diff --git a/Dockerfile.dapper b/Dockerfile.dapper index 3314dfe6..0c2ffe52 100644 --- a/Dockerfile.dapper +++ b/Dockerfile.dapper @@ -47,16 +47,16 @@ ARG OS_REPO=rancher ARG HOSTNAME_DEFAULT=rancher ARG DISTRIB_ID=RancherOS -ARG DOCKER_VERSION=1.10.3 -ARG DOCKER_PATCH_VERSION=v${DOCKER_VERSION}-ros1 +ARG DOCKER_VERSION=1.11.1 +ARG DOCKER_PATCH_VERSION=v${DOCKER_VERSION}-ros2 ARG SELINUX_POLICY_URL=https://github.com/rancher/refpolicy/releases/download/v0.0.2/policy.29 -ARG KERNEL_URL_amd64=https://github.com/rancher/os-kernel/releases/download/Ubuntu-4.2.0-34.39-rancher/linux-4.2.8-ckt4-rancher-x86.tar.gz +ARG KERNEL_URL_amd64=https://github.com/rancher/os-kernel/releases/download/Ubuntu-4.4.0-23.41-rancher/linux-4.4.10-rancher-x86.tar.gz ARG KERNEL_URL_arm64=https://github.com/imikushin/os-kernel/releases/download/Estuary-4.1.18-arm64-3/linux-4.1.18-arm64.tar.gz -ARG DOCKER_URL_amd64=https://get.docker.com/builds/Linux/x86_64/docker-${DOCKER_VERSION} -ARG DOCKER_URL_arm=https://github.com/rancher/docker/releases/download/${DOCKER_PATCH_VERSION}/docker-${DOCKER_VERSION}_arm -ARG DOCKER_URL_arm64=https://github.com/rancher/docker/releases/download/${DOCKER_PATCH_VERSION}/docker-${DOCKER_VERSION}_arm64 +ARG DOCKER_URL_amd64=https://get.docker.com/builds/Linux/x86_64/docker-${DOCKER_VERSION}.tgz +ARG DOCKER_URL_arm=https://github.com/rancher/docker/releases/download/${DOCKER_PATCH_VERSION}/docker-${DOCKER_VERSION}_arm.tgz +ARG DOCKER_URL_arm64=https://github.com/rancher/docker/releases/download/${DOCKER_PATCH_VERSION}/docker-${DOCKER_VERSION}_arm64.tgz ARG TOOLCHAIN_arm64=aarch64-linux-gnu ARG TOOLCHAIN_arm=arm-linux-gnueabihf @@ -115,14 +115,14 @@ RUN ln -sf go-6 /usr/bin/go && \ ENV GOPATH /go ENV PATH ${GOPATH}/bin:/usr/local/go/bin:$PATH -# Install Docker +# Install Host Docker RUN URL=DOCKER_URL_${HOST_ARCH} && \ - curl -fL ${!URL} > /usr/bin/docker && \ + curl -fL ${!URL} | tar xzf - --strip-components=1 -C /usr/bin docker/docker && \ chmod +x /usr/bin/docker -# Install Docker -RUN curl -fL ${!DOCKER_URL} > ${DOWNLOADS}/docker && \ - chmod +x ${DOWNLOADS}/docker +# Install Target Docker +RUN curl -fL ${!DOCKER_URL} > ${DOWNLOADS}/docker.tgz + # Install Trash RUN go get github.com/rancher/trash diff --git a/cmd/systemdocker/system-docker.go b/cmd/systemdocker/system-docker.go index f925ecca..40683457 100644 --- a/cmd/systemdocker/system-docker.go +++ b/cmd/systemdocker/system-docker.go @@ -1,30 +1,21 @@ package systemdocker import ( + "log" "os" - "strings" - "syscall" - log "github.com/Sirupsen/logrus" + "github.com/docker/docker/docker" "github.com/rancher/os/config" ) func Main() { - var newEnv []string - for _, env := range os.Environ() { - if !strings.HasPrefix(env, "DOCKER_HOST=") { - newEnv = append(newEnv, env) - } - } - - newEnv = append(newEnv, "DOCKER_HOST="+config.DOCKER_SYSTEM_HOST) - if os.Geteuid() != 0 { log.Fatalf("%s: Need to be root", os.Args[0]) } - os.Args[0] = config.DOCKER_DIST_BIN - if err := syscall.Exec(os.Args[0], os.Args, newEnv); err != nil { - log.Fatal(err) + if os.Getenv("DOCKER_HOST") == "" { + os.Setenv("DOCKER_HOST", config.DOCKER_SYSTEM_HOST) } + + docker.Main() } diff --git a/config/types.go b/config/types.go index beb6e033..4d0c94a9 100644 --- a/config/types.go +++ b/config/types.go @@ -23,6 +23,7 @@ const ( MODULES_ARCHIVE = "/modules.tar" DEBUG = false SYSTEM_DOCKER_LOG = "/var/log/system-docker.log" + SYSTEM_DOCKER_BIN = "/usr/bin/system-docker" LABEL = "label" HASH = "io.rancher.os.hash" diff --git a/images/02-console/Dockerfile b/images/02-console/Dockerfile index a755f0b7..c63e7c9f 100644 --- a/images/02-console/Dockerfile +++ b/images/02-console/Dockerfile @@ -8,6 +8,9 @@ RUN sed -i 's/rancher:!/rancher:*/g' /etc/shadow && \ echo 'rancher ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ echo '## allow password less for docker user' >> /etc/sudoers && \ echo 'docker ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ - ln -sf /usr/bin/docker.dist /usr/bin/docker + ln -sf /usr/bin/docker.dist /usr/bin/docker && \ + ln -sf /usr/bin/docker-containerd.dist /usr/bin/docker-containerd && \ + ln -sf /usr/bin/docker-containerd-shim.dist /usr/bin/docker-containerd-shim && \ + ln -sf /usr/bin/docker-runc.dist /usr/bin/docker-runc COPY prompt.sh /etc/profile.d/ CMD ["/usr/sbin/console.sh"] diff --git a/images/02-preload/Dockerfile b/images/02-preload/Dockerfile index 7995c3f4..4185c99a 100644 --- a/images/02-preload/Dockerfile +++ b/images/02-preload/Dockerfile @@ -1,4 +1,7 @@ FROM rancher/os-base -RUN ln -sf /usr/bin/docker.dist /usr/bin/docker +RUN ln -sf /usr/bin/docker.dist /usr/bin/docker && \ + ln -sf /usr/bin/docker-containerd.dist /usr/bin/docker-containerd && \ + ln -sf /usr/bin/docker-containerd-shim.dist /usr/bin/docker-containerd-shim && \ + ln -sf /usr/bin/docker-runc.dist /usr/bin/docker-runc COPY preload.sh / CMD ["/preload.sh"] diff --git a/images/10-centosconsole/Dockerfile b/images/10-centosconsole/Dockerfile index f54d540e..b224279f 100644 --- a/images/10-centosconsole/Dockerfile +++ b/images/10-centosconsole/Dockerfile @@ -16,7 +16,10 @@ RUN groupadd --gid 1100 rancher && \ echo 'rancher ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ echo '## allow password less for docker user' >> /etc/sudoers && \ echo 'docker ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ - ln -sf /usr/bin/docker.dist /usr/bin/docker + ln -sf /usr/bin/docker.dist /usr/bin/docker && \ + ln -sf /usr/bin/docker-containerd.dist /usr/bin/docker-containerd && \ + ln -sf /usr/bin/docker-containerd-shim.dist /usr/bin/docker-containerd-shim && \ + ln -sf /usr/bin/docker-runc.dist /usr/bin/docker-runc COPY prompt.sh /etc/profile.d/ ENTRYPOINT ["/usr/sbin/entry.sh"] CMD ["/usr/sbin/console.sh"] diff --git a/images/10-debianconsole/Dockerfile b/images/10-debianconsole/Dockerfile index 1bd2624f..43324a3d 100644 --- a/images/10-debianconsole/Dockerfile +++ b/images/10-debianconsole/Dockerfile @@ -16,6 +16,9 @@ RUN addgroup --gid 1100 rancher && \ echo 'rancher ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ echo '## allow password less for docker user' >> /etc/sudoers && \ echo 'docker ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ - ln -sf /usr/bin/docker.dist /usr/bin/docker + ln -sf /usr/bin/docker.dist /usr/bin/docker && \ + ln -sf /usr/bin/docker-containerd.dist /usr/bin/docker-containerd && \ + ln -sf /usr/bin/docker-containerd-shim.dist /usr/bin/docker-containerd-shim && \ + ln -sf /usr/bin/docker-runc.dist /usr/bin/docker-runc ENTRYPOINT ["/usr/sbin/entry.sh"] CMD ["/usr/sbin/console.sh"] diff --git a/images/10-fedoraconsole/Dockerfile b/images/10-fedoraconsole/Dockerfile index de0783ab..a67c93b6 100644 --- a/images/10-fedoraconsole/Dockerfile +++ b/images/10-fedoraconsole/Dockerfile @@ -16,7 +16,10 @@ RUN groupadd --gid 1100 rancher && \ echo 'rancher ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ echo '## allow password less for docker user' >> /etc/sudoers && \ echo 'docker ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ - ln -sf /usr/bin/docker.dist /usr/bin/docker + ln -sf /usr/bin/docker.dist /usr/bin/docker && \ + ln -sf /usr/bin/docker-containerd.dist /usr/bin/docker-containerd && \ + ln -sf /usr/bin/docker-containerd-shim.dist /usr/bin/docker-containerd-shim && \ + ln -sf /usr/bin/docker-runc.dist /usr/bin/docker-runc COPY prompt.sh /etc/profile.d/ ENTRYPOINT ["/usr/sbin/entry.sh"] CMD ["/usr/sbin/console.sh"] diff --git a/images/10-ubuntuconsole/Dockerfile b/images/10-ubuntuconsole/Dockerfile index 2b492ec4..26472664 100644 --- a/images/10-ubuntuconsole/Dockerfile +++ b/images/10-ubuntuconsole/Dockerfile @@ -16,6 +16,9 @@ RUN addgroup --gid 1100 rancher && \ echo 'rancher ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ echo '## allow password less for docker user' >> /etc/sudoers && \ echo 'docker ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ - ln -sf /usr/bin/docker.dist /usr/bin/docker + ln -sf /usr/bin/docker.dist /usr/bin/docker && \ + ln -sf /usr/bin/docker-containerd.dist /usr/bin/docker-containerd && \ + ln -sf /usr/bin/docker-containerd-shim.dist /usr/bin/docker-containerd-shim && \ + ln -sf /usr/bin/docker-runc.dist /usr/bin/docker-runc ENTRYPOINT ["/usr/sbin/entry.sh"] CMD ["/usr/sbin/console.sh"] diff --git a/init/bootstrap.go b/init/bootstrap.go index 5622475d..bb0dc92d 100644 --- a/init/bootstrap.go +++ b/init/bootstrap.go @@ -33,13 +33,12 @@ func runBootstrapContainers(cfg *config.CloudConfig) (*config.CloudConfig, error } func startDocker(cfg *config.CloudConfig) (chan interface{}, error) { - launchConfig, args := getLaunchConfig(cfg, &cfg.Rancher.BootstrapDocker) launchConfig.Fork = true launchConfig.LogFile = "" launchConfig.NoLog = true - cmd, err := dockerlaunch.LaunchDocker(launchConfig, config.DOCKER_BIN, args...) + cmd, err := dockerlaunch.LaunchDocker(launchConfig, config.SYSTEM_DOCKER_BIN, args...) if err != nil { return nil, err } diff --git a/init/init.go b/init/init.go index 87187070..98293023 100644 --- a/init/init.go +++ b/init/init.go @@ -230,7 +230,7 @@ func RunInit() error { launchConfig.Fork = !cfg.Rancher.SystemDocker.Exec log.Info("Launching System Docker") - _, err = dockerlaunch.LaunchDocker(launchConfig, config.DOCKER_BIN, args...) + _, err = dockerlaunch.LaunchDocker(launchConfig, config.SYSTEM_DOCKER_BIN, args...) if err != nil { return err } diff --git a/main.go b/main.go index a65691ac..bf27db8e 100644 --- a/main.go +++ b/main.go @@ -1,10 +1,7 @@ package main import ( - "os" - "strings" - - log "github.com/Sirupsen/logrus" + "github.com/docker/docker/docker" "github.com/docker/docker/pkg/reexec" "github.com/rancher/docker-from-scratch" "github.com/rancher/os/cmd/cloudinit" @@ -16,48 +13,32 @@ import ( "github.com/rancher/os/cmd/systemdocker" "github.com/rancher/os/cmd/userdocker" "github.com/rancher/os/cmd/wait" - "github.com/rancher/os/config" osInit "github.com/rancher/os/init" ) -func registerCmd(cmd string, mainFunc func()) { - log.Debugf("Registering main %s", cmd) - reexec.Register(cmd, mainFunc) - - parts := strings.Split(cmd, "/") - if len(parts) == 0 { - return - } - - last := parts[len(parts)-1] - - log.Debugf("Registering main %s", last) - reexec.Register(last, mainFunc) - - log.Debugf("Registering main %s", "./"+last) - reexec.Register("./"+last, mainFunc) +var entrypoints = map[string]func(){ + "cloud-init": cloudinit.Main, + "docker": docker.Main, + "dockerlaunch": dockerlaunch.Main, + "halt": power.Halt, + "init": osInit.MainInit, + "netconf": network.Main, + "poweroff": power.PowerOff, + "reboot": power.Reboot, + "respawn": respawn.Main, + "ros-sysinit": sysinit.Main, + "shutdown": power.Main, + "system-docker": systemdocker.Main, + "user-docker": userdocker.Main, + "wait-for-docker": wait.Main, } func main() { - registerCmd("/init", osInit.MainInit) - registerCmd(config.SYSINIT_BIN, sysinit.Main) - registerCmd("/usr/bin/dockerlaunch", dockerlaunch.Main) - registerCmd("/usr/bin/user-docker", userdocker.Main) - registerCmd("/usr/bin/system-docker", systemdocker.Main) - registerCmd("/sbin/poweroff", power.PowerOff) - registerCmd("/sbin/reboot", power.Reboot) - registerCmd("/sbin/halt", power.Halt) - registerCmd("/sbin/shutdown", power.Main) - registerCmd("/usr/bin/respawn", respawn.Main) - registerCmd("/usr/bin/ros", control.Main) - registerCmd("/usr/bin/cloud-init", cloudinit.Main) - registerCmd("/usr/sbin/netconf", network.Main) - registerCmd("/usr/sbin/wait-for-docker", wait.Main) + for name, f := range entrypoints { + reexec.Register(name, f) + } if !reexec.Init() { - reexec.Register(os.Args[0], control.Main) - if !reexec.Init() { - log.Fatalf("Failed to find an entry point for %s", os.Args[0]) - } + control.Main() } } diff --git a/os-config.tpl.yml b/os-config.tpl.yml index aceaf368..a2fa2761 100644 --- a/os-config.tpl.yml +++ b/os-config.tpl.yml @@ -138,6 +138,9 @@ rancher: privileged: true read_only: true volumes: + - /usr/bin/docker-containerd:/usr/bin/docker-containerd.dist:ro + - /usr/bin/docker-containerd-shim:/usr/bin/docker-containerd-shim.dist:ro + - /usr/bin/docker-runc:/usr/bin/docker-runc.dist:ro - /usr/bin/docker:/usr/bin/docker.dist:ro - /usr/bin/ros:/usr/bin/dockerlaunch:ro - /usr/bin/ros:/usr/bin/user-docker:ro @@ -328,6 +331,7 @@ rancher: volumes: - /sys/fs/cgroup:/host/sys/fs/cgroup system_docker: + exec: true args: [daemon, --log-opt, max-size=25m, --log-opt, max-file=2, -s, overlay, -b, docker-sys, --fixed-cidr, 172.18.42.1/16, --restart=false, -g, /var/lib/system-docker, -G, root, -H, 'unix:///var/run/system-docker.sock', --userland-proxy=false] diff --git a/scripts/build-target b/scripts/build-target index 9b96c9c7..fc7536b1 100755 --- a/scripts/build-target +++ b/scripts/build-target @@ -14,5 +14,7 @@ fi OUTPUT=${OUTPUT:-bin/ros} echo Building $OUTPUT -go build -tags "selinux cgo daemon netgo" -installsuffix netgo -ldflags "-X github.com/rancher/os/config.VERSION=${VERSION} -linkmode external -extldflags -static" -o ${OUTPUT} + +CONST="-X github.com/docker/docker/dockerversion.GitCommit=${COMMIT} -X github.com/docker/docker/dockerversion.Version=${DOCKER_PATCH_VERSION} -X github.com/docker/docker/dockerversion.BuildTime=$(date -u +'%Y-%m-%dT%H:%M:%SZ') -X github.com/docker/docker/dockerversion.IAmStatic=true -X github.com/rancher/os/config.VERSION=${VERSION}" +go build -tags "selinux cgo daemon netgo" -installsuffix netgo -ldflags "$CONST -linkmode external -extldflags -static" -o ${OUTPUT} strip --strip-all ${OUTPUT} diff --git a/scripts/layout b/scripts/layout index 9cbebccf..5861da68 100755 --- a/scripts/layout +++ b/scripts/layout @@ -17,11 +17,12 @@ mkdir -p ${INITRD_DIR}/usr/{etc,bin,share/ros} cp -rf assets/selinux ${INITRD_DIR}/usr/etc cp build/images.tar ${INITRD_DIR}/usr/share/ros/ cp bin/ros ${INITRD_DIR}/usr/bin/ -cp ${DOWNLOADS}/docker ${INITRD_DIR}/usr/bin/docker ln -s usr/bin/ros ${INITRD_DIR}/init ln -s bin ${INITRD_DIR}/usr/sbin ln -s usr/sbin ${INITRD_DIR}/sbin +ln -s ros ${INITRD_DIR}/usr/bin/system-docker +tar xvzf ${DOWNLOADS}/docker.tgz -C ${INITRD_DIR}/usr/bin --strip-components=1 if [ -e ${DOWNLOADS}/kernel.tar.gz ]; then mkdir -p ${BUILD}/kernel diff --git a/scripts/package-rootfs b/scripts/package-rootfs index 6872d9ce..ac572c06 100755 --- a/scripts/package-rootfs +++ b/scripts/package-rootfs @@ -16,8 +16,8 @@ DFS=$(docker run -d --privileged -v /lib/modules/$(uname -r):/lib/modules/$(unam trap "docker rm -fv ${DFS_ARCH} ${DFS}" EXIT docker exec -i ${DFS} docker load < ${INITRD_DIR}/usr/share/ros/images.tar docker stop ${DFS} -docker run --rm --volumes-from=${DFS} rancher/os-dapper-base tar -c -C /var/lib/docker ./image | tar -x -C ${PREPOP_DIR} -docker run --rm --volumes-from=${DFS} rancher/os-dapper-base tar -c -C /var/lib/docker ./overlay | tar -x -C ${PREPOP_DIR} +docker run --rm --volumes-from=${DFS} rancher/os-base tar -c -C /var/lib/docker ./image | tar -x -C ${PREPOP_DIR} +docker run --rm --volumes-from=${DFS} rancher/os-base tar -c -C /var/lib/docker ./overlay | tar -x -C ${PREPOP_DIR} tar -cf ${ARTIFACTS}/rootfs.tar --exclude lib/modules --exclude lib/firmware -C ${INITRD_DIR} . tar -rf ${ARTIFACTS}/rootfs.tar --exclude lib/modules --exclude lib/firmware -C ${INITRD_DIR} .