Commit graph

3535 commits

Author SHA1 Message Date
Tonis Tiigi
36900f1d03 Fix liverestore/restartmanager panic in v1.12
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-01-04 13:21:27 -08:00
Tonis Tiigi
fea72090a7 Fix race on sending stdin close event
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 4e262f6387)
2016-12-14 13:26:18 -08:00
Alexander Morozov
c17155fbc3 libcontainerd: attach streams before create
Fix #26371

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
(cherry picked from commit 02d1934279)
2016-12-02 18:09:00 -08:00
Victor Vieux
f25e197379 Merge pull request #29004 from aboch/c1.12.x
[1.12.x] Porting libnetwork fixes
2016-12-02 16:28:26 -08:00
Victor Vieux
f90c1625e9 Merge pull request #28990 from vdemeester/28985-dont-validate-hostname-on-1_12
[1.12.x] Remove hostname validation as it seems to break users
2016-12-02 15:10:59 -08:00
Darren Stahl
7e902398f9 Stop holding container lock while waiting on streams
Signed-off-by: Darren Stahl <darst@microsoft.com>
(cherry picked from commit 07cd19655b)
2016-12-01 21:40:04 -05:00
Tom Denham
76d2f1f29b Update tests to handle bug fix from libnetwork
Signed-off-by: Tom Denham <tom@tomdee.co.uk>
2016-11-30 16:16:34 -08:00
Vincent Demeester
bfd123b2a9
Remove hostname validation as it seems to break users
Validation is still done by swarmkit on the service side.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-11-30 19:21:28 +01:00
Justin Cormack
5c0c9e4587 Test that non root user cannot use default capabilities
Test for #27590

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2016-10-22 12:18:43 +01:00
Justin Cormack
64ae81609c Run seccomp tests in series not parallel
Fix #24803 as this had been failing sometimes.

As the parallel tests are probably genuine failures, and
had already been cut down, I will re-create these specifically
as a parallel execution test with no seccomp to make the
cause clearer.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit 84ec04306c)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-09-30 14:30:47 -07:00
Sebastiaan van Stijn
ca474f7808
Fix incorrect aux-address examples and test
The (host)name for aux-addresses should
be unique, otherwise later values overwrite
earlier values.

Before this change, the example command
would send this API request;

    {
      "Attachable": false,
      "CheckDuplicate": true,
      "Driver": "overlay",
      "EnableIPv6": false,
      "IPAM": {
        "Config": [
          {
            "Gateway": "192.168.0.100",
            "IPRange": "192.168.1.0/24",
            "Subnet": "192.168.0.0/16"
          },
          {
            "AuxiliaryAddresses": {
              "a": "192.170.1.5",
              "b": "192.170.1.6"
            },
            "Gateway": "192.170.0.100",
            "Subnet": "192.170.0.0/16"
          }
        ],
        "Driver": "default",
        "Options": {
        }
      },
      "Internal": false,
      "Labels": {
      },
      "Name": "my-multihost-network",
      "Options": {
      }
    }

After this change, the request looks
like this (all aux-addresses preserved);

    {
      "Attachable": false,
      "CheckDuplicate": true,
      "Driver": "overlay",
      "EnableIPv6": false,
      "IPAM": {
        "Config": [
          {
            "AuxiliaryAddresses": {
              "my-router": "192.168.1.5",
              "my-switch": "192.168.1.6"
            },
            "Gateway": "192.168.0.100",
            "IPRange": "192.168.1.0/24",
            "Subnet": "192.168.0.0/16"
          },
          {
            "AuxiliaryAddresses": {
              "my-printer": "192.170.1.5",
              "my-nas": "192.170.1.6"
            },
            "Gateway": "192.170.0.100",
            "Subnet": "192.170.0.0/16"
          }
        ],
        "Driver": "default",
        "Options": {
        }
      },
      "Internal": false,
      "Labels": {
      },
      "Name": "my-multihost-network",
      "Options": {
      }
    }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit fd7161bb30)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-09-29 14:28:52 +02:00
Yong Tang
f2a48d2ff3 Fix AuthZ plugins headers change issue
This fix tries to address the issue raised in 25927 where
the HTTP headers have been chaged when AUthZ plugin is in
place.

This issue is that in `FlushAll` (`pkg/authorization/response.go`),
the headers have been written (with `WriteHeader`) before all the
headers have bee copied.

This fix fixes the issue by placing `WriteHeader` after.

A test has been added to cover the changes.`

This fix fixes 25927

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 9cb8fb6ea0)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-09-26 19:35:37 -07:00
Thomas Leonard
5592ee4d07 Fix exec form of HEALTHCHECK CMD
We attached the JSON flag to the wrong AST node, causing Docker to treat
the exec form ["binary", "arg"] as if the shell form "binary arg" had
been used. This failed if "ls" was not present.

Added a test to detect this.

Fixes #26174

Signed-off-by: Thomas Leonard <thomas.leonard@docker.com>
(cherry picked from commit e95b6b51da)
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-09-26 19:35:24 -07:00
Tonis Tiigi
13e82f23c8 Skip always pulling images on integration tests
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit e2226223e6)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-08-17 14:19:31 -07:00
Tonis Tiigi
f21cdf48f9 Add retry checks to TestSwarmPublishAdd
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 7bd1c11959)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-08-16 16:11:10 -07:00
Anusha Ragunathan
a3f2c03ef0 Fix deadlock on plugin shutdown.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 4d009084de)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-08-11 19:40:06 -07:00
Yong Tang
af0f7ad792 Fix flaky TestSwarmNodeTaskListFilter by waiting for task fully deployed
This is an attempt to fix the flaky test of TestSwarmNodeTaskListFilter in 25029.

Basically this fix adds a check to wait until 3 containers has already up,
before processing `node tasks ...`.

This might fix 25029.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 63c0366bc9)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-08-11 19:39:52 -07:00
John Howard
16a0c1c374 Windows: Fix RO test cases
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit 03816ad5b5)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-08-11 19:39:52 -07:00
Yong Tang
f99fd5a3f9 Idempotent service update --publish-add
This fix tries to address the issue raised in 25375 where
`service update --publish-add` returns an error if the exact
same value is repeated (idempotent).

This fix use a map to filter out repeated port configs so
that `--publish-add` does not error out.

An integration test has been added.

This fix fixes 25375.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit b487497cd2)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-08-11 17:56:51 -07:00
Yong Tang
8b9d96d208 Sort output of docker ps --filter with order by creation time
This fix tries to address the issue raised in 25374 where the
output of `docker ps --filter` is in random order and
not deterministic.

This fix sorts the list of containers by creation time so that the
output is deterministic.

An integration test has been added.

This fix fixes 25374.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 3f97133546)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-08-11 17:56:47 -07:00
Diogo Monica
caaf53ad3e Add --force to node removal
Signed-off-by: Diogo Monica <diogo.monica@gmail.com>
(cherry picked from commit a327c231b5)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-08-11 17:56:45 -07:00
Anusha Ragunathan
828a2473c2 Remove plugin root from filesystem.
`docker plugin remove` didnt actually remove plugin from disk. Fix that.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 5690730a74)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-08-11 17:56:44 -07:00
Anusha Ragunathan
4d529895f0 Make daemon events listen for plugin lifecycle events.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 42abccb841)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-08-11 17:56:43 -07:00
Anusha Ragunathan
a577a06403 Check for plugin state before enable and disable.
This prevents unnecessary API call to containerd.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit b867f6c6e1)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-08-11 17:56:42 -07:00
Alexander Morozov
af4ff2541a integration: drain node before stop in TestApiSwarmForceNewCluster
It's too long to wait for reschedule.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
(cherry picked from commit 307b7b0d15)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-08-11 16:48:17 -07:00
Stephen J Day
2f736927a0 cli: docker service|node|stack ps instead of tasks
Rather than conflict with the unexposed task model, change the names of
the object-oriented task display to `docker <object> ps`. The command
works identically to `docker service tasks`. This change is superficial.

This provides a more sensical docker experience while not trampling on
the task model that may be introduced as a top-level command at a later
date.

The following is an example of the display using `docker service ps`
with a service named `condescending_cori`:

```
$ docker service ps condescending_cori
ID                         NAME                  SERVICE             IMAGE   LAST STATE              DESIRED STATE  NODE
e2cd9vqb62qjk38lw65uoffd2  condescending_cori.1  condescending_cori  alpine  Running 13 minutes ago  Running        6c6d232a5d0e
```

The following shows the output for the node on which the command is
running:

```console
$ docker node ps self
ID                         NAME                  SERVICE             IMAGE   LAST STATE              DESIRED STATE  NODE
b1tpbi43k1ibevg2e94bmqo0s  mad_kalam.1           mad_kalam           apline  Accepted 2 seconds ago  Accepted       6c6d232a5d0e
e2cd9vqb62qjk38lw65uoffd2  condescending_cori.1  condescending_cori  alpine  Running 12 minutes ago  Running        6c6d232a5d0e
4x609m5o0qyn0kgpzvf0ad8x5  furious_davinci.1     furious_davinci     redis   Running 32 minutes ago  Running        6c6d232a5d0e
```

Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit 0aa4e1e689)
2016-07-27 11:20:25 -07:00
Vincent Demeester
a91bc28e62 Remove swarm inspect and use info instead
Remove the swarm inspect command and use docker info instead to display
swarm information if the current node is a manager.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit e6923f6d75)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-26 04:37:31 -07:00
Brian Goff
07735b4f0c fix panic on --label-add
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 85bc3194aa)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:24:47 -07:00
runshenzhu
84eae5d69f extend health check to start service
Signed-off-by: runshenzhu <runshen.zhu@gmail.com>
Signed-off-by: Runshen Zhu <runshen.zhu@gmail.com>
(cherry picked from commit a99db84b4a)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:24:47 -07:00
Aaron Lehmann
a3639e6ac6 Add failure action for rolling updates
This changes the default behavior so that rolling updates will not
proceed once an updated task fails to start, or stops running during the
update. Users can use docker service inspect --pretty servicename to see
the update status, and if it pauses due to a failure, it will explain
that the update is paused, and show the task ID that caused it to pause.
It also shows the time since the update started.

A new --update-on-failure=(pause|continue) flag selects the
behavior. Pause means the update stops once a task fails, continue means
the old behavior of continuing the update anyway.

In the future this will be extended with additional behaviors like
automatic rollback, and flags controlling parameters like how many tasks
need to fail for the update to stop proceeding. This is a minimal
solution for 1.12.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 57ae29aa74)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:24:43 -07:00
Anusha Ragunathan
52b078fb37 Handle plugin shutdown when liveRestore is set.
When daemon has liveRestore set, daemon shutdown should not shutdown
plugins. Fixes #24759

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 4a44cf1d4c)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:24:37 -07:00
allencloud
4cd455a8d9 fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
(cherry picked from commit 4e959ef2f7)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:18:15 -07:00
Aaron Lehmann
762a73bf7f Split advertised address from listen address
There are currently problems with "swarm init" and "swarm join" when an
explicit --listen-addr flag is not provided. swarmkit defaults to
finding the IP address associated with the default route, and in cloud
setups this is often the wrong choice.

Introduce a notion of "advertised address", with the client flag
--advertise-addr, and the daemon flag --swarm-default-advertise-addr to
provide a default. The default listening address is now 0.0.0.0, but a
valid advertised address must be detected or specified.

If no explicit advertised address is specified, error out if there is
more than one usable candidate IP address on the system. This requires a
user to explicitly choose instead of letting swarmkit make the wrong
choice. For the purposes of this autodetection, we ignore certain
interfaces that are unlikely to be relevant (currently docker*).

The user is also required to choose a listen address on swarm init if
they specify an explicit advertise address that is a hostname or an IP
address that's not local to the system. This is a requirement for
overlay networking.

Also support specifying interface names to --listen-addr,
--advertise-addr, and the daemon flag --swarm-default-advertise-addr.
This will fail if the interface has multiple IP addresses (unless it has
a single IPv4 address and a single IPv6 address - then we resolve the
tie in favor of IPv4).

This change also exposes the node's externally-reachable address in
docker info, as requested by #24017.

Make corresponding API and CLI docs changes.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit a0ccd0d42f)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:18:03 -07:00
Sebastiaan van Stijn
b7a38b19b3 Change "rotate_worker_token" to "rotateWorkerToken"
This renames the `rotate_xxx` flags to camelBack, for
consistency with other API query-params, such as
`detachKeys`, `noOverwriteDirNonDir`, and `fromImage`.

Also makes this flag accept a wider range of boolean
values ("0", "1", "true", "false"), and throw an error
if an invalid value is passed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bd81df1278)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:17:26 -07:00
Alessandro Boch
9e006577f4 Fix regression on --link on bridge network
Signed-off-by: Alessandro Boch <aboch@docker.com>
(cherry picked from commit 3a3f800ff4)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:17:08 -07:00
Aaron Lehmann
5d7a3f7b5f Replace secrets with join tokens
Implement the proposal from
https://github.com/docker/docker/issues/24430#issuecomment-233100121

Removes acceptance policy and secret in favor of an automatically
generated join token that combines the secret, CA hash, and
manager/worker role into a single opaque string.

Adds a docker swarm join-token subcommand to inspect and rotate the
tokens.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 2cc5bd33ee)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:16:59 -07:00
Drew Erny
fd231567dc Added leader election test
Signed-off-by: Drew Erny <drew.erny@docker.com>
(cherry picked from commit 3489e76513)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:16:14 -07:00
Yong Tang
06f8cd5f31 Allow partial name match for node ls, and node tasks
This fix is an extension to last commit to expand the partial
filter to node and task searches.

Additional integration tests have been added to cover the changes.

This fix fixes 24270.
This fix fixes 24112.

Note: A separate pull request will be opened on swarmkit.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit e734fa58ea)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:15:45 -07:00
Yong Tang
7ebba69c43 Allow partial name match for service ls --filter
This fix tries to address the issue raised in 24270 where it was
not possible to have a partial name match when list services
with name filter.

This fix updates swarmkit and allows prefix search when name is
provided as the filter for listing services.

An additional integration test is added to cover the changes.

This fix fixes 24270.

Note: A separate pull request will be opened on swarmkit.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 1d600ebcb5)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:15:45 -07:00
Dong Chen
61936227d0 Test rolling update.
Signed-off-by: Dong Chen <dongluo.chen@docker.com>
(cherry picked from commit d327765a62)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:15:43 -07:00
Kenfe-Mickael Laventure
b7687cc673 Do not rely on "live" event anymore
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit 64483c3bda)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:15:42 -07:00
Anusha Ragunathan
da773af885 Print plugin name on successful install, enable and disable.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 6dca1e6d3f)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:15:25 -07:00
Anusha Ragunathan
c04c127ce3 Remove use of exec-root in plugins due to socket pathname limits.
Unix sockets are limited to 108 bytes. As a result, we need to be
careful in not using exec-root as the parent directory for pluginID
(which is already 64 bytes), since it can result in socket path names
longer than 108 bytes. Use /tmp instead. Before this change, setting:
- dockerd --exec-root=/go/src/github.com/do passes
- dockerd --exec-root=/go/src/github.com/doc fails
After this change, there's no failure.

Also, write a volume plugins test to verify that the plugins socket
responds.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 21ecd5a93d)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:15:25 -07:00
Tonis Tiigi
211f871092 Fix panic in stats test
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit f5fb3c69fd)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:15:11 -07:00
Daniel Nephin
fad55b0ea1 Change the add/update flags to include 'add'
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 4c6faa4340)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:14:59 -07:00
Daniel Nephin
b5f1b77a23 Add remove flags for service update
with unit tests

Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit dc33fc1ff4)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:14:59 -07:00
Arnaud Porterie (icecrime)
c61fa33c23 Rename --net to --network
Add a `--network` flag which replaces `--net` without deprecating it
yet. The `--net` flag remains hidden and supported.

Add a `--network-alias` flag which replaces `--net-alias` without deprecating
it yet. The `--net-alias` flag remains hidden and supported.

Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
(cherry picked from commit c0c7d5e715)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-12 15:50:38 -07:00
Alexander Morozov
eaa8821a23 integration-cli: add test for restarting entire swarm cluster
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
(cherry picked from commit ae4137ae3c)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-12 15:50:37 -07:00
Ralf Sippl
909e7a2ca5 Add API test for empty services list
Signed-off-by: Ralf Sippl <ralf.sippl@gmail.com>
(cherry picked from commit 65e72133a1)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-12 15:50:37 -07:00
Tonis Tiigi
56ab840f37 Use waitAndAssert to test node state changes
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit f02ec39e99)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-12 15:50:21 -07:00