| From 1e3d36e86b30ed217172a47c55c64e1d76e5b99d Mon Sep 17 00:00:00 2001 |
| From: Rayan Dasoriya <dasoriya@google.com> |
| Date: Tue, 20 Jul 2021 02:32:45 +0000 |
| Subject: [PATCH] Added containerd support |
| |
| --- |
| toolbox | 32 ++++++++++++++++++++++++++++---- |
| 1 file changed, 28 insertions(+), 4 deletions(-) |
| |
| diff --git a/toolbox b/toolbox |
| index f101cf1..ede3b31 100755 |
| --- a/toolbox |
| +++ b/toolbox |
| @@ -10,6 +10,8 @@ TOOLBOX_DIRECTORY="/var/lib/toolbox" |
| TOOLBOX_BIND="--bind=/:/media/root --bind=/usr:/media/root/usr --bind=/run:/media/root/run" |
| # Ex: "--setenv=KEY=VALUE" |
| TOOLBOX_ENV="" |
| +TOOLBOX_DOCKER_IMAGE_TARBALL="" |
| +TOOLBOX_TEMP_DIR=$(mktemp -d) |
| |
| toolboxrc="${HOME}"/.toolboxrc |
| |
| @@ -28,18 +30,40 @@ machinepath="${TOOLBOX_DIRECTORY}/${machinename}" |
| osrelease="${machinepath}/etc/os-release" |
| if [ ! -f ${osrelease} ] || systemctl is-failed -q ${machinename} ; then |
| sudo mkdir -p "${machinepath}" |
| + sudo mkdir -p "${TOOLBOX_TEMP_DIR}" |
| sudo chown ${USER}: "${machinepath}" |
| |
| - docker pull "${TOOLBOX_DOCKER_IMAGE}:${TOOLBOX_DOCKER_TAG}" |
| - docker create --name=${machinename} "${TOOLBOX_DOCKER_IMAGE}:${TOOLBOX_DOCKER_TAG}" /bin/true |
| - docker export ${machinename} | sudo tar -x -C "${machinepath}" -f - |
| - docker rm ${machinename} |
| + if [ ! -z "${TOOLBOX_DOCKER_IMAGE_TARBALL}" ] ; then |
| + sudo ctr image import "${TOOLBOX_DOCKER_IMAGE_TARBALL}" |
| + else |
| + if [[ "${TOOLBOX_DOCKER_IMAGE}" =~ ^[a-z.]*gcr.io/ ]]; then |
| + # Get a host part of the container name |
| + registry_host="${TOOLBOX_DOCKER_IMAGE/gcr.io*/gcr.io}" |
| + # docker-credential-gcr can fail if it runs in a |
| + # non-GCP env, so let it fail and proceed without |
| + # --user flag in this case |
| + credentials=$(echo "${registry_host}" | \ |
| + (/usr/bin/docker-credential-gcr get || true) 2>/dev/null | \ |
| + jq -r '.Username + ":" + .Secret') |
| + if [[ -n "${credentials}" ]]; then |
| + user_flags=('--user' "${credentials}") |
| + fi |
| + fi |
| + sudo ctr image pull "${user_flags[@]}" "${TOOLBOX_DOCKER_IMAGE}:${TOOLBOX_DOCKER_TAG}" |
| + fi |
| + sudo ctr containers create "${TOOLBOX_DOCKER_IMAGE}:${TOOLBOX_DOCKER_TAG}" ${machinename} /bin/true |
| + sudo ctr snapshot mounts "${TOOLBOX_TEMP_DIR}" ${machinename} | xargs sudo |
| + sudo rsync -a "${TOOLBOX_TEMP_DIR}/" "${machinepath}" |
| + sudo umount "${TOOLBOX_TEMP_DIR}" |
| + sudo ctr container rm ${machinename} |
| + sudo rm -rf "${TOOLBOX_TEMP_DIR}" |
| sudo touch ${osrelease} |
| fi |
| |
| sudo systemd-nspawn \ |
| --directory="${machinepath}" \ |
| --capability=all \ |
| + --resolv-conf="replace-host" \ |
| --share-system \ |
| ${TOOLBOX_BIND} \ |
| ${TOOLBOX_ENV} \ |
| -- |
| 2.34.1.448.ga2b2bfdf31-goog |
| |