...

Overview

Downloadable Application Containers (DAC) is a pan-RDK initiative to develop a container solution that allows binary applications to be downloaded and run on STBs without modification. DAC is initially targeting RDK-V set-top boxes but the aim is to extend DAC to suitable RDK-B devices in due course. DAC is a co-operation effort between Comcast, Sky, Liberty Global, Metrological and Consult Red.

...

Crun is a different implementation of an OCI runtime, this time written in C and optimised for performance and a low memory footprint. It is developed at RedHat and is currently in use by Podman in Fedora, and is planned to be used in a main RHEL release soon. This is the runtime supported by Dobby and will be used in as the default runtime across RDK.

Dobby Overview

Dobby is a container management tool, originally developed by Sky and open-sourced to the RDK community. Dobby is a daemon-based program that makes use of the crun runtime and provides a more user-friendly experience for starting/stopping containers, handles container lifecycle management and enhancing the base functionality provided by crun.

...

• Advanced container networking support with NAT and both IPv4 and IPv6 support. Allows for easily adding iptables rules to allow/prevent traffic flow in and out of container
• GPU memory limiting (providing the kernel has the appropriate support)
• Container log management to either files or directly to journald
• Loopback storage mounts to add persistent, isolated storage to containers
• Allowing IPC support between containers/host by allowing access to the host dbus inside containers

Plugins are C++ code written against the plugin interface, allowing for operators to easily add additional functionality, or modify existing functionality easily. All the plugins for Dobby can be found in the RDKPlugins directory in the repo here: https://github.com/rdkcentral/Dobby/tree/master/rdkPlugins. Each plugin contains a README file with documentation on its usage. The TestPlugin is designed as a minimal reference plugin that can be used as an example for your own development. Note there is a directory in the Dobby repo called plugins which containers legacy plugins required for some platforms. These should not be used as a reference for new plugins.

...

The core component of Dobby is the DobbyDaemon. This should be started at STB boot and then listens over dbus for commands. The full dbus API of Dobby can be found here: https://github.com/rdkcentral/Dobby/blob/master/protocol/include/DobbyProtocol.h, although it is not recommended to communicate with Dobby manually over dbus. Instead, Dobby provides abstractions over dbus which are discussed later in this document.

Dobby ships with a systemd unit file called sky-dobby.service, which allows Dobby to be started/stopped by systemd. DobbyDaemon logs are sent to journald.Once the daemon is running, there are a number of ways to interact with Dobby

Command-Line

For debug builds of Dobby, the DobbyTool binary is installed on the STB. This is a simple command line app that communicates with Dobby directly over dbus to issue common commands. This is very useful for troubleshooting and testing Dobby.

DobbyTool offers the following commands:

vagrant@dobby-vagrant:~/srcDobby/build$ DobbyTool help
quit              quit
help              help [command]
shutdown          shutdown
start             start [options...] <id> <specfile/bundlepath> [command]
stop              stop <id> [options...]
pause             pause <id>
resume            resume <id>
exec              exec [options...] <id> <command>
list              list
info              info <id>
dumpspec          dumpspec <id> [options...]
bundle            bundle <id> <specfile> [options...]
set-dbus          set-dbus <private>|<public> <address>

Some commands offered by DobbyTool (mainly dumpspec) are to allow compatibility with the legacy Dobby Spec input format (instead of OCI bundles), which are deprecated and maintained only for backwards compatibility with existing deployments.

...

Integration with Thunder

OCIContainers Plugin

To control Dobby using a JSON-RPC API, then use the OCIContainer Thunder NanoService. The source code for OCIContainer can be found here https://github.com/rdkcentral/rdkservices/tree/master/OCIContainerThis exposes the same functionality as DobbyTool, but in a manner more suited for integration into other code. Example of OCIContainer to start a container from an OCI bundle:

$ curl -X POST http://127.0.0.1:9998/jsonrpc/ -d '{
   "jsonrpc":"2.0",
   "id":3,
   "method":"org.rdk.OCIContainer.1.startContainer",
   "params":{
      "containerId": "testContainer",
      "bundlePath": "[-INSERT BUNDLE PATH-]"
   }
}'

{
   "jsonrpc":"2.0",
   "id":3,
   "result":{
      "descriptor":257,
      "success":true
   }
}

The OCIContainer code  OCIContainer code contains a README.md file with detailed documentation on its usage , and includes a test script (test/ociContainerTest.sh) that can be used to ensure Dobby/OCIContainer is working as expected-  see here: https://github.com/rdkcentral/rdkservices/blob/sprint/2009/OCIContainer/README.md

ProcessContainers

Thunder includes the ability to run plugins in containers as well as the traditional in/out of process modes. Thunder offers different back-ends for running Thunder plugins in containers, one of which is Dobby. This mode will communicate with Dobby to start/stop Thunder plugins inside Dobby containers. This provides the advantage of meaning Dobby is responsible for running all types of container on the STB, from native apps to Thunder plugins.

To enable this, compile Thunder with the following CMake flags:

• -DPROCESS_CONTAINERS=ON
• -DPROCESSCONTAINERS_DOBBY=ON

Then for the plugin(s) you wish to run in a container, set the execution mode to "container" in the plugin configuration file.

Creating OCI bundles for Dobby

To run an application as a Dobby container, the application must be packed as an OCI bundle. This bundle can come from many different sources - it could be manually created or generated from an OCI image.

An OCI bundle consists of two key components:

• Root file system - a directory containing the root filesystem of the container
• Config.json - the container configuration

The exact structure of this bundle is defined in the OCI runtime specification here: https://github.com/opencontainers/runtime-spec/blob/master/spec.md. Dobby is fully compliant with version 1.0.2 of the specificationThe Dobby source code contains a few example OCI bundles in the tests directory, although more tooling to allow easier generation of OCI bundles is under development.

For more information on how to create OCI bundles from scratch, see the following pages:

• https://github.com/opencontainers/runtime-spec/blob/master/bundle.md
• https://github.com/opencontainers/runc#creating-an-oci-bundle
• https://chromium.googlesource.com/external/github.com/docker/containerd/+/refs/tags/v0.2.0/docs/bundle.md

BundleGen

As part of the DAC project, Consult Red created a standalone tool to accompany Dobby called BundleGen. This is a command line tool designed to convert OCI images into OCI bundles that can be run by Dobby. BundleGen is designed to run off-box in a cloud environment and uses template files to create the bundles tailed for a given RDK platform. The repo includes sample templates for the Dobby Vagrant VM and the RPi.

For more information and documentation on BundleGen, see the repo here: https://github.com/rdkcentral/BundleGen/tree/master/docs

Source Code/Development

Dobby source code lives on the RDKCentral GitHub here: https://github.com/rdkcentral/Dobby and is Apache 2.0 licenced.

...