Make the DiscoverNew switch only responsible for asserting the correct
data type, and push the conversion logic into the setKeys and updateKeys
methods.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Also:
- remove the hostConfig param from Daemon.createContainerVolumesOS.
- rename var container -> ctr
Signed-off-by: Rob Murray <rob.murray@docker.com>
The container's constructor, Daemon.newContainer, already has
hostConfig and can just assign it directly.
Signed-off-by: Rob Murray <rob.murray@docker.com>
Call registerMountPoints after the rest of the container's
configuration has been set up.
This will make it possible to call an NRI plugin with the
container's config, allowing it to adjust the mounts in that
config, before it's used to find volumes etc.
Signed-off-by: Rob Murray <rob.murray@docker.com>
Daemon.createContainerOSSpecificSettings adds container config for
the OS, and creates volumes. Split those two things.
This will make it possible to call an NRI plugin after the config
is complete, before volumes are created - so the NRI plugin can
adjust a full set of config, including volumes.
Signed-off-by: Rob Murray <rob.murray@docker.com>
The call from Daemon.create -> Daemon.setHostConfig acquired
container.Lock, but didn't need to because the container is
newly created and solely owned by the caller. The call from
Daemon.restore did not acquire the lock.
Signed-off-by: Rob Murray <rob.murray@docker.com>
If a container is using a docker_gwbridge endpoint as its gateway,
when it's connected to another network that provides a gateway, the
docker_gwbridge endpoint is removed when that endpoint is added (in
a recursive nightmare).
So, the "before" gateway for the container has been removed
before the new gateway is updateExternalConnectivity'd.
Don't pass the old gateway to updateExternalConnectivity in that
case, because the network driver's already forgotten about it.
Signed-off-by: Rob Murray <rob.murray@docker.com>
Export trace spans from the github.com/microsoft/hcsshim module, which
is instrumented with OpenCensus, to the daemon's OpenTelemetry exporter
to provide more visibility into Windows container lifecycle operations.
Signed-off-by: Cory Snider <csnider@mirantis.com>
Commit a8b9eff90 removed a call to Network.updateSvcRecord from
Network.createEndpoint on the grounds that:
> all callers of Network.createEndpoint follow up with an Endpoint.Join,
> which also sets up the DNS entry.
However, the original call in Network.createEndpoint was gated by:
```
if !n.getController().isSwarmNode() || n.Scope() != scope.Swarm || !n.driverIsMultihost() {
n.updateSvcRecord(context.WithoutCancel(ctx), ep, true)
}
```
whereas the call in Endpoint.sbJoin() (invoked by Endpoint.Join()) is
gated by:
```
if !n.getController().isAgent() {
if !n.getController().isSwarmNode() || n.Scope() != scope.Swarm || !n.driverIsMultihost() {
n.updateSvcRecord(context.WithoutCancel(ctx), ep, true)
}
}
```
As a result, once a node has joined a Swarm cluster, no DNS entries are
created for non swarm-scoped networks.
Change the condition used by `sbJoin` to match the original condition
used in `createEndpoint`.
Signed-off-by: Albin Kerouanton <albin.kerouanton@docker.com>
The priority order for determining image store choice was incorrect when
a prior graphdriver existed.
The issue occurred because the prior graphdriver check happened after
processing explicit driver configuration, effectively ignoring user
intent when prior state existed.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Updates docker pull to pull related attestation manifest and
any signatures for that manifest in cosign referrer objects.
These objects are transferred with the image when running
docker save and docker load and can be used to identify
the image in future updates.
Push is not updated atm as the currect push semantics
in containerd mode do not have correct immutability
guaranteed and don't work with image indexes.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
The image exporter wrapper was unconditionally setting `unpack=true` for
all build exports, preventing users from controlling this behavior
through buildkit's output image exporter option.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Currently requires replace rule for swarmkit etcd.
BuildKit itself doesn't use etcd but version gets bumped
via unused dependency.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This workaround was added in df519e9e1a, pending
a fix in containerd;
> daemon: Fix giving up too early while connecting to containerd socket
>
> Explicitly set the gRPC connection params to take the timeout into
> account to workaround the containerd v2 client not passing down the
> stack.
>
> containerd v2 replaced usages of deprecated gRPC functions but didn't
> pass the timeout to the actual dial connection options.
A fix for this was merged in [containerd@ee574e7], which is part of containerd
v2.1.0-beta.0, and backported to containerd v2.0.4 through [containerd@6b5efba].
[containerd@ee574e7]: ee574e76e7
[containerd@6b5efba]: 6b5efba83b
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This type describes the options defined as consts below it, so make
those consts typed. While updating, I also removed the use of iota
to prevent accidentally changing their values (and if this API is
implemented elsewhere)
(but mostly because I'm not a fan of iota ':))
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Introduced DefaultIsolation method in the Daemon to return the daemon configured isolation mode for Windows.
Signed-off-by: Vigilans <vigilans@foxmail.com>
On daemon shutdown, the HTTP server tries to gracefully shutdown for 5
seconds. If there's an open API connection to the '/events' endpoint, it
fails to do so as nothing interrupts that connection, thus forcing the
daemon to wait until that timeout is reached.
Add a Close method to the EventsService, and call it during daemon
shutdown. It'll close any events channel, signaling to the '/events'
handler to return and close the connection.
It now takes ~1s (or less) to shutdown the daemon when there's an active
'/events' connection, instead of 5.
Signed-off-by: Albin Kerouanton <albin.kerouanton@docker.com>
Use a singleflight for collecting the build-cache usage; collecting this
information is potentially heavy-weight, and we already do this for the
other disk-usage methods.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
commit a69abdd90d introduced a "verbose"
option for the disk-usage endpoint, which allowed omitting the items
to be included in the results.
However, it did not take into account that a singleflight is used to
allow sharing the results between requests; this means that a request
made while another request is already in flight could share the wrong
results, and either get "verbose" or "non-verbose", depending on the
request already in flight.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These fields have been removed from the API specification, and the struct
was only needed to produce legacy responses (server), or to unmarshal
legacy responses in the client.
As the API module only provides API definitions for the current API version,
we should remove these legacy structs, and keep them internal to the daemon
and client.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Now that we separated the legacy response from non-legacy responses,
we can consume the data produced by the backend as-is; the backend
takes care of omitting "verbose" data (leaving the `Items` slices
empty), and with an early return for the legacy responses, we won't
end up with returning _both_ responses on API < v1.52, but (TBD) still
return both responses for API v1.52.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Use early return for legacy response. When using API < v1.52, we'd
never return the new fields, so we can return early, and produce the
legacy-fields only.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
