Documentation ¶
Overview ¶
Job implementations for core API. Container jobs control container related actions on a server. Each request object has a default implementation on Linux via systemd, and a structured response if necessary. The Execute() method is separated so that client code and server code can share common sanity checks.
Index ¶
- Constants
- Variables
- type BuildImageRequest
- type ContainerLogRequest
- type ContainerPortsRequest
- type ContainerPortsResponse
- type ContainerStatusRequest
- type ContainerUnitResponse
- type ContainerUnitResponses
- type ContentRequest
- type DeleteContainerRequest
- type GetEnvironmentRequest
- type InstallContainerRequest
- type LinkContainersRequest
- type ListBuildsRequest
- type ListBuildsResponse
- type ListContainersRequest
- type ListContainersResponse
- type ListImagesRequest
- type ListServerContainersResponse
- type PatchEnvironmentRequest
- type PurgeContainersRequest
- type PutEnvironmentRequest
- type RestartContainerRequest
- type RunContainerRequest
- type StartedContainerStateRequest
- type StoppedContainerStateRequest
- type UnitResponse
- type UnitResponses
Constants ¶
const ContentTypeEnvironment = "env"
const (
DefaultSlice string = "container-small"
)
const PendingPortMappingName = "PortMapping"
Variables ¶
var ( ErrContainerNotFound = jobs.SimpleError{jobs.ResponseNotFound, "The specified container does not exist."} ErrContainerAlreadyExists = jobs.SimpleError{jobs.ResponseAlreadyExists, "A container with this identifier already exists."} ErrContainerStartFailed = jobs.SimpleError{jobs.ResponseError, "Unable to start this container."} ErrContainerStopFailed = jobs.SimpleError{jobs.ResponseError, "Unable to stop this container."} ErrContainerRestartFailed = jobs.SimpleError{jobs.ResponseError, "Unable to restart this container."} ErrEnvironmentNotFound = jobs.SimpleError{jobs.ResponseNotFound, "Unable to find the requested environment."} ErrEnvironmentUpdateFailed = jobs.SimpleError{jobs.ResponseError, "Unable to update the specified environment."} ErrListImagesFailed = jobs.SimpleError{jobs.ResponseError, "Unable to list docker images."} ErrListContainersFailed = jobs.SimpleError{jobs.ResponseError, "Unable to list the installed containers."} ErrStartRequestThrottled = jobs.SimpleError{jobs.ResponseRateLimit, "It has been too soon since the last request to start."} ErrStopRequestThrottled = jobs.SimpleError{jobs.ResponseRateLimit, "It has been too soon since the last request to stop."} ErrRestartRequestThrottled = jobs.SimpleError{jobs.ResponseRateLimit, "It has been too soon since the last request to restart or the state is currently changing."} ErrLinkContainersFailed = jobs.SimpleError{jobs.ResponseError, "Not all links could be set."} ErrDeleteContainerFailed = jobs.SimpleError{jobs.ResponseError, "Unable to delete the container."} ErrContainerCreateFailed = jobs.SimpleError{jobs.ResponseError, "Unable to create container."} ErrContainerCreateFailedInvalidSlice = jobs.SimpleError{jobs.ResponseError, "Provided systemd slice is not installed on system."} ErrContainerCreateFailedPortsReserved = jobs.SimpleError{jobs.ResponseError, "Unable to create container: some ports could not be reserved."} )
Functions ¶
This section is empty.
Types ¶
type BuildImageRequest ¶
type BuildImageRequest struct { Name string Source string Tag string BaseImage string RuntimeImage string Clean bool Verbose bool CallbackUrl string }
func (*BuildImageRequest) Check ¶
func (e *BuildImageRequest) Check() error
type ContainerLogRequest ¶
type ContainerLogRequest struct {
Id containers.Identifier
}
type ContainerPortsRequest ¶
type ContainerPortsRequest struct {
Id containers.Identifier
}
type ContainerPortsResponse ¶
type ContainerStatusRequest ¶
type ContainerStatusRequest struct {
Id containers.Identifier
}
type ContainerUnitResponse ¶
type ContainerUnitResponse struct { UnitResponse LoadState string JobType string `json:"JobType,omitempty"` // Used by consumers Server string `json:"Server,omitempty"` }
type ContainerUnitResponses ¶
type ContainerUnitResponses []ContainerUnitResponse
func (ContainerUnitResponses) Len ¶
func (c ContainerUnitResponses) Len() int
func (ContainerUnitResponses) Less ¶
func (c ContainerUnitResponses) Less(a, b int) bool
func (ContainerUnitResponses) Swap ¶
func (c ContainerUnitResponses) Swap(a, b int)
type ContentRequest ¶
type DeleteContainerRequest ¶
type DeleteContainerRequest struct {
Id containers.Identifier
}
type GetEnvironmentRequest ¶
type GetEnvironmentRequest struct {
Id containers.Identifier
}
type InstallContainerRequest ¶
type InstallContainerRequest struct { jobs.RequestIdentifier `json:"-"` Id containers.Identifier Image string // A simple container is allowed to default to normal Docker // options like -P. If simple is true no user or home // directory is created and SSH is not available Simple bool // Should this container be run in an isolated fashion // (separate user, permission changes) Isolate bool // Should this container be run in a socket activated fashion // Implies Isolated (separate user, permission changes, // no port forwarding, socket activated). // If UseSocketProxy then socket files are proxies to the // appropriate port SocketActivation bool SkipSocketProxy bool Ports port.PortPairs Environment *containers.EnvironmentDescription NetworkLinks *containers.NetworkLinks VolumeConfig *containers.VolumeConfig // Should the container be started by default Started bool // name of systemd slice unit to associate with container SystemdSlice string }
Installing a Container
This job will install a given container definition as a systemd service unit, or update the existing definition if one already exists.
There are a number of run modes for containers. Some options the caller must decide:
- Is the container transient? Should stop remove any data not in a volume - accomplished by running as a specific user, and by using 'docker run --rm' as ExecStart=
- Is the container isolated from the rest of the system? Some use cases involve the container having access to the host disk or sockets to perform system roles. Otherwise, where possible containers should be fully isolated from the host via SELinux, user namespaces, and capability dropping.
- Is the container hooked up to other containers? The defined unit should allow regular docker linking (name based pairing), the iptable-based SDN implemented here, and the propagation to the container environment of that configuration (whether as ENV vars or a file).
Isolated containers:
An isolated container runs in a way that protects it from other containers on the system. At a minimum today this means:
- Create a user to represent the container, and run the process in the container as that user. Avoids root compromise
- Assign a unique MCS category label to the container.
In the future the need for #1 is removed by user namespaces, although given the relative immaturity of that function in the kernel at the present time it is not considered sufficiently secure for production use.
func (*InstallContainerRequest) Check ¶
func (req *InstallContainerRequest) Check() error
func (*InstallContainerRequest) PortMappingsFrom ¶
func (j *InstallContainerRequest) PortMappingsFrom(pending map[string]interface{}) (port.PortPairs, bool)
type LinkContainersRequest ¶
type LinkContainersRequest struct {
*containers.ContainerLinks
}
type ListBuildsRequest ¶
type ListBuildsRequest struct{}
type ListBuildsResponse ¶
type ListBuildsResponse struct {
Builds UnitResponses
}
type ListContainersRequest ¶
type ListContainersRequest struct {
IncludeInactive bool
}
type ListContainersResponse ¶
type ListContainersResponse struct {
Containers ContainerUnitResponses
}
func (*ListContainersResponse) Append ¶
func (r *ListContainersResponse) Append(other *ListContainersResponse)
func (*ListContainersResponse) Sort ¶
func (r *ListContainersResponse) Sort()
func (*ListContainersResponse) WriteTableTo ¶
func (l *ListContainersResponse) WriteTableTo(w io.Writer) error
type ListImagesRequest ¶
type ListImagesRequest struct {
DockerSocket string
}
type ListServerContainersResponse ¶
type ListServerContainersResponse struct {
ListContainersResponse
}
func (*ListServerContainersResponse) WriteTableTo ¶
func (l *ListServerContainersResponse) WriteTableTo(w io.Writer) error
type PatchEnvironmentRequest ¶
type PatchEnvironmentRequest struct {
containers.EnvironmentDescription
}
type PurgeContainersRequest ¶
type PurgeContainersRequest struct{}
type PutEnvironmentRequest ¶
type PutEnvironmentRequest struct {
containers.EnvironmentDescription
}
type RestartContainerRequest ¶
type RestartContainerRequest struct {
Id containers.Identifier
}
type RunContainerRequest ¶
func (*RunContainerRequest) Check ¶
func (e *RunContainerRequest) Check() error
type StartedContainerStateRequest ¶
type StartedContainerStateRequest struct {
Id containers.Identifier
}
type StoppedContainerStateRequest ¶
type StoppedContainerStateRequest struct { Id containers.Identifier Wait bool }
type UnitResponse ¶
type UnitResponses ¶
type UnitResponses []UnitResponse
func (UnitResponses) Len ¶
func (c UnitResponses) Len() int
func (UnitResponses) Less ¶
func (c UnitResponses) Less(a, b int) bool
func (UnitResponses) Swap ¶
func (c UnitResponses) Swap(a, b int)