- move api/types/container.ExecOptions to the client
- rename api/types/container.ExecOptions to ExecCreateRequest
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- move api/types/container.ExecStartOptions to the client
- move api/types/container.ExecAttachOptions to the client
- rename api/types/container.ExecStartOptions to ExecStartRequest
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
daemon versions before v18.09 (API v1.39) returned a magic `<unknown>` value
for the `KernelVersion` and `OperatingSystem` if these values were not set.
Commit e6e8ab50fa removed this magic values,
but kept a fallback for old versions of the CLI that expected this value to
be pre-formatted this way. Given that this change was over 7 Years ago, and
never was a strict contract of the API, we can remove this fallback. Current
versions of the CLI properly handle presentation, so this would only impact
EOL versions of the CLI.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Update changelog to include mention of the new fields added
in 3f86797d3f.
- Update changelog to mention removal of the deprecated fields
in b092c8ca64
- Sync v1.52 swagger docs with the current version.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When running:
docker network create --ipv6 b46
docker run --rm -ti \
--network name=b46,driver-opt=com.docker.network.endpoint.sysctls=net.ipv6.conf.IFNAME.disable_ipv6=1 \
busybox
IPv6 is enabled in the container and the network, so an IPv6 address
will be allocated for the endpoint.
But, when the sysctl is applied, the IPv6 address will be removed
from the interface ... so, no unsolicited neighbour advertisement
should be (or can be) sent and, the endpoint should not be treated
as dual-stack when selecting a gateway endpoint and, if it is
selected as the gateway endpoint, setting up an IPv6 route via the
network will fail.
So, if the IPv6 address disappears after sysctls have been applied,
release the address and remove it from the endpoint's config.
Signed-off-by: Rob Murray <rob.murray@docker.com>
And move the Endpoint.populateNetworkResources code into the
all-platforms part of the Sandbox method.
Signed-off-by: Rob Murray <rob.murray@docker.com>
DNS is set up when the endpoint is joined to a network.
It was added in commit 4850c5f (Avoid duplicate entries in
/etc/hosts) then simplified in bcca214 (libnetwork: open-code
updating svc records) and seems to be related to setting up a
name on a swarm node that isn't running the container with the
endpoint.
But, all callers of Network.createEndpoint follow up with an
Endpoint.Join, which also sets up the DNS entry. Those callers are:
Network.createLoadBalancerSandbox
Network.CreateEndpoint
- called by Daemon.connectToNetwork
- called by Sandbox.setupDefaultGateway
- called by builder-net/executor.go: iface.init
None of them bail out before the Join for a Swarm case.
So, it looks like enough has changed that the createEndpoint code is
no longer needed (it predates the internal DNS server) ... remove it.
Signed-off-by: Rob Murray <rob.murray@docker.com>
When the SetKey hook is used (by a build container) it's called after
Endpoint.sbJoin, which will have called Sandbox.populateNetworkResources
to set up address, routes, sysctls and so on - but it's not able to do
any config until the osSbox exists. So, Sandbox.populateNetworkResources
is called again by SetKey to finish that config.
But, that means the rest of Endpoint.sbJoin has already happened before
the osSbox existed - it will have configured DNS, /etc/hosts, gateways
and so on before anything was set up for the OS.
So, if the osSbox configuration isn't applied as expected (for example,
a sysctl disables IPv6 on the endpoint), that sbJoin configuration is
incorrect.
To avoid unnecessary config+cleanup in thoses cases - delay the config
currently done by sbJoin until the osSbox exists.
Signed-off-by: Rob Murray <rob.murray@docker.com>
This option was deprecated in Docker 27.0 through 7ea9acc97f,
and removed in 28.0 through ae96ce866f.
The field was kept to provide a user-friendly error when used; this
patch removes the field altogether.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When Windows reboots, it removes HNS networks. They're restored
from Docker's store (unlike after a daemon restart, where Docker
networks are restored from HNS networks).
When that happens, preserve the driver-opt that reports the HNS
network name when that happens.
Signed-off-by: Rob Murray <rob.murray@docker.com>
After creating a new network, inspect shows that there's no value
for option "com.docker.network.windowsshim.networkname". After
restarting the daemon, it shows up with the docker network name
(not the HNS network name, which defaults to the docker network's
id).
Creating the network with "-o com.docker.network.windowsshim.networkname"
sets the HNS network name, and it shows up in inspect. Until the
daemon is restarted, then it shows the docker network name.
So - set the option value to the HNS network name on creation (the id
if no name is given), and on restore after restart use the name
reported by HNS.
Signed-off-by: Rob Murray <rob.murray@docker.com>
When ipvlan in "l2" mode is given no '--gateway' option, an
address is allocated from IPAM and a default route is set up
via that gateway. But, the gateway address is not assigned to
anything in the Docker ipvlan network - it must be external,
and IPAM shouldn't try to guess it.
So ...
- always disable IPAM gateway address allocation for ipvlan-l2
- tell libnet to assume the endpoint has a gateway instead
- update the Join code to allow for no configured gateway
- always disable 'docker_gwbridge' connection for ipvlan
networks, so it's not hooked up when there is no gateway
address.
Signed-off-by: Rob Murray <rob.murray@docker.com>
When macvlan is given no '--gateway' option, an address is
allocated from IPAM and a default route is set up via that
gateway. But, the gateway address is not assigned to anything
in the Docker macvlan network - it must be external, and
IPAM shouldn't try to guess it.
When IPv6 auto-configuration is enabled in the network the
macvlan is connected to, the macvlan driver races against it
to set up the gateway. When autoconfig wins, container creation
fails because the default route already exists.
So ...
- disable IPAM gateway address allocation for macvlan
- update the Join code to allow for no configured gateway
- always disable 'docker_gwbridge' connection for macvlan
networks, so it's not hooked up when there is no gateway
address.
Libnet assumes an endpoint with no statically configured default
gateway or route does not provide external connectivity. So, it
disables external DNS access, and will not select the endpoint
as gateway for containers. So, where an IPAM allocated gateway
address would have been assigned before, tell libnet to assume
there will be an auto-configured gateway.
Signed-off-by: Rob Murray <rob.murray@docker.com>
This field was deprecated in 0c182d4d57,
which should be included in a 28.x release, but we don't need to carry
it in the new module.
We should also considering duplicating the `ExecOptions` type as a client
option, and renaming it to `ExecCreateRequest`, so that we can decouple
client options from the shape of the request.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was deprecated in 83f8f4efd7,
and the package is internal to the daemon, so we can remove it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was deprecated in 54a556a5ef,
and the package is now internal to the daemon, so we can remove it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Complete the removal of the deprecated network structs by dropping the
remaining references in daemon code.
Signed-off-by: Cory Snider <csnider@mirantis.com>
As the Engine API requests may be directed at a non-leader Swarm
manager, the information needs to be tunneled through the Swarm API.
Signed-off-by: Cory Snider <csnider@mirantis.com>
Except Bridge, all fields of NetworkSettingsBase were deprecated in
v1.44, and are actually never set at all.
The Bridge field was deprecated in v1.51 but it's only set when the
container is connected to the default bridge, and when the daemon is
started with the --bridge option set.
So, remove all those fields and do not backfill them for older API
versions.
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
All the fields in DefaultNetworkSettings were deprecated in Engine v1.9
and scheduled for removal in v17.12. However, they're still return in
all supported API versions.
As we still need to keep backward compatibility for older API versions,
this change leverages the newly added 'compat' package to return these
fields despite being removed from the Go struct.
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
The compat package marshals the base value into JSON to convert it into
a map[string]any, then applies the compat options, and finally
re-encodes the map into JSON.
`json.Marshal` is used for both marshalling operations. However, this
function encodes special HTML characters by default. The API responses
aren't meant to be embedded into HTML, so this behavior is not desired.
Replace `json.Marshal` with a `json.Encoder` with HTML escaping
disabled. Extra care is taken to drop the trailing LF added by
`(*json.Encoder).Encode()` (see [1]).
[1]: https://pkg.go.dev/encoding/json#Encoder.Encode
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
The old deferred error handling cleared ep.sandboxID, but only
in a copy of the Endpoint loaded from the store, not stored or
returned - so the modification was immediately lost.
It also tried to remove the endpoint from the Sandbox's 'endpoints',
but the remove function compared pointers rather than ids, so
nothing was removed. Removing it would have broken rollback anyway.
Signed-off-by: Rob Murray <rob.murray@docker.com>
If an endpoint is still attached to a Sandbox when
Endpoint.Delete is called with force=true, sbLeave is
called. It may change the Sandbox's gateway, which may
conflict with a concurrent Join.
So, acquire the Sandbox's joinLeaveMu to do that, and
clarify the purpose of that mutex in struct Sandbox
comments.
Signed-off-by: Rob Murray <rob.murray@docker.com>
Because it loaded the Endpoint object from store and operated
on that copy rather than its own receiver, sbJoin couldn't
successfully roll back on error if the Endpoint was not included
in the Sandbox's list of endpoints, or its current state had
not been written to store after the error occurred.
So, for example, releaseOSSboxResources() would not be called
to delete interfaces created in the container's netns.
Signed-off-by: Rob Murray <rob.murray@docker.com>
These fields were deprecated in [moby@72f188] (docker v1.10, API v1.22),
with the deprecation message updated to be in the correct format in
[moby@247f47] (docker v23.0).
[moby@72f188]: 72f1881df1
[moby@247f47]: 247f4796d2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Don't include the deprecated `status`, `id`, and `from` fields in event
responses.
These fields were deprecated in [moby@72f188] (docker v1.10, API v1.22),
but the daemon still included them in the response.
Unfortunately, the Docker CLI (and compose indirectly), continued using
these fields up until v25.0.0, and panic if the fields are omitted, or
left empty (due to a bug), see: https://github.com/moby/moby/pull/50832#issuecomment-3276600925
so we need to continue producing these fields on API < v1.52.
[moby@72f188]: 72f1881df1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These fields were deprecated in [moby@72f188] (docker v1.10, API v1.22),
and we shouldn't test for them.
[moby@72f188]: 72f1881df1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add a package to help augmenting API responses with additional fields,
replacing fields, or to remove fields from the response to allow for
legacy API responses to be produced without having to keep deprecated
fields in the API type definitions.
Co-authored-by: Albin Kerouanton <albinker@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
On API v1.52 and newer, the GET /networks/{id} endpoint returns
statistics about the IPAM state for the subnets assigned to the network.
Signed-off-by: Cory Snider <csnider@mirantis.com>
