From 02309170a5fb97d40260d0ee9e24b44be8c780b2 Mon Sep 17 00:00:00 2001 From: John Howard Date: Tue, 27 Sep 2016 10:26:59 -0700 Subject: [PATCH] Remove hacked Windows OCI spec, compile fixups Signed-off-by: John Howard --- daemon/exec_linux.go | 3 +- daemon/oci_linux.go | 5 +- daemon/oci_solaris.go | 6 +- daemon/oci_windows.go | 27 ++-- daemon/volumes_windows.go | 2 +- libcontainerd/client_linux.go | 2 +- libcontainerd/client_windows.go | 9 +- libcontainerd/container_windows.go | 3 +- libcontainerd/types.go | 3 +- libcontainerd/types_linux.go | 11 +- libcontainerd/types_solaris.go | 13 -- libcontainerd/types_windows.go | 10 +- libcontainerd/windowsoci/oci_windows.go | 199 ------------------------ libcontainerd/windowsoci/unsupported.go | 3 - oci/defaults_linux.go | 2 +- oci/defaults_windows.go | 12 +- plugin/manager_linux.go | 3 +- 17 files changed, 44 insertions(+), 269 deletions(-) delete mode 100644 libcontainerd/windowsoci/oci_windows.go delete mode 100644 libcontainerd/windowsoci/unsupported.go diff --git a/daemon/exec_linux.go b/daemon/exec_linux.go index a2c86b2868..5aeedc3470 100644 --- a/daemon/exec_linux.go +++ b/daemon/exec_linux.go @@ -5,6 +5,7 @@ import ( "github.com/docker/docker/daemon/caps" "github.com/docker/docker/daemon/exec" "github.com/docker/docker/libcontainerd" + "github.com/opencontainers/runtime-spec/specs-go" ) func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainerd.Process) error { @@ -13,7 +14,7 @@ func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainer if err != nil { return err } - p.User = &libcontainerd.User{ + p.User = &specs.User{ UID: uid, GID: gid, AdditionalGids: additionalGids, diff --git a/daemon/oci_linux.go b/daemon/oci_linux.go index e74ca33a65..6e134132a7 100644 --- a/daemon/oci_linux.go +++ b/daemon/oci_linux.go @@ -14,7 +14,6 @@ import ( containertypes "github.com/docker/docker/api/types/container" "github.com/docker/docker/container" "github.com/docker/docker/daemon/caps" - "github.com/docker/docker/libcontainerd" "github.com/docker/docker/oci" "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/mount" @@ -614,7 +613,7 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container) return nil } -func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, error) { +func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) { s := oci.DefaultSpec() if err := daemon.populateCommonSpec(&s, c); err != nil { return nil, err @@ -710,7 +709,7 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e s.Process.NoNewPrivileges = c.NoNewPrivileges s.Linux.MountLabel = c.MountLabel - return (*libcontainerd.Spec)(&s), nil + return (*specs.Spec)(&s), nil } func clearReadOnly(m *specs.Mount) { diff --git a/daemon/oci_solaris.go b/daemon/oci_solaris.go index 771baac683..76094e3da5 100644 --- a/daemon/oci_solaris.go +++ b/daemon/oci_solaris.go @@ -3,13 +3,13 @@ package daemon import ( containertypes "github.com/docker/docker/api/types/container" "github.com/docker/docker/container" - "github.com/docker/docker/libcontainerd" "github.com/docker/docker/oci" + "github.com/opencontainers/runtime-spec/specs-go" ) -func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, error) { +func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) { s := oci.DefaultSpec() - return (*libcontainerd.Spec)(&s), nil + return (*specs.Spec)(&s), nil } // mergeUlimits merge the Ulimits from HostConfig with daemon defaults, and update HostConfig diff --git a/daemon/oci_windows.go b/daemon/oci_windows.go index 4f2947cf79..6876924c01 100644 --- a/daemon/oci_windows.go +++ b/daemon/oci_windows.go @@ -5,12 +5,11 @@ import ( containertypes "github.com/docker/docker/api/types/container" "github.com/docker/docker/container" - "github.com/docker/docker/libcontainerd" - "github.com/docker/docker/libcontainerd/windowsoci" "github.com/docker/docker/oci" + "github.com/opencontainers/runtime-spec/specs-go" ) -func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, error) { +func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) { s := oci.DefaultSpec() linkedEnv, err := daemon.setupLinkedContainers(c) @@ -33,7 +32,7 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e return nil, err } for _, mount := range mounts { - m := windowsoci.Mount{ + m := specs.Mount{ Source: mount.Source, Destination: mount.Destination, } @@ -71,25 +70,27 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e // In s.Windows.Resources // @darrenstahlmsft implement these resources - cpuShares := uint64(c.HostConfig.CPUShares) - s.Windows.Resources = &windowsoci.WindowsResources{ - CPU: &windowsoci.WindowsCPU{ - Percent: &c.HostConfig.CPUPercent, + cpuShares := uint16(c.HostConfig.CPUShares) + cpuPercent := uint8(c.HostConfig.CPUPercent) + memoryLimit := uint64(c.HostConfig.Memory) + s.Windows.Resources = &specs.WindowsResources{ + CPU: &specs.WindowsCPUResources{ + Percent: &cpuPercent, Shares: &cpuShares, }, - Memory: &windowsoci.WindowsMemory{ - Limit: &c.HostConfig.Memory, + Memory: &specs.WindowsMemoryResources{ + Limit: &memoryLimit, //TODO Reservation: ..., }, - Network: &windowsoci.WindowsNetwork{ + Network: &specs.WindowsNetworkResources{ //TODO Bandwidth: ..., }, - Storage: &windowsoci.WindowsStorage{ + Storage: &specs.WindowsStorageResources{ Bps: &c.HostConfig.IOMaximumBandwidth, Iops: &c.HostConfig.IOMaximumIOps, }, } - return (*libcontainerd.Spec)(&s), nil + return (*specs.Spec)(&s), nil } func escapeArgs(args []string) []string { diff --git a/daemon/volumes_windows.go b/daemon/volumes_windows.go index 98698ee752..bf7fc478a1 100644 --- a/daemon/volumes_windows.go +++ b/daemon/volumes_windows.go @@ -15,7 +15,7 @@ import ( // It also ensures each of the mounts are lexographically sorted. // BUGBUG TODO Windows containerd. This would be much better if it returned -// an array of windowsoci mounts, not container mounts. Then no need to +// an array of runtime spec mounts, not container mounts. Then no need to // do multiple transitions. func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, error) { diff --git a/libcontainerd/client_linux.go b/libcontainerd/client_linux.go index cdc1f69219..680edc713c 100644 --- a/libcontainerd/client_linux.go +++ b/libcontainerd/client_linux.go @@ -133,7 +133,7 @@ func (clnt *client) prepareBundleDir(uid, gid int) (string, error) { return p, nil } -func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec Spec, options ...CreateOption) (err error) { +func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec specs.Spec, options ...CreateOption) (err error) { clnt.lock(containerID) defer clnt.unlock(containerID) diff --git a/libcontainerd/client_windows.go b/libcontainerd/client_windows.go index b6a4b6b939..86dd9c60de 100644 --- a/libcontainerd/client_windows.go +++ b/libcontainerd/client_windows.go @@ -13,6 +13,7 @@ import ( "github.com/Microsoft/hcsshim" "github.com/Sirupsen/logrus" + "github.com/opencontainers/runtime-spec/specs-go" ) type client struct { @@ -92,7 +93,7 @@ const defaultOwner = "docker" // }, // "Servicing": false //} -func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec Spec, options ...CreateOption) error { +func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec specs.Spec, options ...CreateOption) error { clnt.lock(containerID) defer clnt.unlock(containerID) logrus.Debugln("libcontainerd: client.Create() with spec", spec) @@ -109,15 +110,15 @@ func (clnt *client) Create(containerID string, checkpoint string, checkpointDir if spec.Windows.Resources != nil { if spec.Windows.Resources.CPU != nil { if spec.Windows.Resources.CPU.Shares != nil { - configuration.ProcessorWeight = *spec.Windows.Resources.CPU.Shares + configuration.ProcessorWeight = uint64(*spec.Windows.Resources.CPU.Shares) } if spec.Windows.Resources.CPU.Percent != nil { - configuration.ProcessorMaximum = *spec.Windows.Resources.CPU.Percent * 100 // ProcessorMaximum is a value between 1 and 10000 + configuration.ProcessorMaximum = int64(*spec.Windows.Resources.CPU.Percent * 100) // ProcessorMaximum is a value between 1 and 10000 } } if spec.Windows.Resources.Memory != nil { if spec.Windows.Resources.Memory.Limit != nil { - configuration.MemoryMaximumInMB = *spec.Windows.Resources.Memory.Limit / 1024 / 1024 + configuration.MemoryMaximumInMB = int64(*spec.Windows.Resources.Memory.Limit / 1024 / 1024) } } if spec.Windows.Resources.Storage != nil { diff --git a/libcontainerd/container_windows.go b/libcontainerd/container_windows.go index 7fba21d1b8..5d7407f0fa 100644 --- a/libcontainerd/container_windows.go +++ b/libcontainerd/container_windows.go @@ -8,6 +8,7 @@ import ( "github.com/Microsoft/hcsshim" "github.com/Sirupsen/logrus" + "github.com/opencontainers/runtime-spec/specs-go" ) type container struct { @@ -19,7 +20,7 @@ type container struct { // The ociSpec is required, as client.Create() needs a spec, // but can be called from the RestartManager context which does not // otherwise have access to the Spec - ociSpec Spec + ociSpec specs.Spec manualStopRequested bool hcsContainer hcsshim.Container diff --git a/libcontainerd/types.go b/libcontainerd/types.go index fcb971137d..8eea36384b 100644 --- a/libcontainerd/types.go +++ b/libcontainerd/types.go @@ -3,6 +3,7 @@ package libcontainerd import ( "io" + "github.com/opencontainers/runtime-spec/specs-go" "golang.org/x/net/context" ) @@ -36,7 +37,7 @@ type Backend interface { // Client provides access to containerd features. type Client interface { - Create(containerID string, checkpoint string, checkpointDir string, spec Spec, options ...CreateOption) error + Create(containerID string, checkpoint string, checkpointDir string, spec specs.Spec, options ...CreateOption) error Signal(containerID string, sig int) error SignalProcess(containerID string, processFriendlyName string, sig int) error AddProcess(ctx context.Context, containerID, processFriendlyName string, process Process) error diff --git a/libcontainerd/types_linux.go b/libcontainerd/types_linux.go index 10893f7f66..8cd2393ab6 100644 --- a/libcontainerd/types_linux.go +++ b/libcontainerd/types_linux.go @@ -5,17 +5,12 @@ import ( "github.com/opencontainers/runtime-spec/specs-go" ) -// Spec is the base configuration for the container. It specifies platform -// independent configuration. This information must be included when the -// bundle is packaged for distribution. -type Spec specs.Spec - // Process contains information to start a specific application inside the container. type Process struct { // Terminal creates an interactive terminal for the container. Terminal bool `json:"terminal"` // User specifies user information for the process. - User *User `json:"user"` + User *specs.User `json:"user"` // Args specifies the binary and arguments for the application to execute. Args []string `json:"args"` // Env populates the process environment for the process. @@ -47,10 +42,6 @@ type Stats containerd.StatsResponse // Summary contains a container summary from containerd type Summary struct{} -// User specifies linux specific user and group information for the container's -// main process. -type User specs.User - // Resources defines updatable container resource values. type Resources containerd.UpdateResource diff --git a/libcontainerd/types_solaris.go b/libcontainerd/types_solaris.go index e818d49ac1..b5954a8e75 100644 --- a/libcontainerd/types_solaris.go +++ b/libcontainerd/types_solaris.go @@ -1,14 +1,5 @@ package libcontainerd -import ( - "github.com/opencontainers/runtime-spec/specs-go" -) - -// Spec is the base configuration for the container. It specifies platform -// independent configuration. This information must be included when the -// bundle is packaged for distribution. -type Spec specs.Spec - // Process contains information to start a specific application inside the container. type Process struct { // Terminal creates an interactive terminal for the container. @@ -30,9 +21,5 @@ type StateInfo struct { // Platform specific StateInfo } -// User specifies Solaris specific user and group information for the container's -// main process. -type User specs.User - // Resources defines updatable container resource values. type Resources struct{} diff --git a/libcontainerd/types_windows.go b/libcontainerd/types_windows.go index 5a50771a74..10c6e61623 100644 --- a/libcontainerd/types_windows.go +++ b/libcontainerd/types_windows.go @@ -2,17 +2,11 @@ package libcontainerd import ( "github.com/Microsoft/hcsshim" - "github.com/docker/docker/libcontainerd/windowsoci" + "github.com/opencontainers/runtime-spec/specs-go" ) -// Spec is the base configuration for the container. -type Spec windowsoci.Spec - // Process contains information to start a specific application inside the container. -type Process windowsoci.Process - -// User specifies user information for the containers main process. -type User windowsoci.User +type Process specs.Process // Summary contains a ProcessList item from HCS to support `top` type Summary hcsshim.ProcessListItem diff --git a/libcontainerd/windowsoci/oci_windows.go b/libcontainerd/windowsoci/oci_windows.go deleted file mode 100644 index aa54e333aa..0000000000 --- a/libcontainerd/windowsoci/oci_windows.go +++ /dev/null @@ -1,199 +0,0 @@ -package windowsoci - -// This file contains the Windows spec for a container. At the time of -// writing, Windows does not have a spec defined in opencontainers/specs, -// hence this is an interim workaround. TODO Windows: FIXME @jhowardmsft - -import "fmt" - -// Spec is the base configuration for the container. -type Spec struct { - // Version of the Open Container Runtime Specification with which the bundle complies. - Version string `json:"ociVersion"` - // Platform specifies the configuration's target platform. - Platform Platform `json:"platform"` - // Process configures the container process. - Process Process `json:"process"` - // Root configures the container's root filesystem. - Root Root `json:"root"` - // Hostname configures the container's hostname. - Hostname string `json:"hostname,omitempty"` - // Mounts configures additional mounts (on top of Root). - Mounts []Mount `json:"mounts,omitempty"` - // Hooks configures callbacks for container lifecycle events. - Hooks Hooks `json:"hooks"` - // Annotations contains arbitrary metadata for the container. - Annotations map[string]string `json:"annotations,omitempty"` - - // Linux is platform specific configuration for Linux based containers. - Linux *Linux `json:"linux,omitempty" platform:"linux"` - // Solaris is platform specific configuration for Solaris containers. - Solaris *Solaris `json:"solaris,omitempty" platform:"solaris"` - // Windows is platform specific configuration for Windows based containers, including Hyper-V containers. - Windows *Windows `json:"windows,omitempty" platform:"windows"` -} - -// Windows contains platform specific configuration for Windows based containers. -type Windows struct { - // Resources contains information for handling resource constraints for the container - Resources *WindowsResources `json:"resources,omitempty"` -} - -// Process contains information to start a specific application inside the container. -type Process struct { - // Terminal creates an interactive terminal for the container. - Terminal bool `json:"terminal,omitempty"` - // User specifies user information for the process. - User User `json:"user"` - // Args specifies the binary and arguments for the application to execute. - Args []string `json:"args"` - // Env populates the process environment for the process. - Env []string `json:"env,omitempty"` - // Cwd is the current working directory for the process and must be - // relative to the container's root. - Cwd string `json:"cwd"` - // Capabilities are Linux capabilities that are kept for the container. - Capabilities []string `json:"capabilities,omitempty" platform:"linux"` - // Rlimits specifies rlimit options to apply to the process. - Rlimits []Rlimit `json:"rlimits,omitempty" platform:"linux"` - // NoNewPrivileges controls whether additional privileges could be gained by processes in the container. - NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux"` - // ApparmorProfile specifies the apparmor profile for the container. - ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"` - // SelinuxLabel specifies the selinux context that the container process is run as. - SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"` - // ConsoleSize contains the initial size of the console. - ConsoleSize Box `json:"consoleSize" platform:"windows"` -} - -// Box specifies height and width dimensions. Used for sizing of a console. -type Box struct { - Height uint - Width uint -} - -// User specifies specific user (and group) information for the container process. -type User struct { - // UID is the user id. - UID uint32 `json:"uid" platform:"linux,solaris"` - // GID is the group id. - GID uint32 `json:"gid" platform:"linux,solaris"` - // AdditionalGids are additional group ids set for the container's process. - AdditionalGids []uint32 `json:"additionalGids,omitempty" platform:"linux,solaris"` - // Username is the user name. - Username string `json:"username,omitempty" platform:"windows"` -} - -// Root contains information about the container's root filesystem on the host. -type Root struct { - // Path is the absolute path to the container's root filesystem. - Path string `json:"path"` - // Readonly makes the root filesystem for the container readonly before the process is executed. - Readonly bool `json:"readonly"` -} - -// Platform specifies OS and arch information for the host system that the container -// is created for. -type Platform struct { - // OS is the operating system. - OS string `json:"os"` - // Arch is the architecture - Arch string `json:"arch"` -} - -// Mount specifies a mount for a container. -type Mount struct { - // Destination is the path where the mount will be placed relative to the container's root. The path and child directories MUST exist, a runtime MUST NOT create directories automatically to a mount point. - Destination string `json:"destination"` - // Type specifies the mount kind. - Type string `json:"type"` - // Source specifies the source path of the mount. In the case of bind mounts on - // Linux based systems this would be the file on the host. - Source string `json:"source"` - // Options are fstab style mount options. - Options []string `json:"options,omitempty"` -} - -// WindowsStorage contains storage resource management settings -type WindowsStorage struct { - // Specifies maximum Iops for the system drive - Iops *uint64 `json:"iops,omitempty"` - // Specifies maximum bytes per second for the system drive - Bps *uint64 `json:"bps,omitempty"` - // Sandbox size indicates the size to expand the system drive to if it is currently smaller - SandboxSize *uint64 `json:"sandbox_size,omitempty"` -} - -// WindowsMemory contains memory settings for the container -type WindowsMemory struct { - // Memory limit (in bytes). - Limit *int64 `json:"limit,omitempty"` - // Memory reservation (in bytes). - Reservation *uint64 `json:"reservation,omitempty"` -} - -// WindowsCPU contains information for cpu resource management -type WindowsCPU struct { - // Number of CPUs available to the container. This is an appoximation for Windows Server Containers. - Count *uint64 `json:"count,omitempty"` - // CPU shares (relative weight (ratio) vs. other containers with cpu shares). Range is from 1 to 10000. - Shares *uint64 `json:"shares,omitempty"` - // Percent of available CPUs usable by the container. - Percent *int64 `json:"percent,omitempty"` -} - -// WindowsNetwork contains network resource management information -type WindowsNetwork struct { - // Bandwidth is the maximum egress bandwidth in bytes per second - Bandwidth *uint64 `json:"bandwidth,omitempty"` -} - -// WindowsResources has container runtime resource constraints -// TODO Windows containerd. This structure needs ratifying with the old resources -// structure used on Windows and the latest OCI spec. -type WindowsResources struct { - // Memory restriction configuration - Memory *WindowsMemory `json:"memory,omitempty"` - // CPU resource restriction configuration - CPU *WindowsCPU `json:"cpu,omitempty"` - // Storage restriction configuration - Storage *WindowsStorage `json:"storage,omitempty"` - // Network restriction configuration - Network *WindowsNetwork `json:"network,omitempty"` -} - -const ( - // VersionMajor is for an API incompatible changes - VersionMajor = 0 - // VersionMinor is for functionality in a backwards-compatible manner - VersionMinor = 3 - // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 0 - - // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "" -) - -// Version is the specification version that the package types support. -var Version = fmt.Sprintf("%d.%d.%d%s (Windows)", VersionMajor, VersionMinor, VersionPatch, VersionDev) - -// -// Temporary structures. Ultimately this whole file will be removed. -// - -// Linux contains platform specific configuration for Linux based containers. -type Linux struct { -} - -// Solaris contains platform specific configuration for Solaris application containers. -type Solaris struct { -} - -// Hooks for container setup and teardown -type Hooks struct { -} - -// Rlimit type and restrictions. Placeholder only to support the Process structure. -// Not used on Windows, only present for compilation purposes. -type Rlimit struct { -} diff --git a/libcontainerd/windowsoci/unsupported.go b/libcontainerd/windowsoci/unsupported.go deleted file mode 100644 index a97c282995..0000000000 --- a/libcontainerd/windowsoci/unsupported.go +++ /dev/null @@ -1,3 +0,0 @@ -// +build !windows - -package windowsoci diff --git a/oci/defaults_linux.go b/oci/defaults_linux.go index ec25447418..227caca960 100644 --- a/oci/defaults_linux.go +++ b/oci/defaults_linux.go @@ -76,7 +76,7 @@ func DefaultSpec() specs.Spec { "CAP_AUDIT_WRITE", } - s.Linux = specs.Linux{ + s.Linux = &specs.Linux{ MaskedPaths: []string{ "/proc/kcore", "/proc/latency_stats", diff --git a/oci/defaults_windows.go b/oci/defaults_windows.go index 5701733bd9..ab51904ec4 100644 --- a/oci/defaults_windows.go +++ b/oci/defaults_windows.go @@ -3,17 +3,17 @@ package oci import ( "runtime" - "github.com/docker/docker/libcontainerd/windowsoci" + "github.com/opencontainers/runtime-spec/specs-go" ) // DefaultSpec returns default spec used by docker. -func DefaultSpec() windowsoci.Spec { - return windowsoci.Spec{ - Version: windowsoci.Version, - Platform: windowsoci.Platform{ +func DefaultSpec() specs.Spec { + return specs.Spec{ + Version: specs.Version, + Platform: specs.Platform{ OS: runtime.GOOS, Arch: runtime.GOARCH, }, - Windows: &windowsoci.Windows{}, + Windows: &specs.Windows{}, } } diff --git a/plugin/manager_linux.go b/plugin/manager_linux.go index a2adfe8022..257aaf4bd7 100644 --- a/plugin/manager_linux.go +++ b/plugin/manager_linux.go @@ -15,6 +15,7 @@ import ( "github.com/docker/docker/pkg/plugins" "github.com/docker/docker/plugin/v2" "github.com/docker/docker/restartmanager" + "github.com/opencontainers/runtime-spec/specs-go" ) func (pm *Manager) enable(p *v2.Plugin, force bool) error { @@ -27,7 +28,7 @@ func (pm *Manager) enable(p *v2.Plugin, force bool) error { } p.RestartManager = restartmanager.New(container.RestartPolicy{Name: "always"}, 0) - if err := pm.containerdClient.Create(p.GetID(), "", "", libcontainerd.Spec(*spec), libcontainerd.WithRestartManager(p.RestartManager)); err != nil { + if err := pm.containerdClient.Create(p.GetID(), "", "", specs.Spec(*spec), libcontainerd.WithRestartManager(p.RestartManager)); err != nil { if err := p.RestartManager.Cancel(); err != nil { logrus.Errorf("enable: restartManager.Cancel failed due to %v", err) }