Before 4bafaa00aa, if the daemon was
killed while a container was running and the container shim is killed
before the daemon is restarted, such as if the host system is
hard-rebooted, the daemon would restore the container to the stopped
state and set the exit code to 255. The aforementioned commit introduced
a regression where the container's exit code would instead be set to 0.
Fix the regression so that the exit code is once against set to 255 on
restore.
Signed-off-by: Cory Snider <csnider@mirantis.com>
Use `exec.Command` created by this function instead of obtaining it from
daemon struct. This prevents a race condition where `daemon.Kill` is
called before the goroutine has the chance to call `cmd.Wait`.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Contrary to popular belief, the OCI Runtime specification does not
specify the command-line API for runtimes. Looking at containerd's
architecture from the lens of the OCI Runtime spec, the _shim_ is the
OCI Runtime and runC is "just" an implementation detail of the
io.containerd.runc.v2 runtime. When one configures a non-default runtime
in Docker, what they're really doing is instructing Docker to create
containers using the io.containerd.runc.v2 runtime with a configuration
option telling the runtime that the runC binary is at some non-default
path. Consequently, only OCI runtimes which are compatible with the
io.containerd.runc.v2 shim, such as crun, can be used in this manner.
Other OCI runtimes, including kata-containers v2, come with their own
containerd shim and are not compatible with io.containerd.runc.v2.
As Docker has not historically provided a way to select a non-default
runtime which requires its own shim, runtimes such as kata-containers v2
could not be used with Docker.
Allow other containerd shims to be used with Docker; no daemon
configuration required. If the daemon is instructed to create a
container with a runtime name which does not match any of the configured
or stock runtimes, it passes the name along to containerd verbatim. A
user can start a container with the kata-containers runtime, for
example, simply by calling
docker run --runtime io.containerd.kata.v2
Runtime names which containerd would interpret as a path to an arbitrary
binary are disallowed. While handy for development and testing it is not
strictly necessary and would allow anyone with Engine API access to
trivially execute any binary on the host as root, so we have decided it
would be safest for our users if it was not allowed.
It is not yet possible to set an alternative containerd shim as the
default runtime; it can only be configured per-container.
Signed-off-by: Cory Snider <csnider@mirantis.com>
The storage-driver directory caused Jenkins cleanup to fail. While at it, also
removing other directories that we do not include in the "bundles" that are
stored as Jenkins artifacts.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The io/ioutil package has been deprecated in Go 1.16. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
It was only used for two consts, which are unlikely to change, but the
"opts" package currently also imports libnetwork/ipamutils, which has
an `init()` function that does some heavy lifting, and not needed for
this utility's purpose.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Fixes#36911
If config file is invalid we'll exit anyhow, so this just prevents
the daemon from starting if the configuration is fine.
Mainly useful for making config changes and restarting the daemon
iff the config is valid.
Signed-off-by: Rich Horwood <rjhorwood@apple.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Anca Iordache <anca.iordache@docker.com>
Adds a test case for the case where dockerd gets stuck on startup due to
hanging `daemon.shutdownContainer`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Close#40484
Note that the support for cgroup v2 isn't ready for production yet,
regardless to rootful or rootless.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Switch to moby/sys/mount and mountinfo. Keep the pkg/mount for potential
outside users.
This commit was generated by the following bash script:
```
set -e -u -o pipefail
for file in $(git grep -l 'docker/docker/pkg/mount"' | grep -v ^pkg/mount); do
sed -i -e 's#/docker/docker/pkg/mount"#/moby/sys/mount"#' \
-e 's#mount\.\(GetMounts\|Mounted\|Info\|[A-Za-z]*Filter\)#mountinfo.\1#g' \
$file
goimports -w $file
done
```
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Instead of logging on the "happy path", add more details when
we fail to create a daemon. Now that we base the path of the
daemon on the test-name, it should still be easy to find.
Before:
make TEST_FILTER=TestSwarmNetworkCreateIssue27866 test-integration
...
=== RUN TestDockerSwarmSuite
=== RUN TestDockerSwarmSuite/TestSwarmNetworkCreateIssue27866
--- PASS: TestDockerSwarmSuite (7.47s)
--- PASS: TestDockerSwarmSuite/TestSwarmNetworkCreateIssue27866 (7.47s)
docker_cli_swarm_test.go:1499: Creating a new daemon at: "/go/src/github.com/docker/docker/bundles/test-integration/TestDockerSwarmSuite/TestSwarmNetworkCreateIssue27866"
After:
make TEST_FILTER=TestSwarmNetworkCreateIssue27866 test-integration
...
=== RUN TestDockerSwarmSuite
=== RUN TestDockerSwarmSuite/TestSwarmNetworkCreateIssue27866
--- PASS: TestDockerSwarmSuite (8.67s)
--- PASS: TestDockerSwarmSuite/TestSwarmNetworkCreateIssue27866 (8.67s)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
`daemon.StartWithLogFile()` already creates a goroutine that
calls `d.cmd.Waits()` and sends its return to the channel, `d.Wait`.
This code called `d.cmd.Wait()` one more time, and returns the
error, which may produce an error _because_ it's called a second
time, and potentially cause an incorrect test-result.
(thanks to Kir Kolyshkin for spotting this)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
If the daemon was stopped successfully in one of the retry-loops,
the function would return early;
```go
for {
select {
case err := <-d.Wait:
---> the function returns here, both on "success" and on "fail"
return err
case <-time.After(20 * time.Second):
...
```
In that case, the pidfile would not be cleaned up. This patch changes
the function to clean-up the pidfile in a defer, so that it will
always be removed after succesfully stopping the daemon.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch stores the location of the pidfile, so that we can use the
same path that was set to create it. If no pidfile was created, we'll
not try to remove it.
We're now also ignoring errors when removing the pidfile, as they should
not fail the test (especialy if no pidfile was created in the first place,
as that could potentially hide the actual failure).
This may help with "failures" such as the one below:
```
FAIL: check_test.go:347: DockerSwarmSuite.TearDownTest
check_test.go:352:
d.Stop(c)
/go/src/github.com/docker/docker/internal/test/daemon/daemon.go:414:
t.Fatalf("Error while stopping the daemon %s : %v", d.id, err)
... Error: Error while stopping the daemon d1512c423813a : remove /go/src/github.com/docker/docker/bundles/test-integration/DockerSwarmSuite.TestServiceLogs/d1512c423813a/docker.pid: no such file or directory
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
test-daemons remove their docker.pid when stopped, so the `.integration-daemon-stop`
script did not find the mounts for those daemons, and therefore was not unmounting
them.
As a result, cleaning up the bundles directory on consecutive runs of the tests would fail;
rm: cannot remove 'bundles/test-integration/TestDockerSwarmSuite/TestSwarmInit/d1f188f3f5472/root': Device or resource busy
This patch unmounts the root directory of the daemon as part of the cleanup step.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>