Rocket試してみる

CoreOSでRocketを動かしてみよう

$ git clone https://github.com/coreos/coreos-vagrant/                                                                                                                                                                                            [~/sandbox]
Cloning into 'coreos-vagrant'...
remote: Counting objects: 351, done.
remote: Compressing objects: 100% (5/5), done.
remote: Total 351 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (351/351), 81.21 KiB | 0 bytes/s, done.
Resolving deltas: 100% (150/150), done.
Checking connectivity... done.
$ cd coreos-vagrant/
$ vagrant up                                                                                                                                                                                                       [~/sandbox/coreos-vagrant]
Bringing machine 'core-01' up with 'virtualbox' provider...
==> core-01: Box 'coreos-alpha' could not be found. Attempting to find and install...
    core-01: Box Provider: virtualbox
    core-01: Box Version: >= 308.0.1
==> core-01: Loading metadata for box 'http://alpha.release.core-os.net/amd64-usr/current/coreos_production_vagrant.json'
    core-01: URL: http://alpha.release.core-os.net/amd64-usr/current/coreos_production_vagrant.json
==> core-01: Adding box 'coreos-alpha' (v593.0.0) for provider: virtualbox
    core-01: Downloading: http://alpha.release.core-os.net/amd64-usr/593.0.0/coreos_production_vagrant.box
    core-01: Calculating and comparing box checksum...
==> core-01: Successfully added box 'coreos-alpha' (v593.0.0) for 'virtualbox'!
    core-01: The Berkshelf shelf is at "~/.berkshelf/vagrant-berkshelf/shelves/berkshelf20150219-73107-4bdzyw-core-01"
==> core-01: Importing base box 'coreos-alpha'...
==> core-01: Matching MAC address for NAT networking...
==> core-01: Checking if box 'coreos-alpha' is up to date...
==> core-01: Setting the name of the VM: coreos-vagrant_core-01_1424295046511_16110
==> core-01: Clearing any previously set network interfaces...
==> core-01: Preparing network interfaces based on configuration...
    core-01: Adapter 1: nat
    core-01: Adapter 2: hostonly
==> core-01: Forwarding ports...
    core-01: 22 => 2222 (adapter 1)
==> core-01: Running 'pre-boot' VM customizations...
==> core-01: Booting VM...
==> core-01: Waiting for machine to boot. This may take a few minutes...
    core-01: SSH address: 127.0.0.1:2222
    core-01: SSH username: core
    core-01: SSH auth method: private key
    core-01: Warning: Connection timeout. Retrying...
==> core-01: Machine booted and ready!
==> core-01: Setting hostname...
==> core-01: Configuring and enabling network interfaces...

dockerは最新だ

core@core-01 ~ $ docker version
Client version: 1.5.0
Client API version: 1.17
Go version (client): go1.3.3
Git commit (client): a8a31ef-dirty
OS/Arch (client): linux/amd64
Server version: 1.5.0
Server API version: 1.17
Go version (server): go1.3.3
Git commit (server): a8a31ef-dirty

rocketを入れる

core@core-01 ~ $ git clone https://github.com/coreos/rocket.git
Cloning into 'rocket'...
remote: Counting objects: 4382, done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 4382 (delta 4), reused 0 (delta 0)
Receiving objects: 100% (4382/4382), 4.30 MiB | 1.76 MiB/s, done.
Resolving deltas: 100% (2263/2263), done.
Checking connectivity... done.
core@core-01 ~ $ cd rocket/
core@core-01 ~/rocket $ ./build
./build: line 14: go: command not found
Building rkt (stage0)...
./build: line 17: go: command not found

おっと、goが入ってない。CoreOSだいぶわからないので↓を参考にgoを入れる

http://qiita.com/hnakamur/items/8cda520807f571409f6c#4-1

core@core-01 /tmp $ wget https://storage.googleapis.com/golang/go1.4.2.linux-amd64.tar.gz
--2015-02-18 21:50:40--  https://storage.googleapis.com/golang/go1.4.2.linux-amd64.tar.gz
Resolving storage.googleapis.com... 216.58.221.1, 216.58.221.1
Connecting to storage.googleapis.com|216.58.221.1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 62442704 (60M) [application/x-gzip]
Saving to: 'go1.4.2.linux-amd64.tar.gz'

go1.4.2.linux-amd64.tar.gz                                          100%[=====================================================================================================================================================================>]  59.55M  9.38MB/s   in 14s

2015-02-18 21:50:55 (4.25 MB/s) - 'go1.4.2.linux-amd64.tar.gz' saved [62442704/62442704]

core@core-01 /tmp $ sudo tar xzf go1.4.2.linux-amd64.tar.gz -C /opt

改めてビルド

core@core-01 ~/rocket $ ./build
Building rkt (stage0)...
# github.com/coreos/rocket/Godeps/_workspace/src/github.com/cznic/zappy
exec: "gcc": executable file not found in $PATH

あれ・・

CoreOSわからん

ビルドは諦めよう

core@core-01 /tmp $ wget https://github.com/coreos/rocket/releases/download/v0.3.2/rocket-v0.3.2.tar.gz
--2015-02-18 22:00:02--  https://github.com/coreos/rocket/releases/download/v0.3.2/rocket-v0.3.2.tar.gz
Resolving github.com... 192.30.252.129, 192.30.252.129
Connecting to github.com|192.30.252.129|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://s3.amazonaws.com/github-cloud/releases/26509369/13097656-b36e-11e4-8ef9-5199611b5663.gz?response-content-disposition=attachment%3B%20filename%3Drocket-v0.3.2.tar.gz&response-content-type=application/octet-stream&AWSAccessKeyId=AKIAISTNZFOVBIJMK3TQ&Expires=1424296844&Signature=af3Gf%2FWuUSpj1CpFq%2FJa%2Bo9hdUM%3D [following]
--2015-02-18 22:00:03--  https://s3.amazonaws.com/github-cloud/releases/26509369/13097656-b36e-11e4-8ef9-5199611b5663.gz?response-content-disposition=attachment%3B%20filename%3Drocket-v0.3.2.tar.gz&response-content-type=application/octet-stream&AWSAccessKeyId=AKIAISTNZFOVBIJMK3TQ&Expires=1424296844&Signature=af3Gf%2FWuUSpj1CpFq%2FJa%2Bo9hdUM%3D
Resolving s3.amazonaws.com... 54.231.244.4, 54.231.244.4
Connecting to s3.amazonaws.com|54.231.244.4|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15241351 (15M) [application/octet-stream]
Saving to: 'rocket-v0.3.2.tar.gz'

rocket-v0.3.2.tar.gz                                                100%[=====================================================================================================================================================================>]  14.54M  3.96MB/s   in 6.0s

2015-02-18 22:00:10 (2.44 MB/s) - 'rocket-v0.3.2.tar.gz' saved [15241351/15241351]
core@core-01 /tmp $ tar xzvf rocket-v0.3.2.tar.gz
rocket-v0.3.2/
rocket-v0.3.2/rkt
rocket-v0.3.2/stage1.aci
core@core-01 /tmp $ cd rocket-v0.3.2
core@core-01 /tmp/rocket-v0.3.2 $ ./rkt
NAME:
    rkt - rocket, the application container runner

USAGE:
    rkt [global options] <command> [command options] [arguments...]

VERSION:
    0.3.2

COMMANDS:
    enter       Enter the namespaces of an app within a rkt container
    fetch       Fetch image(s) and store them in the local cache
    gc      Garbage-collect rkt containers no longer in use
    help        Show a list of commands or help for one command
    list        List containers
    metadatasvc Run metadata service
    run     Run image(s) in an application container in rocket
    status      Check the status of a rkt container
    trust       Trust a key for image verification
    version     Print the version and exit

GLOBAL OPTIONS:
    --debug=false           Print out more debug information to stderr
    --dir=/var/lib/rkt      rocket data directory
    --help=false            Print usage information and exit
    --insecure-skip-verify=false    skip image or key verification

Run "rkt help <command>" for more details on a specific command.

パスに入れたいが/usr/bin/usr/local/binは書き込みできないので、/opt/bin以下に移動させる。

この時rktだけ移動させたらrunの時にエラーが出たので、stage1.aci/opt/binに移動する

まずは公開鍵をtrustする必要があると。

core@core-01 ~ $ sudo rkt trust --prefix coreos.com/etcd
Prefix: "coreos.com/etcd"
Key: "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg"
GPG key fingerprint is: 8B86 DE38 890D DB72 9186  7B02 5210 BD88 8818 2190
    CoreOS ACI Builder <release@coreos.com>
Are you sure you want to trust this key (yes/no)? yes
Trusting "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg" for prefix "coreos.com/etcd".
Added key for prefix "coreos.com/etcd" at "/etc/rkt/trustedkeys/prefix.d/coreos.com/etcd/8b86de38890ddb7291867b025210bd8888182190"

次にACIをfetchする

core@core-01 ~ $ sudo rkt fetch coreos.com/etcd:v2.0.0
rkt: searching for app image coreos.com/etcd:v2.0.0
rkt: fetching image from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.aci
Downloading ACI: [=================================            ] 2.78 MB/3.7 MB
Downloading signature from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.sig
rkt: signature verified:                                       ] 0 B/819 B
  CoreOS ACI Builder <release@coreos.com>
sha512-fa1cb92dc276b0f9bedf87981e61ecde
core@core-01 ~ $ sudo find /var/lib/rkt/cas/blob
/var/lib/rkt/cas/blob
/var/lib/rkt/cas/blob/sha512
/var/lib/rkt/cas/blob/sha512/fa
/var/lib/rkt/cas/blob/sha512/fa/sha512-fa1cb92dc276b0f9bedf87981e61ecde93cc16432d2441f23aa006a42bb873df

適当にrunしてみると、 github の coreos 以下あたりから探すっぽい?

core@core-01 /tmp/rocket-v0.3.2 $ sudo rkt run coreos.com/etcd
rkt: searching for app image coreos.com/etcd
rkt: fetching image from https://github.com/coreos/etcd/releases/download/latest/etcd-latest-linux-amd64.aci
error downloading the aci image: bad HTTP status code: 404

shaで起動できるのでダウンロードしたaciのハッシュを確認する。でrkt runで起動できた

core@core-01 ~ $ sudo find /var/lib/rkt/cas/blob
/var/lib/rkt/cas/blob
/var/lib/rkt/cas/blob/sha512
/var/lib/rkt/cas/blob/sha512/f2
/var/lib/rkt/cas/blob/sha512/f2/sha512-f264bbef7e8d7f53800835e73e7ae79657bd42dbbbaeea7c84db828b3dfe7414
/var/lib/rkt/cas/blob/sha512/fa
/var/lib/rkt/cas/blob/sha512/fa/sha512-fa1cb92dc276b0f9bedf87981e61ecde93cc16432d2441f23aa006a42bb873df
core@core-01 ~ $ sudo rkt run sha512-fa1cb92dc276b0f9bedf87981e61ecde93cc16432d2441f23aa006a42bb873df
2015/02/18 22:17:49 no data-dir provided, using default data-dir ./default.etcd
2015/02/18 22:17:49 etcd: listening for peers on http://localhost:2380
2015/02/18 22:17:49 etcd: listening for peers on http://localhost:7001
2015/02/18 22:17:49 etcd: listening for client requests on http://localhost:2379
2015/02/18 22:17:49 etcd: listening for client requests on http://localhost:4001
2015/02/18 22:17:49 etcdserver: name = default
2015/02/18 22:17:49 etcdserver: data dir = default.etcd
2015/02/18 22:17:49 etcdserver: heartbeat = 100ms
2015/02/18 22:17:49 etcdserver: election = 1000ms
2015/02/18 22:17:49 etcdserver: snapshot count = 10000
2015/02/18 22:17:49 etcdserver: advertise client URLs = http://localhost:2379,http://localhost:4001
2015/02/18 22:17:49 etcdserver: initial advertise peer URLs = http://localhost:2380,http://localhost:7001
2015/02/18 22:17:49 etcdserver: initial cluster = default=http://localhost:2380,default=http://localhost:7001
2015/02/18 22:17:49 etcdserver: start member ce2a822cea30bfca in cluster 7e27652122e8b2ae
2015/02/18 22:17:49 raft: ce2a822cea30bfca became follower at term 0
2015/02/18 22:17:49 raft: newRaft ce2a822cea30bfca [peers: [], term: 0, commit: 0, applied: 0, lastindex: 0, lastterm: 0]
2015/02/18 22:17:49 raft: ce2a822cea30bfca became follower at term 1
2015/02/18 22:17:49 etcdserver: added local member ce2a822cea30bfca [http://localhost:2380 http://localhost:7001] to cluster 7e27652122e8b2ae
2015/02/18 22:17:51 raft: ce2a822cea30bfca is starting a new election at term 1
2015/02/18 22:17:51 raft: ce2a822cea30bfca became candidate at term 2
2015/02/18 22:17:51 raft: ce2a822cea30bfca received vote from ce2a822cea30bfca at term 2
2015/02/18 22:17:51 raft: ce2a822cea30bfca became leader at term 2
2015/02/18 22:17:51 raft.node: ce2a822cea30bfca elected leader ce2a822cea30bfca at term 2
2015/02/18 22:17:51 etcdserver: published {Name:default ClientURLs:[http://localhost:2379 http://localhost:4001]} to cluster 7e27652122e8b2ae
core@core-01 ~ $ curl -L http://127.0.0.1:4001/v2/keys/mykey -XPUT -d value="this is awesome"
{"action":"set","node":{"key":"/mykey","value":"this is awesome","modifiedIndex":3,"createdIndex":3}}
core@core-01 ~ $ curl -L http://127.0.0.1:4001/v2/keys/mykey
{"action":"get","node":{"key":"/mykey","value":"this is awesome","modifiedIndex":3,"createdIndex":3}}

うん動いてる。デフォルトではネットワークはホストと同じなので普通にlocalhostを叩けば動いてる

バックグラウンドで動かすのはどうするんだ。と思ったら

https://github.com/coreos/rocket/blob/master/Documentation/commands.md#run-a-container-in-the-background

なるほどー

CoreOSは諦めてUbuntuでdocker2aciを試してみよう

続いてdocker2aciを試してみる

https://github.com/appc/docker2aci

docker2aciはgo getで入れる

:~$ docker2aci nginx
Downloading layer: 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158
Downloading layer: 30d39e59ffe287f29a41a3f8bd70734afc8728329e3289945cbdc5bbf07cd980
Downloading layer: c90d655b99b2ec5b7e94d38c87f92dce015c17a313caeaae0e980d9b9bed8444
Downloading layer: d9ee0b8eeda7cdce8daab64703c447b91bfa33a2753c448d754172614686478a
Downloading layer: 3225d58a895a27fcf9680bf608d8c743f6d040e2363769394841dc5a51ce97dd
Downloading layer: 224fea58b6ccee753e7ec49985d787ffadde80538549ef801722d608fe2c19b7
Downloading layer: ef9d79968cc61c3cb1d4c5d36f7d619d26a798ea8bf286757ad91d9c2ce59ece
Downloading layer: f22d05624ebc118eaa4b35a77c947e08149157bbc96fc08e6630990684458810
Downloading layer: 117696d1464ead0e4bc2e667d16699bdbbdc76ef891052ded1fb8a5296ad34e8
Downloading layer: 2ebe3e67fb764073178284f4166e1bae2e43c869950e9d8f22c350cbd4758cd7
Downloading layer: ad82b43d65959627eee7fe22881f500e83ef4d5f8965a6f7b094b8988ea6d3b2
Downloading layer: e90c322c3a1c8416eb76e6eec8ad2aac7ae2c37b9e6fe6d62cce8224f90e3001
Downloading layer: 4b5657a3d16202ebc510e4eb826e624277a4d0c5b970d470e57962d4af7cd348

~$ sudo rkt -debug run nginx-latest.aci
2015/02/19 16:05:02 Preparing stage1
2015/02/19 16:05:02 Wrote filesystem to /var/lib/rkt/containers/ef273d47-ab90-4728-876e-e14f5faedc73
2015/02/19 16:05:02 Loading image sha512-1927001e19e5614c59afe3739ca493c9a5b67d1d5617b4264ae075a6462be52c
2015/02/19 16:05:03 Writing container manifest
2015/02/19 16:05:03 Pivoting to filesystem /var/lib/rkt/containers/ef273d47-ab90-4728-876e-e14f5faedc73
2015/02/19 16:05:03 Execing /init
Spawning container rootfs on /var/lib/rkt/containers/ef273d47-ab90-4728-876e-e14f5faedc73/stage1/rootfs.
Press ^] three times within 1s to kill container.
/etc/localtime is not a symlink, not updating container timezone.
systemd 215 running in system mode. (-PAM -AUDIT -SELINUX +IMA -SYSVINIT +LIBCRYPTSETUP -GCRYPT -ACL -XZ +SECCOMP -APPARMOR)
Detected virtualization 'systemd-nspawn'.
Detected architecture 'x86-64'.

Welcome to Linux!

Initializing machine ID from container UUID.
[  OK  ] Created slice -.slice.
[  OK  ] Created slice system.slice.
         Starting Graceful exit watcher...
[  OK  ] Started Graceful exit watcher.
         Starting index.docker.io/nginx...
[  OK  ] Started index.docker.io/nginx.
[  OK  ] Reached target Rocket apps target.
nginx: invalid option: "off"
sha512-1927001e19e5614c59afe3739ca493c9.service: main process exited, code=exited, status=1/FAILURE
Service exit-watcher.service is not needed anymore. Stopping.
Unit sha512-1927001e19e5614c59afe3739ca493c9.service entered failed state.
Triggering OnFailure= dependencies of sha512-1927001e19e5614c59afe3739ca493c9.service.
Shutting down.
Sending SIGTERM to remaining processes...
Sending SIGKILL to remaining processes...
Unmounting file systems.
Unmounting /proc/sys/kernel/random/boot_id.
All filesystems unmounted.
Halting system.

Container rootfs has been shut down.

なんか変換はできてるっぽいけどよーわからん動かない

別のイメージで試してみよう。redisで

~$ docker2aci redis
Downloading layer: 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158
Downloading layer: 30d39e59ffe287f29a41a3f8bd70734afc8728329e3289945cbdc5bbf07cd980
Downloading layer: c90d655b99b2ec5b7e94d38c87f92dce015c17a313caeaae0e980d9b9bed8444
Downloading layer: b2418d3703c4248e07e98f97933cf61c6a9737d004b947b337eaf949116e846c
Downloading layer: a9be1f2beb10e5f25fadc462298d8d113c39beb32982b06d4bcad85824b764fe
Downloading layer: 97047ea9f5f491ebbb0628373e5b89f2ec0b9a3ff8c5d2e8780b700384c5ac17
Downloading layer: 643554a01e20021d05d6dde689ff810f1d97e0e43f7f2ec866d0fbbf452092ca
Downloading layer: b2d28145057ecf5a580c60373b5187f3fa2970a3c3086fc8ec42734560e8bfdf
Downloading layer: 2b9e6c467faf34498b938e6f2826c08694ba4914461c1cbf49e2ff62208676e0
Downloading layer: 74f42bf6da0cda3d7d5a3fb2c8724ae321817f0c4df863891bd3ce76c8a54013
Downloading layer: 239c3ae47786f0a1b85e78d46139aaa9a6405f6a063b64e45f8cd43e2161feea
Downloading layer: dbe0ee23d0a635bc6723afe7a6559fa08f6acf5ec18531de3db4aabff8fac43b
Downloading layer: 9ef278b3f543d5b49cd665cc8feaadeabd118a4be5096b2bd6a9a528e626a64c
Downloading layer: 9bf78464cc9210962d770b88eb6a9f0b74581f8f09cfff8f7756e16fc46e9c0c
Downloading layer: bfcd4901e679dd96bf85dda3e232c31b8c700d3a8a0716d266155d49aaa9624b
Downloading layer: cb1becc16e9ff42b18ca229312f1c07e75eab0e499a8fc540079a3546f4135dc
Downloading layer: 4380cd9116fa10a0ba96f392d3d8733a198fb5521fb68f2c8b214518f167b1c6
Downloading layer: 868be653dea3ff6082b043c0f34b95bb180cc82ab14a18d9d6b8e27b7929762c

Generated ACI(s):
redis-latest.aci

~$ sudo rkt -debug run redis-latest.aci
2015/02/19 16:10:07 Preparing stage1
2015/02/19 16:10:07 Wrote filesystem to /var/lib/rkt/containers/fd7cd31e-aad2-4862-8ee7-fde64c7830e9
2015/02/19 16:10:07 Loading image sha512-4d885ab6926ae039415e1f80eb5519e8e5e09ab6901f9b68120394d66b39fb9d
2015/02/19 16:10:08 Writing container manifest
2015/02/19 16:10:08 Pivoting to filesystem /var/lib/rkt/containers/fd7cd31e-aad2-4862-8ee7-fde64c7830e9
2015/02/19 16:10:08 Execing /init
Spawning container rootfs on /var/lib/rkt/containers/fd7cd31e-aad2-4862-8ee7-fde64c7830e9/stage1/rootfs.
Press ^] three times within 1s to kill container.
/etc/localtime is not a symlink, not updating container timezone.
systemd 215 running in system mode. (-PAM -AUDIT -SELINUX +IMA -SYSVINIT +LIBCRYPTSETUP -GCRYPT -ACL -XZ +SECCOMP -APPARMOR)
Detected virtualization 'systemd-nspawn'.
Detected architecture 'x86-64'.

Welcome to Linux!

Initializing machine ID from container UUID.
[  OK  ] Created slice -.slice.
[  OK  ] Created slice system.slice.
         Starting Graceful exit watcher...
[  OK  ] Started Graceful exit watcher.
         Starting index.docker.io/redis...
[  OK  ] Started index.docker.io/redis.
[  OK  ] Reached target Rocket apps target.
[3] 19 Feb 07:10:08.537 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
[3] 19 Feb 07:10:08.537 # You requested maxclients of 10000 requiring at least 10032 max file descriptors.
[3] 19 Feb 07:10:08.537 # Redis can't set maximum open files to 10032 because of OS error: Operation not permitted.
[3] 19 Feb 07:10:08.537 # Current maximum open files is 1024. maxclients has been reduced to 4064 to compensate for low ulimit. If you need higher maxclients increase 'ulimit -n'.
                _._
           _.-``__ ''-._
      _.-``    `.  `_.  ''-._           Redis 2.8.19 (00000000/0) 64 bit
  .-`` .-```.  ```\/    _.,_ ''-._
 (    '      ,       .-`  | `,    )     Running in stand alone mode
 |`-._`-...-` __...-.``-._|'` _.-'|     Port: 6379
 |    `-._   `._    /     _.-'    |     PID: 3
  `-._    `-._  `-./  _.-'    _.-'
 |`-._`-._    `-.__.-'    _.-'_.-'|
 |    `-._`-._        _.-'_.-'    |           http://redis.io
  `-._    `-._`-.__.-'_.-'    _.-'
 |`-._`-._    `-.__.-'    _.-'_.-'|
 |    `-._`-._        _.-'_.-'    |
  `-._    `-._`-.__.-'_.-'    _.-'
      `-._    `-.__.-'    _.-'
          `-._        _.-'
              `-.__.-'

[3] 19 Feb 07:10:08.538 # Server started, Redis version 2.8.19
[3] 19 Feb 07:10:08.539 * The server is now ready to accept connections on port 6379

動いた

バックグラウンドにできないので別のターミナルで叩いてみる

~$ redis-cli
127.0.0.1:6379> SET foo bar
OK
127.0.0.1:6379> GET foo
"bar"

できた。動くものは動くらしいが動かないものは動かないのでまぁきっとまだそんなもんだろう

次は仕様読んだり自分でイメージ作ったりしてみたいところ