2cf230951f
This repository is not yet a module (i.e., does not have a `go.mod`). This
is not problematic when building the code in GOPATH or "vendor" mode, but
when using the code as a module-dependency (in module-mode), different semantics
are applied since Go1.21, which switches Go _language versions_ on a per-module,
per-package, or even per-file base.
A condensed summary of that logic [is as follows][1]:
- For modules that have a go.mod containing a go version directive; that
version is considered a minimum _required_ version (starting with the
go1.19.13 and go1.20.8 patch releases: before those, it was only a
recommendation).
- For dependencies that don't have a go.mod (not a module), go language
version go1.16 is assumed.
- Likewise, for modules that have a go.mod, but the file does not have a
go version directive, go language version go1.16 is assumed.
- If a go.work file is present, but does not have a go version directive,
language version go1.17 is assumed.
When switching language versions, Go _downgrades_ the language version,
which means that language features (such as generics, and `any`) are not
available, and compilation fails. For example:
# github.com/docker/cli/cli/context/store
/go/pkg/mod/github.com/docker/cli@v25.0.0-beta.2+incompatible/cli/context/store/storeconfig.go:6:24: predeclared any requires go1.18 or later (-lang was set to go1.16; check go.mod)
/go/pkg/mod/github.com/docker/cli@v25.0.0-beta.2+incompatible/cli/context/store/store.go:74:12: predeclared any requires go1.18 or later (-lang was set to go1.16; check go.mod)
Note that these fallbacks are per-module, per-package, and can even be
per-file, so _(indirect) dependencies_ can still use modern language
features, as long as their respective go.mod has a version specified.
Unfortunately, these failures do not occur when building locally (using
vendor / GOPATH mode), but will affect consumers of the module.
Obviously, this situation is not ideal, and the ultimate solution is to
move to go modules (add a go.mod), but this comes with a non-insignificant
risk in other areas (due to our complex dependency tree).
We can revert to using go1.16 language features only, but this may be
limiting, and may still be problematic when (e.g.) matching signatures
of dependencies.
There is an escape hatch: adding a `//go:build` directive to files that
make use of go language features. From the [go toolchain docs][2]:
> The go line for each module sets the language version the compiler enforces
> when compiling packages in that module. The language version can be changed
> on a per-file basis by using a build constraint.
>
> For example, a module containing code that uses the Go 1.21 language version
> should have a `go.mod` file with a go line such as `go 1.21` or `go 1.21.3`.
> If a specific source file should be compiled only when using a newer Go
> toolchain, adding `//go:build go1.22` to that source file both ensures that
> only Go 1.22 and newer toolchains will compile the file and also changes
> the language version in that file to Go 1.22.
This patch adds `//go:build` directives to those files using recent additions
to the language. It's currently using go1.19 as version to match the version
in our "vendor.mod", but we can consider being more permissive ("any" requires
go1.18 or up), or more "optimistic" (force go1.21, which is the version we
currently use to build).
For completeness sake, note that any file _without_ a `//go:build` directive
will continue to use go1.16 language version when used as a module.
[1]: 58c28ba286/src/cmd/go/internal/gover/version.go (L9-L56)
[2]: https://go.dev/doc/toolchain
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
361 lines
12 KiB
Go
361 lines
12 KiB
Go
// FIXME(thaJeztah): remove once we are a module; the go:build directive prevents go from downgrading language version to go1.16:
|
|
//go:build go1.19
|
|
|
|
package daemon // import "github.com/docker/docker/daemon"
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"os"
|
|
"runtime"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/containerd/containerd/tracing"
|
|
"github.com/containerd/log"
|
|
"github.com/docker/docker/api"
|
|
"github.com/docker/docker/api/types"
|
|
"github.com/docker/docker/api/types/system"
|
|
"github.com/docker/docker/cli/debug"
|
|
"github.com/docker/docker/daemon/config"
|
|
"github.com/docker/docker/daemon/logger"
|
|
"github.com/docker/docker/dockerversion"
|
|
"github.com/docker/docker/pkg/fileutils"
|
|
"github.com/docker/docker/pkg/meminfo"
|
|
"github.com/docker/docker/pkg/parsers/kernel"
|
|
"github.com/docker/docker/pkg/parsers/operatingsystem"
|
|
"github.com/docker/docker/pkg/platform"
|
|
"github.com/docker/docker/pkg/sysinfo"
|
|
"github.com/docker/docker/registry"
|
|
metrics "github.com/docker/go-metrics"
|
|
"github.com/opencontainers/selinux/go-selinux"
|
|
)
|
|
|
|
func doWithTrace[T any](ctx context.Context, name string, f func() T) T {
|
|
_, span := tracing.StartSpan(ctx, name)
|
|
defer span.End()
|
|
return f()
|
|
}
|
|
|
|
// SystemInfo returns information about the host server the daemon is running on.
|
|
//
|
|
// The only error this should return is due to context cancellation/deadline.
|
|
// Anything else should be logged and ignored because this is looking up
|
|
// multiple things and is often used for debugging.
|
|
// The only case valid early return is when the caller doesn't want the result anymore (ie context cancelled).
|
|
func (daemon *Daemon) SystemInfo(ctx context.Context) (*system.Info, error) {
|
|
defer metrics.StartTimer(hostInfoFunctions.WithValues("system_info"))()
|
|
|
|
sysInfo := daemon.RawSysInfo()
|
|
cfg := daemon.config()
|
|
|
|
v := &system.Info{
|
|
ID: daemon.id,
|
|
Images: daemon.imageService.CountImages(ctx),
|
|
IPv4Forwarding: !sysInfo.IPv4ForwardingDisabled,
|
|
BridgeNfIptables: !sysInfo.BridgeNFCallIPTablesDisabled,
|
|
BridgeNfIP6tables: !sysInfo.BridgeNFCallIP6TablesDisabled,
|
|
Name: hostName(ctx),
|
|
SystemTime: time.Now().Format(time.RFC3339Nano),
|
|
LoggingDriver: daemon.defaultLogConfig.Type,
|
|
KernelVersion: kernelVersion(ctx),
|
|
OperatingSystem: operatingSystem(ctx),
|
|
OSVersion: osVersion(ctx),
|
|
IndexServerAddress: registry.IndexServer,
|
|
OSType: runtime.GOOS,
|
|
Architecture: platform.Architecture,
|
|
RegistryConfig: doWithTrace(ctx, "registry.ServiceConfig", daemon.registryService.ServiceConfig),
|
|
NCPU: doWithTrace(ctx, "sysinfo.NumCPU", sysinfo.NumCPU),
|
|
MemTotal: memInfo(ctx).MemTotal,
|
|
GenericResources: daemon.genericResources,
|
|
DockerRootDir: cfg.Root,
|
|
Labels: cfg.Labels,
|
|
ExperimentalBuild: cfg.Experimental,
|
|
ServerVersion: dockerversion.Version,
|
|
HTTPProxy: config.MaskCredentials(getConfigOrEnv(cfg.HTTPProxy, "HTTP_PROXY", "http_proxy")),
|
|
HTTPSProxy: config.MaskCredentials(getConfigOrEnv(cfg.HTTPSProxy, "HTTPS_PROXY", "https_proxy")),
|
|
NoProxy: getConfigOrEnv(cfg.NoProxy, "NO_PROXY", "no_proxy"),
|
|
LiveRestoreEnabled: cfg.LiveRestoreEnabled,
|
|
Isolation: daemon.defaultIsolation,
|
|
CDISpecDirs: promoteNil(cfg.CDISpecDirs),
|
|
}
|
|
|
|
daemon.fillContainerStates(v)
|
|
daemon.fillDebugInfo(ctx, v)
|
|
daemon.fillAPIInfo(v, &cfg.Config)
|
|
// Retrieve platform specific info
|
|
if err := daemon.fillPlatformInfo(ctx, v, sysInfo, cfg); err != nil {
|
|
return nil, err
|
|
}
|
|
daemon.fillDriverInfo(v)
|
|
daemon.fillPluginsInfo(ctx, v, &cfg.Config)
|
|
daemon.fillSecurityOptions(v, sysInfo, &cfg.Config)
|
|
daemon.fillLicense(v)
|
|
daemon.fillDefaultAddressPools(ctx, v, &cfg.Config)
|
|
|
|
return v, nil
|
|
}
|
|
|
|
// SystemVersion returns version information about the daemon.
|
|
//
|
|
// The only error this should return is due to context cancellation/deadline.
|
|
// Anything else should be logged and ignored because this is looking up
|
|
// multiple things and is often used for debugging.
|
|
// The only case valid early return is when the caller doesn't want the result anymore (ie context cancelled).
|
|
func (daemon *Daemon) SystemVersion(ctx context.Context) (types.Version, error) {
|
|
defer metrics.StartTimer(hostInfoFunctions.WithValues("system_version"))()
|
|
|
|
kernelVersion := kernelVersion(ctx)
|
|
cfg := daemon.config()
|
|
|
|
v := types.Version{
|
|
Components: []types.ComponentVersion{
|
|
{
|
|
Name: "Engine",
|
|
Version: dockerversion.Version,
|
|
Details: map[string]string{
|
|
"GitCommit": dockerversion.GitCommit,
|
|
"ApiVersion": api.DefaultVersion,
|
|
"MinAPIVersion": cfg.MinAPIVersion,
|
|
"GoVersion": runtime.Version(),
|
|
"Os": runtime.GOOS,
|
|
"Arch": runtime.GOARCH,
|
|
"BuildTime": dockerversion.BuildTime,
|
|
"KernelVersion": kernelVersion,
|
|
"Experimental": fmt.Sprintf("%t", cfg.Experimental),
|
|
},
|
|
},
|
|
},
|
|
|
|
// Populate deprecated fields for older clients
|
|
Version: dockerversion.Version,
|
|
GitCommit: dockerversion.GitCommit,
|
|
APIVersion: api.DefaultVersion,
|
|
MinAPIVersion: cfg.MinAPIVersion,
|
|
GoVersion: runtime.Version(),
|
|
Os: runtime.GOOS,
|
|
Arch: runtime.GOARCH,
|
|
BuildTime: dockerversion.BuildTime,
|
|
KernelVersion: kernelVersion,
|
|
Experimental: cfg.Experimental,
|
|
}
|
|
|
|
v.Platform.Name = dockerversion.PlatformName
|
|
|
|
if err := daemon.fillPlatformVersion(ctx, &v, cfg); err != nil {
|
|
return v, err
|
|
}
|
|
return v, nil
|
|
}
|
|
|
|
func (daemon *Daemon) fillDriverInfo(v *system.Info) {
|
|
v.Driver = daemon.imageService.StorageDriver()
|
|
v.DriverStatus = daemon.imageService.LayerStoreStatus()
|
|
|
|
const warnMsg = `
|
|
WARNING: The %s storage-driver is deprecated, and will be removed in a future release.
|
|
Refer to the documentation for more information: https://docs.docker.com/go/storage-driver/`
|
|
|
|
switch v.Driver {
|
|
case "overlay":
|
|
v.Warnings = append(v.Warnings, fmt.Sprintf(warnMsg, v.Driver))
|
|
}
|
|
|
|
fillDriverWarnings(v)
|
|
}
|
|
|
|
func (daemon *Daemon) fillPluginsInfo(ctx context.Context, v *system.Info, cfg *config.Config) {
|
|
v.Plugins = system.PluginsInfo{
|
|
Volume: daemon.volumes.GetDriverList(),
|
|
Network: daemon.GetNetworkDriverList(ctx),
|
|
|
|
// The authorization plugins are returned in the order they are
|
|
// used as they constitute a request/response modification chain.
|
|
Authorization: cfg.AuthorizationPlugins,
|
|
Log: logger.ListDrivers(),
|
|
}
|
|
}
|
|
|
|
func (daemon *Daemon) fillSecurityOptions(v *system.Info, sysInfo *sysinfo.SysInfo, cfg *config.Config) {
|
|
var securityOptions []string
|
|
if sysInfo.AppArmor {
|
|
securityOptions = append(securityOptions, "name=apparmor")
|
|
}
|
|
if sysInfo.Seccomp && supportsSeccomp {
|
|
if daemon.seccompProfilePath != config.SeccompProfileDefault {
|
|
v.Warnings = append(v.Warnings, "WARNING: daemon is not using the default seccomp profile")
|
|
}
|
|
securityOptions = append(securityOptions, "name=seccomp,profile="+daemon.seccompProfilePath)
|
|
}
|
|
if selinux.GetEnabled() {
|
|
securityOptions = append(securityOptions, "name=selinux")
|
|
}
|
|
if rootIDs := daemon.idMapping.RootPair(); rootIDs.UID != 0 || rootIDs.GID != 0 {
|
|
securityOptions = append(securityOptions, "name=userns")
|
|
}
|
|
if Rootless(cfg) {
|
|
securityOptions = append(securityOptions, "name=rootless")
|
|
}
|
|
if cgroupNamespacesEnabled(sysInfo, cfg) {
|
|
securityOptions = append(securityOptions, "name=cgroupns")
|
|
}
|
|
if noNewPrivileges(cfg) {
|
|
securityOptions = append(securityOptions, "name=no-new-privileges")
|
|
}
|
|
|
|
v.SecurityOptions = securityOptions
|
|
}
|
|
|
|
func (daemon *Daemon) fillContainerStates(v *system.Info) {
|
|
cRunning, cPaused, cStopped := stateCtr.get()
|
|
v.Containers = cRunning + cPaused + cStopped
|
|
v.ContainersPaused = cPaused
|
|
v.ContainersRunning = cRunning
|
|
v.ContainersStopped = cStopped
|
|
}
|
|
|
|
// fillDebugInfo sets the current debugging state of the daemon, and additional
|
|
// debugging information, such as the number of Go-routines, and file descriptors.
|
|
//
|
|
// Note that this currently always collects the information, but the CLI only
|
|
// prints it if the daemon has debug enabled. We should consider to either make
|
|
// this information optional (cli to request "with debugging information"), or
|
|
// only collect it if the daemon has debug enabled. For the CLI code, see
|
|
// https://github.com/docker/cli/blob/v20.10.12/cli/command/system/info.go#L239-L244
|
|
func (daemon *Daemon) fillDebugInfo(ctx context.Context, v *system.Info) {
|
|
v.Debug = debug.IsEnabled()
|
|
v.NFd = fileutils.GetTotalUsedFds(ctx)
|
|
v.NGoroutines = runtime.NumGoroutine()
|
|
v.NEventsListener = daemon.EventsService.SubscribersCount()
|
|
}
|
|
|
|
func (daemon *Daemon) fillAPIInfo(v *system.Info, cfg *config.Config) {
|
|
const warn string = `
|
|
Access to the remote API is equivalent to root access on the host. Refer
|
|
to the 'Docker daemon attack surface' section in the documentation for
|
|
more information: https://docs.docker.com/go/attack-surface/`
|
|
|
|
for _, host := range cfg.Hosts {
|
|
// cnf.Hosts is normalized during startup, so should always have a scheme/proto
|
|
proto, addr, _ := strings.Cut(host, "://")
|
|
if proto != "tcp" {
|
|
continue
|
|
}
|
|
if cfg.TLS == nil || !*cfg.TLS {
|
|
v.Warnings = append(v.Warnings, fmt.Sprintf("WARNING: API is accessible on http://%s without encryption.%s", addr, warn))
|
|
continue
|
|
}
|
|
if cfg.TLSVerify == nil || !*cfg.TLSVerify {
|
|
v.Warnings = append(v.Warnings, fmt.Sprintf("WARNING: API is accessible on https://%s without TLS client verification.%s", addr, warn))
|
|
continue
|
|
}
|
|
}
|
|
}
|
|
|
|
func (daemon *Daemon) fillDefaultAddressPools(ctx context.Context, v *system.Info, cfg *config.Config) {
|
|
_, span := tracing.StartSpan(ctx, "fillDefaultAddressPools")
|
|
defer span.End()
|
|
for _, pool := range cfg.DefaultAddressPools.Value() {
|
|
v.DefaultAddressPools = append(v.DefaultAddressPools, system.NetworkAddressPool{
|
|
Base: pool.Base,
|
|
Size: pool.Size,
|
|
})
|
|
}
|
|
}
|
|
|
|
func hostName(ctx context.Context) string {
|
|
ctx, span := tracing.StartSpan(ctx, "hostName")
|
|
defer span.End()
|
|
hostname := ""
|
|
if hn, err := os.Hostname(); err != nil {
|
|
log.G(ctx).Warnf("Could not get hostname: %v", err)
|
|
} else {
|
|
hostname = hn
|
|
}
|
|
return hostname
|
|
}
|
|
|
|
func kernelVersion(ctx context.Context) string {
|
|
ctx, span := tracing.StartSpan(ctx, "kernelVersion")
|
|
defer span.End()
|
|
|
|
var kernelVersion string
|
|
if kv, err := kernel.GetKernelVersion(); err != nil {
|
|
log.G(ctx).Warnf("Could not get kernel version: %v", err)
|
|
} else {
|
|
kernelVersion = kv.String()
|
|
}
|
|
return kernelVersion
|
|
}
|
|
|
|
func memInfo(ctx context.Context) *meminfo.Memory {
|
|
ctx, span := tracing.StartSpan(ctx, "memInfo")
|
|
defer span.End()
|
|
|
|
memInfo, err := meminfo.Read()
|
|
if err != nil {
|
|
log.G(ctx).Errorf("Could not read system memory info: %v", err)
|
|
memInfo = &meminfo.Memory{}
|
|
}
|
|
return memInfo
|
|
}
|
|
|
|
func operatingSystem(ctx context.Context) (operatingSystem string) {
|
|
ctx, span := tracing.StartSpan(ctx, "operatingSystem")
|
|
defer span.End()
|
|
|
|
defer metrics.StartTimer(hostInfoFunctions.WithValues("operating_system"))()
|
|
|
|
if s, err := operatingsystem.GetOperatingSystem(); err != nil {
|
|
log.G(ctx).Warnf("Could not get operating system name: %v", err)
|
|
} else {
|
|
operatingSystem = s
|
|
}
|
|
if inContainer, err := operatingsystem.IsContainerized(); err != nil {
|
|
log.G(ctx).Errorf("Could not determine if daemon is containerized: %v", err)
|
|
operatingSystem += " (error determining if containerized)"
|
|
} else if inContainer {
|
|
operatingSystem += " (containerized)"
|
|
}
|
|
|
|
return operatingSystem
|
|
}
|
|
|
|
func osVersion(ctx context.Context) (version string) {
|
|
ctx, span := tracing.StartSpan(ctx, "osVersion")
|
|
defer span.End()
|
|
|
|
defer metrics.StartTimer(hostInfoFunctions.WithValues("os_version"))()
|
|
|
|
version, err := operatingsystem.GetOperatingSystemVersion()
|
|
if err != nil {
|
|
log.G(ctx).Warnf("Could not get operating system version: %v", err)
|
|
}
|
|
|
|
return version
|
|
}
|
|
|
|
func getEnvAny(names ...string) string {
|
|
for _, n := range names {
|
|
if val := os.Getenv(n); val != "" {
|
|
return val
|
|
}
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func getConfigOrEnv(config string, env ...string) string {
|
|
if config != "" {
|
|
return config
|
|
}
|
|
return getEnvAny(env...)
|
|
}
|
|
|
|
// promoteNil converts a nil slice to an empty slice of that type.
|
|
// A non-nil slice is returned as is.
|
|
func promoteNil[S ~[]E, E any](s S) S {
|
|
if s == nil {
|
|
return S{}
|
|
}
|
|
return s
|
|
}
|