mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-07-21 10:09:07 +00:00
Merge pull request #1234 from justincormack/cleanup-tool
Refactoring of Moby tool
This commit is contained in:
Justin Cormack
GitHub
commit
ce417eab07
69
moby/config.go
Normal file
69
moby/config.go
Normal file
@ -0,0 +1,69 @@
|
|||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"gopkg.in/yaml.v2"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Moby struct {
|
||||||
|
Kernel string
|
||||||
|
Init string
|
||||||
|
System []MobyImage
|
||||||
|
Database []struct {
|
||||||
|
File string
|
||||||
|
Value string
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
type MobyImage struct {
|
||||||
|
Name string
|
||||||
|
Image string
|
||||||
|
Capabilities []string
|
||||||
|
Binds []string
|
||||||
|
OomScoreAdj int64 `yaml:"oom_score_adj"`
|
||||||
|
Command []string
|
||||||
|
NetworkMode string `yaml:"network_mode"`
|
||||||
|
}
|
||||||
|
|
||||||
|
const riddler = "mobylinux/riddler:7d4545d8b8ac2700971a83f12a3446a76db28c14@sha256:11b7310df6482fc38aa52b419c2ef1065d7b9207c633d47554e13aa99f6c0b72"
|
||||||
|
|
||||||
|
func NewConfig(config []byte) (*Moby, error) {
|
||||||
|
m := Moby{}
|
||||||
|
|
||||||
|
err := yaml.Unmarshal(config, &m)
|
||||||
|
if err != nil {
|
||||||
|
return &m, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return &m, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func ConfigToRun(image *MobyImage) []string {
|
||||||
|
// riddler arguments
|
||||||
|
args := []string{"run", "--rm", "-v", "/var/run/docker.sock:/var/run/docker.sock", riddler, image.Image, "/containers/" + image.Name}
|
||||||
|
// docker arguments
|
||||||
|
args = append(args, "--cap-drop", "all")
|
||||||
|
for _, cap := range image.Capabilities {
|
||||||
|
if strings.ToUpper(cap)[0:4] == "CAP_" {
|
||||||
|
cap = cap[4:]
|
||||||
|
}
|
||||||
|
args = append(args, "--cap-add", cap)
|
||||||
|
}
|
||||||
|
if image.OomScoreAdj != 0 {
|
||||||
|
args = append(args, "--oom-score-adj", strconv.FormatInt(image.OomScoreAdj, 10))
|
||||||
|
}
|
||||||
|
if image.NetworkMode != "" {
|
||||||
|
args = append(args, "--net", image.NetworkMode)
|
||||||
|
}
|
||||||
|
for _, bind := range image.Binds {
|
||||||
|
args = append(args, "-v", bind)
|
||||||
|
}
|
||||||
|
// image
|
||||||
|
args = append(args, image.Image)
|
||||||
|
// command
|
||||||
|
args = append(args, image.Command...)
|
||||||
|
|
||||||
|
return args
|
||||||
|
}
|
||||||
54
moby/main.go
54
moby/main.go
@ -9,32 +9,11 @@ import (
|
|||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"syscall"
|
|
||||||
|
|
||||||
"github.com/docker/moby/pkg/initrd"
|
"github.com/docker/moby/pkg/initrd"
|
||||||
"gopkg.in/yaml.v2"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type moby struct {
|
|
||||||
Kernel string
|
|
||||||
Init string
|
|
||||||
System []struct {
|
|
||||||
Name string
|
|
||||||
Image string
|
|
||||||
CapDrop []string `yaml:"cap_drop"`
|
|
||||||
CapAdd []string `yaml:"cap_add"`
|
|
||||||
Bind string
|
|
||||||
OomScoreAdj int64 `yaml:"oom_score_adj"`
|
|
||||||
Command []string
|
|
||||||
}
|
|
||||||
Database []struct {
|
|
||||||
File string
|
|
||||||
Value string
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
const (
|
const (
|
||||||
riddler = "mobylinux/riddler:7d4545d8b8ac2700971a83f12a3446a76db28c14@sha256:11b7310df6482fc38aa52b419c2ef1065d7b9207c633d47554e13aa99f6c0b72"
|
|
||||||
docker2tar = "mobylinux/docker2tar:82a3f11f70b2959c7100dd6e184b511ebfc65908@sha256:e4fd36febc108477a2e5316d263ac257527779409891c7ac10d455a162df05c1"
|
docker2tar = "mobylinux/docker2tar:82a3f11f70b2959c7100dd6e184b511ebfc65908@sha256:e4fd36febc108477a2e5316d263ac257527779409891c7ac10d455a162df05c1"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -96,11 +75,9 @@ func build() {
|
|||||||
log.Fatalf("Cannot open config file: %v", err)
|
log.Fatalf("Cannot open config file: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
m := moby{}
|
m, err := NewConfig(config)
|
||||||
|
|
||||||
err = yaml.Unmarshal(config, &m)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("Yaml parse error: %v", err)
|
log.Fatalf("Invalid config: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO switch to using Docker client API not exec - just a quick prototype
|
// TODO switch to using Docker client API not exec - just a quick prototype
|
||||||
@ -142,19 +119,7 @@ func build() {
|
|||||||
containers = append(containers, buffer)
|
containers = append(containers, buffer)
|
||||||
|
|
||||||
for _, image := range m.System {
|
for _, image := range m.System {
|
||||||
// riddler arguments
|
args := ConfigToRun(&image)
|
||||||
args := []string{"run", "--rm", "-v", "/var/run/docker.sock:/var/run/docker.sock", riddler, image.Image, "/containers/" + image.Name}
|
|
||||||
// docker arguments
|
|
||||||
for _, cap := range image.CapDrop {
|
|
||||||
args = append(args, "--cap-drop", cap)
|
|
||||||
}
|
|
||||||
for _, cap := range image.CapAdd {
|
|
||||||
args = append(args, "--cap-add", cap)
|
|
||||||
}
|
|
||||||
// image
|
|
||||||
args = append(args, image.Image)
|
|
||||||
// command
|
|
||||||
args = append(args, image.Command...)
|
|
||||||
cmd := exec.Command(docker, args...)
|
cmd := exec.Command(docker, args...)
|
||||||
|
|
||||||
// get output tarball
|
// get output tarball
|
||||||
@ -182,19 +147,6 @@ func build() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func run() {
|
|
||||||
env := os.Environ()
|
|
||||||
args := []string{}
|
|
||||||
err := syscall.Exec("./hyperkit.sh", args, env)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("Could not run")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
if len(os.Args) >= 2 && os.Args[1] == "run" {
|
|
||||||
run()
|
|
||||||
}
|
|
||||||
build()
|
build()
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -3,18 +3,23 @@ init: "mobylinux/init:ecc2f4a116aca240081754ca063151c52d3e697c"
|
|||||||
system:
|
system:
|
||||||
- name: binfmt
|
- name: binfmt
|
||||||
image: "mobylinux/binfmt:a94e0587b702edaa95cc6f303464959d0eb2311c@sha256:432732b90cbe0498f5ca148d75b90bb1eabd8fbfe8c872df8b23906c225091b1"
|
image: "mobylinux/binfmt:a94e0587b702edaa95cc6f303464959d0eb2311c@sha256:432732b90cbe0498f5ca148d75b90bb1eabd8fbfe8c872df8b23906c225091b1"
|
||||||
cap_drop:
|
binds:
|
||||||
- all
|
- /proc/sys/fs/binfmt_misc:/binfmt_misc
|
||||||
bind: /proc/sys/fs/binfmt_misc:/binfmt_misc
|
|
||||||
command: [/usr/bin/binfmt, -dir, /etc/binfmt.d/, -mount, /binfmt_misc]
|
command: [/usr/bin/binfmt, -dir, /etc/binfmt.d/, -mount, /binfmt_misc]
|
||||||
- name: rngd
|
- name: rngd
|
||||||
image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92"
|
image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92"
|
||||||
cap_drop:
|
capabilities:
|
||||||
- all
|
- CAP_SYS_ADMIN
|
||||||
cap_add:
|
|
||||||
- SYS_ADMIN
|
|
||||||
oom_score_adj: -800
|
oom_score_adj: -800
|
||||||
command: [/bin/tini, /usr/sbin/rngd, -f]
|
command: [/bin/tini, /usr/sbin/rngd, -f]
|
||||||
|
- name: nginx
|
||||||
|
image: "nginx"
|
||||||
|
capabilities:
|
||||||
|
- CAP_NET_BIND_SERVICE
|
||||||
|
- CAP_CHOWN
|
||||||
|
- CAP_SETUID
|
||||||
|
- CAP_SETGID
|
||||||
|
network_mode: host
|
||||||
database:
|
database:
|
||||||
- file: etc/docker/daemon.json
|
- file: etc/docker/daemon.json
|
||||||
value: '{"debug": true}'
|
value: '{"debug": true}'
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user