Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add CapabilityAdd property to ContainerSpec object #2746

Open
mit0223 opened this issue Jan 16, 2021 · 2 comments
Open

add CapabilityAdd property to ContainerSpec object #2746

mit0223 opened this issue Jan 16, 2021 · 2 comments

Comments

@mit0223
Copy link

mit0223 commented Jan 16, 2021

Hi,

The docker swarmkit now provides the ability to add capabilities, could docker-py also provide this functionality?
Specifically, I'd like to add a CapabilityAdd attribute to the ContainerSpec object. Here is an example of adding capability with the docker update service command.

$ docker service update --cap-add=NET_ADMIN powerdns
$ docker service inspect powerdns
[
    {
        "ID": "2s7is1p0guiscst0ehzhozrrj",
        "Version": {
            "Index": 3629
        },
        "CreatedAt": "2021-01-16T08:01:33.229833915Z",
        "UpdatedAt": "2021-01-16T08:02:29.886049603Z",
        "Spec": {
            "Name": "powerdns",
            "Labels": {
                "HIVE_STANDALONE": "False"
            },
            "TaskTemplate": {
                "ContainerSpec": {
                    "Image": "procube/powerdns:latest",
                    "Args": [
                        "--api=yes",
                        "--api-key=0JqYhIIsSBEocsI",
                        "--webserver=yes",
                        "--webserver-address=0.0.0.0",
                        "--webserver-allow-from=0.0.0.0/0"
                    ],
                    "Hostname": "powerdns",
                    "Env": [
                        "HTTPS_PROXY=",
                        "HTTP_PROXY=",
                        "MYSQL_CHECK_INTERVAL=10",
                        "MYSQL_DNSSEC=yes",
                        "MYSQL_HOST=pdnsdb",
                        "MYSQL_PASSWORD=0JqYhIIsSBEocsI",
                        "NO_PROXY=",
                        "PDNSCONF_DEFAULT_SOA_NAME=p-hive0.procube-demo.jp",
                        "TEST1=testprocube-demo.jp",
                        "TEST2=p-hive0.",
                        "TEST3=procube-demo.jp",
                        "http_proxy=",
                        "https_proxy=",
                        "no_proxy="
                    ],
                    "StopGracePeriod": 10000000000,
                    "DNSConfig": {},
                    "Isolation": "default",
                    "CapabilityAdd": [
                        "CAP_NET_ADMIN"
                    ]
                },
                "Resources": {},
                "RestartPolicy": {
                    "Condition": "any",
                    "Delay": 5000000000,
                    "MaxAttempts": 0
                },
                "Placement": {},
                "Networks": [
                    {
                        "Target": "mbybcwqmet0xy9my0gc3598he"
                    }
                ],
                "LogDriver": {
                    "Name": "syslog",
                    "Options": {
                        "syslog-address": "udp://p-hive0.pdns:10514",
                        "syslog-facility": "local0",
                        "tag": "powerdns"
                    }
                },
                "ForceUpdate": 0,
                "Runtime": "container"
            },
Omit the following

docker version

$ pip freeze | grep docker && python --version && docker version
docker==4.4.1
docker-compose==1.27.4
dockerpty==0.4.1
Python 3.6.8
Client: Docker Engine - Community
 Version:           20.10.2
 API version:       1.41
 Go version:        go1.13.15
 Git commit:        2291f61
 Built:             Mon Dec 28 16:17:40 2020
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.2
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       8891c58
  Built:            Mon Dec 28 16:15:09 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.4.3
  GitCommit:        269548fa27e0089a8b8278fc4fc781d7f65a939b
 runc:
  Version:          1.0.0-rc92
  GitCommit:        ff819c7e9184c13b7c2607fe6c30ae19403a7aff
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
@feliperuhland
Copy link
Contributor

Hi @mit0223

I opened Pull Request #2809 a few days ago, implementing that option.

Feel free to review the PR and comment if something is missing.

Have a nice day :)

@mit0223
Copy link
Author

mit0223 commented Apr 13, 2021

Hi @feliperuhland

Thanks for your pull request.
My next step is to get ansible's docker_swarm_service module to support this property
so that chrony's service can be started with CapabilityAdd: SYS_TIME.

I'm waiting for this pull request to be officially released.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@feliperuhland @mit0223