2020-02-04 06:29:27 +00:00
/ *
Copyright 2019 The Kubernetes Authors All rights reserved .
Licensed under the Apache License , Version 2.0 ( the "License" ) ;
you may not use this file except in compliance with the License .
You may obtain a copy of the License at
http : //www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing , software
distributed under the License is distributed on an "AS IS" BASIS ,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND , either express or implied .
See the License for the specific language governing permissions and
limitations under the License .
* /
package provision
import (
"bytes"
"fmt"
"text/template"
"time"
"github.com/docker/machine/libmachine/auth"
"github.com/docker/machine/libmachine/drivers"
"github.com/docker/machine/libmachine/engine"
"github.com/docker/machine/libmachine/provision"
"github.com/docker/machine/libmachine/provision/pkgaction"
"github.com/docker/machine/libmachine/swarm"
2020-03-24 22:54:39 +00:00
"github.com/spf13/viper"
2020-09-29 22:49:41 +00:00
"k8s.io/klog/v2"
2020-03-24 22:54:39 +00:00
"k8s.io/minikube/pkg/minikube/config"
2020-02-04 06:29:27 +00:00
"k8s.io/minikube/pkg/util/retry"
)
// UbuntuProvisioner provisions the ubuntu
type UbuntuProvisioner struct {
BuildrootProvisioner
}
// NewUbuntuProvisioner creates a new UbuntuProvisioner
func NewUbuntuProvisioner ( d drivers . Driver ) provision . Provisioner {
return & UbuntuProvisioner {
BuildrootProvisioner {
2020-03-20 00:40:02 +00:00
NewSystemdProvisioner ( "ubuntu" , d ) ,
2020-03-24 22:54:39 +00:00
viper . GetString ( config . ProfileName ) ,
2020-02-04 06:29:27 +00:00
} ,
}
}
func ( p * UbuntuProvisioner ) String ( ) string {
return "ubuntu"
}
// CompatibleWithHost checks if provisioner is compatible with host
func ( p * UbuntuProvisioner ) CompatibleWithHost ( ) bool {
return p . OsReleaseInfo . ID == "ubuntu"
}
// GenerateDockerOptions generates the *provision.DockerOptions for this provisioner
func ( p * UbuntuProvisioner ) GenerateDockerOptions ( dockerPort int ) ( * provision . DockerOptions , error ) {
var engineCfg bytes . Buffer
drvLabel := fmt . Sprintf ( "provider=%s" , p . Driver . DriverName ( ) )
p . EngineOptions . Labels = append ( p . EngineOptions . Labels , drvLabel )
noPivot := true
// Using pivot_root is not supported on fstype rootfs
if fstype , err := rootFileSystemType ( p ) ; err == nil {
2020-09-29 22:49:41 +00:00
klog . Infof ( "root file system type: %s" , fstype )
2020-02-04 06:29:27 +00:00
noPivot = fstype == "rootfs"
}
engineConfigTmpl := ` [ Unit ]
Description = Docker Application Container Engine
Documentation = https : //docs.docker.com
BindsTo = containerd . service
After = network - online . target firewalld . service containerd . service
Wants = network - online . target
Requires = docker . socket
2021-02-08 23:32:28 +00:00
StartLimitBurst = 3
StartLimitIntervalSec = 60
2020-02-04 06:29:27 +00:00
[ Service ]
Type = notify
2020-11-24 23:13:56 +00:00
Restart = on - failure
2020-02-04 06:29:27 +00:00
`
if noPivot {
2020-09-29 22:49:41 +00:00
klog . Warning ( "Using fundamentally insecure --no-pivot option" )
2020-02-04 06:29:27 +00:00
engineConfigTmpl += `
# DOCKER_RAMDISK disables pivot_root in Docker , using MS_MOVE instead .
Environment = DOCKER_RAMDISK = yes
`
}
engineConfigTmpl += `
{ { range . EngineOptions . Env } } Environment = { { . } }
{ { end } }
# This file is a systemd drop - in unit that inherits from the base dockerd configuration .
# The base configuration already specifies an ' ExecStart = ... ' command . The first directive
# here is to clear out that command inherited from the base configuration . Without this ,
# the command from the base configuration and the command specified here are treated as
# a sequence of commands , which is not the desired behavior , nor is it valid -- systemd
# will catch this invalid input and refuse to start the service with an error like :
# Service has more than one ExecStart = setting , which is only allowed for Type = oneshot services .
# NOTE : default - ulimit = nofile is set to an arbitrary number for consistency with other
# container runtimes . If left unlimited , it may result in OOM issues with MySQL .
ExecStart =
2020-03-12 21:50:19 +00:00
ExecStart = / usr / bin / dockerd - H tcp : //0.0.0.0:2376 -H unix:///var/run/docker.sock --default-ulimit=nofile=1048576:1048576 --tlsverify --tlscacert {{.AuthOptions.CaCertRemotePath}} --tlscert {{.AuthOptions.ServerCertRemotePath}} --tlskey {{.AuthOptions.ServerKeyRemotePath}} {{ range .EngineOptions.Labels }}--label {{.}} {{ end }}{{ range .EngineOptions.InsecureRegistry }}--insecure-registry {{.}} {{ end }}{{ range .EngineOptions.RegistryMirror }}--registry-mirror {{.}} {{ end }}{{ range .EngineOptions.ArbitraryFlags }}--{{.}} {{ end }}
2020-12-23 01:00:23 +00:00
ExecReload = / bin / kill - s HUP \ $ MAINPID
2020-02-04 06:29:27 +00:00
# Having non - zero Limit * s causes performance problems due to accounting overhead
# in the kernel . We recommend using cgroups to do container - local accounting .
LimitNOFILE = infinity
LimitNPROC = infinity
LimitCORE = infinity
# Uncomment TasksMax if your systemd version supports it .
# Only systemd 226 and above support this version .
TasksMax = infinity
TimeoutStartSec = 0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate = yes
# kill only the docker process , not all processes in the cgroup
KillMode = process
[ Install ]
WantedBy = multi - user . target
`
t , err := template . New ( "engineConfig" ) . Parse ( engineConfigTmpl )
if err != nil {
return nil , err
}
engineConfigContext := provision . EngineConfigContext {
DockerPort : dockerPort ,
AuthOptions : p . AuthOptions ,
EngineOptions : p . EngineOptions ,
}
escapeSystemdDirectives ( & engineConfigContext )
if err := t . Execute ( & engineCfg , engineConfigContext ) ; err != nil {
return nil , err
}
2020-03-20 00:40:02 +00:00
do := & provision . DockerOptions {
2020-02-04 06:29:27 +00:00
EngineOptions : engineCfg . String ( ) ,
EngineOptionsPath : "/lib/systemd/system/docker.service" ,
}
2020-03-20 00:40:02 +00:00
return do , updateUnit ( p , "docker" , do . EngineOptions , do . EngineOptionsPath )
2020-02-04 06:29:27 +00:00
}
// Package installs a package
func ( p * UbuntuProvisioner ) Package ( name string , action pkgaction . PackageAction ) error {
return nil
}
// Provision does the provisioning
func ( p * UbuntuProvisioner ) Provision ( swarmOptions swarm . Options , authOptions auth . Options , engineOptions engine . Options ) error {
p . SwarmOptions = swarmOptions
p . AuthOptions = authOptions
p . EngineOptions = engineOptions
2020-09-29 22:49:41 +00:00
klog . Infof ( "provisioning hostname %q" , p . Driver . GetMachineName ( ) )
2020-02-04 06:29:27 +00:00
if err := p . SetHostname ( p . Driver . GetMachineName ( ) ) ; err != nil {
return err
}
p . AuthOptions = setRemoteAuthOptions ( p )
2020-09-29 22:49:41 +00:00
klog . Infof ( "set auth options %+v" , p . AuthOptions )
2020-02-04 06:29:27 +00:00
2020-09-29 22:49:41 +00:00
klog . Infof ( "setting up certificates" )
2020-02-04 06:29:27 +00:00
configAuth := func ( ) error {
if err := configureAuth ( p ) ; err != nil {
2020-09-29 22:49:41 +00:00
klog . Warningf ( "configureAuth failed: %v" , err )
2020-02-04 06:29:27 +00:00
return & retry . RetriableError { Err : err }
}
return nil
}
2020-04-16 22:14:59 +00:00
err := retry . Expo ( configAuth , 100 * time . Microsecond , 2 * time . Minute )
2020-03-20 00:40:02 +00:00
2020-02-04 06:29:27 +00:00
if err != nil {
2020-09-29 22:49:41 +00:00
klog . Infof ( "Error configuring auth during provisioning %v" , err )
2020-02-04 06:29:27 +00:00
return err
}
2020-09-29 22:49:41 +00:00
klog . Infof ( "setting minikube options for container-runtime" )
2020-03-24 23:10:20 +00:00
if err := setContainerRuntimeOptions ( p . clusterName , p ) ; err != nil {
2020-09-29 22:49:41 +00:00
klog . Infof ( "Error setting container-runtime options during provisioning %v" , err )
2020-02-04 06:29:27 +00:00
return err
}
return nil
}
