From 94a810751539afeb1590ccc1a9745f1d5767fda2 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 19 Dec 2017 09:07:49 -0500 Subject: Add support for adding devices to container Also add --quiet option to kpod create/run since this will help with writing tests. Signed-off-by: Daniel J Walsh Closes: #140 Approved by: TomSweeneyRedHat --- cmd/podman/common.go | 4 ++++ cmd/podman/create.go | 14 ++++++++++---- cmd/podman/run.go | 8 +++++++- cmd/podman/spec.go | 29 +++++++++++++++++++++++++++-- 4 files changed, 48 insertions(+), 7 deletions(-) (limited to 'cmd') diff --git a/cmd/podman/common.go b/cmd/podman/common.go index 99685107b..57e2ff717 100644 --- a/cmd/podman/common.go +++ b/cmd/podman/common.go @@ -362,6 +362,10 @@ var createFlags = []cli.Flag{ Name: "publish-all, P", Usage: "Publish all exposed ports to random ports on the host interface", }, + cli.BoolFlag{ + Name: "quiet, q", + Usage: "Suppress output information when pulling images", + }, cli.BoolFlag{ Name: "read-only", Usage: "Make containers root filesystem read-only", diff --git a/cmd/podman/create.go b/cmd/podman/create.go index f65bc49c6..79f08220d 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -3,6 +3,7 @@ package main import ( "encoding/json" "fmt" + "io" "os" "strconv" "strings" @@ -14,7 +15,6 @@ import ( "github.com/projectatomic/libpod/libpod" "github.com/sirupsen/logrus" "github.com/urfave/cli" - pb "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime" ) type mountType string @@ -72,7 +72,7 @@ type createConfig struct { CgroupParent string // cgroup-parent Command []string Detach bool // detach - Devices []*pb.Device // device + Devices []string // device DNSOpt []string //dns-opt DNSSearch []string //dns-search DNSServers []string //dns @@ -101,6 +101,7 @@ type createConfig struct { Privileged bool //privileged Publish []string //publish PublishAll bool //publish-all + Quiet bool //quiet ReadOnlyRootfs bool //read-only Resources createResourceConfig Rm bool //rm @@ -167,8 +168,11 @@ func createCmd(c *cli.Context) error { if createImage.LocalName == "" { // The image wasnt found by the user input'd name or its fqname // Pull the image - fmt.Printf("Trying to pull %s...", createImage.PullName) - createImage.Pull() + var writer io.Writer + if !createConfig.Quiet { + writer = os.Stdout + } + createImage.Pull(writer) } runtimeSpec, err := createConfigToOCISpec(createConfig) @@ -419,6 +423,7 @@ func parseCreateOpts(c *cli.Context, runtime *libpod.Runtime) (*createConfig, er CgroupParent: c.String("cgroup-parent"), Command: command, Detach: c.Bool("detach"), + Devices: c.StringSlice("device"), DNSOpt: c.StringSlice("dns-opt"), DNSSearch: c.StringSlice("dns-search"), DNSServers: c.StringSlice("dns"), @@ -447,6 +452,7 @@ func parseCreateOpts(c *cli.Context, runtime *libpod.Runtime) (*createConfig, er Privileged: c.Bool("privileged"), Publish: c.StringSlice("publish"), PublishAll: c.Bool("publish-all"), + Quiet: c.Bool("quiet"), ReadOnlyRootfs: c.Bool("read-only"), Resources: createResourceConfig{ BlkioWeight: blkioWeight, diff --git a/cmd/podman/run.go b/cmd/podman/run.go index 6ba501c76..bc93459ad 100644 --- a/cmd/podman/run.go +++ b/cmd/podman/run.go @@ -2,6 +2,8 @@ package main import ( "fmt" + "io" + "os" "sync" "github.com/pkg/errors" @@ -44,7 +46,11 @@ func runCmd(c *cli.Context) error { if createImage.LocalName == "" { // The image wasnt found by the user input'd name or its fqname // Pull the image - createImage.Pull() + var writer io.Writer + if !createConfig.Quiet { + writer = os.Stdout + } + createImage.Pull(writer) } runtimeSpec, err := createConfigToOCISpec(createConfig) diff --git a/cmd/podman/spec.go b/cmd/podman/spec.go index b13556d93..550f74218 100644 --- a/cmd/podman/spec.go +++ b/cmd/podman/spec.go @@ -10,6 +10,7 @@ import ( "github.com/docker/docker/daemon/caps" "github.com/docker/docker/pkg/mount" "github.com/docker/go-units" + "github.com/opencontainers/runc/libcontainer/devices" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/selinux/go-selinux/label" @@ -163,6 +164,25 @@ func setupCapabilities(config *createConfig, configSpec *spec.Spec) error { return nil } +func addDevice(g *generate.Generator, device string) error { + dev, err := devices.DeviceFromPath(device, "rwm") + if err != nil { + return errors.Wrapf(err, "%s is not a valid device", device) + } + linuxdev := spec.LinuxDevice{ + Path: dev.Path, + Type: string(dev.Type), + Major: dev.Major, + Minor: dev.Minor, + FileMode: &dev.FileMode, + UID: &dev.Uid, + GID: &dev.Gid, + } + g.AddDevice(linuxdev) + g.AddLinuxResourcesDevice(true, string(dev.Type), &dev.Major, &dev.Minor, dev.Permissions) + return nil +} + // Parses information needed to create a container into an OCI runtime spec func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { g := generate.New() @@ -233,6 +253,13 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { g.SetLinuxResourcesCPUMems(config.Resources.CPUsetMems) } + // Devices + for _, device := range config.Devices { + if err := addDevice(&g, device); err != nil { + return nil, err + } + } + // SECURITY OPTS g.SetProcessNoNewPrivileges(config.NoNewPrivileges) g.SetProcessApparmorProfile(config.ApparmorProfile) @@ -321,7 +348,6 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { Hooks: &configSpec.Hooks{}, //Annotations Resources: &configSpec.LinuxResources{ - Devices: config.GetDefaultDevices(), BlockIO: &blkio, //HugepageLimits: Network: &configSpec.LinuxNetwork{ @@ -331,7 +357,6 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { }, //CgroupsPath: //Namespaces: []LinuxNamespace - //Devices // DefaultAction: // Architectures // Syscalls: -- cgit v1.2.3-54-g00ecf