diff options
Diffstat (limited to 'libpod/container_inspect.go')
-rw-r--r-- | libpod/container_inspect.go | 646 |
1 files changed, 40 insertions, 606 deletions
diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index 01f2d93bd..f81be8b22 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -3,13 +3,11 @@ package libpod import ( "fmt" "strings" - "time" - "github.com/containers/image/v5/manifest" + "github.com/containers/common/pkg/config" "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/libpod/driver" "github.com/containers/libpod/pkg/util" - "github.com/cri-o/ocicni/pkg/ocicni" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/runtime-tools/validate" @@ -85,554 +83,9 @@ const ( InspectResponseFalse = "FALSE" ) -// InspectContainerData provides a detailed record of a container's configuration -// and state as viewed by Libpod. -// Large portions of this structure are defined such that the output is -// compatible with `docker inspect` JSON, but additional fields have been added -// as required to share information not in the original output. -type InspectContainerData struct { - ID string `json:"Id"` - Created time.Time `json:"Created"` - Path string `json:"Path"` - Args []string `json:"Args"` - State *InspectContainerState `json:"State"` - Image string `json:"Image"` - ImageName string `json:"ImageName"` - Rootfs string `json:"Rootfs"` - Pod string `json:"Pod"` - ResolvConfPath string `json:"ResolvConfPath"` - HostnamePath string `json:"HostnamePath"` - HostsPath string `json:"HostsPath"` - StaticDir string `json:"StaticDir"` - OCIConfigPath string `json:"OCIConfigPath,omitempty"` - OCIRuntime string `json:"OCIRuntime,omitempty"` - LogPath string `json:"LogPath"` - LogTag string `json:"LogTag"` - ConmonPidFile string `json:"ConmonPidFile"` - Name string `json:"Name"` - RestartCount int32 `json:"RestartCount"` - Driver string `json:"Driver"` - MountLabel string `json:"MountLabel"` - ProcessLabel string `json:"ProcessLabel"` - AppArmorProfile string `json:"AppArmorProfile"` - EffectiveCaps []string `json:"EffectiveCaps"` - BoundingCaps []string `json:"BoundingCaps"` - ExecIDs []string `json:"ExecIDs"` - GraphDriver *driver.Data `json:"GraphDriver"` - SizeRw *int64 `json:"SizeRw,omitempty"` - SizeRootFs int64 `json:"SizeRootFs,omitempty"` - Mounts []InspectMount `json:"Mounts"` - Dependencies []string `json:"Dependencies"` - NetworkSettings *InspectNetworkSettings `json:"NetworkSettings"` //TODO - ExitCommand []string `json:"ExitCommand"` - Namespace string `json:"Namespace"` - IsInfra bool `json:"IsInfra"` - Config *InspectContainerConfig `json:"Config"` - HostConfig *InspectContainerHostConfig `json:"HostConfig"` -} - -// InspectContainerConfig holds further data about how a container was initially -// configured. -type InspectContainerConfig struct { - // Container hostname - Hostname string `json:"Hostname"` - // Container domain name - unused at present - DomainName string `json:"Domainname"` - // User the container was launched with - User string `json:"User"` - // Unused, at present - AttachStdin bool `json:"AttachStdin"` - // Unused, at present - AttachStdout bool `json:"AttachStdout"` - // Unused, at present - AttachStderr bool `json:"AttachStderr"` - // Whether the container creates a TTY - Tty bool `json:"Tty"` - // Whether the container leaves STDIN open - OpenStdin bool `json:"OpenStdin"` - // Whether STDIN is only left open once. - // Presently not supported by Podman, unused. - StdinOnce bool `json:"StdinOnce"` - // Container environment variables - Env []string `json:"Env"` - // Container command - Cmd []string `json:"Cmd"` - // Container image - Image string `json:"Image"` - // Unused, at present. I've never seen this field populated. - Volumes map[string]struct{} `json:"Volumes"` - // Container working directory - WorkingDir string `json:"WorkingDir"` - // Container entrypoint - Entrypoint string `json:"Entrypoint"` - // On-build arguments - presently unused. More of Buildah's domain. - OnBuild *string `json:"OnBuild"` - // Container labels - Labels map[string]string `json:"Labels"` - // Container annotations - Annotations map[string]string `json:"Annotations"` - // Container stop signal - StopSignal uint `json:"StopSignal"` - // Configured healthcheck for the container - Healthcheck *manifest.Schema2HealthConfig `json:"Healthcheck,omitempty"` - // CreateCommand is the full command plus arguments of the process the - // container has been created with. - CreateCommand []string `json:"CreateCommand,omitempty"` -} - -// InspectContainerHostConfig holds information used when the container was -// created. -// It's very much a Docker-specific struct, retained (mostly) as-is for -// compatibility. We fill individual fields as best as we can, inferring as much -// as possible from the spec and container config. -// Some things cannot be inferred. These will be populated by spec annotations -// (if available). -// Field names are fixed for compatibility and cannot be changed. -// As such, silence lint warnings about them. -//nolint -type InspectContainerHostConfig struct { - // Binds contains an array of user-added mounts. - // Both volume mounts and named volumes are included. - // Tmpfs mounts are NOT included. - // In 'docker inspect' this is separated into 'Binds' and 'Mounts' based - // on how a mount was added. We do not make this distinction and do not - // include a Mounts field in inspect. - // Format: <src>:<destination>[:<comma-separated options>] - Binds []string `json:"Binds"` - // ContainerIDFile is a file created during container creation to hold - // the ID of the created container. - // This is not handled within libpod and is stored in an annotation. - ContainerIDFile string `json:"ContainerIDFile"` - // LogConfig contains information on the container's logging backend - LogConfig *InspectLogConfig `json:"LogConfig"` - // NetworkMode is the configuration of the container's network - // namespace. - // Populated as follows: - // default - A network namespace is being created and configured via CNI - // none - A network namespace is being created, not configured via CNI - // host - No network namespace created - // container:<id> - Using another container's network namespace - // ns:<path> - A path to a network namespace has been specified - NetworkMode string `json:"NetworkMode"` - // PortBindings contains the container's port bindings. - // It is formatted as map[string][]InspectHostPort. - // The string key here is formatted as <integer port number>/<protocol> - // and represents the container port. A single container port may be - // bound to multiple host ports (on different IPs). - PortBindings map[string][]InspectHostPort `json:"PortBindings"` - // RestartPolicy contains the container's restart policy. - RestartPolicy *InspectRestartPolicy `json:"RestartPolicy"` - // AutoRemove is whether the container will be automatically removed on - // exiting. - // It is not handled directly within libpod and is stored in an - // annotation. - AutoRemove bool `json:"AutoRemove"` - // VolumeDriver is presently unused and is retained for Docker - // compatibility. - VolumeDriver string `json:"VolumeDriver"` - // VolumesFrom is a list of containers which this container uses volumes - // from. This is not handled directly within libpod and is stored in an - // annotation. - // It is formatted as an array of container names and IDs. - VolumesFrom []string `json:"VolumesFrom"` - // CapAdd is a list of capabilities added to the container. - // It is not directly stored by Libpod, and instead computed from the - // capabilities listed in the container's spec, compared against a set - // of default capabilities. - CapAdd []string `json:"CapAdd"` - // CapDrop is a list of capabilities removed from the container. - // It is not directly stored by libpod, and instead computed from the - // capabilities listed in the container's spec, compared against a set - // of default capabilities. - CapDrop []string `json:"CapDrop"` - // Dns is a list of DNS nameservers that will be added to the - // container's resolv.conf - Dns []string `json:"Dns"` - // DnsOptions is a list of DNS options that will be set in the - // container's resolv.conf - DnsOptions []string `json:"DnsOptions"` - // DnsSearch is a list of DNS search domains that will be set in the - // container's resolv.conf - DnsSearch []string `json:"DnsSearch"` - // ExtraHosts contains hosts that will be aded to the container's - // /etc/hosts. - ExtraHosts []string `json:"ExtraHosts"` - // GroupAdd contains groups that the user inside the container will be - // added to. - GroupAdd []string `json:"GroupAdd"` - // IpcMode represents the configuration of the container's IPC - // namespace. - // Populated as follows: - // "" (empty string) - Default, an IPC namespace will be created - // host - No IPC namespace created - // container:<id> - Using another container's IPC namespace - // ns:<path> - A path to an IPC namespace has been specified - IpcMode string `json:"IpcMode"` - // Cgroup contains the container's cgroup. It is presently not - // populated. - // TODO. - Cgroup string `json:"Cgroup"` - // Cgroups contains the container's CGroup mode. - // Allowed values are "default" (container is creating CGroups) and - // "disabled" (container is not creating CGroups). - // This is Libpod-specific and not included in `docker inspect`. - Cgroups string `json:"Cgroups"` - // Links is unused, and provided purely for Docker compatibility. - Links []string `json:"Links"` - // OOMScoreAdj is an adjustment that will be made to the container's OOM - // score. - OomScoreAdj int `json:"OomScoreAdj"` - // PidMode represents the configuration of the container's PID - // namespace. - // Populated as follows: - // "" (empty string) - Default, a PID namespace will be created - // host - No PID namespace created - // container:<id> - Using another container's PID namespace - // ns:<path> - A path to a PID namespace has been specified - PidMode string `json:"PidMode"` - // Privileged indicates whether the container is running with elevated - // privileges. - // This has a very specific meaning in the Docker sense, so it's very - // difficult to decode from the spec and config, and so is stored as an - // annotation. - Privileged bool `json:"Privileged"` - // PublishAllPorts indicates whether image ports are being published. - // This is not directly stored in libpod and is saved as an annotation. - PublishAllPorts bool `json:"PublishAllPorts"` - // ReadonlyRootfs is whether the container will be mounted read-only. - ReadonlyRootfs bool `json:"ReadonlyRootfs"` - // SecurityOpt is a list of security-related options that are set in the - // container. - SecurityOpt []string `json:"SecurityOpt"` - // Tmpfs is a list of tmpfs filesystems that will be mounted into the - // container. - // It is a map of destination path to options for the mount. - Tmpfs map[string]string `json:"Tmpfs"` - // UTSMode represents the configuration of the container's UID - // namespace. - // Populated as follows: - // "" (empty string) - Default, a UTS namespace will be created - // host - no UTS namespace created - // container:<id> - Using another container's UTS namespace - // ns:<path> - A path to a UTS namespace has been specified - UTSMode string `json:"UTSMode"` - // UsernsMode represents the configuration of the container's user - // namespace. - // When running rootless, a user namespace is created outside of libpod - // to allow some privileged operations. This will not be reflected here. - // Populated as follows: - // "" (empty string) - No user namespace will be created - // private - The container will be run in a user namespace - // container:<id> - Using another container's user namespace - // ns:<path> - A path to a user namespace has been specified - // TODO Rootless has an additional 'keep-id' option, presently not - // reflected here. - UsernsMode string `json:"UsernsMode"` - // ShmSize is the size of the container's SHM device. - ShmSize int64 `json:"ShmSize"` - // Runtime is provided purely for Docker compatibility. - // It is set unconditionally to "oci" as Podman does not presently - // support non-OCI runtimes. - Runtime string `json:"Runtime"` - // ConsoleSize is an array of 2 integers showing the size of the - // container's console. - // It is only set if the container is creating a terminal. - // TODO. - ConsoleSize []uint `json:"ConsoleSize"` - // Isolation is presently unused and provided solely for Docker - // compatibility. - Isolation string `json:"Isolation"` - // CpuShares indicates the CPU resources allocated to the container. - // It is a relative weight in the scheduler for assigning CPU time - // versus other CGroups. - CpuShares uint64 `json:"CpuShares"` - // Memory indicates the memory resources allocated to the container. - // This is the limit (in bytes) of RAM the container may use. - Memory int64 `json:"Memory"` - // NanoCpus indicates number of CPUs allocated to the container. - // It is an integer where one full CPU is indicated by 1000000000 (one - // billion). - // Thus, 2.5 CPUs (fractional portions of CPUs are allowed) would be - // 2500000000 (2.5 billion). - // In 'docker inspect' this is set exclusively of two further options in - // the output (CpuPeriod and CpuQuota) which are both used to implement - // this functionality. - // We can't distinguish here, so if CpuQuota is set to the default of - // 100000, we will set both CpuQuota, CpuPeriod, and NanoCpus. If - // CpuQuota is not the default, we will not set NanoCpus. - NanoCpus int64 `json:"NanoCpus"` - // CgroupParent is the CGroup parent of the container. - // Only set if not default. - CgroupParent string `json:"CgroupParent"` - // BlkioWeight indicates the I/O resources allocated to the container. - // It is a relative weight in the scheduler for assigning I/O time - // versus other CGroups. - BlkioWeight uint16 `json:"BlkioWeight"` - // BlkioWeightDevice is an array of I/O resource priorities for - // individual device nodes. - // Unfortunately, the spec only stores the device's Major/Minor numbers - // and not the path, which is used here. - // Fortunately, the kernel provides an interface for retrieving the path - // of a given node by major:minor at /sys/dev/. However, the exact path - // in use may not be what was used in the original CLI invocation - - // though it is guaranteed that the device node will be the same, and - // using the given path will be functionally identical. - BlkioWeightDevice []InspectBlkioWeightDevice `json:"BlkioWeightDevice"` - // BlkioDeviceReadBps is an array of I/O throttle parameters for - // individual device nodes. - // This specifically sets read rate cap in bytes per second for device - // nodes. - // As with BlkioWeightDevice, we pull the path from /sys/dev, and we - // don't guarantee the path will be identical to the original (though - // the node will be). - BlkioDeviceReadBps []InspectBlkioThrottleDevice `json:"BlkioDeviceReadBps"` - // BlkioDeviceWriteBps is an array of I/O throttle parameters for - // individual device nodes. - // this specifically sets write rate cap in bytes per second for device - // nodes. - // as with BlkioWeightDevice, we pull the path from /sys/dev, and we - // don't guarantee the path will be identical to the original (though - // the node will be). - BlkioDeviceWriteBps []InspectBlkioThrottleDevice `json:"BlkioDeviceWriteBps"` - // BlkioDeviceReadIOps is an array of I/O throttle parameters for - // individual device nodes. - // This specifically sets the read rate cap in iops per second for - // device nodes. - // As with BlkioWeightDevice, we pull the path from /sys/dev, and we - // don't guarantee the path will be identical to the original (though - // the node will be). - BlkioDeviceReadIOps []InspectBlkioThrottleDevice `json:"BlkioDeviceReadIOps"` - // BlkioDeviceWriteIOps is an array of I/O throttle parameters for - // individual device nodes. - // This specifically sets the write rate cap in iops per second for - // device nodes. - // As with BlkioWeightDevice, we pull the path from /sys/dev, and we - // don't guarantee the path will be identical to the original (though - // the node will be). - BlkioDeviceWriteIOps []InspectBlkioThrottleDevice `json:"BlkioDeviceWriteIOps"` - // CpuPeriod is the length of a CPU period in microseconds. - // It relates directly to CpuQuota. - CpuPeriod uint64 `json:"CpuPeriod"` - // CpuPeriod is the amount of time (in microseconds) that a container - // can use the CPU in every CpuPeriod. - CpuQuota int64 `json:"CpuQuota"` - // CpuRealtimePeriod is the length of time (in microseconds) of the CPU - // realtime period. If set to 0, no time will be allocated to realtime - // tasks. - CpuRealtimePeriod uint64 `json:"CpuRealtimePeriod"` - // CpuRealtimeRuntime is the length of time (in microseconds) allocated - // for realtime tasks within every CpuRealtimePeriod. - CpuRealtimeRuntime int64 `json:"CpuRealtimeRuntime"` - // CpusetCpus is the is the set of CPUs that the container will execute - // on. Formatted as `0-3` or `0,2`. Default (if unset) is all CPUs. - CpusetCpus string `json:"CpusetCpus"` - // CpusetMems is the set of memory nodes the container will use. - // Formatted as `0-3` or `0,2`. Default (if unset) is all memory nodes. - CpusetMems string `json:"CpusetMems"` - // Devices is a list of device nodes that will be added to the - // container. - // These are stored in the OCI spec only as type, major, minor while we - // display the host path. We convert this with /sys/dev, but we cannot - // guarantee that the host path will be identical - only that the actual - // device will be. - Devices []InspectDevice `json:"Devices"` - // DiskQuota is the maximum amount of disk space the container may use - // (in bytes). - // Presently not populated. - // TODO. - DiskQuota uint64 `json:"DiskQuota"` - // KernelMemory is the maximum amount of memory the kernel will devote - // to the container. - KernelMemory int64 `json:"KernelMemory"` - // MemoryReservation is the reservation (soft limit) of memory available - // to the container. Soft limits are warnings only and can be exceeded. - MemoryReservation int64 `json:"MemoryReservation"` - // MemorySwap is the total limit for all memory available to the - // container, including swap. 0 indicates that there is no limit to the - // amount of memory available. - MemorySwap int64 `json:"MemorySwap"` - // MemorySwappiness is the willingness of the kernel to page container - // memory to swap. It is an integer from 0 to 100, with low numbers - // being more likely to be put into swap. - // -1, the default, will not set swappiness and use the system defaults. - MemorySwappiness int64 `json:"MemorySwappiness"` - // OomKillDisable indicates whether the kernel OOM killer is disabled - // for the container. - OomKillDisable bool `json:"OomKillDisable"` - // Init indicates whether the container has an init mounted into it. - Init bool `json:"Init,omitempty"` - // PidsLimit is the maximum number of PIDs what may be created within - // the container. 0, the default, indicates no limit. - PidsLimit int64 `json:"PidsLimit"` - // Ulimits is a set of ulimits that will be set within the container. - Ulimits []InspectUlimit `json:"Ulimits"` - // CpuCount is Windows-only and not presently implemented. - CpuCount uint64 `json:"CpuCount"` - // CpuPercent is Windows-only and not presently implemented. - CpuPercent uint64 `json:"CpuPercent"` - // IOMaximumIOps is Windows-only and not presently implemented. - IOMaximumIOps uint64 `json:"IOMaximumIOps"` - // IOMaximumBandwidth is Windows-only and not presently implemented. - IOMaximumBandwidth uint64 `json:"IOMaximumBandwidth"` -} - -// InspectLogConfig holds information about a container's configured log driver -// and is presently unused. It is retained for Docker compatibility. -type InspectLogConfig struct { - Type string `json:"Type"` - Config map[string]string `json:"Config"` //idk type, TODO -} - -// InspectRestartPolicy holds information about the container's restart policy. -type InspectRestartPolicy struct { - // Name contains the container's restart policy. - // Allowable values are "no" or "" (take no action), - // "on-failure" (restart on non-zero exit code, with an optional max - // retry count), and "always" (always restart on container stop, unless - // explicitly requested by API). - // Note that this is NOT actually a name of any sort - the poor naming - // is for Docker compatibility. - Name string `json:"Name"` - // MaximumRetryCount is the maximum number of retries allowed if the - // "on-failure" restart policy is in use. Not used if "on-failure" is - // not set. - MaximumRetryCount uint `json:"MaximumRetryCount"` -} - -// InspectBlkioWeightDevice holds information about the relative weight -// of an individual device node. Weights are used in the I/O scheduler to give -// relative priority to some accesses. -type InspectBlkioWeightDevice struct { - // Path is the path to the device this applies to. - Path string `json:"Path"` - // Weight is the relative weight the scheduler will use when scheduling - // I/O. - Weight uint16 `json:"Weight"` -} - -// InspectBlkioThrottleDevice holds information about a speed cap for a device -// node. This cap applies to a specific operation (read, write, etc) on the given -// node. -type InspectBlkioThrottleDevice struct { - // Path is the path to the device this applies to. - Path string `json:"Path"` - // Rate is the maximum rate. It is in either bytes per second or iops - // per second, determined by where it is used - documentation will - // indicate which is appropriate. - Rate uint64 `json:"Rate"` -} - -// InspectUlimit is a ulimit that will be applied to the container. -type InspectUlimit struct { - // Name is the name (type) of the ulimit. - Name string `json:"Name"` - // Soft is the soft limit that will be applied. - Soft uint64 `json:"Soft"` - // Hard is the hard limit that will be applied. - Hard uint64 `json:"Hard"` -} - -// InspectMount provides a record of a single mount in a container. It contains -// fields for both named and normal volumes. Only user-specified volumes will be -// included, and tmpfs volumes are not included even if the user specified them. -type InspectMount struct { - // Whether the mount is a volume or bind mount. Allowed values are - // "volume" and "bind". - Type string `json:"Type"` - // The name of the volume. Empty for bind mounts. - Name string `json:"Name,omptempty"` - // The source directory for the volume. - Source string `json:"Source"` - // The destination directory for the volume. Specified as a path within - // the container, as it would be passed into the OCI runtime. - Destination string `json:"Destination"` - // The driver used for the named volume. Empty for bind mounts. - Driver string `json:"Driver"` - // Contains SELinux :z/:Z mount options. Unclear what, if anything, else - // goes in here. - Mode string `json:"Mode"` - // All remaining mount options. Additional data, not present in the - // original output. - Options []string `json:"Options"` - // Whether the volume is read-write - RW bool `json:"RW"` - // Mount propagation for the mount. Can be empty if not specified, but - // is always printed - no omitempty. - Propagation string `json:"Propagation"` -} - -// InspectDevice is a single device that will be mounted into the container. -type InspectDevice struct { - // PathOnHost is the path of the device on the host. - PathOnHost string `json:"PathOnHost"` - // PathInContainer is the path of the device within the container. - PathInContainer string `json:"PathInContainer"` - // CgroupPermissions is the permissions of the mounted device. - // Presently not populated. - // TODO. - CgroupPermissions string `json:"CgroupPermissions"` -} - -// InspectHostPort provides information on a port on the host that a container's -// port is bound to. -type InspectHostPort struct { - // IP on the host we are bound to. "" if not specified (binding to all - // IPs). - HostIP string `json:"HostIp"` - // Port on the host we are bound to. No special formatting - just an - // integer stuffed into a string. - HostPort string `json:"HostPort"` -} - -// InspectContainerState provides a detailed record of a container's current -// state. It is returned as part of InspectContainerData. -// As with InspectContainerData, many portions of this struct are matched to -// Docker, but here we see more fields that are unused (nonsensical in the -// context of Libpod). -type InspectContainerState struct { - OciVersion string `json:"OciVersion"` - Status string `json:"Status"` - Running bool `json:"Running"` - Paused bool `json:"Paused"` - Restarting bool `json:"Restarting"` // TODO - OOMKilled bool `json:"OOMKilled"` - Dead bool `json:"Dead"` - Pid int `json:"Pid"` - ConmonPid int `json:"ConmonPid,omitempty"` - ExitCode int32 `json:"ExitCode"` - Error string `json:"Error"` // TODO - StartedAt time.Time `json:"StartedAt"` - FinishedAt time.Time `json:"FinishedAt"` - Healthcheck HealthCheckResults `json:"Healthcheck,omitempty"` -} - -// InspectNetworkSettings holds information about the network settings of the -// container. -// Many fields are maintained only for compatibility with `docker inspect` and -// are unused within Libpod. -type InspectNetworkSettings struct { - Bridge string `json:"Bridge"` - SandboxID string `json:"SandboxID"` - HairpinMode bool `json:"HairpinMode"` - LinkLocalIPv6Address string `json:"LinkLocalIPv6Address"` - LinkLocalIPv6PrefixLen int `json:"LinkLocalIPv6PrefixLen"` - Ports []ocicni.PortMapping `json:"Ports"` - SandboxKey string `json:"SandboxKey"` - SecondaryIPAddresses []string `json:"SecondaryIPAddresses"` - SecondaryIPv6Addresses []string `json:"SecondaryIPv6Addresses"` - EndpointID string `json:"EndpointID"` - Gateway string `json:"Gateway"` - GlobalIPv6Address string `json:"GlobalIPv6Address"` - GlobalIPv6PrefixLen int `json:"GlobalIPv6PrefixLen"` - IPAddress string `json:"IPAddress"` - IPPrefixLen int `json:"IPPrefixLen"` - IPv6Gateway string `json:"IPv6Gateway"` - MacAddress string `json:"MacAddress"` -} - // inspectLocked inspects a container for low-level information. // The caller must held c.lock. -func (c *Container) inspectLocked(size bool) (*InspectContainerData, error) { +func (c *Container) inspectLocked(size bool) (*define.InspectContainerData, error) { storeCtr, err := c.runtime.store.Container(c.ID()) if err != nil { return nil, errors.Wrapf(err, "error getting container from store %q", c.ID()) @@ -649,7 +102,7 @@ func (c *Container) inspectLocked(size bool) (*InspectContainerData, error) { } // Inspect a container for low-level information -func (c *Container) Inspect(size bool) (*InspectContainerData, error) { +func (c *Container) Inspect(size bool) (*define.InspectContainerData, error) { if !c.batched { c.lock.Lock() defer c.lock.Unlock() @@ -662,7 +115,7 @@ func (c *Container) Inspect(size bool) (*InspectContainerData, error) { return c.inspectLocked(size) } -func (c *Container) getContainerInspectData(size bool, driverData *driver.Data) (*InspectContainerData, error) { +func (c *Container) getContainerInspectData(size bool, driverData *driver.Data) (*define.InspectContainerData, error) { config := c.config runtimeInfo := c.state ctrSpec, err := c.specFromState() @@ -709,12 +162,12 @@ func (c *Container) getContainerInspectData(size bool, driverData *driver.Data) return nil, err } - data := &InspectContainerData{ + data := &define.InspectContainerData{ ID: config.ID, Created: config.CreatedTime, Path: path, Args: args, - State: &InspectContainerState{ + State: &define.InspectContainerState{ OciVersion: ctrSpec.Version, Status: runtimeInfo.State.String(), Running: runtimeInfo.State == define.ContainerStateRunning, @@ -754,27 +207,7 @@ func (c *Container) getContainerInspectData(size bool, driverData *driver.Data) GraphDriver: driverData, Mounts: inspectMounts, Dependencies: c.Dependencies(), - NetworkSettings: &InspectNetworkSettings{ - Bridge: "", // TODO - SandboxID: "", // TODO - is this even relevant? - HairpinMode: false, // TODO - LinkLocalIPv6Address: "", // TODO - do we even support IPv6? - LinkLocalIPv6PrefixLen: 0, // TODO - do we even support IPv6? - - Ports: []ocicni.PortMapping{}, // TODO - maybe worth it to put this in Docker format? - SandboxKey: "", // Network namespace path - SecondaryIPAddresses: nil, // TODO - do we support this? - SecondaryIPv6Addresses: nil, // TODO - do we support this? - EndpointID: "", // TODO - is this even relevant? - Gateway: "", // TODO - GlobalIPv6Address: "", - GlobalIPv6PrefixLen: 0, - IPAddress: "", - IPPrefixLen: 0, - IPv6Gateway: "", - MacAddress: "", // TODO - }, - IsInfra: c.IsInfra(), + IsInfra: c.IsInfra(), } if c.state.ConfigPath != "" { @@ -792,13 +225,11 @@ func (c *Container) getContainerInspectData(size bool, driverData *driver.Data) } } - // Copy port mappings into network settings - if config.PortMappings != nil { - data.NetworkSettings.Ports = config.PortMappings + networkConfig, err := c.getContainerNetworkInfo() + if err != nil { + return nil, err } - - // Get information on the container's network namespace (if present) - data = c.getContainerNetworkInfo(data) + data.NetworkSettings = networkConfig inspectConfig, err := c.generateInspectContainerConfig(ctrSpec) if err != nil { @@ -831,8 +262,8 @@ func (c *Container) getContainerInspectData(size bool, driverData *driver.Data) // Get inspect-formatted mounts list. // Only includes user-specified mounts. Only includes bind mounts and named // volumes, not tmpfs volumes. -func (c *Container) getInspectMounts(ctrSpec *spec.Spec, namedVolumes []*ContainerNamedVolume, mounts []spec.Mount) ([]InspectMount, error) { - inspectMounts := []InspectMount{} +func (c *Container) getInspectMounts(ctrSpec *spec.Spec, namedVolumes []*ContainerNamedVolume, mounts []spec.Mount) ([]define.InspectMount, error) { + inspectMounts := []define.InspectMount{} // No mounts, return early if len(c.config.UserVolumes) == 0 { @@ -840,7 +271,7 @@ func (c *Container) getInspectMounts(ctrSpec *spec.Spec, namedVolumes []*Contain } for _, volume := range namedVolumes { - mountStruct := InspectMount{} + mountStruct := define.InspectMount{} mountStruct.Type = "volume" mountStruct.Destination = volume.Dest mountStruct.Name = volume.Name @@ -865,7 +296,7 @@ func (c *Container) getInspectMounts(ctrSpec *spec.Spec, namedVolumes []*Contain continue } - mountStruct := InspectMount{} + mountStruct := define.InspectMount{} mountStruct.Type = "bind" mountStruct.Source = mount.Source mountStruct.Destination = mount.Destination @@ -880,7 +311,7 @@ func (c *Container) getInspectMounts(ctrSpec *spec.Spec, namedVolumes []*Contain // Parse mount options so we can populate them in the mount structure. // The mount passed in will be modified. -func parseMountOptionsForInspect(options []string, mount *InspectMount) { +func parseMountOptionsForInspect(options []string, mount *define.InspectMount) { isRW := true mountProp := "" zZ := "" @@ -914,8 +345,8 @@ func parseMountOptionsForInspect(options []string, mount *InspectMount) { } // Generate the InspectContainerConfig struct for the Config field of Inspect. -func (c *Container) generateInspectContainerConfig(spec *spec.Spec) (*InspectContainerConfig, error) { - ctrConfig := new(InspectContainerConfig) +func (c *Container) generateInspectContainerConfig(spec *spec.Spec) (*define.InspectContainerConfig, error) { + ctrConfig := new(define.InspectContainerConfig) ctrConfig.Hostname = c.Hostname() ctrConfig.User = c.config.User @@ -966,14 +397,14 @@ func (c *Container) generateInspectContainerConfig(spec *spec.Spec) (*InspectCon // Generate the InspectContainerHostConfig struct for the HostConfig field of // Inspect. -func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, namedVolumes []*ContainerNamedVolume, mounts []spec.Mount) (*InspectContainerHostConfig, error) { - hostConfig := new(InspectContainerHostConfig) +func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, namedVolumes []*ContainerNamedVolume, mounts []spec.Mount) (*define.InspectContainerHostConfig, error) { + hostConfig := new(define.InspectContainerHostConfig) - logConfig := new(InspectLogConfig) + logConfig := new(define.InspectLogConfig) logConfig.Type = c.config.LogDriver hostConfig.LogConfig = logConfig - restartPolicy := new(InspectRestartPolicy) + restartPolicy := new(define.InspectRestartPolicy) restartPolicy.Name = c.config.RestartPolicy restartPolicy.MaximumRetryCount = c.config.RestartRetries hostConfig.RestartPolicy = restartPolicy @@ -1014,6 +445,9 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named hostConfig.ShmSize = c.config.ShmSize hostConfig.Runtime = "oci" + // Default CPUShares is 1024, but we may overwrite below. + hostConfig.CpuShares = 1024 + // This is very expensive to initialize. // So we don't want to initialize it unless we absolutely have to - IE, // there are things that require a major:minor to path translation. @@ -1097,7 +531,7 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named if ctrSpec.Linux.Resources.BlockIO.Weight != nil { hostConfig.BlkioWeight = *ctrSpec.Linux.Resources.BlockIO.Weight } - hostConfig.BlkioWeightDevice = []InspectBlkioWeightDevice{} + hostConfig.BlkioWeightDevice = []define.InspectBlkioWeightDevice{} for _, dev := range ctrSpec.Linux.Resources.BlockIO.WeightDevice { key := fmt.Sprintf("%d:%d", dev.Major, dev.Minor) // TODO: how do we handle LeafWeight vs @@ -1119,14 +553,14 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named logrus.Warnf("Could not locate weight device %s in system devices", key) continue } - weightDev := InspectBlkioWeightDevice{} + weightDev := define.InspectBlkioWeightDevice{} weightDev.Path = path weightDev.Weight = *dev.Weight hostConfig.BlkioWeightDevice = append(hostConfig.BlkioWeightDevice, weightDev) } - handleThrottleDevice := func(devs []spec.LinuxThrottleDevice) ([]InspectBlkioThrottleDevice, error) { - out := []InspectBlkioThrottleDevice{} + handleThrottleDevice := func(devs []spec.LinuxThrottleDevice) ([]define.InspectBlkioThrottleDevice, error) { + out := []define.InspectBlkioThrottleDevice{} for _, dev := range devs { key := fmt.Sprintf("%d:%d", dev.Major, dev.Minor) if deviceNodes == nil { @@ -1141,7 +575,7 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named logrus.Warnf("Could not locate throttle device %s in system devices", key) continue } - throttleDev := InspectBlkioThrottleDevice{} + throttleDev := define.InspectBlkioThrottleDevice{} throttleDev.Path = path throttleDev.Rate = dev.Rate out = append(out, throttleDev) @@ -1243,15 +677,15 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named // Port bindings. // Only populate if we're using CNI to configure the network. - portBindings := make(map[string][]InspectHostPort) + portBindings := make(map[string][]define.InspectHostPort) if c.config.CreateNetNS { for _, port := range c.config.PortMappings { key := fmt.Sprintf("%d/%s", port.ContainerPort, port.Protocol) hostPorts := portBindings[key] if hostPorts == nil { - hostPorts = []InspectHostPort{} + hostPorts = []define.InspectHostPort{} } - hostPorts = append(hostPorts, InspectHostPort{ + hostPorts = append(hostPorts, define.InspectHostPort{ HostIP: port.HostIP, HostPort: fmt.Sprintf("%d", port.HostPort), }) @@ -1336,10 +770,10 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named // CGroup parent // Need to check if it's the default, and not print if so. defaultCgroupParent := "" - switch c.runtime.config.CgroupManager { - case define.CgroupfsCgroupsManager: + switch c.runtime.config.Engine.CgroupManager { + case config.CgroupfsCgroupsManager: defaultCgroupParent = CgroupfsDefaultCgroupParent - case define.SystemdCgroupsManager: + case config.SystemdCgroupsManager: defaultCgroupParent = SystemdDefaultCgroupParent } if c.config.CgroupParent != defaultCgroupParent { @@ -1420,7 +854,7 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named // Devices // Do not include if privileged - assumed that all devices will be // included. - hostConfig.Devices = []InspectDevice{} + hostConfig.Devices = []define.InspectDevice{} if ctrSpec.Linux != nil && !hostConfig.Privileged { for _, dev := range ctrSpec.Linux.Devices { key := fmt.Sprintf("%d:%d", dev.Major, dev.Minor) @@ -1436,7 +870,7 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named logrus.Warnf("Could not locate device %s on host", key) continue } - newDev := InspectDevice{} + newDev := define.InspectDevice{} newDev.PathOnHost = path newDev.PathInContainer = dev.Path hostConfig.Devices = append(hostConfig.Devices, newDev) @@ -1444,10 +878,10 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named } // Ulimits - hostConfig.Ulimits = []InspectUlimit{} + hostConfig.Ulimits = []define.InspectUlimit{} if ctrSpec.Process != nil { for _, limit := range ctrSpec.Process.Rlimits { - newLimit := InspectUlimit{} + newLimit := define.InspectUlimit{} newLimit.Name = limit.Type newLimit.Soft = limit.Soft newLimit.Hard = limit.Hard |