driver.rkt: support network configuration

client/driver/rkt.go

@@ -11,6 +11,7 @@ import (
 	"path/filepath"
 	"regexp"
 	"runtime"
+	"strconv"
 	"strings"
 	"syscall"
 	"time"
@@ -54,13 +55,17 @@ type RktDriver struct {
 }
 
 type RktDriverConfig struct {
-	ImageName        string   `mapstructure:"image"`
-	Command          string   `mapstructure:"command"`
-	Args             []string `mapstructure:"args"`
-	TrustPrefix      string   `mapstructure:"trust_prefix"`
-	DNSServers       []string `mapstructure:"dns_servers"`        // DNS Server for containers
-	DNSSearchDomains []string `mapstructure:"dns_search_domains"` // DNS Search domains for containers
-	Debug            bool     `mapstructure:"debug"`              // Enable debug option for rkt command
+	ImageName        string              `mapstructure:"image"`
+	Command          string              `mapstructure:"command"`
+	Args             []string            `mapstructure:"args"`
+	TrustPrefix      string              `mapstructure:"trust_prefix"`
+	DNSServers       []string            `mapstructure:"dns_servers"`        // DNS Server for containers
+	DNSSearchDomains []string            `mapstructure:"dns_search_domains"` // DNS Search domains for containers
+	Net              []string            `mapstructure:"net"`                // Networks for the containers
+	PortMapRaw       []map[string]string `mapstructure:"port_map"`           //
+	PortMap          map[string]string   `mapstructure:"-"`                  // A map of host port and the port name defined in the image manifest file
+
+	Debug bool `mapstructure:"debug"` // Enable debug option for rkt command
 }
 
 // rktHandle is returned from Start/Open as a handle to the PID
@@ -115,6 +120,12 @@ func (d *RktDriver) Validate(config map[string]interface{}) error {
 			"dns_search_domains": &fields.FieldSchema{
 				Type: fields.TypeArray,
 			},
+			"net": &fields.FieldSchema{
+				Type: fields.TypeArray,
+			},
+			"port_map": &fields.FieldSchema{
+				Type: fields.TypeArray,
+			},
 			"debug": &fields.FieldSchema{
 				Type: fields.TypeBool,
 			},
@@ -177,6 +188,8 @@ func (d *RktDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle, e
 		return nil, err
 	}
 
+	driverConfig.PortMap = mapMergeStrStr(driverConfig.PortMapRaw...)
+
 	// ACI image
 	img := driverConfig.ImageName
 
@@ -251,6 +264,58 @@ func (d *RktDriver) Start(ctx *ExecContext, task *structs.Task) (DriverHandle, e
 		cmdArgs = append(cmdArgs, fmt.Sprintf("--dns-search=%s", domain))
 	}
 
+	// set network
+	network := strings.Join(driverConfig.Net, ",")
+	if network != "" {
+		cmdArgs = append(cmdArgs, fmt.Sprintf("--net=%s", network))
+	}
+
+	// Setup port mapping and exposed ports
+	if len(task.Resources.Networks) == 0 {
+		d.logger.Println("[DEBUG] driver.rkt: No network interfaces are available")
+		if len(driverConfig.PortMap) > 0 {
+			return nil, fmt.Errorf("Trying to map ports but no network interface is available")
+		}
+	} else {
+		// TODO add support for more than one network
+		network := task.Resources.Networks[0]
+		for _, port := range network.ReservedPorts {
+			var containerPort string
+
+			if mapped, ok := driverConfig.PortMap[port.Label]; ok {
+				containerPort = mapped
+			} else {
+				// If the user doesn't have mapped a port using port_map, driver stops running container.
+				return nil, fmt.Errorf("port_map is not set. When you defined port in the resources, you need to configure port_map.")
+			}
+
+			hostPortStr := strconv.Itoa(port.Value)
+
+			d.logger.Printf("[DEBUG] driver.rkt: exposed port %s", containerPort)
+			// Add port option to rkt run arguments. rkt allows multiple port args
+			cmdArgs = append(cmdArgs, fmt.Sprintf("--port=%s:%s", containerPort, hostPortStr))
+		}
+
+		for _, port := range network.DynamicPorts {
+			// By default we will map the allocated port 1:1 to the container
+			var containerPort string
+
+			if mapped, ok := driverConfig.PortMap[port.Label]; ok {
+				containerPort = mapped
+			} else {
+				// If the user doesn't have mapped a port using port_map, driver stops running container.
+				return nil, fmt.Errorf("port_map is not set. When you defined port in the resources, you need to configure port_map.")
+			}
+
+			hostPortStr := strconv.Itoa(port.Value)
+
+			d.logger.Printf("[DEBUG] driver.rkt: exposed port %s", containerPort)
+			// Add port option to rkt run arguments. rkt allows multiple port args
+			cmdArgs = append(cmdArgs, fmt.Sprintf("--port=%s:%s", containerPort, hostPortStr))
+		}
+
+	}
+
 	// Add user passed arguments.
 	if len(driverConfig.Args) != 0 {
 		parsed := d.taskEnv.ParseAndReplace(driverConfig.Args)

client/driver/rkt_test.go

@@ -392,3 +392,49 @@ func TestRktTaskValidate(t *testing.T) {
 		t.Fatalf("Validation error in TaskConfig : '%v'", err)
 	}
 }
+
+// TODO: Port Mapping test should be ran with proper ACI image and test the port access.
+func TestRktDriver_PortsMapping(t *testing.T) {
+	if os.Getenv("NOMAD_TEST_RKT") == "" {
+		t.Skip("skipping rkt tests")
+	}
+
+	ctestutils.RktCompatible(t)
+	task := &structs.Task{
+		Name: "etcd",
+		Config: map[string]interface{}{
+			"trust_prefix": "coreos.com/etcd",
+			"image":        "coreos.com/etcd:v2.0.4",
+			"command":      "/etcd",
+			"args":         []string{"--version"},
+			"port_map": []map[string]string{
+				map[string]string{
+					"main": "8080-tcp",
+				},
+			},
+		},
+	}
+
+	driverCtx, execCtx := testDriverContexts(task)
+	defer execCtx.AllocDir.Destroy()
+
+	d := NewRktDriver(driverCtx)
+
+	handle, err := d.Start(execCtx, task)
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	if handle == nil {
+		t.Fatalf("missing handle")
+	}
+	defer handle.Kill()
+
+	// Attempt to open
+	handle2, err := d.Open(execCtx, handle.ID())
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	if handle2 == nil {
+		t.Fatalf("missing handle")
+	}
+}

website/source/docs/drivers/rkt.html.md

@@ -73,13 +73,70 @@ The `rkt` driver supports the following configuration in the job spec:
 * `dns_search_domains` - (Optional) A list of DNS search domains to be used in
    the containers.
 
+* `net` - (Optional) A list of networks to be used by the containers
+
+* `port_map` - (Optional) A key/value map of port to be used by the container.
+   port name in the image manifest file needs to be specified for the value. For example:
+
+   ```
+    port_map {
+            app = "8080-tcp"
+    }
+   ```
+
+   See below for more details.
+
 * `debug` - (Optional) Enable rkt command debug option.
 
 ## Task Directories
 
 The `rkt` driver currently does not support mounting of the `alloc/` and `local/` directories.
 Once support is added, version `v0.10.0` or above of `rkt` will be required.
 
+## Networking
+
+The `rkt` can specify `--net` and `--port` for the rkt client. Hence, there are two ways to use host ports by
+using `--net=host` or `--port=PORT` with your network.
+
+Example:
+
+```
+		task "etcd" {
+			# Use Docker to run the task.
+			driver = "rkt"
+
+			config {
+				image = "docker://my_image"
+				net = ["containers"]
+                                port_map {
+                                        app = "8080-tcp"
+                                }
+			}
+
+			service {
+                                port = "app"
+			}
+
+			resources {
+                                network {
+                                        mbits = 10
+                                        port "app" {
+					    static = 12345
+                                        }
+                                }
+			}
+		}
+
+```
+
+### Allocating Ports
+
+You can allocate ports to your task using the port syntax described on the
+[networking page](/docs/jobspec/networking.html).
+
+When you use port allocation, the image manifest needs to declare public ports and host has configured network.
+For more information, please refer to [rkt Networking](https://coreos.com/rkt/docs/latest/networking/overview.html).
+
 ## Client Requirements
 
 The `rkt` driver requires rkt to be installed and in your system's `$PATH`.