diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index b3f342f5ad..8175ad3e7d 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -47,6 +47,15 @@ updates: - "azure/azure-sdn-members" commit-message: prefix: "deps" +- package-ecosystem: "gomod" + directory: "/dropgz" + schedule: + interval: "daily" + assignees: + - "matmerr" + - "rbtr" + commit-message: + prefix: "deps" - package-ecosystem: "gomod" directory: "/zapai" schedule: @@ -54,7 +63,5 @@ updates: assignees: - "matmerr" - "rbtr" - reviewers: - - "azure/azure-sdn-members" commit-message: prefix: "deps" diff --git a/.pipelines/pipeline.yaml b/.pipelines/pipeline.yaml index 955d099706..356ae1c3c3 100644 --- a/.pipelines/pipeline.yaml +++ b/.pipelines/pipeline.yaml @@ -150,14 +150,22 @@ stages: name: "$(BUILD_POOL_NAME_DEFAULT)" strategy: matrix: - cni_manager_linux_amd64: + acncli_linux_amd64: arch: amd64 os: linux - name: cni-manager - cni_manager_linux_arm64: + name: acncli + acncli_linux_arm64: arch: arm64 os: linux - name: cni-manager + name: acncli + cni_dropgz_linux_amd64: + arch: amd64 + os: linux + name: cni-dropgz + cni_dropgz_linux_arm64: + arch: arm64 + os: linux + name: cni-dropgz cns_linux_amd64: arch: amd64 os: linux @@ -216,8 +224,11 @@ stages: name: "$(BUILD_POOL_NAME_DEFAULT)" strategy: matrix: - cni-manager: - name: cni-manager + acncli: + name: acncli + platforms: linux/amd64 linux/arm64 + cni_dropgz: + name: cni-dropgz platforms: linux/amd64 linux/arm64 cns: name: cns diff --git a/Makefile b/Makefile index ac1350db8d..e5b12395a2 100644 --- a/Makefile +++ b/Makefile @@ -81,15 +81,15 @@ CNI_BAREMETAL_ARCHIVE_NAME = azure-vnet-cni-baremetal-$(GOOS)-$(GOARCH)-$(VERSIO CNS_ARCHIVE_NAME = azure-cns-$(GOOS)-$(GOARCH)-$(VERSION).$(ARCHIVE_EXT) NPM_ARCHIVE_NAME = azure-npm-$(GOOS)-$(GOARCH)-$(VERSION).$(ARCHIVE_EXT) NPM_IMAGE_INFO_FILE = azure-npm-$(VERSION).txt -CNI_IMAGE_ARCHIVE_NAME = azure-cni-manager-$(GOOS)-$(GOARCH)-$(VERSION).$(ARCHIVE_EXT) -CNI_IMAGE_INFO_FILE = azure-cni-manager-$(VERSION).txt +CNIDROPGZ_IMAGE_ARCHIVE_NAME = cni-dropgz-$(GOOS)-$(GOARCH)-$(VERSION).$(ARCHIVE_EXT) +CNIDROPGZ_IMAGE_INFO_FILE = cni-dropgz-$(VERSION).txt CNS_IMAGE_INFO_FILE = azure-cns-$(VERSION).txt # Docker libnetwork (CNM) plugin v2 image parameters. CNM_PLUGIN_IMAGE ?= microsoft/azure-vnet-plugin CNM_PLUGIN_ROOTFS = azure-vnet-plugin-rootfs -VERSION ?= $(shell git describe --tags --always --dirty) +VERSION ?= $(shell git describe --exclude "zapai*" --tags --always --dirty) # Default target all-binaries-platforms: ## Make all platform binaries @@ -101,7 +101,7 @@ all-binaries-platforms: ## Make all platform binaries # OS specific binaries/images ifeq ($(GOOS),linux) -all-binaries: azure-cnm-plugin azure-cni-plugin azure-cns azure-npm +all-binaries: acncli azure-cnm-plugin azure-cni-plugin azure-cns azure-npm all-images: npm-image cns-image cni-manager-image else all-binaries: azure-cnm-plugin azure-cni-plugin azure-cns azure-npm @@ -156,9 +156,10 @@ azure-npm-binary: ##@ Containers -CNI_IMAGE = azure-cni-manager -CNS_IMAGE = azure-cns -NPM_IMAGE = azure-npm +ACNCLI_IMAGE = acncli +CNIDROPGZ_IMAGE = cni-dropgz +CNS_IMAGE = azure-cns +NPM_IMAGE = azure-npm TAG ?= $(VERSION) IMAGE_REGISTRY ?= acnpublic.azurecr.io @@ -213,33 +214,60 @@ container-info: # util target to write container info file. do not invoke direct sudo chown -R $$(whoami) $(IMAGE_DIR) sudo chmod -R 777 $(IMAGE_DIR) -cni-manager-image-name: # util target to print the CNI manager image name. - @echo $(CNI_IMAGE) +acncli-image-name: # util target to print the CNI manager image name. + @echo $(ACNCLI_IMAGE) -cni-manager-image: ## build cni-manager container image. +acncli-image: ## build cni-manager container image. $(MAKE) containerize-$(CONTAINER_BUILDER) \ PLATFORM=$(PLATFORM) \ DOCKERFILE=tools/acncli/Dockerfile \ REGISTRY=$(IMAGE_REGISTRY) \ - IMAGE=$(CNI_IMAGE) \ - EXTRA_BUILD_ARGS='--build-arg PLATFORM=$(OS)_$(ARCH)' \ + IMAGE=$(ACNCLI_IMAGE) \ + TAG=$(TAG) + +acncli-image-info: # util target to write cni-manager container info file. + $(MAKE) container-info IMAGE=$(ACNCLI_IMAGE) TAG=$(TAG) FILE=$(ACNCLI_IMAGE_INFO_FILE) + +acncli-image-push: ## push cni-manager container image. + $(MAKE) container-push \ + PLATFORM=$(PLATFORM) \ + REGISTRY=$(IMAGE_REGISTRY) \ + IMAGE=$(ACNCLI_IMAGE) \ + TAG=$(TAG) + +acncli-image-pull: ## pull cni-manager container image. + $(MAKE) container-pull \ + PLATFORM=$(PLATFORM) \ + REGISTRY=$(IMAGE_REGISTRY) \ + IMAGE=$(ACNCLI_IMAGE) \ TAG=$(TAG) -cni-manager-image-info: # util target to write cni-manager container info file. - $(MAKE) container-info IMAGE=$(CNI_IMAGE) TAG=$(TAG) FILE=$(CNI_IMAGE_INFO_FILE) +cni-dropgz-image-name: # util target to print the CNI dropgz image name. + @echo $(CNIDROPGZ_IMAGE) + +cni-dropgz-image: ## build cni-dropgz container image. + $(MAKE) containerize-$(CONTAINER_BUILDER) \ + PLATFORM=$(PLATFORM) \ + DOCKERFILE=dropgz/build/cni.Dockerfile \ + REGISTRY=$(IMAGE_REGISTRY) \ + IMAGE=$(CNIDROPGZ_IMAGE) \ + TAG=$(TAG) -cni-manager-image-push: ## push cni-manager container image. +cni-dropgz-image-info: # util target to write cni-dropgz container info file. + $(MAKE) container-info IMAGE=$(CNIDROPGZ_IMAGE) TAG=$(TAG) FILE=$(CNIDROPGZ_IMAGE_INFO_FILE) + +cni-dropgz-image-push: ## push cni-dropgz container image. $(MAKE) container-push \ PLATFORM=$(PLATFORM) \ REGISTRY=$(IMAGE_REGISTRY) \ - IMAGE=$(CNI_IMAGE) \ + IMAGE=$(CNIDROPGZ_IMAGE) \ TAG=$(TAG) -cni-manager-image-pull: ## pull cni-manager container image. +cni-dropgz-image-pull: ## pull cni-dropgz container image. $(MAKE) container-pull \ PLATFORM=$(PLATFORM) \ REGISTRY=$(IMAGE_REGISTRY) \ - IMAGE=$(CNI_IMAGE) \ + IMAGE=$(CNIDROPGZ_IMAGE) \ TAG=$(TAG) cns-image-name: # util target to print the CNS image name @@ -362,10 +390,16 @@ multiarch-manifest-create: # util target to compose multiarch container manifest multiarch-manifest-push: # util target to push multiarch container manifest. $(CONTAINER_BUILDER) manifest push --all $(IMAGE_REGISTRY)/$(IMAGE):$(TAG) docker://$(IMAGE_REGISTRY)/$(IMAGE):$(TAG) -cni-manager-multiarch-manifest-create: ## build cni-manager multi-arch container manifest. +acncli-multiarch-manifest-create: ## build acncli multi-arch container manifest. + $(MAKE) multiarch-manifest-create \ + PLATFORMS="$(PLATFORMS)" \ + IMAGE=$(ACNCLI_IMAGE) \ + TAG=$(TAG) + +cni-dropgz-multiarch-manifest-create: ## build cni-dropgz multi-arch container manifest. $(MAKE) multiarch-manifest-create \ PLATFORMS="$(PLATFORMS)" \ - IMAGE=$(CNI_IMAGE) \ + IMAGE=$(CNIDROPGZ_IMAGE) \ TAG=$(TAG) cns-multiarch-manifest-create: ## build azure-cns multi-arch container manifest. @@ -481,8 +515,8 @@ workspace: ## Set up the Go workspace. go work init go work use . go work use ./build/tools + go work use ./dropgz go work use ./zapai - go work sync ##@ Test diff --git a/dropgz/build/cni.Dockerfile b/dropgz/build/cni.Dockerfile new file mode 100644 index 0000000000..a2faef5b1c --- /dev/null +++ b/dropgz/build/cni.Dockerfile @@ -0,0 +1,23 @@ +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.18 AS azure-vnet +ARG VERSION +WORKDIR /azure-container-networking +COPY . . +RUN CGO_ENABLED=0 go build -a -o bin/azure-vnet -trimpath -ldflags "-X main.version="$VERSION"" -gcflags="-dwarflocationlists=true" cni/network/plugin/main.go + +FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 AS compressor +WORKDIR /dropgz +COPY dropgz . +COPY --from=azure-vnet /azure-container-networking/bin/* pkg/embed/fs +COPY --from=azure-vnet /azure-container-networking/cni/*.conflist pkg/embed/fs +RUN cd pkg/embed/fs/ && sha256sum * > sum.txt +RUN gzip --verbose --best --recursive pkg/embed/fs && for f in pkg/embed/fs/*.gz; do mv -- "$f" "${f%%.gz}"; done + +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.18 AS dropgz +ARG VERSION +WORKDIR /dropgz +COPY --from=compressor /dropgz . +RUN CGO_ENABLED=0 go build -a -o bin/dropgz -trimpath -ldflags "-X github.com/Azure/azure-container-networking/dropgz/internal/buildinfo.Version="$VERSION"" -gcflags="-dwarflocationlists=true" main.go + +FROM scratch +COPY --from=dropgz /dropgz/bin/dropgz /dropgz +ENTRYPOINT [ "/dropgz" ] diff --git a/dropgz/cmd/payload.go b/dropgz/cmd/payload.go new file mode 100644 index 0000000000..921591d35a --- /dev/null +++ b/dropgz/cmd/payload.go @@ -0,0 +1,126 @@ +package cmd + +import ( + "fmt" + + "github.com/Azure/azure-container-networking/dropgz/pkg/embed" + "github.com/Azure/azure-container-networking/dropgz/pkg/hash" + "github.com/pkg/errors" + "github.com/spf13/cobra" + "go.uber.org/zap" +) + +// list subcommand +var list = &cobra.Command{ + Use: "list", + RunE: func(*cobra.Command, []string) error { + if err := setLogLevel(); err != nil { + return err + } + contents, err := embed.Contents() + if err != nil { + return err + } + for _, c := range contents { + fmt.Printf("\t%s\n", c) + } + return nil + }, +} + +func checksum(srcs, dests []string) error { + if len(srcs) != len(dests) { + return errors.Wrapf(embed.ErrArgsMismatched, "%d and %d", len(srcs), len(dests)) + } + rc, err := embed.Extract("sum.txt") + if err != nil { + return errors.Wrap(err, "failed to extract checksum file") + } + defer rc.Close() + + checksums, err := hash.Parse(rc) + if err != nil { + return errors.Wrap(err, "failed to parse checksums") + } + for i := range srcs { + valid, err := checksums.Check(srcs[i], dests[i]) + if err != nil { + return errors.Wrapf(err, "failed to validate file at %s", dests[i]) + } + if !valid { + return errors.Errorf("%s checksum validation failed", dests[i]) + } + } + return nil +} + +var ( + skipVerify bool + outs []string +) + +// deploy subcommand +var deploy = &cobra.Command{ + Use: "deploy", + RunE: func(_ *cobra.Command, srcs []string) error { + if err := setLogLevel(); err != nil { + return err + } + if len(outs) == 0 { + outs = srcs + } + if len(srcs) != len(outs) { + return errors.Wrapf(embed.ErrArgsMismatched, "%d files, %d outputs", len(srcs), len(outs)) + } + log := z.With(zap.Strings("sources", srcs), zap.Strings("outputs", outs), zap.String("cmd", "deploy")) + if err := embed.Deploy(log, srcs, outs); err != nil { + return errors.Wrapf(err, "failed to deploy %s", srcs) + } + log.Info("successfully wrote files") + if skipVerify { + return nil + } + if err := checksum(srcs, outs); err != nil { + return err + } + log.Info("verified file integrity") + return nil + }, + Args: cobra.OnlyValidArgs, +} + +// verify subcommand +var verify = &cobra.Command{ + Use: "verify", + RunE: func(_ *cobra.Command, srcs []string) error { + if err := setLogLevel(); err != nil { + return err + } + if len(outs) == 0 { + outs = srcs + } + if len(srcs) != len(outs) { + return errors.Wrapf(embed.ErrArgsMismatched, "%d sources, %d destinations", len(srcs), len(outs)) + } + log := z.With(zap.Strings("sources", srcs), zap.Strings("outputs", outs), zap.String("cmd", "verify")) + if err := checksum(srcs, outs); err != nil { + return err + } + log.Info("verified files") + return nil + }, + Args: cobra.OnlyValidArgs, +} + +func init() { + root.AddCommand(list) + + verify.ValidArgs, _ = embed.Contents() + verify.Flags().StringSliceVarP(&outs, "output", "o", []string{}, "output file path") + root.AddCommand(verify) + + deploy.ValidArgs, _ = embed.Contents() // setting this after the command is initialized is required + deploy.Flags().BoolVar(&skipVerify, "skip-verify", false, "set to disable checksum validation") + deploy.Flags().StringSliceVarP(&outs, "output", "o", []string{}, "output file path") + root.AddCommand(deploy) +} diff --git a/dropgz/cmd/root.go b/dropgz/cmd/root.go new file mode 100644 index 0000000000..c56ad8b068 --- /dev/null +++ b/dropgz/cmd/root.go @@ -0,0 +1,69 @@ +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "syscall" + + zaplogfmt "github.com/jsternberg/zap-logfmt" + "github.com/pkg/errors" + "github.com/spf13/cobra" + "go.uber.org/zap" + "go.uber.org/zap/zapcore" +) + +var ( + ctx context.Context + z *zap.Logger + levelFlag string + leveler = zap.NewAtomicLevel() +) + +// root represent the base invocation. +var root = &cobra.Command{ + Use: "dropgz", + SilenceUsage: true, +} + +func init() { + // set up signal handlers + var cancel context.CancelFunc + ctx, cancel = context.WithCancel(context.Background()) + + sig := make(chan os.Signal, 1) + signal.Notify(sig, os.Interrupt, syscall.SIGTERM) + go func() { + <-sig + cancel() + fmt.Println("exiting") + os.Exit(1) + }() + + // build root logger + zcfg := zap.NewProductionEncoderConfig() + z = zap.New(zapcore.NewCore( + zaplogfmt.NewEncoder(zcfg), + os.Stdout, + leveler, + )) + + // bind root flags + root.PersistentFlags().StringVarP(&levelFlag, "log-level", "v", "info", "log level [trace,debug,info,warn,error]") +} + +func Execute() { + if err := root.ExecuteContext(ctx); err != nil { + z.Fatal("exiting due to error", zap.Error(err)) + } +} + +func setLogLevel() error { + level, err := zapcore.ParseLevel(levelFlag) + if err != nil { + return errors.Wrapf(err, "failed to parse log level '%s'", levelFlag) + } + leveler.SetLevel(level) + return nil +} diff --git a/dropgz/cmd/version.go b/dropgz/cmd/version.go new file mode 100644 index 0000000000..c16f33b419 --- /dev/null +++ b/dropgz/cmd/version.go @@ -0,0 +1,24 @@ +package cmd + +import ( + "fmt" + + "github.com/Azure/azure-container-networking/dropgz/internal/buildinfo" + "github.com/spf13/cobra" +) + +// version command. +var version = &cobra.Command{ + Use: "version", + RunE: func(cmd *cobra.Command, args []string) error { + if err := setLogLevel(); err != nil { + return err + } + fmt.Println(buildinfo.Version) + return nil + }, +} + +func init() { + root.AddCommand(version) +} diff --git a/dropgz/go.mod b/dropgz/go.mod new file mode 100644 index 0000000000..0c44e54cc7 --- /dev/null +++ b/dropgz/go.mod @@ -0,0 +1,19 @@ +module github.com/Azure/azure-container-networking/dropgz + +go 1.18 + +require ( + github.com/jsternberg/zap-logfmt v1.2.0 + github.com/pkg/errors v0.9.1 + github.com/spf13/cobra v1.4.0 + go.uber.org/zap v1.21.0 +) + +require ( + github.com/inconshreveable/mousetrap v1.0.0 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/stretchr/testify v1.7.1 // indirect + go.uber.org/atomic v1.7.0 // indirect + go.uber.org/goleak v1.1.12 // indirect + go.uber.org/multierr v1.6.0 // indirect +) diff --git a/dropgz/go.sum b/dropgz/go.sum new file mode 100644 index 0000000000..f2c1a49468 --- /dev/null +++ b/dropgz/go.sum @@ -0,0 +1,75 @@ +github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= +github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= +github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/jsternberg/zap-logfmt v1.2.0 h1:1v+PK4/B48cy8cfQbxL4FmmNZrjnIMr2BsnyEmXqv2o= +github.com/jsternberg/zap-logfmt v1.2.0/go.mod h1:kz+1CUmCutPWABnNkOu9hOHKdT2q3TDYCcsFy9hpqb0= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q= +github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= +go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= +go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA= +go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= +go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= +go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= +go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= +go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8= +go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/dropgz/internal/buildinfo/buildinfo.go b/dropgz/internal/buildinfo/buildinfo.go new file mode 100644 index 0000000000..77ffbb7fd2 --- /dev/null +++ b/dropgz/internal/buildinfo/buildinfo.go @@ -0,0 +1,3 @@ +package buildinfo + +var Version string diff --git a/dropgz/main.go b/dropgz/main.go new file mode 100644 index 0000000000..46ef567ab5 --- /dev/null +++ b/dropgz/main.go @@ -0,0 +1,7 @@ +package main + +import "github.com/Azure/azure-container-networking/dropgz/cmd" + +func main() { + cmd.Execute() +} diff --git a/dropgz/pkg/embed/fs/_README b/dropgz/pkg/embed/fs/_README new file mode 100644 index 0000000000..d11ae80191 --- /dev/null +++ b/dropgz/pkg/embed/fs/_README @@ -0,0 +1,4 @@ +This files in this directory intentionally left blank. +At build time files are dropped here and embedded in to the dropgz binary. +_README is excluded due to the _ prefix. +sum.txt will contain pre-compression file SHAs. diff --git a/dropgz/pkg/embed/fs/sum.txt b/dropgz/pkg/embed/fs/sum.txt new file mode 100644 index 0000000000..e69de29bb2 diff --git a/dropgz/pkg/embed/payload.go b/dropgz/pkg/embed/payload.go new file mode 100644 index 0000000000..7e5341a593 --- /dev/null +++ b/dropgz/pkg/embed/payload.go @@ -0,0 +1,111 @@ +package embed + +import ( + "bufio" + "compress/gzip" + "embed" + "io" + "io/fs" + "os" + "path/filepath" + "strings" + + "github.com/pkg/errors" + "go.uber.org/zap" +) + +const ( + cwd = "fs" + pathPrefix = cwd + string(filepath.Separator) +) + +var ErrArgsMismatched = errors.New("mismatched argument count") + +// embedfs contains the embedded files for deployment, as a read-only FileSystem containing only "embedfs/". +//nolint:typecheck // dir is populated at build. +//go:embed fs +var embedfs embed.FS + +func Contents() ([]string, error) { + contents := []string{} + err := fs.WalkDir(embedfs, cwd, func(path string, d fs.DirEntry, err error) error { + if err != nil { + return err + } + if d.IsDir() { + return nil + } + contents = append(contents, strings.TrimPrefix(path, pathPrefix)) + return nil + }) + if err != nil { + return nil, errors.Wrap(err, "error walking embed fs") + } + return contents, nil +} + +// compoundReadCloser is a wrapper around the source file handle and +// the flate Reader on the file to provide a single Close implementation +// which cleans up both. +// We have to explicitly track and close the underlying Reader, because +// the readercloser# does not. +type compoundReadCloser struct { + closer io.Closer + readcloser io.ReadCloser +} + +func (c *compoundReadCloser) Read(p []byte) (n int, err error) { + return c.readcloser.Read(p) +} + +func (c *compoundReadCloser) Close() error { + if err := c.readcloser.Close(); err != nil { + return err + } + if err := c.closer.Close(); err != nil { + return err + } + return nil +} + +func Extract(path string) (*compoundReadCloser, error) { + f, err := embedfs.Open(filepath.Join(cwd, path)) + if err != nil { + return nil, errors.Wrapf(err, "failed to open file %s", path) + } + r, err := gzip.NewReader(bufio.NewReader(f)) + if err != nil { + return nil, errors.Wrap(err, "failed to build reader") + } + return &compoundReadCloser{closer: f, readcloser: r}, nil +} + +func deploy(src, dest string) error { + rc, err := Extract(src) + if err != nil { + return err + } + defer rc.Close() + target, err := os.OpenFile(dest, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o755) //nolint:gomnd // executable file bitmask + if err != nil { + return errors.Wrapf(err, "failed to create file %s", dest) + } + defer target.Close() + _, err = io.Copy(bufio.NewWriter(target), rc) + return errors.Wrapf(err, "failed to copy %s to %s", src, dest) +} + +func Deploy(log *zap.Logger, srcs, dests []string) error { + if len(srcs) != len(dests) { + return errors.Wrapf(ErrArgsMismatched, "%d and %d", len(srcs), len(dests)) + } + for i := range srcs { + src := srcs[i] + dest := dests[i] + if err := deploy(src, dest); err != nil { + return err + } + log.Info("wrote file", zap.String("src", src), zap.String("dest", dest)) + } + return nil +} diff --git a/dropgz/pkg/hash/sha.go b/dropgz/pkg/hash/sha.go new file mode 100644 index 0000000000..f69f4019ec --- /dev/null +++ b/dropgz/pkg/hash/sha.go @@ -0,0 +1,43 @@ +package hash + +import ( + "bufio" + "crypto/sha256" + "fmt" + "io" + "os" + "strings" + + "github.com/pkg/errors" +) + +type Checksums map[string]string + +func Parse(r io.Reader) (Checksums, error) { + checksums := Checksums{} + linescanner := bufio.NewScanner(r) + linescanner.Split(bufio.ScanLines) + + for linescanner.Scan() { + line := linescanner.Text() + entry := strings.Fields(line) + if len(entry) != 2 { //nolint:gomnd // sha256 checksum file constant + return nil, errors.Errorf("malformed sha checksum line: %s", line) + } + checksums[entry[1]] = entry[0] + } + return checksums, nil +} + +func (sums Checksums) Check(src, dst string) (bool, error) { + want, ok := sums[src] + if !ok { + return false, errors.Errorf("unknown path %s", src) + } + buf, err := os.ReadFile(dst) + if err != nil { + return false, errors.Wrapf(err, "unable to read file %s", dst) + } + have := sha256.Sum256(buf) + return want == fmt.Sprintf("%x", have), nil +} diff --git a/test/integration/manifests/cni/manager.yaml b/test/integration/manifests/cni/manager.yaml index 5c9fc19e00..5db6dddf9d 100644 --- a/test/integration/manifests/cni/manager.yaml +++ b/test/integration/manifests/cni/manager.yaml @@ -19,7 +19,7 @@ spec: hostNetwork: true containers: - name: azure-cni-installer - image: acnpublic.azurecr.io/azure-cni-manager:v1.2.8-32-g77506640 + image: acnpublic.azurecr.io/acncli:v1.2.8-32-g77506640 command: ["./acn"] args: ["cni", "manager", "--follow", "--mode", "transparent", "--ipam", "azure-cns"] imagePullPolicy: Always diff --git a/tools/acncli/Dockerfile b/tools/acncli/Dockerfile index e9f9b9156e..7bc83da9d2 100644 --- a/tools/acncli/Dockerfile +++ b/tools/acncli/Dockerfile @@ -1,19 +1,16 @@ FROM mcr.microsoft.com/oss/go/microsoft/golang:1.18 as build WORKDIR /go/src/github.com/Azure/azure-container-networking/ ARG VERSION -ARG PLATFORM ADD . . RUN make all-binaries RUN make acncli -RUN rm -rf ./output/windows* -RUN rm -rf ./output/${PLATFORM:-linux_amd64}/npm/* +RUN rm -rf ./output/**/npm RUN mv ./output /output RUN find /output -name "*.zip" -type f -delete RUN find /output -name "*.tgz" -type f -delete FROM scratch -ARG PLATFORM -COPY --from=build /output/${PLATFORM:-linux_amd64}/acncli/ . +COPY --from=build /output/**/acncli/ . COPY --from=build /output /output ENV AZURE_CNI_OS=linux ENV AZURE_CNI_TENANCY=singletenancy