2014-02-11 23:04:39 -05:00
|
|
|
package runconfig
|
|
|
|
|
|
|
|
import (
|
2015-04-10 20:05:21 -04:00
|
|
|
"encoding/json"
|
2015-09-09 22:23:06 -04:00
|
|
|
"fmt"
|
2015-04-10 20:05:21 -04:00
|
|
|
"io"
|
|
|
|
|
2016-09-06 14:18:12 -04:00
|
|
|
"github.com/docker/docker/api/types/container"
|
|
|
|
networktypes "github.com/docker/docker/api/types/network"
|
2016-06-07 15:05:43 -04:00
|
|
|
"github.com/docker/docker/pkg/sysinfo"
|
2015-09-09 22:23:06 -04:00
|
|
|
"github.com/docker/docker/volume"
|
2014-02-11 23:04:39 -05:00
|
|
|
)
|
|
|
|
|
2016-03-28 14:22:23 -04:00
|
|
|
// ContainerDecoder implements httputils.ContainerDecoder
|
|
|
|
// calling DecodeContainerConfig.
|
|
|
|
type ContainerDecoder struct{}
|
|
|
|
|
|
|
|
// DecodeConfig makes ContainerDecoder to implement httputils.ContainerDecoder
|
|
|
|
func (r ContainerDecoder) DecodeConfig(src io.Reader) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
|
|
|
|
return DecodeContainerConfig(src)
|
|
|
|
}
|
|
|
|
|
|
|
|
// DecodeHostConfig makes ContainerDecoder to implement httputils.ContainerDecoder
|
|
|
|
func (r ContainerDecoder) DecodeHostConfig(src io.Reader) (*container.HostConfig, error) {
|
|
|
|
return DecodeHostConfig(src)
|
|
|
|
}
|
|
|
|
|
2015-06-06 12:41:42 -04:00
|
|
|
// DecodeContainerConfig decodes a json encoded config into a ContainerConfigWrapper
|
2016-04-05 08:53:04 -04:00
|
|
|
// struct and returns both a Config and a HostConfig struct
|
2015-06-06 12:41:42 -04:00
|
|
|
// Be aware this function is not checking whether the resulted structs are nil,
|
|
|
|
// it's your business to do so
|
2016-01-07 19:18:34 -05:00
|
|
|
func DecodeContainerConfig(src io.Reader) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
|
2015-04-10 20:05:21 -04:00
|
|
|
var w ContainerConfigWrapper
|
2015-09-09 22:23:06 -04:00
|
|
|
|
|
|
|
decoder := json.NewDecoder(src)
|
2015-04-10 20:05:21 -04:00
|
|
|
if err := decoder.Decode(&w); err != nil {
|
2016-01-07 19:18:34 -05:00
|
|
|
return nil, nil, nil, err
|
2014-02-11 23:04:39 -05:00
|
|
|
}
|
2015-04-10 20:05:21 -04:00
|
|
|
|
2015-07-09 18:12:36 -04:00
|
|
|
hc := w.getHostConfig()
|
|
|
|
|
2015-09-09 22:23:06 -04:00
|
|
|
// Perform platform-specific processing of Volumes and Binds.
|
|
|
|
if w.Config != nil && hc != nil {
|
|
|
|
|
2015-12-13 11:00:39 -05:00
|
|
|
// Initialize the volumes map if currently nil
|
2015-09-09 22:23:06 -04:00
|
|
|
if w.Config.Volumes == nil {
|
|
|
|
w.Config.Volumes = make(map[string]struct{})
|
|
|
|
}
|
|
|
|
|
|
|
|
// Now validate all the volumes and binds
|
2016-09-22 16:14:15 -04:00
|
|
|
if err := validateMountSettings(w.Config, hc); err != nil {
|
2016-01-07 19:18:34 -05:00
|
|
|
return nil, nil, nil, err
|
2015-09-09 22:23:06 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-07-09 18:12:36 -04:00
|
|
|
// Certain parameters need daemon-side validation that cannot be done
|
|
|
|
// on the client, as only the daemon knows what is valid for the platform.
|
2017-03-10 12:39:22 -05:00
|
|
|
if err := validateNetMode(w.Config, hc); err != nil {
|
2016-01-07 19:18:34 -05:00
|
|
|
return nil, nil, nil, err
|
2015-07-09 18:12:36 -04:00
|
|
|
}
|
|
|
|
|
2016-02-03 15:07:00 -05:00
|
|
|
// Validate isolation
|
2017-03-10 12:39:22 -05:00
|
|
|
if err := validateIsolation(hc); err != nil {
|
2016-01-07 19:18:34 -05:00
|
|
|
return nil, nil, nil, err
|
2015-09-18 21:21:57 -04:00
|
|
|
}
|
2016-02-24 20:51:46 -05:00
|
|
|
|
|
|
|
// Validate QoS
|
2017-03-10 12:39:22 -05:00
|
|
|
if err := validateQoS(hc); err != nil {
|
2016-02-24 20:51:46 -05:00
|
|
|
return nil, nil, nil, err
|
|
|
|
}
|
2016-06-07 15:15:50 -04:00
|
|
|
|
2016-06-07 15:05:43 -04:00
|
|
|
// Validate Resources
|
2017-03-10 12:39:22 -05:00
|
|
|
if err := validateResources(hc, sysinfo.New(true)); err != nil {
|
2016-06-07 15:05:43 -04:00
|
|
|
return nil, nil, nil, err
|
|
|
|
}
|
2017-03-10 12:39:22 -05:00
|
|
|
|
|
|
|
// Validate Privileged
|
|
|
|
if err := validatePrivileged(hc); err != nil {
|
|
|
|
return nil, nil, nil, err
|
|
|
|
}
|
|
|
|
|
2017-05-08 12:29:37 -04:00
|
|
|
// Validate ReadonlyRootfs
|
|
|
|
if err := validateReadonlyRootfs(hc); err != nil {
|
|
|
|
return nil, nil, nil, err
|
|
|
|
}
|
|
|
|
|
2016-01-07 19:18:34 -05:00
|
|
|
return w.Config, hc, w.NetworkingConfig, nil
|
2014-02-11 23:04:39 -05:00
|
|
|
}
|
2015-09-09 22:23:06 -04:00
|
|
|
|
2016-09-22 16:14:15 -04:00
|
|
|
// validateMountSettings validates each of the volumes and bind settings
|
2015-09-09 22:23:06 -04:00
|
|
|
// passed by the caller to ensure they are valid.
|
2016-09-22 16:14:15 -04:00
|
|
|
func validateMountSettings(c *container.Config, hc *container.HostConfig) error {
|
|
|
|
// it is ok to have len(hc.Mounts) > 0 && (len(hc.Binds) > 0 || len (c.Volumes) > 0 || len (hc.Tmpfs) > 0 )
|
2015-09-09 22:23:06 -04:00
|
|
|
|
|
|
|
// Ensure all volumes and binds are valid.
|
|
|
|
for spec := range c.Volumes {
|
Add new `HostConfig` field, `Mounts`.
`Mounts` allows users to specify in a much safer way the volumes they
want to use in the container.
This replaces `Binds` and `Volumes`, which both still exist, but
`Mounts` and `Binds`/`Volumes` are exclussive.
The CLI will continue to use `Binds` and `Volumes` due to concerns with
parsing the volume specs on the client side and cross-platform support
(for now).
The new API follows exactly the services mount API.
Example usage of `Mounts`:
```
$ curl -XPOST localhost:2375/containers/create -d '{
"Image": "alpine:latest",
"HostConfig": {
"Mounts": [{
"Type": "Volume",
"Target": "/foo"
},{
"Type": "bind",
"Source": "/var/run/docker.sock",
"Target": "/var/run/docker.sock",
},{
"Type": "volume",
"Name": "important_data",
"Target": "/var/data",
"ReadOnly": true,
"VolumeOptions": {
"DriverConfig": {
Name: "awesomeStorage",
Options: {"size": "10m"},
Labels: {"some":"label"}
}
}]
}
}'
```
There are currently 2 types of mounts:
- **bind**: Paths on the host that get mounted into the
container. Paths must exist prior to creating the container.
- **volume**: Volumes that persist after the
container is removed.
Not all fields are available in each type, and validation is done to
ensure these fields aren't mixed up between types.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-04-26 14:25:35 -04:00
|
|
|
if _, err := volume.ParseMountRaw(spec, hc.VolumeDriver); err != nil {
|
|
|
|
return fmt.Errorf("invalid volume spec %q: %v", spec, err)
|
2015-09-09 22:23:06 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
for _, spec := range hc.Binds {
|
Add new `HostConfig` field, `Mounts`.
`Mounts` allows users to specify in a much safer way the volumes they
want to use in the container.
This replaces `Binds` and `Volumes`, which both still exist, but
`Mounts` and `Binds`/`Volumes` are exclussive.
The CLI will continue to use `Binds` and `Volumes` due to concerns with
parsing the volume specs on the client side and cross-platform support
(for now).
The new API follows exactly the services mount API.
Example usage of `Mounts`:
```
$ curl -XPOST localhost:2375/containers/create -d '{
"Image": "alpine:latest",
"HostConfig": {
"Mounts": [{
"Type": "Volume",
"Target": "/foo"
},{
"Type": "bind",
"Source": "/var/run/docker.sock",
"Target": "/var/run/docker.sock",
},{
"Type": "volume",
"Name": "important_data",
"Target": "/var/data",
"ReadOnly": true,
"VolumeOptions": {
"DriverConfig": {
Name: "awesomeStorage",
Options: {"size": "10m"},
Labels: {"some":"label"}
}
}]
}
}'
```
There are currently 2 types of mounts:
- **bind**: Paths on the host that get mounted into the
container. Paths must exist prior to creating the container.
- **volume**: Volumes that persist after the
container is removed.
Not all fields are available in each type, and validation is done to
ensure these fields aren't mixed up between types.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-04-26 14:25:35 -04:00
|
|
|
if _, err := volume.ParseMountRaw(spec, hc.VolumeDriver); err != nil {
|
|
|
|
return fmt.Errorf("invalid bind mount spec %q: %v", spec, err)
|
2015-09-09 22:23:06 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|