diff --git a/config/default.go b/config/default.go index 8bd24695..0df37636 100644 --- a/config/default.go +++ b/config/default.go @@ -12,14 +12,33 @@ func NewConfig() *Config { Dev: "LABEL=RANCHER_STATE", FsType: "auto", }, - SystemDockerArgs: []string{"docker", "-d", "-s", "overlay", "-b", "none", "--restart=false"}, + SystemDockerArgs: []string{"docker", "-d", "-s", "overlay", "-b", "none", "--restart=false", "-H", DOCKER_SYSTEM_HOST}, Modules: []string{}, SystemContainers: []ContainerConfig{ { - Cmd: "--name=system-state " + + Cmd: "--name=system-volumes " + "--net=none " + "--read-only " + "-v=/var/lib/rancher/conf:/var/lib/rancher/conf " + + "-v=/lib/modules:/lib/modules:ro " + + "-v=/var/run:/var/run " + + "state", + }, + { + Cmd: "--name=console-volumes " + + "--net=none " + + "--read-only " + + "-v=/init:/sbin/halt:ro " + + "-v=/init:/sbin/poweroff:ro " + + "-v=/init:/sbin/reboot:ro " + + "-v=/init:/sbin/tlsconf:ro " + + "-v=/init:/usr/bin/rancherctl:ro " + + "-v=/init:/usr/bin/respawn:ro " + + "-v=/init:/usr/bin/system-docker:ro " + + "-v=/lib/modules:/lib/modules:ro " + + "-v=/usr/bin/docker:/usr/bin/docker:ro " + + "-v=/var/lib/rancher/state/home:/home " + + "-v=/var/lib/rancher/state/opt:/opt " + "state", }, { @@ -38,38 +57,6 @@ func NewConfig() *Config { "--rm " + "network", }, - { - Cmd: "--name=userdocker " + - "-d " + - "--restart=always " + - "--pid=host " + - "--net=host " + - "--privileged " + - "-v=/lib/modules:/lib/modules:ro " + - "-v=/usr/bin/docker:/usr/bin/docker:ro " + - "--volumes-from=system-state " + - "userdocker", - }, - { - Cmd: "--name=console " + - "-d " + - "--rm " + - "--privileged " + - "-v=/lib/modules:/lib/modules:ro " + - "-v=/usr/bin/docker:/usr/bin/docker:ro " + - "-v=/init:/usr/bin/system-docker:ro " + - "-v=/init:/usr/bin/respawn:ro " + - "-v=/var/run/docker.sock:/var/run/system-docker.sock:ro " + - "-v=/init:/sbin/poweroff:ro " + - "-v=/init:/sbin/reboot:ro " + - "-v=/init:/sbin/halt:ro " + - "-v=/init:/sbin/tlsconf:ro " + - "-v=/init:/usr/bin/rancherctl:ro " + - "--volumes-from=system-state " + - "--net=host " + - "--pid=host " + - "console", - }, { Cmd: "--name=ntp " + "--rm " + @@ -78,17 +65,41 @@ func NewConfig() *Config { "--net=host " + "ntp", }, + { + Cmd: "--name=userdocker " + + "-d " + + "--rm " + + "--restart=always " + + "--ipc=host " + + "--pid=host " + + "--net=host " + + "--privileged " + + "--volumes-from=system-volumes " + + "-v=/usr/bin/docker:/usr/bin/docker:ro " + + "-v=/var/lib/rancher/state/docker:/var/lib/docker " + + "userdocker", + }, + { + Cmd: "--name=console " + + "-d " + + "--rm " + + "--privileged " + + "--volumes-from=console-volumes " + + "--volumes-from=system-volumes " + + "--ipc=host " + + "--net=host " + + "--pid=host " + + "console", + }, }, RescueContainer: &ContainerConfig{ Cmd: "--name=rescue " + "-d " + "--rm " + "--privileged " + - "-v=/lib/modules:/lib/modules:ro " + - "-v=/usr/bin/docker:/usr/bin/docker:ro " + - "-v=/init:/usr/bin/system-docker:ro " + - "-v=/init:/usr/bin/respawn:ro " + - "-v=/var/run/docker.sock:/var/run/system-docker.sock:ro " + + "--volumes-from=console-volumes " + + "--volumes-from=system-volumes " + + "--ipc=host " + "--net=host " + "--pid=host " + "rescue", diff --git a/init/init.go b/init/init.go index e801c08f..bf5997e5 100644 --- a/init/init.go +++ b/init/init.go @@ -14,8 +14,9 @@ import ( ) const ( - STATE string = "/var" - DOCKER string = "/usr/bin/docker" + STATE string = "/var" + DOCKER string = "/usr/bin/docker" + SYSINIT string = "/sbin/rancher-sysinit" ) var ( @@ -23,37 +24,37 @@ var ( "/etc/ssl/certs", "/sbin", "/usr/bin", - "/var", } mounts [][]string = [][]string{ + []string{"devtmpfs", "/dev", "devtmpfs", ""}, + []string{"none", "/dev/pts", "devpts", ""}, []string{"none", "/etc/docker", "tmpfs", ""}, []string{"none", "/proc", "proc", ""}, - []string{"devtmpfs", "/dev", "devtmpfs", ""}, + []string{"none", "/run", "tmpfs", ""}, []string{"none", "/sys", "sysfs", ""}, []string{"none", "/sys/fs/cgroup", "tmpfs", ""}, - []string{"none", "/dev/pts", "devpts", ""}, - []string{"none", "/run", "tmpfs", ""}, + } + postMounts [][]string = [][]string{ + []string{"none", "/var/run", "tmpfs", ""}, } cgroups []string = []string{ - "perf_event", - "net_cls", - "freezer", - "devices", "blkio", - "memory", - "cpuacct", "cpu", + "cpuacct", "cpuset", + "devices", + "freezer", + "memory", + "net_cls", + "perf_event", } // Notice this map is the reverse order of a "ln -s x y" command // so map[y] = x symlinks map[string]string = map[string]string{ "/etc/ssl/certs/ca-certificates.crt": "/ca.crt", - "/sbin/init-sys": "/init", - "/sbin/init-user": "/init", "/sbin/modprobe": "/busybox", - "/var/run": "/run", DOCKER: "/docker", + SYSINIT: "/init", } ) @@ -177,7 +178,7 @@ func loadModules(cfg *config.Config) error { } func sysInit(cfg *config.Config) error { - args := append([]string{"/sbin/init-sys"}, os.Args[1:]...) + args := append([]string{SYSINIT}, os.Args[1:]...) var cmd *exec.Cmd if util.IsRunningInTty() { @@ -275,6 +276,9 @@ func RunInit() error { extractModules, loadModules, mountState, + func(cfg *config.Config) error { + return createMounts(postMounts...) + }, func(cfg *config.Config) error { return cfg.Reload() }, diff --git a/main.go b/main.go index 2a117a75..16128325 100644 --- a/main.go +++ b/main.go @@ -35,7 +35,7 @@ func registerCmd(cmd string, mainFunc func()) { func main() { registerCmd("/init", osInit.MainInit) - registerCmd("/sbin/init-sys", sysinit.SysInit) + registerCmd(osInit.SYSINIT, sysinit.SysInit) registerCmd("/usr/bin/system-docker", systemdocker.Main) registerCmd("/sbin/poweroff", power.PowerOff) registerCmd("/sbin/reboot", power.Reboot) diff --git a/sysinit/sysinit.go b/sysinit/sysinit.go index 2fae9276..de92c1ff 100644 --- a/sysinit/sysinit.go +++ b/sysinit/sysinit.go @@ -83,7 +83,7 @@ func loadImages(cfg *config.Config) error { return err } - client, err := docker.NewDefaultClient() + client, err := docker.NewSystemClient() if err != nil { return err } @@ -122,7 +122,7 @@ func runContainers(cfg *config.Config) error { } for _, containerConfig := range containerConfigs { - container := docker.NewContainer(config.DOCKER_HOST, &containerConfig) + container := docker.NewContainer(config.DOCKER_SYSTEM_HOST, &containerConfig) container.Parse() if util.Contains(cfg.Disable, containerConfig.Id) {