Commit graph

1989 commits

Author SHA1 Message Date
John Howard
d509e61540 Windows CI: Unit Test - pkg/mount is Unix specific
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-02-10 18:09:15 -08:00
Brian Goff
96f1a1a10b Cleanup WriteFlusher
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-02-09 14:02:26 -05:00
Stefan J. Wernli
041a9510c6 Fixing 'docker save' on Windows.
Save was failing file integrity checksums due to bugs in both
Windows and Docker. This commit includes fixes to file time handling
in tarexport and system.chtimes that are necessary along with
the Windows platform fixes to correctly support save. With this
change, sysfile_backups for windowsfilter driver are no longer
needed, so that code is removed.

Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2016-02-08 18:08:49 -08:00
Sebastiaan van Stijn
878a0dc85c Fix 'tcp+tls' protocol not being accepted
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-02-08 17:34:39 +00:00
Alexander Morozov
862f073694 Merge pull request #20002 from twistlock/19575_authz_plugin_support_events
Fix 19575: Docker events doesn't work with authorization plugin
2016-02-08 09:10:39 -08:00
Liron Levin
5ffc810df2 Fix 19575: Docker events doesn't work with authorization plugin
To support the requirement of blocking the request after the daemon
responded the authorization plugin use a `response recorder` that replay
the response after the flow ends.

This commit adds support for commands that hijack the connection and
flushes data via the http.Flusher interface. This resolves the error
with the event endpoint.

Signed-off-by: Liron Levin <liron@twistlock.com>
2016-02-05 22:30:01 +02:00
David Calavera
fe53be4e17 Apply context changes to the client.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-04 13:59:57 -05:00
John Howard
506722bf9f Improvements to ANSI emulation in conemu
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-01-28 20:37:42 -08:00
Anuj Bahuguna
2d459a1600 Adding biologist Christiane Nüsslein Volhard and AI pioneer Marvin Minsky
Signed-off-by: Anuj Bahuguna anujbahuguna.dev@gmail.com

Signed-off-by: Anuj Bahuguna <anujbahuguna.dev@gmail.com>
2016-01-28 14:33:58 +00:00
Aleksa Sarai
4357ed4a73 *: purge dockerinit from source code
dockerinit has been around for a very long time. It was originally used
as a way for us to do configuration for LXC containers once the
container had started. LXC is no longer supported, and /.dockerinit has
been dead code for quite a while. This removes all code and references
in code to dockerinit.

Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-01-26 23:47:02 +11:00
Brian Goff
f6c20d9b22 Add back compat for volume drivers Get and Ls
Use a back-compat struct to handle listing volumes for volumes we know
about (because, presumably, they are being used by a container) for
volume drivers which don't yet support `List`.

Adds a fall-back for the volume driver `Get` call, which will use
`Create` when the driver returns a `404` for `Get`. The old behavior was
to always use `Create` to get a volume reference.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-01-22 22:48:17 -05:00
Phil Estes
34a83f9f2c Merge pull request #19517 from calavera/validate_config_keys
Verify that the configuration keys in the file are valid.
2016-01-22 15:01:29 -05:00
David Calavera
ae8f7c69e3 Merge pull request #19549 from cpuguy83/bump_plugin_api_version
Bump plugin API version
2016-01-22 09:33:29 -08:00
Vincent Demeester
73ae424ed8 Merge pull request #19470 from Microsoft/jjh/confans
Windows: VirtualTerminalInput native console
2016-01-22 17:27:47 +01:00
Vincent Demeester
c91045a78b Merge pull request #19558 from LK4D4/reduce_cgroup_parsing
Refactor sysinfo usage
2016-01-22 11:18:53 +01:00
Phil Estes
3233f45609 Merge pull request #19263 from jfrazelle/update-aa-parser
refactor aaparser pkg, add unit tests
2016-01-21 19:40:53 -05:00
David Calavera
ed4038676f Verify that the configuration keys in the file are valid.
- Return an error if any of the keys don't match valid flags.
- Fix an issue ignoring merged values as named values.
- Fix tlsverify configuration key.
- Fix bug in mflag to avoid panics when one of the flag set doesn't have any flag.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-21 16:56:12 -05:00
Brian Goff
54587d861d Bump plugin API version
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-01-21 11:41:32 -05:00
Zhang Wei
d44e79a366 Remove hard coded 'docker' string from package
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2016-01-22 00:14:52 +08:00
Alexander Morozov
781a33b6e7 Reuse subsystems mountpoints between checks
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-01-20 19:20:59 -08:00
John Howard
33729d3b5a Windows: VirtualTerminalInput native console
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-01-19 15:59:21 -08:00
John Howard
76ebd3dd17 Windows: Remove dead code
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-01-15 12:48:40 -08:00
Sebastiaan van Stijn
e44364eae9 Merge pull request #18587 from calavera/daemon_configuration_file
Allow to set daemon and server configurations in a file.
2016-01-14 16:44:58 -08:00
Brian Goff
3b6a989d81 Merge pull request #19325 from mingqing/fix-pid-convert-error
fix pidfile, pid is num use '/proc + string(pid)' can't found it
2016-01-14 16:49:20 -05:00
David Calavera
677a6b3506 Allow to set daemon and server configurations in a file.
Read configuration after flags making this the priority:

1- Apply configuration from file.
2- Apply configuration from flags.

Reload configuration when a signal is received, USR2 in Linux:

- Reload router if the debug configuration changes.
- Reload daemon labels.
- Reload cluster discovery.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-14 16:44:37 -05:00
David Calavera
22a81a2c58 Add an unsafe memory discovery store for testing.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-14 11:58:38 -05:00
mingqing
6a033fa03e fix pidfile, pid is num use '/proc + string(pid)' can't found it
Signed-off-by: mingqing <limingqing@cyou-inc.com>
2016-01-14 16:03:33 +08:00
Brian Goff
93268d845e Don't dump authz request when body is too large
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-01-13 17:04:49 -05:00
Jessica Frazelle
446f498eba
refactor aaparser pkg, add unit tests
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-01-13 08:43:12 -08:00
Jess Frazelle
293b3767c8 Merge pull request #19245 from jfrazelle/seccomp-kernel-check
check seccomp is configured in the kernel
2016-01-12 11:33:27 -08:00
Jessica Frazelle
40d5ced9d0
check seccomp is configured in the kernel
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-01-12 09:45:21 -08:00
Alexander Morozov
9a23569ecf Merge pull request #16032 from cpuguy83/remove_sqlite_dep
Build names and links at runtime - no more sqlite
2016-01-11 10:59:49 -08:00
Sebastiaan van Stijn
3f74d10142 Merge pull request #19222 from justincormack/shirley
Add Dame Stephanie "Steve" Shirley to names
2016-01-11 00:09:45 +01:00
Justin Cormack
4c530894f9 Add Dame Stephanie "Steve" Shirley to names
Born in Germany, she had to flee on the kindertransport to England in
1939. In the 1950s she worked at the Post Office Research Station at
Dollis Hill, building computers from scratch, and took evening classes
to get a degree in Mathematics.

In 1962 she set up a software company, employing almost entirely women,
working at home; the company was floated in 1996. Her team's projects
included programming Concorde's black box flight recorder. She adopted
the name "Steve" to fit in in a male domainated world.

http://www.bbc.co.uk/programmes/b05pmvl8
https://en.wikipedia.org/wiki/Steve_Shirley

Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
2016-01-10 21:33:18 +00:00
Anuj
cac23d1caa Adding two pioneer CS reseachers - Shafi Goldwasser and Michael Stonebraker
Signed-off-by: Anuj Bahuguna <anujbahuguna.dev@gmail.com>
2016-01-11 00:25:46 +05:30
Tõnis Tiigi
c49ccd3192 Merge pull request #19167 from vieux/bring_discovery_on_par
Bring discovery on par with the one in docker/swarm
2016-01-08 22:54:01 -08:00
Aaron Lehmann
3f829aa6e4 Remove ansiescape package
api/client/trust.go was the last file that used it.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-08 10:57:50 -08:00
Aaron Lehmann
65370be888 Send push information to trust code out-of-band
The trust code used to parse the console output of `docker push` to
extract the digest, tag, and size information and determine what to
sign. This is fragile and might give an attacker control over what gets
signed if the attacker can find a way to influence what gets printed as
part of the push output.

This commit sends the push metadata out-of-band. It introduces an `Aux`
field in JSONMessage that can carry application-specific data alongside
progress updates. Instead of parsing formatted output, the client looks
in this field to get the digest, size, and tag from the push.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-08 10:57:50 -08:00
Brian Goff
0f9f99500c Build names and links at runtime
Don't rely on sqlite db for name registration and linking.
Instead register names and links when the daemon starts to an in-memory
store.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-01-07 14:10:42 -05:00
Brian Goff
279dd092b6 Don't error out on plugin err with json
We don't want to error out when there is a json unmarshal error since
the `old way` will cause this to error.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-01-06 11:34:14 -05:00
Victor Vieux
a931c78540 Before that change, etcd and zookeeper would fail to instantiate
the discovery without the key being already there in the store or
created beforehand and implicitely by a 'swarm join'.

Signed-off-by: Alexandre Beslic <abronan@docker.com>
Signed-off-by: Victor Vieux <vieux@docker.com>

This PR allows to configure the discovery path using the
--discovery-opt flag (with "kv.path=path/to/nodes"). We
can point to "docker/nodes" and use the docker discovery.

If docker instances are advertising to the cluster using
the `--cluster-advertise` flag, the swarm join command
becomes unnecessary.

Signed-off-by: Alexandre Beslic <abronan@docker.com>
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-01-06 05:18:52 -08:00
Brian Goff
d3eca4451d Move responsibility of ls/inspect to volume driver
Makes `docker volume ls` and `docker volume inspect` ask the volume
drivers rather than only using what is cached locally.

Previously in order to use a volume from an external driver, one would
either have to use `docker volume create` or have a container that is
already using that volume for it to be visible to the other volume
API's.

For keeping uniqueness of volume names in the daemon, names are bound to
a driver on a first come first serve basis. If two drivers have a volume
with the same name, the first one is chosen, and a warning is logged
about the second one.

Adds 2 new methods to the plugin API, `List` and `Get`.
If a plugin does not implement these endpoints, a user will not be able
to find the specified volumes as well requests go through the drivers.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-01-05 16:28:38 -05:00
Sebastiaan van Stijn
db738dd77f Merge pull request #15666 from vdemeester/3519-configurable-escape
Implement configurable escape key for attach/exec
2016-01-04 00:49:07 +01:00
Vincent Demeester
15aa2a663b Implement configurable detach key
Implement configurable detach keys (for `attach`, exec`, `run` and
`start`) using the client-side configuration

- Adds a `--detach-keys` flag to `attach`, `exec`, `run` and `start`
  commands.
- Adds a new configuration field (in `~/.docker/config.json`) to
  configure the default escape keys for docker client.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-01-03 23:03:39 +01:00
Sebastiaan van Stijn
9d6c2196b5 Merge pull request #18387 from wenchma/18385-improve_help_msg
Improvement for docker subcommand's help messages
2016-01-03 12:19:53 +01:00
Phil Estes
233787040c Merge pull request #19036 from calavera/thank_you_ian
Thanks for everything Ian.
2016-01-02 21:21:03 -05:00
David Calavera
e11ebfcb09 Add Ian Murdock to the names generator.
❤️ 😢

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-02 19:17:17 -05:00
Vincent Demeester
5c0af43ebe Merge pull request #19006 from jen20/f-solaris-stat
Fix downstream client API build errors on Solaris
2016-01-01 20:09:22 +01:00
Wen Cheng Ma
d7dc439623 Improvement for docker subcommand's help messages
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2016-01-01 12:27:28 +08:00
Tim Wang
4b32d59595 Update LICENSE date
Signed-off-by: Tim <timwangdev@gmail.com>
2015-12-31 13:07:35 +00:00
James Nugent
c12dbb8c82 Fix downstream client API build errors on Solaris
The client API at fsouza/go-dockerclient has dependencies on packages in
the docker/docker repository which currently do not build on Solaris. In
particular, stat_unsupported.go makes use of the Mtimespec field of the
syscall.Stat_t struct, which is not present on Solaris, and a number of
Unix-specific packages do not list Solaris in their compile targets.

This commit adds enough support to be able to build
fsouza/go-dockerclient on SmartOS using Go 1.5.1 without affecting other
platforms.

Signed-off-by: James Nugent <james@jen20.com>
2015-12-30 18:25:42 -05:00
David Calavera
8e034802b7 Remove usage of pkg sockets and tlsconfig.
- Use the ones provided by docker/go-connections, they are a drop in replacement.
- Remove pkg/sockets from docker.
- Keep pkg/tlsconfig because libnetwork still needs it and there is a
  circular dependency issue.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-29 19:27:12 -05:00
Arnaud Porterie
914fad8b7d Merge pull request #18810 from runcom/pkg-authz-fixes
pkg: authorization: do not register the same plugin
2015-12-23 15:09:06 -08:00
Antonio Murdaca
c28fc06e00 pkg: authorization: do not register the same plugin
This patches avoids registering (and calling) the same plugin more than
once. Using an helper map which indexes by name guarantees this and keeps
the order.
The behavior of overriding the same name in a flag is consistent with,
for instance, the `docker run -v /test -v /test` flag which register
the volume just once.
Adds integration tests.

Without this patch:
```
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.080901676+01:00" level=debug msg="Calling
GET
/v1.22/info"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.081213202+01:00" level=debug msg="AuthZ
request using plugin docker-novolume-plugin"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.081268132+01:00" level=debug
msg="docker-novolume-plugin implements: authz"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.081699788+01:00" level=debug msg="AuthZ
request using plugin docker-novolume-plugin"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.081762507+01:00" level=debug
msg="docker-novolume-plugin implements: authz"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.082092480+01:00" level=debug msg="GET
/v1.22/info"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.628691038+01:00" level=debug msg="AuthZ
response using plugin docker-novolume-plugin"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.629880930+01:00" level=debug msg="AuthZ
response using plugin docker-novolume-plugin"
```

With this patch:
```
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.376523958+01:00" level=debug msg="Calling
GET
/v1.22/info"
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.376715483+01:00" level=debug msg="AuthZ
request using plugin docker-novolume-plugin"
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.376771230+01:00" level=debug
msg="docker-novolume-plugin implements: authz"
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.377698897+01:00" level=debug msg="GET
/v1.22/info"
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.951016441+01:00" level=debug msg="AuthZ
response using plugin docker-novolume-plugin"
```

Also removes a somehow duplicate debug statement (leaving only the
second one as it's a loop of plugin's manifest):
```
Dec 20 19:52:30 localhost.localdomain docker[25767]:
time="2015-12-20T19:52:30.544090518+01:00" level=debug
msg="docker-novolume-plugin's manifest: &{[authz]}"
Dec 20 19:52:30 localhost.localdomain docker[25767]:
time="2015-12-20T19:52:30.544170677+01:00" level=debug
msg="docker-novolume-plugin implements: authz"
```

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-23 21:08:40 +01:00
Daniel Nephin
83237aab2b Remove package pkg/ulimit, use go-units instead.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2015-12-23 13:27:58 -05:00
Daniel Nephin
b8659da214 Remove unused parser functions that were replaced by go-connections/nat.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2015-12-22 19:06:49 -05:00
Alexander Morozov
030347c3c9 Merge pull request #18762 from calavera/runconfig_to_types
Move container configuration types to api/types/container.
2015-12-22 14:22:08 -08:00
Alexander Morozov
9f228b37fc Merge pull request #18857 from calavera/catch_pipeline_error
Catch command pipeline error.
2015-12-22 13:34:56 -08:00
David Calavera
f38257308b Catch command pipeline error.
Rather than ignoring errors in the pipeline, return an execution error
and do not proceed with the latest command in the pipeline.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-22 15:17:15 -05:00
Dan Walsh
89a775d2dc No options to tmpfs is valid
If you run a

docker run command with --tmpfs /mountpoint:noexec

Or certain options that get translated into mount options, the mount command can get passed "" for mount data.
So this should be valid.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2015-12-22 14:15:07 -05:00
David Calavera
056e744903 Replace usage of pkg/nat with go-connections/nat.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-22 13:31:46 -05:00
David Calavera
0aab83d996 Move blkiodev package to types.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-22 13:31:46 -05:00
David Calavera
f9b857a200 Move StrSlice to types.
This is a very docker concept that nobody elses need.
We only maintain it to keep the API backwards compatible.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-22 13:31:43 -05:00
Sebastiaan van Stijn
312c82677b Merge pull request #15879 from Mashimiao/add-support-blkio_throtte_iops
Add support for blkio read/write iops device
2015-12-21 23:45:18 +01:00
Ma Shimiao
843084b08b Add support for blkio read/write iops device
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2015-12-21 09:14:49 +08:00
David Calavera
54f945994a Merge pull request #18651 from vbatts/dm-cleanup
loopback (and devicemapper) cleanup
2015-12-18 15:13:28 -08:00
Vincent Batts
af59752712 loopback: separate loop logic from devicemapper
The loopback logic is not technically exclusive to the devicemapper
driver. This reorganizes the code such that the loopback code is usable
outside of the devicemapper package and driver.

Signed-off-by: Vincent Batts <vbatts@redhat.com>
2015-12-18 10:57:43 -05:00
Vincent Batts
a292c04c01 devicemapper: remove unused type mapping
Signed-off-by: Vincent Batts <vbatts@redhat.com>
2015-12-18 10:44:06 -05:00
Antonio Murdaca
5a64c8027e authZ: more fixes
- fix naming and formatting
- provide more context when erroring auth
- do not capitalize errors
- fix wrong documentation
- remove ugly remoteError{}

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-18 16:29:01 +01:00
Alexander Morozov
5553aab705 Merge pull request #18744 from runcom/plugins-deadcode
pkg: plugins: remove dead code
2015-12-17 10:50:04 -08:00
Tibor Vass
9681f0f0d4 Merge pull request #18745 from runcom/pkg-version-String
pkg: version: add String method
2015-12-17 16:58:41 +01:00
Antonio Murdaca
0d9f1e344a pkg: version: add String method
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-17 11:52:23 +01:00
Antonio Murdaca
46e3a249a1 pkg: authorization: add Err to tweak response status code
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-17 11:08:47 +01:00
Antonio Murdaca
1d2b62ceae pkg: plugins: remove dead code
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-17 11:05:50 +01:00
Brian Goff
3805c29099 Merge pull request #18695 from dnephin/move_parse_link
Move ParseLink and validators into runconfig.parse where they are used
2015-12-16 16:15:52 -05:00
Vincent Demeester
cf7ccaf370 Merge pull request #18722 from calavera/remove_unused_packages
Remove timeoutconn package, it's not used anywhere
2015-12-16 20:56:43 +01:00
Vincent Demeester
8ec00e6d0e Merge pull request #18518 from MHBauer/spurious-timing
adjust test sleep timing to avoid spurious failure
2015-12-16 20:45:55 +01:00
Daniel Nephin
233a4fc33c Move ParseLink and validators into runconfig.parse where they are used.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2015-12-16 14:22:54 -05:00
David Calavera
4d8ce0ef4a Remove timeoutconn package.
It's not used anywhere.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-16 13:51:56 -05:00
David Calavera
b44b5bbc8b Merge pull request #18682 from calavera/replace_units_package
Replace pkg/units with docker/go-units.
2015-12-16 10:48:59 -08:00
Antonio Murdaca
c2276c1fe3 Merge pull request #18693 from dnephin/move_parse_docker_host
Move ParseDockerDaemonHost to opts/ package
2015-12-16 19:05:07 +01:00
David Calavera
4fef42ba20 Replace pkg/units with docker/go-units.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-16 12:26:49 -05:00
Antonio Murdaca
8435ea5289 pkg: authorization: cleanup
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-16 12:01:04 +01:00
Daniel Nephin
9b99591054 Move ParseDockerDaemonHost to opts/ package.
This function was only being used from a single place opts/opts.go. This
change moves it from a incohesive package (parsers) to the single place it
is used.

Also made a bunch of the helper methods private because they are not used
by any external modules.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2015-12-15 20:53:17 -05:00
David Calavera
e98cae4919 Move filters package to the API.
These filters are only use to interchange data between clients and daemons.
They don't belong to the parsers package.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-15 18:13:26 -05:00
David Calavera
52fd30079a Merge pull request #18685 from calavera/remove_timeutils
Move timeutils functions to the only places where they are used.
2015-12-15 15:11:18 -08:00
David Calavera
d3fbd43432 Merge pull request #18677 from runcom/fix-plugins-error
pkg: plugins: fix and better handle errors
2015-12-15 14:17:52 -08:00
Morgan Bauer
81c334fa56
adjust test sleep timing to avoid spurious failure
- refactor ConsumeWithSpeed
 - documentation

Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
2015-12-15 13:27:24 -08:00
David Calavera
27220ecc6b Move timeutils functions to the only places where they are used.
- Move time json marshaling to the jsonlog package: this is a docker
  internal hack that we should not promote as a library.
- Move Timestamp encoding/decoding functions to the API types: This is
  only used there. It could be a standalone library but I don't this
it's worth having a separated repo for this. It could introduce more
complexity than it solves.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-15 14:56:14 -05:00
Antonio Murdaca
4133dc2212 pkg: plugins: fix and better handle errors
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-15 17:51:48 +01:00
Tibor Vass
c70f8b3c9c builder: remove container package dependency
Signed-off-by: Tibor Vass <tibor@docker.com>
2015-12-15 17:24:07 +01:00
Chris Dituri
9b584781ad Make pkg/devicemapper/ log messages with a common, consistent prefix.
Closes #16667

Uses the prefix "devicemapper:" for all the fmt and logrus error, debug, and info messages.

Signed-off-by: Chris Dituri <csdituri@gmail.com>
2015-12-14 21:35:15 -06:00
Tibor Vass
135cca6f52 utils: move git functions to pkg/gitutils
Signed-off-by: Tibor Vass <tibor@docker.com>
2015-12-14 14:59:52 +01:00
Justas Brazauskas
927b334ebf Fix typos found across repository
Signed-off-by: Justas Brazauskas <brazauskasjustas@gmail.com>
2015-12-13 18:04:12 +02:00
Antonio Murdaca
1fffc0270f Merge pull request #15365 from twistlock/14674-docker-authz
Docker authorization plug-in infrastructure
2015-12-12 12:30:33 +01:00
Alexander Morozov
ac453a310b Merge pull request #18353 from aaronlehmann/transfer-manager
Improved push and pull with upload manager and download manager
2015-12-10 14:52:48 -08:00
Aaron Lehmann
572ce80230 Improved push and pull with upload manager and download manager
This commit adds a transfer manager which deduplicates and schedules
transfers, and also an upload manager and download manager that build on
top of the transfer manager to provide high-level interfaces for uploads
and downloads. The push and pull code is modified to use these building
blocks.

Some benefits of the changes:

- Simplification of push/pull code
- Pushes can upload layers concurrently
- Failed downloads and uploads are retried after backoff delays
- Cancellation is supported, but individual transfers will only be
  cancelled if all pushes or pulls using them are cancelled.
- The distribution code is decoupled from Docker Engine packages and API
  conventions (i.e. streamformatter), which will make it easier to split
  out.

This commit also includes unit tests for the new distribution/xfer
package. The tests cover 87.8% of the statements in the package.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-09 19:13:35 -08:00
Brian Goff
8b6132aa15 Merge pull request #18538 from estesp/aufs-whiteout-userns-fix
Skip aufs whiteout files on userns translation to container
2015-12-09 14:47:01 -05:00
Sebastiaan van Stijn
7a6f5d9b31 Remove redundant check
jm.ID is already checked in the outer "if",
so theres no reason to check it again here.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2015-12-09 17:38:06 +01:00
Phil Estes
1626c9dae0 Skip aufs whiteout files on userns translation to container
aufs kernel module creates whiteout files on upper layer delete (and
other situations) and those files already are 'translated' regarding
ownership in host terms (e.g. they are already "0:0" owned), so when
these layers are copied around with pkg/archive we don't want to try and
translate these files regarding ownership.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-12-09 10:11:32 -05:00
Dima Stopel
8cc0892269 Fixing documentation according to comments by @moxiegirl and @thaJeztah
Signed-off-by: Dima Stopel <dima@twistlock.com>
2015-12-08 17:34:15 +02:00
Liron Levin
75c353f0ad Docker authorization plug-in infrastructure enables extending the functionality of the Docker daemon with respect to user authorization. The infrastructure enables registering a set of external authorization plug-in. Each plug-in receives information about the user and the request and decides whether to allow or deny the request. Only in case all plug-ins allow accessing the resource the access is granted.
Each plug-in operates as a separate service, and registers with Docker
through general (plug-ins API)
[https://blog.docker.com/2015/06/extending-docker-with-plugins/]. No
Docker daemon recompilation is required in order to add / remove an
authentication plug-in. Each plug-in is notified twice for each
operation: 1) before the operation is performed and, 2) before the
response is returned to the client. The plug-ins can modify the response
that is returned to the client.

The authorization depends on the authorization effort that takes place
in parallel [https://github.com/docker/docker/issues/13697].

This is the official issue of the authorization effort:
https://github.com/docker/docker/issues/14674

(Here)[https://github.com/rhatdan/docker-rbac] you can find an open
document that discusses a default RBAC plug-in for Docker.

Signed-off-by: Liron Levin <liron@twistlock.com>
Added container create flow test and extended the verification for ps
2015-12-08 17:34:15 +02:00
Aaron Lehmann
59df2adc07 Fix the scoping of "diff" so its value doesn't leak between loop iterations
In the existing code, "diff" has function scope and the value from the
previous iteration may be used if it is not reset. This appears to be an
oversight. This commit changes its scope to the for loop body.

One confusing point is that the cursor movement escape sequences appear
to be necessary even if the requested movement is 0. I haven't been able
to figure out why this makes a difference.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-07 17:01:47 -08:00
Aaron Lehmann
fc41d39394 Don't update lines on the terminal from a previous operation
When we handle a message that isn't tracked in the "line" map (for
example, one with no ID), clear the line map. This means we won't update
lines that were part of a previous, completed set of operations when
doing something like pull -a. It also has the beneficial side effect
of avoiding terminal glitching in these types of situations, since
messages that don't get tracked in the "line" map cause the count of the
number of lines to get out of sync.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-07 16:04:42 -08:00
Sebastiaan van Stijn
5f1af8da5b Merge pull request #18449 from coolljt0725/plugins_cleanup
pkg/plugins/client.go: don't try to encode os decode if it's nil
2015-12-07 16:03:28 +01:00
Tibor Vass
1f8efc687c Merge pull request #18123 from aidanhs/aphs-fail-on-broken-tar
Ensure adding a broken tar doesn't silently fail
2015-12-07 14:38:21 +01:00
Lei Jitang
a2d348968f pkg/plugins/client.go: don't try to encode os decode if it's nil
When user call the `Call()` method, they don't always want to sent
some args or get the return value, so they use `nil` when call `Call()`
method and this will casue an error. It's better to not trying to
encode or decode if it's nil.

Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-12-05 02:55:50 -05:00
Sebastiaan van Stijn
cb6a1a6042 Merge pull request #14466 from Mashimiao/add-support-blkio_throtte_bps
Add support for blkio read/write bps device
2015-12-04 12:29:58 +01:00
Alexander Morozov
7c1c96551d Merge pull request #18412 from aaronlehmann/runcommand-race
Fix race in RunCommandWithOutputForDuration
2015-12-03 19:35:04 -08:00
Ma Shimiao
3f15a055e5 Add support for blkio read/write bps device
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2015-12-04 09:26:03 +08:00
Alexander Morozov
4e6bea5964 Merge pull request #18411 from aaronlehmann/unit-test-timing
Adjust TestDockerCmdWithTimeout timeout to improve reliability
2015-12-03 16:34:36 -08:00
Aaron Lehmann
2704fd9156 Fix race in RunCommandWithOutputForDuration
This function was starting a goroutine that modifies one of its return
values. The intent is for the goroutine to only influence the return
value when it's causing the function to return, but it's racy and can
also modify the return value when the function is returning due to the
timeout. Fix the goroutine to not modify return values directly.

Also, give the channel a buffer so that the goroutine doesn't block
forever after a timeout.

Fixes #18305

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-03 16:34:01 -08:00
Aaron Lehmann
13d768b8ee Adjust TestDockerCmdWithTimeout timeout to improve reliability
I saw a failure of TestDockerCmdWithTimeout. This test starts a command
that produces output after 10 ms, but uses a 5 ms timeout, so normally
the command will be killed before the output. The time intervals are so
small that the timeout may not reliably trigger before the output, which
can cause the test to fail.

This commit changes the test to only fail if the process is still alive
after 10 seconds. This means the test will confirm that the timeouts are
happening, but not attempt to gauge that the timeouts are happening
within milliseconds of when they are expected (which can't be done
reliably).

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-03 14:42:32 -08:00
Tibor Vass
33ab2bb52c Merge pull request #18266 from calavera/events_pub_sub
Event PubSub topics + linear filtering.
2015-12-03 17:11:40 +01:00
David Calavera
434d2e8745 Add PubSub topics.
A TopicFunc is an interface to let the pubisher decide whether it needs
to send a message to a subscriber or not. It returns true if the
publisher must send the message and false otherwise.

Users of the pubsub package can create a subscriber with a topic
function by calling `pubsub.SubscribeTopic`.

Message delivery has also been modified to use concurrent channels per
subscriber. That way, topic verification and message delivery is not
o(N+M) anymore, based on the number of subscribers and topic verification
complexity.

Using pubsub topics, the API stops controlling the message delivery,
delegating that function to a topic generated with the filtering
provided by the user. The publisher sends every message to the
subscriber if there is no filter, but the api doesn't have to select
messages to return anymore.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-02 16:43:49 -05:00
David Calavera
93d1dd8036 Make filtering a linear operation.
Improves the current filtering implementation complixity.
Currently, the best case is O(N) and worst case O(N^2) for key-value filtering.
In the new implementation, the best case is O(1) and worst case O(N), again for key-value filtering.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-02 11:12:42 -05:00
Dan Walsh
b3e527dfd2 This patch adds --tmpfs as a option for mounting tmpfs on directories
It will Tar up contents of child directory onto tmpfs if mounted over

This patch will use the new PreMount and PostMount hooks to "tar"
up the contents of the base image on top of tmpfs mount points.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2015-12-02 10:06:59 -05:00
David Calavera
c84f5dfd74 Merge pull request #17438 from pmalmgren/17037-systemd226-cgroup
Fix docker status incorrectly reports containerized
2015-11-30 11:47:16 -08:00
Phil Estes
2a354790a6 Merge pull request #18241 from LK4D4/remove_listenbuffer
Remove listenbuffer
2015-11-30 14:37:14 -05:00
Jess Frazelle
e852959fad Merge pull request #18178 from jfrazelle/apparmor-we-meet-again
Fix docker-default profile handing signals
2015-11-30 11:34:34 -08:00
Jessica Frazelle
f8db9a09e0
check version for docker-default aa profile
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-11-30 10:18:12 -08:00
David Calavera
221d979e7b Merge pull request #18296 from jfrazelle/add-james
add james golick to names generator
2015-11-30 10:00:21 -08:00
Alexander Morozov
a0251b2bbf Remove listenbuffer package
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-30 09:04:59 -08:00
Alexander Morozov
ca5795cef8 Remove usage of listenbuffer package
It actually adds nothing to queuing requests.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-30 09:04:55 -08:00
Vincent Batts
a26accfb5d Merge pull request #18226 from duglin/Issue18170
Fix for zero-sized layers
2015-11-30 09:57:37 -06:00
Jessica Frazelle
bf66deeb08
add james golick to names generator
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-11-29 10:40:12 -08:00
Doug Davis
7bb9fc415a Fix for zero-sized layers
Moved a defer up to a better spot.

Fixed TestUntarPathWithInvalidDest to actually fail for the right reason

Closes #18170

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-11-25 18:02:03 -08:00
Bryan Boreham
899caaca9c Fix spelling of 'existent'
Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
2015-11-25 13:45:37 +00:00
David Calavera
a2ab05098d Merge pull request #17924 from aaronlehmann/content-addressability
Content addressability
2015-11-24 11:01:33 -08:00
Tonis Tiigi
4352da7803 Update daemon and docker core to use new content addressable storage
Add distribution package for managing pulls and pushes. This is based on
the old code in the graph package, with major changes to work with the
new image/layer model.

Add v1 migration code.

Update registry, api/*, and daemon packages to use the reference
package's types where applicable.

Update daemon package to use image/layer/tag stores instead of the graph
package

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-11-24 09:40:25 -08:00
Brian Goff
985175fd8f Fix race in locker call to dec()
Can't safely use uint32 for locker since we need to decrement the count,
which requires loading the unit and doing some math, which is inherintly
racey.
Instead use Int32 which we can safely use with atomic and AddInt32 with
`-1`

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-11-24 11:59:09 -05:00
Aidan Hobson Sayers
3243e504d0 Ensure adding a broken tar doesn't silently fail
Signed-off-by: Aidan Hobson Sayers <aidanhs@cantab.net>
2015-11-23 14:18:58 +00:00
Brian Goff
692bfdaee3 Merge pull request #18146 from JamesKyburz/random-additions
Random additions
2015-11-21 13:18:09 -05:00
Antonio Murdaca
3ff9bb5332 Merge pull request #16613 from WeiZhang555/docker-cp-symlink
Add option `-L` to allow `docker cp` follow symbol link
2015-11-21 17:03:24 +01:00
James Kyburz
f8a6726dad Add nauseous and pedantic
Signed-off-by: James Kyburz <james.kyburz@gmail.com>
2015-11-21 16:23:07 +01:00
Antonio Murdaca
6653f82796 Merge pull request #17495 from mikebrow/docker-tz-and-nanosecond-updates
modifying docker --since and --until to support nanoseconds and time …
2015-11-20 23:37:44 +01:00
Tibor Vass
6e727a4c80 Merge pull request #17456 from Microsoft/TestChtimesFix
Fix ChTimes to prevent setting times past the Unix Max Time
2015-11-20 18:07:09 +01:00
Zhang Wei
92600bdec1 Add '-L' option for cp
Fixes #16555

Original docker `cp` always copy symbol link itself instead of target,
now we provide '-L' option to allow docker to follow symbol link to real
target.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2015-11-21 00:36:56 +08:00
Michael Crosby
249b3a9479 Merge pull request #17459 from brahmaroutu/Power_Z_CI
Build and test Docker on IBM Power and Z using gccgo. Enable CI on Po…
2015-11-19 15:50:07 -08:00
Alexander Morozov
9c21e852b2 Merge pull request #18082 from MHBauer/gh9406
Remove defaults for flags/options that expect no value
2015-11-19 15:06:21 -08:00
Darren Stahl
318ad1cb43 This fixes Chtimes on systems with 32 bit Timespec
Signed-off-by: Darren Stahl <darst@microsoft.com>
2015-11-19 11:08:29 -08:00
David Calavera
aade9536b6 Merge pull request #18090 from vdemeester/17478-follow-up-cleanup-pkg-platform
Follow-up of 17478, unexport runtimeArchitecture method
2015-11-19 14:00:23 -05:00
Stefan Scherer
7c1d49d90c Move charsToString to architecture dependent source to fix casting problem
Signed-off-by: Stefan Scherer <scherer_stefan@icloud.com>
2015-11-19 18:09:08 +01:00
Morgan Bauer
48718a3c77
Remove defaults for flags/options that expect no value
- isZeroValue function from upstream go
 - covers booleans, strings and numbers
 - change integration to reflect new behavior
 - resolves #9406

Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
2015-11-19 08:37:51 -08:00
Vincent Demeester
0ff3c10aa8 Follow-up of 17478, unexport private method
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-11-19 14:55:57 +01:00
moxiegirl
c83373112c Merge pull request #17986 from bogdangrigg/master
Fix small typos in documentation files
2015-11-17 16:45:38 -08:00
Michael Crosby
53556183c7 Merge pull request #17434 from little-arhat/fix/newlines-in-json-status
Add newlines to FormatProgress for JSON as well
2015-11-17 15:52:31 -08:00
Michael Crosby
104dab87ea Merge pull request #17478 from vdemeester/pr-13921
Carry#13921 : Expand /info: Expose OSType (GOOS), Architecture (GOARCH)
2015-11-17 15:44:57 -08:00
Alexander Morozov
292a15e40a Use /usr/lib/os-release if /etc/os-release is missing.
As per os-release spec, /usr/lib/os-release file should be tried if
/etc/os-release is missing.

http://www.freedesktop.org/software/systemd/man/os-release.html

Thanks James Hunt <james.o.hunt@intel.com> and
Dimitri John Ledkov <dimitri.j.ledkov@intel.com> for contribution.

Close #17174

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-16 16:21:31 -08:00
Luca-Bogdan Grigorescu
d1e72baa15 Fix small typos in documentation files
Signed-off-by: Luca-Bogdan Grigorescu <bogdan@gmail.com>
2015-11-15 00:53:27 +02:00
Vincent Demeester
49779b674a Add pkg/parsers/architecture and pkg/platform
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-11-14 23:03:02 +01:00
Antonio Murdaca
1448cd3ec2 Merge pull request #17971 from narqo/simplify-addr-formating
Simplify final address formatting in parser.ParseTCPAddr
2015-11-14 08:38:09 +01:00
Srini Brahmaroutu
b1cc78b8f5 Build and test Docker on IBM Power and Z using gccgo. Enable CI on Power and Z.
Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
2015-11-14 03:16:45 +00:00
unclejack
13963957eb Merge pull request #17877 from aaronlehmann/capped-bytespipe
Cap the amount of buffering done by BytesPipe
2015-11-14 00:51:11 +02:00
Alexander Morozov
f5e318a17b Merge pull request #17090 from duglin/dockerignoreWildcards
Support multi-dir wildcards in .dockerignore
2015-11-13 14:29:34 -08:00
Doug Davis
eddb14a44e Support multi-dir wildcards in .dockerignore
Closes #13113

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-11-13 13:44:07 -08:00
Alexander Morozov
42fa8e3128 Merge pull request #17417 from cpuguy83/15815_add_log_file_poller
Fallback to file polling for jsonlog reader on err
2015-11-13 11:49:54 -08:00
Vladimir Varankin
3830359745 Simplify address formating
Use `net.JoinHostPort()` which count IPv6 literals in `host`,
instead of relying on `net.ParseIP(host).To4()` side effects.

Signed-off-by: Vladimir Varankin <nek.narqo@gmail.com>
2015-11-13 20:32:32 +03:00
Alexander Morozov
59a341ed2a Merge pull request #17833 from rhatdan/signals
Define all of the signals defined by kill -l
2015-11-13 09:03:51 -08:00
Mike Brown
430d8ff611 modifying docker --since and --until to support nanoseconds and time zones
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2015-11-13 09:56:15 -06:00
Vincent Demeester
812a1c149a Merge pull request #13959 from Mashimiao/add-support-blkio_weight_device
Add support for blkio.weight_device
2015-11-12 20:42:13 +01:00
Vincent Demeester
b99b23ba93 Merge pull request #17929 from mqliang/hardCode
Removing TODO in pkg/term/windows
2015-11-12 19:56:09 +01:00
Aaron Lehmann
64f8ee444d Cap the amount of buffering done by BytesPipe
Turn BytesPipe's Read and Write functions into blocking, goroutine-safe
functions. Add a CloseWithError function to propagate an error code to
the Read function.

Adjust tests to work with the blocking Read and Write functions.

Remove BufReader, since now its users can use BytesPipe directly.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-12 10:11:29 -08:00
Dan Walsh
d1ae13b0b0 Define all of the signals defined by kill -l
1) SIGHUP	 2) SIGINT	 3) SIGQUIT	 4) SIGILL	 5) SIGTRAP
 6) SIGABRT	 7) SIGBUS	 8) SIGFPE	 9) SIGKILL	10) SIGUSR1
11) SIGSEGV	12) SIGUSR2	13) SIGPIPE	14) SIGALRM	15) SIGTERM
16) SIGSTKFLT	17) SIGCHLD	18) SIGCONT	19) SIGSTOP	20) SIGTSTP
21) SIGTTIN	22) SIGTTOU	23) SIGURG	24) SIGXCPU	25) SIGXFSZ
26) SIGVTALRM	27) SIGPROF	28) SIGWINCH	29) SIGIO	30) SIGPWR
31) SIGSYS	34) SIGRTMIN	35) SIGRTMIN+1	36) SIGRTMIN+2	37) SIGRTMIN+3
38) SIGRTMIN+4	39) SIGRTMIN+5	40) SIGRTMIN+6	41) SIGRTMIN+7	42) SIGRTMIN+8
43) SIGRTMIN+9	44) SIGRTMIN+10	45) SIGRTMIN+11	46) SIGRTMIN+12	47) SIGRTMIN+13
48) SIGRTMIN+14	49) SIGRTMIN+15	50) SIGRTMAX-14	51) SIGRTMAX-13	52) SIGRTMAX-12
53) SIGRTMAX-11	54) SIGRTMAX-10	55) SIGRTMAX-9	56) SIGRTMAX-8	57) SIGRTMAX-7
58) SIGRTMAX-6	59) SIGRTMAX-5	60) SIGRTMAX-4	61) SIGRTMAX-3	62) SIGRTMAX-2
63) SIGRTMAX-1	64) SIGRTMAX

This will allow users to specify signals by name.  Needed to make docker run --stop-signal
work as defined by systemd.

man systemd

defines the proper way to shutdown a systemd running as pid 1 in a container as

SIGRTMIN+4

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2015-11-12 09:55:18 -05:00
mqliang
644471bac8 kill TODO
Signed-off-by: mqliang <mqliang.zju@gmail.com>
2015-11-12 16:41:25 +08:00
Alexander Morozov
2337db8205 Merge pull request #17925 from cpuguy83/fix_locker_unit_tests
Use timeouts instead of relying on runtime.GoSched
2015-11-11 18:46:52 -08:00
Brian Goff
fd672d5926 Use timeouts instead of relying on runtime.GoSched
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-11-11 20:59:07 -05:00
Ma Shimiao
0fbfa1449d Add support for blkio.weight_device
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2015-11-11 23:06:36 +08:00
David Calavera
35d9bcdb57 Merge pull request #17732 from Microsoft/sjw/archive_access_time_fix
Fixing last access time on Windows to unblock python.
2015-11-10 13:17:03 -08:00
David Calavera
69bc4ebe7a Merge pull request #17819 from tonistiigi/17766-fix-opq-dot
Fix opq whiteouts problems for files with dot prefix
2015-11-09 11:08:31 -08:00
Alexander Morozov
28588efb47 Merge pull request #17089 from Microsoft/10662-ansi
Windows: Native ANSI console support
2015-11-09 08:05:08 -08:00
Tonis Tiigi
db3070ab1b Fix opq whiteouts problems for files with dot prefix
Fixes #17766

Previously, opaque directory whiteouts on non-native
graphdrivers depended on the file order, meaning
files added with the same layer before the whiteout
file `.wh..wh..opq` were also removed.

If that file happened to have subdirs, then calling
chtimes on those dirs after unpack would fail the pull.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-11-08 23:00:01 -08:00
Alexander Morozov
cc207aa136 Merge pull request #17185 from cpuguy83/use_finer_locking_for_volume_store
Fix potential races in the volume store
2015-11-06 08:48:12 -08:00
Stefan J. Wernli
37ba67bf63 Fixing last access time on Windows to unblock python.
Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2015-11-05 12:15:18 -08:00
Vincent Demeester
7b102dc114 Fix panic in parsing /etc/os-release
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-11-05 19:59:29 +01:00
Brian Goff
c136a33c5b Fallback to file polling for jsonlog reader on err
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-11-05 10:05:05 -05:00
Sebastiaan van Stijn
236913f4e8 Merge pull request #14012 from sallyom/exitCodes
Change 'docker run' exit codes to distinguish docker/contained errors
2015-11-05 00:50:08 +01:00
Brian Goff
fe66fdd18c Fix potential races in the volume store
Uses finer grained locking so that each volume name gets its own lock
rather than only being protected by the global lock, which itself needs
to be unlocked during cetain operations (`create` especially`)

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-11-04 16:59:47 -05:00
Sally O'Malley
41de7a18d8 Change 'docker run' exit codes to distinguish docker/contained errors
The purpose of this PR is for users to distinguish Docker errors from
contained command errors.
This PR modifies 'docker run' exit codes to follow the chroot standard
for exit codes.
Exit status:
125 if 'docker run' itself fails
126 if contained command cannot be invoked
127 if contained command cannot be found
the exit status otherwise

Signed-off-by: Sally O'Malley <somalley@redhat.com>
2015-11-04 15:18:50 -05:00
Alexander Morozov
d4a8d09d1a Do not rely on string comparison in truncindex
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-04 11:34:05 -08:00
Peter Malmgren
f6896b61ff Fix docker status incorrectly reports containerized. Fixes #17037
Signed-off-by: Peter Malmgren <ptmalmgren@gmail.com>
2015-11-04 00:08:46 +00:00
Jess Frazelle
e704182c9c Merge pull request #17614 from LK4D4/fix_golint
Update linting tools to latest versions
2015-11-03 15:32:12 -08:00
Stephen J Day
ec2289b2d9 Avoid panic on write after close in http
By adding a (*WriteFlusher).Close, we limit the Write calls to possibly
deallocated http response buffers to the lifetime of an http request.
Typically, this is seen as a very confusing panic, the cause is usually a
situation where an http.ResponseWriter is held after request completion. We
avoid the panic by disallowing further writes to the response writer after the
request is completed.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-11-02 18:14:43 -08:00
David Calavera
79d47c5b96 Merge pull request #17628 from LK4D4/umount_log_err
Log error from unmountVolumes on cleanup
2015-11-02 15:38:32 -08:00
David Calavera
642a1f67b6 Merge pull request #17573 from Microsoft/10662-parsersos
Windows: Fix unit tests parsers\os
2015-11-02 14:31:09 -08:00
Alexander Morozov
a20fea1823 Log error from unmountVolumes on cleanup
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-02 14:11:42 -08:00
John Howard
a40c828040 Windows: Fix unit tests parsers\os
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-11-02 11:28:47 -08:00
Alexander Morozov
7aa28b6bdd Fix go vet warnings
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-02 08:28:34 -08:00
Alexander Morozov
270e8cf64d Fix golint warnings
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-02 08:02:25 -08:00
John Howard
670fd201de Windows: Fix parsers kernel test
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-11-01 07:05:16 -08:00
John Howard
805dd0eeed Windows: Native ANSI console support
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-10-30 13:44:04 -07:00
Roma Sokolov
e98b8e0857 Add newlines to FormatProgress for JSON as well
Commit 060da572d2 has introduced newlines
to streamformatter to help parse Remote API responses. However,
FormatProgress method was omitted from the list of patched methods,
leaving progress messages in, say, /images/create without newlines.

Signed-off-by: Roma Sokolov <sokolov.r.v@gmail.com>
2015-10-28 12:58:47 +00:00
Jess Frazelle
96a6e810de Merge pull request #17418 from diogomonica/bump-go-1.5
Bump go 1.5
2015-10-27 20:12:43 -07:00
Jessica Frazelle
9bcbb39fa8
update to binaries, fix parsers package, non-parallel test unit
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-10-27 14:43:25 -07:00
Alexandre Beslic
85ae8b034a Merge pull request #17364 from mavenugo/advertise
Enhancing --cluster-advertise to support <interface-name>
2015-10-27 13:29:18 -07:00
Madhu Venugopal
3e7db73b99 Enhancing --cluster-advertise to support <interface-name>
--cluster-advertise daemon option is enahanced to support <interface-name>
in addition to <ip-address> in order to amke it  automation friendly using
docker-machine.

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2015-10-27 11:03:22 -07:00
John Howard
853f2e9952 Windows: Volumes PR fix one of Tibors nits
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-10-26 13:34:49 -07:00
David Calavera
c52fdce2f2 Merge pull request #17286 from FeroVolar/namegenerator
Add Heyrovsky
2015-10-26 13:26:43 -07:00
Fero Volar
ac37d1f10a Add Bassi
Signed-off-by: Fero Volar <alian@alian.info>
2015-10-23 01:32:47 +02:00
Fero Volar
685425bb2b Add Heyrovsky
Signed-off-by: Fero Volar <alian@alian.info>
2015-10-23 01:01:58 +02:00
John Howard
a7e686a779 Windows: Add volume support
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-10-22 10:42:53 -07:00
Tibor Vass
6a7c38a57d Merge pull request #16940 from coolljt0725/default_tls_host
Make default tls host work
2015-10-21 14:02:22 -04:00
Alexander Morozov
ad861876e8 Merge pull request #17035 from estesp/fix-build-dir-perms
Correct build-time directory creation with user namespaced daemon
2015-10-20 08:57:19 -07:00
Phil Estes
ae8c004dc1 Correct build-time directory creation with user namespaced daemon
This fixes errors in ownership on directory creation during build that
can cause inaccessible files depending on the paths in the Dockerfile
and non-existing directories in the starting image.

Add tests for the mkdir variants in pkg/idtools

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-10-20 08:59:48 -04:00
Jess Frazelle
98c01c2c90 Merge pull request #17088 from Microsoft/sjw/archive_hang_fix
Fixing hang in archive.CopyFileWithTar with invalid dst
2015-10-19 17:18:25 -07:00
Stefan J. Wernli
a150eee308 Fixing hang in archive.CopyWithTar with invalid dst
Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2015-10-19 11:56:05 -07:00
Lei Jitang
fbb01b8162 Make default tls host work
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-10-19 21:17:37 +08:00
Jan-Gerd Tenberge
ab31d9500e Fix spelling error, add Noether and Euler
Signed-off-by: Jan-Gerd Tenberge <janten@gmail.com>
2015-10-19 01:14:39 +02:00
Vincent Batts
2726434f72 Merge pull request #16960 from pydima/9283_consider_hard_links_in_image_size
Consider hardlinks in image size.
2015-10-17 14:22:33 -04:00
Sebastiaan van Stijn
cffd50752c Merge pull request #17056 from vdemeester/16756-integration-cli-checkers-api-build
Vendoring new go-check checkers and use checker for docker_api_build_test.go
2015-10-17 08:50:51 -07:00
Vincent Demeester
9685b4767f Vendoring shakers library and update go-check
The shakers library defines a bunch of go-check checkers to ease
writing tests.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-10-17 14:28:08 +02:00
Dmitry Vorobev
4102537cfd Fixes #9283. Consider hardlinks in image size.
Based on #8984. This patch fixes behavior when image size calculation
didn't consider hardlinks.

Signed-off-by: Dmitry Vorobev <dimahabr@gmail.com>
2015-10-17 12:24:05 +02:00
Antonio Murdaca
4fc97e40c9 Merge pull request #16950 from cpuguy83/support_ipv6_in_host_parser
Allow API to bind to ipv6 addresses
2015-10-17 00:20:49 +02:00
Vincent Batts
d35a1f2868 Merge pull request #16932 from c0b/fix-race-16924
Fix race #16924 [panic: runtime error: slice bounds out of range] docker daemon crash of racing
2015-10-15 18:05:05 -05:00
John Howard
bc503ca8ab Windows: [TP4] docker kill handling
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-10-13 16:04:49 -07:00
Derek Ch
b48f4bf523 fix a race crash when building with "ADD some-broken.tar.xz ..."
The race is between pools.Put which calls buf.Reset and exec.Cmd
doing io.Copy from the buffer; it caused a runtime crash, as
described in #16924:

``` docker-daemon cat the-tarball.xz | xz -d -c -q | docker-untar /path/to/... (aufs ) ```

When docker-untar side fails (like try to set xattr on aufs, or a broken
tar), invokeUnpack will be responsible to exhaust all input, otherwise
`xz` will be write pending for ever.

this change add a receive only channel to cmdStream, and will close it
to notify it's now safe to close the input stream;

in CmdStream the change to use Stdin / Stdout / Stderr keeps the
code simple, os/exec.Cmd will spawn goroutines and call io.Copy automatically.

the CmdStream is actually called in the same file only, change it
lowercase to mark as private.

[...]
INFO[0000] Docker daemon                                 commit=0a8c2e3 execdriver=native-0.2 graphdriver=aufs version=1.8.2

DEBU[0006] Calling POST /build
INFO[0006] POST /v1.20/build?cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&memory=0&memswap=0&rm=1&t=gentoo-x32&ulimits=null
DEBU[0008] [BUILDER] Cache miss
DEBU[0009] Couldn't untar /home/lib-docker-v1.8.2-tmp/tmp/docker-build316710953/stage3-x32-20151004.tar.xz to /home/lib-docker-v1.8.2-tmp/aufs/mnt/d909abb87150463939c13e8a349b889a72d9b14f0cfcab42a8711979be285537: Untar re-exec error: exit status 1: output: operation not supported
DEBU[0009] CopyFileWithTar(/home/lib-docker-v1.8.2-tmp/tmp/docker-build316710953/stage3-x32-20151004.tar.xz, /home/lib-docker-v1.8.2-tmp/aufs/mnt/d909abb87150463939c13e8a349b889a72d9b14f0cfcab42a8711979be285537/)
panic: runtime error: slice bounds out of range

goroutine 42 [running]:
bufio.(*Reader).fill(0xc208187800)
    /usr/local/go/src/bufio/bufio.go:86 +0x2db
bufio.(*Reader).WriteTo(0xc208187800, 0x7ff39602d150, 0xc2083f11a0, 0x508000, 0x0, 0x0)
    /usr/local/go/src/bufio/bufio.go:449 +0x27e
io.Copy(0x7ff39602d150, 0xc2083f11a0, 0x7ff3960261f8, 0xc208187800, 0x0, 0x0, 0x0)
    /usr/local/go/src/io/io.go:354 +0xb2
github.com/docker/docker/pkg/archive.func·006()
    /go/src/github.com/docker/docker/pkg/archive/archive.go:817 +0x71
created by github.com/docker/docker/pkg/archive.CmdStream
    /go/src/github.com/docker/docker/pkg/archive/archive.go:819 +0x1ec

goroutine 1 [chan receive]:
main.(*DaemonCli).CmdDaemon(0xc20809da30, 0xc20800a020, 0xd, 0xd, 0x0, 0x0)
    /go/src/github.com/docker/docker/docker/daemon.go:289 +0x1781
reflect.callMethod(0xc208140090, 0xc20828fce0)
    /usr/local/go/src/reflect/value.go:605 +0x179
reflect.methodValueCall(0xc20800a020, 0xd, 0xd, 0x1, 0xc208140090, 0x0, 0x0, 0xc208140090, 0x0, 0x45343f, ...)
    /usr/local/go/src/reflect/asm_amd64.s:29 +0x36
github.com/docker/docker/cli.(*Cli).Run(0xc208129fb0, 0xc20800a010, 0xe, 0xe, 0x0, 0x0)
    /go/src/github.com/docker/docker/cli/cli.go:89 +0x38e
main.main()
    /go/src/github.com/docker/docker/docker/docker.go:69 +0x428

goroutine 5 [syscall]:
os/signal.loop()
    /usr/local/go/src/os/signal/signal_unix.go:21 +0x1f
created by os/signal.init·1
    /usr/local/go/src/os/signal/signal_unix.go:27 +0x35

Signed-off-by: Derek Ch <denc716@gmail.com>
2015-10-13 15:58:06 -07:00
John Howard
6d71f27760 Windows: Fix AV in build due to userns
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-10-13 14:02:25 -07:00
Brian Goff
b7d921e1b5 Merge pull request #16963 from Microsoft/10662-kill-partone
Windows: Enable kill (part one)
2015-10-13 13:02:58 -04:00
John Howard
2dca1bc633 Windows: Enable kill (part one)
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-10-13 08:42:47 -07:00
Daniel Dao
0083f6e984 add labels/env log option for jsonfile
this allows jsonfile logger to collect extra metadata from containers with
`--log-opt labels=label1,label2 --log-opt env=env1,env2`.

Extra attributes are saved into `attrs` attributes for each log data.

Signed-off-by: Daniel Dao <dqminh@cloudflare.com>
2015-10-12 21:12:46 +02:00
Brian Goff
a82e3bc704 Allow API to bind to ipv6 addresses
Use `net.SplitHostPort` which supports ipv6 rather than relying on
splitting on `:`

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-10-12 13:55:27 -04:00
Phil Estes
67034e5003 Merge pull request #16947 from Microsoft/jjh/daemon-broken-on-master
Windows: Daemon broken on master
2015-10-12 13:40:02 -04:00
John Howard
bfe252b781 Windows: Daemon broken on master
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-10-12 09:11:19 -07:00
Phil Estes
79240b9eaf Correct mismatched function names (UID() and Gid())
All the go-lint work forced any existing "Uid" -> "UID", but seems to
not have the same rules for Gid, so stat package has calls UID() and
Gid().

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-10-12 10:58:33 -04:00
Sebastiaan van Stijn
3a24eb2de4 Merge pull request #16618 from abronan/fix_discovery_pkg_readme
Fix discovery package README with the right --cluster* flags
2015-10-11 12:05:07 -07:00
Phil Estes
442b45628e Add user namespace (mapping) support to the Docker engine
Adds support for the daemon to handle user namespace maps as a
per-daemon setting.

Support for handling uid/gid mapping is added to the builder,
archive/unarchive packages and functions, all graphdrivers (except
Windows), and the test suite is updated to handle user namespace daemon
rootgraph changes.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-10-09 17:47:37 -04:00
Phil Estes
9a3ab0358e Add utility/support package for user namespace support
The `pkg/idtools` package supports the creation of user(s) for
retrieving /etc/sub{u,g}id ranges and creation of the UID/GID mappings
provided to clone() to add support for user namespaces in Docker.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-10-09 17:44:47 -04:00
Jess Frazelle
b50a88cfd7 Merge pull request #16644 from dhiltgen/discovery_tls
Add TLS support for discovery backend
2015-10-08 14:21:06 -07:00
Jess Frazelle
bea2257f92 Merge pull request #16803 from tiborvass/pkg-broadcaster
Move types from progressreader and broadcastwriter to broadcaster
2015-10-08 13:51:08 -07:00
Jess Frazelle
4c55464dd3 Merge pull request #13777 from cpuguy83/graphdriver_extpoints
Create extpoint for graphdrivers
2015-10-08 13:46:42 -07:00
Vincent Demeester
991589d518 Merge pull request #16781 from brahmaroutu/pkg_integration_timeout
timeouts causing tests to fail differently. GCCGO CI.
2015-10-08 22:02:22 +02:00
Jess Frazelle
5bde858db5 Merge pull request #16581 from fgimenez/11584-stdcopy-test-coverage
Added test coverage to StdCopy closes #11584
2015-10-08 12:53:25 -07:00
Srini Brahmaroutu
ffe32ac371 Timeouts are causing tests to fail differently. GCCGO CI.
Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
2015-10-08 15:14:56 +00:00
Daniel Hiltgen
124792a871 Add TLS support for discovery backend
This leverages recent additions to libkv enabling client
authentication via TLS so the discovery back-end can be locked
down with mutual TLS.  Example usage:

    docker daemon [other args] \
        --cluster-advertise 192.168.122.168:2376 \
        --cluster-store etcd://192.168.122.168:2379 \
        --cluster-store-opt kv.cacertfile=/path/to/ca.pem \
        --cluster-store-opt kv.certfile=/path/to/cert.pem \
        --cluster-store-opt kv.keyfile=/path/to/key.pem

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2015-10-07 16:01:00 -07:00
Alexander Morozov
ce0457a2c9 Merge pull request #16818 from runcom/rmi-perf
graph: add parent img refcount for faster rmi
2015-10-07 10:45:49 -07:00
Antonio Murdaca
292a1564dc graph: add parent img refcount for faster rmi
also fix a typo in pkg/truncindex package comment

Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
2015-10-07 19:09:44 +02:00
Alexander Morozov
8cee301874 Merge pull request #16381 from rhvgoyal/deferred_deletion
devicemapper: Implement deferred deletion capability
2015-10-07 09:27:41 -07:00
Tibor Vass
2391233404 Move types from progressreader and broadcastwriter to broadcaster
progressreader.Broadcaster becomes broadcaster.Buffered and
broadcastwriter.Writer becomes broadcaster.Unbuffered.

The package broadcastwriter is thus renamed to broadcaster.

Signed-off-by: Tibor Vass <tibor@docker.com>
2015-10-06 22:20:07 -04:00
Brian Goff
2606a2e4d3 Merge pull request #16147 from tiborvass/refactor-builder
Refactor builder with new Go interfaces
2015-10-06 20:36:07 -04:00
Tibor Vass
e0ef11a4c2 Abstract builder and implement server-side dockerfile builder
This patch creates interfaces in builder/ for building Docker images.
It is a first step in a series of patches to remove the daemon
dependency on builder and later allow a client-side Dockerfile builder
as well as potential builder plugins.

It is needed because we cannot remove the /build API endpoint, so we
need to keep the server-side Dockerfile builder, but we also want to
reuse the same Dockerfile parser and evaluator for both server-side and
client-side.

builder/dockerfile/ and api/server/builder.go contain implementations
of those interfaces as a refactoring of the current code.

Signed-off-by: Tibor Vass <tibor@docker.com>
2015-10-06 19:10:19 -04:00
Vivek Goyal
d929589c1f devmapper: Implement deferred deletion functionality
Finally here is the patch to implement deferred deletion functionality.
Deferred deleted devices are marked as "Deleted" in device meta file. 

First we try to delete the device and only if deletion fails and user has
enabled deferred deletion, device is marked for deferred deletion.

When docker starts up again, we go through list of deleted devices and
try to delete these again.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2015-10-06 17:37:21 -04:00
Antonio Murdaca
7539013436 bump libcontainer to 902c012e85cdae6bb68d8c7a0df69a42f818ce96
Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
2015-10-06 17:55:09 +02:00
Vincent Demeester
fbd0cea90c Remove use of testify mock and testify vendored lib
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-10-05 08:43:34 +02:00
Doug Davis
49066f621e Merge pull request #16582 from vdemeester/16360-dockerCmd-raceytests
Fix TestDockerCmd*Timeout racey tests
2015-10-02 20:45:41 -04:00
Jess Frazelle
24e7907bb1 Merge pull request #16733 from MHBauer/perjury
remove testify asserts from pkg/discovery
2015-10-02 16:04:56 -07:00
Morgan Bauer
eb13311129
remove testify asserts from pkg/discovery
Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
2015-10-02 13:05:15 -07:00
Jess Frazelle
134fefbaa2 Merge pull request #16490 from Microsoft/10662-mtimefix
Fixed file modified time not changing on windows
2015-10-02 12:06:03 -07:00
Jess Frazelle
698e14902a Merge pull request #16159 from runcom/validate-cpuset-cpus
Validate --cpuset-cpus, --cpuset-mems
2015-10-02 11:30:46 -07:00
Jess Frazelle
bbac09a097 Merge pull request #16367 from Morgy93/names-generator
Added some adjectives and names
2015-10-02 11:29:09 -07:00
Jess Frazelle
aa2e3247cb Merge pull request #16470 from tonistiigi/fix-aufs-opq
Add basic support for .wh..wh..opq
2015-10-02 11:28:33 -07:00