Commit Graph

459 Commits

Author SHA1 Message Date
Tonis Tiigi 4352da7803 Update daemon and docker core to use new content addressable storage
Add distribution package for managing pulls and pushes. This is based on
the old code in the graph package, with major changes to work with the
new image/layer model.

Add v1 migration code.

Update registry, api/*, and daemon packages to use the reference
package's types where applicable.

Update daemon package to use image/layer/tag stores instead of the graph
package

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-11-24 09:40:25 -08:00
David Calavera 9ca2e4e81c Move exec store to its own package inside the daemon.
Remove double reference between containers and exec configurations by
keeping only the container id.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-11-20 17:40:16 -05:00
David Calavera 3f5b8f712d Extract StreamConfig struct out of the daemon package.
This is a small configuration struct used in two scenarios:

1. To attach I/O pipes to a running containers.
2. To attach to execution processes inside running containers.

Although they are similar, keeping the struct in the same package
than exec and container can generate cycled dependencies if we
move any of them outside the daemon, like we want to do
with the container.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-11-20 15:04:27 -05:00
David Calavera 060f4ae617 Remove the container initializers per platform.
By removing deprecated volume structures, now that windows mount volumes we don't need a initializer per platform.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-11-18 08:41:46 -05:00
Alexander Morozov 4dda67b801 Merge pull request #16452 from rhatdan/btrfs-selinux
Relabel BTRFS Content on container Creation
2015-11-17 11:03:40 -08:00
Dan Walsh 1716d497a4 Relabel BTRFS Content on container Creation
This change will allow us to run SELinux in a container with
BTRFS back end.  We continue to work on fixing the kernel/BTRFS
but this change will allow SELinux Security separation on BTRFS.

It basically relabels the content on container creation.

Just relabling -init directory in BTRFS use case. Everything looks like it
works. I don't believe tar/achive stores the SELinux labels, so we are good
as far as docker commit.

Tested Speed on startup with BTRFS on top of loopback directory. BTRFS
not on loopback should get even better perfomance on startup time.  The
more inodes inside of the container image will increase the relabel time.

This patch will give people who care more about security the option of
runnin BTRFS with SELinux.  Those who don't want to take the slow down
can disable SELinux either in individual containers or for all containers
by continuing to disable SELinux in the daemon.

Without relabel:

> time docker run --security-opt label:disable fedora echo test
test

real    0m0.918s
user    0m0.009s
sys    0m0.026s

With Relabel

test

real    0m1.942s
user    0m0.007s
sys    0m0.030s

Signed-off-by: Dan Walsh <dwalsh@redhat.com>

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2015-11-11 14:49:27 -05:00
Ma Shimiao 0fbfa1449d Add support for blkio.weight_device
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2015-11-11 23:06:36 +08:00
Solomon Hykes 2519f46550 Merge pull request #17700 from calavera/remove_lxc
Remove LXC support.
2015-11-05 15:22:37 -08:00
David Calavera 157b66ad39 Remove exec-driver global daemon option.
Each platform has only a driver now.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-11-05 17:09:58 -05:00
David Calavera 3b5fac462d Remove LXC support.
The LXC driver was deprecated in Docker 1.8.
Following the deprecation rules, we can remove a deprecated feature
after two major releases. LXC won't be supported anymore starting on Docker 1.10.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-11-05 17:09:57 -05:00
Jess Frazelle 9c1006c8bf Merge pull request #17673 from LK4D4/elim_str_comparison
Do not rely on string comparison in truncindex
2015-11-04 15:39:19 -08:00
Alexander Morozov d4a8d09d1a Do not rely on string comparison in truncindex
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-04 11:34:05 -08:00
David Calavera 63efc12070 Remove further references to the daemon within containers.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-11-04 12:28:54 -05:00
David Calavera 5dc3a9a6da Decouple daemon and container from the stats collector.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-11-04 12:27:49 -05:00
David Calavera 669949d6b4 Decouple daemon and container to manage networks.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-11-04 12:27:48 -05:00
David Calavera 2c72015ce3 Decouple daemon and container to manage volumes.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-11-04 12:27:48 -05:00
David Calavera 3a49765046 Decouple daemon and container to mount and unmount filesystems.
Side effects:
- Decouple daemon and container to start containers.
- Decouple daemon and container to copy files.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-11-04 12:27:47 -05:00
David Calavera 9f79cfdb2f Decouple daemon and container to pause and unpause containers.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-11-04 12:27:47 -05:00
David Calavera 4f2a5ba360 Decouple daemon and container to stop and kill containers.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-11-04 12:27:47 -05:00
Alexander Morozov 944ea3134d Merge pull request #17554 from calavera/warm_ipc_unmounts
Turn IPC unmount errors into warnings.
2015-11-02 14:25:39 -08:00
Arnaud Porterie 5719d01066 Merge pull request #16579 from coolljt0725/fix_attach_paused_container
Add show error when attach to a paused container
2015-10-31 07:43:22 -07:00
David Calavera a54d5932e3 Turn IPC unmount errors into warnings.
And do not try to unmount empty paths.

Because nobody should be woken up in the middle of the night for them.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-10-30 19:13:52 -04:00
David Calavera 0c991f3d68 Merge pull request #16779 from Microsoft/10662-execdrivercommand
Windows: Refactor execdriver.Command
2015-10-30 14:59:59 -07:00
John Howard 9d14866d71 Windows: Refactor execdriver.Command
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-10-30 13:53:00 -07:00
Brian Goff 78bd17e805 Force IPC mount to unmount on daemon shutdown/init
Instead of using `MNT_DETACH` to unmount the container's mqueue/shm
mounts, force it... but only on daemon init and shutdown.

This makes sure that these IPC mounts are cleaned up even when the
daemon is killed.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-10-30 15:41:48 -04:00
Antonio Murdaca e990eca1e5 Merge pull request #17510 from LK4D4/refactor_shutdown
Refactor Shutdown a little to reduce indentation
2015-10-30 12:24:03 +01:00
Antonio Murdaca 6b9de7342f Merge pull request #17498 from LK4D4/fix_graph_comment
Fix Graph() docstring
2015-10-30 09:48:16 +01:00
Alexander Morozov ace5854f65 Refactor Shutdown a little to reduce indentation
Also make daemon.netController.Stop() regardless of container existance.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-10-29 17:20:32 -07:00
Alexander Morozov 134772f91e Fix Graph() docstring
It's not true anymore, it used in builder for example.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-10-29 11:41:42 -07:00
Alexander Morozov ac4b290552 Do not ignore errors from graphdriver.Put
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-10-29 11:25:53 -07:00
Lei Jitang de1d611990 Add show error when attach to a paused container
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-10-28 21:00:09 -04:00
David Calavera 0e1618db19 Merge pull request #17437 from LK4D4/put_error
Do not ignore error from driver.Put
2015-10-28 17:32:03 -07:00
Alexander Morozov 990655448d Remove unnecessary error returns
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-10-28 15:15:22 -07:00
Alexander Morozov bc09eceaf4 Do not ignore error from driver.Put
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-10-28 06:54:09 -07:00
Alexandre Beslic 85ae8b034a Merge pull request #17364 from mavenugo/advertise
Enhancing --cluster-advertise to support <interface-name>
2015-10-27 13:29:18 -07:00
David Calavera 82f70677b9 Merge pull request #17405 from LK4D4/cont_pointer
Return pointer from newBaseContainer
2015-10-27 13:27:10 -07:00
David Calavera 2b1b7823e6 Merge pull request #17406 from LK4D4/ent_and_args_simple
Simplify getEntrypointAndArgs
2015-10-27 13:24:59 -07:00
Tibor Vass 194b64951a Merge pull request #17230 from aboch/ae
Do not update etc/hosts file for every container
2015-10-27 16:14:44 -04:00
Madhu Venugopal 3e7db73b99 Enhancing --cluster-advertise to support <interface-name>
--cluster-advertise daemon option is enahanced to support <interface-name>
in addition to <ip-address> in order to amke it  automation friendly using
docker-machine.

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2015-10-27 11:03:22 -07:00
Alexander Morozov 5f6d27ceba Simplify getEntrypointAndArgs
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-10-27 09:36:11 -07:00
Alexander Morozov 6d9bb99c97 Return pointer from newBaseContainer
It makes code more consistent.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-10-27 09:05:28 -07:00
Alessandro Boch 4f6f00e191 Do not update etc/hosts for every container
- Only user named containers will be published into
  other containers' etc/hosts file.
- Also block linking to containers which are not
  connected to the default network

Signed-off-by: Alessandro Boch <aboch@docker.com>
2015-10-26 20:08:57 -07:00
Tonis Tiigi aee5486374 Fix duplicate container names conflict
While creating multiple containers the second 
container could remove the first one from graph
and not produce an error.

Fixes #15995

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-10-26 16:57:50 -07:00
Tibor Vass 56ef47e881 Merge pull request #16890 from runcom/perf-boost
rmi and build cache miss performance improvements
2015-10-21 16:00:25 -04:00
David Calavera d6d60287ee Move volume name validation to the local driver.
Delegate validation tasks to the volume drivers. It's up to them
to decide whether a name is valid or not.
Restrict volume names for the local driver to prevent creating
mount points outside docker's volumes directory.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-10-21 12:28:26 -04:00
Antonio Murdaca f9e81b40f4 daemon: faster image cache miss detection
Lookup the graph parent reference to detect a builder cache miss before
looping the whole graph image index to build a parent-children tree.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-10-21 17:13:45 +02:00
Morgan Bauer 2abf5d986e
refactor access to daemon member EventsService
Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
2015-10-19 09:41:29 -07:00
Shijiang Wei 2968fa44eb emit a "tag" event when building image with "-t" parameter
This is useful for cluster systems such as swarm to sync the image
state when new images are successfully built.

Signed-off-by: Shijiang Wei <mountkin@gmail.com>
2015-10-19 20:09:14 +08:00
Aaron Lehmann cba4bbad4f Remove trust package
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-10-12 10:51:28 -07:00
Vincent Demeester 6e12d9fe62 Merge pull request #16865 from MHBauer/registry-service-refactor
refactor away direct references to daemon member
2015-10-11 21:47:58 +02:00