daemon/config: New(): initialize config with platform-specific defaults

This centralizes more defaults, to be part of the config struct that's
created, instead of interweaving the defaults with other code in various
places.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2022-06-06 21:11:08 +02:00
parent 724feb898f
commit b28e66cf4f
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
12 changed files with 102 additions and 106 deletions

View file

@ -12,20 +12,6 @@ const defaultTrustKeyFile = "key.json"
// installCommonConfigFlags adds flags to the pflag.FlagSet to configure the daemon
func installCommonConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
var err error
conf.Pidfile, err = getDefaultPidFile()
if err != nil {
return err
}
conf.Root, err = getDefaultDataRoot()
if err != nil {
return err
}
conf.ExecRoot, err = getDefaultExecRoot()
if err != nil {
return err
}
var (
allowNonDistributable = opts.NewNamedListOptsRef("allow-nondistributable-artifacts", &conf.AllowNondistributableArtifacts, registry.ValidateIndexName)
registryMirrors = opts.NewNamedListOptsRef("registry-mirrors", &conf.Mirrors, registry.ValidateMirror)

View file

@ -5,18 +5,13 @@ package main
import (
"net"
"os/exec"
"path/filepath"
"github.com/containerd/cgroups"
"github.com/docker/docker/api/types"
"github.com/docker/docker/daemon/config"
"github.com/docker/docker/opts"
"github.com/docker/docker/pkg/homedir"
"github.com/docker/docker/registry"
"github.com/docker/docker/rootless"
units "github.com/docker/go-units"
"github.com/pkg/errors"
"github.com/spf13/pflag"
)
@ -27,12 +22,6 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
return err
}
conf.Ulimits = make(map[string]*units.Ulimit)
// Set default value for `--default-shm-size`
conf.ShmSize = opts.MemBytes(config.DefaultShmSize)
conf.Runtimes = make(map[string]types.Runtime)
// Then platform-specific install flags
flags.Var(opts.NewNamedRuntimeOpt("runtimes", &conf.Runtimes, config.StockRuntimeName), "add-runtime", "Register an additional OCI compatible runtime")
flags.StringVarP(&conf.SocketGroup, "group", "G", "docker", "Group for the unix socket")
@ -53,16 +42,7 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
flags.BoolVar(&conf.BridgeConfig.InterContainerCommunication, "icc", true, "Enable inter-container communication")
flags.IPVar(&conf.BridgeConfig.DefaultIP, "ip", net.IPv4zero, "Default IP when binding container ports")
flags.BoolVar(&conf.BridgeConfig.EnableUserlandProxy, "userland-proxy", true, "Use userland proxy for loopback traffic")
defaultUserlandProxyPath := ""
if rootless.RunningWithRootlessKit() {
var err error
// use rootlesskit-docker-proxy for exposing the ports in RootlessKit netns to the initial namespace.
defaultUserlandProxyPath, err = exec.LookPath(rootless.RootlessKitDockerProxyBinary)
if err != nil {
return errors.Wrapf(err, "running with RootlessKit, but %s not installed", rootless.RootlessKitDockerProxyBinary)
}
}
flags.StringVar(&conf.BridgeConfig.UserlandProxyPath, "userland-proxy-path", defaultUserlandProxyPath, "Path to the userland proxy binary")
flags.StringVar(&conf.BridgeConfig.UserlandProxyPath, "userland-proxy-path", conf.BridgeConfig.UserlandProxyPath, "Path to the userland proxy binary")
flags.StringVar(&conf.CgroupParent, "cgroup-parent", "", "Set parent cgroup for all containers")
flags.StringVar(&conf.RemappedRoot, "userns-remap", "", "User/Group setting for user namespaces")
flags.BoolVar(&conf.LiveRestoreEnabled, "live-restore", false, "Enable live restore of docker when containers are still running")
@ -71,19 +51,15 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
flags.StringVar(&conf.InitPath, "init-path", "", "Path to the docker-init binary")
flags.Int64Var(&conf.CPURealtimePeriod, "cpu-rt-period", 0, "Limit the CPU real-time period in microseconds for the parent cgroup for all containers (not supported with cgroups v2)")
flags.Int64Var(&conf.CPURealtimeRuntime, "cpu-rt-runtime", 0, "Limit the CPU real-time runtime in microseconds for the parent cgroup for all containers (not supported with cgroups v2)")
flags.StringVar(&conf.SeccompProfile, "seccomp-profile", config.SeccompProfileDefault, `Path to seccomp profile. Use "unconfined" to disable the default seccomp profile`)
flags.StringVar(&conf.SeccompProfile, "seccomp-profile", conf.SeccompProfile, `Path to seccomp profile. Use "unconfined" to disable the default seccomp profile`)
flags.Var(&conf.ShmSize, "default-shm-size", "Default shm size for containers")
flags.BoolVar(&conf.NoNewPrivileges, "no-new-privileges", false, "Set no-new-privileges by default for new containers")
flags.StringVar(&conf.IpcMode, "default-ipc-mode", string(config.DefaultIpcMode), `Default mode for containers ipc ("shareable" | "private")`)
flags.StringVar(&conf.IpcMode, "default-ipc-mode", conf.IpcMode, `Default mode for containers ipc ("shareable" | "private")`)
flags.Var(&conf.NetworkConfig.DefaultAddressPools, "default-address-pool", "Default address pools for node specific local networks")
// rootless needs to be explicitly specified for running "rootful" dockerd in rootless dockerd (#38702)
// Note that defaultUserlandProxyPath and honorXDG are configured according to the value of rootless.RunningWithRootlessKit, not the value of --rootless.
flags.BoolVar(&conf.Rootless, "rootless", rootless.RunningWithRootlessKit(), "Enable rootless mode; typically used with RootlessKit")
defaultCgroupNamespaceMode := config.DefaultCgroupNamespaceMode
if cgroups.Mode() != cgroups.Unified {
defaultCgroupNamespaceMode = config.DefaultCgroupV1NamespaceMode
}
flags.StringVar(&conf.CgroupNamespaceMode, "default-cgroupns-mode", string(defaultCgroupNamespaceMode), `Default mode for containers cgroup namespace ("host" | "private")`)
// Note that conf.BridgeConfig.UserlandProxyPath and honorXDG are configured according to the value of rootless.RunningWithRootlessKit, not the value of --rootless.
flags.BoolVar(&conf.Rootless, "rootless", conf.Rootless, "Enable rootless mode; typically used with RootlessKit")
flags.StringVar(&conf.CgroupNamespaceMode, "default-cgroupns-mode", conf.CgroupNamespaceMode, `Default mode for containers cgroup namespace ("host" | "private")`)
return nil
}
@ -97,36 +73,3 @@ func configureCertsDir() {
}
}
}
func getDefaultPidFile() (string, error) {
if !honorXDG {
return "/var/run/docker.pid", nil
}
runtimeDir, err := homedir.GetRuntimeDir()
if err != nil {
return "", err
}
return filepath.Join(runtimeDir, "docker.pid"), nil
}
func getDefaultDataRoot() (string, error) {
if !honorXDG {
return "/var/lib/docker", nil
}
dataHome, err := homedir.GetDataHome()
if err != nil {
return "", err
}
return filepath.Join(dataHome, "docker"), nil
}
func getDefaultExecRoot() (string, error) {
if !honorXDG {
return "/var/run/docker", nil
}
runtimeDir, err := homedir.GetRuntimeDir()
if err != nil {
return "", err
}
return filepath.Join(runtimeDir, "docker"), nil
}

View file

@ -15,8 +15,9 @@ import (
func TestDaemonParseShmSize(t *testing.T) {
flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
conf := &config.Config{}
err := installConfigFlags(conf, flags)
conf, err := config.New()
assert.NilError(t, err)
err = installConfigFlags(conf, flags)
assert.NilError(t, err)
// By default `--default-shm-size=64M`
assert.Check(t, is.Equal(int64(64*1024*1024), conf.ShmSize.Value()))

View file

@ -1,25 +1,10 @@
package main
import (
"os"
"path/filepath"
"github.com/docker/docker/daemon/config"
"github.com/spf13/pflag"
)
func getDefaultPidFile() (string, error) {
return "", nil
}
func getDefaultDataRoot() (string, error) {
return filepath.Join(os.Getenv("programdata"), "docker"), nil
}
func getDefaultExecRoot() (string, error) {
return filepath.Join(os.Getenv("programdata"), "docker", "exec-root"), nil
}
// installConfigFlags adds flags to the pflag.FlagSet to configure the daemon
func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
// First handle install flags which are consistent cross-platform

View file

@ -21,7 +21,11 @@ var (
)
func newDaemonCommand() (*cobra.Command, error) {
opts := newDaemonOptions(config.New())
cfg, err := config.New()
if err != nil {
return nil, err
}
opts := newDaemonOptions(cfg)
cmd := &cobra.Command{
Use: "dockerd [OPTIONS]",

View file

@ -275,9 +275,10 @@ func (conf *Config) IsValueSet(name string) bool {
return ok
}
// New returns a new fully initialized Config struct
func New() *Config {
return &Config{
// New returns a new fully initialized Config struct with default values set.
func New() (*Config, error) {
// platform-agnostic default values for the Config.
cfg := &Config{
CommonConfig: CommonConfig{
ShutdownTimeout: DefaultShutdownTimeout,
LogConfig: LogConfig{
@ -295,6 +296,12 @@ func New() *Config {
DefaultRuntime: StockRuntimeName,
},
}
if err := setPlatformDefaults(cfg); err != nil {
return nil, err
}
return cfg, nil
}
// GetConflictFreeLabels validates Labels for conflict
@ -329,7 +336,10 @@ func Reload(configFile string, flags *pflag.FlagSet, reload func(*Config)) error
if flags.Changed("config-file") || !os.IsNotExist(err) {
return errors.Wrapf(err, "unable to configure the Docker daemon with file %s", configFile)
}
newConfig = New()
newConfig, err = New()
if err != nil {
return err
}
}
// Check if duplicate label-keys with different values are found

View file

@ -3,11 +3,17 @@ package config // import "github.com/docker/docker/daemon/config"
import (
"fmt"
"net"
"os/exec"
"path/filepath"
"github.com/containerd/cgroups"
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/opts"
"github.com/docker/docker/pkg/homedir"
"github.com/docker/docker/rootless"
units "github.com/docker/go-units"
"github.com/pkg/errors"
)
const (
@ -161,3 +167,47 @@ func (conf *Config) ValidatePlatformConfig() error {
func (conf *Config) IsRootless() bool {
return conf.Rootless
}
func setPlatformDefaults(cfg *Config) error {
cfg.Ulimits = make(map[string]*units.Ulimit)
cfg.ShmSize = opts.MemBytes(DefaultShmSize)
cfg.SeccompProfile = SeccompProfileDefault
cfg.IpcMode = string(DefaultIpcMode)
cfg.Runtimes = make(map[string]types.Runtime)
if cgroups.Mode() != cgroups.Unified {
cfg.CgroupNamespaceMode = string(DefaultCgroupV1NamespaceMode)
} else {
cfg.CgroupNamespaceMode = string(DefaultCgroupNamespaceMode)
}
if rootless.RunningWithRootlessKit() {
cfg.Rootless = true
var err error
// use rootlesskit-docker-proxy for exposing the ports in RootlessKit netns to the initial namespace.
cfg.BridgeConfig.UserlandProxyPath, err = exec.LookPath(rootless.RootlessKitDockerProxyBinary)
if err != nil {
return errors.Wrapf(err, "running with RootlessKit, but %s not installed", rootless.RootlessKitDockerProxyBinary)
}
dataHome, err := homedir.GetDataHome()
if err != nil {
return err
}
runtimeDir, err := homedir.GetRuntimeDir()
if err != nil {
return err
}
cfg.Root = filepath.Join(dataHome, "docker")
cfg.ExecRoot = filepath.Join(runtimeDir, "docker")
cfg.Pidfile = filepath.Join(runtimeDir, "docker.pid")
} else {
cfg.Root = "/var/lib/docker"
cfg.ExecRoot = "/var/run/docker"
cfg.Pidfile = "/var/run/docker.pid"
}
return nil
}

View file

@ -69,7 +69,8 @@ func TestDaemonConfigurationMerge(t *testing.T) {
file := fs.NewFile(t, "docker-config", fs.WithContent(configFileData))
defer file.Remove()
conf := New()
conf, err := New()
assert.NilError(t, err)
flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
flags.BoolVarP(&conf.Debug, "debug", "D", false, "")

View file

@ -338,13 +338,14 @@ func TestValidateConfigurationErrors(t *testing.T) {
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
cfg := New()
cfg, err := New()
assert.NilError(t, err)
if tc.field != "" {
assert.Check(t, mergo.Merge(cfg, tc.config, mergo.WithOverride, withForceOverwrite(tc.field)))
} else {
assert.Check(t, mergo.Merge(cfg, tc.config, mergo.WithOverride))
}
err := Validate(cfg)
err = Validate(cfg)
assert.Error(t, err, tc.expectedErr)
})
}
@ -481,12 +482,13 @@ func TestValidateConfiguration(t *testing.T) {
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
// Start with a config with all defaults set, so that we only
cfg := New()
cfg, err := New()
assert.NilError(t, err)
assert.Check(t, mergo.Merge(cfg, tc.config, mergo.WithOverride))
// Check that the override happened :)
assert.Check(t, is.DeepEqual(cfg, tc.config, field(tc.field)))
err := Validate(cfg)
err = Validate(cfg)
assert.NilError(t, err)
})
}

View file

@ -1,6 +1,9 @@
package config // import "github.com/docker/docker/daemon/config"
import (
"os"
"path/filepath"
"github.com/docker/docker/api/types"
)
@ -62,3 +65,10 @@ func (conf *Config) ValidatePlatformConfig() error {
func (conf *Config) IsRootless() bool {
return false
}
func setPlatformDefaults(cfg *Config) error {
cfg.Root = filepath.Join(os.Getenv("programdata"), "docker")
cfg.ExecRoot = filepath.Join(os.Getenv("programdata"), "docker", "exec-root")
cfg.Pidfile = filepath.Join(cfg.Root, "docker.pid")
return nil
}

View file

@ -23,7 +23,8 @@ func TestDaemonConfigurationMerge(t *testing.T) {
f.Close()
conf := New()
conf, err := New()
assert.NilError(t, err)
flags := pflag.NewFlagSet("test", pflag.ContinueOnError)
flags.BoolVarP(&conf.Debug, "debug", "D", false, "")

View file

@ -24,7 +24,10 @@ func TestGetRuntime(t *testing.T) {
const configuredRtName = "my/custom.shim.v1"
configuredRuntime := types.Runtime{Path: "/bin/true"}
d := &Daemon{configStore: config.New()}
cfg, err := config.New()
assert.NilError(t, err)
d := &Daemon{configStore: cfg}
d.configStore.Root = t.TempDir()
assert.Assert(t, os.Mkdir(filepath.Join(d.configStore.Root, "runtimes"), 0700))
d.configStore.Runtimes = map[string]types.Runtime{