2017-06-08 00:54:29 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2018-01-16 22:30:10 +00:00
|
|
|
"context"
|
2017-12-20 10:45:06 +00:00
|
|
|
"crypto/tls"
|
|
|
|
"crypto/x509"
|
2017-06-08 00:54:29 +00:00
|
|
|
"fmt"
|
2017-12-20 10:45:06 +00:00
|
|
|
"io/ioutil"
|
2017-09-21 15:49:26 +00:00
|
|
|
"net"
|
2017-06-08 00:54:29 +00:00
|
|
|
"os"
|
2018-04-11 13:34:39 +00:00
|
|
|
"os/user"
|
2017-06-12 08:49:48 +00:00
|
|
|
"path/filepath"
|
2017-11-21 08:08:36 +00:00
|
|
|
"sort"
|
2018-04-11 13:34:39 +00:00
|
|
|
"strconv"
|
2017-09-21 15:49:26 +00:00
|
|
|
"strings"
|
2018-08-30 21:06:27 +00:00
|
|
|
"time"
|
2017-06-08 00:54:29 +00:00
|
|
|
|
2018-08-29 21:00:25 +00:00
|
|
|
"github.com/BurntSushi/toml"
|
2018-07-17 18:15:14 +00:00
|
|
|
"github.com/containerd/containerd/pkg/seed"
|
2018-06-24 05:59:17 +00:00
|
|
|
"github.com/containerd/containerd/platforms"
|
2020-03-05 19:10:21 +00:00
|
|
|
"github.com/containerd/containerd/remotes/docker"
|
2017-06-08 00:54:29 +00:00
|
|
|
"github.com/containerd/containerd/sys"
|
2019-11-11 15:40:59 +00:00
|
|
|
sddaemon "github.com/coreos/go-systemd/v22/daemon"
|
2019-03-09 00:15:42 +00:00
|
|
|
"github.com/docker/docker/pkg/reexec"
|
2017-09-21 15:49:26 +00:00
|
|
|
"github.com/docker/go-connections/sockets"
|
2019-05-07 09:25:42 +00:00
|
|
|
"github.com/gofrs/flock"
|
2020-04-23 00:10:31 +00:00
|
|
|
grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
|
2018-01-05 23:17:35 +00:00
|
|
|
"github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc"
|
2018-09-11 08:02:46 +00:00
|
|
|
"github.com/moby/buildkit/cache/remotecache"
|
2019-01-04 23:32:28 +00:00
|
|
|
inlineremotecache "github.com/moby/buildkit/cache/remotecache/inline"
|
2018-09-11 08:02:46 +00:00
|
|
|
localremotecache "github.com/moby/buildkit/cache/remotecache/local"
|
2018-07-03 09:59:33 +00:00
|
|
|
registryremotecache "github.com/moby/buildkit/cache/remotecache/registry"
|
2018-08-30 21:06:27 +00:00
|
|
|
"github.com/moby/buildkit/client"
|
2018-08-29 21:00:25 +00:00
|
|
|
"github.com/moby/buildkit/cmd/buildkitd/config"
|
2017-11-21 08:08:36 +00:00
|
|
|
"github.com/moby/buildkit/control"
|
2019-06-06 01:46:52 +00:00
|
|
|
"github.com/moby/buildkit/executor/oci"
|
2017-11-21 08:08:36 +00:00
|
|
|
"github.com/moby/buildkit/frontend"
|
2018-07-05 23:32:01 +00:00
|
|
|
dockerfile "github.com/moby/buildkit/frontend/dockerfile/builder"
|
2017-11-21 08:08:36 +00:00
|
|
|
"github.com/moby/buildkit/frontend/gateway"
|
2018-07-05 21:31:50 +00:00
|
|
|
"github.com/moby/buildkit/frontend/gateway/forwarder"
|
2017-11-21 08:08:36 +00:00
|
|
|
"github.com/moby/buildkit/session"
|
2018-09-18 18:18:08 +00:00
|
|
|
"github.com/moby/buildkit/solver/bboltcachestorage"
|
2018-07-09 22:02:52 +00:00
|
|
|
"github.com/moby/buildkit/util/apicaps"
|
2017-07-03 04:21:40 +00:00
|
|
|
"github.com/moby/buildkit/util/appcontext"
|
2017-07-12 05:08:53 +00:00
|
|
|
"github.com/moby/buildkit/util/appdefaults"
|
2019-02-27 06:55:26 +00:00
|
|
|
"github.com/moby/buildkit/util/binfmt_misc"
|
2020-04-23 00:10:31 +00:00
|
|
|
"github.com/moby/buildkit/util/grpcerrors"
|
2017-07-12 22:17:23 +00:00
|
|
|
"github.com/moby/buildkit/util/profiler"
|
2018-09-07 20:45:59 +00:00
|
|
|
"github.com/moby/buildkit/util/resolver"
|
2020-04-23 01:30:19 +00:00
|
|
|
"github.com/moby/buildkit/util/stack"
|
2018-05-21 10:42:59 +00:00
|
|
|
"github.com/moby/buildkit/version"
|
2017-11-21 08:08:36 +00:00
|
|
|
"github.com/moby/buildkit/worker"
|
2018-06-24 05:59:17 +00:00
|
|
|
specs "github.com/opencontainers/image-spec/specs-go/v1"
|
2017-06-08 00:54:29 +00:00
|
|
|
"github.com/pkg/errors"
|
2017-07-19 01:05:19 +00:00
|
|
|
"github.com/sirupsen/logrus"
|
2017-06-08 00:54:29 +00:00
|
|
|
"github.com/urfave/cli"
|
2017-12-04 03:09:39 +00:00
|
|
|
"golang.org/x/sync/errgroup"
|
2017-06-08 18:17:44 +00:00
|
|
|
"google.golang.org/grpc"
|
2017-06-08 00:54:29 +00:00
|
|
|
)
|
|
|
|
|
2018-07-09 22:02:52 +00:00
|
|
|
func init() {
|
|
|
|
apicaps.ExportedProduct = "buildkit"
|
2020-04-23 01:30:19 +00:00
|
|
|
stack.SetVersionInfo(version.Version, version.Revision)
|
2020-04-21 21:06:11 +00:00
|
|
|
|
2018-07-17 18:15:14 +00:00
|
|
|
seed.WithTimeAndRand()
|
2019-03-09 00:15:42 +00:00
|
|
|
reexec.Init()
|
2018-07-09 22:02:52 +00:00
|
|
|
}
|
|
|
|
|
2017-11-21 08:08:36 +00:00
|
|
|
type workerInitializerOpt struct {
|
2019-02-23 12:56:04 +00:00
|
|
|
config *config.Config
|
2017-11-21 08:08:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type workerInitializer struct {
|
2017-12-15 08:06:54 +00:00
|
|
|
fn func(c *cli.Context, common workerInitializerOpt) ([]worker.Worker, error)
|
2017-11-21 08:08:36 +00:00
|
|
|
// less priority number, more preferred
|
|
|
|
priority int
|
|
|
|
}
|
|
|
|
|
|
|
|
var (
|
|
|
|
appFlags []cli.Flag
|
|
|
|
workerInitializers []workerInitializer
|
|
|
|
)
|
|
|
|
|
|
|
|
func registerWorkerInitializer(wi workerInitializer, flags ...cli.Flag) {
|
|
|
|
workerInitializers = append(workerInitializers, wi)
|
|
|
|
sort.Slice(workerInitializers,
|
|
|
|
func(i, j int) bool {
|
|
|
|
return workerInitializers[i].priority < workerInitializers[j].priority
|
|
|
|
})
|
|
|
|
appFlags = append(appFlags, flags...)
|
|
|
|
}
|
|
|
|
|
2017-06-08 00:54:29 +00:00
|
|
|
func main() {
|
2018-05-21 10:42:59 +00:00
|
|
|
cli.VersionPrinter = func(c *cli.Context) {
|
|
|
|
fmt.Println(c.App.Name, version.Package, c.App.Version, version.Revision)
|
|
|
|
}
|
2017-06-08 00:54:29 +00:00
|
|
|
app := cli.NewApp()
|
2017-12-18 07:33:02 +00:00
|
|
|
app.Name = "buildkitd"
|
2017-06-08 00:54:29 +00:00
|
|
|
app.Usage = "build daemon"
|
2018-10-11 20:46:16 +00:00
|
|
|
app.Version = version.Version
|
2018-08-29 21:00:25 +00:00
|
|
|
|
2019-03-20 23:27:05 +00:00
|
|
|
defaultConf, md, err := defaultConf()
|
|
|
|
if err != nil {
|
|
|
|
fmt.Fprintf(os.Stderr, "%+v\n", err)
|
|
|
|
os.Exit(1)
|
|
|
|
}
|
2018-08-29 21:00:25 +00:00
|
|
|
|
2018-05-30 02:49:43 +00:00
|
|
|
rootlessUsage := "set all the default options to be compatible with rootless containers"
|
2020-06-15 10:51:20 +00:00
|
|
|
if sys.RunningInUserNS() {
|
2018-05-30 02:49:43 +00:00
|
|
|
app.Flags = append(app.Flags, cli.BoolTFlag{
|
|
|
|
Name: "rootless",
|
|
|
|
Usage: rootlessUsage + " (default: true)",
|
|
|
|
})
|
|
|
|
} else {
|
|
|
|
app.Flags = append(app.Flags, cli.BoolFlag{
|
|
|
|
Name: "rootless",
|
|
|
|
Usage: rootlessUsage,
|
|
|
|
})
|
|
|
|
}
|
2018-08-29 21:00:25 +00:00
|
|
|
|
|
|
|
groupValue := func(gid int) string {
|
|
|
|
if md == nil || !md.IsDefined("grpc", "gid") {
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
return strconv.Itoa(gid)
|
|
|
|
}
|
|
|
|
|
2018-05-30 02:49:43 +00:00
|
|
|
app.Flags = append(app.Flags,
|
2018-08-29 21:00:25 +00:00
|
|
|
cli.StringFlag{
|
|
|
|
Name: "config",
|
|
|
|
Usage: "path to config file",
|
|
|
|
Value: defaultConfigPath(),
|
|
|
|
},
|
2017-06-08 00:54:29 +00:00
|
|
|
cli.BoolFlag{
|
|
|
|
Name: "debug",
|
|
|
|
Usage: "enable debug output in logs",
|
|
|
|
},
|
|
|
|
cli.StringFlag{
|
|
|
|
Name: "root",
|
|
|
|
Usage: "path to state directory",
|
2018-08-29 21:00:25 +00:00
|
|
|
Value: defaultConf.Root,
|
2017-06-08 00:54:29 +00:00
|
|
|
},
|
2017-12-04 03:09:39 +00:00
|
|
|
cli.StringSliceFlag{
|
2017-09-21 15:49:26 +00:00
|
|
|
Name: "addr",
|
|
|
|
Usage: "listening address (socket or tcp)",
|
2018-08-29 21:00:25 +00:00
|
|
|
Value: &cli.StringSlice{defaultConf.GRPC.Address[0]},
|
2017-06-08 00:54:29 +00:00
|
|
|
},
|
2018-04-11 13:34:39 +00:00
|
|
|
cli.StringFlag{
|
|
|
|
Name: "group",
|
|
|
|
Usage: "group (name or gid) which will own all Unix socket listening addresses",
|
2018-08-29 21:00:25 +00:00
|
|
|
Value: groupValue(defaultConf.GRPC.GID),
|
2018-04-11 13:34:39 +00:00
|
|
|
},
|
2017-07-03 06:52:27 +00:00
|
|
|
cli.StringFlag{
|
|
|
|
Name: "debugaddr",
|
2017-09-21 15:49:26 +00:00
|
|
|
Usage: "debugging address (eg. 0.0.0.0:6060)",
|
2018-08-29 21:00:25 +00:00
|
|
|
Value: defaultConf.GRPC.DebugAddress,
|
2017-07-03 06:52:27 +00:00
|
|
|
},
|
2017-12-20 10:45:06 +00:00
|
|
|
cli.StringFlag{
|
2017-12-21 05:18:54 +00:00
|
|
|
Name: "tlscert",
|
2017-12-20 10:45:06 +00:00
|
|
|
Usage: "certificate file to use",
|
2018-08-29 21:00:25 +00:00
|
|
|
Value: defaultConf.GRPC.TLS.Cert,
|
2017-12-20 10:45:06 +00:00
|
|
|
},
|
|
|
|
cli.StringFlag{
|
2017-12-21 05:18:54 +00:00
|
|
|
Name: "tlskey",
|
2017-12-20 10:45:06 +00:00
|
|
|
Usage: "key file to use",
|
2018-08-29 21:00:25 +00:00
|
|
|
Value: defaultConf.GRPC.TLS.Key,
|
2017-12-20 10:45:06 +00:00
|
|
|
},
|
|
|
|
cli.StringFlag{
|
2017-12-21 05:18:54 +00:00
|
|
|
Name: "tlscacert",
|
2017-12-20 10:45:06 +00:00
|
|
|
Usage: "ca certificate to verify clients",
|
2018-08-29 21:00:25 +00:00
|
|
|
Value: defaultConf.GRPC.TLS.CA,
|
2017-12-20 10:45:06 +00:00
|
|
|
},
|
2019-01-10 02:24:25 +00:00
|
|
|
cli.StringSliceFlag{
|
|
|
|
Name: "allow-insecure-entitlement",
|
|
|
|
Usage: "allows insecure entitlements e.g. network.host, security.insecure",
|
|
|
|
},
|
2018-05-30 02:49:43 +00:00
|
|
|
)
|
2017-11-21 08:08:36 +00:00
|
|
|
app.Flags = append(app.Flags, appFlags...)
|
2017-06-08 19:00:31 +00:00
|
|
|
|
2017-06-08 00:54:29 +00:00
|
|
|
app.Action = func(c *cli.Context) error {
|
2020-01-05 13:56:16 +00:00
|
|
|
// TODO: On Windows this always returns -1. The actual "are you admin" check is very Windows-specific.
|
|
|
|
// See https://github.com/golang/go/issues/28804#issuecomment-505326268 for the "short" version.
|
|
|
|
if os.Geteuid() > 0 {
|
2018-07-02 05:22:49 +00:00
|
|
|
return errors.New("rootless mode requires to be executed as the mapped root in a user namespace; you may use RootlessKit for setting up the namespace")
|
|
|
|
}
|
2017-07-03 04:21:40 +00:00
|
|
|
ctx, cancel := context.WithCancel(appcontext.Context())
|
2018-01-16 22:30:10 +00:00
|
|
|
defer cancel()
|
2017-06-08 00:54:29 +00:00
|
|
|
|
2020-03-09 16:00:04 +00:00
|
|
|
cfg, md, err := LoadFile(c.GlobalString("config"))
|
2018-08-29 21:00:25 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
setDefaultConfig(&cfg)
|
|
|
|
if err := applyMainFlags(c, &cfg, md); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if cfg.Debug {
|
|
|
|
logrus.SetLevel(logrus.DebugLevel)
|
|
|
|
}
|
|
|
|
|
|
|
|
if cfg.GRPC.DebugAddress != "" {
|
|
|
|
if err := setupDebugHandlers(cfg.GRPC.DebugAddress); err != nil {
|
2017-07-03 06:52:27 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
2020-04-23 00:10:31 +00:00
|
|
|
unary := grpc_middleware.ChainUnaryServer(unaryInterceptor(ctx), grpcerrors.UnaryServerInterceptor)
|
|
|
|
stream := grpc_middleware.ChainStreamServer(otgrpc.OpenTracingStreamServerInterceptor(tracer), grpcerrors.StreamServerInterceptor)
|
|
|
|
|
|
|
|
opts := []grpc.ServerOption{grpc.UnaryInterceptor(unary), grpc.StreamInterceptor(stream)}
|
2017-12-20 10:45:06 +00:00
|
|
|
server := grpc.NewServer(opts...)
|
2017-06-08 00:54:29 +00:00
|
|
|
|
2017-06-12 08:49:48 +00:00
|
|
|
// relative path does not work with nightlyone/lockfile
|
2018-08-29 21:00:25 +00:00
|
|
|
root, err := filepath.Abs(cfg.Root)
|
2017-06-12 08:49:48 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2018-08-29 21:00:25 +00:00
|
|
|
cfg.Root = root
|
2017-06-08 00:54:29 +00:00
|
|
|
|
|
|
|
if err := os.MkdirAll(root, 0700); err != nil {
|
|
|
|
return errors.Wrapf(err, "failed to create %s", root)
|
|
|
|
}
|
|
|
|
|
2019-05-07 09:25:42 +00:00
|
|
|
lockPath := filepath.Join(root, "buildkitd.lock")
|
|
|
|
lock := flock.New(lockPath)
|
|
|
|
locked, err := lock.TryLock()
|
|
|
|
if err != nil {
|
|
|
|
return errors.Wrapf(err, "could not lock %s", lockPath)
|
|
|
|
}
|
|
|
|
if !locked {
|
|
|
|
return errors.Errorf("could not lock %s, another instance running?", lockPath)
|
|
|
|
}
|
|
|
|
defer func() {
|
|
|
|
lock.Unlock()
|
|
|
|
os.RemoveAll(lockPath)
|
|
|
|
}()
|
|
|
|
|
2018-08-29 21:00:25 +00:00
|
|
|
controller, err := newController(c, &cfg)
|
2017-06-08 00:54:29 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
controller.Register(server)
|
|
|
|
|
2019-01-10 02:24:25 +00:00
|
|
|
ents := c.GlobalStringSlice("allow-insecure-entitlement")
|
|
|
|
if len(ents) > 0 {
|
|
|
|
cfg.Entitlements = []string{}
|
|
|
|
for _, e := range ents {
|
|
|
|
switch e {
|
|
|
|
case "security.insecure":
|
|
|
|
cfg.Entitlements = append(cfg.Entitlements, e)
|
|
|
|
case "network.host":
|
|
|
|
cfg.Entitlements = append(cfg.Entitlements, e)
|
|
|
|
default:
|
|
|
|
return fmt.Errorf("invalid entitlement : %v", e)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2017-07-03 04:21:40 +00:00
|
|
|
errCh := make(chan error, 1)
|
2018-08-29 21:00:25 +00:00
|
|
|
if err := serveGRPC(cfg.GRPC, server, errCh); err != nil {
|
2017-06-08 00:54:29 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2017-07-03 04:21:40 +00:00
|
|
|
select {
|
|
|
|
case serverErr := <-errCh:
|
|
|
|
err = serverErr
|
|
|
|
cancel()
|
|
|
|
case <-ctx.Done():
|
|
|
|
err = ctx.Err()
|
|
|
|
}
|
|
|
|
|
|
|
|
logrus.Infof("stopping server")
|
2019-05-07 06:22:59 +00:00
|
|
|
if os.Getenv("NOTIFY_SOCKET") != "" {
|
|
|
|
notified, notifyErr := sddaemon.SdNotify(false, sddaemon.SdNotifyStopping)
|
|
|
|
logrus.Debugf("SdNotifyStopping notified=%v, err=%v", notified, notifyErr)
|
|
|
|
}
|
2017-07-03 04:21:40 +00:00
|
|
|
server.GracefulStop()
|
|
|
|
|
|
|
|
return err
|
2017-06-08 00:54:29 +00:00
|
|
|
}
|
2017-07-12 22:17:23 +00:00
|
|
|
|
2018-01-05 23:17:35 +00:00
|
|
|
app.After = func(context *cli.Context) error {
|
|
|
|
if closeTracer != nil {
|
|
|
|
return closeTracer.Close()
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2017-07-12 22:17:23 +00:00
|
|
|
profiler.Attach(app)
|
|
|
|
|
2017-06-08 00:54:29 +00:00
|
|
|
if err := app.Run(os.Args); err != nil {
|
2017-12-18 07:33:02 +00:00
|
|
|
fmt.Fprintf(os.Stderr, "buildkitd: %s\n", err)
|
2017-06-08 00:54:29 +00:00
|
|
|
os.Exit(1)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-08-29 21:00:25 +00:00
|
|
|
func serveGRPC(cfg config.GRPCConfig, server *grpc.Server, errCh chan error) error {
|
|
|
|
addrs := cfg.Address
|
2017-12-04 03:09:39 +00:00
|
|
|
if len(addrs) == 0 {
|
2017-09-21 15:49:26 +00:00
|
|
|
return errors.New("--addr cannot be empty")
|
2017-06-08 00:54:29 +00:00
|
|
|
}
|
2019-10-12 14:05:01 +00:00
|
|
|
tlsConfig, err := serverCredentials(cfg.TLS)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2017-12-04 03:09:39 +00:00
|
|
|
eg, _ := errgroup.WithContext(context.Background())
|
|
|
|
listeners := make([]net.Listener, 0, len(addrs))
|
|
|
|
for _, addr := range addrs {
|
2019-10-12 14:05:01 +00:00
|
|
|
l, err := getListener(addr, cfg.UID, cfg.GID, tlsConfig)
|
2017-12-04 03:09:39 +00:00
|
|
|
if err != nil {
|
|
|
|
for _, l := range listeners {
|
|
|
|
l.Close()
|
|
|
|
}
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
listeners = append(listeners, l)
|
|
|
|
}
|
2019-05-07 06:22:59 +00:00
|
|
|
|
|
|
|
if os.Getenv("NOTIFY_SOCKET") != "" {
|
|
|
|
notified, notifyErr := sddaemon.SdNotify(false, sddaemon.SdNotifyReady)
|
|
|
|
logrus.Debugf("SdNotifyReady notified=%v, err=%v", notified, notifyErr)
|
|
|
|
}
|
2017-12-04 03:09:39 +00:00
|
|
|
for _, l := range listeners {
|
|
|
|
func(l net.Listener) {
|
|
|
|
eg.Go(func() error {
|
|
|
|
defer l.Close()
|
|
|
|
logrus.Infof("running server on %s", l.Addr())
|
|
|
|
return server.Serve(l)
|
|
|
|
})
|
|
|
|
}(l)
|
2017-06-08 00:54:29 +00:00
|
|
|
}
|
|
|
|
go func() {
|
2017-12-04 03:09:39 +00:00
|
|
|
errCh <- eg.Wait()
|
2017-06-08 00:54:29 +00:00
|
|
|
}()
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-08-29 21:00:25 +00:00
|
|
|
func defaultConfigPath() string {
|
2020-06-15 10:51:20 +00:00
|
|
|
if sys.RunningInUserNS() {
|
2018-08-29 21:00:25 +00:00
|
|
|
return filepath.Join(appdefaults.UserConfigDir(), "buildkitd.toml")
|
|
|
|
}
|
|
|
|
return filepath.Join(appdefaults.ConfigDir, "buildkitd.toml")
|
|
|
|
}
|
|
|
|
|
2019-03-20 23:27:05 +00:00
|
|
|
func defaultConf() (config.Config, *toml.MetaData, error) {
|
2020-03-09 16:00:04 +00:00
|
|
|
cfg, md, err := LoadFile(defaultConfigPath())
|
2018-08-29 21:00:25 +00:00
|
|
|
if err != nil {
|
2020-04-22 01:28:29 +00:00
|
|
|
var pe *os.PathError
|
2020-04-20 03:54:38 +00:00
|
|
|
if !errors.As(err, &pe) {
|
2019-03-20 23:27:05 +00:00
|
|
|
return config.Config{}, nil, err
|
|
|
|
}
|
|
|
|
return cfg, nil, nil
|
2018-08-29 21:00:25 +00:00
|
|
|
}
|
|
|
|
setDefaultConfig(&cfg)
|
|
|
|
|
2019-03-20 23:27:05 +00:00
|
|
|
return cfg, md, nil
|
2018-08-29 21:00:25 +00:00
|
|
|
}
|
|
|
|
|
2019-07-10 21:42:30 +00:00
|
|
|
func setDefaultNetworkConfig(nc config.NetworkConfig) config.NetworkConfig {
|
|
|
|
if nc.Mode == "" {
|
|
|
|
nc.Mode = "auto"
|
|
|
|
}
|
|
|
|
if nc.CNIConfigPath == "" {
|
|
|
|
nc.CNIConfigPath = "/etc/buildkit/cni.json"
|
|
|
|
}
|
|
|
|
if nc.CNIBinaryPath == "" {
|
|
|
|
nc.CNIBinaryPath = "/opt/cni/bin"
|
|
|
|
}
|
|
|
|
return nc
|
|
|
|
}
|
|
|
|
|
2018-08-29 21:00:25 +00:00
|
|
|
func setDefaultConfig(cfg *config.Config) {
|
|
|
|
orig := *cfg
|
|
|
|
|
|
|
|
if cfg.Root == "" {
|
|
|
|
cfg.Root = appdefaults.Root
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(cfg.GRPC.Address) == 0 {
|
|
|
|
cfg.GRPC.Address = []string{appdefaults.Address}
|
|
|
|
}
|
|
|
|
|
2019-03-11 17:38:19 +00:00
|
|
|
if cfg.Workers.OCI.Platforms == nil {
|
2020-02-25 23:23:34 +00:00
|
|
|
cfg.Workers.OCI.Platforms = binfmt_misc.SupportedPlatforms(false)
|
2019-03-11 17:38:19 +00:00
|
|
|
}
|
|
|
|
if cfg.Workers.Containerd.Platforms == nil {
|
2020-02-25 23:23:34 +00:00
|
|
|
cfg.Workers.Containerd.Platforms = binfmt_misc.SupportedPlatforms(false)
|
2019-03-11 17:38:19 +00:00
|
|
|
}
|
2019-02-27 06:55:26 +00:00
|
|
|
|
2019-07-10 21:42:30 +00:00
|
|
|
cfg.Workers.OCI.NetworkConfig = setDefaultNetworkConfig(cfg.Workers.OCI.NetworkConfig)
|
|
|
|
cfg.Workers.Containerd.NetworkConfig = setDefaultNetworkConfig(cfg.Workers.Containerd.NetworkConfig)
|
|
|
|
|
2020-06-15 10:51:20 +00:00
|
|
|
if sys.RunningInUserNS() {
|
2018-08-29 21:00:25 +00:00
|
|
|
// if buildkitd is being executed as the mapped-root (not only EUID==0 but also $USER==root)
|
|
|
|
// in a user namespace, we need to enable the rootless mode but
|
|
|
|
// we don't want to honor $HOME for setting up default paths.
|
|
|
|
if u := os.Getenv("USER"); u != "" && u != "root" {
|
|
|
|
if orig.Root == "" {
|
|
|
|
cfg.Root = appdefaults.UserRoot()
|
|
|
|
}
|
|
|
|
if len(orig.GRPC.Address) == 0 {
|
|
|
|
cfg.GRPC.Address = []string{appdefaults.UserAddress()}
|
|
|
|
}
|
|
|
|
appdefaults.EnsureUserAddressDir()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func applyMainFlags(c *cli.Context, cfg *config.Config, md *toml.MetaData) error {
|
|
|
|
if c.IsSet("debug") {
|
|
|
|
cfg.Debug = c.Bool("debug")
|
|
|
|
}
|
|
|
|
if c.IsSet("root") {
|
|
|
|
cfg.Root = c.String("root")
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.IsSet("addr") || len(cfg.GRPC.Address) == 0 {
|
|
|
|
addrs := c.StringSlice("addr")
|
|
|
|
if len(addrs) > 1 {
|
|
|
|
addrs = addrs[1:] // https://github.com/urfave/cli/issues/160
|
|
|
|
}
|
|
|
|
|
|
|
|
cfg.GRPC.Address = make([]string, 0, len(addrs))
|
|
|
|
for _, v := range addrs {
|
|
|
|
cfg.GRPC.Address = append(cfg.GRPC.Address, v)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-01-10 02:24:25 +00:00
|
|
|
if c.IsSet("allow-insecure-entitlement") {
|
|
|
|
//override values from config
|
|
|
|
cfg.Entitlements = c.StringSlice("allow-insecure-entitlement")
|
|
|
|
}
|
|
|
|
|
2018-08-29 21:00:25 +00:00
|
|
|
if c.IsSet("debugaddr") {
|
|
|
|
cfg.GRPC.DebugAddress = c.String("debugaddr")
|
|
|
|
}
|
|
|
|
|
|
|
|
if md == nil || !md.IsDefined("grpc", "uid") {
|
|
|
|
cfg.GRPC.UID = os.Getuid()
|
|
|
|
}
|
|
|
|
|
|
|
|
if md == nil || !md.IsDefined("grpc", "gid") {
|
|
|
|
cfg.GRPC.GID = os.Getgid()
|
|
|
|
}
|
|
|
|
|
|
|
|
if group := c.String("group"); group != "" {
|
|
|
|
gid, err := groupToGid(group)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
cfg.GRPC.GID = gid
|
|
|
|
}
|
|
|
|
|
|
|
|
if tlscert := c.String("tlscert"); tlscert != "" {
|
|
|
|
cfg.GRPC.TLS.Cert = tlscert
|
|
|
|
}
|
|
|
|
if tlskey := c.String("tlskey"); tlskey != "" {
|
|
|
|
cfg.GRPC.TLS.Key = tlskey
|
|
|
|
}
|
2019-03-05 09:33:15 +00:00
|
|
|
if tlsca := c.String("tlscacert"); tlsca != "" {
|
2018-08-29 21:00:25 +00:00
|
|
|
cfg.GRPC.TLS.CA = tlsca
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-04-11 13:34:39 +00:00
|
|
|
// Convert a string containing either a group name or a stringified gid into a numeric id)
|
|
|
|
func groupToGid(group string) (int, error) {
|
|
|
|
if group == "" {
|
|
|
|
return os.Getgid(), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
var (
|
|
|
|
err error
|
|
|
|
id int
|
|
|
|
)
|
|
|
|
|
|
|
|
// Try and parse as a number, if the error is ErrSyntax
|
|
|
|
// (i.e. its not a number) then we carry on and try it as a
|
|
|
|
// name.
|
|
|
|
if id, err = strconv.Atoi(group); err == nil {
|
|
|
|
return id, nil
|
|
|
|
} else if err.(*strconv.NumError).Err != strconv.ErrSyntax {
|
|
|
|
return 0, err
|
|
|
|
}
|
|
|
|
|
|
|
|
ginfo, err := user.LookupGroup(group)
|
|
|
|
if err != nil {
|
|
|
|
return 0, err
|
|
|
|
}
|
|
|
|
group = ginfo.Gid
|
|
|
|
|
|
|
|
if id, err = strconv.Atoi(group); err != nil {
|
|
|
|
return 0, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return id, nil
|
|
|
|
}
|
|
|
|
|
2019-10-12 14:05:01 +00:00
|
|
|
func getListener(addr string, uid, gid int, tlsConfig *tls.Config) (net.Listener, error) {
|
2017-09-21 15:49:26 +00:00
|
|
|
addrSlice := strings.SplitN(addr, "://", 2)
|
2018-01-23 02:29:07 +00:00
|
|
|
if len(addrSlice) < 2 {
|
|
|
|
return nil, errors.Errorf("address %s does not contain proto, you meant unix://%s ?",
|
|
|
|
addr, addr)
|
|
|
|
}
|
2017-09-21 15:49:26 +00:00
|
|
|
proto := addrSlice[0]
|
|
|
|
listenAddr := addrSlice[1]
|
|
|
|
switch proto {
|
2020-01-05 13:39:30 +00:00
|
|
|
case "unix", "npipe":
|
2019-10-12 14:05:01 +00:00
|
|
|
if tlsConfig != nil {
|
|
|
|
logrus.Warnf("TLS is disabled for %s", addr)
|
|
|
|
}
|
|
|
|
return sys.GetLocalListener(listenAddr, uid, gid)
|
2017-09-21 15:49:26 +00:00
|
|
|
case "tcp":
|
2019-10-12 14:05:01 +00:00
|
|
|
if tlsConfig == nil {
|
|
|
|
logrus.Warnf("TLS is not enabled for %s. enabling mutual TLS authentication is highly recommended", addr)
|
|
|
|
}
|
|
|
|
return sockets.NewTCPSocket(listenAddr, tlsConfig)
|
2017-09-21 15:49:26 +00:00
|
|
|
default:
|
|
|
|
return nil, errors.Errorf("addr %s not supported", addr)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-04-23 00:10:31 +00:00
|
|
|
func unaryInterceptor(globalCtx context.Context) grpc.UnaryServerInterceptor {
|
2018-01-05 23:17:35 +00:00
|
|
|
withTrace := otgrpc.OpenTracingServerInterceptor(tracer, otgrpc.LogPayloads())
|
|
|
|
|
2020-04-23 00:10:31 +00:00
|
|
|
return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
|
2017-07-03 04:21:40 +00:00
|
|
|
ctx, cancel := context.WithCancel(ctx)
|
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
go func() {
|
|
|
|
select {
|
|
|
|
case <-ctx.Done():
|
|
|
|
case <-globalCtx.Done():
|
|
|
|
cancel()
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
2018-01-05 23:17:35 +00:00
|
|
|
resp, err = withTrace(ctx, req, info, handler)
|
2017-06-09 01:16:19 +00:00
|
|
|
if err != nil {
|
2020-07-17 03:59:25 +00:00
|
|
|
logrus.Errorf("%s returned error: %+v", info.FullMethod, stack.Formatter(err))
|
2017-06-09 01:16:19 +00:00
|
|
|
}
|
|
|
|
return
|
2020-04-23 00:10:31 +00:00
|
|
|
}
|
2017-06-09 01:16:19 +00:00
|
|
|
}
|
2017-11-21 08:08:36 +00:00
|
|
|
|
2019-10-12 14:05:01 +00:00
|
|
|
func serverCredentials(cfg config.TLSConfig) (*tls.Config, error) {
|
2018-08-29 21:00:25 +00:00
|
|
|
certFile := cfg.Cert
|
|
|
|
keyFile := cfg.Key
|
|
|
|
caFile := cfg.CA
|
2017-12-20 10:45:06 +00:00
|
|
|
if certFile == "" && keyFile == "" {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
err := errors.New("you must specify key and cert file if one is specified")
|
|
|
|
if certFile == "" {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if keyFile == "" {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
certificate, err := tls.LoadX509KeyPair(certFile, keyFile)
|
|
|
|
if err != nil {
|
|
|
|
return nil, errors.Wrap(err, "could not load server key pair")
|
|
|
|
}
|
|
|
|
tlsConf := &tls.Config{
|
|
|
|
Certificates: []tls.Certificate{certificate},
|
|
|
|
}
|
|
|
|
if caFile != "" {
|
|
|
|
certPool := x509.NewCertPool()
|
|
|
|
ca, err := ioutil.ReadFile(caFile)
|
|
|
|
if err != nil {
|
|
|
|
return nil, errors.Wrap(err, "could not read ca certificate")
|
|
|
|
}
|
|
|
|
// Append the client certificates from the CA
|
|
|
|
if ok := certPool.AppendCertsFromPEM(ca); !ok {
|
|
|
|
return nil, errors.New("failed to append ca cert")
|
|
|
|
}
|
|
|
|
tlsConf.ClientAuth = tls.RequireAndVerifyClientCert
|
|
|
|
tlsConf.ClientCAs = certPool
|
|
|
|
}
|
2019-10-12 14:05:01 +00:00
|
|
|
return tlsConf, nil
|
2017-12-20 10:45:06 +00:00
|
|
|
}
|
|
|
|
|
2018-08-29 21:00:25 +00:00
|
|
|
func newController(c *cli.Context, cfg *config.Config) (*control.Controller, error) {
|
2017-11-21 08:08:36 +00:00
|
|
|
sessionManager, err := session.NewManager()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
wc, err := newWorkerController(c, workerInitializerOpt{
|
2019-02-23 12:56:04 +00:00
|
|
|
config: cfg,
|
2017-11-21 08:08:36 +00:00
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
frontends := map[string]frontend.Frontend{}
|
2018-07-05 23:32:01 +00:00
|
|
|
frontends["dockerfile.v0"] = forwarder.NewGatewayForwarder(wc, dockerfile.Build)
|
2018-06-30 01:35:39 +00:00
|
|
|
frontends["gateway.v0"] = gateway.NewGatewayFrontend(wc)
|
2017-12-15 08:06:54 +00:00
|
|
|
|
2018-09-18 18:18:08 +00:00
|
|
|
cacheStorage, err := bboltcachestorage.NewStore(filepath.Join(cfg.Root, "cache.db"))
|
2017-12-15 08:06:54 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2018-09-07 20:45:59 +00:00
|
|
|
resolverFn := resolverFunc(cfg)
|
|
|
|
|
2019-08-15 00:00:52 +00:00
|
|
|
w, err := wc.GetDefault()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2018-09-11 08:02:46 +00:00
|
|
|
remoteCacheExporterFuncs := map[string]remotecache.ResolveCacheExporterFunc{
|
|
|
|
"registry": registryremotecache.ResolveCacheExporterFunc(sessionManager, resolverFn),
|
|
|
|
"local": localremotecache.ResolveCacheExporterFunc(sessionManager),
|
2019-01-04 23:32:28 +00:00
|
|
|
"inline": inlineremotecache.ResolveCacheExporterFunc(),
|
2018-09-11 08:02:46 +00:00
|
|
|
}
|
|
|
|
remoteCacheImporterFuncs := map[string]remotecache.ResolveCacheImporterFunc{
|
2019-08-15 00:00:52 +00:00
|
|
|
"registry": registryremotecache.ResolveCacheImporterFunc(sessionManager, w.ContentStore(), resolverFn),
|
2018-09-11 08:02:46 +00:00
|
|
|
"local": localremotecache.ResolveCacheImporterFunc(sessionManager),
|
|
|
|
}
|
2017-11-21 08:08:36 +00:00
|
|
|
return control.NewController(control.Opt{
|
2018-09-11 08:02:46 +00:00
|
|
|
SessionManager: sessionManager,
|
|
|
|
WorkerController: wc,
|
|
|
|
Frontends: frontends,
|
|
|
|
ResolveCacheExporterFuncs: remoteCacheExporterFuncs,
|
|
|
|
ResolveCacheImporterFuncs: remoteCacheImporterFuncs,
|
|
|
|
CacheKeyStorage: cacheStorage,
|
2019-01-10 02:24:25 +00:00
|
|
|
Entitlements: cfg.Entitlements,
|
2017-11-21 08:08:36 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2020-03-05 19:10:21 +00:00
|
|
|
func resolverFunc(cfg *config.Config) docker.RegistryHosts {
|
2020-03-09 16:00:04 +00:00
|
|
|
return resolver.NewRegistryConfig(cfg.Registries)
|
2018-09-07 20:45:59 +00:00
|
|
|
}
|
|
|
|
|
2017-11-21 08:08:36 +00:00
|
|
|
func newWorkerController(c *cli.Context, wiOpt workerInitializerOpt) (*worker.Controller, error) {
|
|
|
|
wc := &worker.Controller{}
|
2017-12-19 09:34:34 +00:00
|
|
|
nWorkers := 0
|
2017-11-21 08:08:36 +00:00
|
|
|
for _, wi := range workerInitializers {
|
|
|
|
ws, err := wi.fn(c, wiOpt)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
for _, w := range ws {
|
2020-02-25 23:23:34 +00:00
|
|
|
p := formatPlatforms(w.Platforms(false))
|
2019-03-05 08:21:06 +00:00
|
|
|
logrus.Infof("found worker %q, labels=%v, platforms=%v", w.ID(), w.Labels(), p)
|
|
|
|
binfmt_misc.WarnIfUnsupported(p)
|
2017-11-21 08:08:36 +00:00
|
|
|
if err = wc.Add(w); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2017-12-19 09:34:34 +00:00
|
|
|
nWorkers++
|
2017-11-21 08:08:36 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
if nWorkers == 0 {
|
2017-12-15 07:00:13 +00:00
|
|
|
return nil, errors.New("no worker found, rebuild the buildkit daemon?")
|
2017-11-21 08:08:36 +00:00
|
|
|
}
|
|
|
|
defaultWorker, err := wc.GetDefault()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2017-12-19 09:34:34 +00:00
|
|
|
logrus.Infof("found %d workers, default=%q", nWorkers, defaultWorker.ID())
|
2017-12-15 08:06:54 +00:00
|
|
|
logrus.Warn("currently, only the default worker can be used.")
|
2017-11-21 08:08:36 +00:00
|
|
|
return wc, nil
|
|
|
|
}
|
2017-12-19 09:34:34 +00:00
|
|
|
|
|
|
|
func attrMap(sl []string) (map[string]string, error) {
|
|
|
|
m := map[string]string{}
|
|
|
|
for _, v := range sl {
|
|
|
|
parts := strings.SplitN(v, "=", 2)
|
|
|
|
if len(parts) != 2 {
|
|
|
|
return nil, errors.Errorf("invalid value %s", v)
|
|
|
|
}
|
|
|
|
m[parts[0]] = parts[1]
|
|
|
|
}
|
|
|
|
return m, nil
|
|
|
|
}
|
2018-06-24 05:59:17 +00:00
|
|
|
|
|
|
|
func formatPlatforms(p []specs.Platform) []string {
|
|
|
|
str := make([]string, 0, len(p))
|
|
|
|
for _, pp := range p {
|
|
|
|
str = append(str, platforms.Format(platforms.Normalize(pp)))
|
|
|
|
}
|
|
|
|
return str
|
|
|
|
}
|
2018-07-16 17:05:05 +00:00
|
|
|
|
|
|
|
func parsePlatforms(platformsStr []string) ([]specs.Platform, error) {
|
|
|
|
out := make([]specs.Platform, 0, len(platformsStr))
|
|
|
|
for _, s := range platformsStr {
|
|
|
|
p, err := platforms.Parse(s)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
out = append(out, platforms.Normalize(p))
|
|
|
|
}
|
|
|
|
return out, nil
|
|
|
|
}
|
2018-08-30 21:06:27 +00:00
|
|
|
|
2019-01-23 01:28:21 +00:00
|
|
|
func getGCPolicy(cfg config.GCConfig, root string) []client.PruneInfo {
|
|
|
|
if cfg.GC != nil && !*cfg.GC {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
if len(cfg.GCPolicy) == 0 {
|
|
|
|
cfg.GCPolicy = config.DefaultGCPolicy(root, cfg.GCKeepStorage)
|
2018-08-30 21:06:27 +00:00
|
|
|
}
|
2019-01-23 01:28:21 +00:00
|
|
|
out := make([]client.PruneInfo, 0, len(cfg.GCPolicy))
|
|
|
|
for _, rule := range cfg.GCPolicy {
|
2018-08-30 21:06:27 +00:00
|
|
|
out = append(out, client.PruneInfo{
|
|
|
|
Filter: rule.Filters,
|
|
|
|
All: rule.All,
|
|
|
|
KeepBytes: rule.KeepBytes,
|
|
|
|
KeepDuration: time.Duration(rule.KeepDuration) * time.Second,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
return out
|
|
|
|
}
|
2019-06-06 01:46:52 +00:00
|
|
|
|
|
|
|
func getDNSConfig(cfg *config.DNSConfig) *oci.DNSConfig {
|
|
|
|
var dns *oci.DNSConfig
|
|
|
|
if cfg != nil {
|
|
|
|
dns = &oci.DNSConfig{
|
|
|
|
Nameservers: cfg.Nameservers,
|
|
|
|
Options: cfg.Options,
|
|
|
|
SearchDomains: cfg.SearchDomains,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return dns
|
|
|
|
}
|