Fix issue #1230

To support switching the OCI worker binary via buildkitd and without modifying the Dockerfile, an optional command-line flag was added to main_oci_worker.go that allowed for input the name of an OCI worker binary (ex. crun). This OCI worker binary would then replace the current buildkit-runc with a symbolic link to that binary. The above was done using the os/exec package's Command func. Signed-off-by: Jeffrey Huang <jeffreyhuang23@gmail.com>
2019-12-09 00:15:55 -06:00 · 2019-12-09 00:15:55 -06:00 · 20258652b3
parent b1f83754d5
commit 20258652b3
3 changed files with 21 additions and 2 deletions
--- a/cmd/buildkitd/config/config.go
+++ b/cmd/buildkitd/config/config.go
@ -76,6 +76,8 @@ type OCIConfig struct {
 	// UserRemapUnsupported is unsupported key for testing. The feature is
 	// incomplete and the intention is to make it default without config.
 	UserRemapUnsupported string `toml:"userRemapUnsupported"`
+	// For use in storing the OCI worker binary name that will replace buildkit-runc
+	Binary        	 string            `toml:"binary"`
 }

 type ContainerdConfig struct {
--- a/cmd/buildkitd/main_oci_worker.go
+++ b/cmd/buildkitd/main_oci_worker.go
@ -70,6 +70,11 @@ func init() {
 			Usage: "path of cni binary files",
 			Value: defaultConf.Workers.OCI.NetworkConfig.CNIBinaryPath,
 		},
+		cli.StringFlag{
+			Name:  "oci-worker-binary",
+			Usage: "name of specified oci worker binary",
+			Value: defaultConf.Workers.OCI.Binary,
+		},
 	}
 	n := "oci-worker-rootless"
 	u := "enable rootless mode"
@ -180,6 +185,9 @@ func applyOCIFlags(c *cli.Context, cfg *config.Config) error {
 	if c.GlobalIsSet("oci-cni-binary-dir") {
 		cfg.Workers.OCI.NetworkConfig.CNIBinaryPath = c.GlobalString("oci-cni-binary-dir")
 	}
+	if c.GlobalIsSet("oci-worker-binary") {
+		cfg.Workers.OCI.Binary = c.GlobalString("oci-worker-binary")
+	}
 	return nil
 }

@ -232,7 +240,7 @@ func ociWorkerInitializer(c *cli.Context, common workerInitializerOpt) ([]worker
 		},
 	}

-	opt, err := runc.NewWorkerOpt(common.config.Root, snFactory, cfg.Rootless, processMode, cfg.Labels, idmapping, nc, dns)
+	opt, err := runc.NewWorkerOpt(common.config.Root, snFactory, cfg.Rootless, processMode, cfg.Labels, idmapping, nc, dns, cfg.Binary)
 	if err != nil {
 		return nil, err
 	}
--- a/worker/runc/runc.go
+++ b/worker/runc/runc.go
@ -32,7 +32,7 @@ type SnapshotterFactory struct {
 }

 // NewWorkerOpt creates a WorkerOpt.
-func NewWorkerOpt(root string, snFactory SnapshotterFactory, rootless bool, processMode oci.ProcessMode, labels map[string]string, idmap *idtools.IdentityMapping, nopt netproviders.Opt, dns *oci.DNSConfig) (base.WorkerOpt, error) {
+func NewWorkerOpt(root string, snFactory SnapshotterFactory, rootless bool, processMode oci.ProcessMode, labels map[string]string, idmap *idtools.IdentityMapping, nopt netproviders.Opt, dns *oci.DNSConfig, binary string) (base.WorkerOpt, error) {
 	var opt base.WorkerOpt
 	name := "runc-" + snFactory.Name
 	root = filepath.Join(root, name)
@ -45,9 +45,18 @@ func NewWorkerOpt(root string, snFactory SnapshotterFactory, rootless bool, proc
 		return opt, err
 	}

+	// Check if user has specified OCI worker binary; if they have, append it to cmds
+	var cmds []string
+	if binary != "" {
+		cmds = append(cmds, binary)
+	}
+
 	exe, err := runcexecutor.New(runcexecutor.Opt{
 		// Root directory
 		Root: filepath.Join(root, "executor"),
+		// If user has specified OCI worker binary, it will be sent to the runc executor to find and use
+		// Otherwise, a nil array will be sent and the default OCI worker binary will be used
+		CommandCandidates: cmds,
 		// without root privileges
 		Rootless:        rootless,
 		ProcessMode:     processMode,