Update the embed process:

This removes the need to mv the
directory of embedded images. This is
accomplished by bind mount (rw) the
read only images location onto the /var/lib/docker
directory in the Hook-docker container.

This means that start up doesn't need to wait for
the mv command to complete. So startup doesn't incur
any delay like it was with the mv. This also means that
we can embed a lot more images with having start up issue.
In testing, I found that if enough images, compared to the
amount of memory available, were embedded then HookOS would
not boot up. It would max out on memory. It's possible with
enough time that it would have booted but i didnt wait longer
than about 30min.

Signed-off-by: Jacob Weinstock <[email protected]>

Author: jacobweinstock

README.md

@@ -166,6 +166,8 @@ For use cases where having container images already available in Docker is neede
 
 > Note: This is optional and no container images will be embedded by default.
 
+> Note: This will increase the overall size of HookOS. As HookOS is an in memory OS, make sure that the size increase works for the machines you are provisioning.
+
 1. Create a file named `images.txt` in the [images/hook-embedded/](images/hook-embedded/) directory.
 1. Populate this `images.txt` file with the list of images to be embedded. See [images/hook-embedded/images.txt.example](images/hook-embedded/images.txt.example) for details on the required file format.
 1. Change directories to [images/hook-embedded/](images/hook-embedded/) and run [`pull-images.sh`](images/hook-embedded/pull-images.sh) script when building amd64 images and run [`pull-images.sh arm64`](images/hook-embedded/pull-images.sh) when building arm64 images. Read the comments at the top of the script for more details.

images/hook-docker/Dockerfile

@@ -13,5 +13,6 @@ RUN strip /usr/local/bin/docker /usr/local/bin/dockerd /usr/local/bin/docker-pro
 # Purge binutils package after stripping
 RUN apk del binutils
 COPY --from=dev /hook-docker .
+COPY entrypoint.sh /entrypoint.sh
 
-ENTRYPOINT ["/hook-docker"]
+ENTRYPOINT ["/entrypoint.sh"]

images/hook-docker/entrypoint.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -xeuo pipefail
+
+# This allows us to embed container images into HookOS.
+# We assume that any images are stored in /etc/embedded-images.
+# The /etc directory in Linuxkit is a read-only filesystem.
+# DinD requires that its data directory is writable.
+# So we bind mount /etc/embedded-images to /var/lib/docker to make it writable.
+mount --bind /etc/embedded-images/ /var/lib/docker
+mount -o remount,rw /var/lib/docker
+
+/hook-docker

images/hook-embedded/Dockerfile

@@ -1,5 +1,5 @@
 FROM scratch
 ENTRYPOINT []
 WORKDIR /
-COPY ./images/ /
+COPY ./images/ /etc/embedded-images/
 CMD []

linuxkit-templates/hook.template.yaml

@@ -23,22 +23,9 @@ init:
   - "${HOOK_CONTAINER_CONTAINERD_IMAGE}"
   - linuxkit/ca-certificates:v1.0.0
   - linuxkit/firmware:24402a25359c7bc290f7fc3cd23b6b5f0feb32a5 # "Some" firmware from Linuxkit pkg; see https://github.com/linuxkit/linuxkit/blob/master/pkg/firmware/Dockerfile
-
-volumes:
-  - name: embedded-images
-    image: "${HOOK_CONTAINER_EMBEDDED_IMAGE}"
+  - "${HOOK_CONTAINER_EMBEDDED_IMAGE}"
 
 onboot:
-  - name: embedded-images
-    image: alpine
-    binds:
-      - /var/run/images:/var/run/images
-      - embedded-images:/images
-    command: [ "sh", "-xc", "mv /images/* /var/run/images/" ]
-    runtime:
-      mkdir:
-        - /var/run/images
-
   - name: rngd1
     image: linuxkit/rngd:v1.0.0
     command: [ "/sbin/rngd", "-1" ]
@@ -196,6 +183,7 @@ services:
       - /var/run/docker:/var/run
       - /var/run/images:/var/lib/docker
       - /var/run/worker:/worker
+      - /etc/embedded-images/:/etc/embedded-images/
     runtime:
       mkdir:
         - /var/run/images