From 042aec75f8667babb2d20df2834a5f4ba2979355 Mon Sep 17 00:00:00 2001 From: Stefan Lankes Date: Tue, 8 Oct 2024 12:41:56 +0000 Subject: [PATCH 1/5] assume that the hermit environment is already part of the OCI image --- .github/workflows/ci.yml | 6 ------ src/create.rs | 31 +------------------------------ 2 files changed, 1 insertion(+), 36 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ac46b57c..e4c3bf45 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -60,14 +60,8 @@ jobs: sudo crictl version - name: Pull images run: | - docker pull ghcr.io/hermit-os/hermit_env:latest docker pull ghcr.io/hermit-os/rusty_demo:latest sudo crictl pull ghcr.io/hermit-os/rusty_demo:latest - - name: Setup Hermit environment - run: | - docker export $(docker create ghcr.io/hermit-os/hermit_env:latest) > hermit-env.tar - sudo mkdir -p /run/runh/hermit - sudo tar -xf hermit-env.tar -C /run/runh/hermit - name: Setup rootfs run: | docker export $(docker create ghcr.io/hermit-os/rusty_demo:latest) > runh-image.tar diff --git a/src/create.rs b/src/create.rs index 837a11b2..f39b24a3 100644 --- a/src/create.rs +++ b/src/create.rs @@ -170,36 +170,7 @@ pub fn create_container( }); //Setup file system - let rootfs_path_abs = if is_hermit_container { - let overlay_root = container_dir.join("rootfs"); - let overlay_workdir = overlay_root.join("work"); - let overlay_upperdir = overlay_root.join("diff"); - let overlay_mergeddir = overlay_root.join("merged"); - mounts::create_all_dirs(&overlay_workdir); - mounts::create_all_dirs(&overlay_upperdir); - mounts::create_all_dirs(&overlay_mergeddir); - let datastr = format!( - "lowerdir={}:{},upperdir={},workdir={}", - hermit::get_environment_path(&project_dir, &hermit_env) - .as_os_str() - .to_str() - .unwrap(), - bundle_rootfs_path_abs.as_os_str().to_str().unwrap(), - overlay_upperdir.as_os_str().to_str().unwrap(), - overlay_workdir.as_os_str().to_str().unwrap() - ); - nix::mount::mount::( - Some("overlay"), - &overlay_mergeddir, - Some("overlay"), - nix::mount::MsFlags::empty(), - Some(datastr.as_str()), - ) - .unwrap_or_else(|err| panic!("Could not create overlay-fs at {:?}: {}", overlay_root, err)); - Cow::from(overlay_mergeddir.canonicalize().unwrap()) - } else { - Cow::from(&bundle_rootfs_path_abs) - }; + let rootfs_path_abs = Cow::from(&bundle_rootfs_path_abs); //Pass spec file let mut config = bundle; From 1a801fe91c25851a3764f05685d790f50ff73482 Mon Sep 17 00:00:00 2001 From: Stefan Lankes Date: Tue, 8 Oct 2024 13:04:53 +0000 Subject: [PATCH 2/5] remove clippy warnings --- src/create.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/src/create.rs b/src/create.rs index f39b24a3..a176bc38 100644 --- a/src/create.rs +++ b/src/create.rs @@ -1,6 +1,5 @@ use crate::hermit; use crate::logging::LogLevel; -use crate::mounts; use crate::rootfs; use crate::state; use command_fds::{CommandFdExt, FdMapping}; From 0ca084f96643384fda1ce2edad13f7725ef12edb Mon Sep 17 00:00:00 2001 From: Stefan Lankes Date: Tue, 8 Oct 2024 19:10:01 +0000 Subject: [PATCH 3/5] remove flag `hermit_env` The environment is included in the container image. Consequently, the flag isn't longer required. --- src/create.rs | 3 --- src/hermit.rs | 25 +------------------------ src/main.rs | 5 ----- 3 files changed, 1 insertion(+), 32 deletions(-) diff --git a/src/create.rs b/src/create.rs index a176bc38..673e763b 100644 --- a/src/create.rs +++ b/src/create.rs @@ -29,7 +29,6 @@ pub fn create_container( bundle: PathBuf, pidfile: Option, console_socket: Option, - hermit_env: Option, debug_config: bool, child_log_level: LogLevel, ) { @@ -108,8 +107,6 @@ pub fn create_container( }; if is_hermit_container { info!("Detected RustyHermit executable. Creating container in hermit mode!"); - //Setup hermit environment - hermit::prepare_environment(&project_dir, &hermit_env); } //Setup exec fifo diff --git a/src/hermit.rs b/src/hermit.rs index 45a0be5a..2eea4e45 100644 --- a/src/hermit.rs +++ b/src/hermit.rs @@ -1,7 +1,7 @@ use crate::network; use goblin::elf; use goblin::elf64::header::EI_OSABI; -use std::{fs, path::Path, path::PathBuf}; +use std::{fs, path::Path}; pub fn is_hermit_app(path: &Path) -> bool { let buffer = fs::read(path) @@ -14,29 +14,6 @@ pub fn is_hermit_app(path: &Path) -> bool { } } -pub fn create_environment(_path: &Path) { - //TODO -} - -pub fn get_environment_path(project_dir: &Path, hermit_env_path: &Option) -> PathBuf { - match hermit_env_path { - Some(s) => s.clone(), - None => project_dir.join("hermit"), - } -} - -pub fn prepare_environment(project_dir: &Path, hermit_env_path: &Option) { - let environment_path = get_environment_path(project_dir, hermit_env_path); - if !environment_path.exists() { - create_environment(&environment_path); - } else if !environment_path.is_dir() { - panic!( - "Environment path at {:?} exists but is not a directory!", - &environment_path - ); - } -} - pub enum NetworkConfig { TapNetwork(network::VirtioNetworkConfig), UserNetwork(u16), diff --git a/src/main.rs b/src/main.rs index 54a8a303..b5628483 100644 --- a/src/main.rs +++ b/src/main.rs @@ -91,7 +91,6 @@ fn parse_matches(cli: &Cli) { bundle.clone(), pid_file.clone(), console_socket.clone(), - cli.hermit_env.clone(), cli.debug_config, cli.log_level, ), @@ -213,10 +212,6 @@ struct Cli { #[arg(long, default_value_t, value_enum)] log_format: LogFormat, - /// Path to the hermit-environment. Defaults to /hermit - #[arg(long, value_name = "HERMIT_ENV_PATH")] - hermit_env: Option, - /// Write out any logs to the runh root directory in addition to the specified log path. #[arg(long, default_value_t)] debug_log: bool, From df12e2ec6753938e70505571c234e2e086fa2b2b Mon Sep 17 00:00:00 2001 From: Stefan Lankes Date: Tue, 8 Oct 2024 19:15:52 +0000 Subject: [PATCH 4/5] remove the usage of an obsolete flag --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e4c3bf45..96f01ea6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -87,7 +87,7 @@ jobs: - name: Setup runh with Docker shell: sudo bash --noprofile --norc -eo pipefail {0} run: | - sed -i 's/{/{ "default-runtime": "runc", "runtimes": { "runh": { "path": "\/home\/runner\/.cargo\/bin\/runh", "runtimeArgs": ["-l", "debug", "--hermit-env", "\/run\/runh\/hermit"] } },/g' /etc/docker/daemon.json + sed -i 's/{/{ "default-runtime": "runc", "runtimes": { "runh": { "path": "\/home\/runner\/.cargo\/bin\/runh", "runtimeArgs": ["-l", "debug"] } },/g' /etc/docker/daemon.json >&2 cat /etc/docker/daemon.json systemctl restart docker || systemctl status docker - name: Check Docker runtime From b3a79b62323e8bdcb2f8da6490ad874934179917 Mon Sep 17 00:00:00 2001 From: Stefan Lankes Date: Tue, 8 Oct 2024 19:48:48 +0000 Subject: [PATCH 5/5] add description of the new build process --- README.md | 50 ++++++++++++-------------------------------------- 1 file changed, 12 insertions(+), 38 deletions(-) diff --git a/README.md b/README.md index ff701663..38284eb2 100644 --- a/README.md +++ b/README.md @@ -1,49 +1,23 @@ # runh -`run` is a CLI tool for spawning and running RustyHermit containers. -To start RustyHermit application within a isolated lightweight virtual machine, a directory with the application and the loader must be created. -In this example, the binaries will be downloaded from a docker registry. +`runh` is a CLI tool for spawning and running HermitOS containers. +To start HermitOS application within a isolated lightweight virtual machine, a container registry with the the HermitOS application and its loader. -At first, the required tools will be downloaded and installed to run RustyHermit images. +To create a container image with the httpd example from the [HermitOS](https://github.com/hermit-os/hermit-rs) repository, the following `Dockerfile` is used. +The example assumes, that `httpd` and `hermit-loader-x86_64` is already created and copied to the directory, which contains the `Dockerfile`. -```sh -$ docker export $(docker create ghcr.io/hermit-os/hermit_env:latest) > hermit-env.tar -$ sudo mkdir -p /run/runh/hermit -$ sudo tar -xf hermit-env.tar -C /run/runh/hermit -``` - -Afterwards, the RustyHermit application will be download and store in a local directory. - -```sh -$ docker export $(docker create ghcr.io/hermit-os/rusty_demo:latest) > runh-image.tar -$ mkdir -p ./runh-image/rootfs -$ tar -xf runh-image.tar -C ./runh-image/rootfs -``` - -In this case, the application an the loader is stored in the subdirectory `runh-image/rootfs`. - -```sh -$ ls ./runh-image/rootfs -drwxr-xr-x 1 stefan stefan 128 May 24 12:27 . -drwxr-xr-x 1 stefan stefan 96 May 24 12:27 .. --rwxr-xr-x 1 stefan stefan 3651080 May 20 13:53 rusty_demo --rwxr-xr-x 1 stefan stefan 2225868 May 19 22:50 hermit-loader -``` - -An OCI specification file is required to start the hypervisor within an isolated environment. -The following commands generate a starter bundle for `rusty_demo`, create and start the container: - -```sh -$ cd runh-image -$ sudo runh --root /run/runh spec --bundle . --args /hermit/rusty_demo -$ sudo runh --root /run/runh -l debug create --bundle . runh-container -$ sudo runh --root /run/runh -l debug start runh-container +```Dockerfile +FROM ghcr.io/hermit-os/hermit_env:latest +COPY hermit-loader-x86_64 hermit/hermit-loader +COPY httpd hermit/httpd +CMD ["/hermit/httpd"] ``` -After a successfull test, the container can be deleted with following command: +Afterwards, the container image can be created and pushed to the registry. +The registery tag has to replace with the enduser registry. ```sh -$ sudo runh --root /run/runh -l debug delete runh-container +$ docker buildx build --tag ghcr.io/hermit-os/httpd:latest --push . ``` ## Funding