2021-08-23 09:14:53 -04:00
|
|
|
//go:build !windows
|
2018-05-15 18:21:08 -04:00
|
|
|
// +build !windows
|
|
|
|
|
|
|
|
package buildkit
|
|
|
|
|
|
|
|
import (
|
2021-01-07 01:46:53 -05:00
|
|
|
"io/ioutil"
|
2018-08-21 22:37:32 -04:00
|
|
|
"os"
|
2018-05-15 18:21:08 -04:00
|
|
|
"path/filepath"
|
2018-08-21 22:37:32 -04:00
|
|
|
"strconv"
|
2018-08-02 17:24:34 -04:00
|
|
|
"sync"
|
2018-05-15 18:21:08 -04:00
|
|
|
|
2019-06-05 21:36:33 -04:00
|
|
|
"github.com/docker/docker/daemon/config"
|
2019-06-10 19:28:01 -04:00
|
|
|
"github.com/docker/docker/pkg/idtools"
|
2019-08-29 03:56:37 -04:00
|
|
|
"github.com/docker/docker/pkg/stringid"
|
2018-08-02 17:24:34 -04:00
|
|
|
"github.com/docker/libnetwork"
|
2018-05-15 18:21:08 -04:00
|
|
|
"github.com/moby/buildkit/executor"
|
2019-06-05 21:36:33 -04:00
|
|
|
"github.com/moby/buildkit/executor/oci"
|
2018-05-15 18:21:08 -04:00
|
|
|
"github.com/moby/buildkit/executor/runcexecutor"
|
2018-08-02 17:24:34 -04:00
|
|
|
"github.com/moby/buildkit/identity"
|
2018-08-21 22:37:32 -04:00
|
|
|
"github.com/moby/buildkit/solver/pb"
|
2018-08-02 17:24:34 -04:00
|
|
|
"github.com/moby/buildkit/util/network"
|
2018-08-21 22:37:32 -04:00
|
|
|
specs "github.com/opencontainers/runtime-spec/specs-go"
|
2018-11-29 01:55:39 -05:00
|
|
|
"github.com/sirupsen/logrus"
|
2018-05-15 18:21:08 -04:00
|
|
|
)
|
|
|
|
|
2018-08-02 17:24:34 -04:00
|
|
|
const networkName = "bridge"
|
|
|
|
|
2020-10-09 13:20:48 -04:00
|
|
|
func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, dnsConfig *oci.DNSConfig, rootless bool, idmap *idtools.IdentityMapping, apparmorProfile string) (executor.Executor, error) {
|
2021-01-07 01:46:53 -05:00
|
|
|
netRoot := filepath.Join(root, "net")
|
2018-08-21 22:37:32 -04:00
|
|
|
networkProviders := map[pb.NetMode]network.Provider{
|
2021-01-07 01:46:53 -05:00
|
|
|
pb.NetMode_UNSET: &bridgeProvider{NetworkController: net, Root: netRoot},
|
2018-08-21 22:37:32 -04:00
|
|
|
pb.NetMode_HOST: network.NewHostProvider(),
|
|
|
|
pb.NetMode_NONE: network.NewNoneProvider(),
|
|
|
|
}
|
2021-01-07 01:46:53 -05:00
|
|
|
|
|
|
|
// make sure net state directory is cleared from previous state
|
|
|
|
fis, err := ioutil.ReadDir(netRoot)
|
|
|
|
if err == nil {
|
|
|
|
for _, fi := range fis {
|
|
|
|
fp := filepath.Join(netRoot, fi.Name())
|
|
|
|
if err := os.RemoveAll(fp); err != nil {
|
|
|
|
logrus.WithError(err).Errorf("failed to delete old network state: %v", fp)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-05-15 18:21:08 -04:00
|
|
|
return runcexecutor.New(runcexecutor.Opt{
|
2018-08-14 21:40:28 -04:00
|
|
|
Root: filepath.Join(root, "executor"),
|
2018-09-21 18:58:34 -04:00
|
|
|
CommandCandidates: []string{"runc"},
|
2018-08-14 21:40:28 -04:00
|
|
|
DefaultCgroupParent: cgroupParent,
|
2019-02-28 03:12:55 -05:00
|
|
|
Rootless: rootless,
|
2019-05-10 21:08:17 -04:00
|
|
|
NoPivot: os.Getenv("DOCKER_RAMDISK") != "",
|
2019-06-10 19:28:01 -04:00
|
|
|
IdentityMapping: idmap,
|
2019-06-05 21:36:33 -04:00
|
|
|
DNS: dnsConfig,
|
2020-10-09 13:20:48 -04:00
|
|
|
ApparmorProfile: apparmorProfile,
|
2018-08-21 22:37:32 -04:00
|
|
|
}, networkProviders)
|
2018-08-02 17:24:34 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
type bridgeProvider struct {
|
|
|
|
libnetwork.NetworkController
|
2019-02-28 03:12:55 -05:00
|
|
|
Root string
|
2018-08-02 17:24:34 -04:00
|
|
|
}
|
|
|
|
|
2018-08-21 22:37:32 -04:00
|
|
|
func (p *bridgeProvider) New() (network.Namespace, error) {
|
2018-08-02 17:24:34 -04:00
|
|
|
n, err := p.NetworkByName(networkName)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2018-08-21 22:37:32 -04:00
|
|
|
iface := &lnInterface{ready: make(chan struct{}), provider: p}
|
2018-08-02 17:24:34 -04:00
|
|
|
iface.Once.Do(func() {
|
|
|
|
go iface.init(p.NetworkController, n)
|
2018-05-15 18:21:08 -04:00
|
|
|
})
|
2018-08-02 17:24:34 -04:00
|
|
|
|
|
|
|
return iface, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
type lnInterface struct {
|
|
|
|
ep libnetwork.Endpoint
|
|
|
|
sbx libnetwork.Sandbox
|
|
|
|
sync.Once
|
2018-08-21 22:37:32 -04:00
|
|
|
err error
|
|
|
|
ready chan struct{}
|
|
|
|
provider *bridgeProvider
|
2018-08-02 17:24:34 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
func (iface *lnInterface) init(c libnetwork.NetworkController, n libnetwork.Network) {
|
|
|
|
defer close(iface.ready)
|
|
|
|
id := identity.NewID()
|
|
|
|
|
2018-11-29 00:28:16 -05:00
|
|
|
ep, err := n.CreateEndpoint(id, libnetwork.CreateOptionDisableResolution())
|
2018-08-02 17:24:34 -04:00
|
|
|
if err != nil {
|
|
|
|
iface.err = err
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2019-02-28 03:12:55 -05:00
|
|
|
sbx, err := c.NewSandbox(id, libnetwork.OptionUseExternalKey(), libnetwork.OptionHostsPath(filepath.Join(iface.provider.Root, id, "hosts")),
|
|
|
|
libnetwork.OptionResolvConfPath(filepath.Join(iface.provider.Root, id, "resolv.conf")))
|
2018-08-02 17:24:34 -04:00
|
|
|
if err != nil {
|
|
|
|
iface.err = err
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := ep.Join(sbx); err != nil {
|
|
|
|
iface.err = err
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
iface.sbx = sbx
|
|
|
|
iface.ep = ep
|
|
|
|
}
|
|
|
|
|
2020-11-12 21:14:57 -05:00
|
|
|
func (iface *lnInterface) Set(s *specs.Spec) error {
|
2018-08-02 17:24:34 -04:00
|
|
|
<-iface.ready
|
|
|
|
if iface.err != nil {
|
2019-02-28 03:12:55 -05:00
|
|
|
logrus.WithError(iface.err).Error("failed to set networking spec")
|
2020-11-12 21:14:57 -05:00
|
|
|
return iface.err
|
2018-08-21 22:37:32 -04:00
|
|
|
}
|
2019-08-29 03:56:37 -04:00
|
|
|
shortNetCtlrID := stringid.TruncateID(iface.provider.NetworkController.ID())
|
2018-08-21 22:37:32 -04:00
|
|
|
// attach netns to bridge within the container namespace, using reexec in a prestart hook
|
|
|
|
s.Hooks = &specs.Hooks{
|
|
|
|
Prestart: []specs.Hook{{
|
|
|
|
Path: filepath.Join("/proc", strconv.Itoa(os.Getpid()), "exe"),
|
2019-08-29 03:56:37 -04:00
|
|
|
Args: []string{"libnetwork-setkey", "-exec-root=" + iface.provider.Config().Daemon.ExecRoot, iface.sbx.ContainerID(), shortNetCtlrID},
|
2018-08-21 22:37:32 -04:00
|
|
|
}},
|
2018-08-02 17:24:34 -04:00
|
|
|
}
|
2020-11-12 21:14:57 -05:00
|
|
|
return nil
|
2018-08-02 17:24:34 -04:00
|
|
|
}
|
|
|
|
|
2018-08-21 22:37:32 -04:00
|
|
|
func (iface *lnInterface) Close() error {
|
|
|
|
<-iface.ready
|
2019-02-28 03:12:55 -05:00
|
|
|
if iface.sbx != nil {
|
|
|
|
go func() {
|
|
|
|
if err := iface.sbx.Delete(); err != nil {
|
2021-01-07 01:46:53 -05:00
|
|
|
logrus.WithError(err).Errorf("failed to delete builder network sandbox")
|
|
|
|
}
|
|
|
|
if err := os.RemoveAll(filepath.Join(iface.provider.Root, iface.sbx.ContainerID())); err != nil {
|
|
|
|
logrus.WithError(err).Errorf("failed to delete builder sandbox directory")
|
2019-02-28 03:12:55 -05:00
|
|
|
}
|
|
|
|
}()
|
|
|
|
}
|
2018-11-29 01:55:39 -05:00
|
|
|
return iface.err
|
2018-05-15 18:21:08 -04:00
|
|
|
}
|
2019-06-05 21:36:33 -04:00
|
|
|
|
|
|
|
func getDNSConfig(cfg config.DNSConfig) *oci.DNSConfig {
|
|
|
|
if cfg.DNS != nil || cfg.DNSSearch != nil || cfg.DNSOptions != nil {
|
|
|
|
return &oci.DNSConfig{
|
|
|
|
Nameservers: cfg.DNS,
|
|
|
|
SearchDomains: cfg.DNSSearch,
|
|
|
|
Options: cfg.DNSOptions,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|