Skip to content

Commit

Permalink
Cleanup execution environment across wrappers and entrypoints (#4147)
Browse files Browse the repository at this point in the history
  • Loading branch information
@neoaggelos
neoaggelos authored Sep 18, 2023
1 parent 1d6ea95 commit 0a02b02
Show file tree
Hide file tree
Showing 42 changed files with 198 additions and 302 deletions.
110 changes: 59 additions & 51 deletions microk8s-resources/actions/common/utils.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,35 +89,14 @@ remove_vxlan_interfaces() {
}

run_with_sudo() {
# As we call the sudo binary of the host we have to make sure we do not change the LD_LIBRARY_PATH used
if (is_strict)
then
if [ "$1" == "preserve_env" ]
then
shift
fi
if [ "$1" == "preserve_env" ]; then
shift
fi
if (is_strict); then
"$@"
else
if [ -n "${LD_LIBRARY_PATH-}" ]
then
GLOBAL_LD_LIBRARY_PATH="$LD_LIBRARY_PATH"
local LD_LIBRARY_PATH=""
if [ "$1" == "preserve_env" ]
then
shift
sudo -E LD_LIBRARY_PATH="$GLOBAL_LD_LIBRARY_PATH" "$@"
else
sudo LD_LIBRARY_PATH="$GLOBAL_LD_LIBRARY_PATH" "$@"
fi
else
if [ "$1" == "preserve_env" ]
then
shift
sudo -E "$@"
else
sudo "$@"
fi
fi
local SAVE_LD_LIBRARY_PATH="${LD_LIBRARY_PATH}"
LD_LIBRARY_PATH="" sudo -E PATH="${PATH}" LD_LIBRARY_PATH="${SAVE_LD_LIBRARY_PATH}" PYTHONPATH="${PYTHONPATH:-}" "$@"
fi
}

Expand Down Expand Up @@ -1152,30 +1131,6 @@ sign_certificate() {
echo "$csr" | ${SNAP}/usr/bin/openssl x509 -req -sha256 -CA "${SNAP_DATA}/certs/ca.crt" -CAkey "${SNAP_DATA}/certs/ca.key" -CAcreateserial -days 3650 -extfile <(echo "${extensions}")
}

# check if this file is run with arguments
if [[ "$0" == "${BASH_SOURCE}" ]] &&
[[ ! -z "$1" ]]
then
# call help
if echo "$*" | $SNAP/bin/grep -q -- 'help'; then
echo "usage: $0 [function]"
echo ""
echo "Run a utility function and return the output."
echo ""
echo "available functions:"
declare -F | gawk '{print "- "$3}'
exit 0
fi

if declare -F "$1" > /dev/null
then
$1 ${@:2}
exit $?
else
echo "Function does not exist: $1" >&2
exit 1
fi
fi

exit_if_low_memory_guard() {
if [ -e ${SNAP_DATA}/var/lock/low-memory-guard.lock ]
Expand Down Expand Up @@ -1385,3 +1340,56 @@ increase_sysctl_parameter() {
fi
fi
}

use_snap_env() {
# Configure snap paths for PATH LD_LIBRARY_PATH
export PATH="$SNAP/bin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/usr/sbin:$PATH"
export LD_LIBRARY_PATH="$SNAP_LIBRARY_PATH:$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$SNAPCRAFT_ARCH_TRIPLET:$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET:$SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/ceph:${LD_LIBRARY_PATH:-}"
export OPENSSL_CONF="$SNAP/etc/ssl/openssl.cnf"

# Python configuration
export PYTHONPATH="$SNAP/usr/lib/python3.8:$SNAP/lib/python3.8/site-packages:$SNAP/usr/lib/python3/dist-packages"
export PYTHONNOUSERSITE=false

# NOTE(neoaggelos/2023-08-14):
# we cannot list system locales from snap. instead, we attempt
# well-known locales for Ubuntu/Debian/CentOS and check whether
# they are available on the system.
# if they are, set them for the current shell.
for locale in C.UTF-8 en_US.UTF-8 en_US.utf8; do
if [ -z "$(export LC_ALL=$locale 2>&1)" ]; then
export LC_ALL="${LC_ALL:-$locale}"
export LANG="${LC_ALL:-$locale}"
break
fi
done

# Configure XDG_RUNTIME_DIR
export XDG_RUNTIME_DIR="${SNAP_COMMON}/run"
mkdir -p "${XDG_RUNTIME_DIR}"
}

# check if this file is run with arguments
if [[ "$0" == "${BASH_SOURCE}" ]] &&
[[ ! -z "$1" ]]
then
# call help
if echo "$*" | grep -q -- 'help'; then
echo "usage: $0 [function]"
echo ""
echo "Run a utility function and return the output."
echo ""
echo "available functions:"
declare -F | gawk '{print "- "$3}'
exit 0
fi

if declare -F "$1" > /dev/null
then
$1 ${@:2}
exit $?
else
echo "Function does not exist: $1" >&2
exit 1
fi
fi
4 changes: 3 additions & 1 deletion microk8s-resources/default-hooks/reconcile.d/90-calico-apply
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
#!/bin/bash
#!/usr/bin/env bash

. "${SNAP}/actions/common/utils.sh"

use_snap_env

KUBECTL="${SNAP}/microk8s-kubectl.wrapper"

if [ -e "${SNAP_DATA}/args/cni-network/cni.yaml" ] &&
Expand Down
11 changes: 3 additions & 8 deletions microk8s-resources/wrappers/apiservice-kicker
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,11 @@
#!/bin/bash
#!/usr/bin/env bash

set -eu

export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
ARCH="$($SNAP/bin/uname -m)"
export LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
export LD_LIBRARY_PATH=$SNAP_LIBRARY_PATH:$LD_LIBRARY_PATH
export LC_ALL="${LC_ALL:-C.UTF-8}"
export LANG="${LANG:-C.UTF-8}"

source $SNAP/actions/common/utils.sh

use_snap_env

if [ -e ${SNAP_DATA}/var/lock/clustered.lock ]
then
echo "api service kicker will not run on a cluster node"
Expand Down
7 changes: 5 additions & 2 deletions microk8s-resources/wrappers/git.wrapper
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
#!/bin/bash
#!/usr/bin/env bash

. $SNAP/actions/common/utils.sh

use_snap_env

export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
export GIT_EXEC_PATH="$SNAP/usr/lib/git-core"
export GIT_TEMPLATE_DIR="$SNAP/usr/share/git-core/templates"
export GIT_CONFIG_NOSYSTEM=1
Expand Down
14 changes: 5 additions & 9 deletions microk8s-resources/wrappers/microk8s-add-node.wrapper
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,11 @@
#!/bin/bash
#!/usr/bin/env bash

set -eu

export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
ARCH="$($SNAP/bin/uname -m)"
export LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
export IN_SNAP_LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
export PYTHONNOUSERSITE=false

source $SNAP/actions/common/utils.sh

use_snap_env

if [ -e ${SNAP_DATA}/var/lock/clustered.lock ]
then
echo "This MicroK8s deployment is acting as a node in a cluster. Please use the microk8s add-node on the master."
Expand All @@ -18,7 +14,7 @@ fi

if echo "$*" | grep -q -- 'help'; then
# Call add_token.py help
LD_LIBRARY_PATH=$IN_SNAP_LD_LIBRARY_PATH ${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/add_token.py --help
${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/add_token.py --help
exit 0
fi

Expand Down Expand Up @@ -55,4 +51,4 @@ then
fi

# Use python's built-in (3.6+) secrets generator to produce the token.
LD_LIBRARY_PATH=$IN_SNAP_LD_LIBRARY_PATH ${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/add_token.py "${@}"
${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/add_token.py "${@}"
12 changes: 3 additions & 9 deletions microk8s-resources/wrappers/microk8s-addons.wrapper
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,11 @@
#!/bin/bash
#!/usr/bin/env bash

set -eu

source $SNAP/actions/common/utils.sh

export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"

ARCH="$($SNAP/bin/uname -m)"
export IN_SNAP_LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
export PYTHONNOUSERSITE=false
export LC_ALL="${LC_ALL:-C.UTF-8}"
export LANG="${LANG:-C.UTF-8}"
use_snap_env

exit_if_no_permissions

LD_LIBRARY_PATH=$IN_SNAP_LD_LIBRARY_PATH ${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/addons.py "${@}"
${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/addons.py "${@}"
6 changes: 3 additions & 3 deletions microk8s-resources/wrappers/microk8s-config.wrapper
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
#!/bin/bash
#!/usr/bin/env bash

set -eu

export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"

source $SNAP/actions/common/utils.sh

use_snap_env

if [ -e ${SNAP_DATA}/var/lock/clustered.lock ]
then
echo "This MicroK8s deployment is acting as a node in a cluster. Please use the microk8s config on the master."
Expand Down
22 changes: 8 additions & 14 deletions microk8s-resources/wrappers/microk8s-ctr.wrapper
View file
Original file line number Diff line number Diff line change
@@ -1,27 +1,21 @@
#!/bin/bash
#!/usr/bin/env bash

set -eu

export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
ARCH="$($SNAP/bin/uname -m)"
export IN_SNAP_LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"

source $SNAP/actions/common/utils.sh

SNAPSHOTTER=$(snapshotter)
use_snap_env

exit_if_no_permissions

export CONTAINERD_SNAPSHOTTER=$(snapshotter)

if ! [ -e $SNAP_DATA/args/ctr ]
then
echo "Arguments file $SNAP_DATA/args/ctr is missing."
exit 1
else
declare -a args="($(cat $SNAP_DATA/args/ctr))"
if is_strict
then
LD_LIBRARY_PATH="$IN_SNAP_LD_LIBRARY_PATH" CONTAINERD_SNAPSHOTTER="$SNAPSHOTTER" "${SNAP}/bin/ctr" "${args[@]}" "$@"
else
sudo -E LD_LIBRARY_PATH="$IN_SNAP_LD_LIBRARY_PATH" CONTAINERD_SNAPSHOTTER="$SNAPSHOTTER" "${SNAP}/bin/ctr" "${args[@]}" "$@"
fi
fi

declare -a args="($(cat $SNAP_DATA/args/ctr))"

run_with_sudo "${SNAP}/bin/ctr" "${args[@]}" "$@"
11 changes: 3 additions & 8 deletions microk8s-resources/wrappers/microk8s-dashboard-proxy.wrapper
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,11 @@
#!/bin/bash
#!/usr/bin/env bash
set -eu

ARCH="$($SNAP/bin/uname -m)"
export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
export IN_SNAP_LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
export PYTHONNOUSERSITE=false
source $SNAP/actions/common/utils.sh

export LC_ALL="${LC_ALL:-C.UTF-8}"
export LANG="${LANG:-C.UTF-8}"
use_snap_env

exit_if_not_root
exit_if_no_permissions

LD_LIBRARY_PATH=$IN_SNAP_LD_LIBRARY_PATH ${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/dashboard_proxy.py
${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/dashboard_proxy.py
11 changes: 4 additions & 7 deletions microk8s-resources/wrappers/microk8s-dbctl.wrapper
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,13 @@
#!/bin/bash
#!/usr/bin/env bash

set -eu

export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
ARCH="$($SNAP/bin/uname -m)"
export IN_SNAP_LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
export PYTHONNOUSERSITE=false

source $SNAP/actions/common/utils.sh

use_snap_env

exit_if_not_root

exit_if_no_permissions

LD_LIBRARY_PATH=$IN_SNAP_LD_LIBRARY_PATH ${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/dbctl.py "${@}"
${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/dbctl.py "${@}"
13 changes: 4 additions & 9 deletions microk8s-resources/wrappers/microk8s-disable.wrapper
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,11 @@
#!/bin/bash
#!/usr/bin/env bash

set -eu

export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
ARCH="$($SNAP/bin/uname -m)"
export IN_SNAP_LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
export PYTHONNOUSERSITE=false
export LC_ALL="${LC_ALL:-C.UTF-8}"
export LANG="${LANG:-C.UTF-8}"

source $SNAP/actions/common/utils.sh

use_snap_env

# avoid AppArmor denial in strict mode when running under sudo without -H

if is_strict
Expand All @@ -22,4 +17,4 @@ exit_if_not_root

exit_if_no_permissions

LD_LIBRARY_PATH=$IN_SNAP_LD_LIBRARY_PATH ${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/disable.py "${@}"
${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/disable.py "${@}"
14 changes: 4 additions & 10 deletions microk8s-resources/wrappers/microk8s-enable.wrapper
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,12 @@
#!/bin/bash
#!/usr/bin/env bash

set -eu

export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
ARCH="$($SNAP/bin/uname -m)"
export IN_SNAP_LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
export PYTHONNOUSERSITE=false
export LC_ALL="${LC_ALL:-C.UTF-8}"
export LANG="${LANG:-C.UTF-8}"

source $SNAP/actions/common/utils.sh

# avoid AppArmor denial in strict mode when running under sudo without -H
use_snap_env

# avoid AppArmor denial in strict mode when running under sudo without -H
if is_strict
then
cd "$SNAP"
Expand All @@ -22,4 +16,4 @@ exit_if_not_root

exit_if_no_permissions

LD_LIBRARY_PATH=$IN_SNAP_LD_LIBRARY_PATH ${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/enable.py "${@}"
${SNAP}/usr/bin/python3 ${SNAP}/scripts/wrappers/enable.py "${@}"
5 changes: 3 additions & 2 deletions microk8s-resources/wrappers/microk8s-helm.wrapper
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
#!/bin/bash
#!/usr/bin/env bash

export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
source $SNAP/actions/common/utils.sh

use_snap_env

if [ -e ${SNAP_DATA}/var/lock/clustered.lock ]
then
echo "This MicroK8s deployment is acting as a node in a cluster. Please use the microk8s helm on the master."
Expand Down
5 changes: 3 additions & 2 deletions microk8s-resources/wrappers/microk8s-helm3.wrapper
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
#!/bin/bash
#!/usr/bin/env bash

export PATH="$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH"
source $SNAP/actions/common/utils.sh

use_snap_env

if [ -e ${SNAP_DATA}/var/lock/clustered.lock ]
then
echo "This MicroK8s deployment is acting as a node in a cluster. Please use the microk8s helm on the master."
Expand Down
Loading

0 comments on commit 0a02b02

Please sign in to comment.