示例#1
0
文件: rkt.go 项目: nak3/rkt
func init() {
	sf, err := rktflag.NewSecFlags("none")
	if err != nil {
		fmt.Fprintf(os.Stderr, "rkt: problem initializing: %v", err)
		os.Exit(1)
	}

	globalFlags.InsecureFlags = sf

	cmdRkt.PersistentFlags().BoolVar(&globalFlags.Debug, "debug", false, "print out more debug information to stderr")
	cmdRkt.PersistentFlags().Var((*absDir)(&globalFlags.Dir), "dir", "rkt data directory")
	cmdRkt.PersistentFlags().Var((*absDir)(&globalFlags.SystemConfigDir), "system-config", "system configuration directory")
	cmdRkt.PersistentFlags().Var((*absDir)(&globalFlags.LocalConfigDir), "local-config", "local configuration directory")
	cmdRkt.PersistentFlags().Var((*absDir)(&globalFlags.UserConfigDir), "user-config", "user configuration directory")
	cmdRkt.PersistentFlags().Var(globalFlags.InsecureFlags, "insecure-options",
		fmt.Sprintf("comma-separated list of security features to disable. Allowed values: %s",
			globalFlags.InsecureFlags.PermissibleString()))
	cmdRkt.PersistentFlags().BoolVar(&globalFlags.TrustKeysFromHTTPS, "trust-keys-from-https",
		false, "automatically trust gpg keys fetched from https")
	cmdRkt.PersistentFlags().StringVar(&globalFlags.CPUProfile, "cpuprofile", "", "write CPU profile to the file")
	cmdRkt.PersistentFlags().MarkHidden("cpuprofile")
	cmdRkt.PersistentFlags().StringVar(&globalFlags.MemProfile, "memprofile", "", "write memory profile to the file")
	cmdRkt.PersistentFlags().MarkHidden("memprofile")

	// Run this before the execution of each subcommand to set up output
	cmdRkt.PersistentPreRun = func(cmd *cobra.Command, args []string) {
		stderr = log.New(os.Stderr, cmd.Name(), globalFlags.Debug)
		stdout = log.New(os.Stdout, "", false)
	}

	cobra.EnablePrefixMatching = true
}
示例#2
0
文件: networking.go 项目: nak3/rkt
// Setup creates a new networking namespace and executes network plugins to
// set up networking. It returns in the new pod namespace
func Setup(podRoot string, podID types.UUID, fps []ForwardedPort, netList common.NetList, localConfig, flavor string, debug bool) (*Networking, error) {

	stderr = log.New(os.Stderr, "networking", debug)

	if flavor == "kvm" {
		return kvmSetup(podRoot, podID, fps, netList, localConfig)
	}

	// Create namespace for Pod and write path to a file
	podNS, err := ns.NewNS()
	if err != nil {
		return nil, err
	}

	// TODO(jonboulle): currently podRoot is _always_ ".", and behaviour in other
	// circumstances is untested. This should be cleaned up.
	n := Networking{
		podEnv: podEnv{
			podRoot:      podRoot,
			podID:        podID,
			netsLoadList: netList,
			localConfig:  localConfig,
			podNS:        podNS,
		},
	}

	n.nets, err = n.loadNets()
	if err != nil {
		return nil, errwrap.Wrap(errors.New("error loading network definitions"), err)
	}

	if err := n.setupNets(n.nets); err != nil {
		return nil, err
	}

	if len(fps) > 0 {
		if err = n.enableDefaultLocalnetRouting(); err != nil {
			return nil, err
		}
		podIP, err := n.GetForwardableNetPodIP()
		if err != nil {
			return nil, err
		}
		if err := n.forwardPorts(fps, podIP); err != nil {
			n.unforwardPorts()
			return nil, err
		}
	}

	// Switch to the podNS
	if err := podNS.Set(); err != nil {
		return nil, err
	}

	if err = loUp(); err != nil {
		return nil, err
	}

	return &n, nil
}
示例#3
0
文件: networking.go 项目: linki/rkt
// Teardown cleans up a produced Networking object.
func (n *Networking) Teardown(flavor string, debug bool) {

	stderr = log.New(os.Stderr, "networking", debug)

	// Teardown everything in reverse order of setup.
	// This should be idempotent -- be tolerant of missing stuff

	if flavor == "kvm" {
		n.kvmTeardown()
		return
	}

	if err := n.enterHostNS(); err != nil {
		stderr.PrintE("error switching to host netns", err)
		return
	}

	if err := n.unforwardPorts(); err != nil {
		stderr.PrintE("error removing forwarded ports", err)
	}

	n.teardownNets(n.nets)

	if err := syscall.Unmount(n.podNSPath(), 0); err != nil {
		// if already unmounted, umount(2) returns EINVAL
		if !os.IsNotExist(err) && err != syscall.EINVAL {
			stderr.PrintE(fmt.Sprintf("error unmounting %q", n.podNSPath()), err)
		}
	}
}
示例#4
0
文件: networking.go 项目: linki/rkt
// Setup creates a new networking namespace and executes network plugins to
// set up networking. It returns in the new pod namespace
func Setup(podRoot string, podID types.UUID, fps []ForwardedPort, netList common.NetList, localConfig, flavor string, debug bool) (*Networking, error) {

	stderr = log.New(os.Stderr, "networking", debug)

	if flavor == "kvm" {
		return kvmSetup(podRoot, podID, fps, netList, localConfig)
	}

	// TODO(jonboulle): currently podRoot is _always_ ".", and behaviour in other
	// circumstances is untested. This should be cleaned up.
	n := Networking{
		podEnv: podEnv{
			podRoot:      podRoot,
			podID:        podID,
			netsLoadList: netList,
			localConfig:  localConfig,
		},
	}

	hostNS, podNS, err := basicNetNS()
	if err != nil {
		return nil, err
	}
	// we're in podNS!
	n.hostNS = hostNS

	nspath := n.podNSPath()

	if err = bindMountFile(selfNetNS, nspath); err != nil {
		return nil, err
	}

	defer func() {
		if err != nil {
			if err := syscall.Unmount(nspath, 0); err != nil {
				stderr.PrintE(fmt.Sprintf("error unmounting %q", nspath), err)
			}
		}
	}()

	n.nets, err = n.loadNets()
	if err != nil {
		return nil, errwrap.Wrap(errors.New("error loading network definitions"), err)
	}

	err = withNetNS(podNS, hostNS, func() error {
		if err := n.setupNets(n.nets); err != nil {
			return err
		}
		return n.forwardPorts(fps, n.GetDefaultIP())
	})
	if err != nil {
		return nil, err
	}

	return &n, nil
}
示例#5
0
文件: main.go 项目: hwinkel/rkt
func main() {
	flag.Parse()

	log = rktlog.New(os.Stderr, "gc", debug)
	if !debug {
		log.SetOutput(ioutil.Discard)
	}
	log.Printf("not doing anything since stage0 is cleaning up the mounts")
	return
}
示例#6
0
文件: init.go 项目: linki/rkt
func main() {
	flag.Parse()

	log = rktlog.New(os.Stderr, "stage1", debug)
	if !debug {
		log.SetOutput(ioutil.Discard)
	}

	// move code into stage1() helper so deferred fns get run
	os.Exit(stage1())
}
示例#7
0
文件: enter_kvm.go 项目: hwinkel/rkt
func init() {
	flag.BoolVar(&debug, "debug", false, "Run in debug mode")
	flag.StringVar(&podPid, "pid", "", "podPID")
	flag.StringVar(&appName, "appname", "", "application to use")

	log = rktlog.New(os.Stderr, "kvm", false)

	var err error
	if sshPath, err = exec.LookPath("ssh"); err != nil {
		log.FatalE("cannot find 'ssh' binary in PATH", err)
	}
}
示例#8
0
文件: gc.go 项目: sinfomicien/rkt
func main() {
	flag.Parse()

	log := rktlog.New(os.Stderr, "stage1 gc", debug)

	podID, err := types.NewUUID(flag.Arg(0))
	if err != nil {
		log.Fatal("UUID is missing or malformed")
	}

	if err := gcNetworking(podID); err != nil {
		log.FatalE("", err)
	}
}
示例#9
0
文件: networking.go 项目: nhlfr/rkt
// Teardown cleans up a produced Networking object.
func (n *Networking) Teardown(flavor string, debug bool) {

	stderr = log.New(os.Stderr, "networking", debug)
	debuglog = debug

	// Teardown everything in reverse order of setup.
	// This should be idempotent -- be tolerant of missing stuff

	if flavor == "kvm" {
		n.kvmTeardown()
		return
	}

	if err := n.unforwardPorts(); err != nil {
		stderr.PrintE("error removing forwarded ports", err)
	}

	podNS, err := n.podNSLoad()
	if err != nil {
		stderr.PrintE("error loading podNS", err)
	}
	if podNS != nil {
		defer func() {
			n.podNS.Close()

			if err := syscall.Unmount(n.podNS.Path(), unix.MNT_DETACH); err != nil {
				// if already unmounted, umount(2) returns EINVAL
				if !os.IsNotExist(err) && err != syscall.EINVAL {
					stderr.PrintE(fmt.Sprintf("error unmounting %q", n.podNS.Path()), err)
				}
			}

			if err := os.RemoveAll(n.podNS.Path()); err != nil {
				stderr.PrintE(fmt.Sprintf("failed to remove namespace %s", n.podNS.Path()), err)
			}
		}()
	}

	n.podNS = podNS
	n.teardownNets(n.nets)
}
示例#10
0
文件: log.go 项目: hwinkel/rkt
func init() {
	log = rktlog.New(os.Stderr, "kvm", false)
}
示例#11
0
// Test that we open the correct kinds of sockets
func TestOpenSocket(t *testing.T) {
	stderr = log.New(os.Stderr, "TestOpenSocket", globalFlags.Debug)
	// get a temp unix socket for us to play with
	tempdir, err := ioutil.TempDir("", "TestOpenSocket")
	if err != nil {
		t.Fatal(err)
	}
	defer os.RemoveAll(tempdir)

	l, err := net.Listen("unix", tempdir+"/sock")
	if err != nil {
		t.Fatal(err)
	}
	defer l.Close()
	lfd, err := l.(*net.UnixListener).File()
	if err != nil {
		t.Fatal(err)
	}
	defer lfd.Close()

	// Mock out the systemd FD function
	systemdFDs = func(x bool) []*os.File {
		return []*os.File{lfd}
	}

	// Test that we will open a systemd socket when asked for
	l1, err := openAPISockets()
	if err != nil {
		t.Fatal(err)
	}
	if len(l1) != 1 {
		t.Errorf("expected len(l1) = 1, got %d", len(l1))
	}

	// Test that we fail when --listen is passed with a systemd socket
	flagAPIServiceListenAddr = "localhost:0"
	_, err = openAPISockets()
	if err == nil {
		t.Error("openAPISockets() did not fail when passed systemd socket and --listen")
	}

	// Then, disable socket mode and ask it to open a random tcp server port
	systemdFDs = func(x bool) []*os.File {
		return nil
	}

	l2, err := openAPISockets()
	if err != nil {
		t.Fatal("failed to open socket", err)
	}

	for _, ll := range l2 {
		defer ll.Close()
	}

	if len(l2) != 1 {
		t.Errorf("expected len(l2) == 1, but got %d", len(l2))
	}

	switch l2[0].(type) {
	case *net.TCPListener:
	// ok
	default:
		t.Errorf("expected type=*net.TCPListener, got %T", l2[0])
	}
}
示例#12
0
文件: gc.go 项目: nhlfr/rkt
	"github.com/hashicorp/errwrap"

	"github.com/coreos/rkt/common"
	"github.com/coreos/rkt/common/cgroup"
	"github.com/coreos/rkt/common/cgroup/v1"
	"github.com/coreos/rkt/networking"
	rktlog "github.com/coreos/rkt/pkg/log"
)

const (
	cgroupFsPath = "/sys/fs/cgroup"
)

var (
	debug bool
	log   *rktlog.Logger = rktlog.New(os.Stderr, "stage1 gc", debug)
)

func init() {
	flag.BoolVar(&debug, "debug", false, "Run in debug mode")

	// this ensures that main runs only on main thread (thread group leader).
	// since namespace ops (unshare, setns) are done for a single thread, we
	// must ensure that the goroutine does not jump from OS thread to thread
	runtime.LockOSThread()
}

func main() {
	flag.Parse()

	podID, err := types.NewUUID(flag.Arg(0))
示例#13
0
文件: rkt_test.go 项目: nak3/rkt
func TestCalculateDataDir(t *testing.T) {
	// Used in calculateDataDir.
	// TODO(tmrts): Restructure this pkg, specifically by using dependency
	// injection, to eliminate these work-arounds.
	stderr = log.New(os.Stderr, "TestCalculateDataDir", globalFlags.Debug)

	_, err := getConfig()
	if err != nil {
		panic(fmt.Errorf("getConfig() got error %q", err))
	}

	if cachedConfig == nil {
		panic(fmt.Errorf("getConfig() should've set `cachedConfig`"))
	}

	dirFlag := cmdRkt.PersistentFlags().Lookup("dir")
	dirFlag.Changed = false
	defDirFlagVal := dirFlag.Value.String()
	defCfgDataDir := cachedConfig.Paths.DataDir

	resetConfigState := func() {
		cmdRkt.PersistentFlags().Set("dir", defDirFlagVal)
		dirFlag.Changed = false

		cachedConfig.Paths.DataDir = defCfgDataDir
	}

	tmpDir, err := ioutil.TempDir("", "")
	if err != nil {
		panic(fmt.Errorf("ioutil.TempDir(%q, %q) got error %q", "", "", err))
	}
	defer os.Remove(tmpDir)

	// TODO(tmrts): Write a utility function that generates unused random paths.
	// Example signature would be fileutils.GenerateUniquePath(prefix string) (string, error).
	nonExistantDir, err := ioutil.TempDir("", "non-existant-")
	if err != nil {
		panic(fmt.Errorf("ioutil.TempDir(%q, %q) got error %q", "", "", err))
	}
	if err := os.Remove(nonExistantDir); err != nil {
		panic(fmt.Errorf("os.Remove(%q) got error %q", nonExistantDir, err))
	}

	testCases := []struct {
		flagDataDir   string
		configDataDir string
		out           string
	}{
		{"", "", defaultDataDir},
		{"", tmpDir, tmpDir},
		{tmpDir, "", tmpDir},
		{nonExistantDir, "", nonExistantDir},
		{"", nonExistantDir, nonExistantDir},
	}

	for _, tc := range testCases {
		cmdRkt.PersistentFlags().Set("dir", tc.flagDataDir)

		cachedConfig.Paths.DataDir = tc.configDataDir

		realDataDir, err := filepath.EvalSymlinks(tc.out)
		if err != nil {
			if os.IsNotExist(err) {
				realDataDir = tc.out
			} else {
				panic(fmt.Errorf("filepath.EvalSymlinks(%q) got error %q", tc.out, err))
			}
		}

		if dataDir := calculateDataDir(); dataDir != realDataDir {
			t.Errorf("main.calculateDataDir() with setup %q, expected %q, got %q", tc, realDataDir, dataDir)
		}

		resetConfigState()
	}
}
示例#14
0
文件: log.go 项目: hwinkel/rkt
func init() {
	log = rktlog.New(os.Stderr, "stage1", false)
}
示例#15
0
文件: pubkey.go 项目: hwinkel/rkt
type AcceptOption int
type OverrideOption int

const (
	AcceptForce AcceptOption = iota
	AcceptAsk
)

const (
	OverrideAllow OverrideOption = iota
	OverrideDeny
)

var log *rktlog.Logger
var stdout *rktlog.Logger = rktlog.New(os.Stdout, "", false)

func ensureLogger(debug bool) {
	if log == nil {
		log = rktlog.New(os.Stderr, "pubkey", debug)
	}
}

// GetPubKeyLocations discovers one location at prefix
func (m *Manager) GetPubKeyLocations(prefix string) ([]string, error) {
	ensureLogger(m.Debug)
	if prefix == "" {
		return nil, fmt.Errorf("empty prefix")
	}

	kls, err := m.metaDiscoverPubKeyLocations(prefix)
示例#16
0
文件: pubkey.go 项目: hwinkel/rkt
func ensureLogger(debug bool) {
	if log == nil {
		log = rktlog.New(os.Stderr, "pubkey", debug)
	}
}
示例#17
0
文件: main.go 项目: sinfomicien/rkt
func main() {
	log = rktlog.New(os.Stderr, "enter", false)
	log.Printf("not doing anything here! (%+v)", os.Args)
	return
}