Commit graph

47 commits

Author SHA1 Message Date
Akihiro Suda
4d4848ab68 zfs: call mount.MakePrivate
Fix #24008

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
(cherry picked from commit 5ec8441bb5)
2016-06-30 17:12:45 -07:00
Brian Goff
d85491ff4b Merge pull request #21946 from chosenken/add_disk_quota_to_zfs
Add support for setting storage size on ZFS containers
2016-06-07 22:18:25 -04:00
allencloud
c1be45fa38 fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-06-02 17:17:22 +08:00
Vincent Demeester
86a7632d63 Merge pull request #22091 from amitkris/build_solaris
Get the Docker Engine to build clean on Solaris
2016-05-24 21:41:36 +02:00
Michael Crosby
8bb4d31b10 Remove mountedLayer Mount and Unmount
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-23 16:52:58 -07:00
Amit Krishnan
86d8758e2b Get the Docker Engine to build clean on Solaris
Signed-off-by: Amit Krishnan <krish.amit@gmail.com>
2016-05-23 16:37:12 -07:00
Michael Crosby
1ba05cdb6a Add fast path for fsmagic supported drivers
For things that we can check if they are mounted by using their fsmagic
we should use that and for others do it the slow way.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-23 15:57:23 -07:00
Michael Crosby
009ee16bef Restore ref count
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-05-23 15:57:23 -07:00
Ken Herner
04b4e3e6d8 Add test to ZFS for disk quota
Signed-off-by: Ken Herner <kherner@progress.com>
2016-05-19 14:49:04 -04:00
Ken Herner
373654f43e Add error check after parseStorageOpt
Signed-off-by: Ken Herner <kherner@progress.com>
2016-05-19 14:49:04 -04:00
Ken Herner
e918340431 Add support for setting storage size on zfs containers
Now supports setting a containers storage size when using zfs as the
storage engine.  By passing in `--storage-opt size=<size>`, the created
container's storage size will be limited to the given size.  Note that
the way zfs works, the given specified storage size will be given in
addition to the base container size.

Example:

The node image reports a size of `671M` from `df -h` when started.
Setting `--storage-opt size=2G` will result in a drive the size of
`671M` + `2G`, `2.7G` in total.  Available space will be `2.0G`.

The storage size is achieved by setting the zfs option `quota` to the
given size on the zfs volume.

Signed-off-by: Ken Herner <kherner@progress.com>
2016-05-19 14:49:04 -04:00
Brian Goff
7342060b07 Add refcounts to graphdrivers that use fsdiff
This makes sure fsdiff doesn't try to unmount things that shouldn't be.

**Note**: This is intended as a temporary solution to have as minor a
change as possible for 1.11.1. A bigger change will be required in order
to support container re-attach.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-04-21 12:19:57 -04:00
Stefan J. Wernli
ef5bfad321 Adding readOnly parameter to graphdriver Create method
Since the layer store was introduced, the level above the graphdriver
now differentiates between read/write and read-only layers.  This
distinction is useful for graphdrivers that need to take special steps
when creating a layer based on whether it is read-only or not.
Adding this parameter allows the graphdrivers to differentiate, which
in the case of the Windows graphdriver, removes our dependence on parsing
the id of the parent for "-init" in order to infer this information.

This will also set the stage for unblocking some of the layer store
unit tests in the next preview build of Windows.

Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2016-04-06 13:52:53 -07:00
Shishir Mahajan
b16decfccf CLI flag for docker create(run) to change block device size.
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
2016-03-28 10:05:18 -04:00
Brian Goff
65d79e3e5e Move layer mount refcounts to mountedLayer
Instead of implementing refcounts at each graphdriver, implement this in
the layer package which is what the engine actually interacts with now.
This means interacting directly with the graphdriver is no longer
explicitly safe with regard to Get/Put calls being refcounted.

In addition, with the containerd, layers may still be mounted after
a daemon restart since we will no longer explicitly kill containers when
we shutdown or startup engine.
Because of this ref counts would need to be repopulated.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-03-23 14:42:52 -07:00
Tonis Tiigi
e91de9fb9d Revert "Move layer mount refcounts to mountedLayer"
This reverts commit 563d0711f8.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-03-23 00:33:02 -07:00
Brian Goff
563d0711f8 Move layer mount refcounts to mountedLayer
Instead of implementing refcounts at each graphdriver, implement this in
the layer package which is what the engine actually interacts with now.
This means interacting directly with the graphdriver is no longer
explicitly safe with regard to Get/Put calls being refcounted.

In addition, with the containerd, layers may still be mounted after
a daemon restart since we will no longer explicitly kill containers when
we shutdown or startup engine.
Because of this ref counts would need to be repopulated.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-03-22 11:36:28 -04:00
Phil Estes
922986b76e Add proper refcounting to zfs graphdriver
Fixes issues with layer remounting (e.g. a running container which then
has `docker cp` used to copy files in or out) by applying the same
refcounting implementation that exists in other graphdrivers like
overlay and aufs.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2016-02-11 01:00:54 -05:00
Phil Estes
aef0995b02 Fix ZFS permissions bug with user namespaces
Fix root directory of the mountpoint being owned by real root. This is
unique to ZFS because of the way file mountpoints are created using the
ZFS tooling, and the remapping that happens at layer unpack doesn't
impact this root (already created) holding directory for the layer.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2016-02-05 14:37:33 -05:00
Antonio Murdaca
baba1a8493 reorder imports with goimports
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-16 16:50:25 +01:00
Justas Brazauskas
927b334ebf Fix typos found across repository
Signed-off-by: Justas Brazauskas <brazauskasjustas@gmail.com>
2015-12-13 18:04:12 +02:00
Dan Walsh
1716d497a4 Relabel BTRFS Content on container Creation
This change will allow us to run SELinux in a container with
BTRFS back end.  We continue to work on fixing the kernel/BTRFS
but this change will allow SELinux Security separation on BTRFS.

It basically relabels the content on container creation.

Just relabling -init directory in BTRFS use case. Everything looks like it
works. I don't believe tar/achive stores the SELinux labels, so we are good
as far as docker commit.

Tested Speed on startup with BTRFS on top of loopback directory. BTRFS
not on loopback should get even better perfomance on startup time.  The
more inodes inside of the container image will increase the relabel time.

This patch will give people who care more about security the option of
runnin BTRFS with SELinux.  Those who don't want to take the slow down
can disable SELinux either in individual containers or for all containers
by continuing to disable SELinux in the daemon.

Without relabel:

> time docker run --security-opt label:disable fedora echo test
test

real    0m0.918s
user    0m0.009s
sys    0m0.026s

With Relabel

test

real    0m1.942s
user    0m0.007s
sys    0m0.030s

Signed-off-by: Dan Walsh <dwalsh@redhat.com>

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2015-11-11 14:49:27 -05:00
Phil Estes
442b45628e Add user namespace (mapping) support to the Docker engine
Adds support for the daemon to handle user namespace maps as a
per-daemon setting.

Support for handling uid/gid mapping is added to the builder,
archive/unarchive packages and functions, all graphdrivers (except
Windows), and the test suite is updated to handle user namespace daemon
rootgraph changes.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-10-09 17:47:37 -04:00
Chun Chen
2458452a3b Try to resize data and metadata loopback file when initiating devicemapper
Signed-off-by: Chun Chen <ramichen@tencent.com>
2015-09-24 09:31:00 +08:00
Kir Kolyshkin
15a232fd06 graphdriver/zfs: fix GetMetadata() comment
Commit e27c904 added a wrong and misleading comment
to GetMetadata(). Fix it using the wording from
commit 407a626 which introduced GetMetadata().

Signed-off-by: Kir Kolyshkin <kir@openvz.org>
2015-08-11 18:16:11 -07:00
Kir Kolyshkin
f5f7fee2ec graphdriver/zfs: privatize mountPath and zfsPath
These functions are not part of the graphdriver.Driver
interface and should therefore be private.

Also, remove comments added by commit e27c904 as they are
* pretty obvious
* no longer required by golint

Signed-off-by: Kir Kolyshkin <kir@openvz.org>
2015-08-11 18:16:08 -07:00
Srini Brahmaroutu
e27c904b99 daemon/graphdriver/zfs fix lint errrors/warnings
Addresses #14756
Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
2015-08-04 18:30:55 +00:00
Kir Kolyshkin
a83a769347 Simplify and fix os.MkdirAll() usage
TL;DR: check for IsExist(err) after a failed MkdirAll() is both
redundant and wrong -- so two reasons to remove it.

Quoting MkdirAll documentation:

> MkdirAll creates a directory named path, along with any necessary
> parents, and returns nil, or else returns an error. If path
> is already a directory, MkdirAll does nothing and returns nil.

This means two things:

1. If a directory to be created already exists, no error is returned.

2. If the error returned is IsExist (EEXIST), it means there exists
a non-directory with the same name as MkdirAll need to use for
directory. Example: we want to MkdirAll("a/b"), but file "a"
(or "a/b") already exists, so MkdirAll fails.

The above is a theory, based on quoted documentation and my UNIX
knowledge.

3. In practice, though, current MkdirAll implementation [1] returns
ENOTDIR in most of cases described in #2, with the exception when
there is a race between MkdirAll and someone else creating the
last component of MkdirAll argument as a file. In this very case
MkdirAll() will indeed return EEXIST.

Because of #1, IsExist check after MkdirAll is not needed.

Because of #2 and #3, ignoring IsExist error is just plain wrong,
as directory we require is not created. It's cleaner to report
the error now.

Note this error is all over the tree, I guess due to copy-paste,
or trying to follow the same usage pattern as for Mkdir(),
or some not quite correct examples on the Internet.

[v2: a separate aufs commit is merged into this one]

[1] https://github.com/golang/go/blob/f9ed2f75/src/os/path.go

Signed-off-by: Kir Kolyshkin <kir@openvz.org>
2015-07-30 11:48:08 -07:00
Jessie Frazelle
75f8bdd970 Merge pull request #13542 from kvasdopil/freebsd-work
Make docker build on FreeBSD
2015-07-29 15:15:37 -07:00
Alexey Guskov
26c03d561a make docker compile on freebsd
Signed-off-by: Alexey Guskov <lexag@mail.ru>
2015-07-29 21:25:56 +03:00
John Howard
2bf73c4b1a Fix log to logrus
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-29 09:58:07 -07:00
Flavio Castelli
f95b3a6b6a ZFS driver: raise better errors during init
The ZFS driver should raise proper errors when the ZFS utility is
missing or when there's no zfs partition active on the system. Raising the
proper errors make possible to silently ignore the ZFS storage
driver when no default storage driver is specified.

Previous to this commit it was no longer possible to start the
docker daemon in that way:

  docker -d --storage-opt dm.loopdatasize=2GB

The above command resulted in an exit error because the ZFS driver
tried to use the storage options.

Signed-off-by: Flavio Castelli <fcastelli@suse.com>
2015-07-20 15:24:48 +02:00
Alexander Morozov
c86189d554 Update libcontainer
Replaced github.com/docker/libcontainer with
github.com/opencontainers/runc/libcontaier.
Also I moved AppArmor profile generation to docker.

Main idea of this update is to fix mounting cgroups inside containers.
After updating docker on CI we can even remove dind.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-07-16 16:02:26 -07:00
Vivek Goyal
407a626be6 docker-inspect: Extend docker inspect to export image/container metadata related to graph driver
Export image/container metadata stored in graph driver. Right now 3 fields
DeviceId, DeviceSize and DeviceName are being exported from devicemapper.
Other graph drivers can export fields as they see fit.

This data can be used to mount the thin device outside of docker and tools
can look into image/container and do some kind of inspection.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2015-06-15 14:05:10 -04:00
Jörg Thalheim
19c31a703f zfs: correctly apply selinux context
fixes #13858

Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
2015-06-11 11:11:37 +02:00
mapk0y
416e855e9b fix typo.
Signed-off-by: mapk0y <mapk0y@gmail.com>
2015-06-10 06:26:07 +09:00
Alexey Guskov
112b7e6546 avoid 88-chars mountpoint length limit on freebsd
Signed-off-by: Alexey Guskov <lexag@mail.ru>
2015-05-29 16:33:04 +03:00
Alexey Guskov
36bf6e4440 zfs magicnumber check on freebsd is fixed
Signed-off-by: Alexey Guskov <lexag@mail.ru>
2015-05-28 18:38:08 +03:00
John Howard
35cdcbb323 Windows: No ZFS graphdriver
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-05-14 15:57:45 -07:00
Jörg Thalheim
2cb23527e4 zfs: update filesystem cache on filesystem creation/deletion
Previously the cache was only updated once on startup, because the graph
code only check for filesystems on startup. However this breaks the API as it
was supposed and so unit tests.

Fixes #13142

Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
2015-05-12 13:06:41 +02:00
Jörg Thalheim
bad25ccf97 zfs: retrieve all filesystems on startup at once
The docker graph call driver.Exists() on initialisation for each filesystem in
the graph. This results will results in a lot `zfs get all` commands. To reduce
this, retrieve all descend filesystem at startup and cache it for later checks

Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
2015-05-08 17:49:39 +02:00
Jörg Thalheim
11e9167a6b zfs: improve performance by using legacy mounts
instead of let zfs automaticly mount datasets, mount them on demand using mount(2).
This speed up this graph driver in 2 ways:
- less zfs processes needed to start a container
- /proc/mounts get smaller, so zfs userspace tools has less to read (which can
  a significant amount of data as the number of layer grows)

This ways it can be also ensured that the correct mountpoint is always used.

Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
2015-05-08 17:49:39 +02:00
Jörg Thalheim
ee00f07ea6 zfs: replace c for /proc/mounts parsing with go
Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
2015-05-08 17:49:39 +02:00
Jörg Thalheim
dd614b5e34 zfs: refactor error handling
thanks to @calavera

Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
2015-05-08 17:48:20 +02:00
Jörg Thalheim
a25195d86c zfs: add myself to MAINTAINERS
Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
2015-05-08 17:48:20 +02:00
Jörg Thalheim
bacecabf3b zfs: revert to NaiveGraphDriver for the moment
Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
2015-05-08 17:48:20 +02:00
Jörg Thalheim
d5151ca8ab Implement Docker on ZFS
Signed-off-by: Arthur Gautier <baloo@gandi.net>
Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
2015-05-08 17:48:20 +02:00