This changes the way the exec drivers work by not specifing a -driver
flag on reexec. For each of the exec drivers they register their own
functions that will be matched aginst the argv 0 on exec and called if
they match.
This also allows any functionality to be added to docker so that the
binary can be reexec'd and any type of function can be called. I moved
the flag parsing on docker exec to the specific initializers so that the
implementations do not bleed into one another. This also allows for
more flexability within reexec initializers to specify their own flags
and options.
Signed-off-by: Michael Crosby <michael@docker.com>
That job was a hacky solution to a real race condition. This removes the
hack without re-introducing the race.
Signed-off-by: Solomon Hykes <solomon@docker.com>
This disentangles the following functions, which were previously all mixed together:
* 1) Waiting for jobs to terminate when shutting down
* 2) Handling signals in the Docker daemon
* 3) Per-subsystem cleanup handlers
* 4) pidfile management
Responsibilities are dispatched as follows:
* Signal traps are set in `main`, and trigger `engine.Shutdown`
* `engine.Shutdown` coordinates cleanup by waiting for jobs to complete, and calling shutdown handlers
* To perform cleanup at shutdown, each subsystem registers handlers with `engine.OnShutdown`
* `daemon` is one subsystem, so it registers cleanup via `engine.OnShutdown`.
* `daemon` owns the pidfile, which is used to lock access to `/var/lib/docker`. Part of its cleanup is to remove the pidfile.
Signed-off-by: Solomon Hykes <solomon@docker.com>
DOCKER_CONFIG was introduced in #6984.
We may use "config" for other purposes (e.g. #7232). Until we
have made a design decision around how configuration files will
work, DOCKER_CERT_PATH is a much safer name to rely on for future
compatibility.
Docker-DCO-1.1-Signed-off-by: Ben Firshman <ben@firshman.co.uk> (github: bfirsh)
This works mostly by refactoring our "main" package to be careful about what it imports based on the daemon build tag. :)
Also, I've updated Travis to test "client-only" compilation after it tests the daemon version.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
functions to pkg/parsers/kernel, and parsing filters to
pkg/parsers/filter. Adjust imports and package references.
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Can now dynamically set the docker config directory through an
environment variable.
export DOCKER_CONFIG=/path/to/docker_config/
Default behavior remains the same, e.g. ~/.docker
Documentation for change added to the https.md docs.
Docker-DCO-1.1-Signed-off-by: James A. Kyle <james@jameskyle.org> (github: jameskyle)
In that case /etc/resolv.conf will be generated with no search
option. Usage: --dns-search=.
Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
The Docker btrfs graph driver does not interact well with SELinux at present.
If btrfs mounts the same file in several locations, the same SELinux label will
be applied to all mountpoints. In the context of the graph driver, things such
as shared libraries become inaccessible to containers due to SELInux, causing
all dynamically linked applications to fail when run in a container.
Consequently, error when we detect the daemon is being run with SELinux enabled
and the btrfs driver. Documentation has been added for this behavior.
Docker-DCO-1.1-Signed-off-by: Matthew Heon <mheon@redhat.com> (github: mheon)
It avoids hidden error when ports are redirected from
container to host using -p host_port:guest_port.
Docker-DCO-1.1-Signed-off-by: Jiří Župka <jzupka@redhat.com> (github: jzupka)
This will allow us to _know_ what the user's -H settings are, which may
be useful for debugging later.
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
This commit makes Docker throw an error if the daemon isn't started as
root.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Added --selinux-enable switch to daemon to enable SELinux labeling.
The daemon will now generate a new unique random SELinux label when a
container starts, and remove it when the container is removed. The MCS
labels will be stored in the daemon memory. The labels of containers will
be stored in the container.json file.
When the daemon restarts on boot or if done by an admin, it will read all containers json files and reserve the MCS labels.
A potential problem would be conflicts if you setup thousands of containers,
current scheme would handle ~500,000 containers.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: crosbymichael)
This has every container using the docker daemon's pid for the processes
label so it does not work correctly.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
- Mention that [] options may be specified multiple times on the Usage page
Docker-DCO-1.1-Signed-off-by: Mike MacCana <mike.maccana@gmail.com> (github: mikemaccana)
Docker-DCO-1.1-Signed-off-by: Mike MacCana <mike.maccana@gmail.com> (github: SvenDowideit)
Without creating a root there is no way for the engine to return an
error from the new function.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This makes the engine more general purpose so that we can
use it and the job routing functionality for reexec'ing our binary
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Conflicts:
integration/runtime_test.go
For combing through logs, have an intro line with information about the
running instance of the docker daemon.
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
Add a --dns-search parameter and a DnsSearch
configuration field for specifying dns search
domains.
Docker-DCO-1.1-Signed-off-by: Daniel Norberg <daniel.norberg@gmail.com> (github: danielnorberg)
Fix docs and help messages of --iptables and --ip-forward to describe the true case behaviour
Docker-DCO-1.1-Signed-off-by: Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com> (github: ichik1)
This removes the incomplete symlink handling from engine.go and it adds
it one place in docker.go.
It also enables handling symlinks for TMPDIR.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
This allows selective loading of commands, and paves the way to dynamic
plugins.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
like the storage-driver flag, this implements a flag for choosing the
execdriver to be used, defaulting to lxc.
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
This breaks the dependency from the remote API implementation to the
internal representation of a container. Instead it uses its own partial
representation of a container, with only required fields.
* This preserves reverse-compatibility with all past implementations of the remote API.
* This clarifies which fields are guaranteed to be present in a response
A docker remote api server *may* return more fields in a Container
object, but their presence and semantics are not guaranteed and should
not be relied upon by client implementations.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
update docker.go
move to pkg
update docs
update name and copyright
change --sinceId to --since-id, update completion and docs
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor@docker.com> (github: vieux)
Since commit c91c365, when starting the docker daemon without an
existing /var/lib/docker directory, it fails with:
2013/12/18 23:39:36 Unable to canonicalize root (%!s(*string=0xc210077c80)): lstat /var/lib/docker: no such file or directory
Move the symlink checking code to engine.New after the root dir has been
created.
e.g.:
```
docker -d -bip "10.10.0.1/16"
```
If set and valid, use provided in place of trial and error from pre-defined array in network.go.
Mutually exclusive of -b option.
If a command during build fails, `docker build` now returns with
the exit code of that command.
This makes it necessary to change the build api endpoint to
return a json object stream.
* Implement a new package: engine. It exposes a useful but minimalist job API.
* Refactor main() to instanciate an Engine instead of a Server directly.
* Refactor server.go to register an engine job.
This is the smallest possible refactor which can include the new Engine design
into master. More gradual refactoring will follow.
As 'go fmt' doesn't support verifying files in multiple directories,
it's probably a good idea to run it on all '*.go' files from time to
time with something like this:
find . -name "*.go" | xargs dirname | sort -u | xargs -n 1 echo go fmt
Add the -api-enable-cors flag when running docker
in daemon mode to allow CORS requests to be made to
the Remote Api. The default value is false for this
flag to not allow cross origin request to be made.
Also added a handler for OPTIONS requests the standard
for cross domain requests is to initially make an
OPTIONS request to the api.
Ensure the docker daemon creates a file containing its PID under
/var/run/docker.pid.
The daemon takes care of removing the pid file when it receives either
SIGTERM, SIGINT or SIGKILL.
The daemon also refuses to start when the pidfile is found. An
explanation message is shown to the user when this happens.
This change is required to make docker easier to manage by tools like
checkproc which rely on this information.
The raw mode is actually only needed when you attach to a container.
Having it enabled all the time can be a pain, e.g: if docker crashes
your terminal will end up in a broken state.
Since we are currently missing a real API for the docker daemon to
negotiate this kind of options, this changeset actually enable the raw
mode on the login (because it outputs a password), run and attach
commands.
This "optional raw mode" is implemented by passing a more complicated
interface than io.Writer as the stdout argument of each command. This
interface (DockerConn) exposes a method which allows the command to set
the terminal in raw mode or not.
Finally, the code added by this changeset will be deprecated by a real
API for the docker daemon.
