diff --git a/worker/cmd/cmd.go b/worker/cmd/cmd.go index 4ac418715..0f3b9bed5 100644 --- a/worker/cmd/cmd.go +++ b/worker/cmd/cmd.go @@ -99,6 +99,10 @@ func init() { rootCmd.PersistentFlags().Int("logger-max-size", 500, "maximum log file size (in MB)") rootCmd.PersistentFlags().Int("logger-max-backups", 3, "maximum log file backups") rootCmd.PersistentFlags().Int("logger-max-age", 3, "maximum log age") + rootCmd.PersistentFlags().StringSlice("docker-mounts", []string{}, "Global mount points, colon separated") + rootCmd.PersistentFlags().StringSlice("docker-devices", []string{}, "Device redirection, colon separated") + rootCmd.PersistentFlags().Bool("docker-privileged", false, "Run build container in privileged mode") + rootCmd.PersistentFlags().StringSlice("docker-addcaps", []string{}, "Add Linux capabilities") } func initDefaults() { @@ -118,6 +122,10 @@ func initDefaults() { viper.BindPFlag("logger.maxsize", rootCmd.PersistentFlags().Lookup("logger-max-size")) viper.BindPFlag("logger.maxbackups", rootCmd.PersistentFlags().Lookup("logger-max-backups")) viper.BindPFlag("logger.maxage", rootCmd.PersistentFlags().Lookup("logger-max-age")) + viper.BindPFlag("docker.mounts", rootCmd.PersistentFlags().Lookup("docker-mounts")) + viper.BindPFlag("docker.devices", rootCmd.PersistentFlags().Lookup("docker-devices")) + viper.BindPFlag("docker.privileged", rootCmd.PersistentFlags().Lookup("docker-privileged")) + viper.BindPFlag("docker.addcaps", rootCmd.PersistentFlags().Lookup("docker-addcaps")) } func newConfig() *config.Config { @@ -185,7 +193,7 @@ func newConfig() *config.Config { fatal(err) } - docker.Init(cfg.Registry) + docker.Init(cfg) return cfg } diff --git a/worker/config/config.go b/worker/config/config.go index d39bf5b13..a2db373fc 100644 --- a/worker/config/config.go +++ b/worker/config/config.go @@ -11,6 +11,7 @@ type ( Auth *Auth `json:"auth"` Registry *Registry `json:"registry"` Logger *Logger `json:"logger"` + Docker *Docker `json:"docker"` } // Server configuration. @@ -55,4 +56,12 @@ type ( Level string `json:"level"` Stdout bool `json:"stdout"` } + + // Docker Additional host configuration. + Docker struct { + Mounts []string `json:"mounts"` + Devices []string `json:"devices"` + Privileged bool `json:"privileged"` + AddCaps []string `json:"addcaps"` + } ) diff --git a/worker/docker/docker.go b/worker/docker/docker.go index a17421392..4368288c6 100644 --- a/worker/docker/docker.go +++ b/worker/docker/docker.go @@ -254,8 +254,22 @@ func createContainer(cli *client.Client, name, image, dir string, cmd []string, mounts := []mount.Mount{ {Type: mount.TypeBind, Source: path.Join(dir), Target: "/build"}, } - for i := range mountdir { - m := strings.Split(mountdir[i], ":") + var devices []container.DeviceMapping + + for _, elem := range cfg.host.Devices { + m := strings.Split(elem, ":") + if len(m) != 2 || !fs.Exists(m[0]) { + continue + } + devices = append(devices, container.DeviceMapping{ + PathOnHost: m[0], + PathInContainer: m[1], + CgroupPermissions: "rwm", + }) + } + + for _, elem := range append(mountdir, cfg.host.Mounts...) { + m := strings.Split(elem, ":") if len(m) != 2 || !fs.Exists(m[0]) { continue } @@ -273,7 +287,10 @@ func createContainer(cli *client.Client, name, image, dir string, cmd []string, Env: env, WorkingDir: "/build", }, &container.HostConfig{ - Mounts: mounts, + Mounts: mounts, + CapAdd: cfg.host.AddCaps, + Resources: container.Resources{Devices: devices}, + Privileged: cfg.host.Privileged, }, nil, nil, name) } diff --git a/worker/docker/image.go b/worker/docker/image.go index 9ae826392..c2a8fd0e4 100644 --- a/worker/docker/image.go +++ b/worker/docker/image.go @@ -76,7 +76,7 @@ func PushImage(tag string) (io.ReadCloser, error) { } tag = prependTag(tag) - authConfig := types.AuthConfig{Username: cfg.Username, Password: cfg.Password} + authConfig := types.AuthConfig{Username: cfg.registry.Username, Password: cfg.registry.Password} authJSON, _ := json.Marshal(authConfig) auth := base64.URLEncoding.EncodeToString(authJSON) @@ -93,8 +93,8 @@ func PullImage(image string, config *config.Registry) error { opts := types.ImagePullOptions{} - if cfg.Username != "" && cfg.Password != "" { - authConfig := types.AuthConfig{Username: cfg.Username, Password: cfg.Password} + if cfg.registry.Username != "" && cfg.registry.Password != "" { + authConfig := types.AuthConfig{Username: cfg.registry.Username, Password: cfg.registry.Password} authJSON, _ := json.Marshal(authConfig) opts.RegistryAuth = base64.URLEncoding.EncodeToString(authJSON) } @@ -148,8 +148,8 @@ func configureTags(tags []string) []string { } func prependTag(tag string) string { - if !strings.HasPrefix(tag, cfg.Addr) { - tag = path.Clean(path.Join(cfg.Addr, tag)) + if !strings.HasPrefix(tag, cfg.registry.Addr) { + tag = path.Clean(path.Join(cfg.registry.Addr, tag)) } return tag } diff --git a/worker/docker/init.go b/worker/docker/init.go index e70a17469..ae9911940 100644 --- a/worker/docker/init.go +++ b/worker/docker/init.go @@ -3,10 +3,14 @@ package docker import "github.com/bleenco/abstruse/worker/config" var ( - cfg *config.Registry + cfg struct { + registry *config.Registry + host *config.Docker + } ) // Init initializes global variables -func Init(config *config.Registry) { - cfg = config +func Init(config *config.Config) { + cfg.registry = config.Registry + cfg.host = config.Docker }