diff options
author | Darren Stahl <darst@microsoft.com> | 2017-08-01 10:00:38 -0700 |
---|---|---|
committer | Kenfe-Mickael Laventure <mickael.laventure@gmail.com> | 2017-08-21 15:19:31 -0700 |
commit | 7c29103ad9b4e02ecc6cdde01da9c3675a377fc4 (patch) | |
tree | 124ca8e7f3a11f4b64e60e4bf52c1cd7c95b73cf /daemon/start_windows.go | |
parent | 45d85c99139bbd16004bbedb7d5bac6a60264538 (diff) | |
download | docker-7c29103ad9b4e02ecc6cdde01da9c3675a377fc4.tar.gz |
Update Windows and LCOW to use v1.0.0 runtime-spec
Signed-off-by: Darren Stahl <darst@microsoft.com>
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Diffstat (limited to 'daemon/start_windows.go')
-rw-r--r-- | daemon/start_windows.go | 202 |
1 files changed, 0 insertions, 202 deletions
diff --git a/daemon/start_windows.go b/daemon/start_windows.go index 098380d00b..9082a93ff6 100644 --- a/daemon/start_windows.go +++ b/daemon/start_windows.go @@ -1,148 +1,14 @@ package daemon import ( - "fmt" - "io/ioutil" - "path/filepath" - "strings" - "github.com/Microsoft/opengcs/client" "github.com/docker/docker/container" - "github.com/docker/docker/layer" "github.com/docker/docker/libcontainerd" - "golang.org/x/sys/windows/registry" -) - -const ( - credentialSpecRegistryLocation = `SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs` - credentialSpecFileLocation = "CredentialSpecs" ) func (daemon *Daemon) getLibcontainerdCreateOptions(container *container.Container) ([]libcontainerd.CreateOption, error) { createOptions := []libcontainerd.CreateOption{} - // Are we going to run as a Hyper-V container? - hvOpts := &libcontainerd.HyperVIsolationOption{} - if container.HostConfig.Isolation.IsDefault() { - // Container is set to use the default, so take the default from the daemon configuration - hvOpts.IsHyperV = daemon.defaultIsolation.IsHyperV() - } else { - // Container is requesting an isolation mode. Honour it. - hvOpts.IsHyperV = container.HostConfig.Isolation.IsHyperV() - } - - dnsSearch := daemon.getDNSSearchSettings(container) - - // Generate the layer folder of the layer options - layerOpts := &libcontainerd.LayerOption{} - m, err := container.RWLayer.Metadata() - if err != nil { - return nil, fmt.Errorf("failed to get layer metadata - %s", err) - } - layerOpts.LayerFolderPath = m["dir"] - - // Generate the layer paths of the layer options - img, err := daemon.stores[container.Platform].imageStore.Get(container.ImageID) - if err != nil { - return nil, fmt.Errorf("failed to graph.Get on ImageID %s - %s", container.ImageID, err) - } - // Get the layer path for each layer. - max := len(img.RootFS.DiffIDs) - for i := 1; i <= max; i++ { - img.RootFS.DiffIDs = img.RootFS.DiffIDs[:i] - layerPath, err := layer.GetLayerPath(daemon.stores[container.Platform].layerStore, img.RootFS.ChainID()) - if err != nil { - return nil, fmt.Errorf("failed to get layer path from graphdriver %s for ImageID %s - %s", daemon.stores[container.Platform].layerStore, img.RootFS.ChainID(), err) - } - // Reverse order, expecting parent most first - layerOpts.LayerPaths = append([]string{layerPath}, layerOpts.LayerPaths...) - } - - // Get endpoints for the libnetwork allocated networks to the container - var epList []string - AllowUnqualifiedDNSQuery := false - gwHNSID := "" - if container.NetworkSettings != nil { - for n := range container.NetworkSettings.Networks { - sn, err := daemon.FindNetwork(n) - if err != nil { - continue - } - - ep, err := container.GetEndpointInNetwork(sn) - if err != nil { - continue - } - - data, err := ep.DriverInfo() - if err != nil { - continue - } - - if data["GW_INFO"] != nil { - gwInfo := data["GW_INFO"].(map[string]interface{}) - if gwInfo["hnsid"] != nil { - gwHNSID = gwInfo["hnsid"].(string) - } - } - - if data["hnsid"] != nil { - epList = append(epList, data["hnsid"].(string)) - } - - if data["AllowUnqualifiedDNSQuery"] != nil { - AllowUnqualifiedDNSQuery = true - } - } - } - - if gwHNSID != "" { - epList = append(epList, gwHNSID) - } - - // Read and add credentials from the security options if a credential spec has been provided. - if container.HostConfig.SecurityOpt != nil { - for _, sOpt := range container.HostConfig.SecurityOpt { - sOpt = strings.ToLower(sOpt) - if !strings.Contains(sOpt, "=") { - return nil, fmt.Errorf("invalid security option: no equals sign in supplied value %s", sOpt) - } - var splitsOpt []string - splitsOpt = strings.SplitN(sOpt, "=", 2) - if len(splitsOpt) != 2 { - return nil, fmt.Errorf("invalid security option: %s", sOpt) - } - if splitsOpt[0] != "credentialspec" { - return nil, fmt.Errorf("security option not supported: %s", splitsOpt[0]) - } - - credentialsOpts := &libcontainerd.CredentialsOption{} - var ( - match bool - csValue string - err error - ) - if match, csValue = getCredentialSpec("file://", splitsOpt[1]); match { - if csValue == "" { - return nil, fmt.Errorf("no value supplied for file:// credential spec security option") - } - if credentialsOpts.Credentials, err = readCredentialSpecFile(container.ID, daemon.root, filepath.Clean(csValue)); err != nil { - return nil, err - } - } else if match, csValue = getCredentialSpec("registry://", splitsOpt[1]); match { - if csValue == "" { - return nil, fmt.Errorf("no value supplied for registry:// credential spec security option") - } - if credentialsOpts.Credentials, err = readCredentialSpecRegistry(container.ID, csValue); err != nil { - return nil, err - } - } else { - return nil, fmt.Errorf("invalid credential spec security option - value must be prefixed file:// or registry:// followed by a value") - } - createOptions = append(createOptions, credentialsOpts) - } - } - // LCOW options. if container.Platform == "linux" { config := &client.Config{} @@ -173,73 +39,5 @@ func (daemon *Daemon) getLibcontainerdCreateOptions(container *container.Contain createOptions = append(createOptions, lcowOpts) } - // Now add the remaining options. - createOptions = append(createOptions, &libcontainerd.FlushOption{IgnoreFlushesDuringBoot: !container.HasBeenStartedBefore}) - createOptions = append(createOptions, hvOpts) - createOptions = append(createOptions, layerOpts) - - var networkSharedContainerID string - if container.HostConfig.NetworkMode.IsContainer() { - networkSharedContainerID = container.NetworkSharedContainerID - for _, ep := range container.SharedEndpointList { - epList = append(epList, ep) - } - } - - createOptions = append(createOptions, &libcontainerd.NetworkEndpointsOption{ - Endpoints: epList, - AllowUnqualifiedDNSQuery: AllowUnqualifiedDNSQuery, - DNSSearchList: dnsSearch, - NetworkSharedContainerID: networkSharedContainerID, - }) return createOptions, nil } - -// getCredentialSpec is a helper function to get the value of a credential spec supplied -// on the CLI, stripping the prefix -func getCredentialSpec(prefix, value string) (bool, string) { - if strings.HasPrefix(value, prefix) { - return true, strings.TrimPrefix(value, prefix) - } - return false, "" -} - -// readCredentialSpecRegistry is a helper function to read a credential spec from -// the registry. If not found, we return an empty string and warn in the log. -// This allows for staging on machines which do not have the necessary components. -func readCredentialSpecRegistry(id, name string) (string, error) { - var ( - k registry.Key - err error - val string - ) - if k, err = registry.OpenKey(registry.LOCAL_MACHINE, credentialSpecRegistryLocation, registry.QUERY_VALUE); err != nil { - return "", fmt.Errorf("failed handling spec %q for container %s - %s could not be opened", name, id, credentialSpecRegistryLocation) - } - if val, _, err = k.GetStringValue(name); err != nil { - if err == registry.ErrNotExist { - return "", fmt.Errorf("credential spec %q for container %s as it was not found", name, id) - } - return "", fmt.Errorf("error %v reading credential spec %q from registry for container %s", err, name, id) - } - return val, nil -} - -// readCredentialSpecFile is a helper function to read a credential spec from -// a file. If not found, we return an empty string and warn in the log. -// This allows for staging on machines which do not have the necessary components. -func readCredentialSpecFile(id, root, location string) (string, error) { - if filepath.IsAbs(location) { - return "", fmt.Errorf("invalid credential spec - file:// path cannot be absolute") - } - base := filepath.Join(root, credentialSpecFileLocation) - full := filepath.Join(base, location) - if !strings.HasPrefix(full, base) { - return "", fmt.Errorf("invalid credential spec - file:// path must be under %s", base) - } - bcontents, err := ioutil.ReadFile(full) - if err != nil { - return "", fmt.Errorf("credential spec '%s' for container %s as the file could not be read: %q", full, id, err) - } - return string(bcontents[:]), nil -} |