kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Windows: Fix 'isolation'

Browse source 
Signed-off-by: John Howard <jhoward@microsoft.com>
This commit is contained in:
John Howard 2016-02-03 12:07:00 -08:00
parent 2658341b5f
commit d4b0732499
11 changed files with 42 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
api/client/build.go
View file

@ -66,7 +66,7 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
flCgroupParent := cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container") flCgroupParent := cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container")
flBuildArg := opts.NewListOpts(runconfigopts.ValidateEnv) flBuildArg := opts.NewListOpts(runconfigopts.ValidateEnv)
cmd.Var(&flBuildArg, []string{"-build-arg"}, "Set build-time variables") cmd.Var(&flBuildArg, []string{"-build-arg"}, "Set build-time variables")
isolation := cmd.String([]string{"-isolation"}, "", "Container isolation level") isolation := cmd.String([]string{"-isolation"}, "", "Container isolation technology")
ulimits := make(map[string]*units.Ulimit) ulimits := make(map[string]*units.Ulimit)
flUlimits := runconfigopts.NewUlimitOpt(&ulimits) flUlimits := runconfigopts.NewUlimitOpt(&ulimits)
@ -224,7 +224,7 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
Remove: *rm, Remove: *rm,
ForceRemove: *forceRm, ForceRemove: *forceRm,
PullParent: *pull, PullParent: *pull,
IsolationLevel: container.IsolationLevel(*isolation), Isolation: container.Isolation(*isolation),
CPUSetCPUs: *flCPUSetCpus, CPUSetCPUs: *flCPUSetCpus,
CPUSetMems: *flCPUSetMems, CPUSetMems: *flCPUSetMems,
CPUShares: *flCPUShares, CPUShares: *flCPUShares,

6
api/server/router/build/build_routes.go
View file

@ -60,11 +60,11 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui
options.ShmSize = shmSize options.ShmSize = shmSize
} }
if i := container.IsolationLevel(r.FormValue("isolation")); i != "" { if i := container.Isolation(r.FormValue("isolation")); i != "" {
if !container.IsolationLevel.IsValid(i) { if !container.Isolation.IsValid(i) {
return nil, fmt.Errorf("Unsupported isolation: %q", i) return nil, fmt.Errorf("Unsupported isolation: %q", i)
} }
options.IsolationLevel = i options.Isolation = i
} }
var buildUlimits = []*units.Ulimit{} var buildUlimits = []*units.Ulimit{}

2
builder/dockerfile/internals.go
View file

@ -506,7 +506,7 @@ func (b *Builder) create() (string, error) {
// TODO: why not embed a hostconfig in builder? // TODO: why not embed a hostconfig in builder?
hostConfig := &container.HostConfig{ hostConfig := &container.HostConfig{
Isolation: b.options.IsolationLevel, Isolation: b.options.Isolation,
ShmSize: b.options.ShmSize, ShmSize: b.options.ShmSize,
Resources: resources, Resources: resources,
} }

2
daemon/execdriver/driver_windows.go
View file

@ -53,7 +53,7 @@ type Command struct {
Hostname string `json:"hostname"` // Windows sets the hostname in the execdriver Hostname string `json:"hostname"` // Windows sets the hostname in the execdriver
LayerFolder string `json:"layer_folder"` // Layer folder for a command LayerFolder string `json:"layer_folder"` // Layer folder for a command
LayerPaths []string `json:"layer_paths"` // Layer paths for a command LayerPaths []string `json:"layer_paths"` // Layer paths for a command
Isolation string `json:"isolation"` // Isolation level for the container Isolation string `json:"isolation"` // Isolation technology for the container
ArgsEscaped bool `json:"args_escaped"` // True if args are already escaped ArgsEscaped bool `json:"args_escaped"` // True if args are already escaped
HvPartition bool `json:"hv_partition"` // True if it's an hypervisor partition HvPartition bool `json:"hv_partition"` // True if it's an hypervisor partition
} }

10
daemon/execdriver/windows/windows.go
View file

@ -28,11 +28,11 @@ var dummyMode bool
// This allows the daemon to force kill (HCS terminate) rather than shutdown // This allows the daemon to force kill (HCS terminate) rather than shutdown
var forceKill bool var forceKill bool
// DefaultIsolation allows users to specify a default isolation mode for // DefaultIsolation allows users to specify a default isolation technology for
// when running a container on Windows. For example docker daemon -D // when running a container on Windows. For example docker daemon -D
// --exec-opt isolation=hyperv will cause Windows to always run containers // --exec-opt isolation=hyperv will cause Windows to always run containers
// as Hyper-V containers unless otherwise specified. // as Hyper-V containers unless otherwise specified.
var DefaultIsolation container.IsolationLevel = "process" var DefaultIsolation container.Isolation = "process"
// Define name and version for windows // Define name and version for windows
var ( var (
@ -83,13 +83,13 @@ func NewDriver(root string, options []string) (*Driver, error) {
} }
case "isolation": case "isolation":
if !container.IsolationLevel(val).IsValid() { if !container.Isolation(val).IsValid() {
return nil, fmt.Errorf("Unrecognised exec driver option 'isolation':'%s'", val) return nil, fmt.Errorf("Unrecognised exec driver option 'isolation':'%s'", val)
} }
if container.IsolationLevel(val).IsHyperV() { if container.Isolation(val).IsHyperV() {
DefaultIsolation = "hyperv" DefaultIsolation = "hyperv"
} }
logrus.Infof("Windows default isolation level: '%s'", val) logrus.Infof("Windows default isolation: '%s'", val)
default: default:
return nil, fmt.Errorf("Unrecognised exec driver option %s\n", key) return nil, fmt.Errorf("Unrecognised exec driver option %s\n", key)
} }

2
daemon/list.go
View file

@ -246,7 +246,7 @@ func includeContainerInList(container *container.Container, ctx *listContext) it
return excludeContainer return excludeContainer
} }
// Do not include container if the isolation mode doesn't match // Do not include container if isolation doesn't match
if excludeContainer == excludeByIsolation(container, ctx) { if excludeContainer == excludeByIsolation(container, ctx) {
return excludeContainer return excludeContainer
} }

4
runconfig/config.go
View file

@ -44,8 +44,8 @@ func DecodeContainerConfig(src io.Reader) (*container.Config, *container.HostCon
return nil, nil, nil, err return nil, nil, nil, err
} }
// Validate the isolation level // Validate isolation
if err := ValidateIsolationLevel(hc); err != nil { if err := ValidateIsolation(hc); err != nil {
return nil, nil, nil, err return nil, nil, nil, err
} }
return w.Config, hc, w.NetworkingConfig, nil return w.Config, hc, w.NetworkingConfig, nil

25
runconfig/config_test.go
View file

@ -65,7 +65,7 @@ func TestDecodeContainerConfig(t *testing.T) {
} }
} }
// TestDecodeContainerConfigIsolation validates the isolation level passed // TestDecodeContainerConfigIsolation validates isolation passed
// to the daemon in the hostConfig structure. Note this is platform specific // to the daemon in the hostConfig structure. Note this is platform specific
// as to what level of container isolation is supported. // as to what level of container isolation is supported.
func TestDecodeContainerConfigIsolation(t *testing.T) { func TestDecodeContainerConfigIsolation(t *testing.T) {
@ -77,17 +77,30 @@ func TestDecodeContainerConfigIsolation(t *testing.T) {
} }
} }
// Blank isolation level (== default) // Blank isolation (== default)
if _, _, _, err := callDecodeContainerConfigIsolation(""); err != nil { if _, _, _, err := callDecodeContainerConfigIsolation(""); err != nil {
t.Fatal("Blank isolation should have succeeded") t.Fatal("Blank isolation should have succeeded")
} }
// Default isolation level // Default isolation
if _, _, _, err := callDecodeContainerConfigIsolation("default"); err != nil { if _, _, _, err := callDecodeContainerConfigIsolation("default"); err != nil {
t.Fatal("default isolation should have succeeded") t.Fatal("default isolation should have succeeded")
} }
// Hyper-V Containers isolation level (Valid on Windows only) // Process isolation (Valid on Windows only)
if runtime.GOOS == "windows" {
if _, _, _, err := callDecodeContainerConfigIsolation("process"); err != nil {
t.Fatal("process isolation should have succeeded")
}
} else {
if _, _, _, err := callDecodeContainerConfigIsolation("process"); err != nil {
if !strings.Contains(err.Error(), `invalid --isolation: "process"`) {
t.Fatal(err)
}
}
}
// Hyper-V Containers isolation (Valid on Windows only)
if runtime.GOOS == "windows" { if runtime.GOOS == "windows" {
if _, _, _, err := callDecodeContainerConfigIsolation("hyperv"); err != nil { if _, _, _, err := callDecodeContainerConfigIsolation("hyperv"); err != nil {
t.Fatal("hyperv isolation should have succeeded") t.Fatal("hyperv isolation should have succeeded")
@ -102,7 +115,7 @@ func TestDecodeContainerConfigIsolation(t *testing.T) {
} }
// callDecodeContainerConfigIsolation is a utility function to call // callDecodeContainerConfigIsolation is a utility function to call
// DecodeContainerConfig for validating isolation levels // DecodeContainerConfig for validating isolation
func callDecodeContainerConfigIsolation(isolation string) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) { func callDecodeContainerConfigIsolation(isolation string) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
var ( var (
b []byte b []byte
@ -112,7 +125,7 @@ func callDecodeContainerConfigIsolation(isolation string) (*container.Config, *c
Config: &container.Config{}, Config: &container.Config{},
HostConfig: &container.HostConfig{ HostConfig: &container.HostConfig{
NetworkMode: "none", NetworkMode: "none",
Isolation: container.IsolationLevel(isolation)}, Isolation: container.Isolation(isolation)},
} }
if b, err = json.Marshal(w); err != nil { if b, err = json.Marshal(w); err != nil {
return nil, nil, nil, fmt.Errorf("Error on marshal %s", err.Error()) return nil, nil, nil, fmt.Errorf("Error on marshal %s", err.Error())

6
runconfig/hostconfig_unix.go
View file

@ -70,10 +70,10 @@ func ValidateNetMode(c *container.Config, hc *container.HostConfig) error {
return nil return nil
} }
// ValidateIsolationLevel performs platform specific validation of the // ValidateIsolation performs platform specific validation of
// isolation level in the hostconfig structure. Linux only supports "default" // isolation in the hostconfig structure. Linux only supports "default"
// which is LXC container isolation // which is LXC container isolation
func ValidateIsolationLevel(hc *container.HostConfig) error { func ValidateIsolation(hc *container.HostConfig) error {
// We may not be passed a host config, such as in the case of docker commit // We may not be passed a host config, such as in the case of docker commit
if hc == nil { if hc == nil {
return nil return nil

6
runconfig/hostconfig_windows.go
View file

@ -34,10 +34,10 @@ func ValidateNetMode(c *container.Config, hc *container.HostConfig) error {
return nil return nil
} }
// ValidateIsolationLevel performs platform specific validation of the // ValidateIsolation performs platform specific validation of the
// isolation level in the hostconfig structure. Windows supports 'default' (or // isolation in the hostconfig structure. Windows supports 'default' (or
// blank), 'process', or 'hyperv'. // blank), 'process', or 'hyperv'.
func ValidateIsolationLevel(hc *container.HostConfig) error { func ValidateIsolation(hc *container.HostConfig) error {
// We may not be passed a host config, such as in the case of docker commit // We may not be passed a host config, such as in the case of docker commit
if hc == nil { if hc == nil {
return nil return nil

4
runconfig/opts/parse.go
View file

@ -91,7 +91,7 @@ func Parse(cmd *flag.FlagSet, args []string) (*container.Config, *container.Host
flCgroupParent = cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container") flCgroupParent = cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container")
flVolumeDriver = cmd.String([]string{"-volume-driver"}, "", "Optional volume driver for the container") flVolumeDriver = cmd.String([]string{"-volume-driver"}, "", "Optional volume driver for the container")
flStopSignal = cmd.String([]string{"-stop-signal"}, signal.DefaultStopSignal, fmt.Sprintf("Signal to stop a container, %v by default", signal.DefaultStopSignal)) flStopSignal = cmd.String([]string{"-stop-signal"}, signal.DefaultStopSignal, fmt.Sprintf("Signal to stop a container, %v by default", signal.DefaultStopSignal))
flIsolation = cmd.String([]string{"-isolation"}, "", "Container isolation level") flIsolation = cmd.String([]string{"-isolation"}, "", "Container isolation technology")
flShmSize = cmd.String([]string{"-shm-size"}, "", "Size of /dev/shm, default value is 64MB") flShmSize = cmd.String([]string{"-shm-size"}, "", "Size of /dev/shm, default value is 64MB")
) )
@ -408,7 +408,7 @@ func Parse(cmd *flag.FlagSet, args []string) (*container.Config, *container.Host
ReadonlyRootfs: *flReadonlyRootfs, ReadonlyRootfs: *flReadonlyRootfs,
LogConfig: container.LogConfig{Type: *flLoggingDriver, Config: loggingOpts}, LogConfig: container.LogConfig{Type: *flLoggingDriver, Config: loggingOpts},
VolumeDriver: *flVolumeDriver, VolumeDriver: *flVolumeDriver,
Isolation: container.IsolationLevel(*flIsolation), Isolation: container.Isolation(*flIsolation),
ShmSize: shmSize, ShmSize: shmSize,
Resources: resources, Resources: resources,
Tmpfs: tmpfs, Tmpfs: tmpfs,