• Stars
    star
    182
  • Rank 211,154 (Top 5 %)
  • Language
    JavaScript
  • Created about 10 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Docker Engine for Triton

sdc-docker

This repository is part of the Joyent Triton project. See the contribution guidelines and general documentation at the main Triton project page.

SDC Docker is the Docker Engine for Triton, where the data center is exposed as a single Docker host. The Docker remote API is served from a "docker" core SDC zone built from this repo.

User Guide

For users of the Triton service in Joyent's public cloud, or those using a private SDC Docker stand-up, but not administering it, please see the User Guide. The rest of this README is targeted at development of sdc-docker.

Docker Version

Offically supported version: 1.21 (equivalent to docker client version 1.9)

Supported version range:

  • Remote API: 1.20 to 1.24
  • Docker CLI: 1.8 to 1.12
  • Docker Compose: 1.6 to 1.8

When a client makes a remote API call to sdc-docker and it does not specify a version, then sdc-docker will default to the officially supported version.

Newer clients may continue to work, but until we've tested and marked a newer version as officially supported, then it's best to use an older and officially supported version.

Devs: When updating the sdc-docker server official version, you'll need to be sure to update the following:

  1. update both API_VERSION and SERVER_VERSION version in lib/constants.js
  2. update the docker cli test client version in globe-theatre/bin/nightly-test-docker-integration-cli

Current State

Many commands are currently at least partially implemented. See docs/divergence.md for details on where sdc-docker diverges from Docker Inc's docker. This software is under active development to provide parity to the newer Docker features that are relevant to SDC, as well as to integrate with other new Triton features .

Installation

Note: Examples in this section are for CoaL, i.e. some setup will not be appropriate for a production DC.

  1. Installing sdc-docker and supporting services:

     ssh [email protected]                                 # ssh to the CoaL GZ
     sdcadm self-update
     sdcadm post-setup common-external-nics && sleep 10  # imgapi needs external
     sdcadm post-setup dev-headnode-prov
     sdcadm post-setup dev-sample-data  # sample packages for docker containers
     sdcadm post-setup cloudapi
     sdcadm post-setup docker
     sdcadm experimental update dockerlogger
     # Optional additional steps for VXLAN setup.
     # TODO: This isn't well automated yet.
     #    sdcadm post-setup fabrics ...
     #    <reboot>
    

For compute nodes added after the first-time setup, you will need to install the dockerlogger on them by executing:

    sdcadm experimental update dockerlogger --servers ${CN1},${CN2},...

SDC Docker uses (as of DOCKER-312) TLS by default. That means you need to setup a user (or use the 'admin' user) and add an SSH key for access.

  1. Create a test user (we'll use "jill"):

     # On your dev machine, create a key
     ssh-keygen -t rsa -m PEM -f ~/.ssh/sdc-docker-jill.id_rsa -b 2048 -N ""
    
     # Copy it to COAL so we can add it to the 'jill' account.
     scp ~/.ssh/sdc-docker-jill.id_rsa.pub [email protected]:/var/tmp/
    
     ssh [email protected]      # ssh to the CoaL GZ
     sdc-useradm create -A login=jill email=jill@localhost userpassword=secret123
     sdc-useradm add-key jill /var/tmp/sdc-docker-jill.id_rsa.pub
    
  2. Generate a client TLS certificate and set docker to use --tls mode:

    This script in the sdc-docker repo will create the client certificate and print how to configure docker:

     ./tools/sdc-docker-setup.sh coal jill ~/.ssh/sdc-docker-jill.id_rsa
    

    This also puts the env setup in "~/.sdc/docker/jill/env.sh".

     source ~/.sdc/docker/jill/env.sh
    

You should now able to get docker info and see "SDCAccount: jill":

$ docker info
Containers: 0
Images: 0
Storage Driver: sdc
 SDCAccount: jill
Execution Driver: sdc-0.1.0
Operating System: SmartDataCenter
Name: coal

Docker Compose uses different environment variables across different versions to configure timeout. If you receive any warning about the DOCKER_CLIENT_TIMEOUT environment variable being deprecated, simply unset it and remove it from env.sh.

Using custom TLS server certificates for SDC Docker

SDC Docker can optionally be setup to use your own TLS certificates. By default, the Docker VM is provisioned with a self-signed certificate that can always be overridden with the following commands:

    # Copy your TLS certificate to the SDC headnode (assuming COAL)
    scp ./my-key.pem [email protected]:/var/tmp/
    scp ./my-cert.pem [email protected]:/var/tmp/

    # Install the TLS certificate
    sdcadm experimental install-docker-cert -k /var/tmp/my-key.pem -c /var/tmp/my-cert.pem

This command will automatically restart the SDC Docker service so certificate changes will take effect immediately. After changing the TLS certificates, you will need to re-run the ./tools/sdc-docker-setup.sh script.

Running SDC docker in invite-only mode

The public APIs to an SDC -- sdc-docker and cloudapi -- can be configured to be in invite-only mode where only explicitly allowed accounts are given authorized. This mode is configured via the account_allowed_dcs SDC Application config var.

sdc-sapi /applications/$(sdc-sapi /applications?name=sdc | json -H 0.uuid) \
    -X PUT -d '{"metadata": {"account_allowed_dcs": true}}'
# Optional "403 Forbidden" response body.
sdc-sapi /applications/$(sdc-sapi /applications?name=sdc | json -H 0.uuid) \
    -X PUT -d '{"metadata": {"account_allowed_dcs_msg": "talk to your Administrator"}}'

Once enabled, one can allow an account via:

DC=$(sh /lib/sdc/config.sh -json | json datacenter_name)
sdc-useradm add-attr LOGIN allowed_dcs $DC

and an account access removed via:

sdc-useradm delete-attr LOGIN allowed_dcs $DC

Allowed users can be listed via:

sdc-useradm search allowed_dcs=$DC -o uuid,login,email,allowed_dcs

For example:

[root@headnode (coal) ~]# sdc-useradm add-attr admin allowed_dcs coal
Added attribute on user 930896af-bf8c-48d4-885c-6573a94b1853 (admin): allowed_dcs=coal

[root@headnode (coal) ~]# sdc-useradm search allowed_dcs=coal -o uuid,login,email,allowed_dcs
UUID                                  LOGIN  EMAIL           ALLOWED_DCS
930896af-bf8c-48d4-885c-6573a94b1853  admin  root@localhost  ["us-west-2","coal"]

[root@headnode (coal) ~]# sdc-useradm delete-attr admin allowed_dcs coal
Deleted attribute "allowed_dcs=coal" from user 930896af-bf8c-48d4-885c-6573a94b1853 (admin)

Limitation: Currently adding access can take a minute or two to take effect (caching) and removing access requires the sdc-docker server to be restarted (DOCKER-233).

Adding packages

By default the size of the container (ram, disk, cpu shares) uses the package in the internal sdc_ set of packages closest to 'ram=1024 MiB'. The sdc_ packages are really only applicable for development. More appropriate for production is a set of packages separate from sdc_. The following can be run to add a number of sample-* packages and to configure the Docker service to use them:

# In the headnode global zone:
sdcadm post-setup dev-sample-data
/opt/smartdc/bin/sapiadm update \
   $(/opt/smartdc/bin/sdc-sapi /services?name=docker | json -H 0.uuid) \
   metadata.PACKAGE_PREFIX="sample-"

Configurations

The SDC Docker service can be configured with the following Service API (SAPI) metadata values.

Key Type Default Description
USE_TLS Boolean false Turn on TLS authentication.
DEFAULT_MEMORY Number 1024 The default ram/memory to use for docker containers.
PACKAGE_PREFIX String 'sample-' The prefix for packages to use for docker container package selection.
USE_FABRICS Boolean false Provision container internal nic on default fabric network.
ENABLED_LOG_DRIVERS String 'json-file,none' Comma-delimited list of log drivers allowed (see Log Drivers)

Here is an example of modifying the service configurations with SAPI,

docker_svc=$(sdc-sapi /services?name=docker | json -Ha uuid)
sdc-sapi /services/$docker_svc -X PUT -d '{ "metadata": { "USE_TLS": true } }'

Development hooks

Before commiting be sure to:

make check      # lint and style checks
make test       # run unit tests

A good way to do that is to install the stock pre-commit hook in your clone via:

make git-hooks

Testing

As shown above, the run unit tests locally:

make test

To run integration tests, you need to call the "test/runtests" driver from the global zone (GZ) of a SmartDataCenter setup with sdc-docker, e.g. with COAL that would be:

ssh [email protected]
/zones/$(vmadm lookup -1 alias=docker0)/root/opt/smartdc/docker/test/runtests

specifically for COAL there is a target for that:

make test-integration-in-coal

To run (a) a particular subset of integration tests -- using 'info' as a filter on test names in this example -- and (b) with trace-level logging:

LOG_LEVEL=trace /zones/$(vmadm lookup -1 alias=docker0)/root/opt/smartdc/docker/test/runtests -f info 2>&1 | bunyan

Some integration tests (those that don't depend on running in the GZ) can be run from your Mac dev tree, e.g.:

./test/runtest ./test/integration/cli-info.test.js

By default all "cli" integration tests ("test/integration/cli-*.test.js") are run against the latest Docker CLI version (see the DOCKER_AVAILABLE_CLI_VERSIONS variable in "test/runtest.common"). To run against against other versions, or all supported versions, set the DOCKER_CLI_VERSIONS (plural) environment variable, e.g.:

make test-integration-in-coal DOCKER_CLI_VERSIONS=all
make test-integration-in-coal DOCKER_CLI_VERSIONS="1.11.1 1.10.3"
DOCKER_CLI_VERSIONS=1.11.1 /zones/$(vmadm lookup -1 alias=docker0)/root/opt/smartdc/docker/test/runtests -f cli-info
DOCKER_CLI_VERSIONS=latest /zones/$(vmadm lookup -1 alias=docker0)/root/opt/smartdc/docker/test/runtests -f cli-labels

Testing locally

It's also possible to run tests directly from your local development machine, by specifying the sdc environment and launching node on the test file(s):

FWAPI_URL=http://10.99.99.26 VMAPI_URL=http://10.99.99.27 node ./test/integration/run-ports.test.js

Official docker test suite

Docker have their own test suite integration-cli for testing a real docker environment. To run the docker cli tests against coal, you will need a local docker binary and go (golang) installed, then do the following:

# Target coal
export DOCKER_HOST=tcp://my.docker.coal:2376
export DOCKER_TEST_HOST=$DOCKER_HOST

# Set go path, so `go get` works correctly
mkdir go && cd go
export GOPATH=`pwd`

# Checkout docker from git
mkdir -p src/github.com/docker
cd src/github.com/docker
git clone https://github.com/docker/docker.git
cd docker

# Build docker test infrastructure.
sh hack/make/.go-autogen   # docker automated build files
# If `go get` shows an error - just ignore it.
go get ./...               # docker dependencies

cd integration-cli

# Run an individual test
go test -test.run "^TestPsListContainers"

# Run all tests - this will take forever... a specific test will be faster.
go test -v

Development from your Mac

  1. Add a 'coal' entry to your '~/.ssh/config'. Not required, but we'll use this as a shortcut in examples below.

     Host coal
         User root
         Hostname 10.99.99.7
         ForwardAgent yes
         StrictHostKeyChecking no
         UserKnownHostsFile /dev/null
         ControlMaster no
    
  2. Get a clone on your Mac:

     git clone [email protected]:joyent/sdc-docker.git
     cd sdc-docker
    
  3. Make changes in your local clone:

     vi
    
  4. Sync your changes to your 'docker0' zone in COAL (see Installation above):

     ./tools/rsync-to coal
    

    This will rsync over changes (excepting binary bits like a change in sdcnode version, or added binary node modules) and restart the docker SMF service.

For testing I tend to have a shell open tailing the docker service's log file:

ssh coal
sdc-login docker
tail -f `svcs -L docker` | bunyan

Coding style

You've gotta have one to put to rest some of the bikeshedding. Here's the one for this repo:

  • 4-space indentation

  • camelCase capitalization for variables. This is within reason -- exceptions where case is required due to outside APIs (e.g. Docker APIs) is fine.

  • ClassCase for classes (i.e. JS prototype'd functions).

  • Imports from "lib/models" shall consistently be imported as follows to allow grepping for "Link.list", etc.

      var ImageTag = require('.../models/image-tag');
      var Link = require('.../models/link');
    

Naming

Some variable/function naming patterns in this repo.

Pattern Description
req* A restify handler that operates (primarily) on a request and adds a request param. E.g. reqClientApiVersion adds req.clientApiVersion.

More Repositories

1

libuv

Go to
C
3,271
star
2

smartos-live

For more information, please see http://smartos.org/ For any questions that aren't answered there, please join the SmartOS discussion list: http://smartos.org/smartos-mailing-list/
C
1,437
star
3

triton

Joyent Triton DataCenter: a cloud management platform with first class support for containers.
Shell
1,202
star
4

node-verror

Rich JavaScript errors
JavaScript
1,125
star
5

containerpilot

A service for autodiscovery and configuration of applications running in containers
Go
1,104
star
6

manta

Manta is a scalable HTTP-based object store
Makefile
565
star
7

node-workflow

Task orchestration, creation and running using NodeJS
JavaScript
445
star
8

node-http-signature

Reference implementation of Joyent's HTTP Signature Scheme
JavaScript
392
star
9

node-stackvis

Stacktrace visualization tools
JavaScript
340
star
10

node-vasync

utilities for observable asynchronous control flow
JavaScript
315
star
11

v8plus

Node.js native add-ons in C
C++
265
star
12

rfd

Requests for Discussion
Roff
251
star
13

mdb_v8

postmortem debugging for Node.js and other V8-based programs
C
235
star
14

manatee

Automated fault monitoring and leader-election system for strongly-consistent, highly-available writes to PostgreSQL (Joyent SDC, Manta).
JavaScript
228
star
15

statemap

Software for rendering statemaps
Rust
219
star
16

restdown

Pretty REST API docs authored in Markdown
Python
203
star
17

triton-kubernetes

Kubernetes on Triton
Go
174
star
18

node-sshpk

Parse, convert, fingerprint and use SSH keys in pure node.js
JavaScript
159
star
19

nodejs-advisory-board

Meeting Minutes and Working Group Discussions
158
star
20

nhttpsnoop

Trace Node.js HTTP server activity
Shell
138
star
21

pgsqlstat

report top-level postgres stats
Shell
129
star
22

node-panic

Postmortem debugging facility for Node.js
JavaScript
120
star
23

node-assert-plus

Extra assertions on top of node's assert module
JavaScript
119
star
24

illumos-kvm

KVM driver for illumos
C
117
star
25

node-snmpjs

SNMP toolkit for Node.js
JavaScript
111
star
26

node-ctype

Read and write binary structures with node
JavaScript
89
star
27

node-manta

Node.js SDK for Manta
JavaScript
75
star
28

node-bunyan-syslog

Syslog Stream for node-bunyan
JavaScript
68
star
29

illumos-kvm-cmd

qemu-kvm for illumos-kvm
C
65
star
30

node-watershed

Simple WebSockets Client/Server (RFC6455)
Makefile
65
star
31

node-smartdc

Client SDK and CLI for the Joyent SmartDataCenter API
JavaScript
63
star
32

mi-centos-7

Shell
63
star
33

node-asn1

Contains parsers and serializers for ASN.1 (currently BER only)
AGS Script
61
star
34

smartos_cookbooks

Chef Cookbooks for managing the SmartOS Global Zone
JavaScript
58
star
35

moray

Moray, the highly-available key/value store (Joyent Triton, Manta)
JavaScript
58
star
36

node-vstream

instrumented streams
JavaScript
56
star
37

node-triton

Triton client tool and node.js library
JavaScript
55
star
38

node-docker-registry-client

node.js client for the docker registry
JavaScript
55
star
39

kang

Introspection for distributed systems
JavaScript
49
star
40

smfgen

Generate SMF manifests from a JSON description
JavaScript
49
star
41

jsstyle

cstyle-based JavaScript style checker
Perl
49
star
42

node-debug-school

nodeschool curriculum for debugging Node.js
JavaScript
49
star
43

node-getopt

POSIX-style getopt() for Node.js
JavaScript
47
star
44

dtruss-osx

Shell
43
star
45

node-ip6addr

IPv6/IPv4 address parsing and manipulation for node.js
JavaScript
43
star
46

pg_prefaulter

Faults pages into PostgreSQL shared_buffers or filesystem caches in advance of WAL apply
Go
43
star
47

node-camp

Asynchronous IO ...camp
JavaScript
43
star
48

manatee-state-machine

design ideas for manatee
JavaScript
42
star
49

node-docker-file-parser

Parses a dockerfile contents string and returns the array of docker commands
JavaScript
42
star
50

smartos-vmtools

Shell
40
star
51

illumos-extra

Extra non-ON software required for Illumos
C
39
star
52

sdc-nfs

user-level NFS server written in node.js
JavaScript
35
star
53

node-extsprintf

Extended POSIX-style sprintf
JavaScript
34
star
54

node-kstat

A node.js addon for reading illumos kstats
Perl
32
star
55

node-jsprim

utilities for primitive JavaScript types
JavaScript
32
star
56

knife-joyent

Opscode Chef knife plug-in for Joyent CloudAPI
Ruby
32
star
57

eng

Joyent Engineering Guide
JavaScript
31
star
58

pkgsrc-joyent

Various pkgsrc packages used by Joyent, not committed upstream yet
Makefile
31
star
59

smartos-overlay

Overlay directory specific to open-source SmartOS
30
star
60

node-fast

streaming JSON RPC over TCP
JavaScript
29
star
61

convertvm

convert OVF vm packages to smartos compatible images
JavaScript
29
star
62

minecrab

Minecraft on Joyent's Cloud & Manta on Demand
Shell
28
star
63

cloud-perf-labs

Student labs for Cloud Performance training
C
28
star
64

node-consulite

Tiny consul Node.js module for client discovery
JavaScript
28
star
65

node-piloted

Service discovery in node using ContainerPilot
JavaScript
27
star
66

node-in-the-industry

This is the script that used to generate fresh "node in the industry" content. It is no longer being maintained. See: https://github.com/nodejs/nodejs.org.
HTML
27
star
67

mi-freebsd-10

Custom FreeBSD 10 ISO builder
Shell
26
star
68

javascriptlint

JavaScript Lint
C
25
star
69

binder

Triton/Manta DNS server over Apache Zookeeper
JavaScript
25
star
70

node-tracing

User definable tracing API
JavaScript
25
star
71

python-manta

Python SDK for Manta (community maintained)
Python
24
star
72

manufacturing

Manufacturing specifications
Python
24
star
73

pglockanalyze

analyze postgres locking behavior
Makefile
23
star
74

sdcboot

SDC FDUM environment
C
23
star
75

pkgsrc-wip

Conversion of the pkgsrc-wip CVS project
Makefile
23
star
76

conch-api

Datacenter build and management service
Perl
22
star
77

node-tab

Unix-style tables for command-line utilities
Makefile
22
star
78

triton-go

Go SDK for Joyent Triton (Compute) and Triton Object Storage (Manta)
Go
21
star
79

node-spawn-async

spawn child processes asynchronously
JavaScript
19
star
80

smartmachine_cookbooks

Chef Cookbooks for managing SmartOS SmartMachines
19
star
81

syslinux

replica of syslinux repo from git://git.kernel.org/pub/scm/boot/syslinux/syslinux.git
C
19
star
82

manta-nfs

NFSv3 Manta Storage Server Gateway
JavaScript
19
star
83

daggr

filter and aggregate numeric data in plaintext or json form
JavaScript
18
star
84

mod_usdt

DTrace provider for Apache
D
18
star
85

freebsd-vpc

Control plane for `projects/VPC` branch of `joyent/freebsd`
Go
18
star
86

mibe

Machine Image Build Environment
PHP
17
star
87

node-zfs

Node.js library to interface with ZFS utilities
JavaScript
17
star
88

ruby-manta

Ruby interface for Joyent's Manta service
Ruby
17
star
89

pgstatsmon

Node.js service for shoveling Postgres stats into Prometheus
JavaScript
17
star
90

tsg-infrastructure

Shell
17
star
91

java-manta

Java Manta Client SDK
Java
16
star
92

manta-thoth

Thoth is a Manta-based system for core and crash dump management
JavaScript
16
star
93

node-nfs

Node.js SDK for writing Portmap/Mount/NFS (v3) servers
JavaScript
16
star
94

triton-terraform

16
star
95

java-http-signature

Library for performing RSA signed HTTP requests in Java
Java
16
star
96

summit-workshop

Node.js Summit - Day Zero Workshop
JavaScript
16
star
97

sdc-adminui

Operator portal for SmartDataCenter
JavaScript
15
star
98

sdc-headnode

Responsible for building and setting up the Triton (formerly SmartDataCenter) headnode.
JavaScript
15
star
99

openbsd-kvm-image-builder

Scripts to create a custom OpenBSD install ISO and a KVM image for use in SmartOS and Triton.
Shell
15
star
100

ipxe

C
14
star