From 3c13ce07e773d2a823da50fa6b0490b7c3a9db9c Mon Sep 17 00:00:00 2001 From: cyli Date: Thu, 10 Nov 2016 10:39:14 -0800 Subject: [PATCH 1/2] Fix an issue in the swarm unlock-key rotate test where we were never updating the previous generation unlock key. Signed-off-by: cyli Upstream-commit: 81f3e699c30fe412de0fa48dfa2885181f5d5002 Component: engine --- components/engine/integration-cli/docker_cli_swarm_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/components/engine/integration-cli/docker_cli_swarm_test.go b/components/engine/integration-cli/docker_cli_swarm_test.go index 8814cd2526..8ee370cc56 100644 --- a/components/engine/integration-cli/docker_cli_swarm_test.go +++ b/components/engine/integration-cli/docker_cli_swarm_test.go @@ -977,6 +977,7 @@ func (s *DockerSwarmSuite) TestSwarmRotateUnlockKey(c *check.C) { // Strip \n newUnlockKey := outs[:len(outs)-1] c.Assert(newUnlockKey, checker.Not(checker.Equals), "") + c.Assert(newUnlockKey, checker.Not(checker.Equals), unlockKey) c.Assert(d.Restart(), checker.IsNil) @@ -1026,5 +1027,7 @@ func (s *DockerSwarmSuite) TestSwarmRotateUnlockKey(c *check.C) { outs, err = d.Cmd("node", "ls") c.Assert(err, checker.IsNil) c.Assert(outs, checker.Not(checker.Contains), "Swarm is encrypted and needs to be unlocked") + + unlockKey = newUnlockKey } } From e2a7e2f897618f96783b3b3dfb272515e722aa6c Mon Sep 17 00:00:00 2001 From: cyli Date: Thu, 10 Nov 2016 11:53:02 -0800 Subject: [PATCH 2/2] Vendor the latest swarmkit PR Signed-off-by: cyli Upstream-commit: b399d29a57dad9c9fe14bf07431eb57a9ef0d2ac Component: engine --- components/engine/vendor.conf | 2 +- .../manager/state/raft/storage/storage.go | 11 ++++++----- .../manager/state/raft/storage/walwrap.go | 18 ++++++++++-------- 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/components/engine/vendor.conf b/components/engine/vendor.conf index bca0767a4a..b5f42203c5 100644 --- a/components/engine/vendor.conf +++ b/components/engine/vendor.conf @@ -100,7 +100,7 @@ github.com/docker/containerd 8517738ba4b82aff5662c97ca4627e7e4d03b531 github.com/tonistiigi/fifo 1405643975692217d6720f8b54aeee1bf2cd5cf4 # cluster -github.com/docker/swarmkit ce07d9f69c9b4a1b1eb508e777c44eeacca87065 +github.com/docker/swarmkit 0be0da2c1f88aec55dc0880f2057f76f77039430 github.com/golang/mock bd3c8e81be01eef76d4b503f5e687d2d1354d2d9 github.com/gogo/protobuf v0.3 github.com/cloudflare/cfssl 7fb22c8cba7ecaf98e4082d22d65800cf45e042a diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/state/raft/storage/storage.go b/components/engine/vendor/github.com/docker/swarmkit/manager/state/raft/storage/storage.go index d830767ded..3bddedd025 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/state/raft/storage/storage.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/state/raft/storage/storage.go @@ -160,12 +160,13 @@ func (e *EncryptedRaftLogger) BootstrapNew(metadata []byte) error { encrypter, decrypter := encryption.Defaults(e.EncryptionKey) walFactory := NewWALFactory(encrypter, decrypter) - for _, dirpath := range []string{e.walDir(), e.snapDir()} { + for _, dirpath := range []string{filepath.Dir(e.walDir()), e.snapDir()} { if err := os.MkdirAll(dirpath, 0700); err != nil { return errors.Wrapf(err, "failed to create %s", dirpath) } } var err error + // the wal directory must not already exist upon creation e.wal, err = walFactory.Create(e.walDir(), metadata) if err != nil { return errors.Wrap(err, "failed to create WAL") @@ -373,8 +374,8 @@ func (e *EncryptedRaftLogger) Clear(ctx context.Context) error { if err != nil { return err } - err = os.Rename(e.walDir(), newWALDir) - if err != nil { + os.RemoveAll(newWALDir) + if err = os.Rename(e.walDir(), newWALDir); err != nil { return err } @@ -382,8 +383,8 @@ func (e *EncryptedRaftLogger) Clear(ctx context.Context) error { if err != nil { return err } - err = os.Rename(e.snapDir(), newSnapDir) - if err != nil { + os.RemoveAll(newSnapDir) + if err := os.Rename(e.snapDir(), newSnapDir); err != nil { return err } diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/state/raft/storage/walwrap.go b/components/engine/vendor/github.com/docker/swarmkit/manager/state/raft/storage/walwrap.go index 87009d4827..5a6c71ae61 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/state/raft/storage/walwrap.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/state/raft/storage/walwrap.go @@ -9,7 +9,6 @@ import ( "sort" "strings" - "github.com/coreos/etcd/pkg/fileutil" "github.com/coreos/etcd/raft/raftpb" "github.com/coreos/etcd/wal" "github.com/coreos/etcd/wal/walpb" @@ -204,16 +203,16 @@ func MigrateWALs(ctx context.Context, oldDir, newDir string, oldFactory, newFact } oldReader.Close() + if err := os.MkdirAll(filepath.Dir(newDir), 0700); err != nil { + return errors.Wrap(err, "could not create parent directory") + } + // keep temporary wal directory so WAL initialization appears atomic tmpdirpath := filepath.Clean(newDir) + ".tmp" - if fileutil.Exist(tmpdirpath) { - if err := os.RemoveAll(tmpdirpath); err != nil { - return errors.Wrap(err, "could not remove temporary WAL directory") - } - } - if err := fileutil.CreateDirAll(tmpdirpath); err != nil { - return errors.Wrap(err, "could not create temporary WAL directory") + if err := os.RemoveAll(tmpdirpath); err != nil { + return errors.Wrap(err, "could not remove temporary WAL directory") } + defer os.RemoveAll(tmpdirpath) tmpWAL, err := newFactory.Create(tmpdirpath, waldata.Metadata) if err != nil { @@ -228,6 +227,9 @@ func MigrateWALs(ctx context.Context, oldDir, newDir string, oldFactory, newFact if err := tmpWAL.Save(waldata.HardState, waldata.Entries); err != nil { return errors.Wrap(err, "could not migrate WALs to temporary directory") } + if err := tmpWAL.Close(); err != nil { + return err + } return os.Rename(tmpdirpath, newDir) }