Merge pull request #26961 from Microsoft/jjh/oci

Windows: OCI runtime spec compliance
This commit is contained in:
Michael Crosby 2016-09-30 10:13:57 -07:00 committed by GitHub
commit 97660c6ec5
21 changed files with 140 additions and 301 deletions

View file

@ -5,6 +5,7 @@ import (
"github.com/docker/docker/daemon/caps" "github.com/docker/docker/daemon/caps"
"github.com/docker/docker/daemon/exec" "github.com/docker/docker/daemon/exec"
"github.com/docker/docker/libcontainerd" "github.com/docker/docker/libcontainerd"
"github.com/opencontainers/runtime-spec/specs-go"
) )
func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainerd.Process) error { func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainerd.Process) error {
@ -13,7 +14,7 @@ func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainer
if err != nil { if err != nil {
return err return err
} }
p.User = &libcontainerd.User{ p.User = &specs.User{
UID: uid, UID: uid,
GID: gid, GID: gid,
AdditionalGids: additionalGids, AdditionalGids: additionalGids,

View file

@ -14,7 +14,6 @@ import (
containertypes "github.com/docker/docker/api/types/container" containertypes "github.com/docker/docker/api/types/container"
"github.com/docker/docker/container" "github.com/docker/docker/container"
"github.com/docker/docker/daemon/caps" "github.com/docker/docker/daemon/caps"
"github.com/docker/docker/libcontainerd"
"github.com/docker/docker/oci" "github.com/docker/docker/oci"
"github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/idtools"
"github.com/docker/docker/pkg/mount" "github.com/docker/docker/pkg/mount"
@ -623,7 +622,7 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container)
return nil return nil
} }
func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, error) { func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
s := oci.DefaultSpec() s := oci.DefaultSpec()
if err := daemon.populateCommonSpec(&s, c); err != nil { if err := daemon.populateCommonSpec(&s, c); err != nil {
return nil, err return nil, err
@ -719,7 +718,7 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e
s.Process.NoNewPrivileges = c.NoNewPrivileges s.Process.NoNewPrivileges = c.NoNewPrivileges
s.Linux.MountLabel = c.MountLabel s.Linux.MountLabel = c.MountLabel
return (*libcontainerd.Spec)(&s), nil return (*specs.Spec)(&s), nil
} }
func clearReadOnly(m *specs.Mount) { func clearReadOnly(m *specs.Mount) {

View file

@ -3,13 +3,13 @@ package daemon
import ( import (
containertypes "github.com/docker/docker/api/types/container" containertypes "github.com/docker/docker/api/types/container"
"github.com/docker/docker/container" "github.com/docker/docker/container"
"github.com/docker/docker/libcontainerd"
"github.com/docker/docker/oci" "github.com/docker/docker/oci"
"github.com/opencontainers/runtime-spec/specs-go"
) )
func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, error) { func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
s := oci.DefaultSpec() s := oci.DefaultSpec()
return (*libcontainerd.Spec)(&s), nil return (*specs.Spec)(&s), nil
} }
// mergeUlimits merge the Ulimits from HostConfig with daemon defaults, and update HostConfig // mergeUlimits merge the Ulimits from HostConfig with daemon defaults, and update HostConfig

View file

@ -5,12 +5,11 @@ import (
containertypes "github.com/docker/docker/api/types/container" containertypes "github.com/docker/docker/api/types/container"
"github.com/docker/docker/container" "github.com/docker/docker/container"
"github.com/docker/docker/libcontainerd"
"github.com/docker/docker/libcontainerd/windowsoci"
"github.com/docker/docker/oci" "github.com/docker/docker/oci"
"github.com/opencontainers/runtime-spec/specs-go"
) )
func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, error) { func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
s := oci.DefaultSpec() s := oci.DefaultSpec()
linkedEnv, err := daemon.setupLinkedContainers(c) linkedEnv, err := daemon.setupLinkedContainers(c)
@ -33,7 +32,7 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e
return nil, err return nil, err
} }
for _, mount := range mounts { for _, mount := range mounts {
m := windowsoci.Mount{ m := specs.Mount{
Source: mount.Source, Source: mount.Source,
Destination: mount.Destination, Destination: mount.Destination,
} }
@ -71,25 +70,27 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e
// In s.Windows.Resources // In s.Windows.Resources
// @darrenstahlmsft implement these resources // @darrenstahlmsft implement these resources
cpuShares := uint64(c.HostConfig.CPUShares) cpuShares := uint16(c.HostConfig.CPUShares)
s.Windows.Resources = &windowsoci.WindowsResources{ cpuPercent := uint8(c.HostConfig.CPUPercent)
CPU: &windowsoci.WindowsCPU{ memoryLimit := uint64(c.HostConfig.Memory)
Percent: &c.HostConfig.CPUPercent, s.Windows.Resources = &specs.WindowsResources{
CPU: &specs.WindowsCPUResources{
Percent: &cpuPercent,
Shares: &cpuShares, Shares: &cpuShares,
}, },
Memory: &windowsoci.WindowsMemory{ Memory: &specs.WindowsMemoryResources{
Limit: &c.HostConfig.Memory, Limit: &memoryLimit,
//TODO Reservation: ..., //TODO Reservation: ...,
}, },
Network: &windowsoci.WindowsNetwork{ Network: &specs.WindowsNetworkResources{
//TODO Bandwidth: ..., //TODO Bandwidth: ...,
}, },
Storage: &windowsoci.WindowsStorage{ Storage: &specs.WindowsStorageResources{
Bps: &c.HostConfig.IOMaximumBandwidth, Bps: &c.HostConfig.IOMaximumBandwidth,
Iops: &c.HostConfig.IOMaximumIOps, Iops: &c.HostConfig.IOMaximumIOps,
}, },
} }
return (*libcontainerd.Spec)(&s), nil return (*specs.Spec)(&s), nil
} }
func escapeArgs(args []string) []string { func escapeArgs(args []string) []string {

View file

@ -15,7 +15,7 @@ import (
// It also ensures each of the mounts are lexographically sorted. // It also ensures each of the mounts are lexographically sorted.
// BUGBUG TODO Windows containerd. This would be much better if it returned // BUGBUG TODO Windows containerd. This would be much better if it returned
// an array of windowsoci mounts, not container mounts. Then no need to // an array of runtime spec mounts, not container mounts. Then no need to
// do multiple transitions. // do multiple transitions.
func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, error) { func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, error) {

View file

@ -107,7 +107,7 @@ clone git github.com/docker/go v1.5.1-1-1-gbaf439e
clone git github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c clone git github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c
clone git github.com/opencontainers/runc cc29e3dded8e27ba8f65738f40d251c885030a28 # libcontainer clone git github.com/opencontainers/runc cc29e3dded8e27ba8f65738f40d251c885030a28 # libcontainer
clone git github.com/opencontainers/runtime-spec v1.0.0-rc1 # specs clone git github.com/opencontainers/runtime-spec 1c7c27d043c2a5e513a44084d2b10d77d1402b8c # specs
clone git github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0 clone git github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0
# libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json) # libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json)
clone git github.com/coreos/go-systemd v4 clone git github.com/coreos/go-systemd v4

View file

@ -133,7 +133,7 @@ func (clnt *client) prepareBundleDir(uid, gid int) (string, error) {
return p, nil return p, nil
} }
func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec Spec, options ...CreateOption) (err error) { func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec specs.Spec, options ...CreateOption) (err error) {
clnt.lock(containerID) clnt.lock(containerID)
defer clnt.unlock(containerID) defer clnt.unlock(containerID)

View file

@ -13,6 +13,7 @@ import (
"github.com/Microsoft/hcsshim" "github.com/Microsoft/hcsshim"
"github.com/Sirupsen/logrus" "github.com/Sirupsen/logrus"
"github.com/opencontainers/runtime-spec/specs-go"
) )
type client struct { type client struct {
@ -92,7 +93,7 @@ const defaultOwner = "docker"
// }, // },
// "Servicing": false // "Servicing": false
//} //}
func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec Spec, options ...CreateOption) error { func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec specs.Spec, options ...CreateOption) error {
clnt.lock(containerID) clnt.lock(containerID)
defer clnt.unlock(containerID) defer clnt.unlock(containerID)
logrus.Debugln("libcontainerd: client.Create() with spec", spec) logrus.Debugln("libcontainerd: client.Create() with spec", spec)
@ -109,15 +110,15 @@ func (clnt *client) Create(containerID string, checkpoint string, checkpointDir
if spec.Windows.Resources != nil { if spec.Windows.Resources != nil {
if spec.Windows.Resources.CPU != nil { if spec.Windows.Resources.CPU != nil {
if spec.Windows.Resources.CPU.Shares != nil { if spec.Windows.Resources.CPU.Shares != nil {
configuration.ProcessorWeight = *spec.Windows.Resources.CPU.Shares configuration.ProcessorWeight = uint64(*spec.Windows.Resources.CPU.Shares)
} }
if spec.Windows.Resources.CPU.Percent != nil { if spec.Windows.Resources.CPU.Percent != nil {
configuration.ProcessorMaximum = *spec.Windows.Resources.CPU.Percent * 100 // ProcessorMaximum is a value between 1 and 10000 configuration.ProcessorMaximum = int64(*spec.Windows.Resources.CPU.Percent * 100) // ProcessorMaximum is a value between 1 and 10000
} }
} }
if spec.Windows.Resources.Memory != nil { if spec.Windows.Resources.Memory != nil {
if spec.Windows.Resources.Memory.Limit != nil { if spec.Windows.Resources.Memory.Limit != nil {
configuration.MemoryMaximumInMB = *spec.Windows.Resources.Memory.Limit / 1024 / 1024 configuration.MemoryMaximumInMB = int64(*spec.Windows.Resources.Memory.Limit / 1024 / 1024)
} }
} }
if spec.Windows.Resources.Storage != nil { if spec.Windows.Resources.Storage != nil {

View file

@ -8,6 +8,7 @@ import (
"github.com/Microsoft/hcsshim" "github.com/Microsoft/hcsshim"
"github.com/Sirupsen/logrus" "github.com/Sirupsen/logrus"
"github.com/opencontainers/runtime-spec/specs-go"
) )
type container struct { type container struct {
@ -19,7 +20,7 @@ type container struct {
// The ociSpec is required, as client.Create() needs a spec, // The ociSpec is required, as client.Create() needs a spec,
// but can be called from the RestartManager context which does not // but can be called from the RestartManager context which does not
// otherwise have access to the Spec // otherwise have access to the Spec
ociSpec Spec ociSpec specs.Spec
manualStopRequested bool manualStopRequested bool
hcsContainer hcsshim.Container hcsContainer hcsshim.Container

View file

@ -3,6 +3,7 @@ package libcontainerd
import ( import (
"io" "io"
"github.com/opencontainers/runtime-spec/specs-go"
"golang.org/x/net/context" "golang.org/x/net/context"
) )
@ -36,7 +37,7 @@ type Backend interface {
// Client provides access to containerd features. // Client provides access to containerd features.
type Client interface { type Client interface {
Create(containerID string, checkpoint string, checkpointDir string, spec Spec, options ...CreateOption) error Create(containerID string, checkpoint string, checkpointDir string, spec specs.Spec, options ...CreateOption) error
Signal(containerID string, sig int) error Signal(containerID string, sig int) error
SignalProcess(containerID string, processFriendlyName string, sig int) error SignalProcess(containerID string, processFriendlyName string, sig int) error
AddProcess(ctx context.Context, containerID, processFriendlyName string, process Process) error AddProcess(ctx context.Context, containerID, processFriendlyName string, process Process) error

View file

@ -5,17 +5,12 @@ import (
"github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-spec/specs-go"
) )
// Spec is the base configuration for the container. It specifies platform
// independent configuration. This information must be included when the
// bundle is packaged for distribution.
type Spec specs.Spec
// Process contains information to start a specific application inside the container. // Process contains information to start a specific application inside the container.
type Process struct { type Process struct {
// Terminal creates an interactive terminal for the container. // Terminal creates an interactive terminal for the container.
Terminal bool `json:"terminal"` Terminal bool `json:"terminal"`
// User specifies user information for the process. // User specifies user information for the process.
User *User `json:"user"` User *specs.User `json:"user"`
// Args specifies the binary and arguments for the application to execute. // Args specifies the binary and arguments for the application to execute.
Args []string `json:"args"` Args []string `json:"args"`
// Env populates the process environment for the process. // Env populates the process environment for the process.
@ -47,10 +42,6 @@ type Stats containerd.StatsResponse
// Summary contains a container summary from containerd // Summary contains a container summary from containerd
type Summary struct{} type Summary struct{}
// User specifies linux specific user and group information for the container's
// main process.
type User specs.User
// Resources defines updatable container resource values. // Resources defines updatable container resource values.
type Resources containerd.UpdateResource type Resources containerd.UpdateResource

View file

@ -1,14 +1,5 @@
package libcontainerd package libcontainerd
import (
"github.com/opencontainers/runtime-spec/specs-go"
)
// Spec is the base configuration for the container. It specifies platform
// independent configuration. This information must be included when the
// bundle is packaged for distribution.
type Spec specs.Spec
// Process contains information to start a specific application inside the container. // Process contains information to start a specific application inside the container.
type Process struct { type Process struct {
// Terminal creates an interactive terminal for the container. // Terminal creates an interactive terminal for the container.
@ -30,9 +21,5 @@ type StateInfo struct {
// Platform specific StateInfo // Platform specific StateInfo
} }
// User specifies Solaris specific user and group information for the container's
// main process.
type User specs.User
// Resources defines updatable container resource values. // Resources defines updatable container resource values.
type Resources struct{} type Resources struct{}

View file

@ -2,17 +2,11 @@ package libcontainerd
import ( import (
"github.com/Microsoft/hcsshim" "github.com/Microsoft/hcsshim"
"github.com/docker/docker/libcontainerd/windowsoci" "github.com/opencontainers/runtime-spec/specs-go"
) )
// Spec is the base configuration for the container.
type Spec windowsoci.Spec
// Process contains information to start a specific application inside the container. // Process contains information to start a specific application inside the container.
type Process windowsoci.Process type Process specs.Process
// User specifies user information for the containers main process.
type User windowsoci.User
// Summary contains a ProcessList item from HCS to support `top` // Summary contains a ProcessList item from HCS to support `top`
type Summary hcsshim.ProcessListItem type Summary hcsshim.ProcessListItem

View file

@ -1,199 +0,0 @@
package windowsoci
// This file contains the Windows spec for a container. At the time of
// writing, Windows does not have a spec defined in opencontainers/specs,
// hence this is an interim workaround. TODO Windows: FIXME @jhowardmsft
import "fmt"
// Spec is the base configuration for the container.
type Spec struct {
// Version of the Open Container Runtime Specification with which the bundle complies.
Version string `json:"ociVersion"`
// Platform specifies the configuration's target platform.
Platform Platform `json:"platform"`
// Process configures the container process.
Process Process `json:"process"`
// Root configures the container's root filesystem.
Root Root `json:"root"`
// Hostname configures the container's hostname.
Hostname string `json:"hostname,omitempty"`
// Mounts configures additional mounts (on top of Root).
Mounts []Mount `json:"mounts,omitempty"`
// Hooks configures callbacks for container lifecycle events.
Hooks Hooks `json:"hooks"`
// Annotations contains arbitrary metadata for the container.
Annotations map[string]string `json:"annotations,omitempty"`
// Linux is platform specific configuration for Linux based containers.
Linux *Linux `json:"linux,omitempty" platform:"linux"`
// Solaris is platform specific configuration for Solaris containers.
Solaris *Solaris `json:"solaris,omitempty" platform:"solaris"`
// Windows is platform specific configuration for Windows based containers, including Hyper-V containers.
Windows *Windows `json:"windows,omitempty" platform:"windows"`
}
// Windows contains platform specific configuration for Windows based containers.
type Windows struct {
// Resources contains information for handling resource constraints for the container
Resources *WindowsResources `json:"resources,omitempty"`
}
// Process contains information to start a specific application inside the container.
type Process struct {
// Terminal creates an interactive terminal for the container.
Terminal bool `json:"terminal,omitempty"`
// User specifies user information for the process.
User User `json:"user"`
// Args specifies the binary and arguments for the application to execute.
Args []string `json:"args"`
// Env populates the process environment for the process.
Env []string `json:"env,omitempty"`
// Cwd is the current working directory for the process and must be
// relative to the container's root.
Cwd string `json:"cwd"`
// Capabilities are Linux capabilities that are kept for the container.
Capabilities []string `json:"capabilities,omitempty" platform:"linux"`
// Rlimits specifies rlimit options to apply to the process.
Rlimits []Rlimit `json:"rlimits,omitempty" platform:"linux"`
// NoNewPrivileges controls whether additional privileges could be gained by processes in the container.
NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux"`
// ApparmorProfile specifies the apparmor profile for the container.
ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"`
// SelinuxLabel specifies the selinux context that the container process is run as.
SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"`
// ConsoleSize contains the initial size of the console.
ConsoleSize Box `json:"consoleSize" platform:"windows"`
}
// Box specifies height and width dimensions. Used for sizing of a console.
type Box struct {
Height uint
Width uint
}
// User specifies specific user (and group) information for the container process.
type User struct {
// UID is the user id.
UID uint32 `json:"uid" platform:"linux,solaris"`
// GID is the group id.
GID uint32 `json:"gid" platform:"linux,solaris"`
// AdditionalGids are additional group ids set for the container's process.
AdditionalGids []uint32 `json:"additionalGids,omitempty" platform:"linux,solaris"`
// Username is the user name.
Username string `json:"username,omitempty" platform:"windows"`
}
// Root contains information about the container's root filesystem on the host.
type Root struct {
// Path is the absolute path to the container's root filesystem.
Path string `json:"path"`
// Readonly makes the root filesystem for the container readonly before the process is executed.
Readonly bool `json:"readonly"`
}
// Platform specifies OS and arch information for the host system that the container
// is created for.
type Platform struct {
// OS is the operating system.
OS string `json:"os"`
// Arch is the architecture
Arch string `json:"arch"`
}
// Mount specifies a mount for a container.
type Mount struct {
// Destination is the path where the mount will be placed relative to the container's root. The path and child directories MUST exist, a runtime MUST NOT create directories automatically to a mount point.
Destination string `json:"destination"`
// Type specifies the mount kind.
Type string `json:"type"`
// Source specifies the source path of the mount. In the case of bind mounts on
// Linux based systems this would be the file on the host.
Source string `json:"source"`
// Options are fstab style mount options.
Options []string `json:"options,omitempty"`
}
// WindowsStorage contains storage resource management settings
type WindowsStorage struct {
// Specifies maximum Iops for the system drive
Iops *uint64 `json:"iops,omitempty"`
// Specifies maximum bytes per second for the system drive
Bps *uint64 `json:"bps,omitempty"`
// Sandbox size indicates the size to expand the system drive to if it is currently smaller
SandboxSize *uint64 `json:"sandbox_size,omitempty"`
}
// WindowsMemory contains memory settings for the container
type WindowsMemory struct {
// Memory limit (in bytes).
Limit *int64 `json:"limit,omitempty"`
// Memory reservation (in bytes).
Reservation *uint64 `json:"reservation,omitempty"`
}
// WindowsCPU contains information for cpu resource management
type WindowsCPU struct {
// Number of CPUs available to the container. This is an appoximation for Windows Server Containers.
Count *uint64 `json:"count,omitempty"`
// CPU shares (relative weight (ratio) vs. other containers with cpu shares). Range is from 1 to 10000.
Shares *uint64 `json:"shares,omitempty"`
// Percent of available CPUs usable by the container.
Percent *int64 `json:"percent,omitempty"`
}
// WindowsNetwork contains network resource management information
type WindowsNetwork struct {
// Bandwidth is the maximum egress bandwidth in bytes per second
Bandwidth *uint64 `json:"bandwidth,omitempty"`
}
// WindowsResources has container runtime resource constraints
// TODO Windows containerd. This structure needs ratifying with the old resources
// structure used on Windows and the latest OCI spec.
type WindowsResources struct {
// Memory restriction configuration
Memory *WindowsMemory `json:"memory,omitempty"`
// CPU resource restriction configuration
CPU *WindowsCPU `json:"cpu,omitempty"`
// Storage restriction configuration
Storage *WindowsStorage `json:"storage,omitempty"`
// Network restriction configuration
Network *WindowsNetwork `json:"network,omitempty"`
}
const (
// VersionMajor is for an API incompatible changes
VersionMajor = 0
// VersionMinor is for functionality in a backwards-compatible manner
VersionMinor = 3
// VersionPatch is for backwards-compatible bug fixes
VersionPatch = 0
// VersionDev indicates development branch. Releases will be empty string.
VersionDev = ""
)
// Version is the specification version that the package types support.
var Version = fmt.Sprintf("%d.%d.%d%s (Windows)", VersionMajor, VersionMinor, VersionPatch, VersionDev)
//
// Temporary structures. Ultimately this whole file will be removed.
//
// Linux contains platform specific configuration for Linux based containers.
type Linux struct {
}
// Solaris contains platform specific configuration for Solaris application containers.
type Solaris struct {
}
// Hooks for container setup and teardown
type Hooks struct {
}
// Rlimit type and restrictions. Placeholder only to support the Process structure.
// Not used on Windows, only present for compilation purposes.
type Rlimit struct {
}

View file

@ -1,3 +0,0 @@
// +build !windows
package windowsoci

View file

@ -76,7 +76,7 @@ func DefaultSpec() specs.Spec {
"CAP_AUDIT_WRITE", "CAP_AUDIT_WRITE",
} }
s.Linux = specs.Linux{ s.Linux = &specs.Linux{
MaskedPaths: []string{ MaskedPaths: []string{
"/proc/kcore", "/proc/kcore",
"/proc/latency_stats", "/proc/latency_stats",

View file

@ -3,17 +3,17 @@ package oci
import ( import (
"runtime" "runtime"
"github.com/docker/docker/libcontainerd/windowsoci" "github.com/opencontainers/runtime-spec/specs-go"
) )
// DefaultSpec returns default spec used by docker. // DefaultSpec returns default spec used by docker.
func DefaultSpec() windowsoci.Spec { func DefaultSpec() specs.Spec {
return windowsoci.Spec{ return specs.Spec{
Version: windowsoci.Version, Version: specs.Version,
Platform: windowsoci.Platform{ Platform: specs.Platform{
OS: runtime.GOOS, OS: runtime.GOOS,
Arch: runtime.GOARCH, Arch: runtime.GOARCH,
}, },
Windows: &windowsoci.Windows{}, Windows: &specs.Windows{},
} }
} }

View file

@ -15,6 +15,7 @@ import (
"github.com/docker/docker/pkg/plugins" "github.com/docker/docker/pkg/plugins"
"github.com/docker/docker/plugin/v2" "github.com/docker/docker/plugin/v2"
"github.com/docker/docker/restartmanager" "github.com/docker/docker/restartmanager"
"github.com/opencontainers/runtime-spec/specs-go"
) )
func (pm *Manager) enable(p *v2.Plugin, force bool) error { func (pm *Manager) enable(p *v2.Plugin, force bool) error {
@ -27,7 +28,7 @@ func (pm *Manager) enable(p *v2.Plugin, force bool) error {
} }
p.RestartManager = restartmanager.New(container.RestartPolicy{Name: "always"}, 0) p.RestartManager = restartmanager.New(container.RestartPolicy{Name: "always"}, 0)
if err := pm.containerdClient.Create(p.GetID(), "", "", libcontainerd.Spec(*spec), libcontainerd.WithRestartManager(p.RestartManager)); err != nil { if err := pm.containerdClient.Create(p.GetID(), "", "", specs.Spec(*spec), libcontainerd.WithRestartManager(p.RestartManager)); err != nil {
if err := p.RestartManager.Cancel(); err != nil { if err := p.RestartManager.Cancel(); err != nil {
logrus.Errorf("enable: restartManager.Cancel failed due to %v", err) logrus.Errorf("enable: restartManager.Cancel failed due to %v", err)
} }

View file

@ -4,33 +4,37 @@ import "os"
// Spec is the base configuration for the container. // Spec is the base configuration for the container.
type Spec struct { type Spec struct {
// Version is the version of the specification that is supported. // Version of the Open Container Runtime Specification with which the bundle complies.
Version string `json:"ociVersion"` Version string `json:"ociVersion"`
// Platform is the host information for OS and Arch. // Platform specifies the configuration's target platform.
Platform Platform `json:"platform"` Platform Platform `json:"platform"`
// Process is the container's main process. // Process configures the container process.
Process Process `json:"process"` Process Process `json:"process"`
// Root is the root information for the container's filesystem. // Root configures the container's root filesystem.
Root Root `json:"root"` Root Root `json:"root"`
// Hostname is the container's host name. // Hostname configures the container's hostname.
Hostname string `json:"hostname,omitempty"` Hostname string `json:"hostname,omitempty"`
// Mounts profile configuration for adding mounts to the container's filesystem. // Mounts configures additional mounts (on top of Root).
Mounts []Mount `json:"mounts,omitempty"` Mounts []Mount `json:"mounts,omitempty"`
// Hooks are the commands run at various lifecycle events of the container. // Hooks configures callbacks for container lifecycle events.
Hooks Hooks `json:"hooks"` Hooks Hooks `json:"hooks"`
// Annotations is an unstructured key value map that may be set by external tools to store and retrieve arbitrary metadata. // Annotations contains arbitrary metadata for the container.
Annotations map[string]string `json:"annotations,omitempty"` Annotations map[string]string `json:"annotations,omitempty"`
// Linux is platform specific configuration for Linux based containers. // Linux is platform specific configuration for Linux based containers.
Linux Linux `json:"linux" platform:"linux,omitempty"` Linux *Linux `json:"linux,omitempty" platform:"linux"`
// Solaris is platform specific configuration for Solaris containers. // Solaris is platform specific configuration for Solaris containers.
Solaris Solaris `json:"solaris" platform:"solaris,omitempty"` Solaris *Solaris `json:"solaris,omitempty" platform:"solaris"`
// Windows is platform specific configuration for Windows based containers, including Hyper-V containers.
Windows *Windows `json:"windows,omitempty" platform:"windows"`
} }
// Process contains information to start a specific application inside the container. // Process contains information to start a specific application inside the container.
type Process struct { type Process struct {
// Terminal creates an interactive terminal for the container. // Terminal creates an interactive terminal for the container.
Terminal bool `json:"terminal,omitempty"` Terminal bool `json:"terminal,omitempty"`
// ConsoleSize specifies the size of the console.
ConsoleSize Box `json:"consoleSize,omitempty"`
// User specifies user information for the process. // User specifies user information for the process.
User User `json:"user"` User User `json:"user"`
// Args specifies the binary and arguments for the application to execute. // Args specifies the binary and arguments for the application to execute.
@ -43,25 +47,33 @@ type Process struct {
// Capabilities are Linux capabilities that are kept for the container. // Capabilities are Linux capabilities that are kept for the container.
Capabilities []string `json:"capabilities,omitempty" platform:"linux"` Capabilities []string `json:"capabilities,omitempty" platform:"linux"`
// Rlimits specifies rlimit options to apply to the process. // Rlimits specifies rlimit options to apply to the process.
Rlimits []Rlimit `json:"rlimits,omitempty"` Rlimits []Rlimit `json:"rlimits,omitempty" platform:"linux"`
// NoNewPrivileges controls whether additional privileges could be gained by processes in the container. // NoNewPrivileges controls whether additional privileges could be gained by processes in the container.
NoNewPrivileges bool `json:"noNewPrivileges,omitempty"` NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux"`
// ApparmorProfile specifies the apparmor profile for the container.
// ApparmorProfile specified the apparmor profile for the container. (this field is platform dependent)
ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"` ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"`
// SelinuxLabel specifies the selinux context that the container process is run as. (this field is platform dependent) // SelinuxLabel specifies the selinux context that the container process is run as.
SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"` SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"`
} }
// User specifies Linux specific user and group information for the container's // Box specifies dimensions of a rectangle. Used for specifying the size of a console.
// main process. type Box struct {
// Height is the vertical dimension of a box.
Height uint `json:"height"`
// Width is the horizontal dimension of a box.
Width uint `json:"width"`
}
// User specifies specific user (and group) information for the container process.
type User struct { type User struct {
// UID is the user id. (this field is platform dependent) // UID is the user id.
UID uint32 `json:"uid" platform:"linux"` UID uint32 `json:"uid" platform:"linux,solaris"`
// GID is the group id. (this field is platform dependent) // GID is the group id.
GID uint32 `json:"gid" platform:"linux"` GID uint32 `json:"gid" platform:"linux,solaris"`
// AdditionalGids are additional group ids set for the container's process. (this field is platform dependent) // AdditionalGids are additional group ids set for the container's process.
AdditionalGids []uint32 `json:"additionalGids,omitempty" platform:"linux"` AdditionalGids []uint32 `json:"additionalGids,omitempty" platform:"linux,solaris"`
// Username is the user name.
Username string `json:"username,omitempty" platform:"windows"`
} }
// Root contains information about the container's root filesystem on the host. // Root contains information about the container's root filesystem on the host.
@ -262,7 +274,7 @@ type Memory struct {
// Kernel memory limit (in bytes). // Kernel memory limit (in bytes).
Kernel *uint64 `json:"kernel,omitempty"` Kernel *uint64 `json:"kernel,omitempty"`
// Kernel memory limit for tcp (in bytes) // Kernel memory limit for tcp (in bytes)
KernelTCP *uint64 `json:"kernelTCP"` KernelTCP *uint64 `json:"kernelTCP,omitempty"`
// How aggressive the kernel will swap memory pages. Range from 0 to 100. // How aggressive the kernel will swap memory pages. Range from 0 to 100.
Swappiness *uint64 `json:"swappiness,omitempty"` Swappiness *uint64 `json:"swappiness,omitempty"`
} }
@ -294,15 +306,15 @@ type Pids struct {
// Network identification and priority configuration // Network identification and priority configuration
type Network struct { type Network struct {
// Set class identifier for container's network packets // Set class identifier for container's network packets
ClassID *uint32 `json:"classID"` ClassID *uint32 `json:"classID,omitempty"`
// Set priority of network traffic for container // Set priority of network traffic for container
Priorities []InterfacePriority `json:"priorities,omitempty"` Priorities []InterfacePriority `json:"priorities,omitempty"`
} }
// Resources has container runtime resource constraints // Resources has container runtime resource constraints
type Resources struct { type Resources struct {
// Devices are a list of device rules for the whitelist controller // Devices configures the device whitelist.
Devices []DeviceCgroup `json:"devices"` Devices []DeviceCgroup `json:"devices,omitempty"`
// DisableOOMKiller disables the OOM killer for out of memory conditions // DisableOOMKiller disables the OOM killer for out of memory conditions
DisableOOMKiller *bool `json:"disableOOMKiller,omitempty"` DisableOOMKiller *bool `json:"disableOOMKiller,omitempty"`
// Specify an oom_score_adj for the container. // Specify an oom_score_adj for the container.
@ -371,9 +383,9 @@ type Solaris struct {
// Specification for automatic creation of network resources for this container. // Specification for automatic creation of network resources for this container.
Anet []Anet `json:"anet,omitempty"` Anet []Anet `json:"anet,omitempty"`
// Set limit on the amount of CPU time that can be used by container. // Set limit on the amount of CPU time that can be used by container.
CappedCPU CappedCPU `json:"cappedCPU,omitempty"` CappedCPU *CappedCPU `json:"cappedCPU,omitempty"`
// The physical and swap caps on the memory that can be used by this container. // The physical and swap caps on the memory that can be used by this container.
CappedMemory CappedMemory `json:"cappedMemory,omitempty"` CappedMemory *CappedMemory `json:"cappedMemory,omitempty"`
} }
// CappedCPU allows users to set limit on the amount of CPU time that can be used by container. // CappedCPU allows users to set limit on the amount of CPU time that can be used by container.
@ -405,6 +417,58 @@ type Anet struct {
Macaddress string `json:"macAddress,omitempty"` Macaddress string `json:"macAddress,omitempty"`
} }
// Windows defines the runtime configuration for Windows based containers, including Hyper-V containers.
type Windows struct {
// Resources contains information for handling resource constraints for the container.
Resources *WindowsResources `json:"resources,omitempty"`
}
// WindowsResources has container runtime resource constraints for containers running on Windows.
type WindowsResources struct {
// Memory restriction configuration.
Memory *WindowsMemoryResources `json:"memory,omitempty"`
// CPU resource restriction configuration.
CPU *WindowsCPUResources `json:"cpu,omitempty"`
// Storage restriction configuration.
Storage *WindowsStorageResources `json:"storage,omitempty"`
// Network restriction configuration.
Network *WindowsNetworkResources `json:"network,omitempty"`
}
// WindowsMemoryResources contains memory resource management settings.
type WindowsMemoryResources struct {
// Memory limit in bytes.
Limit *uint64 `json:"limit,omitempty"`
// Memory reservation in bytes.
Reservation *uint64 `json:"reservation,omitempty"`
}
// WindowsCPUResources contains CPU resource management settings.
type WindowsCPUResources struct {
// Number of CPUs available to the container.
Count *uint64 `json:"count,omitempty"`
// CPU shares (relative weight to other containers with cpu shares). Range is from 1 to 10000.
Shares *uint16 `json:"shares,omitempty"`
// Percent of available CPUs usable by the container.
Percent *uint8 `json:"percent,omitempty"`
}
// WindowsStorageResources contains storage resource management settings.
type WindowsStorageResources struct {
// Specifies maximum Iops for the system drive.
Iops *uint64 `json:"iops,omitempty"`
// Specifies maximum bytes per second for the system drive.
Bps *uint64 `json:"bps,omitempty"`
// Sandbox size specifies the minimum size of the system drive in bytes.
SandboxSize *uint64 `json:"sandboxSize,omitempty"`
}
// WindowsNetworkResources contains network resource management settings.
type WindowsNetworkResources struct {
// EgressBandwidth is the maximum egress bandwidth in bytes per second.
EgressBandwidth *uint64 `json:"egressBandwidth,omitempty"`
}
// Arch used for additional architectures // Arch used for additional architectures
type Arch string type Arch string

View file

@ -8,7 +8,7 @@ type State struct {
ID string `json:"id"` ID string `json:"id"`
// Status is the runtime state of the container. // Status is the runtime state of the container.
Status string `json:"status"` Status string `json:"status"`
// Pid is the process id for the container's main process. // Pid is the process ID for the container process.
Pid int `json:"pid"` Pid int `json:"pid"`
// BundlePath is the path to the container's bundle directory. // BundlePath is the path to the container's bundle directory.
BundlePath string `json:"bundlePath"` BundlePath string `json:"bundlePath"`

View file

@ -11,7 +11,7 @@ const (
VersionPatch = 0 VersionPatch = 0
// VersionDev indicates development branch. Releases will be empty string. // VersionDev indicates development branch. Releases will be empty string.
VersionDev = "-rc1" VersionDev = "-rc2-dev"
) )
// Version is the specification version that the package types support. // Version is the specification version that the package types support.