Public | Automated Build

Last pushed: 3 months ago
Short Description
Installs Solarflare's OpenOnload userspace networking stack into various OS flavors.
Full Description

docker-onload

docker-onload provides a Dockerfile which installs Solarflare's OpenOnload into various OS flavors. Find it on the Docker Hub: https://hub.docker.com/r/neomantra/onload/

See changes in the CHANGELOG.

Supported Docker Hub tags and respective Dockerfile links

NOTE Since version 201606-u1, Docker Hub hosts images tagged as a -nozf variant. These are built from Dockerfile.nozf, without support for TCPDirect (aka ZF).

Launching Onload-enabled containers

For OpenOnload versions >= 201606, to expose the host and onload to this container, run like so:

docker run --net=host --device=/dev/onload --device=/dev/onload_epoll --device=/dev/onload_cplane -it ONLOAD_ENABLED_IMAGE_ID [COMMAND] [ARG...]

For OpenOnload versions < 201606, to expose the host and onload to this container, run like so:

docker run --net=host --device=/dev/onload --device=/dev/onload_epoll -it ONLOAD_ENABLED_IMAGE_ID [COMMAND] [ARG...]

The difference is that version 201606 introduced the device /dev/onload_cplane.

Here's a bash one-liner for extracting the OpenOnload version year:
onload --version | awk 'NR == 1 {print substr($2, 1, 4)}'

Cavets

  • Host networking must be used: --net=host

  • The following devices must be exported: --device=/dev/onload --device=/dev/onload_epoll --device=/dev/onload_cplane

  • The host's onload --version must be the same as the container's.

  • Stack Sharing: If a container and the host must share an Onload stack, both should use EF_SHARE_WITH=-1 to avoid a current limitation in OpenOnload. Note this disables the stack sharing security feature.

  • Due to a current limitation with OpenOnload, you should run with EF_USE_HUGE_PAGES=0 if you share Onload stacks.

TCPDirect

In OpenOnload 201606-u1, Solarflare introducted a new kernel-bypass networking API named TCPDirect.

To run TCPDirect applications in a container, an addition device must be exported:
--device=/dev/sfc_char

TCPDirect is under a different license than OpenOnload; its binaries may not be distributed.
Thus, we have introduced a -nozf
variant for images hosted on Docker Hub.

You are free to build and deploy TCPDirect-enabled images yourself with the regular Dockerfiles, for example:

git clone https://github.com/neomantra/docker-onload.git
cd docker-onload
docker build -f xenial/Dockerfile -t neomantra/onload:201606-u1-xenial .

Customizing

Dockerfiles are provided for the following base systems, selecting the Dockerfile path with -f:

Each system folder has a Dockerfile and Dockerfile.nozf.

The following are the available build-time options. They can be set using the --build-arg CLI argument, like so:

docker build --build-arg ONLOAD_VERSION="201509" --build-arg ONLOAD_MD5SUM="b093ea9f3a534c9c9fe9da6c2b6ccb7a" -f trusty/Dockerfile .

The Dockerfile downloads specific versions from openonload.org using the following ARG settings:

Key Default Description
ONLOAD_VERSION "201606-u1.3" The version of OpenOnload to download.
ONLOAD_MD5SUM "4313539336d14df264e5b945486f9e92" The MD5 checksum of the download.

If you change the ONLOAD_VERSION, you must also change ONLOAD_MD5SUM to match. Note that Docker is only supported by OpenOnload since version 201502.

License

Copyright (c) 2017 neomantra BV

Released under the MIT License, see LICENSE.txt

Docker Pull Command
Owner
neomantra
Source Repository

Comments (0)