Exemple #1
0
func switchnsExec(args []string) {
	var err error

	client, err := docker.GetConnection("unix:///var/run/docker.sock")
	if err != nil {
		fmt.Printf("Unable to connect to server\n")
		os.Exit(3)
	}

	uid := os.Getuid()

	if uid == 0 {
		runCommandInContainer(client, containerName, args, envs)
	} else {
		var u *user.User
		var containerId containers.Identifier

		if u, err = user.LookupId(strconv.Itoa(uid)); err != nil {
			fmt.Printf("Couldn't lookup uid %s\n", uid)
			os.Exit(2)
		}

		if containerId, err = containers.NewIdentifierFromUser(u); err != nil {
			fmt.Printf("Couldn't get identifier from user: %v\n", u)
			os.Exit(2)
		}
		runCommandInContainer(client, containerId.ContainerFor(), []string{"/bin/sh", "-l"}, []string{})
	}
}
Exemple #2
0
func (FilePlugin) Perform(req *api.StatusRequest, ch chan bool) {

	client, err := docker.GetConnection(req.Socket)

	if err != nil {
		ch <- false
		return
	}

	filePath := "/tmp/.ready"

	if len(req.Args) > 1 {
		filePath = req.Args[1]
	}

	cmd := []string{"/bin/sh", "-c", "[ -e " + filePath + " ]"}

	containerNsPID, err := client.ChildProcessForContainer(req.Container)
	exitCode, err := namespace.RunIn(req.Container.Name, containerNsPID, cmd, req.Container.Config.Env)

	if req.Verbose {
		log.Printf("[file] The file '%s' exists == %t\n", filePath, exitCode)
	}

	if exitCode == 0 {
		ch <- true
	} else {
		ch <- false
	}

}
Exemple #3
0
func switchnsGit() {
	var u *user.User
	var err error
	var repoId git.RepoIdentifier

	uid := os.Getuid()
	originalCommand := os.Getenv("SSH_ORIGINAL_COMMAND")

	if u, err = user.LookupId(strconv.Itoa(uid)); err != nil {
		fmt.Printf("Couldn't find user with uid %n\n", uid)
		os.Exit(2)
	}

	if uid != 0 {
		if !isValidGitCommand(originalCommand, !gitRw) {
			fmt.Printf("Invalid git command: %s\n", originalCommand)
			os.Exit(2)
		}
		if repoId, err = git.NewIdentifierFromUser(u); err != nil {
			fmt.Printf("Couldn't create identifier for user %v\n", u)
			os.Exit(2)
		}
		env := []string{fmt.Sprintf("HOME=%s", repoId.RepositoryPathFor())}
		client, err := docker.GetConnection("unix:///var/run/docker.sock")
		if err != nil {
			fmt.Printf("Unable to connect to server\n")
			os.Exit(3)
		}

		runCommandInContainer(client, "geard-githost", []string{"/usr/bin/git-shell", "-c", originalCommand}, env)
	} else {
		fmt.Println("Cannot switch into any git repo as root user")
		os.Exit(2)
	}
}
Exemple #4
0
func runCommandInContainer(name string, command []string, environment []string) {
	if len(command) == 0 {
		fmt.Println("No command specified")
		os.Exit(3)
	}

	client, err := docker.GetConnection("unix:///var/run/docker.sock")
	if err != nil {
		fmt.Printf("Unable to connect to server\n")
		os.Exit(3)
	}

	container, err := client.GetContainer(name, false)
	if err != nil {
		fmt.Printf("Unable to locate container named %v\n", name)
		os.Exit(3)
	}
	containerNsPID, err := client.ChildProcessForContainer(container)
	if err != nil {
		fmt.Println("Couldn't create child process for container")
		os.Exit(3)
	}

	namespace.RunIn(name, containerNsPID, command, environment)
}
Exemple #5
0
func InitPostStart(dockerSocket string, id containers.Identifier) error {
	var (
		u         *user.User
		container *dc.Container
		err       error
		d         *docker.DockerClient
	)

	if u, err = user.Lookup(id.LoginFor()); err == nil {
		if err := ssh.GenerateAuthorizedKeysFor(u, true, false); err != nil {
			log.Print(err.Error())
		}
	} else {
		log.Print(err.Error())
	}

	if d, err = docker.GetConnection(dockerSocket); err != nil {
		return err
	}

	if file, err := os.Open(id.NetworkLinksPathFor()); err == nil {
		defer file.Close()

		const ContainerInterval = time.Second / 3
		const ContainerWait = time.Second * 12
		for i := 0; i < int(ContainerWait/ContainerInterval); i++ {
			if container, err = d.GetContainer(id.ContainerFor(), true); err != nil {
				return err
			}
			if container.State.Running {
				break
			} else {
				log.Printf("Waiting for container to run.")
				time.Sleep(ContainerInterval)
			}
		}

		pid, err := d.ChildProcessForContainer(container)
		if err != nil {
			return err
		}
		if pid < 2 {
			return errors.New("support: child PID is not correct")
		}
		log.Printf("Updating network namespaces for %d", pid)
		if err := updateNamespaceNetworkLinks(pid, file); err != nil {
			return err
		}
	}

	return nil
}
Exemple #6
0
func startIdler(c *cobra.Command, args []string) {
	systemd.Require()
	dockerSocket := c.Flags().Lookup("docker-socket").Value.String()

	dockerClient, err := docker.GetConnection(dockerSocket)
	if err != nil {
		cmd.Fail(1, "Unable to connect to docker on URI %s", dockerSocket)
	}

	if err := idler.StartIdler(dockerClient, hostIp, idleTimeout); err != nil {
		cmd.Fail(2, err.Error())
	}
}
Exemple #7
0
func runCommand(name string, command []string, environment []string) {
	client, err := docker.GetConnection("unix:///var/run/docker.sock")
	if err != nil {
		fmt.Printf("Unable to connect to server\n")
		os.Exit(3)
	}

	container, err := client.GetContainer(name, false)
	if err != nil {
		fmt.Printf("Unable to locate container named %v\n", name)
		os.Exit(3)
	}
	containerNsPID, err := client.ChildProcessForContainer(container)
	if err != nil {
		os.Exit(3)
	}
	namespace.RunIn(name, containerNsPID, command, environment)
}
Exemple #8
0
// Remove any geard managed container with certain criteria from runtime
// * exit code non-zero and not running
// * older than retentionAge
// * name does not have -data suffix
func (r *FailureCleanup) Clean(ctx *CleanerContext) {
	ctx.LogInfo.Println("--- \"FAILED CONTAINERS\" CLEANUP ---")

	client, err := docker.GetConnection(r.dockerSocket)
	if err != nil {
		ctx.LogError.Printf("Unable connect to docker: %s. Is daemon running?", r.dockerSocket)
		return
	}

	gears, err := client.ListContainers()
	if err != nil {
		ctx.LogError.Printf("Unable to find any containers: %s", err.Error())
		return
	}

	retentionAge, err := time.ParseDuration(r.retentionAge)
	for _, cinfo := range gears {
		container, err := client.InspectContainer(cinfo.ID)
		if err != nil {
			ctx.LogError.Printf("Unable to retrieve container information for %s: %s", container.Name, err.Error())
			continue
		}

		// Happy container or not...
		if 0 == container.State.ExitCode ||
			container.State.Running ||
			strings.HasSuffix(container.Name, "-data") ||
			time.Since(container.State.FinishedAt) < retentionAge {
			continue
		}

		// Container under geard control and has a non-zero exit code, remove it from runtime
		ctx.LogInfo.Printf("Removing container %s has exit code of %d", container.Name, container.State.ExitCode)

		if ctx.DryRun {
			continue
		}

		e1 := client.ForceCleanContainer(container.ID)
		if e1 != nil {
			ctx.LogError.Printf("Unable to remove container %s from runtime: %s", container.Name, e1.Error())
		}
	}
}
Exemple #9
0
func (s *IntegrationTestSuite) SetUpSuite(c *chk.C) {
	var err error

	travis := os.Getenv("TRAVIS")
	if travis != "" {
		c.Skip("-skip run on Travis")
	}

	s.daemonURI = os.Getenv("GEARD_URI")
	if s.daemonURI == "" {
		s.daemonURI = "localhost:43273"
	}

	dockerURI := os.Getenv("DOCKER_URI")
	if dockerURI == "" {
		dockerURI = "unix:///var/run/docker.sock"
	}
	s.dockerClient, err = docker.GetConnection(dockerURI)
	c.Assert(err, chk.IsNil)

	containers, err := s.dockerClient.ListContainers()
	c.Assert(err, chk.IsNil)
	for _, cinfo := range containers {
		container, err := s.dockerClient.GetContainer(cinfo.ID, false)
		c.Assert(err, chk.IsNil)
		if strings.HasPrefix(container.Name, "IntTest") {
			s.dockerClient.ForceCleanContainer(cinfo.ID)
		}
	}

	_, err = s.dockerClient.GetImage(TestImage)
	c.Assert(err, chk.IsNil)

	s.sdconn, err = systemd.NewConnection()
	c.Assert(err, chk.IsNil)
	err = s.sdconn.Subscribe()
	c.Assert(err, chk.IsNil)
	defer s.sdconn.Unsubscribe()
}
Exemple #10
0
func InitPreStart(dockerSocket string, id containers.Identifier, imageName string) error {
	var (
		err     error
		imgInfo *dc.Image
		d       *docker.DockerClient
	)

	_, socketActivationType, err := containers.GetSocketActivation(id)
	if err != nil {
		fmt.Printf("init_pre_start: Error while parsing unit file: %v\n", err)
		return err
	}

	if _, err = user.Lookup(id.LoginFor()); err != nil {
		if _, ok := err.(user.UnknownUserError); !ok {
			return err
		}
		if err = createUser(id); err != nil {
			return err
		}
	}

	if d, err = docker.GetConnection(dockerSocket); err != nil {
		return err
	}

	if imgInfo, err = d.GetImage(imageName); err != nil {
		return err
	}

	if err := os.MkdirAll(id.HomePath(), 0700); err != nil {
		return err
	}

	u, _ := user.Lookup(id.LoginFor())
	volumes := make([]string, 0, 10)
	for volPath := range imgInfo.Config.Volumes {
		volumes = append(volumes, volPath)
	}

	user := imgInfo.Config.User
	if user == "" {
		user = "******"
	}

	ports, err := containers.GetExistingPorts(id)
	if err != nil {
		fmt.Printf("container init pre-start: Unable to retrieve port mapping\n")
		return err
	}

	containerData := containers.ContainerInitScript{
		imgInfo.Config.User == "",
		user,
		u.Uid,
		u.Gid,
		strings.Join(imgInfo.Config.Cmd, " "),
		len(volumes) > 0,
		strings.Join(volumes, " "),
		ports,
		socketActivationType == "proxied",
	}

	file, _, err := utils.OpenFileExclusive(path.Join(id.RunPathFor(), "container-init.sh"), 0700)
	if err != nil {
		fmt.Printf("container init pre-start: Unable to open script file: %v\n", err)
		return err
	}
	defer file.Close()

	if erre := containers.ContainerInitTemplate.Execute(file, containerData); erre != nil {
		fmt.Printf("container init pre-start: Unable to output template: ", erre)
		return erre
	}
	if err := file.Close(); err != nil {
		return err
	}

	file, _, err = utils.OpenFileExclusive(path.Join(id.RunPathFor(), "container-cmd.sh"), 0705)
	if err != nil {
		fmt.Printf("container init pre-start: Unable to open cmd script file: %v\n", err)
		return err
	}
	defer file.Close()

	if erre := containers.ContainerCmdTemplate.Execute(file, containerData); erre != nil {
		fmt.Printf("container init pre-start: Unable to output cmd template: ", erre)
		return erre
	}
	if err := file.Close(); err != nil {
		return err
	}

	return nil
}
Exemple #11
0
func InitPostStart(dockerSocket string, id containers.Identifier) error {
	var (
		u         *user.User
		container *dc.Container
		err       error
		d         *docker.DockerClient
	)

	if u, err = user.Lookup(id.LoginFor()); err == nil {
		if err := ssh.GenerateAuthorizedKeysFor(u, true, false); err != nil {
			log.Print(err.Error())
		}
	} else {
		log.Print(err.Error())
	}

	if d, err = docker.GetConnection(dockerSocket); err != nil {
		return err
	}

	if file, err := os.Open(id.NetworkLinksPathFor()); err == nil {
		defer file.Close()

		const ContainerInterval = time.Second / 10
		const ContainerWait = time.Second * 15
		for i := 0; i < int(ContainerWait/ContainerInterval); i++ {
			if container, err = d.InspectContainer(id.ContainerFor()); err != nil {
				if err == docker.ErrNoSuchContainer {
					//log.Printf("Waiting for container to be available.")
					time.Sleep(ContainerInterval)
					continue
				}
				return err
			}
			if container.State.Running && container.State.Pid != 0 {
				break
			} else {
				//log.Printf("Waiting for container to report available.")
				time.Sleep(ContainerInterval)
			}
		}

		if container == nil {
			return fmt.Errorf("container %s was not visible through Docker before timeout", id.ContainerFor())
		}

		pid, err := d.ChildProcessForContainer(container)
		if err != nil {
			return err
		}
		if pid <= 1 {
			return errors.New("child PID is not correct")
		}
		log.Printf("Updating network namespaces for %d", pid)
		if err := updateNamespaceNetworkLinks(pid, file); err != nil {
			return err
		}
	}

	return nil
}