github.com/containerd/Containerd@v1.4.13/contrib/gce/configure.sh (about) 1 #!/bin/bash 2 3 # Copyright The containerd Authors. 4 5 # Licensed under the Apache License, Version 2.0 (the "License"); 6 # you may not use this file except in compliance with the License. 7 # You may obtain a copy of the License at 8 9 # http://www.apache.org/licenses/LICENSE-2.0 10 11 # Unless required by applicable law or agreed to in writing, software 12 # distributed under the License is distributed on an "AS IS" BASIS, 13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 # See the License for the specific language governing permissions and 15 # limitations under the License. 16 17 set -o xtrace 18 set -o errexit 19 set -o nounset 20 set -o pipefail 21 22 # CONTAINERD_HOME is the directory for containerd. 23 CONTAINERD_HOME="/home/containerd" 24 cd "${CONTAINERD_HOME}" 25 # KUBE_HOME is the directory for kubernetes. 26 KUBE_HOME="/home/kubernetes" 27 28 # fetch_metadata fetches metadata from GCE metadata server. 29 # Var set: 30 # 1. Metadata key: key of the metadata. 31 fetch_metadata() { 32 local -r key=$1 33 local -r attributes="http://metadata.google.internal/computeMetadata/v1/instance/attributes" 34 if curl --fail --retry 5 --retry-delay 3 --silent --show-error -H "X-Google-Metadata-Request: True" "${attributes}/" | \ 35 grep -q "^${key}$"; then 36 curl --fail --retry 5 --retry-delay 3 --silent --show-error -H "X-Google-Metadata-Request: True" \ 37 "${attributes}/${key}" 38 fi 39 } 40 41 # fetch_env fetches environment variables from GCE metadata server 42 # and generate a env file under ${CONTAINERD_HOME}. It assumes that 43 # the environment variables in metadata are in yaml format. 44 fetch_env() { 45 local -r env_file_name=$1 46 ( 47 umask 077; 48 local -r tmp_env_file="/tmp/${env_file_name}.yaml" 49 tmp_env_content=$(fetch_metadata "${env_file_name}") 50 if [ -z "${tmp_env_content}" ]; then 51 echo "No environment variable is specified in ${env_file_name}" 52 return 53 fi 54 echo "${tmp_env_content}" > "${tmp_env_file}" 55 # Convert the yaml format file into a shell-style file. 56 eval $(python -c ''' 57 import pipes,sys,yaml 58 for k,v in yaml.load(sys.stdin).iteritems(): 59 print("readonly {var}={value}".format(var = k, value = pipes.quote(str(v)))) 60 ''' < "${tmp_env_file}" > "${CONTAINERD_HOME}/${env_file_name}") 61 rm -f "${tmp_env_file}" 62 ) 63 } 64 65 # is_preloaded checks whether a package has been preloaded in the image. 66 is_preloaded() { 67 local -r tar=$1 68 local -r sha1=$2 69 grep -qs "${tar},${sha1}" "${KUBE_HOME}/preload_info" 70 } 71 72 # KUBE_ENV_METADATA is the metadata key for kubernetes envs. 73 KUBE_ENV_METADATA="kube-env" 74 fetch_env ${KUBE_ENV_METADATA} 75 if [ -f "${CONTAINERD_HOME}/${KUBE_ENV_METADATA}" ]; then 76 source "${CONTAINERD_HOME}/${KUBE_ENV_METADATA}" 77 fi 78 79 # CONTAINERD_ENV_METADATA is the metadata key for containerd envs. 80 CONTAINERD_ENV_METADATA="containerd-env" 81 fetch_env ${CONTAINERD_ENV_METADATA} 82 if [ -f "${CONTAINERD_HOME}/${CONTAINERD_ENV_METADATA}" ]; then 83 source "${CONTAINERD_HOME}/${CONTAINERD_ENV_METADATA}" 84 fi 85 86 # CONTAINERD_PKG_PREFIX is the prefix of the cri-containerd tarball name. 87 # By default use the release tarball with cni built in. 88 pkg_prefix=${CONTAINERD_PKG_PREFIX:-"cri-containerd-cni"} 89 # Behave differently for test and production. 90 if [ "${CONTAINERD_TEST:-"false"}" != "true" ]; then 91 # CONTAINERD_DEPLOY_PATH is the gcs path where cri-containerd tarball is stored. 92 deploy_path=${CONTAINERD_DEPLOY_PATH:-"cri-containerd-release"} 93 # CONTAINERD_VERSION is the cri-containerd version to use. 94 version=${CONTAINERD_VERSION:-""} 95 else 96 deploy_path=${CONTAINERD_DEPLOY_PATH:-"cri-containerd-staging"} 97 98 # PULL_REFS_METADATA is the metadata key of PULL_REFS from prow. 99 PULL_REFS_METADATA="PULL_REFS" 100 pull_refs=$(fetch_metadata "${PULL_REFS_METADATA}") 101 if [ ! -z "${pull_refs}" ]; then 102 deploy_dir=$(echo "${pull_refs}" | sha1sum | awk '{print $1}') 103 deploy_path="${deploy_path}/${deploy_dir}" 104 fi 105 106 # TODO(random-liu): Put version into the metadata instead of 107 # deciding it in cloud init. This may cause issue to reboot test. 108 version=$(curl -f --ipv4 --retry 6 --retry-delay 3 --silent --show-error \ 109 https://storage.googleapis.com/${deploy_path}/latest) 110 fi 111 112 TARBALL_GCS_NAME="${pkg_prefix}-${version}.linux-amd64.tar.gz" 113 # TARBALL_GCS_PATH is the path to download cri-containerd tarball for node e2e. 114 TARBALL_GCS_PATH="https://storage.googleapis.com/${deploy_path}/${TARBALL_GCS_NAME}" 115 # TARBALL is the name of the tarball after being downloaded. 116 TARBALL="cri-containerd.tar.gz" 117 # CONTAINERD_TAR_SHA1 is the sha1sum of containerd tarball. 118 tar_sha1="${CONTAINERD_TAR_SHA1:-""}" 119 120 if [ -z "${version}" ]; then 121 # Try using preloaded containerd if version is not specified. 122 tarball_gcs_pattern="${pkg_prefix}-.*.linux-amd64.tar.gz" 123 if is_preloaded "${tarball_gcs_pattern}" "${tar_sha1}"; then 124 echo "CONTAINERD_VERSION is not set, use preloaded containerd" 125 else 126 echo "CONTAINERD_VERSION is not set, and containerd is not preloaded" 127 exit 1 128 fi 129 else 130 if is_preloaded "${TARBALL_GCS_NAME}" "${tar_sha1}"; then 131 echo "${TARBALL_GCS_NAME} is preloaded" 132 else 133 # Download and untar the release tar ball. 134 curl -f --ipv4 -Lo "${TARBALL}" --connect-timeout 20 --max-time 300 --retry 6 --retry-delay 10 "${TARBALL_GCS_PATH}" 135 tar xvf "${TARBALL}" 136 rm -f "${TARBALL}" 137 fi 138 fi 139 140 # Remove crictl shipped with containerd, use crictl installed 141 # by kube-up.sh. 142 rm -f "${CONTAINERD_HOME}/usr/local/bin/crictl" 143 rm -f "${CONTAINERD_HOME}/etc/crictl.yaml" 144 145 # Generate containerd config 146 config_path="${CONTAINERD_CONFIG_PATH:-"/etc/containerd/config.toml"}" 147 mkdir -p $(dirname ${config_path}) 148 cni_bin_dir="${CONTAINERD_HOME}/opt/cni/bin" 149 cni_template_path="${CONTAINERD_HOME}/opt/containerd/cluster/gce/cni.template" 150 if [ "${KUBERNETES_MASTER:-}" != "true" ]; then 151 if [ "${NETWORK_POLICY_PROVIDER:-"none"}" != "none" ] || [ "${ENABLE_NETD:-}" == "true" ]; then 152 # Use Kubernetes cni daemonset on node if network policy provider is specified 153 # or netd is enabled. 154 cni_bin_dir="${KUBE_HOME}/bin" 155 cni_template_path="" 156 fi 157 fi 158 log_level="${CONTAINERD_LOG_LEVEL:-"info"}" 159 max_container_log_line="${CONTAINERD_MAX_CONTAINER_LOG_LINE:-16384}" 160 cat > ${config_path} <<EOF 161 version = 2 162 # Kubernetes requires the cri plugin. 163 required_plugins = ["io.containerd.grpc.v1.cri"] 164 # Kubernetes doesn't use containerd restart manager. 165 disabled_plugins = ["io.containerd.internal.v1.restart"] 166 167 [debug] 168 level = "${log_level}" 169 170 [plugins."io.containerd.grpc.v1.cri"] 171 stream_server_address = "127.0.0.1" 172 stream_server_port = "0" 173 max_container_log_line_size = ${max_container_log_line} 174 [plugins."io.containerd.grpc.v1.cri".cni] 175 bin_dir = "${cni_bin_dir}" 176 conf_dir = "/etc/cni/net.d" 177 conf_template = "${cni_template_path}" 178 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] 179 endpoint = ["https://mirror.gcr.io","https://registry-1.docker.io"] 180 [plugins."io.containerd.grpc.v1.cri".containerd] 181 default_runtime_name = "${CONTAINERD_DEFAULT_RUNTIME:-"runc"}" 182 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] 183 runtime_type = "io.containerd.runc.v2" 184 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] 185 BinaryName = "${CONTAINERD_HOME}/usr/local/sbin/runc" 186 EOF 187 chmod 644 "${config_path}" 188 189 # containerd_extra_runtime_handler is the extra runtime handler to install. 190 containerd_extra_runtime_handler=${CONTAINERD_EXTRA_RUNTIME_HANDLER:-""} 191 if [[ -n "${containerd_extra_runtime_handler}" ]]; then 192 cat >> ${config_path} <<EOF 193 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.${containerd_extra_runtime_handler}] 194 runtime_type = "${CONTAINERD_EXTRA_RUNTIME_TYPE:-io.containerd.runc.v1}" 195 196 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.${containerd_extra_runtime_handler}.options] 197 ${CONTAINERD_EXTRA_RUNTIME_OPTIONS:-} 198 EOF 199 fi 200 201 echo "export PATH=${CONTAINERD_HOME}/usr/local/bin/:${CONTAINERD_HOME}/usr/local/sbin/:\$PATH" > \ 202 /etc/profile.d/containerd_env.sh 203 204 # Run extra init script for test. 205 if [ "${CONTAINERD_TEST:-"false"}" == "true" ]; then 206 # EXTRA_INIT_SCRIPT is the name of the extra init script after being downloaded. 207 EXTRA_INIT_SCRIPT="containerd-extra-init.sh" 208 # EXTRA_INIT_SCRIPT_METADATA is the metadata key of init script. 209 EXTRA_INIT_SCRIPT_METADATA="containerd-extra-init-sh" 210 extra_init=$(fetch_metadata "${EXTRA_INIT_SCRIPT_METADATA}") 211 # Return if containerd-extra-init-sh is not set. 212 if [ -z "${extra_init}" ]; then 213 exit 0 214 fi 215 echo "${extra_init}" > "${EXTRA_INIT_SCRIPT}" 216 chmod 544 "${EXTRA_INIT_SCRIPT}" 217 ./${EXTRA_INIT_SCRIPT} 218 fi