#!/bin/bash # Dependencies: # # - functions # - ``STACK_USER`` must be defined # stack.sh # --------- # - install_docker # The following variables are assumed to be defined by certain functions: # # - ``http_proxy`` ``https_proxy`` ``no_proxy`` # Save trace setting _XTRACE_DOCKER=$(set +o | grep xtrace) set +o xtrace # Defaults # -------- DOCKER_ENGINE_SOCKET_FILE=${DOCKER_ENGINE_SOCKET_FILE:-/var/run/docker.sock} DOCKER_ENGINE_PORT=${DOCKER_ENGINE_PORT:-2375} DOCKER_CLUSTER_STORE=${DOCKER_CLUSTER_STORE:-} DOCKER_GROUP=${DOCKER_GROUP:-$STACK_USER} DOCKER_CGROUP_DRIVER=${DOCKER_CGROUP_DRIVER:-} # TODO(hongbin): deprecate and remove clear container ENABLE_CLEAR_CONTAINER=$(trueorfalse False ENABLE_CLEAR_CONTAINER) ENABLE_KATA_CONTAINERS=$(trueorfalse False ENABLE_KATA_CONTAINERS) ENABLE_CONTAINERD_CRI=$(trueorfalse False ENABLE_CONTAINERD_CRI) ENABLE_LIVE_RESTORE=$(trueorfalse False ENABLE_LIVE_RESTORE) ENABLE_IPV6=$(trueorfalse False ENABLE_IPV6) KATA_BRANCH=${KATA_BRANCH:-master} KATA_RUNTIME=${KATA_RUNTIME:-kata-runtime} CONTAINERD_CONF_DIR=/etc/containerd CONTAINERD_CONF=$CONTAINERD_CONF_DIR/config.toml # Functions # --------- function check_docker { if is_ubuntu; then dpkg -s docker-engine > /dev/null 2>&1 || dpkg -s docker-ce > /dev/null 2>&1 else rpm -q docker-engine > /dev/null 2>&1 || rpm -q docker > /dev/null 2>&1 || rpm -q docker-ce > /dev/null 2>&1 fi } function install_docker { if [[ -z "$os_PACKAGE" ]]; then GetOSVersion fi local lsb_dist=${os_VENDOR,,} local dist_version=${os_CODENAME} local arch arch=$(dpkg --print-architecture) if is_ubuntu; then if [[ ${dist_version} == 'trusty' ]]; then if uname -r | grep -q -- '-generic' && dpkg -l 'linux-image-*-generic' | grep -qE '^ii|^hi' 2>/dev/null; then apt_get install linux-image-extra-$(uname -r) linux-image-extra-virtual else (>&2 echo "WARNING: Current kernel is not supported by the linux-image-extra-virtual package. Docker may not work.") fi fi apt_get install apt-transport-https ca-certificates software-properties-common curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo add-apt-repository -y \ "deb [arch=${arch}] https://download.docker.com/linux/${lsb_dist} \ ${dist_version} \ stable" REPOS_UPDATED=False apt_get_update apt_get install docker-ce elif is_fedora; then if [[ "$lsb_dist" = "centos" ]]; then sudo yum-config-manager \ --add-repo \ https://download.docker.com/linux/centos/docker-ce.repo elif [[ "$lsb_dist" = "fedora" ]]; then sudo dnf config-manager \ --add-repo \ https://download.docker.com/linux/fedora/docker-ce.repo fi yum_install docker-ce fi if [[ "$ENABLE_KATA_CONTAINERS" == "True" ]]; then # Kata Containers can't run inside VM, so check whether virtualization # is enabled or not if sudo grep -E 'svm|vmx' /proc/cpuinfo &> /dev/null; then if is_ubuntu; then install_kata_container_ubuntu elif is_fedora; then install_kata_container_fedora fi else (>&2 echo "WARNING: Kata Containers needs the CPU extensions svm or vmx which is not enabled. Skipping Kata Containers installation.") fi # TODO(hongbin): deprecate and remove clear container elif [[ "$ENABLE_CLEAR_CONTAINER" == "True" ]]; then # Clear Container can't run inside VM, so check whether virtualization # is enabled or not (>&2 echo "WARNING: Clear Container support is deprecated in Train release and will be removed in U release.") if sudo grep -E 'svm|vmx' /proc/cpuinfo &> /dev/null; then if is_ubuntu; then install_clear_container_ubuntu elif is_fedora; then install_clear_container_fedora fi else (>&2 echo "WARNING: Clear Container needs the CPU extensions svm or vmx which is not enabled. Skipping Clear Container installation.") fi fi if [[ "$ENABLE_CONTAINERD_CRI" == "True" ]]; then source $DEST/devstack-plugin-container/devstack/lib/cni/plugins install_cni_plugins source $DEST/devstack-plugin-container/devstack/lib/tools/crictl install_crictl fi } function configure_docker { if [[ ${ENABLE_CONTAINERD_CRI} == "True" ]]; then source $DEST/devstack-plugin-container/devstack/lib/cni/plugins configure_cni_plugins configure_containerd source $DEST/devstack-plugin-container/devstack/lib/tools/crictl configure_crictl fi # After an ./unstack it will be stopped. So it is ok if it returns exit-code == 1 sudo systemctl stop docker.service || true local cluster_store_opts="" if [[ -n "$DOCKER_CLUSTER_STORE" ]]; then cluster_store_opts+="\"cluster-store\": \"$DOCKER_CLUSTER_STORE\"," fi local runtime_opts="" if [[ "$ENABLE_KATA_CONTAINERS" == "True" ]]; then if sudo grep -E 'svm|vmx' /proc/cpuinfo &> /dev/null; then runtime_opts+="\"runtimes\": { \"$KATA_RUNTIME\": { \"path\": \"/usr/bin/kata-runtime\" } }, \"default-runtime\": \"$KATA_RUNTIME\"," fi # TODO(hongbin): deprecate and remove clear container elif [[ "$ENABLE_CLEAR_CONTAINER" == "True" ]]; then (>&2 echo "WARNING: Clear Container support is deprecated in Train release and will be removed in U release.") if sudo grep -E 'svm|vmx' /proc/cpuinfo &> /dev/null; then runtime_opts+="\"runtimes\": { \"cor\": { \"path\": \"/usr/bin/cc-oci-runtime\" } }," fi fi local docker_config_file=/etc/docker/daemon.json local debug local live_restore local ipv6 if [[ "$ENABLE_DEBUG_LOG_LEVEL" == "True" ]]; then debug=true else debug=false fi if [[ "$ENABLE_LIVE_RESTORE" == "True" ]]; then live_restore=true else live_restore=false fi if [[ "$ENABLE_IPV6" == "True" ]]; then ipv6=true else ipv6=false fi sudo mkdir -p $(dirname ${docker_config_file}) cat </dev/null { $cluster_store_opts $runtime_opts "debug": ${debug}, "live-restore": ${live_restore}, "ipv6": ${ipv6}, "group": "$DOCKER_GROUP", EOF if [[ -n "$DOCKER_CGROUP_DRIVER" ]]; then cat </dev/null "exec-opts": ["native.cgroupdriver=${DOCKER_CGROUP_DRIVER}"], EOF fi cat </dev/null "hosts": [ "unix://$DOCKER_ENGINE_SOCKET_FILE", "tcp://0.0.0.0:$DOCKER_ENGINE_PORT" ] } EOF # NOTE(hongbin): We override ExecStart to workaround issue 22339. # https://github.com/docker/docker/issues/22339 local docker_drop_in_file=/etc/systemd/system/docker.service.d/docker.conf sudo mkdir -p $(dirname ${docker_drop_in_file}) cat </dev/null [Service] ExecStart= ExecStart=/usr/bin/dockerd --config-file=$docker_config_file Environment="HTTP_PROXY=$http_proxy" "HTTPS_PROXY=$https_proxy" "NO_PROXY=$no_proxy" EOF sudo systemctl daemon-reload sudo systemctl --no-block restart docker.service } function configure_containerd { sudo mkdir -p $CONTAINERD_CONF_DIR sudo chown -R $STACK_USER $CONTAINERD_CONF_DIR stack_user_gid=$(getent group $STACK_USER | cut -d: -f3) cat </dev/null [grpc] gid = $stack_user_gid [debug] level = "debug" EOF if [[ "$ENABLE_KATA_CONTAINERS" == "True" ]]; then cat </dev/null [plugins] [plugins.cri] [plugins.cri.containerd] [plugins.cri.containerd.runtimes.${KATA_RUNTIME}] runtime_type = "io.containerd.kata.v2" EOF fi sudo systemctl --no-block restart containerd.service } function stop_docker { sudo systemctl stop docker.service || true } function cleanup_docker { uninstall_package docker-ce rm -f $CONTAINERD_CONF } # TODO(hongbin): deprecate and remove clear container function install_clear_container_ubuntu { sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/clearlinux:/preview:/clear-containers-2.1/xUbuntu_$(lsb_release -rs)/ /' >> /etc/apt/sources.list.d/cc-oci-runtime.list" curl -fsSL http://download.opensuse.org/repositories/home:/clearlinux:/preview:/clear-containers-2.1/xUbuntu_$(lsb_release -rs)/Release.key | sudo apt-key add - REPOS_UPDATED=False apt_get_update apt_get install cc-oci-runtime } # TODO(hongbin): deprecate and remove clear container function install_clear_container_fedora { source /etc/os-release local lsb_dist=${os_VENDOR,,} if [[ "$lsb_dist" = "fedora" ]]; then sudo -E dnf config-manager \ --add-repo \ http://download.opensuse.org/repositories/home:clearlinux:preview:clear-containers-2.1/Fedora\_$VERSION_ID/home:clearlinux:preview:clear-containers-2.1.repo fi yum_install cc-oci-runtime linux-container } function install_kata_container_ubuntu { sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/katacontainers:/releases:/$(arch):/${KATA_BRANCH}/xUbuntu_${os_RELEASE}/ /' \ > /etc/apt/sources.list.d/kata-containers.list" curl -sL http://download.opensuse.org/repositories/home:/katacontainers:/releases:/$(arch):/${KATA_BRANCH}/xUbuntu_${os_RELEASE}/Release.key \ | sudo apt-key add - REPOS_UPDATED=False apt_get_update apt_get install kata-runtime kata-proxy kata-shim } function install_kata_container_fedora { source /etc/os-release if [[ -x $(command -v dnf 2>/dev/null) ]]; then sudo dnf -y install dnf-plugins-core sudo -E dnf config-manager --add-repo \ "http://download.opensuse.org/repositories/home:/katacontainers:/releases:/$(arch):/${KATA_BRANCH}/Fedora_${VERSION_ID}/home:katacontainers:releases:$(arch):${KATA_BRANCH}.repo" elif [[ -x $(command -v yum 2>/dev/null) ]]; then # all rh patforms (fedora, centos, rhel) have this pkg sudo yum -y install yum-utils sudo -E yum-config-manager --add-repo \ "http://download.opensuse.org/repositories/home:/katacontainers:/releases:/$(arch):/${KATA_BRANCH}/CentOS_${VERSION_ID}/home:katacontainers:releases:$(arch):${KATA_BRANCH}.repo" else die $LINENO "Unable to find or auto-install Kata Containers" fi yum_install kata-runtime kata-proxy kata-shim } # Restore xtrace $_XTRACE_DOCKER