Windows: OCI runtime spec compliance
Michael Crosby authored on 2016/10/01 02:13:57... | ... |
@@ -5,6 +5,7 @@ import ( |
5 | 5 |
"github.com/docker/docker/daemon/caps" |
6 | 6 |
"github.com/docker/docker/daemon/exec" |
7 | 7 |
"github.com/docker/docker/libcontainerd" |
8 |
+ "github.com/opencontainers/runtime-spec/specs-go" |
|
8 | 9 |
) |
9 | 10 |
|
10 | 11 |
func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainerd.Process) error { |
... | ... |
@@ -13,7 +14,7 @@ func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainer |
13 | 13 |
if err != nil { |
14 | 14 |
return err |
15 | 15 |
} |
16 |
- p.User = &libcontainerd.User{ |
|
16 |
+ p.User = &specs.User{ |
|
17 | 17 |
UID: uid, |
18 | 18 |
GID: gid, |
19 | 19 |
AdditionalGids: additionalGids, |
... | ... |
@@ -14,7 +14,6 @@ import ( |
14 | 14 |
containertypes "github.com/docker/docker/api/types/container" |
15 | 15 |
"github.com/docker/docker/container" |
16 | 16 |
"github.com/docker/docker/daemon/caps" |
17 |
- "github.com/docker/docker/libcontainerd" |
|
18 | 17 |
"github.com/docker/docker/oci" |
19 | 18 |
"github.com/docker/docker/pkg/idtools" |
20 | 19 |
"github.com/docker/docker/pkg/mount" |
... | ... |
@@ -623,7 +622,7 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container) |
623 | 623 |
return nil |
624 | 624 |
} |
625 | 625 |
|
626 |
-func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, error) { |
|
626 |
+func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) { |
|
627 | 627 |
s := oci.DefaultSpec() |
628 | 628 |
if err := daemon.populateCommonSpec(&s, c); err != nil { |
629 | 629 |
return nil, err |
... | ... |
@@ -719,7 +718,7 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e |
719 | 719 |
s.Process.NoNewPrivileges = c.NoNewPrivileges |
720 | 720 |
s.Linux.MountLabel = c.MountLabel |
721 | 721 |
|
722 |
- return (*libcontainerd.Spec)(&s), nil |
|
722 |
+ return (*specs.Spec)(&s), nil |
|
723 | 723 |
} |
724 | 724 |
|
725 | 725 |
func clearReadOnly(m *specs.Mount) { |
... | ... |
@@ -3,13 +3,13 @@ package daemon |
3 | 3 |
import ( |
4 | 4 |
containertypes "github.com/docker/docker/api/types/container" |
5 | 5 |
"github.com/docker/docker/container" |
6 |
- "github.com/docker/docker/libcontainerd" |
|
7 | 6 |
"github.com/docker/docker/oci" |
7 |
+ "github.com/opencontainers/runtime-spec/specs-go" |
|
8 | 8 |
) |
9 | 9 |
|
10 |
-func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, error) { |
|
10 |
+func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) { |
|
11 | 11 |
s := oci.DefaultSpec() |
12 |
- return (*libcontainerd.Spec)(&s), nil |
|
12 |
+ return (*specs.Spec)(&s), nil |
|
13 | 13 |
} |
14 | 14 |
|
15 | 15 |
// mergeUlimits merge the Ulimits from HostConfig with daemon defaults, and update HostConfig |
... | ... |
@@ -5,12 +5,11 @@ import ( |
5 | 5 |
|
6 | 6 |
containertypes "github.com/docker/docker/api/types/container" |
7 | 7 |
"github.com/docker/docker/container" |
8 |
- "github.com/docker/docker/libcontainerd" |
|
9 |
- "github.com/docker/docker/libcontainerd/windowsoci" |
|
10 | 8 |
"github.com/docker/docker/oci" |
9 |
+ "github.com/opencontainers/runtime-spec/specs-go" |
|
11 | 10 |
) |
12 | 11 |
|
13 |
-func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, error) { |
|
12 |
+func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) { |
|
14 | 13 |
s := oci.DefaultSpec() |
15 | 14 |
|
16 | 15 |
linkedEnv, err := daemon.setupLinkedContainers(c) |
... | ... |
@@ -33,7 +32,7 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e |
33 | 33 |
return nil, err |
34 | 34 |
} |
35 | 35 |
for _, mount := range mounts { |
36 |
- m := windowsoci.Mount{ |
|
36 |
+ m := specs.Mount{ |
|
37 | 37 |
Source: mount.Source, |
38 | 38 |
Destination: mount.Destination, |
39 | 39 |
} |
... | ... |
@@ -71,25 +70,27 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e |
71 | 71 |
|
72 | 72 |
// In s.Windows.Resources |
73 | 73 |
// @darrenstahlmsft implement these resources |
74 |
- cpuShares := uint64(c.HostConfig.CPUShares) |
|
75 |
- s.Windows.Resources = &windowsoci.WindowsResources{ |
|
76 |
- CPU: &windowsoci.WindowsCPU{ |
|
77 |
- Percent: &c.HostConfig.CPUPercent, |
|
74 |
+ cpuShares := uint16(c.HostConfig.CPUShares) |
|
75 |
+ cpuPercent := uint8(c.HostConfig.CPUPercent) |
|
76 |
+ memoryLimit := uint64(c.HostConfig.Memory) |
|
77 |
+ s.Windows.Resources = &specs.WindowsResources{ |
|
78 |
+ CPU: &specs.WindowsCPUResources{ |
|
79 |
+ Percent: &cpuPercent, |
|
78 | 80 |
Shares: &cpuShares, |
79 | 81 |
}, |
80 |
- Memory: &windowsoci.WindowsMemory{ |
|
81 |
- Limit: &c.HostConfig.Memory, |
|
82 |
+ Memory: &specs.WindowsMemoryResources{ |
|
83 |
+ Limit: &memoryLimit, |
|
82 | 84 |
//TODO Reservation: ..., |
83 | 85 |
}, |
84 |
- Network: &windowsoci.WindowsNetwork{ |
|
86 |
+ Network: &specs.WindowsNetworkResources{ |
|
85 | 87 |
//TODO Bandwidth: ..., |
86 | 88 |
}, |
87 |
- Storage: &windowsoci.WindowsStorage{ |
|
89 |
+ Storage: &specs.WindowsStorageResources{ |
|
88 | 90 |
Bps: &c.HostConfig.IOMaximumBandwidth, |
89 | 91 |
Iops: &c.HostConfig.IOMaximumIOps, |
90 | 92 |
}, |
91 | 93 |
} |
92 |
- return (*libcontainerd.Spec)(&s), nil |
|
94 |
+ return (*specs.Spec)(&s), nil |
|
93 | 95 |
} |
94 | 96 |
|
95 | 97 |
func escapeArgs(args []string) []string { |
... | ... |
@@ -15,7 +15,7 @@ import ( |
15 | 15 |
// It also ensures each of the mounts are lexographically sorted. |
16 | 16 |
|
17 | 17 |
// BUGBUG TODO Windows containerd. This would be much better if it returned |
18 |
-// an array of windowsoci mounts, not container mounts. Then no need to |
|
18 |
+// an array of runtime spec mounts, not container mounts. Then no need to |
|
19 | 19 |
// do multiple transitions. |
20 | 20 |
|
21 | 21 |
func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, error) { |
... | ... |
@@ -107,7 +107,7 @@ clone git github.com/docker/go v1.5.1-1-1-gbaf439e |
107 | 107 |
clone git github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c |
108 | 108 |
|
109 | 109 |
clone git github.com/opencontainers/runc cc29e3dded8e27ba8f65738f40d251c885030a28 # libcontainer |
110 |
-clone git github.com/opencontainers/runtime-spec v1.0.0-rc1 # specs |
|
110 |
+clone git github.com/opencontainers/runtime-spec 1c7c27d043c2a5e513a44084d2b10d77d1402b8c # specs |
|
111 | 111 |
clone git github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0 |
112 | 112 |
# libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json) |
113 | 113 |
clone git github.com/coreos/go-systemd v4 |
... | ... |
@@ -133,7 +133,7 @@ func (clnt *client) prepareBundleDir(uid, gid int) (string, error) { |
133 | 133 |
return p, nil |
134 | 134 |
} |
135 | 135 |
|
136 |
-func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec Spec, options ...CreateOption) (err error) { |
|
136 |
+func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec specs.Spec, options ...CreateOption) (err error) { |
|
137 | 137 |
clnt.lock(containerID) |
138 | 138 |
defer clnt.unlock(containerID) |
139 | 139 |
|
... | ... |
@@ -13,6 +13,7 @@ import ( |
13 | 13 |
|
14 | 14 |
"github.com/Microsoft/hcsshim" |
15 | 15 |
"github.com/Sirupsen/logrus" |
16 |
+ "github.com/opencontainers/runtime-spec/specs-go" |
|
16 | 17 |
) |
17 | 18 |
|
18 | 19 |
type client struct { |
... | ... |
@@ -92,7 +93,7 @@ const defaultOwner = "docker" |
92 | 92 |
// }, |
93 | 93 |
// "Servicing": false |
94 | 94 |
//} |
95 |
-func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec Spec, options ...CreateOption) error { |
|
95 |
+func (clnt *client) Create(containerID string, checkpoint string, checkpointDir string, spec specs.Spec, options ...CreateOption) error { |
|
96 | 96 |
clnt.lock(containerID) |
97 | 97 |
defer clnt.unlock(containerID) |
98 | 98 |
logrus.Debugln("libcontainerd: client.Create() with spec", spec) |
... | ... |
@@ -109,15 +110,15 @@ func (clnt *client) Create(containerID string, checkpoint string, checkpointDir |
109 | 109 |
if spec.Windows.Resources != nil { |
110 | 110 |
if spec.Windows.Resources.CPU != nil { |
111 | 111 |
if spec.Windows.Resources.CPU.Shares != nil { |
112 |
- configuration.ProcessorWeight = *spec.Windows.Resources.CPU.Shares |
|
112 |
+ configuration.ProcessorWeight = uint64(*spec.Windows.Resources.CPU.Shares) |
|
113 | 113 |
} |
114 | 114 |
if spec.Windows.Resources.CPU.Percent != nil { |
115 |
- configuration.ProcessorMaximum = *spec.Windows.Resources.CPU.Percent * 100 // ProcessorMaximum is a value between 1 and 10000 |
|
115 |
+ configuration.ProcessorMaximum = int64(*spec.Windows.Resources.CPU.Percent * 100) // ProcessorMaximum is a value between 1 and 10000 |
|
116 | 116 |
} |
117 | 117 |
} |
118 | 118 |
if spec.Windows.Resources.Memory != nil { |
119 | 119 |
if spec.Windows.Resources.Memory.Limit != nil { |
120 |
- configuration.MemoryMaximumInMB = *spec.Windows.Resources.Memory.Limit / 1024 / 1024 |
|
120 |
+ configuration.MemoryMaximumInMB = int64(*spec.Windows.Resources.Memory.Limit / 1024 / 1024) |
|
121 | 121 |
} |
122 | 122 |
} |
123 | 123 |
if spec.Windows.Resources.Storage != nil { |
... | ... |
@@ -8,6 +8,7 @@ import ( |
8 | 8 |
|
9 | 9 |
"github.com/Microsoft/hcsshim" |
10 | 10 |
"github.com/Sirupsen/logrus" |
11 |
+ "github.com/opencontainers/runtime-spec/specs-go" |
|
11 | 12 |
) |
12 | 13 |
|
13 | 14 |
type container struct { |
... | ... |
@@ -19,7 +20,7 @@ type container struct { |
19 | 19 |
// The ociSpec is required, as client.Create() needs a spec, |
20 | 20 |
// but can be called from the RestartManager context which does not |
21 | 21 |
// otherwise have access to the Spec |
22 |
- ociSpec Spec |
|
22 |
+ ociSpec specs.Spec |
|
23 | 23 |
|
24 | 24 |
manualStopRequested bool |
25 | 25 |
hcsContainer hcsshim.Container |
... | ... |
@@ -3,6 +3,7 @@ package libcontainerd |
3 | 3 |
import ( |
4 | 4 |
"io" |
5 | 5 |
|
6 |
+ "github.com/opencontainers/runtime-spec/specs-go" |
|
6 | 7 |
"golang.org/x/net/context" |
7 | 8 |
) |
8 | 9 |
|
... | ... |
@@ -36,7 +37,7 @@ type Backend interface { |
36 | 36 |
|
37 | 37 |
// Client provides access to containerd features. |
38 | 38 |
type Client interface { |
39 |
- Create(containerID string, checkpoint string, checkpointDir string, spec Spec, options ...CreateOption) error |
|
39 |
+ Create(containerID string, checkpoint string, checkpointDir string, spec specs.Spec, options ...CreateOption) error |
|
40 | 40 |
Signal(containerID string, sig int) error |
41 | 41 |
SignalProcess(containerID string, processFriendlyName string, sig int) error |
42 | 42 |
AddProcess(ctx context.Context, containerID, processFriendlyName string, process Process) error |
... | ... |
@@ -5,17 +5,12 @@ import ( |
5 | 5 |
"github.com/opencontainers/runtime-spec/specs-go" |
6 | 6 |
) |
7 | 7 |
|
8 |
-// Spec is the base configuration for the container. It specifies platform |
|
9 |
-// independent configuration. This information must be included when the |
|
10 |
-// bundle is packaged for distribution. |
|
11 |
-type Spec specs.Spec |
|
12 |
- |
|
13 | 8 |
// Process contains information to start a specific application inside the container. |
14 | 9 |
type Process struct { |
15 | 10 |
// Terminal creates an interactive terminal for the container. |
16 | 11 |
Terminal bool `json:"terminal"` |
17 | 12 |
// User specifies user information for the process. |
18 |
- User *User `json:"user"` |
|
13 |
+ User *specs.User `json:"user"` |
|
19 | 14 |
// Args specifies the binary and arguments for the application to execute. |
20 | 15 |
Args []string `json:"args"` |
21 | 16 |
// Env populates the process environment for the process. |
... | ... |
@@ -47,10 +42,6 @@ type Stats containerd.StatsResponse |
47 | 47 |
// Summary contains a container summary from containerd |
48 | 48 |
type Summary struct{} |
49 | 49 |
|
50 |
-// User specifies linux specific user and group information for the container's |
|
51 |
-// main process. |
|
52 |
-type User specs.User |
|
53 |
- |
|
54 | 50 |
// Resources defines updatable container resource values. |
55 | 51 |
type Resources containerd.UpdateResource |
56 | 52 |
|
... | ... |
@@ -1,14 +1,5 @@ |
1 | 1 |
package libcontainerd |
2 | 2 |
|
3 |
-import ( |
|
4 |
- "github.com/opencontainers/runtime-spec/specs-go" |
|
5 |
-) |
|
6 |
- |
|
7 |
-// Spec is the base configuration for the container. It specifies platform |
|
8 |
-// independent configuration. This information must be included when the |
|
9 |
-// bundle is packaged for distribution. |
|
10 |
-type Spec specs.Spec |
|
11 |
- |
|
12 | 3 |
// Process contains information to start a specific application inside the container. |
13 | 4 |
type Process struct { |
14 | 5 |
// Terminal creates an interactive terminal for the container. |
... | ... |
@@ -30,9 +21,5 @@ type StateInfo struct { |
30 | 30 |
// Platform specific StateInfo |
31 | 31 |
} |
32 | 32 |
|
33 |
-// User specifies Solaris specific user and group information for the container's |
|
34 |
-// main process. |
|
35 |
-type User specs.User |
|
36 |
- |
|
37 | 33 |
// Resources defines updatable container resource values. |
38 | 34 |
type Resources struct{} |
... | ... |
@@ -2,17 +2,11 @@ package libcontainerd |
2 | 2 |
|
3 | 3 |
import ( |
4 | 4 |
"github.com/Microsoft/hcsshim" |
5 |
- "github.com/docker/docker/libcontainerd/windowsoci" |
|
5 |
+ "github.com/opencontainers/runtime-spec/specs-go" |
|
6 | 6 |
) |
7 | 7 |
|
8 |
-// Spec is the base configuration for the container. |
|
9 |
-type Spec windowsoci.Spec |
|
10 |
- |
|
11 | 8 |
// Process contains information to start a specific application inside the container. |
12 |
-type Process windowsoci.Process |
|
13 |
- |
|
14 |
-// User specifies user information for the containers main process. |
|
15 |
-type User windowsoci.User |
|
9 |
+type Process specs.Process |
|
16 | 10 |
|
17 | 11 |
// Summary contains a ProcessList item from HCS to support `top` |
18 | 12 |
type Summary hcsshim.ProcessListItem |
19 | 13 |
deleted file mode 100644 |
... | ... |
@@ -1,199 +0,0 @@ |
1 |
-package windowsoci |
|
2 |
- |
|
3 |
-// This file contains the Windows spec for a container. At the time of |
|
4 |
-// writing, Windows does not have a spec defined in opencontainers/specs, |
|
5 |
-// hence this is an interim workaround. TODO Windows: FIXME @jhowardmsft |
|
6 |
- |
|
7 |
-import "fmt" |
|
8 |
- |
|
9 |
-// Spec is the base configuration for the container. |
|
10 |
-type Spec struct { |
|
11 |
- // Version of the Open Container Runtime Specification with which the bundle complies. |
|
12 |
- Version string `json:"ociVersion"` |
|
13 |
- // Platform specifies the configuration's target platform. |
|
14 |
- Platform Platform `json:"platform"` |
|
15 |
- // Process configures the container process. |
|
16 |
- Process Process `json:"process"` |
|
17 |
- // Root configures the container's root filesystem. |
|
18 |
- Root Root `json:"root"` |
|
19 |
- // Hostname configures the container's hostname. |
|
20 |
- Hostname string `json:"hostname,omitempty"` |
|
21 |
- // Mounts configures additional mounts (on top of Root). |
|
22 |
- Mounts []Mount `json:"mounts,omitempty"` |
|
23 |
- // Hooks configures callbacks for container lifecycle events. |
|
24 |
- Hooks Hooks `json:"hooks"` |
|
25 |
- // Annotations contains arbitrary metadata for the container. |
|
26 |
- Annotations map[string]string `json:"annotations,omitempty"` |
|
27 |
- |
|
28 |
- // Linux is platform specific configuration for Linux based containers. |
|
29 |
- Linux *Linux `json:"linux,omitempty" platform:"linux"` |
|
30 |
- // Solaris is platform specific configuration for Solaris containers. |
|
31 |
- Solaris *Solaris `json:"solaris,omitempty" platform:"solaris"` |
|
32 |
- // Windows is platform specific configuration for Windows based containers, including Hyper-V containers. |
|
33 |
- Windows *Windows `json:"windows,omitempty" platform:"windows"` |
|
34 |
-} |
|
35 |
- |
|
36 |
-// Windows contains platform specific configuration for Windows based containers. |
|
37 |
-type Windows struct { |
|
38 |
- // Resources contains information for handling resource constraints for the container |
|
39 |
- Resources *WindowsResources `json:"resources,omitempty"` |
|
40 |
-} |
|
41 |
- |
|
42 |
-// Process contains information to start a specific application inside the container. |
|
43 |
-type Process struct { |
|
44 |
- // Terminal creates an interactive terminal for the container. |
|
45 |
- Terminal bool `json:"terminal,omitempty"` |
|
46 |
- // User specifies user information for the process. |
|
47 |
- User User `json:"user"` |
|
48 |
- // Args specifies the binary and arguments for the application to execute. |
|
49 |
- Args []string `json:"args"` |
|
50 |
- // Env populates the process environment for the process. |
|
51 |
- Env []string `json:"env,omitempty"` |
|
52 |
- // Cwd is the current working directory for the process and must be |
|
53 |
- // relative to the container's root. |
|
54 |
- Cwd string `json:"cwd"` |
|
55 |
- // Capabilities are Linux capabilities that are kept for the container. |
|
56 |
- Capabilities []string `json:"capabilities,omitempty" platform:"linux"` |
|
57 |
- // Rlimits specifies rlimit options to apply to the process. |
|
58 |
- Rlimits []Rlimit `json:"rlimits,omitempty" platform:"linux"` |
|
59 |
- // NoNewPrivileges controls whether additional privileges could be gained by processes in the container. |
|
60 |
- NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux"` |
|
61 |
- // ApparmorProfile specifies the apparmor profile for the container. |
|
62 |
- ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"` |
|
63 |
- // SelinuxLabel specifies the selinux context that the container process is run as. |
|
64 |
- SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"` |
|
65 |
- // ConsoleSize contains the initial size of the console. |
|
66 |
- ConsoleSize Box `json:"consoleSize" platform:"windows"` |
|
67 |
-} |
|
68 |
- |
|
69 |
-// Box specifies height and width dimensions. Used for sizing of a console. |
|
70 |
-type Box struct { |
|
71 |
- Height uint |
|
72 |
- Width uint |
|
73 |
-} |
|
74 |
- |
|
75 |
-// User specifies specific user (and group) information for the container process. |
|
76 |
-type User struct { |
|
77 |
- // UID is the user id. |
|
78 |
- UID uint32 `json:"uid" platform:"linux,solaris"` |
|
79 |
- // GID is the group id. |
|
80 |
- GID uint32 `json:"gid" platform:"linux,solaris"` |
|
81 |
- // AdditionalGids are additional group ids set for the container's process. |
|
82 |
- AdditionalGids []uint32 `json:"additionalGids,omitempty" platform:"linux,solaris"` |
|
83 |
- // Username is the user name. |
|
84 |
- Username string `json:"username,omitempty" platform:"windows"` |
|
85 |
-} |
|
86 |
- |
|
87 |
-// Root contains information about the container's root filesystem on the host. |
|
88 |
-type Root struct { |
|
89 |
- // Path is the absolute path to the container's root filesystem. |
|
90 |
- Path string `json:"path"` |
|
91 |
- // Readonly makes the root filesystem for the container readonly before the process is executed. |
|
92 |
- Readonly bool `json:"readonly"` |
|
93 |
-} |
|
94 |
- |
|
95 |
-// Platform specifies OS and arch information for the host system that the container |
|
96 |
-// is created for. |
|
97 |
-type Platform struct { |
|
98 |
- // OS is the operating system. |
|
99 |
- OS string `json:"os"` |
|
100 |
- // Arch is the architecture |
|
101 |
- Arch string `json:"arch"` |
|
102 |
-} |
|
103 |
- |
|
104 |
-// Mount specifies a mount for a container. |
|
105 |
-type Mount struct { |
|
106 |
- // Destination is the path where the mount will be placed relative to the container's root. The path and child directories MUST exist, a runtime MUST NOT create directories automatically to a mount point. |
|
107 |
- Destination string `json:"destination"` |
|
108 |
- // Type specifies the mount kind. |
|
109 |
- Type string `json:"type"` |
|
110 |
- // Source specifies the source path of the mount. In the case of bind mounts on |
|
111 |
- // Linux based systems this would be the file on the host. |
|
112 |
- Source string `json:"source"` |
|
113 |
- // Options are fstab style mount options. |
|
114 |
- Options []string `json:"options,omitempty"` |
|
115 |
-} |
|
116 |
- |
|
117 |
-// WindowsStorage contains storage resource management settings |
|
118 |
-type WindowsStorage struct { |
|
119 |
- // Specifies maximum Iops for the system drive |
|
120 |
- Iops *uint64 `json:"iops,omitempty"` |
|
121 |
- // Specifies maximum bytes per second for the system drive |
|
122 |
- Bps *uint64 `json:"bps,omitempty"` |
|
123 |
- // Sandbox size indicates the size to expand the system drive to if it is currently smaller |
|
124 |
- SandboxSize *uint64 `json:"sandbox_size,omitempty"` |
|
125 |
-} |
|
126 |
- |
|
127 |
-// WindowsMemory contains memory settings for the container |
|
128 |
-type WindowsMemory struct { |
|
129 |
- // Memory limit (in bytes). |
|
130 |
- Limit *int64 `json:"limit,omitempty"` |
|
131 |
- // Memory reservation (in bytes). |
|
132 |
- Reservation *uint64 `json:"reservation,omitempty"` |
|
133 |
-} |
|
134 |
- |
|
135 |
-// WindowsCPU contains information for cpu resource management |
|
136 |
-type WindowsCPU struct { |
|
137 |
- // Number of CPUs available to the container. This is an appoximation for Windows Server Containers. |
|
138 |
- Count *uint64 `json:"count,omitempty"` |
|
139 |
- // CPU shares (relative weight (ratio) vs. other containers with cpu shares). Range is from 1 to 10000. |
|
140 |
- Shares *uint64 `json:"shares,omitempty"` |
|
141 |
- // Percent of available CPUs usable by the container. |
|
142 |
- Percent *int64 `json:"percent,omitempty"` |
|
143 |
-} |
|
144 |
- |
|
145 |
-// WindowsNetwork contains network resource management information |
|
146 |
-type WindowsNetwork struct { |
|
147 |
- // Bandwidth is the maximum egress bandwidth in bytes per second |
|
148 |
- Bandwidth *uint64 `json:"bandwidth,omitempty"` |
|
149 |
-} |
|
150 |
- |
|
151 |
-// WindowsResources has container runtime resource constraints |
|
152 |
-// TODO Windows containerd. This structure needs ratifying with the old resources |
|
153 |
-// structure used on Windows and the latest OCI spec. |
|
154 |
-type WindowsResources struct { |
|
155 |
- // Memory restriction configuration |
|
156 |
- Memory *WindowsMemory `json:"memory,omitempty"` |
|
157 |
- // CPU resource restriction configuration |
|
158 |
- CPU *WindowsCPU `json:"cpu,omitempty"` |
|
159 |
- // Storage restriction configuration |
|
160 |
- Storage *WindowsStorage `json:"storage,omitempty"` |
|
161 |
- // Network restriction configuration |
|
162 |
- Network *WindowsNetwork `json:"network,omitempty"` |
|
163 |
-} |
|
164 |
- |
|
165 |
-const ( |
|
166 |
- // VersionMajor is for an API incompatible changes |
|
167 |
- VersionMajor = 0 |
|
168 |
- // VersionMinor is for functionality in a backwards-compatible manner |
|
169 |
- VersionMinor = 3 |
|
170 |
- // VersionPatch is for backwards-compatible bug fixes |
|
171 |
- VersionPatch = 0 |
|
172 |
- |
|
173 |
- // VersionDev indicates development branch. Releases will be empty string. |
|
174 |
- VersionDev = "" |
|
175 |
-) |
|
176 |
- |
|
177 |
-// Version is the specification version that the package types support. |
|
178 |
-var Version = fmt.Sprintf("%d.%d.%d%s (Windows)", VersionMajor, VersionMinor, VersionPatch, VersionDev) |
|
179 |
- |
|
180 |
-// |
|
181 |
-// Temporary structures. Ultimately this whole file will be removed. |
|
182 |
-// |
|
183 |
- |
|
184 |
-// Linux contains platform specific configuration for Linux based containers. |
|
185 |
-type Linux struct { |
|
186 |
-} |
|
187 |
- |
|
188 |
-// Solaris contains platform specific configuration for Solaris application containers. |
|
189 |
-type Solaris struct { |
|
190 |
-} |
|
191 |
- |
|
192 |
-// Hooks for container setup and teardown |
|
193 |
-type Hooks struct { |
|
194 |
-} |
|
195 |
- |
|
196 |
-// Rlimit type and restrictions. Placeholder only to support the Process structure. |
|
197 |
-// Not used on Windows, only present for compilation purposes. |
|
198 |
-type Rlimit struct { |
|
199 |
-} |
... | ... |
@@ -3,17 +3,17 @@ package oci |
3 | 3 |
import ( |
4 | 4 |
"runtime" |
5 | 5 |
|
6 |
- "github.com/docker/docker/libcontainerd/windowsoci" |
|
6 |
+ "github.com/opencontainers/runtime-spec/specs-go" |
|
7 | 7 |
) |
8 | 8 |
|
9 | 9 |
// DefaultSpec returns default spec used by docker. |
10 |
-func DefaultSpec() windowsoci.Spec { |
|
11 |
- return windowsoci.Spec{ |
|
12 |
- Version: windowsoci.Version, |
|
13 |
- Platform: windowsoci.Platform{ |
|
10 |
+func DefaultSpec() specs.Spec { |
|
11 |
+ return specs.Spec{ |
|
12 |
+ Version: specs.Version, |
|
13 |
+ Platform: specs.Platform{ |
|
14 | 14 |
OS: runtime.GOOS, |
15 | 15 |
Arch: runtime.GOARCH, |
16 | 16 |
}, |
17 |
- Windows: &windowsoci.Windows{}, |
|
17 |
+ Windows: &specs.Windows{}, |
|
18 | 18 |
} |
19 | 19 |
} |
... | ... |
@@ -15,6 +15,7 @@ import ( |
15 | 15 |
"github.com/docker/docker/pkg/plugins" |
16 | 16 |
"github.com/docker/docker/plugin/v2" |
17 | 17 |
"github.com/docker/docker/restartmanager" |
18 |
+ "github.com/opencontainers/runtime-spec/specs-go" |
|
18 | 19 |
) |
19 | 20 |
|
20 | 21 |
func (pm *Manager) enable(p *v2.Plugin, force bool) error { |
... | ... |
@@ -27,7 +28,7 @@ func (pm *Manager) enable(p *v2.Plugin, force bool) error { |
27 | 27 |
} |
28 | 28 |
|
29 | 29 |
p.RestartManager = restartmanager.New(container.RestartPolicy{Name: "always"}, 0) |
30 |
- if err := pm.containerdClient.Create(p.GetID(), "", "", libcontainerd.Spec(*spec), libcontainerd.WithRestartManager(p.RestartManager)); err != nil { |
|
30 |
+ if err := pm.containerdClient.Create(p.GetID(), "", "", specs.Spec(*spec), libcontainerd.WithRestartManager(p.RestartManager)); err != nil { |
|
31 | 31 |
if err := p.RestartManager.Cancel(); err != nil { |
32 | 32 |
logrus.Errorf("enable: restartManager.Cancel failed due to %v", err) |
33 | 33 |
} |
... | ... |
@@ -4,33 +4,37 @@ import "os" |
4 | 4 |
|
5 | 5 |
// Spec is the base configuration for the container. |
6 | 6 |
type Spec struct { |
7 |
- // Version is the version of the specification that is supported. |
|
7 |
+ // Version of the Open Container Runtime Specification with which the bundle complies. |
|
8 | 8 |
Version string `json:"ociVersion"` |
9 |
- // Platform is the host information for OS and Arch. |
|
9 |
+ // Platform specifies the configuration's target platform. |
|
10 | 10 |
Platform Platform `json:"platform"` |
11 |
- // Process is the container's main process. |
|
11 |
+ // Process configures the container process. |
|
12 | 12 |
Process Process `json:"process"` |
13 |
- // Root is the root information for the container's filesystem. |
|
13 |
+ // Root configures the container's root filesystem. |
|
14 | 14 |
Root Root `json:"root"` |
15 |
- // Hostname is the container's host name. |
|
15 |
+ // Hostname configures the container's hostname. |
|
16 | 16 |
Hostname string `json:"hostname,omitempty"` |
17 |
- // Mounts profile configuration for adding mounts to the container's filesystem. |
|
17 |
+ // Mounts configures additional mounts (on top of Root). |
|
18 | 18 |
Mounts []Mount `json:"mounts,omitempty"` |
19 |
- // Hooks are the commands run at various lifecycle events of the container. |
|
19 |
+ // Hooks configures callbacks for container lifecycle events. |
|
20 | 20 |
Hooks Hooks `json:"hooks"` |
21 |
- // Annotations is an unstructured key value map that may be set by external tools to store and retrieve arbitrary metadata. |
|
21 |
+ // Annotations contains arbitrary metadata for the container. |
|
22 | 22 |
Annotations map[string]string `json:"annotations,omitempty"` |
23 | 23 |
|
24 | 24 |
// Linux is platform specific configuration for Linux based containers. |
25 |
- Linux Linux `json:"linux" platform:"linux,omitempty"` |
|
25 |
+ Linux *Linux `json:"linux,omitempty" platform:"linux"` |
|
26 | 26 |
// Solaris is platform specific configuration for Solaris containers. |
27 |
- Solaris Solaris `json:"solaris" platform:"solaris,omitempty"` |
|
27 |
+ Solaris *Solaris `json:"solaris,omitempty" platform:"solaris"` |
|
28 |
+ // Windows is platform specific configuration for Windows based containers, including Hyper-V containers. |
|
29 |
+ Windows *Windows `json:"windows,omitempty" platform:"windows"` |
|
28 | 30 |
} |
29 | 31 |
|
30 | 32 |
// Process contains information to start a specific application inside the container. |
31 | 33 |
type Process struct { |
32 | 34 |
// Terminal creates an interactive terminal for the container. |
33 | 35 |
Terminal bool `json:"terminal,omitempty"` |
36 |
+ // ConsoleSize specifies the size of the console. |
|
37 |
+ ConsoleSize Box `json:"consoleSize,omitempty"` |
|
34 | 38 |
// User specifies user information for the process. |
35 | 39 |
User User `json:"user"` |
36 | 40 |
// Args specifies the binary and arguments for the application to execute. |
... | ... |
@@ -43,25 +47,33 @@ type Process struct { |
43 | 43 |
// Capabilities are Linux capabilities that are kept for the container. |
44 | 44 |
Capabilities []string `json:"capabilities,omitempty" platform:"linux"` |
45 | 45 |
// Rlimits specifies rlimit options to apply to the process. |
46 |
- Rlimits []Rlimit `json:"rlimits,omitempty"` |
|
46 |
+ Rlimits []Rlimit `json:"rlimits,omitempty" platform:"linux"` |
|
47 | 47 |
// NoNewPrivileges controls whether additional privileges could be gained by processes in the container. |
48 |
- NoNewPrivileges bool `json:"noNewPrivileges,omitempty"` |
|
49 |
- |
|
50 |
- // ApparmorProfile specified the apparmor profile for the container. (this field is platform dependent) |
|
48 |
+ NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux"` |
|
49 |
+ // ApparmorProfile specifies the apparmor profile for the container. |
|
51 | 50 |
ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"` |
52 |
- // SelinuxLabel specifies the selinux context that the container process is run as. (this field is platform dependent) |
|
51 |
+ // SelinuxLabel specifies the selinux context that the container process is run as. |
|
53 | 52 |
SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"` |
54 | 53 |
} |
55 | 54 |
|
56 |
-// User specifies Linux specific user and group information for the container's |
|
57 |
-// main process. |
|
55 |
+// Box specifies dimensions of a rectangle. Used for specifying the size of a console. |
|
56 |
+type Box struct { |
|
57 |
+ // Height is the vertical dimension of a box. |
|
58 |
+ Height uint `json:"height"` |
|
59 |
+ // Width is the horizontal dimension of a box. |
|
60 |
+ Width uint `json:"width"` |
|
61 |
+} |
|
62 |
+ |
|
63 |
+// User specifies specific user (and group) information for the container process. |
|
58 | 64 |
type User struct { |
59 |
- // UID is the user id. (this field is platform dependent) |
|
60 |
- UID uint32 `json:"uid" platform:"linux"` |
|
61 |
- // GID is the group id. (this field is platform dependent) |
|
62 |
- GID uint32 `json:"gid" platform:"linux"` |
|
63 |
- // AdditionalGids are additional group ids set for the container's process. (this field is platform dependent) |
|
64 |
- AdditionalGids []uint32 `json:"additionalGids,omitempty" platform:"linux"` |
|
65 |
+ // UID is the user id. |
|
66 |
+ UID uint32 `json:"uid" platform:"linux,solaris"` |
|
67 |
+ // GID is the group id. |
|
68 |
+ GID uint32 `json:"gid" platform:"linux,solaris"` |
|
69 |
+ // AdditionalGids are additional group ids set for the container's process. |
|
70 |
+ AdditionalGids []uint32 `json:"additionalGids,omitempty" platform:"linux,solaris"` |
|
71 |
+ // Username is the user name. |
|
72 |
+ Username string `json:"username,omitempty" platform:"windows"` |
|
65 | 73 |
} |
66 | 74 |
|
67 | 75 |
// Root contains information about the container's root filesystem on the host. |
... | ... |
@@ -262,7 +274,7 @@ type Memory struct { |
262 | 262 |
// Kernel memory limit (in bytes). |
263 | 263 |
Kernel *uint64 `json:"kernel,omitempty"` |
264 | 264 |
// Kernel memory limit for tcp (in bytes) |
265 |
- KernelTCP *uint64 `json:"kernelTCP"` |
|
265 |
+ KernelTCP *uint64 `json:"kernelTCP,omitempty"` |
|
266 | 266 |
// How aggressive the kernel will swap memory pages. Range from 0 to 100. |
267 | 267 |
Swappiness *uint64 `json:"swappiness,omitempty"` |
268 | 268 |
} |
... | ... |
@@ -294,15 +306,15 @@ type Pids struct { |
294 | 294 |
// Network identification and priority configuration |
295 | 295 |
type Network struct { |
296 | 296 |
// Set class identifier for container's network packets |
297 |
- ClassID *uint32 `json:"classID"` |
|
297 |
+ ClassID *uint32 `json:"classID,omitempty"` |
|
298 | 298 |
// Set priority of network traffic for container |
299 | 299 |
Priorities []InterfacePriority `json:"priorities,omitempty"` |
300 | 300 |
} |
301 | 301 |
|
302 | 302 |
// Resources has container runtime resource constraints |
303 | 303 |
type Resources struct { |
304 |
- // Devices are a list of device rules for the whitelist controller |
|
305 |
- Devices []DeviceCgroup `json:"devices"` |
|
304 |
+ // Devices configures the device whitelist. |
|
305 |
+ Devices []DeviceCgroup `json:"devices,omitempty"` |
|
306 | 306 |
// DisableOOMKiller disables the OOM killer for out of memory conditions |
307 | 307 |
DisableOOMKiller *bool `json:"disableOOMKiller,omitempty"` |
308 | 308 |
// Specify an oom_score_adj for the container. |
... | ... |
@@ -371,9 +383,9 @@ type Solaris struct { |
371 | 371 |
// Specification for automatic creation of network resources for this container. |
372 | 372 |
Anet []Anet `json:"anet,omitempty"` |
373 | 373 |
// Set limit on the amount of CPU time that can be used by container. |
374 |
- CappedCPU CappedCPU `json:"cappedCPU,omitempty"` |
|
374 |
+ CappedCPU *CappedCPU `json:"cappedCPU,omitempty"` |
|
375 | 375 |
// The physical and swap caps on the memory that can be used by this container. |
376 |
- CappedMemory CappedMemory `json:"cappedMemory,omitempty"` |
|
376 |
+ CappedMemory *CappedMemory `json:"cappedMemory,omitempty"` |
|
377 | 377 |
} |
378 | 378 |
|
379 | 379 |
// CappedCPU allows users to set limit on the amount of CPU time that can be used by container. |
... | ... |
@@ -405,6 +417,58 @@ type Anet struct { |
405 | 405 |
Macaddress string `json:"macAddress,omitempty"` |
406 | 406 |
} |
407 | 407 |
|
408 |
+// Windows defines the runtime configuration for Windows based containers, including Hyper-V containers. |
|
409 |
+type Windows struct { |
|
410 |
+ // Resources contains information for handling resource constraints for the container. |
|
411 |
+ Resources *WindowsResources `json:"resources,omitempty"` |
|
412 |
+} |
|
413 |
+ |
|
414 |
+// WindowsResources has container runtime resource constraints for containers running on Windows. |
|
415 |
+type WindowsResources struct { |
|
416 |
+ // Memory restriction configuration. |
|
417 |
+ Memory *WindowsMemoryResources `json:"memory,omitempty"` |
|
418 |
+ // CPU resource restriction configuration. |
|
419 |
+ CPU *WindowsCPUResources `json:"cpu,omitempty"` |
|
420 |
+ // Storage restriction configuration. |
|
421 |
+ Storage *WindowsStorageResources `json:"storage,omitempty"` |
|
422 |
+ // Network restriction configuration. |
|
423 |
+ Network *WindowsNetworkResources `json:"network,omitempty"` |
|
424 |
+} |
|
425 |
+ |
|
426 |
+// WindowsMemoryResources contains memory resource management settings. |
|
427 |
+type WindowsMemoryResources struct { |
|
428 |
+ // Memory limit in bytes. |
|
429 |
+ Limit *uint64 `json:"limit,omitempty"` |
|
430 |
+ // Memory reservation in bytes. |
|
431 |
+ Reservation *uint64 `json:"reservation,omitempty"` |
|
432 |
+} |
|
433 |
+ |
|
434 |
+// WindowsCPUResources contains CPU resource management settings. |
|
435 |
+type WindowsCPUResources struct { |
|
436 |
+ // Number of CPUs available to the container. |
|
437 |
+ Count *uint64 `json:"count,omitempty"` |
|
438 |
+ // CPU shares (relative weight to other containers with cpu shares). Range is from 1 to 10000. |
|
439 |
+ Shares *uint16 `json:"shares,omitempty"` |
|
440 |
+ // Percent of available CPUs usable by the container. |
|
441 |
+ Percent *uint8 `json:"percent,omitempty"` |
|
442 |
+} |
|
443 |
+ |
|
444 |
+// WindowsStorageResources contains storage resource management settings. |
|
445 |
+type WindowsStorageResources struct { |
|
446 |
+ // Specifies maximum Iops for the system drive. |
|
447 |
+ Iops *uint64 `json:"iops,omitempty"` |
|
448 |
+ // Specifies maximum bytes per second for the system drive. |
|
449 |
+ Bps *uint64 `json:"bps,omitempty"` |
|
450 |
+ // Sandbox size specifies the minimum size of the system drive in bytes. |
|
451 |
+ SandboxSize *uint64 `json:"sandboxSize,omitempty"` |
|
452 |
+} |
|
453 |
+ |
|
454 |
+// WindowsNetworkResources contains network resource management settings. |
|
455 |
+type WindowsNetworkResources struct { |
|
456 |
+ // EgressBandwidth is the maximum egress bandwidth in bytes per second. |
|
457 |
+ EgressBandwidth *uint64 `json:"egressBandwidth,omitempty"` |
|
458 |
+} |
|
459 |
+ |
|
408 | 460 |
// Arch used for additional architectures |
409 | 461 |
type Arch string |
410 | 462 |
|
... | ... |
@@ -8,7 +8,7 @@ type State struct { |
8 | 8 |
ID string `json:"id"` |
9 | 9 |
// Status is the runtime state of the container. |
10 | 10 |
Status string `json:"status"` |
11 |
- // Pid is the process id for the container's main process. |
|
11 |
+ // Pid is the process ID for the container process. |
|
12 | 12 |
Pid int `json:"pid"` |
13 | 13 |
// BundlePath is the path to the container's bundle directory. |
14 | 14 |
BundlePath string `json:"bundlePath"` |