search

nestybox / sysbox-pkgr

Sysbox-pkgr repository
5 stars 14 forks source link

Add WSL2 detector #121

Closed arukiidou closed 9 months ago

arukiidou commented 9 months ago

summary

install

wsl --install --no-distribution
wsl --install --distribution Ubuntu-22.04
sudo apt-get update
sudo apt-get upgrade -y
sudo apt-get install -y ca-certificates curl gnupg jq

# install docker
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
echo 'deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu jammy stable' | sudo tee /etc/apt/sources.list.d/docker.list
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

# install sysbox
sudo dpkg -i /app/sysbox-ce_0.6.3.linux_amd64.deb
echo -e '{
   "runtimes": {
      "sysbox-runc": {
         "path": "/usr/bin/sysbox-runc"
      }
   }
}' | sudo tee /etc/docker/daemon.json

install-logs

$ sudo dpkg -i /app/sysbox-ce_0.6.3.linux_amd64.deb
[sudo] password for sysbox:
(Reading database ... 24514 files and directories currently installed.)
Preparing to unpack .../sysbox-ce_0.6.3.linux_amd64.deb ...
Unpacking sysbox-ce (0.6.3.linux) over (0.6.3.linux) ...
Setting up sysbox-ce (0.6.3.linux) ...
WSL2 detected, enable_unprivileged_userns skipped.
WSL2 detected, check_kernel_headers skipped.

Tests

# ✅OK
services:
  dind-sysbox:
    image: docker.io/library/docker:24.0.7-alpine3.19
    container_name: dind
    runtime: sysbox-runc
    privileged: false
    tty: true
$ sudo docker compose up -d
[+] Running 1/1
 ✔ Container dind  Started                                                                                                                                   1.4s
$ sudo docker container ls -a
CONTAINER ID   IMAGE                      COMMAND                  CREATED         STATUS         PORTS           NAMES
0f70116fe635   docker:24.0.7-alpine3.19   "dockerd-entrypoint.…"   6 seconds ago   Up 3 seconds   2375-2376/tcp   dind
$ sudo docker container logs dind
Certificate request self-signature ok
subject=CN = docker:dind server
/certs/server/cert.pem: OK
Certificate request self-signature ok
subject=CN = docker:dind client
/certs/client/cert.pem: OK
iptables v1.8.10 (nf_tables)
mount: mounting none on /sys/kernel/security failed: No such device
Could not mount /sys/kernel/security.
AppArmor detection and --privileged mode might break.
INFO[2024-01-12T12:58:17.428526877Z] Starting up
INFO[2024-01-12T12:58:17.450378076Z] containerd not running, starting managed containerd
INFO[2024-01-12T12:58:17.451148976Z] started new containerd process                address=/var/run/docker/containerd/containerd.sock module=libcontainerd pid=175
INFO[2024-01-12T12:58:17.465263075Z] starting containerd                           revision=091922f03c2762540fd057fba91260237ff86acb version=v1.7.6
arukiidou commented 9 months ago

Comparison Test - runc example

# ⚠️OK, But privilaged
services:
  dind-runc:
    image: docker.io/library/docker:24.0.7-alpine3.19
    container_name: dind
    runtime: runc
    privileged: true
    tty: true
$ sudo docker compose up -d
[+] Running 1/1
 ✔ Container dind  Started                                                                                                                                   0.0s
$ sudo docker container ls -a
CONTAINER ID   IMAGE                      COMMAND                  CREATED         STATUS         PORTS           NAMES
572db259fcea   docker:24.0.7-alpine3.19   "dockerd-entrypoint.…"   5 seconds ago   Up 3 seconds   2375-2376/tcp   dind
$ sudo docker container logs dind
Certificate request self-signature ok
subject=CN = docker:dind server
/certs/server/cert.pem: OK
Certificate request self-signature ok
subject=CN = docker:dind client
/certs/client/cert.pem: OK
iptables v1.8.10 (nf_tables)
INFO[2024-01-12T12:54:45.563754970Z] Starting up
INFO[2024-01-12T12:54:45.565414670Z] containerd not running, starting managed containerd
INFO[2024-01-12T12:54:45.568005470Z] started new containerd process                address=/var/run/docker/containerd/containerd.sock module=libcontainerd pid=63
INFO[2024-01-12T12:54:45.664620163Z] starting containerd                           revision=091922f03c2762540fd057fba91260237ff86acb version=v1.7.6

runc example - unprivileged

# ❌Failed.
services:
  dind-runc:
    image: docker.io/library/docker:24.0.7-alpine3.19
    container_name: dind
    runtime: runc
    privileged: false
    tty: true

$ sudo docker compose up -d
[+] Running 1/1
 ✔ Container dind  Started                                                                                                                                   0.0s
$ sudo docker container ls -a
CONTAINER ID   IMAGE                      COMMAND                  CREATED         STATUS                     PORTS     NAMES
d40201e6f247   docker:24.0.7-alpine3.19   "dockerd-entrypoint.…"   9 seconds ago   Exited (1) 5 seconds ago             dind
$ sudo docker container logs dind
ip: can't find device 'nf_tables'
modprobe: can't change directory to '/lib/modules': No such file or directory
ip: can't find device 'ip_tables'
modprobe: can't change directory to '/lib/modules': No such file or directory
iptables v1.8.10 (nf_tables)
mount: permission denied (are you root?)
KarenTazayan commented 8 months ago

Hi @arukiidou! Where I can take this package?

sudo dpkg -i /app/sysbox-ce_0.6.3.linux_amd64.deb

ctalledo commented 8 months ago

Hi @KarenTazayan,

Not sure if I understand your question, but the Sysbox packages are here.

Hope that helps!

KarenTazayan commented 8 months ago

Hi @ctalledo,

I see, thank you!

arukiidou commented 8 months ago

@KarenTazayan It looks like v0.6.3, but It looks like v0.6.3, but it is actually the dev version. It has not been released yet.

@ctalledo Could you please cut v0.6.4 or v0.7.0 at this time?

ctalledo commented 8 months ago

Could you please cut v0.6.4 or v0.7.0 at this time?

Yes we are shooting for 3/1/24 or earlier.

felipecrs commented 7 months ago

Is there any expectation to cut a release with this improvement soon?

ctalledo commented 6 months ago

Is there any expectation to cut a release with this improvement soon?

Apologies for the delay; we've been busy with other work at Docker, but also adding a few more improvements to Sysbox. Shooting for a Sysbox-CE release by 4/5/24.