Commit graph

347 commits

Author SHA1 Message Date
Sebastiaan van Stijn
7e7e100be0
Add HEAD support for /_ping endpoint
Monitoring systems and load balancers are usually configured to use HEAD
requests for health monitoring. The /_ping endpoint currently does not
support this type of request, which means that those systems have fallback
to GET requests.

This patch adds support for HEAD requests on the /_ping endpoint.

Although optional, this patch also returns `Content-Type` and `Content-Length`
headers in case of a HEAD request; Refering to RFC 7231, section 4.3.2:

    The HEAD method is identical to GET except that the server MUST NOT
    send a message body in the response (i.e., the response terminates at
    the end of the header section).  The server SHOULD send the same
    header fields in response to a HEAD request as it would have sent if
    the request had been a GET, except that the payload header fields
    (Section 3.3) MAY be omitted.  This method can be used for obtaining
    metadata about the selected representation without transferring the
    representation data and is often used for testing hypertext links for
    validity, accessibility, and recent modification.

    A payload within a HEAD request message has no defined semantics;
    sending a payload body on a HEAD request might cause some existing
    implementations to reject the request.

    The response to a HEAD request is cacheable; a cache MAY use it to
    satisfy subsequent HEAD requests unless otherwise indicated by the
    Cache-Control header field (Section 5.2 of [RFC7234]).  A HEAD
    response might also have an effect on previously cached responses to
    GET; see Section 4.3.5 of [RFC7234].

With this patch applied, either `GET` or `HEAD` requests work; the only
difference is that the body is empty in case of a `HEAD` request;

    curl -i --unix-socket /var/run/docker.sock http://localhost/_ping
    HTTP/1.1 200 OK
    Api-Version: 1.40
    Cache-Control: no-cache, no-store, must-revalidate
    Docker-Experimental: false
    Ostype: linux
    Pragma: no-cache
    Server: Docker/dev (linux)
    Date: Mon, 14 Jan 2019 12:35:16 GMT
    Content-Length: 2
    Content-Type: text/plain; charset=utf-8

    OK

    curl --head -i --unix-socket /var/run/docker.sock http://localhost/_ping
    HTTP/1.1 200 OK
    Api-Version: 1.40
    Cache-Control: no-cache, no-store, must-revalidate
    Content-Length: 0
    Content-Type: text/plain; charset=utf-8
    Docker-Experimental: false
    Ostype: linux
    Pragma: no-cache
    Server: Docker/dev (linux)
    Date: Mon, 14 Jan 2019 12:34:15 GMT

The client is also updated to use `HEAD` by default, but fallback to `GET`
if the daemon does not support this method.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-31 18:18:24 +01:00
Yong Tang
393838ca5e
Merge pull request #38569 from thaJeztah/forget_about_it
Add Cache-Control headers to disable caching /_ping endpoint
2019-01-31 23:59:11 +08:00
Olli Janatuinen
80d7bfd54d Capabilities refactor
- Add support for exact list of capabilities, support only OCI model
- Support OCI model on CapAdd and CapDrop but remain backward compatibility
- Create variable locally instead of declaring it at the top
- Use const for magic "ALL" value
- Rename `cap` variable as it overlaps with `cap()` built-in
- Normalize and validate capabilities before use
- Move validation for conflicting options to validateHostConfig()
- TweakCapabilities: simplify logic to calculate capabilities

Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-22 21:50:41 +02:00
Sebastiaan van Stijn
5f788fbf56
Add Cache-Control headers to disable caching /_ping endpoint
The result of this endpoint should not be cached, so it's better to
explicitly disable caching.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-14 22:03:23 +01:00
Sebastiaan van Stijn
5ccc0714f7
Swagger: fix "task logs" outside of "tasks" section
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-14 17:04:16 +01:00
Tibor Vass
b4842cfe88
Merge pull request #38354 from thaJeztah/fix_ipam_swagger
Swagger: fix definition of IPAM driver options
2019-01-09 23:17:00 +01:00
Olli Janatuinen
153171e9dd Added support for maximum replicas per node to services
Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
2018-12-24 02:04:15 +02:00
Sebastiaan van Stijn
a5dd68186c
Swagger: fix definition of IPAM driver options
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-12-12 01:46:34 +01:00
Sebastiaan van Stijn
bb7de1f7cb
Minor docs touch-ups for KernelMemoryTCP support
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-11-27 22:54:20 +01:00
Yong Tang
f023816608 Add memory.kernelTCP support for linux
This fix tries to address the issue raised in 37038 where
there were no memory.kernelTCP support for linux.

This fix add MemoryKernelTCP to HostConfig, and pass
the config to runtime-spec.

Additional test case has been added.

This fix fixes 37038.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2018-11-26 21:03:08 +00:00
selansen
32180ac0c7 VXLAN UDP Port configuration support
This commit contains changes to configure DataPathPort
option. By default we use 4789 port number. But this commit
will allow user to configure port number during swarm init.
DataPathPort can't be modified after swarm init.
Signed-off-by: selansen <elango.siva@docker.com>
2018-11-22 17:35:02 -05:00
Tibor Vass
369da264ba builder: deprecate prune filter unused-for in favor of until
This is to keep the UX consistent. `unused-for` is still accepted and a synonym.

Signed-off-by: Tibor Vass <tibor@docker.com>
2018-11-21 01:39:53 +00:00
Sebastiaan van Stijn
2e8c913dbd
Add missing default address pool fields to swagger
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-11-18 01:52:28 +01:00
Akihiro Suda
596cdffb9f mount: add BindOptions.NonRecursive (API v1.40)
This allows non-recursive bind-mount, i.e. mount(2) with "bind" rather than "rbind".

Swarm-mode will be supported in a separate PR because of mutual vendoring.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-11-06 17:51:58 +09:00
Sebastiaan van Stijn
e238713cc9
Update API version to v1.40
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-26 15:34:27 +02:00
Brian Goff
5bdfa19b86 Add more API doc details on service update version.
Hopefully this removes some confusion as to what this version number
should be.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2018-10-15 08:31:31 -07:00
Dani Louca
78fd978454 Masking credentials from proxy URL
Signed-off-by: Dani Louca <dani.louca@docker.com>
2018-10-01 14:06:00 -04:00
Yong Tang
7bfec8cd80
Merge pull request #37400 from olljanat/34795-allow-npipe
Allow mount type npipe on service/stack
2018-09-26 09:54:42 -07:00
Yong Tang
472a52861c
Merge pull request #37907 from tiborvass/remove-docker-prefix-containerd
Remove 'docker-' prefix for containerd and runc binaries
2018-09-26 02:52:31 -07:00
Tibor Vass
34eede0296 Remove 'docker-' prefix for containerd and runc binaries
This allows to run the daemon in environments that have upstream containerd installed.

Signed-off-by: Tibor Vass <tibor@docker.com>
2018-09-24 21:49:03 +00:00
Drew Erny
14da20f5e7 Add support for sysctl options in services
Adds support for sysctl options in docker services.

* Adds API plumbing for creating services with sysctl options set.
* Adds swagger.yaml documentation for new API field.
* Updates the API version history document.
* Changes executor package to make use of the Sysctls field on objects
* Includes integration test to verify that new behavior works.

Essentially, everything needed to support the equivalent of docker run's
`--sysctl` option except the CLI.

Includes a vendoring of swarmkit for proto changes to support the new
behavior.

Signed-off-by: Drew Erny <drew.erny@docker.com>
2018-09-20 10:51:56 -05:00
Olli Janatuinen
1144159a9f Updated swagger config
Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
2018-09-16 19:52:33 +03:00
Tibor Vass
8ff7847d1c builder: add prune options to the API
Signed-off-by: Tibor Vass <tibor@docker.com>
2018-09-01 22:01:17 +00:00
Anshul Pundir
514ce73391
Changes to cluster/filter, swagger.yaml, version-history.md for filtering on node labels.
Signed-off-by: Anshul Pundir <anshul.pundir@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-08-21 22:17:23 +02:00
Sebastiaan van Stijn
a3d4238b9c
Add "Warnings" to /info endpoint, and move detection to the daemon
When requesting information about the daemon's configuration through the `/info`
endpoint, missing features (or non-recommended settings) may have to be presented
to the user.

Detecting these situations, and printing warnings currently is handled by the
cli, which results in some complications:

- duplicated effort: each client has to re-implement detection and warnings.
- it's not possible to generate warnings for reasons outside of the information
  returned in the `/info` response.
- cli-side detection has to be updated for new conditions. This means that an
  older cli connecting to a new daemon may not print all warnings (due to
  it not detecting the new conditions)
- some warnings (in particular, warnings about storage-drivers) depend on
  driver-status (`DriverStatus`) information. The format of the information
  returned in this field is not part of the API specification and can change
  over time, resulting in cli-side detection no longer being functional.

This patch adds a new `Warnings` field to the `/info` response. This field is
to return warnings to be presented by the user.

Existing warnings that are currently handled by the CLI are copied to the daemon
as part of this patch; This change is backward-compatible with existing
clients; old client can continue to use the client-side warnings, whereas new
clients can skip client-side detection, and print warnings that are returned by
the daemon.

Example response with this patch applied;

```bash
curl --unix-socket /var/run/docker.sock http://localhost/info | jq .Warnings
```

```json
[
  "WARNING: bridge-nf-call-iptables is disabled",
  "WARNING: bridge-nf-call-ip6tables is disabled"
]
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-08-21 11:36:15 +02:00
Tibor Vass
1800883bd1
Merge pull request #37558 from selansen/master
Global Default Address Pool feature support
2018-08-20 18:15:44 -07:00
selansen
f7ad95cab9 Global Default Address Pool feature support
This feature allows user to specify list of subnets for global
default address pool. User can configure subnet list using
'swarm init' command. Daemon passes the information to swarmkit.
We validate the information in swarmkit, then store it in cluster
object. when IPAM init is called, we pass subnet list to IPAM driver.

Signed-off-by: selansen <elango.siva@docker.com>
2018-08-20 15:07:08 -04:00
Sebastiaan van Stijn
9916827496
Merge pull request #37593 from AntaresS/add-enable-buildkit
[enhancement] add optional fields in daemon.json to enable buildkit
2018-08-20 19:41:56 +01:00
Anda Xu
2be17666b4 add optional fields in daemon.json to enable buildkit
Signed-off-by: Anda Xu <anda.xu@docker.com>
2018-08-19 14:58:23 -07:00
Daniel Hiltgen
896d1b1c61 Expose license status in Info (#37612)
* Expose license status in Info

This wires up a new field in the Info payload that exposes the license.
For moby this is hardcoded to always report a community edition.
Downstream enterprise dockerd will have additional licensing logic wired
into this function to report details about the current license status.

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>

* Code review comments

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>

* Add windows autogen support

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2018-08-17 17:05:21 -07:00
Sebastiaan van Stijn
871894e95e
Swagger: bump API version to v1.39
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-08-16 16:24:48 +02:00
Sebastiaan van Stijn
bd06a5ea4d
Fix golint warning on generated "volume" types
Should fix

```
api/types/volume/volume_create.go
Line 10: warning: comment on exported type VolumeCreateBody should be of the form "VolumeCreateBody ..." (with optional leading article) (golint)

api/types/volume/volume_list.go
Line 12: warning: comment on exported type VolumeListOKBody should be of the form "VolumeListOKBody ..." (with optional leading article) (golint)
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-07-13 16:58:59 +02:00
Vincent Demeester
e401b88e59
Add support for init on services
It's already supported by `swarmkit`, and act the same as
`HostConfig.Init` on container creation.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-06-07 14:17:55 +02:00
Jess Frazelle
3694c1e34e
api: add configurable MaskedPaths and ReadOnlyPaths to the API
This adds MaskedPaths and ReadOnlyPaths options to HostConfig for containers so
that a user can override the default values.

When the value sent through the API is nil the default is used.
Otherwise the default is overridden.

Adds integration tests for MaskedPaths and ReadonlyPaths.

Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
2018-06-05 12:33:14 -04:00
Brian Goff
f51a96c016 Move plugin client creation to the extension point
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2018-05-25 15:18:53 -04:00
Sebastiaan van Stijn
df5175e1ee
Bump API version to v1.38
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-05-24 02:39:28 +02:00
Brian Goff
5a68e2617d
Merge pull request #35246 from dperny/attachment-inspect
Output network attachment task information
2018-05-23 15:44:39 -04:00
Sebastiaan van Stijn
3682703ad4
Update swagger and API history
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-05-22 23:37:33 +02:00
Drew Erny
5b69ff466e
Output network attachment task information
Adds functionality to parse and return network attachment spec
information. Network attachment tasks are phony tasks created in
swarmkit to deal with unmanaged containers attached to swarmkit. Before
this change, attempting `docker inspect` on the task id of a network
attachment task would result in an empty task object. After this change,
a full task object is returned

Fixes #26548 the correct way.

Signed-off-by: Drew Erny <drew.erny@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-05-22 23:36:30 +02:00
Sebastiaan van Stijn
8b6b559866
Set item-type for ExecIDs
Arrays expect a type to be set for items in the array.

This patch adds the "string" type, adds a short description,
and some example values.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-05-22 13:18:44 +02:00
Grant Millar
58a35eaede Fix swagger file type for ExecIds
Signed-off-by: Grant Millar <grant@seednet.eu>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-05-19 22:14:38 +02:00
Sebastiaan van Stijn
3646562a5c
Merge pull request #37088 from ohbarye/fix-typos-duplicated-the
Fix typos: remove duplicated "the"
2018-05-19 20:57:47 +02:00
AJ Bowen
b7fe0b6359
Highlight meaning of 'precpu' (i.e. 'previous').
Signed-off-by: AJ Bowen <aj@soulshake.net>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-05-17 14:57:44 +02:00
ohbarye
0f95b23d98 Fix typos: remove duplicated "the"
Signed-off-by: Masato Ohba <over.rye@gmail.com>
2018-05-17 21:49:51 +09:00
emanb29
13e0b26510
Describe IP field of Port definition
Signed-off-by: Ethan Bell <ebgamer29@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-05-15 12:09:42 +02:00
Wassim Dhif
2058928edc Fix version mismatch in API documentation
Fix a version mismatch in the API documentation.

Signed-off-by: Wassim DHIF <wassimdhif@gmail.com>
2018-04-23 18:57:35 +02:00
Daniel Nephin
95ccb55fe2 Add target field to build API docs
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-03-28 14:34:58 -04:00
Sebastiaan van Stijn
0076343b29
Merge pull request #33702 from aaronlehmann/templated-secrets-and-configs
Templated secrets and configs
2018-02-21 13:39:10 +01:00
Akihiro Suda
8e435b8279 Support SCTP port mapping (bump up API to v1.37)
Signed-off-by: Wataru Ishida <ishida.wataru@lab.ntt.co.jp>
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-02-20 11:15:36 +09:00
Brian Goff
8e8f5f4457 Always mount configs with tmpfs
This makes configs and secrets behavior identical.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2018-02-16 11:25:14 -05:00