beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
moby/daemon/info.go

366 lines
12 KiB
Go
Raw Normal View History

add //go:build directives to prevent downgrading to go1.16 language This repository is not yet a module (i.e., does not have a `go.mod`). This is not problematic when building the code in GOPATH or "vendor" mode, but when using the code as a module-dependency (in module-mode), different semantics are applied since Go1.21, which switches Go _language versions_ on a per-module, per-package, or even per-file base. A condensed summary of that logic [is as follows][1]: - For modules that have a go.mod containing a go version directive; that version is considered a minimum _required_ version (starting with the go1.19.13 and go1.20.8 patch releases: before those, it was only a recommendation). - For dependencies that don't have a go.mod (not a module), go language version go1.16 is assumed. - Likewise, for modules that have a go.mod, but the file does not have a go version directive, go language version go1.16 is assumed. - If a go.work file is present, but does not have a go version directive, language version go1.17 is assumed. When switching language versions, Go _downgrades_ the language version, which means that language features (such as generics, and `any`) are not available, and compilation fails. For example: # github.com/docker/cli/cli/context/store /go/pkg/mod/github.com/docker/cli@v25.0.0-beta.2+incompatible/cli/context/store/storeconfig.go:6:24: predeclared any requires go1.18 or later (-lang was set to go1.16; check go.mod) /go/pkg/mod/github.com/docker/cli@v25.0.0-beta.2+incompatible/cli/context/store/store.go:74:12: predeclared any requires go1.18 or later (-lang was set to go1.16; check go.mod) Note that these fallbacks are per-module, per-package, and can even be per-file, so _(indirect) dependencies_ can still use modern language features, as long as their respective go.mod has a version specified. Unfortunately, these failures do not occur when building locally (using vendor / GOPATH mode), but will affect consumers of the module. Obviously, this situation is not ideal, and the ultimate solution is to move to go modules (add a go.mod), but this comes with a non-insignificant risk in other areas (due to our complex dependency tree). We can revert to using go1.16 language features only, but this may be limiting, and may still be problematic when (e.g.) matching signatures of dependencies. There is an escape hatch: adding a `//go:build` directive to files that make use of go language features. From the [go toolchain docs][2]: > The go line for each module sets the language version the compiler enforces > when compiling packages in that module. The language version can be changed > on a per-file basis by using a build constraint. > > For example, a module containing code that uses the Go 1.21 language version > should have a `go.mod` file with a go line such as `go 1.21` or `go 1.21.3`. > If a specific source file should be compiled only when using a newer Go > toolchain, adding `//go:build go1.22` to that source file both ensures that > only Go 1.22 and newer toolchains will compile the file and also changes > the language version in that file to Go 1.22. This patch adds `//go:build` directives to those files using recent additions to the language. It's currently using go1.19 as version to match the version in our "vendor.mod", but we can consider being more permissive ("any" requires go1.18 or up), or more "optimistic" (force go1.21, which is the version we currently use to build). For completeness sake, note that any file _without_ a `//go:build` directive will continue to use go1.16 language version when used as a module. [1]: https://github.com/golang/go/blob/58c28ba286dd0e98fe4cca80f5d64bbcb824a685/src/cmd/go/internal/gover/version.go#L9-L56 [2]: https://go.dev/doc/toolchain Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-15 13:26:31 +00:00
// FIXME(thaJeztah): remove once we are a module; the go:build directive prevents go from downgrading language version to go1.16:
//go:build go1.19
Add canonical import comment Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-05 21:05:59 +00:00
package daemon // import "github.com/docker/docker/daemon"
Move "info" to daemon/info.go Signed-off-by: Solomon Hykes <solomon@docker.com>
2014-08-08 03:01:55 +00:00
import (
Switch all logging to use containerd log pkg This unifies our logging and allows us to propagate logging and trace contexts together. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-06-23 00:33:17 +00:00
"context"
api: types: keep info.SecurityOptions a string slice Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-16 21:30:29 +00:00
"fmt"
Move "info" to daemon/info.go Signed-off-by: Solomon Hykes <solomon@docker.com>
2014-08-08 03:01:55 +00:00
"os"
"runtime"
LCOW: Move daemon stores to per platform Signed-off-by: John Howard <jhoward@microsoft.com>
2017-05-16 23:56:56 +00:00
"strings"
Add system time to /info This change adds daemon's system time as RFC3339Nano to the `/info` endpoint and shows in a more readable format (UnixDate) in `docker -D info` output. I will be using this to fix the clock skew between the remote test host and the CI machines running `docker events`-related tests as they're using `--since` and `--until` and the timestamps are not matching when daemon is not on the same machine. Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
2015-03-10 18:25:47 +00:00
"time"
Move "info" to daemon/info.go Signed-off-by: Solomon Hykes <solomon@docker.com>
2014-08-08 03:01:55 +00:00
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
"github.com/containerd/containerd/tracing"
migrate to github.com/containerd/log v0.1.0 The github.com/containerd/containerd/log package was moved to a separate module, which will also be used by upcoming (patch) releases of containerd. This patch moves our own uses of the package to use the new module. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-13 15:41:45 +00:00
"github.com/containerd/log"
Adds minimum API version to version Signed-off-by: John Howard <jhoward@microsoft.com>
2016-11-02 17:04:39 +00:00
"github.com/docker/docker/api"
Add engine-api types to docker This moves the types for the `engine-api` repo to the existing types package. Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-09-06 18:18:12 +00:00
"github.com/docker/docker/api/types"
api/types: move system info types to api/types/system Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-03 11:14:14 +00:00
"github.com/docker/docker/api/types/system"
Move debug functions to cli/debug package Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-12-12 08:33:58 +00:00
"github.com/docker/docker/cli/debug"
Configure shims from runtime config In dockerd we already have a concept of a "runtime", which specifies the OCI runtime to use (e.g. runc). This PR extends that config to add containerd shim configuration. This option is only exposed within the daemon itself (cannot be configured in daemon.json). This is due to issues in supporting unknown shims which will require more design work. What this change allows us to do is keep all the runtime config in one place. So the default "runc" runtime will just have it's already existing shim config codified within the runtime config alone. I've also added 2 more "stock" runtimes which are basically runc+shimv1 and runc+shimv2. These new runtime configurations are: - io.containerd.runtime.v1.linux - runc + v1 shim using the V1 shim API - io.containerd.runc.v2 - runc + shim v2 These names coincide with the actual names of the containerd shims. This allows the user to essentially control what shim is going to be used by either specifying these as a `--runtime` on container create or by setting `--default-runtime` on the daemon. For custom/user-specified runtimes, the default shim config (currently shim v1) is used. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-07-07 20:33:46 +00:00
"github.com/docker/docker/daemon/config"
Add logdrivers to /info This is required for swarmkit to be able to filter based on log driver. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-04-11 21:21:21 +00:00
"github.com/docker/docker/daemon/logger"
dockerversion placeholder for library import - Add a *version* file placeholder. - Update autogen and builds to use it and an autogen build flag Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-11-09 18:32:46 +00:00
"github.com/docker/docker/dockerversion"
Refactor utils/utils, fixes #11923 Signed-off-by: Antonio Murdaca <me@runcom.ninja>
2015-03-29 21:17:23 +00:00
"github.com/docker/docker/pkg/fileutils"
pkg/sysinfo: move MemInfo and ReadMemInfo to a separate package Commit 6a516acb2e720b7a01d27c7df9cfe9857c013308 moved the MemInfo type and ReadMemInfo() function into the pkg/sysinfo package. In an attempt to assist consumers of these to migrate to the new location, an alias was added. Unfortunately, the side effect of this alias is that pkg/system now depends on pkg/sysinfo, which means that consumers of this (such as docker/cli) now get all (indirect) dependencies of that package as dependency, which includes many dependencies that should only be needed for the daemon / runtime; - github.com/cilium/ebpf - github.com/containerd/cgroups - github.com/coreos/go-systemd/v22 - github.com/godbus/dbus/v5 - github.com/moby/sys/mountinfo - github.com/opencontainers/runtime-spec This patch moves the MemInfo related code to its own package. As the previous move was not yet part of a release, we're not adding new aliases in pkg/sysinfo. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-14 22:21:27 +00:00
"github.com/docker/docker/pkg/meminfo"
Move "info" to daemon/info.go Signed-off-by: Solomon Hykes <solomon@docker.com>
2014-08-08 03:01:55 +00:00
"github.com/docker/docker/pkg/parsers/kernel"
"github.com/docker/docker/pkg/parsers/operatingsystem"
Add pkg/parsers/architecture and pkg/platform Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-11-14 22:03:02 +00:00
"github.com/docker/docker/pkg/platform"
Move sysinfo out of daemon struct sysinfo struct was initialized at daemon startup to make sure kernel configs such as device cgroup are present and error out if not. The struct was embedded in daemon struct making impossible to detect if some system config is changed at daemon runtime (i.e. someone umount the memory cgroup). This leads to container's starts failure if some config is changed at daemon runtime. This patch moves sysinfo out of daemon and initilize and check it when needed (daemon startup, containers creation, contaienrs startup for now). Signed-off-by: Antonio Murdaca <runcom@linux.com> (cherry picked from commit 472b6f66e03f9a85fe8d23098dac6f55a87456d8)
2015-08-06 11:54:48 +00:00
"github.com/docker/docker/pkg/sysinfo"
Move "info" to daemon/info.go Signed-off-by: Solomon Hykes <solomon@docker.com>
2014-08-08 03:01:55 +00:00
"github.com/docker/docker/registry"
goimports: fix imports Format the source according to latest goimports. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-08-05 14:37:47 +00:00
metrics "github.com/docker/go-metrics"
vendor: opencontainers/selinux v1.8.0, and remove selinux build-tag and stubs full diff: https://github.com/opencontainers/selinux/compare/v1.7.0...v1.8.0 Remove "selinux" build tag Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-14 10:46:58 +00:00
"github.com/opencontainers/selinux/go-selinux"
Move "info" to daemon/info.go Signed-off-by: Solomon Hykes <solomon@docker.com>
2014-08-08 03:01:55 +00:00
)
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
func doWithTrace[T any](ctx context.Context, name string, f func() T) T {
_, span := tracing.StartSpan(ctx, name)
defer span.End()
return f()
}
golint fixes for daemon/ package - some method names were changed to have a 'Locking' suffix, as the downcased versions already existed, and the existing functions simply had locks around the already downcased version. - deleting unused functions - package comment - magic numbers replaced by golang constants - comments all over Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
2015-07-30 21:01:53 +00:00
// SystemInfo returns information about the host server the daemon is running on.
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
//
// The only error this should return is due to context cancellation/deadline.
// Anything else should be logged and ignored because this is looking up
// multiple things and is often used for debugging.
// The only case valid early return is when the caller doesn't want the result anymore (ie context cancelled).
func (daemon *Daemon) SystemInfo(ctx context.Context) (*system.Info, error) {
Adding OS version info to the nodes' `Info` struct This is needed so that we can add OS version constraints in Swarmkit, which does require the engine to report its host's OS version (see https://github.com/docker/swarmkit/issues/2770). The OS version is parsed from the `os-release` file on Linux, and from the `ReleaseId` string value of the `SOFTWARE\Microsoft\Windows NT\CurrentVersion` registry key on Windows. Added unit tests when possible, as well as Prometheus metrics. Signed-off-by: Jean Rouge <rougej+github@gmail.com>
2019-05-30 16:51:41 +00:00
defer metrics.StartTimer(hostInfoFunctions.WithValues("system_info"))()
pkg/sysinfo.New(), daemon.RawSysInfo(): remove "quiet" argument The "quiet" argument was only used in a single place (at daemon startup), and every other use had to pass "false" to prevent this function from logging warnings. Now that SysInfo contains the warnings that occurred when collecting the system information, we can make leave it up to the caller to use those warnings (and log them if wanted). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-14 14:45:02 +00:00
sysInfo := daemon.RawSysInfo()
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
cfg := daemon.config()
Added additional container information to "docker info". Instead of just showing the number of containers this patch will show the number of running, paused and stopped containers as well. Signed-off-by: Kim Eik <kim@heldig.org> (cherry picked from commit a9804ab1cb117a132cbf460067d55f5146d50956)
2015-10-27 20:12:33 +00:00
api/types: move system info types to api/types/system Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-03 11:14:14 +00:00
v := &system.Info{
daemon: unexport Daemon.ID and Daemon.RegistryService These are used internally only, and set by daemon.NewDaemon(). If they're used externally, we should add an accessor added (which may be something we want to do for daemon.registryService (which should be its own backend) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-02 10:43:33 +00:00
ID: daemon.id,
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
Images: daemon.imageService.CountImages(ctx),
Move sysinfo out of daemon struct sysinfo struct was initialized at daemon startup to make sure kernel configs such as device cgroup are present and error out if not. The struct was embedded in daemon struct making impossible to detect if some system config is changed at daemon runtime (i.e. someone umount the memory cgroup). This leads to container's starts failure if some config is changed at daemon runtime. This patch moves sysinfo out of daemon and initilize and check it when needed (daemon startup, containers creation, contaienrs startup for now). Signed-off-by: Antonio Murdaca <runcom@linux.com> (cherry picked from commit 472b6f66e03f9a85fe8d23098dac6f55a87456d8)
2015-08-06 11:54:48 +00:00
IPv4Forwarding: !sysInfo.IPv4ForwardingDisabled,
Match case for variables in sysinfo pkg I noticied an inconsistency when reviewing docker/pull/20692. Changing Ip to IP and Nf to NF. More info: The golang folks recommend that you keep the initials consistent: https://github.com/golang/go/wiki/CodeReviewComments#initialisms. Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
2016-02-26 18:47:43 +00:00
BridgeNfIptables: !sysInfo.BridgeNFCallIPTablesDisabled,
BridgeNfIP6tables: !sysInfo.BridgeNFCallIP6TablesDisabled,
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
Name: hostName(ctx),
Remove Job from Info API Two main things - Create a real struct Info for all of the data with the proper types - Add test for REST API get info Signed-off-by: Hu Keping <hukeping@huawei.com>
2015-04-10 17:26:30 +00:00
SystemTime: time.Now().Format(time.RFC3339Nano),
LoggingDriver: daemon.defaultLogConfig.Type,
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
KernelVersion: kernelVersion(ctx),
OperatingSystem: operatingSystem(ctx),
OSVersion: osVersion(ctx),
Improve documentation and golint compliance of registry package * Add godoc documentation where it was missing * Change identifier names that don't match Go style, such as INDEX_NAME * Rename RegistryInfo to PingResult, which more accurately describes what this structure is for. It also has the benefit of making the name not stutter if used outside the package. Updates #14756 Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-21 19:40:36 +00:00
IndexServerAddress: registry.IndexServer,
pkg/platform: deprecate OSType in favor or runtime.GOOS This const looks to only be there for "convenience", or _possibly_ was created with future normalization or special handling in mind. In either case, currently it is just a direct copy (alias) for runtime.GOOS, and defining our own type for this gives the impression that it's more than that. It's only used in a single place, and there's no external consumers, so let's deprecate this const, and use runtime.GOOS instead. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-08 12:40:57 +00:00
OSType: runtime.GOOS,
Add pkg/parsers/architecture and pkg/platform Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-11-14 22:03:02 +00:00
Architecture: platform.Architecture,
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
RegistryConfig: doWithTrace(ctx, "registry.ServiceConfig", daemon.registryService.ServiceConfig),
NCPU: doWithTrace(ctx, "sysinfo.NumCPU", sysinfo.NumCPU),
MemTotal: memInfo(ctx).MemTotal,
Added support for Generic Resources Signed-off-by: Renaud Gaubert <rgaubert@nvidia.com>
2017-05-31 00:02:11 +00:00
GenericResources: daemon.genericResources,
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
DockerRootDir: cfg.Root,
Labels: cfg.Labels,
ExperimentalBuild: cfg.Experimental,
dockerversion placeholder for library import - Add a *version* file placeholder. - Update autogen and builds to use it and an autogen build flag Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-11-09 18:32:46 +00:00
ServerVersion: dockerversion.Version,
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
HTTPProxy: config.MaskCredentials(getConfigOrEnv(cfg.HTTPProxy, "HTTP_PROXY", "http_proxy")),
HTTPSProxy: config.MaskCredentials(getConfigOrEnv(cfg.HTTPSProxy, "HTTPS_PROXY", "https_proxy")),
NoProxy: getConfigOrEnv(cfg.NoProxy, "NO_PROXY", "no_proxy"),
LiveRestoreEnabled: cfg.LiveRestoreEnabled,
Add isolation to info Signed-off-by: John Howard <jhoward@microsoft.com>
2016-09-07 22:10:00 +00:00
Isolation: daemon.defaultIsolation,
Add CDISpecDirs to Info output This change adds the configured CDI spec directories to the system info output. Signed-off-by: Evan Lezar <elezar@nvidia.com>
2023-07-17 23:50:08 +00:00
CDISpecDirs: promoteNil(cfg.CDISpecDirs),
Remove Job from Info API Two main things - Create a real struct Info for all of the data with the proper types - Add test for REST API get info Signed-off-by: Hu Keping <hukeping@huawei.com>
2015-04-10 17:26:30 +00:00
}
daemon: SystemInfo() extract container counts to a helper function This makes it more inline with other data we collect, and can be used to make some info optional at some point. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-15 18:19:30 +00:00
daemon.fillContainerStates(v)
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
daemon.fillDebugInfo(ctx, v)
daemon: reload runtimes w/o breaking containers The existing runtimes reload logic went to great lengths to replace the directory containing runtime wrapper scripts as atomically as possible within the limitations of the Linux filesystem ABI. Trouble is, atomically swapping the wrapper scripts directory solves the wrong problem! The runtime configuration is "locked in" when a container is started, including the path to the runC binary. If a container is started with a runtime which requires a daemon-managed wrapper script and then the daemon is reloaded with a config which no longer requires the wrapper script (i.e. some args -> no args, or the runtime is dropped from the config), that container would become unmanageable. Any attempts to stop, exec or otherwise perform lifecycle management operations on the container are likely to fail due to the wrapper script no longer existing at its original path. Atomically swapping the wrapper scripts is also incompatible with the read-copy-update paradigm for reloading configuration. A handler in the daemon could retain a reference to the pre-reload configuration for an indeterminate amount of time after the daemon configuration has been reloaded and updated. It is possible for the daemon to attempt to start a container using a deleted wrapper script if a request to run a container races a reload. Solve the problem of deleting referenced wrapper scripts by ensuring that all wrapper scripts are *immutable* for the lifetime of the daemon process. Any given runtime wrapper script must always exist with the same contents, no matter how many times the daemon config is reloaded, or what changes are made to the config. This is accomplished by using everyone's favourite design pattern: content-addressable storage. Each wrapper script file name is suffixed with the SHA-256 digest of its contents to (probabilistically) guarantee immutability without needing any concurrency control. Stale runtime wrapper scripts are only cleaned up on the next daemon restart. Split the derived runtimes configuration from the user-supplied configuration to have a place to store derived state without mutating the user-supplied configuration or exposing daemon internals in API struct types. Hold the derived state and the user-supplied configuration in a single struct value so that they can be updated as an atomic unit. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-31 20:12:30 +00:00
daemon.fillAPIInfo(v, &cfg.Config)
Remove extra binaries commit variables from windows build Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-11-11 16:02:23 +00:00
// Retrieve platform specific info
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
if err := daemon.fillPlatformInfo(ctx, v, sysInfo, cfg); err != nil {
return nil, err
}
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
daemon.fillDriverInfo(v)
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
daemon.fillPluginsInfo(ctx, v, &cfg.Config)
daemon: reload runtimes w/o breaking containers The existing runtimes reload logic went to great lengths to replace the directory containing runtime wrapper scripts as atomically as possible within the limitations of the Linux filesystem ABI. Trouble is, atomically swapping the wrapper scripts directory solves the wrong problem! The runtime configuration is "locked in" when a container is started, including the path to the runC binary. If a container is started with a runtime which requires a daemon-managed wrapper script and then the daemon is reloaded with a config which no longer requires the wrapper script (i.e. some args -> no args, or the runtime is dropped from the config), that container would become unmanageable. Any attempts to stop, exec or otherwise perform lifecycle management operations on the container are likely to fail due to the wrapper script no longer existing at its original path. Atomically swapping the wrapper scripts is also incompatible with the read-copy-update paradigm for reloading configuration. A handler in the daemon could retain a reference to the pre-reload configuration for an indeterminate amount of time after the daemon configuration has been reloaded and updated. It is possible for the daemon to attempt to start a container using a deleted wrapper script if a request to run a container races a reload. Solve the problem of deleting referenced wrapper scripts by ensuring that all wrapper scripts are *immutable* for the lifetime of the daemon process. Any given runtime wrapper script must always exist with the same contents, no matter how many times the daemon config is reloaded, or what changes are made to the config. This is accomplished by using everyone's favourite design pattern: content-addressable storage. Each wrapper script file name is suffixed with the SHA-256 digest of its contents to (probabilistically) guarantee immutability without needing any concurrency control. Stale runtime wrapper scripts are only cleaned up on the next daemon restart. Split the derived runtimes configuration from the user-supplied configuration to have a place to store derived state without mutating the user-supplied configuration or exposing daemon internals in API struct types. Hold the derived state and the user-supplied configuration in a single struct value so that they can be updated as an atomic unit. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-31 20:12:30 +00:00
daemon.fillSecurityOptions(v, sysInfo, &cfg.Config)
Expose license status in Info (#37612) * Expose license status in Info This wires up a new field in the Info payload that exposes the license. For moby this is hardcoded to always report a community edition. Downstream enterprise dockerd will have additional licensing logic wired into this function to report details about the current license status. Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com> * Code review comments Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com> * Add windows autogen support Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2018-08-18 00:05:21 +00:00
daemon.fillLicense(v)
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
daemon.fillDefaultAddressPools(ctx, v, &cfg.Config)
Remove Job from Info API Two main things - Create a real struct Info for all of the data with the proper types - Add test for REST API get info Signed-off-by: Hu Keping <hukeping@huawei.com>
2015-04-10 17:26:30 +00:00
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
return v, nil
Move "info" to daemon/info.go Signed-off-by: Solomon Hykes <solomon@docker.com>
2014-08-08 03:01:55 +00:00
}
Supported added for reterving Plugin list for Network and Volume. Also, plugin information in docker info output. Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
2015-10-23 06:08:26 +00:00
Move docker system information to a dedicated router and backend. Because I like the name `system` better than `local` :) Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-03 18:11:19 +00:00
// SystemVersion returns version information about the daemon.
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
//
// The only error this should return is due to context cancellation/deadline.
// Anything else should be logged and ignored because this is looking up
// multiple things and is often used for debugging.
// The only case valid early return is when the caller doesn't want the result anymore (ie context cancelled).
func (daemon *Daemon) SystemVersion(ctx context.Context) (types.Version, error) {
Adding OS version info to the nodes' `Info` struct This is needed so that we can add OS version constraints in Swarmkit, which does require the engine to report its host's OS version (see https://github.com/docker/swarmkit/issues/2770). The OS version is parsed from the `os-release` file on Linux, and from the `ReleaseId` string value of the `SOFTWARE\Microsoft\Windows NT\CurrentVersion` registry key on Windows. Added unit tests when possible, as well as Prometheus metrics. Signed-off-by: Jean Rouge <rougej+github@gmail.com>
2019-05-30 16:51:41 +00:00
defer metrics.StartTimer(hostInfoFunctions.WithValues("system_version"))()
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
kernelVersion := kernelVersion(ctx)
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
cfg := daemon.config()
api: generalize version information to any platform component This change adds a Platform struct with a Name field and a general Components field to the Version API type. This will allow API consumers to show version information for the whole platform and it will allow API providers to set the versions for the various components of the platform. All changes here are backwards compatible. Signed-off-by: Tibor Vass <tibor@docker.com>
2017-12-05 14:29:37 +00:00
Move docker system information to a dedicated router and backend. Because I like the name `system` better than `local` :) Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-03 18:11:19 +00:00
v := types.Version{
api: generalize version information to any platform component This change adds a Platform struct with a Name field and a general Components field to the Version API type. This will allow API consumers to show version information for the whole platform and it will allow API providers to set the versions for the various components of the platform. All changes here are backwards compatible. Signed-off-by: Tibor Vass <tibor@docker.com>
2017-12-05 14:29:37 +00:00
Components: []types.ComponentVersion{
{
Name: "Engine",
Version: dockerversion.Version,
Details: map[string]string{
"GitCommit": dockerversion.GitCommit,
"ApiVersion": api.DefaultVersion,
daemon: raise default minimum API version to v1.24 The daemon currently provides support for API versions all the way back to v1.12, which is the version of the API that shipped with docker 1.0. On Windows, the minimum supported version is v1.24. Such old versions of the client are rare, and supporting older API versions has accumulated significant amounts of code to remain backward-compatible (which is largely untested, and a "best-effort" at most). This patch updates the minimum API version to v1.24, which is the fallback API version used when API-version negotiation fails. The intent is to start deprecating older API versions, but no code is removed yet as part of this patch, and a DOCKER_MIN_API_VERSION environment variable is added, which allows overriding the minimum version (to allow restoring the behavior from before this patch). With this patch the daemon defaults to API v1.24 as minimum: docker version Client: Version: 24.0.2 API version: 1.43 Go version: go1.20.4 Git commit: cb74dfc Built: Thu May 25 21:50:49 2023 OS/Arch: linux/arm64 Context: default Server: Engine: Version: dev API version: 1.44 (minimum version 1.24) Go version: go1.21.3 Git commit: 0322a29b9ef8806aaa4b45dc9d9a2ebcf0244bf4 Built: Mon Dec 4 15:22:17 2023 OS/Arch: linux/arm64 Experimental: false containerd: Version: v1.7.9 GitCommit: 4f03e100cb967922bec7459a78d16ccbac9bb81d runc: Version: 1.1.10 GitCommit: v1.1.10-0-g18a0cb0 docker-init: Version: 0.19.0 GitCommit: de40ad0 Trying to use an older version of the API produces an error: DOCKER_API_VERSION=1.23 docker version Client: Version: 24.0.2 API version: 1.23 (downgraded from 1.43) Go version: go1.20.4 Git commit: cb74dfc Built: Thu May 25 21:50:49 2023 OS/Arch: linux/arm64 Context: default Error response from daemon: client version 1.23 is too old. Minimum supported API version is 1.24, please upgrade your client to a newer version To restore the previous minimum, users can start the daemon with the DOCKER_MIN_API_VERSION environment variable set: DOCKER_MIN_API_VERSION=1.12 dockerd API 1.12 is the oldest supported API version on Linux; docker version Client: Version: 24.0.2 API version: 1.43 Go version: go1.20.4 Git commit: cb74dfc Built: Thu May 25 21:50:49 2023 OS/Arch: linux/arm64 Context: default Server: Engine: Version: dev API version: 1.44 (minimum version 1.12) Go version: go1.21.3 Git commit: 0322a29b9ef8806aaa4b45dc9d9a2ebcf0244bf4 Built: Mon Dec 4 15:22:17 2023 OS/Arch: linux/arm64 Experimental: false containerd: Version: v1.7.9 GitCommit: 4f03e100cb967922bec7459a78d16ccbac9bb81d runc: Version: 1.1.10 GitCommit: v1.1.10-0-g18a0cb0 docker-init: Version: 0.19.0 GitCommit: de40ad0 When using the `DOCKER_MIN_API_VERSION` with a version of the API that is not supported, an error is produced when starting the daemon; DOCKER_MIN_API_VERSION=1.11 dockerd --validate invalid DOCKER_MIN_API_VERSION: minimum supported API version is 1.12: 1.11 DOCKER_MIN_API_VERSION=1.45 dockerd --validate invalid DOCKER_MIN_API_VERSION: maximum supported API version is 1.44: 1.45 Specifying a malformed API version also produces the same error; DOCKER_MIN_API_VERSION=hello dockerd --validate invalid DOCKER_MIN_API_VERSION: minimum supported API version is 1.12: hello Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-04 12:44:21 +00:00
"MinAPIVersion": cfg.MinAPIVersion,
api: generalize version information to any platform component This change adds a Platform struct with a Name field and a general Components field to the Version API type. This will allow API consumers to show version information for the whole platform and it will allow API providers to set the versions for the various components of the platform. All changes here are backwards compatible. Signed-off-by: Tibor Vass <tibor@docker.com>
2017-12-05 14:29:37 +00:00
"GoVersion": runtime.Version(),
"Os": runtime.GOOS,
"Arch": runtime.GOARCH,
"BuildTime": dockerversion.BuildTime,
"KernelVersion": kernelVersion,
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
"Experimental": fmt.Sprintf("%t", cfg.Experimental),
api: generalize version information to any platform component This change adds a Platform struct with a Name field and a general Components field to the Version API type. This will allow API consumers to show version information for the whole platform and it will allow API providers to set the versions for the various components of the platform. All changes here are backwards compatible. Signed-off-by: Tibor Vass <tibor@docker.com>
2017-12-05 14:29:37 +00:00
},
},
},
// Populate deprecated fields for older clients
Adds minimum API version to version Signed-off-by: John Howard <jhoward@microsoft.com>
2016-11-02 17:04:39 +00:00
Version: dockerversion.Version,
GitCommit: dockerversion.GitCommit,
api: generalize version information to any platform component This change adds a Platform struct with a Name field and a general Components field to the Version API type. This will allow API consumers to show version information for the whole platform and it will allow API providers to set the versions for the various components of the platform. All changes here are backwards compatible. Signed-off-by: Tibor Vass <tibor@docker.com>
2017-12-05 14:29:37 +00:00
APIVersion: api.DefaultVersion,
daemon: raise default minimum API version to v1.24 The daemon currently provides support for API versions all the way back to v1.12, which is the version of the API that shipped with docker 1.0. On Windows, the minimum supported version is v1.24. Such old versions of the client are rare, and supporting older API versions has accumulated significant amounts of code to remain backward-compatible (which is largely untested, and a "best-effort" at most). This patch updates the minimum API version to v1.24, which is the fallback API version used when API-version negotiation fails. The intent is to start deprecating older API versions, but no code is removed yet as part of this patch, and a DOCKER_MIN_API_VERSION environment variable is added, which allows overriding the minimum version (to allow restoring the behavior from before this patch). With this patch the daemon defaults to API v1.24 as minimum: docker version Client: Version: 24.0.2 API version: 1.43 Go version: go1.20.4 Git commit: cb74dfc Built: Thu May 25 21:50:49 2023 OS/Arch: linux/arm64 Context: default Server: Engine: Version: dev API version: 1.44 (minimum version 1.24) Go version: go1.21.3 Git commit: 0322a29b9ef8806aaa4b45dc9d9a2ebcf0244bf4 Built: Mon Dec 4 15:22:17 2023 OS/Arch: linux/arm64 Experimental: false containerd: Version: v1.7.9 GitCommit: 4f03e100cb967922bec7459a78d16ccbac9bb81d runc: Version: 1.1.10 GitCommit: v1.1.10-0-g18a0cb0 docker-init: Version: 0.19.0 GitCommit: de40ad0 Trying to use an older version of the API produces an error: DOCKER_API_VERSION=1.23 docker version Client: Version: 24.0.2 API version: 1.23 (downgraded from 1.43) Go version: go1.20.4 Git commit: cb74dfc Built: Thu May 25 21:50:49 2023 OS/Arch: linux/arm64 Context: default Error response from daemon: client version 1.23 is too old. Minimum supported API version is 1.24, please upgrade your client to a newer version To restore the previous minimum, users can start the daemon with the DOCKER_MIN_API_VERSION environment variable set: DOCKER_MIN_API_VERSION=1.12 dockerd API 1.12 is the oldest supported API version on Linux; docker version Client: Version: 24.0.2 API version: 1.43 Go version: go1.20.4 Git commit: cb74dfc Built: Thu May 25 21:50:49 2023 OS/Arch: linux/arm64 Context: default Server: Engine: Version: dev API version: 1.44 (minimum version 1.12) Go version: go1.21.3 Git commit: 0322a29b9ef8806aaa4b45dc9d9a2ebcf0244bf4 Built: Mon Dec 4 15:22:17 2023 OS/Arch: linux/arm64 Experimental: false containerd: Version: v1.7.9 GitCommit: 4f03e100cb967922bec7459a78d16ccbac9bb81d runc: Version: 1.1.10 GitCommit: v1.1.10-0-g18a0cb0 docker-init: Version: 0.19.0 GitCommit: de40ad0 When using the `DOCKER_MIN_API_VERSION` with a version of the API that is not supported, an error is produced when starting the daemon; DOCKER_MIN_API_VERSION=1.11 dockerd --validate invalid DOCKER_MIN_API_VERSION: minimum supported API version is 1.12: 1.11 DOCKER_MIN_API_VERSION=1.45 dockerd --validate invalid DOCKER_MIN_API_VERSION: maximum supported API version is 1.44: 1.45 Specifying a malformed API version also produces the same error; DOCKER_MIN_API_VERSION=hello dockerd --validate invalid DOCKER_MIN_API_VERSION: minimum supported API version is 1.12: hello Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-04 12:44:21 +00:00
MinAPIVersion: cfg.MinAPIVersion,
Adds minimum API version to version Signed-off-by: John Howard <jhoward@microsoft.com>
2016-11-02 17:04:39 +00:00
GoVersion: runtime.Version(),
Os: runtime.GOOS,
Arch: runtime.GOARCH,
BuildTime: dockerversion.BuildTime,
api: generalize version information to any platform component This change adds a Platform struct with a Name field and a general Components field to the Version API type. This will allow API consumers to show version information for the whole platform and it will allow API providers to set the versions for the various components of the platform. All changes here are backwards compatible. Signed-off-by: Tibor Vass <tibor@docker.com>
2017-12-05 14:29:37 +00:00
KernelVersion: kernelVersion,
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
Experimental: cfg.Experimental,
Move docker system information to a dedicated router and backend. Because I like the name `system` better than `local` :) Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-03 18:11:19 +00:00
}
api: generalize version information to any platform component This change adds a Platform struct with a Name field and a general Components field to the Version API type. This will allow API consumers to show version information for the whole platform and it will allow API providers to set the versions for the various components of the platform. All changes here are backwards compatible. Signed-off-by: Tibor Vass <tibor@docker.com>
2017-12-05 14:29:37 +00:00
v.Platform.Name = dockerversion.PlatformName
Move docker system information to a dedicated router and backend. Because I like the name `system` better than `local` :) Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-03 18:11:19 +00:00
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
if err := daemon.fillPlatformVersion(ctx, &v, cfg); err != nil {
return v, err
}
return v, nil
Move docker system information to a dedicated router and backend. Because I like the name `system` better than `local` :) Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-03 18:11:19 +00:00
}
api/types: move system info types to api/types/system Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-03 11:14:14 +00:00
func (daemon *Daemon) fillDriverInfo(v *system.Info) {
daemon: info: fillDriverInfo() get driver-name from ImageService Make the ImageService the source of truth for the storage-driver that's used. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-09 09:04:47 +00:00
v.Driver = daemon.imageService.StorageDriver()
v.DriverStatus = daemon.imageService.LayerStoreStatus()
daemon: require storage-driver to be set if the driver is deprecated Previously, we only printed a warning if a storage driver was deprecated. The intent was to continue supporting these drivers, to allow users to migrate to a different storage driver. This patch changes the behavior; if the user has no storage driver specified in the daemon configuration (so if we try to detect the previous storage driver based on what's present in /var/lib/docker), we now produce an error, informing the user that the storage driver is deprecated (and to be removed), as well as instructing them to change the daemon configuration to explicitly select the storage driver (to allow them to migrate). This should make the deprecation more visible; this will be disruptive, but it's better to have the failure happening *now* (while the drivers are still there), than for users to discover the storage driver is no longer there (which would require them to *downgrade* the daemon in order to migrate to a different driver). With this change, `docker info` includes a link in the warnings that: / # docker info Client: Context: default Debug Mode: false Server: ... Live Restore Enabled: false WARNING: The overlay storage-driver is deprecated, and will be removed in a future release. Refer to the documentation for more information: https://docs.docker.com/go/storage-driver/ When starting the daemon without a storage driver configured explicitly, but previous state was using a deprecated driver, the error is both logged and printed: ... ERRO[2022-03-25T14:14:06.032014013Z] [graphdriver] prior storage driver overlay is deprecated and will be removed in a future release; update the the daemon configuration and explicitly choose this storage driver to continue using it; visit https://docs.docker.com/go/storage-driver/ for more information ... failed to start daemon: error initializing graphdriver: prior storage driver overlay is deprecated and will be removed in a future release; update the the daemon configuration and explicitly choose this storage driver to continue using it; visit https://docs.docker.com/go/storage-driver/ for more information When starting the daemon and explicitly configuring it with a deprecated storage driver: WARN[2022-03-25T14:15:59.042335412Z] [graphdriver] WARNING: the overlay storage-driver is deprecated and will be removed in a future release; visit https://docs.docker.com/go/storage-driver/ for more information Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-11 16:51:12 +00:00
const warnMsg = `
WARNING: The %s storage-driver is deprecated, and will be removed in a future release.
Refer to the documentation for more information: https://docs.docker.com/go/storage-driver/`
daemon: info: fillDriverInfo() get driver-name from ImageService Make the ImageService the source of truth for the storage-driver that's used. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-09 09:04:47 +00:00
switch v.Driver {
remove deprecated devicemapper storage-driver Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-24 15:17:08 +00:00
case "overlay":
daemon: info: fillDriverInfo() get driver-name from ImageService Make the ImageService the source of truth for the storage-driver that's used. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-09 09:04:47 +00:00
v.Warnings = append(v.Warnings, fmt.Sprintf(warnMsg, v.Driver))
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
}
Supported added for reterving Plugin list for Network and Volume. Also, plugin information in docker info output. Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
2015-10-23 06:08:26 +00:00
Add "Warnings" to /info endpoint, and move detection to the daemon When requesting information about the daemon's configuration through the `/info` endpoint, missing features (or non-recommended settings) may have to be presented to the user. Detecting these situations, and printing warnings currently is handled by the cli, which results in some complications: - duplicated effort: each client has to re-implement detection and warnings. - it's not possible to generate warnings for reasons outside of the information returned in the `/info` response. - cli-side detection has to be updated for new conditions. This means that an older cli connecting to a new daemon may not print all warnings (due to it not detecting the new conditions) - some warnings (in particular, warnings about storage-drivers) depend on driver-status (`DriverStatus`) information. The format of the information returned in this field is not part of the API specification and can change over time, resulting in cli-side detection no longer being functional. This patch adds a new `Warnings` field to the `/info` response. This field is to return warnings to be presented by the user. Existing warnings that are currently handled by the CLI are copied to the daemon as part of this patch; This change is backward-compatible with existing clients; old client can continue to use the client-side warnings, whereas new clients can skip client-side detection, and print warnings that are returned by the daemon. Example response with this patch applied; ```bash curl --unix-socket /var/run/docker.sock http://localhost/info | jq .Warnings ``` ```json [ "WARNING: bridge-nf-call-iptables is disabled", "WARNING: bridge-nf-call-ip6tables is disabled" ] ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-19 11:45:32 +00:00
fillDriverWarnings(v)
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
}
Add authorization plugins to docker info Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-12-29 21:10:23 +00:00
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
func (daemon *Daemon) fillPluginsInfo(ctx context.Context, v *system.Info, cfg *config.Config) {
api/types: move system info types to api/types/system Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-03 11:14:14 +00:00
v.Plugins = system.PluginsInfo{
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
Volume: daemon.volumes.GetDriverList(),
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
Network: daemon.GetNetworkDriverList(ctx),
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
// The authorization plugins are returned in the order they are
// used as they constitute a request/response modification chain.
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
Authorization: cfg.AuthorizationPlugins,
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
Log: logger.ListDrivers(),
}
}
api/types: move system info types to api/types/system Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-03 11:14:14 +00:00
func (daemon *Daemon) fillSecurityOptions(v *system.Info, sysInfo *sysinfo.SysInfo, cfg *config.Config) {
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
var securityOptions []string
if sysInfo.AppArmor {
securityOptions = append(securityOptions, "name=apparmor")
}
if sysInfo.Seccomp && supportsSeccomp {
daemon: normalize seccomp profile as part of setupSeccompProfile() This makes sure that the value set in the daemon can be used as-is, without having to replicate the normalization logic elsewhere. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-07 11:09:54 +00:00
if daemon.seccompProfilePath != config.SeccompProfileDefault {
daemon: move custom seccomp profile warning from CLI to daemon side Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-07 16:41:21 +00:00
v.Warnings = append(v.Warnings, "WARNING: daemon is not using the default seccomp profile")
}
daemon: normalize seccomp profile as part of setupSeccompProfile() This makes sure that the value set in the daemon can be used as-is, without having to replicate the normalization logic elsewhere. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-07 11:09:54 +00:00
securityOptions = append(securityOptions, "name=seccomp,profile="+daemon.seccompProfilePath)
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
}
vendor: opencontainers/selinux v1.8.0, and remove selinux build-tag and stubs full diff: https://github.com/opencontainers/selinux/compare/v1.7.0...v1.8.0 Remove "selinux" build tag Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-14 10:46:58 +00:00
if selinux.GetEnabled() {
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
securityOptions = append(securityOptions, "name=selinux")
}
Add ADD/COPY --chown flag support to Windows This implements chown support on Windows. Built-in accounts as well as accounts included in the SAM database of the container are supported. NOTE: IDPair is now named Identity and IDMappings is now named IdentityMapping. The following are valid examples: ADD --chown=Guest . <some directory> COPY --chown=Administrator . <some directory> COPY --chown=Guests . <some directory> COPY --chown=ContainerUser . <some directory> On Windows an owner is only granted the permission to read the security descriptor and read/write the discretionary access control list. This fix also grants read/write and execute permissions to the owner. Signed-off-by: Salahuddin Khan <salah@docker.com>
2017-11-16 06:20:33 +00:00
if rootIDs := daemon.idMapping.RootPair(); rootIDs.UID != 0 || rootIDs.GID != 0 {
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
securityOptions = append(securityOptions, "name=userns")
}
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
if Rootless(cfg) {
allow running `dockerd` in an unprivileged user namespace (rootless mode) Please refer to `docs/rootless.md`. TLDR: * Make sure `/etc/subuid` and `/etc/subgid` contain the entry for you * `dockerd-rootless.sh --experimental` * `docker -H unix://$XDG_RUNTIME_DIR/docker.sock run ...` Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-10-15 07:52:53 +00:00
securityOptions = append(securityOptions, "name=rootless")
}
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
if cgroupNamespacesEnabled(sysInfo, cfg) {
Make cgroup namespaces configurable This adds both a daemon-wide flag and a container creation property: - Set the `CgroupnsMode: "host|private"` HostConfig property at container creation time to control what cgroup namespace the container is created in - Set the `--default-cgroupns-mode=host|private` daemon flag to control what cgroup namespace containers are created in by default - Set the default if the daemon flag is unset to "host", for backward compatibility - Default to CgroupnsMode: "host" for client versions < 1.40 Signed-off-by: Rob Gulewich <rgulewich@netflix.com>
2019-03-15 03:44:18 +00:00
securityOptions = append(securityOptions, "name=cgroupns")
}
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
if noNewPrivileges(cfg) {
Add no-new-privileges to SecurityOptions returned by /info Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-04-13 11:27:59 +00:00
securityOptions = append(securityOptions, "name=no-new-privileges")
}
Make cgroup namespaces configurable This adds both a daemon-wide flag and a container creation property: - Set the `CgroupnsMode: "host|private"` HostConfig property at container creation time to control what cgroup namespace the container is created in - Set the `--default-cgroupns-mode=host|private` daemon flag to control what cgroup namespace containers are created in by default - Set the default if the daemon flag is unset to "host", for backward compatibility - Default to CgroupnsMode: "host" for client versions < 1.40 Signed-off-by: Rob Gulewich <rgulewich@netflix.com>
2019-03-15 03:44:18 +00:00
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
v.SecurityOptions = securityOptions
}
api/types: move system info types to api/types/system Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-03 11:14:14 +00:00
func (daemon *Daemon) fillContainerStates(v *system.Info) {
daemon: SystemInfo() extract container counts to a helper function This makes it more inline with other data we collect, and can be used to make some info optional at some point. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-15 18:19:30 +00:00
cRunning, cPaused, cStopped := stateCtr.get()
v.Containers = cRunning + cPaused + cStopped
v.ContainersPaused = cPaused
v.ContainersRunning = cRunning
v.ContainersStopped = cStopped
}
daemon: SystemInfo() extract collecting debugging information to a helper This makes it more inline with other data we collect, and can be used to make some info optional at some point. fillDebugInfo sets the current debugging state of the daemon, and additional debugging information, such as the number of Go-routines, and file descriptors. Note that this currently always collects the information, but the CLI only prints it if the daemon has debug enabled. We should consider to either make this information optional (cli to request "with debugging information"), or only collect it if the daemon has debug enabled. For the CLI code, see https://github.com/docker/cli/blob/v20.10.12/cli/command/system/info.go#L239-L244 Additional note: the CLI considers info.SystemTime debugging information. This felt a bit "odd" (daemon time could be useful for standard use), so I left this out of this function. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-02 11:52:29 +00:00
// fillDebugInfo sets the current debugging state of the daemon, and additional
// debugging information, such as the number of Go-routines, and file descriptors.
//
// Note that this currently always collects the information, but the CLI only
// prints it if the daemon has debug enabled. We should consider to either make
// this information optional (cli to request "with debugging information"), or
// only collect it if the daemon has debug enabled. For the CLI code, see
// https://github.com/docker/cli/blob/v20.10.12/cli/command/system/info.go#L239-L244
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
func (daemon *Daemon) fillDebugInfo(ctx context.Context, v *system.Info) {
daemon: SystemInfo() extract collecting debugging information to a helper This makes it more inline with other data we collect, and can be used to make some info optional at some point. fillDebugInfo sets the current debugging state of the daemon, and additional debugging information, such as the number of Go-routines, and file descriptors. Note that this currently always collects the information, but the CLI only prints it if the daemon has debug enabled. We should consider to either make this information optional (cli to request "with debugging information"), or only collect it if the daemon has debug enabled. For the CLI code, see https://github.com/docker/cli/blob/v20.10.12/cli/command/system/info.go#L239-L244 Additional note: the CLI considers info.SystemTime debugging information. This felt a bit "odd" (daemon time could be useful for standard use), so I left this out of this function. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-02 11:52:29 +00:00
v.Debug = debug.IsEnabled()
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
v.NFd = fileutils.GetTotalUsedFds(ctx)
daemon: SystemInfo() extract collecting debugging information to a helper This makes it more inline with other data we collect, and can be used to make some info optional at some point. fillDebugInfo sets the current debugging state of the daemon, and additional debugging information, such as the number of Go-routines, and file descriptors. Note that this currently always collects the information, but the CLI only prints it if the daemon has debug enabled. We should consider to either make this information optional (cli to request "with debugging information"), or only collect it if the daemon has debug enabled. For the CLI code, see https://github.com/docker/cli/blob/v20.10.12/cli/command/system/info.go#L239-L244 Additional note: the CLI considers info.SystemTime debugging information. This felt a bit "odd" (daemon time could be useful for standard use), so I left this out of this function. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-02 11:52:29 +00:00
v.NGoroutines = runtime.NumGoroutine()
v.NEventsListener = daemon.EventsService.SubscribersCount()
}
api/types: move system info types to api/types/system Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-03 11:14:14 +00:00
func (daemon *Daemon) fillAPIInfo(v *system.Info, cfg *config.Config) {
Add warning if REST API is accessible through an insecure connection The remote API allows full privilege escalation and is equivalent to having root access on the host. Because of this, the API should never be accessible through an insecure connection (TCP without TLS, or TCP without TLS verification). Although a warning is already logged on startup if the daemon uses an insecure configuration, this warning is not very visible (unless someone decides to read the logs). This patch attempts to make insecure configuration more visible by sending back warnings through the API (which will be printed when using `docker info`). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-08-21 12:06:06 +00:00
const warn string = `
Access to the remote API is equivalent to root access on the host. Refer
to the 'Docker daemon attack surface' section in the documentation for
Update documentation links - Using "/go/" redirects for some topics, which allows us to redirect to new locations if topics are moved around in the documentation. - Updated some old URLs to their new location. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-25 11:11:50 +00:00
more information: https://docs.docker.com/go/attack-surface/`
Add warning if REST API is accessible through an insecure connection The remote API allows full privilege escalation and is equivalent to having root access on the host. Because of this, the API should never be accessible through an insecure connection (TCP without TLS, or TCP without TLS verification). Although a warning is already logged on startup if the daemon uses an insecure configuration, this warning is not very visible (unless someone decides to read the logs). This patch attempts to make insecure configuration more visible by sending back warnings through the API (which will be printed when using `docker info`). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-08-21 12:06:06 +00:00
for _, host := range cfg.Hosts {
// cnf.Hosts is normalized during startup, so should always have a scheme/proto
daemon: use strings.Cut() and cleanup error messages Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-01 11:52:44 +00:00
proto, addr, _ := strings.Cut(host, "://")
Add warning if REST API is accessible through an insecure connection The remote API allows full privilege escalation and is equivalent to having root access on the host. Because of this, the API should never be accessible through an insecure connection (TCP without TLS, or TCP without TLS verification). Although a warning is already logged on startup if the daemon uses an insecure configuration, this warning is not very visible (unless someone decides to read the logs). This patch attempts to make insecure configuration more visible by sending back warnings through the API (which will be printed when using `docker info`). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-08-21 12:06:06 +00:00
if proto != "tcp" {
continue
}
Be more explicit about non-TLS TCP access deprecation Turn warnings into a deprecation notice and highlight that it will prevent daemon startup in future releases. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-13 11:17:37 +00:00
const removal = "In future versions this will be a hard failure preventing the daemon from starting! Learn more at: https://docs.docker.com/go/api-security/"
Sterner warnings for unathenticated tcp People keep doing this and getting pwned because they accidentally left it exposed to the internet. The warning about doing this has been there forever. This introduces a sleep after warning. To disable the extra sleep users must explicitly specify `--tls=false` or `--tlsverify=false` Warning also specifies this sleep will be removed in the next release where the flag will be required if running unauthenticated. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-07-28 23:01:08 +00:00
if cfg.TLS == nil || !*cfg.TLS {
Be more explicit about non-TLS TCP access deprecation Turn warnings into a deprecation notice and highlight that it will prevent daemon startup in future releases. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-13 11:17:37 +00:00
v.Warnings = append(v.Warnings, fmt.Sprintf("[DEPRECATION NOTICE]: API is accessible on http://%s without encryption.%s\n%s", addr, warn, removal))
Add warning if REST API is accessible through an insecure connection The remote API allows full privilege escalation and is equivalent to having root access on the host. Because of this, the API should never be accessible through an insecure connection (TCP without TLS, or TCP without TLS verification). Although a warning is already logged on startup if the daemon uses an insecure configuration, this warning is not very visible (unless someone decides to read the logs). This patch attempts to make insecure configuration more visible by sending back warnings through the API (which will be printed when using `docker info`). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-08-21 12:06:06 +00:00
continue
}
Sterner warnings for unathenticated tcp People keep doing this and getting pwned because they accidentally left it exposed to the internet. The warning about doing this has been there forever. This introduces a sleep after warning. To disable the extra sleep users must explicitly specify `--tls=false` or `--tlsverify=false` Warning also specifies this sleep will be removed in the next release where the flag will be required if running unauthenticated. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-07-28 23:01:08 +00:00
if cfg.TLSVerify == nil || !*cfg.TLSVerify {
Be more explicit about non-TLS TCP access deprecation Turn warnings into a deprecation notice and highlight that it will prevent daemon startup in future releases. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-13 11:17:37 +00:00
v.Warnings = append(v.Warnings, fmt.Sprintf("[DEPRECATION NOTICE]: API is accessible on https://%s without TLS client verification.%s\n%s", addr, warn, removal))
Add warning if REST API is accessible through an insecure connection The remote API allows full privilege escalation and is equivalent to having root access on the host. Because of this, the API should never be accessible through an insecure connection (TCP without TLS, or TCP without TLS verification). Although a warning is already logged on startup if the daemon uses an insecure configuration, this warning is not very visible (unless someone decides to read the logs). This patch attempts to make insecure configuration more visible by sending back warnings through the API (which will be printed when using `docker info`). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-08-21 12:06:06 +00:00
continue
}
}
}
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
func (daemon *Daemon) fillDefaultAddressPools(ctx context.Context, v *system.Info, cfg *config.Config) {
_, span := tracing.StartSpan(ctx, "fillDefaultAddressPools")
defer span.End()
daemon: read-copy-update the daemon config Ensure data-race-free access to the daemon configuration without locking by mutating a deep copy of the config and atomically storing a pointer to the copy into the daemon-wide configStore value. Any operations which need to read from the daemon config must capture the configStore value only once and pass it around to guarantee a consistent view of the config. Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-08-17 21:13:49 +00:00
for _, pool := range cfg.DefaultAddressPools.Value() {
api/types: move system info types to api/types/system Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-03 11:14:14 +00:00
v.DefaultAddressPools = append(v.DefaultAddressPools, system.NetworkAddressPool{
Add DefaultAddressPools to docker info #40388 Signed-off-by: Wang Yumu <37442693@qq.com>
2020-07-07 03:17:51 +00:00
Base: pool.Base,
Size: pool.Size,
})
}
}
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
func hostName(ctx context.Context) string {
ctx, span := tracing.StartSpan(ctx, "hostName")
defer span.End()
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
hostname := ""
if hn, err := os.Hostname(); err != nil {
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
log.G(ctx).Warnf("Could not get hostname: %v", err)
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
} else {
hostname = hn
}
return hostname
}
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
func kernelVersion(ctx context.Context) string {
ctx, span := tracing.StartSpan(ctx, "kernelVersion")
defer span.End()
Do not return "<unknown>" in /info response Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-16 14:07:47 +00:00
var kernelVersion string
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
if kv, err := kernel.GetKernelVersion(); err != nil {
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
log.G(ctx).Warnf("Could not get kernel version: %v", err)
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
} else {
kernelVersion = kv.String()
}
return kernelVersion
}
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
func memInfo(ctx context.Context) *meminfo.Memory {
ctx, span := tracing.StartSpan(ctx, "memInfo")
defer span.End()
pkg/sysinfo: move MemInfo and ReadMemInfo to a separate package Commit 6a516acb2e720b7a01d27c7df9cfe9857c013308 moved the MemInfo type and ReadMemInfo() function into the pkg/sysinfo package. In an attempt to assist consumers of these to migrate to the new location, an alias was added. Unfortunately, the side effect of this alias is that pkg/system now depends on pkg/sysinfo, which means that consumers of this (such as docker/cli) now get all (indirect) dependencies of that package as dependency, which includes many dependencies that should only be needed for the daemon / runtime; - github.com/cilium/ebpf - github.com/containerd/cgroups - github.com/coreos/go-systemd/v22 - github.com/godbus/dbus/v5 - github.com/moby/sys/mountinfo - github.com/opencontainers/runtime-spec This patch moves the MemInfo related code to its own package. As the previous move was not yet part of a release, we're not adding new aliases in pkg/sysinfo. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-14 22:21:27 +00:00
memInfo, err := meminfo.Read()
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
if err != nil {
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
log.G(ctx).Errorf("Could not read system memory info: %v", err)
pkg/sysinfo: move MemInfo and ReadMemInfo to a separate package Commit 6a516acb2e720b7a01d27c7df9cfe9857c013308 moved the MemInfo type and ReadMemInfo() function into the pkg/sysinfo package. In an attempt to assist consumers of these to migrate to the new location, an alias was added. Unfortunately, the side effect of this alias is that pkg/system now depends on pkg/sysinfo, which means that consumers of this (such as docker/cli) now get all (indirect) dependencies of that package as dependency, which includes many dependencies that should only be needed for the daemon / runtime; - github.com/cilium/ebpf - github.com/containerd/cgroups - github.com/coreos/go-systemd/v22 - github.com/godbus/dbus/v5 - github.com/moby/sys/mountinfo - github.com/opencontainers/runtime-spec This patch moves the MemInfo related code to its own package. As the previous move was not yet part of a release, we're not adding new aliases in pkg/sysinfo. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-14 22:21:27 +00:00
memInfo = &meminfo.Memory{}
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
}
return memInfo
}
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
func operatingSystem(ctx context.Context) (operatingSystem string) {
ctx, span := tracing.StartSpan(ctx, "operatingSystem")
defer span.End()
Adding OS version info to the nodes' `Info` struct This is needed so that we can add OS version constraints in Swarmkit, which does require the engine to report its host's OS version (see https://github.com/docker/swarmkit/issues/2770). The OS version is parsed from the `os-release` file on Linux, and from the `ReleaseId` string value of the `SOFTWARE\Microsoft\Windows NT\CurrentVersion` registry key on Windows. Added unit tests when possible, as well as Prometheus metrics. Signed-off-by: Jean Rouge <rougej+github@gmail.com>
2019-05-30 16:51:41 +00:00
defer metrics.StartTimer(hostInfoFunctions.WithValues("operating_system"))()
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
if s, err := operatingsystem.GetOperatingSystem(); err != nil {
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
log.G(ctx).Warnf("Could not get operating system name: %v", err)
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
} else {
operatingSystem = s
}
some cleaning up of isolation checks, and platform information Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-17 17:25:38 +00:00
if inContainer, err := operatingsystem.IsContainerized(); err != nil {
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
log.G(ctx).Errorf("Could not determine if daemon is containerized: %v", err)
some cleaning up of isolation checks, and platform information Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-17 17:25:38 +00:00
operatingSystem += " (error determining if containerized)"
} else if inContainer {
operatingSystem += " (containerized)"
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
}
Adding OS version info to the nodes' `Info` struct This is needed so that we can add OS version constraints in Swarmkit, which does require the engine to report its host's OS version (see https://github.com/docker/swarmkit/issues/2770). The OS version is parsed from the `os-release` file on Linux, and from the `ReleaseId` string value of the `SOFTWARE\Microsoft\Windows NT\CurrentVersion` registry key on Windows. Added unit tests when possible, as well as Prometheus metrics. Signed-off-by: Jean Rouge <rougej+github@gmail.com>
2019-05-30 16:51:41 +00:00
Refactor daemon.info to reduce cyclomatic complexity Before this change; gocyclo daemon/info.go 17 daemon (*Daemon).SystemInfo daemon/info.go:27:1 2 daemon (*Daemon).SystemVersion daemon/info.go:150:1 1 daemon (*Daemon).showPluginsInfo daemon/info.go:195:1 After this change; gocyclo daemon/info.go 8 daemon (*Daemon).fillSecurityOptions daemon/info.go:150:1 5 daemon operatingSystem daemon/info.go:201:1 3 daemon (*Daemon).fillDriverInfo daemon/info.go:121:1 2 daemon hostName daemon/info.go:172:1 2 daemon memInfo daemon/info.go:192:1 2 daemon kernelVersion daemon/info.go:182:1 1 daemon (*Daemon).SystemVersion daemon/info.go:81:1 1 daemon (*Daemon).SystemInfo daemon/info.go:27:1 1 daemon (*Daemon).fillPluginsInfo daemon/info.go:138:1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 10:55:59 +00:00
return operatingSystem
Supported added for reterving Plugin list for Network and Volume. Also, plugin information in docker info output. Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
2015-10-23 06:08:26 +00:00
}
Masking credentials from proxy URL Signed-off-by: Dani Louca <dani.louca@docker.com>
2018-09-27 02:43:26 +00:00
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
func osVersion(ctx context.Context) (version string) {
ctx, span := tracing.StartSpan(ctx, "osVersion")
defer span.End()
Adding OS version info to the nodes' `Info` struct This is needed so that we can add OS version constraints in Swarmkit, which does require the engine to report its host's OS version (see https://github.com/docker/swarmkit/issues/2770). The OS version is parsed from the `os-release` file on Linux, and from the `ReleaseId` string value of the `SOFTWARE\Microsoft\Windows NT\CurrentVersion` registry key on Windows. Added unit tests when possible, as well as Prometheus metrics. Signed-off-by: Jean Rouge <rougej+github@gmail.com>
2019-05-30 16:51:41 +00:00
defer metrics.StartTimer(hostInfoFunctions.WithValues("os_version"))()
version, err := operatingsystem.GetOperatingSystemVersion()
if err != nil {
Plumb context through info endpoint I was trying to find out why `docker info` was sometimes slow so plumbing a context through to propagate trace data through. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-09-10 00:05:05 +00:00
log.G(ctx).Warnf("Could not get operating system version: %v", err)
Adding OS version info to the nodes' `Info` struct This is needed so that we can add OS version constraints in Swarmkit, which does require the engine to report its host's OS version (see https://github.com/docker/swarmkit/issues/2770). The OS version is parsed from the `os-release` file on Linux, and from the `ReleaseId` string value of the `SOFTWARE\Microsoft\Windows NT\CurrentVersion` registry key on Windows. Added unit tests when possible, as well as Prometheus metrics. Signed-off-by: Jean Rouge <rougej+github@gmail.com>
2019-05-30 16:51:41 +00:00
}
return version
}
daemon/info: remove use of docker/go-connections The `docker/go-connections` package was only used for a quite generic utility. This patch removes the use of the package by replacing the `GetProxyEnv` utility with a local function that's based on the one in golang.org/x/net/http/httpproxy: https://github.com/golang/net/blob/c21de06aaf072cea07f3a65d6970e5c7d8b6cd6d/http/httpproxy/proxy.go#L100-L107 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-25 08:56:41 +00:00
func getEnvAny(names ...string) string {
for _, n := range names {
if val := os.Getenv(n); val != "" {
return val
}
}
return ""
}
Add http(s) proxy properties to daemon configuration This allows configuring the daemon's proxy server through the daemon.json con- figuration file or command-line flags configuration file, in addition to the existing option (through environment variables). Configuring environment variables on Windows to configure a service is more complicated than on Linux, and adding alternatives for this to the daemon con- figuration makes the configuration more transparent and easier to use. The configuration as set through command-line flags or through the daemon.json configuration file takes precedence over env-vars in the daemon's environment, which allows the daemon to use a different proxy. If both command-line flags and a daemon.json configuration option is set, an error is produced when starting the daemon. Note that this configuration is not "live reloadable" due to Golang's use of `sync.Once()` for proxy configuration, which means that changing the proxy configuration requires a restart of the daemon (reload / SIGHUP will not update the configuration. With this patch: cat /etc/docker/daemon.json { "http-proxy": "http://proxytest.example.com:80", "https-proxy": "https://proxytest.example.com:443" } docker pull busybox Using default tag: latest Error response from daemon: Get "https://registry-1.docker.io/v2/": proxyconnect tcp: dial tcp: lookup proxytest.example.com on 127.0.0.11:53: no such host docker build . Sending build context to Docker daemon 89.28MB Step 1/3 : FROM golang:1.16-alpine AS base Get "https://registry-1.docker.io/v2/": proxyconnect tcp: dial tcp: lookup proxytest.example.com on 127.0.0.11:53: no such host Integration tests were added to test the behavior: - verify that the configuration through all means are used (env-var, command-line flags, damon.json), and used in the expected order of preference. - verify that conflicting options produce an error. Signed-off-by: Anca Iordache <anca.iordache@docker.com> Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-16 07:33:00 +00:00
func getConfigOrEnv(config string, env ...string) string {
if config != "" {
return config
}
return getEnvAny(env...)
}
Add CDISpecDirs to Info output This change adds the configured CDI spec directories to the system info output. Signed-off-by: Evan Lezar <elezar@nvidia.com>
2023-07-17 23:50:08 +00:00
daemon: work around go1.21 compiler bug The Go 1.21.5 compiler has a bug: per-file language version override directives do not take effect when instantiating generic functions which have certain nontrivial type constraints. Consequently, a module-mode project with Moby as a dependency may fail to compile when the compiler incorrectly applies go1.16 semantics to the generic function call. As the offending function is trivial and is only used in one place, work around the issue by converting it to a concretely-typed function. Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-12-21 21:07:38 +00:00
// promoteNil converts a nil slice to an empty slice.
Add CDISpecDirs to Info output This change adds the configured CDI spec directories to the system info output. Signed-off-by: Evan Lezar <elezar@nvidia.com>
2023-07-17 23:50:08 +00:00
// A non-nil slice is returned as is.
daemon: work around go1.21 compiler bug The Go 1.21.5 compiler has a bug: per-file language version override directives do not take effect when instantiating generic functions which have certain nontrivial type constraints. Consequently, a module-mode project with Moby as a dependency may fail to compile when the compiler incorrectly applies go1.16 semantics to the generic function call. As the offending function is trivial and is only used in one place, work around the issue by converting it to a concretely-typed function. Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-12-21 21:07:38 +00:00
//
// TODO: make generic again once we are a go module,
// go.dev/issue/64759 is fixed, or we drop support for Go 1.21.
func promoteNil(s []string) []string {
Add CDISpecDirs to Info output This change adds the configured CDI spec directories to the system info output. Signed-off-by: Evan Lezar <elezar@nvidia.com>
2023-07-17 23:50:08 +00:00
if s == nil {
daemon: work around go1.21 compiler bug The Go 1.21.5 compiler has a bug: per-file language version override directives do not take effect when instantiating generic functions which have certain nontrivial type constraints. Consequently, a module-mode project with Moby as a dependency may fail to compile when the compiler incorrectly applies go1.16 semantics to the generic function call. As the offending function is trivial and is only used in one place, work around the issue by converting it to a concretely-typed function. Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-12-21 21:07:38 +00:00
return []string{}
Add CDISpecDirs to Info output This change adds the configured CDI spec directories to the system info output. Signed-off-by: Evan Lezar <elezar@nvidia.com>
2023-07-17 23:50:08 +00:00
}
return s
}
Reference in a new issue Copy permalink