diff --git a/.conform.yaml b/.conform.yaml index db1ccfb694..c6be2309e1 100644 --- a/.conform.yaml +++ b/.conform.yaml @@ -32,7 +32,7 @@ script: rm -rf ./build/* cd ./src/tools && conform enforce cd ../kernel && conform enforce - cd ../initramfs && conform enforce cd ../rootfs && conform enforce + cd ../initramfs && conform enforce cd ../image && conform enforce cd ../ diff --git a/.dockerignore b/.dockerignore index 378eac25d3..411a5b8a43 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1 +1,2 @@ build +vendor diff --git a/.gitignore b/.gitignore index 30944692f3..411a5b8a43 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -.DS_Store build +vendor diff --git a/hack/debug.yaml b/hack/debug.yaml index 92b33df028..51ccc0b098 100644 --- a/hack/debug.yaml +++ b/hack/debug.yaml @@ -4,6 +4,7 @@ metadata: name: debug spec: hostPID: true + hostIPC: true hostNetwork: true # nodeSelector: # kubernetes.io/hostname: ${HOSTNAME} diff --git a/src/image/.conform.yaml b/src/image/.conform.yaml index 028d2bfcab..382a3d750b 100644 --- a/src/image/.conform.yaml +++ b/src/image/.conform.yaml @@ -8,6 +8,8 @@ script: set -e + docker save {{ .Docker.Image.Name }}:{{ .Docker.Image.Tag }} -o ../../build/dianemo.tar + {{ if and (.Git.IsClean) (or (.Git.IsTag) (eq .Git.Branch "master")) }} docker login --username=$DOCKER_USERNAME --password=$DOCKER_PASSWORD docker tag {{ .Docker.Image.Name }}:{{ .Docker.Image.Tag }} {{ .Docker.Image.Name }}:latest @@ -63,8 +65,4 @@ tasks: template: | COPY --from=dianemo/rootfs:{{ .Docker.Image.Tag }} /rootfs /generated/rootfs COPY --from=dianemo/kernel:{{ .Docker.Image.Tag }} /tmp/lib/modules /generated/rootfs/lib/modules - COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/osd /generated/rootfs/bin/osd - COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/proxyd /generated/rootfs/bin/proxyd - COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/trustd /generated/rootfs/bin/trustd - COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/init /generated/rootfs/bin/init RUN {{if .Git.IsClean}}XZ_OPT=-9e{{else}}XZ_OPT=-0{{end}} tar -cvpJf /generated/rootfs.tar.xz -C /generated/rootfs . diff --git a/src/image/src/entrypoint.sh b/src/image/src/entrypoint.sh index d3b4ae1632..1985152d3e 100755 --- a/src/image/src/entrypoint.sh +++ b/src/image/src/entrypoint.sh @@ -11,33 +11,33 @@ function create_image() { if [ "$FULL" = true ] ; then if [ "$RAW" = true ] ; then - parted -s -a optimal ${RAW_IMAGE} mkpart ESP fat32 0 50M - parted -s -a optimal ${RAW_IMAGE} mkpart ROOT xfs 50M $(($(size) + 100))M - parted -s -a optimal ${RAW_IMAGE} mkpart DATA xfs $(($(size) + 100))M 100% + parted -s -a optimal ${RAW_IMAGE} mkpart ESP fat32 0 $((${INITRAMFS_SIZE} + 50))M + parted -s -a optimal ${RAW_IMAGE} mkpart ROOT xfs $((${INITRAMFS_SIZE} + 50))M $((${ROOTFS_SIZE} + ${INITRAMFS_SIZE} + 100))M + parted -s -a optimal ${RAW_IMAGE} mkpart DATA xfs $((${ROOTFS_SIZE} + ${INITRAMFS_SIZE} + 100))M 100% losetup ${DEVICE} ${RAW_IMAGE} partx -av ${DEVICE} extract_boot_partition ${DEVICE}p1 extract_root_partition ${DEVICE}p2 extract_data_partition ${DEVICE}p3 else - parted -s -a optimal ${DEVICE} mkpart ESP fat32 0 50M - parted -s -a optimal ${DEVICE} mkpart ROOT xfs 50M $(($(size) + 100))M - parted -s -a optimal ${DEVICE} mkpart DATA xfs $(($(size) + 100))M 100% + parted -s -a optimal ${DEVICE} mkpart ESP fat32 0 $((${INITRAMFS_SIZE} + 50))M + parted -s -a optimal ${DEVICE} mkpart ROOT xfs $((${INITRAMFS_SIZE} + 50))M $((${ROOTFS_SIZE} + ${INITRAMFS_SIZE} + 100))M + parted -s -a optimal ${DEVICE} mkpart DATA xfs $((${ROOTFS_SIZE} + ${INITRAMFS_SIZE} + 100))M 100% extract_boot_partition ${DEVICE}1 extract_root_partition ${DEVICE}2 extract_data_partition ${DEVICE}3 fi else if [ "$RAW" = true ] ; then - parted -s -a optimal ${RAW_IMAGE} mkpart ROOT xfs 0 $(($(size) + 50))M - parted -s -a optimal ${RAW_IMAGE} mkpart DATA xfs $(($(size) + 50))M 100% + parted -s -a optimal ${RAW_IMAGE} mkpart ROOT xfs 0 $((${ROOTFS_SIZE} + 50))M + parted -s -a optimal ${RAW_IMAGE} mkpart DATA xfs $((${ROOTFS_SIZE} + 50))M 100% losetup ${DEVICE} ${RAW_IMAGE} partx -av ${DEVICE} extract_root_partition ${DEVICE}p1 extract_data_partition ${DEVICE}p2 else - parted -s -a optimal ${DEVICE} mkpart ROOT xfs 0 $(($(size) + 50))M - parted -s -a optimal ${DEVICE} mkpart DATA xfs $(($(size) + 50))M 100% + parted -s -a optimal ${DEVICE} mkpart ROOT xfs 0 $((${ROOTFS_SIZE} + 50))M + parted -s -a optimal ${DEVICE} mkpart DATA xfs $((${ROOTFS_SIZE} + 50))M 100% extract_root_partition ${DEVICE}1 extract_data_partition ${DEVICE}2 fi @@ -58,8 +58,8 @@ function create_vmdk() { function create_iso() { mkdir -p /mnt/boot/isolinux - cp /usr/local/src/syslinux/bios/core/isolinux.bin /mnt/boot/isolinux/isolinux.bin - cp /usr/local/src/syslinux/bios/com32/elflink/ldlinux/ldlinux.c32 /mnt/boot/isolinux/ldlinux.c32 + cp -v /usr/local/src/syslinux/bios/core/isolinux.bin /mnt/boot/isolinux/isolinux.bin + cp -v /usr/local/src/syslinux/bios/com32/elflink/ldlinux/ldlinux.c32 /mnt/boot/isolinux/ldlinux.c32 create_extlinux_conf /mnt/boot/isolinux/isolinux.conf tar -xpvJf /generated/rootfs.tar.xz -C /mnt mkisofs -o ${ISO_IMAGE} -b boot/isolinux/isolinux.bin -c boot/isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table . @@ -69,8 +69,8 @@ function create_ami() { packer build -var "version=${VERSION}" "${@}" /packer.json } -function size() { - xz --robot --list /generated/rootfs.tar.xz | sed -n '3p' | cut -d$'\t' -f5 | awk '{printf("%.0f", $1*0.000001)}' +function size_xz() { + xz --robot --list $1 | sed -n '3p' | cut -d$'\t' -f5 | awk '{printf("%.0f", $1*0.000001)}' } function extract_boot_partition() { @@ -80,8 +80,8 @@ function extract_boot_partition() { mkdir -pv /mnt/boot/extlinux extlinux --install /mnt/boot/extlinux create_extlinux_conf /mnt/boot/extlinux/extlinux.conf - cp /generated/boot/vmlinuz /mnt/boot - cp /generated/boot/initramfs.xz /mnt/boot + cp -v /generated/boot/vmlinuz /mnt/boot + cp -v /generated/boot/initramfs.xz /mnt/boot umount -v /mnt } @@ -128,6 +128,8 @@ VMDK_IMAGE="/out/image.vmdk" ISO_IMAGE="/out/image.iso" FULL=false RAW=false +ROOTFS_SIZE=$(size_xz /generated/rootfs.tar.xz) +INITRAMFS_SIZE=$(size_xz /generated/boot/initramfs.xz) case "$1" in image) @@ -144,7 +146,7 @@ case "$1" in ;; l ) trap cleanup ERR - dd if=/dev/zero of=${RAW_IMAGE} bs=1M count=$(($(size) + 150)) + dd if=/dev/zero of=${RAW_IMAGE} bs=1M count=$(($(size_xz) + 150)) DEVICE=$(losetup -f) RAW=true echo "Using loop device ${RAW_IMAGE} as installation media" @@ -177,7 +179,7 @@ case "$1" in echo "The userdata flag '-u' must be specified" exit 1 fi - + echo -e "Creating image\n\t/: ${ROOTFS_SIZE}Mb\n\t/boot: ${INITRAMFS_SIZE}Mb" create_image ;; vmdk) diff --git a/src/initramfs/.conform.yaml b/src/initramfs/.conform.yaml index 65edf5033d..733ca5c80e 100644 --- a/src/initramfs/.conform.yaml +++ b/src/initramfs/.conform.yaml @@ -1,27 +1,73 @@ metadata: repository: dianemo/initramfs variables: + rootfs: /rootfs versionPath: github.com/autonomy/dianemo/src/initramfs/pkg/version +script: + template: | + #!/bin/sh + + set -e + + docker tag {{ .Repository }}:osd autonomy/osd:{{ .Git.SHA }} + docker save autonomy/osd:{{ .Git.SHA }} -o ../../build/osd.tar + + docker tag {{ .Repository }}:trustd autonomy/trustd:{{ .Git.SHA }} + docker save autonomy/trustd:{{ .Git.SHA }} -o ../../build/trustd.tar + + docker tag {{ .Repository }}:proxyd autonomy/proxyd:{{ .Git.SHA }} + docker save autonomy/proxyd:{{ .Git.SHA }} -o ../../build/proxyd.tar + + {{ if and (.Git.IsClean) (or (.Git.IsTag) (eq .Git.Branch "master")) }} + docker login --username=$DOCKER_USERNAME --password=$DOCKER_PASSWORD + + docker tag autonomy/osd:{{ .Git.SHA }} autonomy/osd:latest + docker push autonomy/osd:{{ .Git.SHA }} + docker push autonomy/osd:latest + + docker tag autonomy/trustd:{{ .Git.SHA }} autonomy/trustd:latest + docker push autonomy/trustd:{{ .Git.SHA }} + docker push autonomy/trustd:latest + + docker tag autonomy/proxyd:{{ .Git.SHA }} autonomy/proxyd:latest + docker push autonomy/proxyd:{{ .Git.SHA }} + docker push autonomy/proxyd:latest + {{ end }} pipeline: stages: - generate - - build + - base + - osd + - osctl + - trustd + - proxyd + - initramfs stages: - build: + base: + tasks: + - src + - test + osd: + tasks: + - osd + osctl: artifacts: - - source: /tmp/osctl-linux-amd64 + - source: /osctl-linux-amd64 destination: ../../build/osctl-linux-amd64 - - source: /tmp/osctl-darwin-amd64 + - source: /osctl-darwin-amd64 destination: ../../build/osctl-darwin-amd64 tasks: - - src - - init - - initramfs + - osctl + trustd: + tasks: - trustd + proxyd: + tasks: - proxyd - - osd - - osctl - - test + initramfs: + tasks: + - init + - initramfs - image generate: artifacts: @@ -36,33 +82,38 @@ tasks: template: | FROM scratch WORKDIR /tmp - COPY --from=src /initramfs/init init - COPY --from=src /initramfs/initramfs.xz initramfs.xz - COPY --from=src /trustd trustd - COPY --from=src /proxyd proxyd - COPY --from=src /osd osd - COPY --from=src /osctl-linux-amd64 osctl-linux-amd64 - COPY --from=src /osctl-darwin-amd64 osctl-darwin-amd64 + COPY --from=init /initramfs/initramfs.xz initramfs.xz CMD false init: template: | + FROM {{ .Repository }}:base AS {{ .Docker.CurrentStage }} WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }} {{ if and .Git.IsClean .Git.IsTag }} RUN GOOS=linux GOARCH=amd64 go build \ - -ldflags "-s -w -linkmode external -extldflags \"-static -L/usr/lib -lblkid -luuid\" -X {{ index .Variables "versionPath" }}.Name=Dianemo -X {{ index .Variables "versionPath" }}.Tag={{ .Git.Tag }} -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }} -X \"{{ index .Variables "versionPath" }}.Built={{ .Built }}\"" \ + -ldflags "-s -w -linkmode external -extldflags \"-L/lib -lblkid -luuid\" -X {{ index .Variables "versionPath" }}.Name=Dianemo -X {{ index .Variables "versionPath" }}.Tag={{ .Git.Tag }} -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }} -X \"{{ index .Variables "versionPath" }}.Built={{ .Built }}\"" \ -o /initramfs/init {{ else }} RUN GOOS=linux GOARCH=amd64 go build \ - -ldflags "-s -w -linkmode external -extldflags \"-static -L/usr/lib -lblkid -luuid\" -X {{ index .Variables "versionPath" }}.Name=Dianemo -X {{ index .Variables "versionPath" }}.Tag=none -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }}" \ + -ldflags "-s -w -linkmode external -extldflags \"-L/lib -lblkid -luuid\" -X {{ index .Variables "versionPath" }}.Name=Dianemo -X {{ index .Variables "versionPath" }}.Tag=none -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }}" \ -o /initramfs/init {{ end }} RUN chmod +x /initramfs/init + RUN mkdir -p /initramfs/lib \ + && cp /tools/lib/libblkid.* /initramfs/lib \ + && cp /tools/lib/libuuid.* /initramfs/lib initramfs: template: | WORKDIR /initramfs - RUN find . 2>/dev/null | cpio -H newc -o | xz -v -C crc32 -9 -e -T 0 -z >/initramfs/initramfs.xz + RUN cp -R {{ index .Variables "rootfs" }}/* ./ + {{ if .Git.IsClean }} + RUN find . 2>/dev/null | cpio -H newc -o | xz -v -C crc32 -9 -e -T 0 -z >/tmp/initramfs.xz + {{ else }} + RUN find . 2>/dev/null | cpio -H newc -o | xz -v -C crc32 -0 -e -T 0 -z >/tmp/initramfs.xz + {{ end }} + RUN cp /tmp/initramfs.xz /initramfs/initramfs.xz osctl: template: | + FROM {{ .Repository }}:base AS {{ .Docker.CurrentStage }} WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }} {{ if and .Git.IsClean .Git.IsTag }} RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \ @@ -81,8 +132,10 @@ tasks: {{ end }} RUN chmod +x /{{ .Docker.CurrentStage }}-linux-amd64 RUN chmod +x /{{ .Docker.CurrentStage }}-darwin-amd64 + CMD false osd: template: | + FROM {{ .Repository }}:base AS {{ .Docker.CurrentStage }} WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }} {{ if and .Git.IsClean .Git.IsTag }} RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \ @@ -94,6 +147,9 @@ tasks: -o /{{ .Docker.CurrentStage }} {{ end }} RUN chmod +x /{{ .Docker.CurrentStage }} + FROM scratch + COPY --from={{ .Docker.CurrentStage }} /{{ .Docker.CurrentStage }} /{{ .Docker.CurrentStage }} + ENTRYPOINT ["/{{ .Docker.CurrentStage }}"] proto: template: | FROM golang:1.11.0 AS {{ .Docker.CurrentStage }} @@ -112,6 +168,7 @@ tasks: RUN protoc -I/usr/local/include -I./proto --go_out=plugins=grpc:proto proto/api.proto proxyd: template: | + FROM {{ .Repository }}:base AS {{ .Docker.CurrentStage }} WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }} {{ if and .Git.IsClean .Git.IsTag }} RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \ @@ -123,16 +180,20 @@ tasks: -o /{{ .Docker.CurrentStage }} {{ end }} RUN chmod +x /{{ .Docker.CurrentStage }} + FROM scratch + COPY --from={{ .Docker.CurrentStage }} /{{ .Docker.CurrentStage }} /{{ .Docker.CurrentStage }} + ENTRYPOINT ["/{{ .Docker.CurrentStage }}"] src: template: | FROM dianemo/tools:{{ .Docker.Image.Tag }} AS {{ .Docker.CurrentStage }} RUN ln -s /tools/lib64 /lib64 RUN mkdir -p /etc/ssl/certs RUN ln -s /tools/etc/ssl/certs/ca-certificates /etc/ssl/certs/ca-certificates - RUN mkdir /tmp RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.10.1 ENV GO111MODULE auto WORKDIR /src/github.com/autonomy/dianemo/src/initramfs + RUN cp /tools/lib/libblkid.* /lib \ + && cp /tools/lib/libuuid.* /lib COPY ./ ./ RUN go mod download RUN go mod verify @@ -144,6 +205,7 @@ tasks: RUN ./hack/test.sh --unit trustd: template: | + FROM {{ .Repository }}:base AS {{ .Docker.CurrentStage }} WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }} {{ if and .Git.IsClean .Git.IsTag }} RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \ @@ -155,3 +217,6 @@ tasks: -o /{{ .Docker.CurrentStage }} {{ end }} RUN chmod +x /{{ .Docker.CurrentStage }} + FROM scratch + COPY --from={{ .Docker.CurrentStage }} /{{ .Docker.CurrentStage }} /{{ .Docker.CurrentStage }} + ENTRYPOINT ["/{{ .Docker.CurrentStage }}"] diff --git a/src/initramfs/cmd/init/main.go b/src/initramfs/cmd/init/main.go index e11de1597c..563c8b3a54 100644 --- a/src/initramfs/cmd/init/main.go +++ b/src/initramfs/cmd/init/main.go @@ -6,18 +6,16 @@ import "C" import ( "flag" - "fmt" - "io/ioutil" "log" "os" - "path" "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants" "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/mount" "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/platform" "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/rootfs" - "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/service" "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/switchroot" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/services" "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" ) @@ -85,50 +83,38 @@ func initram() (err error) { func root() (err error) { // Read the user data. - log.Println("reading the user data") + log.Printf("reading the user data: %s\n", constants.UserDataPath) data, err := userdata.Open(constants.UserDataPath) if err != nil { - return - } - - // Create the requested files. - for _, f := range data.Files { - log.Printf("writing file: %s", f.Path) - if err = os.MkdirAll(path.Dir(f.Path), os.ModeDir); err != nil { - return - } - if err = ioutil.WriteFile(f.Path, []byte(f.Contents), f.Permissions); err != nil { - return - } + return err } - services := &service.Manager{ - UserData: *data, + // Write any user specified files to disk. + log.Println("writing the files specified in the user data to disk") + if err = data.WriteFiles(); err != nil { + return err } - // Start the services essential to managing the node. - log.Println("starting OS services") - services.Start(&service.OSD{}) - if data.Services.Kubeadm.Init != nil { - services.Start(&service.Trustd{}) - services.Start(&service.Proxyd{}) - } + // Get a handle to the system services API. + systemservices := system.Services(data) - // Start the services essential to running Kubernetes. - log.Println("starting Kubernetes services") - switch data.Services.Kubeadm.ContainerRuntime { - case constants.ContainerRuntimeDocker: - services.Start(&service.Docker{}) - case constants.ContainerRuntimeCRIO: - services.Start(&service.CRIO{}) - default: - panic(fmt.Errorf("unknown container runtime: %s", data.Services.Kubeadm.ContainerRuntime)) - } + // Start the services common to all nodes. + log.Println("starting node services") + systemservices.Start( + &services.Containerd{}, + &services.CRT{}, + &services.OSD{}, + &services.Kubelet{}, + &services.Kubeadm{}, + ) - services.Start(&service.Kubelet{}) - - if _, err := os.Stat("/etc/kubernetes/kubelet.conf"); os.IsNotExist(err) { - services.Start(&service.Kubeadm{}) + // Start the services common to all master nodes. + if data.Services.Kubeadm.Init != nil { + log.Println("starting master services") + systemservices.Start( + &services.Trustd{}, + &services.Proxyd{}, + ) } return nil diff --git a/src/initramfs/cmd/init/pkg/constants/constants.go b/src/initramfs/cmd/init/pkg/constants/constants.go index f83e7d9b24..532d6269f8 100644 --- a/src/initramfs/cmd/init/pkg/constants/constants.go +++ b/src/initramfs/cmd/init/pkg/constants/constants.go @@ -27,6 +27,9 @@ const ( // PATH defines all locations where executables are stored. PATH = "/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/opt/cni/bin" + // ContainerdSocket is the path to the containerd socket. + ContainerdSocket = "/run/containerd/containerd.sock" + // ContainerRuntimeDocker is the name of the Docker container runtime. ContainerRuntimeDocker = "docker" @@ -40,13 +43,21 @@ const ( ContainerRuntimeCRIOSocket = "/var/run/crio/crio.sock" // KubeadmConfig is the path to the kubeadm manifest file. - KubeadmConfig = "/etc/kubernetes/kubeadm-config.yaml" + KubeadmConfig = "/var/etc/kubernetes/kubeadm-config.yaml" // KubeadmCACert is the path to the root CA certificate. - KubeadmCACert = "/etc/kubernetes/pki/ca.crt" + KubeadmCACert = "/var/etc/kubernetes/pki/ca.crt" // KubeadmCAKey is the path to the root CA private key. - KubeadmCAKey = "/etc/kubernetes/pki/ca.key" + KubeadmCAKey = "/var/etc/kubernetes/pki/ca.key" + + // KubeadmInitTypeInitial is the string that represents a master node that + // is the initial node. + KubeadmInitTypeInitial = "initial" + + // KubeadmInitTypeDependent is the string that represents a master node that + // is not the initial node. + KubeadmInitTypeDependent = "dependent" // UserDataPath is the path to the downloaded user data. UserDataPath = "/var/run/userdata.yaml" diff --git a/src/initramfs/cmd/init/pkg/blkid/blkid.go b/src/initramfs/cmd/init/pkg/mount/blkid/blkid.go similarity index 100% rename from src/initramfs/cmd/init/pkg/blkid/blkid.go rename to src/initramfs/cmd/init/pkg/mount/blkid/blkid.go diff --git a/src/initramfs/cmd/init/pkg/mount/mount.go b/src/initramfs/cmd/init/pkg/mount/mount.go index 8a690c8da0..5fa79524f1 100644 --- a/src/initramfs/cmd/init/pkg/mount/mount.go +++ b/src/initramfs/cmd/init/pkg/mount/mount.go @@ -8,9 +8,9 @@ import ( "path" "sync" - "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/blkid" "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants" "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/kernel" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/mount/blkid" "golang.org/x/sys/unix" ) diff --git a/src/initramfs/cmd/init/pkg/service/crio.go b/src/initramfs/cmd/init/pkg/service/crio.go deleted file mode 100644 index 3a17114e36..0000000000 --- a/src/initramfs/cmd/init/pkg/service/crio.go +++ /dev/null @@ -1,222 +0,0 @@ -package service - -import ( - "fmt" - "io/ioutil" - - "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/service/conditions" - "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" -) - -const crioConf = ` -# The "crio" table contains all of the server options. -[crio] - -# root is a path to the "root directory". CRIO stores all of its data, -# including container images, in this directory. -root = "/var/lib/containers/storage" - -# run is a path to the "run directory". CRIO stores all of its state -# in this directory. -runroot = "/var/run/containers/storage" - -# storage_driver select which storage driver is used to manage storage -# of images and containers. -storage_driver = "overlay" - -# storage_option is used to pass an option to the storage driver. -storage_option = [ -] - -# The "crio.api" table contains settings for the kubelet/gRPC interface. -[crio.api] - -# listen is the path to the AF_LOCAL socket on which crio will listen. -listen = "/var/run/crio/crio.sock" - -# stream_address is the IP address on which the stream server will listen -stream_address = "" - -# stream_port is the port on which the stream server will listen -stream_port = "10010" - -# file_locking is whether file-based locking will be used instead of -# in-memory locking -file_locking = true - -# The "crio.runtime" table contains settings pertaining to the OCI -# runtime used and options for how to set up and manage the OCI runtime. -[crio.runtime] - -# runtime is the OCI compatible runtime used for trusted container workloads. -# This is a mandatory setting as this runtime will be the default one -# and will also be used for untrusted container workloads if -# runtime_untrusted_workload is not set. -runtime = "/bin/runc" - -# runtime_untrusted_workload is the OCI compatible runtime used for untrusted -# container workloads. This is an optional setting, except if -# default_container_trust is set to "untrusted". -runtime_untrusted_workload = "" - -# default_workload_trust is the default level of trust crio puts in container -# workloads. It can either be "trusted" or "untrusted", and the default -# is "trusted". -# Containers can be run through different container runtimes, depending on -# the trust hints we receive from kubelet: -# - If kubelet tags a container workload as untrusted, crio will try first to -# run it through the untrusted container workload runtime. If it is not set, -# crio will use the trusted runtime. -# - If kubelet does not provide any information about the container workload trust -# level, the selected runtime will depend on the default_container_trust setting. -# If it is set to "untrusted", then all containers except for the host privileged -# ones, will be run by the runtime_untrusted_workload runtime. Host privileged -# containers are by definition trusted and will always use the trusted container -# runtime. If default_container_trust is set to "trusted", crio will use the trusted -# container runtime for all containers. -default_workload_trust = "trusted" - -# no_pivot instructs the runtime to not use pivot_root, but instead use MS_MOVE -no_pivot = false - -# conmon is the path to conmon binary, used for managing the runtime. -conmon = "/usr/local/libexec/crio/conmon" - -# conmon_env is the environment variable list for conmon process, -# used for passing necessary environment variable to conmon or runtime. -conmon_env = [ - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", -] - -# selinux indicates whether or not SELinux will be used for pod -# separation on the host. If you enable this flag, SELinux must be running -# on the host. -selinux = false - -# seccomp_profile is the seccomp json profile path which is used as the -# default for the runtime. -seccomp_profile = "/etc/crio/seccomp.json" - -# apparmor_profile is the apparmor profile name which is used as the -# default for the runtime. -apparmor_profile = "crio-default" - -# cgroup_manager is the cgroup management implementation to be used -# for the runtime. -cgroup_manager = "cgroupfs" - -# hooks_dir_path is the oci hooks directory for automatically executed hooks -hooks_dir_path = "/var/containers/oci/hooks.d" - -# default_mounts is the mounts list to be mounted for the container when created -default_mounts = [ -] - -# pids_limit is the number of processes allowed in a container -pids_limit = 1024 - -# enable using a shared PID namespace for containers in a pod -enable_shared_pid_namespace = false - -# log_size_max is the max limit for the container log size in bytes. -# Negative values indicate that no limit is imposed. -log_size_max = 1000000 - -# The "crio.image" table contains settings pertaining to the -# management of OCI images. -[crio.image] - -# default_transport is the prefix we try prepending to an image name if the -# image name as we receive it can't be parsed as a valid source reference -default_transport = "docker://" - -# pause_image is the image which we use to instantiate infra containers. -pause_image = "kubernetes/pause" - -# pause_command is the command to run in a pause_image to have a container just -# sit there. If the image contains the necessary information, this value need -# not be specified. -pause_command = "/pause" - -# signature_policy is the name of the file which decides what sort of policy we -# use when deciding whether or not to trust an image that we've pulled. -# Outside of testing situations, it is strongly advised that this be left -# unspecified so that the default system-wide policy will be used. -signature_policy = "" - -# image_volumes controls how image volumes are handled. -# The valid values are mkdir and ignore. -image_volumes = "mkdir" - -# insecure_registries is used to skip TLS verification when pulling images. -insecure_registries = [ -] - -# registries is used to specify a comma separated list of registries to be used -# when pulling an unqualified image (e.g. fedora:rawhide). -registries = [ - "docker.io", -] - -# The "crio.network" table contains settings pertaining to the -# management of CNI plugins. -[crio.network] - -# network_dir is is where CNI network configuration -# files are stored. -network_dir = "/etc/cni/net.d/" - -# plugin_dir is is where CNI plugin binaries are stored. -plugin_dir = "/opt/cni/bin/" -` - -const crioPolicy = ` -{ - "default": [ - { - "type": "insecureAcceptAnything" - } - ] -} -` - -// CRIO implements the Service interface. It serves as the concrete type with -// the required methods. -type CRIO struct{} - -// Pre implements the Service interface. -func (p *CRIO) Pre(data userdata.UserData) error { - if err := ioutil.WriteFile("/etc/crio/crio.conf", []byte(crioConf), 0644); err != nil { - return fmt.Errorf("write crio.conf: %s", err.Error()) - } - if err := ioutil.WriteFile("/etc/containers/policy.json", []byte(crioPolicy), 0644); err != nil { - return fmt.Errorf("write policy.json: %s", err.Error()) - } - - return nil -} - -// Post implements the Service interface. -func (p *CRIO) Post(data userdata.UserData) (err error) { - return nil -} - -// Cmd implements the Service interface. -func (p *CRIO) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { - cmdArgs.Name = "crio" - cmdArgs.Path = "/bin/crio" - cmdArgs.Args = []string{} - - return nil -} - -// Condition implements the Service interface. -func (p *CRIO) Condition(data userdata.UserData) func() (bool, error) { - return conditions.None() -} - -// Env implements the Service interface. -func (p *CRIO) Env() []string { return []string{} } - -// Type implements the Service interface. -func (p *CRIO) Type() Type { return Forever } diff --git a/src/initramfs/cmd/init/pkg/service/docker.go b/src/initramfs/cmd/init/pkg/service/docker.go deleted file mode 100644 index 9233fa71df..0000000000 --- a/src/initramfs/cmd/init/pkg/service/docker.go +++ /dev/null @@ -1,51 +0,0 @@ -package service - -import ( - "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/service/conditions" - "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" -) - -// Docker implements the Service interface. It serves as the concrete type with -// the required methods. -type Docker struct{} - -// Pre implements the Service interface. -func (p *Docker) Pre(data userdata.UserData) error { - return nil -} - -// Post implements the Service interface. -func (p *Docker) Post(data userdata.UserData) (err error) { - return nil -} - -// Cmd implements the Service interface. -func (p *Docker) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { - cmdArgs.Name = "docker" - cmdArgs.Path = "/bin/dockerd" - cmdArgs.Args = []string{ - "--live-restore", - "--iptables=false", - "--ip-masq=false", - "--storage-driver=overlay2", - "--selinux-enabled=false", - "--exec-opt=native.cgroupdriver=cgroupfs", - "--log-opt=max-size=10m", - "--log-opt=max-file=3", - } - - return nil -} - -// Condition implements the Service interface. -func (p *Docker) Condition(data userdata.UserData) func() (bool, error) { - return conditions.None() -} - -// Env implements the Service interface. -func (p *Docker) Env() []string { - return []string{"DOCKER_NOFILE=1000000"} -} - -// Type implements the Service interface. -func (p *Docker) Type() Type { return Forever } diff --git a/src/initramfs/cmd/init/pkg/service/kubelet.go b/src/initramfs/cmd/init/pkg/service/kubelet.go deleted file mode 100644 index c486623368..0000000000 --- a/src/initramfs/cmd/init/pkg/service/kubelet.go +++ /dev/null @@ -1,112 +0,0 @@ -package service - -import ( - "fmt" - "io/ioutil" - "os" - "strings" - - "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants" - "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/service/conditions" - "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" -) - -// Kubelet implements the Service interface. It serves as the concrete type with -// the required methods. -type Kubelet struct{} - -// Pre implements the Service interface. -func (p *Kubelet) Pre(data userdata.UserData) error { - if err := os.Mkdir("/run/flannel", os.ModeDir); err != nil { - return fmt.Errorf("create /run/flannel: %s", err.Error()) - } - if err := os.MkdirAll("/etc/cni/net.d", os.ModeDir); err != nil { - return fmt.Errorf("create /etc/cni/net.d: %s", err.Error()) - } - if err := os.MkdirAll("/etc/kubernetes/manifests", os.ModeDir); err != nil { - return fmt.Errorf("create /etc/kubernetes/manifests: %s", err.Error()) - } - if err := os.MkdirAll("/var/lib/kubelet", os.ModeDir); err != nil { - return fmt.Errorf("create /var/lib/kubelet: %s", err.Error()) - } - - return nil -} - -// Post implements the Service interface. -func (p *Kubelet) Post(data userdata.UserData) (err error) { - return nil -} - -// Cmd implements the Service interface. -func (p *Kubelet) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { - cmdArgs.Name = "kubelet" - cmdArgs.Path = "/bin/docker" - cmdArgs.Args = []string{ - "run", - "--volume=/dev:/dev:shared", - "--volume=/sys:/sys:ro", - "--volume=/sys/fs/cgroup:/sys/fs/cgroup:rw", - "--volume=/var/run:/var/run:rw", - "--volume=/run:/run:rw", - "--volume=/var/lib/docker:/var/lib/docker:rw", - "--volume=/var/lib/kubelet:/var/lib/kubelet:rshared", - "--volume=/var/log:/var/log", - "--volume=/etc/cni:/etc/cni:ro", - "--volume=/etc/kubernetes:/etc/kubernetes:shared", - "--volume=/etc/os-release:/etc/os-release:ro", - "--volume=/etc/ssl/certs:/etc/ssl/certs:ro", - "--volume=/lib/modules:/lib/modules:ro", - "--volume=/var/libexec/kubernetes:/usr/libexec/kubernetes:shared", - "--rm", - "--net=host", - "--pid=host", - "--privileged", - "--name=kubelet", - "gcr.io/google_containers/hyperkube:v1.11.2", - "/hyperkube", - "kubelet", - } - - kubeletArgs := []string{ - "--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf", - "--kubeconfig=/etc/kubernetes/kubelet.conf", - "--config=/var/lib/kubelet/config.yaml", - } - - fileBytes, err := ioutil.ReadFile("/var/lib/kubelet/kubeadm-flags.env") - if err != nil { - return err - } - argsString := strings.TrimPrefix(string(fileBytes), "KUBELET_KUBEADM_ARGS=") - argsString = strings.TrimSuffix(argsString, "\n") - kubeletArgs = append(kubeletArgs, strings.Split(argsString, " ")...) - - cmdArgs.Args = append(cmdArgs.Args, kubeletArgs...) - - switch data.Services.Kubeadm.ContainerRuntime { - case constants.ContainerRuntimeCRIO: - cmdArgs.Args = append(cmdArgs.Args, "--container-runtime=remote", "--container-runtime-endpoint=unix:///var/run/crio/crio.sock") - default: - } - - return nil -} - -// Condition implements the Service interface. -func (p *Kubelet) Condition(data userdata.UserData) func() (bool, error) { - switch data.Services.Kubeadm.ContainerRuntime { - case constants.ContainerRuntimeDocker: - return conditions.WaitForFileExists("/var/lib/kubelet/kubeadm-flags.env") - case constants.ContainerRuntimeCRIO: - return conditions.WaitForFilesToExist("/var/lib/kubelet/kubeadm-flags.env", "/etc/containers/policy.json") - default: - return conditions.None() - } -} - -// Env implements the Service interface. -func (p *Kubelet) Env() []string { return []string{} } - -// Type implements the Service interface. -func (p *Kubelet) Type() Type { return Forever } diff --git a/src/initramfs/cmd/init/pkg/service/osd.go b/src/initramfs/cmd/init/pkg/service/osd.go deleted file mode 100644 index e43e9a55ff..0000000000 --- a/src/initramfs/cmd/init/pkg/service/osd.go +++ /dev/null @@ -1,49 +0,0 @@ -// nolint: dupl,golint -package service - -import ( - "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants" - "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/service/conditions" - "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" -) - -// OSD implements the Service interface. It serves as the concrete type with -// the required methods. -type OSD struct{} - -// Pre implements the Service interface. -func (p *OSD) Pre(data userdata.UserData) error { - return nil -} - -// Post implements the Service interface. -func (p *OSD) Post(data userdata.UserData) (err error) { - return nil -} - -// Cmd implements the Service interface. -func (p *OSD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { - cmdArgs.Name = "osd" - cmdArgs.Path = "/bin/osd" - cmdArgs.Args = []string{ - "--port=50000", - "--userdata=" + constants.UserDataPath, - } - - if data.Services.Kubeadm.Init == nil { - cmdArgs.Args = append(cmdArgs.Args, "--generate=true") - } - - return nil -} - -// Condition implements the Service interface. -func (p *OSD) Condition(data userdata.UserData) func() (bool, error) { - return conditions.None() -} - -// Env implements the Service interface. -func (p *OSD) Env() []string { return []string{} } - -// Type implements the Service interface. -func (p *OSD) Type() Type { return Forever } diff --git a/src/initramfs/cmd/init/pkg/service/proxyd.go b/src/initramfs/cmd/init/pkg/service/proxyd.go deleted file mode 100644 index ff187e2159..0000000000 --- a/src/initramfs/cmd/init/pkg/service/proxyd.go +++ /dev/null @@ -1,41 +0,0 @@ -// nolint: dupl,golint -package service - -import ( - "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/service/conditions" - "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" -) - -// Proxyd implements the Service interface. It serves as the concrete type with -// the required methods. -type Proxyd struct{} - -// Pre implements the Service interface. -func (p *Proxyd) Pre(data userdata.UserData) error { - return nil -} - -// Post implements the Service interface. -func (p *Proxyd) Post(data userdata.UserData) (err error) { - return nil -} - -// Cmd implements the Service interface. -func (p *Proxyd) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { - cmdArgs.Name = "proxyd" - cmdArgs.Path = "/bin/proxyd" - cmdArgs.Args = []string{} - - return nil -} - -// Condition implements the Service interface. -func (p *Proxyd) Condition(data userdata.UserData) func() (bool, error) { - return conditions.WaitForFileExists("/etc/kubernetes/admin.conf") -} - -// Env implements the Service interface. -func (p *Proxyd) Env() []string { return []string{} } - -// Type implements the Service interface. -func (p *Proxyd) Type() Type { return Forever } diff --git a/src/initramfs/cmd/init/pkg/service/rotd.go b/src/initramfs/cmd/init/pkg/service/rotd.go deleted file mode 100644 index cbf6d3dc45..0000000000 --- a/src/initramfs/cmd/init/pkg/service/rotd.go +++ /dev/null @@ -1,45 +0,0 @@ -// nolint: dupl,golint -package service - -import ( - "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants" - "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/service/conditions" - "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" -) - -// Trustd implements the Service interface. It serves as the concrete type with -// the required methods. -type Trustd struct{} - -// Pre implements the Service interface. -func (p *Trustd) Pre(data userdata.UserData) error { - return nil -} - -// Post implements the Service interface. -func (p *Trustd) Post(data userdata.UserData) (err error) { - return nil -} - -// Cmd implements the Service interface. -func (p *Trustd) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { - cmdArgs.Name = "trustd" - cmdArgs.Path = "/bin/trustd" - cmdArgs.Args = []string{ - "--port=50001", - "--userdata=" + constants.UserDataPath, - } - - return nil -} - -// Condition implements the Service interface. -func (p *Trustd) Condition(data userdata.UserData) func() (bool, error) { - return conditions.None() -} - -// Env implements the Service interface. -func (p *Trustd) Env() []string { return []string{} } - -// Type implements the Service interface. -func (p *Trustd) Type() Type { return Forever } diff --git a/src/initramfs/cmd/init/pkg/service/service.go b/src/initramfs/cmd/init/pkg/service/service.go deleted file mode 100644 index e043dddaf4..0000000000 --- a/src/initramfs/cmd/init/pkg/service/service.go +++ /dev/null @@ -1,170 +0,0 @@ -package service - -import ( - "fmt" - "io" - "log" - "os" - "os/exec" - "time" - - "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants" - servicelog "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/service/log" - "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" -) - -// Type represents the service's restart policy. -type Type int - -const ( - // Forever will always restart a process. - Forever Type = iota - // Once will restart the process only if it did not exit successfully. - Once -) - -// Service is an interface describing a process that is to be run as a system -// level service. -type Service interface { - // Pre is invoked before a command is executed. It is useful for things like - // preparing files that the process might depend on. - Pre(userdata.UserData) error - // Post is invoked after a command is executed. - Post(userdata.UserData) error - // Cmd describes the path to the binary, and the set of arguments to be - // passed into it upon execution. - Cmd(userdata.UserData, *CmdArgs) error - // Condition is invoked just before starting the process. - Condition(userdata.UserData) func() (bool, error) - // Env describes the service's environment variables. Elements should be in - // the format - Env() []string - // Type describes the service's restart policy. - Type() Type -} - -// Manager is a type with helper methods that build a service and invoke the set -// of methods defined in the Service interface. -type Manager struct { - UserData userdata.UserData -} - -// CmdArgs represent the options available to services specific to the -// configuration of their cmd. -type CmdArgs struct { - Path string - Name string - Args []string -} - -func (m *Manager) build(proc Service) (cmd *exec.Cmd, err error) { - cmdArgs := &CmdArgs{} - // Build the exec.Cmd - if err = proc.Cmd(m.UserData, cmdArgs); err != nil { - err = fmt.Errorf("new command: %v", err) - return - } - cmd = exec.Command(cmdArgs.Path, cmdArgs.Args...) - - // Set the environment for the service. - cmd.Env = append(proc.Env(), fmt.Sprintf("PATH=%s", constants.PATH)) - - // Setup logging. - w, err := servicelog.New(cmdArgs.Name) - if err != nil { - err = fmt.Errorf("service log handler: %v", err) - return - } - var writer io.Writer - if m.UserData.Debug { - writer = io.MultiWriter(w, os.Stdout) - } else { - writer = w - } - cmd.Stdout = writer - cmd.Stderr = writer - - return cmd, nil -} - -// Start will invoke the service's Pre, Condition, and Type funcs. If the any -// error occurs in the Pre or Condition invocations, it is up to the caller to -// to restart the service. -func (m *Manager) Start(proc Service) { - go func(proc Service) { - err := proc.Pre(m.UserData) - if err != nil { - log.Printf("pre: %v", err) - } - satisfied, err := proc.Condition(m.UserData)() - if err != nil { - log.Printf("condition: %v", err) - } - if !satisfied { - log.Printf("condition not satisfied") - return - } - // Wait for the command to exit. Then, based on the service Type, take - // the requested action. - switch proc.Type() { - case Forever: - if err := m.waitAndRestart(proc); err != nil { - log.Printf("run: %v", err) - } - case Once: - if err := m.waitForSuccess(proc); err != nil { - log.Printf("run: %v", err) - } - } - }(proc) -} - -func (m *Manager) waitAndRestart(proc Service) (err error) { - cmd, err := m.build(proc) - if err != nil { - log.Printf("%v", err) - time.Sleep(5 * time.Second) - return m.waitAndRestart(proc) - } - if err = cmd.Start(); err != nil { - log.Printf("%v", err) - time.Sleep(5 * time.Second) - return m.waitAndRestart(proc) - } - state, err := cmd.Process.Wait() - if err != nil { - log.Printf("%v", err) - time.Sleep(5 * time.Second) - return m.waitAndRestart(proc) - } - if state.Exited() { - time.Sleep(5 * time.Second) - return m.waitAndRestart(proc) - } - - return nil -} - -func (m *Manager) waitForSuccess(proc Service) (err error) { - cmd, err := m.build(proc) - if err != nil { - return - } - if err = cmd.Start(); err != nil { - return - } - state, err := cmd.Process.Wait() - if err != nil { - return - } - if !state.Success() { - time.Sleep(5 * time.Second) - return m.waitForSuccess(proc) - } - - if err = proc.Post(m.UserData); err != nil { - return - } - - return nil -} diff --git a/src/initramfs/cmd/init/pkg/service/conditions/conditions.go b/src/initramfs/cmd/init/pkg/system/conditions/conditions.go similarity index 62% rename from src/initramfs/cmd/init/pkg/service/conditions/conditions.go rename to src/initramfs/cmd/init/pkg/system/conditions/conditions.go index 36f49ecd1f..daf37647c4 100644 --- a/src/initramfs/cmd/init/pkg/service/conditions/conditions.go +++ b/src/initramfs/cmd/init/pkg/system/conditions/conditions.go @@ -5,8 +5,11 @@ import ( "time" ) +// ConditionFunc is the signature that all condition funcs must have. +type ConditionFunc = func() (bool, error) + // None is a service condition that has no conditions. -func None() func() (bool, error) { +func None() ConditionFunc { return func() (bool, error) { return true, nil } @@ -14,7 +17,7 @@ func None() func() (bool, error) { // FileExists is a service condition that checks for the existence of a file // once and only once. -func FileExists(file string) func() (bool, error) { +func FileExists(file string) ConditionFunc { return func() (bool, error) { _, err := os.Stat(file) if err != nil { @@ -29,9 +32,9 @@ func FileExists(file string) func() (bool, error) { } } -// WaitForFileExists is a service condition that will wait for the existence of +// WaitForFileToExist is a service condition that will wait for the existence of // a file. -func WaitForFileExists(file string) func() (bool, error) { +func WaitForFileToExist(file string) ConditionFunc { return func() (bool, error) { for { exists, err := FileExists(file)() @@ -49,16 +52,21 @@ func WaitForFileExists(file string) func() (bool, error) { // WaitForFilesToExist is a service condition that will wait for the existence a // set of files. -func WaitForFilesToExist(files ...string) func() (bool, error) { - return func() (exist bool, err error) { +func WaitForFilesToExist(files ...string) ConditionFunc { + return func() (exists bool, err error) { + L: for { for _, f := range files { - exist, err = FileExists(f)() + exists, err = FileExists(f)() if err != nil { return false, err } + if !exists { + time.Sleep(1 * time.Second) + continue L + } } - if exist { + if exists { return true, nil } time.Sleep(1 * time.Second) diff --git a/src/initramfs/cmd/init/pkg/system/runner/containerd/containerd.go b/src/initramfs/cmd/init/pkg/system/runner/containerd/containerd.go new file mode 100644 index 0000000000..99ec17ad09 --- /dev/null +++ b/src/initramfs/cmd/init/pkg/system/runner/containerd/containerd.go @@ -0,0 +1,150 @@ +package containerd + +import ( + "context" + "fmt" + + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/conditions" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner" + "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" + "github.com/containerd/containerd" + "github.com/containerd/containerd/cio" + "github.com/containerd/containerd/containers" + "github.com/containerd/containerd/namespaces" + "github.com/containerd/containerd/oci" + "github.com/containerd/containerd/runtime/restart" + specs "github.com/opencontainers/runtime-spec/specs-go" +) + +// Containerd represents a service to be run in a container. +type Containerd struct{} + +// WithMemoryLimit sets the linux resource memory limit field. +func WithMemoryLimit(limit int64) oci.SpecOpts { + return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error { + s.Linux.Resources.Memory = &specs.LinuxMemory{ + Limit: &limit, + // DisableOOMKiller: &disable, + } + return nil + } +} + +// WithRootfsPropagation sets the root filesystem propagation. +func WithRootfsPropagation(rp string) oci.SpecOpts { + return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error { + s.Linux.RootfsPropagation = rp + return nil + } +} + +// Run implements the Runner interface. +// nolint: gocyclo +func (c *Containerd) Run(data *userdata.UserData, args runner.Args, setters ...runner.Option) error { + // Wait for the containerd socket. + + _, err := conditions.WaitForFileToExist(constants.ContainerdSocket)() + if err != nil { + return err + } + + // Create the default runner options. + + opts := runner.DefaultOptions() + for _, setter := range setters { + setter(opts) + } + + // Create the containerd client. + + ctx := namespaces.WithNamespace(context.Background(), "system") + client, err := containerd.New(constants.ContainerdSocket) + if err != nil { + return err + } + defer client.Close() + + // Pull the image and unpack it. + + image, err := client.Pull(ctx, opts.ContainerImage, containerd.WithPullUnpack) + if err != nil { + return fmt.Errorf("failed to pull image %q: %v", opts.ContainerImage, err) + } + + // Create the container. + + specOpts := newOCISpecOpts(image, args, opts) + containerOpts := newContainerOpts(image, args, opts, specOpts) + container, err := client.NewContainer( + ctx, + args.ID, + containerOpts..., + ) + if err != nil { + return fmt.Errorf("failed to create container %q: %v", args.ID, err) + } + + // Create the task and start it. + + task, err := container.NewTask(ctx, cio.LogFile(logPath(args))) + if err != nil { + return fmt.Errorf("failed to create task: %q: %v", args.ID, err) + } + if err := task.Start(ctx); err != nil { + return fmt.Errorf("failed to start task: %q: %v", args.ID, err) + } + + // Wait for the task exit code. + + if opts.Type == runner.Once { + defer container.Delete(ctx, containerd.WithSnapshotCleanup) // nolint: errcheck + defer task.Delete(ctx) // nolint: errcheck + statusC, err := task.Wait(ctx) + if err != nil { + return fmt.Errorf("failed waiting for task: %q: %v", args.ID, err) + } + status := <-statusC + code := status.ExitCode() + if code != 0 { + return fmt.Errorf("task %q failed: exit code %d", args.ID, code) + } + } + + return nil +} + +func newContainerOpts(image containerd.Image, args runner.Args, opts *runner.Options, specOpts []oci.SpecOpts) []containerd.NewContainerOpts { + containerOpts := []containerd.NewContainerOpts{ + containerd.WithImage(image), + containerd.WithNewSnapshot(args.ID, image), + containerd.WithNewSpec(specOpts...), + } + switch opts.Type { + case runner.Forever: + containerOpts = append(containerOpts, restart.WithStatus(containerd.Running), restart.WithLogPath(logPath(args))) + } + containerOpts = append(containerOpts, opts.ContainerOpts...) + + return containerOpts +} + +func newOCISpecOpts(image containerd.Image, args runner.Args, opts *runner.Options) []oci.SpecOpts { + specOpts := []oci.SpecOpts{ + oci.WithImageConfig(image), + oci.WithProcessArgs(args.ProcessArgs...), + oci.WithEnv(opts.Env), + oci.WithHostNamespace(specs.NetworkNamespace), + oci.WithHostNamespace(specs.PIDNamespace), + oci.WithHostHostsFile, + oci.WithHostResolvconf, + oci.WithPrivileged, + } + specOpts = append(specOpts, opts.OCISpecOpts...) + + return specOpts +} + +func logPath(args runner.Args) string { + return "/var/log/" + args.ID + ".log" +} diff --git a/src/initramfs/cmd/init/pkg/service/log/log.go b/src/initramfs/cmd/init/pkg/system/runner/process/log/log.go similarity index 97% rename from src/initramfs/cmd/init/pkg/service/log/log.go rename to src/initramfs/cmd/init/pkg/system/runner/process/log/log.go index d798aa1db1..e064240a05 100644 --- a/src/initramfs/cmd/init/pkg/service/log/log.go +++ b/src/initramfs/cmd/init/pkg/system/runner/process/log/log.go @@ -63,5 +63,5 @@ func (l *Log) Read(ctx context.Context) <-chan []byte { // FormatLogPath formats the path the log file. func FormatLogPath(p string) string { - return path.Join("/var/log", p) + return path.Join("/var/log", p+".log") } diff --git a/src/initramfs/cmd/init/pkg/system/runner/process/process.go b/src/initramfs/cmd/init/pkg/system/runner/process/process.go new file mode 100644 index 0000000000..f3f0a868ed --- /dev/null +++ b/src/initramfs/cmd/init/pkg/system/runner/process/process.go @@ -0,0 +1,109 @@ +package process + +import ( + "fmt" + "io" + "log" + "os" + "os/exec" + "time" + + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner" + processlogger "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner/process/log" + "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" +) + +// Process is a runner.Runner that runs a process on the host. +type Process struct{} + +// Run implements the Runner interface. +func (p *Process) Run(data *userdata.UserData, args *runner.Args, setters ...runner.Option) error { + opts := runner.DefaultOptions() + for _, setter := range setters { + setter(opts) + } + + switch opts.Type { + case runner.Forever: + if err := p.waitAndRestart(data, args, opts); err != nil { + return err + } + case runner.Once: + if err := p.waitForSuccess(data, args, opts); err != nil { + return err + } + } + + return nil +} + +func (p *Process) build(data *userdata.UserData, args *runner.Args, opts *runner.Options) (cmd *exec.Cmd, err error) { + cmd = exec.Command(args.ProcessArgs[0], args.ProcessArgs[1:]...) + + // Set the environment for the service. + cmd.Env = append(opts.Env, fmt.Sprintf("PATH=%s", constants.PATH)) + + // Setup logging. + w, err := processlogger.New(args.ID) + if err != nil { + err = fmt.Errorf("service log handler: %v", err) + return + } + var writer io.Writer + if data.Debug { + writer = io.MultiWriter(w, os.Stdout) + } else { + writer = w + } + cmd.Stdout = writer + cmd.Stderr = writer + + return cmd, nil +} + +func (p *Process) waitAndRestart(data *userdata.UserData, args *runner.Args, opts *runner.Options) (err error) { + cmd, err := p.build(data, args, opts) + if err != nil { + log.Printf("%v", err) + time.Sleep(5 * time.Second) + return p.waitAndRestart(data, args, opts) + } + if err = cmd.Start(); err != nil { + log.Printf("%v", err) + time.Sleep(5 * time.Second) + return p.waitAndRestart(data, args, opts) + } + state, err := cmd.Process.Wait() + if err != nil { + log.Printf("%v", err) + time.Sleep(5 * time.Second) + return p.waitAndRestart(data, args, opts) + } + if state.Exited() { + time.Sleep(5 * time.Second) + return p.waitAndRestart(data, args, opts) + } + + return nil +} + +func (p *Process) waitForSuccess(data *userdata.UserData, args *runner.Args, opts *runner.Options) (err error) { + cmd, err := p.build(data, args, opts) + if err != nil { + return + } + if err = cmd.Start(); err != nil { + return + } + state, err := cmd.Process.Wait() + if err != nil { + return + } + if !state.Success() { + time.Sleep(5 * time.Second) + return p.waitForSuccess(data, args, opts) + } + + return nil +} diff --git a/src/initramfs/cmd/init/pkg/system/runner/runner.go b/src/initramfs/cmd/init/pkg/system/runner/runner.go new file mode 100644 index 0000000000..58b87a8b12 --- /dev/null +++ b/src/initramfs/cmd/init/pkg/system/runner/runner.go @@ -0,0 +1,89 @@ +package runner + +import ( + "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" + "github.com/containerd/containerd" + "github.com/containerd/containerd/oci" +) + +// Runner describes the requirements for running a process. +type Runner interface { + Run(*userdata.UserData, *Args, ...Option) +} + +// Args represents the required options for services. +type Args struct { + ID string + ProcessArgs []string +} + +// Options is the functional options struct. +type Options struct { + // Env describes the service's environment variables. Elements should be in + // the format + Env []string + // ContainerOpts describes the container options. + ContainerOpts []containerd.NewContainerOpts + // OCISpecOpts describes the OCI spec options. + OCISpecOpts []oci.SpecOpts + // ContainerImage is the container's image. + ContainerImage string + // Type describes the service's restart policy. + Type Type +} + +// Option is the functional option func. +type Option func(*Options) + +// Type represents the service's restart policy. +type Type int + +const ( + // Forever will always restart a process. + Forever Type = iota + // Once will restart the process only if it did not exit successfully. + Once +) + +// DefaultOptions describes the default options to a runner. +func DefaultOptions() *Options { + return &Options{ + Env: []string{}, + Type: Forever, + } +} + +// WithType sets the type of a service. +func WithType(o Type) Option { + return func(args *Options) { + args.Type = o + } +} + +// WithEnv sets the environment variables of a service. +func WithEnv(o []string) Option { + return func(args *Options) { + args.Env = o + } +} + +// WithContainerImage sets the image ref. +func WithContainerImage(o string) Option { + return func(args *Options) { + args.ContainerImage = o + } +} + +// WithContainerOpts sets the containerd container options. +func WithContainerOpts(o ...containerd.NewContainerOpts) Option { + return func(args *Options) { + args.ContainerOpts = o + } +} + +// WithOCISpecOpts sets the OCI spec options. +func WithOCISpecOpts(o ...oci.SpecOpts) Option { + return func(args *Options) { + args.OCISpecOpts = o + } +} diff --git a/src/initramfs/cmd/init/pkg/system/services/containerd.go b/src/initramfs/cmd/init/pkg/system/services/containerd.go new file mode 100644 index 0000000000..2d1d3912d4 --- /dev/null +++ b/src/initramfs/cmd/init/pkg/system/services/containerd.go @@ -0,0 +1,50 @@ +package services + +import ( + "os" + + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/conditions" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner/process" + "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" +) + +// Containerd implements the Service interface. It serves as the concrete type with +// the required methods. +type Containerd struct{} + +// ID implements the Service interface. +func (c *Containerd) ID(data *userdata.UserData) string { + return "containerd" +} + +// PreFunc implements the Service interface. +func (c *Containerd) PreFunc(data *userdata.UserData) error { + return os.MkdirAll("/var/lib/containerd", os.ModeDir) +} + +// PostFunc implements the Service interface. +func (c *Containerd) PostFunc(data *userdata.UserData) (err error) { + return nil +} + +// ConditionFunc implements the Service interface. +func (c *Containerd) ConditionFunc(data *userdata.UserData) conditions.ConditionFunc { + return conditions.None() +} + +// Start implements the Service interface. +func (c *Containerd) Start(data *userdata.UserData) error { + // Set the process arguments. + args := &runner.Args{ + ID: c.ID(data), + ProcessArgs: []string{"/bin/containerd"}, + } + + r := process.Process{} + + return r.Run( + data, + args, + ) +} diff --git a/src/initramfs/cmd/init/pkg/system/services/crt.go b/src/initramfs/cmd/init/pkg/system/services/crt.go new file mode 100644 index 0000000000..13dbe3c521 --- /dev/null +++ b/src/initramfs/cmd/init/pkg/system/services/crt.go @@ -0,0 +1,929 @@ +package services + +import ( + "fmt" + "io/ioutil" + "os" + + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/conditions" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner/containerd" + "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" + "github.com/containerd/containerd/oci" + specs "github.com/opencontainers/runtime-spec/specs-go" +) + +// CRT implements the Service interface. It serves as the concrete type with the +// required methods. +type CRT struct{} + +const crioPolicy = `{ + "default": [ + { + "type": "insecureAcceptAnything" + } + ] +} +` + +// ID implements the Service interface. +func (c *CRT) ID(data *userdata.UserData) string { + switch data.Services.Kubeadm.ContainerRuntime { + case constants.ContainerRuntimeDocker: + return "docker" + case constants.ContainerRuntimeCRIO: + return "crio" + default: + return "unknown" + } +} + +// PreFunc implements the Service interface. +func (c *CRT) PreFunc(data *userdata.UserData) error { + switch data.Services.Kubeadm.ContainerRuntime { + case constants.ContainerRuntimeDocker: + if err := os.MkdirAll("/var/lib/docker", os.ModeDir); err != nil { + return fmt.Errorf("failed to create directory /var/lib/docker: %v", err) + } + case constants.ContainerRuntimeCRIO: + if err := os.MkdirAll("/var/run/crio", os.ModeDir); err != nil { + return fmt.Errorf("failed to create directory /var/run/crio: %v", err) + } + if err := os.MkdirAll("/var/lib/containers", os.ModeDir); err != nil { + return fmt.Errorf("failed to create directory /var/lib/containers: %v", err) + } + if err := os.MkdirAll("/var/etc/crio", os.ModeDir); err != nil { + return fmt.Errorf("failed to create directory /var/etc/crio: %v", err) + } + if err := os.MkdirAll("/var/etc/containers", os.ModeDir); err != nil { + return fmt.Errorf("failed to create directory /var/etc/containers: %v", err) + } + if err := ioutil.WriteFile("/var/etc/containers/policy.json", []byte(crioPolicy), 0644); err != nil { + return fmt.Errorf("failed to write policy.json: %v", err) + } + if err := ioutil.WriteFile("/var/etc/crio/seccomp.json", []byte(seccompProfile), 0644); err != nil { + return fmt.Errorf("failed to write seccomp.json: %v", err) + } + } + + return nil +} + +// PostFunc implements the Service interface. +func (c *CRT) PostFunc(data *userdata.UserData) (err error) { + return nil +} + +// ConditionFunc implements the Service interface. +func (c *CRT) ConditionFunc(data *userdata.UserData) conditions.ConditionFunc { + return conditions.None() +} + +// Start implements the Service interface. nolint: dupl +func (c *CRT) Start(data *userdata.UserData) error { + // Set the image. + var ( + image string + args runner.Args + mounts = []specs.Mount{ + {Type: "cgroup", Destination: "/sys/fs/cgroup", Options: []string{"rbind", "rshared", "rw"}}, + {Type: "bind", Destination: "/lib/modules", Source: "/lib/modules", Options: []string{"bind", "shared", "ro"}}, + {Type: "bind", Destination: "/etc/kubernetes", Source: "/var/etc/kubernetes", Options: []string{"bind", "rw"}}, + {Type: "bind", Destination: "/etc/cni", Source: "/var/etc/cni", Options: []string{"bind", "rw"}}, + {Type: "bind", Destination: "/run", Source: "/run", Options: []string{"rbind", "rshared", "rw"}}, + {Type: "bind", Destination: "/var/lib/kubelet", Source: "/var/lib/kubelet", Options: []string{"rbind", "rshared", "rw"}}, + } + env = []string{} + ) + + switch data.Services.Kubeadm.ContainerRuntime { + case constants.ContainerRuntimeDocker: + image = "docker.io/library/docker:17.03-dind" + args = runner.Args{ + ID: c.ID(data), + ProcessArgs: []string{"dockerd", + "--host=unix://" + constants.ContainerRuntimeDockerSocket, + "--live-restore", + "--iptables=false", + "--ip-masq=false", + "--storage-driver=overlay2", + "--selinux-enabled=false", + "--exec-opt=native.cgroupdriver=cgroupfs", + "--log-opt=max-size=10m", + "--log-opt=max-file=3", + }, + } + dockerMounts := []specs.Mount{ + // Since /var/run is not a symlink to /run in the docker image, we + // must mount /run to /var/run and /run in order to expose the + // docker socket and /run/ (e.g. /run/flannel). + {Type: "bind", Destination: "/var/run", Source: "/run", Options: []string{"rbind", "rshared", "rw"}}, + {Type: "bind", Destination: "/var/lib/docker", Source: "/var/lib/docker", Options: []string{"rbind", "rshared", "rw"}}, + } + mounts = append(mounts, dockerMounts...) + env = []string{"DOCKER_NOFILE=1000000"} + case constants.ContainerRuntimeCRIO: + // TODO(andrewrynhard): We should use + // registry.centos.org/projectatomic/cri-o:latest, but a 403 is returned + // with attempting to pull the image. + image = "docker.io/autonomy/cri-o:latest" + args = runner.Args{ + ID: c.ID(data), + ProcessArgs: []string{ + "crio", + "--conmon=/usr/libexec/crio/conmon", + "--storage-driver=overlay", + "--seccomp-profile=/etc/crio/seccomp.json", + "--registry=docker.io", + }, + } + crioMounts := []specs.Mount{ + {Type: "bind", Destination: "/etc/crio", Source: "/var/etc/crio", Options: []string{"bind", "rw"}}, + {Type: "bind", Destination: "/etc/containers", Source: "/var/etc/containers", Options: []string{"bind", "rw"}}, + {Type: "bind", Destination: "/var/lib/containers", Source: "/var/lib/containers", Options: []string{"rbind", "rshared", "rw"}}, + } + mounts = append(mounts, crioMounts...) + default: + return fmt.Errorf("unknown container runtime %q", data.Services.Kubeadm.ContainerRuntime) + } + + if data.Services.CRT != nil && data.Services.CRT.Image != "" { + image = data.Services.CRT.Image + } + + r := containerd.Containerd{} + + return r.Run( + data, + args, + runner.WithContainerImage(image), + runner.WithOCISpecOpts( + containerd.WithMemoryLimit(int64(1000000*2048)), + containerd.WithRootfsPropagation("slave"), + oci.WithMounts(mounts), + oci.WithHostNamespace(specs.PIDNamespace), + oci.WithParentCgroupDevices, + oci.WithPrivileged, + ), + runner.WithType(runner.Forever), + runner.WithEnv(env), + ) +} + +const seccompProfile = `{ + "defaultAction": "SCMP_ACT_ERRNO", + "archMap": [ + { + "architecture": "SCMP_ARCH_X86_64", + "subArchitectures": [ + "SCMP_ARCH_X86", + "SCMP_ARCH_X32" + ] + }, + { + "architecture": "SCMP_ARCH_AARCH64", + "subArchitectures": [ + "SCMP_ARCH_ARM" + ] + }, + { + "architecture": "SCMP_ARCH_MIPS64", + "subArchitectures": [ + "SCMP_ARCH_MIPS", + "SCMP_ARCH_MIPS64N32" + ] + }, + { + "architecture": "SCMP_ARCH_MIPS64N32", + "subArchitectures": [ + "SCMP_ARCH_MIPS", + "SCMP_ARCH_MIPS64" + ] + }, + { + "architecture": "SCMP_ARCH_MIPSEL64", + "subArchitectures": [ + "SCMP_ARCH_MIPSEL", + "SCMP_ARCH_MIPSEL64N32" + ] + }, + { + "architecture": "SCMP_ARCH_MIPSEL64N32", + "subArchitectures": [ + "SCMP_ARCH_MIPSEL", + "SCMP_ARCH_MIPSEL64" + ] + }, + { + "architecture": "SCMP_ARCH_S390X", + "subArchitectures": [ + "SCMP_ARCH_S390" + ] + } + ], + "syscalls": [ + { + "names": [ + "accept", + "accept4", + "access", + "adjtimex", + "alarm", + "bind", + "brk", + "capget", + "capset", + "chdir", + "chmod", + "chown", + "chown32", + "clock_getres", + "clock_gettime", + "clock_nanosleep", + "close", + "connect", + "copy_file_range", + "creat", + "dup", + "dup2", + "dup3", + "epoll_create", + "epoll_create1", + "epoll_ctl", + "epoll_ctl_old", + "epoll_pwait", + "epoll_wait", + "epoll_wait_old", + "eventfd", + "eventfd2", + "execve", + "execveat", + "exit", + "exit_group", + "faccessat", + "fadvise64", + "fadvise64_64", + "fallocate", + "fanotify_mark", + "fchdir", + "fchmod", + "fchmodat", + "fchown", + "fchown32", + "fchownat", + "fcntl", + "fcntl64", + "fdatasync", + "fgetxattr", + "flistxattr", + "flock", + "fork", + "fremovexattr", + "fsetxattr", + "fstat", + "fstat64", + "fstatat64", + "fstatfs", + "fstatfs64", + "fsync", + "ftruncate", + "ftruncate64", + "futex", + "futimesat", + "getcpu", + "getcwd", + "getdents", + "getdents64", + "getegid", + "getegid32", + "geteuid", + "geteuid32", + "getgid", + "getgid32", + "getgroups", + "getgroups32", + "getitimer", + "getpeername", + "getpgid", + "getpgrp", + "getpid", + "getppid", + "getpriority", + "getrandom", + "getresgid", + "getresgid32", + "getresuid", + "getresuid32", + "getrlimit", + "get_robust_list", + "getrusage", + "getsid", + "getsockname", + "getsockopt", + "get_thread_area", + "gettid", + "gettimeofday", + "getuid", + "getuid32", + "getxattr", + "inotify_add_watch", + "inotify_init", + "inotify_init1", + "inotify_rm_watch", + "io_cancel", + "ioctl", + "io_destroy", + "io_getevents", + "ioprio_get", + "ioprio_set", + "io_setup", + "io_submit", + "ipc", + "kill", + "lchown", + "lchown32", + "lgetxattr", + "link", + "linkat", + "listen", + "listxattr", + "llistxattr", + "_llseek", + "lremovexattr", + "lseek", + "lsetxattr", + "lstat", + "lstat64", + "madvise", + "memfd_create", + "mincore", + "mkdir", + "mkdirat", + "mknod", + "mknodat", + "mlock", + "mlock2", + "mlockall", + "mmap", + "mmap2", + "mprotect", + "mq_getsetattr", + "mq_notify", + "mq_open", + "mq_timedreceive", + "mq_timedsend", + "mq_unlink", + "mremap", + "msgctl", + "msgget", + "msgrcv", + "msgsnd", + "msync", + "munlock", + "munlockall", + "munmap", + "nanosleep", + "newfstatat", + "_newselect", + "open", + "openat", + "pause", + "pipe", + "pipe2", + "poll", + "ppoll", + "prctl", + "pread64", + "preadv", + "preadv2", + "prlimit64", + "pselect6", + "pwrite64", + "pwritev", + "pwritev2", + "read", + "readahead", + "readlink", + "readlinkat", + "readv", + "recv", + "recvfrom", + "recvmmsg", + "recvmsg", + "remap_file_pages", + "removexattr", + "rename", + "renameat", + "renameat2", + "restart_syscall", + "rmdir", + "rt_sigaction", + "rt_sigpending", + "rt_sigprocmask", + "rt_sigqueueinfo", + "rt_sigreturn", + "rt_sigsuspend", + "rt_sigtimedwait", + "rt_tgsigqueueinfo", + "sched_getaffinity", + "sched_getattr", + "sched_getparam", + "sched_get_priority_max", + "sched_get_priority_min", + "sched_getscheduler", + "sched_rr_get_interval", + "sched_setaffinity", + "sched_setattr", + "sched_setparam", + "sched_setscheduler", + "sched_yield", + "seccomp", + "select", + "semctl", + "semget", + "semop", + "semtimedop", + "send", + "sendfile", + "sendfile64", + "sendmmsg", + "sendmsg", + "sendto", + "setfsgid", + "setfsgid32", + "setfsuid", + "setfsuid32", + "setgid", + "setgid32", + "setgroups", + "setgroups32", + "setitimer", + "setpgid", + "setpriority", + "setregid", + "setregid32", + "setresgid", + "setresgid32", + "setresuid", + "setresuid32", + "setreuid", + "setreuid32", + "setrlimit", + "set_robust_list", + "setsid", + "setsockopt", + "set_thread_area", + "set_tid_address", + "setuid", + "setuid32", + "setxattr", + "shmat", + "shmctl", + "shmdt", + "shmget", + "shutdown", + "sigaltstack", + "signalfd", + "signalfd4", + "sigreturn", + "socket", + "socketcall", + "socketpair", + "splice", + "stat", + "stat64", + "statfs", + "statfs64", + "symlink", + "symlinkat", + "sync", + "sync_file_range", + "syncfs", + "sysinfo", + "syslog", + "tee", + "tgkill", + "time", + "timer_create", + "timer_delete", + "timerfd_create", + "timerfd_gettime", + "timerfd_settime", + "timer_getoverrun", + "timer_gettime", + "timer_settime", + "times", + "tkill", + "truncate", + "truncate64", + "ugetrlimit", + "umask", + "uname", + "unlink", + "unlinkat", + "utime", + "utimensat", + "utimes", + "vfork", + "vmsplice", + "wait4", + "waitid", + "waitpid", + "write", + "writev", + "mount", + "umount2", + "reboot", + "name_to_handle_at", + "unshare" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 0, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 8, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 131072, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 131080, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 4294967295, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "sync_file_range2" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "arches": [ + "ppc64le" + ] + }, + "excludes": {} + }, + { + "names": [ + "arm_fadvise64_64", + "arm_sync_file_range", + "sync_file_range2", + "breakpoint", + "cacheflush", + "set_tls" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "arches": [ + "arm", + "arm64" + ] + }, + "excludes": {} + }, + { + "names": [ + "arch_prctl" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "arches": [ + "amd64", + "x32" + ] + }, + "excludes": {} + }, + { + "names": [ + "modify_ldt" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "arches": [ + "amd64", + "x32", + "x86" + ] + }, + "excludes": {} + }, + { + "names": [ + "s390_pci_mmio_read", + "s390_pci_mmio_write", + "s390_runtime_instr" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "arches": [ + "s390", + "s390x" + ] + }, + "excludes": {} + }, + { + "names": [ + "open_by_handle_at" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_DAC_READ_SEARCH" + ] + }, + "excludes": {} + }, + { + "names": [ + "bpf", + "clone", + "fanotify_init", + "lookup_dcookie", + "mount", + "name_to_handle_at", + "perf_event_open", + "quotactl", + "setdomainname", + "sethostname", + "setns", + "umount", + "umount2", + "unshare" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_ADMIN" + ] + }, + "excludes": {} + }, + { + "names": [ + "clone" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 2080505856, + "valueTwo": 0, + "op": "SCMP_CMP_MASKED_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": { + "caps": [ + "CAP_SYS_ADMIN" + ], + "arches": [ + "s390", + "s390x" + ] + } + }, + { + "names": [ + "clone" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 1, + "value": 2080505856, + "valueTwo": 0, + "op": "SCMP_CMP_MASKED_EQ" + } + ], + "comment": "s390 parameter ordering for clone is different", + "includes": { + "arches": [ + "s390", + "s390x" + ] + }, + "excludes": { + "caps": [ + "CAP_SYS_ADMIN" + ] + } + }, + { + "names": [ + "reboot" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_BOOT" + ] + }, + "excludes": {} + }, + { + "names": [ + "chroot" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_CHROOT" + ] + }, + "excludes": {} + }, + { + "names": [ + "delete_module", + "init_module", + "finit_module", + "query_module" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_MODULE" + ] + }, + "excludes": {} + }, + { + "names": [ + "acct" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_PACCT" + ] + }, + "excludes": {} + }, + { + "names": [ + "kcmp", + "process_vm_readv", + "process_vm_writev", + "ptrace" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_PTRACE" + ] + }, + "excludes": {} + }, + { + "names": [ + "iopl", + "ioperm" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_RAWIO" + ] + }, + "excludes": {} + }, + { + "names": [ + "settimeofday", + "stime", + "clock_settime" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_TIME" + ] + }, + "excludes": {} + }, + { + "names": [ + "vhangup" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_TTY_CONFIG" + ] + }, + "excludes": {} + } + ] +} +` diff --git a/src/initramfs/cmd/init/pkg/service/kubeadm.go b/src/initramfs/cmd/init/pkg/system/services/kubeadm.go similarity index 51% rename from src/initramfs/cmd/init/pkg/service/kubeadm.go rename to src/initramfs/cmd/init/pkg/system/services/kubeadm.go index ab231d35f2..f3fc813bf4 100644 --- a/src/initramfs/cmd/init/pkg/service/kubeadm.go +++ b/src/initramfs/cmd/init/pkg/system/services/kubeadm.go @@ -1,4 +1,4 @@ -package service +package services import ( "bytes" @@ -14,25 +14,37 @@ import ( "time" "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants" - "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/service/conditions" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/conditions" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner/containerd" "github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto" "github.com/autonomy/dianemo/src/initramfs/pkg/crypto/x509" "github.com/autonomy/dianemo/src/initramfs/pkg/grpc/middleware/auth/basic" "github.com/autonomy/dianemo/src/initramfs/pkg/net" "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" + "github.com/containerd/containerd/oci" + specs "github.com/opencontainers/runtime-spec/specs-go" "google.golang.org/grpc" kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants" ) const kubeadmSH = `#!/bin/bash -set -eou pipefail +set -eEou pipefail cd /etc/kubernetes +apt-get update -y +apt-get install -y curl + +curl -L https://download.docker.com/linux/static/stable/x86_64/docker-17.03.2-ce.tgz | tar -xz --strip-components=1 -C /bin docker/docker +chmod +x /bin/docker + +trap 'kubeadm reset' ERR + {{- if .Init }} {{- if eq .Init.Type "initial" }} -kubeadm init --config=kubeadm-config.yaml --ignore-preflight-errors=cri --skip-token-print +kubeadm init --config=kubeadm-config.yaml --ignore-preflight-errors=cri,kubeletversion --skip-token-print {{- else if eq .Init.Type "dependent" }} export KUBECONFIG=/etc/kubernetes/admin.conf kubeadm alpha phase certs all --config kubeadm-config.yaml @@ -59,7 +71,7 @@ kubeadm alpha phase mark-master --config kubeadm-config.yaml echo "successfully joined master node {{ .Hostname }}" {{- end }} {{- else }} -kubeadm join --config=kubeadm-config.yaml --ignore-preflight-errors=cri +kubeadm join --config=kubeadm-config.yaml --ignore-preflight-errors=cri,kubeletversion {{- end }} ` @@ -67,8 +79,22 @@ kubeadm join --config=kubeadm-config.yaml --ignore-preflight-errors=cri // the required methods. type Kubeadm struct{} -// Pre implements the Service interface. -func (p *Kubeadm) Pre(data userdata.UserData) (err error) { +// ID implements the Service interface. +func (k *Kubeadm) ID(data *userdata.UserData) string { + return "kubeadm" +} + +// PreFunc implements the Service interface. +func (k *Kubeadm) PreFunc(data *userdata.UserData) (err error) { + contents, err := parse(data) + if err != nil { + return err + } + + if err = ioutil.WriteFile("/run/kubeadm.sh", contents, os.FileMode(0700)); err != nil { + return + } + if data.Services.Kubeadm.Init != nil { if err = writeKubeadmPKIFiles(data.Security.Kubernetes.CA); err != nil { return @@ -82,9 +108,13 @@ func (p *Kubeadm) Pre(data userdata.UserData) (err error) { return nil } -// Post implements the Service interface. -func (p *Kubeadm) Post(data userdata.UserData) (err error) { - if data.Services.Kubeadm.Init != nil && data.Services.Kubeadm.Init.TrustEndpoint == "" { +// PostFunc implements the Service interface. +func (k *Kubeadm) PostFunc(data *userdata.UserData) (err error) { + if data.Services.Kubeadm.Init == nil { + return nil + } + + if data.Services.Kubeadm.Init.TrustEndpoint == "" { return nil } @@ -110,15 +140,15 @@ func (p *Kubeadm) Post(data userdata.UserData) (err error) { client := proto.NewTrustdClient(conn) files := []string{ - "/etc/kubernetes/pki/ca.crt", - "/etc/kubernetes/pki/ca.key", - "/etc/kubernetes/pki/sa.key", - "/etc/kubernetes/pki/sa.pub", - "/etc/kubernetes/pki/front-proxy-ca.crt", - "/etc/kubernetes/pki/front-proxy-ca.key", - "/etc/kubernetes/pki/etcd/ca.crt", - "/etc/kubernetes/pki/etcd/ca.key", - "/etc/kubernetes/admin.conf", + "/var/etc/kubernetes/pki/ca.crt", + "/var/etc/kubernetes/pki/ca.key", + "/var/etc/kubernetes/pki/sa.key", + "/var/etc/kubernetes/pki/sa.pub", + "/var/etc/kubernetes/pki/front-proxy-ca.crt", + "/var/etc/kubernetes/pki/front-proxy-ca.key", + "/var/etc/kubernetes/pki/etcd/ca.crt", + "/var/etc/kubernetes/pki/etcd/ca.key", + "/var/etc/kubernetes/admin.conf", } if err = writeFiles(client, files); err != nil { return @@ -127,72 +157,95 @@ func (p *Kubeadm) Post(data userdata.UserData) (err error) { return nil } -// Cmd implements the Service interface. -func (p *Kubeadm) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { - cmdArgs.Name = "kubeadm" - cmdArgs.Path = "/bin/docker" - cmdArgs.Args = []string{ - "run", - "--rm", - "--net=host", - "--pid=host", - "--privileged", - "--volume=/sys:/sys:rw", - "--volume=/sys/fs/cgroup:/sys/fs/cgroup:rw", - "--volume=/var/run:/var/run:rw", - "--volume=/run:/run:rw", - "--volume=/var/lib/docker:/var/lib/docker:rw", - "--volume=/var/lib/kubelet:/var/lib/kubelet:slave", - "--volume=/var/log:/var/log", - "--volume=/etc/kubernetes:/etc/kubernetes:shared", - "--volume=/etc/os-release:/etc/os-release:ro", - "--volume=/lib/modules:/lib/modules:ro", - "--volume=/bin/docker:/bin/docker:ro", - "--volume=/bin/crictl:/bin/crictl:ro", - "--volume=/bin/kubeadm:/bin/kubeadm:ro", - "--volume=/run/kubeadm.sh:/bin/kubeadm.sh:ro", - "--name=kubeadm", - "gcr.io/google_containers/hyperkube:v1.11.2", - "/bin/kubeadm.sh", +// ConditionFunc implements the Service interface. +func (k *Kubeadm) ConditionFunc(data *userdata.UserData) conditions.ConditionFunc { + var conditionFunc conditions.ConditionFunc + switch data.Services.Kubeadm.ContainerRuntime { + case constants.ContainerRuntimeDocker: + if data.Services.Kubeadm.Init != nil && data.Services.Kubeadm.Init.Type == constants.KubeadmInitTypeDependent { + conditionFunc = conditions.WaitForFilesToExist(constants.ContainerRuntimeDockerSocket, "/var/etc/kubernetes/admin.conf") + } else { + conditionFunc = conditions.WaitForFileToExist(constants.ContainerRuntimeDockerSocket) + } + case constants.ContainerRuntimeCRIO: + if data.Services.Kubeadm.Init != nil && data.Services.Kubeadm.Init.Type == constants.KubeadmInitTypeDependent { + conditionFunc = conditions.WaitForFilesToExist(constants.ContainerRuntimeCRIOSocket, "/var/etc/kubernetes/admin.conf") + } else { + conditionFunc = conditions.WaitForFileToExist(constants.ContainerRuntimeCRIOSocket) + } } - contents, err := parse(data) - if err != nil { - return err + return conditionFunc +} + +// Start implements the Service interface. +// nolint: dupl +func (k *Kubeadm) Start(data *userdata.UserData) error { + // We only wan't to run kubeadm if it hasn't been ran already. + if _, err := os.Stat("/var/etc/kubernetes/kubelet.conf"); !os.IsNotExist(err) { + return nil } - err = ioutil.WriteFile("/run/kubeadm.sh", contents, os.FileMode(0700)) + // Set the image. + var image string + if data.Services.Kubeadm != nil && data.Services.Kubeadm.Image != "" { + image = data.Services.Kubeadm.Image + } else { + image = "gcr.io/google_containers/hyperkube:v1.11.2" + } - return err -} + // Set the process arguments. + args := runner.Args{ + ID: k.ID(data), + ProcessArgs: []string{"/bin/kubeadm.sh"}, + } + + // Set the mounts. + // nolint: dupl + mounts := []specs.Mount{ + {Type: "cgroup", Destination: "/sys/fs/cgroup", Options: []string{"ro"}}, + {Type: "bind", Destination: "/var/run", Source: "/run", Options: []string{"rbind", "rshared", "rw"}}, + {Type: "bind", Destination: "/var/lib/kubelet", Source: "/var/lib/kubelet", Options: []string{"rbind", "rshared", "rw"}}, + {Type: "bind", Destination: "/lib/modules", Source: "/lib/modules", Options: []string{"bind", "shared", "ro"}}, + {Type: "bind", Destination: "/etc/kubernetes", Source: "/var/etc/kubernetes", Options: []string{"bind", "rw"}}, + {Type: "bind", Destination: "/etc/os-release", Source: "/etc/os-release", Options: []string{"bind", "ro"}}, + {Type: "bind", Destination: "/bin/crictl", Source: "/bin/crictl", Options: []string{"bind", "ro"}}, + {Type: "bind", Destination: "/bin/kubeadm", Source: "/bin/kubeadm", Options: []string{"bind", "ro"}}, + {Type: "bind", Destination: "/bin/kubeadm.sh", Source: "/run/kubeadm.sh", Options: []string{"bind", "ro"}}, + } -// Condition implements the Service interface. -func (p *Kubeadm) Condition(data userdata.UserData) func() (bool, error) { switch data.Services.Kubeadm.ContainerRuntime { case constants.ContainerRuntimeDocker: - if data.Services.Kubeadm.Init != nil && data.Services.Kubeadm.Init.Type == "dependent" { - return conditions.WaitForFilesToExist(constants.ContainerRuntimeDockerSocket, "/etc/kubernetes/admin.conf") - } - return conditions.WaitForFileExists(constants.ContainerRuntimeDockerSocket) + mounts = append(mounts, specs.Mount{Type: "bind", Destination: "/var/lib/docker", Source: "/var/lib/docker", Options: []string{"rbind", "rshared", "rw"}}) case constants.ContainerRuntimeCRIO: - if data.Services.Kubeadm.Init != nil && data.Services.Kubeadm.Init.Type == "dependent" { - return conditions.WaitForFilesToExist(constants.ContainerRuntimeCRIOSocket, "/etc/kubernetes/admin.conf") - } - return conditions.WaitForFileExists(constants.ContainerRuntimeCRIOSocket) - default: - return conditions.None() + mounts = append(mounts, specs.Mount{Type: "bind", Destination: "/var/lib/containers", Source: "/var/lib/containers", Options: []string{"rbind", "rshared", "rw"}}) } -} -// Env implements the Service interface. -func (p *Kubeadm) Env() []string { return []string{} } - -// Type implements the Service interface. -func (p *Kubeadm) Type() Type { return Once } + r := containerd.Containerd{} + + return r.Run( + data, + args, + runner.WithContainerImage(image), + runner.WithOCISpecOpts( + containerd.WithMemoryLimit(int64(1000000*512)), + containerd.WithRootfsPropagation("slave"), + oci.WithMounts(mounts), + oci.WithHostNamespace(specs.PIDNamespace), + oci.WithParentCgroupDevices, + oci.WithPrivileged, + ), + runner.WithType(runner.Once), + ) +} func writeKubeadmConfig(data string) (err error) { + p := path.Dir(constants.KubeadmConfig) + if err := os.MkdirAll(p, os.ModeDir); err != nil { + return fmt.Errorf("create %s: %v", p, err) + } if err = ioutil.WriteFile(constants.KubeadmConfig, []byte(data), 0400); err != nil { - return fmt.Errorf("write %s: %s", constants.KubeadmConfig, err.Error()) + return fmt.Errorf("write %s: %v", constants.KubeadmConfig, err) } return nil @@ -203,20 +256,20 @@ func writeKubeadmPKIFiles(data *x509.PEMEncodedCertificateAndKey) (err error) { return err } if err = ioutil.WriteFile(constants.KubeadmCACert, data.Crt, 0400); err != nil { - return fmt.Errorf("write %s: %s", constants.KubeadmCACert, err.Error()) + return fmt.Errorf("write %s: %v", constants.KubeadmCACert, err) } if err = os.MkdirAll(path.Dir(constants.KubeadmCAKey), 0600); err != nil { return err } if err = ioutil.WriteFile(constants.KubeadmCAKey, data.Key, 0400); err != nil { - return fmt.Errorf("write %s: %s", constants.KubeadmCAKey, err.Error()) + return fmt.Errorf("write %s: %v", constants.KubeadmCAKey, err) } return nil } -func parse(data userdata.UserData) ([]byte, error) { +func parse(data *userdata.UserData) ([]byte, error) { ip, err := net.IP() if err != nil { return nil, err diff --git a/src/initramfs/cmd/init/pkg/system/services/kubelet.go b/src/initramfs/cmd/init/pkg/system/services/kubelet.go new file mode 100644 index 0000000000..7e9223267a --- /dev/null +++ b/src/initramfs/cmd/init/pkg/system/services/kubelet.go @@ -0,0 +1,136 @@ +package services + +import ( + "fmt" + "io/ioutil" + "os" + "strings" + + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/conditions" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner/containerd" + "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" + "github.com/containerd/containerd/oci" + specs "github.com/opencontainers/runtime-spec/specs-go" +) + +// Kubelet implements the Service interface. It serves as the concrete type with +// the required methods. +type Kubelet struct{} + +// ID implements the Service interface. +func (k *Kubelet) ID(data *userdata.UserData) string { + return "kubelet" +} + +// PreFunc implements the Service interface. +func (k *Kubelet) PreFunc(data *userdata.UserData) error { + if err := os.Mkdir("/run/flannel", os.ModeDir); err != nil { + return fmt.Errorf("create /run/flannel: %s", err.Error()) + } + if err := os.MkdirAll("/var/etc/cni/net.d", os.ModeDir); err != nil { + return fmt.Errorf("create /var/etc/cni/net.d: %s", err.Error()) + } + if err := os.MkdirAll("/var/etc/kubernetes/manifests", os.ModeDir); err != nil { + return fmt.Errorf("create /var/etc/kubernetes/manifests: %s", err.Error()) + } + if err := os.MkdirAll("/var/lib/kubelet", os.ModeDir); err != nil { + return fmt.Errorf("create /var/lib/kubelet: %s", err.Error()) + } + if err := os.MkdirAll("/var/libexec/kubernetes", os.ModeDir); err != nil { + return fmt.Errorf("create /var/libexec/kubernetes: %s", err.Error()) + } + + return nil +} + +// PostFunc implements the Service interface. +func (k *Kubelet) PostFunc(data *userdata.UserData) (err error) { + return nil +} + +// ConditionFunc implements the Service interface. +func (k *Kubelet) ConditionFunc(data *userdata.UserData) conditions.ConditionFunc { + var conditionFunc conditions.ConditionFunc + switch data.Services.Kubeadm.ContainerRuntime { + case constants.ContainerRuntimeDocker: + conditionFunc = conditions.WaitForFilesToExist("/var/lib/kubelet/kubeadm-flags.env") + case constants.ContainerRuntimeCRIO: + conditionFunc = conditions.WaitForFilesToExist("/var/lib/kubelet/kubeadm-flags.env", "/var/etc/containers/policy.json") + } + + return conditionFunc +} + +// Start implements the Service interface. +func (k *Kubelet) Start(data *userdata.UserData) error { + // Set the image. + var image string + if data.Services.Kubelet != nil && data.Services.Kubelet.Image != "" { + image = data.Services.Kubelet.Image + } else { + image = "gcr.io/google_containers/hyperkube:v1.11.2" + } + + // Set the process arguments. + args := runner.Args{ + ID: k.ID(data), + ProcessArgs: []string{ + "/hyperkube", + "kubelet", + "--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf", + "--kubeconfig=/etc/kubernetes/kubelet.conf", + "--config=/var/lib/kubelet/config.yaml", + }, + } + + if data.Services.Kubeadm.ContainerRuntime == constants.ContainerRuntimeCRIO { + args.ProcessArgs = append(args.ProcessArgs, "--container-runtime=remote", "--runtime-request-timeout=15m", "--container-runtime-endpoint=unix:///var/run/crio/crio.sock") + } + + fileBytes, err := ioutil.ReadFile("/var/lib/kubelet/kubeadm-flags.env") + if err != nil { + return err + } + argsString := strings.TrimPrefix(string(fileBytes), "KUBELET_KUBEADM_ARGS=") + argsString = strings.TrimSuffix(argsString, "\n") + args.ProcessArgs = append(args.ProcessArgs, strings.Split(argsString, " ")...) + + // Set the mounts. + mounts := []specs.Mount{ + {Type: "cgroup", Destination: "/sys/fs/cgroup", Options: []string{"rbind", "rshared", "rw"}}, + {Type: "bind", Destination: "/dev", Source: "/dev", Options: []string{"rbind", "rshared", "rw"}}, + {Type: "bind", Destination: "/var/run", Source: "/run", Options: []string{"rbind", "rshared", "rw"}}, + {Type: "bind", Destination: "/var/lib/kubelet", Source: "/var/lib/kubelet", Options: []string{"rbind", "rshared", "rw"}}, + {Type: "bind", Destination: "/lib/modules", Source: "/lib/modules", Options: []string{"bind", "shared", "ro"}}, + {Type: "bind", Destination: "/etc/kubernetes", Source: "/var/etc/kubernetes", Options: []string{"bind", "rw"}}, + {Type: "bind", Destination: "/etc/cni", Source: "/var/etc/cni", Options: []string{"rbind", "rshared", "ro"}}, + {Type: "bind", Destination: "/etc/os-release", Source: "/etc/os-release", Options: []string{"bind", "ro"}}, + {Type: "bind", Destination: "/usr/libexec/kubernetes", Source: "/var/libexec/kubernetes", Options: []string{"rbind", "rshared", "rw"}}, + } + + switch data.Services.Kubeadm.ContainerRuntime { + case constants.ContainerRuntimeDocker: + mounts = append(mounts, specs.Mount{Type: "bind", Destination: "/var/lib/docker", Source: "/var/lib/docker", Options: []string{"rbind", "rshared", "rw"}}) + case constants.ContainerRuntimeCRIO: + mounts = append(mounts, specs.Mount{Type: "bind", Destination: "/etc/containers", Source: "/var/etc/containers", Options: []string{"bind", "rw"}}) + } + + r := containerd.Containerd{} + + return r.Run( + data, + args, + runner.WithContainerImage(image), + runner.WithOCISpecOpts( + containerd.WithMemoryLimit(int64(1000000*2048)), + containerd.WithRootfsPropagation("slave"), + oci.WithMounts(mounts), + oci.WithHostNamespace(specs.PIDNamespace), + oci.WithParentCgroupDevices, + oci.WithPrivileged, + ), + runner.WithType(runner.Forever), + ) +} diff --git a/src/initramfs/cmd/init/pkg/system/services/osd.go b/src/initramfs/cmd/init/pkg/system/services/osd.go new file mode 100644 index 0000000000..e3f392a64f --- /dev/null +++ b/src/initramfs/cmd/init/pkg/system/services/osd.go @@ -0,0 +1,79 @@ +// nolint: dupl,golint +package services + +import ( + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/conditions" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner/containerd" + "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" + "github.com/autonomy/dianemo/src/initramfs/pkg/version" + "github.com/containerd/containerd/oci" + specs "github.com/opencontainers/runtime-spec/specs-go" +) + +// OSD implements the Service interface. It serves as the concrete type with +// the required methods. +type OSD struct{} + +// ID implements the Service interface. +func (o *OSD) ID(data *userdata.UserData) string { + return "osd" +} + +// PreFunc implements the Service interface. +func (o *OSD) PreFunc(data *userdata.UserData) error { + return nil +} + +// PostFunc implements the Service interface. +func (o *OSD) PostFunc(data *userdata.UserData) (err error) { + return nil +} + +// ConditionFunc implements the Service interface. +func (o *OSD) ConditionFunc(data *userdata.UserData) conditions.ConditionFunc { + return conditions.None() +} + +func (o *OSD) Start(data *userdata.UserData) error { + // Set the image. + var image string + if data.Services.OSD != nil && data.Services.OSD.Image != "" { + image = data.Services.OSD.Image + } else { + image = "docker.io/autonomy/osd:" + version.SHA + } + + // Set the process arguments. + args := runner.Args{ + ID: o.ID(data), + ProcessArgs: []string{"/osd", "--port=50000", "--userdata=" + constants.UserDataPath}, + } + if data.Services.Kubeadm.Init == nil { + args.ProcessArgs = append(args.ProcessArgs, "--generate=true") + } + + // Set the mounts. + mounts := []specs.Mount{ + {Type: "bind", Destination: constants.UserDataPath, Source: constants.UserDataPath, Options: []string{"rbind", "ro"}}, + {Type: "bind", Destination: constants.ContainerdSocket, Source: constants.ContainerdSocket, Options: []string{"bind", "ro"}}, + {Type: "bind", Destination: "/var/run", Source: "/var/run", Options: []string{"rbind", "rw"}}, + {Type: "bind", Destination: "/run", Source: "/run", Options: []string{"rbind", "rw"}}, + {Type: "bind", Destination: "/etc/kubernetes", Source: "/var/etc/kubernetes", Options: []string{"bind", "rw"}}, + {Type: "bind", Destination: "/etc/ssl", Source: "/etc/ssl", Options: []string{"bind", "ro"}}, + {Type: "bind", Destination: "/var/log", Source: "/var/log", Options: []string{"rbind", "rw"}}, + } + + r := containerd.Containerd{} + + return r.Run( + data, + args, + runner.WithContainerImage(image), + runner.WithOCISpecOpts( + containerd.WithMemoryLimit(int64(1000000*512)), + oci.WithMounts(mounts), + ), + ) +} diff --git a/src/initramfs/cmd/init/pkg/system/services/proxyd.go b/src/initramfs/cmd/init/pkg/system/services/proxyd.go new file mode 100644 index 0000000000..19b9c1f7fa --- /dev/null +++ b/src/initramfs/cmd/init/pkg/system/services/proxyd.go @@ -0,0 +1,71 @@ +// nolint: dupl,golint +package services + +import ( + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/conditions" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner/containerd" + "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" + "github.com/autonomy/dianemo/src/initramfs/pkg/version" + "github.com/containerd/containerd/oci" + specs "github.com/opencontainers/runtime-spec/specs-go" +) + +// Proxyd implements the Service interface. It serves as the concrete type with +// the required methods. +type Proxyd struct{} + +// ID implements the Service interface. +func (p *Proxyd) ID(data *userdata.UserData) string { + return "proxyd" +} + +// PreFunc implements the Service interface. +func (p *Proxyd) PreFunc(data *userdata.UserData) error { + return nil +} + +// PostFunc implements the Service interface. +func (p *Proxyd) PostFunc(data *userdata.UserData) (err error) { + return nil +} + +// ConditionFunc implements the Service interface. +func (p *Proxyd) ConditionFunc(data *userdata.UserData) conditions.ConditionFunc { + return conditions.WaitForFilesToExist("/var/etc/kubernetes/pki/ca.crt", "/var/etc/kubernetes/admin.conf") +} + +func (p *Proxyd) Start(data *userdata.UserData) error { + // Set the image. + var image string + if data.Services.Proxyd != nil && data.Services.Proxyd.Image != "" { + image = data.Services.Proxyd.Image + } else { + image = "docker.io/autonomy/proxyd:" + version.SHA + } + + // Set the process arguments. + args := runner.Args{ + ID: p.ID(data), + ProcessArgs: []string{"/proxyd"}, + } + + // Set the mounts. + mounts := []specs.Mount{ + {Type: "bind", Destination: "/etc/kubernetes/admin.conf", Source: "/var/etc/kubernetes/admin.conf", Options: []string{"rbind", "ro"}}, + {Type: "bind", Destination: "/etc/kubernetes/pki/ca.crt", Source: "/var/etc/kubernetes/pki/ca.crt", Options: []string{"rbind", "ro"}}, + } + + r := containerd.Containerd{} + + return r.Run( + data, + args, + runner.WithContainerImage(image), + runner.WithOCISpecOpts( + containerd.WithMemoryLimit(int64(1000000*512)), + oci.WithMounts(mounts), + oci.WithPrivileged, + ), + ) +} diff --git a/src/initramfs/cmd/init/pkg/system/services/trustd.go b/src/initramfs/cmd/init/pkg/system/services/trustd.go new file mode 100644 index 0000000000..85699910b9 --- /dev/null +++ b/src/initramfs/cmd/init/pkg/system/services/trustd.go @@ -0,0 +1,71 @@ +// nolint: dupl,golint +package services + +import ( + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/conditions" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner/containerd" + "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" + "github.com/autonomy/dianemo/src/initramfs/pkg/version" + "github.com/containerd/containerd/oci" + specs "github.com/opencontainers/runtime-spec/specs-go" +) + +// Trustd implements the Service interface. It serves as the concrete type with +// the required methods. +type Trustd struct{} + +// ID implements the Service interface. +func (t *Trustd) ID(data *userdata.UserData) string { + return "trustd" +} + +// PreFunc implements the Service interface. +func (t *Trustd) PreFunc(data *userdata.UserData) error { + return nil +} + +// PostFunc implements the Service interface. +func (t *Trustd) PostFunc(data *userdata.UserData) (err error) { + return nil +} + +// ConditionFunc implements the Service interface. +func (t *Trustd) ConditionFunc(data *userdata.UserData) conditions.ConditionFunc { + return conditions.None() +} + +func (t *Trustd) Start(data *userdata.UserData) error { + // Set the image. + var image string + if data.Services.Trustd != nil && data.Services.Trustd.Image != "" { + image = data.Services.Trustd.Image + } else { + image = "docker.io/autonomy/trustd:" + version.SHA + } + + // Set the process arguments. + args := runner.Args{ + ID: t.ID(data), + ProcessArgs: []string{"/trustd", "--port=50001", "--userdata=" + constants.UserDataPath}, + } + + // Set the mounts. + mounts := []specs.Mount{ + {Type: "bind", Destination: constants.UserDataPath, Source: constants.UserDataPath, Options: []string{"rbind", "ro"}}, + {Type: "bind", Destination: "/var/etc/kubernetes", Source: "/var/etc/kubernetes", Options: []string{"bind", "rw"}}, + } + + r := containerd.Containerd{} + + return r.Run( + data, + args, + runner.WithContainerImage(image), + runner.WithOCISpecOpts( + containerd.WithMemoryLimit(int64(1000000*512)), + oci.WithMounts(mounts), + ), + ) +} diff --git a/src/initramfs/cmd/init/pkg/system/system.go b/src/initramfs/cmd/init/pkg/system/system.go new file mode 100644 index 0000000000..ae46ec9ab4 --- /dev/null +++ b/src/initramfs/cmd/init/pkg/system/system.go @@ -0,0 +1,74 @@ +package system + +import ( + "log" + "sync" + + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/conditions" + "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" +) + +type singleton struct { + UserData *userdata.UserData +} + +var instance *singleton +var once sync.Once + +// Service is an interface describing a system service. +type Service interface { + // ID is the service id. + ID(*userdata.UserData) string + // PreFunc is invoked before a command is executed. + PreFunc(*userdata.UserData) error + // Start + Start(*userdata.UserData) error + // PostFunc is invoked after a command is executed. + PostFunc(*userdata.UserData) error + // ConditionFunc describes the conditions under which a service should + // start. + ConditionFunc(*userdata.UserData) conditions.ConditionFunc +} + +// Services returns the instance of the system services API. +// TODO(andrewrynhard): This should be a gRPC based API availale on a local +// unix socket. +// nolint: golint +func Services(data *userdata.UserData) *singleton { + once.Do(func() { + instance = &singleton{UserData: data} + }) + return instance +} + +// Start will invoke the service's Pre, Condition, and Type funcs. If the any +// error occurs in the Pre or Condition invocations, it is up to the caller to +// to restart the service. +func (s *singleton) Start(services ...Service) { + for _, service := range services { + go func(service Service) { + id := service.ID(s.UserData) + log.Printf("starting service %q", id) + if err := service.PreFunc(s.UserData); err != nil { + log.Printf("failed to run pre stage of service %q: %v", id, err) + return + } + + _, err := service.ConditionFunc(s.UserData)() + if err != nil { + log.Printf("service %q condition failed: %v", id, err) + return + } + + if err := service.Start(s.UserData); err != nil { + log.Printf("failed to start service %q: %v", id, err) + return + } + + if err := service.PostFunc(s.UserData); err != nil { + log.Printf("failed to run post stage of service %q: %v", id, err) + return + } + }(service) + } +} diff --git a/src/initramfs/cmd/osctl/cmd/ps.go b/src/initramfs/cmd/osctl/cmd/ps.go index a1f1b67f35..4c16ec222b 100644 --- a/src/initramfs/cmd/osctl/cmd/ps.go +++ b/src/initramfs/cmd/osctl/cmd/ps.go @@ -3,7 +3,6 @@ package cmd import ( "fmt" - "log" "os" "github.com/autonomy/dianemo/src/initramfs/cmd/osctl/pkg/client" @@ -23,9 +22,11 @@ var psCmd = &cobra.Command{ } c, err := client.NewClient(port, creds) if err != nil { - log.Fatal(err) + fmt.Println(err) + os.Exit(1) } if err := c.Processes(); err != nil { + fmt.Println(err) os.Exit(1) } }, diff --git a/src/initramfs/cmd/osctl/pkg/client/client.go b/src/initramfs/cmd/osctl/pkg/client/client.go index b2a3b489c9..190b18b178 100644 --- a/src/initramfs/cmd/osctl/pkg/client/client.go +++ b/src/initramfs/cmd/osctl/pkg/client/client.go @@ -79,7 +79,7 @@ func NewClient(port int, clientcreds *Credentials) (c *Client, err error) { if ok := certPool.AppendCertsFromPEM(clientcreds.ca); !ok { return nil, fmt.Errorf("failed to append client certs") } - // TODO: Do not parse the address. Pass the IP and port in as separate + // TODO(andrewrynhard): Do not parse the address. Pass the IP and port in as separate // parameters. creds := credentials.NewTLS(&tls.Config{ ServerName: clientcreds.target, @@ -120,9 +120,9 @@ func (c *Client) Processes() (err error) { return } w := tabwriter.NewWriter(os.Stdout, 0, 0, 3, ' ', 0) - fmt.Fprintln(w, "NAME\tID\tSTATE\tSTATUS") + fmt.Fprintln(w, "ID\tIMAGE\tSTATUS\tMEMORY(MB)\tCPU") for _, p := range reply.Processes { - fmt.Fprintf(w, "%s\t%s\t%s\t%s\n", p.Name, p.Id[:12], p.State, p.Status) + fmt.Fprintf(w, "%s\t%s\t%s\t%.2f\t%d\n", p.Id, p.Image, p.Status, float64(p.MemoryUsage)*1e-6, p.CpuUsage) } if err := w.Flush(); err != nil { return err diff --git a/src/initramfs/cmd/osd/pkg/reg/reg.go b/src/initramfs/cmd/osd/pkg/reg/reg.go index 00799c731b..57b8c92224 100644 --- a/src/initramfs/cmd/osd/pkg/reg/reg.go +++ b/src/initramfs/cmd/osd/pkg/reg/reg.go @@ -4,25 +4,33 @@ package reg import ( "context" + "errors" "fmt" "io/ioutil" + "log" "os" - "os/exec" - "strings" - "time" "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants" - servicelog "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/service/log" + "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner" + containerdrunner "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner/containerd" + servicelog "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/system/runner/process/log" "github.com/autonomy/dianemo/src/initramfs/cmd/osd/proto" "github.com/autonomy/dianemo/src/initramfs/pkg/chunker" filechunker "github.com/autonomy/dianemo/src/initramfs/pkg/chunker/file" streamchunker "github.com/autonomy/dianemo/src/initramfs/pkg/chunker/stream" "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" "github.com/autonomy/dianemo/src/initramfs/pkg/version" + "github.com/containerd/cgroups" + "github.com/containerd/containerd" + tasks "github.com/containerd/containerd/api/services/tasks/v1" + "github.com/containerd/containerd/namespaces" + "github.com/containerd/containerd/oci" + "github.com/containerd/typeurl" dockerclient "github.com/docker/engine-api/client" "github.com/docker/engine-api/types" "github.com/golang/protobuf/ptypes/empty" crioclient "github.com/kubernetes-incubator/cri-o/client" + specs "github.com/opencontainers/runtime-spec/specs-go" "golang.org/x/sys/unix" "google.golang.org/grpc" ) @@ -55,42 +63,79 @@ func (r *Registrator) Kubeconfig(ctx context.Context, in *empty.Empty) (data *pr // Processes implements the proto.OSDServer interface. func (r *Registrator) Processes(ctx context.Context, in *empty.Empty) (reply *proto.ProcessesReply, err error) { - cli, err := dockerclient.NewEnvClient() - if err != nil { - return - } - containers, err := cli.ContainerList(context.Background(), types.ContainerListOptions{ - All: true, - }) + ctx = namespaces.WithNamespace(ctx, "system") + client, err := containerd.New(constants.ContainerdSocket) if err != nil { - return + return nil, err } - processes := make([]*proto.Process, len(containers)) - for _, container := range containers { + defer client.Close() + containers, err := client.Containers(ctx) + processes := []*proto.Process{} + for _, c := range containers { + info, err := c.Info(ctx) + if err != nil { + log.Println(err) + continue + } + + task, err := c.Task(ctx, nil) + if err != nil { + log.Println(err) + continue + } + + status, err := task.Status(ctx) + if err != nil { + log.Println(err) + continue + } + process := &proto.Process{ - Id: container.ID, - Name: strings.TrimPrefix(container.Names[0], "/"), - State: container.State, - Status: container.Status, + Id: task.ID(), + Image: info.Image, + Status: string(status.Status), } + + if status.Status == containerd.Running { + metrics, err := task.Metrics(ctx) + if err != nil { + log.Println(err) + continue + } + anydata, err := typeurl.UnmarshalAny(metrics.Data) + if err != nil { + log.Println(err) + continue + } + data, ok := anydata.(*cgroups.Metrics) + if !ok { + log.Println(errors.New("failed to convert metric data to cgroups.Metrics")) + continue + } + process.MemoryUsage = data.Memory.Usage.Usage + process.CpuUsage = data.CPU.Usage.Total + } + processes = append(processes, process) } reply = &proto.ProcessesReply{Processes: processes} - return + return reply, nil } // Restart implements the proto.OSDServer interface. func (r *Registrator) Restart(ctx context.Context, in *proto.RestartRequest) (reply *proto.RestartReply, err error) { - cli, err := dockerclient.NewEnvClient() + ctx = namespaces.WithNamespace(ctx, "system") + client, err := containerd.New(constants.ContainerdSocket) if err != nil { - return + return nil, err } - duration := time.Duration(in.Timeout) * time.Second - err = cli.ContainerRestart(context.Background(), in.Id, &duration) + defer client.Close() + task := client.TaskService() + _, err = task.Kill(ctx, &tasks.KillRequest{ContainerID: in.Id, Signal: uint32(unix.SIGTERM)}) if err != nil { - return + return nil, err } reply = &proto.RestartReply{} @@ -100,60 +145,56 @@ func (r *Registrator) Restart(ctx context.Context, in *proto.RestartRequest) (re // Reset implements the proto.OSDServer interface. func (r *Registrator) Reset(ctx context.Context, in *empty.Empty) (reply *proto.ResetReply, err error) { + // TODO(andrewrynhard): Delete all system tasks and containers. - { - cmd := exec.Command("/bin/docker", "stop", "kubelet") - - // Set the environment for the service. - cmd.Env = []string{fmt.Sprintf("PATH=%s", constants.PATH)} - - if err = cmd.Start(); err != nil { - return - } - _, err = cmd.Process.Wait() - if err != nil { - return - } + // Set the image. + var image string + if r.Data.Services.Kubeadm != nil && r.Data.Services.Kubeadm.Image != "" { + image = r.Data.Services.Kubeadm.Image + } else { + image = "gcr.io/google_containers/hyperkube:v1.11.2" } - args := []string{ - "run", - "--rm", - "--net=host", - "--pid=host", - "--privileged", - "--volume=/sys:/sys:rw", - "--volume=/sys/fs/cgroup:/sys/fs/cgroup:rw", - "--volume=/var/run:/var/run:rw", - "--volume=/run:/run:rw", - "--volume=/var/lib/docker:/var/lib/docker:rw", - "--volume=/var/lib/kubelet:/var/lib/kubelet:slave", - "--volume=/var/log:/var/log", - "--volume=/etc/kubernetes:/etc/kubernetes:shared", - "--volume=/etc/os-release:/etc/os-release:ro", - "--volume=/lib/modules:/lib/modules:ro", - "--volume=/bin/docker:/bin/docker:ro", - "--volume=/bin/crictl:/bin/crictl:ro", - "--volume=/bin/kubeadm:/bin/kubeadm:ro", - "--name=kubeadm", - "gcr.io/google_containers/hyperkube:v1.11.2", - "/bin/kubeadm", - "reset", - "--force", + // Set the process arguments. + args := runner.Args{ + ID: "reset", + ProcessArgs: []string{"/bin/kubeadm", "reset", "--force"}, } - // Build the exec.Cmd - cmd := exec.Command("/bin/docker", args...) + // Set the mounts. + // nolint: dupl + mounts := []specs.Mount{ + {Type: "cgroup", Destination: "/sys/fs/cgroup", Options: []string{"ro"}}, + {Type: "bind", Destination: "/var/run", Source: "/run", Options: []string{"rbind", "rshared", "rw"}}, + {Type: "bind", Destination: "/var/lib/docker", Source: "/var/lib/docker", Options: []string{"rbind", "rshared", "rw"}}, + {Type: "bind", Destination: "/var/lib/kubelet", Source: "/var/lib/kubelet", Options: []string{"rbind", "rshared", "rw"}}, + {Type: "bind", Destination: "/lib/modules", Source: "/lib/modules", Options: []string{"bind", "shared", "ro"}}, + {Type: "bind", Destination: "/etc/kubernetes", Source: "/var/etc/kubernetes", Options: []string{"bind", "rw"}}, + {Type: "bind", Destination: "/etc/os-release", Source: "/etc/os-release", Options: []string{"bind", "ro"}}, + {Type: "bind", Destination: "/bin/crictl", Source: "/bin/crictl", Options: []string{"bind", "ro"}}, + {Type: "bind", Destination: "/bin/kubeadm", Source: "/bin/kubeadm", Options: []string{"bind", "ro"}}, + {Type: "bind", Destination: "/bin/kubeadm.sh", Source: "/run/kubeadm.sh", Options: []string{"bind", "ro"}}, + } - // Set the environment for the service. - cmd.Env = []string{fmt.Sprintf("PATH=%s", constants.PATH)} + cr := containerdrunner.Containerd{} + + err = cr.Run( + r.Data, + args, + runner.WithContainerImage(image), + runner.WithOCISpecOpts( + containerdrunner.WithMemoryLimit(int64(1000000*512)), + containerdrunner.WithRootfsPropagation("slave"), + oci.WithMounts(mounts), + oci.WithHostNamespace(specs.PIDNamespace), + oci.WithParentCgroupDevices, + oci.WithPrivileged, + ), + runner.WithType(runner.Once), + ) - if err = cmd.Start(); err != nil { - return - } - _, err = cmd.Process.Wait() if err != nil { - return + return nil, err } reply = &proto.ResetReply{} @@ -243,6 +284,7 @@ func (r *Registrator) Version(ctx context.Context, in *empty.Empty) (data *proto return data, err } + func crioLogs(id string) (chunk chunker.Chunker, err error) { cli, err := crioclient.New(constants.ContainerRuntimeCRIOSocket) if err != nil { diff --git a/src/initramfs/cmd/osd/proto/api.pb.go b/src/initramfs/cmd/osd/proto/api.pb.go index 372b255697..5a35c5d2d6 100644 --- a/src/initramfs/cmd/osd/proto/api.pb.go +++ b/src/initramfs/cmd/osd/proto/api.pb.go @@ -3,10 +3,12 @@ package proto -import proto "github.com/golang/protobuf/proto" -import fmt "fmt" -import math "math" -import empty "github.com/golang/protobuf/ptypes/empty" +import ( + fmt "fmt" + proto "github.com/golang/protobuf/proto" + empty "github.com/golang/protobuf/ptypes/empty" + math "math" +) import ( context "golang.org/x/net/context" @@ -36,7 +38,7 @@ func (m *ProcessesReply) Reset() { *m = ProcessesReply{} } func (m *ProcessesReply) String() string { return proto.CompactTextString(m) } func (*ProcessesReply) ProtoMessage() {} func (*ProcessesReply) Descriptor() ([]byte, []int) { - return fileDescriptor_api_b55c1a69b0d04a74, []int{0} + return fileDescriptor_00212fb1f9d3bf1c, []int{0} } func (m *ProcessesReply) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_ProcessesReply.Unmarshal(m, b) @@ -44,8 +46,8 @@ func (m *ProcessesReply) XXX_Unmarshal(b []byte) error { func (m *ProcessesReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { return xxx_messageInfo_ProcessesReply.Marshal(b, m, deterministic) } -func (dst *ProcessesReply) XXX_Merge(src proto.Message) { - xxx_messageInfo_ProcessesReply.Merge(dst, src) +func (m *ProcessesReply) XXX_Merge(src proto.Message) { + xxx_messageInfo_ProcessesReply.Merge(m, src) } func (m *ProcessesReply) XXX_Size() int { return xxx_messageInfo_ProcessesReply.Size(m) @@ -66,9 +68,10 @@ func (m *ProcessesReply) GetProcesses() []*Process { // The response message containing the requested processes. type Process struct { Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` - State string `protobuf:"bytes,3,opt,name=state,proto3" json:"state,omitempty"` - Status string `protobuf:"bytes,4,opt,name=status,proto3" json:"status,omitempty"` + Image string `protobuf:"bytes,2,opt,name=image,proto3" json:"image,omitempty"` + Status string `protobuf:"bytes,3,opt,name=status,proto3" json:"status,omitempty"` + MemoryUsage uint64 `protobuf:"varint,4,opt,name=memory_usage,json=memoryUsage,proto3" json:"memory_usage,omitempty"` + CpuUsage uint64 `protobuf:"varint,5,opt,name=cpu_usage,json=cpuUsage,proto3" json:"cpu_usage,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -78,7 +81,7 @@ func (m *Process) Reset() { *m = Process{} } func (m *Process) String() string { return proto.CompactTextString(m) } func (*Process) ProtoMessage() {} func (*Process) Descriptor() ([]byte, []int) { - return fileDescriptor_api_b55c1a69b0d04a74, []int{1} + return fileDescriptor_00212fb1f9d3bf1c, []int{1} } func (m *Process) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_Process.Unmarshal(m, b) @@ -86,8 +89,8 @@ func (m *Process) XXX_Unmarshal(b []byte) error { func (m *Process) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { return xxx_messageInfo_Process.Marshal(b, m, deterministic) } -func (dst *Process) XXX_Merge(src proto.Message) { - xxx_messageInfo_Process.Merge(dst, src) +func (m *Process) XXX_Merge(src proto.Message) { + xxx_messageInfo_Process.Merge(m, src) } func (m *Process) XXX_Size() int { return xxx_messageInfo_Process.Size(m) @@ -105,25 +108,32 @@ func (m *Process) GetId() string { return "" } -func (m *Process) GetName() string { +func (m *Process) GetImage() string { if m != nil { - return m.Name + return m.Image } return "" } -func (m *Process) GetState() string { +func (m *Process) GetStatus() string { if m != nil { - return m.State + return m.Status } return "" } -func (m *Process) GetStatus() string { +func (m *Process) GetMemoryUsage() uint64 { if m != nil { - return m.Status + return m.MemoryUsage } - return "" + return 0 +} + +func (m *Process) GetCpuUsage() uint64 { + if m != nil { + return m.CpuUsage + } + return 0 } // The request message containing the process to restart. @@ -139,7 +149,7 @@ func (m *RestartRequest) Reset() { *m = RestartRequest{} } func (m *RestartRequest) String() string { return proto.CompactTextString(m) } func (*RestartRequest) ProtoMessage() {} func (*RestartRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_api_b55c1a69b0d04a74, []int{2} + return fileDescriptor_00212fb1f9d3bf1c, []int{2} } func (m *RestartRequest) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_RestartRequest.Unmarshal(m, b) @@ -147,8 +157,8 @@ func (m *RestartRequest) XXX_Unmarshal(b []byte) error { func (m *RestartRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { return xxx_messageInfo_RestartRequest.Marshal(b, m, deterministic) } -func (dst *RestartRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_RestartRequest.Merge(dst, src) +func (m *RestartRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_RestartRequest.Merge(m, src) } func (m *RestartRequest) XXX_Size() int { return xxx_messageInfo_RestartRequest.Size(m) @@ -184,7 +194,7 @@ func (m *RestartReply) Reset() { *m = RestartReply{} } func (m *RestartReply) String() string { return proto.CompactTextString(m) } func (*RestartReply) ProtoMessage() {} func (*RestartReply) Descriptor() ([]byte, []int) { - return fileDescriptor_api_b55c1a69b0d04a74, []int{3} + return fileDescriptor_00212fb1f9d3bf1c, []int{3} } func (m *RestartReply) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_RestartReply.Unmarshal(m, b) @@ -192,8 +202,8 @@ func (m *RestartReply) XXX_Unmarshal(b []byte) error { func (m *RestartReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { return xxx_messageInfo_RestartReply.Marshal(b, m, deterministic) } -func (dst *RestartReply) XXX_Merge(src proto.Message) { - xxx_messageInfo_RestartReply.Merge(dst, src) +func (m *RestartReply) XXX_Merge(src proto.Message) { + xxx_messageInfo_RestartReply.Merge(m, src) } func (m *RestartReply) XXX_Size() int { return xxx_messageInfo_RestartReply.Size(m) @@ -215,7 +225,7 @@ func (m *ResetReply) Reset() { *m = ResetReply{} } func (m *ResetReply) String() string { return proto.CompactTextString(m) } func (*ResetReply) ProtoMessage() {} func (*ResetReply) Descriptor() ([]byte, []int) { - return fileDescriptor_api_b55c1a69b0d04a74, []int{4} + return fileDescriptor_00212fb1f9d3bf1c, []int{4} } func (m *ResetReply) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_ResetReply.Unmarshal(m, b) @@ -223,8 +233,8 @@ func (m *ResetReply) XXX_Unmarshal(b []byte) error { func (m *ResetReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { return xxx_messageInfo_ResetReply.Marshal(b, m, deterministic) } -func (dst *ResetReply) XXX_Merge(src proto.Message) { - xxx_messageInfo_ResetReply.Merge(dst, src) +func (m *ResetReply) XXX_Merge(src proto.Message) { + xxx_messageInfo_ResetReply.Merge(m, src) } func (m *ResetReply) XXX_Size() int { return xxx_messageInfo_ResetReply.Size(m) @@ -246,7 +256,7 @@ func (m *RebootReply) Reset() { *m = RebootReply{} } func (m *RebootReply) String() string { return proto.CompactTextString(m) } func (*RebootReply) ProtoMessage() {} func (*RebootReply) Descriptor() ([]byte, []int) { - return fileDescriptor_api_b55c1a69b0d04a74, []int{5} + return fileDescriptor_00212fb1f9d3bf1c, []int{5} } func (m *RebootReply) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_RebootReply.Unmarshal(m, b) @@ -254,8 +264,8 @@ func (m *RebootReply) XXX_Unmarshal(b []byte) error { func (m *RebootReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { return xxx_messageInfo_RebootReply.Marshal(b, m, deterministic) } -func (dst *RebootReply) XXX_Merge(src proto.Message) { - xxx_messageInfo_RebootReply.Merge(dst, src) +func (m *RebootReply) XXX_Merge(src proto.Message) { + xxx_messageInfo_RebootReply.Merge(m, src) } func (m *RebootReply) XXX_Size() int { return xxx_messageInfo_RebootReply.Size(m) @@ -279,7 +289,7 @@ func (m *LogsRequest) Reset() { *m = LogsRequest{} } func (m *LogsRequest) String() string { return proto.CompactTextString(m) } func (*LogsRequest) ProtoMessage() {} func (*LogsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_api_b55c1a69b0d04a74, []int{6} + return fileDescriptor_00212fb1f9d3bf1c, []int{6} } func (m *LogsRequest) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_LogsRequest.Unmarshal(m, b) @@ -287,8 +297,8 @@ func (m *LogsRequest) XXX_Unmarshal(b []byte) error { func (m *LogsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { return xxx_messageInfo_LogsRequest.Marshal(b, m, deterministic) } -func (dst *LogsRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_LogsRequest.Merge(dst, src) +func (m *LogsRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_LogsRequest.Merge(m, src) } func (m *LogsRequest) XXX_Size() int { return xxx_messageInfo_LogsRequest.Size(m) @@ -325,7 +335,7 @@ func (m *Data) Reset() { *m = Data{} } func (m *Data) String() string { return proto.CompactTextString(m) } func (*Data) ProtoMessage() {} func (*Data) Descriptor() ([]byte, []int) { - return fileDescriptor_api_b55c1a69b0d04a74, []int{7} + return fileDescriptor_00212fb1f9d3bf1c, []int{7} } func (m *Data) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_Data.Unmarshal(m, b) @@ -333,8 +343,8 @@ func (m *Data) XXX_Unmarshal(b []byte) error { func (m *Data) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { return xxx_messageInfo_Data.Marshal(b, m, deterministic) } -func (dst *Data) XXX_Merge(src proto.Message) { - xxx_messageInfo_Data.Merge(dst, src) +func (m *Data) XXX_Merge(src proto.Message) { + xxx_messageInfo_Data.Merge(m, src) } func (m *Data) XXX_Size() int { return xxx_messageInfo_Data.Size(m) @@ -694,33 +704,35 @@ var _OSD_serviceDesc = grpc.ServiceDesc{ Metadata: "api.proto", } -func init() { proto.RegisterFile("api.proto", fileDescriptor_api_b55c1a69b0d04a74) } - -var fileDescriptor_api_b55c1a69b0d04a74 = []byte{ - // 400 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x51, 0x41, 0x6b, 0xd4, 0x40, - 0x18, 0xdd, 0x6c, 0x92, 0x8d, 0xf9, 0xb2, 0x06, 0xfc, 0xd4, 0x12, 0xd6, 0x1e, 0xca, 0x9c, 0x0a, - 0x4a, 0x5a, 0x5a, 0x51, 0x10, 0xf1, 0xb4, 0x3d, 0x29, 0x28, 0x23, 0x78, 0xf1, 0x94, 0x6c, 0xbf, - 0x86, 0xc0, 0x26, 0x13, 0x33, 0x93, 0x43, 0xfe, 0x94, 0xbf, 0x51, 0x32, 0x33, 0x49, 0xec, 0x96, - 0x85, 0x3d, 0x65, 0xde, 0xcb, 0x7b, 0xf3, 0x98, 0xf7, 0x20, 0xcc, 0x9a, 0x32, 0x6d, 0x5a, 0xa1, - 0x04, 0xfa, 0xfa, 0xb3, 0x79, 0x53, 0x08, 0x51, 0xec, 0xe9, 0x4a, 0xa3, 0xbc, 0x7b, 0xb8, 0xa2, - 0xaa, 0x51, 0xbd, 0xd1, 0xb0, 0x2f, 0x10, 0xff, 0x68, 0xc5, 0x8e, 0xa4, 0x24, 0xc9, 0xa9, 0xd9, - 0xf7, 0xf8, 0x0e, 0xc2, 0x66, 0x64, 0x12, 0xe7, 0xc2, 0xbd, 0x8c, 0x6e, 0x62, 0x23, 0x4e, 0xad, - 0x92, 0xcf, 0x02, 0xf6, 0x1b, 0x02, 0xcb, 0x62, 0x0c, 0xcb, 0xf2, 0x3e, 0x71, 0x2e, 0x9c, 0xcb, - 0x90, 0x2f, 0xcb, 0x7b, 0x44, 0xf0, 0xea, 0xac, 0xa2, 0x64, 0xa9, 0x19, 0x7d, 0xc6, 0x57, 0xe0, - 0x4b, 0x95, 0x29, 0x4a, 0x5c, 0x4d, 0x1a, 0x80, 0x67, 0xb0, 0x1a, 0x0e, 0x9d, 0x4c, 0x3c, 0x4d, - 0x5b, 0xc4, 0x3e, 0x41, 0xcc, 0x49, 0xaa, 0xac, 0x55, 0x9c, 0xfe, 0x74, 0x24, 0xd5, 0x93, 0x8c, - 0x04, 0x02, 0x55, 0x56, 0x24, 0x3a, 0xa5, 0x63, 0x7c, 0x3e, 0x42, 0x16, 0xc3, 0x7a, 0xf2, 0x36, - 0xfb, 0x9e, 0xad, 0x01, 0x38, 0x49, 0xb2, 0xe8, 0x39, 0x44, 0x9c, 0x72, 0x21, 0x2c, 0xbc, 0x83, - 0xe8, 0x9b, 0x28, 0xe4, 0x98, 0x92, 0x40, 0x60, 0x5f, 0x68, 0xa3, 0x46, 0x88, 0xe7, 0x10, 0xee, - 0x44, 0xad, 0xb2, 0xb2, 0xa6, 0x56, 0x27, 0x3e, 0xe3, 0x33, 0xc1, 0xce, 0xc1, 0xdb, 0x66, 0x2a, - 0x1b, 0x5e, 0x99, 0xf7, 0x8a, 0x8c, 0x7b, 0xcd, 0x0d, 0xb8, 0xf9, 0xeb, 0x82, 0xfb, 0xfd, 0xe7, - 0x16, 0x6f, 0x01, 0xbe, 0x76, 0x39, 0xed, 0x44, 0xfd, 0x50, 0x16, 0x78, 0x96, 0x9a, 0x79, 0xd2, - 0x71, 0x9e, 0xf4, 0x6e, 0x98, 0x67, 0x13, 0xd9, 0xce, 0x87, 0x0b, 0xd9, 0x02, 0x3f, 0x43, 0x38, - 0xed, 0x74, 0xd4, 0xf3, 0xfa, 0xf1, 0x4e, 0x76, 0x51, 0xb6, 0xc0, 0x8f, 0x10, 0xd8, 0x32, 0x70, - 0xd4, 0x3c, 0x2e, 0x76, 0xf3, 0xf2, 0x90, 0x36, 0xc6, 0xf7, 0xe0, 0xeb, 0xd6, 0x8e, 0x46, 0xbe, - 0x98, 0x7d, 0x34, 0xb9, 0x3e, 0xc0, 0xca, 0xb4, 0x7b, 0xd4, 0x86, 0x93, 0x6d, 0x1e, 0x61, 0x81, - 0x6f, 0xc1, 0x1b, 0x66, 0xc0, 0xf1, 0xef, 0x7f, 0x9b, 0x1c, 0xf4, 0x71, 0xed, 0x60, 0x0a, 0xfe, - 0xb6, 0x22, 0x79, 0x72, 0x83, 0xd7, 0x10, 0xfc, 0xa2, 0x56, 0x96, 0xa2, 0x3e, 0xd1, 0x91, 0xaf, - 0x34, 0xba, 0xfd, 0x17, 0x00, 0x00, 0xff, 0xff, 0xb4, 0x9c, 0x7e, 0x60, 0x53, 0x03, 0x00, 0x00, +func init() { proto.RegisterFile("api.proto", fileDescriptor_00212fb1f9d3bf1c) } + +var fileDescriptor_00212fb1f9d3bf1c = []byte{ + // 431 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x91, 0x51, 0x6b, 0xd4, 0x40, + 0x14, 0x85, 0x37, 0xbb, 0x9b, 0x4d, 0x73, 0xb3, 0x06, 0xbc, 0x6a, 0x09, 0xdb, 0x3e, 0xac, 0x79, + 0x5a, 0x50, 0xd2, 0xd2, 0x8a, 0x82, 0x88, 0x4f, 0xdb, 0x27, 0x05, 0x65, 0x44, 0x5f, 0x25, 0x49, + 0x6f, 0x43, 0x60, 0xb3, 0x33, 0x66, 0x66, 0x1e, 0xf2, 0x0b, 0xfc, 0x37, 0xfe, 0x46, 0xc9, 0xcc, + 0x64, 0x63, 0x2b, 0x0b, 0x7d, 0x0a, 0xe7, 0xdc, 0x7b, 0x72, 0x87, 0xf3, 0x41, 0x98, 0x8b, 0x3a, + 0x13, 0x2d, 0x57, 0x1c, 0x7d, 0xf3, 0x59, 0x9d, 0x55, 0x9c, 0x57, 0x3b, 0xba, 0x30, 0xaa, 0xd0, + 0x77, 0x17, 0xd4, 0x08, 0xd5, 0xd9, 0x9d, 0xf4, 0x23, 0xc4, 0x5f, 0x5b, 0x5e, 0x92, 0x94, 0x24, + 0x19, 0x89, 0x5d, 0x87, 0xaf, 0x21, 0x14, 0x83, 0x93, 0x78, 0xeb, 0xd9, 0x26, 0xba, 0x8a, 0xed, + 0x72, 0xe6, 0x36, 0xd9, 0xb8, 0x90, 0xfe, 0xf6, 0x20, 0x70, 0x36, 0xc6, 0x30, 0xad, 0x6f, 0x13, + 0x6f, 0xed, 0x6d, 0x42, 0x36, 0xad, 0x6f, 0xf1, 0x39, 0xf8, 0x75, 0x93, 0x57, 0x94, 0x4c, 0x8d, + 0x65, 0x05, 0x9e, 0xc2, 0x42, 0xaa, 0x5c, 0x69, 0x99, 0xcc, 0x8c, 0xed, 0x14, 0xbe, 0x84, 0x65, + 0x43, 0x0d, 0x6f, 0xbb, 0x9f, 0x5a, 0xf6, 0xa1, 0xf9, 0xda, 0xdb, 0xcc, 0x59, 0x64, 0xbd, 0xef, + 0xbd, 0x85, 0x67, 0x10, 0x96, 0x42, 0xbb, 0xb9, 0x6f, 0xe6, 0x27, 0xa5, 0xd0, 0x66, 0x98, 0xbe, + 0x87, 0x98, 0x91, 0x54, 0x79, 0xab, 0x18, 0xfd, 0xd2, 0x24, 0xd5, 0x7f, 0xef, 0x49, 0x20, 0x50, + 0x75, 0x43, 0x5c, 0x2b, 0xf3, 0x22, 0x9f, 0x0d, 0x32, 0x8d, 0x61, 0x79, 0xc8, 0x8a, 0x5d, 0x97, + 0x2e, 0x01, 0x18, 0x49, 0x72, 0xea, 0x09, 0x44, 0x8c, 0x0a, 0xce, 0x9d, 0xbc, 0x81, 0xe8, 0x33, + 0xaf, 0xe4, 0x70, 0x25, 0x81, 0xc0, 0xd5, 0xe1, 0x4e, 0x0d, 0x12, 0xcf, 0x21, 0x2c, 0xf9, 0x5e, + 0xe5, 0xf5, 0x9e, 0x5a, 0x73, 0xf1, 0x84, 0x8d, 0x46, 0x7a, 0x0e, 0xf3, 0x6d, 0xae, 0xf2, 0xbe, + 0xa5, 0xa2, 0x53, 0x64, 0xd3, 0x4b, 0x66, 0xc5, 0xd5, 0x9f, 0x19, 0xcc, 0xbe, 0x7c, 0xdb, 0xe2, + 0x35, 0xc0, 0x27, 0x5d, 0x50, 0xc9, 0xf7, 0x77, 0x75, 0x85, 0xa7, 0x99, 0x65, 0x99, 0x0d, 0x2c, + 0xb3, 0x9b, 0x9e, 0xe5, 0x2a, 0x72, 0x80, 0xfa, 0x1f, 0xa6, 0x13, 0xfc, 0x00, 0xe1, 0x01, 0xea, + 0xd1, 0xcc, 0x8b, 0xfb, 0x50, 0x1d, 0xfe, 0x74, 0x82, 0xef, 0x20, 0x70, 0x65, 0xe0, 0xb0, 0x73, + 0xbf, 0xd8, 0xd5, 0xb3, 0x87, 0xb6, 0x0d, 0xbe, 0x01, 0xdf, 0xb4, 0x76, 0xf4, 0xe4, 0xd3, 0x31, + 0x47, 0x87, 0xd4, 0x5b, 0x58, 0xd8, 0x76, 0x8f, 0xc6, 0xf0, 0x10, 0x1b, 0x21, 0x4c, 0xf0, 0x15, + 0xcc, 0x7b, 0x0c, 0x38, 0x4c, 0xff, 0x61, 0xf2, 0xa0, 0x8f, 0x4b, 0x0f, 0x33, 0xf0, 0xb7, 0x0d, + 0xc9, 0x47, 0x37, 0x78, 0x09, 0xc1, 0x0f, 0x6a, 0x65, 0xcd, 0xf7, 0x8f, 0x4c, 0x14, 0x0b, 0xa3, + 0xae, 0xff, 0x06, 0x00, 0x00, 0xff, 0xff, 0x72, 0xae, 0x8f, 0x7e, 0x80, 0x03, 0x00, 0x00, } diff --git a/src/initramfs/cmd/osd/proto/api.proto b/src/initramfs/cmd/osd/proto/api.proto index e8b10eb56a..75269e6353 100644 --- a/src/initramfs/cmd/osd/proto/api.proto +++ b/src/initramfs/cmd/osd/proto/api.proto @@ -25,9 +25,10 @@ message ProcessesReply { // The response message containing the requested processes. message Process { string id = 1; - string name = 2; - string state = 3; - string status = 4; + string image = 2; + string status = 3; + uint64 memory_usage = 4; + uint64 cpu_usage = 5; } // The request message containing the process to restart. diff --git a/src/initramfs/cmd/trustd/proto/api.pb.go b/src/initramfs/cmd/trustd/proto/api.pb.go index 666cb1bad2..9a0413a564 100644 --- a/src/initramfs/cmd/trustd/proto/api.pb.go +++ b/src/initramfs/cmd/trustd/proto/api.pb.go @@ -3,9 +3,11 @@ package proto -import proto "github.com/golang/protobuf/proto" -import fmt "fmt" -import math "math" +import ( + fmt "fmt" + proto "github.com/golang/protobuf/proto" + math "math" +) import ( context "golang.org/x/net/context" @@ -35,7 +37,7 @@ func (m *CertificateRequest) Reset() { *m = CertificateRequest{} } func (m *CertificateRequest) String() string { return proto.CompactTextString(m) } func (*CertificateRequest) ProtoMessage() {} func (*CertificateRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_api_6d48f67e45b68bdd, []int{0} + return fileDescriptor_00212fb1f9d3bf1c, []int{0} } func (m *CertificateRequest) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_CertificateRequest.Unmarshal(m, b) @@ -43,8 +45,8 @@ func (m *CertificateRequest) XXX_Unmarshal(b []byte) error { func (m *CertificateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { return xxx_messageInfo_CertificateRequest.Marshal(b, m, deterministic) } -func (dst *CertificateRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_CertificateRequest.Merge(dst, src) +func (m *CertificateRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_CertificateRequest.Merge(m, src) } func (m *CertificateRequest) XXX_Size() int { return xxx_messageInfo_CertificateRequest.Size(m) @@ -74,7 +76,7 @@ func (m *CertificateResponse) Reset() { *m = CertificateResponse{} } func (m *CertificateResponse) String() string { return proto.CompactTextString(m) } func (*CertificateResponse) ProtoMessage() {} func (*CertificateResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_api_6d48f67e45b68bdd, []int{1} + return fileDescriptor_00212fb1f9d3bf1c, []int{1} } func (m *CertificateResponse) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_CertificateResponse.Unmarshal(m, b) @@ -82,8 +84,8 @@ func (m *CertificateResponse) XXX_Unmarshal(b []byte) error { func (m *CertificateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { return xxx_messageInfo_CertificateResponse.Marshal(b, m, deterministic) } -func (dst *CertificateResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_CertificateResponse.Merge(dst, src) +func (m *CertificateResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_CertificateResponse.Merge(m, src) } func (m *CertificateResponse) XXX_Size() int { return xxx_messageInfo_CertificateResponse.Size(m) @@ -115,7 +117,7 @@ func (m *WriteFileRequest) Reset() { *m = WriteFileRequest{} } func (m *WriteFileRequest) String() string { return proto.CompactTextString(m) } func (*WriteFileRequest) ProtoMessage() {} func (*WriteFileRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_api_6d48f67e45b68bdd, []int{2} + return fileDescriptor_00212fb1f9d3bf1c, []int{2} } func (m *WriteFileRequest) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_WriteFileRequest.Unmarshal(m, b) @@ -123,8 +125,8 @@ func (m *WriteFileRequest) XXX_Unmarshal(b []byte) error { func (m *WriteFileRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { return xxx_messageInfo_WriteFileRequest.Marshal(b, m, deterministic) } -func (dst *WriteFileRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_WriteFileRequest.Merge(dst, src) +func (m *WriteFileRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_WriteFileRequest.Merge(m, src) } func (m *WriteFileRequest) XXX_Size() int { return xxx_messageInfo_WriteFileRequest.Size(m) @@ -167,7 +169,7 @@ func (m *WriteFileResponse) Reset() { *m = WriteFileResponse{} } func (m *WriteFileResponse) String() string { return proto.CompactTextString(m) } func (*WriteFileResponse) ProtoMessage() {} func (*WriteFileResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_api_6d48f67e45b68bdd, []int{3} + return fileDescriptor_00212fb1f9d3bf1c, []int{3} } func (m *WriteFileResponse) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_WriteFileResponse.Unmarshal(m, b) @@ -175,8 +177,8 @@ func (m *WriteFileResponse) XXX_Unmarshal(b []byte) error { func (m *WriteFileResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { return xxx_messageInfo_WriteFileResponse.Marshal(b, m, deterministic) } -func (dst *WriteFileResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_WriteFileResponse.Merge(dst, src) +func (m *WriteFileResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_WriteFileResponse.Merge(m, src) } func (m *WriteFileResponse) XXX_Size() int { return xxx_messageInfo_WriteFileResponse.Size(m) @@ -299,9 +301,9 @@ var _Trustd_serviceDesc = grpc.ServiceDesc{ Metadata: "api.proto", } -func init() { proto.RegisterFile("api.proto", fileDescriptor_api_6d48f67e45b68bdd) } +func init() { proto.RegisterFile("api.proto", fileDescriptor_00212fb1f9d3bf1c) } -var fileDescriptor_api_6d48f67e45b68bdd = []byte{ +var fileDescriptor_00212fb1f9d3bf1c = []byte{ // 219 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4c, 0x2c, 0xc8, 0xd4, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x05, 0x53, 0x4a, 0x6a, 0x5c, 0x42, 0xce, 0xa9, 0x45, diff --git a/src/initramfs/go.mod b/src/initramfs/go.mod index 47b327fd2e..b520e63b24 100644 --- a/src/initramfs/go.mod +++ b/src/initramfs/go.mod @@ -1,42 +1,83 @@ module github.com/autonomy/dianemo/src/initramfs require ( - github.com/Microsoft/go-winio v0.4.9 - github.com/davecgh/go-spew v1.1.0 - github.com/docker/distribution v2.6.2+incompatible + github.com/BurntSushi/toml v0.3.0 // indirect + github.com/Microsoft/go-winio v0.4.9 // indirect + github.com/Microsoft/hcsshim v0.7.0 // indirect + github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 // indirect + github.com/boltdb/bolt v1.3.1 // indirect + github.com/containerd/cgroups v0.0.0-20180905221500-58556f5ad844 + github.com/containerd/containerd v1.2.0-beta.2 + github.com/containerd/continuity v0.0.0-20180829013124-f44b615e492b // indirect + github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260 // indirect + github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd + github.com/containers/storage v0.0.0-20180829143637-d0cb01076460 // indirect + github.com/coreos/go-systemd v0.0.0-20180828140353-eee3db372b31 // indirect + github.com/davecgh/go-spew v1.1.0 // indirect + github.com/docker/distribution v2.6.2+incompatible // indirect github.com/docker/engine-api v0.4.0 - github.com/docker/go-connections v0.4.0 - github.com/docker/go-units v0.3.3 - github.com/fullsailor/pkcs7 v0.0.0-20180422025557-ae226422660e - github.com/ghodss/yaml v1.0.0 - github.com/gogo/protobuf v1.0.0 - github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b + github.com/docker/go-connections v0.4.0 // indirect + github.com/docker/go-events v0.0.0-20170721190031-9461782956ad // indirect + github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916 // indirect + github.com/docker/go-units v0.3.3 // indirect + github.com/fsnotify/fsnotify v1.4.7 // indirect + github.com/fullsailor/pkcs7 v0.0.0-20180613152042-8306686428a5 + github.com/ghodss/yaml v1.0.0 // indirect + github.com/godbus/dbus v4.1.0+incompatible // indirect + github.com/gogo/googleapis v1.1.0 // indirect + github.com/gogo/protobuf v1.1.1 // indirect + github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b // indirect + github.com/golang/groupcache v0.0.0-20180513044358-24b0969c4cb7 // indirect github.com/golang/protobuf v1.1.0 - github.com/google/btree v0.0.0-20180124185431-e89373fe6b4a - github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf - github.com/googleapis/gnostic v0.2.0 - github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 - github.com/hashicorp/golang-lru v0.0.0-20180201235237-0fb14efe8c47 - github.com/imdario/mergo v0.3.4 - github.com/inconshreveable/mousetrap v1.0.0 - github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be - github.com/kubernetes-incubator/cri-o v1.9.10 - github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd - github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742 - github.com/petar/GoLLRB v0.0.0-20130427215148-53be0d36a84c - github.com/peterbourgon/diskv v2.0.1+incompatible - github.com/pkg/errors v0.8.0 - github.com/spf13/cobra v0.0.2 - github.com/spf13/pflag v1.0.1 - golang.org/x/crypto v0.0.0-20180515001509-1a580b3eff78 + github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c // indirect + github.com/google/go-cmp v0.2.0 // indirect + github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf // indirect + github.com/googleapis/gnostic v0.2.0 // indirect + github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect + github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect + github.com/hashicorp/golang-lru v0.5.0 // indirect + github.com/hpcloud/tail v1.0.0 // indirect + github.com/imdario/mergo v0.3.6 // indirect + github.com/inconshreveable/mousetrap v1.0.0 // indirect + github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be // indirect + github.com/kubernetes-incubator/cri-o v1.11.2 + github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742 // indirect + github.com/onsi/ginkgo v1.6.0 // indirect + github.com/onsi/gomega v1.4.1 // indirect + github.com/opencontainers/go-digest v1.0.0-rc1 // indirect + github.com/opencontainers/image-spec v1.0.1 // indirect + github.com/opencontainers/runc v0.1.1 // indirect + github.com/opencontainers/runtime-spec v0.1.2-0.20180710222632-d810dbc60d8c + github.com/peterbourgon/diskv v2.0.1+incompatible // indirect + github.com/pkg/errors v0.8.0 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/prometheus/client_golang v0.8.0 // indirect + github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910 // indirect + github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e // indirect + github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273 // indirect + github.com/sirupsen/logrus v1.0.6 // indirect + github.com/spf13/cobra v0.0.3 + github.com/spf13/pflag v1.0.1 // indirect + github.com/stevvooe/resumable v0.0.0-20180830230917-22b14a53ba50 // indirect + github.com/stretchr/testify v1.2.2 // indirect + github.com/syndtr/gocapability v0.0.0-20180223013746-33e07d32887e // indirect + golang.org/x/crypto v0.0.0-20180515001509-1a580b3eff78 // indirect golang.org/x/net v0.0.0-20180420171651-5f9ae10d9af5 + golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f // indirect golang.org/x/sys v0.0.0-20180302081741-dd2ff4accc09 - golang.org/x/text v0.3.0 - golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2 - google.golang.org/genproto v0.0.0-20180427144745-86e600f69ee4 + golang.org/x/text v0.3.0 // indirect + golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2 // indirect + google.golang.org/genproto v0.0.0-20180831171423-11092d34479b // indirect google.golang.org/grpc v1.11.3 - gopkg.in/inf.v0 v0.9.1 + gopkg.in/airbrake/gobrake.v2 v2.0.9 // indirect + gopkg.in/fsnotify.v1 v1.4.7 // indirect + gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/yaml.v2 v2.1.1 + gotest.tools v2.1.0+incompatible // indirect k8s.io/api v0.0.0-20180712090710-2d6f90ab1293 k8s.io/apimachinery v0.0.0-20180621070125-103fd098999d k8s.io/client-go v0.0.0-20180806134042-1f13a808da65 diff --git a/src/initramfs/go.sum b/src/initramfs/go.sum index a4669fb092..19c576950c 100644 --- a/src/initramfs/go.sum +++ b/src/initramfs/go.sum @@ -1,41 +1,164 @@ +github.com/BurntSushi/toml v0.3.0 h1:e1/Ivsx3Z0FVTV0NSOv/aVgbUWyQuzj7DDnFblkRvsY= +github.com/BurntSushi/toml v0.3.0/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/Microsoft/go-winio v0.4.9 h1:3RbgqgGVqmcpbOiwrjbVtDHLlJBGF6aE+yHmNtBNsFQ= github.com/Microsoft/go-winio v0.4.9/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= +github.com/Microsoft/hcsshim v0.7.0 h1:m1J6JDH52fG9Qjq8fznVe8PNX75RFge88bzQ8u/HFM0= +github.com/Microsoft/hcsshim v0.7.0/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4= +github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= +github.com/containerd/cgroups v0.0.0-20180905221500-58556f5ad844 h1:W0F6ErEE8B84VNA5yX3sqNm0z7tivzEtvI/3DMo4Mr4= +github.com/containerd/cgroups v0.0.0-20180905221500-58556f5ad844/go.mod h1:X9rLEHIqSf/wfK8NsPqxJmeZgW4pcfzdXITDrUSJ6uI= +github.com/containerd/containerd v1.2.0-beta.2 h1:IYGcR47Wxj8k8+jIF7882PaG4VcIK8cBtXHKULsw3Bs= +github.com/containerd/containerd v1.2.0-beta.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= +github.com/containerd/continuity v0.0.0-20180829013124-f44b615e492b h1:Tp4sq3Hm+0xqNo7ZQ4CnVSkWeZXtrBTZgMtoBKmMsIY= +github.com/containerd/continuity v0.0.0-20180829013124-f44b615e492b/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= +github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260 h1:XGyg7oTtD0DoRFhbpV6x1WfV0flKC4UxXU7ab1zC08U= +github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= +github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd h1:JNn81o/xG+8NEo3bC/vx9pbi/g2WI8mtP2/nXzu297Y= +github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc= +github.com/containers/storage v0.0.0-20180829143637-d0cb01076460 h1:hClnCyhG6PhaW7JSMg5kzP2WxNtbaedG9Ws0wTfsGMQ= +github.com/containers/storage v0.0.0-20180829143637-d0cb01076460/go.mod h1:+RirK6VQAqskQlaTBrOG6ulDvn4si2QjFE1NZCn06MM= +github.com/coreos/go-systemd v0.0.0-20180828140353-eee3db372b31 h1:wRzCUSYhBIk1KvRIlx+nvScCRIxX0iIhSU5h9xj7MUU= +github.com/coreos/go-systemd v0.0.0-20180828140353-eee3db372b31/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/docker/distribution v2.6.2+incompatible h1:4FI6af79dfCS/CYb+RRtkSHw3q1L/bnDjG1PcPZtQhM= github.com/docker/distribution v2.6.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/engine-api v0.4.0 h1:D0Osr6+45yAlQqLyoczv5qJtAu+P0HB0rLCddck03wY= github.com/docker/engine-api v0.4.0/go.mod h1:xtQCpzf4YysNZCVFfIGIm7qfLvYbxtLkEVVfKhTVOvw= +github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/go-events v0.0.0-20170721190031-9461782956ad h1:VXIse57M5C6ezDuCPyq6QmMvEJ2xclYKZ35SfkXdm3E= +github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= +github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916 h1:yWHOI+vFjEsAakUTSrtqc/SAHrhSkmn48pqjidZX3QA= +github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI= +github.com/docker/go-units v0.3.3 h1:Xk8S3Xj5sLGlG5g67hJmYMmUgXv5N4PhkjJHHqrwnTk= github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/fullsailor/pkcs7 v0.0.0-20180422025557-ae226422660e/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= +github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/fullsailor/pkcs7 v0.0.0-20180613152042-8306686428a5 h1:v+vxrd9XS8uWIXG2RK0BHCnXc30qLVQXVqbK+IOmpXk= +github.com/fullsailor/pkcs7 v0.0.0-20180613152042-8306686428a5/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= +github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/gogo/protobuf v1.0.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/godbus/dbus v4.1.0+incompatible h1:WqqLRTsQic3apZUK9qC5sGNfXthmPXzUZ7nQPrNITa4= +github.com/godbus/dbus v4.1.0+incompatible/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= +github.com/gogo/googleapis v1.1.0 h1:kFkMAZBNAn4j7K0GiZr8cRYzejq68VbheufiV3YuyFI= +github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= +github.com/gogo/protobuf v1.1.1 h1:72R+M5VuhED/KujmZVcIquuo8mBgX4oVda//DQb3PXo= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20180513044358-24b0969c4cb7 h1:u4bArs140e9+AfE52mFHOXVFnOSBJBRlzTHrOPLOIhE= +github.com/golang/groupcache v0.0.0-20180513044358-24b0969c4cb7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/protobuf v1.1.0 h1:0iH4Ffd/meGoXqF2lSAhZHt8X+cPgkfn/cb6Cce5Vpc= github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/google/btree v0.0.0-20180124185431-e89373fe6b4a/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c h1:964Od4U6p2jUkFxvCydnIczKteheJEzHRToSGK3Bnlw= +github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/go-cmp v0.2.0 h1:+dTQ8DZQJz0Mb/HjFlkptS1FeQ4cWSnN941F8aEG4SQ= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf h1:+RRA9JqSOZFfKrOeqr2z77+8R2RKyh8PG66dcu1V0ck= github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= +github.com/googleapis/gnostic v0.2.0 h1:l6N3VoaVzTncYYW+9yOz2LJJammFZGBO13sqgEhpy9g= github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/hashicorp/golang-lru v0.0.0-20180201235237-0fb14efe8c47/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= +github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= +github.com/hashicorp/golang-lru v0.5.0 h1:CL2msUPvZTLb5O648aiLNJw3hnBxN2+1Jq8rCOH9wdo= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= +github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be h1:AHimNtVIpiBjPUhEF5KNCkrUyqTSA5zWUl8sQ2bfGBE= github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/kubernetes-incubator/cri-o v1.9.10/go.mod h1:iVQXkISBUrMZCggYuwSRBDDZ9XoP3WzfFFYpF+/RI8g= +github.com/kubernetes-incubator/cri-o v1.11.2 h1:fFVGShhe9znd4QmLYk19zJNocapw9Mr73ISXkj+Bpes= +github.com/kubernetes-incubator/cri-o v1.11.2/go.mod h1:iVQXkISBUrMZCggYuwSRBDDZ9XoP3WzfFFYpF+/RI8g= +github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742 h1:Esafd1046DLDQ0W1YjYsBW+p8U2u7vzgW2SQVmlNazg= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/petar/GoLLRB v0.0.0-20130427215148-53be0d36a84c/go.mod h1:HUpKUBZnpzkdx0kD/+Yfuft+uD3zHGtXF/XJB14TUr4= +github.com/onsi/ginkgo v1.6.0 h1:Ix8l273rp3QzYgXSR+c8d1fTG7UPgYkOSELPhiY/YGw= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/gomega v1.4.1 h1:PZSj/UFNaVp3KxrzHOcS7oyuWA7LoOY/77yCTEFu21U= +github.com/onsi/gomega v1.4.1/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= +github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ= +github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= +github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI= +github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= +github.com/opencontainers/runc v0.1.1 h1:GlxAyO6x8rfZYN9Tt0Kti5a/cP41iuiO2yYT0IJGY8Y= +github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= +github.com/opencontainers/runtime-spec v0.1.2-0.20180710222632-d810dbc60d8c h1:Sl3OOVnd2RrFa6FZTRgEFtvKRvc6VaLDpbZu4vlvSiY= +github.com/opencontainers/runtime-spec v0.1.2-0.20180710222632-d810dbc60d8c/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/spf13/cobra v0.0.2/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v0.8.0 h1:1921Yw9Gc3iSc4VQh3PIoOqgPCZS7G/4xQNVUp8Mda8= +github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910 h1:idejC8f05m9MGOsuEi1ATq9shN03HrxNkD/luQvxCv8= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e h1:n/3MEhJQjQxrOUCzh1Y3Re6aJUUWRp2M9+Oc3eVn/54= +github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273 h1:agujYaXJSxSo18YNX3jzl+4G6Bstwt+kqv47GS12uL0= +github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/sirupsen/logrus v1.0.6 h1:hcP1GmhGigz/O7h1WVUM5KklBp1JoNS9FggWKdj/j3s= +github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= +github.com/spf13/cobra v0.0.3 h1:ZlrZ4XsMRm04Fr5pSFxBgfND2EBVa1nLpiy1stUsX/8= +github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/pflag v1.0.1 h1:aCvUg6QPl3ibpQUxyLkrEkCHtPqYJL4x9AuhqVqFis4= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/stevvooe/resumable v0.0.0-20180830230917-22b14a53ba50 h1:4bT0pPowCpQImewr+BjzfUKcuFW+KVyB8d1OF3b6oTI= +github.com/stevvooe/resumable v0.0.0-20180830230917-22b14a53ba50/go.mod h1:1pdIZTAHUz+HDKDVZ++5xg/duPlhKAIzw9qy42CWYp4= +github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/syndtr/gocapability v0.0.0-20180223013746-33e07d32887e h1:QjF5rxNgRSLHJDwKUvfYP3qOx1vTDzUi/+oSC8FXnCI= +github.com/syndtr/gocapability v0.0.0-20180223013746-33e07d32887e/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= +golang.org/x/crypto v0.0.0-20180515001509-1a580b3eff78 h1:uJIReYEB1ZZLarzi83Pmig1HhZ/cwFCysx05l0PFBIk= golang.org/x/crypto v0.0.0-20180515001509-1a580b3eff78/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/net v0.0.0-20180420171651-5f9ae10d9af5 h1:ylIG3jIeS45kB0W95N19kS62fwermjMYLIyybf8xh9M= golang.org/x/net v0.0.0-20180420171651-5f9ae10d9af5/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180302081741-dd2ff4accc09 h1:wNPZbZUOH0tyqngVRXeF2iQm19+ssqyebJTCFBvxsow= golang.org/x/sys v0.0.0-20180302081741-dd2ff4accc09/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2 h1:+DCIGbF/swA92ohVg0//6X2IVY3KZs6p9mix0ziNYJM= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -google.golang.org/genproto v0.0.0-20180427144745-86e600f69ee4/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20180831171423-11092d34479b h1:lohp5blsw53GBXtLyLNaTXPXS9pJ1tiTw61ZHUoE9Qw= +google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/grpc v1.11.3 h1:yy64MFk0j8qZbdXVA0MaSE+s/+6nCUdiyf1uNSjAz0c= google.golang.org/grpc v1.11.3/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= +gopkg.in/airbrake/gobrake.v2 v2.0.9 h1:7z2uVWwn7oVeeugY1DtlPAy5H+KYgB1KeKTnqjNatLo= +gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2 h1:OAj3g0cR6Dx/R07QgQe8wkA9RNjB2u4i700xBkIT4e0= +gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/yaml.v2 v2.1.1 h1:fxK3tv8mQPVEgxu/S2LJ040LyqiajHt+syP0CdDS/Sc= gopkg.in/yaml.v2 v2.1.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gotest.tools v2.1.0+incompatible h1:5USw7CrJBYKqjg9R7QlA6jzqZKEAtvW82aNmsxxGPxw= +gotest.tools v2.1.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= +k8s.io/api v0.0.0-20180712090710-2d6f90ab1293 h1:hROmpFC7JMobXFXMmD7ZKZLhDKvr1IKfFJoYS/45G/8= k8s.io/api v0.0.0-20180712090710-2d6f90ab1293/go.mod h1:iuAfoD4hCxJ8Onx9kaTIt30j7jUFS00AXQi6QMi99vA= +k8s.io/apimachinery v0.0.0-20180621070125-103fd098999d h1:MZjlsu9igBoVPZkXpIGoxI6EonqNsXXZU7hhvfQLkd4= k8s.io/apimachinery v0.0.0-20180621070125-103fd098999d/go.mod h1:ccL7Eh7zubPUSh9A3USN90/OzHNSVN6zxzde07TDCL0= +k8s.io/client-go v0.0.0-20180806134042-1f13a808da65 h1:wQUEIVcXYxsDE8RXfUufo1nfnkeH/BEPhT175YIzea4= k8s.io/client-go v0.0.0-20180806134042-1f13a808da65/go.mod h1:7vJpHMYJwNQCWgzmNV+VYUl1zCObLyodBc8nIyt8L5s= +k8s.io/kubernetes v1.11.2 h1:2/lmzYbN17Mr23mX/p4ODMm/MBWTeu2Q1Bvsw82YC40= k8s.io/kubernetes v1.11.2/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= diff --git a/src/initramfs/pkg/userdata/userdata.go b/src/initramfs/pkg/userdata/userdata.go index 27a18cf461..9bde8c0390 100644 --- a/src/initramfs/pkg/userdata/userdata.go +++ b/src/initramfs/pkg/userdata/userdata.go @@ -5,6 +5,7 @@ import ( "io/ioutil" "net/http" "os" + "path" "github.com/autonomy/dianemo/src/initramfs/pkg/crypto/x509" yaml "gopkg.in/yaml.v2" @@ -46,8 +47,12 @@ type Networking struct { // Services represents the set of services available to configure. type Services struct { + Kubelet *Kubelet `yaml:"kubelet"` Kubeadm *Kubeadm `yaml:"kubeadm"` Trustd *Trustd `yaml:"trustd"` + Proxyd *Proxyd `yaml:"proxyd"` + OSD *OSD `yaml:"osd"` + CRT *CRT `yaml:"crt"` } // File represents a files to write to disk. @@ -57,8 +62,14 @@ type File struct { Path string `yaml:"path"` } +// Kubelet describes the configuration of the kubelet service. +type Kubelet struct { + Image string `yaml:"image,omitempty"` +} + // Kubeadm describes the set of configuration options available for kubeadm. type Kubeadm struct { + Image string `yaml:"image,omitempty"` ContainerRuntime string `yaml:"containerRuntime,omitempty"` Configuration string `yaml:"configuration,omitempty"` Init *InitConfiguration `yaml:"init,omitempty"` @@ -79,11 +90,42 @@ type InitConfiguration struct { // authenticate as a client. The endpoints should only be specified in the // worker user data, and should include all master nodes participating as a RoT. type Trustd struct { + Image string `yaml:"image,omitempty"` Username string `yaml:"username"` Password string `yaml:"password"` Endpoints []string `yaml:"endpoints,omitempty"` } +// OSD describes the configuration of the osd service. +type OSD struct { + Image string `yaml:"image,omitempty"` +} + +// Proxyd describes the configuration of the proxyd service. +type Proxyd struct { + Image string `yaml:"image,omitempty"` +} + +// CRT describes the configuration of the container runtime service. +type CRT struct { + Image string `yaml:"image,omitempty"` +} + +// WriteFiles writes the requested files to disk. +func (data *UserData) WriteFiles() (err error) { + for _, f := range data.Files { + p := path.Join("/var", f.Path) + if err = os.MkdirAll(path.Dir(p), os.ModeDir); err != nil { + return + } + if err = ioutil.WriteFile(p, []byte(f.Contents), f.Permissions); err != nil { + return + } + } + + return nil +} + // Download initializes a UserData struct from a remote URL. func Download(url string) (data UserData, err error) { resp, err := http.Get(url) diff --git a/src/kernel/.conform.yaml b/src/kernel/.conform.yaml index 7cfcc344ba..fbf689c82f 100644 --- a/src/kernel/.conform.yaml +++ b/src/kernel/.conform.yaml @@ -26,7 +26,8 @@ tasks: && ln -s /tools/bin/true /bin/true \ && ln -s /tools/bin/pwd /bin/pwd RUN check-config.sh .config - RUN mkdir /tmp + RUN unlink /lib + RUN ln -s /tools/lib /lib RUN make -j $(($(nproc) / 2)) RUN make modules_install DEPMOD=/tools/bin/depmod INSTALL_MOD_PATH=/tmp RUN depmod -b /tmp 4.18.5-dianemo diff --git a/src/rootfs/.conform.yaml b/src/rootfs/.conform.yaml index b41f341d5c..738ebec3d6 100644 --- a/src/rootfs/.conform.yaml +++ b/src/rootfs/.conform.yaml @@ -2,19 +2,24 @@ metadata: repository: dianemo/rootfs variables: rootfs: /rootfs + srcContainerd: https://github.com/containerd/containerd/releases/download/v1.2.0-beta.2/containerd-1.2.0-beta.2.linux-amd64.tar.gz srcCRITools: https://github.com/kubernetes-incubator/cri-tools/releases/download/v1.11.1/crictl-v1.11.1-linux-amd64.tar.gz - srcDocker: https://download.docker.com/linux/static/stable/x86_64/docker-17.03.2-ce.tgz + srcLibseccomp: https://github.com/seccomp/libseccomp/releases/download/v2.3.3/libseccomp-2.3.3.tar.gz srcKubeadm: https://storage.googleapis.com/kubernetes-release/release/v1.11.2/bin/linux/amd64/kubeadm + srcRunc: https://github.com/opencontainers/runc/releases/download/v1.0.0-rc5/runc.amd64 pipeline: stages: - image stages: image: tasks: - - base + - libseccomp + - libblkid + - libuuid - certs - crictl - - docker + - containerd + - runc - kubeadm - cleanup - rootfs @@ -28,20 +33,30 @@ tasks: COPY src/cleanup.sh /tools/bin RUN chmod +x /tools/bin/cleanup.sh RUN /tools/bin/cleanup.sh {{ index .Variables "rootfs" }} + containerd: + template: | + RUN curl -L {{ index .Variables "srcContainerd" }} | tar --strip-components=1 -xz -C {{ index .Variables "rootfs" }}/bin + RUN rm {{ index .Variables "rootfs" }}/bin/ctr crictl: template: | RUN curl -L {{ index .Variables "srcCRITools" }} | tar -xz -C {{ index .Variables "rootfs" }}/bin - docker: + libblkid: + template: | + RUN cp /tools/lib/libblkid.* {{ index .Variables "rootfs" }}/lib + libuuid: template: | - RUN curl -L {{ index .Variables "srcDocker" }} | tar --strip-components=1 -xz -C {{ index .Variables "rootfs" }}/bin - base: + RUN cp /tools/lib/libuuid.* {{ index .Variables "rootfs" }}/lib + libseccomp: template: | FROM dianemo/tools:{{ .Docker.Image.Tag }} AS {{ .Docker.CurrentStage }} - ENV PATH $PATH:/tools/bin - WORKDIR {{ index .Variables "rootfs" }} - COPY src/fsh.sh /tools/bin - RUN chmod +x /tools/bin/fsh.sh - RUN fsh.sh {{ index .Variables "rootfs" }} + WORKDIR /tools/usr/local/src/{{ .Docker.CurrentStage }} + RUN curl -L {{index .Variables "srcLibseccomp" }} | tar --strip-components=1 -xz + WORKDIR build + RUN ../configure \ + --prefix=/usr \ + --disable-static + RUN make -j $(($(nproc) / 2)) + RUN make install DESTDIR={{ index .Variables "rootfs" }} kubeadm: template: | RUN curl --retry 3 --retry-delay 60 -L {{ index .Variables "srcKubeadm" }} -o {{ index .Variables "rootfs" }}/bin/kubeadm @@ -50,4 +65,8 @@ tasks: template: | FROM scratch LABEL maintainer="Andrew Rynhard " - COPY --from=base {{ index .Variables "rootfs" }} {{ index .Variables "rootfs" }} + COPY --from=libseccomp {{ index .Variables "rootfs" }} {{ index .Variables "rootfs" }} + runc: + template: | + RUN curl -L {{ index .Variables "srcRunc" }} -o {{ index .Variables "rootfs" }}/bin/runc + RUN chmod +x {{ index .Variables "rootfs" }}/bin/runc diff --git a/src/rootfs/src/cleanup.sh b/src/rootfs/src/cleanup.sh index 0b416ddc8e..6ea632601f 100644 --- a/src/rootfs/src/cleanup.sh +++ b/src/rootfs/src/cleanup.sh @@ -19,8 +19,34 @@ find ${PREFIX} -type f -name \*.a -print0 | xargs -0 rm -rf find ${PREFIX}/lib ${PREFIX}/usr/lib -type f \( -name \*.so* -a ! -name \*dbg \) -exec strip --strip-unneeded {} ';' find ${PREFIX}/{bin,sbin} ${PREFIX}/usr/{bin,sbin,libexec} -type f -exec strip --strip-all {} ';' -rm -rf ${PREFIX}/usr/include/* -rm -rf ${PREFIX}/usr/share/* +rm -rf \ + ${PREFIX}/bin/getconf \ + ${PREFIX}/bin/ldd \ + ${PREFIX}/bin/mtrace \ + ${PREFIX}/bin/gencat \ + ${PREFIX}/bin/locale \ + ${PREFIX}/bin/xtrace \ + ${PREFIX}/bin/zic \ + ${PREFIX}/bin/sln \ + ${PREFIX}/bin/tzselect \ + ${PREFIX}/bin/iconv \ + ${PREFIX}/bin/sotruss \ + ${PREFIX}/bin/ldconfig \ + ${PREFIX}/bin/pldd \ + ${PREFIX}/bin/iconvconfig \ + ${PREFIX}/bin/localedef \ + ${PREFIX}/bin/makedb \ + ${PREFIX}/bin/pcprofiledump \ + ${PREFIX}/bin/nscd \ + ${PREFIX}/bin/sprof \ + ${PREFIX}/bin/zdump \ + ${PREFIX}/bin/getent \ + ${PREFIX}/bin/scmp_sys_resolver \ + ${PREFIX}/bin/catchsegv \ + ${PREFIX}/lib/gconv/ \ + ${PREFIX}/usr/include/* \ + ${PREFIX}/usr/share/* \ + ${PREFIX}/usr/libexec/getconf mkdir -p /usr/share mkdir -p /usr/local/share diff --git a/src/tools/.conform.yaml b/src/tools/.conform.yaml index ba01e3a116..54cfcb496a 100644 --- a/src/tools/.conform.yaml +++ b/src/tools/.conform.yaml @@ -1,6 +1,7 @@ metadata: repository: dianemo/tools variables: + rootfs: /rootfs srcAutoconf: https://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.xz srcBash: https://ftp.gnu.org/gnu/bash/bash-4.4.12.tar.gz srcBc: https://ftp.gnu.org/gnu/bc/bc-1.07.1.tar.gz @@ -834,6 +835,51 @@ tasks: RUN [ "mkdir", "/bin" ] RUN [ "ln", "-s", "/tools/bin/bash", "/bin/sh" ] RUN [ "ln", "-s", "/tools/bin/bash", "/bin/bash" ] + ENV PATH $PATH:/tools/bin + WORKDIR {{ index .Variables "rootfs" }} + COPY src/fsh.sh /tools/bin + RUN chmod +x /tools/bin/fsh.sh + RUN fsh.sh {{ index .Variables "rootfs" }} + WORKDIR /tools/usr/local/src/{{ .Docker.CurrentStage }} + RUN curl -L {{index .Variables "srcGlibc" }} | tar --strip-components=1 -xJ + RUN ln -sfv /tools/lib/gcc /usr/lib + # Required by makeinfo + RUN ln -sv /tools/bin/perl /usr/bin/perl + WORKDIR build + RUN CC="gcc -isystem /usr/lib/gcc/x86_64-pc-linux-gnu/7.2.0/include -isystem /usr/include" \ + ../configure \ + --prefix=/usr \ + --disable-static \ + --disable-werror \ + --enable-kernel=4.9 \ + --enable-stack-protector=strong \ + libc_cv_slibdir=/lib + RUN make -j $(($(nproc) / 2)) + # RUN make check || true + RUN sed '/test-installation/s@$(PERL)@echo not running@' -i ../Makefile + RUN make install DESTDIR={{ index .Variables "rootfs" }} + RUN mkdir {{ index .Variables "rootfs" }}/usr/lib/locale + RUN localedef -i en_US -f UTF-8 en_US.UTF-8 + RUN mkdir p {{ index .Variables "rootfs" }}/etc/default + RUN echo LC_ALL="en_US.UTF-8" >{{ index .Variables "rootfs" }}/etc/default/locale + RUN ln -sfv /tools/lib/libgcc_s.so{,.1} /usr/lib + RUN mv -v /tools/bin/{ld,ld-old} + RUN mv -v /tools/$(uname -m)-pc-linux-gnu/bin/{ld,ld-old} + RUN mv -v /tools/bin/{ld-new,ld} + RUN ln -sv /tools/bin/ld /tools/$(uname -m)-pc-linux-gnu/bin/ld + RUN gcc -dumpspecs | sed -e 's@/tools@@g' \ + -e '/\*startfile_prefix_spec:/{n;s@.*@/usr/lib/ @}' \ + -e '/\*cpp:/{n;s@$@ -isystem /usr/include@}' > \ + `dirname $(gcc --print-libgcc-file-name)`/specs + RUN echo 'int main(){}' > dummy.c + RUN cc dummy.c -v -Wl,--verbose &> dummy.log + RUN readelf -l a.out | grep ': /lib' + RUN grep -o '/usr/lib.*/crt[1in].*succeeded' dummy.log + RUN grep -B1 '^ /usr/include' dummy.log + RUN grep 'SEARCH.*/usr/lib' dummy.log |sed 's|; |\n|g' + RUN grep "/lib.*/libc.so.6 " dummy.log + RUN grep found dummy.log + RUN rm -v dummy.c a.out dummy.log util-linux: template: | WORKDIR $SRC/{{ .Docker.CurrentStage }} diff --git a/src/rootfs/src/fsh.sh b/src/tools/src/fsh.sh similarity index 61% rename from src/rootfs/src/fsh.sh rename to src/tools/src/fsh.sh index 0a377cc7fb..2fa5e35838 100644 --- a/src/rootfs/src/fsh.sh +++ b/src/tools/src/fsh.sh @@ -5,7 +5,7 @@ set -e rm -rf /bin -mkdir -pv ${PREFIX}/{dev,lib,opt,proc,sys,etc} +mkdir -pv ${PREFIX}/{dev,etc,lib,opt,proc,sys} mkdir -pv ${PREFIX}/bin ln -sv /bin $PREFIX/sbin @@ -28,23 +28,10 @@ mkdir -pv ${PREFIX}/run mkdir -pv ${PREFIX}/var/{log,mail,spool} ln -sv /run $PREFIX/var/run -mkdir -pv $PREFIX/var/containers/{oci/hooks.d,} -ln -sv /var/containers $PREFIX/etc/containers -mkdir -pv $PREFIX/var/crio -ln -sv /var/crio $PREFIX/etc/crio -mkdir -pv $PREFIX/var/docker -ln -sv /var/docker $PREFIX/etc/docker -mkdir -pv $PREFIX/var/kubernetes -ln -sv /var/kubernetes $PREFIX/etc/kubernetes -mkdir -pv $PREFIX/var/cni -ln -sv /var/cni $PREFIX/etc/cni -mkdir -pv $PREFIX/var/libexec/kubernetes $PREFIX/usr/libexec -ln -sv /var/libexec/kubernetes $PREFIX/usr/libexec/kubernetes - install -dv -m 0750 ${PREFIX}/root install -dv -m 1777 ${PREFIX}/tmp ${PREFIX}/var/tmp -for d in /rootfs/*; do +for d in ${PREFIX}/*; do _d=/$(basename $d) if [[ ! -d $_d ]]; then echo $_d