From 9b8145f51223678bff8e3ae8a876c1bbdbb52ca0 Mon Sep 17 00:00:00 2001 From: weiyuhang Date: Wed, 19 Jul 2023 12:36:06 +0000 Subject: [PATCH] KubeOS: support ctr pull images --- cmd/agent/server/containerd_image.go | 18 +++++++++++++++--- cmd/agent/server/utils.go | 23 ++++++++++++++++++++++- docs/quick-start.md | 2 +- 3 files changed, 38 insertions(+), 5 deletions(-) diff --git a/cmd/agent/server/containerd_image.go b/cmd/agent/server/containerd_image.go index e26c5501..ccab9ec4 100644 --- a/cmd/agent/server/containerd_image.go +++ b/cmd/agent/server/containerd_image.go @@ -43,14 +43,26 @@ func (c conImageHandler) downloadImage(req *pb.UpdateRequest) (string, error) { func (c conImageHandler) getRootfsArchive(req *pb.UpdateRequest, neededPath preparePath) (string, error) { imageName := req.ContainerImage mountPath := neededPath.mountPath + var containerdCommand string logrus.Infof("start pull %s", imageName) - if err := runCommand("crictl", "pull", imageName); err != nil { - return "", err + if isCommandAvailable("crictl") { + containerdCommand = "crictl" + if err := runCommand("crictl", "pull", imageName); err != nil { + return "", err + } + } else { + containerdCommand = "ctr" + if err := runCommand("ctr", "-n", defaultNamespace, "images", "pull", "--host-dir", + "/etc/containerd/certs.d", imageName); err != nil { + return "", err + } } - if err := checkOCIImageDigestMatch("containerd", imageName, req.CheckSum); err != nil { + + if err := checkOCIImageDigestMatch(containerdCommand, imageName, req.CheckSum); err != nil { return "", err } + if err := checkAndCleanMount(mountPath); err != nil { logrus.Errorln("containerd clean environment error", err) return "", err diff --git a/cmd/agent/server/utils.go b/cmd/agent/server/utils.go index 0903451b..d8616003 100644 --- a/cmd/agent/server/utils.go +++ b/cmd/agent/server/utils.go @@ -288,7 +288,7 @@ func checkOCIImageDigestMatch(containerRuntime string, imageName string, checkSu var cmdOutput string var err error switch containerRuntime { - case "containerd": + case "crictl": cmdOutput, err = runCommandWithOut("crictl", "inspecti", "--output", "go-template", "--template", "{{.status.repoDigests}}", imageName) if err != nil { @@ -299,6 +299,19 @@ func checkOCIImageDigestMatch(containerRuntime string, imageName string, checkSu if err != nil { return err } + case "ctr": + cmdOutput, err = runCommandWithOut("ctr", "-n", "k8s.io", "images", "ls", "name=="+imageName) + if err != nil { + return err + } + // after Fields, we get slice like [REF TYPE DIGEST SIZE PLATFORMS LABELS x x x x x x] + // the digest is the position 8 element + imageDigest := strings.Split(strings.Fields(cmdOutput)[8], ":")[1] + if imageDigest != checkSum { + logrus.Errorln("checkSumFailed ", imageDigest, " mismatch to ", checkSum) + return fmt.Errorf("checkSumFailed %s mismatch to %s", imageDigest, checkSum) + } + return nil default: logrus.Errorln("containerRuntime ", containerRuntime, " cannot be recognized") return fmt.Errorf("containerRuntime %s cannot be recognized", containerRuntime) @@ -338,3 +351,11 @@ func deepCopyConfigMap(m map[string]*pb.KeyInfo) map[string]*pb.KeyInfo { } return result } + +func isCommandAvailable(name string) bool { + cmd := exec.Command("/bin/sh", "-c", "command -v"+name) + if err := cmd.Run(); err != nil { + return false + } + return true +} diff --git a/docs/quick-start.md b/docs/quick-start.md index 0679b11a..6e88f65e 100644 --- a/docs/quick-start.md +++ b/docs/quick-start.md @@ -144,7 +144,7 @@ | 参数 |参数类型 | 参数说明 | 使用说明 | 是否必选 | | -------------- | ------ | ------------------------------------------------------------ | ----- | ---------------- | - | imagetype | string | 使用的升级镜像的类型 | 需为 docker ,containerd ,或者是 disk,其他值无效,且该参数仅在升级场景有效|是 | + | imagetype | string | 使用的升级镜像的类型 | 需为 docker ,containerd ,或者是 disk,其他值无效,且该参数仅在升级场景有效。
**注意**:若使用containerd,agent优先使用crictl工具拉取镜像,没有crictl时才会使用ctr命令拉取镜像。使用ctr拉取镜像时,镜像如果在私有仓内,需按照[官方文档](https://github.com/containerd/containerd/blob/main/docs/hosts.md)在/etc/containerd/certs.d目录下配置私有仓主机信息,才能成功拉取镜像。|是 | | opstype | string | 进行的操作,升级,回退或者配置 | 需为 upgrade ,config 或者 rollback ,其他值无效 |是 | | osversion | string | 用于升级或回退的镜像的OS版本 | 需为 KubeOS version , 例如: KubeOS 1.0.0|是 | | maxunavailable | int | 同时进行升级或回退的节点数 | maxunavailable值设置为大于实际集群的节点数时也可正常部署,升级或回退时会按照集群内实际节点数进行|是 | -- Gitee