Commit graph

33537 commits

Author SHA1 Message Date
Brian Goff
5bbf5cc671 Set selinux label on local volumes from mounts API
When using a volume via the `Binds` API, a shared selinux label is
automatically set.
The `Mounts` API is not setting this, which makes volumes specified via
the mounts API useless when selinux is enabled.

This fix adopts the same selinux label for volumes on the mounts API as on
binds.
Note in the case of both the `Binds` API and the `Mounts` API, the
selinux label is only applied when the volume driver is the `local`
driver.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-09-19 10:46:38 -04:00
Yong Tang
3fa72d38ec Merge pull request #34721 from kinvolk/iaguis/add-missing-ecryptfs-string
Add missing eCryptfs translation to FsNames
2017-09-19 05:45:24 -07:00
Sebastiaan van Stijn
13e8a7a006 Merge pull request #34891 from Microsoft/jjh/fixcomment
LCOW: Fix comment in graphdriver code
2017-09-19 14:43:35 +02:00
Vincent Demeester
5c57ca17d5 Merge pull request #34520 from fnoeding/fixed-raw-splunk-logger
Fixed `raw` mode splunk logger
2017-09-19 10:53:01 +02:00
Vincent Demeester
7cd7cf9167 Merge pull request #34856 from dnephin/cleanup-version-tests
Replace old version tests
2017-09-19 10:34:50 +02:00
Yong Tang
b075cd2d78 Merge pull request #34495 from ripcurld0/registry_mirror_json
Exit if service config is loaded unsuccessfully on startup
2017-09-18 21:59:14 -07:00
Yong Tang
cfdac1245a Merge pull request #34550 from kolyshkin/libeudev
Update Dockerfiles to use Debian Stretch
2017-09-18 21:03:31 -07:00
John Howard
f9fc269c20 LCOW: Fix comment in graphdriver code
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-09-18 19:52:55 -07:00
Victor Vieux
a2ee40b98c Merge pull request #34674 from pradipd/windows_routingmesh
Enabling ILB/ELB on windows using per-node, per-network LB endpoint.
2017-09-18 15:56:17 -07:00
Yong Tang
65e88d996a Merge pull request #34759 from kolyshkin/gometalinter
Gometalinter fixups for non-x86
2017-09-18 13:44:15 -07:00
Pradip Dhara
4c1b07924a vendoring libnetwork and swarmkit
Signed-off-by: Pradip Dhara <pradipd@microsoft.com>
2017-09-18 20:38:18 +00:00
Pradip Dhara
9bed0883e7 Enabling ILB/ELB on windows using per-node, per-network LB endpoint.
Signed-off-by: Pradip Dhara <pradipd@microsoft.com>
2017-09-18 20:27:56 +00:00
Vincent Demeester
9be245f438 Merge pull request #34805 from chris-crone/containerize-integration-tests
Containerize integration tests
2017-09-18 21:11:06 +02:00
Kir Kolyshkin
14f0a1888f integration-cli/docker_cli_logs_test.go: Wait()
To avoid a zombie apocalypse, use cmd.Wait() to properly finish
the processes we spawn by Start().

Found while investigating DockerSuite.TestLogsFollowSlowStdoutConsumer
failure on ARM (see
https://github.com/moby/moby/pull/34550#issuecomment-324937936).

[v2: don't expect no error from Wait() when process is killed]

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-09-18 11:18:36 -07:00
Iago López Galeiras
ddb31b4fdf Add missing eCryptfs translation to FsNames
It was causing the error message to be

    'overlay' is not supported over <unknown>

instead of

    'overlay' is not supported over ecryptfs

Signed-off-by: Iago López Galeiras <iago@kinvolk.io>
2017-09-18 19:06:13 +02:00
Kir Kolyshkin
1bc93bff22 TestLogsFollowSlowStdoutConsumer: fix for slow ARM
We run our CI on Scaleway C1 machine, which is pretty slow,
including I/O. This test was failing on it, as it tried to
write 100000 lines of log very fast, and the loggerCloseTimeout
(defined and used in container/monitor.go) prevents the
daemon to finish writing it within this time frame,

Reducing the size to 150000 characters (75000 lines) should
help avoiding hitting it, without compromising the test case
itself.

Alternatively, we could have increased the timeout further. It was
originally set to 1s (commit b6a42673a) and later increased 10x
(commit c0391bf55). Please let me know if you want me to go that way.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-09-18 08:47:55 -07:00
Kir Kolyshkin
b569f57890 overlay gd: fix build for 32-bit ARM
This commit reverts a hunk of commit 2f5f0af3f ("Add unconvert linter")
and adds a hint for unconvert linter to ignore excessive conversion as
it is required on 32-bit platforms (e.g. armhf).

The exact error on armhf is this:

	19:06:45 ---> Making bundle: dynbinary (in bundles/17.06.0-dev/dynbinary)
	19:06:48 Building: bundles/17.06.0-dev/dynbinary-daemon/dockerd-17.06.0-dev
	19:10:58 # github.com/docker/docker/daemon/graphdriver/overlay
	19:10:58 daemon/graphdriver/overlay/copy.go:161: cannot use stat.Atim.Sec (type int32) as type int64 in argument to time.Unix
	19:10:58 daemon/graphdriver/overlay/copy.go:161: cannot use stat.Atim.Nsec (type int32) as type int64 in argument to time.Unix
	19:10:58 daemon/graphdriver/overlay/copy.go:162: cannot use stat.Mtim.Sec (type int32) as type int64 in argument to time.Unix
	19:10:58 daemon/graphdriver/overlay/copy.go:162: cannot use stat.Mtim.Nsec (type int32) as type int64 in argument to time.Unix

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-09-17 22:04:31 -07:00
Kir Kolyshkin
7439d360fd Fix test-docker-py on some arches
When running 'make all' on armhf, I got this:

> ---> Making bundle: .integration-daemon-start (in bundles/17.06.0-dev/test-docker-py)
> Using test binary docker
> INFO: Waiting for daemon to start...
> Starting dockerd
> .
> Traceback (most recent call last):
>   File "/usr/local/lib/python2.7/dist-packages/_pytest/config.py", line
> 320, in _importconftest
>     mod = conftestpath.pyimport()
>   File "/usr/local/lib/python2.7/dist-packages/py/_path/local.py", line
> 662, in pyimport
>     __import__(modname)
>   File "/docker-py/tests/integration/conftest.py", line 6, in <module>
>     import docker.errors
>   File "/docker-py/docker/__init__.py", line 2, in <module>
>     from .api import APIClient
>   File "/docker-py/docker/api/__init__.py", line 2, in <module>
>     from .client import APIClient
>   File "/docker-py/docker/api/client.py", line 11, in <module>
>     from .build import BuildApiMixin
>   File "/docker-py/docker/api/build.py", line 6, in <module>
>     from .. import auth
>   File "/docker-py/docker/auth.py", line 6, in <module>
>     import dockerpycreds
> ImportError: No module named dockerpycreds
> ERROR: could not load /docker-py/tests/integration/conftest.py

The fix for this was already provided by commit 0ec8f56a3 and
commit c7c923594, but for some reason it did not made its way
to Dockerfiles for all architectures.

While at it, remove excessive comments.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-09-17 22:04:31 -07:00
Kir Kolyshkin
c21245c920 devmapper: tell why xfs is not supported
Instead of providing a generic message listing all possible reasons
why xfs is not available on the system, let's be specific.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-09-17 22:04:31 -07:00
Kir Kolyshkin
46833ee1c3 devmapper: show dmesg if mount fails
If mount fails, the reason might be right there in the kernel log ring buffer.
Let's include it in the error message, it might be of great help.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-09-17 22:04:31 -07:00
Kir Kolyshkin
6b01bc5adb devmapper: don't create too new xfs
Since the update to Debian Stretch, devmapper unit test fails. One
reason is, the combination of somewhat old (less than 3.16) kernel and
relatively new xfsprogs leads to creating a filesystem which is not supported
by the kernel:

> [12206.467518] XFS (dm-1): Superblock has unknown read-only compatible features (0x1) enabled.
> [12206.472046] XFS (dm-1): Attempted to mount read-only compatible filesystem read-write.
> Filesystem can only be safely mounted read only.
> [12206.472079] XFS (dm-1): SB validate failed with error 22.

Ideally, that would be automatically and implicitly handled by xfsprogs.
In real life, we have to take care about it here. Sigh.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-09-17 22:04:31 -07:00
Kir Kolyshkin
ce2a0120c1 Dockerfiles: fix test-docker-py
Presumably after switch to debian-stretch as a base, the following
errors happens in Jenkins:

10:48:03 ---> Making bundle: test-docker-py (in
bundles/17.06.0-dev/test-docker-py)
10:48:03 ---> Making bundle: .integration-daemon-start (in
bundles/17.06.0-dev/test-docker-py)
10:48:03 Using test binary docker
10:48:03 # DOCKER_EXPERIMENTAL is set: starting daemon with experimental
features enabled!
10:48:03 /etc/init.d/apparmor: 130: /etc/init.d/apparmor:
systemd-detect-virt: not found
10:48:03 Starting AppArmor profiles:Warning from stdin (line 1):
/sbin/apparmor_parser: cannot use or update cache, disable, or
force-complain via stdin
10:48:03 Warning failed to create cache: (null)
10:48:03 .
10:48:03 INFO: Waiting for daemon to start...
10:48:03 Starting dockerd
10:48:05 .
10:48:06 Traceback (most recent call last):
10:48:06   File
"/usr/local/lib/python2.7/dist-packages/_pytest/config.py", line 320, in
_importconftest
10:48:06     mod = conftestpath.pyimport()
10:48:06   File
"/usr/local/lib/python2.7/dist-packages/py/_path/local.py", line 662, in
pyimport
10:48:06     __import__(modname)
10:48:06   File "/docker-py/tests/integration/conftest.py", line 6, in
<module>
10:48:06     import docker.errors
10:48:06   File "/docker-py/docker/__init__.py", line 2, in <module>
10:48:06     from .api import APIClient
10:48:06   File "/docker-py/docker/api/__init__.py", line 2, in <module>
10:48:06     from .client import APIClient
10:48:06   File "/docker-py/docker/api/client.py", line 6, in <module>
10:48:06     import requests
10:48:06 ImportError: No module named requests
10:48:06 ERROR: could not load /docker-py/tests/integration/conftest.py
10:48:06

and

00:38:55   File "/docker-py/docker/transport/ssladapter.py", line 21, in
<module>
00:38:55     from backports.ssl_match_hostname import match_hostname
00:38:55 ImportError: No module named backports.ssl_match_hostname
00:38:55 ERROR: could not load /docker-py/tests/integration/conftest.py

To fix, install the missing python modules.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-09-17 22:04:31 -07:00
Kir Kolyshkin
771256b305 TestRunSeccompProfileAllow32Bit: fix
Since the update to Debian Stretch, this test fails. The reason is dynamic
binary, which requires i386 ld.so for loading (and apparently it is no longer
installed by default):

> root@09d4b173c3dc:/go/src/github.com/docker/docker# file exit32-test
> exit32-test: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, BuildID[sha1]=a0d3d6cb59788453b983f65f8dc6ac52920147b6, stripped
> root@09d4b173c3dc:/go/src/github.com/docker/docker# ls -l /lib/ld-linux.so.2
> ls: cannot access '/lib/ld-linux.so.2': No such file or directory

To fix, just add -static.

Interestingly, ldd can'f figure it out.

> root@a324f8edfcaa:/go/src/github.com/docker/docker# ldd exit32-test
>	not a dynamic executable

Other tools (e.g. objdump) also show it's a dynamic binary.

While at it, remove the extra "id" argument (a copy-paste error I
guess).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-09-17 22:04:31 -07:00
Kir Kolyshkin
84f1c054e6 devmapper gd: disable for static build
Static build with devmapper is impossible now since libudev is required
and no static version of libudev is available (as static libraries are
not supported by systemd which udev is part of).

This should not hurt anyone as "[t]he primary user of static builds
is the Editions, and docker in docker via the containers, and none
of those use device mapper".

Also, since the need for static libdevmapper is gone, there is no need
to self-compile libdevmapper -- let's use the one from Debian Stretch.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-09-17 22:04:31 -07:00
Justin Cormack
e89a5e5e91 Update Dockerfiles to use Debian stretch
The main gain here is that they all use exactly the same distro; previously
arm64 was using Ubuntu Xenial because Debian jessie was too old.

Does not seem that we can change any of the downloaded dependencies still,
as eg libseccomp is still not the version we are using.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-09-17 22:02:13 -07:00
Boaz Shuster
5258297dac Exit if service config is loaded unsuccessfully on startup
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
2017-09-17 18:50:16 +03:00
Yong Tang
c5c0702a4d Merge pull request #34842 from dnephin/fix-integration-on-timeout
[integration-cli] Only attempt to find pid with local daemon
2017-09-16 06:48:18 -07:00
Victor Vieux
a5f9783c93 Merge pull request #34252 from Microsoft/akagup/lcow-remotefs-sandbox
LCOW: Support for docker cp, ADD/COPY on build
2017-09-15 16:49:48 -07:00
Daniel Nephin
813d2e082a Replace old version tests
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-09-15 12:56:09 -04:00
Christopher Crone
b7d8d2c4ab Various fixes
Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2017-09-15 16:01:15 +02:00
Yong Tang
5c10698d5c Merge pull request #34849 from chchliang/testlayer
add testcase in layer/empty_test.go with Platform(),Metadata()
2017-09-15 06:39:20 -07:00
Christopher Crone
eb396e8984 Remove erroneous Println
Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2017-09-15 13:02:27 +02:00
chchliang
c72112b171 add testcase in layer/empty_test.go with Metadata()
Signed-off-by: chchliang <chen.chuanliang@zte.com.cn>
2017-09-15 14:13:48 +08:00
Victor Vieux
0300fa7f80 Merge pull request #34258 from simonferquel/lcow-mounts
LCOW: Prepare work for bind mounts
2017-09-14 15:00:08 -07:00
Victor Vieux
ff686743c5 Add LCOW behind experimental,
might not be the cleanest way, but it's definitly the way with the
minimum code change.

Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-09-14 13:51:16 -07:00
Simon Ferquel
e89b6e8c2d Volume refactoring for LCOW
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2017-09-14 12:33:31 -07:00
Akash Gupta
7a7357dae1 LCOW: Implemented support for docker cp + build
This enables docker cp and ADD/COPY docker build support for LCOW.
Originally, the graphdriver.Get() interface returned a local path
to the container root filesystem. This does not work for LCOW, so
the Get() method now returns an interface that LCOW implements to
support copying to and from the container.

Signed-off-by: Akash Gupta <akagup@microsoft.com>
2017-09-14 12:07:52 -07:00
Akash Gupta
ba13c173d1 Vendor containerd/continuity@22694c680e
Signed-off-by: Akash Gupta <akagup@microsoft.com>
2017-09-14 12:00:38 -07:00
Yong Tang
d60c186667 Merge pull request #34217 from yongtang/34208-http-add-root
Fix build with `ADD` urls without any sub path
2017-09-14 11:55:24 -07:00
Yong Tang
2a54dc0804 Merge pull request #34332 from clnperez/logrus-revendor
revendor logrus and x/crypto
2017-09-14 11:29:05 -07:00
Christopher Crone
7dabed019a Fixes after dnephin review
Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2017-09-14 19:27:09 +02:00
Christopher Crone
81f69a5931 Fix Windows build
Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2017-09-14 19:27:09 +02:00
Christopher Crone
61b13ba0d1 Test requires SameHostDaemon
Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2017-09-14 19:27:09 +02:00
Christopher Crone
5eab08930c Correct log message
Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2017-09-14 19:27:09 +02:00
Christopher Crone
85431566a8 Set client version instead of negotiating it
Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2017-09-14 19:27:09 +02:00
Christopher Crone
42d812df0a Bring up DockerNetworkSuite
Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2017-09-14 19:27:09 +02:00
Christopher Crone
6936ce3b65 Remove race and split TestAPINetworkInspect test
Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2017-09-14 19:27:09 +02:00
Christopher Crone
86f9eb4a08 Fixes for dnephin review
Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2017-09-14 19:27:09 +02:00
Christopher Crone
f089a1df39 Skip some tests for E2E
Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2017-09-14 19:27:09 +02:00
Christopher Crone
b1fb41988d Check integration test requirements using daemon
When running against a remote daemon, we cannot use the local
filesystem to determine configuration.

Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2017-09-14 19:27:09 +02:00