If, using the API, a user submits an init request with a spec that has a
name other than "default", the engine will rename the "default" cluster
object. Some parts of swarmkit depend on having a cluster object named
"default". Reject any specs that use other names.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
If a swarm service is created using an image ID, it's useless to try to
pull this reference or resolve it to a manifest digest. Avoid doing this
when a fully qualified image ID is given.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
The error didn't hint at how to resolve it. Google auto-suggest
also implies that people have been Googling this error.
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
Modify the service update and create APIs to return optional warning
messages as part of the response. Populate these messages with an
informative reason when digest resolution fails.
This is a small API change, but significantly improves the UX. The user
can now get immediate feedback when they've specified a nonexistent
image or unreachable registry.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
- Neither swarm init or swarm update should take an unlock key
- Add an autolock flag to turn on autolock
- Make the necessary docker api changes
- Add SwarmGetUnlockKey API call and use it when turning on autolock
- Add swarm unlock-key subcommand
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
In file `api/types/client.go`, some of the "*Options{}" structs own a
`Filters` field while some else have the name of `Filter`, this commit
will rename all `Filter` to `Filters` for consistency. Also `Filters`
is consistent with API with format `/xxx?filters=xxx`, that's why
`Filters` is the right name.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
This fix tries to fix logrus formatting by removing `f` from
`logrus.[Error|Warn|Debug|Fatal|Panic|Info]f` when formatting string
is not present.
Fixed issue #23459
Signed-off-by: Daehyeok Mun <daehyeok@gmail.com>
This adds support for two enhancements to swarm service rolling updates:
- Failure thresholds: In Docker 1.12, a service update could be set up
to either pause or continue after a single failure occurs. This adds
an --update-max-failure-ratio flag that controls how many tasks need to
fail to update for the update as a whole to be considered a failure. A
counterpart flag, --update-monitor, controls how long to monitor each
task for a failure after starting it during the update.
- Rollback flag: service update --rollback reverts the service to its
previous version. If a service update encounters task failures, or
fails to function properly for some other reason, the user can roll back
the update.
SwarmKit also has the ability to roll back updates automatically after
hitting the failure thresholds, but we've decided not to expose this in
the Docker API/CLI for now, favoring a workflow where the decision to
roll back is always made by an admin. Depending on user feedback, we may
add a "rollback" option to --update-failure-action in the future.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This fix tries to address the issue raised in 24958 where previously
`docker swarm init` will automatically fill in all the default value
(instead of letting swarmkit to handle the default).
This fix update the `swarm init` so that initial value are passed only
when a flag change has been detected.
This fix fixes 24958.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
The swarm scope network connected containers with autostart enabled
there was a dependency problem with the cluster to be initialized before
we can autostart them. With the current container restart code happening
before cluster init, these containers were not getting autostarted
properly. Added a fix to delay the container start of those containers
which has atleast one swarm scope endpoint to until after the cluster is
initialized.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
This PR adds support for running regular containers to be connected to
swarm mode multi-host network so that:
- containers connected to the same network across the cluster can
discover and connect to each other.
- Get access to services(and their associated loadbalancers)
connected to the same network
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
On join, remote addresses are supposed to be detected by the manager
that receives the join request. However, the daemon is interfering with
this by automatically detecting an advertise address and specifying that
to the remote manager. Fix this so that an advertise address is only
specified while joining a cluster if one was given by the user.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This fix tries to address the issue raised in 26090 where
remote API `POST /services/(id or name)/update` cannot
use `name` to update. This is not consistent with the
documentation of the remote API.
This fix fixes this issue by performing a lookup with `getService`
in case `name` instead of `id` is used in API.
This fix adds an integration test to cover the changes.
This fix fixes 26090.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
It makes little sense to have swarm related code into the daemon
package. This refactor the `daemon` and `cluster` package to remove
`ListContainersForNode` from the daemon.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Right now docker puts swarm's control socket into the docker root dir
(e.g. /var/lib/docker).
This can cause some nasty issues with path length being > 108
characters, especially in our CI environment.
Since we already have some other state going in the daemon's exec root
(libcontainerd and libnetwork), I think it makes sense to move the
control socket to this location, especially since there are other unix
sockets being created here by docker so it must always be at a path that
works.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
join-tokens are not needed for this endpoint, and should not be as part
of /info
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit d8f3b3f006)
Remove the swarm inspect command and use docker info instead to display
swarm information if the current node is a manager.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
There are currently problems with "swarm init" and "swarm join" when an
explicit --listen-addr flag is not provided. swarmkit defaults to
finding the IP address associated with the default route, and in cloud
setups this is often the wrong choice.
Introduce a notion of "advertised address", with the client flag
--advertise-addr, and the daemon flag --swarm-default-advertise-addr to
provide a default. The default listening address is now 0.0.0.0, but a
valid advertised address must be detected or specified.
If no explicit advertised address is specified, error out if there is
more than one usable candidate IP address on the system. This requires a
user to explicitly choose instead of letting swarmkit make the wrong
choice. For the purposes of this autodetection, we ignore certain
interfaces that are unlikely to be relevant (currently docker*).
The user is also required to choose a listen address on swarm init if
they specify an explicit advertise address that is a hostname or an IP
address that's not local to the system. This is a requirement for
overlay networking.
Also support specifying interface names to --listen-addr,
--advertise-addr, and the daemon flag --swarm-default-advertise-addr.
This will fail if the interface has multiple IP addresses (unless it has
a single IPv4 address and a single IPv6 address - then we resolve the
tie in favor of IPv4).
This change also exposes the node's externally-reachable address in
docker info, as requested by #24017.
Make corresponding API and CLI docs changes.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
In 24823, `swarm join` has been updated to take a `--token`
flag and flag `--manager` has been removed. Though in errNoManager()
the error message still use the old description.
This fix update the error message in errNoManager() and conforms
to the current available flags.
This fix is related to 24823.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Implement the proposal from
https://github.com/docker/docker/issues/24430#issuecomment-233100121
Removes acceptance policy and secret in favor of an automatically
generated join token that combines the secret, CA hash, and
manager/worker role into a single opaque string.
Adds a docker swarm join-token subcommand to inspect and rotate the
tokens.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
For any operation that involves netwoks (other than network create),
swarmkit expects the target as network-id. Service upate was using
network-name as the target and that caused the issue.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
… on `docker node tasks` and `docker service tasks` commands.
This changes is mainly server-side (between engine api and
swarmkit). There is just a check in `api/client/service/tasks.go` to
handle the special *self* meaning.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
On stop there were multiple places that marked
`cluster.node` nil. Now stop waits for the node to
set itself nil.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
As described in our ROADMAP.md, introduce new Swarm management API
endpoints relying on swarmkit to deploy services. It currently vendors
docker/engine-api changes.
This PR is fully backward compatible (joining a Swarm is an optional
feature of the Engine, and existing commands are not impacted).
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Signed-off-by: Madhu Venugopal <madhu@docker.com>