Commit graph

412 commits

Author SHA1 Message Date
Aleksa Sarai
e3a8c8388f pkg: listeners: separate out the listeners package
This code will be used in containerd and is quite useful in general to
people who want a nice way of creating listeners from proto://address
arguments (even supporting socket activation). Separate it out from
docker/ so people can use it much more easily.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-04-02 01:09:29 +11:00
Alexander Morozov
b9966f3a81 daemon: remove some unused code
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-03-31 11:24:12 -07:00
David Calavera
a7742e4379 Merge pull request #21636 from calavera/remove_builder_from_api
Remove builder dependency from the api.
2016-03-30 15:20:05 -07:00
David Calavera
d12b7c7e3e Remove builder dependency from the api.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-03-29 17:02:36 -07:00
David Calavera
99adcaebc0 Merge pull request #21592 from anusha-ragunathan/docker-systemd
When using systemd, pass expected cgroupsPath and cli options to runc.
2016-03-29 17:00:10 -07:00
Anusha Ragunathan
7ed3d265a4 When using systemd, pass expected cgroupsPath and cli options to runc.
runc expects a systemd cgroupsPath to be in slice:scopePrefix:containerName
format and the "--systemd-cgroup" option to be set. Update docker accordingly.

Fixes 21475

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-03-29 14:20:10 -07:00
David Calavera
f0d26e1665 Remove runconfig package dependency from image and container routers.
Use an interface to specify the behavior of a configuration decoder.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-03-28 16:23:51 -04:00
John Howard
77a50ffa59 Windows: Remove --exec-root
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-03-24 11:42:03 -07:00
John Howard
94d70d8355 Windows libcontainerd implementation
Signed-off-by: John Howard <jhoward@microsoft.com>
Signed-off-by: John Starks <jostarks@microsoft.com>
Signed-off-by: Darren Stahl <darst@microsoft.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-03-18 13:38:41 -07:00
Tonis Tiigi
9c4570a958 Replace execdrivers with containerd implementation
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-03-18 13:38:32 -07:00
John Starks
59573fb3c6 Windows: add support for CloseWrite() to npipe transport
This relies on changes to go-winio to support CloseWrite() when the pipe
is in message mode. This fixes an issue where stdin is not properly closed
when there is no more input to docker run.

Signed-off-by: John Starks <jostarks@microsoft.com>
2016-03-15 18:25:35 -07:00
John Howard
1fbaf6ee8b Windows CI: Fix unit test failures
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-03-11 19:31:08 -08:00
Tibor Vass
1c0474ed63 Merge pull request #20476 from wenchma/19425-TestDaemonStartWithDaemonCommand
Optimize slow bottleneck tests of TestDaemonStartWithDaemonCommand
2016-03-11 10:54:48 -05:00
David Calavera
59586d02b1 Move registry service options to the daemon configuration.
Allowing to set their values in the daemon configuration file.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-03-10 11:53:11 -05:00
Wen Cheng Ma
b9ef2682b9 Optimize slow bottleneck tests of TestDaemonStartWithDaemonCommand
* Remvoe integration test of TestDaemonStartWithDaemonCommand
* Rewrite as unit test

Related issue #19425

Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2016-03-01 14:05:39 +08:00
Darren Stahl
957792e485 Windows CI: Unit Test move Unix specific struct field tests to _unix.go
Signed-off-by: Darren Stahl <darst@microsoft.com>
2016-02-29 18:04:06 -08:00
Vincent Demeester
20a038eca6 Merge pull request #20604 from coolljt0725/fix_reload
Fix configuration reloading
2016-02-29 07:14:15 +01:00
David Calavera
a793564b25 Remove static errors from errors package.
Moving all strings to the errors package wasn't a good idea after all.

Our custom implementation of Go errors predates everything that's nice
and good about working with errors in Go. Take as an example what we
have to do to get an error message:

```go
func GetErrorMessage(err error) string {
	switch err.(type) {
	case errcode.Error:
		e, _ := err.(errcode.Error)
		return e.Message

	case errcode.ErrorCode:
		ec, _ := err.(errcode.ErrorCode)
		return ec.Message()

	default:
		return err.Error()
	}
}
```

This goes against every good practice for Go development. The language already provides a simple, intuitive and standard way to get error messages, that is calling the `Error()` method from an error. Reinventing the error interface is a mistake.

Our custom implementation also makes very hard to reason about errors, another nice thing about Go. I found several (>10) error declarations that we don't use anywhere. This is a clear sign about how little we know about the errors we return. I also found several error usages where the number of arguments was different than the parameters declared in the error, another clear example of how difficult is to reason about errors.

Moreover, our custom implementation didn't really make easier for people to return custom HTTP status code depending on the errors. Again, it's hard to reason about when to set custom codes and how. Take an example what we have to do to extract the message and status code from an error before returning a response from the API:

```go
	switch err.(type) {
	case errcode.ErrorCode:
		daError, _ := err.(errcode.ErrorCode)
		statusCode = daError.Descriptor().HTTPStatusCode
		errMsg = daError.Message()

	case errcode.Error:
		// For reference, if you're looking for a particular error
		// then you can do something like :
		//   import ( derr "github.com/docker/docker/errors" )
		//   if daError.ErrorCode() == derr.ErrorCodeNoSuchContainer { ... }

		daError, _ := err.(errcode.Error)
		statusCode = daError.ErrorCode().Descriptor().HTTPStatusCode
		errMsg = daError.Message

	default:
		// This part of will be removed once we've
		// converted everything over to use the errcode package

		// FIXME: this is brittle and should not be necessary.
		// If we need to differentiate between different possible error types,
		// we should create appropriate error types with clearly defined meaning
		errStr := strings.ToLower(err.Error())
		for keyword, status := range map[string]int{
			"not found":             http.StatusNotFound,
			"no such":               http.StatusNotFound,
			"bad parameter":         http.StatusBadRequest,
			"conflict":              http.StatusConflict,
			"impossible":            http.StatusNotAcceptable,
			"wrong login/password":  http.StatusUnauthorized,
			"hasn't been activated": http.StatusForbidden,
		} {
			if strings.Contains(errStr, keyword) {
				statusCode = status
				break
			}
		}
	}
```

You can notice two things in that code:

1. We have to explain how errors work, because our implementation goes against how easy to use Go errors are.
2. At no moment we arrived to remove that `switch` statement that was the original reason to use our custom implementation.

This change removes all our status errors from the errors package and puts them back in their specific contexts.
IT puts the messages back with their contexts. That way, we know right away when errors used and how to generate their messages.
It uses custom interfaces to reason about errors. Errors that need to response with a custom status code MUST implementent this simple interface:

```go
type errorWithStatus interface {
	HTTPErrorStatusCode() int
}
```

This interface is very straightforward to implement. It also preserves Go errors real behavior, getting the message is as simple as using the `Error()` method.

I included helper functions to generate errors that use custom status code in `errors/errors.go`.

By doing this, we remove the hard dependency we have eeverywhere to our custom errors package. Yes, you can use it as a helper to generate error, but it's still very easy to generate errors without it.

Please, read this fantastic blog post about errors in Go: http://dave.cheney.net/2014/12/24/inspecting-errors

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-26 15:49:09 -05:00
Lei Jitang
b9366c9609 Fix configuration reloading
There are five options 'debug' 'labels' 'cluster-store' 'cluster-store-opts'
and 'cluster-advertise' that can be reconfigured, configure any of these
options should not affect other options which may have configured in flags.
But this is not true, for example, I start a daemon with -D to enable the
debugging, and after a while, I want reconfigure the 'label', so I add a file
'/etc/docker/daemon.json' with content '"labels":["test"]' and send SIGHUP to daemon
to reconfigure the daemon, it work, but the debugging of the daemon is also diabled.
I don't think this is a expeted behaviour.
This patch also have some minor refactor of reconfiguration of cluster-advertiser.
Enable user to reconfigure cluster-advertiser without cluster-store in config file
since cluster-store could also be already set in flag, and we only want to reconfigure
the cluster-advertiser.

Signed-off-by: Lei Jitang <leijitang@huawei.com>
2016-02-24 21:12:14 -05:00
Kai Qiang Wu(Kennan)
3c69d340eb Add check for non-systemd fd use case
We make the check more user-friendly, and users can learn
start docker with wrong fd used.

Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
2016-02-22 01:53:38 +00:00
David Calavera
31cb96dcfa Avoid setting default truthy values from flags that are not set.
When the value for a configuration option in the file is `false`,
and the default value for a flag is `true`, we should not
take the value from the later as final value for the option,
because the user explicitly set `false`.

This change overrides the default value in the flagSet with
the value in the configuration file so we get the correct
result when we merge the two configurations together.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-19 18:39:10 -05:00
David Calavera
e8f569b324 Remove all docker debugging knowledge from the server.
It should be explicitly told whether to enable the profiler or not.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-16 14:11:16 -05:00
David Calavera
34c29277c2 Move listeners and port allocation outside the server.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-11 14:42:49 -05:00
David Calavera
1af76ef597 Remove daemon dependency from api/server.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-10 15:16:59 -05:00
Alexander Morozov
83ee24e52b Merge pull request #19911 from Microsoft/jstarks/npipe
Windows: Add support for named pipe protocol
2016-02-02 15:59:45 -08:00
David Calavera
9f315dd328 Add regression tests for client debug flag.
- Add client debug info to the `docker info` command.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-02 16:57:36 -05:00
David Calavera
b6766e3063 Make sure flat options are not parsed as config structures.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-02 14:45:37 -05:00
John Starks
0906195fbb Windows: Add support for named pipe protocol
This adds an npipe protocol option for Windows hosts, akin to unix
sockets for Linux hosts. This should become the default transport
for Windows, but this change does not yet do that.

It also does not add support for the client side yet since that
code is in engine-api, which will have to be revendored separately.

Signed-off-by: John Starks <jostarks@microsoft.com>
2016-02-01 19:46:30 -08:00
David Calavera
85475f7dea Merge pull request #19794 from calavera/14358-disable-colors
[Carry 18621] Allow disabling of colored Docker logs via daemon flag.
2016-02-01 15:37:44 -08:00
Vincent Woo
87a450a37f Allow disabling of colored Docker logs via daemon flag.
Signed-off-by: Vincent Woo <me@vincentwoo.com>
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-01 16:19:18 -05:00
Brian Goff
78b0defcf3 handle debug mode for clients
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-02-01 14:36:40 -05:00
David Calavera
c539be8833 Allow network configuration via daemon config file.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-25 18:54:56 -05:00
David Calavera
5e80ac0dd1 Make TLSOptions and LogConfig embedded structs.
That way the configuration file becomes flag, without extra keys.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-22 13:20:17 -05:00
David Calavera
ed4038676f Verify that the configuration keys in the file are valid.
- Return an error if any of the keys don't match valid flags.
- Fix an issue ignoring merged values as named values.
- Fix tlsverify configuration key.
- Fix bug in mflag to avoid panics when one of the flag set doesn't have any flag.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-21 16:56:12 -05:00
David Calavera
cd3446972e Fix post config verification without flags.
- Set the daemon log level to what's set in the configuration.
- Enable TLS when TLSVerify is enabled.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-20 13:01:07 -05:00
David Calavera
677a6b3506 Allow to set daemon and server configurations in a file.
Read configuration after flags making this the priority:

1- Apply configuration from file.
2- Apply configuration from flags.

Reload configuration when a signal is received, USR2 in Linux:

- Reload router if the debug configuration changes.
- Reload daemon labels.
- Reload cluster discovery.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-14 16:44:37 -05:00
Tibor Vass
5c630ea7c3 Rename authz to authorization for greater clarity
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-01-13 14:15:37 -05:00
qq690388648
1cb9b0745c replace the os.Stdout with stdout to adapt platform
Signed-off-by: Sun Gengze <690388648@qq.com>
2015-12-30 18:24:02 +08:00
David Calavera
8e034802b7 Remove usage of pkg sockets and tlsconfig.
- Use the ones provided by docker/go-connections, they are a drop in replacement.
- Remove pkg/sockets from docker.
- Keep pkg/tlsconfig because libnetwork still needs it and there is a
  circular dependency issue.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-29 19:27:12 -05:00
Daniel Nephin
f5916b10ae Remove the graph driver from the daemon, move it into the layer store.
Support restoreCustomImage for windows with a new interface to extract
the graph driver from the LayerStore.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2015-12-28 12:55:48 -05:00
David Calavera
27220ecc6b Move timeutils functions to the only places where they are used.
- Move time json marshaling to the jsonlog package: this is a docker
  internal hack that we should not promote as a library.
- Move Timestamp encoding/decoding functions to the API types: This is
  only used there. It could be a standalone library but I don't this
it's worth having a separated repo for this. It could introduce more
complexity than it solves.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-15 14:56:14 -05:00
Liron Levin
75c353f0ad Docker authorization plug-in infrastructure enables extending the functionality of the Docker daemon with respect to user authorization. The infrastructure enables registering a set of external authorization plug-in. Each plug-in receives information about the user and the request and decides whether to allow or deny the request. Only in case all plug-ins allow accessing the resource the access is granted.
Each plug-in operates as a separate service, and registers with Docker
through general (plug-ins API)
[https://blog.docker.com/2015/06/extending-docker-with-plugins/]. No
Docker daemon recompilation is required in order to add / remove an
authentication plug-in. Each plug-in is notified twice for each
operation: 1) before the operation is performed and, 2) before the
response is returned to the client. The plug-ins can modify the response
that is returned to the client.

The authorization depends on the authorization effort that takes place
in parallel [https://github.com/docker/docker/issues/13697].

This is the official issue of the authorization effort:
https://github.com/docker/docker/issues/14674

(Here)[https://github.com/rhatdan/docker-rbac] you can find an open
document that discusses a default RBAC plug-in for Docker.

Signed-off-by: Liron Levin <liron@twistlock.com>
Added container create flow test and extended the verification for ps
2015-12-08 17:34:15 +02:00
Alexander Morozov
ca5795cef8 Remove usage of listenbuffer package
It actually adds nothing to queuing requests.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-30 09:04:55 -08:00
Alex Crawford
a8b84cd8fb Revert "Return listenbuffer behavior"
This reverts commit 281a48d092.

Signed-off-by: Alex Crawford <alex.crawford@coreos.com>
2015-11-24 18:32:57 -08:00
Tianon Gravi
e54c4517a7 Fix "./docker" package name on freebsd
This fixes "can't load package: package ./docker: found packages client.go (main) and daemon_freebsd.go (docker)"

Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-11-17 09:38:19 -08:00
Antonio Murdaca
7929888214 Remove deprecated cli flags
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-11-15 10:40:01 +01:00
David Calavera
58b270c338 Merge pull request #17431 from vdemeester/hope-it-does-not-broke-everything-again
Another try at dockerversion placeholder for library import
2015-11-09 13:15:50 -08:00
Vincent Demeester
8054a30387 dockerversion placeholder for library import
- Add a *version* file placeholder.
- Update autogen and builds to use it and an autogen build flag

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-11-09 19:32:46 +01:00
David Calavera
3b5fac462d Remove LXC support.
The LXC driver was deprecated in Docker 1.8.
Following the deprecation rules, we can remove a deprecated feature
after two major releases. LXC won't be supported anymore starting on Docker 1.10.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-11-05 17:09:57 -05:00
Brian Goff
b78ca243d9 Revert "dockerversion placeholder for library-import"
This reverts commit d5cd032a86.

Commit caused issues on systems with case-insensitive filesystems.
Revert for now

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-10-27 21:23:53 -04:00