Commit graph

100 commits

Author SHA1 Message Date
Antonio Murdaca
10a3061c5f Fix regression in parsing capabilities list when a single string is given
Signed-off-by: Antonio Murdaca <runcom@linux.com>
2015-07-01 21:28:02 +02:00
Peter Waller
9c2374d196 Move /nat to /pkg/nat
By convention /pkg is safe to use from outside the docker tree, for example
if you're building a docker orchestrator.

/nat currently doesn't have any dependencies outside of /pkg, so it seems
reasonable to move it there.

This rename was performed with:

```
gomvpkg -vcs_mv_cmd="git mv {{.Src}} {{.Dst}}" \
	-from github.com/docker/docker/nat \
        -to   github.com/docker/docker/pkg/nat

```

Signed-off-by: Peter Waller <p@pwaller.net>
2015-06-30 17:43:17 +01:00
John Howard
c5e6a4b307 Windows: Refactor network modes
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-06-29 13:13:55 -07:00
David Calavera
df73d5e0cd Merge pull request #14023 from mavenugo/net_ui
experimental network ui
2015-06-19 09:26:05 -07:00
Madhu Venugopal
da5a3e6dee register libnetwork API and UI with docker parent chain
This commit also brings in the ability to specify a default network and its
corresponding driver as daemon flags. This helps in existing clients to
make use of newer networking features provided by libnetwork.

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2015-06-18 12:07:58 -07:00
Srini Brahmaroutu
eb97de7dee Decoder does not work properly with nested pointers using gcc
Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
2015-06-11 16:45:54 +00:00
Jana Radhakrishnan
d18919e304 Docker integration with libnetwork
- Updated Dockerfile to satisfy libnetwork GOPATH requirements.
    - Reworked daemon to allocate network resources using libnetwork.
    - Reworked remove link code to also update network resources in libnetwork.
    - Adjusted the exec driver command population to reflect libnetwork design.
    - Adjusted the exec driver create command steps.
    - Updated a few test cases to reflect the change in design.
    - Removed the dns setup code from docker as resolv.conf is entirely managed
      in libnetwork.
    - Integrated with lxc exec driver.

Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
2015-05-19 22:40:19 +00:00
Antonio Murdaca
624bf81fdb Add RestartPolicy methods instead of using strings checking
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
2015-05-16 14:15:28 +02:00
Darren Shepherd
f2e5207fc9 Add --uts=host to allow sharing the UTS namespace
Signed-off-by: Darren Shepherd <darren@rancher.com>
2015-05-13 17:56:32 -07:00
Ma Shimiao
dccb8b5c33 add cpu.cfs_period_us support
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2015-05-09 10:02:46 +08:00
Jessie Frazelle
6b6a26c769 Merge pull request #11516 from coolljt0725/add_show_error_set_some_flag_in_container_netmode
add support --net=container with --mac-address, --add-host error out
2015-05-07 17:13:32 -07:00
Qiang Huang
f133f11a7d add blkio.weight support
We can use this to control block IO weight of a container.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-05-07 11:55:58 +08:00
Lei Jitang
0e08e9aca1 Add support --net=container with --mac-address,--add-host error out
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-05-05 19:28:40 +08:00
HuKeping
a4a924e1b6 Feature: option for disable OOM killer
Add cgroup support for disable OOM killer.

Signed-off-by: Hu Keping <hukeping@huawei.com>
2015-05-04 21:11:29 +08:00
Lei Jitang
dcc50e1d59 Add support cpu cfs quota
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-04-20 08:16:47 -07:00
Brian Goff
de923f59b3 Merge pull request #12253 from calavera/remove_job_from_start_and_create
Remove engine.Job from Start and Create
2015-04-15 21:49:25 -04:00
David Calavera
767df67e31 Decode container configurations into typed structures.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-04-15 10:22:07 -07:00
Qiang Huang
8077b2fb80 add support for cpuset.mems
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-04-15 09:33:46 +08:00
David Calavera
610c436e07 Remove engine.Job from Start action.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-04-14 15:33:12 -07:00
Antonio Murdaca
c30a55f14d Refactor utils/utils, fixes #11923
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
2015-04-14 01:37:36 +02:00
Vishnu Kannan
0b1e2b5a55 Adding '--cgroup-parent' flag to docker run. This feature helps users implement more complex
resource isolation policies on top of what native docker provides.

Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2015-03-19 02:34:15 +00:00
Arnaud Porterie
1ff5a91007 Merge pull request #10568 from LK4D4/logging_drivers
Logging drivers
2015-03-17 09:45:58 -07:00
Alexander Morozov
47a6afb93f Default 'json-file' logging driver and none logging driver
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-03-13 12:13:21 -07:00
Qiang Huang
837eec064d move resources from Config to HostConfig
Cgroup resources are host dependent, they should be in hostConfig.

For backward compatibility, we just copy it to hostConfig, and leave it in
Config for now, so there is no regressions, but the right way to use this
throught json is to put it in HostConfig, like:
  {
      "Hostname": "",
      ...
      "HostConfig": {
	  "CpuShares": 512,
          "Memory": 314572800,
          ...
      }
  }

As we will add CpusetMems, CpusetCpus is definitely a better name, but some
users are already using Cpuset in their http APIs, we also make it compatible.

The main idea is keep using Cpuset in Config Struct, and make it has the same
value as CpusetCpus, but not always, some scenarios:
 - Users use --cpuset in docker command, it can setup cpuset.cpus and can
   get Cpuset field from docker inspect or other http API which will get
   config info.
 - Users use --cpuset-cpus in docker command, ditto.
 - Users use Cpuset field in their http APIs, ditto.
 - Users use CpusetCpus field in their http APIs, they won't get Cpuset field
   in Config info, because by then, they should already know what happens
   to Cpuset.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-03-11 09:31:18 +08:00
Brian Goff
3f39050637 Allow setting ulimits for containers
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-02-25 19:37:43 -05:00
Michael Crosby
409407091a Add --readonly for read only container rootfs
Add a --readonly flag to allow the container's root filesystem to be
mounted as readonly.  This can be used in combination with volumes to
force a container's process to only write to locations that will be
persisted.  This is useful in many cases where the admin controls where
they would like developers to write files and error on any other
locations.

Closes #7923
Closes #8752

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-01-14 15:41:31 -08:00
Dan Walsh
23feaaa240 Allow the container to share the PID namespace with the host
We want to be able to use container without the PID namespace.  We basically
want containers that can manage the host os, which I call Super Privileged
Containers.  We eventually would like to get to the point where the only
namespace we use is the MNT namespace to bring the Apps userspace with it.

By eliminating the PID namespace we can get better communication between the
host and the clients and potentially tools like strace and gdb become easier
to use.  We also see tools like libvirtd running within a container telling
systemd to place a VM in a particular cgroup, we need to have communications of the PID.

I don't see us needing to share PID namespaces between containers, since this
is really what docker exec does.

So currently I see us just needing docker run --pid=host

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2015-01-13 16:35:17 -08:00
Michael Crosby
294843ef23 Move security opts to HostConfig
These settings need to be in the HostConfig so that they are not
committed to an image and cannot introduce a security issue.

We can safely move this field from the Config to the HostConfig
without any regressions because these settings are consumed at container
created and used to populate fields on the Container struct.  Because of
this, existing settings will be honored for containers already created
on a daemon with custom security settings and prevent values being
consumed via an Image.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	daemon/create.go
		changing config to hostConfig was required to fix the
		 build
2014-11-25 01:02:30 +02:00
Dan Walsh
497fc8876e Allow IPC namespace to be shared between containers or with the host
Some workloads rely on IPC for communications with other processes.  We
would like to split workloads between two container but still allow them
to communicate though shared IPC.

This patch mimics the --net code to allow --ipc=host to not split off
the IPC Namespace.  ipc=container:CONTAINERID to share ipc between containers

If you share IPC between containers, then you need to make sure SELinux labels
match.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2014-11-12 11:29:58 -05:00
Jessie Frazelle
f98a1f1f7d Merge pull request #8019 from thockin/add-host
Allow extra lines in /etc/hosts
2014-09-16 17:19:16 -07:00
Tim Hockin
68e48b65a6 Allow extra lines in /etc/hosts
This adds a --add-host host:ip flag which appends lines to /etc/hosts.  This is needed in places where you want the container to get a different name resolution than it would through DNS.  This was submitted before as #5525, closed, and now I am re-opening.  It has come up 2 or 3 times in the last couple days.

Signed-off-by: Tim Hockin <thockin@google.com>
2014-09-16 23:38:23 +00:00
Tibor Vass
7c85cf5f39 docs fix
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
2014-09-16 18:40:24 -04:00
Alexander Larsson
3a90004f3c Add "docker create" support
This exposes the already existing "create container" operation.  It is
very similar to "docker run -d" except it doesn't actually start the
container, but just prepares it. It can then be manually started using
"docker start" at any point.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)

Conflicts:
	api/client/commands.go
	runconfig/parse.go
	server/container.go

Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
2014-09-16 18:40:24 -04:00
Alexandr Morozov
080ca86191 Add IsPrivate method for NetworkMode
This method indicates that container using private network stack

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
2014-09-10 00:46:43 +04:00
Alexandr Morozov
ba24820284 Don't initialize network for 'none' mode
Fixes #7837

Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
2014-09-04 09:50:58 +04:00
Michael Crosby
d9753ba20d Add typed RestartPolicy
Signed-off-by: Michael Crosby <michael@docker.com>
2014-08-13 15:56:34 -07:00
Michael Crosby
bd8c9dc239 Restart containers based on restart policy
Signed-off-by: Michael Crosby <michael@docker.com>
2014-08-13 15:56:34 -07:00
Victor Vieux
b3ee9ac74e update go import path and libcontainer
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-07-24 22:19:50 +00:00
Victor Vieux
8344b6d736 fix job and add tests
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-07-11 23:43:21 +00:00
Victor Vieux
94e6dc9781 Basic --cap-add and --cap-drop support for native
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-07-11 23:43:21 +00:00
Timothy
e855c4b921 Add --device flag to allow additional host devices in container
We add a --device flag which can be used like:

 docker run --device /dev/sda:/dev/xvda:rwm ubuntu /bin/bash

To allow the container to have read write permissions to access the host's /dev/sda via a node named /dev/xvda in the container.

Note: Much of this code was written by Dinesh Subhraveti dineshs@altiscale.com (github: dineshs-altiscale) and so he deserves a ton of credit.

Docker-DCO-1.1-Signed-off-by: Timothy <timothyhobbs@seznam.cz> (github: timthelion)
2014-07-10 10:35:53 -07:00
Michael Crosby
0b187b909b Address code review feedback
Also make sure we copy the joining containers hosts and resolv.conf with
the hostname if we are joining it's network stack.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-05 10:08:59 -07:00
Michael Crosby
2c2cc051d8 Update --net flags and container mode
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-05 10:08:59 -07:00
Johan Euphrosine
a60159f3b1 runconfig: add -net container:name option
Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
2014-05-05 10:08:59 -07:00
Michael Crosby
b4f2821e6d Make volumes-from a slice instead of string split
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-08 21:45:06 +00:00
Michael Crosby
af9746412b Move volumesfrom to hostconfig
This also migrates the volumes from integration tests into the new cli
integration test framework.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-08 21:45:06 +00:00
Michael Crosby
919dbbe44d Move DNS options to hostconfig
The local resolver warning needed to be moved at daemon start because it
was only show for the first container started anyways before having a
default value set.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-07 19:12:22 -07:00
Michael Crosby
ffebcb660f Move -o cli flag and DriverConfig from HostConfig
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-04-07 14:44:52 -07:00
Alexander Larsson
7a3070a600 Add --opt arguments for drivers
In order to handle special configuration for different drivers we
make the Config field a map to string array. This lets
us use it for lxc, by using the "lxc" key for those, and we can
later extend it easily for other backend-specific options.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-03-27 21:47:47 +01:00
Solomon Hykes
6393c38339 Move the canonical run configuration objects to a sub-package
* Config is now runconfig.Config
    * HostConfig is now runconfig.HostConfig
    * MergeConfig is now runconfig.Merge
    * CompareConfig is now runconfig.Compare
    * ParseRun is now runconfig.Parse
    * ContainerConfigFromJob is now runconfig.ContainerConfigFromJob
    * ContainerHostConfigFromJob is now runconfig.ContainerHostConfigFromJob

This facilitates refactoring commands.go and shrinks the core.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
2014-02-11 20:18:46 -08:00