1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.hosted.dockerapi;
import com.yahoo.config.provision.DockerImage;
import java.net.InetAddress;
import java.nio.file.Path;
import java.time.Duration;
import java.util.List;
import java.util.Optional;
import java.util.OptionalLong;
/**
* API to simplify the com.github.dockerjava API for clients,
* and to avoid OSGi exporting those classes.
*/
public interface Docker {
interface CreateContainerCommand {
CreateContainerCommand withHostName(String hostname);
CreateContainerCommand withResources(ContainerResources containerResources);
CreateContainerCommand withLabel(String name, String value);
CreateContainerCommand withEnvironment(String name, String value);
/**
* Mounts a directory on host inside the docker container.
*
* <p>Bind mount content will be <b>private</b> to this container (and host) only.
*
* <p>When using this method and selinux is enabled (/usr/sbin/sestatus), starting
* multiple containers which mount host's /foo directory into the container, will make
* /foo's content visible/readable/writable only inside the container which was last
* started and on the host. All the other containers will get "Permission denied".
*
* <p>Use {@link #withSharedVolume(Path, Path)} to mount a given host directory
* into multiple containers.
*/
CreateContainerCommand withVolume(Path path, Path volumePath);
/**
* Mounts a directory on host inside the docker container.
*
* <p>The bind mount content will be <b>shared</b> among multiple containers.
*
* @see #withVolume(Path, Path)
*/
CreateContainerCommand withSharedVolume(Path path, Path volumePath);
CreateContainerCommand withNetworkMode(String mode);
CreateContainerCommand withIpAddress(InetAddress address);
CreateContainerCommand withUlimit(String name, int softLimit, int hardLimit);
CreateContainerCommand withEntrypoint(String... entrypoint);
CreateContainerCommand withManagedBy(String manager);
CreateContainerCommand withAddCapability(String capabilityName);
CreateContainerCommand withDropCapability(String capabilityName);
CreateContainerCommand withSecurityOpts(String securityOpt);
CreateContainerCommand withPrivileged(boolean privileged);
void create();
}
CreateContainerCommand createContainerCommand(DockerImage dockerImage, ContainerName containerName);
Optional<ContainerStats> getContainerStats(ContainerName containerName);
void startContainer(ContainerName containerName);
void stopContainer(ContainerName containerName);
void deleteContainer(ContainerName containerName);
void updateContainer(ContainerName containerName, ContainerResources containerResources);
Optional<Container> getContainer(ContainerName containerName);
/**
* Checks if the image is currently being pulled or is already pulled, if not, starts an async
* pull of the image
*
* @param image Docker image to pull
* @return true iff image being pulled, false otherwise
*/
boolean pullImageAsyncIfNeeded(DockerImage image);
/** List all containers, including those not running. */
List<ContainerLite> listAllContainers();
/**
* Deletes the local images that are currently not in use by any container and not recently used.
*/
boolean deleteUnusedDockerImages(List<DockerImage> excludes, Duration minImageAgeToDelete);
/**
* @param containerName The name of the container
* @param user can be "username", "username:group", "uid" or "uid:gid"
* @param timeoutSeconds Timeout for the process to finish in seconds or without timeout if empty
* @param command The command with arguments to run
*
* @return exitcodes, stdout and stderr in the ProcessResult
*/
ProcessResult executeInContainerAsUser(ContainerName containerName, String user, OptionalLong timeoutSeconds, String... command);
}
|