Skip to content

Commit

Permalink
Disable docker and alias to podman in FCOS ignition
Browse files Browse the repository at this point in the history
Signed-off-by: Jason Greene <[email protected]>
Co-authored-by: Dusty Mabe <[email protected]>
  • Loading branch information
n1hility and dustymabe committed Sep 24, 2021
1 parent aa628b8 commit b3307bc
Showing 1 changed file with 84 additions and 4 deletions.
88 changes: 84 additions & 4 deletions pkg/machine/ignition.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"encoding/json"
"fmt"
"io/ioutil"
"net/url"
)

/*
Expand Down Expand Up @@ -80,6 +81,7 @@ func NewIgnitionFile(ign DynamicIgnition) error {
// so a listening host knows it can being interacting with it
ready := `[Unit]
Requires=dev-virtio\\x2dports-%s.device
After=remove-moby.service
OnFailure=emergency.target
OnFailureJobMode=isolate
[Service]
Expand All @@ -89,6 +91,23 @@ ExecStart=/bin/sh -c '/usr/bin/echo Ready >/dev/%s'
[Install]
RequiredBy=multi-user.target
`
deMoby := `[Unit]
Description=Remove moby-engine
# Run once for the machine
After=systemd-machine-id-commit.service
Before=zincati.service
ConditionPathExists=!/var/lib/%N.stamp
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/rpm-ostree override remove moby-engine
ExecStart=/usr/bin/rpm-ostree ex apply-live --allow-replacement
ExecStartPost=/bin/touch /var/lib/%N.stamp
[Install]
WantedBy=multi-user.target
`
_ = ready
ignSystemd := Systemd{
Units: []Unit{
Expand All @@ -101,6 +120,21 @@ RequiredBy=multi-user.target
Name: "ready.service",
Contents: strToPtr(fmt.Sprintf(ready, "vport1p1", "vport1p1")),
},
{
Enabled: boolToPtr(false),
Name: "docker.service",
Mask: boolToPtr(true),
},
{
Enabled: boolToPtr(false),
Name: "docker.socket",
Mask: boolToPtr(true),
},
{
Enabled: boolToPtr(true),
Name: "remove-moby.service",
Contents: &deMoby,
},
}}
ignConfig := Config{
Ignition: ignVersion,
Expand Down Expand Up @@ -161,6 +195,22 @@ func getFiles(usrName string) []File {
var (
files []File
)

lingerExample := `[Unit]
Description=A systemd user unit demo
After=network-online.target
Wants=network-online.target podman.socket
[Service]
ExecStart=/usr/bin/sleep infinity
`
containers := `[containers]
netns="bridge"
rootless_networking="cni"
`
rootContainers := `[engine]
machine_enabled=true
`

// Add a fake systemd service to get the user socket rolling
files = append(files, File{
Node: Node{
Expand All @@ -171,7 +221,7 @@ func getFiles(usrName string) []File {
FileEmbedded1: FileEmbedded1{
Append: nil,
Contents: Resource{
Source: strToPtr("data:,%5BUnit%5D%0ADescription%3DA%20systemd%20user%20unit%20demo%0AAfter%3Dnetwork-online.target%0AWants%3Dnetwork-online.target%20podman.socket%0A%5BService%5D%0AExecStart%3D%2Fusr%2Fbin%2Fsleep%20infinity%0A"),
Source: encodeDataURLPtr(lingerExample),
},
Mode: intToPtr(0744),
},
Expand All @@ -188,7 +238,7 @@ func getFiles(usrName string) []File {
FileEmbedded1: FileEmbedded1{
Append: nil,
Contents: Resource{
Source: strToPtr("data:,%5Bcontainers%5D%0D%0Anetns%3D%22bridge%22%0D%0Arootless_networking%3D%22cni%22"),
Source: encodeDataURLPtr(containers),
},
Mode: intToPtr(0744),
},
Expand All @@ -213,7 +263,7 @@ func getFiles(usrName string) []File {
FileEmbedded1: FileEmbedded1{
Append: nil,
Contents: Resource{
Source: strToPtr("data:,%5Bengine%5D%0Amachine_enabled%3Dtrue%0A"),
Source: encodeDataURLPtr(rootContainers),
},
Mode: intToPtr(0644),
},
Expand All @@ -233,7 +283,22 @@ func getFiles(usrName string) []File {
FileEmbedded1: FileEmbedded1{
Append: nil,
Contents: Resource{
Source: strToPtr("data:,unqualified-search-registries%3D%5B%22docker.io%22%5D"),
Source: encodeDataURLPtr("unqualified-search-registries=[\"docker.io\"]\n"),
},
Mode: intToPtr(0644),
},
})

files = append(files, File{
Node: Node{
Path: "/etc/tmpfiles.d/podman-docker.conf",
},
FileEmbedded1: FileEmbedded1{
Append: nil,
// Create a symlink from the docker socket to the podman socket.
// Taken from https://github.com/containers/podman/blob/main/contrib/systemd/system/podman-docker.conf
Contents: Resource{
Source: encodeDataURLPtr("L+ /run/docker.sock - - - - /run/podman/podman.sock\n"),
},
Mode: intToPtr(0644),
},
Expand All @@ -253,5 +318,20 @@ func getLinks(usrName string) []Link {
Hard: boolToPtr(false),
Target: "/home/" + usrName + "/.config/systemd/user/linger-example.service",
},
}, {
Node: Node{
Group: getNodeGrp("root"),
Path: "/usr/local/bin/docker",
Overwrite: boolToPtr(true),
User: getNodeUsr("root"),
},
LinkEmbedded1: LinkEmbedded1{
Hard: boolToPtr(false),
Target: "/usr/bin/podman",
},
}}
}

func encodeDataURLPtr(contents string) *string {
return strToPtr(fmt.Sprintf("data:,%s", url.PathEscape(contents)))
}

0 comments on commit b3307bc

Please sign in to comment.