// CreateVolumeCmds creates the commands needed for a volume unit.
func (e *dockerEngine) CreateVolumeCmds(t *jobs.Task, vol jobs.Volume, volIndex int, volPrefix, volHostPath string, env map[string]string, scalingGroup uint) (engine.Cmds, error) {
containerImage := e.images.CephVolume
containerName := createVolumeUnitContainerName(t, volIndex, scalingGroup)
execStart, err := e.createVolumeDockerCmdLine(t, containerName, containerImage, vol, volPrefix, volHostPath, env, scalingGroup)
if err != nil {
return engine.Cmds{}, maskAny(err)
}
testVolHostPathCmd := e.createTestLocalVolumeCmd(volHostPath)
var cmds engine.Cmds
cmds.Start = append(cmds.Start,
e.pullCmd(containerImage),
testVolHostPathCmd,
e.stopCmd(containerName),
e.removeCmd(containerName),
e.cleanupCmd(),
)
if e.options.EnvFile != "" {
cmds.Start = append(cmds.Start, *cmdline.New(nil, e.touchPath, e.options.EnvFile))
}
cmds.Start = append(cmds.Start, execStart)
cmds.Stop = append(cmds.Stop,
e.stopCmd(containerName),
e.removeCmd(containerName),
)
return cmds, nil
}
// CreateProxyCmds creates the commands needed for a proxy unit.
func (e *dockerEngine) CreateProxyCmds(t *jobs.Task, link jobs.Link, linkIndex int, env map[string]string, scalingGroup uint) (engine.Cmds, error) {
containerName := fmt.Sprintf("%s-pr%d", t.ContainerName(scalingGroup), linkIndex)
containerImage := images.Wormhole
execStart, err := e.createProxyDockerCmdLine(t, containerName, containerImage, link, env, scalingGroup)
if err != nil {
return engine.Cmds{}, maskAny(err)
}
var cmds engine.Cmds
cmds.Start = append(cmds.Start,
e.pullCmd(containerImage),
e.stopCmd(containerName),
e.removeCmd(containerName),
e.cleanupCmd(),
)
if e.options.EnvFile != "" {
cmds.Start = append(cmds.Start, *cmdline.New(nil, e.touchPath, e.options.EnvFile))
}
cmds.Start = append(cmds.Start, execStart)
cmds.Stop = append(cmds.Stop,
e.stopCmd(containerName),
e.removeCmd(containerName),
)
return cmds, nil
}
// CreateMainCmds creates the commands needed for a main unit.
func (e *dockerEngine) CreateMainCmds(t *jobs.Task, env map[string]string, scalingGroup uint) (engine.Cmds, error) {
containerName := t.ContainerName(scalingGroup)
containerImage := t.Image.String()
if t.Type == "proxy" {
containerImage = images.Alpine
}
execStart, err := e.createMainDockerCmdLine(t, containerImage, env, scalingGroup)
if err != nil {
return engine.Cmds{}, maskAny(err)
}
var cmds engine.Cmds
cmds.Start = append(cmds.Start,
e.pullCmd(containerImage),
)
if e.options.EnvFile != "" {
cmds.Start = append(cmds.Start, *cmdline.New(nil, e.touchPath, e.options.EnvFile))
}
// Add secret extraction commands
secretsCmds, err := e.createSecretsExecStartPre(t, images.VaultMonkey, env, scalingGroup)
if err != nil {
return engine.Cmds{}, maskAny(err)
}
cmds.Start = append(cmds.Start, secretsCmds...)
cmds.Start = append(cmds.Start,
e.stopCmd(containerName),
e.removeCmd(containerName),
e.cleanupCmd(),
)
for _, v := range t.Volumes {
if v.IsLocal() {
cmds.Start = append(cmds.Start, e.createTestLocalVolumeCmd(v.HostPath))
}
}
cmds.Start = append(cmds.Start, execStart)
cmds.Stop = append(cmds.Stop,
e.stopCmd(containerName),
e.removeCmd(containerName),
)
return cmds, nil
}
func (e *dockerEngine) pullCmd(image string) cmdline.Cmdline {
return *cmdline.New(nil, e.dockerPath, "pull", image)
}
func (e *dockerEngine) createTestLocalVolumeCmd(volHostPath string) cmdline.Cmdline {
return *cmdline.New(nil, e.shPath, "-c", fmt.Sprintf("'test -e %s || mkdir -p %s'", volHostPath, volHostPath))
}
// createSecretsUnit creates a unit used to extract secrets from vault
func (e *dockerEngine) createSecretsExecStartPre(t *jobs.Task, containerImage string, env map[string]string, scalingGroup uint) ([]cmdline.Cmdline, error) {
if len(t.Secrets) == 0 {
// No secrets to extract
return nil, nil
}
// Create all secret extraction commands
jobID := t.JobID()
if jobID == "" {
return nil, maskAny(fmt.Errorf("job ID missing for job %s with secrets", t.JobName()))
}
// Prepare volume paths
secretsRoot := secretsRootPath(t, scalingGroup)
secretsRootVol := fmt.Sprintf("%s:%s", secretsRoot, secretsRoot)
vaultCrtVol := "/etc/pulcy/vault.crt:/etc/pulcy/vault.crt:ro"
clusterIdVol := "/etc/pulcy/cluster-id:/etc/pulcy/cluster-id:ro"
machineIdVol := "/etc/machine-id:/etc/machine-id:ro"
var cmds []cmdline.Cmdline
cmds = append(cmds,
*cmdline.New(nil, "/usr/bin/mkdir", "-p", secretsRoot),
e.pullCmd(containerImage),
)
envPaths := []string{}
for _, secret := range t.Secrets {
if ok, _ := secret.TargetFile(); ok {
targetPath, err := secretFilePath(t, scalingGroup, secret)
if err != nil {
return nil, maskAny(err)
}
var cmd cmdline.Cmdline
cmd.Add(nil, e.dockerPath, "run", "--rm")
//cmd.Add(env, fmt.Sprintf("--name %s-sc", t.containerName(ctx.ScalingGroup)))
cmd.Add(env, "--net=host")
cmd.Add(env, "-v "+secretsRootVol)
cmd.Add(env, "-v "+vaultCrtVol)
cmd.Add(env, "-v "+clusterIdVol)
cmd.Add(env, "-v "+machineIdVol)
cmd.Add(env, "--env-file /etc/pulcy/vault.env")
/*if ctx.DockerOptions.EnvFile != "" {
cmd.Add(env,fmt.Sprintf("--env-file=%s", ctx.DockerOptions.EnvFile))
}*/
for _, arg := range t.LogDriver.CreateDockerLogArgs(e.options) {
cmd.Add(env, arg)
}
cmd.Add(env, containerImage)
cmd.Add(nil, "extract", "file")
cmd.Add(env, "--target "+targetPath)
cmd.Add(env, "--job-id "+jobID)
cmd.Add(env, secret.VaultPath())
cmds = append(cmds, cmd)
} else if ok, environmentKey := secret.TargetEnviroment(); ok {
envPaths = append(envPaths, fmt.Sprintf("%s=%s", environmentKey, secret.VaultPath()))
}
}
if len(envPaths) > 0 {
targetPath := secretEnvironmentPath(t, scalingGroup)
var cmd cmdline.Cmdline
cmd.Add(nil, e.dockerPath, "run", "--rm")
//cmd.Add(env, fmt.Sprintf("--name %s-sc", t.containerName(ctx.ScalingGroup)))
cmd.Add(env, "--net=host")
cmd.Add(env, "-v "+secretsRootVol)
cmd.Add(env, "-v "+vaultCrtVol)
cmd.Add(env, "-v "+clusterIdVol)
cmd.Add(env, "-v "+machineIdVol)
cmd.Add(env, "--env-file /etc/pulcy/vault.env")
/*if ctx.DockerOptions.EnvFile != "" {
cmd.Add(env, fmt.Sprintf("--env-file=%s", ctx.DockerOptions.EnvFile))
}*/
for _, arg := range t.LogDriver.CreateDockerLogArgs(e.options) {
cmd.Add(env, arg)
}
cmd.Add(env, containerImage)
cmd.Add(nil, "extract", "env")
cmd.Add(env, "--target "+targetPath)
cmd.Add(env, "--job-id "+jobID)
for _, envPath := range envPaths {
cmd.Add(env, envPath)
}
cmds = append(cmds, cmd)
}
return cmds, nil
}