{"id":16506387,"url":"https://github.com/neomantra/docker-onload","last_synced_at":"2025-03-16T18:32:31.118Z","repository":{"id":136461986,"uuid":"55941721","full_name":"neomantra/docker-onload","owner":"neomantra","description":"Docker tooling for Solarflare's OpenOnload","archived":false,"fork":false,"pushed_at":"2024-06-30T05:58:18.000Z","size":115,"stargazers_count":25,"open_issues_count":2,"forks_count":9,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-16T04:51:07.303Z","etag":null,"topics":["docker","dockerfile","onload"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/neomantra/onload/","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/neomantra.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-04-11T04:29:58.000Z","updated_at":"2025-02-22T09:08:13.000Z","dependencies_parsed_at":"2023-11-14T13:44:30.530Z","dependency_job_id":"8ec616c1-18d9-4a2d-8beb-c38570a51f0a","html_url":"https://github.com/neomantra/docker-onload","commit_stats":null,"previous_names":[],"tags_count":22,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/neomantra%2Fdocker-onload","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/neomantra%2Fdocker-onload/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/neomantra%2Fdocker-onload/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/neomantra%2Fdocker-onload/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/neomantra","download_url":"https://codeload.github.com/neomantra/docker-onload/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243910676,"owners_count":20367546,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","dockerfile","onload"],"created_at":"2024-10-11T15:19:30.424Z","updated_at":"2025-03-16T18:32:27.406Z","avatar_url":"https://github.com/neomantra.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# docker-onload\n\n[![GitHub Docker Build Action](https://github.com/neomantra/docker-onload/actions/workflows/publish-docker.yml/badge.svg)](https://github.com/neomantra/docker-onload/actions/workflows/publish-docker.yml) \n\n`docker-onload` provides a Dockerfile which installs Solarflare's [OpenOnload](https://github.com/Xilinx-CNS/onload) into various OS flavors. Find it on the Docker Hub: https://hub.docker.com/r/neomantra/onload/\n\nSee changes in the [CHANGELOG](https://github.com/neomantra/docker-onload/blob/master/CHANGELOG.md).\n\nThe `onload` image is built with `ONLOAD_WITHZF` set, thus without support for [TCPDirect](#tcpdirect) (aka ZF).  This is due to licensing restrictions.\n\n----\n\n## Supported Docker Hub tags for image `neomantra/onload` and respective `Dockerfile` links\n\nThese unversioned image tags currently map to **7.1.3.202**:\n\n- [`centos7` (*centos7/Dockerfile*)](https://github.com/neomantra/docker-onload/blob/master/centos7/Dockerfile)\n- [`centos8` (*centos8/Dockerfile*)](https://github.com/neomantra/docker-onload/blob/master/centos8/Dockerfile)\n- [`stretch` (*stretch/Dockerfile*)](https://github.com/neomantra/docker-onload/blob/master/stretch/Dockerfile)\n- [`buster` (*buster/Dockerfile*)](https://github.com/neomantra/docker-onload/blob/master/buster/Dockerfile)\n- [`trusty` (*trusty/Dockerfile*)](https://github.com/neomantra/docker-onload/blob/master/trusty/Dockerfile)\n- [`xenial` (*xenial/Dockerfile*)](https://github.com/neomantra/docker-onload/blob/master/xenial/Dockerfile)\n- [`bionic` (*bionic/Dockerfile*)](https://github.com/neomantra/docker-onload/blob/master/bionic/Dockerfile)\n- [`focal` (*focal/Dockerfile*)](https://github.com/neomantra/docker-onload/blob/master/focal/Dockerfile)\n- [`jammy` (*jammy/Dockerfile*)](https://github.com/neomantra/docker-onload/blob/master/jammy/Dockerfile)\n- [`noble` (*noble/Dockerfile*)](https://github.com/neomantra/docker-onload/blob/master/noble/Dockerfile)\n\nThe following versioned tags are available:\n- **8.1.3.40**\n- **8.1.2.26**\n- **8.1.1.17**\n- **8.1.0.15**\n- For **7.1.3.202**\n  - `7.1.3.202-bionic`\n  - `7.1.3.202-bullseye`\n  - `7.1.3.202-buster`\n  - `7.1.3.202-centos7`\n  - `7.1.3.202-centos8`\n  - `7.1.3.202-focal`\n  - `7.1.3.202-jammy`\n  - `7.1.3.202-stretch`\n  - `7.1.3.202-trusty`\n  - `7.1.3.202-xenial`\n- For **7.1.2.141**\n  - `7.1.2.141-bionic`\n  - `7.1.2.141-bullseye`\n  - `7.1.2.141-buster`\n  - `7.1.2.141-centos7`\n  - `7.1.2.141-centos8`\n  - `7.1.2.141-focal`\n  - `7.1.2.141-jammy`\n  - `7.1.2.141-stretch`\n  - `7.1.2.141-trusty`\n  - `7.1.2.141-xenial`\n\n\u003cdetails\u003e\n  \u003csummary\u003eOlder Tags\u003c/summary\u003e\n\n- `7.1.0.265-centos7-nozf`\n- `7.1.0.265-centos8-nozf`\n- `7.1.0.265-precise-nozf`\n- `7.1.0.265-trusty-nozf`\n- `7.1.0.265-stretch-nozf`\n- `7.1.0.265-xenial-nozf`\n- `7.1.0.265-bionic-nozf`\n- `7.1.0.265-cosmic-nozf`\n- `7.1.0.265-disco-nozf`\n- `7.1.0.265-focal-nozf`\n- `7.1.0.265-buster-nozf`\n- `7.0.0.176-centos-nozf`\n- `7.0.0.176-precise-nozf`\n- `7.0.0.176-trusty-nozf`\n- `7.0.0.176-stretch-nozf`\n- `7.0.0.176-xenial-nozf`\n- `7.0.0.176-bionic-nozf`\n- `7.0.0.176-cosmic-nozf`\n- `7.0.0.176-disco-nozf`\n- `7.0.0.176-focal-nozf`\n- `7.0.0.176-buster-nozf`\n- `201811-u1-centos-nozf`\n- `201811-u1-precise-nozf`\n- `201811-u1-trusty-nozf`\n- `201811-u1-stretch-nozf`\n- `201811-u1-xenial-nozf`\n- `201811-u1-bionic-nozf`\n- `201811-u1-cosmic-nozf`\n- `201811-u1-disco-nozf`\n- `201811-centos-nozf`\n- `201811-precise-nozf`\n- `201811-trusty-nozf`\n- `201811-stretch-nozf`\n- `201811-xenial-nozf`\n- `201811-bionic-nozf`\n- `201811-cosmic-nozf`\n- `201805-u1-centos-nozf`\n- `201805-u1-precise-nozf`\n- `201805-u1-trusty-nozf`\n- `201805-u1-stretch-nozf`\n- `201805-u1-xenial-nozf`\n- `201805-u1-bionic-nozf`\n- `201805-u1-cosmic-nozf`\n- `201805-centos-nozf`\n- `201805-precise-nozf`\n- `201805-trusty-nozf`\n- `201805-stretch-nozf`\n- `201805-xenial-nozf`\n- `201805-bionic-nozf`\n- `201710-u1.1-centos-nozf`\n- `201710-u1.1-precise-nozf`\n- `201710-u1.1-trusty-nozf`\n- `201710-u1.1-stretch-nozf`\n- `201710-u1.1-xenial-nozf`\n- `201710-u1.1-bionic-nozf`\n- `201710-u1-centos-nozf`\n- `201710-u1-precise-nozf`\n- `201710-u1-trusty-nozf`\n- `201710-u1-stretch-nozf`\n- `201710-u1-xenial-nozf`\n- `201710-centos-nozf`\n- `201710-precise-nozf`\n- `201710-trusty-nozf`\n- `201710-stretch-nozf`\n- `201710-xenial-nozf`\n- `201606-u1.3-centos-nozf`\n- `201606-u1.3-precise-nozf`\n- `201606-u1.3-trusty-nozf`\n- `201606-u1.3-xenial-nozf`\n- `201606-u1.2-centos-nozf`\n- `201606-u1.2-precise-nozf`\n- `201606-u1.2-trusty-nozf`\n- `201606-u1.2-xenial-nozf`\n- `201606-u1.1-centos-nozf`\n- `201606-u1.1-precise-nozf`\n- `201606-u1.1-trusty-nozf`\n- `201606-u1.1-xenial-nozf`\n- `201606-u1-centos-nozf`\n- `201606-u1-precise-nozf`\n- `201606-u1-trusty-nozf`\n- `201606-u1-xenial-nozf`\n- `201606-centos`\n- `201606-precise`\n- `201606-trusty`\n- `201606-xenial`\n- `201509-u1-centos`\n- `201509-u1-precise`\n- `201509-u1-trusty`\n- `201509-u1-xenial`\n\n\u003c/details\u003e\n\u003cbr\u003e\n\n----\n\n## Launching Onload-enabled containers\n\nOnload-enabled contaiers require exposing the host network and onload devices, so run like so:\n```\ndocker run --net=host --device=/dev/onload --device=/dev/onload_epoll -it ONLOAD_ENABLED_IMAGE_ID [COMMAND] [ARG...]\n```\n\nThe OpenOnload `201606` series also requires `--device=/dev/onload_cplane`.  Using `ef_vi` or [TCPDirect](#tcpdirect) requires `--device=/dev/sfc_char`.\n\nHere's a bash one-liner for extracting the OpenOnload version year:\n`onload --version | awk 'NR == 1 {print substr($2, 1, 4)}'`\n\n## Cavets\n\n * Host networking must be used: `--net=host`\n\n * The following devices must be exported: `--device=/dev/onload --device=/dev/onload_epoll`.\n\n * The OpenOnload `201606` series also requires `--device=/dev/onload_cplane`.\n\n * Using `ef_vi` or [TCPDirect](#tcpdirect) requires `--device=/dev/sfc_char`.\n\n * The host's `onload --version` must be the same as the container's.\n\n * *Stack Sharing*: If a container and the host must share an Onload stack, both should use `EF_SHARE_WITH=-1` to avoid a current limitation in OpenOnload.  Note this disables the stack sharing security feature.\n\n * Due to a current limitation with OpenOnload, you should run with `EF_USE_HUGE_PAGES=0` if you share Onload stacks.\n\n * Some libraries, such as [jemalloc](http://jemalloc.net/) need to invoke syscalls at startup.  This can cause infinite loops because the OpenOnload acceleration also needs malloc (via dlsym); see jemalloc issues [443](https://github.com/jemalloc/jemalloc/issues/443) and [1426](https://github.com/jemalloc/jemalloc/issues/1426).  This can be alleviated by setting `ONLOAD_DISABLE_SYSCALL_HOOK=1`; note you will also need to set `ONLOAD_USERSPACE_ID` to match the unpatched driver version. **NOTE:** This may have been fixed in `7.0.0.176`: \"SF-122792-KI/bug62297: avoid hang at app startup with jemalloc\".\n\n * These OpenOnload builds default to using `-march` and `-mtune` based on the CPU-type of the build machine.  This might not be optimial or runnable on your runtime platform.  A future release will allow this to be specified as Docker build arguments.\n\n\n## TCPDirect\n\nIn OpenOnload 201606-u1, Solarflare introducted a new kernel-bypass networking API named *TCPDirect*.\n\nTo run TCPDirect applications in a container, an addition device must be exported:\n`--device=/dev/sfc_char`\n\nTCPDirect is under a different license than OpenOnload; its binaries may not be distributed.\nThus, the `onload` public image on [Docker Hub](https://hub.docker.com/r/neomantra/onload/) does not have TCPDirect\nsupport.\n\nYou are free to build and deploy TCPDirect-enabled images yourself with the regular Dockerfiles.\nTo do so, set the build argument `ONLOAD_WITHZF` to a non-empty string (the Dockerfile checks `[ -z ${ONLOAD_WITHZF} ]`).\nFor example:\n\n```\ngit clone https://github.com/neomantra/docker-onload.git\ncd docker-onload\ndocker build --build-arg ONLOAD_WITHZF=1 -f xenial/Dockerfile -t neomantra/onload:201606-u1-xenial .\n```\n\n## Image Building Helper Script\n\nThe Ruby script `build_onload_image.rb` helps generate command lines for building Onload images.\n\n```\n$ ./build_onload_image.rb --help\nbuild_onload_image.rb [options]\n\nACTIONS\n    --versions                show list of onload version name (use with -v to show all fields)\n    --flavors                 show list of image flavors\n    --gettag     \u003cprefix\u003e     show the autotag name of --autotag \u003cprefix\u003e\n\n    --build                   show docker build command\n    --execute                 execute docker build command\n\nOPTIONS\n    --flavor   -f  \u003cflavor\u003e   specify build \u003cflavor\u003e (required for --build or --execute)\n    --onload   -o  \u003cversion\u003e  specify onload \u003cversion\u003e to build (default is 'latest')\n\n    --url      -u \u003curl\u003e       Override URL for \"packaged\" versions.\n\n    --tag      -t \u003ctag\u003e       tag image as \u003ctag\u003e\n    --autotag  -a \u003cprefix\u003e    tag image as \u003cprefix\u003e\u003cversion\u003e-\u003cflavor\u003e[-nozf]. \n                              \u003cprefix\u003e is optional, but note without a \u003cprefix\u003e with colon,\n                              the autotag will be a name not an image-name:tag\n\n    --zf          \u003ctruthy\u003e    build with TCPDirect (zf)  (or not, if optional \u003ctruthy\u003e is '0' or 'false')\n\n    --arg          \u003carg\u003e      pass '--build-arg \u003carg\u003e' to \"docker build\"\n\n    --quiet    -q             build quietly (pass -q to \"docker build\")\n    --no-cache                pass --no-cache to \"docker build\"\n\n    --execute  -x             also execute the build line\n\n    --push     -p             push the built image\n\n    --verbose  -v             verbose output\n    --help     -h             show this help\n```\n\nExample usage:\n\n```\n./build_onload_image.rb -o 7.1.1.75 --arg foo -f buster --zf --execute\n```\n\nThere are also `build_all_flavors.sh` and `build_all_images.sh`.\n\n## Customized Image Building\n\nDockerfiles are provided for the following base systems, selecting the Dockerfile path with `-f`:\n\n * [CentOS 7](https://github.com/neomantra/docker-onload/centos7/Dockerfile) (`centos7/Dockerfile`)\n * [CentOS 8](https://github.com/neomantra/docker-onload/centos8/Dockerfile) (`centos8/Dockerfile`)\n * [Debian Stretch](https://github.com/neomantra/docker-onload/stretch/Dockerfile) (`stretch/Dockerfile`)\n * [Debian Buster](https://github.com/neomantra/docker-onload/buster/Dockerfile) (`buster/Dockerfile`)\n * [Ubuntu Trusty](https://github.com/neomantra/docker-onload/trusty/Dockerfile) (`trusty/Dockerfile`)\n * [Ubuntu Xenial](https://github.com/neomantra/docker-onload/xenial/Dockerfile) (`xenial/Dockerfile`)\n * [Ubuntu Bionic](https://github.com/neomantra/docker-onload/bionic/Dockerfile) (`bionic/Dockerfile`)\n * [Ubuntu Focal](https://github.com/neomantra/docker-onload/focal/Dockerfile) (`focal/Dockerfile`)\n * [Ubuntu Jammy](https://github.com/neomantra/docker-onload/jammy/Dockerfile) (`jammy/Dockerfile`)\n\nEach system folder has a `Dockerfile`.\n \nThe following are the available build-time options. They can be set using the `--build-arg` CLI argument, like so:\n\n```\ndocker build --build-arg ONLOAD_VERSION=\"201509\" --build-arg ONLOAD_MD5SUM=\"b093ea9f3a534c9c9fe9da6c2b6ccb7a\" -f trusty/Dockerfile .\n```\n\nThe Dockerfile downloads specific versions from [openonload.org](https://openonload.org \"openonload.org\") using the following `ARG` settings:\n\n| Key  | Default | Description |\n:----- | :-----: |:----------- |\n|ONLOAD_VERSION | \"7.1.3.202\" |The version of OpenOnload to download. |\n|ONLOAD_MD5SUM | \"6153f93f03c65b4d091e9247c195b58c\" |The MD5 checksum of the download. |\n|ONLOAD_GIT_REF | \"\" | If set, build from this Git Reference (currently `bullseye` only). |\n|ONLOAD_GIT_URL | https://github.com/Xilinx-CNS/onload.git | If building from git, which the URL of the repo to clone from |\n|ONLOAD_PACKAGE_URL | (see below) | If set, it will download and unzip the tarball from the newer packaging. |\n|ONLOAD_LEGACY_URL | (see below) | Download the OpenOnload tarball from this URL, `ONLOAD_PACKAGE_URL` has priority. |\n|ONLOAD_WITHZF | |Set to non-empty to include TCPDirect. |\n|ONLOAD_DISABLE_SYSCALL_HOOK | |Set to non-empty to disables hooking the syscall function from libc. |\n|ONLOAD_USERSPACE_ID | |Set to non-empty to specify the userspace build md5sum ID. |\n\n`ONLOAD_PACKAGE_URL` defaults to https://support-nic.xilinx.com/wp/onload?sd=SF-109585-LS-37\u0026pe=SF-122921-DH-6\n\n`ONLOAD_LEGACY_URL` defaults to https://www.openonload.org/download/openonload-${ONLOAD_VERSION}.tgz.   If you want to build from a legacy (non-packaged) URL, you must also set `ONLOAD_PACKAGE_URL` to `''` (empty string).\n\nIf you change the `ONLOAD_VERSION`, you must also change `ONLOAD_MD5SUM` to match. Note that Docker is only supported by OpenOnload since version 201502.\n\nIf you patch OpenOnload, you must specify `ONLOAD_USERSPACE_ID` to match the ID of the driver.  It can be found in the build tree at `./build/gnu_x86_64/lib/transport/ip/uk_intf_ver.h`. The following are driver interface IDs we have recorded:\n\n| OpenOnload Version | Driver Interface ID |\n:----------- |:------------------- |\n| 8.1.3.40   | c71e5318f0cc60edbe8fb390bb778a5d |\n| 8.1.2.26   | 55285faa7791a719ba067d52108964c4 |\n| 7.1.3.202  | 278944a898989bf53d1f06e1e3397749 |\n| 7.1.2.141  | 1d52732765feca797791b9668b14fb4e |\n| 7.1.1.75   | 65869c81c4a7f92b75316cf88446a9f1 |\n| 7.1.0.265  | d9857bc9bddb5c6abdeb3f22d69b21d1 |\n| 7.0.0.176  | 6ac17472788a64c61013f3d7ed9ae4c9 |\n| 201811     | 357bb6508f1e324ea32da88f948efafa |\n| 201811-u1  | 2d850c0cd0616655dc3e31c7937acaf7 |\n\n## Building from Onload Git repo\n\nAn initial `bullseye` Dockerfile is available for building from [upstream GitHub](https://github.com/Xilinx-CNS/onload.git), rather than pre-packaged releases:\n\n```\ndocker build --build-arg ONLOAD_GIT_REF=master -f bullseye/Dockerfile .\n```\n\n## License\n\nCopyright (c) 2015-2024 Neomantra BV\n\nReleased under the MIT License, see LICENSE.txt\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fneomantra%2Fdocker-onload","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fneomantra%2Fdocker-onload","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fneomantra%2Fdocker-onload/lists"}