2018-11-14 11:20:35 +00:00
|
|
|
package docker
|
|
|
|
|
|
|
|
import (
|
2020-05-26 13:44:26 +00:00
|
|
|
"context"
|
2018-11-20 03:41:14 +00:00
|
|
|
"fmt"
|
2020-09-23 18:44:27 +00:00
|
|
|
"runtime"
|
2018-11-14 11:20:35 +00:00
|
|
|
"strconv"
|
|
|
|
"strings"
|
|
|
|
"time"
|
|
|
|
|
2018-11-26 21:45:01 +00:00
|
|
|
docker "github.com/fsouza/go-dockerclient"
|
2019-12-18 11:58:53 +00:00
|
|
|
"github.com/hashicorp/go-hclog"
|
2021-05-13 20:21:52 +00:00
|
|
|
"github.com/hashicorp/nomad/drivers/shared/capabilities"
|
drivers: restore port_map old json support
This ensures that `port_map` along with other block like attribute
declarations (e.g. ulimit, labels, etc) can handle various hcl and json
syntax that was supported in 0.8.
In 0.8.7, the following declarations are effectively equivalent:
```
// hcl block
port_map {
http = 80
https = 443
}
// hcl assignment
port_map = {
http = 80
https = 443
}
// json single element array of map (default in API response)
{"port_map": [{"http": 80, "https": 443}]}
// json array of individual maps (supported accidentally iiuc)
{"port_map: [{"http": 80}, {"https": 443}]}
```
We achieve compatbility by using `NewAttr("...", "list(map(string))",
false)` to be serialized to a `map[string]string` wrapper, instead of using
`BlockAttrs` declaration. The wrapper merges the list of maps
automatically, to ease driver development.
This approach is closer to how v0.8.7 implemented the fields [1][2], and
despite its verbosity, seems to perserve 0.8.7 behavior in hcl2.
This is only required for built-in types that have backward
compatibility constraints. External drivers should use `BlockAttrs`
instead, as they see fit.
[1] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L216
[2] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L698-L700
2019-02-13 17:55:48 +00:00
|
|
|
"github.com/hashicorp/nomad/helper/pluginutils/hclutils"
|
2019-01-23 14:27:14 +00:00
|
|
|
"github.com/hashicorp/nomad/helper/pluginutils/loader"
|
2018-11-14 11:20:35 +00:00
|
|
|
"github.com/hashicorp/nomad/plugins/base"
|
|
|
|
"github.com/hashicorp/nomad/plugins/drivers"
|
|
|
|
"github.com/hashicorp/nomad/plugins/shared/hclspec"
|
|
|
|
)
|
|
|
|
|
2018-11-16 18:52:54 +00:00
|
|
|
const (
|
|
|
|
// NoSuchContainerError is returned by the docker daemon if the container
|
|
|
|
// does not exist.
|
|
|
|
NoSuchContainerError = "No such container"
|
|
|
|
|
2018-12-15 19:30:29 +00:00
|
|
|
// ContainerNotRunningError is returned by the docker daemon if the container
|
|
|
|
// is not running, yet we requested it to stop
|
|
|
|
ContainerNotRunningError = "Container not running"
|
|
|
|
|
2018-11-16 18:52:54 +00:00
|
|
|
// pluginName is the name of the plugin
|
|
|
|
pluginName = "docker"
|
|
|
|
|
|
|
|
// fingerprintPeriod is the interval at which the driver will send fingerprint responses
|
|
|
|
fingerprintPeriod = 30 * time.Second
|
|
|
|
|
|
|
|
// dockerTimeout is the length of time a request can be outstanding before
|
|
|
|
// it is timed out.
|
|
|
|
dockerTimeout = 5 * time.Minute
|
|
|
|
|
|
|
|
// dockerAuthHelperPrefix is the prefix to attach to the credential helper
|
|
|
|
// and should be found in the $PATH. Example: ${prefix-}${helper-name}
|
|
|
|
dockerAuthHelperPrefix = "docker-credential-"
|
|
|
|
)
|
|
|
|
|
2018-11-14 11:20:35 +00:00
|
|
|
func PluginLoader(opts map[string]string) (map[string]interface{}, error) {
|
|
|
|
conf := map[string]interface{}{}
|
|
|
|
if v, ok := opts["docker.endpoint"]; ok {
|
|
|
|
conf["endpoint"] = v
|
|
|
|
}
|
2018-11-20 02:07:30 +00:00
|
|
|
|
|
|
|
// dockerd auth
|
|
|
|
authConf := map[string]interface{}{}
|
2018-11-14 11:20:35 +00:00
|
|
|
if v, ok := opts["docker.auth.config"]; ok {
|
2018-11-20 02:32:08 +00:00
|
|
|
authConf["config"] = v
|
2018-11-14 11:20:35 +00:00
|
|
|
}
|
|
|
|
if v, ok := opts["docker.auth.helper"]; ok {
|
2018-11-20 02:32:08 +00:00
|
|
|
authConf["helper"] = v
|
2018-11-14 11:20:35 +00:00
|
|
|
}
|
2018-11-20 02:07:30 +00:00
|
|
|
conf["auth"] = authConf
|
|
|
|
|
|
|
|
// dockerd tls
|
2018-11-14 11:20:35 +00:00
|
|
|
if _, ok := opts["docker.tls.cert"]; ok {
|
|
|
|
conf["tls"] = map[string]interface{}{
|
|
|
|
"cert": opts["docker.tls.cert"],
|
|
|
|
"key": opts["docker.tls.key"],
|
|
|
|
"ca": opts["docker.tls.ca"],
|
|
|
|
}
|
|
|
|
}
|
2018-11-20 02:07:30 +00:00
|
|
|
|
|
|
|
// garbage collection
|
|
|
|
gcConf := map[string]interface{}{}
|
|
|
|
if v, err := strconv.ParseBool(opts["docker.cleanup.image"]); err == nil {
|
|
|
|
gcConf["image"] = v
|
|
|
|
}
|
2018-11-14 11:20:35 +00:00
|
|
|
if v, ok := opts["docker.cleanup.image.delay"]; ok {
|
2018-11-20 02:07:30 +00:00
|
|
|
gcConf["image_delay"] = v
|
|
|
|
}
|
|
|
|
if v, err := strconv.ParseBool(opts["docker.cleanup.container"]); err == nil {
|
|
|
|
gcConf["container"] = v
|
|
|
|
}
|
|
|
|
conf["gc"] = gcConf
|
|
|
|
|
|
|
|
// volume options
|
2018-11-20 02:32:08 +00:00
|
|
|
volConf := map[string]interface{}{}
|
2018-11-20 02:07:30 +00:00
|
|
|
if v, err := strconv.ParseBool(opts["docker.volumes.enabled"]); err == nil {
|
2018-11-20 02:32:08 +00:00
|
|
|
volConf["enabled"] = v
|
2018-11-14 11:20:35 +00:00
|
|
|
}
|
|
|
|
if v, ok := opts["docker.volumes.selinuxlabel"]; ok {
|
2018-11-20 02:32:08 +00:00
|
|
|
volConf["selinuxlabel"] = v
|
2018-11-14 11:20:35 +00:00
|
|
|
}
|
2018-11-20 02:32:08 +00:00
|
|
|
conf["volumes"] = volConf
|
2018-11-20 02:07:30 +00:00
|
|
|
|
|
|
|
// capabilities
|
2020-10-14 22:17:47 +00:00
|
|
|
// COMPAT(1.0) uses inclusive language. whitelist is used for backward compatibility.
|
2020-10-12 12:47:05 +00:00
|
|
|
if v, ok := opts["docker.caps.allowlist"]; ok {
|
|
|
|
conf["allow_caps"] = strings.Split(v, ",")
|
|
|
|
} else if v, ok := opts["docker.caps.whitelist"]; ok {
|
2018-11-14 11:20:35 +00:00
|
|
|
conf["allow_caps"] = strings.Split(v, ",")
|
|
|
|
}
|
2018-11-20 02:07:30 +00:00
|
|
|
|
|
|
|
// privileged containers
|
2018-11-14 11:20:35 +00:00
|
|
|
if v, err := strconv.ParseBool(opts["docker.privileged.enabled"]); err == nil {
|
|
|
|
conf["allow_privileged"] = v
|
|
|
|
}
|
2018-12-18 01:03:43 +00:00
|
|
|
|
|
|
|
// nvidia_runtime
|
|
|
|
if v, ok := opts["docker.nvidia_runtime"]; ok {
|
|
|
|
conf["nvidia_runtime"] = v
|
|
|
|
}
|
|
|
|
|
2018-11-14 11:20:35 +00:00
|
|
|
return conf, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
var (
|
|
|
|
// PluginID is the rawexec plugin metadata registered in the plugin
|
|
|
|
// catalog.
|
|
|
|
PluginID = loader.PluginID{
|
|
|
|
Name: pluginName,
|
|
|
|
PluginType: base.PluginTypeDriver,
|
|
|
|
}
|
|
|
|
|
|
|
|
// PluginConfig is the rawexec factory function registered in the
|
|
|
|
// plugin catalog.
|
|
|
|
PluginConfig = &loader.InternalPluginConfig{
|
|
|
|
Config: map[string]interface{}{},
|
2020-05-26 13:44:26 +00:00
|
|
|
Factory: func(ctx context.Context, l hclog.Logger) interface{} { return NewDockerDriver(ctx, l) },
|
2018-11-14 11:20:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// pluginInfo is the response returned for the PluginInfo RPC
|
|
|
|
pluginInfo = &base.PluginInfoResponse{
|
2018-12-18 00:40:58 +00:00
|
|
|
Type: base.PluginTypeDriver,
|
|
|
|
PluginApiVersions: []string{drivers.ApiVersion010},
|
|
|
|
PluginVersion: "0.1.0",
|
|
|
|
Name: pluginName,
|
2018-11-14 11:20:35 +00:00
|
|
|
}
|
|
|
|
|
2019-09-13 15:24:58 +00:00
|
|
|
danglingContainersBlock = hclspec.NewObject(map[string]*hclspec.Spec{
|
|
|
|
"enabled": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("enabled", "bool", false),
|
|
|
|
hclspec.NewLiteral(`true`),
|
|
|
|
),
|
|
|
|
"period": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("period", "string", false),
|
|
|
|
hclspec.NewLiteral(`"5m"`),
|
|
|
|
),
|
2019-10-17 12:37:18 +00:00
|
|
|
"creation_grace": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("creation_grace", "string", false),
|
2019-09-13 15:24:58 +00:00
|
|
|
hclspec.NewLiteral(`"5m"`),
|
|
|
|
),
|
2019-10-17 12:37:18 +00:00
|
|
|
"dry_run": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("dry_run", "bool", false),
|
|
|
|
hclspec.NewLiteral(`false`),
|
|
|
|
),
|
2019-09-13 15:24:58 +00:00
|
|
|
})
|
|
|
|
|
2018-11-14 11:20:35 +00:00
|
|
|
// configSpec is the hcl specification returned by the ConfigSchema RPC
|
2018-11-20 02:32:08 +00:00
|
|
|
// and is used to parse the contents of the 'plugin "docker" {...}' block.
|
|
|
|
// Example:
|
|
|
|
// plugin "docker" {
|
2019-01-10 19:20:18 +00:00
|
|
|
// config {
|
2018-11-20 02:32:08 +00:00
|
|
|
// endpoint = "unix:///var/run/docker.sock"
|
|
|
|
// auth {
|
|
|
|
// config = "/etc/docker-auth.json"
|
|
|
|
// helper = "docker-credential-aws"
|
|
|
|
// }
|
|
|
|
// tls {
|
|
|
|
// cert = "/etc/nomad/nomad.pub"
|
|
|
|
// key = "/etc/nomad/nomad.pem"
|
|
|
|
// ca = "/etc/nomad/nomad.cert"
|
|
|
|
// }
|
|
|
|
// gc {
|
|
|
|
// image = true
|
|
|
|
// image_delay = "5m"
|
|
|
|
// container = false
|
|
|
|
// }
|
|
|
|
// volumes {
|
|
|
|
// enabled = true
|
|
|
|
// selinuxlabel = "z"
|
|
|
|
// }
|
|
|
|
// allow_privileged = false
|
|
|
|
// allow_caps = ["CHOWN", "NET_RAW" ... ]
|
2018-12-18 01:03:43 +00:00
|
|
|
// nvidia_runtime = "nvidia"
|
2019-01-10 19:20:18 +00:00
|
|
|
// }
|
2018-11-20 02:32:08 +00:00
|
|
|
// }
|
2018-11-14 11:20:35 +00:00
|
|
|
configSpec = hclspec.NewObject(map[string]*hclspec.Spec{
|
2018-11-20 02:07:30 +00:00
|
|
|
"endpoint": hclspec.NewAttr("endpoint", "string", false),
|
2018-11-20 03:58:05 +00:00
|
|
|
|
|
|
|
// docker daemon auth option for image registry
|
2018-11-20 02:07:30 +00:00
|
|
|
"auth": hclspec.NewBlock("auth", false, hclspec.NewObject(map[string]*hclspec.Spec{
|
|
|
|
"config": hclspec.NewAttr("config", "string", false),
|
|
|
|
"helper": hclspec.NewAttr("helper", "string", false),
|
|
|
|
})),
|
2018-11-20 03:58:05 +00:00
|
|
|
|
|
|
|
// client tls options
|
2018-11-14 11:20:35 +00:00
|
|
|
"tls": hclspec.NewBlock("tls", false, hclspec.NewObject(map[string]*hclspec.Spec{
|
|
|
|
"cert": hclspec.NewAttr("cert", "string", false),
|
|
|
|
"key": hclspec.NewAttr("key", "string", false),
|
|
|
|
"ca": hclspec.NewAttr("ca", "string", false),
|
|
|
|
})),
|
2018-11-20 03:58:05 +00:00
|
|
|
|
2021-03-08 13:59:52 +00:00
|
|
|
// extra docker labels, globs supported
|
|
|
|
"extra_labels": hclspec.NewAttr("extra_labels", "list(string)", false),
|
|
|
|
|
2021-03-12 21:04:33 +00:00
|
|
|
// logging options
|
|
|
|
"logging": hclspec.NewDefault(hclspec.NewBlock("logging", false, hclspec.NewObject(map[string]*hclspec.Spec{
|
|
|
|
"type": hclspec.NewAttr("type", "string", false),
|
|
|
|
"config": hclspec.NewBlockAttrs("config", "string", false),
|
|
|
|
})), hclspec.NewLiteral(`{
|
|
|
|
type = "json-file"
|
|
|
|
config = {
|
|
|
|
max-file = "2"
|
|
|
|
max-size = "2m"
|
|
|
|
}
|
|
|
|
}`)),
|
|
|
|
|
2018-11-20 03:58:05 +00:00
|
|
|
// garbage collection options
|
|
|
|
// default needed for both if the gc {...} block is not set and
|
|
|
|
// if the default fields are missing
|
|
|
|
"gc": hclspec.NewDefault(hclspec.NewBlock("gc", false, hclspec.NewObject(map[string]*hclspec.Spec{
|
2018-11-20 02:07:30 +00:00
|
|
|
"image": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("image", "bool", false),
|
|
|
|
hclspec.NewLiteral("true"),
|
|
|
|
),
|
2019-08-06 06:01:51 +00:00
|
|
|
"image_delay": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("image_delay", "string", false),
|
2019-09-03 06:53:37 +00:00
|
|
|
hclspec.NewLiteral("\"3m\""),
|
2019-08-06 06:01:51 +00:00
|
|
|
),
|
2018-11-20 02:07:30 +00:00
|
|
|
"container": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("container", "bool", false),
|
|
|
|
hclspec.NewLiteral("true"),
|
|
|
|
),
|
2019-09-13 15:24:58 +00:00
|
|
|
"dangling_containers": hclspec.NewDefault(
|
|
|
|
hclspec.NewBlock("dangling_containers", false, danglingContainersBlock),
|
2019-10-18 22:27:28 +00:00
|
|
|
hclspec.NewLiteral(`{
|
|
|
|
enabled = true
|
|
|
|
period = "5m"
|
|
|
|
creation_grace = "5m"
|
|
|
|
}`),
|
2019-09-13 15:24:58 +00:00
|
|
|
),
|
2018-11-20 03:58:05 +00:00
|
|
|
})), hclspec.NewLiteral(`{
|
|
|
|
image = true
|
2020-10-15 16:36:01 +00:00
|
|
|
image_delay = "3m"
|
2018-11-20 03:58:05 +00:00
|
|
|
container = true
|
2019-10-18 22:27:28 +00:00
|
|
|
dangling_containers = {
|
|
|
|
enabled = true
|
|
|
|
period = "5m"
|
|
|
|
creation_grace = "5m"
|
|
|
|
}
|
2018-11-20 03:58:05 +00:00
|
|
|
}`)),
|
|
|
|
|
|
|
|
// docker volume options
|
|
|
|
// defaulted needed for both if the volumes {...} block is not set and
|
|
|
|
// if the default fields are missing
|
|
|
|
"volumes": hclspec.NewDefault(hclspec.NewBlock("volumes", false, hclspec.NewObject(map[string]*hclspec.Spec{
|
2020-06-23 17:43:37 +00:00
|
|
|
"enabled": hclspec.NewAttr("enabled", "bool", false),
|
2018-11-20 02:32:08 +00:00
|
|
|
"selinuxlabel": hclspec.NewAttr("selinuxlabel", "string", false),
|
2020-11-11 15:03:46 +00:00
|
|
|
})), hclspec.NewLiteral("{ enabled = false }")),
|
2018-11-20 02:32:08 +00:00
|
|
|
"allow_privileged": hclspec.NewAttr("allow_privileged", "bool", false),
|
2018-11-14 11:20:35 +00:00
|
|
|
"allow_caps": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("allow_caps", "list(string)", false),
|
2021-05-13 20:21:52 +00:00
|
|
|
hclspec.NewLiteral(capabilities.HCLSpecLiteral),
|
2018-11-14 11:20:35 +00:00
|
|
|
),
|
2018-12-18 01:03:43 +00:00
|
|
|
"nvidia_runtime": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("nvidia_runtime", "string", false),
|
|
|
|
hclspec.NewLiteral(`"nvidia"`),
|
|
|
|
),
|
2020-05-12 14:13:50 +00:00
|
|
|
// list of docker runtimes allowed to be used
|
2020-05-12 15:03:08 +00:00
|
|
|
"allow_runtimes": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("allow_runtimes", "list(string)", false),
|
2020-05-12 14:13:50 +00:00
|
|
|
hclspec.NewLiteral(`["runc", "nvidia"]`),
|
|
|
|
),
|
2019-06-14 15:42:32 +00:00
|
|
|
// image to use when creating a network namespace parent container
|
|
|
|
"infra_image": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("infra_image", "string", false),
|
2020-09-23 18:44:27 +00:00
|
|
|
hclspec.NewLiteral(fmt.Sprintf(
|
|
|
|
`"gcr.io/google_containers/pause-%s:3.1"`,
|
|
|
|
runtime.GOARCH,
|
|
|
|
)),
|
2019-06-14 15:42:32 +00:00
|
|
|
),
|
2020-08-12 07:58:07 +00:00
|
|
|
// timeout to use when pulling the infra image.
|
|
|
|
"infra_image_pull_timeout": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("infra_image_pull_timeout", "string", false),
|
|
|
|
hclspec.NewLiteral(`"5m"`),
|
|
|
|
),
|
2019-12-07 03:11:41 +00:00
|
|
|
|
2019-12-18 11:58:53 +00:00
|
|
|
// the duration that the driver will wait for activity from the Docker engine during an image pull
|
|
|
|
// before canceling the request
|
|
|
|
"pull_activity_timeout": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("pull_activity_timeout", "string", false),
|
|
|
|
hclspec.NewLiteral(`"2m"`),
|
|
|
|
),
|
2021-12-21 18:31:34 +00:00
|
|
|
"pids_limit": hclspec.NewAttr("pids_limit", "number", false),
|
2019-12-13 16:08:12 +00:00
|
|
|
// disable_log_collection indicates whether docker driver should collect logs of docker
|
|
|
|
// task containers. If true, nomad doesn't start docker_logger/logmon processes
|
2019-12-07 03:11:41 +00:00
|
|
|
"disable_log_collection": hclspec.NewAttr("disable_log_collection", "bool", false),
|
2018-11-14 11:20:35 +00:00
|
|
|
})
|
|
|
|
|
2020-12-15 19:13:50 +00:00
|
|
|
// mountBodySpec is the hcl specification for the `mount` block
|
|
|
|
mountBodySpec = hclspec.NewObject(map[string]*hclspec.Spec{
|
|
|
|
"type": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("type", "string", false),
|
|
|
|
hclspec.NewLiteral("\"volume\""),
|
|
|
|
),
|
|
|
|
"target": hclspec.NewAttr("target", "string", false),
|
|
|
|
"source": hclspec.NewAttr("source", "string", false),
|
|
|
|
"readonly": hclspec.NewAttr("readonly", "bool", false),
|
|
|
|
"bind_options": hclspec.NewBlock("bind_options", false, hclspec.NewObject(map[string]*hclspec.Spec{
|
|
|
|
"propagation": hclspec.NewAttr("propagation", "string", false),
|
|
|
|
})),
|
|
|
|
"tmpfs_options": hclspec.NewBlock("tmpfs_options", false, hclspec.NewObject(map[string]*hclspec.Spec{
|
|
|
|
"size": hclspec.NewAttr("size", "number", false),
|
|
|
|
"mode": hclspec.NewAttr("mode", "number", false),
|
|
|
|
})),
|
|
|
|
"volume_options": hclspec.NewBlock("volume_options", false, hclspec.NewObject(map[string]*hclspec.Spec{
|
|
|
|
"no_copy": hclspec.NewAttr("no_copy", "bool", false),
|
|
|
|
"labels": hclspec.NewAttr("labels", "list(map(string))", false),
|
|
|
|
"driver_config": hclspec.NewBlock("driver_config", false, hclspec.NewObject(map[string]*hclspec.Spec{
|
|
|
|
"name": hclspec.NewAttr("name", "string", false),
|
|
|
|
"options": hclspec.NewAttr("options", "list(map(string))", false),
|
|
|
|
})),
|
|
|
|
})),
|
|
|
|
})
|
|
|
|
|
2018-11-14 11:20:35 +00:00
|
|
|
// taskConfigSpec is the hcl specification for the driver config section of
|
|
|
|
// a task within a job. It is returned in the TaskConfigSchema RPC
|
|
|
|
taskConfigSpec = hclspec.NewObject(map[string]*hclspec.Spec{
|
|
|
|
"image": hclspec.NewAttr("image", "string", true),
|
|
|
|
"advertise_ipv6_address": hclspec.NewAttr("advertise_ipv6_address", "bool", false),
|
|
|
|
"args": hclspec.NewAttr("args", "list(string)", false),
|
|
|
|
"auth": hclspec.NewBlock("auth", false, hclspec.NewObject(map[string]*hclspec.Spec{
|
|
|
|
"username": hclspec.NewAttr("username", "string", false),
|
|
|
|
"password": hclspec.NewAttr("password", "string", false),
|
|
|
|
"email": hclspec.NewAttr("email", "string", false),
|
|
|
|
"server_address": hclspec.NewAttr("server_address", "string", false),
|
|
|
|
})),
|
|
|
|
"auth_soft_fail": hclspec.NewAttr("auth_soft_fail", "bool", false),
|
|
|
|
"cap_add": hclspec.NewAttr("cap_add", "list(string)", false),
|
|
|
|
"cap_drop": hclspec.NewAttr("cap_drop", "list(string)", false),
|
|
|
|
"command": hclspec.NewAttr("command", "string", false),
|
2020-06-25 16:30:16 +00:00
|
|
|
"cpuset_cpus": hclspec.NewAttr("cpuset_cpus", "string", false),
|
2018-11-14 11:20:35 +00:00
|
|
|
"cpu_hard_limit": hclspec.NewAttr("cpu_hard_limit", "bool", false),
|
2019-11-20 00:05:15 +00:00
|
|
|
"cpu_cfs_period": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("cpu_cfs_period", "number", false),
|
|
|
|
hclspec.NewLiteral(`100000`),
|
|
|
|
),
|
2019-02-12 19:46:37 +00:00
|
|
|
"devices": hclspec.NewBlockList("devices", hclspec.NewObject(map[string]*hclspec.Spec{
|
2018-11-14 11:20:35 +00:00
|
|
|
"host_path": hclspec.NewAttr("host_path", "string", false),
|
|
|
|
"container_path": hclspec.NewAttr("container_path", "string", false),
|
|
|
|
"cgroup_permissions": hclspec.NewAttr("cgroup_permissions", "string", false),
|
|
|
|
})),
|
|
|
|
"dns_search_domains": hclspec.NewAttr("dns_search_domains", "list(string)", false),
|
|
|
|
"dns_options": hclspec.NewAttr("dns_options", "list(string)", false),
|
|
|
|
"dns_servers": hclspec.NewAttr("dns_servers", "list(string)", false),
|
|
|
|
"entrypoint": hclspec.NewAttr("entrypoint", "list(string)", false),
|
|
|
|
"extra_hosts": hclspec.NewAttr("extra_hosts", "list(string)", false),
|
|
|
|
"force_pull": hclspec.NewAttr("force_pull", "bool", false),
|
|
|
|
"hostname": hclspec.NewAttr("hostname", "string", false),
|
2021-10-15 19:53:25 +00:00
|
|
|
"init": hclspec.NewAttr("init", "bool", false),
|
2018-11-14 11:20:35 +00:00
|
|
|
"interactive": hclspec.NewAttr("interactive", "bool", false),
|
|
|
|
"ipc_mode": hclspec.NewAttr("ipc_mode", "string", false),
|
|
|
|
"ipv4_address": hclspec.NewAttr("ipv4_address", "string", false),
|
|
|
|
"ipv6_address": hclspec.NewAttr("ipv6_address", "string", false),
|
drivers: restore port_map old json support
This ensures that `port_map` along with other block like attribute
declarations (e.g. ulimit, labels, etc) can handle various hcl and json
syntax that was supported in 0.8.
In 0.8.7, the following declarations are effectively equivalent:
```
// hcl block
port_map {
http = 80
https = 443
}
// hcl assignment
port_map = {
http = 80
https = 443
}
// json single element array of map (default in API response)
{"port_map": [{"http": 80, "https": 443}]}
// json array of individual maps (supported accidentally iiuc)
{"port_map: [{"http": 80}, {"https": 443}]}
```
We achieve compatbility by using `NewAttr("...", "list(map(string))",
false)` to be serialized to a `map[string]string` wrapper, instead of using
`BlockAttrs` declaration. The wrapper merges the list of maps
automatically, to ease driver development.
This approach is closer to how v0.8.7 implemented the fields [1][2], and
despite its verbosity, seems to perserve 0.8.7 behavior in hcl2.
This is only required for built-in types that have backward
compatibility constraints. External drivers should use `BlockAttrs`
instead, as they see fit.
[1] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L216
[2] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L698-L700
2019-02-13 17:55:48 +00:00
|
|
|
"labels": hclspec.NewAttr("labels", "list(map(string))", false),
|
2018-11-14 11:20:35 +00:00
|
|
|
"load": hclspec.NewAttr("load", "string", false),
|
2019-02-04 18:56:05 +00:00
|
|
|
"logging": hclspec.NewBlock("logging", false, hclspec.NewObject(map[string]*hclspec.Spec{
|
2018-11-20 02:07:30 +00:00
|
|
|
"type": hclspec.NewAttr("type", "string", false),
|
2019-02-28 20:25:17 +00:00
|
|
|
"driver": hclspec.NewAttr("driver", "string", false),
|
drivers: restore port_map old json support
This ensures that `port_map` along with other block like attribute
declarations (e.g. ulimit, labels, etc) can handle various hcl and json
syntax that was supported in 0.8.
In 0.8.7, the following declarations are effectively equivalent:
```
// hcl block
port_map {
http = 80
https = 443
}
// hcl assignment
port_map = {
http = 80
https = 443
}
// json single element array of map (default in API response)
{"port_map": [{"http": 80, "https": 443}]}
// json array of individual maps (supported accidentally iiuc)
{"port_map: [{"http": 80}, {"https": 443}]}
```
We achieve compatbility by using `NewAttr("...", "list(map(string))",
false)` to be serialized to a `map[string]string` wrapper, instead of using
`BlockAttrs` declaration. The wrapper merges the list of maps
automatically, to ease driver development.
This approach is closer to how v0.8.7 implemented the fields [1][2], and
despite its verbosity, seems to perserve 0.8.7 behavior in hcl2.
This is only required for built-in types that have backward
compatibility constraints. External drivers should use `BlockAttrs`
instead, as they see fit.
[1] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L216
[2] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L698-L700
2019-02-13 17:55:48 +00:00
|
|
|
"config": hclspec.NewAttr("config", "list(map(string))", false),
|
2018-11-20 02:07:30 +00:00
|
|
|
})),
|
2020-05-31 17:38:27 +00:00
|
|
|
"mac_address": hclspec.NewAttr("mac_address", "string", false),
|
|
|
|
"memory_hard_limit": hclspec.NewAttr("memory_hard_limit", "number", false),
|
2020-12-15 19:13:50 +00:00
|
|
|
// mount and mounts are effectively aliases, but `mounts` is meant for pre-1.0
|
|
|
|
// assignment syntax `mounts = [{type="..." ..."}]` while
|
|
|
|
// `mount` is 1.0 repeated block syntax `mount { type = "..." }`
|
|
|
|
"mount": hclspec.NewBlockList("mount", mountBodySpec),
|
|
|
|
"mounts": hclspec.NewBlockList("mounts", mountBodySpec),
|
2018-11-14 11:20:35 +00:00
|
|
|
"network_aliases": hclspec.NewAttr("network_aliases", "list(string)", false),
|
|
|
|
"network_mode": hclspec.NewAttr("network_mode", "string", false),
|
2020-04-03 18:40:58 +00:00
|
|
|
"runtime": hclspec.NewAttr("runtime", "string", false),
|
2018-11-14 11:20:35 +00:00
|
|
|
"pids_limit": hclspec.NewAttr("pids_limit", "number", false),
|
|
|
|
"pid_mode": hclspec.NewAttr("pid_mode", "string", false),
|
2020-08-11 22:30:22 +00:00
|
|
|
"ports": hclspec.NewAttr("ports", "list(string)", false),
|
drivers: restore port_map old json support
This ensures that `port_map` along with other block like attribute
declarations (e.g. ulimit, labels, etc) can handle various hcl and json
syntax that was supported in 0.8.
In 0.8.7, the following declarations are effectively equivalent:
```
// hcl block
port_map {
http = 80
https = 443
}
// hcl assignment
port_map = {
http = 80
https = 443
}
// json single element array of map (default in API response)
{"port_map": [{"http": 80, "https": 443}]}
// json array of individual maps (supported accidentally iiuc)
{"port_map: [{"http": 80}, {"https": 443}]}
```
We achieve compatbility by using `NewAttr("...", "list(map(string))",
false)` to be serialized to a `map[string]string` wrapper, instead of using
`BlockAttrs` declaration. The wrapper merges the list of maps
automatically, to ease driver development.
This approach is closer to how v0.8.7 implemented the fields [1][2], and
despite its verbosity, seems to perserve 0.8.7 behavior in hcl2.
This is only required for built-in types that have backward
compatibility constraints. External drivers should use `BlockAttrs`
instead, as they see fit.
[1] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L216
[2] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L698-L700
2019-02-13 17:55:48 +00:00
|
|
|
"port_map": hclspec.NewAttr("port_map", "list(map(number))", false),
|
2018-11-14 11:20:35 +00:00
|
|
|
"privileged": hclspec.NewAttr("privileged", "bool", false),
|
2020-08-12 07:58:07 +00:00
|
|
|
"image_pull_timeout": hclspec.NewDefault(
|
|
|
|
hclspec.NewAttr("image_pull_timeout", "string", false),
|
|
|
|
hclspec.NewLiteral(`"5m"`),
|
|
|
|
),
|
2018-11-14 11:20:35 +00:00
|
|
|
"readonly_rootfs": hclspec.NewAttr("readonly_rootfs", "bool", false),
|
|
|
|
"security_opt": hclspec.NewAttr("security_opt", "list(string)", false),
|
|
|
|
"shm_size": hclspec.NewAttr("shm_size", "number", false),
|
2019-02-20 01:22:59 +00:00
|
|
|
"storage_opt": hclspec.NewBlockAttrs("storage_opt", "string", false),
|
drivers: restore port_map old json support
This ensures that `port_map` along with other block like attribute
declarations (e.g. ulimit, labels, etc) can handle various hcl and json
syntax that was supported in 0.8.
In 0.8.7, the following declarations are effectively equivalent:
```
// hcl block
port_map {
http = 80
https = 443
}
// hcl assignment
port_map = {
http = 80
https = 443
}
// json single element array of map (default in API response)
{"port_map": [{"http": 80, "https": 443}]}
// json array of individual maps (supported accidentally iiuc)
{"port_map: [{"http": 80}, {"https": 443}]}
```
We achieve compatbility by using `NewAttr("...", "list(map(string))",
false)` to be serialized to a `map[string]string` wrapper, instead of using
`BlockAttrs` declaration. The wrapper merges the list of maps
automatically, to ease driver development.
This approach is closer to how v0.8.7 implemented the fields [1][2], and
despite its verbosity, seems to perserve 0.8.7 behavior in hcl2.
This is only required for built-in types that have backward
compatibility constraints. External drivers should use `BlockAttrs`
instead, as they see fit.
[1] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L216
[2] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L698-L700
2019-02-13 17:55:48 +00:00
|
|
|
"sysctl": hclspec.NewAttr("sysctl", "list(map(string))", false),
|
2018-11-14 11:20:35 +00:00
|
|
|
"tty": hclspec.NewAttr("tty", "bool", false),
|
drivers: restore port_map old json support
This ensures that `port_map` along with other block like attribute
declarations (e.g. ulimit, labels, etc) can handle various hcl and json
syntax that was supported in 0.8.
In 0.8.7, the following declarations are effectively equivalent:
```
// hcl block
port_map {
http = 80
https = 443
}
// hcl assignment
port_map = {
http = 80
https = 443
}
// json single element array of map (default in API response)
{"port_map": [{"http": 80, "https": 443}]}
// json array of individual maps (supported accidentally iiuc)
{"port_map: [{"http": 80}, {"https": 443}]}
```
We achieve compatbility by using `NewAttr("...", "list(map(string))",
false)` to be serialized to a `map[string]string` wrapper, instead of using
`BlockAttrs` declaration. The wrapper merges the list of maps
automatically, to ease driver development.
This approach is closer to how v0.8.7 implemented the fields [1][2], and
despite its verbosity, seems to perserve 0.8.7 behavior in hcl2.
This is only required for built-in types that have backward
compatibility constraints. External drivers should use `BlockAttrs`
instead, as they see fit.
[1] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L216
[2] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L698-L700
2019-02-13 17:55:48 +00:00
|
|
|
"ulimit": hclspec.NewAttr("ulimit", "list(map(string))", false),
|
2018-11-14 11:20:35 +00:00
|
|
|
"uts_mode": hclspec.NewAttr("uts_mode", "string", false),
|
|
|
|
"userns_mode": hclspec.NewAttr("userns_mode", "string", false),
|
|
|
|
"volumes": hclspec.NewAttr("volumes", "list(string)", false),
|
|
|
|
"volume_driver": hclspec.NewAttr("volume_driver", "string", false),
|
|
|
|
"work_dir": hclspec.NewAttr("work_dir", "string", false),
|
|
|
|
})
|
|
|
|
|
2021-05-13 20:21:52 +00:00
|
|
|
// driverCapabilities represents the RPC response for what features are
|
|
|
|
// implemented by the docker task driver
|
|
|
|
driverCapabilities = &drivers.Capabilities{
|
2018-11-14 11:20:35 +00:00
|
|
|
SendSignals: true,
|
|
|
|
Exec: true,
|
2019-01-04 21:11:25 +00:00
|
|
|
FSIsolation: drivers.FSIsolationImage,
|
2019-05-14 00:59:31 +00:00
|
|
|
NetIsolationModes: []drivers.NetIsolationMode{
|
|
|
|
drivers.NetIsolationModeHost,
|
|
|
|
drivers.NetIsolationModeGroup,
|
|
|
|
drivers.NetIsolationModeTask,
|
|
|
|
},
|
|
|
|
MustInitiateNetwork: true,
|
2020-05-21 13:18:02 +00:00
|
|
|
MountConfigs: drivers.MountConfigSupportAll,
|
2018-11-14 11:20:35 +00:00
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
type TaskConfig struct {
|
drivers: restore port_map old json support
This ensures that `port_map` along with other block like attribute
declarations (e.g. ulimit, labels, etc) can handle various hcl and json
syntax that was supported in 0.8.
In 0.8.7, the following declarations are effectively equivalent:
```
// hcl block
port_map {
http = 80
https = 443
}
// hcl assignment
port_map = {
http = 80
https = 443
}
// json single element array of map (default in API response)
{"port_map": [{"http": 80, "https": 443}]}
// json array of individual maps (supported accidentally iiuc)
{"port_map: [{"http": 80}, {"https": 443}]}
```
We achieve compatbility by using `NewAttr("...", "list(map(string))",
false)` to be serialized to a `map[string]string` wrapper, instead of using
`BlockAttrs` declaration. The wrapper merges the list of maps
automatically, to ease driver development.
This approach is closer to how v0.8.7 implemented the fields [1][2], and
despite its verbosity, seems to perserve 0.8.7 behavior in hcl2.
This is only required for built-in types that have backward
compatibility constraints. External drivers should use `BlockAttrs`
instead, as they see fit.
[1] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L216
[2] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L698-L700
2019-02-13 17:55:48 +00:00
|
|
|
Image string `codec:"image"`
|
|
|
|
AdvertiseIPv6Addr bool `codec:"advertise_ipv6_address"`
|
|
|
|
Args []string `codec:"args"`
|
|
|
|
Auth DockerAuth `codec:"auth"`
|
|
|
|
AuthSoftFail bool `codec:"auth_soft_fail"`
|
|
|
|
CapAdd []string `codec:"cap_add"`
|
|
|
|
CapDrop []string `codec:"cap_drop"`
|
|
|
|
Command string `codec:"command"`
|
|
|
|
CPUCFSPeriod int64 `codec:"cpu_cfs_period"`
|
|
|
|
CPUHardLimit bool `codec:"cpu_hard_limit"`
|
2020-06-25 16:30:16 +00:00
|
|
|
CPUSetCPUs string `codec:"cpuset_cpus"`
|
drivers: restore port_map old json support
This ensures that `port_map` along with other block like attribute
declarations (e.g. ulimit, labels, etc) can handle various hcl and json
syntax that was supported in 0.8.
In 0.8.7, the following declarations are effectively equivalent:
```
// hcl block
port_map {
http = 80
https = 443
}
// hcl assignment
port_map = {
http = 80
https = 443
}
// json single element array of map (default in API response)
{"port_map": [{"http": 80, "https": 443}]}
// json array of individual maps (supported accidentally iiuc)
{"port_map: [{"http": 80}, {"https": 443}]}
```
We achieve compatbility by using `NewAttr("...", "list(map(string))",
false)` to be serialized to a `map[string]string` wrapper, instead of using
`BlockAttrs` declaration. The wrapper merges the list of maps
automatically, to ease driver development.
This approach is closer to how v0.8.7 implemented the fields [1][2], and
despite its verbosity, seems to perserve 0.8.7 behavior in hcl2.
This is only required for built-in types that have backward
compatibility constraints. External drivers should use `BlockAttrs`
instead, as they see fit.
[1] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L216
[2] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L698-L700
2019-02-13 17:55:48 +00:00
|
|
|
Devices []DockerDevice `codec:"devices"`
|
|
|
|
DNSSearchDomains []string `codec:"dns_search_domains"`
|
|
|
|
DNSOptions []string `codec:"dns_options"`
|
|
|
|
DNSServers []string `codec:"dns_servers"`
|
|
|
|
Entrypoint []string `codec:"entrypoint"`
|
|
|
|
ExtraHosts []string `codec:"extra_hosts"`
|
|
|
|
ForcePull bool `codec:"force_pull"`
|
|
|
|
Hostname string `codec:"hostname"`
|
2021-10-15 19:53:25 +00:00
|
|
|
Init bool `codec:"init"`
|
drivers: restore port_map old json support
This ensures that `port_map` along with other block like attribute
declarations (e.g. ulimit, labels, etc) can handle various hcl and json
syntax that was supported in 0.8.
In 0.8.7, the following declarations are effectively equivalent:
```
// hcl block
port_map {
http = 80
https = 443
}
// hcl assignment
port_map = {
http = 80
https = 443
}
// json single element array of map (default in API response)
{"port_map": [{"http": 80, "https": 443}]}
// json array of individual maps (supported accidentally iiuc)
{"port_map: [{"http": 80}, {"https": 443}]}
```
We achieve compatbility by using `NewAttr("...", "list(map(string))",
false)` to be serialized to a `map[string]string` wrapper, instead of using
`BlockAttrs` declaration. The wrapper merges the list of maps
automatically, to ease driver development.
This approach is closer to how v0.8.7 implemented the fields [1][2], and
despite its verbosity, seems to perserve 0.8.7 behavior in hcl2.
This is only required for built-in types that have backward
compatibility constraints. External drivers should use `BlockAttrs`
instead, as they see fit.
[1] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L216
[2] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L698-L700
2019-02-13 17:55:48 +00:00
|
|
|
Interactive bool `codec:"interactive"`
|
|
|
|
IPCMode string `codec:"ipc_mode"`
|
|
|
|
IPv4Address string `codec:"ipv4_address"`
|
|
|
|
IPv6Address string `codec:"ipv6_address"`
|
|
|
|
Labels hclutils.MapStrStr `codec:"labels"`
|
|
|
|
LoadImage string `codec:"load"`
|
|
|
|
Logging DockerLogging `codec:"logging"`
|
|
|
|
MacAddress string `codec:"mac_address"`
|
2020-05-31 17:38:27 +00:00
|
|
|
MemoryHardLimit int64 `codec:"memory_hard_limit"`
|
2020-12-15 19:13:50 +00:00
|
|
|
Mounts []DockerMount `codec:"mount"`
|
drivers: restore port_map old json support
This ensures that `port_map` along with other block like attribute
declarations (e.g. ulimit, labels, etc) can handle various hcl and json
syntax that was supported in 0.8.
In 0.8.7, the following declarations are effectively equivalent:
```
// hcl block
port_map {
http = 80
https = 443
}
// hcl assignment
port_map = {
http = 80
https = 443
}
// json single element array of map (default in API response)
{"port_map": [{"http": 80, "https": 443}]}
// json array of individual maps (supported accidentally iiuc)
{"port_map: [{"http": 80}, {"https": 443}]}
```
We achieve compatbility by using `NewAttr("...", "list(map(string))",
false)` to be serialized to a `map[string]string` wrapper, instead of using
`BlockAttrs` declaration. The wrapper merges the list of maps
automatically, to ease driver development.
This approach is closer to how v0.8.7 implemented the fields [1][2], and
despite its verbosity, seems to perserve 0.8.7 behavior in hcl2.
This is only required for built-in types that have backward
compatibility constraints. External drivers should use `BlockAttrs`
instead, as they see fit.
[1] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L216
[2] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L698-L700
2019-02-13 17:55:48 +00:00
|
|
|
NetworkAliases []string `codec:"network_aliases"`
|
|
|
|
NetworkMode string `codec:"network_mode"`
|
2020-04-03 18:40:58 +00:00
|
|
|
Runtime string `codec:"runtime"`
|
drivers: restore port_map old json support
This ensures that `port_map` along with other block like attribute
declarations (e.g. ulimit, labels, etc) can handle various hcl and json
syntax that was supported in 0.8.
In 0.8.7, the following declarations are effectively equivalent:
```
// hcl block
port_map {
http = 80
https = 443
}
// hcl assignment
port_map = {
http = 80
https = 443
}
// json single element array of map (default in API response)
{"port_map": [{"http": 80, "https": 443}]}
// json array of individual maps (supported accidentally iiuc)
{"port_map: [{"http": 80}, {"https": 443}]}
```
We achieve compatbility by using `NewAttr("...", "list(map(string))",
false)` to be serialized to a `map[string]string` wrapper, instead of using
`BlockAttrs` declaration. The wrapper merges the list of maps
automatically, to ease driver development.
This approach is closer to how v0.8.7 implemented the fields [1][2], and
despite its verbosity, seems to perserve 0.8.7 behavior in hcl2.
This is only required for built-in types that have backward
compatibility constraints. External drivers should use `BlockAttrs`
instead, as they see fit.
[1] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L216
[2] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L698-L700
2019-02-13 17:55:48 +00:00
|
|
|
PidsLimit int64 `codec:"pids_limit"`
|
|
|
|
PidMode string `codec:"pid_mode"`
|
2020-08-11 22:30:22 +00:00
|
|
|
Ports []string `codec:"ports"`
|
drivers: restore port_map old json support
This ensures that `port_map` along with other block like attribute
declarations (e.g. ulimit, labels, etc) can handle various hcl and json
syntax that was supported in 0.8.
In 0.8.7, the following declarations are effectively equivalent:
```
// hcl block
port_map {
http = 80
https = 443
}
// hcl assignment
port_map = {
http = 80
https = 443
}
// json single element array of map (default in API response)
{"port_map": [{"http": 80, "https": 443}]}
// json array of individual maps (supported accidentally iiuc)
{"port_map: [{"http": 80}, {"https": 443}]}
```
We achieve compatbility by using `NewAttr("...", "list(map(string))",
false)` to be serialized to a `map[string]string` wrapper, instead of using
`BlockAttrs` declaration. The wrapper merges the list of maps
automatically, to ease driver development.
This approach is closer to how v0.8.7 implemented the fields [1][2], and
despite its verbosity, seems to perserve 0.8.7 behavior in hcl2.
This is only required for built-in types that have backward
compatibility constraints. External drivers should use `BlockAttrs`
instead, as they see fit.
[1] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L216
[2] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L698-L700
2019-02-13 17:55:48 +00:00
|
|
|
PortMap hclutils.MapStrInt `codec:"port_map"`
|
|
|
|
Privileged bool `codec:"privileged"`
|
2020-08-12 07:58:07 +00:00
|
|
|
ImagePullTimeout string `codec:"image_pull_timeout"`
|
drivers: restore port_map old json support
This ensures that `port_map` along with other block like attribute
declarations (e.g. ulimit, labels, etc) can handle various hcl and json
syntax that was supported in 0.8.
In 0.8.7, the following declarations are effectively equivalent:
```
// hcl block
port_map {
http = 80
https = 443
}
// hcl assignment
port_map = {
http = 80
https = 443
}
// json single element array of map (default in API response)
{"port_map": [{"http": 80, "https": 443}]}
// json array of individual maps (supported accidentally iiuc)
{"port_map: [{"http": 80}, {"https": 443}]}
```
We achieve compatbility by using `NewAttr("...", "list(map(string))",
false)` to be serialized to a `map[string]string` wrapper, instead of using
`BlockAttrs` declaration. The wrapper merges the list of maps
automatically, to ease driver development.
This approach is closer to how v0.8.7 implemented the fields [1][2], and
despite its verbosity, seems to perserve 0.8.7 behavior in hcl2.
This is only required for built-in types that have backward
compatibility constraints. External drivers should use `BlockAttrs`
instead, as they see fit.
[1] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L216
[2] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L698-L700
2019-02-13 17:55:48 +00:00
|
|
|
ReadonlyRootfs bool `codec:"readonly_rootfs"`
|
|
|
|
SecurityOpt []string `codec:"security_opt"`
|
|
|
|
ShmSize int64 `codec:"shm_size"`
|
2019-02-20 01:22:59 +00:00
|
|
|
StorageOpt map[string]string `codec:"storage_opt"`
|
drivers: restore port_map old json support
This ensures that `port_map` along with other block like attribute
declarations (e.g. ulimit, labels, etc) can handle various hcl and json
syntax that was supported in 0.8.
In 0.8.7, the following declarations are effectively equivalent:
```
// hcl block
port_map {
http = 80
https = 443
}
// hcl assignment
port_map = {
http = 80
https = 443
}
// json single element array of map (default in API response)
{"port_map": [{"http": 80, "https": 443}]}
// json array of individual maps (supported accidentally iiuc)
{"port_map: [{"http": 80}, {"https": 443}]}
```
We achieve compatbility by using `NewAttr("...", "list(map(string))",
false)` to be serialized to a `map[string]string` wrapper, instead of using
`BlockAttrs` declaration. The wrapper merges the list of maps
automatically, to ease driver development.
This approach is closer to how v0.8.7 implemented the fields [1][2], and
despite its verbosity, seems to perserve 0.8.7 behavior in hcl2.
This is only required for built-in types that have backward
compatibility constraints. External drivers should use `BlockAttrs`
instead, as they see fit.
[1] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L216
[2] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L698-L700
2019-02-13 17:55:48 +00:00
|
|
|
Sysctl hclutils.MapStrStr `codec:"sysctl"`
|
|
|
|
TTY bool `codec:"tty"`
|
|
|
|
Ulimit hclutils.MapStrStr `codec:"ulimit"`
|
|
|
|
UTSMode string `codec:"uts_mode"`
|
|
|
|
UsernsMode string `codec:"userns_mode"`
|
|
|
|
Volumes []string `codec:"volumes"`
|
|
|
|
VolumeDriver string `codec:"volume_driver"`
|
|
|
|
WorkDir string `codec:"work_dir"`
|
2020-12-15 19:13:50 +00:00
|
|
|
|
|
|
|
// MountsList supports the pre-1.0 mounts array syntax
|
|
|
|
MountsList []DockerMount `codec:"mounts"`
|
2018-11-14 11:20:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type DockerAuth struct {
|
|
|
|
Username string `codec:"username"`
|
|
|
|
Password string `codec:"password"`
|
|
|
|
Email string `codec:"email"`
|
|
|
|
ServerAddr string `codec:"server_address"`
|
|
|
|
}
|
|
|
|
|
|
|
|
type DockerDevice struct {
|
|
|
|
HostPath string `codec:"host_path"`
|
|
|
|
ContainerPath string `codec:"container_path"`
|
|
|
|
CgroupPermissions string `codec:"cgroup_permissions"`
|
|
|
|
}
|
|
|
|
|
2018-12-04 19:50:59 +00:00
|
|
|
func (d DockerDevice) toDockerDevice() (docker.Device, error) {
|
|
|
|
dd := docker.Device{
|
|
|
|
PathOnHost: d.HostPath,
|
|
|
|
PathInContainer: d.ContainerPath,
|
|
|
|
CgroupPermissions: d.CgroupPermissions,
|
|
|
|
}
|
|
|
|
|
|
|
|
if d.HostPath == "" {
|
|
|
|
return dd, fmt.Errorf("host path must be set in configuration for devices")
|
|
|
|
}
|
|
|
|
|
|
|
|
if dd.CgroupPermissions == "" {
|
|
|
|
dd.CgroupPermissions = "rwm"
|
|
|
|
}
|
|
|
|
|
|
|
|
if !validateCgroupPermission(dd.CgroupPermissions) {
|
|
|
|
return dd, fmt.Errorf("invalid cgroup permission string: %q", dd.CgroupPermissions)
|
|
|
|
}
|
|
|
|
|
|
|
|
return dd, nil
|
|
|
|
}
|
|
|
|
|
2018-11-14 11:20:35 +00:00
|
|
|
type DockerLogging struct {
|
drivers: restore port_map old json support
This ensures that `port_map` along with other block like attribute
declarations (e.g. ulimit, labels, etc) can handle various hcl and json
syntax that was supported in 0.8.
In 0.8.7, the following declarations are effectively equivalent:
```
// hcl block
port_map {
http = 80
https = 443
}
// hcl assignment
port_map = {
http = 80
https = 443
}
// json single element array of map (default in API response)
{"port_map": [{"http": 80, "https": 443}]}
// json array of individual maps (supported accidentally iiuc)
{"port_map: [{"http": 80}, {"https": 443}]}
```
We achieve compatbility by using `NewAttr("...", "list(map(string))",
false)` to be serialized to a `map[string]string` wrapper, instead of using
`BlockAttrs` declaration. The wrapper merges the list of maps
automatically, to ease driver development.
This approach is closer to how v0.8.7 implemented the fields [1][2], and
despite its verbosity, seems to perserve 0.8.7 behavior in hcl2.
This is only required for built-in types that have backward
compatibility constraints. External drivers should use `BlockAttrs`
instead, as they see fit.
[1] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L216
[2] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L698-L700
2019-02-13 17:55:48 +00:00
|
|
|
Type string `codec:"type"`
|
2019-02-28 20:25:17 +00:00
|
|
|
Driver string `codec:"driver"`
|
drivers: restore port_map old json support
This ensures that `port_map` along with other block like attribute
declarations (e.g. ulimit, labels, etc) can handle various hcl and json
syntax that was supported in 0.8.
In 0.8.7, the following declarations are effectively equivalent:
```
// hcl block
port_map {
http = 80
https = 443
}
// hcl assignment
port_map = {
http = 80
https = 443
}
// json single element array of map (default in API response)
{"port_map": [{"http": 80, "https": 443}]}
// json array of individual maps (supported accidentally iiuc)
{"port_map: [{"http": 80}, {"https": 443}]}
```
We achieve compatbility by using `NewAttr("...", "list(map(string))",
false)` to be serialized to a `map[string]string` wrapper, instead of using
`BlockAttrs` declaration. The wrapper merges the list of maps
automatically, to ease driver development.
This approach is closer to how v0.8.7 implemented the fields [1][2], and
despite its verbosity, seems to perserve 0.8.7 behavior in hcl2.
This is only required for built-in types that have backward
compatibility constraints. External drivers should use `BlockAttrs`
instead, as they see fit.
[1] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L216
[2] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L698-L700
2019-02-13 17:55:48 +00:00
|
|
|
Config hclutils.MapStrStr `codec:"config"`
|
2018-11-14 11:20:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type DockerMount struct {
|
2018-11-26 21:45:01 +00:00
|
|
|
Type string `codec:"type"`
|
2018-11-14 11:20:35 +00:00
|
|
|
Target string `codec:"target"`
|
|
|
|
Source string `codec:"source"`
|
|
|
|
ReadOnly bool `codec:"readonly"`
|
2018-11-26 21:45:01 +00:00
|
|
|
BindOptions DockerBindOptions `codec:"bind_options"`
|
2018-11-14 11:20:35 +00:00
|
|
|
VolumeOptions DockerVolumeOptions `codec:"volume_options"`
|
2018-11-26 22:22:57 +00:00
|
|
|
TmpfsOptions DockerTmpfsOptions `codec:"tmpfs_options"`
|
2018-11-14 11:20:35 +00:00
|
|
|
}
|
|
|
|
|
2018-11-26 21:45:01 +00:00
|
|
|
func (m DockerMount) toDockerHostMount() (docker.HostMount, error) {
|
|
|
|
if m.Type == "" {
|
2020-10-12 12:47:05 +00:00
|
|
|
// for backward compatibility, as type is optional
|
2018-11-26 21:45:01 +00:00
|
|
|
m.Type = "volume"
|
|
|
|
}
|
|
|
|
|
|
|
|
hm := docker.HostMount{
|
|
|
|
Target: m.Target,
|
|
|
|
Source: m.Source,
|
|
|
|
Type: m.Type,
|
|
|
|
ReadOnly: m.ReadOnly,
|
|
|
|
}
|
|
|
|
|
|
|
|
switch m.Type {
|
|
|
|
case "volume":
|
|
|
|
vo := m.VolumeOptions
|
|
|
|
hm.VolumeOptions = &docker.VolumeOptions{
|
|
|
|
NoCopy: vo.NoCopy,
|
|
|
|
Labels: vo.Labels,
|
|
|
|
DriverConfig: docker.VolumeDriverConfig{
|
|
|
|
Name: vo.DriverConfig.Name,
|
|
|
|
Options: vo.DriverConfig.Options,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
case "bind":
|
|
|
|
hm.BindOptions = &docker.BindOptions{
|
|
|
|
Propagation: m.BindOptions.Propagation,
|
|
|
|
}
|
2018-11-26 22:22:57 +00:00
|
|
|
case "tmpfs":
|
|
|
|
if m.Source != "" {
|
|
|
|
return hm, fmt.Errorf(`invalid source, must be "" for tmpfs`)
|
|
|
|
}
|
|
|
|
hm.TempfsOptions = &docker.TempfsOptions{
|
|
|
|
SizeBytes: m.TmpfsOptions.SizeBytes,
|
|
|
|
Mode: m.TmpfsOptions.Mode,
|
|
|
|
}
|
2018-11-26 21:45:01 +00:00
|
|
|
default:
|
2018-11-26 22:22:57 +00:00
|
|
|
return hm, fmt.Errorf(`invalid mount type, must be "bind", "volume", "tmpfs": %q`, m.Type)
|
2018-11-26 21:45:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return hm, nil
|
|
|
|
}
|
|
|
|
|
2018-11-14 11:20:35 +00:00
|
|
|
type DockerVolumeOptions struct {
|
|
|
|
NoCopy bool `codec:"no_copy"`
|
drivers: restore port_map old json support
This ensures that `port_map` along with other block like attribute
declarations (e.g. ulimit, labels, etc) can handle various hcl and json
syntax that was supported in 0.8.
In 0.8.7, the following declarations are effectively equivalent:
```
// hcl block
port_map {
http = 80
https = 443
}
// hcl assignment
port_map = {
http = 80
https = 443
}
// json single element array of map (default in API response)
{"port_map": [{"http": 80, "https": 443}]}
// json array of individual maps (supported accidentally iiuc)
{"port_map: [{"http": 80}, {"https": 443}]}
```
We achieve compatbility by using `NewAttr("...", "list(map(string))",
false)` to be serialized to a `map[string]string` wrapper, instead of using
`BlockAttrs` declaration. The wrapper merges the list of maps
automatically, to ease driver development.
This approach is closer to how v0.8.7 implemented the fields [1][2], and
despite its verbosity, seems to perserve 0.8.7 behavior in hcl2.
This is only required for built-in types that have backward
compatibility constraints. External drivers should use `BlockAttrs`
instead, as they see fit.
[1] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L216
[2] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L698-L700
2019-02-13 17:55:48 +00:00
|
|
|
Labels hclutils.MapStrStr `codec:"labels"`
|
2018-11-14 11:20:35 +00:00
|
|
|
DriverConfig DockerVolumeDriverConfig `codec:"driver_config"`
|
|
|
|
}
|
|
|
|
|
2018-11-26 21:45:01 +00:00
|
|
|
type DockerBindOptions struct {
|
|
|
|
Propagation string `codec:"propagation"`
|
|
|
|
}
|
|
|
|
|
2018-11-26 22:22:57 +00:00
|
|
|
type DockerTmpfsOptions struct {
|
|
|
|
SizeBytes int64 `codec:"size"`
|
|
|
|
Mode int `codec:"mode"`
|
|
|
|
}
|
|
|
|
|
2018-11-26 21:45:01 +00:00
|
|
|
// DockerVolumeDriverConfig holds a map of volume driver specific options
|
2018-11-14 11:20:35 +00:00
|
|
|
type DockerVolumeDriverConfig struct {
|
drivers: restore port_map old json support
This ensures that `port_map` along with other block like attribute
declarations (e.g. ulimit, labels, etc) can handle various hcl and json
syntax that was supported in 0.8.
In 0.8.7, the following declarations are effectively equivalent:
```
// hcl block
port_map {
http = 80
https = 443
}
// hcl assignment
port_map = {
http = 80
https = 443
}
// json single element array of map (default in API response)
{"port_map": [{"http": 80, "https": 443}]}
// json array of individual maps (supported accidentally iiuc)
{"port_map: [{"http": 80}, {"https": 443}]}
```
We achieve compatbility by using `NewAttr("...", "list(map(string))",
false)` to be serialized to a `map[string]string` wrapper, instead of using
`BlockAttrs` declaration. The wrapper merges the list of maps
automatically, to ease driver development.
This approach is closer to how v0.8.7 implemented the fields [1][2], and
despite its verbosity, seems to perserve 0.8.7 behavior in hcl2.
This is only required for built-in types that have backward
compatibility constraints. External drivers should use `BlockAttrs`
instead, as they see fit.
[1] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L216
[2] https://github.com/hashicorp/nomad/blob/v0.8.7/client/driver/docker.go#L698-L700
2019-02-13 17:55:48 +00:00
|
|
|
Name string `codec:"name"`
|
|
|
|
Options hclutils.MapStrStr `codec:"options"`
|
2018-11-14 11:20:35 +00:00
|
|
|
}
|
|
|
|
|
2019-10-17 12:37:18 +00:00
|
|
|
// ContainerGCConfig controls the behavior of the GC reconciler to detects
|
|
|
|
// dangling nomad containers that aren't tracked due to docker/nomad bugs
|
2019-09-13 15:24:58 +00:00
|
|
|
type ContainerGCConfig struct {
|
2019-10-17 12:37:18 +00:00
|
|
|
// Enabled controls whether container reconciler is enabled
|
2019-09-13 15:24:58 +00:00
|
|
|
Enabled bool `codec:"enabled"`
|
|
|
|
|
2019-10-17 12:37:18 +00:00
|
|
|
// DryRun indicates that reconciler should log unexpectedly running containers
|
|
|
|
// if found without actually killing them
|
|
|
|
DryRun bool `codec:"dry_run"`
|
|
|
|
|
|
|
|
// PeriodStr controls the frequency of scanning containers
|
2019-09-13 15:24:58 +00:00
|
|
|
PeriodStr string `codec:"period"`
|
|
|
|
period time.Duration `codec:"-"`
|
|
|
|
|
2019-10-17 12:37:18 +00:00
|
|
|
// CreationGraceStr is the duration allowed for a newly created container
|
|
|
|
// to live without being registered as a running task in nomad.
|
|
|
|
// A container is treated as leaked if it lived more than grace duration
|
|
|
|
// and haven't been registered in tasks.
|
|
|
|
CreationGraceStr string `codec:"creation_grace"`
|
|
|
|
CreationGrace time.Duration `codec:"-"`
|
2019-09-13 15:24:58 +00:00
|
|
|
}
|
|
|
|
|
2018-11-14 11:20:35 +00:00
|
|
|
type DriverConfig struct {
|
2020-08-12 07:58:07 +00:00
|
|
|
Endpoint string `codec:"endpoint"`
|
|
|
|
Auth AuthConfig `codec:"auth"`
|
|
|
|
TLS TLSConfig `codec:"tls"`
|
|
|
|
GC GCConfig `codec:"gc"`
|
|
|
|
Volumes VolumeConfig `codec:"volumes"`
|
|
|
|
AllowPrivileged bool `codec:"allow_privileged"`
|
|
|
|
AllowCaps []string `codec:"allow_caps"`
|
|
|
|
GPURuntimeName string `codec:"nvidia_runtime"`
|
|
|
|
InfraImage string `codec:"infra_image"`
|
|
|
|
InfraImagePullTimeout string `codec:"infra_image_pull_timeout"`
|
|
|
|
infraImagePullTimeoutDuration time.Duration `codec:"-"`
|
|
|
|
DisableLogCollection bool `codec:"disable_log_collection"`
|
|
|
|
PullActivityTimeout string `codec:"pull_activity_timeout"`
|
2021-12-21 18:31:34 +00:00
|
|
|
PidsLimit int64 `codec:"pids_limit"`
|
2020-08-12 07:58:07 +00:00
|
|
|
pullActivityTimeoutDuration time.Duration `codec:"-"`
|
2021-03-08 13:59:52 +00:00
|
|
|
ExtraLabels []string `codec:"extra_labels"`
|
2021-03-12 21:04:33 +00:00
|
|
|
Logging LoggingConfig `codec:"logging"`
|
2020-05-12 14:13:50 +00:00
|
|
|
|
2020-05-12 15:03:08 +00:00
|
|
|
AllowRuntimesList []string `codec:"allow_runtimes"`
|
|
|
|
allowRuntimes map[string]struct{} `codec:"-"`
|
2018-11-20 02:07:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type AuthConfig struct {
|
|
|
|
Config string `codec:"config"`
|
|
|
|
Helper string `codec:"helper"`
|
2018-11-14 11:20:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type TLSConfig struct {
|
|
|
|
Cert string `codec:"cert"`
|
|
|
|
Key string `codec:"key"`
|
|
|
|
CA string `codec:"ca"`
|
|
|
|
}
|
2018-11-20 02:07:30 +00:00
|
|
|
|
|
|
|
type GCConfig struct {
|
|
|
|
Image bool `codec:"image"`
|
|
|
|
ImageDelay string `codec:"image_delay"`
|
|
|
|
imageDelayDuration time.Duration `codec:"-"`
|
|
|
|
Container bool `codec:"container"`
|
2019-09-13 15:24:58 +00:00
|
|
|
|
|
|
|
DanglingContainers ContainerGCConfig `codec:"dangling_containers"`
|
2018-11-20 02:07:30 +00:00
|
|
|
}
|
2018-11-20 02:32:08 +00:00
|
|
|
|
|
|
|
type VolumeConfig struct {
|
|
|
|
Enabled bool `codec:"enabled"`
|
|
|
|
SelinuxLabel string `codec:"selinuxlabel"`
|
|
|
|
}
|
2018-11-20 03:41:14 +00:00
|
|
|
|
2021-03-12 21:04:33 +00:00
|
|
|
type LoggingConfig struct {
|
|
|
|
Type string `codec:"type"`
|
|
|
|
Config map[string]string `codec:"config"`
|
|
|
|
}
|
|
|
|
|
2018-11-20 03:41:14 +00:00
|
|
|
func (d *Driver) PluginInfo() (*base.PluginInfoResponse, error) {
|
|
|
|
return pluginInfo, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (d *Driver) ConfigSchema() (*hclspec.Spec, error) {
|
|
|
|
return configSpec, nil
|
|
|
|
}
|
|
|
|
|
2019-10-17 12:37:18 +00:00
|
|
|
const danglingContainersCreationGraceMinimum = 1 * time.Minute
|
2019-12-18 11:58:53 +00:00
|
|
|
const pullActivityTimeoutMinimum = 1 * time.Minute
|
2019-10-17 12:37:18 +00:00
|
|
|
|
2018-12-18 00:40:58 +00:00
|
|
|
func (d *Driver) SetConfig(c *base.Config) error {
|
2018-11-20 03:41:14 +00:00
|
|
|
var config DriverConfig
|
2018-12-18 00:40:58 +00:00
|
|
|
if len(c.PluginConfig) != 0 {
|
|
|
|
if err := base.MsgPackDecode(c.PluginConfig, &config); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2018-11-20 03:41:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
d.config = &config
|
2021-01-22 13:36:09 +00:00
|
|
|
d.config.InfraImage = strings.TrimPrefix(d.config.InfraImage, "https://")
|
2020-12-09 03:33:34 +00:00
|
|
|
|
2018-11-20 03:41:14 +00:00
|
|
|
if len(d.config.GC.ImageDelay) > 0 {
|
|
|
|
dur, err := time.ParseDuration(d.config.GC.ImageDelay)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("failed to parse 'image_delay' duration: %v", err)
|
|
|
|
}
|
|
|
|
d.config.GC.imageDelayDuration = dur
|
|
|
|
}
|
|
|
|
|
2019-09-13 15:24:58 +00:00
|
|
|
if len(d.config.GC.DanglingContainers.PeriodStr) > 0 {
|
|
|
|
dur, err := time.ParseDuration(d.config.GC.DanglingContainers.PeriodStr)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("failed to parse 'period' duration: %v", err)
|
|
|
|
}
|
|
|
|
d.config.GC.DanglingContainers.period = dur
|
|
|
|
}
|
|
|
|
|
2019-10-17 12:37:18 +00:00
|
|
|
if len(d.config.GC.DanglingContainers.CreationGraceStr) > 0 {
|
|
|
|
dur, err := time.ParseDuration(d.config.GC.DanglingContainers.CreationGraceStr)
|
2019-09-13 15:24:58 +00:00
|
|
|
if err != nil {
|
2019-10-17 12:37:18 +00:00
|
|
|
return fmt.Errorf("failed to parse 'creation_grace' duration: %v", err)
|
|
|
|
}
|
|
|
|
if dur < danglingContainersCreationGraceMinimum {
|
|
|
|
return fmt.Errorf("creation_grace is less than minimum, %v", danglingContainersCreationGraceMinimum)
|
2019-09-13 15:24:58 +00:00
|
|
|
}
|
2019-10-17 12:37:18 +00:00
|
|
|
d.config.GC.DanglingContainers.CreationGrace = dur
|
2019-09-13 15:24:58 +00:00
|
|
|
}
|
|
|
|
|
2019-12-18 11:58:53 +00:00
|
|
|
if len(d.config.PullActivityTimeout) > 0 {
|
|
|
|
dur, err := time.ParseDuration(d.config.PullActivityTimeout)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("failed to parse 'pull_activity_timeout' duaration: %v", err)
|
|
|
|
}
|
|
|
|
if dur < pullActivityTimeoutMinimum {
|
|
|
|
return fmt.Errorf("pull_activity_timeout is less than minimum, %v", pullActivityTimeoutMinimum)
|
|
|
|
}
|
|
|
|
d.config.pullActivityTimeoutDuration = dur
|
|
|
|
}
|
|
|
|
|
2020-08-12 07:58:07 +00:00
|
|
|
if d.config.InfraImagePullTimeout != "" {
|
|
|
|
dur, err := time.ParseDuration(d.config.InfraImagePullTimeout)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("failed to parse 'infra_image_pull_timeout' duaration: %v", err)
|
|
|
|
}
|
|
|
|
d.config.infraImagePullTimeoutDuration = dur
|
|
|
|
}
|
|
|
|
|
2020-05-12 15:03:08 +00:00
|
|
|
d.config.allowRuntimes = make(map[string]struct{}, len(d.config.AllowRuntimesList))
|
|
|
|
for _, r := range d.config.AllowRuntimesList {
|
|
|
|
d.config.allowRuntimes[r] = struct{}{}
|
2020-05-12 14:13:50 +00:00
|
|
|
}
|
|
|
|
|
2018-12-18 00:40:58 +00:00
|
|
|
if c.AgentConfig != nil {
|
|
|
|
d.clientConfig = c.AgentConfig.Driver
|
2018-11-20 03:41:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
dockerClient, _, err := d.dockerClients()
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("failed to get docker client: %v", err)
|
|
|
|
}
|
|
|
|
coordinatorConfig := &dockerCoordinatorConfig{
|
2020-05-26 22:19:18 +00:00
|
|
|
ctx: d.ctx,
|
2018-11-20 03:41:14 +00:00
|
|
|
client: dockerClient,
|
|
|
|
cleanup: d.config.GC.Image,
|
|
|
|
logger: d.logger,
|
|
|
|
removeDelay: d.config.GC.imageDelayDuration,
|
|
|
|
}
|
|
|
|
|
2018-11-20 04:07:07 +00:00
|
|
|
d.coordinator = newDockerCoordinator(coordinatorConfig)
|
2018-11-20 03:41:14 +00:00
|
|
|
|
client: enable support for cgroups v2
This PR introduces support for using Nomad on systems with cgroups v2 [1]
enabled as the cgroups controller mounted on /sys/fs/cgroups. Newer Linux
distros like Ubuntu 21.10 are shipping with cgroups v2 only, causing problems
for Nomad users.
Nomad mostly "just works" with cgroups v2 due to the indirection via libcontainer,
but not so for managing cpuset cgroups. Before, Nomad has been making use of
a feature in v1 where a PID could be a member of more than one cgroup. In v2
this is no longer possible, and so the logic around computing cpuset values
must be modified. When Nomad detects v2, it manages cpuset values in-process,
rather than making use of cgroup heirarchy inheritence via shared/reserved
parents.
Nomad will only activate the v2 logic when it detects cgroups2 is mounted at
/sys/fs/cgroups. This means on systems running in hybrid mode with cgroups2
mounted at /sys/fs/cgroups/unified (as is typical) Nomad will continue to
use the v1 logic, and should operate as before. Systems that do not support
cgroups v2 are also not affected.
When v2 is activated, Nomad will create a parent called nomad.slice (unless
otherwise configured in Client conifg), and create cgroups for tasks using
naming convention <allocID>-<task>.scope. These follow the naming convention
set by systemd and also used by Docker when cgroups v2 is detected.
Client nodes now export a new fingerprint attribute, unique.cgroups.version
which will be set to 'v1' or 'v2' to indicate the cgroups regime in use by
Nomad.
The new cpuset management strategy fixes #11705, where docker tasks that
spawned processes on startup would "leak". In cgroups v2, the PIDs are
started in the cgroup they will always live in, and thus the cause of
the leak is eliminated.
[1] https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html
Closes #11289
Fixes #11705 #11773 #11933
2022-02-28 22:24:01 +00:00
|
|
|
d.danglingReconciler = newReconciler(d)
|
|
|
|
|
|
|
|
d.cpusetFixer = newCpusetFixer(d)
|
2019-09-13 15:24:58 +00:00
|
|
|
|
2018-11-20 03:41:14 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (d *Driver) TaskConfigSchema() (*hclspec.Spec, error) {
|
|
|
|
return taskConfigSpec, nil
|
|
|
|
}
|
|
|
|
|
2021-05-13 20:21:52 +00:00
|
|
|
// Capabilities is returned by the Capabilities RPC and indicates what optional
|
|
|
|
// features this driver supports.
|
2018-11-20 03:41:14 +00:00
|
|
|
func (d *Driver) Capabilities() (*drivers.Capabilities, error) {
|
2021-05-13 20:21:52 +00:00
|
|
|
return driverCapabilities, nil
|
2018-11-20 03:41:14 +00:00
|
|
|
}
|
2019-12-07 03:11:41 +00:00
|
|
|
|
|
|
|
var _ drivers.InternalCapabilitiesDriver = (*Driver)(nil)
|
|
|
|
|
|
|
|
func (d *Driver) InternalCapabilities() drivers.InternalCapabilities {
|
|
|
|
return drivers.InternalCapabilities{
|
|
|
|
DisableLogCollection: d.config != nil && d.config.DisableLogCollection,
|
|
|
|
}
|
|
|
|
}
|