Although primarily a human readable script, it is quite useful
to return success or failure from this script so it can be used
as a basic test.
Fail if any check fails, including some that are optional,
other than the storage driver tests, where only one needs to
succeed, so the system has at least one workable storage driver.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Previously, when the graphdir was a root of a mountpoint, we would not
be able to cleanup the graphdir, as the script would umount in case
target dir is a mount itself
```/etc/mtab
/dev/xvdc1 /var/lib/docker btrfs
```
When running the script, the graphdir would be unmounted and it would
remove a (possibly) empty folder.
```
Nuking /var/lib/docker ...
(if this is wrong, press Ctrl+C NOW!)
+ sleep 10
+ umount -f /var/lib/docker
+ rm -rf /var/lib/docker
```
This PR includes the necessary changes to nuke the folder on this
scenario, including when the graphdir is a btrfs mount iself.
Signed-off-by: Bruno Tavares <btavare@thoughtworks.com>
--group-add was used for specifying groups for both service create
and service update. For create it was confusing since we don't have
an existing set of groups. Instead I added --group to create, and
moved --group-add to service update only, like --group-rm
This deals with issue 27646
Signed-off-by: Lily Guo <lily.guo@docker.com>
Update flag documentation
Specify that --group, --group-add and --groupd-rm refers to
supplementary user groups
Signed-off-by: Lily Guo <lily.guo@docker.com>
Fix docs for groups and update completion scripts
Signed-off-by: Lily Guo <lily.guo@docker.com>
A HealthConfig entry was added to the ContainerSpec associated with the
service being created or updated.
Signed-off-by: Cezar Sa Espinola <cezarsa@gmail.com>
Many distributions now use ext4 to provide ext2 and ext3 support,
so do not warn about possibly missing ext3 support if the config
option is used.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The --name flag was inadvertently added to
docker service update, but is not supported,
as it has various side-effects (e.g., existing
tasks are not renamed).
This removes the flag from the service update
command.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
containers may specify these cgroup values at runtime. This will allow
processes to change their priority to real-time within the container
when CONFIG_RT_GROUP_SCHED is enabled in the kernel. See #22380.
Also added sanity checks for the new --cpu-rt-runtime and --cpu-rt-period
flags to ensure that that the kernel supports these features and that
runtime is not greater than period.
Daemon will support a --cpu-rt-runtime flag to initialize the parent
cgroup on startup, this prevents the administrator from alotting runtime
to docker after each restart.
There are additional checks that could be added but maybe too far? Check
parent cgroups to ensure values are <= parent, inspecting rtprio ulimit
and issuing a warning.
Signed-off-by: Erik St. Martin <alakriti@gmail.com>
In #23614 `docker inspect` was semantically enhanced to inspect "everything".
Therefore moving its logic to `_docker_container_inspect` was not correct.
This commit moves it back to its original top-level location (`_docker_inspect`)
so that it can be called by `_docker_{container,image}_inspect` and others (will
be added in follow-up PRs).
Parameterization was added in order to get caller-specific behavior.
Signed-off-by: Harald Albers <github@albersweb.de>
Currently, there's no way to restart the tasks of a service without
making an actual change to the service. This leads to us giving awkward
workarounds as in
https://github.com/docker/docker.github.io/pull/178/files, where we tell
people to scale a service up and down to restore balance, or make
unnecessary changes to trigger a restart.
This change adds a --force option to "docker service update", which
forces the service to be updated even if no changes require that.
Since rolling update parameters are respected, the user can use
"docker service --force" to do a rolling restart. For example, the
following is supported:
docker service update --force --update-parallelism 2 \
--update-delay 5s myservice
Since the default value of --update-parallelism is 1, the default
behavior is to restart the service one task at a time.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Keeping the current behavior for exec, i.e., inheriting
variables from main process. New variables will be added
to current ones. If there's already a variable with that
name it will be overwritten.
Example of usage: docker exec -it -e TERM=vt100 <container> top
Closes#24355.
Signed-off-by: Jonh Wendell <jonh.wendell@redhat.com>
This adds support for two enhancements to swarm service rolling updates:
- Failure thresholds: In Docker 1.12, a service update could be set up
to either pause or continue after a single failure occurs. This adds
an --update-max-failure-ratio flag that controls how many tasks need to
fail to update for the update as a whole to be considered a failure. A
counterpart flag, --update-monitor, controls how long to monitor each
task for a failure after starting it during the update.
- Rollback flag: service update --rollback reverts the service to its
previous version. If a service update encounters task failures, or
fails to function properly for some other reason, the user can roll back
the update.
SwarmKit also has the ability to roll back updates automatically after
hitting the failure thresholds, but we've decided not to expose this in
the Docker API/CLI for now, favoring a workflow where the decision to
roll back is always made by an admin. Depending on user feedback, we may
add a "rollback" option to --update-failure-action in the future.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Unfortunately, `(f)` aka `(ps:\n:)` flag will not create an array when
there is only one line. The subsequent use of indexes will then affect
the string. This leads to `docker rmi <tab>` to complete on the header
line instead of nothing.
Therefore, for each use of `(f)`, we ensure that we have an extra new
line to be sure we get an array.
Credit to @povesteam for the original report and fix in #27373.
Signed-off-by: Vincent Bernat <vincent@bernat.im>
Fedora 22 reached end of life on July 19th, and
will no longer receive updates;
https://fedoramagazine.org/fedora-22-end-of-life-2016-july/
With the recent release of Fedora 24, Fedora 22 will officially enter End Of
Life (EOL) status on July 19th, 2016. After July 19th, all packages in the
Fedora 22 repositories will no longer receive security, bugfix, or enhancement
updates, and no new packages will be added to the Fedora 22 collection.
Upgrading to Fedora 23 or Fedora 24 before July 19th 2016 is highly recommended
for all users still running Fedora 22.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
On Raspbian and Debian Jessie for ARMv7 (aka armhf), the builtags for runc
were missing. These buildtags should include 'apparmor' and 'selinux'.
Signed-off-by: Jean-Christophe Berthon <huygens@berthon.eu>
After building docker from the git repo, you can run
```
./contrib/mac-install-bundle.sh install
```
and this will tell Docker for Mac to look for a bundle at the current
path to run instead of the built in version of Docker. This will persist
until you do a factory reset or run
```
./contrib/mac-install-bundle.sh undo
```
A factory reset is advised to reset as a development Docker may break your
install.
The path must be a path that is shared with Docker for Mac so that the VM
can find it - nothing is installed into the image.
This is in `contrib/` as it is a best effort attempt to make it easier for
Docker for Mac users to test master or pull requests. If it breaks anything
a factory reset is your friend.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This appears to be missing. NAT (via iptables) is required in order to
setup Docker networking.
Signed-off-by: Charlie Drage <charlie@charliedrage.com>
When sending a build context to a remote server it may be
(significantly) advantageous to compress the build context. This commit
adds support for gz compression when constructing a build context
using a command like "docker build --compress ."
Signed-off-by: Paul Kehrer <paul.l.kehrer@gmail.com>
Add errexit to mkimage-yum bash script to abort early. This to prevent
disaster when mktemp fails and leave $target variable empty.
Signed-off-by: Carl Loa Odin <carlodin@gmail.com>
New driver options:
- `splunk-gzip` - gzip compress all requests to Splunk HEC
(enabled by default)
- `splunk-gzip-level` - change compression level.
Messages are sent in batches by 1000, with frequency of 5 seconds.
Maximum buffer is 10,000 events. If HEC will not be available, Splunk
Logging Driver will keep retrying while it can hold messages in buffer.
Added unit tests for driver.
Signed-off-by: Denis Gladkikh <denis@gladkikh.email>
With this patch and Docker PR 25883 ("Add a Dockerfile for generating
manpages on s390x") "make deb" creates the following packages for s390x:
# cd bundles/1.13.0-dev/build-deb/
# find .
.
./ubuntu-xenial
./ubuntu-xenial/docker-engine_1.13.0~dev~git20160823.161729.0.2693af4-0~xenial_s390x.deb
./ubuntu-xenial/docker-engine_1.13.0~dev~git20160823.161729.0.2693af4-0~xenial.dsc
./ubuntu-xenial/docker-engine_1.13.0~dev~git20160823.161729.0.2693af4-0~xenial_s390x.changes
./ubuntu-xenial/Dockerfile.build
./ubuntu-xenial/docker-engine_1.13.0~dev~git20160823.161729.0.2693af4-0~xenial.tar.gz
./docker.log
./test.log
Package "docker-engine_1.13.0~dev~git20160823.161729.0.2693af4-0~xenial_s390x.deb"
could be successfully installed on a s390x Ubuntu system:
# cat /etc/issue
Ubuntu 16.04.1 LTS \n \l
# dpkg -i docker-engine_1.13.0~dev~git20160823.161729.0.2693af4-0~xenial_s390x.deb
...
Installing new version of config file /etc/init.d/docker ...
Installing new version of config file /etc/init/docker.conf ...
Processing triggers for systemd (229-4ubuntu7) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for man-db (2.7.5-1) ...
# docker version
Client:
Version: 1.13.0-dev
API version: 1.25
Go version: go1.7
Git commit: 2693af4-unsupported
Built: Wed Aug 24 11:41:13 2016
OS/Arch: linux/s390x
Server:
...
The s390x "generate.sh" is a modified version of "ppc64le/generate.sh".
We removed seccomp for s390x because we need at least libseccomp version
2.3.1 which is not provided by Ubuntu Xenial.
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
docker is trying to set system.posix_acl_access but using BTRFS this fails if
CONFIG_BTRFS_FS_POSIX_ACL is not activated.
Signed-off-by: Andrei Gherzan <andrei@resin.io>
TMPDIR was changed to DOCKER_TMPDIR in pull request 7113 but the file still asks user to set TMPDIR.
I am new to docker and wasted sometime this morning because of this.
I am using docker version 1.12.1 on ubuntu server 14.04
Signed-off-by: Neyazul Haque <nuhaque@gmail.com>
This PR adds the ability to make docker debs for xenial on power
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
`--log-opt splunk-format=inline|json|raw` allows to change how logging
driver sends data to Splunk, where
`inline` - default value, format used before, message is injected as a
line in JSON payload
`json` - driver will try to parse each line as a JSON object and embed it
inside of the JSON payload
`raw` - driver will send Raw payload instead of JSON, tag and attributes
will be prefixed before the message
`--log-opt splunk-verify-connection=true|false` - allows to skip
verification for Splunk Url
Signed-off-by: Denis Gladkikh <denis@gladkikh.email>
added the firewalld.service symbol in the After line docker
will always start after firewalld, thus eliminating the issue
of firewall blocking all mapped traffic.
Signed-off-by: Ramon Brooker <Ramon.Brooker@imaginecommunications.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
With the latest OL7.2, selinux policy that is shipped
might not be the latest for it to work or build with
selinux policy for docker-1.12.
To be able to achieve that here is what is done:
1. Added systemd_machined policy which is part of systemd.
2. Temporarily comment out unconfined_typebounds because the
current OL7's selinux doesn't have unconfineduser selinux policy,
to include this will be too much. Will revisit this once we have
updated the selinux policy.
Fixes: #24612
Signed-off-by: Thomas Tanaka <thomas.tanaka@oracle.com>
This change allows btrfs subvolumes to be found in additional system
configurations. The old logic failed to correctly identify subvolumes
when the root fs was mounted as a subvolume that was not the btrfs
filesystem root.
Signed-off-by: Adam Mills <adam@armills.info>
