When using both `--secret-rm` and `--secret-add` on `docker service update`,
`--secret-rm` was always performed last. This made it impossible to update
a secret that was already in use on a service (for example, to change
it's permissions, or mount-location inside the container).
This patch changes the order in which `rm` and `add` are performed,
allowing updating a secret in a single `docker service update`.
Before this change, the `rm` was always performed "last", so the secret
was always removed:
$ echo "foo" | docker secret create foo -f -
foo
$ docker service create --name myservice --secret foo nginx:alpine
62xjcr9sr0c2hvepdzqrn3ssn
$ docker service update --secret-rm foo --secret-add source=foo,target=foo2 myservice
myservice
$ docker service inspect --format '{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}' myservice | jq .
null
After this change, the `rm` is performed _first_, allowing users to
update a secret without updating the service _twice_;
$ echo "foo" | docker secret create foo -f -
1bllmvw3a1yaq3eixqw3f7bjl
$ docker service create --name myservice --secret foo nginx:alpine
lr6s3uoggli1x0hab78glpcxo
$ docker service update --secret-rm foo --secret-add source=foo,target=foo2 myservice
myservice
$ docker service inspect --format '{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}' myservice | jq .
[
{
"File": {
"Name": "foo2",
"UID": "0",
"GID": "0",
"Mode": 292
},
"SecretID": "tn9qiblgnuuut11eufquw5dev",
"SecretName": "foo"
}
]
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
I was seeing this for windowsRS1 testing:
17:20:36 ----------------------------------------------------------------------
17:20:36 FAIL: docker_cli_restart_test.go:31: DockerSuite.TestRestartRunningContainer
17:20:36
17:20:36 docker_cli_restart_test.go:39:
17:20:36 c.Assert(out, checker.Equals, "foobar\n")
17:20:36 ... obtained string = ""
17:20:36 ... expected string = "foobar\n"
17:20:36
17:20:59
17:20:59 ----------------------------------------------------------------------
and I think its because there's a delay between the time the container is
started and the 'echo' is actually run. This gives it up to 10 seconds
to do the 'echo' before giving up.
/cc @jhowardmsft
Signed-off-by: Doug Davis <dug@us.ibm.com>
Fix#29344
If HOME is not set, the gcplogs logging driver will call os/user.Current() via oauth2/google.
However, in static binary, os/user.Current() leads to segfault due to a glibc issue that won't be fixed
in a short term. (golang/go#13470, https://sourceware.org/bugzilla/show_bug.cgi?id=19341)
So we forcibly set HOME so as to avoid call to os/user/Current().
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Call daemon.Mount will increase the refcount of mounted path,
for those previous running containers, `Mount` call will make
the refcount to 2. see
https://github.com/docker/docker/blob/v1.13.0-rc4/daemon/graphdriver/counter.go#L38
```
if !m.check {
m.check = true
if c.checker.IsMounted(path) {
m.count++
}
}
m.count++
```
graphdrive could restore on reboot after #22541, call
daemon.Mount to resore the graphdriver is not necessary.
And call `daemon.Mount` on restorting will mount all the containers
mounted layer even if it was stop.
This fix call Mount and then Unmount to get `BaseFs`
Signed-off-by: Lei Jitang <leijitang@huawei.com>
This fix is a follow up based on comment:
and a follow up to:
https://github.com/docker/docker/pull/29222#issuecomment-268908937
As #28789 has been merged in, it is possible for `docker plugin inspect`
to search based on Name or ID Prefix. However, ID-based
`docker plugin enable/disable/rm/set` are still not possible.
This fix addes test for `docker plugin enable/disable/rm/set` to search based on:
- Full ID
- Full Name
- Partial ID (prefix)
The actual fix is done in #29487.
This fix is a follow up of #28789 and #29487.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
- Move *one-shot* (one use) function where it is actually used (easier
to know what's going on).
- Remove `pullImageIfNotExist` function as it might be an artifact
from way back. We don't need it as we already have frozen/loaded
image of busybox.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
- Make it possible to define a shorter waiting time of httputils
- Make a small hack to reduce the waiting time on distribution/xfer
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Signed-off-by: zhenghenghuo <zhenghenghuo@zju.edu.cn>
try to pass test
Signed-off-by: zhenghenghuo <zhenghenghuo@zju.edu.cn>
try to pass the test
Signed-off-by: zhenghenghuo <zhenghenghuo@zju.edu.cn>
