In order to keep a little bit of "sanity" on the API side, validate
hostname only starting from v1.24 API version.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 6daf3d2a783fd042e870c8af8bbd19fc28989505)
Signed-off-by: Tibor Vass <tibor@docker.com>
* Detect name conflicts on network creation
* Detect and prevent network connect/disconnect for managed containers
Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit 0ce5158a2a9a3f10a62d3c1ea289c55e524cdac5)
Signed-off-by: Tibor Vass <tibor@docker.com>
… on `docker node tasks` and `docker service tasks` commands.
This changes is mainly server-side (between engine api and
swarmkit). There is just a check in `api/client/service/tasks.go` to
handle the special *self* meaning.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit b0fc5a21f1138f48e0431a550c936e8908d72840)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Francis Chuang <francis.chuang@boostport.com>
(cherry picked from commit 1205a5584650388f36cda922556a31cbce827915)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Otto Kekäläinen <otto@seravo.fi>
(cherry picked from commit 644a7426cc31c338fedb6574d2b88d1cc2f43a08)
Signed-off-by: Tibor Vass <tibor@docker.com>
Swarm was putting volume type mounts into the container config's
"Volumes" field, but really these need to go into "Binds".
"Volumes" is only for normal "-v /foo" volumes, not named volumes or
anything else.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 2bc2165cbf3e949921d1659f09841b5f008f590d)
Signed-off-by: Tibor Vass <tibor@docker.com>
For consistency with other filters (such as
"is-official"), this renames the desired_state
filter to "desired-state".
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d761719eb4e45fbd6f092f6d0b4eb42206e298f6)
Signed-off-by: Tibor Vass <tibor@docker.com>
it's actually not okay to do such trick from multiple goroutines
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
(cherry picked from commit 378f0657f963fa6c854643571e4fe83628466c01)
On stop there were multiple places that marked
`cluster.node` nil. Now stop waits for the node to
set itself nil.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 1a8a473017299c5e999d55d14634874826062fce)
Use StdinPipe to ensure pipe is properly closed after startup
Fixes#23686
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit ad4b3e11fe41080d66ac1780b455246ae18bdc35)
Most modern distros have the limit for the maximum root keys at 1000000
but some do not. Because we are creating a new key for each container
we need to bump this up as the older distros are having this limit at
200.
Using 1000000 as the limit because that is that most distros are setting
this to now. If someone has this value configured over that we do not
change it.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
(cherry picked from commit ca3e4545aa7d0da3a36fef41d85d02e9f2c4d15d)
This also moves the variable holding the default runtime name from the
engine-api repository into docker repository
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit 69af7d0d13670b8e2a03a38b4d9a849fc109b338)
During the renaming of a container, no need to call `container.Lock()`
if `oldName == newName`.
This is a follow-up from #23360 (commit 88d1ee6c112d980a63c625389524047fea32e6d9)
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 7e1ec8d2bd6d1aa77f824a1a4d717a7aa4cc3459)
This warning appears in the course of normal use of swarm mode. Since
it's meant more as an internal TODO than something which should be
exposed to a user, remove the log message.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 39c93cfb47783f2531ba44f062fd9a8b351d2224)
Currently when overlay creates a whiteout file then the overlay2 layer is archived,
the correct tar header will be created for the whiteout file, but the tar logic will then attempt to open the file causing a failure.
When tar encounters such failures the file is skipped and excluded for the archive, causing the whiteout to be ignored.
By skipping the copy of empty files, no open attempt will be made on whiteout files.
Fixes#23863
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit bd13c53f8dc1504c9e681dfabef2afc1685ccec7)
Add api side validation and defaults for init and
join requests.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit fb3eb1c27ef5520571c599ead8a72b343748db39)
If "docker logs" was used on an offline container, the logger is leaked, leaving it up to the finalizer to close the file handle, which could block removal of the container. Further, the json file logger could leak an open handle if the logs are read without follow due to an early return without a close. This change addresses both cases.
Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
(cherry picked from commit 54f11b84d218c1a7ff4ab4e2148819265da213bc)
If there is multiple networks to connect to on container starting,
the order of these networks is random because we "range a map". But
the defautl network "bridge" should be connected first since only
"bridge" support link and we should have do some settings on sandbox
creation, and only the first connect will setting the sandbox.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
(cherry picked from commit 57c0a653e3d0055e63db399019b3b16d4ac97004)
Updates the rmi code to treat canonical references as related to tagged references from the same repository during deletion.
Canonical references with a different repository name will be treated as separate references.
Updates the remove by ID logic to still remove an image if there is a single tag reference and only canonical references to the same repository remaining.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit a281be1c11d61deed7cb2853125e6d489f16aa2e)
we store the active sandbox after daemon.containerd.Restore, but there
is a chance the `Restore` will set the container to exit see
(https://github.com/docker/docker/blob/master/libcontainerd/client_linux.go#L469).
so we should check if the container is really running before add it to
activesandbox.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
(cherry picked from commit 78f3094518b1f3f498bd2629667877f9a87d452f)
We added docs about ecryptfs check but not in code side.
Also refactor code to make it clean.
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
(cherry picked from commit 136323b04315eceffbed61d680878ed23cecc015)
Vincent Demeester
Madhu Venugopal
Derek McGowan
allencloud
Francis Chuang
Otto Kekäläinen
Brian Goff
Sebastiaan van Stijn
Tonis Tiigi
Nishant Totla
Akihiro Suda
Alexander Morozov
Wonjun Kim
Michael Crosby
Kenfe-Mickael Laventure
Aaron Lehmann
Sainath Grandhi
Stefan J. Wernli
bin liu
nick
Lei Jitang
Jana Radhakrishnan
tomwbarlow@gmail.com
Kai Qiang Wu(Kennan)
Victor Vieux