package runconfig import ( "encoding/json" "io" "strings" "github.com/docker/docker/pkg/nat" "github.com/docker/docker/pkg/ulimit" ) // KeyValuePair is a structure that hold a value for a key. type KeyValuePair struct { Key string Value string } // NetworkMode represents the container network stack. type NetworkMode string // IpcMode represents the container ipc stack. type IpcMode string // IsPrivate indicates whether the container uses it's private ipc stack. func (n IpcMode) IsPrivate() bool { return !(n.IsHost() || n.IsContainer()) } // IsHost indicates whether the container uses the host's ipc stack. func (n IpcMode) IsHost() bool { return n == "host" } // IsContainer indicates whether the container uses a container's ipc stack. func (n IpcMode) IsContainer() bool { parts := strings.SplitN(string(n), ":", 2) return len(parts) > 1 && parts[0] == "container" } // Valid indicates whether the ipc stack is valid. func (n IpcMode) Valid() bool { parts := strings.Split(string(n), ":") switch mode := parts[0]; mode { case "", "host": case "container": if len(parts) != 2 || parts[1] == "" { return false } default: return false } return true } // Container returns the name of the container ipc stack is going to be used. func (n IpcMode) Container() string { parts := strings.SplitN(string(n), ":", 2) if len(parts) > 1 { return parts[1] } return "" } // UTSMode represents the UTS namespace of the container. type UTSMode string // IsPrivate indicates whether the container uses it's private UTS namespace. func (n UTSMode) IsPrivate() bool { return !(n.IsHost()) } // IsHost indicates whether the container uses the host's UTS namespace. func (n UTSMode) IsHost() bool { return n == "host" } // Valid indicates whether the UTS namespace is valid. func (n UTSMode) Valid() bool { parts := strings.Split(string(n), ":") switch mode := parts[0]; mode { case "", "host": default: return false } return true } // PidMode represents the pid stack of the container. type PidMode string // IsPrivate indicates whether the container uses it's private pid stack. func (n PidMode) IsPrivate() bool { return !(n.IsHost()) } // IsHost indicates whether the container uses the host's pid stack. func (n PidMode) IsHost() bool { return n == "host" } // Valid indicates whether the pid stack is valid. func (n PidMode) Valid() bool { parts := strings.Split(string(n), ":") switch mode := parts[0]; mode { case "", "host": default: return false } return true } // DeviceMapping represents the device mapping between the host and the container. type DeviceMapping struct { PathOnHost string PathInContainer string CgroupPermissions string } // RestartPolicy represents the restart policies of the container. type RestartPolicy struct { Name string MaximumRetryCount int } // IsNone indicates whether the container has the "no" restart policy. // This means the container will not automatically restart when exiting. func (rp *RestartPolicy) IsNone() bool { return rp.Name == "no" } // IsAlways indicates whether the container has the "always" restart policy. // This means the container will automatically restart regardless of the exit status. func (rp *RestartPolicy) IsAlways() bool { return rp.Name == "always" } // IsOnFailure indicates whether the container has the "on-failure" restart policy. // This means the contain will automatically restart of exiting with a non-zero exit status. func (rp *RestartPolicy) IsOnFailure() bool { return rp.Name == "on-failure" } // IsUnlessStopped indicates whether the container has the // "unless-stopped" restart policy. This means the container will // automatically restart unless user has put it to stopped state. func (rp *RestartPolicy) IsUnlessStopped() bool { return rp.Name == "unless-stopped" } // LogConfig represents the logging configuration of the container. type LogConfig struct { Type string Config map[string]string } // LxcConfig represents the specific LXC configuration of the container. type LxcConfig struct { values []KeyValuePair } // MarshalJSON marshals (or serializes) the LxcConfig into JSON. func (c *LxcConfig) MarshalJSON() ([]byte, error) { if c == nil { return []byte{}, nil } return json.Marshal(c.Slice()) } // UnmarshalJSON unmarshals (or deserializes) the specified byte slices from JSON to // a LxcConfig. func (c *LxcConfig) UnmarshalJSON(b []byte) error { if len(b) == 0 { return nil } var kv []KeyValuePair if err := json.Unmarshal(b, &kv); err != nil { var h map[string]string if err := json.Unmarshal(b, &h); err != nil { return err } for k, v := range h { kv = append(kv, KeyValuePair{k, v}) } } c.values = kv return nil } // Len returns the number of specific lxc configuration. func (c *LxcConfig) Len() int { if c == nil { return 0 } return len(c.values) } // Slice returns the specific lxc configuration into a slice of KeyValuePair. func (c *LxcConfig) Slice() []KeyValuePair { if c == nil { return nil } return c.values } // NewLxcConfig creates a LxcConfig from the specified slice of KeyValuePair. func NewLxcConfig(values []KeyValuePair) *LxcConfig { return &LxcConfig{values} } // CapList represents the list of capabilities of the container. type CapList struct { caps []string } // MarshalJSON marshals (or serializes) the CapList into JSON. func (c *CapList) MarshalJSON() ([]byte, error) { if c == nil { return []byte{}, nil } return json.Marshal(c.Slice()) } // UnmarshalJSON unmarshals (or deserializes) the specified byte slices // from JSON to a CapList. func (c *CapList) UnmarshalJSON(b []byte) error { if len(b) == 0 { return nil } var caps []string if err := json.Unmarshal(b, &caps); err != nil { var s string if err := json.Unmarshal(b, &s); err != nil { return err } caps = append(caps, s) } c.caps = caps return nil } // Len returns the number of specific kernel capabilities. func (c *CapList) Len() int { if c == nil { return 0 } return len(c.caps) } // Slice returns the specific capabilities into a slice of KeyValuePair. func (c *CapList) Slice() []string { if c == nil { return nil } return c.caps } // NewCapList creates a CapList from a slice of string. func NewCapList(caps []string) *CapList { return &CapList{caps} } // HostConfig the non-portable Config structure of a container. // Here, "non-portable" means "dependent of the host we are running on". // Portable information *should* appear in Config. type HostConfig struct { Binds []string // List of volume bindings for this container ContainerIDFile string // File (path) where the containerId is written LxcConf *LxcConfig // Additional lxc configuration Memory int64 // Memory limit (in bytes) MemorySwap int64 // Total memory usage (memory + swap); set `-1` to disable swap KernelMemory int64 // Kernel memory limit (in bytes) CPUShares int64 `json:"CpuShares"` // CPU shares (relative weight vs. other containers) CPUPeriod int64 `json:"CpuPeriod"` // CPU CFS (Completely Fair Scheduler) period CpusetCpus string // CpusetCpus 0-2, 0,1 CpusetMems string // CpusetMems 0-2, 0,1 CPUQuota int64 `json:"CpuQuota"` // CPU CFS (Completely Fair Scheduler) quota BlkioWeight int64 // Block IO weight (relative weight vs. other containers) OomKillDisable bool // Whether to disable OOM Killer or not MemorySwappiness *int64 // Tuning container memory swappiness behaviour Privileged bool // Is the container in privileged mode PortBindings nat.PortMap // Port mapping between the exposed port (container) and the host Links []string // List of links (in the name:alias form) PublishAllPorts bool // Should docker publish all exposed port for the container DNS []string `json:"Dns"` // List of DNS server to lookup DNSSearch []string `json:"DnsSearch"` // List of DNSSearch to look for ExtraHosts []string // List of extra hosts VolumesFrom []string // List of volumes to take from other container Devices []DeviceMapping // List of devices to map inside the container NetworkMode NetworkMode // Network namespace to use for the container IpcMode IpcMode // IPC namespace to use for the container PidMode PidMode // PID namespace to use for the container UTSMode UTSMode // UTS namespace to use for the container CapAdd *CapList // List of kernel capabilities to add to the container CapDrop *CapList // List of kernel capabilities to remove from the container GroupAdd []string // List of additional groups that the container process will run as RestartPolicy RestartPolicy // Restart policy to be used for the container SecurityOpt []string // List of string values to customize labels for MLS systems, such as SELinux. ReadonlyRootfs bool // Is the container root filesystem in read-only Ulimits []*ulimit.Ulimit // List of ulimits to be set in the container LogConfig LogConfig // Configuration of the logs for this container CgroupParent string // Parent cgroup. ConsoleSize [2]int // Initial console size on Windows } // DecodeHostConfig creates a HostConfig based on the specified Reader. // It assumes the content of the reader will be JSON, and decodes it. func DecodeHostConfig(src io.Reader) (*HostConfig, error) { decoder := json.NewDecoder(src) var w ContainerConfigWrapper if err := decoder.Decode(&w); err != nil { return nil, err } hc := w.getHostConfig() return hc, nil } // SetDefaultNetModeIfBlank changes the NetworkMode in a HostConfig structure // to default if it is not populated. This ensures backwards compatibility after // the validation of the network mode was moved from the docker CLI to the // docker daemon. func SetDefaultNetModeIfBlank(hc *HostConfig) *HostConfig { if hc != nil { if hc.NetworkMode == NetworkMode("") { hc.NetworkMode = NetworkMode("default") } } return hc }