package docker import ( "bytes" "context" "io" "io/ioutil" "strconv" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/network" "github.com/docker/docker/api/types/strslice" "github.com/docker/docker/client" "github.com/portainer/portainer" "github.com/portainer/portainer/archive" ) // JobService represents a service that handles the execution of jobs type JobService struct { dockerClientFactory *ClientFactory } // NewJobService returns a pointer to a new job service func NewJobService(dockerClientFactory *ClientFactory) *JobService { return &JobService{ dockerClientFactory: dockerClientFactory, } } // ExecuteScript will leverage a privileged container to execute a script against the specified endpoint/nodename. // It will copy the script content specified as a parameter inside a container based on the specified image and execute it. func (service *JobService) ExecuteScript(endpoint *portainer.Endpoint, nodeName, image string, script []byte, schedule *portainer.Schedule) error { buffer, err := archive.TarFileInBuffer(script, "script.sh", 0700) if err != nil { return err } cli, err := service.dockerClientFactory.CreateClient(endpoint, nodeName) if err != nil { return err } defer cli.Close() _, err = cli.Ping(context.Background()) if err != nil { return portainer.ErrUnableToPingEndpoint } err = pullImage(cli, image) if err != nil { return err } containerConfig := &container.Config{ AttachStdin: true, AttachStdout: true, AttachStderr: true, Tty: true, WorkingDir: "/tmp", Image: image, Labels: map[string]string{ "io.portainer.job.endpoint": strconv.Itoa(int(endpoint.ID)), }, Cmd: strslice.StrSlice([]string{"sh", "/tmp/script.sh"}), } if schedule != nil { containerConfig.Labels["io.portainer.schedule.id"] = strconv.Itoa(int(schedule.ID)) } hostConfig := &container.HostConfig{ Binds: []string{"/:/host", "/etc:/etc:ro", "/usr:/usr:ro", "/run:/run:ro", "/sbin:/sbin:ro", "/var:/var:ro"}, NetworkMode: "host", Privileged: true, } networkConfig := &network.NetworkingConfig{} body, err := cli.ContainerCreate(context.Background(), containerConfig, hostConfig, networkConfig, "") if err != nil { return err } if schedule != nil { err = cli.ContainerRename(context.Background(), body.ID, schedule.Name+"_"+body.ID) if err != nil { return err } } copyOptions := types.CopyToContainerOptions{} err = cli.CopyToContainer(context.Background(), body.ID, "/tmp", bytes.NewReader(buffer), copyOptions) if err != nil { return err } startOptions := types.ContainerStartOptions{} return cli.ContainerStart(context.Background(), body.ID, startOptions) } func pullImage(cli *client.Client, image string) error { imageReadCloser, err := cli.ImagePull(context.Background(), image, types.ImagePullOptions{}) if err != nil { return err } defer imageReadCloser.Close() _, err = io.Copy(ioutil.Discard, imageReadCloser) if err != nil { return err } return nil }