1. 构建环境
在麒麟V10服务器操作系统上构建:Kylin-Server-V10-GFB-Release-2204-Build03-ARM64.iso。
由于只是编译 podman 源码,没必要特地在物理机或服务上安装一个这样的操作系统,故采用在虚拟机里验证。
2. 安装依赖
参考资料: (https://podman.io/docs/installation#building-missing-dependencies) podman安装
2.1 安装基础包
yum install python3-pip pkg-config ninja-build cmake
pip3 install meson -i https://pypi.tuna.tsinghua.edu.cn/simple
2.2. 安装高版本的 go
系统自带的 go 版本不满足编译要求,需要安装高版本的go
wget https://go.dev/dl/go1.23.3.linux-arm64.tar.gz
tar -zxvf go1.23.3.linux-arm64.tar.gz -C /opt/
echo "export PATH=$PATH:/opt/go/bin" >> ~/.bashrc
source ~/.bashrc
卸载系统自带的低版本的go, yum remove go -y,这会卸载git,所以再安装一次git
安装git , yum install -y git
2.3. 安装conmon
git clone https://github.com/containers/conmon
cd conmon
export GOCACHE="$(mktemp -d)"
make
sudo make podman
2.4. 安装runc
git clone https://github.com/opencontainers/runc.git
cd runc
make BUILDTAGS="selinux seccomp" #报错,解决方法在错误1
sudo cp runc /usr/bin/runc
2.5. 安装slirp4netns
wget https://github.com/rootless-containers/slirp4netns/archive/refs/tags/v1.3.1.zip
unzip v1.3.1.zip
cd slirp4netns-1.3.1
./autogen.sh
./configure # 报错,解决方法在错误2
make
make install
2.6. 安装netavark
netavark 依赖 rust, protoc, go
wget https://github.com/containers/netavark/archive/refs/tags/v1.13.0.zip
unzip v1.13.0.zip
cd netavark-1.13.0
make # 报错,解决方法在错误3
make install
3. 编译安装podman
从git下载源代码:
wget https://github.com/containers/podman/archive/refs/tags/v5.3.1.zip
unzip v5.3.1.zip
cd podman-5.3.1
make BUILDTAGS="selinux seccomp" PREFIX=/usr
make install PREFIX=/usr
4. 添加配置
sudo mkdir -p /etc/containers
sudo curl -L -o /etc/containers/registries.conf https://raw.githubusercontent.com/containers/image/main/registries.conf
sudo curl -L -o /etc/containers/policy.json https://raw.githubusercontent.com/containers/image/main/default-policy.json
参考 https://podman.io/docs/installation#building-missing-dependencies 中 Configuration files章节:
4.1 修改配置 registries.conf
添加:
unqualified-search-registries = ["docker.io"]
[[registry]]
location="localhost:5000" # 自己私有镜像仓库地址或国内镜像仓库地址
insecure=true
4.2 修改policy.json
添加:
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports":
{
"docker-daemon":
{
"": [{"type":"insecureAcceptAnything"}]
}
}
}
4.3 修改网络配置
参考 设置网络模式
为了在启动容器时保证使用的是slirp4netns网络模式,添加配置文件:
mkdir -p /etc/containers/containers.conf
添加:
[network]
default_rootless_network_cmd = "slirp4netns"
5. 验证
podman 基本命令执行正常
podman version
Client: Podman Engine
Version: 5.3.1
API Version: 5.3.1
Go Version: go1.23.3
Built: Sun Nov 24 20:13:35 2024
OS/Arch: linux/arm64
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# podman info
.....
设置环境变量消除警告:
echo "export PODMAN_IGNORE_CGROUPSV1_WARNING=1" >> ~/.bashrc
source ~/.bashrc
新建一个Dockerfile文件:
FROM centos:7
RUN <<EOF
#!/bin/bash -ex
yum makecache
yum install -y wget curl tar tree vim git python3-pip ninja-build gcc gcc-c++
yum clean all
EOF
WORKDIR /root
CMD ["/bin/bash"]
执行 podman build -t test . 新建一个镜像报错
STEP 4/6: RUN <<EOF (#!/bin/bash -ex...)
error running container: from /usr/bin/runc creating container for [/bin/sh -c /bin/bash -ex /dev/pipes/buildahheredoc3982280730]: time="2024-11-26T14:59:37+08:00" level=error msg="runc create failed: invalid mount &{Source:/var/tmp/buildah2198621294/mnt/buildah-bind-target-10 Destination:/dev/pipes/buildahheredoc3982280730 Device:bind Flags:20480 ClearedFlags:1 PropagationFlags:[278528] Data:z,Z Relabel: RecAttr:<nil> Extensions:0 IDMapping:<nil>}: bind mounts cannot have any filesystem-specific options applied"
: exit status 1ERRO[0015] did not get container create message from subprocess: EOF
Error: building at STEP "RUN <<EOF": while running runtime: exit status 1
从报错看是容器运行时 runc 执行出了问题,查看 https://podman.io/docs/installation#building-missing-dependencies 的 Install runtime dependencies , 让安装的 容器运行时是 crun,但后面的步骤又是安装 runc,podman info 看到的 ociRuntime 是 runc, 这里不纠结了,直接从 git 下载crun 源码编译安装:
git clone https://github.com/containers/crun.git
cd crun
./autogen.sh
./configure --prefix=/usr/ # 这里报错,需要安装yajl-devel, systemd-devel
make -j4 && make install
再次执行 podman build -t test . 成功, 这里没去深究了,猜测是 runc不支持 EOF语法
新建镜像和容器:
[root@localhost crun]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/test latest ef1c61187ffc 7 minutes ago 1.1 GB
[root@localhost crun]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost crun]# podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
83c018b47440 localhost/test:latest /bin/bash 22 seconds ago Exited (127) 10 seconds ago test
至此完成 !!!
6. buildah 工具
参考 buildah工具
Buildah 是一个用于构建 OCI 和 Docker 容器镜像的工具,旨在提供一种灵活且高效的方式来创建和管理容器镜像, 不依赖于守护进程。
Buildah run 相当执行containerfile文件中的 RUN,是更底层的。
从git 源码下载:
git clone https://github.com/containers/buildah.git
cd buildah
make && make install
错误
错误1:
编译runc报错:
找不到libseccomp.pc
安装 libseccomp-devel, yum install -y libseccomp-devel
错误2:
编译slirp4netns报错: 缺少slirp
依赖slirp,但是官方源上没有,自己从git下载编译
git clone -b v4.8.0 https://gitlab.freedesktop.org/slirp/libslirp.git
meson setup build -Dprefix=/usr/
meson compile -C build
meson install -C build
缺少:libcap
安装libcap-devel, yum install -y libcap-devel
错误3:
编译netavark报错,报当前系统自带的 cargo 1.29.0 版本不支持edition特性,版本太低导致
由于cargo 是同 rust一起安装的,rustc --version 是1.29.0
安装 rust有两种方式:
1. 在线安装:
使用中科大源:
echo "export RUSTUP_DIST_SERVER=https://mirrors.ustc.edu.cn/rust-static" >> ~/.bashrc
echo "export RUSTUP_UPDATE_ROOT=https://mirrors.ustc.edu.cn/rust-static/rustup" >> ~/.bashrc
source .bashrc
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env
查看cargo 版本和安装位置
which cargo
/root/.cargo/bin/cargo
cargo --version
cargo 1.82.0 (8f40fc59f 2024-08-21)
2. 从git 上拉取rust源代码,自己编译高版本的rust
参考 rust源码编译安装
git clone https://github.com/rust-lang/rust.git
cd rust
git checkout 1.82.0
python x.py build #这里经常会失败,可以手动先下载包
python x.py install
可以在科学上网的情况下先手动下载包:
wget https://static.rust-lang.org/dist/2024-09-05/rust-std-1.81.0-aarch64-unknown-linux-gnu.tar.xz
wget https://static.rust-lang.org/dist/2024-09-05/rustc-1.81.0-aarch64-unknown-linux-gnu.tar.xz
wget https://static.rust-lang.org/dist/2024-09-05/rust-std-1.81.0-aarch64-unknown-linux-gnu.tar.xz
放到: rust-1.82.0/build/cache/2024-09-05/下
如果是下载的v1.82.0.zip解压编译,不是zip包解压的可以忽略,编译会报错,另外zip包缺少.git文件夹,导致 无法下载子模块,我的解决办法是把git上这个项目的.git目录复制到解压目录下:
thread 'main' panicked at src/core/config/config.rs:2803:10:
called `Result::unwrap()` on an `Err` value: "command did not execute successfully: cd \"/root/xqs/rust-1.82.0\" && env -u GIT_ALTERNATE_OBJECT_DIRECTORIES -u GIT_DIR -u GIT_INDEX_FILE -u GIT_OBJECT_DIRECTORY -u GIT_WORK_TREE \"git\" \"rev-list\" \"--author=bors@rust-lang.org\" \"-n1\" \"--first-parent\" \"HEAD\"\nexpected success, got: exit status: 128\n"
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Build completed unsuccessfully in 0:09:25
更换国内源, 新建/root/.cargo.config,添加如下内容
[source.crates-io]
replace-with = 'ustc'
[source.ustc]
registry = "https://mirrors.ustc.edu.cn/crates.io-index"
再次python x.py build
git clone 的直接看这后面
报错:
CMake Error at CMakeLists.txt:3 (cmake_minimum_required):
CMake 3.20.0 or higher is required. You are running version 3.12.1
需要安装更高版本的CMake
从git 上下载源码编译安装:
先安装依赖 openssl-devel, yum install -y openssl-devel
wget https://github.com/Kitware/CMake/archive/refs/tags/v3.31.1.zip
unzip v3.31.1.zip
cd CMake-3.31.1
./configure --prefix=/usr/
make && make install
继续报错,gcc 版本太低,需要自己编译安装高版本的gcc, 网上资料很多,这里不在说明。
CMake Error at cmake/modules/CheckCompilerVersion.cmake:37 (message):
Host GCC version must be at least 7.4, your version is 7.3.0.
Call Stack (most recent call first):
cmake/modules/CheckCompilerVersion.cmake:47 (check_compiler_version)
cmake/config-ix.cmake:16 (include)
CMakeLists.txt:949 (include)
protoc 编译安装
系统自带的protoc 版本为 3.9.0,如果系统不自带也需要自己安装, 针对比 2204 更高的版本
protoc --version
libprotoc 3.9.0
可以下载高版本的protoc 安装
wget https://github.com/protocolbuffers/protobuf/releases/download/v28.3/protoc-28.3-linux-aarch_64.zip
unzip protoc-28.3-linux-aarch_64.zip
cp -af ./bin/protoc /usr/bin/
