From c234fc3f9500a793d84b717ac8e580f4cf346a88 Mon Sep 17 00:00:00 2001 From: Steve Milner Date: Wed, 5 Sep 2018 13:58:55 -0400 Subject: [PATCH] *: use podman instead of docker Signed-off-by: Steve Milner --- README.md | 4 ++-- hack/go-fmt.sh | 2 +- hack/go-lint.sh | 2 +- hack/go-vet.sh | 2 +- hack/shellcheck.sh | 2 +- hack/test-bazel-build-tarball.sh | 2 +- hack/tf-fmt.sh | 4 ++-- hack/tf-lint.sh | 2 +- hack/yaml-lint.sh | 2 +- modules/bootkube/resources/bootkube.service | 6 +----- modules/bootkube/resources/bootkube.sh | 16 ++++++++-------- scripts/maintenance/clean-aws.sh | 8 ++++---- scripts/maintenance/tag-aws.sh | 8 ++++---- 13 files changed, 28 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 9fe63da30c5..82723981650 100644 --- a/README.md +++ b/README.md @@ -18,9 +18,9 @@ These instructions can be used for AWS: bazel build tarball ``` - *Note*: the project can optionally be built without installing Bazel, provided Docker is installed: + *Note*: the project can optionally be built without installing Bazel, provided Podman is installed: ```sh - docker run --rm -v $PWD:$PWD:Z -w $PWD quay.io/coreos/tectonic-builder:bazel-v0.3 bazel --output_base=.cache build tarball + podman run --rm -v $PWD:$PWD:Z -w $PWD quay.io/coreos/tectonic-builder:bazel-v0.3 bazel --output_base=.cache build tarball ``` 3. Extract the tarball diff --git a/hack/go-fmt.sh b/hack/go-fmt.sh index 25d26280a4d..f63f972b34c 100755 --- a/hack/go-fmt.sh +++ b/hack/go-fmt.sh @@ -5,7 +5,7 @@ if [ "$IS_CONTAINER" != "" ]; then done git diff --exit-code else - docker run --rm \ + podman run --rm \ --env IS_CONTAINER=TRUE \ --volume "${PWD}:/go/src/github.com/openshift/installer:z" \ --workdir /go/src/github.com/openshift/installer \ diff --git a/hack/go-lint.sh b/hack/go-lint.sh index 4e26b8a7c52..e541837662d 100755 --- a/hack/go-lint.sh +++ b/hack/go-lint.sh @@ -4,7 +4,7 @@ if [ "$IS_CONTAINER" != "" ]; then golint -set_exit_status "${@}" else - docker run --rm \ + podman run --rm \ --env IS_CONTAINER=TRUE \ --volume "${PWD}:/go/src/github.com/openshift/installer:z" \ --workdir /go/src/github.com/openshift/installer \ diff --git a/hack/go-vet.sh b/hack/go-vet.sh index 1ee2de4cf8d..2be24009cf2 100755 --- a/hack/go-vet.sh +++ b/hack/go-vet.sh @@ -2,7 +2,7 @@ if [ "$IS_CONTAINER" != "" ]; then go vet "${@}" else - docker run --rm \ + podman run --rm \ --env IS_CONTAINER=TRUE \ --volume "${PWD}:/go/src/github.com/openshift/installer:z" \ --workdir /go/src/github.com/openshift/installer \ diff --git a/hack/shellcheck.sh b/hack/shellcheck.sh index 33d35e53c47..cc245e6b83f 100755 --- a/hack/shellcheck.sh +++ b/hack/shellcheck.sh @@ -6,7 +6,7 @@ if [ "$IS_CONTAINER" != "" ]; then -o -path "${TOP_DIR}/.build" -prune \ -o -type f -name '*.sh' -exec shellcheck --format=gcc {} \+ else - docker run --rm \ + podman run --rm \ --env IS_CONTAINER=TRUE \ --volume "${PWD}:/workdir:ro,z" \ --entrypoint sh \ diff --git a/hack/test-bazel-build-tarball.sh b/hack/test-bazel-build-tarball.sh index de84fca03cb..763cb41ebe1 100755 --- a/hack/test-bazel-build-tarball.sh +++ b/hack/test-bazel-build-tarball.sh @@ -3,7 +3,7 @@ if [ "$IS_CONTAINER" != "" ]; then set -x bazel --output_base=/tmp build "$@" tarball else - docker run --rm \ + podman run --rm \ --env IS_CONTAINER=TRUE \ --volume "${PWD}:${PWD}:z" \ --workdir "${PWD}" \ diff --git a/hack/tf-fmt.sh b/hack/tf-fmt.sh index e9ab0659249..228a2de4bef 100755 --- a/hack/tf-fmt.sh +++ b/hack/tf-fmt.sh @@ -1,11 +1,11 @@ #!/bin/sh -# in prow, already in container, so no 'docker run' +# in prow, already in container, so no 'podman run' if [ "$IS_CONTAINER" != "" ]; then set -x /terraform fmt -list -check -write=false else - docker run --rm \ + podman run --rm \ --env IS_CONTAINER=TRUE \ --volume "${PWD}:${PWD}:ro,z" \ --workdir "${PWD}" \ diff --git a/hack/tf-lint.sh b/hack/tf-lint.sh index 2291682b027..2eb6b363c49 100755 --- a/hack/tf-lint.sh +++ b/hack/tf-lint.sh @@ -2,7 +2,7 @@ if [ "$IS_CONTAINER" != "" ]; then tflint else - docker run --rm \ + podman run --rm \ --env IS_CONTAINER=TRUE \ --volume "${PWD}:/data:z" \ --entrypoint sh \ diff --git a/hack/yaml-lint.sh b/hack/yaml-lint.sh index 36f0e17dd3b..bba1a5f7990 100755 --- a/hack/yaml-lint.sh +++ b/hack/yaml-lint.sh @@ -2,7 +2,7 @@ if [ "$IS_CONTAINER" != "" ]; then yamllint --config-data "{extends: default, rules: {line-length: {level: warning, max: 120}}}" ./examples/ ./installer/ else - docker run --rm \ + podman run --rm \ --env IS_CONTAINER=TRUE \ --volume "${PWD}:/workdir:z" \ --entrypoint sh \ diff --git a/modules/bootkube/resources/bootkube.service b/modules/bootkube/resources/bootkube.service index b3ead980dd5..1f5c279ca64 100644 --- a/modules/bootkube/resources/bootkube.service +++ b/modules/bootkube/resources/bootkube.service @@ -2,16 +2,12 @@ Description=Bootstrap a Kubernetes cluster ConditionPathExists=!/opt/tectonic/init_bootkube.done Wants=kubelet.service -Requires=docker.service -After=kubelet.service docker.service +After=kubelet.service [Service] Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/tectonic -User=root -Group=root - ExecStart=/usr/bin/bash /opt/tectonic/bootkube.sh ExecStartPost=/bin/touch /opt/tectonic/init_bootkube.done diff --git a/modules/bootkube/resources/bootkube.sh b/modules/bootkube/resources/bootkube.sh index 35fe677f895..53a403ff555 100644 --- a/modules/bootkube/resources/bootkube.sh +++ b/modules/bootkube/resources/bootkube.sh @@ -4,7 +4,7 @@ set -e echo "Rendering Kubernetes core manifests..." # shellcheck disable=SC2154 -/usr/bin/docker run \ +/usr/bin/podman run \ --volume "$PWD:/assets:z" \ --volume /etc/kubernetes:/etc/kubernetes:z \ "${kube_core_renderer_image}" \ @@ -14,7 +14,7 @@ echo "Rendering Kubernetes core manifests..." echo "Rendering TNC manifests..." # shellcheck disable=SC2154 -/usr/bin/docker run \ +/usr/bin/podman run \ --user 0 \ --volume "$PWD:/assets:z" \ "${tnc_operator_image}" \ @@ -29,14 +29,13 @@ cp "$PWD/tnc-bootstrap/tectonic-node-controller-config.yaml" /etc/kubernetes/tnc # We originally wanted to run the etcd cert signer as # a static pod, but kubelet could't remove static pod # when API server is not up, so we have to run this as -# docker container. +# podman container. # See https://github.com/kubernetes/kubernetes/issues/43292 echo "Starting etcd certificate signer..." # shellcheck disable=SC2154 -SIGNER=$(/usr/bin/docker run -d \ - --tmpfs /tmp \ +SIGNER=$(/usr/bin/podman run -d \ --volume /opt/tectonic/tls:/opt/tectonic/tls:ro,z \ --network host \ "${etcd_cert_signer_image}" \ @@ -57,8 +56,9 @@ i=0 while true; do set +e # shellcheck disable=SC2154,SC2086 - /usr/bin/docker run \ + /usr/bin/podman run \ --rm \ + --network host \ --name etcdctl \ --env ETCDCTL_API=3 \ --volume /opt/tectonic/tls:/opt/tectonic/tls:ro,z \ @@ -86,7 +86,7 @@ done echo "etcd cluster up. Killing etcd certificate signer..." -/usr/bin/docker kill "$SIGNER" +/usr/bin/podman kill "$SIGNER" rm /etc/kubernetes/manifests/tectonic-node-controller-pod.yaml cp -r "$PWD/bootstrap-configs" /etc/kubernetes/bootstrap-configs @@ -94,7 +94,7 @@ cp -r "$PWD/bootstrap-configs" /etc/kubernetes/bootstrap-configs echo "Starting bootkube..." # shellcheck disable=SC2154 -/usr/bin/docker run \ +/usr/bin/podman run \ --volume "$PWD:/assets:z" \ --volume /etc/kubernetes:/etc/kubernetes:z \ --network=host \ diff --git a/scripts/maintenance/clean-aws.sh b/scripts/maintenance/clean-aws.sh index 2497d247e10..4e27dab11e8 100755 --- a/scripts/maintenance/clean-aws.sh +++ b/scripts/maintenance/clean-aws.sh @@ -4,7 +4,7 @@ usage() { cat </dev/null || ! command -V jq >/dev/null; then +if ! command -V podman >/dev/null || ! command -V jq >/dev/null; then echo "Missing required dependencies" >&2 exit 1 fi @@ -155,9 +155,9 @@ if [ ! $force ]; then fi fi -trap 'docker stop grafiti-deleter; exit' EXIT +trap 'podman stop grafiti-deleter; exit' EXIT -docker run -t --rm --name grafiti-deleter \ +podman run -t --rm --name grafiti-deleter \ -v "$tmp_dir":/tmp/config:z \ -e AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \ -e AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \ diff --git a/scripts/maintenance/tag-aws.sh b/scripts/maintenance/tag-aws.sh index 211356de0c8..e23a486d589 100755 --- a/scripts/maintenance/tag-aws.sh +++ b/scripts/maintenance/tag-aws.sh @@ -5,7 +5,7 @@ usage() { $(basename "$0") tags AWS resources with 'expirationDate: some-date-string', defaulting to tomorrow's date, and excludes all resources tagged with -tag keys/values specified in an 'exclude' file. Requires that 'docker' is +tag keys/values specified in an 'exclude' file. Requires that 'podman' is installed. AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environmental variables must be set. @@ -101,7 +101,7 @@ while [ $# -gt 0 ]; do shift done -if ! command -V docker >/dev/null; then +if ! command -V podman >/dev/null; then echo "Missing required dependencies" >&2 exit 1 fi @@ -181,9 +181,9 @@ if [ ! $force ]; then fi fi -trap 'docker stop grafiti-tagger; exit' EXIT +trap 'podman stop grafiti-tagger; exit' EXIT -docker run -t --rm --name grafiti-tagger \ +podman run -t --rm --name grafiti-tagger \ -v "$tmp_dir":/tmp/config:z \ -e AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \ -e AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \