Skip to content

Commit

Permalink
Issue #3912 - Feature Request: Anax to support the -ipc=host docker r…
Browse files Browse the repository at this point in the history
…un parameter

Signed-off-by: Le Zhang <[email protected]>
  • Loading branch information
LiilyZhang committed Oct 17, 2023
1 parent 17512f7 commit e9e3481
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 13 deletions.
3 changes: 1 addition & 2 deletions cli/native_deployment/native_deployment.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ import (
"crypto/sha256"
"encoding/json"
"errors"

dockerclient "github.com/fsouza/go-dockerclient"
"github.com/open-horizon/anax/cli/cliutils"
"github.com/open-horizon/anax/cli/dev"
Expand Down Expand Up @@ -174,7 +173,7 @@ func (p *NativeDeploymentConfigPlugin) Validate(dep interface{}, cdep interface{
}

// This can't be a const because a map literal isn't a const in go
var VALID_DEPLOYMENT_FIELDS = map[string]int8{"image": 1, "privileged": 1, "cap_add": 1, "environment": 1, "devices": 1, "binds": 1, "specific_ports": 1, "command": 1, "ports": 1, "ephemeral_ports": 1, "tmpfs": 1, "network": 1, "entrypoint": 1, "max_memory_mb": 1, "max_cpus": 1, "log_driver": 1, "secrets": 1, "pid": 1, "user": 1, "sysctls": 1}
var VALID_DEPLOYMENT_FIELDS = map[string]int8{"image": 1, "privileged": 1, "cap_add": 1, "environment": 1, "devices": 1, "binds": 1, "specific_ports": 1, "command": 1, "ports": 1, "ephemeral_ports": 1, "tmpfs": 1, "network": 1, "entrypoint": 1, "max_memory_mb": 1, "max_cpus": 1, "log_driver": 1, "secrets": 1, "pid": 1, "user": 1, "sysctls": 1, "ipc": 1}

// CheckDeploymentService verifies it has the required 'image' key, and checks for keys we don't recognize.
// For now it only prints a warning for unrecognized keys, in case we recently added a key to anax and haven't updated hzn yet.
Expand Down
18 changes: 9 additions & 9 deletions container/container.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,6 @@ import (
"encoding/json"
"errors"
"fmt"
"io"
"io/ioutil"
"math/big"
"os"
"os/user"
"path"
"strconv"
"strings"

"github.com/boltdb/bolt"
"github.com/coreos/go-iptables/iptables"
docker "github.com/fsouza/go-dockerclient"
Expand All @@ -32,6 +23,14 @@ import (
"github.com/open-horizon/anax/resource"
"github.com/open-horizon/anax/worker"
"golang.org/x/sys/unix"
"io"
"io/ioutil"
"math/big"
"os"
"os/user"
"path"
"strconv"
"strings"
)

const LABEL_PREFIX = "openhorizon.anax"
Expand Down Expand Up @@ -373,6 +372,7 @@ func (w *ContainerWorker) finalizeDeployment(agreementId string, deployment *con
SecurityOpt: service.SecurityOpt,
Sysctls: service.Sysctls,
PidMode: service.PID,
IpcMode: service.Ipc,
},
}

Expand Down
4 changes: 2 additions & 2 deletions containermessage/models.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,9 @@ import (
"encoding/json"
"errors"
"fmt"
docker "github.com/fsouza/go-dockerclient"
"reflect"
"strings"

docker "github.com/fsouza/go-dockerclient"
)

/*
Expand Down Expand Up @@ -176,6 +175,7 @@ type Service struct {
PID string `json:"pid,omitempty"` // The process id that the container should run in, see docker run --pid
User string `json:"user,omitempty"` // The linux user ID (UID format) in which the container should run, see docker run -user
Sysctls map[string]string `json:"sysctls,omitempty"` // The namespaced kernel parameters (sysctls) for this container, see docker run --sysctls
Ipc string `json:"ipc,omitempty"` // The ipc mode for this container, see docker run --ipc
}

func (s *Service) AddFilesystemBinding(bind string) {
Expand Down
1 change: 1 addition & 0 deletions docs/deployment_string.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ Because {{site.data.keyword.edge_notm}} uses the docker API to start the contain
- `user`: Sets the username or UID used. root (id = 0) is the default user within a container. The image developer can create additional users. Those users are accessible by name. When passing a numeric ID, the user does not have to exist in the container.
- `pid`: Set the PID (Process) Namespace mode for the container. `container:<name|id>` joins another container's PID namespace. `host` use the host's PID namespace inside the container. In certain cases you want your container to share the host’s process namespace, basically allowing processes within the container to see all of the processes on the system.
- `sysctls`: Sysctl settings are exposed by Kubernetes, allowing users to modify certain kernel parameters at runtime for namespaces within a container. The parameters cover various subsystems, such as: networking (common prefix: net.), kernel (common prefix: kernel.), virtual memory (common prefix: vm.), MDADM (common prefix: dev.). To get a list of all parameters, you can run: `sudo sysctl -a`
- `ipc`: Sets the IPC mode for the container. Equivalent to the `docker run --ipc` flag. The accepted values are: `"", "none", "private", "shareable", "container:<name-or-id>", "host"`. If not specified, daemon default is used.

## clusterDeployment String Fields
{: #clusterdeployment-fields}
Expand Down

0 comments on commit e9e3481

Please sign in to comment.