RDK Resources
[*RDK Preferred*]
Code Management Facility
RDK Forums
[RDK Conferences]
RDK Support
Archives
Papers & Presentations Archive
Table of Contents |
---|
This document explains about how to build RDKB containerization image and use it. In addition it also has some useful commands which can be used to handle the containers
The code is developed and changes made in necessary files for containerization.
Below are the list of steps that needs to performed for creating a container for any component or application
To download code, following commands are needed to be executed
To download code, following commands are needed to be executed
Code Block | ||||
---|---|---|---|---|
| ||||
Code Block | ||||
| ||||
$ repo init -u https://code.rdkcentral.com/r/manifests<url> -m <manifest file> rdkb-raspberrypi.xml -b morty-b <branch> $ repo sync -j4 --no-clone-bundle #Container Branch $ repo init -u https://code.rdkcentral.com/r/manifests -b rdkb-container -m rdkb-container.xml $ repo sync -j4 --no-clone-bundle--no-clone-bundle |
Create a *.xml file on the following path meta-cmf-raspberrypi/recipes-containers/lxc-container-generator/files/xml/*.xml
This xml file would describe the following parameters for an container generation
Code Block | ||
---|---|---|
| ||
<?xml version="1.0" encoding="ISO-8859-1"?>
<CONTAINER SandboxName="CONTAINER_FOLDER_NAME">
<LxcParams>
<LauncherName>"LAUNCHER_SCRIPT_NAME"</LauncherName>
<ExecName>"APPLICATION_NAME_WITH_PATH"</ExecName>
<ExecParams>"COMMAND_LINE_ARGUMENTS"</ExecParams>
<SystemdNotify create="yes">
<PidFile>"PID_FILE_WITH_PATH"</PidFile>
</SystemdNotify>
<StopFunction enable="true"></StopFunction>
</LxcParams>
<LxcConfig>
- <UserName>"USER_NAME"</UserName>
<GroupName>"GROUP_NAME"</GroupName>
<CGroupSettings>
<DeviceCgroup>
<DevicesDeny>a</DevicesDeny>
<AllowDefaultDevices enable="yes"/>
</DeviceCgroup>
</CGroupSettings>
<Environment>
<Variable>DBUS_SESSION_BUS_ADDRESS=unix:path=/var/run/dbus/system_bus_socket</Variable>
</Environment>
<Network type="none"></Network>
<Dbus enable="true"></Dbus>
<Rootfs create="yes">
<MountPoints>
<!-- /bin -->
<Entry type="file">
<Source>/bin/sh</Source>
<Destination>bin/sh</Destination>
<Options>ro,bind,nosuid,nodev</Options>
</Entry>
<!-- /proc -->
<Entry type="dir">
<Source>proc</Source>
<Destination>proc</Destination>
<FsType>proc</FsType>
<Options>defaults,noexec,nosuid,nodev,hidepid=2</Options>
</Entry>
</MountPoints>
<LibsRoBindMounts>
<Entry>ld</Entry>
<Entry>libtr181</Entry>
<Entry>libxml2</Entry>
<Entry>libz</Entry>
<Entry>libccsp_common</Entry>
</LibsRoBindMounts>
</Rootfs>
</LxcConfig>
</CONTAINER>
|
Code Block | ||||
---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="ISO-8859-1"?>
<CONTAINER SandboxName="PSMSSP">
<LxcParams>
<LauncherName>PsmSsp</LauncherName>
<ExecName>/usr/bin/PsmSsp</ExecName>
<ExecParams>-subsys eRT.</ExecParams>
<SystemdNotify create="yes">
<PidFile>/var/tmp/PsmSsp.pid</PidFile>
</SystemdNotify>
<StopFunction enable="true"></StopFunction>
</LxcParams>
<LxcConfig>
- <UserName>psm</UserName>
<GroupName>psm</GroupName>
<CGroupSettings>
<DeviceCgroup>
<DevicesDeny>a</DevicesDeny>
<AllowDefaultDevices enable="yes"/>
</DeviceCgroup>
</CGroupSettings>
<Environment>
<Variable>DBUS_SESSION_BUS_ADDRESS=unix:path=/var/run/dbus/system_bus_socket</Variable>
</Environment>
<Network type="none"></Network>
<Dbus enable="true"></Dbus>
<Rootfs create="yes">
<MountPoints>
<!-- /bin -->
<Entry type="file">
<Source>/bin/sh</Source>
<Destination>bin/sh</Destination>
<Options>ro,bind,nosuid,nodev</Options>
</Entry>
<Entry type="file">
<Source>/usr/bin/PsmSsp</Source>
<Destination>usr/bin/PsmSsp</Destination>
<Options>ro,bind,nosuid,nodev</Options>
</Entry>
<Entry type="file">
<Source>/bin/touch</Source>
<Destination>bin/touch</Destination>
<Options>ro,bind,nosuid,nodev</Options>
</Entry>
<Entry type="file">
<!--rdklogs-->
<Entry type="dir">
<Source>/rdklogs</Source>
<Destination>rdklogs</Destination>
<Options>rw,bind,noexec,nosuid</Options>
</Entry>
</MountPoints>
<LibsRoBindMounts>
<Entry>ld</Entry>
<Entry>libtr181</Entry>
<Entry>libxml2</Entry>
<Entry>libz</Entry>
<Entry>libccsp_common</Entry>
<Entry>libsyscfg</Entry>
<Entry>libsysevent</Entry>
...
<Entry>liblzma</Entry>
<Entry>libdl</Entry>
<Entry>libtinfo</Entry>
</LibsRoBindMounts>
</Rootfs>
</LxcConfig>
</CONTAINER> |
Include the lxc_conf_<NAME>.xml file on the bb file meta-cmf-raspberrypi/recipes-containers/lxc-container-generator/lxc-container-generator-native.bbappend
Code Block | ||
---|---|---|
| ||
#For example, Adding lxc_conf_Psm.xml to the recipie
SRC_URI_append = "${@bb.utils.contains('DISTRO_FEATURES', 'lxc-secure-containers-br', ' file://xml/lxc_conf_Psm.xml ', '', d)}"
do_install_append () {
${@bb.utils.contains('DISTRO_FEATURES', 'lxc-secure-containers-br', ' install_lxc_config secure lxc_conf_Psm.xml ', '', d)}
} |
Provide user permission for the new container to run as unprivileged , in meta-cmf-raspberrypi/recipes-core/images/add-users-groups-file-owners-and-permissions-broadband.inc
Following changes need to be added, new container which will create userid and groupid for container about to create with necessary permission
Code Block | ||
---|---|---|
| ||
EXTRA_USERS_PARAMS += "\
useradd -u <uid> -G dbusgrp -r -s /bin/false <container_user_name> ; \
ROOTFS_CHOWN_SETCAP += " -o <container_user_name>:<container_group_name> -m o-rwx /usr/bin/application_name \n"
---------------------------------------------------------------------------------------------------------------------
#Adding PSM permission
EXTRA_USERS_PARAMS += "\
useradd -u 703 -G dbusgrp -r -s /bin/false psm ; \
ROOTFS_CHOWN_SETCAP += " -o psm:psm -m o-rwx /usr/bin/PsmSsp \n" |
Dbus socket should allow the newly created conatiner to access system bus, to do so ,we need to add the conatiner user name to system.conf
Code Block | ||
---|---|---|
| ||
#Add the new user name in below line ,
sed -i '/allow user/c\<deny user="*"/>\n<allow user="ccspcr"/>\n<allow user="psm"/>\n<allow user="pandm"/>\n<allow user="ccspwifi"/>\n<allow user="USER_NAME"/>\n<allow user="ccsplmlite"/>\n<allow user="root"/>' ${D}/usr/share/dbus-1/system.conf
|
Go to the <workspace>
Code Block | ||
---|---|---|
| ||
$ cd <workspace> |
execute the following command:
...
The path is automatically directed to:
Code Block | ||
---|---|---|
| ||
<workspace>/build-raspberrypi-rdk-broadband-lxc/ |
Use the following command to compile the complete code:
...
Code Block | ||
---|---|---|
| ||
$ bitbake <component> -c compile -f |
...
Code Block | ||||
---|---|---|---|---|
| ||||
$ bitbake ccsp-dmcli -c compile -f |
...
<ImageName.rootfs.rpi-sdimg>
Ex:
Path:
Code Block | ||||
---|---|---|---|---|
| ||||
$ cd container-work/build-raspberrypi-rdk-broadband-lxc/tmp/deploy/images/ |
...
raspberrypi-rdk-broadband-lxcrdk-generic-broadband-lxc-image_default_20190327101556.rootfs.rpi-sdimg
...
Code Block | ||
---|---|---|
| ||
$ sudo dd if=<path to ImageName.rootfs.rpi-sdimg> of=<path to SD card space> bs=4M |
Ex:
Code Block | ||||
---|---|---|---|---|
| ||||
$ sudo dd if=rdkb-generic-broadband-image_default_20181026100202.rootfs.rpi-sdimg of=/dev/sdd bs=4M
|
The SD card is inserted to the Raspberry Pi board and booted to check for containers created.
The Raspberry Pi board is connected to the PC via a USB to serial converter and the logs can be checked in console or can be connected via HDMI cable to a TV and logs will be shown in the terminal
Steps/commands to be executed to check for successful container generation
1.Check for the container generated in the following path: :
Code Block | ||
---|---|---|
| ||
/container/<container_name>/ |
Three folders will be generated under <container_name>:
...
The above folders will be created automatically based on the xml files written in the workspace.Path :
Code Block | ||||
---|---|---|---|---|
| ||||
<workspace>/meta-cmf-raspberrypi/recipes-containers/lxc-container-generator/files/xml/<container.xml> |
...
Code Block | ||||
---|---|---|---|---|
| ||||
container-work/meta-cmf-raspberrypi/recipes-containers/lxc-container-generator/files/xml/lxc_conf_CcspPandMSsp.xml |
...
2.Check all the processes running in regard to lxc.
Code Block | ||
---|---|---|
| ||
$ ps -Af | grep lxc |
...
5530 | root | 0.00 | /usr/bin/lxc-execute -n PSMSSP -f /container/PSMSSP/conf/lxc.conf -- /usr/bin/PsmSsp -subsys eRT . |
5534 | psm | 0.00 | /init.lxc.static –gid 705 –uid 705 -- /usr/bin/PsmSsp -subsys eRT . |
6433 | root | 0.00 | /usr/bin/lxc-execute -n CCSPPANDM -f /container/CCSPPANDM/conf/lxc.conf -- /usr/bin/gw_prov_utopia |
6435 | pandm | 0.00 | /init.lxc.static –gid 706 –uid 706 -- /usr/bin/gw_prov_utopia |
6520 | root | 0.00 | /usr/bin/lxc-execute -n DBUS -f /container/DBUS/conf/lxc.conf -- /usr/bin/dbus-daemon –system –nofork –nopidfile –systemd-activation |
6532 | dbus | 0.00 | /init.lxc.static –gid 703 –uid 703 -- /usr/bin/dbus-daemon –system –nofork –nopidfile –systemd-activation |
6574 | root | 0.00 | /usr/bin/lxc-execute -n CCSPCR -f /container/CCSPCR/conf/lxc.conf -- /usr/bin/CcspCrSsp -subsys eRT . |
6577 | ccspcr | 0.00 | /init.lxc.static –gid 704 –uid 704 -- /usr/bin/CcspCrSsp -subsys eRT . |
6737 | root | 0.00 | grep lxc |
Due to some limitations in invoking wifi driver with container permission, ccspwifi container has to be run manually in latest environment with below procedure
...
1. Run respective container scripts to execute individual container when container fails in boot up process:
Code Block | ||
---|---|---|
| ||
$ sh /container/<Container Name>/launcher/<container.sh> start |
...
Code Block | ||||
---|---|---|---|---|
| ||||
$ sh /container/PSMSSP/launcher/PsmSsp.sh start |
...
Code Block | ||
---|---|---|
| ||
$ lxc-attach -n CCSPWIFI -f /container/CCSPWIFI/conf/lxc.conf |
Ex:
Code Block | ||||
---|---|---|---|---|
| ||||
$ lxc-attach -n CCSPWIFI -f /container/CCSPWIFI/conf/lxc.conf |
...
Component registrar acts as a centralized container for registration of all the component containers with their respective name, version, dbus path and namespace.
Useful commands for container execution
This command is used to quickly launch a container in an isolated environment. It mainly runs the specified command into the container via intermediate process lxc-init (forwards the received signal to starting command). Lxc-execute uses the configurations specified by the lxc-create process.Ex:
Code Block | ||||
---|---|---|---|---|
| ||||
$ lxc-execute -n DBUS -f /container/DBUS/conf/lxc.conf $ lxc-execute -n PSMSSP -f /container/PSMSSP/conf/lxc.conf $ lxc-execute -n CCSPPANDM -f /container/CCSPPANDM/conf/lxc.conf $ lxc-execute -n CCSPWIFI -f /container/CCSPWIFI/conf/lxc.conf $ lxc-execute -n CCSPCR -f /container/CCSPCR/conf/lxc.conf |
lxc-attach
This command attaches to the container namespace and run a specified command inside, the already executing container.
Ex:
Code Block | ||||
---|---|---|---|---|
| ||||
$ lxc-attach -n DBUS -f /container/DBUS/conf/lxc.conf $ lxc-attach -n PSMSSP -f /container/PSMSSP/conf/lxc.conf $ lxc-attach -n CCSPPANDM -f /container/CCSPPANDM/conf/lxc.conf $ lxc-attach -n CCSPWIFI -f /container/CCSPWIFI/conf/lxc.conf $ lxc-attach -n CCSPCR -f /container/CCSPCR/conf/lxc.conf |
hostapd
hostapd is software daemon used for turning the normal network interface to access point.
Ex:
Code Block | ||||
---|---|---|---|---|
| ||||
$ hostapd -B /nvram/hostapd0.conf |
...