Commit graph

381 commits

Author SHA1 Message Date
allencloud
8ed657d09e remove fl prefix in containerOptions
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-08-11 11:20:00 +08:00
Zhang Wei
6dd8e10d6e Wait container's removal via Events API
If AutoRemove is set, wait until client get `destroy` events, or get
`detach` events that implies container is detached but not stopped.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2016-08-08 22:46:53 +08:00
Zhang Wei
3c2886d8a4 Move --rm to daemon side
`--rm` is a client side flag which caused lots of problems:
1. if client lost connection to daemon, including client crash or be
killed, there's no way to clean garbage container.
2. if docker stop a `--rm` container, this container won't be
autoremoved.
3. if docker daemon restart, container is also left over.
4. bug: `docker run --rm busybox fakecmd` will exit without cleanup.

In a word, client side `--rm` flag isn't sufficient for garbage
collection. Move the `--rm` flag to daemon will be more reasonable.

What this commit do is:
1. implement a `--rm` on daemon side, adding one flag `AutoRemove` into
HostConfig.
2. Allow `run --rm -d`, no conflicting `--rm` and `-d` any more,
auto-remove can work on detach mode.
3. `docker restart` a `--rm` container will succeed, the container won't
be autoremoved.

This commit will help a lot for daemon to do garbage collection for
temporary containers.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2016-08-08 22:46:53 +08:00
Yong Tang
c8d3ee8093 Allow unset --entrypoint in docker run or docker create
This fix tries to address the issue raised in #23498 to allow unset
`--entrypoint` in `docker run` or `docker create`.

This fix checks the flag `--entrypoint` and, in case `--entrypoint=` (`""`)
is passed, unset the Entrypoint during the container run.

Additional integration tests have been created to cover changes in this fix.

This fix fixes #23498.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-08-05 16:35:20 -07:00
lixiaobing10051267
51ee3dfade It should be volume not binds for first arg in callDecodeContainerConfig()
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
2016-08-02 22:29:34 +08:00
Arnaud Porterie
de64324109 Merge pull request #24705 from thaJeztah/update-flag-descriptions
Improve flag help consistency, and update docs
2016-07-18 16:07:23 +00:00
allencloud
d0081a0f47 better command docker network create -h output
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-07-16 15:32:17 +08:00
Sebastiaan van Stijn
64a8317a5a Improve flag help consistency, and update docs
This adds the `--live-restore` option to the documentation.

Also synched usage description in the documentation
with the actual description, and re-phrased some
flag descriptions to be a bit more consistent.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-07-16 01:58:01 +02:00
Arnaud Porterie (icecrime)
c0c7d5e715
Rename --net to --network
Add a `--network` flag which replaces `--net` without deprecating it
yet. The `--net` flag remains hidden and supported.

Add a `--network-alias` flag which replaces `--net-alias` without deprecating
it yet. The `--net-alias` flag remains hidden and supported.

Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
2016-07-12 13:01:35 -07:00
Arnaud Porterie (icecrime)
5b21c8a408
Organize run flags into categories
Flatten the list of `docker run` flags and group them loosely by
category (general purpose, security, networking, ...).

Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
2016-07-12 11:35:41 -07:00
Kenfe-Mickael Laventure
69af7d0d13 Use "docker-runc" as alias for the default runtime
This also moves the variable holding the default runtime name from the
engine-api repository into docker repository

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-06-22 11:59:26 -07:00
Michael Crosby
c97fdbe3c5 Merge pull request #23415 from aboch/ll
Allow user to specify container's link-local addresses
2016-06-14 15:47:54 -07:00
Alessandro Boch
1c4efb6aa0 Allow user to specify container's link-local addresses
Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-06-14 14:28:33 -07:00
Kenfe-Mickael Laventure
7b2e5216b8 Add support for multiples runtimes
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-06-14 07:47:31 -07:00
Tonis Tiigi
534a90a993 Add Swarm management backend
As described in our ROADMAP.md, introduce new Swarm management API
endpoints relying on swarmkit to deploy services. It currently vendors
docker/engine-api changes.

This PR is fully backward compatible (joining a Swarm is an optional
feature of the Engine, and existing commands are not impacted).

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Signed-off-by: Madhu Venugopal <madhu@docker.com>
2016-06-13 22:16:18 -07:00
Darren Stahl
ea3a7899f5 Removed QoS validation on Windows
Signed-off-by: Darren Stahl <darst@microsoft.com>
2016-06-10 16:30:54 -07:00
Daniel Nephin
5ab2434225 Convert 'docker create' to use cobra and pflag
Return the correct status code on flag parsins errors.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2016-06-04 13:57:30 +02:00
Daniel Nephin
a77f2450c7 Convert 'docker run' to a cobra command and to use pflags
Move container options into a struct so that tests should pass.
Remove unused FlagSet arg from Parse
Disable interspersed args on docker run

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2016-06-04 13:55:35 +02:00
Sven Dowideit
98c245c9e6 Merge pull request #23193 from allencloud/fix-typos
use grep to find all a/an typos
2016-06-02 18:45:08 -07:00
Thomas Leonard
b6c7becbfe
Add support for user-defined healthchecks
This PR adds support for user-defined health-check probes for Docker
containers. It adds a `HEALTHCHECK` instruction to the Dockerfile syntax plus
some corresponding "docker run" options. It can be used with a restart policy
to automatically restart a container if the check fails.

The `HEALTHCHECK` instruction has two forms:

* `HEALTHCHECK [OPTIONS] CMD command` (check container health by running a command inside the container)
* `HEALTHCHECK NONE` (disable any healthcheck inherited from the base image)

The `HEALTHCHECK` instruction tells Docker how to test a container to check that
it is still working. This can detect cases such as a web server that is stuck in
an infinite loop and unable to handle new connections, even though the server
process is still running.

When a container has a healthcheck specified, it has a _health status_ in
addition to its normal status. This status is initially `starting`. Whenever a
health check passes, it becomes `healthy` (whatever state it was previously in).
After a certain number of consecutive failures, it becomes `unhealthy`.

The options that can appear before `CMD` are:

* `--interval=DURATION` (default: `30s`)
* `--timeout=DURATION` (default: `30s`)
* `--retries=N` (default: `1`)

The health check will first run **interval** seconds after the container is
started, and then again **interval** seconds after each previous check completes.

If a single run of the check takes longer than **timeout** seconds then the check
is considered to have failed.

It takes **retries** consecutive failures of the health check for the container
to be considered `unhealthy`.

There can only be one `HEALTHCHECK` instruction in a Dockerfile. If you list
more than one then only the last `HEALTHCHECK` will take effect.

The command after the `CMD` keyword can be either a shell command (e.g. `HEALTHCHECK
CMD /bin/check-running`) or an _exec_ array (as with other Dockerfile commands;
see e.g. `ENTRYPOINT` for details).

The command's exit status indicates the health status of the container.
The possible values are:

- 0: success - the container is healthy and ready for use
- 1: unhealthy - the container is not working correctly
- 2: starting - the container is not ready for use yet, but is working correctly

If the probe returns 2 ("starting") when the container has already moved out of the
"starting" state then it is treated as "unhealthy" instead.

For example, to check every five minutes or so that a web-server is able to
serve the site's main page within three seconds:

    HEALTHCHECK --interval=5m --timeout=3s \
      CMD curl -f http://localhost/ || exit 1

To help debug failing probes, any output text (UTF-8 encoded) that the command writes
on stdout or stderr will be stored in the health status and can be queried with
`docker inspect`. Such output should be kept short (only the first 4096 bytes
are stored currently).

When the health status of a container changes, a `health_status` event is
generated with the new status. The health status is also displayed in the
`docker ps` output.

Signed-off-by: Thomas Leonard <thomas.leonard@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-06-02 23:58:34 +02:00
allencloud
c1be45fa38 fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-06-02 17:17:22 +08:00
Yong Tang
fea7acf0e9 Un-deprecated command line short variant options of -c.
Since 1.9, the following short variant options have been
deprecated in favor of their long variants:
`docker run -c (--cpu-shares)`
`docker build -c (--cpu-shares)`
`docker create -c (--cpu-shares)`
`docker update -c (--cpu-shares)`

However, `-c` is still widely used and is considered as
a convenient option for swarm (see #16271).

This fix undeprecated the command line short
variant options of `-c` and updated the deprecated.md.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-05-26 08:22:27 -07:00
Yong Tang
90bd41a74d The option --add-host and --net=host should not be mutually exclusive.
This fix tries to address the issue raised in #21976 and allows
the options of `--add-host` and `--net=host` to work at the same time.

The documentation has been updated and additional tests have been
added to cover this change.

This fix fixes #21976.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-05-24 18:49:11 -07:00
Yong Tang
23821fe586 The option --dns, --dns-search, --dns-opt and --net=host should not be mutually exclusive.
This fix tries to address the issue raised in #21976 and allows
the options of `--dns`, `--dns-search`, `--dns-opt` and `--net=host`
to work at the same time.

The documentation has been updated and additional tests have been
added to cover this change.

This fix fixes #21976.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-05-24 16:03:26 -07:00
Amit Krishnan
86d8758e2b Get the Docker Engine to build clean on Solaris
Signed-off-by: Amit Krishnan <krish.amit@gmail.com>
2016-05-23 16:37:12 -07:00
Yong Tang
d365c0e151 Fix failed test for TestRestartPolicy
This commit is a follow up of the last commit:
Vendor engine-api to allow docker daemon reload event.

After vendor/engine-api has been updated, the following
unit test fails:
```
--- FAIL: TestRestartPolicy (0.00s)
       hostconfig_test.go:177: RestartPolicy.IsNone for { 0} should have been false but was true
```

The reason for the above failed unit test is that pull request:

https://github.com/docker/engine-api/pull/200

updated behavior of the restart policy and makes restartpolicy.IsNone
return true if restart policy name is `""`. As a result, the above
mentioned unit test fails.

This fix fixes the inconsistency of the unit test so that `TestRestartPolicy`
could pass again.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-05-13 20:39:35 -07:00
Vincent Demeester
78eb8a5fb9 Merge pull request #21641 from yongtang/21595-discrepancy-on-hostname-validation
API/CLI discrepancy on hostname validation (#21595).
2016-04-28 09:25:13 +02:00
Darren Stahl
8df2066341 Add IO Resource Controls for Windows
Signed-off-by: Darren Stahl <darst@microsoft.com>
2016-04-25 13:07:29 -07:00
Vincent Demeester
172ca1ca8c Merge pull request #20924 from Microsoft/10662-CPUResourceControls
Add CPU count and maximum resource controls for Windows
2016-04-15 08:14:59 +02:00
Darren Stahl
ea8c690886 Add CPU count and maximum resource controls for Windows
Signed-off-by: Darren Stahl <darst@microsoft.com>
2016-04-14 15:40:25 -07:00
Dan Walsh
9caf7aeefd Add support for setting sysctls
This patch will allow users to specify namespace specific "kernel parameters"
for running inside of a container.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-04-12 13:37:31 -04:00
Yong Tang
ee4bd806ba API/CLI discrepancy on hostname validation (#21595).
This fix tries to fix the discrepancy between API and CLI on hostname
validation. Previously, the hostname validation was handled at the
CLI interface in runconfig/opts/parse.go and return an error if the
hostname is invalid. However, if an end user use the remote API to
pass the hostname, the error will not be returned immediately.
Instead the error will only be thrown out when the container creation
fails. This creates behavior discrepancy between API and CLI.

In this fix, the hostname validation was moved to
verifyContainerSettings so the behavior will be the same for API and
CLI.

After the change, since CLI does not handle the hostname validation
any more, the previous unit tests about hostname validation on CLI
in runconfig/opts/parse_test.go has to be updated as well because
there is no validation at this stage. All those unit tests are moved
to integration test TestRunTooLongHostname so that the hostname
validation is still properly covered as before.

Note: Since the hostname validation moved to API, the error message
changes from `invalid hostname format for --hostname:` to
`invalid hostname format:` as well because `--hostname` is passed
to CLI only.

This fix fixes #21595.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-04-08 06:13:08 +00:00
Aaron Lehmann
81b01b44c6 Merge pull request #21767 from allencloud/fix-typos
fix typos
2016-04-05 20:32:14 -07:00
allencloud
34700cc1f3 fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-04-06 10:35:01 +08:00
Brian Goff
9a25b1d942 Improve performance/reduce allocs of bytespipe
Creates a `fixedBuffer` type that is used to encapsulate functionality
for reading/writing from the underlying byte slices.

Uses lazily-loaded set of sync.Pools for storing buffers that are no
longer needed so they can be re-used.

```
benchmark                     old ns/op     new ns/op     delta
BenchmarkBytesPipeWrite-8     138469        48985         -64.62%
BenchmarkBytesPipeRead-8      130922        56601         -56.77%

benchmark                     old allocs     new allocs     delta
BenchmarkBytesPipeWrite-8     18             8              -55.56%
BenchmarkBytesPipeRead-8      0              0              +0.00%

benchmark                     old bytes     new bytes     delta
BenchmarkBytesPipeWrite-8     66903         1649          -97.54%
BenchmarkBytesPipeRead-8      0             1             +Inf%
```

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-04-05 13:06:04 -04:00
Arnaud Porterie
1da40fb4ba Merge pull request #21586 from calavera/remove_runconfig_from_routes
Remove runconfig package dependency from the API.
2016-03-29 08:40:49 -07:00
David Calavera
f0d26e1665 Remove runconfig package dependency from image and container routers.
Use an interface to specify the behavior of a configuration decoder.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-03-28 16:23:51 -04:00
Shishir Mahajan
b16decfccf CLI flag for docker create(run) to change block device size.
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
2016-03-28 10:05:18 -04:00
Yong Tang
fa44b4e81e More descriptive error when running a container with a too long hostname (#21445)
This fix tries to fix issues encountered when running a container with a hostname
that is longer than HOST_NAME_MAX(64).

Previously, `could not synchronise with container process` was generated as the
length of the regex check was missing.

This fix covers the length check so that a hostname that is longer than
HOST_NAME_MAX(64) will be given a correct error message.

Several unit tests cases and additional integration test cases are added as well.

This fix closes #21445.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-03-24 17:42:28 +00:00
Alexander Morozov
93f5770511 runconfig/opts: fix compilation issue
it was introduced with #20566 as a result of merge

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-03-21 15:01:08 -07:00
Arnaud Porterie
f9f8708dc6 Merge pull request #20566 from AndrewGuenther/20371-validate-hostname
Ensure --hostname is valid
2016-03-21 14:49:16 -07:00
Yong Tang
800a7d513d Fix one-character directory issue in the volume option (#20122).
The issue comes from the implementation of volumeSplitN() where a
driver letter (`[a-zA-Z]:`) was assumed to follow either `:`, `/`,
or `\\`.

In Windows driver letter appears in two situations:
a. `^[a-zA-Z]:` (A colon followed  by `^[a-zA-Z]:` is OK as colon is
the separator in volume option)
b. A string in the format like `\\?\C:\Windows\...` (UNC).
Therefore, a driver letter can only follow either a `:` or `\\`

This PR removes the condition of `/` before the driver letter so
that options like `-v /tmp/q:/foo` could be handled correctly. A
couple of tests has also been added.

This PR fixes #20122.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-03-21 02:55:06 +00:00
Jess Frazelle
e5a3f86e44 Merge pull request #20662 from tonistiigi/containerd-integration
Containerd integration
2016-03-18 17:21:18 -07:00
Jess Frazelle
06e98f0a5c Merge pull request #21232 from calavera/consolidate_security_opts_format
Consolidate security options to use `=` as separator.
2016-03-18 16:02:38 -07:00
Tonis Tiigi
9c4570a958 Replace execdrivers with containerd implementation
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-03-18 13:38:32 -07:00
David Calavera
cb9aeb0413 Consolidate security options to use = as separator.
All other options we have use `=` as separator, labels,
log configurations, graph configurations and so on.
We should be consistent and use `=` for the security
options too.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-03-17 13:34:42 -04:00
Andrew Guenther
3b6ffc8022 Ensure --hostname is valid
Validates whether the given hostname is RFC 1123
(https://tools.ietf.org/html/rfc1123) compliant.

Fixes #20371

Signed-off-by: Andrew Guenther <guenther.andrew.j@gmail.com>
2016-03-17 00:23:23 -07:00
Tim Hockin
53c5de2921 Don't smoosh hostname and domainname in API
This allows users to provide a FQDN as hostname or to use distinct hostname and
domainname parts.  Depends on https://github.com/docker/libnetwork/pull/950

Signed-off-by: Tim Hockin <thockin@google.com>
2016-03-15 08:32:35 -07:00
Phil Estes
21e531014d Merge pull request #20177 from jheiss/12076-net_hostname
Allow --hostname with --net=host
2016-03-15 08:17:25 -07:00
Liron Levin
6993e891d1 Run privileged containers when userns are specified
Following #19995 and #17409 this PR enables skipping userns re-mapping
when creating a container (or when executing a command). Thus, enabling
privileged containers running side by side with userns remapped
containers.

The feature is enabled by specifying ```--userns:host```, which will not
remapped the user if userns are applied. If this flag is not specified,
the existing behavior (which blocks specific privileged operation)
remains.

Signed-off-by: Liron Levin <liron@twistlock.com>
2016-03-14 17:09:25 +02:00