Commit graph

29547 commits

Author SHA1 Message Date
Victor Vieux
54f71fd84a bump version to 1.13.1-rc2
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-06 15:04:17 -08:00
Stephen J Day
516792001a cluster/executor: check mounts at start
While it is important to not create controllers for an invalid task,
certain properties should only be checked immediately before use. Early
host validation of mounts prevents resolution of the task Executor when
the mounts are not relevant to execution flow. In this case, we have a
check for the existence of a bind mount path in a creation function that
prevents a task controller from being resolved. Such early validation
prevents one from interacting directly with a controller and result in
unnecessary error reporting.

In accordance with the above, we move the validation of the existence of
host bind mount paths to the `Controller.Start` phase. We also call
these "checks", as they are valid mounts but reference non-existent
paths.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit 92899ffac8)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-06 15:02:23 -08:00
Andrew Hsu
14deb7d32c remove musl-dev in man/Dockerfile.armhf
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
(cherry picked from commit 1c7a66eda7)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-06 14:49:22 -08:00
Andrew Hsu
26ec0e71d1 use precompiled go from google, needs debian to work
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
(cherry picked from commit a6886bfc52)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-06 14:49:16 -08:00
Andrew Hsu
5f696e6d48 from golang:1.7.5-alpine for docker-manpage-dev
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
(cherry picked from commit 7b52ec5f10)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-06 14:49:09 -08:00
Tibor Vass
0406faf887 Show stacktrace in daemon logs only if 500 internal error
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit f7d9bb6248)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-06 13:02:39 -08:00
Victor Vieux
f6bf85f99c Merge pull request #30730 from dmcgowan/update-go-connections-1.13
[1.13] Update go connections 1.13
2017-02-03 20:53:35 -08:00
Victor Vieux
0220459168 Merge pull request #30728 from cpuguy83/plugin_upgrade_1.13
[1.13] Add plugin upgrade
2017-02-03 20:53:23 -08:00
Derek McGowan
b47fa5a5d1
Update go-connections package
fixes #30450

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2017-02-03 16:51:49 -08:00
Brian Goff
1a17bc6bc4 Make propagated mount persist outside rootfs
This persists the "propagated mount" for plugins outside the main
rootfs. This enables `docker plugin upgrade` to not remove potentially
important data during upgrade rather than forcing plugin authors to hard
code a host path to persist data to.

Also migrates old plugins that have a propagated mount which is in the
rootfs on daemon startup.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit e8307b868d)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-02-03 19:15:23 -05:00
Brian Goff
96b0320d5c Add docker plugin upgrade
This allows a plugin to be upgraded without requiring to
uninstall/reinstall a plugin.
Since plugin resources (e.g. volumes) are tied to a plugin ID, this is
important to ensure resources aren't lost.

The plugin must be disabled while upgrading (errors out if enabled).
This does not add any convenience flags for automatically
disabling/re-enabling the plugin during before/after upgrade.

Since an upgrade may change requested permissions, the user is required
to accept permissions just like `docker plugin install`.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 03c6949739)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-02-03 19:14:56 -05:00
Yong Tang
905cf26b43 Fix misleading default for --replicas
This fix tries to address the issue raised in 29291 where
the output of `--replicas` in `service create/update`:
```
      --replicas uint                    Number of tasks (default none)
```
is misleading. User might incorrectly assume the number of replicas
would be `0` (`none`) by default, while the actual default is `1`.

The issue comes from the fact that some of the default values are
from daemon and it is not possible for client to find out the default
value.

In this case, it might be better to just simply not displaying `(default none)`.

This fix returns "" for `Uint64Opt` so that `(default none)` is hidden.

In addition to `--replicas`, this fix also changes
`--restart-delay`, `--restart-max-attempts`, `--stop-grace-period`,
`--health-interval`, `--health-timeout`, and `--restart-window`
in a similiar fashion.

New Output:
```
      --health-interval duration         Time between running the check (ns|us|ms|s|m|h)
      --health-timeout duration          Maximum time to allow one check to run (ns|us|ms|s|m|h)
...
      --replicas uint                    Number of tasks
...
      --restart-delay duration           Delay between restart attempts (ns|us|ms|s|m|h)
      --restart-max-attempts uint        Maximum number of restarts before giving up
      --restart-window duration          Window used to evaluate the restart policy (ns|us|ms|s|m|h)
...
      --stop-grace-period duration       Time to wait before force killing a container (ns|us|ms|s|m|h)
```

The docs has been updated. Note the docs for help output of `service create/update`
is out of sync with the current master. This fix replace with the update-to-date
help output.

This fix fixes 29291.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit acc93db32b)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-03 00:48:59 -08:00
John Howard
202df64a3b Windows: Unify workdir handling
Signed-off-by: John Howard <jhoward@microsoft.com>

Working directory processing was handled differently for Hyper-V and Windows-Server containers, as annotated in the builder documentation (updated in this PR). For Hyper-V containers, the working directory set by WORKDIR was not created. This PR makes Hyper-V containers work the same as Windows Server containers (and the same as Linux).

Example (only applies to Hyper-V containers, so not reproducible under CI environment)
Dockerfile:
FROM microsoft/nanoserver
WORKDIR c:\installer
ENV GOROOT=c:\installer
ADD go.exe .
RUN go --help
Running on Windows Server 2016, using docker master without this change, but with daemon set to --exec-opt isolation=hyperv as it would be for Client operating systems.
PS E:\go\src\github.com\docker\docker> dockerd -g c:\control --exec-opt isolation=hyperv
time="2017-02-01T15:48:09.657286100-08:00" level=info msg="Windows default isolation mode: hyperv"
time="2017-02-01T15:48:09.662720900-08:00" level=info msg="[graphdriver] using prior storage driver: windowsfilter"
time="2017-02-01T15:48:10.011588000-08:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
time="2017-02-01T15:48:10.016655800-08:00" level=info msg="Loading containers: start."
time="2017-02-01T15:48:10.460820000-08:00" level=info msg="Loading containers: done."
time="2017-02-01T15:48:10.509859600-08:00" level=info msg="Daemon has completed initialization"
time="2017-02-01T15:48:10.509859600-08:00" level=info msg="Docker daemon" commit=3c64061 graphdriver=windowsfilter version=1.14.0-dev
First with no explicit isolation:
PS E:\docker\build\unifyworkdir> docker build --no-cache .
Sending build context to Docker daemon  10.1 MB
Step 1/5 : FROM microsoft/nanoserver
 ---> 89b8556cb9ca
Step 2/5 : WORKDIR c:\installer
 ---> 7e0f41d08204
Removing intermediate container 236c7802042a
Step 3/5 : ENV GOROOT c:\installer
 ---> Running in 8ea5237183c1
 ---> 394b70435261
Removing intermediate container 8ea5237183c1
Step 4/5 : ADD go.exe .
 ---> e47401a1745c
Removing intermediate container 88dcc28e74b1
Step 5/5 : RUN go --help
 ---> Running in efe90e1b6b8b
container efe90e1b6b8b76586abc5c1dc0e2797b75adc26517c48733d90651e767c8463b encountered an error during CreateProcess: failure in a Windows system call: The directory name is invalid. (0x10b) extra info: {"ApplicationName":"","CommandLine":"cmd /S /C go --help","User":"","WorkingDirectory":"C:\\installer","Environment":{"GOROOT":"c:\\installer"},"EmulateConsole":false,"CreateStdInPipe":true,"CreateStdOutPipe":true,"CreateStdErrPipe":true,"ConsoleSize":[0,0]}
PS E:\docker\build\unifyworkdir>
Then forcing process isolation:
PS E:\docker\build\unifyworkdir> docker build --isolation=process --no-cache .
Sending build context to Docker daemon  10.1 MB
Step 1/5 : FROM microsoft/nanoserver
 ---> 89b8556cb9ca
Step 2/5 : WORKDIR c:\installer
 ---> 350c955980c8
Removing intermediate container 8339c1e9250c
Step 3/5 : ENV GOROOT c:\installer
 ---> Running in bde511c5e3e0
 ---> b8820063b5b6
Removing intermediate container bde511c5e3e0
Step 4/5 : ADD go.exe .
 ---> e4ac32f8902b
Removing intermediate container d586e8492eda
Step 5/5 : RUN go --help
 ---> Running in 9e1aa235af5f
Cannot mkdir: C:\installer is not a directory
PS E:\docker\build\unifyworkdir>
Now compare the same results after this PR. Again, first with no explicit isolation (defaulting to Hyper-V containers as that's what the daemon it set to) - note it now succeeds 😄
PS E:\docker\build\unifyworkdir> docker build --no-cache .
Sending build context to Docker daemon  10.1 MB
Step 1/5 : FROM microsoft/nanoserver
 ---> 89b8556cb9ca
Step 2/5 : WORKDIR c:\installer
 ---> 4f319f301c69
Removing intermediate container 61b9c0b1ff6f
Step 3/5 : ENV GOROOT c:\installer
 ---> Running in c464a1d612d8
 ---> 96a26ab9a7b5
Removing intermediate container c464a1d612d8
Step 4/5 : ADD go.exe .
 ---> 0290d61faf57
Removing intermediate container dc5a085fffe3
Step 5/5 : RUN go --help
 ---> Running in 60bd56042ff8
Go is a tool for managing Go source code.

Usage:

        go command [arguments]

The commands are:

        build       compile packages and dependencies
        clean       remove object files
        doc         show documentation for package or symbol
        env         print Go environment information
        fix         run go tool fix on packages
        fmt         run gofmt on package sources
        generate    generate Go files by processing source
        get         download and install packages and dependencies
        install     compile and install packages and dependencies
        list        list packages
        run         compile and run Go program
        test        test packages
        tool        run specified go tool
        version     print Go version
        vet         run go tool vet on packages

Use "go help [command]" for more information about a command.

Additional help topics:

        c           calling between Go and C
        buildmode   description of build modes
        filetype    file types
        gopath      GOPATH environment variable
        environment environment variables
        importpath  import path syntax
        packages    description of package lists
        testflag    description of testing flags
        testfunc    description of testing functions

Use "go help [topic]" for more information about that topic.

The command 'cmd /S /C go --help' returned a non-zero code: 2
And the same with forcing process isolation. Also works 😄
PS E:\docker\build\unifyworkdir> docker build --isolation=process --no-cache .
Sending build context to Docker daemon  10.1 MB
Step 1/5 : FROM microsoft/nanoserver
 ---> 89b8556cb9ca
Step 2/5 : WORKDIR c:\installer
 ---> f423b9cc3e78
Removing intermediate container 41330c88893d
Step 3/5 : ENV GOROOT c:\installer
 ---> Running in 0b99a2d7bf19
 ---> e051144bf8ec
Removing intermediate container 0b99a2d7bf19
Step 4/5 : ADD go.exe .
 ---> 7072e32b7c37
Removing intermediate container a7a97aa37fd1
Step 5/5 : RUN go --help
 ---> Running in 7097438a54e5
Go is a tool for managing Go source code.

Usage:

        go command [arguments]

The commands are:

        build       compile packages and dependencies
        clean       remove object files
        doc         show documentation for package or symbol
        env         print Go environment information
        fix         run go tool fix on packages
        fmt         run gofmt on package sources
        generate    generate Go files by processing source
        get         download and install packages and dependencies
        install     compile and install packages and dependencies
        list        list packages
        run         compile and run Go program
        test        test packages
        tool        run specified go tool
        version     print Go version
        vet         run go tool vet on packages

Use "go help [command]" for more information about a command.

Additional help topics:

        c           calling between Go and C
        buildmode   description of build modes
        filetype    file types
        gopath      GOPATH environment variable
        environment environment variables
        importpath  import path syntax
        packages    description of package lists
        testflag    description of testing flags
        testfunc    description of testing functions

Use "go help [topic]" for more information about that topic.

The command 'cmd /S /C go --help' returned a non-zero code: 2
PS E:\docker\build\unifyworkdir>

(cherry picked from commit f42033ba94)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-03 00:40:46 -08:00
Madhu Venugopal
f709fd4e5b Merge pull request #30692 from aboch/c1.13.x
[1.13.x] Vendoring libnetwork @45b4086 for 1.13.x
2017-02-02 18:32:09 -08:00
Alessandro Boch
17e6f81948 Revert "Fix IT case for network name validation"
This reverts commit 9cebccfb95.

Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-02-02 15:32:59 -08:00
Alessandro Boch
778f9a86c4 Vendoring libnetwork @45b4086 for 1.13.x
Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-02-02 12:58:16 -08:00
Vincent Demeester
fbc84e24aa Merge pull request #30646 from vieux/1.13.1-rc2-cherrypicks-2
1.13.1 rc2 cherrypicks 2
2017-02-02 11:31:19 +01:00
Sebastiaan van Stijn
553d56d456 install dirmngr if needed
as of Ubuntu Yakkety, dirmngr is now in a separate
package (see https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1634464)

this patch updates the install script to install
the dirmngr package if it's not installed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f5263c8074)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-01 17:26:26 -08:00
Victor Vieux
6e2e808146 Merge pull request #30650 from aluzzardi/1.13.x-swarmkit-bump
[1.13.x] Re-vendor swarmkit to 1c7f003d75f091d5f7051ed982594420e4515f77
2017-02-01 15:54:56 -08:00
Victor Vieux
2556b7a70a Merge pull request #30649 from thaJeztah/1.13-bump-runc
[1.13.x] bump RunC / libcontainer to fix SELinux regression
2017-02-01 15:13:49 -08:00
Andrea Luzzardi
14153795ba Re-vendor swarmkit to 1c7f003d75f091d5f7051ed982594420e4515f77
Includes docker/swarmkit#1914

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2017-02-01 13:23:39 -08:00
Harald Albers
ec0e3fe4e2 Add bash completion for docker checkpoint
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 926fa56c0d)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-01 12:35:00 -08:00
Sebastiaan van Stijn
d00e249c26
[1.13.x] bump RunC / libcontainer to fix SELinux regression
This bumps RunC and libcontainer to fix a regression
in 1.13 that caused SELinux labels to not be
applied correctly.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-02-01 12:27:00 -08:00
Tibor Vass
68f9fb9fd7 plugin: use pkg/errors in more places
Also provide stack trace output in daemon logs.

Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 26d0bac895)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-01 12:00:30 -08:00
John Howard
7b15b4a9b2 Revendor Microsoft/go-winio v0.3.8
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit da6739c99f)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-01 12:00:11 -08:00
Christopher Jones
5e859cf3c1 Update systemd drop-in link
Right now it redirects, so change it to the correct one.

Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
(cherry picked from commit 7c763b360a)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-02-01 11:59:06 -08:00
Victor Vieux
96b87362e6 Merge pull request #30610 from mlaventure/update-containerd-1.13.x
[1.13.x] Update containerd to version aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1
2017-01-31 17:56:51 -08:00
Victor Vieux
baf9288b78 Merge pull request #30574 from vieux/1.13.1-rc2-cherry
1.13.1-rc2 cherry-picks
2017-01-31 17:32:19 -08:00
Kenfe-Mickael Laventure
0311ed7b1c Update containerd to version aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2017-01-31 15:01:55 -08:00
allencloud
c74f17e91e add 400 status code for build api
Signed-off-by: allencloud <allen.sun@daocloud.io>
(cherry picked from commit c81a818b56)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-01-31 12:57:29 -08:00
unclejack
64856b7a24 Dockerfile*: bump Go to 1.7.5
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
(cherry picked from commit b6e2703230)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-01-31 12:57:29 -08:00
Anusha Ragunathan
c7f27f8c07 Add docs for service create based on plugins.
Signed-off-by: Anusha Ragunathan <anusha.ragunathan@docker.com>
(cherry picked from commit 62d399e811)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-01-31 12:55:45 -08:00
Joffrey F
171745b261 Fix typo in swagger.yaml for NetworkPrune operation
Signed-off-by: Joffrey F <joffrey@docker.com>
(cherry picked from commit 20c5fa3758)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-01-31 12:55:19 -08:00
Harald Albers
73b9bdc6cb Add bash completion for docker service logs
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 105231556a)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-01-31 12:54:57 -08:00
Felix Abecassis
10d999d7ab install: map debian_version 9.X to debian stretch
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
(cherry picked from commit ac3d74b0b4)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2017-01-31 12:54:34 -08:00
Alexander Morozov
ee1b5c5944 Merge pull request #30579 from yongtang/1.13.x
[1.13.x] Cherry-pick SwarmKit update to 0af40501a9cc98cd3e9425d2e4246dd3eff5526e
2017-01-31 12:31:15 -08:00
Victor Vieux
c4d731c24c Merge pull request #30577 from justincormack/arm-seccomp-1.13
[1.13.x] Add two arm specific syscalls to seccomp profile
2017-01-30 17:15:27 -08:00
Yong Tang
1e0179589d [1.13.x] Cherry-pick SwarmKit update to 0af40501a9cc98cd3e9425d2e4246dd3eff5526e
This fix cherry-pick SwarmKit update to 0af40501a9cc98cd3e9425d2e4246dd3eff5526e
for branch 1.13.x. The following has been added:
- [docker/swarmkit#1909]: raft: Disable address change detection
- [docker/swarmkit#1910]: Fix issue in service update of published ports in host mode

This fix fixes #30199 in docker.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-01-30 15:22:48 -08:00
Justin Cormack
c1c5d30ee4 [1.13.x] Add two arm specific syscalls to seccomp profile
cherry pick #30545

These are arm variants with different argument ordering because of
register alignment requirements.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-01-30 23:01:28 +00:00
Victor Vieux
2527cfcc49 Merge pull request #30515 from vieux/1.13.1-rc1-changelog
bump to 1.13.1-rc1
2017-01-27 13:10:39 -08:00
Victor Vieux
de6c83de28 Merge pull request #30494 from vieux/cherry-pick-secrets-compose
[1.13.x] cherry-pick secrets to compose
2017-01-27 13:10:31 -08:00
Victor Vieux
e84317c735 bump to 1.13.1-rc1
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-27 11:46:09 -08:00
allencloud
e25c046488 update incorrect url in docs
Signed-off-by: allencloud <allen.sun@daocloud.io>
(cherry picked from commit 5ae95d6245)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-27 11:32:10 -08:00
Sebastiaan van Stijn
749f8bfee8 document DOCKER_HIDE_LEGACY_COMMANDS env-var
The `DOCKER_HIDE_LEGACY_COMMANDS` environment
variable was added in a7c8bcac2b
but not documented.

This adds the variable to the documentation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2ef82fd237)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-27 11:31:55 -08:00
Lars-Magnus Skog
bdc5b347f5 update api docs on Placement.Constraints for services
Signed-off-by: Lars-Magnus Skog <ralphtheninja@riseup.net>
(cherry picked from commit 9c98bffc2b)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-27 11:31:34 -08:00
Janonymous
370e8f25d2 Fix json format of plugin
Signed-off-by: Janonymous <janonymous.codevulture@gmail.com>
(cherry picked from commit 2d24dbe896)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-27 11:31:20 -08:00
Harald Albers
e0c79df37d Add [OPTIONS] to usage of plugin disable|push
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit aad095f573)
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-27 11:30:37 -08:00
Victor Vieux
e3441eb64c Merge pull request #30513 from mstanleyjones/1.13.x
Cherry-pick #30478 to 1.13.x
2017-01-27 11:10:08 -08:00
Victor Vieux
8d0198c59d fix cherry-pick
Signed-off-by: Victor Vieux <vieux@docker.com>
2017-01-27 11:09:43 -08:00
Misty Stanley-Jones
ed7aea3533 Merge pull request #30478 from mstanleyjones/fix_broken_links
Fix broken relative links in old API docs
(cherry picked from commit 05d4c1314e)

Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2017-01-27 09:48:48 -08:00