mirror of
https://github.com/rancher/os.git
synced 2025-08-29 19:44:22 +00:00
Use runc exec to start User Docker
This commit is contained in:
Josh Curl
parent
238c393640
commit
21cf86665b
@ -4,9 +4,7 @@ import (
|
|||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
"os/signal"
|
|
||||||
"path"
|
"path"
|
||||||
"strconv"
|
|
||||||
"syscall"
|
"syscall"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
@ -15,7 +13,6 @@ import (
|
|||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
|
||||||
log "github.com/Sirupsen/logrus"
|
log "github.com/Sirupsen/logrus"
|
||||||
"github.com/docker/engine-api/types"
|
|
||||||
composeClient "github.com/docker/libcompose/docker/client"
|
composeClient "github.com/docker/libcompose/docker/client"
|
||||||
"github.com/docker/libcompose/project"
|
"github.com/docker/libcompose/project"
|
||||||
"github.com/rancher/os/cmd/control"
|
"github.com/rancher/os/cmd/control"
|
||||||
@ -39,36 +36,13 @@ func Main() {
|
|||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if err := syscall.Mount("/host/sys", "/sys", "", syscall.MS_BIND|syscall.MS_REC, ""); err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
cfg := config.LoadConfig()
|
cfg := config.LoadConfig()
|
||||||
|
|
||||||
execID, resp, err := startDocker(cfg)
|
log.Fatal(startDocker(cfg))
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
process, err := getDockerProcess()
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
handleTerm(process)
|
|
||||||
|
|
||||||
// Wait for Docker daemon to exit
|
|
||||||
io.Copy(ioutil.Discard, resp.Reader)
|
|
||||||
resp.Close()
|
|
||||||
|
|
||||||
client, err := rosDocker.NewSystemClient()
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
state, err := client.ContainerExecInspect(context.Background(), execID)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Proxy exit code
|
|
||||||
os.Exit(state.ExitCode)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func copyBinaries(source, dest string) error {
|
func copyBinaries(source, dest string) error {
|
||||||
@ -154,7 +128,7 @@ func writeCerts(cfg *config.CloudConfig) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func startDocker(cfg *config.CloudConfig) (string, types.HijackedResponse, error) {
|
func startDocker(cfg *config.CloudConfig) error {
|
||||||
storageContext := cfg.Rancher.Docker.StorageContext
|
storageContext := cfg.Rancher.Docker.StorageContext
|
||||||
if storageContext == "" {
|
if storageContext == "" {
|
||||||
storageContext = DEFAULT_STORAGE_CONTEXT
|
storageContext = DEFAULT_STORAGE_CONTEXT
|
||||||
@ -164,23 +138,19 @@ func startDocker(cfg *config.CloudConfig) (string, types.HijackedResponse, error
|
|||||||
|
|
||||||
p, err := compose.GetProject(cfg, true, false)
|
p, err := compose.GetProject(cfg, true, false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", types.HijackedResponse{}, err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
pid, err := waitForPid(storageContext, p)
|
pid, err := waitForPid(storageContext, p)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", types.HijackedResponse{}, err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Infof("%s PID %d", storageContext, pid)
|
log.Infof("%s PID %d", storageContext, pid)
|
||||||
|
|
||||||
client, err := rosDocker.NewSystemClient()
|
client, err := rosDocker.NewSystemClient()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", types.HijackedResponse{}, err
|
return err
|
||||||
}
|
|
||||||
|
|
||||||
if err := os.Remove(DOCKER_PID_FILE); err != nil && !os.IsNotExist(err) {
|
|
||||||
return "", types.HijackedResponse{}, err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
dockerCfg := cfg.Rancher.Docker
|
dockerCfg := cfg.Rancher.Docker
|
||||||
@ -191,73 +161,23 @@ func startDocker(cfg *config.CloudConfig) (string, types.HijackedResponse, error
|
|||||||
|
|
||||||
if dockerCfg.TLS {
|
if dockerCfg.TLS {
|
||||||
if err := writeCerts(cfg); err != nil {
|
if err := writeCerts(cfg); err != nil {
|
||||||
return "", types.HijackedResponse{}, err
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
cmd := []string{"env"}
|
info, err := client.ContainerInspect(context.Background(), storageContext)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
cmd := []string{"docker-runc", "exec", "--", info.ID, "env"}
|
||||||
log.Info(dockerCfg.AppendEnv())
|
log.Info(dockerCfg.AppendEnv())
|
||||||
cmd = append(cmd, dockerCfg.AppendEnv()...)
|
cmd = append(cmd, dockerCfg.AppendEnv()...)
|
||||||
cmd = append(cmd, DOCKER_COMMAND)
|
cmd = append(cmd, DOCKER_COMMAND)
|
||||||
cmd = append(cmd, args...)
|
cmd = append(cmd, args...)
|
||||||
log.Infof("Running %v", cmd)
|
log.Infof("Running %v", cmd)
|
||||||
|
|
||||||
resp, err := client.ContainerExecCreate(context.Background(), types.ExecConfig{
|
return syscall.Exec("/usr/bin/ros", cmd, os.Environ())
|
||||||
Container: storageContext,
|
|
||||||
Privileged: true,
|
|
||||||
AttachStderr: true,
|
|
||||||
AttachStdout: true,
|
|
||||||
Cmd: cmd,
|
|
||||||
})
|
|
||||||
if err != nil {
|
|
||||||
return "", types.HijackedResponse{}, err
|
|
||||||
}
|
|
||||||
|
|
||||||
attachResp, err := client.ContainerExecAttach(context.Background(), resp.ID, types.ExecConfig{
|
|
||||||
Detach: false,
|
|
||||||
AttachStderr: true,
|
|
||||||
AttachStdout: true,
|
|
||||||
})
|
|
||||||
if err != nil {
|
|
||||||
return "", types.HijackedResponse{}, err
|
|
||||||
}
|
|
||||||
|
|
||||||
return resp.ID, attachResp, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func getDockerProcess() (*os.Process, error) {
|
|
||||||
pidBytes, err := waitForFile(DOCKER_PID_FILE)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
dockerPid, err := strconv.Atoi(string(pidBytes))
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return os.FindProcess(dockerPid)
|
|
||||||
}
|
|
||||||
|
|
||||||
func handleTerm(process *os.Process) {
|
|
||||||
term := make(chan os.Signal)
|
|
||||||
signal.Notify(term, syscall.SIGTERM)
|
|
||||||
go func() {
|
|
||||||
<-term
|
|
||||||
process.Signal(syscall.SIGTERM)
|
|
||||||
}()
|
|
||||||
}
|
|
||||||
|
|
||||||
func waitForFile(file string) ([]byte, error) {
|
|
||||||
for {
|
|
||||||
contents, err := ioutil.ReadFile(file)
|
|
||||||
if os.IsNotExist(err) {
|
|
||||||
log.Infof("Waiting for %s", file)
|
|
||||||
time.Sleep(1 * time.Second)
|
|
||||||
} else if err != nil {
|
|
||||||
return nil, err
|
|
||||||
} else {
|
|
||||||
return contents, nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func waitForPid(service string, project *project.Project) (int, error) {
|
func waitForPid(service string, project *project.Project) (int, error) {
|
||||||
|
|||||||
@ -190,7 +190,7 @@ func setupSharedRoot(c *config.CloudConfig) (*config.CloudConfig, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if isInitrd() {
|
if isInitrd() {
|
||||||
for _, i := range []string{"/mnt", "/media"} {
|
for _, i := range []string{"/mnt", "/media", "/var/lib/system-docker"} {
|
||||||
if err := os.Mkdir(i, 0755); err != nil {
|
if err := os.Mkdir(i, 0755); err != nil {
|
||||||
return c, err
|
return c, err
|
||||||
}
|
}
|
||||||
|
|||||||
@ -386,6 +386,9 @@ rancher:
|
|||||||
restart: always
|
restart: always
|
||||||
volumes_from:
|
volumes_from:
|
||||||
- all-volumes
|
- all-volumes
|
||||||
|
volumes:
|
||||||
|
- /sys:/host/sys
|
||||||
|
- /var/lib/system-docker:/var/lib/system-docker:shared
|
||||||
system_docker:
|
system_docker:
|
||||||
exec: true
|
exec: true
|
||||||
args: [daemon, --log-opt, max-size=25m, --log-opt, max-file=2, -s, overlay,
|
args: [daemon, --log-opt, max-size=25m, --log-opt, max-file=2, -s, overlay,
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user