Commit graph

455 commits

Author SHA1 Message Date
Sebastiaan van Stijn
bca161d7cb
runconfig/config_test.go: remove unused test-utilities
The tests using these functions were removed in e89b6e8c2d

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-18 12:57:11 +02:00
Rob Gulewich
072400fc4b Make cgroup namespaces configurable
This adds both a daemon-wide flag and a container creation property:
- Set the `CgroupnsMode: "host|private"` HostConfig property at
  container creation time to control what cgroup namespace the container
  is created in
- Set the `--default-cgroupns-mode=host|private` daemon flag to control
  what cgroup namespace containers are created in by default
- Set the default if the daemon flag is unset to "host", for backward
  compatibility
- Default to CgroupnsMode: "host" for client versions < 1.40

Signed-off-by: Rob Gulewich <rgulewich@netflix.com>
2019-05-07 10:22:16 -07:00
Kir Kolyshkin
9b0097a699 Format code with gofmt -s from go-1.11beta1
This should eliminate a bunch of new (go-1.11 related) validation
errors telling that the code is not formatted with `gofmt -s`.

No functional change, just whitespace (i.e.
`git show --ignore-space-change` shows nothing).

Patch generated with:

> git ls-files | grep -v ^vendor/ | grep .go$ | xargs gofmt -s -w

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-09-06 15:24:16 -07:00
Vincent Demeester
3845728524
Update tests to use gotest.tools 👼
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-06-13 09:04:30 +02:00
Daniel Nephin
6be0f70983 Automated migration using
gty-migrate-from-testify --ignore-build-tags

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-03-16 11:03:43 -04:00
Daniel Nephin
4f0d95fa6e Add canonical import comment
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-05 16:51:57 -05:00
Yong Tang
4785f1a7ab Remove solaris build tag and `contrib/mkimage/solaris
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-11-02 00:01:46 +00:00
Michael Crosby
5a9b5f10cf Remove solaris files
For obvious reasons that it is not really supported now.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-10-24 15:39:34 -04:00
Simon Ferquel
e89b6e8c2d Volume refactoring for LCOW
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2017-09-14 12:33:31 -07:00
Daniel Nephin
f7f101d57e Add gosimple linter
Update gometalinter

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-09-12 12:09:59 -04:00
Daniel Nephin
06ecc04167 Add decodeContainerConfig test removed from docker/cli
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-29 15:14:50 -04:00
Brian Goff
ebcb7d6b40 Remove string checking in API error handling
Use strongly typed errors to set HTTP status codes.
Error interfaces are defined in the api/errors package and errors
returned from controllers are checked against these interfaces.

Errors can be wraeped in a pkg/errors.Causer, as long as somewhere in the
line of causes one of the interfaces is implemented. The special error
interfaces take precedence over Causer, meaning if both Causer and one
of the new error interfaces are implemented, the Causer is not
traversed.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-08-15 16:01:11 -04:00
Kir Kolyshkin
7120976d74 Implement none, private, and shareable ipc modes
Since the commit d88fe447df ("Add support for sharing /dev/shm/ and
/dev/mqueue between containers") container's /dev/shm is mounted on the
host first, then bind-mounted inside the container. This is done that
way in order to be able to share this container's IPC namespace
(and the /dev/shm mount point) with another container.

Unfortunately, this functionality breaks container checkpoint/restore
(even if IPC is not shared). Since /dev/shm is an external mount, its
contents is not saved by `criu checkpoint`, and so upon restore any
application that tries to access data under /dev/shm is severily
disappointed (which usually results in a fatal crash).

This commit solves the issue by introducing new IPC modes for containers
(in addition to 'host' and 'container:ID'). The new modes are:

 - 'shareable':	enables sharing this container's IPC with others
		(this used to be the implicit default);

 - 'private':	disables sharing this container's IPC.

In 'private' mode, container's /dev/shm is truly mounted inside the
container, without any bind-mounting from the host, which solves the
issue.

While at it, let's also implement 'none' mode. The motivation, as
eloquently put by Justin Cormack, is:

> I wondered a while back about having a none shm mode, as currently it is
> not possible to have a totally unwriteable container as there is always
> a /dev/shm writeable mount. It is a bit of a niche case (and clearly
> should never be allowed to be daemon default) but it would be trivial to
> add now so maybe we should...

...so here's yet yet another mode:

 - 'none':	no /dev/shm mount inside the container (though it still
		has its own private IPC namespace).

Now, to ultimately solve the abovementioned checkpoint/restore issue, we'd
need to make 'private' the default mode, but unfortunately it breaks the
backward compatibility. So, let's make the default container IPC mode
per-daemon configurable (with the built-in default set to 'shareable'
for now). The default can be changed either via a daemon CLI option
(--default-shm-mode) or a daemon.json configuration file parameter
of the same name.

Note one can only set either 'shareable' or 'private' IPC modes as a
daemon default (i.e. in this context 'host', 'container', or 'none'
do not make much sense).

Some other changes this patch introduces are:

1. A mount for /dev/shm is added to default OCI Linux spec.

2. IpcMode.Valid() is simplified to remove duplicated code that parsed
   'container:ID' form. Note the old version used to check that ID does
   not contain a semicolon -- this is no longer the case (tests are
   modified accordingly). The motivation is we should either do a
   proper check for container ID validity, or don't check it at all
   (since it is checked in other places anyway). I chose the latter.

3. IpcMode.Container() is modified to not return container ID if the
   mode value does not start with "container:", unifying the check to
   be the same as in IpcMode.IsContainer().

3. IPC mode unit tests (runconfig/hostconfig_test.go) are modified
   to add checks for newly added values.

[v2: addressed review at https://github.com/moby/moby/pull/34087#pullrequestreview-51345997]
[v3: addressed review at https://github.com/moby/moby/pull/34087#pullrequestreview-53902833]
[v4: addressed the case of upgrading from older daemon, in this case
     container.HostConfig.IpcMode is unset and this is valid]
[v5: document old and new IpcMode values in api/swagger.yaml]
[v6: add the 'none' mode, changelog entry to docs/api/version-history.md]

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2017-08-14 10:50:39 +03:00
Josh Soref
6284cf5e9a
gofmt: 5 files
gofmt from go1.8.3

hg locate '*.go' |xargs ~/go/bin/gofmt -s -w

Signed-off-by: Josh Soref <jsoref@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-07-03 10:32:47 -07:00
Vincent Demeester
b0226a890f
Remove some more opts from runconfig (not used anymore)
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-03 15:07:33 -07:00
Stanislav Bondarenko
92291a7355 Stop referring CLI flags in error messages if API client is unknown
Signed-off-by: Stanislav Bondarenko <stanislav.bondarenko@gmail.com>
2017-05-22 18:50:49 -04:00
John Howard
6f7dc65847 Windows: Block read-only
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-05-08 09:29:37 -07:00
Alessandro Boch
d59d19c328 Allow user to modify ingress network
Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-03-26 15:46:18 -07:00
liker12134
2333b39b37 fixed:go vetting warning unkeyed fields
Signed-off-by: Aaron.L.Xu <liker.xu@foxmail.com>
2017-03-20 16:30:01 +08:00
John Howard (VM)
4af3389d43 Windows: Balk on --privileged
Signed-off-by: John Howard (VM) <jhoward@ntdev.microsoft.com>
2017-03-13 08:56:17 -07:00
Madhan Raj Mookkandy
040afcce8f (*) Support --net:container:<containername/id> for windows
(*) (vdemeester) Removed duplicate code across Windows and Unix wrt Net:Containers
(*) Return unsupported error for network sharing for hyperv isolation containers

Signed-off-by: Madhan Raj Mookkandy <MadhanRaj.Mookkandy@microsoft.com>
2017-02-28 20:03:43 -08:00
Brian Goff
7917a36cc7 Fix some data races
After running the test suite with the race detector enabled I found
these gems that need to be fixed.
This is just round one, sadly lost my test results after I built the
binary to test this... (whoops)

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-02-01 14:43:58 -05:00
Alexander Morozov
df5d909ac9 Merge pull request #29851 from vdemeester/daemon-extract-image-cache
Extract the daemon image cache to its own package
2017-01-26 10:50:35 -08:00
lixiaobing10051267
58da4c1bab fix some typos in runconfig\opts\envfile_test.go
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
2017-01-09 11:14:18 +08:00
Vincent Demeester
be1df1ee13
Extract the daemon image cache to its own package
ImageCache is now independent of `Daemon` and is located in
`image/cache` package.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-03 19:19:27 +01:00
Vincent Demeester
c424be21b7
Clean some stuff from runconfig that are cli only…
… or could be in `opts` package. Having `runconfig/opts` and `opts`
doesn't really make sense and make it difficult to know where to put
some code.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-12-24 13:16:00 +01:00
unclejack
2c187a24e0 return directly without ifs in remaining packages
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
2016-12-14 23:28:27 +02:00
Brian Goff
b00f1c8623 Merge pull request #28976 from miaoyq/remove-a-redundant-func-and-fix-some-typos
Remove a redundant funtion and fix some typos
2016-12-09 08:44:05 -05:00
yuexiao-wang
11454e1c97 Fix a bit typos
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2016-12-09 03:05:11 +08:00
Doug Davis
cdb8ea90b0 Fix processing of unset build-args during build
This reverts 26103.  26103 was trying to make it so that if someone did:
  docker build --build-arg FOO .
and FOO wasn't set as an env var then it would pick-up FOO from the
Dockerfile's ARG cmd.  However, it went too far and removed the ability
to specify a build arg w/o any value. Meaning it required the --build-arg
param to always be in the form "name=value", and not just "name".

This PR does the right fix - it allows just "name" and it'll grab the value
from the env vars if set. If "name" isn't set in the env then it still needs
to send "name" to the server so that a warning can be printed about an
unused --build-arg. And this is why buildArgs in the options is now a
*string instead of just a string - 'nil' == mentioned but no value.

Closes #29084

Signed-off-by: Doug Davis <dug@us.ibm.com>
2016-12-07 07:41:55 -08:00
lixiaobing10051267
b3e5137856 check testing code for runconfig and volume
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
2016-12-01 17:07:38 +08:00
Yanqiang Miao
219a38e3db Remove a redundant funtion and fix some typos
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
2016-11-30 15:16:07 +08:00
Akihiro Suda
e6d9b7de64 cli: remove --mount from docker run
This commit reverts 273eeb813c (#26825).
For the discussion so far, please refer to #28527.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2016-11-26 04:55:28 +00:00
John Howard
f93c04d1ed Merge pull request #28667 from Microsoft/jjh/env-case-sensitive
Windows: Case insensitive env vars
2016-11-23 14:40:16 -08:00
John Howard
b2049a84de Windows: Case insensitive env vars
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-11-23 12:57:33 -08:00
yupeng
fc11efa2db error strings should not be capitalized or end with punctuation
Signed-off-by: yupeng <yu.peng36@zte.com.cn>
2016-11-22 14:53:11 +08:00
Justin Cormack
4549e9104c Merge pull request #28440 from cpuguy83/20740_fix_tmpfs_parsing_on_client
Don't validate platform-dep tmpfs opts on client
2016-11-16 12:04:14 +00:00
Brian Goff
b9b8d8b364 Don't validate platform-dep tmpfs opts on client
Daemon still does validation and errors out on incorrect options.

Fixes an issue where non-Linux clients attempting to pass tmpfs options
on `docker run` to a Linux daemon will incorrectly error out.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-11-15 11:01:40 -05:00
Brian Goff
5ea75bb6bf Move StreamConfig out of runconfig
`StreamConfig` carries with it a dep on libcontainerd, which is used by
other projects, but libcontainerd doesn't compile on all platforms, so
move it to `github.com/docker/docker/container/stream`

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-11-14 15:15:09 -05:00
Yong Tang
9b6b3c2076 Add --dns-option to docker run and hide --dns-opt
This fix is a follow up to #27567 based on:
https://github.com/docker/docker/pull/27567#issuecomment-259295055

In #27567, `--dns-options` has been added to `service create/update`,
together with `--dns` and `--dns-search`. The `--dns-opt` was used
in `docker run`.

This fix add `--dns-option` (not `--dns-options`) to `docker run/create`, and hide
`--dns-opt`. It is still possible to use `--dns-opt` with
`docker run/create`, though it will not show up in help output.

This fix change `--dns-options`to --dns-option` for `docker service create`
and `docker service update`.

This fix also updates the docs and bash/zsh completion scripts.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-09 12:13:25 -08:00
Vincent Demeester
4f7083a04f Merge pull request #27947 from milindchawre/fix_27798
Fixes #27798 : Update help for --blkio-weight parameter
2016-11-09 15:35:38 +01:00
milindchawre
ecb59a2283 Fixes #24083 : Improving cli help for flags with duration option
Signed-off-by: milindchawre <milindchawre@gmail.com>
2016-11-09 12:17:28 +00:00
Vincent Demeester
c025049c27 Merge pull request #28098 from yongtang/25099-oom_score_adj-empty-env
Fix `/proc/<pid>/oom_score_adj: invalid argument` error caused by empty env name
2016-11-09 10:39:18 +01:00
Victor Vieux
e98e4a7111 always add but hide experimental cmds and flags
Signed-off-by: Victor Vieux <vieux@docker.com>

update cobra and use Tags

Signed-off-by: Victor Vieux <vieux@docker.com>

allow client to talk to an older server

Signed-off-by: Victor Vieux <vieux@docker.com>
2016-11-08 04:55:27 -08:00
Amit Krishnan
934328d8ea Add functional support for Docker sub commands on Solaris
Signed-off-by: Amit Krishnan <krish.amit@gmail.com>

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-11-07 09:06:34 -08:00
Yong Tang
818d55c34b Fix /proc/<pid>/oom_score_adj: invalid argument error caused by empty env name
This fix is part of the fix for issue 25099. In 25099, if an env
has a empty name, then `docker run` will throw out an error:
```
ubuntu@ubuntu:~/docker$ docker run -e =A busybox true
docker: Error response from daemon: invalid header field value "oci runtime error:
container_linux.go:247: starting container process caused \"process_linux.go:295:
setting oom score for ready process caused \\\"write /proc/83582/oom_score_adj:
invalid argument\\\"\"\n".
```

This fix validates the Env in the container spec before it is sent
to containerd/runc.

Integration tests have been created to cover the changes.

This fix is part of fix for 25099 (not complete yet, non-utf case
may require a fix in `runc`).
This fix is related to 25300.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-07 08:15:26 -08:00
Darren Stahl
4e15420b9b Windows: Add cpu count option
Signed-off-by: Darren Stahl <darst@microsoft.com>
2016-11-04 13:38:50 -07:00
Yong Tang
846baf1fd3 Add --cpus flag to control cpu resources
This fix tries to address the proposal raised in 27921 and add
`--cpus` flag for `docker run/create`.

Basically, `--cpus` will allow user to specify a number (possibly partial)
about how many CPUs the container will use. For example, on a 2-CPU system
`--cpus 1.5` means the container will take 75% (1.5/2) of the CPU share.

This fix adds a `NanoCPUs` field to `HostConfig` since swarmkit alreay
have a concept of NanoCPUs for tasks. The `--cpus` flag will translate
the number into reused `NanoCPUs` to be consistent.

This fix adds integration tests to cover the changes.

Related docs (`docker run` and Remote APIs) have been updated.

This fix fixes 27921.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-04 09:43:10 -07:00
Akihiro Suda
273eeb813c cli: add --mount to docker run
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2016-11-03 07:08:59 +00:00
milindchawre
51012aa0af Fixes #27798 : Update help for --blkio-weight parameter
Signed-off-by: milindchawre <milindchawre@gmail.com>
2016-11-03 06:42:15 +00:00