134 lines
4.6 KiB
Org Mode
134 lines
4.6 KiB
Org Mode
#+TITLE: Running web assembly in containers
|
|
#+AUTHOR: James Blair
|
|
#+DATE: <2023-01-31 Tue 13:00>
|
|
|
|
|
|
In our recent [[https://www.redhat.com/en/blog/red-hat-and-webassembly][blog post]] on Web Assembly we highlighted the implementation of WASM support into the [[https://github.com/containers/crun/][crun]] Open Container Initiative (OCI) runtime. This change paves the way for Podman and OpenShift to run WASM workloads alongside our traditional container workloads.
|
|
|
|
This demo will step through how WASM modules can be run alongside traditional workloads in Podman.
|
|
|
|
|
|
* Install wasm runtime
|
|
|
|
Our first pre-requisite step is to ensure our machine has a WASM runtime installed. For this demo we will use [[https://wasmedge.org/][WasmEdge]].
|
|
|
|
Run the code block below to install WasmEdge into the ~/usr/local/~ dir using the project install script.
|
|
|
|
#+NAME: Install wasmedge
|
|
#+begin_src tmate :socket /tmp/james.tmate.tmate
|
|
# Install via script
|
|
curl -sSf https://raw.githubusercontent.com/WasmEdge/WasmEdge/master/utils/install.sh | sudo bash -s -- -p /usr/local
|
|
|
|
# Verify installed version
|
|
wasmedge --version
|
|
#+end_src
|
|
|
|
|
|
* Compile crun with wasm support
|
|
|
|
Once ~wasmedge~ is available we then need to ensure we have a version of ~crun~ available that has support for WASM. In my case I needed to download and compile a newer release including the ~--with-wasmedge~ compile flag.
|
|
|
|
We need to start with installing compile dependencies, these are listed [[https://github.com/containers/crun#ubuntu][here]] in the official docs.
|
|
|
|
#+NAME: Install compile dependencies
|
|
#+begin_src tmate :socket /tmp/james.tmate.tmate
|
|
sudo apt-get install --yes make git gcc build-essential pkgconf libtool libsystemd-dev libprotobuf-c-dev libcap-dev libseccomp-dev libyajl-dev libgcrypt20-dev go-md2man autoconf python3 automake
|
|
#+end_src
|
|
|
|
|
|
Once the required dependencies are present on our system we can clone down the source and compile it with the additional wasmedge flag.
|
|
|
|
#+NAME: Compile crun with wasmedge
|
|
#+begin_src tmate :socket /tmp/james.tmate.tmate
|
|
# Clone the crun source
|
|
git clone https://github.com/containers/crun && cd crun
|
|
|
|
# Compile with wasm flag
|
|
./autogen.sh
|
|
./configure --with-wasmedge
|
|
make
|
|
sudo make install && cd ../ && rm -rf crun
|
|
#+end_src
|
|
|
|
|
|
If everything worked correctly we can see the ~+WASM:wasmedge~ flag in our crun version information:
|
|
|
|
#+NAME: Check crun flags
|
|
#+begin_src tmate :socket /tmp/james.tmate.tmate
|
|
crun --version
|
|
#+end_src
|
|
|
|
The output should look something like the example below:
|
|
|
|
#+begin_src bash
|
|
crun version 1.7.2.0.0.0.80-940b
|
|
commit: 940bf973f144c81149cf05135f127ca6f0d19eb6
|
|
rundir: /run/user/1000/crun
|
|
spec: 1.0.0
|
|
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +WASM:wasmedge +YAJL
|
|
#+end_src
|
|
|
|
|
|
* Compile a wasm example application
|
|
|
|
With our system setup let's compile a hello world in rust to ~.wasm~ so we can then run it with our container engine.
|
|
|
|
#+begin_src tmate :socket /tmp/james.tmate.tmate
|
|
# Create new rust project
|
|
rm -rf hello_wasm && cargo new hello_wasm --bin && cd hello_wasm
|
|
|
|
# Customise the main function
|
|
sed -i 's/world/openshift meetup/g' src/main.rs
|
|
cat src/main.rs
|
|
|
|
# Ensure we have rust wasm tooling installed
|
|
rustup target add wasm32-wasi
|
|
|
|
# Compile to the wasm target
|
|
cargo build --target wasm32-wasi
|
|
#+end_src
|
|
|
|
|
|
We can run it directly with our ~wasmedge~ runtime to verify everything worked.
|
|
|
|
#+NAME: Run wasm binary directly
|
|
#+begin_src tmate :socket /tmp/james.tmate.tmate
|
|
wasmedge target/wasm32-wasi/debug/hello_wasm.wasm
|
|
#+end_src
|
|
|
|
|
|
* Build a wasm container
|
|
|
|
Awesome, we have a compiled ~.wasm~ portable binary. Lets build this into an OCI compliant image so that our container engine can run it like a traditional container.
|
|
|
|
#+NAME: Build wasm container
|
|
#+begin_src tmate :socket /tmp/james.tmate.tmate
|
|
# Review contents of included containerfile
|
|
cd ../ && cat Containerfile
|
|
|
|
# Build the container with buildah
|
|
buildah build --annotation "module.wasm.image/variant=compat" -t mywasm-image .
|
|
#+end_src
|
|
|
|
|
|
The interesting thing about wasm container images is just how small they can potentially be as the image doesn't contain any operating system or libraries, literally just our portable ~.wasm~ file.
|
|
|
|
If we take a look at the image we just built it's only a couple of megabytes!
|
|
|
|
#+NAME: Check image size
|
|
#+begin_src tmate :socket /tmp/james.tmate.tmate
|
|
podman images | grep wasm
|
|
#+end_src
|
|
|
|
|
|
* Running a wasm container
|
|
|
|
Now that we have a container image built let's run it with Podman.
|
|
|
|
Note that we need to ensure Podman is pointing at our customised container runtime that has WASM support, this can be done via either configuration file or cli parameter.
|
|
|
|
#+NAME: Run container image
|
|
#+begin_src tmate
|
|
podman --runtime /usr/local/bin/crun run -t --rm localhost/mywasm-image:latest
|
|
#+end_src
|