From b2ebb735e70ada17a4386dfaefbe0872b947b27e Mon Sep 17 00:00:00 2001 From: Lantao Liu Date: Tue, 17 Apr 2018 07:40:20 +0000 Subject: [PATCH 1/3] Improve gce bootstrapping in various ways. Signed-off-by: Lantao Liu --- cluster/gce/cloud-init/master.yaml | 19 ---- cluster/gce/cloud-init/node.yaml | 17 ---- cluster/gce/configure.sh | 144 +++++++++++++++++++++++++--- cluster/gce/env | 4 +- hack/release.sh | 4 +- hack/utils.sh | 7 ++ test/configure.sh | 99 ------------------- test/containerd/deploy-path | 1 - test/containerd/env | 3 + test/containerd/image-config.yaml | 4 +- test/containerd/pkg-prefix | 1 - test/e2e_node/benchmark-config.yaml | 56 +++++------ test/e2e_node/image-config.yaml | 4 +- test/e2e_node/init.yaml | 16 ---- test/env | 1 + 15 files changed, 177 insertions(+), 203 deletions(-) delete mode 100755 test/configure.sh delete mode 100644 test/containerd/deploy-path create mode 100644 test/containerd/env delete mode 100644 test/containerd/pkg-prefix create mode 100644 test/env diff --git a/cluster/gce/cloud-init/master.yaml b/cluster/gce/cloud-init/master.yaml index 23b2e3491..f9e4b538b 100644 --- a/cluster/gce/cloud-init/master.yaml +++ b/cluster/gce/cloud-init/master.yaml @@ -24,25 +24,6 @@ write_files: [Install] WantedBy=containerd.target - # containerd on master uses the cni binary and config in the - # release tarball. - - path: /etc/containerd/config.toml - permissions: 0644 - owner: root - content: | - [plugins.linux] - shim = "/home/containerd/usr/local/bin/containerd-shim" - runtime = "/home/containerd/usr/local/sbin/runc" - - [plugins.cri] - enable_tls_streaming = true - [plugins.cri.cni] - bin_dir = "/home/containerd/opt/cni/bin" - conf_dir = "/etc/cni/net.d" - conf_template = "/home/containerd/opt/containerd/cluster/gce/cni.template" - [plugins.cri.registry.mirrors."docker.io"] - endpoint = ["https://mirror.gcr.io","https://registry-1.docker.io"] - - path: /etc/systemd/system/containerd.service permissions: 0644 owner: root diff --git a/cluster/gce/cloud-init/node.yaml b/cluster/gce/cloud-init/node.yaml index e44a4a6a5..f850aea2e 100644 --- a/cluster/gce/cloud-init/node.yaml +++ b/cluster/gce/cloud-init/node.yaml @@ -24,23 +24,6 @@ write_files: [Install] WantedBy=containerd.target - - path: /etc/containerd/config.toml - permissions: 0644 - owner: root - content: | - [plugins.linux] - shim = "/home/containerd/usr/local/bin/containerd-shim" - runtime = "/home/containerd/usr/local/sbin/runc" - - [plugins.cri] - enable_tls_streaming = true - [plugins.cri.cni] - bin_dir = "/home/containerd/opt/cni/bin" - conf_dir = "/etc/cni/net.d" - conf_template = "/home/containerd/opt/containerd/cluster/gce/cni.template" - [plugins.cri.registry.mirrors."docker.io"] - endpoint = ["https://mirror.gcr.io","https://registry-1.docker.io"] - - path: /etc/systemd/system/containerd.service permissions: 0644 owner: root diff --git a/cluster/gce/configure.sh b/cluster/gce/configure.sh index 346f9ed2d..b335a7e16 100755 --- a/cluster/gce/configure.sh +++ b/cluster/gce/configure.sh @@ -22,6 +22,8 @@ set -o pipefail # CONTAINERD_HOME is the directory for containerd. CONTAINERD_HOME="/home/containerd" cd "${CONTAINERD_HOME}" +# KUBE_HOME is the directory for kubernetes. +KUBE_HOME="/home/kubernetes" # fetch_metadata fetches metadata from GCE metadata server. # Var set: @@ -36,32 +38,144 @@ fetch_metadata() { fi } -# DEPLOY_PATH is the gcs path where cri-containerd tarball is stored. -DEPLOY_PATH=${DEPLOY_PATH:-"cri-containerd-release"} +# fetch_env fetches environment variables from GCE metadata server +# and generate a env file under ${CONTAINERD_HOME}. It assumes that +# the environment variables in metadata are in yaml format. +fetch_env() { + local -r env_file_name=$1 + ( + umask 077; + local -r tmp_env_file="/tmp/${env_file_name}.yaml" + tmp_env_content=$(fetch_metadata "${env_file_name}") + if [ -z "${tmp_env_content}" ]; then + echo "No environment variable is specified in ${env_file_name}" + return + fi + echo "${tmp_env_content}" > "${tmp_env_file}" + # Convert the yaml format file into a shell-style file. + eval $(python -c ''' +import pipes,sys,yaml +for k,v in yaml.load(sys.stdin).iteritems(): + print("readonly {var}={value}".format(var = k, value = pipes.quote(str(v)))) +''' < "${tmp_env_file}" > "${CONTAINERD_HOME}/${env_file_name}") + rm -f "${tmp_env_file}" + ) +} -# PKG_PREFIX is the prefix of the cri-containerd tarball name. -# By default use the release tarball with cni built in. -PKG_PREFIX=${PKG_PREFIX:-"cri-containerd-cni"} +# is_preloaded checks whether a package has been preloaded in the image. +is_preloaded() { + local -r tar=$1 + local -r sha1=$2 + grep -qs "${tar},${sha1}" "${KUBE_HOME}/preload_info" +} -# VERSION is the cri-containerd version to use. -VERSION_METADATA="version" -VERSION=$(fetch_metadata "${VERSION_METADATA}") -if [ -z "${VERSION}" ]; then - echo "Version is not set." - exit 1 +# KUBE_ENV_METADATA is the metadata key for kubernetes envs. +KUBE_ENV_METADATA="kube-env" +fetch_env ${KUBE_ENV_METADATA} +if [ -f "${CONTAINERD_HOME}/${KUBE_ENV_METADATA}" ]; then + source "${CONTAINERD_HOME}/${KUBE_ENV_METADATA}" fi +# CONTAINERD_ENV_METADATA is the metadata key for containerd envs. +CONTAINERD_ENV_METADATA="containerd-env" +fetch_env ${CONTAINERD_ENV_METADATA} +if [ -f "${CONTAINERD_HOME}/${CONTAINERD_ENV_METADATA}" ]; then + source "${CONTAINERD_HOME}/${CONTAINERD_ENV_METADATA}" +fi + +# CONTAINERD_PKG_PREFIX is the prefix of the cri-containerd tarball name. +# By default use the release tarball with cni built in. +pkg_prefix=${CONTAINERD_PKG_PREFIX:-"cri-containerd-cni"} +# Behave differently for test and production. +if [ "${CONTAINERD_TEST:-"false"}" != "true" ]; then + # CONTAINERD_DEPLOY_PATH is the gcs path where cri-containerd tarball is stored. + deploy_path=${CONTAINERD_DEPLOY_PATH:-"cri-containerd-release"} + # CONTAINERD_VERSION is the cri-containerd version to use. + version=${CONTAINERD_VERSION:-""} + if [ -z "${version}" ]; then + echo "CONTAINERD_VERSION is not set." + exit 1 + fi +else + deploy_path=${CONTAINERD_DEPLOY_PATH:-"cri-containerd-staging"} + + # PULL_REFS_METADATA is the metadata key of PULL_REFS from prow. + PULL_REFS_METADATA="PULL_REFS" + pull_refs=$(fetch_metadata "${PULL_REFS_METADATA}") + if [ ! -z "${pull_refs}" ]; then + deploy_dir=$(echo "${pull_refs}" | sha1sum | awk '{print $1}') + deploy_path="${deploy_path}/${deploy_dir}" + fi + + # TODO(random-liu): Put version into the metadata instead of + # deciding it in cloud init. This may cause issue to reboot test. + version=$(curl -f --ipv4 --retry 6 --retry-delay 3 --silent --show-error \ + https://storage.googleapis.com/${deploy_path}/latest) +fi + +TARBALL_GCS_NAME="${pkg_prefix}-${version}.linux-amd64.tar.gz" # TARBALL_GCS_PATH is the path to download cri-containerd tarball for node e2e. -TARBALL_GCS_PATH="https://storage.googleapis.com/${DEPLOY_PATH}/${PKG_PREFIX}-${VERSION}.linux-amd64.tar.gz" +TARBALL_GCS_PATH="https://storage.googleapis.com/${deploy_path}/${TARBALL_GCS_NAME}" # TARBALL is the name of the tarball after being downloaded. TARBALL="cri-containerd.tar.gz" -# Download and untar the release tar ball. -curl -f --ipv4 -Lo "${TARBALL}" --connect-timeout 20 --max-time 300 --retry 6 --retry-delay 10 "${TARBALL_GCS_PATH}" -tar xvf "${TARBALL}" +# CONTAINERD_TAR_SHA1 is the sha1sum of containerd tarball. +if is_preloaded "${TARBALL_GCS_NAME}" "${CONTAINERD_TAR_SHA1:-""}"; then + echo "${TARBALL_GCS_NAME} is preloaded" +else + # Download and untar the release tar ball. + curl -f --ipv4 -Lo "${TARBALL}" --connect-timeout 20 --max-time 300 --retry 6 --retry-delay 10 "${TARBALL_GCS_PATH}" + tar xvf "${TARBALL}" + rm -f "${TARBALL}" +fi +# Configure containerd. # Copy crictl config. cp "${CONTAINERD_HOME}/etc/crictl.yaml" /etc +# Generate containerd config +config_path=${CONTAINERD_CONFIG_PATH:-"/etc/containerd/config.toml"} +mkdir -p $(dirname ${config_path}) +cni_bin_dir="${CONTAINERD_HOME}/opt/cni/bin" +cni_template_path="${CONTAINERD_HOME}/opt/containerd/cluster/gce/cni.template" +# NETWORK_POLICY_PROVIDER is from kube-env. +network_policy_provider="${NETWORK_POLICY_PROVIDER:-"none"}" +if [ -n "${network_policy_provider}" ] && [ "${network_policy_provider}" != "none" ] && [ "${KUBERNETES_MASTER:-}" != "true" ]; then + # Use Kubernetes cni daemonset on node if network policy provider is specified. + cni_bin_dir="${KUBE_HOME}/bin" + cni_template_path="" +fi +cat > ${config_path} < \ /etc/profile.d/containerd_env.sh + +# Run extra init script for test. +if [ "${CONTAINERD_TEST:-"false"}" == "true" ]; then + # EXTRA_INIT_SCRIPT is the name of the extra init script after being downloaded. + EXTRA_INIT_SCRIPT="containerd-extra-init.sh" + # EXTRA_INIT_SCRIPT_METADATA is the metadata key of init script. + EXTRA_INIT_SCRIPT_METADATA="containerd-extra-init-sh" + extra_init=$(fetch_metadata "${EXTRA_INIT_SCRIPT_METADATA}") + # Return if containerd-extra-init-sh is not set. + if [ -z "${extra_init}" ]; then + exit 0 + fi + echo "${extra_init}" > "${EXTRA_INIT_SCRIPT}" + chmod 544 "${EXTRA_INIT_SCRIPT}" + ./${EXTRA_INIT_SCRIPT} +fi diff --git a/cluster/gce/env b/cluster/gce/env index 201bc58f1..d189e7ff9 100644 --- a/cluster/gce/env +++ b/cluster/gce/env @@ -8,8 +8,8 @@ if [ ! -f "${version_file}" ]; then echo "version file does not exist" exit 1 fi -export KUBE_MASTER_EXTRA_METADATA="user-data=${GCE_DIR}/cloud-init/master.yaml,containerd-configure-sh=${GCE_DIR}/configure.sh,version=${version_file}" -export KUBE_NODE_EXTRA_METADATA="user-data=${GCE_DIR}/cloud-init/node.yaml,containerd-configure-sh=${GCE_DIR}/configure.sh,version=${version_file}" +export KUBE_MASTER_EXTRA_METADATA="user-data=${GCE_DIR}/cloud-init/master.yaml,containerd-configure-sh=${GCE_DIR}/configure.sh,containerd-env=${version_file}" +export KUBE_NODE_EXTRA_METADATA="user-data=${GCE_DIR}/cloud-init/node.yaml,containerd-configure-sh=${GCE_DIR}/configure.sh,containerd-env=${version_file}" export KUBE_CONTAINER_RUNTIME="remote" export KUBE_CONTAINER_RUNTIME_ENDPOINT="/run/containerd/containerd.sock" export KUBE_LOAD_IMAGE_COMMAND="/home/containerd/usr/local/bin/ctr cri load" diff --git a/hack/release.sh b/hack/release.sh index deb81b8cd..2633cfffa 100755 --- a/hack/release.sh +++ b/hack/release.sh @@ -56,7 +56,9 @@ cp ${ROOT}/contrib/systemd-units/* ${destdir}/etc/systemd/system/ mkdir -p ${destdir}/opt/containerd cp -r ${ROOT}/cluster ${destdir}/opt/containerd # Write a version file into the release tarball. -echo ${VERSION} > ${destdir}/opt/containerd/cluster/version +cat > ${destdir}/opt/containerd/cluster/version < \ - /etc/profile.d/containerd_env.sh - -# EXTRA_INIT_SCRIPT is the name of the extra init script after being downloaded. -EXTRA_INIT_SCRIPT="extra-init.sh" -# EXTRA_INIT_SCRIPT_METADATA is the metadata key of init script. -EXTRA_INIT_SCRIPT_METADATA="extra-init-sh" -extra_init=$(fetch_metadata "${EXTRA_INIT_SCRIPT_METADATA}") -# Return if extra-init-sh is not set. -if [ -z "${extra_init}" ]; then - exit 0 -fi -echo "${extra_init}" > "${EXTRA_INIT_SCRIPT}" -chmod 544 "${EXTRA_INIT_SCRIPT}" -./${EXTRA_INIT_SCRIPT} diff --git a/test/containerd/deploy-path b/test/containerd/deploy-path deleted file mode 100644 index f6e1ef39c..000000000 --- a/test/containerd/deploy-path +++ /dev/null @@ -1 +0,0 @@ -cri-containerd-staging/containerd diff --git a/test/containerd/env b/test/containerd/env new file mode 100644 index 000000000..4af3ec156 --- /dev/null +++ b/test/containerd/env @@ -0,0 +1,3 @@ +CONTAINERD_TEST: 'true' +CONTAINERD_DEPLOY_PATH: 'cri-containerd-staging/containerd' +CONTAINERD_PKG_PREFIX: 'containerd-cni' diff --git a/test/containerd/image-config.yaml b/test/containerd/image-config.yaml index 8c7bbee61..4b2787454 100644 --- a/test/containerd/image-config.yaml +++ b/test/containerd/image-config.yaml @@ -2,8 +2,8 @@ images: ubuntu: image: ubuntu-gke-1604-xenial-v20170420-1 project: ubuntu-os-gke-cloud - metadata: "user-data Date: Tue, 17 Apr 2018 17:38:55 -0700 Subject: [PATCH 2/3] Remove 10-containerd-net.conflist from `cri-containerd-cni` release tarball. Signed-off-by: Lantao Liu --- hack/install/install-cni-config.sh | 49 ++++++++++++++++++++++++++++++ hack/install/install-cni.sh | 28 ----------------- hack/install/install-deps.sh | 8 +++++ hack/release.sh | 3 +- hack/test-utils.sh | 2 +- 5 files changed, 60 insertions(+), 30 deletions(-) create mode 100755 hack/install/install-cni-config.sh diff --git a/hack/install/install-cni-config.sh b/hack/install/install-cni-config.sh new file mode 100755 index 000000000..b1d05263e --- /dev/null +++ b/hack/install/install-cni-config.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +# Copyright 2018 The containerd Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit +set -o nounset +set -o pipefail + +source $(dirname "${BASH_SOURCE[0]}")/utils.sh +CNI_CONFIG_DIR=${DESTDIR}/etc/cni/net.d +${SUDO} mkdir -p ${CNI_CONFIG_DIR} +${SUDO} bash -c 'cat >'${CNI_CONFIG_DIR}'/10-containerd-net.conflist <'${CNI_CONFIG_DIR}'/10-containerd-net.conflist < ${report_dir}/containerd.log & containerd_pid=$! # Wait for containerd to be running by using the containerd client ctr to check the version From d1ba950abc23839850174c99456632088dd8eb85 Mon Sep 17 00:00:00 2001 From: Lantao Liu Date: Tue, 17 Apr 2018 17:56:40 -0700 Subject: [PATCH 3/3] Add log level support. Signed-off-by: Lantao Liu --- cluster/gce/cloud-init/master.yaml | 2 +- cluster/gce/cloud-init/node.yaml | 2 +- cluster/gce/configure.sh | 6 +++++- test/containerd/env | 1 + test/e2e_node/init.yaml | 2 +- test/env | 1 + 6 files changed, 10 insertions(+), 4 deletions(-) diff --git a/cluster/gce/cloud-init/master.yaml b/cluster/gce/cloud-init/master.yaml index f9e4b538b..e656ea959 100644 --- a/cluster/gce/cloud-init/master.yaml +++ b/cluster/gce/cloud-init/master.yaml @@ -46,7 +46,7 @@ write_files: LimitNPROC=infinity LimitCORE=infinity ExecStartPre=/sbin/modprobe overlay - ExecStart=/home/containerd/usr/local/bin/containerd --log-level debug + ExecStart=/home/containerd/usr/local/bin/containerd [Install] WantedBy=containerd.target diff --git a/cluster/gce/cloud-init/node.yaml b/cluster/gce/cloud-init/node.yaml index f850aea2e..7e61f2bc7 100644 --- a/cluster/gce/cloud-init/node.yaml +++ b/cluster/gce/cloud-init/node.yaml @@ -46,7 +46,7 @@ write_files: LimitNPROC=infinity LimitCORE=infinity ExecStartPre=/sbin/modprobe overlay - ExecStart=/home/containerd/usr/local/bin/containerd --log-level debug + ExecStart=/home/containerd/usr/local/bin/containerd [Install] WantedBy=containerd.target diff --git a/cluster/gce/configure.sh b/cluster/gce/configure.sh index b335a7e16..564da10f1 100755 --- a/cluster/gce/configure.sh +++ b/cluster/gce/configure.sh @@ -134,7 +134,7 @@ fi cp "${CONTAINERD_HOME}/etc/crictl.yaml" /etc # Generate containerd config -config_path=${CONTAINERD_CONFIG_PATH:-"/etc/containerd/config.toml"} +config_path="${CONTAINERD_CONFIG_PATH:-"/etc/containerd/config.toml"}" mkdir -p $(dirname ${config_path}) cni_bin_dir="${CONTAINERD_HOME}/opt/cni/bin" cni_template_path="${CONTAINERD_HOME}/opt/containerd/cluster/gce/cni.template" @@ -145,7 +145,11 @@ if [ -n "${network_policy_provider}" ] && [ "${network_policy_provider}" != "non cni_bin_dir="${KUBE_HOME}/bin" cni_template_path="" fi +log_level="${CONTAINERD_LOG_LEVEL:-"info"}" cat > ${config_path} <