Commit graph

137 commits

Author SHA1 Message Date
Yong Tang
c90ec05175 Restrict checkpoint name to prevent directory traversal
This fix tries to address the issue raised in 28769 where
checkpoint name was not checked before passing to containerd.
As a result, it was possible to use a special checkpoint name
to get outside of the container's directory.

This fix add restriction `[a-zA-Z0-9][a-zA-Z0-9_.-]+` (`RestrictedNamePattern`).
This is the same as container name restriction.

This fix fixes 28769.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-23 13:23:07 -08:00
Brian Goff
821aeb6a6f Use container Mounts API for Swarm containers.
Instead of converting nicely typed service mounts into untyped `Binds`
when creating containers, use the new `Mounts` API which is a 1-1
mapping between service mounts and container mounts.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-11-22 13:23:51 -05:00
Victor Vieux
9c559e6d0b fix a few golint errors
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 18:32:02 -08:00
Victor Vieux
9f348d5625 fix gofmt in master
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 15:20:19 -08:00
Brian Goff
22dccaf2d6 Merge pull request #28538 from yongtang/11162016-Log-Logf-fix
Fix several issues with `go vet` and `gofmt -s`
2016-11-17 15:21:22 -05:00
Yong Tang
ace786e9d5 Fix several issues with go vet and go fmt
For some reason, `go vet` and `go fmt` validate does not capture
several issues.

The following was the output of `go vet`:
```
ubuntu@ubuntu:~/docker$ go vet ./... 2>&1 | grep -v ^vendor | grep -v '^exit status 1$'
cli/command/formatter/container_test.go:393: possible formatting directive in Log call
volume/volume_test.go:257: arg mp.RW for printf verb %s of wrong type: bool
```

The following was the output of `go fmt -s`:
```
ubuntu@ubuntu:~/docker$ gofmt -s -l . | grep -v ^vendor
cli/command/stack/list.go
daemon/commit.go
```

Fixed above issues with `go vet` and `go fmt -s`

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-17 06:31:28 -08:00
He Xin
19bd1cee23 fix bugs 'fatal error: concurrent map read and map write' to change VolumeStore.globalLock type from Mutex to RWMutex, and add globalLock.RLock() for the read of names, refs, labels and options in VolumeStore
Signed-off-by: He Xin <he_xinworld@126.com>
2016-11-17 10:48:19 +08:00
Victor Vieux
b06dc994f6 Merge pull request #27985 from muayyad-alsadi/17734-better-message-for-host-volumes
fixes #17734, clear message for host volumes not starting with /
2016-11-14 14:21:17 -08:00
Muayyad Alsadi
2d3df91436 remove "starting with /"
Signed-off-by: Muayyad Alsadi <alsadi@gmail.com>
2016-11-14 16:51:29 +02:00
Yanqiang Miao
19e2c9177a Fix a comment error
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
2016-11-14 09:55:27 +08:00
Brian Goff
9a2d0bc3ad Fix uneccessary calls to volume.Unmount()
Fixes #22564

When an error occurs on mount, there should not be any call later to
unmount. This can throw off refcounting in the underlying driver
unexpectedly.

Consider these two cases:

```
$ docker run -v foo:/bar busybox true
```

```
$ docker run -v foo:/bar -w /foo busybox true
```

In the first case, if mounting `foo` fails, the volume driver will not
get a call to unmount (this is the incorrect behavior).

In the second case, the volume driver will not get a call to unmount
(correct behavior).

This occurs because in the first case, `/bar` does not exist in the
container, and as such there is no call to `volume.Mount()` during the
`create` phase. It will error out during the `start` phase.

In the second case `/bar` is created before dealing with the volume
because of the `-w`. Because of this, when the volume is being setup
docker will try to copy the image path contents in the volume, in which
case it will attempt to mount the volume and fail. This happens during
the `create` phase. This makes it so the container will not be created
(or at least fully created) and the user gets the error on `create`
instead of `start`. The error handling is different in these two phases.

Changed to only send `unmount` if the volume is mounted.

While investigating the cause of the reported issue I found some odd
behavior in unmount calls so I've cleaned those up a bit here as well.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-11-10 14:04:08 -05:00
Justin Cormack
5020905e9d Merge pull request #27329 from dattatrayakumbhar04/26639_nfs_volume_with_hostname
#26639: Local NFS volumes do not resolve hostnames
2016-11-09 13:46:56 +00:00
dattatrayakumbhar04
668fa8aff2 #26639: Local NFS volumes do not resolve hostnames
Signed-off-by: dattatrayakumbhar04 <dattatraya.kumbhar@gslab.com>
2016-11-08 08:26:53 +00:00
Akihiro Suda
3e3d3c8086 api: fix ReadOnly support for tmpfs
For `--mount type=tmpfs,target=/foo,readonly`, the `readonly` flag was just ignored.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2016-11-08 06:49:17 +00:00
Amit Krishnan
934328d8ea Add functional support for Docker sub commands on Solaris
Signed-off-by: Amit Krishnan <krish.amit@gmail.com>

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-11-07 09:06:34 -08:00
Anusha Ragunathan
cf55397e13 Merge pull request #27164 from cpuguy83/carry_24205
Fix volume creates blocked by stale cache entries
2016-11-03 10:28:13 -07:00
Brian Goff
6a0bdffc1a Fix volume creates blocked by stale cache entries
When a conflict is found in the volume cache, check with the driver if
that volume still actually exists.
If the volume doesn't exist, purge it from the cache and allow the
create to happen.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-11-03 11:56:44 -04:00
Muayyad Alsadi
a8180eeaed fixes #17734, clear message for host volumes not starting with /
Signed-off-by: Muayyad Alsadi <alsadi@gmail.com>
2016-11-02 12:19:10 +02:00
Wentao Zhang
64d0592d41 fix volume driver deletions prevents recreation of volume issue
Signed-off-by: Wentao Zhang <zhangwentao234@huawei.com>
2016-10-31 10:24:29 -04:00
Akihiro Suda
18768fdc2e api: add TypeTmpfs to api/types/mount
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2016-10-28 08:38:32 +00:00
Yong Tang
9ce8aac55e Show volume options for docker volume inspect
This fix tries to address the issue raised in 25545 where
volume options at the creation time is not showed up
in `docker volume inspect`.

This fix adds the field `Options` in `Volume` type and
persist the options in volume db so that `volume inspect`
could display the options.

This fix adds a couple of test cases to cover the changes.

This fix fixes 25545.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-10-20 05:14:27 -07:00
Anusha Ragunathan
a98be0344b Update plugingetter import path in docker/docker.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-10-11 11:24:18 -07:00
Alexander Morozov
5af8cfd3b1 volume/local: fix import path
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-10-03 12:13:56 -07:00
Brian Goff
2a5e85e2e8 Fix some places where low-level errors bubbled up
Found a couple of places where pretty low level errors were never being
wrapped with any sort of context.

For example, if you try to create a local volume using some bad mount
options, the kernel will return `invalid argument` when we try to mount
it at container start.
What would happen is a user would `docker run` with this volume and get
an error like `Error response from daemon: invalid argument`.

This uses github.com/pkg/errors to provide some context to the error
message without masking the original error.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-09-24 08:01:21 -04:00
John Howard
6ceec828bf Windows: Remove TP5 support from volume
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-09-21 11:03:19 -07:00
Anusha Ragunathan
fefea805e9 Make graphdrivers work with pluginv2.
As part of making graphdrivers support pluginv2, a PluginGetter
interface was necessary for cleaner separation and avoiding import
cycles.

This commit creates a PluginGetter interface and makes pluginStore
implement it. Then the pluginStore object is created in the daemon
(rather than by the plugin manager) and passed to plugin init as
well as to the different subsystems (eg. graphdrivers, volumedrivers).
A side effect of this change was that some code was moved out of
experimental. This is good, since plugin support will be stable soon.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-09-20 08:49:48 -07:00
Victor Vieux
b22d07f515 add check plugin is not used before rm
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-09-15 13:50:57 -07:00
Brian Goff
fc7b904dce Add new HostConfig field, Mounts.
`Mounts` allows users to specify in a much safer way the volumes they
want to use in the container.
This replaces `Binds` and `Volumes`, which both still exist, but
`Mounts` and `Binds`/`Volumes` are exclussive.
The CLI will continue to use `Binds` and `Volumes` due to concerns with
parsing the volume specs on the client side and cross-platform support
(for now).

The new API follows exactly the services mount API.

Example usage of `Mounts`:

```
$ curl -XPOST localhost:2375/containers/create -d '{
  "Image": "alpine:latest",
  "HostConfig": {
    "Mounts": [{
      "Type": "Volume",
      "Target": "/foo"
      },{
      "Type": "bind",
      "Source": "/var/run/docker.sock",
      "Target": "/var/run/docker.sock",
      },{
      "Type": "volume",
      "Name": "important_data",
      "Target": "/var/data",
      "ReadOnly": true,
      "VolumeOptions": {
	"DriverConfig": {
	  Name: "awesomeStorage",
	  Options: {"size": "10m"},
	  Labels: {"some":"label"}
	}
      }]
    }
}'
```

There are currently 2 types of mounts:

  - **bind**: Paths on the host that get mounted into the
    container. Paths must exist prior to creating the container.
  - **volume**: Volumes that persist after the
    container is removed.

Not all fields are available in each type, and validation is done to
ensure these fields aren't mixed up between types.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-09-13 09:55:35 -04:00
Akihiro Suda
e03cc68e3a test: fix trivial code convention noncompliance
daemon/events/testutils: rename eventstestutils to testutils
volume/testutils: rename volumetestutils to testutils

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2016-09-12 07:36:52 +00:00
Michael Crosby
91e197d614 Add engine-api types to docker
This moves the types for the `engine-api` repo to the existing types
package.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-09-07 11:05:58 -07:00
John Howard
1b62b8c084 Windows: Error if mapping single file volume
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-09-06 10:52:56 -07:00
Antonis Kalipetis
72d8a77d52
Make host directory mounts use idtools.MkdirAllNewAs
This makes sure that:
1. Already existing directories are left untouched
2. Newly created directories are chowned to the correct root UID/GID in case of user namespaces
3. All parent directories still get created with host root UID/GID

Fix #21738

Signed-off-by: Antonis Kalipetis <akalipetis@gmail.com>
2016-09-05 12:46:57 +03:00
Anusha Ragunathan
27a55fba28 Reorganize plugin package into sub packages.
Split plugin package into `store` and `v2/plugin`. Now the functionality
is clearly delineated:
- Manager: Manages the global state of the plugin sub-system.
- PluginStore: Manages a collection of plugins (in memory and on-disk)
- Plugin: Manages the single plugin unit.

This also facilitates splitting the global PluginManager lock into:
- PluginManager lock to protect global states.
- PluginStore lock to protect store states.
- Plugin lock to protect individual plugin states.

Importing "github.com/docker/docker/plugin/store" will provide access
to plugins and has lesser dependencies when compared to importing the
original monolithic `plugin package`.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-08-27 11:08:08 -07:00
Vincent Demeester
0c6926070f Merge pull request #25816 from anusha-ragunathan/vol-plugin-list
Make `docker volume list` lookup plugins installed using new model.
2016-08-25 19:02:25 +02:00
Yong Tang
6c5c34d50d Add --force in docker volume rm to fix out-of-band volume driver deletion
This fix tries to address the issue in raised #23367 where an out-of-band
volume driver deletion leaves some data in docker. This prevent the
reuse of deleted volume names (by out-of-band volume driver like flocker).

This fix adds a `--force` field in `docker volume rm` to forcefully purge
the data of the volume that has already been deleted.

Related documentations have been updated.

This fix is tested manually with flocker, as is specified in #23367.
An integration test has also been added for the scenario described.

This fix fixes #23367.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-08-18 18:01:25 -07:00
Brian Goff
c7075bd149 Add requested comments about old buggy behavior
Address comment: 246d1eb58e (r75242138)

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-08-18 10:07:22 -04:00
Brian Goff
246d1eb58e Fix volume not working after daemon restart
When the daemon is started, it looks at all the volumes and checks to
see if any of them have mount options persisted to disk, and loads them
from disk if it does.

In some cases a volume will be created with an empty map causing the
options file to be persisted and volume options set to a non-nil value
on daemon restart... this causes problems later when the driver checks
for a non-nil value to determine if it should try and mount with the
persisted volume options.

Ensures 2 things:

1. Instead of only checking nilness for the opts map, use `len` to make
sure it is not an empty map, which we don't really need to persit.

2. An empty (or nulled) opts.json will not inadvertnatly set volume
options on daemon restart.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-08-17 20:36:17 -04:00
Anusha Ragunathan
59c45f7c0a Make docker volume list lookup plugins installed using new model.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-08-17 13:27:43 -07:00
Sebastiaan van Stijn
8d5a615045
improve error message for volume names that are too short
this improves the error message if a user tries to
create a volume with a single-character name:

Before this change:

    docker volume create --name a
    Error response from daemon: create a: "a" includes invalid characters for a local volume name, only "[a-zA-Z0-9][a-zA-Z0-9_.-]" are allowed

After this change:

    docker volume create --name a
    Error response from daemon: create a: volume name is too short, names should be at least two alphanumeric characters

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-08-17 16:40:24 +02:00
Brian Goff
6d98e344c7 revendor engine-api
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-08-16 14:16:12 -04:00
Brian Goff
c560dd9686 Fix issue reloading mount options on restart
On daemon restart the local volume driver will read options that it
persisted to disk, however it was reading an incorrect path, causing
volume options to be silently ignored after a daemon restart.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-08-01 23:30:39 -04:00
Yanqiang Miao
87cada6d7f delete a useless variable
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
2016-07-29 15:34:21 +08:00
Yanqiang Miao
a503f3ac2f optimize a print in
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>

update 'optimize-a-print'

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
2016-07-28 19:20:20 +08:00
allencloud
4e959ef2f7 fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-07-23 11:32:23 +08:00
Sebastiaan van Stijn
8f93128cd6
Change mount-types to lowercase
these values were changed to lowercase in
690cb2d08c,
but not changed accordingly in docker/docker.

this changes the mounttypes to lowercase

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-07-21 11:25:42 +02:00
Anusha Ragunathan
5d4627331e Remove extra map lookup for volume drivers.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-07-19 09:35:56 -07:00
Anusha Ragunathan
8fd779dc28 Add only legacy plugins to the legacy lookup map.
Legacy plugin model maintained a map of plugins. This is
not used by the new model. Using this map in the new model
causes incorrect lookup of plugins. This change uses adds
a plugin to the map only if its legacy.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-07-18 15:43:44 -07:00
Mauricio Garavaglia
b65d6927d4 Remove code duplication in VolumeStore Create CreateWithRef
Signed-off-by: Mauricio Garavaglia <mauricio@medallia.com>
2016-07-06 19:09:47 -03:00
Robert Terhaar
29fea0fd2e fixes minor typo in comment
Signed-off-by: Robert Terhaar <rterhaar@atlanticdynamic.com>
2016-07-01 17:29:08 -04:00
Tibor Vass
f37117045c plugins: experimental support for new plugin management
This patch introduces a new experimental engine-level plugin management
with a new API and command line. Plugins can be distributed via a Docker
registry, and their lifecycle is managed by the engine.
This makes plugins a first-class construct.

For more background, have a look at issue #20363.

Documentation is in a separate commit. If you want to understand how the
new plugin system works, you can start by reading the documentation.

Note: backwards compatibility with existing plugins is maintained,
albeit they won't benefit from the advantages of the new system.

Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-06-14 14:20:27 -07:00