diff --git a/cmd/network/network.go b/cmd/network/network.go index 3a472351..8721dc19 100644 --- a/cmd/network/network.go +++ b/cmd/network/network.go @@ -30,7 +30,28 @@ func Main() { ApplyNetworkConfigs(&cfg.Network) } +func createInterfaces(netCfg *config.NetworkConfig) error { + for name, iface := range netCfg.Interfaces { + if !iface.Bridge { + continue + } + + bridge := netlink.Bridge{} + bridge.LinkAttrs.Name = name + + if err := netlink.LinkAdd(&bridge); err != nil { + log.Errorf("Failed to create bridge %s: %v", name, err) + } + } + + return nil +} + func ApplyNetworkConfigs(netCfg *config.NetworkConfig) error { + if err := createInterfaces(netCfg); err != nil { + return err + } + links, err := netlink.LinkList() if err != nil { return err diff --git a/config/config.go b/config/config.go index d8093cf6..6b98f3d2 100644 --- a/config/config.go +++ b/config/config.go @@ -243,3 +243,24 @@ func (c *Config) Set(key string, value interface{}) error { return c.Reload() } + +func (d *DockerConfig) BridgeConfig() (string, string) { + var name, cidr string + + args := append(d.Args, d.ExtraArgs...) + for i, opt := range args { + if opt == "-b" && i < len(args)-1 { + name = args[i+1] + } + + if opt == "--fixed-cidr" && i < len(args)-1 { + cidr = args[i+1] + } + } + + if name == "" || name == "none" { + return "", "" + } else { + return name, cidr + } +} diff --git a/config/default.go b/config/default.go index 07de587a..76d16997 100644 --- a/config/default.go +++ b/config/default.go @@ -12,7 +12,7 @@ func NewConfig() *Config { Dev: "LABEL=RANCHER_STATE", FsType: "auto", }, - SystemDocker: DockerConfig{ + BootstrapDocker: DockerConfig{ Args: []string{ "docker", "-d", @@ -25,6 +25,22 @@ func NewConfig() *Config { "-H", DOCKER_SYSTEM_HOST, }, }, + SystemDocker: DockerConfig{ + Args: []string{ + "docker", + "-d", + "-s", + "overlay", + "-b", + "docker-sys", + "--fixed-cidr", + "172.18.42.1/16", + "--restart=false", + "-g", "/var/lib/system-docker", + "-G", "root", + "-H", DOCKER_SYSTEM_HOST, + }, + }, Modules: []string{}, UserDocker: DockerConfig{ TLSArgs: []string{ diff --git a/config/types.go b/config/types.go index 09c16b0d..81fc8bfb 100644 --- a/config/types.go +++ b/config/types.go @@ -44,6 +44,7 @@ type ContainerConfig struct { type Config struct { Addons map[string]Config `yaml:"addons,omitempty"` BootstrapContainers map[string]*project.ServiceConfig `yaml:"bootstrap_containers,omitempty"` + BootstrapDocker DockerConfig `yaml:"bootstrap_docker,omitempty"` CloudInit CloudInit `yaml:"cloud_init,omitempty"` Console ConsoleConfig `yaml:"console,omitempty"` Debug bool `yaml:"debug,omitempty"` @@ -90,12 +91,14 @@ type InterfaceConfig struct { IPV4LL bool `yaml:"ipv4ll,omitempty"` Gateway string `yaml:"gateway,omitempty"` MTU int `yaml:"mtu,omitempty"` + Bridge bool `yaml:"bridge,omitempty"` } type DockerConfig struct { TLS bool `yaml:"tls,omitempty"` TLSArgs []string `yaml:"tls_args,flow,omitempty"` Args []string `yaml:"args,flow,omitempty"` + ExtraArgs []string `yaml:"extra_args,flow,omitempty"` ServerCert string `yaml:"server_cert,omitempty"` ServerKey string `yaml:"server_key,omitempty"` CACert string `yaml:"ca_cert,omitempty"` diff --git a/init/bootstrap.go b/init/bootstrap.go index c56a8099..ceed6567 100644 --- a/init/bootstrap.go +++ b/init/bootstrap.go @@ -81,7 +81,7 @@ func startDocker(cfg *config.Config) (chan interface{}, error) { } } - cmd := exec.Command(cfg.SystemDocker.Args[0], cfg.SystemDocker.Args[1:]...) + cmd := exec.Command(cfg.BootstrapDocker.Args[0], cfg.BootstrapDocker.Args[1:]...) if cfg.Debug { cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr diff --git a/init/init.go b/init/init.go index 78df0a14..5274494c 100644 --- a/init/init.go +++ b/init/init.go @@ -9,6 +9,7 @@ import ( "syscall" log "github.com/Sirupsen/logrus" + "github.com/rancherio/os/cmd/network" "github.com/rancherio/os/config" "github.com/rancherio/os/util" ) @@ -24,6 +25,7 @@ var ( "/etc/ssl/certs", "/sbin", "/usr/bin", + "/usr/sbin", } postDirs []string = []string{ "/var/log", @@ -58,6 +60,7 @@ var ( symlinks map[string]string = map[string]string{ "/etc/ssl/certs/ca-certificates.crt": "/ca.crt", "/sbin/modprobe": "/busybox", + "/usr/sbin/iptables": "/xtables-multi", DOCKER: "/docker", SYSINIT: "/init", "/home": "/var/lib/rancher/state/home", @@ -272,10 +275,45 @@ func mountState(cfg *config.Config) error { return err } +func createGroups(cfg *config.Config) error { + return ioutil.WriteFile("/etc/group", []byte("root:x:0:\n"), 0644) +} + +func touchSocket(cfg *config.Config) error { + for _, path := range []string{"/var/run/docker.sock", "/var/run/system-docker.sock"} { + if err := syscall.Unlink(path); err != nil && !os.IsNotExist(err) { + return err + } + if l, err := net.Listen("unix", path); err != nil { + return err + } else { + l.Close() + } + } + + return nil +} + +func setupSystemBridge(cfg *config.Config) error { + bridge, cidr := cfg.SystemDocker.BridgeConfig() + if bridge == "" { + return nil + } + + return network.ApplyNetworkConfigs(&config.NetworkConfig{ + Interfaces: map[string]config.InterfaceConfig{ + bridge: { + Bridge: true, + Address: cidr, + }, + }, + }) +} + func RunInit() error { var cfg config.Config - os.Setenv("PATH", "/sbin:/usr/bin") + os.Setenv("PATH", "/sbin:/usr/sbin:/usr/bin") os.Setenv("DOCKER_RAMDISK", "true") initFuncs := []config.InitFunc{ @@ -311,6 +349,7 @@ func RunInit() error { extractModules, loadModules, setResolvConf, + setupSystemBridge, bootstrap, mountState, func(cfg *config.Config) error { diff --git a/scripts/build-images b/scripts/build-images index 8a4d403d..78019163 100755 --- a/scripts/build-images +++ b/scripts/build-images @@ -27,6 +27,7 @@ chmod +x ${BUILD}/initrd/docker cp ${BUILD}/dist/kernel/boot/vmlinuz* ${DIST}/artifacts/vmlinuz tar xf ${BUILD}/dist/rootfs-static.tar -C ${BUILD}/initrd --strip-components=2 ./bin/busybox +tar xf ${BUILD}/dist/rootfs-static.tar -C ${BUILD}/initrd --strip-components=3 ./usr/sbin/xtables-multi if ! docker info >/dev/null 2>&1 && [ -x "$(which wrapdocker)" ]; then wrapdocker