Documentation ¶
Index ¶
- Constants
- func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error)
- type CryptParams
- type DeviceAPI
- type DeviceParams
- type Driver
- func (d *Driver) ApplyDiff(id string, parent string, diff io.Reader) (size int64, err error)
- func (d *Driver) Changes(id, parent string) ([]archive.Change, error)
- func (d *Driver) Cleanup() error
- func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr error)
- func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error
- func (d *Driver) Diff(id, parent string) (io.ReadCloser, error)
- func (d *Driver) DiffGetter(id string) (graphdriver.FileGetCloser, error)
- func (d *Driver) DiffSize(id, parent string) (size int64, err error)
- func (d *Driver) Exists(id string) bool
- func (d *Driver) Get(id string, mountLabel string) (_ containerfs.ContainerFS, err error)
- func (d *Driver) GetMetadata(id string) (map[string]string, error)
- func (d *Driver) Put(id string) error
- func (d *Driver) Remove(id string) error
- func (d *Driver) Status() [][2]string
- func (d *Driver) String() string
- type KeyInfo
- type RawImage
- type VirtualDevice
Constants ¶
const ( // ConstCryptsetupBin : Path to the cryptsetup binary ConstCryptsetupBin = "/sbin/cryptsetup" // ConstDevMapperPrefix : Path to the mapper devices ConstDevMapperPrefix = "/dev/mapper" // ConstMinImageSize : Minimum size for a Docker Image layer ConstMinImageSize = 10 * 1024 * 1024 // 10 MB // ConstCryptsetupOverhead : Extra free space allocated to an image layer for any overruns ConstCryptsetupOverhead = 2 * 1024 * 1024 // 4 MB // ConstFsOverhead : Percentage of layer size allocate for overhead ConstFsOverhead = 50 // (in %) 5% // ConstLuksCmdFormat : Command for formatting dmcrypt devices ConstLuksCmdFormat = "luks-format" // ConstLuksCmdOpen : Command for opening dmcrypt devices ConstLuksCmdOpen = "luks-open" // ConstLuksCmdClose : Command for closing dmcrypt devices ConstLuksCmdClose = "luks-close" // ConstLuksCmdRemove : Command for deleting dmcrypt devices ConstLuksCmdRemove = "luks-remove" // ConstTypeCrypt : String denoting an dmcrypt encrypted device ConstTypeCrypt = "type-crypt" // ConstFsBlockSize : Higher values of this setting e.g., 4096, will increase relative filesystem overhead // and increase likelihood the overhead estimation will to small resulting on overflow // of filesystem during securityTransform ConstFsBlockSize = "1024" // ConstFsReservedBlocks : Number of FS blocks reserved per image layer mount ConstFsReservedBlocks = "0" // ConstFsTypeExt4 : String denoting the ext4 filesystem ConstFsTypeExt4 = "ext4" // ConstBlockDevBasePath : Path to the block devices ConstBlockDevBasePath = "/sys/dev/block" // ConstLoopMajorNum : Major device number for loopback device ConstLoopMajorNum = 7 // ConstBackingFilePath : Path within the loopback filesystem for backing_file storage ConstBackingFilePath = "loop/backing_file" // ConstMaxLoopDevices : Ceiling on the number of loopback devices that can be opened simulataneously ConstMaxLoopDevices = 256 )
const ( MAXKEYPOLL = 90 RPCSocketFilePath = "/var/run/workload-agent/wlagent.sock" )
the key will be polled from wlagent fetch-key rpc calls maximum 90 times till get the key from wlagent fetch-key rpc call. if the count reaches 90 and not able to get key from wlagent fetch-key the error will be thrown
const ( // ConstDefaultStringKeyLength represents the number of random characters // which can be used to set a default string key if the KeyType is // set to key-type-string and no value is passed for KeyHandle ConstDefaultStringKeyLength = 12 // ConstDefaultHashType : set the hashing algorithm used by dmcrypt ConstDefaultHashType = "sha256" // ConstDefaultCipher : set the crypt cipher used by dmcrypt ConstDefaultCipher = "aes-xts-plain" // ConstDefaultKeySize : set the key size in bits used by dmcrypt ConstDefaultKeySize = "256" )
Variables ¶
This section is empty.
Functions ¶
func Init ¶
func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error)
Init returns the a native diff driver for overlay filesystem. If overlay filesystem is not supported on the host, graphdriver.ErrNotSupported is returned as error. If an overlay filesystem is not supported over an existing filesystem then error graphdriver.ErrIncompatibleFS is returned.
Types ¶
type CryptParams ¶
CryptParams : Information passed to dmcrypt for encrypt/decrypt operations
type DeviceAPI ¶
type DeviceAPI interface { Create(size int64) error Get() error Put() error Remove() error ImportData(diffTar io.Reader) error }
DeviceAPI : Enumerates methods to be implemented by a encrypted mount store
type DeviceParams ¶
type DeviceParams struct { FsType string Mnt string UIDMaps []idtools.IDMap GIDMaps []idtools.IDMap }
DeviceParams : Information required to tie the image to the dmcrypt mount device
type Driver ¶
type Driver struct {
// contains filtered or unexported fields
}
Driver contains information about the home directory and the list of active mounts that are created using this driver.
func (*Driver) ApplyDiff ¶
ApplyDiff applies the new layer into a root ASSUMPTIONS:
- either that layer didn't have any security options (and hence no meta-data file) or there is a security meta-data file and the security transform was already applied
func (*Driver) Changes ¶
Changes produces a list of changes between the specified layer and its parent layer. If parent is "", then all changes will be ADD changes. ASSUMPTIONS:
- will not be called with passed parent not being id's immediate parent iff the involved layers have security options implying transformations.
func (*Driver) Cleanup ¶
Cleanup any state created by overlay which should be cleaned when daemon is being shutdown. For now, we just have to unmount the bind mounted we had created.
func (*Driver) Create ¶
func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr error)
Create is used to create the upper, lower, and merge directories required for overlay fs for a given id. The parent filesystem is used to configure these directories for the overlay.
func (*Driver) CreateReadWrite ¶
func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error
CreateReadWrite creates a layer that is writable for use as a container file system.
func (*Driver) Diff ¶
func (d *Driver) Diff(id, parent string) (io.ReadCloser, error)
Diff produces an archive of the changes between the specified layer and its parent layer which may be "". It will apply the security transformation as specified in security meta data ASSUMPTIONS:
- Diff is called only on frozen layers (i.e, no file state will ever change after first call to Diff())
- if parent passed is not immediate parent of id/self, then all layers between id/self and (excluding) parent must have consisten security settings (including same key(id)!) If above is not true security transformations might be lost as-of-now that should be true as Diff is only called only once per layer as part of commit and multi-layer happens in the case of SquashImage which should operates on a per-dockerfile level which always should imply consistent security meta data
func (*Driver) DiffGetter ¶
func (d *Driver) DiffGetter(id string) (graphdriver.FileGetCloser, error)
DiffGetter : Get the diff of the two layers
func (*Driver) DiffSize ¶
DiffSize calculates the changes between the specified id and its parent and returns the size in bytes of the changes relative to its base filesystem directory. Notes
- will current report different size before and after security transform is done! If called early the reported size will be smaller than it eventually will be due to transform overhead. This will violate some tests in test suite: graphtest.DriverTestDiffApply DOES test for equality of this with size returned by ApplyDiff (graphtest.BenchamrkDiffN also tests but does not enforce; For now these tests are disabled (as they are when naivediff is used!).
func (*Driver) Get ¶
func (d *Driver) Get(id string, mountLabel string) (_ containerfs.ContainerFS, err error)
Get creates and mounts the required file system for the given id and returns the mount path.
func (*Driver) GetMetadata ¶
GetMetadata returns meta data about the overlay driver such as LowerDir, UpperDir, WorkDir and MergeDir used to store data.
type RawImage ¶
type RawImage struct { ImagePath string // TODO: this object can be removed after taking care of DevPath() API LoDev losetup.Device }
RawImage : This represents an image mount with a loopback device
type VirtualDevice ¶
type VirtualDevice struct { Image RawImage Name string Type string Deviceparams DeviceParams Cryptparams CryptParams }
VirtualDevice : An encapsulation of an encrypted docker image
func (*VirtualDevice) Create ¶
func (d *VirtualDevice) Create(size int64) error
Create : Creates a virtual device with the specified properties
func (*VirtualDevice) Get ¶
func (d *VirtualDevice) Get() error
Get : Open the encrypted mount for IO operations
func (*VirtualDevice) ImportData ¶
func (d *VirtualDevice) ImportData(diffTar io.Reader) error
ImportData : Move data from a diff-tarball into a mount device
func (*VirtualDevice) Remove ¶
func (d *VirtualDevice) Remove() error
Remove : Remove the encrypted mount from the filesystem on deletion