firecracker
166 строк · 6.2 Кб
1FROM ubuntu:22.042# TODO: use a multi-stage build to reduce the download size when updating this container.4# The Rust toolchain layer will get updated most frequently, but we could keep the system5# dependencies layer intact for much longer.6ARG RUST_TOOLCHAIN="1.76.0"8ARG TMP_BUILD_DIR=/tmp/build9ARG FIRECRACKER_SRC_DIR="/firecracker"10ARG FIRECRACKER_BUILD_DIR="$FIRECRACKER_SRC_DIR/build"11ARG CARGO_REGISTRY_DIR="$FIRECRACKER_BUILD_DIR/cargo_registry"12ARG CARGO_GIT_REGISTRY_DIR="$FIRECRACKER_BUILD_DIR/cargo_git_registry"13ARG DEBIAN_FRONTEND=noninteractive14ARG ARCH15ENV CARGO_HOME=/usr/local/rust17ENV RUSTUP_HOME=/usr/local/rust18ENV PATH="$PATH:$CARGO_HOME/bin"19ENV LC_ALL=C.UTF-820ENV QEMU_VER="8.1.1"21ENV CROSVM_VER="9d542e6dafa3a85acd1fb6cd6f1adfa1331c4e96"22ENV CROSVM_TOOLCHAIN_VER="1.68.2"23# Build and install Qemu vhost-user-blk backend25#26RUN apt-get update \27&& apt-get -y install --no-install-recommends \28curl gpg gpg-agent \29python3-pip build-essential ninja-build libglib2.0-dev libpixman-1-dev flex bison \30&& pip3 install meson \31&& mkdir /tmp/qemu_build && cd /tmp/qemu_build \32&& curl -sLO https://keys.openpgp.org/vks/v1/by-fingerprint/CEACC9E15534EBABB82D3FA03353C9CEF108B584 \33&& curl -sLO https://download.qemu.org/qemu-${QEMU_VER}.tar.xz \34&& curl -sLO https://download.qemu.org/qemu-${QEMU_VER}.tar.xz.sig \35&& gpg --import CEACC9E15534EBABB82D3FA03353C9CEF108B584 \36&& gpg --verify qemu-${QEMU_VER}.tar.xz.sig qemu-${QEMU_VER}.tar.xz \37&& tar xf qemu-${QEMU_VER}.tar.xz && cd qemu-${QEMU_VER} \38&& ./configure && make -j $(nproc) contrib/vhost-user-blk/vhost-user-blk \39&& strip ./build/contrib/vhost-user-blk/vhost-user-blk \40&& cp -a ./build/contrib/vhost-user-blk/vhost-user-blk /usr/local/bin \41&& pip3 uninstall -y meson \42&& apt-get purge -y \43curl gpg gpg-agent \44python3-pip build-essential ninja-build libglib2.0-dev libpixman-1-dev flex bison \45&& apt-get autoremove -y \46&& cd && rm -r /tmp/qemu_build47# Install system dependencies49#50RUN apt-get update \51&& apt-get -y install --no-install-recommends \52# essential build tools53gcc make libc-dev binutils-dev libssl-dev \54# Useful utilifies55gdbserver \56# Needed in order to be able to compile `userfaultfd-sys`.57clang \58curl \59file \60git \61jq \62less \63libbfd-dev \64# for pandas65libbz2-dev \66libdw-dev \67# for aarch64, but can install in x86_6468libfdt-dev \69libiberty-dev \70libcurl4-openssl-dev \71lsof \72musl-tools \73# needed for integration tests74net-tools iproute2 iperf3 socat fdisk \75numactl \76iptables \77openssh-client \78pkgconf \79python3 python3-dev python3-pip \80screen tmux \81tzdata \82tini \83# for cpu-template-helper84# TODO: Remove `dmidecode` after the end of kernel 4.14 support.85# https://github.com/firecracker-microvm/firecracker/issues/367786dmidecode \87# for aws-lc-rs88cmake \89# for Qemu vhost-user-blk backend90libglib2.0-dev \91# for crosvm (vhost-user-blk backend)92libcap2 \93# for debugging94gdb strace \95&& rm -rf /var/lib/apt/lists/* \96&& pip3 install --upgrade pip poetry97COPY tools/devctr /tmp/poetry100RUN cd /tmp/poetry && \101HOME=. POETRY_VIRTUALENVS_CREATE=false poetry install --only main --no-interaction \102&& rm -rf ~/.cache ~/.local /tmp/poetry103# Running the three as a single dockerfile command to avoid inflation of the image:105# - Install the Rust toolchain. Kani only work on x86, so only try to install it there106# - Build and install crosvm (used as vhost-user-blk backend)107# - Clean up cargo compilation directories108# - Always install both x86_64 and aarch64 musl targets, as our rust-toolchain.toml would force on-the-fly installation of both anyway109RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain "$RUST_TOOLCHAIN" \110&& rustup target add x86_64-unknown-linux-musl \111&& rustup target add aarch64-unknown-linux-musl \112&& rustup component add llvm-tools-preview \113&& cargo install --locked cargo-audit cargo-deny grcov cargo-sort \114&& (if [ "$ARCH" = "x86_64" ]; then cargo install --locked kani-verifier --version 0.45.0 && cargo kani setup; else true; fi) \115\116&& apt-get update \117&& apt-get -y install --no-install-recommends \118libcap-dev \119protobuf-compiler \120&& git clone https://github.com/google/crosvm.git /tmp/crosvm \121&& cd /tmp/crosvm && git checkout ${CROSVM_VER} \122&& git submodule update --init \123&& cargo build --no-default-features --release \124&& strip ./target/release/crosvm \125&& cp -a ./target/release/crosvm /usr/local/bin \126&& apt-get purge -y \127libcap-dev \128protobuf-compiler \129&& apt-get autoremove -y \130&& rm -rf /var/lib/apt/lists/* \131&& rustup toolchain uninstall ${CROSVM_TOOLCHAIN_VER}-${ARCH}-unknown-linux-gnu \132&& cd && rm -r /tmp/crosvm \133\134&& rm -rf "$CARGO_HOME/registry" \135&& ln -s "$CARGO_REGISTRY_DIR" "$CARGO_HOME/registry" \136&& rm -rf "$CARGO_HOME/git" \137&& ln -s "$CARGO_GIT_REGISTRY_DIR" "$CARGO_HOME/git"138# help musl-gcc find linux headers140RUN cd /usr/include/$ARCH-linux-musl \141&& ln -s ../$ARCH-linux-gnu/asm asm \142&& ln -s ../linux linux \143&& ln -s ../asm-generic asm-generic144# Build iperf3-vsock146RUN mkdir "$TMP_BUILD_DIR" && cd "$TMP_BUILD_DIR" \147&& git clone https://github.com/stefano-garzarella/iperf-vsock \148&& cd iperf-vsock && git checkout 9245f9a \149&& mkdir build && cd build \150&& ../configure "LDFLAGS=--static" --disable-shared && make \151&& cp src/iperf3 /usr/local/bin/iperf3-vsock \152&& cd / \153&& rm -rf "$TMP_BUILD_DIR"154# Download the codecov.io uploader156RUN cd /usr/local/bin \157&& (if [ "$ARCH" = "x86_64" ]; then \158curl -O https://uploader.codecov.io/latest/linux/codecov; else \159curl -O https://uploader.codecov.io/latest/aarch64/codecov; fi) \160&& chmod +x codecov \161&& cd -162ADD tools/devctr/ctr_gitconfig /root/.gitconfig164WORKDIR "$FIRECRACKER_SRC_DIR"166ENTRYPOINT ["/usr/bin/tini", "--"]167