From 577d4a2ea8b70be9d3428b0e4893adaee2817bd9 Mon Sep 17 00:00:00 2001 From: Nick Ethier Date: Mon, 19 Nov 2018 21:07:30 -0500 Subject: [PATCH] docker: group common config into blocks --- drivers/docker/config.go | 119 ++++++++++++++++++++++++--------------- drivers/docker/driver.go | 33 ++++------- 2 files changed, 85 insertions(+), 67 deletions(-) diff --git a/drivers/docker/config.go b/drivers/docker/config.go index 371641800..b3069d766 100644 --- a/drivers/docker/config.go +++ b/drivers/docker/config.go @@ -44,12 +44,18 @@ func PluginLoader(opts map[string]string) (map[string]interface{}, error) { if v, ok := opts["docker.endpoint"]; ok { conf["endpoint"] = v } + + // dockerd auth + authConf := map[string]interface{}{} if v, ok := opts["docker.auth.config"]; ok { - conf["auth_config"] = v + authConf["auth_config"] = v } if v, ok := opts["docker.auth.helper"]; ok { - conf["auth_helper"] = v + authConf["auth_helper"] = v } + conf["auth"] = authConf + + // dockerd tls if _, ok := opts["docker.tls.cert"]; ok { conf["tls"] = map[string]interface{}{ "cert": opts["docker.tls.cert"], @@ -57,27 +63,37 @@ func PluginLoader(opts map[string]string) (map[string]interface{}, error) { "ca": opts["docker.tls.ca"], } } + + // garbage collection + gcConf := map[string]interface{}{} + if v, err := strconv.ParseBool(opts["docker.cleanup.image"]); err == nil { + gcConf["image"] = v + } if v, ok := opts["docker.cleanup.image.delay"]; ok { - conf["image_gc_delay"] = v + gcConf["image_delay"] = v + } + if v, err := strconv.ParseBool(opts["docker.cleanup.container"]); err == nil { + gcConf["container"] = v + } + conf["gc"] = gcConf + + // volume options + if v, err := strconv.ParseBool(opts["docker.volumes.enabled"]); err == nil { + conf["volumes_enabled"] = v } if v, ok := opts["docker.volumes.selinuxlabel"]; ok { conf["volumes_selinuxlabel"] = v } + + // capabilities if v, ok := opts["docker.caps.whitelist"]; ok { conf["allow_caps"] = strings.Split(v, ",") } - if v, err := strconv.ParseBool(opts["docker.cleanup.image"]); err == nil { - conf["image_gc"] = v - } - if v, err := strconv.ParseBool(opts["docker.volumes.enabled"]); err == nil { - conf["volumes_enabled"] = v - } + + // privileged containers if v, err := strconv.ParseBool(opts["docker.privileged.enabled"]); err == nil { conf["allow_privileged"] = v } - if v, err := strconv.ParseBool(opts["docker.cleanup.container"]); err == nil { - conf["container_gc"] = v - } return conf, nil } @@ -106,19 +122,27 @@ var ( // configSpec is the hcl specification returned by the ConfigSchema RPC configSpec = hclspec.NewObject(map[string]*hclspec.Spec{ - "endpoint": hclspec.NewAttr("endpoint", "string", false), - "auth_config": hclspec.NewAttr("auth_config", "string", false), - "auth_helper": hclspec.NewAttr("auth_helper", "string", false), + "endpoint": hclspec.NewAttr("endpoint", "string", false), + "auth": hclspec.NewBlock("auth", false, hclspec.NewObject(map[string]*hclspec.Spec{ + "config": hclspec.NewAttr("config", "string", false), + "helper": hclspec.NewAttr("helper", "string", false), + })), "tls": hclspec.NewBlock("tls", false, hclspec.NewObject(map[string]*hclspec.Spec{ "cert": hclspec.NewAttr("cert", "string", false), "key": hclspec.NewAttr("key", "string", false), "ca": hclspec.NewAttr("ca", "string", false), })), - "image_gc": hclspec.NewDefault( - hclspec.NewAttr("image_gc", "bool", false), - hclspec.NewLiteral("true"), - ), - "image_gc_delay": hclspec.NewAttr("image_gc_delay", "string", false), + "gc": hclspec.NewBlock("gc", false, hclspec.NewObject(map[string]*hclspec.Spec{ + "image": hclspec.NewDefault( + hclspec.NewAttr("image", "bool", false), + hclspec.NewLiteral("true"), + ), + "image_delay": hclspec.NewAttr("image_delay", "string", false), + "container": hclspec.NewDefault( + hclspec.NewAttr("container", "bool", false), + hclspec.NewLiteral("true"), + ), + })), "volumes_enabled": hclspec.NewDefault( hclspec.NewAttr("volumes_enabled", "bool", false), hclspec.NewLiteral("true"), @@ -129,10 +153,6 @@ var ( hclspec.NewAttr("allow_caps", "list(string)", false), hclspec.NewLiteral(`["CHOWN","DAC_OVERRIDE","FSETID","FOWNER","MKNOD","NET_RAW","SETGID","SETUID","SETFCAP","SETPCAP","NET_BIND_SERVICE","SYS_CHROOT","KILL","AUDIT_WRITE"]`), ), - "container_gc": hclspec.NewDefault( - hclspec.NewAttr("container_gc", "bool", false), - hclspec.NewLiteral("true"), - ), }) // taskConfigSpec is the hcl specification for the driver config section of @@ -169,20 +189,23 @@ var ( "ipc_mode": hclspec.NewAttr("ipc_mode", "string", false), "ipv4_address": hclspec.NewAttr("ipv4_address", "string", false), "ipv6_address": hclspec.NewAttr("ipv6_address", "string", false), - "labels": hclspec.NewAttr("labels", "map(string)", false), + "labels": hclspec.NewBlockAttrs("labels", "string", false), "load": hclspec.NewAttr("load", "string", false), - "logging": hclspec.NewAttr("logging", "map(string)", false), - "mac_address": hclspec.NewAttr("mac_address", "map(string)", false), + "logging": hclspec.NewBlockSet("logging", hclspec.NewObject(map[string]*hclspec.Spec{ + "type": hclspec.NewAttr("type", "string", false), + "config": hclspec.NewBlockAttrs("config", "string", false), + })), + "mac_address": hclspec.NewAttr("mac_address", "string", false), "mounts": hclspec.NewBlockSet("mounts", hclspec.NewObject(map[string]*hclspec.Spec{ "target": hclspec.NewAttr("target", "string", false), "source": hclspec.NewAttr("source", "string", false), "readonly": hclspec.NewAttr("readonly", "bool", false), "volume_options": hclspec.NewBlockSet("volume_options", hclspec.NewObject(map[string]*hclspec.Spec{ "no_copy": hclspec.NewAttr("no_copy", "bool", false), - "labels": hclspec.NewAttr("labels", "map(string)", false), + "labels": hclspec.NewBlockAttrs("labels", "string", false), "driver_config": hclspec.NewBlockSet("driver_config", hclspec.NewObject(map[string]*hclspec.Spec{ "name": hclspec.NewAttr("name", "string", false), - "options": hclspec.NewAttr("name", "map(string)", false), + "options": hclspec.NewBlockAttrs("name", "string", false), })), })), })), @@ -190,14 +213,14 @@ var ( "network_mode": hclspec.NewAttr("network_mode", "string", false), "pids_limit": hclspec.NewAttr("pids_limit", "number", false), "pid_mode": hclspec.NewAttr("pid_mode", "string", false), - "port_map": hclspec.NewAttr("port_map", "map(number)", false), + "port_map": hclspec.NewBlockAttrs("port_map", "number", false), "privileged": hclspec.NewAttr("privileged", "bool", false), "readonly_rootfs": hclspec.NewAttr("readonly_rootfs", "bool", false), "security_opt": hclspec.NewAttr("security_opt", "list(string)", false), "shm_size": hclspec.NewAttr("shm_size", "number", false), - "sysctl": hclspec.NewAttr("sysctl", "map(string)", false), + "sysctl": hclspec.NewBlockAttrs("sysctl", "string", false), "tty": hclspec.NewAttr("tty", "bool", false), - "ulimit": hclspec.NewAttr("ulimit", "map(string)", false), + "ulimit": hclspec.NewBlockAttrs("ulimit", "string", false), "uts_mode": hclspec.NewAttr("uts_mode", "string", false), "userns_mode": hclspec.NewAttr("userns_mode", "string", false), "volumes": hclspec.NewAttr("volumes", "list(string)", false), @@ -299,18 +322,19 @@ type DockerVolumeDriverConfig struct { } type DriverConfig struct { - Endpoint string `codec:"endpoint"` - AuthConfig string `codec:"auth_config"` - AuthHelper string `codec:"auth_helper"` - TLS TLSConfig `codec:"tls"` - ImageGC bool `codec:"image_gc"` - ImageGCDelay string `codec:"image_gc_delay"` - imageGCDelayDuration time.Duration `codec:"-"` - VolumesEnabled bool `codec:"volumes_enabled"` - VolumesSelinuxLabel string `codec:"volumes_selinuxlabel"` - AllowPrivileged bool `codec:"allow_privileged"` - AllowCaps []string `codec:"allow_caps"` - ContainerGC bool `codec:"container_gc"` + Endpoint string `codec:"endpoint"` + AuthConfig AuthConfig `codec:"auth"` + TLS TLSConfig `codec:"tls"` + GC GCConfig `codec:"gc"` + VolumesEnabled bool `codec:"volumes_enabled"` + VolumesSelinuxLabel string `codec:"volumes_selinuxlabel"` + AllowPrivileged bool `codec:"allow_privileged"` + AllowCaps []string `codec:"allow_caps"` +} + +type AuthConfig struct { + Config string `codec:"config"` + Helper string `codec:"helper"` } type TLSConfig struct { @@ -318,3 +342,10 @@ type TLSConfig struct { Key string `codec:"key"` CA string `codec:"ca"` } + +type GCConfig struct { + Image bool `codec:"image"` + ImageDelay string `codec:"image_delay"` + imageDelayDuration time.Duration `codec:"-"` + Container bool `codec:"container"` +} diff --git a/drivers/docker/driver.go b/drivers/docker/driver.go index e998992ed..519538654 100644 --- a/drivers/docker/driver.go +++ b/drivers/docker/driver.go @@ -119,12 +119,12 @@ func (d *Driver) SetConfig(data []byte, cfg *base.ClientAgentConfig) error { } d.config = &config - if len(d.config.ImageGCDelay) > 0 { - dur, err := time.ParseDuration(d.config.ImageGCDelay) + if len(d.config.GC.ImageDelay) > 0 { + dur, err := time.ParseDuration(d.config.GC.ImageDelay) if err != nil { - return fmt.Errorf("failed to parse 'image_gc_delay' duration: %v", err) + return fmt.Errorf("failed to parse 'image_delay' duration: %v", err) } - d.config.imageGCDelayDuration = dur + d.config.GC.imageDelayDuration = dur } if cfg != nil { @@ -137,9 +137,9 @@ func (d *Driver) SetConfig(data []byte, cfg *base.ClientAgentConfig) error { } coordinatorConfig := &dockerCoordinatorConfig{ client: dockerClient, - cleanup: d.config.ImageGC, + cleanup: d.config.GC.Image, logger: d.logger, - removeDelay: d.config.imageGCDelayDuration, + removeDelay: d.config.GC.imageDelayDuration, } d.coordinator = NewDockerCoordinator(coordinatorConfig) @@ -195,7 +195,7 @@ func (d *Driver) RecoverTask(handle *drivers.TaskHandle) error { container: container, doneCh: make(chan bool), waitCh: make(chan struct{}), - removeContainerOnExit: d.config.ContainerGC, + removeContainerOnExit: d.config.GC.Container, net: handleState.DriverNetwork, } @@ -328,7 +328,7 @@ CREATE: container: container, doneCh: make(chan bool), waitCh: make(chan struct{}), - removeContainerOnExit: d.config.ContainerGC, + removeContainerOnExit: d.config.GC.Container, net: net, } @@ -478,26 +478,13 @@ START: return recoverableErrTimeouts(startErr) } -// getDockerCoordinator returns the docker coordinator and the caller ID to use when -// interacting with the coordinator -func (d *Driver) getDockerCoordinator(client *docker.Client, task *drivers.TaskConfig) (*dockerCoordinator, string) { - config := &dockerCoordinatorConfig{ - client: client, - cleanup: d.config.ImageGC, - logger: d.logger, - removeDelay: d.config.imageGCDelayDuration, - } - - return GetDockerCoordinator(config), fmt.Sprintf("%s-%s", task.ID, task.Name) -} - // createImage creates a docker image either by pulling it from a registry or by // loading it from the file system func (d *Driver) createImage(task *drivers.TaskConfig, driverConfig *TaskConfig, client *docker.Client) (string, error) { image := driverConfig.Image repo, tag := parseDockerImage(image) - coordinator, callerID := d.getDockerCoordinator(client, task) + callerID := fmt.Sprintf("%s-%s", task.ID, task.Name) // We're going to check whether the image is already downloaded. If the tag // is "latest", or ForcePull is set, we have to check for a new version every time so we don't @@ -507,7 +494,7 @@ func (d *Driver) createImage(task *drivers.TaskConfig, driverConfig *TaskConfig, } else if tag != "latest" { if dockerImage, _ := client.InspectImage(image); dockerImage != nil { // Image exists so just increment its reference count - coordinator.IncrementImageReference(dockerImage.ID, image, callerID) + d.coordinator.IncrementImageReference(dockerImage.ID, image, callerID) return dockerImage.ID, nil } }