beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
moby/daemon/delete.go

189 lines
6.5 KiB
Go
Raw Normal View History

Add canonical import comment Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-05 21:05:59 +00:00
package daemon // import "github.com/docker/docker/daemon"
Move "delete" to daemon/delete.go This is part of an effort to break apart the deprecated server/ package Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) Fix issues with renaming container_delete to delete Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
2014-07-31 21:12:12 +00:00
import (
backend: add StopOptions to ContainerRestart and ContainerStop While we're modifying the interface, also add a context to both. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-20 22:23:26 +00:00
"context"
Build names and links at runtime Don't rely on sqlite db for name registration and linking. Instead register names and links when the daemon starts to an in-memory store. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-09-04 00:51:04 +00:00
"fmt"
Move "delete" to daemon/delete.go This is part of an effort to break apart the deprecated server/ package Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) Fix issues with renaming container_delete to delete Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
2014-07-31 21:12:12 +00:00
"os"
"path"
Build names and links at runtime Don't rely on sqlite db for name registration and linking. Instead register names and links when the daemon starts to an in-memory store. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-09-04 00:51:04 +00:00
"strings"
Add basic prometheus support This adds a metrics packages that creates additional metrics. Add the metrics endpoint to the docker api server under `/metrics`. Signed-off-by: Michael Crosby <crosbymichael@gmail.com> Add metrics to daemon package Signed-off-by: Michael Crosby <crosbymichael@gmail.com> api: use standard way for metrics route Also add "type" query parameter Signed-off-by: Alexander Morozov <lk4d4@docker.com> Convert timers to ms Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-07-20 23:11:28 +00:00
"time"
Move "delete" to daemon/delete.go This is part of an effort to break apart the deprecated server/ package Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) Fix issues with renaming container_delete to delete Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
2014-07-31 21:12:12 +00:00
daemon: Handle NotFound when deleting container lease If the lease doesn't exit (for example when creating the container failed), just ignore the not found error. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-08-21 14:52:32 +00:00
cerrdefs "github.com/containerd/containerd/errdefs"
Implement run using the containerd snapshotter Signed-off-by: Djordje Lukic <djordje.lukic@docker.com> c8d/daemon: Mount root and fill BaseFS This fixes things that were broken due to nil BaseFS like `docker cp` and running a container with workdir override. This is more of a temporary hack than a real solution. The correct fix would be to refactor the code to make BaseFS and LayerRW an implementation detail of the old image store implementation and use the temporary mounts for the c8d implementation instead. That requires more work though. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com> daemon/images: Don't unset BaseFS Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2022-07-25 12:22:05 +00:00
"github.com/containerd/containerd/leases"
migrate to github.com/containerd/log v0.1.0 The github.com/containerd/containerd/log package was moved to a separate module, which will also be used by upcoming (patch) releases of containerd. This patch moves our own uses of the package to use the new module. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-13 15:41:45 +00:00
"github.com/containerd/log"
Add engine-api types to docker This moves the types for the `engine-api` repo to the existing types package. Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-09-06 18:18:12 +00:00
"github.com/docker/docker/api/types"
backend: add StopOptions to ContainerRestart and ContainerStop While we're modifying the interface, also add a context to both. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-20 22:23:26 +00:00
containertypes "github.com/docker/docker/api/types/container"
api/types/events: define "Action" type and consts Define consts for the Actions we use for events, instead of "ad-hoc" strings. Having these consts makes it easier to find where specific events are triggered, makes the events less error-prone, and allows documenting each Action (if needed). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-26 13:24:46 +00:00
"github.com/docker/docker/api/types/events"
Move Container to its own package. So other packages don't need to import the daemon package when they want to use this struct. Signed-off-by: David Calavera <david.calavera@gmail.com> Signed-off-by: Tibor Vass <tibor@docker.com>
2015-11-12 19:55:17 +00:00
"github.com/docker/docker/container"
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
"github.com/docker/docker/daemon/config"
Move api/errdefs to errdefs Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2018-01-11 19:53:06 +00:00
"github.com/docker/docker/errdefs"
pkg/system: move EnsureRemoveAll() to pkg/containerfs pkg/system historically has been a bit of a kitchen-sink of things that were somewhat "system" related, but didn't have a good place for. EnsureRemoveAll() is one of those utilities. EnsureRemoveAll() is used to both unmount and remove a path, for which it depends on both github.com/moby/sys/mount, which in turn depends on github.com/moby/sys/mountinfo. pkg/system is imported in the CLI, but neither EnsureRemoveAll(), nor any of its moby/sys dependencies are used on the client side, so let's move this function somewhere else, to remove those dependencies from the CLI. I looked for plausible locations that were related; it's used in: - daemon - daemon/graphdriver/XXX/ - plugin I considered moving it into a (e.g.) "utils" package within graphdriver (but not a huge fan of "utils" packages), and given that it felt (mostly) related to cleaning up container filesystems, I decided to move it there. Some things to follow-up on after this: - Verify if this function is still needed (it feels a bit like a big hammer in a "YOLO, let's try some things just in case it fails") - Perhaps it should be integrated in `containerfs.Remove()` (so that it's used automatically) - Look if there's other implementations (and if they should be consolidated), although (e.g.) the one in containerd is a copy of ours: https://github.com/containerd/containerd/blob/v1.5.9/pkg/cri/server/helpers_linux.go#L200 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-02 21:43:07 +00:00
"github.com/docker/docker/pkg/containerfs"
vendor: opencontainers/selinux v1.8.0, and remove selinux build-tag and stubs full diff: https://github.com/opencontainers/selinux/compare/v1.7.0...v1.8.0 Remove "selinux" build tag Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-14 10:46:58 +00:00
"github.com/opencontainers/selinux/go-selinux"
do not ignore "volume in use" errors when force-delete When using `docker volume rm -f`, all errors were ignored, and volumes where Purged, even if they were still in use by a container. As a result, repeated calls to `docker volume rm -f` actually removed the volume. The `-f` option was implemented to ignore errors in case a volume was already removed out-of-band by a volume driver plugin. This patch changes the remove function to not ignore "volume in use" errors if `-f` is used. Other errors are still ignored as before. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-03-01 13:36:09 +00:00
"github.com/pkg/errors"
Move "delete" to daemon/delete.go This is part of an effort to break apart the deprecated server/ package Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) Fix issues with renaming container_delete to delete Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
2014-07-31 21:12:12 +00:00
)
golint fixes for daemon/ package - some method names were changed to have a 'Locking' suffix, as the downcased versions already existed, and the existing functions simply had locks around the already downcased version. - deleting unused functions - package comment - magic numbers replaced by golang constants - comments all over Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
2015-07-30 21:01:53 +00:00
// ContainerRm removes the container id from the filesystem. An error
// is returned if the container is not found, or if the remove
// fails. If the remove succeeds, the container name is released, and
// network links are removed.
move configs structs to remove dependency on daemon - Moved the following config structs to api/types - ContainerRmConfig - ContainerCommitConfig Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
2015-12-04 20:34:43 +00:00
func (daemon *Daemon) ContainerRm(name string, config *types.ContainerRmConfig) error {
daemon: reload runtimes w/o breaking containers The existing runtimes reload logic went to great lengths to replace the directory containing runtime wrapper scripts as atomically as possible within the limitations of the Linux filesystem ABI. Trouble is, atomically swapping the wrapper scripts directory solves the wrong problem! The runtime configuration is "locked in" when a container is started, including the path to the runC binary. If a container is started with a runtime which requires a daemon-managed wrapper script and then the daemon is reloaded with a config which no longer requires the wrapper script (i.e. some args -> no args, or the runtime is dropped from the config), that container would become unmanageable. Any attempts to stop, exec or otherwise perform lifecycle management operations on the container are likely to fail due to the wrapper script no longer existing at its original path. Atomically swapping the wrapper scripts is also incompatible with the read-copy-update paradigm for reloading configuration. A handler in the daemon could retain a reference to the pre-reload configuration for an indeterminate amount of time after the daemon configuration has been reloaded and updated. It is possible for the daemon to attempt to start a container using a deleted wrapper script if a request to run a container races a reload. Solve the problem of deleting referenced wrapper scripts by ensuring that all wrapper scripts are *immutable* for the lifetime of the daemon process. Any given runtime wrapper script must always exist with the same contents, no matter how many times the daemon config is reloaded, or what changes are made to the config. This is accomplished by using everyone's favourite design pattern: content-addressable storage. Each wrapper script file name is suffixed with the SHA-256 digest of its contents to (probabilistically) guarantee immutability without needing any concurrency control. Stale runtime wrapper scripts are only cleaned up on the next daemon restart. Split the derived runtimes configuration from the user-supplied configuration to have a place to store derived state without mutating the user-supplied configuration or exposing daemon internals in API struct types. Hold the derived state and the user-supplied configuration in a single struct value so that they can be updated as an atomic unit. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-31 20:12:30 +00:00
return daemon.containerRm(&daemon.config().Config, name, config)
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
}
func (daemon *Daemon) containerRm(cfg *config.Config, name string, opts *types.ContainerRmConfig) error {
Add basic prometheus support This adds a metrics packages that creates additional metrics. Add the metrics endpoint to the docker api server under `/metrics`. Signed-off-by: Michael Crosby <crosbymichael@gmail.com> Add metrics to daemon package Signed-off-by: Michael Crosby <crosbymichael@gmail.com> api: use standard way for metrics route Also add "type" query parameter Signed-off-by: Alexander Morozov <lk4d4@docker.com> Convert timers to ms Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-07-20 23:11:28 +00:00
start := time.Now()
daemon: rename some variables, import-aliases and receivers - daemon/delete: rename var that collided with import, remove output var - daemon: fix inconsistent receiver name and package aliases - daemon/stop: rename imports and variables to standard naming This is in preparation of some changes, but keeping it in a separate commit to make review of other changes easier. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-21 22:46:07 +00:00
ctr, err := daemon.GetContainer(name)
Closes #9311 Handles container id/name collisions against daemon functionalities according to #8069 Signed-off-by: Andrew C. Bodine <acbodine@us.ibm.com>
2014-12-16 23:06:35 +00:00
if err != nil {
Remove engine.Status and replace it with standard go error Signed-off-by: Antonio Murdaca <me@runcom.ninja>
2015-03-25 07:44:12 +00:00
return err
Split volumes out from daemon Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
2014-08-28 14:18:08 +00:00
}
Fix race between two ContainerRm Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-12-01 17:54:26 +00:00
// Container state RemovalInProgress should be used to avoid races.
daemon: rename some variables, import-aliases and receivers - daemon/delete: rename var that collided with import, remove output var - daemon: fix inconsistent receiver name and package aliases - daemon/stop: rename imports and variables to standard naming This is in preparation of some changes, but keeping it in a separate commit to make review of other changes easier. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-21 22:46:07 +00:00
if inProgress := ctr.SetRemovalInProgress(); inProgress {
make client side know container removal in progress Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-08-27 13:39:34 +00:00
err := fmt.Errorf("removal of container %s is already in progress", name)
Add helpers to create errdef errors Instead of having to create a bunch of custom error types that are doing nothing but wrapping another error in sub-packages, use a common helper to create errors of the requested type. e.g. instead of re-implementing this over and over: ```go type notFoundError struct { cause error } func(e notFoundError) Error() string { return e.cause.Error() } func(e notFoundError) NotFound() {} func(e notFoundError) Cause() error { return e.cause } ``` Packages can instead just do: ``` errdefs.NotFound(err) ``` Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-11-29 04:09:37 +00:00
return errdefs.Conflict(err)
Fix race between two ContainerRm Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-12-01 17:54:26 +00:00
}
daemon: rename some variables, import-aliases and receivers - daemon/delete: rename var that collided with import, remove output var - daemon: fix inconsistent receiver name and package aliases - daemon/stop: rename imports and variables to standard naming This is in preparation of some changes, but keeping it in a separate commit to make review of other changes easier. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-21 22:46:07 +00:00
defer ctr.ResetRemovalInProgress()
Fix race between two ContainerRm Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-12-01 17:54:26 +00:00
// check if container wasn't deregistered by previous rm since Get
daemon: rename some variables, import-aliases and receivers - daemon/delete: rename var that collided with import, remove output var - daemon: fix inconsistent receiver name and package aliases - daemon/stop: rename imports and variables to standard naming This is in preparation of some changes, but keeping it in a separate commit to make review of other changes easier. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-21 22:46:07 +00:00
if c := daemon.containers.Get(ctr.ID); c == nil {
Fix race between two ContainerRm Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-12-01 17:54:26 +00:00
return nil
}
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
if opts.RemoveLink {
return daemon.rmLink(cfg, ctr, name)
Move "delete" to daemon/delete.go This is part of an effort to break apart the deprecated server/ package Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) Fix issues with renaming container_delete to delete Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
2014-07-31 21:12:12 +00:00
}
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
err = daemon.cleanupContainer(ctr, *opts)
Add basic prometheus support This adds a metrics packages that creates additional metrics. Add the metrics endpoint to the docker api server under `/metrics`. Signed-off-by: Michael Crosby <crosbymichael@gmail.com> Add metrics to daemon package Signed-off-by: Michael Crosby <crosbymichael@gmail.com> api: use standard way for metrics route Also add "type" query parameter Signed-off-by: Alexander Morozov <lk4d4@docker.com> Convert timers to ms Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-07-20 23:11:28 +00:00
containerActions.WithValues("delete").UpdateSince(start)
return err
Move "delete" to daemon/delete.go This is part of an effort to break apart the deprecated server/ package Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) Fix issues with renaming container_delete to delete Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
2014-07-31 21:12:12 +00:00
}
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
func (daemon *Daemon) rmLink(cfg *config.Config, container *container.Container, name string) error {
Build names and links at runtime Don't rely on sqlite db for name registration and linking. Instead register names and links when the daemon starts to an in-memory store. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-09-04 00:51:04 +00:00
if name[0] != '/' {
name = "/" + name
daemon/delete.go: use less confusing naming of functions Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-12-02 17:18:34 +00:00
}
parent, n := path.Split(name)
if parent == "/" {
Updates daemon's remove link method to use more verbose error output. Signed-off-by: Aaron Hnatiw <aaron@griddio.com>
2019-04-25 16:57:56 +00:00
return fmt.Errorf("Conflict, cannot remove the default link name of the container")
daemon/delete.go: use less confusing naming of functions Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-12-02 17:18:34 +00:00
}
Build names and links at runtime Don't rely on sqlite db for name registration and linking. Instead register names and links when the daemon starts to an in-memory store. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-09-04 00:51:04 +00:00
parent = strings.TrimSuffix(parent, "/")
Store container names in memdb Currently, names are maintained by a separate system called "registrar". This means there is no way to atomically snapshot the state of containers and the names associated with them. We can add this atomicity and simplify the code by storing name associations in the memdb. This removes the need for pkg/registrar, and makes snapshots a lot less expensive because they no longer need to copy all the names. This change also avoids some problematic behavior from pkg/registrar where it returns slices which may be modified later on. Note that while this change makes the *snapshotting* atomic, it doesn't yet do anything to make sure containers are named at the same time that they are added to the database. We can do that by adding a transactional interface, either as a followup, or as part of this PR. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-06-30 01:56:22 +00:00
pe, err := daemon.containersReplica.Snapshot().GetID(parent)
Build names and links at runtime Don't rely on sqlite db for name registration and linking. Instead register names and links when the daemon starts to an in-memory store. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-09-04 00:51:04 +00:00
if err != nil {
Updates daemon's remove link method to use more verbose error output. Signed-off-by: Aaron Hnatiw <aaron@griddio.com>
2019-04-25 16:57:56 +00:00
return fmt.Errorf("Cannot get parent %s for link name %s", parent, name)
daemon/delete.go: use less confusing naming of functions Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-12-02 17:18:34 +00:00
}
Build names and links at runtime Don't rely on sqlite db for name registration and linking. Instead register names and links when the daemon starts to an in-memory store. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-09-04 00:51:04 +00:00
daemon.releaseName(name)
parentContainer, _ := daemon.GetContainer(pe)
daemon/delete.go: use less confusing naming of functions Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-12-02 17:18:34 +00:00
if parentContainer != nil {
Build names and links at runtime Don't rely on sqlite db for name registration and linking. Instead register names and links when the daemon starts to an in-memory store. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-09-04 00:51:04 +00:00
daemon.linkIndex.unlink(name, container, parentContainer)
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
if err := daemon.updateNetwork(cfg, parentContainer); err != nil {
Switch all logging to use containerd log pkg This unifies our logging and allows us to propagate logging and trace contexts together. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-06-23 00:33:17 +00:00
log.G(context.TODO()).Debugf("Could not update network to remove link %s: %v", n, err)
daemon/delete.go: use less confusing naming of functions Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-12-02 17:18:34 +00:00
}
}
return nil
}
// cleanupContainer unregisters a container from the daemon, stops stats
// collection and cleanly removes contents and metadata from the filesystem.
daemon: cleanupContainer(): pass ContainerRmConfig as parameter We already have this config, so might as well pass it, instead of passing each option as a separate argument. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-20 22:14:25 +00:00
func (daemon *Daemon) cleanupContainer(container *container.Container, config types.ContainerRmConfig) error {
Cleanup container rm funcs Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-05-26 19:38:52 +00:00
if container.IsRunning() {
daemon: cleanupContainer(): pass ContainerRmConfig as parameter We already have this config, so might as well pass it, instead of passing each option as a separate argument. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-20 22:14:25 +00:00
if !config.ForceRemove {
daemon: cleanupContainer: slightly cleanup error messages Also remove integration-cli: `DockerAPISuite.TestContainerAPIDeleteConflict`, which was testing the same conditions as `TestRemoveContainerRunning` in integration/container. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-13 19:47:25 +00:00
if state := container.StateString(); state == "paused" {
return errdefs.Conflict(fmt.Errorf("cannot remove container %q: container is %s and must be unpaused first", container.Name, state))
} else {
return errdefs.Conflict(fmt.Errorf("cannot remove container %q: container is %s: stop the container before removing or force remove", container.Name, state))
Fix the rm error message when a container is restarting/paused Running the rm command on a paused/restarting container will give an error message saying the container is running which is incorrect. To fix that, the error message will have the correct container state and a procedure to remove it accordingly. Notice: docker-py was bumped to: 4a08d04aef0595322e1b5ac7c52f28a931da85a5 Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
2017-02-09 10:48:33 +00:00
}
Cleanup container rm funcs Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-05-26 19:38:52 +00:00
}
daemon: cleanupContainer: don't fail if container is already stopped Saw this failure in a flaky test, and I wondered why we consider this an error condition; === RUN TestKillWithStopSignalAndRestartPolicies main_test.go:32: assertion failed: error is not nil: Error response from daemon: Could not kill running container 668f62511f4aa62357269cd405cff1fbe295b7f6d5011e7cfed434e3072330b7, cannot remove - Container 668f62511f4aa62357269cd405cff1fbe295b7f6d5011e7cfed434e3072330b7 is not running: failed to remove 668f62511f4aa62357269cd405cff1fbe295b7f6d5011e7cfed434e3072330b7 --- FAIL: TestKillWithStopSignalAndRestartPolicies (0.84s) === RUN TestKillWithStopSignalAndRestartPolicies/same-signal-disables-restart-policy --- PASS: TestKillWithStopSignalAndRestartPolicies/same-signal-disables-restart-policy (0.42s) === RUN TestKillWithStopSignalAndRestartPolicies/different-signal-keep-restart-policy --- PASS: TestKillWithStopSignalAndRestartPolicies/different-signal-keep-restart-policy (0.23s) In the above; 1. `Error response from daemon: Could not kill running container 668f62511f4aa62357269cd405cff1fbe295b7f6d5011e7cfed434e3072330b7` 2. `cannot remove - Container 668f62511f4aa62357269cd405cff1fbe295b7f6d5011e7cfed434e3072330b7 is not running` 3. `failed to remove 668f62511f4aa62357269cd405cff1fbe295b7f6d5011e7cfed434e3072330b7` So it looks like the removal fails because we couldn't kill the container because it was already stopped, which may be a race condition where the first check shows the container to be running (but may already be in process to be removed or killed. In either case, we probably shouldn't fail the removal if the container is already stopped. This patch adds a `isNotRunning()` utility, so that we can ignore this case, and proceed with the removal. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-13 19:37:24 +00:00
if err := daemon.Kill(container); err != nil && !isNotRunning(err) {
return fmt.Errorf("cannot remove container %q: could not kill: %w", container.Name, err)
Cleanup container rm funcs Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-05-26 19:38:52 +00:00
}
Move "delete" to daemon/delete.go This is part of an effort to break apart the deprecated server/ package Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) Fix issues with renaming container_delete to delete Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
2014-07-31 21:12:12 +00:00
}
Do not fail when a container is being removed and we request its delete again. Abort the process and return a success response, letting the original request finish its job. Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-10-20 20:36:09 +00:00
// stop collection of stats for the container regardless
// if stats are currently getting collected.
Extract daemon statsCollector to its own package Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-04 17:01:59 +00:00
daemon.statsCollector.StopCollection(container)
Do not fail when a container is being removed and we request its delete again. Abort the process and return a success response, letting the original request finish its job. Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-10-20 20:36:09 +00:00
daemon: move default stop-timeout to containerStop() This avoids having to determine what the default is in various parts of the code. If no custom timeout is passed (nil), the default will be used. Also remove the named return variable from cleanupContainer(), as it wasn't used. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-20 20:43:13 +00:00
// stopTimeout is the number of seconds to wait for the container to stop
// gracefully before forcibly killing it.
//
// Why 3 seconds? The timeout specified here was originally added in commit
// 1615bb08c7c3fc6c4b22db0a633edda516f97cf0, which added a custom timeout to
// some commands, but lacking an option for a timeout on "docker rm", was
// hardcoded to 10 seconds. Commit 28fd289b448164b77affd8103c0d96fd8110daf9
// later on updated this to 3 seconds (but no background on that change).
//
// If you arrived here and know the answer, you earned yourself a picture
// of a cute animal of your own choosing.
daemon: format code with gofumpt Formatting the code with https://github.com/mvdan/gofumpt Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-20 13:25:24 +00:00
stopTimeout := 3
backend: add StopOptions to ContainerRestart and ContainerStop While we're modifying the interface, also add a context to both. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-20 22:23:26 +00:00
if err := daemon.containerStop(context.TODO(), container, containertypes.StopOptions{Timeout: &stopTimeout}); err != nil {
Move "delete" to daemon/delete.go This is part of an effort to break apart the deprecated server/ package Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) Fix issues with renaming container_delete to delete Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
2014-07-31 21:12:12 +00:00
return err
}
container: Do not remove contianer if any of the resource failed cleanup Do not remove container if any of the resource could not be cleaned up. We don't want to leak resources. Two new states have been created. RemovalInProgress and Dead. Once container is Dead, it can not be started/restarted. Dead container signifies the container where we tried to remove it but removal failed. User now needs to figure out what went wrong, corrent the situation and try cleanup again. RemovalInProgress signifies that container is already being removed. Only one removal can be in progress. Also, do not allow start of a container if it is already dead or removal is in progress. Also extend existing force option (-f) to docker rm to not return an error and remove container from user view even if resource cleanup failed. This will allow a user to get back to old behavior where resources might leak but atleast user will be able to make progress. Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2015-03-12 19:26:17 +00:00
// Mark container dead. We don't want anybody to be restarting it.
keep a consistent view of containers rendered Replicate relevant mutations to the in-memory ACID store. Readers will then be able to query container state without locking. Signed-off-by: Fabio Kung <fabio.kung@gmail.com>
2017-02-22 22:02:20 +00:00
container.Lock()
container.Dead = true
container: Do not remove contianer if any of the resource failed cleanup Do not remove container if any of the resource could not be cleaned up. We don't want to leak resources. Two new states have been created. RemovalInProgress and Dead. Once container is Dead, it can not be started/restarted. Dead container signifies the container where we tried to remove it but removal failed. User now needs to figure out what went wrong, corrent the situation and try cleanup again. RemovalInProgress signifies that container is already being removed. Only one removal can be in progress. Also, do not allow start of a container if it is already dead or removal is in progress. Also extend existing force option (-f) to docker rm to not return an error and remove container from user view even if resource cleanup failed. This will allow a user to get back to old behavior where resources might leak but atleast user will be able to make progress. Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2015-03-12 19:26:17 +00:00
// Save container state to disk. So that if error happens before
// container meta file got removed from disk, then a restart of
// docker should not make a dead container alive.
save deep copies of Container in the replica store Reuse existing structures and rely on json serialization to deep copy Container objects. Also consolidate all "save" operations on container.CheckpointTo, which now both saves a serialized json to disk, and replicates state to the ACID in-memory store. Signed-off-by: Fabio Kung <fabio.kung@gmail.com>
2017-03-27 17:18:53 +00:00
if err := container.CheckpointTo(daemon.containersReplica); err != nil && !os.IsNotExist(err) {
Switch all logging to use containerd log pkg This unifies our logging and allows us to propagate logging and trace contexts together. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-06-23 00:33:17 +00:00
log.G(context.TODO()).Errorf("Error saving dying container to disk: %v", err)
Show error message when todisk failed Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-07-02 10:24:35 +00:00
}
keep a consistent view of containers rendered Replicate relevant mutations to the in-memory ACID store. Readers will then be able to query container state without locking. Signed-off-by: Fabio Kung <fabio.kung@gmail.com>
2017-02-22 22:02:20 +00:00
container.Unlock()
container: Do not remove contianer if any of the resource failed cleanup Do not remove container if any of the resource could not be cleaned up. We don't want to leak resources. Two new states have been created. RemovalInProgress and Dead. Once container is Dead, it can not be started/restarted. Dead container signifies the container where we tried to remove it but removal failed. User now needs to figure out what went wrong, corrent the situation and try cleanup again. RemovalInProgress signifies that container is already being removed. Only one removal can be in progress. Also, do not allow start of a container if it is already dead or removal is in progress. Also extend existing force option (-f) to docker rm to not return an error and remove container from user view even if resource cleanup failed. This will allow a user to get back to old behavior where resources might leak but atleast user will be able to make progress. Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2015-03-12 19:26:17 +00:00
when container had no layer data, cleanupContainer crashed Signed-off-by: mYmNeo <thomassong@tencent.com>
2016-04-05 01:30:05 +00:00
// When container creation fails and `RWLayer` has not been created yet, we
// do not call `ReleaseRWLayer`
if container.RWLayer != nil {
daemon.cleanupContainer() remove named return variable It only made the code more difficult to read, adding cognitive overload. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-25 11:36:38 +00:00
if err := daemon.imageService.ReleaseLayer(container.RWLayer); err != nil {
Move all daemon image methods into imageService imageService provides the backend for the image API and handles the imageStore, and referenceStore. Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-02 22:18:46 +00:00
err = errors.Wrapf(err, "container %s", container.ID)
container.SetRemovalError(err)
return err
when container had no layer data, cleanupContainer crashed Signed-off-by: mYmNeo <thomassong@tencent.com>
2016-04-05 01:30:05 +00:00
}
daemon.cleanupContainer: nullify container RWLayer upon release ReleaseRWLayer can and should only be called once (unless it returns an error), but might be called twice in case of a failure from `system.EnsureRemoveAll(container.Root)`. This results in the following error: > Error response from daemon: driver "XXX" failed to remove root filesystem for YYY: layer not retained The obvious fix is to set container.RWLayer to nil as soon as ReleaseRWLayer() succeeds. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-01-30 23:01:45 +00:00
container.RWLayer = nil
Implement run using the containerd snapshotter Signed-off-by: Djordje Lukic <djordje.lukic@docker.com> c8d/daemon: Mount root and fill BaseFS This fixes things that were broken due to nil BaseFS like `docker cp` and running a container with workdir override. This is more of a temporary hack than a real solution. The correct fix would be to refactor the code to make BaseFS and LayerRW an implementation detail of the old image store implementation and use the temporary mounts for the c8d implementation instead. That requires more work though. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com> daemon/images: Don't unset BaseFS Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2022-07-25 12:22:05 +00:00
} else {
if daemon.UsesSnapshotter() {
daemon: rename containerdCli to containerdClient The containerdCli was somewhat confusing (is it the CLI?); let's rename to make it match what it is :) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-18 11:57:27 +00:00
ls := daemon.containerdClient.LeasesService()
Implement run using the containerd snapshotter Signed-off-by: Djordje Lukic <djordje.lukic@docker.com> c8d/daemon: Mount root and fill BaseFS This fixes things that were broken due to nil BaseFS like `docker cp` and running a container with workdir override. This is more of a temporary hack than a real solution. The correct fix would be to refactor the code to make BaseFS and LayerRW an implementation detail of the old image store implementation and use the temporary mounts for the c8d implementation instead. That requires more work though. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com> daemon/images: Don't unset BaseFS Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2022-07-25 12:22:05 +00:00
lease := leases.Lease{
ID: container.ID,
}
if err := ls.Delete(context.Background(), lease, leases.SynchronousDelete); err != nil {
daemon: Handle NotFound when deleting container lease If the lease doesn't exit (for example when creating the container failed), just ignore the not found error. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-08-21 14:52:32 +00:00
if !cerrdefs.IsNotFound(err) {
container.SetRemovalError(err)
return err
}
Implement run using the containerd snapshotter Signed-off-by: Djordje Lukic <djordje.lukic@docker.com> c8d/daemon: Mount root and fill BaseFS This fixes things that were broken due to nil BaseFS like `docker cp` and running a container with workdir override. This is more of a temporary hack than a real solution. The correct fix would be to refactor the code to make BaseFS and LayerRW an implementation detail of the old image store implementation and use the temporary mounts for the c8d implementation instead. That requires more work though. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com> daemon/images: Don't unset BaseFS Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2022-07-25 12:22:05 +00:00
}
}
Move "delete" to daemon/delete.go This is part of an effort to break apart the deprecated server/ package Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) Fix issues with renaming container_delete to delete Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
2014-07-31 21:12:12 +00:00
}
Lock container when deleting its root directory Attempting to delete the directory while another goroutine is concurrently executing a CheckpointTo() can fail on Windows due to file locking. As all callers of CheckpointTo() are required to hold the container lock, holding the lock while deleting the directory ensures that there will be no interference. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-05-09 19:06:37 +00:00
// Hold the container lock while deleting the container root directory
// so that other goroutines don't attempt to concurrently open files
// within it. Having any file open on Windows (without the
// FILE_SHARE_DELETE flag) will block it from being deleted.
container.Lock()
err := containerfs.EnsureRemoveAll(container.Root)
container.Unlock()
if err != nil {
daemon.cleanupContainer() remove named return variable It only made the code more difficult to read, adding cognitive overload. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-25 11:36:38 +00:00
err = errors.Wrapf(err, "unable to remove filesystem for %s", container.ID)
container.SetRemovalError(err)
return err
Do not remove containers from memory on error Before this, if `forceRemove` is set the container data will be removed no matter what, including if there are issues with removing container on-disk state (rw layer, container root). In practice this causes a lot of issues with leaked data sitting on disk that users are not able to clean up themselves. This is particularly a problem while the `EBUSY` errors on remove are so prevalent. So for now let's not keep this behavior. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-02-14 18:35:20 +00:00
}
Remove links when remove container Steps to reproduce: ``` # docker run -tid --name aaa ubuntu 57bfd00ac5559f72eec8c1b32a01fe38427d66687940f74611e65137414f0ada # docker run -tid --name bbb --link aaa ubuntu 23ad18362950f39b638206ab4d1885fd4f50cbd1d16aac9cab8e97e0c8363471 # docker ps --no-trunc CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 23ad18362950f39b638206ab4d1885fd4f50cbd1d16aac9cab8e97e0c8363471 ubuntu "/bin/bash" 4 seconds ago Up 3 seconds bbb 57bfd00ac5559f72eec8c1b32a01fe38427d66687940f74611e65137414f0ada ubuntu "/bin/bash" 14 seconds ago Up 14 seconds aaa,bbb/aaa # docker rm -f bbb bbb # docker ps --no-trunc CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 57bfd00ac5559f72eec8c1b32a01fe38427d66687940f74611e65137414f0ada ubuntu "/bin/bash" 29 seconds ago Up 28 seconds aaa,bbb/aaa # docker rm --link bbb/aaa Error response from daemon: Cannot get parent /bbb for name /bbb/aaa ``` When we rm container `bbb`, we can still see `bbb/aaa` in `docker ps --no-trunc`. And this link cannot be deleted since container `bbb` has already been removed. We should remove links of a container when it is deleted. Signed-off-by: Yuanhong Peng <pengyuanhong@huawei.com>
2017-07-14 09:25:09 +00:00
linkNames := daemon.linkIndex.delete(container)
vendor: opencontainers/selinux v1.8.0, and remove selinux build-tag and stubs full diff: https://github.com/opencontainers/selinux/compare/v1.7.0...v1.8.0 Remove "selinux" build tag Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-14 10:46:58 +00:00
selinux.ReleaseLabel(container.ProcessLabel)
Do not remove containers from memory on error Before this, if `forceRemove` is set the container data will be removed no matter what, including if there are issues with removing container on-disk state (rw layer, container root). In practice this causes a lot of issues with leaked data sitting on disk that users are not able to clean up themselves. This is particularly a problem while the `EBUSY` errors on remove are so prevalent. So for now let's not keep this behavior. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-02-14 18:35:20 +00:00
daemon.containers.Delete(container.ID)
save deep copies of Container in the replica store Reuse existing structures and rely on json serialization to deep copy Container objects. Also consolidate all "save" operations on container.CheckpointTo, which now both saves a serialized json to disk, and replicates state to the ACID in-memory store. Signed-off-by: Fabio Kung <fabio.kung@gmail.com>
2017-03-27 17:18:53 +00:00
daemon.containersReplica.Delete(container)
daemon: cleanupContainer(): pass ContainerRmConfig as parameter We already have this config, so might as well pass it, instead of passing each option as a separate argument. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-20 22:14:25 +00:00
if err := daemon.removeMountPoints(container, config.RemoveVolume); err != nil {
Switch all logging to use containerd log pkg This unifies our logging and allows us to propagate logging and trace contexts together. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-06-23 00:33:17 +00:00
log.G(context.TODO()).Error(err)
Do not remove containers from memory on error Before this, if `forceRemove` is set the container data will be removed no matter what, including if there are issues with removing container on-disk state (rw layer, container root). In practice this causes a lot of issues with leaked data sitting on disk that users are not able to clean up themselves. This is particularly a problem while the `EBUSY` errors on remove are so prevalent. So for now let's not keep this behavior. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-02-14 18:35:20 +00:00
}
Remove links when remove container Steps to reproduce: ``` # docker run -tid --name aaa ubuntu 57bfd00ac5559f72eec8c1b32a01fe38427d66687940f74611e65137414f0ada # docker run -tid --name bbb --link aaa ubuntu 23ad18362950f39b638206ab4d1885fd4f50cbd1d16aac9cab8e97e0c8363471 # docker ps --no-trunc CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 23ad18362950f39b638206ab4d1885fd4f50cbd1d16aac9cab8e97e0c8363471 ubuntu "/bin/bash" 4 seconds ago Up 3 seconds bbb 57bfd00ac5559f72eec8c1b32a01fe38427d66687940f74611e65137414f0ada ubuntu "/bin/bash" 14 seconds ago Up 14 seconds aaa,bbb/aaa # docker rm -f bbb bbb # docker ps --no-trunc CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 57bfd00ac5559f72eec8c1b32a01fe38427d66687940f74611e65137414f0ada ubuntu "/bin/bash" 29 seconds ago Up 28 seconds aaa,bbb/aaa # docker rm --link bbb/aaa Error response from daemon: Cannot get parent /bbb for name /bbb/aaa ``` When we rm container `bbb`, we can still see `bbb/aaa` in `docker ps --no-trunc`. And this link cannot be deleted since container `bbb` has already been removed. We should remove links of a container when it is deleted. Signed-off-by: Yuanhong Peng <pengyuanhong@huawei.com>
2017-07-14 09:25:09 +00:00
for _, name := range linkNames {
daemon.releaseName(name)
}
Update Container Wait Backend This patch consolidates the two WaitStop and WaitWithContext methods on the container.State type. Now there is a single method, Wait, which takes a context and a bool specifying whether to wait for not just a container exit but also removal. The behavior has been changed slightly so that a wait call during a Created state will not return immediately but instead wait for the container to be started and then exited. The interface has been changed to no longer block, but instead returns a channel on which the caller can receive a *StateStatus value which indicates the ExitCode or an error if there was one (like a context timeout or state transition error). These changes have been propagated through the rest of the deamon to preserve all other existing behavior. Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2017-03-30 20:52:40 +00:00
container.SetRemoved()
Do not remove containers from memory on error Before this, if `forceRemove` is set the container data will be removed no matter what, including if there are issues with removing container on-disk state (rw layer, container root). In practice this causes a lot of issues with leaked data sitting on disk that users are not able to clean up themselves. This is particularly a problem while the `EBUSY` errors on remove are so prevalent. So for now let's not keep this behavior. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-02-14 18:35:20 +00:00
stateCtr.del(container.ID)
Update libcontainerd to use containerd 1.0 Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-09-22 13:52:41 +00:00
api/types/events: define "Action" type and consts Define consts for the Actions we use for events, instead of "ad-hoc" strings. Having these consts makes it easier to find where specific events are triggered, makes the events less error-prone, and allows documenting each Action (if needed). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-26 13:24:46 +00:00
daemon.LogContainerEvent(container, events.ActionDestroy)
Move "delete" to daemon/delete.go This is part of an effort to break apart the deprecated server/ package Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) Fix issues with renaming container_delete to delete Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
2014-07-31 21:12:12 +00:00
return nil
}
Reference in a new issue Copy permalink