Commit Graph

248 Commits

Author SHA1 Message Date
Madhu Venugopal ead62b5952 Prevent user from deleting pre-defined networks
Signed-off-by: Madhu Venugopal <madhu@docker.com>
2015-10-25 17:17:29 -07:00
John Howard a7e686a779 Windows: Add volume support
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-10-22 10:42:53 -07:00
Tonis Tiigi 504e67b867 Calculate hash based image IDs on pull
Generate a hash chain involving the image configuration, layer digests,
and parent image hashes. Use the digests to compute IDs for each image
in a manifest, instead of using the remotely specified IDs.

To avoid breaking users' caches, check for images already in the graph
under old IDs, and avoid repulling an image if the version on disk under
the legacy ID ends up with the same digest that was computed from the
manifest for that image.

When a calculated ID already exists in the graph but can't be verified,
continue trying SHA256(digest) until a suitable ID is found.

"save" and "load" are not changed to use a similar scheme. "load" will
preserve the IDs present in the tar file.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-10-12 10:51:28 -07:00
Arnaud Porterie b0cbc02283 Merge pull request #15503 from ibuildthecloud/revert-label
Revert "Container don't inherit from image labels"
2015-10-12 10:03:18 -07:00
xlgao-zju 8363f2f171 fix the error msg of func TestParseRunVolumes
Signed-off-by: xlgao-zju <xlgao@zju.edu.cn>
2015-10-10 14:56:50 +08:00
Arnaud Porterie 8e31036816 Merge pull request #16645 from mavenugo/ux
Docker Network UX & remote API changes
2015-10-07 10:44:58 -07:00
Madhu Venugopal 2ab94e11a2 Network remote APIs using new router, --net=<user-defined-network> changes
* Moving Network Remote APIs out of experimental
* --net can now accept user created networks using network drivers/plugins
* Removed the experimental services concept and --default-network option
* Neccessary backend changes to accomodate multiple networks per container
* Integration Tests

Signed-off-by: David Calavera <david.calavera@gmail.com>
Signed-off-by: Madhu Venugopal <madhu@docker.com>
2015-10-07 03:54:19 -07:00
Antonio Murdaca 7539013436 bump libcontainer to 902c012e85cdae6bb68d8c7a0df69a42f818ce96
Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
2015-10-06 17:55:09 +02:00
qhuang aa1780997f Add support for memory reservation
Signed-off-by: qhuang <qhuang@10.0.2.15>
2015-09-23 14:02:45 +08:00
Antonio Murdaca e5a26ec081 Deprecate -c cli short variant flag in docker run
Signed-off-by: Antonio Murdaca <runcom@linux.com>
2015-09-17 15:48:48 +02:00
Madhav Puri 54240f8da9 Support for passing build-time variables in build context
- The build-time variables are passed as environment-context for command(s)
run as part of the RUN primitve. These variables are not persisted in environment of
intermediate and final images when passed as context for RUN. The build environment
is prepended to the intermediate continer's command string for aiding cache lookups.
It also helps with build traceability. But this also makes the feature less secure from
point of view of passing build time secrets.

- The build-time variables also get used to expand the symbols used in certain
Dockerfile primitves like ADD, COPY, USER etc, without an explicit prior definiton using a
ENV primitive. These variables get persisted in the intermediate and final images
whenever they are expanded.

- The build-time variables are only expanded or passed to the RUN primtive if they
are defined in Dockerfile using the ARG primitive or belong to list of built-in variables.
HTTP_PROXY, HTTPS_PROXY, http_proxy, https_proxy, FTP_PROXY and NO_PROXY are built-in
variables that needn't be explicitly defined in Dockerfile to use this feature.

Signed-off-by: Madhav Puri <madhav.puri@gmail.com>
2015-09-16 03:31:15 -07:00
Tim Hockin 3d4685e258 Add support for DNS options
Signed-off-by: Tim Hockin <thockin@google.com>
2015-09-16 14:06:45 -07:00
Lei Jitang 5575b93678 Clean up: remove redundant value assign in runconfig/parse.go
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-09-14 08:30:11 -04:00
David Calavera 0e50d946a2 Signal to stop a container.
Allow to set the signal to stop a container in `docker run`:
- Use `--stop-signal` with docker-run to set the default signal the container will use to exit.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-09-10 19:56:05 -04:00
David Calavera 6549d6517b Move VolumeDriver to HostConfig to make containers portable.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-09-04 12:42:44 -04:00
Antonio Murdaca 17999c70c3 Use StrSlice from pkg/stringutils
Signed-off-by: Antonio Murdaca <runcom@linux.com>
2015-09-01 21:23:46 +02:00
Shijiang Wei ea4a06740b abstract the string slice struct to stringutils package
Signed-off-by: Shijiang Wei <mountkin@gmail.com>
2015-08-29 01:08:40 +08:00
Alexander Morozov 6b21e98432 Merge pull request #15766 from hqhq/hq_fix_device
Add mode check for device
2015-08-24 10:58:49 -07:00
Brian Goff fd8b25c802 Merge pull request #15348 from tonistiigi/11008-always-unless-stopped-restart-policy
Add always-unless-stopped restart policy
2015-08-24 13:48:56 -04:00
Qiang Huang 429423624c Add mode check for device
This fixes two problems:
1. docker run --device /dev/sda:rw ubuntu bash doesn't work
2. --device /dev/zero:/dev/noro:ro doesn't show clear error message,
but fail when writing to cgroup file.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-08-24 17:57:12 +08:00
Qiang Huang b6f1b4ad35 Add support for kernel memory limit
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-08-19 23:56:55 +08:00
Tonis Tiigi 10305dc5e8 Add unless-stopped restart policy
Fixes #11008

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-08-18 11:39:06 -07:00
Sebastiaan van Stijn e1f3a5ad0a Merge pull request #14113 from dit4c/10348-exec-privileged
Remerge of `docker exec --privileged` with better tests
2015-08-16 00:20:41 +02:00
John Howard f6ed590596 Move netmode validation to server
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-08-14 12:17:41 -07:00
Tim Dettrick 03f65b3d0d Revert "Revert "Add docker exec run a command in privileged mode""
This reverts commit 40b71adee3.

Original commit (for which this is effectively a rebased version) is
72a500e9e5 and was provided by Lei Jitang
<leijitang@huawei.com>.

Signed-off-by: Tim Dettrick <t.dettrick@uq.edu.au>
2015-08-13 16:36:44 +10:00
Darren Shepherd 8b91b3cf77 Revert "Container don't inherit from image labels"
This reverts commit 79621c7728.

Signed-off-by: Darren Shepherd <darren@rancher.com>
2015-08-11 17:01:57 -07:00
Antonio Murdaca 4177b0bae0 Add hostConfig check before starting a container
It may happen that host system settings are changed while the daemon is running.
This will cause errors at libcontainer level when starting a container with a
particular hostConfig (e.g. hostConfig with memory swappiness but the memory
cgroup was umounted).
This patch adds an hostConfig check on container start to prevent the daemon
from even calling libcontainer with the wrong configuration as we're already
doing on container's creation).

Signed-off-by: Antonio Murdaca <runcom@linux.com>
(cherry picked from commit 0d2628cdf19783106ae8723f51fae0a7c7f361c6)
2015-08-06 15:46:10 -07:00
David Calavera f41f62b6cc Add MemorySwappiness comment back.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-07-29 16:41:46 -07:00
David Calavera 4e25d2982b Use *int64 for MemorySwappiness.
So we marshal/unmarshal its value properly when it's empty.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-07-29 14:14:04 -07:00
Darren Shepherd 421786e925 Make ParseDevice public
This reverts the change in 5170a2c096 that made ParseDevice private

Signed-off-by: Darren Shepherd <darren@rancher.com>
2015-07-29 02:12:35 -07:00
Vincent Demeester 5170a2c096 Lint fixes on runconfig
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-07-27 21:23:15 +02:00
Tibor Vass 96ce3a194a cli: new daemon command and new cli package
This patch creates a new cli package that allows to combine both client
and daemon commands (there is only one daemon command: docker daemon).

The `-d` and `--daemon` top-level flags are deprecated and a special
message is added to prompt the user to use `docker daemon`.

Providing top-level daemon-specific flags for client commands result
in an error message prompting the user to use `docker daemon`.

This patch does not break any old but correct usages.

This also makes `-d` and `--daemon` flags, as well as the `daemon`
command illegal in client-only binaries.

Signed-off-by: Tibor Vass <tibor@docker.com>
2015-07-23 19:44:46 -04:00
David Calavera 36106a20ca Merge pull request #14682 from duglin/Issue14621
Remove panic in nat package on invalid hostport
2015-07-21 15:48:51 -07:00
David Calavera c4d45b6a29 Promote volume drivers from experimental to master.
Remove volume stubs and use the experimental path as the only path.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-07-21 09:32:44 -07:00
Qiang Huang 6f8ddec1d0 Simplify swappiness check
As suggested in https://github.com/docker/docker/pull/14004/files#r34022527

The concern there is we can't differentiate whether user explicitly
asked for an invalid value of -1 or he did not specify anything.

I don't think this would be a problem, because:
 - like all other default values like zero, we can't differentiate
   user specify it or not, most of which, zeros are also invalid, so
   default is default, we show these default values in help info,
   so users would know if they set value as default, it'll be like
   they set nothing.
 - we can't do this kind of string check in REST api request, so
   it'll make the behave different from docker command and RESTapi.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-07-20 16:10:10 +08:00
Sebastiaan van Stijn 415f744d0c Merge pull request #11485 from wlan0/rollover_log
Add rollover log driver, and --log-driver-opts flag
2015-07-17 22:41:26 +02:00
Doug Davis 12b6083c8f Remove panic in nat package on invalid hostport
Closes #14621

This one grew to be much more than I expected so here's the story... :-)
- when a bad port string (e.g. xxx80) is passed into container.create()
  via the API it wasn't being checked until we tried to start the container.
- While starting the container we trid to parse 'xxx80' in nat.Int()
  and would panic on the strconv.ParseUint().  We should (almost) never panic.
- In trying to remove the panic I decided to make it so that we, instead,
  checked the string during the NewPort() constructor.  This means that
  I had to change all casts from 'string' to 'Port' to use NewPort() instead.
  Which is a good thing anyway, people shouldn't assume they know the
  internal format of types like that, in general.
- This meant I had to go and add error checks on all calls to NewPort().
  To avoid changing the testcases too much I create newPortNoError() **JUST**
  for the testcase uses where we know the port string is ok.
- After all of that I then went back and added a check during container.create()
  to check the port string so we'll report the error as soon as we get the
  data.
- If, somehow, the bad string does get into the metadata we will generate
  an error during container.start() but I can't test for that because
  the container.create() catches it now.  But I did add a testcase for that.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-07-17 13:02:54 -07:00
David Calavera ecdbf86884 Merge pull request #13694 from vdemeester/opts-test-coverage
Tests, refactor and coverage on package opts
2015-07-14 15:09:48 -07:00
Qiang Huang c3b77bbe8b Docs: fix commandline doc create.md and run.md
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-07-14 09:26:59 +08:00
Mrunal Patel e0d96fb3ef Adds support for specifying additional groups.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-07-13 14:47:28 -04:00
Phil Estes 441ae6c943 Merge pull request #14004 from ktraghavendra/13938_container_swappiness
Add the memory swappiness tuning option to docker.
2015-07-13 09:22:08 -04:00
Antonio Murdaca 26ce3f4c90 Add minor vet fixes
Signed-off-by: Antonio Murdaca <runcom@linux.com>
2015-07-12 19:16:38 +02:00
Vincent Demeester dfc6c04fa3 Add test coverage to opts and refactor
- Refactor opts.ValidatePath and add an opts.ValidateDevice
  ValidePath will now accept : containerPath:mode, hostPath:containerPath:mode
  and hostPath:containerPath.
  ValidateDevice will have the same behavior as current.

- Refactor opts.ValidateEnv, opts.ParseEnvFile
  Environment variables will now be validated with the following
  definition :
  > Environment variables set by the user must have a name consisting
  > solely of alphabetics, numerics, and underscores - the first of
  > which must not be numeric.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-07-12 10:33:30 +02:00
Raghavendra K T 921da495d2 Add the memory swappiness tuning option to docker.
Memory swappiness option takes 0-100, and helps to tune swappiness
behavior per container.
For example, When a lower value of swappiness is chosen
the container will see minimum major faults. When no value is
specified for memory-swappiness in docker UI, it is inherited from
parent cgroup. (generally 60 unless it is changed).

Signed-off-by: Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
2015-07-12 13:16:33 +05:30
John Howard 9ae9d4c87a Windows: Exec driver
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-10 13:36:56 -07:00
John Howard c1b524486c Fix Windows CI fail due to GH13866 and patch up tests
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-09 10:09:45 -07:00
Brian Goff 42eb82ae92 Merge pull request #14477 from Microsoft/10662-runconfig-oopsie
Windows: Wrong build tag in runconfig
2015-07-08 15:34:05 -04:00
John Howard 4cd9301692 Windows: Wrong build tag in runconfig
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-08 11:38:28 -07:00
Michael Crosby 691b2851f7 Always attach STDIN if -i,--interactive is specified
There is no reason to error out or not do what the user expects when -i
is specified on the cli.  We should always attach to the stdin of the
container in this situation.

Closes #14390

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-07-06 15:24:23 -07:00
Antonio Murdaca a5be803458 Add break after key is found in for loop
Signed-off-by: Antonio Murdaca <runcom@linux.com>
2015-07-03 20:37:34 +02:00