You want to run docker on armv7l. There are no builds. You build it yourself. I build it on debian 10.
Dependencies:
- docker to build docker cli
- go1.14 (or higher) to build binaries
gcc-arm-linux-gnueabipackage- git://git.netfilter.org/iptables - there are two missing modules (addrtype and conntrack), docker cannot start without those
- https://github.com/containerd/containerd - container runtime, that's where containers will run
- https://github.com/docker/cli - docker cli
- https://github.com/moby/moby - docker daemon
- https://github.com/opencontainers/runc - tool to run containers, required by dockerd
- build_all_bins_for_armv7l.patch (see below) - build all containerd binaries for armv7l instead of containerd only
- Synology toolkit: https://github.com/SynologyOpenSource/pkgscripts-ng. You can download just toolkit files from here (base_env-6.2.txz ds.armada38x-6.2.dev.txz ds.armada38x-6.2.env.txz)
Clone everything, create folder for binaries and libs:
mkdir synology-docker && cd synology-docker
mkdir bin
mkdir lib
git clone <reponame>
Build dockerd:
cd moby
git checkout v20.10.5
make DOCKER_CROSSPLATFORMS=linux/arm/v5 cross
cp -rv bundles/cross/linux/arm/v5/dockerd-dev ../bin/dockerd
cd ..
Build runc without seccomp:
cd runc
git checkout 59ad417c14143ae6b34e9cf88cf3f6e9c6d5f9e8
# there will be an error because you didn't install gcc-arm-linux-gnueabihf package
# we don't need it, so just ignore the error and grab binary
make BUILDTAGS= localcross
cp -v runc-armel ../bin/runc
cd ..
Patch and build containerd:
cd containerd
git checkout a72fe7da21237815731386d6b73a0e93700112f9
patch Makefile build_all_bins_for_armv7l.patch
make binaries
cp -rv bin/* ../bin
cd ..
Build docker cli:
cd cli
git checkout v20.10.5
make -f docker.Makefile cross
cp build/docker-linux-arm ../bin/docker
cd ..
Follow Synology DSM Developer Guide to build iptables package (most likely there will be problems with DSM version detection) or do it without toolkit utility. Let's assume that unpacked toolchain is in ./build_env/ds.armada38x-6.2 directory:
mkdir ./build_env/ds.armada38x-6.2/source/
cp -r iptables ./build_env/ds.armada38x-6.2/source/
sudo chroot ./build_env/ds.armada38x-6.2
# you are chrooted
# [email protected][/]#
cd source/iptables
git checkout v1.6.0
./autogen.sh
./configure --disable-devel --host=arm-unknown-linux-gnueabi
# make will throw an error, but it doesn't matter since we need only iptables extensions
make
exit
# not chrooted
cp -v build_env/ds.armada38x-6.2/source/iptables/extensions/libxt_{addrtype,conntrack}.so ../lib
Copy both iptables libs to /usr/lib/iptables/ on synology. You can start iptables service by enabling firewall service in settings or somehow figure out how to start it from console.
Copy binaries to /usr/local/bin
Run everything in different terminal sessions on synology as root:
containerd
echo 1 > /proc/sys/net/ipv4/ip_forward
synofirewall --enable
syno_iptables_common load_nat_mod
source /usr/syno/etc.defaults/iptables_modules_list
iptablestool --insmod docker ${KERNEL_MODULES_CORE} ${KERNEL_MODULES_COMMON} ${KERNEL_MODULES_NAT} ${IPV6_MODULES}
BRIDGE="stp.ko bridge.ko"
AUFS="aufs.ko"
IPTABLES="xt_conntrack.ko xt_addrtype.ko veth.ko"
MODULES="$BRIDGE $AUFS $IPTABLES"
for i in $MODULES; do
/sbin/insmod /lib/modules/$i
done
dockerd
Run something:
docker pull --platform linux/arm/7 alpine:3.12
docker run -it --rm -v /dev:/dev --network=host alpine:3.12
/ # cat /etc/alpine-release
3.12.4
/ # uname -a
Linux syn 3.10.105 #25426 SMP Tue May 12 04:42:24 CST 2020 armv7l Linux
/ # exit
root@syn:~# uname -a
Linux syn 3.10.105 #25426 SMP Tue May 12 04:42:24 CST 2020 armv7l GNU/Linux synology_armada38x_ds218j
Issues:
- no network unless --network=host
- weird issue with /dev/ptmx, has to mount /dev into container
- no seccomp
I was unable to compile runc with seccomp support in chroot. Note: Fedora has static libseccomp.
Running docker without seccomp means that container can make whatever syscall it wants. Don't use it in production.
My DSM version 6.2.4-25556
Thanks,
gebo