github.com/demonoid81/moby@v0.0.0-20200517203328-62dd8e17c460/api/types/container/host_config.go (about) 1 package container // import "github.com/demonoid81/moby/api/types/container" 2 3 import ( 4 "strings" 5 6 "github.com/demonoid81/moby/api/types/blkiodev" 7 "github.com/demonoid81/moby/api/types/mount" 8 "github.com/demonoid81/moby/api/types/strslice" 9 "github.com/docker/go-connections/nat" 10 units "github.com/docker/go-units" 11 ) 12 13 // CgroupnsMode represents the cgroup namespace mode of the container 14 type CgroupnsMode string 15 16 // IsPrivate indicates whether the container uses its own private cgroup namespace 17 func (c CgroupnsMode) IsPrivate() bool { 18 return c == "private" 19 } 20 21 // IsHost indicates whether the container shares the host's cgroup namespace 22 func (c CgroupnsMode) IsHost() bool { 23 return c == "host" 24 } 25 26 // IsEmpty indicates whether the container cgroup namespace mode is unset 27 func (c CgroupnsMode) IsEmpty() bool { 28 return c == "" 29 } 30 31 // Valid indicates whether the cgroup namespace mode is valid 32 func (c CgroupnsMode) Valid() bool { 33 return c.IsEmpty() || c.IsPrivate() || c.IsHost() 34 } 35 36 // Isolation represents the isolation technology of a container. The supported 37 // values are platform specific 38 type Isolation string 39 40 // IsDefault indicates the default isolation technology of a container. On Linux this 41 // is the native driver. On Windows, this is a Windows Server Container. 42 func (i Isolation) IsDefault() bool { 43 return strings.ToLower(string(i)) == "default" || string(i) == "" 44 } 45 46 // IsHyperV indicates the use of a Hyper-V partition for isolation 47 func (i Isolation) IsHyperV() bool { 48 return strings.ToLower(string(i)) == "hyperv" 49 } 50 51 // IsProcess indicates the use of process isolation 52 func (i Isolation) IsProcess() bool { 53 return strings.ToLower(string(i)) == "process" 54 } 55 56 const ( 57 // IsolationEmpty is unspecified (same behavior as default) 58 IsolationEmpty = Isolation("") 59 // IsolationDefault is the default isolation mode on current daemon 60 IsolationDefault = Isolation("default") 61 // IsolationProcess is process isolation mode 62 IsolationProcess = Isolation("process") 63 // IsolationHyperV is HyperV isolation mode 64 IsolationHyperV = Isolation("hyperv") 65 ) 66 67 // IpcMode represents the container ipc stack. 68 type IpcMode string 69 70 // IsPrivate indicates whether the container uses its own private ipc namespace which can not be shared. 71 func (n IpcMode) IsPrivate() bool { 72 return n == "private" 73 } 74 75 // IsHost indicates whether the container shares the host's ipc namespace. 76 func (n IpcMode) IsHost() bool { 77 return n == "host" 78 } 79 80 // IsShareable indicates whether the container's ipc namespace can be shared with another container. 81 func (n IpcMode) IsShareable() bool { 82 return n == "shareable" 83 } 84 85 // IsContainer indicates whether the container uses another container's ipc namespace. 86 func (n IpcMode) IsContainer() bool { 87 parts := strings.SplitN(string(n), ":", 2) 88 return len(parts) > 1 && parts[0] == "container" 89 } 90 91 // IsNone indicates whether container IpcMode is set to "none". 92 func (n IpcMode) IsNone() bool { 93 return n == "none" 94 } 95 96 // IsEmpty indicates whether container IpcMode is empty 97 func (n IpcMode) IsEmpty() bool { 98 return n == "" 99 } 100 101 // Valid indicates whether the ipc mode is valid. 102 func (n IpcMode) Valid() bool { 103 return n.IsEmpty() || n.IsNone() || n.IsPrivate() || n.IsHost() || n.IsShareable() || n.IsContainer() 104 } 105 106 // Container returns the name of the container ipc stack is going to be used. 107 func (n IpcMode) Container() string { 108 parts := strings.SplitN(string(n), ":", 2) 109 if len(parts) > 1 && parts[0] == "container" { 110 return parts[1] 111 } 112 return "" 113 } 114 115 // NetworkMode represents the container network stack. 116 type NetworkMode string 117 118 // IsNone indicates whether container isn't using a network stack. 119 func (n NetworkMode) IsNone() bool { 120 return n == "none" 121 } 122 123 // IsDefault indicates whether container uses the default network stack. 124 func (n NetworkMode) IsDefault() bool { 125 return n == "default" 126 } 127 128 // IsPrivate indicates whether container uses its private network stack. 129 func (n NetworkMode) IsPrivate() bool { 130 return !(n.IsHost() || n.IsContainer()) 131 } 132 133 // IsContainer indicates whether container uses a container network stack. 134 func (n NetworkMode) IsContainer() bool { 135 parts := strings.SplitN(string(n), ":", 2) 136 return len(parts) > 1 && parts[0] == "container" 137 } 138 139 // ConnectedContainer is the id of the container which network this container is connected to. 140 func (n NetworkMode) ConnectedContainer() string { 141 parts := strings.SplitN(string(n), ":", 2) 142 if len(parts) > 1 { 143 return parts[1] 144 } 145 return "" 146 } 147 148 // UserDefined indicates user-created network 149 func (n NetworkMode) UserDefined() string { 150 if n.IsUserDefined() { 151 return string(n) 152 } 153 return "" 154 } 155 156 // UsernsMode represents userns mode in the container. 157 type UsernsMode string 158 159 // IsHost indicates whether the container uses the host's userns. 160 func (n UsernsMode) IsHost() bool { 161 return n == "host" 162 } 163 164 // IsPrivate indicates whether the container uses the a private userns. 165 func (n UsernsMode) IsPrivate() bool { 166 return !(n.IsHost()) 167 } 168 169 // Valid indicates whether the userns is valid. 170 func (n UsernsMode) Valid() bool { 171 parts := strings.Split(string(n), ":") 172 switch mode := parts[0]; mode { 173 case "", "host": 174 default: 175 return false 176 } 177 return true 178 } 179 180 // CgroupSpec represents the cgroup to use for the container. 181 type CgroupSpec string 182 183 // IsContainer indicates whether the container is using another container cgroup 184 func (c CgroupSpec) IsContainer() bool { 185 parts := strings.SplitN(string(c), ":", 2) 186 return len(parts) > 1 && parts[0] == "container" 187 } 188 189 // Valid indicates whether the cgroup spec is valid. 190 func (c CgroupSpec) Valid() bool { 191 return c.IsContainer() || c == "" 192 } 193 194 // Container returns the name of the container whose cgroup will be used. 195 func (c CgroupSpec) Container() string { 196 parts := strings.SplitN(string(c), ":", 2) 197 if len(parts) > 1 { 198 return parts[1] 199 } 200 return "" 201 } 202 203 // UTSMode represents the UTS namespace of the container. 204 type UTSMode string 205 206 // IsPrivate indicates whether the container uses its private UTS namespace. 207 func (n UTSMode) IsPrivate() bool { 208 return !(n.IsHost()) 209 } 210 211 // IsHost indicates whether the container uses the host's UTS namespace. 212 func (n UTSMode) IsHost() bool { 213 return n == "host" 214 } 215 216 // Valid indicates whether the UTS namespace is valid. 217 func (n UTSMode) Valid() bool { 218 parts := strings.Split(string(n), ":") 219 switch mode := parts[0]; mode { 220 case "", "host": 221 default: 222 return false 223 } 224 return true 225 } 226 227 // PidMode represents the pid namespace of the container. 228 type PidMode string 229 230 // IsPrivate indicates whether the container uses its own new pid namespace. 231 func (n PidMode) IsPrivate() bool { 232 return !(n.IsHost() || n.IsContainer()) 233 } 234 235 // IsHost indicates whether the container uses the host's pid namespace. 236 func (n PidMode) IsHost() bool { 237 return n == "host" 238 } 239 240 // IsContainer indicates whether the container uses a container's pid namespace. 241 func (n PidMode) IsContainer() bool { 242 parts := strings.SplitN(string(n), ":", 2) 243 return len(parts) > 1 && parts[0] == "container" 244 } 245 246 // Valid indicates whether the pid namespace is valid. 247 func (n PidMode) Valid() bool { 248 parts := strings.Split(string(n), ":") 249 switch mode := parts[0]; mode { 250 case "", "host": 251 case "container": 252 if len(parts) != 2 || parts[1] == "" { 253 return false 254 } 255 default: 256 return false 257 } 258 return true 259 } 260 261 // Container returns the name of the container whose pid namespace is going to be used. 262 func (n PidMode) Container() string { 263 parts := strings.SplitN(string(n), ":", 2) 264 if len(parts) > 1 { 265 return parts[1] 266 } 267 return "" 268 } 269 270 // DeviceRequest represents a request for devices from a device driver. 271 // Used by GPU device drivers. 272 type DeviceRequest struct { 273 Driver string // Name of device driver 274 Count int // Number of devices to request (-1 = All) 275 DeviceIDs []string // List of device IDs as recognizable by the device driver 276 Capabilities [][]string // An OR list of AND lists of device capabilities (e.g. "gpu") 277 Options map[string]string // Options to pass onto the device driver 278 } 279 280 // DeviceMapping represents the device mapping between the host and the container. 281 type DeviceMapping struct { 282 PathOnHost string 283 PathInContainer string 284 CgroupPermissions string 285 } 286 287 // RestartPolicy represents the restart policies of the container. 288 type RestartPolicy struct { 289 Name string 290 MaximumRetryCount int 291 } 292 293 // IsNone indicates whether the container has the "no" restart policy. 294 // This means the container will not automatically restart when exiting. 295 func (rp *RestartPolicy) IsNone() bool { 296 return rp.Name == "no" || rp.Name == "" 297 } 298 299 // IsAlways indicates whether the container has the "always" restart policy. 300 // This means the container will automatically restart regardless of the exit status. 301 func (rp *RestartPolicy) IsAlways() bool { 302 return rp.Name == "always" 303 } 304 305 // IsOnFailure indicates whether the container has the "on-failure" restart policy. 306 // This means the container will automatically restart of exiting with a non-zero exit status. 307 func (rp *RestartPolicy) IsOnFailure() bool { 308 return rp.Name == "on-failure" 309 } 310 311 // IsUnlessStopped indicates whether the container has the 312 // "unless-stopped" restart policy. This means the container will 313 // automatically restart unless user has put it to stopped state. 314 func (rp *RestartPolicy) IsUnlessStopped() bool { 315 return rp.Name == "unless-stopped" 316 } 317 318 // IsSame compares two RestartPolicy to see if they are the same 319 func (rp *RestartPolicy) IsSame(tp *RestartPolicy) bool { 320 return rp.Name == tp.Name && rp.MaximumRetryCount == tp.MaximumRetryCount 321 } 322 323 // LogMode is a type to define the available modes for logging 324 // These modes affect how logs are handled when log messages start piling up. 325 type LogMode string 326 327 // Available logging modes 328 const ( 329 LogModeUnset = "" 330 LogModeBlocking LogMode = "blocking" 331 LogModeNonBlock LogMode = "non-blocking" 332 ) 333 334 // LogConfig represents the logging configuration of the container. 335 type LogConfig struct { 336 Type string 337 Config map[string]string 338 } 339 340 // Resources contains container's resources (cgroups config, ulimits...) 341 type Resources struct { 342 // Applicable to all platforms 343 CPUShares int64 `json:"CpuShares"` // CPU shares (relative weight vs. other containers) 344 Memory int64 // Memory limit (in bytes) 345 NanoCPUs int64 `json:"NanoCpus"` // CPU quota in units of 10<sup>-9</sup> CPUs. 346 347 // Applicable to UNIX platforms 348 CgroupParent string // Parent cgroup. 349 BlkioWeight uint16 // Block IO weight (relative weight vs. other containers) 350 BlkioWeightDevice []*blkiodev.WeightDevice 351 BlkioDeviceReadBps []*blkiodev.ThrottleDevice 352 BlkioDeviceWriteBps []*blkiodev.ThrottleDevice 353 BlkioDeviceReadIOps []*blkiodev.ThrottleDevice 354 BlkioDeviceWriteIOps []*blkiodev.ThrottleDevice 355 CPUPeriod int64 `json:"CpuPeriod"` // CPU CFS (Completely Fair Scheduler) period 356 CPUQuota int64 `json:"CpuQuota"` // CPU CFS (Completely Fair Scheduler) quota 357 CPURealtimePeriod int64 `json:"CpuRealtimePeriod"` // CPU real-time period 358 CPURealtimeRuntime int64 `json:"CpuRealtimeRuntime"` // CPU real-time runtime 359 CpusetCpus string // CpusetCpus 0-2, 0,1 360 CpusetMems string // CpusetMems 0-2, 0,1 361 Devices []DeviceMapping // List of devices to map inside the container 362 DeviceCgroupRules []string // List of rule to be added to the device cgroup 363 DeviceRequests []DeviceRequest // List of device requests for device drivers 364 KernelMemory int64 // Kernel memory limit (in bytes) 365 KernelMemoryTCP int64 // Hard limit for kernel TCP buffer memory (in bytes) 366 MemoryReservation int64 // Memory soft limit (in bytes) 367 MemorySwap int64 // Total memory usage (memory + swap); set `-1` to enable unlimited swap 368 MemorySwappiness *int64 // Tuning container memory swappiness behaviour 369 OomKillDisable *bool // Whether to disable OOM Killer or not 370 PidsLimit *int64 // Setting PIDs limit for a container; Set `0` or `-1` for unlimited, or `null` to not change. 371 Ulimits []*units.Ulimit // List of ulimits to be set in the container 372 373 // Applicable to Windows 374 CPUCount int64 `json:"CpuCount"` // CPU count 375 CPUPercent int64 `json:"CpuPercent"` // CPU percent 376 IOMaximumIOps uint64 // Maximum IOps for the container system drive 377 IOMaximumBandwidth uint64 // Maximum IO in bytes per second for the container system drive 378 } 379 380 // UpdateConfig holds the mutable attributes of a Container. 381 // Those attributes can be updated at runtime. 382 type UpdateConfig struct { 383 // Contains container's resources (cgroups, ulimits) 384 Resources 385 RestartPolicy RestartPolicy 386 } 387 388 // HostConfig the non-portable Config structure of a container. 389 // Here, "non-portable" means "dependent of the host we are running on". 390 // Portable information *should* appear in Config. 391 type HostConfig struct { 392 // Applicable to all platforms 393 Binds []string // List of volume bindings for this container 394 ContainerIDFile string // File (path) where the containerId is written 395 LogConfig LogConfig // Configuration of the logs for this container 396 NetworkMode NetworkMode // Network mode to use for the container 397 PortBindings nat.PortMap // Port mapping between the exposed port (container) and the host 398 RestartPolicy RestartPolicy // Restart policy to be used for the container 399 AutoRemove bool // Automatically remove container when it exits 400 VolumeDriver string // Name of the volume driver used to mount volumes 401 VolumesFrom []string // List of volumes to take from other container 402 403 // Applicable to UNIX platforms 404 CapAdd strslice.StrSlice // List of kernel capabilities to add to the container 405 CapDrop strslice.StrSlice // List of kernel capabilities to remove from the container 406 Capabilities []string `json:"Capabilities"` // List of kernel capabilities to be available for container (this overrides the default set) 407 CgroupnsMode CgroupnsMode // Cgroup namespace mode to use for the container 408 DNS []string `json:"Dns"` // List of DNS server to lookup 409 DNSOptions []string `json:"DnsOptions"` // List of DNSOption to look for 410 DNSSearch []string `json:"DnsSearch"` // List of DNSSearch to look for 411 ExtraHosts []string // List of extra hosts 412 GroupAdd []string // List of additional groups that the container process will run as 413 IpcMode IpcMode // IPC namespace to use for the container 414 Cgroup CgroupSpec // Cgroup to use for the container 415 Links []string // List of links (in the name:alias form) 416 OomScoreAdj int // Container preference for OOM-killing 417 PidMode PidMode // PID namespace to use for the container 418 Privileged bool // Is the container in privileged mode 419 PublishAllPorts bool // Should docker publish all exposed port for the container 420 ReadonlyRootfs bool // Is the container root filesystem in read-only 421 SecurityOpt []string // List of string values to customize labels for MLS systems, such as SELinux. 422 StorageOpt map[string]string `json:",omitempty"` // Storage driver options per container. 423 Tmpfs map[string]string `json:",omitempty"` // List of tmpfs (mounts) used for the container 424 UTSMode UTSMode // UTS namespace to use for the container 425 UsernsMode UsernsMode // The user namespace to use for the container 426 ShmSize int64 // Total shm memory usage 427 Sysctls map[string]string `json:",omitempty"` // List of Namespaced sysctls used for the container 428 Runtime string `json:",omitempty"` // Runtime to use with this container 429 430 // Applicable to Windows 431 ConsoleSize [2]uint // Initial console size (height,width) 432 Isolation Isolation // Isolation technology of the container (e.g. default, hyperv) 433 434 // Contains container's resources (cgroups, ulimits) 435 Resources 436 437 // Mounts specs used by the container 438 Mounts []mount.Mount `json:",omitempty"` 439 440 // MaskedPaths is the list of paths to be masked inside the container (this overrides the default set of paths) 441 MaskedPaths []string 442 443 // ReadonlyPaths is the list of paths to be set as read-only inside the container (this overrides the default set of paths) 444 ReadonlyPaths []string 445 446 // Run a custom init inside the container, if null, use the daemon's configured settings 447 Init *bool `json:",omitempty"` 448 }