2016-10-10 08:22:15 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"os"
|
|
|
|
"path/filepath"
|
|
|
|
"text/template"
|
|
|
|
|
|
|
|
"github.com/kubernetes-incubator/cri-o/server"
|
|
|
|
"github.com/opencontainers/runc/libcontainer/selinux"
|
|
|
|
"github.com/urfave/cli"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2016-11-30 08:19:36 +00:00
|
|
|
ocidRoot = "/var/lib/ocid"
|
|
|
|
conmonPath = "/usr/libexec/ocid/conmon"
|
|
|
|
pausePath = "/usr/libexec/ocid/pause"
|
|
|
|
seccompProfilePath = "/etc/ocid/seccomp.json"
|
2016-11-30 08:36:07 +00:00
|
|
|
apparmorProfileName = "ocid-default"
|
2016-10-10 08:22:15 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
var commentedConfigTemplate = template.Must(template.New("config").Parse(`
|
|
|
|
# The "ocid" table contains all of the server options.
|
|
|
|
[ocid]
|
|
|
|
|
|
|
|
# root is a path to the "root directory". OCID stores all of its state
|
|
|
|
# data, including container images, in this directory.
|
|
|
|
root = "{{ .Root }}"
|
|
|
|
|
|
|
|
# sandbox_dir is the directory where ocid will store all of its sandbox
|
|
|
|
# state and other information.
|
|
|
|
sandbox_dir = "{{ .SandboxDir }}"
|
|
|
|
|
|
|
|
# container_dir is the directory where ocid will store all of its
|
|
|
|
# container state and other information.
|
|
|
|
container_dir = "{{ .ContainerDir }}"
|
|
|
|
|
|
|
|
# The "ocid.api" table contains settings for the kubelet/gRPC
|
|
|
|
# interface (which is also used by ocic).
|
|
|
|
[ocid.api]
|
|
|
|
|
|
|
|
# listen is the path to the AF_LOCAL socket on which ocid will listen.
|
|
|
|
listen = "{{ .Listen }}"
|
|
|
|
|
|
|
|
# The "ocid.runtime" table contains settings pertaining to the OCI
|
|
|
|
# runtime used and options for how to set up and manage the OCI runtime.
|
|
|
|
[ocid.runtime]
|
|
|
|
|
|
|
|
# runtime is a path to the OCI runtime which ocid will be using.
|
|
|
|
runtime = "{{ .Runtime }}"
|
|
|
|
|
|
|
|
# conmon is the path to conmon binary, used for managing the runtime.
|
|
|
|
conmon = "{{ .Conmon }}"
|
|
|
|
|
2016-10-17 07:44:27 +00:00
|
|
|
# conmon_env is the environment variable list for conmon process,
|
|
|
|
# used for passing necessary environment variable to conmon or runtime.
|
|
|
|
conmon_env = [
|
|
|
|
{{ range $env := .ConmonEnv }}{{ printf "\t%q,\n" $env }}{{ end }}]
|
|
|
|
|
2016-10-10 08:22:15 +00:00
|
|
|
# selinux indicates whether or not SELinux will be used for pod
|
|
|
|
# separation on the host. If you enable this flag, SELinux must be running
|
|
|
|
# on the host.
|
|
|
|
selinux = {{ .SELinux }}
|
|
|
|
|
2016-11-23 09:41:48 +00:00
|
|
|
# seccomp_profile is the seccomp json profile path which is used as the
|
|
|
|
# default for the runtime.
|
|
|
|
seccomp_profile = "{{ .SeccompProfile }}"
|
|
|
|
|
2016-11-30 08:19:36 +00:00
|
|
|
# apparmor_profile is the apparmor profile name which is used as the
|
|
|
|
# default for the runtime.
|
|
|
|
apparmor_profile = "{{ .ApparmorProfile }}"
|
|
|
|
|
2016-10-10 08:22:15 +00:00
|
|
|
# The "ocid.image" table contains settings pertaining to the
|
|
|
|
# management of OCI images.
|
|
|
|
[ocid.image]
|
|
|
|
|
|
|
|
# pause is the path to the statically linked pause container binary, used
|
|
|
|
# as the entrypoint for infra containers.
|
|
|
|
pause = "{{ .Pause }}"
|
|
|
|
`))
|
|
|
|
|
2016-10-21 09:50:49 +00:00
|
|
|
// TODO: Currently ImageDir isn't really used, so we haven't added it to this
|
|
|
|
// template. Add it once the storage code has been merged.
|
|
|
|
|
2016-10-10 08:22:15 +00:00
|
|
|
// DefaultConfig returns the default configuration for ocid.
|
|
|
|
func DefaultConfig() *server.Config {
|
|
|
|
return &server.Config{
|
|
|
|
RootConfig: server.RootConfig{
|
|
|
|
Root: ocidRoot,
|
|
|
|
SandboxDir: filepath.Join(ocidRoot, "sandboxes"),
|
|
|
|
ContainerDir: filepath.Join(ocidRoot, "containers"),
|
2016-10-21 09:58:54 +00:00
|
|
|
LogDir: "/var/log/ocid/pods",
|
2016-10-10 08:22:15 +00:00
|
|
|
},
|
|
|
|
APIConfig: server.APIConfig{
|
|
|
|
Listen: "/var/run/ocid.sock",
|
|
|
|
},
|
|
|
|
RuntimeConfig: server.RuntimeConfig{
|
|
|
|
Runtime: "/usr/bin/runc",
|
|
|
|
Conmon: conmonPath,
|
2016-10-17 07:44:27 +00:00
|
|
|
ConmonEnv: []string{
|
|
|
|
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
|
|
|
|
},
|
2016-11-30 08:19:36 +00:00
|
|
|
SELinux: selinux.SelinuxEnabled(),
|
|
|
|
SeccompProfile: seccompProfilePath,
|
|
|
|
ApparmorProfile: apparmorProfileName,
|
2016-10-10 08:22:15 +00:00
|
|
|
},
|
|
|
|
ImageConfig: server.ImageConfig{
|
2016-10-21 09:50:49 +00:00
|
|
|
Pause: pausePath,
|
|
|
|
ImageDir: filepath.Join(ocidRoot, "store"),
|
2016-10-10 08:22:15 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
var configCommand = cli.Command{
|
|
|
|
Name: "config",
|
|
|
|
Usage: "generate ocid configuration files",
|
|
|
|
Flags: []cli.Flag{
|
|
|
|
cli.BoolFlag{
|
|
|
|
Name: "default",
|
|
|
|
Usage: "output the default configuration",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Action: func(c *cli.Context) error {
|
|
|
|
// At this point, app.Before has already parsed the user's chosen
|
|
|
|
// config file. So no need to handle that here.
|
|
|
|
config := c.App.Metadata["config"].(*server.Config)
|
|
|
|
if c.Bool("default") {
|
|
|
|
config = DefaultConfig()
|
|
|
|
}
|
|
|
|
|
|
|
|
// Output the commented config.
|
|
|
|
return commentedConfigTemplate.ExecuteTemplate(os.Stdout, "config", config)
|
|
|
|
},
|
|
|
|
}
|