pre-install: Configure nydus snapshotter in containerd

Signed-off-by: ChengyuZhu6 <[email protected]>
confidential-containers · Aug 23, 2023 · 47483bf · 47483bf
1 parent abeab9c
commit 47483bf
Showing 1 changed file with 46 additions and 5 deletions.
diff --git a/install/pre-install-payload/scripts/container-engine-for-cc-deploy.sh b/install/pre-install-payload/scripts/container-engine-for-cc-deploy.sh
@@ -4,6 +4,8 @@ set -o errexit
 set -o pipefail
 set -o nounset
 
+containerd_config="/etc/containerd/config.toml"
+
 die() {
 	msg="$*"
 	echo "ERROR: $msg" >&2
@@ -20,7 +22,7 @@ function get_container_engine() {
 		die "${container_engine} is not yet supported"
 	fi
 
-	echo "$container_engine"	
+	echo "$container_engine"
 }
 
 function set_container_engine() {
@@ -36,6 +38,9 @@ function install_artifacts() {
 
 	install -D -m 755 ${artifacts_dir}/opt/confidential-containers/bin/containerd /opt/confidential-containers/bin/containerd
 	install -D -m 644 ${artifacts_dir}/etc/systemd/system/containerd.service.d/containerd-for-cc-override.conf /etc/systemd/system/containerd.service.d/containerd-for-cc-override.conf
+	if [ "$SNAPSHOTTER" == "nydus" ]; then
+		install -D -m 755 ${artifacts_dir}/opt/confidential-containers/bin/containerd-nydus-grpc /opt/confidential-containers/bin/containerd-nydus-grpc
+	fi
 }
 
 function uninstall_artifacts() {
@@ -45,7 +50,14 @@ function uninstall_artifacts() {
 	rm -f /etc/systemd/system/${container_engine}.service.d/${container_engine}-for-cc-override.conf
 	echo "Removing the systemd drop-in file's directory, if empty"
 	[ -d /etc/systemd/system/${container_engine}.service.d ] && rmdir --ignore-fail-on-non-empty /etc/systemd/system/${container_engine}.service.d
-
+
+	if [ "$SNAPSHOTTER" == "nydus" ]; then
+		echo "Removing the nydus-snapshotter binary"
+		rm -f /opt/confidential-containers/bin/containerd-nydus-grpc
+		echo "unplugging the nydus-snapshotter from containerd"
+		remove_snapshotter_from_containerd
+	fi
+
 	restart_systemd_service
 
 	echo "Removing the containerd binary"
@@ -61,6 +73,34 @@ function restart_systemd_service() {
 	host_systemctl restart "${container_engine}"
 }
 
+function config_containerd() {
+	echo "configure snapshotter in containerd"
+
+	if [ ! -f "$containerd_config" ]; then
+		die "failed to find containerd config"
+	fi
+
+	if [ "$SNAPSHOTTER" == "nydus" ]; then
+		echo "Plug nydus snapshotter into containerd"
+		snapshotter_socket="/run/containerd-nydus/containerd-nydus-grpc.sock"
+	fi
+	proxy_config="  [proxy_plugins.$SNAPSHOTTER]\n    type = \"snapshot\"\n    address = ${snapshotter_socket}"
+
+	if grep -q "\[proxy_plugins\]" "$containerd_config"; then
+		sed -i '/\[proxy_plugins\]/a\'"$proxy_config" "$containerd_config"
+	else
+		echo -e "[proxy_plugins]" >>"$containerd_config"
+		echo -e "$proxy_config" >>"$containerd_config"
+	fi
+}
+function remove_snapshotter_from_containerd() {
+	if [ ! -f "$containerd_config" ]; then
+		die "failed to find containerd config"
+	fi
+	if [ "$SNAPSHOTTER" == "nydus" ]; then
+		sed -i '/\[proxy_plugins.nydus\]/,/address = "\/run\/containerd-nydus\/containerd-nydus-grpc\.sock"/d' "$containerd_config"
+	fi
+}
 label_node() {
 	case "${1}" in
 	install)
@@ -69,8 +109,7 @@ label_node() {
 	uninstall)
 		kubectl label node "${NODE_NAME}" cc-postuninstall/done=true
 		;;
-	*)
-		;;
+	*) ;;
 	esac
 }
 
@@ -95,6 +134,9 @@ function main() {
 	case "${action}" in
 	install)
 		install_artifacts
+		if [ "$SNAPSHOTTER" == "nydus" ]; then
+			config_containerd
+		fi
 		restart_systemd_service
 		;;
 	uninstall)
@@ -114,7 +156,6 @@ function main() {
 
 	label_node "${action}"
 
-
 	# It is assumed this script will be called as a daemonset. As a result, do
 	# not return, otherwise the daemon will restart and reexecute the script.
 	sleep infinity