Signed-off-by: Mary Anthony <mary@docker.com>
Upding sed, adding script to avoid redirects, remove mkdos
Signed-off-by: Mary Anthony <mary@docker.com>
Ignoring graphics with sed
Signed-off-by: Mary Anthony <mary@docker.com>
Fixing kitematic image
Signed-off-by: Mary Anthony <mary@docker.com>
Removing draft
Signed-off-by: Mary Anthony <mary@docker.com>
Fixing link
Signed-off-by: Mary Anthony <mary@docker.com>
removing from the menu
Signed-off-by: Mary Anthony <mary@docker.com>
Updatiing order of project material
Signed-off-by: Mary Anthony <mary@docker.com>
Removing from Regsitry v2 content per Olivier
Signed-off-by: Mary Anthony <mary@docker.com>
tweaking the touchup
Signed-off-by: Mary Anthony <mary@docker.com>
Removing include; only used four places; hugo global var replace
Signed-off-by: Mary Anthony <mary@docker.com>
Entering fixes from page-by-page
Signed-off-by: Mary Anthony <mary@docker.com>
(cherry picked from commit 328dbd0aa2)
Working docs
Update after check
update to centos 7 after second test
Updating with hopefully correct urls
Adding thaJetzah's comments
Updating with the new images
Updating after a visual check
Signed-off-by: Mary Anthony <mary@docker.com>
Updating with comments
Signed-off-by: Mary Anthony <mary@docker.com>
(cherry picked from commit f9ab04ad13)
Previous versions of libcontainer allowed CpuShares that were greater
than the maximum or less than the minimum supported by the kernel, and
relied on the kernel to do the right thing. Newer libcontainer fails
after creating the container if the requested CpuShares is different
from what was actually created by the kernel, which breaks compatibility
with earlier Docker Remote API versions. This change explicitly adjusts
the requested CpuShares in API versions < 1.20.
Signed-off-by: Samuel Karp <skarp@amazon.com>
(cherry picked from commit ed39fbeb2a)
If no Mtu value is provided to the docker daemon, get the mtu from the
default route's interface. If there is no default route, default to a
mtu of 1500.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
(cherry picked from commit ff4e58ff56)
Currently digests are not stored on pull, causing a simple re-tag or re-push to send up all layers. Storing the digests on pull will allow subsequent pushes to the same repository to not push up content.
This does not address pushing content to a new repository. When content is pushed to a new repository, the digest will be recalculated. Since only one digest is currently stored, it may cause a new content push to the original repository.
Fixes#13883
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit a98ea87e46)
Tweaking for Hugo
Updating the Dockerfile with new sed; fix broken link on Kitematic
Fixing image pull for Dockerfile
Removing docs targets
Signed-off-by: Mary Anthony <mary@docker.com>
(cherry picked from commit f93fee5f48)
The main Dockerfile to was updated - this update brings the
sub-directory specific file inline with it.
Fixes#12866
Signed-off-by: Brian Exelbierd <bex@pobox.com>
(cherry picked from commit 5d51118c7c)
Vendoring in libnetwork 90638ec9cf7fa7b7f5d0e96b0854f136d66bff92
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
(cherry picked from commit 386ab25137)
Adding in other areas per comments
Updating with comments; equalizing generating man page info
Updating with duglin's comments
Doug is right here again;fixing.
Signed-off-by: Mary Anthony <mary@docker.com>
(cherry picked from commit eacae64bd8)
This is breaking various setups where the host's rootfs is mount shared
correctly and breaks live migration with bind mounts.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
(cherry picked from commit c9d71317be)
vols.VolumesRW has been initialized so it can't be nil. Furthermore
it's ok to read a nil map.
Signed-off-by: Zefan Li <lizefan@huawei.com>
(cherry picked from commit 8b4c0decfc)
When the daemon is going down trigger immediate
garbage collection of libnetwork resources deleted
like namespace path since there will be no way to
remove them when the daemon restarts.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
(cherry picked from commit c68e7f96f9)
This patch ensures no auth headers are set for v1 registries if there
was a 302 redirect.
This also ensures v2 does not use authTransport.
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 123a0582b2)
Show how to use `systemctl show` and recommend against modifying
system unit files in `/usr` and `/lib`.
Fixes#13796.
Signed-off-by: Eric-Olivier Lamey <eo@lamey.me>
(cherry picked from commit 68bfd9e3ae)
Minor tweak to the quoted/json form and made man page look like the Dockerfile
docs. W/o the `,` people may think there should be a space delimited list.
Signed-off-by: Doug Davis <dug@us.ibm.com>
(cherry picked from commit f4a3e8bef0)
Also add a comment to the ValidatePath func so devs/reviewers
know exactly what its looking for.
Signed-off-by: Doug Davis <dug@us.ibm.com>
(cherry picked from commit 3fcf53db92)
This was added before the libnetwork merge, and then lost. Fixes#13755.
Signed-off-by: Eric-Olivier Lamey <eo@lamey.me>
(cherry picked from commit 5fa60149e2)
Remove reference to experimental releases as it is really a nightly
channel rather than a scheduled release.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
(cherry picked from commit d8680f7beb)
Using "DEST" for our build artifacts inside individual bundlescripts was already well-established convention, but this officializes it by having `make.sh` itself set the variable and create the directory, also handling CYGWIN oddities in a single central place (instead of letting them spread outward from `hack/make/binary` like was definitely on their roadmap, whether they knew it or not; sneaky oddities).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
(cherry picked from commit ac3388367b)
container.config.NetworkDisabled is set for both daemon's
DisableNetwork and --networking=false case. Hence using
this flag instead to fix#13725.
There is an existing integration-test to catch this issue,
but it is working for the wrong reasons.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit 83208a531d)
I added 301 redirects from dockerproject.com to dockerproject.org but may as
well make sure everything is updated anyways.
Signed-off-by: Jessica Frazelle <princess@docker.com>
(cherry picked from commit 7943bce894)
This removes complexity of current implementation and makes the test
correct and assert the right things.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
(cherry picked from commit 4f42097883)
To ensure manifest integrity when pulling by digest, this changeset ensures
that not only the remote digest provided by the registry is verified but also
that the digest provided on the command line is checked, as well. If this check
fails, the pull is cancelled as with an error. Inspection also should that
while layers were being verified against their digests, the error was being
treated as tech preview image signing verification error. This, in fact, is not
a tech preview and opens up the docker daemon to man in the middle attacks that
can be avoided with the v2 registry protocol.
As a matter of cleanliness, the digest package from the distribution project
has been updated to latest version. There were some recent improvements in the
digest package.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit 06612cc0fe)
Refactoring in Docker 1.7 changed the behavior to add this header where as Docker <= 1.6 wouldn't emit this Header on a HTTP 302 redirect.
This closes#13649
Signed-off-by: Jeffrey van Gogh <jvg@google.com>
(cherry picked from commit 65c5105fcc)
fallback to pulling from the hub as per v1 behavior.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
(cherry picked from commit 6e4ff1bb13)
Add a paragraph in cli.md mentioning that overlay is not a production
ready graphdriver.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
(cherry picked from commit 67cb748e26)
Merge user specified devices correctly with default devices.
Otherwise the user specified devices end up without permissions.
Signed-off-by: David R. Jenni <david.r.jenni@gmail.com>
(cherry picked from commit c913c9921b)
add api version experimental
Signed-off-by: Jessica Frazelle <princess@docker.com>
(cherry picked from commit b372f9f224)
Conflicts:
docs/sources/reference/api/docker_remote_api_v1.20.md
Sometimes container.cleanup() can be called from multiple paths
for the same container during error conditions from monitor and
regular startup path. So if the container network has been already
released do not try to release it again.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
(cherry picked from commit 6cdf8623d5)
Continues 11858 by:
- Making sure the exit code is always zero when we ask for help
- Making sure the exit code isn't zero when we print help on error cases
- Making sure both short and long usage go to the same stream (stdout vs stderr)
- Making sure all docker commands support --help
- Test that all cmds send --help to stdout, exit code 0, show full usage, no blank lines at end
- Test that all cmds (that support it) show short usage on bad arg to stderr, no blank line at end
- Test that all cmds complain about a bad option, no blank line at end
- Test that docker (w/o subcmd) does the same stuff mentioned above properly
Signed-off-by: Doug Davis <dug@us.ibm.com>
(cherry picked from commit 8324d7918b)
Add a paragraph in cli.md mentioning that overlay is not a production
ready graphdriver.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
(cherry picked from commit 67cb748e26)
When using a scanner, log lines over 64K will crash the Copier with
bufio.ErrTooLong. Subsequently, the ioutils.bufReader will grow without
bound as the logs are no longer being flushed to disk.
Signed-off-by: Burke Libbey <burke.libbey@shopify.com>
(cherry picked from commit f779cfc5d8)
* origin/master: (999 commits)
Review feedback: - Match verbiage with other output - Remove dead code and clearer flow
Vendoring in libnetwork 2da2dc055de5a474c8540871ad88a48213b0994f
Restore the stripped registry version number
Use SELinux labels for volumes
apply selinux labels volume patch on volumes refactor
Modify volume mounts SELinux labels on the fly based on :Z or :z
Remove unused code
Remove redundant set header
Return err if we got err on parseForm
script cleaned up
Fix unregister stats on when rm running container
Fix container unmount networkMounts
Windows: Set default exec driver to windows
Fixes title, line wrap, and Adds install area Tibor's comment Updating with the new plugins Entering comments from Seb
Add regression test to make sure we can load old containers with volumes.
Do not force `syscall.Unmount` on container cleanup.
Revert "Add docker exec run a command in privileged mode"
Cleanup container rm funcs
Allow mirroring only for the official index
Registry v2 mirror support.
...
Conflicts:
CHANGELOG.md
VERSION
api/client/commands.go
api/client/utils.go
api/server/server.go
api/server/server_linux.go
builder/shell_parser.go
builder/words
daemon/config.go
daemon/container.go
daemon/daemon.go
daemon/delete.go
daemon/execdriver/execdrivers/execdrivers_linux.go
daemon/execdriver/lxc/driver.go
daemon/execdriver/native/driver.go
daemon/graphdriver/aufs/aufs.go
daemon/graphdriver/driver.go
daemon/logger/syslog/syslog.go
daemon/networkdriver/bridge/driver.go
daemon/networkdriver/portallocator/portallocator.go
daemon/networkdriver/portmapper/mapper.go
daemon/networkdriver/portmapper/mapper_test.go
daemon/volumes.go
docs/Dockerfile
docs/man/docker-create.1.md
docs/man/docker-login.1.md
docs/man/docker-logout.1.md
docs/man/docker-run.1.md
docs/man/docker.1.md
docs/mkdocs.yml
docs/s3_website.json
docs/sources/installation/windows.md
docs/sources/reference/api/docker_remote_api_v1.18.md
docs/sources/reference/api/registry_api_client_libraries.md
docs/sources/reference/builder.md
docs/sources/reference/run.md
docs/sources/release-notes.md
graph/graph.go
graph/push.go
hack/install.sh
hack/vendor.sh
integration-cli/docker_cli_build_test.go
integration-cli/docker_cli_pull_test.go
integration-cli/docker_cli_run_test.go
pkg/archive/changes.go
pkg/broadcastwriter/broadcastwriter.go
pkg/ioutils/readers.go
pkg/ioutils/readers_test.go
pkg/progressreader/progressreader.go
registry/auth.go
vendor/src/github.com/docker/libcontainer/cgroups/fs/cpu.go
vendor/src/github.com/docker/libcontainer/cgroups/fs/devices.go
vendor/src/github.com/docker/libcontainer/cgroups/fs/memory.go
vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go
vendor/src/github.com/docker/libcontainer/container_linux.go
vendor/src/github.com/docker/libcontainer/init_linux.go
vendor/src/github.com/docker/libcontainer/integration/exec_test.go
vendor/src/github.com/docker/libcontainer/integration/utils_test.go
vendor/src/github.com/docker/libcontainer/nsinit/README.md
vendor/src/github.com/docker/libcontainer/process.go
vendor/src/github.com/docker/libcontainer/rootfs_linux.go
vendor/src/github.com/docker/libcontainer/update-vendor.sh
vendor/src/github.com/docker/libnetwork/portallocator/portallocator_test.go
Fixes a regression from the volumes refactor where the vfs graphdriver
was setting labels for volumes to `s0` so that they can both be written
to by the container and shared with other containers.
When moving away from vfs this was never re-introduced.
Since this needs to happen regardless of volume driver, this is
implemented outside of the driver.
Fixes issue where `z` and `Z` labels are not set for bind-mounts.
Don't lock while creating volumes
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This patch is extending the qualifiers on the -v command to allow
an admin to tell the system to relabel, content. There might be a
need for something similar for changing the DAC Permissions.
Signed-off-by: Jessica Frazelle <princess@docker.com>
UnmountVolumes used to also unmount 'specialMounts' but it no longer does after
a recent refactor of volumes. This patch corrects this behavior to include
unmounting of `networkMounts` which replaces `specialMounts` (now dead code).
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
The v2 registry will act as a pull-through cache, and needs to be
handled differently by the client to the v1 registry mirror.
See docker/distribution#459 for details
Configuration
Only one v2 registry can be configured as a mirror. Acceptable configurations
in this chanage are: 0...n v1 mirrors or 1 v2 mirror. A mixture of v1 and v2
mirrors is considered an error.
Pull
If a v2 mirror is configured, all pulls are redirected to that mirror. The
mirror will serve the content locally or attempt a pull from the upstream mirror,
cache it locally, and then serve to the client.
Push
If an image is tagged to a mirror, it will be pushed to the mirror and be
stored locally there. Otherwise, images are pushed to the hub. This is
unchanged behavior.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
Having the line break in the middle of a code span caused the line break to appear on the web site version, even though it doesn't appear in the preview.
The other two changes are just small grammar improvements.
Signed-off-by: don <donkirkby@gmail.com>
I'm fairly consistently seeing an error in
DockerSuite.TestContainerApiRestartNotimeoutParam:
docker_api_containers_test.go:969:
c.Assert(status, check.Equals, http.StatusNoContent)
... obtained int = 500
... expected int = 204
And in the daemon logs I see:
INFO[0003] Container 8cf77c20275586b36c5095613159cf73babf92ba42ed4a2954bd55dca6b08971 failed to exit within 0 seconds of SIGTERM - using the force
ERRO[0003] Handler for POST /containers/{name:.*}/restart returned error: Cannot restart container 8cf77c20275586b36c5095613159cf73babf92ba42ed4a2954bd55dca6b08971: [2] Container does not exist: container destroyed
ERRO[0003] HTTP Error err=Cannot restart container 8cf77c20275586b36c5095613159cf73babf92ba42ed4a2954bd55dca6b08971: [2] Container does not exist: container destroyed
statusCode=500
Note the "container destroyed" error message. This is being generatd by
the libcontainer code and bubbled up in container.Kill() as a result of the
call to `container.killPossiblyDeadProcess(9)` on line 439.
See the comment in the code, but what I think is going on is that because we
don't have any timeout on the Stop() call we immediate try to force things to
stop. And by the time we get into libcontainer code the process just finished
stopping due to the initial signal, so this secondary sig-9 fails due to the
container no longer running (ie. its 'destroyed').
Since we can't look for "container destroyed" to just ignore the error, because
some other driver might have different text, I opted to just ignore the error
and keep going - with the assumption that if it couldnt send a sig-9 to the
process then it MUST be because its already dead and not something else.
To reproduce this I just run:
curl -v -X POST http://127.0.0.1:2375/v1.19/containers/8cf77c20275586b36c5095613159cf73babf92ba42ed4a2954bd55dca6b08971/restart
a few times and then it fails with the HTTP 500.
Would like to hear some other ideas on to handle this since I'm not
thrilled with the proposed solution.
Signed-off-by: Doug Davis <dug@us.ibm.com>
* Don't AllocateNetwork when network is disabled
* Don't createNetwork in execdriver when network is disabled
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
We should let user create container even if the container he wants
join is not running, that check should be done at start time.
In this case, the running check is done by getIpcContainer() when
we start container.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
We already vendor distribution under ./vendor, but
because the GOPATH is /go:/go/src/github.com/.../vendor
Go will always compile the source code at /go not in ./vendor.
Apart from the fact that it is very inconvenient during
development, it was also a time-bomb: someone vendors a fix
from upstream distribution, but forgets to update
REGISTRY_COMMIT in the Dockerfile, and the binary doesn't get
the fix.
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Mary Anthony <mary@docker.com>
Adding experimental features into the mix
Signed-off-by: Mary Anthony <mary@docker.com>
renaming file
Signed-off-by: Mary Anthony <mary@docker.com>
Because I just used it somewhere else and it would be nice if I didn't have to copy and paste the code.
Signed-off-by: David Calavera <david.calavera@gmail.com>
The DOCKER_EXPERIMENTAL environment variable drives the activation of
the 'experimental' build tag.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Give Docker more time to kill containers before upstart kills Docker.
The default kill timeout is 5 seconds.
This will help decrease the chance of but not eliminate the chance of
orphaned container processes.
Signed-off-by: David Xia <dxia@spotify.com>
If a container was started with a non-root user the container
may not be able to resolve DNS names because of too restrictive
permission in the /etc/resolv.conf container file. This problem
is in how this file gets created in libnetwork and ths PR
attempts to fix the issue by vendoring in the libnetwork code
with the fix.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
As part of this some generic packages like iptables, etchosts and resolvconf
have also been moved to libnetwork. Even though they can still be
consumed in a generic fashion they will reside and be maintained
from within the libnetwork project.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
- Updated Dockerfile to satisfy libnetwork GOPATH requirements.
- Reworked daemon to allocate network resources using libnetwork.
- Reworked remove link code to also update network resources in libnetwork.
- Adjusted the exec driver command population to reflect libnetwork design.
- Adjusted the exec driver create command steps.
- Updated a few test cases to reflect the change in design.
- Removed the dns setup code from docker as resolv.conf is entirely managed
in libnetwork.
- Integrated with lxc exec driver.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
This stops us from erroneously adding "squeeze-lts" to "oldstable" which is now "wheezy", not "squeeze" (but "oldoldstable" _is_ squeeze, hence the new check on `/etc/debian_version` being `6.*` instead, and done as a `case` for the eventual addition of `wheezy-lts`, etc).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
This patch removes the need for requestFactories and decorators
by implementing http.RoundTripper transports instead.
It refactors some challenging-to-read code.
NewSession now takes an *http.Client that can already have a
custom Transport, it will add its own auth transport by wrapping
it.
The idea is that callers of http.Client should not bother
setting custom headers for every handler but instead it should
be transparent to the callers of a same context.
This patch is needed for future refactorings of registry,
namely refactoring of the v1 client code.
Signed-off-by: Tibor Vass <tibor@docker.com>
Not 100% sure why our Windows test don't complain about some of these,
I'm guessing it because we have bash as part of some git package, but
either way we really shouldn't require bash to run our tests unless we
really need to - which in these cases we don't
Signed-off-by: Doug Davis <dug@us.ibm.com>
The intention of the user is to download a verified image if explicitly
pulling with a digest and falling back to v1 registry circumvents that
protection.
Signed-off-by: Nuutti Kotivuori <naked@iki.fi>
In cases where this is failing it's ok to have the test take extra time,
but we don't want it to fail because of some race/performance
differences between systems.
So make the timeout go to 30s and double the sleep time in between
checks so it's not pounding the daemon quite so fast.
Originally I couldn't make this test fail (pre-change), but changed
graphdrivers and saw a failure pretty quickly.
This change seems to smooth that out.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Currently check-config.sh just said enable or missing, when I used
a fresh kernel, made check-config.sh happy, still can't start
container. It take me days debuging kernel and Docker and finally
found it's because I enabled some CONFIGs as modules and never
loaded these modules.
So I think it's necessary to let check-config.sh told users which
configs are enabled as modules.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
when the daemon can't download the image from a `docker import` the
error message was lost due to 'err' being redefined with a block by
mistake. This removes the ":" from "... err := " which fixes it.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Fix for #13175.
This change allows user-input timestamps (e.g. to `docker events
--since/--until` or `docker logs --since` to be parsed using
standard RFC3339Nano layout in Go instead of the layout that parses
all timestamps into fixed-length strings (currently buggy).
User inputs need not to be complying to the internal format
(`RFC3339NanoFixed`) anyway.
Added test case for `events --since/--until` with all possible
timestamp input formats.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Prior to this patch, the response of
- GET /images/json
- GET /containers/json
- GET /images/(name)/history
display the Created Time as UNIX format which doesn't make sense.
These should be more readable as CLI command `docker inspect` shows.
Due to the case that an older client with a newer version daemon, we
need the version check for now.
Signed-off-by: Hu Keping <hukeping@huawei.com>
TestLogsSince used to rely on time synchronization and precision of
the timestamps. This change provides a less flaky alternative.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
- noplog driver pkg for '--log-driver=none' (null object pattern)
- centralized factory for log drivers (instead of case/switch)
- logging drivers registers themselves to factory upon import
(easy plug/unplug of drivers in daemon/logdrivers.go)
- daemon now doesn't start with an invalid log driver
- Name() method of loggers is actually now their cli names (made it useful)
- generalized Read() logic, made it unsupported except json-file (preserves
existing behavior)
Spotted some duplication code around processing of legacy json-file
format, didn't touch that and refactored in both places.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Previously the cache was only updated once on startup, because the graph
code only check for filesystems on startup. However this breaks the API as it
was supposed and so unit tests.
Fixes#13142
Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
Add handler for SIGUSR1 based on feedback regarding when to dump
goroutine stacks. This will also dump goroutine stack traces on SIGQUIT
followed by a hard-exit from the daemon.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Added --since argument to `docker logs` command. Accept unix
timestamps and shows logs only created after the specified date.
Default value is 0 and passing default value or not specifying
the value in the request causes parameter to be ignored (behavior
prior to this change).
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Previous fix used %q which incorrectly go-escaped things. For example:
```
RUN echoo A \& B C
```
would result in the user seeing:
```
INFO[0000] The command '/bin/sh -c echoo A \\& B\tC' returned a non-zero code: 127
```
Note the double-\ and the \t instead of a tab character
The testcase had to double escape things due to logrus getting in the way
but I'm going to fix that in another PR because its a change to the UX.
Signed-off-by: Doug Davis <dug@us.ibm.com>
If firewalld is not installed (or I suppose not running), firewalld was
producing an error in the daemon init logs, even though firewalld is not
required for iptables stuff to function.
The firewalld library code was also logging directly to logrus instead
of returning errors.
Moved logging code higher up in the stack and changed firewalld code to
return errors where appropriate.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
I believe this was failing because 'nc' wouldn't show the data
it received sometimes. So intead of looking for that data we now
look for the output of the echo that comes after the nc command
successfully runs
Signed-off-by: Doug Davis <dug@us.ibm.com>
Generation based on CAP_LAST_CAP, I hardcoded
capability.CAP_BLOCK_SUSPEND as last for systems which has no
/proc/sys/kernel/cap_last_cap
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
The docker graph call driver.Exists() on initialisation for each filesystem in
the graph. This results will results in a lot `zfs get all` commands. To reduce
this, retrieve all descend filesystem at startup and cache it for later checks
Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
instead of let zfs automaticly mount datasets, mount them on demand using mount(2).
This speed up this graph driver in 2 ways:
- less zfs processes needed to start a container
- /proc/mounts get smaller, so zfs userspace tools has less to read (which can
a significant amount of data as the number of layer grows)
This ways it can be also ensured that the correct mountpoint is always used.
Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
Previously, we've taken advantage of the fact that libcontainer's `update-vendor.sh` is the same syntax as Docker's `vendor.sh` with some shell magic. This changes that to copy libcontainer's dependencies into this file explicitly so that we can scale to more projects with varying methods of vendoring (assuming they don't use import re-writing, which screws up everyone).
We'll need to stay diligent in making sure this list matches what's in libcontainer's `update-vendor.sh` (minus the not-required codegangsta/cli dep), but that's a fair trade-off for being able to scale our dependency model better (and track new discrete dependencies more directly).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Before this PR the list of commands that were printed for the help
text was statically put into the flags.Usage() function via main.init(). This
made it impossible to modify later on when we add new commands
via plugins.
This PR moves the list of commands (name & description) into a structure
that is sorted and printed dynamically by the Usage func. This will allow
the code to add to the list of commands after the init() func is done
but before the help text is printed for the user.
This just moves code around - it should have no UX impact at all.
Signed-off-by: Doug Davis <dug@us.ibm.com>
* daemon creation wasn't parallel to request buffering
* it was possible that empty volume will be created in
/var/run/docker.sock by some container
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Add tests for mounting into /proc and /sys
These two locations should be prohibited from mounting volumes into
those destinations.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Also, `curl` is smart enough to see when the consumer of the pipe is going slow that it should slow down the transfer, so this gives a reasonable indication of extraction progress too.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
This makes the "Buffering to disk" part of `docker push` 70% faster in
my use-case (having already applied #12833).
fsync'ing here serves no valuable purpose: if the drive's operation is
interrupted, so it the program's, and this archive has no value other
than the immediate and transient one.
Signed-off-by: Burke Libbey <burke.libbey@shopify.com>
The lxc code here is doing the exact same thing on calling
execdriver.Terminate, so let's just use that.
Also removes some dead comments originally introduced
50144aeb42 but no longer relevant since we
have restart policies.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This fixes the part of #12996 that I forgot. 👼
This also fixes a minor path issue (there's no `libexec` in Debian), and fixes a minor bug with the `debVersion` parsing.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
To account for "/" not working in filenames, we replace it with "_" for our temporary files (that exist only to emulate Bash 4's associative arrays in Bash 3).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
`lxc-stop` does not support sending arbitrary signals.
By default, `lxc-stop -n <id>` would send `SIGPWR`.
The lxc driver was always sending `lxc-stop -n <id> -k`, which always
sends `SIGKILL`. In this case `lxc-start` returns an exit code of `0`,
regardless of what the container actually exited with.
Because of this we must send signals directly to the process when we
can.
Also need to set quiet mode on `lxc-start` otherwise it reports an error
on `stderr` when the container exits cleanly (ie, we didn't SIGKILL it),
this error is picked up in the container logs... and isn't really an
error.
Also cleaned up some potential races for waitblocked test.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
When RUN returns with a non-zero return code it prints the command
that was executed as a Go []string:
```
INFO[0000] The command &{[/bin/sh -c noop a1 a2]} returned a non-zero code: 127
```
instead it should look like this:
```
INFO[0000] The command "/bin/sh -c noop a1 a2" returned a non-zero code: 127
```
Signed-off-by: Doug Davis <dug@us.ibm.com>
This fixes an issue where the build output for the "Steps" would look like:
```
Step 1: RUN echo hi echo hi
```
instead of
```
Step 1: RUN echo hi
```
Also, I noticed that there were no checks to make sure invalid Dockerfile
cmd flags were caught on cmds that didn't use cmd flags at all. They would
have been caught on the cmds that had flags, but cmds that didn't bother
to add a new code for flags would have just ignored them. So, I added
checks to each cmd to flag it.
Added testcases for issues.
Signed-off-by: Doug Davis <dug@us.ibm.com>
This change adds a new docker-in-docker dynamic binary make target which
builds a centos container for creating the dynamically linked binary.
To use it, you first must create the static binary and then call the
dind-dynbinary target. You can call it like:
$ hack/make.sh binary dind-dynbinary rpm
This would then package the dynamic binary into the rpm after having
created it in the centos build container. Unfortunately with this approach
you can't create the rpms and the debs with the same command. They have to
be created separately otherwise the wrong version (static vs. dynamic) gets
packaged.
Various RPM fixes including:
- Adding missing RPM dependencies.
- Add sysconfig configuration files to the RPM.
- Add an epoch to silence the fpm warning.
- Remove unnecessary empty package.
Signed-off-by: Patrick Devine <patrick.devine@docker.com>
Signed-off-by: Chad Metcalf <chad@docker.com>
The `--userland-proxy` daemon flag makes it possible to rely on hairpin
NAT and additional iptables routes instead of userland proxy for port
publishing and inter-container communication.
Usage of the userland proxy remains the default as hairpin NAT is
unsupported by older kernels.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
To help avoid version mismatches between libcontainer and Docker, this updates libcontainer to be the source of truth for which version of logrus the project is using. This should help avoid potential incompatibilities in the future, too. 👍
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Adds a `stream` query param to the stats API which allows API users to
only collect one stats entry and disconnect instead of keeping the
connection alive to stream more stats.
Also adds a `--no-stream` flag to `docker stats` which does the same
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Daniel Zhang <jmzwcn@gmail.com>
Remove empty line after client.CmdInspect docstring
fix#12706
Signed-off-by: Daniel Zhang <jmzwcn@gmail.com>
Remove empty line after client.CmdInspect docstring
fix#12706
Signed-off-by: Daniel Zhang <jmzwcn@gmail.com>
See https://github.com/docker-library/docker/issues/2 for some of the context around this; essentially, we're looking to create an official `docker` image that includes the Docker CLI (and the dependencies necessary for easy Docker-in-Docker), but it makes sense to use the `docker` namespace for that image. The `docker-dev` official image is already builds of Docker's own `Dockerfile` (but specifically of releases), so this seemed like a good fit. 👍
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Turns out that `-f` on a file that's in `.dockerignore` actually does work. No idea why it wasn't when I was doing this before, but oh well! 🤘
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
With this, `docker pull deb<tab>` will show all `debian:*` tags, as before, but `docker pull -a deb<tab>` will complete directly to just `debian`. 👍
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Right now devicemapper mounts thin device using online discards by default
and passes mount option "discard". Generally people discourage usage of
online discards as they can be a drain on performance. Instead it is
recommended to use fstrim once in a while to reclaim the space.
In case of containers, we recommend to keep data volumes separate. So
there might not be lot of rm, unlink operations going on and there might
not be lot of space being freed by containers. So it might not matter
much if we don't reclaim that free space in pool.
User can still pass mount option explicitly using dm.mountopt=discard to
enable discards if they would like to.
So this is more like setting the containers by default for better performance
instead of better space efficiency in pool. And user can change the behavior
if they don't like default behavior.
Reported-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Minor thing but docker cp --help was:
Copy files/folders from a PATH on the container to a HOSTDIR on the host
running the command. Use '-' to write the data
as a tar file to STDOUT.
This changes it to:
Copy files/folders from a PATH on the container to a HOSTDIR on the host
running the command. Use '-' to write the data as a tar file to STDOUT.
The \n made the output look funky.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Add tests for mounting into /proc and /sys
These two locations should be prohibited from mounting volumes into
those destinations.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This patch modifies the journald log driver to store the container ID in
a field named CONTAINER_ID, rather than (ab)using the MESSAGE_ID field.
Additionally, this adds the CONTAINER_ID_FULL field containing the
complete container ID and CONTAINER_NAME, containing the container name.
When using the journald log driver, this permits you to see log messages
from a particular container like this:
# journalctl CONTAINER_ID=a9238443e193
Example output from "journalctl -o verbose" includes the following:
CONTAINER_ID=27aae7361e67
CONTAINER_ID_FULL=27aae7361e67e2b4d3864280acd2b80e78daf8ec73786d8b68f3afeeaabbd4c4
CONTAINER_NAME=web
Closes: #12864
Signed-off-by: Lars Kellogg-Stedman <lars@redhat.com>
prioritize the ports with static mapping before dynamic mapping. This removes
the port conflicts when we allocate static port in the reserved range
together with dynamic ones.
When static port is allocated first, Docker will skip those when determining
free ports for dynamic ones.
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
We encountered a situation where concurrent invocations of the docker daemon on a machine with an older version of iptables led to nondeterministic errors related to simultaenous invocations of iptables.
While this is best resolved by upgrading iptables itself, the particular situation would have been avoided if the docker daemon simply took care not to concurrently invoke iptables. Of course, external processes could also cause iptables to fail in this way, but invoking docker in parallel seems like a pretty common case.
Signed-off-by: Aaron Davidson <aaron@databricks.com>
The `-N` option is not compatible with the `-O` option of wget (see the man page).
The example command now matches the example in the script on http://get.docker.com/.
Signed-off-by: Nik Nyby <nikolas@gnu.org>
This adds support for Dockerfile commands to have options - e.g:
COPY --user=john foo /tmp/
COPY --ignore-mtime foo /tmp/
Supports both booleans and strings.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Before, inspect cont1 cont2 shows:
[{
xxx
}
,{
xxx
}
]
After, it shows:
[
{
xxx
}
,{
xxx
}
]
Because `func (*Encoder) Encode` always followed by a newline character,
so it's difficult to put '}' and ']' one the same line.
To get symmetry, above is our choice.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
The existing page is focused on listing a set of requirements for
proposing a new repository. This information has become outdated and is
duplicated in the `docker-library/official-images` and
`docker-library/docs` GitHub repositories. This PR rewrites the
Official Repositories page to describe what they actually are, and
defers to GitHub/IRC for the subset of users that are interested in
contributing. I also removed the requirement to contact
partners@docker.com and made it optional to reduce the barrier to entry.
Signed-off-by: Peter Salvatore <peter@psftw.com>
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
docs: crop and optimize images
Cropped and optimized images.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Testing and updating the Windows material
Signed-off-by: Mary Anthony <mary@docker.com>
checkpoint
Signed-off-by: Mary Anthony <mary@docker.com>
Fitting the Windows specific material into the contributor guide
Signed-off-by: Mary Anthony <mary@docker.com>
Entering James comments
Signed-off-by: Mary Anthony <mary@docker.com>
When a container has errors on removal, it gets flagged as dead.
If you `docker rm -f` a dead container the container is dereffed from
the daemon and doesn't show up on `docker ps` anymore... except that the
container JSON file may still be lingering around and becomes undead
when you restart the daemon.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
in https://docs.docker.com/articles/ambassador_pattern_linking/
svendowideit/ambassador images is from docker-ut built using this script
and uses socat but socat complains as follows
socat: error while loading shared libraries: libreadline.so.5: cannot open shared object file: No such file or directory
socat: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory
socat: error while loading shared libraries: libcrypto.so.1.0.0: cannot open shared object file: No such file or directory
socat: error while loading shared libraries: libtinfo.so.5: cannot open shared object file: No such file or directory
/usr/lib/x86_64-linux-gnu/lib{crypto,ssl}.so* lib are symlinks so removing -P option from cp
adding libreadline.so and libtinfo.so
Signed-off-by: Jinsoo Park <cellpjs@gmail.com>
update libssl.so path
Signed-off-by: Jinsoo Park <cellpjs@gmail.com>
Remove mkimage-unittest.sh
Signed-off-by: Jinsoo Park <cellpjs@gmail.com>
ParseRestartPolicy is useful function for third party go programs to use
so that they can parse the restart policy in the same way that Docker
does
Signed-off-by: Darren Shepherd <darren@rancher.com>
statsCollector.publishers must be protected to prevent
modifications during the iteration in run().
Being locked for a long time is bad, so pairs of containers &
publishers (pointers) are copied to release the lock fast.
Signed-off-by: Anton Tiurin <noxiouz@yandex.ru>
This only happens with the old git http dumb protocol, but that's what we use in our integration tests.
We check the Content-Type header advertised in http requests to make sure the http transport is the git smart transport:
See this commit as a reference:
4656bf47fc
Signed-off-by: David Calavera <david.calavera@gmail.com>
Add tests on:
- changes.go
- archive.go
- wrap.go
Should fix#11603 as the coverage is now 81.2% on the ``pkg/archive``
package. There is still room for improvement though :).
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Several parts of the codebase didn't use the correct path sanitisation
wrappers. Now that the wrappers have been exposed, use those.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
Due to the importance of path safety, the internal sanitisation wrappers
for volumes and containers should be exposed so other parts of Docker
can benefit from proper path sanitisation.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
If memory cgroup is mounted, memory limit is always supported,
no need to check if these files are exist.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
This also moves `exec -i` test to _unix_test.go because it seems to need a
pty to reliably reproduce the behavior.
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
Since docker test suite is now using gocheck, ``defer
deleteContainer(…)`` is not needed anymore.
Fixes#12705
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
From the Bash manual's `set -e` description:
(https://www.gnu.org/software/bash/manual/bashref.html#index-set)
> Exit immediately if a pipeline (see Pipelines), which may consist of a
> single simple command (see Simple Commands), a list (see Lists), or a
> compound command (see Compound Commands) returns a non-zero status.
> The shell does not exit if the command that fails is part of the
> command list immediately following a while or until keyword, part of
> the test in an if statement, part of any command executed in a && or
> || list except the command following the final && or ||, any command
> in a pipeline but the last, or if the command’s return status is being
> inverted with !. If a compound command other than a subshell returns a
> non-zero status because a command failed while -e was being ignored,
> the shell does not exit.
Additionally, further down:
> If a compound command or shell function executes in a context where -e
> is being ignored, none of the commands executed within the compound
> command or function body will be affected by the -e setting, even if
> -e is set and a command returns a failure status. If a compound
> command or shell function sets -e while executing in a context where
> -e is ignored, that setting will not have any effect until the
> compound command or the command containing the function call
> completes.
Thus, the only way to have our `.integration-daemon-stop` script
actually run appropriately to clean up our daemon on test/script failure
is to use `trap ... EXIT`, which we traditionally avoid because it does
not have any stacking capabilities, but in this case is a reasonable
compromise because it's going to be the only script using it (for now,
at least; we can evaluate more complex solutions in the future if they
actually become necessary).
The alternatives were much less reasonable. One is to have the entire
complex chains in any script wanting to use `.integration-daemon-start`
/ `.integration-daemon-stop` be chained together with `&&` in an `if`
block, which is untenable. The other I could think of was taking the
body of these scripts out into separate scripts, essentially meaning
we'd need two files for each of these, which further complicates the
maintenance.
Add to that the fact that our `trap ... EXIT` is scoped to the enclosing
subshell (`( ... )`) and we're in even more reasonable territory with
this pattern.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
We need this, so client can get error from stream and not from status
code, which is already 200, because write to ResponseWriter was occured.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
When docker pull a non-existent repo, daemon will report "image xxx not found"
with an error code 500, which should be 404.
This commit add 404 "not found" mapping and refactor httpError function.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Currently `docker inspect -f` use json.Unmarshal() unmarshal
to interface, it will store all JSON numbers in float64, so
we use `docker inspect 4f0d73b75a0d | grep Memory` and
`docker inspect -f {{.HostConfig.Memory}} 4f0d73b75a0d` will
get different values.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
- Mount struct now called volumeMount
- Merged volume creation for each volume type (volumes-from, binds, normal
volumes) so this only happens in once place
- Simplified container copy of volumes (for when `docker cp` is a
volume)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Parse the history output to locate the size fields and check
whether they are the correct format or not. Use Column name SIZE
to mark start and end indices of the size fields
Fixes#12578
Signed-off-by: Ankush Agarwal <ankushagarwal11@gmail.com>
https://www.kali.org/ is a Debian derivative. This script completes
succesfully using the Debian install path
Signed-off-by: Andrew Martin <sublimino@gmail.com>
If device is being reactivated before it could go away and deferred
deactivation is scheduled on it, cancel it.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Deferred reove functionality was added to library later. So in old version
of library it did not report deferred_remove field.
Create a new function which also gets deferred_remove field and it will be
called only on newer version of library.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
If a device has been scheduled for deferred deactivation and container
is started again and we need to activate device again, we need to cancel
the deferred deactivation which is already scheduled on the device.
Create a method for the same.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
This will help with debugging as one could just do "docker info" and figure
out of deferred removal is enabled or not.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Provide a new command line knob dm.deferred_device_removal which will enable
deferred device deactivation if driver and library support it.
This patch also checks for library support and driver version.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
A lot of time device mapper devices leak across mount namespace which docker
does not know about and when docker tries to deactivate/delete device,
operation fails as device is open in some mount namespace.
Create a mechanism where one can defer the device deactivation/deletion
so that docker operation does not fail and device automatically goes
away when last reference to it is dropped.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
libdm started offering deferred remove functionality from version
1.02.89. As docker still builds against older libdm, define a tag
libdm_no_deferred_remove to determine whether we are compiling
against new libdm or older one and enable/disable deferred remove
functionality accordingly.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
When ever something vendor/ changes the go dependencies have to downloaded again,
which requires internet access and there for is potential slow. COPY and go install is much faster, while the git urls does not change not this often.
Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
Thanks to @dmcgowan for noticing.
Added a testcase to make sure Save() can create the dir and then
read from it.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Though I am not clear on the intent of the sentence if it means that existing data in the base image is copied into the new volume then the additions I propose make that more clear than the present language.
Signed-off-by: Kent Johnson <kentoj@gmail.com>
This PR does the following:
- migrated ~/.dockerfg to ~/.docker/config.json. The data is migrated
but the old file remains in case its needed
- moves the auth json in that fie into an "auth" property so we can add new
top-level properties w/o messing with the auth stuff
- adds support for an HttpHeaders property in ~/.docker/config.json
which adds these http headers to all msgs from the cli
In a follow-on PR I'll move the config file process out from under
"registry" since it not specific to that any more. I didn't do it here
because I wanted the diff to be smaller so people can make sure I didn't
break/miss any auth code during my edits.
Signed-off-by: Doug Davis <dug@us.ibm.com>
It is simplifies code and lead to next refactoring step, where daemon
will be incorporated to some structure which represents API.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
When firewalld (or iptables service) restarts/reloads,
all previously added docker firewall rules are flushed.
With firewalld we can react to its Reloaded() [1]
D-Bus signal and recreate the firewall rules.
Also when firewalld gets restarted (stopped & started)
we can catch the NameOwnerChanged signal [2].
To specify which signals we want to react to we use AddMatch [3].
Libvirt has been doing this for quite a long time now.
Docker changes firewall rules on basically 3 places.
1) daemon/networkdriver/portmapper/mapper.go - port mappings
Portmapper fortunatelly keeps list of mapped ports,
so we can easily recreate firewall rules on firewalld restart/reload
New ReMapAll() function does that
2) daemon/networkdriver/bridge/driver.go
When setting a bridge, basic firewall rules are created.
This is done at once during start, it's parametrized and nowhere
tracked so how can one know what and how to set it again when
there's been firewalld restart/reload ?
The only solution that came to my mind is using of closures [4],
i.e. I keep list of references to closures (anonymous functions
together with a referencing environment) and when there's firewalld
restart/reload I re-call them in the same order.
3) links/links.go - linking containers
Link is added in Enable() and removed in Disable().
In Enable() we add a callback function, which creates the link,
that's OK so far.
It'd be ideal if we could remove the same function from
the list in Disable(). Unfortunatelly that's not possible AFAICT,
because we don't know the reference to that function
at that moment, so we can only add a reference to function,
which removes the link. That means that after creating and
removing a link there are 2 functions in the list,
one adding and one removing the link and after
firewalld restart/reload both are called.
It works, but it's far from ideal.
[1] https://jpopelka.fedorapeople.org/firewalld/doc/firewalld.dbus.html#FirewallD1.Signals.Reloaded
[2] http://dbus.freedesktop.org/doc/dbus-specification.html#bus-messages-name-owner-changed
[3] http://dbus.freedesktop.org/doc/dbus-specification.html#message-bus-routing-match-rules
[4] https://en.wikipedia.org/wiki/Closure_%28computer_programming%29
Signed-off-by: Jiri Popelka <jpopelka@redhat.com>
Firewalld [1] is a firewall managing daemon with D-Bus interface.
What sort of problem are we trying to solve with this ?
Firewalld internally also executes iptables/ip6tables to change firewall settings.
It might happen on systems where both docker and firewalld are running
concurrently, that both of them try to call iptables at the same time.
The result is that the second one fails because the first one is holding a xtables lock.
One workaround is to use --wait/-w option in both
docker & firewalld when calling iptables.
It's already been done in both upstreams:
b315c380f4b3b451d6f8
But it'd still be better if docker used firewalld when it's running.
Other problem the firewalld support would solve is that
iptables/firewalld service's restart flushes all firewall rules
previously added by docker.
See next patch for possible solution.
This patch utilizes firewalld's D-Bus interface.
If firewalld is running, we call direct.passthrough() [2] method instead
of executing iptables directly.
direct.passthrough() takes the same arguments as iptables tool itself
and passes them through to iptables tool.
It might be better to use other methods, like direct.addChain and
direct.addRule [3] so it'd be more intergrated with firewalld, but
that'd make the patch much bigger.
If firewalld is not running, everything works as before.
[1] http://www.firewalld.org/
[2] https://jpopelka.fedorapeople.org/firewalld/doc/firewalld.dbus.html#FirewallD1.direct.Methods.passthrough
[3] https://jpopelka.fedorapeople.org/firewalld/doc/firewalld.dbus.html#FirewallD1.direct.Methods.addChainhttps://jpopelka.fedorapeople.org/firewalld/doc/firewalld.dbus.html#FirewallD1.direct.Methods.addRule
Signed-off-by: Jiri Popelka <jpopelka@redhat.com>
Two main things
- Create a real struct Info for all of the data with the proper types
- Add test for REST API get info
Signed-off-by: Hu Keping <hukeping@huawei.com>
THe port tests in integration-cli tests just for the port-mapping as
seen by Docker daemon. But it doesn't perform a more indepth testing by
checking for the exposed port on the host.
This change helps to fill that gap.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Single value labels do not work in 1.6 and multi-label instructions only work when separated by non-EOL whitespace.
I also added an example snip from the inspect output with the labels that are included in this guide.
Signed-off-by: Jeff Nickoloff <jeff@allingeek.com>
- Compose teamhad forgotten some documentation
- Updated ENV for Distribution also
- Forgot one of the readability sections
Signed-off-by: Mary Anthony <mary@docker.com>
Changed method declaration. Fixed all calls to dockerCmd
method to reflect the change.
resolves#12355
Signed-off-by: bobby abbott <ttobbaybbob@gmail.com>
- sort inspect out
- update output fields
- format output
- add doc about go template
- other minor fix
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Went through the man pages to update for the
v2 instance. Checked against the commands.
Signed-off-by: Mary Anthony <mary@docker.com>
(cherry picked from commit b6d55ebcbc)
This patch changes two things
1. Set facility to LOG_DAEMON
2. Remove ": " from tag so that the tag + pid become a single column in
the log
Signed-off-by: Darren Shepherd <darren@rancher.com>
(cherry picked from commit 05641ccffc)
This patch changes two things
1. Set facility to LOG_DAEMON
2. Remove ": " from tag so that the tag + pid become a single column in
the log
Signed-off-by: Darren Shepherd <darren@rancher.com>
Without adding the user to the group you're going to hit nasty TLS errors. Figured I'd save the next guy the hassle.
Problem more accurately described here:
https://github.com/docker/docker/issues/5314
Signed-off-by: Jason Divock <jdivock@box.com>
Once the job has failed and is respawned, the status becomes `docker
respawn/post-start` after subsequent failures (as opposed to `docker
stop/post-start`), so the post-start script needs to take this into
account.
I could not find specific documentation on the job transitioning to the
`respawn/post-start` state, but this was observed on Ubuntu 14.04.2.
Signed-off-by: Lewis Marshall <lewis@lmars.net>
(cherry picked from commit 302e3834a0)
sockRequest now makes the status code available in the returned
values. This helps avoid string checking for non-HttpStatusOK(=200)
yet successful error messages.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Check test correctness of untar by comparing destination with
source. For part 2, it checkes hashes of source and destination
files or the target files of symbolic links.
This is a supplement to the #11601 fix.
Signed-off-by: Yestin Sun <sunyi0804@gmail.com>
Instead of seeding/polluting the global random instance,
creating a local `rand.Random` instance which provides the same
level of randomness.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Before this, a storage driver would be defaulted to based on the
priority list, and only print a warning if there is state from other
drivers.
This meant a reordering of priority list would "break" users in an
upgrade of docker, such that there images in the prior driver's state
were now invisible.
With this change, prior state is scanned, and if present that driver is
preferred.
As such, we can reorder the priority list, and after an upgrade,
existing installs with prior drivers can have a contiguous experience,
while fresh installs may default to a driver in the new priority list.
Ref: https://github.com/docker/docker/pull/11962#issuecomment-88274858
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Everything else was gone from this file except these utils which are
being used in other files and can't yet be removed.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This test is already being skipped, and is also fully tested by
`TestRunContainerWithRmFlagExitCodeNotEqualToZero`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Megan Kostick <mkostick@us.ibm.com>
Alphabetize FSMagic list to make more human-readable.
Signed-off-by: Megan Kostick <mkostick@us.ibm.com>
Check whether the swap limit capabilities are disabled or not only when memory swap is set to greater than 0.
Signed-off-by: David Calavera <david.calavera@gmail.com>
This is a symlink to the latest "bundle" that was assembled. For example, if `VERSION` is currently `1.5.0-dev`, then `bundles/latest` will be a symlink to `bundles/1.5.0-dev` after an attempted build.
One interesting property of this is that after a successful `binary` build, we can `./bundles/latest/binary/docker -v` and get back something like `Docker version 1.5.0-dev, build 3ff6723-dirty`.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Testcase TestBuildResourceConstraintsAreUsed run build without
--no-cache, so if you run this test twice, it will fail the
second time.
TESTFLAGS='-v -run ^TestBuildResourceConstraintsAreUsed$' ./hack/make.sh binary test-integration-cli
[PASSED]
TESTFLAGS='-v -run ^TestBuildResourceConstraintsAreUsed$' ./hack/make.sh binary test-integration-cli
[FAIL]
Because we'll use cID to inspect field and will get empty cID
if we have cache.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
After finding our initial thinking on env. space versus arg list space
was wrong, we need to solve this by using a pipe between the caller and
child to marshall the (potentially very large) options array to the
archiver.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Updates most of the instances of HTTP urls in the engine's
comments. Does not account for any use in the code itself,
documentation, contrib, or project files.
Signed-off-by: Eric Windisch <eric@windisch.us>
using standard unix postfixes add unit test for display
also change doc for memory usage display change
for example GiB will be GB
Signed-off-by: Sun Jianbo <wonderflow@zju.edu.cn>
If an image has been tagged to multiple repos and tags, 'docker
rmi -f IMAGE_ID' will just untag one random repo instead of
untagging all and deleting the image. This patch implement
this. This commit is composed of:
*untag all names and delete the image
*add test to this feature
*modify commandline/cli.md to explain this
Signed-off-by: Deng Guangxing <dengguangxing@huawei.com>
This provides an override for forcing the daemon to still attempt
running the devicemapper driver even when udev sync is not supported.
Intended to be a very clear impairment for those choosing to use it. If
udev sync is false, there will still be an error in the daemon logs,
even when the override is in place. The docs have an explicit WARNING.
Including link to the docs for users that encounter this daemon error
during an upgrade.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
This will assure that the install script will not
begin executing until after it has been downloaded should
it be utilized in a 'curl | bash' workflow.
Signed-off-by: Eric Windisch <eric@windisch.us>
(cherry picked from commit fa961ce046)
As reported in #11294, the Docker daemon will execute contains it
shouldn't run in the event that a requested tag is present in an image's
ID. This leads to the wrong image being started up silently.
This change reduces the risk of such a collision by using the short ID
iff the actual revOrTag looks like a short ID (not that it necessarily
is).
Signed-off-by: Richard Burnison <rburnison@ebay.com>
This will assure that the install script will not
begin executing until after it has been downloaded should
it be utilized in a 'curl | bash' workflow.
Signed-off-by: Eric Windisch <eric@windisch.us>
This patch include the following fixs:
- fix image name error when docker ps
- fix docker events test failure: use the exact image name for filter
- fix docker build CI test failure due to "docker events" change
Because of change of daemon log behavior. Now we record
the exact Image name as you typed. So docker run -d busybux sh
and docker run -d busybox:latest are not the same in the log.
So it will affect the docker events. So change the related CI
Signed-off-by: Liu Hua <sdu.liu@huawei.com>
This also seemed to be checking the ordering of the events, which
doesn't seem like something we sould be interested in this particular
test.
Added check to make sure the filtered events have the expected ID's.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
`TestInfoEnsureSucceeds` is supposed to check existence of all
expected fields that are going to be shown in `docker info` command.
If this list was complete, it could have helped catching the missing
`"Logging Driver:"` regression.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
This flag is passed to the daemon CLI. In my opinion, "Container's
logging driver" is not accurate and refers to 'one container'.
Also the `syslog` driver was missing from the list. Having the list
of all logging drivers won't scale here (should be <80 chars per line)
and we have `rotation` driver coming up in the pipeline as well (gh11485).
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
When we tag an Image with several names and we run one of them,
The "create" job will log this event with
+job log(create, containerID, Imagename).
And the "Imagename" is always the first one (sorted). It is the
same to "start/stop/rm" jobs. So use the correct name instand.
This PR refer to #10479
Signed-off-by: Liu Hua <sdu.liu@huawei.com>
Preventing the test execution to pollute the deterministic runtime environment
by seeding the global rand.Random.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Check test correctness of untar by comparing destination with
source. For part one, it only compares the directories.
This is a supplement to the #11601 fix.
Signed-off-by: Yestin Sun <yestin.sun@polyera.com>
Corrected integer size passed to Windows
Corrected DisableEcho / SetRawTerminal to not modify state
Cleaned up and made routines more idiomatic
Corrected raw mode state bits
Removed duplicate IsTerminal
Corrected off-by-one error
Minor idiomatic change
Signed-off-by: Brendan Dixon <brendand@microsoft.com>
(cherry picked from commit 1a36a113d4)
Corrected integer size passed to Windows
Corrected DisableEcho / SetRawTerminal to not modify state
Cleaned up and made routines more idiomatic
Corrected raw mode state bits
Removed duplicate IsTerminal
Corrected off-by-one error
Minor idiomatic change
Signed-off-by: Brendan Dixon <brendand@microsoft.com>
Updated Windows installation documentation with newest
screencasts and Chocolatey instructions to install windows
client CLI.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
(cherry picked from commit 2b320a2309)
Updated Windows installation documentation with newest
screencasts and Chocolatey instructions to install windows
client CLI.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
registry/SearchResults was missing the "is_automated" field.
I added it back in.
Pull this 'table' removal one from the others because it fixed
a bug too
Signed-off-by: Doug Davis <dug@us.ibm.com>
* when no containers are returned, go test would then aborts with:
panic: runtime error: index out of range
Signed-off-by: Todd Whiteman <todd.whiteman@joyent.com>
Right now we try device removal at the interval of 10ms and keep on trying
till either device is removed or 10 seconds are over. That means if device
is busy, we will try 1000 times in those 10 seconds.
Sounds too high a frequency of deivce removal retrial. All the logs are
filled easily. I think it is a good idea to slow down a bit and retry at
the interval of 100ms instead of 10ms.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
During device removal, we are first waiting for device to close() in a tight
loop for 10 seconds. I am not sure why do we need it. First of all we come
here once the umount() is successful so device should be free. For some reason
of device is temporarily busy, then removeDevice() logic retries device removal
logic in a loop for 10 seconds and that should cover it. Can't see why one
more 10 seoncds loop is required before attempting device removal.
One loop should be able to cover all the temporary device busy conditions and
if condition is not temporary then 10 seconds loop is not going to help anyway.
So instead of two loops of 10 seconds each, I am converting it to a single
loop of 20 seconds. May be 10 second loop is good enough but for now I am
keeping it 20 seconds to avoid any regressions.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Currently in device removal path (device deactivation), we wait
for 10 seconds for devive to actually go away. waitRemove().
In current code this is not required. If dm removal task has completed
and one has done the wait on udev cookie, then device is gone and there
is no need to write another loop to wait for device removal.
This patch removes the waitRemove() which waits for 10 seconds after
device removal. This seems unnecessary.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
UdevWait() is deferred and takes uint cookie as an argument. As arguments
to deferred functions are calculated at the time of call, it is possible
that any update to cookie later by libdm are not taken into account when
UdevWait() is called. Hence use a pointer to uint as argument to UdevWait()
function.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
devmapper graph driver retries device removal 1000 times in case of failure
and if this fills up console with 1000 messages (when daemon is running in
debug mode). So remove these debug messages.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
There are issues with libdm logging. Right now if docker daemon is run
in debug mode, logging by libdm is too verbose. And if a device can't
be removed, thousands of messages fill the console and one can not see
what's going on.
This patch removes devicemapper.LogInitVerbose() call as that call will
only work if docker was not registering its own log handler with libdm.
For some reason docker registers one with libdm and libdm hands over
all the messages to docker (including debug ones). And now it is up to
devmapper backend to figure out which ones should go to console and
which ones should not.
So by default log only fatal messages from libdm. One can easily modify
the code to change it for debugging purposes.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
add a pair of accent mark around dockerfile commands
in docker-commit, as the same thing in docker-import.
Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
Some bullet lists didn't render as bullet-lists because
of a missing newline.
Also added missing "label" filter for `docker ps` and
slightly re-worded the header above the supported filters.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When working with Go channels you must not set it to nil or else the
channel will block forever. It will not panic reading from a nil chan
but it blocks. The correct way to do this is to create the channel then
close it as the correct results to the caller will be returned.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
(cherry picked from commit 7061a993c5)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
I have seen a lot of people try to do this and reach out to me on how to mount
/dev/snd because it is returning "not a device node". The docs imply you can
_just_ mount /dev/snd and that is not the case. This fixes that. It also allows
for coolness if you want to mount say /dev/usb.
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jess@docker.com> (github: jfrazelle)
When working with Go channels you must not set it to nil or else the
channel will block forever. It will not panic reading from a nil chan
but it blocks. The correct way to do this is to create the channel then
close it as the correct results to the caller will be returned.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Fixes: #11552
- scalable SVG
- uses colours from the rest of the page
- emphasizes that boot2docker is the ordinary Linux setup in a VM
- Add new graphic for architecture diagram
- Add windows boot2docker diagram
- Add windows diagram to documentation
- Remove old PNGs; replaced with SVGs
- Add redirects for new SVG versions of installation diagrams
Signed-off-by: Nick Irvine <nfirvine@nfirvine.com>
I can never get it to work for me when its just 3 seconds.
With this change it generates the OOM message around 17 seconds, but
I increased the timeout to 30 for people with slower machines
Signed-off-by: Doug Davis <dug@us.ibm.com>
Closing activationLock only if it's not closed already. This is needed
only because integration tests using docker code directly and doesn't
care about global state.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
(cherry picked from commit c717475714)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
If job "acceptconnections" is called before "serveapi" the API Accept()
method will hang forever waiting for activation. This is due to the fact
that when "acceptconnections" ran the activation channel was nil.
Signed-off-by: Darren Shepherd <darren@rancher.com>
(cherry picked from commit 8f6a14452d)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
This makes `registry.Service` a first class type and does not use jobs
to interact with this type.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Syslog was a heading-2, but should be heading-3;
changed the headings to heading-4 to match the
"network settings" section.
Also changed "Log driver" to "logging driver" for JSON.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Closing activationLock only if it's not closed already. This is needed
only because integration tests using docker code directly and doesn't
care about global state.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Update registry package to use the v2 registry api from distribution. Update interfaces to directly take in digests.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
It's about time to let folks not hit 'vfs', when 'overlay' is supported
on their kernel. Especially now that v3.18.y is a long-term kernel.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
(cherry picked from commit 2c72ff1dbf)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
It's about time to let folks not hit 'vfs', when 'overlay' is supported
on their kernel. Especially now that v3.18.y is a long-term kernel.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Currently the progress reader won't close properly by not setting the close size.
fixes#11849
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit aa3083f577)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Also cleans up tests to not shell out for file creation.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 63708dca8a)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Api requesting port for daemon before init_networkdriver called.
Problem is that now initialization of api depends on initialization of
daemon and their intializations runs in parallel. Proper fix will be
just do it sequentially. For now I don't want refactor it, because it
can bring additional problems in 1.6.0.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
(cherry picked from commit 584180fce7)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Do not remove container if any of the resource could not be cleaned up. We
don't want to leak resources.
Two new states have been created. RemovalInProgress and Dead. Once container
is Dead, it can not be started/restarted. Dead container signifies the
container where we tried to remove it but removal failed. User now needs to
figure out what went wrong, corrent the situation and try cleanup again.
RemovalInProgress signifies that container is already being removed. Only
one removal can be in progress.
Also, do not allow start of a container if it is already dead or removal is
in progress.
Also extend existing force option (-f) to docker rm to not return an error
and remove container from user view even if resource cleanup failed.
This will allow a user to get back to old behavior where resources
might leak but atleast user will be able to make progress.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
(cherry picked from commit 40945fc186)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
Currently the progress reader won't close properly by not setting the close size.
fixes#11849
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Api requesting port for daemon before init_networkdriver called.
Problem is that now initialization of api depends on initialization of
daemon and their intializations runs in parallel. Proper fix will be
just do it sequentially. For now I don't want refactor it, because it
can bring additional problems in 1.6.0.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
This has a few hacks in it but it ensures that the bridge driver does
not use global state in the mappers, atleast as much as possible at this
point without further refactoring. Some of the exported fields are
hacks to handle the daemon port mapping but this results in a much
cleaner approach and completely remove the global state from the mapper
and allocator.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
(cherry picked from commit d8c628cf08)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Continuation of: #11660, working on issue #11626.
Wrapped portmapper global state into a struct. Now portallocator and
portmapper have no global state (except configuration, and a default
instance).
Unfortunately, removing the global default instances will break
```api/server/server.go:1539```, and ```daemon/daemon.go:832```, which
both call the global portallocator directly. Fixing that would be a much
bigger change, so for now, have postponed that.
Signed-off-by: Paul Bellamy <paul.a.bellamy@gmail.com>
(cherry picked from commit 87df5ab41b)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
This change makes `monitorTtySize` work correctly on windows by polling
into win32 API to get terminal size (because there's no SIGWINCH on
windows) and send it to the engine over Remove API properly.
Average getttysize syscall takes around 30-40 ms on an average windows
machine as far as I can tell, therefore in a `for` loop, checking every
250ms if size has changed or not.
I'm not sure if there's a better way to do it on windows, if so,
somebody please send a link 'cause I could not find.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
(cherry picked from commit ebbceea8a7)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Do not remove container if any of the resource could not be cleaned up. We
don't want to leak resources.
Two new states have been created. RemovalInProgress and Dead. Once container
is Dead, it can not be started/restarted. Dead container signifies the
container where we tried to remove it but removal failed. User now needs to
figure out what went wrong, corrent the situation and try cleanup again.
RemovalInProgress signifies that container is already being removed. Only
one removal can be in progress.
Also, do not allow start of a container if it is already dead or removal is
in progress.
Also extend existing force option (-f) to docker rm to not return an error
and remove container from user view even if resource cleanup failed.
This will allow a user to get back to old behavior where resources
might leak but atleast user will be able to make progress.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Docker does not know about our named cpuacct,cpu,cpuset cgroup
hierarchy with multiple subsystems in it. So to use them with docker
in integration-cli test TestRunWithCpuset inside docker container
we need to add symlinks to them in hack/dind script.
Example:
old version of parser will do:
cat /proc/1/cgroup
11:cpu,cpuacct,name=my_cpu_cpuacct:/
...
and create and mount this hierarchy to directory
/cgroup/cpu,cpuacct,name=my_cpu_cpuacct/
so docker cannot find it because it has strange name
in new parser directory will be same as on host
/cgroup/my_cpu_cpuacct
and have symlinks for docker to find it
/cgroup/cpu -> /cgroup/my_cpu_cpuacct
/cgroup/cpuacct -> /cgroup/my_cpu_cpuacct
in other case if where is no name
cat /proc/1/cgroup
11:cpu,cpuacct:/
...
mount will be same for both parsers
/cgroup/cpu,cpuacct
and new one will also create symlinks
/cgroup/cpu -> /cgroup/cpu,cpuacct
/cgroup/cpuacct -> /cgroup/cpu,cpuacct
Signed-off-by: Pavel Tikhomirov <ptikhomirov@parallels.com>
This has a few hacks in it but it ensures that the bridge driver does
not use global state in the mappers, atleast as much as possible at this
point without further refactoring. Some of the exported fields are
hacks to handle the daemon port mapping but this results in a much
cleaner approach and completely remove the global state from the mapper
and allocator.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Once the job has failed and is respawned, the status becomes `docker
respawn/post-start` after subsequent failures (as opposed to `docker
stop/post-start`), so the post-start script needs to take this into
account.
I could not find specific documentation on the job transitioning to the
`respawn/post-start` state, but this was observed on Ubuntu 14.04.2.
Signed-off-by: Lewis Marshall <lewis@lmars.net>
If job "acceptconnections" is called before "serveapi" the API Accept()
method will hang forever waiting for activation. This is due to the fact
that when "acceptconnections" ran the activation channel was nil.
Signed-off-by: Darren Shepherd <darren@rancher.com>
When buffering to file add support for compressing the tar contents. Since digest should be computed while writing buffer, include digest creation during buffer.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit 851c64725d)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
When buffering to file add support for compressing the tar contents. Since digest should be computed while writing buffer, include digest creation during buffer.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This is a follow-up on PR 11708, as suggested by tianon.
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit a09cc935c3)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Automatically detect support for aufs `dirperm1` option and apply it.
`dirperm1` tells aufs to check the permission bits of the directory on the
topmost branch and ignore the permission bits on all lower branches.
It can be used to fix aufs' permission bug (i.e., upper layer having
broader mask than the lower layer).
More information about the bug can be found at https://github.com/docker/docker/issues/783
`dirperm1` man page is at: http://aufs.sourceforge.net/aufs3/man.html
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
(cherry picked from commit 281abd2c8a)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Since `dirperm1` requires a more recent aufs patch than many current OS release,
we cant remove #783 completely. This documents that docker will apply `dirperm1`
automatically for systems that support it
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
(cherry picked from commit d7bbe2fcb5)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
It's easier for users to check if their systems support dirperm1 just by using
docker info
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
(cherry picked from commit d68d5f2e4b)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
These images was just sitting around and referenced from
nowhere, nor they seemed any useful.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
(cherry picked from commit 986ae5d52a)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Boot2Docker experience is updated now that we have a Docker
client on Windows. Instead of running `boot2docker ssh`, users
can also use boot2docker on Windows Command Prompt (`cmd.exe`)
and PowerShell.
Updated documentation and screenshots, added a few details,
reorganized sections by importance, fixed a few errors.
Remaining: the video link in the Demonstration section needs
to be updated once I shoot a new video.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
(cherry picked from commit de09c55394)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
Installs and configures bash completion for Docker.
Note that bash completion still has to be initialized by a custom
.bashrc file.
Signed-off-by: Harald Albers <github@albersweb.de>
Generally, when using Remote API to push images there needs a http Header
X-Registry-Auth.
For compatibility if there was no authConfig header, everything will be
okay if a proper JSON-http-body was applied.
But when both X-Registry-Auth Header and the Body are missing, due to
the function of decode JSON, it will return an EOF error which was not
very clear to user.
So I think we can make the respone error be more nice.
Signed-off-by: Hu Keping <hukeping@huawei.com>
Boot2Docker experience is updated now that we have a Docker
client on Windows. Instead of running `boot2docker ssh`, users
can also use boot2docker on Windows Command Prompt (`cmd.exe`)
and PowerShell.
Updated documentation and screenshots, added a few details,
reorganized sections by importance, fixed a few errors.
Remaining: the video link in the Demonstration section needs
to be updated once I shoot a new video.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
dockerize-image tool takes a virtual disk image file
and creates a Docker image based on it. You can
specify a base Docker image to make this tool create
an image that will contain only filesystem diff
instead of full filesystem.
See tools usage for details.
Signed-off-by: Maxim Kulkin <maxim.kulkin@gmail.com>
These images was just sitting around and referenced from
nowhere, nor they seemed any useful.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
The git model uses `upstream master` to refer to the branch on
the remote repository, and `upstream/master` to refer to the
local cache of the upstream branch.
I did not explain the difference in the docs (that seemed a bit
excessive), but I did clarify the instructions so that it refers
to the correct concept in each place.
Signed-off-by: Katrina Owen <katrina.owen@gmail.com>
This change fixes a bug where stdout/stderr handles are not identified
correctly.
Previously we used to set the window size to fixed size to fit the default
tty size on the host (80x24). Now the attach/exec commands can correctly
get the terminal size from windows.
We still do not `monitorTtySize()` correctly on windows and update the tty
size on the host-side, in order to fix that we'll provide a
platform-specific `monitorTtySize` implementation in the future.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
(cherry picked from commit 0532dcf3dc)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
This change makes `monitorTtySize` work correctly on windows by polling
into win32 API to get terminal size (because there's no SIGWINCH on
windows) and send it to the engine over Remove API properly.
Average getttysize syscall takes around 30-40 ms on an average windows
machine as far as I can tell, therefore in a `for` loop, checking every
250ms if size has changed or not.
I'm not sure if there's a better way to do it on windows, if so,
somebody please send a link 'cause I could not find.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
This change fixes a bug where stdout/stderr handles are not identified
correctly.
Previously we used to set the window size to fixed size to fit the default
tty size on the host (80x24). Now the attach/exec commands can correctly
get the terminal size from windows.
We still do not `monitorTtySize()` correctly on windows and update the tty
size on the host-side, in order to fix that we'll provide a
platform-specific `monitorTtySize` implementation in the future.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
We now advise people to configure docker group and
add to sudo. Mac shouldn't use sudo. Removed sudo
from command examples. Left in installation to be removed
in installation doc sweep -- removing requires finer
grain control.
Signed-off-by: Mary Anthony <mary@docker.com>
We now have instructions in our Unix installs about setting up
docker group to avoid sudo. Also, Mac/Windows shouldn't use
sudo. So, I've removed sudo from our examples and added a
section at the top reminding them that if they have to use
sudo to run docker they can change that.
Signed-off-by: Mary Anthony <mary@docker.com>
Set cpuset to "0" so that it works on single core machines.
W/o this (and set to "1") we'll see something like this error
when running:
System error: write /cgroup/cpuset/docker/66689499bbd08cd8dccc9b7bfd1d6b34e85d73ce8c84d3c69b5e91944322da60/docker/79d7c548b58c85c4cfad6cd01eb7c3b30db254d1014c496137edd93ddc528a6f/cpuset.cpus: invalid argument"
Signed-off-by: Doug Davis <dug@us.ibm.com>
This patch causes `The image you are pulling has been verified` status
message to be produced also when the repository is pulled for the first
time.
Signed-off-by: Michal Minar <miminar@redhat.com>
Since `dirperm1` requires a more recent aufs patch than many current OS release,
we cant remove #783 completely. This documents that docker will apply `dirperm1`
automatically for systems that support it
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
Automatically detect support for aufs `dirperm1` option and apply it.
`dirperm1` tells aufs to check the permission bits of the directory on the
topmost branch and ignore the permission bits on all lower branches.
It can be used to fix aufs' permission bug (i.e., upper layer having
broader mask than the lower layer).
More information about the bug can be found at https://github.com/docker/docker/issues/783
`dirperm1` man page is at: http://aufs.sourceforge.net/aufs3/man.html
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
c79b9bab54 (Remove engine.Status and replace it with standard go error)
cause a regression that create container won't get any warnings, we still
need this to send useful informations to user.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
For positerity (largely of packagers) lets leave around the generated
version files that happen during build.
They're already ignored in git, and recreated on every build.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
We removed it, because upstream removed it. But now it will be coming
back, so work with it either way.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
We removed it, because upstream removed it. But now it will be coming
back, so work with it either way.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
The validation script from #10681 is too pedantic, and does not handle
well situations like:
```
cat <<EOF # or <<-EOF
Whether the leading whitespace is stripped out or not by bash
it should still be considered as valid.
EOF
```
This reverts commit 4e65c1c319.
Signed-off-by: Tibor Vass <tibor@docker.com>
Having the list in one spot makes it easier for people to see what's
avaiable instead of having to scan all of the docs and extract the info.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Fixes#10958 by moving utils.daemon to pkg.pidfile.
Test cases were also added.
Updated the daemon to use the new pidfile.
Signed-off-by: Rick Wieman <git@rickw.nl>
They say we should only use the BTRFS_LIB_VERSION
They will no longer support this since it had to be managed manually
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
The previous state assumed that the HOSTPATH argument referred to a
file. As clarified by moxiegirl in PR #11305, it is a directory.
Adjusted completion to reflect this.
Signed-off-by: Harald Albers <github@albersweb.de>
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Continuation of: #11660, working on issue #11626.
Wrapped portmapper global state into a struct. Now portallocator and
portmapper have no global state (except configuration, and a default
instance).
Unfortunately, removing the global default instances will break
```api/server/server.go:1539```, and ```daemon/daemon.go:832```, which
both call the global portallocator directly. Fixing that would be a much
bigger change, so for now, have postponed that.
Signed-off-by: Paul Bellamy <paul.a.bellamy@gmail.com>
on overlay fs, the mtime of directories changes in a container where new
files are added in an upper layer (e.g. '/etc'). This flags the
directory as a change where there was none.
Closes#9874
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
This disables recently added ANSI emulation feature in certain Windows
shells (like ConEmu) where ANSI output is emulated by default with builtin
functionality in the shell.
MSYS (mingw) runs in cmd.exe window and it doesn't support emulation.
Cygwin doesn't even pass terminal handles to docker.exe as far as I can
tell, stdin/stdout/stderr handles are behaving like non-TTY. Therefore not
even including that in the check.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
For positerity (largely of packagers) lets leave around the generated
version files that happen during build.
They're already ignored in git, and recreated on every build.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
This disables recently added ANSI emulation feature in certain Windows
shells (like ConEmu) where ANSI output is emulated by default with builtin
functionality in the shell.
MSYS (mingw) runs in cmd.exe window and it doesn't support emulation.
Cygwin doesn't even pass terminal handles to docker.exe as far as I can
tell, stdin/stdout/stderr handles are behaving like non-TTY. Therefore not
even including that in the check.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Clarify in the docs that ENV is not recursive
Closes#10391
Signed-off-by: Doug Davis <dug@us.ibm.com>
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Fixes#9981
Allows a volume which was created by docker (ie, in
/var/lib/docker/vfs/dir) to be used as a Bind argument via the container
start API and overwrite an existing volume.
For example:
```bash
docker create -v /foo --name one
docker create -v /foo --name two
```
This allows the volume from `one` to be passed into the container start
API as a bind to `two`, and it will overwrite it.
This was possible before 7107898d5c
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
No longer add the body to the error when a 404 is received on get repository data.
closes#11510
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Link to new guide. Added a quickstart contributor guide for experienced people.
Converting narrative style to procedures for easier use. I think there is something missing in the
release publishing section...but it looks like it was missing in the original.
Updates per thaJeztah
Edits per Fred
Updating with comments from Sven
Signed-off-by: Mary Anthony <mary@docker.com>
Add the capability to cancel the build by disconnecting the client.
This adds a `cancelled` channel which is used to signal that a build
should halt. The build is halted by sending a Kill signal and noticing
that the cancellation channel is closed.
This first pass implementation does not allow cancellation during a
pull, but that will come in a subsequent PR.
* Add documentation of cancellation to cli and API
* Protect job cancellation with sync.Once
* Add TestBuildCancelationKillsSleep
* Add test case for build cancellation of RUN statements.
Signed-off-by: Peter Waller <p@pwaller.net>
Changes relevant for Docker since 0.6.6 are (most other changes are hooks and
options for formatters):
* Debugging color output changed to gray.
* Don't quote the number 9 when it's by it self (i.e. `omg=9` instead of
`omg="8"`, this was the case for all other numbers)
* Performance is better when running a high logging level with lots of low-level
logging.
* Minor internal refactoring and more tests.
Signed-off-by: Simon Eskildsen <sirup@sirupsen.com>
`TestBuildSpaces` is used to do string manipulation to redact timestamps
from compared cmd output. However it was assuming there is going to be
only one `time=".."` in the output --not the case on windows. Therefore
I wrote a regexp to redact all log timestamps.
Also the test used to have a copy/paste bug (see err1/err2). This fixes
that, too.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
With this Dockerfile
```
FROM ubuntu
ENV ABC=""
VOLUME $ABC
```
It builds ok but then at run time I get this error:
FATA[0002] Error response from daemon: Cannot start container 8902b4a7aaf5c4e4b11a38070d392db465fa97ad88c91c8b38dda5ab8149ccac: [8] System error: no such file or directory
Because the Volume config shows "" as the path. This PR checks for "" as
the path and stops it at build time.
Signed-off-by: Doug Davis <dug@us.ibm.com>
The problem is when I create container though REST api, set memory limit
in hostConfig, the memory limit didn't work. Because when we DecodeEnv,
we got hostConfig part of Env like this:
{"Binds":["/:/tmp"],"CpuShares":512,"CpusetCpus":"0,1","Devices":[],"Memory":1.6777216e+07,"MemorySwap":0}
And we cannot unmarshal number 1.6777216e+07 into Go value of type int64,
so we got 0.
We can fix this by setting Decoder as UseNumber().
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Resolved conflict in the following file:
docs/sources/installation/MAINTAINERS
File was deleted upstream and changed in this branch. Deleting the file in this branch as well.
Signed-off-by: Casey Bisson <casey.bisson@joyent.com>
This shows a warning message about adjusted file/directory permission bits
when the `docker build` cli command is executed on windows.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Pushing a v2 image layer has two steps:
- POST to get a new upload URL
- PUT to that upload URL
We were previously not checking the response code of
the POST request and the PUT would fail in weird ways.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
When pushing to the official registry, v2 push will be attempted first. If the v2 endpoint is unavailable, a push to v1 will occur. If a v2 push is started and failed, the push operation will fail. Pulling non-official images the official v2 registry is also enabled to pull the newly push images. When a pull of a v2 image fails, v1 will always be attempted.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
They say we should only use the BTRFS_LIB_VERSION
They will no longer support this since it had to be managed manually
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
container.
docker run -v /dev:/dev should stop mounting other default mounts in i
libcontainer otherwise directories and devices like /dev/ptx get mishandled.
We want to be able to run libvirtd for launching vms and it needs
access to the hosts /dev. This is a key componant of OpenStack.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
w/o this I would see:
```
unexpected file format for /proc/self/cgroup - ""
```
while running the cgroup tests
Signed-off-by: Doug Davis <dug@us.ibm.com>
Adding instructions that refers to the Microsoft Azure
documentation on creating Docker-ready Linux VMs on Azure
platform.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Thanks to @tiborvass's review of another PR it was noticed that
we didn't have a testcase to make sure the cache checking for LABEL
was being done properly. This adds a test for it.
Signed-off-by: Doug Davis <dug@us.ibm.com>
This ensures that the libcontainer state is fully removed for a
container after it is terminated.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This addresses a subtle deadlock where an error during a copy prevented pipe
closure to propagate correctly. By closing down the read end of the pipe rather
than the write end, the waiting writer is properly signaled. A nice side-effect
of this change is that errors encountered by io.Copy are now propagated to the
verifier's Write method.
A test to ensure validation errors for unsupported digest types has been added,
as well.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Closes#10191
Allow `docker build` to set --cpu-shares, --cpuset, --memory,
--memory-swap for all containers created by the build.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Currently the http clients used by auth use the default tls config. The config needs to be updated to only support TLS1.0 and newer as well as respect registry insecure configuration.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Following bugs are fixed:
1.Handle out of bound cursor movements: vi in busybox sets cursor
to (999,999) expecting it to be set to right, bottom correctly.
2.Correctly determine redirected non-terminal file.
Signed-off-by: Sachin Joshi <sachin_jayant_joshi@hotmail.com>
The previous state assumed that the HOSTPATH argument referred to a
file. As clarified by moxiegirl in PR #11305, it is a directory.
Adjusted completion to reflect this.
Signed-off-by: Harald Albers <github@albersweb.de>
* fixes#10001
* test for global subnets <= 80
* test for global subnets > 80
* test link local allocations
* test duplicated addresses
* test regression from bug #11427
Signed-off-by: Christian Simon <simon@swine.de>
When docker push get response with unknown HTTP status, docker daemon
print:
"Error: Status XXX trying to push repository XXX: XXX"
But when docker pull meets response with unknown status code, it gives:
"HTTP code: XXX"
This commit helps docker pull print more detailed error info like push
does, so push and pull can behave consistently when error happens.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
$ docker run -ti --rm -m 300M --memory-swap=-1 ubuntu:14.04
WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.
root@813aafc019d5:/#
When we disable memoryswap, it should not warning swap limit not support.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
When the deamon starts up with log level set to INFO it will show something
like this:
```
INFO[0000] Loading containers: start.
................................................................
INFO[0000] Loading containers: done.
```
where the dots represent containers in the system.
When you run with log level set to "error" it will still show the dots
w/o the "Loading..." lines before and after which looks really odd.
This PR will fix it so that the dots are only shown IFF the "Loading..."
lines are also shown
Signed-off-by: Doug Davis <dug@us.ibm.com>
The default for rlimit handling should be to inherit the rlimit of the
daemon unless explicitly set.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Currently the daemon will not stop on error because the serve API job is
blocking the channel wait for daemon init. A better way is to run the
blocking serve API job as a goroutine and make sure that error
notification gets back to the main daemon thread (using the already
existing channel) so that clean shutdown can occur on error.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
# The first commit's message is:
Updating Ubuntu installation to use wget; eliminating elo
Signed-off-by: Mary Anthony <mary.anthony@docker.com>
# This is the 2nd commit message:
Adding in James comments
Signed-off-by: Mary Anthony <mary@docker.com>
on overlay fs, the mtime of directories changes in a container where new
files are added in an upper layer (e.g. '/etc'). This flags the
directory as a change where there was none.
Closes#9874
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Add ability to refer to an image by repository name and digest using the
format repository@digest. Works for pull, push, run, build, and rmi.
Signed-off-by: Andy Goldstein <agoldste@redhat.com>
Copied code from CmdSave into CmdExport. This should work, not an expert in the API calls being made. But it does make more sense to have a consistent export/save flag.
Signed-off-by: Joseph Kern <joseph.a.kern@gmail.com>
checkpoint before edits on the export functions
Signed-off-by: Joseph Kern <joseph.a.kern@gmail.com>
Added an --output flag to docker export and created tests.
Signed-off-by: Joseph Kern <joseph.a.kern@gmail.com>
White space cleanup.
Signed-off-by: Joseph Kern <joseph.a.kern@gmail.com>
Docker-DCO-1.1-Signed-off-by: Joseph Kern <jkern@semafour.net> (github: jfrazelle)
checkpoint before edits on the export functions
Signed-off-by: Joseph Kern <joseph.a.kern@gmail.com>
White space cleanup.
Signed-off-by: Joseph Kern <joseph.a.kern@gmail.com>
Added text to reflect a new output option for the export command.
Signed-off-by: Joseph Kern <joseph.a.kern@gmail.com>
Whitespace clean up
Signed-off-by: Joseph Kern <joseph.a.kern@gmail.com>
Added man page documentation for the new --output flag in export
Signed-off-by: Joseph Kern <joseph.a.kern@gmail.com>
- command.Commands was missing "Label"
- used the correct error string in dispatcher when LABEL has no args, otherwise
the test TestBuildMissingArgs will not work
- removed the premature error msg in line_parser that was blocking the
label() func in dispatcher from showing the err msg in previous bullet
- since LABEL uses the env parser it needs to be added to the replaceEnvAllowed
list so that proper quote processing will be done. Especially once
PR #10431 is merged.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Created a validation that detects all trailing whitespaces from every
text file that isn't *.go, *.md, vendor/*,
docs/theme/mkdocs/tipuesearch*
Removed trailing whitespaces from every text file except from vendor/*
builder/parser/testfiles*, docs/theme/mkdocs/tipuesearch* and *.md
Signed-off-by: André Martins <martins@noironetworks.com>
This makes APT be appropriately aggressive about removing packages it added due to `Recommends` or `Depends` if the packages they were added for are removed (even if other packages only have the softer `Suggests` relationship).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Windows client being official supported, publish Docker client Windows
binaries as part of the release.sh script.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Currently when registry error strings contain new line characters only the last line is displayed to the client. Quote the string to ensure the client can see the entire body value.
fixes#11346
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Currently when the registry ping is sent, it creates the request directly from http.NewRequest instead of from the http request factory. The request factory adds useful header information such as user agent which is needed by the registry.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This modifies iptables.Exists so that it must be called with an explicit
table and chain. This allows us (a) to generate an appropriate command
line for "iptables -C", which was not previously possible, and (b) it
allows us to limit our strings.Contains() search to just the table and
chain in question, preventing erroneous matches against unrelated rules.
Resolves#10781
Signed-off-by: Lars Kellogg-Stedman <lars@redhat.com>
It is implemented by intercepting and interpreting the output
escape sequence by calling win32 console apis.
In addition the input from win32 console is translated to linux keycodes
Signed-off-by: Sachin Joshi <sachin_jayant_joshi@hotmail.com>
After the new libcontainer API, the reexec.Self() output of the daemon
binary is used as the libcontainer factory InitPath. If it is relative,
it can't be found at container start time. This patch solves the
problem by making sure that we return a rooted/absolute path if a
relative path is used.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
This requires that any environment where we wish to run the integration-cli tests includes both the `Dockerfile` and `curl`, which has been deemed an appropriate and acceptable trade-off.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
The STDOUT behavior of cp is not yet released in 1.50 so removed.
Also, tested against 1.5 all other behaviors and extended documentation to match.
Renamed HOSTPATH to HOSTDIR to give a self documenting name.
Adding back in the references to STDOUT
fix the command string
Entering Doug's comment re append and ~/tmp/foo in the glass
Adding in Doug's comments regarding PATHs and missing |-
Updating with James comments
Signed-off-by: Mary Anthony <mary@docker.com>
Update pull code to consider any layer download or new tag as an update.
Update hello-world frozen image to be explicitly tagged as frozen, to not interfere with pull tests. The hello-world is used by pull tests because of its small size and there is no other official image with such a size.
fixes#11383
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Instead of just printing a warning and going on, this will generate
an error and stop processing.
This used to be part of #10561 but I decided it might need its own
independent discussion/PR as to not derail #10561.
Signed-off-by: Doug Davis <dug@us.ibm.com>
This also removes the now-defunct `*maintainer*.sh` scripts that don't work with the new TOML format, and moves a couple not-build-or-release-related scripts to `contrib/` instead.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Adds more documentation for labels and adds the label instruction to the
man-pages.
Also included is a document called "Labels - custom meta-data in Docker"
in the user-guide, this is still a work-in-progress I started to describe
the "namespaces" conventions, an example on storing structured data.
I ran a bit "out of steam" (writers block?) on that document, but kept
it in (for now), in case it still ends up useful.
The Remote API documentation changes will need to be moved to the
docker_remote_api_v1.18.md document when rebasing the whole PR.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Darren Shepherd <darren@rancher.com>
Save "LABEL" field in Dockerfile into image content.
This will allow a user to save user data into an image, which
can later be retrieved using:
docker inspect IMAGEID
I have copied this from the "Comment" handling in docker images.
We want to be able to add Name/Value data to an image to describe the image,
and then be able to use other tools to look at this data, to be able to do
security checks based on this data.
We are thinking about adding version names,
Perhaps listing the content of the dockerfile.
Descriptions of where the code came from etc.
This LABEL field should also be allowed to be specified in the
docker import --change LABEL:Name=Value
docker commit --change LABEL:Name=Value
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
See also https://bugs.gentoo.org/show_bug.cgi?id=536546:
```console
$ docker run learn/tutorial echo "hello world"
FATA[0001] Error response from daemon: Cannot start container 1d0c0ca5cc7f39a271ec40c1479a80bffb7190fab97392b3453a1fc0b2dc8e78: mountpoint for cpuset not found
```
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Unless `file` is wrapped with buffered reader, `fmt.Fscanf` will read
just one byte and terminate with `EOF`.
Signed-off-by: Michal Minar <miminar@redhat.com>
This uses a bit of on-disk state in our export directory to emulate our associative array for generating the "repositories" JSON file.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
In several cases graphdriver were just returning the low-level syscall
error and that was making it all the way up to the daemon logs and in
many cases was difficult to tell it was even coming from the graphdriver
at all.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
`docker rmi` output in docs/sources/reference/commandline/cli.md
is different from real scene. This commit fixes it.
Signed-off-by: Deng Guangxing <dengguangxing@huawei.com>
This adds two more tables to the run reference documentation.
- the list of 'modes' for Network settings is now a table.
- the "note" for `--net="host"` was moved from the list to the detailed
description.
- the 'options' for "Runtime constraints on CPU and memory" are
now a table
- slightly re-worded the description for "memory" options, e.g.
"It is not allowed..." was rewriten to "The *container* is not allowed..."
- fix example in "Runtime privilege, Linux capabilities, and LXC configuration"
being indented twice
- slightly reduced indenting in some `usage` output to be better readable.
- fixes a typo `/ets/hosts` -> `/etc/hosts`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
As we started running CI machines on Azure cloud and Azure
doesn't have ICMP stack implemented by replacing
`ping 8.8.8.8` with `nslookup google.com`.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Fixes#11315
After rename occured the graphdb was updated but the container struct
was never commited back to disk, so on daemon restart it loads the old
name again.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This fixes the `docker events`-related tests as they have been
failing due to clock skew between CI machine and test daemon on
some other machine (even 1-2 seconds of diff causes races as
we pass local time to --since/--until).
If we're running in same host, we keep using time.Now(), otherwise
we read the system time of the daemon from `/info` endpoint.
Fixes pretty much all events-related tests on windows CI.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Clear the cache for all files. Don't worry about what changed.
Move the docs release script back to the docker/docker repo, so we all can
easily watch the changes.
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
In fact, it doesn't work as the bare `\` backslashes are now preserved
and therefore are not valid regex matches on any test, making it not run
any tests at all. I assume at some point there was a process in the
pipeline that needed escaping, but on master (for quite a while) this
has not worked.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
A minor thing, but I noticed that the "Reference" drop-down menu just
says "Command line". This was fine when we just had one command line,
but now there's also 'Compose command line' and I suspect we may add
others later. We should qualify the Docker one with the word "Docker"
in front
Signed-off-by: Doug Davis <dug@us.ibm.com>
FROM scratch
ADD echo /
RUN [ "echo" ]
will die with
exec: "/bin/sh": stat /bin/sh: no such file or directory
Signed-off-by: Doug Davis <dug@us.ibm.com>
delete unecessary blank after "[OPTIONS] "
and add a blank to the log between options and signature.
To make the code style consistency.
Signed-off-by: Zen Lin(Zhinan Lin) <linzhinan@huawei.com>
An earlier commit was causing docker windows CLI build to not to pick up
the shorthand form for home directory (`%USERPROFILE%`) shown in when
`docker --help` is executed.
Fixing that bug and making the if statement concise and clear.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
This change enables `fakeGIT()` to use the new `fakeStorage`
server which is automatically starting a container on the remote test
daemon machine using the git repo directory (when requested).
Fixes the following tests:
- `TestBuildApiLowerDockerfile`
- `TestBuildApiBuildGitWithF`
- `TestBuildApiDoubleDockerfile` (skipped on windows: NTFS case-insensitive)
- `TestBuildFromGIT` (still needs local server)
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Cgroup resources are host dependent, they should be in hostConfig.
For backward compatibility, we just copy it to hostConfig, and leave it in
Config for now, so there is no regressions, but the right way to use this
throught json is to put it in HostConfig, like:
{
"Hostname": "",
...
"HostConfig": {
"CpuShares": 512,
"Memory": 314572800,
...
}
}
As we will add CpusetMems, CpusetCpus is definitely a better name, but some
users are already using Cpuset in their http APIs, we also make it compatible.
The main idea is keep using Cpuset in Config Struct, and make it has the same
value as CpusetCpus, but not always, some scenarios:
- Users use --cpuset in docker command, it can setup cpuset.cpus and can
get Cpuset field from docker inspect or other http API which will get
config info.
- Users use --cpuset-cpus in docker command, ditto.
- Users use Cpuset field in their http APIs, ditto.
- Users use CpusetCpus field in their http APIs, they won't get Cpuset field
in Config info, because by then, they should already know what happens
to Cpuset.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
This change adds daemon's system time as RFC3339Nano to the `/info` endpoint
and shows in a more readable format (UnixDate) in `docker -D info` output.
I will be using this to fix the clock skew between the remote test host and
the CI machines running `docker events`-related tests as they're using `--since`
and `--until` and the timestamps are not matching when daemon is not on the
same machine.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
We should warn users who use the `--dns` command line option to point
DNS to a localhost address, either IPv4 or IPv6. Unless they have
specifically set up the container as a DNS server or are using
--net=host (which is why this should be allowed, but warned on because
those are pretty unique cases) a localhost address as a resolver will
not reach what they might expect (e.g. expecting it will hit localhost
on the Docker daemon/host).
Added a test for the message, and fixed up tests to separate stdout and
stderr that were using `--dns=127.0.0.1` to test the options.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Thanks to @ahmetalpbalkan for noticing... we had an old check in this
testcase that no longer applied (due to stuff being removing recently).
However, while in there I added a check to make sure that the file referenced
by the query parameter isn't used at all.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Manifest is now generated during a v2 push, not relying on previously generated hashes. When pushing a layer, the hash is directly calculated from the tar contents which will be pushed. Computing the hash on push ensures that the hash contents always match what is seen by the registry. This also mitigates issues with tarsum differences and permits using pure SHA digests.
Additionally the new manifest function is moved to the unit tests since it is no longer called outside the tests.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This makes it much simpler to add new "frozen" images -- simply add them to the `Dockerfile` and in `hack/make/.ensure-frozen-images` and you're off to the races.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
This also updates the comments at the top of the file to note that `-v /var/lib/docker` should be supplied for running `test-integration-cli` and that `hack/dind` is actually also required for `test-unit`.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
parser_test only needed the directory-names for
the tests to run. This replaces f.Readdir() with
f.Readdirnames() to only return the names.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When we run `docker login` we will be asked to input our username.
Prior to this PR, "userA" and " userA" will be considered as two
diferrent user, which is not right.
Signed-off-by: Hu Keping <hukeping@huawei.com>
Implemented a FakeStorage alternative that supports spinning
up a remote container on DOCKER_TEST_HOST to serve files over
an offline-compiled Go static web server image so that tests which
use URLs in Dockerfile can build them over at the daemon side.
`fakeStorage` function now automatically chooses if it should
use a local httptest.Server or a remote container.
This fixes the following tests when running against a remote
daemon:
- `TestBuildCacheADD`
- `TestBuildCopyWildcardNoFind`
- `TestBuildCopyWildcardCache`
- `TestBuildADDRemoteFileWithCache`
- `TestBuildADDRemoteFileWithoutCache`
- `TestBuildADDRemoteFileMTime`
- `TestBuildADDLocalAndRemoteFilesWithCache`
- `TestBuildADDLocalAndRemoteFilesWithoutCache`
- `TestBuildFromURLWithF`
- `TestBuildApiDockerFileRemote`
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
This patch adds detail on how the host's `/etc/resolv.conf` file is
filtered when creating the copy for the container.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Previously on error either from the daemon or from the api it is just
exiting with exit status 1 but not performing a shutdown.
This can produce insconsistent state depending on where the error came
from.
This makes sure that before we exit on error that the engine gets fully
shutdown.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Read `/proc/sys/net/ipv4/ip_local_port_range` kernel parameter to obtain
ephemeral port range that now sets the boundaries of port allocator
which finds free host ports for those exported by containers.
Signed-off-by: Michal Minar <miminar@redhat.com>
This cleans up the recently added project docs and
fixes some minor issues.
- remove inline styles where possible
- add redirects for renamed/replaced documents
- add styles for GitHub labels to match the style on GitHub
- fix minor markdown issues causing some code-blocks
to be shown as text
- wrap the documents to 80-chars
- use 4 spaces in stead of tabs for identing and remove
trailing whitespace/redundant blank lines
- optimized 'gordon' image
NOTE:
This alternative commit/PR re-introduces some inline
styles because the docs/base image has not yet been
updated for the current docs.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Windows CI fails to dial remote test host over tcp in the test cases where
we clear environment variables during `exec(dockerBinary, ...)` in the
absence of `SystemRoot` environment variable (typically points to `c:\windows`).
This fixes tests:
- `TestRunEnvironmentErase`
- `TestRunEnvironmentOverride`
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Private registries should support having images pushed with only a single name component (e.g. localhost:5000/myapp).
The public registry currently requires two name components, but this is already enforced in the registry code.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
The call to io.Copy was not being checked for errors at a critical point in the
pull logic. This patch will log the error value if not nil.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
`TestCliProxyDisableProxyUnixSock` verifies that HTTP_PROXY env var is
used when DOCKER_HOST is not set and cli connects to `unix://...` by
default.
In the windows/darwin CLI CIs, daemon is on remote host and we always
connect via `tcp://`, therefore this test fails very straight. Skipping
this test to run only on "same host daemon" assumption.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
"docker create" for data containers should specify a dummy command to
avoid accidential "docker start" to cause unexpected data loss.
Signed-off-by: Hong Xu <hong@topbug.net>
TestRunCidFileCleanupIfEmpty fails on windows/mac because the test runs
the command `docker run scratch` and it gives the following error:
Unable to find image 'scratch:latest' locally
Pulling repository scratch
511136ea3c5a: Download complete
FATA[0004] 'scratch' is a reserved name
I am not entirely sure if this is a test issue or not but I had a quick
workaround by creating another image using `FROM scratch` and using that.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
They used single-quotes (') in the exec-form of onbuild run command
and things blew up. They asked to fix the man page to explain why.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
The tests end up overwriting the `dockerfile` with `Dockerfile` since
windows filesystems are case-insensitive. The following methods are
skipped:
- TestBuildRenamedDockerfile
- TestBuildFromMixedcaseDockerfile
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
daemon/volumes.go
This SetFileCon call made no sense, it was changing the labels of any
directory mounted into the containers SELinux label. If it came from me,
then I apologize since it is a huge bug.
The Volumes Mount code should optionally do this, but it should not always
happen, and should never happen on a --privileged container.
The change to
daemon/graphdriver/vfs/driver.go, is a simplification since this it not
a relabel, it is only a setting of the shared label for docker volumes.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Added link to original issue and clarified text so someone without any
background on the original issue can understand why the test exists.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
The overlay filesystem does not support inotify at this time. The
resolv.conf updater test was passing on overlay-based Jenkins because of
a fluke--because it was DIND, /etc/resolv.conf on the "host" was really
a bind-mounted resolv.conf from the outer container, which means a watch
directly on that file worked as it was not overlay backed. The new test
(from #10703) unmounts the bind-mounted copy to test create and modify
code-paths, which caused us to hit the issue.
This PR also adds a note to the docs about the lack of auto-update when
using the overlay storage driver.
See https://lkml.org/lkml/2012/2/28/223 for more info on inotify and
overlay.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
We could use EXPOSE ip:hostPort:containerPort,
but actually it did as EXPOSE ::containerPort
commit 2275c833 already warned user on daemon side.
This patch will print warning message on client side.
Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
This moves some information on restart-policies from
the "command line" page to "run reference".
Also fixes some minor typos and adds a "NOTE"
about --rm and --restart not allowed to be combined.
Also removes inline CSS styles from tables,
which will be styled by the stylesheet, and fixes
some minor MarkDown errors (`<` -> <)
depends on https://github.com/docker/docs-base/pull/1resolves#11069
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This change modifies the chmod bits of build context archives built on
windows to preserve the execute bit and remove the r/w bits from
grp/others.
Also adjusted integ-cli tests to verify permissions based on the platform
the tests are running.
Fixes#11047.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
The original description has some mistakes and lack of many useful
information, I rewrite them to make it accurate and complete.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Closes#10807
Adds support for `dockerfile` ONLY when `Dockerfile` can't be found.
If we're building from a Dockerfile via stdin/URL then always download
it a `Dockerfile` and ignore the -f flag.
Signed-off-by: Doug Davis <dug@us.ibm.com>
and add a testcase to catch this in the future.
While in there I also:
- removed extra periods from the few options that had them (new test)
- made the --filter option consistent across all command
Signed-off-by: Doug Davis <dug@us.ibm.com>
This is the absolute bare minimum necessary to compile and test Docker -- this is going to be especially useful for testing and verifying assumptions.
With this, we can setup a Jenkins job that tests to ensure that all the work we do to make sure our build scripts and tests don't contain assumptions is not effort spent in vain.
This is important because this is the kind of bare-bones stock environment our packagers build in. Additionally, this verifies that our scripts will work reasonably on other platforms (such as Darwin and Windows) as well.
Assumptions existing tests make that currently fail:
- `registry-v2` exists as a binary in `$PATH` (FIXED IN #11005🎉)
- `unprivilegeduser` exists as a user in `/etc/passwd`
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
This downloads a specific image ID of `busybox:latest` from the Hub directly (within the `Dockerfile`, ready for `docker load`) instead of grabbing the source from GitHub and doing a `docker build` at daemon start time. This ensures the test suite runs more consistently.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
If `.bashrc` exists at the root of the source tree, it will be used as the `~/.bashrc` inside the container.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
The document referenced https but was using the http port. I changed the
examples from https to http.
Also, fyi, when I tried accessing https using the correct 443 port, it
did not work. I have not investigated why. Port 80 worked fine.
For me:
jay-mac:.ssh jay$ docker port web
80/tcp -> 0.0.0.0:49153
443/tcp -> 0.0.0.0:49154
jay-mac:.ssh jay$ boot2docker ip
192.168.59.103
works: http://192.168.59.103:49153/
fails: https://192.168.59.103:49154/
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Instead of applying it only for the final `chroot`, this adds a chroot helper function to apply it appropriately for every chroot, including making sure that we find `chroot` in our current host `PATH` in case it's in a strange place.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
when running in the chroot, it would be expected to have a Debian-ish environment,
most important the PATH variable. Otherwise the host PATH would be used which can wrong
for Debian, especially if the host is Arch (which doesn't have /bin, /sbin or /usr/sbin).
Signed-off-by: Damjan Georgievski <gdamjan@gmail.com>
Use `-it` combination in example instead of `-ti`, because this is how it used everywhere in examples.
Update dockerfile_best-practices.md
Fix typo in command name
Signed-off-by: Dmitry Gusev <dmitry.gusev@gmail.com>
If the tests are running outside a container (i.e.
executed without `make test`), we are using a `busybox`
pulled from Docker Hub (not jpatezzo's docker-busybox).
That one adds an extra
`PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin`
env var all the time and that messes the test `TestCommitChange`.
That's currently breaking the windows CI.
I'm keeping the same PATH here but making it explicit
so that it's always set and we verify what we set. It's actually the same
thing if I set `ENV PATH foo` here but I thought it may lead to some
problems hard to debug in the future.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Update the "Docker Remote API Client Libraries" documentation page to
include a reference to the Go-based docker-reg-client package.
Signed-off-by: Brian DeHamer <brian@dehamer.com>
Fixes: 10855
The example was actually incorrect for many situations, and also, now
that we have IPv6 we should not that the example is for IPv4 and note
how to find IPv6 addresses. Also, the device they want to connect to
could be the bridge, or main ethernet device, or some other device
name, so note that as well.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Some pull/push tests are launching `registry-v2`
binary which is compiled and installed if the tests
are running in-container through `make test-integration-cli`.
However, registry is not supported to run on non-linux
platforms and we can't really spin up any registry-v2
containers in the remote DOCKER_TEST_HOST at this point.
Just skipping those with the new TestRequirement called
`RegistryHosting`.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
`TestRunBindMounts` requires daemon to be on the same host.
Running this cli test on Linux is fair enough coverage for
this functionality and we can skip this for platforms where
daemon cannot run side-by-side with the cli for now.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Currently TestBuildRenamedDockerfile fails since passing
custom dockerfile paths like:
docker build -f dir/file .
fails on windows because those are unix paths. Instead, on
windows accept windows style paths like:
docker build -f dir\file .
and convert them to unix style paths using the helper we
have in `pkg/archive` so that daemon can correctly locate
the path in the context.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Use the new `runCommandPipelineWithOutput` helper to
remove bash dependency required for piping in
`TestSaveDirectoryPermissions`.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
This type is produced on the server side and is a type safe struct that
can be encoded to json. It is consumed via the client.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Move the stats structs from the api/stats package into a new package
api/types that will contain all the api structs for docker's api request
and responses.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
In addition to config env, `commit` now will also accepts a `changes` env which
is a string contains new-line separated Dockerfile instructions.
`commit` will evaluate `changes` into `runconfig.Config` and merge it with
`config` env, and then finally commit a new image with the changed config
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: rhatdan)
Instead of building the actual image, `build_config` will serialize a subset of
dockerfile ast into *runconfig.Config
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Create container job could fail because a container specified with
`--volumes-from` does not exist. This error is not propagated to client
though. Instead it's recognized by higher levels as "image not found".
Client then tries to pull the image and launch the container again.
This patch changes the lower level error message so that it's not
recognized as "image not found" and thus it's propagated to client.
Signed-off-by: Michal Minar <miminar@redhat.com>
Phil has been very active across the repository for a few months now.
He has not only triaged issues but also contributed to features and bug
fixes and is a very active participant on the project.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
zsh completion is updated with the content of
felixr/docker-zsh-completion.
ef4a3fce0437 Update completion for `wait' as per 1.5.0
ace5aa9c1282 Add completion for `stats'
91f112834865 Update completion for `search' as per 1.5.0
a5e4febe4bf6 Update completion for `save' as per 1.5.0
1cdbdb18a384 Add completion for `rename'
2f004bb724b9 Update completion for `pull' as per 1.5.0
773b88e0885b Update completion for `logs' as per 1.5.0
c57e5d5c4551 Update completion for `load' to favor archive files
9af7d12b487e Update completion for `images` as per 1.5.0
0d59e66aff30 update completion for `exec' to complete on commands
46b6c66760d7 Update completion for `events' as per 1.5.0
307e0bdc4c34 Update completion for `commit' as per 1.5.0
c4b331f38cc4 Update completion for `build' as per 1.5.0
Also added myself in the `MAINTAINERS` file.
Signed-off-by: Vincent Bernat <vincent@bernat.im>
Some integration-cli tests assume daemon and cli are running
on the same machine and therefore they examine side effects
of executed docker commands on docker host by reading files
or running other sort of commands.
In case of windows/darwin CLI tests these provide little
or no value and should be OK to skip.
List of skipped tests:
- `TestContainerNetworkMode`
- `TestCpVolumePath`
- `TestCreateVolumesCreated`
- `TestBuildContextCleanup`
- `TestBuildContextCleanupFailedBuild`
- `TestLinksEtcHostsContentMatch`
- `TestRmContainerWithRemovedVolume`
- `TestRunModeIpcHost`
- `TestRunModeIpcContainer`
- `TestRunModePidHost`
- `TestRunNetHost`
- `TestRunDeallocatePortOnMissingIptablesRule`
- `TestRunPortInUse`
- `TestRunPortProxy`
- `TestRunMountOrdering`
- `TestRunModeHostname`
- `TestRunDnsDefaultOptions`
- `TestRunDnsOptionsBasedOnHostResolvConf`
- `TestRunResolvconfUpdater`
- `TestRunVolumesNotRecreatedOnStart`
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
This way, we only leave around autogenerated files if the build fails (which is reasonable IMO, since that's when you'd need them for debugging the build failure).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
This optimizes a number of images and removes a duplicate image.
Also consolidated images in the 'docker-hub' section.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
1. Docker require to run before redis container run.
2. 'start' command can not accept more options like "run -e xx ..."
3. Remove wrong command 'Author='
Signed-off-by: Daniel YC Lin <dlin.tw@gmail>
Despite being wrong we are kinda calling our users dumb, I feel it is a bit
demeaning. As well as just wrong.
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
Skip tests based on remote daemon's exec support (to exclude
these tests from `make test` ran in LXC case). Makes use of
`test_no_exec` build tag passed by build scripts.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Shout out to @estesp for the idea. Some use cases of
`readContainerFile` can be replaced with `docker exec $id cat $file`.
This helper method can eliminate the requirement that
host/cli should be on the same machine.
TestRunMutableNetworkFiles and TestRunResolvconfUpdater still
need to access the docker host filesystem as they modify
the file directly from there assuming cli and daemon are
on the same machine.
This fixes TestLinksUpdateOnRestart and TestLinksHostsFilesInject
for Windows CI.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
In its current form, if an error message has two trailing "\n" instead
of one, an empty line is resulted (see engine/job.go for an example of
such usages).
Skipping all trailing whitespaces will give a better error message.
Signed-off-by: Nghia Tran <nghia@google.com>
Some of the links in this document contained hard-wrapped URL portions, which causes Markdown to insert a literal URL encoded `\n` inside the link, thus breaking them.
Signed-off-by: Bradley Wright <brad@intranation.com>
This fixes a few misuses of `deleteAllContainers()` cleanup
method in integration-cli suite by moving call to the
beginning of the method and guaranteeing their execution
(including panics) with `defer`s.
Also added some forgotten cleanup calls while I'm at it.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
`docker build -q .` where Dockerfile contains a RUN cmd will hang on the
RUN. It waits for the output stream to close but because of -q we never
attached to the container and end up waiting forever.
The fact that no one noticed this tells me that people may not actually
use -q and if so I wonder if it would make sense to make -q work the may
it does for other commands (like `docker ps`) and make it so it only
shows the container ID at the end. A -q/quiet option that only hides the
container RUN output apparently isn't really that useful since no one is
using it. See: https://github.com/docker/docker/issues/4094
Signed-off-by: Doug Davis <dug@us.ibm.com>
TestBuildAddBadLinks used to build a path by
concenating unix-style forward slashes. Fixed that
by providing a windows-equivalent using `runtime.GOOS`.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Although this doesn't fix the test (os.Symlink is not yet
implemented for Windows), this prevents unix-style paths
from being passed to os.Symlink. Also makes code cleaner
for linux.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Skipping some of the tests closely tied to running in a
unix environment. Windows does not support chmod/chown
and this causes some tests to fail creating desired
behavior.
- `TestBuildWithInaccessibleFilesInContext`: uses chown/chmod
- `TestBuildDockerfileOutsideContext`: uses os.Symlink, not implemented on
windows
- `TestCpUnprivilegedUser`: uses chmod, and requires 'unprivilegeduser'
created by Dockerfile (and thus requires to run inside container)
- `TestBuildChownSingleFile`: uses chown
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
NetworkManager updates resolve.conf by replacing the current file
with an updated one. This change enables docker to listen for these
events.
Signed-off-by: Sami Wagiaalla <swagiaal@redhat.com>
The most obvious use case is when one wants to make sure as fast
as possible that a command is a valid Dockerfile command.
Signed-off-by: kargakis <kargakis@users.noreply.github.com>
This fixes `TestVolumesNoCopyData` for test execution on
windows by passing a unix-style path as volume even though
it's running on windows.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
estesp noticed that when $HOME is / the ~ substitutions messes up
becuase it tries to replace all paths that start with "/" with "~".
This fixes it so that it will only replace it when $HOME isn't "/".
Signed-off-by: Doug Davis <dug@us.ibm.com>
Fixes#10426
Because of the ability to easily overload the shell max argument list
length once the image count is several hundred, `docker load` will
start to fail because of this as it passes an excludes list of all
images in the graph. This patch uses an environment variable with the
json marshalled through it to get around the arg length limitation.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
`TestBuildRenamedDockerfile` tests hard-code unix-style
path building. Made use of `path/filepath` to make these
tests work on Windows as well.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Currently when containers are linked the alias name (e.g. from `--link
name:alias`) is added to the parent container's `/etc/hosts` with a
reference to the IP of the linked container. Some software requires
using the official hostname or node name in operations that need to
match on those values, and it is therefore helpful if the parent
container can refer to the child/link using those same values and still
access the same IP.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Fixes: #10701
Updates the IPv6 documentation and images to reflect the more modern
`ip -6` command set versus `route` and `ifconfig`. Also removes the
use of the special 2002: address range as that is reserved for 6to4
addressing, as well as use of any public address range and re-works the
switched routing example to use 3 subnets of the documentation IPv6
prefix range.
Also conformed all use of addresses to the same doc range per @MalteJ's
commit.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Signed-off-by: Malte Janduda <mail@janduda.net>
This makes use of `%USERPROFILE%` as a substitute for
`~` on Windows and prints shorter strings for default
cert paths etc.
Also removes string escaping/quotes around default
path values printed in `docker help` command as they
are not really necessary and adds double backslashes
(\\) on windows.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
In order to fit printed messages to fit 80 chars,
rewording messages for `-H` and `--tls` flags.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Since `cirros.tar.gz` only existed to test `docker import`'s display and
presence in `docker events`, we can instead just use `docker export`
piped directly to `docker import` to achieve the same goal without
another external dependency besides `busybox` (which we already have).
While I was at it, I updated `TestImportDisplay` to also test that the
imported image actually runs successfully as well (so we're testing the
full import round-trip).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Use `env -i` to very explicitly control exactly which environment variables leak into our tests. This enforces a clean separation of "build environment knobs" versus "test suite knobs".
This also includes a minor tweak to how we handle starting our integration daemon, especially to catch failure to start sooner than failing tests.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Mainly to make sure we don't treat the -f value as relative to the
root of the build context, but instead it must be relative to the current
dir.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Some of the `docker cp` tests were using `path/filepath` to
craft unix paths. This wouldn't work on Windows since filepath
is platform-dependent.
Moved code to `path` as much as possible and hacked away some
`path/filepath` functionality that doesn't exist in `path` pkg.
This fixes the following test cases:
- `TestCpGarbagePath`
- `TestCpRelativePath`
- `TestCpAbsoluteSymlink`
- `TestCpSymlinkComponent`
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
This change enables TestRunSetMacAddress to run on windows
without `bash` dependency. Also `defer`red call of cleanup
method.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
The test case `TestImagesFilterWhiteSpaceTrimmingAndLowerCasingWorking`
fails based on time because it uses full `docker images` output and
value in the `CREATED` column turns from `A minute ago` to `2 minutes ago`
in the middle of execution and output comparison fails.
Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
This removes `bash` dependency from save/load integration tests.
It used to call `/bin/bash -c 'c:\...\docker.exe'` which is not valid.
Also removed usage of tempdirs and temp files for saving/loading
repos. All are now done using in-memory pipes and buffers.
Created `runCommandPipelineWithOutput` helper to replace the
`/bin/bash -c 'a | b | c'` using pipes and returning output from
last command in the pipeline. This makes the code even shorter
and readable.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Currently pkg/archive stores nested windows files with
backslashes (e.g. `dir\`, `dir\file.txt`) and this causes
tar not being correctly extracted on Linux daemon.
This change assures we canonicalize all paths to unix
paths and add them to tar with that name independent of platform.
Fixes the following test cases for Windows CI:
- TestBuildAddFileWithWhitespace
- TestBuildCopyFileWithWhitespace
- TestBuildAddDirContentToRoot
- TestBuildAddDirContentToExistingDir
- TestBuildCopyDirContentToRoot
- TestBuildCopyDirContentToExistDir
- TestBuildDockerignore
- TestBuildEnvUsage
- TestBuildEnvUsage2
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
source /etc/bash_completion.d/docker.io was not working for me, since the file is called docker, not docker.io.
There might be versions with 'io' ending; star is general enough.
Signed-off-by: Ferenc Szabo <pragmaticfrank@gmail.com>
Or else we can violate array range boundaries in:
out = strings.Split(out, ":")[1]
and get runtime error.
We got this runtime error when run TestRunPortFromDockerRangeInUse
Somehow docker goes silently if it cannot publish port because
of no bridge.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@parallels.com>
Some tests in `docker_api_containers_test.go` assume the
docker daemon is running at the same machine as the cli
and uses `ioutil.TempDir` to create temp dirs and use them
in the test.
On windows ioutil.TempDir and os.TempDir would create win-style
paths and pass them to daemon. Instead, I hardcoded `/tmp/` and
generate some random path manually and allow daemon to create
the directory.
Fixes tests:
- TestContainerApiStartVolumeBinds
- TestContainerApiStartDupVolumeBinds
- TestVolumesFromHasPriority
Downside:
- Does not clean the temp dirs generated on the remote daemon
machine unless delete container deletes them.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
If DOCKER_CLIENTONLY is set for test-integration-cli, we don't set
the 'daemon' build tag. 'isRemoteDaemon' will help us skip such
tests without a need to move them to a separate file and accidentally
lose track of them.
Added `testRequires` function to skip tests based on predefined
conditions evaluated in runtime. This way we can easily extend test
requirements like:
testRequires(t, Networking, SameHostDaemon, Linux)
Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
TestCliProxyDisableProxyUnixSock runs `docker info` by
clearing env however if the daemon is set up to run in a
different machine (e.g. Windows CI case) it does not make
use of DOCKER_TEST_HOST and tries to connect unix sock.
This fix injects DOCKER_HOST back to the test.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
A comment in https://github.com/docker/docker/issues/6354#issuecomment-74160215
brought to light that the "Managing Data in containers" section contained an
incorrect (or confusing) line;
"Volumes persist until no containers use them"
Which implies that volumes are automatically removed if they are no longer
referenced by a container.
This pull-request attempts to add some information explaining that volumes are
never automatically removed by Docker and adds some extra hints on working
with data volumes.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
For Windows, we run integration-cli with DOCKER_TEST_HOST env var b/c
daemon is on some remote machine. This keeps the DOCKER_HOST set by
bash scripts in the env.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Fixes TestRmiForceWithExistingContainers test to make it use
`busybox` image rather than /docker-busybox hardcoded path
and rebuilding image.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
TestEventsUntag requires a `timeout` command which does not
exist on OS X or Windows (in fact, windows has a totally different
timeout program and this test was accidentally using it).
- Created runCommandWithOutputForDuration.
This entirely replaces runDockerCommandWithTimeout and
removes dependency to `timeout` command.
- Made runDockerCommandWithTimeout reuse runDockerCommandForDuration.
TestEventsUntag works now on Windows.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Current uses of `makeRandomString` is to create really
long strings. In #10794, I used them to create nearly-unique
unix paths for the daemon. Although collions are harmless and
don't fail the tests, this prevents the same strings from being
created consistently in every run by seeding rand.Random.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
os.Exec("bash", "-c", dockerBinary) ends up making a call like
bash -c c:\...\docker.exe on windows msys shell, which does not work.
This test makes use of exec.Command.Stdin to pass image back to
docker import.
- Upside: fixes the test on windows
- Downside: cat/tee compatibility is no longer tested in this test case
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
It turns out the back-to-back `D`s here were tripping people up because visually, it looks like a typo. This renames the variable to `BIND_DIR`, but allows `BINDDIR` to continue working for backwards-compatibility.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Fixes newly introduced error flow from daemon.Get() in the link setup
code. Also added more detail to daemon.Get() comments for clarity.
Added test to test the bogus container link codepath.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Make the install script independent from the ubuntu keyserver by using
the sks-keyservers pool instead.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
TestBuildAddTarXz/TestBuildAddTarXzGz make exec calls like
'cd %SOME_TEMP_DIR%; xz test.gz' but this fails when called
from integration-cli tests (doesn't fail from msys or cmd shell).
It fails with error: "xz: test.tar: Cannot remove: Permission denied."
Proposing workaround of using the `xz --keep` argument since keeping
test.tar is harmless and it's already in os.TempDir().
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
TestGetContainersAttachWebsocket is currently broken on Windows CI tests
b/c it has hardcoded unix://var/run/docker.sock. This change makes use
of @icecrime's code in docker_utils and generalizes it with sockConn()
to provide a net.Conn by making use of DOCKER_TEST_HOST. Also fixes
the test.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
This fixes the build break in Jenkins Windows CI tests and
fixes TestInspectImage for Windows CLI.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Makes sure the CLI does not use HTTP_PROXY when connecting to unix
socket.
Also adds some tests to make sure this functionality works as expected.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
d1e9d07c introduces a dependency to libcontainer and other daemon
related packages through builder package. The only thing test needs
is set of the Dockerfile commands. Extracting them to a separate
package.
This was causing CI tests to not to compile on non-Linux platforms.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
subjectAltName=IP:x.x.x.x
this allows for connecting to the docker server from docker client
using the dns name OR using the IP address (lots of docker stuff
prefers IP addresses)
Signed-off-by: Greg Fausak <greg@tacodata.com>
pushV2Image() calls TarLayer() which returns an archive. One needs to
Close() the archive once done otherwise it will leave mounted devices
if devicemapper graph driver is being used.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
manifest code calls TarLayer() and gets archive. This archive needs to
be closed once caller is done using it to release the resrouces held
by archive. For the devicemapper graphdriver, archive keeps a device
mounted (device which is backing the layer). If archive.Close() is not
called, that device remains mounted and later deletion of device fails
leading to various other issues.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Fixes#9981
Allows a volume which was created by docker (ie, in
/var/lib/docker/vfs/dir) to be used as a Bind argument via the container
start API and overwrite an existing volume.
For example:
```bash
docker create -v /foo --name one
docker create -v /foo --name two
```
This allows the volume from `one` to be passed into the container start
API as a bind to `two`, and it will overwrite it.
This was possible before 7107898d5c
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The trust graph currently pulls the keys needed to verify official images. For non-official images this graph check is useless. To avoid hitting the key statement url when pulling from private v2 registries, restrict the check to official image pulls.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Pushing by image ID is not allowed in the Docker CLI and not supported by the registry. An unnamed image also cannot be pushed to a private registry, since no endpoint is specified and it will default to the hub. The hub also does not support this use case, therefore removing the code path is the best solution.
The ability to push a layer without a name is unsupported by the v2 registry.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
If you have a Dockefile with just:
FROM scratch
An error is generated but its never shown to the CLI. This PR fixes that.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Adding instructions to exit the test shell and a link to the user guide (as is done in the following sections for 12.04 and 13.04/10
Signed-off-by: Steven Koch <sjkoch@unm.edu>
set LimitCORE=infinity to ensure complete core creation,
allows extraction of as much information as possible.
Thanks to Ulrich Obergfell <uobergfe@redhat.com>
and Jeremy Eder <jeder@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Fixes: #10655
As noted in the issue, bad format was being returned even if the format
was appropriate, but the IP was invalid. This adds a better error
message for when the IP address fails validation.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Handles missed comments in PR#10622 and adds an API test to validate
error returned properly for duplicate bind mounts for the same
container target path.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
`openssl req -new -x509 -text -key client.key -out client.cert` creates a self-sign certificate but not a certificate request.
Signed-off-by: Wei-Ting Kuo <waitingkuo0527@gmail.com>
Reflow change in commit 195f3a3f removed newlines in the config format.
This change reverts the sample config to the original formatting, which
matches the actual config format of a `awsconfig` file.
Signed-off-by: Katie McLaughlin <katie@glasnt.com>
Introduced in Docker v0.4.5 / Remove API v1.1 (#848), the remote
parameter of the API method POST /build allows to specify a buildable
remote URL (HTTPS, HTTP or Git).
Signed-off-by: Vincent Giersch <vincent.giersch@ovh.net>
It's ambiguous to say that `ENV` is _functionally equivalent to prefixing the command with `<key>=<value>`_. `ENV` sets the environment for all future commands, but `RUN` can take chained commands like `RUN foo=bar bash -c 'echo $foo' && bash -c 'echo $foo $bar'`. Users with a solid understanding of `exec` may grok this without confusion, but less experienced users may need this distinction.
Signed-off-by: Michael A. Smith <msmith3@ebay.com>
Improve Environment Handling Descriptions
- Link `ENV` and `Environment Replacement`
- Improve side-effects of `ENV` text
- Rearrange avoiding side effects text
Signed-off-by: Michael A. Smith <msmith3@ebay.com>
This list is outdated. It could be updated instead of removed... but why should it be maintained? I do not see a reason.
Signed-off-by: João Bruni <contato@jbruni.com.br>
The link to project/MAINTAINERS.md was broken, in
addition, /MAINTAINERS containers more relevant
information on the LGTM process and contains info
about maintainers of all subsystems.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Fixes a few typos in IPv6 addresses. Will make it easier for users who
actually try and copy/paste or use the example addresses directly.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Update fixes some rendering issues, including improperly escaping '$' in
blocks, and actual parsing of blockcode.
`ID=$(sudo docker run -d fedora /usr/bin/top -b)` was being converted to
`ID=do docker run -d fedora/usr/bin/top -b)`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The docs around COPY/ADD already mentioned that it will do a relative
copy/add based on WORKDIR, so that part is already ok. Just needed to
tweak the WORKDIR section since w/o mentioning COPY/ADD it can be misleading.
Noticed by @phemmer
Signed-off-by: Doug Davis <dug@us.ibm.com>
Note: this deprecates the fine-grained, high-overlap cascading MAINTAINERS files,
and replaces them with a single top-level file, using a new structure:
* More coarse grained subsystems with dedicated teams of maintainers
* Core maintainers with a better-defined role and a wider scope (if it's
not in a subsystem, it's up to the core maintainers to figure it out)
* Architects
* Operators
This is work in progress, the goal is to start a conversation
Signed-off-by: Solomon Hykes <solomon@docker.com>
Signed-off-by: Erik Hollensbe <github@hollensbe.org>
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Signed-off-by: Tibor Vass <teabee89@gmail.com>
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Batts <vbatts@redhat.com>
The title `Image JSON Schema` was used as a header in the section
which describes the layout and fields of the image metadata JSON
file. It was pointed out that `JSON Schema` is its own term for
describing JSON in a machine-and-human-readable format, while the
word "Schema" in this context was used more generically to say that
the section is meant to be an example and outline of the Image JSON.
http://spacetelescope.github.io/understanding-json-schema/
This section now has the title `Image JSON Description` in order
to not cause this confusion.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
This allows us to use build tags in the code directly to include/exclude code based on our binary's "staticness".
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Right now its really hard for a newbie to find our Image specification
so I'm adding a link to it (and libcontainer's) to the main README.
I'm also trying to figure out how to add a link to it from the main docs
too but that's proving harder than I expected. I'll be working with Sven on
a subsequent PR to make that happen, but it might not happen until after 1.5
is out.
Signed-off-by: Doug Davis <dug@us.ibm.com>
`openssl req -new -x509 -text -key client.key -out client.cert` creates a self-sign certificate but not a certificate request.
Signed-off-by: Wei-Ting Kuo <waitingkuo0527@gmail.com>
We're hoping to add some new commands that don't have any args so this
PR will enable that by removing all of the hard-coded checks that require
commands to have at least one arg. It also adds some checks to each
command so we're consistent in the error message we get. Added a test
for this too.
We actually had this check in at least 3 different places (twice in the
parser and once in most cmds), this removes 2 of them (the parser ones).
Had to remove/modify some testcases because its now legal to have certain
commands w/o args - e.g. RUN. This was actually inconsistent because
we used to allow "RUN []" but not "RUN" even though they would generate
(almost) the same net result. Now we're consistent.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Applied multi parameters to pause and unpause.
Created a new test file dedicated for pause commands.
Created a new utility function to get a slice of paused containers.
Updated documentation
Signed-off-by: André Martins <martins@noironetworks.com>
Adding instructions to exit the test shell and a link to the user guide (as is done in the following sections for 12.04 and 13.04/10
Signed-off-by: Steven Koch <sjkoch@unm.edu>
I don't think that it was very useful feature in current implementation,
but when you have a lot of links - your daemon became unusable because
on first call of /containers global graphdb lock will be acquired and it
can take a lot of time: 30m for 15 containers linked to each other.
Links names can be seen with `--no-trunc`, but I think it's useless :)
Fixes#9967
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Addresses: #10618
Given that the user has no notification that they tried to bind mount
different directories on the same target in the container, this errors
out in that case, without changing the current code allowing for
--volumes-from to trump -v/VOLUME specifications.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
As I was reworking https://github.com/docker/docker/pull/9402 I realized
that the new testcase I just added that verified all help text is within
80 characters really should be smarter and ask "docker help" for the list
of commands to check instead of having a hard-coded list. This way
it will catch "docker execwait" automagically once #9402 is merged.
Signed-off-by: Doug Davis <dug@us.ibm.com>
sort changes found and exported.
Sorting the files before appending them to the tar archive
would mean a dependable ordering for types like hardlinks.
Also, combine sort logic used
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Per Erikh's suggestion at:
https://github.com/docker/docker/pull/9989#issuecomment-69832009
this PR will trim spaces in the parser to ensure that the user gets the same
results irrespetive of leading/trailing spaces.
Per @tiborvass's suggestion I added a test to make sure spaces in quotes
are not touched.
Signed-off-by: Doug Davis <dug@us.ibm.com>
We only accepted lower case proto: tcp, udp.
This patch will enable us to use upper case
of proto such as: EXPOSE 1234/TCP
Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
Reflow change in commit 195f3a3f removed newlines in the config format.
This change reverts the sample config to the original formatting, which
matches the actual config format of a `awsconfig` file.
Signed-off-by: Katie McLaughlin <katie@glasnt.com>
Only show the verification message if all the tarsum checks pass and the image manifest is verified.
No longer return an error when a tarsum verification fails, just reset the verification flag.
Tarsum verification is less meaningful without a verified manifest and therefore it should not cause an error.
Updated the verified image test to pull an image which expected to have a verified manifest and contents.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Refactored getHomeDir in docker/docker to GetHomeDir in utils
pkg. Currently covers all use cases on the client-side.
Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
Lxc images have /dev (devices). This creates a list with the /dev paths in the test.
Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
Currently docker build is not passing HostConfig to daemon.Create.
this patch creates the default HostConfig and passes it to daemon.Create.
This will cause the SELinux labeling to turn on for docker build. Basically
it causes a SecurtyOpt field to be created. In the future this might also
allow us to use seccomp and UserNamespace with docker build.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
This is sort of "revert" of #8415. There is some problems with using
logs:
* Non-live progressbars
* Races when you can try to get logs before it was written(there was
occasional errors in tests)
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
It didn't work on v2 anyways. And an image with a lot of aliases was slow to
fetch.
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
On pull treat an unavailable v2 registry as a non-error fallback.
On push only show v2 error message in debug mode.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
The -u/--user flag optionaly takes a group/gui. This change documents this behavior and specifies the complete format of the value.
Signed-off-by: Jeff Nickoloff <jeff@allingeek.com>
Added a missed semi-colon for consistency with other messages.
Signed-off-by: Jeff Nickoloff <jeff@allingeek.com>
No longer push to the official v2 registry when it is available. This allows pulling images from the v2 registry without defaulting push. Only pull official images from the v2 official registry.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
No longer push to the official v2 registry when it is available. This allows pulling images from the v2 registry without defaulting push. Only pull official images from the v2 official registry.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Introduced in Docker v0.4.5 / Remove API v1.1 (#848), the remote
parameter of the API method POST /build allows to specify a buildable
remote URL (HTTPS, HTTP or Git).
Signed-off-by: Vincent Giersch <vincent.giersch@ovh.net>
This modifies the "docker help" text so that it is no wider than 80 chars
and each description fits on one line. This will also try to use ~ when
possible
Added a test to make sure we don't go over 80 chars again.
Added a test to make sure we use ~
Applied rules/tests to all docker commands - not just main help text
Closes#10214
Signed-off-by: Doug Davis <dug@us.ibm.com>
Since the separator for extra host settings (for /etc/hosts in a
container) is a ":", the code that handles extra hosts needed to only
split on the first ":" to preserve IPv6 addresses which are passed via
the command line settings as well as stored in the JSON container
config.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
I noticed that while we have tests to make sure that people don't
specify a Dockerfile (via -f) that's outside of the build context
when using the docker cli, we don't check on the server side to make
sure that API users have the same check done. This would be a security
risk.
While in there I had to add a new util func for the tests to allow us to
send content to the server that isn't json encoded - in this case a tarball
Signed-off-by: Doug Davis <dug@us.ibm.com>
When calling stats on stopped container's print out zeros for all of the
values to populate the initial table. This signals to the user that the
operations completed and will not block.
Closes#10504
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This ensures that ca-certificates are installed and that they get
updated in case they were already installed.
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
I noticed that while we have tests to make sure that people don't
specify a Dockerfile (via -f) that's outside of the build context
when using the docker cli, we don't check on the server side to make
sure that API users have the same check done. This would be a security
risk.
While in there I had to add a new util func for the tests to allow us to
send content to the server that isn't json encoded - in this case a tarball
Signed-off-by: Doug Davis <dug@us.ibm.com>
When calling stats on stopped container's print out zeros for all of the
values to populate the initial table. This signals to the user that the
operations completed and will not block.
Closes#10504
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
The API documentation uses the "base" image in various
places. The "base" image is deprecated and it is no longer
possible to download this image.
This changes the API documentation to use "ubuntu" in stead.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When getting the URL from a v2 registry url builder, it does not
honor the scheme from the endpoint object and will cause an https
endpoint to return urls starting with http.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
When requesting a token, the basic auth header is always being set even
if there is no username value. This patch corrects this and does not set
the basic auth header if the username is empty.
Also fixes an issue where pulling all tags from a v2 registry succeeds
when the image does not actually exist on the registry.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Wait for the local registry-v2 test instance to become available to
avoid random tests failures.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
The checksum is now being stored in a separate file beside the image
JSON file.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Fixes#10387
Without TCP keep-alive set on socket connections to the daemon, any
long-running container with std{out,err,in} attached that doesn't
read/write for a minute or longer will end in ECONNTIMEDOUT (depending
on network settings/OS defaults, etc.), leaving the docker client side
believing it is still waiting on data with no actual underlying socket
connection.
This patch turns on TCP keep-alive for the underlying TCP connection
for both TLS and standard HTTP hijacked daemon connections from the
docker client, with a keep-alive timeout of 30 seconds.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
While checksums are verified when a layer is pulled from v2 registries,
there are known issues where the checksum may change when the layer diff
is computed again. To avoid these issues, the checksum should no longer
be computed and stored until after it has been extracted to the docker
storage driver. The checksums are instead computed lazily before they
are pushed to a v2 registry.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
It's ambiguous to say that `ENV` is _functionally equivalent to prefixing the command with `<key>=<value>`_. `ENV` sets the environment for all future commands, but `RUN` can take chained commands like `RUN foo=bar bash -c 'echo $foo' && bash -c 'echo $foo $bar'`. Users with a solid understanding of `exec` may grok this without confusion, but less experienced users may need this distinction.
Signed-off-by: Michael A. Smith <msmith3@ebay.com>
Improve Environment Handling Descriptions
- Link `ENV` and `Environment Replacement`
- Improve side-effects of `ENV` text
- Rearrange avoiding side effects text
Signed-off-by: Michael A. Smith <msmith3@ebay.com>
The cmd.Lookup should be "-attach" and not "attach", as seen in
docker/docker/runconfig/parse.go
Signed-off-by: André Martins <martins@noironetworks.com>
This list is outdated. It could be updated instead of removed... but why should it be maintained? I do not see a reason.
Signed-off-by: João Bruni <contato@jbruni.com.br>
When requesting a token, the basic auth header is always being set even
if there is no username value. This patch corrects this and does not set
the basic auth header if the username is empty.
Also fixes an issue where pulling all tags from a v2 registry succeeds
when the image does not actually exist on the registry.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
When getting the URL from a v2 registry url builder, it does not
honor the scheme from the endpoint object and will cause an https
endpoint to return urls starting with http.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Wait for the local registry-v2 test instance to become available to
avoid random tests failures.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
The link to project/MAINTAINERS.md was broken, in
addition, /MAINTAINERS containers more relevant
information on the LGTM process and contains info
about maintainers of all subsystems.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The checksum is now being stored in a separate file beside the image
JSON file.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Fixes#10387
Without TCP keep-alive set on socket connections to the daemon, any
long-running container with std{out,err,in} attached that doesn't
read/write for a minute or longer will end in ECONNTIMEDOUT (depending
on network settings/OS defaults, etc.), leaving the docker client side
believing it is still waiting on data with no actual underlying socket
connection.
This patch turns on TCP keep-alive for the underlying TCP connection
for both TLS and standard HTTP hijacked daemon connections from the
docker client, with a keep-alive timeout of 30 seconds.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
While checksums are verified when a layer is pulled from v2 registries,
there are known issues where the checksum may change when the layer diff
is computed again. To avoid these issues, the checksum should no longer
be computed and stored until after it has been extracted to the docker
storage driver. The checksums are instead computed lazily before they
are pushed to a v2 registry.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Don't run docker in interactive mode in the archlinux container build script. Recent versions of Docker error out with "cannot enable tty mode on non tty input" when being run non-interactively (such as in a cron job, Jenkins build, etc.)
Signed-off-by: Jared Biel <jared.biel@bolderthinking.com>
The API documentation uses the "base" image in various
places. The "base" image is deprecated and it is no longer
possible to download this image.
This changes the API documentation to use "ubuntu" in stead.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fixes the daemon's failure to start when setting --ipv6=true for
the first time without deleting `docker0` bridge from a prior use with
only IPv4 addressing.
The addition of the IPv6 bridge address is factored out into a separate
initialization routine which is called even if the bridge exists but no
IPv6 addresses are found.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Under certain cases, such as when putting a manifest or check for the existence
of a layer, the status code checks in session_v2.go were too narrow for their
purpose. In the case of putting a manifest, the handler only cares that an
error is not returned. Whether it is a 304 or 202 does not matter, as long as
the server reports success. Having the client only accept specific http codes
inhibits future protocol evolution.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
This fixes the daemon's failure to start when setting --ipv6=true for
the first time without deleting `docker0` bridge from a prior use with
only IPv4 addressing.
The addition of the IPv6 bridge address is factored out into a separate
initialization routine which is called even if the bridge exists but no
IPv6 addresses are found.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Fixes a few typos in IPv6 addresses. Will make it easier for users who
actually try and copy/paste or use the example addresses directly.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
The build job will sometimes trigger a pull job when the base image
does not exist. Now that engine jobs properly close their output by default
the pull job would also close the build job's stdout in a cascading close
upon completion of the pull.
This patch corrects this by wrapping the `pull` job's stdout with a
nopCloseWriter which will not close the stdout of the `build` job.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
When unmarshaling the json response from the API in languages to a
dynamic object having the omitempty field tag on types such as float64
case the key to be omitted on 0.0 values. Various langages will
interpret this as a null when 0.0 is the actual value.
This patch removes the omitempty tags on fields that are not structs
where they can be safely omited.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
When calling delete on a bind-mount volume, the config file was bing
removed, but it was not actually being removed from the volume index.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Before the V2 registry changes, images with no config could be pushed.
This change fixes a regression that made those images not able to be
pushed to a registry.
Signed-off-by: Euan Kemp <euank@euank.com>
Docker inspect can also be used on images, this patch fixed the
minor typo in file docker/flags.go and docs/man/docker.1.md
Signed-off-by: DiuDiugirl <sophia.wang@pku.edu.cn>
When progress reader closes it overwrites the progress line with the full progress bar, replaces the completed message.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Currently loading the trust key uses path instead of filepath. This creates problems on some operating systems such as Windows.
Fixes#10319
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Updates `image.StoreImage()` to always ensure that images
that are installed in Docker have a tarsum.v1 checksum.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Since it can still be tested natively without this, this won't cause any harm while we fix the tests to actually work on Windows.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
* Adjust header to match _page_title
* Add instructions on deletion of CSRs and setting permissions
* Simplify some path expressions and commands
* Consqeuently use ~ instead of ${HOME}
* Precise formulation ('key' vs. 'public key')
* Fix wrong indentation of output of `openssl req`
* Use dash ('--') instead of minus ('-')
Remark on permissions:
It's not a problem to `chmod 0400` the private keys, because the
Docker daemon runs as root (can read the file anyway) and the Docker
client runs as user.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Since the Docker-Distribution-API-Version header value may contain multiple
space delimited versions as well as many instances of the header key, the
header value is now split on whitespace characters to iterate over all versions
that may be listed in one instance of the header.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Implementing the deamon flags the traditional way introduced even more
redundancy than usual because the same list of options with flags
had to be added twice.
This can be avoided by using variables in the case statements when
using the extglob shell option.
Signed-off-by: Harald Albers <github@albersweb.de>
Under certain cases, such as when putting a manifest or check for the existence
of a layer, the status code checks in session_v2.go were too narrow for their
purpose. In the case of putting a manifest, the handler only cares that an
error is not returned. Whether it is a 304 or 202 does not matter, as long as
the server reports success. Having the client only accept specific http codes
inhibits future protocol evolution.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
The build job will sometimes trigger a pull job when the base image
does not exist. Now that engine jobs properly close their output by default
the pull job would also close the build job's stdout in a cascading close
upon completion of the pull.
This patch corrects this by wrapping the `pull` job's stdout with a
nopCloseWriter which will not close the stdout of the `build` job.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Update fixes some rendering issues, including improperly escaping '$' in
blocks, and actual parsing of blockcode.
`ID=$(sudo docker run -d fedora /usr/bin/top -b)` was being converted to
`ID=do docker run -d fedora/usr/bin/top -b)`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The docs around COPY/ADD already mentioned that it will do a relative
copy/add based on WORKDIR, so that part is already ok. Just needed to
tweak the WORKDIR section since w/o mentioning COPY/ADD it can be misleading.
Noticed by @phemmer
Signed-off-by: Doug Davis <dug@us.ibm.com>
This revision is from docker_1.5 branch, because we don't want to
introduce user namespace in docker 1.5, but fix for --pid=host is
needed.
Fixes#10303
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
When unmarshaling the json response from the API in languages to a
dynamic object having the omitempty field tag on types such as float64
case the key to be omitted on 0.0 values. Various langages will
interpret this as a null when 0.0 is the actual value.
This patch removes the omitempty tags on fields that are not structs
where they can be safely omited.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
When calling delete on a bind-mount volume, the config file was bing
removed, but it was not actually being removed from the volume index.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Note: this deprecates the fine-grained, high-overlap cascading MAINTAINERS files,
and replaces them with a single top-level file, using a new structure:
* More coarse grained subsystems with dedicated teams of maintainers
* Core maintainers with a better-defined role and a wider scope (if it's
not in a subsystem, it's up to the core maintainers to figure it out)
* Architects
* Operators
This is work in progress, the goal is to start a conversation
Signed-off-by: Solomon Hykes <solomon@docker.com>
Signed-off-by: Erik Hollensbe <github@hollensbe.org>
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Signed-off-by: Tibor Vass <teabee89@gmail.com>
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Before the V2 registry changes, images with no config could be pushed.
This change fixes a regression that made those images not able to be
pushed to a registry.
Signed-off-by: Euan Kemp <euank@euank.com>
The title `Image JSON Schema` was used as a header in the section
which describes the layout and fields of the image metadata JSON
file. It was pointed out that `JSON Schema` is its own term for
describing JSON in a machine-and-human-readable format, while the
word "Schema" in this context was used more generically to say that
the section is meant to be an example and outline of the Image JSON.
http://spacetelescope.github.io/understanding-json-schema/
This section now has the title `Image JSON Description` in order
to not cause this confusion.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Docker inspect can also be used on images, this patch fixed the
minor typo in file docker/flags.go and docs/man/docker.1.md
Signed-off-by: DiuDiugirl <sophia.wang@pku.edu.cn>
When progress reader closes it overwrites the progress line with the full progress bar, replaces the completed message.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Currently loading the trust key uses path instead of filepath. This creates problems on some operating systems such as Windows.
Fixes#10319
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Updates `image.StoreImage()` to always ensure that images
that are installed in Docker have a tarsum.v1 checksum.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
If stop/kill command hits a short window between process' exit and
container's cleanup, it will no longer fail with 'no such process'
error.
Resolves#10182
Signed-off-by: Michal Minar <miminar@redhat.com>
Since it can still be tested natively without this, this won't cause any harm while we fix the tests to actually work on Windows.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
* Adjust header to match _page_title
* Add instructions on deletion of CSRs and setting permissions
* Simplify some path expressions and commands
* Consqeuently use ~ instead of ${HOME}
* Precise formulation ('key' vs. 'public key')
* Fix wrong indentation of output of `openssl req`
* Use dash ('--') instead of minus ('-')
Remark on permissions:
It's not a problem to `chmod 0400` the private keys, because the
Docker daemon runs as root (can read the file anyway) and the Docker
client runs as user.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Based on some feedback, when you have a container via the cli that you
are monitoring for stats, if you stop the container it will stay in the
display but report the last datapoint that was received.
This PR changes the display to zero out the values for containers where
an update has not been received within a specified duration, i.e. 2
seconds. This signals the user that the container has stopped as it
reports cpu and memory usage of 0.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Since the Docker-Distribution-API-Version header value may contain multiple
space delimited versions as well as many instances of the header key, the
header value is now split on whitespace characters to iterate over all versions
that may be listed in one instance of the header.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Implementing the deamon flags the traditional way introduced even more
redundancy than usual because the same list of options with flags
had to be added twice.
This can be avoided by using variables in the case statements when
using the extglob shell option.
Signed-off-by: Harald Albers <github@albersweb.de>
This fixes various tests by checking for non zero exit code, accounting for lxc-specific base-diffs, and by removing lxc specific environment vars.
It also adds the --share-ipc option to lxc-start for shared ipc namespaces.
Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
Docker-DCO-1.1-Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
Update our "registry" install to use the included Godeps libraries so that it
doesn't require anything from our current source (hence moving it up for
better caching too)
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
v2 ping now checks for a Docker-Distribution-API-Version
header that identifies the endpoint as "registry/2.0"
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Due to the iptables package being `init`ed at start of the docker
runtime, this means the iptables --wait command listing all rules
is run, no matter if the command is simply "docker -h". It makes
more sense to both locate the iptables command and check for the
wait flag support at the time iptables is actually used, as it
may not be used at all if certain network support is off/configured
differently.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Some calls like json.Encoder.Encode mask the number of bytes written to
an io.Writer. The solution provides a wrapper io.Writer around the
actual io.Writer that allows multiple calls to Write to be considered as
one and allow access to this count.
Signed-off-by: Pierre Wacrenier <pierre.wacrenier@gmail.com>
Also, this decouples the emptyfs script from the busybox one -- they're now functionally separate thanks to the scratch no-op change. 👍
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
unshare the mount namespace of the docker daemon to avoid other pids
outside the daemon holding mount references of docker containers.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Fixes#9629#9768
A couple of issues:
1) Volume config is not restored if we couldn't find it with the graph
driver, but bind-mounts would never be found by the graph driver since
they aren't in that dir
2) container volumes were only being restored if they were found in the
volumes repo, but volumes created by old daemons wouldn't be in the
repo until the container is at least started.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This systemd.exec setting will construct a new mount namespace for the
docker daemon, and use slave shared-subtree mounts so that volume mounts
propogate correctly into containers.
By having an unshared mount namespace for the daemon it ensures that
mount references are not held by other pids outside of the docker
daemon. Frequently this can be seen in EBUSY or "device or resource
busy" errors.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
This is literally the only failing test on Go 1.3.3: 🎉
```
--- FAIL: TestBuildWithTabs (0.43 seconds)
docker_cli_build_test.go:4307: Missing tabs.
Got:["/bin/sh","-c","echo\u0009one\u0009\u0009two"]
Exp:["/bin/sh","-c","echo\tone\t\ttwo"]
```
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
The assumption is not true if user specifies an IP address other than
the first IP, in that case the first IP address is never allocated to
any container.
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Addresses #5811
This cleans up an error in the logic which removes localhost resolvers
from the host resolv.conf at container creation start time. Specifically
when the determination is made if any nameservers are left after
removing localhost resolvers, it was using a string match on the word
"nameserver", which could have been anywhere (including commented out)
leading to incorrect situations where no nameservers were left but the
default ones were not added.
This also adds some complexity to the regular expressions for finding
nameservers in general, as well as matching on localhost resolvers due
to the recent addition of IPv6 support. Because of IPv6 support now
available in the Docker daemon, the resolvconf code is now aware of
IPv6 enable/disable state and uses that for both filter/cleaning of
nameservers as well as adding default Google DNS (IPv4 only vs. IPv4
and IPv6 if IPv6 enabled). For all these changes, tests have been
added/strengthened to test these additional capabilities.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
DM_UDEV_DISABLE_LIBRARY_FALLBACK is disabled by most applications today
when using device-mapper, and ensuring that device-mapper is in sync
with udev. This flag instructs devicemapper to not fallback to creating
the device nodes itself. In the case of udev sync not being supported,
devicemapper will attempt to create the devices in a timely manner,
regardless of udev.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
when initializing the devmapper driver, attempt to sync udev and device
mapper. If udev sync is not supported, print a warning. Eventually we'll
likely bail here to avoid unpredictable behavior for users.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Since "go test" doesn't seem to support "-installsuffix" as quite the same perfect solution that "go build" is happy to let it be, let's just switch those crappy old "integration/" tests to use our separate static dockerinit binary so we don't have to worry about compiling the entire test harness statically. 👍
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
See #10141 for more info, but the main point of this is to make sure
that if you do "docker run -e FOO ..." that FOO from the current env
is passed into the container. This means that if there's a value, its
set. But it also means that if FOO isn't set then it should be unset in
the container too - even if it has to remove it from the env. So,
unset HOSTNAME
docker run -e HOSTNAME busybox env
should _NOT_ show HOSTNAME in the list at all
Closes#10141
Signed-off-by: Doug Davis <dug@us.ibm.com>
Set lxc.auto.mount = proc:mixed in unprivilged mode. This ensures that lxc mounts sys and proc/sysrq-trigger as readonly.
Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
Docker-DCO-1.1-Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
To run shell(and not exit), lxc needs STDIN. Without STDIN open, it will exit 0.
Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
Fixes#9709
In cases where the volumes-from container is removed and the consuming
container is restarted, docker was trying to re-apply volumes from that
now missing container, which is uneccessary since the volumes are
already applied.
Also cleaned up the volumes-from parsing function, which was doing way more than
it should have been.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Fixes#10129
Makes the .dockercfg more human parsable.
Also cleaned up the (technically) racey login test.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Sending capability ids instead of capability names ot LXC for --cap-add and --cap-drop.
Also fixed tests.
Docker-DCO-1.1-Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
Fixes#9960
This adds the output of a "Backing Filesystem:" entry to `docker info`
to overlay, aufs, and devicemapper graphdrivers. The default list
includes a fairly complete list of common filesystem names from
linux/include/uapi/linux/magic.h, but if the backing filesystem is not
recognized, the code will simply show "<unknown>"
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Token cache prevents the need to get a new token for every registry interaction.
Since the tokens are short lived, the cache expires after only a minute.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
The v2 session code will no longer update the indexEndpoint value, therefore it is not necessary to save and restore the value for use with v1.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
While the v2 pull operation is writing the body of the layer blob to disk
it now computes the tarsum checksum of the archive before extracting it to
the backend storage driver. If the checksum does not match that from the
image manifest an error is raised.
Also adds more debug logging to the pull operation and fixes existing test
cases which were failing. Adds a reverse lookup constructor to the tarsum
package so that you can get a tarsum object using a checksum label.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Because docker core cannot vendor non-master Go dependencies, we need to remove
dependencies on registry package. The definition of digest.Digest has been
changed to a string and the regular expressions have been ported from
docker-registry/common library.
We'll likely change this be dependent on the registry in the future when the
API stabilizies and use of the master branch becomes the norm.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
This package, ported from next-generation docker regsitry, includes route and
error definitions. These facilitate compliant V2 client implementation. The
portions of the HTTP API that are included in this package are considered to be
locked down and should only be changed through a careful change proposal.
Descriptor definitions package layout may change without affecting API behavior
until the exported Go API is ready to be locked down.
When the new registry stabilizes and becomes the master branch, this package
can be vendored from the registry.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Registry authorization token is now taken from the response body rather than
the repsonse header.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
summary of changes:
registry/auth.go
- More logging around the login functions
- split Login() out to handle different code paths for v1 (unchanged logic)
and v2 (does not currently do account creation)
- handling for either basic or token based login attempts
registry/authchallenge.go
- New File
- credit to Brian Bland <brian.bland@docker.com> (github: BrianBland)
- handles parsing of WWW-Authenticate response headers
registry/endpoint.go
- EVEN MOAR LOGGING
- Many edits throught to make the coad less dense. Sparse code is more
readable code.
- slit Ping() out to handle different code paths for v1 (unchanged logic)
and v2.
- Updated Endpoint struct type to include an entry for authorization
challenges discovered during ping of a v2 registry.
- If registry endpoint version is unknown, v2 code path is first attempted,
then fallback to v1 upon failure.
registry/service.go
- STILL MOAR LOGGING
- simplified the logic around starting the 'auth' job.
registry/session.go
- updated use of a registry.Endpoint struct field.
registry/token.go
- New File
- Handles getting token from the parameters of a token auth challenge.
- Modified from function written by Brian Bland (see above credit).
registry/types.go
- Removed 'DefaultAPIVersion' in lieu of 'APIVersionUnknown = 0'`
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Make sure that as we build the CMD/ENTRYPOINT cache strings that we don't
treat ["echo","hi"] and ["echo hi"] as the same thing due to the fact that
we're just doing a strcat on the array.
Closes#10097
Signed-off-by: Doug Davis <dug@us.ibm.com>
The documentation on `docker export` doesn't mention that
data in volumes is not included in the export.
This adds a note that volumes are not part of the export
and refers to the "Backup, restore, or migrate data volumes"
to give the user some pointers.
Relates to https://github.com/docker/docker/issues/10095
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Under the restart policy "--restart=no", there is no record about it
in the information from docker inspect.
To keep it consistent around the three(maybe more in the future) restart
policies and distinguish with no restart policy specified cases, it's
worth to record it even though it is the default restart policy which
will not restart the container.
Signed-off-by: Hu Keping <hukeping@huawei.com>
Adjust builder to validate that JSON in Dockerfiles are arrays of strings and nothing else to match how we describe them to people (and what all our existing tests already assumed)
Tests no longer make the assumption that the daemon can be accessed
through unix:///var/run/docker.sock.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Add a --readonly flag to allow the container's root filesystem to be
mounted as readonly. This can be used in combination with volumes to
force a container's process to only write to locations that will be
persisted. This is useful in many cases where the admin controls where
they would like developers to write files and error on any other
locations.
Closes#7923Closes#8752
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
We want to be able to use container without the PID namespace. We basically
want containers that can manage the host os, which I call Super Privileged
Containers. We eventually would like to get to the point where the only
namespace we use is the MNT namespace to bring the Apps userspace with it.
By eliminating the PID namespace we can get better communication between the
host and the clients and potentially tools like strace and gdb become easier
to use. We also see tools like libvirtd running within a container telling
systemd to place a VM in a particular cgroup, we need to have communications of the PID.
I don't see us needing to share PID namespaces between containers, since this
is really what docker exec does.
So currently I see us just needing docker run --pid=host
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Fixes: #9860
Fixes: detach and attach tty mode
We never actually need to close container `stdin` after `stdout/stderr` finishes. We only need to close the `stdin` goroutine. In some cases this also means closing `stdin` but that is already controlled by the goroutine itself.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This refactors the starting work by the prior commits to make this safe
for access. A maximum of 5 worker go routines are started to lookup
images on the endpoint. Another go routine consumes the images that are
required to be pushed into a map for quick lookups. The map is required
because the pushing of the image json and layer have to be done in the
correct order or the registry will explode in fire.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
The "or rename" part was removed from the error-message,
because renaming wasn't possible at the time.
Now that https://github.com/docker/docker/pull/8570 is merged,
renaming existing containers is possible.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
If an error message happens while parsing docker run or docker exec, the message
is not being printed out.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Since the failure count of container will increase by 1 every time it
exits successfully, the compare in function shouldRestart() will stop
container to restart by the last time.
Signed-off-by: Hu Keping <hukeping@huawei.com>
Many iterations have gone into documenting a v1 specification of Docker's Image
format.
v1 Image spec: clarify parent field
- metalivedev pointed out that the description was ambiguous, so I've removed
mention that it was randomly generated. It IS the ID of the parent image.
Updated v1 image specificatino documentation
- More complete details and deprication notifications for each field
in the JSON metadata of an image.
- Details on the format for packaging combined Image JSON + Filesystem
Changeset archives for all layers of an image.
Clarify description of an image "Layer" in v1 spec
Updated intro of image v1 spec
Updated image v1 spec after more review
- Removed description of "Image" from the terminology section. The entire
document is meant to serve this purpose.
- Updated the definition of "Image Filesystem Changeset".
- Clarified the level of randomness needed for generating image IDs.
- Updated the description of "Image Checksum".
- Added term descriptions for "Repository" and "Tag"
- Removed extraneous/implementation-specific fields from the Image JSON
example file and field descriptions:
- removed "container_config" and "docker_version" fields.
- Added missing "author" field example and description.
- Removed extraneous/implementation-specific fields from the "config" struct
example and description:
- removed "Hostname", "Domainname", "Cpuset", "AttachStdin", "AttachStdout",
"AttachStderr", "PortSpecs", "Tty", "OpenStdin", "StdinOnce", "Image",
"NetworkDisabled", and "OnBuild".
- Updated example Image JSON config with better example values for "Env",
"Cmd", "Volumes", "WorkingDir", "Entrypoint", "CpuShares", "Memory",
"MemorySwap", and "User".
- Added notices that any fields not specified are to be considered as
implementation specific and should be ignored my implementations which
are unable to interpret them.
- Updated example of creating layer filesystem changesets to use less formal
language.
- Listed more details in the section regarding extraction of a bundle of image
layers into the root filesystem of a container.
- Updated the closing mention of Docker as an evolving implementation.
More updates to the v1 image spec
- Added line wrapping after 80 columns per line to adhere to documentation
style guides, as pointed out by @jamtur01
- Removed references to any specific docker commands, updated a few descriptions
or drop repeated statements, as pointed out by @cpuguy83
Cleanup image v1 spec draft after fredlf comments
Address comments by mmdriley on v1 image spec
Improve description of image v1 spec 'config.User`
- Improves description of image v1 specification for the 'User' runtime
parameter after recomendations by tianon.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
There are a couple of drivers that swallow errors that may occur in
their Put() implementation.
This changes the signature of (*Driver).Put for all the drivers implemented.
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
to docs.master.dockerproject.com.
- Make the invaidation profile the bucket variable, not hard coded.
- Add no cache variable for settings cache to "no-cache"
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jess@docker.com> (github: jfrazelle)
This fixes the container start issue for containers which were started
on a daemon prior to the resolv.conf updater PR. The update code will
now safely ignore these containers (given they don't have a sha256 hash
to compare against) and will not attempt to update the resolv.conf
through their lifetime.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
This refactors version number usage for several of our "download/install this exact version" bits so we have an easier time replacing the version numbers in Jenkins.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Presenly the "Data file:" shows either the loopback _file_ or the block device.
With this, the "Data file:" will always show the device, and if it is a
loopback, then there will additionally be a "Data loop file:".
(Same for "Metadata file:")
Signed-off-by: Vincent Batts <vbatts@redhat.com>
`uint64(buf.Type)` on i686 is ffffffff9123683e on i686 due to sign extension, so it cannot be compared with `FsMagic(0x9123683E)`
Signed-off-by: Andrii Melnykov <andy.melnikov@gmail.com>
Passing RepositoryInfo to ResolveAuthConfig, pullRepository, and pushRepository
Moving --registry-mirror configuration to registry config
Created resolve_repository job
Repo names with 'index.docker.io' or 'docker.io' are now synonymous with omitting an index name.
Adding test for RepositoryInfo
Adding tests for opts.StringSetOpts and registry.ValidateMirror
Fixing search term use of repoInfo
Adding integration tests for registry mirror configuration
Normalizing LookupImage image name to match LocalName parsing rules
Normalizing repository LocalName to avoid multiple references to an official image
Removing errorOut use in tests
Removing TODO comment
gofmt changes
golint comments cleanup. renaming RegistryOptions => registry.Options, and RegistryServiceConfig => registry.ServiceConfig
Splitting out builtins.Registry and registry.NewService calls
Stray whitespace cleanup
Moving integration tests for Mirrors and InsecureRegistries into TestNewIndexInfo unit test
Factoring out ValidateRepositoryName from NewRepositoryInfo
Removing unused IndexServerURL
Allowing json marshaling of ServiceConfig. Exposing ServiceConfig in /info
Switching to CamelCase for json marshaling
PR cleanup; removing 'Is' prefix from boolean members. Removing unneeded json tags.
Removing non-cleanup related fix for 'localhost:[port]' in splitReposName
Merge fixes for gh9735
Fixing integration test
Reapplying #9754
Adding comment on config.IndexConfigs use from isSecureIndex
Remove unused error return value from isSecureIndex
Signed-off-by: Don Kjer <don.kjer@gmail.com>
Adding back comment in isSecureIndex
Signed-off-by: Don Kjer <don.kjer@gmail.com>
Only modifies non-running containers resolv.conf bind mount, and only if
the container has an unmodified resolv.conf compared to its contents at
container start time (so we don't overwrite manual/automated changes
within the container runtime). For containers which are running when
the host resolv.conf changes, the update will only be applied to the
container version of resolv.conf when the container is "bounced" down
and back up (e.g. stop/start or restart)
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
It seems odd to have such an important API hidden under 'misc'.
While in there I noticed that during the "-f Dockerfile" PR I changed
the query param from f to dockerfile and missed this one spot in the docs.
Signed-off-by: Doug Davis <dug@us.ibm.com>
w/o this one-liner the v1.17 docs didn't appear in the Reference dropdown
and I would get a 404 when I tried to access
.../reference/api/docker_remote_api_v1.17/
Not sure if there are other spots that need to be fixed but this seemed to
fix it for me.
Signed-off-by: Doug Davis <dug@us.ibm.com>
The cli now doesn't echo the container ID when started using either -a
or -i. Also fixes `TestStartAttachCorrectExitCode` which incorrectly
called start with the result of wait rather than the container ID.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Add a check to make sure Dockerfile is in the build context
Add docs and a testcase
Make -f relative to current dir, not build context
Signed-off-by: Doug Davis <dug@us.ibm.com>
If .dockerignore mentions either then the client will send them to the
daemon but the daemon will erase them after the Dockerfile has been parsed
to simulate them never being sent in the first place.
an events test kept failing for me so I tried to fix that too
Closes#8330
Signed-off-by: Doug Davis <dug@us.ibm.com>
Usage string isn't printed anymore. User is adviced to see help instead
- according to coreutils standard.
Signed-off-by: Michal Minar <miminar@redhat.com>
Ignoring return value of ParseFlags leads to exit code 0 if bad
arguments are supplied. This patch makes sure that subcommands exit
with non-zero code in such a case.
Signed-off-by: Michal Minar <miminar@redhat.com>
* Do not log bad options error message twice, e.g.:
$ docker run --pouet
flag provided but not defined: --pouet
See 'docker run --help'.
2014/11/05 21:41:23 flag provided but not defined: --pouet
With this patch just the first two lines will be produced.
* Print 'docker' just once when run without a command, e.g.:
$ docker --hel
flag provided but not defined: --hel
See 'docker docker --help'.
Signed-off-by: Michal Minar <miminar@redhat.com>
--help and help are successful commands so output should not go to error.
QE teams have requested this change, also users doing docker help | less
or docker run --help | less would expect this to work.
Usage statement should only be printed when the user asks for it.
Errors should print error message and then suggest the docker COMMAND --help
command to see usage information.
The current behaviour causes the user to have to search for the error message
and sometimes scrolls right off the screen. For example a error on a
"docker run" command is very difficult to diagnose.
Finally erros should always exit with a non 0 exit code, if the user
makes a CLI error.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Function shouldRestart() checks the restart policy and records the
debug info and there should be two arguments in the log.Debugf().
Prior to the this patch, the logs were something like this:
- client: $ docker run --restart=on-failure:3 ubuntu /bin/sh -c 'exit 1'
- daemon: INFO[0168] ...
DEBU[0168] stopping restart of container %!s(int=3) because maximum
failure could of %!d(MISSING) has been reached
INFO[0086] ...
Btw, fix a spelling error in the same file:
- cotnainer -> container
----------------------------------------
Signed-off-by: Hu Keping <hukeping@huawei.com>
Also makes streamConfig Pipe methods not return error, since there was
no error for them to be able to return anyway.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This also adds more tests to help verify this, including unicode and nonprintable characters (hence the earlier commit switching to strconv.Quote).
As a bonus, this fixes a subtle bug where [] was turned into [""] and then turned back into [] (and thus [""] was impossible to actually round-trip correctly in a Dockerfile).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
This is:
git format-patch -1 --stdout HEAD \
| patch -p1 docs/sources/reference/api/docker_remote_api_v1.*.md
Applying the changes I initially made on the docs for v1.15 to all
other versions led to acceptable results.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
Copyright notices must reflect the current year. This commit updates the listed year to 2015 with a starting year of 2013 from
a27b4b8cb8
Docker-DCO-1.1-Signed-off-by: Patrick Stapleton <github@gdi2290.com> (github: gdi2290)
Using --insecure is (you guessed it) *insecure* as the server side
certificate is not being validated. To offer the same degree of
security as invocations of the docker client in "Secure by default"
with cURL, the trusted CA certificate must be supplied.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
With -CAcreateserial the serial file will be automatically created
and initialized if it is missing.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
syscall.Unmount failed sometimes when user interrupted exporting,
for example a Ctrl-C, or pipe to commands which closed the pipe early,
like "docker export <container_name> | file -"; this syscall.Unmount
could sometimes return EBUSY and didn't actually umount the filesystem;
which would cause a following export command fail to mount;
change to lazy Unmount with MNT_DETACH can fix the problem, this is
the same behavior as in Shutdown;
```text
time="2015-01-03T21:27:26Z" level=error msg="Warning: error unmounting device
34a3e77cdbca17ceffd0636aee0415bb412996adb12360bfe2585ce30467fa8e: device or resource busy"
```
```
$ docker export thirsty_ardinghelli | file -
/dev/stdin: POSIX tar archive
time="2015-01-03T21:58:17Z" level=fatal msg="write /dev/stdout: broken pipe"
$ docker export thirsty_ardinghelli
time="2015-01-03T21:54:33Z" level=fatal msg="Error: thirsty_ardinghelli: Error getting container
34a3e77cdbca17ceffd0636aee0415bb412996adb12360bfe2585ce30467fa8e from driver devicemapper:
Error mounting '/dev/mapper/docker-253:0-3148372-34a3e77cdbca17ceffd0636aee0415bb412996adb12360bfe2585ce30467fa8e'
on '/var/lib/docker/devicemapper/mnt/34a3e77cdbca17ceffd0636aee0415bb412996adb12360bfe2585ce30467fa8e': device or resource busy"
```
Signed-off-by: Derek Che <drc@yahoo-inc.com>
Fixed:
* Invalid JSON
* Inconsistent spacing at colon
Expression for binary data streams (line 468 vs. 1474) remain inconsistent.
Could fix that too, if you like.
Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
This introduces a sort order for options:
Arrange options sorted alphabetically by long name with the short
options immediately following their corresponding long form.
Signed-off-by: Harald Albers <github@albersweb.de>
Moves some information around, expanding information on
user namespaces, pull/load security, cap add/drop.
Also includes various grammar improvements and edits.
Signed-off-by: Eric Windisch <eric@windisch.us>
This way, we can embed the link/description lines directly in the array itself, conflicts between PRs to this section are minimized, new PRs are easier to review, and it's a lot easier to notice when people are missing a link/description (like the few that currently are).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
This file is one APT creates to make sure we don't "autoremove" our currently in-use kernel, which doesn't really apply to debootstraps/Docker images that don't even have kernels installed.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
This fixes the issue where an lxc.conf override of lxc.network.ipv4 was not being honored.
Docker-DCO-1.1-Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
This commit contains changes for docker:
* user.GetGroupFile to user.GetGroupPath docker/libcontainer#301
* Add systemd support for OOM docker/libcontainer#307
* Support for custom namespaces docker/libcontainer#279, docker/libcontainer#312
* Fixes#9699docker/libcontainer#308
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
This changes the error message that is returned by the daemon when
a container-name already exists.
The old message suggests that containers can be renamed, which is
currently not possible.
To prevent confusion, the part "(or rename)" is removed from
the error-message.
Message before this change;
FATA[0000] Error response from daemon: Conflict, The name foobar is already assigned to 728ac36fb0ab. You have to delete (or rename) that container to be able to assign foobar to a container again.
Message after this change;
FATA[0000] Error response from daemon: Conflict. The name 'foobar' is already in use by container 728ac36fb0ab. You have to delete that container to be able to reuse that name.
Relates to: https://github.com/docker/docker/issues/3036
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
People might find it hard to find the newer/related Docker projects,
especially when they're just github issues. So, while I would have
preferred to have this at http://github.com/docker, I couldn't find
a doc to edit to make that happen, so this is the next best spot.
Signed-off-by: Doug Davis <dug@us.ibm.com>
If `--insecure-registry mydomain.com` was specified, it would match a registry at mydomain.com on any port.
This was accidentally added in #9735 and is now being reverted.
Signed-off-by: Tibor Vass <teabee89@gmail.com>
- move docker/docker-py clone to the Dockerfile
- put "integration test daemon startup" code in a separate file for both scripts to source
- add new test-docker-py Makefile target
- include "python-websocket" package in Dockerfile for running the tests
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Because the patch is not in 1.4, the v1.16 docs shouldn't have been
updated. Docs were promoted to v1.17 by #9742.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
There has been a lot of discussion (issues 4242 and 5262) about making
`FROM scratch` either a special case or making `FROM` optional, implying
starting from an empty file system.
This patch makes the build command `FROM scratch` special cased from now on
and if used does not pull/set the the initial layer of the build to the ancient
image ID (511136ea..) but instead marks the build as having no base image. The
next command in the dockerfile will create an image with a parent image ID of "".
This means every image ever can now use one fewer layer!
This also makes the image name `scratch` a reserved name by the TagStore. You
will not be able to tag an image with this name from now on. If any users
currently have an image tagged as `scratch`, they will still be able to use that
image, but will not be able to tag a new image with that name.
Goodbye '511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158',
it was nice knowing you.
Fixes#4242
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
To avoid an expensive call to archive.ChangesDirs() which walks two directory
trees and compares every entry, archive.ApplyLayer() has been extended to
also return the size of the layer changes.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
This clones and run the integration tests for docker-py master as part
of the integration tests created on master. docker-py hits the api
directly and should be a good way to identify regressions in the api.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This commit is patch for following comment
// TODO: This method should return the errors instead of masking them and returning false
Signed-off-by: Daehyeok Mun <daehyeok@gmail.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
As we move forward on automating our pull request review process and
tooling these exceptions hurt more than they help. For consistency we
should not allow small patch exceptions for anything. The source of
truth going forward for DCO and builds are the official drone status on
each pull request.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Fixes#6647: Other upstart jobs that depend on docker by specifying
"start on started docker" would often start before the docker daemon was
ready, so they'd fail with "Cannot connect to the Docker daemon" or
"dial unix /var/run/docker.sock: no such file or directory".
This is because "docker -d" doesn't daemonize, it runs in the
foreground, so upstart can't know when the daemon is ready to receive
incoming connections. (Traditionally, a daemon will create all necessary
sockets and then fork to signal that it's ready; according to @tianon
this "isn't possible in Go"[1]. See also [2].)
Presumably this isn't a problem with systemd init with its socket
activation. The SysV init scripts may or may not suffer from this
problem but I have no motivation to fix them.
This commit adds a "post-start" stanza to the upstart configuration
that waits for the socket to be available. Upstart won't emit the
"started" event until the "post-start" script completes.[3]
Note that the system administrator might have specified a different path
for the socket, or a tcp socket instead, by customising
/etc/default/docker. In that case we don't try to figure out what the
new socket is, but at least we don't wait in vain for
/var/run/docker.sock to appear.
If the main script (`docker -d`) fails to start, the `initctl status
$UPSTART_JOB | grep -q "stop/"` line ensures that we don't loop forever.
I stole this idea from Steve Langasek.[4]
If for some reason we *still* end up in an infinite loop --I guess
`docker -d` must have hung-- then at least we'll be able to see the
"Waiting for /var/run/docker.sock" debug output in
/var/log/upstart/docker.log.
I considered using inotifywait instead of sleep, but it isn't worth
the complexity & the extra dependency.
[1] https://github.com/docker/docker/issues/6647#issuecomment-47001613
[2] https://code.google.com/p/go/issues/detail?id=227
[3] http://upstart.ubuntu.com/cookbook/#post-start
[4] https://lists.ubuntu.com/archives/upstart-devel/2013-April/002492.html
Signed-off-by: David Röthlisberger <david@rothlis.net>
This tests ensures that the content from a dir within a build is carried
over even if VOLUME for that dir is specified in the Dockerfile. This
test ensures this long standing functionality.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
_docker_run and _docker_create had only one differing line.
This refactoring features:
- direct completion for both commands to the same function
- factor out the common arguments, sort & format them nicely
- compute the argument for _docker_pos_first_nonflag.
Signed-off-by: Harald Albers <github@albersweb.de>
When we use the engine/env object we can run into a situation where
a string is passed in as the value but later on when we json serialize
the name/value pairs, because the string is made up of just numbers
it appears as an integer and not a string - meaning no quotes. This
can cause parsing issues for clients.
I tried to find all spots where we call env.Set() and the type of the
name being set might end up having a value that could look like an int
(like author). In those cases I switched it to use env.SetJson() instead
because that will wrap it in quotes.
One interesting thing to note about the testcase that I modified is that
the escaped quotes should have been there all along and we were incorrectly
letting it thru. If you look at the metadata stored for that resource you
can see the quotes were escaped and we lost them during the serialization
steps because of the env.Set() stuff. The use of env is probably not the
best way to do all of this.
Closes: #9602
Signed-off-by: Doug Davis <dug@us.ibm.com>
This test tests nothing because of error in cmd, where "echo 'should
fail'" passed as binary. Also this test directly contradicts
documentation and current daemon behavior.
Fixes#7826
Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
When the user is not using the full has to retrieve a container it's
possible that we find conflicts with the ids of other containers.
At the moment it's just failing saying that it can not find a container,
but it doesn't say why. Adding a small log saying that duplicates where
found is going to help the user.
Closes#8098
Signed-off-by: Alex Gonzalez <agonzalezro@gmail.com>
Fixed a missing link and a few small formatting issues. Also deleted 1.3 notes as originally intended.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
This tests ensures that the content from a dir within a build is carried
over even if VOLUME for that dir is specified in the Dockerfile. This
test ensures this long standing functionality.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
He is unfortunately out of power and internet because of storms :(
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jess@docker.com> (github: jfrazelle)
This patch fixes the permission fixing code used by addContext, which
would not be responsible for Lchown-ing top-level directories added to a
destination that didn't exist prior to untar-ing the context.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
I was confused earlier when I did:
```
docker push localhost.localdomain:1234/foo
```
Because docker told me:
```
No such id: localhost.localdomain:1234/foo
```
I actually had buried in my mind the solution to this, but the error
message
confused me because I had recently had some fun trying to get the
registry
working and therefore thought it was telling me that I didn't have an
account
on the registry.
This pull request makes it unambiguous that the error is that the
specified
image is unknown.
/cc @cpuguy83
Docker-DCO-1.1-Signed-off-by: Peter Waller <p@pwaller.net> (github: pwaller)
Sometimes rm begins before process death, but Kill called already after
it, so we get error - no such process.
Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
Incase of a 3xx redirect the var was being overshowed and ever changed
causing an infinite loop.
Fixes#9480
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Forbid `docker run -t` with a redirected stdin (such as `echo test |
docker run -ti busybox cat`). Forbid `docker exec -t` with a redirected
stdin. Forbid `docker attach` with a redirect stdin toward a tty enabled
container.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Properly CloseWrite() the client socket once done with stdin when using
TLS connection (this used to rely on an erroneous type assertion).
Fixes#8658.
Fixes#8642.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Signed-off-by: Michael Crosby <crosby.michael@gmail.com>
This makes sure that we don't buffer in memory and that we also flush
stdin from diff as well as untar.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Conflicts:
pkg/chrootarchive/diff.go
This makes sure that we don't buffer in memory and that we also flush
stdin from diff as well as untar.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Copying the entire docker service file isn't necessary to add an
environment variable, instead use a drop-in configuration file. The nice
side-effect is that the user gets any vendor updates to the
docker.service file.
Signed-off-by: Brandon Philips <brandon.philips@coreos.com>
If two interrupts were fired really quickly interruptCount could have been incremented twice before the LoadUint32 making cleanup not being called at all.
Signed-off-by: Erik Dubbelboer <erik@dubbelboer.com>
This adds the docker daemon's root directory to docker info when running
in debug mode. This allows the user to view the root directory where
docker is writing and storing state.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Update the webhook JSON payloads to real ones,
and show there is a difference between an automated build webhook payload and a normal repo payload
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
Signed-off-by: Sven Dowideit <SvenDowideit@docker.com>
Permissions after an ADD or COPY build instructions are now restricted
to the scope of files potentially modified by the operation rather than
the entire impacted tree.
Fixes#9401.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
I've re-jigged the run man page so that each option's text begins with the
cli's help text for that flag, and then ay subsequent lines in the man page
are carried forward.
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Right now 'docker build' will send:
Sending build context to Docker daemon
to stderr, instead of stdout. This PR fixes that.
I looked in the rest of api/client/commands.go for other cases
that might do this and only one jumped out at me:
https://github.com/docker/docker/blob/master/api/client/commands.go#L2202
but I think if I changed that to go to stdout then it'll mess people up
who are expecting just the container ID to be printed to the screen and
there is no --quiet type of flag we can check.
Closes#9404
Signed-off-by: Doug Davis <dug@us.ibm.com>
The installation guide for EC2 is outdated, as the current version of Amazon Linux (2014.09) is now Docker ready. No need to go through the manual route anymore. The official AMI has Docker packages in the repository now (this was the 'pre-release' option in the outdated instructions).
Docker-DCO-1.1-Signed-off-by: David Mat <david@davidmat.com> (github: davidmat)
The code no longer assumes a net.TCPConn underlying the HTTP connection
in order to close attached streams.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Another update to TarSum tests, this patch fixes an issue where
the benchmarks were generating archives incorrectly by not closing
the tarWriter.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
With 32ba6ab from #9261, TempArchive now closes the underlying file and
cleans it up as soon as the file's contents have been read. When pushing
an image, PushImageLayerRegistry attempts to call Close() on the layer,
which is a TempArchive that has already been closed. In this situation,
Close() returns an "invalid argument" error.
Add a Close method to TempArchive that does a no-op if the underlying
file has already been closed.
Signed-off-by: Andy Goldstein <agoldste@redhat.com>
These two cases did not actually read the same content with each iteration
of the benchmark. After the first read, the buffer was consumed. This patch
corrects this by using a bytes.Reader and seeking to the beginning of the
buffer at the beginning of each iteration.
Unfortunately, this benchmark was not actually as fast as we believed. But
the new results do bring its results closer to those of the other benchmarks.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Use transaction logic during device deletion and do rollback if transaction
is not complete. Following is the sequence of events.
- Open transaction and save to metafile
- Delete device from pool
- Delete device metadata file from disk
- Close Transaction
If docker crashes without closing transaction then rollback will take
place upon next docker start.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Finally this patch uses the notion of transaction for device or snapshot
device creation.
Following is sequence of event.
- Open a trasaction and save details in a file.
- Create a new device/snapshot device
- If a new device id is used, refresh transaction with new device id details.
- Create device metadata file
- Close transaction.
If docker crashes anywhere in between without closing transaction, then
upon next start, docker will figure out that there was a pending transaction
and it will roll back transaction. That is it will do following.
- Delete Device from pool
- Delete device metadata file
- Remove transaction file to mark no transaction is pending.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Finally, we seem to have all the bits to keep track of all used device
Ids and find a free device Id to use when creating a new device. Start
using it.
Ideally we should completely move away from retry logic when pool returns
-EEXISTS. For now I have retained that logic and I simply output a warning.
When things are stable, we should be able to get rid of it.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Open code createDevice() and createSnapDevice() and move all the logic
in the caller.
This is a sheer code reorganization so that all device Id allocation
logic is in one function. That way in case of erros, one can easily
cleanup and mark device Id free again. (Later patches benefit from
it).
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Right now we are accessing devices.NextDeviceId directly and also
incrementing it at various places.
Instead provide a helper function which is responsile for
incrementing NextDeviceId and return next deviceId.
This is just code structuring. This will help later once we
convert this function to find a free device Id and it goes
through a bitmap of used/free device Ids.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
When docker starts, build a used/free Device Id map from the per
device meta files we already have. These meta files have the data
which device Ids are in use. Parse these files and mark device as
used in the map.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Currently devicemapper backend does not keep track of used device Ids in
the pool. It tries a device Id and if that device Id exists in pool, it
tries with a different Id and keeps on doing this in a loop till it succeeds.
This worked fine so far but now we are moving to transaction based
device creation and deletion. We will keep deviceId information in
transaction which will be rolled back if docker crashed before transaction
was complete.
If we store a deviceId in transaction and later figure out it already
existed in pool and docker crashed, then we will rollback and remove
that existing device Id from pool (which we should not have).
That means, we should know free device Id in pool in advance before
we put that device Id in transaction.
Hence this patch creates a bitmap (one bit each for a deviceId), and
sets the bit if device Id is used otherwise resets it. This patch
is just preparing the ground right now. Actual usage will follow
in later patches.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Right now setupBaseImage() uses deleteDevice() to delete uninitialized
base image while rest of the code uses DeleteDevice(). Change it and
use a common function everywhere for the sake of uniformity.
I can't see what harm can be done by doing little extra locking done
by DeleteDevice().
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Very soon we will have the notion of an open transaction and keep its
details in a metafile.
When a new transaction is opened, we allocate a new transaction Id,
do the device creation/deletion and then we will close the transaction.
I thought that OpenTransactionId better represents the semantics of
transaction Id associated with an open transaction instead of NewtransactionId.
This patch just does the renaming. No functionality change.
I have also introduced a structure "Transaction" which will keep all
the details associated with a transaction. Later patches will add more
fields in this structure.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Currently new transaction Id is created using allocateTransactionId()
function. This function takes NewTransactionId and bumps up by one
to create NewTransactionId.
I think ideally we should be bumping up devices.TransactionId by 1
to come up with NewTransactionId. Because idea is that devices.TransactionId
contains the current pool transaction Id and to come up with a new
transaction Id bump it up by one.
Current code is not wrong as we are keeping NewTransactionId and
TransactionId in sync. But it will be more direct if we look at
devices.TransactionId to come up with NewTransactionId. That way
we don't have to even initialize NewTransactionId during startup
as first time somebody wants to do a transaction, it will be
allocated fresh.
So simplify the code a bit. No functionality change.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Currently updatePoolTransactionId() checks if NewTransactionId and
TransactionId are not same only then update the transaction Id in pool. This
check is redundant. Currently we call updatePoolTransactionId() only from
two places and both of these first allocate a new transaction Id.
Also updatePoolTransactionId() should only be called after allocating
new transaction Id otherwise it does not make any sense.
Remove the redundant check and reduce confusion.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Create two new helper functions for device and snap device creation. These
functions will not only create the device and also register the device.
Again, makes the code structure better and keeps all transaction logic
contained to functions instead of spilling over into functions like
setupBaseImage or AddDevice().
Just the code reorganization. No functionality change.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Currently registerDevice() adds a device to in-memory table, saves metadata
and also updates the pool transaction ID.
Now move transaciton Id update out of registerDevice() and provide a new
function unregisterDevice() which does the reverse of registerDevice().
This will simplify some code down the line and make it more structured.
This is just code reorganization and should not change functionality.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Currently devicemapper CreateDevice and CreateSnapDevice keep on retrying
device creation till a suitable device id is found.
With new transaction mechanism we need to store device id in transaction
before it has been created.
So change the logic in such a way that caller decides the devices Id to
use. If that device Id is not available, caller bumps up the device Id
and retries.
That way caller can update transaciton too when it tries a new Id. Transaction
related patches will come later in the series.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
When we are deleting a device, we also delete associated metadata file. If
that file removal fails, we are adding back the device in in-memory
table. I really can't see what's the point. When next lookup takes place
it will be automatically loaded if need be. Remove that code.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Right now initMetaData() first queries the pool for current transaciton Id
and then it migrates the old metafile.
Move pool transaction Id query and file migration in separate functions
for better code reuse and organization.
Given we have removed device transaction Id dependency from saveMetaData(),
we don't have to query pool transaction Id before migrating files.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Right now saveMetaData() is kind of little overloaded function. It is
supposed to save file metadata to disk. But in addition if user has
bumped up NewTransactionId before calling saveMetaData(), then it will
also update the transaction ID in pool.
Keep saveMetaData() simple and let it just save the file. Any update
of pool transaction ID is done inline in the code which needs it.
Also create an helper function updatePoolTransactionId() to update pool
transaction Id.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Remove call to allocateTransactionId() during device removal. This seems to
be unnecessary and it is not clear what this call is doing.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Again, just because device transaction id is greater than pool transaction
id, it does not guarantee that device is in the pool. So do not check
of this during loading of device metadata.
Docker needs to deal with it. And device activation will fail when we try
to activate a device for whom metafile is present but there is no device
in the pool.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Current code is associating a transaction id with each device and if pool
transaction id is greater that value, then current code assumes that device
is there in pool.
Transaction id of pool is a mechanism so that during device creation and
removal one can define a transaction and during startup figure out if
transaction was complete or not. I think we are using transaction id
throughout the code little inappropriately.
For example, if a device is being deleted, it is possible that we deleted
the device from pool but before we could delete metafile docker crashed.
When docker comes back it will think that device is in the pool (due to
device transaction id being less than pool transaction id) but device
is not in the pool.
Similary, it could happen that some data in the pool is corrupted and
during pool repair some devices are lost (without docker knowing about
it). In that case tool pool transaction id will be higher than device
transaction id and there are no guaratees that device is actually in
the pool.
So move away from this model where we think that a device is in pool if pool
transaction id is greater than device transaction Id. Per device
transaction Id just says that after device creation this should be pool's
transaction Id and nothing more.
Transaction id is per pool property (as opposed to per device property) and
will be used internally to figure out if last transaction was complete or
not and recover from failure during docker startup.
If for some reason metafile is present but device is not in pool, then
device activation will fail later.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Documented --storage-opt=[] option in man page. Content taken from:
daemon/graphdriver/devmapper/README.md
Signed-off-by: Michal Minar <miminar@redhat.com>
Docker-DCO-1.1-Signed-off-by: Michal Minar <miminar@redhat.com> (github: SvenDowideit)
Current description is misleading. It make an impression the --icc=false
prevents containers to talk with each other.
Signed-off-by: Michal Minar <miminar@redhat.com>
Docker-DCO-1.1-Signed-off-by: Michal Minar <miminar@redhat.com> (github: SvenDowideit)
I noticed that 3 of the tarsum test cases had expected a tarsum with
a sha256 hash of
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
As I've been working with sha256 quite a bit lately, it struck me that
this is the initial digest value for sha256, which means that no data
was processed. However, these tests *do* process data. It turns out that
there was a bug in the test handling code which did not wait for tarsum
to end completely. This patch corrects these test cases.
I'm unaware of anywhere else in the code base where this would be an issue,
though we definitily need to look out in the future to ensure we are
completing tarsum reads (waiting for EOF).
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Since Linux 3.18-rc6, overlayfs has been renamed overlay.
This change was introduced by the following commit in linux.git:
ef94b1864d1ed5be54376404bb23d22ed0481feb ovl: rename filesystem type to "overlay"
Signed-off-by: Lénaïc Huard <lhuard@amadeus.com>
Properly CloseWrite() the client socket once done with stdin when using
TLS connection (this used to rely on an erroneous type assertion).
Fixes#8658.
Fixes#8642.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Signed-off-by: Michael Crosby <crosby.michael@gmail.com>
Sometimes other programs can bind on ports from our range, so we just
skip this ports on allocation.
Fixes#9293
Probably fixes#8714
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Prior to this patch, one would get the output of docker inspect xxx
as below:
user@server:/mnt$ docker inspect ubuntu
[{
"Architecture": "amd64",
...
"VirtualSize": 199257566
}
]user@server:/mnt$
The last ']' was on the same line with the prompt, i wonder if it is
really what we want it be, it is a little weird, so i add a '\n' to it.
Signed-off-by: Hu Keping <hukeping@huawei.com>
Updated the documentation to cover the installation of Docker on
openSUSE and on SUSE Linux Enterprise.
Docker-DCO-1.1-Signed-off-by: Flavio Castelli <fcastelli@suse.com> (github: flavio)
The documentation for EXPOSE seems to indicate, that EXPOSE is only relevant in
the context of links, which is not the case.
Signed-off-by: Jacob Atzen <jatzen@gmail.com>
Current implementation is comingling things that ought not be together.
There are _some_ similarities between parsing for the different proto
types, but they are more different than alike, making the code extremely
difficult to reason about.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Currently this content gets a system label and is not writable based on
SELinux controls. This patch will set the labels to the correct label.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
The -n and --networking options were removed because they are
unsupported.
Bash completion should not reveal the existence of otherwise
undocumented unsupported options.
Signed-off-by: Harald Albers <github@albersweb.de>
This reverts commit 967a42f116.
Signed-off-by: Tatsushi Inagaki <e29253@jp.ibm.com>
Roll back the change to fix the parameter of HumanSize from int64 to float64
This moves the IsGIT and IsURL functions out of the generic `utils`
package and into their own `urlutil` pkg.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Signed-off-by: Tibor Vass <teabee89@gmail.com>
Conflicts:
pkg/archive/archive.go
fixed conflict which git couldn't fix with the added BreakoutError
Conflicts:
pkg/archive/archive_test.go
fixed conflict in imports
These settings need to be in the HostConfig so that they are not
committed to an image and cannot introduce a security issue.
We can safely move this field from the Config to the HostConfig
without any regressions because these settings are consumed at container
created and used to populate fields on the Container struct. Because of
this, existing settings will be honored for containers already created
on a daemon with custom security settings and prevent values being
consumed via an Image.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Conflicts:
daemon/create.go
changing config to hostConfig was required to fix the
build
This ensures that ServerAddress is set, while previously it was getting
set after configFile.Configs.
Signed-off-by: Vaidas Jablonskis <jablonskis@gmail.com>
A lot of flags have been added on the output of `docker help`. Use a
more robust method to extract the list of available subcommands by
spotting the `Command:` line and the next blank line.
Signed-off-by: Vincent Bernat <vincent@bernat.im>
Adds pertitent information about what is expected in the json payload
and comments out unsupported (exec) features in runConfig.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The gist here is a reemphasizing of the explicitly "user mutable" bits by putting them first (and hopefully improving readability a little bit in the process).
Signed-off-by: Andrew Page <admwiggin@gmail.com>
I also needed to add a mflag.IsSet() function that allows you to check
to see if a certain flag was actually specified on the cmd line.
Per #9221 - also tweaked the docs to fix a typo.
Closes#9221
Signed-off-by: Doug Davis <dug@us.ibm.com>
If you execute
DEBUG=-g hack/make.sh dynbinary
Docker will be build with the debug info making it easier to use
cgdb or lightide to debug.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
still supports the old form: ENV name value
Also, fixed an issue with the parser where it would ignore lines
at the end of the Dockerfile that ended with \
Closes#2333
Signed-off-by: Doug Davis <dug@us.ibm.com>
This fixes the removal of TempArchives which can read with only one
read. Such archives weren't getting removed because EOF wasn't being
triggered.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Mark the daemon listening ports as allocated in the portallocator in
order to prevent containers from exposing this port themselves.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Now filter name is trimmed and lowercased before evaluation for case
insensitive and whitespace trimemd check.
Signed-off-by: Oh Jinkyun <tintypemolly@gmail.com>
This adds an integration test for checking that the network namespace
fds are the same when a container joins another container's network
namespace.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Fixes:
- link -H windows is not compatible with -linkmode external
- under Cygwin go does not play well with cygdrive type paths
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Common patterns:
- Multiple images were built with same name but only one cleanup.
- Containers were deleted after images.
- Images not removed after retagging.
Signed-off-by: Tõnis Tiigi <tonistiigi@gmail.com> (github: tonistiigi)
COPY/ADD just copies the contents of dirs, not dirs themselves.
This PR tries to clear that up in the docs.
Closes#8775
Signed-off-by: Doug Davis <dug@us.ibm.com>
Next steps, in another PR, would be:
- make all logging go through the logrus stuff
- I'd like to see if we can remove the env var stuff (like DEBUG) but we'll see
Closes#5198
Signed-off-by: Doug Davis <dug@us.ibm.com>
Currently we set up a cookie and upon failure not call UdevWait(). This
does not cleanup the cookie and associated semaphore and system will
soon max out on total number of semaphores.
To avoid this, call UdevWait() even in failure path which in turn will
cleanup associated semaphore.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Vincent Batts <vbatts@redhat.com>
used path package instead of path/filepath so that --volumes and
--device parameters to always validate paths as unix paths instead of
OS-dependent path convention
Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
pkg/archive contains code both invoked from cli (cross platform) and
daemon (linux only) and Unix-specific dependencies break compilation on
Windows. We extracted those stat-related funcs into platform specific
implementations at pkg/system and added unit tests.
Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
Some parts of pkg/archive is called on both client/daemon code. To get
it compiling on Windows, these funcs are extracted into files with
build tags.
Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
TreeSize uses syscall.Stat_t which is not available on Windows.
It's called only on daemon path, therefore extracting it to daemon
with build tag 'daemon'
Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
SIGCHLD and SIGWINCH used in api/client (cli code) are not
available on Windows. Extracting into separate files with build
tags.
Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
Fixes#8942
Current behavior is that volumes aren't initialized until start.
Volumes still need to be initialized on start since VolumesFrom and
Binds can be passed in as part of HostConfig on start, however anything
that's already been initialized will just be skipped as is the current
behavior.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Therer is a bug in the 'skip' decision when exporting a repository
(`docker save repo`)
Only the layers of the first image are included in the archive (the
layers of the next images are missing)
Signed-off-by: Anthony Baire <Anthony.Baire@irisa.fr>
Since the build uses ubuntu 14.04, which has an old btrfs, include the
buildtags needed for this old version to not break the build.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
I was trying to just build the Docker client but DOCKER_CLIENTONLY wasn't
getting passed thru from the shell to the container building docker.
So, this PR passes this var (via the -e option) on the docker run command
so we pick it up from the devs shell when running "make ...".
While in there I pulled all of the "-e" options into a new Makefile variable
so its easy to see just the list of env vars we pass along.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Fixes#1171Fixes#6465
Data passed to mount(2) is clipped to PAGE_SIZE if its bigger. Previous
implementation checked if error was returned and then started to append layers
one by one. But if the PAGE_SIZE clipping appeared in between the paths, in the
permission sections or in xino definition the call would not error and
remaining layers would just be skipped(or some other unknown situation).
This also optimizes system calls as it tries to mount as much as possible with
the first mount.
Signed-off-by: Tõnis Tiigi <tonistiigi@gmail.com> (github: tonistiigi)
this test checks if exposing a large number of ports in Dockerfile properly
saves the port in configs. We dont actually expose a VERY large number of ports
here because the result is the same and it increases the test time by a few
seconds
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Signal proxy does work only in non-TTY mode (--tty=false). Man pages and
commands should not lie about it.
Signed-off-by: Michal Minar <miminar@redhat.com>
Ideally lvm2 would be used to create/manage the thin-pool volume that is
then handed to docker to exclusively create/manage the thin and thin
snapshot volumes needed for it's containers. Managing the thin-pool
outside of docker makes for the most feature-rich method of having
docker utilize device mapper thin provisioning as the backing storage
for docker's containers. lvm2-based thin-pool management feature
highlights include: automatic or interactive thin-pool resize support,
dynamically change thin-pool features, automatic thinp metadata checking
when lvm2 activates the thin-pool, etc.
Docker will not activate/deactivate the specified thin-pool device but
it will exclusively manage/create thin and thin snapshot volumes in it.
Docker will not take ownership of the specified thin-pool device unless
it has 0 data blocks used and a transaction id of 0. This should help
guard against using a thin-pool that is already in use.
Also fix typos in setupBaseImage() relative to the thin volume type of
the base image.
Docker-DCO-1.1-Signed-off-by: Mike Snitzer <snitzer@redhat.com> (github: snitm)
Otherwise udev can unecessarily execute various rules (and issue
scanning IO, etc) against the thin-pool -- which can never be a
top-level device.
Docker-DCO-1.1-Signed-off-by: Mike Snitzer <snitzer@redhat.com> (github: snitm)
Some workloads rely on IPC for communications with other processes. We
would like to split workloads between two container but still allow them
to communicate though shared IPC.
This patch mimics the --net code to allow --ipc=host to not split off
the IPC Namespace. ipc=container:CONTAINERID to share ipc between containers
If you share IPC between containers, then you need to make sure SELinux labels
match.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Took care of some review comments from crosbymichael.
v2:
- Return "err = nil" if file deviceset-metadata file does not exist.
- Use json.Decoder() interface for loading deviceset metadata.
v3:
- Reverted back to json marshal interface in loadDeviceSetMetaData().
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Saving ports as `map[nat.Port]struct{}` directly has ordering issue which is
more replicatable where we expose a huge number of ports at the same time. As a
result, the cache will be burst whenever the map order is different from the
previous build.
This sorts the ports first and save them as a whitespace-separated list instead
of the map representation, so the order will always be consistent if the port
list isnt changed.
NOTICE: this will burst the old expose caches
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
changing order of EXPOSE ports should not invalidate the cache as the content
doesnt change
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Whenever a command arguments is formed by a large linked list, repeatedly
appending to arguments and displayed messages took a long time because go will
have to allocate/copy a lot of times.
This speeds up the allocation by preallocate arrays of correct size for args
and msg
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
I noticed a few things that were bugging me in the output
of the integration-cli tests.
- one of the tests used println to stdout so we had garage sent to the screen
- some of the test, in their final log message, didn't include the name of
the group/file e.g. daemon - run,iptables was just run,iptables
And yes, I noticed this because I'm anal :-) but also because we should keep
the output of the tests as clean as possible so its easy to spot it when
things go bad.
Signed-off-by: Doug Davis <dug@us.ibm.com>
This passed the --net=container:CONTINER_ID to lxc-start as --share-net
Docker-DCO-1.1-Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
The Docker Governance Advisory Board (DGAB) met for the first time Tue 10/21/2014.
Among other topics, the DGAB reviewed and refreshed the Docker Project Statement of Direction.
(Sven added from the Pull Req #9055)
Docker-DCO-1.1-Signed-off-by: Scott Johnston <scott.johnston@docker.com> (github: j0hnst0n)
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
Current implementation is hard to reason about because of trying to mix
unix/tcp server implementations, even though they are quite different.
This cleans that up.
Also makes it possible to create and manage a new API server easily,
e.g. for adding an introspection socket to a container.
Built in such a way as to allow a non-HTTP server to work as well, such
as libchan.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Linking to the docs readme to help would-be contributors discover the style guide and docs contribution guidelines.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Running parseVolumesFromSpec on all VolumesFrom specs before initialize
any mounts endures that we don't leave container.Volumes in an
inconsistent (partially initialized) if one of out mount groups is not
available (e.g. the container we're trying to mount from does not
exist).
Keeping container.Volumes in a consistent state ensures that next time
we Start() the container, it'll run prepareVolumes() again.
The attached test demonstrates that when a container fails to start due
to a missing container specified in VolumesFrom, it "remembers" a Volume
that worked.
Fixes: #8726
Signed-off-by: Thomas Orozco <thomas@orozco.fr>
We might want to break it up into smaller pieces (eg. tools in one
place, documents in another) but let's worry about that later.
Signed-off-by: Solomon Hykes <solomon@docker.com>
Signed-off-by: Prasanna Gautam <prasannagautam@gmail.com>
I found that certain docker installations do not handle binding to the source directory quite right. Just writing it based on help from backjlack and tibor in IRC.
Since the containers can handle the out of memory kernel kills gracefully, docker
will only provide out of memory information as an additional metadata as part of
container status.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
This patch fixes the compilation errors in Docker due to changes in the
libcontainer/user API. There is no functionality change due to this
patch.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
This patch updates the vendor'd libcontainer version, so that Docker can
take advantage of the updates to the `user` API.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
Removing Sonat from docs maintainers because he no longer has time to complete all the responsibilities. Many thanks to Sonat for his help.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
The current implementation of the Docker Hub returns a list of objects
containing the tag name and the layer id.
Docker-DCO-1.1-Signed-off-by: Vincent Giersch <vincent.giersch@ovh.net>
In previous patch I had introduce json:"-" tags to be on safer side to make
sure certain fields are not marshalled/unmarshalled. But struct fields
starting with small letter are not exported so they will not be marshalled
anyway. So remove json:"-" tags from there.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Lxc driver was throwing errors for mounts where the mount point does not exist in the container.
This adds a create=dir/file mount option to the lxc template, to alleviate this issue.
Docker-DCO-1.1-Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
We removed the syncpipe package and replaced it with specific calls to
create a new *os.File from a specified fd passed to the process. This
reduced code and an extra object to manage the container's init
lifecycle.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
My pull request failed the build due to gofmat issues. I have run gofmt
on specified files and this commit fixes it.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Now, newly created/imported layers will have the checksum of
the layer diff computed and stored in the image json file.
For now, it is not an error if the computed checksum does not
match an existing checksum, only a warning message is logged. The
eventual goal is to use the checksums in the image JSON to verify
the integrity of the layer contents when doing `docker load` or
`docker pull`, and error out if it does not match.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Instead of only checking `Progress != nil` (which is always true because
the server sends `"progressDetail":{}` when it doesnt have the progress), we
also check if `Progress.String() != ""`, which should be sufficient to filter
out the progress data.
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
The way thin-pool right now is designed, user space is supposed to keep
track of what device ids have already been used. If user space tries to
create a new thin/snap device and device id has already been used, thin
pool retuns -EEXIST.
Upon receiving -EEXIST, current docker implementation simply tries the
NextDeviceId++ and keeps on doing this till it finds a free device id.
This approach has two issues.
- It is little suboptimal.
- If device id already exists, current kenrel implementation spits out
a messsage on console.
[17991.140135] device-mapper: thin: Creation of new snapshot 33 of device 3 failed.
Here kenrel is trying to tell user that device id 33 has already been used.
And this shows up for every device id docker tries till it reaches a point
where device ids are not used. So if there are thousands of container and
one is trying to create a new container after fresh docker start, expect
thousands of such warnings to flood console.
This patch saves the NextDeviceId in a file in
/var/lib/docker/devmapper/metadata/deviceset-metadata and reads it back
when docker starts. This way we don't retry lots of device ids which
have already been used.
There might be some device ids which are free but we will get back to them
once device numbers wrap around (24bit limit on device ids).
This patch should cut down on number of kernel warnings.
Notice that I am creating a deviceset metadata file which is a global file
for this pool. So down the line if we need to save more data we should be
able to do that.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
I was trying to save nextDeviceId to a file but it would not work and
json.Marshal() will do nothing. Then some search showed that I need to
make first letter of struct field capital, exporting this field and
now json.Marshal() works.
This is a preparatory patch for the next one.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Currently we save device metadata and have a helper function saveMetadata()
which converts data in json format as well as saves it to file. For
converting data in json format, one needs to know what is being saved.
Break this function down in two functions. One function only has file
write capability and takes in argument about byte array of json data.
Now this function does not have to know what data is being saved. It
only knows about a stream of json data is being saved to a file.
This allows me to reuse this function to save a different type of
metadata. In this case I am planning to save NextDeviceId so that
docker can use this device Id upon next restart. Otherwise docker
starts from 0 which is suboptimal.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
The current Dev version of TarSum includes hashing of extended
file attributes and omits inclusion of modified time headers.
I refactored the logic around the version differences to make it
more clear that the difference between versions is in how tar
headers are selected and ordered.
TarSum Version 1 is now declared with the new Dev version continuing
to track it.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
This removes the pull of the hello-world image from install.sh to
address privacy concerns.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Fixed the following errors:
1. Request(0) causes a dead loop when the map is full and map.last == BEGIN.
2. When map.last is the only available port (or ip), Request(0) returns ErrAllPortsAllocated (or ErrNoAvailableIPs). Exception is when map.last == BEGIN.
Signed-off-by: shuai-z <zs.broccoli@gmail.com>
This re-applies commit b39d02b with additional iptables rules to solve the issue with containers routing back into themselves.
The previous issue with this attempt was that the DNAT rule would send traffic back into the container it came from. When this happens you have 2 issues.
1) reverse path filtering. The container is going to see the traffic coming in from the outside and it's going to have a source address of itself. So reverse path filtering will kick in and drop the packet.
2) direct return mismatch. Assuming you turned reverse path filtering off, when the packet comes back in, it's goign to have a source address of itself, thus when the reply traffic is sent, it's going to have a source address of itself. But the original packet was sent to the host IP address, so the traffic will be dropped because it's coming from an address which the original traffic was not sent to (and likely with an incorrect port as well).
The solution to this is to masquerade the traffic when it gets routed back into the origin container. However for this to work you need to enable hairpin mode on the bridge port, otherwise the kernel will just drop the traffic.
The hairpin mode set is part of libcontainer, while the MASQ change is part of docker.
This reverts commit 63c303eecd.
Docker-DCO-1.1-Signed-off-by: Patrick Hemmer <patrick.hemmer@gmail.com> (github: phemmer)
The argument specified the json data to save to disk when registering
a new image into the image graph. If it is nil, then the given image
is serialized to json and that is written by default. This default
behavior is sufficient if the given image was originally deserialzed
from this jsonData to begin with which has always been the case.
Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
E.g. "docker foobar run" would have printed "Command not found:
foobar" and printed the help text for "run". It should instead
print the root help message for docker.
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
While working on the fix for #8330 I noticed a few things:
1 - the split() call for the .dockerignore process will generate a blank
"exclude". While this isn't causing an issue right now, I got worried
that in the future some code later on might interpret "" as something bad,
like "everything" or ".". So I added a check for an empty "exclude"
and skipped it
2 - if someone puts "foo" in their .dockerignore then we'll skip "foo".
However, if they put "./foo" then we won't due to the painfully
simplistic logic of go's filepath.Match algorithm. To help things
a little (and to treat ./Dockerfile just like Dockerfile) I added
code to filepath.Clean() each entry in .dockerignore. It should
result in the same semantic path but ensure that no matter how the
user expresses the path, we'll match it.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Reuse WORKDIR wording to specify that the USER instructions affect the
following RUN, CMD, and ENTRYPOINT instructions.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Since V2 registry does not yet implement mirrors, when mirrors are given automatically fallback to V1 without checking V2 first.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
The note under the RUN header refers to the CMD instruction. It should refer to the RUN instruction instead.
Signed-off-by: Huu Nguyen <whoshuu@gmail.com>
- Removed some commands related to autocomplete/symlinks that don't seem to be required anymore on Ubuntu 14.04
- Fixed one minor typo ("see LINK _for_ details," not "see LINK details")
- Moved section "Giving non-root access" to top level, rather than being under Ubuntu 13 (the section isn't specific to Ubuntu 13, and even references Ubuntu 14).
Signed-off-by: Scott Walls <sawalls@umich.edu>
Fix issue with restoring the tag store and setting static configuration
from the daemon. i.e. the field on the TagStore struct must be made
internal or the json.Unmarshal in restore will overwrite the insecure
registries to be an empty struct.
Signed-off-by: Michael Crosby <michael@docker.com>
Conflicts:
graph/pull.go
graph/push.go
graph/tags.go
With current implementation there was a possibility
that /start responds quicker than /attach, meaning that
some output would be clipped.
Fixed so the implementation matches with `docker run`.
This also fixes the flaky test results for TestCreateEchoStdout.
Signed-off-by: Tõnis Tiigi <tonistiigi@gmail.com> (github: tonistiigi)
Fixes#8832
All stdio streams need to finish writing before the
connection can be closed.
Signed-off-by: Tõnis Tiigi <tonistiigi@gmail.com> (github: tonistiigi)
Update for changes in docker 1.2. Running the docker daemon with "-r=false" has been deprecated in favor of per-container restart policies.
Signed-off-by: wilsaj <wilson.andrew.j+github@gmail.com>
If we need to raise an error, make sure the internal state is clean, because
a successful driver.Get() may have its internal state changed (eg. counting,
or mounts), while callers will only do that after a succussful Mount().
Signed-off-by: shuai-z <zs.broccoli@gmail.com>
Includes changes to mkdocs yml and removes style info from docs Read Me, adding a link instead.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Conflicts:
docs/README.md
Revisions to style guide based on review.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
More Style Guide revisions based on review.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
A few more style guide copy edits
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
By default is a demo of file differences, but can be used to create a
tar of changes between an old and new path.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
In an effort to make layer content 'stable' between import
and export from two different graph drivers, we must resolve
an issue where AUFS produces metadata files in its layers
which other drivers explicitly ignore when importing.
The issue presents itself like this:
- Generate a layer using AUFS
- On commit of that container, the new stored layer contains
AUFS metadata files/dirs. The stored layer content has some
tarsum value: '1234567'
- `docker save` that image to a USB drive and `docker load`
into another docker engine instance which uses another
graph driver, say 'btrfs'
- On load, this graph driver explicitly ignores any AUFS metadata
that it encounters. The stored layer content now has some
different tarsum value: 'abcdefg'.
The only (apparent) useful aufs metadata to keep are the psuedo link
files located at `/.wh..wh.plink/`. Thes files hold information at the
RW layer about hard linked files between this layer and another layer.
The other graph drivers make sure to copy up these psuedo linked files
but I've tested out a few different situations and it seems that this
is unnecessary (In my test, AUFS already copies up the other hard linked
files to the RW layer).
This changeset adds explicit exclusion of the AUFS metadata files and
directories (NOTE: not the whiteout files!) on commit of a container
using the AUFS storage driver.
Also included is a change to the archive package. It now explicitly
ignores the root directory from being included in the resulting tar archive
for 2 reasons: 1) it's unnecessary. 2) It's another difference between
what other graph drivers produce when exporting a layer to a tar archive.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
This backend uses the overlayfs union filesystem for containers
plus hard link file sharing for images.
Each container/image can have a "root" subdirectory which is a plain
filesystem hierarchy, or they can use overlayfs.
If they use overlayfs there is a "upper" directory and a "lower-id"
file, as well as "merged" and "work" directories. The "upper"
directory has the upper layer of the overlay, and "lower-id" contains
the id of the parent whose "root" directory shall be used as the lower
layer in the overlay. The overlay itself is mounted in the "merged"
directory, and the "work" dir is needed for overlayfs to work.
When a overlay layer is created there are two cases, either the
parent has a "root" dir, then we start out with a empty "upper"
directory overlaid on the parents root. This is typically the
case with the init layer of a container which is based on an image.
If there is no "root" in the parent, we inherit the lower-id from
the parent and start by making a copy if the parents "upper" dir.
This is typically the case for a container layer which copies
its parent -init upper layer.
Additionally we also have a custom implementation of ApplyLayer
which makes a recursive copy of the parent "root" layer using
hardlinks to share file data, and then applies the layer on top
of that. This means all chile images share file (but not directory)
data with the parent.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
The vfs storage driver currently shells out to the `cp` binary on the host
system to perform an 'archive' copy of the base image to a new directory.
The archive option preserves the modified time of the files which are created
but there was an issue where it was unable to preserve the modified time of
copied symbolic links on some host systems with an outdated version of `cp`.
This change no longer relies on the host system implementation and instead
utilizes the `CopyWithTar` function found in `pkg/archive` which is used
to copy from source to destination directory using a Tar archive, which
should correctly preserve file attributes.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
This will allow us to use a common Git prefix check for both api/clients/commands.go and
builder/job.go. Previous prefix check in build from Git (in builder/jobs.go) ignored valid prefixes such as "git@", "http://" or "https://".
Signed-off-by: Lakshan Perera <lakshan@laktek.com>
Made a few tweaks to Dockerfile tutorial links and removed some cruft from the tutorial itself.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
If we first request port 49153 (BeginPortRange) explicitly, and later some time request the next free port (of same ip/proto) by calling RequestPort() with port number 0, we will again get 49153 returned, even if it's currently in use. Because findPort() blindly retured BeginPortRange the first run, without checking if it has already been taken.
Signed-off-by: shuai-z <zs.broccoli@gmail.com>
when a container failed to start, saves the error message into State.Error so
that it can be retrieved when calling `docker inspect` instead of having to
look at the log
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Never close attached stream before both stdout and stderr have written
all their buffered contents. Remove stdinCloser because it is not needed
any more as the stream is closed anyway after attach has finished.
Fixes#3631
Signed-off-by: Andy Goldstein <agoldste@redhat.com>
Do not run containers in the background in the integration tests if you
depend on the run completing. It is better especially if you just want
to ensure that the run has completed with a `true` to just run in
foreground and use a known name for the container to query it after it
has stopped.
The failures can be reproduced on most machines by giving your dind
container one core and a cpushare.
docker run -c 200 --cpuset 0 -ti --rm --privileged -e
DOCKER_GRAPHDRIVER=vfs docker hack/make.sh binary test-integration-cli
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
As of 1.3 `docker ps` no longer shows links between containers.
This updates the documentation to reflect that change.
sudo docker docker inspect -f "{{ .HostConfig.Links }}" web
Signed-off-by: Philipp Weissensteiner <mail@philippweissensteiner.com>
graphdriver is not always specified when the log printed, because
it's provided in another thread. This patch will fix this.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
So far, it looks like the declarations are not used, and so its safer not to
confuse people into thinking they do something.
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
Fixes#1992
Right now when you `docker cp` a path which is in a volume, the cp
itself works, however you end up getting files that are in the
container's fs rather than the files in the volume (which is not in the
container's fs).
This makes it so when you `docker cp` a path that is in a volume it
follows the volume to the real path on the host.
archive.go has been modified so that when you do `docker cp mydata:/foo
.`, and /foo is the volume, the outputed folder is called "foo" instead
of the volume ID (because we are telling it to tar up
`/var/lib/docker/vfs/dir/<some id>` and not "foo", but the user would be
expecting "foo", not the ID
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
We do this to prevent leakage of information, we don't want people
to be able to probe for existing content.
According to RFC 2616, "This status code (404) is commonly used when the server does not
wish to reveal exactly why the request has been refused, or when no other response i
is applicable."
https://www.ietf.org/rfc/rfc2616.txt
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it.
Authorization will not help and the request SHOULD NOT be repeated.
If the request method was not HEAD and the server wishes to make
public why the request has not been fulfilled, it SHOULD describe the
reason for the refusal in the entity. If the server does not wish to
make this information available to the client, the status code 404
(Not Found) can be used instead.
10.4.5 404 Not Found
The server has not found anything matching the Request-URI. No
indication is given of whether the condition is temporary or
permanent. The 410 (Gone) status code SHOULD be used if the server
knows, through some internally configurable mechanism, that an old
resource is permanently unavailable and has no forwarding address.
This status code is commonly used when the server does not wish to
reveal exactly why the request has been refused, or when no other
response is applicable.
When docker is running through its certificates, it should continue
trying with a new certificate even if it gets back a 404 error code.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
zsh completion is updated with the content of
felixr/docker-zsh-completion.
The major change since the last merge is the addition of
exec/create (but they were already present in the docker repository) as
well as pause/unpause/logout/events and the use of short/long options
when they are available. Some missing options were also added.
12f00abd7178 Add completion for `exec'
4e2faa075f9a Merge `run' and `create' commands.
34134de077de Add missing long/short options for most commands.
d09f62339ab5 Add completion for `pause' and `unpause'
e4754c3b3b9d Add completion for `logout'
e0935eb3d5d2 Add completion for `events'
dae353cb9afb Add completion for `create`
Docker-DCO-1.1-Signed-off-by: Vincent Bernat <vincent@bernat.im> (github: vincentbernat)
The Dockerfile Instruction to create the .vnc directory results in a failure :
-storepasswd failed for file: /root/.vnc/passwd
Signed-off-by: Madhu Venugopal <madhu@socketplane.io>
Use /etc/os-release to determine distro
Contents of /etc/os-release on Amazon Linux AMI 2014.09:
NAME="Amazon Linux AMI"
VERSION="2014.09"
ID="amzn"
ID_LIKE="rhel fedora"
VERSION_ID="2014.09"
PRETTY_NAME="Amazon Linux AMI 2014.09"
ANSI_COLOR="0;33"
CPE_NAME="cpe:/o:amazon:linux:2014.09:ga"
HOME_URL="http://aws.amazon.com/amazon-linux-ami/"
Signed-off-by: Amit Bakshi <ambakshi@gmail.com>
Signed-off-by: Jessica Frazelle <jess@docker.com>
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Added link for CVEs.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Fixed some URLs.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
Added link for CVEs.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
An initial start to migration of the API tests from integration to
the integration-cli model.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
(github: estesp)
Made it clear signed images is a preview feature and added a little more info about how the feature works.
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
First off, sorry for the noise. This is a cleaner step of #8508
Found more of a root cause of the open file handles.
After more testing I found that the open file descriptors will still
occur for TCP:// connections to the daemon, causing client and/or daemon
to fail.
The issue was instantiating a new http.Transport on _ever_ client
request. So each instance held the prior connection alive, but was only
ever used once.
By moving it out to the initilization of DockerCli, we can now have
reuse of idled connections. Simplifies the garbage overhead of the
client too, though that's not usually a deal.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Failure to do this means that file capabilites are not preserved in the image.
Ping fails to work as a non-root user if cap_net_raw is capability is not set
Signed-off-by: Dan Griffin <dgriffin@peer1.com>
I didn't realize the commit required a Docker-DCO so it failed the travis-ci build. So I removed the commit from my forked repo. Now it looks like there is a pull request with no commit. So here it is again:
Needed to add '--releasever=/' flag to run yum groupinstall on Centos7 (didn't try on anything else). This snippet from yum man page explains why:
```
Note: You may also want to use the option --releasever=/ when creating the installroot as otherwise the $releasever value is taken from the rpmdb within the installroot (and thus. will be empty, before creation).
```
Docker-DCO-1.1-Signed-off-by: Matt Schurenko <matt.schurenko@gmail.com> (github: mschurenko)
2014-07-12 12:15:42 -07:00
1851 changed files with 145932 additions and 79370 deletions
# Note: right now we don't use go-specific features of travis.
# Later we might automate "go test" etc. (or do it inside a docker container...?)
language:go
go:
# This should match the version in the Dockerfile.
- 1.3.1
# Test against older versions too, just for a little extra retrocompat.
- 1.2
# Let us have pretty experimental Docker-based Travis workers.
# (These spin up much faster than the VM-based ones.)
sudo:false
# Disable the normal go build.
install:
- export DOCKER_BUILDTAGS='exclude_graphdriver_btrfs exclude_graphdriver_devicemapper'# btrfs and devicemapper fail to compile thanks to a couple missing headers (which we can't install thanks to "sudo: false")
- export AUTO_GOPATH=1
# some of Docker's unit tests don't work inside Travis (yet!), so we purge those test files for now
- rm -f daemon/graphdriver/btrfs/*_test.go# fails to compile (missing header)
- rm -f daemon/graphdriver/devmapper/*_test.go# fails to compile (missing header)
- rm -f daemon/execdriver/lxc/*_test.go# fails to run (missing "lxc-start")
- rm -f daemon/graphdriver/aufs/*_test.go# fails to run ("backing file system is unsupported for this graph driver")
- rm -f daemon/graphdriver/vfs/*_test.go# fails to run (not root, which these tests assume "/var/tmp/... no owned by uid 0")
- rm -f daemon/networkdriver/bridge/*_test.go# fails to run ("Failed to initialize network driver")
- rm -f graph/*_test.go# fails to run ("mkdir /tmp/docker-test.../vfs/dir/foo/etc/postgres: permission denied")
- rm -f pkg/mount/*_test.go# fails to run ("permission denied")
+ `commit --change` to apply specified Dockerfile instructions while committing the image
+ `import --change` to apply specified Dockerfile instructions while importing the image
+ Builds no longer continue in the background when canceled with CTRL-C
#### Client
+ Windows Support
#### Runtime
+ Container and image Labels
+ `--cgroup-parent` for specifying a parent cgroup to place container cgroup within
+ Logging drivers, `json-file`, `syslog`, or `none`
+ Pulling images by ID
+ `--ulimit` to set the ulimit on a container
+ `--default-ulimit` option on the daemon which applies to all created containers (and overwritten by `--ulimit` on run)
## 1.5.0 (2015-02-10)
#### Builder
+ Dockerfile to use for a given `docker build` can be specified with the `-f` flag
* Dockerfile and .dockerignore files can be themselves excluded as part of the .dockerignore file, thus preventing modifications to these files invalidating ADD or COPY instructions cache
* ADD and COPY instructions accept relative paths
* Dockerfile `FROM scratch` instruction is now interpreted as a no-base specifier
* Improve performance when exposing a large number of ports
#### Hack
+ Allow client-side only integration tests for Windows
* Include docker-py integration tests against Docker daemon as part of our test suites
#### Packaging
+ Support for the new version of the registry HTTP API
* Speed up `docker push` for images with a majority of already existing layers
- Fixed contacting a private registry through a proxy
#### Remote API
+ A new endpoint will stream live container resource metrics and can be accessed with the `docker stats` command
+ Containers can be renamed using the new `rename` endpoint and the associated `docker rename` command
* Container `inspect` endpoint show the ID of `exec` commands running in this container
* Container `inspect` endpoint show the number of times Docker auto-restarted the container
* New types of event can be streamed by the `events` endpoint: ‘OOM’ (container died with out of memory), ‘exec_create’, and ‘exec_start'
- Fixed returned string fields which hold numeric characters incorrectly omitting surrounding double quotes
#### Runtime
+ Docker daemon has full IPv6 support
+ The `docker run` command can take the `--pid=host` flag to use the host PID namespace, which makes it possible for example to debug host processes using containerized debugging tools
+ The `docker run` command can take the `--read-only` flag to make the container’s root filesystem mounted as readonly, which can be used in combination with volumes to force a container’s processes to only write to locations that will be persisted
+ Container total memory usage can be limited for `docker run` using the `—memory-swap` flag
* Major stability improvements for devicemapper storage driver
* Better integration with host system: containers will reflect changes to the host's `/etc/resolv.conf` file when restarted
* Better integration with host system: per-container iptable rules are moved to the DOCKER chain
- Fixed container exiting on out of memory to return an invalid exit code
#### Other
* The HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables are properly taken into account by the client when connecting to the Docker daemon
## 1.4.1 (2014-12-15)
#### Runtime
- Fix issue with volumes-from and bind mounts not being honored after create
## 1.4.0 (2014-12-11)
#### Notable Features since 1.3.0
+ Set key=value labels to the daemon (displayed in `docker info`), applied with
new `-label` daemon flag
+ Add support for `ENV` in Dockerfile of the form:
`ENV name=value name2=value2...`
+ New Overlayfs Storage Driver
+ `docker info` now returns an `ID` and `Name` field
+ Filter events by event name, container, or image
+ `docker cp` now supports copying from container volumes
- Fixed `docker tag`, so it honors `--force` when overriding a tag for existing
image.
## 1.3.3 (2014-12-11)
#### Security
- Fix path traversal vulnerability in processing of absolute symbolic links (CVE-2014-9356)
# see https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
# note: we don't use "git clone -b" above because it then spews big nasty warnings about 'detached HEAD' state that we can't silence as easily as we can silence them using "git checkout" directly
# Compile and install lvm2
RUNcd /usr/local/lvm2 && ./configure --enable-static_link && make device-mapper && make install_device-mapper
RUNcd /usr/local/lvm2 \
&& ./configure --enable-static_link \
&& make device-mapper \
&& make install_device-mapper
# see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
# to allow `make BINDDIR=. shell` or `make BINDDIR= test`
# env vars passed through directly to Docker's build scripts
# to allow things like `make DOCKER_CLIENTONLY=1 binary` easily
# `docs/sources/contributing/devenvironment.md ` and `project/PACKAGERS.md` have some limited documentation of some of these
DOCKER_ENVS:=\
-e BUILDFLAGS \
-e DOCKER_CLIENTONLY \
-e DOCKER_EXECDRIVER \
-e DOCKER_EXPERIMENTAL \
-e DOCKER_GRAPHDRIVER \
-e DOCKER_STORAGE_OPTS \
-e DOCKER_USERLANDPROXY \
-e TESTDIRS \
-e TESTFLAGS \
-e TIMEOUT
# note: we _cannot_ add "-e DOCKER_BUILDTAGS" here because even if it's unset in the shell, that would shadow the "ENV DOCKER_BUILDTAGS" set in our Dockerfile, which is very important for our official builds
# to allow `make BIND_DIR=. shell` or `make BIND_DIR= test`
# (default to no bind mount if DOCKER_HOST is set)
BINDDIR:=$(if$(DOCKER_HOST),,bundles)
# to allow `make DOCSPORT=9000 docs`
DOCSPORT:=8000
# note: BINDDIR is supported for backwards-compatibility here
returnfmt.Errorf("Error checking context is accessible: '%s'. Please check permissions and try again.",err)
}
options:=&archive.TarOptions{
Compression:archive.Uncompressed,
ExcludePatterns:excludes,
IncludeFiles:includes,
}
context,err=archive.TarWithOptions(root,options)
iferr!=nil{
returnerr
}
}
// windows: show error message about modified file permissions
// FIXME: this is not a valid warning when the daemon is running windows. should be removed once docker engine for windows can build.
ifruntime.GOOS=="windows"{
fmt.Fprintln(cli.err,`SECURITY WARNING: You are building a Docker image from Windows against a Linux Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.`)
}
varbodyio.Reader
// Setup an upload progress bar
// FIXME: ProgressReader shouldn't be this annoying to use
// Package client provides a command-line interface for Docker.
//
// Run "docker help SUBCOMMAND" or "docker SUBCOMMAND --help" to see more information on any Docker subcommand, including the full list of options supported for the subcommand.
// See https://docs.docker.com/installation/ for instructions on installing Docker.
packageclient
import"fmt"
// An StatusError reports an unsuccessful exit by a command.
flAuthor:=cmd.String([]string{"a","#author","-author"},"","Author (e.g., \"John Hannibal Smith <hannibal@a-team.com>\")")
flChanges:=opts.NewListOpts(nil)
cmd.Var(&flChanges,[]string{"c","-change"},"Apply Dockerfile instruction to the created image")
// FIXME: --run is deprecated, it will be replaced with inline Dockerfile commands.
flConfig:=cmd.String([]string{"#run","#-run"},"","This option is deprecated and will be removed in a future version in favor of inline Dockerfile-compatible commands")
// CmdCp copies files/folders from a path on the container to a directory on the host running the command.
//
// If HOSTDIR is '-', the data is written as a tar file to STDOUT.
//
// Usage: docker cp CONTAINER:PATH HOSTDIR
func(cli*DockerCli)CmdCp(args...string)error{
cmd:=cli.Subcmd("cp","CONTAINER:PATH HOSTDIR|-","Copy files/folders from a PATH on the container to a HOSTDIR on the host\nrunning the command. Use '-' to write the data as a tar file to STDOUT.",true)
// CmdImport creates an empty filesystem image, imports the contents of the tarball into the image, and optionally tags the image.
//
// The URL argument is the address of a tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) file. If the URL is '-', then the tar file is read from STDIN.
cmd:=cli.Subcmd("import","URL|- [REPOSITORY[:TAG]]","Create an empty filesystem image and import the contents of the\ntarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then\noptionally tag it.",true)
flChanges:=opts.NewListOpts(nil)
cmd.Var(&flChanges,[]string{"c","-change"},"Apply Dockerfile instruction to the created image")
cmd.Require(flag.Min,1)
cmd.ParseFlags(args,true)
var(
v=url.Values{}
src=cmd.Arg(0)
repository=cmd.Arg(1)
)
v.Set("fromSrc",src)
v.Set("repo",repository)
for_,change:=rangeflChanges.GetAll(){
v.Add("changes",change)
}
ifcmd.NArg()==3{
fmt.Fprintf(cli.err,"[DEPRECATED] The format 'URL|- [REPOSITORY [TAG]]' has been deprecated. Please use URL|- [REPOSITORY[:TAG]]\n")
// CmdLogin logs in or registers a user to a Docker registry service.
//
// If no server is specified, the user will be logged into or registered to the registry's index server.
//
// Usage: docker login SERVER
func(cli*DockerCli)CmdLogin(args...string)error{
cmd:=cli.Subcmd("login","[SERVER]","Register or log in to a Docker registry server, if no server is\nspecified \""+registry.IndexServerAddress()+"\" is the default.",true)
// CmdLogout logs a user out from a Docker registry.
//
// If no server is specified, the user will be logged out from the registry's index server.
//
// Usage: docker logout [SERVER]
func(cli*DockerCli)CmdLogout(args...string)error{
cmd:=cli.Subcmd("logout","[SERVER]","Log out from a Docker registry, if no server is\nspecified \""+registry.IndexServerAddress()+"\" is the default.",true)
// If a private port is specified, it also shows the public-facing port that is NATed to the private port.
//
// Usage: docker port CONTAINER [PRIVATE_PORT[/PROTO]]
func(cli*DockerCli)CmdPort(args...string)error{
cmd:=cli.Subcmd("port","CONTAINER [PRIVATE_PORT[/PROTO]]","List port mappings for the CONTAINER, or lookup the public-facing port that\nis NAT-ed to the PRIVATE_PORT",true)
// A running container is stopped by first sending SIGTERM and then SIGKILL if the container fails to stop within a grace period (the default is 10 seconds).
returnnil,resp.StatusCode,fmt.Errorf("Error: request returned %s for API route and version %s, check if the server supports the requested API version",http.StatusText(resp.StatusCode),req.URL)
}
returnnil,resp.StatusCode,fmt.Errorf("Error response from daemon: %s",bytes.TrimSpace(body))
returnnil,"",statusCode,fmt.Errorf("Error: request returned %s for API route and version %s, check if the server supports the requested API version",http.StatusText(statusCode),req.URL)
// Available version information is shown for: client Docker version, client API version, client Go version, client Git commit, client OS/Arch, server Docker version, server API version, server Go version, server Git commit, and server OS/Arch.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
