Commit graph

6967 commits

Author SHA1 Message Date
Sebastiaan van Stijn
d9dbca2e19
Merge pull request #35708 from schomatis/fix-set-up-dev-env-link
Fix link in Contributing doc
2017-12-06 10:04:01 -08:00
Akihiro Suda
a235469f45
Merge pull request #35603 from ericsoderstrom/master
Update docs to reflect working directory name change.
2017-12-06 10:15:16 +09:00
Lucas Molas
1f0572fd1a
Fix link in Contributing doc
Signed-off-by: Lucas Molas <lmolas@fundacionsadosky.org.ar>
2017-12-05 12:31:02 -03:00
Anthony Sottile
b6eed3dca2 Change references from test-integration-cli to test-integration
Signed-off-by: Anthony Sottile <asottile@umich.edu>
2017-11-27 19:01:14 -08:00
Eric Soderstrom
f72ece0186 Update docs to reflect working directory name change.
Signed-off-by: Eric Soderstrom <ericsoderstrom@gmail.com>
2017-11-26 13:12:16 -08:00
Sebastiaan van Stijn
6f34bd6f96
Move "until" option to correct API version
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-11-03 16:11:07 +01:00
Sebastiaan van Stijn
68a4552529
Merge pull request #32914 from jamiehannaford/until-logging
Add --until flag for docker logs; closes #32807
2017-11-03 16:08:30 +01:00
Sebastiaan van Stijn
dfbf0f2e91
Merge pull request #35168 from justincormack/update-contributing
First pass updating CONTRIBUTING
2017-11-03 12:57:21 +01:00
Justin Cormack
cecd0de3a9 First pass updating CONTRIBUTING
This largely removes references to Docker where possible.

The HOWTO guides are still Docker docs and refer to Docker not
moby, so the next step is to rework these as Moby docs and put
them in `docs/` in this repo.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-11-03 11:54:55 +00:00
Sebastiaan van Stijn
4533a16fa9
Move Isolation API changes to the correct version
Commit d91c5f42eb added
support for "Isolation" mode for services, but didn't
get merged before API 1.34.

This patch moves the description in the API version
history to the correct API version (1.35), and does
a slight rewording of the functionality.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-11-01 22:13:10 +01:00
Brian Goff
d91c5f42eb
Merge pull request #34424 from simonferquel/swarm-service-isolation
Added support for swarm service isolation mode
2017-11-01 16:41:10 -04:00
Jamie Hannaford
e8d9a61f4c Add --until flag for docker logs; closes #32807
Signed-off-by: Jamie Hannaford <jamie.hannaford@rackspace.com>
2017-11-01 10:08:49 +01:00
Yong Tang
3ba1dda191
Merge pull request #35343 from thaJeztah/bump-api-version-1.35
Bump API version to 1.35
2017-10-31 12:37:12 -07:00
Sebastiaan van Stijn
ba6b5aa7f2
Bump API version to 1.35
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-10-31 12:57:14 +01:00
Sebastiaan van Stijn
a6f09a7509
Merge pull request #35102 from ripcurld0/doc_31926
Elaborate more about port allocation in docs
2017-10-30 20:28:36 +01:00
Simon Ferquel
f28cb422e6 Added support for swarm service isolation mode
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2017-10-30 16:16:18 +01:00
Kir Kolyshkin
f963500c54 ContainerWait on remove: don't stuck on rm fail
Currently, if a container removal has failed for some reason,
any client waiting for removal (e.g. `docker run --rm`) is
stuck, waiting for removal to succeed while it has failed already.
For more details and the reproducer, please check
https://github.com/moby/moby/issues/34945

This commit addresses that by allowing `ContainerWait()` with
`container.WaitCondition == "removed"` argument to return an
error in case of removal failure. The `ContainerWaitOKBody`
stucture returned to a client is amended with a pointer to `struct Error`,
containing an error message string, and the `Client.ContainerWait()`
is modified to return the error, if any, to the client.

Note that this feature is only available for API version >= 1.34.
In order for the old clients to be unstuck, we just close the connection
without writing anything -- this causes client's error.

Now, docker-cli would need a separate commit to bump the API to 1.34
and to show an error returned, if any.

[v2: recreate the waitRemove channel after closing]
[v3: document; keep legacy behavior for older clients]
[v4: convert Error from string to pointer to a struct]
[v5: don't emulate old behavior, send empty response in error case]
[v6: rename legacy* vars to include version suffix]

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-10-25 13:11:56 -07:00
Boaz Shuster
dfd706e1a5 Elaborate more about port allocation in docs
Describe more how host port allocation is done when
container is stopped/started in "PublishAllPorts".

Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
2017-10-17 15:19:54 +03:00
Sebastiaan van Stijn
e52001c56e
Fix network name masking network ID on delete
If a network is created with a name that matches another
network's ID, the network with that name was masking the
other network's ID.

As a result, it was not possible to remove the network
with a given ID.

This patch changes the order in which networks are
matched to be what we use for other cases;

1. Match on full ID
2. Match on full Name
3. Match on Partial ID

Before this patch:

    $ docker network create foo
    336717eac9eaa3da6557042a04efc803f7e8862ce6cf96f6b9565265ba5c618b

    $ docker network create 336717eac9eaa3da6557042a04efc803f7e8862ce6cf96f6b9565265ba5c618b
    4a698333f1197f20224583abce14876d7f25fdfe416a8545927006c315915a2a

    $ docker network ls
    NETWORK ID          NAME                                                               DRIVER              SCOPE
    4a698333f119        336717eac9eaa3da6557042a04efc803f7e8862ce6cf96f6b9565265ba5c618b   bridge              local
    d1e40d43a2c0        bridge                                                             bridge              local
    336717eac9ea        foo                                                                bridge              local
    13cf280a1bbf        host                                                               host                local
    d9e4c03728a0        none                                                               null                local

    $ docker network rm 336717eac9eaa3da6557042a04efc803f7e8862ce6cf96f6b9565265ba5c618b
    4a698333f1197f20224583abce14876d7f25fdfe416a8545927006c315915a2a

    $ docker network ls
    NETWORK ID          NAME                DRIVER              SCOPE
    d1e40d43a2c0        bridge              bridge              local
    336717eac9ea        foo                 bridge              local
    13cf280a1bbf        host                host                local
    d9e4c03728a0        none                null                local

After this patch:

    $ docker network create foo
    2d1791a7def4e2a1ef0f6b83c6add333df0bb4ced2f196c584cb64e6bd94b835

    $ docker network create 2d1791a7def4e2a1ef0f6b83c6add333df0bb4ced2f196c584cb64e6bd94b835
    6cbc749a529cd2d9d3b10566c84e56c4203dd88b67417437b5fc7a6e955dd48f

    $ docker network ls
    NETWORK ID          NAME                                                               DRIVER              SCOPE
    6cbc749a529c        2d1791a7def4e2a1ef0f6b83c6add333df0bb4ced2f196c584cb64e6bd94b835   bridge              local
    166c943dbeb5        bridge                                                             bridge              local
    2d1791a7def4        foo                                                                bridge              local
    6c45b8aa6d8e        host                                                               host                local
    b11c96b51ea7        none                                                               null                local

    $ docker network rm 2d1791a7def4e2a1ef0f6b83c6add333df0bb4ced2f196c584cb64e6bd94b835
    2d1791a7def4e2a1ef0f6b83c6add333df0bb4ced2f196c584cb64e6bd94b835

    $ docker network ls
    NETWORK ID          NAME                                                               DRIVER              SCOPE
    6cbc749a529c        2d1791a7def4e2a1ef0f6b83c6add333df0bb4ced2f196c584cb64e6bd94b835   bridge              local
    166c943dbeb5        bridge                                                             bridge              local
    6c45b8aa6d8e        host                                                               host                local
    b11c96b51ea7        none                                                               null                local

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-10-11 21:57:05 +02:00
Victor Vieux
6f117e266f Merge pull request #35150 from thaJeztah/fix-api-version-check
Return 400 error if API client is too new
2017-10-11 11:26:12 -07:00
Justin Cormack
9b87491729 Remove Docker logo
No longer used as we are using the Moby logo.

Refer to #35115 for more details.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-10-11 13:17:59 +01:00
Sebastiaan van Stijn
01f9227ec9
Return 400 error if API client is too new
Commit e98e4a7111 implemented API version
negotiation using the `/_ping` endpoint. In that change, URL validation for the
maximum supported API version was removed from the API server (validation for
the _minimum_ version was kept in place).

With this feature, clients that support version negotiation would negotiate the
maximum version supported by the daemon, and downgrade to an older API version
if the client's default API version is not supported.

However, clients that do _not_ support version negotiation can call API versions
that are higher than the maximum supported version. Due to the missing version
check, this is silently ignored, and the daemon's default API version is used.

This is a problem, because the actual API version in use is non-deterministic;
for example, calling `/v9999.9999/version` on a daemon that runs API v1.34 will
use API v1.34, but calling the same URL on an older daemon may use API version
v1.24.

This patch reverts the removal of the API check for maximum supported versions.
The documentation has been updated accordingly

Before this patch is applied, the daemon returns a 200 (success):

    $ curl -v --unix-socket /var/run/docker.sock http://localhost/v9999.9999/version
    *   Trying /var/run/docker.sock...
    * Connected to localhost (/Users/sebastiaan/Library/Containers/com.dock) port 80 (#0)
    > GET /v9999.9999/version HTTP/1.1
    > Host: localhost
    > User-Agent: curl/7.54.0
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    < Api-Version: 1.32
    < Content-Length: 240
    < Content-Type: application/json
    < Date: Tue, 10 Oct 2017 09:11:29 GMT
    < Docker-Experimental: true
    < Ostype: linux
    < Server: Docker/17.09.0-ce (linux)
    <
    {"Version":"17.09.0-ce","ApiVersion":"1.32","MinAPIVersion":"1.12","GitCommit":"afdb6d4","GoVersion":"go1.8.3","Os":"linux","Arch":"amd64","KernelVersion":"4.9.49-moby","Experimental":true,"BuildTime":"2017-09-26T22:45:38.000000000+00:00"}
    * Connection #0 to host localhost left intact

After this patch is applied, a 400 (Bad Request) is returned:

    $ curl -v --unix-socket /var/run/docker.sock http://localhost/v9999.9999/version
    *   Trying /var/run/docker.sock...
    * Connected to localhost (/var/run/docker.sock) port 80 (#0)
    > GET /v9999.9999/info HTTP/1.1
    > Host: localhost
    > User-Agent: curl/7.52.1
    > Accept: */*
    >
    < HTTP/1.1 400 Bad Request
    < Content-Type: application/json
    < Date: Tue, 10 Oct 2017 08:08:34 GMT
    < Content-Length: 89
    <
    {"message":"client version 9999.9999 is too new. Maximim supported API version is 1.34"}
    * Curl_http_done: called premature == 0
    * Connection #0 to host localhost left intact

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-10-10 11:17:48 +02:00
Sebastiaan van Stijn
a249ec36dd
API docs: add information about Content-Length header
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-10-09 01:43:10 +02:00
Frieder Bluemle
b80472cef4
Fix GitHub spelling
Signed-off-by: Frieder Bluemle <frieder.bluemle@gmail.com>
2017-10-07 00:10:24 +08:00
Sebastiaan van Stijn
288abf0854
Bump API version to 1.34
Docker 17.10 was cut off from ab2b03a0e1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-09-30 01:13:20 +02:00
Allen Sun
4611ecd3cd add node/service/secret/config specific event filter
Signed-off-by: Allen Sun <shlallen1990@gmail.com>
2017-09-27 00:23:51 +08:00
Sebastiaan van Stijn
15a59e763b
Bump API version to 1.33
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-09-20 15:19:16 +02:00
Doug Davis
76a7f05795 Merge pull request #34594 from tizhou86/master
Fix typo in docs/api/version-history.md
2017-08-22 06:19:46 -07:00
Ti Zhou
a35bfd0b43 Fixed typo in docs/api/version-history.md
Signed-off-by: Ti Zhou <tizhou1986@gmail.com>
2017-08-22 16:47:08 +08:00
Christophe Vidal
dffa5d6df2 Dropped hyphen in bind mount where appropriate
Signed-off-by: Christophe Vidal <kriss@krizalys.com>
2017-08-19 21:25:07 +07:00
Kir Kolyshkin
7120976d74 Implement none, private, and shareable ipc modes
Since the commit d88fe447df ("Add support for sharing /dev/shm/ and
/dev/mqueue between containers") container's /dev/shm is mounted on the
host first, then bind-mounted inside the container. This is done that
way in order to be able to share this container's IPC namespace
(and the /dev/shm mount point) with another container.

Unfortunately, this functionality breaks container checkpoint/restore
(even if IPC is not shared). Since /dev/shm is an external mount, its
contents is not saved by `criu checkpoint`, and so upon restore any
application that tries to access data under /dev/shm is severily
disappointed (which usually results in a fatal crash).

This commit solves the issue by introducing new IPC modes for containers
(in addition to 'host' and 'container:ID'). The new modes are:

 - 'shareable':	enables sharing this container's IPC with others
		(this used to be the implicit default);

 - 'private':	disables sharing this container's IPC.

In 'private' mode, container's /dev/shm is truly mounted inside the
container, without any bind-mounting from the host, which solves the
issue.

While at it, let's also implement 'none' mode. The motivation, as
eloquently put by Justin Cormack, is:

> I wondered a while back about having a none shm mode, as currently it is
> not possible to have a totally unwriteable container as there is always
> a /dev/shm writeable mount. It is a bit of a niche case (and clearly
> should never be allowed to be daemon default) but it would be trivial to
> add now so maybe we should...

...so here's yet yet another mode:

 - 'none':	no /dev/shm mount inside the container (though it still
		has its own private IPC namespace).

Now, to ultimately solve the abovementioned checkpoint/restore issue, we'd
need to make 'private' the default mode, but unfortunately it breaks the
backward compatibility. So, let's make the default container IPC mode
per-daemon configurable (with the built-in default set to 'shareable'
for now). The default can be changed either via a daemon CLI option
(--default-shm-mode) or a daemon.json configuration file parameter
of the same name.

Note one can only set either 'shareable' or 'private' IPC modes as a
daemon default (i.e. in this context 'host', 'container', or 'none'
do not make much sense).

Some other changes this patch introduces are:

1. A mount for /dev/shm is added to default OCI Linux spec.

2. IpcMode.Valid() is simplified to remove duplicated code that parsed
   'container:ID' form. Note the old version used to check that ID does
   not contain a semicolon -- this is no longer the case (tests are
   modified accordingly). The motivation is we should either do a
   proper check for container ID validity, or don't check it at all
   (since it is checked in other places anyway). I chose the latter.

3. IpcMode.Container() is modified to not return container ID if the
   mode value does not start with "container:", unifying the check to
   be the same as in IpcMode.IsContainer().

3. IPC mode unit tests (runconfig/hostconfig_test.go) are modified
   to add checks for newly added values.

[v2: addressed review at https://github.com/moby/moby/pull/34087#pullrequestreview-51345997]
[v3: addressed review at https://github.com/moby/moby/pull/34087#pullrequestreview-53902833]
[v4: addressed the case of upgrading from older daemon, in this case
     container.HostConfig.IpcMode is unset and this is valid]
[v5: document old and new IpcMode values in api/swagger.yaml]
[v6: add the 'none' mode, changelog entry to docs/api/version-history.md]

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-08-14 10:50:39 +03:00
Sebastiaan van Stijn
1a0fbc4a6f Merge pull request #34287 from thaJeztah/bump-api-version
Bump API version to 1.32
2017-08-01 12:18:26 +02:00
Sebastiaan van Stijn
c8dad44c32
Add API documentation for plugable secret backends
Documents the API changes introduced in

0304c98d85 and
08f7cf0526

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-07-28 00:00:53 +02:00
Sebastiaan van Stijn
05121d5554
Bump API version to 1.32
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-07-27 18:50:31 +02:00
Sebastiaan van Stijn
48a83a3a18
Update API history and example response for volume CreatedAt
This adds the new `CreatedAt` field to the API version history
and updates some examples to show this information.

The `CreatedAt` field was implemented in a46f757c40

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-07-19 16:18:08 +02:00
Sebastiaan van Stijn
d0a8e73e7b
Service privileges: API docs
This documents the Service privileges
API changes, that were added in:
091b5e68ea

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-07-14 17:04:26 -07:00
Sebastiaan van Stijn
e5862d42b3 Merge pull request #34065 from allencloud/add-cluster-events-change
add cluster events change in version_history.md
2017-07-11 20:28:05 -07:00
allencloud
e9da15a660 add cluster events change in version_history.md
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-07-12 09:25:30 +08:00
allencloud
c8d6477e5a add config event in swagger.yml
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-07-12 08:48:14 +08:00
Sebastiaan van Stijn
dd5e818fab
Fix api-version history
Commit c79c16910c
inadvertently put these API changes under API 1.31,
but they were added in API 1.30.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-07-10 21:15:02 -07:00
Brian Goff
72c3bcf2a5 Make plugin emit strongly typed, consumable events
Enables other subsystems to watch actions for a plugin(s).

This will be used specifically for implementing plugins on swarm where a
swarm controller needs to watch the state of a plugin.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-07-06 14:26:06 -04:00
Sebastiaan van Stijn
9d95740dbf Merge pull request #33941 from thaJeztah/update-api-docs
Add missing API documentatoin for DataPathAddr
2017-07-05 18:35:45 -07:00
Sebastiaan van Stijn
c79c16910c
Add missing API documentatoin for DataPathAddr
COmmit 0307fe1a0b added
a new `DataPathAddr` property to the swarm/init and swarm/join
endpoints. This property was not yet added to the
documentation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-07-04 03:11:40 -07:00
Josh Soref
39bcaee47b
Spelling fixes
* additional
* ambiguous
* anonymous
* anything
* application
* because
* before
* building
* capabilities
* circumstances
* commit
* committer
* compresses
* concatenated
* config
* container
* container's
* current
* definition
* delimiter
* disassociates
* discovery
* distributed
* doesnotexist
* downloads
* duplicates
* either
* enhancing
* enumerate
* escapable
* exactly
* expect
* expectations
* expected
* explicitly
* false
* filesystem
* following
* forbidden
* git with
* healthcheck
* ignore
* independent
* inheritance
* investigating
* irrelevant
* it
* logging
* looking
* membership
* mimic
* minimum
* modify
* mountpoint
* multiline
* notifier
* outputting
* outside
* overridden
* override
* parsable
* plugins
* precedence
* propagation
* provided
* provides
* registries
* repositories
* returning
* settings
* should
* signals
* someone
* something
* specifically
* successfully
* synchronize
* they've
* thinking
* uninitialized
* unintentionally
* unmarshaling
* unnamed
* unreferenced
* verify

Signed-off-by: Josh Soref <jsoref@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-07-03 13:13:09 -07:00
Daniel Nephin
016eea004b
Set a LastUpdated time in image metadata when an image tag is updated.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-26 12:16:26 -07:00
Sebastiaan van Stijn
b8b8a9c837
Documentation updates for interactive sessions
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-22 15:36:56 -07:00
Tibor Vass
b5579a4ce3 Remove docs (except docs/api), experimental/, contrib/completion, man/
They have been moved to github.com/docker/cli.

Signed-off-by: Tibor Vass <tibor@docker.com>
2017-06-14 03:14:46 +00:00
Aaron Lehmann
4310f7da7e Merge pull request #33630 from yongtang/167-cli-network-inspect-scope
Add `scope` filter in `GET /networks/(id or name)`
2017-06-12 18:27:24 -07:00
Yong Tang
158b2a1875 Add scope filter in /networks/<id>
This fix tries to add a `scope` in the query of `/networks/<id>`
(`NetworkInspect`) so that in case of duplicate network names,
it is possible to locate the network ID based on the network
scope (`local`, 'swarm', or `global`).

Multiple networks might exist in different scopes, which is a legitimate case.
For example, a network name `foo` might exists locally and in swarm network.

However, before this PR it was not possible to query a network name `foo`
in a specific scope like swarm.

This fix fixes the issue by allowing a `scope` query in `/networks/<id>`.

Additional test cases have been added to unit tests and integration tests.

This fix is related to docker/cli#167, moby/moby#30897, moby/moby#33561, moby/moby#30242

This fix fixes docker/cli#167

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-12 09:54:25 -07:00
Sebastiaan van Stijn
2b8f0eef73 Update docs, completion scripts for disable-legacy-registry
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-12 11:04:37 +02:00