Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Start the buildkit daemon on demand (socket-activated) #9947

Closed
afbjorklund opened this issue Dec 13, 2020 · 6 comments · Fixed by #12081
Closed

Start the buildkit daemon on demand (socket-activated) #9947

afbjorklund opened this issue Dec 13, 2020 · 6 comments · Fixed by #12081
Assignees
Labels
co/runtime/containerd kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/backlog Higher priority than priority/awaiting-more-evidence.
Milestone

Comments

@afbjorklund
Copy link
Collaborator

afbjorklund commented Dec 13, 2020

Buildkit uses a server (daemon), so trying to use the buildkit client fails if it is not started:

error: failed to get status: rpc error: code = Unavailable desc = connection error: desc = "transport: error while dialing: dial unix /run/buildkit/buildkitd.sock: connect: no such file or directory"

See #9640 (and https://github.com/moby/buildkit#quick-start)

Currently the buildkitd has to be started manually, as there is no systemd unit for it.

$ sudo -b buildkitd
$ INFO[0000] auto snapshotter: using overlayfs            
WARN[0000] using host network as the default            
INFO[0000] found worker "p6bbje3hwqqbczwx909fjnaed", labels=map[org.mobyproject.buildkit.worker.executor:oci org.mobyproject.buildkit.worker.hostname:minikube org.mobyproject.buildkit.worker.snapshotter:overlayfs], platforms=[linux/amd64 linux/386] 
WARN[0000] using host network as the default            
INFO[0000] found worker "kgulhjepnr8a15fqgv0q4uag7", labels=map[org.mobyproject.buildkit.worker.executor:containerd org.mobyproject.buildkit.worker.hostname:minikube org.mobyproject.buildkit.worker.snapshotter:overlayfs], platforms=[linux/amd64 linux/386] 
INFO[0000] found 2 workers, default="p6bbje3hwqqbczwx909fjnaed" 
WARN[0000] currently, only the default worker can be used. 
INFO[0000] running server on /run/buildkit/buildkitd.sock

We should add a "buildkit.service" file for it, so that it can started/stopped/logged with systemd.

Similar to the current "containerd.service"


It would be nice if it was started automatically, using a systemd socket-activated service.

sudo systemctl enable buildkit.socket
sudo systemctl start buildkit.socket

This also allows setting group permissions, so that the socket can be accessed over a tunnel.

[Socket]
SocketMode=0660
SocketUser=root
SocketGroup=buildkit

Locally one can use sudo, but that doesn't work when using ssh tunnels to the unix socket.

unix:///run/buildkit/buildkitd.sock

error: failed to get status: rpc error: code = Unavailable desc = connection error: desc = "transport: error while dialing: dial unix /run/buildkit/buildkitd.sock: connect: permission denied"

Similar to the other runtimes:

Opened issues upstream:

See http://0pointer.de/blog/projects/socket-activated-containers.html

@afbjorklund afbjorklund added kind/feature Categorizes issue or PR as related to a new feature. co/runtime/containerd labels Dec 13, 2020
@afbjorklund
Copy link
Collaborator Author

afbjorklund commented Dec 13, 2020

You can see how this will work, if you look at podman in the current release:

            _         _ ( )           ( )           
  ___ ___  (_)  ___  (_)| |/')  _   _ | |_      __  
/' _ ` _ `\| |/' _ `\| || , <  ( ) ( )| '_`\  /'__`\
| ( ) ( ) || || ( ) || || |\`\ | (_) || |_) )(  ___/
(_) (_) (_)(_)(_) (_)(_)(_) (_)`\___/'(_,__/'`\____)

$ ps aux | grep podman
docker     81090  0.0  0.0   3320   416 pts/1    S+   22:09   0:00 grep podman
$ podman --remote --url unix:///run/podman/podman.sock version
Client:
Version:      2.2.1
API Version:  2.1.0
Go Version:   go1.13.15
Git Commit:   a0d478edea7f775b7ce32f8eb1a01e75374486cb
Built:        Fri Dec 11 09:17:24 2020
OS/Arch:      linux/amd64

Server:
Version:      2.2.1
API Version:  2.0.0
Go Version:   go1.13.15
Git Commit:   a0d478edea7f775b7ce32f8eb1a01e75374486cb
Built:        Fri Dec 11 09:17:24 2020
OS/Arch:      linux/amd64
$ ps aux | grep podman
root       81104  1.0  0.5 884544 34816 ?        Ssl  22:09   0:00 /usr/bin/podman --log-level=info system service
docker     81178  0.0  0.0   3320   420 pts/1    S+   22:09   0:00 grep podman

So podman was not running, but when we accessed the socket it started up.

● podman.service - Podman API Service
     Loaded: loaded (/usr/lib/systemd/system/podman.service; static; vendor preset: enabled)
     Active: inactive (dead) since Sun 2020-12-13 22:09:34 UTC; 1min 26s ago
TriggeredBy: ● podman.socket
● podman.socket - Podman API Socket
     Loaded: loaded (/usr/lib/systemd/system/podman.socket; enabled; vendor preset: enabled)
    Drop-In: /usr/lib/systemd/system/podman.socket.d
             └─override.conf
     Active: active (listening) since Sun 2020-12-13 14:43:26 UTC; 7h ago
   Triggers: ● podman.service

@tstromberg tstromberg added the priority/backlog Higher priority than priority/awaiting-more-evidence. label Dec 14, 2020
@afbjorklund
Copy link
Collaborator Author

afbjorklund commented Feb 11, 2021

Patch: https://patch-diff.githubusercontent.com/raw/moby/buildkit/pull/1924.patch

Currently requires the user to start the daemon themselves: sudo -b buildkitd

@afbjorklund
Copy link
Collaborator Author

Not available yet, in buildkit 0.8.x

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 5, 2021
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jul 5, 2021
@spowelljr spowelljr added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. labels Jul 14, 2021
@spowelljr spowelljr self-assigned this Jul 26, 2021
@spowelljr spowelljr added this to the 1.23.0 milestone Jul 26, 2021
@afbjorklund
Copy link
Collaborator Author

Seems to be working with 0.9.0, I opened a PR to set the mode to 660 instead of 666...

For minikube though, we probably want to add a group similar to the docker/podman ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
co/runtime/containerd kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/backlog Higher priority than priority/awaiting-more-evidence.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants