gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/tools/install_containerd.sh (about)

     1  #!/bin/bash
     2  
     3  # Copyright 2019 The gVisor Authors.
     4  #
     5  # Licensed under the Apache License, Version 2.0 (the "License");
     6  # you may not use this file except in compliance with the License.
     7  # You may obtain a copy of the License at
     8  #
     9  #     http://www.apache.org/licenses/LICENSE-2.0
    10  #
    11  # Unless required by applicable law or agreed to in writing, software
    12  # distributed under the License is distributed on an "AS IS" BASIS,
    13  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14  # See the License for the specific language governing permissions and
    15  # limitations under the License.
    16  
    17  set -xeo pipefail
    18  
    19  # This script should be run with 'sudo -H'. $HOME must be set correctly because
    20  # we invoke other scripts below that build Go binaries. In some operating
    21  # systems, sudo(8) does not change $HOME by default. In such cases, root user
    22  # ends up creating files in ~/.cache/go-build for the non-root user. This can
    23  # cause future invocations of go build to fail due to permission issues.
    24  if [[ "$EUID" -ne 0 ]]; then
    25    echo "Run this script with sudo -H"
    26    exit 1
    27  fi
    28  
    29  declare -r CONTAINERD_VERSION=${1:-1.3.0}
    30  CONTAINERD_MAJOR="$(echo "${CONTAINERD_VERSION}" | awk -F '.' '{ print $1; }')"
    31  declare -r CONTAINERD_MAJOR
    32  CONTAINERD_MINOR="$(echo "${CONTAINERD_VERSION}" | awk -F '.' '{ print $2; }')"
    33  declare -r CONTAINERD_MINOR
    34  declare -r CRITOOLS_VERSION=${CRITOOLS_VERSION:-1.18.0}
    35  
    36  if [[ "${CONTAINERD_MAJOR}" -eq 1 ]] && [[ "${CONTAINERD_MINOR}" -le 4 ]]; then
    37    # We're running Go 1.18, but using pre-module containerd and cri-tools.
    38    export GO111MODULE=off
    39  fi
    40  
    41  # containerd < 1.4 doesn't work with cgroupv2 setup, so we check for that here
    42  SYSFS_ROOT=/sys/fs/cgroup
    43  if [[ "$(stat -f -c %T "$SYSFS_ROOT" 2>/dev/null)" == "cgroup2fs" && "${CONTAINERD_MAJOR}" -eq 1 && "${CONTAINERD_MINOR}" -lt 4 ]]; then
    44    echo "containerd < 1.4 does not work with cgroup2"
    45    exit 1
    46  fi
    47  
    48  # Helper for Go packages below.
    49  install_helper() {
    50    declare -r PACKAGE="${1}"
    51    declare -r TAG="${2}"
    52  
    53    # Clone the repository.
    54    mkdir -p "${GOPATH}"/src/"$(dirname "${PACKAGE}")" && \
    55       git clone https://"${PACKAGE}" "${GOPATH}"/src/"${PACKAGE}"
    56  
    57    # Checkout and build the repository.
    58    (cd "${GOPATH}"/src/"${PACKAGE}" && \
    59        git checkout "${TAG}" && \
    60        make && \
    61        make install)
    62  }
    63  
    64  # Figure out were btrfs headers are.
    65  #
    66  # Ubuntu 16.04 has only btrfs-tools, while 18.04 has a transitional package,
    67  # and later versions no longer have the transitional package.
    68  #
    69  # If we can't detect the VERSION_ID, we assume it's a newer version and use
    70  # libbtrfs-dev.
    71  source /etc/os-release
    72  declare BTRFS_DEV
    73  if [[ ! -z "${VERSION_ID}" && "${VERSION_ID%.*}" -le "18" ]]; then
    74    BTRFS_DEV="btrfs-tools"
    75  else
    76    BTRFS_DEV="libbtrfs-dev"
    77  fi
    78  readonly BTRFS_DEV
    79  
    80  # Install dependencies for the crictl tests.
    81  export DEBIAN_FRONTEND=noninteractive
    82  while true; do
    83    apt-get update && apt-get install -y \
    84      "${BTRFS_DEV}" libseccomp-dev
    85    result=$?
    86    if [[ $result -eq 0 ]]; then
    87      break
    88    elif [[ $result -ne 100 ]]; then
    89      exit $result
    90    fi
    91  done
    92  
    93  # Install containerd & cri-tools.
    94  GOPATH=$(mktemp -d --tmpdir gopathXXXXX)
    95  declare -rx GOPATH
    96  install_helper github.com/containerd/containerd "v${CONTAINERD_VERSION}"
    97  install_helper github.com/kubernetes-sigs/cri-tools "v${CRITOOLS_VERSION}"
    98  
    99  # Configure containerd-shim.
   100  declare -r shim_config_path=/etc/containerd/runsc/config.toml
   101  mkdir -p "$(dirname "${shim_config_path}")"
   102  tee ${shim_config_path} <<-EOF
   103  log_path = "/tmp/shim-logs/"
   104  log_level = "debug"
   105  
   106  [runsc_config]
   107      debug = "true"
   108      debug-log = "/tmp/runsc-logs/"
   109      strace = "true"
   110      file-access = "shared"
   111  EOF
   112  
   113  # Configure CNI.
   114  (cd "${GOPATH}" && src/github.com/containerd/containerd/script/setup/install-cni)
   115  tee /etc/cni/net.d/10-bridge.conf <<EOF
   116  {
   117    "cniVersion": "0.3.1",
   118    "name": "bridge",
   119    "type": "bridge",
   120    "bridge": "cnio0",
   121    "isGateway": true,
   122    "ipMasq": true,
   123    "ipam": {
   124        "type": "host-local",
   125        "ranges": [
   126          [{"subnet": "10.200.0.0/24"}]
   127        ],
   128        "routes": [{"dst": "0.0.0.0/0"}]
   129    }
   130  }
   131  EOF
   132  tee /etc/cni/net.d/99-loopback.conf <<EOF
   133  {
   134    "cniVersion": "0.3.1",
   135    "type": "loopback"
   136  }
   137  EOF
   138  
   139  # Configure crictl.
   140  tee /etc/crictl.yaml <<EOF
   141  runtime-endpoint: unix:///run/containerd/containerd.sock
   142  EOF
   143  
   144  # Cleanup.
   145  rm -rf "${GOPATH}"