This reverts commit 105bc63295,
which (although correct), resulted in a backward incompatible
change.
We can re-implement this in future, after this changes
goes through a deprecation cycle
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
commit 9322636c89
temporarily switched to a fork of go-memdb, because
a pull request that was needed was not yet merged
upstream.
this pull request was merged, so we can un-fork
this dependency.
this change does not bump the dependency, and
only un-forks. bumping the dependency should
be done in a separate change, if needed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5f057f6350)
Signed-off-by: Victor Vieux <vieux@docker.com>
Vendor the latest official logrus release instead of a custom fork
(which now happens to be identical to the fork).
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 11df2db538)
Signed-off-by: Victor Vieux <vieux@docker.com>
- default network is only created if needed
- it's possible to override default network configuration
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
The base selinux policies on centos/rhel/oraclelinux have all been
updated in a way that conflicts with the policies we install with
`docker-engine-selinux`. This patch fixes these conflicts.
In addition, removes special cases for old/unsupported versions of
fedora in our selinux package, and change to use a single minimum
version for the selinux base policy package, as this is the minimum
version required to use our selinux policy package.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit ec9a05e5e2)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
`plugins.GetAll()` was not locking the plugin map when checking if a
plugin exists, this can cause a race and potentially a panic if another
goroutine is trying to load a plugin into the map at the same time.
Also fixes a race during activation where a plugin inserts itself into
the plugin map but does not check if something else is already there.
This is already checked before trying to activate the plugin, however
the map lock is not held for this entire period, so other plugins may be
loaded during this time.
To fix, before inserting the plugin into the map, check if one with the
same name already exists and use that instead.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 21fcbb39b7)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Call daemon.Mount will increase the refcount of mounted path,
for those previous running containers, `Mount` call will make
the refcount to 2. see
https://github.com/docker/docker/blob/v1.13.0-rc4/daemon/graphdriver/counter.go#L38
```
if !m.check {
m.check = true
if c.checker.IsMounted(path) {
m.count++
}
}
m.count++
```
graphdrive could restore on reboot after #22541, call
daemon.Mount to resore the graphdriver is not necessary.
And call `daemon.Mount` on restorting will mount all the containers
mounted layer even if it was stop.
This fix call Mount and then Unmount to get `BaseFs`
Signed-off-by: Lei Jitang <leijitang@huawei.com>
This fix is a follow up to #29365. In #29365 a bug was fixed for
`docker exec -u user` after live restore by remounting.
However, #29365 will prevent containers from restored if mount failed.
In this fix, containers will be restored even if mount in that step failed.
Some functionalities might be missing (like `docker exec -u user`) but
at least it is possible to do certain operations like stop/restart/delete.
This fix is related to #29365.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 3003ae1d8b)
returned in "docker info". Currently info endpoint isnt using the
GetAllByCap, but relies on existing networks to get the plugin names.
This causes a basic issue when it comes to global network plugins which
swarm-mode relies on, wherein swarmkit will not be able to schedule the
network on the worker nodes due to the filtering logic.
In order to break this chicken & egg issue, we must start to use the
GetAllManagedPluginsByCap. We are unable to use GetAllByCap due to
various issues with Plugin-V1's lazy loading approach causing issues
especially during daemon restarts (which uses SystemInfo)
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Signed-off-by: Lei Jitang <leijitang@huawei.com>
(cherry picked from commit 737b5b1781)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Signed-off-by: Victor Vieux <vieux@docker.com>
(cherry picked from commit bcead9282e)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
When a plugin is activated, and then `plugins.Handle` is called to
register a new handler for a given plugin type, a deadlock occurs when
for anything which calls `waitActive`, including `Get`, and `GetAll`.
This happens because `Handle()` is setting `activated` to `false` to
ensure that plugin handlers are run on next activation.
Maybe these handlers should be called immediately for any plugins which
are already registered... but to preserve the existing behavior while
fixing the deadlock, track if handlers have been run on plugins and
reset when a new handler is registered.
The simplest way to reproduce the deadlock with Docker is to add a `-v
/foo` to the test container created for the external graphdriver tests.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 2938dce794)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
This fix tries to address the issue raised in 28581 and 28927
where it is not possible to create a secret from a file (only
through STDIN).
This fix add a flag `--file` to `docker secret create` so that
it is possible to create a secret from a file with:
```
docker secret create --file secret.in secret.name
```
or
```
echo TEST | docker secret create --file - secret.name
```
Related docs has been updated.
An integration test has been added to cover the changes.
This fix fixes 28581.
This fix is related to 28927.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit c6f0b7f448)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
In #28507 and #28885, `docker service/node ps -a` has been removed so that
information about slots are show up even without `-a` flag.
The output of `docker stack ps` reused the same output as `docker service/node ps`.
However, the `-a` was still there. It might make sense to remove `docker stack ps -a`
as well to bring consistency with `docker service/node ps`.
This fix is related to #28507, #28885, and #25983.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 9155e14e77)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
In cases where there is high latency (ie, not-local network)
`waitExitOrRemoved` was not receiving events for short-lived containers.
This caused the client to hang while waiting for a notification that the
container has stopped.
This happens because `client.Events()` returns immediately and spins a
goroutine up to process events. The problem here is it returns before
the request to the events endpoint is even made.
Even without high-latency issues, there is no guarantee that the
goroutine is even scheduled by the time the function returns.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 47585996bf)
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
