Instead of returning only the container ID, starting a container may
also return a warning:
"WARNING: Your kernel does not support swap
limit capabilities, memory limited without
swap.\nff6ebd9f7a8d035d17bb9a61eb9d3f0a5d563160cc43471a9d7ac9f71945d061"
The test assumes that only the container ID is returned and uses the
entire message as the name for the inspect command. To avoid the need to
parse the container ID from the output after the run command, give the
container a name and use that instead.
Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
This is useful for cluster systems such as swarm to sync the image
state when new images are successfully built.
Signed-off-by: Shijiang Wei <mountkin@gmail.com>
- do existence check instead of get container
- new connect method on daemon.
- cli network disconnect integration test
Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
When running LXC dind (outer docker is started with native driver)
cgroup paths point to `/docker/CID` inside `/proc/self/mountinfo` but
these paths aren't mounted (root is wrong). This fix just discard the
cgroup dir from mountinfo and set it to root `/`.
This patch fixes/skip OOM LXC tests that were failing.
Fix#16520
Signed-off-by: Antonio Murdaca <runcom@linux.com>
Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
On LXC memory swap was only set to memory_limit*2 even if a value for
memory swap was provided. This patch fix this behavior to be the same
as the native driver and set correct memory swap in the template.
Also add a test specifically for LXC but w/o adding a new test
requirement.
Signed-off-by: Antonio Murdaca <runcom@linux.com>
introduced --subnet, --ip-range and --gateway options in docker network
command. Also, user can allocate driver specific ip-address if any using
the --aux-address option.
Supports multiple subnets per network and also sharing ip range
across networks if the network-driver and ipam-driver supports it.
Example, Bridge driver doesnt support sharing same ip range across
networks.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
* Made use of IPAM driver primitives for legacy IP configurations
* Replaced custom Generics with backend labels
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Tags and digests are kept in the same storage. We want to make sure that they are completely separated - tags are something users set and digests can only be set by pull-by-digest code path.
Reverts #14664
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Generate a hash chain involving the image configuration, layer digests,
and parent image hashes. Use the digests to compute IDs for each image
in a manifest, instead of using the remotely specified IDs.
To avoid breaking users' caches, check for images already in the graph
under old IDs, and avoid repulling an image if the version on disk under
the legacy ID ends up with the same digest that was computed from the
manifest for that image.
When a calculated ID already exists in the graph but can't be verified,
continue trying SHA256(digest) until a suitable ID is found.
"save" and "load" are not changed to use a similar scheme. "load" will
preserve the IDs present in the tar file.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
All the go-lint work forced any existing "Uid" -> "UID", but seems to
not have the same rules for Gid, so stat package has calls UID() and
Gid().
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
part of #16756
Signed-off-by: Xiaoxu Chen <chenxiaoxu14@otcaix.iscas.ac.cn>
update integration-cli/docker_cli_wait_test.go
part of #16756
Signed-off-by: Xiaoxu Chen <chenxiaoxu14@otcaix.iscas.ac.cn>
update integration-cli/docker_cli_wait_test.go
part of #16756
Signed-off-by: Xiaoxu Chen <chenxiaoxu14@otcaix.iscas.ac.cn>
update docker_cli_wait_test.go
part of #16756
Signed-off-by: Xiaoxu Chen <chenxiaoxu14@otcaix.iscas.ac.cn>
Part of #16756
Update integration-cli/docker_cli_rmi_test.go:
Use Assert instead of condition judgement in test.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
This adds the capability to turn on user namespace support when using an
experimental build Docker daemon binary using the `--userns-remap` flag.
Also documentation is added to the experimental docs.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Adds support for the daemon to handle user namespace maps as a
per-daemon setting.
Support for handling uid/gid mapping is added to the builder,
archive/unarchive packages and functions, all graphdrivers (except
Windows), and the test suite is updated to handle user namespace daemon
rootgraph changes.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
A recent change made `graphdriver.NaiveDiffDriver` from a function to a
struct. New function is `graphdriver.NewNaiveDiffDriver.
The graphdriver plugin PR was created (and tests run) before this change
was introduced causing the failure to not be seen until after merge.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Fixes a race when starting a container when there is an error, the stdio
streams are not always written.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
- refactor to make it easier to split the api in the future
- additional tests for non existent container case
Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
Before, typing `docker volume` with no args would forward to the handler
for `docker volume ls`, except the flags for the `ls` subcommand were
not supported.
Instead just print the cmd usage.
This makes the behavior of the `docker volume` subcommand behave exactly
like the `docker network` subcommand.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
I disagree with #14546 that pushed the help text past 80 chars.
Aside from it now making the help text look ugly on 80 char displays,
which I use, one thing I like about the previous limitation is that it
forced us to keep our options down to more reasonable phrases/words.
For example, I think
` --disable-content-trust=true`
could have been:
` --disable-trust=true`
or even:
` --disable-ctrust=true`
But regardless, let's at least make the comments match what the code does.
Signed-off-by: Doug Davis <dug@us.ibm.com>
* Exiting experimental network UX
* removed experimental service UX
* integrated with the new network remote API
Signed-off-by: Madhu Venugopal <madhu@docker.com>
* Moving Network Remote APIs out of experimental
* --net can now accept user created networks using network drivers/plugins
* Removed the experimental services concept and --default-network option
* Neccessary backend changes to accomodate multiple networks per container
* Integration Tests
Signed-off-by: David Calavera <david.calavera@gmail.com>
Signed-off-by: Madhu Venugopal <madhu@docker.com>
This patch creates interfaces in builder/ for building Docker images.
It is a first step in a series of patches to remove the daemon
dependency on builder and later allow a client-side Dockerfile builder
as well as potential builder plugins.
It is needed because we cannot remove the /build API endpoint, so we
need to keep the server-side Dockerfile builder, but we also want to
reuse the same Dockerfile parser and evaluator for both server-side and
client-side.
builder/dockerfile/ and api/server/builder.go contain implementations
of those interfaces as a refactoring of the current code.
Signed-off-by: Tibor Vass <tibor@docker.com>
It prevents occupying of those resources (ports, unix-sockets) by
containers.
Also fixed false-positive test for that case.
Fix#15912
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Search terms shouldn't be restricted to only full valid repository
names. It should be perfectly valid to search using a part of a name,
even if it ends with a period, dash or underscore.
Signed-off-by: Hu Keping <hukeping@huawei.com>
Exec start was sending HTTP 500 for every error.
Fixed an error where pausing a container and then calling exec start
caused the daemon to freeze.
Updated API docs which incorrectly showed that a successful exec start
was an HTTP 201, in reality it is HTTP 200.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Although having a request ID available throughout the codebase is very
valuable, the impact of requiring a Context as an argument to every
function in the codepath of an API request, is too significant and was
not properly understood at the time of the review.
Furthermore, mixing API-layer code with non-API-layer code makes the
latter usable only by API-layer code (one that has a notion of Context).
This reverts commit de41640435, reversing
changes made to 7daeecd42d.
Signed-off-by: Tibor Vass <tibor@docker.com>
Conflicts:
api/server/container.go
builder/internals.go
daemon/container_unix.go
daemon/create.go
Brian Goff
Christy Perez
Lei Jitang
Phil Estes
Shijiang Wei
liaoqingwei
weiyan
Antonio Murdaca
Vincent Demeester
Yuan Sun
Zhang Wei
Sebastiaan van Stijn
Vincent Demeester
Tobias Gesellchen
David Calavera
Tibor Vass
Madhu Venugopal
Zachary Jaffee
Kevin P. Kucharczyk
Zachary Jaffee
Jian Zhang
Morgan Bauer
Jessica Frazelle
Antonio Murdaca
Alexandre Beslic
Antonio Murdaca
Jess Frazelle
Tonis Tiigi
Arnaud Porterie
Alexander Morozov
Phil Estes
Hao Zhang
Mageee
Kun Zhang
Xiaoxu Chen
heartlock
Hu Keping
xlgao-zju
Diogo Monica
John Howard
Doug Davis
Tibor Vass
Shishir Mahajan
Alexander Morozov
Daniel Nephin
Vincent Batts