func BuildContext(driver, root string) (*Context, error) {
d, err := graphdriver.GetDriver(driver, root, nil, nil, nil)
if err != nil {
return nil, err
}
g, err := graph.NewGraph(filepath.Join(root, "graph"), d, nil, nil)
if err != nil {
return nil, err
}
config := &graph.TagStoreConfig{
Graph: g,
Events: events.New(),
Registry: registry.NewService(®istry.Options{
Mirrors: opts.NewListOpts(nil),
InsecureRegistries: *opts.NewListOptsRef(&internalDockerEndpoints, nil),
}),
}
store, err := graph.NewTagStore(filepath.Join(root, "repositories-"+d.String()), config)
if err != nil {
return nil, err
}
return NewContext(store, g, d), nil
}
// initDriver ...
func (g *GraphTool) InitDriver() error {
var err error
g.graphDriver, err = graphdriver.New(g.DockerRoot, make([]string, 0))
if err != nil {
return err
}
g.graphHandler, err = graph.NewGraph(g.DockerRoot+"/graph", g.graphDriver)
if err != nil {
return err
}
return nil
}
func initGraph(c *cli.Context) (*graph.Graph, graphdriver.Driver) {
drv := initDriver(c)
homedir := filepath.Join(c.GlobalString("home"), "graph")
g, err := graph.NewGraph(homedir, drv, nil, nil)
if err != nil {
fmt.Printf("Failed to instantiate graph: %s\n", err)
os.Exit(1)
}
if c.GlobalBool("debug") {
fmt.Fprintf(os.Stderr, "[DEBUG] %d images.\n", len(g.Map()))
}
return g, drv
}
func tempGraph(t *testing.T) (*graph.Graph, graphdriver.Driver) {
tmp, err := ioutil.TempDir("", "docker-graph-")
if err != nil {
t.Fatal(err)
}
driver, err := graphdriver.New(tmp, nil)
if err != nil {
t.Fatal(err)
}
graph, err := graph.NewGraph(tmp, driver)
if err != nil {
t.Fatal(err)
}
return graph, driver
}
func initGraph() (*graph.Graph, error) {
graphdriver.Register("devicemapper", devmapper.Init)
graphdriver.DefaultDriver = "devicemapper"
// Load storage driver
driver, err := graphdriver.New(root, graphOptions)
if err != nil {
log.Errorf("Load storage driver error: %v", err)
return nil, err
}
log.Debugf("Using graph driver %s", driver)
log.Debugf("Creating images graph")
g, err := graph.NewGraph(path.Join(root, "graph"), driver)
if err != nil {
log.Errorf("Creating images graph error: %v", err)
return nil, err
}
return g, nil
}
func NewDaemon(config *Config, registryService *registry.Service) (daemon *Daemon, err error) {
setDefaultMtu(config)
// Ensure we have compatible configuration options
if err := checkConfigOptions(config); err != nil {
return nil, err
}
// Do we have a disabled network?
config.DisableBridge = isBridgeNetworkDisabled(config)
// Verify the platform is supported as a daemon
if runtime.GOOS != "linux" && runtime.GOOS != "windows" {
return nil, ErrSystemNotSupported
}
// Validate platform-specific requirements
if err := checkSystem(); err != nil {
return nil, err
}
// set up SIGUSR1 handler on Unix-like systems, or a Win32 global event
// on Windows to dump Go routine stacks
setupDumpStackTrap()
// get the canonical path to the Docker root directory
var realRoot string
if _, err := os.Stat(config.Root); err != nil && os.IsNotExist(err) {
realRoot = config.Root
} else {
realRoot, err = fileutils.ReadSymlinkedDirectory(config.Root)
if err != nil {
return nil, fmt.Errorf("Unable to get the full path to root (%s): %s", config.Root, err)
}
}
config.Root = realRoot
// Create the root directory if it doesn't exists
if err := system.MkdirAll(config.Root, 0700); err != nil {
return nil, err
}
// set up the tmpDir to use a canonical path
tmp, err := tempDir(config.Root)
if err != nil {
return nil, fmt.Errorf("Unable to get the TempDir under %s: %s", config.Root, err)
}
realTmp, err := fileutils.ReadSymlinkedDirectory(tmp)
if err != nil {
return nil, fmt.Errorf("Unable to get the full path to the TempDir (%s): %s", tmp, err)
}
os.Setenv("TMPDIR", realTmp)
// Set the default driver
graphdriver.DefaultDriver = config.GraphDriver
// Load storage driver
driver, err := graphdriver.New(config.Root, config.GraphOptions)
if err != nil {
return nil, fmt.Errorf("error initializing graphdriver: %v", err)
}
logrus.Debugf("Using graph driver %s", driver)
d := &Daemon{}
d.driver = driver
// Ensure the graph driver is shutdown at a later point
defer func() {
if err != nil {
if err := d.Shutdown(); err != nil {
logrus.Error(err)
}
}
}()
// Verify logging driver type
if config.LogConfig.Type != "none" {
if _, err := logger.GetLogDriver(config.LogConfig.Type); err != nil {
return nil, fmt.Errorf("error finding the logging driver: %v", err)
}
}
logrus.Debugf("Using default logging driver %s", config.LogConfig.Type)
// Configure and validate the kernels security support
if err := configureKernelSecuritySupport(config, d.driver.String()); err != nil {
return nil, err
}
daemonRepo := filepath.Join(config.Root, "containers")
if err := system.MkdirAll(daemonRepo, 0700); err != nil {
return nil, err
}
// Migrate the container if it is aufs and aufs is enabled
if err := migrateIfDownlevel(d.driver, config.Root); err != nil {
return nil, err
}
logrus.Debug("Creating images graph")
g, err := graph.NewGraph(filepath.Join(config.Root, "graph"), d.driver)
if err != nil {
return nil, err
}
// Configure the volumes driver
if err := configureVolumes(config); err != nil {
return nil, err
}
trustKey, err := api.LoadOrCreateTrustKey(config.TrustKeyPath)
if err != nil {
return nil, err
}
trustDir := filepath.Join(config.Root, "trust")
if err := system.MkdirAll(trustDir, 0700); err != nil {
return nil, err
}
trustService, err := trust.NewTrustStore(trustDir)
if err != nil {
return nil, fmt.Errorf("could not create trust store: %s", err)
}
eventsService := events.New()
logrus.Debug("Creating repository list")
tagCfg := &graph.TagStoreConfig{
Graph: g,
Key: trustKey,
Registry: registryService,
Events: eventsService,
Trust: trustService,
}
repositories, err := graph.NewTagStore(filepath.Join(config.Root, "repositories-"+d.driver.String()), tagCfg)
if err != nil {
return nil, fmt.Errorf("Couldn't create Tag store repositories-%s: %s", d.driver.String(), err)
}
d.netController, err = initNetworkController(config)
if err != nil {
return nil, fmt.Errorf("Error initializing network controller: %v", err)
}
graphdbPath := filepath.Join(config.Root, "linkgraph.db")
graph, err := graphdb.NewSqliteConn(graphdbPath)
if err != nil {
return nil, err
}
d.containerGraph = graph
var sysInitPath string
if config.ExecDriver == "lxc" {
initPath, err := configureSysInit(config)
if err != nil {
return nil, err
}
sysInitPath = initPath
}
sysInfo := sysinfo.New(false)
// Check if Devices cgroup is mounted, it is hard requirement for container security,
// on Linux/FreeBSD.
if runtime.GOOS != "windows" && !sysInfo.CgroupDevicesEnabled {
return nil, fmt.Errorf("Devices cgroup isn't mounted")
}
ed, err := execdrivers.NewDriver(config.ExecDriver, config.ExecOptions, config.ExecRoot, config.Root, sysInitPath, sysInfo)
if err != nil {
return nil, err
}
d.ID = trustKey.PublicKey().KeyID()
d.repository = daemonRepo
d.containers = &contStore{s: make(map[string]*Container)}
d.execCommands = newExecStore()
d.graph = g
d.repositories = repositories
d.idIndex = truncindex.NewTruncIndex([]string{})
d.sysInfo = sysInfo
d.config = config
d.sysInitPath = sysInitPath
d.execDriver = ed
d.statsCollector = newStatsCollector(1 * time.Second)
d.defaultLogConfig = config.LogConfig
d.RegistryService = registryService
d.EventsService = eventsService
d.root = config.Root
go d.execCommandGC()
if err := d.restore(); err != nil {
return nil, err
}
return d, nil
}
func wireVolumeCreator(logger lager.Logger, graphRoot string) *rootfs_provider.CakeOrdinator {
logger = logger.Session("volume-creator", lager.Data{"graphRoot": graphRoot})
runner := &logging.Runner{CommandRunner: linux_command_runner.New(), Logger: logger}
if err := os.MkdirAll(graphRoot, 0755); err != nil {
logger.Fatal("failed-to-create-graph-directory", err)
}
dockerGraphDriver, err := graphdriver.New(graphRoot, nil)
if err != nil {
logger.Fatal("failed-to-construct-graph-driver", err)
}
backingStoresPath := filepath.Join(graphRoot, "backing_stores")
if err := os.MkdirAll(backingStoresPath, 0660); err != nil {
logger.Fatal("failed-to-mkdir-backing-stores", err)
}
graphRetrier := &retrier.Retrier{
Timeout: 100 * time.Second,
PollingInterval: 500 * time.Millisecond,
Clock: clock.NewClock(),
}
quotaedGraphDriver := "aed_aufs.QuotaedDriver{
GraphDriver: dockerGraphDriver,
Unmount: quotaed_aufs.Unmount,
BackingStoreMgr: "aed_aufs.BackingStore{
RootPath: backingStoresPath,
Logger: logger.Session("backing-store-mgr"),
},
LoopMounter: "aed_aufs.Loop{
Retrier: graphRetrier,
Logger: logger.Session("loop-mounter"),
},
Retrier: graphRetrier,
RootPath: graphRoot,
Logger: logger.Session("quotaed-driver"),
}
dockerGraph, err := graph.NewGraph(graphRoot, quotaedGraphDriver)
if err != nil {
logger.Fatal("failed-to-construct-graph", err)
}
var cake layercake.Cake = &layercake.Docker{
Graph: dockerGraph,
Driver: quotaedGraphDriver,
}
if cake.DriverName() == "aufs" {
cake = &layercake.AufsCake{
Cake: cake,
Runner: runner,
GraphRoot: graphRoot,
}
}
repoFetcher := &repository_fetcher.CompositeFetcher{
LocalFetcher: &repository_fetcher.Local{
Cake: cake,
DefaultRootFSPath: *rootFSPath,
IDProvider: repository_fetcher.LayerIDProvider{},
},
}
maxId := sysinfo.Min(sysinfo.MustGetMaxValidUID(), sysinfo.MustGetMaxValidGID())
mappingList := rootfs_provider.MappingList{
{
FromID: 0,
ToID: maxId,
Size: 1,
},
{
FromID: 1,
ToID: 1,
Size: maxId - 1,
},
}
rootFSNamespacer := &rootfs_provider.UidNamespacer{
Logger: logger,
Translator: rootfs_provider.NewUidTranslator(
mappingList, // uid
mappingList, // gid
),
}
layerCreator := rootfs_provider.NewLayerCreator(
cake, rootfs_provider.SimpleVolumeCreator{}, rootFSNamespacer)
cakeOrdinator := rootfs_provider.NewCakeOrdinator(
cake, repoFetcher, layerCreator, nil, logger.Session("cake-ordinator"),
)
return cakeOrdinator
}
func NewDaemonFromDirectory(config *Config, eng *engine.Engine) (*Daemon, error) {
if config.Mtu == 0 {
config.Mtu = getDefaultNetworkMtu()
}
// Check for mutually incompatible config options
if config.BridgeIface != "" && config.BridgeIP != "" {
return nil, fmt.Errorf("You specified -b & --bip, mutually exclusive options. Please specify only one.")
}
if !config.EnableIptables && !config.InterContainerCommunication {
return nil, fmt.Errorf("You specified --iptables=false with --icc=false. ICC uses iptables to function. Please set --icc or --iptables to true.")
}
if !config.EnableIptables && config.EnableIpMasq {
config.EnableIpMasq = false
}
config.DisableNetwork = config.BridgeIface == disableNetworkBridge
// Claim the pidfile first, to avoid any and all unexpected race conditions.
// Some of the init doesn't need a pidfile lock - but let's not try to be smart.
if config.Pidfile != "" {
if err := utils.CreatePidFile(config.Pidfile); err != nil {
return nil, err
}
eng.OnShutdown(func() {
// Always release the pidfile last, just in case
utils.RemovePidFile(config.Pidfile)
})
}
// Check that the system is supported and we have sufficient privileges
if runtime.GOOS != "linux" {
return nil, fmt.Errorf("The Docker daemon is only supported on linux")
}
if os.Geteuid() != 0 {
return nil, fmt.Errorf("The Docker daemon needs to be run as root")
}
if err := checkKernelAndArch(); err != nil {
return nil, err
}
// set up the TempDir to use a canonical path
tmp, err := utils.TempDir(config.Root)
if err != nil {
return nil, fmt.Errorf("Unable to get the TempDir under %s: %s", config.Root, err)
}
realTmp, err := utils.ReadSymlinkedDirectory(tmp)
if err != nil {
return nil, fmt.Errorf("Unable to get the full path to the TempDir (%s): %s", tmp, err)
}
os.Setenv("TMPDIR", realTmp)
if !config.EnableSelinuxSupport {
selinuxSetDisabled()
}
// get the canonical path to the Docker root directory
var realRoot string
if _, err := os.Stat(config.Root); err != nil && os.IsNotExist(err) {
realRoot = config.Root
} else {
realRoot, err = utils.ReadSymlinkedDirectory(config.Root)
if err != nil {
return nil, fmt.Errorf("Unable to get the full path to root (%s): %s", config.Root, err)
}
}
config.Root = realRoot
// Create the root directory if it doesn't exists
if err := os.MkdirAll(config.Root, 0700); err != nil && !os.IsExist(err) {
return nil, err
}
// Set the default driver
graphdriver.DefaultDriver = config.GraphDriver
// Load storage driver
driver, err := graphdriver.New(config.Root, config.GraphOptions)
if err != nil {
return nil, err
}
log.Debugf("Using graph driver %s", driver)
// As Docker on btrfs and SELinux are incompatible at present, error on both being enabled
if selinuxEnabled() && config.EnableSelinuxSupport && driver.String() == "btrfs" {
return nil, fmt.Errorf("SELinux is not supported with the BTRFS graph driver!")
}
daemonRepo := path.Join(config.Root, "containers")
if err := os.MkdirAll(daemonRepo, 0700); err != nil && !os.IsExist(err) {
return nil, err
}
// Migrate the container if it is aufs and aufs is enabled
if err = migrateIfAufs(driver, config.Root); err != nil {
return nil, err
}
log.Debugf("Creating images graph")
g, err := graph.NewGraph(path.Join(config.Root, "graph"), driver)
if err != nil {
return nil, err
}
volumesDriver, err := graphdriver.GetDriver("vfs", config.Root, config.GraphOptions)
if err != nil {
return nil, err
}
volumes, err := volumes.NewRepository(path.Join(config.Root, "volumes"), volumesDriver)
if err != nil {
return nil, err
}
trustKey, err := api.LoadOrCreateTrustKey(config.TrustKeyPath)
if err != nil {
return nil, err
}
log.Debugf("Creating repository list")
repositories, err := graph.NewTagStore(path.Join(config.Root, "repositories-"+driver.String()), g, trustKey)
if err != nil {
return nil, fmt.Errorf("Couldn't create Tag store: %s", err)
}
trustDir := path.Join(config.Root, "trust")
if err := os.MkdirAll(trustDir, 0700); err != nil && !os.IsExist(err) {
return nil, err
}
t, err := trust.NewTrustStore(trustDir)
if err != nil {
return nil, fmt.Errorf("could not create trust store: %s", err)
}
if !config.DisableNetwork {
job := eng.Job("init_networkdriver")
job.SetenvBool("EnableIptables", config.EnableIptables)
job.SetenvBool("InterContainerCommunication", config.InterContainerCommunication)
job.SetenvBool("EnableIpForward", config.EnableIpForward)
job.SetenvBool("EnableIpMasq", config.EnableIpMasq)
job.SetenvBool("EnableIPv6", config.EnableIPv6)
job.Setenv("BridgeIface", config.BridgeIface)
job.Setenv("BridgeIP", config.BridgeIP)
job.Setenv("FixedCIDR", config.FixedCIDR)
job.Setenv("FixedCIDRv6", config.FixedCIDRv6)
job.Setenv("DefaultBindingIP", config.DefaultIp.String())
if err := job.Run(); err != nil {
return nil, err
}
}
graphdbPath := path.Join(config.Root, "linkgraph.db")
graph, err := graphdb.NewSqliteConn(graphdbPath)
if err != nil {
return nil, err
}
localCopy := path.Join(config.Root, "init", fmt.Sprintf("dockerinit-%s", dockerversion.VERSION))
sysInitPath := utils.DockerInitPath(localCopy)
if sysInitPath == "" {
return nil, fmt.Errorf("Could not locate dockerinit: This usually means docker was built incorrectly. See http://docs.docker.com/contributing/devenvironment for official build instructions.")
}
if sysInitPath != localCopy {
// When we find a suitable dockerinit binary (even if it's our local binary), we copy it into config.Root at localCopy for future use (so that the original can go away without that being a problem, for example during a package upgrade).
if err := os.Mkdir(path.Dir(localCopy), 0700); err != nil && !os.IsExist(err) {
return nil, err
}
if _, err := utils.CopyFile(sysInitPath, localCopy); err != nil {
return nil, err
}
if err := os.Chmod(localCopy, 0700); err != nil {
return nil, err
}
sysInitPath = localCopy
}
sysInfo := sysinfo.New(false)
ed, err := execdrivers.NewDriver(config.ExecDriver, config.Root, sysInitPath, sysInfo)
if err != nil {
return nil, err
}
daemon := &Daemon{
ID: trustKey.PublicKey().KeyID(),
repository: daemonRepo,
containers: &contStore{s: make(map[string]*Container)},
execCommands: newExecStore(),
graph: g,
repositories: repositories,
idIndex: truncindex.NewTruncIndex([]string{}),
sysInfo: sysInfo,
volumes: volumes,
config: config,
containerGraph: graph,
driver: driver,
sysInitPath: sysInitPath,
execDriver: ed,
eng: eng,
trustStore: t,
}
if err := daemon.restore(); err != nil {
return nil, err
}
// set up filesystem watch on resolv.conf for network changes
if err := daemon.setupResolvconfWatcher(); err != nil {
return nil, err
}
// Setup shutdown handlers
// FIXME: can these shutdown handlers be registered closer to their source?
eng.OnShutdown(func() {
// FIXME: if these cleanup steps can be called concurrently, register
// them as separate handlers to speed up total shutdown time
if err := daemon.shutdown(); err != nil {
log.Errorf("daemon.shutdown(): %s", err)
}
if err := portallocator.ReleaseAll(); err != nil {
log.Errorf("portallocator.ReleaseAll(): %s", err)
}
if err := daemon.driver.Cleanup(); err != nil {
log.Errorf("daemon.driver.Cleanup(): %s", err.Error())
}
if err := daemon.containerGraph.Close(); err != nil {
log.Errorf("daemon.containerGraph.Close(): %s", err.Error())
}
})
return daemon, nil
}
func NewDaemonFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*Daemon, error) {
if runtime.GOOS != "linux" {
log.Fatalf("The Docker daemon is only supported on linux")
}
if os.Geteuid() != 0 {
log.Fatalf("The Docker daemon needs to be run as root")
}
if err := checkKernelAndArch(); err != nil {
log.Fatal(err)
}
// set up the TempDir to use a canonical path
tmp, err := utils.TempDir(config.Root)
if err != nil {
log.Fatalf("Unable to get the TempDir under %s: %s", config.Root, err)
}
realTmp, err := utils.ReadSymlinkedDirectory(tmp)
if err != nil {
log.Fatalf("Unable to get the full path to the TempDir (%s): %s", tmp, err)
}
os.Setenv("TMPDIR", realTmp)
if !config.EnableSelinuxSupport {
selinuxSetDisabled()
}
// get the canonical path to the Docker root directory
var realRoot string
if _, err := os.Stat(config.Root); err != nil && os.IsNotExist(err) {
realRoot = config.Root
} else {
realRoot, err = utils.ReadSymlinkedDirectory(config.Root)
if err != nil {
log.Fatalf("Unable to get the full path to root (%s): %s", config.Root, err)
}
}
config.Root = realRoot
// Create the root directory if it doesn't exists
if err := os.MkdirAll(config.Root, 0700); err != nil && !os.IsExist(err) {
return nil, err
}
// Set the default driver
graphdriver.DefaultDriver = config.GraphDriver
// Load storage driver
driver, err := graphdriver.New(config.Root, config.GraphOptions)
if err != nil {
return nil, err
}
utils.Debugf("Using graph driver %s", driver)
// As Docker on btrfs and SELinux are incompatible at present, error on both being enabled
if config.EnableSelinuxSupport && driver.String() == "btrfs" {
return nil, fmt.Errorf("SELinux is not supported with the BTRFS graph driver!")
}
daemonRepo := path.Join(config.Root, "containers")
if err := os.MkdirAll(daemonRepo, 0700); err != nil && !os.IsExist(err) {
return nil, err
}
// Migrate the container if it is aufs and aufs is enabled
if err = migrateIfAufs(driver, config.Root); err != nil {
return nil, err
}
utils.Debugf("Creating images graph")
g, err := graph.NewGraph(path.Join(config.Root, "graph"), driver)
if err != nil {
return nil, err
}
// We don't want to use a complex driver like aufs or devmapper
// for volumes, just a plain filesystem
volumesDriver, err := graphdriver.GetDriver("vfs", config.Root, config.GraphOptions)
if err != nil {
return nil, err
}
utils.Debugf("Creating volumes graph")
volumes, err := graph.NewGraph(path.Join(config.Root, "volumes"), volumesDriver)
if err != nil {
return nil, err
}
utils.Debugf("Creating repository list")
repositories, err := graph.NewTagStore(path.Join(config.Root, "repositories-"+driver.String()), g)
if err != nil {
return nil, fmt.Errorf("Couldn't create Tag store: %s", err)
}
if !config.DisableNetwork {
job := eng.Job("init_networkdriver")
job.SetenvBool("EnableIptables", config.EnableIptables)
job.SetenvBool("InterContainerCommunication", config.InterContainerCommunication)
job.SetenvBool("EnableIpForward", config.EnableIpForward)
job.Setenv("BridgeIface", config.BridgeIface)
job.Setenv("BridgeIP", config.BridgeIP)
job.Setenv("DefaultBindingIP", config.DefaultIp.String())
if err := job.Run(); err != nil {
return nil, err
}
}
graphdbPath := path.Join(config.Root, "linkgraph.db")
graph, err := graphdb.NewSqliteConn(graphdbPath)
if err != nil {
return nil, err
}
localCopy := path.Join(config.Root, "init", fmt.Sprintf("dockerinit-%s", dockerversion.VERSION))
sysInitPath := utils.DockerInitPath(localCopy)
if sysInitPath == "" {
return nil, fmt.Errorf("Could not locate dockerinit: This usually means docker was built incorrectly. See http://docs.docker.com/contributing/devenvironment for official build instructions.")
}
if sysInitPath != localCopy {
// When we find a suitable dockerinit binary (even if it's our local binary), we copy it into config.Root at localCopy for future use (so that the original can go away without that being a problem, for example during a package upgrade).
if err := os.Mkdir(path.Dir(localCopy), 0700); err != nil && !os.IsExist(err) {
return nil, err
}
if _, err := utils.CopyFile(sysInitPath, localCopy); err != nil {
return nil, err
}
if err := os.Chmod(localCopy, 0700); err != nil {
return nil, err
}
sysInitPath = localCopy
}
sysInfo := sysinfo.New(false)
ed, err := execdrivers.NewDriver(config.ExecDriver, config.Root, sysInitPath, sysInfo)
if err != nil {
return nil, err
}
daemon := &Daemon{
repository: daemonRepo,
containers: &contStore{s: make(map[string]*Container)},
graph: g,
repositories: repositories,
idIndex: truncindex.NewTruncIndex([]string{}),
sysInfo: sysInfo,
volumes: volumes,
config: config,
containerGraph: graph,
driver: driver,
sysInitPath: sysInitPath,
execDriver: ed,
eng: eng,
Sockets: config.Sockets,
}
if err := daemon.checkLocaldns(); err != nil {
return nil, err
}
if err := daemon.restore(); err != nil {
return nil, err
}
return daemon, nil
}
func NewDaemon(config *Config, registryService *registry.Service) (daemon *Daemon, err error) {
// Check for mutually incompatible config options
if config.Bridge.Iface != "" && config.Bridge.IP != "" {
return nil, fmt.Errorf("You specified -b & --bip, mutually exclusive options. Please specify only one.")
}
setDefaultMtu(config)
if !config.Bridge.EnableIPTables && !config.Bridge.InterContainerCommunication {
return nil, fmt.Errorf("You specified --iptables=false with --icc=false. ICC uses iptables to function. Please set --icc or --iptables to true.")
}
if !config.Bridge.EnableIPTables && config.Bridge.EnableIPMasq {
config.Bridge.EnableIPMasq = false
}
config.DisableNetwork = config.Bridge.Iface == disableNetworkBridge
// Check that the system is supported and we have sufficient privileges
if runtime.GOOS != "linux" {
return nil, fmt.Errorf("The Docker daemon is only supported on linux")
}
if os.Geteuid() != 0 {
return nil, fmt.Errorf("The Docker daemon needs to be run as root")
}
if err := checkKernel(); err != nil {
return nil, err
}
// set up SIGUSR1 handler to dump Go routine stacks
setupSigusr1Trap()
// set up the tmpDir to use a canonical path
tmp, err := tempDir(config.Root)
if err != nil {
return nil, fmt.Errorf("Unable to get the TempDir under %s: %s", config.Root, err)
}
realTmp, err := fileutils.ReadSymlinkedDirectory(tmp)
if err != nil {
return nil, fmt.Errorf("Unable to get the full path to the TempDir (%s): %s", tmp, err)
}
os.Setenv("TMPDIR", realTmp)
// get the canonical path to the Docker root directory
var realRoot string
if _, err := os.Stat(config.Root); err != nil && os.IsNotExist(err) {
realRoot = config.Root
} else {
realRoot, err = fileutils.ReadSymlinkedDirectory(config.Root)
if err != nil {
return nil, fmt.Errorf("Unable to get the full path to root (%s): %s", config.Root, err)
}
}
config.Root = realRoot
// Create the root directory if it doesn't exists
if err := os.MkdirAll(config.Root, 0700); err != nil && !os.IsExist(err) {
return nil, err
}
// Set the default driver
graphdriver.DefaultDriver = config.GraphDriver
// Load storage driver
driver, err := graphdriver.New(config.Root, config.GraphOptions)
if err != nil {
return nil, fmt.Errorf("error initializing graphdriver: %v", err)
}
logrus.Debugf("Using graph driver %s", driver)
d := &Daemon{}
d.driver = driver
defer func() {
if err != nil {
if err := d.Shutdown(); err != nil {
logrus.Error(err)
}
}
}()
// Verify logging driver type
if config.LogConfig.Type != "none" {
if _, err := logger.GetLogDriver(config.LogConfig.Type); err != nil {
return nil, fmt.Errorf("error finding the logging driver: %v", err)
}
}
logrus.Debugf("Using default logging driver %s", config.LogConfig.Type)
if config.EnableSelinuxSupport {
if selinuxEnabled() {
// As Docker on btrfs and SELinux are incompatible at present, error on both being enabled
if d.driver.String() == "btrfs" {
return nil, fmt.Errorf("SELinux is not supported with the BTRFS graph driver")
}
logrus.Debug("SELinux enabled successfully")
} else {
logrus.Warn("Docker could not enable SELinux on the host system")
}
} else {
selinuxSetDisabled()
}
daemonRepo := path.Join(config.Root, "containers")
if err := os.MkdirAll(daemonRepo, 0700); err != nil && !os.IsExist(err) {
return nil, err
}
// Migrate the container if it is aufs and aufs is enabled
if err := migrateIfAufs(d.driver, config.Root); err != nil {
return nil, err
}
logrus.Debug("Creating images graph")
g, err := graph.NewGraph(path.Join(config.Root, "graph"), d.driver)
if err != nil {
return nil, err
}
volumesDriver, err := local.New(config.Root)
if err != nil {
return nil, err
}
volumedrivers.Register(volumesDriver, volumesDriver.Name())
trustKey, err := api.LoadOrCreateTrustKey(config.TrustKeyPath)
if err != nil {
return nil, err
}
trustDir := path.Join(config.Root, "trust")
if err := os.MkdirAll(trustDir, 0700); err != nil && !os.IsExist(err) {
return nil, err
}
trustService, err := trust.NewTrustStore(trustDir)
if err != nil {
return nil, fmt.Errorf("could not create trust store: %s", err)
}
eventsService := events.New()
logrus.Debug("Creating repository list")
tagCfg := &graph.TagStoreConfig{
Graph: g,
Key: trustKey,
Registry: registryService,
Events: eventsService,
Trust: trustService,
}
repositories, err := graph.NewTagStore(path.Join(config.Root, "repositories-"+d.driver.String()), tagCfg)
if err != nil {
return nil, fmt.Errorf("Couldn't create Tag store: %s", err)
}
if !config.DisableNetwork {
d.netController, err = initNetworkController(config)
if err != nil {
return nil, fmt.Errorf("Error initializing network controller: %v", err)
}
}
graphdbPath := path.Join(config.Root, "linkgraph.db")
graph, err := graphdb.NewSqliteConn(graphdbPath)
if err != nil {
return nil, err
}
d.containerGraph = graph
localCopy := path.Join(config.Root, "init", fmt.Sprintf("dockerinit-%s", dockerversion.VERSION))
sysInitPath := utils.DockerInitPath(localCopy)
if sysInitPath == "" {
return nil, fmt.Errorf("Could not locate dockerinit: This usually means docker was built incorrectly. See https://docs.docker.com/contributing/devenvironment for official build instructions.")
}
if sysInitPath != localCopy {
// When we find a suitable dockerinit binary (even if it's our local binary), we copy it into config.Root at localCopy for future use (so that the original can go away without that being a problem, for example during a package upgrade).
if err := os.Mkdir(path.Dir(localCopy), 0700); err != nil && !os.IsExist(err) {
return nil, err
}
if _, err := fileutils.CopyFile(sysInitPath, localCopy); err != nil {
return nil, err
}
if err := os.Chmod(localCopy, 0700); err != nil {
return nil, err
}
sysInitPath = localCopy
}
sysInfo := sysinfo.New(false)
ed, err := execdrivers.NewDriver(config.ExecDriver, config.ExecOptions, config.ExecRoot, config.Root, sysInitPath, sysInfo)
if err != nil {
return nil, err
}
d.ID = trustKey.PublicKey().KeyID()
d.repository = daemonRepo
d.containers = &contStore{s: make(map[string]*Container)}
d.execCommands = newExecStore()
d.graph = g
d.repositories = repositories
d.idIndex = truncindex.NewTruncIndex([]string{})
d.sysInfo = sysInfo
d.config = config
d.sysInitPath = sysInitPath
d.execDriver = ed
d.statsCollector = newStatsCollector(1 * time.Second)
d.defaultLogConfig = config.LogConfig
d.RegistryService = registryService
d.EventsService = eventsService
d.root = config.Root
if err := d.restore(); err != nil {
return nil, err
}
return d, nil
}
func (cmd *GuardianCommand) wireVolumeCreator(logger lager.Logger, graphRoot string, insecureRegistries, persistentImages []string) gardener.VolumeCreator {
if graphRoot == "" {
return gardener.NoopVolumeCreator{}
}
if cmd.Bin.ImagePlugin.Path() != "" {
defaultRootFS, err := url.Parse(cmd.Containers.DefaultRootFSDir.Path())
if err != nil {
logger.Fatal("failed-to-parse-default-rootfs", err)
}
return imageplugin.New(cmd.Bin.ImagePlugin.Path(), linux_command_runner.New(), defaultRootFS, idMappings)
}
logger = logger.Session("volume-creator", lager.Data{"graphRoot": graphRoot})
runner := &logging.Runner{CommandRunner: linux_command_runner.New(), Logger: logger}
if err := os.MkdirAll(graphRoot, 0755); err != nil {
logger.Fatal("failed-to-create-graph-directory", err)
}
dockerGraphDriver, err := graphdriver.New(graphRoot, nil)
if err != nil {
logger.Fatal("failed-to-construct-graph-driver", err)
}
backingStoresPath := filepath.Join(graphRoot, "backing_stores")
if err := os.MkdirAll(backingStoresPath, 0660); err != nil {
logger.Fatal("failed-to-mkdir-backing-stores", err)
}
quotaedGraphDriver := "aed_aufs.QuotaedDriver{
GraphDriver: dockerGraphDriver,
Unmount: quotaed_aufs.Unmount,
BackingStoreMgr: "aed_aufs.BackingStore{
RootPath: backingStoresPath,
Logger: logger.Session("backing-store-mgr"),
},
LoopMounter: "aed_aufs.Loop{
Retrier: retrier.New(retrier.ConstantBackoff(200, 500*time.Millisecond), nil),
Logger: logger.Session("loop-mounter"),
},
Retrier: retrier.New(retrier.ConstantBackoff(200, 500*time.Millisecond), nil),
RootPath: graphRoot,
Logger: logger.Session("quotaed-driver"),
}
dockerGraph, err := graph.NewGraph(graphRoot, quotaedGraphDriver)
if err != nil {
logger.Fatal("failed-to-construct-graph", err)
}
var cake layercake.Cake = &layercake.Docker{
Graph: dockerGraph,
Driver: quotaedGraphDriver,
}
if cake.DriverName() == "aufs" {
cake = &layercake.AufsCake{
Cake: cake,
Runner: runner,
GraphRoot: graphRoot,
}
}
repoFetcher := repository_fetcher.Retryable{
RepositoryFetcher: &repository_fetcher.CompositeFetcher{
LocalFetcher: &repository_fetcher.Local{
Cake: cake,
DefaultRootFSPath: cmd.Containers.DefaultRootFSDir.Path(),
IDProvider: repository_fetcher.LayerIDProvider{},
},
RemoteFetcher: repository_fetcher.NewRemote(
logger,
cmd.Docker.Registry,
cake,
distclient.NewDialer(insecureRegistries),
repository_fetcher.VerifyFunc(repository_fetcher.Verify),
),
},
Logger: logger,
}
rootFSNamespacer := &rootfs_provider.UidNamespacer{
Translator: rootfs_provider.NewUidTranslator(
idMappings, // uid
idMappings, // gid
),
}
retainer := cleaner.NewRetainer()
ovenCleaner := cleaner.NewOvenCleaner(retainer,
cleaner.NewThreshold(int64(cmd.Graph.CleanupThresholdInMegabytes)*1024*1024),
)
imageRetainer := &repository_fetcher.ImageRetainer{
GraphRetainer: retainer,
DirectoryRootfsIDProvider: repository_fetcher.LayerIDProvider{},
DockerImageIDFetcher: repoFetcher,
NamespaceCacheKey: rootFSNamespacer.CacheKey(),
Logger: logger,
}
// spawn off in a go function to avoid blocking startup
// worst case is if an image is immediately created and deleted faster than
// we can retain it we'll garbage collect it when we shouldn't. This
// is an OK trade-off for not having garden startup block on dockerhub.
go imageRetainer.Retain(persistentImages)
layerCreator := rootfs_provider.NewLayerCreator(cake, rootfs_provider.SimpleVolumeCreator{}, rootFSNamespacer)
quotaManager := "a_manager.AUFSQuotaManager{
BaseSizer: quota_manager.NewAUFSBaseSizer(cake),
DiffSizer: "a_manager.AUFSDiffSizer{
AUFSDiffPathFinder: quotaedGraphDriver,
},
}
return rootfs_provider.NewCakeOrdinator(cake,
repoFetcher,
layerCreator,
rootfs_provider.NewMetricsAdapter(quotaManager.GetUsage, quotaedGraphDriver.GetMntPath),
ovenCleaner)
}
// NewDaemon sets up everything for the daemon to be able to service
// requests from the webserver.
func NewDaemon(config *Config, registryService *registry.Service) (daemon *Daemon, err error) {
setDefaultMtu(config)
// Ensure we have compatible configuration options
if err := checkConfigOptions(config); err != nil {
return nil, err
}
// Do we have a disabled network?
config.DisableBridge = isBridgeNetworkDisabled(config)
// Verify the platform is supported as a daemon
if !platformSupported {
return nil, errSystemNotSupported
}
// Validate platform-specific requirements
if err := checkSystem(); err != nil {
return nil, err
}
// set up SIGUSR1 handler on Unix-like systems, or a Win32 global event
// on Windows to dump Go routine stacks
setupDumpStackTrap()
uidMaps, gidMaps, err := setupRemappedRoot(config)
if err != nil {
return nil, err
}
rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
if err != nil {
return nil, err
}
// get the canonical path to the Docker root directory
var realRoot string
if _, err := os.Stat(config.Root); err != nil && os.IsNotExist(err) {
realRoot = config.Root
} else {
realRoot, err = fileutils.ReadSymlinkedDirectory(config.Root)
if err != nil {
return nil, fmt.Errorf("Unable to get the full path to root (%s): %s", config.Root, err)
}
}
if err = setupDaemonRoot(config, realRoot, rootUID, rootGID); err != nil {
return nil, err
}
// set up the tmpDir to use a canonical path
tmp, err := tempDir(config.Root, rootUID, rootGID)
if err != nil {
return nil, fmt.Errorf("Unable to get the TempDir under %s: %s", config.Root, err)
}
realTmp, err := fileutils.ReadSymlinkedDirectory(tmp)
if err != nil {
return nil, fmt.Errorf("Unable to get the full path to the TempDir (%s): %s", tmp, err)
}
os.Setenv("TMPDIR", realTmp)
// Set the default driver
graphdriver.DefaultDriver = config.GraphDriver
// Load storage driver
driver, err := graphdriver.New(config.Root, config.GraphOptions, uidMaps, gidMaps)
if err != nil {
return nil, fmt.Errorf("error initializing graphdriver: %v", err)
}
logrus.Debugf("Using graph driver %s", driver)
d := &Daemon{}
d.driver = driver
// Ensure the graph driver is shutdown at a later point
defer func() {
if err != nil {
if err := d.Shutdown(); err != nil {
logrus.Error(err)
}
}
}()
// Verify logging driver type
if config.LogConfig.Type != "none" {
if _, err := logger.GetLogDriver(config.LogConfig.Type); err != nil {
return nil, fmt.Errorf("error finding the logging driver: %v", err)
}
}
logrus.Debugf("Using default logging driver %s", config.LogConfig.Type)
// Configure and validate the kernels security support
if err := configureKernelSecuritySupport(config, d.driver.String()); err != nil {
return nil, err
}
daemonRepo := filepath.Join(config.Root, "containers")
if err := idtools.MkdirAllAs(daemonRepo, 0700, rootUID, rootGID); err != nil && !os.IsExist(err) {
return nil, err
}
// Migrate the container if it is aufs and aufs is enabled
if err := migrateIfDownlevel(d.driver, config.Root); err != nil {
return nil, err
}
logrus.Debug("Creating images graph")
g, err := graph.NewGraph(filepath.Join(config.Root, "graph"), d.driver, uidMaps, gidMaps)
if err != nil {
return nil, err
}
// Configure the volumes driver
volStore, err := configureVolumes(config, rootUID, rootGID)
if err != nil {
return nil, err
}
trustKey, err := api.LoadOrCreateTrustKey(config.TrustKeyPath)
if err != nil {
return nil, err
}
trustDir := filepath.Join(config.Root, "trust")
if err := system.MkdirAll(trustDir, 0700); err != nil {
return nil, err
}
eventsService := events.New()
logrus.Debug("Creating repository list")
tagCfg := &graph.TagStoreConfig{
Graph: g,
Key: trustKey,
Registry: registryService,
Events: eventsService,
}
repositories, err := graph.NewTagStore(filepath.Join(config.Root, "repositories-"+d.driver.String()), tagCfg)
if err != nil {
return nil, fmt.Errorf("Couldn't create Tag store repositories-%s: %s", d.driver.String(), err)
}
if restorer, ok := d.driver.(graphdriver.ImageRestorer); ok {
if _, err := restorer.RestoreCustomImages(repositories, g); err != nil {
return nil, fmt.Errorf("Couldn't restore custom images: %s", err)
}
}
// Discovery is only enabled when the daemon is launched with an address to advertise. When
// initialized, the daemon is registered and we can store the discovery backend as its read-only
// DiscoveryWatcher version.
if config.ClusterStore != "" && config.ClusterAdvertise != "" {
advertise, err := discovery.ParseAdvertise(config.ClusterStore, config.ClusterAdvertise)
if err != nil {
return nil, fmt.Errorf("discovery advertise parsing failed (%v)", err)
}
config.ClusterAdvertise = advertise
d.discoveryWatcher, err = initDiscovery(config.ClusterStore, config.ClusterAdvertise, config.ClusterOpts)
if err != nil {
return nil, fmt.Errorf("discovery initialization failed (%v)", err)
}
} else if config.ClusterAdvertise != "" {
return nil, fmt.Errorf("invalid cluster configuration. --cluster-advertise must be accompanied by --cluster-store configuration")
}
d.netController, err = d.initNetworkController(config)
if err != nil {
return nil, fmt.Errorf("Error initializing network controller: %v", err)
}
graphdbPath := filepath.Join(config.Root, "linkgraph.db")
graph, err := graphdb.NewSqliteConn(graphdbPath)
if err != nil {
return nil, err
}
d.containerGraphDB = graph
var sysInitPath string
sysInfo := sysinfo.New(false)
// Check if Devices cgroup is mounted, it is hard requirement for container security,
// on Linux/FreeBSD.
if runtime.GOOS != "windows" && !sysInfo.CgroupDevicesEnabled {
return nil, fmt.Errorf("Devices cgroup isn't mounted")
}
ed, err := execdrivers.NewDriver(config.ExecOptions, config.ExecRoot, config.Root, sysInitPath, sysInfo)
if err != nil {
return nil, err
}
d.ID = trustKey.PublicKey().KeyID()
d.repository = daemonRepo
d.containers = &contStore{s: make(map[string]*Container)}
d.execCommands = newExecStore()
d.graph = g
d.repositories = repositories
d.idIndex = truncindex.NewTruncIndex([]string{})
d.configStore = config
d.sysInitPath = sysInitPath
d.execDriver = ed
d.statsCollector = d.newStatsCollector(1 * time.Second)
d.defaultLogConfig = config.LogConfig
d.RegistryService = registryService
d.EventsService = eventsService
d.volumes = volStore
d.root = config.Root
d.uidMaps = uidMaps
d.gidMaps = gidMaps
if err := d.cleanupMounts(); err != nil {
return nil, err
}
go d.execCommandGC()
if err := d.restore(); err != nil {
return nil, err
}
return d, nil
}
func NewDaemon(config *Config, registryService *registry.Service) (daemon *Daemon, err error) {
uidMaps, gidMaps, err := setupRemappedRoot(config)
if err != nil {
return nil, err
}
rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)
if err != nil {
return nil, err
}
// get the canonical path to the Docker root directory
var realRoot string
if _, err := os.Stat(config.Root); err != nil && os.IsNotExist(err) {
realRoot = config.Root
} else {
realRoot, err = fileutils.ReadSymlinkedDirectory(config.Root)
if err != nil {
return nil, fmt.Errorf("Unable to get the full path to root (%s): %s", config.Root, err)
}
}
if err = setupDaemonRoot(config, realRoot, rootUID, rootGID); err != nil {
return nil, err
}
// set up the tmpDir to use a canonical path
tmp, err := tempDir(config.Root, rootUID, rootGID)
if err != nil {
return nil, fmt.Errorf("Unable to get the TempDir under %s: %s", config.Root, err)
}
realTmp, err := fileutils.ReadSymlinkedDirectory(tmp)
if err != nil {
return nil, fmt.Errorf("Unable to get the full path to the TempDir (%s): %s", tmp, err)
}
os.Setenv("TMPDIR", realTmp)
// Load storage driver
driver, err := graphdriver.New(config.Root, config.GraphOptions, uidMaps, gidMaps)
if err != nil {
return nil, fmt.Errorf("error initializing graphdriver: %v", err)
}
glog.V(1).Infof("Using graph driver %s", driver)
d := &Daemon{}
d.driver = driver
defer func() {
if err != nil {
if err := d.Shutdown(); err != nil {
glog.Error(err)
}
}
}()
daemonRepo := path.Join(config.Root, "containers")
if err := os.MkdirAll(daemonRepo, 0700); err != nil && !os.IsExist(err) {
glog.Error(err.Error())
return nil, err
}
glog.Info("Creating images graph")
g, err := graph.NewGraph(filepath.Join(config.Root, "graph"), d.driver, uidMaps, gidMaps)
if err != nil {
glog.Error(err.Error())
return nil, err
}
// Configure the volumes driver
volStore, err := configureVolumes(config, rootUID, rootGID)
if err != nil {
return nil, err
}
trustKey, err := api.LoadOrCreateTrustKey(config.TrustKeyPath)
if err != nil {
glog.Error(err.Error())
return nil, err
}
trustDir := path.Join(config.Root, "trust")
if err := os.MkdirAll(trustDir, 0700); err != nil && !os.IsExist(err) {
glog.Error(err.Error())
return nil, err
}
eventsService := events.New()
glog.Info("Creating repository list")
tagCfg := &graph.TagStoreConfig{
Graph: g,
Key: trustKey,
Registry: registryService,
Events: eventsService,
}
repositories, err := graph.NewTagStore(path.Join(config.Root, "repositories-"+d.driver.String()), tagCfg)
if err != nil {
glog.Error(err.Error())
return nil, fmt.Errorf("Couldn't create Tag store: %s", err)
}
graphdbPath := path.Join(config.Root, "linkgraph.db")
graph, err := graphdb.NewSqliteConn(graphdbPath)
if err != nil {
glog.Error(err.Error())
return nil, err
}
d.containerGraphDB = graph
sysInfo := sysinfo.New(false)
d.ID = trustKey.PublicKey().KeyID()
d.repository = daemonRepo
d.containers = &contStore{s: make(map[string]*Container)}
d.graph = g
d.repositories = repositories
d.idIndex = truncindex.NewTruncIndex([]string{})
d.sysInfo = sysInfo
d.configStore = config
d.sysInitPath = ""
d.defaultLogConfig = config.LogConfig
d.RegistryService = registryService
d.EventsService = eventsService
d.root = config.Root
d.volumes = volStore
if err := d.restore(); err != nil {
return nil, err
}
return d, nil
}
func main() {
if reexec.Init() {
return
}
var insecureRegistries vars.StringList
flag.Var(
&insecureRegistries,
"insecureDockerRegistry",
"Docker registry to allow connecting to even if not secure. (Can be specified multiple times to allow insecure connection to multiple repositories)",
)
var persistentImages vars.StringList
flag.Var(
&persistentImages,
"persistentImage",
"Image which should never be garbage collected. (Can be specified multiple times)",
)
var dnsServers vars.StringList
flag.Var(
&dnsServers,
"dnsServer",
"DNS server IP address to use instead of automatically determined servers. (Can be specified multiple times)",
)
cf_debug_server.AddFlags(flag.CommandLine)
cf_lager.AddFlags(flag.CommandLine)
flag.Parse()
runtime.GOMAXPROCS(runtime.NumCPU())
logger, reconfigurableSink := cf_lager.New("garden-linux")
initializeDropsonde(logger)
if *binPath == "" {
missing("-bin")
}
if *stateDirPath == "" {
missing("-stateDir")
}
if *depotPath == "" {
missing("-depot")
}
if len(*tag) > 2 {
println("-tag parameter must be less than 3 characters long")
println()
flag.Usage()
return
}
_, dynamicRange, err := net.ParseCIDR(*networkPool)
if err != nil {
logger.Fatal("failed-to-parse-network-pool", err)
}
subnetPool, err := subnets.NewSubnets(dynamicRange)
if err != nil {
logger.Fatal("failed-to-create-subnet-pool", err)
}
portPoolState, err := port_pool.LoadState(path.Join(*stateDirPath, "port_pool.json"))
if err != nil {
logger.Error("failed-to-parse-pool-state", err)
}
// TODO: use /proc/sys/net/ipv4/ip_local_port_range by default (end + 1)
portPool, err := port_pool.New(uint32(*portPoolStart), uint32(*portPoolSize), portPoolState)
if err != nil {
logger.Fatal("invalid pool range", err)
}
useKernelLogging := true
switch *iptablesLogMethod {
case "nflog":
useKernelLogging = false
case "kernel":
/* noop */
default:
println("-iptablesLogMethod value not recognized")
println()
flag.Usage()
return
}
config := sysconfig.NewConfig(*tag, *allowHostAccess, dnsServers.List)
runner := sysconfig.NewRunner(config, linux_command_runner.New())
if err := os.MkdirAll(*graphRoot, 0755); err != nil {
logger.Fatal("failed-to-create-graph-directory", err)
}
dockerGraphDriver, err := selectGraphDriver(logger, *graphDriverName, *graphRoot)
if err != nil {
logger.Fatal("failed-to-construct-graph-driver", err)
}
backingStoresPath := filepath.Join(*graphRoot, "backing_stores")
if err := os.MkdirAll(backingStoresPath, 0660); err != nil {
logger.Fatal("failed-to-mkdir-backing-stores", err)
}
quotaedGraphDriver := "aed_aufs.QuotaedDriver{
GraphDriver: dockerGraphDriver,
Unmount: quotaed_aufs.Unmount,
BackingStoreMgr: "aed_aufs.BackingStore{
RootPath: backingStoresPath,
Logger: logger.Session("backing-store-mgr"),
},
LoopMounter: "aed_aufs.Loop{
Retrier: retrier.New(retrier.ConstantBackoff(200, 500*time.Millisecond), nil),
Logger: logger.Session("loop-mounter"),
},
Retrier: retrier.New(retrier.ConstantBackoff(200, 500*time.Millisecond), nil),
RootPath: *graphRoot,
Logger: logger.Session("quotaed-driver"),
}
metricsProvider := metrics.NewMetrics(logger, backingStoresPath, *depotPath)
if dbgAddr := cf_debug_server.DebugAddress(flag.CommandLine); dbgAddr != "" {
metrics.StartDebugServer(dbgAddr, reconfigurableSink, metricsProvider)
}
dockerGraph, err := graph.NewGraph(*graphRoot, quotaedGraphDriver)
if err != nil {
logger.Fatal("failed-to-construct-graph", err)
}
var cake layercake.Cake = &layercake.Docker{
Graph: dockerGraph,
Driver: quotaedGraphDriver,
}
if cake.DriverName() == "aufs" {
cake = &layercake.AufsCake{
Cake: cake,
Runner: runner,
GraphRoot: *graphRoot,
}
}
repo := container_repository.New()
retainer := cleaner.NewRetainer()
repoFetcher := &repository_fetcher.Retryable{
RepositoryFetcher: &repository_fetcher.CompositeFetcher{
LocalFetcher: &repository_fetcher.Local{
Cake: cake,
DefaultRootFSPath: *rootFSPath,
IDProvider: repository_fetcher.LayerIDProvider{},
},
RemoteFetcher: repository_fetcher.NewRemote(
logger,
*dockerRegistry,
cake,
distclient.NewDialer(insecureRegistries.List),
repository_fetcher.VerifyFunc(repository_fetcher.Verify),
),
},
Logger: logger,
}
maxId := uint32(sysinfo.Min(sysinfo.MustGetMaxValidUID(), sysinfo.MustGetMaxValidGID()))
mappingList := rootfs_provider.MappingList{
{
ContainerID: 0,
HostID: maxId,
Size: 1,
},
{
ContainerID: 1,
HostID: 1,
Size: maxId - 1,
},
}
rootFSNamespacer := &rootfs_provider.UidNamespacer{
Logger: logger,
Translator: rootfs_provider.NewUidTranslator(
mappingList, // uid
mappingList, // gid
),
}
cleaner := cleaner.NewOvenCleaner(
retainer,
cleaner.NewThreshold(int64(*graphCleanupThreshold)*1024*1024),
)
layerCreator := rootfs_provider.NewLayerCreator(cake, rootfs_provider.SimpleVolumeCreator{}, rootFSNamespacer)
cakeOrdinator := rootfs_provider.NewCakeOrdinator(cake, repoFetcher, layerCreator, nil, cleaner)
imageRetainer := &repository_fetcher.ImageRetainer{
GraphRetainer: retainer,
DirectoryRootfsIDProvider: repository_fetcher.LayerIDProvider{},
DockerImageIDFetcher: repoFetcher,
NamespaceCacheKey: rootFSNamespacer.CacheKey(),
Logger: logger,
}
// spawn off in a go function to avoid blocking startup
// worst case is if an image is immediately created and deleted faster than
// we can retain it we'll garbage collect it when we shouldn't. This
// is an OK trade-off for not having garden startup block on dockerhub.
go imageRetainer.Retain(persistentImages.List)
rootfsCleaner := &linux_backend.RootFSCleaner{
FilePaths: []string{
"/tmp", "/proc", "/sys", "/dev", "/etc", "/etc/config", "/etc/hostname",
"/etc/hosts", "/etc/resolv.conf",
},
}
if *externalIP == "" {
ip, err := localip.LocalIP()
if err != nil {
panic("couldn't determine local IP to use for -externalIP parameter. You can use the -externalIP flag to pass an external IP")
}
externalIP = &ip
}
parsedExternalIP := net.ParseIP(*externalIP)
if parsedExternalIP == nil {
panic(fmt.Sprintf("Value of -externalIP %s could not be converted to an IP", *externalIP))
}
var quotaManager linux_container.QuotaManager = "a_manager.AUFSQuotaManager{
BaseSizer: quota_manager.NewAUFSBaseSizer(cake),
DiffSizer: "a_manager.AUFSDiffSizer{quotaedGraphDriver},
}
ipTablesMgr := createIPTablesManager(config, runner, logger)
injector := &provider{
useKernelLogging: useKernelLogging,
chainPrefix: config.IPTables.Filter.InstancePrefix,
runner: runner,
log: logger,
portPool: portPool,
ipTablesMgr: ipTablesMgr,
sysconfig: config,
quotaManager: quotaManager,
}
currentContainerVersion, err := semver.Make(CurrentContainerVersion)
if err != nil {
logger.Fatal("failed-to-parse-container-version", err)
}
pool := resource_pool.New(
logger,
*binPath,
*depotPath,
config,
cakeOrdinator,
rootfsCleaner,
mappingList,
parsedExternalIP,
*mtu,
subnetPool,
bridgemgr.New("w"+config.Tag+"b-", &devices.Bridge{}, &devices.Link{}),
ipTablesMgr,
injector,
iptables.NewGlobalChain(config.IPTables.Filter.DefaultChain, runner, logger.Session("global-chain")),
portPool,
strings.Split(*denyNetworks, ","),
strings.Split(*allowNetworks, ","),
runner,
quotaManager,
currentContainerVersion,
system.MkdirChowner{},
)
systemInfo := sysinfo.NewProvider(*depotPath)
backend := linux_backend.New(logger, pool, repo, injector, systemInfo, layercake.GraphPath(*graphRoot), *snapshotsPath, int(*maxContainers))
err = backend.Setup()
if err != nil {
logger.Fatal("failed-to-set-up-backend", err)
}
graceTime := *containerGraceTime
gardenServer := server.New(*listenNetwork, *listenAddr, graceTime, backend, logger)
err = gardenServer.Start()
if err != nil {
logger.Fatal("failed-to-start-server", err)
}
clock := clock.NewClock()
metronNotifier := metrics.NewPeriodicMetronNotifier(logger, metricsProvider, *metricsEmissionInterval, clock)
metronNotifier.Start()
signals := make(chan os.Signal, 1)
go func() {
<-signals
portPoolState = portPool.RefreshState()
port_pool.SaveState(path.Join(*stateDirPath, "port_pool.json"), portPoolState)
gardenServer.Stop()
metronNotifier.Stop()
os.Exit(0)
}()
signal.Notify(signals, syscall.SIGINT, syscall.SIGTERM, syscall.SIGHUP)
logger.Info("started", lager.Data{
"network": *listenNetwork,
"addr": *listenAddr,
})
select {}
}
root string
driver graphdriver.Driver
cake *layercake.Docker
)
BeforeEach(func() {
var err error
root, err = ioutil.TempDir("", "cakeroot")
Expect(err).NotTo(HaveOccurred())
Expect(syscall.Mount("tmpfs", root, "tmpfs", 0, "")).To(Succeed())
driver, err := graphdriver.GetDriver("vfs", root, nil)
Expect(err).NotTo(HaveOccurred())
graph, err := graph.NewGraph(root, driver)
Expect(err).NotTo(HaveOccurred())
cake = &layercake.Docker{
Graph: graph,
Driver: driver,
}
})
AfterEach(func() {
Expect(syscall.Unmount(root, 0)).To(Succeed())
Expect(os.RemoveAll(root)).To(Succeed())
})
Describe("Register", func() {
Context("after registering a layer", func() {
func main() {
if reexec.Init() {
return
}
cf_debug_server.AddFlags(flag.CommandLine)
cf_lager.AddFlags(flag.CommandLine)
flag.Parse()
runtime.GOMAXPROCS(runtime.NumCPU())
logger, reconfigurableSink := cf_lager.New("garden-linux")
if dbgAddr := cf_debug_server.DebugAddress(flag.CommandLine); dbgAddr != "" {
debug.Run(dbgAddr, reconfigurableSink)
}
initializeDropsonde(logger)
if *binPath == "" {
missing("-bin")
}
if *depotPath == "" {
missing("-depot")
}
if len(*tag) > 2 {
println("-tag parameter must be less than 3 characters long")
println()
flag.Usage()
return
}
_, dynamicRange, err := net.ParseCIDR(*networkPool)
if err != nil {
logger.Fatal("failed-to-parse-network-pool", err)
}
subnetPool, err := subnets.NewSubnets(dynamicRange)
if err != nil {
logger.Fatal("failed-to-create-subnet-pool", err)
}
// TODO: use /proc/sys/net/ipv4/ip_local_port_range by default (end + 1)
portPool, err := port_pool.New(uint32(*portPoolStart), uint32(*portPoolSize))
if err != nil {
logger.Fatal("invalid pool range", err)
}
useKernelLogging := true
switch *iptablesLogMethod {
case "nflog":
useKernelLogging = false
case "kernel":
/* noop */
default:
println("-iptablesLogMethod value not recognized")
println()
flag.Usage()
return
}
config := sysconfig.NewConfig(*tag, *allowHostAccess)
runner := sysconfig.NewRunner(config, linux_command_runner.New())
if err := os.MkdirAll(*graphRoot, 0755); err != nil {
logger.Fatal("failed-to-create-graph-directory", err)
}
dockerGraphDriver, err := graphdriver.New(*graphRoot, nil)
if err != nil {
logger.Fatal("failed-to-construct-graph-driver", err)
}
dockerGraph, err := graph.NewGraph(*graphRoot, dockerGraphDriver)
if err != nil {
logger.Fatal("failed-to-construct-graph", err)
}
graphMountPoint := mountPoint(logger, *graphRoot)
var cake layercake.Cake = &layercake.Docker{
Graph: dockerGraph,
Driver: dockerGraphDriver,
}
if cake.DriverName() == "btrfs" {
cake = &layercake.BtrfsCleaningCake{
Cake: cake,
Runner: runner,
BtrfsMountPoint: graphMountPoint,
RemoveAll: os.RemoveAll,
Logger: logger.Session("btrfs-cleanup"),
}
}
retainer := layercake.NewRetainer()
cake = &layercake.OvenCleaner{
Cake: cake,
Retainer: retainer,
Logger: logger.Session("oven-cleaner"),
}
lock := repository_fetcher.NewFetchLock()
repoFetcher := repository_fetcher.Retryable{
repository_fetcher.NewRemote(
repository_fetcher.NewRepositoryProvider(
*dockerRegistry,
strings.Split(*insecureRegistries, ","),
),
cake,
map[registry.APIVersion]repository_fetcher.VersionedFetcher{
registry.APIVersion1: &repository_fetcher.RemoteV1Fetcher{
Cake: cake,
Retainer: retainer,
GraphLock: lock,
},
registry.APIVersion2: &repository_fetcher.RemoteV2Fetcher{
Cake: cake,
Retainer: retainer,
GraphLock: lock,
},
},
repository_fetcher.EndpointPinger{},
),
}
maxId := sysinfo.Min(sysinfo.MustGetMaxValidUID(), sysinfo.MustGetMaxValidGID())
mappingList := rootfs_provider.MappingList{
{
FromID: 0,
ToID: maxId,
Size: 1,
},
{
FromID: 1,
ToID: 1,
Size: maxId - 1,
},
}
rootFSNamespacer := &rootfs_provider.UidNamespacer{
Logger: logger,
Translator: rootfs_provider.NewUidTranslator(
mappingList, // uid
mappingList, // gid
),
}
remoteRootFSProvider, err := rootfs_provider.NewDocker(fmt.Sprintf("docker-remote-%s", cake.DriverName()),
repoFetcher, cake, rootfs_provider.SimpleVolumeCreator{}, rootFSNamespacer, clock.NewClock())
if err != nil {
logger.Fatal("failed-to-construct-docker-rootfs-provider", err)
}
localRootFSProvider, err := rootfs_provider.NewDocker(fmt.Sprintf("docker-local-%s", cake.DriverName()),
&repository_fetcher.Local{
Cake: cake,
DefaultRootFSPath: *rootFSPath,
IDProvider: repository_fetcher.LayerIDProvider{},
}, cake, rootfs_provider.SimpleVolumeCreator{}, rootFSNamespacer, clock.NewClock())
if err != nil {
logger.Fatal("failed-to-construct-warden-rootfs-provider", err)
}
rootFSProviders := map[string]rootfs_provider.RootFSProvider{
"": localRootFSProvider,
"docker": remoteRootFSProvider,
}
if *externalIP == "" {
ip, err := localip.LocalIP()
if err != nil {
panic("couldn't determine local IP to use for -externalIP parameter. You can use the -externalIP flag to pass an external IP")
}
externalIP = &ip
}
parsedExternalIP := net.ParseIP(*externalIP)
if parsedExternalIP == nil {
panic(fmt.Sprintf("Value of -externalIP %s could not be converted to an IP", *externalIP))
}
var quotaManager linux_container.QuotaManager = quota_manager.DisabledQuotaManager{}
if !*disableQuotas {
quotaManager = "a_manager.BtrfsQuotaManager{
Runner: runner,
MountPoint: graphMountPoint,
}
}
injector := &provider{
useKernelLogging: useKernelLogging,
chainPrefix: config.IPTables.Filter.InstancePrefix,
runner: runner,
log: logger,
portPool: portPool,
sysconfig: config,
quotaManager: quotaManager,
}
currentContainerVersion, err := semver.Make(CurrentContainerVersion)
if err != nil {
logger.Fatal("failed-to-parse-container-version", err)
}
pool := resource_pool.New(
logger,
*binPath,
*depotPath,
config,
rootFSProviders,
cake,
mappingList,
parsedExternalIP,
*mtu,
subnetPool,
bridgemgr.New("w"+config.Tag+"b-", &devices.Bridge{}, &devices.Link{}),
injector,
iptables.NewGlobalChain(config.IPTables.Filter.DefaultChain, runner, logger.Session("global-chain")),
portPool,
strings.Split(*denyNetworks, ","),
strings.Split(*allowNetworks, ","),
runner,
quotaManager,
currentContainerVersion,
)
systemInfo := sysinfo.NewProvider(*depotPath)
backend := linux_backend.New(logger, pool, container_repository.New(), injector, systemInfo, *snapshotsPath, int(*maxContainers))
err = backend.Setup()
if err != nil {
logger.Fatal("failed-to-set-up-backend", err)
}
graceTime := *containerGraceTime
gardenServer := server.New(*listenNetwork, *listenAddr, graceTime, backend, logger)
err = gardenServer.Start()
if err != nil {
logger.Fatal("failed-to-start-server", err)
}
signals := make(chan os.Signal, 1)
go func() {
<-signals
gardenServer.Stop()
os.Exit(0)
}()
signal.Notify(signals, syscall.SIGINT, syscall.SIGTERM, syscall.SIGHUP)
logger.Info("started", lager.Data{
"network": *listenNetwork,
"addr": *listenAddr,
})
select {}
}