2015-08-27 19:24:26 +00:00
|
|
|
package userdocker
|
|
|
|
|
|
|
|
|
|
import (
|
2016-06-08 01:59:45 +00:00
|
|
|
"io"
|
2016-05-16 22:29:42 +00:00
|
|
|
"io/ioutil"
|
2015-08-27 19:24:26 +00:00
|
|
|
"os"
|
|
|
|
|
"os/signal"
|
2016-05-16 22:29:42 +00:00
|
|
|
"strconv"
|
2015-08-27 19:24:26 +00:00
|
|
|
"syscall"
|
|
|
|
|
"time"
|
|
|
|
|
|
2016-05-24 00:21:28 +00:00
|
|
|
"golang.org/x/net/context"
|
|
|
|
|
|
2016-06-08 01:59:45 +00:00
|
|
|
"path/filepath"
|
|
|
|
|
|
2015-08-27 19:24:26 +00:00
|
|
|
log "github.com/Sirupsen/logrus"
|
2016-05-16 22:29:42 +00:00
|
|
|
"github.com/docker/engine-api/types"
|
2016-05-24 00:21:28 +00:00
|
|
|
composeClient "github.com/docker/libcompose/docker/client"
|
2015-08-27 19:24:26 +00:00
|
|
|
"github.com/docker/libcompose/project"
|
2015-10-12 11:50:17 +00:00
|
|
|
"github.com/rancher/os/cmd/control"
|
|
|
|
|
"github.com/rancher/os/compose"
|
|
|
|
|
"github.com/rancher/os/config"
|
2016-05-16 22:29:42 +00:00
|
|
|
rosDocker "github.com/rancher/os/docker"
|
2016-06-02 19:16:30 +00:00
|
|
|
"github.com/rancher/os/util"
|
2015-08-27 19:24:26 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
DEFAULT_STORAGE_CONTEXT = "console"
|
2016-05-16 22:29:42 +00:00
|
|
|
DOCKER_PID_FILE = "/var/run/docker.pid"
|
|
|
|
|
DOCKER_COMMAND = "docker-init"
|
2015-08-27 19:24:26 +00:00
|
|
|
userDocker = "user-docker"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func Main() {
|
2016-06-02 01:41:55 +00:00
|
|
|
cfg := config.LoadConfig()
|
2015-08-27 19:24:26 +00:00
|
|
|
|
2016-06-08 01:59:45 +00:00
|
|
|
execID, resp, err := startDocker(cfg)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
process, err := getDockerProcess()
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
handleTerm(process)
|
|
|
|
|
|
|
|
|
|
// Wait for Docker daemon to exit
|
|
|
|
|
io.Copy(ioutil.Discard, resp.Reader)
|
|
|
|
|
resp.Close()
|
|
|
|
|
|
|
|
|
|
client, err := rosDocker.NewSystemClient()
|
|
|
|
|
if err != nil {
|
2016-05-16 22:29:42 +00:00
|
|
|
log.Fatal(err)
|
2015-08-27 19:24:26 +00:00
|
|
|
}
|
2016-05-16 22:29:42 +00:00
|
|
|
|
2016-06-08 01:59:45 +00:00
|
|
|
state, err := client.ContainerExecInspect(context.Background(), execID)
|
|
|
|
|
if err != nil {
|
2016-05-16 22:29:42 +00:00
|
|
|
log.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-08 01:59:45 +00:00
|
|
|
// Proxy exit code
|
|
|
|
|
os.Exit(state.ExitCode)
|
2015-08-27 19:24:26 +00:00
|
|
|
}
|
|
|
|
|
|
2016-06-02 19:16:30 +00:00
|
|
|
func writeCerts(cfg *config.CloudConfig) error {
|
|
|
|
|
outDir := control.ServerTlsPath
|
|
|
|
|
if err := os.MkdirAll(outDir, 0700); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
caCertPath := filepath.Join(outDir, control.CaCert)
|
|
|
|
|
caKeyPath := filepath.Join(outDir, control.CaKey)
|
|
|
|
|
serverCertPath := filepath.Join(outDir, control.ServerCert)
|
|
|
|
|
serverKeyPath := filepath.Join(outDir, control.ServerKey)
|
|
|
|
|
if cfg.Rancher.Docker.CACert != "" {
|
|
|
|
|
if err := util.WriteFileAtomic(caCertPath, []byte(cfg.Rancher.Docker.CACert), 0400); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := util.WriteFileAtomic(caKeyPath, []byte(cfg.Rancher.Docker.CAKey), 0400); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if cfg.Rancher.Docker.ServerCert != "" {
|
|
|
|
|
if err := util.WriteFileAtomic(serverCertPath, []byte(cfg.Rancher.Docker.ServerCert), 0400); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := util.WriteFileAtomic(serverKeyPath, []byte(cfg.Rancher.Docker.ServerKey), 0400); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-08 01:59:45 +00:00
|
|
|
func startDocker(cfg *config.CloudConfig) (string, types.HijackedResponse, error) {
|
2016-05-16 22:29:42 +00:00
|
|
|
storageContext := cfg.Rancher.Docker.StorageContext
|
|
|
|
|
if storageContext == "" {
|
|
|
|
|
storageContext = DEFAULT_STORAGE_CONTEXT
|
2015-08-27 19:24:26 +00:00
|
|
|
}
|
|
|
|
|
|
2016-05-16 22:29:42 +00:00
|
|
|
log.Infof("Starting Docker in context: %s", storageContext)
|
2015-09-22 18:16:55 +00:00
|
|
|
|
2016-06-12 19:02:07 +00:00
|
|
|
p, err := compose.GetProject(cfg, true, false)
|
2015-08-27 19:24:26 +00:00
|
|
|
if err != nil {
|
2016-06-08 01:59:45 +00:00
|
|
|
return "", types.HijackedResponse{}, err
|
2015-08-27 19:24:26 +00:00
|
|
|
}
|
|
|
|
|
|
2016-05-16 22:29:42 +00:00
|
|
|
pid, err := waitForPid(storageContext, p)
|
2015-08-27 19:24:26 +00:00
|
|
|
if err != nil {
|
2016-06-08 01:59:45 +00:00
|
|
|
return "", types.HijackedResponse{}, err
|
2015-08-27 19:24:26 +00:00
|
|
|
}
|
|
|
|
|
|
2016-05-16 22:29:42 +00:00
|
|
|
log.Infof("%s PID %d", storageContext, pid)
|
2015-08-27 19:24:26 +00:00
|
|
|
|
2016-05-16 22:29:42 +00:00
|
|
|
client, err := rosDocker.NewSystemClient()
|
|
|
|
|
if err != nil {
|
2016-06-08 01:59:45 +00:00
|
|
|
return "", types.HijackedResponse{}, err
|
2016-05-16 22:29:42 +00:00
|
|
|
}
|
2015-08-27 19:24:26 +00:00
|
|
|
|
2016-05-16 22:29:42 +00:00
|
|
|
if err := os.Remove(DOCKER_PID_FILE); err != nil && !os.IsNotExist(err) {
|
2016-06-08 01:59:45 +00:00
|
|
|
return "", types.HijackedResponse{}, err
|
2015-08-27 19:24:26 +00:00
|
|
|
}
|
|
|
|
|
|
2016-05-16 22:29:42 +00:00
|
|
|
dockerCfg := cfg.Rancher.Docker
|
2015-08-27 19:24:26 +00:00
|
|
|
|
2016-05-16 22:29:42 +00:00
|
|
|
args := dockerCfg.FullArgs()
|
2015-08-27 19:24:26 +00:00
|
|
|
|
2016-05-16 22:29:42 +00:00
|
|
|
log.Debugf("User Docker args: %v", args)
|
2015-08-27 19:24:26 +00:00
|
|
|
|
2016-05-16 22:29:42 +00:00
|
|
|
if dockerCfg.TLS {
|
2016-06-02 19:16:30 +00:00
|
|
|
if err := writeCerts(cfg); err != nil {
|
2016-06-08 01:59:45 +00:00
|
|
|
return "", types.HijackedResponse{}, err
|
2016-05-16 22:29:42 +00:00
|
|
|
}
|
2015-08-27 19:24:26 +00:00
|
|
|
}
|
|
|
|
|
|
2016-05-16 22:29:42 +00:00
|
|
|
cmd := []string{"env"}
|
|
|
|
|
log.Info(dockerCfg.AppendEnv())
|
|
|
|
|
cmd = append(cmd, dockerCfg.AppendEnv()...)
|
|
|
|
|
cmd = append(cmd, DOCKER_COMMAND)
|
|
|
|
|
cmd = append(cmd, args...)
|
|
|
|
|
log.Infof("Running %v", cmd)
|
|
|
|
|
|
2016-06-01 01:12:52 +00:00
|
|
|
resp, err := client.ContainerExecCreate(context.Background(), types.ExecConfig{
|
|
|
|
|
Container: storageContext,
|
2016-05-16 22:29:42 +00:00
|
|
|
Privileged: true,
|
|
|
|
|
AttachStderr: true,
|
|
|
|
|
AttachStdout: true,
|
|
|
|
|
Cmd: cmd,
|
|
|
|
|
})
|
|
|
|
|
if err != nil {
|
2016-06-08 01:59:45 +00:00
|
|
|
return "", types.HijackedResponse{}, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
attachResp, err := client.ContainerExecAttach(context.Background(), resp.ID, types.ExecConfig{
|
|
|
|
|
Detach: false,
|
|
|
|
|
AttachStderr: true,
|
|
|
|
|
AttachStdout: true,
|
|
|
|
|
})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", types.HijackedResponse{}, err
|
2015-08-27 19:24:26 +00:00
|
|
|
}
|
|
|
|
|
|
2016-06-08 01:59:45 +00:00
|
|
|
return resp.ID, attachResp, nil
|
2016-05-16 22:29:42 +00:00
|
|
|
}
|
|
|
|
|
|
2016-06-08 01:59:45 +00:00
|
|
|
func getDockerProcess() (*os.Process, error) {
|
2016-05-16 22:29:42 +00:00
|
|
|
pidBytes, err := waitForFile(DOCKER_PID_FILE)
|
|
|
|
|
if err != nil {
|
2016-06-08 01:59:45 +00:00
|
|
|
return nil, err
|
2015-08-27 19:24:26 +00:00
|
|
|
}
|
2016-05-16 22:29:42 +00:00
|
|
|
dockerPid, err := strconv.Atoi(string(pidBytes))
|
2015-08-27 19:24:26 +00:00
|
|
|
if err != nil {
|
2016-06-08 01:59:45 +00:00
|
|
|
return nil, err
|
2015-08-27 19:24:26 +00:00
|
|
|
}
|
2016-06-08 01:59:45 +00:00
|
|
|
return os.FindProcess(dockerPid)
|
2015-08-27 19:24:26 +00:00
|
|
|
}
|
|
|
|
|
|
2016-06-08 01:59:45 +00:00
|
|
|
func handleTerm(process *os.Process) {
|
2015-08-27 19:24:26 +00:00
|
|
|
term := make(chan os.Signal)
|
|
|
|
|
signal.Notify(term, syscall.SIGTERM)
|
|
|
|
|
go func() {
|
|
|
|
|
<-term
|
2016-06-08 01:59:45 +00:00
|
|
|
process.Signal(syscall.SIGTERM)
|
2015-08-27 19:24:26 +00:00
|
|
|
}()
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-16 22:29:42 +00:00
|
|
|
func waitForFile(file string) ([]byte, error) {
|
|
|
|
|
for {
|
|
|
|
|
contents, err := ioutil.ReadFile(file)
|
|
|
|
|
if os.IsNotExist(err) {
|
|
|
|
|
log.Infof("Waiting for %s", file)
|
|
|
|
|
time.Sleep(1 * time.Second)
|
|
|
|
|
} else if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
} else {
|
|
|
|
|
return contents, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-27 19:24:26 +00:00
|
|
|
func waitForPid(service string, project *project.Project) (int, error) {
|
2015-09-22 18:16:55 +00:00
|
|
|
log.Infof("Getting PID for service: %s", service)
|
2015-08-27 19:24:26 +00:00
|
|
|
for {
|
|
|
|
|
if pid, err := getPid(service, project); err != nil || pid == 0 {
|
|
|
|
|
log.Infof("Waiting for %s : %d : %v", service, pid, err)
|
2015-09-22 18:16:55 +00:00
|
|
|
time.Sleep(1 * time.Second)
|
2015-08-27 19:24:26 +00:00
|
|
|
} else {
|
|
|
|
|
return pid, err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getPid(service string, project *project.Project) (int, error) {
|
|
|
|
|
s, err := project.CreateService(service)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-24 00:21:28 +00:00
|
|
|
containers, err := s.Containers(context.Background())
|
2015-08-27 19:24:26 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(containers) == 0 {
|
|
|
|
|
return 0, nil
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-24 00:21:28 +00:00
|
|
|
client, err := composeClient.Create(composeClient.Options{
|
2015-08-27 19:24:26 +00:00
|
|
|
Host: config.DOCKER_SYSTEM_HOST,
|
|
|
|
|
})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-26 12:41:42 +00:00
|
|
|
id, err := containers[0].ID()
|
2015-08-27 19:24:26 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-24 00:21:28 +00:00
|
|
|
info, err := client.ContainerInspect(context.Background(), id)
|
|
|
|
|
if err != nil || info.ID == "" {
|
2015-08-27 19:24:26 +00:00
|
|
|
return 0, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if info.State.Running {
|
|
|
|
|
return info.State.Pid, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0, nil
|
|
|
|
|
}
|
