Swarm handles service updates quite differently and also it doesnt
support worker driver network operations. Hence prevent containers from
connecting to swarm scoped networks
Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit 8f9066c468)
Signed-off-by: Tibor Vass <tibor@docker.com>
These docs have AuthzPlugin with a lower case 'z'. What the plugin
api is actually looking for is AuthZPlugin with an upper case 'Z'.
See 46e3a249a1/pkg/authorization/api.go (L5-L8)
Signed-off-by: Everett Toews <everett.toews@rackspace.com>
(cherry picked from commit c42fbc6b09)
Signed-off-by: Tibor Vass <tibor@docker.com>
SetConsoleMode() on input handles appears to remember invalid bits that
were set, causing problems for other programs (such as xcopy.exe) trying
to set the console mode after docker.exe has exited. Always restore
the input console mode on set failure.
Signed-off-by: John Starks <jostarks@microsoft.com>
(cherry picked from commit 83c186fdd4)
Signed-off-by: Tibor Vass <tibor@docker.com>
This is required to make the libnetwork's namespace mgmt
directory configurable
Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit d3af5e3d4b)
Signed-off-by: Tibor Vass <tibor@docker.com>
Hostnames are not supported for now because libnetwork can't use them
for overlay networking yet.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit fca0b18dcb)
Signed-off-by: Tibor Vass <tibor@docker.com>
There are currently problems with "swarm init" and "swarm join" when an
explicit --listen-addr flag is not provided. swarmkit defaults to
finding the IP address associated with the default route, and in cloud
setups this is often the wrong choice.
Introduce a notion of "advertised address", with the client flag
--advertise-addr, and the daemon flag --swarm-default-advertise-addr to
provide a default. The default listening address is now 0.0.0.0, but a
valid advertised address must be detected or specified.
If no explicit advertised address is specified, error out if there is
more than one usable candidate IP address on the system. This requires a
user to explicitly choose instead of letting swarmkit make the wrong
choice. For the purposes of this autodetection, we ignore certain
interfaces that are unlikely to be relevant (currently docker*).
The user is also required to choose a listen address on swarm init if
they specify an explicit advertise address that is a hostname or an IP
address that's not local to the system. This is a requirement for
overlay networking.
Also support specifying interface names to --listen-addr,
--advertise-addr, and the daemon flag --swarm-default-advertise-addr.
This will fail if the interface has multiple IP addresses (unless it has
a single IPv4 address and a single IPv6 address - then we resolve the
tie in favor of IPv4).
This change also exposes the node's externally-reachable address in
docker info, as requested by #24017.
Make corresponding API and CLI docs changes.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit a0ccd0d42f)
Signed-off-by: Tibor Vass <tibor@docker.com>
This renames the `rotate_xxx` flags to camelBack, for
consistency with other API query-params, such as
`detachKeys`, `noOverwriteDirNonDir`, and `fromImage`.
Also makes this flag accept a wider range of boolean
values ("0", "1", "true", "false"), and throw an error
if an invalid value is passed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bd81df1278)
Signed-off-by: Tibor Vass <tibor@docker.com>
Simplifies the mount option usage by providing common aliases for
`source` and `target`. The default mount type is now volume.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit 634f54a047)
Signed-off-by: Tibor Vass <tibor@docker.com>
Update documentation to account for the changes in #24952.
docs/swarm/swarm-tutorial/rolling-update.md doesn't need any changes,
but the CLI reference pages should show the current help text.
drain-node.md no longer needs to specify --update-parallelism 1 in its
example.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 933ba8d7f7)
Signed-off-by: Tibor Vass <tibor@docker.com>
When updates happen, the current behavior is to kill all running
instances and dispatch new tasks. Common use cases for container updates
involve small numbers of containers, meaning the app will go down on
most updates. Setting parallelism to 1 ensures that at most one task
will go down during the update. Services with higher replica counts can
increase this number accordingly to meet their needs.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit 67246afd3d)
Signed-off-by: Tibor Vass <tibor@docker.com>
f5e1f6f688 replaced "secrets"
with "join tokens", which also removed the "auto-accept"
policy.
This removes some remaining references to those features.
Note that there are other references, but those
are already addressed in another pull request.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 987511712f)
Signed-off-by: Tibor Vass <tibor@docker.com>
`--with-registry-auth` is more explicit.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 8426f72107)
Signed-off-by: Tibor Vass <tibor@docker.com>
This way "join-token" appears next to "join" in the help output.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 58ba4c313b)
Signed-off-by: Tibor Vass <tibor@docker.com>
Swarm join has been changed in f5e1f6f688,
removing various options and the "node accept" command.
This removes the removed options from the completion
scripts.
NOTE: a new command ("docker swarm join-token") was
also added, but is not part of this commit.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c4ab20c5f8)
Signed-off-by: Tibor Vass <tibor@docker.com>
In 24823, `swarm join` has been updated to take a `--token`
flag and flag `--manager` has been removed. Though in errNoManager()
the error message still use the old description.
This fix update the error message in errNoManager() and conforms
to the current available flags.
This fix is related to 24823.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 3d30155735)
Signed-off-by: Tibor Vass <tibor@docker.com>
Implement the proposal from
https://github.com/docker/docker/issues/24430#issuecomment-233100121
Removes acceptance policy and secret in favor of an automatically
generated join token that combines the secret, CA hash, and
manager/worker role into a single opaque string.
Adds a docker swarm join-token subcommand to inspect and rotate the
tokens.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 2cc5bd33ee)
Signed-off-by: Tibor Vass <tibor@docker.com>
these values were changed to lowercase in
690cb2d08c,
but not changed accordingly in docker/docker.
this changes the mounttypes to lowercase
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8f93128cd6)
Signed-off-by: Tibor Vass <tibor@docker.com>
When #24648 was merged, only the main Dockerfile was updated with the
new containerd commit, this commit brings the other Dockerfile up to
speed.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit d5cbc57eff)
Signed-off-by: Tibor Vass <tibor@docker.com>
At the moment docker's deprecation policy is 2 release cycles by
default, which is around 5 months. This may not be enough for
production environment and there is a need to extend the
deprecation cycle to 3 releases (see #24494).
This fix updates the docs/deprecated.md and extend the deprecation
cycle to 3 releases.
This fix is related to #24494 and #24534.
This fix fixes#24534.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 9414955c60)
Signed-off-by: Tibor Vass <tibor@docker.com>
this improves the formatting, and code-highlighting
of the `docker ps` reference page, and wraps sentences
to 80 chars
also adds single quotes around the formatting
example for labels.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 07ef0a37f8)
Signed-off-by: Tibor Vass <tibor@docker.com>
`volume-driver-opt` was too verbose for its own existence and the sanity
of those in the vicinity. The much better, sleeker `volume-opt` replaces
it. 7 bytes and a case of carpal tunnel syndrome are saved!
Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit a40b5820c9)
Signed-off-by: Tibor Vass <tibor@docker.com>
Looks like I copied from the line below, not
from the output :)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 83b12c0c11)
Signed-off-by: Tibor Vass <tibor@docker.com>
Adds documentation for "--log-driver" and "--log-opt"
for services.
Also updated the API docs to include the new
options, and generated a more complete JSON
example.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5ece2a6e0d)
Signed-off-by: Tibor Vass <tibor@docker.com>
the output/response slightly changed in
340964db1c,
and `:latest` is no longer required for
various actions.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9d532b5e2d)
Signed-off-by: Tibor Vass <tibor@docker.com>
This commit update swarmkit to 9ee5fc3b8db5de8c8593a57bc45fc178f74ceee1.
This is part of step to fix#24270.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 467107cd40)
Signed-off-by: Tibor Vass <tibor@docker.com>
This fix is an extension to last commit to expand the partial
filter to node and task searches.
Additional integration tests have been added to cover the changes.
This fix fixes 24270.
This fix fixes 24112.
Note: A separate pull request will be opened on swarmkit.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit e734fa58ea)
Signed-off-by: Tibor Vass <tibor@docker.com>
This fix tries to address the issue raised in 24270 where it was
not possible to have a partial name match when list services
with name filter.
This fix updates swarmkit and allows prefix search when name is
provided as the filter for listing services.
An additional integration test is added to cover the changes.
This fix fixes 24270.
Note: A separate pull request will be opened on swarmkit.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 1d600ebcb5)
Signed-off-by: Tibor Vass <tibor@docker.com>