Not Safe From Wolves

10 minutes with runc (getting PHP 5.6 on Ubuntu 12.04)

It’s DockerCon season and one of the announcements was runc, the first deliverable from Omni Consumer Products the Open Container Project.

It’s underdocumented, so I had a play with it, and here’s a dump of how to get an Ubuntu Vivid Verdet running, with PHP and a document root exposed from the outside. This is enough to use a newer PHP version while keeping your machine on an LTS (even on the previous LTS, as I was doing thing on a 12.04 VM in Canada).

Get and build runc. You will need a go installation, and I found the instructions for runc weren’t quite enough, here’s what I did:

git clone https://github.com/opencontainers/runc.git
cd runc
go get github.com/tools/godep
godep get # I needed this. It errors, but that's okay/
make

So, you should have a runc binary now, verify with ./runc -help. Also, runc really likes to either be on the path or be called with an absolute path. Assuming you don’t want to install it, from here on in I’ll call it absolutely.

Next up: we need an Ubuntu environment with PHP and Apache. We can use debootstrap(8) for this:

sudo /usr/sbin/debootstrap --variant=minbase --include=libapache2-mod-php5 \
--no-check-gpg --no-check-certificate vivid /vivid

And then we’ll need a script to run as PID 1. If we’re not using an init, something like this will do:

#!/bin/sh
. /etc/apache2/envvars
exec apache2 -DFOREGROUND

I’ll call it doit.sh and put it in the root of the new Ubuntu environment, so /vivid/doit.sh.

We’ll need a container.json file. This isn’t documented yet, as far as I can see, but perusing the source and playing got me this gist:

This is mostly like the example, except I’ve chosen not to use a network or uts namespace (I’m happy for it to share with my VM), and I’ve added the DAC_OVERRIDE capability – this is what lets root open files it doesn’t own, and the Ubuntu packaged Apache requires it. I’ve also created a bind mount from /var/www/html within the container to /www on my host VM. This needs to exist, and I’ll put a basic index.php in, too:

<?php phpinfo();

… and that’s it! Let’s run it:

sudo `pwd`/runc

If you don’t already have a web server running on port 80 of your host, you can now visit your hosts IP and see the PHP info page, being served from your new container:

phpinfo

If you want to make it work on boot, an upstart job like this will do it:

start on local-filesystems
stop on deconfiguring-networking
respawn
chdir /home/aaron/Repo/runc
exec /home/aaron/Repo/runc/runc

I’ll post more as I learn more.

This is archived content. New updates will appear on insom.github.io.