[RFC] OpenWrt within a Docker container
Paul Spooren
mail at aparcar.org
Tue May 18 09:54:19 PDT 2021
On 5/17/21 11:09 PM, Fernando Frediani wrote:
> Hello
>
> Certainly run /sbin/init or 'procd' to have *OpenWrt-like experience*
> is a better approach in my view.
So do you prefer to disable some services and make some init-scripts
"container aware"?
>
> Regards
> Fernando
>
>
> On 17/05/2021 15:39, Paul Spooren wrote:
>> Hello,
>>
>> after some back and forth I'd like to request some more opinions on
>> what kind of Docker containers to offer containing the OpenWrt
>> rootfs. This is not about the SDK or ImageBuilder Docker containers.
>>
>> tl;dr:
>>
>> Should we ship `slim` containers only, running a OpenWrt shell (ash)
>> and nothing more? Whoever wants services to run (e.g. ubus) should
>> run additional containers and glue them together via mounts? Or
>> should we run /sbin/init or `procd` to have a *OpenWrt-like
>> experience*, with LuCI, ubusd and friends.
>>
>> /tl;dr
>>
>> Currently the `openwrt/rootfs` container is shipped with minimal
>> modifications and starts `/sbin/init` as default action.
>>
>> Running the container for e.g. LuCI development within a local shell
>> results in the following output:
>>
>> ```
>> user at reactor:~$ docker run -it openwrt/rootfs
>> Failed to resize receive buffer: Operation not permitted
>> /etc/preinit: line 5: can't create
>> /sys/devices/system/cpu/microcode/reload: Read-only file system
>> ip: RTNETLINK answers: Operation not permitted
>> Press the [f] key and hit [enter] to enter failsafe mode
>> Press the [1], [2], [3] or [4] key and hit [enter] to select the
>> debug level
>> ip: can't send flush request: Operation not permitted
>> ip: SIOCSIFFLAGS: Operation not permitted
>> Please press Enter to activate this console.
>> --- %< ---
>> root at da3dfbdc5ae4:/#
>>
>> ```
>>
>> Some init scripts fail due to missing privileges. The console input
>> is only possible by using a patched /etc/inittab file and multiple
>> services keep failing, most problematic the `network` service since
>> it tries and fails in a fast loop to flush some interfaces.
>>
>> A possible patch is available[1] which disables services obsolete
>> within a Docker environment, however this would "flaw" the
>> *OpenWrt-like experience*.
>>
>> Another, probably better approach could be to have *slim-containers*
>> which only run `ash` and let the user start whatever is needed, e.g.
>> `ubusd && uhttpd` and thereby have access to a LuCI interface to play
>> with.
>>
>> This would follow the experience from other popular containers like
>> `alpine` or `debian`. This would also allow us to become an
>> "official" container, which would allow to be used as `docker run -it
>> openwrt` rather than `docker run -it openwrt/rootfs`. Some efforts
>> were made here[2].
>>
>> I'd prefer the latter option; only offer SDK and ImageBuilder and let
>> the rootfs become a "official" Docker container without any running
>> services. Whoever needs services can use `FROM openwrt` within a
>> Dockerfile and run whatever is needed.
>>
>> Best,
>> Paul
>>
>> [1]: https://gitlab.com/openwrt/docker/-/merge_requests/47
>> [2]: https://github.com/docker-library/official-images/pull/7975
>>
>>
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel at lists.openwrt.org
>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list