When using encrypted vxlan network, some of the xfrm states are left
stale. This fix also filters out self advertise-addr rules.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit 6a754a4eef4463ed7c712a1ebe5bc38e2a957c42)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit e462b4507a7020ae96ec4f4806877bff3a0cae99)
Signed-off-by: Tibor Vass <tibor@docker.com>
Swarm mode makes it possible through the API to set labels to containers
but not through command line. This tries to fix it.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 4031d70d1be2f02e1c9d6f7738f2a816be7eeef2)
Signed-off-by: Tibor Vass <tibor@docker.com>
With digests being added by default, all images have multiple references.
The check for whether force is required to remove the reference should use the new check for single reference which accounts for digest references.
This change restores pre-1.12 behavior and ensures images are not accidentally left dangling while a container is running.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit 1f7a9b1ab3d261de5be7d490e7e4f978f317242f)
Signed-off-by: Tibor Vass <tibor@docker.com>
Relative paths are now calculated from a base path rather than from the file path, which gets treated like a directory.
Symlinks will now properly point to the file as "../<layer dir>/layer.tar" rather the incorrect "../../<layer dir>/layer.tar".
Fixes#24951
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit 5487881e120e927d7210adf0cb09181092c3ab35)
Signed-off-by: Tibor Vass <tibor@docker.com>
Ensure that cancellation of a pull propagates rather than continuing to
container creation. This ensures that the `Prepare` method is properly
re-entrant.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit d99c6b837ffd18ffe5bce801feb4936bf0edd2aa)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 85bc3194aa12c19a5bd755666d1e9617dc1bb322)
Signed-off-by: Tibor Vass <tibor@docker.com>
Instead reserve exit code 2 to be future proof, document that it should
not be used. Implementation-wise, it is considered as unhealthy, but
users should not rely on this as it may change in the future.
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 91e9f3831330c63f8351b9fc3f7c31b3229505be)
Signed-off-by: Tibor Vass <tibor@docker.com>
This adds a guide with recommendations on how to setup
Managers and keep the Swarm cluster healthy.
Signed-off-by: Alexandre Beslic <alexandre.beslic@gmail.com>
(cherry picked from commit 24f87f26e73a49383e0606813a86ed96da7f5a18)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Charles Smith <charles.smith@docker.com>
(cherry picked from commit c406711cc0c5c47f2a36a54becae49c24e0c31c9)
Signed-off-by: Tibor Vass <tibor@docker.com>
This changes the default behavior so that rolling updates will not
proceed once an updated task fails to start, or stops running during the
update. Users can use docker service inspect --pretty servicename to see
the update status, and if it pauses due to a failure, it will explain
that the update is paused, and show the task ID that caused it to pause.
It also shows the time since the update started.
A new --update-on-failure=(pause|continue) flag selects the
behavior. Pause means the update stops once a task fails, continue means
the old behavior of continuing the update anyway.
In the future this will be extended with additional behaviors like
automatic rollback, and flags controlling parameters like how many tasks
need to fail for the update to stop proceeding. This is a minimal
solution for 1.12.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 57ae29aa74e77ade3c91b1c77ba766512dae9ab4)
Signed-off-by: Tibor Vass <tibor@docker.com>
When daemon has liveRestore set, daemon shutdown should not shutdown
plugins. Fixes#24759
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 4a44cf1d4c8e540b67aaa3834291a964c6ab7524)
Signed-off-by: Tibor Vass <tibor@docker.com>
This was preventing the "exit" event to be correctly processed during
the restore process without live-restore enabled.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit ac068a1f9de2b20b145b5682cd514c1f6b1fac17)
Signed-off-by: Tibor Vass <tibor@docker.com>
This will make it easier to pinpoint error messages in the daemon
logs.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit 5231c5534679206e20672ca16bbee5c10d699319)
Signed-off-by: Tibor Vass <tibor@docker.com>
- Tasks will display all tasks (`-a` is the default and was removed)
- Nest tasks to help display history
- Display task errors inline
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
(cherry picked from commit edd67fd4ad961f0782f1f94e6a26c95810dd037e)
Signed-off-by: Tibor Vass <tibor@docker.com>
There's existing code to generate these
kind of errors, so make the errors added
in commit cc493a52a46271df82dbebea26038502b85788b9
less DRY.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3fa9d77bf312652ae04e902a2b6e73a0b91ec007)
Signed-off-by: Tibor Vass <tibor@docker.com>
Truncated dir name can't give any useful information, print whole dir
name will.
Bad debug log is like this:
```
DEBU[2449] aufs error unmounting /var/lib/doc: no such file or directory
```
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
(cherry picked from commit af8359562c9561afad0a05e66386588d17788804)
Signed-off-by: Tibor Vass <tibor@docker.com>
Commit cc493a52a46271df82dbebea26038502b85788b9 added
a constraint to network connect/disconnect operations
on "Swarm scoped" networks.
This adds those errors to the API documentation. Also
changes the error to lowercase for consistency.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b0089e48272f18d856ba147b393371c18d5683fb)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Tianyi Wang <capkurmagati@gmail.com>
(cherry picked from commit 54e8beec9b33fcca4263516b6f03ef96c29132a3)
Signed-off-by: Tibor Vass <tibor@docker.com>
Swarm handles service updates quite differently and also it doesnt
support worker driver network operations. Hence prevent containers from
connecting to swarm scoped networks
Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit 8f9066c468d7312af722c7cf9fc27b7c8ab79fc3)
Signed-off-by: Tibor Vass <tibor@docker.com>
These docs have AuthzPlugin with a lower case 'z'. What the plugin
api is actually looking for is AuthZPlugin with an upper case 'Z'.
See 46e3a249a1/pkg/authorization/api.go (L5-L8)
Signed-off-by: Everett Toews <everett.toews@rackspace.com>
(cherry picked from commit c42fbc6b0906c7ccafe5a35d9c2288f83361849d)
Signed-off-by: Tibor Vass <tibor@docker.com>
SetConsoleMode() on input handles appears to remember invalid bits that
were set, causing problems for other programs (such as xcopy.exe) trying
to set the console mode after docker.exe has exited. Always restore
the input console mode on set failure.
Signed-off-by: John Starks <jostarks@microsoft.com>
(cherry picked from commit 83c186fdd4332b8a08db715e8cb5dd1e80a56567)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
(cherry picked from commit a04bba8b89f12480c4eaf0dda8f47442f99864ca)
Signed-off-by: Tibor Vass <tibor@docker.com>
This is required to make the libnetwork's namespace mgmt
directory configurable
Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit d3af5e3d4bc0aadf25d571835893a9d5bead56b3)
Signed-off-by: Tibor Vass <tibor@docker.com>
Hostnames are not supported for now because libnetwork can't use them
for overlay networking yet.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit fca0b18dcba99a7fbb8b430a55dc7bf60d5c1356)
Signed-off-by: Tibor Vass <tibor@docker.com>
There are currently problems with "swarm init" and "swarm join" when an
explicit --listen-addr flag is not provided. swarmkit defaults to
finding the IP address associated with the default route, and in cloud
setups this is often the wrong choice.
Introduce a notion of "advertised address", with the client flag
--advertise-addr, and the daemon flag --swarm-default-advertise-addr to
provide a default. The default listening address is now 0.0.0.0, but a
valid advertised address must be detected or specified.
If no explicit advertised address is specified, error out if there is
more than one usable candidate IP address on the system. This requires a
user to explicitly choose instead of letting swarmkit make the wrong
choice. For the purposes of this autodetection, we ignore certain
interfaces that are unlikely to be relevant (currently docker*).
The user is also required to choose a listen address on swarm init if
they specify an explicit advertise address that is a hostname or an IP
address that's not local to the system. This is a requirement for
overlay networking.
Also support specifying interface names to --listen-addr,
--advertise-addr, and the daemon flag --swarm-default-advertise-addr.
This will fail if the interface has multiple IP addresses (unless it has
a single IPv4 address and a single IPv6 address - then we resolve the
tie in favor of IPv4).
This change also exposes the node's externally-reachable address in
docker info, as requested by #24017.
Make corresponding API and CLI docs changes.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit a0ccd0d42fdb0dd2005f67604cb81a5a6b26787e)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 180f8c61bb1d3f05c21e697147b2f75a44bda485)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
(cherry picked from commit d97c0a1f253fe61957047ea4b21d9e764dc7d783)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9a3e47511ab9faac599b8f085a1b755ec941e49c)
Signed-off-by: Tibor Vass <tibor@docker.com>
This renames the `rotate_xxx` flags to camelBack, for
consistency with other API query-params, such as
`detachKeys`, `noOverwriteDirNonDir`, and `fromImage`.
Also makes this flag accept a wider range of boolean
values ("0", "1", "true", "false"), and throw an error
if an invalid value is passed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bd81df12780b0765e55582574eaa2a125adf65fa)
Signed-off-by: Tibor Vass <tibor@docker.com>
Simplifies the mount option usage by providing common aliases for
`source` and `target`. The default mount type is now volume.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit 634f54a047bfcd2ac95bdcdfe04da7eabe02cbec)
Signed-off-by: Tibor Vass <tibor@docker.com>
Update documentation to account for the changes in #24952.
docs/swarm/swarm-tutorial/rolling-update.md doesn't need any changes,
but the CLI reference pages should show the current help text.
drain-node.md no longer needs to specify --update-parallelism 1 in its
example.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 933ba8d7f7f95ad0bac97c39ffb3cdf1a5634cc6)
Signed-off-by: Tibor Vass <tibor@docker.com>
When updates happen, the current behavior is to kill all running
instances and dispatch new tasks. Common use cases for container updates
involve small numbers of containers, meaning the app will go down on
most updates. Setting parallelism to 1 ensures that at most one task
will go down during the update. Services with higher replica counts can
increase this number accordingly to meet their needs.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit 67246afd3dbcb53fea470bd3e45578370207139d)
Signed-off-by: Tibor Vass <tibor@docker.com>
f5e1f6f6880391a5a3399023cf93a3c48502e57d replaced "secrets"
with "join tokens", which also removed the "auto-accept"
policy.
This removes some remaining references to those features.
Note that there are other references, but those
are already addressed in another pull request.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 987511712f0cee391c8296b7f789c71e91561773)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 42b4d6ebe44029155d98d623c9d51f0cda89e194)
Signed-off-by: Tibor Vass <tibor@docker.com>
Madhu Venugopal
Tibor Vass
Vincent Demeester
Tibor Vass
Derek McGowan
Aaron Lehmann
Nishant Totla
Stephen J Day
Brian Goff
runshenzhu
Alexandre Beslic
Charles Smith
Josh Horwitz
Aanand Prasad
Anusha Ragunathan
Kenfe-Mickael Laventure
Andrea Luzzardi
Sebastiaan van Stijn
Zhang Wei
Tianyi Wang
Tadej Janež
Everett Toews
John Starks
allencloud
Steve Durrheimer
Alessandro Boch
Harald Albers