Use the DOCKER_RAMDISK env var to tell the native driver not to use
a pivot root when setting up the rootfs of a container.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This removes the dbus entry from the apparmor profile Docker creates.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
We can't keep file descriptors without close-on-exec except with
syscall.ForkLock held, as otherwise they could leak by accident into
other children from forks in other threads.
Instead we just use Cmd.ExtraFiles which handles all this for us.
This fixes https://github.com/dotcloud/docker/issues/4493
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
* Updated pre-reqs for 0.9.
* Fixed a couple of docker to Docker.
* Fixed the Docker build example to be correct.
* Reformatted a bunch of paragraphs
Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
This removes three warnings in the integration tests:
Warning: '-viz' is deprecated, it will be removed soon. See usage.
Warning: '-tree' is deprecated, it will be removed soon. See usage.
Warning: '-cidfile' is deprecated, it will be removed soon. See usage.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
This is a package for generic system calls etc that for some reason
is not yet supported by "syscall", or where it is different enough
for the different ports to need portability wrappers.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Now that we unmount all the mounts from the global namespace we can
use a private namespace rather than a slave one (as we have no need
for unmounts of inherited global mounts to propagate into the
container).
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
In api/client.go updated:
1. Made api == API
2. Restated Docker daemon connection error to be clearer.
3. Changed use of "Impossible" in error messages.
4. Removed extra space in restart error message.
5. Fixed capitalization in three error messages.
Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
Instead of keeping all the old mounts in the container namespace and
just using subtree as root we pivot_root so that the actual root in
the namespace is the root we want, and then we unmount the previous
mounts.
This has multiple advantages:
* The namespace mount tree is smaller (in the kernel)
* If you break out of the chroot you could previously access the host
filesystem. Now the host filesystem is fully invisible to the namespace.
* We get rid of all unrelated mounts from the parent namespace, which means
we don't hog these. This is important if we later switch to MS_PRIVATE instead
of MS_SLAVE as otherwise these mounts would be impossible to unmount from the
parent namespace.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This removes the incomplete symlink handling from engine.go and it adds
it one place in docker.go.
It also enables handling symlinks for TMPDIR.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
This makes it possible to pass the rest of the testsuite without aufs in the kernel.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
The sqlite3 version in fedora (3.8) returns a different error string in the unique constraints
failure case than the one in hack/ (3.7). This updates the check to detect both, fixing
one integration check failure on Fedora.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This fixes a bug that I encountered when using socket activation with
docker 0.8.1. When running the first `docker run` it would return:
"create: command not found".
The root cause was the socket activation code path was starting to
listen before the "initserver" job had finished. This meant that the
"create" handler hand't been registered yet leading to the command not
found error.
In log format it looks like this:
```
[/var/lib/docker|9d2e78e9] +job initserver()
2014/03/01 04:05:35 Listening for HTTP on fd ()
[/var/lib/docker|0d71c177] +job create()
create: command not found
[/var/lib/docker|0d71c177] -job create()
[/var/lib/docker|0d71c177] +job acceptconnections()
[/var/lib/docker|0d71c177] -job initserver() = OK (0)
```
To fix the issue select on the activationLock and block until the
"acceptconnections" job has ran.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
Added emphasis of https for OAuth interactions.
Updated example URIs to use HTTPS
Included redirect hostname on authorization page.
Docker-DCO-1.1-Signed-off-by: Josh hawn <josh.hawn@docker.com> (github: jlhawn)
Remove logging for now because it is complicating things
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
OAuth docs:
documented the OAuth authorization flow and how to register your application
Account docs:
documented getting/updating user profile data
documented getting/updating user email data
Docker-DCO-1.1-Signed-off-by: Josh hawn <josh.hawn@docker.com> (github: jlhawn)
It is independent of any particular driver, but likely used by
multiple execdrivers. Also, pkg/... is not to have any links to
docker, which this terminal setup does.
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
Refactor integration tests to remove special cases in the creation of
test engines. All test engines are now created through newTestEngine.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This allows selective loading of commands, and paves the way to dynamic
plugins.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Since these functions are indepenent of lxc, and could be used by
other drivers.
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
This will add support for Tanglu, a Debian based Linux-distribution.
Docker-DCO-1.1-Signed-off-by: Matthias Klumpp <matthias@tenstral.net> (github: Ximion)
This removes the Vagrantfile and updates the documentation to remove
the steps which explain how to install Docker in a VM via Vagrant.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
This reverts commit 80db9a918337c4ae80ffa9a001da13bd24e848c8.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This is a minimal version of raw cgroup support for libcontainer.
It has only enough for what docker needs, and it has no support
for systemd yet.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Pass the container's command via args
Remove execin function and just look for an
existing nspid file to join the namespace
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
If you are using jumbo frames the host side of the veth was being set to
1500. Docker would set the MTU of the container side of the veth to 9001.
This would lead to a situation in which the two sides of the veth had
different MTU sizes causing issues in network traffic.
Docker-DCO-1.1-Signed-off-by: Darren Shepherd <darren.s.shepherd@gmail.com> (github: ibuildthecloud)
This makes the JSON streams a _lot_ easier to parse in less well-baked JSON parsers, and no less so in better ones.
Line-based JSON streams are very, very common, where simply chunk-based is not very common at all.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
This changes the way onbuild works:
- forbids the chaining of onbuild instructions
- forbids the use of `onbuild from`
- forbids the use of `onbuild maintainer`
It also makes docker throw errors when encountering such triggers when
executing the triggers during `FROM`.
Three tests have been added:
- ensure that chained onbuild (`onbuild onbuild`) is forbidden
- ensure that `onbuild from` is forbidden
- ensure that `onbuild maintainer` is forbidden
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
This explains how to fix the DNS warnings on Ubuntu and why they're
shown.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
If a file has a security.capability set, we push this to the tar file.
This is important to handle in e.g. layer files or when copying files
to containers, as some distros (e.g. Fedora) use capability bits as
a more finegrained version of setuid bits, and thus if the capabilites
are stripped (and setuid is not set) the binaries will fail to work.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This changes two URLs from http to https and it fixes a Dockerfile to
stop skipping certificate validation. It also adds the ca-certificates
package to that Dockerfile example.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
If coverpkg is missing on `go test` command, only the current package
will be covered. That's the case of unit tests. For integration tests
we need to explicitly declare each package.
Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
.. to make it even more clear that this env variables are there because of the --link option.
Docker-DCO-1.1-Signed-off-by: Matthias Kühnle <git.nivoc@neverbox.com> (github: float64)
Removed the "test now..." b/c the code example is only about inspection
of env-variables.
Test follows in the next section.
Docker-DCO-1.1-Signed-off-by: Matthias Kühnle <git.nivoc@neverbox.com> (github: float64)
Clarified that the env variables here are an example output of env. The user should not set them to the example values.
Docker-DCO-1.1-Signed-off-by: Matthias Kühnle <git.nivoc@neverbox.com> (github: float64)
In commit 3dfc910d77 we changed from
syscall.Chmod() to os.Chmod(), but these take a different form of the
Mode argument. The sycall one takes the raw linux form, wheras
os.Chmod takes the os.FileMode form, and they differ for the higher
bits (setuid, setgid, etc). The raw tar header uses a form which
is compatible with the syscalls, but not the go calls.
We fix this by using hdr.FileInfo() which properly converts the mode
to what go expects.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
like the storage-driver flag, this implements a flag for choosing the
execdriver to be used, defaulting to lxc.
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
This changes the local DNS resolver warning to explain what the
warning is about and why the default external DNS server is used.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Files in the .wh..wh.plnk directory are ignored, but other files
inside the tarfile can be hardlinks to these files. This is not
something that normally happens, as on aufs unmount such files are
supposed to be dropped via the "auplink" too, yet images on the index
(such as shipyard/shipyard, e.g. layer
f73c835af6d58b6fc827b400569f79a8f28e54f5bb732be063e1aacefbc374d0)
contains such files.
We handle these by extracting these files to a temporary directory
and resolve such hardlinks via the temporary files.
This fixes https://github.com/dotcloud/docker/issues/3884
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Stopping the container will typicall cause it to unmount, to keep it mounted
over the stop/start cycle we aquire a temporary reference to it during this time.
This helps with https://github.com/dotcloud/docker/issues/4036
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Fix cp api to return a 404 notfound if container doesn't exist.
Fixes#4119.
Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
This breaks the dependency from the remote API implementation to the
internal representation of a container. Instead it uses its own partial
representation of a container, with only required fields.
* This preserves reverse-compatibility with all past implementations of the remote API.
* This clarifies which fields are guaranteed to be present in a response
A docker remote api server *may* return more fields in a Container
object, but their presence and semantics are not guaranteed and should
not be relied upon by client implementations.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This helps clean up the container file and move volumes into
one location. We currently cannot move volumes to a sub pkg
because they depend on Container and also modify fields on the
container.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
All archive that are created from somewhere generally have to be closed, because
at some point there is a file or a pipe or something that backs them. So, we
make archive.Archive a ReadCloser. However, code consuming archives does not
typically close them so we add an archive.ArchiveReader and use that when we're
only reading.
We then change all the Tar/Archive places to create ReadClosers, and to properly
close them everywhere.
As an added bonus we can use ReadCloserWrapper rather than EofReader in several places,
which is good as EofReader doesn't always work right. For instance, many compression
schemes like gzip knows it is EOF before having read the EOF from the stream, so the
EofCloser never sees an EOF.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
CompressStream() now always returns a stream that is closable, and it never
closes the underlying writer. TarFilter() makes sure the decompressed stream
is closed at the and, as well as the PipeWriter.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Various kinds of decompressed streams are really ReadClosers. For instance
gzip.NewReader() is, and the one returned from CmdStream is changed to be
because it returns a PipeReader which is a ReadCloser.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This stops docker from accepting tcp:// as a valid bind address.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
* master: (64 commits)
Move the canonical run configuration objects to a sub-package
Remove useless code in client implementation of 'run'.
pkg/opts: a collection of custom value parsers implementing flag.Value
Move api-specific code to the api package
Fix the tests, too
Fix the one spot I missed dockerversion
fix underline/heading
New package `nat`: utilities for manipulating the text description of network ports.
rewrite the PostgreSQL example using a Dockerfile, and add details to it
Move even more stuff into dockerversion
fix underline/heading
Move docker version introspection to a sub-package.
add port forwarding notes for mac/boot2docker docs
Update remote_api_client_libraries.rst
Avoid extra mount/unmount during container registration
add a little more information about the docker run -P option
lxc: Drop NET_ADMIN capability in non-privileged containers
devmapper: Remove directory when removing devicemapper device
add a little info on upgrading
point out that ENV DEBIAN_FRONTEND will persist, so its not recommended
...
CmdRun() calls first run() and then wait() to wait for it to exit,
then it runs commit(). The run command will mount the container and
the container exiting will unmount it. Then the commit will
immediately mount it again to do a diff.
This seems minor, but this is actually problematic, as the Get/Put
pair will create a spurious mount/unmount cycle that is not needed and
slows things down. Additionally it will create a supurious
devicemapper activate/deactivate cycle that causes races with udev as
seen in https://github.com/dotcloud/docker/issues/4036.
To ensure that we only unmount once we split up run() into create()
and run() and reference the mount until after the commit().
With this change docker build on devicemapper is now race-free, and
slightly faster.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
* Config is now runconfig.Config
* HostConfig is now runconfig.HostConfig
* MergeConfig is now runconfig.Merge
* CompareConfig is now runconfig.Compare
* ParseRun is now runconfig.Parse
* ContainerConfigFromJob is now runconfig.ContainerConfigFromJob
* ContainerHostConfigFromJob is now runconfig.ContainerHostConfigFromJob
This facilitates refactoring commands.go and shrinks the core.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Runtime.Register() called driver.Get()/Put() in order to read back the
basefs of the container. However, this is not needed, as the basefs
is read during container.Mount() anyway, and basefs is only valid
while mounted (and all current calls satisfy this).
This seems minor, but this is actually problematic, as the Get/Put
pair will create a spurious mount/unmount cycle that is not needed and
slows things down. Additionally it will create a supurious
devicemapper activate/deactivate cycle that causes races with udev as
seen in https://github.com/dotcloud/docker/issues/4036.
With this change devicemapper is now race-free, and container startup
is slightly faster.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
We no longer pass "pool" anywhere that uses byHash() per the last
commit, so we can now remove this hack.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Shutdown contains debug warnings like:
[debug] deviceset.go:699 [deviceset docker-0:33-17945897] waitRemove(/dev/mapper/docker-0:33-17945897-pool)
[debug] deviceset.go:380 libdevmapper(3): libdm-common.c:552 (-1) Device /dev/mapper/docker-0:33-17945897-pool not found
This is because shutdown is using removeDeviceAndWait() to remove the pool device and the
wait part fails because the pool is gone.
We fix this by adding a pool specific removal function which avoids all the trickiness of the
normal remove.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
With this capability set the container can e.g. change the ip address
of his devices to that of another container on the docker0 bridge. In
a quick test I was able to listen to a port on a different ip than the
one docker assigned me, but was not able to hijack an open port
redirection that another container had open. Maybe its possible with
some more knowledge of networking though.
Anyway, network setup is meant to be handled by docker, not the apps,
so I believe denying this is generally in the spirit of docker, and
it closes down potential security issues.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
If /dev/loop-control exists on the system running the test then
ioctlLoopCtlGetFree() will be called, but if not it won't. It does
not exist in the standard docker build environment, so the tests
currently require this to not be called. This makes it instead
optional, allowing the tests to run on e.g. Fedora.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
We're currently leaving around lots of empty directories in
/var/lib/docker/devicemapper/mnt/ for removed images and containers.
Fix this by removing the directory when the device is removed.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
1. All titles are listed by simple platform names apart from Windows' "Installing Docker On Windows". Changed this to "Windows" to match the rest.
2. Some articles' description (and title) information does not match the majority. Modified them to match the rest (i.e. Please note this project is currently under heavy development. It should not be used in production.)
3. Removed "Linux" from Gentoo & Ubuntu descriptions.
This way, packagers can set GIT_DIR appropriately if they'd prefer to not have ".git" inside their working directory.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
This also adds a new "AUTO_GOPATH" environment variable that will create an appropriate GOPATH as part of the build process.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
This makes the device mapper not zero out blocks allocated on the
thinp device. This is safe in our use case, as we access the device
via a filesystem that doesn't leak any uninitialized data to userspace.
This partially helps with https://github.com/dotcloud/docker/issues/3280
and should generally improve preformance on the devicemapper backend.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
I volunteered for pkg/systemd MAINTAINER and there were no objections
during the #docker-dev meeting. For context I wrote most of the stuff in
here and wrote the dependent calls in api.go. Plus, I actively test the
code via CoreOS.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
For some reason we seem to get transient EBUSY when removing
thinp devices, which prohibit removing containers. When
this happens we retry a few times which seems to fix the
issue for me.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This makes sure the device is removed just like in deactivateDevice.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
We already have some kind of refcounting in DeviceSet, this fleshes
it out to allow it to completely subsume the refcounting in
devmapper.Driver.
This allows us to drop the double refcounting, and the locking inside
devmapper.Driver. This, in particular the locking simplification will
make it easier in the future to parallelize the device mapper.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Simple typo, "ID" should be "Id". This is causing the images response
to not have IDs in it.
Docker-DCO-1.1-Signed-off-by: Darren Shepherd <darren.s.shepherd@gmail.com> (github: ibuildthecloud)
This adds a function that calls the lowlevel removeDevice
and then waits for it to finish.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
"Remove" is a bit overloaded, as it is also what deactivating a
device mapper device is called. Using "delete" is more clear here.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This bumps the VM memory and corrects forwarded ports when they're used
already.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
mktemp creates a root directory ("/") with permissions set to 700. Default should be 755 so other users in the container can access its subdirs (e.g http user for nginx for /srv/http/test/index.html).
Docker-DCO-1.1-Signed-off-by: Samuel Andaya <samuel@andaya.net> (github: sandaya)
Currently comparing volume ids for binds and other containers are broken
Fixes#3749Fixes#3885
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
If networking is disabled, but then pipework is used later to add nics, the network still doesn't function. Using flags=up for empty networking fixes this.
Docker-DCO-1.1-Signed-off-by: James DeFelice <james.defelice@ishisystems.com> (github: jdef)
Everyone probably wants to run `docker pull ubuntu` before building with this change.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Several of the error messages were wrong, but not one of them was helpful, so this fixes them to include the important information (the actual error), and a correct description of which operation failed.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
This fixes compilation issues when btrfs.h isn't available (because we just need the relevant structs, which for userspace programs are supposed to come from btrfs-progs instead of the kernel headers).
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Fix fun Travis DCO check YAML parsing issues (especially with commit messages that start with any kind of whitespace, like this one intentionally does)
This fixes IP masquerading on systems with reject rules at the end of
the POSTROUTING table, by inserting the rule at the beginning of the
table instead of adding it at the end.
Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
This separates out the directory as returned from the graphdriver (the
"base" fs) from the root filesystem of the live container. This is
necessary as the "diff" operation needs access to the base filesystem
without all the mounts that the running container needs (/.dockerinit,
volumes, etc).
We change container in the following way:
Container.RootfsPath() returns the the directory which will be used as
the root in a running container. It is always of the form
"/var/lib/docker/container/<id>/root" and is a private bind mount to
the base filesystem. It is only available while the container is running.
Container.BasefsPath() returns the raw directory from the graph driver
without the container runtime mounts. It is availible whenever the
container is mounted (in between a container.Mount()/Unmount() pair,
which are properly refcounted).
This fixes issue #3840
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Do as was done to f09a78cd21 in the
socket-activation example.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
The integration tests had previously used the environment variable
DOCKER_INDEX_URL but it was apparently removed several months ago.
Change the integration auth tests to specify the ServerAddress field
of the AuthConfig struct to use the staging deployment of the index.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Docker-DCO-1.1-Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com> (github: lsm5)
systemd service no longer does '/bin/mount/ --make-rprivate /'.
Core issue fixed by Alex Larsson (commit 157d99a).
ip forwarding enabled.
As a bonus, if the user has run this script the way we recommend (ie, without "sudo" or "su", run as their user), we can actually give them the exact command they'll need with their correct username substituted appropriately.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
In 7fb55f7725 the DCO lost the grant so
change the title back to just DCO.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
Now that docker sets /proc/sys/net/ipv4/ip_forward by default, remove
the step to enable it in the installation docs.
Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
Now that docker sets /proc/sys/net/ipv4/ip_forward by default (unless
the user manually specifies "-ip-forward=false"), there's no need to
warn if its disabled.
Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
Allow publicly mapped ports to be made public beyond the host. This is
needed for distros like Fedora and RHEL which have a reject all rule at
the end of their FORWARD table.
Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
This code only works for backends that directly spawn the child
via the Command. It will not work for the libvirt backend. So
we move this code into the individual backends that need it.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
I was getting the following error:
```
$ bundles/0.7.6-dev/binary/docker-0.7.6-dev run -rm -v=/var/run:/foo base echo hi
hi
2014/01/28 14:24:46 Error: container_delete: No such id: run
```
This commit makes the true origin of the error clearer. Issue #3806 is
tracking the cause of the error.
Docker-DCO-1.1-Signed-off-by: Peter Waller <p@pwaller.net> (github: pwaller)
Use this Listeners() API that was exposed to save a few more lines of
boiler plate code.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
tests now work in the Docker tree with
`go test github.com/coreos/go-systemd/activation`
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
I noticed that travis was failing, go fmt to make it happy.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
as suggested by SvenDowideit expand the docs to have more information on
socket activation.
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
This adds the ability to socket activate docker by passing in
`-H fd://*` along with examples systemd configuration files.
The fastest way to test this is to run:
```
/usr/lib/systemd/systemd-activate -l 127.0.0.1:2001 /usr/bin/docker -d -H 'fd://*'
docker -H tcp://127.0.0.1:2001 ps
```
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
In addition, we've now hard-coded LXC version 0.8 compiled from source so that we can have the most stable dev environment possible.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Rather than creating a new directory and moving it there before
deleting that new directory, just move the directory we intend to
delete.
In the old way, the Mkdirall could fail, which meant that you
couldn't delete containers when the disk was full.
Tested.
Docker-DCO-1.1-Signed-off-by: Peter Waller <p@pwaller.net> (github: pwaller)
This is a fix for the case that one mount is inside another mount and
docker can't then delete the resulting container.
Docker-DCO-1.1-Signed-off-by: Peter Waller <p@pwaller.net> (github: pwaller)
Currently there are two iptables rules per port for each link: one to
allow the parent to connect to the child's port, and another one to
allow return traffic from the child back to the parent. The second rule
shouldn't be needed because the "ctstate RELATED,ESTABLISHED" rule can
already allow all established traffic.
So this patch does the following:
1. Move the RELATED,ESTABLISHED rule to be _before_ the potential
inter-container communication DROP rule so it will work for
inter-container traffic as well. Since we're inserting, everything
is reversed chronologically so it should be inserted _after_ we
insert the DROP. This also has a small performance benefit because
it will be processed earlier and it's generally one of the most
commonly used rules.
2. Get rid of the unnecessary return traffic rule per link.
3. Also move the other "Accept all non-intercontainer outgoing packets"
rule to earlier. This gives a small performance benefit since it's
also a commonly used rule, and it makes sense to logically group it
next to the ctstate rule.
Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
mkimage-rinse.sh requires rinse, which is not readily available on
CentOS or Fedora. Plus, creating a base image is trivial with yum
alone.
Docker-DCO-1.1-Signed-off-by: Chris St. Pierre <chris.a.st.pierre@gmail.com> (github: stpierre)
This is an experimental btrfs driver. To use it you must have
/var/lib/docker mounted on a btrfs filesystem and explicitly
specify DOCKER_DRIVER=btrfs in the docker daemon environment.
It works by using subvolumes for the docker image/container layers.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
and remove the fmt-check one we don't document
tianon tells me they're called GitHub, not Github :)
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Apart from having more predictable return codes on various operating
systems, it additionally caches the path to application.
Docker-DCO-1.1-Signed-off-by: Bartłomiej Piotrowski <b@bpiotrowski.pl> (github: Barthalion)
This matches what tar does, and without it the tarsum created
by the registry will not match the docker one.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This implements the new Put() operation such that
Get()/Put() maintains a refcount for each ID, mounting
only on first Get() and unmounting on the last Get().
This means we avoid littering the system with lots of mounts
and free resources related to them.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This implements the new Put() operation such that
Get()/Put() maintains a refcount for each ID, mounting
only on first Get() and unmounting on the last Get().
This means we avoid littering the system with lots of mounts
and active devicemapper devices and free resources related
to them.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
asdfljk
This was deprecated already and all it did was call Mount().
The use of this was a bit confusing since we need to pair Mount/Unmount
calls which wasn't obvious with "EnsureMounted".
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This makes all users of Put() have a corresponding call
to Get() which means we will be able to track whether
any particular ID is in use and if not unmount it.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
The tar changes made the name of the file in the tar archive
change from "./test" to "test", update the test to the new name.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
If rootIsShared() is detected we apply the shell stuff to early, before
the real command and arguments are added to the parameters. This
means they get passed on to unshare rather than docker-init, breaking
docker on e.g. fedora like:
goroutine 1 [running]:
runtime.panic(0x678340, 0x9b3fd7)
/usr/lib64/golang/src/pkg/runtime/panic.c:266 +0xb6
github.com/dotcloud/docker/execdriver/lxc.func·001(0xc21000a1b0, 0xc21001eab0, 0x7fff24715faf)
/home/alex/vcs/go/src/github.com/dotcloud/docker/execdriver/lxc/driver.go:41 +0x525
github.com/dotcloud/docker/sysinit.executeProgram(0xc21000a1b0, 0xc21000a1b0, 0xa)
/home/alex/vcs/go/src/github.com/dotcloud/docker/sysinit/sysinit.go:34 +0xca
github.com/dotcloud/docker/sysinit.SysInit()
/home/alex/vcs/go/src/github.com/dotcloud/docker/sysinit/sysinit.go:88 +0x791
main.main()
/home/alex/vcs/go/src/github.com/dotcloud/docker/dockerinit/dockerinit.go:14 +0x1a
The fix is to construct the full params array before escaping it.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
- Added an argument to the call() method in order to control the auth sharing
- Enabled it only for search. Pulls and pushes were enabled already.
- Grouped a few variable declarations
Docker-DCO-1.1-Signed-off-by: Roberto Hashioka <roberto.hashioka@docker.com> (github: rogaha)
Requirements differ from platform to platform depending on the plugins used, and so should be documented separately for each target platform
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Use Resources to represent container limits rather than a cgroup specific field.
Docker-DCO-1.1-Signed-off-by: Paul Nasrat <pnasrat@gmail.com> (github: pnasrat)
This uses a plain filepath.Walk + addTarFile to create a tar file,
optionially compressing it with gzip.
Unfortunately go only has gzip compression support, not bzip2 or xz.
However, this is not a regression, as docker currently uses *no*
compression for TarFilter(). The only compression of tarfiles
currently happens in utils/tarsum.go, and that manually does gzip
compression.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This is the code that takes a normal file and adds it to a TarWriter.
We extract it so that we can share it with Tar().
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This simplifies that code that calls out to tar by removing support
for now unused features.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Mount is self contained and generic, it should be in pkg, to allow other pkg modules to use it.
Docker-DCO-1.1-Signed-off-by: Paul Nasrat <pnasrat@gmail.com> (github: pnasrat)
Tested successfully with variations around mounting /var/run and /var/run/docker.sock inside a "debian" container directly at /var/run/docker.sock where /var/run is a symlink to "/run" on both the host and in the container.
Fixes#3262
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
This also includes several new minor features that are interesting, so do explore a little. :)
Finally, this also fixes a few bugs where commands would complete parameters that they won't necessarily accept. We still have a few of these cases, but they're reduced to a minimum now.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
update docker.go
move to pkg
update docs
update name and copyright
change --sinceId to --since-id, update completion and docs
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor@docker.com> (github: vieux)
AFAIK in some previous version it was possible to give a compressed docker file
to the API's build command and that was handled properly (aka compression was
detected and archive uncompressed accordingly). Fails with at least 0.7.5.
Fixed this using the DecompressStream method from the archive package.
Docker-DCO-1.1-Signed-off-by: Gereon Frey <me@gereonfrey.de> (github: gfrey)
stat.Rdev and time.* is 32bit on OSX, which breaks cross builds with eg:
cannot use stat.Rdev (type int32) as type uint64 in function argument
We fix this with an extra conversion to uint64.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
The idx.index array is overwritten when a new value is inserted to the index.
When two containers are created concurrently, their ids are inserted to the
index and one can overwrite the other leaving one of ids missing from the
index. Adding a RWMutex lock around read/write operations fixes this.
Docker-DCO-1.1-Signed-off-by: James Allen <jamesallen0108@gmail.com> (github: jpallen)
I personally tested this using our container, and this was the lowest version that compiles and runs properly.
Docker-DCO-1.0-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Docker-DCO-1.1-Signed-off-by: Tianon Gravi <admwiggin@gmail.com> (github: crosbymichael)
As long as we're doing it, we ought to do it for all the "official" Docker properties at least
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Docker-DCO-1.1-Signed-off-by: Tianon Gravi <admwiggin@gmail.com> (github: crosbymichael)
It's only in "Recommends" because it's only required for all but the esoteric configurations (since you can't "docker pull" from the index without it, but that's about it).
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Docker-DCO-1.1-Signed-off-by: Tianon Gravi <admwiggin@gmail.com> (github: crosbymichael)
To avoid unexpected results since docker was using http.
For instance, my broadband doesn't return not found when it's down but
a html page saying that the internet is down. Docker was showing that
html instead of ignoring it.
Fix#3570
Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: crosbymichael)
Added a new documentation page explaining how to install Docker on
openSUSE.
Docker-DCO-1.1-Signed-off-by: Flavio Castelli <fcastelli@suse.com> (github: flavio)
This replaces the shelling out to tar with a reimplementation of untar
based on the archive/tar code and the pre-existing code from ApplyLayer
to create real files from tar headers.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Previously we've been getting:
```
Step 6 : RUN pip install Sphinx==1.1.3
---> Running in 397eab32f57a
Wheel installs require setuptools >= 0.8 for dist-info support.
pip's wheel support requires setuptools >= 0.8 for dist-info support.
Storing debug log for failure in /.pip/pip.log
2014/01/13 18:01:34 The command [/bin/sh -c pip install Sphinx==1.1.3] returned a non-zero code: 1
make: *** [docs] Error 1
```
This fixes that by telling pip not to use sudo to install (since we're already root).
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
To avoid unexpected results since docker was using http.
For instance, my broadband doesn't return not found when it's down but
a html page saying that the internet is down. Docker was showing that
html instead of ignoring it.
Fix#3570
Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
This works around the fact that deleting a device in a thin pool
doesn't discard the free space. Unfortunately even this is not perfect,
as it seems discards are respected only for blocks that has never been
shared in the thin device code. However, this has been fixed in the
upstream kernel device-mapper tree:
http://git.kernel.org/cgit/linux/kernel/git/device-mapper/linux-dm.git/commit/?h=for-next&id=0ab1c92ff748b745c1ed7cde31bb37ad2c5f901a
When this hits the kernel I belive this will fully return space
for removed images/containers to the host FS. For now it only
helps partially (which is better than nothing).
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This changes ExportChanges to use the go tar support so we can
directly create tar layer files. This has several advantages:
* We don't have to create the whiteout files on disk to get them
added to the layer
* We can later guarantee specific features (such as xattrs) being
supported by the tar implementation.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This *should* have the same effect as the previous strategy: Instead of
'mkdir empty; fpm -s dir -C empty ...' we can simply do 'fpm -s empty'
Docker-DCO-1.1-Signed-off-by: Jordan Sissel <jls@semicomplete.com> (github: jordansissel)
It's only in "Recommends" because it's only required for all but the esoteric configurations (since you can't "docker pull" from the index without it, but that's about it).
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
As long as we're doing it, we ought to do it for all the "official" Docker properties at least
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Commit 894d4a23fb made BuildFile use TarSum, which doesn't support
compressed tar archives.
This breaks builds from git url, which compressed it with bzip2.
Instead, just pass it uncompressed.
Docker-DCO-1.0-Signed-off-by: Paul Lietar <paul@lietar.net> (github: plietar)
The DCO is a bit hard to read on Github right now because there is lots
of horizontal scrolling. Reformat it to 78 chars per line like the rest
of the file.
Example: http://imgur.com/LtJEIsl
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
If we don't care about the container then we don't care about any
volumes created with the run of that container
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
* docker push host:port/namespace/repo wouldn't push multiple tags for
the same image
* getImageList was unnecessarily complex returning a nested array of
ImgData when a correctly ordered list of images was sufficient
* removed various bits of redundancy
Docker-DCO-1.0-Signed-off-by: Danny Yates <danny@codeaholics.org> (github: codeaholics)
The hello world example relies on being able to exit the container attachment using Control-C without stopping it. According to this thread (and my own experience), this doesn't work anymore:
https://groups.google.com/forum/#!msg/docker-user/nWXAnyLP9-M/kbv-FZpF4rUJ
Added -sig-proxy=false to the attach command.
ImageGetCached searches for an image from the cache. Instead of returning the
first image it finds, it should return the most recently created image. When a
build with --no-cache then adds a new image with the same parameters, it is
used instead of the old, existing image.
Docker-DCO-1.0-Signed-off-by: Sjoerd Langkemper <sjoerd@byte.nl> (github: Sjord)
I personally tested this using our container, and this was the lowest version that compiles and runs properly.
Docker-DCO-1.0-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Instead of `curl $url | apt-get add -` use the ubuntu keyserver and a full
fingerprint to retreive the key. This makes the distribution of the GPG key
more secure an less likely to change even if 3rd party gains access to the
packages repository.
Docker-DCO-1.0-Signed-off-by: Jonas Pfenniger <zimbatm@zimbatm.com> (github: zimbatm)
This reverts commit 733bf5d3dd.
This is needed to fix "no such file" errors `docker build` errors for
devicemapper.
This fixes issue #3449.
Docker-DCO-1.0-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
After each push, Travis CI will trigger, and check two things:
- make sure that each commit in the push has the Docker certificate of origin
- make sure that all .go files changed by this sequence of commits are correctly formatted in the most recent commit
Note: there is one edge case; if you do a git force push, we cannot figure out the actual commits in the force push, and we will just run the checks as if upstream master were the base. Pull requests will always be tested correctly, though.
Docker-DCO-1.0-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Use mountinfo rather than for cgroups parsing.
Make helper method private and change name.
Makes method naming more explicit rather than GetThisCgroup.
Use upstream term subsystem rather than cgroupType.
Swap "grep -q" with "grep > /dev/null" so that "go help" doesn't balk when the pipe closes unexpectedly (since "grep -q" closes the pipe the second it finds a match)
With two additional commands, this procedure will work for Ubuntu 13.10 using the image stackbrew/ubuntu:13.10.
1) change /etc/pam.d/sshd, pam_loginuid line 'required' to 'optional'
2) echo LANG=\"en_US.UTF-8\" > /etc/default/locale
Whether or not the "busybox" image downloads and runs properly at the end of the build, we don't want to have the script return a failing exit code, especially since at that point, Docker is successfully installed, and we're just tooting our own horn for good measure.
The 1.7 API docs show the ability to pass Privileged
when creating a container. This is not supported as.
Privileged is now part of hostConfig and can only be
passed when starting a container.
This fixes the documentation issue.
On previous version, glob pattern will be expanded to actual file
names when writing setting to etc/apt/apt.conf.d/no-cache.
This patch fixes to quote to work cache clean command properly.
An additional flag to limit the networking MTU is required in three Compute Engine zones for reliable networking from inside the docker container. Added a warning to that effect to the QuickStart guide.
Since commit c91c365, when starting the docker daemon without an
existing /var/lib/docker directory, it fails with:
2013/12/18 23:39:36 Unable to canonicalize root (%!s(*string=0xc210077c80)): lstat /var/lib/docker: no such file or directory
Move the symlink checking code to engine.New after the root dir has been
created.
When pulling from a registry we get a compressed tar archive, so
we need to wrap the stream in the right kind of compress reader.
Unfortunately go doesn't have an Xz decompression method, but I
don't think any docker layers use that atm anyway.
Only necessary if distro policy dictates that the path deviate from the paths already listed in utils/utils.go - please refrain from using it otherwise.
Along with the kernel requirement, you need a working copy of lxc. When trying to start using "/docker -d", received error 'initapi: exec: "lxc-start": executable file not found in $PATH'
The TestLookupImage test seems to use a layer that contains
/etc/postgres/postgres.conf, but not e.g. /etc/postgres.
To handle this we ensure that the parent directory always
exists, and if not we create it.
Previously the introduction link pointed to www.docker.io. That
did not seem to make a lot of sense to me so instead I pointed it
at:
http://www.docker.io/learn_more/
The default gnu tar format has no sub-second precision mtime support,
and the golang tar writer currently doesn't support that either.
This means if we export the changes from a container we will not
get zeron in the sub-second precision field when the change is applied.
This means we can't compare that to the original without getting a
spurious change. So, we detect this case by treating a case where the
seconds match and either of the two nanoseconds are zero as equal.
Rather than calling out to tar we use the golang tar parser
to directly extract the tar files. This has two major advantages:
1) We're able to replace an existing directory with a file in the
new layer. This currently breaks with the external tar, since
it refuses to recursively remove the destination directory in
this case, and there are no options to make it do that.
2) We avoid extracting the whiteout files just to later remove them.
We purposely chose to license Docker under the Apache 2.0 license. This is a well-known
license, which is popular for its permissive and flexible properties, while still
encouraging a collaborative community. It also makes certain representations with regard
to contributions, and the rights given to contributors, the project, people who use Docker,
people who modify Docker, etc.
This approach to contributions is inspired by the popular Linux Developer
"Certificate of Origin". This approach makes it simple for new contributors to get started,
and avoids bureaucracy in tracking contributions and contributors.
To indicate accordance, each individual contribution to the Project is signed off by the
developer, using his or her real name, email address, and github handle in the format below:
Docker-DCO-1.0-Signed-off-by: Joe Smith <joe.smith@email.com>
2013-10-04 14:27:26 -07:00
454 changed files with 31555 additions and 12042 deletions
# sometimes we have upstream master already as origin/master (PRs), but other times we don't, so let's just make sure we have a completely unambiguous way to specify "upstream master" from here out
# but if it's a PR against non-master, we need that upstream branch instead :)
- Ensure docker cp stream is closed properly. Fixes problems with files not being copied by `docker cp`.
- Stop making `tcp://` default to `127.0.0.1:4243` and remove the default port for tcp.
- Fix `--run` in `docker commit`. This makes `docker commit --run` work again.
- Fix custom bridge related options. This makes custom bridges work again.
+ Mount-bind the PTY as container console. This allows tmux/screen to run.
+ Add the pure Go libcontainer library to make it possible to run containers using only features of the Linux kernel.
+ Add native exec driver which uses libcontainer and make it the default exec driver.
- Add support for handling extended attributes in archives.
* Set the container MTU to be the same as the host MTU.
+ Add simple sha256 checksums for layers to speed up `docker push`.
* Improve kernel version parsing.
* Allow flag grouping (`docker run -it`).
- Remove chroot exec driver.
- Fix divide by zero to fix panic.
- Rewrite `docker rmi`.
- Fix docker info with lxc 1.0.0.
- Fix fedora tty with apparmor.
* Don't always append env vars, replace defaults with vars from config.
* Fix a goroutine leak.
* Switch to Go 1.2.1.
- Fix unique constraint error checks.
* Handle symlinks for Docker's data directory and for TMPDIR.
- Add deprecation warnings for flags (-flag is deprecated in favor of --flag)
- Add apparmor profile for the native execution driver.
* Move system specific code from archive to pkg/system.
- Fix duplicate signal for `docker run -i -t` (issue #3336).
- Return correct process pid for lxc.
- Add a -G option to specify the group which unix sockets belong to.
+ Add `-f` flag to `docker rm` to force removal of running containers.
+ Kill ghost containers and restart all ghost containers when the docker daemon restarts.
+ Add `DOCKER_RAMDISK` environment variable to make Docker work when the root is on a ramdisk.
## 0.8.1 (2014-02-18)
#### Builder
- Avoid extra mount/unmount during build. This removes an unneeded mount/unmount operation which was causing problems with devicemapper
- Fix regression with ADD of tar files. This stops Docker from decompressing tarballs added via ADD from the local file system
- Add error to `docker build --rm`. This adds a missing error check to ensure failures to remove containers are detected and reported
#### Documentation
* Update issue filing instructions
* Warn against the use of symlinks for Docker's storage folder
* Replace the Firefox example with an IceWeasel example
* Rewrite the PostgresSQL example using a Dockerfile and add more details to it
* Improve the OS X documentation
#### Remote API
- Fix broken images API for version less than 1.7
- Use the right encoding for all API endpoints which return JSON
- Move remote api client to api/
- Queue calls to the API using generic socket wait
#### Runtime
- Fix the use of custom settings for bridges and custom bridges
- Refactor the devicemapper code to avoid many mount/unmount race conditions and failures
- Remove two panics which could make Docker crash in some situations
- Don't ping registry from the CLI client
- Enable skip_block_zeroing for devicemapper. This stops devicemapper from always zeroing entire blocks
- Fix --run in `docker commit`. This makes docker commit store `--run` in the image configuration
- Remove directory when removing devicemapper device. This cleans up leftover mount directories
- Drop NET_ADMIN capability for non-privileged containers. Unprivileged containers can't change their network configuration
- Ensure `docker cp` stream is closed properly
- Avoid extra mount/unmount during container registration. This removes an unneeded mount/unmount operation which was causing problems with devicemapper
- Stop allowing tcp:// as a default tcp bin address which binds to 127.0.0.1:4243 and remove the default port
+ Mount-bind the PTY as container console. This allows tmux and screen to run in a container
- Clean up archive closing. This fixes and improves archive handling
- Fix engine tests on systems where temp directories are symlinked
- Add test methods for save and load
- Avoid temporarily unmounting the container when restarting it. This fixes a race for devicemapper during restart
- Support submodules when building from a GitHub repository
- Quote volume path to allow spaces
- Fix remote tar ADD behavior. This fixes a regression which was causing Docker to extract tarballs
## 0.8.0 (2014-02-04)
#### Notable features since 0.7.0
* Images and containers can be removed much faster
* Building an image from source with docker build is now much faster
* The Docker daemon starts and stops much faster
* The memory footprint of many common operations has been reduced, by streaming files instead of buffering them in memory, fixing memory leaks, and fixing various suboptimal memory allocations
* Several race conditions were fixed, making Docker more stable under very high concurrency load. This makes Docker more stable and less likely to crash and reduces the memory footprint of many common operations
* All packaging operations are now built on the Go language’s standard tar implementation, which is bundled with Docker itself. This makes packaging more portable across host distributions, and solves several issues caused by quirks and incompatibilities between different distributions of tar
* Docker can now create, remove and modify larger numbers of containers and images graciously thanks to more aggressive releasing of system resources. For example the storage driver API now allows Docker to do reference counting on mounts created by the drivers
With the ongoing changes to the networking and execution subsystems of docker testing these areas have been a focus of the refactoring. By moving these subsystems into separate packages we can test, analyze, and monitor coverage and quality of these packages
* Many components have been separated into smaller sub-packages, each with a dedicated test suite. As a result the code is better-tested, more readable and easier to change
* The ADD instruction now supports caching, which avoids unnecessarily re-uploading the same source content again and again when it hasn’t changed
* The new ONBUILD instruction adds to your image a “trigger” instruction to be executed at a later time, when the image is used as the base for another build
* Docker now ships with an experimental storage driver which uses the BTRFS filesystem for copy-on-write
* Docker is officially supported on Mac OSX
* The Docker daemon supports systemd socket activation
## 0.7.6 (2014-01-14)
#### Builder
* Do not follow symlink outside of build context
#### Runtime
- Remount bind mounts when ro is specified
* Use https for fetching docker version
#### Other
* Inline the test.docker.io fingerprint
* Add ca-certificates to packaging documentation
## 0.7.5 (2014-01-09)
#### Builder
* Disable compression for build. More space usage but a much faster upload
- Fix ADD caching for certain paths
- Do not compress archive from git build
#### Documentation
- Fix error in GROUP add example
* Make sure the GPG fingerprint is inline in the documentation
* Give more specific advice on setting up signing of commits for DCO
#### Runtime
- Fix misspelled container names
- Do not add hostname when networking is disabled
* Return most recent image from the cache by date
- Return all errors from docker wait
* Add Content-Type Header "application/json" to GET /version and /info responses
#### Other
* Update DCO to version 1.1
+ Update Makefile to use "docker:GIT_BRANCH" as the generated image name
* Update Travis to check for new 1.1 DCO version
## 0.7.4 (2014-01-07)
#### Builder
- Fix ADD caching issue with . prefixed path
- Fix docker build on devicemapper by reverting sparse file tar option
- Fix issue with file caching and prevent wrong cache hit
* Use same error handling while unmarshalling CMD and ENTRYPOINT
#### Documentation
* Simplify and streamline Amazon Quickstart
* Install instructions use unprefixed fedora image
* Update instructions for mtu flag for Docker on GCE
+ Add Ubuntu Saucy to installation
- Fix for wrong version warning on master instead of latest
#### Runtime
- Only get the image's rootfs when we need to calculate the image size
- Correctly handle unmapping UDP ports
* Make CopyFileWithTar use a pipe instead of a buffer to save memory on docker build
- Fix login message to say pull instead of push
- Fix "docker load" help by removing "SOURCE" prompt and mentioning STDIN
* Make blank -H option default to the same as no -H was sent
* Extract cgroups utilities to own submodule
#### Other
+ Add Travis CI configuration to validate DCO and gofmt requirements
+ Add Developer Certificate of Origin Text
* Upgrade VBox Guest Additions
* Check standalone header when pinging a registry server
## 0.7.3 (2014-01-02)
#### Builder
+ Update ADD to use the image cache, based on a hash of the added content
* Add error message for empty Dockerfile
#### Documentation
- Fix outdated link to the "Introduction" on www.docker.io
+ Update the docs to get wider when the screen does
- Add information about needing to install LXC when using raw binaries
* Update Fedora documentation to disentangle the docker and docker.io conflict
* Add a note about using the new `-mtu` flag in several GCE zones
+ Add FrugalWare installation instructions
+ Add a more complete example of `docker run`
- Fix API documentation for creating and starting Privileged containers
- Add missing "name" parameter documentation on "/containers/create"
* Add a mention of `lxc-checkconfig` as a way to check for some of the necessary kernel configuration
- Update the 1.8 API documentation with some additions that were added to the docs for 1.7
#### Hack
- Add missing libdevmapper dependency to the packagers documentation
* Update minimum Go requirement to a hard line at Go 1.2+
* Many minor improvements to the Vagrantfile
+ Add ability to customize dockerinit search locations when compiling (to be used very sparingly only by packagers of platforms who require a nonstandard location)
+ Add coverprofile generation reporting
- Add `-a` to our Go build flags, removing the need for recompiling the stdlib manually
* Update Dockerfile to be more canonical and have less spurious warnings during build
- Fix some miscellaneous `docker pull` progress bar display issues
* Migrate more miscellaneous packages under the "pkg" folder
* Update TextMate highlighting to automatically be enabled for files named "Dockerfile"
* Reorganize syntax highlighting files under a common "contrib/syntax" directory
* Update install.sh script (https://get.docker.io/) to not fail if busybox fails to download or run at the end of the Ubuntu/Debian installation
* Add support for container names in bash completion
#### Packaging
+ Add an official Docker client binary for Darwin (Mac OS X)
* Remove empty "Vendor" string and added "License" on deb package
+ Add a stubbed version of "/etc/default/docker" in the deb package
#### Runtime
* Update layer application to extract tars in place, avoiding file churn while handling whiteouts
- Fix permissiveness of mtime comparisons in tar handling (since GNU tar and Go tar do not yet support sub-second mtime precision)
* Reimplement `docker top` in pure Go to work more consistently, and even inside Docker-in-Docker (thus removing the shell injection vulnerability present in some versions of `lxc-ps`)
+ Update `-H unix://` to work similarly to `-H tcp://` by inserting the default values for missing portions
- Fix more edge cases regarding dockerinit and deleted or replaced docker or dockerinit files
* Update container name validation to include '.'
- Fix use of a symlink or non-absolute path as the argument to `-g` to work as expected
* Update to handle external mounts outside of LXC, fixing many small mounting quirks and making future execution backends and other features simpler
* Update to use proper box-drawing characters everywhere in `docker images -tree`
* Move MTU setting from LXC configuration to directly use netlink
* Add `-S` option to external tar invocation for more efficient spare file handling
+ Add arch/os info to User-Agent string, especially for registry requests
+ Add `-mtu` option to Docker daemon for configuring MTU
- Fix `docker build` to exit with a non-zero exit code on error
+ Add `DOCKER_HOST` environment variable to configure the client `-H` flag without specifying it manually for every invocation
## 0.7.2 (2013-12-16)
#### Runtime
@@ -15,7 +297,7 @@
- Prevent deletion of image if ANY container is depending on it even if the container is not running
* Update docker push to use new progress display
* Use os.Lstat to allow mounting unix sockets when inspecting volumes
- Adjusted handling of inactive user login
- Adjust handling of inactive user login
- Add missing defines in devicemapper for older kernels
- Allow untag operations with no container validation
- Add auth config to docker build
@@ -110,7 +392,7 @@
#### Runtime
* Improved stability, fixes some race conditons
* Improve stability, fixes some race conditons
* Skip the volumes mounted when deleting the volumes of container.
* Fix layer size computation: handle hard links correctly
* Use the work Path for docker cp CONTAINER:PATH
@@ -153,7 +435,7 @@
+ Add lock around write operations in graph
* Check if port is valid
* Fix restart runtime error with ghost container networking
+ Added some more colors and animals to increase the pool of generated names
+ Add some more colors and animals to increase the pool of generated names
* Fix issues in docker inspect
+ Escape apparmor confinement
+ Set environment variables using a file.
@@ -307,7 +589,7 @@
* Improve network performance for VirtualBox
* Revamp install.sh to be usable by more people, and to use official install methods whenever possible (apt repo, portage tree, etc.)
# see https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
# note: we can't use "git clone -b" above because it requires at least git 1.7.10 to be able to use that on a tag instead of a branch and we only have 1.7.9.5
# note: we don't use "git clone -b" above because it then spews big nasty warnings about 'detached HEAD' state that we can't silence as easily as we can silence them using "git checkout" directly
# Compile and install lvm2
RUNcd /usr/local/lvm2 && ./configure --enable-static_link && make device-mapper && make install_device-mapper
# see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
# Install Go
RUN curl -s https://go.googlecode.com/files/go1.2.1.src.tar.gz | tar -v -C /usr/local -xz
local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf')
function__fish_docker_no_subcommand--description'Test if docker has yet to be given the subcommand'
foriin(commandline-opc)
ifcontains-- $i attach build commit cp diff events export history images import info insert inspect kill load login logs port ps pull push restart rm rmi run save search start stop tag top version wait
return1
end
end
return0
end
function__fish_print_docker_containers--description'Print a list of docker containers'-a select
complete-c docker -f-n'__fish_docker_no_subcommand'-s D -l debug -d'Enable debug mode'
complete-c docker -f-n'__fish_docker_no_subcommand'-s H -l host -d'tcp://host:port, unix://path/to/socket, fd://* or fd://socketfd to use in daemon mode. Multiple sockets can be specified'
complete-c docker -f-n'__fish_docker_no_subcommand'-l api-enable-cors -d'Enable CORS headers in the remote API'
complete-c docker -f-n'__fish_docker_no_subcommand'-s b -l bridge -d"Attach containers to a pre-existing network bridge; use 'none' to disable container networking"
complete-c docker -f-n'__fish_docker_no_subcommand'-l bip -d"Use this CIDR notation address for the network bridge's IP, not compatible with -b"
complete-c docker -f-n'__fish_docker_no_subcommand'-s d -l daemon -d'Enable daemon mode'
complete-c docker -f-n'__fish_docker_no_subcommand'-l dns -d'Force docker to use specific DNS servers'
complete-c docker -f-n'__fish_docker_no_subcommand'-s g -l graph -d'Path to use as the root of the docker runtime'
complete-c docker -f-n'__fish_docker_no_subcommand'-l ip -d'Default IP address to use when binding container ports'
complete-c docker -f-n'__fish_docker_no_subcommand'-l ip-forward -d'Disable enabling of net.ipv4.ip_forward'
complete-c docker -f-n'__fish_docker_no_subcommand'-l iptables -d"Disable docker's addition of iptables rules"
complete-c docker -f-n'__fish_docker_no_subcommand'-l mtu -d'Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if not default route is available'
complete-c docker -f-n'__fish_docker_no_subcommand'-s p -l pidfile -d'Path to use for daemon PID file'
complete-c docker -f-n'__fish_docker_no_subcommand'-s r -l restart -d'Restart previously running containers'
complete-c docker -f-n'__fish_docker_no_subcommand'-s s -l storage-driver -d'Force the docker runtime to use a specific storage driver'
complete-c docker -f-n'__fish_docker_no_subcommand'-s v -l version -d'Print version information and quit'
# subcommands
# attach
complete-c docker -f-n'__fish_docker_no_subcommand'-a attach -d'Attach to a running container'
complete-c docker -A-f-n'__fish_seen_subcommand_from attach'-l no-stdin -d'Do not attach stdin'
complete-c docker -A-f-n'__fish_seen_subcommand_from attach'-l sig-proxy -d'Proxify all received signal to the process (even in non-tty mode)'
complete-c docker -A-f-n'__fish_seen_subcommand_from build'-l rm -d'Remove intermediate containers after a successful build'
complete-c docker -A-f-n'__fish_seen_subcommand_from build'-s t -l tag -d'Repository name (and optionally a tag) to be applied to the resulting image in case of success'
# commit
complete-c docker -f-n'__fish_docker_no_subcommand'-a commit -d"Create a new image from a container's changes"
complete-c docker -A-f-n'__fish_seen_subcommand_from commit'-s a -l author -d'Author (eg. "John Hannibal Smith <hannibal@a-team.com>"'
complete-c docker -A-f-n'__fish_seen_subcommand_from commit'-s m -l message -d'Commit message'
complete-c docker -A-f-n'__fish_seen_subcommand_from commit'-l run -d'Config automatically applied when the image is run. (ex: -run=\'{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}\')'
complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_print_docker_containers all)' -d "Container"
# cp
complete -c docker -f -n '__fish_docker_no_subcommand' -a cp -d 'Copy files/folders from the containers filesystem to the host path'
# diff
complete -c docker -f -n '__fish_docker_no_subcommand' -a diff -d "Inspect changes on a container's filesystem"
complete -c docker -A -f -n '__fish_seen_subcommand_from diff' -a '(__fish_print_docker_containers all)' -d "Container"
# events
complete -c docker -f -n '__fish_docker_no_subcommand' -a events -d 'Get real time events from the server'
complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l since -d 'Show previously created events and then stream.'
# export
complete -c docker -f -n '__fish_docker_no_subcommand' -a export -d 'Stream the contents of a container as a tar archive'
complete -c docker -A -f -n '__fish_seen_subcommand_from export' -a '(__fish_print_docker_containers all)' -d "Container"
# history
complete -c docker -f -n '__fish_docker_no_subcommand' -a history -d 'Show the history of an image'
complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s a -l all -d 'show all images (by default filter out the intermediate images used to build)'
complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s s -l size -d 'Display sizes'
complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l since-id -d 'Show only containers created since Id, include non-running ones.'
# pull
complete -c docker -f -n '__fish_docker_no_subcommand' -a pull -d 'Pull an image or a repository from the docker registry server'
complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -s t -l tag -d 'Download tagged image in repository'
complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -a '(__fish_print_docker_images)' -d "Image"
complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -a '(__fish_print_docker_repositories)' -d "Repository"
# push
complete -c docker -f -n '__fish_docker_no_subcommand' -a push -d 'Push an image or a repository to the docker registry server'
complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print_docker_images)' -d "Image"
complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print_docker_repositories)' -d "Repository"
# restart
complete -c docker -f -n '__fish_docker_no_subcommand' -a restart -d 'Restart a running container'
complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -s t -l time -d 'Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10'
complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -a '(__fish_print_docker_containers running)' -d "Container"
# rm
complete -c docker -f -n '__fish_docker_no_subcommand' -a rm -d 'Remove one or more containers'
complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s l -l link -d 'Remove the specified link and not the underlying container'
complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s v -l volumes -d 'Remove the volumes associated to the container'
complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -a '(__fish_print_docker_containers stopped)' -d "Container"
# rmi
complete -c docker -f -n '__fish_docker_no_subcommand' -a rmi -d 'Remove one or more images'
complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -a '(__fish_print_docker_images)' -d "Image"
# run
complete -c docker -f -n '__fish_docker_no_subcommand' -a run -d 'Run a command in a new container'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s P -l publish-all -d 'Publish all exposed ports to the host interfaces'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s a -l attach -d 'Attach to stdin, stdout or stderr.'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s c -l cpu-shares -d 'CPU shares (relative weight)'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cidfile -d 'Write the container ID to the file'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s d -l detach -d 'Detached mode: Run container in the background, print new container id'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns -d 'Set custom dns servers'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s e -l env -d 'Set environment variables'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l entrypoint -d 'Overwrite the default entrypoint of the image'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l expose -d 'Expose a port from the container without publishing it to your host'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s h -l hostname -d 'Container host name'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep stdin open even if not attached'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container (name:alias)'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: <number><optional unit>, where unit= b, k, m or g)'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s n -l networking -d 'Enable networking for this container'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s p -l publish -d "Publish a container's port to the host (format: ip:hostPort:containerPort |ip::containerPort |hostPort:containerPort)(use'docker port' to see the actual mapping)"
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l privileged -d 'Give extended privileges to this container'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l rm -d 'Automatically remove the container when it exits (incompatible with -d)'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l sig-proxy -d 'Proxify all received signal to the process (even in non-tty mode)'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s t -l tty -d 'Allocate a pseudo-tty'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s u -l user -d 'Username or UID'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s v -l volume -d 'Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l volumes-from -d 'Mount volumes from the specified container(s)'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s w -l workdir -d 'Working directory inside the container'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -a '(__fish_print_docker_images)' -d "Image"
# save
complete -c docker -f -n '__fish_docker_no_subcommand' -a save -d 'Save an image to a tar archive'
complete -c docker -A -f -n '__fish_seen_subcommand_from save' -a '(__fish_print_docker_images)' -d "Image"
# search
complete -c docker -f -n '__fish_docker_no_subcommand' -a search -d 'Search for an image in the docker index'
complete -c docker -A -f -n '__fish_seen_subcommand_from search' -s s -l stars -d 'Only displays with at least xxx stars'
complete -c docker -A -f -n '__fish_seen_subcommand_from search' -s t -l trusted -d 'Only show trusted builds'
# start
complete -c docker -f -n '__fish_docker_no_subcommand' -a start -d 'Start a stopped container'
complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s a -l attach -d "Attach container's stdout/stderr and forward all signals to the process"
complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s i -l interactive -d "Attach container's stdin"
complete -c docker -A -f -n '__fish_seen_subcommand_from start' -a '(__fish_print_docker_containers stopped)' -d "Container"
# stop
complete -c docker -f -n '__fish_docker_no_subcommand' -a stop -d 'Stop a running container'
complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -s t -l time -d 'Number of seconds to wait for the container to stop before killing it.'
complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -a '(__fish_print_docker_containers running)' -d "Container"
# tag
complete -c docker -f -n '__fish_docker_no_subcommand' -a tag -d 'Tag an image into a repository'
complete -c docker -A -f -n '__fish_seen_subcommand_from tag' -s f -l force -d 'Force'
complete -c docker -A -f -n '__fish_seen_subcommand_from tag' -a '(__fish_print_docker_images)' -d "Image"
# top
complete -c docker -f -n '__fish_docker_no_subcommand' -a top -d 'Lookup the running processes of a container'
complete -c docker -A -f -n '__fish_seen_subcommand_from top' -a '(__fish_print_docker_containers running)' -d "Container"
# version
complete -c docker -f -n '__fish_docker_no_subcommand' -a version -d 'Show the docker version information'
# wait
complete -c docker -f -n '__fish_docker_no_subcommand' -a wait -d 'Block until a container stops, then print its exit code'
complete -c docker -A -f -n '__fish_seen_subcommand_from wait' -a '(__fish_print_docker_containers running)' -d"Container"
bridgeName=flag.String([]string{"b","-bridge"},"","Attach containers to a pre-existing network bridge; use 'none' to disable container networking")
bridgeIp=flag.String([]string{"#bip","-bip"},"","Use this CIDR notation address for the network bridge's IP, not compatible with -b")
pidfile=flag.String([]string{"p","-pidfile"},"/var/run/docker.pid","Path to use for daemon PID file")
flRoot=flag.String([]string{"g","-graph"},"/var/lib/docker","Path to use as the root of the docker runtime")
flSocketGroup=flag.String([]string{"G","-group"},"docker","Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group")
flEnableCors=flag.Bool([]string{"#api-enable-cors","-api-enable-cors"},false,"Enable CORS headers in the remote API")
flDns=opts.NewListOpts(opts.ValidateIp4Address)
flEnableIptables=flag.Bool([]string{"#iptables","-iptables"},true,"Disable docker's addition of iptables rules")
flEnableIpForward=flag.Bool([]string{"#ip-forward","-ip-forward"},true,"Disable enabling of net.ipv4.ip_forward")
flDefaultIp=flag.String([]string{"#ip","-ip"},"0.0.0.0","Default IP address to use when binding container ports")
flGraphDriver=flag.String([]string{"s","-storage-driver"},"","Force the docker runtime to use a specific storage driver")
flExecDriver=flag.String([]string{"e","-exec-driver"},"native","Force the docker runtime to use a specific exec driver")
flHosts=opts.NewListOpts(api.ValidateHost)
flMtu=flag.Int([]string{"#mtu","-mtu"},0,"Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available")
)
flag.Var(&flDns,"dns","Force docker to use specific DNS servers")
flag.Var(&flHosts,"H","Multiple tcp://host:port or unix://path/to/socket to bind in daemon mode, single connection otherwise")
flag.Var(&flDns,[]string{"#dns","-dns"},"Force docker to use specific DNS servers")
flag.Var(&flHosts,[]string{"H","-host"},"tcp://host:port, unix://path/to/socket, fd://* or fd://socketfd to use in daemon mode. Multiple sockets can be specified")
flag.Parse()
@@ -51,47 +54,92 @@ func main() {
return
}
ifflHosts.Len()==0{
// If we do not have a host, default to unix socket
@@ -24,7 +24,17 @@ a working, up-to-date docker installation, then continue to the next
step.
Step 2: Check out the Source
Step 2: Install tools used for this tutorial
--------------------------------------------
Install ``git``; honest, it's very good. You can use other ways to get the Docker
source, but they're not anywhere near as easy.
Install ``make``. This tutorial uses our base Makefile to kick off the docker
containers in a repeatable and consistent way. Again, you can do it in other ways
but you need to do more work.
Step 3: Check out the Source
----------------------------
..code-block::bash
@@ -35,7 +45,7 @@ Step 2: Check out the Source
To checkout a different revision just use ``git checkout`` with the name of branch or revision number.
Step 3: Build the Environment
Step 4: Build the Environment
-----------------------------
This following command will build a development environment using the Dockerfile in the current directory. Essentially, it will install all the build and runtime dependencies necessary to build and test Docker. This command will take some time to complete when you first execute it.
@@ -48,7 +58,7 @@ If the build is successful, congratulations! You have produced a clean build of
docker, neatly encapsulated in a standard build environment.
Step 4: Build the Docker Binary
Step 5: Build the Docker Binary
-------------------------------
To create the Docker binary, run this command:
@@ -82,14 +92,6 @@ To execute the test cases, run this command:
sudo make test
Note: if you're running the tests in vagrant, you need to specify a dns entry in
the command (either edit the Makefile, or run the step manually):
..code-block::bash
sudo docker run -dns 8.8.8.8 -privileged -v `pwd`:/go/src/github.com/dotcloud/docker docker hack/make.sh test
If the test are successful then the tail of the output should look something like this
..code-block::bash
@@ -120,7 +122,10 @@ If the test are successful then the tail of the output should look something lik
PASS
ok github.com/dotcloud/docker/utils 0.017s
If $TESTFLAGS is set in the environment, it is passed as extra arguments to 'go test'.
You can use this to select certain tests to run, eg.
TESTFLAGS='-run ^TestBuild$' make test
Step 6: Use Docker
@@ -136,7 +141,7 @@ You can run an interactive session in the newly built container:
Extra Step: Build and view the Documentation
-------------------------------------------
--------------------------------------------
If you want to read the documentation from a local website, or are making changes
to it, you can build the documentation and then serve it by:
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
