func ContainerConfigFromJob(job *engine.Job) *Config {
config := &Config{
Hostname: job.Getenv("Hostname"),
Domainname: job.Getenv("Domainname"),
User: job.Getenv("User"),
Memory: job.GetenvInt64("Memory"),
MemorySwap: job.GetenvInt64("MemorySwap"),
CpuShares: job.GetenvInt64("CpuShares"),
Cpuset: job.Getenv("Cpuset"),
AttachStdin: job.GetenvBool("AttachStdin"),
AttachStdout: job.GetenvBool("AttachStdout"),
AttachStderr: job.GetenvBool("AttachStderr"),
Tty: job.GetenvBool("Tty"),
OpenStdin: job.GetenvBool("OpenStdin"),
StdinOnce: job.GetenvBool("StdinOnce"),
Image: job.Getenv("Image"),
WorkingDir: job.Getenv("WorkingDir"),
NetworkDisabled: job.GetenvBool("NetworkDisabled"),
}
job.GetenvJson("ExposedPorts", &config.ExposedPorts)
job.GetenvJson("Volumes", &config.Volumes)
if PortSpecs := job.GetenvList("PortSpecs"); PortSpecs != nil {
config.PortSpecs = PortSpecs
}
if Env := job.GetenvList("Env"); Env != nil {
config.Env = Env
}
if Cmd := job.GetenvList("Cmd"); Cmd != nil {
config.Cmd = Cmd
}
if Entrypoint := job.GetenvList("Entrypoint"); Entrypoint != nil {
config.Entrypoint = Entrypoint
}
return config
}
func ExecConfigFromJob(job *engine.Job) *ExecConfig {
execConfig := &ExecConfig{
User: job.Getenv("User"),
Privileged: job.GetenvBool("Privileged"),
Tty: job.GetenvBool("Tty"),
Container: job.Getenv("Container"),
AttachStdin: job.GetenvBool("AttachStdin"),
AttachStderr: job.GetenvBool("AttachStderr"),
AttachStdout: job.GetenvBool("AttachStdout"),
}
if cmd := job.GetenvList("Cmd"); cmd != nil {
execConfig.Cmd = cmd
}
return execConfig
}
func (b *BuilderJob) CmdBuildConfig(job *engine.Job) engine.Status {
if len(job.Args) != 0 {
return job.Errorf("Usage: %s\n", job.Name)
}
var (
changes = job.GetenvList("changes")
newConfig runconfig.Config
)
if err := job.GetenvJson("config", &newConfig); err != nil {
return job.Error(err)
}
ast, err := parser.Parse(bytes.NewBufferString(strings.Join(changes, "\n")))
if err != nil {
return job.Error(err)
}
// ensure that the commands are valid
for _, n := range ast.Children {
if !validCommitCommands[n.Value] {
return job.Errorf("%s is not a valid change command", n.Value)
}
}
builder := &Builder{
Daemon: b.Daemon,
Engine: b.Engine,
Config: &newConfig,
OutStream: ioutil.Discard,
ErrStream: ioutil.Discard,
disableCommit: true,
}
for i, n := range ast.Children {
if err := builder.dispatch(i, n); err != nil {
return job.Error(err)
}
}
if err := json.NewEncoder(job.Stdout).Encode(builder.Config); err != nil {
return job.Error(err)
}
return engine.StatusOK
}
func ExecConfigFromJob(job *engine.Job) *ExecConfig {
execConfig := &ExecConfig{
// TODO(vishh): Expose 'User' once it is supported.
//User: job.Getenv("User"),
// TODO(vishh): Expose 'Privileged' once it is supported.
//Privileged: job.GetenvBool("Privileged"),
Tty: job.GetenvBool("Tty"),
AttachStdin: job.GetenvBool("AttachStdin"),
AttachStderr: job.GetenvBool("AttachStderr"),
AttachStdout: job.GetenvBool("AttachStdout"),
}
if cmd := job.GetenvList("Cmd"); cmd != nil {
execConfig.Cmd = cmd
}
return execConfig
}
func ExecConfigFromJob(job *engine.Job) (*ExecConfig, error) {
execConfig := &ExecConfig{
User: job.Getenv("User"),
Privileged: job.GetenvBool("Privileged"),
Tty: job.GetenvBool("Tty"),
AttachStdin: job.GetenvBool("AttachStdin"),
AttachStderr: job.GetenvBool("AttachStderr"),
AttachStdout: job.GetenvBool("AttachStdout"),
}
cmd := job.GetenvList("Cmd")
if len(cmd) == 0 {
return nil, fmt.Errorf("No exec command specified")
}
execConfig.Cmd = cmd
return execConfig, nil
}
func LinkContainers(job *engine.Job) engine.Status {
var (
action = job.Args[0]
childIP = job.Getenv("ChildIP")
parentIP = job.Getenv("ParentIP")
ignoreErrors = job.GetenvBool("IgnoreErrors")
ports = job.GetenvList("Ports")
useIpv6 = job.GetenvBool("UseIpv6")
)
split := func(p string) (string, string) {
parts := strings.Split(p, "/")
return parts[0], parts[1]
}
for _, p := range ports {
port, proto := split(p)
if output, err := iptables.Raw(useIpv6, action, "FORWARD",
"-i", bridgeIface, "-o", bridgeIface,
"-p", proto,
"-s", parentIP,
"--dport", port,
"-d", childIP,
"-j", "ACCEPT"); !ignoreErrors && err != nil {
return job.Error(err)
} else if len(output) != 0 {
return job.Errorf("Error toggle iptables forward: %s", output)
}
if output, err := iptables.Raw(useIpv6, action, "FORWARD",
"-i", bridgeIface, "-o", bridgeIface,
"-p", proto,
"-s", childIP,
"--sport", port,
"-d", parentIP,
"-j", "ACCEPT"); !ignoreErrors && err != nil {
return job.Error(err)
} else if len(output) != 0 {
return job.Errorf("Error toggle iptables forward: %s", output)
}
}
return engine.StatusOK
}
func ExecConfigFromJob(job *engine.Job) (*ExecConfig, error) {
execConfig := &ExecConfig{
// TODO(vishh): Expose 'User' once it is supported.
//User: job.Getenv("User"),
// TODO(vishh): Expose 'Privileged' once it is supported.
//Privileged: job.GetenvBool("Privileged"),
Tty: job.GetenvBool("Tty"),
AttachStdin: job.GetenvBool("AttachStdin"),
AttachStderr: job.GetenvBool("AttachStderr"),
AttachStdout: job.GetenvBool("AttachStdout"),
}
cmd := job.GetenvList("Cmd")
if len(cmd) == 0 {
return nil, fmt.Errorf("No exec command specified")
}
execConfig.Cmd = cmd
return execConfig, nil
}
func LinkContainers(job *engine.Job) error {
var (
action = job.Args[0]
nfAction iptables.Action
childIP = job.Getenv("ChildIP")
parentIP = job.Getenv("ParentIP")
ignoreErrors = job.GetenvBool("IgnoreErrors")
ports = job.GetenvList("Ports")
)
switch action {
case "-A":
nfAction = iptables.Append
case "-I":
nfAction = iptables.Insert
case "-D":
nfAction = iptables.Delete
default:
return fmt.Errorf("Invalid action '%s' specified", action)
}
ip1 := net.ParseIP(parentIP)
if ip1 == nil {
return fmt.Errorf("Parent IP '%s' is invalid", parentIP)
}
ip2 := net.ParseIP(childIP)
if ip2 == nil {
return fmt.Errorf("Child IP '%s' is invalid", childIP)
}
chain := iptables.Chain{Name: "DOCKER", Bridge: bridgeIface}
for _, p := range ports {
port := nat.Port(p)
if err := chain.Link(nfAction, ip1, ip2, port.Int(), port.Proto()); !ignoreErrors && err != nil {
return err
}
}
return nil
}
func LinkContainers(job *engine.Job) engine.Status {
var (
action = job.Args[0]
childIP = job.Getenv("ChildIP")
parentIP = job.Getenv("ParentIP")
ignoreErrors = job.GetenvBool("IgnoreErrors")
ports = job.GetenvList("Ports")
)
for _, value := range ports {
port := nat.Port(value)
if output, err := iptables.Raw(action, "FORWARD",
"-i", bridgeIface, "-o", bridgeIface,
"-p", port.Proto(),
"-s", parentIP,
"--dport", strconv.Itoa(port.Int()),
"-d", childIP,
"-j", "ACCEPT"); !ignoreErrors && err != nil {
return job.Error(err)
} else if len(output) != 0 {
return job.Errorf("Error toggle iptables forward: %s", output)
}
if output, err := iptables.Raw(action, "FORWARD",
"-i", bridgeIface, "-o", bridgeIface,
"-p", port.Proto(),
"-s", childIP,
"--sport", strconv.Itoa(port.Int()),
"-d", parentIP,
"-j", "ACCEPT"); !ignoreErrors && err != nil {
return job.Error(err)
} else if len(output) != 0 {
return job.Errorf("Error toggle iptables forward: %s", output)
}
}
return engine.StatusOK
}
// ConfigFromJob creates and returns a new DaemonConfig object
// by parsing the contents of a job's environment.
func ConfigFromJob(job *engine.Job) *Config {
config := &Config{
Pidfile: job.Getenv("Pidfile"),
Root: job.Getenv("Root"),
AutoRestart: job.GetenvBool("AutoRestart"),
EnableIptables: job.GetenvBool("EnableIptables"),
EnableIpForward: job.GetenvBool("EnableIpForward"),
BridgeIP: job.Getenv("BridgeIP"),
BridgeIface: job.Getenv("BridgeIface"),
DefaultIp: net.ParseIP(job.Getenv("DefaultIp")),
InterContainerCommunication: job.GetenvBool("InterContainerCommunication"),
GraphDriver: job.Getenv("GraphDriver"),
ExecDriver: job.Getenv("ExecDriver"),
EnableSelinuxSupport: job.GetenvBool("EnableSelinuxSupport"),
}
if graphOpts := job.GetenvList("GraphOptions"); graphOpts != nil {
config.GraphOptions = graphOpts
}
if dns := job.GetenvList("Dns"); dns != nil {
config.Dns = dns
}
if dnsSearch := job.GetenvList("DnsSearch"); dnsSearch != nil {
config.DnsSearch = dnsSearch
}
if mtu := job.GetenvInt("Mtu"); mtu != 0 {
config.Mtu = mtu
} else {
config.Mtu = GetDefaultNetworkMtu()
}
config.DisableNetwork = config.BridgeIface == DisableNetworkBridge
if sockets := job.GetenvList("Sockets"); sockets != nil {
config.Sockets = sockets
}
return config
}
func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
if job.EnvExists("HostConfig") {
hostConfig := HostConfig{}
job.GetenvJson("HostConfig", &hostConfig)
return &hostConfig
}
hostConfig := &HostConfig{
ContainerIDFile: job.Getenv("ContainerIDFile"),
Privileged: job.GetenvBool("Privileged"),
PublishAllPorts: job.GetenvBool("PublishAllPorts"),
NetworkMode: NetworkMode(job.Getenv("NetworkMode")),
IpcMode: IpcMode(job.Getenv("IpcMode")),
PidMode: PidMode(job.Getenv("PidMode")),
ReadonlyRootfs: job.GetenvBool("ReadonlyRootfs"),
}
job.GetenvJson("LxcConf", &hostConfig.LxcConf)
job.GetenvJson("PortBindings", &hostConfig.PortBindings)
job.GetenvJson("Devices", &hostConfig.Devices)
job.GetenvJson("RestartPolicy", &hostConfig.RestartPolicy)
hostConfig.SecurityOpt = job.GetenvList("SecurityOpt")
if Binds := job.GetenvList("Binds"); Binds != nil {
hostConfig.Binds = Binds
}
if Links := job.GetenvList("Links"); Links != nil {
hostConfig.Links = Links
}
if Dns := job.GetenvList("Dns"); Dns != nil {
hostConfig.Dns = Dns
}
if DnsSearch := job.GetenvList("DnsSearch"); DnsSearch != nil {
hostConfig.DnsSearch = DnsSearch
}
if ExtraHosts := job.GetenvList("ExtraHosts"); ExtraHosts != nil {
hostConfig.ExtraHosts = ExtraHosts
}
if VolumesFrom := job.GetenvList("VolumesFrom"); VolumesFrom != nil {
hostConfig.VolumesFrom = VolumesFrom
}
if CapAdd := job.GetenvList("CapAdd"); CapAdd != nil {
hostConfig.CapAdd = CapAdd
}
if CapDrop := job.GetenvList("CapDrop"); CapDrop != nil {
hostConfig.CapDrop = CapDrop
}
return hostConfig
}
func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
if job.EnvExists("HostConfig") {
hostConfig := HostConfig{}
job.GetenvJson("HostConfig", &hostConfig)
// FIXME: These are for backward compatibility, if people use these
// options with `HostConfig`, we should still make them workable.
if job.EnvExists("Memory") && hostConfig.Memory == 0 {
hostConfig.Memory = job.GetenvInt64("Memory")
}
if job.EnvExists("MemorySwap") && hostConfig.MemorySwap == 0 {
hostConfig.MemorySwap = job.GetenvInt64("MemorySwap")
}
if job.EnvExists("CpuShares") && hostConfig.CpuShares == 0 {
hostConfig.CpuShares = job.GetenvInt64("CpuShares")
}
if job.EnvExists("Cpuset") && hostConfig.CpusetCpus == "" {
hostConfig.CpusetCpus = job.Getenv("Cpuset")
}
return &hostConfig
}
hostConfig := &HostConfig{
ContainerIDFile: job.Getenv("ContainerIDFile"),
Memory: job.GetenvInt64("Memory"),
MemorySwap: job.GetenvInt64("MemorySwap"),
CpuShares: job.GetenvInt64("CpuShares"),
CpusetCpus: job.Getenv("CpusetCpus"),
Privileged: job.GetenvBool("Privileged"),
PublishAllPorts: job.GetenvBool("PublishAllPorts"),
NetworkMode: NetworkMode(job.Getenv("NetworkMode")),
IpcMode: IpcMode(job.Getenv("IpcMode")),
PidMode: PidMode(job.Getenv("PidMode")),
ReadonlyRootfs: job.GetenvBool("ReadonlyRootfs"),
CgroupParent: job.Getenv("CgroupParent"),
}
// FIXME: This is for backward compatibility, if people use `Cpuset`
// in json, make it workable, we will only pass hostConfig.CpusetCpus
// to execDriver.
if job.EnvExists("Cpuset") && hostConfig.CpusetCpus == "" {
hostConfig.CpusetCpus = job.Getenv("Cpuset")
}
job.GetenvJson("LxcConf", &hostConfig.LxcConf)
job.GetenvJson("PortBindings", &hostConfig.PortBindings)
job.GetenvJson("Devices", &hostConfig.Devices)
job.GetenvJson("RestartPolicy", &hostConfig.RestartPolicy)
job.GetenvJson("Ulimits", &hostConfig.Ulimits)
job.GetenvJson("LogConfig", &hostConfig.LogConfig)
hostConfig.SecurityOpt = job.GetenvList("SecurityOpt")
if Binds := job.GetenvList("Binds"); Binds != nil {
hostConfig.Binds = Binds
}
if Links := job.GetenvList("Links"); Links != nil {
hostConfig.Links = Links
}
if Dns := job.GetenvList("Dns"); Dns != nil {
hostConfig.Dns = Dns
}
if DnsSearch := job.GetenvList("DnsSearch"); DnsSearch != nil {
hostConfig.DnsSearch = DnsSearch
}
if ExtraHosts := job.GetenvList("ExtraHosts"); ExtraHosts != nil {
hostConfig.ExtraHosts = ExtraHosts
}
if VolumesFrom := job.GetenvList("VolumesFrom"); VolumesFrom != nil {
hostConfig.VolumesFrom = VolumesFrom
}
if CapAdd := job.GetenvList("CapAdd"); CapAdd != nil {
hostConfig.CapAdd = CapAdd
}
if CapDrop := job.GetenvList("CapDrop"); CapDrop != nil {
hostConfig.CapDrop = CapDrop
}
return hostConfig
}
func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
hostConfig := &HostConfig{
ContainerIDFile: job.Getenv("ContainerIDFile"),
Privileged: job.GetenvBool("Privileged"),
PublishAllPorts: job.GetenvBool("PublishAllPorts"),
NetworkMode: NetworkMode(job.Getenv("NetworkMode")),
}
job.GetenvJson("LxcConf", &hostConfig.LxcConf)
job.GetenvJson("PortBindings", &hostConfig.PortBindings)
job.GetenvJson("Devices", &hostConfig.Devices)
job.GetenvJson("RestartPolicy", &hostConfig.RestartPolicy)
if Binds := job.GetenvList("Binds"); Binds != nil {
hostConfig.Binds = Binds
}
if Links := job.GetenvList("Links"); Links != nil {
hostConfig.Links = Links
}
if Dns := job.GetenvList("Dns"); Dns != nil {
hostConfig.Dns = Dns
}
if DnsSearch := job.GetenvList("DnsSearch"); DnsSearch != nil {
hostConfig.DnsSearch = DnsSearch
}
if VolumesFrom := job.GetenvList("VolumesFrom"); VolumesFrom != nil {
hostConfig.VolumesFrom = VolumesFrom
}
if CapAdd := job.GetenvList("CapAdd"); CapAdd != nil {
hostConfig.CapAdd = CapAdd
}
if CapDrop := job.GetenvList("CapDrop"); CapDrop != nil {
hostConfig.CapDrop = CapDrop
}
return hostConfig
}
func (daemon *Daemon) ContainerCgroup(job *engine.Job) engine.Status {
if len(job.Args) != 1 {
return job.Errorf("Usage: %s CONTAINER\n", job.Name)
}
var (
name = job.Args[0]
saveToFile = job.GetenvBool("saveToFile")
readSubsystem = job.GetenvList("readSubsystem")
writeSubsystem []struct {
Key string
Value string
}
err error
)
job.GetenvJson("writeSubsystem", &writeSubsystem)
log.Infof("name %s, readSubsystem %s, writeSubsystem %s", name, readSubsystem, writeSubsystem)
if container := daemon.Get(name); container != nil {
if !container.State.IsRunning() {
return job.Errorf("Container %s is not running", name)
}
var object []interface{}
// read
for _, subsystem := range readSubsystem {
var cgroupResponse struct {
Subsystem string
Out string
Err string
Status int
}
cgroupResponse.Subsystem = subsystem
output, err := fs.Get(container.ID, daemon.ExecutionDriver().Parent(), subsystem)
if err != nil {
cgroupResponse.Err = err.Error()
cgroupResponse.Status = 255
} else {
cgroupResponse.Out = output
cgroupResponse.Status = 0
}
object = append(object, cgroupResponse)
}
// write
for _, pair := range writeSubsystem {
var cgroupResponse struct {
Subsystem string
Out string
Err string
Status int
}
cgroupResponse.Subsystem = pair.Key
oldValue, _ := fs.Get(container.ID, daemon.ExecutionDriver().Parent(), pair.Key)
err = fs.Set(container.ID, daemon.ExecutionDriver().Parent(), pair.Key, pair.Value)
if err != nil {
cgroupResponse.Err = err.Error()
cgroupResponse.Status = 255
} else {
newValue, _ := fs.Get(container.ID, daemon.ExecutionDriver().Parent(), pair.Key)
log.Infof("cgroup: %s old value: %s, new value: %s", pair.Key, oldValue, newValue)
/* memory.limit_in_bytes 5g != 5368709120
if newValue != pair.Value {
return job.Errorf("cgroup %s change value failed, newValue %s is not same as expect value %s", pair.Key, newValue, pair.Value)
}*/
if err = updateConfig(container, pair.Key, pair.Value); err != nil {
cgroupResponse.Out = err.Error()
cgroupResponse.Status = 1
} else {
cgroupResponse.Out = newValue
cgroupResponse.Status = 0
}
}
object = append(object, cgroupResponse)
}
if saveToFile && err == nil {
if err := container.ToDisk(); err != nil {
return job.Error(err)
}
}
b, err := json.Marshal(object)
if err != nil {
return job.Error(err)
}
job.Stdout.Write(b)
return engine.StatusOK
}
return job.Errorf("No such container: %s", name)
}