2018-02-05 16:05:59 -05:00
|
|
|
package container // import "github.com/docker/docker/api/server/router/container"
|
2015-07-28 14:35:24 -04:00
|
|
|
|
|
|
|
|
import (
|
2018-04-19 18:30:59 -04:00
|
|
|
"context"
|
2016-01-12 02:33:41 -05:00
|
|
|
"encoding/json"
|
2015-07-28 14:35:24 -04:00
|
|
|
"fmt"
|
2016-01-05 16:23:24 -05:00
|
|
|
"io"
|
2015-07-28 14:35:24 -04:00
|
|
|
"net/http"
|
|
|
|
|
"strconv"
|
|
|
|
|
|
2020-03-19 16:54:48 -04:00
|
|
|
"github.com/containerd/containerd/platforms"
|
errdefs: move GetHTTPErrorStatusCode to api/server/httpstatus
This reverts the changes made in 2a9c987e5a72549775ffa4dc31595ceff4f06a78, which
moved the GetHTTPErrorStatusCode() utility to the errdefs package.
While it seemed to make sense at the time to have the errdefs package provide
conversion both from HTTP status codes errdefs and the reverse, a side-effect
of the move was that the errdefs package now had a dependency on various external
modules, to handle conversio of errors coming from those sub-systems, such as;
- github.com/containerd/containerd
- github.com/docker/distribution
- google.golang.org/grpc
This patch moves the conversion from (errdef-) errors to HTTP status-codes to a
api/server/httpstatus package, which is only used by the API server, and should
not be needed by client-code using the errdefs package.
The MakeErrorHandler() utility was moved to the API server itself, as that's the
only place it's used. While the same applies to the GetHTTPErrorStatusCode func,
I opted for keeping that in its own package for a slightly cleaner interface.
Why not move it into the api/server/httputils package?
The api/server/httputils package is also imported in the client package, which
uses the httputils.ParseForm() and httputils.HijackConnection() functions as
part of the TestTLSCloseWriter() test. While this is only used in tests, I
wanted to avoid introducing the indirect depdencencies outside of the api/server
code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-21 06:27:39 -04:00
|
|
|
"github.com/docker/docker/api/server/httpstatus"
|
2015-09-23 19:42:08 -04:00
|
|
|
"github.com/docker/docker/api/server/httputils"
|
2016-09-06 14:46:37 -04:00
|
|
|
"github.com/docker/docker/api/types"
|
2016-01-27 17:09:42 -05:00
|
|
|
"github.com/docker/docker/api/types/backend"
|
2016-09-06 14:46:37 -04:00
|
|
|
"github.com/docker/docker/api/types/container"
|
|
|
|
|
"github.com/docker/docker/api/types/filters"
|
|
|
|
|
"github.com/docker/docker/api/types/versions"
|
2017-03-30 23:01:41 -04:00
|
|
|
containerpkg "github.com/docker/docker/container"
|
2018-01-11 14:53:06 -05:00
|
|
|
"github.com/docker/docker/errdefs"
|
2016-01-05 16:23:24 -05:00
|
|
|
"github.com/docker/docker/pkg/ioutils"
|
2020-03-19 16:54:48 -04:00
|
|
|
specs "github.com/opencontainers/image-spec/specs-go/v1"
|
2017-07-19 10:20:13 -04:00
|
|
|
"github.com/pkg/errors"
|
2017-07-26 17:42:13 -04:00
|
|
|
"github.com/sirupsen/logrus"
|
2015-09-29 17:32:07 -04:00
|
|
|
"golang.org/x/net/websocket"
|
2015-07-28 14:35:24 -04:00
|
|
|
)
|
|
|
|
|
|
2018-02-07 15:33:20 -05:00
|
|
|
func (s *containerRouter) postCommit(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
|
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := httputils.CheckForJSON(r); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TODO: remove pause arg, and always pause in backend
|
|
|
|
|
pause := httputils.BoolValue(r, "pause")
|
|
|
|
|
version := httputils.VersionFromContext(ctx)
|
|
|
|
|
if r.FormValue("pause") == "" && versions.GreaterThanOrEqualTo(version, "1.13") {
|
|
|
|
|
pause = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
config, _, _, err := s.decoder.DecodeConfig(r.Body)
|
2019-11-27 09:37:30 -05:00
|
|
|
if err != nil && err != io.EOF { // Do not fail if body is empty.
|
2018-02-07 15:33:20 -05:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
commitCfg := &backend.CreateImageConfig{
|
|
|
|
|
Pause: pause,
|
|
|
|
|
Repo: r.Form.Get("repo"),
|
|
|
|
|
Tag: r.Form.Get("tag"),
|
|
|
|
|
Author: r.Form.Get("author"),
|
|
|
|
|
Comment: r.Form.Get("comment"),
|
|
|
|
|
Config: config,
|
|
|
|
|
Changes: r.Form["changes"],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
imgID, err := s.backend.CreateImageFromContainer(r.Form.Get("container"), commitCfg)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return httputils.WriteJSON(w, http.StatusCreated, &types.IDResponse{ID: imgID})
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) getContainersJSON(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
2015-09-23 19:42:08 -04:00
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
2017-09-26 07:59:45 -04:00
|
|
|
filter, err := filters.FromJSON(r.Form.Get("filters"))
|
2016-01-27 17:09:42 -05:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2015-07-28 14:35:24 -04:00
|
|
|
|
2016-01-27 17:09:42 -05:00
|
|
|
config := &types.ContainerListOptions{
|
2016-11-01 10:01:16 -04:00
|
|
|
All: httputils.BoolValue(r, "all"),
|
|
|
|
|
Size: httputils.BoolValue(r, "size"),
|
|
|
|
|
Since: r.Form.Get("since"),
|
|
|
|
|
Before: r.Form.Get("before"),
|
|
|
|
|
Filters: filter,
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if tmpLimit := r.Form.Get("limit"); tmpLimit != "" {
|
|
|
|
|
limit, err := strconv.Atoi(tmpLimit)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
config.Limit = limit
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
containers, err := s.backend.Containers(config)
|
2015-07-28 14:35:24 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-23 19:42:08 -04:00
|
|
|
return httputils.WriteJSON(w, http.StatusOK, containers)
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) getContainersStats(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
2015-09-23 19:42:08 -04:00
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-23 19:42:08 -04:00
|
|
|
stream := httputils.BoolValueOrDefault(r, "stream", true)
|
2015-07-28 14:35:24 -04:00
|
|
|
if !stream {
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
}
|
2020-02-07 18:55:06 -05:00
|
|
|
var oneShot bool
|
|
|
|
|
if versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.41") {
|
|
|
|
|
oneShot = httputils.BoolValueOrDefault(r, "one-shot", false)
|
|
|
|
|
}
|
2015-07-28 14:35:24 -04:00
|
|
|
|
2015-12-30 12:20:41 -05:00
|
|
|
config := &backend.ContainerStatsConfig{
|
2015-07-28 14:35:24 -04:00
|
|
|
Stream: stream,
|
2020-02-07 18:55:06 -05:00
|
|
|
OneShot: oneShot,
|
2015-12-19 09:43:10 -05:00
|
|
|
OutStream: w,
|
2017-08-24 13:11:44 -04:00
|
|
|
Version: httputils.VersionFromContext(ctx),
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
|
2016-03-25 14:33:54 -04:00
|
|
|
return s.backend.ContainerStats(ctx, vars["name"], config)
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) getContainersLogs(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
2015-09-23 19:42:08 -04:00
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-20 09:32:47 -04:00
|
|
|
// Args are validated before the stream starts because when it starts we're
|
|
|
|
|
// sending HTTP 200 by writing an empty chunk of data to tell the client that
|
|
|
|
|
// daemon is going to stream. By sending this initial HTTP 200 we can't report
|
|
|
|
|
// any error after the stream starts (i.e. container not found, wrong parameters)
|
|
|
|
|
// with the appropriate status code.
|
2015-09-23 19:42:08 -04:00
|
|
|
stdout, stderr := httputils.BoolValue(r, "stdout"), httputils.BoolValue(r, "stderr")
|
2015-07-28 14:35:24 -04:00
|
|
|
if !(stdout || stderr) {
|
2017-11-28 23:09:37 -05:00
|
|
|
return errdefs.InvalidParameter(errors.New("Bad parameters: you must choose at least one stream"))
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
|
2015-09-28 16:36:29 -04:00
|
|
|
containerName := vars["name"]
|
2017-03-20 13:07:04 -04:00
|
|
|
logsConfig := &types.ContainerLogsOptions{
|
|
|
|
|
Follow: httputils.BoolValue(r, "follow"),
|
|
|
|
|
Timestamps: httputils.BoolValue(r, "timestamps"),
|
|
|
|
|
Since: r.Form.Get("since"),
|
2017-04-28 07:53:00 -04:00
|
|
|
Until: r.Form.Get("until"),
|
2017-03-20 13:07:04 -04:00
|
|
|
Tail: r.Form.Get("tail"),
|
|
|
|
|
ShowStdout: stdout,
|
|
|
|
|
ShowStderr: stderr,
|
|
|
|
|
Details: httputils.BoolValue(r, "details"),
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
|
2017-07-19 10:20:13 -04:00
|
|
|
msgs, tty, err := s.backend.ContainerLogs(ctx, containerName, logsConfig)
|
2017-03-20 13:07:04 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
|
2017-03-20 13:07:04 -04:00
|
|
|
// if has a tty, we're not muxing streams. if it doesn't, we are. simple.
|
|
|
|
|
// this is the point of no return for writing a response. once we call
|
|
|
|
|
// WriteLogStream, the response has been started and errors will be
|
|
|
|
|
// returned in band by WriteLogStream
|
2017-07-19 10:20:13 -04:00
|
|
|
httputils.WriteLogStream(ctx, w, msgs, logsConfig, !tty)
|
2015-07-28 14:35:24 -04:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) getContainersExport(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
|
|
|
|
return s.backend.ContainerExport(vars["name"], w)
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
|
2017-07-19 10:20:13 -04:00
|
|
|
type bodyOnStartError struct{}
|
|
|
|
|
|
|
|
|
|
func (bodyOnStartError) Error() string {
|
|
|
|
|
return "starting container with non-empty request body was deprecated since API v1.22 and removed in v1.24"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (bodyOnStartError) InvalidParameter() {}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) postContainersStart(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
2015-07-28 14:35:24 -04:00
|
|
|
// If contentLength is -1, we can assumed chunked encoding
|
|
|
|
|
// or more technically that the length is unknown
|
|
|
|
|
// https://golang.org/src/pkg/net/http/request.go#L139
|
|
|
|
|
// net/http otherwise seems to swallow any headers related to chunked encoding
|
|
|
|
|
// including r.TransferEncoding
|
|
|
|
|
// allow a nil body for backwards compatibility
|
2016-05-07 06:05:26 -04:00
|
|
|
|
2016-07-06 03:13:59 -04:00
|
|
|
version := httputils.VersionFromContext(ctx)
|
2015-12-18 13:36:17 -05:00
|
|
|
var hostConfig *container.HostConfig
|
2016-05-07 06:05:26 -04:00
|
|
|
// A non-nil json object is at least 7 characters.
|
|
|
|
|
if r.ContentLength > 7 || r.ContentLength == -1 {
|
|
|
|
|
if versions.GreaterThanOrEqualTo(version, "1.24") {
|
2017-07-19 10:20:13 -04:00
|
|
|
return bodyOnStartError{}
|
2016-05-07 06:05:26 -04:00
|
|
|
}
|
|
|
|
|
|
2015-09-23 19:42:08 -04:00
|
|
|
if err := httputils.CheckForJSON(r); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-28 14:22:23 -04:00
|
|
|
c, err := s.decoder.DecodeHostConfig(r.Body)
|
2015-07-28 14:35:24 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
hostConfig = c
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-12 10:52:00 -04:00
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
checkpoint := r.Form.Get("checkpoint")
|
2016-09-19 12:01:16 -04:00
|
|
|
checkpointDir := r.Form.Get("checkpoint-dir")
|
2016-11-30 13:22:07 -05:00
|
|
|
if err := s.backend.ContainerStart(vars["name"], hostConfig, checkpoint, checkpointDir); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
2016-05-12 10:52:00 -04:00
|
|
|
|
2015-07-28 14:35:24 -04:00
|
|
|
w.WriteHeader(http.StatusNoContent)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) postContainersStop(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
2015-09-23 19:42:08 -04:00
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-22 06:46:43 -04:00
|
|
|
var (
|
|
|
|
|
options container.StopOptions
|
|
|
|
|
version = httputils.VersionFromContext(ctx)
|
|
|
|
|
)
|
|
|
|
|
if versions.GreaterThanOrEqualTo(version, "1.42") {
|
2022-05-01 13:55:36 -04:00
|
|
|
options.Signal = r.Form.Get("signal")
|
2021-08-22 06:46:43 -04:00
|
|
|
}
|
2016-06-06 23:29:05 -04:00
|
|
|
if tmpSeconds := r.Form.Get("t"); tmpSeconds != "" {
|
|
|
|
|
valSeconds, err := strconv.Atoi(tmpSeconds)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2021-08-20 18:23:26 -04:00
|
|
|
options.Timeout = &valSeconds
|
2016-06-06 23:29:05 -04:00
|
|
|
}
|
2015-07-28 14:35:24 -04:00
|
|
|
|
2021-08-20 18:23:26 -04:00
|
|
|
if err := s.backend.ContainerStop(ctx, vars["name"], options); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-22 06:46:43 -04:00
|
|
|
w.WriteHeader(http.StatusNoContent)
|
2015-07-28 14:35:24 -04:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) postContainersKill(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
2015-09-23 19:42:08 -04:00
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
name := vars["name"]
|
2022-05-01 19:00:09 -04:00
|
|
|
if err := s.backend.ContainerKill(name, r.Form.Get("signal")); err != nil {
|
Remove static errors from errors package.
Moving all strings to the errors package wasn't a good idea after all.
Our custom implementation of Go errors predates everything that's nice
and good about working with errors in Go. Take as an example what we
have to do to get an error message:
```go
func GetErrorMessage(err error) string {
switch err.(type) {
case errcode.Error:
e, _ := err.(errcode.Error)
return e.Message
case errcode.ErrorCode:
ec, _ := err.(errcode.ErrorCode)
return ec.Message()
default:
return err.Error()
}
}
```
This goes against every good practice for Go development. The language already provides a simple, intuitive and standard way to get error messages, that is calling the `Error()` method from an error. Reinventing the error interface is a mistake.
Our custom implementation also makes very hard to reason about errors, another nice thing about Go. I found several (>10) error declarations that we don't use anywhere. This is a clear sign about how little we know about the errors we return. I also found several error usages where the number of arguments was different than the parameters declared in the error, another clear example of how difficult is to reason about errors.
Moreover, our custom implementation didn't really make easier for people to return custom HTTP status code depending on the errors. Again, it's hard to reason about when to set custom codes and how. Take an example what we have to do to extract the message and status code from an error before returning a response from the API:
```go
switch err.(type) {
case errcode.ErrorCode:
daError, _ := err.(errcode.ErrorCode)
statusCode = daError.Descriptor().HTTPStatusCode
errMsg = daError.Message()
case errcode.Error:
// For reference, if you're looking for a particular error
// then you can do something like :
// import ( derr "github.com/docker/docker/errors" )
// if daError.ErrorCode() == derr.ErrorCodeNoSuchContainer { ... }
daError, _ := err.(errcode.Error)
statusCode = daError.ErrorCode().Descriptor().HTTPStatusCode
errMsg = daError.Message
default:
// This part of will be removed once we've
// converted everything over to use the errcode package
// FIXME: this is brittle and should not be necessary.
// If we need to differentiate between different possible error types,
// we should create appropriate error types with clearly defined meaning
errStr := strings.ToLower(err.Error())
for keyword, status := range map[string]int{
"not found": http.StatusNotFound,
"no such": http.StatusNotFound,
"bad parameter": http.StatusBadRequest,
"conflict": http.StatusConflict,
"impossible": http.StatusNotAcceptable,
"wrong login/password": http.StatusUnauthorized,
"hasn't been activated": http.StatusForbidden,
} {
if strings.Contains(errStr, keyword) {
statusCode = status
break
}
}
}
```
You can notice two things in that code:
1. We have to explain how errors work, because our implementation goes against how easy to use Go errors are.
2. At no moment we arrived to remove that `switch` statement that was the original reason to use our custom implementation.
This change removes all our status errors from the errors package and puts them back in their specific contexts.
IT puts the messages back with their contexts. That way, we know right away when errors used and how to generate their messages.
It uses custom interfaces to reason about errors. Errors that need to response with a custom status code MUST implementent this simple interface:
```go
type errorWithStatus interface {
HTTPErrorStatusCode() int
}
```
This interface is very straightforward to implement. It also preserves Go errors real behavior, getting the message is as simple as using the `Error()` method.
I included helper functions to generate errors that use custom status code in `errors/errors.go`.
By doing this, we remove the hard dependency we have eeverywhere to our custom errors package. Yes, you can use it as a helper to generate error, but it's still very easy to generate errors without it.
Please, read this fantastic blog post about errors in Go: http://dave.cheney.net/2014/12/24/inspecting-errors
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-25 10:53:35 -05:00
|
|
|
var isStopped bool
|
2017-07-19 10:20:13 -04:00
|
|
|
if errdefs.IsConflict(err) {
|
|
|
|
|
isStopped = true
|
Remove static errors from errors package.
Moving all strings to the errors package wasn't a good idea after all.
Our custom implementation of Go errors predates everything that's nice
and good about working with errors in Go. Take as an example what we
have to do to get an error message:
```go
func GetErrorMessage(err error) string {
switch err.(type) {
case errcode.Error:
e, _ := err.(errcode.Error)
return e.Message
case errcode.ErrorCode:
ec, _ := err.(errcode.ErrorCode)
return ec.Message()
default:
return err.Error()
}
}
```
This goes against every good practice for Go development. The language already provides a simple, intuitive and standard way to get error messages, that is calling the `Error()` method from an error. Reinventing the error interface is a mistake.
Our custom implementation also makes very hard to reason about errors, another nice thing about Go. I found several (>10) error declarations that we don't use anywhere. This is a clear sign about how little we know about the errors we return. I also found several error usages where the number of arguments was different than the parameters declared in the error, another clear example of how difficult is to reason about errors.
Moreover, our custom implementation didn't really make easier for people to return custom HTTP status code depending on the errors. Again, it's hard to reason about when to set custom codes and how. Take an example what we have to do to extract the message and status code from an error before returning a response from the API:
```go
switch err.(type) {
case errcode.ErrorCode:
daError, _ := err.(errcode.ErrorCode)
statusCode = daError.Descriptor().HTTPStatusCode
errMsg = daError.Message()
case errcode.Error:
// For reference, if you're looking for a particular error
// then you can do something like :
// import ( derr "github.com/docker/docker/errors" )
// if daError.ErrorCode() == derr.ErrorCodeNoSuchContainer { ... }
daError, _ := err.(errcode.Error)
statusCode = daError.ErrorCode().Descriptor().HTTPStatusCode
errMsg = daError.Message
default:
// This part of will be removed once we've
// converted everything over to use the errcode package
// FIXME: this is brittle and should not be necessary.
// If we need to differentiate between different possible error types,
// we should create appropriate error types with clearly defined meaning
errStr := strings.ToLower(err.Error())
for keyword, status := range map[string]int{
"not found": http.StatusNotFound,
"no such": http.StatusNotFound,
"bad parameter": http.StatusBadRequest,
"conflict": http.StatusConflict,
"impossible": http.StatusNotAcceptable,
"wrong login/password": http.StatusUnauthorized,
"hasn't been activated": http.StatusForbidden,
} {
if strings.Contains(errStr, keyword) {
statusCode = status
break
}
}
}
```
You can notice two things in that code:
1. We have to explain how errors work, because our implementation goes against how easy to use Go errors are.
2. At no moment we arrived to remove that `switch` statement that was the original reason to use our custom implementation.
This change removes all our status errors from the errors package and puts them back in their specific contexts.
IT puts the messages back with their contexts. That way, we know right away when errors used and how to generate their messages.
It uses custom interfaces to reason about errors. Errors that need to response with a custom status code MUST implementent this simple interface:
```go
type errorWithStatus interface {
HTTPErrorStatusCode() int
}
```
This interface is very straightforward to implement. It also preserves Go errors real behavior, getting the message is as simple as using the `Error()` method.
I included helper functions to generate errors that use custom status code in `errors/errors.go`.
By doing this, we remove the hard dependency we have eeverywhere to our custom errors package. Yes, you can use it as a helper to generate error, but it's still very easy to generate errors without it.
Please, read this fantastic blog post about errors in Go: http://dave.cheney.net/2014/12/24/inspecting-errors
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-25 10:53:35 -05:00
|
|
|
}
|
2015-09-16 14:56:26 -04:00
|
|
|
|
2015-07-28 14:35:24 -04:00
|
|
|
// Return error that's not caused because the container is stopped.
|
|
|
|
|
// Return error if the container is not running and the api is >= 1.20
|
|
|
|
|
// to keep backwards compatibility.
|
2015-09-23 19:42:08 -04:00
|
|
|
version := httputils.VersionFromContext(ctx)
|
2016-04-19 10:56:54 -04:00
|
|
|
if versions.GreaterThanOrEqualTo(version, "1.20") || !isStopped {
|
2017-07-19 10:20:13 -04:00
|
|
|
return errors.Wrapf(err, "Cannot kill container: %s", name)
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.WriteHeader(http.StatusNoContent)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) postContainersRestart(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
2015-09-23 19:42:08 -04:00
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-22 06:46:43 -04:00
|
|
|
var (
|
|
|
|
|
options container.StopOptions
|
|
|
|
|
version = httputils.VersionFromContext(ctx)
|
|
|
|
|
)
|
|
|
|
|
if versions.GreaterThanOrEqualTo(version, "1.42") {
|
2022-05-01 13:55:36 -04:00
|
|
|
options.Signal = r.Form.Get("signal")
|
2021-08-22 06:46:43 -04:00
|
|
|
}
|
2016-06-06 23:29:05 -04:00
|
|
|
if tmpSeconds := r.Form.Get("t"); tmpSeconds != "" {
|
|
|
|
|
valSeconds, err := strconv.Atoi(tmpSeconds)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2021-08-20 18:23:26 -04:00
|
|
|
options.Timeout = &valSeconds
|
2016-06-06 23:29:05 -04:00
|
|
|
}
|
2015-07-28 14:35:24 -04:00
|
|
|
|
2021-08-20 18:23:26 -04:00
|
|
|
if err := s.backend.ContainerRestart(ctx, vars["name"], options); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.WriteHeader(http.StatusNoContent)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) postContainersPause(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
2015-09-23 19:42:08 -04:00
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
if err := s.backend.ContainerPause(vars["name"]); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.WriteHeader(http.StatusNoContent)
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) postContainersUnpause(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
2015-09-23 19:42:08 -04:00
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
if err := s.backend.ContainerUnpause(vars["name"]); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.WriteHeader(http.StatusNoContent)
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) postContainersWait(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
2017-03-30 23:01:41 -04:00
|
|
|
// Behavior changed in version 1.30 to handle wait condition and to
|
|
|
|
|
// return headers immediately.
|
|
|
|
|
version := httputils.VersionFromContext(ctx)
|
ContainerWait on remove: don't stuck on rm fail
Currently, if a container removal has failed for some reason,
any client waiting for removal (e.g. `docker run --rm`) is
stuck, waiting for removal to succeed while it has failed already.
For more details and the reproducer, please check
https://github.com/moby/moby/issues/34945
This commit addresses that by allowing `ContainerWait()` with
`container.WaitCondition == "removed"` argument to return an
error in case of removal failure. The `ContainerWaitOKBody`
stucture returned to a client is amended with a pointer to `struct Error`,
containing an error message string, and the `Client.ContainerWait()`
is modified to return the error, if any, to the client.
Note that this feature is only available for API version >= 1.34.
In order for the old clients to be unstuck, we just close the connection
without writing anything -- this causes client's error.
Now, docker-cli would need a separate commit to bump the API to 1.34
and to show an error returned, if any.
[v2: recreate the waitRemove channel after closing]
[v3: document; keep legacy behavior for older clients]
[v4: convert Error from string to pointer to a struct]
[v5: don't emulate old behavior, send empty response in error case]
[v6: rename legacy* vars to include version suffix]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-09-27 14:49:22 -04:00
|
|
|
legacyBehaviorPre130 := versions.LessThan(version, "1.30")
|
|
|
|
|
legacyRemovalWaitPre134 := false
|
2017-03-30 23:01:41 -04:00
|
|
|
|
|
|
|
|
// The wait condition defaults to "not-running".
|
|
|
|
|
waitCondition := containerpkg.WaitConditionNotRunning
|
ContainerWait on remove: don't stuck on rm fail
Currently, if a container removal has failed for some reason,
any client waiting for removal (e.g. `docker run --rm`) is
stuck, waiting for removal to succeed while it has failed already.
For more details and the reproducer, please check
https://github.com/moby/moby/issues/34945
This commit addresses that by allowing `ContainerWait()` with
`container.WaitCondition == "removed"` argument to return an
error in case of removal failure. The `ContainerWaitOKBody`
stucture returned to a client is amended with a pointer to `struct Error`,
containing an error message string, and the `Client.ContainerWait()`
is modified to return the error, if any, to the client.
Note that this feature is only available for API version >= 1.34.
In order for the old clients to be unstuck, we just close the connection
without writing anything -- this causes client's error.
Now, docker-cli would need a separate commit to bump the API to 1.34
and to show an error returned, if any.
[v2: recreate the waitRemove channel after closing]
[v3: document; keep legacy behavior for older clients]
[v4: convert Error from string to pointer to a struct]
[v5: don't emulate old behavior, send empty response in error case]
[v6: rename legacy* vars to include version suffix]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-09-27 14:49:22 -04:00
|
|
|
if !legacyBehaviorPre130 {
|
2017-03-30 23:01:41 -04:00
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2022-02-14 04:29:29 -05:00
|
|
|
if v := r.Form.Get("condition"); v != "" {
|
|
|
|
|
switch container.WaitCondition(v) {
|
|
|
|
|
case container.WaitConditionNextExit:
|
|
|
|
|
waitCondition = containerpkg.WaitConditionNextExit
|
|
|
|
|
case container.WaitConditionRemoved:
|
|
|
|
|
waitCondition = containerpkg.WaitConditionRemoved
|
|
|
|
|
legacyRemovalWaitPre134 = versions.LessThan(version, "1.34")
|
|
|
|
|
default:
|
|
|
|
|
return errdefs.InvalidParameter(errors.Errorf("invalid condition: %q", v))
|
|
|
|
|
}
|
2017-03-30 23:01:41 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
waitC, err := s.backend.ContainerWait(ctx, vars["name"], waitCondition)
|
2015-07-28 14:35:24 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-30 23:01:41 -04:00
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
|
|
ContainerWait on remove: don't stuck on rm fail
Currently, if a container removal has failed for some reason,
any client waiting for removal (e.g. `docker run --rm`) is
stuck, waiting for removal to succeed while it has failed already.
For more details and the reproducer, please check
https://github.com/moby/moby/issues/34945
This commit addresses that by allowing `ContainerWait()` with
`container.WaitCondition == "removed"` argument to return an
error in case of removal failure. The `ContainerWaitOKBody`
stucture returned to a client is amended with a pointer to `struct Error`,
containing an error message string, and the `Client.ContainerWait()`
is modified to return the error, if any, to the client.
Note that this feature is only available for API version >= 1.34.
In order for the old clients to be unstuck, we just close the connection
without writing anything -- this causes client's error.
Now, docker-cli would need a separate commit to bump the API to 1.34
and to show an error returned, if any.
[v2: recreate the waitRemove channel after closing]
[v3: document; keep legacy behavior for older clients]
[v4: convert Error from string to pointer to a struct]
[v5: don't emulate old behavior, send empty response in error case]
[v6: rename legacy* vars to include version suffix]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-09-27 14:49:22 -04:00
|
|
|
if !legacyBehaviorPre130 {
|
2017-03-30 23:01:41 -04:00
|
|
|
// Write response header immediately.
|
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
|
if flusher, ok := w.(http.Flusher); ok {
|
|
|
|
|
flusher.Flush()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Block on the result of the wait operation.
|
2017-03-30 16:52:40 -04:00
|
|
|
status := <-waitC
|
|
|
|
|
|
ContainerWait on remove: don't stuck on rm fail
Currently, if a container removal has failed for some reason,
any client waiting for removal (e.g. `docker run --rm`) is
stuck, waiting for removal to succeed while it has failed already.
For more details and the reproducer, please check
https://github.com/moby/moby/issues/34945
This commit addresses that by allowing `ContainerWait()` with
`container.WaitCondition == "removed"` argument to return an
error in case of removal failure. The `ContainerWaitOKBody`
stucture returned to a client is amended with a pointer to `struct Error`,
containing an error message string, and the `Client.ContainerWait()`
is modified to return the error, if any, to the client.
Note that this feature is only available for API version >= 1.34.
In order for the old clients to be unstuck, we just close the connection
without writing anything -- this causes client's error.
Now, docker-cli would need a separate commit to bump the API to 1.34
and to show an error returned, if any.
[v2: recreate the waitRemove channel after closing]
[v3: document; keep legacy behavior for older clients]
[v4: convert Error from string to pointer to a struct]
[v5: don't emulate old behavior, send empty response in error case]
[v6: rename legacy* vars to include version suffix]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-09-27 14:49:22 -04:00
|
|
|
// With API < 1.34, wait on WaitConditionRemoved did not return
|
|
|
|
|
// in case container removal failed. The only way to report an
|
|
|
|
|
// error back to the client is to not write anything (i.e. send
|
|
|
|
|
// an empty response which will be treated as an error).
|
|
|
|
|
if legacyRemovalWaitPre134 && status.Err() != nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-05 11:13:15 -05:00
|
|
|
var waitError *container.WaitExitError
|
ContainerWait on remove: don't stuck on rm fail
Currently, if a container removal has failed for some reason,
any client waiting for removal (e.g. `docker run --rm`) is
stuck, waiting for removal to succeed while it has failed already.
For more details and the reproducer, please check
https://github.com/moby/moby/issues/34945
This commit addresses that by allowing `ContainerWait()` with
`container.WaitCondition == "removed"` argument to return an
error in case of removal failure. The `ContainerWaitOKBody`
stucture returned to a client is amended with a pointer to `struct Error`,
containing an error message string, and the `Client.ContainerWait()`
is modified to return the error, if any, to the client.
Note that this feature is only available for API version >= 1.34.
In order for the old clients to be unstuck, we just close the connection
without writing anything -- this causes client's error.
Now, docker-cli would need a separate commit to bump the API to 1.34
and to show an error returned, if any.
[v2: recreate the waitRemove channel after closing]
[v3: document; keep legacy behavior for older clients]
[v4: convert Error from string to pointer to a struct]
[v5: don't emulate old behavior, send empty response in error case]
[v6: rename legacy* vars to include version suffix]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-09-27 14:49:22 -04:00
|
|
|
if status.Err() != nil {
|
2022-03-05 11:13:15 -05:00
|
|
|
waitError = &container.WaitExitError{Message: status.Err().Error()}
|
ContainerWait on remove: don't stuck on rm fail
Currently, if a container removal has failed for some reason,
any client waiting for removal (e.g. `docker run --rm`) is
stuck, waiting for removal to succeed while it has failed already.
For more details and the reproducer, please check
https://github.com/moby/moby/issues/34945
This commit addresses that by allowing `ContainerWait()` with
`container.WaitCondition == "removed"` argument to return an
error in case of removal failure. The `ContainerWaitOKBody`
stucture returned to a client is amended with a pointer to `struct Error`,
containing an error message string, and the `Client.ContainerWait()`
is modified to return the error, if any, to the client.
Note that this feature is only available for API version >= 1.34.
In order for the old clients to be unstuck, we just close the connection
without writing anything -- this causes client's error.
Now, docker-cli would need a separate commit to bump the API to 1.34
and to show an error returned, if any.
[v2: recreate the waitRemove channel after closing]
[v3: document; keep legacy behavior for older clients]
[v4: convert Error from string to pointer to a struct]
[v5: don't emulate old behavior, send empty response in error case]
[v6: rename legacy* vars to include version suffix]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-09-27 14:49:22 -04:00
|
|
|
}
|
|
|
|
|
|
2022-03-05 11:13:15 -05:00
|
|
|
return json.NewEncoder(w).Encode(&container.WaitResponse{
|
2017-03-30 16:52:40 -04:00
|
|
|
StatusCode: int64(status.ExitCode()),
|
ContainerWait on remove: don't stuck on rm fail
Currently, if a container removal has failed for some reason,
any client waiting for removal (e.g. `docker run --rm`) is
stuck, waiting for removal to succeed while it has failed already.
For more details and the reproducer, please check
https://github.com/moby/moby/issues/34945
This commit addresses that by allowing `ContainerWait()` with
`container.WaitCondition == "removed"` argument to return an
error in case of removal failure. The `ContainerWaitOKBody`
stucture returned to a client is amended with a pointer to `struct Error`,
containing an error message string, and the `Client.ContainerWait()`
is modified to return the error, if any, to the client.
Note that this feature is only available for API version >= 1.34.
In order for the old clients to be unstuck, we just close the connection
without writing anything -- this causes client's error.
Now, docker-cli would need a separate commit to bump the API to 1.34
and to show an error returned, if any.
[v2: recreate the waitRemove channel after closing]
[v3: document; keep legacy behavior for older clients]
[v4: convert Error from string to pointer to a struct]
[v5: don't emulate old behavior, send empty response in error case]
[v6: rename legacy* vars to include version suffix]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-09-27 14:49:22 -04:00
|
|
|
Error: waitError,
|
2015-07-28 14:35:24 -04:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) getContainersChanges(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
|
|
|
|
changes, err := s.backend.ContainerChanges(vars["name"])
|
2015-07-28 14:35:24 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-23 19:42:08 -04:00
|
|
|
return httputils.WriteJSON(w, http.StatusOK, changes)
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) getContainersTop(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
2015-09-23 19:42:08 -04:00
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
procList, err := s.backend.ContainerTop(vars["name"], r.Form.Get("ps_args"))
|
2015-07-28 14:35:24 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-23 19:42:08 -04:00
|
|
|
return httputils.WriteJSON(w, http.StatusOK, procList)
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) postContainerRename(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
2015-09-23 19:42:08 -04:00
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
name := vars["name"]
|
|
|
|
|
newName := r.Form.Get("name")
|
2015-11-04 20:38:05 -05:00
|
|
|
if err := s.backend.ContainerRename(name, newName); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
w.WriteHeader(http.StatusNoContent)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-28 06:19:26 -05:00
|
|
|
func (s *containerRouter) postContainerUpdate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
|
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-12 02:33:41 -05:00
|
|
|
var updateConfig container.UpdateConfig
|
2022-04-05 05:43:06 -04:00
|
|
|
if err := httputils.ReadJSON(r, &updateConfig); err != nil {
|
2015-12-28 06:19:26 -05:00
|
|
|
return err
|
|
|
|
|
}
|
2019-02-24 08:11:00 -05:00
|
|
|
if versions.LessThan(httputils.VersionFromContext(ctx), "1.40") {
|
|
|
|
|
updateConfig.PidsLimit = nil
|
|
|
|
|
}
|
2021-09-21 03:58:31 -04:00
|
|
|
|
|
|
|
|
if versions.GreaterThanOrEqualTo(httputils.VersionFromContext(ctx), "1.42") {
|
|
|
|
|
// Ignore KernelMemory removed in API 1.42.
|
|
|
|
|
updateConfig.KernelMemory = 0
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-24 09:36:45 -05:00
|
|
|
if updateConfig.PidsLimit != nil && *updateConfig.PidsLimit <= 0 {
|
|
|
|
|
// Both `0` and `-1` are accepted to set "unlimited" when updating.
|
|
|
|
|
// Historically, any negative value was accepted, so treat them as
|
|
|
|
|
// "unlimited" as well.
|
|
|
|
|
var unlimited int64
|
|
|
|
|
updateConfig.PidsLimit = &unlimited
|
|
|
|
|
}
|
2015-12-28 06:19:26 -05:00
|
|
|
|
2016-01-12 02:33:41 -05:00
|
|
|
hostConfig := &container.HostConfig{
|
2016-01-04 10:58:20 -05:00
|
|
|
Resources: updateConfig.Resources,
|
|
|
|
|
RestartPolicy: updateConfig.RestartPolicy,
|
2016-01-12 02:33:41 -05:00
|
|
|
}
|
|
|
|
|
|
2015-12-28 06:19:26 -05:00
|
|
|
name := vars["name"]
|
2016-11-30 13:22:07 -05:00
|
|
|
resp, err := s.backend.ContainerUpdate(name, hostConfig)
|
2015-12-28 06:19:26 -05:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-31 11:25:14 -04:00
|
|
|
return httputils.WriteJSON(w, http.StatusOK, resp)
|
2015-12-28 06:19:26 -05:00
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) postContainersCreate(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
2015-09-23 19:42:08 -04:00
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
2015-09-23 19:42:08 -04:00
|
|
|
if err := httputils.CheckForJSON(r); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
2015-09-22 21:06:09 -04:00
|
|
|
|
|
|
|
|
name := r.Form.Get("name")
|
2015-07-28 14:35:24 -04:00
|
|
|
|
2016-03-28 14:22:23 -04:00
|
|
|
config, hostConfig, networkingConfig, err := s.decoder.DecodeConfig(r.Body)
|
2015-07-28 14:35:24 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2015-09-23 19:42:08 -04:00
|
|
|
version := httputils.VersionFromContext(ctx)
|
2016-04-19 10:56:54 -04:00
|
|
|
adjustCPUShares := versions.LessThan(version, "1.19")
|
2015-07-28 14:35:24 -04:00
|
|
|
|
Don't use AutoRemove on older daemons
Docker 1.13 moves the `--rm` flag to the daemon,
through an AutoRemove option in HostConfig.
When using API 1.24 and under, AutoRemove should not be
used, even if the daemon is version 1.13 or above and
"supports" this feature.
This patch fixes a situation where an 1.13 client,
talking to an 1.13 daemon, but using the 1.24 API
version, still set the AutoRemove property.
As a result, both the client _and_ the daemon
were attempting to remove the container, resulting
in an error:
ERRO[0000] error removing container: Error response from daemon:
removal of container ce0976ad22495c7cbe9487752ea32721a282164862db036b2f3377bd07461c3a
is already in progress
In addition, the validation of conflicting options
is moved from `docker run` to `opts.parse()`, so
that conflicting options are also detected when
running `docker create` and `docker start` separately.
To resolve the issue, the `AutoRemove` option is now
always set to `false` both by the client and the
daemon, if API version 1.24 or under is used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-01-12 19:05:39 -05:00
|
|
|
// When using API 1.24 and under, the client is responsible for removing the container
|
|
|
|
|
if hostConfig != nil && versions.LessThan(version, "1.25") {
|
|
|
|
|
hostConfig.AutoRemove = false
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-10 06:20:13 -04:00
|
|
|
if hostConfig != nil && versions.LessThan(version, "1.40") {
|
2018-12-17 05:30:29 -05:00
|
|
|
// Ignore BindOptions.NonRecursive because it was added in API 1.40.
|
2018-10-10 06:20:13 -04:00
|
|
|
for _, m := range hostConfig.Mounts {
|
|
|
|
|
if bo := m.BindOptions; bo != nil {
|
|
|
|
|
bo.NonRecursive = false
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-12-17 05:30:29 -05:00
|
|
|
// Ignore KernelMemoryTCP because it was added in API 1.40.
|
2018-10-27 13:44:52 -04:00
|
|
|
hostConfig.KernelMemoryTCP = 0
|
|
|
|
|
|
daemon: use 'private' ipc mode by default
This changes the default ipc mode of daemon/engine to be private,
meaning the containers will not have their /dev/shm bind-mounted
from the host by default. The benefits of doing this are:
1. No leaked mounts. Eliminate a possibility to leak mounts into
other namespaces (and therefore unfortunate errors like "Unable to
remove filesystem for <ID>: remove /var/lib/docker/containers/<ID>/shm:
device or resource busy").
2. Working checkpoint/restore. Make `docker checkpoint`
not lose the contents of `/dev/shm`, but save it to
the dump, and be restored back upon `docker start --checkpoint`
(currently it is lost -- while CRIU handles tmpfs mounts,
the "shareable" mount is seen as external to container,
and thus rightfully ignored).
3. Better security. Currently any container is opened to share
its /dev/shm with any other container.
Obviously, this change will break the following usage scenario:
$ docker run -d --name donor busybox top
$ docker run --rm -it --ipc container:donor busybox sh
Error response from daemon: linux spec namespaces: can't join IPC
of container <ID>: non-shareable IPC (hint: use IpcMode:shareable
for the donor container)
The soution, as hinted by the (amended) error message, is to
explicitly enable donor sharing by using --ipc shareable:
$ docker run -d --name donor --ipc shareable busybox top
Compatibility notes:
1. This only applies to containers created _after_ this change.
Existing containers are not affected and will work fine
as their ipc mode is stored in HostConfig.
2. Old backward compatible behavior ("shareable" containers
by default) can be enabled by either using
`--default-ipc-mode shareable` daemon command line option,
or by adding a `"default-ipc-mode": "shareable"`
line in `/etc/docker/daemon.json` configuration file.
3. If an older client (API < 1.40) is used, a "shareable" container
is created. A test to check that is added.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-11-27 19:10:44 -05:00
|
|
|
// Older clients (API < 1.40) expects the default to be shareable, make them happy
|
|
|
|
|
if hostConfig.IpcMode.IsEmpty() {
|
2019-10-12 20:07:36 -04:00
|
|
|
hostConfig.IpcMode = container.IPCModeShareable
|
daemon: use 'private' ipc mode by default
This changes the default ipc mode of daemon/engine to be private,
meaning the containers will not have their /dev/shm bind-mounted
from the host by default. The benefits of doing this are:
1. No leaked mounts. Eliminate a possibility to leak mounts into
other namespaces (and therefore unfortunate errors like "Unable to
remove filesystem for <ID>: remove /var/lib/docker/containers/<ID>/shm:
device or resource busy").
2. Working checkpoint/restore. Make `docker checkpoint`
not lose the contents of `/dev/shm`, but save it to
the dump, and be restored back upon `docker start --checkpoint`
(currently it is lost -- while CRIU handles tmpfs mounts,
the "shareable" mount is seen as external to container,
and thus rightfully ignored).
3. Better security. Currently any container is opened to share
its /dev/shm with any other container.
Obviously, this change will break the following usage scenario:
$ docker run -d --name donor busybox top
$ docker run --rm -it --ipc container:donor busybox sh
Error response from daemon: linux spec namespaces: can't join IPC
of container <ID>: non-shareable IPC (hint: use IpcMode:shareable
for the donor container)
The soution, as hinted by the (amended) error message, is to
explicitly enable donor sharing by using --ipc shareable:
$ docker run -d --name donor --ipc shareable busybox top
Compatibility notes:
1. This only applies to containers created _after_ this change.
Existing containers are not affected and will work fine
as their ipc mode is stored in HostConfig.
2. Old backward compatible behavior ("shareable" containers
by default) can be enabled by either using
`--default-ipc-mode shareable` daemon command line option,
or by adding a `"default-ipc-mode": "shareable"`
line in `/etc/docker/daemon.json` configuration file.
3. If an older client (API < 1.40) is used, a "shareable" container
is created. A test to check that is added.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-11-27 19:10:44 -05:00
|
|
|
}
|
2019-05-13 18:04:28 -04:00
|
|
|
}
|
2020-06-05 04:59:52 -04:00
|
|
|
if hostConfig != nil && versions.LessThan(version, "1.41") && !s.cgroup2 {
|
|
|
|
|
// Older clients expect the default to be "host" on cgroup v1 hosts
|
2019-03-14 23:44:18 -04:00
|
|
|
if hostConfig.CgroupnsMode.IsEmpty() {
|
2019-10-13 08:18:57 -04:00
|
|
|
hostConfig.CgroupnsMode = container.CgroupnsModeHost
|
2019-03-14 23:44:18 -04:00
|
|
|
}
|
2018-12-16 10:11:37 -05:00
|
|
|
}
|
|
|
|
|
|
2021-09-21 03:58:31 -04:00
|
|
|
if hostConfig != nil && versions.GreaterThanOrEqualTo(version, "1.42") {
|
|
|
|
|
// Ignore KernelMemory removed in API 1.42.
|
|
|
|
|
hostConfig.KernelMemory = 0
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-19 16:54:48 -04:00
|
|
|
var platform *specs.Platform
|
|
|
|
|
if versions.GreaterThanOrEqualTo(version, "1.41") {
|
|
|
|
|
if v := r.Form.Get("platform"); v != "" {
|
|
|
|
|
p, err := platforms.Parse(v)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return errdefs.InvalidParameter(err)
|
|
|
|
|
}
|
|
|
|
|
platform = &p
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-24 09:36:45 -05:00
|
|
|
if hostConfig != nil && hostConfig.PidsLimit != nil && *hostConfig.PidsLimit <= 0 {
|
|
|
|
|
// Don't set a limit if either no limit was specified, or "unlimited" was
|
|
|
|
|
// explicitly set.
|
|
|
|
|
// Both `0` and `-1` are accepted as "unlimited", and historically any
|
|
|
|
|
// negative value was accepted, so treat those as "unlimited" as well.
|
|
|
|
|
hostConfig.PidsLimit = nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-16 11:56:49 -05:00
|
|
|
ccr, err := s.backend.ContainerCreate(types.ContainerCreateConfig{
|
2016-01-07 19:18:34 -05:00
|
|
|
Name: name,
|
|
|
|
|
Config: config,
|
|
|
|
|
HostConfig: hostConfig,
|
|
|
|
|
NetworkingConfig: networkingConfig,
|
|
|
|
|
AdjustCPUShares: adjustCPUShares,
|
2020-03-19 16:54:48 -04:00
|
|
|
Platform: platform,
|
2016-11-30 13:22:07 -05:00
|
|
|
})
|
2015-07-28 14:35:24 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-23 19:42:08 -04:00
|
|
|
return httputils.WriteJSON(w, http.StatusCreated, ccr)
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) deleteContainers(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
2015-09-23 19:42:08 -04:00
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
name := vars["name"]
|
2015-12-04 15:34:43 -05:00
|
|
|
config := &types.ContainerRmConfig{
|
2015-09-23 19:42:08 -04:00
|
|
|
ForceRemove: httputils.BoolValue(r, "force"),
|
|
|
|
|
RemoveVolume: httputils.BoolValue(r, "v"),
|
|
|
|
|
RemoveLink: httputils.BoolValue(r, "link"),
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
if err := s.backend.ContainerRm(name, config); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.WriteHeader(http.StatusNoContent)
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) postContainersResize(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
2015-09-23 19:42:08 -04:00
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
height, err := strconv.Atoi(r.Form.Get("h"))
|
|
|
|
|
if err != nil {
|
2017-11-28 23:09:37 -05:00
|
|
|
return errdefs.InvalidParameter(err)
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
width, err := strconv.Atoi(r.Form.Get("w"))
|
|
|
|
|
if err != nil {
|
2017-11-28 23:09:37 -05:00
|
|
|
return errdefs.InvalidParameter(err)
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
return s.backend.ContainerResize(vars["name"], height, width)
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) postContainersAttach(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
2016-01-03 17:03:39 -05:00
|
|
|
err := httputils.ParseForm(r)
|
|
|
|
|
if err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
2015-09-17 15:57:57 -04:00
|
|
|
containerName := vars["name"]
|
2015-07-28 14:35:24 -04:00
|
|
|
|
2015-12-16 01:41:46 -05:00
|
|
|
_, upgrade := r.Header["Upgrade"]
|
2016-01-03 17:03:39 -05:00
|
|
|
detachKeys := r.FormValue("detachKeys")
|
|
|
|
|
|
2016-01-05 16:23:24 -05:00
|
|
|
hijacker, ok := w.(http.Hijacker)
|
|
|
|
|
if !ok {
|
2017-11-28 23:09:37 -05:00
|
|
|
return errdefs.InvalidParameter(errors.Errorf("error attaching to container %s, hijack connection missing", containerName))
|
2016-01-05 16:23:24 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
setupStreams := func() (io.ReadCloser, io.Writer, io.Writer, error) {
|
|
|
|
|
conn, _, err := hijacker.Hijack()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, nil, nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// set raw mode
|
|
|
|
|
conn.Write([]byte{})
|
|
|
|
|
|
|
|
|
|
if upgrade {
|
|
|
|
|
fmt.Fprintf(conn, "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n\r\n")
|
|
|
|
|
} else {
|
|
|
|
|
fmt.Fprintf(conn, "HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
closer := func() error {
|
|
|
|
|
httputils.CloseStreams(conn)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
return ioutils.NewReadCloserWrapper(conn, closer), conn, conn, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
attachConfig := &backend.ContainerAttachConfig{
|
|
|
|
|
GetStreams: setupStreams,
|
2016-01-03 17:03:39 -05:00
|
|
|
UseStdin: httputils.BoolValue(r, "stdin"),
|
|
|
|
|
UseStdout: httputils.BoolValue(r, "stdout"),
|
|
|
|
|
UseStderr: httputils.BoolValue(r, "stderr"),
|
|
|
|
|
Logs: httputils.BoolValue(r, "logs"),
|
|
|
|
|
Stream: httputils.BoolValue(r, "stream"),
|
2016-03-23 07:34:47 -04:00
|
|
|
DetachKeys: detachKeys,
|
2016-01-05 16:23:24 -05:00
|
|
|
MuxStreams: true,
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
|
2016-03-23 07:34:47 -04:00
|
|
|
if err = s.backend.ContainerAttach(containerName, attachConfig); err != nil {
|
|
|
|
|
logrus.Errorf("Handler for %s %s returned error: %v", r.Method, r.URL.Path, err)
|
|
|
|
|
// Remember to close stream if error happens
|
|
|
|
|
conn, _, errHijack := hijacker.Hijack()
|
|
|
|
|
if errHijack == nil {
|
errdefs: move GetHTTPErrorStatusCode to api/server/httpstatus
This reverts the changes made in 2a9c987e5a72549775ffa4dc31595ceff4f06a78, which
moved the GetHTTPErrorStatusCode() utility to the errdefs package.
While it seemed to make sense at the time to have the errdefs package provide
conversion both from HTTP status codes errdefs and the reverse, a side-effect
of the move was that the errdefs package now had a dependency on various external
modules, to handle conversio of errors coming from those sub-systems, such as;
- github.com/containerd/containerd
- github.com/docker/distribution
- google.golang.org/grpc
This patch moves the conversion from (errdef-) errors to HTTP status-codes to a
api/server/httpstatus package, which is only used by the API server, and should
not be needed by client-code using the errdefs package.
The MakeErrorHandler() utility was moved to the API server itself, as that's the
only place it's used. While the same applies to the GetHTTPErrorStatusCode func,
I opted for keeping that in its own package for a slightly cleaner interface.
Why not move it into the api/server/httputils package?
The api/server/httputils package is also imported in the client package, which
uses the httputils.ParseForm() and httputils.HijackConnection() functions as
part of the TestTLSCloseWriter() test. While this is only used in tests, I
wanted to avoid introducing the indirect depdencencies outside of the api/server
code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-21 06:27:39 -04:00
|
|
|
statusCode := httpstatus.FromError(err)
|
2016-03-23 07:34:47 -04:00
|
|
|
statusText := http.StatusText(statusCode)
|
|
|
|
|
fmt.Fprintf(conn, "HTTP/1.1 %d %s\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n%s\r\n", statusCode, statusText, err.Error())
|
|
|
|
|
httputils.CloseStreams(conn)
|
|
|
|
|
} else {
|
|
|
|
|
logrus.Errorf("Error Hijacking: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
|
2015-11-04 20:38:05 -05:00
|
|
|
func (s *containerRouter) wsContainersAttach(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
2015-09-23 19:42:08 -04:00
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
2015-07-28 14:35:24 -04:00
|
|
|
return err
|
|
|
|
|
}
|
2015-09-17 15:57:57 -04:00
|
|
|
containerName := vars["name"]
|
2015-07-28 14:35:24 -04:00
|
|
|
|
2016-01-03 17:03:39 -05:00
|
|
|
var err error
|
|
|
|
|
detachKeys := r.FormValue("detachKeys")
|
|
|
|
|
|
2016-01-05 16:23:24 -05:00
|
|
|
done := make(chan struct{})
|
|
|
|
|
started := make(chan struct{})
|
2015-07-28 14:35:24 -04:00
|
|
|
|
2017-01-25 22:07:27 -05:00
|
|
|
version := httputils.VersionFromContext(ctx)
|
|
|
|
|
|
2016-01-05 16:23:24 -05:00
|
|
|
setupStreams := func() (io.ReadCloser, io.Writer, io.Writer, error) {
|
|
|
|
|
wsChan := make(chan *websocket.Conn)
|
|
|
|
|
h := func(conn *websocket.Conn) {
|
|
|
|
|
wsChan <- conn
|
|
|
|
|
<-done
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
|
|
|
|
|
2016-01-05 16:23:24 -05:00
|
|
|
srv := websocket.Server{Handler: h, Handshake: nil}
|
|
|
|
|
go func() {
|
|
|
|
|
close(started)
|
|
|
|
|
srv.ServeHTTP(w, r)
|
|
|
|
|
}()
|
2015-07-28 14:35:24 -04:00
|
|
|
|
2016-01-05 16:23:24 -05:00
|
|
|
conn := <-wsChan
|
2017-03-13 21:31:48 -04:00
|
|
|
// In case version 1.28 and above, a binary frame will be sent.
|
2017-01-25 22:07:27 -05:00
|
|
|
// See 28176 for details.
|
2017-03-13 21:31:48 -04:00
|
|
|
if versions.GreaterThanOrEqualTo(version, "1.28") {
|
2017-01-25 22:07:27 -05:00
|
|
|
conn.PayloadType = websocket.BinaryFrame
|
|
|
|
|
}
|
2016-01-05 16:23:24 -05:00
|
|
|
return conn, conn, conn, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
attachConfig := &backend.ContainerAttachConfig{
|
|
|
|
|
GetStreams: setupStreams,
|
|
|
|
|
Logs: httputils.BoolValue(r, "logs"),
|
|
|
|
|
Stream: httputils.BoolValue(r, "stream"),
|
2016-03-23 07:34:47 -04:00
|
|
|
DetachKeys: detachKeys,
|
2016-01-05 16:23:24 -05:00
|
|
|
UseStdin: true,
|
|
|
|
|
UseStdout: true,
|
|
|
|
|
UseStderr: true,
|
|
|
|
|
MuxStreams: false, // TODO: this should be true since it's a single stream for both stdout and stderr
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = s.backend.ContainerAttach(containerName, attachConfig)
|
|
|
|
|
close(done)
|
|
|
|
|
select {
|
|
|
|
|
case <-started:
|
2017-12-06 09:45:33 -05:00
|
|
|
if err != nil {
|
|
|
|
|
logrus.Errorf("Error attaching websocket: %s", err)
|
|
|
|
|
} else {
|
|
|
|
|
logrus.Debug("websocket connection was closed by client")
|
|
|
|
|
}
|
2016-01-05 16:23:24 -05:00
|
|
|
return nil
|
|
|
|
|
default:
|
|
|
|
|
}
|
|
|
|
|
return err
|
2015-07-28 14:35:24 -04:00
|
|
|
}
|
2016-08-23 19:25:43 -04:00
|
|
|
|
|
|
|
|
func (s *containerRouter) postContainersPrune(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
|
|
|
|
|
if err := httputils.ParseForm(r); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-26 07:59:45 -04:00
|
|
|
pruneFilters, err := filters.FromJSON(r.Form.Get("filters"))
|
2016-11-17 00:46:37 -05:00
|
|
|
if err != nil {
|
2022-03-02 07:52:51 -05:00
|
|
|
return err
|
2016-08-23 19:25:43 -04:00
|
|
|
}
|
|
|
|
|
|
2017-04-11 15:52:33 -04:00
|
|
|
pruneReport, err := s.backend.ContainersPrune(ctx, pruneFilters)
|
2016-08-23 19:25:43 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
return httputils.WriteJSON(w, http.StatusOK, pruneReport)
|
|
|
|
|
}
|