FreeBSD port#2376
Conversation
akhramov
force-pushed
the
feature/freebsd-port
branch
2 times, most recently
from
65e58cb to
9ebbc95
Compare
|
A question: is there a way to tell containerd to use a specific runtime? |
akhramov
force-pushed
the
feature/freebsd-port
branch
from
9ebbc95 to
1b3204b
Compare
| "github.com/pkg/errors" | ||
| ) | ||
|
|
||
| func (lm *localMounter) Mount() (string, error) { |
There was a problem hiding this comment.
Why is this copy needed? And why is it missing the single layer direct mount that exists in linux?
There was a problem hiding this comment.
why is it missing the single layer direct mount that exists in linux?
Bind mounts are not supported in FreeBSD. Rather, we use nullfs instead. So the condition like (lm.mounts[0].Type == "bind" || lm.mounts[0].Type == "rbind") must return false.
Perhaps I am missing something, but the rest of the function should handle the single layer direct mount case.
But I don't think that the copy itself is necessary, thanks!
There was a problem hiding this comment.
I don't know exactly what is the difference between nullfs and bind but if there is no technical limitation then the freebsd code should detect the single layer as well, eg. lm.mounts[0].Type == "nullfs". For better performance and to avoid privileged call in tests when it is not needed. Plus to just be consistent with linux.
There was a problem hiding this comment.
Gotcha, thanks.
We still need root privileges to mount nullfs, though
https://pkg.go.dev/github.com/containerd/containerd#WithDefaultRuntime |
akhramov
force-pushed
the
feature/freebsd-port
branch
from
1b3204b to
877d64a
Compare
|
Thanks for the review! To outline things left to be done:
|
akhramov
force-pushed
the
feature/freebsd-port
branch
from
877d64a to
733c929
Compare
Heads up that if you also want to include buildkitd in binaries then (at least most of the) integration tests need to also run in CI first(skipped atm). For only Full matrix is not needed for freebsd integration tests. Single worker or random worker is fine. For the workers, oci worker needs to be supported, containerd is optional. |
akhramov
force-pushed
the
feature/freebsd-port
branch
from
733c929 to
1128a01
Compare
Honestly, I tested just containerd support locally. I am going to test OCI workers & enable both in CI. As for unit tests, it depends on moby/moby#42903 |
|
Feel free to add linux build tag to https://github.com/moby/buildkit/blob/master/util/testutil/integration/dockerd.go unless you actually want to run tests through docker as well. |
akhramov
force-pushed
the
feature/freebsd-port
branch
from
1128a01 to
30b3c08
Compare
|
Rebased the branch. Moving to draft, since I didn't have adequate amount of resources lately to finish this. |
|
Needs rebase |
akhramov
force-pushed
the
feature/freebsd-port
branch
4 times, most recently
from
875a392 to
019eb04
Compare
akhramov
force-pushed
the
feature/freebsd-port
branch
3 times, most recently
from
d146aa7 to
56d9e11
Compare
|
Just curious if there any movement on this? |
|
After rebasing on my side, I see some errors when building buildkit: https://github.com/crazy-max/buildkit/actions/runs/5193670842/jobs/9364508523#step:4:348 We might need upstream changes in moby. Looks related to moby/moby#44210 (cc @corhere) |
|
@crazy-max confirming. Created a simple patch to fix that: moby/moby#45724 |
|
So this is blocked on Moby after the chroot updates there? Do we need to remove it from the milestone? |
Yes I guess we need to move this out of the milestone while waiting for upstream changes in moby. |
|
Assuming we would follow up with the correct fix, I think I would be ok with switching from chrootarchive to the unsafe archive pkg with a build tag if you like. The FreeBSD support would be experimental and not supported anyway. Looks like the only place is https://github.com/moby/buildkit/blob/master/solver/llbsolver/file/unpack.go#L38 |
We could do that. But I think we're pretty close to reaching a proper solution in moby/moby#45724 |
There was a problem hiding this comment.
This minimal impl looks good to me to start with but like @tonistiigi said in #2376 (comment) we should look at the integration tests if you want to ship freebsd binaries in our release pipeline. We probably also need runj in the vagrant file to use it as runtime in the integration tests and create an executor for it.
Let's tackle this in follow-up.
And thanks for your patience and sorry it took so much time!
PTAL @AkihiroSuda @jedevc
| } | ||
|
|
||
| if tracingSocket != "" { | ||
| if tracingSocket != "" && runtime.GOOS != "freebsd" { |
There was a problem hiding this comment.
It looks like this could maybe use nullfs as well? Or is there some other tracing limitation for freebsd, in which case we should add an explicit comment.
There was a problem hiding this comment.
We should avoid the explicit check here anyways, we should change the signature of getTracingSocketMount to return a pointer, so we can return nil and skip adding the mount in this case (since we have the compile time inclusion).
There was a problem hiding this comment.
is there some other tracing limitation for freebsd
It used to be, but not anymore. nullfs now supports file mounts (https://mastodon.world/@dfr/109541463582011998), so now we can have a mount here. Thanks!
Update: can't mount sockets with this: #2376 (comment)
|
@akhramov test-freebsd-amd64 looks to be failing in CI 👀 |
Yes, Had to rollback the previous change (+ implemented a pointer-based solution to #2376 (comment)) |
Buildkit code is mostly generic enough to support FreeBSD, however
there are some quirks / infrastructural pieces that need to be
addressed for full support, to name some
- contenthash.NewFromStat attempts to set Devmajor / Devminor for
regular files, assuming that RDev is zero for regular
files. Unlike on Linux, it's not the case for FreeBSD.
- containerdexecutor.Run uses bind mounts for rootfs. Bind mounts
are not supported in FreeBSD and we should use nullfs instead
- There is no CI job to run tests on FreeBSD
- Some dependencies weren't ported
This change ports buildkit to FreeBSD
Signed-off-by: Artem Khramov <akhramov@pm.me>
Co-authored-by: Akihiro Suda <suda.kyoto@gmail.com>
When I made the nullfs file-mount change, I was being quite conservative and ended up just allowing regular files and directories. I think it would be reasonable to add sockets and maybe fifos to the list. |
|
@jedevc sorry to bother you, but is there anything I've missed that might prevent us from moving forward? |
tonistiigi
left a comment
tonistiigi
left a comment
There was a problem hiding this comment.
follow-up: there are some runtime OS checks left that would be better with build tag so we don't ship the freebsd specific code(although only a couple of lines) on linux.
|
@akhramov just noticed a failure in https://github.com/moby/buildkit/actions/runs/5737387826/job/15548937738. It looks like the server crashed, but I'm having difficulty working out what exactly has gone wrong - is there someway in CI that we could grab the buildkitd logs? |
| defer lm.mu.Unlock() | ||
|
|
||
| if lm.target != "" { | ||
| if err := mount.Unmount(lm.target, 0); err != nil { |
There was a problem hiding this comment.
Shouldn't this be mount.UnmountRecursive?
| path: ./bin/testreports | ||
|
|
||
| test-freebsd-amd64: | ||
| runs-on: macos-12 |
There was a problem hiding this comment.
Not an issue: is there a reason why it uses macOS?
There was a problem hiding this comment.
Because the standard Linux instances on GHA do not support nested virtualization
|
@akhramov Looks like the CI side is completely down atm if you have a moment to check what is going on. |
|
@tonistiigi sure, #4180 seems to be a decent idea (also sped up the pipeline) |
13 participants
Buildkit code is mostly generic enough to support FreeBSD, however
there are some quirks / infrastructural pieces that need to be
addressed for full support, to name some
contenthash.NewFromStatattempts to set Devmajor / Devminor forregular files, assuming that
RDevis zero for regularfiles. Unlike on Linux, it's not the case for FreeBSD.
containerdexecutor.Runuses bind mounts for rootfs. Bind mountsare not supported in FreeBSD and we should use
nullfsinsteadThere is no CI job to run tests on FreeBSD
Some dependencies weren't ported
This change
tonistiigi/fsutilanddocker/dockerversionsSigned-off-by: Artem Khramov akhramov@pm.me