An official docker image for kimchi

[kosli]

It would be nice to have an "official" docker for kimchi.

[alinefm]

Hi @kosli

By official, do you mean an docker image provided by Kimchi community?

[kosli]

@alinefm yes exactly, an image that is, like kimchi itself, provided by the community

[overcookedTOFU]

An official docker image would be fantastic. However, correct me if I am wrong, but I think running kimchi/wok in a docker container will require kimchi to support non-local servers (as docker networking essentially places the container behind IPv4 NAT).[1] If so, resolving this will require #1132 and some additional documentation.

If not, I'm happy to give creating a dockerfile a shot [2] (though I have no experience with creating docker images).

Once we have a working dockerfile, we would need to create a docker hub organization and an automated build so that a new docker image is created whenever updates are released. [3]

One thing that might make this easier is if we could start using github's release tagging functionality [4] for both the kimchi and wok repositories. That way, it will be easy to create a stable release branch in Docker Hub that only updates when a new stable version is available. (Actually, we should probably be using github releases anyhow!)

[1] https://docs.docker.com/engine/userguide/networking/#default-networks [2] https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/ [3] https://docs.docker.com/docker-hub/orgs/ [4] https://help.github.com/articles/creating-releases/

[dmnc-net]

Agree with #1132. As the NAT issue, AFAIK docker can be configured also with bridge, host network stack, etc. (i.e. --net="host") https://docs.docker.com/engine/reference/run/#network-settings

There are some docker templates like mbentley/kimchi but I would recommend to use Alpine Linux instead of Debian Jessie, so try this image just for testing...

[alinefm]

Hi @overcookedTOFU

I am not familiar with docker to guide you through that. So maybe there is a way to have some docker file for Kimchi without the dependency of having it managing remote servers. Maybe something related to what @dmnc-net said above.

[Nottt]

Any news on this? I'm building a docker myself with kimchi, as I want a portable way to deploy all the necessary stuff to building VM's with KVM and a web interface using kimchi

[dottgonzo]

+1

[ndunks]

docker or lxd will be great

[mark-stopka]

Is there work being done on this front?

[tylerszabo]

I took a stab at it and there are some limitations.

Here's a Dockerfile

ARG UBUNTU_VERSION=19.10

ARG PUB=/pub
ARG SRC=/src

FROM ubuntu:${UBUNTU_VERSION} AS builder

ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update \
  && apt-get install -y git gcc make autoconf automake git python3-pip python3-requests python3-mock gettext pkgconf xsltproc python3-dev pep8 pyflakes python3-yaml \
  && pip3 install cython libsass pre-commit

ARG PUB
ARG SRC

RUN mkdir -p ${SRC} ${PUB}
RUN git clone --depth 1 --branch 3.0.0 https://github.com/kimchi-project/wok.git ${SRC}/wok
RUN git clone --depth 1 --branch 3.0.0 https://github.com/kimchi-project/kimchi.git ${SRC}/kimchi

WORKDIR ${SRC}/wok
RUN ./autogen.sh --system && make && make deb && mv wok-*.ubuntu.*.deb ${PUB}/

WORKDIR ${SRC}/kimchi
RUN ./autogen.sh --system && make && make deb && mv kimchi-*.deb ${PUB}/

FROM ubuntu:${UBUNTU_VERSION}

ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update
# Wok official deps
RUN apt-get install -y logrotate python3-psutil python3-ldap python3-lxml python3-websockify python3-jsonschema openssl nginx python3-cherrypy3 python3-cheetah python3-pam python3-m2crypto gettext python3-openssl
# Kimchi official deps
RUN apt-get install -y python3-configobj python3-lxml python3-magic python3-paramiko python3-ldap spice-html5 novnc qemu-kvm python3-libvirt python3-parted python3-ethtool python3-guestfs python3-pil python3-cherrypy3 libvirt0 libvirt-daemon-system libvirt-clients nfs-common sosreport open-iscsi libguestfs-tools libnl-route-3-dev

# Additional deps
RUN apt-get install -y sudo python3-distro 

ARG PUB
COPY --from=builder ${PUB} ${PUB}

# Wok's post-installation script expects systemd to be running
RUN dpkg -i ${PUB}/*.deb || true

Start run the container (and pass through the libvirt socket and the TCP port to access).

docker run -p 8001:8001 -it -v /var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock IMAGE_NAME

Run with /bin/wokd. You'll see that there are some issues that will need to be resolved in code such as seeing "psutil.NoSuchProcess no process found" because the PID can't be seen inside the container. In addition Kimchi tries to use vfio-pci directly.

I don't have a lot of context on the project, but if someone with more context is interested in driving the actual development I can set up a Dockerfile and docker-compose config that installs Kimchi from the working tree instead of cloning it from release.