 1048576 + + # Having non-zero limits causes performance problems due to accounting overhead + # in the kernel. We recommend using cgroups to do container-local accounting. + if [ "$BASH" ]; then + ulimit -u unlimited + else + ulimit -p unlimited + fi + + log_begin_msg "Starting $DOCKER_DESC: $BASE" + start-stop-daemon --start --background \ + --no-close \ + --exec "$DOCKERD" \ + --pidfile "$DOCKER_SSD_PIDFILE" \ + --make-pidfile \ + -- \ + -p "$DOCKER_PIDFILE" \ + $DOCKER_OPTS \ + >> "$DOCKER_LOGFILE" 2>&1 + log_end_msg $? + ;; + + stop) + check_init + fail_unless_root + log_begin_msg "Stopping $DOCKER_DESC: $BASE" + start-stop-daemon --stop --pidfile "$DOCKER_SSD_PIDFILE" --retry 10 + log_end_msg $? + ;; + + restart) + check_init + fail_unless_root + docker_pid=`cat "$DOCKER_SSD_PIDFILE" 2>/dev/null` + [ -n "$docker_pid" ] \ + && ps -p $docker_pid > /dev/null 2>&1 \ + && $0 stop + $0 start + ;; + + force-reload) + check_init + fail_unless_root + $0 restart + ;; + + status) + check_init + status_of_proc -p "$DOCKER_SSD_PIDFILE" "$DOCKERD" "$DOCKER_DESC" + ;; + + *) + echo "Usage: service docker {start|stop|restart|status}" + exit 1 + ;; +esac diff --git a/files/docker/docker.service.conf b/files/docker/docker.service.conf index b124d94f70d1..e9ba55c8afa8 100644 --- a/files/docker/docker.service.conf +++ b/files/docker/docker.service.conf @@ -1,3 +1,3 @@ [Service] ExecStart= -ExecStart=/usr/bin/docker daemon -H fd:// --storage-driver=overlay --bip=240.127.1.1/24 --iptables=false +ExecStart=/usr/bin/dockerd -H unix:// --storage-driver=overlay2 --bip=240.127.1.1/24 --iptables=false