openstack/devstack-plugin-container
Code Issues Proposed changes
devstack-plugin-container/devstack/lib/docker
Hongbin Lu f8e786f0d5 Support installing specific version of docker 
Change-Id: I12015c28f6f8ffc125097a14514a6a90a20cf35b
2023-02-24 15:11:33 +00:00

325 lines
12 KiB
Bash
Raw Blame History

#!/bin/bash
# Dependencies:
#
# - functions
# - ``STACK_USER`` must be defined
# stack.sh
# ---------
# - install_docker
# The following variables are assumed to be defined by certain functions:
#
# - ``http_proxy`` ``https_proxy`` ``no_proxy``
# Save trace setting
_XTRACE_DOCKER=$(set +o | grep xtrace)
set +o xtrace
# Defaults
# --------
DOCKER_ENGINE_SOCKET_FILE=${DOCKER_ENGINE_SOCKET_FILE:-/var/run/docker.sock}
DOCKER_ENGINE_PORT=${DOCKER_ENGINE_PORT:-2375}
DOCKER_CLUSTER_STORE=${DOCKER_CLUSTER_STORE:-}
STACK_GROUP="$( id --group --name "$STACK_USER" )"
DOCKER_GROUP=${DOCKER_GROUP:-$STACK_GROUP}
DOCKER_CGROUP_DRIVER=${DOCKER_CGROUP_DRIVER:-}
# TODO(hongbin): deprecate and remove clear container
ENABLE_CLEAR_CONTAINER=$(trueorfalse False ENABLE_CLEAR_CONTAINER)
ENABLE_KATA_CONTAINERS=$(trueorfalse False ENABLE_KATA_CONTAINERS)
ENABLE_CONTAINERD_CRI=$(trueorfalse False ENABLE_CONTAINERD_CRI)
ENABLE_LIVE_RESTORE=$(trueorfalse False ENABLE_LIVE_RESTORE)
ENABLE_IPV6=$(trueorfalse False ENABLE_IPV6)
KATA_BRANCH=${KATA_BRANCH:-master}
KATA_RUNTIME=${KATA_RUNTIME:-kata-runtime}
CONTAINERD_CONF_DIR=/etc/containerd
CONTAINERD_CONF=$CONTAINERD_CONF_DIR/config.toml
# Functions
# ---------
function check_docker {
if is_ubuntu; then
dpkg -s docker-engine > /dev/null 2>&1 || dpkg -s docker-ce > /dev/null 2>&1
else
rpm -q docker-engine > /dev/null 2>&1 || rpm -q docker > /dev/null 2>&1 || rpm -q docker-ce > /dev/null 2>&1
fi
}
function install_docker {
if [[ -z "$os_PACKAGE" ]]; then
GetOSVersion
fi
local lsb_dist=${os_VENDOR,,}
local dist_version=${os_CODENAME}
if [[ "$lsb_dist" != "centosstream" ]]; then
local arch
arch=$(dpkg --print-architecture)
fi
if is_ubuntu; then
apt_get install apparmor
if [[ ${dist_version} == 'trusty' ]]; then
if uname -r | grep -q -- '-generic' && dpkg -l 'linux-image-*-generic' | grep -qE '^ii|^hi' 2>/dev/null; then
apt_get install linux-image-extra-$(uname -r) linux-image-extra-virtual
else
(>&2 echo "WARNING: Current kernel is not supported by the linux-image-extra-virtual package. Docker may not work.")
fi
fi
apt_get install apt-transport-https ca-certificates software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository -y \
"deb [arch=${arch}] https://download.docker.com/linux/${lsb_dist} \
${dist_version} \
stable"
REPOS_UPDATED=False apt_get_update
if [ -n "${UBUNTU_DOCKER_VERSION}" ]; then
apt_get install docker-ce=$UBUNTU_DOCKER_VERSION
else
apt_get install docker-ce
fi
elif is_fedora; then
if [[ "$lsb_dist" = "centos" ]]; then
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
elif [[ "$lsb_dist" = "centosstream" ]]; then
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
sudo yum-config-manager \
--add-repo \
https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 #noqa
sudo yum-config-manager \
--enable \
packages.cloud.google.com_yum_repos_kubernetes-el7-x86_64
sudo dnf -y install kubeadm --nogpgcheck
elif [[ "$lsb_dist" = "fedora" ]]; then
sudo dnf config-manager \
--add-repo \
https://download.docker.com/linux/fedora/docker-ce.repo
fi
yum_install docker-ce
fi
if [[ "$ENABLE_KATA_CONTAINERS" == "True" ]]; then
# Kata Containers can't run inside VM, so check whether virtualization
# is enabled or not
if sudo grep -E 'svm|vmx' /proc/cpuinfo &> /dev/null; then
if is_ubuntu; then
install_kata_container_ubuntu
elif is_fedora; then
install_kata_container_fedora
fi
else
(>&2 echo "WARNING: Kata Containers needs the CPU extensions svm or vmx which is not enabled. Skipping Kata Containers installation.")
fi
# TODO(hongbin): deprecate and remove clear container
elif [[ "$ENABLE_CLEAR_CONTAINER" == "True" ]]; then
# Clear Container can't run inside VM, so check whether virtualization
# is enabled or not
(>&2 echo "WARNING: Clear Container support is deprecated in Train release and will be removed in U release.")
if sudo grep -E 'svm|vmx' /proc/cpuinfo &> /dev/null; then
if is_ubuntu; then
install_clear_container_ubuntu
elif is_fedora; then
install_clear_container_fedora
fi
else
(>&2 echo "WARNING: Clear Container needs the CPU extensions svm or vmx which is not enabled. Skipping Clear Container installation.")
fi
fi
if [[ "$ENABLE_CONTAINERD_CRI" == "True" ]]; then
source $DEST/devstack-plugin-container/devstack/lib/cni/plugins
install_cni_plugins
source $DEST/devstack-plugin-container/devstack/lib/tools/crictl
install_crictl
fi
}
function configure_docker {
if [[ ${ENABLE_CONTAINERD_CRI} == "True" ]]; then
source $DEST/devstack-plugin-container/devstack/lib/cni/plugins
configure_cni_plugins
configure_containerd
source $DEST/devstack-plugin-container/devstack/lib/tools/crictl
configure_crictl
fi
# After an ./unstack it will be stopped. So it is ok if it returns exit-code == 1
sudo systemctl stop docker.service || true
local cluster_store_opts=""
if [[ -n "$DOCKER_CLUSTER_STORE" ]]; then
cluster_store_opts+="\"cluster-store\": \"$DOCKER_CLUSTER_STORE\","
fi
local runtime_opts=""
if [[ "$ENABLE_KATA_CONTAINERS" == "True" ]]; then
if sudo grep -E 'svm|vmx' /proc/cpuinfo &> /dev/null; then
runtime_opts+="\"runtimes\": {
\"$KATA_RUNTIME\": {
\"path\": \"/usr/bin/kata-runtime\"
}
},
\"default-runtime\": \"$KATA_RUNTIME\","
fi
# TODO(hongbin): deprecate and remove clear container
elif [[ "$ENABLE_CLEAR_CONTAINER" == "True" ]]; then
(>&2 echo "WARNING: Clear Container support is deprecated in Train release and will be removed in U release.")
if sudo grep -E 'svm|vmx' /proc/cpuinfo &> /dev/null; then
runtime_opts+="\"runtimes\": {
\"cor\": {
\"path\": \"/usr/bin/cc-oci-runtime\"
}
},"
fi
fi
local docker_config_file=/etc/docker/daemon.json
local debug
local live_restore
local ipv6
if [[ "$ENABLE_DEBUG_LOG_LEVEL" == "True" ]]; then
debug=true
else
debug=false
fi
if [[ "$ENABLE_LIVE_RESTORE" == "True" ]]; then
live_restore=true
else
live_restore=false
fi
if [[ "$ENABLE_IPV6" == "True" ]]; then
ipv6=true
else
ipv6=false
fi
sudo mkdir -p $(dirname ${docker_config_file})
cat <<EOF | sudo tee $docker_config_file >/dev/null
{
$cluster_store_opts
$runtime_opts
"debug": ${debug},
"live-restore": ${live_restore},
"ipv6": ${ipv6},
"group": "$DOCKER_GROUP",
EOF
if [[ -n "$DOCKER_CGROUP_DRIVER" ]]; then
cat <<EOF | sudo tee -a $docker_config_file >/dev/null
"exec-opts": ["native.cgroupdriver=${DOCKER_CGROUP_DRIVER}"],
EOF
fi
cat <<EOF | sudo tee -a $docker_config_file >/dev/null
"hosts": [
"unix://$DOCKER_ENGINE_SOCKET_FILE",
"tcp://0.0.0.0:$DOCKER_ENGINE_PORT"
]
}
EOF
# NOTE(hongbin): We override ExecStart to workaround issue 22339.
# https://github.com/docker/docker/issues/22339
local docker_drop_in_file=/etc/systemd/system/docker.service.d/docker.conf
sudo mkdir -p $(dirname ${docker_drop_in_file})
cat <<EOF | sudo tee $docker_drop_in_file >/dev/null
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --config-file=$docker_config_file
Environment="HTTP_PROXY=$http_proxy" "HTTPS_PROXY=$https_proxy" "NO_PROXY=$no_proxy"
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker.service
}
function configure_containerd {
sudo mkdir -p $CONTAINERD_CONF_DIR
sudo chown -R $STACK_USER $CONTAINERD_CONF_DIR
stack_user_gid=$(getent group $STACK_USER | cut -d: -f3)
cat <<EOF | sudo tee $CONTAINERD_CONF >/dev/null
[grpc]
gid = $stack_user_gid
[debug]
level = "debug"
EOF
if [[ "$ENABLE_KATA_CONTAINERS" == "True" ]]; then
cat <<EOF | sudo tee -a $CONTAINERD_CONF >/dev/null
[plugins]
[plugins.cri]
[plugins.cri.containerd]
[plugins.cri.containerd.runtimes.${KATA_RUNTIME}]
runtime_type = "io.containerd.kata.v2"
EOF
fi
sudo systemctl --no-block restart containerd.service
}
function stop_docker {
sudo systemctl stop docker.service || true
}
function cleanup_docker {
uninstall_package docker-ce
rm -f $CONTAINERD_CONF
}
# TODO(hongbin): deprecate and remove clear container
function install_clear_container_ubuntu {
sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/clearlinux:/preview:/clear-containers-2.1/xUbuntu_$(lsb_release -rs)/ /' >> /etc/apt/sources.list.d/cc-oci-runtime.list"
curl -fsSL http://download.opensuse.org/repositories/home:/clearlinux:/preview:/clear-containers-2.1/xUbuntu_$(lsb_release -rs)/Release.key | sudo apt-key add -
REPOS_UPDATED=False apt_get_update
apt_get install cc-oci-runtime
}
# TODO(hongbin): deprecate and remove clear container
function install_clear_container_fedora {
source /etc/os-release
local lsb_dist=${os_VENDOR,,}
if [[ "$lsb_dist" = "fedora" ]]; then
sudo -E dnf config-manager \
--add-repo \
http://download.opensuse.org/repositories/home:clearlinux:preview:clear-containers-2.1/Fedora\_$VERSION_ID/home:clearlinux:preview:clear-containers-2.1.repo
fi
yum_install cc-oci-runtime linux-container
}
function install_kata_container_ubuntu {
sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/katacontainers:/releases:/$(arch):/${KATA_BRANCH}/xUbuntu_${os_RELEASE}/ /' \
> /etc/apt/sources.list.d/kata-containers.list"
curl -sL http://download.opensuse.org/repositories/home:/katacontainers:/releases:/$(arch):/${KATA_BRANCH}/xUbuntu_${os_RELEASE}/Release.key \
| sudo apt-key add -
REPOS_UPDATED=False apt_get_update
apt_get install kata-runtime kata-proxy kata-shim
}
function install_kata_container_fedora {
source /etc/os-release
if [[ -x $(command -v dnf 2>/dev/null) ]]; then
sudo dnf -y install dnf-plugins-core
sudo -E dnf config-manager --add-repo \
"http://download.opensuse.org/repositories/home:/katacontainers:/releases:/$(arch):/${KATA_BRANCH}/Fedora_${VERSION_ID}/home:katacontainers:releases:$(arch):${KATA_BRANCH}.repo"
elif [[ -x $(command -v yum 2>/dev/null) ]]; then
# all rh patforms (fedora, centos, rhel) have this pkg
sudo yum -y install yum-utils
sudo -E yum-config-manager --add-repo \
"http://download.opensuse.org/repositories/home:/katacontainers:/releases:/$(arch):/${KATA_BRANCH}/CentOS_${VERSION_ID}/home:katacontainers:releases:$(arch):${KATA_BRANCH}.repo"
else
die $LINENO "Unable to find or auto-install Kata Containers"
fi
yum_install kata-runtime kata-proxy kata-shim
}
# Restore xtrace
$_XTRACE_DOCKER
View Git Blame Copy Permalink