rkt
sudo su
Running the latest rkt binary
wget https://github.com/rkt/rkt/releases/download/v1.30.0/rkt-v1.30.0.tar.gz
tar xzvf rkt-v1.30.0.tar.gz
echo 'export PATH="/home/hadoop/rkt-v1.30.0:$PATH"' >> /etc/bash.bashrc
source ~/.bashrc
rkt help
Configuring a rkt host
Once rkt is present on a machine, some optional configuration steps can make it easier to operate.
Optional: Set up privilege separation
sudo groupadd rkt
export WHOAMI=$(whoami); sudo gpasswd -a $WHOAMI rkt
sudo scripts/setup-data-dir.sh
Trust the signing key to validate unprivileged fetches
sudo rkt trust --prefix coreos.com/etcd
Fetch an image as an unprivileged member of the rkt group
sudo rkt fetch coreos.com/etcd:v3.1.7
image: keys already exist for prefix "coreos.com/etcd", not fetching again
Downloading signature: [=======================================] 490 B/490 B
Downloading ACI: [=============================================] 9.47 MB/9.47 MB
image: signature verified:
CoreOS Application Signing Key <security@coreos.com>
sha512-e7a54697d04ddae899ed1bfd263235cb
Success! Now rkt can fetch and download images as an unprivileged user.
rkt basics
Building an App Container Image
rkt's native image format is the App Container Image (ACI), defined in the App Container spec. The acbuild tool is a simple way to get started building ACIs. The appc build repository has resources for building ACIs from a number of popular applications.
The docker2aci tool [converts Docker images to ACIs][https://github.com/appc/docker2aci], or rkt can [convert images directly from Docker registries on the fly][https://github.com/rkt/rkt/blob/master/Documentation/running-docker-images.md].
Running an ACI with rkt
rkt run coreos.com/etcd:v3.1.7
stage1: warning: no volume specified for mount point "data-dir", implicitly creating an "empty" volume. This volume will be removed when the pod is garbage-collected.
stage1: warning: no volume specified for mount point "data-dir", implicitly creating an "empty" volume. This volume will be removed when the pod is garbage-collected.
^]^]Container rkt-812930dc-f08d-453b-9ccb-5591ccc5f3df terminated by signal KILL.
Running the container by ACI hash
rkt run sha512-e7a54697d04ddae899ed1bfd263235cb
stage1: warning: no volume specified for mount point "data-dir", implicitly creating an "empty" volume. This volume will be removed when the pod is garbage-collected.
stage1: warning: no volume specified for mount point "data-dir", implicitly creating an "empty" volume. This volume will be removed when the pod is garbage-collected.
^]^]Container rkt-812930dc-f08d-453b-9ccb-5591ccc5f3df terminated by signal KILL.
Running the container by ACI URL
rkt run https://github.com/coreos/etcd/releases/download/v3.1.7/etcd-v3.1.7-linux-amd64.aci
stage1: warning: no volume specified for mount point "data-dir", implicitly creating an "empty" volume. This volume will be removed when the pod is garbage-collected.
stage1: warning: no volume specified for mount point "data-dir", implicitly creating an "empty" volume. This volume will be removed when the pod is garbage-collected.
^]^]Container rkt-fb4159c8-b749-4408-9737-0e69ab4b04ff terminated by signal KILL.
Running Docker images with rkt
rkt --insecure-options=image run docker://redis --net=host
Downloading sha256:89340f6074d [=============================] 403 B / 403 B
Downloading sha256:4d0d76e05f3 [=============================] 30.1 MB / 30.1 MB
Downloading sha256:cfbf30a55ec [=============================] 2.09 KB / 2.09 KB
Downloading sha256:497bf119beb [=============================] 99 B / 99 B
Downloading sha256:82648e31640 [=============================] 982 KB / 982 KB
Downloading sha256:fb7ace35d55 [=============================] 8.31 MB / 8.31 MB
stage1: warning: no volume specified for mount point "volume-data", implicitly creating an "empty" volume. This volume will be removed when the pod is garbage-collected.
stage1: Docker converted image, initializing implicit volume with data contained at the mount point "volume-data".
stage1: warning: no volume specified for mount point "volume-data", implicitly creating an "empty" volume. This volume will be removed when the pod is garbage-collected.
stage1: Docker converted image, initializing implicit volume with data contained at the mount point "volume-data".
[10657.811785] redis[6]: 6:C 12 Jun 15:56:22.283 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
[10657.815711] redis[6]: 6:C 12 Jun 15:56:22.287 # Redis version=4.0.9, bits=64, commit=00000000, modified=0, pid=6, just started
[10657.816479] redis[6]: 6:C 12 Jun 15:56:22.288 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
[10657.818175] redis[6]: 6:M 12 Jun 15:56:22.290 * Increased maximum number of open files to 10032 (it was originally set to 1024).
[10657.818870] redis[6]: 6:M 12 Jun 15:56:22.292 * Running mode=standalone, port=6379.
[10657.824059] redis[6]: 6:M 12 Jun 15:56:22.292 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
[10657.824398] redis[6]: 6:M 12 Jun 15:56:22.296 # Server initialized
[10657.824669] redis[6]: 6:M 12 Jun 15:56:22.296 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
[10657.824917] redis[6]: 6:M 12 Jun 15:56:22.296 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
[10657.825189] redis[6]: 6:M 12 Jun 15:56:22.296 * Ready to accept connections
Verify redis
sudo apt install redis-tools -y
redis-cli
127.0.0.1:6379> set foo bar
OK
127.0.0.1:6379> get foo
"bar"
Exiting rkt pods
Repeating the ^] escape character three times kills the pod and detaches from its console to return to the user's shell.