firecracker
166 строк · 6.2 Кб
1FROM ubuntu:22.04
2
3# TODO: use a multi-stage build to reduce the download size when updating this container.
4# The Rust toolchain layer will get updated most frequently, but we could keep the system
5# dependencies layer intact for much longer.
6
7ARG RUST_TOOLCHAIN="1.76.0"
8ARG TMP_BUILD_DIR=/tmp/build
9ARG FIRECRACKER_SRC_DIR="/firecracker"
10ARG FIRECRACKER_BUILD_DIR="$FIRECRACKER_SRC_DIR/build"
11ARG CARGO_REGISTRY_DIR="$FIRECRACKER_BUILD_DIR/cargo_registry"
12ARG CARGO_GIT_REGISTRY_DIR="$FIRECRACKER_BUILD_DIR/cargo_git_registry"
13ARG DEBIAN_FRONTEND=noninteractive
14ARG ARCH
15
16ENV CARGO_HOME=/usr/local/rust
17ENV RUSTUP_HOME=/usr/local/rust
18ENV PATH="$PATH:$CARGO_HOME/bin"
19ENV LC_ALL=C.UTF-8
20ENV QEMU_VER="8.1.1"
21ENV CROSVM_VER="9d542e6dafa3a85acd1fb6cd6f1adfa1331c4e96"
22ENV CROSVM_TOOLCHAIN_VER="1.68.2"
23
24# Build and install Qemu vhost-user-blk backend
25#
26RUN apt-get update \
27&& apt-get -y install --no-install-recommends \
28curl gpg gpg-agent \
29python3-pip build-essential ninja-build libglib2.0-dev libpixman-1-dev flex bison \
30&& pip3 install meson \
31&& mkdir /tmp/qemu_build && cd /tmp/qemu_build \
32&& curl -sLO https://keys.openpgp.org/vks/v1/by-fingerprint/CEACC9E15534EBABB82D3FA03353C9CEF108B584 \
33&& curl -sLO https://download.qemu.org/qemu-${QEMU_VER}.tar.xz \
34&& curl -sLO https://download.qemu.org/qemu-${QEMU_VER}.tar.xz.sig \
35&& gpg --import CEACC9E15534EBABB82D3FA03353C9CEF108B584 \
36&& gpg --verify qemu-${QEMU_VER}.tar.xz.sig qemu-${QEMU_VER}.tar.xz \
37&& tar xf qemu-${QEMU_VER}.tar.xz && cd qemu-${QEMU_VER} \
38&& ./configure && make -j $(nproc) contrib/vhost-user-blk/vhost-user-blk \
39&& strip ./build/contrib/vhost-user-blk/vhost-user-blk \
40&& cp -a ./build/contrib/vhost-user-blk/vhost-user-blk /usr/local/bin \
41&& pip3 uninstall -y meson \
42&& apt-get purge -y \
43curl gpg gpg-agent \
44python3-pip build-essential ninja-build libglib2.0-dev libpixman-1-dev flex bison \
45&& apt-get autoremove -y \
46&& cd && rm -r /tmp/qemu_build
47
48# Install system dependencies
49#
50RUN apt-get update \
51&& apt-get -y install --no-install-recommends \
52# essential build tools
53gcc make libc-dev binutils-dev libssl-dev \
54# Useful utilifies
55gdbserver \
56# Needed in order to be able to compile `userfaultfd-sys`.
57clang \
58curl \
59file \
60git \
61jq \
62less \
63libbfd-dev \
64# for pandas
65libbz2-dev \
66libdw-dev \
67# for aarch64, but can install in x86_64
68libfdt-dev \
69libiberty-dev \
70libcurl4-openssl-dev \
71lsof \
72musl-tools \
73# needed for integration tests
74net-tools iproute2 iperf3 socat fdisk \
75numactl \
76iptables \
77openssh-client \
78pkgconf \
79python3 python3-dev python3-pip \
80screen tmux \
81tzdata \
82tini \
83# for cpu-template-helper
84# TODO: Remove `dmidecode` after the end of kernel 4.14 support.
85# https://github.com/firecracker-microvm/firecracker/issues/3677
86dmidecode \
87# for aws-lc-rs
88cmake \
89# for Qemu vhost-user-blk backend
90libglib2.0-dev \
91# for crosvm (vhost-user-blk backend)
92libcap2 \
93# for debugging
94gdb strace \
95&& rm -rf /var/lib/apt/lists/* \
96&& pip3 install --upgrade pip poetry
97
98
99COPY tools/devctr /tmp/poetry
100RUN cd /tmp/poetry && \
101HOME=. POETRY_VIRTUALENVS_CREATE=false poetry install --only main --no-interaction \
102&& rm -rf ~/.cache ~/.local /tmp/poetry
103
104# Running the three as a single dockerfile command to avoid inflation of the image:
105# - Install the Rust toolchain. Kani only work on x86, so only try to install it there
106# - Build and install crosvm (used as vhost-user-blk backend)
107# - Clean up cargo compilation directories
108# - Always install both x86_64 and aarch64 musl targets, as our rust-toolchain.toml would force on-the-fly installation of both anyway
109RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain "$RUST_TOOLCHAIN" \
110&& rustup target add x86_64-unknown-linux-musl \
111&& rustup target add aarch64-unknown-linux-musl \
112&& rustup component add llvm-tools-preview \
113&& cargo install --locked cargo-audit cargo-deny grcov cargo-sort \
114&& (if [ "$ARCH" = "x86_64" ]; then cargo install --locked kani-verifier --version 0.45.0 && cargo kani setup; else true; fi) \
115\
116&& apt-get update \
117&& apt-get -y install --no-install-recommends \
118libcap-dev \
119protobuf-compiler \
120&& git clone https://github.com/google/crosvm.git /tmp/crosvm \
121&& cd /tmp/crosvm && git checkout ${CROSVM_VER} \
122&& git submodule update --init \
123&& cargo build --no-default-features --release \
124&& strip ./target/release/crosvm \
125&& cp -a ./target/release/crosvm /usr/local/bin \
126&& apt-get purge -y \
127libcap-dev \
128protobuf-compiler \
129&& apt-get autoremove -y \
130&& rm -rf /var/lib/apt/lists/* \
131&& rustup toolchain uninstall ${CROSVM_TOOLCHAIN_VER}-${ARCH}-unknown-linux-gnu \
132&& cd && rm -r /tmp/crosvm \
133\
134&& rm -rf "$CARGO_HOME/registry" \
135&& ln -s "$CARGO_REGISTRY_DIR" "$CARGO_HOME/registry" \
136&& rm -rf "$CARGO_HOME/git" \
137&& ln -s "$CARGO_GIT_REGISTRY_DIR" "$CARGO_HOME/git"
138
139# help musl-gcc find linux headers
140RUN cd /usr/include/$ARCH-linux-musl \
141&& ln -s ../$ARCH-linux-gnu/asm asm \
142&& ln -s ../linux linux \
143&& ln -s ../asm-generic asm-generic
144
145# Build iperf3-vsock
146RUN mkdir "$TMP_BUILD_DIR" && cd "$TMP_BUILD_DIR" \
147&& git clone https://github.com/stefano-garzarella/iperf-vsock \
148&& cd iperf-vsock && git checkout 9245f9a \
149&& mkdir build && cd build \
150&& ../configure "LDFLAGS=--static" --disable-shared && make \
151&& cp src/iperf3 /usr/local/bin/iperf3-vsock \
152&& cd / \
153&& rm -rf "$TMP_BUILD_DIR"
154
155# Download the codecov.io uploader
156RUN cd /usr/local/bin \
157&& (if [ "$ARCH" = "x86_64" ]; then \
158curl -O https://uploader.codecov.io/latest/linux/codecov; else \
159curl -O https://uploader.codecov.io/latest/aarch64/codecov; fi) \
160&& chmod +x codecov \
161&& cd -
162
163ADD tools/devctr/ctr_gitconfig /root/.gitconfig
164
165WORKDIR "$FIRECRACKER_SRC_DIR"
166ENTRYPOINT ["/usr/bin/tini", "--"]
167