app-admin/flannel-wrapper: add flannel-wrapper

This builds on the work done by Stefan Junker.
2025-08-25 00:11:23 +02:00 · 2016-09-28 11:26:14 -07:00 · 2016-09-28 11:26:14 -07:00 · 99daf250e4
commit 99daf250e4
parent de4b89fac9
9 changed files with 174 additions and 2 deletions
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/50-flannel.network
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/50-flannel.network
@ -0,0 +1,4 @@
+[Match]
+Name=flannel*
+
+[Network]
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-docker-opts.service
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-docker-opts.service
@ -0,0 +1,23 @@
+[Unit]
+Description=flannel docker export service - Network fabric for containers (System Application Container)
+Documentation=https://github.com/coreos/flannel
+After=flannel.service
+PartOf=flannel.service
+Before=docker.service
+
+[Service]
+Type=simple
+Restart=on-failure
+RestartSec=10
+TimeoutStartSec=60
+
+Environment="FLANNEL_IMAGE_TAG=v0.6.2"
+Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/flannel-wrapper2.uuid"
+Environment="FLANNEL_IMAGE_ARGS=--exec=/opt/bin/mk-docker-opts.sh"
+
+ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/lib/coreos/flannel-wrapper2.uuid
+ExecStart=/usr/lib/coreos/flannel-wrapper -d /run/flannel/flannel_docker_opts.env -i
+ExecStop=-/usr/bin/rkt stop --uuid-file=/var/lib/coreos/flannel-wrapper2.uuid
+
+[Install]
+WantedBy=multi-user.target
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-wrapper
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-wrapper
@ -0,0 +1,84 @@
+#!/bin/bash -e
+# Wrapper for launching flannel via rkt.
+#
+# Make sure to set FLANNEL_IMAGE_TAG to an image tag published here:
+# https://quay.io/repository/coreos/flannel?tab=tags Alternatively,
+# override FLANNEL_IMAGE to a custom image.
+
+function require_ev_all() {
+	for rev in $@ ; do
+		if [[ -z "${!rev}" ]]; then
+			echo "${rev}" is not set
+			exit 1
+		fi
+	done
+}
+
+function require_ev_one() {
+	for rev in $@ ; do
+		if [[ ! -z "${!rev}" ]]; then
+			return
+		fi
+	done
+	echo One of $@ must be set
+	exit 1
+}
+
+if [[ -n "${FLANNEL_VER}" ]]; then
+	echo FLANNEL_VER environment variable is deprecated, please use FLANNEL_IMAGE_TAG instead
+fi
+
+if [[ -n "${FLANNEL_IMG}" ]]; then
+	echo FLANNEL_IMG environment variable is deprecated, please use FLANNEL_IMAGE_URL instead
+fi
+
+FLANNEL_IMAGE_TAG="${FLANNEL_IMAGE_TAG:-${FLANNEL_VER}}"
+
+require_ev_one FLANNEL_IMAGE FLANNEL_IMAGE_TAG
+
+FLANNEL_IMAGE_URL="${FLANNEL_IMAGE_URL:-${FLANNEL_IMG:-quay.io/coreos/flannel}}"
+FLANNEL_IMAGE="${FLANNEL_IMAGE:-${FLANNEL_IMAGE_URL}:${FLANNEL_IMAGE_TAG}}"
+
+if [[ "${FLANNEL_IMAGE%%/*}" == "quay.io" ]]; then
+	RKT_RUN_ARGS="${RKT_RUN_ARGS} --trust-keys-from-https"
+fi
+
+ETCD_SSL_DIR="${ETCD_SSL_DIR:-/etc/ssl/etcd}"
+if [[ -d "${ETCD_SSL_DIR}" ]]; then
+	RKT_RUN_ARGS="${RKT_RUN_ARGS} \
+		--volume ssl,kind=host,source=${ETCD_SSL_DIR},readOnly=true \
+		--mount volume=ssl,target=${ETCD_SSL_DIR} \
+	"
+fi
+
+if [[ -S "${NOTIFY_SOCKET}" ]]; then
+	RKT_RUN_ARGS="${RKT_RUN_ARGS} \
+		--mount volume=notify,target=/run/systemd/notify \
+		--volume notify,kind=host,source=${NOTIFY_SOCKET} \
+		--set-env=NOTIFY_SOCKET=/run/systemd/notify \
+	"
+fi
+
+mkdir --parents /run/flannel
+
+RKT="${RKT:-/usr/bin/rkt}"
+RKT_STAGE1_ARG="${RKT_STAGE1_ARG:---stage1-from-dir=stage1-fly.aci}"
+set -x
+exec ${RKT} ${RKT_GLOBAL_ARGS} \
+	run ${RKT_RUN_ARGS} \
+	--net=host \
+	--volume run-flannel,kind=host,source=/run/flannel,readOnly=false \
+	--volume etc-ssl-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
+	--volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
+	--volume etc-hosts,kind=host,source=/etc/hosts,readOnly=true \
+	--volume etc-resolv,kind=host,source=/etc/resolv.conf,readOnly=true \
+	--mount volume=run-flannel,target=/run/flannel \
+	--mount volume=etc-ssl-certs,target=/etc/ssl/certs \
+	--mount volume=usr-share-certs,target=/usr/share/ca-certificates \
+	--mount volume=etc-hosts,target=/etc/hosts  \
+	--mount volume=etc-resolv,target=/etc/resolv.conf \
+	--inherit-env \
+	${RKT_STAGE1_ARG} \
+	${FLANNEL_IMAGE} \
+		${FLANNEL_IMAGE_ARGS} \
+		-- "$@"
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flanneld.service
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flanneld.service
@ -0,0 +1,27 @@
+[Unit]
+Description=flannel - Network fabric for containers (System Application Container)
+Documentation=https://github.com/coreos/flannel
+After=etcd.service etcd2.service etcd-member.service
+Before=docker.service flannel-docker-opts.service
+Requires=flannel-docker-opts.service
+
+[Service]
+Type=notify
+Restart=always
+RestartSec=10s
+LimitNOFILE=40000
+LimitNPROC=1048576
+
+Environment="FLANNEL_IMAGE_TAG=v0.6.2"
+Environment="FLANNEL_OPTS=--ip-masq=true"
+Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/flannel-wrapper.uuid"
+EnvironmentFile=-/run/flannel/options.env
+
+ExecStartPre=/sbin/modprobe ip_tables
+ExecStartPre=/usr/bin/mkdir --parents /var/lib/coreos /run/flannel
+ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/lib/coreos/flannel-wrapper.uuid
+ExecStart=/usr/lib/coreos/flannel-wrapper $FLANNEL_OPTS
+ExecStop=-/usr/bin/rkt stop --uuid-file=/var/lib/coreos/flannel-wrapper.uuid
+
+[Install]
+WantedBy=multi-user.target
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/flannel-wrapper-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/flannel-wrapper-0.0.1.ebuild
@ -0,0 +1,34 @@
+# Copyright (c) 2014 CoreOS, Inc.. All rights reserved.
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit systemd
+
+DESCRIPTION="flannel (System Application Container)"
+HOMEPAGE="https://github.com/coreos/flannel"
+
+KEYWORDS="amd64"
+SRC_URI=""
+
+LICENSE="Apache-2.0"
+SLOT="0"
+IUSE=""
+
+RDEPEND="
+	!app-admin/flannel
+	>=app-emulation/rkt-1.9.1[rkt_stage1_fly]
+"
+
+S="$WORKDIR"
+
+src_install() {
+	exeinto /usr/lib/coreos
+	doexe "${FILESDIR}"/flannel-wrapper
+
+	systemd_dounit "${FILESDIR}"/flanneld.service
+	systemd_dounit "${FILESDIR}"/flannel-docker-opts.service
+
+	insinto /usr/lib/systemd/network
+	doins "${FILESDIR}"/50-flannel.network
+}
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r4.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r4.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service
@ -6,7 +6,7 @@ Requires=docker.socket early-docker.target

 [Service]
 Type=notify
-EnvironmentFile=-/run/flannel_docker_opts.env
+EnvironmentFile=-/run/flannel/flannel_docker_opts.env
 MountFlags=slave
 # the default is not to use systemd for cgroups because the delegate issues still
 # exists and systemd currently does not support the cgroup feature set required
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r275.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r275.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild
@ -98,10 +98,10 @@ RDEPEND="${RDEPEND}
 		app-emulation/xenstore
 		sys-auth/realmd
 		sys-auth/sssd
+		app-admin/flannel-wrapper
 	)"

 RDEPEND="${RDEPEND}
-	app-admin/flannel
 	app-admin/fleet
 	app-admin/locksmith
 	app-admin/mayday