beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
moby/daemon/info_unix.go

530 lines
16 KiB
Go
Raw Normal View History

Update to Go 1.17.0, and gofmt with Go 1.17 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-23 13:14:53 +00:00
//go:build !windows
Remove extra binaries commit variables from windows build Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-11-11 16:02:23 +00:00
Add canonical import comment Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-05 21:05:59 +00:00
package daemon // import "github.com/docker/docker/daemon"
Remove extra binaries commit variables from windows build Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-11-11 16:02:23 +00:00
import (
Use containerd API to get version The `docker info` code was shelling out to obtain the version of containerd (using the `--version` flag). Parsing the output of this version string is error-prone, and not needed, as the containerd API can return the version. This patch adds a `Version()` method to the containerd Client interface, and uses this to get the containerd version. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-11-03 00:21:18 +00:00
"context"
docker info: expose runtime features ("rro" mount mode, etc.) Fix issue 46580 ```console $ curl -s --unix-socket /var/run/docker.sock http://docker/v1.44/info | jq .Runtimes { "crun": { "path": "/usr/local/bin/crun", "status": { "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",...}" } }, "io.containerd.runc.v2": { "path": "runc", "status": { "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",...}" } }, "runc": { "path": "runc", "status": { "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",...}" } }, "runsc": { "path": "/usr/local/bin/runsc" } } ``` Co-authored-by: Sebastiaan van Stijn <github@gone.nl> Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-10-15 14:51:11 +00:00
"encoding/json"
Add "Warnings" to /info endpoint, and move detection to the daemon When requesting information about the daemon's configuration through the `/info` endpoint, missing features (or non-recommended settings) may have to be presented to the user. Detecting these situations, and printing warnings currently is handled by the cli, which results in some complications: - duplicated effort: each client has to re-implement detection and warnings. - it's not possible to generate warnings for reasons outside of the information returned in the `/info` response. - cli-side detection has to be updated for new conditions. This means that an older cli connecting to a new daemon may not print all warnings (due to it not detecting the new conditions) - some warnings (in particular, warnings about storage-drivers) depend on driver-status (`DriverStatus`) information. The format of the information returned in this field is not part of the API specification and can change over time, resulting in cli-side detection no longer being functional. This patch adds a new `Warnings` field to the `/info` response. This field is to return warnings to be presented by the user. Existing warnings that are currently handled by the CLI are copied to the daemon as part of this patch; This change is backward-compatible with existing clients; old client can continue to use the client-side warnings, whereas new clients can skip client-side detection, and print warnings that are returned by the daemon. Example response with this patch applied; ```bash curl --unix-socket /var/run/docker.sock http://localhost/info | jq .Warnings ``` ```json [ "WARNING: bridge-nf-call-iptables is disabled", "WARNING: bridge-nf-call-ip6tables is disabled" ] ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-19 11:45:32 +00:00
"fmt"
pkg/rootless: remove GetRootlessKitClient, and move to daemon This utility was only used in a single location (as part of `docker info`), but the `pkg/rootless` package is imported in various locations, causing rootlesskit to be a dependency for consumers of that package. Move GetRootlessKitClient to the daemon code, which is the only location it was used. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-12 11:44:30 +00:00
"os"
Remove extra binaries commit variables from windows build Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-11-11 16:02:23 +00:00
"os/exec"
Add containerd, runc, and docker-init versions to /version This patch adds version information about the containerd, runc, and docker-init components to the /version endpoint. With this patch applied, running: ``` curl --unix-socket /var/run/docker.sock http://localhost/version | jq . ``` Will produce this response: ```json { "Platform": { "Name": "" }, "Components": [ { "Name": "Engine", "Version": "dev", "Details": { "ApiVersion": "1.40", "Arch": "amd64", "BuildTime": "2018-11-08T10:23:42.000000000+00:00", "Experimental": "false", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "KernelVersion": "4.9.93-linuxkit-aufs", "MinAPIVersion": "1.12", "Os": "linux" } }, { "Name": "containerd", "Version": "v1.1.4", "Details": { "GitCommit": "9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b" } }, { "Name": "runc", "Version": "1.0.0-rc5+dev", "Details": { "GitCommit": "a00bf0190895aa465a5fbed0268888e2c8ddfe85" } }, { "Name": "docker-init", "Version": "0.18.0", "Details": { "GitCommit": "fec3683" } } ], "Version": "dev", "ApiVersion": "1.40", "MinAPIVersion": "1.12", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "Os": "linux", "Arch": "amd64", "KernelVersion": "4.9.93-linuxkit-aufs", "BuildTime": "2018-11-08T10:23:42.000000000+00:00" } ``` When using a recent version of the CLI, that information is included in the output of `docker version`: ``` Client: Docker Engine - Community Version: 18.09.0 API version: 1.39 Go version: go1.10.4 Git commit: 4d60db4 Built: Wed Nov 7 00:46:51 2018 OS/Arch: linux/amd64 Experimental: false Server: Engine: Version: dev API version: 1.40 (minimum version 1.12) Go version: go1.11.2 Git commit: 7d02782d2f Built: Thu Nov 8 10:23:42 2018 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.1.4 GitCommit: 9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b runc: Version: 1.0.0-rc5+dev GitCommit: a00bf0190895aa465a5fbed0268888e2c8ddfe85 docker-init: Version: 0.18.0 GitCommit: fec3683 ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-05 10:30:10 +00:00
"path/filepath"
Remove extra binaries commit variables from windows build Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-11-11 16:02:23 +00:00
"strings"
daemon: consolidate runtimes config validation The daemon has made a habit of mutating the DefaultRuntime and Runtimes values in the Config struct to merge defaults. This would be fine if it was a part of the regular configuration loading and merging process, as is done with other config options. The trouble is it does so in surprising places, such as in functions with 'verify' or 'validate' in their name. It has been necessary in order to validate that the user has not defined a custom runtime named "runc" which would shadow the built-in runtime of the same name. Other daemon code depends on the runtime named "runc" always being defined in the config, but merging it with the user config at the same time as the other defaults are merged would trip the validation. The root of the issue is that the daemon has used the same config values for both validating the daemon runtime configuration as supplied by the user and for keeping track of which runtimes have been set up by the daemon. Now that a completely separate value is used for the latter purpose, surprising contortions are no longer required to make the validation work as intended. Consolidate the validation of the runtimes config and merging of the built-in runtimes into the daemon.setupRuntimes() function. Set the result of merging the built-in runtimes config and default default runtime on the returned runtimes struct, without back-propagating it onto the config.Config argument. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-31 21:24:22 +00:00
v2runcoptions "github.com/containerd/containerd/runtime/v2/runc/options"
migrate to github.com/containerd/log v0.1.0 The github.com/containerd/containerd/log package was moved to a separate module, which will also be used by upcoming (patch) releases of containerd. This patch moves our own uses of the package to use the new module. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-13 15:41:45 +00:00
"github.com/containerd/log"
Remove extra binaries commit variables from windows build Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-11-11 16:02:23 +00:00
"github.com/docker/docker/api/types"
Make cgroup namespaces configurable This adds both a daemon-wide flag and a container creation property: - Set the `CgroupnsMode: "host|private"` HostConfig property at container creation time to control what cgroup namespace the container is created in - Set the `--default-cgroupns-mode=host|private` daemon flag to control what cgroup namespace containers are created in by default - Set the default if the daemon flag is unset to "host", for backward compatibility - Default to CgroupnsMode: "host" for client versions < 1.40 Signed-off-by: Rob Gulewich <rgulewich@netflix.com>
2019-03-15 03:44:18 +00:00
containertypes "github.com/docker/docker/api/types/container"
api/types: move system info types to api/types/system Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-03 11:14:14 +00:00
"github.com/docker/docker/api/types/system"
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
"github.com/docker/docker/daemon/config"
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
"github.com/docker/docker/errdefs"
rootless: move ./rootless to ./pkg/rootless Signed-off-by: Jan Garcia <github-public@n-garcia.com>
2023-01-03 12:08:40 +00:00
"github.com/docker/docker/pkg/rootless"
Remove extra binaries commit variables from windows build Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-11-11 16:02:23 +00:00
"github.com/docker/docker/pkg/sysinfo"
Refactor "init" version parsing, and add unit-test Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-03-29 11:44:14 +00:00
"github.com/pkg/errors"
vendor.mod: github.com/rootless-containers/rootlesskit/v2 v2.0.0 https://github.com/rootless-containers/rootlesskit/releases/tag/v2.0.0 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2024-01-15 01:59:33 +00:00
rkclient "github.com/rootless-containers/rootlesskit/v2/pkg/api/client"
Remove extra binaries commit variables from windows build Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-11-11 16:02:23 +00:00
)
Unexport daemon.FillPlatformInfo Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 11:14:45 +00:00
// fillPlatformInfo fills the platform related info.
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
func (daemon *Daemon) fillPlatformInfo(ctx context.Context, v *system.Info, sysInfo *sysinfo.SysInfo, cfg *configStore) error {
daemon: consolidate runtimes config validation The daemon has made a habit of mutating the DefaultRuntime and Runtimes values in the Config struct to merge defaults. This would be fine if it was a part of the regular configuration loading and merging process, as is done with other config options. The trouble is it does so in surprising places, such as in functions with 'verify' or 'validate' in their name. It has been necessary in order to validate that the user has not defined a custom runtime named "runc" which would shadow the built-in runtime of the same name. Other daemon code depends on the runtime named "runc" always being defined in the config, but merging it with the user config at the same time as the other defaults are merged would trip the validation. The root of the issue is that the daemon has used the same config values for both validating the daemon runtime configuration as supplied by the user and for keeping track of which runtimes have been set up by the daemon. Now that a completely separate value is used for the latter purpose, surprising contortions are no longer required to make the validation work as intended. Consolidate the validation of the runtimes config and merging of the built-in runtimes into the daemon.setupRuntimes() function. Set the result of merging the built-in runtimes config and default default runtime on the returned runtimes struct, without back-propagating it onto the config.Config argument. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-31 21:24:22 +00:00
v.CgroupDriver = cgroupDriver(&cfg.Config)
cgroup2: implement `docker info` ref: https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-03-10 12:09:25 +00:00
v.CgroupVersion = "1"
if sysInfo.CgroupUnified {
v.CgroupVersion = "2"
}
info: unset cgroup-related fields when CgroupDriver == none Fix issue 42151 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-03-16 07:17:22 +00:00
if v.CgroupDriver != cgroupNoneDriver {
v.MemoryLimit = sysInfo.MemoryLimit
v.SwapLimit = sysInfo.SwapLimit
v.KernelMemory = sysInfo.KernelMemory
v.KernelMemoryTCP = sysInfo.KernelMemoryTCP
v.OomKillDisable = sysInfo.OomKillDisable
v.CPUCfsPeriod = sysInfo.CPUCfs
v.CPUCfsQuota = sysInfo.CPUCfs
v.CPUShares = sysInfo.CPUShares
v.CPUSet = sysInfo.Cpuset
v.PidsLimit = sysInfo.PidsLimit
}
docker info: expose runtime features ("rro" mount mode, etc.) Fix issue 46580 ```console $ curl -s --unix-socket /var/run/docker.sock http://docker/v1.44/info | jq .Runtimes { "crun": { "path": "/usr/local/bin/crun", "status": { "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",...}" } }, "io.containerd.runc.v2": { "path": "runc", "status": { "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",...}" } }, "runc": { "path": "runc", "status": { "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",...}" } }, "runsc": { "path": "/usr/local/bin/runsc" } } ``` Co-authored-by: Sebastiaan van Stijn <github@gone.nl> Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-10-15 14:51:11 +00:00
v.Runtimes = make(map[string]system.RuntimeWithStatus)
daemon: consolidate runtimes config validation The daemon has made a habit of mutating the DefaultRuntime and Runtimes values in the Config struct to merge defaults. This would be fine if it was a part of the regular configuration loading and merging process, as is done with other config options. The trouble is it does so in surprising places, such as in functions with 'verify' or 'validate' in their name. It has been necessary in order to validate that the user has not defined a custom runtime named "runc" which would shadow the built-in runtime of the same name. Other daemon code depends on the runtime named "runc" always being defined in the config, but merging it with the user config at the same time as the other defaults are merged would trip the validation. The root of the issue is that the daemon has used the same config values for both validating the daemon runtime configuration as supplied by the user and for keeping track of which runtimes have been set up by the daemon. Now that a completely separate value is used for the latter purpose, surprising contortions are no longer required to make the validation work as intended. Consolidate the validation of the runtimes config and merging of the built-in runtimes into the daemon.setupRuntimes() function. Set the result of merging the built-in runtimes config and default default runtime on the returned runtimes struct, without back-propagating it onto the config.Config argument. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-31 21:24:22 +00:00
for n, p := range stockRuntimes() {
docker info: expose runtime features ("rro" mount mode, etc.) Fix issue 46580 ```console $ curl -s --unix-socket /var/run/docker.sock http://docker/v1.44/info | jq .Runtimes { "crun": { "path": "/usr/local/bin/crun", "status": { "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",...}" } }, "io.containerd.runc.v2": { "path": "runc", "status": { "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",...}" } }, "runc": { "path": "runc", "status": { "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",...}" } }, "runsc": { "path": "/usr/local/bin/runsc" } } ``` Co-authored-by: Sebastiaan van Stijn <github@gone.nl> Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-10-15 14:51:11 +00:00
v.Runtimes[n] = system.RuntimeWithStatus{
Runtime: system.Runtime{
Path: p,
},
Status: daemon.runtimeStatus(ctx, cfg, n),
}
daemon: consolidate runtimes config validation The daemon has made a habit of mutating the DefaultRuntime and Runtimes values in the Config struct to merge defaults. This would be fine if it was a part of the regular configuration loading and merging process, as is done with other config options. The trouble is it does so in surprising places, such as in functions with 'verify' or 'validate' in their name. It has been necessary in order to validate that the user has not defined a custom runtime named "runc" which would shadow the built-in runtime of the same name. Other daemon code depends on the runtime named "runc" always being defined in the config, but merging it with the user config at the same time as the other defaults are merged would trip the validation. The root of the issue is that the daemon has used the same config values for both validating the daemon runtime configuration as supplied by the user and for keeping track of which runtimes have been set up by the daemon. Now that a completely separate value is used for the latter purpose, surprising contortions are no longer required to make the validation work as intended. Consolidate the validation of the runtimes config and merging of the built-in runtimes into the daemon.setupRuntimes() function. Set the result of merging the built-in runtimes config and default default runtime on the returned runtimes struct, without back-propagating it onto the config.Config argument. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-31 21:24:22 +00:00
}
for n, r := range cfg.Config.Runtimes {
docker info: expose runtime features ("rro" mount mode, etc.) Fix issue 46580 ```console $ curl -s --unix-socket /var/run/docker.sock http://docker/v1.44/info | jq .Runtimes { "crun": { "path": "/usr/local/bin/crun", "status": { "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",...}" } }, "io.containerd.runc.v2": { "path": "runc", "status": { "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",...}" } }, "runc": { "path": "runc", "status": { "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",...}" } }, "runsc": { "path": "/usr/local/bin/runsc" } } ``` Co-authored-by: Sebastiaan van Stijn <github@gone.nl> Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-10-15 14:51:11 +00:00
v.Runtimes[n] = system.RuntimeWithStatus{
Runtime: system.Runtime{
Path: r.Path,
Args: append([]string(nil), r.Args...),
},
Status: daemon.runtimeStatus(ctx, cfg, n),
daemon: reload runtimes w/o breaking containers The existing runtimes reload logic went to great lengths to replace the directory containing runtime wrapper scripts as atomically as possible within the limitations of the Linux filesystem ABI. Trouble is, atomically swapping the wrapper scripts directory solves the wrong problem! The runtime configuration is "locked in" when a container is started, including the path to the runC binary. If a container is started with a runtime which requires a daemon-managed wrapper script and then the daemon is reloaded with a config which no longer requires the wrapper script (i.e. some args -> no args, or the runtime is dropped from the config), that container would become unmanageable. Any attempts to stop, exec or otherwise perform lifecycle management operations on the container are likely to fail due to the wrapper script no longer existing at its original path. Atomically swapping the wrapper scripts is also incompatible with the read-copy-update paradigm for reloading configuration. A handler in the daemon could retain a reference to the pre-reload configuration for an indeterminate amount of time after the daemon configuration has been reloaded and updated. It is possible for the daemon to attempt to start a container using a deleted wrapper script if a request to run a container races a reload. Solve the problem of deleting referenced wrapper scripts by ensuring that all wrapper scripts are *immutable* for the lifetime of the daemon process. Any given runtime wrapper script must always exist with the same contents, no matter how many times the daemon config is reloaded, or what changes are made to the config. This is accomplished by using everyone's favourite design pattern: content-addressable storage. Each wrapper script file name is suffixed with the SHA-256 digest of its contents to (probabilistically) guarantee immutability without needing any concurrency control. Stale runtime wrapper scripts are only cleaned up on the next daemon restart. Split the derived runtimes configuration from the user-supplied configuration to have a place to store derived state without mutating the user-supplied configuration or exposing daemon internals in API struct types. Hold the derived state and the user-supplied configuration in a single struct value so that they can be updated as an atomic unit. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-31 20:12:30 +00:00
}
}
daemon: consolidate runtimes config validation The daemon has made a habit of mutating the DefaultRuntime and Runtimes values in the Config struct to merge defaults. This would be fine if it was a part of the regular configuration loading and merging process, as is done with other config options. The trouble is it does so in surprising places, such as in functions with 'verify' or 'validate' in their name. It has been necessary in order to validate that the user has not defined a custom runtime named "runc" which would shadow the built-in runtime of the same name. Other daemon code depends on the runtime named "runc" always being defined in the config, but merging it with the user config at the same time as the other defaults are merged would trip the validation. The root of the issue is that the daemon has used the same config values for both validating the daemon runtime configuration as supplied by the user and for keeping track of which runtimes have been set up by the daemon. Now that a completely separate value is used for the latter purpose, surprising contortions are no longer required to make the validation work as intended. Consolidate the validation of the runtimes config and merging of the built-in runtimes into the daemon.setupRuntimes() function. Set the result of merging the built-in runtimes config and default default runtime on the returned runtimes struct, without back-propagating it onto the config.Config argument. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-31 21:24:22 +00:00
v.DefaultRuntime = cfg.Runtimes.Default
info: remove "expected" check for tini version These checks were added when we required a specific version of containerd and runc (different versions were known to be incompatible). I don't think we had a similar requirement for tini, so this check was redundant. Let's remove the check altogether. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-23 11:19:31 +00:00
v.RuncCommit.ID = "N/A"
v.ContainerdCommit.ID = "N/A"
v.InitCommit.ID = "N/A"
Remove extra binaries commit variables from windows build Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-11-11 16:02:23 +00:00
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
if err := populateRuncCommit(&v.RuncCommit, cfg); err != nil {
log.G(ctx).WithError(err).Warn("Failed to retrieve default runtime version")
Remove extra binaries commit variables from windows build Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-11-11 16:02:23 +00:00
}
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
if err := daemon.populateContainerdCommit(ctx, &v.ContainerdCommit); err != nil {
return err
Update libcontainerd to use containerd 1.0 Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-09-22 13:52:41 +00:00
}
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
if err := daemon.populateInitCommit(ctx, v, cfg); err != nil {
return err
Remove extra binaries commit variables from windows build Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-11-11 16:02:23 +00:00
}
Add "Warnings" to /info endpoint, and move detection to the daemon When requesting information about the daemon's configuration through the `/info` endpoint, missing features (or non-recommended settings) may have to be presented to the user. Detecting these situations, and printing warnings currently is handled by the cli, which results in some complications: - duplicated effort: each client has to re-implement detection and warnings. - it's not possible to generate warnings for reasons outside of the information returned in the `/info` response. - cli-side detection has to be updated for new conditions. This means that an older cli connecting to a new daemon may not print all warnings (due to it not detecting the new conditions) - some warnings (in particular, warnings about storage-drivers) depend on driver-status (`DriverStatus`) information. The format of the information returned in this field is not part of the API specification and can change over time, resulting in cli-side detection no longer being functional. This patch adds a new `Warnings` field to the `/info` response. This field is to return warnings to be presented by the user. Existing warnings that are currently handled by the CLI are copied to the daemon as part of this patch; This change is backward-compatible with existing clients; old client can continue to use the client-side warnings, whereas new clients can skip client-side detection, and print warnings that are returned by the daemon. Example response with this patch applied; ```bash curl --unix-socket /var/run/docker.sock http://localhost/info | jq .Warnings ``` ```json [ "WARNING: bridge-nf-call-iptables is disabled", "WARNING: bridge-nf-call-ip6tables is disabled" ] ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-19 11:45:32 +00:00
info: remove "expected" check for tini version These checks were added when we required a specific version of containerd and runc (different versions were known to be incompatible). I don't think we had a similar requirement for tini, so this check was redundant. Let's remove the check altogether. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-23 11:19:31 +00:00
// Set expected and actual commits to the same value to prevent the client
// showing that the version does not match the "expected" version/commit.
cgroup2: implement `docker info` ref: https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-03-10 12:09:25 +00:00
if v.CgroupDriver == cgroupNoneDriver {
if v.CgroupVersion == "2" {
info: improve "WARNING: Running in rootless-mode without cgroup" The cgroup v2 mode uses systemd driver by default. Suggesting to set exec-opt "native.cgroupdriver=systemd" isn't meaningful. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-06-26 08:57:03 +00:00
v.Warnings = append(v.Warnings, "WARNING: Running in rootless-mode without cgroups. Systemd is required to enable cgroups in rootless-mode.")
cgroup2: implement `docker info` ref: https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-03-10 12:09:25 +00:00
} else {
info: improve "WARNING: Running in rootless-mode without cgroup" The cgroup v2 mode uses systemd driver by default. Suggesting to set exec-opt "native.cgroupdriver=systemd" isn't meaningful. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-06-26 08:57:03 +00:00
v.Warnings = append(v.Warnings, "WARNING: Running in rootless-mode without cgroups. To enable cgroups in rootless-mode, you need to boot the system in cgroup v2 mode.")
cgroup2: implement `docker info` ref: https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-03-10 12:09:25 +00:00
}
} else {
if !v.MemoryLimit {
v.Warnings = append(v.Warnings, "WARNING: No memory limit support")
}
if !v.SwapLimit {
v.Warnings = append(v.Warnings, "WARNING: No swap limit support")
}
docker info: silence unhandleable warnings The following warnings in `docker info` are now discarded, because there is no action user can actually take. On cgroup v1: - "WARNING: No blkio weight support" - "WARNING: No blkio weight_device support" On cgroup v2: - "WARNING: No kernel memory TCP limit support" - "WARNING: No oom kill disable support" `docker run` still prints warnings when the missing feature is being attempted to use. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-01-19 06:07:08 +00:00
if !v.KernelMemoryTCP && v.CgroupVersion == "1" {
// kernel memory is not available for cgroup v2.
// Warning is not printed on cgroup v2, because there is no action user can take.
cgroup2: implement `docker info` ref: https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-03-10 12:09:25 +00:00
v.Warnings = append(v.Warnings, "WARNING: No kernel memory TCP limit support")
}
docker info: silence unhandleable warnings The following warnings in `docker info` are now discarded, because there is no action user can actually take. On cgroup v1: - "WARNING: No blkio weight support" - "WARNING: No blkio weight_device support" On cgroup v2: - "WARNING: No kernel memory TCP limit support" - "WARNING: No oom kill disable support" `docker run` still prints warnings when the missing feature is being attempted to use. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-01-19 06:07:08 +00:00
if !v.OomKillDisable && v.CgroupVersion == "1" {
// oom kill disable is not available for cgroup v2.
// Warning is not printed on cgroup v2, because there is no action user can take.
cgroup2: implement `docker info` ref: https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-03-10 12:09:25 +00:00
v.Warnings = append(v.Warnings, "WARNING: No oom kill disable support")
}
if !v.CPUCfsQuota {
v.Warnings = append(v.Warnings, "WARNING: No cpu cfs quota support")
}
if !v.CPUCfsPeriod {
v.Warnings = append(v.Warnings, "WARNING: No cpu cfs period support")
}
if !v.CPUShares {
v.Warnings = append(v.Warnings, "WARNING: No cpu shares support")
}
if !v.CPUSet {
v.Warnings = append(v.Warnings, "WARNING: No cpuset support")
}
info: add warnings about missing blkio cgroup support These warnings were only logged, and could therefore be overlooked by users. This patch makes these more visible by returning them as warnings in the API response. We should probably consider adding "boolean" (?) fields for these as well, so that they can be consumed in other ways. In addition, some of these warnings could potentially be grouped to reduce the number of warnings that are printed. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-08 15:16:01 +00:00
// TODO add fields for these options in types.Info
docker info: silence unhandleable warnings The following warnings in `docker info` are now discarded, because there is no action user can actually take. On cgroup v1: - "WARNING: No blkio weight support" - "WARNING: No blkio weight_device support" On cgroup v2: - "WARNING: No kernel memory TCP limit support" - "WARNING: No oom kill disable support" `docker run` still prints warnings when the missing feature is being attempted to use. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-01-19 06:07:08 +00:00
if !sysInfo.BlkioWeight && v.CgroupVersion == "2" {
// blkio weight is not available on cgroup v1 since kernel 5.0.
// Warning is not printed on cgroup v1, because there is no action user can take.
// On cgroup v2, blkio weight is implemented using io.weight
docker info: adjust warning strings for cgroup v2 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-01-20 04:42:32 +00:00
v.Warnings = append(v.Warnings, "WARNING: No io.weight support")
info: add warnings about missing blkio cgroup support These warnings were only logged, and could therefore be overlooked by users. This patch makes these more visible by returning them as warnings in the API response. We should probably consider adding "boolean" (?) fields for these as well, so that they can be consumed in other ways. In addition, some of these warnings could potentially be grouped to reduce the number of warnings that are printed. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-08 15:16:01 +00:00
}
docker info: silence unhandleable warnings The following warnings in `docker info` are now discarded, because there is no action user can actually take. On cgroup v1: - "WARNING: No blkio weight support" - "WARNING: No blkio weight_device support" On cgroup v2: - "WARNING: No kernel memory TCP limit support" - "WARNING: No oom kill disable support" `docker run` still prints warnings when the missing feature is being attempted to use. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-01-19 06:07:08 +00:00
if !sysInfo.BlkioWeightDevice && v.CgroupVersion == "2" {
docker info: adjust warning strings for cgroup v2 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-01-20 04:42:32 +00:00
v.Warnings = append(v.Warnings, "WARNING: No io.weight (per device) support")
info: add warnings about missing blkio cgroup support These warnings were only logged, and could therefore be overlooked by users. This patch makes these more visible by returning them as warnings in the API response. We should probably consider adding "boolean" (?) fields for these as well, so that they can be consumed in other ways. In addition, some of these warnings could potentially be grouped to reduce the number of warnings that are printed. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-08 15:16:01 +00:00
}
if !sysInfo.BlkioReadBpsDevice {
docker info: adjust warning strings for cgroup v2 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-01-20 04:42:32 +00:00
if v.CgroupVersion == "2" {
v.Warnings = append(v.Warnings, "WARNING: No io.max (rbps) support")
} else {
v.Warnings = append(v.Warnings, "WARNING: No blkio throttle.read_bps_device support")
}
info: add warnings about missing blkio cgroup support These warnings were only logged, and could therefore be overlooked by users. This patch makes these more visible by returning them as warnings in the API response. We should probably consider adding "boolean" (?) fields for these as well, so that they can be consumed in other ways. In addition, some of these warnings could potentially be grouped to reduce the number of warnings that are printed. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-08 15:16:01 +00:00
}
if !sysInfo.BlkioWriteBpsDevice {
docker info: adjust warning strings for cgroup v2 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-01-20 04:42:32 +00:00
if v.CgroupVersion == "2" {
v.Warnings = append(v.Warnings, "WARNING: No io.max (wbps) support")
} else {
v.Warnings = append(v.Warnings, "WARNING: No blkio throttle.write_bps_device support")
}
info: add warnings about missing blkio cgroup support These warnings were only logged, and could therefore be overlooked by users. This patch makes these more visible by returning them as warnings in the API response. We should probably consider adding "boolean" (?) fields for these as well, so that they can be consumed in other ways. In addition, some of these warnings could potentially be grouped to reduce the number of warnings that are printed. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-08 15:16:01 +00:00
}
if !sysInfo.BlkioReadIOpsDevice {
docker info: adjust warning strings for cgroup v2 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-01-20 04:42:32 +00:00
if v.CgroupVersion == "2" {
v.Warnings = append(v.Warnings, "WARNING: No io.max (riops) support")
} else {
v.Warnings = append(v.Warnings, "WARNING: No blkio throttle.read_iops_device support")
}
info: add warnings about missing blkio cgroup support These warnings were only logged, and could therefore be overlooked by users. This patch makes these more visible by returning them as warnings in the API response. We should probably consider adding "boolean" (?) fields for these as well, so that they can be consumed in other ways. In addition, some of these warnings could potentially be grouped to reduce the number of warnings that are printed. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-08 15:16:01 +00:00
}
if !sysInfo.BlkioWriteIOpsDevice {
docker info: adjust warning strings for cgroup v2 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-01-20 04:42:32 +00:00
if v.CgroupVersion == "2" {
v.Warnings = append(v.Warnings, "WARNING: No io.max (wiops) support")
} else {
v.Warnings = append(v.Warnings, "WARNING: No blkio throttle.write_iops_device support")
}
info: add warnings about missing blkio cgroup support These warnings were only logged, and could therefore be overlooked by users. This patch makes these more visible by returning them as warnings in the API response. We should probably consider adding "boolean" (?) fields for these as well, so that they can be consumed in other ways. In addition, some of these warnings could potentially be grouped to reduce the number of warnings that are printed. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-08 15:16:01 +00:00
}
Add "Warnings" to /info endpoint, and move detection to the daemon When requesting information about the daemon's configuration through the `/info` endpoint, missing features (or non-recommended settings) may have to be presented to the user. Detecting these situations, and printing warnings currently is handled by the cli, which results in some complications: - duplicated effort: each client has to re-implement detection and warnings. - it's not possible to generate warnings for reasons outside of the information returned in the `/info` response. - cli-side detection has to be updated for new conditions. This means that an older cli connecting to a new daemon may not print all warnings (due to it not detecting the new conditions) - some warnings (in particular, warnings about storage-drivers) depend on driver-status (`DriverStatus`) information. The format of the information returned in this field is not part of the API specification and can change over time, resulting in cli-side detection no longer being functional. This patch adds a new `Warnings` field to the `/info` response. This field is to return warnings to be presented by the user. Existing warnings that are currently handled by the CLI are copied to the daemon as part of this patch; This change is backward-compatible with existing clients; old client can continue to use the client-side warnings, whereas new clients can skip client-side detection, and print warnings that are returned by the daemon. Example response with this patch applied; ```bash curl --unix-socket /var/run/docker.sock http://localhost/info | jq .Warnings ``` ```json [ "WARNING: bridge-nf-call-iptables is disabled", "WARNING: bridge-nf-call-ip6tables is disabled" ] ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-19 11:45:32 +00:00
}
if !v.IPv4Forwarding {
v.Warnings = append(v.Warnings, "WARNING: IPv4 forwarding is disabled")
}
if !v.BridgeNfIptables {
v.Warnings = append(v.Warnings, "WARNING: bridge-nf-call-iptables is disabled")
}
if !v.BridgeNfIP6tables {
v.Warnings = append(v.Warnings, "WARNING: bridge-nf-call-ip6tables is disabled")
}
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
return nil
Add "Warnings" to /info endpoint, and move detection to the daemon When requesting information about the daemon's configuration through the `/info` endpoint, missing features (or non-recommended settings) may have to be presented to the user. Detecting these situations, and printing warnings currently is handled by the cli, which results in some complications: - duplicated effort: each client has to re-implement detection and warnings. - it's not possible to generate warnings for reasons outside of the information returned in the `/info` response. - cli-side detection has to be updated for new conditions. This means that an older cli connecting to a new daemon may not print all warnings (due to it not detecting the new conditions) - some warnings (in particular, warnings about storage-drivers) depend on driver-status (`DriverStatus`) information. The format of the information returned in this field is not part of the API specification and can change over time, resulting in cli-side detection no longer being functional. This patch adds a new `Warnings` field to the `/info` response. This field is to return warnings to be presented by the user. Existing warnings that are currently handled by the CLI are copied to the daemon as part of this patch; This change is backward-compatible with existing clients; old client can continue to use the client-side warnings, whereas new clients can skip client-side detection, and print warnings that are returned by the daemon. Example response with this patch applied; ```bash curl --unix-socket /var/run/docker.sock http://localhost/info | jq .Warnings ``` ```json [ "WARNING: bridge-nf-call-iptables is disabled", "WARNING: bridge-nf-call-ip6tables is disabled" ] ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-19 11:45:32 +00:00
}
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
func (daemon *Daemon) fillPlatformVersion(ctx context.Context, v *types.Version, cfg *configStore) error {
if err := daemon.populateContainerdVersion(ctx, v); err != nil {
return err
Add containerd, runc, and docker-init versions to /version This patch adds version information about the containerd, runc, and docker-init components to the /version endpoint. With this patch applied, running: ``` curl --unix-socket /var/run/docker.sock http://localhost/version | jq . ``` Will produce this response: ```json { "Platform": { "Name": "" }, "Components": [ { "Name": "Engine", "Version": "dev", "Details": { "ApiVersion": "1.40", "Arch": "amd64", "BuildTime": "2018-11-08T10:23:42.000000000+00:00", "Experimental": "false", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "KernelVersion": "4.9.93-linuxkit-aufs", "MinAPIVersion": "1.12", "Os": "linux" } }, { "Name": "containerd", "Version": "v1.1.4", "Details": { "GitCommit": "9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b" } }, { "Name": "runc", "Version": "1.0.0-rc5+dev", "Details": { "GitCommit": "a00bf0190895aa465a5fbed0268888e2c8ddfe85" } }, { "Name": "docker-init", "Version": "0.18.0", "Details": { "GitCommit": "fec3683" } } ], "Version": "dev", "ApiVersion": "1.40", "MinAPIVersion": "1.12", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "Os": "linux", "Arch": "amd64", "KernelVersion": "4.9.93-linuxkit-aufs", "BuildTime": "2018-11-08T10:23:42.000000000+00:00" } ``` When using a recent version of the CLI, that information is included in the output of `docker version`: ``` Client: Docker Engine - Community Version: 18.09.0 API version: 1.39 Go version: go1.10.4 Git commit: 4d60db4 Built: Wed Nov 7 00:46:51 2018 OS/Arch: linux/amd64 Experimental: false Server: Engine: Version: dev API version: 1.40 (minimum version 1.12) Go version: go1.11.2 Git commit: 7d02782d2f Built: Thu Nov 8 10:23:42 2018 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.1.4 GitCommit: 9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b runc: Version: 1.0.0-rc5+dev GitCommit: a00bf0190895aa465a5fbed0268888e2c8ddfe85 docker-init: Version: 0.18.0 GitCommit: fec3683 ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-05 10:30:10 +00:00
}
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
if err := populateRuncVersion(cfg, v); err != nil {
log.G(ctx).WithError(err).Warn("Failed to retrieve default runtime version")
}
if err := populateInitVersion(ctx, cfg, v); err != nil {
return err
}
if err := daemon.fillRootlessVersion(ctx, v); err != nil {
if errdefs.IsContext(err) {
return err
Add containerd, runc, and docker-init versions to /version This patch adds version information about the containerd, runc, and docker-init components to the /version endpoint. With this patch applied, running: ``` curl --unix-socket /var/run/docker.sock http://localhost/version | jq . ``` Will produce this response: ```json { "Platform": { "Name": "" }, "Components": [ { "Name": "Engine", "Version": "dev", "Details": { "ApiVersion": "1.40", "Arch": "amd64", "BuildTime": "2018-11-08T10:23:42.000000000+00:00", "Experimental": "false", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "KernelVersion": "4.9.93-linuxkit-aufs", "MinAPIVersion": "1.12", "Os": "linux" } }, { "Name": "containerd", "Version": "v1.1.4", "Details": { "GitCommit": "9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b" } }, { "Name": "runc", "Version": "1.0.0-rc5+dev", "Details": { "GitCommit": "a00bf0190895aa465a5fbed0268888e2c8ddfe85" } }, { "Name": "docker-init", "Version": "0.18.0", "Details": { "GitCommit": "fec3683" } } ], "Version": "dev", "ApiVersion": "1.40", "MinAPIVersion": "1.12", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "Os": "linux", "Arch": "amd64", "KernelVersion": "4.9.93-linuxkit-aufs", "BuildTime": "2018-11-08T10:23:42.000000000+00:00" } ``` When using a recent version of the CLI, that information is included in the output of `docker version`: ``` Client: Docker Engine - Community Version: 18.09.0 API version: 1.39 Go version: go1.10.4 Git commit: 4d60db4 Built: Wed Nov 7 00:46:51 2018 OS/Arch: linux/amd64 Experimental: false Server: Engine: Version: dev API version: 1.40 (minimum version 1.12) Go version: go1.11.2 Git commit: 7d02782d2f Built: Thu Nov 8 10:23:42 2018 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.1.4 GitCommit: 9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b runc: Version: 1.0.0-rc5+dev GitCommit: a00bf0190895aa465a5fbed0268888e2c8ddfe85 docker-init: Version: 0.18.0 GitCommit: fec3683 ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-05 10:30:10 +00:00
}
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
log.G(ctx).WithError(err).Warn("Failed to fill rootless version")
Add containerd, runc, and docker-init versions to /version This patch adds version information about the containerd, runc, and docker-init components to the /version endpoint. With this patch applied, running: ``` curl --unix-socket /var/run/docker.sock http://localhost/version | jq . ``` Will produce this response: ```json { "Platform": { "Name": "" }, "Components": [ { "Name": "Engine", "Version": "dev", "Details": { "ApiVersion": "1.40", "Arch": "amd64", "BuildTime": "2018-11-08T10:23:42.000000000+00:00", "Experimental": "false", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "KernelVersion": "4.9.93-linuxkit-aufs", "MinAPIVersion": "1.12", "Os": "linux" } }, { "Name": "containerd", "Version": "v1.1.4", "Details": { "GitCommit": "9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b" } }, { "Name": "runc", "Version": "1.0.0-rc5+dev", "Details": { "GitCommit": "a00bf0190895aa465a5fbed0268888e2c8ddfe85" } }, { "Name": "docker-init", "Version": "0.18.0", "Details": { "GitCommit": "fec3683" } } ], "Version": "dev", "ApiVersion": "1.40", "MinAPIVersion": "1.12", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "Os": "linux", "Arch": "amd64", "KernelVersion": "4.9.93-linuxkit-aufs", "BuildTime": "2018-11-08T10:23:42.000000000+00:00" } ``` When using a recent version of the CLI, that information is included in the output of `docker version`: ``` Client: Docker Engine - Community Version: 18.09.0 API version: 1.39 Go version: go1.10.4 Git commit: 4d60db4 Built: Wed Nov 7 00:46:51 2018 OS/Arch: linux/amd64 Experimental: false Server: Engine: Version: dev API version: 1.40 (minimum version 1.12) Go version: go1.11.2 Git commit: 7d02782d2f Built: Thu Nov 8 10:23:42 2018 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.1.4 GitCommit: 9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b runc: Version: 1.0.0-rc5+dev GitCommit: a00bf0190895aa465a5fbed0268888e2c8ddfe85 docker-init: Version: 0.18.0 GitCommit: fec3683 ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-05 10:30:10 +00:00
}
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
return nil
}
version: add RootlessKit, slirp4netns, and VPNKit version ```console $ docker --context=rootless version ... Server: ... rootlesskit: Version: 0.14.2 ApiVersion: 1.1.1 NetworkDriver: slirp4netns PortDriver: builtin StateDir: /tmp/rootlesskit245426514 slirp4netns: Version: 1.1.9 GitCommit: 4e37ea557562e0d7a64dc636eff156f64927335e ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-04-27 07:46:04 +00:00
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
func populateRuncCommit(v *system.Commit, cfg *configStore) error {
_, _, commit, err := parseDefaultRuntimeVersion(&cfg.Runtimes)
if err != nil {
return err
}
v.ID = commit
v.Expected = commit
return nil
version: add RootlessKit, slirp4netns, and VPNKit version ```console $ docker --context=rootless version ... Server: ... rootlesskit: Version: 0.14.2 ApiVersion: 1.1.1 NetworkDriver: slirp4netns PortDriver: builtin StateDir: /tmp/rootlesskit245426514 slirp4netns: Version: 1.1.9 GitCommit: 4e37ea557562e0d7a64dc636eff156f64927335e ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-04-27 07:46:04 +00:00
}
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
func (daemon *Daemon) populateInitCommit(ctx context.Context, v *system.Info, cfg *configStore) error {
v.InitBinary = cfg.GetInitPath()
initBinary, err := cfg.LookupInitPath()
if err != nil {
log.G(ctx).WithError(err).Warnf("Failed to find docker-init")
return nil
}
rv, err := exec.CommandContext(ctx, initBinary, "--version").Output()
if err != nil {
if errdefs.IsContext(err) {
return err
}
log.G(ctx).WithError(err).Warnf("Failed to retrieve %s version", initBinary)
return nil
}
_, commit, err := parseInitVersion(string(rv))
if err != nil {
log.G(ctx).WithError(err).Warnf("failed to parse %s version", initBinary)
return nil
}
v.InitCommit.ID = commit
v.InitCommit.Expected = v.InitCommit.ID
return nil
}
func (daemon *Daemon) fillRootlessVersion(ctx context.Context, v *types.Version) error {
version: add RootlessKit, slirp4netns, and VPNKit version ```console $ docker --context=rootless version ... Server: ... rootlesskit: Version: 0.14.2 ApiVersion: 1.1.1 NetworkDriver: slirp4netns PortDriver: builtin StateDir: /tmp/rootlesskit245426514 slirp4netns: Version: 1.1.9 GitCommit: 4e37ea557562e0d7a64dc636eff156f64927335e ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-04-27 07:46:04 +00:00
if !rootless.RunningWithRootlessKit() {
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
return nil
version: add RootlessKit, slirp4netns, and VPNKit version ```console $ docker --context=rootless version ... Server: ... rootlesskit: Version: 0.14.2 ApiVersion: 1.1.1 NetworkDriver: slirp4netns PortDriver: builtin StateDir: /tmp/rootlesskit245426514 slirp4netns: Version: 1.1.9 GitCommit: 4e37ea557562e0d7a64dc636eff156f64927335e ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-04-27 07:46:04 +00:00
}
pkg/rootless: remove GetRootlessKitClient, and move to daemon This utility was only used in a single location (as part of `docker info`), but the `pkg/rootless` package is imported in various locations, causing rootlesskit to be a dependency for consumers of that package. Move GetRootlessKitClient to the daemon code, which is the only location it was used. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-12 11:44:30 +00:00
rlc, err := getRootlessKitClient()
version: add RootlessKit, slirp4netns, and VPNKit version ```console $ docker --context=rootless version ... Server: ... rootlesskit: Version: 0.14.2 ApiVersion: 1.1.1 NetworkDriver: slirp4netns PortDriver: builtin StateDir: /tmp/rootlesskit245426514 slirp4netns: Version: 1.1.9 GitCommit: 4e37ea557562e0d7a64dc636eff156f64927335e ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-04-27 07:46:04 +00:00
if err != nil {
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
return errors.Wrap(err, "failed to create RootlessKit client")
version: add RootlessKit, slirp4netns, and VPNKit version ```console $ docker --context=rootless version ... Server: ... rootlesskit: Version: 0.14.2 ApiVersion: 1.1.1 NetworkDriver: slirp4netns PortDriver: builtin StateDir: /tmp/rootlesskit245426514 slirp4netns: Version: 1.1.9 GitCommit: 4e37ea557562e0d7a64dc636eff156f64927335e ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-04-27 07:46:04 +00:00
}
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
rlInfo, err := rlc.Info(ctx)
version: add RootlessKit, slirp4netns, and VPNKit version ```console $ docker --context=rootless version ... Server: ... rootlesskit: Version: 0.14.2 ApiVersion: 1.1.1 NetworkDriver: slirp4netns PortDriver: builtin StateDir: /tmp/rootlesskit245426514 slirp4netns: Version: 1.1.9 GitCommit: 4e37ea557562e0d7a64dc636eff156f64927335e ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-04-27 07:46:04 +00:00
if err != nil {
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
return errors.Wrap(err, "failed to retrieve RootlessKit version")
version: add RootlessKit, slirp4netns, and VPNKit version ```console $ docker --context=rootless version ... Server: ... rootlesskit: Version: 0.14.2 ApiVersion: 1.1.1 NetworkDriver: slirp4netns PortDriver: builtin StateDir: /tmp/rootlesskit245426514 slirp4netns: Version: 1.1.9 GitCommit: 4e37ea557562e0d7a64dc636eff156f64927335e ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-04-27 07:46:04 +00:00
}
(*Daemon).fillRootlessVersion: fix nil panic Fix issue 47085 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2024-01-16 15:48:12 +00:00
rlV := types.ComponentVersion{
version: add RootlessKit, slirp4netns, and VPNKit version ```console $ docker --context=rootless version ... Server: ... rootlesskit: Version: 0.14.2 ApiVersion: 1.1.1 NetworkDriver: slirp4netns PortDriver: builtin StateDir: /tmp/rootlesskit245426514 slirp4netns: Version: 1.1.9 GitCommit: 4e37ea557562e0d7a64dc636eff156f64927335e ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-04-27 07:46:04 +00:00
Name: "rootlesskit",
Version: rlInfo.Version,
Details: map[string]string{
(*Daemon).fillRootlessVersion: fix nil panic Fix issue 47085 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2024-01-16 15:48:12 +00:00
"ApiVersion": rlInfo.APIVersion,
"StateDir": rlInfo.StateDir,
version: add RootlessKit, slirp4netns, and VPNKit version ```console $ docker --context=rootless version ... Server: ... rootlesskit: Version: 0.14.2 ApiVersion: 1.1.1 NetworkDriver: slirp4netns PortDriver: builtin StateDir: /tmp/rootlesskit245426514 slirp4netns: Version: 1.1.9 GitCommit: 4e37ea557562e0d7a64dc636eff156f64927335e ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-04-27 07:46:04 +00:00
},
(*Daemon).fillRootlessVersion: fix nil panic Fix issue 47085 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2024-01-16 15:48:12 +00:00
}
if netDriver := rlInfo.NetworkDriver; netDriver != nil {
// netDriver is nil for the "host" network driver
// (not used for Rootless Docker)
rlV.Details["NetworkDriver"] = netDriver.Driver
}
if portDriver := rlInfo.PortDriver; portDriver != nil {
// portDriver is nil for the "implicit" port driver
// (used with "pasta" network driver)
//
// Because the ports are not managed via RootlessKit API in this case.
rlV.Details["PortDriver"] = portDriver.Driver
}
v.Components = append(v.Components, rlV)
version: add RootlessKit, slirp4netns, and VPNKit version ```console $ docker --context=rootless version ... Server: ... rootlesskit: Version: 0.14.2 ApiVersion: 1.1.1 NetworkDriver: slirp4netns PortDriver: builtin StateDir: /tmp/rootlesskit245426514 slirp4netns: Version: 1.1.9 GitCommit: 4e37ea557562e0d7a64dc636eff156f64927335e ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-04-27 07:46:04 +00:00
switch rlInfo.NetworkDriver.Driver {
case "slirp4netns":
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
err = func() error {
rv, err := exec.CommandContext(ctx, "slirp4netns", "--version").Output()
if err != nil {
if errdefs.IsContext(err) {
return err
}
log.G(ctx).WithError(err).Warn("Failed to retrieve slirp4netns version")
return nil
version: add RootlessKit, slirp4netns, and VPNKit version ```console $ docker --context=rootless version ... Server: ... rootlesskit: Version: 0.14.2 ApiVersion: 1.1.1 NetworkDriver: slirp4netns PortDriver: builtin StateDir: /tmp/rootlesskit245426514 slirp4netns: Version: 1.1.9 GitCommit: 4e37ea557562e0d7a64dc636eff156f64927335e ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-04-27 07:46:04 +00:00
}
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
_, ver, commit, err := parseRuntimeVersion(string(rv))
if err != nil {
log.G(ctx).WithError(err).Warn("Failed to parse slirp4netns version")
return nil
}
v.Components = append(v.Components, types.ComponentVersion{
Name: "slirp4netns",
Version: ver,
Details: map[string]string{
"GitCommit": commit,
},
})
return nil
}()
if err != nil {
return err
version: add RootlessKit, slirp4netns, and VPNKit version ```console $ docker --context=rootless version ... Server: ... rootlesskit: Version: 0.14.2 ApiVersion: 1.1.1 NetworkDriver: slirp4netns PortDriver: builtin StateDir: /tmp/rootlesskit245426514 slirp4netns: Version: 1.1.9 GitCommit: 4e37ea557562e0d7a64dc636eff156f64927335e ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-04-27 07:46:04 +00:00
}
case "vpnkit":
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
err = func() error {
out, err := exec.CommandContext(ctx, "vpnkit", "--version").Output()
if err != nil {
if errdefs.IsContext(err) {
return err
}
log.G(ctx).WithError(err).Warn("Failed to retrieve vpnkit version")
return nil
}
version: add RootlessKit, slirp4netns, and VPNKit version ```console $ docker --context=rootless version ... Server: ... rootlesskit: Version: 0.14.2 ApiVersion: 1.1.1 NetworkDriver: slirp4netns PortDriver: builtin StateDir: /tmp/rootlesskit245426514 slirp4netns: Version: 1.1.9 GitCommit: 4e37ea557562e0d7a64dc636eff156f64927335e ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-04-27 07:46:04 +00:00
v.Components = append(v.Components, types.ComponentVersion{
Name: "vpnkit",
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
Version: strings.TrimSpace(strings.TrimSpace(string(out))),
version: add RootlessKit, slirp4netns, and VPNKit version ```console $ docker --context=rootless version ... Server: ... rootlesskit: Version: 0.14.2 ApiVersion: 1.1.1 NetworkDriver: slirp4netns PortDriver: builtin StateDir: /tmp/rootlesskit245426514 slirp4netns: Version: 1.1.9 GitCommit: 4e37ea557562e0d7a64dc636eff156f64927335e ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-04-27 07:46:04 +00:00
})
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
return nil
}()
if err != nil {
return err
version: add RootlessKit, slirp4netns, and VPNKit version ```console $ docker --context=rootless version ... Server: ... rootlesskit: Version: 0.14.2 ApiVersion: 1.1.1 NetworkDriver: slirp4netns PortDriver: builtin StateDir: /tmp/rootlesskit245426514 slirp4netns: Version: 1.1.9 GitCommit: 4e37ea557562e0d7a64dc636eff156f64927335e ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-04-27 07:46:04 +00:00
}
}
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
return nil
Add containerd, runc, and docker-init versions to /version This patch adds version information about the containerd, runc, and docker-init components to the /version endpoint. With this patch applied, running: ``` curl --unix-socket /var/run/docker.sock http://localhost/version | jq . ``` Will produce this response: ```json { "Platform": { "Name": "" }, "Components": [ { "Name": "Engine", "Version": "dev", "Details": { "ApiVersion": "1.40", "Arch": "amd64", "BuildTime": "2018-11-08T10:23:42.000000000+00:00", "Experimental": "false", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "KernelVersion": "4.9.93-linuxkit-aufs", "MinAPIVersion": "1.12", "Os": "linux" } }, { "Name": "containerd", "Version": "v1.1.4", "Details": { "GitCommit": "9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b" } }, { "Name": "runc", "Version": "1.0.0-rc5+dev", "Details": { "GitCommit": "a00bf0190895aa465a5fbed0268888e2c8ddfe85" } }, { "Name": "docker-init", "Version": "0.18.0", "Details": { "GitCommit": "fec3683" } } ], "Version": "dev", "ApiVersion": "1.40", "MinAPIVersion": "1.12", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "Os": "linux", "Arch": "amd64", "KernelVersion": "4.9.93-linuxkit-aufs", "BuildTime": "2018-11-08T10:23:42.000000000+00:00" } ``` When using a recent version of the CLI, that information is included in the output of `docker version`: ``` Client: Docker Engine - Community Version: 18.09.0 API version: 1.39 Go version: go1.10.4 Git commit: 4d60db4 Built: Wed Nov 7 00:46:51 2018 OS/Arch: linux/amd64 Experimental: false Server: Engine: Version: dev API version: 1.40 (minimum version 1.12) Go version: go1.11.2 Git commit: 7d02782d2f Built: Thu Nov 8 10:23:42 2018 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.1.4 GitCommit: 9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b runc: Version: 1.0.0-rc5+dev GitCommit: a00bf0190895aa465a5fbed0268888e2c8ddfe85 docker-init: Version: 0.18.0 GitCommit: fec3683 ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-05 10:30:10 +00:00
}
pkg/rootless: remove GetRootlessKitClient, and move to daemon This utility was only used in a single location (as part of `docker info`), but the `pkg/rootless` package is imported in various locations, causing rootlesskit to be a dependency for consumers of that package. Move GetRootlessKitClient to the daemon code, which is the only location it was used. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-12 11:44:30 +00:00
// getRootlessKitClient returns RootlessKit client
func getRootlessKitClient() (rkclient.Client, error) {
stateDir := os.Getenv("ROOTLESSKIT_STATE_DIR")
if stateDir == "" {
return nil, errors.New("environment variable `ROOTLESSKIT_STATE_DIR` is not set")
}
apiSock := filepath.Join(stateDir, "api.sock")
return rkclient.New(apiSock)
}
api/types: move system info types to api/types/system Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-03 11:14:14 +00:00
func fillDriverWarnings(v *system.Info) {
Add "Warnings" to /info endpoint, and move detection to the daemon When requesting information about the daemon's configuration through the `/info` endpoint, missing features (or non-recommended settings) may have to be presented to the user. Detecting these situations, and printing warnings currently is handled by the cli, which results in some complications: - duplicated effort: each client has to re-implement detection and warnings. - it's not possible to generate warnings for reasons outside of the information returned in the `/info` response. - cli-side detection has to be updated for new conditions. This means that an older cli connecting to a new daemon may not print all warnings (due to it not detecting the new conditions) - some warnings (in particular, warnings about storage-drivers) depend on driver-status (`DriverStatus`) information. The format of the information returned in this field is not part of the API specification and can change over time, resulting in cli-side detection no longer being functional. This patch adds a new `Warnings` field to the `/info` response. This field is to return warnings to be presented by the user. Existing warnings that are currently handled by the CLI are copied to the daemon as part of this patch; This change is backward-compatible with existing clients; old client can continue to use the client-side warnings, whereas new clients can skip client-side detection, and print warnings that are returned by the daemon. Example response with this patch applied; ```bash curl --unix-socket /var/run/docker.sock http://localhost/info | jq .Warnings ``` ```json [ "WARNING: bridge-nf-call-iptables is disabled", "WARNING: bridge-nf-call-ip6tables is disabled" ] ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-19 11:45:32 +00:00
for _, pair := range v.DriverStatus {
pkg/archive: bail if setting xattrs is unsupported Extended attributes are set on files in container images for a reason. Fail to unpack if extended attributes are present in a layer and setting the attributes on the unpacked files fails for any reason. Add an option to the vfs graph driver to opt into the old behaviour where ENOTSUPP and EPERM errors encountered when setting extended attributes are ignored. Make it abundantly clear to users and anyone triaging their bug reports that they are shooting themselves in the foot by enabling this option. Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-05-09 17:52:30 +00:00
if pair[0] == "Extended file attributes" && pair[1] == "best-effort" {
msg := fmt.Sprintf("WARNING: %s: extended file attributes from container images "+
"will be silently discarded if the backing filesystem does not support them.\n"+
" CONTAINERS MAY MALFUNCTION IF EXTENDED ATTRIBUTES ARE MISSING.\n"+
" This is an UNSUPPORTABLE configuration for which no bug reports will be accepted.\n", v.Driver)
Add "Warnings" to /info endpoint, and move detection to the daemon When requesting information about the daemon's configuration through the `/info` endpoint, missing features (or non-recommended settings) may have to be presented to the user. Detecting these situations, and printing warnings currently is handled by the cli, which results in some complications: - duplicated effort: each client has to re-implement detection and warnings. - it's not possible to generate warnings for reasons outside of the information returned in the `/info` response. - cli-side detection has to be updated for new conditions. This means that an older cli connecting to a new daemon may not print all warnings (due to it not detecting the new conditions) - some warnings (in particular, warnings about storage-drivers) depend on driver-status (`DriverStatus`) information. The format of the information returned in this field is not part of the API specification and can change over time, resulting in cli-side detection no longer being functional. This patch adds a new `Warnings` field to the `/info` response. This field is to return warnings to be presented by the user. Existing warnings that are currently handled by the CLI are copied to the daemon as part of this patch; This change is backward-compatible with existing clients; old client can continue to use the client-side warnings, whereas new clients can skip client-side detection, and print warnings that are returned by the daemon. Example response with this patch applied; ```bash curl --unix-socket /var/run/docker.sock http://localhost/info | jq .Warnings ``` ```json [ "WARNING: bridge-nf-call-iptables is disabled", "WARNING: bridge-nf-call-ip6tables is disabled" ] ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-19 11:45:32 +00:00
v.Warnings = append(v.Warnings, msg)
continue
}
}
}
Add containerd, runc, and docker-init versions to /version This patch adds version information about the containerd, runc, and docker-init components to the /version endpoint. With this patch applied, running: ``` curl --unix-socket /var/run/docker.sock http://localhost/version | jq . ``` Will produce this response: ```json { "Platform": { "Name": "" }, "Components": [ { "Name": "Engine", "Version": "dev", "Details": { "ApiVersion": "1.40", "Arch": "amd64", "BuildTime": "2018-11-08T10:23:42.000000000+00:00", "Experimental": "false", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "KernelVersion": "4.9.93-linuxkit-aufs", "MinAPIVersion": "1.12", "Os": "linux" } }, { "Name": "containerd", "Version": "v1.1.4", "Details": { "GitCommit": "9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b" } }, { "Name": "runc", "Version": "1.0.0-rc5+dev", "Details": { "GitCommit": "a00bf0190895aa465a5fbed0268888e2c8ddfe85" } }, { "Name": "docker-init", "Version": "0.18.0", "Details": { "GitCommit": "fec3683" } } ], "Version": "dev", "ApiVersion": "1.40", "MinAPIVersion": "1.12", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "Os": "linux", "Arch": "amd64", "KernelVersion": "4.9.93-linuxkit-aufs", "BuildTime": "2018-11-08T10:23:42.000000000+00:00" } ``` When using a recent version of the CLI, that information is included in the output of `docker version`: ``` Client: Docker Engine - Community Version: 18.09.0 API version: 1.39 Go version: go1.10.4 Git commit: 4d60db4 Built: Wed Nov 7 00:46:51 2018 OS/Arch: linux/amd64 Experimental: false Server: Engine: Version: dev API version: 1.40 (minimum version 1.12) Go version: go1.11.2 Git commit: 7d02782d2f Built: Thu Nov 8 10:23:42 2018 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.1.4 GitCommit: 9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b runc: Version: 1.0.0-rc5+dev GitCommit: a00bf0190895aa465a5fbed0268888e2c8ddfe85 docker-init: Version: 0.18.0 GitCommit: fec3683 ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-05 10:30:10 +00:00
// parseInitVersion parses a Tini version string, and extracts the "version"
// and "git commit" from the output.
//
// Output example from `docker-init --version`:
//
gofmt GoDoc comments with go1.19 Older versions of Go don't format comments, so committing this as a separate commit, so that we can already make these changes before we upgrade to Go 1.19. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-08 16:27:07 +00:00
// tini version 0.18.0 - git.fec3683
Add containerd, runc, and docker-init versions to /version This patch adds version information about the containerd, runc, and docker-init components to the /version endpoint. With this patch applied, running: ``` curl --unix-socket /var/run/docker.sock http://localhost/version | jq . ``` Will produce this response: ```json { "Platform": { "Name": "" }, "Components": [ { "Name": "Engine", "Version": "dev", "Details": { "ApiVersion": "1.40", "Arch": "amd64", "BuildTime": "2018-11-08T10:23:42.000000000+00:00", "Experimental": "false", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "KernelVersion": "4.9.93-linuxkit-aufs", "MinAPIVersion": "1.12", "Os": "linux" } }, { "Name": "containerd", "Version": "v1.1.4", "Details": { "GitCommit": "9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b" } }, { "Name": "runc", "Version": "1.0.0-rc5+dev", "Details": { "GitCommit": "a00bf0190895aa465a5fbed0268888e2c8ddfe85" } }, { "Name": "docker-init", "Version": "0.18.0", "Details": { "GitCommit": "fec3683" } } ], "Version": "dev", "ApiVersion": "1.40", "MinAPIVersion": "1.12", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "Os": "linux", "Arch": "amd64", "KernelVersion": "4.9.93-linuxkit-aufs", "BuildTime": "2018-11-08T10:23:42.000000000+00:00" } ``` When using a recent version of the CLI, that information is included in the output of `docker version`: ``` Client: Docker Engine - Community Version: 18.09.0 API version: 1.39 Go version: go1.10.4 Git commit: 4d60db4 Built: Wed Nov 7 00:46:51 2018 OS/Arch: linux/amd64 Experimental: false Server: Engine: Version: dev API version: 1.40 (minimum version 1.12) Go version: go1.11.2 Git commit: 7d02782d2f Built: Thu Nov 8 10:23:42 2018 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.1.4 GitCommit: 9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b runc: Version: 1.0.0-rc5+dev GitCommit: a00bf0190895aa465a5fbed0268888e2c8ddfe85 docker-init: Version: 0.18.0 GitCommit: fec3683 ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-05 10:30:10 +00:00
func parseInitVersion(v string) (version string, commit string, err error) {
TestParseInitVersion: add some additional tests Also slightly harden parseInitVersion Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-16 01:33:48 +00:00
parts := strings.Split(v, " - ")
Refactor "init" version parsing, and add unit-test Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-03-29 11:44:14 +00:00
if len(parts) >= 2 {
TestParseInitVersion: add some additional tests Also slightly harden parseInitVersion Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-16 01:33:48 +00:00
gitParts := strings.Split(strings.TrimSpace(parts[1]), ".")
Refactor "init" version parsing, and add unit-test Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-03-29 11:44:14 +00:00
if len(gitParts) == 2 && gitParts[0] == "git" {
Add containerd, runc, and docker-init versions to /version This patch adds version information about the containerd, runc, and docker-init components to the /version endpoint. With this patch applied, running: ``` curl --unix-socket /var/run/docker.sock http://localhost/version | jq . ``` Will produce this response: ```json { "Platform": { "Name": "" }, "Components": [ { "Name": "Engine", "Version": "dev", "Details": { "ApiVersion": "1.40", "Arch": "amd64", "BuildTime": "2018-11-08T10:23:42.000000000+00:00", "Experimental": "false", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "KernelVersion": "4.9.93-linuxkit-aufs", "MinAPIVersion": "1.12", "Os": "linux" } }, { "Name": "containerd", "Version": "v1.1.4", "Details": { "GitCommit": "9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b" } }, { "Name": "runc", "Version": "1.0.0-rc5+dev", "Details": { "GitCommit": "a00bf0190895aa465a5fbed0268888e2c8ddfe85" } }, { "Name": "docker-init", "Version": "0.18.0", "Details": { "GitCommit": "fec3683" } } ], "Version": "dev", "ApiVersion": "1.40", "MinAPIVersion": "1.12", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "Os": "linux", "Arch": "amd64", "KernelVersion": "4.9.93-linuxkit-aufs", "BuildTime": "2018-11-08T10:23:42.000000000+00:00" } ``` When using a recent version of the CLI, that information is included in the output of `docker version`: ``` Client: Docker Engine - Community Version: 18.09.0 API version: 1.39 Go version: go1.10.4 Git commit: 4d60db4 Built: Wed Nov 7 00:46:51 2018 OS/Arch: linux/amd64 Experimental: false Server: Engine: Version: dev API version: 1.40 (minimum version 1.12) Go version: go1.11.2 Git commit: 7d02782d2f Built: Thu Nov 8 10:23:42 2018 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.1.4 GitCommit: 9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b runc: Version: 1.0.0-rc5+dev GitCommit: a00bf0190895aa465a5fbed0268888e2c8ddfe85 docker-init: Version: 0.18.0 GitCommit: fec3683 ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-05 10:30:10 +00:00
commit = gitParts[1]
Refactor "init" version parsing, and add unit-test Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-03-29 11:44:14 +00:00
}
}
TestParseInitVersion: add some additional tests Also slightly harden parseInitVersion Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-16 01:33:48 +00:00
parts[0] = strings.TrimSpace(parts[0])
Add containerd, runc, and docker-init versions to /version This patch adds version information about the containerd, runc, and docker-init components to the /version endpoint. With this patch applied, running: ``` curl --unix-socket /var/run/docker.sock http://localhost/version | jq . ``` Will produce this response: ```json { "Platform": { "Name": "" }, "Components": [ { "Name": "Engine", "Version": "dev", "Details": { "ApiVersion": "1.40", "Arch": "amd64", "BuildTime": "2018-11-08T10:23:42.000000000+00:00", "Experimental": "false", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "KernelVersion": "4.9.93-linuxkit-aufs", "MinAPIVersion": "1.12", "Os": "linux" } }, { "Name": "containerd", "Version": "v1.1.4", "Details": { "GitCommit": "9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b" } }, { "Name": "runc", "Version": "1.0.0-rc5+dev", "Details": { "GitCommit": "a00bf0190895aa465a5fbed0268888e2c8ddfe85" } }, { "Name": "docker-init", "Version": "0.18.0", "Details": { "GitCommit": "fec3683" } } ], "Version": "dev", "ApiVersion": "1.40", "MinAPIVersion": "1.12", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "Os": "linux", "Arch": "amd64", "KernelVersion": "4.9.93-linuxkit-aufs", "BuildTime": "2018-11-08T10:23:42.000000000+00:00" } ``` When using a recent version of the CLI, that information is included in the output of `docker version`: ``` Client: Docker Engine - Community Version: 18.09.0 API version: 1.39 Go version: go1.10.4 Git commit: 4d60db4 Built: Wed Nov 7 00:46:51 2018 OS/Arch: linux/amd64 Experimental: false Server: Engine: Version: dev API version: 1.40 (minimum version 1.12) Go version: go1.11.2 Git commit: 7d02782d2f Built: Thu Nov 8 10:23:42 2018 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.1.4 GitCommit: 9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b runc: Version: 1.0.0-rc5+dev GitCommit: a00bf0190895aa465a5fbed0268888e2c8ddfe85 docker-init: Version: 0.18.0 GitCommit: fec3683 ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-05 10:30:10 +00:00
if strings.HasPrefix(parts[0], "tini version ") {
version = strings.TrimPrefix(parts[0], "tini version ")
}
if version == "" && commit == "" {
err = errors.Errorf("unknown output format: %s", v)
}
return version, commit, err
}
Parse runtime name Signed-off-by: Carlos de Paula <me@carlosedp.com>
2019-09-15 15:15:27 +00:00
// parseRuntimeVersion parses the output of `[runtime] --version` and extracts the
// "name", "version" and "git commit" from the output.
Add containerd, runc, and docker-init versions to /version This patch adds version information about the containerd, runc, and docker-init components to the /version endpoint. With this patch applied, running: ``` curl --unix-socket /var/run/docker.sock http://localhost/version | jq . ``` Will produce this response: ```json { "Platform": { "Name": "" }, "Components": [ { "Name": "Engine", "Version": "dev", "Details": { "ApiVersion": "1.40", "Arch": "amd64", "BuildTime": "2018-11-08T10:23:42.000000000+00:00", "Experimental": "false", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "KernelVersion": "4.9.93-linuxkit-aufs", "MinAPIVersion": "1.12", "Os": "linux" } }, { "Name": "containerd", "Version": "v1.1.4", "Details": { "GitCommit": "9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b" } }, { "Name": "runc", "Version": "1.0.0-rc5+dev", "Details": { "GitCommit": "a00bf0190895aa465a5fbed0268888e2c8ddfe85" } }, { "Name": "docker-init", "Version": "0.18.0", "Details": { "GitCommit": "fec3683" } } ], "Version": "dev", "ApiVersion": "1.40", "MinAPIVersion": "1.12", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "Os": "linux", "Arch": "amd64", "KernelVersion": "4.9.93-linuxkit-aufs", "BuildTime": "2018-11-08T10:23:42.000000000+00:00" } ``` When using a recent version of the CLI, that information is included in the output of `docker version`: ``` Client: Docker Engine - Community Version: 18.09.0 API version: 1.39 Go version: go1.10.4 Git commit: 4d60db4 Built: Wed Nov 7 00:46:51 2018 OS/Arch: linux/amd64 Experimental: false Server: Engine: Version: dev API version: 1.40 (minimum version 1.12) Go version: go1.11.2 Git commit: 7d02782d2f Built: Thu Nov 8 10:23:42 2018 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.1.4 GitCommit: 9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b runc: Version: 1.0.0-rc5+dev GitCommit: a00bf0190895aa465a5fbed0268888e2c8ddfe85 docker-init: Version: 0.18.0 GitCommit: fec3683 ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-05 10:30:10 +00:00
//
// Output example from `runc --version`:
//
gofmt GoDoc comments with go1.19 Older versions of Go don't format comments, so committing this as a separate commit, so that we can already make these changes before we upgrade to Go 1.19. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-08 16:27:07 +00:00
// runc version 1.0.0-rc5+dev
// commit: 69663f0bd4b60df09991c08812a60108003fa340
// spec: 1.0.0
daemon: reload runtimes w/o breaking containers The existing runtimes reload logic went to great lengths to replace the directory containing runtime wrapper scripts as atomically as possible within the limitations of the Linux filesystem ABI. Trouble is, atomically swapping the wrapper scripts directory solves the wrong problem! The runtime configuration is "locked in" when a container is started, including the path to the runC binary. If a container is started with a runtime which requires a daemon-managed wrapper script and then the daemon is reloaded with a config which no longer requires the wrapper script (i.e. some args -> no args, or the runtime is dropped from the config), that container would become unmanageable. Any attempts to stop, exec or otherwise perform lifecycle management operations on the container are likely to fail due to the wrapper script no longer existing at its original path. Atomically swapping the wrapper scripts is also incompatible with the read-copy-update paradigm for reloading configuration. A handler in the daemon could retain a reference to the pre-reload configuration for an indeterminate amount of time after the daemon configuration has been reloaded and updated. It is possible for the daemon to attempt to start a container using a deleted wrapper script if a request to run a container races a reload. Solve the problem of deleting referenced wrapper scripts by ensuring that all wrapper scripts are *immutable* for the lifetime of the daemon process. Any given runtime wrapper script must always exist with the same contents, no matter how many times the daemon config is reloaded, or what changes are made to the config. This is accomplished by using everyone's favourite design pattern: content-addressable storage. Each wrapper script file name is suffixed with the SHA-256 digest of its contents to (probabilistically) guarantee immutability without needing any concurrency control. Stale runtime wrapper scripts are only cleaned up on the next daemon restart. Split the derived runtimes configuration from the user-supplied configuration to have a place to store derived state without mutating the user-supplied configuration or exposing daemon internals in API struct types. Hold the derived state and the user-supplied configuration in a single struct value so that they can be updated as an atomic unit. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-31 20:12:30 +00:00
func parseRuntimeVersion(v string) (runtime, version, commit string, err error) {
Add containerd, runc, and docker-init versions to /version This patch adds version information about the containerd, runc, and docker-init components to the /version endpoint. With this patch applied, running: ``` curl --unix-socket /var/run/docker.sock http://localhost/version | jq . ``` Will produce this response: ```json { "Platform": { "Name": "" }, "Components": [ { "Name": "Engine", "Version": "dev", "Details": { "ApiVersion": "1.40", "Arch": "amd64", "BuildTime": "2018-11-08T10:23:42.000000000+00:00", "Experimental": "false", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "KernelVersion": "4.9.93-linuxkit-aufs", "MinAPIVersion": "1.12", "Os": "linux" } }, { "Name": "containerd", "Version": "v1.1.4", "Details": { "GitCommit": "9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b" } }, { "Name": "runc", "Version": "1.0.0-rc5+dev", "Details": { "GitCommit": "a00bf0190895aa465a5fbed0268888e2c8ddfe85" } }, { "Name": "docker-init", "Version": "0.18.0", "Details": { "GitCommit": "fec3683" } } ], "Version": "dev", "ApiVersion": "1.40", "MinAPIVersion": "1.12", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "Os": "linux", "Arch": "amd64", "KernelVersion": "4.9.93-linuxkit-aufs", "BuildTime": "2018-11-08T10:23:42.000000000+00:00" } ``` When using a recent version of the CLI, that information is included in the output of `docker version`: ``` Client: Docker Engine - Community Version: 18.09.0 API version: 1.39 Go version: go1.10.4 Git commit: 4d60db4 Built: Wed Nov 7 00:46:51 2018 OS/Arch: linux/amd64 Experimental: false Server: Engine: Version: dev API version: 1.40 (minimum version 1.12) Go version: go1.11.2 Git commit: 7d02782d2f Built: Thu Nov 8 10:23:42 2018 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.1.4 GitCommit: 9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b runc: Version: 1.0.0-rc5+dev GitCommit: a00bf0190895aa465a5fbed0268888e2c8ddfe85 docker-init: Version: 0.18.0 GitCommit: fec3683 ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-05 10:30:10 +00:00
lines := strings.Split(strings.TrimSpace(v), "\n")
for _, line := range lines {
Change version parsing to support alternate runtimes Signed-off-by: Carlos de Paula <me@carlosedp.com>
2019-09-17 00:13:01 +00:00
if strings.Contains(line, "version") {
s := strings.Split(line, "version")
Parse runtime name Signed-off-by: Carlos de Paula <me@carlosedp.com>
2019-09-15 15:15:27 +00:00
runtime = strings.TrimSpace(s[0])
Change version parsing to support alternate runtimes Signed-off-by: Carlos de Paula <me@carlosedp.com>
2019-09-17 00:13:01 +00:00
version = strings.TrimSpace(s[len(s)-1])
Add containerd, runc, and docker-init versions to /version This patch adds version information about the containerd, runc, and docker-init components to the /version endpoint. With this patch applied, running: ``` curl --unix-socket /var/run/docker.sock http://localhost/version | jq . ``` Will produce this response: ```json { "Platform": { "Name": "" }, "Components": [ { "Name": "Engine", "Version": "dev", "Details": { "ApiVersion": "1.40", "Arch": "amd64", "BuildTime": "2018-11-08T10:23:42.000000000+00:00", "Experimental": "false", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "KernelVersion": "4.9.93-linuxkit-aufs", "MinAPIVersion": "1.12", "Os": "linux" } }, { "Name": "containerd", "Version": "v1.1.4", "Details": { "GitCommit": "9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b" } }, { "Name": "runc", "Version": "1.0.0-rc5+dev", "Details": { "GitCommit": "a00bf0190895aa465a5fbed0268888e2c8ddfe85" } }, { "Name": "docker-init", "Version": "0.18.0", "Details": { "GitCommit": "fec3683" } } ], "Version": "dev", "ApiVersion": "1.40", "MinAPIVersion": "1.12", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "Os": "linux", "Arch": "amd64", "KernelVersion": "4.9.93-linuxkit-aufs", "BuildTime": "2018-11-08T10:23:42.000000000+00:00" } ``` When using a recent version of the CLI, that information is included in the output of `docker version`: ``` Client: Docker Engine - Community Version: 18.09.0 API version: 1.39 Go version: go1.10.4 Git commit: 4d60db4 Built: Wed Nov 7 00:46:51 2018 OS/Arch: linux/amd64 Experimental: false Server: Engine: Version: dev API version: 1.40 (minimum version 1.12) Go version: go1.11.2 Git commit: 7d02782d2f Built: Thu Nov 8 10:23:42 2018 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.1.4 GitCommit: 9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b runc: Version: 1.0.0-rc5+dev GitCommit: a00bf0190895aa465a5fbed0268888e2c8ddfe85 docker-init: Version: 0.18.0 GitCommit: fec3683 ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-05 10:30:10 +00:00
continue
}
if strings.HasPrefix(line, "commit:") {
commit = strings.TrimSpace(strings.TrimPrefix(line, "commit:"))
continue
}
Refactor "init" version parsing, and add unit-test Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-03-29 11:44:14 +00:00
}
Add containerd, runc, and docker-init versions to /version This patch adds version information about the containerd, runc, and docker-init components to the /version endpoint. With this patch applied, running: ``` curl --unix-socket /var/run/docker.sock http://localhost/version | jq . ``` Will produce this response: ```json { "Platform": { "Name": "" }, "Components": [ { "Name": "Engine", "Version": "dev", "Details": { "ApiVersion": "1.40", "Arch": "amd64", "BuildTime": "2018-11-08T10:23:42.000000000+00:00", "Experimental": "false", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "KernelVersion": "4.9.93-linuxkit-aufs", "MinAPIVersion": "1.12", "Os": "linux" } }, { "Name": "containerd", "Version": "v1.1.4", "Details": { "GitCommit": "9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b" } }, { "Name": "runc", "Version": "1.0.0-rc5+dev", "Details": { "GitCommit": "a00bf0190895aa465a5fbed0268888e2c8ddfe85" } }, { "Name": "docker-init", "Version": "0.18.0", "Details": { "GitCommit": "fec3683" } } ], "Version": "dev", "ApiVersion": "1.40", "MinAPIVersion": "1.12", "GitCommit": "7d02782d2f", "GoVersion": "go1.11.2", "Os": "linux", "Arch": "amd64", "KernelVersion": "4.9.93-linuxkit-aufs", "BuildTime": "2018-11-08T10:23:42.000000000+00:00" } ``` When using a recent version of the CLI, that information is included in the output of `docker version`: ``` Client: Docker Engine - Community Version: 18.09.0 API version: 1.39 Go version: go1.10.4 Git commit: 4d60db4 Built: Wed Nov 7 00:46:51 2018 OS/Arch: linux/amd64 Experimental: false Server: Engine: Version: dev API version: 1.40 (minimum version 1.12) Go version: go1.11.2 Git commit: 7d02782d2f Built: Thu Nov 8 10:23:42 2018 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.1.4 GitCommit: 9f2e07b1fc1342d1c48fe4d7bbb94cb6d1bf278b runc: Version: 1.0.0-rc5+dev GitCommit: a00bf0190895aa465a5fbed0268888e2c8ddfe85 docker-init: Version: 0.18.0 GitCommit: fec3683 ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-05 10:30:10 +00:00
if version == "" && commit == "" {
err = errors.Errorf("unknown output format: %s", v)
Refactor "init" version parsing, and add unit-test Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-03-29 11:44:14 +00:00
}
Parse runtime name Signed-off-by: Carlos de Paula <me@carlosedp.com>
2019-09-15 15:15:27 +00:00
return runtime, version, commit, err
Refactor "init" version parsing, and add unit-test Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-03-29 11:44:14 +00:00
}
allow running `dockerd` in an unprivileged user namespace (rootless mode) Please refer to `docs/rootless.md`. TLDR: * Make sure `/etc/subuid` and `/etc/subgid` contain the entry for you * `dockerd-rootless.sh --experimental` * `docker -H unix://$XDG_RUNTIME_DIR/docker.sock run ...` Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-10-15 07:52:53 +00:00
daemon: consolidate runtimes config validation The daemon has made a habit of mutating the DefaultRuntime and Runtimes values in the Config struct to merge defaults. This would be fine if it was a part of the regular configuration loading and merging process, as is done with other config options. The trouble is it does so in surprising places, such as in functions with 'verify' or 'validate' in their name. It has been necessary in order to validate that the user has not defined a custom runtime named "runc" which would shadow the built-in runtime of the same name. Other daemon code depends on the runtime named "runc" always being defined in the config, but merging it with the user config at the same time as the other defaults are merged would trip the validation. The root of the issue is that the daemon has used the same config values for both validating the daemon runtime configuration as supplied by the user and for keeping track of which runtimes have been set up by the daemon. Now that a completely separate value is used for the latter purpose, surprising contortions are no longer required to make the validation work as intended. Consolidate the validation of the runtimes config and merging of the built-in runtimes into the daemon.setupRuntimes() function. Set the result of merging the built-in runtimes config and default default runtime on the returned runtimes struct, without back-propagating it onto the config.Config argument. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-31 21:24:22 +00:00
func parseDefaultRuntimeVersion(rts *runtimes) (runtime, version, commit string, err error) {
shim, opts, err := rts.Get(rts.Default)
if err != nil {
return "", "", "", err
}
shimopts, ok := opts.(*v2runcoptions.Options)
if !ok {
return "", "", "", fmt.Errorf("%s: retrieving version not supported", shim)
}
rt := shimopts.BinaryName
if rt == "" {
rt = defaultRuntimeName
daemon: reload runtimes w/o breaking containers The existing runtimes reload logic went to great lengths to replace the directory containing runtime wrapper scripts as atomically as possible within the limitations of the Linux filesystem ABI. Trouble is, atomically swapping the wrapper scripts directory solves the wrong problem! The runtime configuration is "locked in" when a container is started, including the path to the runC binary. If a container is started with a runtime which requires a daemon-managed wrapper script and then the daemon is reloaded with a config which no longer requires the wrapper script (i.e. some args -> no args, or the runtime is dropped from the config), that container would become unmanageable. Any attempts to stop, exec or otherwise perform lifecycle management operations on the container are likely to fail due to the wrapper script no longer existing at its original path. Atomically swapping the wrapper scripts is also incompatible with the read-copy-update paradigm for reloading configuration. A handler in the daemon could retain a reference to the pre-reload configuration for an indeterminate amount of time after the daemon configuration has been reloaded and updated. It is possible for the daemon to attempt to start a container using a deleted wrapper script if a request to run a container races a reload. Solve the problem of deleting referenced wrapper scripts by ensuring that all wrapper scripts are *immutable* for the lifetime of the daemon process. Any given runtime wrapper script must always exist with the same contents, no matter how many times the daemon config is reloaded, or what changes are made to the config. This is accomplished by using everyone's favourite design pattern: content-addressable storage. Each wrapper script file name is suffixed with the SHA-256 digest of its contents to (probabilistically) guarantee immutability without needing any concurrency control. Stale runtime wrapper scripts are only cleaned up on the next daemon restart. Split the derived runtimes configuration from the user-supplied configuration to have a place to store derived state without mutating the user-supplied configuration or exposing daemon internals in API struct types. Hold the derived state and the user-supplied configuration in a single struct value so that they can be updated as an atomic unit. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-31 20:12:30 +00:00
}
daemon: consolidate runtimes config validation The daemon has made a habit of mutating the DefaultRuntime and Runtimes values in the Config struct to merge defaults. This would be fine if it was a part of the regular configuration loading and merging process, as is done with other config options. The trouble is it does so in surprising places, such as in functions with 'verify' or 'validate' in their name. It has been necessary in order to validate that the user has not defined a custom runtime named "runc" which would shadow the built-in runtime of the same name. Other daemon code depends on the runtime named "runc" always being defined in the config, but merging it with the user config at the same time as the other defaults are merged would trip the validation. The root of the issue is that the daemon has used the same config values for both validating the daemon runtime configuration as supplied by the user and for keeping track of which runtimes have been set up by the daemon. Now that a completely separate value is used for the latter purpose, surprising contortions are no longer required to make the validation work as intended. Consolidate the validation of the runtimes config and merging of the built-in runtimes into the daemon.setupRuntimes() function. Set the result of merging the built-in runtimes config and default default runtime on the returned runtimes struct, without back-propagating it onto the config.Config argument. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-31 21:24:22 +00:00
rv, err := exec.Command(rt, "--version").Output()
if err != nil {
return "", "", "", fmt.Errorf("failed to retrieve %s version: %w", rt, err)
}
runtime, version, commit, err = parseRuntimeVersion(string(rv))
if err != nil {
return "", "", "", fmt.Errorf("failed to parse %s version: %w", rt, err)
}
return runtime, version, commit, err
daemon: reload runtimes w/o breaking containers The existing runtimes reload logic went to great lengths to replace the directory containing runtime wrapper scripts as atomically as possible within the limitations of the Linux filesystem ABI. Trouble is, atomically swapping the wrapper scripts directory solves the wrong problem! The runtime configuration is "locked in" when a container is started, including the path to the runC binary. If a container is started with a runtime which requires a daemon-managed wrapper script and then the daemon is reloaded with a config which no longer requires the wrapper script (i.e. some args -> no args, or the runtime is dropped from the config), that container would become unmanageable. Any attempts to stop, exec or otherwise perform lifecycle management operations on the container are likely to fail due to the wrapper script no longer existing at its original path. Atomically swapping the wrapper scripts is also incompatible with the read-copy-update paradigm for reloading configuration. A handler in the daemon could retain a reference to the pre-reload configuration for an indeterminate amount of time after the daemon configuration has been reloaded and updated. It is possible for the daemon to attempt to start a container using a deleted wrapper script if a request to run a container races a reload. Solve the problem of deleting referenced wrapper scripts by ensuring that all wrapper scripts are *immutable* for the lifetime of the daemon process. Any given runtime wrapper script must always exist with the same contents, no matter how many times the daemon config is reloaded, or what changes are made to the config. This is accomplished by using everyone's favourite design pattern: content-addressable storage. Each wrapper script file name is suffixed with the SHA-256 digest of its contents to (probabilistically) guarantee immutability without needing any concurrency control. Stale runtime wrapper scripts are only cleaned up on the next daemon restart. Split the derived runtimes configuration from the user-supplied configuration to have a place to store derived state without mutating the user-supplied configuration or exposing daemon internals in API struct types. Hold the derived state and the user-supplied configuration in a single struct value so that they can be updated as an atomic unit. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-31 20:12:30 +00:00
}
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
func cgroupNamespacesEnabled(sysInfo *sysinfo.SysInfo, cfg *config.Config) bool {
return sysInfo.CgroupNamespaces && containertypes.CgroupnsMode(cfg.CgroupNamespaceMode).IsPrivate()
Make cgroup namespaces configurable This adds both a daemon-wide flag and a container creation property: - Set the `CgroupnsMode: "host|private"` HostConfig property at container creation time to control what cgroup namespace the container is created in - Set the `--default-cgroupns-mode=host|private` daemon flag to control what cgroup namespace containers are created in by default - Set the default if the daemon flag is unset to "host", for backward compatibility - Default to CgroupnsMode: "host" for client versions < 1.40 Signed-off-by: Rob Gulewich <rgulewich@netflix.com>
2019-03-15 03:44:18 +00:00
}
builder-next: fixes for rootless mode Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-02-28 08:12:55 +00:00
// Rootless returns true if daemon is running in rootless mode
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
func Rootless(cfg *config.Config) bool {
return cfg.Rootless
allow running `dockerd` in an unprivileged user namespace (rootless mode) Please refer to `docs/rootless.md`. TLDR: * Make sure `/etc/subuid` and `/etc/subgid` contain the entry for you * `dockerd-rootless.sh --experimental` * `docker -H unix://$XDG_RUNTIME_DIR/docker.sock run ...` Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-10-15 07:52:53 +00:00
}
Add no-new-privileges to SecurityOptions returned by /info Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-04-13 11:27:59 +00:00
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
func noNewPrivileges(cfg *config.Config) bool {
return cfg.NoNewPrivileges
Add no-new-privileges to SecurityOptions returned by /info Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-04-13 11:27:59 +00:00
}
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
func (daemon *Daemon) populateContainerdCommit(ctx context.Context, v *system.Commit) error {
rv, err := daemon.containerd.Version(ctx)
if err != nil {
if errdefs.IsContext(err) {
return err
}
log.G(ctx).WithError(err).Warnf("Failed to retrieve containerd version")
return nil
}
v.ID = rv.Revision
v.Expected = rv.Revision
return nil
}
func (daemon *Daemon) populateContainerdVersion(ctx context.Context, v *types.Version) error {
rv, err := daemon.containerd.Version(ctx)
if err != nil {
if errdefs.IsContext(err) {
return err
}
log.G(ctx).WithError(err).Warn("Failed to retrieve containerd version")
return nil
}
v.Components = append(v.Components, types.ComponentVersion{
Name: "containerd",
Version: rv.Version,
Details: map[string]string{
"GitCommit": rv.Revision,
},
})
return nil
}
func populateRuncVersion(cfg *configStore, v *types.Version) error {
_, ver, commit, err := parseDefaultRuntimeVersion(&cfg.Runtimes)
if err != nil {
return err
}
v.Components = append(v.Components, types.ComponentVersion{
Name: cfg.Runtimes.Default,
Version: ver,
Details: map[string]string{
"GitCommit": commit,
},
})
return nil
}
func populateInitVersion(ctx context.Context, cfg *configStore, v *types.Version) error {
initBinary, err := cfg.LookupInitPath()
if err != nil {
log.G(ctx).WithError(err).Warn("Failed to find docker-init")
return nil
}
rv, err := exec.CommandContext(ctx, initBinary, "--version").Output()
if err != nil {
if errdefs.IsContext(err) {
return err
}
log.G(ctx).WithError(err).Warnf("Failed to retrieve %s version", initBinary)
return nil
}
ver, commit, err := parseInitVersion(string(rv))
if err != nil {
log.G(ctx).WithError(err).Warnf("failed to parse %s version", initBinary)
return nil
}
v.Components = append(v.Components, types.ComponentVersion{
Name: filepath.Base(initBinary),
Version: ver,
Details: map[string]string{
"GitCommit": commit,
},
})
return nil
}
docker info: expose runtime features ("rro" mount mode, etc.) Fix issue 46580 ```console $ curl -s --unix-socket /var/run/docker.sock http://docker/v1.44/info | jq .Runtimes { "crun": { "path": "/usr/local/bin/crun", "status": { "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",...}" } }, "io.containerd.runc.v2": { "path": "runc", "status": { "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",...}" } }, "runc": { "path": "runc", "status": { "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",...}" } }, "runsc": { "path": "/usr/local/bin/runsc" } } ``` Co-authored-by: Sebastiaan van Stijn <github@gone.nl> Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-10-15 14:51:11 +00:00
typo fixes follow-up to 9e6d012e9c44e20ea4ea30c641a707208cd54173 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-15 14:51:11 +00:00
// ociRuntimeFeaturesKey is the "well-known" key used for including the
docker info: expose runtime features ("rro" mount mode, etc.) Fix issue 46580 ```console $ curl -s --unix-socket /var/run/docker.sock http://docker/v1.44/info | jq .Runtimes { "crun": { "path": "/usr/local/bin/crun", "status": { "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",...}" } }, "io.containerd.runc.v2": { "path": "runc", "status": { "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",...}" } }, "runc": { "path": "runc", "status": { "org.opencontainers.runtime-spec.features": "{\"ociVersionMin\":\"1.0.0\",...}" } }, "runsc": { "path": "/usr/local/bin/runsc" } } ``` Co-authored-by: Sebastiaan van Stijn <github@gone.nl> Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-10-15 14:51:11 +00:00
// OCI runtime spec "features" struct.
//
// see https://github.com/opencontainers/runtime-spec/blob/main/features.md
const ociRuntimeFeaturesKey = "org.opencontainers.runtime-spec.features"
func (daemon *Daemon) runtimeStatus(ctx context.Context, cfg *configStore, runtimeName string) map[string]string {
m := make(map[string]string)
if runtimeName == "" {
runtimeName = cfg.Runtimes.Default
}
if features := cfg.Runtimes.Features(runtimeName); features != nil {
if j, err := json.Marshal(features); err == nil {
m[ociRuntimeFeaturesKey] = string(j)
} else {
log.G(ctx).WithFields(log.Fields{"error": err, "runtime": runtimeName}).Warn("Failed to call json.Marshal for the OCI features struct of runtime")
}
}
return m
}
Reference in a new issue Copy permalink