Commit graph

512 commits

Author SHA1 Message Date
Brian Goff
130b0bc603
Merge pull request #40823 from thaJeztah/remove_distrib_uuid
daemon: remove distribution/uuid package
2020-04-16 20:59:58 -07:00
Akihiro Suda
f350b53241 cgroup2: implement docker info
ref: https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-04-17 07:20:01 +09:00
Sebastiaan van Stijn
2376ebd3f2
fix --cluster-store-opt deprecation annotation
Commit 1470697b67 marked this flag
as deprecated, but inadvertedtly used the plural (which is used
for `daemon.json`, but not for the flag name.

This fixes the inccorect name of the flag.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-16 14:42:19 +02:00
Sebastiaan van Stijn
7400375526
daemon: remove distribution/uuid package
This appeared to be unused because we no longer generate
a uuid using this package.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-16 09:16:38 +02:00
Tonis Tiigi
0cdf6ba9c8 vendor: update buildkit to ae7ff174
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-04-14 08:26:07 -07:00
Akihiro Suda
5ca47f5179 rootless: graduate from experimental
Close #40484

Note that the support for cgroup v2 isn't ready for production yet,
regardless to rootful or rootless.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-04-07 00:59:15 +09:00
Akihiro Suda
9a82a9a8ea vendor containerd, BuildKit, protobuf, grpc, and golang.org/x
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-03-03 10:25:20 +09:00
Brian Goff
bc1c0c7a8a
Merge pull request #40510 from aiordache/moby_cluster_flags_deprecate
Deprecate '--cluster-xx' options and add warning
2020-02-27 11:25:31 -08:00
Anca Iordache
f7c4be86c6 fixed deprecation message
Signed-off-by: Anca Iordache <anca.iordache@docker.com>
2020-02-19 11:22:20 +01:00
Anca Iordache
1470697b67 Deprecate '--cluster-xx' options and add warning
Co-authored-by: Yves Brissaud <yves.brissaud@gmail.com>

Signed-off-by: Anca Iordache <anca.iordache@docker.com>
2020-02-12 18:33:23 +01:00
Jintao Zhang
35d6c1870f enforce reserve internal labels.
The namespaces com.docker.*, io.docker.*, org.dockerproject.*
have been documented to be reserved for Docker's internal use.

Co-Authored-By: Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
2020-02-12 12:03:35 +08:00
Sebastiaan van Stijn
9f0b3f5609
bump gotest.tools v3.0.1 for compatibility with Go 1.14
full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-11 00:06:42 +01:00
Sebastiaan van Stijn
ca20bc4214
Merge pull request #40007 from arkodg/add-host-docker-internal
Support host.docker.internal in dockerd on Linux
2020-01-27 13:42:26 +01:00
Arko Dasgupta
92e809a680 Support host.docker.internal in dockerd on Linux
Docker Desktop (on MAC and Windows hosts) allows containers
running inside a Linux VM to connect to the host using
the host.docker.internal DNS name, which is implemented by
VPNkit (DNS proxy on the host)

This PR allows containers to connect to Linux hosts
by appending a special string "host-gateway" to --add-host
e.g. "--add-host=host.docker.internal:host-gateway" which adds
host.docker.internal DNS entry in /etc/hosts and maps it to host-gateway-ip

This PR also add a daemon flag call host-gateway-ip which defaults to
the default bridge IP
Docker Desktop will need to set this field to the Host Proxy IP
so DNS requests for host.docker.internal can be routed to VPNkit

Addresses: https://github.com/docker/for-linux/issues/264

Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>
2020-01-22 13:30:00 -08:00
Akihiro Suda
19baeaca26 cgroup2: enable cgroup namespace by default
For cgroup v1, we were unable to change the default because of
compatibility issue.

For cgroup v2, we should change the default right now because switching
to cgroup v2 is already breaking change.

See also containers/libpod#4363 containers/libpod#4374

Privileged containers also use cgroupns=private by default.
https://github.com/containers/libpod/pull/4374#issuecomment-549776387

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-01-01 02:58:40 +09:00
Sebastiaan van Stijn
6b91ceff74
Use hcsshim osversion package for Windows versions
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-22 02:53:00 +02:00
Tibor Vass
6ca3ec88ae builder: remove legacy build's session handling
This feature was used by docker build --stream and it was kept experimental.

Users of this endpoint should enable BuildKit anyway by setting Version to BuilderBuildKit.

Signed-off-by: Tibor Vass <tibor@docker.com>
2019-10-02 20:29:15 +00:00
Lukas Heeren
ce61a1ed98
Adding ability to change max download attempts
Moby works perfectly when you are in a situation when one has a good and stable
internet connection. Operating in area's where internet connectivity is likely
to be lost in undetermined intervals, like a satellite connection or 4G/LTE in
rural area's, can become a problem when pulling a new image. When connection is
lost while image layers are being pulled, Moby will try to reconnect up to 5 times.
If this fails, the incompletely downloaded layers are lost will need to be completely
downloaded again during the next pull request. This means that we are using more
data than we might have to.

Pulling a layer multiple times from the start can become costly over a satellite
or 4G/LTE connection. As these techniques (especially 4G) quite common in IoT and
Moby is used to run Azure IoT Edge devices, I would like to add a settable maximum
download attempts. The maximum download attempts is currently set at 5
(distribution/xfer/download.go). I would like to change this constant to a variable
that the user can set. The default will still be 5, so nothing will change from
the current version unless specified when starting the daemon with the added flag
or in the config file.

I added a default value of 5 for DefaultMaxDownloadAttempts and a settable
max-download-attempts in the daemon config file. It is also added to the config
of dockerd so it can be set with a flag when starting the daemon. This value gets
stored in the imageService of the daemon when it is initiated and can be passed
to the NewLayerDownloadManager as a parameter. It will be stored in the
LayerDownloadManager when initiated. This enables us to set the max amount of
retries in makeDownoadFunc equal to the max download attempts.

I also added some tests that are based on maxConcurrentDownloads/maxConcurrentUploads.

You can pull this version and test in a development container. Either create a config
`file /etc/docker/daemon.json` with `{"max-download-attempts"=3}``, or use
`dockerd --max-download-attempts=3 -D &` to start up the dockerd. Start downloading
a container and disconnect from the internet whilst downloading. The result would
be that it stops pulling after three attempts.

Signed-off-by: Lukas Heeren <lukas-heeren@hotmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-19 13:51:40 +02:00
Sebastiaan van Stijn
90c372bb2c
cmd/dockerd: explicitly ignore unchecked errors (errcheck)
```
cmd/dockerd/config.go:50:18: Error return value of `flags.MarkHidden` is not checked (errcheck)
cmd/dockerd/config.go:55:22: Error return value of `flags.MarkDeprecated` is not checked (errcheck)
cmd/dockerd/config.go:78:18: Error return value of `flags.MarkHidden` is not checked (errcheck)
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-18 12:57:53 +02:00
Sebastiaan van Stijn
07ff4f1de8
goimports: fix imports
Format the source according to latest goimports.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-18 12:56:54 +02:00
HuanHuan Ye
88c554f950 DaemonCli: Move check into startMetricsServer
Fix TODO: move into startMetricsServer()
Fix errors.Wrap return nil when passed err is nil

Co-Authored-By: Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
Signed-off-by: HuanHuan Ye <logindaveye@gmail.com>
2019-09-12 15:18:05 +08:00
Sebastiaan van Stijn
e554ab5589
Allow system.MkDirAll() to be used as drop-in for os.MkDirAll()
also renamed the non-windows variant of this file to be
consistent with other files in this package

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-08-08 15:05:49 +02:00
Sebastiaan van Stijn
f6b1f01de3
Remove hack MalformedHostHeaderOverride
This hack was added to fix a compatibility with clients
that were built using Go 1.5 and older (added in 3d6f5984f5)

This hack causes some problems with current clients; with Go 1.5 and older
no longer being supported for some time, and being several years old, it
should now be ok to remove this hack altogether.

People using tools that are built with those versions of Go wouldn't have
updated those for years, and are probably out of date anyway; that's not
something we can continue taking into account.

This will affect docker clients (the docker cli) for docker 1.12 and older.
Those versions have reached EOL a long time ago (and have known unpatched
vulnerabilities), so should no longer be used anyway, but We should add
a nebtuib in the release notes, just in case someone, somewhere, still
has such old tools.

For those affected, using a more recent client (and if needed, setting
the DOCKER_API_VERSION environment variable to the needed API version)
should provide a way out.

This reverts the changes originally made in; #22000 and #22888,
which were to address #20865.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-18 21:25:04 +02:00
Sebastiaan van Stijn
c7bbb1c5a1
Merge pull request #39329 from tiborvass/buildkit-honor-daemon-dnsconfig
build: buildkit now honors daemon's DNS config
2019-07-16 16:19:20 +02:00
Sebastiaan van Stijn
d470252e87
daemon: don't listen on the same address multiple times
Before this change:

    dockerd -H unix:///run/docker.sock -H unix:///run/docker.sock -H unix:///run/docker.sock
    ...
    INFO[2019-07-13T00:02:36.195090937Z] Daemon has completed initialization
    INFO[2019-07-13T00:02:36.215940441Z] API listen on /run/docker.sock
    INFO[2019-07-13T00:02:36.215933172Z] API listen on /run/docker.sock
    INFO[2019-07-13T00:02:36.215990566Z] API listen on /run/docker.sock

After this change:

    dockerd -H unix:///run/docker.sock -H unix:///run/docker.sock -H unix:///run/docker.sock
    ...
    INFO[2019-07-13T00:01:37.533579874Z] Daemon has completed initialization
    INFO[2019-07-13T00:01:37.567045771Z] API listen on /run/docker.sock

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-13 13:21:08 +02:00
Brian Goff
24ad2f486d Add (hidden) flags to set containerd namespaces
This allows our tests, which all share a containerd instance, to be a
bit more isolated by setting the containerd namespaces to the generated
daemon ID's rather than the default namespaces.

This came about because I found in some cases we had test daemons
failing to start (really very slow to start) because it was (seemingly)
processing events from other tests.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2019-07-11 17:27:48 -07:00
Wei Fu
dbb5da7fcd dockerd: update reload signal comment
Signed-off-by: Wei Fu <fuweid89@gmail.com>
2019-07-11 09:28:49 +08:00
Tibor Vass
a1cdd4bfcc build: buildkit now honors daemon's DNS config
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-07-10 00:26:03 +00:00
Sebastiaan van Stijn
6f9cdd6c73
Improve description for cpu-rt-period,runtime daemon flags
These options configure the parent cgroup, not the default for containers,
nor the daemon itself, so adding that information to the flag description
to make this slightly more clear.

relates to 56f77d5ade (#23430) which implemented
these flags.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-06-21 17:15:21 +02:00
Tibor Vass
53dad9f027 Remove v1 manifest code
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-06-18 01:40:25 +00:00
Tibor Vass
f695e98cb7 Revert "Remove the rest of v1 manifest support"
This reverts commit 98fc09128b in order to
keep registry v2 schema1 handling and libtrust-key-based engine ID.

Because registry v2 schema1 was not officially deprecated and
registries are still relying on it, this patch puts its logic back.

However, registry v1 relics are not added back since v1 logic has been
removed a while ago.

This also fixes an engine upgrade issue in a swarm cluster. It was relying
on the Engine ID to be the same upon upgrade, but the mentioned commit
modified the logic to use UUID and from a different file.

Since the libtrust key is always needed to support v2 schema1 pushes,
that the old engine ID is based on the libtrust key, and that the engine ID
needs to be conserved across upgrades, adding a UUID-based engine ID logic
seems to add more complexity than it solves the problems.

Hence reverting the engine ID changes as well.

Signed-off-by: Tibor Vass <tibor@docker.com>
2019-06-18 00:36:01 +00:00
Tonis Tiigi
07b3aac902 builder-next: userns remap support
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-06-10 21:49:17 -07:00
Sebastiaan van Stijn
c85fe2d224
Merge pull request #38522 from cpuguy83/fix_timers
Make sure timers are stopped after use.
2019-06-07 13:16:46 +02:00
Kirill Kolyshkin
f0fe0d6c4e
Merge pull request #39105 from cpuguy83/optimize_test_daemon_startup
Optimize test daemon startup
2019-05-23 11:58:47 -07:00
Rob Gulewich
072400fc4b Make cgroup namespaces configurable
This adds both a daemon-wide flag and a container creation property:
- Set the `CgroupnsMode: "host|private"` HostConfig property at
  container creation time to control what cgroup namespace the container
  is created in
- Set the `--default-cgroupns-mode=host|private` daemon flag to control
  what cgroup namespace containers are created in by default
- Set the default if the daemon flag is unset to "host", for backward
  compatibility
- Default to CgroupnsMode: "host" for client versions < 1.40

Signed-off-by: Rob Gulewich <rgulewich@netflix.com>
2019-05-07 10:22:16 -07:00
Brian Goff
595987fd08 Add log entries for daemon startup/shutdown
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2019-05-06 10:36:05 -07:00
Akihiro Suda
3518383ed9 dockerd: fix rootless detection (alternative to #39024)
The `--rootless` flag had a couple of issues:
* #38702: euid=0, $USER="root" but no access to cgroup ("rootful" Docker in rootless Docker)
* #39009: euid=0 but $USER="docker" (rootful boot2docker)

To fix #38702, XDG dirs are ignored as in rootful Docker, unless the
dockerd is directly running under RootlessKit namespaces.

RootlessKit detection is implemented by checking whether `$ROOTLESSKIT_STATE_DIR` is set.

To fix #39009, the non-robust `$USER` check is now completely removed.

The entire logic can be illustrated as follows:

```
withRootlessKit := getenv("ROOTLESSKIT_STATE_DIR")
rootlessMode := withRootlessKit || cliFlag("--rootless")
honorXDG := withRootlessKit
useRootlessKitDockerProxy := withRootlessKit
removeCgroupSpec := rootlessMode
adjustOOMScoreAdj := rootlessMode
```

Close #39024
Fix #38702 #39009

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-04-25 16:47:01 +09:00
Akihiro Suda
3bc02fc040 fix containerd WaitTimeout
`defer r.WaitTimeout(10s)` was in a wrong place and had caused the
daemon to hang for 10 seconds.

Fix #39025

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-04-08 18:44:14 +09:00
Tibor Vass
05c5d20a2c grpc: register BuildKit controller to /grpc
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-04-02 19:57:59 +00:00
John Howard
a3eda72f71
Merge pull request #38541 from Microsoft/jjh/containerd
Windows: Experimental: ContainerD runtime
2019-03-19 21:09:19 -07:00
John Howard
92bf0a5046 Windows:Add ETW logging hook
Signed-off-by: John Howard <jhoward@microsoft.com>
2019-03-12 18:41:55 -07:00
John Howard
85ad4b16c1 Windows: Experimental: Allow containerd for runtime
Signed-off-by: John Howard <jhoward@microsoft.com>

This is the first step in refactoring moby (dockerd) to use containerd on Windows.
Similar to the current model in Linux, this adds the option to enable it for runtime.
It does not switch the graphdriver to containerd snapshotters.

 - Refactors libcontainerd to a series of subpackages so that either a
  "local" containerd (1) or a "remote" (2) containerd can be loaded as opposed
  to conditional compile as "local" for Windows and "remote" for Linux.

 - Updates libcontainerd such that Windows has an option to allow the use of a
   "remote" containerd. Here, it communicates over a named pipe using GRPC.
   This is currently guarded behind the experimental flag, an environment variable,
   and the providing of a pipename to connect to containerd.

 - Infrastructure pieces such as under pkg/system to have helper functions for
   determining whether containerd is being used.

(1) "local" containerd is what the daemon on Windows has used since inception.
It's not really containerd at all - it's simply local invocation of HCS APIs
directly in-process from the daemon through the Microsoft/hcsshim library.

(2) "remote" containerd is what docker on Linux uses for it's runtime. It means
that there is a separate containerd service running, and docker communicates over
GRPC to it.

To try this out, you will need to start with something like the following:

Window 1:
	containerd --log-level debug

Window 2:
	$env:DOCKER_WINDOWS_CONTAINERD=1
	dockerd --experimental -D --containerd \\.\pipe\containerd-containerd

You will need the following binary from github.com/containerd/containerd in your path:
 - containerd.exe

You will need the following binaries from github.com/Microsoft/hcsshim in your path:
 - runhcs.exe
 - containerd-shim-runhcs-v1.exe

For LCOW, it will require and initrd.img and kernel in `C:\Program Files\Linux Containers`.
This is no different to the current requirements. However, you may need updated binaries,
particularly initrd.img built from Microsoft/opengcs as (at the time of writing), Linuxkit
binaries are somewhat out of date.

Note that containerd and hcsshim for HCS v2 APIs do not yet support all the required
functionality needed for docker. This will come in time - this is a baby (although large)
step to migrating Docker on Windows to containerd.

Note that the HCS v2 APIs are only called on RS5+ builds. RS1..RS4 will still use
HCS v1 APIs as the v2 APIs were not fully developed enough on these builds to be usable.
This abstraction is done in HCSShim. (Referring specifically to runtime)

Note the LCOW graphdriver still uses HCS v1 APIs regardless.

Note also that this does not migrate docker to use containerd snapshotters
rather than graphdrivers. This needs to be done in conjunction with Linux also
doing the same switch.
2019-03-12 18:41:55 -07:00
Justin Cormack
98fc09128b Remove the rest of v1 manifest support
As people are using the UUID in `docker info` that was based on the v1 manifest signing key, replace
with a UUID instead.

Remove deprecated `--disable-legacy-registry` option that was scheduled to be removed in 18.03.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2019-03-02 10:46:37 -08:00
Tonis Tiigi
f9b9d5f584 builder-next: fixes for rootless mode
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-02-28 10:44:21 -08:00
Akihiro Suda
56bea903ef dockerd: call StickRuntimeDirContents only in rootless mode
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-02-14 12:48:41 +09:00
Yong Tang
86312a4732 Fix go-vet issue
This fix fixes the following issue with `go vet`:
```
$ go tool vet cmd/dockerd/daemon.go
cmd/dockerd/daemon.go:163: the cancel function is not used on all paths (possible context leak)
cmd/dockerd/daemon.go:167: this return statement may be reached without using the cancel var defined on line 163
```

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2019-02-06 23:30:28 +00:00
Akihiro Suda
ec87479b7e allow running dockerd in an unprivileged user namespace (rootless mode)
Please refer to `docs/rootless.md`.

TLDR:
 * Make sure `/etc/subuid` and `/etc/subgid` contain the entry for you
 * `dockerd-rootless.sh --experimental`
 * `docker -H unix://$XDG_RUNTIME_DIR/docker.sock run ...`

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-02-04 00:24:27 +09:00
Brian Goff
eaad3ee3cf Make sure timers are stopped after use.
`time.After` keeps a timer running until the specified duration is
completed. It also allocates a new timer on each call. This can wind up
leaving lots of uneccessary timers running in the background that are
not needed and consume resources.

Instead of `time.After`, use `time.NewTimer` so the timer can actually
be stopped.
In some of these cases it's not a big deal since the duraiton is really
short, but in others it is much worse.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2019-01-16 14:32:53 -08:00
Sebastiaan van Stijn
1edf943dc7
Configure log-format earlier, and small refactor
Some messages are logged before the logrus format was set,
therefore resulting in inconsistent log-message formatting
during startup;

Before this patch;

```
dockerd --experimental
WARN[0000] Running experimental build
INFO[2018-11-24T11:24:05.615249610Z] libcontainerd: started new containerd process  pid=132
INFO[2018-11-24T11:24:05.615348322Z] parsed scheme: "unix"                         module=grpc
...
```

With this patch applied;

```
dockerd --experimental
WARN[2018-11-24T13:41:51.199057259Z] Running experimental build
INFO[2018-11-24T13:41:51.200412645Z] libcontainerd: started new containerd process  pid=293
INFO[2018-11-24T13:41:51.200523051Z] parsed scheme: "unix"                         module=grpc
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-12-19 18:53:18 +01:00
Jiri Appl
33a779e308 Properly type handles to prevent overflows
This change is needed for 32 bit targets as the default type is int32
and the handle constants do not fit into it.

Signed-off-by: Jiri Appl <jiria@microsoft.com>
2018-10-10 16:46:37 -07:00
Tibor Vass
34eede0296 Remove 'docker-' prefix for containerd and runc binaries
This allows to run the daemon in environments that have upstream containerd installed.

Signed-off-by: Tibor Vass <tibor@docker.com>
2018-09-24 21:49:03 +00:00
Tibor Vass
4a776d0ca7 builder: use buildkit's GC for build cache
This allows users to configure the buildkit GC.

The following enables the default GC:
```
{
  "builder": {
    "gc": {
      "enabled": true
    }
  }
}
```

The default GC policy has a simple config:
```
{
  "builder": {
    "gc": {
      "enabled": true,
      "defaultKeepStorage": "30GB"
    }
  }
}
```

A custom GC policy can be used instead by specifying a list of cache prune rules:
```
{
  "builder": {
    "gc": {
      "enabled": true,
      "policy": [
        {"keepStorage": "512MB", "filter": ["unused-for=1400h"]]},
        {"keepStorage": "30GB", "all": true}
      ]
    }
  }
}
```

Signed-off-by: Tibor Vass <tibor@docker.com>
2018-09-21 22:06:00 +00:00
Anda Xu
171d51c861 add support of registry-mirrors and insecure-registries to buildkit
Signed-off-by: Anda Xu <anda.xu@docker.com>
2018-09-20 11:53:02 -07:00
Anda Xu
66ac92cdc6 create newBuildKit function separately in daemon_unix.go and daemon_windows.go for cross platform build
Signed-off-by: Anda Xu <anda.xu@docker.com>
2018-09-11 11:22:48 -07:00
Anda Xu
54b3af4c7d update vendor
Signed-off-by: Anda Xu <anda.xu@docker.com>
2018-09-07 17:48:41 -07:00
Anda Xu
d52485c2f9 propagate the dockerd cgroup-parent config to buildkitd
Signed-off-by: Anda Xu <anda.xu@docker.com>
2018-09-07 17:48:41 -07:00
Xiaoxi He
5c0d2a0932 Fix some typos
Signed-off-by: Xiaoxi He <xxhe@alauda.io>
2018-09-07 13:13:47 +08:00
Tõnis Tiigi
4842f7a867
Merge pull request #37738 from tiborvass/remove-unused-field-in-builder
builder: remove unused netnsRoot field in builder-next
2018-09-06 13:33:35 -07:00
Anda Xu
58a75cebdd allow features option live reloadable
Signed-off-by: Anda Xu <anda.xu@docker.com>
2018-08-31 12:43:04 -07:00
Tibor Vass
8ab9e78ee4 builder: remove unused netnsRoot field in builder-next
Signed-off-by: Tibor Vass <tibor@docker.com>
2018-08-31 19:09:52 +00:00
Sebastiaan van Stijn
bf95fbc54f
Use errors.Wrap() in daemon errors, and cleanup messages
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-08-23 16:12:44 +02:00
Tibor Vass
dc7e472db9 builder: fix bridge networking when using buildkit
Signed-off-by: Tibor Vass <tibor@docker.com>
2018-08-23 05:20:01 +00:00
Tonis Tiigi
d6424a088d builder: setup code for a bridge networking
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-08-20 18:55:01 +00:00
Sebastiaan van Stijn
9916827496
Merge pull request #37593 from AntaresS/add-enable-buildkit
[enhancement] add optional fields in daemon.json to enable buildkit
2018-08-20 19:41:56 +01:00
Anda Xu
2be17666b4 add optional fields in daemon.json to enable buildkit
Signed-off-by: Anda Xu <anda.xu@docker.com>
2018-08-19 14:58:23 -07:00
Sebastiaan van Stijn
7d4fa69e33
Merge pull request #37664 from dmcgowan/vendor-containerd-1.2
Update containerd vendor to 1.2 beta
2018-08-18 22:22:41 +01:00
Derek McGowan
98e23f2a8e
Update containerd vendor to 1.2 beta
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2018-08-17 13:08:22 -07:00
John Stephens
b3e9f7b13b
Merge pull request #35521 from salah-khan/35507
Add --chown flag support for ADD/COPY commands for Windows
2018-08-17 11:31:16 -07:00
Salahuddin Khan
763d839261 Add ADD/COPY --chown flag support to Windows
This implements chown support on Windows. Built-in accounts as well
as accounts included in the SAM database of the container are supported.

NOTE: IDPair is now named Identity and IDMappings is now named
IdentityMapping.

The following are valid examples:
ADD --chown=Guest . <some directory>
COPY --chown=Administrator . <some directory>
COPY --chown=Guests . <some directory>
COPY --chown=ContainerUser . <some directory>

On Windows an owner is only granted the permission to read the security
descriptor and read/write the discretionary access control list. This
fix also grants read/write and execute permissions to the owner.

Signed-off-by: Salahuddin Khan <salah@docker.com>
2018-08-13 21:59:11 -07:00
Derek McGowan
dd2e19ebd5
libcontainerd: split client and supervisor
Adds a supervisor package for starting and monitoring containerd.
Separates grpc connection allowing access from daemon.

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2018-08-06 10:23:04 -07:00
Derek McGowan
8fb5f4d5c9
Add configuration option for containerd cri
Disable cri plugin by default in containerd and
allows an option to enable the plugin. This only
has an effect on containerd when supervised by
dockerd. When containerd is managed outside of
dockerd, the configuration is not effected.

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2018-07-24 11:34:47 -07:00
Tibor Vass
195919d9d6 builder: set buildkit's exported product variable via PRODUCT
This introduces a PRODUCT environment variable that is used to set a constant
at dockerversion.ProductName.

That is then used to set BuildKit's ExportedProduct variable in order to show
useful error messages to users when a certain version of the product doesn't
support a BuildKit feature.

Signed-off-by: Tibor Vass <tibor@docker.com>
2018-07-16 21:41:54 +00:00
Sebastiaan van Stijn
aaa1392279
Pass log-level to containerd
dockerd allows the `--log-level` to be specified, but this log-level
was not forwarded to the containerd process.

This patch sets containerd's log-level to the same as dockerd if a
custom level is provided.

Now that `--log-level` is also passed to containerd, the default "info"
is removed, so that containerd's default (or the level configured in containerd.toml)
is still used if no log-level is set.

Before this change:

containerd would always be started without a log-level set (only the level that's configured in `containerd.toml`);

```
root      1014  2.5  2.1 496484 43468 pts/0    Sl+  12:23   0:00 dockerd
root      1023  1.2  1.1 681768 23832 ?        Ssl  12:23   0:00  \_ docker-containerd --config /var/run/docker/containerd/containerd.toml
```

After this change:

when running `dockerd` without options (same as current);

```
root      1014  2.5  2.1 496484 43468 pts/0    Sl+  12:23   0:00 dockerd
root      1023  1.2  1.1 681768 23832 ?        Ssl  12:23   0:00  \_ docker-containerd --config /var/run/docker/containerd/containerd.toml
```

when running `dockerd --debug`:

```
root       600  0.8  2.1 512876 43180 pts/0    Sl+  12:20   0:00 dockerd --debug
root       608  0.6  1.1 624428 23672 ?        Ssl  12:20   0:00  \_ docker-containerd --config /var/run/docker/containerd/containerd.toml --log-level debug
```

when running `dockerd --log-level=panic`

```
root       747  0.6  2.1 496548 43996 pts/0    Sl+  12:21   0:00 dockerd --log-level=panic
root       755  0.7  1.1 550696 24100 ?        Ssl  12:21   0:00  \_ docker-containerd --config /var/run/docker/containerd/containerd.toml --log-level panic
```

combining `--debug` and `--log-level` (`--debug` takes precedence):

```
root       880  2.7  2.1 634692 43336 pts/0    Sl+  12:23   0:00 dockerd --debug --log-level=panic
root       888  1.0  1.1 616232 23652 ?        Ssl  12:23   0:00  \_ docker-containerd --config /var/run/docker/containerd/containerd.toml --log-level debug
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-09 15:38:08 +02:00
Vincent Demeester
3845728524
Update tests to use gotest.tools 👼
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-06-13 09:04:30 +02:00
Tonis Tiigi
b225258496 builder: export build cache records
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-06-10 10:05:27 -07:00
Tonis Tiigi
22f7caee03 builder: experimental buildkit base
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-06-10 10:05:26 -07:00
Tonis Tiigi
44f3dd7653 vendor: update containerd to 63522d9
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-06-08 19:19:06 -07:00
Brian Goff
e4b6adc88e Extract volume interaction to a volumes service
This cleans up some of the package API's used for interacting with
volumes, and simplifies management.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2018-05-25 14:21:07 -04:00
Sebastiaan van Stijn
80bfcc3a7a
Merge pull request #37136 from muesli/sdnotify-api-const
Use go-systemd const instead of magic string in Linux version of dockerd
2018-05-24 14:30:28 +02:00
Christian Muehlhaeuser
d393774a53
Use go-systemd const instead of magic string in Linux version of dockerd
Signed-off-by: Christian Muehlhaeuser <muesli@gmail.com>
2018-05-23 19:06:34 +02:00
Sebastiaan van Stijn
f23c00d870
Various code-cleanup
remove unnescessary import aliases, brackets, and so on.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-05-23 17:50:54 +02:00
Vincent Demeester
032a4b6ef6
Merge pull request #37106 from thaJeztah/unfork-cobra
Bump spf13/cobra to v0.0.3, pflag to v1.0.1
2018-05-22 09:39:52 +02:00
Sebastiaan van Stijn
55bebbaecf
Replace deprecated testutil.ErrorContains()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-05-21 00:13:04 +02:00
Sebastiaan van Stijn
0c3192da8c
Use Cobra built-in --version feature
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-05-19 03:15:08 +02:00
Sebastiaan van Stijn
ed75c7727b
Bump spf13/cobra to v0.0.3, pflag to v1.0.1
Use a tagged release of Cobra. All relevant PR's were merged, so the fork is
no longer needed.

Relevant changes:

- spf13/cobra#552 Add a field to disable [flags] in UseLine()
- spf13/cobra#567 Add `CalledAs` method to cobra.Command
- spf13/cobra#580 Update error message for missing required flags
- spf13/cobra#584 Add support for --version flag
- spf13/cobra#614 If user has a project in symlink, just use its destination folder and work there
- spf13/cobra#649 terminates the flags when -- is found in commandline
- spf13/cobra#662 Add support for ignoring parse errors
- spf13/cobra#686 doc: hide hidden parent flags

Also various improvements were added for generating Bash
completion scripts (currently not used by us)

Fixes usage output for dockerd;

Before this update:

    dockerd --help

    Usage:	dockerd COMMAND

    A self-sufficient runtime for containers.

After this update:

    dockerd --help

    Usage:	dockerd [OPTIONS] [flags]

    A self-sufficient runtime for containers.

Bump spf13/pflag to v1.0.1

Relevant changes:

- spf13/pflag#106 allow lookup by shorthand
- spf13/pflag#113 Add SortFlags option
- spf13/pflag#138 Generate flag error output for errors returned from the parseFunc
- spf13/pflag#141 Fixing Count flag usage string
- spf13/pflag#143 add int16 flag
- spf13/pflag#122 DurationSlice: implementation and tests
- spf13/pflag#115 Implement BytesHex type of argument
- spf13/pflag#150 Add uintSlice and boolSlice to name prettifier
- spf13/pflag#155 Add multiline wrapping support
- spf13/pflag#158 doc: clarify difference between string slice vs. array
- spf13/pflag#160 add ability to ignore unknown flags
- spf13/pflag#163 Allow Users To Show Deprecated Flags

Hide [flags] in usage output

Hides the [flags] in the usage output of commands (present in newer
versions of Cobra), using the `.DisableFlagsInUseLine` option.

Before this change:

    dockerd --help

    Usage:	dockerd [OPTIONS] [flags]

    A self-sufficient runtime for containers.

After this change:

    dockerd --help

    Usage:	dockerd [OPTIONS]

    A self-sufficient runtime for containers.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Â#	modified:   vendor/github.com/spf13/pflag/string_array.go
§

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-05-19 03:09:32 +02:00
Sebastiaan van Stijn
4f8c870d62
Fix some linting issues
These showed locally when running `make validate`. CI doesn't seem to have the
same (possibly it's disabled in the configuration)

    builder/fscache/fscache.go:618::error: github.com/docker/docker/vendor/github.com/tonistiigi/fsutil.StatInfo composite literal uses unkeyed fields (vet)
    client/swarm_unlock_test.go:44::error: github.com/docker/docker/api/types/swarm.UnlockRequest composite literal uses unkeyed fields (vet)
    client/swarm_unlock_test.go:20::error: github.com/docker/docker/api/types/swarm.UnlockRequest composite literal uses unkeyed fields (vet)
    cmd/dockerd/daemon_unix.go:113::error: github.com/docker/docker/cmd/dockerd/hack.MalformedHostHeaderOverride composite literal uses unkeyed fields (vet)
    cmd/dockerd/daemon_unix.go:110::error: github.com/docker/docker/cmd/dockerd/hack.MalformedHostHeaderOverride composite literal uses unkeyed fields (vet)
    daemon/graphdriver/overlay/overlay.go:171::error: github.com/docker/docker/pkg/idtools.IDPair composite literal uses unkeyed fields (vet)
    daemon/graphdriver/overlay/overlay.go:413::error: github.com/docker/docker/pkg/idtools.IDPair composite literal uses unkeyed fields (vet)
    daemon/graphdriver/overlay2/overlay.go:203::error: github.com/docker/docker/pkg/idtools.IDPair composite literal uses unkeyed fields (vet)
    daemon/graphdriver/overlay2/overlay.go:584::error: github.com/docker/docker/pkg/idtools.IDPair composite literal uses unkeyed fields (vet)
    daemon/graphdriver/zfs/zfs.go:109::error: github.com/docker/docker/pkg/idtools.IDPair composite literal uses unkeyed fields (vet)
    daemon/graphdriver/zfs/zfs.go:388::error: github.com/docker/docker/pkg/idtools.IDPair composite literal uses unkeyed fields (vet)
    daemon/volumes_windows.go:27::error: github.com/docker/docker/pkg/idtools.IDPair composite literal uses unkeyed fields (vet)
    integration/service/network_test.go:31::error: github.com/docker/docker/api/types/network.NetworkingConfig composite literal uses unkeyed fields (vet)
    api/server/server.go:129:10⚠️ should not use basic type string as key in context.WithValue (golint)
    integration/service/network_test.go:54::error: github.com/docker/docker/api/types/network.NetworkingConfig composite literal uses unkeyed fields (vet)
    libcontainerd/client_daemon_linux.go:61::error: github.com/docker/docker/pkg/idtools.IDPair composite literal uses unkeyed fields (vet)
    libcontainerd/client_daemon_linux.go:74::error: github.com/docker/docker/pkg/idtools.IDPair composite literal uses unkeyed fields (vet)
    pkg/archive/archive_windows.go:76::error: github.com/docker/docker/pkg/idtools.IDPair composite literal uses unkeyed fields (vet)
    plugin/manager_linux.go:56::error: github.com/docker/docker/pkg/idtools.IDPair composite literal uses unkeyed fields (vet)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-05-17 19:28:27 +02:00
Sebastiaan van Stijn
57493cd606
Merge pull request #36921 from cyli/filter-namespaced-labels
Warn when reserved-namespace engine labels are configured
2018-05-07 15:12:52 +02:00
Alessandro Boch
173b3c364e Allow user to control the default address pools
- Via daemon flag --default-address-pools base=<CIDR>,size=<int>

Signed-off-by: Elango Siva  <elango@docker.com>
2018-04-30 11:14:08 -04:00
cyli
d1d7bcd6d7 Filter engine labels to exclude com.docker.*, io.docker.*, and org.dockerproject.*
labels as per https://docs.docker.com/config/labels-custom-metadata/.

Signed-off-by: Ying Li <ying.li@docker.com>
2018-04-24 11:42:09 -07:00
Karthik Karanth
05346355db Refactor code in cmd/dockerd/daemon.go
Signed-off-by: Karthik Karanth <karanth.karthik@gmail.com>
2018-04-13 00:14:20 +05:30
David Chung
275a1ca7c8 Expose swarm raft tuning parameters in engine config
Signed-off-by: David Chung <david.chung@docker.com>
2018-03-28 16:54:43 -07:00
Sebastiaan van Stijn
cd3e84c6b3
Split daemon service code to _windows file
This moves some of the code that was conditionally
executed on Windows to a separate, windows-only file.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-03-21 12:57:53 +01:00
Daniel Nephin
6be0f70983 Automated migration using
gty-migrate-from-testify --ignore-build-tags

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-03-16 11:03:43 -04:00
Daniel Nephin
0dab53ff3c Move all daemon image methods into imageService
imageService provides the backend for the image API and handles the
imageStore, and referenceStore.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-26 16:48:29 -05:00
Brian Goff
b0b9a25e7e Move log validator logic after plugins are loaded
This ensures that all log plugins are registered when the log validator
is run.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2018-02-15 11:53:11 -05:00
Daniel Nephin
e574c5ae73 Move commit to container backend
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-14 16:06:12 -05:00
Sebastiaan van Stijn
250193387c
Remove workaround for Nano server TP5
This workaround for golang/go#15286 was added for Nano server TP5 in
fa82c0aa10, and should no longer be
needed

Due to a security fix in Go 1.9.4/1.8.7, loading the .dll is no longer
allowed, and produces an error:

   .\docker_windows.go:9:3: //go:cgo_import_dynamic main.dummy CommandLineToArgvW%2 "shell32.dll" only allowed in cgo-generated code

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-02-07 23:38:14 -08:00
Daniel Nephin
4f0d95fa6e Add canonical import comment
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-05 16:51:57 -05:00
Sebastiaan van Stijn
6e7715d65b
Fix "--node-generic-resource" singular/plural
Daemon flags that can be specified multiple times use
singlar names for flags, but plural names for the configuration
file.

To make the daemon configuration know how to correlate
the flag with the corresponding configuration option,
`opt.NewNamedListOptsRef()` should be used instead of
`opt.NewListOptsRef()`.

Commit 6702ac590e attempted
to fix the daemon not corresponding the flag with the configuration
file option, but did so by changing the name of the flag
to plural.

This patch reverts that change, and uses `opt.NewNamedListOptsRef()`
instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-01-26 13:53:13 -08:00
Renaud Gaubert
6702ac590e Fix node-generic-resources CLI typo
Signed-off-by: Renaud Gaubert <rgaubert@nvidia.com>
2018-01-10 00:51:47 +01:00
Sebastiaan van Stijn
6ed1163c98
Remove redundant build-tags
Files that are suffixed with `_linux.go` or `_windows.go` are
already only built on Linux / Windows, so these build-tags
were redundant.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-12-18 17:41:53 +01:00
Sebastiaan van Stijn
1589cc0a85
Remove Solaris files
Solaris is no longer being worked on, so these files
are now just dead code.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-12-18 17:22:25 +01:00
Sebastiaan van Stijn
16fe5a1289
Remove unused experimental code
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-12-18 17:07:48 +01:00
Sebastiaan van Stijn
8d6df8a0ad
Disallow using legacy (V1) registries
Interacting with v1 registries was deprecated in Docker 1.8.3, disabled by default
in Docker 17.06, and scheduled for removal in Docker 17.12.

This patch disallows enabling V1 registry through the `--disable-legacy-registry`
option, and the `"disable-legacy-registry": false` option in the daemon configuration
file. The actual V1 registry code is still in place, and will be removed separately.

With this patch applied:

    $ dockerd --disable-legacy-registry=false
    ERROR: The '--disable-legacy-registry' flag has been removed. Interacting with legacy (v1) registries is no longer supported

Or, when setting through the `daemon.json` configuration file

    $ mkdir -p /etc/docker/
    $ echo '{"disable-legacy-registry":false}' > /etc/docker/daemon.json
    $ dockerd
    ERROR: The 'disable-legacy-registry' configuration option has been removed. Interacting with legacy (v1) registries is no longer supported

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-12-09 02:24:43 -08:00
Flavio Crisciani
a97e45794e
Add option to enable networkDB debug
Add a new configuration option to allow the enabling
of the networkDB debug. The option is only parsed using the
reload event. This will protect the daemon on start or restart
if the option is left behind in the config file

Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
2017-12-06 13:19:47 -08:00
Michael Crosby
97b0a9d5f1 Fix nonewmountns for containerd options
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-12-04 14:17:30 -05:00
Sebastiaan van Stijn
8c6322338c
Remove deprecated support for duplicate label-keys
Support for duplicate labels (but different values) was
deprecated in commit e4c9079d09
(Docker 1.13), and scheduled for removal in 17.12

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-11-12 03:11:37 +01:00
Renaud Gaubert
ebe14310b7 Updated GenericResource CLI
Signed-off-by: Renaud Gaubert <renaud.gaubert@gmail.com>
2017-11-06 21:47:26 +01:00
Yong Tang
4785f1a7ab Remove solaris build tag and `contrib/mkimage/solaris
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-11-02 00:01:46 +00:00
Michael Crosby
5a9b5f10cf Remove solaris files
For obvious reasons that it is not really supported now.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-10-24 15:39:34 -04:00
Vincent Demeester
2058854c4b Merge pull request #35253 from Microsoft/jjh/startuplogging
Windows: Fix startup logging
2017-10-23 18:43:41 +02:00
Kenfe-Mickael Laventure
ddae20c032
Update libcontainerd to use containerd 1.0
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-10-20 07:11:37 -07:00
John Howard
7d0dea1055 Fix startup logging
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-10-19 11:09:29 -07:00
John Howard
0380fbff37 LCOW: API: Add platform to /images/create and /build
Signed-off-by: John Howard <jhoward@microsoft.com>

This PR has the API changes described in https://github.com/moby/moby/issues/34617.
Specifically, it adds an HTTP header "X-Requested-Platform" which is a JSON-encoded
OCI Image-spec `Platform` structure.

In addition, it renames (almost all) uses of a string variable platform (and associated)
methods/functions to os. This makes it much clearer to disambiguate with the swarm
"platform" which is really os/arch. This is a stepping stone to getting the daemon towards
fully multi-platform/arch-aware, and makes it clear when "operating system" is being
referred to rather than "platform" which is misleadingly used - sometimes in the swarm
meaning, but more often as just the operating system.
2017-10-06 11:44:18 -07:00
Daniel Nephin
27cfa68af1 Move RFC3339NanoFixed to a more appropriate package.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-09-25 16:07:24 -04:00
Yong Tang
b075cd2d78 Merge pull request #34495 from ripcurld0/registry_mirror_json
Exit if service config is loaded unsuccessfully on startup
2017-09-18 21:59:14 -07:00
Boaz Shuster
5258297dac Exit if service config is loaded unsuccessfully on startup
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
2017-09-17 18:50:16 +03:00
Victor Vieux
ff686743c5 Add LCOW behind experimental,
might not be the cleanest way, but it's definitly the way with the
minimum code change.

Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-09-14 13:51:16 -07:00
Yong Tang
dc35a8a5d2 Merge pull request #34821 from thaJeztah/remove-enable-api-cors
Remove deprecated --enable-api-cors flag
2017-09-13 20:10:27 -07:00
Daniel Nephin
f7f101d57e Add gosimple linter
Update gometalinter

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-09-12 12:09:59 -04:00
Sebastiaan van Stijn
7d4eab5543
Remove deprecated --enable-api-cors flag
The `--enable-api-cors` flag was deprecated in f3dd2db4ff,
and marked for removal in docker 17.09 through 85f92ef359.

This patch removes the deprecated flag.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-09-12 12:43:34 +02:00
Yong Tang
cb952bf006 Merge pull request #34625 from dnephin/more-linters
Add interfacer and unconvert linters
2017-09-01 08:46:08 -07:00
Daniel Nephin
73ec0ff86b Remove command line flag install from registry package.
Settings flags is the responsibility of the application (cmd/) not a library

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-29 15:55:09 -04:00
Daniel Nephin
e62b2d410c Move ErrorContains to an internal package.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-25 12:04:58 -04:00
Yong Tang
2cea2f5469 Merge pull request #34583 from tklauser/win-event-functions
Use windows event functions from golang.org/x/sys/windows
2017-08-25 07:43:03 -07:00
Daniel Nephin
709bf8b7bc Add interfacer linter
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-24 15:08:26 -04:00
Daniel Nephin
60672382c7 Update tests to use gotestyourself/fs
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-23 17:25:00 -04:00
Daniel Nephin
62c1f0ef41 Add deadcode linter
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-21 18:18:50 -04:00
Daniel Nephin
372670b507 Add goimports to linters.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-21 18:15:08 -04:00
Tobias Klauser
e942513ac4 Use event functions from golang.org/x/sys/windows
Use CreateEvent, OpenEvent (which both map to the respective *EventW
function) and PulseEvent from golang.org/x/sys instead of local copies.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-08-21 12:58:09 +02:00
Daniel Nephin
9b47b7b151 Fix golint errors.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-18 14:23:44 -04:00
Kir Kolyshkin
7120976d74 Implement none, private, and shareable ipc modes
Since the commit d88fe447df ("Add support for sharing /dev/shm/ and
/dev/mqueue between containers") container's /dev/shm is mounted on the
host first, then bind-mounted inside the container. This is done that
way in order to be able to share this container's IPC namespace
(and the /dev/shm mount point) with another container.

Unfortunately, this functionality breaks container checkpoint/restore
(even if IPC is not shared). Since /dev/shm is an external mount, its
contents is not saved by `criu checkpoint`, and so upon restore any
application that tries to access data under /dev/shm is severily
disappointed (which usually results in a fatal crash).

This commit solves the issue by introducing new IPC modes for containers
(in addition to 'host' and 'container:ID'). The new modes are:

 - 'shareable':	enables sharing this container's IPC with others
		(this used to be the implicit default);

 - 'private':	disables sharing this container's IPC.

In 'private' mode, container's /dev/shm is truly mounted inside the
container, without any bind-mounting from the host, which solves the
issue.

While at it, let's also implement 'none' mode. The motivation, as
eloquently put by Justin Cormack, is:

> I wondered a while back about having a none shm mode, as currently it is
> not possible to have a totally unwriteable container as there is always
> a /dev/shm writeable mount. It is a bit of a niche case (and clearly
> should never be allowed to be daemon default) but it would be trivial to
> add now so maybe we should...

...so here's yet yet another mode:

 - 'none':	no /dev/shm mount inside the container (though it still
		has its own private IPC namespace).

Now, to ultimately solve the abovementioned checkpoint/restore issue, we'd
need to make 'private' the default mode, but unfortunately it breaks the
backward compatibility. So, let's make the default container IPC mode
per-daemon configurable (with the built-in default set to 'shareable'
for now). The default can be changed either via a daemon CLI option
(--default-shm-mode) or a daemon.json configuration file parameter
of the same name.

Note one can only set either 'shareable' or 'private' IPC modes as a
daemon default (i.e. in this context 'host', 'container', or 'none'
do not make much sense).

Some other changes this patch introduces are:

1. A mount for /dev/shm is added to default OCI Linux spec.

2. IpcMode.Valid() is simplified to remove duplicated code that parsed
   'container:ID' form. Note the old version used to check that ID does
   not contain a semicolon -- this is no longer the case (tests are
   modified accordingly). The motivation is we should either do a
   proper check for container ID validity, or don't check it at all
   (since it is checked in other places anyway). I chose the latter.

3. IpcMode.Container() is modified to not return container ID if the
   mode value does not start with "container:", unifying the check to
   be the same as in IpcMode.IsContainer().

3. IPC mode unit tests (runconfig/hostconfig_test.go) are modified
   to add checks for newly added values.

[v2: addressed review at https://github.com/moby/moby/pull/34087#pullrequestreview-51345997]
[v3: addressed review at https://github.com/moby/moby/pull/34087#pullrequestreview-53902833]
[v4: addressed the case of upgrading from older daemon, in this case
     container.HostConfig.IpcMode is unset and this is valid]
[v5: document old and new IpcMode values in api/swagger.yaml]
[v6: add the 'none' mode, changelog entry to docs/api/version-history.md]

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-08-14 10:50:39 +03:00
Vincent Demeester
c204fce2ee
Move pkg/listeners away
It is only used in `daemon` and should really live there.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-08-08 18:14:04 +02:00
Yong Tang
cb9128677f Merge pull request #34371 from Microsoft/jjh/logrustimestamp
logrus use full timestamp
2017-08-04 07:25:59 -07:00
John Howard
af64e396ca logrus use full timestamp
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-08-02 10:30:30 -07:00
yuexiao-wang
cc4da81128 Remove the logrus from pkg/signal
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2017-08-02 18:15:25 +08:00
Derek McGowan
1009e6a40b
Update logrus to v1.0.1
Fixes case sensitivity issue

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2017-07-31 13:16:46 -07:00
Sebastiaan van Stijn
1375d893e9 Merge pull request #34304 from tiborvass/use-buildkit-session
Use buildkit session package
2017-07-31 11:16:27 -07:00
Tibor Vass
41445a4745 Remove client/session package, depend on buildkit's session package
gofmt -w -r '"github.com/docker/docker/client/session" -> "github.com/moby/buildkit/session"'
gofmt -w -r '"github.com/docker/docker/client/session/filesync" -> "github.com/moby/buildkit/session/filesync"'

Signed-off-by: Tibor Vass <tibor@docker.com>
2017-07-28 16:34:23 -07:00
Flavio Crisciani
f9f25ca5e4
Allow to set the control plane MTU
Add daemon config to allow the user to specify the MTU of the control plane network.
The first user of this new parameter is actually libnetwork that can seed the
gossip with the proper MTU value allowing to pack multiple messages per UDP packet sent.
If the value is not specified or is lower than 1500 the logic will set it to the default.

Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
2017-07-28 13:52:03 -07:00
Brian Goff
9319a8a2dd Merge pull request #33440 from RenaudWasTaken/genericresource
Added support for Generic Resources
2017-07-25 15:32:25 -04:00
Renaud Gaubert
87e1464c43 Added support for Generic Resources
Signed-off-by: Renaud Gaubert <rgaubert@nvidia.com>
2017-07-24 17:49:56 -07:00
Brian Goff
408c7ade70 Enable pprof/debug endpoints by default
Makes sure that debug endpoints are always available, which will aid in
debugging demon issues.

Wraps debug endpoints in the middleware chain so the can be blocked by
authz.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-07-17 15:01:30 -04:00
Tobias Klauser
e769da88e6 Windows: fix build after re-vendoring golang.org/x/sys
Due to the CL https://go-review.googlesource.com/c/39608/ in
x/sys/windows which changed the definitions of STD_INPUT_HANDLE,
STD_OUTPUT_HANDLE and STD_ERROR_HANDLE, we get the following failure
in cmd/dockerd/service_windows.go after re-vendoring x/sys/windows:

  06:29:57 # github.com/docker/docker/cmd/dockerd
  06:29:57 .\service_windows.go:400: cannot use sh (type int) as type uint32 in argument to windows.GetStdHandle

Fix it by adding an explicit type conversion when calling
windows.GetStdHandle.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-12 14:52:42 +02:00
Christopher Jones
069fdc8a08
[project] change syscall to /x/sys/unix|windows
Changes most references of syscall to golang.org/x/sys/
Ones aren't changes include, Errno, Signal and SysProcAttr
as they haven't been implemented in /x/sys/.

Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>

[s390x] switch utsname from unsigned to signed

per 33267e036f
char in s390x in the /x/sys/unix package is now signed, so
change the buildtags

Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
2017-07-11 08:00:32 -04:00
Brian Goff
72c3bcf2a5 Make plugin emit strongly typed, consumable events
Enables other subsystems to watch actions for a plugin(s).

This will be used specifically for implementing plugins on swarm where a
swarm controller needs to watch the state of a plugin.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-07-06 14:26:06 -04:00
Tonis Tiigi
8f68adfaf0 Improve routes initialization
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-06-22 11:52:43 -07:00
Tonis Tiigi
5c3d2d552b Implement incremental file sync using client session
Also exposes shared cache and garbage collection/prune
for the source data.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-06-22 11:52:35 -07:00
Tonis Tiigi
ec7b6238c3 Add long-running client session endpoint
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-06-22 11:22:41 -07:00
John Howard
3aa4a00715 LCOW: Move daemon stores to per platform
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-20 19:49:52 -07:00
John Howard
01e597ca43 LCOW: Deprecate storagedriver option
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-20 09:21:37 -07:00
John Howard
fe5b34ba88 LCOW: Add environment variable to enable
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-20 08:55:46 -07:00
Vincent Demeester
99c72eb268 Merge pull request #33454 from dnephin/refactor-builder-remove-copy-on-build
[Builder] Move file coping from the daemon to the builder
2017-06-20 10:12:57 +02:00
allencloud
148f2711e8 add NamedUlimitOpt implement NamedOption to fix 32528
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-16 10:14:09 +08:00
Sebastiaan van Stijn
128280013f
Disable legacy (v1) registries by default
Deprecation of interacting with v1 registries was
started in docker 1.8.3, which added a `--disable-legacy-registry`
flag.

This option was anounced to be the default starting
with docker 17.06, and v1 registries completely
removed in docker 17.12.

This patch updates the default, and disables
interaction with v1 registres by default.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-12 11:04:28 +02:00
Daniel Nephin
5136096520 Fix copy when used with scratch and images with empty RootFS
Commit the rwLayer to get the correct DiffID
Refacator copy in thebuilder
move more code into exportImage
cleanup some windows tests
Release the newly commited layer.
Set the imageID on the buildStage after exporting a new image.
Move archiver to BuildManager.
Have ReleaseableLayer.Commit return a layer
and store the Image from exportImage in the local imageSources cache
Remove NewChild from image interface.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-08 15:07:16 -04:00
Akihiro Suda
cd2255a296 Merge pull request #33330 from coolljt0725/fix_sock_is_dir
Don't create source directory while the daemon is being shutdown, fix #30348
2017-06-07 12:37:08 +09:00
Vincent Demeester
9ff9a91ab7
Remove cli/flags package
- Moving the `common*.go` files in `cmd/dockerd` directly (it's the
  only place it's getting used)
- Rename `cli/flags` to `cli/config` because it's the only thing left
  in that package 👼

Now, `integration-cli` does *truly* not depend on `cobra` stuff.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-01 13:34:31 -07:00
Lei Jitang
7318eba5b2 Don't create source directory while the daemon is being shutdown, fix #30348
If a container mount the socket the daemon is listening on into
container while the daemon is being shutdown, the socket will
not exist on the host, then daemon will assume it's a directory
and create it on the host, this will cause the daemon can't start
next time.

fix issue https://github.com/moby/moby/issues/30348

To reproduce this issue, you can add following code

```
--- a/daemon/oci_linux.go
+++ b/daemon/oci_linux.go
@@ -8,6 +8,7 @@ import (
        "sort"
        "strconv"
        "strings"
+       "time"

        "github.com/Sirupsen/logrus"
        "github.com/docker/docker/container"
@@ -666,7 +667,8 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e
        if err := daemon.setupIpcDirs(c); err != nil {
                return nil, err
        }
-
+       fmt.Printf("===please stop the daemon===\n")
+       time.Sleep(time.Second * 2)
        ms, err := daemon.setupMounts(c)
        if err != nil {
                return nil, err

```

step1 run a container which has `--restart always` and `-v /var/run/docker.sock:/sock`
```
$ docker run -ti --restart always -v /var/run/docker.sock:/sock busybox
/ #

```
step2 exit the the container
```
/ # exit
```
and kill the daemon when you see
```
===please stop the daemon===
```
in the daemon log

The daemon can't restart again and fail with `can't create unix socket /var/run/docker.sock: is a directory`.

Signed-off-by: Lei Jitang <leijitang@huawei.com>
2017-05-30 22:59:51 -04:00
Dong Chen
59d45c384a support cluster events
Signed-off-by: Dong Chen <dongluo.chen@docker.com>
2017-05-17 11:46:30 -07:00
Sebastiaan van Stijn
a30ef99e8d Merge pull request #33151 from nwt/push-foreign-layers
Add daemon option to push foreign layers
2017-05-17 02:04:31 +02:00
Noah Treuhaft
67fdf574d5 Add daemon option to push foreign layers
The --allow-nondistributable-artifacts daemon option specifies
registries to which foreign layers should be pushed.  (By default,
foreign layers are not pushed to registries.)

Additionally, to make this option effective, foreign layers are now
pulled from the registry if possible, falling back to the URLs in the
image manifest otherwise.

This option is useful when pushing images containing foreign layers to a
registry on an air-gapped network so hosts on that network can pull the
images without connecting to another server.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2017-05-16 14:36:36 -07:00
Ying Li
ddd5278b07 Use exclusive root pools if a CA cert file is specified in the daemon
Signed-off-by: Ying Li <ying.li@docker.com>
2017-05-12 14:43:34 -07:00
Sebastiaan van Stijn
5771687002 Merge pull request #32587 from dmcgowan/trust-key-config
Expose trust key path in config
2017-05-11 21:03:47 +02:00
Flavio Crisciani
e2ec006797
Fix race condition between swarm and libnetwork
This commit in conjunction with a libnetwork side commit,
cleans up the libnetwork SetClusterProvider logic interaction.
The previous code was inducing libnetwork to spawn several go
routines that were racing between each other during the agent
init and close.

A test got added to verify that back to back swarm init and leave
are properly processed and not raise crashes

Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
2017-05-10 21:16:52 -07:00
Derek McGowan
e428c824c3
Expose trust key path in config
Allows storing key under any directory. In the case where the
"/etc/docker" directory is not preserved, this file can be
specified to a location where it will be preserved to ensure
the ID does not change across restarts.

Note this key is currently only used today to generate the ID
used in Docker info and for manifest schema v1 pushes. The key
signature and finger on these manifests are not checked or
used any longer for security, deprecated by notary.

Removes old key migration from a pre-release of Docker which put
the key under the home directory and was used to preserve ID used
for swarm v1 after the file moved.

closes #32135

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2017-05-10 14:16:27 -07:00
Nishant Totla
41b27de41b
Adding /distribution/{name}/json endpoint to contact registry
Signed-off-by: Nishant Totla <nishanttotla@gmail.com>
2017-05-08 16:58:38 -07:00
Arnaud Porterie (icecrime)
32915b1d0a Remove cmd/docker and other directories in cli/ in accordance with the new Moby project scope
Starting with this commit, integration tests should no longer rely on
the docker cli, they should be API tests instead. For the existing tests
the scripts will use a frozen version of the docker cli with a
DOCKER_API_VERSION frozen to 1.30, which should ensure that the CI remains
green at all times.

To help contributors develop and test manually with a modified docker
cli, this commit also adds a DOCKER_CLI_PATH environment variable to the
Makefile. This allows to set the path of a custom cli that will be
available inside the development container and used to run the
integration tests.

Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
2017-05-05 12:14:29 -07:00
Brian Goff
140fefd581 Merge pull request #32944 from cpuguy83/add_no_new_privs_flag
Add no-new-privileg flag
2017-05-04 09:23:01 -04:00
Brian Goff
ba332a60b2 Add no-new-privileg flag
The daemon config for defaulting to no-new-privileges for containers was
added in d7fda019bb, but somehow we
managed to omit the flag itself, but also documented the flag.
This just adds the actual flag.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-05-01 15:31:56 -04:00
Daniel Nephin
0296797f0f Extract squash and tagging from the Dockerfile builder.
Remove pathCache and replace it with syncmap
Cleanup NewBuilder
Create an api/server/backend/build
Extract BuildTagger

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-05-01 12:07:32 -04:00
Aaron Lehmann
6052f2b396 Remove pkg/testutil/assert in favor of testify
I noticed that we're using a homegrown package for assertions. The
functions are extremely similar to testify, but with enough slight
differences to be confusing (for example, Equal takes its arguments in a
different order). We already vendor testify, and it's used in a few
places by tests.

I also found some problems with pkg/testutil/assert. For example, the
NotNil function seems to be broken. It checks the argument against
"nil", which only works for an interface. If you pass in a nil map or
slice, the equality check will fail.

In the interest of avoiding NIH, I'm proposing replacing
pkg/testutil/assert with testify. The test code looks almost the same,
but we avoid the confusion of having two similar but slightly different
assertion packages, and having to maintain our own package instead of
using a commonly-used one.

In the process, I found a few places where the tests should halt if an
assertion fails, so I've made those cases (that I noticed) use "require"
instead of "assert", and I've vendored the "require" package from
testify alongside the already-present "assert" package.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-04-14 12:03:21 -07:00
Sebastiaan van Stijn
a96de091d6 Merge pull request #32244 from Microsoft/jjh/panicfix
Windows - fix panic and stderr output when service
2017-04-01 20:00:59 +02:00
John Howard
141a83b820 Windows - fix panic and stderr
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-03-31 09:51:50 -07:00
Vincent Demeester
1ecaed0a99 Merge pull request #28696 from jlhawn/deprecate_graph_flag
Deprecate --graph flag; Replace with --data-root
2017-03-31 10:51:15 +02:00
Evan Hazlett
59aed5ab36 Merge pull request #32174 from KarthikNayak/32113
Dockerd: enable CORS when only `--api-cors-header` is used
2017-03-30 11:13:52 -04:00
Sebastiaan van Stijn
df7a72cffa
Add conflict check for flags, and update deprecation versions
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-03-30 12:21:05 +02:00
Sebastiaan van Stijn
9894576fb7
Remove constant for "config-file" flag
None of the daemon flags use a constant for the
flag name.

This patch removes the constant for consistency

Also removes a FIXME, that was now in the wrong
location, and added a long time ago in
353b7c8ec7,
without a lot of context (and probably no longer really relevant).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-03-30 12:01:00 +02:00
Josh Hawn
261ef1fa27 Deprecate --graph flag; Replace with --data-root
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2017-03-30 11:24:56 +02:00
Sebastiaan van Stijn
bce494f7a2 Merge pull request #31830 from dnephin/refactor-cli-state
Small cleanup now that we have multiple details about the server stored on the cli
2017-03-29 13:36:32 +02:00
Karthik Nayak
f0f673f4d5
Dockerd: enable CORS when only --api-cors-header is used
Even though the flag `--api-enable-cors` is deprecated in favor of
`--api-cors-header`. Using only `--api-cors-header` does not enable
CORS.

Make changes to 'cmd/dockerd/daemon.go' to enable cors if either of
the above flags is set.

Signed-off-by: Karthik Nayak <Karthik.188@gmail.com>
2017-03-28 18:09:14 +05:30
Brian Goff
b47c50cf11 Merge pull request #31668 from Microsoft/jjh/nopidfileasservice
Windows: no pidfile when service
2017-03-23 17:10:35 -04:00
Anusha Ragunathan
bbce24997c Merge pull request #31930 from anusha-ragunathan/authz-disable
When authz plugin is disabled, remove from authz middleware chain.
2017-03-22 14:17:38 -07:00
Anusha Ragunathan
38de272bd4 When authz plugin is disabled, remove from authz middleware chain.
When the daemon is configured to run with an authorization-plugin and if
the plugin is disabled, the daemon continues to send API requests to the
plugin and expect it to respond. But the plugin has been disabled. As a
result, all API requests are blocked. Fix this behavior by removing the
disabled plugin from the authz middleware chain.

Tested using riyaz/authz-no-volume-plugin and observed that after
disabling the plugin, API request/response is functional.

Fixes #31836

Signed-off-by: Anusha Ragunathan <anusha.ragunathan@docker.com>
2017-03-22 12:07:39 -07:00
Sebastiaan van Stijn
ba76a0c912
update "docker daemon" deprecation message for new version scheme
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-03-22 00:21:15 +01:00
Daniel Nephin
4152243985 Create a new ServerType struct for storing details about the server on the client.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-03-20 12:48:25 -04:00
Sebastiaan van Stijn
15d63f1c5b Improve error handling of commands run against unsupported daemon
The current error-handling only checked for version annotations
on the subcommand itself, but did not check the top-level command.

This patch always traverses the command path (parents), and
prints an error if the command is not supported.

Before this change:

    $ docker service
    Usage:	docker service COMMAND

    Manage services

    Options:
          --help   Print usage

    Commands:
      create      Create a new service
      inspect     Display detailed information on one or more services
      ls          List services
      ps          List the tasks of one or more services
      rm          Remove one or more services
      scale       Scale one or multiple replicated services
      update      Update a service

    Run 'docker service COMMAND --help' for more information on a command.

    $ docker service ls
    ID                  NAME                MODE                REPLICAS            IMAGE

After this change:

    $ DOCKER_API_VERSION=1.12 docker service
    docker service requires API version 1.24, but the Docker daemon API version is 1.12

    $ DOCKER_API_VERSION=1.12 docker service ls
    docker service ls requires API version 1.24, but the Docker daemon API version is 1.12

    $ DOCKER_API_VERSION=1.24 docker plugin --help
    docker plugin requires API version 1.25, but the Docker daemon API version is 1.24

    $ DOCKER_API_VERSION=1.25 docker plugin upgrade --help
    docker plugin upgrade requires API version 1.26, but the Docker daemon API version is 1.25

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-03-16 13:45:50 +01:00
Boaz Shuster
7199522ea2 Hide command options that are related to Windows
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
2017-03-12 08:47:17 +02:00
John Howard
a8e144dab4 Windows: no pidfile when service
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-03-08 15:18:30 -08:00
Aleksa Sarai
dd7159060f
cmd: docker: fix TestDaemonCommand
In more recent versions of Cobra, `--help` parsing is done before
anything else resulting in TestDaemonCommand not actually passing. I'm
actually unsure if this test ever passed since it appears that !daemon
is not being run as part of the test suite.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2017-03-05 15:26:49 +11:00
yuexiao-wang
5a9cee7bb5 'docker daemon' deprecation message doesn't use the new versioning scheme
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2017-03-03 17:26:49 +08:00
Brian Goff
7f0b833621 Merge pull request #31054 from darrenstahlmsft/WaitOOBE
Windows: Wait for OOBE to prevent crashing during host update
2017-02-16 11:18:25 -05:00
Darren Stahl
e128a65685 Windows: Wait for OOBE to prevent crashing during host update
Signed-off-by: Darren Stahl <darst@microsoft.com>
2017-02-15 14:01:54 -08:00
Alexander Morozov
abe6a073c7 Merge pull request #28638 from yongtang/28626-improve-error-handling
Improve error handling of experimental features in non-experimental mode
2017-02-15 11:00:03 -08:00
Alexander Morozov
f3a8886d88 Merge pull request #29673 from vdemeester/extract-daemon-config
Extract daemon configuration and discovery to their own package
2017-02-13 09:11:13 -08:00
Yong Tang
8421fc6349 Additional experimental features in non-experimental mode error handling
This fix is the follow up of the last commit.
In this fix:
1. If any of the parents of a command has tags, then this command's
`Args` (Args validation func) will be wrapped up. The warpped up func
will check to see if the feature is supported or not. If it is not supported,
then a not supported message is generated instead.

This fix is related to 28626.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-02-10 17:05:10 -08:00
Yong Tang
9f6fea8e7b Improve error handling of experimental features in non-experimental mode
This fix tries to address several issues raised in 28626 where
run against a non-experimental daemon may not generate correct
error message:
1. Incorrect flags were not checked against the supported features:
   ```
   $ docker stack --nonsense
   unknown flag: --nonsense
   ```
2. Subcommands were not checked against the supported features:
   ```
   $ docker stack ls
   Error response from daemon: This node is not a swarm manager...
   ```

This fix address the above mentioned issues by:
1. Add a pre-check for FlagErrorFunc
2. Recursively check if a feature is supported for cmd and its parents.

This fix fixes 28626.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-02-10 16:54:19 -08:00
Aaron.L.Xu
437e81cd69 review code about cmd/* and fix some easy typos :D
Signed-off-by: Aaron.L.Xu <likexu@harmonycloud.cn>
2017-02-10 15:52:33 +08:00
Vincent Demeester
db63f9370e
Extract daemon configuration and discovery to their own package
This also moves some cli specific in `cmd/dockerd` as it does not
really belong to the `daemon/config` package.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-02-08 09:53:38 +01:00
Vincent Demeester
f538c4bd3c Merge pull request #30187 from thaJeztah/show-error-on-unsupported-flags
print error if unsupported flags are used
2017-02-04 22:43:51 +01:00
Sebastiaan van Stijn
34148978bd
print error if unsupported flags are used
Docker 1.13 and up allows a client to communicate
with older daemons. As a result, flags may be
present that are not supported by the older daemon.

The client already _hides_ flags that are not
supported yet, but this doesn't present users
from using those flags.

This change shows an error if a flag is used
that is not supported by the daemon (either
based on the API version, or because experimental
features are not enabled).

Note that for some options, a check is already
in place in the API client. For those
options, this is just a minor enhancement
to more clearly indicate which _flag_ is
not supported.

Before this change;

    DOCKER_API_VERSION=1.24 docker run -d --stop-timeout=30 busybox top
    mjfyt3qpvnq0iwmun3sjwth9i

    echo -e "FROM busybox\nRUN echo foo > bar" |  DOCKER_API_VERSION=1.24 docker build --squash -
    "squash" requires API version 1.25, but the Docker server is version 1.24

After this change;

    DOCKER_API_VERSION=1.24 docker run -d --stop-timeout=30 busybox top
    "--stop-timeout" requires API version 1.25, but the Docker daemon is version 1.24

    echo -e "FROM busybox\nRUN echo foo > bar" | DOCKER_API_VERSION=1.24 docker build --squash -
    "--squash" requires API version 1.25, but the Docker daemon is version 1.24

    echo -e "FROM busybox\nRUN echo foo > bar" | docker build --squash -
    "--squash" is only supported on a Docker daemon with experimental features enabled

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-03 16:59:20 -08:00
Darren Stahl
b2a7f6abb3 Windows: Add service dependency ConDrv
Signed-off-by: Darren Stahl <darst@microsoft.com>
2017-01-17 10:55:25 -08:00
Aaron Lehmann
428600108c plugingetter: Avoid all caps for constant declarations
Go style calls for mixed caps instead of all caps:
https://golang.org/doc/effective_go.html#mixed-caps

Change LOOKUP, ACQUIRE, and RELEASE to Lookup, Acquire, and Release.

This vendors a fork of libnetwork for now, to deal with a cyclic
dependency issue. The change will be upstream to libnetwork once this is
merged.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-01-04 10:19:04 -08:00
Vincent Demeester
ce964a607a
Move package cliconfig to cli/config
I felt it made more sence 👼

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-12-25 20:31:52 +01:00
Tonis Tiigi
3d86b0c79b Implement content addressability for plugins
Move plugins to shared distribution stack with images.

Create immutable plugin config that matches schema2 requirements.

Ensure data being pushed is same as pulled/created.

Store distribution artifacts in a blobstore.

Run init layer setup for every plugin start.

Fix breakouts from unsafe file accesses.

Add support for `docker plugin install --alias`

Uses normalized references for default names to avoid collisions when using default hosts/tags.

Some refactoring of the plugin manager to support the change, like removing the singleton manager and adding manager config struct.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2016-12-23 13:29:58 -08:00
Sebastiaan van Stijn
b9ee31ae02 Merge pull request #29314 from vdemeester/no-more-utils
Remove the utils package
2016-12-22 15:21:05 +01:00
janonymous
f25e5ceeca Change -tlsverify to --tlsverify (Bug Fix: #29521)
Signed-off-by: Jaivish Kothari <janonymous.codevulture@gmail.com>
2016-12-19 18:03:57 +05:30
unclejack
2c187a24e0 return directly without ifs in remaining packages
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
2016-12-14 23:28:27 +02:00
Vincent Demeester
ce37550347
Move debug functions to cli/debug package
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-12-12 09:33:58 +01:00
Daniel Nephin
bb7601a3ff exit with status 1 if help is called on an invalid command.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2016-11-23 15:13:58 -05:00
Darren Stahl
22c83c567f Swap usage of LazyDLL and LoadDLL to LazySystemDLL.
Signed-off-by: Darren Stahl <darst@microsoft.com>
2016-11-22 14:57:11 -08:00
Doug Davis
96f50e9b70 Merge pull request #28611 from vieux/fix_golint
fix a few golint errors
2016-11-19 07:16:44 -05:00
Victor Vieux
c3fab6d473 Merge pull request #28524 from aluzzardi/experimental-routes
router: Return explicit error rather than 404 for experimental.
2016-11-18 18:49:15 -08:00
Victor Vieux
9c559e6d0b fix a few golint errors
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 18:32:02 -08:00
Andrea Luzzardi
3976a33c1a router: Return explicit error rather than 404 for experimental.
Instead of not adding experimental routes at all, fail with an explicit
message if the daemon is not running in experimental mode.

Added the `router.Experimental` which does this automatically.

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2016-11-17 15:51:47 -08:00
Victor Vieux
98bb08fe38 error on cli when trying to use experimental feature with non experimental daemon
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-17 14:52:01 -08:00
Victor Vieux
bf95472105 refactor help func in CLI
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-17 10:54:10 -08:00
Tonis Tiigi
5b0a52f7dc Skip cli initialization for daemon command
Cli initialization pings back to remote API and
creates a deadlock if socket is already being
listened by systemd.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-11-16 13:19:45 -08:00
John Stephens
d67aa065ef
Show experimental flags and subcommands if enabled
Signed-off-by: John Stephens <johnstep@docker.com>
2016-11-11 17:43:06 -08:00
Victor Vieux
2712bb26e3 Merge pull request #28274 from Microsoft/jjh/acl
Windows: create daemon root with ACL
2016-11-11 09:20:32 -08:00
Wang Long
2b7f7e9aff Use '.' directly
Signed-off-by: Wang Long <long.wanglong@huawei.com>
2016-11-11 10:22:32 +08:00
John Howard
46ec4c1ae2 Windows: create daemon root with ACL
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-11-10 17:51:28 -08:00
Victor Vieux
c410222e42 move plugins out of experimental
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-11-10 15:51:32 -08:00
Andrea Luzzardi
819d0159bb api: Service Logs support
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2016-11-10 13:46:02 -08:00
Victor Vieux
e98e4a7111 always add but hide experimental cmds and flags
Signed-off-by: Victor Vieux <vieux@docker.com>

update cobra and use Tags

Signed-off-by: Victor Vieux <vieux@docker.com>

allow client to talk to an older server

Signed-off-by: Victor Vieux <vieux@docker.com>
2016-11-08 04:55:27 -08:00
Tibor Vass
109c26bd74 Merge pull request #28056 from LK4D4/solaris_me
Add functional support for Docker sub commands on Solaris
2016-11-07 16:46:18 -08:00
Amit Krishnan
934328d8ea Add functional support for Docker sub commands on Solaris
Signed-off-by: Amit Krishnan <krish.amit@gmail.com>

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-11-07 09:06:34 -08:00
yupeng
c09277d5c3 Align arg with other cli
Signed-off-by: yupeng <yu.peng36@zte.com.cn>
2016-11-05 13:47:02 +08:00
Victor Vieux
d34ca0178e update cobra and use Tags
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-11-04 12:04:14 -07:00
Victor Vieux
3e43fa28ec always add but hide experimental cmds and flags
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-11-03 17:31:12 -07:00
Anusha Ragunathan
4a955dc4d4 Merge pull request #27914 from riyazdf/check-plugins-on-startup
Check authz plugins on daemon startup, add v2 integration tests
2016-11-02 13:38:32 -07:00
Riyaz Faizullabhoy
2b045027ce Check authz plugins are valid on daemon startup, add integration tests
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-11-02 11:20:54 -07:00
yupeng
06f1602374 Align with other cli descriptions
Signed-off-by: yupeng <yu.peng36@zte.com.cn>
2016-11-01 13:41:49 +08:00
Brian Goff
f81c538fec Merge pull request #27700 from Microsoft/jjh/servicerestart
Windows: Set service recovery options
2016-10-28 12:06:24 -07:00
Michael Crosby
3343d234f3 Add basic prometheus support
This adds a metrics packages that creates additional metrics.  Add the
metrics endpoint to the docker api server under `/metrics`.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Add metrics to daemon package

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

api: use standard way for metrics route

Also add "type" query parameter

Signed-off-by: Alexander Morozov <lk4d4@docker.com>

Convert timers to ms

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-10-27 10:34:38 -07:00
Akihiro Suda
7e24c16086 add docker network prune
`docker network prune` prunes unused networks, including overlay ones.
`docker system prune` also prunes unused networks.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2016-10-25 06:43:54 +00:00
Sebastiaan van Stijn
411e7b4416 Merge pull request #24533 from yongtang/24392-docker-info-label-duplicate-keys
Remove duplicate keys in labels of `docker info`
2016-10-24 18:12:28 -07:00
John Howard
eea679fbcc Windows: Set service recovery options
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-10-24 16:24:27 -07:00
Kenfe-Mickael Laventure
7781a1bf0f Make experimental a runtime flag
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-10-24 15:20:01 -07:00
Vincent Demeester
ce6cfef36d Merge pull request #27460 from Microsoft/jjh/dockerpid
Windows: Calculate PID file after root
2016-10-22 13:41:42 +02:00
Yong Tang
e4c9079d09 Remove duplicate keys in labels of docker info
This fix tries to address the issue raised in 24392 where
labels with duplicate keys exist in `docker info`, which
contradicts with the specifications in the docs.

The reason for duplicate keys is that labels are stored as
slice of strings in the format of `A=B` (and the input/output).

This fix tries to address this issue by checking conflict
labels when daemon started, and remove duplicate labels (K-V).

The existing `/info` API has not been changed.

An additional integration test has been added to cover the
changes in this fix.

This fix fixes 24392.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-10-18 07:45:27 -07:00
Vincent Demeester
15ea28f6db Merge pull request #27463 from Microsoft/jjh/runservice
Windows: Mark run-service flag as hidden
2016-10-18 15:51:10 +02:00
Yong Tang
cc703784f3 Update docker stop and docker restart to allow not specifying timeout and use the one specified at container creation time.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-10-17 12:53:35 -07:00
John Howard
102a38ceb1 Windows: Mark run-service flag as hidden
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-10-17 12:21:31 -07:00
John Howard
7453d028da Windows: Calculate PID file after root
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-10-17 11:48:51 -07:00
Tõnis Tiigi
62503f245f Merge pull request #27276 from yuexiao-wang/func-name
Modify function name from SetDaemonLogLevel to SetLogLevel
2016-10-13 12:10:59 -07:00
Anusha Ragunathan
c5393ee147 Make authorization plugins use pluginv2.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-10-11 13:09:28 -07:00
yuexiao-wang
fe3ff54c7a Modify function name from SetDaemonLogLevel to SetLogLevel
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2016-10-11 19:35:12 +08:00
Sebastiaan van Stijn
bf58dd82c3
Deprecate "daemon" subcommand
The daemon is in a separate (dockerd) binary
since docker 1.12, so should no longer be
used.

This marks the command as deprecated, and
adds it to the deprecated features list.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-09-23 00:26:27 +02:00
Stefan Scherer
40868e263d
Write fatal error to event log if running as service
Signed-off-by: Stefan Scherer <scherer_stefan@icloud.com>
2016-09-19 22:36:33 +02:00