summaryrefslogtreecommitdiff
path: root/pkg/spec/createconfig.go
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/spec/createconfig.go')
-rw-r--r--pkg/spec/createconfig.go426
1 files changed, 0 insertions, 426 deletions
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go
deleted file mode 100644
index 4887e9262..000000000
--- a/pkg/spec/createconfig.go
+++ /dev/null
@@ -1,426 +0,0 @@
-package createconfig
-
-import (
- "context"
- "os"
- "strconv"
- "strings"
- "syscall"
-
- "github.com/containers/image/v5/manifest"
- "github.com/containers/podman/v2/libpod"
- "github.com/containers/podman/v2/libpod/define"
- "github.com/containers/podman/v2/pkg/namespaces"
- "github.com/containers/podman/v2/pkg/seccomp"
- "github.com/containers/storage"
- "github.com/docker/go-connections/nat"
- spec "github.com/opencontainers/runtime-spec/specs-go"
- "github.com/opencontainers/runtime-tools/generate"
- "github.com/pkg/errors"
- "github.com/sirupsen/logrus"
-)
-
-// Type constants
-const (
- bps = iota
- iops
-)
-
-// CreateResourceConfig represents resource elements in CreateConfig
-// structures
-type CreateResourceConfig struct {
- BlkioWeight uint16 // blkio-weight
- BlkioWeightDevice []string // blkio-weight-device
- CgroupConf map[string]string
- CPUPeriod uint64 // cpu-period
- CPUQuota int64 // cpu-quota
- CPURtPeriod uint64 // cpu-rt-period
- CPURtRuntime int64 // cpu-rt-runtime
- CPUShares uint64 // cpu-shares
- CPUs float64 // cpus
- CPUsetCPUs string
- CPUsetMems string // cpuset-mems
- DeviceCgroupRules []string //device-cgroup-rule
- DeviceReadBps []string // device-read-bps
- DeviceReadIOps []string // device-read-iops
- DeviceWriteBps []string // device-write-bps
- DeviceWriteIOps []string // device-write-iops
- DisableOomKiller bool // oom-kill-disable
- KernelMemory int64 // kernel-memory
- Memory int64 //memory
- MemoryReservation int64 // memory-reservation
- MemorySwap int64 //memory-swap
- MemorySwappiness int // memory-swappiness
- OomScoreAdj int //oom-score-adj
- PidsLimit int64 // pids-limit
- ShmSize int64
- Ulimit []string //ulimit
-}
-
-// PidConfig configures the pid namespace for the container
-type PidConfig struct {
- PidMode namespaces.PidMode //pid
-}
-
-// IpcConfig configures the ipc namespace for the container
-type IpcConfig struct {
- IpcMode namespaces.IpcMode //ipc
-}
-
-// CgroupConfig configures the cgroup namespace for the container
-type CgroupConfig struct {
- Cgroups string
- Cgroupns string
- CgroupParent string // cgroup-parent
- CgroupMode namespaces.CgroupMode //cgroup
-}
-
-// UserConfig configures the user namespace for the container
-type UserConfig struct {
- GroupAdd []string // group-add
- IDMappings *storage.IDMappingOptions
- UsernsMode namespaces.UsernsMode //userns
- User string //user
-}
-
-// UtsConfig configures the uts namespace for the container
-type UtsConfig struct {
- UtsMode namespaces.UTSMode //uts
- NoHosts bool
- HostAdd []string //add-host
- Hostname string
-}
-
-// NetworkConfig configures the network namespace for the container
-type NetworkConfig struct {
- DNSOpt []string //dns-opt
- DNSSearch []string //dns-search
- DNSServers []string //dns
- ExposedPorts map[nat.Port]struct{}
- HTTPProxy bool
- IP6Address string //ipv6
- IPAddress string //ip
- LinkLocalIP []string // link-local-ip
- MacAddress string //mac-address
- NetMode namespaces.NetworkMode //net
- Network string //network
- NetworkAlias []string //network-alias
- PortBindings nat.PortMap
- Publish []string //publish
- PublishAll bool //publish-all
-}
-
-// SecurityConfig configures the security features for the container
-type SecurityConfig struct {
- CapAdd []string // cap-add
- CapDrop []string // cap-drop
- CapRequired []string // cap-required
- LabelOpts []string //SecurityOpts
- NoNewPrivs bool //SecurityOpts
- ApparmorProfile string //SecurityOpts
- SeccompProfilePath string //SecurityOpts
- SeccompProfileFromImage string // seccomp profile from the container image
- SeccompPolicy seccomp.Policy
- SecurityOpts []string
- Privileged bool //privileged
- ReadOnlyRootfs bool //read-only
- ReadOnlyTmpfs bool //read-only-tmpfs
- Sysctl map[string]string //sysctl
- ProcOpts []string
-}
-
-// CreateConfig is a pre OCI spec structure. It represents user input from varlink or the CLI
-// swagger:model CreateConfig
-type CreateConfig struct {
- Annotations map[string]string
- Args []string
- CidFile string
- ConmonPidFile string
- Command []string // Full command that will be used
- UserCommand []string // User-entered command (or image CMD)
- Detach bool // detach
- Devices []string // device
- Entrypoint []string //entrypoint
- Env map[string]string //env
- HealthCheck *manifest.Schema2HealthConfig
- Init bool // init
- InitPath string //init-path
- Image string
- ImageID string
- RawImageName string
- BuiltinImgVolumes map[string]struct{} // volumes defined in the image config
- ImageVolumeType string // how to handle the image volume, either bind, tmpfs, or ignore
- Interactive bool //interactive
- Labels map[string]string //label
- LogDriver string // log-driver
- LogDriverOpt []string // log-opt
- Name string //name
- PodmanPath string
- Pod string //pod
- Quiet bool //quiet
- Resources CreateResourceConfig
- RestartPolicy string
- Rm bool //rm
- Rmi bool //rmi
- StopSignal syscall.Signal // stop-signal
- StopTimeout uint // stop-timeout
- Systemd bool
- Tmpfs []string // tmpfs
- Tty bool //tty
- Mounts []spec.Mount
- MountsFlag []string // mounts
- NamedVolumes []*libpod.ContainerNamedVolume
- Volumes []string //volume
- VolumesFrom []string
- WorkDir string //workdir
- Rootfs string
- Security SecurityConfig
- Syslog bool // Whether to enable syslog on exit commands
-
- // Namespaces
- Pid PidConfig
- Ipc IpcConfig
- Cgroup CgroupConfig
- User UserConfig
- Uts UtsConfig
- Network NetworkConfig
-}
-
-func u32Ptr(i int64) *uint32 { u := uint32(i); return &u }
-func fmPtr(i int64) *os.FileMode { fm := os.FileMode(i); return &fm }
-
-// CreateBlockIO returns a LinuxBlockIO struct from a CreateConfig
-func (c *CreateConfig) CreateBlockIO() (*spec.LinuxBlockIO, error) {
- return c.createBlockIO()
-}
-
-func (c *CreateConfig) createExitCommand(runtime *libpod.Runtime) ([]string, error) {
- config, err := runtime.GetConfig()
- if err != nil {
- return nil, err
- }
- storageConfig := runtime.StorageConfig()
-
- // We need a cleanup process for containers in the current model.
- // But we can't assume that the caller is Podman - it could be another
- // user of the API.
- // As such, provide a way to specify a path to Podman, so we can
- // still invoke a cleanup process.
- cmd := c.PodmanPath
- if cmd == "" {
- cmd, _ = os.Executable()
- }
-
- command := []string{cmd,
- "--root", storageConfig.GraphRoot,
- "--runroot", storageConfig.RunRoot,
- "--log-level", logrus.GetLevel().String(),
- "--cgroup-manager", config.Engine.CgroupManager,
- "--tmpdir", config.Engine.TmpDir,
- }
- if config.Engine.OCIRuntime != "" {
- command = append(command, []string{"--runtime", config.Engine.OCIRuntime}...)
- }
- if storageConfig.GraphDriverName != "" {
- command = append(command, []string{"--storage-driver", storageConfig.GraphDriverName}...)
- }
- for _, opt := range storageConfig.GraphDriverOptions {
- command = append(command, []string{"--storage-opt", opt}...)
- }
- if config.Engine.EventsLogger != "" {
- command = append(command, []string{"--events-backend", config.Engine.EventsLogger}...)
- }
-
- if c.Syslog {
- command = append(command, "--syslog", "true")
- }
- command = append(command, []string{"container", "cleanup"}...)
-
- if c.Rm {
- command = append(command, "--rm")
- }
-
- if c.Rmi {
- command = append(command, "--rmi")
- }
-
- return command, nil
-}
-
-// GetContainerCreateOptions takes a CreateConfig and returns a slice of CtrCreateOptions
-func (c *CreateConfig) getContainerCreateOptions(runtime *libpod.Runtime, pod *libpod.Pod, mounts []spec.Mount, namedVolumes []*libpod.ContainerNamedVolume) ([]libpod.CtrCreateOption, error) {
- var options []libpod.CtrCreateOption
- var err error
-
- if c.Interactive {
- options = append(options, libpod.WithStdin())
- }
- if c.Systemd {
- options = append(options, libpod.WithSystemd())
- }
- if c.Name != "" {
- logrus.Debugf("setting container name %s", c.Name)
- options = append(options, libpod.WithName(c.Name))
- }
- if c.Pod != "" {
- logrus.Debugf("adding container to pod %s", c.Pod)
- options = append(options, runtime.WithPod(pod))
- }
-
- // handle some spec from the InfraContainer when it's a pod
- if pod != nil && pod.HasInfraContainer() {
- InfraCtr, err := pod.InfraContainer()
- if err != nil {
- return nil, err
- }
- // handle the pod.spec.hostAliases
- options = append(options, libpod.WithHosts(InfraCtr.HostsAdd()))
- }
-
- if len(mounts) != 0 || len(namedVolumes) != 0 {
- destinations := []string{}
-
- // Take all mount and named volume destinations.
- for _, mount := range mounts {
- destinations = append(destinations, mount.Destination)
- }
- for _, volume := range namedVolumes {
- destinations = append(destinations, volume.Dest)
- }
-
- options = append(options, libpod.WithUserVolumes(destinations))
- }
-
- if len(namedVolumes) != 0 {
- options = append(options, libpod.WithNamedVolumes(namedVolumes))
- }
-
- if len(c.UserCommand) != 0 {
- options = append(options, libpod.WithCommand(c.UserCommand))
- }
-
- // Add entrypoint if it was set
- // If it's empty it's because it was explicitly set to ""
- if c.Entrypoint != nil {
- options = append(options, libpod.WithEntrypoint(c.Entrypoint))
- }
-
- // TODO: MNT, USER, CGROUP
- options = append(options, libpod.WithStopSignal(c.StopSignal))
- options = append(options, libpod.WithStopTimeout(c.StopTimeout))
-
- logPath, logTag := getLoggingOpts(c.LogDriverOpt)
- if logPath != "" {
- options = append(options, libpod.WithLogPath(logPath))
- }
- if logTag != "" {
- options = append(options, libpod.WithLogTag(logTag))
- }
-
- if c.LogDriver != "" {
- options = append(options, libpod.WithLogDriver(c.LogDriver))
- }
-
- secOpts, err := c.Security.ToCreateOptions()
- if err != nil {
- return nil, err
- }
- options = append(options, secOpts...)
-
- nsOpts, err := c.Cgroup.ToCreateOptions(runtime)
- if err != nil {
- return nil, err
- }
- options = append(options, nsOpts...)
-
- nsOpts, err = c.Ipc.ToCreateOptions(runtime)
- if err != nil {
- return nil, err
- }
- options = append(options, nsOpts...)
-
- nsOpts, err = c.Pid.ToCreateOptions(runtime)
- if err != nil {
- return nil, err
- }
- options = append(options, nsOpts...)
-
- nsOpts, err = c.Network.ToCreateOptions(runtime, &c.User)
- if err != nil {
- return nil, err
- }
- options = append(options, nsOpts...)
-
- nsOpts, err = c.Uts.ToCreateOptions(runtime, pod)
- if err != nil {
- return nil, err
- }
- options = append(options, nsOpts...)
-
- nsOpts, err = c.User.ToCreateOptions(runtime)
- if err != nil {
- return nil, err
- }
- options = append(options, nsOpts...)
-
- // Gather up the options for NewContainer which consist of With... funcs
- options = append(options, libpod.WithRootFSFromImage(c.ImageID, c.Image, c.RawImageName))
- options = append(options, libpod.WithConmonPidFile(c.ConmonPidFile))
- options = append(options, libpod.WithLabels(c.Labels))
- options = append(options, libpod.WithShmSize(c.Resources.ShmSize))
- if c.Rootfs != "" {
- options = append(options, libpod.WithRootFS(c.Rootfs))
- }
- // Default used if not overridden on command line
-
- if c.RestartPolicy != "" {
- if c.RestartPolicy == "unless-stopped" {
- return nil, errors.Wrapf(define.ErrInvalidArg, "the unless-stopped restart policy is not supported")
- }
-
- split := strings.Split(c.RestartPolicy, ":")
- if len(split) > 1 {
- numTries, err := strconv.Atoi(split[1])
- if err != nil {
- return nil, errors.Wrapf(err, "%s is not a valid number of retries for restart policy", split[1])
- }
- if numTries < 0 {
- return nil, errors.Wrapf(define.ErrInvalidArg, "restart policy requires a positive number of retries")
- }
- options = append(options, libpod.WithRestartRetries(uint(numTries)))
- }
- options = append(options, libpod.WithRestartPolicy(split[0]))
- }
-
- // Always use a cleanup process to clean up Podman after termination
- exitCmd, err := c.createExitCommand(runtime)
- if err != nil {
- return nil, err
- }
- options = append(options, libpod.WithExitCommand(exitCmd))
-
- if c.HealthCheck != nil {
- options = append(options, libpod.WithHealthCheck(c.HealthCheck))
- logrus.Debugf("New container has a health check")
- }
- return options, nil
-}
-
-// AddPrivilegedDevices iterates through host devices and adds all
-// host devices to the spec
-func AddPrivilegedDevices(g *generate.Generator) error {
- return addPrivilegedDevices(g)
-}
-
-func CreateContainerFromCreateConfig(ctx context.Context, r *libpod.Runtime, createConfig *CreateConfig, pod *libpod.Pod) (*libpod.Container, error) {
- runtimeSpec, options, err := createConfig.MakeContainerConfig(r, pod)
- if err != nil {
- return nil, err
- }
-
- ctr, err := r.NewContainer(ctx, runtimeSpec, options...)
- if err != nil {
- return nil, err
- }
- return ctr, nil
-}