diff --git a/Dockerfile b/Dockerfile index 783a50b67..7675f0548 100644 --- a/Dockerfile +++ b/Dockerfile @@ -236,26 +236,6 @@ WORKDIR /scratch RUN printf "FROM scratch\nCOPY ./trustd /trustd\nENTRYPOINT [\"/trustd\"]" > Dockerfile RUN --security=insecure img build --tag ${USERNAME}/trustd:${TAG} --output type=docker,dest=/trustd.tar --no-console . -# The networkd target builds the networkd image. - -FROM base AS networkd-build -ARG SHA -ARG TAG -ARG PKGS -ARG EXTRAS -ARG VERSION_PKG="github.com/talos-systems/talos/pkg/version" -WORKDIR /src/internal/app/networkd -RUN --mount=type=cache,target=/.cache/go-build go build -ldflags "-s -w -X ${VERSION_PKG}.Name=Server -X ${VERSION_PKG}.SHA=${SHA} -X ${VERSION_PKG}.Tag=${TAG} -X ${VERSION_PKG}.PkgsVersion=${PKGS} -X ${VERSION_PKG}.ExtrasVersion=${EXTRAS}" -o /networkd -RUN chmod +x /networkd - -FROM base AS networkd-image -ARG TAG -ARG USERNAME -COPY --from=networkd-build /networkd /scratch/networkd -WORKDIR /scratch -RUN printf "FROM scratch\nCOPY ./networkd /networkd\nENTRYPOINT [\"/networkd\"]" > Dockerfile -RUN --security=insecure img build --tag ${USERNAME}/networkd:${TAG} --output type=docker,dest=/networkd.tar --no-console . - # The routerd target builds the routerd image. FROM base AS routerd-build @@ -394,7 +374,6 @@ COPY --from=machined /machined /rootfs/sbin/init COPY --from=apid-image /apid.tar /rootfs/usr/images/ COPY --from=timed-image /timed.tar /rootfs/usr/images/ COPY --from=trustd-image /trustd.tar /rootfs/usr/images/ -COPY --from=networkd-image /networkd.tar /rootfs/usr/images/ COPY --from=routerd-image /routerd.tar /rootfs/usr/images/ # NB: We run the cleanup step before creating extra directories, files, and # symlinks to avoid accidentally cleaning them up. diff --git a/internal/app/machined/pkg/system/services/networkd.go b/internal/app/machined/pkg/system/services/networkd.go index 661ada2d7..ffc1479b8 100644 --- a/internal/app/machined/pkg/system/services/networkd.go +++ b/internal/app/machined/pkg/system/services/networkd.go @@ -6,32 +6,26 @@ package services import ( - "bytes" "context" "errors" "fmt" "log" "os" "path/filepath" - "strings" - "github.com/containerd/containerd/oci" "github.com/golang/protobuf/ptypes/empty" - specs "github.com/opencontainers/runtime-spec/specs-go" - "github.com/syndtr/gocapability/capability" "google.golang.org/grpc" "github.com/talos-systems/talos/internal/app/machined/pkg/runtime" "github.com/talos-systems/talos/internal/app/machined/pkg/system/events" "github.com/talos-systems/talos/internal/app/machined/pkg/system/health" "github.com/talos-systems/talos/internal/app/machined/pkg/system/runner" - "github.com/talos-systems/talos/internal/app/machined/pkg/system/runner/containerd" + "github.com/talos-systems/talos/internal/app/machined/pkg/system/runner/goroutine" "github.com/talos-systems/talos/internal/app/machined/pkg/system/runner/restart" - "github.com/talos-systems/talos/internal/pkg/containers/image" + "github.com/talos-systems/talos/internal/app/networkd" "github.com/talos-systems/talos/pkg/conditions" "github.com/talos-systems/talos/pkg/grpc/dialer" healthapi "github.com/talos-systems/talos/pkg/machinery/api/health" - "github.com/talos-systems/talos/pkg/machinery/config/types/v1alpha1/machine" "github.com/talos-systems/talos/pkg/machinery/constants" ) @@ -46,7 +40,7 @@ func (n *Networkd) ID(r runtime.Runtime) string { // PreFunc implements the Service interface. func (n *Networkd) PreFunc(ctx context.Context, r runtime.Runtime) error { - return image.Import(ctx, "/usr/images/networkd.tar", "talos/networkd") + return os.MkdirAll(filepath.Dir(constants.NetworkSocketPath), 0o750) } // PostFunc implements the Service interface. @@ -61,89 +55,15 @@ func (n *Networkd) Condition(r runtime.Runtime) conditions.Condition { // DependsOn implements the Service interface. func (n *Networkd) DependsOn(r runtime.Runtime) []string { - return []string{"containerd"} + return nil } func (n *Networkd) Runner(r runtime.Runtime) (runner.Runner, error) { - image := "talos/networkd" - - args := runner.Args{ - ID: n.ID(r), - ProcessArgs: []string{ - "/networkd", - }, - } - - // Ensure socket dir exists - if err := os.MkdirAll(filepath.Dir(constants.NetworkSocketPath), 0o750); err != nil { - return nil, err - } - - mounts := []specs.Mount{ - {Type: "bind", Destination: "/etc/resolv.conf", Source: "/etc/resolv.conf", Options: []string{"rbind", "rw"}}, - {Type: "bind", Destination: "/etc/hosts", Source: "/etc/hosts", Options: []string{"rbind", "rw"}}, - {Type: "bind", Destination: filepath.Dir(constants.NetworkSocketPath), Source: filepath.Dir(constants.NetworkSocketPath), Options: []string{"rbind", "rw"}}, - } - - // etcd is used for VIP controller on control plane nodes - if r.Config().Machine().Type() != machine.TypeJoin { - // Ensure etcd PKI dir exists - if err := os.MkdirAll(constants.EtcdPKIPath, 0o700); err != nil { - return nil, err - } - - // Fix up permissions, as after upgrade with preserve EtcdPKIPath might retain old 0o644 permissions - if err := os.Chmod(constants.EtcdPKIPath, 0o700); err != nil { - return nil, err - } - - mounts = append(mounts, - specs.Mount{Type: "bind", Destination: constants.EtcdPKIPath, Source: constants.EtcdPKIPath, Options: []string{"rbind", "ro"}}, - ) - } - - if r.State().Platform().Mode() == runtime.ModeContainer { - mounts = append(mounts, - specs.Mount{Type: "bind", Destination: "/etc/hostname", Source: "/etc/hostname", Options: []string{"rbind", "ro"}}, - ) - } - - env := []string{} - for key, val := range r.Config().Machine().Env() { - env = append(env, fmt.Sprintf("%s=%s", key, val)) - } - - // This is really only here to support container runtime - if p, ok := os.LookupEnv("PLATFORM"); ok { - env = append(env, fmt.Sprintf("%s=%s", "PLATFORM", p)) - } - - b, err := r.Config().Bytes() - if err != nil { - return nil, err - } - - stdin := bytes.NewReader(b) - - return restart.New(containerd.NewRunner( - r.Config().Debug(), - &args, - runner.WithStdin(stdin), + return restart.New(goroutine.NewRunner( + r, + "networkd", + networkd.Main, runner.WithLoggingManager(r.Logging()), - runner.WithContainerdAddress(constants.SystemContainerdAddress), - runner.WithContainerImage(image), - runner.WithEnv(env), - runner.WithOCISpecOpts( - containerd.WithMemoryLimit(int64(1000000*32)), - oci.WithCapabilities([]string{ - strings.ToUpper("CAP_" + capability.CAP_NET_ADMIN.String()), - strings.ToUpper("CAP_" + capability.CAP_SYS_ADMIN.String()), - strings.ToUpper("CAP_" + capability.CAP_NET_RAW.String()), - strings.ToUpper("CAP_" + capability.CAP_NET_BIND_SERVICE.String()), - }), - oci.WithHostNamespace(specs.NetworkNamespace), - oci.WithMounts(mounts), - ), ), restart.WithType(restart.Forever), ), nil diff --git a/internal/app/networkd/main.go b/internal/app/networkd/main.go index f10112c79..d5b89aa8a 100644 --- a/internal/app/networkd/main.go +++ b/internal/app/networkd/main.go @@ -2,66 +2,37 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. -package main +package networkd import ( "context" + "io" "log" - "os" - "os/signal" - "runtime" - "syscall" "golang.org/x/sync/errgroup" + "github.com/talos-systems/talos/internal/app/machined/pkg/runtime" "github.com/talos-systems/talos/internal/app/networkd/pkg/networkd" "github.com/talos-systems/talos/internal/app/networkd/pkg/reg" "github.com/talos-systems/talos/pkg/grpc/factory" - "github.com/talos-systems/talos/pkg/machinery/config/configloader" "github.com/talos-systems/talos/pkg/machinery/constants" ) -func init() { - // Explicitly disable memory profiling to save around 1.4MiB of memory. - runtime.MemProfileRate = 0 +// Main is the entrypoint into networkd. +func Main(ctx context.Context, r runtime.Runtime, logOutput io.Writer) error { + logger := log.New(logOutput, "", log.Lshortfile|log.Ldate|log.Lmicroseconds|log.Ltime) + + defer logger.Println("networkd stopped") + + return run(ctx, r, logger) } -func main() { - logger := log.New(os.Stderr, "", log.Lshortfile|log.Ldate|log.Lmicroseconds|log.Ltime) - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - go func() { - defer cancel() - - sigCh := make(chan os.Signal, 1) - signal.Notify(sigCh, syscall.SIGTERM, os.Interrupt) - - select { - case <-sigCh: - case <-ctx.Done(): - } - }() - - if err := run(ctx, logger); err != nil { - logger.Fatal(err) - } - - logger.Println("networkd stopped") -} - -func run(ctx context.Context, logger *log.Logger) error { +func run(ctx context.Context, r runtime.Runtime, logger *log.Logger) error { var eg errgroup.Group - config, err := configloader.NewFromStdin() - if err != nil { - return err - } - logger.Println("starting initial network configuration") - nwd, err := networkd.New(logger, config) + nwd, err := networkd.New(logger, r.Config()) if err != nil { return err } @@ -85,7 +56,7 @@ func run(ctx context.Context, logger *log.Logger) error { server := factory.NewServer( registrator, - factory.WithDefaultLog(), + factory.WithLog("", logger.Writer()), ) listener, err := factory.NewListener(