mirror of https://github.com/docker/cli.git
1516 lines
48 KiB
Go
1516 lines
48 KiB
Go
package service
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"sort"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/docker/cli/cli"
|
|
"github.com/docker/cli/cli/command"
|
|
"github.com/docker/cli/opts"
|
|
"github.com/docker/docker/api/types"
|
|
"github.com/docker/docker/api/types/container"
|
|
mounttypes "github.com/docker/docker/api/types/mount"
|
|
"github.com/docker/docker/api/types/swarm"
|
|
"github.com/docker/docker/api/types/versions"
|
|
"github.com/docker/docker/client"
|
|
units "github.com/docker/go-units"
|
|
"github.com/moby/swarmkit/v2/api/defaults"
|
|
"github.com/pkg/errors"
|
|
"github.com/spf13/cobra"
|
|
"github.com/spf13/pflag"
|
|
)
|
|
|
|
func newUpdateCommand(dockerCli command.Cli) *cobra.Command {
|
|
options := newServiceOptions()
|
|
|
|
cmd := &cobra.Command{
|
|
Use: "update [OPTIONS] SERVICE",
|
|
Short: "Update a service",
|
|
Args: cli.ExactArgs(1),
|
|
RunE: func(cmd *cobra.Command, args []string) error {
|
|
return runUpdate(dockerCli, cmd.Flags(), options, args[0])
|
|
},
|
|
ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
|
|
return CompletionFn(dockerCli)(cmd, args, toComplete)
|
|
},
|
|
}
|
|
|
|
flags := cmd.Flags()
|
|
flags.String("image", "", "Service image tag")
|
|
flags.Var(&ShlexOpt{}, "args", "Service command args")
|
|
flags.Bool(flagRollback, false, "Rollback to previous specification")
|
|
flags.SetAnnotation(flagRollback, "version", []string{"1.25"})
|
|
flags.Bool("force", false, "Force update even if no changes require it")
|
|
flags.SetAnnotation("force", "version", []string{"1.25"})
|
|
addServiceFlags(flags, options, nil)
|
|
|
|
flags.Var(newListOptsVar(), flagEnvRemove, "Remove an environment variable")
|
|
flags.Var(newListOptsVar(), flagGroupRemove, "Remove a previously added supplementary user group from the container")
|
|
flags.SetAnnotation(flagGroupRemove, "version", []string{"1.25"})
|
|
flags.Var(newListOptsVar(), flagLabelRemove, "Remove a label by its key")
|
|
flags.Var(newListOptsVar(), flagContainerLabelRemove, "Remove a container label by its key")
|
|
flags.Var(newListOptsVar(), flagMountRemove, "Remove a mount by its target path")
|
|
// flags.Var(newListOptsVar().WithValidator(validatePublishRemove), flagPublishRemove, "Remove a published port by its target port")
|
|
flags.Var(&opts.PortOpt{}, flagPublishRemove, "Remove a published port by its target port")
|
|
flags.Var(newListOptsVar(), flagConstraintRemove, "Remove a constraint")
|
|
flags.Var(newListOptsVar(), flagDNSRemove, "Remove a custom DNS server")
|
|
flags.SetAnnotation(flagDNSRemove, "version", []string{"1.25"})
|
|
flags.Var(newListOptsVar(), flagDNSOptionRemove, "Remove a DNS option")
|
|
flags.SetAnnotation(flagDNSOptionRemove, "version", []string{"1.25"})
|
|
flags.Var(newListOptsVar(), flagDNSSearchRemove, "Remove a DNS search domain")
|
|
flags.SetAnnotation(flagDNSSearchRemove, "version", []string{"1.25"})
|
|
flags.Var(newListOptsVar(), flagHostRemove, "Remove a custom host-to-IP mapping (host:ip)")
|
|
flags.SetAnnotation(flagHostRemove, "version", []string{"1.25"})
|
|
flags.Var(&options.labels, flagLabelAdd, "Add or update a service label")
|
|
flags.Var(&options.containerLabels, flagContainerLabelAdd, "Add or update a container label")
|
|
flags.Var(&options.env, flagEnvAdd, "Add or update an environment variable")
|
|
flags.Var(newListOptsVar(), flagSecretRemove, "Remove a secret")
|
|
flags.SetAnnotation(flagSecretRemove, "version", []string{"1.25"})
|
|
flags.Var(&options.secrets, flagSecretAdd, "Add or update a secret on a service")
|
|
flags.SetAnnotation(flagSecretAdd, "version", []string{"1.25"})
|
|
|
|
flags.Var(newListOptsVar(), flagConfigRemove, "Remove a configuration file")
|
|
flags.SetAnnotation(flagConfigRemove, "version", []string{"1.30"})
|
|
flags.Var(&options.configs, flagConfigAdd, "Add or update a config file on a service")
|
|
flags.SetAnnotation(flagConfigAdd, "version", []string{"1.30"})
|
|
|
|
flags.Var(&options.mounts, flagMountAdd, "Add or update a mount on a service")
|
|
flags.Var(&options.constraints, flagConstraintAdd, "Add or update a placement constraint")
|
|
flags.Var(&options.placementPrefs, flagPlacementPrefAdd, "Add a placement preference")
|
|
flags.SetAnnotation(flagPlacementPrefAdd, "version", []string{"1.28"})
|
|
flags.Var(&placementPrefOpts{}, flagPlacementPrefRemove, "Remove a placement preference")
|
|
flags.SetAnnotation(flagPlacementPrefRemove, "version", []string{"1.28"})
|
|
flags.Var(&options.networks, flagNetworkAdd, "Add a network")
|
|
flags.SetAnnotation(flagNetworkAdd, "version", []string{"1.29"})
|
|
flags.Var(newListOptsVar(), flagNetworkRemove, "Remove a network")
|
|
flags.SetAnnotation(flagNetworkRemove, "version", []string{"1.29"})
|
|
flags.Var(&options.endpoint.publishPorts, flagPublishAdd, "Add or update a published port")
|
|
flags.Var(&options.groups, flagGroupAdd, "Add an additional supplementary user group to the container")
|
|
flags.SetAnnotation(flagGroupAdd, "version", []string{"1.25"})
|
|
flags.Var(&options.dns, flagDNSAdd, "Add or update a custom DNS server")
|
|
flags.SetAnnotation(flagDNSAdd, "version", []string{"1.25"})
|
|
flags.Var(&options.dnsOption, flagDNSOptionAdd, "Add or update a DNS option")
|
|
flags.SetAnnotation(flagDNSOptionAdd, "version", []string{"1.25"})
|
|
flags.Var(&options.dnsSearch, flagDNSSearchAdd, "Add or update a custom DNS search domain")
|
|
flags.SetAnnotation(flagDNSSearchAdd, "version", []string{"1.25"})
|
|
flags.Var(&options.hosts, flagHostAdd, "Add a custom host-to-IP mapping (host:ip)")
|
|
flags.SetAnnotation(flagHostAdd, "version", []string{"1.25"})
|
|
flags.BoolVar(&options.init, flagInit, false, "Use an init inside each service container to forward signals and reap processes")
|
|
flags.SetAnnotation(flagInit, "version", []string{"1.37"})
|
|
flags.Var(&options.sysctls, flagSysCtlAdd, "Add or update a Sysctl option")
|
|
flags.SetAnnotation(flagSysCtlAdd, "version", []string{"1.40"})
|
|
flags.Var(newListOptsVar(), flagSysCtlRemove, "Remove a Sysctl option")
|
|
flags.SetAnnotation(flagSysCtlRemove, "version", []string{"1.40"})
|
|
flags.Var(&options.ulimits, flagUlimitAdd, "Add or update a ulimit option")
|
|
flags.SetAnnotation(flagUlimitAdd, "version", []string{"1.41"})
|
|
flags.Var(newListOptsVar(), flagUlimitRemove, "Remove a ulimit option")
|
|
flags.SetAnnotation(flagUlimitRemove, "version", []string{"1.41"})
|
|
|
|
// Add needs parsing, Remove only needs the key
|
|
flags.Var(newListOptsVar(), flagGenericResourcesRemove, "Remove a Generic resource")
|
|
flags.SetAnnotation(flagHostAdd, "version", []string{"1.32"})
|
|
flags.Var(newListOptsVarWithValidator(ValidateSingleGenericResource), flagGenericResourcesAdd, "Add a Generic resource")
|
|
flags.SetAnnotation(flagHostAdd, "version", []string{"1.32"})
|
|
|
|
return cmd
|
|
}
|
|
|
|
func newListOptsVar() *opts.ListOpts {
|
|
return opts.NewListOptsRef(&[]string{}, nil)
|
|
}
|
|
|
|
func newListOptsVarWithValidator(validator opts.ValidatorFctType) *opts.ListOpts {
|
|
return opts.NewListOptsRef(&[]string{}, validator)
|
|
}
|
|
|
|
//nolint:gocyclo
|
|
func runUpdate(dockerCli command.Cli, flags *pflag.FlagSet, options *serviceOptions, serviceID string) error {
|
|
apiClient := dockerCli.Client()
|
|
ctx := context.Background()
|
|
|
|
service, _, err := apiClient.ServiceInspectWithRaw(ctx, serviceID, types.ServiceInspectOptions{})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
rollback, err := flags.GetBool(flagRollback)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// There are two ways to do user-requested rollback. The old way is
|
|
// client-side, but with a sufficiently recent daemon we prefer
|
|
// server-side, because it will honor the rollback parameters.
|
|
var (
|
|
clientSideRollback bool
|
|
serverSideRollback bool
|
|
)
|
|
|
|
spec := &service.Spec
|
|
if rollback {
|
|
// Rollback can't be combined with other flags.
|
|
otherFlagsPassed := false
|
|
flags.VisitAll(func(f *pflag.Flag) {
|
|
if f.Name == flagRollback || f.Name == flagDetach || f.Name == flagQuiet {
|
|
return
|
|
}
|
|
if flags.Changed(f.Name) {
|
|
otherFlagsPassed = true
|
|
}
|
|
})
|
|
if otherFlagsPassed {
|
|
return errors.New("other flags may not be combined with --rollback")
|
|
}
|
|
|
|
if versions.LessThan(apiClient.ClientVersion(), "1.28") {
|
|
clientSideRollback = true
|
|
spec = service.PreviousSpec
|
|
if spec == nil {
|
|
return errors.Errorf("service does not have a previous specification to roll back to")
|
|
}
|
|
} else {
|
|
serverSideRollback = true
|
|
}
|
|
}
|
|
|
|
updateOpts := types.ServiceUpdateOptions{}
|
|
if serverSideRollback {
|
|
updateOpts.Rollback = "previous"
|
|
}
|
|
|
|
err = updateService(ctx, apiClient, flags, spec)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if flags.Changed("image") {
|
|
if err := resolveServiceImageDigestContentTrust(dockerCli, spec); err != nil {
|
|
return err
|
|
}
|
|
if !options.noResolveImage && versions.GreaterThanOrEqualTo(apiClient.ClientVersion(), "1.30") {
|
|
updateOpts.QueryRegistry = true
|
|
}
|
|
}
|
|
|
|
updatedSecrets, err := getUpdatedSecrets(apiClient, flags, spec.TaskTemplate.ContainerSpec.Secrets)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
spec.TaskTemplate.ContainerSpec.Secrets = updatedSecrets
|
|
|
|
updatedConfigs, err := getUpdatedConfigs(apiClient, flags, spec.TaskTemplate.ContainerSpec)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
spec.TaskTemplate.ContainerSpec.Configs = updatedConfigs
|
|
|
|
// set the credential spec value after get the updated configs, because we
|
|
// might need the updated configs to set the correct value of the
|
|
// CredentialSpec.
|
|
updateCredSpecConfig(flags, spec.TaskTemplate.ContainerSpec)
|
|
|
|
// only send auth if flag was set
|
|
sendAuth, err := flags.GetBool(flagRegistryAuth)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if sendAuth {
|
|
// Retrieve encoded auth token from the image reference
|
|
// This would be the old image if it didn't change in this update
|
|
image := spec.TaskTemplate.ContainerSpec.Image
|
|
encodedAuth, err := command.RetrieveAuthTokenFromImage(ctx, dockerCli, image)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
updateOpts.EncodedRegistryAuth = encodedAuth
|
|
} else if clientSideRollback {
|
|
updateOpts.RegistryAuthFrom = types.RegistryAuthFromPreviousSpec
|
|
} else {
|
|
updateOpts.RegistryAuthFrom = types.RegistryAuthFromSpec
|
|
}
|
|
|
|
response, err := apiClient.ServiceUpdate(ctx, service.ID, service.Version, *spec, updateOpts)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, warning := range response.Warnings {
|
|
fmt.Fprintln(dockerCli.Err(), warning)
|
|
}
|
|
|
|
fmt.Fprintf(dockerCli.Out(), "%s\n", serviceID)
|
|
|
|
if options.detach || versions.LessThan(apiClient.ClientVersion(), "1.29") {
|
|
return nil
|
|
}
|
|
|
|
return waitOnService(ctx, dockerCli, serviceID, options.quiet)
|
|
}
|
|
|
|
//nolint:gocyclo
|
|
func updateService(ctx context.Context, apiClient client.NetworkAPIClient, flags *pflag.FlagSet, spec *swarm.ServiceSpec) error {
|
|
updateBoolPtr := func(flag string, field **bool) {
|
|
if flags.Changed(flag) {
|
|
b, _ := flags.GetBool(flag)
|
|
*field = &b
|
|
}
|
|
}
|
|
updateString := func(flag string, field *string) {
|
|
if flags.Changed(flag) {
|
|
*field, _ = flags.GetString(flag)
|
|
}
|
|
}
|
|
|
|
updateInt64Value := func(flag string, field *int64) {
|
|
if flags.Changed(flag) {
|
|
*field = flags.Lookup(flag).Value.(int64Value).Value()
|
|
}
|
|
}
|
|
|
|
updateFloatValue := func(flag string, field *float32) {
|
|
if flags.Changed(flag) {
|
|
*field = flags.Lookup(flag).Value.(*floatValue).Value()
|
|
}
|
|
}
|
|
|
|
updateDuration := func(flag string, field *time.Duration) {
|
|
if flags.Changed(flag) {
|
|
*field, _ = flags.GetDuration(flag)
|
|
}
|
|
}
|
|
|
|
updateDurationOpt := func(flag string, field **time.Duration) {
|
|
if flags.Changed(flag) {
|
|
val := *flags.Lookup(flag).Value.(*opts.DurationOpt).Value()
|
|
*field = &val
|
|
}
|
|
}
|
|
|
|
updateInt64 := func(flag string, field *int64) {
|
|
if flags.Changed(flag) {
|
|
*field, _ = flags.GetInt64(flag)
|
|
}
|
|
}
|
|
|
|
updateUint64 := func(flag string, field *uint64) {
|
|
if flags.Changed(flag) {
|
|
*field, _ = flags.GetUint64(flag)
|
|
}
|
|
}
|
|
|
|
updateUint64Opt := func(flag string, field **uint64) {
|
|
if flags.Changed(flag) {
|
|
val := *flags.Lookup(flag).Value.(*Uint64Opt).Value()
|
|
*field = &val
|
|
}
|
|
}
|
|
|
|
updateIsolation := func(flag string, field *container.Isolation) error {
|
|
if flags.Changed(flag) {
|
|
val, _ := flags.GetString(flag)
|
|
*field = container.Isolation(val)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
cspec := spec.TaskTemplate.ContainerSpec
|
|
task := &spec.TaskTemplate
|
|
|
|
taskResources := func() *swarm.ResourceRequirements {
|
|
if task.Resources == nil {
|
|
task.Resources = &swarm.ResourceRequirements{}
|
|
}
|
|
if task.Resources.Limits == nil {
|
|
task.Resources.Limits = &swarm.Limit{}
|
|
}
|
|
if task.Resources.Reservations == nil {
|
|
task.Resources.Reservations = &swarm.Resources{}
|
|
}
|
|
return task.Resources
|
|
}
|
|
|
|
updateLabels(flags, &spec.Labels)
|
|
updateContainerLabels(flags, &cspec.Labels)
|
|
updateString("image", &cspec.Image)
|
|
updateStringToSlice(flags, "args", &cspec.Args)
|
|
updateStringToSlice(flags, flagEntrypoint, &cspec.Command)
|
|
updateEnvironment(flags, &cspec.Env)
|
|
updateString(flagWorkdir, &cspec.Dir)
|
|
updateString(flagUser, &cspec.User)
|
|
updateString(flagHostname, &cspec.Hostname)
|
|
updateBoolPtr(flagInit, &cspec.Init)
|
|
if err := updateIsolation(flagIsolation, &cspec.Isolation); err != nil {
|
|
return err
|
|
}
|
|
if err := updateMounts(flags, &cspec.Mounts); err != nil {
|
|
return err
|
|
}
|
|
|
|
updateSysCtls(flags, &task.ContainerSpec.Sysctls)
|
|
task.ContainerSpec.Ulimits = updateUlimits(flags, task.ContainerSpec.Ulimits)
|
|
|
|
if anyChanged(flags, flagLimitCPU, flagLimitMemory, flagLimitPids) {
|
|
taskResources().Limits = spec.TaskTemplate.Resources.Limits
|
|
updateInt64Value(flagLimitCPU, &task.Resources.Limits.NanoCPUs)
|
|
updateInt64Value(flagLimitMemory, &task.Resources.Limits.MemoryBytes)
|
|
updateInt64(flagLimitPids, &task.Resources.Limits.Pids)
|
|
}
|
|
|
|
if anyChanged(flags, flagReserveCPU, flagReserveMemory) {
|
|
taskResources().Reservations = spec.TaskTemplate.Resources.Reservations
|
|
updateInt64Value(flagReserveCPU, &task.Resources.Reservations.NanoCPUs)
|
|
updateInt64Value(flagReserveMemory, &task.Resources.Reservations.MemoryBytes)
|
|
}
|
|
|
|
if err := addGenericResources(flags, task); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := removeGenericResources(flags, task); err != nil {
|
|
return err
|
|
}
|
|
|
|
updateDurationOpt(flagStopGracePeriod, &cspec.StopGracePeriod)
|
|
|
|
if anyChanged(flags, flagRestartCondition, flagRestartDelay, flagRestartMaxAttempts, flagRestartWindow) {
|
|
if task.RestartPolicy == nil {
|
|
task.RestartPolicy = defaultRestartPolicy()
|
|
}
|
|
if flags.Changed(flagRestartCondition) {
|
|
value, _ := flags.GetString(flagRestartCondition)
|
|
task.RestartPolicy.Condition = swarm.RestartPolicyCondition(value)
|
|
}
|
|
updateDurationOpt(flagRestartDelay, &task.RestartPolicy.Delay)
|
|
updateUint64Opt(flagRestartMaxAttempts, &task.RestartPolicy.MaxAttempts)
|
|
updateDurationOpt(flagRestartWindow, &task.RestartPolicy.Window)
|
|
}
|
|
|
|
if anyChanged(flags, flagConstraintAdd, flagConstraintRemove) {
|
|
if task.Placement == nil {
|
|
task.Placement = &swarm.Placement{}
|
|
}
|
|
updatePlacementConstraints(flags, task.Placement)
|
|
}
|
|
|
|
if anyChanged(flags, flagPlacementPrefAdd, flagPlacementPrefRemove) {
|
|
if task.Placement == nil {
|
|
task.Placement = &swarm.Placement{}
|
|
}
|
|
updatePlacementPreferences(flags, task.Placement)
|
|
}
|
|
|
|
if anyChanged(flags, flagNetworkAdd, flagNetworkRemove) {
|
|
if err := updateNetworks(ctx, apiClient, flags, spec); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
if err := updateReplicas(flags, &spec.Mode); err != nil {
|
|
return err
|
|
}
|
|
|
|
if anyChanged(flags, flagMaxReplicas) {
|
|
updateUint64(flagMaxReplicas, &task.Placement.MaxReplicas)
|
|
}
|
|
|
|
if anyChanged(flags, flagUpdateParallelism, flagUpdateDelay, flagUpdateMonitor, flagUpdateFailureAction, flagUpdateMaxFailureRatio, flagUpdateOrder) {
|
|
if spec.UpdateConfig == nil {
|
|
spec.UpdateConfig = updateConfigFromDefaults(defaults.Service.Update)
|
|
}
|
|
updateUint64(flagUpdateParallelism, &spec.UpdateConfig.Parallelism)
|
|
updateDuration(flagUpdateDelay, &spec.UpdateConfig.Delay)
|
|
updateDuration(flagUpdateMonitor, &spec.UpdateConfig.Monitor)
|
|
updateString(flagUpdateFailureAction, &spec.UpdateConfig.FailureAction)
|
|
updateFloatValue(flagUpdateMaxFailureRatio, &spec.UpdateConfig.MaxFailureRatio)
|
|
updateString(flagUpdateOrder, &spec.UpdateConfig.Order)
|
|
}
|
|
|
|
if anyChanged(flags, flagRollbackParallelism, flagRollbackDelay, flagRollbackMonitor, flagRollbackFailureAction, flagRollbackMaxFailureRatio, flagRollbackOrder) {
|
|
if spec.RollbackConfig == nil {
|
|
spec.RollbackConfig = updateConfigFromDefaults(defaults.Service.Rollback)
|
|
}
|
|
updateUint64(flagRollbackParallelism, &spec.RollbackConfig.Parallelism)
|
|
updateDuration(flagRollbackDelay, &spec.RollbackConfig.Delay)
|
|
updateDuration(flagRollbackMonitor, &spec.RollbackConfig.Monitor)
|
|
updateString(flagRollbackFailureAction, &spec.RollbackConfig.FailureAction)
|
|
updateFloatValue(flagRollbackMaxFailureRatio, &spec.RollbackConfig.MaxFailureRatio)
|
|
updateString(flagRollbackOrder, &spec.RollbackConfig.Order)
|
|
}
|
|
|
|
if flags.Changed(flagEndpointMode) {
|
|
value, _ := flags.GetString(flagEndpointMode)
|
|
if spec.EndpointSpec == nil {
|
|
spec.EndpointSpec = &swarm.EndpointSpec{}
|
|
}
|
|
spec.EndpointSpec.Mode = swarm.ResolutionMode(value)
|
|
}
|
|
|
|
if anyChanged(flags, flagGroupAdd, flagGroupRemove) {
|
|
if err := updateGroups(flags, &cspec.Groups); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
if anyChanged(flags, flagPublishAdd, flagPublishRemove) {
|
|
if spec.EndpointSpec == nil {
|
|
spec.EndpointSpec = &swarm.EndpointSpec{}
|
|
}
|
|
if err := updatePorts(flags, &spec.EndpointSpec.Ports); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
if anyChanged(flags, flagDNSAdd, flagDNSRemove, flagDNSOptionAdd, flagDNSOptionRemove, flagDNSSearchAdd, flagDNSSearchRemove) {
|
|
if cspec.DNSConfig == nil {
|
|
cspec.DNSConfig = &swarm.DNSConfig{}
|
|
}
|
|
if err := updateDNSConfig(flags, &cspec.DNSConfig); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
if anyChanged(flags, flagHostAdd, flagHostRemove) {
|
|
if err := updateHosts(flags, &cspec.Hosts); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
if err := updateLogDriver(flags, &spec.TaskTemplate); err != nil {
|
|
return err
|
|
}
|
|
|
|
force, err := flags.GetBool("force")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if force {
|
|
spec.TaskTemplate.ForceUpdate++
|
|
}
|
|
|
|
if err := updateHealthcheck(flags, cspec); err != nil {
|
|
return err
|
|
}
|
|
|
|
if flags.Changed(flagTTY) {
|
|
tty, err := flags.GetBool(flagTTY)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
cspec.TTY = tty
|
|
}
|
|
|
|
if flags.Changed(flagReadOnly) {
|
|
readOnly, err := flags.GetBool(flagReadOnly)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
cspec.ReadOnly = readOnly
|
|
}
|
|
|
|
updateString(flagStopSignal, &cspec.StopSignal)
|
|
|
|
if anyChanged(flags, flagCapAdd, flagCapDrop) {
|
|
updateCapabilities(flags, cspec)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func updateStringToSlice(flags *pflag.FlagSet, flag string, field *[]string) {
|
|
if !flags.Changed(flag) {
|
|
return
|
|
}
|
|
|
|
*field = flags.Lookup(flag).Value.(*ShlexOpt).Value()
|
|
}
|
|
|
|
func anyChanged(flags *pflag.FlagSet, fields ...string) bool {
|
|
for _, flag := range fields {
|
|
if flags.Changed(flag) {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func addGenericResources(flags *pflag.FlagSet, spec *swarm.TaskSpec) error {
|
|
if !flags.Changed(flagGenericResourcesAdd) {
|
|
return nil
|
|
}
|
|
|
|
if spec.Resources == nil {
|
|
spec.Resources = &swarm.ResourceRequirements{}
|
|
}
|
|
|
|
if spec.Resources.Reservations == nil {
|
|
spec.Resources.Reservations = &swarm.Resources{}
|
|
}
|
|
|
|
values := flags.Lookup(flagGenericResourcesAdd).Value.(*opts.ListOpts).GetAll()
|
|
generic, err := ParseGenericResources(values)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
m, err := buildGenericResourceMap(spec.Resources.Reservations.GenericResources)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, toAddRes := range generic {
|
|
m[toAddRes.DiscreteResourceSpec.Kind] = toAddRes
|
|
}
|
|
|
|
spec.Resources.Reservations.GenericResources = buildGenericResourceList(m)
|
|
|
|
return nil
|
|
}
|
|
|
|
func removeGenericResources(flags *pflag.FlagSet, spec *swarm.TaskSpec) error {
|
|
// Can only be Discrete Resources
|
|
if !flags.Changed(flagGenericResourcesRemove) {
|
|
return nil
|
|
}
|
|
|
|
if spec.Resources == nil {
|
|
spec.Resources = &swarm.ResourceRequirements{}
|
|
}
|
|
|
|
if spec.Resources.Reservations == nil {
|
|
spec.Resources.Reservations = &swarm.Resources{}
|
|
}
|
|
|
|
values := flags.Lookup(flagGenericResourcesRemove).Value.(*opts.ListOpts).GetAll()
|
|
|
|
m, err := buildGenericResourceMap(spec.Resources.Reservations.GenericResources)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, toRemoveRes := range values {
|
|
if _, ok := m[toRemoveRes]; !ok {
|
|
return fmt.Errorf("could not find generic-resource `%s` to remove it", toRemoveRes)
|
|
}
|
|
|
|
delete(m, toRemoveRes)
|
|
}
|
|
|
|
spec.Resources.Reservations.GenericResources = buildGenericResourceList(m)
|
|
return nil
|
|
}
|
|
|
|
func updatePlacementConstraints(flags *pflag.FlagSet, placement *swarm.Placement) {
|
|
if flags.Changed(flagConstraintAdd) {
|
|
values := flags.Lookup(flagConstraintAdd).Value.(*opts.ListOpts).GetAll()
|
|
placement.Constraints = append(placement.Constraints, values...)
|
|
}
|
|
toRemove := buildToRemoveSet(flags, flagConstraintRemove)
|
|
|
|
newConstraints := []string{}
|
|
for _, constraint := range placement.Constraints {
|
|
if _, exists := toRemove[constraint]; !exists {
|
|
newConstraints = append(newConstraints, constraint)
|
|
}
|
|
}
|
|
// Sort so that result is predictable.
|
|
sort.Strings(newConstraints)
|
|
|
|
placement.Constraints = newConstraints
|
|
}
|
|
|
|
func updatePlacementPreferences(flags *pflag.FlagSet, placement *swarm.Placement) {
|
|
var newPrefs []swarm.PlacementPreference
|
|
|
|
if flags.Changed(flagPlacementPrefRemove) {
|
|
for _, existing := range placement.Preferences {
|
|
removed := false
|
|
for _, removal := range flags.Lookup(flagPlacementPrefRemove).Value.(*placementPrefOpts).prefs {
|
|
if removal.Spread != nil && existing.Spread != nil && removal.Spread.SpreadDescriptor == existing.Spread.SpreadDescriptor {
|
|
removed = true
|
|
break
|
|
}
|
|
}
|
|
if !removed {
|
|
newPrefs = append(newPrefs, existing)
|
|
}
|
|
}
|
|
} else {
|
|
newPrefs = placement.Preferences
|
|
}
|
|
|
|
if flags.Changed(flagPlacementPrefAdd) {
|
|
newPrefs = append(newPrefs,
|
|
flags.Lookup(flagPlacementPrefAdd).Value.(*placementPrefOpts).prefs...)
|
|
}
|
|
|
|
placement.Preferences = newPrefs
|
|
}
|
|
|
|
func updateContainerLabels(flags *pflag.FlagSet, field *map[string]string) {
|
|
if *field != nil && flags.Changed(flagContainerLabelRemove) {
|
|
toRemove := flags.Lookup(flagContainerLabelRemove).Value.(*opts.ListOpts).GetAll()
|
|
for _, label := range toRemove {
|
|
delete(*field, label)
|
|
}
|
|
}
|
|
if flags.Changed(flagContainerLabelAdd) {
|
|
if *field == nil {
|
|
*field = map[string]string{}
|
|
}
|
|
|
|
values := flags.Lookup(flagContainerLabelAdd).Value.(*opts.ListOpts).GetAll()
|
|
for key, value := range opts.ConvertKVStringsToMap(values) {
|
|
(*field)[key] = value
|
|
}
|
|
}
|
|
}
|
|
|
|
func updateLabels(flags *pflag.FlagSet, field *map[string]string) {
|
|
if *field != nil && flags.Changed(flagLabelRemove) {
|
|
toRemove := flags.Lookup(flagLabelRemove).Value.(*opts.ListOpts).GetAll()
|
|
for _, label := range toRemove {
|
|
delete(*field, label)
|
|
}
|
|
}
|
|
if flags.Changed(flagLabelAdd) {
|
|
if *field == nil {
|
|
*field = map[string]string{}
|
|
}
|
|
|
|
values := flags.Lookup(flagLabelAdd).Value.(*opts.ListOpts).GetAll()
|
|
for key, value := range opts.ConvertKVStringsToMap(values) {
|
|
(*field)[key] = value
|
|
}
|
|
}
|
|
}
|
|
|
|
func updateSysCtls(flags *pflag.FlagSet, field *map[string]string) {
|
|
if *field != nil && flags.Changed(flagSysCtlRemove) {
|
|
values := flags.Lookup(flagSysCtlRemove).Value.(*opts.ListOpts).GetAll()
|
|
for key := range opts.ConvertKVStringsToMap(values) {
|
|
delete(*field, key)
|
|
}
|
|
}
|
|
if flags.Changed(flagSysCtlAdd) {
|
|
if *field == nil {
|
|
*field = map[string]string{}
|
|
}
|
|
|
|
values := flags.Lookup(flagSysCtlAdd).Value.(*opts.ListOpts).GetAll()
|
|
for key, value := range opts.ConvertKVStringsToMap(values) {
|
|
(*field)[key] = value
|
|
}
|
|
}
|
|
}
|
|
|
|
func updateUlimits(flags *pflag.FlagSet, ulimits []*units.Ulimit) []*units.Ulimit {
|
|
newUlimits := make(map[string]*units.Ulimit)
|
|
|
|
for _, ulimit := range ulimits {
|
|
newUlimits[ulimit.Name] = ulimit
|
|
}
|
|
if flags.Changed(flagUlimitRemove) {
|
|
values := flags.Lookup(flagUlimitRemove).Value.(*opts.ListOpts).GetAll()
|
|
for key := range opts.ConvertKVStringsToMap(values) {
|
|
delete(newUlimits, key)
|
|
}
|
|
}
|
|
|
|
if flags.Changed(flagUlimitAdd) {
|
|
for _, ulimit := range flags.Lookup(flagUlimitAdd).Value.(*opts.UlimitOpt).GetList() {
|
|
newUlimits[ulimit.Name] = ulimit
|
|
}
|
|
}
|
|
|
|
var limits []*units.Ulimit
|
|
for _, ulimit := range newUlimits {
|
|
limits = append(limits, ulimit)
|
|
}
|
|
sort.SliceStable(limits, func(i, j int) bool {
|
|
return limits[i].Name < limits[j].Name
|
|
})
|
|
return limits
|
|
}
|
|
|
|
func updateEnvironment(flags *pflag.FlagSet, field *[]string) {
|
|
toRemove := buildToRemoveSet(flags, flagEnvRemove)
|
|
*field = removeItems(*field, toRemove, envKey)
|
|
|
|
if flags.Changed(flagEnvAdd) {
|
|
envSet := map[string]string{}
|
|
for _, v := range *field {
|
|
envSet[envKey(v)] = v
|
|
}
|
|
|
|
value := flags.Lookup(flagEnvAdd).Value.(*opts.ListOpts)
|
|
for _, v := range value.GetAll() {
|
|
envSet[envKey(v)] = v
|
|
}
|
|
|
|
*field = []string{}
|
|
for _, v := range envSet {
|
|
*field = append(*field, v)
|
|
}
|
|
}
|
|
}
|
|
|
|
func getUpdatedSecrets(apiClient client.SecretAPIClient, flags *pflag.FlagSet, secrets []*swarm.SecretReference) ([]*swarm.SecretReference, error) {
|
|
newSecrets := []*swarm.SecretReference{}
|
|
|
|
toRemove := buildToRemoveSet(flags, flagSecretRemove)
|
|
for _, secret := range secrets {
|
|
if _, exists := toRemove[secret.SecretName]; !exists {
|
|
newSecrets = append(newSecrets, secret)
|
|
}
|
|
}
|
|
|
|
if flags.Changed(flagSecretAdd) {
|
|
values := flags.Lookup(flagSecretAdd).Value.(*opts.SecretOpt).Value()
|
|
|
|
addSecrets, err := ParseSecrets(apiClient, values)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
newSecrets = append(newSecrets, addSecrets...)
|
|
}
|
|
|
|
return newSecrets, nil
|
|
}
|
|
|
|
func getUpdatedConfigs(apiClient client.ConfigAPIClient, flags *pflag.FlagSet, spec *swarm.ContainerSpec) ([]*swarm.ConfigReference, error) {
|
|
var (
|
|
// credSpecConfigName stores the name of the config specified by the
|
|
// credential-spec flag. if a Runtime target Config with this name is
|
|
// already in the containerSpec, then this value will be set to
|
|
// emptystring in the removeConfigs stage. otherwise, a ConfigReference
|
|
// will be created to pass to ParseConfigs to get the ConfigID.
|
|
credSpecConfigName string
|
|
// credSpecConfigID stores the ID of the credential spec config if that
|
|
// config is being carried over from the old set of references
|
|
credSpecConfigID string
|
|
)
|
|
|
|
if flags.Changed(flagCredentialSpec) {
|
|
credSpec := flags.Lookup(flagCredentialSpec).Value.(*credentialSpecOpt).Value()
|
|
credSpecConfigName = credSpec.Config
|
|
} else {
|
|
// if the credential spec flag has not changed, then check if there
|
|
// already is a credentialSpec. if there is one, and it's for a Config,
|
|
// then it's from the old object, and its value is the config ID. we
|
|
// need this so we don't remove the config if the credential spec is
|
|
// not being updated.
|
|
if spec.Privileges != nil && spec.Privileges.CredentialSpec != nil {
|
|
if config := spec.Privileges.CredentialSpec.Config; config != "" {
|
|
credSpecConfigID = config
|
|
}
|
|
}
|
|
}
|
|
|
|
newConfigs := removeConfigs(flags, spec, credSpecConfigName, credSpecConfigID)
|
|
|
|
// resolveConfigs is a slice of any new configs that need to have the ID
|
|
// resolved
|
|
resolveConfigs := []*swarm.ConfigReference{}
|
|
|
|
if flags.Changed(flagConfigAdd) {
|
|
resolveConfigs = append(resolveConfigs, flags.Lookup(flagConfigAdd).Value.(*opts.ConfigOpt).Value()...)
|
|
}
|
|
|
|
// if credSpecConfigNameis non-empty at this point, it means its a new
|
|
// config, and we need to resolve its ID accordingly.
|
|
if credSpecConfigName != "" {
|
|
resolveConfigs = append(resolveConfigs, &swarm.ConfigReference{
|
|
ConfigName: credSpecConfigName,
|
|
Runtime: &swarm.ConfigReferenceRuntimeTarget{},
|
|
})
|
|
}
|
|
|
|
if len(resolveConfigs) > 0 {
|
|
addConfigs, err := ParseConfigs(apiClient, resolveConfigs)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
newConfigs = append(newConfigs, addConfigs...)
|
|
}
|
|
|
|
return newConfigs, nil
|
|
}
|
|
|
|
// removeConfigs figures out which configs in the existing spec should be kept
|
|
// after the update.
|
|
func removeConfigs(flags *pflag.FlagSet, spec *swarm.ContainerSpec, credSpecName, credSpecID string) []*swarm.ConfigReference {
|
|
keepConfigs := []*swarm.ConfigReference{}
|
|
|
|
toRemove := buildToRemoveSet(flags, flagConfigRemove)
|
|
// all configs in spec.Configs should have both a Name and ID, because
|
|
// they come from an already-accepted spec.
|
|
for _, config := range spec.Configs {
|
|
// if the config is a Runtime target, make sure it's still in use right
|
|
// now, the only use for Runtime target is credential specs. if, in
|
|
// the future, more uses are added, then this check will need to be
|
|
// made more intelligent.
|
|
if config.Runtime != nil {
|
|
// if we're carrying over a credential spec explicitly (because the
|
|
// user passed --credential-spec with the same config name) then we
|
|
// should match on credSpecName. if we're carrying over a
|
|
// credential spec implicitly (because the user did not pass any
|
|
// --credential-spec flag) then we should match on credSpecID. in
|
|
// either case, we're keeping the config that already exists.
|
|
if config.ConfigName == credSpecName || config.ConfigID == credSpecID {
|
|
keepConfigs = append(keepConfigs, config)
|
|
}
|
|
// continue the loop, to skip the part where we check if the config
|
|
// is in toRemove.
|
|
continue
|
|
}
|
|
|
|
if _, exists := toRemove[config.ConfigName]; !exists {
|
|
keepConfigs = append(keepConfigs, config)
|
|
}
|
|
}
|
|
|
|
return keepConfigs
|
|
}
|
|
|
|
func envKey(value string) string {
|
|
k, _, _ := strings.Cut(value, "=")
|
|
return k
|
|
}
|
|
|
|
func buildToRemoveSet(flags *pflag.FlagSet, flag string) map[string]struct{} {
|
|
var empty struct{}
|
|
toRemove := make(map[string]struct{})
|
|
|
|
if !flags.Changed(flag) {
|
|
return toRemove
|
|
}
|
|
|
|
toRemoveSlice := flags.Lookup(flag).Value.(*opts.ListOpts).GetAll()
|
|
for _, key := range toRemoveSlice {
|
|
toRemove[key] = empty
|
|
}
|
|
return toRemove
|
|
}
|
|
|
|
func removeItems(
|
|
seq []string,
|
|
toRemove map[string]struct{},
|
|
keyFunc func(string) string,
|
|
) []string {
|
|
newSeq := []string{}
|
|
for _, item := range seq {
|
|
if _, exists := toRemove[keyFunc(item)]; !exists {
|
|
newSeq = append(newSeq, item)
|
|
}
|
|
}
|
|
return newSeq
|
|
}
|
|
|
|
func updateMounts(flags *pflag.FlagSet, mounts *[]mounttypes.Mount) error {
|
|
mountsByTarget := map[string]mounttypes.Mount{}
|
|
|
|
if flags.Changed(flagMountAdd) {
|
|
values := flags.Lookup(flagMountAdd).Value.(*opts.MountOpt).Value()
|
|
for _, mount := range values {
|
|
if _, ok := mountsByTarget[mount.Target]; ok {
|
|
return errors.Errorf("duplicate mount target")
|
|
}
|
|
mountsByTarget[mount.Target] = mount
|
|
}
|
|
}
|
|
|
|
// Add old list of mount points minus updated one.
|
|
for _, mount := range *mounts {
|
|
if _, ok := mountsByTarget[mount.Target]; !ok {
|
|
mountsByTarget[mount.Target] = mount
|
|
}
|
|
}
|
|
|
|
newMounts := []mounttypes.Mount{}
|
|
|
|
toRemove := buildToRemoveSet(flags, flagMountRemove)
|
|
|
|
for _, mount := range mountsByTarget {
|
|
if _, exists := toRemove[mount.Target]; !exists {
|
|
newMounts = append(newMounts, mount)
|
|
}
|
|
}
|
|
sort.Slice(newMounts, func(i, j int) bool {
|
|
a, b := newMounts[i], newMounts[j]
|
|
|
|
if a.Source == b.Source {
|
|
return a.Target < b.Target
|
|
}
|
|
|
|
return a.Source < b.Source
|
|
})
|
|
*mounts = newMounts
|
|
return nil
|
|
}
|
|
|
|
func updateGroups(flags *pflag.FlagSet, groups *[]string) error {
|
|
if flags.Changed(flagGroupAdd) {
|
|
values := flags.Lookup(flagGroupAdd).Value.(*opts.ListOpts).GetAll()
|
|
*groups = append(*groups, values...)
|
|
}
|
|
toRemove := buildToRemoveSet(flags, flagGroupRemove)
|
|
|
|
newGroups := []string{}
|
|
for _, group := range *groups {
|
|
if _, exists := toRemove[group]; !exists {
|
|
newGroups = append(newGroups, group)
|
|
}
|
|
}
|
|
// Sort so that result is predictable.
|
|
sort.Strings(newGroups)
|
|
|
|
*groups = newGroups
|
|
return nil
|
|
}
|
|
|
|
func removeDuplicates(entries []string) []string {
|
|
hit := map[string]bool{}
|
|
newEntries := []string{}
|
|
for _, v := range entries {
|
|
if !hit[v] {
|
|
newEntries = append(newEntries, v)
|
|
hit[v] = true
|
|
}
|
|
}
|
|
return newEntries
|
|
}
|
|
|
|
func updateDNSConfig(flags *pflag.FlagSet, config **swarm.DNSConfig) error {
|
|
newConfig := &swarm.DNSConfig{}
|
|
|
|
nameservers := (*config).Nameservers
|
|
if flags.Changed(flagDNSAdd) {
|
|
values := flags.Lookup(flagDNSAdd).Value.(*opts.ListOpts).GetAll()
|
|
nameservers = append(nameservers, values...)
|
|
}
|
|
nameservers = removeDuplicates(nameservers)
|
|
toRemove := buildToRemoveSet(flags, flagDNSRemove)
|
|
for _, nameserver := range nameservers {
|
|
if _, exists := toRemove[nameserver]; !exists {
|
|
newConfig.Nameservers = append(newConfig.Nameservers, nameserver)
|
|
}
|
|
}
|
|
// Sort so that result is predictable.
|
|
sort.Strings(newConfig.Nameservers)
|
|
|
|
search := (*config).Search
|
|
if flags.Changed(flagDNSSearchAdd) {
|
|
values := flags.Lookup(flagDNSSearchAdd).Value.(*opts.ListOpts).GetAll()
|
|
search = append(search, values...)
|
|
}
|
|
search = removeDuplicates(search)
|
|
toRemove = buildToRemoveSet(flags, flagDNSSearchRemove)
|
|
for _, entry := range search {
|
|
if _, exists := toRemove[entry]; !exists {
|
|
newConfig.Search = append(newConfig.Search, entry)
|
|
}
|
|
}
|
|
// Sort so that result is predictable.
|
|
sort.Strings(newConfig.Search)
|
|
|
|
options := (*config).Options
|
|
if flags.Changed(flagDNSOptionAdd) {
|
|
values := flags.Lookup(flagDNSOptionAdd).Value.(*opts.ListOpts).GetAll()
|
|
options = append(options, values...)
|
|
}
|
|
options = removeDuplicates(options)
|
|
toRemove = buildToRemoveSet(flags, flagDNSOptionRemove)
|
|
for _, option := range options {
|
|
if _, exists := toRemove[option]; !exists {
|
|
newConfig.Options = append(newConfig.Options, option)
|
|
}
|
|
}
|
|
// Sort so that result is predictable.
|
|
sort.Strings(newConfig.Options)
|
|
|
|
*config = newConfig
|
|
return nil
|
|
}
|
|
|
|
func portConfigToString(portConfig *swarm.PortConfig) string {
|
|
protocol := portConfig.Protocol
|
|
mode := portConfig.PublishMode
|
|
return fmt.Sprintf("%v:%v/%s/%s", portConfig.PublishedPort, portConfig.TargetPort, protocol, mode)
|
|
}
|
|
|
|
func updatePorts(flags *pflag.FlagSet, portConfig *[]swarm.PortConfig) error {
|
|
// The key of the map is `port/protocol`, e.g., `80/tcp`
|
|
portSet := map[string]swarm.PortConfig{}
|
|
|
|
// Build the current list of portConfig
|
|
for _, entry := range *portConfig {
|
|
entry := entry
|
|
if _, ok := portSet[portConfigToString(&entry)]; !ok {
|
|
portSet[portConfigToString(&entry)] = entry
|
|
}
|
|
}
|
|
|
|
newPorts := []swarm.PortConfig{}
|
|
|
|
// Clean current ports
|
|
toRemove := flags.Lookup(flagPublishRemove).Value.(*opts.PortOpt).Value()
|
|
portLoop:
|
|
for _, port := range portSet {
|
|
for _, pConfig := range toRemove {
|
|
if equalProtocol(port.Protocol, pConfig.Protocol) &&
|
|
port.TargetPort == pConfig.TargetPort &&
|
|
equalPublishMode(port.PublishMode, pConfig.PublishMode) {
|
|
continue portLoop
|
|
}
|
|
}
|
|
|
|
newPorts = append(newPorts, port)
|
|
}
|
|
|
|
// Check to see if there are any conflict in flags.
|
|
if flags.Changed(flagPublishAdd) {
|
|
ports := flags.Lookup(flagPublishAdd).Value.(*opts.PortOpt).Value()
|
|
|
|
for _, port := range ports {
|
|
port := port
|
|
if _, ok := portSet[portConfigToString(&port)]; ok {
|
|
continue
|
|
}
|
|
// portSet[portConfigToString(&port)] = port
|
|
newPorts = append(newPorts, port)
|
|
}
|
|
}
|
|
|
|
// Sort the PortConfig to avoid unnecessary updates
|
|
sort.Slice(newPorts, func(i, j int) bool {
|
|
// We convert PortConfig into `port/protocol`, e.g., `80/tcp`
|
|
// In updatePorts we already filter out with map so there is duplicate entries
|
|
return portConfigToString(&newPorts[i]) < portConfigToString(&newPorts[j])
|
|
})
|
|
*portConfig = newPorts
|
|
return nil
|
|
}
|
|
|
|
func equalProtocol(prot1, prot2 swarm.PortConfigProtocol) bool {
|
|
return prot1 == prot2 ||
|
|
(prot1 == swarm.PortConfigProtocol("") && prot2 == swarm.PortConfigProtocolTCP) ||
|
|
(prot2 == swarm.PortConfigProtocol("") && prot1 == swarm.PortConfigProtocolTCP)
|
|
}
|
|
|
|
func equalPublishMode(mode1, mode2 swarm.PortConfigPublishMode) bool {
|
|
return mode1 == mode2 ||
|
|
(mode1 == swarm.PortConfigPublishMode("") && mode2 == swarm.PortConfigPublishModeIngress) ||
|
|
(mode2 == swarm.PortConfigPublishMode("") && mode1 == swarm.PortConfigPublishModeIngress)
|
|
}
|
|
|
|
func updateReplicas(flags *pflag.FlagSet, serviceMode *swarm.ServiceMode) error {
|
|
if !flags.Changed(flagReplicas) {
|
|
return nil
|
|
}
|
|
|
|
if serviceMode == nil || serviceMode.Replicated == nil {
|
|
return errors.Errorf("replicas can only be used with replicated mode")
|
|
}
|
|
serviceMode.Replicated.Replicas = flags.Lookup(flagReplicas).Value.(*Uint64Opt).Value()
|
|
return nil
|
|
}
|
|
|
|
type hostMapping struct {
|
|
IPAddr string
|
|
Host string
|
|
}
|
|
|
|
// updateHosts performs a diff between existing host entries, entries to be
|
|
// removed, and entries to be added. Host entries preserve the order in which they
|
|
// were added, as the specification mentions that in case multiple entries for a
|
|
// host exist, the first entry should be used (by default).
|
|
//
|
|
// Note that, even though unsupported by the CLI, the service specs format
|
|
// allow entries with both a _canonical_ hostname, and one or more aliases
|
|
// in an entry (IP-address canonical_hostname [alias ...])
|
|
//
|
|
// Entries can be removed by either a specific `<host-name>:<ip-address>` mapping,
|
|
// or by `<host>` alone:
|
|
//
|
|
// - If both IP-address and host-name is provided, the hostname is removed only
|
|
// from entries that match the given IP-address.
|
|
// - If only a host-name is provided, the hostname is removed from any entry it
|
|
// is part of (either as canonical host-name, or as alias).
|
|
// - If, after removing the host-name from an entry, no host-names remain in
|
|
// the entry, the entry itself is removed.
|
|
//
|
|
// For example, the list of host-entries before processing could look like this:
|
|
//
|
|
// hosts = &[]string{
|
|
// "127.0.0.2 host3 host1 host2 host4",
|
|
// "127.0.0.1 host1 host4",
|
|
// "127.0.0.3 host1",
|
|
// "127.0.0.1 host1",
|
|
// }
|
|
//
|
|
// Removing `host1` removes every occurrence:
|
|
//
|
|
// hosts = &[]string{
|
|
// "127.0.0.2 host3 host2 host4",
|
|
// "127.0.0.1 host4",
|
|
// }
|
|
//
|
|
// Removing `host1:127.0.0.1` on the other hand, only remove the host if the
|
|
// IP-address matches:
|
|
//
|
|
// hosts = &[]string{
|
|
// "127.0.0.2 host3 host1 host2 host4",
|
|
// "127.0.0.1 host4",
|
|
// "127.0.0.3 host1",
|
|
// }
|
|
func updateHosts(flags *pflag.FlagSet, hosts *[]string) error {
|
|
var toRemove []hostMapping
|
|
if flags.Changed(flagHostRemove) {
|
|
extraHostsToRemove := flags.Lookup(flagHostRemove).Value.(*opts.ListOpts).GetAll()
|
|
for _, entry := range extraHostsToRemove {
|
|
hostName, ipAddr, _ := strings.Cut(entry, ":")
|
|
toRemove = append(toRemove, hostMapping{IPAddr: ipAddr, Host: hostName})
|
|
}
|
|
}
|
|
|
|
var newHosts []string
|
|
for _, entry := range *hosts {
|
|
// Since this is in SwarmKit format, we need to find the key, which is canonical_hostname of:
|
|
// IP_address canonical_hostname [aliases...]
|
|
parts := strings.Fields(entry)
|
|
if len(parts) == 0 {
|
|
continue
|
|
}
|
|
ip := parts[0]
|
|
hostNames := parts[1:]
|
|
for _, rm := range toRemove {
|
|
if rm.IPAddr != "" && rm.IPAddr != ip {
|
|
continue
|
|
}
|
|
for i, h := range hostNames {
|
|
if h == rm.Host {
|
|
hostNames = append(hostNames[:i], hostNames[i+1:]...)
|
|
}
|
|
}
|
|
}
|
|
if len(hostNames) > 0 {
|
|
newHosts = append(newHosts, fmt.Sprintf("%s %s", ip, strings.Join(hostNames, " ")))
|
|
}
|
|
}
|
|
|
|
// Append new hosts (in SwarmKit format)
|
|
if flags.Changed(flagHostAdd) {
|
|
values := convertExtraHostsToSwarmHosts(flags.Lookup(flagHostAdd).Value.(*opts.ListOpts).GetAll())
|
|
newHosts = append(newHosts, values...)
|
|
}
|
|
*hosts = removeDuplicates(newHosts)
|
|
return nil
|
|
}
|
|
|
|
// updateLogDriver updates the log driver only if the log driver flag is set.
|
|
// All options will be replaced with those provided on the command line.
|
|
func updateLogDriver(flags *pflag.FlagSet, taskTemplate *swarm.TaskSpec) error {
|
|
if !flags.Changed(flagLogDriver) {
|
|
return nil
|
|
}
|
|
|
|
name, err := flags.GetString(flagLogDriver)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if name == "" {
|
|
return nil
|
|
}
|
|
|
|
taskTemplate.LogDriver = &swarm.Driver{
|
|
Name: name,
|
|
Options: opts.ConvertKVStringsToMap(flags.Lookup(flagLogOpt).Value.(*opts.ListOpts).GetAll()),
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func updateHealthcheck(flags *pflag.FlagSet, containerSpec *swarm.ContainerSpec) error {
|
|
if !anyChanged(flags, flagNoHealthcheck, flagHealthCmd, flagHealthInterval, flagHealthRetries, flagHealthTimeout, flagHealthStartPeriod) {
|
|
return nil
|
|
}
|
|
if containerSpec.Healthcheck == nil {
|
|
containerSpec.Healthcheck = &container.HealthConfig{}
|
|
}
|
|
noHealthcheck, err := flags.GetBool(flagNoHealthcheck)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if noHealthcheck {
|
|
if !anyChanged(flags, flagHealthCmd, flagHealthInterval, flagHealthRetries, flagHealthTimeout, flagHealthStartPeriod) {
|
|
containerSpec.Healthcheck = &container.HealthConfig{
|
|
Test: []string{"NONE"},
|
|
}
|
|
return nil
|
|
}
|
|
return errors.Errorf("--%s conflicts with --health-* options", flagNoHealthcheck)
|
|
}
|
|
if len(containerSpec.Healthcheck.Test) > 0 && containerSpec.Healthcheck.Test[0] == "NONE" {
|
|
containerSpec.Healthcheck.Test = nil
|
|
}
|
|
if flags.Changed(flagHealthInterval) {
|
|
val := *flags.Lookup(flagHealthInterval).Value.(*opts.PositiveDurationOpt).Value()
|
|
containerSpec.Healthcheck.Interval = val
|
|
}
|
|
if flags.Changed(flagHealthTimeout) {
|
|
val := *flags.Lookup(flagHealthTimeout).Value.(*opts.PositiveDurationOpt).Value()
|
|
containerSpec.Healthcheck.Timeout = val
|
|
}
|
|
if flags.Changed(flagHealthStartPeriod) {
|
|
val := *flags.Lookup(flagHealthStartPeriod).Value.(*opts.PositiveDurationOpt).Value()
|
|
containerSpec.Healthcheck.StartPeriod = val
|
|
}
|
|
if flags.Changed(flagHealthRetries) {
|
|
containerSpec.Healthcheck.Retries, _ = flags.GetInt(flagHealthRetries)
|
|
}
|
|
if flags.Changed(flagHealthCmd) {
|
|
cmd, _ := flags.GetString(flagHealthCmd)
|
|
if cmd != "" {
|
|
containerSpec.Healthcheck.Test = []string{"CMD-SHELL", cmd}
|
|
} else {
|
|
containerSpec.Healthcheck.Test = nil
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func updateNetworks(ctx context.Context, apiClient client.NetworkAPIClient, flags *pflag.FlagSet, spec *swarm.ServiceSpec) error {
|
|
// spec.TaskTemplate.Networks takes precedence over the deprecated
|
|
// spec.Networks field. If spec.Network is in use, we'll migrate those
|
|
// values to spec.TaskTemplate.Networks.
|
|
specNetworks := spec.TaskTemplate.Networks
|
|
if len(specNetworks) == 0 {
|
|
specNetworks = spec.Networks
|
|
}
|
|
spec.Networks = nil
|
|
|
|
toRemove := buildToRemoveSet(flags, flagNetworkRemove)
|
|
idsToRemove := make(map[string]struct{})
|
|
for networkIDOrName := range toRemove {
|
|
network, err := apiClient.NetworkInspect(ctx, networkIDOrName, types.NetworkInspectOptions{Scope: "swarm"})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
idsToRemove[network.ID] = struct{}{}
|
|
}
|
|
|
|
existingNetworks := make(map[string]struct{})
|
|
var newNetworks []swarm.NetworkAttachmentConfig
|
|
for _, network := range specNetworks {
|
|
if _, exists := idsToRemove[network.Target]; exists {
|
|
continue
|
|
}
|
|
|
|
newNetworks = append(newNetworks, network)
|
|
existingNetworks[network.Target] = struct{}{}
|
|
}
|
|
|
|
if flags.Changed(flagNetworkAdd) {
|
|
values := flags.Lookup(flagNetworkAdd).Value.(*opts.NetworkOpt)
|
|
networks := convertNetworks(*values)
|
|
for _, network := range networks {
|
|
nwID, err := resolveNetworkID(ctx, apiClient, network.Target)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if _, exists := existingNetworks[nwID]; exists {
|
|
return errors.Errorf("service is already attached to network %s", network.Target)
|
|
}
|
|
network.Target = nwID
|
|
newNetworks = append(newNetworks, network)
|
|
existingNetworks[network.Target] = struct{}{}
|
|
}
|
|
}
|
|
|
|
sort.Slice(newNetworks, func(i, j int) bool {
|
|
return newNetworks[i].Target < newNetworks[j].Target
|
|
})
|
|
|
|
spec.TaskTemplate.Networks = newNetworks
|
|
return nil
|
|
}
|
|
|
|
// updateCredSpecConfig updates the value of the credential spec Config field
|
|
// to the config ID if the credential spec has changed. it mutates the passed
|
|
// spec. it does not handle the case where the credential spec specifies a
|
|
// config that does not exist -- that case is handled as part of
|
|
// getUpdatedConfigs
|
|
func updateCredSpecConfig(flags *pflag.FlagSet, containerSpec *swarm.ContainerSpec) {
|
|
if flags.Changed(flagCredentialSpec) {
|
|
credSpecOpt := flags.Lookup(flagCredentialSpec)
|
|
// if the flag has changed, and the value is empty string, then we
|
|
// should remove any credential spec that might be present
|
|
if credSpecOpt.Value.String() == "" {
|
|
if containerSpec.Privileges != nil {
|
|
containerSpec.Privileges.CredentialSpec = nil
|
|
}
|
|
return
|
|
}
|
|
|
|
// otherwise, set the credential spec to be the parsed value
|
|
credSpec := credSpecOpt.Value.(*credentialSpecOpt).Value()
|
|
|
|
// if this is a Config credential spec, we we still need to replace the
|
|
// value of credSpec.Config with the config ID instead of Name.
|
|
if credSpec.Config != "" {
|
|
for _, config := range containerSpec.Configs {
|
|
// if the config name matches, then set the config ID. we do
|
|
// not need to worry about if this is a Runtime target or not.
|
|
// even if it is not a Runtime target, getUpdatedConfigs
|
|
// ensures that a Runtime target for this config exists, and
|
|
// the Name is unique so the ID is correct no matter the
|
|
// target.
|
|
if config.ConfigName == credSpec.Config {
|
|
credSpec.Config = config.ConfigID
|
|
break
|
|
}
|
|
}
|
|
}
|
|
|
|
if containerSpec.Privileges == nil {
|
|
containerSpec.Privileges = &swarm.Privileges{}
|
|
}
|
|
|
|
containerSpec.Privileges.CredentialSpec = credSpec
|
|
}
|
|
}
|
|
|
|
// updateCapabilities calculates the list of capabilities to "drop" and to "add"
|
|
// after applying the capabilities passed through `--cap-add` and `--cap-drop`
|
|
// to the existing list of added/dropped capabilities in the service spec.
|
|
//
|
|
// Adding capabilities takes precedence over "dropping" the same capability, so
|
|
// if both `--cap-add` and `--cap-drop` are specifying the same capability, the
|
|
// `--cap-drop` is ignored.
|
|
//
|
|
// Capabilities to "drop" are removed from the existing list of "added"
|
|
// capabilities, and vice-versa (capabilities to "add" are removed from the existing
|
|
// list of capabilities to "drop").
|
|
//
|
|
// Capabilities are normalized, sorted, and duplicates are removed to prevent
|
|
// service tasks from being updated if no changes are made. If a list has the "ALL"
|
|
// capability set, then any other capability is removed from that list.
|
|
//
|
|
// Adding/removing capabilities when updating a service is handled as a tri-state;
|
|
//
|
|
// - if the capability was previously "dropped", then remove it from "CapabilityDrop",
|
|
// but NOT added to "CapabilityAdd". However, if the capability was not yet in
|
|
// the service's "CapabilityDrop", then it's simply added to the service's "CapabilityAdd"
|
|
// - likewise, if the capability was previously "added", then it's removed from
|
|
// "CapabilityAdd", but NOT added to "CapabilityDrop". If the capability was
|
|
// not yet in the service's "CapabilityAdd", then simply add it to the service's
|
|
// "CapabilityDrop".
|
|
//
|
|
// In other words, given a service with the following:
|
|
//
|
|
// | CapDrop | CapAdd |
|
|
// |----------------|---------------|
|
|
// | CAP_SOME_CAP | |
|
|
//
|
|
// When updating the service, and applying `--cap-add CAP_SOME_CAP`, the previously
|
|
// dropped capability is removed:
|
|
//
|
|
// | CapDrop | CapAdd |
|
|
// |----------------|---------------|
|
|
// | | |
|
|
//
|
|
// After updating the service a second time, applying `--cap-add CAP_SOME_CAP`,
|
|
// capability is now added:
|
|
//
|
|
// | CapDrop | CapAdd |
|
|
// |----------------|---------------|
|
|
// | | CAP_SOME_CAP |
|
|
func updateCapabilities(flags *pflag.FlagSet, containerSpec *swarm.ContainerSpec) {
|
|
var (
|
|
toAdd, toDrop map[string]bool
|
|
|
|
capDrop = opts.CapabilitiesMap(containerSpec.CapabilityDrop)
|
|
capAdd = opts.CapabilitiesMap(containerSpec.CapabilityAdd)
|
|
)
|
|
if flags.Changed(flagCapAdd) {
|
|
toAdd = opts.CapabilitiesMap(flags.Lookup(flagCapAdd).Value.(*opts.ListOpts).GetAll())
|
|
if toAdd[opts.ResetCapabilities] {
|
|
capAdd = make(map[string]bool)
|
|
delete(toAdd, opts.ResetCapabilities)
|
|
}
|
|
}
|
|
if flags.Changed(flagCapDrop) {
|
|
toDrop = opts.CapabilitiesMap(flags.Lookup(flagCapDrop).Value.(*opts.ListOpts).GetAll())
|
|
if toDrop[opts.ResetCapabilities] {
|
|
capDrop = make(map[string]bool)
|
|
delete(toDrop, opts.ResetCapabilities)
|
|
}
|
|
}
|
|
|
|
// First remove the capabilities to "drop" from the service's exiting
|
|
// list of capabilities to "add". If a capability is both added and dropped
|
|
// on update, then "adding" takes precedence.
|
|
//
|
|
// Dropping a capability when updating a service is considered a tri-state;
|
|
//
|
|
// - if the capability was previously "added", then remove it from
|
|
// "CapabilityAdd", and do NOT add it to "CapabilityDrop"
|
|
// - if the capability was not yet in the service's "CapabilityAdd",
|
|
// then simply add it to the service's "CapabilityDrop"
|
|
for c := range toDrop {
|
|
if !toAdd[c] {
|
|
if capAdd[c] {
|
|
delete(capAdd, c)
|
|
} else {
|
|
capDrop[c] = true
|
|
}
|
|
}
|
|
}
|
|
|
|
// And remove the capabilities we're "adding" from the service's existing
|
|
// list of capabilities to "drop".
|
|
//
|
|
// "Adding" capabilities takes precedence over "dropping" them, so if a
|
|
// capability is set both as "add" and "drop", remove the capability from
|
|
// the service's list of dropped capabilities (if present).
|
|
//
|
|
// Adding a capability when updating a service is considered a tri-state;
|
|
//
|
|
// - if the capability was previously "dropped", then remove it from
|
|
// "CapabilityDrop", and do NOT add it to "CapabilityAdd"
|
|
// - if the capability was not yet in the service's "CapabilityDrop",
|
|
// then simply add it to the service's "CapabilityAdd"
|
|
for c := range toAdd {
|
|
if capDrop[c] {
|
|
delete(capDrop, c)
|
|
} else {
|
|
capAdd[c] = true
|
|
}
|
|
}
|
|
|
|
// Now that the service's existing lists are updated, apply the new
|
|
// capabilities to add/drop to both lists. Sort the lists to prevent
|
|
// unneeded updates to service-tasks.
|
|
containerSpec.CapabilityDrop = capsList(capDrop)
|
|
containerSpec.CapabilityAdd = capsList(capAdd)
|
|
}
|
|
|
|
func capsList(caps map[string]bool) []string {
|
|
if caps[opts.AllCapabilities] {
|
|
return []string{opts.AllCapabilities}
|
|
}
|
|
var out []string
|
|
for c := range caps {
|
|
out = append(out, c)
|
|
}
|
|
sort.Strings(out)
|
|
return out
|
|
}
|