func runGCImage(cmd *cobra.Command, args []string) (exit int) {
s, err := imagestore.NewStore(storeDir())
if err != nil {
stderr.PrintE("cannot open store", err)
return 1
}
ts, err := treestore.NewStore(treeStoreDir(), s)
if err != nil {
stderr.PrintE("cannot open store", err)
return
}
if err := gcTreeStore(ts); err != nil {
stderr.PrintE("failed to remove unreferenced treestores", err)
return 1
}
if err := gcStore(s, flagImageGracePeriod); err != nil {
stderr.Error(err)
return 1
}
return 0
}
// deletePod cleans up files and resource associated with the pod
// pod must be under exclusive lock and be in either ExitedGarbage
// or Garbage state
func deletePod(p *pkgPod.Pod) {
podState := p.State()
if podState != pkgPod.ExitedGarbage && podState != pkgPod.Garbage {
stderr.Panicf("logic error: deletePod called with non-garbage pod %q (status %q)", p.UUID, p.State())
}
if podState == pkgPod.ExitedGarbage {
s, err := imagestore.NewStore(storeDir())
if err != nil {
stderr.PrintE("cannot open store", err)
return
}
defer s.Close()
ts, err := treestore.NewStore(treeStoreDir(), s)
if err != nil {
stderr.PrintE("cannot open store", err)
return
}
if globalFlags.Debug {
stage0.InitDebug()
}
if err := mountPodStage1(ts, p); err == nil {
if err = stage0.GC(p.Path(), p.UUID); err != nil {
stderr.PrintE(fmt.Sprintf("problem performing stage1 GC on %q", p.UUID), err)
}
// an overlay fs can be mounted over itself, let's unmount it here
// if we mounted it before to avoid problems when running
// stage0.MountGC
if p.UsesOverlay() {
stage1Mnt := common.Stage1RootfsPath(p.Path())
if err := syscall.Unmount(stage1Mnt, 0); err != nil {
stderr.PrintE("error unmounting stage1", err)
}
}
} else {
stderr.PrintE("skipping stage1 GC", err)
}
// unmount all leftover mounts
if err := stage0.MountGC(p.Path(), p.UUID.String()); err != nil {
stderr.PrintE(fmt.Sprintf("GC of leftover mounts for pod %q failed", p.UUID), err)
return
}
}
if err := os.RemoveAll(p.Path()); err != nil {
stderr.PrintE(fmt.Sprintf("unable to remove pod %q", p.UUID), err)
os.Exit(254)
}
}
// mountOverlay mounts the app from the overlay-rendered pod to the destination directory.
func mountOverlay(pod *pod, app *schema.RuntimeApp, dest string) error {
if _, err := os.Stat(dest); err != nil {
return err
}
s, err := imagestore.NewStore(getDataDir())
if err != nil {
return errwrap.Wrap(errors.New("cannot open store"), err)
}
ts, err := treestore.NewStore(treeStoreDir(), s)
if err != nil {
return errwrap.Wrap(errors.New("cannot open treestore"), err)
}
treeStoreID, err := pod.getAppTreeStoreID(app.Name)
if err != nil {
return err
}
lower := ts.GetRootFS(treeStoreID)
imgDir := filepath.Join(filepath.Join(pod.path(), "overlay"), treeStoreID)
if _, err := os.Stat(imgDir); err != nil {
return err
}
upper := filepath.Join(imgDir, "upper", app.Name.String())
if _, err := os.Stat(upper); err != nil {
return err
}
work := filepath.Join(imgDir, "work", app.Name.String())
if _, err := os.Stat(work); err != nil {
return err
}
if err := overlay.Mount(&overlay.MountCfg{lower, upper, work, dest, ""}); err != nil {
return errwrap.Wrap(errors.New("problem mounting overlayfs directory"), err)
}
return nil
}
func runRun(cmd *cobra.Command, args []string) (exit int) {
privateUsers := user.NewBlankUidRange()
err := parseApps(&rktApps, args, cmd.Flags(), true)
if err != nil {
stderr.PrintE("error parsing app image arguments", err)
return 1
}
if flagStoreOnly && flagNoStore {
stderr.Print("both --store-only and --no-store specified")
return 1
}
if flagPrivateUsers {
if !common.SupportsUserNS() {
stderr.Print("--private-users is not supported, kernel compiled without user namespace support")
return 1
}
privateUsers.SetRandomUidRange(user.DefaultRangeCount)
}
if len(flagPorts) > 0 && flagNet.None() {
stderr.Print("--port flag does not work with 'none' networking")
return 1
}
if len(flagPorts) > 0 && flagNet.Host() {
stderr.Print("--port flag does not work with 'host' networking")
return 1
}
if flagMDSRegister && flagNet.None() {
stderr.Print("--mds-register flag does not work with --net=none. Please use 'host', 'default' or an equivalent network")
return 1
}
if len(flagPodManifest) > 0 && (len(flagPorts) > 0 || rktApps.Count() > 0 || flagStoreOnly || flagNoStore ||
flagInheritEnv || !flagExplicitEnv.IsEmpty() || !flagEnvFromFile.IsEmpty() ||
(*appsVolume)(&rktApps).String() != "" || (*appMount)(&rktApps).String() != "" || (*appExec)(&rktApps).String() != "" ||
(*appUser)(&rktApps).String() != "" || (*appGroup)(&rktApps).String() != "" ||
(*appCapsRetain)(&rktApps).String() != "" || (*appCapsRemove)(&rktApps).String() != "") {
stderr.Print("conflicting flags set with --pod-manifest (see --help)")
return 1
}
if flagInteractive && rktApps.Count() > 1 {
stderr.Print("interactive option only supports one image")
return 1
}
if rktApps.Count() < 1 && len(flagPodManifest) == 0 {
stderr.Print("must provide at least one image or specify the pod manifest")
return 1
}
s, err := imagestore.NewStore(storeDir())
if err != nil {
stderr.PrintE("cannot open store", err)
return 1
}
ts, err := treestore.NewStore(treeStoreDir(), s)
if err != nil {
stderr.PrintE("cannot open treestore", err)
return 1
}
config, err := getConfig()
if err != nil {
stderr.PrintE("cannot get configuration", err)
return 1
}
s1img, err := getStage1Hash(s, ts, config)
if err != nil {
stderr.Error(err)
return 1
}
fn := &image.Finder{
S: s,
Ts: ts,
Ks: getKeystore(),
Headers: config.AuthPerHost,
DockerAuth: config.DockerCredentialsPerRegistry,
InsecureFlags: globalFlags.InsecureFlags,
Debug: globalFlags.Debug,
TrustKeysFromHTTPS: globalFlags.TrustKeysFromHTTPS,
StoreOnly: flagStoreOnly,
NoStore: flagNoStore,
WithDeps: true,
}
if err := fn.FindImages(&rktApps); err != nil {
stderr.Error(err)
return 1
}
p, err := newPod()
if err != nil {
stderr.PrintE("error creating new pod", err)
return 1
}
// if requested, write out pod UUID early so "rkt rm" can
// clean it up even if something goes wrong
if flagUUIDFileSave != "" {
if err := writeUUIDToFile(p.uuid, flagUUIDFileSave); err != nil {
stderr.PrintE("error saving pod UUID to file", err)
return 1
}
}
processLabel, mountLabel, err := label.InitLabels([]string{"mcsdir:/var/run/rkt/mcs"})
if err != nil {
stderr.PrintE("error initialising SELinux", err)
return 1
}
p.mountLabel = mountLabel
cfg := stage0.CommonConfig{
MountLabel: mountLabel,
ProcessLabel: processLabel,
Store: s,
TreeStore: ts,
Stage1Image: *s1img,
UUID: p.uuid,
Debug: globalFlags.Debug,
}
pcfg := stage0.PrepareConfig{
CommonConfig: &cfg,
UseOverlay: !flagNoOverlay && common.SupportsOverlay() && common.FSSupportsOverlay(getDataDir()),
PrivateUsers: privateUsers,
SkipTreeStoreCheck: globalFlags.InsecureFlags.SkipOnDiskCheck(),
}
if len(flagPodManifest) > 0 {
pcfg.PodManifest = flagPodManifest
} else {
pcfg.Ports = []types.ExposedPort(flagPorts)
pcfg.InheritEnv = flagInheritEnv
pcfg.ExplicitEnv = flagExplicitEnv.Strings()
pcfg.EnvFromFile = flagEnvFromFile.Strings()
pcfg.Apps = &rktApps
}
if globalFlags.Debug {
stage0.InitDebug()
}
keyLock, err := lock.SharedKeyLock(lockDir(), common.PrepareLock)
if err != nil {
stderr.PrintE("cannot get shared prepare lock", err)
return 1
}
err = stage0.Prepare(pcfg, p.path(), p.uuid)
if err != nil {
stderr.PrintE("error setting up stage0", err)
keyLock.Close()
return 1
}
keyLock.Close()
// get the lock fd for run
lfd, err := p.Fd()
if err != nil {
stderr.PrintE("error getting pod lock fd", err)
return 1
}
// skip prepared by jumping directly to run, we own this pod
if err := p.xToRun(); err != nil {
stderr.PrintE("unable to transition to run", err)
return 1
}
rktgid, err := common.LookupGid(common.RktGroup)
if err != nil {
stderr.Printf("group %q not found, will use default gid when rendering images", common.RktGroup)
rktgid = -1
}
rcfg := stage0.RunConfig{
CommonConfig: &cfg,
Net: flagNet,
LockFd: lfd,
Interactive: flagInteractive,
DNS: flagDNS,
DNSSearch: flagDNSSearch,
DNSOpt: flagDNSOpt,
MDSRegister: flagMDSRegister,
LocalConfig: globalFlags.LocalConfigDir,
RktGid: rktgid,
Hostname: flagHostname,
}
apps, err := p.getApps()
if err != nil {
stderr.PrintE("cannot get the appList in the pod manifest", err)
return 1
}
rcfg.Apps = apps
stage0.Run(rcfg, p.path(), getDataDir()) // execs, never returns
return 1
}
func runImageRender(cmd *cobra.Command, args []string) (exit int) {
if len(args) != 2 {
cmd.Usage()
return 254
}
outputDir := args[1]
s, err := imagestore.NewStore(storeDir())
if err != nil {
stderr.PrintE("cannot open store", err)
return 254
}
ts, err := treestore.NewStore(treeStoreDir(), s)
if err != nil {
stderr.PrintE("cannot open store", err)
return
}
key, err := getStoreKeyFromAppOrHash(s, args[0])
if err != nil {
stderr.Error(err)
return 254
}
id, _, err := ts.Render(key, false)
if err != nil {
stderr.PrintE("error rendering ACI", err)
return 254
}
if _, err := ts.Check(id); err != nil {
stderr.Print("warning: tree cache is in a bad state. Rebuilding...")
var err error
if id, _, err = ts.Render(key, true); err != nil {
stderr.PrintE("error rendering ACI", err)
return 254
}
}
if _, err := os.Stat(outputDir); err == nil {
if !flagRenderOverwrite {
stderr.Print("output directory exists (try --overwrite)")
return 254
}
// don't allow the user to delete the root filesystem by mistake
if outputDir == "/" {
stderr.Print("this would delete your root filesystem. Refusing.")
return 254
}
if err := os.RemoveAll(outputDir); err != nil {
stderr.PrintE("error removing existing output dir", err)
return 254
}
}
rootfsOutDir := outputDir
if !flagRenderRootfsOnly {
if err := os.MkdirAll(outputDir, 0755); err != nil {
stderr.PrintE("error creating output directory", err)
return 254
}
rootfsOutDir = filepath.Join(rootfsOutDir, "rootfs")
manifest, err := s.GetImageManifest(key)
if err != nil {
stderr.PrintE("error getting manifest", err)
return 254
}
mb, err := json.Marshal(manifest)
if err != nil {
stderr.PrintE("error marshalling image manifest", err)
return 254
}
if err := ioutil.WriteFile(filepath.Join(outputDir, "manifest"), mb, 0700); err != nil {
stderr.PrintE("error writing image manifest", err)
return 254
}
}
cachedTreePath := ts.GetRootFS(id)
if err := fileutil.CopyTree(cachedTreePath, rootfsOutDir, user.NewBlankUidRange()); err != nil {
stderr.PrintE("error copying ACI rootfs", err)
return 254
}
return 0
}
func runAppAdd(cmd *cobra.Command, args []string) (exit int) {
if len(args) < 2 {
stderr.Print("must provide the pod UUID and an IMAGEID")
return 254
}
err := parseApps(&rktApps, args[1:], cmd.Flags(), true)
if err != nil {
stderr.PrintE("error parsing app image arguments", err)
return 254
}
if rktApps.Count() > 1 {
stderr.Print("must give only one app")
return 254
}
p, err := pkgPod.PodFromUUIDString(getDataDir(), args[0])
if err != nil {
stderr.PrintE("problem retrieving pod", err)
return 254
}
defer p.Close()
if p.State() != pkgPod.Running {
stderr.Printf("pod %q isn't currently running", p.UUID)
return 254
}
if !p.IsSupervisorReady() {
stderr.Printf("supervisor for pod %q is not yet ready", p.UUID)
return 254
}
s, err := imagestore.NewStore(storeDir())
if err != nil {
stderr.PrintE("cannot open store", err)
return 254
}
ts, err := treestore.NewStore(treeStoreDir(), s)
if err != nil {
stderr.PrintE("cannot open treestore", err)
return 254
}
fn := &image.Finder{
S: s,
Ts: ts,
Ks: getKeystore(),
StoreOnly: true,
NoStore: false,
}
img, err := fn.FindImage(args[1], "")
if err != nil {
stderr.PrintE("error finding images", err)
return 254
}
podPID, err := p.ContainerPid1()
if err != nil {
stderr.PrintE(fmt.Sprintf("unable to determine the pid for pod %q", p.UUID), err)
return 254
}
ccfg := stage0.CommonConfig{
DataDir: getDataDir(),
Store: s,
TreeStore: ts,
UUID: p.UUID,
Debug: globalFlags.Debug,
}
rktgid, err := common.LookupGid(common.RktGroup)
if err != nil {
stderr.Printf("group %q not found, will use default gid when rendering images", common.RktGroup)
rktgid = -1
}
cfg := stage0.AddConfig{
CommonConfig: &ccfg,
Image: *img,
Apps: &rktApps,
RktGid: rktgid,
UsesOverlay: p.UsesOverlay(),
PodPath: p.Path(),
PodPID: podPID,
}
if globalFlags.Debug {
stage0.InitDebug()
}
err = stage0.AddApp(cfg)
if err != nil {
stderr.PrintE("error adding app to pod", err)
return 254
}
return 0
}
func runRunPrepared(cmd *cobra.Command, args []string) (exit int) {
if len(args) != 1 {
cmd.Usage()
return 254
}
p, err := pkgPod.PodFromUUIDString(getDataDir(), args[0])
if err != nil {
stderr.PrintE("problem retrieving pod", err)
return 254
}
defer p.Close()
s, err := imagestore.NewStore(storeDir())
if err != nil {
stderr.PrintE("cannot open store", err)
return 254
}
ts, err := treestore.NewStore(treeStoreDir(), s)
if err != nil {
stderr.PrintE("cannot open treestore", err)
return 254
}
if p.State() != pkgPod.Prepared {
stderr.Printf("pod %q is not prepared", p.UUID)
return 254
}
_, manifest, err := p.PodManifest()
if err != nil {
stderr.PrintE("cannot read pod manifest", err)
return 254
}
if flagInteractive {
if len(manifest.Apps) > 1 {
stderr.Print("interactive option only supports pods with one app")
return 254
}
}
// Make sure we have a metadata service available before we move to
// run state so that the user can rerun the command without needing
// to prepare the image again.
if flagMDSRegister {
if err := stage0.CheckMdsAvailability(); err != nil {
stderr.Error(err)
return 254
}
}
if err := p.ToRun(); err != nil {
stderr.PrintE("cannot transition to run", err)
return 254
}
lfd, err := p.Fd()
if err != nil {
stderr.PrintE("unable to get lock fd", err)
return 254
}
rktgid, err := common.LookupGid(common.RktGroup)
if err != nil {
stderr.Printf("group %q not found, will use default gid when rendering images", common.RktGroup)
rktgid = -1
}
ovlOk := true
if err := common.PathSupportsOverlay(getDataDir()); err != nil {
if oerr, ok := err.(common.ErrOverlayUnsupported); ok {
stderr.Printf("disabling overlay support: %q", oerr.Error())
ovlOk = false
} else {
stderr.PrintE("error determining overlay support", err)
return 254
}
}
ovlPrep := p.UsesOverlay()
// should not happen, maybe the data directory moved from an overlay-enabled fs to another location
// between prepare and run-prepared
if ovlPrep && !ovlOk {
stderr.Print("unable to run prepared overlay-enabled pod: overlay not supported")
return 254
}
DNSConfMode, DNSConfig, HostsEntries, err := parseDNSFlags(flagHostsEntries, flagDNS, flagDNSSearch, flagDNSOpt, flagDNSDomain)
if err != nil {
stderr.PrintE("error with dns flags", err)
return 254
}
rcfg := stage0.RunConfig{
CommonConfig: &stage0.CommonConfig{
DataDir: getDataDir(),
Store: s,
TreeStore: ts,
UUID: p.UUID,
Debug: globalFlags.Debug,
},
Net: flagNet,
LockFd: lfd,
Interactive: flagInteractive,
DNSConfMode: DNSConfMode,
DNSConfig: DNSConfig,
HostsEntries: *HostsEntries,
MDSRegister: flagMDSRegister,
Apps: manifest.Apps,
RktGid: rktgid,
Hostname: flagHostname,
InsecureCapabilities: globalFlags.InsecureFlags.SkipCapabilities(),
InsecurePaths: globalFlags.InsecureFlags.SkipPaths(),
InsecureSeccomp: globalFlags.InsecureFlags.SkipSeccomp(),
UseOverlay: ovlPrep && ovlOk,
}
if globalFlags.Debug {
stage0.InitDebug()
}
stage0.Run(rcfg, p.Path(), getDataDir()) // execs, never returns
return 254
}
func runFetch(cmd *cobra.Command, args []string) (exit int) {
if err := parseApps(&rktApps, args, cmd.Flags(), false); err != nil {
stderr.PrintE("unable to parse arguments", err)
return 254
}
if rktApps.Count() < 1 {
stderr.Print("must provide at least one image")
return 254
}
if flagStoreOnly && flagNoStore {
stderr.Print("both --store-only and --no-store specified")
return 254
}
s, err := imagestore.NewStore(storeDir())
if err != nil {
stderr.PrintE("cannot open store", err)
return 254
}
ts, err := treestore.NewStore(treeStoreDir(), s)
if err != nil {
stderr.PrintE("cannot open treestore", err)
return 254
}
ks := getKeystore()
config, err := getConfig()
if err != nil {
stderr.PrintE("cannot get configuration", err)
return 254
}
ft := &image.Fetcher{
S: s,
Ts: ts,
Ks: ks,
Headers: config.AuthPerHost,
DockerAuth: config.DockerCredentialsPerRegistry,
InsecureFlags: globalFlags.InsecureFlags,
Debug: globalFlags.Debug,
TrustKeysFromHTTPS: globalFlags.TrustKeysFromHTTPS,
StoreOnly: flagStoreOnly,
NoStore: flagNoStore,
WithDeps: true,
}
err = rktApps.Walk(func(app *apps.App) error {
hash, err := ft.FetchImage(app.Image, app.Asc, app.ImType)
if err != nil {
return err
}
if !flagFullHash {
hash = types.ShortHash(hash)
}
stdout.Print(hash)
return nil
})
if err != nil {
stderr.Error(err)
return 254
}
return
}
func runEnter(cmd *cobra.Command, args []string) (exit int) {
if len(args) < 1 {
cmd.Usage()
return 254
}
p, err := pkgPod.PodFromUUIDString(getDataDir(), args[0])
if err != nil {
stderr.PrintE("problem retrieving pod", err)
return 254
}
defer p.Close()
if p.State() != pkgPod.Running {
stderr.Printf("pod %q isn't currently running", p.UUID)
return 254
}
podPID, err := p.ContainerPid1()
if err != nil {
stderr.PrintE(fmt.Sprintf("unable to determine the pid for pod %q", p.UUID), err)
return 254
}
appName, err := getAppName(p)
if err != nil {
stderr.PrintE("unable to determine app name", err)
return 254
}
argv, err := getEnterArgv(p, args)
if err != nil {
stderr.PrintE("enter failed", err)
return 254
}
s, err := imagestore.NewStore(storeDir())
if err != nil {
stderr.PrintE("cannot open store", err)
return 254
}
ts, err := treestore.NewStore(treeStoreDir(), s)
if err != nil {
stderr.PrintE("cannot open store", err)
return 254
}
stage1TreeStoreID, err := p.GetStage1TreeStoreID()
if err != nil {
stderr.PrintE("error getting stage1 treeStoreID", err)
return 254
}
stage1RootFS := ts.GetRootFS(stage1TreeStoreID)
if err = stage0.Enter(p.Path(), podPID, *appName, stage1RootFS, argv); err != nil {
stderr.PrintE("enter failed", err)
return 254
}
// not reached when stage0.Enter execs /enter
return 0
}
func runAppSandbox(cmd *cobra.Command, args []string) int {
s, err := imagestore.NewStore(storeDir())
if err != nil {
stderr.PrintE("cannot open store", err)
return 1
}
ts, err := treestore.NewStore(treeStoreDir(), s)
if err != nil {
stderr.PrintE("cannot open treestore", err)
return 1
}
config, err := getConfig()
if err != nil {
stderr.PrintE("cannot get configuration", err)
return 1
}
s1img, err := getStage1Hash(s, ts, config)
if err != nil {
stderr.Error(err)
return 1
}
p, err := pod.NewPod(getDataDir())
if err != nil {
stderr.PrintE("error creating new pod", err)
return 1
}
if flagUUIDFileSave != "" {
if err := pod.WriteUUIDToFile(p.UUID, flagUUIDFileSave); err != nil {
stderr.PrintE("error saving pod UUID to file", err)
return 1
}
}
processLabel, mountLabel, err := label.InitLabels("/var/run/rkt/mcs", []string{})
if err != nil {
stderr.PrintE("error initialising SELinux", err)
return 1
}
p.MountLabel = mountLabel
cfg := stage0.CommonConfig{
DataDir: getDataDir(),
MountLabel: mountLabel,
ProcessLabel: processLabel,
Store: s,
TreeStore: ts,
Stage1Image: *s1img,
UUID: p.UUID,
Debug: globalFlags.Debug,
Mutable: true,
}
ovlOk := true
if err := common.PathSupportsOverlay(getDataDir()); err != nil {
if oerr, ok := err.(common.ErrOverlayUnsupported); ok {
stderr.Printf("disabling overlay support: %q", oerr.Error())
ovlOk = false
} else {
stderr.PrintE("error determining overlay support", err)
return 1
}
}
useOverlay := !flagNoOverlay && ovlOk
pcfg := stage0.PrepareConfig{
CommonConfig: &cfg,
UseOverlay: useOverlay,
PrivateUsers: user.NewBlankUidRange(),
SkipTreeStoreCheck: globalFlags.InsecureFlags.SkipOnDiskCheck(),
Apps: &rktApps,
Ports: []types.ExposedPort(flagAppPorts),
UserAnnotations: parseAnnotations(&flagAnnotations),
UserLabels: parseLabels(&flagLabels),
}
if globalFlags.Debug {
stage0.InitDebug()
}
keyLock, err := lock.SharedKeyLock(lockDir(), common.PrepareLock)
if err != nil {
stderr.PrintE("cannot get shared prepare lock", err)
return 1
}
err = stage0.Prepare(pcfg, p.Path(), p.UUID)
if err != nil {
stderr.PrintE("error setting up stage0", err)
keyLock.Close()
return 1
}
keyLock.Close()
// get the lock fd for run
lfd, err := p.Fd()
if err != nil {
stderr.PrintE("error getting pod lock fd", err)
return 1
}
// skip prepared by jumping directly to run, we own this pod
if err := p.ToRun(); err != nil {
stderr.PrintE("unable to transition to run", err)
return 1
}
rktgid, err := common.LookupGid(common.RktGroup)
if err != nil {
stderr.Printf("group %q not found, will use default gid when rendering images", common.RktGroup)
rktgid = -1
}
DNSConfMode, DNSConfig, HostsEntries, err := parseDNSFlags(flagHostsEntries, flagDNS, flagDNSSearch, flagDNSOpt, flagDNSDomain)
if err != nil {
stderr.PrintE("error with dns flags", err)
return 1
}
rcfg := stage0.RunConfig{
CommonConfig: &cfg,
Net: flagNet,
LockFd: lfd,
Interactive: true,
DNSConfMode: DNSConfMode,
DNSConfig: DNSConfig,
MDSRegister: false,
LocalConfig: globalFlags.LocalConfigDir,
RktGid: rktgid,
Hostname: flagHostname,
InsecureCapabilities: globalFlags.InsecureFlags.SkipCapabilities(),
InsecurePaths: globalFlags.InsecureFlags.SkipPaths(),
InsecureSeccomp: globalFlags.InsecureFlags.SkipSeccomp(),
UseOverlay: useOverlay,
HostsEntries: *HostsEntries,
}
_, manifest, err := p.PodManifest()
if err != nil {
stderr.PrintE("cannot get the pod manifest", err)
return 1
}
rcfg.Apps = manifest.Apps
stage0.Run(rcfg, p.Path(), getDataDir()) // execs, never returns
return 1
}
func runPrepare(cmd *cobra.Command, args []string) (exit int) {
var err error
origStdout := os.Stdout
privateUsers := user.NewBlankUidRange()
if flagQuiet {
if os.Stdout, err = os.Open("/dev/null"); err != nil {
stderr.PrintE("unable to open /dev/null", err)
return 254
}
}
if flagStoreOnly && flagNoStore {
stderr.Print("both --store-only and --no-store specified")
return 254
}
if flagPrivateUsers {
if !common.SupportsUserNS() {
stderr.Print("--private-users is not supported, kernel compiled without user namespace support")
return 254
}
privateUsers.SetRandomUidRange(user.DefaultRangeCount)
}
if err = parseApps(&rktApps, args, cmd.Flags(), true); err != nil {
stderr.PrintE("error parsing app image arguments", err)
return 254
}
if len(flagPodManifest) > 0 && (rktApps.Count() > 0 ||
(*appsVolume)(&rktApps).String() != "" || (*appMount)(&rktApps).String() != "" ||
len(flagPorts) > 0 || flagStoreOnly || flagNoStore ||
flagInheritEnv || !flagExplicitEnv.IsEmpty() || !flagEnvFromFile.IsEmpty()) {
stderr.Print("conflicting flags set with --pod-manifest (see --help)")
return 254
}
if rktApps.Count() < 1 && len(flagPodManifest) == 0 {
stderr.Print("must provide at least one image or specify the pod manifest")
return 254
}
s, err := imagestore.NewStore(storeDir())
if err != nil {
stderr.PrintE("cannot open store", err)
return 254
}
ts, err := treestore.NewStore(treeStoreDir(), s)
if err != nil {
stderr.PrintE("cannot open treestore", err)
return 254
}
config, err := getConfig()
if err != nil {
stderr.PrintE("cannot get configuration", err)
return 254
}
s1img, err := getStage1Hash(s, ts, config)
if err != nil {
stderr.Error(err)
return 254
}
fn := &image.Finder{
S: s,
Ts: ts,
Ks: getKeystore(),
Headers: config.AuthPerHost,
DockerAuth: config.DockerCredentialsPerRegistry,
InsecureFlags: globalFlags.InsecureFlags,
Debug: globalFlags.Debug,
TrustKeysFromHTTPS: globalFlags.TrustKeysFromHTTPS,
StoreOnly: flagStoreOnly,
NoStore: flagNoStore,
WithDeps: true,
}
if err := fn.FindImages(&rktApps); err != nil {
stderr.PrintE("error finding images", err)
return 254
}
p, err := pkgPod.NewPod(getDataDir())
if err != nil {
stderr.PrintE("error creating new pod", err)
return 254
}
cfg := stage0.CommonConfig{
DataDir: getDataDir(),
Store: s,
TreeStore: ts,
Stage1Image: *s1img,
UUID: p.UUID,
Debug: globalFlags.Debug,
}
ovlOk := true
if err := common.PathSupportsOverlay(getDataDir()); err != nil {
if oerr, ok := err.(common.ErrOverlayUnsupported); ok {
stderr.Printf("disabling overlay support: %q", oerr.Error())
ovlOk = false
} else {
stderr.PrintE("error determining overlay support", err)
return 254
}
}
pcfg := stage0.PrepareConfig{
CommonConfig: &cfg,
UseOverlay: !flagNoOverlay && ovlOk,
PrivateUsers: privateUsers,
SkipTreeStoreCheck: globalFlags.InsecureFlags.SkipOnDiskCheck(),
}
if len(flagPodManifest) > 0 {
pcfg.PodManifest = flagPodManifest
} else {
pcfg.Ports = []types.ExposedPort(flagPorts)
pcfg.InheritEnv = flagInheritEnv
pcfg.ExplicitEnv = flagExplicitEnv.Strings()
pcfg.EnvFromFile = flagEnvFromFile.Strings()
pcfg.Apps = &rktApps
}
if globalFlags.Debug {
stage0.InitDebug()
}
keyLock, err := lock.SharedKeyLock(lockDir(), common.PrepareLock)
if err != nil {
stderr.PrintE("cannot get shared prepare lock", err)
return 254
}
if err = stage0.Prepare(pcfg, p.Path(), p.UUID); err != nil {
stderr.PrintE("error setting up stage0", err)
keyLock.Close()
return 254
}
keyLock.Close()
if err := p.Sync(); err != nil {
stderr.PrintE("error syncing pod data", err)
return 254
}
if err := p.ToPrepared(); err != nil {
stderr.PrintE("error transitioning to prepared", err)
return 254
}
os.Stdout = origStdout // restore output in case of --quiet
stdout.Printf("%s", p.UUID.String())
return 0
}
func runRunPrepared(cmd *cobra.Command, args []string) (exit int) {
if len(args) != 1 {
cmd.Usage()
return 1
}
p, err := getPodFromUUIDString(args[0])
if err != nil {
stderr.PrintE("problem retrieving pod", err)
return 1
}
defer p.Close()
s, err := imagestore.NewStore(storeDir())
if err != nil {
stderr.PrintE("cannot open store", err)
return 1
}
ts, err := treestore.NewStore(treeStoreDir(), s)
if err != nil {
stderr.PrintE("cannot open treestore", err)
return 1
}
if !p.isPrepared {
stderr.Printf("pod %q is not prepared", p.uuid)
return 1
}
if flagInteractive {
ac, err := p.getAppCount()
if err != nil {
stderr.PrintE("cannot get pod's app count", err)
return 1
}
if ac > 1 {
stderr.Print("interactive option only supports pods with one app")
return 1
}
}
// Make sure we have a metadata service available before we move to
// run state so that the user can rerun the command without needing
// to prepare the image again.
if flagMDSRegister {
if err := stage0.CheckMdsAvailability(); err != nil {
stderr.Error(err)
return 1
}
}
if err := p.xToRun(); err != nil {
stderr.PrintE("cannot transition to run", err)
return 1
}
lfd, err := p.Fd()
if err != nil {
stderr.PrintE("unable to get lock fd", err)
return 1
}
apps, err := p.getApps()
if err != nil {
stderr.PrintE("unable to get app list", err)
return 1
}
rktgid, err := common.LookupGid(common.RktGroup)
if err != nil {
stderr.Printf("group %q not found, will use default gid when rendering images", common.RktGroup)
rktgid = -1
}
rcfg := stage0.RunConfig{
CommonConfig: &stage0.CommonConfig{
Store: s,
TreeStore: ts,
UUID: p.uuid,
Debug: globalFlags.Debug,
},
Net: flagNet,
LockFd: lfd,
Interactive: flagInteractive,
DNS: flagDNS,
DNSSearch: flagDNSSearch,
DNSOpt: flagDNSOpt,
MDSRegister: flagMDSRegister,
Apps: apps,
RktGid: rktgid,
Hostname: flagHostname,
}
if globalFlags.Debug {
stage0.InitDebug()
}
stage0.Run(rcfg, p.path(), getDataDir()) // execs, never returns
return 1
}
