Allow rkt driver to mount volumes read-only

This commit is contained in:
Karel Malec 2017-07-21 13:05:15 +02:00
parent c8ad00aff6
commit 4b98f94a88
2 changed files with 18 additions and 5 deletions

View file

@ -80,7 +80,7 @@ type RktDriverConfig struct {
Net []string `mapstructure:"net"` // Networks for the containers
PortMapRaw []map[string]string `mapstructure:"port_map"` //
PortMap map[string]string `mapstructure:"-"` // A map of host port and the port name defined in the image manifest file
Volumes []string `mapstructure:"volumes"` // Host-Volumes to mount in, syntax: /path/to/host/directory:/destination/path/in/container
Volumes []string `mapstructure:"volumes"` // Host-Volumes to mount in, syntax: /path/to/host/directory:/destination/path/in/container[:readOnly]
InsecureOptions []string `mapstructure:"insecure_options"` // list of args for --insecure-options
NoOverlay bool `mapstructure:"no_overlay"` // disable overlayfs for rkt run
@ -319,11 +319,22 @@ func (d *RktDriver) Start(ctx *ExecContext, task *structs.Task) (*StartResponse,
}
for i, rawvol := range driverConfig.Volumes {
parts := strings.Split(rawvol, ":")
if len(parts) != 2 {
readOnly := "false"
// job spec:
// volumes = ["/host/path:/container/path[:readOnly]"]
// the third parameter is optional, mount is read-write by default
if len(parts) == 3 {
if parts[2] == "readOnly" {
d.logger.Printf("[DEBUG] Mounting %s:%s as readOnly", parts[0], parts[1])
readOnly = "true"
} else {
d.logger.Printf("[WARN] Unknown volume parameter '%s' ignored for mount %s", parts[2], parts[0])
}
} else if len(parts) != 2 {
return nil, fmt.Errorf("invalid rkt volume: %q", rawvol)
}
volName := fmt.Sprintf("%s-%s-%d", d.DriverContext.allocID, sanitizedName, i)
cmdArgs = append(cmdArgs, fmt.Sprintf("--volume=%s,kind=host,source=%s", volName, parts[0]))
cmdArgs = append(cmdArgs, fmt.Sprintf("--volume=%s,kind=host,source=%s,readOnly=%s", volName, parts[0], readOnly))
cmdArgs = append(cmdArgs, fmt.Sprintf("--mount=volume=%s,target=%s", volName, parts[1]))
}
}

View file

@ -103,12 +103,14 @@ The `rkt` driver supports the following configuration in the job spec:
* `no_overlay` - (Optional) When enabled, will use `--no-overlay=true` flag for 'rkt run'.
Useful when running jobs on older systems affected by https://github.com/rkt/rkt/issues/1922
* `volumes` - (Optional) A list of `host_path:container_path` strings to bind
* `volumes` - (Optional) A list of `host_path:container_path[:readOnly]` strings to bind
host paths to container paths.
Mount is done read-write by default; an optional third parameter `readOnly` can be provided
to make it read-only.
```hcl
config {
volumes = ["/path/on/host:/path/in/container"]
volumes = ["/path/on/host:/path/in/container", "/readonly/path/on/host:/path/in/container:readOnly"]
}
```