Refactor docker swarm test and add support for modified MTU

- RunCVM nodes are launched on a custom network with a custom MTU
- Nodes detect their MTU, then launch dockerd --mtu accordingly
- Nodes create their own docker_gwbridge network with custom MTU
- After swarm init, primary node recreates ingress network
- Refactored test simplifies and standardises in-node docker.sh logic

Author: struanb

README.md

@@ -36,6 +36,14 @@ Gain another interactive console on `ubuntu1`:
 docker exec -it ubuntu1 bash
 ```
 
+Launch a 3-node Docker Swarm on a network with 9000 MTU and, on the swarm, an http global service:
+
+```console
+git clone https://github.com/newsnowlabs/runcvm.git && \
+cd runcvm/tests/00-http-docker-swarm && \
+./test
+```
+
 ## RunCVM-in-Portainer walk-through
 
 [![Playing around with RunCVM, a docker runtime plugin](https://i.ytimg.com/vi/OENaWDlCWKg/maxresdefault.jpg)](https://www.youtube.com/watch?v=OENaWDlCWKg "Playing around with RunCVM, a docker runtime plugin")
@@ -89,9 +97,7 @@ RunCVM is free and open-source, licensed under the Apache Licence, Version 2.0.
 - Run unusual container workloads, like `dockerd` and `systemd` that will not run in standard container runtimes
 - Maintain a similar experience within a RunCVM VM as within a container: process table, network interfaces, stdio, exit code handling should broadly similar to maximise compatibility
 - Container start/stop/kill semantics respected, where possible providing clean VM shutdown on stop
-- VM console accessible as one would expect using `docker run -it`, `docker start -ai` and `docker attach` (but stderr is not yet separated from stdout)
-- Support for `docker exec`
-- Good support for most other `docker container` subcommands
+- VM console accessible as one would expect using `docker run -it`, `docker start -ai` and `docker attach` (and so on), generally good support for other `docker container` subcommands
 - Efficient container startup, by using virtiofs to serve a container's filesystem directly to a VM (instead of unpacking an image into a backing file)
 - Improved security compared to the standard container runtime, and as much security as possible without compromising the simplicity of the implementation
 - Command-line and image-embedded options for customising the a container's VM specifications, devices, kernel
@@ -178,7 +184,7 @@ In the below summary of RunCVM's current main features and limitations, [+] is u
       - [-] Bind-mounting host sockets or devices, and `--device` is unsupported
    - Networking
       - [+] The default bridge network is supported
-      - [+] Custom/user-defined networks specified using `--network` are supported, including Docker DNS resolution of container names
+      - [+] Custom/user-defined networks specified using `--network` are supported, including Docker DNS resolution of container names and respect for custom network MTU
       - [+] `--publish` (or `-p`) is supported
       - [+] `--dns`, `--dns-option`, `--dns-search` are supported
       - [+] `--ip` is supported

tests/00-http-docker-swarm/node/Dockerfile

@@ -1,6 +1,6 @@
-FROM alpine
+FROM alpine:3.18
 
-RUN apk add --update docker bash curl
+RUN apk add --update --no-cache docker bash curl jq iproute2
 
 ADD docker.sh /usr/local/bin/
 

tests/00-http-docker-swarm/node/docker.sh

@@ -1,5 +1,9 @@
 #!/bin/bash
 
+log() {
+  echo "$1"
+}
+
 node_state() {
   NodeState=$(docker info --format '{{.Swarm.LocalNodeState}}')
   IsManager=$(docker info --format '{{.Swarm.ControlAvailable}}')
@@ -17,100 +21,136 @@ cgroupfs_mount() {
     mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
   fi
 
-  if true; then
-    (
-      cd /sys/fs/cgroup
-      for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
-        mkdir -p $sys
-	if ! mountpoint -q $sys; then
-	  if ! mount -n -t cgroup -o $sys cgroup $sys; then
-	    rmdir $sys || true
-	  fi
-	fi
-      done
-    )
-  fi
+  cd /sys/fs/cgroup
+  for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+    mkdir -p $sys
+    if ! mountpoint -q $sys; then
+      if ! mount -n -t cgroup -o $sys cgroup $sys; then
+        rmdir $sys || true
+      fi
+    fi
+  done
 
   if ! mountpoint -q /sys/fs/cgroup/unified; then
     mkdir -p /sys/fs/cgroup/unified
     mount -t cgroup2 cgroup2 /sys/fs/cgroup/unified
   fi
+
+  true
 }
 
-cgroupfs_mount || true
+cgroupfs_mount
 
 ulimit -u unlimited
 
 modprobe ip_vs
 
 h=$(hostname)
 
-while true; do dockerd >>/var/log/dockerd.log 2>&1; done &
+log "Checking network ..."
+DOCKER_IF=$(ip -json route show | jq -j '.[] | select(.dst == "default") | .dev')
+read -r DOCKER_IF_IP DOCKER_IF_MTU <<< \
+  $(ip -json addr show eth0 | jq -j '.[0] | .addr_info[0].local, " ", .mtu')
+
+log "- DOCKER_IF_IP=$DOCKER_IF_IP DOCKER_IF_MTU=$DOCKER_IF_MTU"
 
-echo "> ($h) Waiting for dockerd to start ..."
-while ! docker ps >/dev/null 2>&1; do
+# Start dockerd and keep it running
+log "Launching dockerd ..."
+while true; do dockerd --mtu $DOCKER_IF_MTU >>/var/log/dockerd.log 2>&1; done &
+
+for i in $(seq 1 10 | sort -nr)
+do
+  log "Waiting for dockerd to start (#$i) ..."
+  docker ps >/dev/null 2>1 && break
+  [ $i -eq 1 ] && exit 1
   sleep 0.5
 done
 
-echo "> ($h) dockerd started"
+log "dockerd started"
 
 node_state
-echo "> ($h) docker swarm: node state = $NodeState; manager=$IsManager"
+log "docker swarm: node state = $NodeState; manager=$IsManager"
+
+log "Creating docker_gwbridge network with MTU $DOCKER_IF_MTU"
+docker network create -d bridge \
+   --subnet 172.18.0.0/16 \
+   --opt com.docker.network.bridge.name=docker_gwbridge \
+   --opt com.docker.network.bridge.enable_icc=false \
+   --opt com.docker.network.bridge.enable_ip_masquerade=true \
+   --opt com.docker.network.driver.mtu=$DOCKER_IF_MTU \
+   docker_gwbridge
 
 if [ "$NodeState" = "inactive" ] || [ "$NodeState" = "pending" ]; then
 
-  if [ -f /swarm/worker ]; then
+  if [ "$NODE" != "1" ]; then
+
+    for i in $(seq 1 20 | sort -nr)
+    do
+      log "Waiting for swarm manager startup (#$i) ..."
+      [ -f /swarm/worker ] && break
+      [ $i -eq 1 ] && exit 1
+      sleep 1
+    done
   
-    while ! . /swarm/worker
+    log "Swarm manager has started up."
+    for i in $(seq 1 20 | sort -nr)
     do
+      log "Joining swarm (#$i) ..."
+      . /swarm/worker && break
+      [ $i -eq 1 ] && exit 1
       sleep 0.5
     done
     
-    echo "> ($h) Joined swarm!"
+    log "Joined swarm!"
     
   else
-    if docker swarm init >/dev/null; then
-      docker swarm join-token worker | grep docker >/swarm/worker
-      
-      echo "> ($h) Initialised swarm!"
-      
-      echo "> ($h) Sleeping 10s to wait for other nodes  ..."
-      sleep 10
-      
-      echo "> ($h) Listing nodes"
-      docker node ls
-      echo
-      
-      echo "> ($h) Creating 'http' service (please be patient) ..."
-      docker service create --name=http --mode=global -p 80:80 \
-        alpine ash -c 'apk update && apk add mini_httpd && mkdir -p /www && echo "<!DOCTYPE html>
-        <html lang="en">
-        <head>
-          <meta charset="utf-8" />
-          <title>hostname $HOSTNAME</title>
-        </head>
-        <body>
-         Server is online
-        </body>
-        </html>" >/www/index.html && mini_httpd -d /www -D -l /dev/stdout'
-      echo
-      
-      echo "> ($h) Itemising 'http' service ..."
-      docker service ps http
-      echo
-      
-      echo "> ($h) 'http' service launched"
+  
+    log "Initialising swarm ..."
+    if ! docker swarm init >/dev/null; then
+      log "Swarm initialisation FAILED!"
+      exit 1
     fi
+
+    log "Swarm initialised!"
+    
+    log "Removing default ingress ..."
+    echo y | docker network rm ingress
+    
+    log "Creating new ingress with MTU $DOCKER_IF_MTU"
+    docker network create \
+    --driver=overlay \
+    --ingress \
+    --subnet=10.0.0.0/24 \
+    --gateway=10.0.0.2 \
+    --opt com.docker.network.driver.mtu=$DOCKER_IF_MTU \
+    ingress
+    
+    log "Writing swarm 'join token' to shared storage and waiting for other nodes  ..."
+    docker swarm join-token worker | grep docker >/swarm/worker
+
+    for i in $(seq 1 30 | sort -nr)
+    do
+      nodes=$(docker node ls --format '{{json .}}' | wc -l)
+      log "Waiting for remaining $((NODES-nodes)) of $NODES nodes to join swarm (#$i) ..."
+      [ $nodes -eq $NODES ] && break
+      [ $i -eq 1 ] && log "Swarm failed!" && exit 1
+      sleep 1
+    done
+
+    log "Swarm nodes started:"
+    docker node ls
+    echo
+
+    # Log this trigger line last.
+    log "Swarm complete!"
+        
   fi
 fi
 
 node_state
 if [ "$NodeState" = "active" ] && [ "$IsManager" = "true" ]; then
-  echo "> ($h) Now running: docker service logs -n 0 -f http"
-  echo
-  docker service logs -n 0 -f http
+  log "Manager ready"
 fi
 
-echo "> ($h) Dropping to shell. Type CTRL+D to exit"
-echo
-bash -i
+log "Looping indefinitely ..."
+while true; do sleep infinity; done