cilium: Embed bpf templates in cilium-agent binary

This avoids requiring to install the BPF template files in
/usr/lib/cilium and embeds these template files in the binary
instead to ease distribution.

Related: #324

Signed-off-by: Thomas Graf <thomas@cilium.io>

.travis/prepare.sh

@@ -11,5 +11,7 @@ sudo tar -C /usr/local -xJf $CLANG_FILE
 sudo ln -s /usr/local/$CLANG_DIR /usr/local/clang
 rm $CLANG_FILE
 
+go get -u github.com/jteeuwen/go-bindata/...
+
 NEWPATH="/usr/local/clang/bin"
 export PATH="$NEWPATH:$PATH"

Makefile

@@ -68,8 +68,6 @@ clean:
 
 install: all
 	$(INSTALL) -m 0755 -d $(DESTDIR)$(BINDIR)
-	$(INSTALL) -m 0755 -d $(DESTDIR)$(LIBDIR)/cilium/lib
-	$(INSTALL) -m 0755 -d $(DESTDIR)$(LIBDIR)/cilium/githooks
 	for i in $(SUBDIRS); do $(MAKE) -C $$i install; done
 	for i in $(SUBDIRSLIB); do $(MAKE) -C $$i install; done
 

Makefile.defs

@@ -1,6 +1,5 @@
 PREFIX?=/usr
 BINDIR?=$(PREFIX)/bin
-LIBDIR?=$(PREFIX)/lib
 RUNDIR?=/var/run
 CONFDIR?=/etc
 

bpf/Makefile

@@ -33,16 +33,5 @@ all:
 
 endif
 
-install:
-	$(INSTALL) -m 0644 -t $(DESTDIR)$(LIBDIR)/cilium/ $(BPF:.o=.c)
-	$(INSTALL) -m 0755 -t $(DESTDIR)$(LIBDIR)/cilium/ $(SCRIPTS)
-	$(INSTALL) -m 0644 -t $(DESTDIR)$(LIBDIR)/cilium/lib/ $(LIB)
-	for dir in `find include probes -type d`; do \
-		$(INSTALL) -m 0755 -d $(DESTDIR)$(LIBDIR)/cilium/$$dir; \
-		for f in `find $$dir -maxdepth 1 -type f`; do \
-			$(INSTALL) -m 0644 -t $(DESTDIR)$(LIBDIR)/cilium/$$dir $$f; \
-		done; \
-	done
-
 clean:
 	rm -fr *.o

cilium/Makefile

@@ -1,7 +1,7 @@
 include ../Makefile.defs
 
 TARGET=cilium
-SOURCES := $(shell find ../api ../bpf ../daemon ../common ../pkg cmd . -name '*.go')
+SOURCES := $(shell find ../api ../daemon ../common ../pkg cmd . -name '*.go')
 $(TARGET): $(SOURCES)
 	go build $(GOBUILD) -ldflags "-X "github.com/cilium/cilium/common".Version=$(VERSION)" -o $(TARGET)
 

contrib/packaging/rpm/cfg/cilium.spec

@@ -52,56 +52,8 @@ chmod 644 %{buildroot}/etc/init/*
 /lib/systemd/system/cilium.service
 /opt/cni/bin/cilium-cni
 /usr/bin/cilium
+/usr/bin/cilium-agent
 /usr/bin/cilium-docker
-/usr/lib/cilium/bpf_lb.c
-/usr/lib/cilium/bpf_lxc.c
-/usr/lib/cilium/bpf_netdev.c
-/usr/lib/cilium/bpf_overlay.c
-/usr/lib/cilium/include/bpf/api.h
-/usr/lib/cilium/include/iproute2/bpf_elf.h
-/usr/lib/cilium/include/linux/bpf.h
-/usr/lib/cilium/include/linux/bpf_common.h
-/usr/lib/cilium/include/linux/byteorder.h
-/usr/lib/cilium/include/linux/byteorder/big_endian.h
-/usr/lib/cilium/include/linux/byteorder/little_endian.h
-/usr/lib/cilium/include/linux/icmp.h
-/usr/lib/cilium/include/linux/icmpv6.h
-/usr/lib/cilium/include/linux/if_arp.h
-/usr/lib/cilium/include/linux/if_ether.h
-/usr/lib/cilium/include/linux/in.h
-/usr/lib/cilium/include/linux/in6.h
-/usr/lib/cilium/include/linux/ioctl.h
-/usr/lib/cilium/include/linux/ip.h
-/usr/lib/cilium/include/linux/ipv6.h
-/usr/lib/cilium/include/linux/perf_event.h
-/usr/lib/cilium/include/linux/swab.h
-/usr/lib/cilium/include/linux/tcp.h
-/usr/lib/cilium/include/linux/type_mapper.h
-/usr/lib/cilium/include/linux/udp.h
-/usr/lib/cilium/init.sh
-/usr/lib/cilium/join_ep.sh
-/usr/lib/cilium/lib/arp.h
-/usr/lib/cilium/lib/common.h
-/usr/lib/cilium/lib/conntrack.h
-/usr/lib/cilium/lib/csum.h
-/usr/lib/cilium/lib/dbg.h
-/usr/lib/cilium/lib/drop.h
-/usr/lib/cilium/lib/eth.h
-/usr/lib/cilium/lib/events.h
-/usr/lib/cilium/lib/geneve.h
-/usr/lib/cilium/lib/icmp6.h
-/usr/lib/cilium/lib/ipv4.h
-/usr/lib/cilium/lib/ipv6.h
-/usr/lib/cilium/lib/l3.h
-/usr/lib/cilium/lib/l4.h
-/usr/lib/cilium/lib/lb.h
-/usr/lib/cilium/lib/lxc.h
-/usr/lib/cilium/lib/maps.h
-/usr/lib/cilium/lib/nat46.h
-/usr/lib/cilium/lib/policy.h
-/usr/lib/cilium/lib/utils.h
-/usr/lib/cilium/probes/skb_change_tail.c
-/usr/lib/cilium/run_probes.sh
 
 %changelog
 * Wed Oct 12 2016 Andre Martins <andre@cilium.io> - ${VERSION}

daemon/.gitignore

@@ -1,2 +1,3 @@
 cilium-agent
 globals
+bindata.go

daemon/Makefile

@@ -3,8 +3,8 @@ include ../Makefile.defs
 all:
 
 TARGET=cilium-agent
-SOURCES := $(shell find ../api ../bpf ../common ../daemon ../pkg . -name '*.go')
-$(TARGET): $(SOURCES)
+SOURCES := $(shell find ../api ../common ../daemon ../pkg . -name '*.go')
+$(TARGET): $(SOURCES) bindata.go
 	go build $(GOBUILD) -ldflags "-X "github.com/cilium/cilium/common".Version=$(VERSION)" -o $(TARGET)
 
 all: $(TARGET)
@@ -17,3 +17,6 @@ install: all
 	groupadd -f cilium
 	$(INSTALL) -m 0755 -d $(DESTDIR)$(BINDIR)
 	$(INSTALL) -m 0755 $(TARGET) $(DESTDIR)$(BINDIR)
+
+bindata.go: $(shell find ../bpf)
+	go-bindata -prefix ../ -ignore Makefile -ignore '.+\.o$$' ../bpf/...

daemon/config.go

@@ -35,7 +35,7 @@ var (
 
 // Config is the configuration used by Daemon.
 type Config struct {
-	LibDir                string                  // Cilium library directory
+	BpfDir                string                  // BPF template files directory
 	RunDir                string                  // Cilium runtime directory
 	LXCMap                *lxcmap.LXCMap          // LXCMap where all LXCs are stored
 	NodeAddress           *addressing.NodeAddress // Node IPv6 Address
@@ -56,9 +56,10 @@ type Config struct {
 	LBInterface           string // Set with name of the interface to loadbalance packets from
 	Tunnel                string // Tunnel mode
 
-	DryMode      bool // Do not create BPF maps, devices, ..
-	RestoreState bool // RestoreState restores the state from previous running daemons.
-	KeepConfig   bool // Keep configuration of existing endpoints when starting up.
+	DryMode       bool // Do not create BPF maps, devices, ..
+	RestoreState  bool // RestoreState restores the state from previous running daemons.
+	KeepConfig    bool // Keep configuration of existing endpoints when starting up.
+	KeepTemplates bool // Do not overwrite the template files
 
 	// Options changeable at runtime
 	Opts   *option.BoolOptions

daemon/daemon.go

@@ -91,8 +91,8 @@ func (d *Daemon) GetRuntimeDir() string {
 	return d.conf.RunDir
 }
 
-func (d *Daemon) GetLibraryDir() string {
-	return d.conf.LibDir
+func (d *Daemon) GetBpfDir() string {
+	return d.conf.BpfDir
 }
 
 func (d *Daemon) GetPolicyTree() *policy.Tree {
@@ -220,19 +220,19 @@ func (d *Daemon) compileBase() error {
 			mode = "direct"
 		}
 
-		args = []string{d.conf.LibDir, d.conf.RunDir, d.conf.NodeAddress.String(), d.conf.NodeAddress.IPv4Address.String(), mode, d.conf.Device}
+		args = []string{d.conf.BpfDir, d.conf.RunDir, d.conf.NodeAddress.String(), d.conf.NodeAddress.IPv4Address.String(), mode, d.conf.Device}
 	} else {
 		if d.conf.IsLBEnabled() {
 			//FIXME: allow LBMode in tunnel
 			return fmt.Errorf("Unable to run LB mode with tunnel mode")
 		}
-		args = []string{d.conf.LibDir, d.conf.RunDir, d.conf.NodeAddress.String(), d.conf.NodeAddress.IPv4Address.String(), d.conf.Tunnel}
+		args = []string{d.conf.BpfDir, d.conf.RunDir, d.conf.NodeAddress.String(), d.conf.NodeAddress.IPv4Address.String(), d.conf.Tunnel}
 	}
 
-	out, err := exec.Command(filepath.Join(d.conf.LibDir, "init.sh"), args...).CombinedOutput()
+	out, err := exec.Command(filepath.Join(d.conf.BpfDir, "init.sh"), args...).CombinedOutput()
 	if err != nil {
 		log.Warningf("Command execution %s %s failed: %s",
-			filepath.Join(d.conf.LibDir, "init.sh"),
+			filepath.Join(d.conf.BpfDir, "init.sh"),
 			strings.Join(args, " "), err)
 		log.Warningf("Command output:\n%s", out)
 		return err
@@ -341,7 +341,7 @@ func (d *Daemon) init() error {
 	fw.Flush()
 	f.Close()
 
-	if !d.conf.DryMode {
+	if !d.DryModeEnabled() {
 		d.conf.OptsMU.RLock()
 		if err := d.compileBase(); err != nil {
 			d.conf.OptsMU.RUnlock()
@@ -428,12 +428,24 @@ func (c *Config) createIPAMConf() (*ipam.IPAMConfig, error) {
 	return ipamConf, nil
 }
 
+func (d *Daemon) restoreBPFtemplates() error {
+	if !d.conf.KeepTemplates {
+		if err := RestoreAssets(d.conf.RunDir, "bpf"); err != nil {
+			return fmt.Errorf("Unable to restore agent assets: %s", err)
+		}
+	}
+
+	return nil
+}
+
 // NewDaemon creates and returns a new Daemon with the parameters set in c.
 func NewDaemon(c *Config) (*Daemon, error) {
 	if c == nil {
 		return nil, fmt.Errorf("Configuration is nil")
 	}
 
+	c.BpfDir = filepath.Join(c.RunDir, defaults.BpfDir)
+
 	var kvClient kvstore.KVClient
 
 	// FIXME: This should really be a single configuration flag
@@ -475,6 +487,10 @@ func NewDaemon(c *Config) (*Daemon, error) {
 		ignoredContainers: make(map[string]int),
 	}
 
+	if err := d.restoreBPFtemplates(); err != nil {
+		return nil, err
+	}
+
 	d.listenForCiliumEvents()
 
 	if c.IsK8sEnabled() {

daemon/defaults/defaults.go

@@ -21,8 +21,8 @@ const (
 	// RuntimePathRights are the default access rights of the RuntimePath directory
 	RuntimePathRights = 0770
 
-	// LibDir is the default path to static library files
-	LibDir = "/usr/lib/cilium"
+	// BpfDir is the default path for template files relative to RuntimePath
+	BpfDir = "bpf"
 
 	// SockPath is the path to the UNIX domain socket exposing the API to clients locally
 	SockPath = RuntimePath + "/cilium.sock"

daemon/labels_test.go

@@ -59,8 +59,6 @@ var (
 
 func (ds *DaemonSuite) SetUpTest(c *C) {
 	time.Local = time.UTC
-	tempLibDir, err := ioutil.TempDir("", "cilium-test")
-	c.Assert(err, IsNil)
 	tempRunDir, err := ioutil.TempDir("", "cilium-test-run")
 	c.Assert(err, IsNil)
 	err = os.Mkdir(filepath.Join(tempRunDir, "globals"), 0777)
@@ -73,7 +71,6 @@ func (ds *DaemonSuite) SetUpTest(c *C) {
 		DryMode: true,
 		Opts:    option.NewBoolOptions(&options.Library),
 	}
-	daemonConf.LibDir = tempLibDir
 	daemonConf.RunDir = tempRunDir
 	daemonConf.LXCMap = nil
 	daemonConf.NodeAddress = nodeAddress
@@ -88,20 +85,13 @@ func (ds *DaemonSuite) SetUpTest(c *C) {
 	err = daemonConf.SetKVBackend()
 	c.Assert(err, IsNil)
 
-	d1 := []byte("#!/usr/bin/env bash\necho \"OK\"\n")
-	err = ioutil.WriteFile(filepath.Join(daemonConf.LibDir, "join_ep.sh"), d1, 0755)
-	c.Assert(err, IsNil)
-	err = ioutil.WriteFile(filepath.Join(daemonConf.LibDir, "init.sh"), d1, 0755)
-	c.Assert(err, IsNil)
-
 	d, err := NewDaemon(daemonConf)
 	c.Assert(err, IsNil)
 	ds.d = d
 	d.kvClient.DeleteTree(common.OperationalPath)
 }
 
 func (ds *DaemonSuite) TearDownTest(c *C) {
-	os.RemoveAll(ds.d.conf.LibDir)
 	os.RemoveAll(ds.d.conf.RunDir)
 }
 

daemon/main.go

@@ -108,13 +108,14 @@ func init() {
 	flags.StringVar(&labelPrefixFile, "label-prefix-file", "", "File with valid label prefixes")
 	flags.StringSliceVar(&validLabels, "labels", []string{},
 		"List of label prefixes used to determine identity of an endpoint")
-	flags.StringVar(&config.LibDir, "libdir", defaults.LibDir, "Path to directory with program templates")
 	flags.BoolVar(&enableLogstash, "logstash", false, "Enable logstash integration")
 	flags.StringVar(&logstashAddr, "logstash-agent", "127.0.0.1:8080", "Logstash agent address")
 	flags.Uint32Var(&logstashProbeTimer, "logstash-probe-timer", 10, "Logstash probe timer (seconds)")
 	flags.StringVarP(&v6Address, "node-address", "n", "", "IPv6 address of node, must be in correct format")
 	flags.BoolVar(&config.RestoreState, "restore", false,
 		"Restores state, if possible, from previous daemon")
+	flags.BoolVar(&config.KeepTemplates, "keep-templates", false,
+		"Do not restore template files from binary")
 	flags.StringVar(&config.RunDir, "state-dir", defaults.RuntimePath, "Path to directory to store runtime state")
 	flags.StringVar(&socketPath, "socket-path", defaults.SockPath, "Sets the socket path to listen for connections")
 	flags.StringVar(&config.LBInterface, "lb", "",

doc/installation.md

@@ -17,8 +17,7 @@ with existing networks.
 
 ## Manual Installation
 
-Running `make install` will install cilium binaries in your `bindir` and
-all required additional runtime files in `libdir/cilium`.
+Running `make install` will install cilium binaries in your `bindir`.
 
 Templates for integration into service management systems such as systemd
 and upstart can be found in the [`contrib`](../contrib) directory.

pkg/endpoint/bpf.go

@@ -199,7 +199,7 @@ func writeGeneve(prefix string, ep *Endpoint) ([]byte, error) {
 }
 
 func (e *Endpoint) runInit(owner Owner, prefix string) error {
-	libdir := owner.GetLibraryDir()
+	libdir := owner.GetBpfDir()
 	rundir := owner.GetRuntimeDir()
 	args := []string{libdir, rundir, prefix, e.IfName}
 

pkg/endpoint/owner.go

@@ -45,6 +45,6 @@ type Owner interface {
 	// Must return path to runtime directory
 	GetRuntimeDir() string
 
-	// Must return path to library directory
-	GetLibraryDir() string
+	// Must return path to BPF template files directory
+	GetBpfDir() string
 }

tests/00-fmt.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env sh
 
-diff="$(find . ! \( -path './vendor' -prune \) -type f -name '*.go' -print0 | xargs -0 gofmt -d -l -s )"
+diff="$(find . ! \( -path './vendor' -prune \) -type f -name '*.go' -print0 | grep -v bindata.go | xargs -0 gofmt -d -l -s )"
 
 if [ -n "$diff" ]; then
 	echo "Unformatted Go source code:"