You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 16 Next »


Introduction

 The purpose of this section is to describe the  new implemented solution to have a secure containerized RDK build on emulator. This implementation done from the reference of

Raspberry pi platform.

The intent of this page is to be used as a walk-through to all the relevant information present in the section.



Implementation details

   Containers layer - meta-rdk-containers:    

  •     Consists of main container image(rdk-generic-hybrid-lxc-image).
  •     Latest "lxc-container-generator" has been added for container generation at do_rootfs stage.
  •     Distro feature and latest lxc version updated in qemux86hybsecure.conf.

    Emulator layer - meta-rdk-bsp-emulator:

  •        Added emulator specific package groups and plugins to the container image.

    New Container generation process:

     This subsection describes how the new container generation process is replacing the earlier process.

  •       In this process containers will be generated using  "lxc-container-generator"  recipe, which will use corresponding .xml files to generate containers.
  •       All  dependencies(such as required binaries,libraries,script files) will be provided in each container .XML file.
  •       For permissions of files  "add-users-groups-file-owners-and-permissions.inc" file has been added.
  •       At rootfs stage containers will be generated in /container path of rootfs.
  •       Each container will consists of corresponding script (.sh) file for launching that particular container.
  •       Every process will be launched from corresponding component service file. Single (or) multiple processes can be launched/attached to container.

   XML and conf files:

  •     All required XML and configuration files are placed along with lxc-container-generator recipe in meta-rdk-bsp-emulator layer.

  Service files:     

  •   In platformcontrol container: 

                 Three service files added for launching corresponding processes inside container (sysmgr.service, irmgr.service and dsmgr.service) .        

  •   In rmfstreamer container:

                 rmfstreamer.service file has been added.

Implemented containers

Platformcontrol

  • runs sysmgr,irmgr and dsmgr processes.
  • sysmgr will be launched in new container using lxc-execute.
  • irmgr and dsmgr processes has been attached to same container using lxc-attach.

Rmfstreamer

  •  runs rmfstreamer.
  •  rmfstreamer will be launched in new container using lxc-execute.


Building procedure

  •     repo init -u https://code.rdkcentral.com/r/manifests -b rdk-next -m rdkv-asp-extsrc.xml
  •     repo sync --no-tags
  •     source meta-cmf-bsp-emulator/setup-environment
  •     meta-rdk-containers/conf/machine/qemux86hybsecure.conf
  •     bitbake rdk-generic-hybrid-lxc-image


DEBUG Logs

  • strace can give more debug information about containers:

          Example:
          strace -f -o lxc-execute.log /usr/bin/lxc-attach -n PLATFORMCONTROL -f /container/PLATFORMCONTROL/conf/lxc.conf -u 704 -g 704  -- /usr/bin/dsMgrMain

  • lxc-execute.log for debugging purpose.


Test cases

  •    RMFAPP can be used to verify rmfstreamer container.
  • No labels

DISCLAIMER: Please note that the use of the RDK Wiki is subject to its Privacy Policy & Terms of Use. In addition, this Wiki may be accessed by all RDK licensees and their contractors.