2016-09-08 13:11:39 -04:00
|
|
|
package service
|
|
|
|
|
|
|
|
|
|
import (
|
2018-05-03 18:02:44 -07:00
|
|
|
"context"
|
2016-09-08 13:11:39 -04:00
|
|
|
"fmt"
|
|
|
|
|
|
2017-04-17 18:07:56 -04:00
|
|
|
"github.com/docker/cli/cli"
|
|
|
|
|
"github.com/docker/cli/cli/command"
|
2022-05-12 13:18:48 +02:00
|
|
|
"github.com/docker/cli/cli/command/completion"
|
2017-11-08 17:33:36 +01:00
|
|
|
cliopts "github.com/docker/cli/opts"
|
2019-03-27 15:44:32 -05:00
|
|
|
"github.com/docker/docker/api/types/swarm"
|
2017-05-15 16:01:48 -07:00
|
|
|
"github.com/docker/docker/api/types/versions"
|
2019-03-27 15:44:32 -05:00
|
|
|
"github.com/docker/docker/client"
|
2016-09-08 13:11:39 -04:00
|
|
|
"github.com/spf13/cobra"
|
2017-02-16 17:05:36 -08:00
|
|
|
"github.com/spf13/pflag"
|
2016-09-08 13:11:39 -04:00
|
|
|
)
|
|
|
|
|
|
2025-02-20 13:17:02 +01:00
|
|
|
func newCreateCommand(dockerCLI command.Cli) *cobra.Command {
|
2016-09-08 13:11:39 -04:00
|
|
|
opts := newServiceOptions()
|
|
|
|
|
|
|
|
|
|
cmd := &cobra.Command{
|
|
|
|
|
Use: "create [OPTIONS] IMAGE [COMMAND] [ARG...]",
|
|
|
|
|
Short: "Create a new service",
|
|
|
|
|
Args: cli.RequiresMinArgs(1),
|
|
|
|
|
RunE: func(cmd *cobra.Command, args []string) error {
|
|
|
|
|
opts.image = args[0]
|
|
|
|
|
if len(args) > 1 {
|
|
|
|
|
opts.args = args[1:]
|
|
|
|
|
}
|
2025-02-20 13:17:02 +01:00
|
|
|
return runCreate(cmd.Context(), dockerCLI, cmd.Flags(), opts)
|
2016-09-08 13:11:39 -04:00
|
|
|
},
|
2022-05-12 13:18:48 +02:00
|
|
|
ValidArgsFunction: completion.NoComplete,
|
2016-09-08 13:11:39 -04:00
|
|
|
}
|
|
|
|
|
flags := cmd.Flags()
|
2023-01-03 11:12:24 +01:00
|
|
|
flags.StringVar(&opts.mode, flagMode, "replicated", `Service mode ("replicated", "global", "replicated-job", "global-job")`)
|
2016-09-28 12:34:31 +02:00
|
|
|
flags.StringVar(&opts.name, flagName, "", "Service name")
|
|
|
|
|
|
2017-03-30 18:35:04 -07:00
|
|
|
addServiceFlags(flags, opts, buildServiceDefaultFlagMapping())
|
2016-09-08 13:11:39 -04:00
|
|
|
|
|
|
|
|
flags.VarP(&opts.labels, flagLabel, "l", "Service labels")
|
|
|
|
|
flags.Var(&opts.containerLabels, flagContainerLabel, "Container labels")
|
|
|
|
|
flags.VarP(&opts.env, flagEnv, "e", "Set environment variables")
|
2016-07-19 23:58:32 -07:00
|
|
|
flags.Var(&opts.envFile, flagEnvFile, "Read in a file of environment variables")
|
2016-10-25 03:26:54 +00:00
|
|
|
flags.Var(&opts.mounts, flagMount, "Attach a filesystem mount to the service")
|
2016-11-08 07:06:07 -08:00
|
|
|
flags.Var(&opts.constraints, flagConstraint, "Placement constraints")
|
2017-01-19 15:27:37 -08:00
|
|
|
flags.Var(&opts.placementPrefs, flagPlacementPref, "Add a placement preference")
|
2017-03-13 18:31:48 -07:00
|
|
|
flags.SetAnnotation(flagPlacementPref, "version", []string{"1.28"})
|
2016-11-08 07:06:07 -08:00
|
|
|
flags.Var(&opts.networks, flagNetwork, "Network attachments")
|
2016-11-01 22:28:32 -04:00
|
|
|
flags.Var(&opts.secrets, flagSecret, "Specify secrets to expose to the service")
|
2017-01-16 17:57:26 +01:00
|
|
|
flags.SetAnnotation(flagSecret, "version", []string{"1.25"})
|
2017-05-08 10:36:04 -07:00
|
|
|
flags.Var(&opts.configs, flagConfig, "Specify configurations to expose to the service")
|
|
|
|
|
flags.SetAnnotation(flagConfig, "version", []string{"1.30"})
|
2016-11-10 12:13:26 -08:00
|
|
|
flags.VarP(&opts.endpoint.publishPorts, flagPublish, "p", "Publish a port as a node port")
|
2016-11-08 07:06:07 -08:00
|
|
|
flags.Var(&opts.groups, flagGroup, "Set one or more supplementary user groups for the container")
|
2017-01-16 17:57:26 +01:00
|
|
|
flags.SetAnnotation(flagGroup, "version", []string{"1.25"})
|
2016-10-19 17:07:44 -07:00
|
|
|
flags.Var(&opts.dns, flagDNS, "Set custom DNS servers")
|
2017-01-16 17:57:26 +01:00
|
|
|
flags.SetAnnotation(flagDNS, "version", []string{"1.25"})
|
2016-11-08 18:29:10 -08:00
|
|
|
flags.Var(&opts.dnsOption, flagDNSOption, "Set DNS options")
|
2017-01-16 17:57:26 +01:00
|
|
|
flags.SetAnnotation(flagDNSOption, "version", []string{"1.25"})
|
2016-10-19 17:07:44 -07:00
|
|
|
flags.Var(&opts.dnsSearch, flagDNSSearch, "Set custom DNS search domains")
|
2017-01-16 17:57:26 +01:00
|
|
|
flags.SetAnnotation(flagDNSSearch, "version", []string{"1.25"})
|
2016-11-03 08:05:00 -07:00
|
|
|
flags.Var(&opts.hosts, flagHost, "Set one or more custom host-to-IP mappings (host:ip)")
|
2017-01-16 17:57:26 +01:00
|
|
|
flags.SetAnnotation(flagHost, "version", []string{"1.25"})
|
2018-06-14 13:50:12 +02:00
|
|
|
flags.BoolVar(&opts.init, flagInit, false, "Use an init inside each service container to forward signals and reap processes")
|
|
|
|
|
flags.SetAnnotation(flagInit, "version", []string{"1.37"})
|
2019-02-12 16:07:07 +01:00
|
|
|
flags.Var(&opts.sysctls, flagSysCtl, "Sysctl options")
|
|
|
|
|
flags.SetAnnotation(flagSysCtl, "version", []string{"1.40"})
|
2020-07-26 20:40:52 +02:00
|
|
|
flags.Var(&opts.ulimits, flagUlimit, "Ulimit options")
|
|
|
|
|
flags.SetAnnotation(flagUlimit, "version", []string{"1.41"})
|
2024-07-08 13:39:15 -04:00
|
|
|
flags.Int64Var(&opts.oomScoreAdj, flagOomScoreAdj, 0, "Tune host's OOM preferences (-1000 to 1000) ")
|
|
|
|
|
flags.SetAnnotation(flagOomScoreAdj, "version", []string{"1.46"})
|
2016-09-08 13:11:39 -04:00
|
|
|
|
2017-11-08 17:33:36 +01:00
|
|
|
flags.Var(cliopts.NewListOptsRef(&opts.resources.resGenericResources, ValidateSingleGenericResource), "generic-resource", "User defined resources")
|
|
|
|
|
flags.SetAnnotation(flagHostAdd, "version", []string{"1.32"})
|
|
|
|
|
|
2016-09-08 13:11:39 -04:00
|
|
|
flags.SetInterspersed(false)
|
2025-02-20 13:17:02 +01:00
|
|
|
|
|
|
|
|
// TODO(thaJeztah): add completion for capabilities, stop-signal (currently non-exported in container package)
|
|
|
|
|
// _ = cmd.RegisterFlagCompletionFunc(flagCapAdd, completeLinuxCapabilityNames)
|
|
|
|
|
// _ = cmd.RegisterFlagCompletionFunc(flagCapDrop, completeLinuxCapabilityNames)
|
|
|
|
|
// _ = cmd.RegisterFlagCompletionFunc(flagStopSignal, completeSignals)
|
|
|
|
|
|
|
|
|
|
_ = cmd.RegisterFlagCompletionFunc(flagMode, completion.FromList("replicated", "global", "replicated-job", "global-job"))
|
|
|
|
|
_ = cmd.RegisterFlagCompletionFunc(flagEnv, completion.EnvVarNames) // TODO(thaJeztah): flagEnvRemove (needs to read current env-vars on the service)
|
|
|
|
|
_ = cmd.RegisterFlagCompletionFunc(flagEnvFile, completion.FileNames)
|
|
|
|
|
_ = cmd.RegisterFlagCompletionFunc(flagNetwork, completion.NetworkNames(dockerCLI))
|
|
|
|
|
_ = cmd.RegisterFlagCompletionFunc(flagRestartCondition, completion.FromList("none", "on-failure", "any"))
|
|
|
|
|
_ = cmd.RegisterFlagCompletionFunc(flagRollbackOrder, completion.FromList("start-first", "stop-first"))
|
|
|
|
|
_ = cmd.RegisterFlagCompletionFunc(flagRollbackFailureAction, completion.FromList("pause", "continue"))
|
|
|
|
|
_ = cmd.RegisterFlagCompletionFunc(flagUpdateOrder, completion.FromList("start-first", "stop-first"))
|
|
|
|
|
_ = cmd.RegisterFlagCompletionFunc(flagUpdateFailureAction, completion.FromList("pause", "continue", "rollback"))
|
|
|
|
|
|
|
|
|
|
flags.VisitAll(func(flag *pflag.Flag) {
|
|
|
|
|
// Set a default completion function if none was set. We don't look
|
|
|
|
|
// up if it does already have one set, because Cobra does this for
|
|
|
|
|
// us, and returns an error (which we ignore for this reason).
|
|
|
|
|
_ = cmd.RegisterFlagCompletionFunc(flag.Name, completion.NoComplete)
|
|
|
|
|
})
|
2016-09-08 13:11:39 -04:00
|
|
|
return cmd
|
|
|
|
|
}
|
|
|
|
|
|
2025-02-01 22:51:46 +01:00
|
|
|
func runCreate(ctx context.Context, dockerCLI command.Cli, flags *pflag.FlagSet, opts *serviceOptions) error {
|
|
|
|
|
apiClient := dockerCLI.Client()
|
2025-05-19 17:03:39 +02:00
|
|
|
createOpts := swarm.ServiceCreateOptions{}
|
2016-09-08 13:11:39 -04:00
|
|
|
|
2017-03-30 18:35:04 -07:00
|
|
|
service, err := opts.ToService(ctx, apiClient, flags)
|
2016-09-08 13:11:39 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-11 09:56:25 -05:00
|
|
|
specifiedSecrets := opts.secrets.Value()
|
|
|
|
|
if len(specifiedSecrets) > 0 {
|
|
|
|
|
// parse and validate secrets
|
2023-09-09 22:27:44 +00:00
|
|
|
secrets, err := ParseSecrets(ctx, apiClient, specifiedSecrets)
|
2016-11-11 09:56:25 -05:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
service.TaskTemplate.ContainerSpec.Secrets = secrets
|
2017-05-08 10:36:04 -07:00
|
|
|
}
|
2016-11-11 09:56:25 -05:00
|
|
|
|
2023-09-09 22:27:44 +00:00
|
|
|
if err := setConfigs(ctx, apiClient, &service, opts); err != nil {
|
2019-03-28 14:06:06 -05:00
|
|
|
return err
|
|
|
|
|
}
|
2016-10-19 12:22:02 -04:00
|
|
|
|
2025-02-01 22:51:46 +01:00
|
|
|
if err := resolveServiceImageDigestContentTrust(dockerCLI, &service); err != nil {
|
2016-12-05 17:02:26 -08:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-08 13:11:39 -04:00
|
|
|
// only send auth if flag was set
|
|
|
|
|
if opts.registryAuth {
|
|
|
|
|
// Retrieve encoded auth token from the image reference
|
2025-02-01 22:51:46 +01:00
|
|
|
encodedAuth, err := command.RetrieveAuthTokenFromImage(dockerCLI.ConfigFile(), opts.image)
|
2016-09-08 13:11:39 -04:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
createOpts.EncodedRegistryAuth = encodedAuth
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-15 16:01:48 -07:00
|
|
|
// query registry if flag disabling it was not set
|
|
|
|
|
if !opts.noResolveImage && versions.GreaterThanOrEqualTo(apiClient.ClientVersion(), "1.30") {
|
|
|
|
|
createOpts.QueryRegistry = true
|
|
|
|
|
}
|
2017-05-11 02:07:35 -07:00
|
|
|
|
2016-09-08 13:11:39 -04:00
|
|
|
response, err := apiClient.ServiceCreate(ctx, service, createOpts)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-14 18:08:24 -08:00
|
|
|
for _, warning := range response.Warnings {
|
2025-02-01 22:51:46 +01:00
|
|
|
_, _ = fmt.Fprintln(dockerCLI.Err(), warning)
|
2016-11-14 18:08:24 -08:00
|
|
|
}
|
|
|
|
|
|
2025-02-01 22:51:46 +01:00
|
|
|
_, _ = fmt.Fprintln(dockerCLI.Out(), response.ID)
|
2017-02-16 17:05:36 -08:00
|
|
|
|
Use non-detached mode as default for service commands
Commit 330a0035334871d92207b583c1c36d52a244753f added a `--detach=false` option
to various service-related commands, with the intent to make this the default in
a future version (17.09).
This patch changes the default to use "interactive" (non-detached), allowing
users to override this by setting the `--detach` option.
To prevent problems when connecting to older daemon versions (17.05 and below,
see commit db60f255617fd90cb093813dcdfe7eec840eeff8), the detach option is
ignored for those versions, and detach is always true.
Before this change, a warning was printed to announce the upcoming default:
$ docker service create nginx:alpine
saxiyn3pe559d753730zr0xer
Since --detach=false was not specified, tasks will be created in the background.
In a future release, --detach=false will become the default.
After this change, no warning is printed, but `--detach` is disabled;
$ docker service create nginx:alpine
y9jujwzozi0hwgj5yaadzliq6
overall progress: 1 out of 1 tasks
1/1: running [==================================================>]
verify: Service converged
Setting the `--detach` flag makes the cli use the pre-17.06 behavior:
$ docker service create --detach nginx:alpine
280hjnzy0wzje5o56gr22a46n
Running against a 17.03 daemon, without specifying the `--detach` flag;
$ docker service create nginx:alpine
kqheg7ogj0kszoa34g4p73i8q
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-09-12 14:35:19 +02:00
|
|
|
if opts.detach || versions.LessThan(apiClient.ClientVersion(), "1.29") {
|
2017-02-16 17:05:36 -08:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2025-02-01 22:51:46 +01:00
|
|
|
return WaitOnService(ctx, dockerCLI, response.ID, opts.quiet)
|
2016-09-08 13:11:39 -04:00
|
|
|
}
|
2019-03-27 15:44:32 -05:00
|
|
|
|
|
|
|
|
// setConfigs does double duty: it both sets the ConfigReferences of the
|
|
|
|
|
// service, and it sets the service CredentialSpec. This is because there is an
|
|
|
|
|
// interplay between the CredentialSpec and the Config it depends on.
|
2023-09-09 22:27:44 +00:00
|
|
|
func setConfigs(ctx context.Context, apiClient client.ConfigAPIClient, service *swarm.ServiceSpec, opts *serviceOptions) error {
|
2019-03-27 15:44:32 -05:00
|
|
|
specifiedConfigs := opts.configs.Value()
|
|
|
|
|
// if the user has requested to use a Config, for the CredentialSpec add it
|
|
|
|
|
// to the specifiedConfigs as a RuntimeTarget.
|
|
|
|
|
if cs := opts.credentialSpec.Value(); cs != nil && cs.Config != "" {
|
|
|
|
|
specifiedConfigs = append(specifiedConfigs, &swarm.ConfigReference{
|
|
|
|
|
ConfigName: cs.Config,
|
|
|
|
|
Runtime: &swarm.ConfigReferenceRuntimeTarget{},
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
if len(specifiedConfigs) > 0 {
|
|
|
|
|
// parse and validate configs
|
2023-09-09 22:27:44 +00:00
|
|
|
configs, err := ParseConfigs(ctx, apiClient, specifiedConfigs)
|
2019-03-27 15:44:32 -05:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
service.TaskTemplate.ContainerSpec.Configs = configs
|
|
|
|
|
// if we have a CredentialSpec Config, find its ID and rewrite the
|
|
|
|
|
// field on the spec
|
|
|
|
|
//
|
|
|
|
|
// we check the opts instead of the service directly because there are
|
|
|
|
|
// a few layers of nullable objects in the service, which is a PITA
|
|
|
|
|
// to traverse, but the existence of the option implies that those are
|
|
|
|
|
// non-null.
|
|
|
|
|
if cs := opts.credentialSpec.Value(); cs != nil && cs.Config != "" {
|
|
|
|
|
for _, config := range configs {
|
|
|
|
|
if config.ConfigName == cs.Config {
|
|
|
|
|
service.TaskTemplate.ContainerSpec.Privileges.CredentialSpec.Config = config.ConfigID
|
2019-04-01 13:38:11 -05:00
|
|
|
// we've found the right config, no need to keep iterating
|
|
|
|
|
// through the rest of them.
|
|
|
|
|
break
|
2019-03-27 15:44:32 -05:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
