Commit Graph

213 Commits

Author SHA1 Message Date
Sebastiaan van Stijn ec241bfeaf make network errors less DRY
There's existing code to generate these
kind of errors, so make the errors added
in commit cc493a52a46271df82dbebea26038502b85788b9
less DRY.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3fa9d77bf312652ae04e902a2b6e73a0b91ec007)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:18:28 -07:00
Sebastiaan van Stijn e9190e0764 Add new error to API docs
Commit cc493a52a46271df82dbebea26038502b85788b9 added
a constraint to network connect/disconnect operations
on "Swarm scoped" networks.

This adds those errors to the API documentation. Also
changes the error to lowercase for consistency.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b0089e48272f18d856ba147b393371c18d5683fb)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:18:23 -07:00
Madhu Venugopal 71d54a4bd3 Prevent network connect/disconnect on swarm scoped networks
Swarm handles service updates quite differently and also it doesnt
support worker driver network operations. Hence prevent containers from
connecting to swarm scoped networks

Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit 8f9066c468d7312af722c7cf9fc27b7c8ab79fc3)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:18:15 -07:00
Sebastiaan van Stijn b7a38b19b3 Change "rotate_worker_token" to "rotateWorkerToken"
This renames the `rotate_xxx` flags to camelBack, for
consistency with other API query-params, such as
`detachKeys`, `noOverwriteDirNonDir`, and `fromImage`.

Also makes this flag accept a wider range of boolean
values ("0", "1", "true", "false"), and throw an error
if an invalid value is passed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bd81df12780b0765e55582574eaa2a125adf65fa)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:17:26 -07:00
Aaron Lehmann 5d7a3f7b5f Replace secrets with join tokens
Implement the proposal from
https://github.com/docker/docker/issues/24430#issuecomment-233100121

Removes acceptance policy and secret in favor of an automatically
generated join token that combines the secret, CA hash, and
manager/worker role into a single opaque string.

Adds a docker swarm join-token subcommand to inspect and rotate the
tokens.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 2cc5bd33eef038bf5721582e2410ba459bb656e9)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-25 23:16:59 -07:00
Madhu Venugopal b74b71ecb3 fixes #23983
Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit 6a4b21bd863f955d05e5df1e54be4dfcf6889870)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-08 15:33:29 -07:00
Madhu Venugopal 65a256f7a8 Revert "Fixed a few network UI issues in swarm-mode"
This reverts commit 0ce5158a2a9a3f10a62d3c1ea289c55e524cdac5.

Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit 4623276886033aedb4932c3996c7f61e7fc35861)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-08 15:33:29 -07:00
Vincent Demeester 6966df5de7 Validate hostname starting from 1.24 API.
In order to keep a little bit of "sanity" on the API side, validate
hostname only starting from v1.24 API version.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 6daf3d2a783fd042e870c8af8bbd19fc28989505)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-08 15:32:19 -07:00
Madhu Venugopal b6349ac163 Fixed a few network UI issues in swarm-mode
* Detect name conflicts on network creation
* Detect and prevent network connect/disconnect for managed containers

Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit 0ce5158a2a9a3f10a62d3c1ea289c55e524cdac5)
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-07-08 15:32:15 -07:00
Nishant Totla ae47b00c6c Adding a flag to specify sending of registry auth
Signed-off-by: Nishant Totla <nishanttotla@gmail.com>
(cherry picked from commit 538bac39d7fe93562922b89e9a294096be48fb59)
2016-07-01 00:40:31 -07:00
Nishant Totla d199f78d18 Updating header name and executor
Signed-off-by: Nishant Totla <nishanttotla@gmail.com>
(cherry picked from commit af5df117a805c8df661c7efa58c57680019b5752)
2016-07-01 00:39:51 -07:00
Nishant Totla c5ddd5bb7f Passing registry auth token for service create and update
Signed-off-by: Nishant Totla <nishanttotla@gmail.com>
(cherry picked from commit 93ec5cda55e78dbb683b59bde244a7984b323574)
2016-07-01 00:39:51 -07:00
Vincent Demeester ea03b75b20 Return an empty network list if nothing matches filter
Initializing the network list struct in order to return an empty list
instead of a nil object.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit a7043ac5c423cf68d4f92024e694887099640d91)
2016-06-30 16:57:31 -07:00
Adam Avilla 5c1a76f8da Fixing typo on service log output.
Signed-off-by: Adam Avilla <aavilla@yp.com>
(cherry picked from commit 7cc6fe575895dca6c50c4eadb0fd4c4986d05048)
2016-06-30 16:47:48 -07:00
Tibor Vass f37117045c plugins: experimental support for new plugin management
This patch introduces a new experimental engine-level plugin management
with a new API and command line. Plugins can be distributed via a Docker
registry, and their lifecycle is managed by the engine.
This makes plugins a first-class construct.

For more background, have a look at issue #20363.

Documentation is in a separate commit. If you want to understand how the
new plugin system works, you can start by reading the documentation.

Note: backwards compatibility with existing plugins is maintained,
albeit they won't benefit from the advantages of the new system.

Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-06-14 14:20:27 -07:00
Tonis Tiigi 534a90a993 Add Swarm management backend
As described in our ROADMAP.md, introduce new Swarm management API
endpoints relying on swarmkit to deploy services. It currently vendors
docker/engine-api changes.

This PR is fully backward compatible (joining a Swarm is an optional
feature of the Engine, and existing commands are not impacted).

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Signed-off-by: Madhu Venugopal <madhu@docker.com>
2016-06-13 22:16:18 -07:00
Vincent Demeester 428328908d
Deprecate /containers/(id or name)/copy endpoint
This endpoint has been deprecated since 1.8. Return an error starting
from this API version (1.24) in order to make sure it's not used for the
next API version and so that we can remove it some times later.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-06-03 19:38:03 +02:00
Yong Tang 92f10fe228 Add `--limit` option to `docker search`
This fix tries to address the issue raised in #23055.
Currently `docker search` result caps at 25 and there is
no way to allow getting more results (if exist).

This fix adds the flag `--limit` so that it is possible
to return more results from the `docker search`.

Related documentation has been updated.

Additional tests have been added to cover the changes.

This fix fixes #23055.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-06-02 19:12:20 -07:00
Thomas Leonard b6c7becbfe
Add support for user-defined healthchecks
This PR adds support for user-defined health-check probes for Docker
containers. It adds a `HEALTHCHECK` instruction to the Dockerfile syntax plus
some corresponding "docker run" options. It can be used with a restart policy
to automatically restart a container if the check fails.

The `HEALTHCHECK` instruction has two forms:

* `HEALTHCHECK [OPTIONS] CMD command` (check container health by running a command inside the container)
* `HEALTHCHECK NONE` (disable any healthcheck inherited from the base image)

The `HEALTHCHECK` instruction tells Docker how to test a container to check that
it is still working. This can detect cases such as a web server that is stuck in
an infinite loop and unable to handle new connections, even though the server
process is still running.

When a container has a healthcheck specified, it has a _health status_ in
addition to its normal status. This status is initially `starting`. Whenever a
health check passes, it becomes `healthy` (whatever state it was previously in).
After a certain number of consecutive failures, it becomes `unhealthy`.

The options that can appear before `CMD` are:

* `--interval=DURATION` (default: `30s`)
* `--timeout=DURATION` (default: `30s`)
* `--retries=N` (default: `1`)

The health check will first run **interval** seconds after the container is
started, and then again **interval** seconds after each previous check completes.

If a single run of the check takes longer than **timeout** seconds then the check
is considered to have failed.

It takes **retries** consecutive failures of the health check for the container
to be considered `unhealthy`.

There can only be one `HEALTHCHECK` instruction in a Dockerfile. If you list
more than one then only the last `HEALTHCHECK` will take effect.

The command after the `CMD` keyword can be either a shell command (e.g. `HEALTHCHECK
CMD /bin/check-running`) or an _exec_ array (as with other Dockerfile commands;
see e.g. `ENTRYPOINT` for details).

The command's exit status indicates the health status of the container.
The possible values are:

- 0: success - the container is healthy and ready for use
- 1: unhealthy - the container is not working correctly
- 2: starting - the container is not ready for use yet, but is working correctly

If the probe returns 2 ("starting") when the container has already moved out of the
"starting" state then it is treated as "unhealthy" instead.

For example, to check every five minutes or so that a web-server is able to
serve the site's main page within three seconds:

    HEALTHCHECK --interval=5m --timeout=3s \
      CMD curl -f http://localhost/ || exit 1

To help debug failing probes, any output text (UTF-8 encoded) that the command writes
on stdout or stderr will be stored in the health status and can be queried with
`docker inspect`. Such output should be kept short (only the first 4096 bytes
are stored currently).

When the health status of a container changes, a `health_status` event is
generated with the new status. The health status is also displayed in the
`docker ps` output.

Signed-off-by: Thomas Leonard <thomas.leonard@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-06-02 23:58:34 +02:00
Shijiang Wei 0a8386c8be remove deprecated feature of passing HostConfig at API container start
Signed-off-by: Shijiang Wei <mountkin@gmail.com>
2016-06-01 22:25:17 +08:00
Fabrizio Soppelsa e009ebdf4c
Add a --filter option to `docker search`
The filtering is made server-side, and the following filters are
supported:

* is-official (boolean)
* is-automated (boolean)
* has-stars (integer)

Signed-off-by: Fabrizio Soppelsa <fsoppelsa@mirantis.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-05-20 13:41:28 +02:00
Brian Goff bd9d14a07b Add support for reading logs extra attrs
The jsonlog logger currently allows specifying envs and labels that
should be propagated to the log message, however there has been no way
to read that back.

This adds a new API option to enable inserting these attrs back to the
log reader.

With timestamps, this looks like so:
```
92016-04-08T15:28:09.835913720Z foo=bar,hello=world hello
```

The extra attrs are comma separated before the log message but after
timestamps.

Without timestaps it looks like so:
```
foo=bar,hello=world hello
```

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-05-06 20:42:20 -04:00
fy2462 8bf5613c1a Fix bug: exec non-exist command miss a "\n"
When exec a non-exist command, it should print a newline at last.

Currently:
```
$ docker exec -ti f5f703ea2c0a144 bash
rpc error: code = 2 desc = "oci runtime error: exec failed: exec:
\"bash\": executable file not found in $PATH"$
```

Signed-off-by: Feng Yan <fy2462@gmail.com>
2016-04-28 16:39:00 +08:00
Antonio Murdaca 4316ae2ed3 api: server: check for unauthorized error
This functionality has been fixed by
7bca932182 but then it has been broken
again by a793564b25 and finally refixed
here.

Basically the functionality was to prompt for login when trying to pull
from the official docker hub.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-04-22 17:14:02 +02:00
Vincent Demeester 7534f17261
Update code for latest engine-api
- Update CopyToContainer uses
- Use engine-api/types/versions instead of pkg/version

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-04-19 16:56:54 +02:00
David Calavera 7fd53f7c71 Merge pull request #21657 from vdemeester/update-engine-api
Update engine api with required arguments
2016-04-18 19:47:22 -07:00
Brian Goff 19a453e6b4 Merge pull request #21939 from calavera/events_until_past
Get events until a time in the past.
2016-04-15 15:33:41 -04:00
Vincent Demeester b9c94b70bf
Update client code with api changes
Using new methods from engine-api, that make it clearer which element is
required when consuming the API.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-04-15 12:48:01 +02:00
David Calavera 55053d3537
Get events until a time in the past.
This change allow to filter events that happened in the past
without waiting for future events. Example:

docker events --since -1h --until -30m

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-04-14 16:22:16 -07:00
Lei Jitang 96d7db665b Fix docker load progressbar, fixes #21957
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2016-04-12 22:45:42 -04:00
David Calavera 47afe6bd0a Remove reference package dependency from the api.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-04-07 15:01:23 -07:00
Zhang Wei 91e5bb9541 Let client print error when speicify wrong detach keys
Fix #21064

Let client print error message explicitly when user specifies wrong
detach keys.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2016-04-04 15:35:55 +08:00
Tonis Tiigi b38cee9f9c Fix race between with event timer stopping early
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-03-31 09:49:07 -07:00
David Calavera d12b7c7e3e Remove builder dependency from the api.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-03-29 17:02:36 -07:00
Arnaud Porterie 1da40fb4ba Merge pull request #21586 from calavera/remove_runconfig_from_routes
Remove runconfig package dependency from the API.
2016-03-29 08:40:49 -07:00
David Calavera f0d26e1665 Remove runconfig package dependency from image and container routers.
Use an interface to specify the behavior of a configuration decoder.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-03-28 16:23:51 -04:00
David Calavera 3ca29823d4 Remove runconfig dependency from network routes.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-03-28 16:23:50 -04:00
David Calavera be390c30cd Merge pull request #21523 from LK4D4/cancellable_routes
Embed context.Context to routes with usage of CloseNotify
2016-03-28 12:44:07 -07:00
Alexander Morozov c6ad1980a2 use router.Cancellable for pull and push
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-03-27 21:53:25 -07:00
Alexander Morozov 62c9e62edc use router.Cancellable instead of direct CloseNotify
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-03-25 11:33:54 -07:00
Tõnis Tiigi e2221d1f37 Merge pull request #21468 from coolljt0725/remove_useless_log
Do not return error on hijacked connection for docker exec
2016-03-25 10:50:43 -07:00
Alexander Morozov bdd9388c42 api/server/router: add Cancellable function
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-03-25 10:19:23 -07:00
Alexander Morozov f2401a0f69 builder: replace cancelled channel with net/context
Also stop execution of run immediately if request was cancelled.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-03-25 08:19:29 -07:00
Lei Jitang d6ccc0e09f Do not return error on hijacked connection for docker exec
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2016-03-24 08:52:13 -04:00
Sebastiaan van Stijn 5ef04b1c6d Merge pull request #21268 from calavera/remove_dockerfile_from_api
Remove dockerfile dependency from the API.
2016-03-23 19:34:21 -07:00
Alexander Morozov 3eb0a80f29 builder: synchronize stderr and stdout
it's concurrent streams and should be synchronized before writing to response.
Otherwise there will be race in writing to *bufio.Writer in
net/http.response.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-03-22 13:57:29 -07:00
Tibor Vass 53d2e5e9d7 Merge pull request #21270 from ehazlett/resource-labels
Add Label support for Images (build), Networks and Volumes on Creation
2016-03-22 15:12:33 -04:00
Evan Hazlett fc214b4408 add label support for build, networks and volumes
build: implement --label

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

network: allow adding labels on create

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

volume: allow adding labels on create

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

add tests for build, network, volume

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

vendor: libnetwork and engine-api bump

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-03-22 11:49:06 -04:00
Aaron Lehmann c44e7a3e63 Pass upstream client's user agent through to registry on operations beyond pulls
This adds support for the passthrough on build, push, login, and search.

Revamp the integration test to cover these cases and make it more
robust.

Use backticks instead of quoted strings for backslash-heavy string
contstands.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-03-21 14:31:47 -07:00
Arnaud Porterie 278d3962a8 Merge pull request #21306 from mgoelzer/issue20001-nodeps
Pass upstream client's user agent through to registry on image pulls
2016-03-21 14:26:59 -07:00