From e9e3481bd9cbd97415c904f7f38c9648689fd5d6 Mon Sep 17 00:00:00 2001
From: Le Zhang <zhangl@us.ibm.com>
Date: Tue, 17 Oct 2023 13:17:28 -0400
Subject: [PATCH] Issue open-horizon#3912 - Feature Request: Anax to support
 the -ipc=host docker run parameter

Signed-off-by: Le Zhang <zhangl@us.ibm.com>
---
 cli/native_deployment/native_deployment.go |  3 +--
 container/container.go                     | 18 +++++++++---------
 containermessage/models.go                 |  4 ++--
 docs/deployment_string.md                  |  1 +
 4 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/cli/native_deployment/native_deployment.go b/cli/native_deployment/native_deployment.go
index 6554c63db..03ddfff36 100644
--- a/cli/native_deployment/native_deployment.go
+++ b/cli/native_deployment/native_deployment.go
@@ -5,7 +5,6 @@ import (
 	"crypto/sha256"
 	"encoding/json"
 	"errors"
-
 	dockerclient "github.com/fsouza/go-dockerclient"
 	"github.com/open-horizon/anax/cli/cliutils"
 	"github.com/open-horizon/anax/cli/dev"
@@ -174,7 +173,7 @@ func (p *NativeDeploymentConfigPlugin) Validate(dep interface{}, cdep interface{
 }
 
 // This can't be a const because a map literal isn't a const in go
-var VALID_DEPLOYMENT_FIELDS = map[string]int8{"image": 1, "privileged": 1, "cap_add": 1, "environment": 1, "devices": 1, "binds": 1, "specific_ports": 1, "command": 1, "ports": 1, "ephemeral_ports": 1, "tmpfs": 1, "network": 1, "entrypoint": 1, "max_memory_mb": 1, "max_cpus": 1, "log_driver": 1, "secrets": 1, "pid": 1, "user": 1, "sysctls": 1}
+var VALID_DEPLOYMENT_FIELDS = map[string]int8{"image": 1, "privileged": 1, "cap_add": 1, "environment": 1, "devices": 1, "binds": 1, "specific_ports": 1, "command": 1, "ports": 1, "ephemeral_ports": 1, "tmpfs": 1, "network": 1, "entrypoint": 1, "max_memory_mb": 1, "max_cpus": 1, "log_driver": 1, "secrets": 1, "pid": 1, "user": 1, "sysctls": 1, "ipc": 1}
 
 // CheckDeploymentService verifies it has the required 'image' key, and checks for keys we don't recognize.
 // For now it only prints a warning for unrecognized keys, in case we recently added a key to anax and haven't updated hzn yet.
diff --git a/container/container.go b/container/container.go
index f371f7229..3c2ea426a 100644
--- a/container/container.go
+++ b/container/container.go
@@ -7,15 +7,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
-	"io/ioutil"
-	"math/big"
-	"os"
-	"os/user"
-	"path"
-	"strconv"
-	"strings"
-
 	"github.com/boltdb/bolt"
 	"github.com/coreos/go-iptables/iptables"
 	docker "github.com/fsouza/go-dockerclient"
@@ -32,6 +23,14 @@ import (
 	"github.com/open-horizon/anax/resource"
 	"github.com/open-horizon/anax/worker"
 	"golang.org/x/sys/unix"
+	"io"
+	"io/ioutil"
+	"math/big"
+	"os"
+	"os/user"
+	"path"
+	"strconv"
+	"strings"
 )
 
 const LABEL_PREFIX = "openhorizon.anax"
@@ -373,6 +372,7 @@ func (w *ContainerWorker) finalizeDeployment(agreementId string, deployment *con
 				SecurityOpt:     service.SecurityOpt,
 				Sysctls:         service.Sysctls,
 				PidMode:         service.PID,
+				IpcMode:         service.Ipc,
 			},
 		}
 
diff --git a/containermessage/models.go b/containermessage/models.go
index 03f0bd46f..44d5b1ca6 100644
--- a/containermessage/models.go
+++ b/containermessage/models.go
@@ -5,10 +5,9 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	docker "github.com/fsouza/go-dockerclient"
 	"reflect"
 	"strings"
-
-	docker "github.com/fsouza/go-dockerclient"
 )
 
 /*
@@ -176,6 +175,7 @@ type Service struct {
 	PID              string               `json:"pid,omitempty"`          // The process id that the container should run in, see docker run --pid
 	User             string               `json:"user,omitempty"`         // The linux user ID (UID format) in which the container should run, see docker run -user
 	Sysctls          map[string]string    `json:"sysctls,omitempty"`      // The namespaced kernel parameters (sysctls) for this container, see docker run --sysctls
+	Ipc              string               `json:"ipc,omitempty"`          // The ipc mode for this container, see docker run --ipc
 }
 
 func (s *Service) AddFilesystemBinding(bind string) {
diff --git a/docs/deployment_string.md b/docs/deployment_string.md
index fc5e2a627..b25443dc7 100644
--- a/docs/deployment_string.md
+++ b/docs/deployment_string.md
@@ -66,6 +66,7 @@ Because {{site.data.keyword.edge_notm}} uses the docker API to start the contain
     - `user`: Sets the username or UID used. root (id = 0) is the default user within a container. The image developer can create additional users. Those users are accessible by name. When passing a numeric ID, the user does not have to exist in the container.
     - `pid`: Set the PID (Process) Namespace mode for the container. `container:<name|id>` joins another container's PID namespace. `host` use the host's PID namespace inside the container. In certain cases you want your container to share the host’s process namespace, basically allowing processes within the container to see all of the processes on the system.
     - `sysctls`: Sysctl settings are exposed by Kubernetes, allowing users to modify certain kernel parameters at runtime for namespaces within a container. The parameters cover various subsystems, such as: networking (common prefix: net.), kernel (common prefix: kernel.), virtual memory (common prefix: vm.), MDADM (common prefix: dev.). To get a list of all parameters, you can run: `sudo sysctl -a`
+    - `ipc`: Sets the IPC mode for the container. Equivalent to the `docker run --ipc` flag. The accepted values are: `"", "none", "private", "shareable", "container:<name-or-id>", "host"`. If not specified, daemon default is used.
 
 ## clusterDeployment String Fields
 {: #clusterdeployment-fields}