Add a `--network` flag which replaces `--net` without deprecating it
yet. The `--net` flag remains hidden and supported.
Add a `--network-alias` flag which replaces `--net-alias` without deprecating
it yet. The `--net-alias` flag remains hidden and supported.
Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
(cherry picked from commit c0c7d5e715)
Signed-off-by: Tibor Vass <tibor@docker.com>
We use containerd and there is no execution driver anymore.
Addresses: https://github.com/docker/docker/issues/24461
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
(cherry picked from commit 1fb1136fec)
Signed-off-by: Tibor Vass <tibor@docker.com>
The current behavior of `docker swarm init` is to set up a swarm that
has no secret for joining, and does not require manual acceptance for
workers. Since workers may sometimes receive sensitive data such as pull
credentials, it makes sense to harden the defaults.
This change makes `docker swarm init` generate a random secret if none
is provided, and print it to the terminal. This secret will be needed to
join workers or managers to the swarm. In addition to improving access
control to the cluster, this setup removes an avenue for
denial-of-service attacks, since the secret is necessary to even create
an entry in the node list.
`docker swarm init --secret ""` will set up a swarm without a secret,
matching the old behavior. `docker swarm update --secret ""` removes the
automatically generated secret after `docker swarm init`.
Closes#23785
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 7342e42fce)
Signed-off-by: Tibor Vass <tibor@docker.com>
In the API:
`Writable` changed to `ReadOnly`
`Populate` changed to `NoCopy`
Corresponding CLI options updated to:
`volume-writable` changed to `volume-readonly`
`volume-populate` changed to `volume-nocopy`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 56f3422468)
Signed-off-by: Tibor Vass <tibor@docker.com>
This is done in a hacky way as currently there is no better way.
Uses known implementation details about how tasks are scheduled to be
able to operate on the underlying container.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit e5ec575b32)
Signed-off-by: Tibor Vass <tibor@docker.com>
Always attempt to add digest even when tag already exists.
Ensure digest does not currently exist.
When image id is mismatched, output an error log.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit 33984f256b)
Signed-off-by: Tibor Vass <tibor@docker.com>
schema1 manifests is not working on ARM64, we should skip integration-cli
tests for schema1 manifests on ARM64.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
(cherry picked from commit 9c1566a1df)
Signed-off-by: Tibor Vass <tibor@docker.com>
This fix tries to address an issue raised in #24090 where
the title field of `docker node ls` use NAME instead of
HOSTNAME. Yet the content of this field is actually
hostname.
The fix makes needed changes for the output of
`docker node ls`.
An additional test has been added to cover the change in
this fix.
This fix fixes#24090.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 4bc91ceeb7)
Fix two test issues:
- pidof is not available in PATH on some Jenkins systems (rhel, centos)
Use kill -0 instead.
- Cleanup after plugin test. This is a stop gap fix. The right way to
fix this, is to shutdown the plugin on daemon shutdown path (except
for the live-restore case). This will be done in a follow up PR.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 6d36431e23)
Also live restore is stable now. So move experimental tests out to stable.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 006d58d7e6)
This also moves the variable holding the default runtime name from the
engine-api repository into docker repository
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit 69af7d0d13)
Add api side validation and defaults for init and
join requests.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit fb3eb1c27e)
Add integration test for removing by image id with tag and digest reference to the same repository.
Add integration test to ensure only tag to other repository remains after deleting tag with accompanying digest reference.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit 5cff374b14)
This fix tries to fix the issue raised in #23716 where `docker start`
causes an error of `No such container:` if the container has been
renamed before `docker start` returns.
The issue is that `docker start` use container name passed at the
beginning to check for exit code at the end of the `docker start`.
This fix addresses the issue by always use container's `ID` to get
the information during `docker start`.
Additional integration tests have been added to cover this fix.
This fix fixes#23716.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 6e86733b47)
Change `docker service update` to replace attributes of the target
service rather than augment them. One particular occurrence where the
previous behavior proved problematic is when trying to update a port
mapping: the merge semantics provided no way of removing published
ports, but strictly of adding more.
The utility merge* functions where renamed accordingly to update*.
Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
(cherry picked from commit 1f8ab93b44)
When a repository has a tag and digests, show tag for each digest value.
Do not duplicate rows for the same image name with both tag and digest.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit 79eada3814)
The security infomation has already been added to `GET /info` in #21172.
However, it is not part of the output of `docker info` yet.
This fix adds the security information to `docker info`.
Additional tests has been added to cover changes.
This fix fixes#23500. This fix is related to #20909, #21172.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit eee20b564f)
The test was waiting for the container to exit after failing its
healthcheck. However, we no longer automatically terminate containers,
so this waited instead for the container to time-out by itself.
Signed-off-by: Thomas Leonard <thomas.leonard@docker.com>
(cherry picked from commit 18a59bb869)
