gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/tools/install_containerd.sh (about) 1 #!/bin/bash 2 3 # Copyright 2019 The gVisor Authors. 4 # 5 # Licensed under the Apache License, Version 2.0 (the "License"); 6 # you may not use this file except in compliance with the License. 7 # You may obtain a copy of the License at 8 # 9 # http://www.apache.org/licenses/LICENSE-2.0 10 # 11 # Unless required by applicable law or agreed to in writing, software 12 # distributed under the License is distributed on an "AS IS" BASIS, 13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 # See the License for the specific language governing permissions and 15 # limitations under the License. 16 17 set -xeo pipefail 18 19 # This script should be run with 'sudo -H'. $HOME must be set correctly because 20 # we invoke other scripts below that build Go binaries. In some operating 21 # systems, sudo(8) does not change $HOME by default. In such cases, root user 22 # ends up creating files in ~/.cache/go-build for the non-root user. This can 23 # cause future invocations of go build to fail due to permission issues. 24 if [[ "$EUID" -ne 0 ]]; then 25 echo "Run this script with sudo -H" 26 exit 1 27 fi 28 29 declare -r CONTAINERD_VERSION=${1:-1.3.0} 30 CONTAINERD_MAJOR="$(echo "${CONTAINERD_VERSION}" | awk -F '.' '{ print $1; }')" 31 declare -r CONTAINERD_MAJOR 32 CONTAINERD_MINOR="$(echo "${CONTAINERD_VERSION}" | awk -F '.' '{ print $2; }')" 33 declare -r CONTAINERD_MINOR 34 declare -r CRITOOLS_VERSION=${CRITOOLS_VERSION:-1.18.0} 35 36 if [[ "${CONTAINERD_MAJOR}" -eq 1 ]] && [[ "${CONTAINERD_MINOR}" -le 4 ]]; then 37 # We're running Go 1.18, but using pre-module containerd and cri-tools. 38 export GO111MODULE=off 39 fi 40 41 # containerd < 1.4 doesn't work with cgroupv2 setup, so we check for that here 42 SYSFS_ROOT=/sys/fs/cgroup 43 if [[ "$(stat -f -c %T "$SYSFS_ROOT" 2>/dev/null)" == "cgroup2fs" && "${CONTAINERD_MAJOR}" -eq 1 && "${CONTAINERD_MINOR}" -lt 4 ]]; then 44 echo "containerd < 1.4 does not work with cgroup2" 45 exit 1 46 fi 47 48 # Helper for Go packages below. 49 install_helper() { 50 declare -r PACKAGE="${1}" 51 declare -r TAG="${2}" 52 53 # Clone the repository. 54 mkdir -p "${GOPATH}"/src/"$(dirname "${PACKAGE}")" && \ 55 git clone https://"${PACKAGE}" "${GOPATH}"/src/"${PACKAGE}" 56 57 # Checkout and build the repository. 58 (cd "${GOPATH}"/src/"${PACKAGE}" && \ 59 git checkout "${TAG}" && \ 60 make && \ 61 make install) 62 } 63 64 # Figure out were btrfs headers are. 65 # 66 # Ubuntu 16.04 has only btrfs-tools, while 18.04 has a transitional package, 67 # and later versions no longer have the transitional package. 68 # 69 # If we can't detect the VERSION_ID, we assume it's a newer version and use 70 # libbtrfs-dev. 71 source /etc/os-release 72 declare BTRFS_DEV 73 if [[ ! -z "${VERSION_ID}" && "${VERSION_ID%.*}" -le "18" ]]; then 74 BTRFS_DEV="btrfs-tools" 75 else 76 BTRFS_DEV="libbtrfs-dev" 77 fi 78 readonly BTRFS_DEV 79 80 # Install dependencies for the crictl tests. 81 export DEBIAN_FRONTEND=noninteractive 82 while true; do 83 apt-get update && apt-get install -y \ 84 "${BTRFS_DEV}" libseccomp-dev 85 result=$? 86 if [[ $result -eq 0 ]]; then 87 break 88 elif [[ $result -ne 100 ]]; then 89 exit $result 90 fi 91 done 92 93 # Install containerd & cri-tools. 94 GOPATH=$(mktemp -d --tmpdir gopathXXXXX) 95 declare -rx GOPATH 96 install_helper github.com/containerd/containerd "v${CONTAINERD_VERSION}" 97 install_helper github.com/kubernetes-sigs/cri-tools "v${CRITOOLS_VERSION}" 98 99 # Configure containerd-shim. 100 declare -r shim_config_path=/etc/containerd/runsc/config.toml 101 mkdir -p "$(dirname "${shim_config_path}")" 102 tee ${shim_config_path} <<-EOF 103 log_path = "/tmp/shim-logs/" 104 log_level = "debug" 105 106 [runsc_config] 107 debug = "true" 108 debug-log = "/tmp/runsc-logs/" 109 strace = "true" 110 file-access = "shared" 111 EOF 112 113 # Configure CNI. 114 (cd "${GOPATH}" && src/github.com/containerd/containerd/script/setup/install-cni) 115 tee /etc/cni/net.d/10-bridge.conf <<EOF 116 { 117 "cniVersion": "0.3.1", 118 "name": "bridge", 119 "type": "bridge", 120 "bridge": "cnio0", 121 "isGateway": true, 122 "ipMasq": true, 123 "ipam": { 124 "type": "host-local", 125 "ranges": [ 126 [{"subnet": "10.200.0.0/24"}] 127 ], 128 "routes": [{"dst": "0.0.0.0/0"}] 129 } 130 } 131 EOF 132 tee /etc/cni/net.d/99-loopback.conf <<EOF 133 { 134 "cniVersion": "0.3.1", 135 "type": "loopback" 136 } 137 EOF 138 139 # Configure crictl. 140 tee /etc/crictl.yaml <<EOF 141 runtime-endpoint: unix:///run/containerd/containerd.sock 142 EOF 143 144 # Cleanup. 145 rm -rf "${GOPATH}"