Browse code
Windows: Fix 'isolation'
Signed-off-by: John Howard <jhoward@microsoft.com>
John Howard authored on 2016/02/04 05:07:00Showing 11 changed files
- api/client/build.go
- api/server/router/build/build_routes.go
- builder/dockerfile/internals.go
- daemon/execdriver/driver_windows.go
- daemon/execdriver/windows/windows.go
- daemon/list.go
- runconfig/config.go
- runconfig/config_test.go
- runconfig/hostconfig_unix.go
- runconfig/hostconfig_windows.go
- runconfig/opts/parse.go
| ... | ... |
@@ -66,7 +66,7 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
|
| 66 | 66 |
flCgroupParent := cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container")
|
| 67 | 67 |
flBuildArg := opts.NewListOpts(runconfigopts.ValidateEnv) |
| 68 | 68 |
cmd.Var(&flBuildArg, []string{"-build-arg"}, "Set build-time variables")
|
| 69 |
- isolation := cmd.String([]string{"-isolation"}, "", "Container isolation level")
|
|
| 69 |
+ isolation := cmd.String([]string{"-isolation"}, "", "Container isolation technology")
|
|
| 70 | 70 |
|
| 71 | 71 |
ulimits := make(map[string]*units.Ulimit) |
| 72 | 72 |
flUlimits := runconfigopts.NewUlimitOpt(&ulimits) |
| ... | ... |
@@ -224,7 +224,7 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
|
| 224 | 224 |
Remove: *rm, |
| 225 | 225 |
ForceRemove: *forceRm, |
| 226 | 226 |
PullParent: *pull, |
| 227 |
- IsolationLevel: container.IsolationLevel(*isolation), |
|
| 227 |
+ Isolation: container.Isolation(*isolation), |
|
| 228 | 228 |
CPUSetCPUs: *flCPUSetCpus, |
| 229 | 229 |
CPUSetMems: *flCPUSetMems, |
| 230 | 230 |
CPUShares: *flCPUShares, |
| ... | ... |
@@ -60,11 +60,11 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui |
| 60 | 60 |
options.ShmSize = shmSize |
| 61 | 61 |
} |
| 62 | 62 |
|
| 63 |
- if i := container.IsolationLevel(r.FormValue("isolation")); i != "" {
|
|
| 64 |
- if !container.IsolationLevel.IsValid(i) {
|
|
| 63 |
+ if i := container.Isolation(r.FormValue("isolation")); i != "" {
|
|
| 64 |
+ if !container.Isolation.IsValid(i) {
|
|
| 65 | 65 |
return nil, fmt.Errorf("Unsupported isolation: %q", i)
|
| 66 | 66 |
} |
| 67 |
- options.IsolationLevel = i |
|
| 67 |
+ options.Isolation = i |
|
| 68 | 68 |
} |
| 69 | 69 |
|
| 70 | 70 |
var buildUlimits = []*units.Ulimit{}
|
| ... | ... |
@@ -506,7 +506,7 @@ func (b *Builder) create() (string, error) {
|
| 506 | 506 |
|
| 507 | 507 |
// TODO: why not embed a hostconfig in builder? |
| 508 | 508 |
hostConfig := &container.HostConfig{
|
| 509 |
- Isolation: b.options.IsolationLevel, |
|
| 509 |
+ Isolation: b.options.Isolation, |
|
| 510 | 510 |
ShmSize: b.options.ShmSize, |
| 511 | 511 |
Resources: resources, |
| 512 | 512 |
} |
| ... | ... |
@@ -53,7 +53,7 @@ type Command struct {
|
| 53 | 53 |
Hostname string `json:"hostname"` // Windows sets the hostname in the execdriver |
| 54 | 54 |
LayerFolder string `json:"layer_folder"` // Layer folder for a command |
| 55 | 55 |
LayerPaths []string `json:"layer_paths"` // Layer paths for a command |
| 56 |
- Isolation string `json:"isolation"` // Isolation level for the container |
|
| 56 |
+ Isolation string `json:"isolation"` // Isolation technology for the container |
|
| 57 | 57 |
ArgsEscaped bool `json:"args_escaped"` // True if args are already escaped |
| 58 | 58 |
HvPartition bool `json:"hv_partition"` // True if it's an hypervisor partition |
| 59 | 59 |
} |
| ... | ... |
@@ -28,11 +28,11 @@ var dummyMode bool |
| 28 | 28 |
// This allows the daemon to force kill (HCS terminate) rather than shutdown |
| 29 | 29 |
var forceKill bool |
| 30 | 30 |
|
| 31 |
-// DefaultIsolation allows users to specify a default isolation mode for |
|
| 31 |
+// DefaultIsolation allows users to specify a default isolation technology for |
|
| 32 | 32 |
// when running a container on Windows. For example docker daemon -D |
| 33 | 33 |
// --exec-opt isolation=hyperv will cause Windows to always run containers |
| 34 | 34 |
// as Hyper-V containers unless otherwise specified. |
| 35 |
-var DefaultIsolation container.IsolationLevel = "process" |
|
| 35 |
+var DefaultIsolation container.Isolation = "process" |
|
| 36 | 36 |
|
| 37 | 37 |
// Define name and version for windows |
| 38 | 38 |
var ( |
| ... | ... |
@@ -83,13 +83,13 @@ func NewDriver(root string, options []string) (*Driver, error) {
|
| 83 | 83 |
} |
| 84 | 84 |
|
| 85 | 85 |
case "isolation": |
| 86 |
- if !container.IsolationLevel(val).IsValid() {
|
|
| 86 |
+ if !container.Isolation(val).IsValid() {
|
|
| 87 | 87 |
return nil, fmt.Errorf("Unrecognised exec driver option 'isolation':'%s'", val)
|
| 88 | 88 |
} |
| 89 |
- if container.IsolationLevel(val).IsHyperV() {
|
|
| 89 |
+ if container.Isolation(val).IsHyperV() {
|
|
| 90 | 90 |
DefaultIsolation = "hyperv" |
| 91 | 91 |
} |
| 92 |
- logrus.Infof("Windows default isolation level: '%s'", val)
|
|
| 92 |
+ logrus.Infof("Windows default isolation: '%s'", val)
|
|
| 93 | 93 |
default: |
| 94 | 94 |
return nil, fmt.Errorf("Unrecognised exec driver option %s\n", key)
|
| 95 | 95 |
} |
| ... | ... |
@@ -246,7 +246,7 @@ func includeContainerInList(container *container.Container, ctx *listContext) it |
| 246 | 246 |
return excludeContainer |
| 247 | 247 |
} |
| 248 | 248 |
|
| 249 |
- // Do not include container if the isolation mode doesn't match |
|
| 249 |
+ // Do not include container if isolation doesn't match |
|
| 250 | 250 |
if excludeContainer == excludeByIsolation(container, ctx) {
|
| 251 | 251 |
return excludeContainer |
| 252 | 252 |
} |
| ... | ... |
@@ -44,8 +44,8 @@ func DecodeContainerConfig(src io.Reader) (*container.Config, *container.HostCon |
| 44 | 44 |
return nil, nil, nil, err |
| 45 | 45 |
} |
| 46 | 46 |
|
| 47 |
- // Validate the isolation level |
|
| 48 |
- if err := ValidateIsolationLevel(hc); err != nil {
|
|
| 47 |
+ // Validate isolation |
|
| 48 |
+ if err := ValidateIsolation(hc); err != nil {
|
|
| 49 | 49 |
return nil, nil, nil, err |
| 50 | 50 |
} |
| 51 | 51 |
return w.Config, hc, w.NetworkingConfig, nil |
| ... | ... |
@@ -65,7 +65,7 @@ func TestDecodeContainerConfig(t *testing.T) {
|
| 65 | 65 |
} |
| 66 | 66 |
} |
| 67 | 67 |
|
| 68 |
-// TestDecodeContainerConfigIsolation validates the isolation level passed |
|
| 68 |
+// TestDecodeContainerConfigIsolation validates isolation passed |
|
| 69 | 69 |
// to the daemon in the hostConfig structure. Note this is platform specific |
| 70 | 70 |
// as to what level of container isolation is supported. |
| 71 | 71 |
func TestDecodeContainerConfigIsolation(t *testing.T) {
|
| ... | ... |
@@ -77,17 +77,30 @@ func TestDecodeContainerConfigIsolation(t *testing.T) {
|
| 77 | 77 |
} |
| 78 | 78 |
} |
| 79 | 79 |
|
| 80 |
- // Blank isolation level (== default) |
|
| 80 |
+ // Blank isolation (== default) |
|
| 81 | 81 |
if _, _, _, err := callDecodeContainerConfigIsolation(""); err != nil {
|
| 82 | 82 |
t.Fatal("Blank isolation should have succeeded")
|
| 83 | 83 |
} |
| 84 | 84 |
|
| 85 |
- // Default isolation level |
|
| 85 |
+ // Default isolation |
|
| 86 | 86 |
if _, _, _, err := callDecodeContainerConfigIsolation("default"); err != nil {
|
| 87 | 87 |
t.Fatal("default isolation should have succeeded")
|
| 88 | 88 |
} |
| 89 | 89 |
|
| 90 |
- // Hyper-V Containers isolation level (Valid on Windows only) |
|
| 90 |
+ // Process isolation (Valid on Windows only) |
|
| 91 |
+ if runtime.GOOS == "windows" {
|
|
| 92 |
+ if _, _, _, err := callDecodeContainerConfigIsolation("process"); err != nil {
|
|
| 93 |
+ t.Fatal("process isolation should have succeeded")
|
|
| 94 |
+ } |
|
| 95 |
+ } else {
|
|
| 96 |
+ if _, _, _, err := callDecodeContainerConfigIsolation("process"); err != nil {
|
|
| 97 |
+ if !strings.Contains(err.Error(), `invalid --isolation: "process"`) {
|
|
| 98 |
+ t.Fatal(err) |
|
| 99 |
+ } |
|
| 100 |
+ } |
|
| 101 |
+ } |
|
| 102 |
+ |
|
| 103 |
+ // Hyper-V Containers isolation (Valid on Windows only) |
|
| 91 | 104 |
if runtime.GOOS == "windows" {
|
| 92 | 105 |
if _, _, _, err := callDecodeContainerConfigIsolation("hyperv"); err != nil {
|
| 93 | 106 |
t.Fatal("hyperv isolation should have succeeded")
|
| ... | ... |
@@ -102,7 +115,7 @@ func TestDecodeContainerConfigIsolation(t *testing.T) {
|
| 102 | 102 |
} |
| 103 | 103 |
|
| 104 | 104 |
// callDecodeContainerConfigIsolation is a utility function to call |
| 105 |
-// DecodeContainerConfig for validating isolation levels |
|
| 105 |
+// DecodeContainerConfig for validating isolation |
|
| 106 | 106 |
func callDecodeContainerConfigIsolation(isolation string) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
|
| 107 | 107 |
var ( |
| 108 | 108 |
b []byte |
| ... | ... |
@@ -112,7 +125,7 @@ func callDecodeContainerConfigIsolation(isolation string) (*container.Config, *c |
| 112 | 112 |
Config: &container.Config{},
|
| 113 | 113 |
HostConfig: &container.HostConfig{
|
| 114 | 114 |
NetworkMode: "none", |
| 115 |
- Isolation: container.IsolationLevel(isolation)}, |
|
| 115 |
+ Isolation: container.Isolation(isolation)}, |
|
| 116 | 116 |
} |
| 117 | 117 |
if b, err = json.Marshal(w); err != nil {
|
| 118 | 118 |
return nil, nil, nil, fmt.Errorf("Error on marshal %s", err.Error())
|
| ... | ... |
@@ -70,10 +70,10 @@ func ValidateNetMode(c *container.Config, hc *container.HostConfig) error {
|
| 70 | 70 |
return nil |
| 71 | 71 |
} |
| 72 | 72 |
|
| 73 |
-// ValidateIsolationLevel performs platform specific validation of the |
|
| 74 |
-// isolation level in the hostconfig structure. Linux only supports "default" |
|
| 73 |
+// ValidateIsolation performs platform specific validation of |
|
| 74 |
+// isolation in the hostconfig structure. Linux only supports "default" |
|
| 75 | 75 |
// which is LXC container isolation |
| 76 |
-func ValidateIsolationLevel(hc *container.HostConfig) error {
|
|
| 76 |
+func ValidateIsolation(hc *container.HostConfig) error {
|
|
| 77 | 77 |
// We may not be passed a host config, such as in the case of docker commit |
| 78 | 78 |
if hc == nil {
|
| 79 | 79 |
return nil |
| ... | ... |
@@ -34,10 +34,10 @@ func ValidateNetMode(c *container.Config, hc *container.HostConfig) error {
|
| 34 | 34 |
return nil |
| 35 | 35 |
} |
| 36 | 36 |
|
| 37 |
-// ValidateIsolationLevel performs platform specific validation of the |
|
| 38 |
-// isolation level in the hostconfig structure. Windows supports 'default' (or |
|
| 37 |
+// ValidateIsolation performs platform specific validation of the |
|
| 38 |
+// isolation in the hostconfig structure. Windows supports 'default' (or |
|
| 39 | 39 |
// blank), 'process', or 'hyperv'. |
| 40 |
-func ValidateIsolationLevel(hc *container.HostConfig) error {
|
|
| 40 |
+func ValidateIsolation(hc *container.HostConfig) error {
|
|
| 41 | 41 |
// We may not be passed a host config, such as in the case of docker commit |
| 42 | 42 |
if hc == nil {
|
| 43 | 43 |
return nil |
| ... | ... |
@@ -91,7 +91,7 @@ func Parse(cmd *flag.FlagSet, args []string) (*container.Config, *container.Host |
| 91 | 91 |
flCgroupParent = cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container")
|
| 92 | 92 |
flVolumeDriver = cmd.String([]string{"-volume-driver"}, "", "Optional volume driver for the container")
|
| 93 | 93 |
flStopSignal = cmd.String([]string{"-stop-signal"}, signal.DefaultStopSignal, fmt.Sprintf("Signal to stop a container, %v by default", signal.DefaultStopSignal))
|
| 94 |
- flIsolation = cmd.String([]string{"-isolation"}, "", "Container isolation level")
|
|
| 94 |
+ flIsolation = cmd.String([]string{"-isolation"}, "", "Container isolation technology")
|
|
| 95 | 95 |
flShmSize = cmd.String([]string{"-shm-size"}, "", "Size of /dev/shm, default value is 64MB")
|
| 96 | 96 |
) |
| 97 | 97 |
|
| ... | ... |
@@ -408,7 +408,7 @@ func Parse(cmd *flag.FlagSet, args []string) (*container.Config, *container.Host |
| 408 | 408 |
ReadonlyRootfs: *flReadonlyRootfs, |
| 409 | 409 |
LogConfig: container.LogConfig{Type: *flLoggingDriver, Config: loggingOpts},
|
| 410 | 410 |
VolumeDriver: *flVolumeDriver, |
| 411 |
- Isolation: container.IsolationLevel(*flIsolation), |
|
| 411 |
+ Isolation: container.Isolation(*flIsolation), |
|
| 412 | 412 |
ShmSize: shmSize, |
| 413 | 413 |
Resources: resources, |
| 414 | 414 |
Tmpfs: tmpfs, |