opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-29 15:08:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11703 from n1hility/disable-fcos-moby

Browse Source 
[NO TESTS NEEDED] Disable docker and alias to podman in FCOS ignition
This commit is contained in:
OpenShift Merge Robot
2021-09-29 13:29:04 -04:00
committed by GitHub
parent 4b9cd9201b b3307bc9ca
commit d987f26f1e
1 changed files with 84 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
pkg/machine/ignition.go
View File

@ -6,6 +6,7 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"net/url"
) )
/* /*
@ -80,6 +81,7 @@ func NewIgnitionFile(ign DynamicIgnition) error {
// so a listening host knows it can being interacting with it // so a listening host knows it can being interacting with it
ready := `[Unit] ready := `[Unit]
Requires=dev-virtio\\x2dports-%s.device Requires=dev-virtio\\x2dports-%s.device
After=remove-moby.service
OnFailure=emergency.target OnFailure=emergency.target
OnFailureJobMode=isolate OnFailureJobMode=isolate
[Service] [Service]
@ -88,6 +90,23 @@ RemainAfterExit=yes
ExecStart=/bin/sh -c '/usr/bin/echo Ready >/dev/%s' ExecStart=/bin/sh -c '/usr/bin/echo Ready >/dev/%s'
[Install] [Install]
RequiredBy=multi-user.target RequiredBy=multi-user.target
`
deMoby := `[Unit]
Description=Remove moby-engine
# Run once for the machine
After=systemd-machine-id-commit.service
Before=zincati.service
ConditionPathExists=!/var/lib/%N.stamp
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/rpm-ostree override remove moby-engine
ExecStart=/usr/bin/rpm-ostree ex apply-live --allow-replacement
ExecStartPost=/bin/touch /var/lib/%N.stamp
[Install]
WantedBy=multi-user.target
` `
_ = ready _ = ready
ignSystemd := Systemd{ ignSystemd := Systemd{
@ -101,6 +120,21 @@ RequiredBy=multi-user.target
Name: "ready.service", Name: "ready.service",
Contents: strToPtr(fmt.Sprintf(ready, "vport1p1", "vport1p1")), Contents: strToPtr(fmt.Sprintf(ready, "vport1p1", "vport1p1")),
}, },
{
Enabled: boolToPtr(false),
Name: "docker.service",
Mask: boolToPtr(true),
},
{
Enabled: boolToPtr(false),
Name: "docker.socket",
Mask: boolToPtr(true),
},
{
Enabled: boolToPtr(true),
Name: "remove-moby.service",
Contents: &deMoby,
},
}} }}
ignConfig := Config{ ignConfig := Config{
Ignition: ignVersion, Ignition: ignVersion,
@ -161,6 +195,22 @@ func getFiles(usrName string) []File {
var ( var (
files []File files []File
) )
lingerExample := `[Unit]
Description=A systemd user unit demo
After=network-online.target
Wants=network-online.target podman.socket
[Service]
ExecStart=/usr/bin/sleep infinity
`
containers := `[containers]
netns="bridge"
rootless_networking="cni"
`
rootContainers := `[engine]
machine_enabled=true
`
// Add a fake systemd service to get the user socket rolling // Add a fake systemd service to get the user socket rolling
files = append(files, File{ files = append(files, File{
Node: Node{ Node: Node{
@ -171,7 +221,7 @@ func getFiles(usrName string) []File {
FileEmbedded1: FileEmbedded1{ FileEmbedded1: FileEmbedded1{
Append: nil, Append: nil,
Contents: Resource{ Contents: Resource{
Source: strToPtr("data:,%5BUnit%5D%0ADescription%3DA%20systemd%20user%20unit%20demo%0AAfter%3Dnetwork-online.target%0AWants%3Dnetwork-online.target%20podman.socket%0A%5BService%5D%0AExecStart%3D%2Fusr%2Fbin%2Fsleep%20infinity%0A"), Source: encodeDataURLPtr(lingerExample),
}, },
Mode: intToPtr(0744), Mode: intToPtr(0744),
}, },
@ -188,7 +238,7 @@ func getFiles(usrName string) []File {
FileEmbedded1: FileEmbedded1{ FileEmbedded1: FileEmbedded1{
Append: nil, Append: nil,
Contents: Resource{ Contents: Resource{
Source: strToPtr("data:,%5Bcontainers%5D%0D%0Anetns%3D%22bridge%22%0D%0Arootless_networking%3D%22cni%22"), Source: encodeDataURLPtr(containers),
}, },
Mode: intToPtr(0744), Mode: intToPtr(0744),
}, },
@ -213,7 +263,7 @@ func getFiles(usrName string) []File {
FileEmbedded1: FileEmbedded1{ FileEmbedded1: FileEmbedded1{
Append: nil, Append: nil,
Contents: Resource{ Contents: Resource{
Source: strToPtr("data:,%5Bengine%5D%0Amachine_enabled%3Dtrue%0A"), Source: encodeDataURLPtr(rootContainers),
}, },
Mode: intToPtr(0644), Mode: intToPtr(0644),
}, },
@ -233,7 +283,22 @@ func getFiles(usrName string) []File {
FileEmbedded1: FileEmbedded1{ FileEmbedded1: FileEmbedded1{
Append: nil, Append: nil,
Contents: Resource{ Contents: Resource{
Source: strToPtr("data:,unqualified-search-registries%3D%5B%22docker.io%22%5D"), Source: encodeDataURLPtr("unqualified-search-registries=[\"docker.io\"]\n"),
},
Mode: intToPtr(0644),
},
})
files = append(files, File{
Node: Node{
Path: "/etc/tmpfiles.d/podman-docker.conf",
},
FileEmbedded1: FileEmbedded1{
Append: nil,
// Create a symlink from the docker socket to the podman socket.
// Taken from https://github.com/containers/podman/blob/main/contrib/systemd/system/podman-docker.conf
Contents: Resource{
Source: encodeDataURLPtr("L+ /run/docker.sock - - - - /run/podman/podman.sock\n"),
}, },
Mode: intToPtr(0644), Mode: intToPtr(0644),
}, },
@ -253,5 +318,20 @@ func getLinks(usrName string) []Link {
Hard: boolToPtr(false), Hard: boolToPtr(false),
Target: "/home/" + usrName + "/.config/systemd/user/linger-example.service", Target: "/home/" + usrName + "/.config/systemd/user/linger-example.service",
}, },
}, {
Node: Node{
Group: getNodeGrp("root"),
Path: "/usr/local/bin/docker",
Overwrite: boolToPtr(true),
User: getNodeUsr("root"),
},
LinkEmbedded1: LinkEmbedded1{
Hard: boolToPtr(false),
Target: "/usr/bin/podman",
},
}} }}
} }
func encodeDataURLPtr(contents string) *string {
return strToPtr(fmt.Sprintf("data:,%s", url.PathEscape(contents)))
}