Docker のコンテナーランタイムを Kata containers と Firecracker に切り替える
blog.inductor.me この記事に触発されて、www.pearllinux.com に入れてみました。 上記では、GitHubのリリースからダウンロードされているが、今回はkata-containers のインストールを docker から kata-deploy を使用するようにしてみた。
手順
kata-deploy
の install 手順通りにdocker run -v /opt/kata:/opt/kata -v /var/run/dbus:/var/run/dbus -v /run/systemd:/run/systemd -v /etc/docker:/etc/docker -it katadocker/kata-deploy kata-deploy-docker install
を行う。
$ docker run -v /opt/kata:/opt/kata -v /var/run/dbus:/var/run/dbus -v /run/systemd:/run/systemd -v /etc/docker:/etc/docker -it katadocker/kata-deploy kata-deploy-docker install Unable to find image 'katadocker/kata-deploy:latest' locally latest: Pulling from katadocker/kata-deploy a02a4930cb5d: Pull complete c702ea4a22bc: Pull complete 97ec70278314: Pull complete 56283ea9568d: Pull complete 3be7ca42e1f8: Pull complete ece4a4e81262: Pull complete 7051f8fda3fc: Pull complete Digest: sha256:3c3a0307572a0903e1f0877ac01e782c5f366fe2b0b0a62eb87da579020929e2 Status: Downloaded newer image for katadocker/kata-deploy:latest copying kata artifacts onto host configuring docker { "runtimes": { "kata-qemu": { "path": "/opt/kata/bin/kata-runtime", "runtimeArgs": [ "--kata-config", "/opt/kata/share/defaults/kata-containers/configuration-qemu.toml" ] }, "kata-qemu-virtiofs": { "path": "/opt/kata/bin/kata-runtime", "runtimeArgs": [ "--kata-config", "/opt/kata/share/defaults/kata-containers/configuration-qemu-virtiofs.toml" ] }, "kata-fc": { "path": "/opt/kata/bin/kata-runtime", "runtimeArgs": [ "--kata-config", "/opt/kata/share/defaults/kata-containers/configuration-fc.toml" ] }, "kata-clh": { "path": "/opt/kata/bin/kata-runtime", "runtimeArgs": [ "--kata-config", "/opt/kata/share/defaults/kata-containers/configuration-clh.toml" ] } } }
- コンソールログ出力された内容を
/etc/docker/daemon.json
として保存する。 - system に反映
sudo systemctl daemon-reload sudo systemctl restart docker
- 動作確認
$ docker run --rm --runtime=kata-fc -itd --name alpine alpine ash cc5556f76661f4b3ab58dba7c64a1f70c21b53ed85a1d7889a98863f37c06612 docker: Error response from daemon: OCI runtime create failed: rpc error: code = Unknown desc = rootfs (/run/kata-containers/shared/containers/cc5556f76661f4b3ab58dba7c64a1f70c21b53ed85a1d7889a98863f37c06612/rootfs) does not exist: unknown.
コケた…理由は簡単
5. /etc/docker/daemon.json
を修正
"storage-driver": "devicemapper"
の設定を追加する。
6. ふたたび動作確認
$ docker run --rm --runtime=kata-fc -itd --name alpine alpine ash Unable to find image 'alpine:latest' locally latest: Pulling from library/alpine df20fa9351a1: Pull complete Digest: sha256:185518070891758909c9f839cf4ca393ee977ac378609f700f60a771a2dfe321 Status: Downloaded newer image for alpine:latest 4642bdf55730e00b14c76e7295ff147a1c835bda4a2ac060eeadbbc25d1461c4 vagrant@vagrant-virtualbox:~$ ps -ae | grep -E "kata|fire" 6608 ? 00:00:07 firecracker 6616 pts/1 00:00:00 kata-shim
はい!通りました。
結果
docker run -v /opt/kata:/opt/kata -v /var/run/dbus:/var/run/dbus -v /run/systemd:/run/systemd -v /etc/docker:/etc/docker -it katadocker/kata-deploy kata-deploy-docker install && ¥ sudo modprobe vhost_vsock && ¥ cat <<EOF | sudo tee /etc/docker/daemon.json { "default-runtime": "kata-fc", "runtimes": { "kata-qemu": { "path": "/opt/kata/bin/kata-runtime", "runtimeArgs": [ "--kata-config", "/opt/kata/share/defaults/kata-containers/configuration-qemu.toml" ] }, "kata-qemu-virtiofs": { "path": "/opt/kata/bin/kata-runtime", "runtimeArgs": [ "--kata-config", "/opt/kata/share/defaults/kata-containers/configuration-qemu-virtiofs.toml" ] }, "kata-fc": { "path": "/opt/kata/bin/kata-runtime", "runtimeArgs": [ "--kata-config", "/opt/kata/share/defaults/kata-containers/configuration-fc.toml" ] }, "kata-clh": { "path": "/opt/kata/bin/kata-runtime", "runtimeArgs": [ "--kata-config", "/opt/kata/share/defaults/kata-containers/configuration-clh.toml" ] } }, "storage-driver": "devicemapper" } EOF sudo systemctl daemon-reload && ¥ sudo systemctl restart docker && ¥ docker run --rm -itd --name alpine alpine ash && ¥ ps -ae | grep -E "kata|fire" && ¥ docker stop alpine
ちなみに Nested Virtualization が有効でないと動きません。
AWS Cloud 9 上だと、おそらくそれが原因で動かない…