RDK Resources
[*RDK Preferred*]
Code Management Facility
RDK Forums
[RDK Conferences]
RDK Support
Archives
Papers & Presentations Archive
Page History
| Table of Contents |
|---|
This document explains about how to build RDKB containerization image and use it. In addition it also has some useful commands which can be used to handle the containers
Procedure to create new container with Build steps
The code is developed and changes made in necessary files for containerization.
Below are the list of steps that needs to performed for creating a container for any component or application
- Code Sync /Download
To download code, following commands are needed to be executed
- Creation of XML file
- Include XML file in container generator recipe - lxc-container-generator-native.bbappend
- Providing File permission for the containers
- Allowing D-Bus socket to access the containers (Specific to RDK-B Architecture)
- Building the lxc image
- Flashing the container image
Code Sync/Download
To download code, following commands are needed to be executed
| Code Block | ||||
|---|---|---|---|---|
| ||||
| Code Block | ||||
| ||||
$ repo init -u https://code.rdkcentral.com/r/manifests<url> -m <manifest file> rdkb-raspberrypi.xml -b morty-b <branch> $ repo sync -j4 --no-clone-bundle #Container Branch $ repo init -u https://code.rdkcentral.com/r/manifests -b rdkb-container -m rdkb-container.xml $ repo sync -j4 -j4 --no-clone-bundle--no-clone-bundle |
Creation of XML file
Create a *.xml file on the following path meta-cmf-raspberrypi/recipes-containers/lxc-container-generator/files/xml/*.xml
This xml file would describe the following parameters for an container generation
- Launcher Name
- Application Name with path
- lxc config file creation
- rootfs creation
| Code Block | ||
|---|---|---|
| ||
<?xml version="1.0" encoding="ISO-8859-1"?>
<CONTAINER SandboxName="CONTAINER_FOLDER_NAME">
<LxcParams>
<LauncherName>"LAUNCHER_SCRIPT_NAME"</LauncherName>
<ExecName>"APPLICATION_NAME_WITH_PATH"</ExecName>
<ExecParams>"COMMAND_LINE_ARGUMENTS"</ExecParams>
<SystemdNotify create="yes">
<PidFile>"PID_FILE_WITH_PATH"</PidFile>
</SystemdNotify>
<StopFunction enable="true"></StopFunction>
</LxcParams>
<LxcConfig>
- <UserName>"USER_NAME"</UserName>
<GroupName>"GROUP_NAME"</GroupName>
<CGroupSettings>
<DeviceCgroup>
<DevicesDeny>a</DevicesDeny>
<AllowDefaultDevices enable="yes"/>
</DeviceCgroup>
</CGroupSettings>
<Environment>
<Variable>DBUS_SESSION_BUS_ADDRESS=unix:path=/var/run/dbus/system_bus_socket</Variable>
</Environment>
<Network type="none"></Network>
<Dbus enable="true"></Dbus>
<Rootfs create="yes">
<MountPoints>
<!-- /bin -->
<Entry type="file">
<Source>/bin/sh</Source>
<Destination>bin/sh</Destination>
<Options>ro,bind,nosuid,nodev</Options>
</Entry>
<!-- /proc -->
<Entry type="dir">
<Source>proc</Source>
<Destination>proc</Destination>
<FsType>proc</FsType>
<Options>defaults,noexec,nosuid,nodev,hidepid=2</Options>
</Entry>
</MountPoints>
<LibsRoBindMounts>
<Entry>ld</Entry>
<Entry>libtr181</Entry>
<Entry>libxml2</Entry>
<Entry>libz</Entry>
<Entry>libccsp_common</Entry>
</LibsRoBindMounts>
</Rootfs>
</LxcConfig>
</CONTAINER>
|
| Code Block | ||||
|---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="ISO-8859-1"?>
<CONTAINER SandboxName="PSMSSP">
<LxcParams>
<LauncherName>PsmSsp</LauncherName>
<ExecName>/usr/bin/PsmSsp</ExecName>
<ExecParams>-subsys eRT.</ExecParams>
<SystemdNotify create="yes">
<PidFile>/var/tmp/PsmSsp.pid</PidFile>
</SystemdNotify>
<StopFunction enable="true"></StopFunction>
</LxcParams>
<LxcConfig>
- <UserName>psm</UserName>
<GroupName>psm</GroupName>
<CGroupSettings>
<DeviceCgroup>
<DevicesDeny>a</DevicesDeny>
<AllowDefaultDevices enable="yes"/>
</DeviceCgroup>
</CGroupSettings>
<Environment>
<Variable>DBUS_SESSION_BUS_ADDRESS=unix:path=/var/run/dbus/system_bus_socket</Variable>
</Environment>
<Network type="none"></Network>
<Dbus enable="true"></Dbus>
<Rootfs create="yes">
<MountPoints>
<!-- /bin -->
<Entry type="file">
<Source>/bin/sh</Source>
<Destination>bin/sh</Destination>
<Options>ro,bind,nosuid,nodev</Options>
</Entry>
<Entry type="file">
<Source>/usr/bin/PsmSsp</Source>
<Destination>usr/bin/PsmSsp</Destination>
<Options>ro,bind,nosuid,nodev</Options>
</Entry>
<Entry type="file">
<Source>/bin/touch</Source>
<Destination>bin/touch</Destination>
<Options>ro,bind,nosuid,nodev</Options>
</Entry>
<Entry type="file">
<!--rdklogs-->
<Entry type="dir">
<Source>/rdklogs</Source>
<Destination>rdklogs</Destination>
<Options>rw,bind,noexec,nosuid</Options>
</Entry>
</MountPoints>
<LibsRoBindMounts>
<Entry>ld</Entry>
<Entry>libtr181</Entry>
<Entry>libxml2</Entry>
<Entry>libz</Entry>
<Entry>libccsp_common</Entry>
<Entry>libsyscfg</Entry>
<Entry>libsysevent</Entry>
...
<Entry>liblzma</Entry>
<Entry>libdl</Entry>
<Entry>libtinfo</Entry>
</LibsRoBindMounts>
</Rootfs>
</LxcConfig>
</CONTAINER> |
Include XML file in container generator recipe - lxc-container-generator-native.bbappend
Include the lxc_conf_<NAME>.xml file on the bb file meta-cmf-raspberrypi/recipes-containers/lxc-container-generator/lxc-container-generator-native.bbappend
| Code Block | ||
|---|---|---|
| ||
#For example, Adding lxc_conf_Psm.xml to the recipie
SRC_URI_append = "${@bb.utils.contains('DISTRO_FEATURES', 'lxc-secure-containers-br', ' file://xml/lxc_conf_Psm.xml ', '', d)}"
do_install_append () {
${@bb.utils.contains('DISTRO_FEATURES', 'lxc-secure-containers-br', ' install_lxc_config secure lxc_conf_Psm.xml ', '', d)}
} |
Providing File permission for the containers
Provide user permission for the new container to run as unprivileged , in meta-cmf-raspberrypi/recipes-core/images/add-users-groups-file-owners-and-permissions-broadband.inc
Following changes need to be added, new container which will create userid and groupid for container about to create with necessary permission
| Code Block | ||
|---|---|---|
| ||
EXTRA_USERS_PARAMS += "\
useradd -u <uid> -G dbusgrp -r -s /bin/false <container_user_name> ; \
ROOTFS_CHOWN_SETCAP += " -o <container_user_name>:<container_group_name> -m o-rwx /usr/bin/application_name \n"
---------------------------------------------------------------------------------------------------------------------
#Adding PSM permission
EXTRA_USERS_PARAMS += "\
useradd -u 703 -G dbusgrp -r -s /bin/false psm ; \
ROOTFS_CHOWN_SETCAP += " -o psm:psm -m o-rwx /usr/bin/PsmSsp \n" |
Allowing D-Bus socket to access the containers (Specific to RDK-B Architecture)
Dbus socket should allow the newly created conatiner to access system bus, to do so ,we need to add the conatiner user name to system.conf
| Code Block | ||
|---|---|---|
| ||
#Add the new user name in below line ,
sed -i '/allow user/c\<deny user="*"/>\n<allow user="ccspcr"/>\n<allow user="psm"/>\n<allow user="pandm"/>\n<allow user="ccspwifi"/>\n<allow user="USER_NAME"/>\n<allow user="ccsplmlite"/>\n<allow user="root"/>' ${D}/usr/share/dbus-1/system.conf
|
Building the lxc image
Compile/build
Go to the <workspace>
...
| Code Block | ||
|---|---|---|
| ||
$ bitbake <component> -c compile -f |
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ bitbake ccsp-dmcli -c compile -f |
...
<ImageName.rootfs.rpi-sdimg>
Ex:
Path:
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ cd container-work/build-raspberrypi-rdk-broadband-lxc/tmp/deploy/images/ |
...
raspberrypi-rdk-broadband-lxcrdk-generic-broadband-lxc-image_default_20190327101556.rootfs.rpi-sdimg
Flashing the container image
Command to flash the image
...
| Code Block | ||
|---|---|---|
| ||
$ sudo dd if=<path to ImageName.rootfs.rpi-sdimg> of=<path to SD card space> bs=4M |
Ex:
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ sudo dd if=rdkb-generic-broadband-image_default_20181026100202.rootfs.rpi-sdimg of=/dev/sdd bs=4M
|
The SD card is inserted to the Raspberry Pi board and booted to check for containers created.
The Raspberry Pi board is connected to the PC via a USB to serial converter and the logs can be checked in console or can be connected via HDMI cable to a TV and logs will be shown in the terminal
Steps/commands to be executed to check for successful container generation
1.Check for the container generated in the following path: :
| Code Block | ||
|---|---|---|
| ||
/container/<container_name>/ |
Three folders will be generated under <container_name>:
...
The above folders will be created automatically based on the xml files written in the workspace.Path :
| Code Block | ||||
|---|---|---|---|---|
| ||||
<workspace>/meta-cmf-raspberrypi/recipes-containers/lxc-container-generator/files/xml/<container.xml> |
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
container-work/meta-cmf-raspberrypi/recipes-containers/lxc-container-generator/files/xml/lxc_conf_CcspPandMSsp.xml |
...
2.Check all the processes running in regard to lxc.
| Code Block | ||
|---|---|---|
| ||
$ ps -Af | grep lxc |
...
5530 | root | 0.00 | /usr/bin/lxc-execute -n PSMSSP -f /container/PSMSSP/conf/lxc.conf -- /usr/bin/PsmSsp -subsys eRT . |
5534 | psm | 0.00 | /init.lxc.static –gid 705 –uid 705 -- /usr/bin/PsmSsp -subsys eRT . |
6433 | root | 0.00 | /usr/bin/lxc-execute -n CCSPPANDM -f /container/CCSPPANDM/conf/lxc.conf -- /usr/bin/gw_prov_utopia |
6435 | pandm | 0.00 | /init.lxc.static –gid 706 –uid 706 -- /usr/bin/gw_prov_utopia |
6520 | root | 0.00 | /usr/bin/lxc-execute -n DBUS -f /container/DBUS/conf/lxc.conf -- /usr/bin/dbus-daemon –system –nofork –nopidfile –systemd-activation |
6532 | dbus | 0.00 | /init.lxc.static –gid 703 –uid 703 -- /usr/bin/dbus-daemon –system –nofork –nopidfile –systemd-activation |
6574 | root | 0.00 | /usr/bin/lxc-execute -n CCSPCR -f /container/CCSPCR/conf/lxc.conf -- /usr/bin/CcspCrSsp -subsys eRT . |
6577 | ccspcr | 0.00 | /init.lxc.static –gid 704 –uid 704 -- /usr/bin/CcspCrSsp -subsys eRT . |
6737 | root | 0.00 | grep lxc |
WiFi Container :: Manual Start
Due to some limitations in invoking wifi driver with container permission, ccspwifi container has to be run manually in latest environment with below procedure
...
1. Run respective container scripts to execute individual container when container fails in boot up process:
| Code Block | ||
|---|---|---|
| ||
$ sh /container/<Container Name>/launcher/<container.sh> start |
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ sh /container/PSMSSP/launcher/PsmSsp.sh start |
...
| Code Block | ||
|---|---|---|
| ||
$ lxc-attach -n CCSPWIFI -f /container/CCSPWIFI/conf/lxc.conf |
Ex:
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ lxc-attach -n CCSPWIFI -f /container/CCSPWIFI/conf/lxc.conf |
...
Component registrar acts as a centralized container for registration of all the component containers with their respective name, version, dbus path and namespace.
Useful commands for container execution
lxc-execute
This command is used to quickly launch a container in an isolated environment. It mainly runs the specified command into the container via intermediate process lxc-init (forwards the received signal to starting command). Lxc-execute uses the configurations specified by the lxc-create process.Ex:
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ lxc-execute -n DBUS -f /container/DBUS/conf/lxc.conf $ lxc-execute -n PSMSSP -f /container/PSMSSP/conf/lxc.conf $ lxc-execute -n CCSPPANDM -f /container/CCSPPANDM/conf/lxc.conf $ lxc-execute -n CCSPWIFI -f /container/CCSPWIFI/conf/lxc.conf $ lxc-execute -n CCSPCR -f /container/CCSPCR/conf/lxc.conf |
lxc-attach
This command attaches to the container namespace and run a specified command inside, the already executing container.
Ex:
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ lxc-attach -n DBUS -f /container/DBUS/conf/lxc.conf $ lxc-attach -n PSMSSP -f /container/PSMSSP/conf/lxc.conf $ lxc-attach -n CCSPPANDM -f /container/CCSPPANDM/conf/lxc.conf $ lxc-attach -n CCSPWIFI -f /container/CCSPWIFI/conf/lxc.conf $ lxc-attach -n CCSPCR -f /container/CCSPCR/conf/lxc.conf |
hostapd
hostapd is software daemon used for turning the normal network interface to access point.
Ex:
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ hostapd -B /nvram/hostapd0.conf |
...
Overview
Community Forums
Content Tools
Tasks