beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
2197 commits 14 branches 412 tags 338 MiB
Commit graph

1748 commits

Author SHA1 Message Date
Santhosh Manohar
1f32a0a772 Merge pull request #1686 from aboch/sta 
Remove enpoint state from cluster on join failure
 2017-03-16 10:51:22 -07:00
yupengzte
495f534317 Fix typo 
Signed-off-by: yupengzte <yu.peng36@zte.com.cn>
 2017-03-16 16:39:57 +08:00
Alessandro Boch
9c3c86a931 Do not invalidate table event messages 
- Do not run the risk of suppressing meaningful messages
  for the rest of the cluster, as a many services depend
  on it, like the service records and the distributed
  load balancers.

Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-03-16 00:49:58 -07:00
Alessandro Boch
4b306ee83d Fix panic in networkdb test code 
fatal error: concurrent map read and map write

goroutine 264 [running]:
runtime.throw(0x90043c, 0x21)
	/usr/local/go/src/runtime/panic.go:566 +0x95 fp=0xc4203d1d68 sp=0xc4203d1d48
runtime.mapaccess2_faststr(0x86df20, 0xc4203f5470, 0xc42044afc0, 0x5, 0xc4203d1e40, 0x4ed6b8)
	/usr/local/go/src/runtime/hashmap_fast.go:306 +0x52b fp=0xc4203d1dc8 sp=0xc4203d1d68
github.com/docker/libnetwork/networkdb.(*NetworkDB).verifyNodeExistence(0xc42007e160, 0xc42008a240, 0xc42044afc0, 0x5, 0x1)
	/go/src/github.com/docker/libnetwork/networkdb/networkdb_test.go:58 +0x6c fp=0xc4203d1e50 sp=0xc4203d1dc8

Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-03-15 23:26:32 -07:00
Alessandro Boch
dce60f5afb Remove enpoint state from cluster on join failure 
Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-03-15 16:44:47 -07:00
Santhosh Manohar
4bca322c68 Merge pull request #1678 from aboch/cingr 
Expose ingress network option
 2017-03-13 13:57:16 -07:00
Madhu Venugopal
00f1f12906 Merge pull request #1667 from wnagele/master 
Support for com.docker.network.bridge.container_interface_prefix label
 2017-03-13 07:46:56 -07:00
Hui Kang
b9d820faf4 Fix misspelling fmt verb in dnet 
Signed-off-by: Hui Kang <kangh@us.ibm.com>
 2017-03-12 20:47:46 -04:00
Madhu Venugopal
c85473ad37 Merge pull request #1354 from aboch/pol 
Few changes in encryption overlay
 2017-03-11 18:21:55 -08:00
Alessandro Boch
9272c89bb7 Clear encryption states when joining cluster 
- Use the request id for labelling our SAs

Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-03-11 15:52:39 -08:00
Santhosh Manohar
bfab379411 swarm mode network inspect should provide cluser-wide task details 
Signed-off-by: Santhosh Manohar <santhosh@docker.com>
 2017-03-10 19:12:00 -08:00
Alessandro Boch
54d6daf95e Expose ingress network option 
Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-03-08 17:03:04 -08:00
Max Timchenko
fc2414f988 Ensure iptables initialization only happens once 
I saw a rare race during the first few calls to iptables module
where some of them would reenter initCheck() after the first call
to it already changed iptablesPath, but before the rest of the function
completed (in particular the long execs into testing for availability
of --wait flag and determining iptables version), resulting in
failure of one or more of iptables calls that did not use --wait and
were concurrent.

To fix the problem, this change gathers all one-time initialization into a
single function under a sync.Once instead of using a global variable
as a "done initializing" flag before initialization is done. sync.Once
guarantees all concurrent calls will block until the first one completes.

In addition, it turns out that GetVersion(), called from initCheck(), used
Raw() which called back into initCheck() via raw(), which did not cause a
problem in the earlier implementation but deadlocked when initialization became
strict.  This was changed to use a direct call, similar to initialization of
supportsXlock.

Signed-off-by: Max Timchenko <max@maxvt.com>
 2017-03-08 20:37:13 +02:00
Sebastiaan van Stijn
442640a8b8 Update maintainers file 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2017-03-06 19:30:37 +01:00
Santhosh Manohar
b2430cc299 Merge pull request #961 from JrCs/fix-iptables-order 
Fix bad order of iptables filter rules
 2017-03-05 20:28:22 -08:00
Santhosh Manohar
d537953104 Merge pull request #1651 from aboch/epa 
Add anonymous container alias to service record on attachable network
 2017-03-02 12:43:41 -08:00
Alessandro Boch
d718efd92f Add anonymous container alias to service record on attachable network 
- Currently when a non-named container with network aliases
  is connected to a swarm attachable network, its aliases are
  not added to the service records.
  This is not in line with what we do when connecting to
  a local scope network, or to a kv-store based overlay network.

Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-03-02 12:28:39 -08:00
timchenxiaoyu
c679b071f0 fix endpoint error 
Signed-off-by: timchenxiaoyu <837829664@qq.com>
 2017-03-02 18:21:08 +08:00
Santhosh Manohar
200410dd18 Lock linux namespace structure when adding neighbors 
Signed-off-by: Santhosh Manohar <santhosh@docker.com>
 2017-03-02 00:04:09 -08:00
Wolfgang Nagele
d07e1a02a4 Support for com.docker.network.bridge.container_interface_prefix label 
Signed-off-by: Wolfgang Nagele <mail@wnagele.com>
 2017-03-01 03:09:45 +01:00
Santhosh Manohar
1a8c8e9a61 Merge pull request #1665 from aboch/ars 
Add logs around service records modifications
 2017-02-24 11:03:04 -08:00
Alessandro Boch
eb8c603046 Add logs around service records modifications 
Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-02-24 10:20:30 -08:00
Santhosh Manohar
8288090b19 Merge pull request #1658 from aboch/iptlck 
Serialize non-atomic jump rule programming in bridge
 2017-02-22 11:04:37 -08:00
Alessandro Boch
138c4b2a77 Serialize non-atomic jump rule programming in bridge 
Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-02-22 08:35:26 -08:00
Alessandro Boch
91f5b1669e Once a network is encrypted, do not accept clear packets from it 
Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-02-18 12:15:54 -08:00
Madhu Venugopal
1b8c4b421b Merge pull request #1636 from msabansal/overlayfix 
Cleaning up windows overlay network driver code and making it rely on HNS network information
 2017-02-14 11:03:07 -08:00
Quan Tian
2243480e99 Fix typo in remote.md 
Signed-off-by: Quan Tian <tianquan@cloudin.cn>
 2017-02-14 15:18:22 +08:00
Alessandro Boch
9385063b84 Merge pull request #1637 from fate-grand-order/branch-1 
handle err and fix t.Skip() in ipvs/ipvs_test.go
 2017-02-13 13:56:12 -08:00
Quan Tian
8059597722 Fix typo in IPAM doc 
Signed-off-by: Quan Tian <tianquan@cloudin.cn>
 2017-02-13 18:35:32 +08:00
Madhu Venugopal
962d13481c Merge pull request #1644 from sanimej/self 
Update the local VTEP in peerdb on receiving self discovery
 2017-02-10 22:27:10 -08:00
Alessandro Boch
4a04857a68 Fix bug in datapath key rotation in 1-1 NAT case 
- It was not using the advertise IP to construct the SPI

Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-02-10 18:33:06 -08:00
Santhosh Manohar
4208a2f75a Update the local VTEP in peerdb on receiving self discovery 
Signed-off-by: Santhosh Manohar <santhosh@docker.com>
 2017-02-10 14:24:24 -08:00
msabansal
66895dfdfc Clearing up windows overlay driver to just work in swarm mode 
Signed-off-by: msabansal <sabansal@microsoft.com>
 2017-02-08 11:49:44 -08:00
Alessandro Boch
1ee6e5b30b Merge pull request #1639 from sanimej/serf 
Ignore previous serf user events to avoid wrong fdb programming
 2017-02-07 12:30:34 -08:00
Madhu Venugopal
82a40d732f Merge pull request #1638 from aboch/ovlk 
Do not hold the peer map lock during the peerDBNetworkWalk
 2017-02-07 12:22:19 -08:00
Santhosh Manohar
e94edd6d6b Ignore previous serf user events to avoid wrong fdb programming 
Signed-off-by: Santhosh Manohar <santhosh@docker.com>
 2017-02-07 12:14:23 -08:00
Santhosh Manohar
f4eec45e45 Merge pull request #1634 from aboch/err 
Report failure in subscribing to neighbor notifications
 2017-02-07 10:58:35 -08:00
Alessandro Boch
dd10eb794c Do not hold the peer map lock during the peerDBNetworkWalk 
Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-02-07 10:08:05 -08:00
fate-grand-order
242af665c1 handle err and fix t.Skip() in ipvs/ipvs_test.go 
Signed-off-by: fate-grand-order <chenjg@harmonycloud.cn>
 2017-02-07 14:31:11 +08:00
Alessandro Boch
adb8720634 Report failure in subscribing to neighbor notifications 
- currently it is silenced

Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-02-05 20:19:02 -08:00
Alessandro Boch
bee7d9219f Properly construct CIDR in policy selector 
- Current code programs src/dst cidr like 192.168.100.126/128

Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-02-03 23:14:58 -08:00
Alessandro Boch
6a2d86f0a9 Do not leak ipvs netlink socket 
Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-02-03 09:11:48 -08:00
Alessandro Boch
2a1d54d42d Merge pull request #1632 from mavenugo/ml 
replace individual endpoint_cnt read from store with 1 bulk read
 2017-02-02 15:05:50 -08:00
Madhu Venugopal
2a9be357f9 Trust the endpoint state if we have a valid sandbox-id 
Signed-off-by: Madhu Venugopal <madhu@docker.com>
 2017-02-02 14:46:59 -08:00
Madhu Venugopal
71fff44c0b replace individual endpoint_cnt read from store with 1 bulk read 
getNetworksFromStore reads networks and endpoint_cnt from the kvstores.
endpoint_cnt especially is read in a for-loop for each network and that
causes a lot of stress in poorly performing KV-Stores.
This fix eases the load on the kvstore by fetching all the endpoint_cnt
in a single read and the operation is performed on it.

Signed-off-by: Madhu Venugopal <madhu@docker.com>
 2017-02-02 14:45:38 -08:00
Madhu Venugopal
cda20bedba Merge pull request #1628 from aboch/red 
Make virtual service programming more robust
 2017-02-02 12:00:54 -08:00
Santhosh Manohar
9e630d61d5 Merge pull request #1631 from mavenugo/nstrict 
Reverting the strict network name check
 2017-02-01 22:31:20 -08:00
Santhosh Manohar
4e4787fa31 Merge pull request #1626 from mavenugo/nd 
Generating node discovery events to the drivers from networkdb
 2017-02-01 21:40:14 -08:00
Madhu Venugopal
8e2ca0471c Revert "validate network and endpoint name more strictly" 
This reverts commit 761722395d.

Signed-off-by: Madhu Venugopal <madhu@docker.com>
 2017-02-01 18:18:17 -08:00
Madhu Venugopal
4d1334c9ee Revert "Allow spaces in network names" 
This reverts commit 85b22fabbe.

Signed-off-by: Madhu Venugopal <madhu@docker.com>
 2017-02-01 18:18:11 -08:00
Madhu Venugopal
bb560a1f44 Generating node discovery events to the drivers from networkdb 
With the introduction of networkdb, the node discovery events were not
sent to the drivers. This commit generates the node discovery events and
sents it to the drivers interested in it.

Signed-off-by: Madhu Venugopal <madhu@docker.com>
 2017-02-01 17:54:51 -08:00
Alessandro Boch
a02b4ef4a4 Fix service logs 
- do not error on duplicate service removal
- give some context to service logs,
  this would help debugging related issues

Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-02-01 17:32:08 -08:00
Alessandro Boch
4e69afc4f3 Make virtual service programming more robust 
- Do not relay on software flags to decide when to create the
   virtual service. Instead query the kernel for presence.
   So that it cannot happen that a real server creation
   fails because the virtual server is missing.

Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-02-01 15:54:31 -08:00
Madhu Venugopal
f318ddacdb Merge pull request #1627 from aboch/red 
Gracefully handle redundant ipvs service create failures
 2017-01-31 20:35:00 -08:00
Alessandro Boch
4c2d7a2141 Merge pull request #1624 from aboch/cl 
Remove stale files
 2017-01-31 17:05:11 -08:00
Alessandro Boch
d565d5f2d2 Gracefully handle redundant ipvs service create failures 
Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-01-31 16:34:53 -08:00
Madhu Venugopal
58744967be Merge pull request #1623 from aboch/ns 
Fix GetNameServerAsCIDR
 2017-01-26 04:17:34 -08:00
Alessandro Boch
53c84ac767 Fix GetNameServerAsCIDR 
- the function is broken as it does not strip the
  zone id from an IPv6 nameserver address, and it
  returns the IPv6 address with /32

Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-01-26 01:34:07 -08:00
Alessandro Boch
5713ca4694 Remove stale files 
Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-01-25 23:10:14 -08:00
Santhosh Manohar
1795dc1bbe Merge pull request #1621 from aboch/errlog 
Fix incorrect error log message
 2017-01-25 10:08:15 -08:00
Alessandro Boch
66197b7787 Fix incorrect error log message 
- Failed to _add_ firewall mark... should be _delete_

Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-01-23 16:29:03 -08:00
Madhu Venugopal
dc9966db82 Merge pull request #1620 from sanimej/extdns 
Fix the data model inconsistency that breaks upgrade to 1.14-dev
 2017-01-23 13:04:51 -08:00
Santhosh Manohar
538bea2896 Merge pull request #1617 from AkihiroSuda/cleanup 
proxy: clean up code (addendum to #1598)
 2017-01-19 16:03:49 -08:00
Santhosh Manohar
6f507f53e3 Fix the data model inconsistency that breaks daemon upgrade to 1.14-dev 
Signed-off-by: Santhosh Manohar <santhosh@docker.com>
 2017-01-19 14:25:26 -08:00
Akihiro Suda
d3e7ca726d proxy: clean up code (addendum to #1598) 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2017-01-12 04:46:23 +00:00
Santhosh Manohar
bfd1683e74 Use vndr for managing libnetwork dependencies 
Signed-off-by: Santhosh Manohar <santhosh@docker.com>
 2017-01-11 17:22:05 -08:00
Santhosh Manohar
6ea22f2f50 carry docker/docker #29564 
Signed-off-by: Santhosh Manohar <santhosh@docker.com>
 2017-01-10 13:17:15 -08:00
Santhosh Manohar
3178e13246 Godep update for docker plugingetter pkg 
Signed-off-by: Santhosh Manohar <santhosh@docker.com>
 2017-01-10 13:11:48 -08:00
Santhosh Manohar
56aa6f94b3 Merge pull request #1598 from AkihiroSuda/tcp-halfclose-docker-27539 
proxy: fix an issue about half-closing net.TCPConn after io.Copy()
 2017-01-05 20:36:57 -08:00
Santhosh Manohar
5c4fcff5bc Merge pull request #1609 from aboch/gw46 
Prioritize nw endpoint which can provide both v4 and v6 connectivity
 2017-01-05 13:00:01 -08:00
Alessandro Boch
6dc6fb703b Merge pull request #1595 from sanimej/host 
Add support in embedded DNS server for host loopback resolver
 2017-01-05 12:18:48 -08:00
Alessandro Boch
d2e040529a Merge pull request #1589 from thaJeztah/fix-fqdn-as-hostname 
Fix fqdn as hostname not being added to /etc/hosts
 2017-01-05 12:18:02 -08:00
Alessandro Boch
b448d56c48 Merge pull request #1518 from realab/add-log-for-overlap 
Add log when check is overlap with host nameservers or route table
 2017-01-05 11:32:17 -08:00
Alessandro Boch
b72225a005 Merge pull request #1471 from datastream/patch-1 
doc update
 2017-01-05 11:23:19 -08:00
realityone
d94be29ec5 return an error on overlay subnet is overlapped with hosts 
Signed-off-by: realityone <realityone@me.com>
 2017-01-05 11:22:00 +08:00
Santhosh Manohar
f2f0212cab Merge pull request #1599 from mavenugo/v0.9 
Make use of GetAllManagedPluginsForCap to avoid loading v1-plugins
 2017-01-04 15:02:06 -08:00
Madhu Venugopal
c6dfc70b33 Make use of GetAllManagedPluginsForCap to avoid loading v1-plugins 
Read this for more details : https://github.com/docker/docker/pull/29665

Signed-off-by: Madhu Venugopal <madhu@docker.com>
 2017-01-04 14:35:42 -08:00
Madhu Venugopal
69cf4bc83e Updating Godeps to pull in plugingetter dependancy 
Signed-off-by: Madhu Venugopal <madhu@docker.com>
 2017-01-04 14:35:41 -08:00
Xianjie
32e713eca6 fix json 
Signed-off-by: user.name <datastream@datastream-laptop.local>
Signed-off-by: datastream <guxianjie@gmail.com>
 2017-01-05 01:52:37 +08:00
Alessandro Boch
cdd56ba07e Prioritize nw endpoint which can provide both v4 and v6 connectivity 
- when selecting sandbox's default gw

Signed-off-by: Alessandro Boch <aboch@docker.com>
 2017-01-04 09:40:28 -08:00
Alessandro Boch
ac7deb041b Merge pull request #1605 from sanimej/slice 
ResolveName should return copy of IPs
 2016-12-29 12:26:07 -08:00
Alessandro Boch
64002895a5 Merge pull request #1604 from allencloud/fix-nits-in-comments 
fix nits in error and log
 2016-12-29 12:20:04 -08:00
Alessandro Boch
6019863004 Merge pull request #1602 from allencloud/make-network-connect-error-message-readable 
make network connect error message readable
 2016-12-29 12:19:26 -08:00
Alessandro Boch
83ba440de9 Merge pull request #1603 from YuPengZTE/devFirst 
fix typos
 2016-12-29 12:18:47 -08:00
Alessandro Boch
595246bdfb Merge pull request #1568 from likel/refactor 
Remove unnecessary string formats
 2016-12-29 12:18:06 -08:00
Alessandro Boch
311dfbb49e Merge pull request #1383 from npcode/patch-2 
docs/remote.md: Remove unnecessary backquote
 2016-12-29 12:07:04 -08:00
Santhosh Manohar
16af9918c0 ResolveName should return copy of IPs 
Signed-off-by: Santhosh Manohar <santhosh@docker.com>
 2016-12-29 11:35:24 -08:00
Yi EungJun
11be70cf5e docs/remote.md: Remove unnecessary backquote 
Signed-off-by: Yi EungJun <eungjun.yi@navercorp.com>
 2016-12-30 04:26:17 +09:00
yupeng
c702e19e44 fix typos 
Signed-off-by: yupeng <yu.peng36@zte.com.cn>
 2016-12-29 11:09:57 +08:00
allencloud
bc85efdb4f fix nits in comments 
Signed-off-by: allencloud <allen.sun@daocloud.io>
 2016-12-28 18:49:18 +08:00
allencloud
7c85ed3eac make network connect error message readable 
Signed-off-by: allencloud <allen.sun@daocloud.io>
 2016-12-27 19:46:10 +08:00
Akihiro Suda
9fb8d5696e proxy: fix an issue about half-closing net.TCPConn after io.Copy() 
Fix docker/docker#27539

After io.Copy(to, from), we should call to.CloseWrite(), not to.CloseRead().

Without this fix, TestTCP4ProxyHalfClose (newly added in this commit) fails as
follows:

  --- FAIL: TestTCP4ProxyHalfClose (0.00s)
          network_proxy_test.go:135: EOF

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2016-12-24 20:49:04 +00:00
Santhosh Manohar
176088a742 Merge pull request #968 from aboch/ed6 
Control IPv6 on container's interface
 2016-12-22 18:15:15 -08:00
Santhosh Manohar
bf832ec2a7 Add embedded DNS server support for host loopback resolver 
Signed-off-by: Santhosh Manohar <santhosh@docker.com>
 2016-12-22 14:34:13 -08:00
Alessandro Boch
8740d9e046 Merge pull request #1586 from sanimej/ptr 
Defer PTR queries to external servers based on A/AAAA response
 2016-12-21 11:40:08 -08:00
Santhosh Manohar
879d94edbd Defer PTR queries to external servers based on A/AAAA response 
Signed-off-by: Santhosh Manohar <santhosh@docker.com>
 2016-12-20 14:45:13 -08:00
Madhu Venugopal
92efad001c drvregistry to allow overriding plugin 
drvRegistry isnt aware if a plugin is v1 or v2. Plugin-v2 provides a way
for user to disable and remove plugins. But unfortunately, there isnt
any api to advertise the removal to drvRegistry. Hence there is no way
to handle "docker plugin rm" of installed plugin. In order to support
the case of "docker plugin install x" followed by "docker plugin rm x"
followed by reinstalling of plugin x "docker plugin install x",
drvRegistry must allow overriding any existing plugin with the same
name. The protection in plugin infra will prevent willful override of
existing plugin.

Signed-off-by: Madhu Venugopal <madhu@docker.com>
 2016-12-19 05:17:48 -08:00
Madhu Venugopal
1b28c5e01d Internal interface to differentiate built-in drivers from remote 
Signed-off-by: Madhu Venugopal <madhu@docker.com>
 2016-12-19 05:17:42 -08:00
Madhu Venugopal
bc45d84e8d Handle the case of registering active plugins during remote init 
With Plugin-V2, plugins can get activated before remote driver is
Initialized. Those plugins fails to get registered with drvRegistry.

This fix handles that scenario

Signed-off-by: Madhu Venugopal <madhu@docker.com>
 2016-12-16 08:38:55 -08:00
Madhu Venugopal
721518279a Handling the new experimental daemon flag 
related to https://github.com/docker/docker/issues/29368

Signed-off-by: Madhu Venugopal <madhu@docker.com>
 2016-12-13 13:57:17 -08:00