diff options
Diffstat (limited to 'cmd/crio/main.go')
| -rw-r--r-- | cmd/crio/main.go | 532 |
1 files changed, 532 insertions, 0 deletions
diff --git a/cmd/crio/main.go b/cmd/crio/main.go new file mode 100644 index 000000000..e58adb114 --- /dev/null +++ b/cmd/crio/main.go @@ -0,0 +1,532 @@ +package main + +import ( + "context" + "fmt" + "net" + "net/http" + _ "net/http/pprof" + "os" + "os/signal" + "sort" + "strings" + "time" + + "github.com/containers/storage/pkg/reexec" + "github.com/kubernetes-incubator/cri-o/libkpod" + "github.com/kubernetes-incubator/cri-o/server" + "github.com/kubernetes-incubator/cri-o/version" + "github.com/opencontainers/selinux/go-selinux" + "github.com/sirupsen/logrus" + "github.com/soheilhy/cmux" + "github.com/urfave/cli" + "golang.org/x/sys/unix" + "google.golang.org/grpc" + "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime" +) + +// gitCommit is the commit that the binary is being built from. +// It will be populated by the Makefile. +var gitCommit = "" + +func validateConfig(config *server.Config) error { + switch config.ImageVolumes { + case libkpod.ImageVolumesMkdir: + case libkpod.ImageVolumesIgnore: + case libkpod.ImageVolumesBind: + default: + return fmt.Errorf("Unrecognized image volume type specified") + + } + + // This needs to match the read buffer size in conmon + if config.LogSizeMax >= 0 && config.LogSizeMax < 8192 { + return fmt.Errorf("log size max should be negative or >= 8192") + } + return nil +} + +func mergeConfig(config *server.Config, ctx *cli.Context) error { + // Don't parse the config if the user explicitly set it to "". + if path := ctx.GlobalString("config"); path != "" { + if err := config.UpdateFromFile(path); err != nil { + if ctx.GlobalIsSet("config") || !os.IsNotExist(err) { + return err + } + + // We don't error out if --config wasn't explicitly set and the + // default doesn't exist. But we will log a warning about it, so + // the user doesn't miss it. + logrus.Warnf("default configuration file does not exist: %s", server.CrioConfigPath) + } + } + + // Override options set with the CLI. + if ctx.GlobalIsSet("conmon") { + config.Conmon = ctx.GlobalString("conmon") + } + if ctx.GlobalIsSet("pause-command") { + config.PauseCommand = ctx.GlobalString("pause-command") + } + if ctx.GlobalIsSet("pause-image") { + config.PauseImage = ctx.GlobalString("pause-image") + } + if ctx.GlobalIsSet("signature-policy") { + config.SignaturePolicyPath = ctx.GlobalString("signature-policy") + } + if ctx.GlobalIsSet("root") { + config.Root = ctx.GlobalString("root") + } + if ctx.GlobalIsSet("runroot") { + config.RunRoot = ctx.GlobalString("runroot") + } + if ctx.GlobalIsSet("storage-driver") { + config.Storage = ctx.GlobalString("storage-driver") + } + if ctx.GlobalIsSet("storage-opt") { + config.StorageOptions = ctx.GlobalStringSlice("storage-opt") + } + if ctx.GlobalIsSet("file-locking") { + config.FileLocking = ctx.GlobalBool("file-locking") + } + if ctx.GlobalIsSet("insecure-registry") { + config.InsecureRegistries = ctx.GlobalStringSlice("insecure-registry") + } + if ctx.GlobalIsSet("registry") { + config.Registries = ctx.GlobalStringSlice("registry") + } + if ctx.GlobalIsSet("default-transport") { + config.DefaultTransport = ctx.GlobalString("default-transport") + } + if ctx.GlobalIsSet("listen") { + config.Listen = ctx.GlobalString("listen") + } + if ctx.GlobalIsSet("stream-address") { + config.StreamAddress = ctx.GlobalString("stream-address") + } + if ctx.GlobalIsSet("stream-port") { + config.StreamPort = ctx.GlobalString("stream-port") + } + if ctx.GlobalIsSet("runtime") { + config.Runtime = ctx.GlobalString("runtime") + } + if ctx.GlobalIsSet("selinux") { + config.SELinux = ctx.GlobalBool("selinux") + } + if ctx.GlobalIsSet("seccomp-profile") { + config.SeccompProfile = ctx.GlobalString("seccomp-profile") + } + if ctx.GlobalIsSet("apparmor-profile") { + config.ApparmorProfile = ctx.GlobalString("apparmor-profile") + } + if ctx.GlobalIsSet("cgroup-manager") { + config.CgroupManager = ctx.GlobalString("cgroup-manager") + } + if ctx.GlobalIsSet("hooks-dir-path") { + config.HooksDirPath = ctx.GlobalString("hooks-dir-path") + } + if ctx.GlobalIsSet("default-mounts") { + config.DefaultMounts = ctx.GlobalStringSlice("default-mounts") + } + if ctx.GlobalIsSet("pids-limit") { + config.PidsLimit = ctx.GlobalInt64("pids-limit") + } + if ctx.GlobalIsSet("log-size-max") { + config.LogSizeMax = ctx.GlobalInt64("log-size-max") + } + if ctx.GlobalIsSet("cni-config-dir") { + config.NetworkDir = ctx.GlobalString("cni-config-dir") + } + if ctx.GlobalIsSet("cni-plugin-dir") { + config.PluginDir = ctx.GlobalString("cni-plugin-dir") + } + if ctx.GlobalIsSet("image-volumes") { + config.ImageVolumes = libkpod.ImageVolumesType(ctx.GlobalString("image-volumes")) + } + return nil +} + +func catchShutdown(gserver *grpc.Server, sserver *server.Server, hserver *http.Server, signalled *bool) { + sig := make(chan os.Signal, 10) + signal.Notify(sig, unix.SIGINT, unix.SIGTERM) + go func() { + for s := range sig { + switch s { + case unix.SIGINT: + logrus.Debugf("Caught SIGINT") + case unix.SIGTERM: + logrus.Debugf("Caught SIGTERM") + default: + continue + } + *signalled = true + gserver.GracefulStop() + hserver.Shutdown(context.Background()) + // TODO(runcom): enable this after https://github.com/kubernetes/kubernetes/pull/51377 + //sserver.StopStreamServer() + sserver.StopExitMonitor() + if err := sserver.Shutdown(); err != nil { + logrus.Warnf("error shutting down main service %v", err) + } + return + } + }() +} + +func main() { + if reexec.Init() { + return + } + app := cli.NewApp() + + var v []string + v = append(v, version.Version) + if gitCommit != "" { + v = append(v, fmt.Sprintf("commit: %s", gitCommit)) + } + app.Name = "crio" + app.Usage = "crio server" + app.Version = strings.Join(v, "\n") + app.Metadata = map[string]interface{}{ + "config": server.DefaultConfig(), + } + + app.Flags = []cli.Flag{ + cli.StringFlag{ + Name: "config", + Value: server.CrioConfigPath, + Usage: "path to configuration file", + }, + cli.StringFlag{ + Name: "conmon", + Usage: "path to the conmon executable", + }, + cli.StringFlag{ + Name: "listen", + Usage: "path to crio socket", + }, + cli.StringFlag{ + Name: "stream-address", + Usage: "bind address for streaming socket", + }, + cli.StringFlag{ + Name: "stream-port", + Usage: "bind port for streaming socket (default: \"10010\")", + }, + cli.StringFlag{ + Name: "log", + Value: "", + Usage: "set the log file path where internal debug information is written", + }, + cli.StringFlag{ + Name: "log-format", + Value: "text", + Usage: "set the format used by logs ('text' (default), or 'json')", + }, + cli.StringFlag{ + Name: "log-level", + Usage: "log messages above specified level: debug, info (default), warn, error, fatal or panic", + }, + + cli.StringFlag{ + Name: "pause-command", + Usage: "name of the pause command in the pause image", + }, + cli.StringFlag{ + Name: "pause-image", + Usage: "name of the pause image", + }, + cli.StringFlag{ + Name: "signature-policy", + Usage: "path to signature policy file", + }, + cli.StringFlag{ + Name: "root", + Usage: "crio root dir", + }, + cli.StringFlag{ + Name: "runroot", + Usage: "crio state dir", + }, + cli.StringFlag{ + Name: "storage-driver", + Usage: "storage driver", + }, + cli.StringSliceFlag{ + Name: "storage-opt", + Usage: "storage driver option", + }, + cli.BoolFlag{ + Name: "file-locking", + Usage: "enable or disable file-based locking", + }, + cli.StringSliceFlag{ + Name: "insecure-registry", + Usage: "whether to disable TLS verification for the given registry", + }, + cli.StringSliceFlag{ + Name: "registry", + Usage: "registry to be prepended when pulling unqualified images, can be specified multiple times", + }, + cli.StringFlag{ + Name: "default-transport", + Usage: "default transport", + }, + cli.StringFlag{ + Name: "runtime", + Usage: "OCI runtime path", + }, + cli.StringFlag{ + Name: "seccomp-profile", + Usage: "default seccomp profile path", + }, + cli.StringFlag{ + Name: "apparmor-profile", + Usage: "default apparmor profile name (default: \"crio-default\")", + }, + cli.BoolFlag{ + Name: "selinux", + Usage: "enable selinux support", + }, + cli.StringFlag{ + Name: "cgroup-manager", + Usage: "cgroup manager (cgroupfs or systemd)", + }, + cli.Int64Flag{ + Name: "pids-limit", + Value: libkpod.DefaultPidsLimit, + Usage: "maximum number of processes allowed in a container", + }, + cli.Int64Flag{ + Name: "log-size-max", + Value: libkpod.DefaultLogSizeMax, + Usage: "maximum log size in bytes for a container", + }, + cli.StringFlag{ + Name: "cni-config-dir", + Usage: "CNI configuration files directory", + }, + cli.StringFlag{ + Name: "cni-plugin-dir", + Usage: "CNI plugin binaries directory", + }, + cli.StringFlag{ + Name: "image-volumes", + Value: string(libkpod.ImageVolumesMkdir), + Usage: "image volume handling ('mkdir', 'bind', or 'ignore')", + }, + cli.StringFlag{ + Name: "hooks-dir-path", + Usage: "set the OCI hooks directory path", + Value: libkpod.DefaultHooksDirPath, + Hidden: true, + }, + cli.StringSliceFlag{ + Name: "default-mounts", + Usage: "add one or more default mount paths in the form host:container", + Hidden: true, + }, + cli.BoolFlag{ + Name: "profile", + Usage: "enable pprof remote profiler on localhost:6060", + }, + cli.IntFlag{ + Name: "profile-port", + Value: 6060, + Usage: "port for the pprof profiler", + }, + cli.BoolFlag{ + Name: "enable-metrics", + Usage: "enable metrics endpoint for the servier on localhost:9090", + }, + cli.IntFlag{ + Name: "metrics-port", + Value: 9090, + Usage: "port for the metrics endpoint", + }, + } + + sort.Sort(cli.FlagsByName(app.Flags)) + sort.Sort(cli.FlagsByName(configCommand.Flags)) + + app.Commands = []cli.Command{ + configCommand, + } + + app.Before = func(c *cli.Context) error { + // Load the configuration file. + config := c.App.Metadata["config"].(*server.Config) + if err := mergeConfig(config, c); err != nil { + return err + } + + if err := validateConfig(config); err != nil { + return err + } + + cf := &logrus.TextFormatter{ + TimestampFormat: "2006-01-02 15:04:05.000000000Z07:00", + FullTimestamp: true, + } + + logrus.SetFormatter(cf) + + if loglevel := c.GlobalString("log-level"); loglevel != "" { + level, err := logrus.ParseLevel(loglevel) + if err != nil { + return err + } + + logrus.SetLevel(level) + } + + if path := c.GlobalString("log"); path != "" { + f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_APPEND|os.O_SYNC, 0666) + if err != nil { + return err + } + logrus.SetOutput(f) + } + + switch c.GlobalString("log-format") { + case "text": + // retain logrus's default. + case "json": + logrus.SetFormatter(new(logrus.JSONFormatter)) + default: + return fmt.Errorf("unknown log-format %q", c.GlobalString("log-format")) + } + + return nil + } + + app.Action = func(c *cli.Context) error { + if c.GlobalBool("profile") { + profilePort := c.GlobalInt("profile-port") + profileEndpoint := fmt.Sprintf("localhost:%v", profilePort) + go func() { + http.ListenAndServe(profileEndpoint, nil) + }() + } + + args := c.Args() + if len(args) > 0 { + for _, command := range app.Commands { + if args[0] == command.Name { + break + } + } + return fmt.Errorf("command %q not supported", args[0]) + } + + config := c.App.Metadata["config"].(*server.Config) + + if !config.SELinux { + selinux.SetDisabled() + } + + if _, err := os.Stat(config.Runtime); os.IsNotExist(err) { + // path to runtime does not exist + return fmt.Errorf("invalid --runtime value %q", err) + } + + // Remove the socket if it already exists + if _, err := os.Stat(config.Listen); err == nil { + if err := os.Remove(config.Listen); err != nil { + logrus.Fatal(err) + } + } + lis, err := net.Listen("unix", config.Listen) + if err != nil { + logrus.Fatalf("failed to listen: %v", err) + } + + s := grpc.NewServer() + + service, err := server.New(config) + if err != nil { + logrus.Fatal(err) + } + + if c.GlobalBool("enable-metrics") { + metricsPort := c.GlobalInt("metrics-port") + me, err := service.CreateMetricsEndpoint() + if err != nil { + logrus.Fatalf("Failed to create metrics endpoint: %v", err) + } + l, err := net.Listen("tcp", fmt.Sprintf(":%v", metricsPort)) + if err != nil { + logrus.Fatalf("Failed to create listener for metrics: %v", err) + } + go func() { + if err := http.Serve(l, me); err != nil { + logrus.Fatalf("Failed to serve metrics endpoint: %v", err) + } + }() + } + + runtime.RegisterRuntimeServiceServer(s, service) + runtime.RegisterImageServiceServer(s, service) + + // after the daemon is done setting up we can notify systemd api + notifySystem() + + go func() { + service.StartExitMonitor() + }() + + m := cmux.New(lis) + grpcL := m.Match(cmux.HTTP2HeaderField("content-type", "application/grpc")) + httpL := m.Match(cmux.HTTP1Fast()) + + infoMux := service.GetInfoMux() + srv := &http.Server{ + Handler: infoMux, + ReadTimeout: 5 * time.Second, + } + + graceful := false + catchShutdown(s, service, srv, &graceful) + + go s.Serve(grpcL) + go srv.Serve(httpL) + + serverCloseCh := make(chan struct{}) + go func() { + defer close(serverCloseCh) + if err := m.Serve(); err != nil { + if graceful && strings.Contains(strings.ToLower(err.Error()), "use of closed network connection") { + err = nil + } else { + logrus.Errorf("Failed to serve grpc grpc request: %v", err) + } + } + }() + + // TODO(runcom): enable this after https://github.com/kubernetes/kubernetes/pull/51377 + //streamServerCloseCh := service.StreamingServerCloseChan() + serverExitMonitorCh := service.ExitMonitorCloseChan() + select { + // TODO(runcom): enable this after https://github.com/kubernetes/kubernetes/pull/51377 + //case <-streamServerCloseCh: + case <-serverExitMonitorCh: + case <-serverCloseCh: + } + + service.Shutdown() + + // TODO(runcom): enable this after https://github.com/kubernetes/kubernetes/pull/51377 + //<-streamServerCloseCh + //logrus.Debug("closed stream server") + <-serverExitMonitorCh + logrus.Debug("closed exit monitor") + <-serverCloseCh + logrus.Debug("closed main server") + + return nil + } + + if err := app.Run(os.Args); err != nil { + logrus.Fatal(err) + } +} |