improve update alternative
parent
f8406b6f02
commit
d9deec2954
|
@ -17,30 +17,50 @@
|
||||||
set -o errexit
|
set -o errexit
|
||||||
set -o nounset
|
set -o nounset
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
|
set -x
|
||||||
|
|
||||||
|
update-alternatives() {
|
||||||
|
echo "retryable update-alternatives: $*"
|
||||||
|
local args=$*
|
||||||
|
|
||||||
|
for i in $(seq 0 15); do
|
||||||
|
/usr/bin/update-alternatives $args && return || echo "update-alternatives $args failed (retry $i)"
|
||||||
|
|
||||||
|
echo "update-alternatives diagnostics information below:"
|
||||||
|
mount
|
||||||
|
df -h /var
|
||||||
|
find /var/lib/dpkg
|
||||||
|
dmesg | tail
|
||||||
|
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
|
||||||
|
exit 30
|
||||||
|
}
|
||||||
|
|
||||||
fix_mount() {
|
fix_mount() {
|
||||||
echo 'INFO: ensuring we can execute /bin/mount even with userns-remap'
|
echo 'INFO: ensuring we can execute mount/umount even with userns-remap'
|
||||||
# necessary only when userns-remap is enabled on the host, but harmless
|
# necessary only when userns-remap is enabled on the host, but harmless
|
||||||
# The binary /bin/mount should be owned by root and have the setuid bit
|
# The binary /bin/mount should be owned by root and have the setuid bit
|
||||||
chown root:root /bin/mount
|
chown root:root "$(which mount)" "$(which umount)"
|
||||||
chmod -s /bin/mount
|
chmod -s "$(which mount)" "$(which umount)"
|
||||||
|
|
||||||
# This is a workaround to an AUFS bug that might cause `Text file
|
# This is a workaround to an AUFS bug that might cause `Text file
|
||||||
# busy` on `mount` command below. See more details in
|
# busy` on `mount` command below. See more details in
|
||||||
# https://github.com/moby/moby/issues/9547
|
# https://github.com/moby/moby/issues/9547
|
||||||
if [[ "$(stat -f -c %T /bin/mount)" == 'aufs' ]]; then
|
if [[ "$(stat -f -c %T /bin/mount)" == 'aufs' ]]; then
|
||||||
echo 'INFO: detected aufs, calling sync'
|
echo 'INFO: detected aufs, calling sync' >&2
|
||||||
sync
|
sync
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo 'INFO: remounting /sys read-only'
|
echo 'INFO: remounting /sys read-only'
|
||||||
# systemd-in-a-container should have read only /sys
|
# systemd-in-a-container should have read only /sys
|
||||||
# https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
|
# https://systemd.io/CONTAINER_INTERFACE/
|
||||||
# however, we need other things from `docker run --privileged` ...
|
# however, we need other things from `docker run --privileged` ...
|
||||||
# and this flag also happens to make /sys rw, amongst other things
|
# and this flag also happens to make /sys rw, amongst other things
|
||||||
mount -o remount,ro /sys
|
mount -o remount,ro /sys
|
||||||
|
|
||||||
echo 'INFO: making mounts shared'
|
echo 'INFO: making mounts shared' >&2
|
||||||
# for mount propagation
|
# for mount propagation
|
||||||
mount --make-rshared /
|
mount --make-rshared /
|
||||||
}
|
}
|
||||||
|
@ -70,13 +90,25 @@ fix_cgroup() {
|
||||||
mount --bind "${subsystem}" "${subsystem}${docker_cgroup}"
|
mount --bind "${subsystem}" "${subsystem}${docker_cgroup}"
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
local podman_cgroup_mounts
|
||||||
|
podman_cgroup_mounts=$(grep /sys/fs/cgroup /proc/self/mountinfo | grep libpod_parent || true)
|
||||||
|
if [[ -n "${podman_cgroup_mounts}" ]]; then
|
||||||
|
local podman_cgroup cgroup_subsystems subsystem
|
||||||
|
podman_cgroup=$(echo "${podman_cgroup_mounts}" | head -n 1 | cut -d' ' -f 4)
|
||||||
|
cgroup_subsystems=$(echo "${podman_cgroup_mounts}" | cut -d' ' -f 5)
|
||||||
|
echo "${cgroup_subsystems}" |
|
||||||
|
while IFS= read -r subsystem; do
|
||||||
|
mkdir -p "${subsystem}${podman_cgroup}"
|
||||||
|
mount --bind "${subsystem}" "${subsystem}${podman_cgroup}"
|
||||||
|
done
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
fix_machine_id() {
|
fix_machine_id() {
|
||||||
# Deletes the machine-id embedded in the node image and generates a new one.
|
# Deletes the machine-id embedded in the node image and generates a new one.
|
||||||
# This is necessary because both kubelet and other components like weave net
|
# This is necessary because both kubelet and other components like weave net
|
||||||
# use machine-id internally to distinguish nodes.
|
# use machine-id internally to distinguish nodes.
|
||||||
echo 'INFO: clearing and regenerating /etc/machine-id'
|
echo 'INFO: clearing and regenerating /etc/machine-id' >&2
|
||||||
rm -f /etc/machine-id
|
rm -f /etc/machine-id
|
||||||
systemd-machine-id-setup
|
systemd-machine-id-setup
|
||||||
}
|
}
|
||||||
|
@ -85,7 +117,7 @@ fix_product_name() {
|
||||||
# this is a small fix to hide the underlying hardware and fix issue #426
|
# this is a small fix to hide the underlying hardware and fix issue #426
|
||||||
# https://github.com/kubernetes-sigs/kind/issues/426
|
# https://github.com/kubernetes-sigs/kind/issues/426
|
||||||
if [[ -f /sys/class/dmi/id/product_name ]]; then
|
if [[ -f /sys/class/dmi/id/product_name ]]; then
|
||||||
echo 'INFO: faking /sys/class/dmi/id/product_name to be "kind"'
|
echo 'INFO: faking /sys/class/dmi/id/product_name to be "kind"' >&2
|
||||||
echo 'kind' > /kind/product_name
|
echo 'kind' > /kind/product_name
|
||||||
mount -o ro,bind /kind/product_name /sys/class/dmi/id/product_name
|
mount -o ro,bind /kind/product_name /sys/class/dmi/id/product_name
|
||||||
fi
|
fi
|
||||||
|
@ -101,11 +133,11 @@ fix_product_uuid() {
|
||||||
# https://github.com/kubernetes-sigs/kind/issues/1027
|
# https://github.com/kubernetes-sigs/kind/issues/1027
|
||||||
[[ ! -f /kind/product_uuid ]] && cat /proc/sys/kernel/random/uuid > /kind/product_uuid
|
[[ ! -f /kind/product_uuid ]] && cat /proc/sys/kernel/random/uuid > /kind/product_uuid
|
||||||
if [[ -f /sys/class/dmi/id/product_uuid ]]; then
|
if [[ -f /sys/class/dmi/id/product_uuid ]]; then
|
||||||
echo 'INFO: faking /sys/class/dmi/id/product_uuid to be random'
|
echo 'INFO: faking /sys/class/dmi/id/product_uuid to be random' >&2
|
||||||
mount -o ro,bind /kind/product_uuid /sys/class/dmi/id/product_uuid
|
mount -o ro,bind /kind/product_uuid /sys/class/dmi/id/product_uuid
|
||||||
fi
|
fi
|
||||||
if [[ -f /sys/devices/virtual/dmi/id/product_uuid ]]; then
|
if [[ -f /sys/devices/virtual/dmi/id/product_uuid ]]; then
|
||||||
echo 'INFO: faking /sys/devices/virtual/dmi/id/product_uuid as well'
|
echo 'INFO: faking /sys/devices/virtual/dmi/id/product_uuid as well' >&2
|
||||||
mount -o ro,bind /kind/product_uuid /sys/devices/virtual/dmi/id/product_uuid
|
mount -o ro,bind /kind/product_uuid /sys/devices/virtual/dmi/id/product_uuid
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -149,7 +181,7 @@ select_iptables() {
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "INFO: setting iptables to detected mode: ${mode}"
|
echo "INFO: setting iptables to detected mode: ${mode}" >&2
|
||||||
update-alternatives --set iptables "/usr/sbin/iptables-${mode}" > /dev/null
|
update-alternatives --set iptables "/usr/sbin/iptables-${mode}" > /dev/null
|
||||||
update-alternatives --set ip6tables "/usr/sbin/ip6tables-${mode}" > /dev/null
|
update-alternatives --set ip6tables "/usr/sbin/ip6tables-${mode}" > /dev/null
|
||||||
}
|
}
|
||||||
|
@ -179,9 +211,49 @@ enable_network_magic(){
|
||||||
# now we can ensure that DNS is configured to use our IP
|
# now we can ensure that DNS is configured to use our IP
|
||||||
cp /etc/resolv.conf /etc/resolv.conf.original
|
cp /etc/resolv.conf /etc/resolv.conf.original
|
||||||
sed -e "s/${docker_embedded_dns_ip}/${docker_host_ip}/g" /etc/resolv.conf.original >/etc/resolv.conf
|
sed -e "s/${docker_embedded_dns_ip}/${docker_host_ip}/g" /etc/resolv.conf.original >/etc/resolv.conf
|
||||||
|
|
||||||
|
# fixup IPs in manifests ...
|
||||||
|
curr_ipv4="$( (getent ahostsv4 $(hostname) | head -n1 | cut -d' ' -f1) || true)"
|
||||||
|
echo "INFO: Detected IPv4 address: ${curr_ipv4}" >&2
|
||||||
|
if [ -f /kind/old-ipv4 ]; then
|
||||||
|
old_ipv4=$(cat /kind/old-ipv4)
|
||||||
|
echo "INFO: Detected old IPv4 address: ${old_ipv4}" >&2
|
||||||
|
# sanity check that we have a current address
|
||||||
|
if [[ -z $curr_ipv4 ]]; then
|
||||||
|
echo "ERROR: Have an old IPv4 address but no current IPv4 address (!)" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
# kubernetes manifests are only present on control-plane nodes
|
||||||
|
sed -i "s#${old_ipv4}#${curr_ipv4}#" /etc/kubernetes/manifests/*.yaml || true
|
||||||
|
# this is no longer required with autodiscovery
|
||||||
|
sed -i "s#${old_ipv4}#${curr_ipv4}#" /var/lib/kubelet/kubeadm-flags.env || true
|
||||||
|
fi
|
||||||
|
if [[ -n $curr_ipv4 ]]; then
|
||||||
|
echo -n "${curr_ipv4}" >/kind/old-ipv4
|
||||||
|
fi
|
||||||
|
|
||||||
|
# do IPv6
|
||||||
|
curr_ipv6="$( (getent ahostsv6 $(hostname) | head -n1 | cut -d' ' -f1) || true)"
|
||||||
|
echo "INFO: Detected IPv6 address: ${curr_ipv6}" >&2
|
||||||
|
if [ -f /kind/old-ipv6 ]; then
|
||||||
|
old_ipv6=$(cat /kind/old-ipv6)
|
||||||
|
echo "INFO: Detected old IPv6 address: ${old_ipv6}" >&2
|
||||||
|
# sanity check that we have a current address
|
||||||
|
if [[ -z $curr_ipv6 ]]; then
|
||||||
|
echo "ERROR: Have an old IPv6 address but no current IPv6 address (!)" >&2
|
||||||
|
fi
|
||||||
|
# kubernetes manifests are only present on control-plane nodes
|
||||||
|
sed -i "s#${old_ipv6}#${curr_ipv6}#" /etc/kubernetes/manifests/*.yaml || true
|
||||||
|
# this is no longer required with autodiscovery
|
||||||
|
sed -i "s#${old_ipv6}#${curr_ipv6}#" /var/lib/kubelet/kubeadm-flags.env || true
|
||||||
|
fi
|
||||||
|
if [[ -n $curr_ipv6 ]]; then
|
||||||
|
echo -n "${curr_ipv6}" >/kind/old-ipv6
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# run pre-init fixups
|
# run pre-init fixups
|
||||||
|
select_iptables
|
||||||
fix_kmsg
|
fix_kmsg
|
||||||
fix_mount
|
fix_mount
|
||||||
fix_cgroup
|
fix_cgroup
|
||||||
|
@ -189,7 +261,6 @@ fix_machine_id
|
||||||
fix_product_name
|
fix_product_name
|
||||||
fix_product_uuid
|
fix_product_uuid
|
||||||
configure_proxy
|
configure_proxy
|
||||||
select_iptables
|
|
||||||
enable_network_magic
|
enable_network_magic
|
||||||
|
|
||||||
# we want the command (expected to be systemd) to be PID1, so exec to it
|
# we want the command (expected to be systemd) to be PID1, so exec to it
|
||||||
|
|
Loading…
Reference in New Issue