From d65ff6b3ec18aad6a64329c54a83d5ba5d51b62f Mon Sep 17 00:00:00 2001 From: Brent Baude Date: Sun, 2 Feb 2020 09:39:12 -0600 Subject: apiv2 container create using specgen this uses the specgen structure to create containers rather than the outdated createconfig. right now, only the apiv2 create is wired up. eventually the cli will also have to be done. Signed-off-by: Brent Baude --- pkg/spec/config_linux.go | 18 +++++++++--------- pkg/spec/config_unsupported.go | 4 ++-- pkg/spec/createconfig.go | 5 +++-- pkg/spec/parse.go | 14 +++++++------- pkg/spec/spec.go | 26 +++++++++++++------------- pkg/spec/storage.go | 4 ++-- 6 files changed, 36 insertions(+), 35 deletions(-) (limited to 'pkg/spec') diff --git a/pkg/spec/config_linux.go b/pkg/spec/config_linux.go index 5f39b6d0d..544c0020d 100644 --- a/pkg/spec/config_linux.go +++ b/pkg/spec/config_linux.go @@ -32,8 +32,8 @@ func Device(d *configs.Device) spec.LinuxDevice { } } -// devicesFromPath computes a list of devices -func devicesFromPath(g *generate.Generator, devicePath string) error { +// DevicesFromPath computes a list of devices +func DevicesFromPath(g *generate.Generator, devicePath string) error { devs := strings.Split(devicePath, ":") resolvedDevicePath := devs[0] // check if it is a symbolic link @@ -216,7 +216,7 @@ func getDevices(path string) ([]*configs.Device, error) { return out, nil } -func (c *CreateConfig) addPrivilegedDevices(g *generate.Generator) error { +func addPrivilegedDevices(g *generate.Generator) error { hostDevices, err := getDevices("/dev") if err != nil { return err @@ -280,16 +280,16 @@ func (c *CreateConfig) createBlockIO() (*spec.LinuxBlockIO, error) { var lwds []spec.LinuxWeightDevice ret = bio for _, i := range c.Resources.BlkioWeightDevice { - wd, err := validateweightDevice(i) + wd, err := ValidateweightDevice(i) if err != nil { return ret, errors.Wrapf(err, "invalid values for blkio-weight-device") } - wdStat, err := getStatFromPath(wd.path) + wdStat, err := GetStatFromPath(wd.Path) if err != nil { - return ret, errors.Wrapf(err, "error getting stat from path %q", wd.path) + return ret, errors.Wrapf(err, "error getting stat from path %q", wd.Path) } lwd := spec.LinuxWeightDevice{ - Weight: &wd.weight, + Weight: &wd.Weight, } lwd.Major = int64(unix.Major(wdStat.Rdev)) lwd.Minor = int64(unix.Minor(wdStat.Rdev)) @@ -347,7 +347,7 @@ func makeThrottleArray(throttleInput []string, rateType int) ([]spec.LinuxThrott if err != nil { return []spec.LinuxThrottleDevice{}, err } - ltdStat, err := getStatFromPath(t.path) + ltdStat, err := GetStatFromPath(t.path) if err != nil { return ltds, errors.Wrapf(err, "error getting stat from path %q", t.path) } @@ -361,7 +361,7 @@ func makeThrottleArray(throttleInput []string, rateType int) ([]spec.LinuxThrott return ltds, nil } -func getStatFromPath(path string) (unix.Stat_t, error) { +func GetStatFromPath(path string) (unix.Stat_t, error) { s := unix.Stat_t{} err := unix.Stat(path, &s) return s, err diff --git a/pkg/spec/config_unsupported.go b/pkg/spec/config_unsupported.go index be3e7046d..568afde55 100644 --- a/pkg/spec/config_unsupported.go +++ b/pkg/spec/config_unsupported.go @@ -15,7 +15,7 @@ func addDevice(g *generate.Generator, device string) error { return errors.New("function not implemented") } -func (c *CreateConfig) addPrivilegedDevices(g *generate.Generator) error { +func addPrivilegedDevices(g *generate.Generator) error { return errors.New("function not implemented") } @@ -27,7 +27,7 @@ func makeThrottleArray(throttleInput []string, rateType int) ([]spec.LinuxThrott return nil, errors.New("function not implemented") } -func devicesFromPath(g *generate.Generator, devicePath string) error { +func DevicesFromPath(g *generate.Generator, devicePath string) error { return errors.New("function not implemented") } diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go index 8010be0d4..5011df496 100644 --- a/pkg/spec/createconfig.go +++ b/pkg/spec/createconfig.go @@ -126,6 +126,7 @@ type SecurityConfig struct { } // CreateConfig is a pre OCI spec structure. It represents user input from varlink or the CLI +// swagger:model CreateConfig type CreateConfig struct { Annotations map[string]string Args []string @@ -386,6 +387,6 @@ func (c *CreateConfig) getContainerCreateOptions(runtime *libpod.Runtime, pod *l // AddPrivilegedDevices iterates through host devices and adds all // host devices to the spec -func (c *CreateConfig) AddPrivilegedDevices(g *generate.Generator) error { - return c.addPrivilegedDevices(g) +func AddPrivilegedDevices(g *generate.Generator) error { + return addPrivilegedDevices(g) } diff --git a/pkg/spec/parse.go b/pkg/spec/parse.go index a5dfccdb9..38d93b87f 100644 --- a/pkg/spec/parse.go +++ b/pkg/spec/parse.go @@ -19,12 +19,12 @@ const Pod = "pod" // weightDevice is a structure that holds device:weight pair type weightDevice struct { - path string - weight uint16 + Path string + Weight uint16 } func (w *weightDevice) String() string { - return fmt.Sprintf("%s:%d", w.path, w.weight) + return fmt.Sprintf("%s:%d", w.Path, w.Weight) } // LinuxNS is a struct that contains namespace information @@ -59,9 +59,9 @@ func NS(s string) string { return "" } -// validateweightDevice validates that the specified string has a valid device-weight format +// ValidateweightDevice validates that the specified string has a valid device-weight format // for blkio-weight-device flag -func validateweightDevice(val string) (*weightDevice, error) { +func ValidateweightDevice(val string) (*weightDevice, error) { split := strings.SplitN(val, ":", 2) if len(split) != 2 { return nil, fmt.Errorf("bad format: %s", val) @@ -78,8 +78,8 @@ func validateweightDevice(val string) (*weightDevice, error) { } return &weightDevice{ - path: split[0], - weight: uint16(weight), + Path: split[0], + Weight: uint16(weight), }, nil } diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 21b6bc3b3..a4ae22efd 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -16,9 +16,9 @@ import ( "github.com/pkg/errors" ) -const cpuPeriod = 100000 +const CpuPeriod = 100000 -func getAvailableGids() (int64, error) { +func GetAvailableGids() (int64, error) { idMap, err := user.ParseIDMapFile("/proc/self/gid_map") if err != nil { return 0, err @@ -80,7 +80,7 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM } gid5Available := true if isRootless { - nGids, err := getAvailableGids() + nGids, err := GetAvailableGids() if err != nil { return nil, err } @@ -197,8 +197,8 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM addedResources = true } if config.Resources.CPUs != 0 { - g.SetLinuxResourcesCPUPeriod(cpuPeriod) - g.SetLinuxResourcesCPUQuota(int64(config.Resources.CPUs * cpuPeriod)) + g.SetLinuxResourcesCPUPeriod(CpuPeriod) + g.SetLinuxResourcesCPUQuota(int64(config.Resources.CPUs * CpuPeriod)) addedResources = true } if config.Resources.CPURtRuntime != 0 { @@ -223,12 +223,12 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM // If privileged, we need to add all the host devices to the // spec. We do not add the user provided ones because we are // already adding them all. - if err := config.AddPrivilegedDevices(&g); err != nil { + if err := AddPrivilegedDevices(&g); err != nil { return nil, err } } else { for _, devicePath := range config.Devices { - if err := devicesFromPath(&g, devicePath); err != nil { + if err := DevicesFromPath(&g, devicePath); err != nil { return nil, err } } @@ -268,7 +268,7 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM } } - blockAccessToKernelFilesystems(config, &g) + BlockAccessToKernelFilesystems(config.Security.Privileged, config.Pid.PidMode.IsHost(), &g) // RESOURCES - PIDS if config.Resources.PidsLimit > 0 { @@ -332,9 +332,9 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM } // BIND MOUNTS - configSpec.Mounts = supercedeUserMounts(userMounts, configSpec.Mounts) + configSpec.Mounts = SupercedeUserMounts(userMounts, configSpec.Mounts) // Process mounts to ensure correct options - finalMounts, err := initFSMounts(configSpec.Mounts) + finalMounts, err := InitFSMounts(configSpec.Mounts) if err != nil { return nil, err } @@ -416,8 +416,8 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM return configSpec, nil } -func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) { - if !config.Security.Privileged { +func BlockAccessToKernelFilesystems(privileged, pidModeIsHost bool, g *generate.Generator) { + if !privileged { for _, mp := range []string{ "/proc/acpi", "/proc/kcore", @@ -433,7 +433,7 @@ func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) g.AddLinuxMaskedPaths(mp) } - if config.Pid.PidMode.IsHost() && rootless.IsRootless() { + if pidModeIsHost && rootless.IsRootless() { return } diff --git a/pkg/spec/storage.go b/pkg/spec/storage.go index 0e2098c1d..e37fa2451 100644 --- a/pkg/spec/storage.go +++ b/pkg/spec/storage.go @@ -825,7 +825,7 @@ func (config *CreateConfig) addContainerInitBinary(path string) (spec.Mount, err // TODO: Should we unmount subtree mounts? E.g., if /tmp/ is mounted by // one mount, and we already have /tmp/a and /tmp/b, should we remove // the /tmp/a and /tmp/b mounts in favor of the more general /tmp? -func supercedeUserMounts(mounts []spec.Mount, configMount []spec.Mount) []spec.Mount { +func SupercedeUserMounts(mounts []spec.Mount, configMount []spec.Mount) []spec.Mount { if len(mounts) > 0 { // If we have overlappings mounts, remove them from the spec in favor of // the user-added volume mounts @@ -854,7 +854,7 @@ func supercedeUserMounts(mounts []spec.Mount, configMount []spec.Mount) []spec.M } // Ensure mount options on all mounts are correct -func initFSMounts(inputMounts []spec.Mount) ([]spec.Mount, error) { +func InitFSMounts(inputMounts []spec.Mount) ([]spec.Mount, error) { // We need to look up mounts so we can figure out the proper mount flags // to apply. systemMounts, err := pmount.GetMounts() -- cgit v1.2.3-54-g00ecf