You want to run docker on armv7l. There are no builds. You build it yourself. I build it on debian 10.
Dependencies:
- docker to build docker cli
- go1.14 (or higher) to build binaries
gcc-arm-linux-gnueabipackage- git://git.netfilter.org/iptables - there are two missing modules (addrtype and conntrack), docker cannot start without those
- https://github.com/containerd/containerd - container runtime, that's where containers will run
- https://github.com/docker/cli - docker cli
- https://github.com/moby/moby - docker daemon
- https://github.com/opencontainers/runc - tool to run containers, required by dockerd
- build_all_bins_for_armv7l.patch (see below) - build all containerd binaries for armv7l instead of containerd only
- Synology toolkit: https://github.com/SynologyOpenSource/pkgscripts-ng. You can download just toolkit files from here (base_env-6.2.txz ds.armada38x-6.2.dev.txz ds.armada38x-6.2.env.txz)
Clone everything, create folder for binaries and libs:
mkdir synology-docker && cd synology-docker
mkdir bin
mkdir lib
git clone <reponame>
Build dockerd:
cd moby
git checkout v20.10.5
make DOCKER_CROSSPLATFORMS=linux/arm/v5 cross
cp -rv bundles/cross/linux/arm/v5/dockerd-dev ../bin/dockerd
cd ..
Build runc without seccomp:
cd runc
git checkout 59ad417c14143ae6b34e9cf88cf3f6e9c6d5f9e8
# there will be an error because you didn't install gcc-arm-linux-gnueabihf package
# we don't need it, so just ignore the error and grab binary
make BUILDTAGS= localcross
cp -v runc-armel ../bin/runc
cd ..
Patch and build containerd:
cd containerd
git checkout a72fe7da21237815731386d6b73a0e93700112f9
patch Makefile build_all_bins_for_armv7l.patch
make binaries
cp -rv bin/* ../bin
cd ..
Build docker cli:
cd cli
git checkout v20.10.5
make -f docker.Makefile cross
cp build/docker-linux-arm ../bin/docker
cd ..
Follow Synology DSM Developer Guide to build iptables package (most likely there will be problems with DSM version detection) or do it without toolkit utility. Let's assume that unpacked toolchain is in ./build_env/ds.armada38x-6.2 directory:
mkdir ./build_env/ds.armada38x-6.2/source/
cp -r iptables ./build_env/ds.armada38x-6.2/source/
sudo chroot ./build_env/ds.armada38x-6.2
# you are chrooted
# CHROOT@ds.armada38x[/]#
cd source/iptables
git checkout v1.6.0
./autogen.sh
./configure --disable-devel --host=arm-unknown-linux-gnueabi
# make will throw an error, but it doesn't matter since we need only iptables extensions
make
exit
# not chrooted
cp -v build_env/ds.armada38x-6.2/source/iptables/extensions/libxt_{addrtype,conntrack}.so ../lib
Copy both iptables libs to /usr/lib/iptables/ on synology. You can start iptables service by enabling firewall service in settings or somehow figure out how to start it from console.
Copy binaries to /usr/local/bin
Run everything in different terminal sessions on synology as root:
containerd
echo 1 > /proc/sys/net/ipv4/ip_forward
synofirewall --enable
syno_iptables_common load_nat_mod
source /usr/syno/etc.defaults/iptables_modules_list
iptablestool --insmod docker ${KERNEL_MODULES_CORE} ${KERNEL_MODULES_COMMON} ${KERNEL_MODULES_NAT} ${IPV6_MODULES}
BRIDGE="stp.ko bridge.ko"
AUFS="aufs.ko"
IPTABLES="xt_conntrack.ko xt_addrtype.ko veth.ko"
MODULES="$BRIDGE $AUFS $IPTABLES"
for i in $MODULES; do
/sbin/insmod /lib/modules/$i
done
dockerd
Run something:
docker pull --platform linux/arm/7 alpine:3.12
docker run -it --rm -v /dev:/dev --network=host alpine:3.12
/ # cat /etc/alpine-release
3.12.4
/ # uname -a
Linux syn 3.10.105 #25426 SMP Tue May 12 04:42:24 CST 2020 armv7l Linux
/ # exit
root@syn:~# uname -a
Linux syn 3.10.105 #25426 SMP Tue May 12 04:42:24 CST 2020 armv7l GNU/Linux synology_armada38x_ds218j
Issues:
- no network unless --network=host
- weird issue with /dev/ptmx, has to mount /dev into container
- no seccomp
I was unable to compile runc with seccomp support in chroot. Note: Fedora has static libseccomp.
Running docker without seccomp means that container can make whatever syscall it wants. Don't use it in production.
Hi,
this is good article!!
Unfortunately, he writes to me:
[FATAL] Your Linux kernel version 3.2.40 is not supported for running docker. Please upgrade your kernel to 3.10.0 or newer.
Did you come across this when you tried?
My NAS:
Processor: Marvell PJ4Bv7 Processor rev 1 (v7l)
Hardware: Marvell Armada-370
Now i see i get another such error when my containerd starts
failed to load cni during init, please check CRI plugin status before setting up network for pods error="cni config load failed: no network config found in /etc/cni/net.d: cni plugin not initialized: failed to load cni config"
but containerd is started:
containerd successfully booted in 0.451770s
Start subscribing containerd event
Start event monitor
Start snapshots syncer
Start cni network conf syncer
Start streaming server
when i start the dockerd, docker say error:
[FATAL] Your Linux kernel version 3.2.40 is not supported for running docker. Please upgrade your kernel to 3.10.0 or newer.
Could I have ruined something? Can you help me?
Maybe I took down a bad armada system ... I'll try the 370 ... o ..
... oo. .. unfortunately, this did not solve either!
There was a mistake I don't know why.
The insmod not find aufs.ko,xt_conntrack.ko and xt_addrtype.ko, veth.ko.
When should these files be generated?
I will attach the output to see if anyone can help.
Thank you for replay
gebo