2019-05-14 00:59:31 +00:00
|
|
|
package docker
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
|
|
|
|
docker "github.com/fsouza/go-dockerclient"
|
|
|
|
"github.com/hashicorp/nomad/plugins/drivers"
|
|
|
|
)
|
|
|
|
|
2021-09-16 06:13:09 +00:00
|
|
|
const (
|
|
|
|
// dockerNetSpecLabelKey is the label added when we create a pause
|
|
|
|
// container to own the network namespace, and the NetworkIsolationSpec we
|
|
|
|
// get back from CreateNetwork has this label set as the container ID.
|
|
|
|
// We'll use this to generate a hostname for the task in the event the user
|
|
|
|
// did not specify a custom one. Please see dockerNetSpecHostnameKey.
|
|
|
|
dockerNetSpecLabelKey = "docker_sandbox_container_id"
|
|
|
|
|
|
|
|
// dockerNetSpecHostnameKey is the label added when we create a pause
|
|
|
|
// container and the task group network include a user supplied hostname
|
|
|
|
// parameter.
|
|
|
|
dockerNetSpecHostnameKey = "docker_sandbox_hostname"
|
|
|
|
)
|
2019-05-14 00:59:31 +00:00
|
|
|
|
2021-09-16 06:13:09 +00:00
|
|
|
func (d *Driver) CreateNetwork(allocID string, createSpec *drivers.NetworkCreateRequest) (*drivers.NetworkIsolationSpec, bool, error) {
|
2019-05-14 00:59:31 +00:00
|
|
|
// Initialize docker API clients
|
|
|
|
client, _, err := d.dockerClients()
|
|
|
|
if err != nil {
|
2019-09-18 20:34:57 +00:00
|
|
|
return nil, false, fmt.Errorf("failed to connect to docker daemon: %s", err)
|
2019-05-14 00:59:31 +00:00
|
|
|
}
|
|
|
|
|
2019-06-14 15:42:32 +00:00
|
|
|
repo, _ := parseDockerImage(d.config.InfraImage)
|
2019-05-14 00:59:31 +00:00
|
|
|
authOptions, err := firstValidAuth(repo, []authBackend{
|
|
|
|
authFromDockerConfig(d.config.Auth.Config),
|
|
|
|
authFromHelper(d.config.Auth.Helper),
|
|
|
|
})
|
|
|
|
if err != nil {
|
2019-06-14 15:42:32 +00:00
|
|
|
d.logger.Debug("auth failed for infra container image pull", "image", d.config.InfraImage, "error", err)
|
2019-05-14 00:59:31 +00:00
|
|
|
}
|
2020-08-12 07:58:07 +00:00
|
|
|
_, err = d.coordinator.PullImage(d.config.InfraImage, authOptions, allocID, noopLogEventFn, d.config.infraImagePullTimeoutDuration, d.config.pullActivityTimeoutDuration)
|
2019-05-14 00:59:31 +00:00
|
|
|
if err != nil {
|
2019-09-18 20:34:57 +00:00
|
|
|
return nil, false, err
|
2019-05-14 00:59:31 +00:00
|
|
|
}
|
|
|
|
|
2021-09-16 06:13:09 +00:00
|
|
|
config, err := d.createSandboxContainerConfig(allocID, createSpec)
|
2019-05-14 00:59:31 +00:00
|
|
|
if err != nil {
|
2019-09-18 20:34:57 +00:00
|
|
|
return nil, false, err
|
2019-05-14 00:59:31 +00:00
|
|
|
}
|
|
|
|
|
2021-09-16 06:13:09 +00:00
|
|
|
specFromContainer := func(c *docker.Container, hostname string) *drivers.NetworkIsolationSpec {
|
|
|
|
spec := &drivers.NetworkIsolationSpec{
|
2019-09-18 20:34:57 +00:00
|
|
|
Mode: drivers.NetIsolationModeGroup,
|
|
|
|
Path: c.NetworkSettings.SandboxKey,
|
|
|
|
Labels: map[string]string{
|
|
|
|
dockerNetSpecLabelKey: c.ID,
|
|
|
|
},
|
|
|
|
}
|
2021-09-16 06:13:09 +00:00
|
|
|
|
|
|
|
// If the user supplied a hostname, set the label.
|
|
|
|
if hostname != "" {
|
|
|
|
spec.Labels[dockerNetSpecHostnameKey] = hostname
|
|
|
|
}
|
|
|
|
|
|
|
|
return spec
|
2019-09-18 20:34:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// We want to return a flag that tells us if the container already
|
|
|
|
// existed so that callers can decide whether or not to recreate
|
|
|
|
// the task's network namespace associations.
|
|
|
|
container, err := d.containerByName(config.Name)
|
|
|
|
if err != nil {
|
|
|
|
return nil, false, err
|
|
|
|
}
|
|
|
|
if container != nil && container.State.Running {
|
2021-09-16 06:13:09 +00:00
|
|
|
return specFromContainer(container, createSpec.Hostname), false, nil
|
2019-09-18 20:34:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
container, err = d.createContainer(client, *config, d.config.InfraImage)
|
2019-05-14 00:59:31 +00:00
|
|
|
if err != nil {
|
2019-09-18 20:34:57 +00:00
|
|
|
return nil, false, err
|
2019-05-14 00:59:31 +00:00
|
|
|
}
|
|
|
|
|
2019-09-18 20:34:57 +00:00
|
|
|
if err = d.startContainer(container); err != nil {
|
|
|
|
return nil, false, err
|
2019-05-14 00:59:31 +00:00
|
|
|
}
|
|
|
|
|
2020-12-10 15:29:18 +00:00
|
|
|
// until the container is started, InspectContainerWithOptions
|
2019-09-18 20:34:57 +00:00
|
|
|
// returns a mostly-empty struct
|
2020-12-10 15:29:18 +00:00
|
|
|
container, err = client.InspectContainerWithOptions(docker.InspectContainerOptions{
|
|
|
|
ID: container.ID,
|
|
|
|
})
|
2019-05-14 00:59:31 +00:00
|
|
|
if err != nil {
|
2019-09-18 20:34:57 +00:00
|
|
|
return nil, false, err
|
2019-05-14 00:59:31 +00:00
|
|
|
}
|
|
|
|
|
2021-09-16 06:13:09 +00:00
|
|
|
return specFromContainer(container, createSpec.Hostname), true, nil
|
2019-05-14 00:59:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (d *Driver) DestroyNetwork(allocID string, spec *drivers.NetworkIsolationSpec) error {
|
|
|
|
client, _, err := d.dockerClients()
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("failed to connect to docker daemon: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return client.RemoveContainer(docker.RemoveContainerOptions{
|
|
|
|
Force: true,
|
|
|
|
ID: spec.Labels[dockerNetSpecLabelKey],
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2019-06-15 02:32:55 +00:00
|
|
|
// createSandboxContainerConfig creates a docker container configuration which
|
2021-09-16 06:13:09 +00:00
|
|
|
// starts a container with an empty network namespace.
|
|
|
|
func (d *Driver) createSandboxContainerConfig(allocID string, createSpec *drivers.NetworkCreateRequest) (*docker.CreateContainerOptions, error) {
|
2019-05-14 00:59:31 +00:00
|
|
|
|
|
|
|
return &docker.CreateContainerOptions{
|
2019-06-15 02:16:31 +00:00
|
|
|
Name: fmt.Sprintf("nomad_init_%s", allocID),
|
2019-05-14 00:59:31 +00:00
|
|
|
Config: &docker.Config{
|
2021-09-16 06:13:09 +00:00
|
|
|
Image: d.config.InfraImage,
|
|
|
|
Hostname: createSpec.Hostname,
|
2019-05-14 00:59:31 +00:00
|
|
|
},
|
|
|
|
HostConfig: &docker.HostConfig{
|
2021-09-16 06:13:09 +00:00
|
|
|
// Set the network mode to none which creates a network namespace
|
|
|
|
// with only a loopback interface.
|
2019-05-14 00:59:31 +00:00
|
|
|
NetworkMode: "none",
|
|
|
|
},
|
|
|
|
}, nil
|
|
|
|
}
|