// +build !windows package main import ( "encoding/json" "fmt" "path/filepath" "strings" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/mount" "github.com/docker/docker/api/types/swarm" "github.com/docker/docker/integration-cli/checker" "github.com/go-check/check" "gotest.tools/assert" ) func (s *DockerSwarmSuite) TestServiceCreateMountVolume(c *check.C) { d := s.AddDaemon(c, true, true) out, err := d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--mount", "type=volume,source=foo,target=/foo,volume-nocopy", "busybox", "top") assert.NilError(c, err, out) id := strings.TrimSpace(out) var tasks []swarm.Task waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { tasks = d.GetServiceTasks(c, id) return len(tasks) > 0, nil }, checker.Equals, true) task := tasks[0] waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { if task.NodeID == "" || task.Status.ContainerStatus == nil { task = d.GetTask(c, task.ID) } return task.NodeID != "" && task.Status.ContainerStatus != nil, nil }, checker.Equals, true) // check container mount config out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .HostConfig.Mounts}}", task.Status.ContainerStatus.ContainerID) assert.NilError(c, err, out) var mountConfig []mount.Mount c.Assert(json.Unmarshal([]byte(out), &mountConfig), checker.IsNil) c.Assert(mountConfig, checker.HasLen, 1) c.Assert(mountConfig[0].Source, checker.Equals, "foo") c.Assert(mountConfig[0].Target, checker.Equals, "/foo") c.Assert(mountConfig[0].Type, checker.Equals, mount.TypeVolume) c.Assert(mountConfig[0].VolumeOptions, checker.NotNil) c.Assert(mountConfig[0].VolumeOptions.NoCopy, checker.True) // check container mounts actual out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .Mounts}}", task.Status.ContainerStatus.ContainerID) assert.NilError(c, err, out) var mounts []types.MountPoint c.Assert(json.Unmarshal([]byte(out), &mounts), checker.IsNil) c.Assert(mounts, checker.HasLen, 1) c.Assert(mounts[0].Type, checker.Equals, mount.TypeVolume) c.Assert(mounts[0].Name, checker.Equals, "foo") c.Assert(mounts[0].Destination, checker.Equals, "/foo") c.Assert(mounts[0].RW, checker.Equals, true) } func (s *DockerSwarmSuite) TestServiceCreateWithSecretSimple(c *check.C) { d := s.AddDaemon(c, true, true) serviceName := "test-service-secret" testName := "test_secret" id := d.CreateSecret(c, swarm.SecretSpec{ Annotations: swarm.Annotations{ Name: testName, }, Data: []byte("TESTINGDATA"), }) c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id)) out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--secret", testName, "busybox", "top") assert.NilError(c, err, out) out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName) assert.NilError(c, err) var refs []swarm.SecretReference c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil) assert.Equal(c, len(refs), 1) c.Assert(refs[0].SecretName, checker.Equals, testName) c.Assert(refs[0].File, checker.Not(checker.IsNil)) c.Assert(refs[0].File.Name, checker.Equals, testName) c.Assert(refs[0].File.UID, checker.Equals, "0") c.Assert(refs[0].File.GID, checker.Equals, "0") out, err = d.Cmd("service", "rm", serviceName) assert.NilError(c, err, out) d.DeleteSecret(c, testName) } func (s *DockerSwarmSuite) TestServiceCreateWithSecretSourceTargetPaths(c *check.C) { d := s.AddDaemon(c, true, true) testPaths := map[string]string{ "app": "/etc/secret", "test_secret": "test_secret", "relative_secret": "relative/secret", "escapes_in_container": "../secret", } var secretFlags []string for testName, testTarget := range testPaths { id := d.CreateSecret(c, swarm.SecretSpec{ Annotations: swarm.Annotations{ Name: testName, }, Data: []byte("TESTINGDATA " + testName + " " + testTarget), }) c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id)) secretFlags = append(secretFlags, "--secret", fmt.Sprintf("source=%s,target=%s", testName, testTarget)) } serviceName := "svc" serviceCmd := []string{"service", "create", "--detach", "--no-resolve-image", "--name", serviceName} serviceCmd = append(serviceCmd, secretFlags...) serviceCmd = append(serviceCmd, "busybox", "top") out, err := d.Cmd(serviceCmd...) assert.NilError(c, err, out) out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName) assert.NilError(c, err) var refs []swarm.SecretReference c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil) assert.Equal(c, len(refs), len(testPaths)) var tasks []swarm.Task waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { tasks = d.GetServiceTasks(c, serviceName) return len(tasks) > 0, nil }, checker.Equals, true) task := tasks[0] waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { if task.NodeID == "" || task.Status.ContainerStatus == nil { task = d.GetTask(c, task.ID) } return task.NodeID != "" && task.Status.ContainerStatus != nil, nil }, checker.Equals, true) for testName, testTarget := range testPaths { path := testTarget if !filepath.IsAbs(path) { path = filepath.Join("/run/secrets", path) } out, err := d.Cmd("exec", task.Status.ContainerStatus.ContainerID, "cat", path) assert.NilError(c, err) assert.Equal(c, out, "TESTINGDATA "+testName+" "+testTarget) } out, err = d.Cmd("service", "rm", serviceName) assert.NilError(c, err, out) } func (s *DockerSwarmSuite) TestServiceCreateWithSecretReferencedTwice(c *check.C) { d := s.AddDaemon(c, true, true) id := d.CreateSecret(c, swarm.SecretSpec{ Annotations: swarm.Annotations{ Name: "mysecret", }, Data: []byte("TESTINGDATA"), }) c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id)) serviceName := "svc" out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--secret", "source=mysecret,target=target1", "--secret", "source=mysecret,target=target2", "busybox", "top") assert.NilError(c, err, out) out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName) assert.NilError(c, err) var refs []swarm.SecretReference c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil) assert.Equal(c, len(refs), 2) var tasks []swarm.Task waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { tasks = d.GetServiceTasks(c, serviceName) return len(tasks) > 0, nil }, checker.Equals, true) task := tasks[0] waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { if task.NodeID == "" || task.Status.ContainerStatus == nil { task = d.GetTask(c, task.ID) } return task.NodeID != "" && task.Status.ContainerStatus != nil, nil }, checker.Equals, true) for _, target := range []string{"target1", "target2"} { assert.NilError(c, err, out) path := filepath.Join("/run/secrets", target) out, err := d.Cmd("exec", task.Status.ContainerStatus.ContainerID, "cat", path) assert.NilError(c, err) assert.Equal(c, out, "TESTINGDATA") } out, err = d.Cmd("service", "rm", serviceName) assert.NilError(c, err, out) } func (s *DockerSwarmSuite) TestServiceCreateWithConfigSimple(c *check.C) { d := s.AddDaemon(c, true, true) serviceName := "test-service-config" testName := "test_config" id := d.CreateConfig(c, swarm.ConfigSpec{ Annotations: swarm.Annotations{ Name: testName, }, Data: []byte("TESTINGDATA"), }) c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("configs: %s", id)) out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--config", testName, "busybox", "top") assert.NilError(c, err, out) out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Configs }}", serviceName) assert.NilError(c, err) var refs []swarm.ConfigReference c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil) assert.Equal(c, len(refs), 1) c.Assert(refs[0].ConfigName, checker.Equals, testName) c.Assert(refs[0].File, checker.Not(checker.IsNil)) c.Assert(refs[0].File.Name, checker.Equals, testName) c.Assert(refs[0].File.UID, checker.Equals, "0") c.Assert(refs[0].File.GID, checker.Equals, "0") out, err = d.Cmd("service", "rm", serviceName) assert.NilError(c, err, out) d.DeleteConfig(c, testName) } func (s *DockerSwarmSuite) TestServiceCreateWithConfigSourceTargetPaths(c *check.C) { d := s.AddDaemon(c, true, true) testPaths := map[string]string{ "app": "/etc/config", "test_config": "test_config", "relative_config": "relative/config", } var configFlags []string for testName, testTarget := range testPaths { id := d.CreateConfig(c, swarm.ConfigSpec{ Annotations: swarm.Annotations{ Name: testName, }, Data: []byte("TESTINGDATA " + testName + " " + testTarget), }) c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("configs: %s", id)) configFlags = append(configFlags, "--config", fmt.Sprintf("source=%s,target=%s", testName, testTarget)) } serviceName := "svc" serviceCmd := []string{"service", "create", "--detach", "--no-resolve-image", "--name", serviceName} serviceCmd = append(serviceCmd, configFlags...) serviceCmd = append(serviceCmd, "busybox", "top") out, err := d.Cmd(serviceCmd...) assert.NilError(c, err, out) out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Configs }}", serviceName) assert.NilError(c, err) var refs []swarm.ConfigReference c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil) assert.Equal(c, len(refs), len(testPaths)) var tasks []swarm.Task waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { tasks = d.GetServiceTasks(c, serviceName) return len(tasks) > 0, nil }, checker.Equals, true) task := tasks[0] waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { if task.NodeID == "" || task.Status.ContainerStatus == nil { task = d.GetTask(c, task.ID) } return task.NodeID != "" && task.Status.ContainerStatus != nil, nil }, checker.Equals, true) for testName, testTarget := range testPaths { path := testTarget if !filepath.IsAbs(path) { path = filepath.Join("/", path) } out, err := d.Cmd("exec", task.Status.ContainerStatus.ContainerID, "cat", path) assert.NilError(c, err) assert.Equal(c, out, "TESTINGDATA "+testName+" "+testTarget) } out, err = d.Cmd("service", "rm", serviceName) assert.NilError(c, err, out) } func (s *DockerSwarmSuite) TestServiceCreateWithConfigReferencedTwice(c *check.C) { d := s.AddDaemon(c, true, true) id := d.CreateConfig(c, swarm.ConfigSpec{ Annotations: swarm.Annotations{ Name: "myconfig", }, Data: []byte("TESTINGDATA"), }) c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("configs: %s", id)) serviceName := "svc" out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--config", "source=myconfig,target=target1", "--config", "source=myconfig,target=target2", "busybox", "top") assert.NilError(c, err, out) out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Configs }}", serviceName) assert.NilError(c, err) var refs []swarm.ConfigReference c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil) assert.Equal(c, len(refs), 2) var tasks []swarm.Task waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { tasks = d.GetServiceTasks(c, serviceName) return len(tasks) > 0, nil }, checker.Equals, true) task := tasks[0] waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { if task.NodeID == "" || task.Status.ContainerStatus == nil { task = d.GetTask(c, task.ID) } return task.NodeID != "" && task.Status.ContainerStatus != nil, nil }, checker.Equals, true) for _, target := range []string{"target1", "target2"} { assert.NilError(c, err, out) path := filepath.Join("/", target) out, err := d.Cmd("exec", task.Status.ContainerStatus.ContainerID, "cat", path) assert.NilError(c, err) assert.Equal(c, out, "TESTINGDATA") } out, err = d.Cmd("service", "rm", serviceName) assert.NilError(c, err, out) } func (s *DockerSwarmSuite) TestServiceCreateMountTmpfs(c *check.C) { d := s.AddDaemon(c, true, true) out, err := d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--mount", "type=tmpfs,target=/foo,tmpfs-size=1MB", "busybox", "sh", "-c", "mount | grep foo; tail -f /dev/null") assert.NilError(c, err, out) id := strings.TrimSpace(out) var tasks []swarm.Task waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { tasks = d.GetServiceTasks(c, id) return len(tasks) > 0, nil }, checker.Equals, true) task := tasks[0] waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { if task.NodeID == "" || task.Status.ContainerStatus == nil { task = d.GetTask(c, task.ID) } return task.NodeID != "" && task.Status.ContainerStatus != nil, nil }, checker.Equals, true) // check container mount config out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .HostConfig.Mounts}}", task.Status.ContainerStatus.ContainerID) assert.NilError(c, err, out) var mountConfig []mount.Mount c.Assert(json.Unmarshal([]byte(out), &mountConfig), checker.IsNil) c.Assert(mountConfig, checker.HasLen, 1) c.Assert(mountConfig[0].Source, checker.Equals, "") c.Assert(mountConfig[0].Target, checker.Equals, "/foo") c.Assert(mountConfig[0].Type, checker.Equals, mount.TypeTmpfs) c.Assert(mountConfig[0].TmpfsOptions, checker.NotNil) c.Assert(mountConfig[0].TmpfsOptions.SizeBytes, checker.Equals, int64(1048576)) // check container mounts actual out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .Mounts}}", task.Status.ContainerStatus.ContainerID) assert.NilError(c, err, out) var mounts []types.MountPoint c.Assert(json.Unmarshal([]byte(out), &mounts), checker.IsNil) c.Assert(mounts, checker.HasLen, 1) c.Assert(mounts[0].Type, checker.Equals, mount.TypeTmpfs) c.Assert(mounts[0].Name, checker.Equals, "") c.Assert(mounts[0].Destination, checker.Equals, "/foo") c.Assert(mounts[0].RW, checker.Equals, true) out, err = s.nodeCmd(c, task.NodeID, "logs", task.Status.ContainerStatus.ContainerID) assert.NilError(c, err, out) assert.Assert(c, strings.HasPrefix(strings.TrimSpace(out), "tmpfs on /foo type tmpfs")) assert.Assert(c, strings.Contains(strings.TrimSpace(out), "size=1024k")) } func (s *DockerSwarmSuite) TestServiceCreateWithNetworkAlias(c *check.C) { d := s.AddDaemon(c, true, true) out, err := d.Cmd("network", "create", "--scope=swarm", "test_swarm_br") assert.NilError(c, err, out) out, err = d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--network=name=test_swarm_br,alias=srv_alias", "--name=alias_tst_container", "busybox", "top") assert.NilError(c, err, out) id := strings.TrimSpace(out) var tasks []swarm.Task waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { tasks = d.GetServiceTasks(c, id) return len(tasks) > 0, nil }, checker.Equals, true) task := tasks[0] waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { if task.NodeID == "" || task.Status.ContainerStatus == nil { task = d.GetTask(c, task.ID) } return task.NodeID != "" && task.Status.ContainerStatus != nil, nil }, checker.Equals, true) // check container alias config out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .NetworkSettings.Networks.test_swarm_br.Aliases}}", task.Status.ContainerStatus.ContainerID) assert.NilError(c, err, out) // Make sure the only alias seen is the container-id var aliases []string c.Assert(json.Unmarshal([]byte(out), &aliases), checker.IsNil) c.Assert(aliases, checker.HasLen, 1) c.Assert(task.Status.ContainerStatus.ContainerID, checker.Contains, aliases[0]) }