d8dfun/virtual-kubelet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

VMware vSphere Integrated Containers provider (#206)

Browse Source 
* Add Virtual Kubelet provider for VIC

Initial virtual kubelet provider for VMware VIC.  This provider currently
handles creating and starting of a pod VM via the VIC portlayer and persona
server.  Image store handling via the VIC persona server.  This provider
currently requires the feature/wolfpack branch of VIC.

* Added pod stop and delete.  Also added node capacity.

Added the ability to stop and delete pod VMs via VIC.  Also retrieve
node capacity information from the VCH.

* Cleanup and readme file

Some file clean up and added a Readme.md markdown file for the VIC
provider.

* Cleaned up errors, added function comments, moved operation code

1. Cleaned up error handling.  Set standard for creating errors.
2. Added method prototype comments for all interface functions.
3. Moved PodCreator, PodStarter, PodStopper, and PodDeleter to a new folder.

* Add mocking code and unit tests for podcache, podcreator, and podstarter

Used the unit test framework used in VIC to handle assertions in the provider's
unit test.  Mocking code generated using OSS project mockery, which is compatible
with the testify assertion framework.

* Vendored packages for the VIC provider

Requires feature/wolfpack branch of VIC and a few specific commit sha of
projects used within VIC.

* Implementation of POD Stopper and Deleter unit tests (#4)

* Updated files for initial PR
This commit is contained in:
Loc Nguyen
2018-06-04 15:41:32 -07:00
committed by Ria Bhatia
parent 98a111e8b7
commit 513cebe7b7
6296 changed files with 1123685 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

139
vendor/github.com/vmware/vic/isos/appliance-staging.sh generated vendored Executable file
View File

@@ -0,0 +1,139 @@
#!/bin/bash
# Copyright 2016 VMware, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Build the appliance filesystem ontop of the base
# exit on failure and configure debug, include util functions
set -e && [ -n "$DEBUG" ] && set -x
DIR=$(dirname $(readlink -f "$0"))
. $DIR/base/utils.sh
function usage() {
echo "Usage: $0 -c yum-cache(tgz) -p base-package(tgz) -o output-package(tgz)" 1>&2
exit 1
}
while getopts "c:p:o:" flag
do
case $flag in
p)
# Required. Package name
PACKAGE="$OPTARG"
;;
o)
# Required. Target for iso and source for components
OUT="$OPTARG"
;;
c)
# Optional. Offline cache of yum packages
cache="$OPTARG"
;;
*)
usage
;;
esac
done
shift $((OPTIND-1))
# check there were no extra args and the required ones are set
if [ ! -z "$*" -o -z "$PACKAGE" -o -z "${OUT}" ]; then
usage
fi
PKGDIR=$(mktemp -d)
unpack $PACKAGE $PKGDIR
#################################################################
# Above: arg parsing and setup
# Below: the image authoring
#################################################################
# Install VCH base packages
#
# List stable packages here
# e2fsprogs # for mkfs.ext4
# procps-ng # for ps
# iputils # for ping
# iproute2 # for ip
# iptables # for iptables
# net-tools # for netstat
# openssh # for ssh server
# sudo # for sudo
#
# Temporary packages list here
# systemd # for convenience only at this time
# tndf # so we can deploy other packages into the appliance live - MUST BE REMOVED FOR SHIPPING
# vim # basic editing function
# lsof # for debugging issues unmounting disks for the copy/diff paths
yum_cached -c $cache -u -p $PKGDIR install \
haveged \
systemd \
openssh \
iptables \
e2fsprogs \
procps-ng \
iputils \
iproute2 \
iptables \
net-tools \
sudo \
tdnf \
vim \
gzip \
lsof \
logrotate \
photon-release \
-y --nogpgcheck
# https://www.freedesktop.org/wiki/Software/systemd/InitrdInterface/
touch $(rootfs_dir $PKGDIR)/etc/initrd-release
# Give a permission to vicadmin to run iptables.
echo "vicadmin ALL=NOPASSWD: /sbin/iptables --list" >> $(rootfs_dir $PKGDIR)/etc/sudoers
# ensure we're not including a cache in the staging bundle
# but don't update the cache bundle we're using to install
yum_cached -p $PKGDIR clean all
# configure us for autologin of root
#COPY override.conf $ROOTFS/etc/systemd/system/getty@.service.d/
# HACK until the issues with override.conf above are dealt with
pwhash=$(openssl passwd -1 -salt vic password)
sed -i -e "s/^root:[^:]*:/root:${pwhash}:/" $(rootfs_dir $PKGDIR)/etc/shadow
# Disable SSH by default - this can be enabled via guest operations
rm $(rootfs_dir $PKGDIR)/usr/lib/systemd/system/sshd@.service
rm $(rootfs_dir $PKGDIR)/etc/systemd/system/multi-user.target.wants/sshd.service
# Allow root login via ssh
sed -i -e "s/\#*PermitRootLogin\s.*/PermitRootLogin yes/" $(rootfs_dir $PKGDIR)/etc/ssh/sshd_config
# Disable root login
sed -i -e 's@:/bin/bash$@:/bin/false@' $(rootfs_dir $PKGDIR)/etc/passwd
# Allow chpasswd to change expired password when launched from vic-init
cp -f ${DIR}/appliance/chpasswd.pam $(rootfs_dir $PKGDIR)/etc/pam.d/chpasswd
# Allow chage to be used with expired password when launched from vic-init
cp -f ${DIR}/appliance/chage.pam $(rootfs_dir $PKGDIR)/etc/pam.d/chage
# package up the result
pack $PKGDIR $OUT

176
vendor/github.com/vmware/vic/isos/appliance-virtual-kubelet.sh generated vendored Executable file
View File

@@ -0,0 +1,176 @@
#!/bin/bash
# Copyright 2018 VMware, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This file should eventually be merged back into the main VIC appliance
# build process. Common code between the regular appliance build and the
# the extra-binary appliance build should be identified before merging.
# Build the appliance filesystem ontop of the base
# exit on failure and configure debug, include util functions
set -e && [ -n "$DEBUG" ] && set -x
DIR=$(dirname $(readlink -f "$0"))
. $DIR/base/utils.sh
function usage() {
echo "Usage: $0 -p staged-package(tgz) -b binary-dir -x binary-source -f binary-filename (inside the ISO) -o appliance-output-name" 1>&2
exit 1
}
while getopts "p:b:x:f:o:" flag
do
case $flag in
p)
# Required. Package name
PACKAGE="$OPTARG"
;;
b)
# Required. Target for iso and source for components
BIN="$OPTARG"
;;
x)
# Required. Source of the extra binary to add to the ISO
EXTRABIN="$OPTARG"
;;
f)
# Required. Filename of the extra binary inside the ISO
EXTRABIN_FILENAME="$OPTARG"
;;
o)
# Required. Filename of the target appliance ISO
APPLIANCE_OUTNAME="$OPTARG"
;;
*)
usage
;;
esac
done
shift $((OPTIND-1))
# check there were no extra args and the required ones are set
if [ ! -z "$*" -o -z "$PACKAGE" -o -z "${BIN}" ]; then
usage
fi
if [ -z "${EXTRABIN}" -o -z "${EXTRABIN_FILENAME}" -o -z "${APPLIANCE_OUTNAME}" ]; then
usage
fi
PKGDIR=$(mktemp -d)
# unpackage base package
unpack $PACKAGE $PKGDIR
#################################################################
# Above: arg parsing and setup
# Below: the image authoring
#################################################################
# sysctl
cp ${DIR}/appliance/sysctl.conf $(rootfs_dir $PKGDIR)/etc/
## systemd configuration
# create systemd vic target
cp ${DIR}/appliance/vic.target $(rootfs_dir $PKGDIR)/etc/systemd/system/
cp ${DIR}/appliance/*.service $(rootfs_dir $PKGDIR)/etc/systemd/system/
cp ${DIR}/appliance/*-setup $(rootfs_dir $PKGDIR)/etc/systemd/scripts
mkdir -p $(rootfs_dir $PKGDIR)/etc/systemd/system/vic.target.wants
ln -s /etc/systemd/system/vic-init.service $(rootfs_dir $PKGDIR)/etc/systemd/system/vic.target.wants/
ln -s /etc/systemd/system/nat.service $(rootfs_dir $PKGDIR)/etc/systemd/system/vic.target.wants/
ln -s /etc/systemd/system/permissions.service $(rootfs_dir $PKGDIR)/etc/systemd/system/vic.target.wants/
ln -s /lib/systemd/system/multi-user.target $(rootfs_dir $PKGDIR)/etc/systemd/system/vic.target.wants/
# disable networkd given we manage the link state directly
rm -f $(rootfs_dir $PKGDIR)/etc/systemd/system/multi-user.target.wants/systemd-networkd.service
rm -f $(rootfs_dir $PKGDIR)/etc/systemd/system/sockets.target.wants/systemd-networkd.socket
# Disable time synching. We'll use toolbox for this.
rm -f $(rootfs_dir $PKGDIR)/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service
# change the default systemd target to launch VIC
ln -sf /etc/systemd/system/vic.target $(rootfs_dir $PKGDIR)/etc/systemd/system/default.target
# do not use the systemd dhcp client
rm -f $(rootfs_dir $PKGDIR)/etc/systemd/network/*
cp ${DIR}/base/no-dhcp.network $(rootfs_dir $PKGDIR)/etc/systemd/network/
# do not use the default iptables rules - nat-setup supplants this
rm -f $(rootfs_dir $PKGDIR)/etc/systemd/network/*
#
# Set up component users
#
chroot $(rootfs_dir $PKGDIR) groupadd -g 1000 vicadmin
chroot $(rootfs_dir $PKGDIR) useradd -u 1000 -g 1000 -G systemd-journal -m -d /home/vicadmin -s /bin/false vicadmin
# Group vic should be used to run all VIC related services.
chroot $(rootfs_dir $PKGDIR) groupadd -g 1001 vic
chroot $(rootfs_dir $PKGDIR) usermod -a -G vic vicadmin
cp -R ${DIR}/vicadmin/* $(rootfs_dir $PKGDIR)/home/vicadmin
chown -R 1000:1000 $(rootfs_dir $PKGDIR)/home/vicadmin
# so vicadmin can read the system journal via journalctl
install -m 755 -d $(rootfs_dir $PKGDIR)/etc/tmpfiles.d
echo "m /var/log/journal/%m/system.journal 2755 root systemd-journal - -" > $(rootfs_dir $PKGDIR)/etc/tmpfiles.d/systemd.conf
chroot $(rootfs_dir $PKGDIR) mkdir -p /var/run/lock
chroot $(rootfs_dir $PKGDIR) chmod 1777 /var/run/lock
chroot $(rootfs_dir $PKGDIR) touch /var/run/lock/logrotate_run.lock
chroot $(rootfs_dir $PKGDIR) chown root:vic /var/run/lock/logrotate_run.lock
chroot $(rootfs_dir $PKGDIR) chmod 0660 /var/run/lock/logrotate_run.lock
## main VIC components
# tether based init
cp ${BIN}/vic-init $(rootfs_dir $PKGDIR)/sbin/vic-init
cp ${BIN}/{docker-engine-server,port-layer-server,vicadmin} $(rootfs_dir $PKGDIR)/sbin/
cp ${BIN}/unpack $(rootfs_dir $PKGDIR)/bin/
# Kubelet-starter
cp ${BIN}/kubelet-starter $(rootfs_dir $PKGDIR)/sbin/kubelet-starter
echo "pkgdir = " $PKGDIR
# Extra binaries
APPLIANCE_NAME=$(basename ${APPLIANCE_OUTNAME})
GS=$(echo ${EXTRABIN} | grep '^gs://' | cat)
if [ -n "$GS" ]; then
EXTRABIN_LATEST_BUILD="$(gsutil ls -l ${EXTRABIN} | grep -v TOTAL | sort -k2 -r | (trap ' ' PIPE; head -1))"
EXTRABIN_URL=$(echo ${EXTRABIN_LATEST_BUILD} | xargs | cut -d " " -f 3 | sed "s/gs:\/\//https:\/\/storage.googleapis.com\//")
wget -nv ${EXTRABIN_URL} -O ${BIN}/${EXTRABIN_FILENAME}
else
if [ -f ${EXTRABIN} ]; then
cp ${EXTRABIN} ${BIN}/${EXTRABIN_FILENAME}
else
echo "Error while adding extra file to the appliance ISO: file ${EXTRABIN} not found"
exit -1
fi
fi
cp ${BIN}/${EXTRABIN_FILENAME} $(rootfs_dir $PKGDIR)/sbin/
## Generate the ISO
# Select systemd for our init process
generate_iso $PKGDIR $BIN/${APPLIANCE_NAME} /lib/systemd/systemd

131
vendor/github.com/vmware/vic/isos/appliance.sh generated vendored Executable file
View File

@@ -0,0 +1,131 @@
#!/bin/bash
# Copyright 2016 VMware, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Build the appliance filesystem ontop of the base
# exit on failure and configure debug, include util functions
set -e && [ -n "$DEBUG" ] && set -x
DIR=$(dirname $(readlink -f "$0"))
. $DIR/base/utils.sh
function usage() {
echo "Usage: $0 -p staged-package(tgz) -b binary-dir" 1>&2
exit 1
}
while getopts "p:b:" flag
do
case $flag in
p)
# Required. Package name
PACKAGE="$OPTARG"
;;
b)
# Required. Target for iso and source for components
BIN="$OPTARG"
;;
*)
usage
;;
esac
done
shift $((OPTIND-1))
# check there were no extra args and the required ones are set
if [ ! -z "$*" -o -z "$PACKAGE" -o -z "${BIN}" ]; then
usage
fi
PKGDIR=$(mktemp -d)
# unpackage base package
unpack $PACKAGE $PKGDIR
#################################################################
# Above: arg parsing and setup
# Below: the image authoring
#################################################################
# sysctl
cp ${DIR}/appliance/sysctl.conf $(rootfs_dir $PKGDIR)/etc/
## systemd configuration
# create systemd vic target
cp ${DIR}/appliance/vic.target $(rootfs_dir $PKGDIR)/etc/systemd/system/
cp ${DIR}/appliance/*.service $(rootfs_dir $PKGDIR)/etc/systemd/system/
cp ${DIR}/appliance/*-setup $(rootfs_dir $PKGDIR)/etc/systemd/scripts
mkdir -p $(rootfs_dir $PKGDIR)/etc/systemd/system/vic.target.wants
ln -s /etc/systemd/system/vic-init.service $(rootfs_dir $PKGDIR)/etc/systemd/system/vic.target.wants/
ln -s /etc/systemd/system/nat.service $(rootfs_dir $PKGDIR)/etc/systemd/system/vic.target.wants/
ln -s /etc/systemd/system/permissions.service $(rootfs_dir $PKGDIR)/etc/systemd/system/vic.target.wants/
ln -s /lib/systemd/system/multi-user.target $(rootfs_dir $PKGDIR)/etc/systemd/system/vic.target.wants/
# disable networkd given we manage the link state directly
rm -f $(rootfs_dir $PKGDIR)/etc/systemd/system/multi-user.target.wants/systemd-networkd.service
rm -f $(rootfs_dir $PKGDIR)/etc/systemd/system/sockets.target.wants/systemd-networkd.socket
# Disable time synching. We'll use toolbox for this.
rm -f $(rootfs_dir $PKGDIR)/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service
# change the default systemd target to launch VIC
ln -sf /etc/systemd/system/vic.target $(rootfs_dir $PKGDIR)/etc/systemd/system/default.target
# do not use the systemd dhcp client
rm -f $(rootfs_dir $PKGDIR)/etc/systemd/network/*
cp ${DIR}/base/no-dhcp.network $(rootfs_dir $PKGDIR)/etc/systemd/network/
# do not use the default iptables rules - nat-setup supplants this
rm -f $(rootfs_dir $PKGDIR)/etc/systemd/network/*
#
# Set up component users
#
chroot $(rootfs_dir $PKGDIR) groupadd -g 1000 vicadmin
chroot $(rootfs_dir $PKGDIR) useradd -u 1000 -g 1000 -G systemd-journal -m -d /home/vicadmin -s /bin/false vicadmin
# Group vic should be used to run all VIC related services.
chroot $(rootfs_dir $PKGDIR) groupadd -g 1001 vic
chroot $(rootfs_dir $PKGDIR) usermod -a -G vic vicadmin
cp -R ${DIR}/vicadmin/* $(rootfs_dir $PKGDIR)/home/vicadmin
chown -R 1000:1000 $(rootfs_dir $PKGDIR)/home/vicadmin
# so vicadmin can read the system journal via journalctl
install -m 755 -d $(rootfs_dir $PKGDIR)/etc/tmpfiles.d
echo "m /var/log/journal/%m/system.journal 2755 root systemd-journal - -" > $(rootfs_dir $PKGDIR)/etc/tmpfiles.d/systemd.conf
chroot $(rootfs_dir $PKGDIR) mkdir -p /var/run/lock
chroot $(rootfs_dir $PKGDIR) chmod 1777 /var/run/lock
chroot $(rootfs_dir $PKGDIR) touch /var/run/lock/logrotate_run.lock
chroot $(rootfs_dir $PKGDIR) chown root:vic /var/run/lock/logrotate_run.lock
chroot $(rootfs_dir $PKGDIR) chmod 0660 /var/run/lock/logrotate_run.lock
## main VIC components
# tether based init
cp ${BIN}/vic-init $(rootfs_dir $PKGDIR)/sbin/vic-init
cp ${BIN}/{docker-engine-server,port-layer-server,vicadmin} $(rootfs_dir $PKGDIR)/sbin/
cp ${BIN}/unpack $(rootfs_dir $PKGDIR)/bin/
## Generate the ISO
# Select systemd for our init process
generate_iso $PKGDIR $BIN/appliance.iso /lib/systemd/systemd

13
vendor/github.com/vmware/vic/isos/appliance/chage.pam generated vendored Normal file
View File

@@ -0,0 +1,13 @@
#Begin /etc/pam.d/chage
# always allow root
auth sufficient pam_rootok.so
account sufficient pam_rootok.so
# include system defaults for session
session include system-session
# Always permit for authentication updates
password required pam_permit.so
# End /etc/pam.d/chage

11
vendor/github.com/vmware/vic/isos/appliance/chpasswd.pam generated vendored Normal file
View File

@@ -0,0 +1,11 @@
#Begin /etc/pam.d/chpasswd
# always allow root
auth sufficient pam_rootok.so
account sufficient pam_rootok.so
# include system defaults for session and password
session include system-session
password include system-password
# End /etc/pam.d/chpasswd

98
vendor/github.com/vmware/vic/isos/appliance/nat-setup generated vendored Executable file
View File

@@ -0,0 +1,98 @@
#!/bin/sh
# Begin /etc/systemd/scripts/iptables
# Insert connection-tracking modules
# (not needed if built into the kernel)
modprobe nf_conntrack
modprobe xt_LOG
# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# Enable broadcast echo Protection
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Disable Source Routed Packets
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/default/accept_source_route
# Enable TCP SYN Cookie Protection
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
# Disable ICMP Redirect Acceptance
echo 0 > /proc/sys/net/ipv4/conf/default/accept_redirects
# Do not send Redirect Messages
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
# Drop Spoofed Packets coming in on an interface, where responses
# would result in the reply going out a different interface.
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter
# be verbose on dynamic ip-addresses (not needed in case of static IP)
echo 2 > /proc/sys/net/ipv4/ip_dynaddr
# disable Explicit Congestion Notification
# too many routers are still ignorant
echo 0 > /proc/sys/net/ipv4/tcp_ecn
# add a routing table for traffic from bridge that is not destined
# for a local address
echo 201 bridge.out >> /etc/iproute2/rt_tables
ip rule add fwmark 1 table bridge.out
# blow away any existing rules with iptables-restore
iptables-restore <<RULES
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i bridge -m addrtype ! --dst-type LOCAL -j MARK --set-xmark 0x1/0xffffffff
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:VIC - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j VIC
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j VIC
-A POSTROUTING ! -o bridge -j MASQUERADE
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:VIC - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p udp -m udp --dport 68 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2375 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2376 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2377 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2378 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2380 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 6062 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 6063 -j ACCEPT
-A INPUT -i bridge -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i bridge -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
-A FORWARD -o bridge -j VIC
-A FORWARD -o bridge -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A VIC -i bridge -o bridge -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A VIC -i bridge -o bridge -j REJECT --reject-with icmp-port-unreachable
COMMIT
RULES

11
vendor/github.com/vmware/vic/isos/appliance/nat.service generated vendored Normal file
View File

@@ -0,0 +1,11 @@
[Unit]
Description=NAT setup for bridge network
After=iptables.service
[Service]
Type=oneshot
ExecStart=/etc/systemd/scripts/nat-setup
RemainAfterExit=yes
[Install]
WantedBy=vic.target

3
vendor/github.com/vmware/vic/isos/appliance/override.conf generated vendored Normal file
View File

@@ -0,0 +1,3 @@
[Service]
ExecStart=
ExecStart=-/usr/bin/agetty --autologin root --noclear %I $TERM

5
vendor/github.com/vmware/vic/isos/appliance/permissions-setup generated vendored Executable file
View File

@@ -0,0 +1,5 @@
#!/bin/sh
# Allow access to VM uuid for self-reflection
chmod 444 /sys/devices/virtual/dmi/id/product_serial
chmod 444 /sys/class/dmi/id/product_serial

11
vendor/github.com/vmware/vic/isos/appliance/permissions.service generated vendored Normal file
View File

@@ -0,0 +1,11 @@
[Unit]
Description=Modify file permissions for VIC target
After=basic.target
[Service]
Type=oneshot
ExecStart=/etc/systemd/scripts/permissions-setup
RemainAfterExit=yes
[Install]
WantedBy=vic.target

3
vendor/github.com/vmware/vic/isos/appliance/sysctl.conf generated vendored Normal file
View File

@@ -0,0 +1,3 @@
# enable gratuitous ARP on address changes
net.ipv4.conf.all.arp_notify = 1
net.ipv4.conf.default.arp_notify = 1

22
vendor/github.com/vmware/vic/isos/appliance/vic-init.service generated vendored Normal file
View File

@@ -0,0 +1,22 @@
[Unit]
Description=Init process for VIC components
After=permissions.service
[Service]
Type=idle
LimitAS=infinity
LimitRSS=infinity
LimitCORE=infinity
LimitNOFILE=65536
# This is not configured for restart as currently vic-init isn't able to
# reacquire knowledge about whether sessions are running.
# Instead there is a top level trigger to restart the VM - reverting to
# known good VM state
ExecStart=/sbin/vic-init
[Install]
WantedBy=vic.target
Wants=basic.target
Wants=multi-user.target

5
vendor/github.com/vmware/vic/isos/appliance/vic.target generated vendored Normal file
View File

@@ -0,0 +1,5 @@
[Unit]
Description=vSphere Integrated Containers
Requires=basic.target
After=basic.target
AllowIsolate=yes

90
vendor/github.com/vmware/vic/isos/base.sh generated vendored Executable file
View File

@@ -0,0 +1,90 @@
#!/bin/bash
# Copyright 2016 VMware, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Build the base of a bootable ISO
# exit on failure and configure debug, include util functions
set -e && [ -n "$DEBUG" ] && set -x
DIR=$(dirname $(readlink -f "$0"))
. $DIR/base/utils.sh
function usage() {
echo "Usage: $0 -p package-name(tgz) [-c yum-cache]" 1>&2
exit 1
}
while getopts "c:p:" flag
do
case $flag in
p)
# Required. Package name
PACKAGE="$OPTARG"
;;
c)
# Optional. Offline cache of yum packages
cache="$OPTARG"
;;
*)
usage
;;
esac
done
shift $((OPTIND-1))
# check there were no extra args and the required ones are set
if [ ! -z "$*" -o -z "$PACKAGE" ]; then
usage
fi
# prep the build system
ensure_apt_packages cpio rpm tar ca-certificates xz-utils
PKGDIR=$(mktemp -d)
# initialize the bundle
initialize_bundle $PKGDIR
# base filesystem setup
mkdir -p $(rootfs_dir $PKGDIR)/{etc/yum,etc/yum.repos.d}
ln -s /lib $(rootfs_dir $PKGDIR)/lib64
if [[ $DRONE_BUILD_NUMBER && $DRONE_BUILD_NUMBER > 0 ]]; then
cp $DIR/base/*-local.repo $(rootfs_dir $PKGDIR)/etc/yum.repos.d/
else
cp $DIR/base/*-remote.repo $(rootfs_dir $PKGDIR)/etc/yum.repos.d/
fi
cp $DIR/base/yum.conf $(rootfs_dir $PKGDIR)/etc/yum/
# install the core packages
yum_cached -c $cache -u -p $PKGDIR install filesystem coreutils linux-esx --nogpgcheck -y
# Issue 3858: find all kernel modules and unpack them and run depmod against that directory
find $(rootfs_dir $PKGDIR)/lib/modules -name "*.ko.xz" | xargs xz -d
KERNEL_VERSION=$(basename $(rootfs_dir $PKGDIR)/lib/modules/*)
chroot $(rootfs_dir $PKGDIR) depmod $KERNEL_VERSION
# strip the cache from the resulting image
yum_cached -c $cache -p $PKGDIR clean all
# move kernel into bootfs /boot directory so that syslinux could load it
mv $(rootfs_dir $PKGDIR)/boot/vmlinuz-* $(bootfs_dir $PKGDIR)/boot/vmlinuz64
# package up the result
pack $PKGDIR $PACKAGE

7
vendor/github.com/vmware/vic/isos/base/isolinux/boot.msg generated vendored Normal file
View File

@@ -0,0 +1,7 @@
__ _
__ ___ __ _____ ____ _ _ __ ___ / /_ _(_) ___
\ \ / / '_ ` _ \ \ /\ / / _` | '__/ _ \ / /\ \ / / |/ __|
\ V /| | | | | \ V V / (_| | | | __// / \ V /| | (__
\_/ |_| |_| |_|\_/\_/ \__,_|_| \___/_/ \_/ |_|\___|
Virtual Container Host

BIN
vendor/github.com/vmware/vic/isos/base/isolinux/isolinux.bin generated vendored Normal file
View File

Binary file not shown.

8
vendor/github.com/vmware/vic/isos/base/isolinux/isolinux.cfg generated vendored Normal file
View File

@@ -0,0 +1,8 @@
display boot.msg
default microcore
label microcore
kernel /boot/vmlinuz64
initrd /boot/core.gz
# append rdinit=_INIT_BINARY_ loglevel=3 console=ttyS1,115200n8 console=tty0 rcupdate.rcu_expedited=1 systemd.show_status=0 quiet noreplace-smp cpu_init_udelay=0 vsyscall=emulate
implicit 0
F1 boot.msg

5
vendor/github.com/vmware/vic/isos/base/no-dhcp.network generated vendored Normal file
View File

@@ -0,0 +1,5 @@
[Match]
Name=*
[Network]
DHCP=no

5
vendor/github.com/vmware/vic/isos/base/photon-local.repo generated vendored Normal file
View File

@@ -0,0 +1,5 @@
[photon]
name=VMware Photon Linux 1.0(x86_64)
baseurl=http://wdc-yum-builder-ci.eng.vmware.com/photon
gpgcheck=0
enabled=1

6
vendor/github.com/vmware/vic/isos/base/photon-remote.repo generated vendored Normal file
View File

@@ -0,0 +1,6 @@
[photon]
name=VMware Photon Linux 1.0(x86_64)
baseurl=https://vmware.bintray.com/photon_release_1.0_x86_64/
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY
gpgcheck=0
enabled=1

5
vendor/github.com/vmware/vic/isos/base/photon-updates-local.repo generated vendored Normal file
View File

@@ -0,0 +1,5 @@
[photon-updates]
name=VMware Photon Linux 1.0(x86_64)
baseurl=http://wdc-yum-builder-ci.eng.vmware.com/photon-updates
gpgcheck=0
enabled=1

6
vendor/github.com/vmware/vic/isos/base/photon-updates-remote.repo generated vendored Normal file
View File

@@ -0,0 +1,6 @@
[photon-updates]
name=VMware Photon Linux 1.0(x86_64)
baseurl=https://dl.bintray.com/vmware/photon_updates_1.0_x86_64
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY
gpgcheck=0
enabled=1

371
vendor/github.com/vmware/vic/isos/base/utils.sh generated vendored Executable file
View File

@@ -0,0 +1,371 @@
#!/bin/bash
# Copyright 2016 VMware, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# utility functions for staged authoring of ISOs
[ -n "$DEBUG" ] && set -x
BASE_DIR=$(dirname $(readlink -f "$BASH_SOURCE"))
if [ -z ${BUILD_NUMBER+x} ]; then
BUILD_NUMBER=0
fi
VERSION=`git describe --abbrev=0 --tags`-${BUILD_NUMBER}-`git rev-parse --short HEAD`
# initialize a directory with the assumptions we make for authoring
# 1: target directory
initialize_bundle() {
mkdir -p $1
# we copy the xorriso config template during init as it's part of the base directory
# - variable replacement occurs during generation step however
cp $BASE_DIR/xorriso-options.cfg $1/xorriso-options.cfg
mkdir -p $1/rootfs/var/lib/rpm $1/bootfs/boot
rpm --root=$1/rootfs --initdb
cp -a $BASE_DIR/isolinux $1/bootfs/boot/isolinux
}
# unpackage working ISO filesystem bundle
# args:
# 1: package (tar archive) - created by pack()
# 2: directory to unpack to
unpack() {
mkdir -p $2 || {
echo "Unable to create target directory $2 for unpacking: $?" 1>&2
return 1
}
tar -C $2 -xf $1 || {
echo "Error extracting package archive $1: $?" 1>&2
return 2
}
# record the correct file ownerships and permissions if we cannot restore them
if [ "$(id -u)" != "0" ]; then
# for now we're just going to fail when this is run as non-root
echo "Unable to preserve ownership or permissions - run as root" 1>&2
return 3
# Leaving this in here for later reference - successfully restored permissions at
# boot time via a manifest and systemd unit but want to try to do so during build
# time if possible
echo "Storing correct file ownership and permissions restoration" 1>&2
# we need to chain these permission files, because when the archive is retarred
# we can no longer rely on tar tvf to supply the correct permissions.
# FILO because repeated non-superuser unpacks/pack cycles will trample attrs otherwise
if [ -e $2/tar-attr.cfg ]; then
mv $2/tar-attr.cfg $2/tar-attr.cfg~
fi
tar_attr_to_cmd $1 rootfs > $2/tar-attr.cfg || {
echo "Failed to preserve file owner and permissions - run as root to avoid this step: $?" 1>&2
return 4
}
# make those FI options, LO in the file
if [ -e $2/tar-attr.cfg~ ]; then
cat $2/tar-attr.cfg~ >> $2/tar-attr.cfg
rm -f $2/tar-attr.cfg~
fi
elif [ -e $2/tar-attr.cfg ]; then
# restore the recorded attributes
( cd $2/rootfs && . ../tar-attr.cfg ) || {
echo "Failed to restore file permissions from manifest: $?" 1>&2
return 5
}
fi
}
# package up bundle
# 1: bundle base directory
# 2: target package (tgz)
pack() {
#subshell so we don't end up with ./ leading all names
out=$(readlink -f $2)
(
cd $1
tar -zcf $out rootfs bootfs xorriso* || {
echo "Failed to package bundle directory: $?" 1>&2
return 1
}
)
if [ -z "$DEBUG" ]; then
rm -fr $1
fi
}
# turn the permissions and owner/group info into xorriso options
# 1: the archive to process
# 2: the subdir in the archive to restrict output to
tar_attr_to_xorriso() {
tar --numeric-owner -tvf $1 "$2" | awk -v prefix="$2" '
function convertId(id, type)
{
idcmd="id -" type " "id
idcmd | getline nid
close(idcmd)
return nid
}
function txt2octal(txt)
{
# this is used to convert between text perms and octal
v["r1"]=400; v["w2"]=200; v["x3"]=100; v["s3"]=4100; v["S3"]=4000
v["r4"]=40 ; v["w5"]=20 ; v["x6"]=10 ; v["s6"]=2010; v["S6"]=2000
v["r7"]=4 ; v["w8"]=2 ; v["x9"]=1 ; v["t9"]=1001; v["T9"]=1000
val=0
for (i=1; i<=9; i++)
val=val+v[substr(txt, i+1, 1)i]
return val
}
BEGIN {
}
/^[^l]/ {
# assemble the permissions mdoe
val=txt2octal($0)
# make our commands relative
sub(prefix, "." , $6)
# translate to numeric ids from textual
split($2, owner, "/")
uid=owner[1]
gid=owner[2]
# convert to numeric
# uid=convertId(uid,"u")
# gid=convertId(gid,"g")
chown[uid]=chown[uid]" "$6
chgrp[gid]=chgrp[gid]" "$6
chmod[val]=chmod[val]" "$6
}
END {
for (uid in chown)
print "chown", uid, chown[uid]
for (gid in chgrp)
print "chgrp", gid, chgrp[gid]
for (mode in chmod)
printf "chmod %4d %s\n", mode, chmod[mode]
}'
return $?
}
# Helper to ensure, if possible, that the specified packages are installed
# ...: space separted list of packages
ensure_apt_packages() {
local install
# ensure we've got the utils we need
for pkg in "$@"; do
dpkg -s $pkg >/dev/null 2>&1 || install="$install $pkg"
done
if [ -n "$install" ]; then
if [ "$(id -u)" != "0" ]; then
echo "Need to install packages - rerun as root" 1>&2
echo "packages: $install" 1>&2
return 1
fi
# try without update first
echo "Installing necessary packages: $install"
apt-get -y install $install >/dev/null 2>&1 || {
(apt-get update && apt-get -y install $install) || {
echo "Failed to install $install packages: $?" 1>&2
return 1
}
}
fi
}
# build an ISO from the specified bundle directory.
# 1: bundle base directory
# 2: output file for ISO image - stdio:/dev/fd/1 can be used for stdout
# 3: init binary to use
generate_iso() {
[ -n "$3" ] || {
echo "Init binary must be specified to generate_iso" 1>&2
return 1
}
ensure_apt_packages cpio xorriso || {
echo "cpio and xorriso packages must be installed for ISO authoring: $?" 1>&2
return 1
}
out=$(readlink -f $2)
# subshell to avoid changing directory for invoker in failure cases
(
# operate relative to the package
cd $1
test -r bootfs/boot/isolinux/isolinux.bin -a -w bootfs/boot/isolinux/isolinux.cfg || {
echo "isolinux files must exist in $1/boot/isolinux: $?" 1>&2
return 2
}
# ensure the target init exists
test -x rootfs/$3 || {
echo "Specified init ($3) does not exist or is not executable: $?" 1>&2
return 3
}
# set the init binary in isolinux.cfg
sed -i -e "s|^#\(\s*append rdinit\)=_INIT_BINARY_|\1=$3|" bootfs/boot/isolinux/isolinux.cfg || {
echo "Unable to update rdinit entry in isolinux.cfg: $?" 1>&2
return 4
}
# create the initramfs archive - subshell to avoid changing directory
echo "Constructing initramfs archive"
( cd rootfs && find | cpio -o -H newc | gzip --fast ) > bootfs/boot/core.gz || {
echo "Failed to package root filesystem from $1/rootfs: $?" 1>&2
return 5
}
echo "Embedding build version ${VERSION} (use BUILD_NUMBER environment variable to override)"
sed -i -e "s/\${VERSION}/${VERSION}/" xorriso-options.cfg
# deleting the file first seems to be necessary in some cases
rm -f "$out"
# generate the ISO and write it to $ISOOUT
xorriso -dev "$out" -options_from_file xorriso-options.cfg || {
echo "Failed to generate ISO file from package: $?" 1>&2
return 6
}
)
return
}
# Support use of yum cached packages with installroot
# This has been written to use getopts to:
# a. allow the cache to be optional
# b. as a reference for other functions
yum_cached() {
usage() { echo "Usage: yum_cached [-c yum-cache(tgz)] [-u (update cache if present)] -p package-dir <options>" 1>&2; }
# must ensure OPTIND is local, along with any set by processing
local OPTIND flag cache update INSTALLROOT cmds
while getopts "c:up:a:" flag; do
case $flag in
c)
# Optional. Cache name (tgz)
cache="$OPTARG"
;;
u)
# Optional. Update cache after running command
update="true"
;;
p)
# Required. Package directory
PKGDIR="$OPTARG"
INSTALLROOT=$(rootfs_dir $PKGDIR)
;;
*)
usage
return 1
;;
esac
done
shift $((OPTIND-1))
cmds="$*"
# check there were no extra args and the required ones are set to sane values
[ -e "$PKGDIR" ] || {
echo "Specified package directory must exist" 1>&2
return 1
}
# bundle specific - if we're cleaning the cache and we want it all gone
# $1 because of the shift after getopts
if [ "$1" == "clean" -a "$2" == "all" ]; then
rm -fr ${INSTALLROOT}/var/cache/yum/*
else
# do this before we bother unpacking the cache
ensure_apt_packages yum || {
echo "cpio and xorriso packages must be installed for ISO authoring: $?" 1>&2
return 2
}
# unpack cache
if [ -n "${cache}" -a -e "${cache}" ]; then
echo "Unpacking yum cache into ${INSTALLROOT}"
tar -C ${INSTALLROOT} -zxf $cache || {
echo "Unpacking yum cache $cache failed: $?" 1>&2
return 3
}
fi
/usr/bin/yum --installroot $INSTALLROOT $ACTION $cmds || {
echo "Error while running yum command \"$cmds\": $?" 1>&2
return 4
}
fi
# repack cache
if [ -n "$update" -a -n "${cache}" -a -d ${INSTALLROOT}/var/cache/yum ]; then
tar -C ${INSTALLROOT} -zcf $cache var/cache/yum
fi
}
# Runs a command in the rootfs of the specified bundle. This prevents callers from needing
# to know about internal bundle structure
# 1: bundle directory
# ...: command and args
rootfs_cmd() {
(
cd $1/rootfs || {
echo "Specified directory $1 doesn't contain expected rootfs directory" 1>&2
return 1
}
shift 1
cmd=$1
shift 1
$cmd "$@" || return $?
)
}
# Echos the full path of the root filesystem, given the bundle directory
# 1: bundle directory
rootfs_dir() {
echo $1/rootfs
}
# Echos the full path of the boot filesystem, given the bundle directory
# 1: bundle directory
bootfs_dir() {
echo $1/bootfs
}

3
vendor/github.com/vmware/vic/isos/base/xorriso-options.cfg generated vendored Normal file
View File

@@ -0,0 +1,3 @@
publisher 'VMware Inc. ${VERSION}'
map bootfs /
boot_image isolinux dir=/boot/isolinux

12
vendor/github.com/vmware/vic/isos/base/yum.conf generated vendored Normal file
View File

@@ -0,0 +1,12 @@
[main]
cachedir=/var/cache/yum
keepcache=1
debuglevel=1
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum/repos.d

119
vendor/github.com/vmware/vic/isos/bootstrap-staging.sh generated vendored Executable file
View File

@@ -0,0 +1,119 @@
#!/bin/bash
# Copyright 2016 VMware, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Build the bootstrap filesystem ontop of the base
# exit on failure
set -e
if [ -n "$DEBUG" ]; then
set -x
fi
DIR=$(dirname $(readlink -f "$0"))
. $DIR/base/utils.sh
function usage() {
echo "Usage: $0 -c yum-cache(tgz) -p base-package(tgz) -o output-package(tgz) -d <activates debug when set>" 1>&2
exit 1
}
while getopts "c:p:o:d:" flag
do
case $flag in
p)
# Required. Package name
package="$OPTARG"
;;
o)
# Required. Target for iso and source for components
OUT="$OPTARG"
;;
d)
# Optional. directs script to make a debug iso instead of a production iso.
debug='$OPTARG'
;;
c)
# Optional. Offline cache of yum packages
cache="$OPTARG"
;;
*)
usage
;;
esac
done
shift $((OPTIND-1))
# check there were no extra args and the required ones are set
if [ ! -z "$*" -o -z "$package" -o -z "${OUT}" ]; then
usage
fi
#################################################################
# Above: arg parsing and setup
# Below: the image authoring
#################################################################
PKGDIR=$(mktemp -d)
unpack $package $PKGDIR
if [ -v debug ]; then
# These are the packages we install to create an interactive bootstrapVM
# Install bootstrap base packages
#
# packages list here
# tndf # allows package install during debugging.
# vim # basic editing function for debugging.
yum_cached -c $cache -u -p $PKGDIR install \
bash \
shadow \
tdnf \
vim \
-y --nogpgcheck
# HACK until the issues with override.conf above are dealt with
pwhash=$(openssl passwd -1 -salt vic password)
sed -i -e "s/^root:[^:]*:/root:${pwhash}:/" $(rootfs_dir $PKGDIR)/etc/shadow
fi
# Install bootstrap base packages
#
# List stable packages here
# iproute2 # for ip
# libtirpc # due to a previous package reliance on rpc
#
yum_cached -c $cache -u -p $PKGDIR install \
haveged \
systemd \
iptables \
runc \
-y --nogpgcheck
# https://www.freedesktop.org/wiki/Software/systemd/InitrdInterface/
touch $(rootfs_dir $PKGDIR)/etc/initrd-release
# ensure we're not including a cache in the staging bundle
# but don't update the cache bundle we're using to install
yum_cached -p $PKGDIR clean all
# package up the result
pack $PKGDIR $OUT

102
vendor/github.com/vmware/vic/isos/bootstrap.sh generated vendored Executable file
View File

@@ -0,0 +1,102 @@
#!/bin/bash
# Copyright 2016 VMware, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Build the bootstrap filesystem ontop of the base
# exit on failure
set -e
if [ -n "$DEBUG" ]; then
set -x
fi
DIR=$(dirname $(readlink -f "$0"))
. $DIR/base/utils.sh
function usage() {
echo "Usage: $0 -p staged-package(tgz) -b binary-dir -d <activates debug when set>" 1>&2
exit 1
}
while getopts "p:b:d:" flag
do
case $flag in
p)
# Required. Package name
package="$OPTARG"
;;
b)
# Required. Target for iso and source for components
BIN="$OPTARG"
;;
d)
# Optional. directs script to make a debug iso instead of a production iso.
debug="$OPTARG"
;;
*)
usage
;;
esac
done
shift $((OPTIND-1))
# check there were no extra args and the required ones are set
if [ ! -z "$*" -o -z "$package" -o -z "${BIN}" ]; then
usage
fi
#################################################################
# Above: arg parsing and setup
# Below: the image authoring
#################################################################
PKGDIR=$(mktemp -d)
unpack $package $PKGDIR
#selecting the init script as our entry point.
if [ -v debug ]; then
export ISONAME="bootstrap-debug.iso"
cp ${DIR}/bootstrap/bootstrap.debug $(rootfs_dir $PKGDIR)/bin/bootstrap
cp ${BIN}/rpctool $(rootfs_dir $PKGDIR)/sbin/
else
export ISONAME="bootstrap.iso"
cp ${DIR}/bootstrap/bootstrap $(rootfs_dir $PKGDIR)/bin/bootstrap
fi
# copy in our components
cp ${BIN}/tether-linux $(rootfs_dir $PKGDIR)/bin/tether
# kick off our components at boot time
mkdir -p $(rootfs_dir $PKGDIR)/etc/systemd/system/vic.target.wants
cp ${DIR}/bootstrap/tether.service $(rootfs_dir $PKGDIR)/etc/systemd/system/
cp ${DIR}/appliance/vic.target $(rootfs_dir $PKGDIR)/etc/systemd/system/
ln -s /etc/systemd/system/tether.service $(rootfs_dir $PKGDIR)/etc/systemd/system/vic.target.wants/
ln -sf /etc/systemd/system/vic.target $(rootfs_dir $PKGDIR)/etc/systemd/system/default.target
# disable networkd given we manage the link state directly
rm -f $(rootfs_dir $PKGDIR)/etc/systemd/system/multi-user.target.wants/systemd-networkd.service
rm -f $(rootfs_dir $PKGDIR)/etc/systemd/system/multi-user.target.wants/systemd-resolved.service
rm -f $(rootfs_dir $PKGDIR)/etc/systemd/system/sockets.target.wants/systemd-networkd.socket
# do not use the systemd dhcp client
rm -f $(rootfs_dir $PKGDIR)/etc/systemd/network/*
cp ${DIR}/base/no-dhcp.network $(rootfs_dir $PKGDIR)/etc/systemd/network/
generate_iso $PKGDIR $BIN/$ISONAME /lib/systemd/systemd

164
vendor/github.com/vmware/vic/isos/bootstrap/bootstrap generated vendored Executable file
View File

@@ -0,0 +1,164 @@
#!/bin/bash
set -x
echo 1 > /proc/sys/net/ipv4/conf/all/arp_notify
echo 1 > /proc/sys/net/ipv4/conf/default/arp_notify
echo "Loading drivers"
drivers=("vmxnet3" \
"nfnetlink" \
"iptable_filter" \
"xt_conntrack" \
"nf_nat_redirect" \
"xt_REDIRECT" \
"nf_nat_ipv4" \
"iptable_nat" \
"nf_conntrack" \
"nf_conntrack_ipv4" \
"nf_defrag_ipv4" \
"ipt_REJECT"\
"nf_reject_ipv4"\
"nfsv3")
for i in ${drivers[@]}; do
/usr/sbin/modprobe $i
done
# Create VIC chain
iptables -N VIC
# Set the default policy on all chains to drop traffic
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# Direct any incoming/outgoing traffic immediately to VIC chain
iptables -A INPUT -j VIC
iptables -A OUTPUT -j VIC
# Always allow traffic on loopback interface
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A FORWARD -i lo -o lo -j ACCEPT
echo "Waiting for disks to present by label"
until [[ $(ls -1 /dev/disk/by-label | wc -l) -eq $(ls -1 /sys/block | wc -l) ]]; do sleep 0.1;done
if [[ $(ls -1 /dev/disk/by-path/*scsi* | wc -l) -ne $(ls -1 /dev/disk/by-id/*scsi* | wc -l) ]]; then
echo "Multi-image mode"
# this can and should be removed in favour of a more customized config approach
# for now we set up the initramfs to look like the containerfs
mkdir -p ${MOUNTPOINT}/.tether/{etc,lib,lib64,usr,run,sbin}
mount --bind /lib /.tether/lib
mount --bind /lib64 /.tether/lib64
mount --bind /usr /.tether/usr
mount --bind /run /.tether/run
mount --bind /sbin /.tether/sbin
# this one shouldn't be needed and wasn't for a while - unclear why that cahnged and we suddenly have a symlink to it from /etc/resolv.conf.
# have tried ensuring the target of the symlink exists, but we just get "does not exist" later (something deleting it maybe?)
rm -f /etc/resolv.conf
touch /etc/{hostname,hosts,resolv.conf}
touch /.tether/etc/{hostname,hosts,resolv.conf}
ln -s /usr/sbin/haveged /.tether/
ln -s /sbin/*tables* /.tether/
# here for now, but should move into tether to support any kind of hotadd/run-in-pod logic
for i in /dev/disk/by-label/*; do
target=/mnt/images/$(basename $i)/rootfs
mkdir -p $target
mount $i $target
# support normal process/system tool operation in the chroot
mkdir -p ${target}/{proc,sys,dev}
mount --bind /proc $target/proc
mount --bind /sys $target/sys
mount --bind /dev $target/dev
done
echo "Starting tether"
exec /bin/tether
# will never run past here due to exec
fi
MOUNTPOINT="/mnt/containerfs"
mkdir -p ${MOUNTPOINT}
# the ID here is the ddb.uuid from the vmdk descriptor. It is set in lib/tether/shared/constants.go
# ideally this would be moved to somewhere it does not need to be kept in sync manually.
# TODO: this needs testing with additional scsi controllers and an understanding as to what that
# 6000 prefix actually entails
ROOTFS="/dev/disk/by-id/wwn-0x60002233445566778899aabbccddeeff"
echo "Waiting for rootfs"
# https://github.com/vmware/vic/issues/6379
# grab dmesg output and dump to debug log if mount doesn't occur in a useful timeframe (2min)
if timeout --signal=KILL 2m mount -t ext4 ${ROOTFS} ${MOUNTPOINT}; then
# ensure mountpoint exists
mkdir -p ${MOUNTPOINT}/.tether
# ensure that no matter what we have access to required devices
# WARNING WARNING WARNING WARNING WARNING
# if the tmpfs is not large enough odd hangs can occur and the ESX event log will
# report the guest disabling the CPU
mount -t tmpfs -o size=64m tmpfs ${MOUNTPOINT}/.tether/
# enable full system functionality in the container
ln -s lib64 ${MOUNTPOINT}/.tether/lib
mkdir -p ${MOUNTPOINT}/.tether/{lib64,usr/lib/iptables,run}
echo "Publishing modules within container"
mkdir -p ${MOUNTPOINT}/lib/modules
mkdir -p ${MOUNTPOINT}/.tether/lib/modules
mount --bind ${MOUNTPOINT}/.tether/lib/modules ${MOUNTPOINT}/lib/modules
cp -pr /lib/modules/* ${MOUNTPOINT}/lib/modules/
# switch to the new root
echo "prepping for switch to container filesystem"
cp /bin/tether ${MOUNTPOINT}/.tether/tether
echo 'tether tmpfs size before copying libraries: '
df -k ${MOUNTPOINT}/.tether
# ldd of xtables-multi yields the following list of libraries we need to
# copy into our initrd. We need these binaries in order to call iptables
#
# before the switch-root. linux-vdso.so.1 (0x00007ffc94d0d000)
# libip4tc.so.0 => /baz/lib/libip4tc.so.0 (0x00007f97fc721000)
# libip6tc.so.0 => /baz/lib/libip6tc.so.0 (0x00007f97fc519000)
# libxtables.so.11 => /baz/lib/libxtables.so.11 (0x00007f97fc30c000)
# libm.so.6 => /lib64/libm.so.6 (0x00007f97fc00e000)
# libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f97fbdf7000)
# libc.so.6 => /baz/lib/libc.so.6 (0x00007f97fba53000)
# libdl.so.2 => /baz/lib/libdl.so.2 (0x00007f97fb84f000)
# /lib64/ld-linux-x86-64.so.2 (0x00007f97fc929000)
cp -a /sbin/*tables* ${MOUNTPOINT}/.tether/
cp -a /lib/libm.* /lib/libm-* /lib/libgcc_s* /lib/libip*tc* /lib/libxtables* /lib/libdl* /lib/libc.so* /lib/libc-* ${MOUNTPOINT}/.tether/lib
cp -a /lib64/ld-* ${MOUNTPOINT}/.tether/lib64
cp -r /usr/lib/iptables ${MOUNTPOINT}/.tether/usr/lib/
cp /lib/libhavege.so.1 ${MOUNTPOINT}/.tether/lib
cp /usr/sbin/haveged ${MOUNTPOINT}/.tether/
echo 'tether tmpfs size after copying libraries: '
df -k ${MOUNTPOINT}/.tether
until [[ $(ls -1 /dev/disk/by-label | wc -l) -eq $(ls -1 /sys/block | wc -l) ]]; do sleep 0.1;done
echo "switching to the new mount"
systemctl switch-root ${MOUNTPOINT} /.tether/tether 2>&1
echo "switched to the new mount"
else
# TODO: what do we do here? we really need to somehow report an error
# fail hard
echo "Unable to chroot into container filesystem"
# dump dmesg data in case there's a system problem injecting or loading the root filesystem
dmesg
# because dmesg is long and will wrap over console
echo "dmesg dump due to root filesystem mount failure"
fi
# Shut the system down
systemctl poweroff

65
vendor/github.com/vmware/vic/isos/bootstrap/bootstrap.debug generated vendored Executable file
View File

@@ -0,0 +1,65 @@
#!/bin/bash
MOUNTPOINT="/mnt/containerfs"
mkdir -p /mnt/containerfs
# see if we should bail to the bootstrap or pivot into the container
# do this before the fork so we don't have a backdoor call in the hot path
# NOTE: this is moved after the fork during debugging so we can chose on a per VM basis
SHELL=`/sbin/rpctool -get bootstrap-shell 2>/dev/null`
echo "Waiting for rootfs"
while [ ! -e /dev/disk/by-label/containerfs ]; do :;done
if mount -t ext4 /dev/disk/by-label/containerfs ${MOUNTPOINT}; then
# make the required directory structure, but presume that something in the daemon
# has done the *right* thing for /.tether* and created them where it won't show in a diff
# we do this to ensure that subsequent commands don't fail if the daemon hasn't prepped
# the structure
mkdir -p ${MOUNTPOINT}/.tether ${MOUNTPOINT}/.tether-init
# ensure that no matter what we have access to required devices
# WARNING WARNING WARNING WARNING WARNING
# if the tmpfs is not large enough odd hangs can occur and the ESX event log will
# report the guest disabling the CPU
mount -t tmpfs -o size=128m tmpfs ${MOUNTPOINT}/.tether/
# if we don't have a populated init layer, pull from guestinfo
if [ ! -f ${MOUNTPOINT}/.tether-init/docker-id ]; then
mount -t tmpfs -o size=1m tmpfs ${MOUNTPOINT}/.tether-init/
# create the assumed structure
# TODO: this cannot be in guest and still not show up in diffs
mkdir -p ${MOUNTPOINT}/dev ${MOUNTPOINT}/proc ${MOUNTPOINT}/sys ${MOUNTPOINT}/etc
# ln -sf /proc/mounts ${MOUNTPOINT}/etc/mtab
touch ${MOUNTPOINT}/etc/hostname
touch ${MOUNTPOINT}/etc/hosts
touch ${MOUNTPOINT}/etc/resolv.conf
fi
# this is so we're not exposing the raw container disk if we wouldn't be otherwise
# rm -f /mnt/.tether/volumes/containerfs
# enable full system functionality in the container
echo "Publishing modules within container"
mkdir -p ${MOUNTPOINT}/lib/modules
mount --bind /lib/modules ${MOUNTPOINT}/lib/modules
# switch to the new root
echo "prepping for switch to container filesystem"
cp /bin/tether ${MOUNTPOINT}/.tether/tether-debug
echo "switching to the new mount"
if [ "$SHELL" != "true" ]; then
systemctl switch-root ${MOUNTPOINT} /.tether/tether-debug 2>&1
else
systemctl switch-root ${MOUNTPOINT} /bin/sh 2>&1
# fail back to shell in bootstrap image without switch_root
/bin/ash
fi
else
# TODO: what do we do here? we really need to somehow report an error
# fail hard
echo "Unable to chroot into container filesystem"
fi

10
vendor/github.com/vmware/vic/isos/bootstrap/tether.service generated vendored Normal file
View File

@@ -0,0 +1,10 @@
[Unit]
Description=Tether
After=basic.target
[Service]
Type=idle
ExecStart=/bin/sh -c '/bin/bootstrap >/dev/ttyS1 2>&1'
[Install]
WantedBy=vic.target

5
vendor/github.com/vmware/vic/isos/bootstrap/vic.target generated vendored Normal file
View File

@@ -0,0 +1,5 @@
[Unit]
Description=vSphere Integrated Containers
Requires=basic.target
After=basic.target
AllowIsolate=yes

63
vendor/github.com/vmware/vic/isos/vicadmin/auth.html generated vendored Normal file
View File

@@ -0,0 +1,63 @@
<!DOCTYPE html>
<html itemscope="" itemtype="http://schema.org/Organization" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>VCH Admin</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0">
<meta content="yes" name="apple-mobile-web-app-capable">
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
<!-- Styles -->
<link rel="stylesheet" href="css/clarity-ui.min.css">
<link rel="stylesheet" href="css/fontello.css">
<link rel="stylesheet" href="css/style.css">
</head>
<body id="body" class="page-community layout-community">
<div class="main-nav">
<header class="header">
<div class="branding">
<a href="http://www.vmware.com"><img src="images/vmw-logo.svg" class="logo"></a>
<span class="title">vSphere Integrated Containers</span>
</div>
<a role="button" class="github btn btn-primary" href="http://www.github.com/vmware/vic">
<i class="icon-github-circled" style="vertical-align: middle;"></i>
View on Github
</a>
</header>
</div>
<div class="main-container">
<main class="content-area">
<section>
<div class="row ">
<div class="col-md-6 center">
<div class="card card-block text-xs-center">
<h2 class="card-title">{{.Hostname}} Login</h2>
<h3 class="error-message"> {{.InvalidLogin}}</h3>
<form method="post">
<label for="username">vSphere or ESXi Username:</label>
<input type="text" name="username" autofocus><br />
<label for="password">vSphere or ESXi Password:</label>
<input type="password" name="password" autocomplete="off"><br /><br/>
<input type="submit" value="Log in">
</form>
</div>
<div class="card card-block text-xs-center">
<p class="card-text">Appliance System Time: {{.SystemTime}}</p>
</div>
</div>
</div>
</section>
</main>
</div>
</body>
</html>

79
vendor/github.com/vmware/vic/isos/vicadmin/css/clarity-ui.min.css generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

61
vendor/github.com/vmware/vic/isos/vicadmin/css/fontello.css generated vendored Executable file
View File

@@ -0,0 +1,61 @@
@font-face {
font-family: 'fontello';
src: url('/fonts/fontello.eot?26878433');
src: url('/fonts/fontello.eot?26878433#iefix') format('embedded-opentype'),
url('/fonts/fontello.woff2?26878433') format('woff2'),
url('/fonts/fontello.woff?26878433') format('woff'),
url('/fonts/fontello.ttf?26878433') format('truetype'),
url('/fonts/fontello.svg?26878433#fontello') format('svg');
font-weight: normal;
font-style: normal;
}
/* Chrome hack: SVG is rendered more smooth in Windows. 100% magic, uncomment if you need it. */
/* Note, that will break hinting! In other OS-es font will be not as sharp as it could be */
/*
@media screen and (-webkit-min-device-pixel-ratio:0) {
@font-face {
font-family: 'fontello';
src: url('/fonts/fontello.svg?26878433#fontello') format('svg');
}
}
*/
[class^="icon-"]:before, [class*=" icon-"]:before {
font-family: "fontello";
font-style: normal;
font-weight: normal;
speak: none;
display: inline-block;
text-decoration: inherit;
width: 1em;
margin-right: .2em;
text-align: center;
/* opacity: .8; */
/* For safety - reset parent styles, that can break glyph codes*/
font-variant: normal;
text-transform: none;
/* fix buttons height, for twitter bootstrap */
line-height: 1em;
/* Animation center compensation - margins should be symmetric */
/* remove if not needed */
margin-left: .2em;
/* you can be more comfortable with increased icons size */
/* font-size: 120%; */
/* Font smoothing. That was taken from TWBS */
-webkit-font-smoothing: antialiased;
-moz-osx-font-smoothing: grayscale;
/* Uncomment for 3D effect */
/* text-shadow: 1px 1px 1px rgba(127, 127, 127, 0.3); */
}
.icon-ok:before { content: '\e800'; } /* '' */
.icon-attention:before { content: '\e801'; } /* '' */
.icon-github-circled:before { content: '\f09b'; } /* '' */
.icon-logout:before { content: '\f08b'; }

22
vendor/github.com/vmware/vic/isos/vicadmin/css/style.css generated vendored Normal file
View File

@@ -0,0 +1,22 @@
.main-nav .header {background-color: #004A70;}
.header .github {position: absolute; right:18px; top:6px;}
.header .logout {position: absolute; right:210px; top:6px}
.header .icon-github-circled {font-size:20px}
.header .icon-logout {font-size:20px}
section {width: 100%; padding-left: 24px; padding-right: 24px; max-width: 1056px; margin: 0 auto; padding-top: 24px;}
.community-top-section {padding-top: 0;}
.card .row {margin:0 18px 10px;}
.sixty {width:60%; margin-right:5px;}
.forty {width:35%;}
.center{ float:none; margin-left:auto; margin-right:auto;}
.right {float:right; margin-right:18px;}
li .right {margin-right:120px}
.icon-ok {color:#62A420;}
.icon-attention {color:#EB8D00;}
.error-message {color:#c92100; font-size:12px; line-height:12px; display:block; margin-bottom:8px;}
form {padding-top:0;}

130
vendor/github.com/vmware/vic/isos/vicadmin/dashboard.html generated vendored Normal file
View File

@@ -0,0 +1,130 @@
<!DOCTYPE html>
<!-- saved from url=(0030)http://10.20.232.35/community/ -->
<html itemscope="" itemtype="http://schema.org/Organization" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>VIC: {{.Hostname}}</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0">
<meta content="yes" name="apple-mobile-web-app-capable">
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
<!-- Styles -->
<link rel="stylesheet" href="css/clarity-ui.min.css">
<link rel="stylesheet" href="css/fontello.css">
<link rel="stylesheet" href="css/style.css">
</head>
<body id="body" class="page-community layout-community">
<div class="main-nav">
<header class="header">
<div class="branding">
<a href="http://www.vmware.com"><img src="images/vmw-logo.svg" class="logo"></a>
<span class="title">vSphere Integrated Containers</span>
</div>
<a role="button" class="github btn btn-primary" href="http://www.github.com/vmware/vic">
<i class="icon-github-circled" style="vertical-align: middle;"></i>
View on Github
</a>
<a role="button" class="logout btn btn-primary" href="/logout">
Log Out
</a>
</header>
</div>
<div class="main-container">
<main class="content-area">
<section class="community-top-section">
<h1 id="community">Admin Portal for {{.Hostname}} </h1>
<h4 id="community">{{.Version}}</h4>
</section>
<section>
<div class="row">
<div class="col-md-6">
<div class="card card-block">
<h3 class="card-title">Status</h3>
<div class="row">
<div class="sixty">Virtual Container Host (VCH){{.VCHIssues}}</div>
<div class="forty">{{.VCHStatus}}</div>
</div>
<div class="row">
<div class="sixty">Registry and Internet Connectivity{{.NetworkIssues}}</div>
<div class="forty">{{.NetworkStatus}}</div>
</div>
{{if .VCHReachable}}
<div class="row">
<div class="sixty">Firewall{{.FirewallIssues}}</div>
<div class="forty">{{.FirewallStatus}}</div>
</div>
<div class="row">
<div class="sixty">License{{.LicenseIssues}}</div>
<div class="forty">{{.LicenseStatus}}</div>
</div>
{{end}}
</div>
<div class="card card-block">
<h3 class="card-title">Virtual Container Host Info</h3>
<p class="card-text">Docker Endpoint: {{.HostIP}}:{{.DockerPort}}</p>
<p class="card-text">System Time: {{.SystemTime}}</p>
{{.StorageRemaining}}
</div>
</div>
<div class="col-md-6">
<div class="card card-block">
<h3 class="card-title">Logs</h3>
<div class="row">
<div class="sixty"><a href="/logs.zip">Log Bundle</a></div>
</div>
{{if .VCHReachable}}
<div class="row">
<div class="sixty"><a href="/container-logs.zip">Log Bundle with container logs</a></div>
</div>
<div class="row">
<div class="sixty"><a href="/logs/docker-personality.log">Docker Personality</a></div>
<div class="forty"><a href="/logs/tail/docker-personality.log">Live Log</a></div>
</div>
<div class="row">
<div class="sixty"><a href="/logs/port-layer.log">Port Layer Service</a></div>
<div class="forty"><a href="/logs/tail/port-layer.log">Live Log</a></div>
</div>
<div class="row">
<div class="sixty"><a href="/logs/init.log">Initialization & watchdog</a></div>
<div class="forty"><a href="/logs/tail/init.log">Live Log</a></div>
</div>
<div class="row">
<div class="sixty"><a href="/logs/vicadmin.log">Admin Server</a></div>
<div class="forty"><a href="/logs/tail/vicadmin.log">Live Log</a></div>
</div>
<div class="row">
<div class="sixty"><a href="/logs/kubelet-starter.log">Kubelet Starter</a></div>
<div class="forty"><a href="/logs/tail/kubelet-starter.log">Live Log</a></div>
</div>
<div class="row">
<div class="sixty"><a href="/logs/virtual-kubelet.log">Virtual Kubelet</a></div>
<div class="forty"><a href="/logs/tail/virtual-kubelet.log">Live Log</a></div>
</div>
{{else}}
<div class="row">
<div class="sixty">
<span class="error-message">Other logs are unavailable due to vSphere connection issues.
Please see the log bundle and
<a href="https://vmware.github.io/vic/assets/files/html/vic_admin/vicadmin_status_ref.html">documentation</a>
to troubleshoot the issue.
</span>
</div>
</div>
{{end}}
</div>
</div>
</div>
</section>
</main>
</div>
</body>
</html>

BIN
vendor/github.com/vmware/vic/isos/vicadmin/fonts/fontello.eot generated vendored Executable file
View File

Binary file not shown.

16
vendor/github.com/vmware/vic/isos/vicadmin/fonts/fontello.svg generated vendored Executable file
View File

@@ -0,0 +1,16 @@
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg xmlns="http://www.w3.org/2000/svg">
<metadata>Copyright (C) 2016 by original authors @ fontello.com</metadata>
<defs>
<font id="fontello" horiz-adv-x="1000" >
<font-face font-family="fontello" font-weight="400" font-stretch="normal" units-per-em="1000" ascent="850" descent="-150" />
<missing-glyph horiz-adv-x="1000" />
<glyph glyph-name="ok" unicode="&#xe800;" d="M933 534q0-22-16-38l-404-404-76-76q-16-15-38-15t-38 15l-76 76-202 202q-15 16-15 38t15 38l76 76q16 16 38 16t38-16l164-165 366 367q16 16 38 16t38-16l76-76q16-15 16-38z" horiz-adv-x="1000" />
<glyph glyph-name="attention" unicode="&#xe801;" d="M571 83v106q0 8-5 13t-12 5h-108q-7 0-12-5t-5-13v-106q0-8 5-13t12-6h108q7 0 12 6t5 13z m-1 208l10 257q0 6-5 10-7 6-14 6h-122q-6 0-14-6-5-4-5-12l9-255q0-5 6-9t13-3h103q8 0 14 3t5 9z m-7 522l428-786q20-35-1-70-9-17-26-26t-35-10h-858q-18 0-35 10t-26 26q-21 35-1 70l429 786q9 17 26 27t36 10 36-10 27-27z" horiz-adv-x="1000" />
<glyph glyph-name="github-circled" unicode="&#xf09b;" d="M429 779q116 0 215-58t156-156 57-215q0-140-82-252t-211-155q-15-3-22 4t-7 17q0 1 0 43t0 75q0 54-29 79 32 3 57 10t53 22 45 37 30 58 11 84q0 67-44 115 21 51-4 114-16 5-46-6t-51-25l-21-13q-52 15-107 15t-108-15q-8 6-23 15t-47 22-47 7q-25-63-5-114-44-48-44-115 0-47 12-83t29-59 45-37 52-22 57-10q-21-20-27-58-12-5-25-8t-32-3-36 12-31 35q-11 18-27 29t-28 14l-11 1q-12 0-16-2t-3-7 5-8 7-6l4-3q12-6 24-21t18-29l6-13q7-21 24-34t37-17 39-3 31 1l13 3q0-22 0-50t1-30q0-10-8-17t-22-4q-129 43-211 155t-82 252q0 117 58 215t155 156 216 58z m-267-616q2 4-3 7-6 1-8-1-1-4 4-7 5-3 7 1z m18-19q4 3-1 9-6 5-9 2-4-3 1-9 5-6 9-2z m16-25q6 4 0 11-4 7-9 3-5-3 0-10t9-4z m24-23q4 4-2 10-7 7-11 2-5-5 2-11 6-6 11-1z m32-14q1 6-8 9-8 2-10-4t7-9q8-3 11 4z m35-3q0 7-10 6-9 0-9-6 0-7 10-6 9 0 9 6z m32 5q-1 7-10 5-9-1-8-8t10-4 8 7z" horiz-adv-x="857.1" />
</font>
</defs>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.9 KiB

BIN
vendor/github.com/vmware/vic/isos/vicadmin/fonts/fontello.ttf generated vendored Executable file
View File

Binary file not shown.

BIN
vendor/github.com/vmware/vic/isos/vicadmin/fonts/fontello.woff generated vendored Executable file
View File

Binary file not shown.

BIN
vendor/github.com/vmware/vic/isos/vicadmin/fonts/fontello.woff2 generated vendored Executable file
View File

Binary file not shown.

17
vendor/github.com/vmware/vic/isos/vicadmin/images/vmw-logo.svg generated vendored Normal file
View File

@@ -0,0 +1,17 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg width="37px" height="36px" viewBox="0 0 37 36" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<!-- Generator: Sketch 3.8.3 (29802) - http://www.bohemiancoding.com/sketch -->
<title>vm bug</title>
<desc>Created with Sketch.</desc>
<defs></defs>
<g id="Headers" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g id="CL-Headers-Specs" transform="translate(-262.000000, -175.000000)">
<g id="01" transform="translate(238.000000, 163.000000)">
<g id="vm-bug" transform="translate(24.703125, 12.000000)">
<rect id="Rectangle-42" fill-opacity="0.25" fill="#DDDDDD" opacity="0.6" x="0" y="0" width="36" height="36" rx="3"></rect>
<path d="M7.63948376,13.8762402 C7.32265324,13.2097082 6.53978152,12.9085139 5.80923042,13.219934 C5.07771043,13.5322837 4.80932495,14.3103691 5.13972007,14.9769011 L8.20725954,21.3744923 C8.68977207,22.3784735 9.19844491,22.9037044 10.1528121,22.9037044 C11.1720955,22.9037044 11.6168209,22.3310633 12.0983646,21.3744923 C12.0983646,21.3744923 14.7744682,15.7847341 14.8015974,15.7261685 C14.8287266,15.6666733 14.9149588,15.4863286 15.1872199,15.4872582 C15.4178182,15.490047 15.6106294,15.6657437 15.6106294,15.9018652 L15.6106294,21.3698443 C15.6106294,22.212073 16.0979865,22.9037044 17.0349134,22.9037044 C17.9718403,22.9037044 18.4785754,22.212073 18.4785754,21.3698443 L18.4785754,16.8965503 C18.4785754,16.0338702 19.1219254,15.4742436 20.0007183,15.4742436 C20.8785423,15.4742436 21.4637583,16.0524624 21.4637583,16.8965503 L21.4637583,21.3698443 C21.4637583,22.212073 21.9520842,22.9037044 22.8880423,22.9037044 C23.8240003,22.9037044 24.3326731,22.212073 24.3326731,21.3698443 L24.3326731,16.8965503 C24.3326731,16.0338702 24.9750543,15.4742436 25.8538472,15.4742436 C26.7307023,15.4742436 27.3168871,16.0524624 27.3168871,16.8965503 L27.3168871,21.3698443 C27.3168871,22.212073 27.8052131,22.9037044 28.74214,22.9037044 C29.6771291,22.9037044 30.1848331,22.212073 30.1848331,21.3698443 L30.1848331,16.2783582 C30.1848331,14.4070488 28.6181207,13.0962956 26.7307023,13.0962956 C24.8452216,13.0962956 23.6651006,14.3475536 23.6651006,14.3475536 C23.037253,13.5666793 22.1720247,13.0972252 20.7089847,13.0972252 C19.164557,13.0972252 17.8129406,14.3475536 17.8129406,14.3475536 C17.1841241,13.5666793 16.1154267,13.0972252 15.2308204,13.0972252 C13.8617638,13.0972252 12.7746572,13.675444 12.1119292,15.1302871 L10.1528121,19.5608189 L7.63948376,13.8762402" id="Fill-4" fill="#FFFFFF"></path>
</g>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 2.6 KiB