Running Potluck Images with containerd

This post is a continuation of the small PoC that describes how to manually run a Potluck image directly with runj and describes how Potluck images can be run via containerd.

The Potluck container image library wants to provide complex services out of the box, like e.g. a complete postfix secondary mailserver which also is used in this example.

Installing containerd

We reuse the VM from the runj PoC, so let’s start it and directly connect to the console:

$ vm start -f runjvm

All the following commands are executed inside the VM:

$ cd /usr/ports/sysutils/containerd && make install clean

It is suggested that you also install a tool like screen or tmux.

Start containerd

Start tmux or screen and start the daemon:

$ containerd

Then open a new terminal so you can execute the following commands.

Test Basic Setup

Optionally, you can now easily test the containerd environment according to Samuel Karp’s post to check if everything is working:

$ ctr image pull --snapshotter zfs
$ ctr run \
    --snapshotter zfs \
    --runtime wtf.sbk.runj.v1 \
    --rm \ \
    my-container-id \
    sh -c 'echo "Hello from the container!"'

Convert and Start Postfix From Potluck

Prepare OCI Image

Download the latest Backup MX Postfix Potluck image (which contains a zfs send blob) and create the ZFS filesystem from it:

$ curl > pfix.xz
$ xzcat pfix.xz | zfs recv -F zroot/pfix

Create a tarball from the filesystem:

$ cd /zroot/pfix/m && tar cf /root/postfix.tar . && cd
$ xz postfix.tar

Create an OCI image:

$ runj demo oci-image --input postfix.tar.xz

Import the image and check if it is registered:

$ ctr image import --index-name postfix image.tar
$ ctr image ls

Run Image in containerd

Start the image with two parameters that are passed into the image (see image documentation):

$ ctr run \
    --snapshotter zfs \
    --runtime wtf.sbk.runj.v1 \
    --rm \
    postfix \
    my-postfix \
    /usr/local/bin/cook -d mydomain.tld -h myhostname

Now only the network configuration needs to happen to expose the postfix SMTP port to the outside world.