github.com/dougm/docker@v1.5.0/daemon/daemon.go (about) 1 package daemon 2 3 import ( 4 "bytes" 5 "fmt" 6 "io" 7 "io/ioutil" 8 "os" 9 "path" 10 "path/filepath" 11 "regexp" 12 "runtime" 13 "strings" 14 "sync" 15 "time" 16 17 "github.com/docker/libcontainer/label" 18 19 log "github.com/Sirupsen/logrus" 20 "github.com/docker/docker/api" 21 "github.com/docker/docker/daemon/execdriver" 22 "github.com/docker/docker/daemon/execdriver/execdrivers" 23 "github.com/docker/docker/daemon/execdriver/lxc" 24 "github.com/docker/docker/daemon/graphdriver" 25 _ "github.com/docker/docker/daemon/graphdriver/vfs" 26 _ "github.com/docker/docker/daemon/networkdriver/bridge" 27 "github.com/docker/docker/daemon/networkdriver/portallocator" 28 "github.com/docker/docker/dockerversion" 29 "github.com/docker/docker/engine" 30 "github.com/docker/docker/graph" 31 "github.com/docker/docker/image" 32 "github.com/docker/docker/pkg/archive" 33 "github.com/docker/docker/pkg/broadcastwriter" 34 "github.com/docker/docker/pkg/graphdb" 35 "github.com/docker/docker/pkg/ioutils" 36 "github.com/docker/docker/pkg/namesgenerator" 37 "github.com/docker/docker/pkg/networkfs/resolvconf" 38 "github.com/docker/docker/pkg/parsers" 39 "github.com/docker/docker/pkg/parsers/kernel" 40 "github.com/docker/docker/pkg/sysinfo" 41 "github.com/docker/docker/pkg/truncindex" 42 "github.com/docker/docker/runconfig" 43 "github.com/docker/docker/trust" 44 "github.com/docker/docker/utils" 45 "github.com/docker/docker/volumes" 46 47 "github.com/go-fsnotify/fsnotify" 48 ) 49 50 var ( 51 validContainerNameChars = `[a-zA-Z0-9][a-zA-Z0-9_.-]` 52 validContainerNamePattern = regexp.MustCompile(`^/?` + validContainerNameChars + `+$`) 53 ) 54 55 type contStore struct { 56 s map[string]*Container 57 sync.Mutex 58 } 59 60 func (c *contStore) Add(id string, cont *Container) { 61 c.Lock() 62 c.s[id] = cont 63 c.Unlock() 64 } 65 66 func (c *contStore) Get(id string) *Container { 67 c.Lock() 68 res := c.s[id] 69 c.Unlock() 70 return res 71 } 72 73 func (c *contStore) Delete(id string) { 74 c.Lock() 75 delete(c.s, id) 76 c.Unlock() 77 } 78 79 func (c *contStore) List() []*Container { 80 containers := new(History) 81 c.Lock() 82 for _, cont := range c.s { 83 containers.Add(cont) 84 } 85 c.Unlock() 86 containers.Sort() 87 return *containers 88 } 89 90 type Daemon struct { 91 ID string 92 repository string 93 sysInitPath string 94 containers *contStore 95 execCommands *execStore 96 graph *graph.Graph 97 repositories *graph.TagStore 98 idIndex *truncindex.TruncIndex 99 sysInfo *sysinfo.SysInfo 100 volumes *volumes.Repository 101 eng *engine.Engine 102 config *Config 103 containerGraph *graphdb.Database 104 driver graphdriver.Driver 105 execDriver execdriver.Driver 106 trustStore *trust.TrustStore 107 statsCollector *statsCollector 108 } 109 110 // Install installs daemon capabilities to eng. 111 func (daemon *Daemon) Install(eng *engine.Engine) error { 112 // FIXME: remove ImageDelete's dependency on Daemon, then move to graph/ 113 for name, method := range map[string]engine.Handler{ 114 "attach": daemon.ContainerAttach, 115 "commit": daemon.ContainerCommit, 116 "container_changes": daemon.ContainerChanges, 117 "container_copy": daemon.ContainerCopy, 118 "container_rename": daemon.ContainerRename, 119 "container_inspect": daemon.ContainerInspect, 120 "container_stats": daemon.ContainerStats, 121 "containers": daemon.Containers, 122 "create": daemon.ContainerCreate, 123 "rm": daemon.ContainerRm, 124 "export": daemon.ContainerExport, 125 "info": daemon.CmdInfo, 126 "kill": daemon.ContainerKill, 127 "logs": daemon.ContainerLogs, 128 "pause": daemon.ContainerPause, 129 "resize": daemon.ContainerResize, 130 "restart": daemon.ContainerRestart, 131 "start": daemon.ContainerStart, 132 "stop": daemon.ContainerStop, 133 "top": daemon.ContainerTop, 134 "unpause": daemon.ContainerUnpause, 135 "wait": daemon.ContainerWait, 136 "image_delete": daemon.ImageDelete, // FIXME: see above 137 "execCreate": daemon.ContainerExecCreate, 138 "execStart": daemon.ContainerExecStart, 139 "execResize": daemon.ContainerExecResize, 140 "execInspect": daemon.ContainerExecInspect, 141 } { 142 if err := eng.Register(name, method); err != nil { 143 return err 144 } 145 } 146 if err := daemon.Repositories().Install(eng); err != nil { 147 return err 148 } 149 if err := daemon.trustStore.Install(eng); err != nil { 150 return err 151 } 152 // FIXME: this hack is necessary for legacy integration tests to access 153 // the daemon object. 154 eng.Hack_SetGlobalVar("httpapi.daemon", daemon) 155 return nil 156 } 157 158 // Get looks for a container by the specified ID or name, and returns it. 159 // If the container is not found, or if an error occurs, nil is returned. 160 func (daemon *Daemon) Get(name string) *Container { 161 id, err := daemon.idIndex.Get(name) 162 if err == nil { 163 return daemon.containers.Get(id) 164 } 165 166 if c, _ := daemon.GetByName(name); c != nil { 167 return c 168 } 169 170 if err == truncindex.ErrDuplicateID { 171 log.Errorf("Short ID %s is ambiguous: please retry with more characters or use the full ID.\n", name) 172 } 173 return nil 174 } 175 176 // Exists returns a true if a container of the specified ID or name exists, 177 // false otherwise. 178 func (daemon *Daemon) Exists(id string) bool { 179 return daemon.Get(id) != nil 180 } 181 182 func (daemon *Daemon) containerRoot(id string) string { 183 return path.Join(daemon.repository, id) 184 } 185 186 // Load reads the contents of a container from disk 187 // This is typically done at startup. 188 func (daemon *Daemon) load(id string) (*Container, error) { 189 container := &Container{ 190 root: daemon.containerRoot(id), 191 State: NewState(), 192 execCommands: newExecStore(), 193 } 194 if err := container.FromDisk(); err != nil { 195 return nil, err 196 } 197 198 if container.ID != id { 199 return container, fmt.Errorf("Container %s is stored at %s", container.ID, id) 200 } 201 202 container.readHostConfig() 203 204 return container, nil 205 } 206 207 // Register makes a container object usable by the daemon as <container.ID> 208 // This is a wrapper for register 209 func (daemon *Daemon) Register(container *Container) error { 210 return daemon.register(container, true) 211 } 212 213 // register makes a container object usable by the daemon as <container.ID> 214 func (daemon *Daemon) register(container *Container, updateSuffixarray bool) error { 215 if container.daemon != nil || daemon.Exists(container.ID) { 216 return fmt.Errorf("Container is already loaded") 217 } 218 if err := validateID(container.ID); err != nil { 219 return err 220 } 221 if err := daemon.ensureName(container); err != nil { 222 return err 223 } 224 225 container.daemon = daemon 226 227 // Attach to stdout and stderr 228 container.stderr = broadcastwriter.New() 229 container.stdout = broadcastwriter.New() 230 // Attach to stdin 231 if container.Config.OpenStdin { 232 container.stdin, container.stdinPipe = io.Pipe() 233 } else { 234 container.stdinPipe = ioutils.NopWriteCloser(ioutil.Discard) // Silently drop stdin 235 } 236 // done 237 daemon.containers.Add(container.ID, container) 238 239 // don't update the Suffixarray if we're starting up 240 // we'll waste time if we update it for every container 241 daemon.idIndex.Add(container.ID) 242 243 container.registerVolumes() 244 245 // FIXME: if the container is supposed to be running but is not, auto restart it? 246 // if so, then we need to restart monitor and init a new lock 247 // If the container is supposed to be running, make sure of it 248 if container.IsRunning() { 249 log.Debugf("killing old running container %s", container.ID) 250 251 existingPid := container.Pid 252 container.SetStopped(&execdriver.ExitStatus{ExitCode: 0}) 253 254 // We only have to handle this for lxc because the other drivers will ensure that 255 // no processes are left when docker dies 256 if container.ExecDriver == "" || strings.Contains(container.ExecDriver, "lxc") { 257 lxc.KillLxc(container.ID, 9) 258 } else { 259 // use the current driver and ensure that the container is dead x.x 260 cmd := &execdriver.Command{ 261 ID: container.ID, 262 } 263 var err error 264 cmd.ProcessConfig.Process, err = os.FindProcess(existingPid) 265 if err != nil { 266 log.Debugf("cannot find existing process for %d", existingPid) 267 } 268 daemon.execDriver.Terminate(cmd) 269 } 270 271 if err := container.Unmount(); err != nil { 272 log.Debugf("unmount error %s", err) 273 } 274 if err := container.ToDisk(); err != nil { 275 log.Debugf("saving stopped state to disk %s", err) 276 } 277 278 info := daemon.execDriver.Info(container.ID) 279 if !info.IsRunning() { 280 log.Debugf("Container %s was supposed to be running but is not.", container.ID) 281 282 log.Debugf("Marking as stopped") 283 284 container.SetStopped(&execdriver.ExitStatus{ExitCode: -127}) 285 if err := container.ToDisk(); err != nil { 286 return err 287 } 288 } 289 } 290 return nil 291 } 292 293 func (daemon *Daemon) ensureName(container *Container) error { 294 if container.Name == "" { 295 name, err := daemon.generateNewName(container.ID) 296 if err != nil { 297 return err 298 } 299 container.Name = name 300 301 if err := container.ToDisk(); err != nil { 302 log.Debugf("Error saving container name %s", err) 303 } 304 } 305 return nil 306 } 307 308 func (daemon *Daemon) LogToDisk(src *broadcastwriter.BroadcastWriter, dst, stream string) error { 309 log, err := os.OpenFile(dst, os.O_RDWR|os.O_APPEND|os.O_CREATE, 0600) 310 if err != nil { 311 return err 312 } 313 src.AddWriter(log, stream) 314 return nil 315 } 316 317 func (daemon *Daemon) restore() error { 318 var ( 319 debug = (os.Getenv("DEBUG") != "" || os.Getenv("TEST") != "") 320 containers = make(map[string]*Container) 321 currentDriver = daemon.driver.String() 322 ) 323 324 if !debug { 325 log.Infof("Loading containers: start.") 326 } 327 dir, err := ioutil.ReadDir(daemon.repository) 328 if err != nil { 329 return err 330 } 331 332 for _, v := range dir { 333 id := v.Name() 334 container, err := daemon.load(id) 335 if !debug { 336 fmt.Print(".") 337 } 338 if err != nil { 339 log.Errorf("Failed to load container %v: %v", id, err) 340 continue 341 } 342 343 // Ignore the container if it does not support the current driver being used by the graph 344 if (container.Driver == "" && currentDriver == "aufs") || container.Driver == currentDriver { 345 log.Debugf("Loaded container %v", container.ID) 346 347 containers[container.ID] = container 348 } else { 349 log.Debugf("Cannot load container %s because it was created with another graph driver.", container.ID) 350 } 351 } 352 353 registeredContainers := []*Container{} 354 355 if entities := daemon.containerGraph.List("/", -1); entities != nil { 356 for _, p := range entities.Paths() { 357 if !debug { 358 fmt.Print(".") 359 } 360 361 e := entities[p] 362 363 if container, ok := containers[e.ID()]; ok { 364 if err := daemon.register(container, false); err != nil { 365 log.Debugf("Failed to register container %s: %s", container.ID, err) 366 } 367 368 registeredContainers = append(registeredContainers, container) 369 370 // delete from the map so that a new name is not automatically generated 371 delete(containers, e.ID()) 372 } 373 } 374 } 375 376 // Any containers that are left over do not exist in the graph 377 for _, container := range containers { 378 // Try to set the default name for a container if it exists prior to links 379 container.Name, err = daemon.generateNewName(container.ID) 380 if err != nil { 381 log.Debugf("Setting default id - %s", err) 382 } 383 384 if err := daemon.register(container, false); err != nil { 385 log.Debugf("Failed to register container %s: %s", container.ID, err) 386 } 387 388 registeredContainers = append(registeredContainers, container) 389 } 390 391 // check the restart policy on the containers and restart any container with 392 // the restart policy of "always" 393 if daemon.config.AutoRestart { 394 log.Debugf("Restarting containers...") 395 396 for _, container := range registeredContainers { 397 if container.hostConfig.RestartPolicy.Name == "always" || 398 (container.hostConfig.RestartPolicy.Name == "on-failure" && container.ExitCode != 0) { 399 log.Debugf("Starting container %s", container.ID) 400 401 if err := container.Start(); err != nil { 402 log.Debugf("Failed to start container %s: %s", container.ID, err) 403 } 404 } 405 } 406 } 407 408 if !debug { 409 fmt.Println() 410 log.Infof("Loading containers: done.") 411 } 412 413 return nil 414 } 415 416 // set up the watch on the host's /etc/resolv.conf so that we can update container's 417 // live resolv.conf when the network changes on the host 418 func (daemon *Daemon) setupResolvconfWatcher() error { 419 420 watcher, err := fsnotify.NewWatcher() 421 if err != nil { 422 return err 423 } 424 425 //this goroutine listens for the events on the watch we add 426 //on the resolv.conf file on the host 427 go func() { 428 for { 429 select { 430 case event := <-watcher.Events: 431 if event.Op&fsnotify.Write == fsnotify.Write { 432 // verify a real change happened before we go further--a file write may have happened 433 // without an actual change to the file 434 updatedResolvConf, newResolvConfHash, err := resolvconf.GetIfChanged() 435 if err != nil { 436 log.Debugf("Error retrieving updated host resolv.conf: %v", err) 437 } else if updatedResolvConf != nil { 438 // because the new host resolv.conf might have localhost nameservers.. 439 updatedResolvConf, modified := resolvconf.FilterResolvDns(updatedResolvConf, daemon.config.EnableIPv6) 440 if modified { 441 // changes have occurred during localhost cleanup: generate an updated hash 442 newHash, err := utils.HashData(bytes.NewReader(updatedResolvConf)) 443 if err != nil { 444 log.Debugf("Error generating hash of new resolv.conf: %v", err) 445 } else { 446 newResolvConfHash = newHash 447 } 448 } 449 log.Debugf("host network resolv.conf changed--walking container list for updates") 450 contList := daemon.containers.List() 451 for _, container := range contList { 452 if err := container.updateResolvConf(updatedResolvConf, newResolvConfHash); err != nil { 453 log.Debugf("Error on resolv.conf update check for container ID: %s: %v", container.ID, err) 454 } 455 } 456 } 457 } 458 case err := <-watcher.Errors: 459 log.Debugf("host resolv.conf notify error: %v", err) 460 } 461 } 462 }() 463 464 if err := watcher.Add("/etc/resolv.conf"); err != nil { 465 return err 466 } 467 return nil 468 } 469 470 func (daemon *Daemon) checkDeprecatedExpose(config *runconfig.Config) bool { 471 if config != nil { 472 if config.PortSpecs != nil { 473 for _, p := range config.PortSpecs { 474 if strings.Contains(p, ":") { 475 return true 476 } 477 } 478 } 479 } 480 return false 481 } 482 483 func (daemon *Daemon) mergeAndVerifyConfig(config *runconfig.Config, img *image.Image) ([]string, error) { 484 warnings := []string{} 485 if (img != nil && daemon.checkDeprecatedExpose(img.Config)) || daemon.checkDeprecatedExpose(config) { 486 warnings = append(warnings, "The mapping to public ports on your host via Dockerfile EXPOSE (host:port:port) has been deprecated. Use -p to publish the ports.") 487 } 488 if img != nil && img.Config != nil { 489 if err := runconfig.Merge(config, img.Config); err != nil { 490 return nil, err 491 } 492 } 493 if len(config.Entrypoint) == 0 && len(config.Cmd) == 0 { 494 return nil, fmt.Errorf("No command specified") 495 } 496 return warnings, nil 497 } 498 499 func (daemon *Daemon) generateIdAndName(name string) (string, string, error) { 500 var ( 501 err error 502 id = utils.GenerateRandomID() 503 ) 504 505 if name == "" { 506 if name, err = daemon.generateNewName(id); err != nil { 507 return "", "", err 508 } 509 return id, name, nil 510 } 511 512 if name, err = daemon.reserveName(id, name); err != nil { 513 return "", "", err 514 } 515 516 return id, name, nil 517 } 518 519 func (daemon *Daemon) reserveName(id, name string) (string, error) { 520 if !validContainerNamePattern.MatchString(name) { 521 return "", fmt.Errorf("Invalid container name (%s), only %s are allowed", name, validContainerNameChars) 522 } 523 524 if name[0] != '/' { 525 name = "/" + name 526 } 527 528 if _, err := daemon.containerGraph.Set(name, id); err != nil { 529 if !graphdb.IsNonUniqueNameError(err) { 530 return "", err 531 } 532 533 conflictingContainer, err := daemon.GetByName(name) 534 if err != nil { 535 if strings.Contains(err.Error(), "Could not find entity") { 536 return "", err 537 } 538 539 // Remove name and continue starting the container 540 if err := daemon.containerGraph.Delete(name); err != nil { 541 return "", err 542 } 543 } else { 544 nameAsKnownByUser := strings.TrimPrefix(name, "/") 545 return "", fmt.Errorf( 546 "Conflict. The name %q is already in use by container %s. You have to delete (or rename) that container to be able to reuse that name.", nameAsKnownByUser, 547 utils.TruncateID(conflictingContainer.ID)) 548 } 549 } 550 return name, nil 551 } 552 553 func (daemon *Daemon) generateNewName(id string) (string, error) { 554 var name string 555 for i := 0; i < 6; i++ { 556 name = namesgenerator.GetRandomName(i) 557 if name[0] != '/' { 558 name = "/" + name 559 } 560 561 if _, err := daemon.containerGraph.Set(name, id); err != nil { 562 if !graphdb.IsNonUniqueNameError(err) { 563 return "", err 564 } 565 continue 566 } 567 return name, nil 568 } 569 570 name = "/" + utils.TruncateID(id) 571 if _, err := daemon.containerGraph.Set(name, id); err != nil { 572 return "", err 573 } 574 return name, nil 575 } 576 577 func (daemon *Daemon) generateHostname(id string, config *runconfig.Config) { 578 // Generate default hostname 579 // FIXME: the lxc template no longer needs to set a default hostname 580 if config.Hostname == "" { 581 config.Hostname = id[:12] 582 } 583 } 584 585 func (daemon *Daemon) getEntrypointAndArgs(configEntrypoint, configCmd []string) (string, []string) { 586 var ( 587 entrypoint string 588 args []string 589 ) 590 if len(configEntrypoint) != 0 { 591 entrypoint = configEntrypoint[0] 592 args = append(configEntrypoint[1:], configCmd...) 593 } else { 594 entrypoint = configCmd[0] 595 args = configCmd[1:] 596 } 597 return entrypoint, args 598 } 599 600 func parseSecurityOpt(container *Container, config *runconfig.HostConfig) error { 601 var ( 602 labelOpts []string 603 err error 604 ) 605 606 for _, opt := range config.SecurityOpt { 607 con := strings.SplitN(opt, ":", 2) 608 if len(con) == 1 { 609 return fmt.Errorf("Invalid --security-opt: %q", opt) 610 } 611 switch con[0] { 612 case "label": 613 labelOpts = append(labelOpts, con[1]) 614 case "apparmor": 615 container.AppArmorProfile = con[1] 616 default: 617 return fmt.Errorf("Invalid --security-opt: %q", opt) 618 } 619 } 620 621 container.ProcessLabel, container.MountLabel, err = label.InitLabels(labelOpts) 622 return err 623 } 624 625 func (daemon *Daemon) newContainer(name string, config *runconfig.Config, imgID string) (*Container, error) { 626 var ( 627 id string 628 err error 629 ) 630 id, name, err = daemon.generateIdAndName(name) 631 if err != nil { 632 return nil, err 633 } 634 635 daemon.generateHostname(id, config) 636 entrypoint, args := daemon.getEntrypointAndArgs(config.Entrypoint, config.Cmd) 637 638 container := &Container{ 639 // FIXME: we should generate the ID here instead of receiving it as an argument 640 ID: id, 641 Created: time.Now().UTC(), 642 Path: entrypoint, 643 Args: args, //FIXME: de-duplicate from config 644 Config: config, 645 hostConfig: &runconfig.HostConfig{}, 646 ImageID: imgID, 647 NetworkSettings: &NetworkSettings{}, 648 Name: name, 649 Driver: daemon.driver.String(), 650 ExecDriver: daemon.execDriver.Name(), 651 State: NewState(), 652 execCommands: newExecStore(), 653 } 654 container.root = daemon.containerRoot(container.ID) 655 return container, err 656 } 657 658 func (daemon *Daemon) createRootfs(container *Container) error { 659 // Step 1: create the container directory. 660 // This doubles as a barrier to avoid race conditions. 661 if err := os.Mkdir(container.root, 0700); err != nil { 662 return err 663 } 664 initID := fmt.Sprintf("%s-init", container.ID) 665 if err := daemon.driver.Create(initID, container.ImageID); err != nil { 666 return err 667 } 668 initPath, err := daemon.driver.Get(initID, "") 669 if err != nil { 670 return err 671 } 672 defer daemon.driver.Put(initID) 673 674 if err := graph.SetupInitLayer(initPath); err != nil { 675 return err 676 } 677 678 if err := daemon.driver.Create(container.ID, initID); err != nil { 679 return err 680 } 681 return nil 682 } 683 684 func GetFullContainerName(name string) (string, error) { 685 if name == "" { 686 return "", fmt.Errorf("Container name cannot be empty") 687 } 688 if name[0] != '/' { 689 name = "/" + name 690 } 691 return name, nil 692 } 693 694 func (daemon *Daemon) GetByName(name string) (*Container, error) { 695 fullName, err := GetFullContainerName(name) 696 if err != nil { 697 return nil, err 698 } 699 entity := daemon.containerGraph.Get(fullName) 700 if entity == nil { 701 return nil, fmt.Errorf("Could not find entity for %s", name) 702 } 703 e := daemon.containers.Get(entity.ID()) 704 if e == nil { 705 return nil, fmt.Errorf("Could not find container for entity id %s", entity.ID()) 706 } 707 return e, nil 708 } 709 710 func (daemon *Daemon) Children(name string) (map[string]*Container, error) { 711 name, err := GetFullContainerName(name) 712 if err != nil { 713 return nil, err 714 } 715 children := make(map[string]*Container) 716 717 err = daemon.containerGraph.Walk(name, func(p string, e *graphdb.Entity) error { 718 c := daemon.Get(e.ID()) 719 if c == nil { 720 return fmt.Errorf("Could not get container for name %s and id %s", e.ID(), p) 721 } 722 children[p] = c 723 return nil 724 }, 0) 725 726 if err != nil { 727 return nil, err 728 } 729 return children, nil 730 } 731 732 func (daemon *Daemon) Parents(name string) ([]string, error) { 733 name, err := GetFullContainerName(name) 734 if err != nil { 735 return nil, err 736 } 737 738 return daemon.containerGraph.Parents(name) 739 } 740 741 func (daemon *Daemon) RegisterLink(parent, child *Container, alias string) error { 742 fullName := path.Join(parent.Name, alias) 743 if !daemon.containerGraph.Exists(fullName) { 744 _, err := daemon.containerGraph.Set(fullName, child.ID) 745 return err 746 } 747 return nil 748 } 749 750 func (daemon *Daemon) RegisterLinks(container *Container, hostConfig *runconfig.HostConfig) error { 751 if hostConfig != nil && hostConfig.Links != nil { 752 for _, l := range hostConfig.Links { 753 parts, err := parsers.PartParser("name:alias", l) 754 if err != nil { 755 return err 756 } 757 child := daemon.Get(parts["name"]) 758 if child == nil { 759 return fmt.Errorf("Could not get container for %s", parts["name"]) 760 } 761 if child.hostConfig.NetworkMode.IsHost() { 762 return runconfig.ErrConflictHostNetworkAndLinks 763 } 764 if err := daemon.RegisterLink(container, child, parts["alias"]); err != nil { 765 return err 766 } 767 } 768 769 // After we load all the links into the daemon 770 // set them to nil on the hostconfig 771 hostConfig.Links = nil 772 if err := container.WriteHostConfig(); err != nil { 773 return err 774 } 775 } 776 return nil 777 } 778 779 // FIXME: harmonize with NewGraph() 780 func NewDaemon(config *Config, eng *engine.Engine) (*Daemon, error) { 781 daemon, err := NewDaemonFromDirectory(config, eng) 782 if err != nil { 783 return nil, err 784 } 785 return daemon, nil 786 } 787 788 func NewDaemonFromDirectory(config *Config, eng *engine.Engine) (*Daemon, error) { 789 if config.Mtu == 0 { 790 config.Mtu = getDefaultNetworkMtu() 791 } 792 // Check for mutually incompatible config options 793 if config.BridgeIface != "" && config.BridgeIP != "" { 794 return nil, fmt.Errorf("You specified -b & --bip, mutually exclusive options. Please specify only one.") 795 } 796 if !config.EnableIptables && !config.InterContainerCommunication { 797 return nil, fmt.Errorf("You specified --iptables=false with --icc=false. ICC uses iptables to function. Please set --icc or --iptables to true.") 798 } 799 if !config.EnableIptables && config.EnableIpMasq { 800 config.EnableIpMasq = false 801 } 802 config.DisableNetwork = config.BridgeIface == disableNetworkBridge 803 804 // Claim the pidfile first, to avoid any and all unexpected race conditions. 805 // Some of the init doesn't need a pidfile lock - but let's not try to be smart. 806 if config.Pidfile != "" { 807 if err := utils.CreatePidFile(config.Pidfile); err != nil { 808 return nil, err 809 } 810 eng.OnShutdown(func() { 811 // Always release the pidfile last, just in case 812 utils.RemovePidFile(config.Pidfile) 813 }) 814 } 815 816 // Check that the system is supported and we have sufficient privileges 817 if runtime.GOOS != "linux" { 818 return nil, fmt.Errorf("The Docker daemon is only supported on linux") 819 } 820 if os.Geteuid() != 0 { 821 return nil, fmt.Errorf("The Docker daemon needs to be run as root") 822 } 823 if err := checkKernel(); err != nil { 824 return nil, err 825 } 826 827 // set up the TempDir to use a canonical path 828 tmp, err := utils.TempDir(config.Root) 829 if err != nil { 830 return nil, fmt.Errorf("Unable to get the TempDir under %s: %s", config.Root, err) 831 } 832 realTmp, err := utils.ReadSymlinkedDirectory(tmp) 833 if err != nil { 834 return nil, fmt.Errorf("Unable to get the full path to the TempDir (%s): %s", tmp, err) 835 } 836 os.Setenv("TMPDIR", realTmp) 837 if !config.EnableSelinuxSupport { 838 selinuxSetDisabled() 839 } 840 841 // get the canonical path to the Docker root directory 842 var realRoot string 843 if _, err := os.Stat(config.Root); err != nil && os.IsNotExist(err) { 844 realRoot = config.Root 845 } else { 846 realRoot, err = utils.ReadSymlinkedDirectory(config.Root) 847 if err != nil { 848 return nil, fmt.Errorf("Unable to get the full path to root (%s): %s", config.Root, err) 849 } 850 } 851 config.Root = realRoot 852 // Create the root directory if it doesn't exists 853 if err := os.MkdirAll(config.Root, 0700); err != nil && !os.IsExist(err) { 854 return nil, err 855 } 856 857 // Set the default driver 858 graphdriver.DefaultDriver = config.GraphDriver 859 860 // Load storage driver 861 driver, err := graphdriver.New(config.Root, config.GraphOptions) 862 if err != nil { 863 return nil, err 864 } 865 log.Debugf("Using graph driver %s", driver) 866 867 // As Docker on btrfs and SELinux are incompatible at present, error on both being enabled 868 if selinuxEnabled() && config.EnableSelinuxSupport && driver.String() == "btrfs" { 869 return nil, fmt.Errorf("SELinux is not supported with the BTRFS graph driver!") 870 } 871 872 daemonRepo := path.Join(config.Root, "containers") 873 874 if err := os.MkdirAll(daemonRepo, 0700); err != nil && !os.IsExist(err) { 875 return nil, err 876 } 877 878 // Migrate the container if it is aufs and aufs is enabled 879 if err = migrateIfAufs(driver, config.Root); err != nil { 880 return nil, err 881 } 882 883 log.Debugf("Creating images graph") 884 g, err := graph.NewGraph(path.Join(config.Root, "graph"), driver) 885 if err != nil { 886 return nil, err 887 } 888 889 volumesDriver, err := graphdriver.GetDriver("vfs", config.Root, config.GraphOptions) 890 if err != nil { 891 return nil, err 892 } 893 894 volumes, err := volumes.NewRepository(filepath.Join(config.Root, "volumes"), volumesDriver) 895 if err != nil { 896 return nil, err 897 } 898 899 trustKey, err := api.LoadOrCreateTrustKey(config.TrustKeyPath) 900 if err != nil { 901 return nil, err 902 } 903 904 log.Debugf("Creating repository list") 905 repositories, err := graph.NewTagStore(path.Join(config.Root, "repositories-"+driver.String()), g, trustKey) 906 if err != nil { 907 return nil, fmt.Errorf("Couldn't create Tag store: %s", err) 908 } 909 910 trustDir := path.Join(config.Root, "trust") 911 if err := os.MkdirAll(trustDir, 0700); err != nil && !os.IsExist(err) { 912 return nil, err 913 } 914 t, err := trust.NewTrustStore(trustDir) 915 if err != nil { 916 return nil, fmt.Errorf("could not create trust store: %s", err) 917 } 918 919 if !config.DisableNetwork { 920 job := eng.Job("init_networkdriver") 921 922 job.SetenvBool("EnableIptables", config.EnableIptables) 923 job.SetenvBool("InterContainerCommunication", config.InterContainerCommunication) 924 job.SetenvBool("EnableIpForward", config.EnableIpForward) 925 job.SetenvBool("EnableIpMasq", config.EnableIpMasq) 926 job.SetenvBool("EnableIPv6", config.EnableIPv6) 927 job.Setenv("BridgeIface", config.BridgeIface) 928 job.Setenv("BridgeIP", config.BridgeIP) 929 job.Setenv("FixedCIDR", config.FixedCIDR) 930 job.Setenv("FixedCIDRv6", config.FixedCIDRv6) 931 job.Setenv("DefaultBindingIP", config.DefaultIp.String()) 932 933 if err := job.Run(); err != nil { 934 return nil, err 935 } 936 } 937 938 graphdbPath := path.Join(config.Root, "linkgraph.db") 939 graph, err := graphdb.NewSqliteConn(graphdbPath) 940 if err != nil { 941 return nil, err 942 } 943 944 localCopy := path.Join(config.Root, "init", fmt.Sprintf("dockerinit-%s", dockerversion.VERSION)) 945 sysInitPath := utils.DockerInitPath(localCopy) 946 if sysInitPath == "" { 947 return nil, fmt.Errorf("Could not locate dockerinit: This usually means docker was built incorrectly. See http://docs.docker.com/contributing/devenvironment for official build instructions.") 948 } 949 950 if sysInitPath != localCopy { 951 // When we find a suitable dockerinit binary (even if it's our local binary), we copy it into config.Root at localCopy for future use (so that the original can go away without that being a problem, for example during a package upgrade). 952 if err := os.Mkdir(path.Dir(localCopy), 0700); err != nil && !os.IsExist(err) { 953 return nil, err 954 } 955 if _, err := utils.CopyFile(sysInitPath, localCopy); err != nil { 956 return nil, err 957 } 958 if err := os.Chmod(localCopy, 0700); err != nil { 959 return nil, err 960 } 961 sysInitPath = localCopy 962 } 963 964 sysInfo := sysinfo.New(false) 965 ed, err := execdrivers.NewDriver(config.ExecDriver, config.Root, sysInitPath, sysInfo) 966 if err != nil { 967 return nil, err 968 } 969 970 daemon := &Daemon{ 971 ID: trustKey.PublicKey().KeyID(), 972 repository: daemonRepo, 973 containers: &contStore{s: make(map[string]*Container)}, 974 execCommands: newExecStore(), 975 graph: g, 976 repositories: repositories, 977 idIndex: truncindex.NewTruncIndex([]string{}), 978 sysInfo: sysInfo, 979 volumes: volumes, 980 config: config, 981 containerGraph: graph, 982 driver: driver, 983 sysInitPath: sysInitPath, 984 execDriver: ed, 985 eng: eng, 986 trustStore: t, 987 statsCollector: newStatsCollector(1 * time.Second), 988 } 989 if err := daemon.restore(); err != nil { 990 return nil, err 991 } 992 993 // set up filesystem watch on resolv.conf for network changes 994 if err := daemon.setupResolvconfWatcher(); err != nil { 995 return nil, err 996 } 997 998 // Setup shutdown handlers 999 // FIXME: can these shutdown handlers be registered closer to their source? 1000 eng.OnShutdown(func() { 1001 // FIXME: if these cleanup steps can be called concurrently, register 1002 // them as separate handlers to speed up total shutdown time 1003 if err := daemon.shutdown(); err != nil { 1004 log.Errorf("daemon.shutdown(): %s", err) 1005 } 1006 if err := portallocator.ReleaseAll(); err != nil { 1007 log.Errorf("portallocator.ReleaseAll(): %s", err) 1008 } 1009 if err := daemon.driver.Cleanup(); err != nil { 1010 log.Errorf("daemon.driver.Cleanup(): %s", err.Error()) 1011 } 1012 if err := daemon.containerGraph.Close(); err != nil { 1013 log.Errorf("daemon.containerGraph.Close(): %s", err.Error()) 1014 } 1015 }) 1016 1017 return daemon, nil 1018 } 1019 1020 func (daemon *Daemon) shutdown() error { 1021 group := sync.WaitGroup{} 1022 log.Debugf("starting clean shutdown of all containers...") 1023 for _, container := range daemon.List() { 1024 c := container 1025 if c.IsRunning() { 1026 log.Debugf("stopping %s", c.ID) 1027 group.Add(1) 1028 1029 go func() { 1030 defer group.Done() 1031 if err := c.KillSig(15); err != nil { 1032 log.Debugf("kill 15 error for %s - %s", c.ID, err) 1033 } 1034 c.WaitStop(-1 * time.Second) 1035 log.Debugf("container stopped %s", c.ID) 1036 }() 1037 } 1038 } 1039 group.Wait() 1040 1041 return nil 1042 } 1043 1044 func (daemon *Daemon) Mount(container *Container) error { 1045 dir, err := daemon.driver.Get(container.ID, container.GetMountLabel()) 1046 if err != nil { 1047 return fmt.Errorf("Error getting container %s from driver %s: %s", container.ID, daemon.driver, err) 1048 } 1049 if container.basefs == "" { 1050 container.basefs = dir 1051 } else if container.basefs != dir { 1052 daemon.driver.Put(container.ID) 1053 return fmt.Errorf("Error: driver %s is returning inconsistent paths for container %s ('%s' then '%s')", 1054 daemon.driver, container.ID, container.basefs, dir) 1055 } 1056 return nil 1057 } 1058 1059 func (daemon *Daemon) Unmount(container *Container) error { 1060 daemon.driver.Put(container.ID) 1061 return nil 1062 } 1063 1064 func (daemon *Daemon) Changes(container *Container) ([]archive.Change, error) { 1065 initID := fmt.Sprintf("%s-init", container.ID) 1066 return daemon.driver.Changes(container.ID, initID) 1067 } 1068 1069 func (daemon *Daemon) Diff(container *Container) (archive.Archive, error) { 1070 initID := fmt.Sprintf("%s-init", container.ID) 1071 return daemon.driver.Diff(container.ID, initID) 1072 } 1073 1074 func (daemon *Daemon) Run(c *Container, pipes *execdriver.Pipes, startCallback execdriver.StartCallback) (execdriver.ExitStatus, error) { 1075 return daemon.execDriver.Run(c.command, pipes, startCallback) 1076 } 1077 1078 func (daemon *Daemon) Pause(c *Container) error { 1079 if err := daemon.execDriver.Pause(c.command); err != nil { 1080 return err 1081 } 1082 c.SetPaused() 1083 return nil 1084 } 1085 1086 func (daemon *Daemon) Unpause(c *Container) error { 1087 if err := daemon.execDriver.Unpause(c.command); err != nil { 1088 return err 1089 } 1090 c.SetUnpaused() 1091 return nil 1092 } 1093 1094 func (daemon *Daemon) Kill(c *Container, sig int) error { 1095 return daemon.execDriver.Kill(c.command, sig) 1096 } 1097 1098 func (daemon *Daemon) Stats(c *Container) (*execdriver.ResourceStats, error) { 1099 return daemon.execDriver.Stats(c.ID) 1100 } 1101 1102 func (daemon *Daemon) SubscribeToContainerStats(name string) (chan interface{}, error) { 1103 c := daemon.Get(name) 1104 if c == nil { 1105 return nil, fmt.Errorf("no such container") 1106 } 1107 ch := daemon.statsCollector.collect(c) 1108 return ch, nil 1109 } 1110 1111 func (daemon *Daemon) UnsubscribeToContainerStats(name string, ch chan interface{}) error { 1112 c := daemon.Get(name) 1113 if c == nil { 1114 return fmt.Errorf("no such container") 1115 } 1116 daemon.statsCollector.unsubscribe(c, ch) 1117 return nil 1118 } 1119 1120 // Nuke kills all containers then removes all content 1121 // from the content root, including images, volumes and 1122 // container filesystems. 1123 // Again: this will remove your entire docker daemon! 1124 // FIXME: this is deprecated, and only used in legacy 1125 // tests. Please remove. 1126 func (daemon *Daemon) Nuke() error { 1127 var wg sync.WaitGroup 1128 for _, container := range daemon.List() { 1129 wg.Add(1) 1130 go func(c *Container) { 1131 c.Kill() 1132 wg.Done() 1133 }(container) 1134 } 1135 wg.Wait() 1136 1137 return os.RemoveAll(daemon.config.Root) 1138 } 1139 1140 // FIXME: this is a convenience function for integration tests 1141 // which need direct access to daemon.graph. 1142 // Once the tests switch to using engine and jobs, this method 1143 // can go away. 1144 func (daemon *Daemon) Graph() *graph.Graph { 1145 return daemon.graph 1146 } 1147 1148 func (daemon *Daemon) Repositories() *graph.TagStore { 1149 return daemon.repositories 1150 } 1151 1152 func (daemon *Daemon) Config() *Config { 1153 return daemon.config 1154 } 1155 1156 func (daemon *Daemon) SystemConfig() *sysinfo.SysInfo { 1157 return daemon.sysInfo 1158 } 1159 1160 func (daemon *Daemon) SystemInitPath() string { 1161 return daemon.sysInitPath 1162 } 1163 1164 func (daemon *Daemon) GraphDriver() graphdriver.Driver { 1165 return daemon.driver 1166 } 1167 1168 func (daemon *Daemon) ExecutionDriver() execdriver.Driver { 1169 return daemon.execDriver 1170 } 1171 1172 func (daemon *Daemon) ContainerGraph() *graphdb.Database { 1173 return daemon.containerGraph 1174 } 1175 1176 func (daemon *Daemon) ImageGetCached(imgID string, config *runconfig.Config) (*image.Image, error) { 1177 // Retrieve all images 1178 images, err := daemon.Graph().Map() 1179 if err != nil { 1180 return nil, err 1181 } 1182 1183 // Store the tree in a map of map (map[parentId][childId]) 1184 imageMap := make(map[string]map[string]struct{}) 1185 for _, img := range images { 1186 if _, exists := imageMap[img.Parent]; !exists { 1187 imageMap[img.Parent] = make(map[string]struct{}) 1188 } 1189 imageMap[img.Parent][img.ID] = struct{}{} 1190 } 1191 1192 // Loop on the children of the given image and check the config 1193 var match *image.Image 1194 for elem := range imageMap[imgID] { 1195 img, ok := images[elem] 1196 if !ok { 1197 return nil, fmt.Errorf("unable to find image %q", elem) 1198 } 1199 if runconfig.Compare(&img.ContainerConfig, config) { 1200 if match == nil || match.Created.Before(img.Created) { 1201 match = img 1202 } 1203 } 1204 } 1205 return match, nil 1206 } 1207 1208 func checkKernel() error { 1209 // Check for unsupported kernel versions 1210 // FIXME: it would be cleaner to not test for specific versions, but rather 1211 // test for specific functionalities. 1212 // Unfortunately we can't test for the feature "does not cause a kernel panic" 1213 // without actually causing a kernel panic, so we need this workaround until 1214 // the circumstances of pre-3.8 crashes are clearer. 1215 // For details see http://github.com/docker/docker/issues/407 1216 if k, err := kernel.GetKernelVersion(); err != nil { 1217 log.Infof("WARNING: %s", err) 1218 } else { 1219 if kernel.CompareKernelVersion(k, &kernel.KernelVersionInfo{Kernel: 3, Major: 8, Minor: 0}) < 0 { 1220 if os.Getenv("DOCKER_NOWARN_KERNEL_VERSION") == "" { 1221 log.Infof("WARNING: You are running linux kernel version %s, which might be unstable running docker. Please upgrade your kernel to 3.8.0.", k.String()) 1222 } 1223 } 1224 } 1225 return nil 1226 }