Commit graph

3688 commits

Author SHA1 Message Date
Bjorn Neergaard
8c301fa933
Merge pull request #45915 from akerouanton/create-overlay-on-non-manager
libnet: Return proper error when overlay network can't be created
2023-07-11 10:13:08 -06:00
Albin Kerouanton
d29240d9eb
libnet: Return a 403 when overlay network isn't allowed
With this change, the API will now return a 403 instead of a 500 when
trying to create an overlay network on a non-manager node.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-07-11 12:41:24 +02:00
Sebastiaan van Stijn
c90229ed9a
api/types: move system info types to api/types/system
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 13:01:36 +02:00
Bjorn Neergaard
e4c866f387
Merge pull request #40894 from cpuguy83/health_start_interval
Add health start interval
2023-07-05 19:47:41 -06:00
Brian Goff
2216d3ca8d Add health start interval
This adds an additional interval to be used by healthchecks during the
start period.
Typically when a container is just starting you want to check if it is
ready more quickly than a typical healthcheck might run. Without this
users have to balance between running healthchecks to frequently vs
taking a very long time to mark a container as healthy for the first
time.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-05 23:44:17 +00:00
Bjorn Neergaard
e77f9d2327
Merge pull request #45877 from thaJeztah/imports_and_vars
fix some minor linting issues
2023-07-05 15:54:57 -06:00
Sebastiaan van Stijn
a1c9a686b0
api: use singleflight for /info endpoint
Prevent potential suggestion when many concurrent requests happen on
the /info endpoint. It's worth noting that with this change,
requests to the endpoint while another request is still in flight
will share the results, hence might be slightly incorrect (for example,
the output includes SystemTime, which may now be incorrect).

Assuming that under normal circumstances, requests will still
happen fast enough to not be shared, this may not be a problem,
but we could decide to update specific fields to not be shared.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-04 12:22:32 +02:00
Sebastiaan van Stijn
8ea78b34ab
rename some variables that shadowed imports or package types
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-03 23:49:57 +02:00
Sebastiaan van Stijn
9f4acceb6a
remove redundant alias for libnetwork/datastore imports
These aliases were not needed, and only used in a couple of places,
which made it inconsistent, so let's use the import without aliasing.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-03 23:47:40 +02:00
Sebastiaan van Stijn
94c975e25a
api: info: don't use ad-hoc type for compatibility with old api versions
- Add the field as a "deprecated" field in the API type.
- Don't error when failing to parse the options, but produce a warning
  instead, because the client won't be able to fix issues in the daemon
  configuration. This was unlikely to happen, as the daemon probably
  would fail to start with an invalid config, but just in case.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-03 13:45:12 +02:00
Sebastiaan van Stijn
42690b6d57
Merge pull request #45866 from thaJeztah/api_remove_deprecated_swarm
docs: api: remove outdated information from ServerVersion
2023-07-02 21:56:55 +02:00
Sebastiaan van Stijn
3e4c9d90cf
Merge pull request #43897 from milas/docs-plugin-disable-force
api: swagger: add missing "force" query arg on plugin disable
2023-07-02 12:53:39 +02:00
Sebastiaan van Stijn
92f1ddaf0a
api: remove outdated information from ServerVersion
This field's documentation was still referring to the Swarm V1 API, which
is deprecated, and the link redirects to SwarmKit.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-02 12:33:20 +02:00
Sebastiaan van Stijn
3c905d0db9
api: remove "ClusterStore" and "ClusterAdvertise" fields
The `ClusterStore` and `ClusterAdvertise` fields were deprecated in commit
616e64b42f (and would no longer be included in
the `/info` API response), and were fully removed in 24.0.0 through commit
68bf777ece

This patch removes the fields from the swagger file.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-01 16:34:46 +02:00
Sebastiaan van Stijn
3146ecbae6
api/types: format code with gofumpt
Formatting the code with https://github.com/mvdan/gofumpt

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-29 00:25:21 +02:00
Sebastiaan van Stijn
6592646632
api/server: format code with gofumpt
Formatting the code with https://github.com/mvdan/gofumpt

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-29 00:25:20 +02:00
Brian Goff
74da6a6363 Switch all logging to use containerd log pkg
This unifies our logging and allows us to propagate logging and trace
contexts together.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-06-24 00:23:44 +00:00
Sebastiaan van Stijn
404160ad87
Merge pull request #45579 from tonistiigi/otlp-traces-for-history
builder-next: enable OTLP tracing for history records
2023-06-21 01:05:49 +02:00
Tonis Tiigi
cfa08f8366
builder-next: enable OTLP tracing for history records
This enables picking up OTLP tracing context for the gRPC
requests.

Also sets up the in-memory recorder that BuildKit History API
can use to store the traces associated with specific build
in a database after build completes.

This doesn't enable Jaeger tracing endpoints from env
but this can be easily enabled by adding another import if
maintainers want it.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2023-06-15 18:40:24 -07:00
Tianon Gravi
2a6ff3c24f Use OCI "History" type instead of inventing our own copy
The most notable change here is that the OCI's type uses a pointer for `Created`, which we probably should've been too, so most of these changes are accounting for that (and embedding our `Equal` implementation in the one single place it was used).

Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
2023-06-12 13:47:17 -07:00
Cory Snider
d222bf097c daemon: reload runtimes w/o breaking containers
The existing runtimes reload logic went to great lengths to replace the
directory containing runtime wrapper scripts as atomically as possible
within the limitations of the Linux filesystem ABI. Trouble is,
atomically swapping the wrapper scripts directory solves the wrong
problem! The runtime configuration is "locked in" when a container is
started, including the path to the runC binary. If a container is
started with a runtime which requires a daemon-managed wrapper script
and then the daemon is reloaded with a config which no longer requires
the wrapper script (i.e. some args -> no args, or the runtime is dropped
from the config), that container would become unmanageable. Any attempts
to stop, exec or otherwise perform lifecycle management operations on
the container are likely to fail due to the wrapper script no longer
existing at its original path.

Atomically swapping the wrapper scripts is also incompatible with the
read-copy-update paradigm for reloading configuration. A handler in the
daemon could retain a reference to the pre-reload configuration for an
indeterminate amount of time after the daemon configuration has been
reloaded and updated. It is possible for the daemon to attempt to start
a container using a deleted wrapper script if a request to run a
container races a reload.

Solve the problem of deleting referenced wrapper scripts by ensuring
that all wrapper scripts are *immutable* for the lifetime of the daemon
process. Any given runtime wrapper script must always exist with the
same contents, no matter how many times the daemon config is reloaded,
or what changes are made to the config. This is accomplished by using
everyone's favourite design pattern: content-addressable storage. Each
wrapper script file name is suffixed with the SHA-256 digest of its
contents to (probabilistically) guarantee immutability without needing
any concurrency control. Stale runtime wrapper scripts are only cleaned
up on the next daemon restart.

Split the derived runtimes configuration from the user-supplied
configuration to have a place to store derived state without mutating
the user-supplied configuration or exposing daemon internals in API
struct types. Hold the derived state and the user-supplied configuration
in a single struct value so that they can be updated as an atomic unit.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-06-01 14:45:25 -04:00
Cory Snider
982e4fb448 api/server: get features from a callback fn
Passing around a bare pointer to the map of configured features in order
to propagate to consumers changes to the configuration across reloads is
dangerous. Map operations are not atomic, so concurrently reading from
the map while it is being updated is a data race as there is no
synchronization. Use a getter function to retrieve the current features
map so the features can be retrieved race-free.

Remove the unused features argument from the build router.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-06-01 14:43:27 -04:00
CrazyMax
fd72b134d5
update generated files
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-05-29 03:28:35 +02:00
CrazyMax
735537d6b1
replace gogofast with gogofaster extension
gogofaster is identical as gogofast but removes XXX_unrecognized

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-05-29 03:28:35 +02:00
CrazyMax
1eaea43581
fix protos and "go generate" commands
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-05-29 03:28:35 +02:00
Akihiro Suda
5045a2de24
Support recursively read-only (RRO) mounts
`docker run -v /foo:/foo:ro` is now recursively read-only on kernel >= 5.12.

Automatically falls back to the legacy non-recursively read-only mount mode on kernel < 5.12.

Use `ro-non-recursive` to disable RRO.
Use `ro-force-recursive` or `rro` to explicitly enable RRO. (Fails on kernel < 5.12)

Fix issue 44978
Fix docker/for-linux issue 788

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-05-26 01:58:24 +09:00
Sebastiaan van Stijn
ab35df454d
remove pre-go1.17 build-tags
Removed pre-go1.17 build-tags with go fix;

    go mod init
    go fix -mod=readonly ./...
    rm go.mod

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-19 20:38:51 +02:00
Sebastiaan van Stijn
1b3c2743cc
Merge pull request #45550 from corhere/fix-empty-container-decode
Allow empty body in `POST /commit` again
2023-05-18 21:46:00 +02:00
Sebastiaan van Stijn
50d2c94bd6
Merge pull request #43637 from thaJeztah/remove_deprecated_storage_drivers
Remove deprecated devicemapper storage driver
2023-05-18 21:23:41 +02:00
Paweł Gronowski
1be26e9f0c
api/inspect: Fix nil RepoTags and RepoDigests
Make RepoTags and RepoDigests empty arrays instead of nil.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-05-18 15:57:18 +02:00
Cory Snider
967c7bc5d3 api/server: allow empty body for POST /commit again
The error returned by DecodeConfig was changed in
b6d58d749c and caused this to regress.
Allow empty request bodies for this endpoint once again.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-05-17 16:01:11 -04:00
Akihiro Suda
1371aee3cc
Merge pull request #45469 from thaJeztah/deprecate_virtualsize_STEP2
API: omit deprecated VirtualSize field for API v1.44 and up
2023-05-16 15:10:07 +09:00
Sebastiaan van Stijn
bafcfdf8c5
Merge pull request #45484 from thaJeztah/remove_deprecated_stubs
remove deprecated types, fields, and functions
2023-05-12 14:03:26 +01:00
Jeyanthinath Muthuram
307b09e7eb
fixing consistent aliases for OCI spec imports
Signed-off-by: Jeyanthinath Muthuram <jeyanthinath10@gmail.com>
2023-05-08 15:27:52 +05:30
Sebastiaan van Stijn
316781be48
api/types/container: remove deprecated ContainerChangeResponseItem
This was deprecated in dbb48e4b29, which
is part of the v24.0.0 release, so we can remove it from master.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 16:36:17 +02:00
Sebastiaan van Stijn
9c14f98583
api/types: remove deprecated AuthConfig
This was deprecated in 818ee96219, which
is part of the v24.0.0 release, so we can remove it from master.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 16:36:17 +02:00
Sebastiaan van Stijn
913b0f51ca
API: omit deprecated VirtualSize field for API v1.44 and up
This field is deprecated since 1261fe69a3,
and will now be omitted on API v1.44 and up for the `GET /images/json`,
`GET /images/{id}/json`, and `GET /system/df`  endpoints.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 16:35:00 +02:00
Sebastiaan van Stijn
fd0b109bf7
API: bump version to 1.44
The 24.0 branch was created, so changes in master/main should now be
targeting the next version of the API (1.44).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 01:41:49 +02:00
Sebastiaan van Stijn
5f36d4af15
api: synchronize api/swagger.yaml with docs/api/v1.43.yaml
- forward-port changes from 0ffaa6c785 to api/swagger.yaml (v1.44-dev)
- backports the changes to v1.43;
  - Update container OOMKilled flag immediately 57d2d6ef62
  - Add no-new-privileges to SecurityOptions returned by /info eb7738221c
  - API: deprecate VirtualSize field for /images/json and /images/{id}/json 1261fe69a3
  - api/types/container: create type for changes endpoint dbb48e4b29
  - builder-next/prune: Handle "until" filter timestamps 54a125f677

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-05 01:10:20 +02:00
Sebastiaan van Stijn
8a4b095a94
Merge pull request #45353 from thaJeztah/api_container_change_type
api/types/container: create type for changes endpoint
2023-05-04 19:48:40 +02:00
Sebastiaan van Stijn
dbb48e4b29
api/types/container: create type for changes endpoint
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-03 21:23:42 +02:00
Sebastiaan van Stijn
bf5ae17c16
api/server/router/container: containerRouter.postCommit: inline struct
Remove intermediate variable and inline the struct-literal.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-29 02:59:12 +02:00
Sebastiaan van Stijn
e22758bfb2
Merge pull request #45314 from corhere/graceful-shutdown
cmd/dockerd: gracefully shut down the API server
2023-04-28 23:54:34 +02:00
Cory Snider
12bf850c84 cmd/dockerd: gracefully shut down the API server
As of Go 1.8, "net/http".Server provides facilities to close all
listeners, making the same facilities in server.Server redundant.
http.Server also improves upon server.Server by additionally providing a
facility to also wait for outstanding requests to complete after closing
all listeners. Leverage those facilities to give in-flight requests up
to five seconds to finish up after all containers have been shut down.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-04-26 10:57:28 -04:00
Djordje Lukic
a1e1038736
Use the image service instead of the reference store for tagging
The image store sends events when a new image is created/tagged, using
it instead of the reference store makes sure we send the "tag" event
when a new image is built using buildx.

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2023-04-26 15:10:01 +02:00
Sebastiaan van Stijn
dc11d2a2d8
remove deprecated devicemapper storage-driver
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-20 23:51:54 +02:00
Paweł Gronowski
54a125f677
builder-next/prune: Handle "until" filter timestamps
Fixes `docker system prune --filter until=<timestamp>`.
`docker system prune` claims to support "until" filter for timestamps,
but it doesn't work because builder "until" filter only supports
duration.
Use the same filter parsing logic and then convert the timestamp to a
relative "keep-duration" supported by buildkit.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-04-20 21:20:32 +02:00
Sebastiaan van Stijn
1261fe69a3
API: deprecate VirtualSize field for /images/json and /images/{id}/json
In versions of Docker before v1.10, this field was calculated from
the image itself and all of its parent images. Images are now stored
self-contained, and no longer use a parent-chain, making this field
an equivalent of the Size field.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-18 14:46:11 +02:00
Sebastiaan van Stijn
20a1d23b39
Merge pull request #45320 from akerouanton/info-no-new-privileges
Add no-new-privileges to SecurityOptions returned by /info
2023-04-18 14:37:15 +02:00
Albin Kerouanton
eb7738221c
Add no-new-privileges to SecurityOptions returned by /info
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-04-18 09:34:08 +02:00