Forem: Bart Guijt The latest articles on Forem by Bart Guijt (@bguijt). https://forem.com/bguijt https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1255341%2Ffc6df971-4e21-4b38-ab0d-e7483d1b6874.jpeg Forem: Bart Guijt https://forem.com/bguijt en Howto: WASM runtimes in Docker / Colima Bart Guijt Fri, 12 Jan 2024 18:37:15 +0000 https://forem.com/bguijt/howto-wasm-runtimes-in-docker-colima-52c2 https://forem.com/bguijt/howto-wasm-runtimes-in-docker-colima-52c2 <h1> TL;DR </h1> <p>I could not find any guide how to add WASM container capability to Docker running on <a href="https://github.com/abiosoft/colima">Colima</a>. This guide provides a few Colima templates for exactly this, which adds <a href="https://wasmedge.org">WasmEdge</a>, <a href="https://wasmtime.dev">Wasmtime</a> and <a href="https://wasmer.io">Wasmer</a> runtime types.</p> <h1> Context </h1> <p>Instead of installing <a href="https://www.docker.com/products/docker-desktop/">Docker Desktop</a> and <a href="https://docs.docker.com/desktop/wasm/">enabling the WASM features</a> I decided to see how I could add WASM runtime capabilities to a Colima setup. Colima is a great alternative to Docker Desktop if the licensing terms prevent you from using it.</p> <p>Forgive me for not explaining everything from scratch, I just finished the last (and best) template and I needed to write it down so I could share it.</p> <h1> Three alternative Colima templates </h1> <p>I created these three Colima templates:</p> <ol> <li> <code>colima-crun-wasmedge</code>: Use the 'crun' runtime to launch WASM containers in WasmEdge;</li> <li> <code>colima-runwasi-git</code>: Use the <a href="https://github.com/containerd/runwasi">Runwasi</a> WASM shims in containerd to launch WASM containers in WasmEdge, Wasmtime or Wasmer, where the Runwasi shims are compiled from git master;</li> <li> <code>colima-runwasi</code>: Same as <code>colima-runwasi-git</code>, but uses the latest releases of the Runwasi shims instead of building them.</li> </ol> <h1> <code>colima-crun-wasmedge</code> </h1> <p>This was my first trial of getting WASM containers to work. To enable running WASM loads, <a href="https://github.com/containers/crun">crun</a> needs to be compiled with WasmEdge (or Wasmtime) support. I could only get WasmEdge working, but the basic idea is the same.</p> <p>Here is the template (edit the Colima template with <code>$ colima template</code>). I added comments to the parts relevant for the WASM config, other comments are removed for brevity:</p> <h2> Template </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">cpu</span><span class="pi">:</span> <span class="m">4</span> <span class="na">disk</span><span class="pi">:</span> <span class="m">60</span> <span class="na">memory</span><span class="pi">:</span> <span class="m">12</span> <span class="na">arch</span><span class="pi">:</span> <span class="s">host</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">colima</span> <span class="na">autoActivate</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">forwardAgent</span><span class="pi">:</span> <span class="kc">false</span> <span class="c1"># I only tested this with 'docker', not 'containerd':</span> <span class="na">runtime</span><span class="pi">:</span> <span class="s">docker</span> <span class="na">kubernetes</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">version</span><span class="pi">:</span> <span class="s">v1.24.3+k3s1</span> <span class="na">k3sArgs</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">network</span><span class="pi">:</span> <span class="na">address</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">dns</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">dnsHosts</span><span class="pi">:</span> <span class="na">host.docker.internal</span><span class="pi">:</span> <span class="s">host.lima.internal</span> <span class="c1"># Added:</span> <span class="c1"># - containerd-snapshotter: true (meaning containerd will be used for pulling images)</span> <span class="c1"># - default-runtime / runtimes: crun (instead of the default 'runc')</span> <span class="na">docker</span><span class="pi">:</span> <span class="na">default-runtime</span><span class="pi">:</span> <span class="s">crun</span> <span class="na">features</span><span class="pi">:</span> <span class="na">buildkit</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">containerd-snapshotter</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">runtimes</span><span class="pi">:</span> <span class="na">crun</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/usr/local/bin/crun</span> <span class="na">vmType</span><span class="pi">:</span> <span class="s">vz</span> <span class="na">rosetta</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">mountType</span><span class="pi">:</span> <span class="s">virtiofs</span> <span class="na">mountInotify</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">cpuType</span><span class="pi">:</span> <span class="s">host</span> <span class="c1"># This provisioning script installs WasmEdge and builds crun with wasmedge support:</span> <span class="na">provision</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">system</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">[ -f /etc/docker/daemon.json ] &amp;&amp; echo "Already provisioned!" &amp;&amp; exit 0</span> <span class="s">echo "Install system updates:"</span> <span class="s">apt-get update -y</span> <span class="s">apt-get upgrade -y</span> <span class="s">echo "Install WasmEdge and crun dependencies:"</span> <span class="s"># NOTE: packages curl git python3 already installed:</span> <span class="s">apt-get install -y make gcc build-essential pkgconf libtool libsystemd-dev libprotobuf-c-dev libcap-dev libseccomp-dev libyajl-dev libgcrypt20-dev go-md2man autoconf automake criu xz-utils</span> <span class="s">apt-get clean -y</span> <span class="pi">-</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">user</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">[ -f /etc/docker/daemon.json ] &amp;&amp; echo "Already provisioned!" &amp;&amp; exit 0</span> <span class="s">echo "Installing WasmEdge:"</span> <span class="s">curl -sSf https://raw.githubusercontent.com/WasmEdge/WasmEdge/master/utils/install.sh | sudo bash -s -- -p /usr/local</span> <span class="s">echo</span> <span class="s">echo "`wasmedge -v` installed!"</span> <span class="s"># NOTE: I failed to configure Wasmtime properly - turned off for now:</span> <span class="s">#echo "Installing Wasmtime:"</span> <span class="s">#curl -sSf https://wasmtime.dev/install.sh | bash</span> <span class="s">#sudo cp .wasmtime/bin/* /usr/local/bin/</span> <span class="s">#rm -rf .wasmtime</span> <span class="s">#echo "`wasmtime -V` installed!"</span> <span class="s">echo "Install crun:"</span> <span class="s">git clone https://github.com/containers/crun</span> <span class="s">cd crun</span> <span class="s">./autogen.sh</span> <span class="s">#./configure --with-wasmedge --with-wasmtime</span> <span class="s">./configure --with-wasmedge</span> <span class="s">make</span> <span class="s">sudo make install</span> <span class="s">crun -v</span> <span class="s">echo "crun installed! Replacing runc with crun:"</span> <span class="s"># NOTE: replacing runc with crun is to simplify containerd config</span> <span class="s">TRC=`which runc`</span> <span class="s">sudo rm -rf $TRC</span> <span class="s">sudo cp `which crun` $TRC</span> <span class="s">echo "Configuring containerd:"</span> <span class="s">sudo mkdir -p /etc/containerd/</span> <span class="s">containerd config default | sudo tee /etc/containerd/config.toml &gt;/dev/null</span> <span class="s">echo "Restarting/reloading docker/containerd services:"</span> <span class="s">sudo systemctl daemon-reload</span> <span class="s">sudo systemctl restart containerd</span> <span class="s"># As soon as Colima writes its /etc/docker/daemon.json file (right after this provisioning script),</span> <span class="s"># it will also start the Docker daemon. If we stop Docker here, the changes will actually take effect:</span> <span class="s">sudo systemctl stop docker</span> <span class="na">sshConfig</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">mounts</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">{}</span> </code></pre> </div> <h2> Caveats </h2> <h3> First colima start time is long </h3> <p>It takes 1.5 minutes on my M1 max mac to start the container.</p> <h3> Extra docker run parameters </h3> <p>After starting Colima with this template, be aware that you need to supply some specific parameters (<code>--platform</code> and <code>--annotation</code>) to the <code>docker run</code> command, e.g.:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker run <span class="nt">--rm</span> <span class="nt">-dp</span> 8080:8080 <span class="se">\</span> <span class="nt">--platform</span> wasi/wasm32 <span class="se">\</span> <span class="nt">--annotation</span> <span class="s2">"run.oci.handler=wasm"</span> <span class="se">\</span> michaelirwin244/wasm-example:latest </code></pre> </div> <p>or:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker run <span class="nt">--rm</span> <span class="nt">-dp</span> 8080:8080 <span class="se">\</span> <span class="nt">--platform</span> wasi/wasm32 <span class="se">\</span> <span class="nt">--annotation</span> <span class="s2">"module.wasm.image/variant=compat-smart"</span> <span class="se">\</span> michaelirwin244/wasm-example:latest </code></pre> </div> <h3> Stopping container waits for 10 seconds </h3> <p>For some reason the SIGTERM signal is not honoured in the WASM runtime. Stop the container with a specified timeout:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker stop <span class="nt">-t</span> 0 &lt;container <span class="nb">hash</span>/name&gt; </code></pre> </div> <h1> <code>colima-runwasi-git</code> </h1> <p>My second attempt was to get the <a href="https://github.com/containerd/runwasi">Runwasi</a> shims working with Docker, since I did not like the necessary <code>--annotation</code> parameter which are not needed for the 'official' Docker Desktop configuration. This template remedies that drawback.</p> <p>Here is the template (edit the Colima template with <code>$ colima template</code>). I added comments to the parts relevant for the WASM config, other comments are removed for brevity:</p> <h2> Template </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">cpu</span><span class="pi">:</span> <span class="m">4</span> <span class="na">disk</span><span class="pi">:</span> <span class="m">60</span> <span class="na">memory</span><span class="pi">:</span> <span class="m">12</span> <span class="na">arch</span><span class="pi">:</span> <span class="s">host</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">colima</span> <span class="na">autoActivate</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">forwardAgent</span><span class="pi">:</span> <span class="kc">false</span> <span class="c1"># I only tested this with 'docker', not 'containerd':</span> <span class="na">runtime</span><span class="pi">:</span> <span class="s">docker</span> <span class="na">kubernetes</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">version</span><span class="pi">:</span> <span class="s">v1.24.3+k3s1</span> <span class="na">k3sArgs</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">network</span><span class="pi">:</span> <span class="na">address</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">dns</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">dnsHosts</span><span class="pi">:</span> <span class="na">host.docker.internal</span><span class="pi">:</span> <span class="s">host.lima.internal</span> <span class="c1"># Added:</span> <span class="c1"># - containerd-snapshotter: true (meaning containerd will be used for pulling images)</span> <span class="na">docker</span><span class="pi">:</span> <span class="na">features</span><span class="pi">:</span> <span class="na">buildkit</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">containerd-snapshotter</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">vmType</span><span class="pi">:</span> <span class="s">vz</span> <span class="na">rosetta</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">mountType</span><span class="pi">:</span> <span class="s">virtiofs</span> <span class="na">mountInotify</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">cpuType</span><span class="pi">:</span> <span class="s">host</span> <span class="c1"># This provisioning script installs build dependencies, WasmEdge and builds the WASM runtime shims for containerd.</span> <span class="c1"># NOTE: this takes a LOOONG time!</span> <span class="na">provision</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">system</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">[ -f /etc/docker/daemon.json ] &amp;&amp; echo "Already provisioned!" &amp;&amp; exit 0</span> <span class="s">echo "Installing system updates:"</span> <span class="s">apt-get update -y</span> <span class="s">apt-get upgrade -y</span> <span class="s">echo "Installing WasmEdge and runwasi build dependencies:"</span> <span class="s"># NOTE: packages curl, git and python3 already installed:</span> <span class="s">apt-get install -y make gcc build-essential pkgconf libtool libsystemd-dev libprotobuf-c-dev libcap-dev libseccomp-dev libyajl-dev libgcrypt20-dev go-md2man autoconf automake criu pkg-config libdbus-glib-1-dev libelf-dev libclang-dev libzstd-dev protobuf-compiler xz-utils</span> <span class="s">apt-get clean -y</span> <span class="pi">-</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">user</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">[ -f /etc/docker/daemon.json ] &amp;&amp; echo "Already provisioned!" &amp;&amp; exit 0</span> <span class="s">#</span> <span class="s"># Setting vars for this script:</span> <span class="s">#</span> <span class="s"># Which WASM runtimes to install (wasmedge, wasmtime and wasmer are supported):</span> <span class="s">WASM_RUNTIMES="wasmedge wasmtime wasmer"</span> <span class="s">#</span> <span class="s"># Location of the containerd config file:</span> <span class="s">CONTAINERD_CONFIG="/etc/containerd/config.toml"</span> <span class="s">#</span> <span class="s"># Target location for the WASM runtimes and containerd shims ($TARGET/bin and $TARGET/lib):</span> <span class="s">TARGET="/usr/local"</span> <span class="s">#</span> <span class="s"># Install rustup:</span> <span class="s">#</span> <span class="s">echo "Installing rustup for building runwasi:"</span> <span class="s">curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --default-toolchain none -y</span> <span class="s">source "$HOME/.cargo/env"</span> <span class="s">#</span> <span class="s"># Install selected WASM runtimes and containerd shims:</span> <span class="s">#</span> <span class="s">[[ -z "${WASM_RUNTIMES// /}" ]] &amp;&amp; echo "No WASM runtimes selected - exiting!" &amp;&amp; exit 0</span> <span class="s">git clone https://github.com/containerd/runwasi</span> <span class="s">echo "Installing WASM runtimes and building containerd shims: ${WASM_RUNTIMES}:"</span> <span class="s">sudo mkdir -p /etc/containerd/</span> <span class="s">containerd config default | sudo tee $CONTAINERD_CONFIG &gt;/dev/null</span> <span class="s">for runtimeName in $WASM_RUNTIMES; do</span> <span class="s">case $runtimeName in</span> <span class="s">wasmedge)</span> <span class="s">echo "Installing WasmEdge:"</span> <span class="s">curl -sSfL https://raw.githubusercontent.com/WasmEdge/WasmEdge/master/utils/install.sh | sudo bash -s -- -p $TARGET</span> <span class="s">echo</span> <span class="s">echo "`wasmedge -v` installed!"</span> <span class="s">;;</span> <span class="s">wasmtime)</span> <span class="s">echo "Installing wasmtime:"</span> <span class="s">curl -sSfL https://wasmtime.dev/install.sh | bash</span> <span class="s">sudo cp .wasmtime/bin/* ${TARGET}/bin/</span> <span class="s">rm -rf .wasmtime</span> <span class="s">echo "`wasmtime -V` installed!"</span> <span class="s">;;</span> <span class="s">wasmer)</span> <span class="s">echo "Installing wasmer:"</span> <span class="s">curl -sSfL https://get.wasmer.io | sh</span> <span class="s">sudo cp .wasmer/bin/* ${TARGET}/bin/</span> <span class="s">sudo cp .wasmer/lib/* ${TARGET}/lib/</span> <span class="s">rm -rf .wasmer</span> <span class="s">echo "`wasmer -V` installed!"</span> <span class="s">;;</span> <span class="s">*)</span> <span class="s">echo "ERROR: WASM runtime $runtimeName is not supported!"</span> <span class="s">exit 1</span> <span class="s">;;</span> <span class="s">esac</span> <span class="s">cd runwasi</span> <span class="s">echo "Building containerd-shim-${runtimeName}:"</span> <span class="s">cargo build -p containerd-shim-${runtimeName} --release</span> <span class="s">echo "Installing containerd-shim-${runtimeName}-v1:"</span> <span class="s">sudo install ./target/release/containerd-shim-${runtimeName}-v1 ${TARGET}/bin</span> <span class="s">sudo ln -sf ${TARGET}/bin/containerd-shim-${runtimeName}-v1 ${TARGET}/bin/containerd-shim-${runtimeName}d-v1</span> <span class="s">sudo ln -sf ${TARGET}/bin/containerd-shim-${runtimeName}-v1 ${TARGET}/bin/containerd-${runtimeName}d</span> <span class="s">echo "containerd-shim-${runtimeName} installed."</span> <span class="s">cd ..</span> <span class="s">echo "[plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.${runtimeName}]" | sudo tee -a $CONTAINERD_CONFIG &gt;/dev/null</span> <span class="s">echo " runtime_type = \"io.containerd.${runtimeName}.v1\"" | sudo tee -a $CONTAINERD_CONFIG &gt;/dev/null</span> <span class="s">done</span> <span class="s">echo "containerd WASM runtimes and shims installed."</span> <span class="s">#</span> <span class="s"># Restart the systemctl services to pick up the installed shims.</span> <span class="s"># NOTE: We need to 'stop' docker because at this point the actual daemon.json config is not yet provisioned:</span> <span class="s">#</span> <span class="s">echo "Restarting/reloading docker/containerd services:"</span> <span class="s">sudo systemctl daemon-reload</span> <span class="s">sudo systemctl restart containerd</span> <span class="s">sudo systemctl stop docker</span> <span class="na">sshConfig</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">mounts</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">{}</span> </code></pre> </div> <h2> Caveats </h2> <h3> First Colima start time is super long </h3> <p>It takes a couple of minutes on my M1 max mac to start the container. Have some patience!</p> <h3> Stopping container waits for 10 seconds </h3> <p>For some reason the SIGTERM signal is not honoured in the WASM runtime. Stop the container with a specified timeout:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker stop <span class="nt">-t</span> 0 &lt;container <span class="nb">hash</span>/name&gt; </code></pre> </div> <h1> <code>colima-runwasi</code> </h1> <p>This template is the same as the previous template, except it doesn't build the containerd shims, it downloads the latest releases. Starting Colima with this template for the first time takes less than 50 seconds on my M1 max machine.</p> <p>Here is the template (edit the Colima template with <code>$ colima template</code>). I added comments to the parts relevant for the WASM config, other comments are removed for brevity:</p> <h2> Template </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">cpu</span><span class="pi">:</span> <span class="m">4</span> <span class="na">disk</span><span class="pi">:</span> <span class="m">60</span> <span class="na">memory</span><span class="pi">:</span> <span class="m">12</span> <span class="na">arch</span><span class="pi">:</span> <span class="s">host</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">colima</span> <span class="na">autoActivate</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">forwardAgent</span><span class="pi">:</span> <span class="kc">false</span> <span class="c1"># I only tested this with 'docker', not 'containerd':</span> <span class="na">runtime</span><span class="pi">:</span> <span class="s">docker</span> <span class="na">kubernetes</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">version</span><span class="pi">:</span> <span class="s">v1.24.3+k3s1</span> <span class="na">k3sArgs</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">network</span><span class="pi">:</span> <span class="na">address</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">dns</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">dnsHosts</span><span class="pi">:</span> <span class="na">host.docker.internal</span><span class="pi">:</span> <span class="s">host.lima.internal</span> <span class="c1"># Added:</span> <span class="c1"># - containerd-snapshotter: true (meaning containerd will be used for pulling images)</span> <span class="na">docker</span><span class="pi">:</span> <span class="na">features</span><span class="pi">:</span> <span class="na">buildkit</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">containerd-snapshotter</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">vmType</span><span class="pi">:</span> <span class="s">vz</span> <span class="na">rosetta</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">mountType</span><span class="pi">:</span> <span class="s">virtiofs</span> <span class="na">mountInotify</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">cpuType</span><span class="pi">:</span> <span class="s">host</span> <span class="c1"># Custom provision scripts for the virtual machine.</span> <span class="na">provision</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">system</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">[ -f /etc/docker/daemon.json ] &amp;&amp; echo "Already provisioned!" &amp;&amp; exit 0</span> <span class="s">echo "Installing system updates:"</span> <span class="s">apt-get update -y</span> <span class="s">apt-get upgrade -y</span> <span class="s">echo "Installing dependency for wasmtime installer:"</span> <span class="s">apt-get install -y xz-utils</span> <span class="s">apt-get clean -y</span> <span class="pi">-</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">user</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">[ -f /etc/docker/daemon.json ] &amp;&amp; echo "Already provisioned!" &amp;&amp; exit 0</span> <span class="s">#</span> <span class="s"># Setting vars for this script:</span> <span class="s">#</span> <span class="s"># Which WASM runtimes to install (wasmedge, wasmtime and wasmer are supported):</span> <span class="s">WASM_RUNTIMES="wasmedge wasmtime wasmer"</span> <span class="s">#</span> <span class="s"># Location of the containerd config file:</span> <span class="s">CONTAINERD_CONFIG="/etc/containerd/config.toml"</span> <span class="s">#</span> <span class="s"># Target location for the WASM runtimes and containerd shims ($TARGET/bin and $TARGET/lib):</span> <span class="s">TARGET="/usr/local"</span> <span class="s">#</span> <span class="s"># Install selected WASM runtimes and containerd shims:</span> <span class="s">#</span> <span class="s">[[ -z "${WASM_RUNTIMES// /}" ]] &amp;&amp; echo "No WASM runtimes selected - exiting!" &amp;&amp; exit 0</span> <span class="s">echo "Installing WASM runtimes and containerd shims: ${WASM_RUNTIMES}:"</span> <span class="s">sudo mkdir -p /etc/containerd/</span> <span class="s">containerd config default | sudo tee $CONTAINERD_CONFIG &gt;/dev/null</span> <span class="s">for runtimeName in $WASM_RUNTIMES; do</span> <span class="s">case $runtimeName in</span> <span class="s">wasmedge)</span> <span class="s">echo "Installing WasmEdge:"</span> <span class="s">curl -sSfL https://raw.githubusercontent.com/WasmEdge/WasmEdge/master/utils/install.sh | sudo bash -s -- -p $TARGET</span> <span class="s">echo</span> <span class="s">echo "`wasmedge -v` installed!"</span> <span class="s">;;</span> <span class="s">wasmtime)</span> <span class="s">echo "Installing wasmtime:"</span> <span class="s">curl -sSfL https://wasmtime.dev/install.sh | bash</span> <span class="s">sudo cp .wasmtime/bin/* ${TARGET}/bin/</span> <span class="s">rm -rf .wasmtime</span> <span class="s">echo "`wasmtime -V` installed!"</span> <span class="s">;;</span> <span class="s">wasmer)</span> <span class="s">echo "Installing wasmer:"</span> <span class="s">curl -sSfL https://get.wasmer.io | sh</span> <span class="s">sudo cp .wasmer/bin/* ${TARGET}/bin/</span> <span class="s">sudo cp .wasmer/lib/* ${TARGET}/lib/</span> <span class="s">rm -rf .wasmer</span> <span class="s">echo "`wasmer -V` installed!"</span> <span class="s">;;</span> <span class="s">*)</span> <span class="s">echo "ERROR: WASM runtime $runtimeName is not supported!"</span> <span class="s">exit 1</span> <span class="s">;;</span> <span class="s">esac</span> <span class="s">shimVersion=$(curl -s https://api.github.com/repos/containerd/runwasi/tags | grep tarball | grep "shim-${runtimeName}" | grep -Eo 'https://[^\"]*' | head -1 | tr "/" "\n" | tail -n 1)</span> <span class="s">shimUrl="https://github.com/containerd/runwasi/releases/download/containerd-shim-${runtimeName}/${shimVersion}/containerd-shim-${runtimeName}-`uname -m`.tar.gz"</span> <span class="s">echo "Installing runwasi shim version $shimVersion for $runtimeName runtime from ${shimUrl}:"</span> <span class="s">curl -sSfL $shimUrl | sudo tar xvz -C ${TARGET}/bin/</span> <span class="s">echo "[plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.${runtimeName}]" | sudo tee -a $CONTAINERD_CONFIG &gt;/dev/null</span> <span class="s">echo " runtime_type = \"io.containerd.${runtimeName}.v1\"" | sudo tee -a $CONTAINERD_CONFIG &gt;/dev/null</span> <span class="s">done</span> <span class="s">echo "containerd WASM runtimes and shims installed."</span> <span class="s">#</span> <span class="s"># Restart the systemctl services to pick up the installed shims.</span> <span class="s"># NOTE: We need to 'stop' docker because at this point the actual daemon.json config is not yet provisioned:</span> <span class="s">#</span> <span class="s">echo "Restarting/reloading docker/containerd services:"</span> <span class="s">sudo systemctl daemon-reload</span> <span class="s">sudo systemctl restart containerd</span> <span class="s">sudo systemctl stop docker</span> <span class="na">sshConfig</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">mounts</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">{}</span> </code></pre> </div> <h2> Caveats </h2> <h3> Stopping container waits for 10 seconds </h3> <p>For some reason the SIGTERM signal is not honoured in the WASM runtime. Stop the container with a specified timeout:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker stop <span class="nt">-t</span> 0 &lt;container <span class="nb">hash</span>/name&gt; </code></pre> </div> <h1> Putting it all together </h1> <p>Let's go from Colima installation to running a WASM program in Docker.</p> <h2> Prepare Colima </h2> <p>First, if you haven't done this already, install Colima:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>brew <span class="nb">install </span>colima </code></pre> </div> <p>Next, change the default Colima template:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>colima template </code></pre> </div> <p>This command opens (by default) a <code>vim</code> editor with the default colima yaml template. In this editor, replace all contents with the template from <code>colima-runwasi</code> above.</p> <blockquote> <p>In <code>vim</code>: Type the following key sequence to empty the template:</p> <pre class="highlight plaintext"><code>:%d&lt;Enter&gt; </code></pre> <p>The screen must be empty now.</p> <p>Next, put <code>vim</code> in <code>-- INSERT --</code> mode by typing the <code>i</code> key.<br> Then, paste the contents of the <code>colima-runwasi</code> template into the editor.</p> <p>Finally, save the template by typing the following key sequence:</p> <pre class="highlight plaintext"><code>&lt;ESC&gt;:wq!&lt;Enter&gt; </code></pre> </blockquote> <p>The Colima template is now configured to install WASM runtimes. Start Colima:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>colima start <span class="nt">-v</span> </code></pre> </div> <p>Depending on the speed of your machine, this takes approximately between 50 and 90 seconds.</p> <h2> Install additional Docker plugins </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>brew <span class="nb">install </span>docker-buildx docker-compose </code></pre> </div> <p>Make sure to follow instructions for the installed Docker plugins:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">mkdir</span> <span class="nt">-p</span> ~/.docker/cli-plugins <span class="nv">$ </span><span class="nb">ln</span> <span class="nt">-sfn</span> <span class="si">$(</span>brew <span class="nt">--prefix</span><span class="si">)</span>/opt/docker-buildx/bin/docker-buildx ~/.docker/cli-plugins/docker-buildx <span class="nv">$ </span><span class="nb">ln</span> <span class="nt">-sfn</span> <span class="si">$(</span>brew <span class="nt">--prefix</span><span class="si">)</span>/opt/docker-compose/bin/docker-compose ~/.docker/cli-plugins/docker-compose </code></pre> </div> <h2> Build a WASM image </h2> <p>Check out a project with rust examples:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>git clone https://github.com/second-state/rust-examples.git Cloning into <span class="s1">'rust-examples'</span>... remote: Enumerating objects: 338, <span class="k">done</span><span class="nb">.</span> remote: Counting objects: 100% <span class="o">(</span>73/73<span class="o">)</span>, <span class="k">done</span><span class="nb">.</span> remote: Compressing objects: 100% <span class="o">(</span>51/51<span class="o">)</span>, <span class="k">done</span><span class="nb">.</span> remote: Total 338 <span class="o">(</span>delta 42<span class="o">)</span>, reused 40 <span class="o">(</span>delta 20<span class="o">)</span>, pack-reused 265 Receiving objects: 100% <span class="o">(</span>338/338<span class="o">)</span>, 54.27 KiB | 9.04 MiB/s, <span class="k">done</span><span class="nb">.</span> Resolving deltas: 100% <span class="o">(</span>214/214<span class="o">)</span>, <span class="k">done</span><span class="nb">.</span> </code></pre> </div> <p>Next, enter the <code>rust-examples/hello</code> directory and build the wasm image:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">cd </span>rust-examples/hello <span class="nv">$ </span>docker buildx build <span class="nt">--provenance</span><span class="o">=</span><span class="nb">false</span> <span class="se">\</span> <span class="nt">--platform</span> wasi/wasm32 <span class="se">\</span> <span class="nt">-t</span> secondstate/rust-example-hello <span class="nb">.</span> <span class="o">[</span>+] Building 3.6s <span class="o">(</span>15/15<span class="o">)</span> FINISHED <span class="o">=&gt;</span> <span class="o">[</span>internal] load .dockerignore <span class="o">=&gt;</span> <span class="o">=&gt;</span> transferring context: 2B <span class="o">=&gt;</span> <span class="o">[</span>internal] load build definition from Dockerfile <span class="o">=&gt;</span> <span class="o">=&gt;</span> transferring dockerfile: 563B <span class="o">=&gt;</span> resolve image config <span class="k">for </span>docker.io/docker/dockerfile:1 <span class="o">=&gt;</span> <span class="o">[</span>auth] docker/dockerfile:pull token <span class="k">for </span>registry-1.docker.io <span class="o">=&gt;</span> CACHED docker-image://docker.io/docker/dockerfile:1@sha256:ac85f380a63b13dfcefa89046420e1781752bab202122f8f50032edf31be0021 <span class="o">=&gt;</span> <span class="o">=&gt;</span> resolve docker.io/docker/dockerfile:1@sha256:ac85f380a63b13dfcefa89046420e1781752bab202122f8f50032edf31be0021 <span class="o">=&gt;</span> <span class="o">[</span>internal] load metadata <span class="k">for </span>docker.io/library/rust:1.64 <span class="o">=&gt;</span> <span class="o">[</span>auth] library/rust:pull token <span class="k">for </span>registry-1.docker.io <span class="o">=&gt;</span> <span class="o">[</span>buildbase 1/3] FROM docker.io/library/rust:1.64@sha256:53ded1c919ea0dc23be959e28037238d8c321cd88fbac04d818f210031fccc3b <span class="o">=&gt;</span> <span class="o">=&gt;</span> resolve docker.io/library/rust:1.64@sha256:53ded1c919ea0dc23be959e28037238d8c321cd88fbac04d818f210031fccc3b <span class="o">=&gt;</span> <span class="o">[</span>internal] load build context <span class="o">=&gt;</span> <span class="o">=&gt;</span> transferring context: 426B <span class="o">=&gt;</span> CACHED <span class="o">[</span>buildbase 2/3] WORKDIR /src <span class="o">=&gt;</span> CACHED <span class="o">[</span>buildbase 3/3] RUN <span class="o">&lt;&lt;</span><span class="no">EOT</span><span class="sh"> bash =&gt; [build 1/3] COPY Cargo.toml . =&gt; [build 2/3] COPY src ./src =&gt; [build 3/3] RUN cargo build --target wasm32-wasi --release =&gt; exporting to image =&gt; =&gt; exporting layers =&gt; =&gt; exporting manifest sha256:506f9c13793e6fd5ce556e36130a7e6977b68720379a393b1a0d2acc23aef501 =&gt; =&gt; exporting config sha256:1274e89bbbc5c385dae15ac1b768cf2acaae290172018a03efd2dae1d2f0e872 =&gt; =&gt; naming to docker.io/secondstate/rust-example-hello:latest =&gt; =&gt; unpacking to docker.io/secondstate/rust-example-hello:latest </span></code></pre> </div> <p>Check the image's existence by running the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker images REPOSITORY TAG IMAGE ID CREATED SIZE secondstate/rust-example-hello latest 506f9c13793e 3 minutes ago 2.53MB </code></pre> </div> <p>Or, check its architecture to verify it is a WASM image:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker inspect <span class="se">\</span> <span class="nt">--format</span><span class="o">=</span><span class="s1">'{{.Os}}/{{.Architecture}}'</span> <span class="se">\</span> secondstate/rust-example-hello wasi/wasm32 </code></pre> </div> <h2> Run the WASM image </h2> <p>Run the WASM image with the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker run <span class="nt">--rm</span> <span class="se">\</span> <span class="nt">--platform</span> wasi/wasm32 <span class="se">\</span> <span class="nt">--runtime</span> io.containerd.wasmedge.v1 <span class="se">\</span> secondstate/rust-example-hello:latest Hello WasmEdge! </code></pre> </div> <blockquote> <p>NOTE: The specified runtime above is <code>io.containerd.wasmedge.v1</code>. You have three options here:</p> <ol> <li>WasmEdge: <code>io.containerd.wasmedge.v1</code> </li> <li>Wasmtime: <code>io.containerd.wasmtime.v1</code> </li> <li>Wasmer: <code>io.containerd.wasmer.v1</code> </li> </ol> </blockquote> <h1> Conclusion </h1> <p>If you are serious about using WASM containers in Docker / Colima, I suggest to use the last template <code>colima-runwasi</code>. The other templates are merely evolutionary exercises in getting to know the Docker parts better.</p> <p>Let me know how this works for you!</p> <h1> Resources </h1> <p>The information in this Howto is assembled from these links:</p> <ol> <li><a href="https://www.tutorialworks.com/difference-docker-containerd-runc-crio-oci/">The differences between Docker, containerd, CRI-O and runc</a></li> <li><a href="https://docs.docker.com/engine/alternative-runtimes/#use-containerd-shims">Docker - Use containerd shims</a></li> <li><a href="https://nigelpoulton.com/webassembly-and-containerd-how-it-works/">WebAssembly and containerd: How it works</a></li> </ol> <h1> EDITS </h1> <p>14 FEB 2024 - added <code>xz-utils</code> to list of install dependencies for wasmtime</p> webassembly colima docker containerd