Commit graph

466 commits

Author SHA1 Message Date
Yong Tang
9b6b3c2076 Add --dns-option to docker run and hide --dns-opt
This fix is a follow up to #27567 based on:
https://github.com/docker/docker/pull/27567#issuecomment-259295055

In #27567, `--dns-options` has been added to `service create/update`,
together with `--dns` and `--dns-search`. The `--dns-opt` was used
in `docker run`.

This fix add `--dns-option` (not `--dns-options`) to `docker run/create`, and hide
`--dns-opt`. It is still possible to use `--dns-opt` with
`docker run/create`, though it will not show up in help output.

This fix change `--dns-options`to --dns-option` for `docker service create`
and `docker service update`.

This fix also updates the docs and bash/zsh completion scripts.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-09 12:13:25 -08:00
Vincent Demeester
4f7083a04f Merge pull request #27947 from milindchawre/fix_27798
Fixes #27798 : Update help for --blkio-weight parameter
2016-11-09 15:35:38 +01:00
milindchawre
ecb59a2283 Fixes #24083 : Improving cli help for flags with duration option
Signed-off-by: milindchawre <milindchawre@gmail.com>
2016-11-09 12:17:28 +00:00
Vincent Demeester
c025049c27 Merge pull request #28098 from yongtang/25099-oom_score_adj-empty-env
Fix `/proc/<pid>/oom_score_adj: invalid argument` error caused by empty env name
2016-11-09 10:39:18 +01:00
Victor Vieux
e98e4a7111 always add but hide experimental cmds and flags
Signed-off-by: Victor Vieux <vieux@docker.com>

update cobra and use Tags

Signed-off-by: Victor Vieux <vieux@docker.com>

allow client to talk to an older server

Signed-off-by: Victor Vieux <vieux@docker.com>
2016-11-08 04:55:27 -08:00
Amit Krishnan
934328d8ea Add functional support for Docker sub commands on Solaris
Signed-off-by: Amit Krishnan <krish.amit@gmail.com>

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-11-07 09:06:34 -08:00
Yong Tang
818d55c34b Fix /proc/<pid>/oom_score_adj: invalid argument error caused by empty env name
This fix is part of the fix for issue 25099. In 25099, if an env
has a empty name, then `docker run` will throw out an error:
```
ubuntu@ubuntu:~/docker$ docker run -e =A busybox true
docker: Error response from daemon: invalid header field value "oci runtime error:
container_linux.go:247: starting container process caused \"process_linux.go:295:
setting oom score for ready process caused \\\"write /proc/83582/oom_score_adj:
invalid argument\\\"\"\n".
```

This fix validates the Env in the container spec before it is sent
to containerd/runc.

Integration tests have been created to cover the changes.

This fix is part of fix for 25099 (not complete yet, non-utf case
may require a fix in `runc`).
This fix is related to 25300.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-07 08:15:26 -08:00
Darren Stahl
4e15420b9b Windows: Add cpu count option
Signed-off-by: Darren Stahl <darst@microsoft.com>
2016-11-04 13:38:50 -07:00
Yong Tang
846baf1fd3 Add --cpus flag to control cpu resources
This fix tries to address the proposal raised in 27921 and add
`--cpus` flag for `docker run/create`.

Basically, `--cpus` will allow user to specify a number (possibly partial)
about how many CPUs the container will use. For example, on a 2-CPU system
`--cpus 1.5` means the container will take 75% (1.5/2) of the CPU share.

This fix adds a `NanoCPUs` field to `HostConfig` since swarmkit alreay
have a concept of NanoCPUs for tasks. The `--cpus` flag will translate
the number into reused `NanoCPUs` to be consistent.

This fix adds integration tests to cover the changes.

Related docs (`docker run` and Remote APIs) have been updated.

This fix fixes 27921.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-04 09:43:10 -07:00
Akihiro Suda
273eeb813c cli: add --mount to docker run
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2016-11-03 07:08:59 +00:00
milindchawre
51012aa0af Fixes #27798 : Update help for --blkio-weight parameter
Signed-off-by: milindchawre <milindchawre@gmail.com>
2016-11-03 06:42:15 +00:00
Yong Tang
90ce6de50b Fix issue related to duplicate identical bind mounts for docker run
This fix tries to address the issue raised in 27969 where
duplicate identical bind mounts for `docker run` caused additional volumes
to be created.

The reason was that in `runconfig`, if duplicate identical bind mounts
have been specified, the `copts.volumes.Delete(bind)` will not truly
delete the second entry from the slice. (Only the first entry is deleted).

This fix fixes the issue.

An integration test has been added to cover the changes

This fix fixes 27969.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-01 20:31:34 -07:00
Vincent Demeester
87ddc8b0a5 Merge pull request #26837 from AkihiroSuda/newtmpfs
api: add TypeTmpfs to api/types/mount
2016-10-28 19:21:26 +02:00
Akihiro Suda
18768fdc2e api: add TypeTmpfs to api/types/mount
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2016-10-28 08:38:32 +00:00
Vincent Demeester
2f7e907846
Small log formatting fixes
… and clise to close 👼

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-10-27 15:29:24 -07:00
Yong Tang
ee3105c68a Add --env-file flag to docker create service
This fix tries to address the issue in 24712 and add
`--env-file` file to `docker create service`.

Related documentation has been updated.

An additional integration has been added.

This fix fixes 24712.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-10-27 11:48:32 -07:00
Vincent Demeester
80d6d2e129 Merge pull request #23430 from erikstmartin/realtime-threads
Implementing support for --cpu-rt-period and --cpu-rt-runtime
2016-10-27 00:22:06 +02:00
Erik St. Martin
56f77d5ade Implementing support for --cpu-rt-period and --cpu-rt-runtime so that
containers may specify these cgroup values at runtime. This will allow
processes to change their priority to real-time within the container
when CONFIG_RT_GROUP_SCHED is enabled in the kernel. See #22380.

Also added sanity checks for the new --cpu-rt-runtime and --cpu-rt-period
flags to ensure that that the kernel supports these features and that
runtime is not greater than period.

Daemon will support a --cpu-rt-runtime flag to initialize the parent
cgroup on startup, this prevents the administrator from alotting runtime
to docker after each restart.

There are additional checks that could be added but maybe too far? Check
parent cgroups to ensure values are <= parent, inspecting rtprio ulimit
and issuing a warning.

Signed-off-by: Erik St. Martin <alakriti@gmail.com>
2016-10-26 11:33:06 -04:00
Yong Tang
01d3a16f58 Return error if env file contains non-ascii or utf8 bytes (for windows)
This fix tries to address the issue raised in 26179 where an env file
with non-ascii or utf8 bytes will crash on windows platform.

The issue is two-fold:
- Windows will adds a BOM mark at the begining with Notepad as the editor
- Non-utf8 bytes can not be handled by env file parser.

This fix removes utf8 BOM marker if exists so that utf8 encoded env file
could be processed.
This fix also returns an error (instead of a runtime CreateProcess crash)
if env file contains non-utf8 bytes, thus giving users better experiences.

Additional test cases has been added in unit tests.

This fix fixes 26179.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-10-25 12:34:25 -07:00
Tonis Tiigi
37a3be2449 Move stdio attach from libcontainerd backend to callback
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-10-24 00:20:36 -07:00
Yong Tang
cc703784f3 Update docker stop and docker restart to allow not specifying timeout and use the one specified at container creation time.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-10-17 12:53:35 -07:00
Yong Tang
e66d210891 Add config parameter to change per-container stop timeout during daemon shutdown
This fix tries to add a flag `--stop-timeout` to specify the timeout value
(in seconds) for the container to stop before SIGKILL is issued. If stop timeout
is not specified then the default timeout (10s) is used.

Additional test cases have been added to cover the change.

This fix is related to #22471. Another pull request will add `--shutdown-timeout`
to daemon for #22471.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-10-17 12:28:46 -07:00
Sebastiaan van Stijn
21a79b503a Merge pull request #27366 from morelena/use_contains
all: use strings.Contains instead Index
2016-10-13 18:44:30 -07:00
Elena Morozova
a37027f6bd all: use strings.Contains instead Index
Signed-off-by: Elena Morozova <lelenanam@gmail.com>
2016-10-13 15:55:41 -07:00
Elena Morozova
64238fef8c all: replace loop with single append
Signed-off-by: Elena Morozova <lelenanam@gmail.com>
2016-10-13 13:31:52 -07:00
John Howard
e85867cb68 Windows: Support credential specs
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-10-06 09:32:22 -07:00
Antonio Murdaca
6a12685bb7
configure docker-init binary path
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-09-27 14:49:17 +02:00
Michael Crosby
ee3ac3aa66 Add init process for zombie fighting
This adds a small C binary for fighting zombies.  It is mounted under
`/dev/init` and is prepended to the args specified by the user.  You
enable it via a daemon flag, `dockerd --init`, as it is disable by
default for backwards compat.

You can also override the daemon option or specify this on a per
container basis with `docker run --init=true|false`.

You can test this by running a process like this as the pid 1 in a
container and see the extra zombie that appears in the container as it
is running.

```c

int main(int argc, char ** argv) {
	pid_t pid = fork();
	if (pid == 0) {
		pid = fork();
		if (pid == 0) {
			exit(0);
		}
		sleep(3);
		exit(0);
	}
	printf("got pid %d and exited\n", pid);
	sleep(20);
}
```

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-09-19 17:33:50 -07:00
Daniel Nephin
c452e1bfe6 Move errors/ to api/errors
Using:
        gomvpkg -from github.com/docker/docker/errors
                -to github.com/docker/docker/api/errors
                -vcs_mv_cmd "git mv {{.Src}} {{.Dst}}"

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2016-09-16 12:27:13 -04:00
Brian Goff
fc7b904dce Add new HostConfig field, Mounts.
`Mounts` allows users to specify in a much safer way the volumes they
want to use in the container.
This replaces `Binds` and `Volumes`, which both still exist, but
`Mounts` and `Binds`/`Volumes` are exclussive.
The CLI will continue to use `Binds` and `Volumes` due to concerns with
parsing the volume specs on the client side and cross-platform support
(for now).

The new API follows exactly the services mount API.

Example usage of `Mounts`:

```
$ curl -XPOST localhost:2375/containers/create -d '{
  "Image": "alpine:latest",
  "HostConfig": {
    "Mounts": [{
      "Type": "Volume",
      "Target": "/foo"
      },{
      "Type": "bind",
      "Source": "/var/run/docker.sock",
      "Target": "/var/run/docker.sock",
      },{
      "Type": "volume",
      "Name": "important_data",
      "Target": "/var/data",
      "ReadOnly": true,
      "VolumeOptions": {
	"DriverConfig": {
	  Name: "awesomeStorage",
	  Options: {"size": "10m"},
	  Labels: {"some":"label"}
	}
      }]
    }
}'
```

There are currently 2 types of mounts:

  - **bind**: Paths on the host that get mounted into the
    container. Paths must exist prior to creating the container.
  - **volume**: Volumes that persist after the
    container is removed.

Not all fields are available in each type, and validation is done to
ensure these fields aren't mixed up between types.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-09-13 09:55:35 -04:00
sakeven
5426510bea validate build-arg
Signed-off-by: sakeven <jc5930@sina.cn>
2016-09-12 18:02:21 +08:00
Michael Crosby
91e197d614 Add engine-api types to docker
This moves the types for the `engine-api` repo to the existing types
package.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-09-07 11:05:58 -07:00
Daniel Nephin
fb83394714 Convert dockerd to use cobra and pflag
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2016-08-25 13:09:03 -04:00
Vincent Demeester
d13ad3ef76 Merge pull request #24073 from johnharris85/move-restart-policy-check-to-daemon
Move restart-policy validation from client to daemon.
2016-08-25 17:02:30 +02:00
allencloud
8ed657d09e remove fl prefix in containerOptions
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-08-11 11:20:00 +08:00
Zhang Wei
6dd8e10d6e Wait container's removal via Events API
If AutoRemove is set, wait until client get `destroy` events, or get
`detach` events that implies container is detached but not stopped.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2016-08-08 22:46:53 +08:00
Zhang Wei
3c2886d8a4 Move --rm to daemon side
`--rm` is a client side flag which caused lots of problems:
1. if client lost connection to daemon, including client crash or be
killed, there's no way to clean garbage container.
2. if docker stop a `--rm` container, this container won't be
autoremoved.
3. if docker daemon restart, container is also left over.
4. bug: `docker run --rm busybox fakecmd` will exit without cleanup.

In a word, client side `--rm` flag isn't sufficient for garbage
collection. Move the `--rm` flag to daemon will be more reasonable.

What this commit do is:
1. implement a `--rm` on daemon side, adding one flag `AutoRemove` into
HostConfig.
2. Allow `run --rm -d`, no conflicting `--rm` and `-d` any more,
auto-remove can work on detach mode.
3. `docker restart` a `--rm` container will succeed, the container won't
be autoremoved.

This commit will help a lot for daemon to do garbage collection for
temporary containers.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2016-08-08 22:46:53 +08:00
johnharris85
94e95e4711 Move restart-policy validation from client to daemon.
Signed-off-by: John Harris <john@johnharris.io>
2016-08-06 20:09:47 -07:00
Yong Tang
c8d3ee8093 Allow unset --entrypoint in docker run or docker create
This fix tries to address the issue raised in #23498 to allow unset
`--entrypoint` in `docker run` or `docker create`.

This fix checks the flag `--entrypoint` and, in case `--entrypoint=` (`""`)
is passed, unset the Entrypoint during the container run.

Additional integration tests have been created to cover changes in this fix.

This fix fixes #23498.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-08-05 16:35:20 -07:00
lixiaobing10051267
51ee3dfade It should be volume not binds for first arg in callDecodeContainerConfig()
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
2016-08-02 22:29:34 +08:00
Arnaud Porterie
de64324109 Merge pull request #24705 from thaJeztah/update-flag-descriptions
Improve flag help consistency, and update docs
2016-07-18 16:07:23 +00:00
allencloud
d0081a0f47 better command docker network create -h output
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-07-16 15:32:17 +08:00
Sebastiaan van Stijn
64a8317a5a Improve flag help consistency, and update docs
This adds the `--live-restore` option to the documentation.

Also synched usage description in the documentation
with the actual description, and re-phrased some
flag descriptions to be a bit more consistent.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-07-16 01:58:01 +02:00
Arnaud Porterie (icecrime)
c0c7d5e715
Rename --net to --network
Add a `--network` flag which replaces `--net` without deprecating it
yet. The `--net` flag remains hidden and supported.

Add a `--network-alias` flag which replaces `--net-alias` without deprecating
it yet. The `--net-alias` flag remains hidden and supported.

Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
2016-07-12 13:01:35 -07:00
Arnaud Porterie (icecrime)
5b21c8a408
Organize run flags into categories
Flatten the list of `docker run` flags and group them loosely by
category (general purpose, security, networking, ...).

Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
2016-07-12 11:35:41 -07:00
Kenfe-Mickael Laventure
69af7d0d13 Use "docker-runc" as alias for the default runtime
This also moves the variable holding the default runtime name from the
engine-api repository into docker repository

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-06-22 11:59:26 -07:00
Michael Crosby
c97fdbe3c5 Merge pull request #23415 from aboch/ll
Allow user to specify container's link-local addresses
2016-06-14 15:47:54 -07:00
Alessandro Boch
1c4efb6aa0 Allow user to specify container's link-local addresses
Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-06-14 14:28:33 -07:00
Kenfe-Mickael Laventure
7b2e5216b8 Add support for multiples runtimes
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-06-14 07:47:31 -07:00
Tonis Tiigi
534a90a993 Add Swarm management backend
As described in our ROADMAP.md, introduce new Swarm management API
endpoints relying on swarmkit to deploy services. It currently vendors
docker/engine-api changes.

This PR is fully backward compatible (joining a Swarm is an optional
feature of the Engine, and existing commands are not impacted).

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Signed-off-by: Madhu Venugopal <madhu@docker.com>
2016-06-13 22:16:18 -07:00
Darren Stahl
ea3a7899f5 Removed QoS validation on Windows
Signed-off-by: Darren Stahl <darst@microsoft.com>
2016-06-10 16:30:54 -07:00
Daniel Nephin
5ab2434225 Convert 'docker create' to use cobra and pflag
Return the correct status code on flag parsins errors.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2016-06-04 13:57:30 +02:00
Daniel Nephin
a77f2450c7 Convert 'docker run' to a cobra command and to use pflags
Move container options into a struct so that tests should pass.
Remove unused FlagSet arg from Parse
Disable interspersed args on docker run

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2016-06-04 13:55:35 +02:00
Sven Dowideit
98c245c9e6 Merge pull request #23193 from allencloud/fix-typos
use grep to find all a/an typos
2016-06-02 18:45:08 -07:00
Thomas Leonard
b6c7becbfe
Add support for user-defined healthchecks
This PR adds support for user-defined health-check probes for Docker
containers. It adds a `HEALTHCHECK` instruction to the Dockerfile syntax plus
some corresponding "docker run" options. It can be used with a restart policy
to automatically restart a container if the check fails.

The `HEALTHCHECK` instruction has two forms:

* `HEALTHCHECK [OPTIONS] CMD command` (check container health by running a command inside the container)
* `HEALTHCHECK NONE` (disable any healthcheck inherited from the base image)

The `HEALTHCHECK` instruction tells Docker how to test a container to check that
it is still working. This can detect cases such as a web server that is stuck in
an infinite loop and unable to handle new connections, even though the server
process is still running.

When a container has a healthcheck specified, it has a _health status_ in
addition to its normal status. This status is initially `starting`. Whenever a
health check passes, it becomes `healthy` (whatever state it was previously in).
After a certain number of consecutive failures, it becomes `unhealthy`.

The options that can appear before `CMD` are:

* `--interval=DURATION` (default: `30s`)
* `--timeout=DURATION` (default: `30s`)
* `--retries=N` (default: `1`)

The health check will first run **interval** seconds after the container is
started, and then again **interval** seconds after each previous check completes.

If a single run of the check takes longer than **timeout** seconds then the check
is considered to have failed.

It takes **retries** consecutive failures of the health check for the container
to be considered `unhealthy`.

There can only be one `HEALTHCHECK` instruction in a Dockerfile. If you list
more than one then only the last `HEALTHCHECK` will take effect.

The command after the `CMD` keyword can be either a shell command (e.g. `HEALTHCHECK
CMD /bin/check-running`) or an _exec_ array (as with other Dockerfile commands;
see e.g. `ENTRYPOINT` for details).

The command's exit status indicates the health status of the container.
The possible values are:

- 0: success - the container is healthy and ready for use
- 1: unhealthy - the container is not working correctly
- 2: starting - the container is not ready for use yet, but is working correctly

If the probe returns 2 ("starting") when the container has already moved out of the
"starting" state then it is treated as "unhealthy" instead.

For example, to check every five minutes or so that a web-server is able to
serve the site's main page within three seconds:

    HEALTHCHECK --interval=5m --timeout=3s \
      CMD curl -f http://localhost/ || exit 1

To help debug failing probes, any output text (UTF-8 encoded) that the command writes
on stdout or stderr will be stored in the health status and can be queried with
`docker inspect`. Such output should be kept short (only the first 4096 bytes
are stored currently).

When the health status of a container changes, a `health_status` event is
generated with the new status. The health status is also displayed in the
`docker ps` output.

Signed-off-by: Thomas Leonard <thomas.leonard@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-06-02 23:58:34 +02:00
allencloud
c1be45fa38 fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-06-02 17:17:22 +08:00
Yong Tang
fea7acf0e9 Un-deprecated command line short variant options of -c.
Since 1.9, the following short variant options have been
deprecated in favor of their long variants:
`docker run -c (--cpu-shares)`
`docker build -c (--cpu-shares)`
`docker create -c (--cpu-shares)`
`docker update -c (--cpu-shares)`

However, `-c` is still widely used and is considered as
a convenient option for swarm (see #16271).

This fix undeprecated the command line short
variant options of `-c` and updated the deprecated.md.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-05-26 08:22:27 -07:00
Yong Tang
90bd41a74d The option --add-host and --net=host should not be mutually exclusive.
This fix tries to address the issue raised in #21976 and allows
the options of `--add-host` and `--net=host` to work at the same time.

The documentation has been updated and additional tests have been
added to cover this change.

This fix fixes #21976.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-05-24 18:49:11 -07:00
Yong Tang
23821fe586 The option --dns, --dns-search, --dns-opt and --net=host should not be mutually exclusive.
This fix tries to address the issue raised in #21976 and allows
the options of `--dns`, `--dns-search`, `--dns-opt` and `--net=host`
to work at the same time.

The documentation has been updated and additional tests have been
added to cover this change.

This fix fixes #21976.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-05-24 16:03:26 -07:00
Amit Krishnan
86d8758e2b Get the Docker Engine to build clean on Solaris
Signed-off-by: Amit Krishnan <krish.amit@gmail.com>
2016-05-23 16:37:12 -07:00
Yong Tang
d365c0e151 Fix failed test for TestRestartPolicy
This commit is a follow up of the last commit:
Vendor engine-api to allow docker daemon reload event.

After vendor/engine-api has been updated, the following
unit test fails:
```
--- FAIL: TestRestartPolicy (0.00s)
       hostconfig_test.go:177: RestartPolicy.IsNone for { 0} should have been false but was true
```

The reason for the above failed unit test is that pull request:

https://github.com/docker/engine-api/pull/200

updated behavior of the restart policy and makes restartpolicy.IsNone
return true if restart policy name is `""`. As a result, the above
mentioned unit test fails.

This fix fixes the inconsistency of the unit test so that `TestRestartPolicy`
could pass again.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-05-13 20:39:35 -07:00
Vincent Demeester
78eb8a5fb9 Merge pull request #21641 from yongtang/21595-discrepancy-on-hostname-validation
API/CLI discrepancy on hostname validation (#21595).
2016-04-28 09:25:13 +02:00
Darren Stahl
8df2066341 Add IO Resource Controls for Windows
Signed-off-by: Darren Stahl <darst@microsoft.com>
2016-04-25 13:07:29 -07:00
Vincent Demeester
172ca1ca8c Merge pull request #20924 from Microsoft/10662-CPUResourceControls
Add CPU count and maximum resource controls for Windows
2016-04-15 08:14:59 +02:00
Darren Stahl
ea8c690886 Add CPU count and maximum resource controls for Windows
Signed-off-by: Darren Stahl <darst@microsoft.com>
2016-04-14 15:40:25 -07:00
Dan Walsh
9caf7aeefd Add support for setting sysctls
This patch will allow users to specify namespace specific "kernel parameters"
for running inside of a container.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-04-12 13:37:31 -04:00
Yong Tang
ee4bd806ba API/CLI discrepancy on hostname validation (#21595).
This fix tries to fix the discrepancy between API and CLI on hostname
validation. Previously, the hostname validation was handled at the
CLI interface in runconfig/opts/parse.go and return an error if the
hostname is invalid. However, if an end user use the remote API to
pass the hostname, the error will not be returned immediately.
Instead the error will only be thrown out when the container creation
fails. This creates behavior discrepancy between API and CLI.

In this fix, the hostname validation was moved to
verifyContainerSettings so the behavior will be the same for API and
CLI.

After the change, since CLI does not handle the hostname validation
any more, the previous unit tests about hostname validation on CLI
in runconfig/opts/parse_test.go has to be updated as well because
there is no validation at this stage. All those unit tests are moved
to integration test TestRunTooLongHostname so that the hostname
validation is still properly covered as before.

Note: Since the hostname validation moved to API, the error message
changes from `invalid hostname format for --hostname:` to
`invalid hostname format:` as well because `--hostname` is passed
to CLI only.

This fix fixes #21595.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-04-08 06:13:08 +00:00
Aaron Lehmann
81b01b44c6 Merge pull request #21767 from allencloud/fix-typos
fix typos
2016-04-05 20:32:14 -07:00
allencloud
34700cc1f3 fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-04-06 10:35:01 +08:00
Brian Goff
9a25b1d942 Improve performance/reduce allocs of bytespipe
Creates a `fixedBuffer` type that is used to encapsulate functionality
for reading/writing from the underlying byte slices.

Uses lazily-loaded set of sync.Pools for storing buffers that are no
longer needed so they can be re-used.

```
benchmark                     old ns/op     new ns/op     delta
BenchmarkBytesPipeWrite-8     138469        48985         -64.62%
BenchmarkBytesPipeRead-8      130922        56601         -56.77%

benchmark                     old allocs     new allocs     delta
BenchmarkBytesPipeWrite-8     18             8              -55.56%
BenchmarkBytesPipeRead-8      0              0              +0.00%

benchmark                     old bytes     new bytes     delta
BenchmarkBytesPipeWrite-8     66903         1649          -97.54%
BenchmarkBytesPipeRead-8      0             1             +Inf%
```

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-04-05 13:06:04 -04:00
Arnaud Porterie
1da40fb4ba Merge pull request #21586 from calavera/remove_runconfig_from_routes
Remove runconfig package dependency from the API.
2016-03-29 08:40:49 -07:00
David Calavera
f0d26e1665 Remove runconfig package dependency from image and container routers.
Use an interface to specify the behavior of a configuration decoder.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-03-28 16:23:51 -04:00
Shishir Mahajan
b16decfccf CLI flag for docker create(run) to change block device size.
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
2016-03-28 10:05:18 -04:00
Yong Tang
fa44b4e81e More descriptive error when running a container with a too long hostname (#21445)
This fix tries to fix issues encountered when running a container with a hostname
that is longer than HOST_NAME_MAX(64).

Previously, `could not synchronise with container process` was generated as the
length of the regex check was missing.

This fix covers the length check so that a hostname that is longer than
HOST_NAME_MAX(64) will be given a correct error message.

Several unit tests cases and additional integration test cases are added as well.

This fix closes #21445.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-03-24 17:42:28 +00:00
Alexander Morozov
93f5770511 runconfig/opts: fix compilation issue
it was introduced with #20566 as a result of merge

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-03-21 15:01:08 -07:00
Arnaud Porterie
f9f8708dc6 Merge pull request #20566 from AndrewGuenther/20371-validate-hostname
Ensure --hostname is valid
2016-03-21 14:49:16 -07:00
Yong Tang
800a7d513d Fix one-character directory issue in the volume option (#20122).
The issue comes from the implementation of volumeSplitN() where a
driver letter (`[a-zA-Z]:`) was assumed to follow either `:`, `/`,
or `\\`.

In Windows driver letter appears in two situations:
a. `^[a-zA-Z]:` (A colon followed  by `^[a-zA-Z]:` is OK as colon is
the separator in volume option)
b. A string in the format like `\\?\C:\Windows\...` (UNC).
Therefore, a driver letter can only follow either a `:` or `\\`

This PR removes the condition of `/` before the driver letter so
that options like `-v /tmp/q:/foo` could be handled correctly. A
couple of tests has also been added.

This PR fixes #20122.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-03-21 02:55:06 +00:00
Jess Frazelle
e5a3f86e44 Merge pull request #20662 from tonistiigi/containerd-integration
Containerd integration
2016-03-18 17:21:18 -07:00
Jess Frazelle
06e98f0a5c Merge pull request #21232 from calavera/consolidate_security_opts_format
Consolidate security options to use `=` as separator.
2016-03-18 16:02:38 -07:00
Tonis Tiigi
9c4570a958 Replace execdrivers with containerd implementation
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-03-18 13:38:32 -07:00
David Calavera
cb9aeb0413 Consolidate security options to use = as separator.
All other options we have use `=` as separator, labels,
log configurations, graph configurations and so on.
We should be consistent and use `=` for the security
options too.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-03-17 13:34:42 -04:00
Andrew Guenther
3b6ffc8022 Ensure --hostname is valid
Validates whether the given hostname is RFC 1123
(https://tools.ietf.org/html/rfc1123) compliant.

Fixes #20371

Signed-off-by: Andrew Guenther <guenther.andrew.j@gmail.com>
2016-03-17 00:23:23 -07:00
Tim Hockin
53c5de2921 Don't smoosh hostname and domainname in API
This allows users to provide a FQDN as hostname or to use distinct hostname and
domainname parts.  Depends on https://github.com/docker/libnetwork/pull/950

Signed-off-by: Tim Hockin <thockin@google.com>
2016-03-15 08:32:35 -07:00
Phil Estes
21e531014d Merge pull request #20177 from jheiss/12076-net_hostname
Allow --hostname with --net=host
2016-03-15 08:17:25 -07:00
Liron Levin
6993e891d1 Run privileged containers when userns are specified
Following #19995 and #17409 this PR enables skipping userns re-mapping
when creating a container (or when executing a command). Thus, enabling
privileged containers running side by side with userns remapped
containers.

The feature is enabled by specifying ```--userns:host```, which will not
remapped the user if userns are applied. If this flag is not specified,
the existing behavior (which blocks specific privileged operation)
remains.

Signed-off-by: Liron Levin <liron@twistlock.com>
2016-03-14 17:09:25 +02:00
Arnaud Porterie
2b8e7ad460 Merge pull request #20478 from msabansal/HNSIntegration
Windows libnetwork integration
2016-03-10 13:33:04 -08:00
msabansal
e8026d8a98 Windows libnetwork integration
Signed-off-by: msabansal <sabansal@microsoft.com>
2016-03-09 20:33:21 -08:00
allencloud
34b82a69b9 fix some typos.
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-03-10 10:09:27 +08:00
Jason Heiss
3f445e63b4 Allow --hostname with --net=host
Docker creates a UTS namespace by default, even with --net=host, so it
is reasonable to let the user set the hostname. Note that --hostname is
forbidden if the user specifies --uts=host.

Closes #12076
Signed-off-by: Jason Heiss <jheiss@aput.net>
2016-03-09 20:40:12 -05:00
David Calavera
dd32445ecc Merge pull request #18697 from jfrazelle/pids-cgroup
Add PIDs cgroup support to Docker
2016-03-08 14:03:36 -08:00
Jessica Frazelle
69cf03700f
pids limit support
update bash commpletion for pids limit

update check config for kernel

add docs for pids limit

add pids stats

add stats to docker client

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-03-08 07:55:01 -08:00
Mrunal Patel
74bb1ce9e9 Add support for NoNewPrivileges in docker
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Add tests for no-new-privileges

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Update documentation for no-new-privileges

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-03-07 09:47:02 -08:00
Qiang Huang
53b0d62683 Vendor engine-api to 70d266e96080e3c3d63c55a4d8659e00ac1f7e6c
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-02-29 19:28:37 +08:00
Antonio Murdaca
d266142230 runconfig: opts: parse: lowercase errors
also fix wrong function comment

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-02-18 11:21:44 +01:00
David Calavera
a252516ec1 Inherit StopSignal from Dockerfile.
Make sure the image configuration is not overriden by the default
value in the `create` flag.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-12 17:56:40 -05:00
John Howard
d4b0732499 Windows: Fix 'isolation'
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-02-10 13:19:19 -08:00
Antonio Murdaca
a7d1aeceec postImagesCreate: move auth config decode when it's needed
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-01-29 14:07:54 +01:00
Bryan Boreham
7126ecd0ad Stop referring to requested IP address as "preferred",
since it is an error if that address is unavailable.

Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
2016-01-26 15:13:26 +00:00
Alessandro Boch
3b0d36dbc1 Move ErrUnsupportedNetwork* checks to updateNetworkConfig() func
Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-01-21 10:56:01 -08:00
Zhang Wei
31dae442c8 bugfix: prevent creating network 'default'
Default is predefined network and is reserved, so we should stop user
from creating network with name `default`

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2016-01-19 11:06:36 +08:00