Corrected integer size passed to Windows
Corrected DisableEcho / SetRawTerminal to not modify state
Cleaned up and made routines more idiomatic
Corrected raw mode state bits
Removed duplicate IsTerminal
Corrected off-by-one error
Minor idiomatic change
Signed-off-by: Brendan Dixon <brendand@microsoft.com>
(cherry picked from commit 1a36a113d4)
Updated Windows installation documentation with newest
screencasts and Chocolatey instructions to install windows
client CLI.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
(cherry picked from commit 2b320a2309)
When working with Go channels you must not set it to nil or else the
channel will block forever. It will not panic reading from a nil chan
but it blocks. The correct way to do this is to create the channel then
close it as the correct results to the caller will be returned.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
(cherry picked from commit 7061a993c5)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Closing activationLock only if it's not closed already. This is needed
only because integration tests using docker code directly and doesn't
care about global state.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
(cherry picked from commit c717475714)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
If job "acceptconnections" is called before "serveapi" the API Accept()
method will hang forever waiting for activation. This is due to the fact
that when "acceptconnections" ran the activation channel was nil.
Signed-off-by: Darren Shepherd <darren@rancher.com>
(cherry picked from commit 8f6a14452d)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
It's about time to let folks not hit 'vfs', when 'overlay' is supported
on their kernel. Especially now that v3.18.y is a long-term kernel.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
(cherry picked from commit 2c72ff1dbf)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Currently the progress reader won't close properly by not setting the close size.
fixes#11849
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit aa3083f577)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Also cleans up tests to not shell out for file creation.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 63708dca8a)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Api requesting port for daemon before init_networkdriver called.
Problem is that now initialization of api depends on initialization of
daemon and their intializations runs in parallel. Proper fix will be
just do it sequentially. For now I don't want refactor it, because it
can bring additional problems in 1.6.0.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
(cherry picked from commit 584180fce7)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Do not remove container if any of the resource could not be cleaned up. We
don't want to leak resources.
Two new states have been created. RemovalInProgress and Dead. Once container
is Dead, it can not be started/restarted. Dead container signifies the
container where we tried to remove it but removal failed. User now needs to
figure out what went wrong, corrent the situation and try cleanup again.
RemovalInProgress signifies that container is already being removed. Only
one removal can be in progress.
Also, do not allow start of a container if it is already dead or removal is
in progress.
Also extend existing force option (-f) to docker rm to not return an error
and remove container from user view even if resource cleanup failed.
This will allow a user to get back to old behavior where resources
might leak but atleast user will be able to make progress.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
(cherry picked from commit 40945fc186)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
This has a few hacks in it but it ensures that the bridge driver does
not use global state in the mappers, atleast as much as possible at this
point without further refactoring. Some of the exported fields are
hacks to handle the daemon port mapping but this results in a much
cleaner approach and completely remove the global state from the mapper
and allocator.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
(cherry picked from commit d8c628cf08)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Continuation of: #11660, working on issue #11626.
Wrapped portmapper global state into a struct. Now portallocator and
portmapper have no global state (except configuration, and a default
instance).
Unfortunately, removing the global default instances will break
```api/server/server.go:1539```, and ```daemon/daemon.go:832```, which
both call the global portallocator directly. Fixing that would be a much
bigger change, so for now, have postponed that.
Signed-off-by: Paul Bellamy <paul.a.bellamy@gmail.com>
(cherry picked from commit 87df5ab41b)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
This change makes `monitorTtySize` work correctly on windows by polling
into win32 API to get terminal size (because there's no SIGWINCH on
windows) and send it to the engine over Remove API properly.
Average getttysize syscall takes around 30-40 ms on an average windows
machine as far as I can tell, therefore in a `for` loop, checking every
250ms if size has changed or not.
I'm not sure if there's a better way to do it on windows, if so,
somebody please send a link 'cause I could not find.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
(cherry picked from commit ebbceea8a7)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
When buffering to file add support for compressing the tar contents. Since digest should be computed while writing buffer, include digest creation during buffer.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit 851c64725d)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
This is a follow-up on PR 11708, as suggested by tianon.
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit a09cc935c3)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Automatically detect support for aufs `dirperm1` option and apply it.
`dirperm1` tells aufs to check the permission bits of the directory on the
topmost branch and ignore the permission bits on all lower branches.
It can be used to fix aufs' permission bug (i.e., upper layer having
broader mask than the lower layer).
More information about the bug can be found at https://github.com/docker/docker/issues/783
`dirperm1` man page is at: http://aufs.sourceforge.net/aufs3/man.html
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
(cherry picked from commit 281abd2c8a)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Since `dirperm1` requires a more recent aufs patch than many current OS release,
we cant remove #783 completely. This documents that docker will apply `dirperm1`
automatically for systems that support it
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
(cherry picked from commit d7bbe2fcb5)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
It's easier for users to check if their systems support dirperm1 just by using
docker info
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
(cherry picked from commit d68d5f2e4b)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
These images was just sitting around and referenced from
nowhere, nor they seemed any useful.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
(cherry picked from commit 986ae5d52a)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Boot2Docker experience is updated now that we have a Docker
client on Windows. Instead of running `boot2docker ssh`, users
can also use boot2docker on Windows Command Prompt (`cmd.exe`)
and PowerShell.
Updated documentation and screenshots, added a few details,
reorganized sections by importance, fixed a few errors.
Remaining: the video link in the Demonstration section needs
to be updated once I shoot a new video.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
(cherry picked from commit de09c55394)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
This change fixes a bug where stdout/stderr handles are not identified
correctly.
Previously we used to set the window size to fixed size to fit the default
tty size on the host (80x24). Now the attach/exec commands can correctly
get the terminal size from windows.
We still do not `monitorTtySize()` correctly on windows and update the tty
size on the host-side, in order to fix that we'll provide a
platform-specific `monitorTtySize` implementation in the future.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
(cherry picked from commit 0532dcf3dc)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
For positerity (largely of packagers) lets leave around the generated
version files that happen during build.
They're already ignored in git, and recreated on every build.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
We removed it, because upstream removed it. But now it will be coming
back, so work with it either way.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
They say we should only use the BTRFS_LIB_VERSION
They will no longer support this since it had to be managed manually
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
The previous state assumed that the HOSTPATH argument referred to a
file. As clarified by moxiegirl in PR #11305, it is a directory.
Adjusted completion to reflect this.
Signed-off-by: Harald Albers <github@albersweb.de>
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
on overlay fs, the mtime of directories changes in a container where new
files are added in an upper layer (e.g. '/etc'). This flags the
directory as a change where there was none.
Closes#9874
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
This disables recently added ANSI emulation feature in certain Windows
shells (like ConEmu) where ANSI output is emulated by default with builtin
functionality in the shell.
MSYS (mingw) runs in cmd.exe window and it doesn't support emulation.
Cygwin doesn't even pass terminal handles to docker.exe as far as I can
tell, stdin/stdout/stderr handles are behaving like non-TTY. Therefore not
even including that in the check.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Clarify in the docs that ENV is not recursive
Closes#10391
Signed-off-by: Doug Davis <dug@us.ibm.com>
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Fixes#9981
Allows a volume which was created by docker (ie, in
/var/lib/docker/vfs/dir) to be used as a Bind argument via the container
start API and overwrite an existing volume.
For example:
```bash
docker create -v /foo --name one
docker create -v /foo --name two
```
This allows the volume from `one` to be passed into the container start
API as a bind to `two`, and it will overwrite it.
This was possible before 7107898d5c
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
No longer add the body to the error when a 404 is received on get repository data.
closes#11510
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Link to new guide. Added a quickstart contributor guide for experienced people.
Converting narrative style to procedures for easier use. I think there is something missing in the
release publishing section...but it looks like it was missing in the original.
Updates per thaJeztah
Edits per Fred
Updating with comments from Sven
Signed-off-by: Mary Anthony <mary@docker.com>
Add the capability to cancel the build by disconnecting the client.
This adds a `cancelled` channel which is used to signal that a build
should halt. The build is halted by sending a Kill signal and noticing
that the cancellation channel is closed.
This first pass implementation does not allow cancellation during a
pull, but that will come in a subsequent PR.
* Add documentation of cancellation to cli and API
* Protect job cancellation with sync.Once
* Add TestBuildCancelationKillsSleep
* Add test case for build cancellation of RUN statements.
Signed-off-by: Peter Waller <p@pwaller.net>
Changes relevant for Docker since 0.6.6 are (most other changes are hooks and
options for formatters):
* Debugging color output changed to gray.
* Don't quote the number 9 when it's by it self (i.e. `omg=9` instead of
`omg="8"`, this was the case for all other numbers)
* Performance is better when running a high logging level with lots of low-level
logging.
* Minor internal refactoring and more tests.
Signed-off-by: Simon Eskildsen <sirup@sirupsen.com>
`TestBuildSpaces` is used to do string manipulation to redact timestamps
from compared cmd output. However it was assuming there is going to be
only one `time=".."` in the output --not the case on windows. Therefore
I wrote a regexp to redact all log timestamps.
Also the test used to have a copy/paste bug (see err1/err2). This fixes
that, too.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
With this Dockerfile
```
FROM ubuntu
ENV ABC=""
VOLUME $ABC
```
It builds ok but then at run time I get this error:
FATA[0002] Error response from daemon: Cannot start container 8902b4a7aaf5c4e4b11a38070d392db465fa97ad88c91c8b38dda5ab8149ccac: [8] System error: no such file or directory
Because the Volume config shows "" as the path. This PR checks for "" as
the path and stops it at build time.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Resolved conflict in the following file:
docs/sources/installation/MAINTAINERS
File was deleted upstream and changed in this branch. Deleting the file in this branch as well.
Signed-off-by: Casey Bisson <casey.bisson@joyent.com>
This shows a warning message about adjusted file/directory permission bits
when the `docker build` cli command is executed on windows.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Pushing a v2 image layer has two steps:
- POST to get a new upload URL
- PUT to that upload URL
We were previously not checking the response code of
the POST request and the PUT would fail in weird ways.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
When pushing to the official registry, v2 push will be attempted first. If the v2 endpoint is unavailable, a push to v1 will occur. If a v2 push is started and failed, the push operation will fail. Pulling non-official images the official v2 registry is also enabled to pull the newly push images. When a pull of a v2 image fails, v1 will always be attempted.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
w/o this I would see:
```
unexpected file format for /proc/self/cgroup - ""
```
while running the cgroup tests
Signed-off-by: Doug Davis <dug@us.ibm.com>
Adding instructions that refers to the Microsoft Azure
documentation on creating Docker-ready Linux VMs on Azure
platform.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Thanks to @tiborvass's review of another PR it was noticed that
we didn't have a testcase to make sure the cache checking for LABEL
was being done properly. This adds a test for it.
Signed-off-by: Doug Davis <dug@us.ibm.com>
This ensures that the libcontainer state is fully removed for a
container after it is terminated.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This addresses a subtle deadlock where an error during a copy prevented pipe
closure to propagate correctly. By closing down the read end of the pipe rather
than the write end, the waiting writer is properly signaled. A nice side-effect
of this change is that errors encountered by io.Copy are now propagated to the
verifier's Write method.
A test to ensure validation errors for unsupported digest types has been added,
as well.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Closes#10191
Allow `docker build` to set --cpu-shares, --cpuset, --memory,
--memory-swap for all containers created by the build.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Currently the http clients used by auth use the default tls config. The config needs to be updated to only support TLS1.0 and newer as well as respect registry insecure configuration.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Following bugs are fixed:
1.Handle out of bound cursor movements: vi in busybox sets cursor
to (999,999) expecting it to be set to right, bottom correctly.
2.Correctly determine redirected non-terminal file.
Signed-off-by: Sachin Joshi <sachin_jayant_joshi@hotmail.com>
* fixes#10001
* test for global subnets <= 80
* test for global subnets > 80
* test link local allocations
* test duplicated addresses
* test regression from bug #11427
Signed-off-by: Christian Simon <simon@swine.de>
When docker push get response with unknown HTTP status, docker daemon
print:
"Error: Status XXX trying to push repository XXX: XXX"
But when docker pull meets response with unknown status code, it gives:
"HTTP code: XXX"
This commit helps docker pull print more detailed error info like push
does, so push and pull can behave consistently when error happens.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
$ docker run -ti --rm -m 300M --memory-swap=-1 ubuntu:14.04
WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.
root@813aafc019d5:/#
When we disable memoryswap, it should not warning swap limit not support.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
When the deamon starts up with log level set to INFO it will show something
like this:
```
INFO[0000] Loading containers: start.
................................................................
INFO[0000] Loading containers: done.
```
where the dots represent containers in the system.
When you run with log level set to "error" it will still show the dots
w/o the "Loading..." lines before and after which looks really odd.
This PR will fix it so that the dots are only shown IFF the "Loading..."
lines are also shown
Signed-off-by: Doug Davis <dug@us.ibm.com>
The default for rlimit handling should be to inherit the rlimit of the
daemon unless explicitly set.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Currently the daemon will not stop on error because the serve API job is
blocking the channel wait for daemon init. A better way is to run the
blocking serve API job as a goroutine and make sure that error
notification gets back to the main daemon thread (using the already
existing channel) so that clean shutdown can occur on error.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
# The first commit's message is:
Updating Ubuntu installation to use wget; eliminating elo
Signed-off-by: Mary Anthony <mary.anthony@docker.com>
# This is the 2nd commit message:
Adding in James comments
Signed-off-by: Mary Anthony <mary@docker.com>
Add ability to refer to an image by repository name and digest using the
format repository@digest. Works for pull, push, run, build, and rmi.
Signed-off-by: Andy Goldstein <agoldste@redhat.com>
Copied code from CmdSave into CmdExport. This should work, not an expert in the API calls being made. But it does make more sense to have a consistent export/save flag.
Signed-off-by: Joseph Kern <joseph.a.kern@gmail.com>
checkpoint before edits on the export functions
Signed-off-by: Joseph Kern <joseph.a.kern@gmail.com>
Added an --output flag to docker export and created tests.
Signed-off-by: Joseph Kern <joseph.a.kern@gmail.com>
White space cleanup.
Signed-off-by: Joseph Kern <joseph.a.kern@gmail.com>
Docker-DCO-1.1-Signed-off-by: Joseph Kern <jkern@semafour.net> (github: jfrazelle)
checkpoint before edits on the export functions
Signed-off-by: Joseph Kern <joseph.a.kern@gmail.com>
White space cleanup.
Signed-off-by: Joseph Kern <joseph.a.kern@gmail.com>
Added text to reflect a new output option for the export command.
Signed-off-by: Joseph Kern <joseph.a.kern@gmail.com>
Whitespace clean up
Signed-off-by: Joseph Kern <joseph.a.kern@gmail.com>
Added man page documentation for the new --output flag in export
Signed-off-by: Joseph Kern <joseph.a.kern@gmail.com>
- command.Commands was missing "Label"
- used the correct error string in dispatcher when LABEL has no args, otherwise
the test TestBuildMissingArgs will not work
- removed the premature error msg in line_parser that was blocking the
label() func in dispatcher from showing the err msg in previous bullet
- since LABEL uses the env parser it needs to be added to the replaceEnvAllowed
list so that proper quote processing will be done. Especially once
PR #10431 is merged.
Signed-off-by: Doug Davis <dug@us.ibm.com>
This makes APT be appropriately aggressive about removing packages it added due to `Recommends` or `Depends` if the packages they were added for are removed (even if other packages only have the softer `Suggests` relationship).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Windows client being official supported, publish Docker client Windows
binaries as part of the release.sh script.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Currently when registry error strings contain new line characters only the last line is displayed to the client. Quote the string to ensure the client can see the entire body value.
fixes#11346
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Currently when the registry ping is sent, it creates the request directly from http.NewRequest instead of from the http request factory. The request factory adds useful header information such as user agent which is needed by the registry.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This modifies iptables.Exists so that it must be called with an explicit
table and chain. This allows us (a) to generate an appropriate command
line for "iptables -C", which was not previously possible, and (b) it
allows us to limit our strings.Contains() search to just the table and
chain in question, preventing erroneous matches against unrelated rules.
Resolves#10781
Signed-off-by: Lars Kellogg-Stedman <lars@redhat.com>
It is implemented by intercepting and interpreting the output
escape sequence by calling win32 console apis.
In addition the input from win32 console is translated to linux keycodes
Signed-off-by: Sachin Joshi <sachin_jayant_joshi@hotmail.com>
After the new libcontainer API, the reexec.Self() output of the daemon
binary is used as the libcontainer factory InitPath. If it is relative,
it can't be found at container start time. This patch solves the
problem by making sure that we return a rooted/absolute path if a
relative path is used.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
This requires that any environment where we wish to run the integration-cli tests includes both the `Dockerfile` and `curl`, which has been deemed an appropriate and acceptable trade-off.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
The STDOUT behavior of cp is not yet released in 1.50 so removed.
Also, tested against 1.5 all other behaviors and extended documentation to match.
Renamed HOSTPATH to HOSTDIR to give a self documenting name.
Adding back in the references to STDOUT
fix the command string
Entering Doug's comment re append and ~/tmp/foo in the glass
Adding in Doug's comments regarding PATHs and missing |-
Updating with James comments
Signed-off-by: Mary Anthony <mary@docker.com>
Update pull code to consider any layer download or new tag as an update.
Update hello-world frozen image to be explicitly tagged as frozen, to not interfere with pull tests. The hello-world is used by pull tests because of its small size and there is no other official image with such a size.
fixes#11383
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Instead of just printing a warning and going on, this will generate
an error and stop processing.
This used to be part of #10561 but I decided it might need its own
independent discussion/PR as to not derail #10561.
Signed-off-by: Doug Davis <dug@us.ibm.com>
This also removes the now-defunct `*maintainer*.sh` scripts that don't work with the new TOML format, and moves a couple not-build-or-release-related scripts to `contrib/` instead.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Adds more documentation for labels and adds the label instruction to the
man-pages.
Also included is a document called "Labels - custom meta-data in Docker"
in the user-guide, this is still a work-in-progress I started to describe
the "namespaces" conventions, an example on storing structured data.
I ran a bit "out of steam" (writers block?) on that document, but kept
it in (for now), in case it still ends up useful.
The Remote API documentation changes will need to be moved to the
docker_remote_api_v1.18.md document when rebasing the whole PR.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Darren Shepherd <darren@rancher.com>
Save "LABEL" field in Dockerfile into image content.
This will allow a user to save user data into an image, which
can later be retrieved using:
docker inspect IMAGEID
I have copied this from the "Comment" handling in docker images.
We want to be able to add Name/Value data to an image to describe the image,
and then be able to use other tools to look at this data, to be able to do
security checks based on this data.
We are thinking about adding version names,
Perhaps listing the content of the dockerfile.
Descriptions of where the code came from etc.
This LABEL field should also be allowed to be specified in the
docker import --change LABEL:Name=Value
docker commit --change LABEL:Name=Value
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
See also https://bugs.gentoo.org/show_bug.cgi?id=536546:
```console
$ docker run learn/tutorial echo "hello world"
FATA[0001] Error response from daemon: Cannot start container 1d0c0ca5cc7f39a271ec40c1479a80bffb7190fab97392b3453a1fc0b2dc8e78: mountpoint for cpuset not found
```
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Unless `file` is wrapped with buffered reader, `fmt.Fscanf` will read
just one byte and terminate with `EOF`.
Signed-off-by: Michal Minar <miminar@redhat.com>
This uses a bit of on-disk state in our export directory to emulate our associative array for generating the "repositories" JSON file.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
In several cases graphdriver were just returning the low-level syscall
error and that was making it all the way up to the daemon logs and in
many cases was difficult to tell it was even coming from the graphdriver
at all.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
`docker rmi` output in docs/sources/reference/commandline/cli.md
is different from real scene. This commit fixes it.
Signed-off-by: Deng Guangxing <dengguangxing@huawei.com>
This adds two more tables to the run reference documentation.
- the list of 'modes' for Network settings is now a table.
- the "note" for `--net="host"` was moved from the list to the detailed
description.
- the 'options' for "Runtime constraints on CPU and memory" are
now a table
- slightly re-worded the description for "memory" options, e.g.
"It is not allowed..." was rewriten to "The *container* is not allowed..."
- fix example in "Runtime privilege, Linux capabilities, and LXC configuration"
being indented twice
- slightly reduced indenting in some `usage` output to be better readable.
- fixes a typo `/ets/hosts` -> `/etc/hosts`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
As we started running CI machines on Azure cloud and Azure
doesn't have ICMP stack implemented by replacing
`ping 8.8.8.8` with `nslookup google.com`.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Fixes#11315
After rename occured the graphdb was updated but the container struct
was never commited back to disk, so on daemon restart it loads the old
name again.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This fixes the `docker events`-related tests as they have been
failing due to clock skew between CI machine and test daemon on
some other machine (even 1-2 seconds of diff causes races as
we pass local time to --since/--until).
If we're running in same host, we keep using time.Now(), otherwise
we read the system time of the daemon from `/info` endpoint.
Fixes pretty much all events-related tests on windows CI.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Clear the cache for all files. Don't worry about what changed.
Move the docs release script back to the docker/docker repo, so we all can
easily watch the changes.
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
In fact, it doesn't work as the bare `\` backslashes are now preserved
and therefore are not valid regex matches on any test, making it not run
any tests at all. I assume at some point there was a process in the
pipeline that needed escaping, but on master (for quite a while) this
has not worked.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
A minor thing, but I noticed that the "Reference" drop-down menu just
says "Command line". This was fine when we just had one command line,
but now there's also 'Compose command line' and I suspect we may add
others later. We should qualify the Docker one with the word "Docker"
in front
Signed-off-by: Doug Davis <dug@us.ibm.com>
FROM scratch
ADD echo /
RUN [ "echo" ]
will die with
exec: "/bin/sh": stat /bin/sh: no such file or directory
Signed-off-by: Doug Davis <dug@us.ibm.com>
delete unecessary blank after "[OPTIONS] "
and add a blank to the log between options and signature.
To make the code style consistency.
Signed-off-by: Zen Lin(Zhinan Lin) <linzhinan@huawei.com>
An earlier commit was causing docker windows CLI build to not to pick up
the shorthand form for home directory (`%USERPROFILE%`) shown in when
`docker --help` is executed.
Fixing that bug and making the if statement concise and clear.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
This change enables `fakeGIT()` to use the new `fakeStorage`
server which is automatically starting a container on the remote test
daemon machine using the git repo directory (when requested).
Fixes the following tests:
- `TestBuildApiLowerDockerfile`
- `TestBuildApiBuildGitWithF`
- `TestBuildApiDoubleDockerfile` (skipped on windows: NTFS case-insensitive)
- `TestBuildFromGIT` (still needs local server)
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Cgroup resources are host dependent, they should be in hostConfig.
For backward compatibility, we just copy it to hostConfig, and leave it in
Config for now, so there is no regressions, but the right way to use this
throught json is to put it in HostConfig, like:
{
"Hostname": "",
...
"HostConfig": {
"CpuShares": 512,
"Memory": 314572800,
...
}
}
As we will add CpusetMems, CpusetCpus is definitely a better name, but some
users are already using Cpuset in their http APIs, we also make it compatible.
The main idea is keep using Cpuset in Config Struct, and make it has the same
value as CpusetCpus, but not always, some scenarios:
- Users use --cpuset in docker command, it can setup cpuset.cpus and can
get Cpuset field from docker inspect or other http API which will get
config info.
- Users use --cpuset-cpus in docker command, ditto.
- Users use Cpuset field in their http APIs, ditto.
- Users use CpusetCpus field in their http APIs, they won't get Cpuset field
in Config info, because by then, they should already know what happens
to Cpuset.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
This change adds daemon's system time as RFC3339Nano to the `/info` endpoint
and shows in a more readable format (UnixDate) in `docker -D info` output.
I will be using this to fix the clock skew between the remote test host and
the CI machines running `docker events`-related tests as they're using `--since`
and `--until` and the timestamps are not matching when daemon is not on the
same machine.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
We should warn users who use the `--dns` command line option to point
DNS to a localhost address, either IPv4 or IPv6. Unless they have
specifically set up the container as a DNS server or are using
--net=host (which is why this should be allowed, but warned on because
those are pretty unique cases) a localhost address as a resolver will
not reach what they might expect (e.g. expecting it will hit localhost
on the Docker daemon/host).
Added a test for the message, and fixed up tests to separate stdout and
stderr that were using `--dns=127.0.0.1` to test the options.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Thanks to @ahmetalpbalkan for noticing... we had an old check in this
testcase that no longer applied (due to stuff being removing recently).
However, while in there I added a check to make sure that the file referenced
by the query parameter isn't used at all.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Manifest is now generated during a v2 push, not relying on previously generated hashes. When pushing a layer, the hash is directly calculated from the tar contents which will be pushed. Computing the hash on push ensures that the hash contents always match what is seen by the registry. This also mitigates issues with tarsum differences and permits using pure SHA digests.
Additionally the new manifest function is moved to the unit tests since it is no longer called outside the tests.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This makes it much simpler to add new "frozen" images -- simply add them to the `Dockerfile` and in `hack/make/.ensure-frozen-images` and you're off to the races.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
This also updates the comments at the top of the file to note that `-v /var/lib/docker` should be supplied for running `test-integration-cli` and that `hack/dind` is actually also required for `test-unit`.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
parser_test only needed the directory-names for
the tests to run. This replaces f.Readdir() with
f.Readdirnames() to only return the names.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When we run `docker login` we will be asked to input our username.
Prior to this PR, "userA" and " userA" will be considered as two
diferrent user, which is not right.
Signed-off-by: Hu Keping <hukeping@huawei.com>
Implemented a FakeStorage alternative that supports spinning
up a remote container on DOCKER_TEST_HOST to serve files over
an offline-compiled Go static web server image so that tests which
use URLs in Dockerfile can build them over at the daemon side.
`fakeStorage` function now automatically chooses if it should
use a local httptest.Server or a remote container.
This fixes the following tests when running against a remote
daemon:
- `TestBuildCacheADD`
- `TestBuildCopyWildcardNoFind`
- `TestBuildCopyWildcardCache`
- `TestBuildADDRemoteFileWithCache`
- `TestBuildADDRemoteFileWithoutCache`
- `TestBuildADDRemoteFileMTime`
- `TestBuildADDLocalAndRemoteFilesWithCache`
- `TestBuildADDLocalAndRemoteFilesWithoutCache`
- `TestBuildFromURLWithF`
- `TestBuildApiDockerFileRemote`
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
This patch adds detail on how the host's `/etc/resolv.conf` file is
filtered when creating the copy for the container.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Previously on error either from the daemon or from the api it is just
exiting with exit status 1 but not performing a shutdown.
This can produce insconsistent state depending on where the error came
from.
This makes sure that before we exit on error that the engine gets fully
shutdown.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Read `/proc/sys/net/ipv4/ip_local_port_range` kernel parameter to obtain
ephemeral port range that now sets the boundaries of port allocator
which finds free host ports for those exported by containers.
Signed-off-by: Michal Minar <miminar@redhat.com>
This cleans up the recently added project docs and
fixes some minor issues.
- remove inline styles where possible
- add redirects for renamed/replaced documents
- add styles for GitHub labels to match the style on GitHub
- fix minor markdown issues causing some code-blocks
to be shown as text
- wrap the documents to 80-chars
- use 4 spaces in stead of tabs for identing and remove
trailing whitespace/redundant blank lines
- optimized 'gordon' image
NOTE:
This alternative commit/PR re-introduces some inline
styles because the docs/base image has not yet been
updated for the current docs.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Windows CI fails to dial remote test host over tcp in the test cases where
we clear environment variables during `exec(dockerBinary, ...)` in the
absence of `SystemRoot` environment variable (typically points to `c:\windows`).
This fixes tests:
- `TestRunEnvironmentErase`
- `TestRunEnvironmentOverride`
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Private registries should support having images pushed with only a single name component (e.g. localhost:5000/myapp).
The public registry currently requires two name components, but this is already enforced in the registry code.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
The call to io.Copy was not being checked for errors at a critical point in the
pull logic. This patch will log the error value if not nil.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
`TestCliProxyDisableProxyUnixSock` verifies that HTTP_PROXY env var is
used when DOCKER_HOST is not set and cli connects to `unix://...` by
default.
In the windows/darwin CLI CIs, daemon is on remote host and we always
connect via `tcp://`, therefore this test fails very straight. Skipping
this test to run only on "same host daemon" assumption.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
"docker create" for data containers should specify a dummy command to
avoid accidential "docker start" to cause unexpected data loss.
Signed-off-by: Hong Xu <hong@topbug.net>
TestRunCidFileCleanupIfEmpty fails on windows/mac because the test runs
the command `docker run scratch` and it gives the following error:
Unable to find image 'scratch:latest' locally
Pulling repository scratch
511136ea3c5a: Download complete
FATA[0004] 'scratch' is a reserved name
I am not entirely sure if this is a test issue or not but I had a quick
workaround by creating another image using `FROM scratch` and using that.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
They used single-quotes (') in the exec-form of onbuild run command
and things blew up. They asked to fix the man page to explain why.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
The tests end up overwriting the `dockerfile` with `Dockerfile` since
windows filesystems are case-insensitive. The following methods are
skipped:
- TestBuildRenamedDockerfile
- TestBuildFromMixedcaseDockerfile
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
daemon/volumes.go
This SetFileCon call made no sense, it was changing the labels of any
directory mounted into the containers SELinux label. If it came from me,
then I apologize since it is a huge bug.
The Volumes Mount code should optionally do this, but it should not always
happen, and should never happen on a --privileged container.
The change to
daemon/graphdriver/vfs/driver.go, is a simplification since this it not
a relabel, it is only a setting of the shared label for docker volumes.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Added link to original issue and clarified text so someone without any
background on the original issue can understand why the test exists.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
The overlay filesystem does not support inotify at this time. The
resolv.conf updater test was passing on overlay-based Jenkins because of
a fluke--because it was DIND, /etc/resolv.conf on the "host" was really
a bind-mounted resolv.conf from the outer container, which means a watch
directly on that file worked as it was not overlay backed. The new test
(from #10703) unmounts the bind-mounted copy to test create and modify
code-paths, which caused us to hit the issue.
This PR also adds a note to the docs about the lack of auto-update when
using the overlay storage driver.
See https://lkml.org/lkml/2012/2/28/223 for more info on inotify and
overlay.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
We could use EXPOSE ip:hostPort:containerPort,
but actually it did as EXPOSE ::containerPort
commit 2275c833 already warned user on daemon side.
This patch will print warning message on client side.
Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
This moves some information on restart-policies from
the "command line" page to "run reference".
Also fixes some minor typos and adds a "NOTE"
about --rm and --restart not allowed to be combined.
Also removes inline CSS styles from tables,
which will be styled by the stylesheet, and fixes
some minor MarkDown errors (`<` -> <)
depends on https://github.com/docker/docs-base/pull/1resolves#11069
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This change modifies the chmod bits of build context archives built on
windows to preserve the execute bit and remove the r/w bits from
grp/others.
Also adjusted integ-cli tests to verify permissions based on the platform
the tests are running.
Fixes#11047.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
The original description has some mistakes and lack of many useful
information, I rewrite them to make it accurate and complete.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Closes#10807
Adds support for `dockerfile` ONLY when `Dockerfile` can't be found.
If we're building from a Dockerfile via stdin/URL then always download
it a `Dockerfile` and ignore the -f flag.
Signed-off-by: Doug Davis <dug@us.ibm.com>
and add a testcase to catch this in the future.
While in there I also:
- removed extra periods from the few options that had them (new test)
- made the --filter option consistent across all command
Signed-off-by: Doug Davis <dug@us.ibm.com>
This is the absolute bare minimum necessary to compile and test Docker -- this is going to be especially useful for testing and verifying assumptions.
With this, we can setup a Jenkins job that tests to ensure that all the work we do to make sure our build scripts and tests don't contain assumptions is not effort spent in vain.
This is important because this is the kind of bare-bones stock environment our packagers build in. Additionally, this verifies that our scripts will work reasonably on other platforms (such as Darwin and Windows) as well.
Assumptions existing tests make that currently fail:
- `registry-v2` exists as a binary in `$PATH` (FIXED IN #11005🎉)
- `unprivilegeduser` exists as a user in `/etc/passwd`
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
This downloads a specific image ID of `busybox:latest` from the Hub directly (within the `Dockerfile`, ready for `docker load`) instead of grabbing the source from GitHub and doing a `docker build` at daemon start time. This ensures the test suite runs more consistently.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
If `.bashrc` exists at the root of the source tree, it will be used as the `~/.bashrc` inside the container.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
The document referenced https but was using the http port. I changed the
examples from https to http.
Also, fyi, when I tried accessing https using the correct 443 port, it
did not work. I have not investigated why. Port 80 worked fine.
For me:
jay-mac:.ssh jay$ docker port web
80/tcp -> 0.0.0.0:49153
443/tcp -> 0.0.0.0:49154
jay-mac:.ssh jay$ boot2docker ip
192.168.59.103
works: http://192.168.59.103:49153/
fails: https://192.168.59.103:49154/
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Instead of applying it only for the final `chroot`, this adds a chroot helper function to apply it appropriately for every chroot, including making sure that we find `chroot` in our current host `PATH` in case it's in a strange place.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
when running in the chroot, it would be expected to have a Debian-ish environment,
most important the PATH variable. Otherwise the host PATH would be used which can wrong
for Debian, especially if the host is Arch (which doesn't have /bin, /sbin or /usr/sbin).
Signed-off-by: Damjan Georgievski <gdamjan@gmail.com>
Use `-it` combination in example instead of `-ti`, because this is how it used everywhere in examples.
Update dockerfile_best-practices.md
Fix typo in command name
Signed-off-by: Dmitry Gusev <dmitry.gusev@gmail.com>
If the tests are running outside a container (i.e.
executed without `make test`), we are using a `busybox`
pulled from Docker Hub (not jpatezzo's docker-busybox).
That one adds an extra
`PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin`
env var all the time and that messes the test `TestCommitChange`.
That's currently breaking the windows CI.
I'm keeping the same PATH here but making it explicit
so that it's always set and we verify what we set. It's actually the same
thing if I set `ENV PATH foo` here but I thought it may lead to some
problems hard to debug in the future.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Update the "Docker Remote API Client Libraries" documentation page to
include a reference to the Go-based docker-reg-client package.
Signed-off-by: Brian DeHamer <brian@dehamer.com>
Fixes: 10855
The example was actually incorrect for many situations, and also, now
that we have IPv6 we should not that the example is for IPv4 and note
how to find IPv6 addresses. Also, the device they want to connect to
could be the bridge, or main ethernet device, or some other device
name, so note that as well.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Some pull/push tests are launching `registry-v2`
binary which is compiled and installed if the tests
are running in-container through `make test-integration-cli`.
However, registry is not supported to run on non-linux
platforms and we can't really spin up any registry-v2
containers in the remote DOCKER_TEST_HOST at this point.
Just skipping those with the new TestRequirement called
`RegistryHosting`.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
`TestRunBindMounts` requires daemon to be on the same host.
Running this cli test on Linux is fair enough coverage for
this functionality and we can skip this for platforms where
daemon cannot run side-by-side with the cli for now.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Currently TestBuildRenamedDockerfile fails since passing
custom dockerfile paths like:
docker build -f dir/file .
fails on windows because those are unix paths. Instead, on
windows accept windows style paths like:
docker build -f dir\file .
and convert them to unix style paths using the helper we
have in `pkg/archive` so that daemon can correctly locate
the path in the context.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Use the new `runCommandPipelineWithOutput` helper to
remove bash dependency required for piping in
`TestSaveDirectoryPermissions`.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
This type is produced on the server side and is a type safe struct that
can be encoded to json. It is consumed via the client.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Move the stats structs from the api/stats package into a new package
api/types that will contain all the api structs for docker's api request
and responses.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
In addition to config env, `commit` now will also accepts a `changes` env which
is a string contains new-line separated Dockerfile instructions.
`commit` will evaluate `changes` into `runconfig.Config` and merge it with
`config` env, and then finally commit a new image with the changed config
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: rhatdan)
Instead of building the actual image, `build_config` will serialize a subset of
dockerfile ast into *runconfig.Config
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Create container job could fail because a container specified with
`--volumes-from` does not exist. This error is not propagated to client
though. Instead it's recognized by higher levels as "image not found".
Client then tries to pull the image and launch the container again.
This patch changes the lower level error message so that it's not
recognized as "image not found" and thus it's propagated to client.
Signed-off-by: Michal Minar <miminar@redhat.com>
Phil has been very active across the repository for a few months now.
He has not only triaged issues but also contributed to features and bug
fixes and is a very active participant on the project.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
zsh completion is updated with the content of
felixr/docker-zsh-completion.
ef4a3fce0437 Update completion for `wait' as per 1.5.0
ace5aa9c1282 Add completion for `stats'
91f112834865 Update completion for `search' as per 1.5.0
a5e4febe4bf6 Update completion for `save' as per 1.5.0
1cdbdb18a384 Add completion for `rename'
2f004bb724b9 Update completion for `pull' as per 1.5.0
773b88e0885b Update completion for `logs' as per 1.5.0
c57e5d5c4551 Update completion for `load' to favor archive files
9af7d12b487e Update completion for `images` as per 1.5.0
0d59e66aff30 update completion for `exec' to complete on commands
46b6c66760d7 Update completion for `events' as per 1.5.0
307e0bdc4c34 Update completion for `commit' as per 1.5.0
c4b331f38cc4 Update completion for `build' as per 1.5.0
Also added myself in the `MAINTAINERS` file.
Signed-off-by: Vincent Bernat <vincent@bernat.im>
Some integration-cli tests assume daemon and cli are running
on the same machine and therefore they examine side effects
of executed docker commands on docker host by reading files
or running other sort of commands.
In case of windows/darwin CLI tests these provide little
or no value and should be OK to skip.
List of skipped tests:
- `TestContainerNetworkMode`
- `TestCpVolumePath`
- `TestCreateVolumesCreated`
- `TestBuildContextCleanup`
- `TestBuildContextCleanupFailedBuild`
- `TestLinksEtcHostsContentMatch`
- `TestRmContainerWithRemovedVolume`
- `TestRunModeIpcHost`
- `TestRunModeIpcContainer`
- `TestRunModePidHost`
- `TestRunNetHost`
- `TestRunDeallocatePortOnMissingIptablesRule`
- `TestRunPortInUse`
- `TestRunPortProxy`
- `TestRunMountOrdering`
- `TestRunModeHostname`
- `TestRunDnsDefaultOptions`
- `TestRunDnsOptionsBasedOnHostResolvConf`
- `TestRunResolvconfUpdater`
- `TestRunVolumesNotRecreatedOnStart`
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
This way, we only leave around autogenerated files if the build fails (which is reasonable IMO, since that's when you'd need them for debugging the build failure).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
This optimizes a number of images and removes a duplicate image.
Also consolidated images in the 'docker-hub' section.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
1. Docker require to run before redis container run.
2. 'start' command can not accept more options like "run -e xx ..."
3. Remove wrong command 'Author='
Signed-off-by: Daniel YC Lin <dlin.tw@gmail>
Despite being wrong we are kinda calling our users dumb, I feel it is a bit
demeaning. As well as just wrong.
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
Skip tests based on remote daemon's exec support (to exclude
these tests from `make test` ran in LXC case). Makes use of
`test_no_exec` build tag passed by build scripts.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Shout out to @estesp for the idea. Some use cases of
`readContainerFile` can be replaced with `docker exec $id cat $file`.
This helper method can eliminate the requirement that
host/cli should be on the same machine.
TestRunMutableNetworkFiles and TestRunResolvconfUpdater still
need to access the docker host filesystem as they modify
the file directly from there assuming cli and daemon are
on the same machine.
This fixes TestLinksUpdateOnRestart and TestLinksHostsFilesInject
for Windows CI.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
In its current form, if an error message has two trailing "\n" instead
of one, an empty line is resulted (see engine/job.go for an example of
such usages).
Skipping all trailing whitespaces will give a better error message.
Signed-off-by: Nghia Tran <nghia@google.com>
Some of the links in this document contained hard-wrapped URL portions, which causes Markdown to insert a literal URL encoded `\n` inside the link, thus breaking them.
Signed-off-by: Bradley Wright <brad@intranation.com>
This fixes a few misuses of `deleteAllContainers()` cleanup
method in integration-cli suite by moving call to the
beginning of the method and guaranteeing their execution
(including panics) with `defer`s.
Also added some forgotten cleanup calls while I'm at it.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
`docker build -q .` where Dockerfile contains a RUN cmd will hang on the
RUN. It waits for the output stream to close but because of -q we never
attached to the container and end up waiting forever.
The fact that no one noticed this tells me that people may not actually
use -q and if so I wonder if it would make sense to make -q work the may
it does for other commands (like `docker ps`) and make it so it only
shows the container ID at the end. A -q/quiet option that only hides the
container RUN output apparently isn't really that useful since no one is
using it. See: https://github.com/docker/docker/issues/4094
Signed-off-by: Doug Davis <dug@us.ibm.com>
TestBuildAddBadLinks used to build a path by
concenating unix-style forward slashes. Fixed that
by providing a windows-equivalent using `runtime.GOOS`.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Although this doesn't fix the test (os.Symlink is not yet
implemented for Windows), this prevents unix-style paths
from being passed to os.Symlink. Also makes code cleaner
for linux.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Skipping some of the tests closely tied to running in a
unix environment. Windows does not support chmod/chown
and this causes some tests to fail creating desired
behavior.
- `TestBuildWithInaccessibleFilesInContext`: uses chown/chmod
- `TestBuildDockerfileOutsideContext`: uses os.Symlink, not implemented on
windows
- `TestCpUnprivilegedUser`: uses chmod, and requires 'unprivilegeduser'
created by Dockerfile (and thus requires to run inside container)
- `TestBuildChownSingleFile`: uses chown
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
NetworkManager updates resolve.conf by replacing the current file
with an updated one. This change enables docker to listen for these
events.
Signed-off-by: Sami Wagiaalla <swagiaal@redhat.com>
The most obvious use case is when one wants to make sure as fast
as possible that a command is a valid Dockerfile command.
Signed-off-by: kargakis <kargakis@users.noreply.github.com>
This fixes `TestVolumesNoCopyData` for test execution on
windows by passing a unix-style path as volume even though
it's running on windows.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
estesp noticed that when $HOME is / the ~ substitutions messes up
becuase it tries to replace all paths that start with "/" with "~".
This fixes it so that it will only replace it when $HOME isn't "/".
Signed-off-by: Doug Davis <dug@us.ibm.com>
Fixes#10426
Because of the ability to easily overload the shell max argument list
length once the image count is several hundred, `docker load` will
start to fail because of this as it passes an excludes list of all
images in the graph. This patch uses an environment variable with the
json marshalled through it to get around the arg length limitation.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
`TestBuildRenamedDockerfile` tests hard-code unix-style
path building. Made use of `path/filepath` to make these
tests work on Windows as well.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Currently when containers are linked the alias name (e.g. from `--link
name:alias`) is added to the parent container's `/etc/hosts` with a
reference to the IP of the linked container. Some software requires
using the official hostname or node name in operations that need to
match on those values, and it is therefore helpful if the parent
container can refer to the child/link using those same values and still
access the same IP.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Fixes: #10701
Updates the IPv6 documentation and images to reflect the more modern
`ip -6` command set versus `route` and `ifconfig`. Also removes the
use of the special 2002: address range as that is reserved for 6to4
addressing, as well as use of any public address range and re-works the
switched routing example to use 3 subnets of the documentation IPv6
prefix range.
Also conformed all use of addresses to the same doc range per @MalteJ's
commit.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Signed-off-by: Malte Janduda <mail@janduda.net>
This makes use of `%USERPROFILE%` as a substitute for
`~` on Windows and prints shorter strings for default
cert paths etc.
Also removes string escaping/quotes around default
path values printed in `docker help` command as they
are not really necessary and adds double backslashes
(\\) on windows.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
In order to fit printed messages to fit 80 chars,
rewording messages for `-H` and `--tls` flags.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Since `cirros.tar.gz` only existed to test `docker import`'s display and
presence in `docker events`, we can instead just use `docker export`
piped directly to `docker import` to achieve the same goal without
another external dependency besides `busybox` (which we already have).
While I was at it, I updated `TestImportDisplay` to also test that the
imported image actually runs successfully as well (so we're testing the
full import round-trip).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Use `env -i` to very explicitly control exactly which environment variables leak into our tests. This enforces a clean separation of "build environment knobs" versus "test suite knobs".
This also includes a minor tweak to how we handle starting our integration daemon, especially to catch failure to start sooner than failing tests.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Mainly to make sure we don't treat the -f value as relative to the
root of the build context, but instead it must be relative to the current
dir.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Some of the `docker cp` tests were using `path/filepath` to
craft unix paths. This wouldn't work on Windows since filepath
is platform-dependent.
Moved code to `path` as much as possible and hacked away some
`path/filepath` functionality that doesn't exist in `path` pkg.
This fixes the following test cases:
- `TestCpGarbagePath`
- `TestCpRelativePath`
- `TestCpAbsoluteSymlink`
- `TestCpSymlinkComponent`
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
This change enables TestRunSetMacAddress to run on windows
without `bash` dependency. Also `defer`red call of cleanup
method.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
The test case `TestImagesFilterWhiteSpaceTrimmingAndLowerCasingWorking`
fails based on time because it uses full `docker images` output and
value in the `CREATED` column turns from `A minute ago` to `2 minutes ago`
in the middle of execution and output comparison fails.
Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
This removes `bash` dependency from save/load integration tests.
It used to call `/bin/bash -c 'c:\...\docker.exe'` which is not valid.
Also removed usage of tempdirs and temp files for saving/loading
repos. All are now done using in-memory pipes and buffers.
Created `runCommandPipelineWithOutput` helper to replace the
`/bin/bash -c 'a | b | c'` using pipes and returning output from
last command in the pipeline. This makes the code even shorter
and readable.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Currently pkg/archive stores nested windows files with
backslashes (e.g. `dir\`, `dir\file.txt`) and this causes
tar not being correctly extracted on Linux daemon.
This change assures we canonicalize all paths to unix
paths and add them to tar with that name independent of platform.
Fixes the following test cases for Windows CI:
- TestBuildAddFileWithWhitespace
- TestBuildCopyFileWithWhitespace
- TestBuildAddDirContentToRoot
- TestBuildAddDirContentToExistingDir
- TestBuildCopyDirContentToRoot
- TestBuildCopyDirContentToExistDir
- TestBuildDockerignore
- TestBuildEnvUsage
- TestBuildEnvUsage2
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
source /etc/bash_completion.d/docker.io was not working for me, since the file is called docker, not docker.io.
There might be versions with 'io' ending; star is general enough.
Signed-off-by: Ferenc Szabo <pragmaticfrank@gmail.com>
Or else we can violate array range boundaries in:
out = strings.Split(out, ":")[1]
and get runtime error.
We got this runtime error when run TestRunPortFromDockerRangeInUse
Somehow docker goes silently if it cannot publish port because
of no bridge.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@parallels.com>
Some tests in `docker_api_containers_test.go` assume the
docker daemon is running at the same machine as the cli
and uses `ioutil.TempDir` to create temp dirs and use them
in the test.
On windows ioutil.TempDir and os.TempDir would create win-style
paths and pass them to daemon. Instead, I hardcoded `/tmp/` and
generate some random path manually and allow daemon to create
the directory.
Fixes tests:
- TestContainerApiStartVolumeBinds
- TestContainerApiStartDupVolumeBinds
- TestVolumesFromHasPriority
Downside:
- Does not clean the temp dirs generated on the remote daemon
machine unless delete container deletes them.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
If DOCKER_CLIENTONLY is set for test-integration-cli, we don't set
the 'daemon' build tag. 'isRemoteDaemon' will help us skip such
tests without a need to move them to a separate file and accidentally
lose track of them.
Added `testRequires` function to skip tests based on predefined
conditions evaluated in runtime. This way we can easily extend test
requirements like:
testRequires(t, Networking, SameHostDaemon, Linux)
Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
TestCliProxyDisableProxyUnixSock runs `docker info` by
clearing env however if the daemon is set up to run in a
different machine (e.g. Windows CI case) it does not make
use of DOCKER_TEST_HOST and tries to connect unix sock.
This fix injects DOCKER_HOST back to the test.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
A comment in https://github.com/docker/docker/issues/6354#issuecomment-74160215
brought to light that the "Managing Data in containers" section contained an
incorrect (or confusing) line;
"Volumes persist until no containers use them"
Which implies that volumes are automatically removed if they are no longer
referenced by a container.
This pull-request attempts to add some information explaining that volumes are
never automatically removed by Docker and adds some extra hints on working
with data volumes.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
For Windows, we run integration-cli with DOCKER_TEST_HOST env var b/c
daemon is on some remote machine. This keeps the DOCKER_HOST set by
bash scripts in the env.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Fixes TestRmiForceWithExistingContainers test to make it use
`busybox` image rather than /docker-busybox hardcoded path
and rebuilding image.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
TestEventsUntag requires a `timeout` command which does not
exist on OS X or Windows (in fact, windows has a totally different
timeout program and this test was accidentally using it).
- Created runCommandWithOutputForDuration.
This entirely replaces runDockerCommandWithTimeout and
removes dependency to `timeout` command.
- Made runDockerCommandWithTimeout reuse runDockerCommandForDuration.
TestEventsUntag works now on Windows.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Current uses of `makeRandomString` is to create really
long strings. In #10794, I used them to create nearly-unique
unix paths for the daemon. Although collions are harmless and
don't fail the tests, this prevents the same strings from being
created consistently in every run by seeding rand.Random.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
os.Exec("bash", "-c", dockerBinary) ends up making a call like
bash -c c:\...\docker.exe on windows msys shell, which does not work.
This test makes use of exec.Command.Stdin to pass image back to
docker import.
- Upside: fixes the test on windows
- Downside: cat/tee compatibility is no longer tested in this test case
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
It turns out the back-to-back `D`s here were tripping people up because visually, it looks like a typo. This renames the variable to `BIND_DIR`, but allows `BINDDIR` to continue working for backwards-compatibility.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Fixes newly introduced error flow from daemon.Get() in the link setup
code. Also added more detail to daemon.Get() comments for clarity.
Added test to test the bogus container link codepath.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Make the install script independent from the ubuntu keyserver by using
the sks-keyservers pool instead.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
TestBuildAddTarXz/TestBuildAddTarXzGz make exec calls like
'cd %SOME_TEMP_DIR%; xz test.gz' but this fails when called
from integration-cli tests (doesn't fail from msys or cmd shell).
It fails with error: "xz: test.tar: Cannot remove: Permission denied."
Proposing workaround of using the `xz --keep` argument since keeping
test.tar is harmless and it's already in os.TempDir().
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
TestGetContainersAttachWebsocket is currently broken on Windows CI tests
b/c it has hardcoded unix://var/run/docker.sock. This change makes use
of @icecrime's code in docker_utils and generalizes it with sockConn()
to provide a net.Conn by making use of DOCKER_TEST_HOST. Also fixes
the test.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
This fixes the build break in Jenkins Windows CI tests and
fixes TestInspectImage for Windows CLI.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Makes sure the CLI does not use HTTP_PROXY when connecting to unix
socket.
Also adds some tests to make sure this functionality works as expected.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
d1e9d07c introduces a dependency to libcontainer and other daemon
related packages through builder package. The only thing test needs
is set of the Dockerfile commands. Extracting them to a separate
package.
This was causing CI tests to not to compile on non-Linux platforms.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
subjectAltName=IP:x.x.x.x
this allows for connecting to the docker server from docker client
using the dns name OR using the IP address (lots of docker stuff
prefers IP addresses)
Signed-off-by: Greg Fausak <greg@tacodata.com>
pushV2Image() calls TarLayer() which returns an archive. One needs to
Close() the archive once done otherwise it will leave mounted devices
if devicemapper graph driver is being used.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
manifest code calls TarLayer() and gets archive. This archive needs to
be closed once caller is done using it to release the resrouces held
by archive. For the devicemapper graphdriver, archive keeps a device
mounted (device which is backing the layer). If archive.Close() is not
called, that device remains mounted and later deletion of device fails
leading to various other issues.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
The trust graph currently pulls the keys needed to verify official images. For non-official images this graph check is useless. To avoid hitting the key statement url when pulling from private v2 registries, restrict the check to official image pulls.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Pushing by image ID is not allowed in the Docker CLI and not supported by the registry. An unnamed image also cannot be pushed to a private registry, since no endpoint is specified and it will default to the hub. The hub also does not support this use case, therefore removing the code path is the best solution.
The ability to push a layer without a name is unsupported by the v2 registry.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
If you have a Dockefile with just:
FROM scratch
An error is generated but its never shown to the CLI. This PR fixes that.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Adding instructions to exit the test shell and a link to the user guide (as is done in the following sections for 12.04 and 13.04/10
Signed-off-by: Steven Koch <sjkoch@unm.edu>
set LimitCORE=infinity to ensure complete core creation,
allows extraction of as much information as possible.
Thanks to Ulrich Obergfell <uobergfe@redhat.com>
and Jeremy Eder <jeder@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Fixes: #10655
As noted in the issue, bad format was being returned even if the format
was appropriate, but the IP was invalid. This adds a better error
message for when the IP address fails validation.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Handles missed comments in PR#10622 and adds an API test to validate
error returned properly for duplicate bind mounts for the same
container target path.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
`openssl req -new -x509 -text -key client.key -out client.cert` creates a self-sign certificate but not a certificate request.
Signed-off-by: Wei-Ting Kuo <waitingkuo0527@gmail.com>
Reflow change in commit 195f3a3f removed newlines in the config format.
This change reverts the sample config to the original formatting, which
matches the actual config format of a `awsconfig` file.
Signed-off-by: Katie McLaughlin <katie@glasnt.com>
Introduced in Docker v0.4.5 / Remove API v1.1 (#848), the remote
parameter of the API method POST /build allows to specify a buildable
remote URL (HTTPS, HTTP or Git).
Signed-off-by: Vincent Giersch <vincent.giersch@ovh.net>
It's ambiguous to say that `ENV` is _functionally equivalent to prefixing the command with `<key>=<value>`_. `ENV` sets the environment for all future commands, but `RUN` can take chained commands like `RUN foo=bar bash -c 'echo $foo' && bash -c 'echo $foo $bar'`. Users with a solid understanding of `exec` may grok this without confusion, but less experienced users may need this distinction.
Signed-off-by: Michael A. Smith <msmith3@ebay.com>
Improve Environment Handling Descriptions
- Link `ENV` and `Environment Replacement`
- Improve side-effects of `ENV` text
- Rearrange avoiding side effects text
Signed-off-by: Michael A. Smith <msmith3@ebay.com>
This list is outdated. It could be updated instead of removed... but why should it be maintained? I do not see a reason.
Signed-off-by: João Bruni <contato@jbruni.com.br>
The link to project/MAINTAINERS.md was broken, in
addition, /MAINTAINERS containers more relevant
information on the LGTM process and contains info
about maintainers of all subsystems.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Fixes a few typos in IPv6 addresses. Will make it easier for users who
actually try and copy/paste or use the example addresses directly.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Update fixes some rendering issues, including improperly escaping '$' in
blocks, and actual parsing of blockcode.
`ID=$(sudo docker run -d fedora /usr/bin/top -b)` was being converted to
`ID=do docker run -d fedora/usr/bin/top -b)`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The docs around COPY/ADD already mentioned that it will do a relative
copy/add based on WORKDIR, so that part is already ok. Just needed to
tweak the WORKDIR section since w/o mentioning COPY/ADD it can be misleading.
Noticed by @phemmer
Signed-off-by: Doug Davis <dug@us.ibm.com>
Note: this deprecates the fine-grained, high-overlap cascading MAINTAINERS files,
and replaces them with a single top-level file, using a new structure:
* More coarse grained subsystems with dedicated teams of maintainers
* Core maintainers with a better-defined role and a wider scope (if it's
not in a subsystem, it's up to the core maintainers to figure it out)
* Architects
* Operators
This is work in progress, the goal is to start a conversation
Signed-off-by: Solomon Hykes <solomon@docker.com>
Signed-off-by: Erik Hollensbe <github@hollensbe.org>
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Signed-off-by: Tibor Vass <teabee89@gmail.com>
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Batts <vbatts@redhat.com>
The title `Image JSON Schema` was used as a header in the section
which describes the layout and fields of the image metadata JSON
file. It was pointed out that `JSON Schema` is its own term for
describing JSON in a machine-and-human-readable format, while the
word "Schema" in this context was used more generically to say that
the section is meant to be an example and outline of the Image JSON.
http://spacetelescope.github.io/understanding-json-schema/
This section now has the title `Image JSON Description` in order
to not cause this confusion.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
This allows us to use build tags in the code directly to include/exclude code based on our binary's "staticness".
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Right now its really hard for a newbie to find our Image specification
so I'm adding a link to it (and libcontainer's) to the main README.
I'm also trying to figure out how to add a link to it from the main docs
too but that's proving harder than I expected. I'll be working with Sven on
a subsequent PR to make that happen, but it might not happen until after 1.5
is out.
Signed-off-by: Doug Davis <dug@us.ibm.com>
`openssl req -new -x509 -text -key client.key -out client.cert` creates a self-sign certificate but not a certificate request.
Signed-off-by: Wei-Ting Kuo <waitingkuo0527@gmail.com>
We're hoping to add some new commands that don't have any args so this
PR will enable that by removing all of the hard-coded checks that require
commands to have at least one arg. It also adds some checks to each
command so we're consistent in the error message we get. Added a test
for this too.
We actually had this check in at least 3 different places (twice in the
parser and once in most cmds), this removes 2 of them (the parser ones).
Had to remove/modify some testcases because its now legal to have certain
commands w/o args - e.g. RUN. This was actually inconsistent because
we used to allow "RUN []" but not "RUN" even though they would generate
(almost) the same net result. Now we're consistent.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Applied multi parameters to pause and unpause.
Created a new test file dedicated for pause commands.
Created a new utility function to get a slice of paused containers.
Updated documentation
Signed-off-by: André Martins <martins@noironetworks.com>
Adding instructions to exit the test shell and a link to the user guide (as is done in the following sections for 12.04 and 13.04/10
Signed-off-by: Steven Koch <sjkoch@unm.edu>
I don't think that it was very useful feature in current implementation,
but when you have a lot of links - your daemon became unusable because
on first call of /containers global graphdb lock will be acquired and it
can take a lot of time: 30m for 15 containers linked to each other.
Links names can be seen with `--no-trunc`, but I think it's useless :)
Fixes#9967
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Addresses: #10618
Given that the user has no notification that they tried to bind mount
different directories on the same target in the container, this errors
out in that case, without changing the current code allowing for
--volumes-from to trump -v/VOLUME specifications.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
As I was reworking https://github.com/docker/docker/pull/9402 I realized
that the new testcase I just added that verified all help text is within
80 characters really should be smarter and ask "docker help" for the list
of commands to check instead of having a hard-coded list. This way
it will catch "docker execwait" automagically once #9402 is merged.
Signed-off-by: Doug Davis <dug@us.ibm.com>
sort changes found and exported.
Sorting the files before appending them to the tar archive
would mean a dependable ordering for types like hardlinks.
Also, combine sort logic used
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Per Erikh's suggestion at:
https://github.com/docker/docker/pull/9989#issuecomment-69832009
this PR will trim spaces in the parser to ensure that the user gets the same
results irrespetive of leading/trailing spaces.
Per @tiborvass's suggestion I added a test to make sure spaces in quotes
are not touched.
Signed-off-by: Doug Davis <dug@us.ibm.com>
We only accepted lower case proto: tcp, udp.
This patch will enable us to use upper case
of proto such as: EXPOSE 1234/TCP
Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
Reflow change in commit 195f3a3f removed newlines in the config format.
This change reverts the sample config to the original formatting, which
matches the actual config format of a `awsconfig` file.
Signed-off-by: Katie McLaughlin <katie@glasnt.com>
Only show the verification message if all the tarsum checks pass and the image manifest is verified.
No longer return an error when a tarsum verification fails, just reset the verification flag.
Tarsum verification is less meaningful without a verified manifest and therefore it should not cause an error.
Updated the verified image test to pull an image which expected to have a verified manifest and contents.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Refactored getHomeDir in docker/docker to GetHomeDir in utils
pkg. Currently covers all use cases on the client-side.
Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
Lxc images have /dev (devices). This creates a list with the /dev paths in the test.
Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
Currently docker build is not passing HostConfig to daemon.Create.
this patch creates the default HostConfig and passes it to daemon.Create.
This will cause the SELinux labeling to turn on for docker build. Basically
it causes a SecurtyOpt field to be created. In the future this might also
allow us to use seccomp and UserNamespace with docker build.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
This is sort of "revert" of #8415. There is some problems with using
logs:
* Non-live progressbars
* Races when you can try to get logs before it was written(there was
occasional errors in tests)
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
It didn't work on v2 anyways. And an image with a lot of aliases was slow to
fetch.
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
On pull treat an unavailable v2 registry as a non-error fallback.
On push only show v2 error message in debug mode.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
The -u/--user flag optionaly takes a group/gui. This change documents this behavior and specifies the complete format of the value.
Signed-off-by: Jeff Nickoloff <jeff@allingeek.com>
Added a missed semi-colon for consistency with other messages.
Signed-off-by: Jeff Nickoloff <jeff@allingeek.com>
No longer push to the official v2 registry when it is available. This allows pulling images from the v2 registry without defaulting push. Only pull official images from the v2 official registry.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
No longer push to the official v2 registry when it is available. This allows pulling images from the v2 registry without defaulting push. Only pull official images from the v2 official registry.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Introduced in Docker v0.4.5 / Remove API v1.1 (#848), the remote
parameter of the API method POST /build allows to specify a buildable
remote URL (HTTPS, HTTP or Git).
Signed-off-by: Vincent Giersch <vincent.giersch@ovh.net>
This modifies the "docker help" text so that it is no wider than 80 chars
and each description fits on one line. This will also try to use ~ when
possible
Added a test to make sure we don't go over 80 chars again.
Added a test to make sure we use ~
Applied rules/tests to all docker commands - not just main help text
Closes#10214
Signed-off-by: Doug Davis <dug@us.ibm.com>
Since the separator for extra host settings (for /etc/hosts in a
container) is a ":", the code that handles extra hosts needed to only
split on the first ":" to preserve IPv6 addresses which are passed via
the command line settings as well as stored in the JSON container
config.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
I noticed that while we have tests to make sure that people don't
specify a Dockerfile (via -f) that's outside of the build context
when using the docker cli, we don't check on the server side to make
sure that API users have the same check done. This would be a security
risk.
While in there I had to add a new util func for the tests to allow us to
send content to the server that isn't json encoded - in this case a tarball
Signed-off-by: Doug Davis <dug@us.ibm.com>
When calling stats on stopped container's print out zeros for all of the
values to populate the initial table. This signals to the user that the
operations completed and will not block.
Closes#10504
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This ensures that ca-certificates are installed and that they get
updated in case they were already installed.
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
I noticed that while we have tests to make sure that people don't
specify a Dockerfile (via -f) that's outside of the build context
when using the docker cli, we don't check on the server side to make
sure that API users have the same check done. This would be a security
risk.
While in there I had to add a new util func for the tests to allow us to
send content to the server that isn't json encoded - in this case a tarball
Signed-off-by: Doug Davis <dug@us.ibm.com>
When calling stats on stopped container's print out zeros for all of the
values to populate the initial table. This signals to the user that the
operations completed and will not block.
Closes#10504
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
The API documentation uses the "base" image in various
places. The "base" image is deprecated and it is no longer
possible to download this image.
This changes the API documentation to use "ubuntu" in stead.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When getting the URL from a v2 registry url builder, it does not
honor the scheme from the endpoint object and will cause an https
endpoint to return urls starting with http.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
When requesting a token, the basic auth header is always being set even
if there is no username value. This patch corrects this and does not set
the basic auth header if the username is empty.
Also fixes an issue where pulling all tags from a v2 registry succeeds
when the image does not actually exist on the registry.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Wait for the local registry-v2 test instance to become available to
avoid random tests failures.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
The checksum is now being stored in a separate file beside the image
JSON file.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Fixes#10387
Without TCP keep-alive set on socket connections to the daemon, any
long-running container with std{out,err,in} attached that doesn't
read/write for a minute or longer will end in ECONNTIMEDOUT (depending
on network settings/OS defaults, etc.), leaving the docker client side
believing it is still waiting on data with no actual underlying socket
connection.
This patch turns on TCP keep-alive for the underlying TCP connection
for both TLS and standard HTTP hijacked daemon connections from the
docker client, with a keep-alive timeout of 30 seconds.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
While checksums are verified when a layer is pulled from v2 registries,
there are known issues where the checksum may change when the layer diff
is computed again. To avoid these issues, the checksum should no longer
be computed and stored until after it has been extracted to the docker
storage driver. The checksums are instead computed lazily before they
are pushed to a v2 registry.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
It's ambiguous to say that `ENV` is _functionally equivalent to prefixing the command with `<key>=<value>`_. `ENV` sets the environment for all future commands, but `RUN` can take chained commands like `RUN foo=bar bash -c 'echo $foo' && bash -c 'echo $foo $bar'`. Users with a solid understanding of `exec` may grok this without confusion, but less experienced users may need this distinction.
Signed-off-by: Michael A. Smith <msmith3@ebay.com>
Improve Environment Handling Descriptions
- Link `ENV` and `Environment Replacement`
- Improve side-effects of `ENV` text
- Rearrange avoiding side effects text
Signed-off-by: Michael A. Smith <msmith3@ebay.com>
The cmd.Lookup should be "-attach" and not "attach", as seen in
docker/docker/runconfig/parse.go
Signed-off-by: André Martins <martins@noironetworks.com>
This list is outdated. It could be updated instead of removed... but why should it be maintained? I do not see a reason.
Signed-off-by: João Bruni <contato@jbruni.com.br>
When requesting a token, the basic auth header is always being set even
if there is no username value. This patch corrects this and does not set
the basic auth header if the username is empty.
Also fixes an issue where pulling all tags from a v2 registry succeeds
when the image does not actually exist on the registry.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
When getting the URL from a v2 registry url builder, it does not
honor the scheme from the endpoint object and will cause an https
endpoint to return urls starting with http.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Wait for the local registry-v2 test instance to become available to
avoid random tests failures.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
The link to project/MAINTAINERS.md was broken, in
addition, /MAINTAINERS containers more relevant
information on the LGTM process and contains info
about maintainers of all subsystems.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The checksum is now being stored in a separate file beside the image
JSON file.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Fixes#10387
Without TCP keep-alive set on socket connections to the daemon, any
long-running container with std{out,err,in} attached that doesn't
read/write for a minute or longer will end in ECONNTIMEDOUT (depending
on network settings/OS defaults, etc.), leaving the docker client side
believing it is still waiting on data with no actual underlying socket
connection.
This patch turns on TCP keep-alive for the underlying TCP connection
for both TLS and standard HTTP hijacked daemon connections from the
docker client, with a keep-alive timeout of 30 seconds.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
While checksums are verified when a layer is pulled from v2 registries,
there are known issues where the checksum may change when the layer diff
is computed again. To avoid these issues, the checksum should no longer
be computed and stored until after it has been extracted to the docker
storage driver. The checksums are instead computed lazily before they
are pushed to a v2 registry.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Don't run docker in interactive mode in the archlinux container build script. Recent versions of Docker error out with "cannot enable tty mode on non tty input" when being run non-interactively (such as in a cron job, Jenkins build, etc.)
Signed-off-by: Jared Biel <jared.biel@bolderthinking.com>
The API documentation uses the "base" image in various
places. The "base" image is deprecated and it is no longer
possible to download this image.
This changes the API documentation to use "ubuntu" in stead.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fixes the daemon's failure to start when setting --ipv6=true for
the first time without deleting `docker0` bridge from a prior use with
only IPv4 addressing.
The addition of the IPv6 bridge address is factored out into a separate
initialization routine which is called even if the bridge exists but no
IPv6 addresses are found.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Under certain cases, such as when putting a manifest or check for the existence
of a layer, the status code checks in session_v2.go were too narrow for their
purpose. In the case of putting a manifest, the handler only cares that an
error is not returned. Whether it is a 304 or 202 does not matter, as long as
the server reports success. Having the client only accept specific http codes
inhibits future protocol evolution.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
This fixes the daemon's failure to start when setting --ipv6=true for
the first time without deleting `docker0` bridge from a prior use with
only IPv4 addressing.
The addition of the IPv6 bridge address is factored out into a separate
initialization routine which is called even if the bridge exists but no
IPv6 addresses are found.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Fixes a few typos in IPv6 addresses. Will make it easier for users who
actually try and copy/paste or use the example addresses directly.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
The build job will sometimes trigger a pull job when the base image
does not exist. Now that engine jobs properly close their output by default
the pull job would also close the build job's stdout in a cascading close
upon completion of the pull.
This patch corrects this by wrapping the `pull` job's stdout with a
nopCloseWriter which will not close the stdout of the `build` job.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
When unmarshaling the json response from the API in languages to a
dynamic object having the omitempty field tag on types such as float64
case the key to be omitted on 0.0 values. Various langages will
interpret this as a null when 0.0 is the actual value.
This patch removes the omitempty tags on fields that are not structs
where they can be safely omited.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
When calling delete on a bind-mount volume, the config file was bing
removed, but it was not actually being removed from the volume index.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Before the V2 registry changes, images with no config could be pushed.
This change fixes a regression that made those images not able to be
pushed to a registry.
Signed-off-by: Euan Kemp <euank@euank.com>
Docker inspect can also be used on images, this patch fixed the
minor typo in file docker/flags.go and docs/man/docker.1.md
Signed-off-by: DiuDiugirl <sophia.wang@pku.edu.cn>
When progress reader closes it overwrites the progress line with the full progress bar, replaces the completed message.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Currently loading the trust key uses path instead of filepath. This creates problems on some operating systems such as Windows.
Fixes#10319
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Updates `image.StoreImage()` to always ensure that images
that are installed in Docker have a tarsum.v1 checksum.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Since it can still be tested natively without this, this won't cause any harm while we fix the tests to actually work on Windows.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
* Adjust header to match _page_title
* Add instructions on deletion of CSRs and setting permissions
* Simplify some path expressions and commands
* Consqeuently use ~ instead of ${HOME}
* Precise formulation ('key' vs. 'public key')
* Fix wrong indentation of output of `openssl req`
* Use dash ('--') instead of minus ('-')
Remark on permissions:
It's not a problem to `chmod 0400` the private keys, because the
Docker daemon runs as root (can read the file anyway) and the Docker
client runs as user.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Since the Docker-Distribution-API-Version header value may contain multiple
space delimited versions as well as many instances of the header key, the
header value is now split on whitespace characters to iterate over all versions
that may be listed in one instance of the header.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Implementing the deamon flags the traditional way introduced even more
redundancy than usual because the same list of options with flags
had to be added twice.
This can be avoided by using variables in the case statements when
using the extglob shell option.
Signed-off-by: Harald Albers <github@albersweb.de>
Under certain cases, such as when putting a manifest or check for the existence
of a layer, the status code checks in session_v2.go were too narrow for their
purpose. In the case of putting a manifest, the handler only cares that an
error is not returned. Whether it is a 304 or 202 does not matter, as long as
the server reports success. Having the client only accept specific http codes
inhibits future protocol evolution.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
The build job will sometimes trigger a pull job when the base image
does not exist. Now that engine jobs properly close their output by default
the pull job would also close the build job's stdout in a cascading close
upon completion of the pull.
This patch corrects this by wrapping the `pull` job's stdout with a
nopCloseWriter which will not close the stdout of the `build` job.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Update fixes some rendering issues, including improperly escaping '$' in
blocks, and actual parsing of blockcode.
`ID=$(sudo docker run -d fedora /usr/bin/top -b)` was being converted to
`ID=do docker run -d fedora/usr/bin/top -b)`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The docs around COPY/ADD already mentioned that it will do a relative
copy/add based on WORKDIR, so that part is already ok. Just needed to
tweak the WORKDIR section since w/o mentioning COPY/ADD it can be misleading.
Noticed by @phemmer
Signed-off-by: Doug Davis <dug@us.ibm.com>
This revision is from docker_1.5 branch, because we don't want to
introduce user namespace in docker 1.5, but fix for --pid=host is
needed.
Fixes#10303
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
When unmarshaling the json response from the API in languages to a
dynamic object having the omitempty field tag on types such as float64
case the key to be omitted on 0.0 values. Various langages will
interpret this as a null when 0.0 is the actual value.
This patch removes the omitempty tags on fields that are not structs
where they can be safely omited.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
When calling delete on a bind-mount volume, the config file was bing
removed, but it was not actually being removed from the volume index.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Note: this deprecates the fine-grained, high-overlap cascading MAINTAINERS files,
and replaces them with a single top-level file, using a new structure:
* More coarse grained subsystems with dedicated teams of maintainers
* Core maintainers with a better-defined role and a wider scope (if it's
not in a subsystem, it's up to the core maintainers to figure it out)
* Architects
* Operators
This is work in progress, the goal is to start a conversation
Signed-off-by: Solomon Hykes <solomon@docker.com>
Signed-off-by: Erik Hollensbe <github@hollensbe.org>
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Signed-off-by: Tibor Vass <teabee89@gmail.com>
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Before the V2 registry changes, images with no config could be pushed.
This change fixes a regression that made those images not able to be
pushed to a registry.
Signed-off-by: Euan Kemp <euank@euank.com>
The title `Image JSON Schema` was used as a header in the section
which describes the layout and fields of the image metadata JSON
file. It was pointed out that `JSON Schema` is its own term for
describing JSON in a machine-and-human-readable format, while the
word "Schema" in this context was used more generically to say that
the section is meant to be an example and outline of the Image JSON.
http://spacetelescope.github.io/understanding-json-schema/
This section now has the title `Image JSON Description` in order
to not cause this confusion.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Docker inspect can also be used on images, this patch fixed the
minor typo in file docker/flags.go and docs/man/docker.1.md
Signed-off-by: DiuDiugirl <sophia.wang@pku.edu.cn>
When progress reader closes it overwrites the progress line with the full progress bar, replaces the completed message.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Currently loading the trust key uses path instead of filepath. This creates problems on some operating systems such as Windows.
Fixes#10319
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Updates `image.StoreImage()` to always ensure that images
that are installed in Docker have a tarsum.v1 checksum.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
If stop/kill command hits a short window between process' exit and
container's cleanup, it will no longer fail with 'no such process'
error.
Resolves#10182
Signed-off-by: Michal Minar <miminar@redhat.com>
Since it can still be tested natively without this, this won't cause any harm while we fix the tests to actually work on Windows.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
* Adjust header to match _page_title
* Add instructions on deletion of CSRs and setting permissions
* Simplify some path expressions and commands
* Consqeuently use ~ instead of ${HOME}
* Precise formulation ('key' vs. 'public key')
* Fix wrong indentation of output of `openssl req`
* Use dash ('--') instead of minus ('-')
Remark on permissions:
It's not a problem to `chmod 0400` the private keys, because the
Docker daemon runs as root (can read the file anyway) and the Docker
client runs as user.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Based on some feedback, when you have a container via the cli that you
are monitoring for stats, if you stop the container it will stay in the
display but report the last datapoint that was received.
This PR changes the display to zero out the values for containers where
an update has not been received within a specified duration, i.e. 2
seconds. This signals the user that the container has stopped as it
reports cpu and memory usage of 0.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Since the Docker-Distribution-API-Version header value may contain multiple
space delimited versions as well as many instances of the header key, the
header value is now split on whitespace characters to iterate over all versions
that may be listed in one instance of the header.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Implementing the deamon flags the traditional way introduced even more
redundancy than usual because the same list of options with flags
had to be added twice.
This can be avoided by using variables in the case statements when
using the extglob shell option.
Signed-off-by: Harald Albers <github@albersweb.de>
This fixes various tests by checking for non zero exit code, accounting for lxc-specific base-diffs, and by removing lxc specific environment vars.
It also adds the --share-ipc option to lxc-start for shared ipc namespaces.
Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
Docker-DCO-1.1-Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
Update our "registry" install to use the included Godeps libraries so that it
doesn't require anything from our current source (hence moving it up for
better caching too)
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
v2 ping now checks for a Docker-Distribution-API-Version
header that identifies the endpoint as "registry/2.0"
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Due to the iptables package being `init`ed at start of the docker
runtime, this means the iptables --wait command listing all rules
is run, no matter if the command is simply "docker -h". It makes
more sense to both locate the iptables command and check for the
wait flag support at the time iptables is actually used, as it
may not be used at all if certain network support is off/configured
differently.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Some calls like json.Encoder.Encode mask the number of bytes written to
an io.Writer. The solution provides a wrapper io.Writer around the
actual io.Writer that allows multiple calls to Write to be considered as
one and allow access to this count.
Signed-off-by: Pierre Wacrenier <pierre.wacrenier@gmail.com>
Also, this decouples the emptyfs script from the busybox one -- they're now functionally separate thanks to the scratch no-op change. 👍
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
unshare the mount namespace of the docker daemon to avoid other pids
outside the daemon holding mount references of docker containers.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Fixes#9629#9768
A couple of issues:
1) Volume config is not restored if we couldn't find it with the graph
driver, but bind-mounts would never be found by the graph driver since
they aren't in that dir
2) container volumes were only being restored if they were found in the
volumes repo, but volumes created by old daemons wouldn't be in the
repo until the container is at least started.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This systemd.exec setting will construct a new mount namespace for the
docker daemon, and use slave shared-subtree mounts so that volume mounts
propogate correctly into containers.
By having an unshared mount namespace for the daemon it ensures that
mount references are not held by other pids outside of the docker
daemon. Frequently this can be seen in EBUSY or "device or resource
busy" errors.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
This is literally the only failing test on Go 1.3.3: 🎉
```
--- FAIL: TestBuildWithTabs (0.43 seconds)
docker_cli_build_test.go:4307: Missing tabs.
Got:["/bin/sh","-c","echo\u0009one\u0009\u0009two"]
Exp:["/bin/sh","-c","echo\tone\t\ttwo"]
```
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
The assumption is not true if user specifies an IP address other than
the first IP, in that case the first IP address is never allocated to
any container.
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Addresses #5811
This cleans up an error in the logic which removes localhost resolvers
from the host resolv.conf at container creation start time. Specifically
when the determination is made if any nameservers are left after
removing localhost resolvers, it was using a string match on the word
"nameserver", which could have been anywhere (including commented out)
leading to incorrect situations where no nameservers were left but the
default ones were not added.
This also adds some complexity to the regular expressions for finding
nameservers in general, as well as matching on localhost resolvers due
to the recent addition of IPv6 support. Because of IPv6 support now
available in the Docker daemon, the resolvconf code is now aware of
IPv6 enable/disable state and uses that for both filter/cleaning of
nameservers as well as adding default Google DNS (IPv4 only vs. IPv4
and IPv6 if IPv6 enabled). For all these changes, tests have been
added/strengthened to test these additional capabilities.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
DM_UDEV_DISABLE_LIBRARY_FALLBACK is disabled by most applications today
when using device-mapper, and ensuring that device-mapper is in sync
with udev. This flag instructs devicemapper to not fallback to creating
the device nodes itself. In the case of udev sync not being supported,
devicemapper will attempt to create the devices in a timely manner,
regardless of udev.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
when initializing the devmapper driver, attempt to sync udev and device
mapper. If udev sync is not supported, print a warning. Eventually we'll
likely bail here to avoid unpredictable behavior for users.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Since "go test" doesn't seem to support "-installsuffix" as quite the same perfect solution that "go build" is happy to let it be, let's just switch those crappy old "integration/" tests to use our separate static dockerinit binary so we don't have to worry about compiling the entire test harness statically. 👍
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
See #10141 for more info, but the main point of this is to make sure
that if you do "docker run -e FOO ..." that FOO from the current env
is passed into the container. This means that if there's a value, its
set. But it also means that if FOO isn't set then it should be unset in
the container too - even if it has to remove it from the env. So,
unset HOSTNAME
docker run -e HOSTNAME busybox env
should _NOT_ show HOSTNAME in the list at all
Closes#10141
Signed-off-by: Doug Davis <dug@us.ibm.com>
Set lxc.auto.mount = proc:mixed in unprivilged mode. This ensures that lxc mounts sys and proc/sysrq-trigger as readonly.
Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
Docker-DCO-1.1-Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
To run shell(and not exit), lxc needs STDIN. Without STDIN open, it will exit 0.
Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
Fixes#9709
In cases where the volumes-from container is removed and the consuming
container is restarted, docker was trying to re-apply volumes from that
now missing container, which is uneccessary since the volumes are
already applied.
Also cleaned up the volumes-from parsing function, which was doing way more than
it should have been.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Fixes#10129
Makes the .dockercfg more human parsable.
Also cleaned up the (technically) racey login test.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Sending capability ids instead of capability names ot LXC for --cap-add and --cap-drop.
Also fixed tests.
Docker-DCO-1.1-Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
Fixes#9960
This adds the output of a "Backing Filesystem:" entry to `docker info`
to overlay, aufs, and devicemapper graphdrivers. The default list
includes a fairly complete list of common filesystem names from
linux/include/uapi/linux/magic.h, but if the backing filesystem is not
recognized, the code will simply show "<unknown>"
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Token cache prevents the need to get a new token for every registry interaction.
Since the tokens are short lived, the cache expires after only a minute.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
The v2 session code will no longer update the indexEndpoint value, therefore it is not necessary to save and restore the value for use with v1.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
While the v2 pull operation is writing the body of the layer blob to disk
it now computes the tarsum checksum of the archive before extracting it to
the backend storage driver. If the checksum does not match that from the
image manifest an error is raised.
Also adds more debug logging to the pull operation and fixes existing test
cases which were failing. Adds a reverse lookup constructor to the tarsum
package so that you can get a tarsum object using a checksum label.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Because docker core cannot vendor non-master Go dependencies, we need to remove
dependencies on registry package. The definition of digest.Digest has been
changed to a string and the regular expressions have been ported from
docker-registry/common library.
We'll likely change this be dependent on the registry in the future when the
API stabilizies and use of the master branch becomes the norm.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
This package, ported from next-generation docker regsitry, includes route and
error definitions. These facilitate compliant V2 client implementation. The
portions of the HTTP API that are included in this package are considered to be
locked down and should only be changed through a careful change proposal.
Descriptor definitions package layout may change without affecting API behavior
until the exported Go API is ready to be locked down.
When the new registry stabilizes and becomes the master branch, this package
can be vendored from the registry.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Registry authorization token is now taken from the response body rather than
the repsonse header.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
summary of changes:
registry/auth.go
- More logging around the login functions
- split Login() out to handle different code paths for v1 (unchanged logic)
and v2 (does not currently do account creation)
- handling for either basic or token based login attempts
registry/authchallenge.go
- New File
- credit to Brian Bland <brian.bland@docker.com> (github: BrianBland)
- handles parsing of WWW-Authenticate response headers
registry/endpoint.go
- EVEN MOAR LOGGING
- Many edits throught to make the coad less dense. Sparse code is more
readable code.
- slit Ping() out to handle different code paths for v1 (unchanged logic)
and v2.
- Updated Endpoint struct type to include an entry for authorization
challenges discovered during ping of a v2 registry.
- If registry endpoint version is unknown, v2 code path is first attempted,
then fallback to v1 upon failure.
registry/service.go
- STILL MOAR LOGGING
- simplified the logic around starting the 'auth' job.
registry/session.go
- updated use of a registry.Endpoint struct field.
registry/token.go
- New File
- Handles getting token from the parameters of a token auth challenge.
- Modified from function written by Brian Bland (see above credit).
registry/types.go
- Removed 'DefaultAPIVersion' in lieu of 'APIVersionUnknown = 0'`
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Make sure that as we build the CMD/ENTRYPOINT cache strings that we don't
treat ["echo","hi"] and ["echo hi"] as the same thing due to the fact that
we're just doing a strcat on the array.
Closes#10097
Signed-off-by: Doug Davis <dug@us.ibm.com>
The documentation on `docker export` doesn't mention that
data in volumes is not included in the export.
This adds a note that volumes are not part of the export
and refers to the "Backup, restore, or migrate data volumes"
to give the user some pointers.
Relates to https://github.com/docker/docker/issues/10095
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Under the restart policy "--restart=no", there is no record about it
in the information from docker inspect.
To keep it consistent around the three(maybe more in the future) restart
policies and distinguish with no restart policy specified cases, it's
worth to record it even though it is the default restart policy which
will not restart the container.
Signed-off-by: Hu Keping <hukeping@huawei.com>
Adjust builder to validate that JSON in Dockerfiles are arrays of strings and nothing else to match how we describe them to people (and what all our existing tests already assumed)
Tests no longer make the assumption that the daemon can be accessed
through unix:///var/run/docker.sock.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Add a --readonly flag to allow the container's root filesystem to be
mounted as readonly. This can be used in combination with volumes to
force a container's process to only write to locations that will be
persisted. This is useful in many cases where the admin controls where
they would like developers to write files and error on any other
locations.
Closes#7923Closes#8752
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
We want to be able to use container without the PID namespace. We basically
want containers that can manage the host os, which I call Super Privileged
Containers. We eventually would like to get to the point where the only
namespace we use is the MNT namespace to bring the Apps userspace with it.
By eliminating the PID namespace we can get better communication between the
host and the clients and potentially tools like strace and gdb become easier
to use. We also see tools like libvirtd running within a container telling
systemd to place a VM in a particular cgroup, we need to have communications of the PID.
I don't see us needing to share PID namespaces between containers, since this
is really what docker exec does.
So currently I see us just needing docker run --pid=host
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Fixes: #9860
Fixes: detach and attach tty mode
We never actually need to close container `stdin` after `stdout/stderr` finishes. We only need to close the `stdin` goroutine. In some cases this also means closing `stdin` but that is already controlled by the goroutine itself.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This refactors the starting work by the prior commits to make this safe
for access. A maximum of 5 worker go routines are started to lookup
images on the endpoint. Another go routine consumes the images that are
required to be pushed into a map for quick lookups. The map is required
because the pushing of the image json and layer have to be done in the
correct order or the registry will explode in fire.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
The "or rename" part was removed from the error-message,
because renaming wasn't possible at the time.
Now that https://github.com/docker/docker/pull/8570 is merged,
renaming existing containers is possible.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
If an error message happens while parsing docker run or docker exec, the message
is not being printed out.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Since the failure count of container will increase by 1 every time it
exits successfully, the compare in function shouldRestart() will stop
container to restart by the last time.
Signed-off-by: Hu Keping <hukeping@huawei.com>
Many iterations have gone into documenting a v1 specification of Docker's Image
format.
v1 Image spec: clarify parent field
- metalivedev pointed out that the description was ambiguous, so I've removed
mention that it was randomly generated. It IS the ID of the parent image.
Updated v1 image specificatino documentation
- More complete details and deprication notifications for each field
in the JSON metadata of an image.
- Details on the format for packaging combined Image JSON + Filesystem
Changeset archives for all layers of an image.
Clarify description of an image "Layer" in v1 spec
Updated intro of image v1 spec
Updated image v1 spec after more review
- Removed description of "Image" from the terminology section. The entire
document is meant to serve this purpose.
- Updated the definition of "Image Filesystem Changeset".
- Clarified the level of randomness needed for generating image IDs.
- Updated the description of "Image Checksum".
- Added term descriptions for "Repository" and "Tag"
- Removed extraneous/implementation-specific fields from the Image JSON
example file and field descriptions:
- removed "container_config" and "docker_version" fields.
- Added missing "author" field example and description.
- Removed extraneous/implementation-specific fields from the "config" struct
example and description:
- removed "Hostname", "Domainname", "Cpuset", "AttachStdin", "AttachStdout",
"AttachStderr", "PortSpecs", "Tty", "OpenStdin", "StdinOnce", "Image",
"NetworkDisabled", and "OnBuild".
- Updated example Image JSON config with better example values for "Env",
"Cmd", "Volumes", "WorkingDir", "Entrypoint", "CpuShares", "Memory",
"MemorySwap", and "User".
- Added notices that any fields not specified are to be considered as
implementation specific and should be ignored my implementations which
are unable to interpret them.
- Updated example of creating layer filesystem changesets to use less formal
language.
- Listed more details in the section regarding extraction of a bundle of image
layers into the root filesystem of a container.
- Updated the closing mention of Docker as an evolving implementation.
More updates to the v1 image spec
- Added line wrapping after 80 columns per line to adhere to documentation
style guides, as pointed out by @jamtur01
- Removed references to any specific docker commands, updated a few descriptions
or drop repeated statements, as pointed out by @cpuguy83
Cleanup image v1 spec draft after fredlf comments
Address comments by mmdriley on v1 image spec
Improve description of image v1 spec 'config.User`
- Improves description of image v1 specification for the 'User' runtime
parameter after recomendations by tianon.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
There are a couple of drivers that swallow errors that may occur in
their Put() implementation.
This changes the signature of (*Driver).Put for all the drivers implemented.
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
to docs.master.dockerproject.com.
- Make the invaidation profile the bucket variable, not hard coded.
- Add no cache variable for settings cache to "no-cache"
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jess@docker.com> (github: jfrazelle)
This fixes the container start issue for containers which were started
on a daemon prior to the resolv.conf updater PR. The update code will
now safely ignore these containers (given they don't have a sha256 hash
to compare against) and will not attempt to update the resolv.conf
through their lifetime.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
This refactors version number usage for several of our "download/install this exact version" bits so we have an easier time replacing the version numbers in Jenkins.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Presenly the "Data file:" shows either the loopback _file_ or the block device.
With this, the "Data file:" will always show the device, and if it is a
loopback, then there will additionally be a "Data loop file:".
(Same for "Metadata file:")
Signed-off-by: Vincent Batts <vbatts@redhat.com>
`uint64(buf.Type)` on i686 is ffffffff9123683e on i686 due to sign extension, so it cannot be compared with `FsMagic(0x9123683E)`
Signed-off-by: Andrii Melnykov <andy.melnikov@gmail.com>
Passing RepositoryInfo to ResolveAuthConfig, pullRepository, and pushRepository
Moving --registry-mirror configuration to registry config
Created resolve_repository job
Repo names with 'index.docker.io' or 'docker.io' are now synonymous with omitting an index name.
Adding test for RepositoryInfo
Adding tests for opts.StringSetOpts and registry.ValidateMirror
Fixing search term use of repoInfo
Adding integration tests for registry mirror configuration
Normalizing LookupImage image name to match LocalName parsing rules
Normalizing repository LocalName to avoid multiple references to an official image
Removing errorOut use in tests
Removing TODO comment
gofmt changes
golint comments cleanup. renaming RegistryOptions => registry.Options, and RegistryServiceConfig => registry.ServiceConfig
Splitting out builtins.Registry and registry.NewService calls
Stray whitespace cleanup
Moving integration tests for Mirrors and InsecureRegistries into TestNewIndexInfo unit test
Factoring out ValidateRepositoryName from NewRepositoryInfo
Removing unused IndexServerURL
Allowing json marshaling of ServiceConfig. Exposing ServiceConfig in /info
Switching to CamelCase for json marshaling
PR cleanup; removing 'Is' prefix from boolean members. Removing unneeded json tags.
Removing non-cleanup related fix for 'localhost:[port]' in splitReposName
Merge fixes for gh9735
Fixing integration test
Reapplying #9754
Adding comment on config.IndexConfigs use from isSecureIndex
Remove unused error return value from isSecureIndex
Signed-off-by: Don Kjer <don.kjer@gmail.com>
Adding back comment in isSecureIndex
Signed-off-by: Don Kjer <don.kjer@gmail.com>
Only modifies non-running containers resolv.conf bind mount, and only if
the container has an unmodified resolv.conf compared to its contents at
container start time (so we don't overwrite manual/automated changes
within the container runtime). For containers which are running when
the host resolv.conf changes, the update will only be applied to the
container version of resolv.conf when the container is "bounced" down
and back up (e.g. stop/start or restart)
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
It seems odd to have such an important API hidden under 'misc'.
While in there I noticed that during the "-f Dockerfile" PR I changed
the query param from f to dockerfile and missed this one spot in the docs.
Signed-off-by: Doug Davis <dug@us.ibm.com>
w/o this one-liner the v1.17 docs didn't appear in the Reference dropdown
and I would get a 404 when I tried to access
.../reference/api/docker_remote_api_v1.17/
Not sure if there are other spots that need to be fixed but this seemed to
fix it for me.
Signed-off-by: Doug Davis <dug@us.ibm.com>
The cli now doesn't echo the container ID when started using either -a
or -i. Also fixes `TestStartAttachCorrectExitCode` which incorrectly
called start with the result of wait rather than the container ID.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Add a check to make sure Dockerfile is in the build context
Add docs and a testcase
Make -f relative to current dir, not build context
Signed-off-by: Doug Davis <dug@us.ibm.com>
If .dockerignore mentions either then the client will send them to the
daemon but the daemon will erase them after the Dockerfile has been parsed
to simulate them never being sent in the first place.
an events test kept failing for me so I tried to fix that too
Closes#8330
Signed-off-by: Doug Davis <dug@us.ibm.com>
Usage string isn't printed anymore. User is adviced to see help instead
- according to coreutils standard.
Signed-off-by: Michal Minar <miminar@redhat.com>
Ignoring return value of ParseFlags leads to exit code 0 if bad
arguments are supplied. This patch makes sure that subcommands exit
with non-zero code in such a case.
Signed-off-by: Michal Minar <miminar@redhat.com>
* Do not log bad options error message twice, e.g.:
$ docker run --pouet
flag provided but not defined: --pouet
See 'docker run --help'.
2014/11/05 21:41:23 flag provided but not defined: --pouet
With this patch just the first two lines will be produced.
* Print 'docker' just once when run without a command, e.g.:
$ docker --hel
flag provided but not defined: --hel
See 'docker docker --help'.
Signed-off-by: Michal Minar <miminar@redhat.com>
--help and help are successful commands so output should not go to error.
QE teams have requested this change, also users doing docker help | less
or docker run --help | less would expect this to work.
Usage statement should only be printed when the user asks for it.
Errors should print error message and then suggest the docker COMMAND --help
command to see usage information.
The current behaviour causes the user to have to search for the error message
and sometimes scrolls right off the screen. For example a error on a
"docker run" command is very difficult to diagnose.
Finally erros should always exit with a non 0 exit code, if the user
makes a CLI error.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Function shouldRestart() checks the restart policy and records the
debug info and there should be two arguments in the log.Debugf().
Prior to the this patch, the logs were something like this:
- client: $ docker run --restart=on-failure:3 ubuntu /bin/sh -c 'exit 1'
- daemon: INFO[0168] ...
DEBU[0168] stopping restart of container %!s(int=3) because maximum
failure could of %!d(MISSING) has been reached
INFO[0086] ...
Btw, fix a spelling error in the same file:
- cotnainer -> container
----------------------------------------
Signed-off-by: Hu Keping <hukeping@huawei.com>
Also makes streamConfig Pipe methods not return error, since there was
no error for them to be able to return anyway.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This also adds more tests to help verify this, including unicode and nonprintable characters (hence the earlier commit switching to strconv.Quote).
As a bonus, this fixes a subtle bug where [] was turned into [""] and then turned back into [] (and thus [""] was impossible to actually round-trip correctly in a Dockerfile).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
This is:
git format-patch -1 --stdout HEAD \
| patch -p1 docs/sources/reference/api/docker_remote_api_v1.*.md
Applying the changes I initially made on the docs for v1.15 to all
other versions led to acceptable results.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Copyright notices must reflect the current year. This commit updates the listed year to 2015 with a starting year of 2013 from
a27b4b8cb8
Docker-DCO-1.1-Signed-off-by: Patrick Stapleton <github@gdi2290.com> (github: gdi2290)
Using --insecure is (you guessed it) *insecure* as the server side
certificate is not being validated. To offer the same degree of
security as invocations of the docker client in "Secure by default"
with cURL, the trusted CA certificate must be supplied.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
With -CAcreateserial the serial file will be automatically created
and initialized if it is missing.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
syscall.Unmount failed sometimes when user interrupted exporting,
for example a Ctrl-C, or pipe to commands which closed the pipe early,
like "docker export <container_name> | file -"; this syscall.Unmount
could sometimes return EBUSY and didn't actually umount the filesystem;
which would cause a following export command fail to mount;
change to lazy Unmount with MNT_DETACH can fix the problem, this is
the same behavior as in Shutdown;
```text
time="2015-01-03T21:27:26Z" level=error msg="Warning: error unmounting device
34a3e77cdbca17ceffd0636aee0415bb412996adb12360bfe2585ce30467fa8e: device or resource busy"
```
```
$ docker export thirsty_ardinghelli | file -
/dev/stdin: POSIX tar archive
time="2015-01-03T21:58:17Z" level=fatal msg="write /dev/stdout: broken pipe"
$ docker export thirsty_ardinghelli
time="2015-01-03T21:54:33Z" level=fatal msg="Error: thirsty_ardinghelli: Error getting container
34a3e77cdbca17ceffd0636aee0415bb412996adb12360bfe2585ce30467fa8e from driver devicemapper:
Error mounting '/dev/mapper/docker-253:0-3148372-34a3e77cdbca17ceffd0636aee0415bb412996adb12360bfe2585ce30467fa8e'
on '/var/lib/docker/devicemapper/mnt/34a3e77cdbca17ceffd0636aee0415bb412996adb12360bfe2585ce30467fa8e': device or resource busy"
```
Signed-off-by: Derek Che <drc@yahoo-inc.com>
Fixed:
* Invalid JSON
* Inconsistent spacing at colon
Expression for binary data streams (line 468 vs. 1474) remain inconsistent.
Could fix that too, if you like.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
This introduces a sort order for options:
Arrange options sorted alphabetically by long name with the short
options immediately following their corresponding long form.
Signed-off-by: Harald Albers <github@albersweb.de>
Moves some information around, expanding information on
user namespaces, pull/load security, cap add/drop.
Also includes various grammar improvements and edits.
Signed-off-by: Eric Windisch <eric@windisch.us>
This way, we can embed the link/description lines directly in the array itself, conflicts between PRs to this section are minimized, new PRs are easier to review, and it's a lot easier to notice when people are missing a link/description (like the few that currently are).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
This file is one APT creates to make sure we don't "autoremove" our currently in-use kernel, which doesn't really apply to debootstraps/Docker images that don't even have kernels installed.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
This fixes the issue where an lxc.conf override of lxc.network.ipv4 was not being honored.
Docker-DCO-1.1-Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
This commit contains changes for docker:
* user.GetGroupFile to user.GetGroupPath docker/libcontainer#301
* Add systemd support for OOM docker/libcontainer#307
* Support for custom namespaces docker/libcontainer#279, docker/libcontainer#312
* Fixes#9699docker/libcontainer#308
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
This changes the error message that is returned by the daemon when
a container-name already exists.
The old message suggests that containers can be renamed, which is
currently not possible.
To prevent confusion, the part "(or rename)" is removed from
the error-message.
Message before this change;
FATA[0000] Error response from daemon: Conflict, The name foobar is already assigned to 728ac36fb0ab. You have to delete (or rename) that container to be able to assign foobar to a container again.
Message after this change;
FATA[0000] Error response from daemon: Conflict. The name 'foobar' is already in use by container 728ac36fb0ab. You have to delete that container to be able to reuse that name.
Relates to: https://github.com/docker/docker/issues/3036
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
People might find it hard to find the newer/related Docker projects,
especially when they're just github issues. So, while I would have
preferred to have this at http://github.com/docker, I couldn't find
a doc to edit to make that happen, so this is the next best spot.
Signed-off-by: Doug Davis <dug@us.ibm.com>
If `--insecure-registry mydomain.com` was specified, it would match a registry at mydomain.com on any port.
This was accidentally added in #9735 and is now being reverted.
Signed-off-by: Tibor Vass <teabee89@gmail.com>
- move docker/docker-py clone to the Dockerfile
- put "integration test daemon startup" code in a separate file for both scripts to source
- add new test-docker-py Makefile target
- include "python-websocket" package in Dockerfile for running the tests
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Because the patch is not in 1.4, the v1.16 docs shouldn't have been
updated. Docs were promoted to v1.17 by #9742.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
There has been a lot of discussion (issues 4242 and 5262) about making
`FROM scratch` either a special case or making `FROM` optional, implying
starting from an empty file system.
This patch makes the build command `FROM scratch` special cased from now on
and if used does not pull/set the the initial layer of the build to the ancient
image ID (511136ea..) but instead marks the build as having no base image. The
next command in the dockerfile will create an image with a parent image ID of "".
This means every image ever can now use one fewer layer!
This also makes the image name `scratch` a reserved name by the TagStore. You
will not be able to tag an image with this name from now on. If any users
currently have an image tagged as `scratch`, they will still be able to use that
image, but will not be able to tag a new image with that name.
Goodbye '511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158',
it was nice knowing you.
Fixes#4242
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
To avoid an expensive call to archive.ChangesDirs() which walks two directory
trees and compares every entry, archive.ApplyLayer() has been extended to
also return the size of the layer changes.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
This clones and run the integration tests for docker-py master as part
of the integration tests created on master. docker-py hits the api
directly and should be a good way to identify regressions in the api.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This commit is patch for following comment
// TODO: This method should return the errors instead of masking them and returning false
Signed-off-by: Daehyeok Mun <daehyeok@gmail.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
As we move forward on automating our pull request review process and
tooling these exceptions hurt more than they help. For consistency we
should not allow small patch exceptions for anything. The source of
truth going forward for DCO and builds are the official drone status on
each pull request.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Fixes#6647: Other upstart jobs that depend on docker by specifying
"start on started docker" would often start before the docker daemon was
ready, so they'd fail with "Cannot connect to the Docker daemon" or
"dial unix /var/run/docker.sock: no such file or directory".
This is because "docker -d" doesn't daemonize, it runs in the
foreground, so upstart can't know when the daemon is ready to receive
incoming connections. (Traditionally, a daemon will create all necessary
sockets and then fork to signal that it's ready; according to @tianon
this "isn't possible in Go"[1]. See also [2].)
Presumably this isn't a problem with systemd init with its socket
activation. The SysV init scripts may or may not suffer from this
problem but I have no motivation to fix them.
This commit adds a "post-start" stanza to the upstart configuration
that waits for the socket to be available. Upstart won't emit the
"started" event until the "post-start" script completes.[3]
Note that the system administrator might have specified a different path
for the socket, or a tcp socket instead, by customising
/etc/default/docker. In that case we don't try to figure out what the
new socket is, but at least we don't wait in vain for
/var/run/docker.sock to appear.
If the main script (`docker -d`) fails to start, the `initctl status
$UPSTART_JOB | grep -q "stop/"` line ensures that we don't loop forever.
I stole this idea from Steve Langasek.[4]
If for some reason we *still* end up in an infinite loop --I guess
`docker -d` must have hung-- then at least we'll be able to see the
"Waiting for /var/run/docker.sock" debug output in
/var/log/upstart/docker.log.
I considered using inotifywait instead of sleep, but it isn't worth
the complexity & the extra dependency.
[1] https://github.com/docker/docker/issues/6647#issuecomment-47001613
[2] https://code.google.com/p/go/issues/detail?id=227
[3] http://upstart.ubuntu.com/cookbook/#post-start
[4] https://lists.ubuntu.com/archives/upstart-devel/2013-April/002492.html
Signed-off-by: David Röthlisberger <david@rothlis.net>
This tests ensures that the content from a dir within a build is carried
over even if VOLUME for that dir is specified in the Dockerfile. This
test ensures this long standing functionality.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
_docker_run and _docker_create had only one differing line.
This refactoring features:
- direct completion for both commands to the same function
- factor out the common arguments, sort & format them nicely
- compute the argument for _docker_pos_first_nonflag.
Signed-off-by: Harald Albers <github@albersweb.de>
When we use the engine/env object we can run into a situation where
a string is passed in as the value but later on when we json serialize
the name/value pairs, because the string is made up of just numbers
it appears as an integer and not a string - meaning no quotes. This
can cause parsing issues for clients.
I tried to find all spots where we call env.Set() and the type of the
name being set might end up having a value that could look like an int
(like author). In those cases I switched it to use env.SetJson() instead
because that will wrap it in quotes.
One interesting thing to note about the testcase that I modified is that
the escaped quotes should have been there all along and we were incorrectly
letting it thru. If you look at the metadata stored for that resource you
can see the quotes were escaped and we lost them during the serialization
steps because of the env.Set() stuff. The use of env is probably not the
best way to do all of this.
Closes: #9602
Signed-off-by: Doug Davis <dug@us.ibm.com>
This test tests nothing because of error in cmd, where "echo 'should
fail'" passed as binary. Also this test directly contradicts
documentation and current daemon behavior.
Fixes#7826
Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
When the user is not using the full has to retrieve a container it's
possible that we find conflicts with the ids of other containers.
At the moment it's just failing saying that it can not find a container,
but it doesn't say why. Adding a small log saying that duplicates where
found is going to help the user.
Closes#8098
Signed-off-by: Alex Gonzalez <agonzalezro@gmail.com>
Fixed a missing link and a few small formatting issues. Also deleted 1.3 notes as originally intended.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
This tests ensures that the content from a dir within a build is carried
over even if VOLUME for that dir is specified in the Dockerfile. This
test ensures this long standing functionality.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
He is unfortunately out of power and internet because of storms :(
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jess@docker.com> (github: jfrazelle)
This patch fixes the permission fixing code used by addContext, which
would not be responsible for Lchown-ing top-level directories added to a
destination that didn't exist prior to untar-ing the context.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
I was confused earlier when I did:
```
docker push localhost.localdomain:1234/foo
```
Because docker told me:
```
No such id: localhost.localdomain:1234/foo
```
I actually had buried in my mind the solution to this, but the error
message
confused me because I had recently had some fun trying to get the
registry
working and therefore thought it was telling me that I didn't have an
account
on the registry.
This pull request makes it unambiguous that the error is that the
specified
image is unknown.
/cc @cpuguy83
Docker-DCO-1.1-Signed-off-by: Peter Waller <p@pwaller.net> (github: pwaller)
Sometimes rm begins before process death, but Kill called already after
it, so we get error - no such process.
Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
Incase of a 3xx redirect the var was being overshowed and ever changed
causing an infinite loop.
Fixes#9480
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Forbid `docker run -t` with a redirected stdin (such as `echo test |
docker run -ti busybox cat`). Forbid `docker exec -t` with a redirected
stdin. Forbid `docker attach` with a redirect stdin toward a tty enabled
container.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Properly CloseWrite() the client socket once done with stdin when using
TLS connection (this used to rely on an erroneous type assertion).
Fixes#8658.
Fixes#8642.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Signed-off-by: Michael Crosby <crosby.michael@gmail.com>
This makes sure that we don't buffer in memory and that we also flush
stdin from diff as well as untar.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Conflicts:
pkg/chrootarchive/diff.go
This makes sure that we don't buffer in memory and that we also flush
stdin from diff as well as untar.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Copying the entire docker service file isn't necessary to add an
environment variable, instead use a drop-in configuration file. The nice
side-effect is that the user gets any vendor updates to the
docker.service file.
Signed-off-by: Brandon Philips <brandon.philips@coreos.com>
If two interrupts were fired really quickly interruptCount could have been incremented twice before the LoadUint32 making cleanup not being called at all.
Signed-off-by: Erik Dubbelboer <erik@dubbelboer.com>
This adds the docker daemon's root directory to docker info when running
in debug mode. This allows the user to view the root directory where
docker is writing and storing state.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Update the webhook JSON payloads to real ones,
and show there is a difference between an automated build webhook payload and a normal repo payload
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
Signed-off-by: Sven Dowideit <SvenDowideit@docker.com>
Permissions after an ADD or COPY build instructions are now restricted
to the scope of files potentially modified by the operation rather than
the entire impacted tree.
Fixes#9401.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
I've re-jigged the run man page so that each option's text begins with the
cli's help text for that flag, and then ay subsequent lines in the man page
are carried forward.
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Right now 'docker build' will send:
Sending build context to Docker daemon
to stderr, instead of stdout. This PR fixes that.
I looked in the rest of api/client/commands.go for other cases
that might do this and only one jumped out at me:
https://github.com/docker/docker/blob/master/api/client/commands.go#L2202
but I think if I changed that to go to stdout then it'll mess people up
who are expecting just the container ID to be printed to the screen and
there is no --quiet type of flag we can check.
Closes#9404
Signed-off-by: Doug Davis <dug@us.ibm.com>
The installation guide for EC2 is outdated, as the current version of Amazon Linux (2014.09) is now Docker ready. No need to go through the manual route anymore. The official AMI has Docker packages in the repository now (this was the 'pre-release' option in the outdated instructions).
Docker-DCO-1.1-Signed-off-by: David Mat <david@davidmat.com> (github: davidmat)
The code no longer assumes a net.TCPConn underlying the HTTP connection
in order to close attached streams.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Another update to TarSum tests, this patch fixes an issue where
the benchmarks were generating archives incorrectly by not closing
the tarWriter.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
With 32ba6ab from #9261, TempArchive now closes the underlying file and
cleans it up as soon as the file's contents have been read. When pushing
an image, PushImageLayerRegistry attempts to call Close() on the layer,
which is a TempArchive that has already been closed. In this situation,
Close() returns an "invalid argument" error.
Add a Close method to TempArchive that does a no-op if the underlying
file has already been closed.
Signed-off-by: Andy Goldstein <agoldste@redhat.com>
These two cases did not actually read the same content with each iteration
of the benchmark. After the first read, the buffer was consumed. This patch
corrects this by using a bytes.Reader and seeking to the beginning of the
buffer at the beginning of each iteration.
Unfortunately, this benchmark was not actually as fast as we believed. But
the new results do bring its results closer to those of the other benchmarks.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Use transaction logic during device deletion and do rollback if transaction
is not complete. Following is the sequence of events.
- Open transaction and save to metafile
- Delete device from pool
- Delete device metadata file from disk
- Close Transaction
If docker crashes without closing transaction then rollback will take
place upon next docker start.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Finally this patch uses the notion of transaction for device or snapshot
device creation.
Following is sequence of event.
- Open a trasaction and save details in a file.
- Create a new device/snapshot device
- If a new device id is used, refresh transaction with new device id details.
- Create device metadata file
- Close transaction.
If docker crashes anywhere in between without closing transaction, then
upon next start, docker will figure out that there was a pending transaction
and it will roll back transaction. That is it will do following.
- Delete Device from pool
- Delete device metadata file
- Remove transaction file to mark no transaction is pending.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Finally, we seem to have all the bits to keep track of all used device
Ids and find a free device Id to use when creating a new device. Start
using it.
Ideally we should completely move away from retry logic when pool returns
-EEXISTS. For now I have retained that logic and I simply output a warning.
When things are stable, we should be able to get rid of it.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Open code createDevice() and createSnapDevice() and move all the logic
in the caller.
This is a sheer code reorganization so that all device Id allocation
logic is in one function. That way in case of erros, one can easily
cleanup and mark device Id free again. (Later patches benefit from
it).
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Right now we are accessing devices.NextDeviceId directly and also
incrementing it at various places.
Instead provide a helper function which is responsile for
incrementing NextDeviceId and return next deviceId.
This is just code structuring. This will help later once we
convert this function to find a free device Id and it goes
through a bitmap of used/free device Ids.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
When docker starts, build a used/free Device Id map from the per
device meta files we already have. These meta files have the data
which device Ids are in use. Parse these files and mark device as
used in the map.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Currently devicemapper backend does not keep track of used device Ids in
the pool. It tries a device Id and if that device Id exists in pool, it
tries with a different Id and keeps on doing this in a loop till it succeeds.
This worked fine so far but now we are moving to transaction based
device creation and deletion. We will keep deviceId information in
transaction which will be rolled back if docker crashed before transaction
was complete.
If we store a deviceId in transaction and later figure out it already
existed in pool and docker crashed, then we will rollback and remove
that existing device Id from pool (which we should not have).
That means, we should know free device Id in pool in advance before
we put that device Id in transaction.
Hence this patch creates a bitmap (one bit each for a deviceId), and
sets the bit if device Id is used otherwise resets it. This patch
is just preparing the ground right now. Actual usage will follow
in later patches.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Right now setupBaseImage() uses deleteDevice() to delete uninitialized
base image while rest of the code uses DeleteDevice(). Change it and
use a common function everywhere for the sake of uniformity.
I can't see what harm can be done by doing little extra locking done
by DeleteDevice().
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Very soon we will have the notion of an open transaction and keep its
details in a metafile.
When a new transaction is opened, we allocate a new transaction Id,
do the device creation/deletion and then we will close the transaction.
I thought that OpenTransactionId better represents the semantics of
transaction Id associated with an open transaction instead of NewtransactionId.
This patch just does the renaming. No functionality change.
I have also introduced a structure "Transaction" which will keep all
the details associated with a transaction. Later patches will add more
fields in this structure.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Currently new transaction Id is created using allocateTransactionId()
function. This function takes NewTransactionId and bumps up by one
to create NewTransactionId.
I think ideally we should be bumping up devices.TransactionId by 1
to come up with NewTransactionId. Because idea is that devices.TransactionId
contains the current pool transaction Id and to come up with a new
transaction Id bump it up by one.
Current code is not wrong as we are keeping NewTransactionId and
TransactionId in sync. But it will be more direct if we look at
devices.TransactionId to come up with NewTransactionId. That way
we don't have to even initialize NewTransactionId during startup
as first time somebody wants to do a transaction, it will be
allocated fresh.
So simplify the code a bit. No functionality change.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Currently updatePoolTransactionId() checks if NewTransactionId and
TransactionId are not same only then update the transaction Id in pool. This
check is redundant. Currently we call updatePoolTransactionId() only from
two places and both of these first allocate a new transaction Id.
Also updatePoolTransactionId() should only be called after allocating
new transaction Id otherwise it does not make any sense.
Remove the redundant check and reduce confusion.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Create two new helper functions for device and snap device creation. These
functions will not only create the device and also register the device.
Again, makes the code structure better and keeps all transaction logic
contained to functions instead of spilling over into functions like
setupBaseImage or AddDevice().
Just the code reorganization. No functionality change.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Currently registerDevice() adds a device to in-memory table, saves metadata
and also updates the pool transaction ID.
Now move transaciton Id update out of registerDevice() and provide a new
function unregisterDevice() which does the reverse of registerDevice().
This will simplify some code down the line and make it more structured.
This is just code reorganization and should not change functionality.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Currently devicemapper CreateDevice and CreateSnapDevice keep on retrying
device creation till a suitable device id is found.
With new transaction mechanism we need to store device id in transaction
before it has been created.
So change the logic in such a way that caller decides the devices Id to
use. If that device Id is not available, caller bumps up the device Id
and retries.
That way caller can update transaciton too when it tries a new Id. Transaction
related patches will come later in the series.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
When we are deleting a device, we also delete associated metadata file. If
that file removal fails, we are adding back the device in in-memory
table. I really can't see what's the point. When next lookup takes place
it will be automatically loaded if need be. Remove that code.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Right now initMetaData() first queries the pool for current transaciton Id
and then it migrates the old metafile.
Move pool transaction Id query and file migration in separate functions
for better code reuse and organization.
Given we have removed device transaction Id dependency from saveMetaData(),
we don't have to query pool transaction Id before migrating files.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Right now saveMetaData() is kind of little overloaded function. It is
supposed to save file metadata to disk. But in addition if user has
bumped up NewTransactionId before calling saveMetaData(), then it will
also update the transaction ID in pool.
Keep saveMetaData() simple and let it just save the file. Any update
of pool transaction ID is done inline in the code which needs it.
Also create an helper function updatePoolTransactionId() to update pool
transaction Id.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Remove call to allocateTransactionId() during device removal. This seems to
be unnecessary and it is not clear what this call is doing.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Again, just because device transaction id is greater than pool transaction
id, it does not guarantee that device is in the pool. So do not check
of this during loading of device metadata.
Docker needs to deal with it. And device activation will fail when we try
to activate a device for whom metafile is present but there is no device
in the pool.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Current code is associating a transaction id with each device and if pool
transaction id is greater that value, then current code assumes that device
is there in pool.
Transaction id of pool is a mechanism so that during device creation and
removal one can define a transaction and during startup figure out if
transaction was complete or not. I think we are using transaction id
throughout the code little inappropriately.
For example, if a device is being deleted, it is possible that we deleted
the device from pool but before we could delete metafile docker crashed.
When docker comes back it will think that device is in the pool (due to
device transaction id being less than pool transaction id) but device
is not in the pool.
Similary, it could happen that some data in the pool is corrupted and
during pool repair some devices are lost (without docker knowing about
it). In that case tool pool transaction id will be higher than device
transaction id and there are no guaratees that device is actually in
the pool.
So move away from this model where we think that a device is in pool if pool
transaction id is greater than device transaction Id. Per device
transaction Id just says that after device creation this should be pool's
transaction Id and nothing more.
Transaction id is per pool property (as opposed to per device property) and
will be used internally to figure out if last transaction was complete or
not and recover from failure during docker startup.
If for some reason metafile is present but device is not in pool, then
device activation will fail later.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Documented --storage-opt=[] option in man page. Content taken from:
daemon/graphdriver/devmapper/README.md
Signed-off-by: Michal Minar <miminar@redhat.com>
Docker-DCO-1.1-Signed-off-by: Michal Minar <miminar@redhat.com> (github: SvenDowideit)
Current description is misleading. It make an impression the --icc=false
prevents containers to talk with each other.
Signed-off-by: Michal Minar <miminar@redhat.com>
Docker-DCO-1.1-Signed-off-by: Michal Minar <miminar@redhat.com> (github: SvenDowideit)
I noticed that 3 of the tarsum test cases had expected a tarsum with
a sha256 hash of
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
As I've been working with sha256 quite a bit lately, it struck me that
this is the initial digest value for sha256, which means that no data
was processed. However, these tests *do* process data. It turns out that
there was a bug in the test handling code which did not wait for tarsum
to end completely. This patch corrects these test cases.
I'm unaware of anywhere else in the code base where this would be an issue,
though we definitily need to look out in the future to ensure we are
completing tarsum reads (waiting for EOF).
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Since Linux 3.18-rc6, overlayfs has been renamed overlay.
This change was introduced by the following commit in linux.git:
ef94b1864d1ed5be54376404bb23d22ed0481feb ovl: rename filesystem type to "overlay"
Signed-off-by: Lénaïc Huard <lhuard@amadeus.com>
Properly CloseWrite() the client socket once done with stdin when using
TLS connection (this used to rely on an erroneous type assertion).
Fixes#8658.
Fixes#8642.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Signed-off-by: Michael Crosby <crosby.michael@gmail.com>
Sometimes other programs can bind on ports from our range, so we just
skip this ports on allocation.
Fixes#9293
Probably fixes#8714
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Prior to this patch, one would get the output of docker inspect xxx
as below:
user@server:/mnt$ docker inspect ubuntu
[{
"Architecture": "amd64",
...
"VirtualSize": 199257566
}
]user@server:/mnt$
The last ']' was on the same line with the prompt, i wonder if it is
really what we want it be, it is a little weird, so i add a '\n' to it.
Signed-off-by: Hu Keping <hukeping@huawei.com>
Updated the documentation to cover the installation of Docker on
openSUSE and on SUSE Linux Enterprise.
Docker-DCO-1.1-Signed-off-by: Flavio Castelli <fcastelli@suse.com> (github: flavio)
The documentation for EXPOSE seems to indicate, that EXPOSE is only relevant in
the context of links, which is not the case.
Signed-off-by: Jacob Atzen <jatzen@gmail.com>
Current implementation is comingling things that ought not be together.
There are _some_ similarities between parsing for the different proto
types, but they are more different than alike, making the code extremely
difficult to reason about.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Currently this content gets a system label and is not writable based on
SELinux controls. This patch will set the labels to the correct label.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
The -n and --networking options were removed because they are
unsupported.
Bash completion should not reveal the existence of otherwise
undocumented unsupported options.
Signed-off-by: Harald Albers <github@albersweb.de>
This reverts commit 967a42f116.
Signed-off-by: Tatsushi Inagaki <e29253@jp.ibm.com>
Roll back the change to fix the parameter of HumanSize from int64 to float64
This moves the IsGIT and IsURL functions out of the generic `utils`
package and into their own `urlutil` pkg.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Signed-off-by: Tibor Vass <teabee89@gmail.com>
Conflicts:
pkg/archive/archive.go
fixed conflict which git couldn't fix with the added BreakoutError
Conflicts:
pkg/archive/archive_test.go
fixed conflict in imports
These settings need to be in the HostConfig so that they are not
committed to an image and cannot introduce a security issue.
We can safely move this field from the Config to the HostConfig
without any regressions because these settings are consumed at container
created and used to populate fields on the Container struct. Because of
this, existing settings will be honored for containers already created
on a daemon with custom security settings and prevent values being
consumed via an Image.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Conflicts:
daemon/create.go
changing config to hostConfig was required to fix the
build
This ensures that ServerAddress is set, while previously it was getting
set after configFile.Configs.
Signed-off-by: Vaidas Jablonskis <jablonskis@gmail.com>
A lot of flags have been added on the output of `docker help`. Use a
more robust method to extract the list of available subcommands by
spotting the `Command:` line and the next blank line.
Signed-off-by: Vincent Bernat <vincent@bernat.im>
Adds pertitent information about what is expected in the json payload
and comments out unsupported (exec) features in runConfig.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The gist here is a reemphasizing of the explicitly "user mutable" bits by putting them first (and hopefully improving readability a little bit in the process).
Signed-off-by: Andrew Page <admwiggin@gmail.com>
I also needed to add a mflag.IsSet() function that allows you to check
to see if a certain flag was actually specified on the cmd line.
Per #9221 - also tweaked the docs to fix a typo.
Closes#9221
Signed-off-by: Doug Davis <dug@us.ibm.com>
If you execute
DEBUG=-g hack/make.sh dynbinary
Docker will be build with the debug info making it easier to use
cgdb or lightide to debug.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
still supports the old form: ENV name value
Also, fixed an issue with the parser where it would ignore lines
at the end of the Dockerfile that ended with \
Closes#2333
Signed-off-by: Doug Davis <dug@us.ibm.com>
This fixes the removal of TempArchives which can read with only one
read. Such archives weren't getting removed because EOF wasn't being
triggered.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Mark the daemon listening ports as allocated in the portallocator in
order to prevent containers from exposing this port themselves.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Now filter name is trimmed and lowercased before evaluation for case
insensitive and whitespace trimemd check.
Signed-off-by: Oh Jinkyun <tintypemolly@gmail.com>
This adds an integration test for checking that the network namespace
fds are the same when a container joins another container's network
namespace.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Fixes:
- link -H windows is not compatible with -linkmode external
- under Cygwin go does not play well with cygdrive type paths
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Common patterns:
- Multiple images were built with same name but only one cleanup.
- Containers were deleted after images.
- Images not removed after retagging.
Signed-off-by: Tõnis Tiigi <tonistiigi@gmail.com> (github: tonistiigi)
COPY/ADD just copies the contents of dirs, not dirs themselves.
This PR tries to clear that up in the docs.
Closes#8775
Signed-off-by: Doug Davis <dug@us.ibm.com>
Next steps, in another PR, would be:
- make all logging go through the logrus stuff
- I'd like to see if we can remove the env var stuff (like DEBUG) but we'll see
Closes#5198
Signed-off-by: Doug Davis <dug@us.ibm.com>
Currently we set up a cookie and upon failure not call UdevWait(). This
does not cleanup the cookie and associated semaphore and system will
soon max out on total number of semaphores.
To avoid this, call UdevWait() even in failure path which in turn will
cleanup associated semaphore.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Vincent Batts <vbatts@redhat.com>
used path package instead of path/filepath so that --volumes and
--device parameters to always validate paths as unix paths instead of
OS-dependent path convention
Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
pkg/archive contains code both invoked from cli (cross platform) and
daemon (linux only) and Unix-specific dependencies break compilation on
Windows. We extracted those stat-related funcs into platform specific
implementations at pkg/system and added unit tests.
Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
Some parts of pkg/archive is called on both client/daemon code. To get
it compiling on Windows, these funcs are extracted into files with
build tags.
Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
TreeSize uses syscall.Stat_t which is not available on Windows.
It's called only on daemon path, therefore extracting it to daemon
with build tag 'daemon'
Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
SIGCHLD and SIGWINCH used in api/client (cli code) are not
available on Windows. Extracting into separate files with build
tags.
Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
Since V2 registry does not yet implement mirrors, when mirrors are given automatically fallback to V1 without checking V2 first.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Fixes#8942
Current behavior is that volumes aren't initialized until start.
Volumes still need to be initialized on start since VolumesFrom and
Binds can be passed in as part of HostConfig on start, however anything
that's already been initialized will just be skipped as is the current
behavior.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Therer is a bug in the 'skip' decision when exporting a repository
(`docker save repo`)
Only the layers of the first image are included in the archive (the
layers of the next images are missing)
Signed-off-by: Anthony Baire <Anthony.Baire@irisa.fr>
Since the build uses ubuntu 14.04, which has an old btrfs, include the
buildtags needed for this old version to not break the build.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
I was trying to just build the Docker client but DOCKER_CLIENTONLY wasn't
getting passed thru from the shell to the container building docker.
So, this PR passes this var (via the -e option) on the docker run command
so we pick it up from the devs shell when running "make ...".
While in there I pulled all of the "-e" options into a new Makefile variable
so its easy to see just the list of env vars we pass along.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Fixes#1171Fixes#6465
Data passed to mount(2) is clipped to PAGE_SIZE if its bigger. Previous
implementation checked if error was returned and then started to append layers
one by one. But if the PAGE_SIZE clipping appeared in between the paths, in the
permission sections or in xino definition the call would not error and
remaining layers would just be skipped(or some other unknown situation).
This also optimizes system calls as it tries to mount as much as possible with
the first mount.
Signed-off-by: Tõnis Tiigi <tonistiigi@gmail.com> (github: tonistiigi)
this test checks if exposing a large number of ports in Dockerfile properly
saves the port in configs. We dont actually expose a VERY large number of ports
here because the result is the same and it increases the test time by a few
seconds
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Signal proxy does work only in non-TTY mode (--tty=false). Man pages and
commands should not lie about it.
Signed-off-by: Michal Minar <miminar@redhat.com>
Ideally lvm2 would be used to create/manage the thin-pool volume that is
then handed to docker to exclusively create/manage the thin and thin
snapshot volumes needed for it's containers. Managing the thin-pool
outside of docker makes for the most feature-rich method of having
docker utilize device mapper thin provisioning as the backing storage
for docker's containers. lvm2-based thin-pool management feature
highlights include: automatic or interactive thin-pool resize support,
dynamically change thin-pool features, automatic thinp metadata checking
when lvm2 activates the thin-pool, etc.
Docker will not activate/deactivate the specified thin-pool device but
it will exclusively manage/create thin and thin snapshot volumes in it.
Docker will not take ownership of the specified thin-pool device unless
it has 0 data blocks used and a transaction id of 0. This should help
guard against using a thin-pool that is already in use.
Also fix typos in setupBaseImage() relative to the thin volume type of
the base image.
Docker-DCO-1.1-Signed-off-by: Mike Snitzer <snitzer@redhat.com> (github: snitm)
Otherwise udev can unecessarily execute various rules (and issue
scanning IO, etc) against the thin-pool -- which can never be a
top-level device.
Docker-DCO-1.1-Signed-off-by: Mike Snitzer <snitzer@redhat.com> (github: snitm)
Some workloads rely on IPC for communications with other processes. We
would like to split workloads between two container but still allow them
to communicate though shared IPC.
This patch mimics the --net code to allow --ipc=host to not split off
the IPC Namespace. ipc=container:CONTAINERID to share ipc between containers
If you share IPC between containers, then you need to make sure SELinux labels
match.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Took care of some review comments from crosbymichael.
v2:
- Return "err = nil" if file deviceset-metadata file does not exist.
- Use json.Decoder() interface for loading deviceset metadata.
v3:
- Reverted back to json marshal interface in loadDeviceSetMetaData().
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Saving ports as `map[nat.Port]struct{}` directly has ordering issue which is
more replicatable where we expose a huge number of ports at the same time. As a
result, the cache will be burst whenever the map order is different from the
previous build.
This sorts the ports first and save them as a whitespace-separated list instead
of the map representation, so the order will always be consistent if the port
list isnt changed.
NOTICE: this will burst the old expose caches
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
changing order of EXPOSE ports should not invalidate the cache as the content
doesnt change
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Whenever a command arguments is formed by a large linked list, repeatedly
appending to arguments and displayed messages took a long time because go will
have to allocate/copy a lot of times.
This speeds up the allocation by preallocate arrays of correct size for args
and msg
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Running parseVolumesFromSpec on all VolumesFrom specs before initialize
any mounts endures that we don't leave container.Volumes in an
inconsistent (partially initialized) if one of out mount groups is not
available (e.g. the container we're trying to mount from does not
exist).
Keeping container.Volumes in a consistent state ensures that next time
we Start() the container, it'll run prepareVolumes() again.
The attached test demonstrates that when a container fails to start due
to a missing container specified in VolumesFrom, it "remembers" a Volume
that worked.
Fixes: #8726
Signed-off-by: Thomas Orozco <thomas@orozco.fr>
Conflicts:
integration-cli/docker_cli_start_test.go
cli integration test
The vfs storage driver currently shells out to the `cp` binary on the host
system to perform an 'archive' copy of the base image to a new directory.
The archive option preserves the modified time of the files which are created
but there was an issue where it was unable to preserve the modified time of
copied symbolic links on some host systems with an outdated version of `cp`.
This change no longer relies on the host system implementation and instead
utilizes the `CopyWithTar` function found in `pkg/archive` which is used
to copy from source to destination directory using a Tar archive, which
should correctly preserve file attributes.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
I noticed a few things that were bugging me in the output
of the integration-cli tests.
- one of the tests used println to stdout so we had garage sent to the screen
- some of the test, in their final log message, didn't include the name of
the group/file e.g. daemon - run,iptables was just run,iptables
And yes, I noticed this because I'm anal :-) but also because we should keep
the output of the tests as clean as possible so its easy to spot it when
things go bad.
Signed-off-by: Doug Davis <dug@us.ibm.com>
This passed the --net=container:CONTINER_ID to lxc-start as --share-net
Docker-DCO-1.1-Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
The Docker Governance Advisory Board (DGAB) met for the first time Tue 10/21/2014.
Among other topics, the DGAB reviewed and refreshed the Docker Project Statement of Direction.
(Sven added from the Pull Req #9055)
Docker-DCO-1.1-Signed-off-by: Scott Johnston <scott.johnston@docker.com> (github: j0hnst0n)
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
Current implementation is hard to reason about because of trying to mix
unix/tcp server implementations, even though they are quite different.
This cleans that up.
Also makes it possible to create and manage a new API server easily,
e.g. for adding an introspection socket to a container.
Built in such a way as to allow a non-HTTP server to work as well, such
as libchan.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Linking to the docs readme to help would-be contributors discover the style guide and docs contribution guidelines.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
These settings need to be in the HostConfig so that they are not
committed to an image and cannot introduce a security issue.
We can safely move this field from the Config to the HostConfig
without any regressions because these settings are consumed at container
created and used to populate fields on the Container struct. Because of
this, existing settings will be honored for containers already created
on a daemon with custom security settings and prevent values being
consumed via an Image.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Running parseVolumesFromSpec on all VolumesFrom specs before initialize
any mounts endures that we don't leave container.Volumes in an
inconsistent (partially initialized) if one of out mount groups is not
available (e.g. the container we're trying to mount from does not
exist).
Keeping container.Volumes in a consistent state ensures that next time
we Start() the container, it'll run prepareVolumes() again.
The attached test demonstrates that when a container fails to start due
to a missing container specified in VolumesFrom, it "remembers" a Volume
that worked.
Fixes: #8726
Signed-off-by: Thomas Orozco <thomas@orozco.fr>
We might want to break it up into smaller pieces (eg. tools in one
place, documents in another) but let's worry about that later.
Signed-off-by: Solomon Hykes <solomon@docker.com>
Signed-off-by: Prasanna Gautam <prasannagautam@gmail.com>
I found that certain docker installations do not handle binding to the source directory quite right. Just writing it based on help from backjlack and tibor in IRC.
Since the containers can handle the out of memory kernel kills gracefully, docker
will only provide out of memory information as an additional metadata as part of
container status.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
This patch fixes the compilation errors in Docker due to changes in the
libcontainer/user API. There is no functionality change due to this
patch.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
This patch updates the vendor'd libcontainer version, so that Docker can
take advantage of the updates to the `user` API.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
Removing Sonat from docs maintainers because he no longer has time to complete all the responsibilities. Many thanks to Sonat for his help.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
The current implementation of the Docker Hub returns a list of objects
containing the tag name and the layer id.
Docker-DCO-1.1-Signed-off-by: Vincent Giersch <vincent.giersch@ovh.net>
In previous patch I had introduce json:"-" tags to be on safer side to make
sure certain fields are not marshalled/unmarshalled. But struct fields
starting with small letter are not exported so they will not be marshalled
anyway. So remove json:"-" tags from there.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Lxc driver was throwing errors for mounts where the mount point does not exist in the container.
This adds a create=dir/file mount option to the lxc template, to alleviate this issue.
Docker-DCO-1.1-Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
We removed the syncpipe package and replaced it with specific calls to
create a new *os.File from a specified fd passed to the process. This
reduced code and an extra object to manage the container's init
lifecycle.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
My pull request failed the build due to gofmat issues. I have run gofmt
on specified files and this commit fixes it.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Now, newly created/imported layers will have the checksum of
the layer diff computed and stored in the image json file.
For now, it is not an error if the computed checksum does not
match an existing checksum, only a warning message is logged. The
eventual goal is to use the checksums in the image JSON to verify
the integrity of the layer contents when doing `docker load` or
`docker pull`, and error out if it does not match.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Instead of only checking `Progress != nil` (which is always true because
the server sends `"progressDetail":{}` when it doesnt have the progress), we
also check if `Progress.String() != ""`, which should be sufficient to filter
out the progress data.
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
The way thin-pool right now is designed, user space is supposed to keep
track of what device ids have already been used. If user space tries to
create a new thin/snap device and device id has already been used, thin
pool retuns -EEXIST.
Upon receiving -EEXIST, current docker implementation simply tries the
NextDeviceId++ and keeps on doing this till it finds a free device id.
This approach has two issues.
- It is little suboptimal.
- If device id already exists, current kenrel implementation spits out
a messsage on console.
[17991.140135] device-mapper: thin: Creation of new snapshot 33 of device 3 failed.
Here kenrel is trying to tell user that device id 33 has already been used.
And this shows up for every device id docker tries till it reaches a point
where device ids are not used. So if there are thousands of container and
one is trying to create a new container after fresh docker start, expect
thousands of such warnings to flood console.
This patch saves the NextDeviceId in a file in
/var/lib/docker/devmapper/metadata/deviceset-metadata and reads it back
when docker starts. This way we don't retry lots of device ids which
have already been used.
There might be some device ids which are free but we will get back to them
once device numbers wrap around (24bit limit on device ids).
This patch should cut down on number of kernel warnings.
Notice that I am creating a deviceset metadata file which is a global file
for this pool. So down the line if we need to save more data we should be
able to do that.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
I was trying to save nextDeviceId to a file but it would not work and
json.Marshal() will do nothing. Then some search showed that I need to
make first letter of struct field capital, exporting this field and
now json.Marshal() works.
This is a preparatory patch for the next one.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Currently we save device metadata and have a helper function saveMetadata()
which converts data in json format as well as saves it to file. For
converting data in json format, one needs to know what is being saved.
Break this function down in two functions. One function only has file
write capability and takes in argument about byte array of json data.
Now this function does not have to know what data is being saved. It
only knows about a stream of json data is being saved to a file.
This allows me to reuse this function to save a different type of
metadata. In this case I am planning to save NextDeviceId so that
docker can use this device Id upon next restart. Otherwise docker
starts from 0 which is suboptimal.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
The current Dev version of TarSum includes hashing of extended
file attributes and omits inclusion of modified time headers.
I refactored the logic around the version differences to make it
more clear that the difference between versions is in how tar
headers are selected and ordered.
TarSum Version 1 is now declared with the new Dev version continuing
to track it.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
This removes the pull of the hello-world image from install.sh to
address privacy concerns.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Fixed the following errors:
1. Request(0) causes a dead loop when the map is full and map.last == BEGIN.
2. When map.last is the only available port (or ip), Request(0) returns ErrAllPortsAllocated (or ErrNoAvailableIPs). Exception is when map.last == BEGIN.
Signed-off-by: shuai-z <zs.broccoli@gmail.com>
This re-applies commit b39d02b with additional iptables rules to solve the issue with containers routing back into themselves.
The previous issue with this attempt was that the DNAT rule would send traffic back into the container it came from. When this happens you have 2 issues.
1) reverse path filtering. The container is going to see the traffic coming in from the outside and it's going to have a source address of itself. So reverse path filtering will kick in and drop the packet.
2) direct return mismatch. Assuming you turned reverse path filtering off, when the packet comes back in, it's goign to have a source address of itself, thus when the reply traffic is sent, it's going to have a source address of itself. But the original packet was sent to the host IP address, so the traffic will be dropped because it's coming from an address which the original traffic was not sent to (and likely with an incorrect port as well).
The solution to this is to masquerade the traffic when it gets routed back into the origin container. However for this to work you need to enable hairpin mode on the bridge port, otherwise the kernel will just drop the traffic.
The hairpin mode set is part of libcontainer, while the MASQ change is part of docker.
This reverts commit 63c303eecd.
Docker-DCO-1.1-Signed-off-by: Patrick Hemmer <patrick.hemmer@gmail.com> (github: phemmer)
The argument specified the json data to save to disk when registering
a new image into the image graph. If it is nil, then the given image
is serialized to json and that is written by default. This default
behavior is sufficient if the given image was originally deserialzed
from this jsonData to begin with which has always been the case.
Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
E.g. "docker foobar run" would have printed "Command not found:
foobar" and printed the help text for "run". It should instead
print the root help message for docker.
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
While working on the fix for #8330 I noticed a few things:
1 - the split() call for the .dockerignore process will generate a blank
"exclude". While this isn't causing an issue right now, I got worried
that in the future some code later on might interpret "" as something bad,
like "everything" or ".". So I added a check for an empty "exclude"
and skipped it
2 - if someone puts "foo" in their .dockerignore then we'll skip "foo".
However, if they put "./foo" then we won't due to the painfully
simplistic logic of go's filepath.Match algorithm. To help things
a little (and to treat ./Dockerfile just like Dockerfile) I added
code to filepath.Clean() each entry in .dockerignore. It should
result in the same semantic path but ensure that no matter how the
user expresses the path, we'll match it.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Reuse WORKDIR wording to specify that the USER instructions affect the
following RUN, CMD, and ENTRYPOINT instructions.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Since V2 registry does not yet implement mirrors, when mirrors are given automatically fallback to V1 without checking V2 first.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
The note under the RUN header refers to the CMD instruction. It should refer to the RUN instruction instead.
Signed-off-by: Huu Nguyen <whoshuu@gmail.com>
- Removed some commands related to autocomplete/symlinks that don't seem to be required anymore on Ubuntu 14.04
- Fixed one minor typo ("see LINK _for_ details," not "see LINK details")
- Moved section "Giving non-root access" to top level, rather than being under Ubuntu 13 (the section isn't specific to Ubuntu 13, and even references Ubuntu 14).
Signed-off-by: Scott Walls <sawalls@umich.edu>
Fix issue with restoring the tag store and setting static configuration
from the daemon. i.e. the field on the TagStore struct must be made
internal or the json.Unmarshal in restore will overwrite the insecure
registries to be an empty struct.
Signed-off-by: Michael Crosby <michael@docker.com>
Conflicts:
graph/pull.go
graph/push.go
graph/tags.go
With current implementation there was a possibility
that /start responds quicker than /attach, meaning that
some output would be clipped.
Fixed so the implementation matches with `docker run`.
This also fixes the flaky test results for TestCreateEchoStdout.
Signed-off-by: Tõnis Tiigi <tonistiigi@gmail.com> (github: tonistiigi)
Fixes#8832
All stdio streams need to finish writing before the
connection can be closed.
Signed-off-by: Tõnis Tiigi <tonistiigi@gmail.com> (github: tonistiigi)
Update for changes in docker 1.2. Running the docker daemon with "-r=false" has been deprecated in favor of per-container restart policies.
Signed-off-by: wilsaj <wilson.andrew.j+github@gmail.com>
If we need to raise an error, make sure the internal state is clean, because
a successful driver.Get() may have its internal state changed (eg. counting,
or mounts), while callers will only do that after a succussful Mount().
Signed-off-by: shuai-z <zs.broccoli@gmail.com>
Includes changes to mkdocs yml and removes style info from docs Read Me, adding a link instead.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Conflicts:
docs/README.md
Revisions to style guide based on review.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
More Style Guide revisions based on review.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
A few more style guide copy edits
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
By default is a demo of file differences, but can be used to create a
tar of changes between an old and new path.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
In an effort to make layer content 'stable' between import
and export from two different graph drivers, we must resolve
an issue where AUFS produces metadata files in its layers
which other drivers explicitly ignore when importing.
The issue presents itself like this:
- Generate a layer using AUFS
- On commit of that container, the new stored layer contains
AUFS metadata files/dirs. The stored layer content has some
tarsum value: '1234567'
- `docker save` that image to a USB drive and `docker load`
into another docker engine instance which uses another
graph driver, say 'btrfs'
- On load, this graph driver explicitly ignores any AUFS metadata
that it encounters. The stored layer content now has some
different tarsum value: 'abcdefg'.
The only (apparent) useful aufs metadata to keep are the psuedo link
files located at `/.wh..wh.plink/`. Thes files hold information at the
RW layer about hard linked files between this layer and another layer.
The other graph drivers make sure to copy up these psuedo linked files
but I've tested out a few different situations and it seems that this
is unnecessary (In my test, AUFS already copies up the other hard linked
files to the RW layer).
This changeset adds explicit exclusion of the AUFS metadata files and
directories (NOTE: not the whiteout files!) on commit of a container
using the AUFS storage driver.
Also included is a change to the archive package. It now explicitly
ignores the root directory from being included in the resulting tar archive
for 2 reasons: 1) it's unnecessary. 2) It's another difference between
what other graph drivers produce when exporting a layer to a tar archive.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
This backend uses the overlayfs union filesystem for containers
plus hard link file sharing for images.
Each container/image can have a "root" subdirectory which is a plain
filesystem hierarchy, or they can use overlayfs.
If they use overlayfs there is a "upper" directory and a "lower-id"
file, as well as "merged" and "work" directories. The "upper"
directory has the upper layer of the overlay, and "lower-id" contains
the id of the parent whose "root" directory shall be used as the lower
layer in the overlay. The overlay itself is mounted in the "merged"
directory, and the "work" dir is needed for overlayfs to work.
When a overlay layer is created there are two cases, either the
parent has a "root" dir, then we start out with a empty "upper"
directory overlaid on the parents root. This is typically the
case with the init layer of a container which is based on an image.
If there is no "root" in the parent, we inherit the lower-id from
the parent and start by making a copy if the parents "upper" dir.
This is typically the case for a container layer which copies
its parent -init upper layer.
Additionally we also have a custom implementation of ApplyLayer
which makes a recursive copy of the parent "root" layer using
hardlinks to share file data, and then applies the layer on top
of that. This means all chile images share file (but not directory)
data with the parent.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
The vfs storage driver currently shells out to the `cp` binary on the host
system to perform an 'archive' copy of the base image to a new directory.
The archive option preserves the modified time of the files which are created
but there was an issue where it was unable to preserve the modified time of
copied symbolic links on some host systems with an outdated version of `cp`.
This change no longer relies on the host system implementation and instead
utilizes the `CopyWithTar` function found in `pkg/archive` which is used
to copy from source to destination directory using a Tar archive, which
should correctly preserve file attributes.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
This will allow us to use a common Git prefix check for both api/clients/commands.go and
builder/job.go. Previous prefix check in build from Git (in builder/jobs.go) ignored valid prefixes such as "git@", "http://" or "https://".
Signed-off-by: Lakshan Perera <lakshan@laktek.com>
Made a few tweaks to Dockerfile tutorial links and removed some cruft from the tutorial itself.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
If we first request port 49153 (BeginPortRange) explicitly, and later some time request the next free port (of same ip/proto) by calling RequestPort() with port number 0, we will again get 49153 returned, even if it's currently in use. Because findPort() blindly retured BeginPortRange the first run, without checking if it has already been taken.
Signed-off-by: shuai-z <zs.broccoli@gmail.com>
when a container failed to start, saves the error message into State.Error so
that it can be retrieved when calling `docker inspect` instead of having to
look at the log
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Never close attached stream before both stdout and stderr have written
all their buffered contents. Remove stdinCloser because it is not needed
any more as the stream is closed anyway after attach has finished.
Fixes#3631
Signed-off-by: Andy Goldstein <agoldste@redhat.com>
Do not run containers in the background in the integration tests if you
depend on the run completing. It is better especially if you just want
to ensure that the run has completed with a `true` to just run in
foreground and use a known name for the container to query it after it
has stopped.
The failures can be reproduced on most machines by giving your dind
container one core and a cpushare.
docker run -c 200 --cpuset 0 -ti --rm --privileged -e
DOCKER_GRAPHDRIVER=vfs docker hack/make.sh binary test-integration-cli
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
As of 1.3 `docker ps` no longer shows links between containers.
This updates the documentation to reflect that change.
sudo docker docker inspect -f "{{ .HostConfig.Links }}" web
Signed-off-by: Philipp Weissensteiner <mail@philippweissensteiner.com>
graphdriver is not always specified when the log printed, because
it's provided in another thread. This patch will fix this.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
So far, it looks like the declarations are not used, and so its safer not to
confuse people into thinking they do something.
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
Fixes#1992
Right now when you `docker cp` a path which is in a volume, the cp
itself works, however you end up getting files that are in the
container's fs rather than the files in the volume (which is not in the
container's fs).
This makes it so when you `docker cp` a path that is in a volume it
follows the volume to the real path on the host.
archive.go has been modified so that when you do `docker cp mydata:/foo
.`, and /foo is the volume, the outputed folder is called "foo" instead
of the volume ID (because we are telling it to tar up
`/var/lib/docker/vfs/dir/<some id>` and not "foo", but the user would be
expecting "foo", not the ID
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Fix issue with restoring the tag store and setting static configuration
from the daemon. i.e. the field on the TagStore struct must be made
internal or the json.Unmarshal in restore will overwrite the insecure
registries to be an empty struct.
Signed-off-by: Michael Crosby <michael@docker.com>
Conflicts:
graph/pull.go
graph/push.go
graph/tags.go
We do this to prevent leakage of information, we don't want people
to be able to probe for existing content.
According to RFC 2616, "This status code (404) is commonly used when the server does not
wish to reveal exactly why the request has been refused, or when no other response i
is applicable."
https://www.ietf.org/rfc/rfc2616.txt
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it.
Authorization will not help and the request SHOULD NOT be repeated.
If the request method was not HEAD and the server wishes to make
public why the request has not been fulfilled, it SHOULD describe the
reason for the refusal in the entity. If the server does not wish to
make this information available to the client, the status code 404
(Not Found) can be used instead.
10.4.5 404 Not Found
The server has not found anything matching the Request-URI. No
indication is given of whether the condition is temporary or
permanent. The 410 (Gone) status code SHOULD be used if the server
knows, through some internally configurable mechanism, that an old
resource is permanently unavailable and has no forwarding address.
This status code is commonly used when the server does not wish to
reveal exactly why the request has been refused, or when no other
response is applicable.
When docker is running through its certificates, it should continue
trying with a new certificate even if it gets back a 404 error code.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
zsh completion is updated with the content of
felixr/docker-zsh-completion.
The major change since the last merge is the addition of
exec/create (but they were already present in the docker repository) as
well as pause/unpause/logout/events and the use of short/long options
when they are available. Some missing options were also added.
12f00abd7178 Add completion for `exec'
4e2faa075f9a Merge `run' and `create' commands.
34134de077de Add missing long/short options for most commands.
d09f62339ab5 Add completion for `pause' and `unpause'
e4754c3b3b9d Add completion for `logout'
e0935eb3d5d2 Add completion for `events'
dae353cb9afb Add completion for `create`
Docker-DCO-1.1-Signed-off-by: Vincent Bernat <vincent@bernat.im> (github: vincentbernat)
The Dockerfile Instruction to create the .vnc directory results in a failure :
-storepasswd failed for file: /root/.vnc/passwd
Signed-off-by: Madhu Venugopal <madhu@socketplane.io>
Use /etc/os-release to determine distro
Contents of /etc/os-release on Amazon Linux AMI 2014.09:
NAME="Amazon Linux AMI"
VERSION="2014.09"
ID="amzn"
ID_LIKE="rhel fedora"
VERSION_ID="2014.09"
PRETTY_NAME="Amazon Linux AMI 2014.09"
ANSI_COLOR="0;33"
CPE_NAME="cpe:/o:amazon:linux:2014.09:ga"
HOME_URL="http://aws.amazon.com/amazon-linux-ami/"
Signed-off-by: Amit Bakshi <ambakshi@gmail.com>
Signed-off-by: Jessica Frazelle <jess@docker.com>
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Added link for CVEs.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Fixed some URLs.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Added link for CVEs.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
An initial start to migration of the API tests from integration to
the integration-cli model.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
(github: estesp)
Made it clear signed images is a preview feature and added a little more info about how the feature works.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
This removes the key generation for trust from main while it is not
being consumed. The problem is that because this is being set in main
if a user runs as root initially the files will be owned by root. Later
if the user sets up the docker group they are unable to read the keys.
This is half a user error and documentation problem and the other half
is management.
We decided to remove this code for now while it is not being used and
will revisit it later when the consuming features are added. A few
options are to generate lazily and provide a clear error message on an
EPERM so that the user knows what is wrong and can correct the
permissions.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
`${SOME_VAR%pattern}` was turning into `SOME_VAL%pattern}` which the shell would then balk at.
I've updated the `TOKEN_ENV_INTERPOLATION` regex to account for this (ie, if `${` is used, it _must_ also match the closing `}`), and renamed the variable to not be exported (since it's not used outside the function following it).
I also added comments for the bits of `tokenEnvInterpolation` so they're easier to follow. 😄
Signed-off-by: Andrew Page <admwiggin@gmail.com>
This fixes issues where the apparmor profile is not applied to processes
via docker exec. As a side effect the parent processes were unable to
kill the additional child processes because of the profile mismatch.
Easy way to reproduce on an apparmor system:
docker run -ti debian:jessie bash
ps auxZ
- look at the labels
- in another shell
docker exec <name> sleep 1000
- go back to the first container and
ps auxZ
- make sure all processes have the correct docker-default profile
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Because of the base image change, $HOME is not always / and we need to
write to the proper $HOME within the container to complete the release
process.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Add some information about the storage and execution driver choices
Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
This makes it possible to make the Docker client "secure by default"
without wrapping the binary in a shell alias so that `--tlsverify` is
always passed.
Signed-off-by: Aanand Prasad <aanand.prasad@gmail.com>
and move the complicated discussion about branches lower down,
hopefully most won't need to know
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
This uses @dnephin's changes to the base.html (thank you!)
and then adds the hide_toc: page meta
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
First off, sorry for the noise. This is a cleaner step of #8508
Found more of a root cause of the open file handles.
After more testing I found that the open file descriptors will still
occur for TCP:// connections to the daemon, causing client and/or daemon
to fail.
The issue was instantiating a new http.Transport on _ever_ client
request. So each instance held the prior connection alive, but was only
ever used once.
By moving it out to the initilization of DockerCli, we can now have
reuse of idled connections. Simplifies the garbage overhead of the
client too, though that's not usually a deal.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
In the go stdlib net/http Transport, the used connections are cached
when idled. This behaviour is intended for TCP connections and does not
behave correctly for unix sockets. Despite the
DefaultMaxIdleConnsPerHost being 2, the idled connections are held open
during a session. For large sessions like `docker rm $(docker ps -a -q)`
of thousands of containers, it will cause the client _and_ the server to
open too many fails and have failures.
Having keep alives not used for only unix sockets is a work around for
this stdlib issue.
Also this includes disabling compression when communicating over the
local unix socket too.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Stable IPs causes some regressions in the way people use Docker, see GH#8493.
Reverting it for 1.3, we'll enable it back for the next release.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
When a container is restarted all the volume configs are parsed again.
Even if the volume was already handled in a previous start it was still
calling "FindOrCreateVolume" on the volume repo causing a new volume to
be created.
This wasn't being detected because as part of the mount initialization
it checks to see if the the _mount_ was already initialized, but this
happens after the parsing of the configs.
So a check is added during parsing to skip a volume which was already
created for that container.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Volume refs were not being restored on daemon restart.
This made it possible to remove a volume being used by other containers
after a daemon restart.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
When stdout/stderr is closed prematurely, the proxy's writes to stdout/stderr
(i.e. `log.Errorf/log.Printf`) will returns with EPIPE error, and go runtime
will terminate the proxy when stdout/stderr writes trigger 10 EPIPE errors.
instead of using stdout/stderr as the status handler, we pass an extra file to
the child process and write `0\n` or `1\nerror message` to it and close it
after. This allow the child process to handle stdout/stderr as normal.
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Currently if you start the docker -d on a system with 127.0.0.1 in /etc/resolv.conf
It will set the default dns to 8.8.8.8 8.8.4.4 permanently.
This causes a problem at boot on Fedora machines where NetworkManager has not
populated /etc/resolv.conf before docker gets started.
This fix checks /etc/resolv.conf on every docker run. And only populates
daemon.config.Dns if the user specified it on the command line.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Two problems how they are today:
In the current systemd unit files it is impossible to have the
docker.service started at system boot. Instead enableing docker.service
will actually enable docker.socket. This is a problem, as that means
any container with --restart=always will not launch on reboot. And of
course as soon as you log in and type docker ps, docker.service will be
launched and now your images are running. Talk about a PITA to debug!
The fix is to just install docker.service when people ask docker.service
to be enabled. If an admin wants to enable docker.socket instead, that
is fine and will work just as it does today.
The second problem is a common docker devel workflow, although not
something normal admins would hit. In this case consider a dev doing
the following:
systemctl stop docker.service
docker -d
[run commands]
[^C]
systemctl start docker.service
Running docker -d (without -F fd://) will clean up the
/var/run/docker.sock when it exits. Remember, you just ran the docker
daemon not telling it about socket actviation, so cleaning up its socket
makes sense! The new docker, started by systemd will expect socket
activation, but the last one cleaned up the docker.sock. So things are
just broken. You can, today, work around this by restarting
docker.socket. This fixes it by telling docker.socket that it is
PartOf=docker.service. So when docker.service is
started/stopped/restarted docker.socket will also be
started/stopped/restarted. So the above semi-common devel workflow will
be fine. When docker.service is stopped, so is docker.socket, docker
-d (without -F fd://) will create and delete /var/run/docker.sock.
Starting docker.service again will restart docker.socket, which will
create the file an all is happy in the word.
Signed-off-by: Eric Paris <eparis@redhat.com>
The defer logic was a little tricky and was hiding one bug: `err` was
being redefined (with `:=`) and thus it escaped the defer error checking
logic.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Prior to the volumes re-factor, data was not being copied on
volumes-from or host-mounted volumes.
After the re-factor, data was being copied for volumes-from.
This reverts this unintentional change in behavior.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
See #8101
lineDelim is used by streamJSON() so it needs to be set
before its called.
Signed-off-by: Tõnis Tiigi <tonistiigi@gmail.com> (github: tonistiigi)
Fixes#8407
Setting Host on URL only works if the Request does not
already have its Host property set.
Note that the API version was also swallowed.
Signed-off-by: Tõnis Tiigi <tonistiigi@gmail.com> (github: tonistiigi)
Failure to do this means that file capabilites are not preserved in the image.
Ping fails to work as a non-root user if cap_net_raw is capability is not set
Signed-off-by: Dan Griffin <dgriffin@peer1.com>
If previous line ends with whitespace, or next line starts with whitepsace
we need to preserve a space otherwise things line:
RUN echo\
hello
will appear as: RUN echohello
Noticed this while looking at #5744 because he had lines ending in &&\
Signed-off-by: Doug Davis <dug@us.ibm.com>
As this feature requires more testing it is much safter to get the
underlying changes into the codebase first then enable the feature in
another release after proper testing and verification can be done.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Needed to check if the mode was invalid and return error, not valid and
return error.
This didn't get picked up because the existing integration-cli tests
were all either expecting errors when a valid mode was passed in (e.g.
"ro" passed in, we expected an error because it was testing write). So
modified a test which was testing for "rw" to actually pass in "rw"
instead of assuming the "rw"
Docker-DCO-1.1-Signed-off-by: Brian Goff <bgoff@cpuguy83-mbp.home> (github: cpuguy83)
This change will allocate network settings (IP and public ports) at
container creation rather than start and keep them throughout the
lifetime of the container (i.e. until it gets destroyed) instead of
discarding them when the container is stopped.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Since we are moving network allocation outside of container scope (it
will be managed by create/destroy), those functions need to be
accessible from the outside.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
*. Fixed headings so the side menu will now be consistent. Some sections
had H3s that were displaying and others did not leaving the left menu
very mismatched.
* Fixed several spelling errors.
* Re-formatted several long lines and badly laid out paragraphs.
* Fixed several double backticks.
* Added backticks to several outputs and variables.
* Removed two issues that are no longer valid.
* Removed several double spaces and extra lines.
Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
Right now, MAC addresses are randomly generated by the kernel when
creating the veth interfaces.
This causes different issues related to ARP, such as #4581, #5737 and #8269.
This change adds support for consistent MAC addresses, guaranteeing that
an IP address will always end up with the same MAC address, no matter
what.
Since IP addresses are already guaranteed to be unique by the
IPAllocator, MAC addresses will inherit this property as well for free.
Consistent mac addresses is also a requirement for stable networking (#8297)
since re-using the same IP address on a different MAC address triggers the ARP
issue.
Finally, this change makes the MAC address accessible through docker
inspect, which fixes#4033.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Also wrap access in mutex.
Makes sure we don't have any pontential for races in accessing this.
It also doesn't really need to be/shouldn't be in the config.json anyway
Docker-DCO-1.1-Signed-off-by: Brian Goff <bgoff@cpuguy83-mbp.home> (github: cpuguy83)
The biggest/bestest change here is cutting down on the number of calls to Docker in the filtering helpers (`__docker_containers_running`, etc), especially calls to the really heavy `docker images`.
Signed-off-by: Andrew Page <admwiggin@gmail.com>
Add support for pulling signed images from a version 2 registry.
Only official images within the library namespace will be pull from the
new registry and check the build signature.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Using repo tag in the status message for better usability, as per review comments
Added documentation and Changed code to print Status after downloads are complete
Addresses #2404
Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
debootstrap needs the suite as the second argument, for this the script
reorders arguments beginning with a minus but components separated by
space, as stated by the help message, is not handled and will lead to
the rootfs being passed as suite to debootstrap.
The poor mans solution is to fix the help message to pass the long
option as one argument.
Signed-off-by: Julian Taylor <jtaylor.debian@googlemail.com>
Remove commented code, use format for string concatenation, split long lines, fix how-to-run instructions
Signed-off-by: Davide Ceretti <dav.ceretti@gmail.com>
Now that the archive package does not depend on any docker-specific
packages, only those in pkg and vendor, it can be safely moved into pkg.
Signed-off-by: Rafe Colton <rafael.colton@gmail.com>
This is the second of two steps to break the archive package's
dependence on utils so that archive may be moved into pkg. `Matches()`
is also a good candidate pkg in that it is small, concise, and not
specific to docker internals
Signed-off-by: Rafe Colton <rafael.colton@gmail.com>
This is the first of two steps to break the archive package's dependence
on utils so that archive may be moved into pkg. Also, the `Go()`
function is small, concise, and not specific to the docker internals, so
it is a good candidate for pkg.
Signed-off-by: Rafe Colton <rafael.colton@gmail.com>
security-opts will allow you to customise the security subsystem.
For example the labeling system like SELinux will run on a container.
--security-opt="label:user:USER" : Set the label user for the container
--security-opt="label:role:ROLE" : Set the label role for the container
--security-opt="label:type:TYPE" : Set the label type for the container
--security-opt="label:level:LEVEL" : Set the label level for the container
--security-opt="label:disabled" : Turn off label confinement for the container
Since we are passing a list of string options instead of a space separated
string of options, I will change function calls to use InitLabels instead of
GenLabels. Genlabels interface is Depracated.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
This also removes dead code in the native driver for a past feature that
was never fully implemented.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Changes summary:
* Added available USE flags table(description included).
* Added some tips regarding the use of docker in the Gentoo environment.
* Sorted out docker installation ways.
* Added information about the newly created Gentoo Docker team.
* Misc improvements
Signed-off-by: Pavlos Ratis <dastergon@gentoo.org>
This new version makes sure that the same context is used for the two
builds run in the test. If you don't use the same build then about 1/2 the
time the file copied into the container will look like a different file,
probably due to timestamp differences. But reusing the same context we
re-use the same file on disk and therefore avoid the change in timestamps,
and we use the cache on the 2nd build.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Since RemoveLocalDns patch will remove all localhost entries
from resolv.conf we no longer need anything more then
!bytes.Contains(resolvConf, []byte("nameserver")
To check for no nameserver entry in dns config.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
We have a bug report complaining about docker dumping the contents of the
hosts resolv.conf if it container 127.0.0.1. They asked that instead
of dropping the file altogether, that we just remove the line.
This patch removes the 127.0.0.1 lines, if they exist and then
checks if any nameserver lines exist.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
When user passes an invalid tag to `docker build`
(i.e. `docker build -t abcd:A0123456789B0123456789C0123456789 .`), check the
tag first and terminate-early so user can specify the tag again
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Closes#7941
Treat a null in JSON, when reading the config of a container, as if the
property was never included. W/o this fix the null would be saved in the
property as a string with a value of "null".
Signed-off-by: Doug Davis <dug@us.ibm.com>
volumes.Get was not checking for symlinked paths meanwhile when adding a
new volume it was following the symlink.
So when trying to use a bind-mount that is a symlink, the volume is
added with the correct path, but when another container tries to use the
same volume it got a "Volume exists" error because volumes.Get returned
nil and as such attempted to create a new volume.
Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
When doing `docker start -a` on a container that won't start, terminal
was getting stuck on the attach, even after container removal.
Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
docker-exec.md needs to be renamed in order to build man page.
Should be docker-exec.1.md
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
When read is called on a tarsum with a two different read sizes, specifically the second call larger than the first, the dynamic buffer does not get reallocated causing a slice read error.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Currently, the HostConfig is only passed from the CLI to Docker only
when issuing a docker create, but not when doing a docker run.
In the near future, in order to allocate ports at creation time rather
than start time, we will need to have the HostConfig readily available
at container creation.
This PR makes the client always pass the HostConfig when creating a
container (regardless of whether it's for a run or create).
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
`docker events > /tmp/out` should not print control
characters to non-terminal STDOUT.
This addresses commit 26b4a4920a
without creating regression described in issue #6509.
Signed-off-by: Vojtech Vitek (V-Teq) <vvitek@redhat.com>
Since it is possible to request a specific IP, IPAllocator has to verify
that the request is within boundaries.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
On Fedora and RHEL we ship selinux-enabled flag in the docker.service config,
but if people setup the /var/lib/docker as btrfs and disable SELinux,
we should not block the daemon from running.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Currently inspect output just shows Size info, and that usally be
very small and even 0 which is confusing.
Fixes#8016
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Cleaned up and corrected some invalid "example responses".
Added some missing double-quotes for examples that resulted in invalid JSON.
Other general cleanup of stray characters and typos.
Docker-DCO-1.1-Signed-off-by: Ted M. Young <tedyoung@gmail.com> (github: SvenDowideit)
If `--storage-opt dm.datadev=/dev/loop0 --storage-opt
dm.metadatadev=/dev/loop1 ` were provided, the information was not
reflected in the information output.
Closes: #7137
Signed-off-by: Vincent Batts <vbatts@redhat.com>
There were a new areas in the brige driver that did not need to have log
output. Those were removed. Also set the engine's logging to false
when running the integration tests.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Mac address support to the netlink pkg.
Cgroup performance and memory issues.
Netlink refactoring.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Not breaking the default cipher and algorithm for calculating checksums,
but allow for using alternate block ciphers during the checksum
calculation.
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
This change will allow the Docker daemon's init script to wait up to 5
minutes before being forcibly terminated by the initscript. Many
non-trivial containers will take more than the default 3 seconds to
stop, which can result in containers whose rootfs is still mounted and
will not restart when the daemon starts up again, or worse, orphan
processes that are still running.
Signed-off-by: Steven Merrill <steven.merrill@gmail.com>
Now we can do "-run TestBuild" to test all build-tests and "-run
TestBuildCopy" for test all copy-tests
Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
Removed runconfig.ParseSubcommand, changed it to runconfig.Parse and editted related tests and modules
Signed-off-by: Oh Jinkyun <tintypemolly@gmail.com>
If a tar were constructed with duplicate file names, then depending on
the order, it could result in same tarsum.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Also, simplified the output method by using `cat >&2 <<EOF ...` instead of multiple lines of `echo >&2 '...'`.
Signed-off-by: Andrew Page <admwiggin@gmail.com>
Ordering all clients alphabetically, by language.
Including all available languages in `page_keywords`.
Signed-off-by: Abhinav Ajgonkar <abhinav316@gmail.com>
For the cases where --bip option is used it is sometimes best to disable
IP masquerading as the provided bridge IP range may be routable.
Signed-off-by: Eugene Yakubovich <eugene.yakubovich@coreos.com>
Hi,
this is a small contribution to fix some slightly unprecise information about the `X-Registry-Auth` header required to pull from private registries through the remote API. After a lot of trial and I error I managed to find that the documentation indications had this issues:
* Apparently single quotes cannot be used and double quotes (regular JSON) is required.
* Also the `auth` key must be passed even if empty or a 403 will result.
* It was not clear what the `serveraddress` had to be.
I added some small clarifications for anyone taking a look at the docs to keep them from the problems I've encountered. Hope this is helpful.
Thanks to all the contributors for bringing so much awesomeness to the linux world. :)
Signed-off-by: David Pelaez Tamayo <hello@davidpelaez.me>
This adds a --add-host host:ip flag which appends lines to /etc/hosts. This is needed in places where you want the container to get a different name resolution than it would through DNS. This was submitted before as #5525, closed, and now I am re-opening. It has come up 2 or 3 times in the last couple days.
Signed-off-by: Tim Hockin <thockin@google.com>
This exposes the already existing "create container" operation. It is
very similar to "docker run -d" except it doesn't actually start the
container, but just prepares it. It can then be manually started using
"docker start" at any point.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Conflicts:
api/client/commands.go
runconfig/parse.go
server/container.go
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Some graphdrivers are Differs and type assertions are made
in various places throughout the project. Differ offers some
convenience in generating/applying diffs of filesystem layers
but for most graphdrivers another code path is taken.
This patch brings all of the logic related to filesystem
diffs in one place, and simplifies the implementation of some
common types like Image, Daemon, and Container.
Signed-off-by: Josh Hawn <josh.hawn@docker.com>
Use utils.RFC3339NanoFixed ("2006-01-02T15:04:05.000000000Z07:00")
instead of time.RFC3339Nano to format our log timestamps - this way
things are aligned, in particular the nano seconds are padded with zeros
Signed-off-by: Doug Davis <dug@us.ibm.com>
Tarsum now correctly closes the internal TarWriter which appends
a block of 1024 zeros to the end of the returned archive.
Signed-off-by: Josh Hawn <josh.hawn@docker.com>
- Errors sent to the walker callback functions were ignored. This meant that
one could get a panic when calling methods on a nil FileInfo object. For
example when the file did not exists any more.
- Lstat calls inside walker callback are reduntant because walker already calls
Lstat and passes the result to the callback.
- Error returned from filepath.Rel() can never be EACCES because it compares
strings and does not care about actual files.
- If Matched() returns error then ValidateContextDirectory() must return error.
Currently it still kept walking although the outcome was already known.
- Function will now fail in case of unknown error(not EACCES nor ENOENT).
Previous implementation did not make a clear decision about this (but
panicked because of the issues above).
Signed-off-by: Tõnis Tiigi <tonistiigi@gmail.com> (github: tonistiigi)
1. /container/<name>/exec - Creates a new exec command instance in the daemon and container '<name>'. Returns an unique ID for each exec command.
2. /exec/<name>/start - Starts an existing exec command instance. Removes the exec command from the daemon once it completes.
Adding /exec/<name>/resize to resize tty session of an exec command.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
this is to enhance the tarsum algorithm, but _MUST_ be done in lock step
with the same for docker-registry. (PR will be cited)
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
I've moved the docs.css to last so it can tweak any existing css, and
then set that to the same grey colour used for 'normal' text.
While testing I found and fixed an over-zealous line wrap.
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
This introduces Versions for TarSum checksums.
Fixes: https://github.com/docker/docker/issues/7526
It preserves current functionality and abstracts the interface for
future flexibility of hashing algorithms. As a POC, the VersionDev
Tarsum does not include the mtime in the checksum calculation, and would
solve https://github.com/docker/docker/issues/7387 though this is not a
settled Version is subject to change until a version number is assigned.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Adds support for a --registry-mirror=scheme://<host>[:port]
daemon flag. The flag may be present multiple times. If
provided, mirrors are prepended to the list of endpoints used
for image pull. Note that only mirrors of the public
index.docker.io registry are supported, and image/tag resolution
is still performed via the official index.
Docker-DCO-1.1-Signed-off-by: Tim Smith <timbot@google.com> (github: timbot)
commit 4aa5da278f moves `Console` from Command to
ProcessConfig, but missed the change in lxc_template. Therefore creating a
container with tty using lxc driver with fail with error
template: lxc:60:20: executing "lxc" at <.Console>: Console is not a field of
struct type struct { *execdriver.Command; AppArmor bool; ProcessLabel string; MountLabel string }
This changes lxc_console template to refers to `.ProcessConfig.Console`
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Since these will be shared between containers we want to label
them as svirt_sandbox_file_t:s0. That will allow multiple containers
to write to them.
Currently we are allowing container domains to read/write all content in
/var/lib/docker because of container volumes. This is a big security hole
in our SELinux story.
This patch will allow us to tighten up the security of docker containers.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
It is a tar stream, you should mention that somehow.
Here is the proof:
```
host:~$ docker run -t -i ubuntu:14.04 bash
root@c39be4c7b7c8:/# echo "my file contents" > abc
root@c39be4c7b7c8:/# cat abc
my file contents
root@c39be4c7b7c8:/# exit
host:~$ curl -H "Content-Type: application/json" -d '{"Resource":"/abc"}' http://localhost:4500/containers/c39be4c7b7c8/copy
abc0100644000000000000000000000002112402102531007674 0ustar0000000000000000my file contents
host:~$ curl -H "Content-Type: application/json" -d '{"Resource":"/abc"}' http://localhost:4500/containers/c39be4c7b7c8/copy > response_content
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2067 100 2048 100 19 56968 528 --:--:-- --:--:-- --:--:-- 58514
host:~$ tar xvf response_content
abc
host:~$ cat abc
my file contents
```
Docker-DCO-1.1-Signed-off-by: Mustafa Akın <mustafa91@gmail.com> (github: SvenDowideit)
If iptables version is < 1.4.11, try to delete the rule vs. checking if it exists. Fixes#6831.
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jfrazelle@users.noreply.github.com> (github: jfrazelle)
This commit makes tarsum buffer allocation dynamic. This change
is required to avoid allocating memory excessively after the archive
buffering changes.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Per registry.doRequest, res and client might be nil in case of error
For example, dns resolution errors, /etc/docker/certs.d perms, failed
loading of x509 cert ...
This will make res.StatusCode and res.Body SEGFAULT.
Signed-off-by: Arthur Gautier <baloo@gandi.net>
zsh completion is updated with the content of
felixr/docker-zsh-completion.
The major change since the last merge is the removal of use of
sed/awk. This should help a lot OSX users who previously had to install
gawk and gsed.
Docker-DCO-1.1-Signed-off-by: Vincent Bernat <vincent@bernat.im> (github: vincentbernat)
errorOut was using the err from the previous test.
same as #7816 but on TestTopPrivileged, which I missed last time
Signed-off-by: Frank Rosquin <frank.rosquin@gmail.com>
Now from a single invocation of `docker save`, you can specify multiple
images to include in the output tar, or even just multiple tags of a
particular image/repo.
```
> docker save -o bundle.tar busybox ubuntu:lucid ubuntu:saucy fedora:latest
> tar tf ./bundle.tar | wc -l
42
> tar xOf ./bundle.tar repositories
{"busybox":{"latest":"2d8e5b282c81244037eb15b2068e1c46319c1a42b80493acb128da24b2090739"},"fedora":{"latest":"58394af373423902a1b97f209a31e3777932d9321ef10e64feaaa7b4df609cf9"},"ubuntu":{"lucid":"9cc9ea5ea540116b89e41898dd30858107c1175260fb7ff50322b34704092232","saucy":"9f676bd305a43a931a8d98b13e5840ffbebcd908370765373315926024c7c35e"}}
```
Further, this fixes the bug where the `repositories` file is not created
when saving a specific tag of an image (e.g. ubuntu:latest)
document multi-image save and updated API docs
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
Graph.Get function already returns nil when the image doesn't exist so
following comment is obsolete.
FIXME: return nil when the image doesn't exist, instead of an error
Signed-off-by: Daehyeok.Mun <daehyeok@gmail.com>
This is a temporary solution until we have a dedicated release notes page with automated content.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
To avoid conflicting with layer IDs, repository names must
not be tagged with names that collide with hexadecimal strings.
Signed-off-by: Eric Windisch <eric@windisch.us>
I've changed LxcConf on a previous API document. Not sure why it keeps getting changed back. I'm seeing Docker 1.2.0 command-line calls are still using the array of key/values.
Docker-DCO-1.1-Signed-off-by: getvictor <victor@victoreda.com> (github: SvenDowideit)
--help and help are successful commands so output should not go to error.
QE teams have requested this change, also users doing docker help | less
or docker run --help | less would expect this to work.
Usage statement should only be printed when the user asks for it.
Errors should print error message and then suggest the docker COMMAND --help
command to see usage information.
The current behaviour causes the user to have to search for the error message
and sometimes scrolls right off the screen. For example a error on a
"docker run" command is very difficult to diagnose.
Finally erros should always exit with a non 0 exit code, if the user
makes a CLI error.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
This commit fixes following FIXMEs:
// FIXME: rename "delete" to "rm" for consistency with the CLI command
// FIXME: rename ContainerDestroy to ContainerRm for consistency with the CLI command
Signed-off-by: lim seong yeol <seongyeol37@gmail.com>
When running Ubuntu with a graphical environment, the kernel version MUST match the Xorg version. Only installing the suggested packages above breaks Unity for anything other than 2D mode (in VMware and probably native).
Signed-off-by: Ethan Spoelstra <ewspoelstra@computerphreaks.com>
This code is vital to the security of the project and it is important
we assure it is well-maintained and guarded.
I am vested in assuring this code maintains security and
provides as much compatibility as possible between releases.
Signed-off-by: Eric Windisch <eric@windisch.us>
issue #7580 volumes-from comma separated list mentioned this case.
Options like --volumes-from=[] indicate they can be specified multiple times:
docker run -it --rm --volumes-from TEST_DATA --volumes-from TEST_DATA2 ubuntu bash
Signed-off-by: Deshi Xiao <dxiao@redhat.com>
Out of box, the 'sudo' command on openSUSE does not work similarly to other distros. In this case, the path to usermod should be explicitly given, since /usr/sbin, where usermod is located, is not on the sudoing user's PATH. The other sudo commands here should be fine.
The cli interface works similar to other registry related commands:
docker search foo
... searches for foo on the official hub
docker search localhost:5000/foo
... does the same for the private reg at localhost:5000
Signed-off-by: Daniel Menet <membership@sontags.ch>
Reset the time increment if the container's execution time is greater
than 10s or else as a container runs and is restarted the time will grow
overtime.
Signed-off-by: Michael Crosby <michael@docker.com>
We need to do this so that when a user asks docker to stop the container
and it is currently in the restart loop we don't want to have to wait
for the duration of the restart time increment before ack. the stop.
Signed-off-by: Michael Crosby <michael@docker.com>
- Use a common struct for Volumes
- Split out some functionality in intializeVolume into separate functions
- Removes some duplicate code
- In general much easier to grok the code now
Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
This PR moves the userland proxies for TCP and UDP traffic out of the
main docker daemon's process ( from goroutines per proxy ) to be a
separate reexec of the docker binary. This reduces the cpu and memory
needed by the daemon and if the proxy processes crash for some reason
the daemon is unaffected. This also displays in the standard process
tree so that a user can clearly see if there is a userland proxy that is
bound to a certain ip and port.
```bash
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5d349506feb6 busybox:buildroot-2014.02 "sh" 13 minutes ago Up 1 seconds 0.0.0.0:49153->81/tcp, 0.0.0.0:49154->90/tcp hungry_pike
root@1cbfdcedc5a7:/go/src/github.com/docker/docker# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 18168 3100 ? Ss 21:09 0:00 bash
root 8328 0.7 0.6 329072 13420 ? Sl 22:03 0:00 docker -d -s vfs
root 8373 1.0 0.5 196500 10548 ? Sl 22:03 0:00 userland-proxy -proto tcp -host-ip 0.0.0.0 -host-port 49153 -container-ip 10.0.0.2 -container-port 81
root 8382 1.0 0.5 270232 10576 ? Sl 22:03 0:00 userland-proxy -proto tcp -host-ip 0.0.0.0 -host-port 49154 -container-ip 10.0.0.2 -container-port 90
root 8385 1.2 0.0 3168 184 pts/0 Ss+ 22:03 0:00 sh
root 8408 0.0 0.1 15568 2112 ? R+ 22:03 0:00 ps aux
```
This also helps us to cleanly cleanup the proxy processes by stopping
these commands instead of trying to terminate a goroutine.
Signed-off-by: Michael Crosby <michael@docker.com>
renaming this struct to more clearly be session, as that is what it
handles.
Splitting out files for easier readability.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
* starting with filtering for exit codes. `docker ps -a --filter 'exited=1'`
* API doc for filter parameter
* formatting filters for help usage
* tweaks for review
This requires https://github.com/dotcloud/docker/pull/4430
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
Later versions of `apt` are smart enough to just create this directory if it's missing, but Lucid balks (just like `gnupg` and `gpgv` aren't in the Required set so don't come in a minbase -- good ol' Lucid).
Signed-off-by: Andrew Page <admwiggin@gmail.com>
This is an extremely tentative PR. However, I feel that the suggestions are generally good.
Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: timthelion)
This commit contains a re-structured re-write of the original
certificated.md file, containing the amendments proposed with
PR #7120 (commit ID bd28595e31) by @timthelion.
Related to: https://github.com/dotcloud/docker/pull/7120
2014-07-30: Update/rebase/squash based on the comments from @jamtur01 and @fredlf.
2014-08-12: Update/rebase/squash based on the comments from @fredlf (of 2014-08-12).
Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
This changes the way the exec drivers work by not specifing a -driver
flag on reexec. For each of the exec drivers they register their own
functions that will be matched aginst the argv 0 on exec and called if
they match.
This also allows any functionality to be added to docker so that the
binary can be reexec'd and any type of function can be called. I moved
the flag parsing on docker exec to the specific initializers so that the
implementations do not bleed into one another. This also allows for
more flexability within reexec initializers to specify their own flags
and options.
Signed-off-by: Michael Crosby <michael@docker.com>
This PR proposes to fix some already existing (i.e., older)
line-length & line-alignment issues and the ones recently
included/merged with the PR #7406
(https://github.com/docker/docker/pull/7406).
It also proposes to fix a couple minor typography mistakes
(i.e., spelling of GitHub and Service Hooks (headers))
This PR does *not* propose any content changes.
Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
The cli interface works similar to other registry related commands:
docker search foo
... searches for foo on the official hub
docker search localhost:5000/foo
... does the same for the private reg at localhost:5000
Signed-off-by: Daniel Menet <membership@sontags.ch>
Cover network configuration and reference the official openSUSE image
inside of the examples.
Docker-DCO-1.1-Signed-off-by: Flavio Castelli <fcastelli@suse.com> (github: flavio)
This is part of the ongoing effort to remove the deprecated server/
package, and generally cleanup and simplify the codebase.
Signed-off-by: Solomon Hykes <solomon@docker.com>
- add `set -e` to make failing commands bail the script
- remove trailing `exit 0` which is just extraneous anyhow
- adjust `status_of_proc` options to pass in `$DOCKER_DESC` so we get consistently styled messages like `Docker is running` or `Docker is not running` or `could not access PID file for Docker`
Signed-off-by: Andrew Page <admwiggin@gmail.com>
`rm -f` was originally deprecated in favor of `rm --stop/--kill` since `rm
-f` was sending SIGTERM and potentially very slow.
Instead this will bring back `rm -f` but use SIGKILL isntead
Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
The graphtest package is only imported in the test files of other
packages therefore we do not leak testing flags.
Signed-off-by: Michael Crosby <michael@docker.com>
This prevents the testing package flags from leaking into the flagsets
of binaries that import docker. I left integration-cli alone.
Docker-DCO-1.1-Signed-off-by: Peter Bourgon <peter@bourgon.org> (github: peterbourgon)
Update hack/vendor.sh to use libcontainer's update-vendor.sh script as the source of truth for libcontainer deps and not include them in Docker's repo twice
This removes a shim `daemon.Server` interface which was used to start
separating Daemon from Server *gradually*, without getting cyclic
dependency errors.
Now that the last Daemon->Server dependency has been removed, we can
finally remove the shim. Yay!
Signed-off-by: Solomon Hykes <solomon@docker.com>
That job was a hacky solution to a real race condition. This removes the
hack without re-introducing the race.
Signed-off-by: Solomon Hykes <solomon@docker.com>
This disentangles the following functions, which were previously all mixed together:
* 1) Waiting for jobs to terminate when shutting down
* 2) Handling signals in the Docker daemon
* 3) Per-subsystem cleanup handlers
* 4) pidfile management
Responsibilities are dispatched as follows:
* Signal traps are set in `main`, and trigger `engine.Shutdown`
* `engine.Shutdown` coordinates cleanup by waiting for jobs to complete, and calling shutdown handlers
* To perform cleanup at shutdown, each subsystem registers handlers with `engine.OnShutdown`
* `daemon` is one subsystem, so it registers cleanup via `engine.OnShutdown`.
* `daemon` owns the pidfile, which is used to lock access to `/var/lib/docker`. Part of its cleanup is to remove the pidfile.
Signed-off-by: Solomon Hykes <solomon@docker.com>
* Events subsystem merged from `server/events.go` and
`utils/jsonmessagepublisher.go` and moved to `events/events.go`
* Only public interface for this subsystem is engine jobs
* There is two new engine jobs - `log_event` and `subscribers_count`
* There is auxiliary function `container.LogEvent` for logging events for
containers
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
[solomon@docker.com: resolve merge conflicts]
Signed-off-by: Solomon Hykes <solomon@docker.com>
Note: this cannot yet be moved to graph/ because of a lingering
dependency on daemon. This has been noted in a FIXME.
Signed-off-by: Solomon Hykes <solomon@docker.com>
/tmp is often a tmpfs file system and large temporary files could cause
docker commands to fail. Also using /tmp potentially allows users on the
system to get access to content, or even attack the content. Moving the tmpdir to
/var/lib/container/tmp will protect the data.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Conflicts:
docker/docker.go
DOCKER_CONFIG was introduced in #6984.
We may use "config" for other purposes (e.g. #7232). Until we
have made a design decision around how configuration files will
work, DOCKER_CERT_PATH is a much safer name to rely on for future
compatibility.
Docker-DCO-1.1-Signed-off-by: Ben Firshman <ben@firshman.co.uk> (github: bfirsh)
This works mostly by refactoring our "main" package to be careful about what it imports based on the daemon build tag. :)
Also, I've updated Travis to test "client-only" compilation after it tests the daemon version.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
This allows signing off commits with `git commit -s`
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Cleaned up DCO regex
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Issues addressed:
- Remote API doco refers to "registry" parameter which is not supported
- Neglects to mention "tag" parameter which is supported
- Offers no guidance on pushing to private registries
Changes made:
- As directed in review comments, `registry` removed from all api versions (1.0-1.14)
- Have added documentation for `tag` parameter and guidance on private registries for versions 1.10-1.14 (I have only validated this on .10)
Docker-DCO-1.1-Signed-off-by: Lachlan Coote <lachlan.t.coote@gmail.com> (github: lcoote)
This is part of an effort to break apart the deprecated server/ package
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This is part of an effort to break apart the deprecated server/ package
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This is part of an effort to break apart the deprecated server/ package
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Fix issues with renaming changes to container_changes
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
This is part of an effort to break apart the deprecated server/ package
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This is part of an effort to break apart the deprecated server/ package
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Fix issues with renaming container_delete to delete
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
This is part of an effort to break apart the deprecated server/ package
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This is part of an effort to break apart the deprecated server/ package
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This is part of an effort to break apart the deprecated server/ package
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This is part of an effort to break apart the deprecated server/ package
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This is part of an effort to break apart the deprecated server/ package
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This is part of an effort to break apart the deprecated server/ package
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This is part of an effort to break apart the deprecated server/ package
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This is part of an effort to break apart the deprecated server/ package
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This is part of an effort to break apart the deprecated server/ package
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This is part of an effort to break apart the deprecated server/ package
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Btrfs graph driver is not experimental now according to #4838 and CHANGELOG.md is saying "btrfs is no longer considered experimental.".
Docker-DCO-1.1-Signed-off-by: Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com> (github: ichik1)
Tag can be a number, like centos:6.4, and so must be handled like a
string otherwise will lose quotation marks when converting to json
and the client (API < 1.7) will try to convert to int, failing
because the type is string. Additionally using ParseRepositoryTag to
parse repository names to split the tag because an URL can have : and
so more than one occurrence of : can be found on repository names.
Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
Addresses issue #7141
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
a little git by
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: SvenDowideit)
The initial `ValidateContextDirectory` implementation fails loudly when a file
lacks read permissions in the current context. However that situation is valid
if the file is included in the `.dockerignore` patterns.
Docker-DCO-1.1-Signed-off-by: Bruno Renié <brutasse@gmail.com> (github: brutasse)
This came up in #docker-dev today. We're not sure exactly why the original restriction was put it place. It is not well obeyed. Please comment if you know the origin of the restriction.
Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: timthelion)
- Directories should have u+x (0600 -> 0700)
- Don't chown files to root because we don't have to
Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com> (github: kzys)
This commit proposes some minor amendments and updates
for the articles/https.md document to fix certain errors, inc.:
- Marking commands / flags as code (e.g. `tlsverify`) [done before rebase]
- Capitalising the word Docker
- Normalizing headers to match the rest of the docs;
- Expanding the page description to match the page title and the content;
- Capitalizing HTTPS etc.;
- Some spelling error fixes;
- Line-length adjustments to make it easier to read the raw file.
It does not propose any fundemental changes to the structure of the document.
Certain changes were based before another update on this doc.
Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
This is part of an effort to break apart the deprecated server/ package
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This is part of an effort to break apart the deprecated server/ package
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This is part of an effort to break apart the legacy server package. Help wanted!
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
functions to pkg/parsers/kernel, and parsing filters to
pkg/parsers/filter. Adjust imports and package references.
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
The image centos:centos6.4 doesn't exist. Instead you have to choose between the official centos6 or centos7. Both images does not work together with de yum npm install. When choosing an centos6.5 from another distributor (tutum) it works.
This should not be done by default but used by adminsys with a drop-in.d file,
for buggy daemons which crash without known fixes.
Docker-DCO-1.1-Signed-off-by: Sébastien Luttringer <seblu@seblu.net> (github: seblu)
- put all the precompiled test binaries in $DEST so they show up in bundles and can be re-run individually afterwards
- support cases where parallel is not installed (when using dyntest-unit, for example, this is much more common, since it's designed to be run outside the Dockerfile)
- use "mktemp -d" instead of "/tmp" directly for our temporary parallel HOME
- update the default PARALLEL_JOBS to be the value of "nproc" instead of 0, since "0 means as many as possible" (see https://www.gnu.org/software/parallel/man.html#jobs_n)
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
removing the insert documentation for > 1.10 since it has been removed
in 1.11. This commit fixes#7183
Docker-DCO-1.1-Signed-off-by: Julien Bordellier <me@julienbordellier.com> (github: jstoja)
Defining err as named return parameter will make sure the variable gets
assigned before returning and thus avoid masking
Docker-DCO-1.1-Signed-off-by: Johannes 'fish' Ziemke <github@freigeist.org> (github: discordianfish)
The ENTRYPOINT example uses "/usr/bin/ls" as path, but `ls` is located at `/bin/ls`.
Docker-DCO-1.1-Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (github: thaJeztah)
Both functions perform the same logic and they just vary on the base
multiplication units. We can refactor the common code into a single
place.
Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
No need to initialize every time the function executes since it works as
a catalog.
Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
No need to have two lines. The type is even explicit when type casting
to `float64(size)`
Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
No need to recompile a fixed regular expression each time the function
executes. Abstracting it to the `init()` method.
Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
May make sense that both `FromHumanSize()` and `RAMInBytes()` support
the same units. Added 'PB' to the RAMInBytes regex.
Also updated tests.
Note: int64 is overflowed on quantities >= EB
Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
namespaces are not well documented, and I had to jump around to other docs. replacing `foo/bar` hopefully makes what's going on here a bit more obvious.
Docker-DCO-1.1-Signed-off-by: Tim Ruffles <timruffles@gmail.com> (github: timruffles)
Better to not use `error` as var name (might eclipse the error type) for
clarity and to prevent subtle bugs.
Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Final revisions to B2D doc.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Remove named returns since not used in function body. Might prevent
potential subtle bugs.
Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
Increased coverage:
* Added test cases to size_test.go
* Added coverage for duration.go
Docker-DCO-1.1-Signed-off-by: Francisco Carriedo <fcarriedo@gmail.com> (github: fcarriedo)
If AppArmor is enabled on the current system, but "apparmor_parser" isn't installed, it causes all kinds of issues.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Make it possible to inspect an initial response and pass it to
ResumableRequestReader. This makes it possible to inspect an initial
response and passing it to ResumableRequestReader to avoid making an
extra request.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
"docker logout [SERVER]" will remove the registry server' credentials from
.dockercfg file. If a server is not specified, it will log user out of the
default docker registry server
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
As requested after #7021 add me as a maintainer alongside the sword
toting @lsm5.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
zsh completion is updated with the content of
felixr/docker-zsh-completion.
Docker-DCO-1.1-Signed-off-by: Vincent Bernat <vincent@bernat.im> (github: vincentbernat)
lxc is special in that we cannot create the master outside of the
container without opening the slave because we have nothing to provide to the
cmd. We have to open both then do the crazy setup on command right now instead of
passing the console path to lxc and telling it to open up that console. we save a couple of
openfiles in the native driver because we can do this.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
This results in a dramatic improvement in the size of individual "apt-get update" layers (on a clean wheezy base, from "29.88 MB" down to "8.273 MB").
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
This uses "," instead of spaces so that the flags are parsed correctly
and also does not do a strings.Split on an empty string because
strings.Split will return a slice with one element, and empty string
causing parsing to fail when it validates that the cap exists.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Can now dynamically set the docker config directory through an
environment variable.
export DOCKER_CONFIG=/path/to/docker_config/
Default behavior remains the same, e.g. ~/.docker
Documentation for change added to the https.md docs.
Docker-DCO-1.1-Signed-off-by: James A. Kyle <james@jameskyle.org> (github: jameskyle)
I didn't realize the commit required a Docker-DCO so it failed the travis-ci build. So I removed the commit from my forked repo. Now it looks like there is a pull request with no commit. So here it is again:
Needed to add '--releasever=/' flag to run yum groupinstall on Centos7 (didn't try on anything else). This snippet from yum man page explains why:
```
Note: You may also want to use the option --releasever=/ when creating the installroot as otherwise the $releasever value is taken from the rpmdb within the installroot (and thus. will be empty, before creation).
```
Docker-DCO-1.1-Signed-off-by: Matt Schurenko <matt.schurenko@gmail.com> (github: mschurenko)
Here was possible race with inspect where we changing HostConfig.Links
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Made a "Secure by default" section, create 2048-bit keys, various cleanups.
Docker-DCO-1.1-Signed-off-by: Aaron Huslage <huslage@gmail.com> (github: huslage)
We add a --device flag which can be used like:
docker run --device /dev/sda:/dev/xvda:rwm ubuntu /bin/bash
To allow the container to have read write permissions to access the host's /dev/sda via a node named /dev/xvda in the container.
Note: Much of this code was written by Dinesh Subhraveti dineshs@altiscale.com (github: dineshs-altiscale) and so he deserves a ton of credit.
Docker-DCO-1.1-Signed-off-by: Timothy <timothyhobbs@seznam.cz> (github: timthelion)
Commit 09ee269d ("devmapper: Add option for specifying the thin pool
blocksize") also switched the default dm-thin-pool blocksize from 64K to
512K. That change unfortunately breaks the activation of dm-thin-pool
devices that were previously created using a 64K blocksize. Here is an
example of the dm-thin-pool activation failure users may experience:
device-mapper: thin: 253:4: pool target (204800 blocks) too small: expected 1638400
device-mapper: table: 253:4: thin-pool: preresume failed, error = -22
The reason for this is docker is passing 512K as the blocksize for a
dm-thin-pool that was previously created using a 64K blocksize. Docker
doesn't record the blocksize the is used when it creates a dm-thin-pool.
Until now it never had a need to do so because the blocksize was always
hardcoded. The dm-thin-pool blocksize must be the same every time a
dm-thin-pool is activated.
As a stop-gap fix, revert to using 64K for the default blocksize.
But we do need a proper fix for this now that 'dm.blocksize' is exposed
as a proper storage option. One possible fix would be to record the
blocksize for each dm-thin-pool that docker creates and to pass that
recorded blocksize down in the dmsetup table load each time the
dm-thin-pool is activated (this would be comparable to what lvm2 does).
Docker-DCO-1.1-Signed-off-by: Mike Snitzer <snitzer@redhat.com> (github: snitm)
Currently the docker logs timestamp flag generates log entries like:
$ sudo docker logs -ft daemon_dave
[May 10 13:06:17.934] hello world
It uses Go's StampMilli timestamp to generate the timestamp. The entry
is also wrapped in [ ].
This is non-standard operational timestamp and one that will require
custom parsing.
The new timestamp is RFC3999Nano and generates entries like:
2014-05-10T17:42:14.999999999Z07:00 hello world
These are readily parsed by tools like ELK.
Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Revised to match new UI, fixed links, copy edits and improvements.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
More revisions to builds.md
Corrections to automated build process, copy edits.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Edits based on Sonat's feedback
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Term 'service' was used together with 'daemon'. It would be better to use the term 'daemon' solely because most part of documentation are using the term.
Note that the archive does _not_ have a symlink from oldstable-lts to squeeze-lts, hence the change from using "${suite}" to not using it in here and just using the string "squeeze-lts" directly regardless of whether we're building a "squeeze" image or an "oldstable" image.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
If "DOCKER_HOST" is set, we can usually assume the user is connecting to a remote Docker and thus not bind mount anything by default (meaning the Makefile will more often DWIM for our users).
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
These start up much faster and the only caveat is that we can't use "sudo" (which we don't currently use anyhow).
Also, I've updated the Go version here to match what's in the Dockerfile.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Turns out, "alphanumeric" actually means both "alpha" AND "numeric". Dur.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Also removed skipped tests on "viz" and "tree" because they
blocked integration/buildfile_test.go removing.
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
In the Docker Linking Docs, the parent child relationship
was backwards. The Web container should be able to access
the DB, not other way around. Furthermore, the output of
'docker ps' was wrong (it showed that the DB could access
the Web). This fixes both typos.
Docker-DCO-1.1-Signed-off-by: Ian Bull <irbull@gmail.com> (github: irbull)
For various use cases, the 'repositories' file does not match expected
behavior.
Like,
docker save busybox:latest | tar t
Before:
[...]
busybox:latest/
busybox:latest/VERSION
busybox:latest/json
busybox:latest/layer.tar
# note, the layer name, and lack of 'repositories' file
Now:
[...]
a9eb172552348a9a49180694790b33a1097f546456d041b6e82e4d7716ddb721/
a9eb172552348a9a49180694790b33a1097f546456d041b6e82e4d7716ddb721/VERSION
a9eb172552348a9a49180694790b33a1097f546456d041b6e82e4d7716ddb721/json
a9eb172552348a9a49180694790b33a1097f546456d041b6e82e4d7716ddb721/layer.tar
repositories
# and the repositories file is correct for the single tagged
# image.
#> {"busybox":{"latest":"a9eb172552348a9a49180694790b33a1097f546456d041b6e82e4d7716ddb721"}}
and
docker save a9eb17255234 | tar t
Before:
[...]
a9eb17255234/
a9eb17255234/VERSION
a9eb17255234/json
a9eb17255234/layer.tar
# Note the truncated layer name
Now:
[...]
a9eb172552348a9a49180694790b33a1097f546456d041b6e82e4d7716ddb721/
a9eb172552348a9a49180694790b33a1097f546456d041b6e82e4d7716ddb721/VERSION
a9eb172552348a9a49180694790b33a1097f546456d041b6e82e4d7716ddb721/json
a9eb172552348a9a49180694790b33a1097f546456d041b6e82e4d7716ddb721/layer.tar
# There is no 'repositories' file, because there is no named repo
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
And also move it in to the `ADD` section, rather than being hidden in the `RUN` section.
Docker-DCO-1.1-Signed-off-by: Daniel Watkins <daniel@daniel-watkins.co.uk> (github: OddBloke)
An unbalanced single quote caused Fish to fail to load the completion file with `source: Error while reading file “/etc/fish/completions/docker.fish”`.
Docker-DCO-1.1-Signed-off-by: Andrew France <andrew@avito.co.uk> (github: Odaeus)
In that case /etc/resolv.conf will be generated with no search
option. Usage: --dns-search=.
Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
The Docker btrfs graph driver does not interact well with SELinux at present.
If btrfs mounts the same file in several locations, the same SELinux label will
be applied to all mountpoints. In the context of the graph driver, things such
as shared libraries become inaccessible to containers due to SELInux, causing
all dynamically linked applications to fail when run in a container.
Consequently, error when we detect the daemon is being run with SELinux enabled
and the btrfs driver. Documentation has been added for this behavior.
Docker-DCO-1.1-Signed-off-by: Matthew Heon <mheon@redhat.com> (github: mheon)
It became slightly faster and lighter
possibly fixes#5923 problems
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
- Hover colours of doc nav wrong
- Primary Docs Nav not active when user is Logged in.
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
* Fixed some uses of docker v. Docker
* Formatting and line wrapping.
* Spelling errors and grammar fixes.
Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
* Replaced docker with Docker.
* Consistently used STDIN, STDOUT, STDERR.
* Consistently used TTY.
* Fixed some grammar and spelling issues.
* Fixed references to the index.
Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: SvenDowideit)
Release notes for v.1.1 have been added to the docs index.md page. Made some revisions to
other content to make it shorter.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
This speeds up the tag cli integration tests by about 20 seconds.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Initiates a pause before committing a container,
adds a pause option to the commit command, defaulting to 'true'.
Fixes bug: #6267
Fixes bug: #3675
Docker-DCO-1.1-Signed-off-by: Eric Windisch <ewindisch@docker.com> (github: ewindisch)
This lowers the test execution time by about 5 seconds.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Also, add completion for "docker run -a" ("stdin", "stdout", and "stderr"), "docker run --env-file" (local filesystem), and some other minor code style tweaks.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Port allocation status is stored in a global map: a port detected in use will remain as such for the lifetime of the daemon. Change the behavior to only mark as allocated ports which are claimed by Docker itself (which we can trust to properly remove from the allocation map once released). Ports allocated by other applications will always be retried to account for the eventually of the port having been released.
Docker-DCO-1.1-Signed-off-by: Arnaud Porterie <icecrime@gmail.com> (github: icecrime)
The -m flag permits the setting of a memory limit when running a Docker
container. The actual limit set must be a multiple of page size on Linux, so
whatever number the uses passes in will be rounded up if needed. Document this
behavior to prevent confusion. Also fixed several small formatting and grammar
issues in the docker run manpage.
Docker-DCO-1.1-Signed-off-by: Matthew Heon <mheon@redhat.com> (github: mheon)
It avoids hidden error when ports are redirected from
container to host using -p host_port:guest_port.
Docker-DCO-1.1-Signed-off-by: Jiří Župka <jzupka@redhat.com> (github: jzupka)
Additionally, this can be overridden by setting the TMPDIR variable,
like this was already the case for the generic `mkimage.sh` script.
As explained in #6456, the rationale to use `/var/tmp` instead of `/tmp`
is that `/tmp` is often a small tmpfs filesystem with more restricted
rights.
Docker-DCO-1.1-Signed-off-by: Vincent Bernat <vincent@bernat.im> (github: vincentbernat)
Update md2man script to generate manpages inside docs/man/ directory. Update
usage documentation in the readme to point to the new docs/man path. Update
Ubuntu makefile to use new path to manpages
Docker-DCO-1.1-Signed-off-by: Matthew Heon <mheon@redhat.com> (github: mheon)
We discussed this at the docker plumbers meetup and for tools and
working on the system for things like boot2docker and coreos this is
needed. You can already bypass this check so we felt it is ok to start
allowing this feature.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Without this line of code, if a volume is present in /proc/mounts,
it cannot be remounted with new mount options.
Docker-DCO-1.1-Signed-off-by: Peter Waller <p@pwaller.net> (github: pwaller)
Like in the other installation guides I added a simple test
to verify that importing images and starting containers is
working.
Docker-DCO-1.1-Signed-off-by: Christian Berendt <berendt@b1-systems.de> (github: berendt)
Docker's --sig-proxy option sends all signals but one to a container. The
exception s SIGCHLD, which is deliberately ignored as it doesn't make sense to
send such a signal to a process in a container. Documentation updates will make
this less confusing if anyone does attempt to do this.
Docker-DCO-1.1-Signed-off-by: Matt Heon <mheon@redhat.com> (github: mheon)
Add dm.blocksize option that you can use with --storage-opt to set a
specific blocksize for the thin provisioning pool.
Also change the default dm-thin-pool blocksize from 64K to 512K. This
strikes a balance between the desire to have smaller blocksize given
docker's use of snapshots versus the desire to have more performance
that comes with using a larger blocksize. But if very small files will
be used on average the user is encouraged to override this default.
Docker-DCO-1.1-Signed-off-by: Mike Snitzer <snitzer@redhat.com> (github: snitm)
Device Mapper needs device sizes in binary (1024) multiples. Otherwise
kernel checks can find that the specified thin-pool device sizes aren't
a multiple of the specified thin-pool blocksize.
The name for "RAMInBytes" is likely too narrow given the new consumers
but... Also add "tebibyte" support to RAMInBytes.
Docker-DCO-1.1-Signed-off-by: Mike Snitzer <snitzer@redhat.com> (github: snitm)
createPool() and reloadPool() should be consistent with the thin-pool
table params they use.
Since createPool() specifies '1 skip_block_zeroing' reloadPool() should
too. Otherwise, if the pool is reloaded (as is done when resizing
loopback devices) block zeroing will be enabled after the reload
completes.
Docker-DCO-1.1-Signed-off-by: Mike Snitzer <snitzer@redhat.com> (github: snitm)
This will allow us to _know_ what the user's -H settings are, which may
be useful for debugging later.
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
TestServerListOrderedImagesByCreationDateAndTag was redundant and broken
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
not everything that is indented is a commandline example
Closes#6591
Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
The docker ps command displays the user-entered command running in a container.
If that command contained \n, \t, or other control characters, they were
interpreted literally, and newlines and tabs would be printed in the output.
Escape the command string to make things more readable.
Docker-DCO-1.1-Signed-off-by: Matt Heon <mheon@redhat.com> (github: mheon)
This fixes a code block typo so it renders as a code block. Additionally synchronizes the variable prefix examples from 'DB' and 'DB1_' to 'DB_' and 'DB1_'
It's not necessary to use the netgo implementation for non-static builds. :)
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
This patch adds CLI integration tests to ensure that NOCACHE instructions
in Dockerfiles only apply to direct children of the original image.
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
This patch fixes the bug where ONBUILD triggers are committed each build
step created during the ONBUILD trigger execution, since the triggers are
only wiped *after* all ONBUILD trigger steps have been committed. This was
fixed by simply copying the ONBUILD triggers and wiping the config
*before* committing anything.
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
ZSH completion scripts aren't supposed to be executable - they're sourced by ZSH and aren't run directly.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
This patch updates container.getResourcePath and container.getRootResourcePath
to return the error from symlink.FollowSymlinkInScope (rather than using utils).
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
Remove Inject to help rebase
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Docker-DCO-1.1-Signed-off-by: cyphar <cyphar@cyphar.com> (github: tiborvass)
Fixes#6506
There is the bug, that very hard to fix: When we return job.Errorf in
"logs" job it writes to job.Stderr, to which connected ResponseWriter and on
this write w.WriteHeader(http.StatusOK) is called. So, we get 200 on error
from "logs" job.
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
The chan struct used to forward signals to containers was one element only,
which caused some signals to be dropped when many were being received.
Increasing the size of the chan buffer makes this much less likely to happen.
Docker-DCO-1.1-Signed-off-by: Matt Heon <mheon@redhat.com> (github: mheon)
At the moment maintainers responsibility are spelled out with a hybrid
list. I.e. an unordered list with an associated number.
In this commit I the number list proper is used.
Docker-DCO-1.1-Signed-off-by: Daan van Berkel <daan.v.berkel.1980@email.com> (github: dvberkel)
The JSONMessage.Display methods erases the entire line by outputting the <ESC>[2K\r sequence before displaying the message content. This is not necessary for messages other than progress indicators, and introduces unwanted characters in the /events output.
Fixes#6203.
Docker-DCO-1.1-Signed-off-by: Arnaud Porterie <icecrime@gmail.com> (github: icecrime)
Events subscription (/events API endpoint) attributes pseudo-unique identifiers to incoming subscribers: originally its host, then its subscription time. This is unecessary and leads to code complexity.
Introduce a JSONMessagePublisher to provide simple pub/sub mechanism for JSONMessage, and rely on this new type to publish events to all subscribed listeners. The original logic is kept for the 'since' and 'until' parameters, and for client disconnection handling.
Docker-DCO-1.1-Signed-off-by: Arnaud Porterie <icecrime@gmail.com> (github: icecrime)
Added section to show how to get IP address and view running python app if the user is using boot2docker on OSX
Docker-DCO-1.1-Signed-off-by: Richard Harvey <richard@squarecows.com> (github: richarvey)
Docker-DCO-1.1-Signed-off-by: Richard Harvey <richard@squarecows.com> (github: SvenDowideit)
Closes issue #5036
This commit redirects the reader to top level doc upon clicking
on a main nav. menu item (eg. Installation [click] -> Mac OS X)
Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
as a maintainer.
Best of luck on your e-commerce business Guillaume, and thanks for all
the great contributions!
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Sometimes third attacher attaching to already stopped container.
Also I've changed prefix to attach and fixed cleanup on Fatal.
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
This lets you specify custom client TLS certificates and CA root for a
specific registry hostname. Docker will then verify the registry
against the CA and present the client cert when talking to that
registry. This allows the registry to verify that the client has a
proper key, indicating that the client is allowed to access the
images.
A custom cert is configured by creating a directory in
/etc/docker/certs.d with the same name as the registry hostname. Inside
this directory all *.crt files are added as CA Roots (if none exists,
the system default is used) and pair of files <filename>.key and
<filename>.cert indicate a custom certificate to present to the registry.
If there are multiple certificates each one will be tried in
alphabetical order, proceeding to the next if we get a 403 of 5xx
response.
So, an example setup would be:
/etc/docker/certs.d/
└── localhost
├── client.cert
├── client.key
└── localhost.crt
A simple way to test this setup is to use an apache server to host a
registry. Just copy a registry tree into the apache root, here is an
example one containing the busybox image:
http://people.gnome.org/~alexl/v1.tar.gz
Then add this conf file as /etc/httpd/conf.d/registry.conf:
# This must be in the root context, otherwise it causes a re-negotiation
# which is not supported by the tls implementation in go
SSLVerifyClient optional_no_ca
<Location /v1>
Action cert-protected /cgi-bin/cert.cgi
SetHandler cert-protected
Header set x-docker-registry-version "0.6.2"
SetEnvIf Host (.*) custom_host=$1
Header set X-Docker-Endpoints "%{custom_host}e"
</Location>
And this as /var/www/cgi-bin/cert.cgi
#!/bin/bash
if [ "$HTTPS" != "on" ]; then
echo "Status: 403 Not using SSL"
echo "x-docker-registry-version: 0.6.2"
echo
exit 0
fi
if [ "$SSL_CLIENT_VERIFY" == "NONE" ]; then
echo "Status: 403 Client certificate invalid"
echo "x-docker-registry-version: 0.6.2"
echo
exit 0
fi
echo "Content-length: $(stat --printf='%s' $PATH_TRANSLATED)"
echo "x-docker-registry-version: 0.6.2"
echo "X-Docker-Endpoints: $SERVER_NAME"
echo "X-Docker-Size: 0"
echo
cat $PATH_TRANSLATED
This will return 403 for all accessed to /v1 unless *any* client cert
is presented. Obviously a real implementation would verify more details
about the certificate.
Example client certs can be generated with:
openssl genrsa -out client.key 1024
openssl req -new -x509 -text -key client.key -out client.cert
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Currently the docs just say "let's go into the container and look at the
env vars", but doesn't show how to do it. It is also not currently
possible to enter the container as it is written in the doc
( container started with app.py and then somehow later on we have a
shell in the same container )
Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
would occasionally be returned in the incorrect order if sequential
layers had the same created time.
Docker-DCO-1.1-Signed-off-by: Bryan Murphy <bmurphy1976@gmail.com> (github: bmurphy1976)
The mention of NAT is confusing for those coming from pre-host-only networking b2d
Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Its tricked a number of readers, as its not a TOC, its just local to the
current topic. Now that the docs are not mobile responsive its not an
active UI element either.
Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
These constants don't need to use time.Duration(). Fixup this file since
it seems to be the only one using this style.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
If this is at the root directory for the daemon you could unmount
somones filesystem when you stop docker and this is actually only needed
for the palces that the graph drivers mount the container's root
filesystems.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This behavior changed from v0.9 to v0.10, so document it to prevent
any confusion.
Docker-DCO-1.1-Signed-off-by: Matthew Heon <mheon@redhat.com> (github: mheon)
DNS and VolumesFrom were moved to HostConfig and as such are part of the
container start and not create.
For some reason 0.10 docs are correct (except for a missing quote in the
JSON") but 0.11 and latest are not.
Docker-DCO-1.1-Signed-off-by: cpuguy83 <cpuguy83@gmail.com> (github: cpuguy83)
The blkdiscard hack we do on container/image delete is pretty slow, but
required to restore space to the "host" root filesystem. However, it
is pretty useless on raw devices, and you may not need it in development
either.
In a simple test of the devicemapper backend on loopback the time to
delete 20 container went from 11 seconds to 0.4 seconds with
--storage-opt blkdiscard=false.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This adds dm.datadev and dm.metadatadev options that you can use with
--storage-opt to set to specific devices to use for the thin
provisioning pool.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This adds the following --storage-opts for the daemon:
dm.fs: The filesystem to use for the base image
dm.mkfsarg: Add an argument to the mkfs command for the base image
dm.mountopt: Add a mount option for devicemapper mount
Currently supported filesystems are xfs and ext4.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This allows setting these settings to be passed:
dm.basesize
dm.loopdatasize
dm.loopmetadatasize
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
If we can't even get the current device mapper driver version, then
we cleanly fail the devmapper driver as not supported and fall back
on the next one.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This does the "reverse" of HumanSize, i.e. maps a string to an int64
using SI prefixes for the extension.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This change touches docker logs, attach, and start -a along with get
exit code in the client.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This patch adds pause/unpause to the command line, api, and drivers
for use on containers. This is implemented using the cgroups/freeze
utility in libcontainer and lxc freeze/unfreeze.
Co-Authored-By: Eric Windisch <ewindisch@docker.com>
Co-Authored-By: Chris Alfonso <calfonso@redhat.com>
Docker-DCO-1.1-Signed-off-by: Ian Main <imain@redhat.com> (github: imain)
We use the start-stop-daemon pid creation mechanism in addition the intrinsic built into docker. This means the pid file is guaranteed to be written out by the time the script exits.
See #6184.
Docker-DCO-1.1-Signed-off-by: Joe Beda <joe.github@bedafamily.com> (github: jbeda)
When run on a container that is already running, docker always succeeds.
This was an intentional change in v0.10; it previously caused an error.
This commit clarifies the man pages to indicate this is intended behavior.
Docker-DCO-1.1-Signed-off-by: Matthew Heon <mheon@redhat.com> (github: mheon)
These PR does a few things. It ensures that the freezer cgroup is
joined in the systemd driver. It also provides a public api for setting
the freezer state via the cgroups package.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
The systemd support for the devices cgroup lacks two required features:
* Support for wildcards to allow mknod on any device
* Support for wildcards to allow /dev/pts support
The second is available in more recent systemd as "char-pts", but not in e.g. v208 which is in wide use.
Additionally, the current approach of letting systemd set up the devices cgroup and then adding
some devices to it doesn't work, because some times systemd (at least v208) re-initializes
the devices cgroup, overwriting our custom devices. See https://github.com/dotcloud/docker/issues/6009
for the details.
When wildcarded mknod support is available in systemd we should implement a pure systemd version,
but we need to keep the old one around for backwards compat.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This only works if the file or dir is already created in
the image before setting it to be a volume. There is no way around this
because we don't have the data avaliable to set the volume at the
beginning of the dockerfile
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
adding tests and allowing for easy passing of filters.Args from client
to server.
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
This is a new feature and flag. (replaces the suggestion of a flag for
--untagged images).
The concept is to have a syntax to filter. This begins with this
filtering for the 'images' subcommand, and at that only filtering for
whether images are untagged.
example like: docker rmi $(docker images -q --filter 'untagged=true')
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
This patch adds some tests to ensure that quoted flags are properly
handled by the mflag package.
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
This patch improves the mflag package to ensure that things arguments
to mflag such as `-flag="var"` or `-flag='var'` have the quotes
stripped from the value (to mirror the getopt functionality for similar
flags).
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
* Added User Guide section outlines.
* Added User Guide to menu.
* Moved HTTPS example to articles.
* Replaced Hello World example with User Guide.
* Moved use cases out of examples.
* Updated Introduction to add User Guide.
* Redirected migrated /use and /articles links.
* Added Docker.io section
* Added Dockerized section
* Added Using Docker section
* Added Docker Images section
* Added Docker Links section
* Added Docker Volumes section
Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
Docker-DCO-1.1-Signed-off-by: William Henry <whenry@redhat.com> (github: ipbabble)
Changes to be committed:
modified: contrib/man/md/docker-build.1.md
modified: contrib/man/md/docker-run.1.md
modified: contrib/man/md/docker-tag.1.md
This is a fix for a race condition in the LXC driver. This is described
more in issue #6092.
Closes#6092
Docker-DCO-1.1-Signed-off-by: Shane Canon <scanon@lbl.gov> (github: scanon)
This also makes sure that devices are pointers to avoid copies
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
We now have one place that keeps track of (most) devices that are allowed and created within the container. That place is pkg/libcontainer/devices/devices.go
This fixes several inconsistencies between which devices were created in the lxc backend and the native backend. It also fixes inconsistencies between wich devices were created and which were allowed. For example, /dev/full was being created but it was not allowed within the cgroup. It also declares the file modes and permissions of the default devices, rather than copying them from the host. This is in line with docker's philosphy of not being host dependent.
Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)
If a container is started with a memory limit of 0, no memory limit is applied.
To prevent this from causing confusion, make interaction explicit in docs.
Docker-DCO-1.1-Signed-off-by: Matthew Heon <mheon@redhat.com> (github: mheon)
Remove old Stats interface in libcontainers cgroups package.
Changed Stats to use unit64 instead of int64 to prevent integer overflow issues.
Updated unit tests.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
There are two cases where we can't use a graphdriver:
1) the graphdriver itself isn't supported by the system
2) the graphdriver is supported by some configuration/prerequisites are
missing
This introduces a new error for the 2) case and uses it when trying to
run docker with btrfs backend on a non-btrfs filesystem.
Docker-DCO-1.1-Signed-off-by: Johannes 'fish' Ziemke <github@freigeist.org> (github: discordianfish)
Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
rebased by
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Docker-DCO-1.1-Signed-off-by: Robin Speekenbrink <robin@kingsquare.nl> (github: fruitl00p)
rebased by
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
This adds a COPY command to docker build which works like ADD, but is
only for local files and it doesn't extract files.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
There is no need for this, the device node by itself doesn't work, since
its not on a devpts fs, and we can just a regular file to bind mount over.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
It is no longer necessary to pass "SETUID" or "SETGID" capabilities to
the container when a "user" is specified in the config.
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
We don't need ordered set anymore, also some cleanings and simple
benchmark.
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Tried to clarify some of the semantics regarding --tag and renaming etc.
Added some text clarifying how to detach from a running containers.
Fixed a bug that reference /varlog instead of /dev/log.
Docker-DCO-1.1-Signed-off-by: William Henry <whenry@redhat.com> (github: ipbabble)
Changes to be committed:
modified: docker-attach.1.md
modified: docker-build.1.md
modified: docker-run.1.md
modified: docker-tag.1.md
This resolves a problem that I have been having where docker starts before networking is up. See issue #5944 for more details.
Docker-DCO-1.1-Signed-off-by: Jeffrey Bolle <jeffreybolle@gmail.com> (github: jeffreybolle)
This patch adds cli integration tests for #5619, which are tests
to ensure that symlinks are kept relative to the container rootfs
(even when a path component).
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
This patch fixes the incorrect handling of paths which contain a
symlink as a path component when copying data from a container.
Essentially, this patch changes the container.Copy() method to
first "resolve" the resource by resolving all of symlinks encountered
in the path relative to the container's rootfs (using pkg/symlink).
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
Fixes#2586
This fixes a few races where the name generator asks if a name is free
but another container takes the name before it can be reserved. This
solves this by generating the name and setting it. If the set fails
with a non unique error then we try again.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
-single-dash => --double-dash for a few flags, and also there was a missing "B", as in "Container B".
Docker-DCO-1.1-Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com> (github: nathanleclaire)
Updated documentation to include CentOS installation instructions.
Extraneous line removal, description change
Docker-DCO-1.1-Signed-off-by: Jim Perrin <jperrin@centos.org> (github: jimperrin)
Fixes#5154
Daemon waiting 15 seconds for finishing server jobs before shutdown. In
this time it doesn't accept new jobs. After this time, it shutdown
despite running jobs.
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
There is no reason to do discard durink mkfs, as the filesystem
is on a newly allocated device anyway. Discard is a slow operation,
so this may help initial startup a bit, especially if you use a larger
thin pool.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
There are a couple of bugfixes since this was last bumped. Pull them in.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
Some basic tests to make sure this is acting correctly on machines.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
If I do a
docker events > /tmp/out
I do not want the control characters getting written to the file.
The check should check the output file not the input file.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
1. Re-aligns the introduction with the new product positioning.
2. Cleanup of some issues with language and formatting.
3. Makes the introduction leaner and meaner.
4. Responds to feedback from product.
Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
These new scripts are streamlined such that, for example, "contrib/mkimage/debootstrap" is _only_ responsible for filling a directory with the results of running debootstrap, and it can accept any arbitrary arguments.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
I found a bunch of issues where we have "-<opt>" instead of "--<opt>".
Also a couple of other issues, like "-notrunc", which is now "--no-trunc"
Fixes#5963
Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
Add specific types for Required and Optional DeviceNodes
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Fixes#5692
This change requires lxc 1.0+ to work and breaks lxc versions less than
1.0 for host networking. We think that this is a find tradeoff by
bumping docker to only support lxc 1.0
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
We need SETFCAP to be able to mark files as having caps, which is
heavily used by fedora.
See https://github.com/dotcloud/docker/issues/5928
We also need SETPCAP, for instance systemd needs this to set caps
on its childen.
Both of these are safe in the sense that they can never ever
result in a process with a capability not in the bounding set of the
container.
We also add NET_BIND_SERVICE caps, to be able to bind to ports lower
than 1024.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Without this any container startup fails:
2014/05/20 09:20:36 setup mount namespace copy additional dev nodes mknod fuse operation not permitted
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
systemd systems do not require a /etc/hosts file exists since an nss
module is shipped that creates localhost implicitly. So, mounting
/etc/hosts can fail on these sorts of systems, as was reported on CoreOS
in issue #5812.
Instead of trying to bind mount just copy the hosts entries onto the
containers private /etc/hosts.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
This changes the test TestBuildWithInaccessibleFilesInContext to not
add the user 'unprivilegeduser' and add it via the Dockerfile instead.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Fixes#5849
If the host system does not have fuse enabled in the kernel config we
will ignore the is not exist errors when trying to copy the device node
from the host system into the container.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This makes the remote API version 1.12 and newer default to
automatically deleting intermediate containers when the build has
succeedeed.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
This adds a `--force-rm` flag to docker build which makes the Docker
daemon clean up all containers, even when the build has failed.
This new flag requires that we bump the remote API, so we also bump the
remote API version.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
This adds back the rm query parameter to the remote api docs for api
v1.10 and v1.11.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Some applications want to write to /proc. For instance:
docker run -it centos groupadd foo
Gives: groupadd: failure while writing changes to /etc/group
And strace reveals why:
open("/proc/self/task/13/attr/fscreate", O_RDWR) = -1 EROFS (Read-only file system)
I've looked at what other systems do, and systemd-nspawn makes /proc read-write
and /proc/sys readonly, while lxc allows "proc:mixed" which does the same,
plus it makes /proc/sysrq-trigger also readonly.
The later seems like a prudent idea, so we follows lxc proc:mixed.
Additionally we make /proc/irq and /proc/bus, as these seem to let
you control various hardware things.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
For issue #5658 this rewrite of the networking page explains what every
single option (unless I missed one!) does both for the Docker server and
also the Docker client when submitting a "docker run". I somehow
thought that, when I was done, there would be a lot more about setting
up topologies like I did for my Foundations of Python Network
Programming network of Docker containers. More about making routers and
firewalls that NAT and so forth. But, at least for this draft, I think
that setting up subnets and setting up point-to-point links is most of
what Docker users will need unless they are doing something exotic.
We can always expand later.
Docker-DCO-1.1-Signed-off-by: Brandon Rhodes <brandon@rhodesmill.org> (github: brandon-rhodes)
Improve networking.md documentation per @jamtur01
Besides catching some typos and awkward sentences, @jamtur01 had several
more thorough changes to suggest:
* He illustrated the correct way to delimit "Note" paragraphs in
Docker documentation.
* He helped point out where I was presuming an Ubuntu host running
Docker, so that I could re-word those sections to be specific that
the advice only applied to Ubuntu (these mostly related to how to
set server-wide options and restart the server).
* He is happy to have "Ethernet" capitalized even where Linux
documentation would render it with an ugly lower-case first letter.
Docker-DCO-1.1-Signed-off-by: Brandon Rhodes <brandon@rhodesmill.org> (github: brandon-rhodes)
Improve networking.md per ideas from @SvenDowideit
A response to a bit of further discussion of pull request #5884.
Rearrange docker version output so that server output matches client
output
Docker-DCO-1.1-Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com> (github: jmccrohan)
This improves the TestBuildSixtySteps test by switching from busybox to
scratch and simply adding a file.
This lowers the execution time of that test from 20 seconds to 5
seconds.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
@vmarmol has made the fix upstream for not failing if the capability
being dropped is returned as invalid from the syscall, which is the case
when the capability is not supported on the host.
This is a blocker presently for RHEL6.5 on CAP_SYSLOG. We have patched
around this in our RPM for the time being, but this is the proper fix.
See also https://github.com/dotcloud/docker/pull/5810
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
After removed, the User-Agent shows in log like this:
[debug] http.go:160 https://index.docker.io/v1/repositories/busybox/images --
HEADERS: map[User-Agent:[docker/0.11.1-dev go/go1.2.2 git-commit/8887e00-dirty kernel/3.14.3-n1 os/linux arch/amd64]]
The code also moved all validation work into validVersion,
to keep the main logic as clean.
Docker-DCO-1.1-Signed-off-by: Derek <crq@kernel.org> (github: crquan)
This commit makes the Docker cli client use ValidateContextDirectory
before attempting to create a tarball out of the context. This ensures
we avoid errors such as "unexpected EOF" during the upload of the
context.
This check is done before uploading any data and can save time and
bandwidth for remote Docker daemons.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
This commit adds a function which can be used to ensure all contents of
a directory can be accessed.
This function doesn't follow symlinks to check if they're pointing to
files which exist. Such symlinks can be useful later.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Setting dockerBinary to the full path of the Docker binary is a good
idea and this is now done in the test code.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
This code was introduced with commented out sections. Just delete them.
Original commit: 18fc707fdf
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
This changes the upstart init script to start on `local-filesystems`.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
This makes Docker pull only the image tagged as latest when no tag has
been specified. This makes Docker pull only the image it'll run.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Now that we have the generic graphtest tests that actually tests
the driver we can remove the old mock-using tests. Almost all of
these tests were disabled anyway, and the four remaining ones
didn't really test much while at the same time being really
fragile and making the rest of the code more complex due to
the mocking setup.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
The file was saved as busybox.tar, but the ls commands named it b.tar.
Docker-DCO-1.1-Signed-off-by: Steven Burgess <steven.a.burgess@hotmail.com> (github: stevenburgess)
those that were specified in the config. This commit also explicitly
adds a set of capabilities that we were silently not dropping and were
assumed by the tests.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
ideally it should never reach it, but there was already multiple issues with infinite loop
at following symlinks. this fixes hanging unit tests
Docker-DCO-1.1-Signed-off-by: Lajos Papp <lajos.papp@sequenceiq.com> (github: lalyos)
normally symlinks are created as either
ln -s /path/existing /path/new-name
or
cd /path && ln -s ./existing new-name
but one can create it this way
cd /path && ln -s existing new-name
this drives FollowSymlinkInScope into infinite loop
Docker-DCO-1.1-Signed-off-by: Lajos Papp <lajos.papp@sequenceiq.com> (github: lalyos)
This adds a few lines to the RUN Dockerfile docs to explain how to
bypass the RUN caching and how ADD can also invalidate the cache for
these instructions.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
We don't need this because it is covered by the libcontainer MAINTAINERS
file
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit lowers the total time spent in ChangesDirs to half during a
commit.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
After copying allowed device nodes, set up "/dev/fd", "/dev/stdin",
"/dev/stdout", and "/dev/stderr" symlinks.
Docker-DCO-1.1-Signed-off-by: Bernerd Schaefer <bj.schaefer@gmail.com> (github: bernerdschaefer)
[rebased by @crosbymichael]
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
When listener channel is closed, it becomes always available for
reading: select becomes an active loop which writes default-constructed
events (i.e: empty strings).
Fixes#5766.
Docker-DCO-1.1-Signed-off-by: Arnaud Porterie <arnaud.porterie@gmail.com> (github: icecrime)
to cover a couple of use-cases:
* 1mb file, using no compression
* 1mb file, using compression
* 1024 1k files, using no compression
* 1024 1k files, using compression
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
This commit makes the Docker daemon call UpdateSuffixarray only after
it finishes registering all containers.
This lowers the amount of time required for the Docker daemon to start
up.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
This commit refactors TruncIndex to make it possible to add container
ids to the TruncIndex without updating the Suffixarray.
This is useful during the Docker daemon's startup when we don't want to
update the Suffixarray for every container we add.
Add continues to function like before.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
This moves the call to sort in daemon/history to a function to be
called explicitly when we're done adding elements to the list.
This speeds up `docker ps`.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Now IP reuses only after all IPs from network was allocated
Fixes#5729
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
This patch is a preventative patch, it fixes possible future
vulnerabilities regarding unsantised paths. Due to several recent
vulnerabilities, wherein the docker daemon could be fooled into
accessing data from the host (rather than a container), this patch
was created to try and mitigate future possible vulnerabilities in
the same vein.
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
This patch adds integration tests for the copying of resources
from a container, to ensure that regressions in the security of
resource copying can be easily discovered.
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
This patch fixes the bug that allowed cp to copy files outside of
the containers rootfs, by passing a relative path (such as
../../../../../../../../etc/shadow). This is fixed by first converting
the path to an absolute path (relative to /) and then appending it
to the container's rootfs before continuing.
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
Before we create any files to bind-mount on, make sure they are
inside the container rootfs, handling for instance absolute symbolic
links inside the container.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
All modern distros set up /run to be a tmpfs, see for instance:
https://wiki.debian.org/ReleaseGoals/RunDirectory
Its a very useful place to store pid-files, sockets and other things
that only live at runtime and that should not be stored in the image.
This is also useful when running systemd inside a container, as it
will try to mount /run if not already mounted, which will fail for
non-privileged container.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
If you specify a bind mount in a place that doesn't have a file yet we
create that (and parent directories). This is needed because otherwise
you can't use volumes like e.g. /dev/log, as that gets covered by the
/dev tmpfs mounts.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This is a first step towards moving all code related to local
manipulation of images into a cleanly separated subsystem,
accessible via a stable set of commands in the engine API.
`graph.TagStore` now implements `engine.Installer`. For now, it
is installed by `Server.InitServer`, along with all other Server
commands. However this will change in future patches.
`graph.TagStore.Install` registers the following commands:
* `image_set` creates a new image and stores it locally.
* `image_get` returns information about an image stored locally.
* `image_tag` assigns a new name and tag to an existing image.
These commands are a pre-requisite for moving 'push' and 'pull'
out of `Server`.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This patch just revs the Ubuntu release used for builds from 13.10
to 14.04.
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
The btrfs driver attempts to stat the /var/lib/docker directory to
ensure it exists. If it doesn't exist then it bails with an unhelpful
log line:
```
2014/05/10 00:51:30 no such file or directory
```
In 0.10 the directory was created but quickly digging through the logs I
can't tell what sort of re-ordering of code caused this regression.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
When sending a new job to a `engine.Sender`, the corresponding
`engine.Receiver` will receive that job with its environment preserved.
Previously the job name, arguments and streams were preserved but the
env was lost.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
* `Env.MultiMap` returns the contents of an Env as `map[string][]string`
* `Env.InitMultiMap` initializes the contents of an Env from a `map[string][]string`
This makes it easier to import and export an Env to other formats
(specifically `beam/data` messages)
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This is a convenience for callers which are only interested in one value
per key. Similar to how HTTP headers allow multiple keys per value, but
are often used to store and retrieve only one value.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This introduces a superficial change to the Beam API:
* `beam.SendPipe` is renamed to the more accurate `beam.SendRPipe`
* `beam.SendWPipe` is introduced as a mirror to `SendRPipe`
There is no other change in the beam API.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
URL referred to raw.github.com instead of raw.githubusercontent.com. Fixed.
Docker-DCO-1.1-Signed-off-by: Aaron Huslage <huslage@gmail.com> (github: huslage)
In the documentation was not mentioned explicitly that VOLUME value
shoud be a valid JSON array. Because of this I spent time to discovering
the problem with my image where I put `VOLUME ['/data']` (with single quotes).
The `['/data']` mount point was parsed and mounted whole as a string without
any errors and warnings.
Docker-DCO-1.1-Signed-off-by: Max Shytikov <mshytikov@gmail.com> (github: mshytikov)
For now this means the btrfs backend is skipped when run
inside make test. You can however run it manually if you want.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
If a graphdriver fails initialization due to ErrNotSupported we ignore
that and keep trying the next. But if some driver has a different
error (for instance if you specified an unknown option for it) we fail
the daemon startup, printing the error, rather than falling back to an
unexected driver (typically vfs) which may not match what you have run
earlier.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This adds daemon/graphdriver/graphtest/graphtest which has a few
generic tests for all graph drivers, and then uses these
from the btrs, devicemapper and vfs backends.
I've not yet added the aufs backend, because i can't test that here
atm. It should work though.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Currently the tests that mocks or denies functions leave this state
around for the next test. This is no good if we want to actually
test the devicemapper code in later tests.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
MongoDB article had some fundemental issues.
- Outdated Dockerfile
- Insufficient / unclear instructions
- Unnecessary comments
- Failed to explain the role of Docker.io
- Did not have a complete Dockerfile sample
- Lacked a "learn more" section / link to Trusted Builds
This update aims to address all these issues with a complete re-write.
It also:
- Corrects the label under which this article is/was listed on the menu
Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
- First run at amending after the initial review process.
- Make the Dockerfile generic.
- Revision.
- Fixes
This renames the goruntime import of the runtime package back to
runtime.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Update restrict.Restrict to both show the error message when failing to mount /dev/null over /proc/kcore, and to ignore "not exists" errors while doing so (for when CONFIG_PROC_KCORE=n in the kernel)
It's fine to list both here because "Should-Start" is a loose binding (ie, if the listed service exists, it'll be started first, but otherwise, this one will start without it).
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
This improvement introduces x-axe scrolling to code-blocks by
overriding certain default bootstrap word-wrapping constraints.
This PR closes: https://github.com/dotcloud/docker/issues/5279
Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
Last time I discussed this with @tianon, the AUTHORS was being
regenerated regularly, so we could remove this step.
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
This allows multiple instances of the backend in different containers
to access devices (although generally only one can modify/create them).
Any old metadata is converted on the first run.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Instead of globally keeping track of the free device ids we just
start from 0 each run and handle EEXIST error and try the next one.
This way we don't need any global state for the device ids, which
means we can read device metadata lazily. This is important for
multi-process use of the backend.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This moves the EBUSY detection to devmapper.go, and then returns
a real ErrBusy that deviceset uses.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
FreeBSD doesn't have "bind" mount, but nullfs might be a similar feature.
However nullfs can mount only directories.
Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com> (github: kzys)
+ `commit --change` to apply specified Dockerfile instructions while committing the image
+ `import --change` to apply specified Dockerfile instructions while importing the image
#### Client
+ Windows Support
#### Runtime
+ Container and image Labels
+ `--cgroup-parent` for specifying a parent cgroup to place container cgroup within
+ Logging drivers, `json-file`, `syslog`, or `none`
+ Pulling images by ID
+ `--ulimit` to set the ulimit on a container
+ `--default-ulimit` option on the daemon which applies to all created containers (and overwritten by `--ulimit` on run)
## 1.5.0 (2015-02-10)
#### Builder
+ Dockerfile to use for a given `docker build` can be specified with the `-f` flag
* Dockerfile and .dockerignore files can be themselves excluded as part of the .dockerignore file, thus preventing modifications to these files invalidating ADD or COPY instructions cache
* ADD and COPY instructions accept relative paths
* Dockerfile `FROM scratch` instruction is now interpreted as a no-base specifier
* Improve performance when exposing a large number of ports
#### Hack
+ Allow client-side only integration tests for Windows
* Include docker-py integration tests against Docker daemon as part of our test suites
#### Packaging
+ Support for the new version of the registry HTTP API
* Speed up `docker push` for images with a majority of already existing layers
- Fixed contacting a private registry through a proxy
#### Remote API
+ A new endpoint will stream live container resource metrics and can be accessed with the `docker stats` command
+ Containers can be renamed using the new `rename` endpoint and the associated `docker rename` command
* Container `inspect` endpoint show the ID of `exec` commands running in this container
* Container `inspect` endpoint show the number of times Docker auto-restarted the container
* New types of event can be streamed by the `events` endpoint: ‘OOM’ (container died with out of memory), ‘exec_create’, and ‘exec_start'
- Fixed returned string fields which hold numeric characters incorrectly omitting surrounding double quotes
#### Runtime
+ Docker daemon has full IPv6 support
+ The `docker run` command can take the `--pid=host` flag to use the host PID namespace, which makes it possible for example to debug host processes using containerized debugging tools
+ The `docker run` command can take the `--read-only` flag to make the container’s root filesystem mounted as readonly, which can be used in combination with volumes to force a container’s processes to only write to locations that will be persisted
+ Container total memory usage can be limited for `docker run` using the `—memory-swap` flag
* Major stability improvements for devicemapper storage driver
* Better integration with host system: containers will reflect changes to the host's `/etc/resolv.conf` file when restarted
* Better integration with host system: per-container iptable rules are moved to the DOCKER chain
- Fixed container exiting on out of memory to return an invalid exit code
#### Other
* The HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables are properly taken into account by the client when connecting to the Docker daemon
## 1.4.1 (2014-12-15)
#### Runtime
- Fix issue with volumes-from and bind mounts not being honored after create
## 1.4.0 (2014-12-11)
#### Notable Features since 1.3.0
+ Set key=value labels to the daemon (displayed in `docker info`), applied with
new `-label` daemon flag
+ Add support for `ENV` in Dockerfile of the form:
`ENV name=value name2=value2...`
+ New Overlayfs Storage Driver
+ `docker info` now returns an `ID` and `Name` field
+ Filter events by event name, container, or image
+ `docker cp` now supports copying from container volumes
- Fixed `docker tag`, so it honors `--force` when overriding a tag for existing
image.
## 1.3.3 (2014-12-11)
#### Security
- Fix path traversal vulnerability in processing of absolute symbolic links (CVE-2014-9356)
- Fix an issue when image archives are being read slowly
#### Client
- Fix a regression related to stdin redirection
- Fix a regression with `docker cp` when destination is the current directory
## 1.3.2 (2014-11-20)
#### Security
- Fix tar breakout vulnerability
* Extractions are now sandboxed chroot
- Security options are no longer committed to images
#### Runtime
- Fix deadlock in `docker ps -f exited=1`
- Fix a bug when `--volumes-from` references a container that failed to start
#### Registry
+ `--insecure-registry` now accepts CIDR notation such as 10.1.0.0/16
* Private registries whose IPs fall in the 127.0.0.0/8 range do no need the `--insecure-registry` flag
- Skip the experimental registry v2 API when mirroring is enabled
## 1.3.1 (2014-10-28)
#### Security
* Prevent fallback to SSL protocols < TLS 1.0 for client, daemon and registry
+ Secure HTTPS connection to registries with certificate verification and without HTTP fallback unless `--insecure-registry` is specified
#### Runtime
- Fix issue where volumes would not be shared
#### Client
- Fix issue with `--iptables=false` not automatically setting `--ip-masq=false`
- Fix docker run output to non-TTY stdout
#### Builder
- Fix escaping `$` for environment variables
- Fix issue with lowercase `onbuild` Dockerfile instruction
- Restrict environment variable expansion to `ENV`, `ADD`, `COPY`, `WORKDIR`, `EXPOSE`, `VOLUME` and `USER`
## 1.3.0 (2014-10-14)
#### Notable features since 1.2.0
+ Docker `exec` allows you to run additional processes inside existing containers
+ Docker `create` gives you the ability to create a container via the CLI without executing a process
+ `--security-opts` options to allow user to customize container labels and apparmor profiles
+ Docker `ps` filters
- Wildcard support to COPY/ADD
+ Move production URLs to get.docker.com from get.docker.io
+ Allocate IP address on the bridge inside a valid CIDR
+ Use drone.io for PR and CI testing
+ Ability to setup an official registry mirror
+ Ability to save multiple images with docker `save`
## 1.2.0 (2014-08-20)
#### Runtime
+ Make /etc/hosts /etc/resolv.conf and /etc/hostname editable at runtime
+ Auto-restart containers using policies
+ Use /var/lib/docker/tmp for large temporary files
+ `--cap-add` and `--cap-drop` to tweak what linux capability you want
+ `--device` to use devices in containers
#### Client
+ `docker search` on private registries
+ Add `exited` filter to `docker ps --filter`
*`docker rm -f` now kills instead of stop
+ Support for IPv6 addresses in `--dns` flag
#### Proxy
+ Proxy instances in separate processes
* Small bug fix on UDP proxy
## 1.1.2 (2014-07-23)
#### Runtime
+ Fix port allocation for existing containers
+ Fix containers restart on daemon restart
#### Packaging
+ Fix /etc/init.d/docker issue on Debian
## 1.1.1 (2014-07-09)
#### Builder
* Fix issue with ADD
## 1.1.0 (2014-07-03)
#### Notable features since 1.0.1
+ Add `.dockerignore` support
+ Pause containers during `docker commit`
+ Add `--tail` to `docker logs`
#### Builder
+ Allow a tar file as context for `docker build`
* Fix issue with white-spaces and multi-lines in `Dockerfiles`
#### Runtime
* Overall performance improvements
* Allow `/` as source of `docker run -v`
* Fix port allocation
* Fix bug in `docker save`
* Add links information to `docker inspect`
#### Client
* Improve command line parsing for `docker commit`
#### Remote API
* Improve status code for the `start` and `stop` endpoints
## 1.0.1 (2014-06-19)
#### Notable features since 1.0.0
* Enhance security for the LXC driver
#### Builder
* Fix `ONBUILD` instruction passed to grandchildren
#### Runtime
* Fix events subscription
* Fix /etc/hostname file with host networking
* Allow `-h` and `--net=none`
* Fix issue with hotplug devices in `--privileged`
#### Client
* Fix artifacts with events
* Fix a panic with empty flags
* Fix `docker cp` on Mac OS X
#### Miscellaneous
* Fix compilation on Mac OS X
* Fix several races
## 1.0.0 (2014-06-09)
#### Notable features since 0.12.0
* Production support
## 0.12.0 (2014-06-05)
#### Notable features since 0.11.0
* 40+ various improvements to stability, performance and usability
* New `COPY` Dockerfile instruction to allow copying a local file from the context into the container without ever extracting if the file is a tar file
* Inherit file permissions from the host on `ADD`
* New `pause` and `unpause` commands to allow pausing and unpausing of containers using cgroup freezer
* The `images` command has a `-f`/`--filter` option to filter the list of images
* Add `--force-rm` to clean up after a failed build
* Standardize JSON keys in Remote API to CamelCase
* Pull from a docker run now assumes `latest` tag if not specified
* Enhance security on Linux capabilities and device nodes
## 0.11.1 (2014-05-07)
#### Registry
- Fix push and pull to private registry
## 0.11.0 (2014-05-07)
#### Notable features since 0.10.0
@@ -229,7 +471,7 @@
- Add newlines to the JSON stream functions.
#### Runtime
* Do not ping the registry from the CLI. All requests to registres flow through the daemon.
* Do not ping the registry from the CLI. All requests to registries flow through the daemon.
- Check for nil information return in the lxc driver. This fixes panics with older lxc versions.
- Devicemapper: cleanups and fix for unmount. Fixes two problems which were causing unmount to fail intermittently.
- Devicemapper: remove directory when removing device. Directories don't get left behind when removing the device.
@@ -821,7 +1063,7 @@ With the ongoing changes to the networking and execution subsystems of docker te
+ Add domainname support
+ Implement image filtering with path.Match
* Remove unnecesasry warnings
* Remove unnecessary warnings
* Remove os/user dependency
* Only mount the hostname file when the config exists
* Handle signals within the `docker login` command
@@ -844,7 +1086,7 @@ With the ongoing changes to the networking and execution subsystems of docker te
+ Hack: Vendor all dependencies
* Remote API: Bump to v1.5
* Packaging: Break down hack/make.sh into small scripts, one per 'bundle': test, binary, ubuntu etc.
* Documentation: General improvments
* Documentation: General improvements
## 0.6.1 (2013-08-23)
@@ -1114,7 +1356,7 @@ With the ongoing changes to the networking and execution subsystems of docker te
* Prevent rm of running containers
* Use go1.1 cookiejar
- Fix issue detaching from running TTY container
- Forbid parralel push/pull for a single image/repo. Fixes #311
- Forbid parallel push/pull for a single image/repo. Fixes #311
- Fix race condition within Run command when attaching.
#### Client
@@ -1230,7 +1472,7 @@ With the ongoing changes to the networking and execution subsystems of docker te
+ Add caching to docker builder
+ Add support for docker builder with native API as top level command
+ Implement ENV within docker builder
- Check the command existance prior create and add Unit tests for the case
- Check the command existence prior create and add Unit tests for the case
* use any whitespaces instead of tabs
#### Runtime
@@ -1269,13 +1511,13 @@ With the ongoing changes to the networking and execution subsystems of docker te
#### Runtime
- Fix the command existance check
- Fix the command existence check
- strings.Split may return an empty string on no match
- Fix an index out of range crash if cgroup memory is not
#### Documentation
* Various improvments
* Various improvements
+ New example: sharing data between 2 couchdb databases
#### Other
@@ -1305,7 +1547,7 @@ With the ongoing changes to the networking and execution subsystems of docker te
## 0.2.0 (2013-04-23)
- Runtime: ghost containers can be killed and waited for
* Documentation: update install intructions
* Documentation: update install instructions
- Packaging: fix Vagrantfile
- Development: automate releasing binaries and ubuntu packages
# see https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
# note: we don't use "git clone -b" above because it then spews big nasty warnings about 'detached HEAD' state that we can't silence as easily as we can silence them using "git checkout" directly
# Compile and install lvm2
RUNcd /usr/local/lvm2 && ./configure --enable-static_link && make device-mapper && make install_device-mapper
RUNcd /usr/local/lvm2 \
&& ./configure --enable-static_link \
&& make device-mapper \
&& make install_device-mapper
# see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
# Maintainers are expected to comment on the design of the pull request.
# Review of documentation is expected only in the context of design validation,
# not for stylistic changes.
#
# Ideally, documentation should reflect the expected behavior of the code.
# No code review should take place in this step.
#
# Once design is approved, a maintainer should make sure to remove this label
# and add the next one.
close = "design rejected"
3-docs-review = "proposals with only documentation changes"
2-code-review = "general case"
# Code review
[Rules.review.states.2-code-review]
# Maintainers are expected to review the code and ensure that it is good
# quality and in accordance with the documentation in the PR.
#
# If documentation is absent but expected, maintainers should ask for documentation.
#
# All tests should pass.
#
# Once code is approved according to the rules of the subsystem, a maintainer
# should make sure to remove this label and add the next one.
close = ""
1-design-review = "raises design concerns"
4-merge = "trivial change not impacting documentation"
3-docs-review = "general case"
# Docs review
[Rules.review.states.3-docs-review]
# Maintainers are expected to review the documentation in its bigger context,
# ensuring consistency, completeness, validity, and breadth of coverage across
# all extent and new documentation.
#
# They should ask for any editorial change that makes the documentation more
# consistent and easier to understand.
#
# Once documentation is approved (see below), a maintainer should make sure to remove this
# label and add the next one.
close = ""
2-code-review = "requires more code changes"
1-design-review = "raises design concerns"
4-merge = "general case"
# Docs approval
[Rules.review.docs-approval]
# Changes and additions to docs must be reviewed and approved (LGTM'd) by a minimum of two docs sub-project maintainers.
# If the docs change originates with a docs maintainer, only one additional LGTM is required (since we assume a docs maintainer approves of their own PR).
# Merge
[Rules.review.states.4-merge]
# Maintainers are expected to merge this pull request as soon as possible.
# They can ask for a rebase, or carry the pull request themselves.
# env vars passed through directly to Docker's build scripts
# to allow things like `make DOCKER_CLIENTONLY=1 binary` easily
# `docs/sources/contributing/devenvironment.md ` and `project/PACKAGERS.md` have some limited documentation of some of these
DOCKER_ENVS:=\
-e BUILDFLAGS \
-e DOCKER_CLIENTONLY \
-e DOCKER_EXECDRIVER \
-e DOCKER_GRAPHDRIVER \
-e TESTDIRS \
-e TESTFLAGS \
-e TIMEOUT
# note: we _cannot_ add "-e DOCKER_BUILDTAGS" here because even if it's unset in the shell, that would shadow the "ENV DOCKER_BUILDTAGS" set in our Dockerfile, which is very important for our official builds
# to allow `make BIND_DIR=. shell` or `make BIND_DIR= test`
# (default to no bind mount if DOCKER_HOST is set)
# note: BINDDIR is supported for backwards-compatibility here
returnnil,resp.StatusCode,fmt.Errorf("Error: request returned %s for API route and version %s, check if the server supports the requested API version",http.StatusText(resp.StatusCode),req.URL)
returnnil,"",statusCode,fmt.Errorf("Error: request returned %s for API route and version %s, check if the server supports the requested API version",http.StatusText(statusCode),req.URL)
(run "cd /tmp && tar -zxvf nagios.tar.gz && cd nagios && ./configure --prefix=${NAGIOS_HOME} --exec-prefix=${NAGIOS_HOME} --enable-event-broker --with-nagios-command-user=${NAGIOS_CMDUSER} --with-command-group=${NAGIOS_CMDGROUP} --with-nagios-user=${NAGIOS_USER} --with-nagios-group=${NAGIOS_GROUP} && make all && make install && make install-config && make install-commandmode && cp sample-config/httpd.conf /etc/apache2/conf.d/nagios.conf")
# see https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
# note: we don't use "git clone -b" above because it then spews big nasty warnings about 'detached HEAD' state that we can't silence as easily as we can silence them using "git checkout" directly
# Compile and install lvm2
RUNcd /usr/local/lvm2 && ./configure --enable-static_link && make device-mapper && make install_device-mapper
# see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
# Install Go
RUN curl -sSL https://golang.org/dl/go1.3.src.tar.gz | tar -v -C /usr/local -xz
# required for bind-mounting /dev/mqueue into containers
POSIX_MQUEUE
)
check_flags "${flags[@]}"
echo
@@ -129,6 +154,7 @@ echo 'Optional Features:'
flags=(
MEMCG_SWAP
RESOURCE_COUNTERS
CGROUP_PERF
)
check_flags "${flags[@]}"
@@ -139,12 +165,16 @@ echo '- Storage Drivers:'
if ! is_set AUFS_FS && grep -q aufs /proc/filesystems;then
echo"$(wrap_color '(note that some kernels include AUFS patches but not the AUFS_FS flag)' bold black)"
fi
check_flags EXT4_FS_POSIX_ACL EXT4_FS_SECURITY | sed 's/^/ /'
echo'- "'$(wrap_color 'btrfs' blue)'":'
check_flags BTRFS_FS | sed 's/^/ /'
echo'- "'$(wrap_color 'devicemapper' blue)'":'
check_flags BLK_DEV_DM DM_THIN_PROVISIONING EXT4_FS | sed 's/^/ /'
check_flags BLK_DEV_DM DM_THIN_PROVISIONING EXT4_FS EXT4_FS_POSIX_ACL EXT4_FS_SECURITY | sed 's/^/ /'
echo'- "'$(wrap_color 'overlay' blue)'":'
check_flags OVERLAY_FS EXT4_FS_SECURITY EXT4_FS_POSIX_ACL | sed 's/^/ /'
}| sed 's/^/ /'
echo
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
