This enables docker cp and ADD/COPY docker build support for LCOW.
Originally, the graphdriver.Get() interface returned a local path
to the container root filesystem. This does not work for LCOW, so
the Get() method now returns an interface that LCOW implements to
support copying to and from the container.
Signed-off-by: Akash Gupta <akagup@microsoft.com>
The `--enable-api-cors` flag was deprecated in f3dd2db4ff,
and marked for removal in docker 17.09 through 85f92ef359.
This patch removes the deprecated flag.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `/info` endpoint was badly documented, missing various
fields and incorrectly describing others.
This patch defines a type for the endpoint, based on the
API types in the source.
Also removing the response example in favor of
per-field examples, as this prevents an incorrectly
formatted response from masking omissions in the
actual type.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `Node.ManagerStatus` property was only present in
the example, but not in the definition.
This patch adds definitions for `ManagerStatus`
and `Reachability`, similar to what is used in the
code;
f02a5b50c4/api/types/swarm/node.go (L84-L101)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- `TLSInfo` is part of `Node.Description`, but was documented as a
direct child of `Node`
- `Node.TLSInfo` incorrectly was using the `SwarmSpec` type,
instead of `TLSInfo`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- `ObjectVersion.Index` is an `uint64` 0fd90c4d5d/api/types/swarm/common.go (L5-L15)
- `ClusterInfo` is nullable in the `/info` output (see ff4f700f74/api/types/swarm/swarm.go (L203))
- `CAConfig.ForceRotate` was missing a type, therefore treated as an `object` in Swagger: ff4f700f74/api/types/swarm/swarm.go (L121)
- `Raft.SnapshotInterval`, `Raft.KeepOldSnapshots`, and `Raft.LogEntriesForSlowFollowers` are an `uint64` not an `int64`
- Various fields in `swarm.Info` are nullable; added `x-nullable`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Use strongly typed errors to set HTTP status codes.
Error interfaces are defined in the api/errors package and errors
returned from controllers are checked against these interfaces.
Errors can be wraeped in a pkg/errors.Causer, as long as somewhere in the
line of causes one of the interfaces is implemented. The special error
interfaces take precedence over Causer, meaning if both Causer and one
of the new error interfaces are implemented, the Causer is not
traversed.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This patch updates the definition of `NetworkConfig` to match the code, and
renames to the definition to `NetworkSettings` (also to match the type in
the code).
Add definitions for:
- `Address`
- `PortMap`
- `PortBinding`
- `EndpointIPAMConfig`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Since the commit d88fe447df ("Add support for sharing /dev/shm/ and
/dev/mqueue between containers") container's /dev/shm is mounted on the
host first, then bind-mounted inside the container. This is done that
way in order to be able to share this container's IPC namespace
(and the /dev/shm mount point) with another container.
Unfortunately, this functionality breaks container checkpoint/restore
(even if IPC is not shared). Since /dev/shm is an external mount, its
contents is not saved by `criu checkpoint`, and so upon restore any
application that tries to access data under /dev/shm is severily
disappointed (which usually results in a fatal crash).
This commit solves the issue by introducing new IPC modes for containers
(in addition to 'host' and 'container:ID'). The new modes are:
- 'shareable': enables sharing this container's IPC with others
(this used to be the implicit default);
- 'private': disables sharing this container's IPC.
In 'private' mode, container's /dev/shm is truly mounted inside the
container, without any bind-mounting from the host, which solves the
issue.
While at it, let's also implement 'none' mode. The motivation, as
eloquently put by Justin Cormack, is:
> I wondered a while back about having a none shm mode, as currently it is
> not possible to have a totally unwriteable container as there is always
> a /dev/shm writeable mount. It is a bit of a niche case (and clearly
> should never be allowed to be daemon default) but it would be trivial to
> add now so maybe we should...
...so here's yet yet another mode:
- 'none': no /dev/shm mount inside the container (though it still
has its own private IPC namespace).
Now, to ultimately solve the abovementioned checkpoint/restore issue, we'd
need to make 'private' the default mode, but unfortunately it breaks the
backward compatibility. So, let's make the default container IPC mode
per-daemon configurable (with the built-in default set to 'shareable'
for now). The default can be changed either via a daemon CLI option
(--default-shm-mode) or a daemon.json configuration file parameter
of the same name.
Note one can only set either 'shareable' or 'private' IPC modes as a
daemon default (i.e. in this context 'host', 'container', or 'none'
do not make much sense).
Some other changes this patch introduces are:
1. A mount for /dev/shm is added to default OCI Linux spec.
2. IpcMode.Valid() is simplified to remove duplicated code that parsed
'container:ID' form. Note the old version used to check that ID does
not contain a semicolon -- this is no longer the case (tests are
modified accordingly). The motivation is we should either do a
proper check for container ID validity, or don't check it at all
(since it is checked in other places anyway). I chose the latter.
3. IpcMode.Container() is modified to not return container ID if the
mode value does not start with "container:", unifying the check to
be the same as in IpcMode.IsContainer().
3. IPC mode unit tests (runconfig/hostconfig_test.go) are modified
to add checks for newly added values.
[v2: addressed review at https://github.com/moby/moby/pull/34087#pullrequestreview-51345997]
[v3: addressed review at https://github.com/moby/moby/pull/34087#pullrequestreview-53902833]
[v4: addressed the case of upgrading from older daemon, in this case
container.HostConfig.IpcMode is unset and this is valid]
[v5: document old and new IpcMode values in api/swagger.yaml]
[v6: add the 'none' mode, changelog entry to docs/api/version-history.md]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Current insider builds of Windows have support for mounting individual
named pipe servers from the host to the guest. This allows, for example,
exposing the docker engine's named pipe to a container.
This change allows the user to request such a mount via the normal bind
mount syntax in the CLI:
docker run -v \\.\pipe\docker_engine:\\.\pipe\docker_engine <args>
Signed-off-by: John Starks <jostarks@microsoft.com>
- When a network is created with the null ipam driver, docker api server
thread will deference a nil pointer on `docker network ls` and on
`docker network inspect <nw>`. This because buildIpamResource()
assumes a gateway address is always present, which is not correct.
Signed-off-by: Alessandro Boch <aboch@tetrationanalytics.com>
Starting 17.06 swarm service create supports service creates with predefined
networks like host and bridge. Due to the nature of the feature, swarm manager
has a swarm scope predefined networks in addition to local scoped
predefined networks on all nodes. However network inspects for swarm scoped
predefined networks was not possible. The fix adds support for network inspect
for swarm scoped predefined networks.
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
