From 659509e40bc544f978d393baf8e5b266f0b743c7 Mon Sep 17 00:00:00 2001 From: Satoshi Tagomori Date: Tue, 18 Oct 2016 10:55:30 +0900 Subject: [PATCH 01/10] Update fluent-logger-golang to v1.2.1 This fixes a regression bug not to connect the destination node twice or more. That regression was brought by v1.2.0, and it also makes many goroutines for first reconnection (these will finish after first reconnection established). Signed-off-by: Satoshi Tagomori (cherry picked from commit 53ed17449e990f49e8eecdf71ec3704ce7118660) Signed-off-by: Victor Vieux --- hack/vendor.sh | 2 +- .../github.com/fluent/fluent-logger-golang/fluent/fluent.go | 4 ++-- .../github.com/fluent/fluent-logger-golang/fluent/version.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/hack/vendor.sh b/hack/vendor.sh index a15abdcf7c..c13cc629b7 100755 --- a/hack/vendor.sh +++ b/hack/vendor.sh @@ -114,7 +114,7 @@ clone git github.com/golang/protobuf 3c84672111d91bb5ac31719e112f9f7126a0e26e # gelf logging driver deps clone git github.com/Graylog2/go-gelf aab2f594e4585d43468ac57287b0dece9d806883 -clone git github.com/fluent/fluent-logger-golang v1.2.0 +clone git github.com/fluent/fluent-logger-golang v1.2.1 # fluent-logger-golang deps clone git github.com/philhofer/fwd 899e4efba8eaa1fea74175308f3fae18ff3319fa clone git github.com/tinylib/msgp 75ee40d2601edf122ef667e2a07d600d4c44490c diff --git a/vendor/src/github.com/fluent/fluent-logger-golang/fluent/fluent.go b/vendor/src/github.com/fluent/fluent-logger-golang/fluent/fluent.go index 7363fa3f1e..655f6233ca 100644 --- a/vendor/src/github.com/fluent/fluent-logger-golang/fluent/fluent.go +++ b/vendor/src/github.com/fluent/fluent-logger-golang/fluent/fluent.go @@ -78,7 +78,7 @@ func New(config Config) (f *Fluent, err error) { } if config.AsyncConnect { f = &Fluent{Config: config, reconnecting: true} - f.reconnect() + go f.reconnect() } else { f = &Fluent{Config: config, reconnecting: false} err = f.connect() @@ -254,7 +254,7 @@ func (f *Fluent) connect() (err error) { err = net.UnknownNetworkError(f.Config.FluentNetwork) } - if err != nil { + if err == nil { f.reconnecting = false } return diff --git a/vendor/src/github.com/fluent/fluent-logger-golang/fluent/version.go b/vendor/src/github.com/fluent/fluent-logger-golang/fluent/version.go index 3d8ad3ee11..8904726ddb 100644 --- a/vendor/src/github.com/fluent/fluent-logger-golang/fluent/version.go +++ b/vendor/src/github.com/fluent/fluent-logger-golang/fluent/version.go @@ -1,3 +1,3 @@ package fluent -const Version = "1.1.0" +const Version = "1.2.1" From 72875b0d01141eeacf378a6d40f11f98a29640ba Mon Sep 17 00:00:00 2001 From: Jean-Christophe Berthon Date: Sat, 15 Oct 2016 21:50:27 +0000 Subject: [PATCH 02/10] builder: Add AppArmor to runc buildtags for armhf On Raspbian and Debian Jessie for ARMv7 (aka armhf), the builtags for runc were missing. These buildtags should include 'apparmor' and 'selinux'. Signed-off-by: Jean-Christophe Berthon (cherry picked from commit e0c7300e3b2abea3d32d591fb01ee798ff59e0d4) Signed-off-by: Victor Vieux --- contrib/builder/deb/armhf/debian-jessie/Dockerfile | 1 + contrib/builder/deb/armhf/raspbian-jessie/Dockerfile | 1 + 2 files changed, 2 insertions(+) diff --git a/contrib/builder/deb/armhf/debian-jessie/Dockerfile b/contrib/builder/deb/armhf/debian-jessie/Dockerfile index be6eb273c3..6ed92c4f3c 100644 --- a/contrib/builder/deb/armhf/debian-jessie/Dockerfile +++ b/contrib/builder/deb/armhf/debian-jessie/Dockerfile @@ -12,3 +12,4 @@ ENV PATH $PATH:/usr/local/go/bin ENV AUTO_GOPATH 1 ENV DOCKER_BUILDTAGS apparmor selinux +ENV RUNC_BUILDTAGS apparmor selinux diff --git a/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile b/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile index 2eae9ce407..f68d81bb70 100644 --- a/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile +++ b/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile @@ -13,3 +13,4 @@ ENV PATH $PATH:/usr/local/go/bin ENV AUTO_GOPATH 1 ENV DOCKER_BUILDTAGS apparmor selinux +ENV RUNC_BUILDTAGS apparmor selinux From 351799f4f09fcdf4e3863cfd740c2f84348852dd Mon Sep 17 00:00:00 2001 From: Thomas Leonard Date: Fri, 14 Oct 2016 15:26:47 +0100 Subject: [PATCH 03/10] Reset health status to starting when a container is restarted Signed-off-by: Thomas Leonard (cherry picked from commit b8793cff48fc4c1b702917ebc528ca0c60fb3397) Signed-off-by: Victor Vieux --- daemon/health.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/daemon/health.go b/daemon/health.go index 734350047f..1c8e8ed35a 100644 --- a/daemon/health.go +++ b/daemon/health.go @@ -251,7 +251,10 @@ func (d *Daemon) initHealthMonitor(c *container.Container) { // This is needed in case we're auto-restarting d.stopHealthchecks(c) - if c.State.Health == nil { + if h := c.State.Health; h != nil { + h.Status = types.Starting + h.FailingStreak = 0 + } else { h := &container.Health{} h.Status = types.Starting c.State.Health = h From 1552aa3d9ad229697d4e98626cb76ba6eeca1c0e Mon Sep 17 00:00:00 2001 From: Felix Ruess Date: Wed, 12 Oct 2016 20:39:58 +0200 Subject: [PATCH 04/10] builder: update deb armhf ubuntu-trusty buildtags Signed-off-by: Felix Ruess (cherry picked from commit 63515bc59e5be4cebaa475ec4c8fe992a6c1107d) Signed-off-by: Victor Vieux --- contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile b/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile index fceefeaf74..ccc4316fd6 100644 --- a/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile +++ b/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile @@ -1,10 +1,12 @@ FROM armhf/ubuntu:trusty -RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev pkg-config libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* ENV GO_VERSION 1.6.3 RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin ENV AUTO_GOPATH 1 -ENV DOCKER_BUILDTAGS apparmor selinux + +ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux +ENV RUNC_BUILDTAGS apparmor selinux From 7ae3379a64373fb80120399292e7aacb3569e6c0 Mon Sep 17 00:00:00 2001 From: allencloud Date: Tue, 4 Oct 2016 10:29:21 +0800 Subject: [PATCH 05/10] add lock in libcontainerd client AddProcess of Windows Signed-off-by: allencloud (cherry picked from commit 5143be0ccf70c7cb2acc2aa39fd7ec47450e5daa) Signed-off-by: Victor Vieux --- daemon/daemon.go | 1 + libcontainerd/client_windows.go | 1 + 2 files changed, 2 insertions(+) diff --git a/daemon/daemon.go b/daemon/daemon.go index 0a3265ff02..8c8d6dafc2 100644 --- a/daemon/daemon.go +++ b/daemon/daemon.go @@ -606,6 +606,7 @@ func NewDaemon(config *Config, registryService registry.Service, containerdRemot return nil, err } + // Plugin system initialization should happen before restore. Do not change order. if err := pluginInit(d, config, containerdRemote); err != nil { return nil, err } diff --git a/libcontainerd/client_windows.go b/libcontainerd/client_windows.go index cfaec46c98..431574a4d3 100644 --- a/libcontainerd/client_windows.go +++ b/libcontainerd/client_windows.go @@ -255,6 +255,7 @@ func (clnt *client) AddProcess(ctx context.Context, containerID, processFriendly // Tell the engine to attach streams back to the client if err := clnt.backend.AttachStreams(processFriendlyName, *iopipe); err != nil { + clnt.lock(containerID) return err } From 16f11aef3ce80e576f24371ffb7531d54eb96348 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Fri, 30 Sep 2016 11:46:37 -0700 Subject: [PATCH 06/10] Fix error reporting in `CopyFileWithTar` Signed-off-by: Tonis Tiigi (cherry picked from commit 57e12037ac8f8eb48cc05979c3030853d011dfea) Signed-off-by: Victor Vieux --- pkg/archive/archive.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/archive/archive.go b/pkg/archive/archive.go index ad3d65b2fc..98b5e2fbb4 100644 --- a/pkg/archive/archive.go +++ b/pkg/archive/archive.go @@ -1040,7 +1040,7 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) { return nil }) defer func() { - if er := <-errC; err != nil { + if er := <-errC; err == nil && er != nil { err = er } }() From defb41068cea8a8f5678bd2d246d32ec9a113c43 Mon Sep 17 00:00:00 2001 From: allencloud Date: Thu, 29 Sep 2016 15:35:00 +0800 Subject: [PATCH 07/10] add \n in engine labels display in docker node inspect xxx --pretty Signed-off-by: allencloud (cherry picked from commit ddec4c3ee4e51cb62060f752777bdd32e86607e3) Signed-off-by: Victor Vieux --- api/client/node/inspect.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/api/client/node/inspect.go b/api/client/node/inspect.go index 6fcd78e932..6877d94f53 100644 --- a/api/client/node/inspect.go +++ b/api/client/node/inspect.go @@ -137,8 +137,7 @@ func printNode(out io.Writer, node swarm.Node) { if len(node.Description.Engine.Labels) != 0 { fmt.Fprintln(out, "Engine Labels:") for k, v := range node.Description.Engine.Labels { - fmt.Fprintf(out, " - %s = %s", k, v) + fmt.Fprintf(out, " - %s = %s\n", k, v) } } - } From 3b9269760cd21c531030c567814f7d8e16e2a717 Mon Sep 17 00:00:00 2001 From: Kay Yan Date: Fri, 30 Sep 2016 15:54:47 +0800 Subject: [PATCH 08/10] Fix conversion of restart-policy from GRPC restart-condition for services from "on_failure" to "on-failure". Since GRPC does not support dashes in properties, this change added a conversion when _setting_ the restart-condition. However, when inspecting a service, no conversion took place from the internal GRPC value, resulting in "on_failure" to be shown. This change updates the conversion to fix this, and removes a "hack" that was previously used for this, now using a Switch to compare to actual types. Before this change: docker service create --name web --restart-condition=on-failure nginx:alpine docker service inspect --format '{{ json .Spec.TaskTemplate.RestartPolicy }}' web {"Condition":"on_failure","MaxAttempts":0} Afer this change: docker service create --name web --restart-condition=on-failure nginx:alpine docker service inspect --format '{{ json .Spec.TaskTemplate.RestartPolicy }}' web {"Condition":"on-failure","MaxAttempts":0} Signed-off-by: Kay Yan (cherry picked from commit bc32fcabebb5f3a83d47c00d85317ce82c963edf) Signed-off-by: Victor Vieux --- daemon/cluster/convert/service.go | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/daemon/cluster/convert/service.go b/daemon/cluster/convert/service.go index 75e7c3bcfa..e18d67c353 100644 --- a/daemon/cluster/convert/service.go +++ b/daemon/cluster/convert/service.go @@ -236,7 +236,18 @@ func restartPolicyFromGRPC(p *swarmapi.RestartPolicy) *types.RestartPolicy { var rp *types.RestartPolicy if p != nil { rp = &types.RestartPolicy{} - rp.Condition = types.RestartPolicyCondition(strings.ToLower(p.Condition.String())) + + switch p.Condition { + case swarmapi.RestartOnNone: + rp.Condition = types.RestartPolicyConditionNone + case swarmapi.RestartOnFailure: + rp.Condition = types.RestartPolicyConditionOnFailure + case swarmapi.RestartOnAny: + rp.Condition = types.RestartPolicyConditionAny + default: + rp.Condition = types.RestartPolicyConditionAny + } + if p.Delay != nil { delay, _ := ptypes.Duration(p.Delay) rp.Delay = &delay @@ -255,13 +266,19 @@ func restartPolicyToGRPC(p *types.RestartPolicy) (*swarmapi.RestartPolicy, error var rp *swarmapi.RestartPolicy if p != nil { rp = &swarmapi.RestartPolicy{} - sanatizedCondition := strings.ToUpper(strings.Replace(string(p.Condition), "-", "_", -1)) - if condition, ok := swarmapi.RestartPolicy_RestartCondition_value[sanatizedCondition]; ok { - rp.Condition = swarmapi.RestartPolicy_RestartCondition(condition) - } else if string(p.Condition) == "" { + + switch p.Condition { + case types.RestartPolicyConditionNone: + rp.Condition = swarmapi.RestartOnNone + case types.RestartPolicyConditionOnFailure: + rp.Condition = swarmapi.RestartOnFailure + case types.RestartPolicyConditionAny: + rp.Condition = swarmapi.RestartOnAny + default: + if string(p.Condition) != "" { + return nil, fmt.Errorf("invalid RestartCondition: %q", p.Condition) + } rp.Condition = swarmapi.RestartOnAny - } else { - return nil, fmt.Errorf("invalid RestartCondition: %q", p.Condition) } if p.Delay != nil { From 3f21a28ec03cc981eb7f8c00311c4c37a534a42e Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Thu, 20 Oct 2016 15:34:23 -0700 Subject: [PATCH 09/10] chroot: let root be cleaned up by kernel Signed-off-by: Tonis Tiigi (cherry picked from commit 70dfea63ba2a8a6d8b367420039aeb6a1759c240) Signed-off-by: Victor Vieux --- pkg/chrootarchive/chroot_linux.go | 7 ------- 1 file changed, 7 deletions(-) diff --git a/pkg/chrootarchive/chroot_linux.go b/pkg/chrootarchive/chroot_linux.go index cefbef9df4..34d1b8c37e 100644 --- a/pkg/chrootarchive/chroot_linux.go +++ b/pkg/chrootarchive/chroot_linux.go @@ -52,13 +52,6 @@ func chroot(path string) (err error) { err = errCleanup } } - - if errCleanup := syscall.Unmount("/", syscall.MNT_DETACH); errCleanup != nil { - if err == nil { - err = fmt.Errorf("error unmounting root: %v", errCleanup) - } - return - } }() if err := syscall.PivotRoot(path, pivotDir); err != nil { From a8ffa0128caf8713ec861c3d9fef24cb32097580 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Thu, 20 Oct 2016 15:29:23 -0700 Subject: [PATCH 10/10] chroot: remount everything as private in new mntns If parent of the destination path is shared, this path will be unmounted from the parent ns even if the path itself is private. Signed-off-by: Tonis Tiigi (cherry picked from commit b511d1f0cabd32ca30c87fa1bbc7ecac283dab39) Signed-off-by: Victor Vieux --- pkg/chrootarchive/chroot_linux.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkg/chrootarchive/chroot_linux.go b/pkg/chrootarchive/chroot_linux.go index 34d1b8c37e..f491d89768 100644 --- a/pkg/chrootarchive/chroot_linux.go +++ b/pkg/chrootarchive/chroot_linux.go @@ -21,7 +21,12 @@ func chroot(path string) (err error) { return fmt.Errorf("Error creating mount namespace before pivot: %v", err) } - if err := mount.MakeRPrivate(path); err != nil { + // make everything in new ns private + if err := mount.MakeRPrivate("/"); err != nil { + return err + } + // ensure path is a mountpoint + if err := mount.MakePrivate(path); err != nil { return err }