Move plugins to shared distribution stack with images.
Create immutable plugin config that matches schema2 requirements.
Ensure data being pushed is same as pulled/created.
Store distribution artifacts in a blobstore.
Run init layer setup for every plugin start.
Fix breakouts from unsafe file accesses.
Add support for `docker plugin install --alias`
Uses normalized references for default names to avoid collisions when using default hosts/tags.
Some refactoring of the plugin manager to support the change, like removing the singleton manager and adding manager config struct.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
(cherry picked from commit 3d86b0c79b)
When plugins have a positive refcount, they were not allowed to be
removed. However, plugins could still be disabled when volumes
referenced it and containers using them were running.
This change fixes that by enforcing plugin refcount during disable.
A "force" disable option is also added to ignore reference refcounting.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 8cb2229cd1)
Previously, it doesn't allow creating such a network:
e.g.
$ docker network inspect -f '{{.Id}}' ingress
84xh9knigj6zyt00u31e26nj3
$ docker network create 84
Error response from daemon: network with name 84 already exists
Fix#27866
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
(cherry picked from commit edfbc3b876)
Signed-off-by: Victor Vieux <vieux@docker.com>
In #29071, we made the tags the correct name for generating types,
at the expense of the menu in the documentation looking good.
ReDoc now has support for tag display names
( https://github.com/Rebilly/ReDoc/pull/152 ), so we can assign
a more human-friendly name to the menu items.
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit 0caa6c218c)
Signed-off-by: Victor Vieux <vieux@docker.com>
This reverts 26103. 26103 was trying to make it so that if someone did:
docker build --build-arg FOO .
and FOO wasn't set as an env var then it would pick-up FOO from the
Dockerfile's ARG cmd. However, it went too far and removed the ability
to specify a build arg w/o any value. Meaning it required the --build-arg
param to always be in the form "name=value", and not just "name".
This PR does the right fix - it allows just "name" and it'll grab the value
from the env vars if set. If "name" isn't set in the env then it still needs
to send "name" to the server so that a warning can be printed about an
unused --build-arg. And this is why buildArgs in the options is now a
*string instead of just a string - 'nil' == mentioned but no value.
Closes#29084
Signed-off-by: Doug Davis <dug@us.ibm.com>
(cherry picked from commit cdb8ea90b0)
Signed-off-by: Victor Vieux <vieux@docker.com>
Legacy plugins expect host-relative paths (such as for Volume.Mount).
However, a containerized plugin cannot respond with a host-relative
path. Therefore, this commit modifies new volume plugins' paths in Mount
and List to prepend the container's rootfs path.
This introduces a new PropagatedMount field in the Plugin Config.
When it is set for volume plugins, RootfsPropagation is set to rshared
and the path specified by PropagatedMount is bind-mounted with rshared
prior to launching the container. This is so that the daemon code can
access the paths returned by the plugin from the host mount namespace.
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit c54b717caf)
Signed-off-by: Victor Vieux <vieux@docker.com>
Logging configuration was completely ignore when deploy a compose file
to swarm. This fixes it.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 806cc1e0f8)
Signed-off-by: Victor Vieux <vieux@docker.com>
This fix convert DanglingOnly in ImagesPruneConfig to Filters,
so that it is possible to maintain API compatibility in the future.
Several integration tests have been added to cover changes.
This fix is related to 28497.
A follow up to this PR will be done once this PR is merged.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit a6be56b54e)
Signed-off-by: Victor Vieux <vieux@docker.com>
Validation is still done by swarmkit on the service side.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit ef39256dfb)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
This is required to make the type generation put things in the
correct directory, but unfortunately makes the names in the
documentation menu look a bit crap.
I think the best solution would be to add a `x-display-name`
extension to tags to determine how the tags show up in the menu,
rather than it depend on the name of the tag. I shall do this in
a follow-up PR - for now, let's fix the breakage.
Fixes#29045
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit 30a9249e15)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
- Consistent naming (plural, etc)
- Add section descriptions
- Add docs in swagger.yaml about how to maintain them
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit 2aea9ad56b)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
Make sure current client code can talk for ImageList can still talk to
older daemon.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit c6e31454ba)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
Up to and including 673c5ee559
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit 44c50807c6)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
- Tidied up copy
- API version is now mandatory
- Links to previous API versions
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
(cherry picked from commit c97f67dbab)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
In the plugin manifest, Capabilities has been moved to
Linux.Capabilities to avoid confusion with Interface.Types[i].Capability
A DeviceCreation boolean has also been added to the manifest. This could
be changed in the future to be specific to a major number.
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 9f239281b1)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
use secret store interface instead of embedded secret data into container
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
(cherry picked from commit bebd472e40)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
Instead of not adding experimental routes at all, fail with an explicit
message if the daemon is not running in experimental mode.
Added the `router.Experimental` which does this automatically.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
(cherry picked from commit 3976a33c1a)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
Modify the service update and create APIs to return optional warning
messages as part of the response. Populate these messages with an
informative reason when digest resolution fails.
This is a small API change, but significantly improves the UX. The user
can now get immediate feedback when they've specified a nonexistent
image or unreachable registry.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 948e60691e)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
When swarm-mode is disabled, we need to return an error indicating this.
406 was chosen for the "Not Acceptable" verbiage, but this code has
specific semantics in relation to the `Accept` header, which aren't
applicable here.
We now use a 503 for this case. While it is not a perfect match, it does
make it clear that the particular "service" (read: API endpoint) is not
available. The body of the message provides the user with enough
information to take action on it by enabling swarm-mode and ensuring the
service is available.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit 1d90d76048)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
It doesn't make sense to use omitempty here. 0 is a meaningful value and
it's different from the default. If someone sets Parallelism to 0, we
want to show that Parallelism is 0, not hide the field.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit d8b8b12994)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
Error code resolution is powered by string matching. Not the greatest
thing in the world and I hope no one is proud of this code, but it
works. However, because a map is used, the iteration order of the map is
random, such that if an error matches two of the snippets, it may return
a different error code depending on the seed of the hashmap. This change
converts it to use a slice instead.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit 3484e02590)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
… for `docker images`.
This deprecates the `filter` param for the `/images` endpoint and make a
new filter called `reference` to replace it. It does change the CLI
side (still possible to do `docker images busybox:musl`) but changes the
cli code to use the filter instead (so that `docker images --filter
busybox:musl` and `docker images busybox:musl` act the same).
Signed-off-by: Vincent Demeester <vincent@sbr.pm>