To make docker inspect return a consistent result of networksettings
for created container and stopped container, it's bettew to update
the network settings on container creating.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
This commit adds a transfer manager which deduplicates and schedules
transfers, and also an upload manager and download manager that build on
top of the transfer manager to provide high-level interfaces for uploads
and downloads. The push and pull code is modified to use these building
blocks.
Some benefits of the changes:
- Simplification of push/pull code
- Pushes can upload layers concurrently
- Failed downloads and uploads are retried after backoff delays
- Cancellation is supported, but individual transfers will only be
cancelled if all pushes or pulls using them are cancelled.
- The distribution code is decoupled from Docker Engine packages and API
conventions (i.e. streamformatter), which will make it easier to split
out.
This commit also includes unit tests for the new distribution/xfer
package. The tests cover 87.8% of the statements in the package.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
It makes the behavior completely consistent across commands.
It adds tests to check that execution stops when an element is not
found.
Signed-off-by: David Calavera <david.calavera@gmail.com>
This test was directly comparing lines of output from "docker images".
Sometimes, when busybox had been pushed to the hub recently, the
relative creation times would differ like this:
... obtained []string = []string{"busybox", "latest", "d9551b4026f0", "27", "minutes", "ago", "1.113", "MB"}
... expected []string = []string{"busybox", "latest", "d9551b4026f0", "26", "minutes", "ago", "1.113", "MB"}
Fixing by removing the time-since-creation fields from the comparison.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Each plug-in operates as a separate service, and registers with Docker
through general (plug-ins API)
[https://blog.docker.com/2015/06/extending-docker-with-plugins/]. No
Docker daemon recompilation is required in order to add / remove an
authentication plug-in. Each plug-in is notified twice for each
operation: 1) before the operation is performed and, 2) before the
response is returned to the client. The plug-ins can modify the response
that is returned to the client.
The authorization depends on the authorization effort that takes place
in parallel [https://github.com/docker/docker/issues/13697].
This is the official issue of the authorization effort:
https://github.com/docker/docker/issues/14674
(Here)[https://github.com/rhatdan/docker-rbac] you can find an open
document that discusses a default RBAC plug-in for Docker.
Signed-off-by: Liron Levin <liron@twistlock.com>
Added container create flow test and extended the verification for ps
Since seccomp is still a configurable build-tag, add a requirements
entry for seccomp, as well as move seccomp tests to "_unix" given it
won't be applicable to other platforms at this time.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
This test can fail if it is run close to a second boundary:
FAIL: docker_cli_logs_test.go:169: DockerSuite.TestLogsSince
docker_cli_logs_test.go:183:
c.Assert(out, checker.Not(checker.Contains), v,
check.Commentf("unexpected log message returned, since=%v", since))
... obtained string = "" +
... "2015-12-07T19:54:45.000551883Z 1449518084 log2\n" +
... "2015-12-07T19:54:47.001310929Z 1449518086 log3\n"
... substring string = "log2"
... unexpected log message returned, since=1449518085
The problem is that it generates log lines using date +%s and uses that
timestamp as a reference for log filtering with (--since) later on in
the test. However, the timestamp that date +%s generates may not match
the log timestamp.
This commit changes the test to parse the log timestamp itself instead
of relying on a parallel timestamp.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Removed images were not cleaned up from the
digest-set that is used for the search index.
Fixes#18437
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This solves a bug where /etc may have pre-existing permissions from
build time, but init layer setup (reworked for user namespaces) was
assuming root ownership. Adds a test as well to catch this situation in
the future.
Minor fix to wrong ordering of chown/close on files created during the
same initlayer setup.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Following `docker inspect` conventions:
- Keep partial info in a buffer to not print incomplete template outputs.
- Break execution when template parsing or decoding fail.
Signed-off-by: David Calavera <david.calavera@gmail.com>
A TopicFunc is an interface to let the pubisher decide whether it needs
to send a message to a subscriber or not. It returns true if the
publisher must send the message and false otherwise.
Users of the pubsub package can create a subscriber with a topic
function by calling `pubsub.SubscribeTopic`.
Message delivery has also been modified to use concurrent channels per
subscriber. That way, topic verification and message delivery is not
o(N+M) anymore, based on the number of subscribers and topic verification
complexity.
Using pubsub topics, the API stops controlling the message delivery,
delegating that function to a topic generated with the filtering
provided by the user. The publisher sends every message to the
subscriber if there is no filter, but the api doesn't have to select
messages to return anymore.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Improves the current filtering implementation complixity.
Currently, the best case is O(N) and worst case O(N^2) for key-value filtering.
In the new implementation, the best case is O(1) and worst case O(N), again for key-value filtering.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Makes it easier to debug in the future given three different docker run
executions were all outputting the same error string.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
It will Tar up contents of child directory onto tmpfs if mounted over
This patch will use the new PreMount and PostMount hooks to "tar"
up the contents of the base image on top of tmpfs mount points.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Closes#9798
@maintainers please note that this is a change to the UX. We no longer
require the -f flag on `docker tag` to move a tag from an existing image.
However, this does make us more consistent across our commands,
see https://github.com/docker/docker/issues/9798 for the history.
Signed-off-by: Doug Davis <dug@us.ibm.com>
libcontainer v0.0.4 introduces setting `/proc/self/oom_score_adj` to
better tune oom killing preferences for container process. This patch
simply integrates OomScoreAdj libcontainer's config option and adjust
the cli with this new option.
Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Cgroup integtaion tests should cover:
- docker can run sucessfully with these options
- these cgroup options are set to HostConfig as expected
- these cgroup options are really set to cgroup files as expected
- other cases (wrong value, combinations etc..)
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Moved a defer up to a better spot.
Fixed TestUntarPathWithInvalidDest to actually fail for the right reason
Closes#18170
Signed-off-by: Doug Davis <dug@us.ibm.com>
Add distribution package for managing pulls and pushes. This is based on
the old code in the graph package, with major changes to work with the
new image/layer model.
Add v1 migration code.
Update registry, api/*, and daemon packages to use the reference
package's types where applicable.
Update daemon package to use image/layer/tag stores instead of the graph
package
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This commit enhance `docker network rm` command to allow user to delete
multi networks at the same time.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Fixes#16555
Original docker `cp` always copy symbol link itself instead of target,
now we provide '-L' option to allow docker to follow symbol link to real
target.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
* This commit will mark --before and --since as deprecated, but leave their behavior
unchanged until they are removed, then re-implement them as options for --filter.
* And update the related docs.
* Update the integration tests.
Fixes issue #17716
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
- isZeroValue function from upstream go
- covers booleans, strings and numbers
- change integration to reflect new behavior
- resolves#9406
Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
This fixes an issue where two images with the same filesystem contents
and configuration but different remote IDs could share a v1Compatibility
file, resulting in corrupted manifests.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Modified TestInspectApiCpusetInConfigPre120 and
TestContainerApiCreateWithCpuSharesCpuset for working on unicore cpu
environment.
Signed-off-by: Daehyeok Mun <daehyeok@gmail.com>
The test case creates a mount point, starts the daemon with the
graph dir pointing to the mount and initates a pull request. We should
be able to check for the error message when the mount point gets filled
during pull.
Signed-off-by: Anil Belur <askb23@gmail.com>
This change will allow us to run SELinux in a container with
BTRFS back end. We continue to work on fixing the kernel/BTRFS
but this change will allow SELinux Security separation on BTRFS.
It basically relabels the content on container creation.
Just relabling -init directory in BTRFS use case. Everything looks like it
works. I don't believe tar/achive stores the SELinux labels, so we are good
as far as docker commit.
Tested Speed on startup with BTRFS on top of loopback directory. BTRFS
not on loopback should get even better perfomance on startup time. The
more inodes inside of the container image will increase the relabel time.
This patch will give people who care more about security the option of
runnin BTRFS with SELinux. Those who don't want to take the slow down
can disable SELinux either in individual containers or for all containers
by continuing to disable SELinux in the daemon.
Without relabel:
> time docker run --security-opt label:disable fedora echo test
test
real 0m0.918s
user 0m0.009s
sys 0m0.026s
With Relabel
test
real 0m1.942s
user 0m0.007s
sys 0m0.030s
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
The docker run commands in these tests uses the -m flag,
so the tests should require that it's supported to run.
Fixes 17215 (maybe)
Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
- Logic is broken when gateway ip falls in ip-range
and ip-range is not the first block in the network
Signed-off-by: Alessandro Boch <aboch@docker.com>
Closes#17781
This allows for env vars in EXPOSE to be parsed for spaces so that each
"word" is then treated independently instead of as a single word/arg.
Signed-off-by: Doug Davis <dug@us.ibm.com>
So we don't print those <no value> in the client and we don't fail
executing inspect templates with API field names.
Make sure those fields are initialized as empty slices when
a container is loaded from disk and their values are nil.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Container has private network namespace can not to connect to host
and container with host network can not be disconnected from host.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
Since --exec-driver flag has been removed, we don't need environment
DOCKER_EXECDRIVER in integration-cli and Makefile any more.
Signed-off-by: Lei Jitang <leijiang@huawei.com>
This patch adds the ability to run `docker stats` w/o arguments and get
statistics for all running containers by default. Also add a new
`--all` flag to list statistics for all containers (like `docker ps`).
New running containers are added to the list as they show up also.
Add integration tests for this new behavior.
Docs updated accordingly. Fix missing stuff in man/commandline
reference for `docker stats`.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Fixes#17290
Fixes following issues:
- Cache checksums turning off while walking a broken symlink.
- Cache checksums were taken from symlinks while targets were actually copied.
- Copying a symlink pointing to a file to a directory used the basename of the target as a destination basename, instead of basename of the symlink.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
The LXC driver was deprecated in Docker 1.8.
Following the deprecation rules, we can remove a deprecated feature
after two major releases. LXC won't be supported anymore starting on Docker 1.10.
Signed-off-by: David Calavera <david.calavera@gmail.com>
This commit makes `docker network inspect` print container names as
service discovery is based on container name.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
The purpose of this PR is for users to distinguish Docker errors from
contained command errors.
This PR modifies 'docker run' exit codes to follow the chroot standard
for exit codes.
Exit status:
125 if 'docker run' itself fails
126 if contained command cannot be invoked
127 if contained command cannot be found
the exit status otherwise
Signed-off-by: Sally O'Malley <somalley@redhat.com>
This updates the vendored docker/distribution to the current master
branch.
Note the following changes:
- The manifest package was split into manifest/schema1. Most references
to the manifest package in the engine needed to be updated to use
schema1 instead.
- Validation functions in api/v2 were replaced by the
distribution/reference package. The engine code has been updated to
use the reference package for validation where necessary. A future PR
will change the engine to use the types defined in
distribution/reference more comprehensively.
- The reference package explicitly allows double _ characters in
repository names. registry_test.go was updated for this.
- TestPullFailsWithAlteredManifest was corrupting the manifest JSON, now
that the schema1 package unmarshals the correct payload. The test is
being changed to modify the JSON without affecting its length, which
allows the pull to succeed to the point where digest validation
happens.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
- On `docker run --net <network id> ...`
the bug would cause the container to attempt
to connect to the network two times
- Also made sure endpoint creation rollback will
be executed on failures in `func (container *Container) connectToNetwork()`
Signed-off-by: Alessandro Boch <aboch@docker.com>
removed the if/else statements and added c.Assert statements for docker_api_create_test.go.
Removed check.commentf in c.Assert statements
Signed-off-by: Zuhayr Elahi <elahi.zuhayr@gmail.com>
The `d.root` dir is resolved to the full path to the graph dir after the
daemon starts, but on restart, should be set back to the parent (without
the "<uid>.<gid>" ending) so that it uses/resolves to the same graphdir
on restart.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
- As the retrieved info may not be available at
Endpoint creation time for certain network drivers
- Also retrieve the MAC address from Endpoint.Info().Iface()
Signed-off-by: Alessandro Boch <aboch@docker.com>
When an image has multiple tags and rmi is called with force on a tag, only the single tag should be removed.
The current behavior is broken and removes all tags and the image.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This reverts commit d5cd032a86.
Commit caused issues on systems with case-insensitive filesystems.
Revert for now
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Alexander Morozov
Doug Davis
Vivek Goyal
Daehyeok Mun
Justas Brazauskas
Lei Jitang
Antonio Murdaca
David Calavera
Liron Levin
Christopher Jones
Aaron Lehmann
Daniel Nephin
Alessandro Boch
Tibor Vass
Qiang Huang
Derek McGowan
Phil Estes
Doug Davis
Vincent Demeester
Vincent Demeester
Sebastiaan van Stijn
Jess Frazelle
Antonio Murdaca
Tonis Tiigi
Wen Cheng Ma
Ma Shimiao
Jessica Frazelle
Phil Estes
Karol Duleba
Arnaud Porterie
Brian Goff
Sally O'Malley
Dan Walsh
Shuwei Hao
Aditi Rajagopal
Vincent Batts
Antonio Murdaca
Bryan Boreham
Shijiang Wei
Aidan Hobson Sayers
Zhang Wei
Michael Crosby
Stefan Scherer
Morgan Bauer
Madhu Venugopal
Alexander Morozov
Eric Windisch
GoBella
Trevor Pounds
Kunal Kushwaha
Olle Jonsson
Anil Belur
Srini Brahmaroutu
David Lawrence
John Howard
Mike Brown
Todd Whiteman
Mohammed Aaqib Ansari
Zuhayr Elahi
Christy Perez
Santhosh Manohar
Solomon Hykes
Zhang Kun
Donald Huang