Container based OS: busybox + rustysd + crun + gpm build with linuxkit

[pwFoo]

Build initrd+kernel with linuxkit. Init is based on busybox init (prepare host, generate unitfiles without dependencies for now...) and rustysd (start linuxkit services).

all dockerfiles, linuxkit yml is included here: https://github.com/pwFoo/DenglerOS

/ # crun list
NAME   PID       STATUS   BUNDLE PATH                            
rngd   693       running  /containers/services/rngd              
docker 694       running  /containers/services/docker            
udhcpc 695       running  /containers/services/udhcpc            
mdevd  696       running  /containers/services/mdevd             

/ # rsdctl /notifications/control.socket status
Write cmd: {"jsonrpc":"2.0","method":"status"}
[2020-02-22][16:53:17][rustysd::control::control][TRACE] Execute command: Status(None)
Wait for response
Got response
{
  "jsonrpc": "2.0",
  "result": [
    {
      "Name": "init.target",
      "Status": "Started"
    },
    {
      "Name": "rngd.service",
      "Restarted": "0",
      "Sockets": [],
      "Status": "Started",
      "UpSince": "65.858849801s"
    },
    {
      "Name": "onboot.target",
      "Status": "Started"
    },
    {
      "Name": "network.target",
      "Status": "Started"
    },
    {
      "Name": "docker.service",
      "Restarted": "0",
      "Sockets": [],
      "Status": "Started",
      "UpSince": "65.783275025s"
    },
    {
      "Name": "mdevd.service",
      "Restarted": "0",
      "Sockets": [],
      "Status": "Started",
      "UpSince": "65.73633628s"
    },
    {
      "Name": "default.target",
      "Status": "Started"
    },
    {
      "Name": "udhcpc.service",
      "Restarted": "0",
      "Sockets": [],
      "Status": "Started",
      "UpSince": "65.75102832s"
    },
    {
      "Name": "services.target",
      "Status": "Started"
    }
  ]
}

@KillingSpark @cdbattags @justincormack

13 #15

[pwFoo]

Run docker container from host:

crun exec -ti docker docker run --rm -ti alpine sh

[KillingSpark]

This is really cool! Are you running this in a VM?

[pwFoo]

Tested with qemu and dell notebook.

[pwFoo]

All processes run inside of a rustysd controlled crun container:

(none):/# ps aux  | grep -v '\['
PID   USER     TIME  COMMAND
    1 root      0:04 /init splash
  843 root      0:00 /usr/sbin/rustysd
  844 root      0:00 -/bin/sh
  858 root      0:00 {11} crun --log /var/log/crun.log run --no-pivot --bundle /containers/services/udhcpc/ udhcpc
  859 root      0:00 {11} crun --log /var/log/crun.log run --no-pivot --bundle /containers/services/rngd/ rngd
  860 root      0:00 {11} crun --log /var/log/crun.log run --no-pivot --bundle /containers/services/sshd/ sshd
  863 root      0:00 {11} crun --log /var/log/crun.log run --no-pivot --bundle /containers/services/docker/ docker
  867 root      0:00 /bin/udhcpc -f -s /usr/share/udhcpc/default.script
  868 root      0:00 /usr/sbin/rngd -f -r /dev/urandom -p /var/run/rngd.pid
  869 root      0:00 /usr/sbin/dropbear -R -F -E
  875 root      0:00 /usr/local/bin/docker-init /usr/local/bin/dockerd
  884 root      0:00 /usr/local/bin/dockerd
  894 root      0:05 docker-containerd --config /var/run/docker/containerd/containerd.toml
 1180 root      0:00 /usr/sbin/dropbear -R -F -E
 1181 root      0:00 -ash
 1183 root      0:00 /bin/sh

Added dropbear sshd for some custom needs (connect from remote workstation)... But you need to set a password from within the sshd container to enable logins!

crun exec -t sshd passwd

Everyone who wants to help improve the system and make it usable is welcome!

In the past I created docker images for xorg, fluxbox, chromium, ... and I could update and provide them.

[pwFoo]

I done a rewrite of my build script for my custom fun linux called "DenglerOS"... It would need improvements and clean up script code... but it works with first tests.

build script: https://github.com/dengleros/dosctl example yml: https://github.com/dengleros/DenglerOS/blob/master/dengleros.yml

Some first examples from readme file.

build os

dosctl installed to your PATH, change to a (empty) working directory and build kernel+initrd

dosctl os <YML-FILE>
dosctl <YML-FILE>

run os

Execute from the same working directory as above. YML-File or project name (YML file name without extension). Local installed qemu is needed.

dosctl run <YML-FILE>

Build docker image

dosctl img dengleros/os-rustysd:latest -build -push

services in container

All services run in crun container.

/ # crun list 
NAME   PID       STATUS   BUNDLE PATH                            
rngd   825       running  /containers/services/rngd              
udhcpc 826       running  /containers/services/udhcpc            
mdevd  827       running  /containers/services/mdevd             
sshd   824       running  /containers/services/sshd

gpm package manager

Successfully booted DenglerOS try to install example package with gpm (git package manager)

gpm update
gpm install docker
/prepare.sh /containers/services/docker  # workaround to update unitfile... without trailing "/"!!!
rsdctl /notifications/control.socket reload  # update / add new service to rustysd
rsdctl /notifications/control.socket restart docker.service   # (re-)start service "docker"
crun exec -t docker docker run --rm -ti alpine sh   # :)

[KillingSpark]

I love the idea of having all services in their respective crun container instead of having rustysd do all that work (like systemd decided to do it)

[pwFoo]

Restart unit seems to be a problem. Maybe because of the time needed to stop a running crun container. But I like the base. Works fine. But would need some improvements and extensions...

[KillingSpark]

Could you describe more what problems arise when restarting a unit?

[pwFoo]

First I try to optimize and do some more tests ;)