gnu/services/docker.scm (oci-container-shepherd-service): When image is
oci-image, call %oci-image-loader.
Change-Id: I26105e82643affe9e7037975e42ec9690089545b
This commit allows for loading an OCI image tarball before running an
OCI backed Shepherd service. It does so by adding a one shot Shepherd
service to the dependencies of the OCI backed service that at boot runs
docker load on the tarball.
* gnu/services/docker.scm (oci-image): New record;
(lower-oci-image): new variable, lower it;
(string-or-oci-image?): sanitize it;
(oci-container-configuration)[image]: allow also for oci-image records;
(oci-container-shepherd-service): use it;
(%oci-image-loader): new variable.
Change-Id: Ie504f479ea0d47f74b0ec5df9085673ffd3f639d
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/docker.scm (exports): Add missing procedures;
(oci-container-service-type)[description]: Docker and OCI images should
mean the same thing;
(oci-container-configuration): clarify field types;
[extra-arguments]: new field;
(oci-sanitize-extra-arguments): sanitize it;
(oci-container-shepherd-service): use it.
* doc/guix.texi: Document it.
Change-Id: I64e9d82c8ae538d59d1c482f23070a880156ddf7
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
The oci-container-configuration supports two user fields: one is the
user, from the host system, under whose authority the OCI-backed
Shepherd service is run; the other is an optional user/UID that can be
passed to the docker run invokation to override the user defined in the
OCI image.
The user from the host system is incorrectly passed to docker run
command, this patches reverts the incorrect behavior and passes the
correct container-user field value.
* gnu/services/docker.scm (oci-container-configuration): Fix the user
passed to the docker run invokation.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
cgroup v2 is the next generation of the control groups API. This patch
replaces the cgroup v1 file systems with the unified cgroup v2 file
system.
cgroup v2 allows for things like containerd/podman to run rootless
containers and opens guix system up to running things like Kubernetes.
Thanks to Hilton Chain <hako@ultrarare.space> for suggesting the Docker
service change.
* gnu/system/file-systems.scm (%control-groups): Change to a single
"cgroup2" mount point.
* gnu/services/docker.scm (docker-shepherd-service): Trim 'requirement'
field accordingly.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/docker.scm (docker-configuration): Add the field
(docker-shepherd-service): Pass the list of defined variables to
make-forkexec-constructor.
* doc/guix.texi (Miscellaneous Services): Update doc.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit fixes error 'time="2020-10-16T…" level=error msg="Handler for POST
/v1.40/containers/…/start returned error: failed to start shim: exec:
\"containerd-shim\": executable file not found in $PATH: unknown"'.
* gnu/services/docker.scm
(containerd-shepherd-service): Add "containerd-shim" to PATH.
The userland proxy option does not properly disable the userland proxy when
set to false. Docker defaults to enabling the userland proxy if the option is
unset on the command line.
* gnu/services/docker.scm (docker-shepherd-service): Properly handle the
'enable-proxy?' option.
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
This commit follows a404716d41.
* gnu/services/docker.scm
(docker-configuration)[docker-cli]: New record field.
(docker-service-type): Use this.
* doc/guix.texi (Miscellaneous Services)[Docker Service]: Document this.
* gnu/services/docker.scm (docker-configuration): Add a debug? field.
(containerd-shepherd-service): Pass the "--log-level=debug" argument when
DEBUG? is true.
(docker-shepherd-service): Pass the "--debug" and "--log-level=debug"
arguments when DEBUG? is true.
* doc/guix.texi (Miscellaneous Services): Update doc.
* gnu/system/file-systems.scm (%control-groups): Add "pids".
* gnu/services/docker.scm (docker-shepherd-service): Resolve a TODO.
This has allowed me to make a specific configuration of nsjail work.
* gnu/packages/linux.scm (singularity)[source](snippet): Change file
name of setuid helpers in libexec/cli/*.exec.
[arguments]: Remove "--disable-suid".
* gnu/services/docker.scm (%singularity-activation): New variable.
(singularity-setuid-programs): New procedure.
(singularity-service-type): New variable.
* gnu/tests/singularity.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (Miscellaneous Services): Document it.
The Docker proxy enables inter-container and outside-to-container loopback,
and is required by the Docker registry server.
* gnu/services/docker.scm (docker-configuration)[proxy,
enable-proxy?]: Add fields.
(docker-shepherd-service): Use them.
(serialize-boolean): New function.
Zheng Junjie
Giacomo Leidi
Connor Clark
Sam Lockart
Oleg Pykhalov
Tobias Geerinckx-Rice
Alexey Abramov
Brice Waegeneire
Maxim Cournoyer
Efraim Flashner
Jesse Dowell
Jakub Kądziołka
Ludovic Courtès
Danny Milosavljevic