From 659509e40bc544f978d393baf8e5b266f0b743c7 Mon Sep 17 00:00:00 2001 From: Satoshi Tagomori Date: Tue, 18 Oct 2016 10:55:30 +0900 Subject: [PATCH 01/10] Update fluent-logger-golang to v1.2.1 This fixes a regression bug not to connect the destination node twice or more. That regression was brought by v1.2.0, and it also makes many goroutines for first reconnection (these will finish after first reconnection established). Signed-off-by: Satoshi Tagomori (cherry picked from commit 53ed17449e990f49e8eecdf71ec3704ce7118660) Signed-off-by: Victor Vieux --- hack/vendor.sh | 2 +- .../github.com/fluent/fluent-logger-golang/fluent/fluent.go | 4 ++-- .../github.com/fluent/fluent-logger-golang/fluent/version.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/hack/vendor.sh b/hack/vendor.sh index a15abdcf7ceb99c259d8e539f815bf2f1f6fe9c9..c13cc629b7725c93dc8e9942afa88b8d8ebd8f0c 100755 --- a/hack/vendor.sh +++ b/hack/vendor.sh @@ -114,7 +114,7 @@ clone git github.com/golang/protobuf 3c84672111d91bb5ac31719e112f9f7126a0e26e # gelf logging driver deps clone git github.com/Graylog2/go-gelf aab2f594e4585d43468ac57287b0dece9d806883 -clone git github.com/fluent/fluent-logger-golang v1.2.0 +clone git github.com/fluent/fluent-logger-golang v1.2.1 # fluent-logger-golang deps clone git github.com/philhofer/fwd 899e4efba8eaa1fea74175308f3fae18ff3319fa clone git github.com/tinylib/msgp 75ee40d2601edf122ef667e2a07d600d4c44490c diff --git a/vendor/src/github.com/fluent/fluent-logger-golang/fluent/fluent.go b/vendor/src/github.com/fluent/fluent-logger-golang/fluent/fluent.go index 7363fa3f1e1f9a8f76e28bc1e5607087a0e4ca5a..655f6233ca0aeaecdf6031820b1277f5c69bd0c5 100644 --- a/vendor/src/github.com/fluent/fluent-logger-golang/fluent/fluent.go +++ b/vendor/src/github.com/fluent/fluent-logger-golang/fluent/fluent.go @@ -78,7 +78,7 @@ func New(config Config) (f *Fluent, err error) { } if config.AsyncConnect { f = &Fluent{Config: config, reconnecting: true} - f.reconnect() + go f.reconnect() } else { f = &Fluent{Config: config, reconnecting: false} err = f.connect() @@ -254,7 +254,7 @@ func (f *Fluent) connect() (err error) { err = net.UnknownNetworkError(f.Config.FluentNetwork) } - if err != nil { + if err == nil { f.reconnecting = false } return diff --git a/vendor/src/github.com/fluent/fluent-logger-golang/fluent/version.go b/vendor/src/github.com/fluent/fluent-logger-golang/fluent/version.go index 3d8ad3ee11b687228fcd989d86c5dcdfff6c4fdd..8904726ddbf72093ef8310f9656f5b1752b0346c 100644 --- a/vendor/src/github.com/fluent/fluent-logger-golang/fluent/version.go +++ b/vendor/src/github.com/fluent/fluent-logger-golang/fluent/version.go @@ -1,3 +1,3 @@ package fluent -const Version = "1.1.0" +const Version = "1.2.1" From 72875b0d01141eeacf378a6d40f11f98a29640ba Mon Sep 17 00:00:00 2001 From: Jean-Christophe Berthon Date: Sat, 15 Oct 2016 21:50:27 +0000 Subject: [PATCH 02/10] builder: Add AppArmor to runc buildtags for armhf On Raspbian and Debian Jessie for ARMv7 (aka armhf), the builtags for runc were missing. These buildtags should include 'apparmor' and 'selinux'. Signed-off-by: Jean-Christophe Berthon (cherry picked from commit e0c7300e3b2abea3d32d591fb01ee798ff59e0d4) Signed-off-by: Victor Vieux --- contrib/builder/deb/armhf/debian-jessie/Dockerfile | 1 + contrib/builder/deb/armhf/raspbian-jessie/Dockerfile | 1 + 2 files changed, 2 insertions(+) diff --git a/contrib/builder/deb/armhf/debian-jessie/Dockerfile b/contrib/builder/deb/armhf/debian-jessie/Dockerfile index be6eb273c38bd9dce7d7668ddfd949425348b702..6ed92c4f3c2e6a058739d7dbc9732c38a178e81e 100644 --- a/contrib/builder/deb/armhf/debian-jessie/Dockerfile +++ b/contrib/builder/deb/armhf/debian-jessie/Dockerfile @@ -12,3 +12,4 @@ ENV PATH $PATH:/usr/local/go/bin ENV AUTO_GOPATH 1 ENV DOCKER_BUILDTAGS apparmor selinux +ENV RUNC_BUILDTAGS apparmor selinux diff --git a/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile b/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile index 2eae9ce4072d7ae9b7cd0ae5a0379bb57b95c57e..f68d81bb70359bb52748782fb86683baba66fc36 100644 --- a/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile +++ b/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile @@ -13,3 +13,4 @@ ENV PATH $PATH:/usr/local/go/bin ENV AUTO_GOPATH 1 ENV DOCKER_BUILDTAGS apparmor selinux +ENV RUNC_BUILDTAGS apparmor selinux From 351799f4f09fcdf4e3863cfd740c2f84348852dd Mon Sep 17 00:00:00 2001 From: Thomas Leonard Date: Fri, 14 Oct 2016 15:26:47 +0100 Subject: [PATCH 03/10] Reset health status to starting when a container is restarted Signed-off-by: Thomas Leonard (cherry picked from commit b8793cff48fc4c1b702917ebc528ca0c60fb3397) Signed-off-by: Victor Vieux --- daemon/health.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/daemon/health.go b/daemon/health.go index 734350047fd894b5ca0dda739bd993bc9b1f2b2e..1c8e8ed35aef1d4a7b927711ef785052f7ef201a 100644 --- a/daemon/health.go +++ b/daemon/health.go @@ -251,7 +251,10 @@ func (d *Daemon) initHealthMonitor(c *container.Container) { // This is needed in case we're auto-restarting d.stopHealthchecks(c) - if c.State.Health == nil { + if h := c.State.Health; h != nil { + h.Status = types.Starting + h.FailingStreak = 0 + } else { h := &container.Health{} h.Status = types.Starting c.State.Health = h From 1552aa3d9ad229697d4e98626cb76ba6eeca1c0e Mon Sep 17 00:00:00 2001 From: Felix Ruess Date: Wed, 12 Oct 2016 20:39:58 +0200 Subject: [PATCH 04/10] builder: update deb armhf ubuntu-trusty buildtags Signed-off-by: Felix Ruess (cherry picked from commit 63515bc59e5be4cebaa475ec4c8fe992a6c1107d) Signed-off-by: Victor Vieux --- contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile b/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile index fceefeaf74367a84f108d62602a25f306a5c0dfd..ccc4316fd6f553716a796bee71d20305c6a0ab24 100644 --- a/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile +++ b/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile @@ -1,10 +1,12 @@ FROM armhf/ubuntu:trusty -RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev pkg-config libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* ENV GO_VERSION 1.6.3 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin ENV AUTO_GOPATH 1 -ENV DOCKER_BUILDTAGS apparmor selinux + +ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux +ENV RUNC_BUILDTAGS apparmor selinux From 7ae3379a64373fb80120399292e7aacb3569e6c0 Mon Sep 17 00:00:00 2001 From: allencloud Date: Tue, 4 Oct 2016 10:29:21 +0800 Subject: [PATCH 05/10] add lock in libcontainerd client AddProcess of Windows Signed-off-by: allencloud (cherry picked from commit 5143be0ccf70c7cb2acc2aa39fd7ec47450e5daa) Signed-off-by: Victor Vieux --- daemon/daemon.go | 1 + libcontainerd/client_windows.go | 1 + 2 files changed, 2 insertions(+) diff --git a/daemon/daemon.go b/daemon/daemon.go index 0a3265ff0250f8691eb1e02e8439e74abd8b1796..8c8d6dafc28892c3731e79cb6ce3b59928714216 100644 --- a/daemon/daemon.go +++ b/daemon/daemon.go @@ -606,6 +606,7 @@ func NewDaemon(config *Config, registryService registry.Service, containerdRemot return nil, err } + // Plugin system initialization should happen before restore. Do not change order. if err := pluginInit(d, config, containerdRemote); err != nil { return nil, err } diff --git a/libcontainerd/client_windows.go b/libcontainerd/client_windows.go index cfaec46c986e5b41a1145349c5835c47ed9ae6c9..431574a4d3f8353fe3be53c1bdfedc6df9637451 100644 --- a/libcontainerd/client_windows.go +++ b/libcontainerd/client_windows.go @@ -255,6 +255,7 @@ func (clnt *client) AddProcess(ctx context.Context, containerID, processFriendly // Tell the engine to attach streams back to the client if err := clnt.backend.AttachStreams(processFriendlyName, *iopipe); err != nil { + clnt.lock(containerID) return err } From 16f11aef3ce80e576f24371ffb7531d54eb96348 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Fri, 30 Sep 2016 11:46:37 -0700 Subject: [PATCH 06/10] Fix error reporting in `CopyFileWithTar` Signed-off-by: Tonis Tiigi (cherry picked from commit 57e12037ac8f8eb48cc05979c3030853d011dfea) Signed-off-by: Victor Vieux --- pkg/archive/archive.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/archive/archive.go b/pkg/archive/archive.go index ad3d65b2fc6dda88c2988d7ad702bc3511707b2b..98b5e2fbb4959c94391457f87dbe35eefa957e26 100644 --- a/pkg/archive/archive.go +++ b/pkg/archive/archive.go @@ -1040,7 +1040,7 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) { return nil }) defer func() { - if er := <-errC; err != nil { + if er := <-errC; err == nil && er != nil { err = er } }() From defb41068cea8a8f5678bd2d246d32ec9a113c43 Mon Sep 17 00:00:00 2001 From: allencloud Date: Thu, 29 Sep 2016 15:35:00 +0800 Subject: [PATCH 07/10] add \n in engine labels display in docker node inspect xxx --pretty Signed-off-by: allencloud (cherry picked from commit ddec4c3ee4e51cb62060f752777bdd32e86607e3) Signed-off-by: Victor Vieux --- api/client/node/inspect.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/api/client/node/inspect.go b/api/client/node/inspect.go index 6fcd78e932413083f816f9d81216a0a714de8a25..6877d94f538700cbc8d0afc43af360887ad43eb1 100644 --- a/api/client/node/inspect.go +++ b/api/client/node/inspect.go @@ -137,8 +137,7 @@ func printNode(out io.Writer, node swarm.Node) { if len(node.Description.Engine.Labels) != 0 { fmt.Fprintln(out, "Engine Labels:") for k, v := range node.Description.Engine.Labels { - fmt.Fprintf(out, " - %s = %s", k, v) + fmt.Fprintf(out, " - %s = %s\n", k, v) } } - } From 3b9269760cd21c531030c567814f7d8e16e2a717 Mon Sep 17 00:00:00 2001 From: Kay Yan Date: Fri, 30 Sep 2016 15:54:47 +0800 Subject: [PATCH 08/10] Fix conversion of restart-policy from GRPC restart-condition for services from "on_failure" to "on-failure". Since GRPC does not support dashes in properties, this change added a conversion when _setting_ the restart-condition. However, when inspecting a service, no conversion took place from the internal GRPC value, resulting in "on_failure" to be shown. This change updates the conversion to fix this, and removes a "hack" that was previously used for this, now using a Switch to compare to actual types. Before this change: docker service create --name web --restart-condition=on-failure nginx:alpine docker service inspect --format '{{ json .Spec.TaskTemplate.RestartPolicy }}' web {"Condition":"on_failure","MaxAttempts":0} Afer this change: docker service create --name web --restart-condition=on-failure nginx:alpine docker service inspect --format '{{ json .Spec.TaskTemplate.RestartPolicy }}' web {"Condition":"on-failure","MaxAttempts":0} Signed-off-by: Kay Yan (cherry picked from commit bc32fcabebb5f3a83d47c00d85317ce82c963edf) Signed-off-by: Victor Vieux --- daemon/cluster/convert/service.go | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/daemon/cluster/convert/service.go b/daemon/cluster/convert/service.go index 75e7c3bcfa920ff45944817aaf1ad8958b7e30d7..e18d67c3536764faf18f3d288a3362328b2db73a 100644 --- a/daemon/cluster/convert/service.go +++ b/daemon/cluster/convert/service.go @@ -236,7 +236,18 @@ func restartPolicyFromGRPC(p *swarmapi.RestartPolicy) *types.RestartPolicy { var rp *types.RestartPolicy if p != nil { rp = &types.RestartPolicy{} - rp.Condition = types.RestartPolicyCondition(strings.ToLower(p.Condition.String())) + + switch p.Condition { + case swarmapi.RestartOnNone: + rp.Condition = types.RestartPolicyConditionNone + case swarmapi.RestartOnFailure: + rp.Condition = types.RestartPolicyConditionOnFailure + case swarmapi.RestartOnAny: + rp.Condition = types.RestartPolicyConditionAny + default: + rp.Condition = types.RestartPolicyConditionAny + } + if p.Delay != nil { delay, _ := ptypes.Duration(p.Delay) rp.Delay = &delay @@ -255,13 +266,19 @@ func restartPolicyToGRPC(p *types.RestartPolicy) (*swarmapi.RestartPolicy, error var rp *swarmapi.RestartPolicy if p != nil { rp = &swarmapi.RestartPolicy{} - sanatizedCondition := strings.ToUpper(strings.Replace(string(p.Condition), "-", "_", -1)) - if condition, ok := swarmapi.RestartPolicy_RestartCondition_value[sanatizedCondition]; ok { - rp.Condition = swarmapi.RestartPolicy_RestartCondition(condition) - } else if string(p.Condition) == "" { + + switch p.Condition { + case types.RestartPolicyConditionNone: + rp.Condition = swarmapi.RestartOnNone + case types.RestartPolicyConditionOnFailure: + rp.Condition = swarmapi.RestartOnFailure + case types.RestartPolicyConditionAny: + rp.Condition = swarmapi.RestartOnAny + default: + if string(p.Condition) != "" { + return nil, fmt.Errorf("invalid RestartCondition: %q", p.Condition) + } rp.Condition = swarmapi.RestartOnAny - } else { - return nil, fmt.Errorf("invalid RestartCondition: %q", p.Condition) } if p.Delay != nil { From 3f21a28ec03cc981eb7f8c00311c4c37a534a42e Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Thu, 20 Oct 2016 15:34:23 -0700 Subject: [PATCH 09/10] chroot: let root be cleaned up by kernel Signed-off-by: Tonis Tiigi (cherry picked from commit 70dfea63ba2a8a6d8b367420039aeb6a1759c240) Signed-off-by: Victor Vieux --- pkg/chrootarchive/chroot_linux.go | 7 ------- 1 file changed, 7 deletions(-) diff --git a/pkg/chrootarchive/chroot_linux.go b/pkg/chrootarchive/chroot_linux.go index cefbef9df49ed5fb04d3a7c409f957d54ba36770..34d1b8c37eb1b7fb3cc2c6ebcc36cb98ab7fc241 100644 --- a/pkg/chrootarchive/chroot_linux.go +++ b/pkg/chrootarchive/chroot_linux.go @@ -52,13 +52,6 @@ func chroot(path string) (err error) { err = errCleanup } } - - if errCleanup := syscall.Unmount("/", syscall.MNT_DETACH); errCleanup != nil { - if err == nil { - err = fmt.Errorf("error unmounting root: %v", errCleanup) - } - return - } }() if err := syscall.PivotRoot(path, pivotDir); err != nil { From a8ffa0128caf8713ec861c3d9fef24cb32097580 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Thu, 20 Oct 2016 15:29:23 -0700 Subject: [PATCH 10/10] chroot: remount everything as private in new mntns If parent of the destination path is shared, this path will be unmounted from the parent ns even if the path itself is private. Signed-off-by: Tonis Tiigi (cherry picked from commit b511d1f0cabd32ca30c87fa1bbc7ecac283dab39) Signed-off-by: Victor Vieux --- pkg/chrootarchive/chroot_linux.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkg/chrootarchive/chroot_linux.go b/pkg/chrootarchive/chroot_linux.go index 34d1b8c37eb1b7fb3cc2c6ebcc36cb98ab7fc241..f491d89768ac6a34c2ffedcb3d668592068b2e5f 100644 --- a/pkg/chrootarchive/chroot_linux.go +++ b/pkg/chrootarchive/chroot_linux.go @@ -21,7 +21,12 @@ func chroot(path string) (err error) { return fmt.Errorf("Error creating mount namespace before pivot: %v", err) } - if err := mount.MakeRPrivate(path); err != nil { + // make everything in new ns private + if err := mount.MakeRPrivate("/"); err != nil { + return err + } + // ensure path is a mountpoint + if err := mount.MakePrivate(path); err != nil { return err }