Add networking to system docker

cmd/network/network.go

@@ -30,7 +30,28 @@ func Main() {
 	ApplyNetworkConfigs(&cfg.Network)
 }
 
+func createInterfaces(netCfg *config.NetworkConfig) error {
+	for name, iface := range netCfg.Interfaces {
+		if !iface.Bridge {
+			continue
+		}
+
+		bridge := netlink.Bridge{}
+		bridge.LinkAttrs.Name = name
+
+		if err := netlink.LinkAdd(&bridge); err != nil {
+			log.Errorf("Failed to create bridge %s: %v", name, err)
+		}
+	}
+
+	return nil
+}
+
 func ApplyNetworkConfigs(netCfg *config.NetworkConfig) error {
+	if err := createInterfaces(netCfg); err != nil {
+		return err
+	}
+
 	links, err := netlink.LinkList()
 	if err != nil {
 		return err

config/config.go

@@ -243,3 +243,24 @@ func (c *Config) Set(key string, value interface{}) error {
 
 	return c.Reload()
 }
+
+func (d *DockerConfig) BridgeConfig() (string, string) {
+	var name, cidr string
+
+	args := append(d.Args, d.ExtraArgs...)
+	for i, opt := range args {
+		if opt == "-b" && i < len(args)-1 {
+			name = args[i+1]
+		}
+
+		if opt == "--fixed-cidr" && i < len(args)-1 {
+			cidr = args[i+1]
+		}
+	}
+
+	if name == "" || name == "none" {
+		return "", ""
+	} else {
+		return name, cidr
+	}
+}

config/default.go

@@ -12,7 +12,7 @@ func NewConfig() *Config {
 			Dev:      "LABEL=RANCHER_STATE",
 			FsType:   "auto",
 		},
-		SystemDocker: DockerConfig{
+		BootstrapDocker: DockerConfig{
 			Args: []string{
 				"docker",
 				"-d",
@@ -25,6 +25,22 @@ func NewConfig() *Config {
 				"-H", DOCKER_SYSTEM_HOST,
 			},
 		},
+		SystemDocker: DockerConfig{
+			Args: []string{
+				"docker",
+				"-d",
+				"-s",
+				"overlay",
+				"-b",
+				"docker-sys",
+				"--fixed-cidr",
+				"172.18.42.1/16",
+				"--restart=false",
+				"-g", "/var/lib/system-docker",
+				"-G", "root",
+				"-H", DOCKER_SYSTEM_HOST,
+			},
+		},
 		Modules: []string{},
 		UserDocker: DockerConfig{
 			TLSArgs: []string{

config/types.go

@@ -44,6 +44,7 @@ type ContainerConfig struct {
 type Config struct {
 	Addons              map[string]Config                 `yaml:"addons,omitempty"`
 	BootstrapContainers map[string]*project.ServiceConfig `yaml:"bootstrap_containers,omitempty"`
+	BootstrapDocker     DockerConfig                      `yaml:"bootstrap_docker,omitempty"`
 	CloudInit           CloudInit                         `yaml:"cloud_init,omitempty"`
 	Console             ConsoleConfig                     `yaml:"console,omitempty"`
 	Debug               bool                              `yaml:"debug,omitempty"`
@@ -90,12 +91,14 @@ type InterfaceConfig struct {
 	IPV4LL  bool   `yaml:"ipv4ll,omitempty"`
 	Gateway string `yaml:"gateway,omitempty"`
 	MTU     int    `yaml:"mtu,omitempty"`
+	Bridge  bool   `yaml:"bridge,omitempty"`
 }
 
 type DockerConfig struct {
 	TLS        bool     `yaml:"tls,omitempty"`
 	TLSArgs    []string `yaml:"tls_args,flow,omitempty"`
 	Args       []string `yaml:"args,flow,omitempty"`
+	ExtraArgs  []string `yaml:"extra_args,flow,omitempty"`
 	ServerCert string   `yaml:"server_cert,omitempty"`
 	ServerKey  string   `yaml:"server_key,omitempty"`
 	CACert     string   `yaml:"ca_cert,omitempty"`

init/bootstrap.go

@@ -81,7 +81,7 @@ func startDocker(cfg *config.Config) (chan interface{}, error) {
 		}
 	}
 
-	cmd := exec.Command(cfg.SystemDocker.Args[0], cfg.SystemDocker.Args[1:]...)
+	cmd := exec.Command(cfg.BootstrapDocker.Args[0], cfg.BootstrapDocker.Args[1:]...)
 	if cfg.Debug {
 		cmd.Stdout = os.Stdout
 		cmd.Stderr = os.Stderr

init/init.go

@@ -9,6 +9,7 @@ import (
 	"syscall"
 
 	log "github.com/Sirupsen/logrus"
+	"github.com/rancherio/os/cmd/network"
 	"github.com/rancherio/os/config"
 	"github.com/rancherio/os/util"
 )
@@ -24,6 +25,7 @@ var (
 		"/etc/ssl/certs",
 		"/sbin",
 		"/usr/bin",
+		"/usr/sbin",
 	}
 	postDirs []string = []string{
 		"/var/log",
@@ -58,6 +60,7 @@ var (
 	symlinks map[string]string = map[string]string{
 		"/etc/ssl/certs/ca-certificates.crt": "/ca.crt",
 		"/sbin/modprobe":                     "/busybox",
+		"/usr/sbin/iptables":                 "/xtables-multi",
 		DOCKER:                               "/docker",
 		SYSINIT:                              "/init",
 		"/home":                              "/var/lib/rancher/state/home",
@@ -272,10 +275,45 @@ func mountState(cfg *config.Config) error {
 	return err
 }
 
+func createGroups(cfg *config.Config) error {
+	return ioutil.WriteFile("/etc/group", []byte("root:x:0:\n"), 0644)
+}
+
+func touchSocket(cfg *config.Config) error {
+	for _, path := range []string{"/var/run/docker.sock", "/var/run/system-docker.sock"} {
+		if err := syscall.Unlink(path); err != nil && !os.IsNotExist(err) {
+			return err
+		}
+		if l, err := net.Listen("unix", path); err != nil {
+			return err
+		} else {
+			l.Close()
+		}
+	}
+
+	return nil
+}
+
+func setupSystemBridge(cfg *config.Config) error {
+	bridge, cidr := cfg.SystemDocker.BridgeConfig()
+	if bridge == "" {
+		return nil
+	}
+
+	return network.ApplyNetworkConfigs(&config.NetworkConfig{
+		Interfaces: map[string]config.InterfaceConfig{
+			bridge: {
+				Bridge:  true,
+				Address: cidr,
+			},
+		},
+	})
+}
+
 func RunInit() error {
 	var cfg config.Config
 
-	os.Setenv("PATH", "/sbin:/usr/bin")
+	os.Setenv("PATH", "/sbin:/usr/sbin:/usr/bin")
 	os.Setenv("DOCKER_RAMDISK", "true")
 
 	initFuncs := []config.InitFunc{
@@ -311,6 +349,7 @@ func RunInit() error {
 		extractModules,
 		loadModules,
 		setResolvConf,
+		setupSystemBridge,
 		bootstrap,
 		mountState,
 		func(cfg *config.Config) error {

scripts/build-images

@@ -27,6 +27,7 @@ chmod +x ${BUILD}/initrd/docker
 cp ${BUILD}/dist/kernel/boot/vmlinuz* ${DIST}/artifacts/vmlinuz
 
 tar xf ${BUILD}/dist/rootfs-static.tar -C ${BUILD}/initrd --strip-components=2 ./bin/busybox
+tar xf ${BUILD}/dist/rootfs-static.tar -C ${BUILD}/initrd --strip-components=3 ./usr/sbin/xtables-multi
 
 if ! docker info >/dev/null 2>&1 && [ -x "$(which wrapdocker)" ]; then
     wrapdocker