申威(神/声)(SW)1621 + UOS 20 编译安装 Docker | 容器国产化适配 - Frytea's Blo...
source link: https://blog.frytea.com/archives/598/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
申威(神 / 声)(SW)1621 + UOS 20 编译安装 Docker | 容器国产化适配
November 10, 2021 • Read: 60 • 编程开发
本文首发于: https://blog.frytea.com/archives/598/
- OS:
UOS 20 1021 12011.101 - CPU:
SW_64SW1621
本地编译 runc
1. 解压 runc 源码至 ~/go/src/github.com/opencontainers 目录;
~/go/
└── src
└── github.com
└── opencontainers
└── runc
2. 进入 runc 主目录,替换 vendor/golang.org/x/sys/unix 目录为申威平台 golang1.14.1 源码 go-sw64-1.14.1/src/cmd/vendor/golang.org/x/sys/unix 目录。
3. 修改 libcontainer/system/syscall_linux_64.go 文件,在文件头添加 sw64 架构定义 //+build sw64。
$ head libcontainer/system/syscall_linux_64.go
// +build sw64
// +build linux
// +build arm64 amd64 mips mipsle mips64 mips64le ppc ppc64 ppc64le riscv64 s390x sw64
4. 修改 Makefile,去掉 runc 编译过程的 - buildmode=pie,执行 make && make install 进行编译、安装。
$ make
go build -ldflags "-X main.gitCommit="04433551a33fa0c5e1c547759074e4bce9a7ecde-dirty" -X main.version=1.0.0-rc10 " -tags "seccomp" -o runc .
$ sudo make install
install -D -m0755 runc /usr/local/sbin/runc
本地编译 containerd
1. 解压 containerd 源码至 ~/go/src/github.com/containerd 目录,重命名为 containerd;
~/go/
└── src
└── github.com
└── containerd
└── containerd
2. 进入 containerd 主目录,替换 vendor/golang.org/x/sys/unix 目录为申威平台 golang1.14.1 源码中的 go-sw64-1.14.1/src/cmd/vendor/golang.org/x/sys/unix 目录。
cp -r ~/go-sw64-1.14.1/src/cmd/vendor/golang.org/x/sys/unix vendor/golang.org/x/sys/unix
3. 修改 vendor/github.com/containerd/fifo/handle_linux.go 文件,并将 const O_PATH=010000000 改为 040000000 。
$ vim vendor/github.com/containerd/fifo/handle_linux.go
- const O_PATH = 010000000
+ const O_PATH = 040000000
4. 修改 platforms/database.go 文件,在 isKnownArch 函数中添加 sw64
// isKnownArch returns true if we know about the architecture.
// The arch value should be normalized before being passed to this function.
func isKnownArch(arch string) bool {
switch arch {
case "386", "amd64", "amd64p32", "arm", "armbe", "arm64", "arm64be", "ppc64", "ppc64le", "mips", "mipsle", "mips64", "mips64le", "mips64p32", "mips64p32le", "ppc", "riscv", "riscv64", "s390", "s390x", "sparc", "sparc64", "wasm", "sw64":
return true
return false
5. 修改 containerd 主目录下的 Makefile.linux 文件,取消 sw64 的 -buildmode=pie 编译选项,执行 make && make install 进行编译、安装。
$ vim Makefile.linux
ifeq ($(GOOS),linux,!sw64)
GO_GCFLAGS +=
endif
$ make
+ bin/ctr
+ bin/containerd
+ bin/containerd-stress
+ bin/containerd-shim
+ bin/containerd-shim-runc-v1
+ bin/containerd-shim-runc-v2
+ binaries
$ sudo make install
+ install bin/ctr bin/containerd bin/containerd-stress bin/containerd-shim bin/containerd-shim-runc-v1 bin/containerd-shim-runc-v2
- 使用
systemd管理containerd服务。首先将containerd主目录下的containerd.service文件复制到/usr/lib/systemd/system/目录,然后执行systemctl daemon-reload、systemctl start containerd、systemctl enable containerd,最后执行systemctl status containerd查看服务状态。
$ sudo cp containerd.service /usr/lib/s
ystemd/system/
songtianlun@user-uos:~/go/src/github.com/containerd/containerd$ systemctl daemon-reload
==== AUTHENTICATING FOR org.freedesktop.systemd1.reload-daemon ===
Info: Verification successful
==== AUTHENTICATION COMPLETE ===
$ sudo systemctl enable containerd
$ sudo systemctl start containerd
$ sudo systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/lib/systemd/system/containerd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2021-11-10 10:00:29 CST; 1h 9min ago
Docs: https://containerd.io
Main PID: 707 (containerd)
Tasks: 22
Memory: 50.8M
CGroup: /system.slice/containerd.service
└─707 /usr/local/bin/containerd
本地编译 docker 相关组件
解压 docker-ce-18.09.zip ,将 components 目录下的 cli 和 engine 复制到 ~/go/src/github.com/docker 目录下,并将 engine 目录改名为 docker ,分别编译得到 docker-cli 及 dockerd 组件。
~/go/
└── src
└── github.com
└── docker
├── cli
└── docker
编译 docker-cli
1. 进入 cli 目录,替换 vendor/golang.org/x/sys/unix 目录为申威平台 golang1.14.1 源码中的 go-sw64-1.14.1/src/cmd/vendor/golang.org/x/sys/unix 目录。
$ cp -r ~/go-sw64-1.14.1/src/cmd/vendor/golang.org/x/sys/unix vendor/golang.org/x/sys/unix
2. 修改 vendor/github.com/containerd/fifo/handle_linux.go 文件,并将 const O_PATH=010000000 改为 040000000。
$ vim vendor/github.com/containerd/fifo/handle_linux.go
- const O_PATH = 010000000
+ const O_PATH = 040000000
3. 执行 make VERSION=18.09.9 进行本地编译,编译后得到的二进制文件在 build 目录下。
$ make VERSION=18.09.9
WARNING: you are not in a container.
Use "make -f docker.Makefile " or set
DISABLE_WARN_OUTSIDE_CONTAINER=1 to disable this warning.
Press Ctrl+C now to abort.
WARNING: binary creates a Linux executable. Use cross for macOS or Windows.
./scripts/build/binary
Building statically linked build/docker-linux-sw64
$ sudo cp docker /usr/bin/
编译 dockerd
1. 进入 docker 目录,替换 vendor/golang.org/x/sys/unix 目录为申威平台 golang1.14.1 源码中的 go-sw64-1.14.1/src/cmd/vendor/golang.org/x/sys/unix 目录。
$ cp -r ~/data/go-sw64-1.14.1/src/cmd/vendor/golang.org/x/sys/unix vendor/golang.org/x/sys/unix
2. 修改 vendor/github.com/containerd/fifo/handle_linux.go 文件,将 const O_PATH=010000000 改为 040000000。
$ vim vendor/github.com/containerd/fifo/handle_linux.go
- const O_PATH = 010000000
+ const O_PATH = 040000000
3. 修改 vendor/github.com/containerd/containerd/platforms/database.go 文件,在 isKnownArch 函数中添加 sw64 。
// isKnownArch returns true if we know about the architecture.
// The arch value should be normalized before being passed to this function.
func isKnownArch(arch string) bool {
switch arch {
case "386", "amd64", "amd64p32", "arm", "armbe", "arm64", "arm64be", "ppc64", "ppc64le", "mips", "mipsle", "mips64", "mips64le", "mips64p32", "mips64p32le", "ppc", "riscv", "riscv64", "s390", "s390x", "sparc", "sparc64", "wasm", "sw64":
return true
return false
4. 修改 vendor/github.com/opencontainers/runc/libcontainer/system/syscall_linux_64.go 文件,在文件头添加 //+build sw64 。
$ head vendor/github.com/opencontainers/runc/libcontainer/system/syscall_linux_64.go
// +build linux
// +build arm64 amd64 mips mipsle mips64 mips64le ppc ppc64 ppc64le s390x sw64
5. 修改 hack/make/.binary 文件,取消 linux/sw64 平台的 buildmode=pie 选项。
case "$(go env GOOS)/$(go env GOARCH)" in
windows/*|linux/mips*|linux/sw64)
BUILDFLAGS+=( "" )
6. 执行 `VERSION=18.09.9 GOPATH="/root/go" DOCKER_GITCOMMIT=new ./hack/make.sh
dynbinary-daemon 进行本地编译,编译后得到的二进制文件在 bundles` 目录下。
$ VERSION=18.09.9 GOPATH="/home/songtianlun/go" DOCKER_GITCOMMIT=new ./hack/make.sh
$ sudo cp bundles/binary-daemon/dockerd /usr/bin/
sudo VERSION=18.09.9 GOPATH="/home/songtianlun/go" DOCKER_GITCOMMIT=new KEEPBUNDLE=1 ./hack/make.sh install-binary
编译 docker-init
1. 解压 tini 源码,进入 tini 主目录;
$ wget https://github.com/krallin/tini/archive/refs/tags/v0.19.0.tar.gz
$ mv v0.19.0.tar.gz tini-v0.19.0.tar.gz
$ tar xvf tini-v0.19.0.tar.gz
$ cd tini-0.19.0
2. 执行 cmake . && make tini-static ,编译得到 tini-static 二进制文件;
$ cmake .
-- The C compiler identification is GNU 8.3.0
-- Check for working C compiler: /usr/bin/cc
-- Check for working C compiler: /usr/bin/cc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
fatal: 不是一个 git 仓库:'/home/songtianlun/data/tini-0.19.0/.git'
fatal: 不是一个 git 仓库:'/home/songtianlun/data/tini-0.19.0/.git'
-- Performing Test HAS_BUILTIN_FORTIFY
-- Performing Test HAS_BUILTIN_FORTIFY - Failed
-- Configuring done
-- Generating done
-- Build files have been written to: /home/songtianlun/data/tini-0.19.0
$ make tini-static
Scanning dependencies of target tini-static
[ 50%] Building C object CMakeFiles/tini-static.dir/src/tini.c.o
[100%] Linking C executable tini-static
[100%] Built target tini-static
3. 执行 cp tini-static docker-init,得到 docker-init。
sudo cp docker-init /usr/bin/
编译 docker-proxy
1. 解压 libnetwork 源码到 ~/go/src/github.com 目录,重命名为 libnetwork ;
$ git clone https://github.com/moby/libnetwork.git
2. 进入 libnetwork 主目录,替换 vendor/golang.org/x/sys/unix 目录为申威平台 golang1.14.1 源码中的 go-sw64-1.14.1/src/cmd/vendor/golang.org/x/sys/unix 目录。
$ cp -r ~/data/go-sw64-1.14.1/src/cmd/vendor/golang.org/x/sys/unix vendor/golang.org/x/sys/unix
3. 进入 cmd/proxy 目录,执行 CGO_ENABLED=0 go build -o docker-proxy ,得到 docker-proxy 二进制文件。
$ go get
$ CGO_ENABLED=0 go build -o docker-proxy
$ sudo cp docker-proxy /usr/bin/
本地编译安装验证
1. 按上述步骤安装 runc 、 containerd ,并启动 containerd 服务;
2. 复制编译得到的二进制文件 docker 、 dockerd 、 docker-init 、 docker-proxy 到 /usr/bin 目录下;
- 将
docker/contrib/init/systemd目 录 下 的docker.service和docker.socket文 件 复 制 到/lib/systemd/system目录下,添加docker组:groupadd --system docker。
$ sudo cp ~/go/src/github.com/docker/docker/contrib/init/systemd/docker.service /lib/systemd/system/
$ sudo cp ~/go/src/github.com/docker/docker/contrib/init/systemd/docker.socket /lib/systemd/system/
4. 执行 systemctl daemon-reload 、 systemctl start docker 、 systemctl enable docker 启动 docker 服务。
$ sudo systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2021-11-10 17:32:07 CST; 4min 33s ago
Docs: https://docs.docker.com
Main PID: 815 (dockerd)
Tasks: 21 (limit: 4915)
Memory: 94.9M
CGroup: /system.slice/docker.service
└─815 /usr/bin/dockerd -H fd://
拉取测试镜像
docker pull harbor.sh.deepin.com/library/minideb:latest
docker 运行
docker run -d -it harbor.sh.deepin.com/library/minideb sh
- 解决
Package libseccomp was not found in the pkg-config search path.
sudo apt install libseccomp-dev
fatal error: btrfs/ioctl.h: No such file or directory
$ sudo apt-get install libbtrfs-dev
$ yum install btrfs-progs-devel
Package devmapper was not found in the pkg-config search path.
$ sudo apt-get install libdevmapper-dev
$ yum install device-mapper-devel
Iptables/1.8.2 Failed to initialize nft: Protocol not supported
# update-alternatives --set iptables /usr/sbin/iptables-legacy
# update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
# update-alternatives --set arptables /usr/sbin/arptables-legacy
# update-alternatives --set ebtables /usr/sbin/ebtables-legacy
附件若无法下载请转到本文的 Notion 共享页下载:https://fryteacs.notion.site/SW-1621-UOS-20-Docker-c1d7ff16b6a4492a99c794fab253b24d
---------------------
Author: Frytea
Title: 申威(神 / 声)(SW)1621 + UOS 20 编译安装 Docker | 容器国产化适配
Link: https://blog.frytea.com/archives/598/
Copyright: This work by TL-Song is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK