func switchnsExec(args []string) {
var err error
client, err := docker.GetConnection("unix:///var/run/docker.sock")
if err != nil {
fmt.Printf("Unable to connect to server\n")
os.Exit(3)
}
uid := os.Getuid()
if uid == 0 {
runCommandInContainer(client, containerName, args, envs)
} else {
var u *user.User
var containerId containers.Identifier
if u, err = user.LookupId(strconv.Itoa(uid)); err != nil {
fmt.Printf("Couldn't lookup uid %s\n", uid)
os.Exit(2)
}
if containerId, err = containers.NewIdentifierFromUser(u); err != nil {
fmt.Printf("Couldn't get identifier from user: %v\n", u)
os.Exit(2)
}
runCommandInContainer(client, containerId.ContainerFor(), []string{"/bin/sh", "-l"}, []string{})
}
}
func (FilePlugin) Perform(req *api.StatusRequest, ch chan bool) {
client, err := docker.GetConnection(req.Socket)
if err != nil {
ch <- false
return
}
filePath := "/tmp/.ready"
if len(req.Args) > 1 {
filePath = req.Args[1]
}
cmd := []string{"/bin/sh", "-c", "[ -e " + filePath + " ]"}
containerNsPID, err := client.ChildProcessForContainer(req.Container)
exitCode, err := namespace.RunIn(req.Container.Name, containerNsPID, cmd, req.Container.Config.Env)
if req.Verbose {
log.Printf("[file] The file '%s' exists == %t\n", filePath, exitCode)
}
if exitCode == 0 {
ch <- true
} else {
ch <- false
}
}
func switchnsGit() {
var u *user.User
var err error
var repoId git.RepoIdentifier
uid := os.Getuid()
originalCommand := os.Getenv("SSH_ORIGINAL_COMMAND")
if u, err = user.LookupId(strconv.Itoa(uid)); err != nil {
fmt.Printf("Couldn't find user with uid %n\n", uid)
os.Exit(2)
}
if uid != 0 {
if !isValidGitCommand(originalCommand, !gitRw) {
fmt.Printf("Invalid git command: %s\n", originalCommand)
os.Exit(2)
}
if repoId, err = git.NewIdentifierFromUser(u); err != nil {
fmt.Printf("Couldn't create identifier for user %v\n", u)
os.Exit(2)
}
env := []string{fmt.Sprintf("HOME=%s", repoId.RepositoryPathFor())}
client, err := docker.GetConnection("unix:///var/run/docker.sock")
if err != nil {
fmt.Printf("Unable to connect to server\n")
os.Exit(3)
}
runCommandInContainer(client, "geard-githost", []string{"/usr/bin/git-shell", "-c", originalCommand}, env)
} else {
fmt.Println("Cannot switch into any git repo as root user")
os.Exit(2)
}
}
func runCommandInContainer(name string, command []string, environment []string) {
if len(command) == 0 {
fmt.Println("No command specified")
os.Exit(3)
}
client, err := docker.GetConnection("unix:///var/run/docker.sock")
if err != nil {
fmt.Printf("Unable to connect to server\n")
os.Exit(3)
}
container, err := client.GetContainer(name, false)
if err != nil {
fmt.Printf("Unable to locate container named %v\n", name)
os.Exit(3)
}
containerNsPID, err := client.ChildProcessForContainer(container)
if err != nil {
fmt.Println("Couldn't create child process for container")
os.Exit(3)
}
namespace.RunIn(name, containerNsPID, command, environment)
}
func InitPostStart(dockerSocket string, id containers.Identifier) error {
var (
u *user.User
container *dc.Container
err error
d *docker.DockerClient
)
if u, err = user.Lookup(id.LoginFor()); err == nil {
if err := ssh.GenerateAuthorizedKeysFor(u, true, false); err != nil {
log.Print(err.Error())
}
} else {
log.Print(err.Error())
}
if d, err = docker.GetConnection(dockerSocket); err != nil {
return err
}
if file, err := os.Open(id.NetworkLinksPathFor()); err == nil {
defer file.Close()
const ContainerInterval = time.Second / 3
const ContainerWait = time.Second * 12
for i := 0; i < int(ContainerWait/ContainerInterval); i++ {
if container, err = d.GetContainer(id.ContainerFor(), true); err != nil {
return err
}
if container.State.Running {
break
} else {
log.Printf("Waiting for container to run.")
time.Sleep(ContainerInterval)
}
}
pid, err := d.ChildProcessForContainer(container)
if err != nil {
return err
}
if pid < 2 {
return errors.New("support: child PID is not correct")
}
log.Printf("Updating network namespaces for %d", pid)
if err := updateNamespaceNetworkLinks(pid, file); err != nil {
return err
}
}
return nil
}
func startIdler(c *cobra.Command, args []string) {
systemd.Require()
dockerSocket := c.Flags().Lookup("docker-socket").Value.String()
dockerClient, err := docker.GetConnection(dockerSocket)
if err != nil {
cmd.Fail(1, "Unable to connect to docker on URI %s", dockerSocket)
}
if err := idler.StartIdler(dockerClient, hostIp, idleTimeout); err != nil {
cmd.Fail(2, err.Error())
}
}
func runCommand(name string, command []string, environment []string) {
client, err := docker.GetConnection("unix:///var/run/docker.sock")
if err != nil {
fmt.Printf("Unable to connect to server\n")
os.Exit(3)
}
container, err := client.GetContainer(name, false)
if err != nil {
fmt.Printf("Unable to locate container named %v\n", name)
os.Exit(3)
}
containerNsPID, err := client.ChildProcessForContainer(container)
if err != nil {
os.Exit(3)
}
namespace.RunIn(name, containerNsPID, command, environment)
}
// Remove any geard managed container with certain criteria from runtime
// * exit code non-zero and not running
// * older than retentionAge
// * name does not have -data suffix
func (r *FailureCleanup) Clean(ctx *CleanerContext) {
ctx.LogInfo.Println("--- \"FAILED CONTAINERS\" CLEANUP ---")
client, err := docker.GetConnection(r.dockerSocket)
if err != nil {
ctx.LogError.Printf("Unable connect to docker: %s. Is daemon running?", r.dockerSocket)
return
}
gears, err := client.ListContainers()
if err != nil {
ctx.LogError.Printf("Unable to find any containers: %s", err.Error())
return
}
retentionAge, err := time.ParseDuration(r.retentionAge)
for _, cinfo := range gears {
container, err := client.InspectContainer(cinfo.ID)
if err != nil {
ctx.LogError.Printf("Unable to retrieve container information for %s: %s", container.Name, err.Error())
continue
}
// Happy container or not...
if 0 == container.State.ExitCode ||
container.State.Running ||
strings.HasSuffix(container.Name, "-data") ||
time.Since(container.State.FinishedAt) < retentionAge {
continue
}
// Container under geard control and has a non-zero exit code, remove it from runtime
ctx.LogInfo.Printf("Removing container %s has exit code of %d", container.Name, container.State.ExitCode)
if ctx.DryRun {
continue
}
e1 := client.ForceCleanContainer(container.ID)
if e1 != nil {
ctx.LogError.Printf("Unable to remove container %s from runtime: %s", container.Name, e1.Error())
}
}
}
func (s *IntegrationTestSuite) SetUpSuite(c *chk.C) {
var err error
travis := os.Getenv("TRAVIS")
if travis != "" {
c.Skip("-skip run on Travis")
}
s.daemonURI = os.Getenv("GEARD_URI")
if s.daemonURI == "" {
s.daemonURI = "localhost:43273"
}
dockerURI := os.Getenv("DOCKER_URI")
if dockerURI == "" {
dockerURI = "unix:///var/run/docker.sock"
}
s.dockerClient, err = docker.GetConnection(dockerURI)
c.Assert(err, chk.IsNil)
containers, err := s.dockerClient.ListContainers()
c.Assert(err, chk.IsNil)
for _, cinfo := range containers {
container, err := s.dockerClient.GetContainer(cinfo.ID, false)
c.Assert(err, chk.IsNil)
if strings.HasPrefix(container.Name, "IntTest") {
s.dockerClient.ForceCleanContainer(cinfo.ID)
}
}
_, err = s.dockerClient.GetImage(TestImage)
c.Assert(err, chk.IsNil)
s.sdconn, err = systemd.NewConnection()
c.Assert(err, chk.IsNil)
err = s.sdconn.Subscribe()
c.Assert(err, chk.IsNil)
defer s.sdconn.Unsubscribe()
}
func InitPreStart(dockerSocket string, id containers.Identifier, imageName string) error {
var (
err error
imgInfo *dc.Image
d *docker.DockerClient
)
_, socketActivationType, err := containers.GetSocketActivation(id)
if err != nil {
fmt.Printf("init_pre_start: Error while parsing unit file: %v\n", err)
return err
}
if _, err = user.Lookup(id.LoginFor()); err != nil {
if _, ok := err.(user.UnknownUserError); !ok {
return err
}
if err = createUser(id); err != nil {
return err
}
}
if d, err = docker.GetConnection(dockerSocket); err != nil {
return err
}
if imgInfo, err = d.GetImage(imageName); err != nil {
return err
}
if err := os.MkdirAll(id.HomePath(), 0700); err != nil {
return err
}
u, _ := user.Lookup(id.LoginFor())
volumes := make([]string, 0, 10)
for volPath := range imgInfo.Config.Volumes {
volumes = append(volumes, volPath)
}
user := imgInfo.Config.User
if user == "" {
user = "******"
}
ports, err := containers.GetExistingPorts(id)
if err != nil {
fmt.Printf("container init pre-start: Unable to retrieve port mapping\n")
return err
}
containerData := containers.ContainerInitScript{
imgInfo.Config.User == "",
user,
u.Uid,
u.Gid,
strings.Join(imgInfo.Config.Cmd, " "),
len(volumes) > 0,
strings.Join(volumes, " "),
ports,
socketActivationType == "proxied",
}
file, _, err := utils.OpenFileExclusive(path.Join(id.RunPathFor(), "container-init.sh"), 0700)
if err != nil {
fmt.Printf("container init pre-start: Unable to open script file: %v\n", err)
return err
}
defer file.Close()
if erre := containers.ContainerInitTemplate.Execute(file, containerData); erre != nil {
fmt.Printf("container init pre-start: Unable to output template: ", erre)
return erre
}
if err := file.Close(); err != nil {
return err
}
file, _, err = utils.OpenFileExclusive(path.Join(id.RunPathFor(), "container-cmd.sh"), 0705)
if err != nil {
fmt.Printf("container init pre-start: Unable to open cmd script file: %v\n", err)
return err
}
defer file.Close()
if erre := containers.ContainerCmdTemplate.Execute(file, containerData); erre != nil {
fmt.Printf("container init pre-start: Unable to output cmd template: ", erre)
return erre
}
if err := file.Close(); err != nil {
return err
}
return nil
}
func InitPostStart(dockerSocket string, id containers.Identifier) error {
var (
u *user.User
container *dc.Container
err error
d *docker.DockerClient
)
if u, err = user.Lookup(id.LoginFor()); err == nil {
if err := ssh.GenerateAuthorizedKeysFor(u, true, false); err != nil {
log.Print(err.Error())
}
} else {
log.Print(err.Error())
}
if d, err = docker.GetConnection(dockerSocket); err != nil {
return err
}
if file, err := os.Open(id.NetworkLinksPathFor()); err == nil {
defer file.Close()
const ContainerInterval = time.Second / 10
const ContainerWait = time.Second * 15
for i := 0; i < int(ContainerWait/ContainerInterval); i++ {
if container, err = d.InspectContainer(id.ContainerFor()); err != nil {
if err == docker.ErrNoSuchContainer {
//log.Printf("Waiting for container to be available.")
time.Sleep(ContainerInterval)
continue
}
return err
}
if container.State.Running && container.State.Pid != 0 {
break
} else {
//log.Printf("Waiting for container to report available.")
time.Sleep(ContainerInterval)
}
}
if container == nil {
return fmt.Errorf("container %s was not visible through Docker before timeout", id.ContainerFor())
}
pid, err := d.ChildProcessForContainer(container)
if err != nil {
return err
}
if pid <= 1 {
return errors.New("child PID is not correct")
}
log.Printf("Updating network namespaces for %d", pid)
if err := updateNamespaceNetworkLinks(pid, file); err != nil {
return err
}
}
return nil
}