mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Merge pull request #19911 from Microsoft/jstarks/npipe
Windows: Add support for named pipe protocol
This commit is contained in:
commit
83ee24e52b
9 changed files with 97 additions and 92 deletions
|
@ -176,12 +176,7 @@ func getServerHost(hosts []string, tlsOptions *tlsconfig.Options) (host string,
|
|||
return "", errors.New("Please specify only one -H")
|
||||
}
|
||||
|
||||
defaultHost := opts.DefaultTCPHost
|
||||
if tlsOptions != nil {
|
||||
defaultHost = opts.DefaultTLSHost
|
||||
}
|
||||
|
||||
host, err = opts.ParseHost(defaultHost, host)
|
||||
host, err = opts.ParseHost(tlsOptions != nil, host)
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
@ -4,8 +4,11 @@ package server
|
|||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/Microsoft/go-winio"
|
||||
"net"
|
||||
"net/http"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// NewServer sets up the required Server and does protocol specific checking.
|
||||
|
@ -21,8 +24,26 @@ func (s *Server) newServer(proto, addr string) ([]*HTTPServer, error) {
|
|||
}
|
||||
ls = append(ls, l)
|
||||
|
||||
case "npipe":
|
||||
// allow Administrators and SYSTEM, plus whatever additional users or groups were specified
|
||||
sddl := "D:P(A;;GA;;;BA)(A;;GA;;;SY)"
|
||||
if s.cfg.SocketGroup != "" {
|
||||
for _, g := range strings.Split(s.cfg.SocketGroup, ",") {
|
||||
sid, err := winio.LookupSidByName(g)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
sddl += fmt.Sprintf("(A;;GRGW;;;%s)", sid)
|
||||
}
|
||||
}
|
||||
l, err := winio.ListenPipe(addr, sddl)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
ls = append(ls, l)
|
||||
|
||||
default:
|
||||
return nil, errors.New("Invalid protocol format. Windows only supports tcp.")
|
||||
return nil, errors.New("Invalid protocol format. Windows only supports tcp and npipe.")
|
||||
}
|
||||
|
||||
var res []*HTTPServer
|
||||
|
|
|
@ -68,6 +68,7 @@ type CommonConfig struct {
|
|||
Pidfile string `json:"pidfile,omitempty"`
|
||||
RawLogs bool `json:"raw-logs,omitempty"`
|
||||
Root string `json:"graph,omitempty"`
|
||||
SocketGroup string `json:"group,omitempty"`
|
||||
TrustKeyPath string `json:"-"`
|
||||
|
||||
// ClusterStore is the storage backend used for the cluster information. It is used by both
|
||||
|
|
|
@ -29,7 +29,6 @@ type Config struct {
|
|||
EnableCors bool `json:"api-enable-cors,omitempty"`
|
||||
EnableSelinuxSupport bool `json:"selinux-enabled,omitempty"`
|
||||
RemappedRoot string `json:"userns-remap,omitempty"`
|
||||
SocketGroup string `json:"group,omitempty"`
|
||||
CgroupParent string `json:"cgroup-parent,omitempty"`
|
||||
Ulimits map[string]*units.Ulimit `json:"default-ulimits,omitempty"`
|
||||
}
|
||||
|
|
|
@ -38,4 +38,5 @@ func (config *Config) InstallFlags(cmd *flag.FlagSet, usageFn func(string) strin
|
|||
|
||||
// Then platform-specific install flags.
|
||||
cmd.StringVar(&config.bridgeConfig.VirtualSwitchName, []string{"b", "-bridge"}, "", "Attach containers to a virtual switch")
|
||||
cmd.StringVar(&config.SocketGroup, []string{"G", "-group"}, "", usageFn("Users or groups that can access the named pipe"))
|
||||
}
|
||||
|
|
|
@ -200,11 +200,11 @@ func (cli *DaemonCli) CmdDaemon(args ...string) error {
|
|||
serverConfig := &apiserver.Config{
|
||||
AuthorizationPluginNames: cli.Config.AuthorizationPlugins,
|
||||
Logging: true,
|
||||
SocketGroup: cli.Config.SocketGroup,
|
||||
Version: dockerversion.Version,
|
||||
}
|
||||
serverConfig = setPlatformServerConfig(serverConfig, cli.Config)
|
||||
|
||||
defaultHost := opts.DefaultHost
|
||||
if cli.Config.TLS {
|
||||
tlsOptions := tlsconfig.Options{
|
||||
CAFile: cli.Config.CommonTLSOptions.CAFile,
|
||||
|
@ -221,7 +221,6 @@ func (cli *DaemonCli) CmdDaemon(args ...string) error {
|
|||
logrus.Fatal(err)
|
||||
}
|
||||
serverConfig.TLSConfig = tlsConfig
|
||||
defaultHost = opts.DefaultTLSHost
|
||||
}
|
||||
|
||||
if len(cli.Config.Hosts) == 0 {
|
||||
|
@ -229,7 +228,7 @@ func (cli *DaemonCli) CmdDaemon(args ...string) error {
|
|||
}
|
||||
for i := 0; i < len(cli.Config.Hosts); i++ {
|
||||
var err error
|
||||
if cli.Config.Hosts[i], err = opts.ParseHost(defaultHost, cli.Config.Hosts[i]); err != nil {
|
||||
if cli.Config.Hosts[i], err = opts.ParseHost(cli.Config.TLS, cli.Config.Hosts[i]); err != nil {
|
||||
logrus.Fatalf("error parsing -H %s : %v", cli.Config.Hosts[i], err)
|
||||
}
|
||||
|
||||
|
|
|
@ -19,7 +19,6 @@ import (
|
|||
const defaultDaemonConfigFile = "/etc/docker/daemon.json"
|
||||
|
||||
func setPlatformServerConfig(serverConfig *apiserver.Config, daemonCfg *daemon.Config) *apiserver.Config {
|
||||
serverConfig.SocketGroup = daemonCfg.SocketGroup
|
||||
serverConfig.EnableCors = daemonCfg.EnableCors
|
||||
serverConfig.CorsHeaders = daemonCfg.CorsHeaders
|
||||
|
||||
|
|
|
@ -4,16 +4,12 @@ import (
|
|||
"fmt"
|
||||
"net"
|
||||
"net/url"
|
||||
"runtime"
|
||||
"strconv"
|
||||
"strings"
|
||||
)
|
||||
|
||||
var (
|
||||
// DefaultHTTPPort Default HTTP Port used if only the protocol is provided to -H flag e.g. docker daemon -H tcp://
|
||||
// TODO Windows. DefaultHTTPPort is only used on Windows if a -H parameter
|
||||
// is not supplied. A better longer term solution would be to use a named
|
||||
// pipe as the default on the Windows daemon.
|
||||
// These are the IANA registered port numbers for use with Docker
|
||||
// see http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=docker
|
||||
DefaultHTTPPort = 2375 // Default HTTP Port
|
||||
|
@ -26,13 +22,19 @@ var (
|
|||
DefaultTCPHost = fmt.Sprintf("tcp://%s:%d", DefaultHTTPHost, DefaultHTTPPort)
|
||||
// DefaultTLSHost constant defines the default host string used by docker for TLS sockets
|
||||
DefaultTLSHost = fmt.Sprintf("tcp://%s:%d", DefaultHTTPHost, DefaultTLSHTTPPort)
|
||||
// DefaultNamedPipe defines the default named pipe used by docker on Windows
|
||||
DefaultNamedPipe = `//./pipe/docker_engine`
|
||||
)
|
||||
|
||||
// ValidateHost validates that the specified string is a valid host and returns it.
|
||||
func ValidateHost(val string) (string, error) {
|
||||
_, err := parseDockerDaemonHost(DefaultTCPHost, DefaultTLSHost, DefaultUnixSocket, "", val)
|
||||
if err != nil {
|
||||
return val, err
|
||||
host := strings.TrimSpace(val)
|
||||
// The empty string means default and is not handled by parseDockerDaemonHost
|
||||
if host != "" {
|
||||
_, err := parseDockerDaemonHost(host)
|
||||
if err != nil {
|
||||
return val, err
|
||||
}
|
||||
}
|
||||
// Note: unlike most flag validators, we don't return the mutated value here
|
||||
// we need to know what the user entered later (using ParseHost) to adjust for tls
|
||||
|
@ -40,39 +42,39 @@ func ValidateHost(val string) (string, error) {
|
|||
}
|
||||
|
||||
// ParseHost and set defaults for a Daemon host string
|
||||
func ParseHost(defaultHost, val string) (string, error) {
|
||||
host, err := parseDockerDaemonHost(DefaultTCPHost, DefaultTLSHost, DefaultUnixSocket, defaultHost, val)
|
||||
if err != nil {
|
||||
return val, err
|
||||
func ParseHost(defaultToTLS bool, val string) (string, error) {
|
||||
host := strings.TrimSpace(val)
|
||||
if host == "" {
|
||||
if defaultToTLS {
|
||||
host = DefaultTLSHost
|
||||
} else {
|
||||
host = DefaultHost
|
||||
}
|
||||
} else {
|
||||
var err error
|
||||
host, err = parseDockerDaemonHost(host)
|
||||
if err != nil {
|
||||
return val, err
|
||||
}
|
||||
}
|
||||
return host, nil
|
||||
}
|
||||
|
||||
// parseDockerDaemonHost parses the specified address and returns an address that will be used as the host.
|
||||
// Depending of the address specified, will use the defaultTCPAddr or defaultUnixAddr
|
||||
// defaultUnixAddr must be a absolute file path (no `unix://` prefix)
|
||||
// defaultTCPAddr must be the full `tcp://host:port` form
|
||||
func parseDockerDaemonHost(defaultTCPAddr, defaultTLSHost, defaultUnixAddr, defaultAddr, addr string) (string, error) {
|
||||
addr = strings.TrimSpace(addr)
|
||||
if addr == "" {
|
||||
if defaultAddr == defaultTLSHost {
|
||||
return defaultTLSHost, nil
|
||||
}
|
||||
if runtime.GOOS != "windows" {
|
||||
return fmt.Sprintf("unix://%s", defaultUnixAddr), nil
|
||||
}
|
||||
return defaultTCPAddr, nil
|
||||
}
|
||||
// Depending of the address specified, this may return one of the global Default* strings defined in hosts.go.
|
||||
func parseDockerDaemonHost(addr string) (string, error) {
|
||||
addrParts := strings.Split(addr, "://")
|
||||
if len(addrParts) == 1 {
|
||||
if len(addrParts) == 1 && addrParts[0] != "" {
|
||||
addrParts = []string{"tcp", addrParts[0]}
|
||||
}
|
||||
|
||||
switch addrParts[0] {
|
||||
case "tcp":
|
||||
return parseTCPAddr(addrParts[1], defaultTCPAddr)
|
||||
return parseTCPAddr(addrParts[1], DefaultTCPHost)
|
||||
case "unix":
|
||||
return parseUnixAddr(addrParts[1], defaultUnixAddr)
|
||||
return parseSimpleProtoAddr("unix", addrParts[1], DefaultUnixSocket)
|
||||
case "npipe":
|
||||
return parseSimpleProtoAddr("npipe", addrParts[1], DefaultNamedPipe)
|
||||
case "fd":
|
||||
return addr, nil
|
||||
default:
|
||||
|
@ -80,19 +82,19 @@ func parseDockerDaemonHost(defaultTCPAddr, defaultTLSHost, defaultUnixAddr, defa
|
|||
}
|
||||
}
|
||||
|
||||
// parseUnixAddr parses and validates that the specified address is a valid UNIX
|
||||
// socket address. It returns a formatted UNIX socket address, either using the
|
||||
// address parsed from addr, or the contents of defaultAddr if addr is a blank
|
||||
// string.
|
||||
func parseUnixAddr(addr string, defaultAddr string) (string, error) {
|
||||
addr = strings.TrimPrefix(addr, "unix://")
|
||||
// parseSimpleProtoAddr parses and validates that the specified address is a valid
|
||||
// socket address for simple protocols like unix and npipe. It returns a formatted
|
||||
// socket address, either using the address parsed from addr, or the contents of
|
||||
// defaultAddr if addr is a blank string.
|
||||
func parseSimpleProtoAddr(proto, addr, defaultAddr string) (string, error) {
|
||||
addr = strings.TrimPrefix(addr, proto+"://")
|
||||
if strings.Contains(addr, "://") {
|
||||
return "", fmt.Errorf("Invalid proto, expected unix: %s", addr)
|
||||
return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr)
|
||||
}
|
||||
if addr == "" {
|
||||
addr = defaultAddr
|
||||
}
|
||||
return fmt.Sprintf("unix://%s", addr), nil
|
||||
return fmt.Sprintf("%s://%s", proto, addr), nil
|
||||
}
|
||||
|
||||
// parseTCPAddr parses and validates that the specified address is a valid TCP
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
package opts
|
||||
|
||||
import (
|
||||
"runtime"
|
||||
"fmt"
|
||||
"testing"
|
||||
)
|
||||
|
||||
|
@ -15,51 +15,41 @@ func TestParseHost(t *testing.T) {
|
|||
"tcp://invalid": "Invalid bind address format: invalid",
|
||||
"tcp://invalid:port": "Invalid bind address format: invalid:port",
|
||||
}
|
||||
const defaultHTTPHost = "tcp://127.0.0.1:2375"
|
||||
var defaultHOST = "unix:///var/run/docker.sock"
|
||||
|
||||
if runtime.GOOS == "windows" {
|
||||
defaultHOST = defaultHTTPHost
|
||||
}
|
||||
valid := map[string]string{
|
||||
"": defaultHOST,
|
||||
"": DefaultHost,
|
||||
" ": DefaultHost,
|
||||
" ": DefaultHost,
|
||||
"fd://": "fd://",
|
||||
"fd://something": "fd://something",
|
||||
"tcp://host:": "tcp://host:2375",
|
||||
"tcp://": "tcp://localhost:2375",
|
||||
"tcp://:2375": "tcp://localhost:2375", // default ip address
|
||||
"tcp://:2376": "tcp://localhost:2376", // default ip address
|
||||
"tcp://host:": fmt.Sprintf("tcp://host:%d", DefaultHTTPPort),
|
||||
"tcp://": DefaultTCPHost,
|
||||
"tcp://:2375": fmt.Sprintf("tcp://%s:2375", DefaultHTTPHost),
|
||||
"tcp://:2376": fmt.Sprintf("tcp://%s:2376", DefaultHTTPHost),
|
||||
"tcp://0.0.0.0:8080": "tcp://0.0.0.0:8080",
|
||||
"tcp://192.168.0.0:12000": "tcp://192.168.0.0:12000",
|
||||
"tcp://192.168:8080": "tcp://192.168:8080",
|
||||
"tcp://0.0.0.0:1234567890": "tcp://0.0.0.0:1234567890", // yeah it's valid :P
|
||||
" tcp://:7777/path ": fmt.Sprintf("tcp://%s:7777/path", DefaultHTTPHost),
|
||||
"tcp://docker.com:2375": "tcp://docker.com:2375",
|
||||
"unix://": "unix:///var/run/docker.sock", // default unix:// value
|
||||
"unix://": "unix://" + DefaultUnixSocket,
|
||||
"unix://path/to/socket": "unix://path/to/socket",
|
||||
"npipe://": "npipe://" + DefaultNamedPipe,
|
||||
"npipe:////./pipe/foo": "npipe:////./pipe/foo",
|
||||
}
|
||||
|
||||
for value, errorMessage := range invalid {
|
||||
if _, err := ParseHost(defaultHTTPHost, value); err == nil || err.Error() != errorMessage {
|
||||
t.Fatalf("Expected an error for %v with [%v], got [%v]", value, errorMessage, err)
|
||||
if _, err := ParseHost(false, value); err == nil || err.Error() != errorMessage {
|
||||
t.Errorf("Expected an error for %v with [%v], got [%v]", value, errorMessage, err)
|
||||
}
|
||||
}
|
||||
for value, expected := range valid {
|
||||
if actual, err := ParseHost(defaultHTTPHost, value); err != nil || actual != expected {
|
||||
t.Fatalf("Expected for %v [%v], got [%v, %v]", value, expected, actual, err)
|
||||
if actual, err := ParseHost(false, value); err != nil || actual != expected {
|
||||
t.Errorf("Expected for %v [%v], got [%v, %v]", value, expected, actual, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestParseDockerDaemonHost(t *testing.T) {
|
||||
var (
|
||||
defaultHTTPHost = "tcp://localhost:2375"
|
||||
defaultHTTPSHost = "tcp://localhost:2376"
|
||||
defaultUnix = "/var/run/docker.sock"
|
||||
defaultHOST = "unix:///var/run/docker.sock"
|
||||
)
|
||||
if runtime.GOOS == "windows" {
|
||||
defaultHOST = defaultHTTPHost
|
||||
}
|
||||
invalids := map[string]string{
|
||||
"0.0.0.0": "Invalid bind address format: 0.0.0.0",
|
||||
"tcp:a.b.c.d": "Invalid bind address format: tcp:a.b.c.d",
|
||||
|
@ -67,9 +57,11 @@ func TestParseDockerDaemonHost(t *testing.T) {
|
|||
"udp://127.0.0.1": "Invalid bind address format: udp://127.0.0.1",
|
||||
"udp://127.0.0.1:2375": "Invalid bind address format: udp://127.0.0.1:2375",
|
||||
"tcp://unix:///run/docker.sock": "Invalid bind address format: unix",
|
||||
"tcp": "Invalid bind address format: tcp",
|
||||
"unix": "Invalid bind address format: unix",
|
||||
"fd": "Invalid bind address format: fd",
|
||||
" tcp://:7777/path ": "Invalid bind address format: tcp://:7777/path ",
|
||||
"tcp": "Invalid bind address format: tcp",
|
||||
"unix": "Invalid bind address format: unix",
|
||||
"fd": "Invalid bind address format: fd",
|
||||
"": "Invalid bind address format: ",
|
||||
}
|
||||
valids := map[string]string{
|
||||
"0.0.0.1:": "tcp://0.0.0.1:2375",
|
||||
|
@ -79,17 +71,13 @@ func TestParseDockerDaemonHost(t *testing.T) {
|
|||
"[::1]:5555/path": "tcp://[::1]:5555/path",
|
||||
"[0:0:0:0:0:0:0:1]:": "tcp://[0:0:0:0:0:0:0:1]:2375",
|
||||
"[0:0:0:0:0:0:0:1]:5555/path": "tcp://[0:0:0:0:0:0:0:1]:5555/path",
|
||||
":6666": "tcp://localhost:6666",
|
||||
":6666/path": "tcp://localhost:6666/path",
|
||||
"": defaultHOST,
|
||||
" ": defaultHOST,
|
||||
" ": defaultHOST,
|
||||
"tcp://": defaultHTTPHost,
|
||||
"tcp://:7777": "tcp://localhost:7777",
|
||||
"tcp://:7777/path": "tcp://localhost:7777/path",
|
||||
" tcp://:7777/path ": "tcp://localhost:7777/path",
|
||||
":6666": fmt.Sprintf("tcp://%s:6666", DefaultHTTPHost),
|
||||
":6666/path": fmt.Sprintf("tcp://%s:6666/path", DefaultHTTPHost),
|
||||
"tcp://": DefaultTCPHost,
|
||||
"tcp://:7777": fmt.Sprintf("tcp://%s:7777", DefaultHTTPHost),
|
||||
"tcp://:7777/path": fmt.Sprintf("tcp://%s:7777/path", DefaultHTTPHost),
|
||||
"unix:///run/docker.sock": "unix:///run/docker.sock",
|
||||
"unix://": "unix:///var/run/docker.sock",
|
||||
"unix://": "unix://" + DefaultUnixSocket,
|
||||
"fd://": "fd://",
|
||||
"fd://something": "fd://something",
|
||||
"localhost:": "tcp://localhost:2375",
|
||||
|
@ -97,12 +85,12 @@ func TestParseDockerDaemonHost(t *testing.T) {
|
|||
"localhost:5555/path": "tcp://localhost:5555/path",
|
||||
}
|
||||
for invalidAddr, expectedError := range invalids {
|
||||
if addr, err := parseDockerDaemonHost(defaultHTTPHost, defaultHTTPSHost, defaultUnix, "", invalidAddr); err == nil || err.Error() != expectedError {
|
||||
if addr, err := parseDockerDaemonHost(invalidAddr); err == nil || err.Error() != expectedError {
|
||||
t.Errorf("tcp %v address expected error %v return, got %s and addr %v", invalidAddr, expectedError, err, addr)
|
||||
}
|
||||
}
|
||||
for validAddr, expectedAddr := range valids {
|
||||
if addr, err := parseDockerDaemonHost(defaultHTTPHost, defaultHTTPSHost, defaultUnix, "", validAddr); err != nil || addr != expectedAddr {
|
||||
if addr, err := parseDockerDaemonHost(validAddr); err != nil || addr != expectedAddr {
|
||||
t.Errorf("%v -> expected %v, got (%v) addr (%v)", validAddr, expectedAddr, err, addr)
|
||||
}
|
||||
}
|
||||
|
@ -152,13 +140,13 @@ func TestParseTCP(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestParseInvalidUnixAddrInvalid(t *testing.T) {
|
||||
if _, err := parseUnixAddr("tcp://127.0.0.1", "unix:///var/run/docker.sock"); err == nil || err.Error() != "Invalid proto, expected unix: tcp://127.0.0.1" {
|
||||
if _, err := parseSimpleProtoAddr("unix", "tcp://127.0.0.1", "unix:///var/run/docker.sock"); err == nil || err.Error() != "Invalid proto, expected unix: tcp://127.0.0.1" {
|
||||
t.Fatalf("Expected an error, got %v", err)
|
||||
}
|
||||
if _, err := parseUnixAddr("unix://tcp://127.0.0.1", "/var/run/docker.sock"); err == nil || err.Error() != "Invalid proto, expected unix: tcp://127.0.0.1" {
|
||||
if _, err := parseSimpleProtoAddr("unix", "unix://tcp://127.0.0.1", "/var/run/docker.sock"); err == nil || err.Error() != "Invalid proto, expected unix: tcp://127.0.0.1" {
|
||||
t.Fatalf("Expected an error, got %v", err)
|
||||
}
|
||||
if v, err := parseUnixAddr("", "/var/run/docker.sock"); err != nil || v != "unix:///var/run/docker.sock" {
|
||||
if v, err := parseSimpleProtoAddr("unix", "", "/var/run/docker.sock"); err != nil || v != "unix:///var/run/docker.sock" {
|
||||
t.Fatalf("Expected an %v, got %v", v, "unix:///var/run/docker.sock")
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue