Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
docs:guide-user:virtualization:docker_openwrt_image [2022/05/03 19:11] – [OpenWrt in QEMU in Docker] Add simple and advanced examples jwmullallydocs:guide-user:virtualization:docker_openwrt_image [2022/06/23 18:07] (current) – [OpenWrt in QEMU in Docker: Advanced Example] Simplify supplying custom config jwmullally
Line 318: Line 318:
 <code bash> <code bash>
 docker build . -t openwrt_in_qemu docker build . -t openwrt_in_qemu
-docker run --name my_openwrt -p 30022:30022,30080:30080 openwrt_in_qemu+docker run --name my_openwrt -p 30022:30022 -p 30080:30080 openwrt_in_qemu
 </code> </code>
  
Line 410: Line 410:
 This Docker image is similar to the above, with a few more features: This Docker image is similar to the above, with a few more features:
  
-* Support arbitrary container user IDs +  * Support arbitrary container user IDs 
-* Tunable QEMU configuration +  * Tunable QEMU configuration 
-* A SPICE console + USB redirection +  * A SPICE console + USB redirection 
-* KVM acceleration support +  * KVM acceleration support 
-* Custom VM initialization scripts (e.g. from a Kubernetes ConfigMap) +  * Custom VM initialization scripts (e.g. from a Kubernetes ConfigMap) 
-* Default admin firewall rules and disk resizing +  * Default admin firewall rules and disk resizing 
-* Healthchecks+  * Healthchecks
  
 <code> <code>
 # syntax=docker/dockerfile:1 # syntax=docker/dockerfile:1
 # #
-# This Dockerfile creates a container image running OpenWrt in a QEMU VM.+# This Dockerfile creates a container image running OpenWRT in a QEMU VM.
 # https://openwrt.org/docs/guide-user/virtualization/docker_openwrt_image # https://openwrt.org/docs/guide-user/virtualization/docker_openwrt_image
 # This can be run on regular container clusters (e.g. Kubernetes,OpenShift) # This can be run on regular container clusters (e.g. Kubernetes,OpenShift)
 # without any special permissions. # without any special permissions.
 +#
 +#   docker build . -t openwrt_in_qemu
 +#   docker run --name my_openwrt -p 30022:30022 -p 30080:30080 openwrt_in_qemu
 # #
 # For VGA console access and USB redirection, connect with a SPICE client  # For VGA console access and USB redirection, connect with a SPICE client 
-# on port 5900.+(e.g. "remote-viewer"on port 5900.
 # #
 # To connect to the VM serial console, connect to the running container # To connect to the VM serial console, connect to the running container
-# and execute this command:+# and execute one of these commands:
 # #
-    socat -,raw,echo=0,icanon=0 unix-connect:/tmp/qemu-console.sock +  socat -,raw,echo=0,icanon=0 unix-connect:/tmp/qemu-console.sock 
-    socat -,echo=0,icanon=0 unix-connect:/tmp/qemu-monitor.sock+  socat -,echo=0,icanon=0 unix-connect:/tmp/qemu-monitor.sock
 # #
 # To use KVM acceleration, add these to your docker/podman arguments: # To use KVM acceleration, add these to your docker/podman arguments:
 # #
-    docker --env QEMU_ARGS="-enable-kvm" --device=/dev/kvm --group-add "$(getent group kvm | cut -d: -f3)"+  docker --env QEMU_ARGS="-enable-kvm" --device=/dev/kvm --group-add "$(getent group kvm | cut -d: -f3)"
 # #
 # Volumes: # Volumes:
Line 446: Line 449:
 #   /var/lib/vmconfig: #   /var/lib/vmconfig:
 #     You can use a shared volume/ConfigMap/etc to provide custom initial #     You can use a shared volume/ConfigMap/etc to provide custom initial
-#     configuration with "run.sh" and other files that are sent into the +#     configuration. The $CWD of these files is the parent vmconfig dir, 
-#     VM on first bootIf "gen-config.sh" is detectedit is executed in +#     which you can use to provide other filesFor testingstart docker  
-#     the host container with access to the environment variables, and is +#     with "--volume /tmp/my_config:/var/lib/vmconfig:z" 
-#     expected to create "run.sh". +# 
-#     A default script "default-vm-config.sh" is included to set the  +#     container.d: Scripts run on the container before config is sent to the VM 
-#     password, open admin ports and resize the disk.+#     vm.d: Scripts run on the VM
  
-FROM docker.io/library/alpine:3.15+FROM docker.io/library/alpine:3.16
  
 # Install QEMU, remove large unnecessary files # Install QEMU, remove large unnecessary files
Line 469: Line 472:
     rm -f /usr/share/qemu/edk2-*     rm -f /usr/share/qemu/edk2-*
  
-# Download OpenWrt image+# Download OpenWRT image
 ENV IMAGE_URL="https://downloads.openwrt.org/releases/21.02.3/targets/x86/64/openwrt-21.02.3-x86-64-generic-ext4-combined.img.gz" ENV IMAGE_URL="https://downloads.openwrt.org/releases/21.02.3/targets/x86/64/openwrt-21.02.3-x86-64-generic-ext4-combined.img.gz"
 ENV IMAGE_FILE="openwrt-21.02.3-x86-64-generic-ext4-combined.img.gz" ENV IMAGE_FILE="openwrt-21.02.3-x86-64-generic-ext4-combined.img.gz"
Line 507: Line 510:
     chmod +x /usr/local/bin/provision-image.sh     chmod +x /usr/local/bin/provision-image.sh
  
-Write default VM configuration script to STDOUT+Create default VM configuration scripts 
 +RUN mkdir -p /usr/local/share/vmconfig/container.d /usr/local/share/vmconfig/vm.d 
 RUN echo -e '#!/bin/sh\n\ RUN echo -e '#!/bin/sh\n\
-set -ex \n\ +set -\n\ 
-cat << EOF\n\+cat > vm.d/20-hostname.sh <<EOF\n\ 
 +#!/bin/sh \n\ 
 +set -e \n\ 
 +uci set system.@system[0].hostname="$QEMU_HOSTNAME" \n\ 
 +uci commit system \n\ 
 +EOF\n\ 
 +chmod +x vm.d/20-hostname.sh \n\ 
 +\n\' > /usr/local/share/vmconfig/container.d/20-hostname.sh && \ 
 +    chmod +x /usr/local/share/vmconfig/container.d/20-hostname.sh 
 + 
 +RUN echo -e '#!/bin/sh\n\ 
 +set -e \n\ 
 +cat > vm.d/20-password.sh <<EOF\n\
 #!/bin/sh \n\ #!/bin/sh \n\
 set -e \n\ set -e \n\
 echo -e "$QEMU_PASSWORD\\n$QEMU_PASSWORD" | passwd \n\ echo -e "$QEMU_PASSWORD\\n$QEMU_PASSWORD" | passwd \n\
-set -x \n\+EOF\n\ 
 +chmod +x vm.d/20-password.sh \n\ 
 +\n\' > /usr/local/share/vmconfig/container.d/20-password.sh && \ 
 +    chmod +/usr/local/share/vmconfig/container.d/20-password.sh 
 + 
 +RUN echo -e '#!/bin/sh\n\ 
 +set -ex \n\
 uci add firewall rule \n\ uci add firewall rule \n\
 uci set firewall.@rule[-1].name="Allow-Admin" \n\ uci set firewall.@rule[-1].name="Allow-Admin" \n\
Line 523: Line 546:
 uci set firewall.@rule[-1].target="ACCEPT" \n\ uci set firewall.@rule[-1].target="ACCEPT" \n\
 uci commit firewall \n\ uci commit firewall \n\
 +\n\' > /usr/local/share/vmconfig/vm.d/20-firewall.sh && \
 +    chmod +x /usr/local/share/vmconfig/vm.d/20-firewall.sh
 +
 +RUN echo -e '#!/bin/sh\n\
 +set -ex \n\
 ubus wait_for network.interface.wan \n\ ubus wait_for network.interface.wan \n\
 sleep 3 \n\ sleep 3 \n\
-/etc/init.d/firewall restart \n\ 
 opkg update \n\ opkg update \n\
 +\n\' > /usr/local/share/vmconfig/vm.d/30-wait-for-network.sh && \
 +chmod +x /usr/local/share/vmconfig/vm.d/30-wait-for-network.sh
 +
 +RUN echo -e '#!/bin/sh\n\
 +set -ex \n\
 opkg install partx-utils resize2fs sfdisk tune2fs \n\ opkg install partx-utils resize2fs sfdisk tune2fs \n\
 echo "- +" | sfdisk --force -N 2 /dev/vda \n\ echo "- +" | sfdisk --force -N 2 /dev/vda \n\
Line 535: Line 567:
 mount -o remount,rw / \n\ mount -o remount,rw / \n\
 resize2fs /dev/vda2 \n\ resize2fs /dev/vda2 \n\
-EOF\n\ +\n\' > /usr/local/share/vmconfig/vm.d/40-resize-disk.sh && \ 
-\n' > /usr/local/bin/gen-default-vm-config.sh && \ +chmod +x /usr/local/share/vmconfig/vm.d/40-resize-disk.sh
-    chmod +x /usr/local/bin/gen-default-vm-config.sh+
  
 # Write VM configuration archive as serial console commands to STDOUT # Write VM configuration archive as serial console commands to STDOUT
Line 552: Line 583:
 mkdir /tmp/vmconfig \n\ mkdir /tmp/vmconfig \n\
 tar -zxvf /tmp/vmconfig.tgz -C /tmp/vmconfig \n\ tar -zxvf /tmp/vmconfig.tgz -C /tmp/vmconfig \n\
-/tmp/vmconfig/run.sh && echo "VM configuration result: successful." || echo "VM configuration result: failed." \n\+sleep 5 \n\ 
 +(cd /tmp/vmconfig && (for f in \$(ls vm.d); do echo "Executing ./vm.d/\$f"; "./vm.d/\$f" || exit 1; done)) && echo -e "\\nVM configuration result: successful." || echo -e "\\nVM configuration result: failed." \n\
 poweroff \n\ poweroff \n\
 EOF\n\ EOF\n\
Line 561: Line 593:
 RUN echo -e '#!/bin/sh\n\ RUN echo -e '#!/bin/sh\n\
 set -ex \n\ set -ex \n\
 +echo "Discovered vmconfig:" \n\
 +find /var/lib/vmconfig \n\
 +sleep 5 \n\
 rm -rf /tmp/vmconfig \n\ rm -rf /tmp/vmconfig \n\
 cp -rv /var/lib/vmconfig /tmp/vmconfig \n\ cp -rv /var/lib/vmconfig /tmp/vmconfig \n\
-gen-default-vm-config.sh > /tmp/vmconfig/default-vm-config.sh \n\ +mkdir -/tmp/vmconfig/container./tmp/vmconfig/vm.\n\ 
-chmod +x /tmp/vmconfig/default-vm-config.sh \n\ +if [ -z "$QEMU_CONFIG_NO_DEFAULTS" ]; then \n\ 
-if [ -f /tmp/vmconfig/run.sh ]; then \n\ +    cp /usr/local/share/vmconfig/container.d/* /tmp/vmconfig/container.\n\ 
-    if [ -f /tmp/vmconfig/gen-config.sh ]; then \n\ +    cp /usr/local/share/vmconfig/vm.d/* /tmp/vmconfig/vm.\n\
-        (cd /tmp/vmconfig && ./gen-config.sh) \n\ +
-    else \n\ +
-        mv /tmp/vmconfig/default-vm-config.sh /tmp/vmconfig/run.sh \n\ +
-    fi \n\+
 fi \n\ fi \n\
 +(cd /tmp/vmconfig && (for f in $(ls container.d); do "./container.d/$f"; done)) \n\
 run-vm.sh & \n\ run-vm.sh & \n\
 QEMU_PID="$!" \n\ QEMU_PID="$!" \n\
Line 577: Line 609:
 socat STDOUT unix-connect:/tmp/qemu-console.sock | grep -q "Please press Enter to activate this console." \n\ socat STDOUT unix-connect:/tmp/qemu-console.sock | grep -q "Please press Enter to activate this console." \n\
 serialize-vm-config.sh /tmp/vmconfig | socat STDIN unix-connect:/tmp/qemu-console.sock \n\ serialize-vm-config.sh /tmp/vmconfig | socat STDIN unix-connect:/tmp/qemu-console.sock \n\
-VM_CONFIG_RESULT="$(socat STDOUT unix-connect:/tmp/qemu-console.sock | grep -m1 "VM configuration result:")" \n\+VM_CONFIG_RESULT="$(socat STDOUT unix-connect:/tmp/qemu-console.sock | grep -m1 "^VM configuration result:")" \n\
 if test "${VM_CONFIG_RESULT#*failed}" != "$VM_CONFIG_RESULT"; then \n\ if test "${VM_CONFIG_RESULT#*failed}" != "$VM_CONFIG_RESULT"; then \n\
     exit 1 \n\     exit 1 \n\
Line 631: Line 663:
 provision-image.sh \n\ provision-image.sh \n\
 if [ ! -f /var/lib/qemu/initialized ]; then \n\ if [ ! -f /var/lib/qemu/initialized ]; then \n\
-    timeout -s SIGINT "$QEMU_CONFIG_TIMEOUT" send-config-to-vm.sh || echo "VM config error or time out." \n\+    timeout -s SIGINT "$QEMU_CONFIG_TIMEOUT" send-config-to-vm.sh || (echo "VM config error or time out."; exit 1) \n\
     touch /var/lib/qemu/initialized \n\     touch /var/lib/qemu/initialized \n\
     chmod g+rw /var/lib/qemu/* \n\     chmod g+rw /var/lib/qemu/* \n\
Line 648: Line 680:
 ENV QEMU_PASSWORD="pass1234" ENV QEMU_PASSWORD="pass1234"
 ENV QEMU_CONFIG_TIMEOUT="300" ENV QEMU_CONFIG_TIMEOUT="300"
 +ENV QEMU_CONFIG_NO_DEFAULTS=""
 +ENV QEMU_HOSTNAME="OpenWrtVM"
 ENV QEMU_ARGS="" ENV QEMU_ARGS=""
  
  • Last modified: 2022/05/03 19:11
  • by jwmullally