containers

package
v0.0.0-...-404ac48 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 7, 2014 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Overview

Data model for containers running under systemd - identifiers, port references, network links, state, and events. The templates for each systemd unit type are also available here.

Index

Constants

View Source 
const IdentifierPrefix = "ctr-"

Variables

View Source 
var ContainerCmdTemplate = template.Must(template.New("container-cmd.sh").Parse(`#!/bin/bash
exec {{.Command}}
`))
View Source 
var ContainerInitTemplate = template.Must(template.New("container-init.sh").Parse(`#!/bin/bash
{{ if .CreateUser }}
groupadd -g {{.Gid}} {{.ContainerUser}}
useradd -u {{.Uid}} -g {{.Gid}} {{.ContainerUser}}
{{ else }}
old_id=$(id -u {{.ContainerUser}})
old_gid=$(id -g {{.ContainerUser}})
/usr/sbin/usermod --uid {{.Uid}} {{.ContainerUser}}
/usr/sbin/groupmod --gid {{.Gid}} {{.ContainerUser}}
for i in $(find / -uid ${old_id}); do PATH=/bin:/sbin:/usr/bin:/usr/sbin chown -R {{.Uid}} $i; done
for i in $(find / -gid ${old_gid}); do PATH=/bin:/sbin:/usr/bin:/usr/sbin chgrp -R {{.Gid}} $i; done
{{ end }}
{{ if .HasVolumes }}
chown -R {{.Uid}}:{{.Gid}} {{.Volumes}}
{{ end }}
{{ if .UseSocketProxy }}
bash -c 'LISTEN_PID=$$ exec /usr/sbin/systemd-socket-proxyd {{ range .PortPairs }}127.0.0.1:{{ .Internal }}{{ end }}' &
{{ end }}
exec su {{.ContainerUser}} -s /bin/bash -c /.container.cmd
`))
View Source 
var ContainerSocketTemplate = template.Must(template.New("unit.socket").Parse(`
[Unit]
Description=Container socket {{.Id}}

[Socket]
{{range .PortPairs}}ListenStream={{.External}}
{{end}}

[Install]
WantedBy=container-sockets.target
`))
View Source 
var ContainerUnitTemplate = template.Must(template.New("unit.service").Parse(`
{{define "COMMON_UNIT"}}
[Unit]
Description=Container {{.Id}}
{{end}}

{{define "COMMON_SERVICE"}}
[Service]
Type=simple
TimeoutStartSec=5m
{{ if .Slice }}Slice={{.Slice}}{{ end }}
{{ if .EnvironmentPath }}EnvironmentFile={{.EnvironmentPath}}{{ end }}
{{end}}

{{define "COMMON_CONTAINER"}}
[Install]
WantedBy=container.target

# Container information
X-ContainerId={{.Id}}
X-ContainerImage={{.Image}}
X-ContainerUserId={{.User}}
X-ContainerRequestId={{.ReqId}}
X-ContainerType={{ if .Isolate }}isolated{{ else }}simple{{ end }}
{{range .PortPairs}}X-PortMapping={{.Internal}}:{{.External}}
{{end}}
{{end}}

{{/* A unit that lets docker own the container processes and only integrates via API */}}
{{define "SIMPLE"}}
{{template "COMMON_UNIT" .}}
{{template "COMMON_SERVICE" .}}
# Create data container
ExecStartPre=/bin/sh -c '/usr/bin/docker inspect --format="Reusing {{"{{.ID}}"}}" "{{.Id}}-data" || exec docker run --name "{{.Id}}-data" --volumes-from "{{.Id}}-data" --entrypoint true "{{.Image}}"'
ExecStartPre=-/usr/bin/docker rm "{{.Id}}"
{{ if .Isolate }}# Initialize user and volumes
ExecStartPre={{.ExecutablePath}} init --pre "{{.Id}}" "{{.Image}}"{{ end }}
ExecStart=/usr/bin/docker run --rm --name "{{.Id}}" \
          --volumes-from "{{.Id}}-data" \
          {{ if and .EnvironmentPath .DockerFeatures.EnvironmentFile }}--env-file "{{ .EnvironmentPath }}"{{ end }} \
          -a stdout -a stderr {{.PortSpec}} {{.RunSpec}} \
          {{ if .Isolate }} -v {{.RunDir}}/container-cmd.sh:/.container.cmd:ro -v {{.RunDir}}/container-init.sh:/.container.init:ro -u root {{end}} \
          "{{.Image}}" {{ if .Isolate }} /.container.init {{ end }}
# Set links (requires container have a name)
ExecStartPost=-{{.ExecutablePath}} init --post "{{.Id}}" "{{.Image}}"
ExecReload=-/usr/bin/docker stop "{{.Id}}"
ExecReload=-/usr/bin/docker rm "{{.Id}}"
ExecStop=-/usr/bin/docker stop "{{.Id}}"
{{template "COMMON_CONTAINER" .}}
{{end}}

{{/* A unit that uses Docker with the 'foreground' flag to run an image under the current context */}}
{{define "FOREGROUND"}}
{{template "COMMON_UNIT" .}}
{{template "COMMON_SERVICE" .}}
# Create data container
ExecStartPre=/bin/sh -c '/usr/bin/docker inspect --format="Reusing {{"{{.ID}}"}}" "{{.Id}}-data" || exec docker run --name "{{.Id}}-data" --volumes-from "{{.Id}}-data" --entrypoint true "{{.Image}}"'
ExecStartPre=-/usr/bin/docker rm "{{.Id}}"
{{ if .Isolate }}# Initialize user and volumes
ExecStartPre={{.ExecutablePath}} init --pre "{{.Id}}" "{{.Image}}"{{ end }}
ExecStart=/usr/bin/docker run --rm --foreground \
          {{ if and .EnvironmentPath .DockerFeatures.EnvironmentFile }}--env-file "{{ .EnvironmentPath }}"{{ end }} \
          {{.PortSpec}} {{.RunSpec}} \
          --name "{{.Id}}" --volumes-from "{{.Id}}-data" \
          {{ if .Isolate }} -v {{.RunDir}}/container-cmd.sh:/.container.cmd:ro -v {{.RunDir}}/container-init.sh:/.container.init:ro -u root {{end}} \
          "{{.Image}}" {{ if .Isolate }} /.container.init {{ end }}
# Set links (requires container have a name)
ExecStartPost=-{{.ExecutablePath}} init --post "{{.Id}}" "{{.Image}}"
{{template "COMMON_CONTAINER" .}}
{{end}}

{{/* A unit that exposes socket activation and process isolation */}}
{{define "SOCKETACTIVATED"}}
{{template "COMMON_UNIT" .}}
BindsTo={{.SocketUnitName}}

{{template "COMMON_SERVICE" .}}
ExecStartPre={{.ExecutablePath}} init --pre "{{.Id}}" "{{.Image}}"
ExecStart=/usr/bin/docker run \
            --name "{{.Id}}" \
            --volumes-from "{{.Id}}" \
            {{ if and .EnvironmentPath .DockerFeatures.EnvironmentFile }}--env-file "{{ .EnvironmentPath }}"{{ end }} \
            -a stdout -a stderr {{.RunSpec}} \
            --env LISTEN_FDS \
            -v {{.RunDir}}/container-init.sh:/.container.init:ro \
            -v {{.RunDir}}/container-cmd.sh:/.container.cmd:ro \
            -v /usr/sbin/systemd-socket-proxyd:/usr/sbin/systemd-socket-proxyd:ro \
            -u root -f --rm \
            "{{.Image}}" /.container.init
ExecStartPost=-{{.ExecutablePath}} init --post "{{.Id}}" "{{.Image}}"
{{template "COMMON_CONTAINER" .}}
X-SocketActivated={{.SocketActivationType}}
{{end}}

{{/* Run DEFAULT */}}
{{template "SIMPLE" .}}
`))
View Source 
var InvalidIdentifier = Identifier("")
View Source 
var OutboundNetworkIptablesTemplate = template.Must(template.New("outbound_network.iptables").Parse(`
-A PREROUTING -d {{.LocalAddr}}/32 -p tcp -m tcp --dport {{.LocalPort}} -j DNAT --to-destination {{.DestAddr}}:{{.DestPort}}
-A OUTPUT -d {{.LocalAddr}}/32 -p tcp -m tcp --dport {{.LocalPort}} -j DNAT --to-destination {{.DestAddr}}:{{.DestPort}}
-A POSTROUTING -o eth0 -j SNAT --to-source {{.SourceAddr}}
`))
View Source 
var SliceUnitTemplate = template.Must(template.New("unit.slice").Parse(`
[Unit]
Description=Container slice {{.Name}}

[Slice]
CPUAccounting=yes
MemoryAccounting=yes
MemoryLimit=512M
{{ if .Parent }}Slice={{.Parent}}{{ end }}

[Install]
WantedBy=container.target container-active.target
`))
View Source 
var TargetUnitTemplate = template.Must(template.New("unit.target").Parse(`
[Unit]
Description=Container target {{.Name}}

[Install]
WantedBy={{.WantedBy}}
`))

Functions

func Clean 

func Clean()

func GetExistingPorts 

func GetExistingPorts(id Identifier) (port.PortPairs, error)

func GetSocketActivation 

func GetSocketActivation(id Identifier) (bool, string, error)

func InitializeData 

func InitializeData() error

Types

type ContainerEvent 

type ContainerEvent struct {
	Id   Identifier
	Type EventType
}

func (ContainerEvent) String 

func (e ContainerEvent) String() string

type ContainerInitScript 

type ContainerInitScript struct {
	CreateUser     bool
	ContainerUser  string
	Uid            string
	Gid            string
	Command        string
	HasVolumes     bool
	Volumes        string
	PortPairs      port.PortPairs
	UseSocketProxy bool
}

type ContainerUnit 

type ContainerUnit struct {
	Id       Identifier
	Image    string
	PortSpec string
	RunSpec  string
	Slice    string
	Isolate  bool
	User     string
	ReqId    string

	HomeDir         string
	RunDir          string
	EnvironmentPath string
	ExecutablePath  string
	IncludePath     string

	PortPairs            port.PortPairs
	SocketUnitName       string
	SocketActivationType string

	DockerFeatures config.DockerFeatures
}

type Environment 

type Environment struct {
	Name  string
	Value string
}

func (*Environment) Check 

func (e *Environment) Check() error

func (*Environment) FromString 

func (e *Environment) FromString(s string) (bool, error)

type EnvironmentDescription 

type EnvironmentDescription struct {
	Variables []Environment
	Source    string
	Id        Identifier // Used on creation only
}

func (*EnvironmentDescription) Check 

func (d *EnvironmentDescription) Check() error

func (*EnvironmentDescription) Empty 

func (d *EnvironmentDescription) Empty() bool

func (*EnvironmentDescription) Fetch 

func (j *EnvironmentDescription) Fetch(upto int64) error

TODO: Return JobErrors that callers can react to

func (*EnvironmentDescription) Map 

func (j *EnvironmentDescription) Map() map[string]string

func (*EnvironmentDescription) ReadFrom 

func (j *EnvironmentDescription) ReadFrom(r io.Reader) error

func (*EnvironmentDescription) Write 

func (j *EnvironmentDescription) Write(appends bool) error

Write the provided enviroment data to an appropriate location

type EnvironmentVariables 

type EnvironmentVariables []Environment

func ExtractEnvironmentVariablesFrom 

func ExtractEnvironmentVariablesFrom(existing *[]string) (EnvironmentVariables, error)

type EventListener 

type EventListener struct {
	// contains filtered or unexported fields
}

func NewEventListener 

func NewEventListener() (*EventListener, error)

func (*EventListener) Close 

func (e *EventListener) Close()

func (*EventListener) Run 

func (e *EventListener) Run() (<-chan *ContainerEvent, <-chan error)

func (*EventListener) Stop 

func (e *EventListener) Stop()

type EventType 

type EventType int
const (
	Unknown EventType = iota
	Started
	Idled
	Stopped
	Deleted
	Errored
)

type Identifier 

type Identifier string

func NewIdentifier 

func NewIdentifier(s string) (Identifier, error)

func NewIdentifierFromUser 

func NewIdentifierFromUser(u *user.User) (Identifier, error)

func NewRandomIdentifier 

func NewRandomIdentifier(prefix string) (Identifier, error)

func (Identifier) AuthKeysPathFor 

func (i Identifier) AuthKeysPathFor() string

func (Identifier) BaseHomePath 

func (i Identifier) BaseHomePath() string

func (Identifier) ContainerFor 

func (i Identifier) ContainerFor() string

func (Identifier) EnvironmentPathFor 

func (i Identifier) EnvironmentPathFor() string

func (Identifier) HomePath 

func (i Identifier) HomePath() string

func (Identifier) IdleUnitPathFor 

func (i Identifier) IdleUnitPathFor() string

func (Identifier) LoginFor 

func (i Identifier) LoginFor() string

func (Identifier) NetworkLinksPathFor 

func (i Identifier) NetworkLinksPathFor() string

func (Identifier) PortDescriptionPathFor 

func (i Identifier) PortDescriptionPathFor() string

func (Identifier) RunPathFor 

func (i Identifier) RunPathFor() string

func (Identifier) SetUnitStartOnBoot 

func (i Identifier) SetUnitStartOnBoot(active bool) error

func (Identifier) SocketUnitNameFor 

func (i Identifier) SocketUnitNameFor() string

func (Identifier) SocketUnitPathFor 

func (i Identifier) SocketUnitPathFor() string

func (Identifier) UnitIdleFlagNameFor 

func (i Identifier) UnitIdleFlagNameFor() string

func (Identifier) UnitNameFor 

func (i Identifier) UnitNameFor() string

func (Identifier) UnitNameForJob 

func (i Identifier) UnitNameForJob() string

func (Identifier) UnitPathFor 

func (i Identifier) UnitPathFor() string

func (Identifier) UnitStartOnBoot 

func (i Identifier) UnitStartOnBoot() (bool, error)

func (Identifier) VersionedUnitPathFor 

func (i Identifier) VersionedUnitPathFor(suffix string) string

func (Identifier) VersionedUnitsPathFor 

func (i Identifier) VersionedUnitsPathFor() string

type JobIdentifier 

type JobIdentifier []byte

func (JobIdentifier) UnitNameFor 

func (j JobIdentifier) UnitNameFor() string

An identifier for an individual request

func (JobIdentifier) UnitNameForBuild 

func (j JobIdentifier) UnitNameForBuild() string
type NetworkLink struct {
	FromHost string
	FromPort port.Port
	ToPort   port.Port `json:"ToPort,omitempty"`
	ToHost   string    `json:"ToHost,omitempty"`
}

func NewNetworkLinkFromString 

func NewNetworkLinkFromString(s string) (*NetworkLink, error)

func (*NetworkLink) Check 

func (n *NetworkLink) Check() error

func (*NetworkLink) Complete 

func (n *NetworkLink) Complete() bool
type NetworkLinks []NetworkLink

func NewNetworkLinksFromString 

func NewNetworkLinksFromString(s string) (NetworkLinks, error)

func (NetworkLinks) Check 

func (n NetworkLinks) Check() error

func (NetworkLinks) String 

func (n NetworkLinks) String() string

func (NetworkLinks) ToCompact 

func (n NetworkLinks) ToCompact() string

func (NetworkLinks) Write 

func (n NetworkLinks) Write(path string, appends bool) error

type OutboundNetworkIptables 

type OutboundNetworkIptables struct {
	// The IP address for inbound source NAT
	SourceAddr string
	// The local IP and port to connect to
	LocalAddr string
	LocalPort port.Port
	// The remote IP and port to connect to
	DestAddr string
	DestPort port.Port
}

type SliceUnit 

type SliceUnit struct {
	Name   string
	Parent string
}

type TargetUnit 

type TargetUnit struct {
	Name     string
	WantedBy string
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.