aboutsummaryrefslogtreecommitdiffstats
path: root/docker-api
diff options
context:
space:
mode:
authorfreva <valerijf@yahoo-inc.com>2017-01-25 13:36:02 +0100
committerfreva <valerijf@yahoo-inc.com>2017-01-25 13:36:02 +0100
commit38d41cdf0cb341772fdcd076fddd2820498f3da0 (patch)
treecd73102342bd18ac6d2f74b34763bbc5423bc765 /docker-api
parente28f5cbd79a0b596e020c35ec9e905cf8daac63b (diff)
Added exec command as root, default executes as "yahoo" to DockerImpl
Diffstat (limited to 'docker-api')
-rw-r--r--docker-api/pom.xml2
-rw-r--r--docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/Docker.java5
-rw-r--r--docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java13
-rw-r--r--docker-api/src/test/java/com/yahoo/vespa/hosted/dockerapi/DockerImplTest.java1
-rw-r--r--docker-api/src/test/java/com/yahoo/vespa/hosted/dockerapi/DockerTest.java6
5 files changed, 22 insertions, 5 deletions
diff --git a/docker-api/pom.xml b/docker-api/pom.xml
index 53c5c15a929..bde2465f01f 100644
--- a/docker-api/pom.xml
+++ b/docker-api/pom.xml
@@ -26,7 +26,7 @@
<dependency>
<groupId>com.github.docker-java</groupId>
<artifactId>docker-java</artifactId>
- <version>3.0.6</version>
+ <version>3.0.7</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/Docker.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/Docker.java
index c62a1222353..6468e14fc64 100644
--- a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/Docker.java
+++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/Docker.java
@@ -80,10 +80,13 @@ public interface Docker {
void deleteUnusedDockerImages();
/**
- * TODO: Make this function interruptible, see https://github.com/spotify/docker-client/issues/421
+ * Execute a command in docker container as "yahoo" user
+ * TODO: Make this function interruptible
*
* @param args Program arguments. args[0] must be the program filename.
* @throws RuntimeException (or some subclass thereof) on failure, including docker failure, command failure
*/
ProcessResult executeInContainer(ContainerName containerName, String... args);
+
+ ProcessResult executeInContainerAsRoot(ContainerName containerName, String... args);
}
diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java
index bc4bb4f0823..3681b65565d 100644
--- a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java
+++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java
@@ -225,12 +225,25 @@ public class DockerImpl implements Docker {
@Override
public ProcessResult executeInContainer(ContainerName containerName, String... args) {
+ return executeInContainerAsUser(containerName, "yahoo", args);
+ }
+
+ @Override
+ public ProcessResult executeInContainerAsRoot(ContainerName containerName, String... args) {
+ return executeInContainerAsUser(containerName, "root", args);
+ }
+
+ /**
+ * Execute command in container as user, "user" can be "username", "username:group", "uid" or "uid:gid"
+ */
+ private ProcessResult executeInContainerAsUser(ContainerName containerName, String user, String... args) {
assert args.length >= 1;
try {
final ExecCreateCmdResponse response = dockerClient.execCreateCmd(containerName.asString())
.withCmd(args)
.withAttachStdout(true)
.withAttachStderr(true)
+ .withUser(user)
.exec();
ByteArrayOutputStream output = new ByteArrayOutputStream();
diff --git a/docker-api/src/test/java/com/yahoo/vespa/hosted/dockerapi/DockerImplTest.java b/docker-api/src/test/java/com/yahoo/vespa/hosted/dockerapi/DockerImplTest.java
index e051addb0dd..c94f93c9937 100644
--- a/docker-api/src/test/java/com/yahoo/vespa/hosted/dockerapi/DockerImplTest.java
+++ b/docker-api/src/test/java/com/yahoo/vespa/hosted/dockerapi/DockerImplTest.java
@@ -101,6 +101,7 @@ public class DockerImplTest {
when(execCreateCmd.withCmd(Matchers.<String>anyVararg())).thenReturn(execCreateCmd);
when(execCreateCmd.withAttachStdout(any(Boolean.class))).thenReturn(execCreateCmd);
when(execCreateCmd.withAttachStderr(any(Boolean.class))).thenReturn(execCreateCmd);
+ when(execCreateCmd.withUser(any(String.class))).thenReturn(execCreateCmd);
when(execCreateCmd.exec()).thenReturn(response);
final ExecStartCmd execStartCmd = mock(ExecStartCmd.class);
diff --git a/docker-api/src/test/java/com/yahoo/vespa/hosted/dockerapi/DockerTest.java b/docker-api/src/test/java/com/yahoo/vespa/hosted/dockerapi/DockerTest.java
index fc12e3247c9..cf24fb7c826 100644
--- a/docker-api/src/test/java/com/yahoo/vespa/hosted/dockerapi/DockerTest.java
+++ b/docker-api/src/test/java/com/yahoo/vespa/hosted/dockerapi/DockerTest.java
@@ -70,8 +70,8 @@ public class DockerTest {
.withMemoryInMb(100).create();
docker.startContainer(containerName2);
- // 137 = 128 + 9 = kill -9 (SIGKILL)
- assertThat(docker.executeInContainer(containerName2, "python", "/pysrc/fillmem.py", "90").getExitStatus(), is(137));
+ // 137 = 128 + 9 = kill -9 (SIGKILL), doesn't need to be run as "root", but "yahoo" does not exist in this basic image
+ assertThat(docker.executeInContainerAsRoot(containerName2, "python", "/pysrc/fillmem.py", "90").getExitStatus(), is(137));
// Verify that both HTTP servers are still up
testReachabilityFromHost("http://" + inetAddress1.getHostAddress() + "/ping");
@@ -129,7 +129,7 @@ public class DockerTest {
testReachabilityFromHost("http://" + inetAddress2.getHostAddress() + "/ping");
String[] curlFromNodeToNode = new String[]{"curl", "-g", "http://" + inetAddress2.getHostAddress() + "/ping"};
- ProcessResult result = docker.executeInContainer(containerName1, curlFromNodeToNode);
+ ProcessResult result = docker.executeInContainerAsRoot(containerName1, curlFromNodeToNode);
assertThat("Could not reach " + containerName2.asString() + " from " + containerName1.asString(),
result.getOutput(), is("pong\n"));