Merge pull request #957 from fasaxc/v3.19-node-init

[v3.19] Add calico-node -init command to mount bpffs.
projectcalico · Apr 23, 2021 · 8aaa80e · 8aaa80e
2 parents c22018e + 40cfca5
commit 8aaa80e
Show file tree

Hide file tree

Showing 3 changed files with 99 additions and 1 deletion.
diff --git a/cmd/calico-node/main.go b/cmd/calico-node/main.go
@@ -21,6 +21,7 @@ import (
 
 	confdConfig "github.com/kelseyhightower/confd/pkg/config"
 	confd "github.com/kelseyhightower/confd/pkg/run"
+	"github.com/projectcalico/node/pkg/nodeinit"
 
 	"github.com/sirupsen/logrus"
 
@@ -42,7 +43,8 @@ var flagSet = flag.NewFlagSet("Calico", flag.ContinueOnError)
 var version = flagSet.Bool("v", false, "Display version")
 var runFelix = flagSet.Bool("felix", false, "Run Felix")
 var runBPF = flagSet.Bool("bpf", false, "Run BPF debug tool")
-var runStartup = flagSet.Bool("startup", false, "Initialize a new node")
+var runInit = flagSet.Bool("init", false, "Do privileged initialisation of a new node (mount file systems etc).")
+var runStartup = flagSet.Bool("startup", false, "Do non-privileged start-up routine.")
 var monitorAddrs = flagSet.Bool("monitor-addresses", false, "Monitor change in node IP addresses")
 var runAllocateTunnelAddrs = flagSet.Bool("allocate-tunnel-addrs", false, "Configure tunnel addresses for this node")
 var allocateTunnelAddrsRunOnce = flagSet.Bool("allocate-tunnel-addrs-run-once", false, "Run allocate-tunnel-addrs in oneshot mode")
@@ -114,6 +116,9 @@ func main() {
 		// Command-line tools should log to stderr to avoid confusion with the output.
 		logrus.SetOutput(os.Stderr)
 		bpf.RunBPFCmd()
+	} else if *runInit {
+		logrus.SetFormatter(&logutils.Formatter{Component: "init"})
+		nodeinit.Run()
 	} else if *runStartup {
 		logrus.SetFormatter(&logutils.Formatter{Component: "startup"})
 		startup.Run()

diff --git a/pkg/nodeinit/calico-init_linux.go b/pkg/nodeinit/calico-init_linux.go
@@ -0,0 +1,74 @@
+// Copyright (c) 2021 Tigera, Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package nodeinit contains the calico-node -init command, which is intended to be run from
+// an init container to do privileged pre-flight initialisation.  At present, it mounts
+// the BPF filesystem so it is only useful for BPF mode.
+package nodeinit
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"strings"
+	"syscall"
+
+	"github.com/projectcalico/node/pkg/startup"
+	"github.com/sirupsen/logrus"
+)
+
+const bpfFSMountPoint = "/sys/fs/bpf"
+
+func Run() {
+	// Check $CALICO_STARTUP_LOGLEVEL to capture early log statements
+	startup.ConfigureLogging()
+
+	err := ensureBPFFilesystem()
+	if err != nil {
+		logrus.WithError(err).Error("Failed to mount BPF filesystem.")
+		os.Exit(2) // Using 2 just to distinguish from the usage error case.
+	}
+}
+
+func ensureBPFFilesystem() error {
+	// Check if the BPF filesystem is mounted at the expected location.
+	logrus.Info("Checking if BPF filesystem is mounted.")
+	mounts, err := os.Open("/proc/mounts")
+	if err != nil {
+		return fmt.Errorf("failed to open /proc/mounts: %w", err)
+	}
+	scanner := bufio.NewScanner(mounts)
+	for scanner.Scan() {
+		parts := strings.Split(scanner.Text(), " ")
+		mountPoint := parts[1]
+		fs := parts[2]
+
+		if mountPoint == bpfFSMountPoint && fs == "bpf" {
+			logrus.Info("BPF filesystem is mounted.")
+			return nil
+		}
+	}
+	if scanner.Err() != nil {
+		return fmt.Errorf("failed to read /proc/mounts: %w", scanner.Err())
+	}
+
+	// If we get here, the BPF filesystem is not mounted.  Try to mount it.
+	logrus.Info("BPF filesystem is not mounted.  Trying to mount it...")
+	err = syscall.Mount(bpfFSMountPoint, bpfFSMountPoint, "bpf", 0, "")
+	if err != nil {
+		return fmt.Errorf("failed to mount BPF filesystem: %w", err)
+	}
+	logrus.Info("Mounted BPF filesystem.")
+	return nil
+}
diff --git a/pkg/nodeinit/calico-init_windows.go b/pkg/nodeinit/calico-init_windows.go
@@ -0,0 +1,19 @@
+// Copyright (c) 2021 Tigera, Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package nodeinit
+
+func Run() {
+	// Unused on Windows.
+}