diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/50-flannel.network b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/50-flannel.network new file mode 100644 index 0000000000..c0e4e0e6da --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/50-flannel.network @@ -0,0 +1,4 @@ +[Match] +Name=flannel* + +[Network] diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-docker-opts.service b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-docker-opts.service new file mode 100644 index 0000000000..c089910c91 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-docker-opts.service @@ -0,0 +1,23 @@ +[Unit] +Description=flannel docker export service - Network fabric for containers (System Application Container) +Documentation=https://github.com/coreos/flannel +After=flannel.service +PartOf=flannel.service +Before=docker.service + +[Service] +Type=simple +Restart=on-failure +RestartSec=10 +TimeoutStartSec=60 + +Environment="FLANNEL_IMAGE_TAG=v0.6.2" +Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/flannel-wrapper2.uuid" +Environment="FLANNEL_IMAGE_ARGS=--exec=/opt/bin/mk-docker-opts.sh" + +ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/lib/coreos/flannel-wrapper2.uuid +ExecStart=/usr/lib/coreos/flannel-wrapper -d /run/flannel/flannel_docker_opts.env -i +ExecStop=-/usr/bin/rkt stop --uuid-file=/var/lib/coreos/flannel-wrapper2.uuid + +[Install] +WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-wrapper b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-wrapper new file mode 100755 index 0000000000..689c23afd2 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-wrapper @@ -0,0 +1,84 @@ +#!/bin/bash -e +# Wrapper for launching flannel via rkt. +# +# Make sure to set FLANNEL_IMAGE_TAG to an image tag published here: +# https://quay.io/repository/coreos/flannel?tab=tags Alternatively, +# override FLANNEL_IMAGE to a custom image. + +function require_ev_all() { + for rev in $@ ; do + if [[ -z "${!rev}" ]]; then + echo "${rev}" is not set + exit 1 + fi + done +} + +function require_ev_one() { + for rev in $@ ; do + if [[ ! -z "${!rev}" ]]; then + return + fi + done + echo One of $@ must be set + exit 1 +} + +if [[ -n "${FLANNEL_VER}" ]]; then + echo FLANNEL_VER environment variable is deprecated, please use FLANNEL_IMAGE_TAG instead +fi + +if [[ -n "${FLANNEL_IMG}" ]]; then + echo FLANNEL_IMG environment variable is deprecated, please use FLANNEL_IMAGE_URL instead +fi + +FLANNEL_IMAGE_TAG="${FLANNEL_IMAGE_TAG:-${FLANNEL_VER}}" + +require_ev_one FLANNEL_IMAGE FLANNEL_IMAGE_TAG + +FLANNEL_IMAGE_URL="${FLANNEL_IMAGE_URL:-${FLANNEL_IMG:-quay.io/coreos/flannel}}" +FLANNEL_IMAGE="${FLANNEL_IMAGE:-${FLANNEL_IMAGE_URL}:${FLANNEL_IMAGE_TAG}}" + +if [[ "${FLANNEL_IMAGE%%/*}" == "quay.io" ]]; then + RKT_RUN_ARGS="${RKT_RUN_ARGS} --trust-keys-from-https" +fi + +ETCD_SSL_DIR="${ETCD_SSL_DIR:-/etc/ssl/etcd}" +if [[ -d "${ETCD_SSL_DIR}" ]]; then + RKT_RUN_ARGS="${RKT_RUN_ARGS} \ + --volume ssl,kind=host,source=${ETCD_SSL_DIR},readOnly=true \ + --mount volume=ssl,target=${ETCD_SSL_DIR} \ + " +fi + +if [[ -S "${NOTIFY_SOCKET}" ]]; then + RKT_RUN_ARGS="${RKT_RUN_ARGS} \ + --mount volume=notify,target=/run/systemd/notify \ + --volume notify,kind=host,source=${NOTIFY_SOCKET} \ + --set-env=NOTIFY_SOCKET=/run/systemd/notify \ + " +fi + +mkdir --parents /run/flannel + +RKT="${RKT:-/usr/bin/rkt}" +RKT_STAGE1_ARG="${RKT_STAGE1_ARG:---stage1-from-dir=stage1-fly.aci}" +set -x +exec ${RKT} ${RKT_GLOBAL_ARGS} \ + run ${RKT_RUN_ARGS} \ + --net=host \ + --volume run-flannel,kind=host,source=/run/flannel,readOnly=false \ + --volume etc-ssl-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ + --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ + --volume etc-hosts,kind=host,source=/etc/hosts,readOnly=true \ + --volume etc-resolv,kind=host,source=/etc/resolv.conf,readOnly=true \ + --mount volume=run-flannel,target=/run/flannel \ + --mount volume=etc-ssl-certs,target=/etc/ssl/certs \ + --mount volume=usr-share-certs,target=/usr/share/ca-certificates \ + --mount volume=etc-hosts,target=/etc/hosts \ + --mount volume=etc-resolv,target=/etc/resolv.conf \ + --inherit-env \ + ${RKT_STAGE1_ARG} \ + ${FLANNEL_IMAGE} \ + ${FLANNEL_IMAGE_ARGS} \ + -- "$@" diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flanneld.service b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flanneld.service new file mode 100644 index 0000000000..c059ab61c5 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flanneld.service @@ -0,0 +1,27 @@ +[Unit] +Description=flannel - Network fabric for containers (System Application Container) +Documentation=https://github.com/coreos/flannel +After=etcd.service etcd2.service etcd-member.service +Before=docker.service flannel-docker-opts.service +Requires=flannel-docker-opts.service + +[Service] +Type=notify +Restart=always +RestartSec=10s +LimitNOFILE=40000 +LimitNPROC=1048576 + +Environment="FLANNEL_IMAGE_TAG=v0.6.2" +Environment="FLANNEL_OPTS=--ip-masq=true" +Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/flannel-wrapper.uuid" +EnvironmentFile=-/run/flannel/options.env + +ExecStartPre=/sbin/modprobe ip_tables +ExecStartPre=/usr/bin/mkdir --parents /var/lib/coreos /run/flannel +ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/lib/coreos/flannel-wrapper.uuid +ExecStart=/usr/lib/coreos/flannel-wrapper $FLANNEL_OPTS +ExecStop=-/usr/bin/rkt stop --uuid-file=/var/lib/coreos/flannel-wrapper.uuid + +[Install] +WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/flannel-wrapper-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/flannel-wrapper-0.0.1.ebuild new file mode 100644 index 0000000000..9d4cb7e6eb --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/flannel-wrapper-0.0.1.ebuild @@ -0,0 +1,34 @@ +# Copyright (c) 2014 CoreOS, Inc.. All rights reserved. +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit systemd + +DESCRIPTION="flannel (System Application Container)" +HOMEPAGE="https://github.com/coreos/flannel" + +KEYWORDS="amd64" +SRC_URI="" + +LICENSE="Apache-2.0" +SLOT="0" +IUSE="" + +RDEPEND=" + !app-admin/flannel + >=app-emulation/rkt-1.9.1[rkt_stage1_fly] +" + +S="$WORKDIR" + +src_install() { + exeinto /usr/lib/coreos + doexe "${FILESDIR}"/flannel-wrapper + + systemd_dounit "${FILESDIR}"/flanneld.service + systemd_dounit "${FILESDIR}"/flannel-docker-opts.service + + insinto /usr/lib/systemd/network + doins "${FILESDIR}"/50-flannel.network +} diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r4.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r3.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r4.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service index 3b283f1205..88b5eba55b 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service @@ -6,7 +6,7 @@ Requires=docker.socket early-docker.target [Service] Type=notify -EnvironmentFile=-/run/flannel_docker_opts.env +EnvironmentFile=-/run/flannel/flannel_docker_opts.env MountFlags=slave # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r274.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r275.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r274.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r275.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild index ecde96a394..561e487038 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild @@ -98,10 +98,10 @@ RDEPEND="${RDEPEND} app-emulation/xenstore sys-auth/realmd sys-auth/sssd + app-admin/flannel-wrapper )" RDEPEND="${RDEPEND} - app-admin/flannel app-admin/fleet app-admin/locksmith app-admin/mayday