When updating values in the spec according to CLI flags, don't write
into the existing pointers. They may be nil. Instead, update them to
point to the new value we're writing.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit f9c920a126)
Signed-off-by: Tibor Vass <tibor@docker.com>
Remove the swarm inspect command and use docker info instead to display
swarm information if the current node is a manager.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit e6923f6d75)
Signed-off-by: Tibor Vass <tibor@docker.com>
Context cancellations were previously causing `Prepare` to fail
completely on re-entrant calls. To prevent this, we filtered out cancels
and deadline errors. While this allowed the service to proceed without
errors, it had the possibility of interrupting long pulls, causing the
pull to happen twice.
This PR forks the context of the pull to match the lifetime of
`Controller`, ensuring that for each task, the pull is only performed
once. It also ensures that multiple calls to `Prepare` are re-entrant,
ensuring that the pull resumes from its original position.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit d8d71ad5b9)
Signed-off-by: Tibor Vass <tibor@docker.com>
When using encrypted vxlan network, some of the xfrm states are left
stale. This fix also filters out self advertise-addr rules.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit 6a754a4eef)
Signed-off-by: Tibor Vass <tibor@docker.com>
Swarm mode makes it possible through the API to set labels to containers
but not through command line. This tries to fix it.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 4031d70d1b)
Signed-off-by: Tibor Vass <tibor@docker.com>
With digests being added by default, all images have multiple references.
The check for whether force is required to remove the reference should use the new check for single reference which accounts for digest references.
This change restores pre-1.12 behavior and ensures images are not accidentally left dangling while a container is running.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit 1f7a9b1ab3)
Signed-off-by: Tibor Vass <tibor@docker.com>
Relative paths are now calculated from a base path rather than from the file path, which gets treated like a directory.
Symlinks will now properly point to the file as "../<layer dir>/layer.tar" rather the incorrect "../../<layer dir>/layer.tar".
Fixes#24951
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit 5487881e12)
Signed-off-by: Tibor Vass <tibor@docker.com>
Ensure that cancellation of a pull propagates rather than continuing to
container creation. This ensures that the `Prepare` method is properly
re-entrant.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit d99c6b837f)
Signed-off-by: Tibor Vass <tibor@docker.com>
Instead reserve exit code 2 to be future proof, document that it should
not be used. Implementation-wise, it is considered as unhealthy, but
users should not rely on this as it may change in the future.
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 91e9f38313)
Signed-off-by: Tibor Vass <tibor@docker.com>
This adds a guide with recommendations on how to setup
Managers and keep the Swarm cluster healthy.
Signed-off-by: Alexandre Beslic <alexandre.beslic@gmail.com>
(cherry picked from commit 24f87f26e7)
Signed-off-by: Tibor Vass <tibor@docker.com>
This changes the default behavior so that rolling updates will not
proceed once an updated task fails to start, or stops running during the
update. Users can use docker service inspect --pretty servicename to see
the update status, and if it pauses due to a failure, it will explain
that the update is paused, and show the task ID that caused it to pause.
It also shows the time since the update started.
A new --update-on-failure=(pause|continue) flag selects the
behavior. Pause means the update stops once a task fails, continue means
the old behavior of continuing the update anyway.
In the future this will be extended with additional behaviors like
automatic rollback, and flags controlling parameters like how many tasks
need to fail for the update to stop proceeding. This is a minimal
solution for 1.12.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 57ae29aa74)
Signed-off-by: Tibor Vass <tibor@docker.com>
When daemon has liveRestore set, daemon shutdown should not shutdown
plugins. Fixes#24759
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 4a44cf1d4c)
Signed-off-by: Tibor Vass <tibor@docker.com>
This was preventing the "exit" event to be correctly processed during
the restore process without live-restore enabled.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit ac068a1f9d)
Signed-off-by: Tibor Vass <tibor@docker.com>
This will make it easier to pinpoint error messages in the daemon
logs.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit 5231c55346)
Signed-off-by: Tibor Vass <tibor@docker.com>
- Tasks will display all tasks (`-a` is the default and was removed)
- Nest tasks to help display history
- Display task errors inline
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
(cherry picked from commit edd67fd4ad)
Signed-off-by: Tibor Vass <tibor@docker.com>
There's existing code to generate these
kind of errors, so make the errors added
in commit cc493a52a4
less DRY.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3fa9d77bf3)
Signed-off-by: Tibor Vass <tibor@docker.com>
Truncated dir name can't give any useful information, print whole dir
name will.
Bad debug log is like this:
```
DEBU[2449] aufs error unmounting /var/lib/doc: no such file or directory
```
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
(cherry picked from commit af8359562c)
Signed-off-by: Tibor Vass <tibor@docker.com>
Commit cc493a52a4 added
a constraint to network connect/disconnect operations
on "Swarm scoped" networks.
This adds those errors to the API documentation. Also
changes the error to lowercase for consistency.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b0089e4827)
Signed-off-by: Tibor Vass <tibor@docker.com>
Swarm handles service updates quite differently and also it doesnt
support worker driver network operations. Hence prevent containers from
connecting to swarm scoped networks
Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit 8f9066c468)
Signed-off-by: Tibor Vass <tibor@docker.com>
These docs have AuthzPlugin with a lower case 'z'. What the plugin
api is actually looking for is AuthZPlugin with an upper case 'Z'.
See 46e3a249a1/pkg/authorization/api.go (L5-L8)
Signed-off-by: Everett Toews <everett.toews@rackspace.com>
(cherry picked from commit c42fbc6b09)
Signed-off-by: Tibor Vass <tibor@docker.com>
SetConsoleMode() on input handles appears to remember invalid bits that
were set, causing problems for other programs (such as xcopy.exe) trying
to set the console mode after docker.exe has exited. Always restore
the input console mode on set failure.
Signed-off-by: John Starks <jostarks@microsoft.com>
(cherry picked from commit 83c186fdd4)
Signed-off-by: Tibor Vass <tibor@docker.com>
This is required to make the libnetwork's namespace mgmt
directory configurable
Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit d3af5e3d4b)
Signed-off-by: Tibor Vass <tibor@docker.com>
Hostnames are not supported for now because libnetwork can't use them
for overlay networking yet.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit fca0b18dcb)
Signed-off-by: Tibor Vass <tibor@docker.com>
There are currently problems with "swarm init" and "swarm join" when an
explicit --listen-addr flag is not provided. swarmkit defaults to
finding the IP address associated with the default route, and in cloud
setups this is often the wrong choice.
Introduce a notion of "advertised address", with the client flag
--advertise-addr, and the daemon flag --swarm-default-advertise-addr to
provide a default. The default listening address is now 0.0.0.0, but a
valid advertised address must be detected or specified.
If no explicit advertised address is specified, error out if there is
more than one usable candidate IP address on the system. This requires a
user to explicitly choose instead of letting swarmkit make the wrong
choice. For the purposes of this autodetection, we ignore certain
interfaces that are unlikely to be relevant (currently docker*).
The user is also required to choose a listen address on swarm init if
they specify an explicit advertise address that is a hostname or an IP
address that's not local to the system. This is a requirement for
overlay networking.
Also support specifying interface names to --listen-addr,
--advertise-addr, and the daemon flag --swarm-default-advertise-addr.
This will fail if the interface has multiple IP addresses (unless it has
a single IPv4 address and a single IPv6 address - then we resolve the
tie in favor of IPv4).
This change also exposes the node's externally-reachable address in
docker info, as requested by #24017.
Make corresponding API and CLI docs changes.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit a0ccd0d42f)
Signed-off-by: Tibor Vass <tibor@docker.com>