func init() {
sf, err := rktflag.NewSecFlags("none")
if err != nil {
fmt.Fprintf(os.Stderr, "rkt: problem initializing: %v", err)
os.Exit(1)
}
globalFlags.InsecureFlags = sf
cmdRkt.PersistentFlags().BoolVar(&globalFlags.Debug, "debug", false, "print out more debug information to stderr")
cmdRkt.PersistentFlags().Var((*absDir)(&globalFlags.Dir), "dir", "rkt data directory")
cmdRkt.PersistentFlags().Var((*absDir)(&globalFlags.SystemConfigDir), "system-config", "system configuration directory")
cmdRkt.PersistentFlags().Var((*absDir)(&globalFlags.LocalConfigDir), "local-config", "local configuration directory")
cmdRkt.PersistentFlags().Var((*absDir)(&globalFlags.UserConfigDir), "user-config", "user configuration directory")
cmdRkt.PersistentFlags().Var(globalFlags.InsecureFlags, "insecure-options",
fmt.Sprintf("comma-separated list of security features to disable. Allowed values: %s",
globalFlags.InsecureFlags.PermissibleString()))
cmdRkt.PersistentFlags().BoolVar(&globalFlags.TrustKeysFromHTTPS, "trust-keys-from-https",
false, "automatically trust gpg keys fetched from https")
cmdRkt.PersistentFlags().StringVar(&globalFlags.CPUProfile, "cpuprofile", "", "write CPU profile to the file")
cmdRkt.PersistentFlags().MarkHidden("cpuprofile")
cmdRkt.PersistentFlags().StringVar(&globalFlags.MemProfile, "memprofile", "", "write memory profile to the file")
cmdRkt.PersistentFlags().MarkHidden("memprofile")
// Run this before the execution of each subcommand to set up output
cmdRkt.PersistentPreRun = func(cmd *cobra.Command, args []string) {
stderr = log.New(os.Stderr, cmd.Name(), globalFlags.Debug)
stdout = log.New(os.Stdout, "", false)
}
cobra.EnablePrefixMatching = true
}
// Setup creates a new networking namespace and executes network plugins to
// set up networking. It returns in the new pod namespace
func Setup(podRoot string, podID types.UUID, fps []ForwardedPort, netList common.NetList, localConfig, flavor string, debug bool) (*Networking, error) {
stderr = log.New(os.Stderr, "networking", debug)
if flavor == "kvm" {
return kvmSetup(podRoot, podID, fps, netList, localConfig)
}
// Create namespace for Pod and write path to a file
podNS, err := ns.NewNS()
if err != nil {
return nil, err
}
// TODO(jonboulle): currently podRoot is _always_ ".", and behaviour in other
// circumstances is untested. This should be cleaned up.
n := Networking{
podEnv: podEnv{
podRoot: podRoot,
podID: podID,
netsLoadList: netList,
localConfig: localConfig,
podNS: podNS,
},
}
n.nets, err = n.loadNets()
if err != nil {
return nil, errwrap.Wrap(errors.New("error loading network definitions"), err)
}
if err := n.setupNets(n.nets); err != nil {
return nil, err
}
if len(fps) > 0 {
if err = n.enableDefaultLocalnetRouting(); err != nil {
return nil, err
}
podIP, err := n.GetForwardableNetPodIP()
if err != nil {
return nil, err
}
if err := n.forwardPorts(fps, podIP); err != nil {
n.unforwardPorts()
return nil, err
}
}
// Switch to the podNS
if err := podNS.Set(); err != nil {
return nil, err
}
if err = loUp(); err != nil {
return nil, err
}
return &n, nil
}
// Teardown cleans up a produced Networking object.
func (n *Networking) Teardown(flavor string, debug bool) {
stderr = log.New(os.Stderr, "networking", debug)
// Teardown everything in reverse order of setup.
// This should be idempotent -- be tolerant of missing stuff
if flavor == "kvm" {
n.kvmTeardown()
return
}
if err := n.enterHostNS(); err != nil {
stderr.PrintE("error switching to host netns", err)
return
}
if err := n.unforwardPorts(); err != nil {
stderr.PrintE("error removing forwarded ports", err)
}
n.teardownNets(n.nets)
if err := syscall.Unmount(n.podNSPath(), 0); err != nil {
// if already unmounted, umount(2) returns EINVAL
if !os.IsNotExist(err) && err != syscall.EINVAL {
stderr.PrintE(fmt.Sprintf("error unmounting %q", n.podNSPath()), err)
}
}
}
// Setup creates a new networking namespace and executes network plugins to
// set up networking. It returns in the new pod namespace
func Setup(podRoot string, podID types.UUID, fps []ForwardedPort, netList common.NetList, localConfig, flavor string, debug bool) (*Networking, error) {
stderr = log.New(os.Stderr, "networking", debug)
if flavor == "kvm" {
return kvmSetup(podRoot, podID, fps, netList, localConfig)
}
// TODO(jonboulle): currently podRoot is _always_ ".", and behaviour in other
// circumstances is untested. This should be cleaned up.
n := Networking{
podEnv: podEnv{
podRoot: podRoot,
podID: podID,
netsLoadList: netList,
localConfig: localConfig,
},
}
hostNS, podNS, err := basicNetNS()
if err != nil {
return nil, err
}
// we're in podNS!
n.hostNS = hostNS
nspath := n.podNSPath()
if err = bindMountFile(selfNetNS, nspath); err != nil {
return nil, err
}
defer func() {
if err != nil {
if err := syscall.Unmount(nspath, 0); err != nil {
stderr.PrintE(fmt.Sprintf("error unmounting %q", nspath), err)
}
}
}()
n.nets, err = n.loadNets()
if err != nil {
return nil, errwrap.Wrap(errors.New("error loading network definitions"), err)
}
err = withNetNS(podNS, hostNS, func() error {
if err := n.setupNets(n.nets); err != nil {
return err
}
return n.forwardPorts(fps, n.GetDefaultIP())
})
if err != nil {
return nil, err
}
return &n, nil
}
func main() {
flag.Parse()
log = rktlog.New(os.Stderr, "gc", debug)
if !debug {
log.SetOutput(ioutil.Discard)
}
log.Printf("not doing anything since stage0 is cleaning up the mounts")
return
}
func main() {
flag.Parse()
log = rktlog.New(os.Stderr, "stage1", debug)
if !debug {
log.SetOutput(ioutil.Discard)
}
// move code into stage1() helper so deferred fns get run
os.Exit(stage1())
}
func init() {
flag.BoolVar(&debug, "debug", false, "Run in debug mode")
flag.StringVar(&podPid, "pid", "", "podPID")
flag.StringVar(&appName, "appname", "", "application to use")
log = rktlog.New(os.Stderr, "kvm", false)
var err error
if sshPath, err = exec.LookPath("ssh"); err != nil {
log.FatalE("cannot find 'ssh' binary in PATH", err)
}
}
func main() {
flag.Parse()
log := rktlog.New(os.Stderr, "stage1 gc", debug)
podID, err := types.NewUUID(flag.Arg(0))
if err != nil {
log.Fatal("UUID is missing or malformed")
}
if err := gcNetworking(podID); err != nil {
log.FatalE("", err)
}
}
// Teardown cleans up a produced Networking object.
func (n *Networking) Teardown(flavor string, debug bool) {
stderr = log.New(os.Stderr, "networking", debug)
debuglog = debug
// Teardown everything in reverse order of setup.
// This should be idempotent -- be tolerant of missing stuff
if flavor == "kvm" {
n.kvmTeardown()
return
}
if err := n.unforwardPorts(); err != nil {
stderr.PrintE("error removing forwarded ports", err)
}
podNS, err := n.podNSLoad()
if err != nil {
stderr.PrintE("error loading podNS", err)
}
if podNS != nil {
defer func() {
n.podNS.Close()
if err := syscall.Unmount(n.podNS.Path(), unix.MNT_DETACH); err != nil {
// if already unmounted, umount(2) returns EINVAL
if !os.IsNotExist(err) && err != syscall.EINVAL {
stderr.PrintE(fmt.Sprintf("error unmounting %q", n.podNS.Path()), err)
}
}
if err := os.RemoveAll(n.podNS.Path()); err != nil {
stderr.PrintE(fmt.Sprintf("failed to remove namespace %s", n.podNS.Path()), err)
}
}()
}
n.podNS = podNS
n.teardownNets(n.nets)
}
func init() {
log = rktlog.New(os.Stderr, "kvm", false)
}
// Test that we open the correct kinds of sockets
func TestOpenSocket(t *testing.T) {
stderr = log.New(os.Stderr, "TestOpenSocket", globalFlags.Debug)
// get a temp unix socket for us to play with
tempdir, err := ioutil.TempDir("", "TestOpenSocket")
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(tempdir)
l, err := net.Listen("unix", tempdir+"/sock")
if err != nil {
t.Fatal(err)
}
defer l.Close()
lfd, err := l.(*net.UnixListener).File()
if err != nil {
t.Fatal(err)
}
defer lfd.Close()
// Mock out the systemd FD function
systemdFDs = func(x bool) []*os.File {
return []*os.File{lfd}
}
// Test that we will open a systemd socket when asked for
l1, err := openAPISockets()
if err != nil {
t.Fatal(err)
}
if len(l1) != 1 {
t.Errorf("expected len(l1) = 1, got %d", len(l1))
}
// Test that we fail when --listen is passed with a systemd socket
flagAPIServiceListenAddr = "localhost:0"
_, err = openAPISockets()
if err == nil {
t.Error("openAPISockets() did not fail when passed systemd socket and --listen")
}
// Then, disable socket mode and ask it to open a random tcp server port
systemdFDs = func(x bool) []*os.File {
return nil
}
l2, err := openAPISockets()
if err != nil {
t.Fatal("failed to open socket", err)
}
for _, ll := range l2 {
defer ll.Close()
}
if len(l2) != 1 {
t.Errorf("expected len(l2) == 1, but got %d", len(l2))
}
switch l2[0].(type) {
case *net.TCPListener:
// ok
default:
t.Errorf("expected type=*net.TCPListener, got %T", l2[0])
}
}
"github.com/hashicorp/errwrap"
"github.com/coreos/rkt/common"
"github.com/coreos/rkt/common/cgroup"
"github.com/coreos/rkt/common/cgroup/v1"
"github.com/coreos/rkt/networking"
rktlog "github.com/coreos/rkt/pkg/log"
)
const (
cgroupFsPath = "/sys/fs/cgroup"
)
var (
debug bool
log *rktlog.Logger = rktlog.New(os.Stderr, "stage1 gc", debug)
)
func init() {
flag.BoolVar(&debug, "debug", false, "Run in debug mode")
// this ensures that main runs only on main thread (thread group leader).
// since namespace ops (unshare, setns) are done for a single thread, we
// must ensure that the goroutine does not jump from OS thread to thread
runtime.LockOSThread()
}
func main() {
flag.Parse()
podID, err := types.NewUUID(flag.Arg(0))
func TestCalculateDataDir(t *testing.T) {
// Used in calculateDataDir.
// TODO(tmrts): Restructure this pkg, specifically by using dependency
// injection, to eliminate these work-arounds.
stderr = log.New(os.Stderr, "TestCalculateDataDir", globalFlags.Debug)
_, err := getConfig()
if err != nil {
panic(fmt.Errorf("getConfig() got error %q", err))
}
if cachedConfig == nil {
panic(fmt.Errorf("getConfig() should've set `cachedConfig`"))
}
dirFlag := cmdRkt.PersistentFlags().Lookup("dir")
dirFlag.Changed = false
defDirFlagVal := dirFlag.Value.String()
defCfgDataDir := cachedConfig.Paths.DataDir
resetConfigState := func() {
cmdRkt.PersistentFlags().Set("dir", defDirFlagVal)
dirFlag.Changed = false
cachedConfig.Paths.DataDir = defCfgDataDir
}
tmpDir, err := ioutil.TempDir("", "")
if err != nil {
panic(fmt.Errorf("ioutil.TempDir(%q, %q) got error %q", "", "", err))
}
defer os.Remove(tmpDir)
// TODO(tmrts): Write a utility function that generates unused random paths.
// Example signature would be fileutils.GenerateUniquePath(prefix string) (string, error).
nonExistantDir, err := ioutil.TempDir("", "non-existant-")
if err != nil {
panic(fmt.Errorf("ioutil.TempDir(%q, %q) got error %q", "", "", err))
}
if err := os.Remove(nonExistantDir); err != nil {
panic(fmt.Errorf("os.Remove(%q) got error %q", nonExistantDir, err))
}
testCases := []struct {
flagDataDir string
configDataDir string
out string
}{
{"", "", defaultDataDir},
{"", tmpDir, tmpDir},
{tmpDir, "", tmpDir},
{nonExistantDir, "", nonExistantDir},
{"", nonExistantDir, nonExistantDir},
}
for _, tc := range testCases {
cmdRkt.PersistentFlags().Set("dir", tc.flagDataDir)
cachedConfig.Paths.DataDir = tc.configDataDir
realDataDir, err := filepath.EvalSymlinks(tc.out)
if err != nil {
if os.IsNotExist(err) {
realDataDir = tc.out
} else {
panic(fmt.Errorf("filepath.EvalSymlinks(%q) got error %q", tc.out, err))
}
}
if dataDir := calculateDataDir(); dataDir != realDataDir {
t.Errorf("main.calculateDataDir() with setup %q, expected %q, got %q", tc, realDataDir, dataDir)
}
resetConfigState()
}
}
func init() {
log = rktlog.New(os.Stderr, "stage1", false)
}
type AcceptOption int
type OverrideOption int
const (
AcceptForce AcceptOption = iota
AcceptAsk
)
const (
OverrideAllow OverrideOption = iota
OverrideDeny
)
var log *rktlog.Logger
var stdout *rktlog.Logger = rktlog.New(os.Stdout, "", false)
func ensureLogger(debug bool) {
if log == nil {
log = rktlog.New(os.Stderr, "pubkey", debug)
}
}
// GetPubKeyLocations discovers one location at prefix
func (m *Manager) GetPubKeyLocations(prefix string) ([]string, error) {
ensureLogger(m.Debug)
if prefix == "" {
return nil, fmt.Errorf("empty prefix")
}
kls, err := m.metaDiscoverPubKeyLocations(prefix)
func ensureLogger(debug bool) {
if log == nil {
log = rktlog.New(os.Stderr, "pubkey", debug)
}
}
func main() {
log = rktlog.New(os.Stderr, "enter", false)
log.Printf("not doing anything here! (%+v)", os.Args)
return
}