Commit graph

287 commits

Author SHA1 Message Date
Sebastiaan van Stijn
cdbca4061b
gofmt GoDoc comments with go1.19
Older versions of Go don't format comments, so committing this as
a separate commit, so that we can already make these changes before
we upgrade to Go 1.19.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 52c1a2fae8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-13 22:42:29 +02:00
Drew Erny
240a9fcb83
Add Swarm cluster volume supports
Adds code to support Cluster Volumes in Swarm using CSI drivers.

Signed-off-by: Drew Erny <derny@mirantis.com>
2022-05-13 00:55:44 +02:00
Sebastiaan van Stijn
521807837b
plugin: Executor.Signal() accept syscall.Signal
This helps reducing some type-juggling / conversions further up
the stack.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-05 00:53:55 +02:00
Sebastiaan van Stijn
2ec2b65e45
libcontainerd: SignalProcess(): accept syscall.Signal
This helps reducing some type-juggling / conversions further up
the stack.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-05 00:53:49 +02:00
Sebastiaan van Stijn
a189651b4c
Merge pull request #43358 from thaJeztah/plugin_EndpointResolver
plugin: add EndpointResolver interface
2022-04-21 20:49:56 +02:00
Sebastiaan van Stijn
690a6fddf9
daemon: move default namespaces to daemon/config
Keeping the defaults in a single location, which also reduces
the list of imports needed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-17 13:10:57 +02:00
Sebastiaan van Stijn
bdb878ab2c
filters: lowercase error
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-18 09:44:53 +01:00
Sebastiaan van Stijn
f9f549cbe4
plugin: add EndpointResolver interface
This defines the interface that the package expects in order to lookup
pull endpoints, instead of requiring the whole registry.Service interface.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-11 18:28:55 +01:00
Sebastiaan van Stijn
61599d0a4d
plugin: remove unused pluginRegistryService
It wrapped the regular registry service, but the ResolveRepository() function
was not called anywhere.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-11 18:26:27 +01:00
Sebastiaan van Stijn
a0230f3d9a
remove unneeded "digest" alias for "go-digest"
I think this was there for historic reasons (may have been goimports expected
this, and we used to have a linter that wanted it), but it's not needed, so
let's remove it (to make my IDE less complaining about unneeded aliases).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-04 14:49:42 +01:00
Sebastiaan van Stijn
25ee00c494
pkg/system: move EnsureRemoveAll() to pkg/containerfs
pkg/system historically has been a bit of a kitchen-sink of things that were
somewhat "system" related, but didn't have a good place for. EnsureRemoveAll()
is one of those utilities. EnsureRemoveAll() is used to both unmount and remove
a path, for which it depends on both github.com/moby/sys/mount, which in turn
depends on github.com/moby/sys/mountinfo.

pkg/system is imported in the CLI, but neither EnsureRemoveAll(), nor any of its
moby/sys dependencies are used on the client side, so let's move this function
somewhere else, to remove those dependencies from the CLI.

I looked for plausible locations that were related; it's used in:

- daemon
- daemon/graphdriver/XXX/
- plugin

I considered moving it into a (e.g.) "utils" package within graphdriver (but not
a huge fan of "utils" packages), and given that it felt (mostly) related to
cleaning up container filesystems, I decided to move it there.

Some things to follow-up on after this:

- Verify if this function is still needed (it feels a bit like a big hammer in
  a "YOLO, let's try some things just in case it fails")
- Perhaps it should be integrated in `containerfs.Remove()` (so that it's used
  automatically)
- Look if there's other implementations (and if they should be consolidated),
  although (e.g.) the one in containerd is a copy of ours:
  https://github.com/containerd/containerd/blob/v1.5.9/pkg/cri/server/helpers_linux.go#L200

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-03 00:22:26 +01:00
Eng Zer Jun
c55a4ac779
refactor: move from io/ioutil to io and os package
The io/ioutil package has been deprecated in Go 1.16. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2021-08-27 14:56:57 +08:00
Sebastiaan van Stijn
686be57d0a
Update to Go 1.17.0, and gofmt with Go 1.17
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-24 23:33:27 +02:00
Sebastiaan van Stijn
dd1374f7b2
if-return: redundant if ...; err != nil check (revive)
builder/builder-next/adapters/snapshot/snapshot.go:386:3: if-return: redundant if ...; err != nil check, just return error instead. (revive)
            if err := b.Put(keyIsCommitted, []byte{}); err != nil {
                return err
            }

    plugin/fetch_linux.go:112:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
        if err := images.Dispatch(ctx, images.Handlers(handlers...), nil, desc); err != nil {
            return err
        }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-10 13:03:40 +02:00
Sebastiaan van Stijn
d13997b4ba
gosec: G601: Implicit memory aliasing in for loop
plugin/v2/plugin.go:141:50: G601: Implicit memory aliasing in for loop. (gosec)
                    updateSettingsEnv(&p.PluginObj.Settings.Env, &s)
                                                                 ^
    libcontainerd/remote/client.go:572:13: G601: Implicit memory aliasing in for loop. (gosec)
                cpDesc = &m
                         ^
    distribution/push_v2.go:400:34: G601: Implicit memory aliasing in for loop. (gosec)
                (metadata.CheckV2MetadataHMAC(&mountCandidate, pd.hmacKey) ||
                                              ^
    builder/dockerfile/builder.go:261:84: G601: Implicit memory aliasing in for loop. (gosec)
            currentCommandIndex = printCommand(b.Stdout, currentCommandIndex, totalCommands, &meta)
                                                                                             ^
    builder/dockerfile/builder.go:278:46: G601: Implicit memory aliasing in for loop. (gosec)
            if err := initializeStage(dispatchRequest, &stage); err != nil {
                                                       ^
    daemon/container.go:283:40: G601: Implicit memory aliasing in for loop. (gosec)
            if err := parser.ValidateMountConfig(&cfg); err != nil {
                                                 ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-10 13:03:29 +02:00
Sebastiaan van Stijn
7c1c123555
vendor: github.com/containerd/containerd v1.5.2
full diff: 19ee068f93...v1.5.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-04 16:32:37 +02:00
Brian Goff
a876ede24f Use docker media type for plugin layers
This was changed as part of a refactor to use containerd dist code. The
problem is the OCI media types are not compatible with older versions of
Docker.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2021-04-05 21:46:53 +00:00
Akihiro Suda
22d7812836
Merge pull request #41485 from thaJeztah/remove_dead_arg 2021-02-27 22:25:00 +09:00
Arnaud Rebillout
e8648fa19f plugin/manager_linux_test: Skip privileged tests when non-root
This test fail when run by a non-root user

  === CONT  TestPluginAlreadyRunningOnStartup
  === RUN   TestPluginAlreadyRunningOnStartup/live-restore-disabled
  === PAUSE TestPluginAlreadyRunningOnStartup/live-restore-disabled
  === RUN   TestPluginAlreadyRunningOnStartup/live-restore-enabled
  === PAUSE TestPluginAlreadyRunningOnStartup/live-restore-enabled
  === CONT  TestPluginAlreadyRunningOnStartup/live-restore-disabled
  === CONT  TestPluginAlreadyRunningOnStartup/live-restore-enabled
  time="2020-12-15T02:23:03Z" level=error msg="failed to enable plugin" error="chown /tmp/TestPluginAlreadyRunningOnStartup898689032/live-restore-disabled/manager/b6106d4d8937398ec8ec5e7092897ca4dd2eab6aa8043640095ef92b860b1417/rootfs/dev: operation not permitted" id=b6106d4d8937398ec8ec5e7092897ca4dd2eab6aa8043640095ef92b860b1417
  === CONT  TestPluginAlreadyRunningOnStartup/live-restore-disabled
      manager_linux_test.go:250: plugin client should not be nil
  panic: test timed out after 10m0s

  goroutine 41 [running]:
  testing.(*M).startAlarm.func1()
	  /usr/lib/go-1.15/src/testing/testing.go:1618 +0xe5
  created by time.goFunc
	  /usr/lib/go-1.15/src/time/sleep.go:167 +0x45

  goroutine 1 [chan receive, 9 minutes]:
  testing.tRunner.func1(0xc000001500)
	  /usr/lib/go-1.15/src/testing/testing.go:1088 +0x24d
  testing.tRunner(0xc000001500, 0xc0001dfde0)
	  /usr/lib/go-1.15/src/testing/testing.go:1127 +0x125
  testing.runTests(0xc00000e2c0, 0xeade80, 0xa, 0xa, 0xbfee25f7d50c4ace, 0x8bb30f7348, 0xebb2c0, 0x40f710)
	  /usr/lib/go-1.15/src/testing/testing.go:1437 +0x2fe
  testing.(*M).Run(0xc000394100, 0x0)
	  /usr/lib/go-1.15/src/testing/testing.go:1345 +0x1eb
  main.main()
	  _testmain.go:61 +0x138

  goroutine 11 [chan receive, 9 minutes]:
  testing.tRunner.func1(0xc000412180)
	  /usr/lib/go-1.15/src/testing/testing.go:1088 +0x24d
  testing.tRunner(0xc000412180, 0xad9b38)
	  /usr/lib/go-1.15/src/testing/testing.go:1127 +0x125
  created by testing.(*T).Run
	  /usr/lib/go-1.15/src/testing/testing.go:1168 +0x2b3

  goroutine 16 [chan receive, 9 minutes]:
  testing.runTests.func1.1(0xc000001500)
	  /usr/lib/go-1.15/src/testing/testing.go:1444 +0x3b
  created by testing.runTests.func1
	  /usr/lib/go-1.15/src/testing/testing.go:1444 +0xac

  goroutine 34 [chan send, 9 minutes]:
  github.com/docker/docker/plugin.(*executorWithRunning).Signal(0xc0003e31e0, 0xc0000317c0, 0x40, 0xf, 0x3f, 0x3f)
	  /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux_test.go:171 +0x73
  github.com/docker/docker/plugin.shutdownPlugin(0xc0003e6840, 0xc000096360, 0xb6dfc0, 0xc0003e31e0)
	  /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux.go:157 +0x8a
  github.com/docker/docker/plugin.(*Manager).Shutdown(0xc0003e80c0)
	  /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux.go:211 +0x1a7
  runtime.Goexit()
	  /usr/lib/go-1.15/src/runtime/panic.go:617 +0x1e5
  testing.(*common).FailNow(0xc000412a80)
	  /usr/lib/go-1.15/src/testing/testing.go:732 +0x3c
  testing.(*common).Fatal(0xc000412a80, 0xc00015ddc8, 0x1, 0x1)
	  /usr/lib/go-1.15/src/testing/testing.go:800 +0x78
  github.com/docker/docker/plugin.TestPluginAlreadyRunningOnStartup.func3(0xc000412a80)
	  /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux_test.go:250 +0x919
  testing.tRunner(0xc000412a80, 0xc0003e4f90)
	  /usr/lib/go-1.15/src/testing/testing.go:1123 +0xef
  created by testing.(*T).Run
	  /usr/lib/go-1.15/src/testing/testing.go:1168 +0x2b3

  goroutine 35 [chan send, 9 minutes]:
  testing.tRunner.func1(0xc000412d80)
	  /usr/lib/go-1.15/src/testing/testing.go:1113 +0x373
  testing.tRunner(0xc000412d80, 0xc0003e4fc0)
	  /usr/lib/go-1.15/src/testing/testing.go:1127 +0x125
  created by testing.(*T).Run
	  /usr/lib/go-1.15/src/testing/testing.go:1168 +0x2b3

  goroutine 50 [IO wait, 9 minutes]:
  internal/poll.runtime_pollWait(0x7f7b26d75e70, 0x72, 0x0)
	  /usr/lib/go-1.15/src/runtime/netpoll.go:222 +0x55
  internal/poll.(*pollDesc).wait(0xc000518018, 0x72, 0x0, 0x0, 0xab05ec)
	  /usr/lib/go-1.15/src/internal/poll/fd_poll_runtime.go:87 +0x45
  internal/poll.(*pollDesc).waitRead(...)
	  /usr/lib/go-1.15/src/internal/poll/fd_poll_runtime.go:92
  internal/poll.(*FD).Accept(0xc000518000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
	  /usr/lib/go-1.15/src/internal/poll/fd_unix.go:394 +0x1fc
  net.(*netFD).accept(0xc000518000, 0x64298f, 0xc000394080, 0x0)
	  /usr/lib/go-1.15/src/net/fd_unix.go:172 +0x45
  net.(*UnixListener).accept(0xc00050c0f0, 0xc000394080, 0x0, 0x0)
	  /usr/lib/go-1.15/src/net/unixsock_posix.go:162 +0x32
  net.(*UnixListener).Accept(0xc00050c0f0, 0x0, 0x0, 0x0, 0x0)
	  /usr/lib/go-1.15/src/net/unixsock.go:260 +0x65
  github.com/docker/docker/plugin.listenTestPlugin.func1(0xb6be00, 0xc00050c0f0)
	  /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux_test.go:266 +0x3d
  created by github.com/docker/docker/plugin.listenTestPlugin
	  /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux_test.go:264 +0x105

  goroutine 51 [chan receive, 9 minutes]:
  github.com/docker/docker/plugin.listenTestPlugin.func2(0xc000516000, 0xb6be00, 0xc00050c0f0, 0xc000514000, 0x65)
	  /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux_test.go:274 +0x34
  created by github.com/docker/docker/plugin.listenTestPlugin
	  /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux_test.go:273 +0x14f
  FAIL	github.com/docker/docker/plugin	600.013s

Signed-off-by: Arnaud Rebillout <elboulangero@gmail.com>
2020-12-15 09:48:06 +07:00
Sebastiaan van Stijn
182795cff6
Do not call mount.RecursiveUnmount() on Windows
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-29 23:00:16 +01:00
Sebastiaan van Stijn
768ba77d37
plugin.Manager.setupNewPlugin() remove unused blobsums argument
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-30 00:55:32 +02:00
Sebastiaan van Stijn
7335167340
Remove redundant "os.IsNotExist" checks on os.RemoveAll()
`os.RemoveAll()` should never return this error. From the docs:

> If the path does not exist, RemoveAll returns nil (no error).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-23 10:30:53 +02:00
Tibor Vass
0f41a77c69
Merge pull request #41207 from thaJeztah/remove_whitelist
Remove some outdated terminology where possible
2020-07-28 14:10:27 +02:00
Sebastiaan van Stijn
3895dd585f
Replace uses of blacklist/whitelist
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-14 10:41:34 +02:00
Brian Goff
f63f73a4a8 Configure shims from runtime config
In dockerd we already have a concept of a "runtime", which specifies the
OCI runtime to use (e.g. runc).
This PR extends that config to add containerd shim configuration.
This option is only exposed within the daemon itself (cannot be
configured in daemon.json).
This is due to issues in supporting unknown shims which will require
more design work.

What this change allows us to do is keep all the runtime config in one
place.

So the default "runc" runtime will just have it's already existing shim
config codified within the runtime config alone.
I've also added 2 more "stock" runtimes which are basically runc+shimv1
and runc+shimv2.
These new runtime configurations are:

- io.containerd.runtime.v1.linux - runc + v1 shim using the V1 shim API
- io.containerd.runc.v2 - runc + shim v2

These names coincide with the actual names of the containerd shims.

This allows the user to essentially control what shim is going to be
used by either specifying these as a `--runtime` on container create or
by setting `--default-runtime` on the daemon.

For custom/user-specified runtimes, the default shim config (currently
shim v1) is used.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-07-13 14:18:02 -07:00
Sebastiaan van Stijn
8e2e2bdb9b
Merge pull request #40867 from BurtonQin/double-lock
plugin: Add No-Lock version of resolvePluginID to fix double Rlock
2020-05-15 18:07:39 +02:00
BurtonQin
a36db14ce0 plugin: remove Rlock in resolvePluginID to fix double Rlock
Signed-off-by: BurtonQin <bobbqqin@gmail.com>
2020-05-15 09:13:37 -04:00
Sebastiaan van Stijn
07d60bc257
Replace errors.Cause() with errors.Is() / errors.As()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-29 00:28:41 +02:00
Brian Goff
d7ba1f85ef Use containerd dist libs for plugin pull/pull
This removes the use of the old distribution code in the plugin packages
and replaces it with containerd libraries for plugin pushes and pulls.

Additionally it uses a content store from containerd which seems like
it's compatible with the old "basicBlobStore" in the plugin package.
This is being used locally isntead of through the containerd client for
now.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-04-02 15:03:06 -07:00
Kir Kolyshkin
39048cf656 Really switch to moby/sys/mount*
Switch to moby/sys/mount and mountinfo. Keep the pkg/mount for potential
outside users.

This commit was generated by the following bash script:

```
set -e -u -o pipefail

for file in $(git grep -l 'docker/docker/pkg/mount"' | grep -v ^pkg/mount); do
	sed -i -e 's#/docker/docker/pkg/mount"#/moby/sys/mount"#' \
		-e 's#mount\.\(GetMounts\|Mounted\|Info\|[A-Za-z]*Filter\)#mountinfo.\1#g' \
		$file
	goimports -w $file
done
```

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-20 09:46:25 -07:00
Ziheng Liu
34837febc4 plugin: fix a double RLock bug
Signed-off-by: Ziheng Liu <lzhfromustc@gmail.com>
2020-02-25 13:51:27 -05:00
Sebastiaan van Stijn
9f0b3f5609
bump gotest.tools v3.0.1 for compatibility with Go 1.14
full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-11 00:06:42 +01:00
Akihiro Suda
612343618d cgroup2: use shim V2
* Requires containerd binaries from containerd/containerd#3799 . Metrics are unimplemented yet.
* Works with crun v0.10.4, but `--security-opt seccomp=unconfined` is needed unless using master version of libseccomp
  ( containers/crun#156, seccomp/libseccomp#177 )
* Doesn't work with master runc yet
* Resource limitations are unimplemented

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-01-01 02:58:40 +09:00
Kir Kolyshkin
7b85ed613d
plugin/setupNewPlugin: rm dead code
> plugin/manager_linux.go:285:9: nilness: impossible condition: nil != nil (govet)
>	if err != nil {
>	       ^

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2019-09-18 12:57:27 +02:00
Sebastiaan van Stijn
07ff4f1de8
goimports: fix imports
Format the source according to latest goimports.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-18 12:56:54 +02:00
Brian Goff
24ad2f486d Add (hidden) flags to set containerd namespaces
This allows our tests, which all share a containerd instance, to be a
bit more isolated by setting the containerd namespaces to the generated
daemon ID's rather than the default namespaces.

This came about because I found in some cases we had test daemons
failing to start (really very slow to start) because it was (seemingly)
processing events from other tests.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2019-07-11 17:27:48 -07:00
Michael Crosby
fb459f6671
Merge pull request #38441 from sirlatrom/swarm_plugin_env
Allow specifying environment variables when installing an engine plugin as a Swarm service
2019-07-08 15:26:55 -04:00
Sebastiaan van Stijn
e511b3be89
Merge pull request #39336 from justincormack/entropy-cannot-be-saved
Entropy cannot be saved
2019-06-11 18:40:19 +02:00
Sebastiaan van Stijn
c85fe2d224
Merge pull request #38522 from cpuguy83/fix_timers
Make sure timers are stopped after use.
2019-06-07 13:16:46 +02:00
Justin Cormack
2df693e533
Entropy cannot be saved
Remove non cryptographic randomness.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2019-06-07 11:54:45 +01:00
Sune Keller
fca5ee3bd5 Support environment vars in Swarm plugins services
Allow specifying environment variables when installing an engine plugin
as a Swarm service. Invalid environment variable entries (without an
equals (`=`) char) will be ignored.

Signed-off-by: Sune Keller <absukl@almbrand.dk>
2019-04-07 09:48:19 +02:00
Michael Crosby
b9b5dc37e3 Remove inmemory container map
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2019-04-05 15:48:07 -04:00
Michael Crosby
45e328b0ac Remove libcontainerd status type
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2019-04-04 15:17:13 -04:00
John Howard
85ad4b16c1 Windows: Experimental: Allow containerd for runtime
Signed-off-by: John Howard <jhoward@microsoft.com>

This is the first step in refactoring moby (dockerd) to use containerd on Windows.
Similar to the current model in Linux, this adds the option to enable it for runtime.
It does not switch the graphdriver to containerd snapshotters.

 - Refactors libcontainerd to a series of subpackages so that either a
  "local" containerd (1) or a "remote" (2) containerd can be loaded as opposed
  to conditional compile as "local" for Windows and "remote" for Linux.

 - Updates libcontainerd such that Windows has an option to allow the use of a
   "remote" containerd. Here, it communicates over a named pipe using GRPC.
   This is currently guarded behind the experimental flag, an environment variable,
   and the providing of a pipename to connect to containerd.

 - Infrastructure pieces such as under pkg/system to have helper functions for
   determining whether containerd is being used.

(1) "local" containerd is what the daemon on Windows has used since inception.
It's not really containerd at all - it's simply local invocation of HCS APIs
directly in-process from the daemon through the Microsoft/hcsshim library.

(2) "remote" containerd is what docker on Linux uses for it's runtime. It means
that there is a separate containerd service running, and docker communicates over
GRPC to it.

To try this out, you will need to start with something like the following:

Window 1:
	containerd --log-level debug

Window 2:
	$env:DOCKER_WINDOWS_CONTAINERD=1
	dockerd --experimental -D --containerd \\.\pipe\containerd-containerd

You will need the following binary from github.com/containerd/containerd in your path:
 - containerd.exe

You will need the following binaries from github.com/Microsoft/hcsshim in your path:
 - runhcs.exe
 - containerd-shim-runhcs-v1.exe

For LCOW, it will require and initrd.img and kernel in `C:\Program Files\Linux Containers`.
This is no different to the current requirements. However, you may need updated binaries,
particularly initrd.img built from Microsoft/opengcs as (at the time of writing), Linuxkit
binaries are somewhat out of date.

Note that containerd and hcsshim for HCS v2 APIs do not yet support all the required
functionality needed for docker. This will come in time - this is a baby (although large)
step to migrating Docker on Windows to containerd.

Note that the HCS v2 APIs are only called on RS5+ builds. RS1..RS4 will still use
HCS v1 APIs as the v2 APIs were not fully developed enough on these builds to be usable.
This abstraction is done in HCSShim. (Referring specifically to runtime)

Note the LCOW graphdriver still uses HCS v1 APIs regardless.

Note also that this does not migrate docker to use containerd snapshotters
rather than graphdrivers. This needs to be done in conjunction with Linux also
doing the same switch.
2019-03-12 18:41:55 -07:00
Sebastiaan van Stijn
3449b12cc7
Use assert.NilError() instead of assert.Assert()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-21 13:16:02 +01:00
Brian Goff
eaad3ee3cf Make sure timers are stopped after use.
`time.After` keeps a timer running until the specified duration is
completed. It also allocates a new timer on each call. This can wind up
leaving lots of uneccessary timers running in the background that are
not needed and consume resources.

Instead of `time.After`, use `time.NewTimer` so the timer can actually
be stopped.
In some of these cases it's not a big deal since the duraiton is really
short, but in others it is much worse.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2019-01-16 14:32:53 -08:00
Kir Kolyshkin
6533136961 pkg/mount: wrap mount/umount errors
The errors returned from Mount and Unmount functions are raw
syscall.Errno errors (like EPERM or EINVAL), which provides
no context about what has happened and why.

Similar to os.PathError type, introduce mount.Error type
with some context. The error messages will now look like this:

> mount /tmp/mount-tests/source:/tmp/mount-tests/target, flags: 0x1001: operation not permitted

or

> mount tmpfs:/tmp/mount-test-source-516297835: operation not permitted

Before this patch, it was just

> operation not permitted

[v2: add Cause()]
[v3: rename MountError to Error, document Cause()]
[v4: fixes; audited all users]
[v5: make Error type private; changes after @cpuguy83 reviews]

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-12-10 20:07:02 -08:00
John Stephens
b3e9f7b13b
Merge pull request #35521 from salah-khan/35507
Add --chown flag support for ADD/COPY commands for Windows
2018-08-17 11:31:16 -07:00
Salahuddin Khan
763d839261 Add ADD/COPY --chown flag support to Windows
This implements chown support on Windows. Built-in accounts as well
as accounts included in the SAM database of the container are supported.

NOTE: IDPair is now named Identity and IDMappings is now named
IdentityMapping.

The following are valid examples:
ADD --chown=Guest . <some directory>
COPY --chown=Administrator . <some directory>
COPY --chown=Guests . <some directory>
COPY --chown=ContainerUser . <some directory>

On Windows an owner is only granted the permission to read the security
descriptor and read/write the discretionary access control list. This
fix also grants read/write and execute permissions to the owner.

Signed-off-by: Salahuddin Khan <salah@docker.com>
2018-08-13 21:59:11 -07:00
Derek McGowan
dd2e19ebd5
libcontainerd: split client and supervisor
Adds a supervisor package for starting and monitoring containerd.
Separates grpc connection allowing access from daemon.

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2018-08-06 10:23:04 -07:00