dropgz: self extracting gz installer and cni dropper dockerfile

Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>

Author: rbtr

.github/dependabot.yaml

@@ -47,14 +47,21 @@ updates:
     - "azure/azure-sdn-members"
   commit-message:
     prefix: "deps"
+- package-ecosystem: "gomod"
+  directory: "/dropgz"
+  schedule:
+    interval: "daily"
+  assignees:
+    - "matmerr"
+    - "rbtr"
+  commit-message:
+    prefix: "deps"
 - package-ecosystem: "gomod"
   directory: "/zapai"
   schedule:
     interval: "daily"
   assignees:
     - "matmerr"
     - "rbtr"
-  reviewers:
-    - "azure/azure-sdn-members"
   commit-message:
     prefix: "deps"

.pipelines/pipeline.yaml

@@ -150,14 +150,22 @@ stages:
           name: "$(BUILD_POOL_NAME_DEFAULT)"
         strategy:
           matrix:
-            cni_manager_linux_amd64:
+            acncli_linux_amd64:
               arch: amd64
               os: linux
-              name: cni-manager
-            cni_manager_linux_arm64:
+              name: acncli
+            acncli_linux_arm64:
               arch: arm64
               os: linux
-              name: cni-manager
+              name: acncli
+            cni_dropgz_linux_amd64:
+              arch: amd64
+              os: linux
+              name: cni-dropgz
+            cni_dropgz_linux_arm64:
+              arch: arm64
+              os: linux
+              name: cni-dropgz
             cns_linux_amd64:
               arch: amd64
               os: linux
@@ -216,9 +224,12 @@ stages:
           name: "$(BUILD_POOL_NAME_DEFAULT)"
         strategy:
           matrix:
-            cni-manager:
+            acncli:
               name: cni-manager
               platforms: linux/amd64 linux/arm64
+            cni_dropgz:
+              name: cni-dropgz
+              platforms: linux/amd64 linux/arm64
             cns:
               name: cns
               platforms: linux/amd64 linux/arm64 windows/amd64

Makefile

@@ -81,15 +81,15 @@ CNI_BAREMETAL_ARCHIVE_NAME = azure-vnet-cni-baremetal-$(GOOS)-$(GOARCH)-$(VERSIO
 CNS_ARCHIVE_NAME = azure-cns-$(GOOS)-$(GOARCH)-$(VERSION).$(ARCHIVE_EXT)
 NPM_ARCHIVE_NAME = azure-npm-$(GOOS)-$(GOARCH)-$(VERSION).$(ARCHIVE_EXT)
 NPM_IMAGE_INFO_FILE = azure-npm-$(VERSION).txt
-CNI_IMAGE_ARCHIVE_NAME = azure-cni-manager-$(GOOS)-$(GOARCH)-$(VERSION).$(ARCHIVE_EXT)
-CNI_IMAGE_INFO_FILE = azure-cni-manager-$(VERSION).txt
+CNIDROPGZ_IMAGE_ARCHIVE_NAME = cni-dropgz-$(GOOS)-$(GOARCH)-$(VERSION).$(ARCHIVE_EXT)
+CNIDROPGZ_IMAGE_INFO_FILE = cni-dropgz-$(VERSION).txt
 CNS_IMAGE_INFO_FILE = azure-cns-$(VERSION).txt
 
 # Docker libnetwork (CNM) plugin v2 image parameters.
 CNM_PLUGIN_IMAGE ?= microsoft/azure-vnet-plugin
 CNM_PLUGIN_ROOTFS = azure-vnet-plugin-rootfs
 
-VERSION ?= $(shell git describe --tags --always --dirty)
+VERSION ?= $(shell git describe --exclude "zapai*" --tags --always --dirty)
 
 # Default target
 all-binaries-platforms: ## Make all platform binaries
@@ -101,7 +101,7 @@ all-binaries-platforms: ## Make all platform binaries
 
 # OS specific binaries/images
 ifeq ($(GOOS),linux)
-all-binaries: azure-cnm-plugin azure-cni-plugin azure-cns azure-npm
+all-binaries: acncli azure-cnm-plugin azure-cni-plugin azure-cns azure-npm
 all-images: npm-image cns-image cni-manager-image
 else
 all-binaries: azure-cnm-plugin azure-cni-plugin azure-cns azure-npm
@@ -156,9 +156,10 @@ azure-npm-binary:
 
 ##@ Containers
 
-CNI_IMAGE = azure-cni-manager
-CNS_IMAGE = azure-cns
-NPM_IMAGE = azure-npm
+ACNCLI_IMAGE    = acncli
+CNIDROPGZ_IMAGE = cni-dropgz
+CNS_IMAGE       = azure-cns
+NPM_IMAGE       = azure-npm
 
 TAG               ?= $(VERSION)
 IMAGE_REGISTRY    ?= acnpublic.azurecr.io
@@ -213,33 +214,60 @@ container-info: # util target to write container info file. do not invoke direct
 	sudo chown -R $$(whoami) $(IMAGE_DIR) 
 	sudo chmod -R 777 $(IMAGE_DIR)
 
-cni-manager-image-name: # util target to print the CNI manager image name.
-	@echo $(CNI_IMAGE)
+acncli-image-name: # util target to print the CNI manager image name.
+	@echo $(ACNCLI_IMAGE)
 
-cni-manager-image: ## build cni-manager container image.
+acncli-image: ## build cni-manager container image.
 	$(MAKE) containerize-$(CONTAINER_BUILDER) \
 		PLATFORM=$(PLATFORM) \
 		DOCKERFILE=tools/acncli/Dockerfile \
 		REGISTRY=$(IMAGE_REGISTRY) \
-		IMAGE=$(CNI_IMAGE) \
-		EXTRA_BUILD_ARGS='--build-arg PLATFORM=$(OS)_$(ARCH)' \
+		IMAGE=$(ACNCLI_IMAGE) \
 		TAG=$(TAG)
 
-cni-manager-image-info: # util target to write cni-manager container info file.
-	$(MAKE) container-info IMAGE=$(CNI_IMAGE) TAG=$(TAG) FILE=$(CNI_IMAGE_INFO_FILE)
+acncli-image-info: # util target to write cni-manager container info file.
+	$(MAKE) container-info IMAGE=$(ACNCLI_IMAGE) TAG=$(TAG) FILE=$(ACNCLI_IMAGE_INFO_FILE)
 
-cni-manager-image-push: ## push cni-manager container image.
+acncli-image-push: ## push cni-manager container image.
 	$(MAKE) container-push \
 		PLATFORM=$(PLATFORM) \
 		REGISTRY=$(IMAGE_REGISTRY) \
-		IMAGE=$(CNI_IMAGE) \
+		IMAGE=$(ACNCLI_IMAGE) \
 		TAG=$(TAG)
 
-cni-manager-image-pull: ## pull cni-manager container image.
+acncli-image-pull: ## pull cni-manager container image.
 	$(MAKE) container-pull \
 		PLATFORM=$(PLATFORM) \
 		REGISTRY=$(IMAGE_REGISTRY) \
-		IMAGE=$(CNI_IMAGE) \
+		IMAGE=$(ACNCLI_IMAGE) \
+		TAG=$(TAG)
+
+cni-dropgz-image-name: # util target to print the CNI dropgz image name.
+	@echo $(CNIDROPGZ_IMAGE)
+
+cni-dropgz-image: ## build cni-dropgz container image.
+	$(MAKE) containerize-$(CONTAINER_BUILDER) \
+		PLATFORM=$(PLATFORM) \
+		DOCKERFILE=dropgz/build/cni.Dockerfile \
+		REGISTRY=$(IMAGE_REGISTRY) \
+		IMAGE=$(CNIDROPGZ_IMAGE) \
+		TAG=$(TAG)
+
+cni-dropgz-image-info: # util target to write cni-dropgz container info file.
+	$(MAKE) container-info IMAGE=$(CNIDROPGZ_IMAGE) TAG=$(TAG) FILE=$(CNIDROPGZ_IMAGE_INFO_FILE)
+
+cni-dropgz-image-push: ## push cni-dropgz container image.
+	$(MAKE) container-push \
+		PLATFORM=$(PLATFORM) \
+		REGISTRY=$(IMAGE_REGISTRY) \
+		IMAGE=$(CNIDROPGZ_IMAGE) \
+		TAG=$(TAG)
+
+cni-dropgz-image-pull: ## pull cni-dropgz container image.
+	$(MAKE) container-pull \
+		PLATFORM=$(PLATFORM) \
+		REGISTRY=$(IMAGE_REGISTRY) \
+		IMAGE=$(CNIDROPGZ_IMAGE) \
 		TAG=$(TAG)
 
 cns-image-name: # util target to print the CNS image name

dropgz/build/cni.Dockerfile

@@ -0,0 +1,16 @@
+FROM mcr.microsoft.com/oss/go/microsoft/golang:1.18 AS builder
+ARG VERSION
+WORKDIR /azure-container-networking
+COPY . .
+RUN CGO_ENABLED=0 go build -a -o bin/azure-vnet -trimpath -ldflags "-X main.version="$VERSION"" -gcflags="-dwarflocationlists=true" cni/network/plugin/main.go
+RUN mv bin/* dropgz/pkg/embed/gz &&\ 
+    mv cni/*.conflist dropgz/pkg/embed/gz &&\
+    cd dropgz/pkg/embed/gz/ && sha256sum * > sum.txt
+RUN gzip --best --recursive dropgz/pkg/embed/gz && for f in dropgz/pkg/embed/gz/*.gz; do mv -- "$f" "${f%%.gz}"; done
+RUN cd dropgz && CGO_ENABLED=0 go build -a -o ../bin/dropgz -trimpath -ldflags "-X github.com/Azure/azure-container-networking/dropgz/internal/buildinfo.Version="$VERSION"" -gcflags="-dwarflocationlists=true" main.go
+
+FROM scratch
+COPY --from=builder /etc/passwd /etc/passwd
+COPY --from=builder /etc/group /etc/group
+COPY --from=builder azure-container-networking/bin/dropgz /usr/local/bin/dropgz
+ENTRYPOINT [ "/usr/local/bin/dropgz" ]

dropgz/cmd/payload.go

@@ -0,0 +1,120 @@
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/Azure/azure-container-networking/dropgz/pkg/embed"
+	"github.com/Azure/azure-container-networking/dropgz/pkg/hash"
+	"github.com/pkg/errors"
+	"github.com/spf13/cobra"
+	"go.uber.org/zap"
+)
+
+// list subcommand
+var list = &cobra.Command{
+	Use: "list",
+	RunE: func(*cobra.Command, []string) error {
+		contents, err := embed.Contents()
+		if err != nil {
+			return err
+		}
+		for _, c := range contents {
+			fmt.Printf("\t%s\n", c)
+		}
+		return nil
+	},
+}
+
+func checksum(srcs, dests []string) error {
+	if len(srcs) != len(dests) {
+		return errors.Wrapf(embed.ErrArgsMismatched, "%d and %d", len(srcs), len(dests))
+	}
+	r, c, err := embed.Extract("sum.txt")
+	if err != nil {
+		return errors.Wrap(err, "failed to extract checksum file")
+	}
+	defer c.Close()
+	defer r.Close()
+
+	checksums, err := hash.Parse(r)
+	if err != nil {
+		return errors.Wrap(err, "failed to parse checksums")
+	}
+	for i := range srcs {
+		valid, err := checksums.Check(srcs[i], dests[i])
+		if err != nil {
+			return errors.Wrapf(err, "failed to validate file at %s", dests[i])
+		}
+		if !valid {
+			return errors.Wrapf(err, "%s checksum validation failed", dests[i])
+		}
+	}
+	return nil
+}
+
+var (
+	skipVerify bool
+	outs       []string
+)
+
+// deploy subcommand
+var deploy = &cobra.Command{
+	Use: "deploy",
+	RunE: func(_ *cobra.Command, srcs []string) error {
+		if len(outs) == 0 {
+			outs = srcs
+		}
+		if len(srcs) != len(outs) {
+			return errors.Wrapf(embed.ErrArgsMismatched, "%d files, %d outputs", len(srcs), len(outs))
+		}
+		log := z.With(zap.Strings("sources", srcs), zap.Strings("outputs", outs), zap.String("cmd", "deploy"))
+		if err := embed.Deploy(log, srcs, outs); err != nil {
+			log.Error("failed to deploy", zap.Error(err))
+			return errors.Wrapf(err, "failed to deploy %s", srcs)
+		}
+		log.Info("successfully wrote files")
+		if skipVerify {
+			return nil
+		}
+		if err := checksum(srcs, outs); err != nil {
+			log.Error("failed to verify", zap.Error(err))
+			return err
+		}
+		log.Info("verified file integrity")
+		return nil
+	},
+	Args: cobra.OnlyValidArgs,
+}
+
+// verify subcommand
+var verify = &cobra.Command{
+	Use: "verify",
+	RunE: func(_ *cobra.Command, srcs []string) error {
+		if len(outs) == 0 {
+			outs = srcs
+		}
+		if len(srcs) != len(outs) {
+			return errors.Wrapf(embed.ErrArgsMismatched, "%d sources, %d destinations", len(srcs), len(outs))
+		}
+		log := z.With(zap.Strings("sources", srcs), zap.String("cmd", "deploy"))
+		if err := checksum(srcs, outs); err != nil {
+			log.Error("failed to verify", zap.Error(err))
+			return err
+		}
+		return nil
+	},
+	Args: cobra.OnlyValidArgs,
+}
+
+func init() {
+	root.AddCommand(list)
+
+	verify.ValidArgs, _ = embed.Contents()
+	verify.Flags().StringSliceVarP(&outs, "output", "o", []string{}, "output file path")
+	root.AddCommand(verify)
+
+	deploy.ValidArgs, _ = embed.Contents() // setting this after the command is initialized is required
+	deploy.Flags().BoolVar(&skipVerify, "skip-verify", false, "set to disable checksum validation")
+	deploy.Flags().StringSliceVarP(&outs, "output", "o", []string{}, "output file path")
+	root.AddCommand(deploy)
+}

dropgz/cmd/root.go

@@ -0,0 +1,58 @@
+package cmd
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"os/signal"
+	"syscall"
+
+	zaplogfmt "github.com/jsternberg/zap-logfmt"
+	"github.com/spf13/cobra"
+	"go.uber.org/zap"
+	"go.uber.org/zap/zapcore"
+)
+
+var (
+	ctx context.Context
+	z   *zap.Logger
+)
+
+// root represent the base invocation.
+var root = &cobra.Command{
+	Use: "dropgz",
+}
+
+func init() {
+	// set up signal handlers
+	var cancel context.CancelFunc
+	ctx, cancel = context.WithCancel(context.Background())
+
+	sig := make(chan os.Signal, 1)
+	signal.Notify(sig, os.Interrupt, syscall.SIGTERM)
+	go func() {
+		<-sig
+		cancel()
+		fmt.Println("exiting")
+	}()
+
+	// bind root flags
+	root.PersistentFlags().StringP("log-level", "v", "info", "log level [trace,debug,info,warn,error]")
+}
+
+func Execute() {
+	var err error
+	zcfg := zap.NewProductionEncoderConfig()
+	z = zap.New(zapcore.NewCore(
+		zaplogfmt.NewEncoder(zcfg),
+		os.Stdout,
+		zapcore.InfoLevel,
+	))
+	if err != nil {
+		os.Exit(1)
+	}
+	if err = root.Execute(); err != nil {
+		z.Error("dropgz exiting", zap.Error(err))
+		os.Exit(1)
+	}
+}

dropgz/cmd/version.go

@@ -0,0 +1,20 @@
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/Azure/azure-container-networking/dropgz/internal/buildinfo"
+	"github.com/spf13/cobra"
+)
+
+// version command.
+var version = &cobra.Command{
+	Use: "version",
+	Run: func(cmd *cobra.Command, args []string) {
+		fmt.Println(buildinfo.Version)
+	},
+}
+
+func init() {
+	root.AddCommand(version)
+}