system

package
v1.9.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 28, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var DefaultReporter = &StreamReporter{
	WriteStream: os.Stdout,
}

DefaultReporter is the default Reporter

View Source 
var DefaultSysSpec = SysSpec{
	OS: "Linux",
	KernelSpec: KernelSpec{

		Versions:     []string{`^4\.19.*$`, `^4\.[2-9][0-9].*$`, `^([5-9]|[1-9][0-9]+)\.([0-9]+)\.([0-9]+).*$`},
		VersionsNote: "Recommended LTS version from the 4.x series is 4.19. Any 5.x or 6.x versions are also supported. For cgroups v2 support, the minimal version is 4.15 and the recommended version is 5.8+",

		Required: []KernelConfig{
			{Name: "NAMESPACES"},
			{Name: "NET_NS"},
			{Name: "PID_NS"},
			{Name: "IPC_NS"},
			{Name: "UTS_NS"},
			{Name: "CGROUPS"},
			{Name: "CGROUP_BPF"},
			{Name: "CGROUP_CPUACCT"},
			{Name: "CGROUP_DEVICE"},
			{Name: "CGROUP_FREEZER"},
			{Name: "CGROUP_PIDS"},
			{Name: "CGROUP_SCHED"},
			{Name: "CPUSETS"},
			{Name: "MEMCG"},
			{Name: "INET"},
			{Name: "EXT4_FS"},
			{Name: "PROC_FS"},
			{Name: "NETFILTER_XT_TARGET_REDIRECT", Aliases: []string{"IP_NF_TARGET_REDIRECT"}},
			{Name: "NETFILTER_XT_MATCH_COMMENT"},
			{Name: "FAIR_GROUP_SCHED"},
		},
		Optional: []KernelConfig{
			{Name: "OVERLAY_FS", Aliases: []string{"OVERLAYFS_FS"}, Description: "Required for overlayfs."},
			{Name: "AUFS_FS", Description: "Required for aufs."},
			{Name: "BLK_DEV_DM", Description: "Required for devicemapper."},
			{Name: "CFS_BANDWIDTH", Description: "Required for CPU quota."},
			{Name: "CGROUP_HUGETLB", Description: "Required for hugetlb cgroup."},
			{Name: "SECCOMP", Description: "Required for seccomp."},
			{Name: "SECCOMP_FILTER", Description: "Required for seccomp mode 2."},
		},
		Forbidden: []KernelConfig{},
	},
	Cgroups: []string{"cpu", "cpuacct", "cpuset", "devices", "freezer", "memory", "pids"},
	CgroupsOptional: []string{

		"hugetlb",

		"blkio",
	},
	CgroupsV2: []string{"cpu", "cpuset", "devices", "freezer", "memory", "pids"},
	CgroupsV2Optional: []string{
		"hugetlb",

		"io",
	},
	RuntimeSpec: RuntimeSpec{
		DockerSpec: &DockerSpec{
			Version:     []string{`1\.1[1-3]\..*`, `17\.0[3,6,9]\..*`, `18\.0[6,9]\..*`, `19\.03\..*`, `20\.10\..*`},
			GraphDriver: []string{"aufs", "btrfs", "overlay", "overlay2", "devicemapper", "zfs"},
		},
	},
}

DefaultSysSpec is the default SysSpec for Linux

Functions

func Validate 

func Validate(spec SysSpec, validators []Validator) ([]error, []error)

Validate uses validators to validate the system and returns a warning or error.

func ValidateSpec 

func ValidateSpec(spec SysSpec, containerRuntime string) ([]error, []error)

ValidateSpec uses all default validators to validate the system and writes to stdout.

Types

type CgroupsValidator 

type CgroupsValidator struct {
	Reporter Reporter
}

CgroupsValidator validates cgroup configuration.

func (*CgroupsValidator) Name 

func (c *CgroupsValidator) Name() string

Name is part of the system.Validator interface.

func (*CgroupsValidator) Validate 

func (c *CgroupsValidator) Validate(spec SysSpec) (warns, errs []error)

Validate is part of the system.Validator interface.

type DockerSpec 

type DockerSpec struct {
	// Version is a group of regex matching supported docker versions.
	Version []string `json:"version,omitempty"`
	// GraphDriver is the graph drivers supported by kubelet.
	GraphDriver []string `json:"graphDriver,omitempty"`
}

DockerSpec defines the requirement configuration for docker. Currently, it only contains spec for graph driver.

type DockerValidator 

type DockerValidator struct {
	Reporter Reporter
}

DockerValidator validates docker configuration.

func (*DockerValidator) Name 

func (d *DockerValidator) Name() string

Name is part of the system.Validator interface.

func (*DockerValidator) Validate 

func (d *DockerValidator) Validate(spec SysSpec) ([]error, []error)

Validate is part of the system.Validator interface. TODO(random-liu): Add more validating items.

type KernelConfig 

type KernelConfig struct {
	// Name is the general name of the kernel configuration. It is used to
	// match kernel configuration.
	Name string `json:"name,omitempty"`
	// TODO(yguo0905): Support the "or" operation, which will be the same
	// as the "aliases".
	//
	// Aliases are aliases of the kernel configuration. Some configuration
	// has different names in different kernel version. Names of different
	// versions will be treated as aliases.
	Aliases []string `json:"aliases,omitempty"`
	// Description is the description of the kernel configuration, for example:
	//  * What is it used for?
	//  * Why is it needed?
	//  * Who needs it?
	Description string `json:"description,omitempty"`
}

KernelConfig defines one kernel configuration item.

type KernelSpec 

type KernelSpec struct {
	// Versions define supported kernel version. It is a group of regexps.
	Versions []string `json:"versions,omitempty"`
	// VersionsNote provides additional information if Versions do not match.
	VersionsNote string `json:"versionsNote,omitempty"`
	// Required contains all kernel configurations required to be enabled
	// (built in or as module).
	Required []KernelConfig `json:"required,omitempty"`
	// Optional contains all kernel configurations are required for optional
	// features.
	Optional []KernelConfig `json:"optional,omitempty"`
	// Forbidden contains all kernel configurations which areforbidden (disabled
	// or not set)
	Forbidden []KernelConfig `json:"forbidden,omitempty"`
}

KernelSpec defines the specification for the kernel. Currently, it contains specification for:

  • Kernel Version
  • Kernel Configuration

type KernelValidator 

type KernelValidator struct {
	Reporter Reporter
	// contains filtered or unexported fields
}

KernelValidator validates kernel. Currently only validate kernel version and kernel configuration.

func (*KernelValidator) Name 

func (k *KernelValidator) Name() string

Name is part of the system.Validator interface.

func (*KernelValidator) Validate 

func (k *KernelValidator) Validate(spec SysSpec) ([]error, []error)

Validate is part of the system.Validator interface.

type KernelValidatorHelper 

type KernelValidatorHelper interface {
	// GetKernelReleaseVersion gets the current kernel release version of the system
	GetKernelReleaseVersion() (string, error)
}

KernelValidatorHelper is an interface intended to help with os specific kernel validation

type KernelValidatorHelperImpl 

type KernelValidatorHelperImpl struct{}

KernelValidatorHelperImpl is the 'linux' implementation of KernelValidatorHelper

func (*KernelValidatorHelperImpl) GetKernelReleaseVersion 

func (o *KernelValidatorHelperImpl) GetKernelReleaseVersion() (string, error)

GetKernelReleaseVersion returns the kernel release version (ex. 4.4.0-96-generic) as a string

type OSValidator 

type OSValidator struct {
	Reporter Reporter
}

OSValidator validates OS.

func (*OSValidator) Name 

func (o *OSValidator) Name() string

Name is part of the system.Validator interface.

func (*OSValidator) Validate 

func (o *OSValidator) Validate(spec SysSpec) ([]error, []error)

Validate is part of the system.Validator interface.

type PackageSpec 

type PackageSpec struct {
	// Name is the name of the package to be checked.
	Name string `json:"name,omitempty"`
	// VersionRange represents a range of versions that the package must
	// satisfy. Note that the version requirement will not be enforced if
	// the version range is empty. For example,
	// - "" would match any versions but the package must be installed.
	// - ">=1" would match "1.0.0", "1.0.1", "1.1.0", and "2.0".
	// - ">1.0 <2.0" would match between both ranges, so "1.1.1" and "1.8.7"
	//   but not "1.0.0" or "2.0.0".
	// - "<2.0.0 || >=3.0.0" would match "1.0.0" and "3.0.0" but not "2.0.0".
	VersionRange string `json:"versionRange,omitempty"`
	// Description explains the reason behind this package requirements.
	//
	// TODO(yguo0905): Print the description where necessary.
	Description string `json:"description,omitempty"`
}

PackageSpec defines the required packages and their versions. PackageSpec is only supported on OS distro with Debian package manager.

TODO(yguo0905): Support operator OR of multiple packages for the case where either "foo (>=1.0)" or "bar (>=2.0)" is required.

type PackageSpecOverride 

type PackageSpecOverride struct {
	// OSDistro identifies to which OS distro this override applies.
	// Must be "ubuntu", "cos" or "coreos".
	OSDistro string `json:"osDistro,omitempty"`
	// Subtractions is a list of package names that are excluded from the
	// package spec.
	Subtractions []PackageSpec `json:"subtractions,omitempty"`
	// Additions is a list of additional package requirements included the
	// package spec.
	Additions []PackageSpec `json:"additions,omitempty"`
}

PackageSpecOverride defines the overrides on the PackageSpec for an OS distro.

type Reporter 

type Reporter interface {
	// Report reports the results of the system verification
	Report(string, string, ValidationResultType) error
}

Reporter is the interface for the reporters for the validators.

type RuntimeSpec 

type RuntimeSpec struct {
	*DockerSpec `json:",inline"`
}

RuntimeSpec is the abstract layer for different runtimes. Different runtimes should put their spec inside the RuntimeSpec.

type StreamReporter 

type StreamReporter struct {
	// The stream that this reporter is writing to
	WriteStream io.Writer
}

StreamReporter is the default reporter for the system verification test.

func (*StreamReporter) Report 

func (dr *StreamReporter) Report(key, value string, resultType ValidationResultType) error

Report reports validation result in different color depending on the result type.

type SysSpec 

type SysSpec struct {
	// OS is the operating system of the SysSpec.
	OS string `json:"os,omitempty"`
	// KernelConfig defines the spec for kernel.
	KernelSpec KernelSpec `json:"kernelSpec,omitempty"`

	// Cgroups is the required cgroups.
	Cgroups []string `json:"cgroups,omitempty"`
	// CgroupsOptional is the optional cgroups.
	CgroupsOptional []string `json:"cgroupsOptional,omitempty"`
	// CgroupsV2 is the required cgroups v2.
	CgroupsV2 []string `json:"cgroupsV2,omitempty"`
	// CgroupsV2Optional is the optional cgroups v2.
	CgroupsV2Optional []string `json:"cgroupsV2Optional,omitempty"`

	// RuntimeSpec defines the spec for runtime.
	RuntimeSpec RuntimeSpec `json:"runtimeSpec,omitempty"`
	// PackageSpec defines the required packages and their versions.
	PackageSpecs []PackageSpec `json:"packageSpecs,omitempty"`
	// PackageSpec defines the overrides of the required packages and their
	// versions for an OS distro.
	PackageSpecOverrides []PackageSpecOverride `json:"packageSpecOverrides,omitempty"`
}

SysSpec defines the requirement of supported system. Currently, it only contains spec for OS, Kernel and Cgroups.

type ValidationResultType 

type ValidationResultType int32

ValidationResultType is type of the validation result. Different validation results corresponds to different colors.

type Validator 

type Validator interface {
	// Name is the name of the validator.
	Name() string
	// Validate is the validate function.
	Validate(SysSpec) ([]error, []error)
}

Validator is the interface for all validators.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.