Truncated dir name can't give any useful information, print whole dir
name will.
Bad debug log is like this:
```
DEBU[2449] aufs error unmounting /var/lib/doc: no such file or directory
```
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
(cherry picked from commit af8359562c9561afad0a05e66386588d17788804)
Signed-off-by: Tibor Vass <tibor@docker.com>
This is required to make the libnetwork's namespace mgmt
directory configurable
Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit d3af5e3d4bc0aadf25d571835893a9d5bead56b3)
Signed-off-by: Tibor Vass <tibor@docker.com>
Hostnames are not supported for now because libnetwork can't use them
for overlay networking yet.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit fca0b18dcba99a7fbb8b430a55dc7bf60d5c1356)
Signed-off-by: Tibor Vass <tibor@docker.com>
There are currently problems with "swarm init" and "swarm join" when an
explicit --listen-addr flag is not provided. swarmkit defaults to
finding the IP address associated with the default route, and in cloud
setups this is often the wrong choice.
Introduce a notion of "advertised address", with the client flag
--advertise-addr, and the daemon flag --swarm-default-advertise-addr to
provide a default. The default listening address is now 0.0.0.0, but a
valid advertised address must be detected or specified.
If no explicit advertised address is specified, error out if there is
more than one usable candidate IP address on the system. This requires a
user to explicitly choose instead of letting swarmkit make the wrong
choice. For the purposes of this autodetection, we ignore certain
interfaces that are unlikely to be relevant (currently docker*).
The user is also required to choose a listen address on swarm init if
they specify an explicit advertise address that is a hostname or an IP
address that's not local to the system. This is a requirement for
overlay networking.
Also support specifying interface names to --listen-addr,
--advertise-addr, and the daemon flag --swarm-default-advertise-addr.
This will fail if the interface has multiple IP addresses (unless it has
a single IPv4 address and a single IPv6 address - then we resolve the
tie in favor of IPv4).
This change also exposes the node's externally-reachable address in
docker info, as requested by #24017.
Make corresponding API and CLI docs changes.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit a0ccd0d42fdb0dd2005f67604cb81a5a6b26787e)
Signed-off-by: Tibor Vass <tibor@docker.com>
In 24823, `swarm join` has been updated to take a `--token`
flag and flag `--manager` has been removed. Though in errNoManager()
the error message still use the old description.
This fix update the error message in errNoManager() and conforms
to the current available flags.
This fix is related to 24823.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 3d30155735d572376500729496de657459493213)
Signed-off-by: Tibor Vass <tibor@docker.com>
Implement the proposal from
https://github.com/docker/docker/issues/24430#issuecomment-233100121
Removes acceptance policy and secret in favor of an automatically
generated join token that combines the secret, CA hash, and
manager/worker role into a single opaque string.
Adds a docker swarm join-token subcommand to inspect and rotate the
tokens.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 2cc5bd33eef038bf5721582e2410ba459bb656e9)
Signed-off-by: Tibor Vass <tibor@docker.com>
This fix is an extension to last commit to expand the partial
filter to node and task searches.
Additional integration tests have been added to cover the changes.
This fix fixes 24270.
This fix fixes 24112.
Note: A separate pull request will be opened on swarmkit.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit e734fa58eadb4dfaa33b4be275d6f8f29d899e78)
Signed-off-by: Tibor Vass <tibor@docker.com>
This fix tries to address the issue raised in 24270 where it was
not possible to have a partial name match when list services
with name filter.
This fix updates swarmkit and allows prefix search when name is
provided as the filter for listing services.
An additional integration test is added to cover the changes.
This fix fixes 24270.
Note: A separate pull request will be opened on swarmkit.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 1d600ebcb5750c4c93356fae08e562d836ecee45)
Signed-off-by: Tibor Vass <tibor@docker.com>
This version introduces the following:
- uses nanosecond timestamps for event
- ensure events are sent once their effect is "live"
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit 29b2714580d085533c29807fa337c2b7a302abb6)
Signed-off-by: Tibor Vass <tibor@docker.com>
Adds log driver support for service creation and update. Add flags
`--log-driver` and `--log-opt` to match `docker run`. Log drivers are
configured per service.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit e778ba2d5b1e5074fe413dffaa365f3d37b175c7)
Signed-off-by: Tibor Vass <tibor@docker.com>
This adds the `--live-restore` option to the documentation.
Also synched usage description in the documentation
with the actual description, and re-phrased some
flag descriptions to be a bit more consistent.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 64a8317a5a306dffd0ec080d9ec5b4ceb2479a01)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Lei Jitang <leijitang@huawei.com>
(cherry picked from commit d9e8cea1b666cc22d6747482ad16600cb9dc6fa1)
Signed-off-by: Tibor Vass <tibor@docker.com>
This adds an `--oom-score-adjust` flag to the daemon so that the value
provided can be set for the docker daemon's process. The default value
for the flag is -500. This will allow the docker daemon to have a
less chance of being killed before containers do. The default value for
processes is 0 with a min/max of -1000/1000.
-500 is a good middle ground because it is less than the default for
most processes and still not -1000 which basically means never kill this
process in an OOM condition on the host machine. The only processes on
my machine that have a score less than -500 are dbus at -900 and sshd
and xfce( my window manager ) at -1000. I don't think docker should be
set lower, by default, than dbus or sshd so that is why I chose -500.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
(cherry picked from commit a894aec8d81de5484152a76d76b80809df9edd71)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 7dff31064824ed1f9b046fe5c29bd707e663ee0b)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 5f7b1b604c9e44477aee196b17fb4b5692cbbaa6)
Signed-off-by: Tibor Vass <tibor@docker.com>
Add option to skip kernel check for older kernels which have been patched to support multiple lower directories in overlayfs.
Fixes#24023
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit ff98da0607c4d6a94a2356d9ccaa64cc9d7f6a78)
Signed-off-by: Tibor Vass <tibor@docker.com>
For any operation that involves netwoks (other than network create),
swarmkit expects the target as network-id. Service upate was using
network-name as the target and that caused the issue.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit b32cfb32a3f654f27bc9d4356b36c6a7e5e53b21)
Signed-off-by: Tibor Vass <tibor@docker.com>
This fix tries to address the issue raised in #24374 where
`docker info` outputs seccomp support in Ubuntu 14.04 but
the seccomp wass not actually supported.
The issue is that in the current docker implementation, seccomp
support is only checked against the kernel by inspect CONFIG_SECCOMP
and CONFIG_SECCOMP_FILTER. However, seccomp might not be enabled
when building docker (through golang build flag).
This fix adds a supportSeccomp boolean variable. The supportSeccomp
is only set to true when seccomp is enabled when building docker.
This fix fixes#24374.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit a3b9dd89a1b19e7f84617b91f3756ae816c11035)
Signed-off-by: Tibor Vass <tibor@docker.com>
Fix#24357
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
(cherry picked from commit 253933220965574422aa6679255359d8bd15d435)
Signed-off-by: Tibor Vass <tibor@docker.com>
This patch makes sure daemon resources are cleaned up on shutdown if
there are no running containers.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 2d5dc94b9b547a9ba73f7b613e358b03fdfb2b84)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
(cherry picked from commit 59162641cc20640afb785540b5f47178835de656)
Signed-off-by: Tibor Vass <tibor@docker.com>
Needed for libnetwork vendoring
Update Secret API name change correspondingly
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit d428a7a425f071ee9e5707c7319d3197540adc19)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit a859a336475f39c7b7d7739c58a1dae40df86a86)
Signed-off-by: Tibor Vass <tibor@docker.com>
In the API:
`Writable` changed to `ReadOnly`
`Populate` changed to `NoCopy`
Corresponding CLI options updated to:
`volume-writable` changed to `volume-readonly`
`volume-populate` changed to `volume-nocopy`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 56f3422468a0b43da7bae7a01762ce4f0a92d9ff)
Signed-off-by: Tibor Vass <tibor@docker.com>
In order to keep a little bit of "sanity" on the API side, validate
hostname only starting from v1.24 API version.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 6daf3d2a783fd042e870c8af8bbd19fc28989505)
Signed-off-by: Tibor Vass <tibor@docker.com>
* Detect name conflicts on network creation
* Detect and prevent network connect/disconnect for managed containers
Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit 0ce5158a2a9a3f10a62d3c1ea289c55e524cdac5)
Signed-off-by: Tibor Vass <tibor@docker.com>
… on `docker node tasks` and `docker service tasks` commands.
This changes is mainly server-side (between engine api and
swarmkit). There is just a check in `api/client/service/tasks.go` to
handle the special *self* meaning.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit b0fc5a21f1138f48e0431a550c936e8908d72840)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Francis Chuang <francis.chuang@boostport.com>
(cherry picked from commit 1205a5584650388f36cda922556a31cbce827915)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Otto Kekäläinen <otto@seravo.fi>
(cherry picked from commit 644a7426cc31c338fedb6574d2b88d1cc2f43a08)
Signed-off-by: Tibor Vass <tibor@docker.com>
Swarm was putting volume type mounts into the container config's
"Volumes" field, but really these need to go into "Binds".
"Volumes" is only for normal "-v /foo" volumes, not named volumes or
anything else.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 2bc2165cbf3e949921d1659f09841b5f008f590d)
Signed-off-by: Tibor Vass <tibor@docker.com>
For consistency with other filters (such as
"is-official"), this renames the desired_state
filter to "desired-state".
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d761719eb4e45fbd6f092f6d0b4eb42206e298f6)
Signed-off-by: Tibor Vass <tibor@docker.com>
Zhang Wei