A HealthConfig entry was added to the ContainerSpec associated with the
service being created or updated.
Signed-off-by: Cezar Sa Espinola <cezarsa@gmail.com>
containers may specify these cgroup values at runtime. This will allow
processes to change their priority to real-time within the container
when CONFIG_RT_GROUP_SCHED is enabled in the kernel. See #22380.
Also added sanity checks for the new --cpu-rt-runtime and --cpu-rt-period
flags to ensure that that the kernel supports these features and that
runtime is not greater than period.
Daemon will support a --cpu-rt-runtime flag to initialize the parent
cgroup on startup, this prevents the administrator from alotting runtime
to docker after each restart.
There are additional checks that could be added but maybe too far? Check
parent cgroups to ensure values are <= parent, inspecting rtprio ulimit
and issuing a warning.
Signed-off-by: Erik St. Martin <alakriti@gmail.com>
`docker network prune` prunes unused networks, including overlay ones.
`docker system prune` also prunes unused networks.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Currently, there's no way to restart the tasks of a service without
making an actual change to the service. This leads to us giving awkward
workarounds as in
https://github.com/docker/docker.github.io/pull/178/files, where we tell
people to scale a service up and down to restore balance, or make
unnecessary changes to trigger a restart.
This change adds a --force option to "docker service update", which
forces the service to be updated even if no changes require that.
Since rolling update parameters are respected, the user can use
"docker service --force" to do a rolling restart. For example, the
following is supported:
docker service update --force --update-parallelism 2 \
--update-delay 5s myservice
Since the default value of --update-parallelism is 1, the default
behavior is to restart the service one task at a time.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This fix tries to address the issue raised in 25545 where
volume options at the creation time is not showed up
in `docker volume inspect`.
This fix adds the field `Options` in `Volume` type and
persist the options in volume db so that `volume inspect`
could display the options.
This fix adds a couple of test cases to cover the changes.
This fix fixes 25545.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This adds support for two enhancements to swarm service rolling updates:
- Failure thresholds: In Docker 1.12, a service update could be set up
to either pause or continue after a single failure occurs. This adds
an --update-max-failure-ratio flag that controls how many tasks need to
fail to update for the update as a whole to be considered a failure. A
counterpart flag, --update-monitor, controls how long to monitor each
task for a failure after starting it during the update.
- Rollback flag: service update --rollback reverts the service to its
previous version. If a service update encounters task failures, or
fails to function properly for some other reason, the user can roll back
the update.
SwarmKit also has the ability to roll back updates automatically after
hitting the failure thresholds, but we've decided not to expose this in
the Docker API/CLI for now, favoring a workflow where the decision to
roll back is always made by an admin. Depending on user feedback, we may
add a "rollback" option to --update-failure-action in the future.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This fix tries to address the issue raised in 27021 where
HTML strings like (`&, >, <, etc`) in environmental variables
are escaped for JSON output for `docker inspect`. For example,
`TEST_ENV="soanni&rtr"` has been escaped to `TEST_ENV="soanni\u0026rtr"`
This fix disabled HTML escaping with `SetEscapeHTML`, which is available
since golang 1.7.0. This changes will be applied to all JSON output
that utilize `httputils.WriteJSON`.
An integration test has been added to cover the changes.
This fix fixes 27021.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
These new endpoints request the daemon to delete all resources
considered "unused" in their respective category:
- all stopped containers
- all volumes not attached to any containers
- images with no associated containers
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Those data include:
- size of data shared with other images
- size of data unique to a given image
- how many containers are using a given image
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
This fix tries to address the issue raised in 24958 where previously
`docker swarm init` will automatically fill in all the default value
(instead of letting swarmkit to handle the default).
This fix update the `swarm init` so that initial value are passed only
when a flag change has been detected.
This fix fixes 24958.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
When calling the /networks/ endpoint with a trailing
slash, the default network was returned.
This changes the endpoint to return the list of networks
instead (same response as `/networks` without trailing
slash).
Also updated the description for GetNetworkByName to
explain that the "default" network is returned if
no name or id is provided.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
As part of making graphdrivers support pluginv2, a PluginGetter
interface was necessary for cleaner separation and avoiding import
cycles.
This commit creates a PluginGetter interface and makes pluginStore
implement it. Then the pluginStore object is created in the daemon
(rather than by the plugin manager) and passed to plugin init as
well as to the different subsystems (eg. graphdrivers, volumedrivers).
A side effect of this change was that some code was moved out of
experimental. This is good, since plugin support will be stable soon.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
This adds a small C binary for fighting zombies. It is mounted under
`/dev/init` and is prepended to the args specified by the user. You
enable it via a daemon flag, `dockerd --init`, as it is disable by
default for backwards compat.
You can also override the daemon option or specify this on a per
container basis with `docker run --init=true|false`.
You can test this by running a process like this as the pid 1 in a
container and see the extra zombie that appears in the container as it
is running.
```c
int main(int argc, char ** argv) {
pid_t pid = fork();
if (pid == 0) {
pid = fork();
if (pid == 0) {
exit(0);
}
sleep(3);
exit(0);
}
printf("got pid %d and exited\n", pid);
sleep(20);
}
```
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
I always forget which one is which. Now, I can't forget. This is
probably in the docs somewhere but now it's handy at a glance.
Signed-off-by: Drew Erny <drew.erny@docker.com>
This PR adds support for running regular containers to be connected to
swarm mode multi-host network so that:
- containers connected to the same network across the cluster can
discover and connect to each other.
- Get access to services(and their associated loadbalancers)
connected to the same network
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
As is raised in 26312, in `docker network ls`, the help output was
mistaken to `volume names`:
```
-q, --quiet Only display volume names
```
This fix changes the help output to:
```
-q, --quiet Only display network IDs
```
This fix also updates the documentation in:
`docs/reference/commandline/network_ls.md`
This fix fixes 26312.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the issue in 26173 where `docker import -c`
with quoted flags returns an error.
The issue was that in `api/client/image/import.go` the flag
`--change/-c` was handled by `StringSliceVarP` which does not handle
the quote well.
The similiar issue was enountered for 23309 (`docker commit`).
This fix takes the same approach as 23309 where `StringSliceVarP`
was replaced with `VarP` and `opts.ListOpts`.
An integration test has been added to cover the changes.
This fix fixes 26173.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Before:
$ docker update --cpu-period
Status: flag needs an argument: --cpu-period
See 'docker update --help'., Code: 125
After:
$ docker update --cpu-period
flag needs an argument: --cpu-period
See 'docker update --help'.
Also remove flagErrorFunc function which isn't needed anymore.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This fix tries to add the registry mirrors information in the output
of `docker info`.
In our active deployment, we use registry mirrors to help speeding
up the `docker pull`. In the current output of `docker info`,
registry mirrors is not present though it is available in `/info` API.
I think it makes sense to add the registry mirrors to `docker info`,
similiar to insecure registries.
This fix adds the registry mirrors to the output of `docker info`:
```
Registry Mirrors:
https://192.168.1.2/http://registry.mirror.com:5000/
```
An integration test has been added to cover the changes.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the issue raised in 25304 to support
`--group-add` and `--group-rm` in `docker service create`.
This fix adds `--group-add` to `docker service create` and `docker service update`,
adds `--group-rm` to `docker service update`.
This fix updates docs for `docker service create` and `docker service update`:
1. Add `--group-add` to `docker service create` and `docker service update`
2. Add `--group-rm` to `docker service update`
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
There are cases such as migrating from classic overlay network to the
swarm-mode networking (without kv-store), such a mechanism to allow
disconnecting a container even when a network isnt available will be
useful.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Also consolidate the leftover packages under cli.
Remove pkg/mflag.
Make manpage generation work with new cobra layout.
Remove remaining mflag and fix tests after rebase with master.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Cleanup cobra integration
Update windows files for cobra and pflags
Cleanup SetupRootcmd, and remove unnecessary SetFlagErrorFunc.
Use cobra command traversal
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Currently start command will invoke getExitCode - which is based on
Inspect API - to get returned exit code after container exits.
There's two race conditions here:
if container is started with Restart Policy, there's chance that the
container is restarted quickly before it calls getExitCode, under such
circumstance, the exit code is wrong.
if container is started with --rm, it's possible that container is
removed before getExitCode, in this situation, you can't get correct
exit code either.
Replace getExitCode with waitExitOrRemoved can solve this problem.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
