- Return an error if any of the keys don't match valid flags.
- Fix an issue ignoring merged values as named values.
- Fix tlsverify configuration key.
- Fix bug in mflag to avoid panics when one of the flag set doesn't have any flag.
Signed-off-by: David Calavera <david.calavera@gmail.com>
- Set the daemon log level to what's set in the configuration.
- Enable TLS when TLSVerify is enabled.
Signed-off-by: David Calavera <david.calavera@gmail.com>
During daemon startup, all containers are registered before any are
started.
During container registration it was calling out to initialize volumes.
If the volume uses a plugin that is running in a container, this will
cause the restart of that container to fail since the plugin is not yet
running.
This also slowed down daemon startup since volume initialization was
happening sequentially, which can be slow (and is flat out slow since
initialization would fail but take 8 seconds for each volume to do it).
This fix holds off on volume initialization until after containers are
restarted and does the initialization in parallel.
The containers that are restarted will have thier volumes initialized
because they are being started. If any of these containers are using a
plugin they will just keep retrying to reach the plugin (up to the
timeout, which is 8seconds) until the container with the plugin is up
and running.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
`daemon.execCommandGC`
The daemon object (grep execCommandGC) iterate over a map
(grep execCommands.Commands) in a goroutine.
Lock can't protect concurrency access in this case.
Exec command storage object should return a copy of commands instead.
Signed-off-by: Pei Su <sillyousu@gmail.com>
this prevents the copier from sending messages in the buffer to the closed
driver. If the copied took longer than the timeout to drain the buffer, this
aborts the copier read loop and return back so we can cleanup resources
properly.
Signed-off-by: Daniel Dao <dqminh@cloudflare.com>
Currently builder.Backend is implemented by daemonbuilder.Docker{} for
the daemon. This registration happens in the API/server code. However,
this is too implementation specific. Ideally we should be able to specify
that docker daemon (or any other) is implementing the Backend and abstract
the implementation details. So we should remove package daemonbuilder
dependency in build_routes.go
With this change, daemonbuilder.Docker is nothing more than the daemon.
A follow on change will remove the daemonbuilder package and move relevant
methods under daemon, so that API only knows about the backend.
Also cleanup code in api/client/build.go. docker cli always performs build
context tar download for remoteURLs and sends an empty remoteContext. So
remove relevant dead code.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Fixes: #18890
This fix add same filter validation logic as images. We should
add such check to make sure filters work make sense to end-users
Right now, we keep old use 1 as filter, but in long term, it should
be have same interface checking as images, it could be improved in
other patches.
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
Issue was caused when exec is tarted, exits, then stated again.
In this case, `Close` is called twice, which closes a channel twice.
Changes execConfig.ExitCode to a pointer so we can test if the it has
been set or not.
This allows us to return early when the exec has already been run.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Read configuration after flags making this the priority:
1- Apply configuration from file.
2- Apply configuration from flags.
Reload configuration when a signal is received, USR2 in Linux:
- Reload router if the debug configuration changes.
- Reload daemon labels.
- Reload cluster discovery.
Signed-off-by: David Calavera <david.calavera@gmail.com>
This is related image fix for Propose #19153
for volume related change, would use another patch
to fix that.
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
docker's network disconnect api now supports `Force` option which can be
used to force cleanup an endpoint from any host in the cluster.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Instead of warning the caller who is disabling OOM killer that the
feature isn't available, only warn if they are trying to **enable** OOM
killer and it can't be done.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Fixes: #19278
The issue seems existed since we add support for OomKillDisable,
OomKillDisable support should not be hard request, we just
discard it if not support and move on.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Rather than using 2 different functions for different
types of conflicts use a bitmask to specify what
conflicts need to be checked. This allows a better way
to make exceptions.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Currently on daemon start volumes are "created" which involves invoking
a volume driver if needed. If this process fails the mount is left in a
bad state in which there is no source or Volume set. This now becomes
an unrecoverable state in which that container can not be started. The
only way to fix is to restart the daemon and hopefully you don't get
another error on startup.
This change moves "createVolume" to be done at container start. If the
start fails it leaves it in the state in which you can try another
start. If the second start can contact the volume driver everything
will recover fine.
Signed-off-by: Darren Shepherd <darren@rancher.com>
This brings in the container-local alias functionality for containers
connected to u ser-defined networks.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
When pulling an image with content trust enabled, two references are
created: a digest reference and a tag reference. Deleting by tag
wouldn't actually remove the image, because the digest reference keeps
it alive.
This change modifies the rmi logic so that digest references don't keep
an image alive. If the last tag referencing a given image is deleted,
any digest references to it will be removed as well, so the image can
actually get deleted. This fixes the usability problem with deletions
when content trust is in use, so something like "docker pull busybox;
docker rmi busybox" will work as expected.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
It's like `MemorySwappiness`, the default value has specific
meaning (default false means enable oom kill).
We need to change it to pointer so we can update it after
container is created.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
(cherry picked from commit 9c2ea42329179c589f5a8991ccf0253eb10fc897)
Conflicts:
vendor/src/github.com/docker/engine-api/types/container/host_config.go
- In case --fixed-cidr-v6 is specified and docker0 bridge already
has a global scope IPv6 address belonging to that v6 network
(likely from a previous daemon instance), to maintain consistency
with what done for the docker0 IPv4 address, daemon has to pass it
down to libnetwork in the IPAMConfig as network gateway to make
sure that the address is not given to some container.
Signed-off-by: Alessandro Boch <aboch@docker.com>
This prevents strange errors and clarifies which namespace options are
incompatible with user namespaces (at this time).
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Instead of just showing the number of containers this patch will
show the number of running, paused and stopped containers as well.
Signed-off-by: Kim Eik <kim@heldig.org>
(cherry picked from commit a9804ab1cb117a132cbf460067d55f5146d50956)
Right now if somebody has enabled deferred device deletion, then
deleteTransaction() returns success even if device could not be deleted. It
has been marked for deferred deletion. Right now we will mark device ID free
and potentially use it again when somebody tries to create new container. And
that's wrong. Device ID is not free yet. It will become free once devices
has actually been deleted by the goroutine later.
So move the location of call to markDeviceIDFree() to a place where we know
device actually got deleted and was not marked for deferred deletion.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Before #16032, once links were setup
in the sqlite db, hostConfig.Links was cleared out.
This means that we need to migrate data back out of the sqlite db and
put it back into hostConfig.Links so that links specified on older
daemons can be used.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
CreateEndpoint will check if the endpoint exist or not, so there is no
need to check before call CreatEndpoint in connectToNetwork since
checking the existence of the endpoint could take much time especially
if we use external K-V store, this would slow down the staring of container.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
Jessica Frazelle
Phil Estes
Brian Goff
David Calavera
Tibor Vass
Alessandro Boch
Alexander Morozov
Tonis Tiigi
Vincent Demeester
Lei Jitang
Pei Su
Madhu Venugopal
Antonio Murdaca
Daniel Dao
Anusha Ragunathan
Kai Qiang Wu(Kennan)
Daniel Nephin
Sebastiaan van Stijn
Ryan Belgrave
Phil Estes
Tibor Vass
Shishir Mahajan
Alexander Morozov
Chun Chen
Qiang Huang
Darren Shepherd
Jess Frazelle
Aaron Lehmann
Kim Eik
Vivek Goyal
Justin Cormack
Arnaud Porterie