Software development of explosion! -夢の破片(カケラ)たちの日々-

ソフトウェア開発を中心としたコンピューター関連のネタを扱ったブログです

Software development is passion and explosion!

Docker のコンテナーランタイムを Kata containers と Firecracker に切り替える

blog.inductor.me この記事に触発されて、www.pearllinux.com に入れてみました。 上記では、GitHubのリリースからダウンロードされているが、今回はkata-containers のインストールを docker から kata-deploy を使用するようにしてみた。

手順

  1. kata-deploy の install 手順通りに docker run -v /opt/kata:/opt/kata -v /var/run/dbus:/var/run/dbus -v /run/systemd:/run/systemd -v /etc/docker:/etc/docker -it katadocker/kata-deploy kata-deploy-docker install を行う。
$ docker run -v /opt/kata:/opt/kata -v /var/run/dbus:/var/run/dbus -v /run/systemd:/run/systemd -v /etc/docker:/etc/docker -it katadocker/kata-deploy kata-deploy-docker install
Unable to find image 'katadocker/kata-deploy:latest' locally
latest: Pulling from katadocker/kata-deploy
a02a4930cb5d: Pull complete 
c702ea4a22bc: Pull complete 
97ec70278314: Pull complete 
56283ea9568d: Pull complete 
3be7ca42e1f8: Pull complete 
ece4a4e81262: Pull complete 
7051f8fda3fc: Pull complete 
Digest: sha256:3c3a0307572a0903e1f0877ac01e782c5f366fe2b0b0a62eb87da579020929e2
Status: Downloaded newer image for katadocker/kata-deploy:latest
copying kata artifacts onto host
configuring docker
{
  "runtimes": {
    "kata-qemu": {
      "path": "/opt/kata/bin/kata-runtime",
      "runtimeArgs": [ "--kata-config", "/opt/kata/share/defaults/kata-containers/configuration-qemu.toml" ]
    },
    "kata-qemu-virtiofs": {
      "path": "/opt/kata/bin/kata-runtime",
      "runtimeArgs": [ "--kata-config", "/opt/kata/share/defaults/kata-containers/configuration-qemu-virtiofs.toml" ]
    },
     "kata-fc": {
      "path": "/opt/kata/bin/kata-runtime",
      "runtimeArgs": [ "--kata-config", "/opt/kata/share/defaults/kata-containers/configuration-fc.toml" ]
    },
     "kata-clh": {
      "path": "/opt/kata/bin/kata-runtime",
      "runtimeArgs": [ "--kata-config", "/opt/kata/share/defaults/kata-containers/configuration-clh.toml" ]
    }
  }
}
  1. コンソールログ出力された内容を /etc/docker/daemon.json として保存する。
  2. system に反映
sudo systemctl daemon-reload
sudo systemctl restart docker
  1. 動作確認
$ docker run --rm --runtime=kata-fc -itd --name alpine alpine ash
cc5556f76661f4b3ab58dba7c64a1f70c21b53ed85a1d7889a98863f37c06612
docker: Error response from daemon: OCI runtime create failed: rpc error: code = Unknown desc = rootfs (/run/kata-containers/shared/containers/cc5556f76661f4b3ab58dba7c64a1f70c21b53ed85a1d7889a98863f37c06612/rootfs) does not exist: unknown.

コケた…理由は簡単 5. /etc/docker/daemon.json を修正 "storage-driver": "devicemapper" の設定を追加する。 6. ふたたび動作確認

$ docker run --rm --runtime=kata-fc -itd --name alpine alpine ash
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
df20fa9351a1: Pull complete 
Digest: sha256:185518070891758909c9f839cf4ca393ee977ac378609f700f60a771a2dfe321
Status: Downloaded newer image for alpine:latest
4642bdf55730e00b14c76e7295ff147a1c835bda4a2ac060eeadbbc25d1461c4
vagrant@vagrant-virtualbox:~$ ps -ae | grep -E "kata|fire"
   6608 ?        00:00:07 firecracker
   6616 pts/1    00:00:00 kata-shim

はい!通りました。

結果

docker run -v /opt/kata:/opt/kata -v /var/run/dbus:/var/run/dbus -v /run/systemd:/run/systemd -v /etc/docker:/etc/docker -it katadocker/kata-deploy kata-deploy-docker install && ¥
sudo modprobe vhost_vsock && ¥
cat <<EOF | sudo tee  /etc/docker/daemon.json 
{
  "default-runtime": "kata-fc",
  "runtimes": {
    "kata-qemu": {
      "path": "/opt/kata/bin/kata-runtime",
      "runtimeArgs": [ "--kata-config", "/opt/kata/share/defaults/kata-containers/configuration-qemu.toml" ]
    },
    "kata-qemu-virtiofs": {
      "path": "/opt/kata/bin/kata-runtime",
      "runtimeArgs": [ "--kata-config", "/opt/kata/share/defaults/kata-containers/configuration-qemu-virtiofs.toml" ]
    },
     "kata-fc": {
      "path": "/opt/kata/bin/kata-runtime",
      "runtimeArgs": [ "--kata-config", "/opt/kata/share/defaults/kata-containers/configuration-fc.toml" ]
    },
     "kata-clh": {
      "path": "/opt/kata/bin/kata-runtime",
      "runtimeArgs": [ "--kata-config", "/opt/kata/share/defaults/kata-containers/configuration-clh.toml" ]
    }
  },
  "storage-driver": "devicemapper"
}
EOF
sudo systemctl daemon-reload && ¥
sudo systemctl restart docker && ¥
docker run --rm -itd --name alpine alpine ash && ¥
ps -ae | grep -E "kata|fire" && ¥
docker stop alpine

ちなみに Nested Virtualization が有効でないと動きません。 f:id:poad1010:20200731084236p:plain f:id:poad1010:20200731084308p:plain

AWS Cloud 9 上だと、おそらくそれが原因で動かない…