github.com/alibaba/sealer@v0.8.6-0.20220430115802-37a2bdaa8173/pkg/infra/container/client/docker/container.go (about) 1 // Copyright © 2021 Alibaba Group Holding Ltd. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package docker 16 17 import ( 18 "github.com/docker/docker/api/types" 19 "github.com/docker/docker/api/types/container" 20 "github.com/docker/docker/api/types/mount" 21 "github.com/docker/docker/api/types/network" 22 23 "github.com/alibaba/sealer/pkg/infra/container/client" 24 25 "github.com/alibaba/sealer/logger" 26 ) 27 28 func (p *Provider) getUserNsMode() (container.UsernsMode, error) { 29 sysInfo, err := p.DockerClient.Info(p.Ctx) 30 if err != nil { 31 return "", err 32 } 33 34 var usernsMode container.UsernsMode 35 for _, opt := range sysInfo.SecurityOptions { 36 if opt == "name=userns" { 37 usernsMode = "host" 38 } 39 } 40 return usernsMode, err 41 } 42 43 func (p *Provider) setContainerMount(opts *client.CreateOptsForContainer) []mount.Mount { 44 mounts := DefaultMounts() 45 if opts.Mount != nil { 46 mounts = append(mounts, opts.Mount...) 47 } 48 return mounts 49 } 50 51 func (p *Provider) RunContainer(opts *client.CreateOptsForContainer) (string, error) { 52 //docker run --hostname master1 --name master1 53 //--privileged 54 //--security-opt seccomp=unconfined --security-opt apparmor=unconfined 55 //--tmpfs /tmp --tmpfs /run 56 //--volume /var --volume /lib/modules:/lib/modules:ro 57 //--device /dev/fuse 58 //--detach --tty --restart=on-failure:1 --init=false sealer-io/sealer-base-image:latest 59 networkID, err := p.PrepareNetworkResource(opts.NetworkName) 60 if err != nil { 61 return "", err 62 } 63 64 _, err = p.PullImage(opts.ImageName) 65 if err != nil { 66 return "", err 67 } 68 69 mod, _ := p.getUserNsMode() 70 mounts := p.setContainerMount(opts) 71 falseOpts := false 72 resp, err := p.DockerClient.ContainerCreate(p.Ctx, &container.Config{ 73 Image: opts.ImageName, 74 Tty: true, 75 Labels: opts.ContainerLabel, 76 Hostname: opts.ContainerHostName, 77 AttachStdin: false, 78 AttachStdout: false, 79 AttachStderr: false, 80 }, 81 &container.HostConfig{ 82 UsernsMode: mod, 83 SecurityOpt: []string{ 84 "seccomp=unconfined", "apparmor=unconfined", 85 }, 86 RestartPolicy: container.RestartPolicy{ 87 Name: "on-failure", 88 MaximumRetryCount: 1, 89 }, 90 Init: &falseOpts, 91 CgroupnsMode: "host", 92 Privileged: true, 93 Mounts: mounts, 94 }, &network.NetworkingConfig{ 95 EndpointsConfig: map[string]*network.EndpointSettings{ 96 opts.NetworkName: { 97 NetworkID: networkID, 98 }, 99 }, 100 }, nil, opts.ContainerName) 101 102 if err != nil { 103 return "", err 104 } 105 106 err = p.DockerClient.ContainerStart(p.Ctx, resp.ID, types.ContainerStartOptions{}) 107 if err != nil { 108 return "", err 109 } 110 logger.Info("create container %s successfully", opts.ContainerName) 111 return resp.ID, nil 112 } 113 114 func (p *Provider) GetContainerInfo(containerID string, networkName string) (*client.Container, error) { 115 resp, err := p.DockerClient.ContainerInspect(p.Ctx, containerID) 116 if err != nil { 117 return nil, err 118 } 119 return &client.Container{ 120 ContainerName: resp.Name, 121 ContainerIP: resp.NetworkSettings.Networks[networkName].IPAddress, 122 ContainerHostName: resp.Config.Hostname, 123 ContainerLabel: resp.Config.Labels, 124 Status: resp.State.Status, 125 }, nil 126 } 127 128 func (p *Provider) GetContainerIDByIP(containerIP string, networkName string) (string, error) { 129 resp, err := p.DockerClient.ContainerList(p.Ctx, types.ContainerListOptions{}) 130 if err != nil { 131 return "", err 132 } 133 134 for _, item := range resp { 135 if net, ok := item.NetworkSettings.Networks[networkName]; ok { 136 if containerIP == net.IPAddress { 137 return item.ID, nil 138 } 139 } 140 } 141 return "", err 142 } 143 144 func (p *Provider) RmContainer(containerID string) error { 145 err := p.DockerClient.ContainerRemove(p.Ctx, containerID, types.ContainerRemoveOptions{ 146 RemoveVolumes: true, 147 Force: true, 148 }) 149 150 if err != nil { 151 return err 152 } 153 154 logger.Info("delete container %s successfully", containerID) 155 return nil 156 } 157 158 func (p *Provider) GetServerInfo() (*client.DockerInfo, error) { 159 sysInfo, err := p.DockerClient.Info(p.Ctx) 160 if err != nil { 161 return nil, err 162 } 163 164 return &client.DockerInfo{ 165 CgroupDriver: sysInfo.CgroupDriver, 166 CgroupVersion: sysInfo.CgroupVersion, 167 StorageDriver: sysInfo.Driver, 168 MemoryLimit: sysInfo.MemoryLimit, 169 PidsLimit: sysInfo.PidsLimit, 170 CPUShares: sysInfo.CPUShares, 171 CPUNumber: sysInfo.NCPU, 172 SecurityOptions: sysInfo.SecurityOptions, 173 }, nil 174 }