You might have heard about CoreOS and its Rocket containers. It is the competitor to docker but it has not seen much usage outside of CoreOS. Installation on other Linux distribution is sometimes challenging, especially on CentOS due to old kernel which has issues when running rkt. In this article we are going to use rocket containers in Fedora Workstation on my laptop. Package for easy installation is not available, so we are going to do a manual install.
Setting up rkt
Lets first download rkt:
wget https://github.com/coreos/rkt/releases/download/v1.10.1/rkt-v1.10.1.tar.gz
Then extract it:
tar xzvf rkt-v1.10.1.tar.gz
Next we cd into dir an copy the rkt binary into the /usr/bin
cd rkt-v1.10.1
cp rkt /usr/bin/
Then we move to creating a group and adding the your non-root user to a group. I will add myself, so you will need to change "miki" to your actual username. This will not give all privileges to non-root user like in docker, instead it will only allow easier image management and monitoring. For most commands, you would still need sudo or root.
groupadd rkt
gpasswd -a miki rkt && newgrp rkt
Then we need to setup data directory to /var/lib/rkt and luckily there is good script for that, distributed with rkt.
./scripts/setup-data-dir.sh
Now we need to copy stage1 images
mkdir -p /usr/lib/rkt/stage1-images
cp stage1-*.aci /usr/lib/rkt/stage1-images/
Then we copy systemd services. Note that rkt actually don't have long running service to be started by systemd. Services that we are copying in following commands are for image management and garbage collection.
cp init/systemd/tmpfiles.d/rkt.conf /usr/lib/tmpfiles.d/
cp init/systemd/rkt-metadata.* /usr/lib/systemd/system/
cp init/systemd/rkt-gc.* /usr/lib/systemd/system/
systemctl daemon-reload
We are going to also build an image, so we need to download and install acbuild
wget https://github.com/appc/acbuild/releases/download/v0.4.0/acbuild-v0.4.0.tar.gz
tar xzvf acbuild-v0.4.0.tar.gz
cd acbuild-v0.4.0/
cp acbuild acbuild-chroot acbuild-script /usr/bin/
SElinux doesnt play well with rkt so lets set it to permissive mode
sed -i'' 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
setenforce Permissive
After this, we should have rkt set up.
Using rkt to deploy httpd
We are going to use lightweight Alpine Linux to try out rkt application containers. We are going to deploy Apache httpd.
nano image-build
And then paste this script there
#!/usr/bin/env acbuild-script
# Start the build with an empty ACI
begin# Name the ACI
set-name example.com/apache# Based on alpine
dep add quay.io/coreos/alpine-sh# Install apache
run -- apk update
run -- apk add apache2run -- /bin/sh -c "echo 'ServerName localhost' >> /etc/apache2/httpd.conf"
# Add a port for http traffic on port 80
port add http tcp 80# Add a mount point for files to serve
mount add html /var/www/localhost/htdocs# Run apache, and remain in the foreground
set-exec -- /bin/sh -c "chmod 755 / && /usr/sbin/httpd -D FOREGROUND"# Write the result
write --overwrite apache-latest-linux-amd64.aci
Then we will add the executable bit to the script
chmod +x image-build
And then we run the script
./image-build
Finally we can run our container and check if we have server running.
rkt run --dns 8.8.8.8 --net=host apache-latest-linux-amd64.aci --insecure-options=image
It is important that this command is run in same dir where image is created, otherwise wont work. Lets then fire up browser and go to localhost:
We see that it works, but Alpine Linux due to being lightweight doesn't sport usual Apache landing page.
Exploring the shell and deleting containers
If you don't want to run apache and want just to use shell in container, you can try this command in another container:
rkt run --interactive --dns 8.8.8.8 --net=host quay.io/coreos/alpine-sh
It will give you shell to work with. Instead alpine you could easily run fedora as well. Just execute this command so you get the shell inside fedora container:
rkt run --dns 8.8.8.8 --interactive --net=host docker://fedora --insecure-options=image --exec=/bin/bash
After you finish working with containers, you would normally want to delete them so, we use garbage collector, command gc. This command has grace period of 30 minutes and on CoreOS it runs automatically, but we want to delete everything now. So we will use command with this flag:
rkt gc --grace-period=0s
This moves exited containers to garbage, and then after grace period expires, it deletes them. But sine our grace period is set to zero seconds, it does all at once.
Conclusion
So we now have basic setup and understanding of rkt containers on Fedora 24. Rocket containers can be also used with Kubernetes, or they can be set up in multitude of different ways. For detail documentation, visit this page. Be sure to check all the new developments as rkt is fast-moving technology and gets new features regularly. Thank you for reading, that is all for this article.
The post How to Setup rkt Containers on Fedora 24 appeared first on LinOxide.