Docker plugin add host devices property
Docker 1.2.0 and docker-py 0.6.0 support the device parameter when starting containers(docker run --device[]). Using --device you can add a host device to the container without the --privileged flag.(e.g. --device=/dev/sdc:/dev/xvdc:rwm) Note:":" is used to split the full device path. Reference: (parse_devices function) https://github.com/docker/docker-py/blob/master/docker/utils/utils.py#L259 Change-Id: I7735a8b769062f442cc8f1810dbdecdc6324509e Closes-bug: #1434427
This commit is contained in:
parent
e53b3ff73b
commit
3c4ecc24c5
@ -31,7 +31,9 @@ from heat.engine import support
|
|||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
DOCKER_INSTALLED = False
|
DOCKER_INSTALLED = False
|
||||||
MIN_API_VERSION_MAP = {'read_only': '1.17', 'cpu_shares': '1.8'}
|
MIN_API_VERSION_MAP = {'read_only': '1.17', 'cpu_shares': '1.8',
|
||||||
|
'devices': '1.14'}
|
||||||
|
DEVICE_PATH_REGEX = r"^/dev/[/_\-a-zA-Z0-9]+$"
|
||||||
# conditionally import so tests can work without having the dependency
|
# conditionally import so tests can work without having the dependency
|
||||||
# satisfied
|
# satisfied
|
||||||
try:
|
try:
|
||||||
@ -47,12 +49,13 @@ class DockerContainer(resource.Resource):
|
|||||||
DOCKER_ENDPOINT, HOSTNAME, USER, MEMORY, PORT_SPECS,
|
DOCKER_ENDPOINT, HOSTNAME, USER, MEMORY, PORT_SPECS,
|
||||||
PRIVILEGED, TTY, OPEN_STDIN, STDIN_ONCE, ENV, CMD, DNS,
|
PRIVILEGED, TTY, OPEN_STDIN, STDIN_ONCE, ENV, CMD, DNS,
|
||||||
IMAGE, VOLUMES, VOLUMES_FROM, PORT_BINDINGS, LINKS, NAME,
|
IMAGE, VOLUMES, VOLUMES_FROM, PORT_BINDINGS, LINKS, NAME,
|
||||||
RESTART_POLICY, CAP_ADD, CAP_DROP, READ_ONLY, CPU_SHARES,
|
RESTART_POLICY, CAP_ADD, CAP_DROP, READ_ONLY, CPU_SHARES, DEVICES,
|
||||||
) = (
|
) = (
|
||||||
'docker_endpoint', 'hostname', 'user', 'memory', 'port_specs',
|
'docker_endpoint', 'hostname', 'user', 'memory', 'port_specs',
|
||||||
'privileged', 'tty', 'open_stdin', 'stdin_once', 'env', 'cmd', 'dns',
|
'privileged', 'tty', 'open_stdin', 'stdin_once', 'env', 'cmd', 'dns',
|
||||||
'image', 'volumes', 'volumes_from', 'port_bindings', 'links', 'name',
|
'image', 'volumes', 'volumes_from', 'port_bindings', 'links', 'name',
|
||||||
'restart_policy', 'cap_add', 'cap_drop', 'read_only', 'cpu_shares',
|
'restart_policy', 'cap_add', 'cap_drop', 'read_only', 'cpu_shares',
|
||||||
|
'devices'
|
||||||
)
|
)
|
||||||
|
|
||||||
ATTRIBUTES = (
|
ATTRIBUTES = (
|
||||||
@ -71,6 +74,12 @@ class DockerContainer(resource.Resource):
|
|||||||
'Name', 'MaximumRetryCount',
|
'Name', 'MaximumRetryCount',
|
||||||
)
|
)
|
||||||
|
|
||||||
|
_DEVICES_KEYS = (
|
||||||
|
PATH_ON_HOST, PATH_IN_CONTAINER, PERMISSIONS
|
||||||
|
) = (
|
||||||
|
'path_on_host', 'path_in_container', 'permissions'
|
||||||
|
)
|
||||||
|
|
||||||
_CAPABILITIES = ['SETPCAP', 'SYS_MODULE', 'SYS_RAWIO', 'SYS_PACCT',
|
_CAPABILITIES = ['SETPCAP', 'SYS_MODULE', 'SYS_RAWIO', 'SYS_PACCT',
|
||||||
'SYS_ADMIN', 'SYS_NICE', 'SYS_RESOURCE', 'SYS_TIME',
|
'SYS_ADMIN', 'SYS_NICE', 'SYS_RESOURCE', 'SYS_TIME',
|
||||||
'SYS_TTY_CONFIG', 'MKNOD', 'AUDIT_WRITE',
|
'SYS_TTY_CONFIG', 'MKNOD', 'AUDIT_WRITE',
|
||||||
@ -234,8 +243,49 @@ class DockerContainer(resource.Resource):
|
|||||||
MIN_API_VERSION_MAP['cpu_shares'],
|
MIN_API_VERSION_MAP['cpu_shares'],
|
||||||
default=0,
|
default=0,
|
||||||
support_status=support.SupportStatus(version='2015.2'),
|
support_status=support.SupportStatus(version='2015.2'),
|
||||||
|
),
|
||||||
|
DEVICES: properties.Schema(
|
||||||
|
properties.Schema.LIST,
|
||||||
|
_('Device mappings (only supported for API version >= %s).') %
|
||||||
|
MIN_API_VERSION_MAP['devices'],
|
||||||
|
schema=properties.Schema(
|
||||||
|
properties.Schema.MAP,
|
||||||
|
schema={
|
||||||
|
PATH_ON_HOST: properties.Schema(
|
||||||
|
properties.Schema.STRING,
|
||||||
|
_('The device path on the host.'),
|
||||||
|
constraints=[
|
||||||
|
constraints.Length(max=255),
|
||||||
|
constraints.AllowedPattern(DEVICE_PATH_REGEX),
|
||||||
|
],
|
||||||
|
required=True
|
||||||
|
),
|
||||||
|
PATH_IN_CONTAINER: properties.Schema(
|
||||||
|
properties.Schema.STRING,
|
||||||
|
_('The device path of the container'
|
||||||
|
' mappings to the host.'),
|
||||||
|
constraints=[
|
||||||
|
constraints.Length(max=255),
|
||||||
|
constraints.AllowedPattern(DEVICE_PATH_REGEX),
|
||||||
|
],
|
||||||
|
),
|
||||||
|
PERMISSIONS: properties.Schema(
|
||||||
|
properties.Schema.STRING,
|
||||||
|
_('The permissions of the container to'
|
||||||
|
' read/write/create the devices.'),
|
||||||
|
constraints=[
|
||||||
|
constraints.AllowedValues(['r', 'w', 'm',
|
||||||
|
'rw', 'rm', 'wm',
|
||||||
|
'rwm']),
|
||||||
|
],
|
||||||
|
default='rwm'
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
),
|
||||||
|
default=[],
|
||||||
|
support_status=support.SupportStatus(version='2015.2'),
|
||||||
|
),
|
||||||
|
}
|
||||||
|
|
||||||
attributes_schema = {
|
attributes_schema = {
|
||||||
INFO: attributes.Schema(
|
INFO: attributes.Schema(
|
||||||
@ -380,10 +430,29 @@ class DockerContainer(resource.Resource):
|
|||||||
start_args['cap_drop'] = self.properties[self.CAP_DROP]
|
start_args['cap_drop'] = self.properties[self.CAP_DROP]
|
||||||
if self.properties[self.READ_ONLY]:
|
if self.properties[self.READ_ONLY]:
|
||||||
start_args[self.READ_ONLY] = True
|
start_args[self.READ_ONLY] = True
|
||||||
|
if (self.properties[self.DEVICES] and
|
||||||
|
not self.properties[self.PRIVILEGED]):
|
||||||
|
start_args['devices'] = self._get_mapping_devices(
|
||||||
|
self.properties[self.DEVICES])
|
||||||
|
|
||||||
client.start(container_id, **start_args)
|
client.start(container_id, **start_args)
|
||||||
return container_id
|
return container_id
|
||||||
|
|
||||||
|
def _get_mapping_devices(self, devices):
|
||||||
|
actual_devices = []
|
||||||
|
for device in devices:
|
||||||
|
if device[self.PATH_IN_CONTAINER]:
|
||||||
|
actual_devices.append(':'.join(
|
||||||
|
[device[self.PATH_ON_HOST],
|
||||||
|
device[self.PATH_IN_CONTAINER],
|
||||||
|
device[self.PERMISSIONS]]))
|
||||||
|
else:
|
||||||
|
actual_devices.append(':'.join(
|
||||||
|
[device[self.PATH_ON_HOST],
|
||||||
|
device[self.PATH_ON_HOST],
|
||||||
|
device[self.PERMISSIONS]]))
|
||||||
|
return actual_devices
|
||||||
|
|
||||||
def _get_container_status(self, container_id):
|
def _get_container_status(self, container_id):
|
||||||
client = self.get_client()
|
client = self.get_client()
|
||||||
info = client.inspect_container(container_id)
|
info = client.inspect_container(container_id)
|
||||||
|
@ -360,3 +360,75 @@ class DockerContainerTest(common.HeatTestCase):
|
|||||||
|
|
||||||
def test_create_with_cpu_shares_for_low_api_version(self):
|
def test_create_with_cpu_shares_for_low_api_version(self):
|
||||||
self.arg_for_low_api_version('cpu_shares', 512, '1.7')
|
self.arg_for_low_api_version('cpu_shares', 512, '1.7')
|
||||||
|
|
||||||
|
def test_start_with_mapping_devices(self):
|
||||||
|
t = template_format.parse(template)
|
||||||
|
stack = utils.parse_stack(t)
|
||||||
|
definition = stack.t.resource_definitions(stack)['Blog']
|
||||||
|
definition['Properties']['devices'] = (
|
||||||
|
[{'path_on_host': '/dev/sda',
|
||||||
|
'path_in_container': '/dev/xvdc',
|
||||||
|
'permissions': 'r'},
|
||||||
|
{'path_on_host': '/dev/mapper/a_bc-d',
|
||||||
|
'path_in_container': '/dev/xvdd',
|
||||||
|
'permissions': 'rw'}])
|
||||||
|
my_resource = docker_container.DockerContainer(
|
||||||
|
'Blog', definition, stack)
|
||||||
|
get_client_mock = self.patchobject(my_resource, 'get_client')
|
||||||
|
get_client_mock.return_value = fakeclient.FakeDockerClient()
|
||||||
|
self.assertIsNone(my_resource.validate())
|
||||||
|
scheduler.TaskRunner(my_resource.create)()
|
||||||
|
self.assertEqual((my_resource.CREATE, my_resource.COMPLETE),
|
||||||
|
my_resource.state)
|
||||||
|
client = my_resource.get_client()
|
||||||
|
self.assertEqual(['samalba/wordpress'], client.pulled_images)
|
||||||
|
self.assertEqual(['/dev/sda:/dev/xvdc:r',
|
||||||
|
'/dev/mapper/a_bc-d:/dev/xvdd:rw'],
|
||||||
|
client.container_start[0]['devices'])
|
||||||
|
|
||||||
|
def test_start_with_mapping_devices_also_with_privileged(self):
|
||||||
|
t = template_format.parse(template)
|
||||||
|
stack = utils.parse_stack(t)
|
||||||
|
definition = stack.t.resource_definitions(stack)['Blog']
|
||||||
|
definition['Properties']['devices'] = (
|
||||||
|
[{'path_on_host': '/dev/sdb',
|
||||||
|
'path_in_container': '/dev/xvdc',
|
||||||
|
'permissions': 'r'}])
|
||||||
|
definition['Properties']['privileged'] = True
|
||||||
|
my_resource = docker_container.DockerContainer(
|
||||||
|
'Blog', definition, stack)
|
||||||
|
get_client_mock = self.patchobject(my_resource, 'get_client')
|
||||||
|
get_client_mock.return_value = fakeclient.FakeDockerClient()
|
||||||
|
self.assertIsNone(my_resource.validate())
|
||||||
|
scheduler.TaskRunner(my_resource.create)()
|
||||||
|
self.assertEqual((my_resource.CREATE, my_resource.COMPLETE),
|
||||||
|
my_resource.state)
|
||||||
|
client = my_resource.get_client()
|
||||||
|
self.assertEqual(['samalba/wordpress'], client.pulled_images)
|
||||||
|
self.assertNotIn('devices', client.container_start[0])
|
||||||
|
|
||||||
|
def test_start_with_mapping_devices_for_low_api_version(self):
|
||||||
|
value = ([{'path_on_host': '/dev/sda',
|
||||||
|
'path_in_container': '/dev/xvdc',
|
||||||
|
'permissions': 'rwm'}])
|
||||||
|
self.arg_for_low_api_version('devices', value, '1.13')
|
||||||
|
|
||||||
|
def test_start_with_mapping_devices_not_set_path_in_container(self):
|
||||||
|
t = template_format.parse(template)
|
||||||
|
stack = utils.parse_stack(t)
|
||||||
|
definition = stack.t.resource_definitions(stack)['Blog']
|
||||||
|
definition['Properties']['devices'] = (
|
||||||
|
[{'path_on_host': '/dev/sda',
|
||||||
|
'permissions': 'rwm'}])
|
||||||
|
my_resource = docker_container.DockerContainer(
|
||||||
|
'Blog', definition, stack)
|
||||||
|
get_client_mock = self.patchobject(my_resource, 'get_client')
|
||||||
|
get_client_mock.return_value = fakeclient.FakeDockerClient()
|
||||||
|
self.assertIsNone(my_resource.validate())
|
||||||
|
scheduler.TaskRunner(my_resource.create)()
|
||||||
|
self.assertEqual((my_resource.CREATE, my_resource.COMPLETE),
|
||||||
|
my_resource.state)
|
||||||
|
client = my_resource.get_client()
|
||||||
|
self.assertEqual(['samalba/wordpress'], client.pulled_images)
|
||||||
|
self.assertEqual(['/dev/sda:/dev/sda:rwm'],
|
||||||
|
client.container_start[0]['devices'])
|
||||||
|
Loading…
Reference in New Issue
Block a user