talos
165 строк · 4.6 Кб
1// This Source Code Form is subject to the terms of the Mozilla Public2// License, v. 2.0. If a copy of the MPL was not distributed with this3// file, You can obtain one at http://mozilla.org/MPL/2.0/.4// Package services contains definitions for non-system services.6package services7import (9"errors"10"fmt"11"path/filepath"12"regexp"13"github.com/hashicorp/go-multierror"15"github.com/opencontainers/runtime-spec/specs-go"16"github.com/siderolabs/talos/pkg/machinery/nethelpers"18)19// Spec is represents non-system service definition.21type Spec struct {22// Name of the service to run, will be prefixed with `ext-` when registered as Talos service.23//24// Valid: [-_a-z0-9]+25Name string `yaml:"name"`26// Container to run.27//28// Container rootfs should be extracted to the /usr/local/lib/containers/<name>.29Container Container `yaml:"container"`30// Service dependencies.31Depends []Dependency `yaml:"depends"`32// Restart configuration.33Restart RestartKind `yaml:"restart"`34}35// Container specifies service container to run.37type Container struct {38// Entrypoint for the service, relative to the container rootfs.39Entrypoint string `yaml:"entrypoint"`40// Environment variables for the service.41Environment []string `yaml:"environment"`42// EnvironmentFile to load environment vars before running the service.43EnvironmentFile string `yaml:"environmentFile"`44// Args to pass to the entrypoint.45Args []string `yaml:"args"`46// Volume mounts.47Mounts []specs.Mount `yaml:"mounts"`48// Security options.49Security Security `yaml:"security"`50}51// Security options for containers.53type Security struct {54// WriteableSysfs makes the '/sys' path writeable in the container namespace if set to true.55WriteableSysfs bool `yaml:"writeableSysfs"`56// MaskedPaths is a list of paths in the container namespace that should not be readable.57MaskedPaths []string `yaml:"maskedPaths"`58// ReadonlyPaths is a list of paths in the container namespace that should be read-only.59ReadonlyPaths []string `yaml:"readonlyPaths"`60// WriteableRootfs61WriteableRootfs bool `yaml:"writeableRootfs"`62// RootfsPropagation is the propagation mode for the rootfs mount.63RootfsPropagation string `yaml:"rootfsPropagation,omitempty"`64}65// Dependency describes a service Dependency.67//68// Only a single dependency out of the list might be specified.69type Dependency struct {70// Depends on a service being running and healthy (if health checks are available).71Service string `yaml:"service,omitempty"`72// Depends on file/directory existence.73Path string `yaml:"path,omitempty"`74// Network readiness checks.75//76// Valid options are nethelpers.Status string values.77Network []nethelpers.Status `yaml:"network,omitempty"`78// Time sync check.79Time bool `yaml:"time,omitempty"`80// Depends on configuration files to be present.81Configuration bool `yaml:"configuration,omitempty"`82}83var nameRe = regexp.MustCompile(`^[-_a-z0-9]{1,}$`)85// Validate the service spec.87func (spec *Spec) Validate() error {88var multiErr *multierror.Error89if !nameRe.MatchString(spec.Name) {91multiErr = multierror.Append(multiErr, fmt.Errorf("name %q is invalid", spec.Name))92}93if !spec.Restart.IsARestartKind() {95multiErr = multierror.Append(multiErr, fmt.Errorf("restart kind is invalid: %s", spec.Restart))96}97multiErr = multierror.Append(multiErr, spec.Container.Validate())99for _, dep := range spec.Depends {101multiErr = multierror.Append(multiErr, dep.Validate())102}103return multiErr.ErrorOrNil()105}106// Validate the container spec.108func (ctr *Container) Validate() error {109var multiErr *multierror.Error110if ctr.Entrypoint == "" {112multiErr = multierror.Append(multiErr, errors.New("container endpoint can't be empty"))113}114return multiErr.ErrorOrNil()116}117// Validate the dependency spec.119//120//nolint:gocyclo121func (dep *Dependency) Validate() error {122var multiErr *multierror.Error123nonZeroDeps := 0125if dep.Service != "" {127nonZeroDeps++128}129if dep.Path != "" {131nonZeroDeps++132if !filepath.IsAbs(dep.Path) {134multiErr = multierror.Append(multiErr, fmt.Errorf("path is not absolute: %q", dep.Path))135}136}137if len(dep.Network) > 0 {139nonZeroDeps++140for _, st := range dep.Network {142if !st.IsAStatus() {143multiErr = multierror.Append(multiErr, fmt.Errorf("invalid network dependency: %s", st))144}145}146}147if dep.Time {149nonZeroDeps++150}151if dep.Configuration {153nonZeroDeps++154}155if nonZeroDeps == 0 {157multiErr = multierror.Append(multiErr, errors.New("no dependency specified"))158}159if nonZeroDeps > 1 {161multiErr = multierror.Append(multiErr, errors.New("more than a single dependency is set"))162}163return multiErr.ErrorOrNil()165}166