├── .devcontainer ├── Dockerfile └── devcontainer.json ├── .dockerignore ├── .gitattributes ├── .github └── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── .gitignore ├── .travis.yml ├── .vscode └── settings.json ├── CHANGELOG.md ├── LICENSE ├── README.md ├── build-all.sh ├── build.sh ├── centos-mounted-volume-plugin └── README.md ├── cifs-volume-plugin ├── Dockerfile ├── README.md ├── config.json ├── main.go └── main_test.go ├── glusterfs-volume-plugin ├── Dockerfile ├── README.md ├── config.json ├── main.go ├── main_test.go └── rsyslog.conf ├── mounted-volume ├── codec.go ├── driver.go ├── driver_test.go └── roothider.go ├── nfs-volume-plugin └── README.md ├── package.json └── s3fs-volume-plugin ├── Dockerfile ├── README.md ├── config.json ├── docker-compose.yml ├── fuse.conf ├── main.go ├── main_test.go └── rsyslog.conf /.devcontainer/Dockerfile: -------------------------------------------------------------------------------- 1 | # See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.137.0/containers/go/.devcontainer/base.Dockerfile 2 | ARG VARIANT="1" 3 | FROM mcr.microsoft.com/vscode/devcontainers/go:0-${VARIANT} 4 | 5 | # [Optional] Install a version of Node.js using nvm for front end dev 6 | ARG INSTALL_NODE="true" 7 | ARG NODE_VERSION="lts/*" 8 | ARG DOCKER_GID 9 | ENV DOCKER_GID ${DOCKER_GID:-999} 10 | RUN if [ "${INSTALL_NODE}" = "true" ]; then su vscode -c "source /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"; fi 11 | 12 | # [Optional] Uncomment this section to install additional OS packages. 13 | # RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ 14 | # && apt-get -y install --no-install-recommends 15 | RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ 16 | && apt-get -y install --no-install-recommends apt-transport-https ca-certificates curl gnupg2 software-properties-common \ 17 | && curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - \ 18 | && add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian buster stable" \ 19 | && apt-get update && apt-get -y install docker-ce docker-ce-cli containerd.io \ 20 | && usermod -G ${DOCKER_GID} vscode 21 | 22 | # [Optional] Uncomment the next line to use go get to install anything else you need 23 | # RUN go get -x 24 | 25 | # [Optional] Uncomment this line to install global node packages. 26 | # RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && npm install -g " 2>&1 -------------------------------------------------------------------------------- /.devcontainer/devcontainer.json: -------------------------------------------------------------------------------- 1 | // For format details, see https://aka.ms/vscode-remote/devcontainer.json or this file's README at: 2 | // https://github.com/microsoft/vscode-dev-containers/tree/v0.137.0/containers/go 3 | { 4 | "name": "Go", 5 | "build": { 6 | "dockerfile": "Dockerfile", 7 | "args": { 8 | // Update the VARIANT arg to pick a version of Go: 1, 1.15, 1.14 9 | "VARIANT": "1", 10 | // Options 11 | "INSTALL_NODE": "false", 12 | "NODE_VERSION": "lts/*", 13 | "DOCKER_GID": "999" 14 | } 15 | }, 16 | "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined","-v", "/var/run/docker.sock:/var/run/docker.sock:rw" ], 17 | 18 | // Set *default* container specific settings.json values on container create. 19 | "settings": { 20 | "terminal.integrated.shell.linux": "/bin/bash", 21 | "go.toolsManagement.checkForUpdates": "off", 22 | "go.gopath": "/go", 23 | "go.useLanguageServer": true 24 | }, 25 | 26 | // Add the IDs of extensions you want installed when the container is created. 27 | "extensions": [ 28 | "ms-azuretools.vscode-docker", 29 | "golang.Go" 30 | ], 31 | 32 | // Use 'forwardPorts' to make a list of ports inside the container available locally. 33 | "forwardPorts": [9000], 34 | 35 | // Use 'postCreateCommand' to run commands after the container is created. 36 | // "postCreateCommand": "go version", 37 | 38 | "workspaceMount": "source=${localWorkspaceFolder},target=/go/src/github.com/marcelo-ochoa/docker-volume-plugins,type=bind,consistency=delegated", 39 | "workspaceFolder": "/go/src/github.com/marcelo-ochoa/docker-volume-plugins", 40 | 41 | // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root. 42 | "remoteUser": "vscode" 43 | } 44 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | .vscode/ 2 | .devcontainer/ 3 | ./build.sh 4 | ./config.json 5 | build/ -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | *.sh eol=lf 2 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Server (please complete the following information):** 24 | - OS: [e.g. Redhat] 25 | - Version [e.g. 22] 26 | 27 | **Additional context** 28 | Add any other context about the problem here. 29 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | build/ 2 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | sudo: required 2 | services: 3 | - docker 4 | script: 5 | - echo "$DOCKER_PASSWORD" | sudo docker login -u "mochoa" --password-stdin 6 | - sudo ./build.sh $TRAVIS_TAG -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "go.toolsEnvVars": { 3 | "GOOS":"linux" 4 | } 5 | } -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | Changelog 2 | ========= 3 | ## 2.0.4 4 | 5 | * Fixed defunct process on GlusterFS plugin. 6 | * Added S3Fs plugin. 7 | 8 | ## 1.3.1 9 | 10 | * Used centos:7 as the base for glusterfs client (Fedora mirrors used by gluster/glusterfs-client get very slow) 11 | * Switched all the plugins to "local" scope capability. 12 | 13 | ## 1.3.0 14 | 15 | * NFS volume plugin added 16 | * Fixed issue with volumes being lost on restart 17 | * Dropped the "v" prefix 18 | 19 | ## v1.2.0 20 | 21 | * CentOS Managed volume plugin added 22 | * Fixed security issue with CIFS volume plugin 23 | 24 | ## v1.1.0 25 | 26 | * CIFS volume plugin added 27 | * Refactored code to move all the common parts into a separate package 28 | 29 | ## v1.0.0 30 | 31 | * Initial release, just glusterfs 32 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Eclipse Public License - v 2.0 2 | 3 | THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE 4 | PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION 5 | OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. 6 | 7 | 1. DEFINITIONS 8 | 9 | "Contribution" means: 10 | 11 | a) in the case of the initial Contributor, the initial content 12 | Distributed under this Agreement, and 13 | 14 | b) in the case of each subsequent Contributor: 15 | i) changes to the Program, and 16 | ii) additions to the Program; 17 | where such changes and/or additions to the Program originate from 18 | and are Distributed by that particular Contributor. A Contribution 19 | "originates" from a Contributor if it was added to the Program by 20 | such Contributor itself or anyone acting on such Contributor's behalf. 21 | Contributions do not include changes or additions to the Program that 22 | are not Modified Works. 23 | 24 | "Contributor" means any person or entity that Distributes the Program. 25 | 26 | "Licensed Patents" mean patent claims licensable by a Contributor which 27 | are necessarily infringed by the use or sale of its Contribution alone 28 | or when combined with the Program. 29 | 30 | "Program" means the Contributions Distributed in accordance with this 31 | Agreement. 32 | 33 | "Recipient" means anyone who receives the Program under this Agreement 34 | or any Secondary License (as applicable), including Contributors. 35 | 36 | "Derivative Works" shall mean any work, whether in Source Code or other 37 | form, that is based on (or derived from) the Program and for which the 38 | editorial revisions, annotations, elaborations, or other modifications 39 | represent, as a whole, an original work of authorship. 40 | 41 | "Modified Works" shall mean any work in Source Code or other form that 42 | results from an addition to, deletion from, or modification of the 43 | contents of the Program, including, for purposes of clarity any new file 44 | in Source Code form that contains any contents of the Program. Modified 45 | Works shall not include works that contain only declarations, 46 | interfaces, types, classes, structures, or files of the Program solely 47 | in each case in order to link to, bind by name, or subclass the Program 48 | or Modified Works thereof. 49 | 50 | "Distribute" means the acts of a) distributing or b) making available 51 | in any manner that enables the transfer of a copy. 52 | 53 | "Source Code" means the form of a Program preferred for making 54 | modifications, including but not limited to software source code, 55 | documentation source, and configuration files. 56 | 57 | "Secondary License" means either the GNU General Public License, 58 | Version 2.0, or any later versions of that license, including any 59 | exceptions or additional permissions as identified by the initial 60 | Contributor. 61 | 62 | 2. GRANT OF RIGHTS 63 | 64 | a) Subject to the terms of this Agreement, each Contributor hereby 65 | grants Recipient a non-exclusive, worldwide, royalty-free copyright 66 | license to reproduce, prepare Derivative Works of, publicly display, 67 | publicly perform, Distribute and sublicense the Contribution of such 68 | Contributor, if any, and such Derivative Works. 69 | 70 | b) Subject to the terms of this Agreement, each Contributor hereby 71 | grants Recipient a non-exclusive, worldwide, royalty-free patent 72 | license under Licensed Patents to make, use, sell, offer to sell, 73 | import and otherwise transfer the Contribution of such Contributor, 74 | if any, in Source Code or other form. This patent license shall 75 | apply to the combination of the Contribution and the Program if, at 76 | the time the Contribution is added by the Contributor, such addition 77 | of the Contribution causes such combination to be covered by the 78 | Licensed Patents. The patent license shall not apply to any other 79 | combinations which include the Contribution. No hardware per se is 80 | licensed hereunder. 81 | 82 | c) Recipient understands that although each Contributor grants the 83 | licenses to its Contributions set forth herein, no assurances are 84 | provided by any Contributor that the Program does not infringe the 85 | patent or other intellectual property rights of any other entity. 86 | Each Contributor disclaims any liability to Recipient for claims 87 | brought by any other entity based on infringement of intellectual 88 | property rights or otherwise. As a condition to exercising the 89 | rights and licenses granted hereunder, each Recipient hereby 90 | assumes sole responsibility to secure any other intellectual 91 | property rights needed, if any. For example, if a third party 92 | patent license is required to allow Recipient to Distribute the 93 | Program, it is Recipient's responsibility to acquire that license 94 | before distributing the Program. 95 | 96 | d) Each Contributor represents that to its knowledge it has 97 | sufficient copyright rights in its Contribution, if any, to grant 98 | the copyright license set forth in this Agreement. 99 | 100 | e) Notwithstanding the terms of any Secondary License, no 101 | Contributor makes additional grants to any Recipient (other than 102 | those set forth in this Agreement) as a result of such Recipient's 103 | receipt of the Program under the terms of a Secondary License 104 | (if permitted under the terms of Section 3). 105 | 106 | 3. REQUIREMENTS 107 | 108 | 3.1 If a Contributor Distributes the Program in any form, then: 109 | 110 | a) the Program must also be made available as Source Code, in 111 | accordance with section 3.2, and the Contributor must accompany 112 | the Program with a statement that the Source Code for the Program 113 | is available under this Agreement, and informs Recipients how to 114 | obtain it in a reasonable manner on or through a medium customarily 115 | used for software exchange; and 116 | 117 | b) the Contributor may Distribute the Program under a license 118 | different than this Agreement, provided that such license: 119 | i) effectively disclaims on behalf of all other Contributors all 120 | warranties and conditions, express and implied, including 121 | warranties or conditions of title and non-infringement, and 122 | implied warranties or conditions of merchantability and fitness 123 | for a particular purpose; 124 | 125 | ii) effectively excludes on behalf of all other Contributors all 126 | liability for damages, including direct, indirect, special, 127 | incidental and consequential damages, such as lost profits; 128 | 129 | iii) does not attempt to limit or alter the recipients' rights 130 | in the Source Code under section 3.2; and 131 | 132 | iv) requires any subsequent distribution of the Program by any 133 | party to be under a license that satisfies the requirements 134 | of this section 3. 135 | 136 | 3.2 When the Program is Distributed as Source Code: 137 | 138 | a) it must be made available under this Agreement, or if the 139 | Program (i) is combined with other material in a separate file or 140 | files made available under a Secondary License, and (ii) the initial 141 | Contributor attached to the Source Code the notice described in 142 | Exhibit A of this Agreement, then the Program may be made available 143 | under the terms of such Secondary Licenses, and 144 | 145 | b) a copy of this Agreement must be included with each copy of 146 | the Program. 147 | 148 | 3.3 Contributors may not remove or alter any copyright, patent, 149 | trademark, attribution notices, disclaimers of warranty, or limitations 150 | of liability ("notices") contained within the Program from any copy of 151 | the Program which they Distribute, provided that Contributors may add 152 | their own appropriate notices. 153 | 154 | 4. COMMERCIAL DISTRIBUTION 155 | 156 | Commercial distributors of software may accept certain responsibilities 157 | with respect to end users, business partners and the like. While this 158 | license is intended to facilitate the commercial use of the Program, 159 | the Contributor who includes the Program in a commercial product 160 | offering should do so in a manner which does not create potential 161 | liability for other Contributors. Therefore, if a Contributor includes 162 | the Program in a commercial product offering, such Contributor 163 | ("Commercial Contributor") hereby agrees to defend and indemnify every 164 | other Contributor ("Indemnified Contributor") against any losses, 165 | damages and costs (collectively "Losses") arising from claims, lawsuits 166 | and other legal actions brought by a third party against the Indemnified 167 | Contributor to the extent caused by the acts or omissions of such 168 | Commercial Contributor in connection with its distribution of the Program 169 | in a commercial product offering. The obligations in this section do not 170 | apply to any claims or Losses relating to any actual or alleged 171 | intellectual property infringement. In order to qualify, an Indemnified 172 | Contributor must: a) promptly notify the Commercial Contributor in 173 | writing of such claim, and b) allow the Commercial Contributor to control, 174 | and cooperate with the Commercial Contributor in, the defense and any 175 | related settlement negotiations. The Indemnified Contributor may 176 | participate in any such claim at its own expense. 177 | 178 | For example, a Contributor might include the Program in a commercial 179 | product offering, Product X. That Contributor is then a Commercial 180 | Contributor. If that Commercial Contributor then makes performance 181 | claims, or offers warranties related to Product X, those performance 182 | claims and warranties are such Commercial Contributor's responsibility 183 | alone. Under this section, the Commercial Contributor would have to 184 | defend claims against the other Contributors related to those performance 185 | claims and warranties, and if a court requires any other Contributor to 186 | pay any damages as a result, the Commercial Contributor must pay 187 | those damages. 188 | 189 | 5. NO WARRANTY 190 | 191 | EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT 192 | PERMITTED BY APPLICABLE LAW, THE PROGRAM IS PROVIDED ON AN "AS IS" 193 | BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR 194 | IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF 195 | TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR 196 | PURPOSE. Each Recipient is solely responsible for determining the 197 | appropriateness of using and distributing the Program and assumes all 198 | risks associated with its exercise of rights under this Agreement, 199 | including but not limited to the risks and costs of program errors, 200 | compliance with applicable laws, damage to or loss of data, programs 201 | or equipment, and unavailability or interruption of operations. 202 | 203 | 6. DISCLAIMER OF LIABILITY 204 | 205 | EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT 206 | PERMITTED BY APPLICABLE LAW, NEITHER RECIPIENT NOR ANY CONTRIBUTORS 207 | SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 208 | EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST 209 | PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 210 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 211 | ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE 212 | EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE 213 | POSSIBILITY OF SUCH DAMAGES. 214 | 215 | 7. GENERAL 216 | 217 | If any provision of this Agreement is invalid or unenforceable under 218 | applicable law, it shall not affect the validity or enforceability of 219 | the remainder of the terms of this Agreement, and without further 220 | action by the parties hereto, such provision shall be reformed to the 221 | minimum extent necessary to make such provision valid and enforceable. 222 | 223 | If Recipient institutes patent litigation against any entity 224 | (including a cross-claim or counterclaim in a lawsuit) alleging that the 225 | Program itself (excluding combinations of the Program with other software 226 | or hardware) infringes such Recipient's patent(s), then such Recipient's 227 | rights granted under Section 2(b) shall terminate as of the date such 228 | litigation is filed. 229 | 230 | All Recipient's rights under this Agreement shall terminate if it 231 | fails to comply with any of the material terms or conditions of this 232 | Agreement and does not cure such failure in a reasonable period of 233 | time after becoming aware of such noncompliance. If all Recipient's 234 | rights under this Agreement terminate, Recipient agrees to cease use 235 | and distribution of the Program as soon as reasonably practicable. 236 | However, Recipient's obligations under this Agreement and any licenses 237 | granted by Recipient relating to the Program shall continue and survive. 238 | 239 | Everyone is permitted to copy and distribute copies of this Agreement, 240 | but in order to avoid inconsistency the Agreement is copyrighted and 241 | may only be modified in the following manner. The Agreement Steward 242 | reserves the right to publish new versions (including revisions) of 243 | this Agreement from time to time. No one other than the Agreement 244 | Steward has the right to modify this Agreement. The Eclipse Foundation 245 | is the initial Agreement Steward. The Eclipse Foundation may assign the 246 | responsibility to serve as the Agreement Steward to a suitable separate 247 | entity. Each new version of the Agreement will be given a distinguishing 248 | version number. The Program (including Contributions) may always be 249 | Distributed subject to the version of the Agreement under which it was 250 | received. In addition, after a new version of the Agreement is published, 251 | Contributor may elect to Distribute the Program (including its 252 | Contributions) under the new version. 253 | 254 | Except as expressly stated in Sections 2(a) and 2(b) above, Recipient 255 | receives no rights or licenses to the intellectual property of any 256 | Contributor under this Agreement, whether expressly, by implication, 257 | estoppel or otherwise. All rights in the Program not expressly granted 258 | under this Agreement are reserved. Nothing in this Agreement is intended 259 | to be enforceable by any entity that is not a Contributor or Recipient. 260 | No third-party beneficiary rights are created under this Agreement. 261 | 262 | Exhibit A - Form of Secondary Licenses Notice 263 | 264 | "This Source Code may also be made available under the following 265 | Secondary Licenses when the conditions for such availability set forth 266 | in the Eclipse Public License, v. 2.0 are satisfied: {name license(s), 267 | version(s), and exceptions or additional permissions here}." 268 | 269 | Simply including a copy of this Agreement, including this Exhibit A 270 | is not sufficient to license the Source Code under Secondary Licenses. 271 | 272 | If it is not possible or desirable to put the notice in a particular 273 | file, then You may include the notice in a location (such as a LICENSE 274 | file in a relevant directory) where a recipient would be likely to 275 | look for such a notice. 276 | 277 | You may add additional accurate notices of copyright ownership. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Docker Managed Volume Plugins 2 | ============================= 3 | 4 | This project provides managed volume plugins for Docker to connect to [CIFS](https://github.com/marcelo-ochoa/docker-volume-plugins/tree/master/cifs-volume-plugin), [GlusterFS](https://github.com/marcelo-ochoa/docker-volume-plugins/tree/master/glusterfs-volume-plugin) [NFS](https://github.com/marcelo-ochoa/docker-volume-plugins/tree/master/nfs-volume-plugin). 5 | 6 | Along with a generic [CentOS Mounted Volume Plugin](https://github.com/marcelo-ochoa/docker-volume-plugins/tree/master/centos-mounted-volume-plugin) that allows for arbitrary packages to be installed and used by mount. 7 | 8 | There are two key labels 9 | 10 | * `dev` this is an unstable version primarily used for development testing, do not use it on production. 11 | * `latest` this is the latest version that was built which should be ready for use in production systems. 12 | 13 | **There is no robust error handling. So garbage in -> garbage out** -------------------------------------------------------------------------------- /build-all.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | export TAG=${1:-latest} 3 | ./build.sh $TAG x86_64 4 | ./build.sh $TAG armv7l 5 | ./build.sh $TAG aarch64 6 | ./build.sh $TAG 7 | ./build.sh 8 | -------------------------------------------------------------------------------- /build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | error() { 3 | printf '\E[31m'; echo "$@"; printf '\E[0m' 4 | } 5 | 6 | if [[ $EUID -ne 0 ]]; then 7 | error "This script should be run using sudo or as the root user" 8 | exit 1 9 | fi 10 | 11 | export TAG=${1:-latest} 12 | export ARCH=${2:-"$(uname -m)"} 13 | 14 | build() { 15 | if [ $ARCH == "armv7l" ] 16 | then 17 | BPLATFORM="linux/arm/v7" 18 | else if [ $ARCH == "aarch64" ] 19 | then 20 | BPLATFORM="linux/arm64" 21 | else 22 | BPLATFORM="linux/amd64" 23 | fi 24 | fi 25 | if [ $ARCH == "x86_64" ] 26 | then 27 | docker plugin rm -f mochoa/$1:$TAG || true 28 | else 29 | docker plugin rm -f mochoa/$1-$ARCH:$TAG || true 30 | fi 31 | docker rmi -f rootfsimage || true 32 | docker buildx build --load --platform ${BPLATFORM} \ 33 | --build-arg GO_VERSION=1.15.10 \ 34 | --build-arg UBUNTU_VERSION=22.04 \ 35 | -t rootfsimage -f $1/Dockerfile . 36 | id=$(docker create rootfsimage true) # id was cd851ce43a403 when the image was created 37 | rm -rf build/rootfs 38 | mkdir -p build/rootfs/var/lib/docker-volumes 39 | docker export "$id" | tar -x -C build/rootfs 40 | docker rm -vf "$id" 41 | cp $1/config.json build 42 | if [ $ARCH == "x86_64" ] 43 | then 44 | docker plugin create mochoa/$1:$TAG build 45 | docker plugin push mochoa/$1:$TAG 46 | else 47 | docker plugin create mochoa/$1-$ARCH:$TAG build 48 | docker plugin push mochoa/$1-$ARCH:$TAG 49 | fi 50 | } 51 | build glusterfs-volume-plugin 52 | build s3fs-volume-plugin 53 | build cifs-volume-plugin 54 | -------------------------------------------------------------------------------- /centos-mounted-volume-plugin/README.md: -------------------------------------------------------------------------------- 1 | CentOS Mounted Volume Plugin 2 | ============================ 3 | 4 | This plugin is deprecated due NFS is support by default using local bind mounts https://docs.docker.com/engine/reference/commandline/volume_create/. 5 | -------------------------------------------------------------------------------- /cifs-volume-plugin/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG UBUNTU_VERSION 2 | FROM --platform=${TARGETPLATFORM:-linux/amd64} ubuntu:${UBUNTU_VERSION:-20.04} as base 3 | 4 | ENV DEBIAN_FRONTEND="noninteractive" 5 | 6 | RUN apt update && \ 7 | apt install -y cifs-utils curl tini && \ 8 | apt clean && rm -rf /var/lib/apt/lists/* 9 | 10 | ARG GO_VERSION 11 | FROM --platform=${TARGETPLATFORM:-linux/amd64} golang:${GO_VERSION:-1.15.10}-alpine as dev 12 | 13 | RUN apk update && apk add git 14 | 15 | COPY cifs-volume-plugin/ /go/src/github.com/marcelo-ochoa/docker-volume-plugins/cifs-volume-plugin 16 | COPY mounted-volume/ /go/src/github.com/marcelo-ochoa/docker-volume-plugins/mounted-volume 17 | 18 | RUN cd /go/src/github.com/marcelo-ochoa/docker-volume-plugins/cifs-volume-plugin && \ 19 | CGO_ENABLED=0 GOOS=linux go get 20 | 21 | FROM base 22 | 23 | COPY --from=dev /go/bin/cifs-volume-plugin / 24 | -------------------------------------------------------------------------------- /cifs-volume-plugin/README.md: -------------------------------------------------------------------------------- 1 | CIFS Volume Plugin 2 | ====================== 3 | 4 | This is a managed Docker volume plugin to allow Docker containers to access CIFS shares. The cifs-utils do not need to be installed on the host and everything is managed within the plugin. This is intended as a replacement for docker-volume-netshare specifically for CIFS on my organization's swarm. 5 | 6 | ### Caveats: 7 | 8 | - This is a managed plugin only, no legacy support. 9 | - The contents of `/root` is exposed to the plugin as a *read-only* mount so it may access the credential files. 10 | - There is no validation that the credential file itself is secure. 11 | - There is no support for volumes with the `@` symbol as it is used as the escape character. I may add `@@` as an escape in the future if needed. 12 | - `.netrc` is not used because by it does not support `domain` and it causes extra errors when using `curl` on the system. 13 | - There are many possible options for `mount.cifs` so rather than restricting what can be done, the plugin expects the configuration file to provide all the necessary information (except for credentials). 14 | - If the credential file is present for the share it will append the `credentials=filename` even if the credentials are already part of the options. 15 | - In order to properly support versions use `--alias` when installing the plugin. 16 | - It uses the same format as docker-volume-netshare for the mount points to facilitate migrations. 17 | - **There is no robust error handling. So garbage in -> garbage out** 18 | 19 | ## Credentials 20 | 21 | Unlike glusterfs, credentails are generally required to access a CIFS share unless it had allowed guest access. Credentials must be stored in the node under a path in the `/root/` folder. By default it is `/root/credentials` 22 | 23 | To prevent excess quoting, the '@' sign is used as a path separator and will be translated to `/` when trying to process it. For example the shared volume `foohost/path/subdir` should have a credential file named `foohost@path@subdir`. It is expected that the file is readable only by root and that is left to the user. 24 | 25 | The credential file must have LF line endings and the format is: 26 | 27 | username=value 28 | password=value 29 | domain=value 30 | 31 | To protect it within the plugin, the `/root` mount is remounted as a `1m tmpfs` until the credential file is needed (which is on the `Mount` call in which case `/root` is unmounted, the credential file is used then the `tmpfs` is remounted). It also means that mounting cannot be done in parallel so it will slow down the startup if there are many shares. 32 | 33 | ### Load order 34 | 35 | It is likely that a single share may have multiple subpaths. Or there's a global default. For this situation the lookup logic goes as follows given the example of `foohost/path/subdir` and the default credentials path, it will look for the following files in the following order 36 | 37 | 1. `/root/credentials/foohost@path@subdir 38 | 2. `/root/credentials/foohost@path 39 | 3. `/root/credentials/foohost 40 | 4. `/root/credentials/default 41 | 42 | 43 | ## Usage 44 | 45 | This uses the `driver_opts.cifsopts` to define the list of options to pass to the mount command (a map couldn't be used as some options have no value and will limit future options from being added if I chose to add them. In addition, the plugin variable `DEFAULT_CIFSOPTS` can be used to set up the default value for `driver_opts.cifsopts` if it is not specified. For the most part my SMB shares are on Windows and so my `DEFAULT_CIFSOPTS=vers=3.02,mfsymlinks,file_mode=0666,dir_mode=0777` 46 | 47 | The `credentials` should not be passed in and will be added automatically if the credentials file is found. The `volumes.x.name` specifies the host and share path (do not add the `//` it will automatically be added). 48 | 49 | Example in docker-compose.yml assuming the alias was set as `cifs`: 50 | 51 | volumes: 52 | sample: 53 | driver: cifs 54 | driver_opts: 55 | cifsopts: vers=3.02,mfsymlinks,file_mode=0666,dir_mode=0777 56 | name: "host/share" 57 | 58 | The values above correspond to the following mounting command: 59 | 60 | mount -t cifs \ 61 | -o vers=3.02,mfsymlinks,file_mode=0666,dir_mode=0777,credentials=/root/credentials/host@share 62 | //host/share [generated_mount_point] 63 | 64 | ## Testing outside the swarm 65 | 66 | This is an example of mounting and testing a store outside the swarm. It is assuming the share is called `noriko/s`. 67 | 68 | docker plugin install mochoa/cifs-volume-plugin --grant-all-permissions 69 | docker plugin enable mochoa/cifs-volume-plugin 70 | docker volume create -d mochoa/cifs-volume-plugin --opt cifsopts=vers=3.02,mfsymlinks,file_mode=0666,dir_mode=0777 noriko/s 71 | docker run -it -v noriko/s:/mnt alpine 72 | -------------------------------------------------------------------------------- /cifs-volume-plugin/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "CIFS plugin or Docker v2.0.8", 3 | "documentation": "https://github.com/marcelo-ochoa/docker-volume-plugins/", 4 | "entrypoint": [ 5 | "/usr/bin/tini", 6 | "--", 7 | "/cifs-volume-plugin" 8 | ], 9 | "env": [ 10 | { 11 | "name": "CREDENTIAL_PATH", 12 | "settable": [ 13 | "value" 14 | ], 15 | "value": "/root/credentials" 16 | }, 17 | { 18 | "name": "DEFAULT_CIFSOPTS", 19 | "settable": [ 20 | "value" 21 | ], 22 | "value": "" 23 | } 24 | ], 25 | "network": { 26 | "type": "host" 27 | }, 28 | "mounts": [ 29 | { 30 | "description": "Host /root folder which is expected to contain credential files", 31 | "destination": "/root", 32 | "source": "/root", 33 | "type": "bind", 34 | "options": [ 35 | "rbind", 36 | "ro" 37 | ] 38 | } 39 | ], 40 | "propagatedMount": "/var/lib/docker-volumes", 41 | "interface": { 42 | "types": [ 43 | "docker.volumedriver/1.0" 44 | ], 45 | "socket": "cifs.sock" 46 | }, 47 | "linux": { 48 | "capabilities": [ 49 | "CAP_SYS_ADMIN", 50 | "CAP_DAC_READ_SEARCH" 51 | ] 52 | } 53 | } -------------------------------------------------------------------------------- /cifs-volume-plugin/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "os" 6 | "path/filepath" 7 | "strings" 8 | 9 | "github.com/docker/go-plugins-helpers/volume" 10 | mountedvolume "github.com/marcelo-ochoa/docker-volume-plugins/mounted-volume" 11 | ) 12 | 13 | type cifsDriver struct { 14 | credentialPath string 15 | defaultCifsopts string 16 | mountedvolume.Driver 17 | } 18 | 19 | func (p *cifsDriver) Validate(req *volume.CreateRequest) error { 20 | 21 | return nil 22 | } 23 | 24 | func (p *cifsDriver) MountOptions(req *volume.CreateRequest) []string { 25 | 26 | cifsopts, cifsoptsInOpts := req.Options["cifsopts"] 27 | 28 | var cifsoptsArray []string 29 | if cifsoptsInOpts { 30 | cifsoptsArray = append(cifsoptsArray, strings.Split(cifsopts, ",")...) 31 | } else { 32 | cifsoptsArray = append(cifsoptsArray, strings.Split(p.defaultCifsopts, ",")...) 33 | } 34 | mountedvolume.UnhideRoot() 35 | defer mountedvolume.HideRoot() 36 | credentialsFile := p.calculateCredentialsFile(strings.Split(req.Name, "/")) 37 | if credentialsFile != "" { 38 | cifsoptsArray = append(cifsoptsArray, "credentials="+credentialsFile) 39 | } else { 40 | log.Println("The credential file expected %s was not found, no implicit credential data will be passed by the plugin", credentialsFile) 41 | } 42 | 43 | return []string{"-t", "cifs", "-o", strings.Join(cifsoptsArray, ","), "//" + req.Name} 44 | 45 | } 46 | 47 | func (p *cifsDriver) PreMount(req *volume.MountRequest) error { 48 | mountedvolume.UnhideRoot() 49 | return nil 50 | } 51 | 52 | func (p *cifsDriver) PostMount(req *volume.MountRequest) { 53 | mountedvolume.HideRoot() 54 | } 55 | 56 | func buildDriver() *cifsDriver { 57 | credentialPath := os.Getenv("CREDENTIAL_PATH") 58 | defaultCifsopts := os.Getenv("DEFAULT_CIFSOPTS") 59 | d := &cifsDriver{ 60 | Driver: *mountedvolume.NewDriver("mount", true, "cifs", "local"), 61 | credentialPath: credentialPath, 62 | defaultCifsopts: defaultCifsopts, 63 | } 64 | d.Init(d) 65 | mountedvolume.HideRoot() 66 | return d 67 | } 68 | 69 | func (p *cifsDriver) calculateCredentialsFile(pathList []string) string { 70 | 71 | credentialsFile := filepath.Join(p.credentialPath, strings.Join(pathList, "@")) 72 | 73 | if len(pathList) == 0 { 74 | credentialsFile = filepath.Join(p.credentialPath, "default") 75 | if _, err := os.Stat(credentialsFile); err != nil { 76 | return "" 77 | } 78 | return credentialsFile 79 | } 80 | 81 | if _, err := os.Stat(credentialsFile); err != nil { 82 | return p.calculateCredentialsFile(pathList[:len(pathList)-1]) 83 | } 84 | return credentialsFile 85 | } 86 | 87 | func main() { 88 | log.SetFlags(0) 89 | d := buildDriver() 90 | defer d.Close() 91 | d.ServeUnix() 92 | } 93 | -------------------------------------------------------------------------------- /cifs-volume-plugin/main_test.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "strings" 6 | "testing" 7 | 8 | mountedvolume "github.com/marcelo-ochoa/docker-volume-plugins/mounted-volume" 9 | ) 10 | 11 | func TestCalculateCredentialsFile(t *testing.T) { 12 | d := &cifsDriver{ 13 | Driver: *mountedvolume.NewDriver("glusterfs", true, "gfs", "local"), 14 | credentialPath: "/foo/bar", 15 | } 16 | defer d.Close() 17 | if d.calculateCredentialsFile(strings.Split("foopath/foo/bar/path", "/")) != "" { 18 | fmt.Errorf("did not expect file to exist") 19 | t.Fail() 20 | } 21 | } 22 | 23 | func TestCalculateCredentialsFile2(t *testing.T) { 24 | // tmpDir := ioutil 25 | d := &cifsDriver{ 26 | Driver: *mountedvolume.NewDriver("glusterfs", true, "gfs", "local"), 27 | credentialPath: "/foo/bar", 28 | } 29 | defer d.Close() 30 | if d.calculateCredentialsFile(strings.Split("foopath/foo/bar/path", "/")) != "" { 31 | fmt.Errorf("did not expect file to exist") 32 | t.Fail() 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /glusterfs-volume-plugin/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG UBUNTU_VERSION 2 | FROM --platform=${TARGETPLATFORM:-linux/amd64} ubuntu:${UBUNTU_VERSION:-20.04} as base 3 | 4 | ENV DEBIAN_FRONTEND="noninteractive" 5 | 6 | RUN apt update && \ 7 | apt install -y glusterfs-client curl rsyslog tini && \ 8 | apt clean && rm -rf /var/lib/apt/lists/* && \ 9 | rm -rf "/tmp/*" "/root/.cache" /var/log/lastlog && \ 10 | mkdir -p /var/lib/glusterd /etc/glusterfs && \ 11 | touch /etc/glusterfs/logger.conf 12 | 13 | COPY glusterfs-volume-plugin/rsyslog.conf /etc/rsyslog.conf 14 | 15 | ARG GO_VERSION 16 | FROM --platform=${TARGETPLATFORM:-linux/amd64} golang:${GO_VERSION:-1.15.10}-alpine as dev 17 | 18 | RUN apk update && apk add git 19 | 20 | COPY glusterfs-volume-plugin/ /go/src/github.com/marcelo-ochoa/docker-volume-plugins/glusterfs-volume-plugin 21 | COPY mounted-volume/ /go/src/github.com/marcelo-ochoa/docker-volume-plugins/mounted-volume 22 | 23 | RUN cd /go/src/github.com/marcelo-ochoa/docker-volume-plugins/glusterfs-volume-plugin && \ 24 | CGO_ENABLED=0 GOOS=linux go get 25 | 26 | FROM base 27 | 28 | COPY --from=dev /go/bin/glusterfs-volume-plugin / 29 | -------------------------------------------------------------------------------- /glusterfs-volume-plugin/README.md: -------------------------------------------------------------------------------- 1 | # GlusterFS Volume Plugin 2 | 3 | This is a managed Docker volume plugin to allow Docker containers to access GlusterFS volumes. The GlusterFS client does not need to be installed on the host and everything is managed within the plugin. 4 | 5 | ## Caveats 6 | 7 | - Requires Docker 18.03-1 at minimum. 8 | - This is a managed plugin only, no legacy support. 9 | - In order to properly support versions use `--alias` when installing the plugin. 10 | - This only supports one glusterfs cluster per instance use `--alias` to define separate instances 11 | - The value of `SERVERS` is initially blank it needs `docker plugin glusterfs set SERVERS=store1,store2` if it is set then it will be used for all servers and low level options will not be allowed. Primarily this is to control what the deployed stacks can perform. The values are the DNS or IP addresses of the Gluster servers you are using. 12 | - **There is no robust error handling. So garbage in -> garbage out** 13 | 14 | ## Operating modes 15 | 16 | There are three operating modes listed in order of preference. Each are mutually exclusive and will result in an error when performing a `docker volume create` if more than one operating mode is configured. 17 | 18 | ### Just the name 19 | 20 | This is the *recommended* approach for production systems as it will prevent stacks from specifying any random server. It also prevents the stack configuration file from containing environment specific servers and instead defers that knowledge to the plugin only which is set on the node level. This relies on `SERVERS` being configured and will use the name as the volume mount set by [`docker plugin set`](https://docs.docker.com/engine/reference/commandline/plugin_set/). This can be done in an automated fashion as: 21 | 22 | docker plugin install --alias PLUGINALIAS \ 23 | mochoa/glusterfs-volume-plugin \ 24 | --grant-all-permissions --disable 25 | docker plugin set PLUGINALIAS SERVERS=store1,store2 26 | docker plugin enable PLUGINALIAS 27 | 28 | If there is a need to have a different set of servers, a separate plugin alias should be created with a different set of servers. 29 | 30 | - Note that store1 and store2 servers must be defined at /etc/hosts of docker run time. 31 | 32 | Example in docker-compose.yml: 33 | 34 | volumes: 35 | sample: 36 | driver: glusterfs 37 | name: "volume/subdir" 38 | 39 | The `volumes.x.name` specifies the volume and optionally a subdirectory mount. The value of `name` will be used as the `--volfile-id` and `--subdir-mount`. Note that `volumes.x.name` must not start with `/`. 40 | 41 | ### Specify the servers 42 | 43 | This uses the `driver_opts.servers` to define a comma separated list of servers. The rules for specifying the volume is the same as the previous section. 44 | 45 | Example in docker-compose.yml assuming the alias was set as `glusterfs`: 46 | 47 | volumes: 48 | sample: 49 | driver: glusterfs 50 | driver_opts: 51 | servers: store1,store2 52 | name: "volume/subdir" 53 | 54 | The `volumes.x.name` specifies the volume and optionally a subdirectory mount. The value of `name` will be used as the `--volfile-id` and `--subdir-mount`. Note that `volumes.x.name` must not start with `/`. The values above correspond to the following mounting command: 55 | 56 | glusterfs -s store1 -s store2 --volfile-id=volume \ 57 | --subdir-mount=subdir [generated_mount_point] 58 | 59 | ### Specify the options 60 | 61 | This passes the `driver_opts.glusteropts` to the `glusterfs` command followed by the generated mount point. This is the most flexible method and gives full range to the options of the glusterfs FUSE client. Example in docker-compose.yml assuming the alias was set as `glusterfs`: 62 | 63 | volumes: 64 | sample: 65 | driver: glusterfs 66 | driver_opts: 67 | glusteropts: "--volfile-server=SERVER --volfile-id=abc --subdir-mount=sub" 68 | name: "whatever" 69 | 70 | The value of `name` will not be used for mounting; the value of `driver_opts.glusterfsopts` is expected to have all the volume connection information. 71 | 72 | ## Testing outside the swarm 73 | 74 | This is an example of mounting and testing a store outside the swarm. It is assuming the server is called `store1` and the volume name is `myvol`. 75 | 76 | docker plugin install mochoa/glusterfs-volume-plugin --grant-all-permissions 77 | docker plugin enable mochoa/glusterfs-volume-plugin 78 | docker volume create -d mochoa/glusterfs-volume-plugin --opt servers=store1 myvol 79 | docker run -it -v myvol:/mnt alpine 80 | 81 | ## SSL support 82 | 83 | Host path `/etc/ssl` is made available to gluster clients so to configure SSL you should follow steps from GlusterFS documentation. 84 | 85 | ### Management Channel 86 | 87 | By default, GlusterFS process will not use SSL to communicate with servers when eg. fetching volume list. 88 | To secure management channel, set `SECURE_MANAGEMENT` to non empty value, eg.: `docker plugin glusterfs set SECURE_MANAGEMENT=yes`. 89 | 90 | Remember that all clients and servers will need to ahve secure management enabled to be able to communicate: 91 | **(...) will cause glusterd connections made from that machine to use TLS. Note that even clients must do this to communicate with a remote glusterd while mounting, but not thereafter** 92 | 93 | More at: 94 | -------------------------------------------------------------------------------- /glusterfs-volume-plugin/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "GlusterFS plugin for Docker v2.0.8", 3 | "documentation": "https://github.com/marcelo-ochoa/docker-volume-plugins/", 4 | "entrypoint": [ 5 | "/usr/bin/tini", 6 | "--", 7 | "/glusterfs-volume-plugin" 8 | ], 9 | "env": [ 10 | { 11 | "name": "SERVERS", 12 | "settable": [ 13 | "value" 14 | ], 15 | "value": "" 16 | }, 17 | { 18 | "name": "SECURE_MANAGEMENT", 19 | "settable": [ 20 | "value" 21 | ], 22 | "value": "" 23 | } 24 | ], 25 | "network": { 26 | "type": "host" 27 | }, 28 | "propagatedMount": "/var/lib/docker-volumes", 29 | "interface": { 30 | "types": [ 31 | "docker.volumedriver/1.0" 32 | ], 33 | "socket": "gfs.sock" 34 | }, 35 | "linux": { 36 | "capabilities": [ 37 | "CAP_SYS_ADMIN" 38 | ], 39 | "devices": [ 40 | { 41 | "path": "/dev/fuse" 42 | } 43 | ] 44 | }, 45 | "mounts": [ 46 | { 47 | "name": "ssl", 48 | "source": "/etc/ssl", 49 | "description": "", 50 | "destination": "/etc/ssl", 51 | "type": "bind", 52 | "options": ["readonly", "shared", "rbind"] 53 | } 54 | ] 55 | } 56 | -------------------------------------------------------------------------------- /glusterfs-volume-plugin/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "log" 6 | "os" 7 | "os/exec" 8 | "strings" 9 | 10 | "github.com/docker/go-plugins-helpers/volume" 11 | mountedvolume "github.com/marcelo-ochoa/docker-volume-plugins/mounted-volume" 12 | ) 13 | 14 | type gfsDriver struct { 15 | servers []string 16 | mountedvolume.Driver 17 | } 18 | 19 | func (p *gfsDriver) Validate(req *volume.CreateRequest) error { 20 | 21 | _, serversDefinedInOpts := req.Options["servers"] 22 | _, glusteroptsInOpts := req.Options["glusteropts"] 23 | 24 | if len(p.servers) > 0 && (serversDefinedInOpts || glusteroptsInOpts) { 25 | return fmt.Errorf("SERVERS is set, options are not allowed") 26 | } 27 | if serversDefinedInOpts && glusteroptsInOpts { 28 | return fmt.Errorf("servers is set, glusteropts are not allowed") 29 | } 30 | if len(p.servers) == 0 && !serversDefinedInOpts && !glusteroptsInOpts { 31 | return fmt.Errorf("One of SERVERS, driver_opts.servers or driver_opts.glusteropts must be specified") 32 | } 33 | 34 | return nil 35 | } 36 | 37 | func (p *gfsDriver) MountOptions(req *volume.CreateRequest) []string { 38 | 39 | servers, serversDefinedInOpts := req.Options["servers"] 40 | glusteropts, _ := req.Options["glusteropts"] 41 | 42 | var args []string 43 | 44 | if len(p.servers) > 0 { 45 | for _, server := range p.servers { 46 | args = append(args, "-s", server) 47 | } 48 | args = AppendVolumeOptionsByVolumeName(args, req.Name) 49 | } else if serversDefinedInOpts { 50 | for _, server := range strings.Split(servers, ",") { 51 | args = append(args, "-s", server) 52 | } 53 | args = AppendVolumeOptionsByVolumeName(args, req.Name) 54 | } else { 55 | args = strings.Split(glusteropts, " ") 56 | } 57 | 58 | args = append(args, "--logger=syslog") 59 | 60 | return args 61 | } 62 | 63 | func (p *gfsDriver) PreMount(req *volume.MountRequest) error { 64 | return nil 65 | } 66 | 67 | func (p *gfsDriver) PostMount(req *volume.MountRequest) { 68 | } 69 | 70 | // AppendVolumeOptionsByVolumeName appends the command line arguments into the current argument list given the volume name 71 | func AppendVolumeOptionsByVolumeName(args []string, volumeName string) []string { 72 | parts := strings.SplitN(volumeName, "/", 2) 73 | ret := append(args, "--volfile-id="+parts[0]) 74 | if len(parts) == 2 { 75 | ret = append(ret, "--subdir-mount=/"+parts[1]) 76 | } 77 | return ret 78 | } 79 | 80 | func buildDriver() *gfsDriver { 81 | var servers []string 82 | if os.Getenv("SERVERS") != "" { 83 | servers = strings.Split(os.Getenv("SERVERS"), ",") 84 | } 85 | d := &gfsDriver{ 86 | Driver: *mountedvolume.NewDriver("glusterfs", true, "gfs", "local"), 87 | servers: servers, 88 | } 89 | 90 | if os.Getenv("SECURE_MANAGEMENT") != "" { 91 | file, err := os.Create("/var/lib/glusterd/secure-access") 92 | if err != nil { 93 | log.Fatal("Could not create secure-access file: "+err.Error()) 94 | } 95 | defer file.Close() 96 | } 97 | 98 | d.Init(d) 99 | return d 100 | } 101 | 102 | func spawnSyslog() { 103 | cmd := exec.Command("rsyslogd", "-n") 104 | cmd.Start() 105 | } 106 | 107 | func main() { 108 | spawnSyslog() 109 | d := buildDriver() 110 | defer d.Close() 111 | d.ServeUnix() 112 | } 113 | -------------------------------------------------------------------------------- /glusterfs-volume-plugin/main_test.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "reflect" 6 | "testing" 7 | ) 8 | 9 | func TestVolumeCalculation(t *testing.T) { 10 | 11 | var calculated = AppendVolumeOptionsByVolumeName([]string{"mount"}, "simplevolume") 12 | var expected = []string{"mount", "--volfile-id=simplevolume"} 13 | if !reflect.DeepEqual(calculated, expected) { 14 | fmt.Println(fmt.Errorf("%v didn't match expected", calculated)) 15 | t.Fail() 16 | } 17 | } 18 | 19 | func TestVolumeCalculationOneLevel(t *testing.T) { 20 | 21 | var calculated = AppendVolumeOptionsByVolumeName([]string{"mount"}, "simplevolume/levelone") 22 | var expected = []string{"mount", "--volfile-id=simplevolume", "--subdir-mount=/levelone"} 23 | if !reflect.DeepEqual(calculated, expected) { 24 | fmt.Println(fmt.Errorf("%v didn't match expected", calculated)) 25 | t.Fail() 26 | } 27 | } 28 | 29 | func TestVolumeCalculationTwoLevels(t *testing.T) { 30 | 31 | var calculated = AppendVolumeOptionsByVolumeName([]string{"mount"}, "simplevolume/levelone/level2") 32 | var expected = []string{"mount", "--volfile-id=simplevolume", "--subdir-mount=/levelone/level2"} 33 | if !reflect.DeepEqual(calculated, expected) { 34 | fmt.Println(fmt.Errorf("%v didn't match expected", calculated)) 35 | t.Fail() 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /glusterfs-volume-plugin/rsyslog.conf: -------------------------------------------------------------------------------- 1 | $ModLoad imuxsock 2 | $WorkDirectory /var/lib/rsyslog 3 | 4 | template(name="DockerFormat" type="list") { 5 | constant(value="glusterfs-volume-plugin: ") 6 | property(name="syslogtag") 7 | property(name="msg" spifno1stsp="on" ) 8 | property(name="msg" droplastlf="on" ) 9 | constant(value="\n") 10 | } 11 | 12 | $ActionFileDefaultTemplate DockerFormat 13 | $SystemLogSocketName /dev/log 14 | $LogRSyslogStatusMessages off 15 | 16 | *.* /proc/1/fd/1 17 | -------------------------------------------------------------------------------- /mounted-volume/codec.go: -------------------------------------------------------------------------------- 1 | package mountedvolume 2 | 3 | import ( 4 | "bytes" 5 | "encoding/gob" 6 | 7 | "github.com/boltdb/bolt" 8 | ) 9 | 10 | const ( 11 | volumeBucket = "volumes" 12 | ) 13 | 14 | func (p *mountedVolumeInfo) gobEncode() ([]byte, error) { 15 | buf := new(bytes.Buffer) 16 | enc := gob.NewEncoder(buf) 17 | err := enc.Encode(p) 18 | if err != nil { 19 | return nil, err 20 | } 21 | return buf.Bytes(), nil 22 | } 23 | 24 | func gobDecode(data []byte) (*mountedVolumeInfo, error) { 25 | var p *mountedVolumeInfo 26 | buf := bytes.NewBuffer(data) 27 | dec := gob.NewDecoder(buf) 28 | err := dec.Decode(&p) 29 | if err != nil { 30 | return nil, err 31 | } 32 | return p, nil 33 | } 34 | 35 | func (p *Driver) storeVolumeInfo(tx *bolt.Tx, volumeName string, info *mountedVolumeInfo) error { 36 | bucket := tx.Bucket([]byte(volumeBucket)) 37 | b, err := info.gobEncode() 38 | if err != nil { 39 | return err 40 | } 41 | return bucket.Put([]byte(volumeName), b) 42 | } 43 | 44 | func (p *Driver) getVolumeInfo(tx *bolt.Tx, volumeName string) (*mountedVolumeInfo, bool, error) { 45 | bucket := tx.Bucket([]byte(volumeBucket)) 46 | v := bucket.Get([]byte(volumeName)) 47 | if v == nil { 48 | return nil, false, nil 49 | } 50 | info, err := gobDecode(v) 51 | return info, true, err 52 | } 53 | 54 | func (p *Driver) getVolumeMap(tx *bolt.Tx) (map[string]mountedVolumeInfo, error) { 55 | bucket := tx.Bucket([]byte(volumeBucket)) 56 | ret := make(map[string]mountedVolumeInfo) 57 | err := bucket.ForEach(func(k, v []byte) error { 58 | info, err := gobDecode(v) 59 | if err != nil { 60 | return err 61 | } 62 | ret[string(k)] = *info 63 | return nil 64 | }) 65 | return ret, err 66 | } 67 | 68 | func (p *Driver) removeVolumeInfo(tx *bolt.Tx, volumeName string) error { 69 | bucket := tx.Bucket([]byte(volumeBucket)) 70 | return bucket.Delete([]byte(volumeName)) 71 | } 72 | -------------------------------------------------------------------------------- /mounted-volume/driver.go: -------------------------------------------------------------------------------- 1 | package mountedvolume 2 | 3 | import ( 4 | "flag" 5 | "fmt" 6 | "log" 7 | "os" 8 | "os/exec" 9 | "path" 10 | "strings" 11 | "sync" 12 | "syscall" 13 | 14 | "github.com/boltdb/bolt" 15 | "github.com/docker/go-plugins-helpers/volume" 16 | ) 17 | 18 | type mountedVolumeInfo struct { 19 | Options map[string]string 20 | MountPoint string 21 | Args []string 22 | Status map[string]interface{} 23 | } 24 | 25 | // DriverCallback inteface specifies methods that need to be 26 | // implemented. 27 | type DriverCallback interface { 28 | // Validates the creation request to make sure the options are all valid. 29 | Validate(req *volume.CreateRequest) error 30 | 31 | // MountOptions specifies the options to be added to the mount process 32 | MountOptions(req *volume.CreateRequest) []string 33 | 34 | // PreMount is called before the mount occurs. This can be used to deal with scenarios where the credential data need to be unlocked. 35 | PreMount(req *volume.MountRequest) error 36 | 37 | // PostMount is deferred after PreMount occurs. 38 | PostMount(req *volume.MountRequest) 39 | 40 | volume.Driver 41 | } 42 | 43 | // Driver extends the volume.Driver by implementing template versions 44 | // of the methods. 45 | type Driver struct { 46 | mountExecutable string 47 | mountPointAfterOptions bool 48 | dockerSocketName string 49 | volumedb *bolt.DB 50 | m *sync.RWMutex 51 | scope string 52 | DriverCallback 53 | } 54 | 55 | // Capabilities indicate to the swarm manager that this supports global scope. 56 | func (p *Driver) Capabilities() *volume.CapabilitiesResponse { 57 | return &volume.CapabilitiesResponse{Capabilities: volume.Capability{Scope: p.scope}} 58 | } 59 | 60 | // Create attempts to create the volume, if it has been created already it will 61 | // return an error if it is already present. 62 | func (p *Driver) Create(req *volume.CreateRequest) error { 63 | p.m.Lock() 64 | defer p.m.Unlock() 65 | 66 | tx, err := p.volumedb.Begin(true) 67 | if err != nil { 68 | return err 69 | } 70 | defer tx.Rollback() 71 | 72 | _, volumeExists, err := p.getVolumeInfo(tx, req.Name) 73 | if volumeExists { 74 | return fmt.Errorf("volume %s already exists", req.Name) 75 | } 76 | 77 | if err := p.Validate(req); err != nil { 78 | return err 79 | } 80 | 81 | args := p.MountOptions(req) 82 | status := make(map[string]interface{}) 83 | status["mounted"] = false 84 | status["args"] = args 85 | 86 | if err := p.storeVolumeInfo(tx, req.Name, &mountedVolumeInfo{ 87 | Options: req.Options, 88 | MountPoint: "", 89 | Args: args, 90 | Status: status, 91 | }); err != nil { 92 | return err 93 | } 94 | 95 | // Commit the transaction and check for error. 96 | if err := tx.Commit(); err != nil { 97 | return err 98 | } 99 | return nil 100 | } 101 | 102 | // Get obtain information for specific single volume. 103 | func (p *Driver) Get(req *volume.GetRequest) (*volume.GetResponse, error) { 104 | p.m.RLock() 105 | defer p.m.RUnlock() 106 | 107 | tx, err := p.volumedb.Begin(false) 108 | if err != nil { 109 | return nil, err 110 | } 111 | defer tx.Rollback() 112 | 113 | volumeInfo, volumeExists, getVolErr := p.getVolumeInfo(tx, req.Name) 114 | if !volumeExists { 115 | return &volume.GetResponse{}, fmt.Errorf("volume %s does not exist", req.Name) 116 | } 117 | if getVolErr != nil { 118 | return &volume.GetResponse{}, getVolErr 119 | } 120 | return &volume.GetResponse{ 121 | Volume: &volume.Volume{ 122 | Name: req.Name, 123 | Mountpoint: volumeInfo.MountPoint, 124 | Status: volumeInfo.Status, 125 | }, 126 | }, nil 127 | } 128 | 129 | // List obtain information for all volumes registered. 130 | func (p *Driver) List() (*volume.ListResponse, error) { 131 | p.m.RLock() 132 | defer p.m.RUnlock() 133 | 134 | tx, err := p.volumedb.Begin(false) 135 | if err != nil { 136 | return nil, err 137 | } 138 | defer tx.Rollback() 139 | 140 | var vols []*volume.Volume 141 | volumeMap, err := p.getVolumeMap(tx) 142 | for k, v := range volumeMap { 143 | vols = append(vols, &volume.Volume{ 144 | Name: k, 145 | Mountpoint: v.MountPoint, 146 | Status: v.Status, 147 | }) 148 | } 149 | return &volume.ListResponse{Volumes: vols}, nil 150 | } 151 | 152 | // Remove removes a specific volume. 153 | func (p *Driver) Remove(req *volume.RemoveRequest) error { 154 | p.m.Lock() 155 | defer p.m.Unlock() 156 | 157 | tx, err := p.volumedb.Begin(true) 158 | if err != nil { 159 | return err 160 | } 161 | defer tx.Rollback() 162 | 163 | _, volumeExists, getVolErr := p.getVolumeInfo(tx, req.Name) 164 | if !volumeExists { 165 | return fmt.Errorf("volume %s does not exist", req.Name) 166 | } 167 | if getVolErr != nil { 168 | return getVolErr 169 | } 170 | 171 | if err := p.removeVolumeInfo(tx, req.Name); err != nil { 172 | return err 173 | } 174 | return tx.Commit() 175 | } 176 | 177 | // Path Request the path to the volume with the given volume_name. 178 | // Mountpoint is blank until the Mount method is called. 179 | func (p *Driver) Path(req *volume.PathRequest) (*volume.PathResponse, error) { 180 | p.m.RLock() 181 | defer p.m.RUnlock() 182 | 183 | tx, err := p.volumedb.Begin(false) 184 | if err != nil { 185 | return nil, err 186 | } 187 | defer tx.Rollback() 188 | 189 | volumeInfo, volumeExists, getVolErr := p.getVolumeInfo(tx, req.Name) 190 | if !volumeExists { 191 | return &volume.PathResponse{}, fmt.Errorf("volume %s does not exist", req.Name) 192 | } 193 | if getVolErr != nil { 194 | return &volume.PathResponse{}, getVolErr 195 | } 196 | 197 | return &volume.PathResponse{Mountpoint: volumeInfo.MountPoint}, nil 198 | } 199 | 200 | // Mount performs the mount operation. This will invoke the mount executable. 201 | func (p *Driver) Mount(req *volume.MountRequest) (*volume.MountResponse, error) { 202 | p.m.Lock() 203 | defer p.m.Unlock() 204 | 205 | tx, err := p.volumedb.Begin(true) 206 | if err != nil { 207 | return nil, err 208 | } 209 | defer tx.Rollback() 210 | 211 | volumeInfo, volumeExists, getVolErr := p.getVolumeInfo(tx, req.Name) 212 | if !volumeExists { 213 | return &volume.MountResponse{}, fmt.Errorf("volume %s does not exist", req.Name) 214 | } 215 | if getVolErr != nil { 216 | return &volume.MountResponse{}, getVolErr 217 | } 218 | 219 | mountPoint := path.Join(volume.DefaultDockerRootDirectory, req.ID) 220 | if err := os.MkdirAll(mountPoint, 0755); err != nil { 221 | return &volume.MountResponse{}, fmt.Errorf("error mounting %s: %s", req.Name, err.Error()) 222 | } 223 | 224 | if err := p.PreMount(req); err != nil { 225 | return &volume.MountResponse{}, fmt.Errorf("error mounting %s on premount: %s", req.Name, err.Error()) 226 | } 227 | defer p.PostMount(req) 228 | 229 | var args []string 230 | if p.mountPointAfterOptions { 231 | args = append(volumeInfo.Args, mountPoint) 232 | } else { 233 | args = append(args, mountPoint) 234 | args = append(args, volumeInfo.Args...) 235 | } 236 | log.Println(args) 237 | cmd := exec.Command(p.mountExecutable, args...) 238 | if out, err := cmd.CombinedOutput(); err != nil { 239 | fmt.Printf("Command output: %s\n", out) 240 | return &volume.MountResponse{}, fmt.Errorf("error mounting %s: %s", req.Name, err.Error()) 241 | } else { 242 | cmd := exec.Command("df", "--output=fstype", mountPoint) 243 | if out, err := cmd.CombinedOutput(); err != nil || strings.Index(string(out), p.mountExecutable) < 0 { 244 | fmt.Printf("df --output=fstype: %s\n", out) 245 | return &volume.MountResponse{}, fmt.Errorf("error mounting %s:\n%s\nfstype should be %s", req.Name, out, p.mountExecutable) 246 | } 247 | } 248 | volumeInfo.MountPoint = mountPoint 249 | volumeInfo.Status["mounted"] = true 250 | p.storeVolumeInfo(tx, req.Name, volumeInfo) 251 | return &volume.MountResponse{ 252 | Mountpoint: volumeInfo.MountPoint, 253 | }, tx.Commit() 254 | } 255 | 256 | // Unmount uses the system call Unmount to do the unmounting. If the umount 257 | // call comes with EINVAL then this will log the error but will not fail the 258 | // operation. 259 | func (p *Driver) Unmount(req *volume.UnmountRequest) error { 260 | p.m.Lock() 261 | defer p.m.Unlock() 262 | 263 | tx, err := p.volumedb.Begin(true) 264 | if err != nil { 265 | return err 266 | } 267 | defer tx.Rollback() 268 | 269 | volumeInfo, volumeExists, getVolErr := p.getVolumeInfo(tx, req.Name) 270 | if !volumeExists { 271 | return fmt.Errorf("volume %s does not exist", req.Name) 272 | } 273 | if getVolErr != nil { 274 | return getVolErr 275 | } 276 | 277 | mountPoint := path.Join(volume.DefaultDockerRootDirectory, req.ID) 278 | if err := syscall.Unmount(mountPoint, 0); err != nil { 279 | errno := err.(syscall.Errno) 280 | if errno == syscall.EINVAL { 281 | log.Printf("error unmounting invalid mount %s: %s", req.Name, err.Error()) 282 | } else { 283 | return fmt.Errorf("error unmounting %s: %s", req.Name, err.Error()) 284 | } 285 | } 286 | volumeInfo.MountPoint = "" 287 | volumeInfo.Status["mounted"] = false 288 | 289 | if err := os.Remove(mountPoint); err != nil { 290 | return fmt.Errorf("error unmounting %s: %s", req.Name, err.Error()) 291 | } 292 | p.storeVolumeInfo(tx, req.Name, volumeInfo) 293 | return tx.Commit() 294 | } 295 | 296 | // Init sets the callback handler to the driver. This needs to be called 297 | // before ServeUnix() 298 | func (p *Driver) Init(callback DriverCallback) { 299 | p.DriverCallback = callback 300 | } 301 | 302 | // ServeUnix makes the handler to listen for requests in a unix socket. 303 | // It also creates the socket filebased on the driver in the right directory 304 | // for docker to read. If the "-h" argument is passed in on start up it 305 | // will simply display the usage and terminate. 306 | func (p *Driver) ServeUnix() { 307 | helpPtr := flag.Bool("h", false, "Show help") 308 | flag.Parse() 309 | if *helpPtr { 310 | flag.Usage() 311 | return 312 | } 313 | 314 | h := volume.NewHandler(p) 315 | if err := h.ServeUnix(p.dockerSocketName, 0); err != nil { 316 | log.Fatal(err) 317 | } 318 | } 319 | 320 | // Close clean up resources used by the driver 321 | func (p *Driver) Close() { 322 | p.volumedb.Close() 323 | } 324 | 325 | // NewDriver constructor for Driver 326 | func NewDriver(mountExecutable string, mountPointAfterOptions bool, dockerSocketName string, scope string) *Driver { 327 | db, err := bolt.Open(dockerSocketName+".db", 0600, nil) 328 | if err != nil { 329 | log.Fatal(err) 330 | } 331 | 332 | db.Update(func(tx *bolt.Tx) error { 333 | _, err := tx.CreateBucketIfNotExists([]byte(volumeBucket)) 334 | if err != nil { 335 | log.Fatalf("create bucket: %s", err) 336 | } 337 | return nil 338 | }) 339 | 340 | d := &Driver{ 341 | mountExecutable: mountExecutable, 342 | mountPointAfterOptions: mountPointAfterOptions, 343 | dockerSocketName: dockerSocketName, 344 | volumedb: db, 345 | scope: scope, 346 | m: &sync.RWMutex{}, 347 | } 348 | return d 349 | } 350 | -------------------------------------------------------------------------------- /mounted-volume/driver_test.go: -------------------------------------------------------------------------------- 1 | package mountedvolume 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "testing" 7 | 8 | "github.com/boltdb/bolt" 9 | "github.com/docker/go-plugins-helpers/volume" 10 | ) 11 | 12 | type testDriver struct { 13 | Driver 14 | } 15 | 16 | func (p *testDriver) Validate(req *volume.CreateRequest) error { 17 | 18 | return nil 19 | } 20 | 21 | func (p *testDriver) MountOptions(req *volume.CreateRequest) []string { 22 | 23 | var args []string 24 | return args 25 | } 26 | 27 | func TestCapabilities(t *testing.T) { 28 | d := &testDriver{ 29 | Driver: *NewDriver("glusterfs", true, "gfs1", "local"), 30 | } 31 | defer d.Close() 32 | d.Init(d) 33 | d.Capabilities() 34 | } 35 | 36 | func TestCreate(t *testing.T) { 37 | d := &testDriver{ 38 | Driver: *NewDriver("glusterfs", true, "gfs2", "local"), 39 | } 40 | defer d.Close() 41 | 42 | d.Init(d) 43 | d.Create(&volume.CreateRequest{ 44 | Name: "test", 45 | }) 46 | } 47 | 48 | func TestDatabase(t *testing.T) { 49 | 50 | d := &testDriver{ 51 | Driver: *NewDriver("glusterfs", true, "gfs3", "local"), 52 | } 53 | defer d.Close() 54 | defer os.Remove("volumes.db") 55 | 56 | status := make(map[string]interface{}) 57 | status["mounted"] = false 58 | status["args"] = "args" 59 | 60 | if err := d.volumedb.Update(func(tx *bolt.Tx) error { 61 | return d.storeVolumeInfo(tx, "test", &mountedVolumeInfo{ 62 | Options: make(map[string]string), 63 | MountPoint: "hello", 64 | Args: []string{"test", "foo"}, 65 | Status: status, 66 | }) 67 | }); err != nil { 68 | t.Fail() 69 | } 70 | 71 | if err := d.volumedb.Update(func(tx *bolt.Tx) error { 72 | return d.storeVolumeInfo(tx, "test", &mountedVolumeInfo{ 73 | Options: make(map[string]string), 74 | MountPoint: "hello-again", 75 | Args: []string{"test", "foo"}, 76 | Status: status, 77 | }) 78 | }); err != nil { 79 | t.Fail() 80 | } 81 | 82 | if err := d.volumedb.View(func(tx *bolt.Tx) error { 83 | info, exists, err := d.getVolumeInfo(tx, "test") 84 | if !exists { 85 | fmt.Print("expected to exist") 86 | t.Fail() 87 | } 88 | if info.MountPoint != "hello-again" { 89 | t.Fail() 90 | } 91 | return err 92 | 93 | }); err != nil { 94 | t.Fail() 95 | } 96 | 97 | } 98 | -------------------------------------------------------------------------------- /mounted-volume/roothider.go: -------------------------------------------------------------------------------- 1 | package mountedvolume 2 | 3 | import ( 4 | "log" 5 | "syscall" 6 | ) 7 | 8 | // HideRoot hides the root folder by performing a mount of a tmpfs on top of the /root folder. 9 | func HideRoot() error { 10 | err := syscall.Mount("tmpfs", "/root", "tmpfs", syscall.MS_RDONLY|syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV, "size=1m") 11 | if err != nil { 12 | log.Printf("unable to hide /root: %s", err) 13 | } 14 | return err 15 | } 16 | 17 | // UnhideRoot unhides the root folder by performing a unmount of the tmpfs that is on top of the /root folder. 18 | func UnhideRoot() error { 19 | err := syscall.Unmount("/root", 0) 20 | if err != nil { 21 | log.Printf("unable to unhide /root: %s", err) 22 | } 23 | return err 24 | } 25 | -------------------------------------------------------------------------------- /nfs-volume-plugin/README.md: -------------------------------------------------------------------------------- 1 | NFS Mounted Volume Plugin 2 | ========================= 3 | 4 | This plugin is deprecated due NFS is support by default using local bind mounts https://docs.docker.com/engine/reference/commandline/volume_create/. 5 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "docker-volume-plugins", 3 | "version": "2.0.9", 4 | "description": "Docker Managed Volume Plugins\r =============================", 5 | "main": "index.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "repository": { 10 | "type": "git", 11 | "url": "git+https://github.com/marcelo-ochoa/docker-volume-plugins.git" 12 | }, 13 | "author": "", 14 | "license": "ISC", 15 | "bugs": { 16 | "url": "https://github.com/marcelo-ochoa/docker-volume-plugins/issues" 17 | }, 18 | "homepage": "https://github.com/marcelo-ochoa/docker-volume-plugins#readme" 19 | } 20 | -------------------------------------------------------------------------------- /s3fs-volume-plugin/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG UBUNTU_VERSION 2 | FROM --platform=${TARGETPLATFORM:-linux/amd64} ubuntu:${UBUNTU_VERSION:-20.04} as base 3 | 4 | ENV DEBIAN_FRONTEND="noninteractive" 5 | 6 | RUN apt update && \ 7 | apt install -y s3fs curl rsyslog tini && \ 8 | mkdir -p /var/lib/rsyslog && \ 9 | apt clean && rm -rf /var/lib/apt/lists/* 10 | 11 | COPY s3fs-volume-plugin/rsyslog.conf /etc/rsyslog.conf 12 | COPY s3fs-volume-plugin/fuse.conf /etc/fuse.conf 13 | 14 | ARG GO_VERSION 15 | FROM --platform=${TARGETPLATFORM:-linux/amd64} golang:${GO_VERSION:-1.15.10}-alpine as dev 16 | 17 | RUN apk update && apk add git 18 | 19 | COPY s3fs-volume-plugin/ /go/src/github.com/marcelo-ochoa/docker-volume-plugins/s3fs-volume-plugin 20 | COPY mounted-volume/ /go/src/github.com/marcelo-ochoa/docker-volume-plugins/mounted-volume 21 | 22 | RUN cd /go/src/github.com/marcelo-ochoa/docker-volume-plugins/s3fs-volume-plugin && \ 23 | CGO_ENABLED=0 GOOS=linux go get 24 | 25 | FROM base 26 | 27 | COPY --from=dev /go/bin/s3fs-volume-plugin / 28 | -------------------------------------------------------------------------------- /s3fs-volume-plugin/README.md: -------------------------------------------------------------------------------- 1 | # S3Fs Volume Plugin 2 | 3 | This is a managed Docker volume plugin to allow Docker containers to access S3Fs volumes. The S3Fs client does not need to be installed on the host and everything is managed within the plugin. 4 | 5 | ## Caveats 6 | 7 | - Requires Docker 18.03-1 at minimum. 8 | - This is a managed plugin only, no legacy support. 9 | - In order to properly support versions use `--alias` when installing the plugin. 10 | - This only supports one S3Fs cluster per instance use `--alias` to define separate instances 11 | - The value of `AWSACCESSKEYID/AWSSECRETACCESSKEY` is initially blank it needs `docker plugin s3fs set AWSACCESSKEYID=key;docker plugin s3fs set AWSSECRETACCESSKEY=secret` if it is set then it will be used for all buckets and low level options will not be allowed. Primarily this is to control what the deployed stacks can perform. 12 | - **There is no robust error handling. So garbage in -> garbage out** 13 | 14 | ## Operating modes 15 | 16 | There are three operating modes listed in order of preference. Each are mutually exclusive and will result in an error when performing a `docker volume create` if more than one operating mode is configured. 17 | 18 | ### Just the name 19 | 20 | This is the *recommended* approach for production systems as it will prevent stacks from specifying any random server. It also prevents the stack configuration file from containing environment specific key/secrets and instead defers that knowledge to the plugin only which is set on the node level. This relies on `AWSACCESSKEYID/AWSSECRETACCESSKEY` being configured and will use the name as the volume mount set by [`docker plugin set`](https://docs.docker.com/engine/reference/commandline/plugin_set/). This can be done in an automated fashion as: 21 | 22 | docker plugin install --alias PLUGINALIAS \ 23 | mochoa/s3fs-volume-plugin \ 24 | --grant-all-permissions --disable 25 | docker plugin set PLUGINALIAS AWSACCESSKEYID=key 26 | docker plugin set PLUGINALIAS AWSSECRETACCESSKEY=secret 27 | docker plugin enable PLUGINALIAS 28 | 29 | If there is a need to have a different set of key/secrets, a separate plugin alias should be created with a different set of key/secrets. 30 | 31 | Example in docker-compose.yml: 32 | 33 | volumes: 34 | sample: 35 | driver: s3fs 36 | name: "bucket/subdir" 37 | 38 | The `volumes.x.name` specifies the bucket and optionally a subdirectory mount. The value of `name` will be used as the `-o bucket=` and `-o servicepath=` in s3fs fuse mount. Note that `volumes.x.name` must not start with `/`. 39 | 40 | ### Specify the s3fs driver opts 41 | 42 | This uses the `driver_opts.s3fsopts` to define a comma separated list s3fs options. The rules for specifying the volume is the same as the previous section. 43 | 44 | Example in docker-compose.yml assuming the alias was set as `s3fs`: 45 | 46 | volumes: 47 | sample: 48 | driver: s3fs 49 | driver_opts: 50 | s3fsopts: nomultipart,use_path_request_style 51 | name: "bucket/subdir" 52 | 53 | The `volumes.x.name` specifies the bucket and optionally a subdirectory mount. The value of `name` will be used as the `-o bucket=` and `-o servicepath=`. Note that `volumes.x.name` must not start with `/`. The values above correspond to the following mounting command: 54 | 55 | s3fs -o nomultipart,use_path_request_style,bucket=bucket,servicepath=subdir [generated_mount_point] 56 | 57 | ### Specify the options 58 | 59 | This passes the `driver_opts.s3fsopts` to the `s3fs` command followed by the generated mount point. This is the most flexible method and gives full range to the options of the S3Fs FUSE client. Example in docker-compose.yml assuming the alias was set as `s3fs`: 60 | 61 | volumes: 62 | sample: 63 | driver: s3fs 64 | driver_opts: 65 | s3fsopts: "nomultipart,use_path_request_style" 66 | name: "bucket_name/subdir" 67 | 68 | The value of `name` will be used to extract bucket and subdir information and will be appened to the value of `driver_opts.s3fsopts` connection information. 69 | For the above example it will be translated to s3fs fuse command option as: 70 | 71 | -o "nomultipart,use_path_request_style,bucket=bucket_name:/subdir" 72 | 73 | ## Testing outside the swarm 74 | 75 | This is an example of mounting and testing a store outside the swarm. It is assuming the server is called `store1` and the volume name is `mybucket`. 76 | 77 | docker plugin install mochoa/s3fs-volume-plugin --alias s3fs --grant-all-permissions --disable 78 | docker plugin set s3fs AWSACCESSKEYID=key 79 | docker plugin set s3fs AWSSECRETACCESSKEY=secret 80 | docker plugin set s3fs DEFAULT_S3FSOPTS="nomultipart,use_path_request_style" 81 | docker plugin enable s3fs 82 | docker volume create -d s3fs mybucket 83 | docker run --rm -it -v mybucket:/mnt alpine 84 | 85 | ## Testing with Oracle Cloud Object storage 86 | 87 | Sample usage Oracle Object Storage in S3 compatibilty mode, replace tenant_id and region_id with a proper value: 88 | 89 | docker plugin install mochoa/s3fs-volume-plugin --alias s3fs --grant-all-permissions --disable 90 | docker plugin set s3fs AWSACCESSKEYID=key 91 | docker plugin set s3fs AWSSECRETACCESSKEY=secret 92 | docker plugin set s3fs DEFAULT_S3FSOPTS="nomultipart,use_path_request_style,url=https://[tenant_id].compat.objectstorage.[region-id].oraclecloud.com/" 93 | docker plugin enable s3fs 94 | docker volume create -d s3fs mybucket 95 | docker run -it -v mybucket:/mnt alpine 96 | 97 | ## Testing with Linode Object storage 98 | 99 | Sample usage Oracle Object Storage in S3 compatibilty mode, replace tenant_id and region_id with a proper value: 100 | 101 | docker plugin install mochoa/s3fs-volume-plugin --alias s3fs --grant-all-permissions --disable 102 | docker plugin set s3fs AWSACCESSKEYID=key 103 | docker plugin set s3fs AWSSECRETACCESSKEY=secret 104 | docker plugin set s3fs DEFAULT_S3FSOPTS="url=https://us-southeast-1.linodeobjects.com/" 105 | docker plugin enable s3fs 106 | docker volume create -d s3fs mybucket 107 | docker run -it -v mybucket:/mnt alpine 108 | 109 | Note: Linode Object Storage required s3fs-volume-plugin built on 10/26/2021 due it required updated ca-certificate package from Ubuntu to properly work with LetsEncrypt certs used by Linode cloud. 110 | 111 | ## Quick provision on all Swarm cluster nodes 112 | 113 | This sample sent by [Vincent Sijben](https://github.com/vincentsijben) shows how to quick provision your S3Fs plugin on all Docker Swarm nodes using Digital Ocean Spaces, based on samples by Bret Fisher at 114 | 115 | plugin-s3fs: 116 | image: mavenugo/swarm-exec:17.03.0-ce 117 | secrets: 118 | - aws_accesskey_id 119 | - aws_secret_accesskey 120 | environment: 121 | - AWSACCESSKEYID_FILE=/run/secrets/aws_accesskey_id 122 | - AWSSECRETACCESSKEY_FILE=/run/secrets/aws_secret_accesskey 123 | volumes: 124 | - /var/run/docker.sock:/var/run/docker.sock 125 | command: sh -c "docker plugin install --alias s3fs mochoa/s3fs-volume-plugin --grant-all-permissions --disable AWSACCESSKEYID=$$(cat $$AWSACCESSKEYID_FILE) AWSSECRETACCESSKEY=$$(cat $$AWSSECRETACCESSKEY_FILE) DEFAULT_S3FSOPTS='allow_other,uid=1000,gid=1000,url=https://ams3.digitaloceanspaces.com,use_path_request_style,nomultipart'; docker plugin enable s3fs" 126 | deploy: 127 | mode: global 128 | restart_policy: 129 | condition: none 130 | -------------------------------------------------------------------------------- /s3fs-volume-plugin/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "description": "S3FS plugin for Docker v2.0.9", 3 | "documentation": "https://github.com/marcelo-ochoa/docker-volume-plugins/", 4 | "entrypoint": [ 5 | "/usr/bin/tini", 6 | "--", 7 | "/s3fs-volume-plugin" 8 | ], 9 | "env": [ 10 | { 11 | "name": "AWSACCESSKEYID", 12 | "settable": [ 13 | "value" 14 | ], 15 | "value": "" 16 | }, 17 | { 18 | "name": "AWSSECRETACCESSKEY", 19 | "settable": [ 20 | "value" 21 | ], 22 | "value": "" 23 | }, 24 | { 25 | "name": "DEFAULT_S3FSOPTS", 26 | "settable": [ 27 | "value" 28 | ], 29 | "value": "nomultipart,use_path_request_style" 30 | } 31 | ], 32 | "network": { 33 | "type": "host" 34 | }, 35 | "propagatedMount": "/var/lib/docker-volumes", 36 | "interface": { 37 | "types": [ 38 | "docker.volumedriver/1.0" 39 | ], 40 | "socket": "s3fs.sock" 41 | }, 42 | "linux": { 43 | "capabilities": [ 44 | "CAP_SYS_ADMIN" 45 | ], 46 | "devices": [ 47 | { 48 | "path": "/dev/fuse" 49 | } 50 | ] 51 | } 52 | } -------------------------------------------------------------------------------- /s3fs-volume-plugin/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.7' 2 | 3 | volumes: 4 | # docker plugin set mochoa/s3fs-volume-plugin:latest AWSACCESSKEYID=key 5 | # docker plugin set mochoa/s3fs-volume-plugin:latest AWSSECRETACCESSKEY="secret" 6 | # docker plugin set mochoa/s3fs-volume-plugin:latest DEFAULT_S3FSOPTS="nomultipart,use_path_request_style,url=https://[tenant].compat.objectstorage.[region].oraclecloud.com/" 7 | mybucket: 8 | driver: mochoa/s3fs-volume-plugin:latest 9 | name: "docker-shared-bucket" 10 | 11 | services: 12 | myapp: 13 | image: alpine 14 | command: sleep 1d 15 | volumes: 16 | - mybucket:/mnt 17 | -------------------------------------------------------------------------------- /s3fs-volume-plugin/fuse.conf: -------------------------------------------------------------------------------- 1 | # /etc/fuse.conf - Configuration file for Filesystem in Userspace (FUSE) 2 | 3 | # Set the maximum number of FUSE mounts allowed to non-root users. 4 | # The default is 1000. 5 | #mount_max = 1000 6 | 7 | # Allow non-root users to specify the allow_other or allow_root mount options. 8 | user_allow_other 9 | -------------------------------------------------------------------------------- /s3fs-volume-plugin/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "os/exec" 6 | "strings" 7 | 8 | "github.com/docker/go-plugins-helpers/volume" 9 | mountedvolume "github.com/marcelo-ochoa/docker-volume-plugins/mounted-volume" 10 | ) 11 | 12 | type s3fsDriver struct { 13 | defaultS3fsopts string 14 | mountedvolume.Driver 15 | } 16 | 17 | func (p *s3fsDriver) Validate(req *volume.CreateRequest) error { 18 | 19 | return nil 20 | } 21 | 22 | func (p *s3fsDriver) MountOptions(req *volume.CreateRequest) []string { 23 | 24 | s3fsopts, s3fsoptsInOpts := req.Options["s3fsopts"] 25 | 26 | var s3fsoptsArray []string 27 | if s3fsoptsInOpts { 28 | s3fsoptsArray = append(s3fsoptsArray, strings.Split(s3fsopts, ",")...) 29 | } else { 30 | s3fsoptsArray = append(s3fsoptsArray, strings.Split(p.defaultS3fsopts, ",")...) 31 | } 32 | s3fsoptsArray = AppendBucketOptionsByVolumeName(s3fsoptsArray, req.Name) 33 | 34 | return []string{"-o", strings.Join(s3fsoptsArray, ",")} 35 | } 36 | 37 | func (p *s3fsDriver) PreMount(req *volume.MountRequest) error { 38 | return nil 39 | } 40 | 41 | func (p *s3fsDriver) PostMount(req *volume.MountRequest) { 42 | } 43 | 44 | // AppendBucketOptionsByVolumeName appends the command line arguments into the current argument list given the volume name 45 | func AppendBucketOptionsByVolumeName(args []string, volumeName string) []string { 46 | parts := strings.SplitN(volumeName, "/", 2) 47 | if len(parts) == 2 { 48 | return append(args, "bucket="+parts[0]+":/"+parts[1]) 49 | } 50 | return append(args, "bucket="+parts[0]) 51 | } 52 | 53 | func buildDriver() *s3fsDriver { 54 | defaultsopts := os.Getenv("DEFAULT_S3FSOPTS") 55 | d := &s3fsDriver{ 56 | Driver: *mountedvolume.NewDriver("s3fs", false, "s3fs", "local"), 57 | defaultS3fsopts: defaultsopts, 58 | } 59 | d.Init(d) 60 | return d 61 | } 62 | 63 | func spawnSyslog() { 64 | cmd := exec.Command("rsyslogd", "-n") 65 | cmd.Start() 66 | } 67 | 68 | func main() { 69 | spawnSyslog() 70 | //log.SetFlags(0) 71 | d := buildDriver() 72 | defer d.Close() 73 | d.ServeUnix() 74 | } 75 | -------------------------------------------------------------------------------- /s3fs-volume-plugin/main_test.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "reflect" 6 | "testing" 7 | ) 8 | 9 | func TestVolumeCalculation(t *testing.T) { 10 | 11 | var calculated = AppendBucketOptionsByVolumeName([]string{"mount"}, "mybucket") 12 | var expected = []string{"mount", "bucket=mybucket"} 13 | if !reflect.DeepEqual(calculated, expected) { 14 | fmt.Println(fmt.Errorf("%v didn't match expected", calculated)) 15 | t.Fail() 16 | } 17 | } 18 | 19 | func TestVolumeCalculationOneLevel(t *testing.T) { 20 | 21 | var calculated = AppendBucketOptionsByVolumeName([]string{"mount"}, "mybucket/levelone") 22 | var expected = []string{"mount", "bucket=mybucket:/levelone"} 23 | if !reflect.DeepEqual(calculated, expected) { 24 | fmt.Println(fmt.Errorf("%v didn't match expected", calculated)) 25 | t.Fail() 26 | } 27 | } 28 | 29 | func TestVolumeCalculationTwoLevels(t *testing.T) { 30 | 31 | var calculated = AppendBucketOptionsByVolumeName([]string{"mount"}, "mybucket/levelone/level2") 32 | var expected = []string{"mount", "bucket=mybucket:/levelone/level2"} 33 | if !reflect.DeepEqual(calculated, expected) { 34 | fmt.Println(fmt.Errorf("%v didn't match expected", calculated)) 35 | t.Fail() 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /s3fs-volume-plugin/rsyslog.conf: -------------------------------------------------------------------------------- 1 | $ModLoad imuxsock 2 | $WorkDirectory /var/lib/rsyslog 3 | 4 | template(name="DockerFormat" type="list") { 5 | constant(value="s3fs-volume-plugin: ") 6 | property(name="syslogtag") 7 | property(name="msg" spifno1stsp="on" ) 8 | property(name="msg" droplastlf="on" ) 9 | constant(value="\n") 10 | } 11 | 12 | $ActionFileDefaultTemplate DockerFormat 13 | $SystemLogSocketName /dev/log 14 | $LogRSyslogStatusMessages off 15 | 16 | *.* /proc/1/fd/1 17 | --------------------------------------------------------------------------------