mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Merge pull request #26961 from Microsoft/jjh/oci
Windows: OCI runtime spec compliance
This commit is contained in:
commit
97660c6ec5
21 changed files with 140 additions and 301 deletions
|
@ -5,6 +5,7 @@ import (
|
|||
"github.com/docker/docker/daemon/caps"
|
||||
"github.com/docker/docker/daemon/exec"
|
||||
"github.com/docker/docker/libcontainerd"
|
||||
"github.com/opencontainers/runtime-spec/specs-go"
|
||||
)
|
||||
|
||||
func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainerd.Process) error {
|
||||
|
@ -13,7 +14,7 @@ func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainer
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
p.User = &libcontainerd.User{
|
||||
p.User = &specs.User{
|
||||
UID: uid,
|
||||
GID: gid,
|
||||
AdditionalGids: additionalGids,
|
||||
|
|
|
@ -14,7 +14,6 @@ import (
|
|||
containertypes "github.com/docker/docker/api/types/container"
|
||||
"github.com/docker/docker/container"
|
||||
"github.com/docker/docker/daemon/caps"
|
||||
"github.com/docker/docker/libcontainerd"
|
||||
"github.com/docker/docker/oci"
|
||||
"github.com/docker/docker/pkg/idtools"
|
||||
"github.com/docker/docker/pkg/mount"
|
||||
|
@ -623,7 +622,7 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container)
|
|||
return nil
|
||||
}
|
||||
|
||||
func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, error) {
|
||||
func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
|
||||
s := oci.DefaultSpec()
|
||||
if err := daemon.populateCommonSpec(&s, c); err != nil {
|
||||
return nil, err
|
||||
|
@ -719,7 +718,7 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e
|
|||
s.Process.NoNewPrivileges = c.NoNewPrivileges
|
||||
s.Linux.MountLabel = c.MountLabel
|
||||
|
||||
return (*libcontainerd.Spec)(&s), nil
|
||||
return (*specs.Spec)(&s), nil
|
||||
}
|
||||
|
||||
func clearReadOnly(m *specs.Mount) {
|
||||
|
|
|
@ -3,13 +3,13 @@ package daemon
|
|||
import (
|
||||
containertypes "github.com/docker/docker/api/types/container"
|
||||
"github.com/docker/docker/container"
|
||||
"github.com/docker/docker/libcontainerd"
|
||||
"github.com/docker/docker/oci"
|
||||
"github.com/opencontainers/runtime-spec/specs-go"
|
||||
)
|
||||
|
||||
func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, error) {
|
||||
func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
|
||||
s := oci.DefaultSpec()
|
||||
return (*libcontainerd.Spec)(&s), nil
|
||||
return (*specs.Spec)(&s), nil
|
||||
}
|
||||
|
||||
// mergeUlimits merge the Ulimits from HostConfig with daemon defaults, and update HostConfig
|
||||
|
|
|
@ -5,12 +5,11 @@ import (
|
|||
|
||||
containertypes "github.com/docker/docker/api/types/container"
|
||||
"github.com/docker/docker/container"
|
||||
"github.com/docker/docker/libcontainerd"
|
||||
"github.com/docker/docker/libcontainerd/windowsoci"
|
||||
"github.com/docker/docker/oci"
|
||||
"github.com/opencontainers/runtime-spec/specs-go"
|
||||
)
|
||||
|
||||
func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, error) {
|
||||
func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
|
||||
s := oci.DefaultSpec()
|
||||
|
||||
linkedEnv, err := daemon.setupLinkedContainers(c)
|
||||
|
@ -33,7 +32,7 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e
|
|||
return nil, err
|
||||
}
|
||||
for _, mount := range mounts {
|
||||
m := windowsoci.Mount{
|
||||
m := specs.Mount{
|
||||
Source: mount.Source,
|
||||
Destination: mount.Destination,
|
||||
}
|
||||
|
@ -71,25 +70,27 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e
|
|||
|
||||
// In s.Windows.Resources
|
||||
// @darrenstahlmsft implement these resources
|
||||
cpuShares := uint64(c.HostConfig.CPUShares)
|
||||
s.Windows.Resources = &windowsoci.WindowsResources{
|
||||
CPU: &windowsoci.WindowsCPU{
|
||||
Percent: &c.HostConfig.CPUPercent,
|
||||
cpuShares := uint16(c.HostConfig.CPUShares)
|
||||
cpuPercent := uint8(c.HostConfig.CPUPercent)
|
||||
memoryLimit := uint64(c.HostConfig.Memory)
|
||||
s.Windows.Resources = &specs.WindowsResources{
|
||||
CPU: &specs.WindowsCPUResources{
|
||||
Percent: &cpuPercent,
|
||||
Shares: &cpuShares,
|
||||
},
|
||||
Memory: &windowsoci.WindowsMemory{
|
||||
Limit: &c.HostConfig.Memory,
|
||||
Memory: &specs.WindowsMemoryResources{
|
||||
Limit: &memoryLimit,
|
||||
//TODO Reservation: ...,
|
||||
},
|
||||
Network: &windowsoci.WindowsNetwork{
|
||||
Network: &specs.WindowsNetworkResources{
|
||||
//TODO Bandwidth: ...,
|
||||
},
|
||||
Storage: &windowsoci.WindowsStorage{
|
||||
Storage: &specs.WindowsStorageResources{
|
||||
Bps: &c.HostConfig.IOMaximumBandwidth,
|
||||
Iops: &c.HostConfig.IOMaximumIOps,
|
||||
},
|
||||
}
|
||||
return (*libcontainerd.Spec)(&s), nil
|
||||
return (*specs.Spec)(&s), nil
|
||||
}
|
||||
|
||||
func escapeArgs(args []string) []string {
|
||||
|
|
|
@ -15,7 +15,7 @@ import (
|
|||
// It also ensures each of the mounts are lexographically sorted.
|
||||
|
||||
// BUGBUG TODO Windows containerd. This would be much better if it returned
|
||||
// an array of windowsoci mounts, not container mounts. Then no need to
|
||||
// an array of runtime spec mounts, not container mounts. Then no need to
|
||||
// do multiple transitions.
|
||||
|
||||
func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, error) {
|
||||
|
|
|
@ -107,7 +107,7 @@ clone git github.com/docker/go v1.5.1-1-1-gbaf439e
|
|||
clone git github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c
|
||||
|
||||
clone git github.com/opencontainers/runc cc29e3dded8e27ba8f65738f40d251c885030a28 # libcontainer
|
||||
clone git github.com/opencontainers/runtime-spec v1.0.0-rc1 # specs
|
||||
clone git github.com/opencontainers/runtime-spec 1c7c27d043c2a5e513a44084d2b10d77d1402b8c # specs
|
||||
clone git github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0
|
||||
# libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json)
|
||||
clone git github.com/coreos/go-systemd v4
|
||||
|
|
|
@ -133,7 +133,7 @@ func (clnt *client) prepareBundleDir(uid, gid int) (string, error) {
|
|||
return p, nil
|
||||
}
|
||||
|
||||
func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec Spec, options ...CreateOption) (err error) {
|
||||
func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec specs.Spec, options ...CreateOption) (err error) {
|
||||
clnt.lock(containerID)
|
||||
defer clnt.unlock(containerID)
|
||||
|
||||
|
|
|
@ -13,6 +13,7 @@ import (
|
|||
|
||||
"github.com/Microsoft/hcsshim"
|
||||
"github.com/Sirupsen/logrus"
|
||||
"github.com/opencontainers/runtime-spec/specs-go"
|
||||
)
|
||||
|
||||
type client struct {
|
||||
|
@ -92,7 +93,7 @@ const defaultOwner = "docker"
|
|||
// },
|
||||
// "Servicing": false
|
||||
//}
|
||||
func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec Spec, options ...CreateOption) error {
|
||||
func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec specs.Spec, options ...CreateOption) error {
|
||||
clnt.lock(containerID)
|
||||
defer clnt.unlock(containerID)
|
||||
logrus.Debugln("libcontainerd: client.Create() with spec", spec)
|
||||
|
@ -109,15 +110,15 @@ func (clnt *client) Create(containerID string, checkpoint string, checkpointDir
|
|||
if spec.Windows.Resources != nil {
|
||||
if spec.Windows.Resources.CPU != nil {
|
||||
if spec.Windows.Resources.CPU.Shares != nil {
|
||||
configuration.ProcessorWeight = *spec.Windows.Resources.CPU.Shares
|
||||
configuration.ProcessorWeight = uint64(*spec.Windows.Resources.CPU.Shares)
|
||||
}
|
||||
if spec.Windows.Resources.CPU.Percent != nil {
|
||||
configuration.ProcessorMaximum = *spec.Windows.Resources.CPU.Percent * 100 // ProcessorMaximum is a value between 1 and 10000
|
||||
configuration.ProcessorMaximum = int64(*spec.Windows.Resources.CPU.Percent * 100) // ProcessorMaximum is a value between 1 and 10000
|
||||
}
|
||||
}
|
||||
if spec.Windows.Resources.Memory != nil {
|
||||
if spec.Windows.Resources.Memory.Limit != nil {
|
||||
configuration.MemoryMaximumInMB = *spec.Windows.Resources.Memory.Limit / 1024 / 1024
|
||||
configuration.MemoryMaximumInMB = int64(*spec.Windows.Resources.Memory.Limit / 1024 / 1024)
|
||||
}
|
||||
}
|
||||
if spec.Windows.Resources.Storage != nil {
|
||||
|
|
|
@ -8,6 +8,7 @@ import (
|
|||
|
||||
"github.com/Microsoft/hcsshim"
|
||||
"github.com/Sirupsen/logrus"
|
||||
"github.com/opencontainers/runtime-spec/specs-go"
|
||||
)
|
||||
|
||||
type container struct {
|
||||
|
@ -19,7 +20,7 @@ type container struct {
|
|||
// The ociSpec is required, as client.Create() needs a spec,
|
||||
// but can be called from the RestartManager context which does not
|
||||
// otherwise have access to the Spec
|
||||
ociSpec Spec
|
||||
ociSpec specs.Spec
|
||||
|
||||
manualStopRequested bool
|
||||
hcsContainer hcsshim.Container
|
||||
|
|
|
@ -3,6 +3,7 @@ package libcontainerd
|
|||
import (
|
||||
"io"
|
||||
|
||||
"github.com/opencontainers/runtime-spec/specs-go"
|
||||
"golang.org/x/net/context"
|
||||
)
|
||||
|
||||
|
@ -36,7 +37,7 @@ type Backend interface {
|
|||
|
||||
// Client provides access to containerd features.
|
||||
type Client interface {
|
||||
Create(containerID string, checkpoint string, checkpointDir string, spec Spec, options ...CreateOption) error
|
||||
Create(containerID string, checkpoint string, checkpointDir string, spec specs.Spec, options ...CreateOption) error
|
||||
Signal(containerID string, sig int) error
|
||||
SignalProcess(containerID string, processFriendlyName string, sig int) error
|
||||
AddProcess(ctx context.Context, containerID, processFriendlyName string, process Process) error
|
||||
|
|
|
@ -5,17 +5,12 @@ import (
|
|||
"github.com/opencontainers/runtime-spec/specs-go"
|
||||
)
|
||||
|
||||
// Spec is the base configuration for the container. It specifies platform
|
||||
// independent configuration. This information must be included when the
|
||||
// bundle is packaged for distribution.
|
||||
type Spec specs.Spec
|
||||
|
||||
// Process contains information to start a specific application inside the container.
|
||||
type Process struct {
|
||||
// Terminal creates an interactive terminal for the container.
|
||||
Terminal bool `json:"terminal"`
|
||||
// User specifies user information for the process.
|
||||
User *User `json:"user"`
|
||||
User *specs.User `json:"user"`
|
||||
// Args specifies the binary and arguments for the application to execute.
|
||||
Args []string `json:"args"`
|
||||
// Env populates the process environment for the process.
|
||||
|
@ -47,10 +42,6 @@ type Stats containerd.StatsResponse
|
|||
// Summary contains a container summary from containerd
|
||||
type Summary struct{}
|
||||
|
||||
// User specifies linux specific user and group information for the container's
|
||||
// main process.
|
||||
type User specs.User
|
||||
|
||||
// Resources defines updatable container resource values.
|
||||
type Resources containerd.UpdateResource
|
||||
|
||||
|
|
|
@ -1,14 +1,5 @@
|
|||
package libcontainerd
|
||||
|
||||
import (
|
||||
"github.com/opencontainers/runtime-spec/specs-go"
|
||||
)
|
||||
|
||||
// Spec is the base configuration for the container. It specifies platform
|
||||
// independent configuration. This information must be included when the
|
||||
// bundle is packaged for distribution.
|
||||
type Spec specs.Spec
|
||||
|
||||
// Process contains information to start a specific application inside the container.
|
||||
type Process struct {
|
||||
// Terminal creates an interactive terminal for the container.
|
||||
|
@ -30,9 +21,5 @@ type StateInfo struct {
|
|||
// Platform specific StateInfo
|
||||
}
|
||||
|
||||
// User specifies Solaris specific user and group information for the container's
|
||||
// main process.
|
||||
type User specs.User
|
||||
|
||||
// Resources defines updatable container resource values.
|
||||
type Resources struct{}
|
||||
|
|
|
@ -2,17 +2,11 @@ package libcontainerd
|
|||
|
||||
import (
|
||||
"github.com/Microsoft/hcsshim"
|
||||
"github.com/docker/docker/libcontainerd/windowsoci"
|
||||
"github.com/opencontainers/runtime-spec/specs-go"
|
||||
)
|
||||
|
||||
// Spec is the base configuration for the container.
|
||||
type Spec windowsoci.Spec
|
||||
|
||||
// Process contains information to start a specific application inside the container.
|
||||
type Process windowsoci.Process
|
||||
|
||||
// User specifies user information for the containers main process.
|
||||
type User windowsoci.User
|
||||
type Process specs.Process
|
||||
|
||||
// Summary contains a ProcessList item from HCS to support `top`
|
||||
type Summary hcsshim.ProcessListItem
|
||||
|
|
|
@ -1,199 +0,0 @@
|
|||
package windowsoci
|
||||
|
||||
// This file contains the Windows spec for a container. At the time of
|
||||
// writing, Windows does not have a spec defined in opencontainers/specs,
|
||||
// hence this is an interim workaround. TODO Windows: FIXME @jhowardmsft
|
||||
|
||||
import "fmt"
|
||||
|
||||
// Spec is the base configuration for the container.
|
||||
type Spec struct {
|
||||
// Version of the Open Container Runtime Specification with which the bundle complies.
|
||||
Version string `json:"ociVersion"`
|
||||
// Platform specifies the configuration's target platform.
|
||||
Platform Platform `json:"platform"`
|
||||
// Process configures the container process.
|
||||
Process Process `json:"process"`
|
||||
// Root configures the container's root filesystem.
|
||||
Root Root `json:"root"`
|
||||
// Hostname configures the container's hostname.
|
||||
Hostname string `json:"hostname,omitempty"`
|
||||
// Mounts configures additional mounts (on top of Root).
|
||||
Mounts []Mount `json:"mounts,omitempty"`
|
||||
// Hooks configures callbacks for container lifecycle events.
|
||||
Hooks Hooks `json:"hooks"`
|
||||
// Annotations contains arbitrary metadata for the container.
|
||||
Annotations map[string]string `json:"annotations,omitempty"`
|
||||
|
||||
// Linux is platform specific configuration for Linux based containers.
|
||||
Linux *Linux `json:"linux,omitempty" platform:"linux"`
|
||||
// Solaris is platform specific configuration for Solaris containers.
|
||||
Solaris *Solaris `json:"solaris,omitempty" platform:"solaris"`
|
||||
// Windows is platform specific configuration for Windows based containers, including Hyper-V containers.
|
||||
Windows *Windows `json:"windows,omitempty" platform:"windows"`
|
||||
}
|
||||
|
||||
// Windows contains platform specific configuration for Windows based containers.
|
||||
type Windows struct {
|
||||
// Resources contains information for handling resource constraints for the container
|
||||
Resources *WindowsResources `json:"resources,omitempty"`
|
||||
}
|
||||
|
||||
// Process contains information to start a specific application inside the container.
|
||||
type Process struct {
|
||||
// Terminal creates an interactive terminal for the container.
|
||||
Terminal bool `json:"terminal,omitempty"`
|
||||
// User specifies user information for the process.
|
||||
User User `json:"user"`
|
||||
// Args specifies the binary and arguments for the application to execute.
|
||||
Args []string `json:"args"`
|
||||
// Env populates the process environment for the process.
|
||||
Env []string `json:"env,omitempty"`
|
||||
// Cwd is the current working directory for the process and must be
|
||||
// relative to the container's root.
|
||||
Cwd string `json:"cwd"`
|
||||
// Capabilities are Linux capabilities that are kept for the container.
|
||||
Capabilities []string `json:"capabilities,omitempty" platform:"linux"`
|
||||
// Rlimits specifies rlimit options to apply to the process.
|
||||
Rlimits []Rlimit `json:"rlimits,omitempty" platform:"linux"`
|
||||
// NoNewPrivileges controls whether additional privileges could be gained by processes in the container.
|
||||
NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux"`
|
||||
// ApparmorProfile specifies the apparmor profile for the container.
|
||||
ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"`
|
||||
// SelinuxLabel specifies the selinux context that the container process is run as.
|
||||
SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"`
|
||||
// ConsoleSize contains the initial size of the console.
|
||||
ConsoleSize Box `json:"consoleSize" platform:"windows"`
|
||||
}
|
||||
|
||||
// Box specifies height and width dimensions. Used for sizing of a console.
|
||||
type Box struct {
|
||||
Height uint
|
||||
Width uint
|
||||
}
|
||||
|
||||
// User specifies specific user (and group) information for the container process.
|
||||
type User struct {
|
||||
// UID is the user id.
|
||||
UID uint32 `json:"uid" platform:"linux,solaris"`
|
||||
// GID is the group id.
|
||||
GID uint32 `json:"gid" platform:"linux,solaris"`
|
||||
// AdditionalGids are additional group ids set for the container's process.
|
||||
AdditionalGids []uint32 `json:"additionalGids,omitempty" platform:"linux,solaris"`
|
||||
// Username is the user name.
|
||||
Username string `json:"username,omitempty" platform:"windows"`
|
||||
}
|
||||
|
||||
// Root contains information about the container's root filesystem on the host.
|
||||
type Root struct {
|
||||
// Path is the absolute path to the container's root filesystem.
|
||||
Path string `json:"path"`
|
||||
// Readonly makes the root filesystem for the container readonly before the process is executed.
|
||||
Readonly bool `json:"readonly"`
|
||||
}
|
||||
|
||||
// Platform specifies OS and arch information for the host system that the container
|
||||
// is created for.
|
||||
type Platform struct {
|
||||
// OS is the operating system.
|
||||
OS string `json:"os"`
|
||||
// Arch is the architecture
|
||||
Arch string `json:"arch"`
|
||||
}
|
||||
|
||||
// Mount specifies a mount for a container.
|
||||
type Mount struct {
|
||||
// Destination is the path where the mount will be placed relative to the container's root. The path and child directories MUST exist, a runtime MUST NOT create directories automatically to a mount point.
|
||||
Destination string `json:"destination"`
|
||||
// Type specifies the mount kind.
|
||||
Type string `json:"type"`
|
||||
// Source specifies the source path of the mount. In the case of bind mounts on
|
||||
// Linux based systems this would be the file on the host.
|
||||
Source string `json:"source"`
|
||||
// Options are fstab style mount options.
|
||||
Options []string `json:"options,omitempty"`
|
||||
}
|
||||
|
||||
// WindowsStorage contains storage resource management settings
|
||||
type WindowsStorage struct {
|
||||
// Specifies maximum Iops for the system drive
|
||||
Iops *uint64 `json:"iops,omitempty"`
|
||||
// Specifies maximum bytes per second for the system drive
|
||||
Bps *uint64 `json:"bps,omitempty"`
|
||||
// Sandbox size indicates the size to expand the system drive to if it is currently smaller
|
||||
SandboxSize *uint64 `json:"sandbox_size,omitempty"`
|
||||
}
|
||||
|
||||
// WindowsMemory contains memory settings for the container
|
||||
type WindowsMemory struct {
|
||||
// Memory limit (in bytes).
|
||||
Limit *int64 `json:"limit,omitempty"`
|
||||
// Memory reservation (in bytes).
|
||||
Reservation *uint64 `json:"reservation,omitempty"`
|
||||
}
|
||||
|
||||
// WindowsCPU contains information for cpu resource management
|
||||
type WindowsCPU struct {
|
||||
// Number of CPUs available to the container. This is an appoximation for Windows Server Containers.
|
||||
Count *uint64 `json:"count,omitempty"`
|
||||
// CPU shares (relative weight (ratio) vs. other containers with cpu shares). Range is from 1 to 10000.
|
||||
Shares *uint64 `json:"shares,omitempty"`
|
||||
// Percent of available CPUs usable by the container.
|
||||
Percent *int64 `json:"percent,omitempty"`
|
||||
}
|
||||
|
||||
// WindowsNetwork contains network resource management information
|
||||
type WindowsNetwork struct {
|
||||
// Bandwidth is the maximum egress bandwidth in bytes per second
|
||||
Bandwidth *uint64 `json:"bandwidth,omitempty"`
|
||||
}
|
||||
|
||||
// WindowsResources has container runtime resource constraints
|
||||
// TODO Windows containerd. This structure needs ratifying with the old resources
|
||||
// structure used on Windows and the latest OCI spec.
|
||||
type WindowsResources struct {
|
||||
// Memory restriction configuration
|
||||
Memory *WindowsMemory `json:"memory,omitempty"`
|
||||
// CPU resource restriction configuration
|
||||
CPU *WindowsCPU `json:"cpu,omitempty"`
|
||||
// Storage restriction configuration
|
||||
Storage *WindowsStorage `json:"storage,omitempty"`
|
||||
// Network restriction configuration
|
||||
Network *WindowsNetwork `json:"network,omitempty"`
|
||||
}
|
||||
|
||||
const (
|
||||
// VersionMajor is for an API incompatible changes
|
||||
VersionMajor = 0
|
||||
// VersionMinor is for functionality in a backwards-compatible manner
|
||||
VersionMinor = 3
|
||||
// VersionPatch is for backwards-compatible bug fixes
|
||||
VersionPatch = 0
|
||||
|
||||
// VersionDev indicates development branch. Releases will be empty string.
|
||||
VersionDev = ""
|
||||
)
|
||||
|
||||
// Version is the specification version that the package types support.
|
||||
var Version = fmt.Sprintf("%d.%d.%d%s (Windows)", VersionMajor, VersionMinor, VersionPatch, VersionDev)
|
||||
|
||||
//
|
||||
// Temporary structures. Ultimately this whole file will be removed.
|
||||
//
|
||||
|
||||
// Linux contains platform specific configuration for Linux based containers.
|
||||
type Linux struct {
|
||||
}
|
||||
|
||||
// Solaris contains platform specific configuration for Solaris application containers.
|
||||
type Solaris struct {
|
||||
}
|
||||
|
||||
// Hooks for container setup and teardown
|
||||
type Hooks struct {
|
||||
}
|
||||
|
||||
// Rlimit type and restrictions. Placeholder only to support the Process structure.
|
||||
// Not used on Windows, only present for compilation purposes.
|
||||
type Rlimit struct {
|
||||
}
|
|
@ -1,3 +0,0 @@
|
|||
// +build !windows
|
||||
|
||||
package windowsoci
|
|
@ -76,7 +76,7 @@ func DefaultSpec() specs.Spec {
|
|||
"CAP_AUDIT_WRITE",
|
||||
}
|
||||
|
||||
s.Linux = specs.Linux{
|
||||
s.Linux = &specs.Linux{
|
||||
MaskedPaths: []string{
|
||||
"/proc/kcore",
|
||||
"/proc/latency_stats",
|
||||
|
|
|
@ -3,17 +3,17 @@ package oci
|
|||
import (
|
||||
"runtime"
|
||||
|
||||
"github.com/docker/docker/libcontainerd/windowsoci"
|
||||
"github.com/opencontainers/runtime-spec/specs-go"
|
||||
)
|
||||
|
||||
// DefaultSpec returns default spec used by docker.
|
||||
func DefaultSpec() windowsoci.Spec {
|
||||
return windowsoci.Spec{
|
||||
Version: windowsoci.Version,
|
||||
Platform: windowsoci.Platform{
|
||||
func DefaultSpec() specs.Spec {
|
||||
return specs.Spec{
|
||||
Version: specs.Version,
|
||||
Platform: specs.Platform{
|
||||
OS: runtime.GOOS,
|
||||
Arch: runtime.GOARCH,
|
||||
},
|
||||
Windows: &windowsoci.Windows{},
|
||||
Windows: &specs.Windows{},
|
||||
}
|
||||
}
|
||||
|
|
|
@ -15,6 +15,7 @@ import (
|
|||
"github.com/docker/docker/pkg/plugins"
|
||||
"github.com/docker/docker/plugin/v2"
|
||||
"github.com/docker/docker/restartmanager"
|
||||
"github.com/opencontainers/runtime-spec/specs-go"
|
||||
)
|
||||
|
||||
func (pm *Manager) enable(p *v2.Plugin, force bool) error {
|
||||
|
@ -27,7 +28,7 @@ func (pm *Manager) enable(p *v2.Plugin, force bool) error {
|
|||
}
|
||||
|
||||
p.RestartManager = restartmanager.New(container.RestartPolicy{Name: "always"}, 0)
|
||||
if err := pm.containerdClient.Create(p.GetID(), "", "", libcontainerd.Spec(*spec), libcontainerd.WithRestartManager(p.RestartManager)); err != nil {
|
||||
if err := pm.containerdClient.Create(p.GetID(), "", "", specs.Spec(*spec), libcontainerd.WithRestartManager(p.RestartManager)); err != nil {
|
||||
if err := p.RestartManager.Cancel(); err != nil {
|
||||
logrus.Errorf("enable: restartManager.Cancel failed due to %v", err)
|
||||
}
|
||||
|
|
|
@ -4,33 +4,37 @@ import "os"
|
|||
|
||||
// Spec is the base configuration for the container.
|
||||
type Spec struct {
|
||||
// Version is the version of the specification that is supported.
|
||||
// Version of the Open Container Runtime Specification with which the bundle complies.
|
||||
Version string `json:"ociVersion"`
|
||||
// Platform is the host information for OS and Arch.
|
||||
// Platform specifies the configuration's target platform.
|
||||
Platform Platform `json:"platform"`
|
||||
// Process is the container's main process.
|
||||
// Process configures the container process.
|
||||
Process Process `json:"process"`
|
||||
// Root is the root information for the container's filesystem.
|
||||
// Root configures the container's root filesystem.
|
||||
Root Root `json:"root"`
|
||||
// Hostname is the container's host name.
|
||||
// Hostname configures the container's hostname.
|
||||
Hostname string `json:"hostname,omitempty"`
|
||||
// Mounts profile configuration for adding mounts to the container's filesystem.
|
||||
// Mounts configures additional mounts (on top of Root).
|
||||
Mounts []Mount `json:"mounts,omitempty"`
|
||||
// Hooks are the commands run at various lifecycle events of the container.
|
||||
// Hooks configures callbacks for container lifecycle events.
|
||||
Hooks Hooks `json:"hooks"`
|
||||
// Annotations is an unstructured key value map that may be set by external tools to store and retrieve arbitrary metadata.
|
||||
// Annotations contains arbitrary metadata for the container.
|
||||
Annotations map[string]string `json:"annotations,omitempty"`
|
||||
|
||||
// Linux is platform specific configuration for Linux based containers.
|
||||
Linux Linux `json:"linux" platform:"linux,omitempty"`
|
||||
Linux *Linux `json:"linux,omitempty" platform:"linux"`
|
||||
// Solaris is platform specific configuration for Solaris containers.
|
||||
Solaris Solaris `json:"solaris" platform:"solaris,omitempty"`
|
||||
Solaris *Solaris `json:"solaris,omitempty" platform:"solaris"`
|
||||
// Windows is platform specific configuration for Windows based containers, including Hyper-V containers.
|
||||
Windows *Windows `json:"windows,omitempty" platform:"windows"`
|
||||
}
|
||||
|
||||
// Process contains information to start a specific application inside the container.
|
||||
type Process struct {
|
||||
// Terminal creates an interactive terminal for the container.
|
||||
Terminal bool `json:"terminal,omitempty"`
|
||||
// ConsoleSize specifies the size of the console.
|
||||
ConsoleSize Box `json:"consoleSize,omitempty"`
|
||||
// User specifies user information for the process.
|
||||
User User `json:"user"`
|
||||
// Args specifies the binary and arguments for the application to execute.
|
||||
|
@ -43,25 +47,33 @@ type Process struct {
|
|||
// Capabilities are Linux capabilities that are kept for the container.
|
||||
Capabilities []string `json:"capabilities,omitempty" platform:"linux"`
|
||||
// Rlimits specifies rlimit options to apply to the process.
|
||||
Rlimits []Rlimit `json:"rlimits,omitempty"`
|
||||
Rlimits []Rlimit `json:"rlimits,omitempty" platform:"linux"`
|
||||
// NoNewPrivileges controls whether additional privileges could be gained by processes in the container.
|
||||
NoNewPrivileges bool `json:"noNewPrivileges,omitempty"`
|
||||
|
||||
// ApparmorProfile specified the apparmor profile for the container. (this field is platform dependent)
|
||||
NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux"`
|
||||
// ApparmorProfile specifies the apparmor profile for the container.
|
||||
ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"`
|
||||
// SelinuxLabel specifies the selinux context that the container process is run as. (this field is platform dependent)
|
||||
// SelinuxLabel specifies the selinux context that the container process is run as.
|
||||
SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"`
|
||||
}
|
||||
|
||||
// User specifies Linux specific user and group information for the container's
|
||||
// main process.
|
||||
// Box specifies dimensions of a rectangle. Used for specifying the size of a console.
|
||||
type Box struct {
|
||||
// Height is the vertical dimension of a box.
|
||||
Height uint `json:"height"`
|
||||
// Width is the horizontal dimension of a box.
|
||||
Width uint `json:"width"`
|
||||
}
|
||||
|
||||
// User specifies specific user (and group) information for the container process.
|
||||
type User struct {
|
||||
// UID is the user id. (this field is platform dependent)
|
||||
UID uint32 `json:"uid" platform:"linux"`
|
||||
// GID is the group id. (this field is platform dependent)
|
||||
GID uint32 `json:"gid" platform:"linux"`
|
||||
// AdditionalGids are additional group ids set for the container's process. (this field is platform dependent)
|
||||
AdditionalGids []uint32 `json:"additionalGids,omitempty" platform:"linux"`
|
||||
// UID is the user id.
|
||||
UID uint32 `json:"uid" platform:"linux,solaris"`
|
||||
// GID is the group id.
|
||||
GID uint32 `json:"gid" platform:"linux,solaris"`
|
||||
// AdditionalGids are additional group ids set for the container's process.
|
||||
AdditionalGids []uint32 `json:"additionalGids,omitempty" platform:"linux,solaris"`
|
||||
// Username is the user name.
|
||||
Username string `json:"username,omitempty" platform:"windows"`
|
||||
}
|
||||
|
||||
// Root contains information about the container's root filesystem on the host.
|
||||
|
@ -262,7 +274,7 @@ type Memory struct {
|
|||
// Kernel memory limit (in bytes).
|
||||
Kernel *uint64 `json:"kernel,omitempty"`
|
||||
// Kernel memory limit for tcp (in bytes)
|
||||
KernelTCP *uint64 `json:"kernelTCP"`
|
||||
KernelTCP *uint64 `json:"kernelTCP,omitempty"`
|
||||
// How aggressive the kernel will swap memory pages. Range from 0 to 100.
|
||||
Swappiness *uint64 `json:"swappiness,omitempty"`
|
||||
}
|
||||
|
@ -294,15 +306,15 @@ type Pids struct {
|
|||
// Network identification and priority configuration
|
||||
type Network struct {
|
||||
// Set class identifier for container's network packets
|
||||
ClassID *uint32 `json:"classID"`
|
||||
ClassID *uint32 `json:"classID,omitempty"`
|
||||
// Set priority of network traffic for container
|
||||
Priorities []InterfacePriority `json:"priorities,omitempty"`
|
||||
}
|
||||
|
||||
// Resources has container runtime resource constraints
|
||||
type Resources struct {
|
||||
// Devices are a list of device rules for the whitelist controller
|
||||
Devices []DeviceCgroup `json:"devices"`
|
||||
// Devices configures the device whitelist.
|
||||
Devices []DeviceCgroup `json:"devices,omitempty"`
|
||||
// DisableOOMKiller disables the OOM killer for out of memory conditions
|
||||
DisableOOMKiller *bool `json:"disableOOMKiller,omitempty"`
|
||||
// Specify an oom_score_adj for the container.
|
||||
|
@ -371,9 +383,9 @@ type Solaris struct {
|
|||
// Specification for automatic creation of network resources for this container.
|
||||
Anet []Anet `json:"anet,omitempty"`
|
||||
// Set limit on the amount of CPU time that can be used by container.
|
||||
CappedCPU CappedCPU `json:"cappedCPU,omitempty"`
|
||||
CappedCPU *CappedCPU `json:"cappedCPU,omitempty"`
|
||||
// The physical and swap caps on the memory that can be used by this container.
|
||||
CappedMemory CappedMemory `json:"cappedMemory,omitempty"`
|
||||
CappedMemory *CappedMemory `json:"cappedMemory,omitempty"`
|
||||
}
|
||||
|
||||
// CappedCPU allows users to set limit on the amount of CPU time that can be used by container.
|
||||
|
@ -405,6 +417,58 @@ type Anet struct {
|
|||
Macaddress string `json:"macAddress,omitempty"`
|
||||
}
|
||||
|
||||
// Windows defines the runtime configuration for Windows based containers, including Hyper-V containers.
|
||||
type Windows struct {
|
||||
// Resources contains information for handling resource constraints for the container.
|
||||
Resources *WindowsResources `json:"resources,omitempty"`
|
||||
}
|
||||
|
||||
// WindowsResources has container runtime resource constraints for containers running on Windows.
|
||||
type WindowsResources struct {
|
||||
// Memory restriction configuration.
|
||||
Memory *WindowsMemoryResources `json:"memory,omitempty"`
|
||||
// CPU resource restriction configuration.
|
||||
CPU *WindowsCPUResources `json:"cpu,omitempty"`
|
||||
// Storage restriction configuration.
|
||||
Storage *WindowsStorageResources `json:"storage,omitempty"`
|
||||
// Network restriction configuration.
|
||||
Network *WindowsNetworkResources `json:"network,omitempty"`
|
||||
}
|
||||
|
||||
// WindowsMemoryResources contains memory resource management settings.
|
||||
type WindowsMemoryResources struct {
|
||||
// Memory limit in bytes.
|
||||
Limit *uint64 `json:"limit,omitempty"`
|
||||
// Memory reservation in bytes.
|
||||
Reservation *uint64 `json:"reservation,omitempty"`
|
||||
}
|
||||
|
||||
// WindowsCPUResources contains CPU resource management settings.
|
||||
type WindowsCPUResources struct {
|
||||
// Number of CPUs available to the container.
|
||||
Count *uint64 `json:"count,omitempty"`
|
||||
// CPU shares (relative weight to other containers with cpu shares). Range is from 1 to 10000.
|
||||
Shares *uint16 `json:"shares,omitempty"`
|
||||
// Percent of available CPUs usable by the container.
|
||||
Percent *uint8 `json:"percent,omitempty"`
|
||||
}
|
||||
|
||||
// WindowsStorageResources contains storage resource management settings.
|
||||
type WindowsStorageResources struct {
|
||||
// Specifies maximum Iops for the system drive.
|
||||
Iops *uint64 `json:"iops,omitempty"`
|
||||
// Specifies maximum bytes per second for the system drive.
|
||||
Bps *uint64 `json:"bps,omitempty"`
|
||||
// Sandbox size specifies the minimum size of the system drive in bytes.
|
||||
SandboxSize *uint64 `json:"sandboxSize,omitempty"`
|
||||
}
|
||||
|
||||
// WindowsNetworkResources contains network resource management settings.
|
||||
type WindowsNetworkResources struct {
|
||||
// EgressBandwidth is the maximum egress bandwidth in bytes per second.
|
||||
EgressBandwidth *uint64 `json:"egressBandwidth,omitempty"`
|
||||
}
|
||||
|
||||
// Arch used for additional architectures
|
||||
type Arch string
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ type State struct {
|
|||
ID string `json:"id"`
|
||||
// Status is the runtime state of the container.
|
||||
Status string `json:"status"`
|
||||
// Pid is the process id for the container's main process.
|
||||
// Pid is the process ID for the container process.
|
||||
Pid int `json:"pid"`
|
||||
// BundlePath is the path to the container's bundle directory.
|
||||
BundlePath string `json:"bundlePath"`
|
||||
|
|
|
@ -11,7 +11,7 @@ const (
|
|||
VersionPatch = 0
|
||||
|
||||
// VersionDev indicates development branch. Releases will be empty string.
|
||||
VersionDev = "-rc1"
|
||||
VersionDev = "-rc2-dev"
|
||||
)
|
||||
|
||||
// Version is the specification version that the package types support.
|
||||
|
|
Loading…
Reference in a new issue