Docker image format with services

unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed

* Docker image format with services
@ 2023-04-18 19:49 Jack Hill
  0 siblings, 0 replies; 3+ messages in thread
From: Jack Hill @ 2023-04-18 19:49 UTC (permalink / raw)
  To: help-guix

Hi Guix,

I have a need to build some Docker images (well, really OCI-compliant 
images) to run some service on computing systems that I don't manage. I 
thought I would use `guix system image` to build these images. In order to 
get a feel for it, I'm testing it out with the docker service running on 
my Guix System (commit 50dd91bc30634c75c0001cfd38bbcc2fbbeb894e).

So far, I've created an image from this file with `guix system image filename.scm`:

```
(use-modules (gnu)
              (gnu image)
              (gnu system image))
(use-service-modules databases ssh)
(use-package-modules databases linux)

(define container-os
   (operating-system
    (host-name "container")
    (timezone "America/New_York")
    (kernel linux-libre)
    (bootloader (bootloader-configuration
                 (bootloader grub-efi-bootloader)
                 (targets '("/dev/sdX"))))
    (file-systems '())
    (packages %base-packages)
    (users (cons* (user-account
                   (name "jackhill")
                   (comment "Jack Hill")
                   (group "users")
                   (supplementary-groups '("wheel" )))
                  %base-user-accounts))
    (services
     (cons* (service openssh-service-type
                     (openssh-configuration
                      (port-number 2222)
                      (password-authentication? #f)
                      (authorized-keys
                       `(("jackhill" ,(local-file 
"/home/jackhill/.ssh/id_ed25519.pub"))))))
            (service postgresql-service-type
                     (postgresql-configuration
                      (postgresql postgresql-14)
                      (config-file
                       (postgresql-config-file
                        (log-destination "stderr")
                        (hba-file
                         (plain-file "pg_hba.conf"
                                     "
local all all trust
host all all 172.17.0.1/32 trust"))
                        (extra-config
                         '(("listen_addresses" "*")
                           ("log_directory"    "/var/log/postgresql")))))))
            (service postgresql-role-service-type
                     (postgresql-role-configuration
                      (roles
                       (list (postgresql-role
                              (name "test")
                              (create-database? #t))))))
            %base-services))))

(define container-image
   (image
    (format 'docker)
    (operating-system container-os)
    (shared-network? #t)))

container-image
```

I then load that into docker: `docker load < /gnu/store/…tar.gz`, and run 
it with `docker run guix`.

So far, so good. However, ssh-daemon and postgres don't start. If I then 
get a shell in the running container with `docker exec -ti … /bin/sh`, I 
can see that `herd status` reports that those services are stopped. Trying 
to start either service fails:

```
sh-5.1# herd start ssh-daemon
herd: exception caught while executing 'start' on service 'loopback':
Throw to key `%exception' with args `("#<&netlink-response-error errno: 1>")'.
sh-5.1# herd start postgres
herd: exception caught while executing 'start' on service 'loopback':
Throw to key `%exception' with args `("#<&netlink-response-error errno: 1>")'.
```

What's going on here? Is this a disagreement between shepherd and docker 
about who's in charge of the networking? What's the right way to create a 
docker system image that can run services?

Or, alternatively, is system image the way to go here? I haven't yet 
explored running these services from a `guix pack` produced image, but I 
suppose that could work as well?

Thanks!
Jack

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Docker image format with services
@ 2023-04-30  8:20 Markku Korkeala
  2023-05-02 18:53 ` Jack Hill
  0 siblings, 1 reply; 3+ messages in thread
From: Markku Korkeala @ 2023-04-30  8:20 UTC (permalink / raw)
  To: Help-Guix

Hi all,

just joined here, so I couldn't reply to the actual actual email, I 
copied the below message from the archive to this email

On 4/18/23 02:05, Jack Hill wrote:
> I then load that into docker: `docker load < /gnu/store/…tar.gz`, and 
> run it with `docker run guix`.
> 
> So far, so good. However, ssh-daemon and postgres don't start. If I 
> then get a shell in the running container with `docker exec -ti … 
> /bin/sh`, I can see that `herd status` reports that those services are 
> stopped. Trying to start either service fails:
> 
> 
> ```
> sh-5.1# herd start ssh-daemon
> herd: exception caught while executing 'start' on service 'loopback':
> Throw to key `%exception' with args `("#<&netlink-response-error errno: 
> 1>")'.
> sh-5.1# herd start postgres
> herd: exception caught while executing 'start' on service 'loopback':
> Throw to key `%exception' with args `("#<&netlink-response-error errno: 
> 1>")'.

I tried something similar and got the same error message, though I used 
podman instead of docker. But anyways, I was able to get it to work by 
building the container image with --network flag:

guix system image --network --image-type=docker filename.scm

Hope this helps.

Best wishes,
Markku


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Docker image format with services
  2023-04-30  8:20 Markku Korkeala
@ 2023-05-02 18:53 ` Jack Hill
  0 siblings, 0 replies; 3+ messages in thread
From: Jack Hill @ 2023-05-02 18:53 UTC (permalink / raw)
  To: Markku Korkeala; +Cc: help-guix

On Sun, 30 Apr 2023, Markku Korkeala wrote:

> Hi all,
>
> just joined here, so I couldn't reply to the actual actual email, I copied 
> the below message from the archive to this email
>
> On 4/18/23 02:05, Jack Hill wrote:
>> I then load that into docker: `docker load < /gnu/store/…tar.gz`, and run 
>> it with `docker run guix`.
>> 
>> So far, so good. However, ssh-daemon and postgres don't start. If I then 
>> get a shell in the running container with `docker exec -ti … /bin/sh`, I 
>> can see that `herd status` reports that those services are stopped. Trying 
>> to start either service fails:
>> 
>> 
>> ```
>> sh-5.1# herd start ssh-daemon
>> herd: exception caught while executing 'start' on service 'loopback':
>> Throw to key `%exception' with args `("#<&netlink-response-error errno: 
>> 1>")'.
>> sh-5.1# herd start postgres
>> herd: exception caught while executing 'start' on service 'loopback':
>> Throw to key `%exception' with args `("#<&netlink-response-error errno: 
>> 1>")'.
>
> I tried something similar and got the same error message, though I used 
> podman instead of docker. But anyways, I was able to get it to work by 
> building the container image with --network flag:
>
> guix system image --network --image-type=docker filename.scm
>
> Hope this helps.

That does help, thanks!

I used the same scm file, including the (shared-network? #t) image filed, 
but added the --network cli switch, and the images are working for me now 
too. I thought that the cli switch and field were supposed to do the same 
thing.

I guess this is a bug. However, I'm not sure yet if it's in my understand 
or in Guix 😁.

Thanks!
Jack

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2023-05-02 18:54 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-18 19:49 Docker image format with services Jack Hill
  -- strict thread matches above, loose matches on Subject: below --
2023-04-30  8:20 Markku Korkeala
2023-05-02 18:53 ` Jack Hill

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).