mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Windows: Add default isolation exec driver option
Signed-off-by: John Howard <jhoward@microsoft.com>
This commit is contained in:
parent
0631ec6ca0
commit
a429ad1e35
8 changed files with 57 additions and 23 deletions
|
@ -136,7 +136,7 @@ func (daemon *Daemon) populateCommand(c *Container, env []string) error {
|
|||
LayerFolder: layerFolder,
|
||||
LayerPaths: layerPaths,
|
||||
Hostname: c.Config.Hostname,
|
||||
Isolated: c.hostConfig.Isolation.IsHyperV(),
|
||||
Isolation: c.hostConfig.Isolation,
|
||||
}
|
||||
|
||||
return nil
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
package execdriver
|
||||
|
||||
import "github.com/docker/docker/pkg/nat"
|
||||
import (
|
||||
"github.com/docker/docker/pkg/nat"
|
||||
"github.com/docker/docker/runconfig"
|
||||
)
|
||||
|
||||
// Mount contains information for a mount operation.
|
||||
type Mount struct {
|
||||
|
@ -44,7 +47,7 @@ type Command struct {
|
|||
Hostname string `json:"hostname"` // Windows sets the hostname in the execdriver
|
||||
LayerFolder string `json:"layer_folder"` // Layer folder for a command
|
||||
LayerPaths []string `json:"layer_paths"` // Layer paths for a command
|
||||
Isolated bool `json:"isolated"` // True if a Hyper-V container
|
||||
Isolation runconfig.IsolationLevel `json:"isolation"` // Isolation level for the container
|
||||
}
|
||||
|
||||
// ExitStatus provides exit reasons for a container.
|
||||
|
|
|
@ -2,11 +2,15 @@
|
|||
|
||||
package windows
|
||||
|
||||
import "github.com/docker/docker/daemon/execdriver"
|
||||
import (
|
||||
"github.com/docker/docker/daemon/execdriver"
|
||||
"github.com/docker/docker/runconfig"
|
||||
)
|
||||
|
||||
type info struct {
|
||||
ID string
|
||||
driver *Driver
|
||||
isolation runconfig.IsolationLevel
|
||||
}
|
||||
|
||||
// Info implements the exec driver Driver interface.
|
||||
|
@ -14,6 +18,7 @@ func (d *Driver) Info(id string) execdriver.Info {
|
|||
return &info{
|
||||
ID: id,
|
||||
driver: d,
|
||||
isolation: defaultIsolation,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -110,10 +110,18 @@ func (d *Driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, hooks execd
|
|||
LayerFolderPath: c.LayerFolder,
|
||||
ProcessorWeight: c.Resources.CPUShares,
|
||||
HostName: c.Hostname,
|
||||
HvPartition: c.Isolated,
|
||||
}
|
||||
|
||||
if c.Isolated {
|
||||
// Work out the isolation (whether it is a hypervisor partition)
|
||||
if c.Isolation.IsDefault() {
|
||||
// Not specified by caller. Take daemon default
|
||||
cu.HvPartition = defaultIsolation.IsHyperV()
|
||||
} else {
|
||||
// Take value specified by caller
|
||||
cu.HvPartition = c.Isolation.IsHyperV()
|
||||
}
|
||||
|
||||
if cu.HvPartition {
|
||||
cu.SandboxPath = filepath.Dir(c.LayerFolder)
|
||||
} else {
|
||||
cu.VolumePath = c.Rootfs
|
||||
|
|
|
@ -11,6 +11,7 @@ import (
|
|||
"github.com/docker/docker/autogen/dockerversion"
|
||||
"github.com/docker/docker/daemon/execdriver"
|
||||
"github.com/docker/docker/pkg/parsers"
|
||||
"github.com/docker/docker/runconfig"
|
||||
)
|
||||
|
||||
// This is a daemon development variable only and should not be
|
||||
|
@ -21,6 +22,12 @@ var dummyMode bool
|
|||
// This allows the daemon to force kill (HCS terminate) rather than shutdown
|
||||
var forceKill bool
|
||||
|
||||
// defaultIsolation allows users to specify a default isolation mode for
|
||||
// when running a container on Windows. For example docker daemon -D
|
||||
// --exec-opt isolation=hyperv will cause Windows to always run containers
|
||||
// as Hyper-V containers unless otherwise specified.
|
||||
var defaultIsolation runconfig.IsolationLevel = "process"
|
||||
|
||||
// Define name and version for windows
|
||||
var (
|
||||
DriverName = "Windows 1854"
|
||||
|
@ -42,7 +49,7 @@ type Driver struct {
|
|||
|
||||
// Name implements the exec driver Driver interface.
|
||||
func (d *Driver) Name() string {
|
||||
return fmt.Sprintf("%s %s", DriverName, Version)
|
||||
return fmt.Sprintf("\n Name: %s\n Build: %s \n Default Isolation: %s", DriverName, Version, defaultIsolation)
|
||||
}
|
||||
|
||||
// NewDriver returns a new windows driver, called from NewDriver of execdriver.
|
||||
|
@ -70,6 +77,14 @@ func NewDriver(root, initPath string, options []string) (*Driver, error) {
|
|||
logrus.Warn("Using force kill mode in Windows exec driver. This is for testing purposes only.")
|
||||
}
|
||||
|
||||
case "isolation":
|
||||
if !runconfig.IsolationLevel(val).IsValid() {
|
||||
return nil, fmt.Errorf("Unrecognised exec driver option 'isolation':'%s'", val)
|
||||
}
|
||||
if runconfig.IsolationLevel(val).IsHyperV() {
|
||||
defaultIsolation = "hyperv"
|
||||
}
|
||||
logrus.Infof("Windows default isolation level: '%s'", val)
|
||||
default:
|
||||
return nil, fmt.Errorf("Unrecognised exec driver option %s\n", key)
|
||||
}
|
||||
|
|
|
@ -117,7 +117,7 @@ Query Parameters:
|
|||
- `exited=<int>`; -- containers with exit code of `<int>` ;
|
||||
- `status=`(`created`|`restarting`|`running`|`paused`|`exited`)
|
||||
- `label=key` or `label="key=value"` of a container label
|
||||
- `isolation=`(`default`|`hyperv`) (Windows daemon only)
|
||||
- `isolation=`(`default`|`process`|`hyperv`) (Windows daemon only)
|
||||
|
||||
Status Codes:
|
||||
|
||||
|
|
|
@ -51,7 +51,7 @@ The currently supported filters are:
|
|||
* exited (int - the code of exited containers. Only useful with `--all`)
|
||||
* status (created|restarting|running|paused|exited)
|
||||
* ancestor (`<image-name>[:<tag>]`, `<image id>` or `<image@digest>`) - filters containers that were created from the given image or a descendant.
|
||||
* isolation (default|hyperv) (Windows daemon only)
|
||||
* isolation (default|process|hyperv) (Windows daemon only)
|
||||
|
||||
|
||||
#### Label
|
||||
|
|
|
@ -10,15 +10,19 @@ func (n NetworkMode) IsDefault() bool {
|
|||
return n == "default"
|
||||
}
|
||||
|
||||
// IsHyperV indicates the use of Hyper-V Containers for isolation (as opposed
|
||||
// to Windows Server Containers
|
||||
// IsHyperV indicates the use of a Hyper-V partition for isolation
|
||||
func (i IsolationLevel) IsHyperV() bool {
|
||||
return strings.ToLower(string(i)) == "hyperv"
|
||||
}
|
||||
|
||||
// IsProcess indicates the use of process isolation
|
||||
func (i IsolationLevel) IsProcess() bool {
|
||||
return strings.ToLower(string(i)) == "process"
|
||||
}
|
||||
|
||||
// IsValid indicates is an isolation level is valid
|
||||
func (i IsolationLevel) IsValid() bool {
|
||||
return i.IsDefault() || i.IsHyperV()
|
||||
return i.IsDefault() || i.IsHyperV() || i.IsProcess()
|
||||
}
|
||||
|
||||
// DefaultDaemonNetworkMode returns the default network stack the daemon should
|
||||
|
@ -67,15 +71,14 @@ func ValidateNetMode(c *Config, hc *HostConfig) error {
|
|||
|
||||
// ValidateIsolationLevel performs platform specific validation of the
|
||||
// isolation level in the hostconfig structure. Windows supports 'default' (or
|
||||
// blank), and 'hyperv'. These refer to Windows Server Containers and
|
||||
// Hyper-V Containers respectively.
|
||||
// blank), 'process', or 'hyperv'.
|
||||
func ValidateIsolationLevel(hc *HostConfig) error {
|
||||
// We may not be passed a host config, such as in the case of docker commit
|
||||
if hc == nil {
|
||||
return nil
|
||||
}
|
||||
if !hc.Isolation.IsValid() {
|
||||
return fmt.Errorf("invalid --isolation: %q. Windows supports 'default' (Windows Server Container) or 'hyperv' (Hyper-V Container)", hc.Isolation)
|
||||
return fmt.Errorf("invalid --isolation: %q. Windows supports 'default', 'process', or 'hyperv'", hc.Isolation)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue