github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-11-04 08:55:13 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1252 from justincormack/cleanup

Browse Source 
More cleanup
This commit is contained in:
Justin Cormack
2017-03-07 13:09:03 +00:00
committed by GitHub
parent cf809a6eb8 7d6de92700
commit 24c7e6eeb6
10 changed files with 15 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
base/pinata-iptables/Dockerfile
View File

@@ -1,9 +0,0 @@
# Tag: alpine
FROM ocaml/opam@sha256:2d15235a8150d49353533848c8a2c326996558d57872acec59de35f8965dab4d
RUN sudo apk add m4
RUN opam install --use-internal-solver ocamlfind astring syslog -y
WORKDIR /app
ADD . /app
RUN sudo chown -R opam /app
RUN opam config exec -- ocamlfind ocamlopt -package unix,astring,syslog -linkpkg -o iptables main.ml
CMD ["tar", "cf", "-", "iptables"]

12
base/pinata-iptables/Makefile
View File

@@ -1,12 +0,0 @@
BASE=ocaml/opam:alpine
IMAGE=pinata-iptables
# OCaml builds are non deterministic so do not generate a hash
default: Dockerfile main.ml
docker pull $(BASE)
BUILD=$$( docker build -q . ) && \
[ -n "$$BUILD" ] && \
echo "Built $$BUILD" && \
docker tag $$BUILD mobylinux/$(IMAGE):latest
docker push mobylinux/$(IMAGE):latest

94
base/pinata-iptables/main.ml
View File

@@ -1,94 +0,0 @@
(* ocamlfind ocamlopt -package unix,astring -linkpkg -o iptables iptables.ml *)
(*
--wait -t nat -I DOCKER-INGRESS -p tcp --dport 80 -j DNAT --to-destination 172.18.0.2:80
--wait -t nat -D DOCKER-INGRESS -p tcp --dport 80 -j DNAT --to-destination 172.18.0.2:80
*)
let _iptables = "/sbin/iptables"
let _proxy = "/usr/bin/slirp-proxy"
let _pid_dir = "/var/run/service-port-opener"
type port = {
proto: string;
dport: string; (* host port *)
ip: string; (* container ip *)
port: string; (* container port *)
}
let syslog = Syslog.openlog ~facility:`LOG_SECURITY "iptables-wrapper"
let logf fmt =
Printf.ksprintf (fun s ->
Syslog.syslog syslog `LOG_INFO s
) fmt
let pid_filename { proto; dport; ip; port } =
Printf.sprintf "%s/%s.%s.%s.%s.pid" _pid_dir proto dport ip port
let insert ({ proto; dport; ip; port } as p) =
let filename = pid_filename p in
logf "insert: creating a proxy for %s" filename;
let args = [ _proxy; "-proto"; proto; "-container-ip"; ip; "-container-port"; port; "-host-ip"; "0.0.0.0"; "-host-port"; dport; "-i"; "-no-local-ip" ] in
let pid = Unix.fork () in
if pid == 0 then begin
logf "binary = %s args = %s" _proxy (String.concat "; " args);
(* Close the vast number of fds I've inherited from docker *)
(* TODO(djs55): revisit, possibly by filing a docker/docker issue *)
for i = 0 to 1023 do
let fd : Unix.file_descr = Obj.magic i in
try Unix.close fd with Unix.Unix_error(Unix.EBADF, _, _) -> ()
done;
let null = Unix.openfile "/dev/null" [ Unix.O_RDWR ] 0 in
Unix.dup2 null Unix.stdin;
Unix.dup2 null Unix.stdout;
Unix.dup2 null Unix.stderr;
(try Unix.execv _proxy (Array.of_list args) with e -> logf "Failed with %s" (Printexc.to_string e));
exit 1
end else begin
(* write pid to a file (not atomically) *)
let oc = open_out filename in
output_string oc (string_of_int pid);
close_out oc
end
let delete ({ proto; dport; ip; port } as p) =
let filename = pid_filename p in
logf "delete: removing a proxy for %s" filename;
(* read the pid from a file *)
try
let ic = open_in filename in
let pid = int_of_string (input_line ic) in
logf "Sending SIGTERM to %d" pid;
Unix.kill pid Sys.sigterm;
Unix.unlink filename
with e ->
logf "delete: failed to remove proxy for %s: %s" filename (Printexc.to_string e);
()
let parse_ip_port ip_port = match Astring.String.cut ~sep:":" ip_port with
| None ->
failwith ("Failed to parse <ip:port>:" ^ ip_port)
| Some (ip, port) ->
ip, port
let _ =
( try Unix.mkdir _pid_dir 0o0755 with Unix.Unix_error(Unix.EEXIST, _, _) -> () );
let port_forwarding =
try
let ic = open_in "/Database/native/port-forwarding" in
bool_of_string (String.trim (input_line ic))
with _ -> false in
logf "port_forwarding=%b intercepted arguments [%s]" port_forwarding (String.concat "; " (Array.to_list Sys.argv));
if port_forwarding then begin
match Array.to_list Sys.argv with
| [ _; "--wait"; "-t"; "nat"; "-I"; "DOCKER-INGRESS"; "-p"; proto; "--dport"; dport; "-j"; "DNAT"; "--to-destination"; ip_port ] ->
let ip, port = parse_ip_port ip_port in
insert { proto; dport; ip; port }
| [ _; "--wait"; "-t"; "nat"; "-D"; "DOCKER-INGRESS"; "-p"; proto; "--dport"; dport; "-j"; "DNAT"; "--to-destination"; ip_port ] ->
let ip, port = parse_ip_port ip_port in
delete { proto; dport; ip; port }
| _ ->
()
end;
Unix.execv _iptables Sys.argv

2
test.yaml
View File

@@ -7,7 +7,7 @@ system:
- /proc/sys/fs/binfmt_misc:/binfmt_misc - /proc/sys/fs/binfmt_misc:/binfmt_misc
command: [/usr/bin/binfmt, -dir, /etc/binfmt.d/, -mount, /binfmt_misc] command: [/usr/bin/binfmt, -dir, /etc/binfmt.d/, -mount, /binfmt_misc]
- name: check - name: check
image: "mobylinux/check:6dd4f08c02c1f80cf38f63b30046e48b88d72743" image: "mobylinux/check:699ca8e3792dda19a6fd981f58b47c3be0e5d6ec"
pid: host pid: host
capabilities: capabilities:
- CAP_SYS_BOOT - CAP_SYS_BOOT

2
tools/check/Makefile
View File

@@ -5,7 +5,7 @@ IMAGE=check
default: push default: push
hash: Dockerfile check.sh check-kernel-config.sh hash: Dockerfile check.sh check-kernel-config.sh etc/moby
DOCKER_CONTENT_TRUST=1 docker pull $(BASE) DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build - tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c "cat $^ /lib/apk/db/installed | sha1sum" | sed 's/ .*//' > hash docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c "cat $^ /lib/apk/db/installed | sha1sum" | sed 's/ .*//' > hash

3
tools/check/check.sh
View File

@@ -9,4 +9,7 @@ function failed {
bash /check-config.sh || failed bash /check-config.sh || failed
printf "Moby test suite PASSED\n" printf "Moby test suite PASSED\n"
cat /etc/moby
/sbin/poweroff -f /sbin/poweroff -f

10
tools/check/etc/moby Normal file
View File

@@ -0,0 +1,10 @@
## .
## ## ## ==
## ## ## ## ## ===
/"""""""""""""""""\___/ ===
~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~
\______ o __/
\ \ __/
\____\_______/

6
tools/pad4/Dockerfile
View File

@@ -1,6 +0,0 @@
FROM alpine:3.5
COPY . /
ENTRYPOINT ["/bin/sh", "-c"]
CMD ["/pad4.sh"]

29
tools/pad4/Makefile
View File

@@ -1,29 +0,0 @@
.PHONY: tag push
BASE=alpine:3.5
IMAGE=pad4
default: push
hash: Dockerfile pad4.sh
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c 'cat Dockerfile pad4.sh /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > hash
push: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash) && \
docker push mobylinux/$(IMAGE):$(shell cat hash))
docker rmi $(IMAGE):build
rm -f hash
tag: hash
docker pull mobylinux/$(IMAGE):$(shell cat hash) || \
docker tag $(IMAGE):build mobylinux/$(IMAGE):$(shell cat hash)
docker rmi $(IMAGE):build
rm -f hash
clean:
rm -f hash
.DELETE_ON_ERROR:

28
tools/pad4/pad4.sh
View File

@@ -1,28 +0,0 @@
#!/bin/sh
set -e
cd /tmp
cat > initrd.img
SIZE=$(stat -c "%s" initrd.img)
SIZE4=$(( $SIZE / 4 \* 4 ))
DIFF=$(( $SIZE - $SIZE4 ))
[ $DIFF -ne 0 ] && DIFF=$(( 4 - $DIFF ))
dd if=/dev/zero bs=1 count=$DIFF of=zeropad 2>/dev/null
cat zeropad >> initrd.img
SIZE=$(stat -c "%s" initrd.img)
SIZE4=$(( $SIZE / 4 \* 4 ))
DIFF=$(( $SIZE - $SIZE4 ))
if [ $DIFF -ne 0 ]
then
echo "Bad alignment" >2
exit 1
fi
cat initrd.img