github.com/containerd/containerd@v22.0.0-20200918172823-438c87b8e050+incompatible/contrib/gce/configure.sh (about) 1 #!/bin/bash 2 3 # Copyright The containerd Authors. 4 5 # Licensed under the Apache License, Version 2.0 (the "License"); 6 # you may not use this file except in compliance with the License. 7 # You may obtain a copy of the License at 8 9 # http://www.apache.org/licenses/LICENSE-2.0 10 11 # Unless required by applicable law or agreed to in writing, software 12 # distributed under the License is distributed on an "AS IS" BASIS, 13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 # See the License for the specific language governing permissions and 15 # limitations under the License. 16 17 set -o xtrace 18 set -o errexit 19 set -o nounset 20 set -o pipefail 21 22 if [[ "$(python -V 2>&1)" =~ "Python 2" ]]; then 23 # found python2, just use that 24 PYTHON="python" 25 elif [[ -f "/usr/bin/python2.7" ]]; then 26 # System python not defaulted to python 2 but using 2.7 during migration 27 PYTHON="/usr/bin/python2.7" 28 else 29 # No python2 either by default, let's see if we can find python3 30 PYTHON="python3" 31 if ! command -v ${PYTHON} >/dev/null 2>&1; then 32 echo "ERROR Python not found. Aborting." 33 exit 2 34 fi 35 fi 36 echo "Version : " $(${PYTHON} -V 2>&1) 37 38 # CONTAINERD_HOME is the directory for containerd. 39 CONTAINERD_HOME="/home/containerd" 40 cd "${CONTAINERD_HOME}" 41 # KUBE_HOME is the directory for kubernetes. 42 KUBE_HOME="/home/kubernetes" 43 44 # fetch_metadata fetches metadata from GCE metadata server. 45 # Var set: 46 # 1. Metadata key: key of the metadata. 47 fetch_metadata() { 48 local -r key=$1 49 local -r attributes="http://metadata.google.internal/computeMetadata/v1/instance/attributes" 50 if curl --fail --retry 5 --retry-delay 3 --silent --show-error -H "X-Google-Metadata-Request: True" "${attributes}/" | \ 51 grep -q "^${key}$"; then 52 curl --fail --retry 5 --retry-delay 3 --silent --show-error -H "X-Google-Metadata-Request: True" \ 53 "${attributes}/${key}" 54 fi 55 } 56 57 # fetch_env fetches environment variables from GCE metadata server 58 # and generate a env file under ${CONTAINERD_HOME}. It assumes that 59 # the environment variables in metadata are in yaml format. 60 fetch_env() { 61 local -r env_file_name=$1 62 ( 63 umask 077; 64 local -r tmp_env_file="/tmp/${env_file_name}.yaml" 65 tmp_env_content=$(fetch_metadata "${env_file_name}") 66 if [ -z "${tmp_env_content}" ]; then 67 echo "No environment variable is specified in ${env_file_name}" 68 return 69 fi 70 echo "${tmp_env_content}" > "${tmp_env_file}" 71 # Convert the yaml format file into a shell-style file. 72 eval $(${PYTHON} -c ''' 73 import pipes,sys,yaml 74 # check version of python and call methods appropriate for that version 75 if sys.version_info[0] < 3: 76 items = yaml.load(sys.stdin).iteritems() 77 else: 78 items = yaml.load(sys.stdin, Loader=yaml.BaseLoader).items() 79 for k,v in items: 80 print("readonly {var}={value}".format(var = k, value = pipes.quote(str(v)))) 81 ''' < "${tmp_env_file}" > "${CONTAINERD_HOME}/${env_file_name}") 82 rm -f "${tmp_env_file}" 83 ) 84 } 85 86 # is_preloaded checks whether a package has been preloaded in the image. 87 is_preloaded() { 88 local -r tar=$1 89 local -r sha1=$2 90 grep -qs "${tar},${sha1}" "${KUBE_HOME}/preload_info" 91 } 92 93 # KUBE_ENV_METADATA is the metadata key for kubernetes envs. 94 KUBE_ENV_METADATA="kube-env" 95 fetch_env ${KUBE_ENV_METADATA} 96 if [ -f "${CONTAINERD_HOME}/${KUBE_ENV_METADATA}" ]; then 97 source "${CONTAINERD_HOME}/${KUBE_ENV_METADATA}" 98 fi 99 100 # CONTAINERD_ENV_METADATA is the metadata key for containerd envs. 101 CONTAINERD_ENV_METADATA="containerd-env" 102 fetch_env ${CONTAINERD_ENV_METADATA} 103 if [ -f "${CONTAINERD_HOME}/${CONTAINERD_ENV_METADATA}" ]; then 104 source "${CONTAINERD_HOME}/${CONTAINERD_ENV_METADATA}" 105 fi 106 107 # CONTAINERD_PKG_PREFIX is the prefix of the cri-containerd tarball name. 108 # By default use the release tarball with cni built in. 109 pkg_prefix=${CONTAINERD_PKG_PREFIX:-"cri-containerd-cni"} 110 # Behave differently for test and production. 111 if [ "${CONTAINERD_TEST:-"false"}" != "true" ]; then 112 # CONTAINERD_DEPLOY_PATH is the gcs path where cri-containerd tarball is stored. 113 deploy_path=${CONTAINERD_DEPLOY_PATH:-"cri-containerd-release"} 114 # CONTAINERD_VERSION is the cri-containerd version to use. 115 version=${CONTAINERD_VERSION:-""} 116 else 117 deploy_path=${CONTAINERD_DEPLOY_PATH:-"cri-containerd-staging"} 118 119 # PULL_REFS_METADATA is the metadata key of PULL_REFS from prow. 120 PULL_REFS_METADATA="PULL_REFS" 121 pull_refs=$(fetch_metadata "${PULL_REFS_METADATA}") 122 if [ ! -z "${pull_refs}" ]; then 123 deploy_dir=$(echo "${pull_refs}" | sha1sum | awk '{print $1}') 124 deploy_path="${deploy_path}/${deploy_dir}" 125 fi 126 127 # TODO(random-liu): Put version into the metadata instead of 128 # deciding it in cloud init. This may cause issue to reboot test. 129 version=$(curl -f --ipv4 --retry 6 --retry-delay 3 --silent --show-error \ 130 https://storage.googleapis.com/${deploy_path}/latest) 131 fi 132 133 TARBALL_GCS_NAME="${pkg_prefix}-${version}.linux-amd64.tar.gz" 134 # TARBALL_GCS_PATH is the path to download cri-containerd tarball for node e2e. 135 TARBALL_GCS_PATH="https://storage.googleapis.com/${deploy_path}/${TARBALL_GCS_NAME}" 136 # TARBALL is the name of the tarball after being downloaded. 137 TARBALL="cri-containerd.tar.gz" 138 # CONTAINERD_TAR_SHA1 is the sha1sum of containerd tarball. 139 tar_sha1="${CONTAINERD_TAR_SHA1:-""}" 140 141 if [ -z "${version}" ]; then 142 # Try using preloaded containerd if version is not specified. 143 tarball_gcs_pattern="${pkg_prefix}-.*.linux-amd64.tar.gz" 144 if is_preloaded "${tarball_gcs_pattern}" "${tar_sha1}"; then 145 echo "CONTAINERD_VERSION is not set, use preloaded containerd" 146 else 147 echo "CONTAINERD_VERSION is not set, and containerd is not preloaded" 148 exit 1 149 fi 150 else 151 if is_preloaded "${TARBALL_GCS_NAME}" "${tar_sha1}"; then 152 echo "${TARBALL_GCS_NAME} is preloaded" 153 else 154 # Download and untar the release tar ball. 155 curl -f --ipv4 -Lo "${TARBALL}" --connect-timeout 20 --max-time 300 --retry 6 --retry-delay 10 "${TARBALL_GCS_PATH}" 156 tar xvf "${TARBALL}" 157 rm -f "${TARBALL}" 158 fi 159 fi 160 161 # Remove crictl shipped with containerd, use crictl installed 162 # by kube-up.sh. 163 rm -f "${CONTAINERD_HOME}/usr/local/bin/crictl" 164 rm -f "${CONTAINERD_HOME}/etc/crictl.yaml" 165 166 # Generate containerd config 167 config_path="${CONTAINERD_CONFIG_PATH:-"/etc/containerd/config.toml"}" 168 mkdir -p $(dirname ${config_path}) 169 cni_bin_dir="${CONTAINERD_HOME}/opt/cni/bin" 170 cni_template_path="${CONTAINERD_HOME}/opt/containerd/cluster/gce/cni.template" 171 if [ "${KUBERNETES_MASTER:-}" != "true" ]; then 172 if [ "${NETWORK_POLICY_PROVIDER:-"none"}" != "none" ] || [ "${ENABLE_NETD:-}" == "true" ]; then 173 # Use Kubernetes cni daemonset on node if network policy provider is specified 174 # or netd is enabled. 175 cni_bin_dir="${KUBE_HOME}/bin" 176 cni_template_path="" 177 fi 178 fi 179 log_level="${CONTAINERD_LOG_LEVEL:-"info"}" 180 max_container_log_line="${CONTAINERD_MAX_CONTAINER_LOG_LINE:-16384}" 181 cat > ${config_path} <<EOF 182 version = 2 183 # Kubernetes requires the cri plugin. 184 required_plugins = ["io.containerd.grpc.v1.cri"] 185 # Kubernetes doesn't use containerd restart manager. 186 disabled_plugins = ["io.containerd.internal.v1.restart"] 187 188 [debug] 189 level = "${log_level}" 190 191 [plugins."io.containerd.grpc.v1.cri"] 192 stream_server_address = "127.0.0.1" 193 stream_server_port = "0" 194 max_container_log_line_size = ${max_container_log_line} 195 [plugins."io.containerd.grpc.v1.cri".cni] 196 bin_dir = "${cni_bin_dir}" 197 conf_dir = "/etc/cni/net.d" 198 conf_template = "${cni_template_path}" 199 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] 200 endpoint = ["https://mirror.gcr.io","https://registry-1.docker.io"] 201 [plugins."io.containerd.grpc.v1.cri".containerd] 202 default_runtime_name = "${CONTAINERD_DEFAULT_RUNTIME:-"runc"}" 203 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] 204 runtime_type = "io.containerd.runc.v2" 205 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] 206 BinaryName = "${CONTAINERD_HOME}/usr/local/sbin/runc" 207 EOF 208 chmod 644 "${config_path}" 209 210 # containerd_extra_runtime_handler is the extra runtime handler to install. 211 containerd_extra_runtime_handler=${CONTAINERD_EXTRA_RUNTIME_HANDLER:-""} 212 if [[ -n "${containerd_extra_runtime_handler}" ]]; then 213 cat >> ${config_path} <<EOF 214 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.${containerd_extra_runtime_handler}] 215 runtime_type = "${CONTAINERD_EXTRA_RUNTIME_TYPE:-io.containerd.runc.v1}" 216 217 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.${containerd_extra_runtime_handler}.options] 218 ${CONTAINERD_EXTRA_RUNTIME_OPTIONS:-} 219 EOF 220 fi 221 222 echo "export PATH=${CONTAINERD_HOME}/usr/local/bin/:${CONTAINERD_HOME}/usr/local/sbin/:\$PATH" > \ 223 /etc/profile.d/containerd_env.sh 224 225 # Run extra init script for test. 226 if [ "${CONTAINERD_TEST:-"false"}" == "true" ]; then 227 # EXTRA_INIT_SCRIPT is the name of the extra init script after being downloaded. 228 EXTRA_INIT_SCRIPT="containerd-extra-init.sh" 229 # EXTRA_INIT_SCRIPT_METADATA is the metadata key of init script. 230 EXTRA_INIT_SCRIPT_METADATA="containerd-extra-init-sh" 231 extra_init=$(fetch_metadata "${EXTRA_INIT_SCRIPT_METADATA}") 232 # Return if containerd-extra-init-sh is not set. 233 if [ -z "${extra_init}" ]; then 234 exit 0 235 fi 236 echo "${extra_init}" > "${EXTRA_INIT_SCRIPT}" 237 chmod 544 "${EXTRA_INIT_SCRIPT}" 238 ./${EXTRA_INIT_SCRIPT} 239 fi