- otherwise the attachment task will stay in store and
consume IP addresses and there is no way to remove it.
Signed-off-by: Alessandro Boch <aboch@docker.com>
- When the node leaves the cluster, if any user run
container(s) is connected to the swarm network,
then daemon needs to detach the container(s) and
remove the network.
Signed-off-by: Alessandro Boch <aboch@docker.com>
(cherry picked from commit 3cedca5d53)
Signed-off-by: Victor Vieux <vieux@docker.com>
Previously, it doesn't allow creating such a network:
e.g.
$ docker network inspect -f '{{.Id}}' ingress
84xh9knigj6zyt00u31e26nj3
$ docker network create 84
Error response from daemon: network with name 84 already exists
Fix#27866
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
(cherry picked from commit edfbc3b876)
Signed-off-by: Victor Vieux <vieux@docker.com>
This fix tries to address the issue raised in 24352. Previously,
when `docker swarm update` has no flags, the output is
```
Swarm updated.
```
even though nothing was updated. This could be misleading for
users.
This fix tries to address the issue by adding a `PreRunE` function
in the command so that in case no flag is provided (`cmd.Flags().NFlag() == 0`),
the usage will be outputed instead.
An integration has been added to cover the changes.
This fix fixes 24352.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 5aa5a1cb00)
Signed-off-by: Victor Vieux <vieux@docker.com>
`--publish-add 8081:81 --publish-add 8082:82 --publish-rm 80
--publish-rm 81/tcp --publish-rm 82/tcp` would thus result in 81 and
82 to be published.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
In certain cases (unattended upgrades), system services can disable
loaded AppArmor profiles. However, since /etc being read-only is a
supported setup we cannot just write a copy of the profile to
/etc/apparmor.d.
Instead, dynamically load the docker-default AppArmor profile if a
container is started with that profile set. This code will short-cut if
the profile is already loaded.
Fixes: 2f7596aaef ("apparmor: do not save profile to /etc/apparmor.d")
Signed-off-by: Aleksa Sarai <asarai@suse.de>
(cherry picked from commit 567ef8e785)
Signed-off-by: Victor Vieux <vieux@docker.com>
This fix tries to fix the issue raised in 29044 where
the IPAM options is missing in swarm network mode
after the service is deployed. Before the service
is deployed, the IPAM options is available.
The reason for the issue is that, before service is
deployed, `network inspect` is querying the swarm and
obtained the correct information.
However, after service is deployed, swarm executor
does not pass the IPAM options to the backend (daemon).
Also after service is deployed, `network inspect` is
actually querying the local daemon for information.
At this time the network information with missing IPAM
options is returned.
This fix fixes the issue by updating the swarm network
allocator and swarm executor.
A separate PR for swarmkit will be opened.
An integration test has been added to cover the change.
This fix fixes 29044.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 4d958e99c1)
Signed-off-by: Victor Vieux <vieux@docker.com>
This reverts commit 139fff2bf0.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit eb55d03f3c)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
(cherry picked from commit eeac871946)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
This fix tries to fix the crash caused by `docker service inspect --pretty`,
by performing necessary nil pointer check.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit b6857e91c1)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
As is specified in 28018, it would be useful to know the manager's addresses
even in a worker node. This is especially useful when there are many
worker nodes in a big cluster.
The information is available in `info.Swarm.RemoteManagers`.
This fix add the information of `Manager Addresses` to the output
of `docker info`, to explicitly show it.
A test has been added for this fix.
This fix fixes 28018.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address 27902 by adding a flag `--host`
to `docker service create` and `--host-add/--host-rm` to
`docker service update`, so that it is possible to
specify extra `host:ip` settings in `/etc/hosts`.
This fix adds `Hosts` in swarmkit's `ContainerSpec` so that it
is possible to specify extra hosts during service creation.
Related docs has been updated.
An integration test has been added.
This fix fixes 27902.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix is a follow up to #27567 based on:
https://github.com/docker/docker/pull/27567#issuecomment-259295055
In #27567, `--dns-options` has been added to `service create/update`,
together with `--dns` and `--dns-search`. The `--dns-opt` was used
in `docker run`.
This fix add `--dns-option` (not `--dns-options`) to `docker run/create`, and hide
`--dns-opt`. It is still possible to use `--dns-opt` with
`docker run/create`, though it will not show up in help output.
This fix change `--dns-options`to --dns-option` for `docker service create`
and `docker service update`.
This fix also updates the docs and bash/zsh completion scripts.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix adds `--dns-add`, `--dns-rm`, `--dns-opt-add`, `--dns-opt-rm`,
`--dns-search-add` and `--dns-search-rm` to `service update`.
An integration test and a unit test have been added to cover the changes in this fix.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to fix the issue raised in 24391 about allowing
custom DNS settings to service definition.
This fix adds `DNSConfig` (`Nameservers`, `Options`, `Search`) to
service definition, as well as `--dns`, `--dns-opt`, and `dns-search`
to `service create`.
An integration test has been added to cover the changes in this fix.
This fix fixes 24391.
A PR in swarmkit will be created separately.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to add `--tty` to `docker service create/update`. As was
specified in 25644, `TTY` flag has been added to SwarmKit and is
already vendored.
This fix add `--tty` to `docker service create/update`.
Related document has been updated.
Additional integration tests has been added.
This fix fixes 25644.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
When a container is attached to an "--attachable" network, it strictly
forms the attacherKey using either the network-id or network-name
because at the time of attachment, the daemon may not have the network
downloaded locally from the manager. Hence, when the NetworkDettach is
called, it should use either network-name or network-id. This fix
addresses the missing network-id based dettachment case.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
When a container is run on a --attachable network, the endpoint
configs passed by the user were incorrectly overwritten.
Copy the relevant configs instead of overwriting the entire configs.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
--group-add was used for specifying groups for both service create
and service update. For create it was confusing since we don't have
an existing set of groups. Instead I added --group to create, and
moved --group-add to service update only, like --group-rm
This deals with issue 27646
Signed-off-by: Lily Guo <lily.guo@docker.com>
Update flag documentation
Specify that --group, --group-add and --groupd-rm refers to
supplementary user groups
Signed-off-by: Lily Guo <lily.guo@docker.com>
Fix docs for groups and update completion scripts
Signed-off-by: Lily Guo <lily.guo@docker.com>
This fix tries to address the issue in 24712 and add
`--env-file` file to `docker create service`.
Related documentation has been updated.
An additional integration has been added.
This fix fixes 24712.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This adds support for two enhancements to swarm service rolling updates:
- Failure thresholds: In Docker 1.12, a service update could be set up
to either pause or continue after a single failure occurs. This adds
an --update-max-failure-ratio flag that controls how many tasks need to
fail to update for the update as a whole to be considered a failure. A
counterpart flag, --update-monitor, controls how long to monitor each
task for a failure after starting it during the update.
- Rollback flag: service update --rollback reverts the service to its
previous version. If a service update encounters task failures, or
fails to function properly for some other reason, the user can roll back
the update.
SwarmKit also has the ability to roll back updates automatically after
hitting the failure thresholds, but we've decided not to expose this in
the Docker API/CLI for now, favoring a workflow where the decision to
roll back is always made by an admin. Depending on user feedback, we may
add a "rollback" option to --update-failure-action in the future.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
As of https://github.com/docker/swarmkit/pull/1607, swarmkit honors
global network plugins while allocating network resources.
This IT covers the e2e integration between libnetwork, swarmkit and
docker engine to support global network-plugins for swarm-mode
Signed-off-by: Madhu Venugopal <madhu@docker.com>
This fix tries to address the issue related to 24108 and 24790, and
also the case from 24620#issuecomment-233715656
The reason for the failure case in the above mentioned issues is that
currently Task names are actually indexed by Service Name
(`e.ServiceAnnotations.Name`)
To fix it, a pull request in swarmkit (swarmkit/pull/1193) has been
opened separately.
This fix adds the integration tests for the above mentioned issues.
Swarmkit revendoring is needed to completely fix the issues.
This fix fixes 24108.
This fix fixes 24790.
This fix is related to 24620.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the issue raised in 24538
where the error message is unclear when removing pre-defined networks:
```
docker network rm ingress
Error response from daemon: rpc error: code = 7 desc = 4vlxuzpk8bxdsxpyvkxluol5g is a pre-defined network and cannot be removed
```
This fix improve the error message so that if network's name is specified
in the `RemoveNetwork`, then error message will contain the name and the ID
(instead of just an ID):
```
docker network rm ingress
Error response from daemon: rpc error: code = 7 desc = ingress (4vlxuzpk8bxdsxpyvkxluol5g) is a pre-defined network and cannot be removed
```
An integration test has been added to cover the changes.
This fix fixes 24538.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
The swarm scope network connected containers with autostart enabled
there was a dependency problem with the cluster to be initialized before
we can autostart them. With the current container restart code happening
before cluster init, these containers were not getting autostarted
properly. Added a fix to delay the container start of those containers
which has atleast one swarm scope endpoint to until after the cluster is
initialized.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
This fix tries to address the issue raised in 25304 to support
`--group-add` and `--group-rm` in `docker service create`.
This fix adds `--group-add` to `docker service create` and `docker service update`,
adds `--group-rm` to `docker service update`.
This fix updates docs for `docker service create` and `docker service update`:
1. Add `--group-add` to `docker service create` and `docker service update`
2. Add `--group-rm` to `docker service update`
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
