Give Docker more time to kill containers before upstart kills Docker.
The default kill timeout is 5 seconds.
This will help decrease the chance of but not eliminate the chance of
orphaned container processes.
Signed-off-by: David Xia <dxia@spotify.com>
This stops us from erroneously adding "squeeze-lts" to "oldstable" which is now "wheezy", not "squeeze" (but "oldoldstable" _is_ squeeze, hence the new check on `/etc/debian_version` being `6.*` instead, and done as a `case` for the eventual addition of `wheezy-lts`, etc).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Currently check-config.sh just said enable or missing, when I used
a fresh kernel, made check-config.sh happy, still can't start
container. It take me days debuging kernel and Docker and finally
found it's because I enabled some CONFIGs as modules and never
loaded these modules.
So I think it's necessary to let check-config.sh told users which
configs are enabled as modules.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Added --since argument to `docker logs` command. Accept unix
timestamps and shows logs only created after the specified date.
Default value is 0 and passing default value or not specifying
the value in the request causes parameter to be ignored (behavior
prior to this change).
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Also, `curl` is smart enough to see when the consumer of the pipe is going slow that it should slow down the transfer, so this gives a reasonable indication of extraction progress too.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
To account for "/" not working in filenames, we replace it with "_" for our temporary files (that exist only to emulate Bash 4's associative arrays in Bash 3).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Adds a `stream` query param to the stats API which allows API users to
only collect one stats entry and disconnect instead of keeping the
connection alive to stream more stats.
Also adds a `--no-stream` flag to `docker stats` which does the same
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
With this, `docker pull deb<tab>` will show all `debian:*` tags, as before, but `docker pull -a deb<tab>` will complete directly to just `debian`. 👍
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
in https://docs.docker.com/articles/ambassador_pattern_linking/
svendowideit/ambassador images is from docker-ut built using this script
and uses socat but socat complains as follows
socat: error while loading shared libraries: libreadline.so.5: cannot open shared object file: No such file or directory
socat: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory
socat: error while loading shared libraries: libcrypto.so.1.0.0: cannot open shared object file: No such file or directory
socat: error while loading shared libraries: libtinfo.so.5: cannot open shared object file: No such file or directory
/usr/lib/x86_64-linux-gnu/lib{crypto,ssl}.so* lib are symlinks so removing -P option from cp
adding libreadline.so and libtinfo.so
Signed-off-by: Jinsoo Park <cellpjs@gmail.com>
update libssl.so path
Signed-off-by: Jinsoo Park <cellpjs@gmail.com>
Remove mkimage-unittest.sh
Signed-off-by: Jinsoo Park <cellpjs@gmail.com>
Once the job has failed and is respawned, the status becomes `docker
respawn/post-start` after subsequent failures (as opposed to `docker
stop/post-start`), so the post-start script needs to take this into
account.
I could not find specific documentation on the job transitioning to the
`respawn/post-start` state, but this was observed on Ubuntu 14.04.2.
Signed-off-by: Lewis Marshall <lewis@lmars.net>
dockerize-image tool takes a virtual disk image file
and creates a Docker image based on it. You can
specify a base Docker image to make this tool create
an image that will contain only filesystem diff
instead of full filesystem.
See tools usage for details.
Signed-off-by: Maxim Kulkin <maxim.kulkin@gmail.com>
The validation script from #10681 is too pedantic, and does not handle
well situations like:
```
cat <<EOF # or <<-EOF
Whether the leading whitespace is stripped out or not by bash
it should still be considered as valid.
EOF
```
This reverts commit 4e65c1c319.
Signed-off-by: Tibor Vass <tibor@docker.com>
The previous state assumed that the HOSTPATH argument referred to a
file. As clarified by moxiegirl in PR #11305, it is a directory.
Adjusted completion to reflect this.
Signed-off-by: Harald Albers <github@albersweb.de>
Created a validation that detects all trailing whitespaces from every
text file that isn't *.go, *.md, vendor/*,
docs/theme/mkdocs/tipuesearch*
Removed trailing whitespaces from every text file except from vendor/*
builder/parser/testfiles*, docs/theme/mkdocs/tipuesearch* and *.md
Signed-off-by: André Martins <martins@noironetworks.com>
This makes APT be appropriately aggressive about removing packages it added due to `Recommends` or `Depends` if the packages they were added for are removed (even if other packages only have the softer `Suggests` relationship).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
This also removes the now-defunct `*maintainer*.sh` scripts that don't work with the new TOML format, and moves a couple not-build-or-release-related scripts to `contrib/` instead.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Save "LABEL" field in Dockerfile into image content.
This will allow a user to save user data into an image, which
can later be retrieved using:
docker inspect IMAGEID
I have copied this from the "Comment" handling in docker images.
We want to be able to add Name/Value data to an image to describe the image,
and then be able to use other tools to look at this data, to be able to do
security checks based on this data.
We are thinking about adding version names,
Perhaps listing the content of the dockerfile.
Descriptions of where the code came from etc.
This LABEL field should also be allowed to be specified in the
docker import --change LABEL:Name=Value
docker commit --change LABEL:Name=Value
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
See also https://bugs.gentoo.org/show_bug.cgi?id=536546:
```console
$ docker run learn/tutorial echo "hello world"
FATA[0001] Error response from daemon: Cannot start container 1d0c0ca5cc7f39a271ec40c1479a80bffb7190fab97392b3453a1fc0b2dc8e78: mountpoint for cpuset not found
```
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
This uses a bit of on-disk state in our export directory to emulate our associative array for generating the "repositories" JSON file.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
This makes it much simpler to add new "frozen" images -- simply add them to the `Dockerfile` and in `hack/make/.ensure-frozen-images` and you're off to the races.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Implemented a FakeStorage alternative that supports spinning
up a remote container on DOCKER_TEST_HOST to serve files over
an offline-compiled Go static web server image so that tests which
use URLs in Dockerfile can build them over at the daemon side.
`fakeStorage` function now automatically chooses if it should
use a local httptest.Server or a remote container.
This fixes the following tests when running against a remote
daemon:
- `TestBuildCacheADD`
- `TestBuildCopyWildcardNoFind`
- `TestBuildCopyWildcardCache`
- `TestBuildADDRemoteFileWithCache`
- `TestBuildADDRemoteFileWithoutCache`
- `TestBuildADDRemoteFileMTime`
- `TestBuildADDLocalAndRemoteFilesWithCache`
- `TestBuildADDLocalAndRemoteFilesWithoutCache`
- `TestBuildFromURLWithF`
- `TestBuildApiDockerFileRemote`
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
This downloads a specific image ID of `busybox:latest` from the Hub directly (within the `Dockerfile`, ready for `docker load`) instead of grabbing the source from GitHub and doing a `docker build` at daemon start time. This ensures the test suite runs more consistently.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Instead of applying it only for the final `chroot`, this adds a chroot helper function to apply it appropriately for every chroot, including making sure that we find `chroot` in our current host `PATH` in case it's in a strange place.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
when running in the chroot, it would be expected to have a Debian-ish environment,
most important the PATH variable. Otherwise the host PATH would be used which can wrong
for Debian, especially if the host is Arch (which doesn't have /bin, /sbin or /usr/sbin).
Signed-off-by: Damjan Georgievski <gdamjan@gmail.com>
zsh completion is updated with the content of
felixr/docker-zsh-completion.
ef4a3fce0437 Update completion for `wait' as per 1.5.0
ace5aa9c1282 Add completion for `stats'
91f112834865 Update completion for `search' as per 1.5.0
a5e4febe4bf6 Update completion for `save' as per 1.5.0
1cdbdb18a384 Add completion for `rename'
2f004bb724b9 Update completion for `pull' as per 1.5.0
773b88e0885b Update completion for `logs' as per 1.5.0
c57e5d5c4551 Update completion for `load' to favor archive files
9af7d12b487e Update completion for `images` as per 1.5.0
0d59e66aff30 update completion for `exec' to complete on commands
46b6c66760d7 Update completion for `events' as per 1.5.0
307e0bdc4c34 Update completion for `commit' as per 1.5.0
c4b331f38cc4 Update completion for `build' as per 1.5.0
Also added myself in the `MAINTAINERS` file.
Signed-off-by: Vincent Bernat <vincent@bernat.im>
In order to fit printed messages to fit 80 chars,
rewording messages for `-H` and `--tls` flags.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
set LimitCORE=infinity to ensure complete core creation,
allows extraction of as much information as possible.
Thanks to Ulrich Obergfell <uobergfe@redhat.com>
and Jeremy Eder <jeder@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Don't run docker in interactive mode in the archlinux container build script. Recent versions of Docker error out with "cannot enable tty mode on non tty input" when being run non-interactively (such as in a cron job, Jenkins build, etc.)
Signed-off-by: Jared Biel <jared.biel@bolderthinking.com>
Implementing the deamon flags the traditional way introduced even more
redundancy than usual because the same list of options with flags
had to be added twice.
This can be avoided by using variables in the case statements when
using the extglob shell option.
Signed-off-by: Harald Albers <github@albersweb.de>
unshare the mount namespace of the docker daemon to avoid other pids
outside the daemon holding mount references of docker containers.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
This systemd.exec setting will construct a new mount namespace for the
docker daemon, and use slave shared-subtree mounts so that volume mounts
propogate correctly into containers.
By having an unshared mount namespace for the daemon it ensures that
mount references are not held by other pids outside of the docker
daemon. Frequently this can be seen in EBUSY or "device or resource
busy" errors.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
as noted in https://github.com/boot2docker/boot2docker/issues/690
Signed-off-by: Sven Dowideit <SvenDowideit@docker.com>
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
This introduces a sort order for options:
Arrange options sorted alphabetically by long name with the short
options immediately following their corresponding long form.
Signed-off-by: Harald Albers <github@albersweb.de>
This file is one APT creates to make sure we don't "autoremove" our currently in-use kernel, which doesn't really apply to debootstraps/Docker images that don't even have kernels installed.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Fixes#6647: Other upstart jobs that depend on docker by specifying
"start on started docker" would often start before the docker daemon was
ready, so they'd fail with "Cannot connect to the Docker daemon" or
"dial unix /var/run/docker.sock: no such file or directory".
This is because "docker -d" doesn't daemonize, it runs in the
foreground, so upstart can't know when the daemon is ready to receive
incoming connections. (Traditionally, a daemon will create all necessary
sockets and then fork to signal that it's ready; according to @tianon
this "isn't possible in Go"[1]. See also [2].)
Presumably this isn't a problem with systemd init with its socket
activation. The SysV init scripts may or may not suffer from this
problem but I have no motivation to fix them.
This commit adds a "post-start" stanza to the upstart configuration
that waits for the socket to be available. Upstart won't emit the
"started" event until the "post-start" script completes.[3]
Note that the system administrator might have specified a different path
for the socket, or a tcp socket instead, by customising
/etc/default/docker. In that case we don't try to figure out what the
new socket is, but at least we don't wait in vain for
/var/run/docker.sock to appear.
If the main script (`docker -d`) fails to start, the `initctl status
$UPSTART_JOB | grep -q "stop/"` line ensures that we don't loop forever.
I stole this idea from Steve Langasek.[4]
If for some reason we *still* end up in an infinite loop --I guess
`docker -d` must have hung-- then at least we'll be able to see the
"Waiting for /var/run/docker.sock" debug output in
/var/log/upstart/docker.log.
I considered using inotifywait instead of sleep, but it isn't worth
the complexity & the extra dependency.
[1] https://github.com/docker/docker/issues/6647#issuecomment-47001613
[2] https://code.google.com/p/go/issues/detail?id=227
[3] http://upstart.ubuntu.com/cookbook/#post-start
[4] https://lists.ubuntu.com/archives/upstart-devel/2013-April/002492.html
Signed-off-by: David Röthlisberger <david@rothlis.net>
_docker_run and _docker_create had only one differing line.
This refactoring features:
- direct completion for both commands to the same function
- factor out the common arguments, sort & format them nicely
- compute the argument for _docker_pos_first_nonflag.
Signed-off-by: Harald Albers <github@albersweb.de>
Current description is misleading. It make an impression the --icc=false
prevents containers to talk with each other.
Signed-off-by: Michal Minar <miminar@redhat.com>
Docker-DCO-1.1-Signed-off-by: Michal Minar <miminar@redhat.com> (github: SvenDowideit)
Since Linux 3.18-rc6, overlayfs has been renamed overlay.
This change was introduced by the following commit in linux.git:
ef94b1864d1ed5be54376404bb23d22ed0481feb ovl: rename filesystem type to "overlay"
Signed-off-by: Lénaïc Huard <lhuard@amadeus.com>
The -n and --networking options were removed because they are
unsupported.
Bash completion should not reveal the existence of otherwise
undocumented unsupported options.
Signed-off-by: Harald Albers <github@albersweb.de>
A lot of flags have been added on the output of `docker help`. Use a
more robust method to extract the list of available subcommands by
spotting the `Command:` line and the next blank line.
Signed-off-by: Vincent Bernat <vincent@bernat.im>
Next steps, in another PR, would be:
- make all logging go through the logrus stuff
- I'd like to see if we can remove the env var stuff (like DEBUG) but we'll see
Closes#5198
Signed-off-by: Doug Davis <dug@us.ibm.com>
Signal proxy does work only in non-TTY mode (--tty=false). Man pages and
commands should not lie about it.
Signed-off-by: Michal Minar <miminar@redhat.com>
So far, it looks like the declarations are not used, and so its safer not to
confuse people into thinking they do something.
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
zsh completion is updated with the content of
felixr/docker-zsh-completion.
The major change since the last merge is the addition of
exec/create (but they were already present in the docker repository) as
well as pause/unpause/logout/events and the use of short/long options
when they are available. Some missing options were also added.
12f00abd7178 Add completion for `exec'
4e2faa075f9a Merge `run' and `create' commands.
34134de077de Add missing long/short options for most commands.
d09f62339ab5 Add completion for `pause' and `unpause'
e4754c3b3b9d Add completion for `logout'
e0935eb3d5d2 Add completion for `events'
dae353cb9afb Add completion for `create`
Docker-DCO-1.1-Signed-off-by: Vincent Bernat <vincent@bernat.im> (github: vincentbernat)
Two problems how they are today:
In the current systemd unit files it is impossible to have the
docker.service started at system boot. Instead enableing docker.service
will actually enable docker.socket. This is a problem, as that means
any container with --restart=always will not launch on reboot. And of
course as soon as you log in and type docker ps, docker.service will be
launched and now your images are running. Talk about a PITA to debug!
The fix is to just install docker.service when people ask docker.service
to be enabled. If an admin wants to enable docker.socket instead, that
is fine and will work just as it does today.
The second problem is a common docker devel workflow, although not
something normal admins would hit. In this case consider a dev doing
the following:
systemctl stop docker.service
docker -d
[run commands]
[^C]
systemctl start docker.service
Running docker -d (without -F fd://) will clean up the
/var/run/docker.sock when it exits. Remember, you just ran the docker
daemon not telling it about socket actviation, so cleaning up its socket
makes sense! The new docker, started by systemd will expect socket
activation, but the last one cleaned up the docker.sock. So things are
just broken. You can, today, work around this by restarting
docker.socket. This fixes it by telling docker.socket that it is
PartOf=docker.service. So when docker.service is
started/stopped/restarted docker.socket will also be
started/stopped/restarted. So the above semi-common devel workflow will
be fine. When docker.service is stopped, so is docker.socket, docker
-d (without -F fd://) will create and delete /var/run/docker.sock.
Starting docker.service again will restart docker.socket, which will
create the file an all is happy in the word.
Signed-off-by: Eric Paris <eparis@redhat.com>
Failure to do this means that file capabilites are not preserved in the image.
Ping fails to work as a non-root user if cap_net_raw is capability is not set
Signed-off-by: Dan Griffin <dgriffin@peer1.com>
The biggest/bestest change here is cutting down on the number of calls to Docker in the filtering helpers (`__docker_containers_running`, etc), especially calls to the really heavy `docker images`.
Signed-off-by: Andrew Page <admwiggin@gmail.com>
debootstrap needs the suite as the second argument, for this the script
reorders arguments beginning with a minus but components separated by
space, as stated by the help message, is not handled and will lead to
the rootfs being passed as suite to debootstrap.
The poor mans solution is to fix the help message to pass the long
option as one argument.
Signed-off-by: Julian Taylor <jtaylor.debian@googlemail.com>
security-opts will allow you to customise the security subsystem.
For example the labeling system like SELinux will run on a container.
--security-opt="label:user:USER" : Set the label user for the container
--security-opt="label:role:ROLE" : Set the label role for the container
--security-opt="label:type:TYPE" : Set the label type for the container
--security-opt="label:level:LEVEL" : Set the label level for the container
--security-opt="label:disabled" : Turn off label confinement for the container
Since we are passing a list of string options instead of a space separated
string of options, I will change function calls to use InitLabels instead of
GenLabels. Genlabels interface is Depracated.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
This change will allow the Docker daemon's init script to wait up to 5
minutes before being forcibly terminated by the initscript. Many
non-trivial containers will take more than the default 3 seconds to
stop, which can result in containers whose rootfs is still mounted and
will not restart when the daemon starts up again, or worse, orphan
processes that are still running.
Signed-off-by: Steven Merrill <steven.merrill@gmail.com>
zsh completion is updated with the content of
felixr/docker-zsh-completion.
The major change since the last merge is the removal of use of
sed/awk. This should help a lot OSX users who previously had to install
gawk and gsed.
Docker-DCO-1.1-Signed-off-by: Vincent Bernat <vincent@bernat.im> (github: vincentbernat)
Later versions of `apt` are smart enough to just create this directory if it's missing, but Lucid balks (just like `gnupg` and `gpgv` aren't in the Required set so don't come in a minbase -- good ol' Lucid).
Signed-off-by: Andrew Page <admwiggin@gmail.com>
- add `set -e` to make failing commands bail the script
- remove trailing `exit 0` which is just extraneous anyhow
- adjust `status_of_proc` options to pass in `$DOCKER_DESC` so we get consistently styled messages like `Docker is running` or `Docker is not running` or `could not access PID file for Docker`
Signed-off-by: Andrew Page <admwiggin@gmail.com>
This allows signing off commits with `git commit -s`
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Cleaned up DCO regex
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
This should not be done by default but used by adminsys with a drop-in.d file,
for buggy daemons which crash without known fixes.
Docker-DCO-1.1-Signed-off-by: Sébastien Luttringer <seblu@seblu.net> (github: seblu)
If AppArmor is enabled on the current system, but "apparmor_parser" isn't installed, it causes all kinds of issues.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Jessica Frazelle
Alexander Morozov
Jessie Frazelle
Tianon Gravi
David Xia
Shishir Mahajan
Qiang Huang
Harald Albers
Sebastiaan van Stijn
Tibor Vass
Ahmet Alp Balkan
Ma Shimiao
Jörg Thalheim
Matt Bentley
Brian Goff
Jessica Frazelle
David Mackey
Jinsoo Park
Lei Jitang
Vincent Batts
Michael Crosby
Evan Hazlett
Eric Windisch
Arnaud Porterie
Alexander Morozov
Jun-Ru Chang
Lewis Marshall
Maxim Kulkin
Antonio Murdaca
YAMADA Tsuyoshi
Tibor Vass
André Martins
Dan Walsh
moxiegirl
Mabin
Phil Estes
Damjan Georgievski
Vincent Bernat
Lance Kinley
Mike Dillon
Manfred Touron
Lokesh Mandvekar
Mike Leone
Tibor Vass
Coenraad Loubser
Ian Babrou
Jared Biel
Sven Dowideit
Zoltan Tombol
Sven Dowideit
Evan Carmi
David Röthlisberger
Barnaby Gray
Sven Dowideit
Lénaïc Huard
Michal Minar
Vincent Batts
Doug Davis
Solomon Hykes
Vincent Bernat
Eric Paris
Dan Griffin
Michael Scharf
Julian Taylor
Steven Merrill
Thomas LÉVEIL
James Turnbull
Erik Hollensbe
Sébastien Luttringer
Victor Vieux
Michael Crosby