k3s/pkg/agent/containerd/containerd.go

package containerd

import (
	"bufio"
	"context"
	"fmt"
	"io"
	"io/ioutil"
	"os"
	"os/exec"
	"path/filepath"
	"strings"
	"time"

	"github.com/containerd/containerd"
	"github.com/containerd/containerd/namespaces"
	"github.com/natefinch/lumberjack"
	"github.com/opencontainers/runc/libcontainer/system"
	"github.com/pkg/errors"
	"github.com/rancher/k3s/pkg/agent/templates"
	util2 "github.com/rancher/k3s/pkg/agent/util"
	"github.com/rancher/k3s/pkg/daemons/config"
	"github.com/sirupsen/logrus"
	"google.golang.org/grpc"
	yaml "gopkg.in/yaml.v2"
	runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
	"k8s.io/kubernetes/pkg/kubelet/util"
)

const (
	maxMsgSize = 1024 * 1024 * 16
)

func Run(ctx context.Context, cfg *config.Node) error {
	args := []string{
		"containerd",
		"-c", cfg.Containerd.Config,
		"-a", cfg.Containerd.Address,
		"--state", cfg.Containerd.State,
		"--root", cfg.Containerd.Root,
	}

	if err := setupContainerdConfig(ctx, cfg); err != nil {
		return err
	}

	if os.Getenv("CONTAINERD_LOG_LEVEL") != "" {
		args = append(args, "-l", os.Getenv("CONTAINERD_LOG_LEVEL"))
	}

	stdOut := io.Writer(os.Stdout)
	stdErr := io.Writer(os.Stderr)

	if cfg.Containerd.Log != "" {
		logrus.Infof("Logging containerd to %s", cfg.Containerd.Log)
		stdOut = &lumberjack.Logger{
			Filename:   cfg.Containerd.Log,
			MaxSize:    50,
			MaxBackups: 3,
			MaxAge:     28,
			Compress:   true,
		}
		stdErr = stdOut
	}

	go func() {
		logrus.Infof("Running containerd %s", config.ArgString(args[1:]))
		cmd := exec.Command(args[0], args[1:]...)
		cmd.Stdout = stdOut
		cmd.Stderr = stdErr
		addDeathSig(cmd)
		if err := cmd.Run(); err != nil {
			fmt.Fprintf(os.Stderr, "containerd: %s\n", err)
		}
		os.Exit(1)
	}()

	first := true
	for {
		conn, err := criConnection(ctx, cfg.Containerd.Address)
		if err == nil {
			conn.Close()
			break
		}
		if first {
			first = false
		} else {
			logrus.Infof("Waiting for containerd startup: %v", err)
		}
		select {
		case <-ctx.Done():
			return ctx.Err()
		case <-time.After(time.Second):
		}
	}

	return preloadImages(ctx, cfg)
}

func criConnection(ctx context.Context, address string) (*grpc.ClientConn, error) {
	addr, dialer, err := util.GetAddressAndDialer("unix://" + address)
	if err != nil {
		return nil, err
	}

	conn, err := grpc.Dial(addr, grpc.WithInsecure(), grpc.WithTimeout(3*time.Second), grpc.WithContextDialer(dialer), grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize)))
	if err != nil {
		return nil, err
	}

	c := runtimeapi.NewRuntimeServiceClient(conn)
	_, err = c.Version(ctx, &runtimeapi.VersionRequest{
		Version: "0.1.0",
	})
	if err != nil {
		conn.Close()
		return nil, err
	}

	return conn, nil
}

func preloadImages(ctx context.Context, cfg *config.Node) error {
	fileInfo, err := os.Stat(cfg.Images)
	if os.IsNotExist(err) {
		return nil
	} else if err != nil {
		logrus.Errorf("Unable to find images in %s: %v", cfg.Images, err)
		return nil
	}

	if !fileInfo.IsDir() {
		return nil
	}

	fileInfos, err := ioutil.ReadDir(cfg.Images)
	if err != nil {
		logrus.Errorf("Unable to read images in %s: %v", cfg.Images, err)
		return nil
	}

	client, err := containerd.New(cfg.Containerd.Address)
	if err != nil {
		return err
	}
	defer client.Close()

	criConn, err := criConnection(ctx, cfg.Containerd.Address)
	if err != nil {
		return err
	}
	defer criConn.Close()

	ctxContainerD := namespaces.WithNamespace(context.Background(), "k8s.io")

	for _, fileInfo := range fileInfos {
		if fileInfo.IsDir() {
			continue
		}

		filePath := filepath.Join(cfg.Images, fileInfo.Name())

		file, err := os.Open(filePath)
		if err != nil {
			logrus.Errorf("Unable to read %s: %v", filePath, err)
			continue
		}

		if strings.HasSuffix(fileInfo.Name(), ".txt") {
			prePullImages(ctx, criConn, file)
			file.Close()
			continue
		}

		logrus.Debugf("Import %s", filePath)
		_, err = client.Import(ctxContainerD, file)
		file.Close()
		if err != nil {
			logrus.Errorf("Unable to import %s: %v", filePath, err)
		}
	}
	return nil
}

func prePullImages(ctx context.Context, conn *grpc.ClientConn, images io.Reader) {
	imageClient := runtimeapi.NewImageServiceClient(conn)
	scanner := bufio.NewScanner(images)
	for scanner.Scan() {
		line := strings.TrimSpace(scanner.Text())
		resp, err := imageClient.ImageStatus(ctx, &runtimeapi.ImageStatusRequest{
			Image: &runtimeapi.ImageSpec{
				Image: line,
			},
		})
		if err == nil && resp.Image != nil {
			continue
		}

		logrus.Infof("Pulling image %s...", line)
		_, err = imageClient.PullImage(ctx, &runtimeapi.PullImageRequest{
			Image: &runtimeapi.ImageSpec{
				Image: line,
			},
		})
		if err != nil {
			logrus.Errorf("Failed to pull %s: %v", line, err)
		}
	}
}

func setupContainerdConfig(ctx context.Context, cfg *config.Node) error {
	privRegistries, err := getPrivateRegistries(ctx, cfg)
	if err != nil {
		return err
	}
	var containerdTemplate string
	containerdConfig := templates.ContainerdConfig{
		NodeConfig:            cfg,
		IsRunningInUserNS:     system.RunningInUserNS(),
		PrivateRegistryConfig: privRegistries,
	}

	selEnabled, selConfigured, err := selinuxStatus()
	if err != nil {
		return errors.Wrap(err, "failed to detect selinux")
	}
	if cfg.DisableSELinux {
		containerdConfig.SELinuxEnabled = false
		if selEnabled {
			logrus.Warn("SELinux is enabled for system but has been disabled for containerd by override")
		}
	} else {
		containerdConfig.SELinuxEnabled = selEnabled
	}
	if containerdConfig.SELinuxEnabled && !selConfigured {
		logrus.Warnf("SELinux is enabled for k3s but process is not running in context '%s', k3s-selinux policy may need to be applied", SELinuxContextType)
	}

	containerdTemplateBytes, err := ioutil.ReadFile(cfg.Containerd.Template)
	if err == nil {
		logrus.Infof("Using containerd template at %s", cfg.Containerd.Template)
		containerdTemplate = string(containerdTemplateBytes)
	} else if os.IsNotExist(err) {
		containerdTemplate = templates.ContainerdConfigTemplate
	} else {
		return err
	}
	parsedTemplate, err := templates.ParseTemplateFromConfig(containerdTemplate, containerdConfig)
	if err != nil {
		return err
	}

	return util2.WriteFile(cfg.Containerd.Config, parsedTemplate)
}

func getPrivateRegistries(ctx context.Context, cfg *config.Node) (*templates.Registry, error) {
	privRegistries := &templates.Registry{}
	privRegistryFile, err := ioutil.ReadFile(cfg.AgentConfig.PrivateRegistry)
	if err != nil {
		if os.IsNotExist(err) {
			return nil, nil
		}
		return nil, err
	}
	logrus.Infof("Using registry config file at %s", cfg.AgentConfig.PrivateRegistry)
	if err := yaml.Unmarshal(privRegistryFile, &privRegistries); err != nil {
		return nil, err
	}
	return privRegistries, nil
}
Initial Commit 2019-01-01 08:23:01 +00:00			`package containerd`

			`import (`
Support prepulling images on start In the agent/images folder if a .txt file is found it is assumed to be a line separated list of image names to pull on start. 2020-05-05 21:41:21 +00:00			`"bufio"`
Initial Commit 2019-01-01 08:23:01 +00:00			`"context"`
			`"fmt"`
Adjust debug logging and write containerd logs to a file 2019-02-08 04:12:49 +00:00			`"io"`
Preload images 2019-03-02 15:56:27 +00:00			`"io/ioutil"`
Initial Commit 2019-01-01 08:23:01 +00:00			`"os"`
			`"os/exec"`
Preload images 2019-03-02 15:56:27 +00:00			`"path/filepath"`
Support prepulling images on start In the agent/images folder if a .txt file is found it is assumed to be a line separated list of image names to pull on start. 2020-05-05 21:41:21 +00:00			`"strings"`
Initial Commit 2019-01-01 08:23:01 +00:00			`"time"`

refactor: creates loadImages function. 2019-03-07 00:34:05 +00:00			`"github.com/containerd/containerd"`
			`"github.com/containerd/containerd/namespaces"`
Adjust debug logging and write containerd logs to a file 2019-02-08 04:12:49 +00:00			`"github.com/natefinch/lumberjack"`
Add rootless support 2019-03-08 22:47:44 +00:00			`"github.com/opencontainers/runc/libcontainer/system"`
Support SELinux 2020-02-24 20:13:59 +00:00			`"github.com/pkg/errors"`
Add containerd config go template 2019-04-19 21:08:05 +00:00			`"github.com/rancher/k3s/pkg/agent/templates"`
Continued refactoring 2019-01-09 16:54:15 +00:00			`util2 "github.com/rancher/k3s/pkg/agent/util"`
			`"github.com/rancher/k3s/pkg/daemons/config"`
Initial Commit 2019-01-01 08:23:01 +00:00			`"github.com/sirupsen/logrus"`
			`"google.golang.org/grpc"`
Add private registry to containerd 2019-10-07 23:04:58 +00:00			`yaml "gopkg.in/yaml.v2"`
Update to new cri-api import 2019-08-27 04:35:51 +00:00			`runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"`
Initial Commit 2019-01-01 08:23:01 +00:00			`"k8s.io/kubernetes/pkg/kubelet/util"`
			`)`

			`const (`
			`maxMsgSize = 1024 * 1024 * 16`
			`)`

Continued refactoring 2019-01-09 16:54:15 +00:00			`func Run(ctx context.Context, cfg *config.Node) error {`
Initial Commit 2019-01-01 08:23:01 +00:00			`args := []string{`
			`"containerd",`
Continued refactoring 2019-01-09 16:54:15 +00:00			`"-c", cfg.Containerd.Config,`
			`"-a", cfg.Containerd.Address,`
			`"--state", cfg.Containerd.State,`
			`"--root", cfg.Containerd.Root,`
			`}`

Add containerd config go template 2019-04-19 21:08:05 +00:00			`if err := setupContainerdConfig(ctx, cfg); err != nil {`
Initial Commit 2019-01-01 08:23:01 +00:00			`return err`
			`}`

Adjust debug logging and write containerd logs to a file 2019-02-08 04:12:49 +00:00			`if os.Getenv("CONTAINERD_LOG_LEVEL") != "" {`
Fix containerd debug log env var 2019-03-07 18:20:44 +00:00			`args = append(args, "-l", os.Getenv("CONTAINERD_LOG_LEVEL"))`
Adjust debug logging and write containerd logs to a file 2019-02-08 04:12:49 +00:00			`}`

			`stdOut := io.Writer(os.Stdout)`
			`stdErr := io.Writer(os.Stderr)`

			`if cfg.Containerd.Log != "" {`
			`logrus.Infof("Logging containerd to %s", cfg.Containerd.Log)`
			`stdOut = &lumberjack.Logger{`
			`Filename: cfg.Containerd.Log,`
			`MaxSize: 50,`
			`MaxBackups: 3,`
			`MaxAge: 28,`
			`Compress: true,`
			`}`
			`stdErr = stdOut`
Initial Commit 2019-01-01 08:23:01 +00:00			`}`

			`go func() {`
Continued refactoring 2019-01-09 16:54:15 +00:00			`logrus.Infof("Running containerd %s", config.ArgString(args[1:]))`
Initial Commit 2019-01-01 08:23:01 +00:00			`cmd := exec.Command(args[0], args[1:]...)`
Adjust debug logging and write containerd logs to a file 2019-02-08 04:12:49 +00:00			`cmd.Stdout = stdOut`
			`cmd.Stderr = stdErr`
get build on windows and get api_server to work 2020-02-22 18:39:33 +00:00			`addDeathSig(cmd)`
Initial Commit 2019-01-01 08:23:01 +00:00			`if err := cmd.Run(); err != nil {`
			`fmt.Fprintf(os.Stderr, "containerd: %s\n", err)`
			`}`
			`os.Exit(1)`
			`}()`

Support prepulling images on start In the agent/images folder if a .txt file is found it is assumed to be a line separated list of image names to pull on start. 2020-05-05 21:41:21 +00:00			`first := true`
Initial Commit 2019-01-01 08:23:01 +00:00			`for {`
Support prepulling images on start In the agent/images folder if a .txt file is found it is assumed to be a line separated list of image names to pull on start. 2020-05-05 21:41:21 +00:00			`conn, err := criConnection(ctx, cfg.Containerd.Address)`
Initial Commit 2019-01-01 08:23:01 +00:00			`if err == nil {`
			`conn.Close()`
			`break`
			`}`
Support prepulling images on start In the agent/images folder if a .txt file is found it is assumed to be a line separated list of image names to pull on start. 2020-05-05 21:41:21 +00:00			`if first {`
			`first = false`
			`} else {`
			`logrus.Infof("Waiting for containerd startup: %v", err)`
			`}`
Continued refactoring 2019-01-09 16:54:15 +00:00			`select {`
			`case <-ctx.Done():`
			`return ctx.Err()`
			`case <-time.After(time.Second):`
			`}`
Initial Commit 2019-01-01 08:23:01 +00:00			`}`

Support prepulling images on start In the agent/images folder if a .txt file is found it is assumed to be a line separated list of image names to pull on start. 2020-05-05 21:41:21 +00:00			`return preloadImages(ctx, cfg)`
refactor: creates loadImages function. 2019-03-07 00:34:05 +00:00			`}`

Support prepulling images on start In the agent/images folder if a .txt file is found it is assumed to be a line separated list of image names to pull on start. 2020-05-05 21:41:21 +00:00			`func criConnection(ctx context.Context, address string) (*grpc.ClientConn, error) {`
			`addr, dialer, err := util.GetAddressAndDialer("unix://" + address)`
			`if err != nil {`
			`return nil, err`
			`}`

			`conn, err := grpc.Dial(addr, grpc.WithInsecure(), grpc.WithTimeout(3*time.Second), grpc.WithContextDialer(dialer), grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize)))`
			`if err != nil {`
			`return nil, err`
			`}`

			`c := runtimeapi.NewRuntimeServiceClient(conn)`
			`_, err = c.Version(ctx, &runtimeapi.VersionRequest{`
			`Version: "0.1.0",`
			`})`
			`if err != nil {`
			`conn.Close()`
			`return nil, err`
			`}`

			`return conn, nil`
			`}`

			`func preloadImages(ctx context.Context, cfg *config.Node) error {`
fix review. 2019-03-04 20:45:30 +00:00			`fileInfo, err := os.Stat(cfg.Images)`
Remove spurious error on start 2019-03-07 16:47:37 +00:00			`if os.IsNotExist(err) {`
			`return nil`
			`} else if err != nil {`
refactor: creates loadImages function. 2019-03-07 00:34:05 +00:00			`logrus.Errorf("Unable to find images in %s: %v", cfg.Images, err)`
			`return nil`
			`}`

			`if !fileInfo.IsDir() {`
			`return nil`
			`}`

			`fileInfos, err := ioutil.ReadDir(cfg.Images)`
			`if err != nil {`
			`logrus.Errorf("Unable to read images in %s: %v", cfg.Images, err)`
			`return nil`
			`}`

			`client, err := containerd.New(cfg.Containerd.Address)`
			`if err != nil {`
			`return err`
			`}`
			`defer client.Close()`

Support prepulling images on start In the agent/images folder if a .txt file is found it is assumed to be a line separated list of image names to pull on start. 2020-05-05 21:41:21 +00:00			`criConn, err := criConnection(ctx, cfg.Containerd.Address)`
			`if err != nil {`
			`return err`
			`}`
			`defer criConn.Close()`

refactor: creates loadImages function. 2019-03-07 00:34:05 +00:00			`ctxContainerD := namespaces.WithNamespace(context.Background(), "k8s.io")`

			`for _, fileInfo := range fileInfos {`
Preload images 2019-03-02 15:56:27 +00:00			`if fileInfo.IsDir() {`
refactor: creates loadImages function. 2019-03-07 00:34:05 +00:00			`continue`
Preload images 2019-03-02 15:56:27 +00:00			`}`

refactor: creates loadImages function. 2019-03-07 00:34:05 +00:00			`filePath := filepath.Join(cfg.Images, fileInfo.Name())`

			`file, err := os.Open(filePath)`
			`if err != nil {`
			`logrus.Errorf("Unable to read %s: %v", filePath, err)`
			`continue`
			`}`

Support prepulling images on start In the agent/images folder if a .txt file is found it is assumed to be a line separated list of image names to pull on start. 2020-05-05 21:41:21 +00:00			`if strings.HasSuffix(fileInfo.Name(), ".txt") {`
			`prePullImages(ctx, criConn, file)`
			`file.Close()`
			`continue`
			`}`

refactor: creates loadImages function. 2019-03-07 00:34:05 +00:00			`logrus.Debugf("Import %s", filePath)`
			`_, err = client.Import(ctxContainerD, file)`
Support prepulling images on start In the agent/images folder if a .txt file is found it is assumed to be a line separated list of image names to pull on start. 2020-05-05 21:41:21 +00:00			`file.Close()`
refactor: creates loadImages function. 2019-03-07 00:34:05 +00:00			`if err != nil {`
			`logrus.Errorf("Unable to import %s: %v", filePath, err)`
			`}`
			`}`
Initial Commit 2019-01-01 08:23:01 +00:00			`return nil`
			`}`
Add containerd config go template 2019-04-19 21:08:05 +00:00
Support prepulling images on start In the agent/images folder if a .txt file is found it is assumed to be a line separated list of image names to pull on start. 2020-05-05 21:41:21 +00:00			`func prePullImages(ctx context.Context, conn *grpc.ClientConn, images io.Reader) {`
			`imageClient := runtimeapi.NewImageServiceClient(conn)`
			`scanner := bufio.NewScanner(images)`
			`for scanner.Scan() {`
			`line := strings.TrimSpace(scanner.Text())`
			`resp, err := imageClient.ImageStatus(ctx, &runtimeapi.ImageStatusRequest{`
			`Image: &runtimeapi.ImageSpec{`
			`Image: line,`
			`},`
			`})`
			`if err == nil && resp.Image != nil {`
			`continue`
			`}`

			`logrus.Infof("Pulling image %s...", line)`
			`_, err = imageClient.PullImage(ctx, &runtimeapi.PullImageRequest{`
			`Image: &runtimeapi.ImageSpec{`
			`Image: line,`
			`},`
			`})`
			`if err != nil {`
			`logrus.Errorf("Failed to pull %s: %v", line, err)`
			`}`
			`}`
			`}`

Add containerd config go template 2019-04-19 21:08:05 +00:00			`func setupContainerdConfig(ctx context.Context, cfg *config.Node) error {`
Add private registry to containerd 2019-10-07 23:04:58 +00:00			`privRegistries, err := getPrivateRegistries(ctx, cfg)`
			`if err != nil {`
			`return err`
			`}`
Add containerd config go template 2019-04-19 21:08:05 +00:00			`var containerdTemplate string`
			`containerdConfig := templates.ContainerdConfig{`
Add private registry to containerd 2019-10-07 23:04:58 +00:00			`NodeConfig: cfg,`
			`IsRunningInUserNS: system.RunningInUserNS(),`
			`PrivateRegistryConfig: privRegistries,`
Add containerd config go template 2019-04-19 21:08:05 +00:00			`}`

Simplify SELinux detection and add --disable-selinux flag 2020-02-28 17:10:55 +00:00			`selEnabled, selConfigured, err := selinuxStatus()`
Support SELinux 2020-02-24 20:13:59 +00:00			`if err != nil {`
			`return errors.Wrap(err, "failed to detect selinux")`
			`}`
Simplify SELinux detection and add --disable-selinux flag 2020-02-28 17:10:55 +00:00			`if cfg.DisableSELinux {`
			`containerdConfig.SELinuxEnabled = false`
			`if selEnabled {`
			`logrus.Warn("SELinux is enabled for system but has been disabled for containerd by override")`
			`}`
			`} else {`
			`containerdConfig.SELinuxEnabled = selEnabled`
			`}`
			`if containerdConfig.SELinuxEnabled && !selConfigured {`
			`logrus.Warnf("SELinux is enabled for k3s but process is not running in context '%s', k3s-selinux policy may need to be applied", SELinuxContextType)`
			`}`
Support SELinux 2020-02-24 20:13:59 +00:00
Add containerd config go template 2019-04-19 21:08:05 +00:00			`containerdTemplateBytes, err := ioutil.ReadFile(cfg.Containerd.Template)`
			`if err == nil {`
			`logrus.Infof("Using containerd template at %s", cfg.Containerd.Template)`
			`containerdTemplate = string(containerdTemplateBytes)`
			`} else if os.IsNotExist(err) {`
			`containerdTemplate = templates.ContainerdConfigTemplate`
			`} else {`
			`return err`
			`}`
			`parsedTemplate, err := templates.ParseTemplateFromConfig(containerdTemplate, containerdConfig)`
			`if err != nil {`
			`return err`
			`}`

			`return util2.WriteFile(cfg.Containerd.Config, parsedTemplate)`
			`}`
Add private registry to containerd 2019-10-07 23:04:58 +00:00
			`func getPrivateRegistries(ctx context.Context, cfg config.Node) (templates.Registry, error) {`
			`privRegistries := &templates.Registry{}`
			`privRegistryFile, err := ioutil.ReadFile(cfg.AgentConfig.PrivateRegistry)`
			`if err != nil {`
			`if os.IsNotExist(err) {`
			`return nil, nil`
			`}`
			`return nil, err`
			`}`
			`logrus.Infof("Using registry config file at %s", cfg.AgentConfig.PrivateRegistry)`
remove []byte trans, handle func error 2019-11-28 11:26:45 +00:00			`if err := yaml.Unmarshal(privRegistryFile, &privRegistries); err != nil {`
Add private registry to containerd 2019-10-07 23:04:58 +00:00			`return nil, err`
			`}`
			`return privRegistries, nil`
			`}`