Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Readme with information about Docker container #242

Closed
wants to merge 2 commits into from
Closed

Update Readme with information about Docker container #242

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
883cc7c
docker: Update example docker usage command
obbardc Nov 26, 2020
342f263
readme: Reword some of the usage and installation instructions
obbardc Nov 26, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 3 additions & 7 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,14 +57,10 @@ https://godoc.org/github.com/go-debos/debos/actions

## Installation (Docker container)

Official debos container is available:
```
docker pull godebos/debos
```
A Docker container containing the latest version of Debos is available from [Docker Hub](https://hub.docker.com/r/godebos/debos).
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should point to ghcr first

See [docker/README.md](https://github.com/go-debos/debos/blob/master/docker/README.md) for more information and usage.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also the links in this file need to be modified


See [docker/README.md](https://github.com/go-debos/debos/blob/master/docker/README.md) for usage.

## Installation (under Debian)
## Installation from source (under Debian)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add a section about installing from packages in debian


sudo apt install golang git libglib2.0-dev libostree-dev qemu-system-x86 \
qemu-user-static debootstrap systemd-container
Expand Down
10 changes: 8 additions & 2 deletions docker/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ docker pull godebos/debos
```

Debos needs virtualization to be enabled on the host and shared with the container.

Check that `kvm` is enabled and writable by the user running the docker container by running ```ls /dev/kvm```

## Usage
Expand All @@ -17,7 +16,14 @@ Check that `kvm` is enabled and writable by the user running the docker containe
To build `recipe.yaml`:
```
cd <PATH_TO_RECIPE_DIR>
docker run --rm --interactive --tty --device /dev/kvm --user $(id -u) --workdir /recipes --mount "type=bind,source=$(pwd),destination=/recipes" --security-opt label=disable godebos/debos <RECIPE.yaml>
docker run --rm --interactive --tty \
--device /dev/kvm \
--user $(id -u):$(id -g) \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that's typically not needed

--group-add $(getent group kvm | cut -d: -f3) \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

kvm has uaccess tagged on modern systems so this is also not needed

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

right, just having a look at this again since i don't fully understand the permissions here.
kvm has uaccess tagged on my system, and my user is part of the kvm group:

$ ls -la /dev/kvm
crw-rw----+ 1 root kvm 10, 232 Jan 28 09:36 /dev/kvm

$ getfacl /dev/kvm
getfacl: Removing leading '/' from absolute path names
# file: dev/kvm
# owner: root
# group: kvm
user::rw-
user:obbardc:rw-
group::rw-
mask::rw-
other::---

debos with kvm backend runs when i run it locally outside of docker, but not inside a container it breaks without this hunk of the patch:

$ docker run --rm --interactive --tty --device /dev/kvm --user $(id -u) --workdir /recipes --mount "type=bind,source=$(pwd),destination=/recipes" --security-opt label=disable godebos/debos:bullseye doc/examples/example.yaml
Could not access KVM kernel module: Permission denied
qemu-system-x86_64: failed to initialize kvm: Permission denied
error starting kvm backend: <nil>

i am probably doing something wrong here, or my system is configured incorrectly!

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hm seems like if i remove the --user arg from docker then it works fine, but then i loose the file permissions on the recipies bind mount

--workdir /recipes \
--mount "type=bind,source=$(pwd),destination=/recipes" \
--security-opt label=disable \
godebos/debos recipe.yaml
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use ghcr

```

## Container build
Expand Down