container

Documentation

Index

• Constants
• Variables
• func ApplyDiff(id string, i *image2.Image) error
• func CleanPortMapping(cinfo *ContainerInfo) error
• func CleanUp(containerId string, volumes []string)
• func DefaultCapabilities() ([]capability.Cap, error)
• func DelDefaultDevice(id string)
• func DelWorkSpace(id string) error
• func DeleteContainerInfo(containerId string) error
• func GetDiffDirName() string
• func GetDiffPath(id string) string
• func GetHome() string
• func GetLowerDirs(id string) ([]string, error)
• func LoopExtract(layers []string, i *image2.Image) error
• func MountVolumeSlice(rootfs string, volumeSlice []string) error
• func NewInitProcess(defaultArgv []string) error
• func NewParentProcess(interactive, tty bool, image string, volumeSlice, environSlice []string, ...) (*exec.Cmd, *os.File)
• func NewWorkSpace(image, id string) (string, error)
• func RecordContainerIP(containerId string, ip net.IP) error
• func RecordContainerInfo(containerPID int, commandArray []string, containerName, id string, ...) (string, error)
• func RemoveContainer(containerName string) error
• func StopContainer(containerName string) error
• func UnMountVolumeSlice(id string, volumeSlice []string) error
• type CGroupResourceConfig
• type Config
• type ContainerInfo
  • func GetContainerInfo(containerName string) (*ContainerInfo, error)
• type Device
• type Permissions
• type Rule
  • func (d *Rule) Mkdev() (uint64, error)
• type State
  • func (s *State) String() string
• type Type

Constants

const (
	Wildcard = -1
)

Variables

var (
	DefaultInfoLocation string = "/var/lib/rocker/containers"
	ConfigName          string = "config.json"
	ContainerLogFile    string = "container.log"
)

var AllowedDevices = []*Device{

	{
		Path:     "/dev/null",
		FileMode: 0666,
		Uid:      0,
		Gid:      0,
		Rule: Rule{
			Type:        CharDevice,
			Major:       1,
			Minor:       3,
			Permissions: "rwm",
			Allow:       true,
		},
	},
	{
		Path:     "/dev/random",
		FileMode: 0666,
		Uid:      0,
		Gid:      0,
		Rule: Rule{
			Type:        CharDevice,
			Major:       1,
			Minor:       8,
			Permissions: "rwm",
			Allow:       true,
		},
	},
	{
		Path:     "/dev/full",
		FileMode: 0666,
		Uid:      0,
		Gid:      0,
		Rule: Rule{
			Type:        CharDevice,
			Major:       1,
			Minor:       7,
			Permissions: "rwm",
			Allow:       true,
		},
	},
	{
		Path:     "/dev/tty",
		FileMode: 0666,
		Uid:      0,
		Gid:      0,
		Rule: Rule{
			Type:        CharDevice,
			Major:       5,
			Minor:       0,
			Permissions: "rwm",
			Allow:       true,
		},
	},
	{
		Path:     "/dev/zero",
		FileMode: 0666,
		Uid:      0,
		Gid:      0,
		Rule: Rule{
			Type:        CharDevice,
			Major:       1,
			Minor:       5,
			Permissions: "rwm",
			Allow:       true,
		},
	},
	{
		Path:     "/dev/urandom",
		FileMode: 0666,
		Uid:      0,
		Gid:      0,
		Rule: Rule{
			Type:        CharDevice,
			Major:       1,
			Minor:       9,
			Permissions: "rwm",
			Allow:       true,
		},
	},
}

https://github.com/opencontainers/runc/blob/master/libcontainer/specconv/spec_linux.go#L65

Functions

func ApplyDiff

func ApplyDiff(id string, i *image2.Image) error

将每层的文件压缩比解压到对应的Diff文件夹

func CleanPortMapping

func CleanPortMapping(cinfo *ContainerInfo) error

func CleanUp

func CleanUp(containerId string, volumes []string)

func DefaultCapabilities

func DefaultCapabilities() ([]capability.Cap, error)

func DelDefaultDevice

func DelDefaultDevice(id string)

umount设备

func DelWorkSpace

func DelWorkSpace(id string) error

删除当前container层的目录

func DeleteContainerInfo

func DeleteContainerInfo(containerId string) error

func GetDiffDirName

func GetDiffDirName() string

func GetDiffPath

func GetDiffPath(id string) string

func GetHome

func GetHome() string

func GetLowerDirs

func GetLowerDirs(id string) ([]string, error)

获得所有的lowerDir

func LoopExtract

func LoopExtract(layers []string, i *image2.Image) error

循环解压image tar包

func MountVolumeSlice

func MountVolumeSlice(rootfs string, volumeSlice []string) error

func NewInitProcess

func NewInitProcess(defaultArgv []string) error

容器初始化命令

func NewParentProcess

func NewParentProcess(interactive, tty bool, image string, volumeSlice, environSlice []string, containerId, containerName string) (*exec.Cmd, *os.File)

func NewWorkSpace

func NewWorkSpace(image, id string) (string, error)

目前暂定rootFs是当前目录下的tar包 return 挂载的 mntUrl

func RecordContainerIP

func RecordContainerIP(containerId string, ip net.IP) error

func RecordContainerInfo

func RecordContainerInfo(containerPID int, commandArray []string, containerName, id string, volumeSlice, portMapping []string, res *subsystem.ResourceConfig) (string, error)

func RemoveContainer

func RemoveContainer(containerName string) error

func StopContainer

func StopContainer(containerName string) error

func UnMountVolumeSlice

func UnMountVolumeSlice(id string, volumeSlice []string) error

Types

type CGroupResourceConfig

type CGroupResourceConfig struct {
	MemoryLimit string `json:"MemoryLimit"`
	CpuShare    string `json:"CpuShare"`
	CpuSet      string `json:"CpuSet"`
}

type Config

type Config struct {
	Cmd         []string             `json:"Cmd"`
	Image       string               `json:"Image"`
	Volumes     []string             `json:"Volumes"`
	CGroup      CGroupResourceConfig `json:"CGroup"`
	PortMapping []string             `json:"portmapping"`
	IP          net.IP               `json:"IP"`
}

type ContainerInfo

type ContainerInfo struct {
	//容器状态
	State   State         `json:"State"`
	ID      string        `json:"ID"`
	Created time.Time     `json:"Created"`
	Args    []interface{} `json:"Args"`
	Config  Config        `json:"Config"`
	Name    string        `json:"Name"`
}

https://github.com/moby/moby/blob/46cdcd206c56172b95ba5c77b827a722dab426c5/container/state.go#L17

func GetContainerInfo

func GetContainerInfo(containerName string) (*ContainerInfo, error)

type Device

type Device struct {
	Rule

	// Path to the device.
	Path string `json:"path"`

	// FileMode permission bits for the device.
	FileMode os.FileMode `json:"file_mode"`

	// Uid of the device.
	Uid uint32 `json:"uid"`

	// Gid of the device.
	Gid uint32 `json:"gid"`
}

type Permissions

type Permissions string

type Rule

type Rule struct {
	// Type of device ('c' for char, 'b' for block). If set to 'a', this rule
	// acts as a wildcard and all fields other than Allow are ignored.
	Type Type `json:"type"`

	// Major is the device's major number.
	Major int64 `json:"major"`

	// Minor is the device's minor number.
	Minor int64 `json:"minor"`

	// Permissions is the set of permissions that this rule applies to (in the
	// cgroupv1 format -- any combination of "rwm").
	Permissions Permissions `json:"permissions"`

	// Allow specifies whether this rule is allowed.
	Allow bool `json:"allow"`
}

func (*Rule) Mkdev

func (d *Rule) Mkdev() (uint64, error)

type State

type State struct {
	Running           bool      `json:"Running"`
	Paused            bool      `json:"Paused"`
	Restarting        bool      `json:"Restarting"`
	OOMKilled         bool      `json:"OOMKilled"`
	RemovalInProgress bool      `json:"RemovalInProgress"`
	Dead              bool      `json:"Dead"`
	Pid               int       `json:"Pid"`
	ExitCode          int       `json:"ExitCode"`
	StartedAt         time.Time `json:"StartedAt"`
	FinishedAt        time.Time `json:"FinishedAt"`
}

func (*State) String

func (s *State) String() string

type Type

type Type rune

const (
	WildcardDevice Type = 'a'
	BlockDevice    Type = 'b'
	CharDevice     Type = 'c' // or 'u'
	FifoDevice     Type = 'p'
)