From cfbb6cd6256c994e9fe0d246097c9121d7b0e9bd Mon Sep 17 00:00:00 2001 From: Shawn Landden Date: Tue, 3 Dec 2013 11:03:03 -0800 Subject: [PATCH 001/126] hack/PACKAGERS.md: libdevmapper Upstream-commit: f379f667a22fd2916461654297169f70e3b39cf7 Component: engine --- components/engine/hack/PACKAGERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/components/engine/hack/PACKAGERS.md b/components/engine/hack/PACKAGERS.md index 90f99a799f..1fc569056a 100644 --- a/components/engine/hack/PACKAGERS.md +++ b/components/engine/hack/PACKAGERS.md @@ -38,6 +38,7 @@ To build docker, you will need the following system dependencies * A recent version of git and mercurial * Go version 1.2 or later (see notes below regarding using Go 1.1.2 and dynbinary) * SQLite version 3.7.9 or later +* libdevmapper from lvm2 version 1.02.77 or later (http://www.sourceware.org/lvm2/) * A clean checkout of the source must be added to a valid Go [workspace](http://golang.org/doc/code.html#Workspaces) under the path *src/github.com/dotcloud/docker*. From 83a69e139c589381b71a184b1647a26733e7930c Mon Sep 17 00:00:00 2001 From: Andy Chambers Date: Fri, 13 Dec 2013 00:09:05 -0500 Subject: [PATCH 002/126] Fix typos in Vagrantfile Upstream-commit: 2e6dbe87ad6e9ba87cacf818e44dea6b58be05c5 Component: engine --- components/engine/Vagrantfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/engine/Vagrantfile b/components/engine/Vagrantfile index 6bbea51d46..84a7874f89 100644 --- a/components/engine/Vagrantfile +++ b/components/engine/Vagrantfile @@ -26,7 +26,7 @@ fi # Adding an apt gpg key is idempotent. wget -q -O - https://get.docker.io/gpg | apt-key add - -# Creating the docker.list file is idempotent, but it may overrite desired +# Creating the docker.list file is idempotent, but it may overwrite desired # settings if it already exists. This could be solved with md5sum but it # doesn't seem worth it. echo 'deb http://get.docker.io/ubuntu docker main' > \ @@ -41,7 +41,7 @@ apt-get install -q -y lxc-docker usermod -a -G docker "$user" tmp=`mktemp -q` && { - # Only install the backport kernel, don't bother upgrade if the backport is + # Only install the backport kernel, don't bother upgrading if the backport is # already installed. We want parse the output of apt so we need to save it # with 'tee'. NOTE: The installation of the kernel will trigger dkms to # install vboxguest if needed. From e5d96fb523f103e33151c5bd4e3f4ef31c2fae56 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Fri, 13 Dec 2013 15:43:50 +0100 Subject: [PATCH 003/126] archive: Implement ApplyLayer directly Rather than calling out to tar we use the golang tar parser to directly extract the tar files. This has two major advantages: 1) We're able to replace an existing directory with a file in the new layer. This currently breaks with the external tar, since it refuses to recursively remove the destination directory in this case, and there are no options to make it do that. 2) We avoid extracting the whiteout files just to later remove them. Upstream-commit: 818c249bae8d29842834bf765299c86c09e6913e Component: engine --- components/engine/archive/diff.go | 215 +++++++++++++++-------- components/engine/archive/stat_darwin.go | 4 + components/engine/archive/stat_linux.go | 23 ++- 3 files changed, 171 insertions(+), 71 deletions(-) diff --git a/components/engine/archive/diff.go b/components/engine/archive/diff.go index f44991ecb5..18740fe571 100644 --- a/components/engine/archive/diff.go +++ b/components/engine/archive/diff.go @@ -1,6 +1,9 @@ package archive import ( + "archive/tar" + "github.com/dotcloud/docker/utils" + "io" "os" "path/filepath" "strings" @@ -8,87 +11,159 @@ import ( "time" ) +// Linux device nodes are a bit weird due to backwards compat with 16 bit device nodes +// The lower 8 bit is the lower 8 bit in the minor, the following 12 bits are the major, +// and then there is the top 12 bits of then minor +func mkdev(major int64, minor int64) uint32 { + return uint32(((minor & 0xfff00) << 12) | ((major & 0xfff) << 8) | (minor & 0xff)) +} +func timeToTimespec(time time.Time) (ts syscall.Timespec) { + if time.IsZero() { + // Return UTIME_OMIT special value + ts.Sec = 0 + ts.Nsec = ((1 << 30) - 2) + return + } + return syscall.NsecToTimespec(time.UnixNano()) +} + // ApplyLayer parses a diff in the standard layer format from `layer`, and // applies it to the directory `dest`. func ApplyLayer(dest string, layer Archive) error { - // Poor man's diff applyer in 2 steps: + // We need to be able to set any perms + oldmask := syscall.Umask(0) + defer syscall.Umask(oldmask) - // Step 1: untar everything in place - if err := Untar(layer, dest, nil); err != nil { - return err - } + tr := tar.NewReader(layer) - modifiedDirs := make(map[string]*syscall.Stat_t) - addDir := func(file string) { - d := filepath.Dir(file) - if _, exists := modifiedDirs[d]; !exists { - if s, err := os.Lstat(d); err == nil { - if sys := s.Sys(); sys != nil { - if stat, ok := sys.(*syscall.Stat_t); ok { - modifiedDirs[d] = stat + var dirs []*tar.Header + + // Iterate through the files in the archive. + for { + hdr, err := tr.Next() + if err == io.EOF { + // end of tar archive + break + } + if err != nil { + return err + } + + // Skip AUFS metadata dirs + if strings.HasPrefix(hdr.Name, ".wh..wh.") { + continue + } + + path := filepath.Join(dest, hdr.Name) + base := filepath.Base(path) + if strings.HasPrefix(base, ".wh.") { + originalBase := base[len(".wh."):] + originalPath := filepath.Join(filepath.Dir(path), originalBase) + if err := os.RemoveAll(originalPath); err != nil { + return err + } + } else { + // If path exits we almost always just want to remove and replace it + // The only exception is when it is a directory *and* the file from + // the layer is also a directory. Then we want to merge them (i.e. + // just apply the metadata from the layer). + hasDir := false + if fi, err := os.Lstat(path); err == nil { + if fi.IsDir() && hdr.Typeflag == tar.TypeDir { + hasDir = true + } else { + if err := os.RemoveAll(path); err != nil { + return err + } + } + } + + switch hdr.Typeflag { + case tar.TypeDir: + if !hasDir { + err = os.Mkdir(path, os.FileMode(hdr.Mode)) + if err != nil { + return err + } + } + dirs = append(dirs, hdr) + + case tar.TypeReg, tar.TypeRegA: + // Source is regular file + file, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, os.FileMode(hdr.Mode)) + if err != nil { + return err + } + if _, err := io.Copy(file, tr); err != nil { + file.Close() + return err + } + file.Close() + + case tar.TypeBlock, tar.TypeChar, tar.TypeFifo: + mode := uint32(hdr.Mode & 07777) + switch hdr.Typeflag { + case tar.TypeBlock: + mode |= syscall.S_IFBLK + case tar.TypeChar: + mode |= syscall.S_IFCHR + case tar.TypeFifo: + mode |= syscall.S_IFIFO + } + + if err := syscall.Mknod(path, mode, int(mkdev(hdr.Devmajor, hdr.Devminor))); err != nil { + return err + } + + case tar.TypeLink: + if err := os.Link(filepath.Join(dest, hdr.Linkname), path); err != nil { + return err + } + + case tar.TypeSymlink: + if err := os.Symlink(hdr.Linkname, path); err != nil { + return err + } + + default: + utils.Debugf("unhandled type %d\n", hdr.Typeflag) + } + + if err = syscall.Lchown(path, hdr.Uid, hdr.Gid); err != nil { + return err + } + + // There is no LChmod, so ignore mode for symlink. Also, this + // must happen after chown, as that can modify the file mode + if hdr.Typeflag != tar.TypeSymlink { + err = syscall.Chmod(path, uint32(hdr.Mode&07777)) + if err != nil { + return err + } + } + + // Directories must be handled at the end to avoid further + // file creation in them to modify the mtime + if hdr.Typeflag != tar.TypeDir { + ts := []syscall.Timespec{timeToTimespec(hdr.AccessTime), timeToTimespec(hdr.ModTime)} + // syscall.UtimesNano doesn't support a NOFOLLOW flag atm, and + if hdr.Typeflag != tar.TypeSymlink { + if err := syscall.UtimesNano(path, ts); err != nil { + return err + } + } else { + if err := LUtimesNano(path, ts); err != nil { + return err } } } } } - // Step 2: walk for whiteouts and apply them, removing them in the process - err := filepath.Walk(dest, func(fullPath string, f os.FileInfo, err error) error { - if err != nil { - if os.IsNotExist(err) { - // This happens in the case of whiteouts in parent dir removing a directory - // We just ignore it - return filepath.SkipDir - } - return err - } - - // Rebase path - path, err := filepath.Rel(dest, fullPath) - if err != nil { - return err - } - path = filepath.Join("/", path) - - // Skip AUFS metadata - if matched, err := filepath.Match("/.wh..wh.*", path); err != nil { - return err - } else if matched { - addDir(fullPath) - if err := os.RemoveAll(fullPath); err != nil { - return err - } - } - - filename := filepath.Base(path) - if strings.HasPrefix(filename, ".wh.") { - rmTargetName := filename[len(".wh."):] - rmTargetPath := filepath.Join(filepath.Dir(fullPath), rmTargetName) - - // Remove the file targeted by the whiteout - addDir(rmTargetPath) - if err := os.RemoveAll(rmTargetPath); err != nil { - return err - } - // Remove the whiteout itself - addDir(fullPath) - if err := os.RemoveAll(fullPath); err != nil { - return err - } - } - return nil - }) - if err != nil { - return err - } - - for k, v := range modifiedDirs { - lastAccess := getLastAccess(v) - lastModification := getLastModification(v) - aTime := time.Unix(lastAccess.Unix()) - mTime := time.Unix(lastModification.Unix()) - - if err := os.Chtimes(k, aTime, mTime); err != nil { + for _, hdr := range dirs { + path := filepath.Join(dest, hdr.Name) + ts := []syscall.Timespec{timeToTimespec(hdr.AccessTime), timeToTimespec(hdr.ModTime)} + if err := syscall.UtimesNano(path, ts); err != nil { return err } } diff --git a/components/engine/archive/stat_darwin.go b/components/engine/archive/stat_darwin.go index 53ae9dee2f..e041783ec6 100644 --- a/components/engine/archive/stat_darwin.go +++ b/components/engine/archive/stat_darwin.go @@ -9,3 +9,7 @@ func getLastAccess(stat *syscall.Stat_t) syscall.Timespec { func getLastModification(stat *syscall.Stat_t) syscall.Timespec { return stat.Mtimespec } + +func LUtimesNano(path string, ts []syscall.Timespec) error { + return nil +} diff --git a/components/engine/archive/stat_linux.go b/components/engine/archive/stat_linux.go index 50b4627c4a..2203a46aff 100644 --- a/components/engine/archive/stat_linux.go +++ b/components/engine/archive/stat_linux.go @@ -1,6 +1,9 @@ package archive -import "syscall" +import ( + "syscall" + "unsafe" +) func getLastAccess(stat *syscall.Stat_t) syscall.Timespec { return stat.Atim @@ -9,3 +12,21 @@ func getLastAccess(stat *syscall.Stat_t) syscall.Timespec { func getLastModification(stat *syscall.Stat_t) syscall.Timespec { return stat.Mtim } + +func LUtimesNano(path string, ts []syscall.Timespec) error { + // These are not currently availible in syscall + AT_FDCWD := -100 + AT_SYMLINK_NOFOLLOW := 0x100 + + var _path *byte + _path, err := syscall.BytePtrFromString(path) + if err != nil { + return err + } + + if _, _, err := syscall.Syscall6(syscall.SYS_UTIMENSAT, uintptr(AT_FDCWD), uintptr(unsafe.Pointer(_path)), uintptr(unsafe.Pointer(&ts[0])), uintptr(AT_SYMLINK_NOFOLLOW), 0, 0); err != 0 && err != syscall.ENOSYS { + return err + } + + return nil +} From 51b58640b01f1bf1d226b4132e17dcca9485327a Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Fri, 13 Dec 2013 15:46:41 +0100 Subject: [PATCH 004/126] Fix change detection when applying tar layers The default gnu tar format has no sub-second precision mtime support, and the golang tar writer currently doesn't support that either. This means if we export the changes from a container we will not get zeron in the sub-second precision field when the change is applied. This means we can't compare that to the original without getting a spurious change. So, we detect this case by treating a case where the seconds match and either of the two nanoseconds are zero as equal. Upstream-commit: 10cd902f900392a2f10a6f8763bba70607ea0d41 Component: engine --- components/engine/archive/changes.go | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/components/engine/archive/changes.go b/components/engine/archive/changes.go index a4076fc0ad..8fe9ff2233 100644 --- a/components/engine/archive/changes.go +++ b/components/engine/archive/changes.go @@ -6,6 +6,7 @@ import ( "path/filepath" "strings" "syscall" + "time" ) type ChangeType int @@ -34,6 +35,21 @@ func (change *Change) String() string { return fmt.Sprintf("%s %s", kind, change.Path) } +// Gnu tar and the go tar writer don't have sub-second mtime +// precision, which is problematic when we apply changes via tar +// files, we handle this by comparing for exact times, *or* same +// second count and either a or b having exactly 0 nanoseconds +func sameFsTime(a, b time.Time) bool { + return a == b || + (a.Unix() == b.Unix() && + (a.Nanosecond() == 0 || b.Nanosecond() == 0)) +} + +func sameFsTimeSpec(a, b syscall.Timespec) bool { + return a.Sec == b.Sec && + (a.Nsec == b.Nsec || a.Nsec == 0 || b.Nsec == 0) +} + func Changes(layers []string, rw string) ([]Change, error) { var changes []Change err := filepath.Walk(rw, func(path string, f os.FileInfo, err error) error { @@ -85,7 +101,7 @@ func Changes(layers []string, rw string) ([]Change, error) { // However, if it's a directory, maybe it wasn't actually modified. // If you modify /foo/bar/baz, then /foo will be part of the changed files only because it's the parent of bar if stat.IsDir() && f.IsDir() { - if f.Size() == stat.Size() && f.Mode() == stat.Mode() && f.ModTime() == stat.ModTime() { + if f.Size() == stat.Size() && f.Mode() == stat.Mode() && sameFsTime(f.ModTime(), stat.ModTime()) { // Both directories are the same, don't record the change return nil } @@ -181,7 +197,7 @@ func (info *FileInfo) addChanges(oldInfo *FileInfo, changes *[]Change) { oldStat.Rdev != newStat.Rdev || // Don't look at size for dirs, its not a good measure of change (oldStat.Size != newStat.Size && oldStat.Mode&syscall.S_IFDIR != syscall.S_IFDIR) || - getLastModification(oldStat) != getLastModification(newStat) { + !sameFsTimeSpec(getLastModification(oldStat), getLastModification(newStat)) { change := Change{ Path: newChild.path(), Kind: ChangeModify, From 7bf68dd3dec46a067e7b208a63dbbb7a2484ce23 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Fri, 13 Dec 2013 15:50:25 +0100 Subject: [PATCH 005/126] Re-enable TestApplyLayer With the previous two changes we now pass this test. Upstream-commit: a8af12f80a4a1678988b4667e5211d4e576ce903 Component: engine --- components/engine/archive/changes_test.go | 72 +++++++++++------------ 1 file changed, 34 insertions(+), 38 deletions(-) diff --git a/components/engine/archive/changes_test.go b/components/engine/archive/changes_test.go index 714ab71e2d..e11ed90ac1 100644 --- a/components/engine/archive/changes_test.go +++ b/components/engine/archive/changes_test.go @@ -258,48 +258,44 @@ func TestChangesDirsMutated(t *testing.T) { } func TestApplyLayer(t *testing.T) { - t.Skip("Skipping TestApplyLayer due to known failures") // Disable this for now as it is broken - return + src, err := ioutil.TempDir("", "docker-changes-test") + if err != nil { + t.Fatal(err) + } + createSampleDir(t, src) + defer os.RemoveAll(src) + dst := src + "-copy" + if err := copyDir(src, dst); err != nil { + t.Fatal(err) + } + mutateSampleDir(t, dst) + defer os.RemoveAll(dst) - // src, err := ioutil.TempDir("", "docker-changes-test") - // if err != nil { - // t.Fatal(err) - // } - // createSampleDir(t, src) - // dst := src + "-copy" - // if err := copyDir(src, dst); err != nil { - // t.Fatal(err) - // } - // mutateSampleDir(t, dst) + changes, err := ChangesDirs(dst, src) + if err != nil { + t.Fatal(err) + } - // changes, err := ChangesDirs(dst, src) - // if err != nil { - // t.Fatal(err) - // } + layer, err := ExportChanges(dst, changes) + if err != nil { + t.Fatal(err) + } - // layer, err := ExportChanges(dst, changes) - // if err != nil { - // t.Fatal(err) - // } + layerCopy, err := NewTempArchive(layer, "") + if err != nil { + t.Fatal(err) + } - // layerCopy, err := NewTempArchive(layer, "") - // if err != nil { - // t.Fatal(err) - // } + if err := ApplyLayer(src, layerCopy); err != nil { + t.Fatal(err) + } - // if err := ApplyLayer(src, layerCopy); err != nil { - // t.Fatal(err) - // } + changes2, err := ChangesDirs(src, dst) + if err != nil { + t.Fatal(err) + } - // changes2, err := ChangesDirs(src, dst) - // if err != nil { - // t.Fatal(err) - // } - - // if len(changes2) != 0 { - // t.Fatalf("Unexpected differences after re applying mutation: %v", changes) - // } - - // os.RemoveAll(src) - // os.RemoveAll(dst) + if len(changes2) != 0 { + t.Fatalf("Unexpected differences after re applying mutation: %v", changes2) + } } From bc3c34fbfda9ef5772691db3e1710fc0be23cdb5 Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Sun, 15 Dec 2013 03:13:41 -0500 Subject: [PATCH 006/126] Updated Introduction link Previously the introduction link pointed to www.docker.io. That did not seem to make a lot of sense to me so instead I pointed it at: http://www.docker.io/learn_more/ Upstream-commit: 58daccab26bb9bcdbf4b14c20cc6dd0b257aa6b3 Component: engine --- components/engine/docs/sources/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/docs/sources/index.rst b/components/engine/docs/sources/index.rst index 88752ac3bf..1fb82f3bec 100644 --- a/components/engine/docs/sources/index.rst +++ b/components/engine/docs/sources/index.rst @@ -25,7 +25,7 @@ currently in active development, so this documentation will change frequently. For an overview of Docker, please see the `Introduction -`_. When you're ready to start working with +`_. When you're ready to start working with Docker, we have a `quick start `_ and a more in-depth guide to :ref:`ubuntu_linux` and other :ref:`installation_list` paths including prebuilt binaries, From 638d177a3b44e60dad39994dfee4411a063e606f Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Mon, 16 Dec 2013 13:24:35 +1000 Subject: [PATCH 007/126] please, don't use 30% of the screen for whitespace, and thus compress the examples so they are ~80 chars wide - the output of 'docker ps' and 'docker images' becomes needlessly unreadable Upstream-commit: e1efd4cb8c6a5c645285b1f39d4508419e5626c9 Component: engine --- components/engine/docs/theme/docker/layout.html | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/components/engine/docs/theme/docker/layout.html b/components/engine/docs/theme/docker/layout.html index 67b3e49745..9e7fb6937d 100755 --- a/components/engine/docs/theme/docker/layout.html +++ b/components/engine/docs/theme/docker/layout.html @@ -86,13 +86,13 @@ -
+
-
+
-
+

DOCUMENTATION

@@ -105,7 +105,7 @@
-
+
From d5accda95c36412ae9f32b534a5028644d46beb3 Mon Sep 17 00:00:00 2001 From: Johannes 'fish' Ziemke Date: Wed, 11 Dec 2013 15:56:44 +0100 Subject: [PATCH 008/126] Reimplement lxc-ps Instead of calling lxc-ps in top endpoint, we reimplement it by calling ps and filter for pids running in a given container. Upstream-commit: 4faba4fae78ab216f2cfd90b1ef23706d933b731 Component: engine --- components/engine/server.go | 61 +++++++++++++++++++++----------- components/engine/utils/utils.go | 56 +++++++++++++++++++++++++++++ 2 files changed, 96 insertions(+), 21 deletions(-) diff --git a/components/engine/server.go b/components/engine/server.go index a0e6191090..8a8819c04a 100644 --- a/components/engine/server.go +++ b/components/engine/server.go @@ -1,7 +1,6 @@ package docker import ( - "bufio" "encoding/json" "errors" "fmt" @@ -690,34 +689,54 @@ func (srv *Server) ImageHistory(name string) ([]APIHistory, error) { func (srv *Server) ContainerTop(name, psArgs string) (*APITop, error) { if container := srv.runtime.Get(name); container != nil { - output, err := exec.Command("lxc-ps", "--name", container.ID, "--", psArgs).CombinedOutput() + pids, err := utils.GetPidsForContainer(container.ID) if err != nil { - return nil, fmt.Errorf("lxc-ps: %s (%s)", err, output) + return nil, err } - procs := APITop{} - for i, line := range strings.Split(string(output), "\n") { + if len(psArgs) == 0 { + psArgs = "-ef" + } + output, err := exec.Command("ps", psArgs).Output() + if err != nil { + return nil, fmt.Errorf("Error running ps: %s", err) + } + + lines := strings.Split(string(output), "\n") + header := strings.Fields(lines[0]) + procs := APITop{ + Titles: header, + } + + pidIndex := -1 + for i, name := range header { + if name == "PID" { + pidIndex = i + } + } + if pidIndex == -1 { + return nil, errors.New("Couldn't find PID field in ps output") + } + + for _, line := range lines[1:] { if len(line) == 0 { continue } - words := []string{} - scanner := bufio.NewScanner(strings.NewReader(line)) - scanner.Split(bufio.ScanWords) - if !scanner.Scan() { - return nil, fmt.Errorf("Wrong output using lxc-ps") + fields := strings.Fields(line) + p, err := strconv.Atoi(fields[pidIndex]) + if err != nil { + return nil, fmt.Errorf("Unexpected pid '%s': %s", fields[pidIndex], err) } - // no scanner.Text because we skip container id - for scanner.Scan() { - if i != 0 && len(words) == len(procs.Titles) { - words[len(words)-1] = fmt.Sprintf("%s %s", words[len(words)-1], scanner.Text()) - } else { - words = append(words, scanner.Text()) + + for _, pid := range pids { + if pid == p { + // Make sure number of fields equals number of header titles + // merging "overhanging" fields + processes := fields[:len(procs.Titles)-1] + processes = append(processes, strings.Join(fields[len(procs.Titles)-1:], " ")) + + procs.Processes = append(procs.Processes, processes) } } - if i == 0 { - procs.Titles = words - } else { - procs.Processes = append(procs.Processes, words) - } } return &procs, nil diff --git a/components/engine/utils/utils.go b/components/engine/utils/utils.go index 6864dddf82..410f33f5ee 100644 --- a/components/engine/utils/utils.go +++ b/components/engine/utils/utils.go @@ -1117,3 +1117,59 @@ func CopyFile(src, dst string) (int64, error) { defer df.Close() return io.Copy(df, sf) } + +// Returns the relative path to the cgroup docker is running in. +func GetThisCgroup(cgroupType string) (string, error) { + output, err := ioutil.ReadFile("/proc/self/cgroup") + if err != nil { + return "", err + } + for _, line := range strings.Split(string(output), "\n") { + parts := strings.Split(line, ":") + // any type used by docker should work + if parts[1] == cgroupType { + return parts[2], nil + } + } + return "", fmt.Errorf("cgroup '%s' not found in /proc/self/cgroup", cgroupType) +} + +// Returns a list of pids for the given container. +func GetPidsForContainer(id string) ([]int, error) { + pids := []int{} + + // memory is chosen randomly, any cgroup used by docker works + cgroupType := "memory" + + cgroupRoot, err := FindCgroupMountpoint(cgroupType) + if err != nil { + return pids, err + } + + cgroupThis, err := GetThisCgroup(cgroupType) + if err != nil { + return pids, err + } + + filename := filepath.Join(cgroupRoot, cgroupThis, id, "tasks") + if _, err := os.Stat(filename); os.IsNotExist(err) { + // With more recent lxc versions use, cgroup will be in lxc/ + filename = filepath.Join(cgroupRoot, cgroupThis, "lxc", id, "tasks") + } + + output, err := ioutil.ReadFile(filename) + if err != nil { + return pids, err + } + for _, p := range strings.Split(string(output), "\n") { + if len(p) == 0 { + continue + } + pid, err := strconv.Atoi(p) + if err != nil { + return pids, fmt.Errorf("Invalid pid '%s': %s", p, err) + } + pids = append(pids, pid) + } + return pids, nil +} From 692e7bb3bdbdc385a07a306827b53da1dbaabc8c Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Mon, 16 Dec 2013 14:35:43 +0100 Subject: [PATCH 009/126] ApplyLayer: Fix TestLookupImage The TestLookupImage test seems to use a layer that contains /etc/postgres/postgres.conf, but not e.g. /etc/postgres. To handle this we ensure that the parent directory always exists, and if not we create it. Upstream-commit: 78c22c24b353d77fdab3e1616d9986a8ae95a7c2 Component: engine --- components/engine/archive/diff.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/components/engine/archive/diff.go b/components/engine/archive/diff.go index 18740fe571..87457f38c1 100644 --- a/components/engine/archive/diff.go +++ b/components/engine/archive/diff.go @@ -49,6 +49,23 @@ func ApplyLayer(dest string, layer Archive) error { return err } + // Normalize name, for safety and for a simple is-root check + hdr.Name = filepath.Clean(hdr.Name) + + if !strings.HasSuffix(hdr.Name, "/") { + // Not the root directory, ensure that the parent directory exists + // This happened in some tests where an image had a tarfile without any + // parent directories + parent := filepath.Dir(hdr.Name) + parentPath := filepath.Join(dest, parent) + if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) { + err = os.MkdirAll(parentPath, 600) + if err != nil { + return err + } + } + } + // Skip AUFS metadata dirs if strings.HasPrefix(hdr.Name, ".wh..wh.") { continue From 6dc8caeed5699e7175c35a25c8f7ec8d1a2feda7 Mon Sep 17 00:00:00 2001 From: Johannes 'fish' Ziemke Date: Mon, 16 Dec 2013 13:29:06 +0100 Subject: [PATCH 010/126] Fix and re-enable TestGetContainersTop Upstream-commit: 5cfcb05486d9b45e347324d92350799ab05c65c8 Component: engine --- components/engine/integration/api_test.go | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/components/engine/integration/api_test.go b/components/engine/integration/api_test.go index b635dd81c0..6cd2e11f39 100644 --- a/components/engine/integration/api_test.go +++ b/components/engine/integration/api_test.go @@ -432,7 +432,6 @@ func TestGetContainersChanges(t *testing.T) { } func TestGetContainersTop(t *testing.T) { - t.Skip("Fixme. Skipping test for now. Reported error when testing using dind: 'api_test.go:527: Expected 2 processes, found 0.'") eng := NewTestEngine(t) defer mkRuntimeFromEngine(eng, t).Nuke() srv := mkServerFromEngine(eng, t) @@ -475,7 +474,7 @@ func TestGetContainersTop(t *testing.T) { }) r := httptest.NewRecorder() - req, err := http.NewRequest("GET", "/"+containerID+"/top?ps_args=u", bytes.NewReader([]byte{})) + req, err := http.NewRequest("GET", "/containers/"+containerID+"/top?ps_args=aux", nil) if err != nil { t.Fatal(err) } @@ -498,11 +497,11 @@ func TestGetContainersTop(t *testing.T) { if len(procs.Processes) != 2 { t.Fatalf("Expected 2 processes, found %d.", len(procs.Processes)) } - if procs.Processes[0][10] != "/bin/sh" && procs.Processes[0][10] != "cat" { - t.Fatalf("Expected `cat` or `/bin/sh`, found %s.", procs.Processes[0][10]) + if procs.Processes[0][10] != "/bin/sh -c cat" { + t.Fatalf("Expected `/bin/sh -c cat`, found %s.", procs.Processes[0][10]) } - if procs.Processes[1][10] != "/bin/sh" && procs.Processes[1][10] != "cat" { - t.Fatalf("Expected `cat` or `/bin/sh`, found %s.", procs.Processes[1][10]) + if procs.Processes[1][10] != "/bin/sh -c cat" { + t.Fatalf("Expected `/bin/sh -c cat`, found %s.", procs.Processes[1][10]) } } From f78ee734d96e44cd25af8d7358c8ef5c77d98998 Mon Sep 17 00:00:00 2001 From: Tim Bosse Date: Mon, 16 Dec 2013 12:04:29 -0500 Subject: [PATCH 011/126] Update binaries.rst Along with the kernel requirement, you need a working copy of lxc. When trying to start using "/docker -d", received error 'initapi: exec: "lxc-start": executable file not found in $PATH' Upstream-commit: 67215250686687134788c4826f3d9eccb9981344 Component: engine --- components/engine/docs/sources/installation/binaries.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/components/engine/docs/sources/installation/binaries.rst b/components/engine/docs/sources/installation/binaries.rst index 759f8a7502..f06a8d6c5f 100644 --- a/components/engine/docs/sources/installation/binaries.rst +++ b/components/engine/docs/sources/installation/binaries.rst @@ -21,6 +21,11 @@ Check Your Kernel Your host's Linux kernel must meet the Docker :ref:`kernel` +Check for User Space Tools +-------------------------- + +You must have a working installation of the `lxc `_ utilities and library. + Get the docker binary: ---------------------- From 3002a11d902c079b0a54820d7b60b4b56644e775 Mon Sep 17 00:00:00 2001 From: Thatcher Peskens Date: Mon, 16 Dec 2013 14:37:56 -0800 Subject: [PATCH 012/126] Improvement upon @SvenDowideit suggestion to make the docs use full-width Moved the style comments source to into the .less file Upstream-commit: fe956ad4495f0ed566bf20cb9cd10e0c54ccef6b Component: engine --- .../engine/docs/theme/docker/layout.html | 4 +-- .../docs/theme/docker/static/css/main.css | 12 ++++--- .../docs/theme/docker/static/css/main.less | 32 ++++++++++++++++++- 3 files changed, 41 insertions(+), 7 deletions(-) diff --git a/components/engine/docs/theme/docker/layout.html b/components/engine/docs/theme/docker/layout.html index 9e7fb6937d..ad34442230 100755 --- a/components/engine/docs/theme/docker/layout.html +++ b/components/engine/docs/theme/docker/layout.html @@ -92,7 +92,7 @@ ================================================== -->
-
+

DOCUMENTATION

@@ -105,7 +105,7 @@
-
+
diff --git a/components/engine/docs/theme/docker/static/css/main.css b/components/engine/docs/theme/docker/static/css/main.css index 605dfc9774..085c9dcd47 100755 --- a/components/engine/docs/theme/docker/static/css/main.css +++ b/components/engine/docs/theme/docker/static/css/main.css @@ -186,8 +186,15 @@ body { .main-row { margin-top: 40px; } +.sidebar { + width: 215px; + float: left; +} .main-content { padding: 16px 18px inherit; + margin-left: 230px; + /* space for sidebar */ + } /* ======================= Social footer @@ -410,7 +417,7 @@ dt:hover > a.headerlink { .admonition.seealso { border-color: #23cb1f; } - +/* Add styles for other types of comments */ .versionchanged, .versionadded, .versionmodified, @@ -418,15 +425,12 @@ dt:hover > a.headerlink { font-size: larger; font-weight: bold; } - .versionchanged { color: lightseagreen; } - .versionadded { color: mediumblue; } - .deprecated { color: orangered; } diff --git a/components/engine/docs/theme/docker/static/css/main.less b/components/engine/docs/theme/docker/static/css/main.less index ce18a387a6..1957280f27 100644 --- a/components/engine/docs/theme/docker/static/css/main.less +++ b/components/engine/docs/theme/docker/static/css/main.less @@ -98,7 +98,6 @@ p a { } - .navbar .brand { margin-left: 0px; float: left; @@ -317,10 +316,18 @@ body { margin-top: 40px; } +.sidebar { + width: 215px; + float: left; +} + .main-content { padding: 16px 18px inherit; + margin-left: 230px; /* space for sidebar */ } + + /* ======================= Social footer ======================= */ @@ -612,3 +619,26 @@ dt:hover > a.headerlink { } +/* Add styles for other types of comments */ + +.versionchanged, +.versionadded, +.versionmodified, +.deprecated { + font-size: larger; + font-weight: bold; +} + +.versionchanged { + color: lightseagreen; +} + +.versionadded { + color: mediumblue; +} + +.deprecated { + color: orangered; +} + + From f97eeadc021506ce3613e45168d278db7c307f7b Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Mon, 16 Dec 2013 15:43:46 -0800 Subject: [PATCH 013/126] Change version to 0.7.2-dev Upstream-commit: 64136071c6128fc759f1040186b06fee61d6aab6 Component: engine --- components/engine/VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/VERSION b/components/engine/VERSION index 7486fdbc50..c7d2522718 100644 --- a/components/engine/VERSION +++ b/components/engine/VERSION @@ -1 +1 @@ -0.7.2 +0.7.2-dev From 706b718f39151f30ac7729ee1c69d7dbf08240b2 Mon Sep 17 00:00:00 2001 From: "Guillaume J. Charmes" Date: Mon, 16 Dec 2013 16:30:23 -0800 Subject: [PATCH 014/126] Allow to use -H unix:// like -H tcp:// Upstream-commit: 20605eb310f0b57bd06eea80ec63c5022fc83bde Component: engine --- components/engine/opts.go | 2 +- components/engine/utils/utils.go | 30 ++++++++++++++++++++++----- components/engine/utils/utils_test.go | 18 ++++++++++------ 3 files changed, 38 insertions(+), 12 deletions(-) diff --git a/components/engine/opts.go b/components/engine/opts.go index ea5163e619..3119f9dd10 100644 --- a/components/engine/opts.go +++ b/components/engine/opts.go @@ -129,7 +129,7 @@ func ValidateEnv(val string) (string, error) { } func ValidateHost(val string) (string, error) { - host, err := utils.ParseHost(DEFAULTHTTPHOST, DEFAULTHTTPPORT, val) + host, err := utils.ParseHost(DEFAULTHTTPHOST, DEFAULTHTTPPORT, DEFAULTUNIXSOCKET, val) if err != nil { return val, err } diff --git a/components/engine/utils/utils.go b/components/engine/utils/utils.go index 6864dddf82..c592b4ebfc 100644 --- a/components/engine/utils/utils.go +++ b/components/engine/utils/utils.go @@ -776,11 +776,21 @@ func GetNameserversAsCIDR(resolvConf []byte) []string { return nameservers } -func ParseHost(host string, port int, addr string) (string, error) { - var proto string +// FIXME: Change this not to receive default value as parameter +func ParseHost(defaultHost string, defaultPort int, defaultUnix, addr string) (string, error) { + var ( + proto string + host string + port int + ) + switch { case strings.HasPrefix(addr, "unix://"): - return addr, nil + proto = "unix" + addr = strings.TrimPrefix(addr, "unix://") + if addr == "" { + addr = defaultUnix + } case strings.HasPrefix(addr, "tcp://"): proto = "tcp" addr = strings.TrimPrefix(addr, "tcp://") @@ -791,19 +801,29 @@ func ParseHost(host string, port int, addr string) (string, error) { proto = "tcp" } - if strings.Contains(addr, ":") { + if proto != "unix" && strings.Contains(addr, ":") { hostParts := strings.Split(addr, ":") if len(hostParts) != 2 { return "", fmt.Errorf("Invalid bind address format: %s", addr) } if hostParts[0] != "" { host = hostParts[0] + } else { + host = defaultHost } - if p, err := strconv.Atoi(hostParts[1]); err == nil { + + if p, err := strconv.Atoi(hostParts[1]); err == nil && p != 0 { port = p + } else { + port = defaultPort } + } else { host = addr + port = defaultPort + } + if proto == "unix" { + return fmt.Sprintf("%s://%s", proto, host), nil } return fmt.Sprintf("%s://%s:%d", proto, host, port), nil } diff --git a/components/engine/utils/utils_test.go b/components/engine/utils/utils_test.go index 350ebb911f..4470666641 100644 --- a/components/engine/utils/utils_test.go +++ b/components/engine/utils/utils_test.go @@ -299,22 +299,28 @@ func assertRAMInBytes(t *testing.T, size string, expectError bool, expectedBytes } func TestParseHost(t *testing.T) { - if addr, err := ParseHost("127.0.0.1", 4243, "0.0.0.0"); err != nil || addr != "tcp://0.0.0.0:4243" { + if addr, err := ParseHost("127.0.0.1", 4243, "/var/run/docker.sock", "0.0.0.0"); err != nil || addr != "tcp://0.0.0.0:4243" { t.Errorf("0.0.0.0 -> expected tcp://0.0.0.0:4243, got %s", addr) } - if addr, err := ParseHost("127.0.0.1", 4243, "0.0.0.1:5555"); err != nil || addr != "tcp://0.0.0.1:5555" { + if addr, err := ParseHost("127.0.0.1", 4243, "/var/run/docker.sock", "0.0.0.1:5555"); err != nil || addr != "tcp://0.0.0.1:5555" { t.Errorf("0.0.0.1:5555 -> expected tcp://0.0.0.1:5555, got %s", addr) } - if addr, err := ParseHost("127.0.0.1", 4243, ":6666"); err != nil || addr != "tcp://127.0.0.1:6666" { + if addr, err := ParseHost("127.0.0.1", 4243, "/var/run/docker.sock", ":6666"); err != nil || addr != "tcp://127.0.0.1:6666" { t.Errorf(":6666 -> expected tcp://127.0.0.1:6666, got %s", addr) } - if addr, err := ParseHost("127.0.0.1", 4243, "tcp://:7777"); err != nil || addr != "tcp://127.0.0.1:7777" { + if addr, err := ParseHost("127.0.0.1", 4243, "/var/run/docker.sock", "tcp://:7777"); err != nil || addr != "tcp://127.0.0.1:7777" { t.Errorf("tcp://:7777 -> expected tcp://127.0.0.1:7777, got %s", addr) } - if addr, err := ParseHost("127.0.0.1", 4243, "unix:///var/run/docker.sock"); err != nil || addr != "unix:///var/run/docker.sock" { + if addr, err := ParseHost("127.0.0.1", 4243, "/var/run/docker.sock", "unix:///var/run/docker.sock"); err != nil || addr != "unix:///var/run/docker.sock" { t.Errorf("unix:///var/run/docker.sock -> expected unix:///var/run/docker.sock, got %s", addr) } - if addr, err := ParseHost("127.0.0.1", 4243, "udp://127.0.0.1"); err == nil { + if addr, err := ParseHost("127.0.0.1", 4243, "/var/run/docker.sock", "unix://"); err != nil || addr != "unix:///var/run/docker.sock" { + t.Errorf("unix:///var/run/docker.sock -> expected unix:///var/run/docker.sock, got %s", addr) + } + if addr, err := ParseHost("127.0.0.1", 4243, "/var/run/docker.sock", "udp://127.0.0.1"); err == nil { + t.Errorf("udp protocol address expected error return, but err == nil. Got %s", addr) + } + if addr, err := ParseHost("127.0.0.1", 4243, "/var/run/docker.sock", "udp://127.0.0.1:4243"); err == nil { t.Errorf("udp protocol address expected error return, but err == nil. Got %s", addr) } } From d49fddb6522a5bf1f88429d0e1cd9dee3cba0572 Mon Sep 17 00:00:00 2001 From: "Guillaume J. Charmes" Date: Mon, 16 Dec 2013 16:35:56 -0800 Subject: [PATCH 015/126] Improve TestParseHost Upstream-commit: 69a31c33864abeaacbe9a07e50dd0cd8d406b15e Component: engine --- components/engine/utils/utils_test.go | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/components/engine/utils/utils_test.go b/components/engine/utils/utils_test.go index 4470666641..b31938d9b5 100644 --- a/components/engine/utils/utils_test.go +++ b/components/engine/utils/utils_test.go @@ -299,28 +299,33 @@ func assertRAMInBytes(t *testing.T, size string, expectError bool, expectedBytes } func TestParseHost(t *testing.T) { - if addr, err := ParseHost("127.0.0.1", 4243, "/var/run/docker.sock", "0.0.0.0"); err != nil || addr != "tcp://0.0.0.0:4243" { + var ( + defaultHttpHost = "127.0.0.1" + defaultHttpPort = 4243 + defaultUnix = "/var/run/docker.sock" + ) + if addr, err := ParseHost(defaultHttpHost, defaultHttpPort, defaultUnix, "0.0.0.0"); err != nil || addr != "tcp://0.0.0.0:4243" { t.Errorf("0.0.0.0 -> expected tcp://0.0.0.0:4243, got %s", addr) } - if addr, err := ParseHost("127.0.0.1", 4243, "/var/run/docker.sock", "0.0.0.1:5555"); err != nil || addr != "tcp://0.0.0.1:5555" { + if addr, err := ParseHost(defaultHttpHost, defaultHttpPort, defaultUnix, "0.0.0.1:5555"); err != nil || addr != "tcp://0.0.0.1:5555" { t.Errorf("0.0.0.1:5555 -> expected tcp://0.0.0.1:5555, got %s", addr) } - if addr, err := ParseHost("127.0.0.1", 4243, "/var/run/docker.sock", ":6666"); err != nil || addr != "tcp://127.0.0.1:6666" { + if addr, err := ParseHost(defaultHttpHost, defaultHttpPort, defaultUnix, ":6666"); err != nil || addr != "tcp://127.0.0.1:6666" { t.Errorf(":6666 -> expected tcp://127.0.0.1:6666, got %s", addr) } - if addr, err := ParseHost("127.0.0.1", 4243, "/var/run/docker.sock", "tcp://:7777"); err != nil || addr != "tcp://127.0.0.1:7777" { + if addr, err := ParseHost(defaultHttpHost, defaultHttpPort, defaultUnix, "tcp://:7777"); err != nil || addr != "tcp://127.0.0.1:7777" { t.Errorf("tcp://:7777 -> expected tcp://127.0.0.1:7777, got %s", addr) } - if addr, err := ParseHost("127.0.0.1", 4243, "/var/run/docker.sock", "unix:///var/run/docker.sock"); err != nil || addr != "unix:///var/run/docker.sock" { + if addr, err := ParseHost(defaultHttpHost, defaultHttpPort, defaultUnix, "unix:///var/run/docker.sock"); err != nil || addr != "unix:///var/run/docker.sock" { t.Errorf("unix:///var/run/docker.sock -> expected unix:///var/run/docker.sock, got %s", addr) } - if addr, err := ParseHost("127.0.0.1", 4243, "/var/run/docker.sock", "unix://"); err != nil || addr != "unix:///var/run/docker.sock" { + if addr, err := ParseHost(defaultHttpHost, defaultHttpPort, defaultUnix, "unix://"); err != nil || addr != "unix:///var/run/docker.sock" { t.Errorf("unix:///var/run/docker.sock -> expected unix:///var/run/docker.sock, got %s", addr) } - if addr, err := ParseHost("127.0.0.1", 4243, "/var/run/docker.sock", "udp://127.0.0.1"); err == nil { + if addr, err := ParseHost(defaultHttpHost, defaultHttpPort, defaultUnix, "udp://127.0.0.1"); err == nil { t.Errorf("udp protocol address expected error return, but err == nil. Got %s", addr) } - if addr, err := ParseHost("127.0.0.1", 4243, "/var/run/docker.sock", "udp://127.0.0.1:4243"); err == nil { + if addr, err := ParseHost(defaultHttpHost, defaultHttpPort, defaultUnix, "udp://127.0.0.1:4243"); err == nil { t.Errorf("udp protocol address expected error return, but err == nil. Got %s", addr) } } From 7ca46955f3fb1ab63c37ba8d74be88d5bf00c5f1 Mon Sep 17 00:00:00 2001 From: Graydon Hoare Date: Thu, 12 Dec 2013 05:33:15 +0000 Subject: [PATCH 016/126] Factor cache-probing logic out of buildfile.commit() and CmdRun(). Upstream-commit: 7afd7a82bd672bf7b3976458197b8c56c17407de Component: engine --- components/engine/buildfile.go | 54 ++++++++++++++++++++-------------- 1 file changed, 32 insertions(+), 22 deletions(-) diff --git a/components/engine/buildfile.go b/components/engine/buildfile.go index 7d87a17d3a..86ec1b461c 100644 --- a/components/engine/buildfile.go +++ b/components/engine/buildfile.go @@ -87,6 +87,26 @@ func (b *buildFile) CmdMaintainer(name string) error { return b.commit("", b.config.Cmd, fmt.Sprintf("MAINTAINER %s", name)) } +// probeCache checks to see if image-caching is enabled (`b.utilizeCache`) +// and if so attempts to look up the current `b.image` and `b.config` pair +// in the current server `b.srv`. If an image is found, probeCache returns +// `(true, nil)`. If no image is found, it returns `(false, nil)`. If there +// is any error, it returns `(false, err)`. +func (b *buildFile) probeCache() (bool, error) { + if b.utilizeCache { + if cache, err := b.srv.ImageGetCached(b.image, b.config); err != nil { + return false, err + } else if cache != nil { + fmt.Fprintf(b.outStream, " ---> Using cache\n") + utils.Debugf("[BUILDER] Use cached version") + b.image = cache.ID + return true, nil + } else { + utils.Debugf("[BUILDER] Cache miss") + } + } + return false, nil +} func (b *buildFile) CmdRun(args string) error { if b.image == "" { return fmt.Errorf("Please provide a source image with `from` prior to run") @@ -104,17 +124,12 @@ func (b *buildFile) CmdRun(args string) error { utils.Debugf("Command to be executed: %v", b.config.Cmd) - if b.utilizeCache { - if cache, err := b.srv.ImageGetCached(b.image, b.config); err != nil { - return err - } else if cache != nil { - fmt.Fprintf(b.outStream, " ---> Using cache\n") - utils.Debugf("[BUILDER] Use cached version") - b.image = cache.ID - return nil - } else { - utils.Debugf("[BUILDER] Cache miss") - } + hit, err := b.probeCache() + if err != nil { + return err + } + if hit { + return nil } cid, err := b.run() @@ -460,17 +475,12 @@ func (b *buildFile) commit(id string, autoCmd []string, comment string) error { b.config.Cmd = []string{"/bin/sh", "-c", "#(nop) " + comment} defer func(cmd []string) { b.config.Cmd = cmd }(cmd) - if b.utilizeCache { - if cache, err := b.srv.ImageGetCached(b.image, b.config); err != nil { - return err - } else if cache != nil { - fmt.Fprintf(b.outStream, " ---> Using cache\n") - utils.Debugf("[BUILDER] Use cached version") - b.image = cache.ID - return nil - } else { - utils.Debugf("[BUILDER] Cache miss") - } + hit, err := b.probeCache() + if err != nil { + return err + } + if hit { + return nil } container, warnings, err := b.runtime.Create(b.config, "") From 981ec0641dcba8c3c948e78359ab91ba4192ae7a Mon Sep 17 00:00:00 2001 From: Graydon Hoare Date: Thu, 12 Dec 2013 05:33:15 +0000 Subject: [PATCH 017/126] Record added-tree sha256 in buildfile.CmdAdd, probe and use cache. Upstream-commit: 3f9416b58da029b7d82a4908f6c066cee0695edf Component: engine --- components/engine/buildfile.go | 179 ++++++++++++++++++++++++++------- 1 file changed, 144 insertions(+), 35 deletions(-) diff --git a/components/engine/buildfile.go b/components/engine/buildfile.go index 86ec1b461c..745591e734 100644 --- a/components/engine/buildfile.go +++ b/components/engine/buildfile.go @@ -1,6 +1,9 @@ package docker import ( + "archive/tar" + "crypto/sha256" + "encoding/hex" "encoding/json" "fmt" "github.com/dotcloud/docker/archive" @@ -11,9 +14,11 @@ import ( "net/url" "os" "path" + "path/filepath" "reflect" "regexp" "strings" + "time" ) type BuildFile interface { @@ -107,6 +112,67 @@ func (b *buildFile) probeCache() (bool, error) { } return false, nil } + +// hashPath calculates a strong hash (sha256) value for a file tree located +// at `basepth`/`pth`, including all attributes that would normally be +// captured by `tar`. The path to hash is passed in two pieces only to +// permit logging the second piece in isolation, assuming the first is a +// temporary directory in which docker is running. If `clobberTimes` is +// true and hashPath is applied to a single file, the ctime/atime/mtime of +// the file is considered to be unix time 0, for purposes of hashing. +func (b *buildFile) hashPath(basePth, pth string, clobberTimes bool) (string, error) { + + p := path.Join(basePth, pth) + + st, err := os.Stat(p) + if err != nil { + return "", err + } + + h := sha256.New() + + if st.IsDir() { + tarRd, err := archive.Tar(p, archive.Uncompressed) + if err != nil { + return "", err + } + _, err = io.Copy(h, tarRd) + if err != nil { + return "", err + } + + } else { + hdr, err := tar.FileInfoHeader(st, "") + if err != nil { + return "", err + } + if clobberTimes { + hdr.AccessTime = time.Unix(0, 0) + hdr.ChangeTime = time.Unix(0, 0) + hdr.ModTime = time.Unix(0, 0) + } + hdr.Name = filepath.Base(p) + tarWr := tar.NewWriter(h) + if err := tarWr.WriteHeader(hdr); err != nil { + return "", err + } + + fileRd, err := os.Open(p) + if err != nil { + return "", err + } + + if _, err = io.Copy(tarWr, fileRd); err != nil { + return "", err + } + tarWr.Close() + } + + hstr := hex.EncodeToString(h.Sum(nil)) + fmt.Fprintf(b.outStream, " ---> data at %s has sha256 %.12s...\n", pth, hstr) + return hstr, nil +} + func (b *buildFile) CmdRun(args string) error { if b.image == "" { return fmt.Errorf("Please provide a source image with `from` prior to run") @@ -275,32 +341,16 @@ func (b *buildFile) CmdVolume(args string) error { return nil } -func (b *buildFile) addRemote(container *Container, orig, dest string) error { - file, err := utils.Download(orig) +func (b *buildFile) checkPathForAddition(orig string) error { + origPath := path.Join(b.context, orig) + if !strings.HasPrefix(origPath, b.context) { + return fmt.Errorf("Forbidden path outside the build context: %s (%s)", orig, origPath) + } + _, err := os.Stat(origPath) if err != nil { - return err + return fmt.Errorf("%s: no such file or directory", orig) } - defer file.Body.Close() - - // If the destination is a directory, figure out the filename. - if strings.HasSuffix(dest, "/") { - u, err := url.Parse(orig) - if err != nil { - return err - } - path := u.Path - if strings.HasSuffix(path, "/") { - path = path[:len(path)-1] - } - parts := strings.Split(path, "/") - filename := parts[len(parts)-1] - if filename == "" { - return fmt.Errorf("cannot determine filename from url: %s", u) - } - dest = dest + filename - } - - return container.Inject(file.Body, dest) + return nil } func (b *buildFile) addContext(container *Container, orig, dest string) error { @@ -310,9 +360,6 @@ func (b *buildFile) addContext(container *Container, orig, dest string) error { if strings.HasSuffix(dest, "/") { destPath = destPath + "/" } - if !strings.HasPrefix(origPath, b.context) { - return fmt.Errorf("Forbidden path outside the build context: %s (%s)", orig, origPath) - } fi, err := os.Stat(origPath) if err != nil { return fmt.Errorf("%s: no such file or directory", orig) @@ -358,6 +405,74 @@ func (b *buildFile) CmdAdd(args string) error { b.config.Cmd = []string{"/bin/sh", "-c", fmt.Sprintf("#(nop) ADD %s in %s", orig, dest)} b.config.Image = b.image + + origPath := orig + destPath := dest + clobberTimes := false + + if utils.IsURL(orig) { + + clobberTimes = true + + resp, err := utils.Download(orig) + if err != nil { + return err + } + tmpDirName, err := ioutil.TempDir(b.context, "docker-remote") + if err != nil { + return err + } + tmpFileName := path.Join(tmpDirName, "tmp") + tmpFile, err := os.OpenFile(tmpFileName, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0600) + if err != nil { + return err + } + defer os.RemoveAll(tmpDirName) + if _, err = io.Copy(tmpFile, resp.Body); err != nil { + return err + } + origPath = path.Join(filepath.Base(tmpDirName), filepath.Base(tmpFileName)) + tmpFile.Close() + + // If the destination is a directory, figure out the filename. + if strings.HasSuffix(dest, "/") { + u, err := url.Parse(orig) + if err != nil { + return err + } + path := u.Path + if strings.HasSuffix(path, "/") { + path = path[:len(path)-1] + } + parts := strings.Split(path, "/") + filename := parts[len(parts)-1] + if filename == "" { + return fmt.Errorf("cannot determine filename from url: %s", u) + } + destPath = dest + filename + } + } + + if err := b.checkPathForAddition(origPath); err != nil { + return err + } + + // Hash path and check the cache + if b.utilizeCache { + hash, err := b.hashPath(b.context, origPath, clobberTimes) + if err != nil { + return err + } + b.config.Cmd = []string{"/bin/sh", "-c", fmt.Sprintf("#(nop) ADD %s in %s", hash, dest)} + hit, err := b.probeCache() + if err != nil { + return err + } + if hit { + return nil + } + } + // Create the container and start it container, _, err := b.runtime.Create(b.config, "") if err != nil { @@ -370,14 +485,8 @@ func (b *buildFile) CmdAdd(args string) error { } defer container.Unmount() - if utils.IsURL(orig) { - if err := b.addRemote(container, orig, dest); err != nil { - return err - } - } else { - if err := b.addContext(container, orig, dest); err != nil { - return err - } + if err := b.addContext(container, origPath, destPath); err != nil { + return err } if err := b.commit(container.ID, cmd, fmt.Sprintf("ADD %s in %s", orig, dest)); err != nil { From 7900d7c42078e7160e9d4c7c22d5f1f63991fcac Mon Sep 17 00:00:00 2001 From: Graydon Hoare Date: Thu, 12 Dec 2013 05:33:15 +0000 Subject: [PATCH 018/126] Add testcases for ADD caching, closes #880. Upstream-commit: 15a68541196b9b9338923ece6c6b4a69929652d6 Component: engine --- .../engine/integration/buildfile_test.go | 122 ++++++++++++++---- 1 file changed, 94 insertions(+), 28 deletions(-) diff --git a/components/engine/integration/buildfile_test.go b/components/engine/integration/buildfile_test.go index 4d15031d30..21ba42c9aa 100644 --- a/components/engine/integration/buildfile_test.go +++ b/components/engine/integration/buildfile_test.go @@ -425,16 +425,10 @@ func TestBuildEntrypointRunCleanup(t *testing.T) { } } -func TestBuildImageWithCache(t *testing.T) { +func checkCacheBehavior(t *testing.T, template testContextTemplate, expectHit bool) { eng := NewTestEngine(t) defer nuke(mkRuntimeFromEngine(eng, t)) - template := testContextTemplate{` - from {IMAGE} - maintainer dockerio - `, - nil, nil} - img, err := buildImage(template, t, eng, true) if err != nil { t.Fatal(err) @@ -443,43 +437,115 @@ func TestBuildImageWithCache(t *testing.T) { imageId := img.ID img = nil - img, err = buildImage(template, t, eng, true) + img, err = buildImage(template, t, eng, expectHit) if err != nil { t.Fatal(err) } - if imageId != img.ID { - t.Logf("Image ids should match: %s != %s", imageId, img.ID) + hit := imageId == img.ID + if hit != expectHit { + t.Logf("Cache misbehavior, got hit=%t, expected hit=%t: (first: %s, second %s)", + hit, expectHit, imageId, img.ID) t.Fail() } } -func TestBuildImageWithoutCache(t *testing.T) { - eng := NewTestEngine(t) - defer nuke(mkRuntimeFromEngine(eng, t)) - +func TestBuildImageWithCache(t *testing.T) { template := testContextTemplate{` from {IMAGE} maintainer dockerio `, nil, nil} + checkCacheBehavior(t, template, true) +} - img, err := buildImage(template, t, eng, true) - if err != nil { - t.Fatal(err) - } - imageId := img.ID +func TestBuildImageWithoutCache(t *testing.T) { + template := testContextTemplate{` + from {IMAGE} + maintainer dockerio + `, + nil, nil} + checkCacheBehavior(t, template, false) +} - img = nil - img, err = buildImage(template, t, eng, false) - if err != nil { - t.Fatal(err) - } +func TestBuildADDLocalFileWithCache(t *testing.T) { + template := testContextTemplate{` + from {IMAGE} + maintainer dockerio + run echo "first" + add foo /usr/lib/bla/bar + run echo "second" + `, + [][2]string{{"foo", "hello"}}, + nil} + checkCacheBehavior(t, template, true) +} - if imageId == img.ID { - t.Logf("Image ids should not match: %s == %s", imageId, img.ID) - t.Fail() - } +func TestBuildADDLocalFileWithoutCache(t *testing.T) { + template := testContextTemplate{` + from {IMAGE} + maintainer dockerio + run echo "first" + add foo /usr/lib/bla/bar + run echo "second" + `, + [][2]string{{"foo", "hello"}}, + nil} + checkCacheBehavior(t, template, false) +} + +func TestBuildADDRemoteFileWithCache(t *testing.T) { + template := testContextTemplate{` + from {IMAGE} + maintainer dockerio + run echo "first" + add http://{SERVERADDR}/baz /usr/lib/baz/quux + run echo "second" + `, + nil, + [][2]string{{"/baz", "world!"}}} + checkCacheBehavior(t, template, true) +} + +func TestBuildADDRemoteFileWithoutCache(t *testing.T) { + template := testContextTemplate{` + from {IMAGE} + maintainer dockerio + run echo "first" + add http://{SERVERADDR}/baz /usr/lib/baz/quux + run echo "second" + `, + nil, + [][2]string{{"/baz", "world!"}}} + checkCacheBehavior(t, template, false) +} + +func TestBuildADDLocalAndRemoteFilesWithCache(t *testing.T) { + template := testContextTemplate{` + from {IMAGE} + maintainer dockerio + run echo "first" + add foo /usr/lib/bla/bar + add http://{SERVERADDR}/baz /usr/lib/baz/quux + run echo "second" + `, + [][2]string{{"foo", "hello"}}, + [][2]string{{"/baz", "world!"}}} + checkCacheBehavior(t, template, true) +} + +func TestBuildADDLocalAndRemoteFilesWithoutCache(t *testing.T) { + template := testContextTemplate{` + from {IMAGE} + maintainer dockerio + run echo "first" + add foo /usr/lib/bla/bar + add http://{SERVERADDR}/baz /usr/lib/baz/quux + run echo "second" + `, + [][2]string{{"foo", "hello"}}, + [][2]string{{"/baz", "world!"}}} + checkCacheBehavior(t, template, false) } func TestForbiddenContextPath(t *testing.T) { From 75328e1a1dd8df6c908058725c8b6dd0dec579bb Mon Sep 17 00:00:00 2001 From: Graydon Hoare Date: Thu, 12 Dec 2013 05:33:15 +0000 Subject: [PATCH 019/126] Add self to AUTHORS. Upstream-commit: 670b326c1b88d66ef941de5f27867ba6132762a1 Component: engine --- components/engine/AUTHORS | 1 + 1 file changed, 1 insertion(+) diff --git a/components/engine/AUTHORS b/components/engine/AUTHORS index 60533c1cc2..beee696146 100644 --- a/components/engine/AUTHORS +++ b/components/engine/AUTHORS @@ -68,6 +68,7 @@ Francisco Souza Frederick F. Kautz IV Gabriel Monroy Gareth Rushgrove +Graydon Hoare Greg Thornton Guillaume J. Charmes Gurjeet Singh From cba2c66d121bc3fc6684575d95c5d1028c0ec302 Mon Sep 17 00:00:00 2001 From: Graydon Hoare Date: Thu, 12 Dec 2013 05:33:15 +0000 Subject: [PATCH 020/126] Add CHANGELOG.md entry for ADD caching. Upstream-commit: a26801c73f535b2e57366b9d6de0453e7c732884 Component: engine --- components/engine/CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/components/engine/CHANGELOG.md b/components/engine/CHANGELOG.md index 060a07c21e..5fb81b4207 100644 --- a/components/engine/CHANGELOG.md +++ b/components/engine/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +#### Builder + +- ADD now uses image cache, based on sha256 of added content. + ## 0.7.2 (2013-12-16) #### Runtime From ffd30c0904d9b89de37d2228d46f1b1404b689af Mon Sep 17 00:00:00 2001 From: Thatcher Peskens Date: Mon, 16 Dec 2013 18:36:35 -0800 Subject: [PATCH 021/126] Added warning when browsing master. & no longer hides alternative versions. Upstream-commit: 746ae155fb5a17c9f31873ad6d387b58574849ba Component: engine --- .../engine/docs/theme/docker/layout.html | 7 ++++-- .../docs/theme/docker/static/css/main.css | 11 +++++----- .../docs/theme/docker/static/css/main.less | 13 ++++++----- .../docs/theme/docker/static/js/docs.js | 22 ++++++++++++------- 4 files changed, 32 insertions(+), 21 deletions(-) diff --git a/components/engine/docs/theme/docker/layout.html b/components/engine/docs/theme/docker/layout.html index ad34442230..1b62dc5c08 100755 --- a/components/engine/docs/theme/docker/layout.html +++ b/components/engine/docs/theme/docker/layout.html @@ -99,7 +99,7 @@ {{ toctree(collapse=False, maxdepth=3) }}
- +
@@ -140,7 +140,9 @@
- Current version: +

Note: You are currently browsing the development documentation. The current release may work differently.

+ + Available versions:
    {% for slug, url in versions %}
  • Local
    • '); - } - - // mark the active documentation in the version widget - $(".version-flyer a:contains('" + doc_version + "')").parent().addClass('active-slug'); - - // attached handler on click // Do not attach to first element or last (intro, faq) so that // first and last link directly instead of accordian @@ -95,4 +87,18 @@ $(function(){ // add class to all those which have children $('.sidebar > ul > li').not(':last').not(':first').addClass('has-children'); + + if (doc_version == "") { + $('.version-flyer ul').html('
  • Local
    • '); + } + + if (doc_version == "master") { + $('.version-flyer .version-note').hide(); + } + + // mark the active documentation in the version widget + $(".version-flyer a:contains('" + doc_version + "')").parent().addClass('active-slug').setAttribute("title", "Current version"); + + + }); \ No newline at end of file From af74b97c6a2052fdfbe50b12c281e1f06cf9cca6 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 5 Dec 2013 02:10:41 -0700 Subject: [PATCH 022/126] Always copy dockerinit locally, regardless of whether our docker binary is static, because even it might get deleted or moved/renamed Upstream-commit: 2035af44aae3664b217d6903cbf39c259f568490 Component: engine --- components/engine/runtime.go | 10 +++++----- components/engine/utils/utils.go | 20 +++++++++++++++++++- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/components/engine/runtime.go b/components/engine/runtime.go index 3268892d56..071e94acd8 100644 --- a/components/engine/runtime.go +++ b/components/engine/runtime.go @@ -734,18 +734,18 @@ func NewRuntimeFromDirectory(config *DaemonConfig) (*Runtime, error) { return nil, fmt.Errorf("Could not locate dockerinit: This usually means docker was built incorrectly. See http://docs.docker.io/en/latest/contributing/devenvironment for official build instructions.") } - if !utils.IAMSTATIC { - if err := os.Mkdir(path.Join(config.Root, fmt.Sprintf("init")), 0700); err != nil && !os.IsExist(err) { + if sysInitPath != localCopy { + // When we find a suitable dockerinit binary (even if it's our local binary), we copy it into config.Root at localCopy for future use (so that the original can go away without that being a problem, for example during a package upgrade). + if err := os.Mkdir(path.Dir(localCopy), 0700); err != nil && !os.IsExist(err) { return nil, err } - if _, err := utils.CopyFile(sysInitPath, localCopy); err != nil { return nil, err } - sysInitPath = localCopy - if err := os.Chmod(sysInitPath, 0700); err != nil { + if err := os.Chmod(localCopy, 0700); err != nil { return nil, err } + sysInitPath = localCopy } runtime := &Runtime{ diff --git a/components/engine/utils/utils.go b/components/engine/utils/utils.go index 6864dddf82..473302bc97 100644 --- a/components/engine/utils/utils.go +++ b/components/engine/utils/utils.go @@ -162,14 +162,23 @@ func Trunc(s string, maxlen int) string { return s[:maxlen] } -// Figure out the absolute path of our own binary +// Figure out the absolute path of our own binary (if it's still around). func SelfPath() string { path, err := exec.LookPath(os.Args[0]) if err != nil { + if os.IsNotExist(err) { + return "" + } + if execErr, ok := err.(*exec.Error); ok && os.IsNotExist(execErr.Err) { + return "" + } panic(err) } path, err = filepath.Abs(path) if err != nil { + if os.IsNotExist(err) { + return "" + } panic(err) } return path @@ -190,7 +199,13 @@ func dockerInitSha1(target string) string { } func isValidDockerInitPath(target string, selfPath string) bool { // target and selfPath should be absolute (InitPath and SelfPath already do this) + if target == "" { + return false + } if IAMSTATIC { + if selfPath == "" { + return false + } if target == selfPath { return true } @@ -229,6 +244,9 @@ func DockerInitPath(localCopy string) string { "/usr/local/lib/docker/dockerinit", } for _, dockerInit := range possibleInits { + if dockerInit == "" { + continue + } path, err := exec.LookPath(dockerInit) if err == nil { path, err = filepath.Abs(path) From c79738b3bc22d5c239823cdb8737e7213ba108b4 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 5 Dec 2013 02:14:15 -0700 Subject: [PATCH 023/126] Add dockerinit SHA1 and path to "docker info" when debug mode is enabled Upstream-commit: f02d766f9a93bf86c6473eb2772bc239ffaa1cd6 Component: engine --- components/engine/commands.go | 7 +++++++ components/engine/server.go | 9 +++++++++ 2 files changed, 16 insertions(+) diff --git a/components/engine/commands.go b/components/engine/commands.go index ef6dce6bd5..638af7f514 100644 --- a/components/engine/commands.go +++ b/components/engine/commands.go @@ -469,6 +469,13 @@ func (cli *DockerCli) CmdInfo(args ...string) error { fmt.Fprintf(cli.out, "LXC Version: %s\n", remoteInfo.Get("LXCVersion")) fmt.Fprintf(cli.out, "EventsListeners: %d\n", remoteInfo.GetInt("NEventsListener")) fmt.Fprintf(cli.out, "Kernel Version: %s\n", remoteInfo.Get("KernelVersion")) + + if initSha1 := remoteInfo.Get("InitSha1"); initSha1 != "" { + fmt.Fprintf(cli.out, "Init SHA1: %s\n", initSha1) + } + if initPath := remoteInfo.Get("InitPath"); initPath != "" { + fmt.Fprintf(cli.out, "Init Path: %s\n", initPath) + } } if len(remoteInfo.GetList("IndexServerAddress")) != 0 { diff --git a/components/engine/server.go b/components/engine/server.go index 9b492a2927..7aa03a0374 100644 --- a/components/engine/server.go +++ b/components/engine/server.go @@ -634,6 +634,13 @@ func (srv *Server) DockerInfo(job *engine.Job) engine.Status { kernelVersion = kv.String() } + // if we still have the original dockerinit binary from before we copied it locally, let's return the path to that, since that's more intuitive (the copied path is trivial to derive by hand given VERSION) + initPath := utils.DockerInitPath("") + if initPath == "" { + // if that fails, we'll just return the path from the runtime + initPath = srv.runtime.sysInitPath + } + v := &engine.Env{} v.SetInt("Containers", len(srv.runtime.List())) v.SetInt("Images", imgcount) @@ -649,6 +656,8 @@ func (srv *Server) DockerInfo(job *engine.Job) engine.Status { v.SetInt("NEventsListener", len(srv.events)) v.Set("KernelVersion", kernelVersion) v.Set("IndexServerAddress", auth.IndexServerAddress()) + v.Set("InitSha1", utils.INITSHA1) + v.Set("InitPath", initPath) if _, err := v.WriteTo(job.Stdout); err != nil { job.Error(err) return engine.StatusErr From a7db351ec080ee61a1a4928c7d46c3c08c3a8447 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 5 Dec 2013 02:15:47 -0700 Subject: [PATCH 024/126] Allow packagers to specify a custom dockerinit lookup location via DOCKER_INITPATH in dynbinary Only necessary if distro policy dictates that the path deviate from the paths already listed in utils/utils.go - please refrain from using it otherwise. Upstream-commit: 2ed1001c57646f6869016739a8e177bb52f32e2a Component: engine --- components/engine/hack/make/dynbinary | 2 +- components/engine/utils/utils.go | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/components/engine/hack/make/dynbinary b/components/engine/hack/make/dynbinary index 100c00eed5..2ee1ecacb3 100644 --- a/components/engine/hack/make/dynbinary +++ b/components/engine/hack/make/dynbinary @@ -12,6 +12,6 @@ export DOCKER_INITSHA1="$(sha1sum $DEST/dockerinit-$VERSION | cut -d' ' -f1)" # exported so that "dyntest" can easily access it later without recalculating it ( - export LDFLAGS_STATIC="-X github.com/dotcloud/docker/utils.INITSHA1 \"$DOCKER_INITSHA1\"" + export LDFLAGS_STATIC="-X github.com/dotcloud/docker/utils.INITSHA1 \"$DOCKER_INITSHA1\" -X github.com/dotcloud/docker/utils.INITPATH \"$DOCKER_INITPATH\"" source "$(dirname "$BASH_SOURCE")/binary" ) diff --git a/components/engine/utils/utils.go b/components/engine/utils/utils.go index 473302bc97..f6e65420e8 100644 --- a/components/engine/utils/utils.go +++ b/components/engine/utils/utils.go @@ -26,6 +26,7 @@ import ( var ( IAMSTATIC bool // whether or not Docker itself was compiled statically via ./hack/make.sh binary INITSHA1 string // sha1sum of separate static dockerinit, if Docker itself was compiled dynamically via ./hack/make.sh dynbinary + INITPATH string // custom location to search for a valid dockerinit binary (available for packagers as a last resort escape hatch) ) // A common interface to access the Fatal method of @@ -231,6 +232,7 @@ func DockerInitPath(localCopy string) string { } var possibleInits = []string{ localCopy, + INITPATH, filepath.Join(filepath.Dir(selfPath), "dockerinit"), // FHS 3.0 Draft: "/usr/libexec includes internal binaries that are not intended to be executed directly by users or shell scripts. Applications may use a single subdirectory under /usr/libexec." From 55aa26742d5719ec61ad8a088cc2b252e14999f2 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 16 Dec 2013 22:54:06 -0700 Subject: [PATCH 025/126] Fix "go tool cover" detection to only add -cover and -coverprofile if we both have cover support in Go, and if we have the cover tool downloaded Upstream-commit: eddda577a4dd7f8fb4fb67fd1600c2a7c5de40c7 Component: engine --- components/engine/hack/make.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh index 91f641af89..c49a37e9a2 100755 --- a/components/engine/hack/make.sh +++ b/components/engine/hack/make.sh @@ -66,7 +66,10 @@ LDFLAGS_STATIC='-X github.com/dotcloud/docker/utils.IAMSTATIC true -linkmode ext BUILDFLAGS='-tags netgo' HAVE_GO_TEST_COVER= -if go help testflag | grep -q -- -cover; then +if \ + go help testflag | grep -q -- -cover \ + && go tool -n cover > /dev/null 2>&1 \ +; then HAVE_GO_TEST_COVER=1 fi From 2433f050d8fb63207de09376481301353e098f1f Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 16 Dec 2013 23:43:47 -0700 Subject: [PATCH 026/126] Add "-a" back to our "go build" Upstream-commit: a1c5e276f4cfe4ab498b6e013e61bfc957ce6852 Component: engine --- components/engine/Dockerfile | 2 +- components/engine/hack/make/binary | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/components/engine/Dockerfile b/components/engine/Dockerfile index b06c6553e0..47fb58a693 100644 --- a/components/engine/Dockerfile +++ b/components/engine/Dockerfile @@ -39,7 +39,7 @@ RUN apt-get install -y -q build-essential libsqlite3-dev RUN curl -s https://go.googlecode.com/files/go1.2.src.tar.gz | tar -v -C /usr/local -xz ENV PATH /usr/local/go/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin ENV GOPATH /go:/go/src/github.com/dotcloud/docker/vendor -RUN cd /usr/local/go/src && ./make.bash && go install -ldflags '-w -linkmode external -extldflags "-static -Wl,--unresolved-symbols=ignore-in-shared-libs"' -tags netgo -a std +RUN cd /usr/local/go/src && ./make.bash # Ubuntu stuff RUN apt-get install -y -q ruby1.9.3 rubygems libffi-dev diff --git a/components/engine/hack/make/binary b/components/engine/hack/make/binary index 93e99fee8f..a7b22979e5 100644 --- a/components/engine/hack/make/binary +++ b/components/engine/hack/make/binary @@ -2,5 +2,5 @@ DEST=$1 -go build -o $DEST/docker-$VERSION -ldflags "$LDFLAGS $LDFLAGS_STATIC" $BUILDFLAGS ./docker +go build -a -o $DEST/docker-$VERSION -ldflags "$LDFLAGS $LDFLAGS_STATIC" $BUILDFLAGS ./docker echo "Created binary: $DEST/docker-$VERSION" From d08328798577dccf31d0f4d6e7eb180b6526e707 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 16 Dec 2013 23:57:54 -0700 Subject: [PATCH 027/126] Purge more hack references to Go 1.1.2 (since it requires backported archive/tar patches now, and Go 1.2 is _widely_ packaged successfully) Upstream-commit: 5e9b4a23e6bde9e7d65ebc8b4bdfec4e1486df3a Component: engine --- components/engine/hack/PACKAGERS.md | 5 ++--- .../engine/hack/infrastructure/docker-ci/deployment.py | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/components/engine/hack/PACKAGERS.md b/components/engine/hack/PACKAGERS.md index 90f99a799f..a818e5ebfc 100644 --- a/components/engine/hack/PACKAGERS.md +++ b/components/engine/hack/PACKAGERS.md @@ -36,7 +36,7 @@ To build docker, you will need the following system dependencies * An amd64 machine * A recent version of git and mercurial -* Go version 1.2 or later (see notes below regarding using Go 1.1.2 and dynbinary) +* Go version 1.2 or later * SQLite version 3.7.9 or later * A clean checkout of the source must be added to a valid Go [workspace](http://golang.org/doc/code.html#Workspaces) under the path *src/github.com/dotcloud/docker*. @@ -91,8 +91,7 @@ You would do the users of your distro a disservice and "void the docker warranty A good comparison is Busybox: all distros package it as a statically linked binary, because it just makes sense. Docker is the same way. -If you *must* have a non-static Docker binary, or require Go 1.1.2 (since Go 1.2 is still freshly released -at the time of this writing), please use: +If you *must* have a non-static Docker binary, please use: ```bash ./hack/make.sh dynbinary diff --git a/components/engine/hack/infrastructure/docker-ci/deployment.py b/components/engine/hack/infrastructure/docker-ci/deployment.py index c04219d523..8fb0766bfe 100755 --- a/components/engine/hack/infrastructure/docker-ci/deployment.py +++ b/components/engine/hack/infrastructure/docker-ci/deployment.py @@ -136,7 +136,7 @@ sudo('echo -e "deb http://archive.ubuntu.com/ubuntu raring main universe\n' sudo('DEBIAN_FRONTEND=noninteractive apt-get install -q -y wget python-dev' ' python-pip supervisor git mercurial linux-image-extra-$(uname -r)' ' aufs-tools make libfontconfig libevent-dev libsqlite3-dev libssl-dev') -sudo('wget -O - https://go.googlecode.com/files/go1.1.2.linux-amd64.tar.gz | ' +sudo('wget -O - https://go.googlecode.com/files/go1.2.linux-amd64.tar.gz | ' 'tar -v -C /usr/local -xz; ln -s /usr/local/go/bin/go /usr/bin/go') sudo('GOPATH=/go go get -d github.com/dotcloud/docker') sudo('pip install -r {}/requirements.txt'.format(CFG_PATH)) From fe64f8a242b69b8af7679951106ac9161243937a Mon Sep 17 00:00:00 2001 From: Danny Yates Date: Tue, 17 Dec 2013 12:31:35 +0000 Subject: [PATCH 028/126] Improve error message when refusing to remove image due to multiple repo tags Upstream-commit: c3705e83e7eac1e67dbb9c6fc354063bbe43eae6 Component: engine --- components/engine/docs/sources/commandline/cli.rst | 2 +- components/engine/server.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/components/engine/docs/sources/commandline/cli.rst b/components/engine/docs/sources/commandline/cli.rst index 9b1db93556..ec69fc1c86 100644 --- a/components/engine/docs/sources/commandline/cli.rst +++ b/components/engine/docs/sources/commandline/cli.rst @@ -952,7 +952,7 @@ image is removed. test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) $ sudo docker rmi fd484f19954f - Error: Conflict, fd484f19954f wasn't deleted + Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories 2013/12/11 05:47:16 Error: failed to remove one or more images $ sudo docker rmi test1 diff --git a/components/engine/server.go b/components/engine/server.go index 9b492a2927..85f3a7465f 100644 --- a/components/engine/server.go +++ b/components/engine/server.go @@ -1567,7 +1567,7 @@ func (srv *Server) deleteImage(img *Image, repoName, tag string) ([]APIRmi, erro } else if repoName != parsedRepo { // the id belongs to multiple repos, like base:latest and user:test, // in that case return conflict - return imgs, nil + return nil, fmt.Errorf("Conflict, cannot delete image %s because it is tagged in multiple repositories", utils.TruncateID(img.ID)) } } } else { From c725c9d310c6294bccf3486d736172fc400aa895 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Tue, 17 Dec 2013 14:19:48 +0100 Subject: [PATCH 029/126] Handle compressed tars in ApplyLayer When pulling from a registry we get a compressed tar archive, so we need to wrap the stream in the right kind of compress reader. Unfortunately go doesn't have an Xz decompression method, but I don't think any docker layers use that atm anyway. Upstream-commit: a96a26c62f6333e61134759256db43a7f5946631 Component: engine --- components/engine/archive/archive.go | 31 ++++++++++++++++++++++++++++ components/engine/archive/diff.go | 5 +++++ 2 files changed, 36 insertions(+) diff --git a/components/engine/archive/archive.go b/components/engine/archive/archive.go index 838f8f6e7f..78d5aae18c 100644 --- a/components/engine/archive/archive.go +++ b/components/engine/archive/archive.go @@ -3,6 +3,8 @@ package archive import ( "archive/tar" "bytes" + "compress/gzip" + "compress/bzip2" "fmt" "github.com/dotcloud/docker/utils" "io" @@ -59,6 +61,35 @@ func DetectCompression(source []byte) Compression { return Uncompressed } +func DecompressStream(archive io.Reader) (io.Reader, error) { + buf := make([]byte, 10) + totalN := 0 + for totalN < 10 { + n, err := archive.Read(buf[totalN:]) + if err != nil { + if err == io.EOF { + return nil, fmt.Errorf("Tarball too short") + } + return nil, err + } + totalN += n + utils.Debugf("[tar autodetect] n: %d", n) + } + compression := DetectCompression(buf) + wrap := io.MultiReader(bytes.NewReader(buf), archive) + + switch compression { + case Uncompressed: + return wrap, nil + case Gzip: + return gzip.NewReader(wrap) + case Bzip2: + return bzip2.NewReader(wrap), nil + default: + return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension()) + } +} + func (compression *Compression) Flag() string { switch *compression { case Bzip2: diff --git a/components/engine/archive/diff.go b/components/engine/archive/diff.go index 87457f38c1..72a53de02e 100644 --- a/components/engine/archive/diff.go +++ b/components/engine/archive/diff.go @@ -34,6 +34,11 @@ func ApplyLayer(dest string, layer Archive) error { oldmask := syscall.Umask(0) defer syscall.Umask(oldmask) + layer, err := DecompressStream(layer) + if err != nil { + return err + } + tr := tar.NewReader(layer) var dirs []*tar.Header From daea5c989f880a01adbf962667027f4b43171568 Mon Sep 17 00:00:00 2001 From: Danny Yates Date: Tue, 17 Dec 2013 13:50:37 +0000 Subject: [PATCH 030/126] Tidy up some of the error messages from apt during build Upstream-commit: 36e060299f2c3d73b26f556f73ba58a9738fd23e Component: engine --- components/engine/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/components/engine/Dockerfile b/components/engine/Dockerfile index b06c6553e0..83a246a4cb 100644 --- a/components/engine/Dockerfile +++ b/components/engine/Dockerfile @@ -27,9 +27,13 @@ docker-version 0.6.1 FROM ubuntu:12.04 MAINTAINER Solomon Hykes +# Prevent apt-get install from trying to prompt for stuff +ENV DEBIAN_FRONTEND noninteractive + # Build dependencies RUN echo 'deb http://archive.ubuntu.com/ubuntu precise main universe' > /etc/apt/sources.list RUN apt-get update +RUN apt-get install -y -q apt-utils RUN apt-get install -y -q curl RUN apt-get install -y -q git RUN apt-get install -y -q mercurial From 43c7f2497f46231c85540cbcf2d508bbd7d493b8 Mon Sep 17 00:00:00 2001 From: "Guillaume J. Charmes" Date: Mon, 16 Dec 2013 17:35:23 -0800 Subject: [PATCH 031/126] Update docs Upstream-commit: 379a7fab0717475353e3f6f4ac0ccbc13a55e86e Component: engine --- components/engine/docs/sources/commandline/cli.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/engine/docs/sources/commandline/cli.rst b/components/engine/docs/sources/commandline/cli.rst index 9b1db93556..a3df35b437 100644 --- a/components/engine/docs/sources/commandline/cli.rst +++ b/components/engine/docs/sources/commandline/cli.rst @@ -12,7 +12,7 @@ To list available commands, either run ``docker`` with no parameters or execute $ sudo docker Usage: docker [OPTIONS] COMMAND [arg...] - -H=[unix:///var/run/docker.sock]: tcp://host:port to bind/connect to or unix://path/to/socket to use + -H=[unix:///var/run/docker.sock]: tcp://[host[:port]] to bind/connect to or unix://[/path/to/socket] to use. When host=[0.0.0.0], port=[4243] or path=[/var/run/docker.sock] is omitted, default values are used. A self-sufficient runtime for linux containers. @@ -27,7 +27,7 @@ To list available commands, either run ``docker`` with no parameters or execute Usage of docker: -D=false: Enable debug mode - -H=[unix:///var/run/docker.sock]: Multiple tcp://host:port or unix://path/to/socket to bind in daemon mode, single connection otherwise + -H=[unix:///var/run/docker.sock]: tcp://[host[:port]] to bind or unix://[/path/to/socket] to use. When host=[0.0.0.0], port=[4243] or path=[/var/run/docker.sock] is omitted, default values are used. -api-enable-cors=false: Enable CORS headers in the remote API -b="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking -bip="": Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of -b From fccc41956a665daae1bb1acff34f5105f34b81a6 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Tue, 17 Dec 2013 10:33:52 -0600 Subject: [PATCH 032/126] update fedora doc: docker and docker-io conflict Signed-off-by: Lokesh Mandvekar Upstream-commit: 7d95145b76decc511bc78d887ec3843bd182e58a Component: engine --- .../docs/sources/installation/fedora.rst | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/components/engine/docs/sources/installation/fedora.rst b/components/engine/docs/sources/installation/fedora.rst index 9525371f03..75c3503f28 100644 --- a/components/engine/docs/sources/installation/fedora.rst +++ b/components/engine/docs/sources/installation/fedora.rst @@ -18,12 +18,32 @@ architecture. Installation ------------ +The ``docker-io`` package provides Docker on fedora. + +If you already have the (unrelated) ``docker`` package installed, it will +conflict with ``docker-io``. There's a `bug report`_ filed for it. +To proceed with ``docker-io`` installation on fedora 19, please remove +``docker`` first. + +.. code-block:: bash + + sudo yum -y remove docker + +For fedora 20 and above, the ``wmdocker`` package will provide the same +functionality as ``docker`` and will also not conflict with ``docker-io`` + +.. code-block:: bash + + sudo yum -y install wmdocker + sudo yum -y remove docker + Install the ``docker-io`` package which will install Docker on our host. .. code-block:: bash sudo yum -y install docker-io + To update the ``docker-io`` package .. code-block:: bash @@ -50,3 +70,4 @@ Now let's verify that Docker is working. **Done!**, now continue with the :ref:`hello_world` example. +.. _bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1043676 From 3fa358de8887bcd652e9cc973945e4016cf8f2d4 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Tue, 17 Dec 2013 10:56:31 -0600 Subject: [PATCH 033/126] docker and docker-io conflict update for epel Signed-off-by: Lokesh Mandvekar Upstream-commit: 30b4a0f76a63f24f96ba588216990f0ae7cd60a2 Component: engine --- components/engine/docs/sources/installation/fedora.rst | 2 ++ components/engine/docs/sources/installation/rhel.rst | 10 ++++++++++ 2 files changed, 12 insertions(+) diff --git a/components/engine/docs/sources/installation/fedora.rst b/components/engine/docs/sources/installation/fedora.rst index 75c3503f28..a73a8e8530 100644 --- a/components/engine/docs/sources/installation/fedora.rst +++ b/components/engine/docs/sources/installation/fedora.rst @@ -20,6 +20,7 @@ Installation The ``docker-io`` package provides Docker on fedora. + If you already have the (unrelated) ``docker`` package installed, it will conflict with ``docker-io``. There's a `bug report`_ filed for it. To proceed with ``docker-io`` installation on fedora 19, please remove @@ -71,3 +72,4 @@ Now let's verify that Docker is working. **Done!**, now continue with the :ref:`hello_world` example. .. _bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1043676 + diff --git a/components/engine/docs/sources/installation/rhel.rst b/components/engine/docs/sources/installation/rhel.rst index 993d329df7..b928b333f4 100644 --- a/components/engine/docs/sources/installation/rhel.rst +++ b/components/engine/docs/sources/installation/rhel.rst @@ -28,6 +28,15 @@ Installation Firstly, you need to install the EPEL repository. Please follow the `EPEL installation instructions`_. +The ``docker-io`` package provides Docker on EPEL. + + +If you already have the (unrelated) ``docker`` package installed, it will +conflict with ``docker-io``. There's a `bug report`_ filed for it. +To proceed with ``docker-io`` installation, please remove +``docker`` first. + + Next, let's install the ``docker-io`` package which will install Docker on our host. .. code-block:: bash @@ -68,4 +77,5 @@ If you have any issues - please report them directly in the `Red Hat Bugzilla fo .. _Extra Packages for Enterprise Linux (EPEL): https://fedoraproject.org/wiki/EPEL .. _EPEL installation instructions: https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F .. _Red Hat Bugzilla for docker-io component : https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=docker-io +.. _bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1043676 From 2b1ed3c336d9c698e8ab85defc4593a13b10a3b6 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Tue, 17 Dec 2013 11:32:40 -0600 Subject: [PATCH 034/126] Fedora first letter capitalize and misc. rewording Signed-off-by: Lokesh Mandvekar Upstream-commit: 25be0b1e987934ca39085894730b54f4bbcd8ad2 Component: engine --- .../engine/docs/sources/installation/fedora.rst | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/components/engine/docs/sources/installation/fedora.rst b/components/engine/docs/sources/installation/fedora.rst index a73a8e8530..de296b4df2 100644 --- a/components/engine/docs/sources/installation/fedora.rst +++ b/components/engine/docs/sources/installation/fedora.rst @@ -1,6 +1,6 @@ :title: Requirements and Installation on Fedora :description: Please note this project is currently under heavy development. It should not be used in production. -:keywords: Docker, Docker documentation, fedora, requirements, virtualbox, vagrant, git, ssh, putty, cygwin, linux +:keywords: Docker, Docker documentation, Fedora, requirements, virtualbox, vagrant, git, ssh, putty, cygwin, linux .. _fedora: @@ -18,20 +18,20 @@ architecture. Installation ------------ -The ``docker-io`` package provides Docker on fedora. +The ``docker-io`` package provides Docker on Fedora. -If you already have the (unrelated) ``docker`` package installed, it will +If you have the (unrelated) ``docker`` package installed already, it will conflict with ``docker-io``. There's a `bug report`_ filed for it. -To proceed with ``docker-io`` installation on fedora 19, please remove +To proceed with ``docker-io`` installation on Fedora 19, please remove ``docker`` first. .. code-block:: bash sudo yum -y remove docker -For fedora 20 and above, the ``wmdocker`` package will provide the same -functionality as ``docker`` and will also not conflict with ``docker-io`` +For Fedora 20 and later, the ``wmdocker`` package will provide the same +functionality as ``docker`` and will also not conflict with ``docker-io``. .. code-block:: bash @@ -45,7 +45,7 @@ Install the ``docker-io`` package which will install Docker on our host. sudo yum -y install docker-io -To update the ``docker-io`` package +To update the ``docker-io`` package: .. code-block:: bash From 2756066cbe1dc2431843bf78f2a771e6008f873b Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 17 Dec 2013 10:38:55 -0700 Subject: [PATCH 035/126] Fix minor sphinx warning Upstream-commit: 81d112cb7fc19e4919f9916c08d8409c74aa117a Component: engine --- components/engine/docs/sources/contributing/devenvironment.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/docs/sources/contributing/devenvironment.rst b/components/engine/docs/sources/contributing/devenvironment.rst index cc254bbc68..6675173584 100644 --- a/components/engine/docs/sources/contributing/devenvironment.rst +++ b/components/engine/docs/sources/contributing/devenvironment.rst @@ -136,7 +136,7 @@ You can run an interactive session in the newly built container: Extra Step: Build and view the Documentation -------------------------------------------- +-------------------------------------------- If you want to read the documentation from a local website, or are making changes to it, you can build the documentation and then serve it by: From 96dc4ccb26939ad685bc7fef22bad13aa95e0d16 Mon Sep 17 00:00:00 2001 From: Thatcher Peskens Date: Tue, 17 Dec 2013 10:39:22 -0800 Subject: [PATCH 036/126] Removed unnessary span element from version floater and Replaced social footer by the one from www.docker.io Upstream-commit: efc0610c0eec78850e0fc1e4f09bb294693a31e5 Component: engine --- .../engine/docs/theme/docker/layout.html | 13 +++- .../docs/theme/docker/static/css/main.css | 50 +++++++++++--- .../docs/theme/docker/static/css/main.less | 62 ++++++++++++++---- .../theme/docker/static/img/footer-links.png | Bin 2152 -> 0 bytes .../static/img/social/docker_social_logos.png | Bin 0 -> 3130 bytes 5 files changed, 103 insertions(+), 22 deletions(-) delete mode 100644 components/engine/docs/theme/docker/static/img/footer-links.png create mode 100644 components/engine/docs/theme/docker/static/img/social/docker_social_logos.png diff --git a/components/engine/docs/theme/docker/layout.html b/components/engine/docs/theme/docker/layout.html index 1b62dc5c08..a966556044 100755 --- a/components/engine/docs/theme/docker/layout.html +++ b/components/engine/docs/theme/docker/layout.html @@ -134,13 +134,20 @@
-

Note: You are currently browsing the development documentation. The current release may work differently.

+

Note: You are currently browsing the development documentation. The current release may work differently.

Available versions:
    diff --git a/components/engine/docs/theme/docker/static/css/main.css b/components/engine/docs/theme/docker/static/css/main.css index 25a4b52754..bc47c549a9 100755 --- a/components/engine/docs/theme/docker/static/css/main.css +++ b/components/engine/docs/theme/docker/static/css/main.css @@ -205,20 +205,54 @@ body { } .social .twitter, .social .github, -.social .googleplus { - background: url("https://www.docker.io/static/img/footer-links.png") no-repeat transparent; +.social .googleplus, +.social .facebook, +.social .slideshare, +.social .linkedin, +.social .flickr, +.social .youtube, +.social .reddit { + background: url("../img/social/docker_social_logos.png") no-repeat transparent; display: inline-block; - height: 35px; + height: 32px; overflow: hidden; text-indent: 9999px; - width: 35px; - margin-right: 10px; + width: 32px; + margin-right: 5px; +} +.social :hover { + -webkit-transform: rotate(-10deg); + -moz-transform: rotate(-10deg); + -o-transform: rotate(-10deg); + -ms-transform: rotate(-10deg); + transform: rotate(-10deg); } .social .twitter { - background-position: 0px 2px; + background-position: -160px 0px; +} +.social .reddit { + background-position: -256px 0px; } .social .github { - background-position: -59px 2px; + background-position: -64px 0px; +} +.social .googleplus { + background-position: -96px 0px; +} +.social .facebook { + background-position: 0px 0px; +} +.social .slideshare { + background-position: -128px 0px; +} +.social .youtube { + background-position: -192px 0px; +} +.social .flickr { + background-position: -32px 0px; +} +.social .linkedin { + background-position: -224px 0px; } form table th { vertical-align: top; @@ -370,7 +404,7 @@ div.alert.alert-block { } .version-flyer .version-note { font-size: 16px; - color: red; + color: black; } /* ===================================== Styles for diff --git a/components/engine/docs/theme/docker/static/css/main.less b/components/engine/docs/theme/docker/static/css/main.less index a5bdf036c6..164da0497b 100644 --- a/components/engine/docs/theme/docker/static/css/main.less +++ b/components/engine/docs/theme/docker/static/css/main.less @@ -337,24 +337,64 @@ body { margin-top: 15px; } -.social .twitter, .social .github, .social .googleplus { - background: url("https://www.docker.io/static/img/footer-links.png") no-repeat transparent; - display: inline-block; - height: 35px; - overflow: hidden; - text-indent: 9999px; - width: 35px; - margin-right: 10px; +.social { + .twitter, .github, .googleplus, .facebook, .slideshare, .linkedin, .flickr, .youtube, .reddit { + background: url("../img/social/docker_social_logos.png") no-repeat transparent; + display: inline-block; + height: 32px; + overflow: hidden; + text-indent: 9999px; + width: 32px; + margin-right: 5px; + } +} + +.social :hover { + -webkit-transform: rotate(-10deg); + -moz-transform: rotate(-10deg); + -o-transform: rotate(-10deg); + -ms-transform: rotate(-10deg); + transform: rotate(-10deg); } .social .twitter { - background-position: 0px 2px; + background-position: -160px 0px; +} + +.social .reddit { + background-position: -256px 0px; } .social .github { - background-position: -59px 2px; + background-position: -64px 0px; } +.social .googleplus { + background-position: -96px 0px; +} + +.social .facebook { + background-position: -0px 0px; +} + +.social .slideshare { + background-position: -128px 0px; +} + +.social .youtube { + background-position: -192px 0px; +} + +.social .flickr { + background-position: -32px 0px; +} + +.social .linkedin { + background-position: -224px 0px; +} + + + // Styles on the forms // ---------------------------------- @@ -562,7 +602,7 @@ div.alert.alert-block { .version-note { font-size: 16px; - color: red; + color: black; } } diff --git a/components/engine/docs/theme/docker/static/img/footer-links.png b/components/engine/docs/theme/docker/static/img/footer-links.png deleted file mode 100644 index 4bef964214e181fc8c91e83f92daf0326d72bfae..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2152 zcmaJ?c~nzZ9!?+vqClaxKq?p_YE`naClI!TC6pkCMT0CgBoBy?y!7QkLL`VNk;R3f z;DCx%K~Y&Oi>TB}K-sJaVpFX;tSYO5ERI#Q^J2x$AH%$J?z{JQ&-Z=5^_-g>6zFT9 zkJU$^PzEeNW-ziBA9O+ z1YA)lZM-0q19R8`G#)4Q&Xz_d<34_P z#2dtqr3Ev6KKeo|IzAqT#WWI0DwPtYc0>@0BT=YSsz$@smVh7#k`xill@UaewTlW& zK*ECrVpsr*a2iE!444Gd@kpe9r63f4k`+llmI)~sNyZhEC`7U*r9~i{{r{mt;U}~N z4hH^?_kRjYLQ}*5DHxD|Ne~ZdT01$0bCe_LP0Qbv5G+u3@1J5U_$ohcM=TQ8*6RH_5n*@0M6Xcc2 zySSu?YH+FTFq~48mNsig@Dh(b<0Fx#< z-dij3pR+s2Cd~=amujnq+uL>jD4g1SqPbuHLc@jaw-@LY4=tl>etp+VDJ%(CKUZaR z@u`ZDhHY0;tV+DQO*btBpxM@k!(76ihhct{pG;CW(C0a!&n?+sPjunU79uZE=lUb; zD<6Jl!g@FxLr)XyNqh z`Z>JryEr!z#q>Z=Hx6X2`c72@t31b8I#Jp)3Ha23xryQTcDkyxt9diC#m2OAYS0ak>c?Q^n=F1?XWk`rGP=9q zK;Ha=`X?UwFAdi5ZdU{(mz{6(%}CL+`n_V$JU^yqBR-jDk{D4d#^u&^x;TA3S!D$+ z(}RuDGY@X`^`LUl?yhrMtB#-@FFU`wy@wo*lHrST^Xv;1*e~D8st>N*f$`UER*k*A zJA>J8atIpYh|Y~>D>(I6&V&x+@H@V5_46HGcrbjWN1g8abihNWQ~Op!YhA2`!6+)) zD#+|nVdc@BmrU@MRr3_tkCLulb%-rmZq>|x;OLV_5D&@Utzlzt6ntJfR!qEie&IJ` zj~dJJ0khw8TbTO^?;z;s)}igq>J2{_DQo4K3{>T6J-v&EWTf9hUOKnu+aG%^WEs6^ zACB6vzc#KRU{*`G+(XWLO`)fp>iUX~K0Ixe>2T@XF5gPWxb;;9)>^eu2Z?>Xjw+Mh zRjJZ_yHCd$O$18eoy3&#VMRH?TwQ{0@ueQxJUF<(XpjE>th~u;sC1kDZSfbFsHdiaP^F^ztG+g8 zj|>cD=hAPKrUq_2voFrw-=Db7hIz}XXGL=n@0a}SfD2GinN|tatZJr>eowuY4Tf*Of4%M6=8nh4bDi_m-a1b+ukCd+ zMvW^eJr&2OM_zcZ&l)gQod@n_S{8SoYBEkA%x>>Xyz?@2%EGkSJDrvTSr7%!|w&4@m1(D>5VQtk5%v8uc=Ke!DX`3T?K`&@GW=annUV zyZ(KlSIp_I(%tCwrhSx|+AYe-jwZvC|EB**_JO?$+Bq4ozD-A?u+?mI@o_H~&D+oN L4rEq)?a25KFnW0Z diff --git a/components/engine/docs/theme/docker/static/img/social/docker_social_logos.png b/components/engine/docs/theme/docker/static/img/social/docker_social_logos.png new file mode 100644 index 0000000000000000000000000000000000000000..5bde45636554609d2b3522f5f6d3e5d8ed32458e GIT binary patch literal 3130 zcmV-A48`+_P)h61fn z%WcZXA4m|>51>U5pFsQpl=zNHd@GI+It1e4ld1}Ys%#_>e}FhgNaYGG*{DUOAgBW^ zsD%=Ts(|=vQYhR3;v50}qp09iAfTm$_waAz=ega@&hD&ZAN!;yZ+1Pq>zR4K`Mo!9 zCKEe5JF1XE3MphSWWRah14oW{^id-%JAPJ|v_;w}s@;iHNh=B4iR*o%sIo#_%ZVFr zbO%5LK27?V&+&balP;3_Mbo7c2Ad`Zh*E;@Z;{pu@F`?eW#16NN6SJ1K&crIv&UJm z$vM&q(t`jRDNDG9;cdQIoX9I?xL_Cyp#XKqi5@tQC zU_j~aqfNeag_98()&oSr)v*}F`(KWynAg- z>X_Nu8tGq20~ospMk2Kgcc%j|f5728w1mqQgk109*;0bSJgh~x-%d{28KZumSO{p| zjsfry(m&DP-zB|;j&CBp0JiW}(!1&W#bE&CGT^*Tx^8F`vls`dh~rrR(P@B^R6f6K zu#k!)pqBTHa;f~ zAZ?sQ;PYns_%i8B@X7t~D$@7BPA(;MCV9t4|~F7x~l`^9mUY(|*DbOFbs zIC;Zv*Y%|TCVedd%})VJ7hy1bl+Hbj@BUcS^%)E(t8AjP6)^|*Zf3=TIkt274HW}? zv`mY43p0#Th+Aj_x-E~;iGi*mh2t#6bC_$cFeROGp&mvLQd@IhSYkM!{a z(#r{qK1KRAI=%sy?{v+8wo#c~hd)fmSUfT6+vE^=YA~0ngYvfTSdTD1oA^DRX;}OvVU$GOw)C}j*CnJLw+A} zjoai!q}PgbCrH2H8h~6T7nWhP^AWUl1wX7CQ@&}8hFX?W(Acaol#&?D(@GnLC_yoZ z0bV&UxL`!xU4SCaAX^y#XbJtGgwcNi?e81?%~$a`QB$Y~moce^>c_=OIT?2s{Z+bP zdo3?Sf95)Ug&26=Ni64OsuyhLS*|r=LBFAMFQ?yD zdlz4P7T+nyl%I_$zhG&UUJfo)n)=-~T%THuVaVg8qrQ)NsYbAG1?eTEpP_T#Bt7gJfJ~a-6eHGxh41Po zq_tC`1DYKoN%?6tUWt(15Cabku+S+0Q)09XES}Luy{rktGF{O*0KzJc8%Ftq0IGEu zrRnx~c&7(MjAl0gigJJFQQl@Ysh(roge8Nz5OW$o>U=BY?=O@38Ly&7CqBHL% z(jD@YeIlexWUMH=yqj%2vzyQ`vxuwNi#mW;QvOx^2Dvn2PNmBMGW);^et$>VC1IMZ zv<8)K3>MCCVhpSds4Zlr)5A}Dn7?&LnX@t${K5_MI772 zX5!wb>ZsF~)nGt9iz`;a2&C)Pg9}m;1{S2ezmI!w3wLK(^>dtdB1YK&9V{&IPUl9M z;FF}iy7;{-4gqKypj}n&(*racnj0bZylmNznWcP*^hfwSA3*trFz|^J0+^qXa`NGI zuz}l1e+{?pY5IFb8M6|sy|ubI&Gveg6_R<0Yc1vUQPNr z*vF^E?_sj?ew_a-Vm~J9;aJa6cr!N;PCP-%)9_EFzdufTGh8*51%S>*DGPAWE=NN! zkJ*&>T`~ZWL4Y_|>*D=UYzJfNWrD$U* zn>n!)&3a0EXg{98tkbST-7Z~4>a;xeEsqd6- z>b?;HpjO5*w&j!L$W&E-ktcVuNyJE2)!?+ayyq&uGpX`j?^A_ARzu#Ugt$$8NF(ns zBv9F7a!tqYq<2U-zQ^DbHW;TB29#THd@2M$I3D*y(hsR#kXpukp1>f@8PH!5Y)Q*W zeBMUieJl$DsuP{68pdEYbR|UvE?SJXO9pG&fbq{*bjBnzV7}_FaSBA-Agqx~0G&=w zoh*t4tVd97`QCX+4PZA6X=Y$!n~v+Dk&%s!vgmm23qou(c2FZ=X~mF%$*_}Y7|;Q9 z_UQ=!vSM6M>Vx_!*^F5fm9DG7)!ZD*{b>?|ne0RemVSK8tlEnwx zYWSe_QpknLh&MB^aDs$bswg@SWeP-ck+?KJP+#wwG(o z2aW19yq+p;Whn2`=kKV&Am)NGO6Re%+1z+Ou=wo_hlZ?Y)TUw#J<26rw`3m;JS$My z0=w&~zq?^lkjx6SHnKY6tn3e}w}T-A4o{_D3D$Fu>Mg%GgzJ}}op=H2DKMOS06Z4~ zq&Q&xH`2p&?c}%s&?rke1a!O{fXK_>4z&#M%sLoUz$$feqTcYUjdRNpz?5btP_IQx zk_;IJJibbof}poK$veKYq{d?{;!gm`yw-wUDBj`lR=8*P>H$tJ#URi*kCd~fuR+X* znbFTlkI4Ok3INI$li`lKg3om$PEk|+>DfFOQOn{zT~mEO!f*nBTwM+B-{fbghpu>D zO}Nu0L)pZ$+bVl~;Mpu`OF^=M?{*-vrFv4n%^`l4jByH6Yj9?hChPKM@ z-~Y7KaN{K%Rs8czDLf-~6Z*K`n&UO9w_5&k)tkuTB^(cHj!cRsG;_A%%=Q z0~!DzfRLxoOa|M{IHa(lcoDvJyI?+ Date: Tue, 17 Dec 2013 11:48:21 -0800 Subject: [PATCH 037/126] Update docker_remote_api.rst to reflect that the latest remote API version is 1.8 Upstream-commit: c4444ce48fac417847f95a11024667d48e715a52 Component: engine --- components/engine/docs/sources/api/docker_remote_api.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/engine/docs/sources/api/docker_remote_api.rst b/components/engine/docs/sources/api/docker_remote_api.rst index 7cb7b323c1..b6615ad7d6 100644 --- a/components/engine/docs/sources/api/docker_remote_api.rst +++ b/components/engine/docs/sources/api/docker_remote_api.rst @@ -26,10 +26,10 @@ Docker Remote API 2. Versions =========== -The current version of the API is 1.7 +The current version of the API is 1.8 Calling /images//insert is the same as calling -/v1.7/images//insert +/v1.8/images//insert You can still call an old version of the api using /v1.0/images//insert From 3c037baf079adf8a5534d75030a4963b89e7bb02 Mon Sep 17 00:00:00 2001 From: Jonathan Rudenberg Date: Mon, 16 Dec 2013 21:15:51 -0500 Subject: [PATCH 038/126] Add '.' to valid container name pattern Upstream-commit: 1940015824f5dabf1e8ffbd0c2b7c09f11f8cdf0 Component: engine --- components/engine/runtime.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/runtime.go b/components/engine/runtime.go index 3268892d56..9adf40c5ee 100644 --- a/components/engine/runtime.go +++ b/components/engine/runtime.go @@ -32,7 +32,7 @@ const MaxImageDepth = 127 var ( defaultDns = []string{"8.8.8.8", "8.8.4.4"} - validContainerName = regexp.MustCompile(`^/?[a-zA-Z0-9_-]+$`) + validContainerName = regexp.MustCompile(`^/?[a-zA-Z0-9_.-]+$`) ) type Capabilities struct { From b6d7266c64831e97d6391cc925b6c25083c2beed Mon Sep 17 00:00:00 2001 From: Jonathan Rudenberg Date: Mon, 16 Dec 2013 21:17:22 -0500 Subject: [PATCH 039/126] DRY up valid container name pattern usage Upstream-commit: 3ec39ad01a5823acbb3c4ce49ce5c81258a60815 Component: engine --- components/engine/runtime.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/components/engine/runtime.go b/components/engine/runtime.go index 9adf40c5ee..f942d0b740 100644 --- a/components/engine/runtime.go +++ b/components/engine/runtime.go @@ -31,8 +31,9 @@ import ( const MaxImageDepth = 127 var ( - defaultDns = []string{"8.8.8.8", "8.8.4.4"} - validContainerName = regexp.MustCompile(`^/?[a-zA-Z0-9_.-]+$`) + defaultDns = []string{"8.8.8.8", "8.8.4.4"} + validContainerNameChars = `[a-zA-Z0-9_.-]` + validContainerNamePattern = regexp.MustCompile(`^/?` + validContainerNameChars + `+$`) ) type Capabilities struct { @@ -425,8 +426,8 @@ func (runtime *Runtime) Create(config *Config, name string) (*Container, []strin name = utils.TruncateID(id) } } else { - if !validContainerName.MatchString(name) { - return nil, nil, fmt.Errorf("Invalid container name (%s), only [a-zA-Z0-9_-] are allowed", name) + if !validContainerNamePattern.MatchString(name) { + return nil, nil, fmt.Errorf("Invalid container name (%s), only %s are allowed", name, validContainerNameChars) } } From a3e0fa246cc643930de38de4c5a983107eb66944 Mon Sep 17 00:00:00 2001 From: Jonathan Rudenberg Date: Tue, 17 Dec 2013 19:57:14 -0500 Subject: [PATCH 040/126] Add container name validation test Upstream-commit: c06ab5f9c237a647120b9b3cc433e094676fe75a Component: engine --- components/engine/integration/runtime_test.go | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/components/engine/integration/runtime_test.go b/components/engine/integration/runtime_test.go index cf4fcc1d61..cdd4818934 100644 --- a/components/engine/integration/runtime_test.go +++ b/components/engine/integration/runtime_test.go @@ -748,6 +748,54 @@ func TestRandomContainerName(t *testing.T) { } } +func TestContainerNameValidation(t *testing.T) { + eng := NewTestEngine(t) + runtime := mkRuntimeFromEngine(eng, t) + defer nuke(runtime) + + for _, test := range []struct { + Name string + Valid bool + }{ + {"abc-123_AAA.1", true}, + {"\000asdf", false}, + } { + config, _, _, err := docker.ParseRun([]string{unitTestImageID, "echo test"}, nil) + if err != nil { + if !test.Valid { + continue + } + t.Fatal(err) + } + + var shortID string + job := eng.Job("create", test.Name) + if err := job.ImportEnv(config); err != nil { + t.Fatal(err) + } + job.Stdout.AddString(&shortID) + if err := job.Run(); err != nil { + if !test.Valid { + continue + } + t.Fatal(err) + } + + container := runtime.Get(shortID) + + if container.Name != "/"+test.Name { + t.Fatalf("Expect /%s got %s", test.Name, container.Name) + } + + if c := runtime.Get("/" + test.Name); c == nil { + t.Fatalf("Couldn't retrieve test container as /%s", test.Name) + } else if c.ID != container.ID { + t.Fatalf("Container /%s has ID %s instead of %s", test.Name, c.ID, container.ID) + } + } + +} + func TestLinkChildContainer(t *testing.T) { eng := NewTestEngine(t) runtime := mkRuntimeFromEngine(eng, t) From 3222062547c664e1b28142740c50501dbe95e202 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Wed, 18 Dec 2013 10:50:22 +0100 Subject: [PATCH 041/126] archive: Re-add XZ compression support This shells out to the xz binary to support .tar.xz layers, as there is no compression/xz support in go. Upstream-commit: b8a4f570fb31091f43caeba5b824ae38a5bc69e8 Component: engine --- components/engine/archive/archive.go | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/components/engine/archive/archive.go b/components/engine/archive/archive.go index 78d5aae18c..ae2c030cb7 100644 --- a/components/engine/archive/archive.go +++ b/components/engine/archive/archive.go @@ -61,6 +61,12 @@ func DetectCompression(source []byte) Compression { return Uncompressed } +func xzDecompress(archive io.Reader) (io.Reader, error) { + args := []string{"xz", "-d", "-c", "-q"} + + return CmdStream(exec.Command(args[0], args[1:]...), archive, nil) +} + func DecompressStream(archive io.Reader) (io.Reader, error) { buf := make([]byte, 10) totalN := 0 @@ -85,6 +91,8 @@ func DecompressStream(archive io.Reader) (io.Reader, error) { return gzip.NewReader(wrap) case Bzip2: return bzip2.NewReader(wrap), nil + case Xz: + return xzDecompress(wrap) default: return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension()) } @@ -186,7 +194,7 @@ func TarFilter(path string, options *TarOptions) (io.Reader, error) { } } - return CmdStream(exec.Command(args[0], args[1:]...), &files, func() { + return CmdStream(exec.Command(args[0], args[1:]...), bytes.NewBufferString(files), func() { if tmpDir != "" { _ = os.RemoveAll(tmpDir) } @@ -332,7 +340,7 @@ func CopyFileWithTar(src, dst string) error { // CmdStream executes a command, and returns its stdout as a stream. // If the command fails to run or doesn't complete successfully, an error // will be returned, including anything written on stderr. -func CmdStream(cmd *exec.Cmd, input *string, atEnd func()) (io.Reader, error) { +func CmdStream(cmd *exec.Cmd, input io.Reader, atEnd func()) (io.Reader, error) { if input != nil { stdin, err := cmd.StdinPipe() if err != nil { @@ -343,7 +351,7 @@ func CmdStream(cmd *exec.Cmd, input *string, atEnd func()) (io.Reader, error) { } // Write stdin if any go func() { - _, _ = stdin.Write([]byte(*input)) + io.Copy(stdin, input) stdin.Close() }() } From 624a293ce3fc06ec3a0cc00d0c69351424381e68 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 18 Dec 2013 11:15:09 -0700 Subject: [PATCH 042/126] Canonicalize our root path before we try using it, because we make assumptions about it not containing symlinks Fixes #3242 Upstream-commit: c91c365f8860315d29a17368b78dcefb23674042 Component: engine --- components/engine/docker/docker.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go index 3ee7be9876..62f71d54d0 100644 --- a/components/engine/docker/docker.go +++ b/components/engine/docker/docker.go @@ -9,6 +9,7 @@ import ( "github.com/dotcloud/docker/utils" "log" "os" + "path/filepath" "strings" ) @@ -69,6 +70,20 @@ func main() { flag.Usage() return } + + // Docker makes some assumptions about the "absoluteness" of flRoot + // ... so let's make sure it has no symlinks + if p, err := filepath.Abs(*flRoot); err != nil { + log.Fatalf("Unable to get absolute root (%s): %s", flRoot, err) + } else { + *flRoot = p + } + if p, err := filepath.EvalSymlinks(*flRoot); err != nil { + log.Fatalf("Unable to canonicalize root (%s): %s", flRoot, err) + } else { + *flRoot = p + } + eng, err := engine.New(*flRoot) if err != nil { log.Fatal(err) From f609f65b618c842d815a8f082f1ba3eefa7e213a Mon Sep 17 00:00:00 2001 From: "Guillaume J. Charmes" Date: Wed, 18 Dec 2013 10:16:26 -0800 Subject: [PATCH 043/126] Fix OSX build for sysinit Upstream-commit: 73a1ef7c22f5cde9db5e1292f1340885bf28e807 Component: engine --- components/engine/sysinit/sysinit.go | 2 +- components/engine/sysinit/sysinit_darwin.go | 5 +++++ components/engine/sysinit/sysinit_linux.go | 9 +++++++++ 3 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 components/engine/sysinit/sysinit_darwin.go create mode 100644 components/engine/sysinit/sysinit_linux.go diff --git a/components/engine/sysinit/sysinit.go b/components/engine/sysinit/sysinit.go index 2dc5967dc6..ad97439450 100644 --- a/components/engine/sysinit/sysinit.go +++ b/components/engine/sysinit/sysinit.go @@ -32,7 +32,7 @@ func setupHostname(args *DockerInitArgs) error { if hostname == "" { return nil } - return syscall.Sethostname([]byte(hostname)) + return setHostname(hostname) } // Setup networking diff --git a/components/engine/sysinit/sysinit_darwin.go b/components/engine/sysinit/sysinit_darwin.go new file mode 100644 index 0000000000..64566afb3c --- /dev/null +++ b/components/engine/sysinit/sysinit_darwin.go @@ -0,0 +1,5 @@ +package sysinit + +func setHostname(hostname string) error { + panic("Not supported on darwin") +} diff --git a/components/engine/sysinit/sysinit_linux.go b/components/engine/sysinit/sysinit_linux.go new file mode 100644 index 0000000000..d18d2fab8b --- /dev/null +++ b/components/engine/sysinit/sysinit_linux.go @@ -0,0 +1,9 @@ +package sysinit + +import ( + "syscall" +) + +func setHostname(hostname string) error { + return syscall.Sethostname([]byte(hostname)) +} From 9b574d4dfbc9910341ca6f0f0f6687382ed9a71e Mon Sep 17 00:00:00 2001 From: "Guillaume J. Charmes" Date: Wed, 18 Dec 2013 10:18:49 -0800 Subject: [PATCH 044/126] Fix OSX compilation for aufs Upstream-commit: e481c82fa9521ecc719b29b314543a205c0b53ec Component: engine --- components/engine/graphdriver/aufs/aufs.go | 3 +-- components/engine/graphdriver/aufs/mount_darwin.go | 2 ++ components/engine/graphdriver/aufs/mount_linux.go | 2 ++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/components/engine/graphdriver/aufs/aufs.go b/components/engine/graphdriver/aufs/aufs.go index 558c64c5bb..c3caf13c13 100644 --- a/components/engine/graphdriver/aufs/aufs.go +++ b/components/engine/graphdriver/aufs/aufs.go @@ -30,7 +30,6 @@ import ( "os/exec" "path" "strings" - "syscall" ) func init() { @@ -327,7 +326,7 @@ func (a *Driver) aufsMount(ro []string, rw, target string) (err error) { for _, layer := range ro { branch := fmt.Sprintf("append:%s=ro+wh", layer) - if err = mount("none", target, "aufs", syscall.MS_REMOUNT, branch); err != nil { + if err = mount("none", target, "aufs", MsRemount, branch); err != nil { return } } diff --git a/components/engine/graphdriver/aufs/mount_darwin.go b/components/engine/graphdriver/aufs/mount_darwin.go index ce448036f2..62c84fc7c9 100644 --- a/components/engine/graphdriver/aufs/mount_darwin.go +++ b/components/engine/graphdriver/aufs/mount_darwin.go @@ -2,6 +2,8 @@ package aufs import "errors" +const MsRemount = 0 + func mount(source string, target string, fstype string, flags uintptr, data string) (err error) { return errors.New("mount is not implemented on darwin") } diff --git a/components/engine/graphdriver/aufs/mount_linux.go b/components/engine/graphdriver/aufs/mount_linux.go index 8062bae420..c86f1bbd63 100644 --- a/components/engine/graphdriver/aufs/mount_linux.go +++ b/components/engine/graphdriver/aufs/mount_linux.go @@ -2,6 +2,8 @@ package aufs import "syscall" +const MsRemount = syscall.MS_REMOUNT + func mount(source string, target string, fstype string, flags uintptr, data string) error { return syscall.Mount(source, target, fstype, flags, data) } From 70fa345719d92b7149df17925fdb68d93d846a66 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 18 Dec 2013 11:25:08 -0700 Subject: [PATCH 045/126] Add -a to our BUILDFLAGS directly, which fixes some fun test compilation issues Also, now that we use "-a", we no longer get any benefit from "go test -i", and it actually causes problems sometimes, so let's nuke it. Upstream-commit: fbac8125408c076317f3f51239394cd6b7351b49 Component: engine --- components/engine/hack/make.sh | 6 +----- components/engine/hack/make/binary | 2 +- components/engine/hack/make/dynbinary | 2 +- 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh index c49a37e9a2..0993b80065 100755 --- a/components/engine/hack/make.sh +++ b/components/engine/hack/make.sh @@ -63,7 +63,7 @@ fi # Use these flags when compiling the tests and final binary LDFLAGS='-X main.GITCOMMIT "'$GITCOMMIT'" -X main.VERSION "'$VERSION'" -w' LDFLAGS_STATIC='-X github.com/dotcloud/docker/utils.IAMSTATIC true -linkmode external -extldflags "-lpthread -static -Wl,--unresolved-symbols=ignore-in-object-files"' -BUILDFLAGS='-tags netgo' +BUILDFLAGS='-tags netgo -a' HAVE_GO_TEST_COVER= if \ @@ -88,10 +88,6 @@ go_test_dir() { coverprofile="$DEST/coverprofiles/${coverprofile//\//-}" testcover=( -cover -coverprofile "$coverprofile" ) fi - ( # we run "go test -i" ouside the "set -x" to provde cleaner output - cd "$dir" - go test -i -ldflags "$LDFLAGS" $BUILDFLAGS - ) ( set -x cd "$dir" diff --git a/components/engine/hack/make/binary b/components/engine/hack/make/binary index a7b22979e5..93e99fee8f 100644 --- a/components/engine/hack/make/binary +++ b/components/engine/hack/make/binary @@ -2,5 +2,5 @@ DEST=$1 -go build -a -o $DEST/docker-$VERSION -ldflags "$LDFLAGS $LDFLAGS_STATIC" $BUILDFLAGS ./docker +go build -o $DEST/docker-$VERSION -ldflags "$LDFLAGS $LDFLAGS_STATIC" $BUILDFLAGS ./docker echo "Created binary: $DEST/docker-$VERSION" diff --git a/components/engine/hack/make/dynbinary b/components/engine/hack/make/dynbinary index 100c00eed5..7e8786a9be 100644 --- a/components/engine/hack/make/dynbinary +++ b/components/engine/hack/make/dynbinary @@ -3,7 +3,7 @@ DEST=$1 # dockerinit still needs to be a static binary, even if docker is dynamic -CGO_ENABLED=0 go build -a -o $DEST/dockerinit-$VERSION -ldflags "$LDFLAGS -d" $BUILDFLAGS ./dockerinit +CGO_ENABLED=0 go build -o $DEST/dockerinit-$VERSION -ldflags "$LDFLAGS -d" $BUILDFLAGS ./dockerinit echo "Created binary: $DEST/dockerinit-$VERSION" ln -sf dockerinit-$VERSION $DEST/dockerinit From 766980f441af57678990348697b30ccc6ec89cef Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Wed, 18 Dec 2013 10:43:42 -0800 Subject: [PATCH 046/126] add some debug to runtime.restore() Upstream-commit: fde909ffb8e09ae39310093b7389f61aa4ec29df Component: engine --- components/engine/graph.go | 1 + components/engine/runtime.go | 20 +++++++++++++------- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/components/engine/graph.go b/components/engine/graph.go index da236d3716..277bd1a55b 100644 --- a/components/engine/graph.go +++ b/components/engine/graph.go @@ -56,6 +56,7 @@ func (graph *Graph) restore() error { graph.idIndex.Add(id) } } + utils.Debugf("Restored %d elements", len(dir)) return nil } diff --git a/components/engine/runtime.go b/components/engine/runtime.go index f942d0b740..54c2a47e4e 100644 --- a/components/engine/runtime.go +++ b/components/engine/runtime.go @@ -189,7 +189,6 @@ func (runtime *Runtime) Register(container *Container) error { } container.waitLock = make(chan struct{}) - go container.monitor() } } @@ -263,9 +262,8 @@ func (runtime *Runtime) Destroy(container *Container) error { } func (runtime *Runtime) restore() error { - wheel := "-\\|/" if os.Getenv("DEBUG") == "" && os.Getenv("TEST") == "" { - fmt.Printf("Loading containers: ") + fmt.Printf("Loading containers: ") } dir, err := ioutil.ReadDir(runtime.repository) if err != nil { @@ -274,11 +272,11 @@ func (runtime *Runtime) restore() error { containers := make(map[string]*Container) currentDriver := runtime.driver.String() - for i, v := range dir { + for _, v := range dir { id := v.Name() container, err := runtime.load(id) - if i%21 == 0 && os.Getenv("DEBUG") == "" && os.Getenv("TEST") == "" { - fmt.Printf("\b%c", wheel[i%4]) + if os.Getenv("DEBUG") == "" && os.Getenv("TEST") == "" { + fmt.Print(".") } if err != nil { utils.Errorf("Failed to load container %v: %v", id, err) @@ -302,6 +300,9 @@ func (runtime *Runtime) restore() error { if entities := runtime.containerGraph.List("/", -1); entities != nil { for _, p := range entities.Paths() { + if os.Getenv("DEBUG") == "" && os.Getenv("TEST") == "" { + fmt.Print(".") + } e := entities[p] if container, ok := containers[e.ID()]; ok { register(container) @@ -325,7 +326,7 @@ func (runtime *Runtime) restore() error { } if os.Getenv("DEBUG") == "" && os.Getenv("TEST") == "" { - fmt.Printf("\bdone.\n") + fmt.Printf(": done.\n") } return nil @@ -676,14 +677,17 @@ func NewRuntimeFromDirectory(config *DaemonConfig) (*Runtime, error) { } if ad, ok := driver.(*aufs.Driver); ok { + utils.Debugf("Migrating existing containers") if err := ad.Migrate(config.Root, setupInitLayer); err != nil { return nil, err } } + utils.Debugf("Escaping AppArmor confinement") if err := linkLxcStart(config.Root); err != nil { return nil, err } + utils.Debugf("Creating images graph") g, err := NewGraph(path.Join(config.Root, "graph"), driver) if err != nil { return nil, err @@ -695,10 +699,12 @@ func NewRuntimeFromDirectory(config *DaemonConfig) (*Runtime, error) { if err != nil { return nil, err } + utils.Debugf("Creating volumes graph") volumes, err := NewGraph(path.Join(config.Root, "volumes"), volumesDriver) if err != nil { return nil, err } + utils.Debugf("Creating repository list") repositories, err := NewTagStore(path.Join(config.Root, "repositories-"+driver.String()), g) if err != nil { return nil, fmt.Errorf("Couldn't create Tag store: %s", err) From 8eec37c741346aab1d80d224c83d513fd2cb9c45 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Tue, 17 Dec 2013 14:04:37 -0800 Subject: [PATCH 047/126] Handle external mounts outside of lxc Upstream-commit: 45d7dcfea276841cce782feced3a2eb3eab01208 Component: engine --- components/engine/container.go | 46 +++++++++++- components/engine/graphdriver/driver.go | 97 +++++++++++++++++++++++++ components/engine/lxc_template.go | 32 ++------ components/engine/runtime.go | 67 ++++++++++++++++- 4 files changed, 209 insertions(+), 33 deletions(-) diff --git a/components/engine/container.go b/components/engine/container.go index 206f2dfe63..8cc3ecf972 100644 --- a/components/engine/container.go +++ b/components/engine/container.go @@ -48,7 +48,6 @@ type Container struct { network *NetworkInterface NetworkSettings *NetworkSettings - SysInitPath string ResolvConfPath string HostnamePath string HostsPath string @@ -297,7 +296,11 @@ func (container *Container) generateEnvConfig(env []string) error { if err != nil { return err } - ioutil.WriteFile(container.EnvConfigPath(), data, 0600) + p, err := container.EnvConfigPath() + if err != nil { + return err + } + ioutil.WriteFile(p, data, 0600) return nil } @@ -681,6 +684,17 @@ func (container *Container) Start() (err error) { } } + mounts, err := runtime.getMounts(container) + if err != nil { + return err + } + + for _, m := range mounts { + if err := m.Mount(container.RootfsPath()); err != nil { + return err + } + } + container.cmd = exec.Command(params[0], params[1:]...) // Setup logging of stdout and stderr to disk @@ -1358,6 +1372,18 @@ func (container *Container) GetImage() (*Image, error) { } func (container *Container) Unmount() error { + mounts, err := container.runtime.getMounts(container) + if err != nil { + return err + } + for _, m := range mounts { + if lastError := m.Unmount(container.RootfsPath()); lastError != nil { + err = lastError + } + } + if err != nil { + return err + } return container.runtime.Unmount(container) } @@ -1377,8 +1403,20 @@ func (container *Container) jsonPath() string { return path.Join(container.root, "config.json") } -func (container *Container) EnvConfigPath() string { - return path.Join(container.root, "config.env") +func (container *Container) EnvConfigPath() (string, error) { + p := path.Join(container.root, "config.env") + if _, err := os.Stat(p); err != nil { + if os.IsNotExist(err) { + f, err := os.Create(p) + if err != nil { + return "", err + } + f.Close() + } else { + return "", err + } + } + return p, nil } func (container *Container) lxcConfigPath() string { diff --git a/components/engine/graphdriver/driver.go b/components/engine/graphdriver/driver.go index 1d5995dffc..86160c9023 100644 --- a/components/engine/graphdriver/driver.go +++ b/components/engine/graphdriver/driver.go @@ -6,6 +6,8 @@ import ( "github.com/dotcloud/docker/utils" "os" "path" + "strings" + "syscall" ) type InitFunc func(root string) (Driver, error) @@ -31,6 +33,13 @@ type Differ interface { DiffSize(id string) (bytes int64, err error) } +type Mount struct { + Device string + Target string + Type string + Options string +} + var ( DefaultDriver string // All registred drivers @@ -88,3 +97,91 @@ func New(root string) (driver Driver, err error) { } return nil, err } + +func (m *Mount) Mount(root string) error { + var ( + flag int + data []string + target = path.Join(root, m.Target) + ) + + if mounted, err := Mounted(target); err != nil || mounted { + return err + } + + flags := map[string]struct { + clear bool + flag int + }{ + "defaults": {false, 0}, + "ro": {false, syscall.MS_RDONLY}, + "rw": {true, syscall.MS_RDONLY}, + "suid": {true, syscall.MS_NOSUID}, + "nosuid": {false, syscall.MS_NOSUID}, + "dev": {true, syscall.MS_NODEV}, + "nodev": {false, syscall.MS_NODEV}, + "exec": {true, syscall.MS_NOEXEC}, + "noexec": {false, syscall.MS_NOEXEC}, + "sync": {false, syscall.MS_SYNCHRONOUS}, + "async": {true, syscall.MS_SYNCHRONOUS}, + "dirsync": {false, syscall.MS_DIRSYNC}, + "remount": {false, syscall.MS_REMOUNT}, + "mand": {false, syscall.MS_MANDLOCK}, + "nomand": {true, syscall.MS_MANDLOCK}, + "atime": {true, syscall.MS_NOATIME}, + "noatime": {false, syscall.MS_NOATIME}, + "diratime": {true, syscall.MS_NODIRATIME}, + "nodiratime": {false, syscall.MS_NODIRATIME}, + "bind": {false, syscall.MS_BIND}, + "rbind": {false, syscall.MS_BIND | syscall.MS_REC}, + "relatime": {false, syscall.MS_RELATIME}, + "norelatime": {true, syscall.MS_RELATIME}, + "strictatime": {false, syscall.MS_STRICTATIME}, + "nostrictatime": {true, syscall.MS_STRICTATIME}, + } + + for _, o := range strings.Split(m.Options, ",") { + // If the option does not exist in the flags table then it is a + // data value for a specific fs type + if f, exists := flags[o]; exists { + if f.clear { + flag &= ^f.flag + } else { + flag |= f.flag + } + } else { + data = append(data, o) + } + } + + if err := syscall.Mount(m.Device, target, m.Type, uintptr(flag), strings.Join(data, ",")); err != nil { + panic(err) + } + return nil +} + +func (m *Mount) Unmount(root string) error { + target := path.Join(root, m.Target) + if mounted, err := Mounted(target); err != nil || !mounted { + return err + } + return syscall.Unmount(target, 0) +} + +func Mounted(mountpoint string) (bool, error) { + mntpoint, err := os.Stat(mountpoint) + if err != nil { + if os.IsNotExist(err) { + return false, nil + } + return false, err + } + parent, err := os.Stat(path.Join(mountpoint, "..")) + if err != nil { + return false, err + } + mntpointSt := mntpoint.Sys().(*syscall.Stat_t) + parentSt := parent.Sys().(*syscall.Stat_t) + + return mntpointSt.Dev != parentSt.Dev, nil +} diff --git a/components/engine/lxc_template.go b/components/engine/lxc_template.go index ba5a8d5b82..c0dc4f39a9 100644 --- a/components/engine/lxc_template.go +++ b/components/engine/lxc_template.go @@ -21,12 +21,6 @@ lxc.network.mtu = 1500 {{$ROOTFS := .RootfsPath}} lxc.rootfs = {{$ROOTFS}} -{{if and .HostnamePath .HostsPath}} -# enable domain name support -lxc.mount.entry = {{escapeFstabSpaces .HostnamePath}} {{escapeFstabSpaces $ROOTFS}}/etc/hostname none bind,ro 0 0 -lxc.mount.entry = {{escapeFstabSpaces .HostsPath}} {{escapeFstabSpaces $ROOTFS}}/etc/hosts none bind,ro 0 0 -{{end}} - # use a dedicated pts for the container (and limit the number of pseudo terminal # available) lxc.pts = 1024 @@ -74,32 +68,20 @@ lxc.cgroup.devices.allow = c 10:200 rwm # standard mount point # Use mnt.putold as per https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/986385 lxc.pivotdir = lxc_putold + +# NOTICE: These mounts must be applied within the namespace + # WARNING: procfs is a known attack vector and should probably be disabled # if your userspace allows it. eg. see http://blog.zx2c4.com/749 lxc.mount.entry = proc {{escapeFstabSpaces $ROOTFS}}/proc proc nosuid,nodev,noexec 0 0 -# WARNING: sysfs is a known attack vector and should probably be disabled -# if your userspace allows it. eg. see http://bit.ly/T9CkqJ + +# WARNING: sysfs is a known attack vector and should probably be disabled +# if your userspace allows it. eg. see http://bit.ly/T9CkqJ lxc.mount.entry = sysfs {{escapeFstabSpaces $ROOTFS}}/sys sysfs nosuid,nodev,noexec 0 0 + lxc.mount.entry = devpts {{escapeFstabSpaces $ROOTFS}}/dev/pts devpts newinstance,ptmxmode=0666,nosuid,noexec 0 0 -#lxc.mount.entry = varrun {{escapeFstabSpaces $ROOTFS}}/var/run tmpfs mode=755,size=4096k,nosuid,nodev,noexec 0 0 -#lxc.mount.entry = varlock {{escapeFstabSpaces $ROOTFS}}/var/lock tmpfs size=1024k,nosuid,nodev,noexec 0 0 lxc.mount.entry = shm {{escapeFstabSpaces $ROOTFS}}/dev/shm tmpfs size=65536k,nosuid,nodev,noexec 0 0 -# Inject dockerinit -lxc.mount.entry = {{escapeFstabSpaces .SysInitPath}} {{escapeFstabSpaces $ROOTFS}}/.dockerinit none bind,ro 0 0 - -# Inject env -lxc.mount.entry = {{escapeFstabSpaces .EnvConfigPath}} {{escapeFstabSpaces $ROOTFS}}/.dockerenv none bind,ro 0 0 - -# In order to get a working DNS environment, mount bind (ro) the host's /etc/resolv.conf into the container -lxc.mount.entry = {{escapeFstabSpaces .ResolvConfPath}} {{escapeFstabSpaces $ROOTFS}}/etc/resolv.conf none bind,ro 0 0 -{{if .Volumes}} -{{ $rw := .VolumesRW }} -{{range $virtualPath, $realPath := .Volumes}} -lxc.mount.entry = {{escapeFstabSpaces $realPath}} {{escapeFstabSpaces $ROOTFS}}/{{escapeFstabSpaces $virtualPath}} none bind,{{ if index $rw $virtualPath }}rw{{else}}ro{{end}} 0 0 -{{end}} -{{end}} - {{if (getHostConfig .).Privileged}} {{if (getCapabilities .).AppArmor}} lxc.aa_profile = unconfined diff --git a/components/engine/runtime.go b/components/engine/runtime.go index f942d0b740..a9e1e2a6fd 100644 --- a/components/engine/runtime.go +++ b/components/engine/runtime.go @@ -486,10 +486,8 @@ func (runtime *Runtime) Create(config *Config, name string) (*Container, []strin hostConfig: &HostConfig{}, Image: img.ID, // Always use the resolved image id NetworkSettings: &NetworkSettings{}, - // FIXME: do we need to store this in the container? - SysInitPath: runtime.sysInitPath, - Name: name, - Driver: runtime.driver.String(), + Name: name, + Driver: runtime.driver.String(), } container.root = runtime.containerRoot(container.ID) // Step 1: create the container directory. @@ -790,6 +788,67 @@ func (runtime *Runtime) Close() error { return nil } +func (runtime *Runtime) getMounts(container *Container) ([]*graphdriver.Mount, error) { + // Generate additional bind mounts + envPath, err := container.EnvConfigPath() + if err != nil { + return nil, err + } + mounts := []*graphdriver.Mount{ + { + Device: runtime.sysInitPath, + Target: "/.dockerinit", + Type: "none", + Options: "bind,ro", + }, + { + Device: envPath, + Target: "/.dockerenv", + Type: "none", + Options: "bind,ro", + }, + // In order to get a working DNS environment, mount bind (ro) the host's /etc/resolv.conf into the container + { + Device: container.ResolvConfPath, + Target: "/etc/resolv.conf", + Type: "none", + Options: "bind,ro", + }, + } + + if container.HostnamePath != "" && container.HostsPath != "" { + mounts = append(mounts, + &graphdriver.Mount{ + Device: container.HostnamePath, + Target: "/etc/hostname", + Type: "none", + Options: "bind,ro", + }, + &graphdriver.Mount{ + Device: container.HostsPath, + Target: "/etc/hosts", + Type: "none", + Options: "bind,ro", + }) + } + + for r, v := range container.Volumes { + mountAs := "ro" + if container.VolumesRW[v] { + mountAs = "rw" + } + + mounts = append(mounts, + &graphdriver.Mount{ + Device: v, + Target: r, + Type: "none", + Options: fmt.Sprintf("bind,%s", mountAs), + }) + } + return mounts, nil +} + func (runtime *Runtime) Mount(container *Container) error { dir, err := runtime.driver.Get(container.ID) if err != nil { From a1f6c202845ce48355a003f0f52899df5b12203d Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Wed, 18 Dec 2013 11:40:00 -0800 Subject: [PATCH 048/126] prevent a panic with docker run -v / Upstream-commit: 536da93380f1cacb82c344ad09c2daaae29f8ac3 Component: engine --- components/engine/commands.go | 2 ++ components/engine/commands_unit_test.go | 4 +++- components/engine/container.go | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/components/engine/commands.go b/components/engine/commands.go index ef6dce6bd5..4fed585062 100644 --- a/components/engine/commands.go +++ b/components/engine/commands.go @@ -1814,6 +1814,8 @@ func parseRun(cmd *flag.FlagSet, args []string, capabilities *Capabilities) (*Co flVolumes.Set(dstDir) binds = append(binds, bind) flVolumes.Delete(bind) + } else if bind == "/" { + return nil, nil, cmd, fmt.Errorf("Invalid volume: path can't be '/'") } } diff --git a/components/engine/commands_unit_test.go b/components/engine/commands_unit_test.go index 2eac5ce60d..e44d9a1854 100644 --- a/components/engine/commands_unit_test.go +++ b/components/engine/commands_unit_test.go @@ -128,7 +128,9 @@ func TestParseRunVolumes(t *testing.T) { t.Fatalf("Error parsing volume flags, without volume, no volume should be present. Received %v", config.Volumes) } - mustParse(t, "-v /") + if _, _, err := parse(t, "-v /"); err == nil { + t.Fatalf("Expected error, but got none") + } if _, _, err := parse(t, "-v /:/"); err == nil { t.Fatalf("Error parsing volume flags, `-v /:/` should fail but didn't") diff --git a/components/engine/container.go b/components/engine/container.go index 206f2dfe63..0524080370 100644 --- a/components/engine/container.go +++ b/components/engine/container.go @@ -836,7 +836,7 @@ func (container *Container) createVolumes() error { volPath = path.Join(container.RootfsPath(), volPath) rootVolPath, err := utils.FollowSymlinkInScope(volPath, container.RootfsPath()) if err != nil { - panic(err) + return err } if _, err := os.Stat(rootVolPath); err != nil { From eb112b17e63ed4b28e79f9fc1a51296956a865ff Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Tue, 17 Dec 2013 18:40:20 -0800 Subject: [PATCH 049/126] Fix unmount issues Upstream-commit: a6fdc5d208b6726a33d30bd25ab115131a298b90 Component: engine --- components/engine/graphdriver/aufs/aufs.go | 2 +- components/engine/graphdriver/aufs/mount.go | 20 ---- components/engine/graphdriver/driver.go | 100 ++++++++++++++----- components/engine/graphdriver/driver_test.go | 74 ++++++++++++++ 4 files changed, 150 insertions(+), 46 deletions(-) create mode 100644 components/engine/graphdriver/driver_test.go diff --git a/components/engine/graphdriver/aufs/aufs.go b/components/engine/graphdriver/aufs/aufs.go index c3caf13c13..6b4b9024a9 100644 --- a/components/engine/graphdriver/aufs/aufs.go +++ b/components/engine/graphdriver/aufs/aufs.go @@ -295,7 +295,7 @@ func (a *Driver) unmount(id string) error { func (a *Driver) mounted(id string) (bool, error) { target := path.Join(a.rootPath(), "mnt", id) - return Mounted(target) + return graphdriver.Mounted(target) } // During cleanup aufs needs to unmount all mountpoints diff --git a/components/engine/graphdriver/aufs/mount.go b/components/engine/graphdriver/aufs/mount.go index 6f3476f99c..1f1d98f809 100644 --- a/components/engine/graphdriver/aufs/mount.go +++ b/components/engine/graphdriver/aufs/mount.go @@ -2,9 +2,7 @@ package aufs import ( "github.com/dotcloud/docker/utils" - "os" "os/exec" - "path/filepath" "syscall" ) @@ -17,21 +15,3 @@ func Unmount(target string) error { } return nil } - -func Mounted(mountpoint string) (bool, error) { - mntpoint, err := os.Stat(mountpoint) - if err != nil { - if os.IsNotExist(err) { - return false, nil - } - return false, err - } - parent, err := os.Stat(filepath.Join(mountpoint, "..")) - if err != nil { - return false, err - } - mntpointSt := mntpoint.Sys().(*syscall.Stat_t) - parentSt := parent.Sys().(*syscall.Stat_t) - - return mntpointSt.Dev != parentSt.Dev, nil -} diff --git a/components/engine/graphdriver/driver.go b/components/engine/graphdriver/driver.go index 86160c9023..7ca303cf12 100644 --- a/components/engine/graphdriver/driver.go +++ b/components/engine/graphdriver/driver.go @@ -1,6 +1,7 @@ package graphdriver import ( + "bufio" "fmt" "github.com/dotcloud/docker/archive" "github.com/dotcloud/docker/utils" @@ -8,8 +9,11 @@ import ( "path" "strings" "syscall" + "time" ) +const mountinfoFormat = "%d %d %d:%d %s %s %s - %s %s %s" + type InitFunc func(root string) (Driver, error) type Driver interface { @@ -99,16 +103,24 @@ func New(root string) (driver Driver, err error) { } func (m *Mount) Mount(root string) error { - var ( - flag int - data []string - target = path.Join(root, m.Target) - ) - + target := path.Join(root, m.Target) if mounted, err := Mounted(target); err != nil || mounted { return err } + flag, data := parseOptions(m.Options) + if err := syscall.Mount(m.Device, target, m.Type, uintptr(flag), data); err != nil { + return err + } + return nil +} + +func parseOptions(options string) (int, string) { + var ( + flag int + data []string + ) + flags := map[string]struct { clear bool flag int @@ -140,7 +152,7 @@ func (m *Mount) Mount(root string) error { "nostrictatime": {true, syscall.MS_STRICTATIME}, } - for _, o := range strings.Split(m.Options, ",") { + for _, o := range strings.Split(options, ",") { // If the option does not exist in the flags table then it is a // data value for a specific fs type if f, exists := flags[o]; exists { @@ -153,35 +165,73 @@ func (m *Mount) Mount(root string) error { data = append(data, o) } } - - if err := syscall.Mount(m.Device, target, m.Type, uintptr(flag), strings.Join(data, ",")); err != nil { - panic(err) - } - return nil + return flag, strings.Join(data, ",") } -func (m *Mount) Unmount(root string) error { +func (m *Mount) Unmount(root string) (err error) { target := path.Join(root, m.Target) if mounted, err := Mounted(target); err != nil || !mounted { return err } - return syscall.Unmount(target, 0) + + // Simple retry logic for unmount + for i := 0; i < 10; i++ { + if err = syscall.Unmount(target, 0); err == nil { + return nil + } + utils.Debugf("[Unmount] %s", err) + time.Sleep(100 * time.Millisecond) + } + return } func Mounted(mountpoint string) (bool, error) { - mntpoint, err := os.Stat(mountpoint) - if err != nil { - if os.IsNotExist(err) { - return false, nil - } - return false, err - } - parent, err := os.Stat(path.Join(mountpoint, "..")) + entries, err := parseMountTable() if err != nil { return false, err } - mntpointSt := mntpoint.Sys().(*syscall.Stat_t) - parentSt := parent.Sys().(*syscall.Stat_t) - return mntpointSt.Dev != parentSt.Dev, nil + // Search the table for the mountpoint + for _, e := range entries { + if e.mountpoint == mountpoint { + return true, nil + } + } + return false, nil +} + +// Represents one line from /proc/self/mountinfo +type procEntry struct { + id, parent, major, minor int + source, mountpoint, fstype, device string + vfsopts, opts string +} + +// Parse /proc/self/mountinfo because comparing Dev and ino does not work from bind mounts +// +// 180 20 0:2851 / /var/lib/docker/aufs/mnt/a22632d4ed3cb2438246064408f9f07734cbd331f50c81f1ca3dcbd78541ce83 rw,relatime - aufs none rw,si=e9663ac1adbdb4f8 +func parseMountTable() ([]*procEntry, error) { + f, err := os.Open("/proc/self/mountinfo") + if err != nil { + return nil, err + } + defer f.Close() + + s := bufio.NewScanner(f) + out := []*procEntry{} + for s.Scan() { + if err := s.Err(); err != nil { + return nil, err + } + + p := &procEntry{} + if _, err := fmt.Sscanf(s.Text(), mountinfoFormat, + &p.id, &p.parent, &p.major, &p.minor, + &p.source, &p.mountpoint, &p.vfsopts, &p.fstype, + &p.device, &p.opts); err != nil { + return nil, err + } + out = append(out, p) + } + return out, nil } diff --git a/components/engine/graphdriver/driver_test.go b/components/engine/graphdriver/driver_test.go new file mode 100644 index 0000000000..c16ce70369 --- /dev/null +++ b/components/engine/graphdriver/driver_test.go @@ -0,0 +1,74 @@ +package graphdriver + +import ( + "os" + "path" + "syscall" + "testing" +) + +func TestMountOptionsParsing(t *testing.T) { + options := "bind,ro,size=10k" + + flag, data := parseOptions(options) + + if data != "size=10k" { + t.Fatalf("Expected size=10 got %s", data) + } + + expectedFlag := syscall.MS_BIND | syscall.MS_RDONLY + + if flag != expectedFlag { + t.Fatalf("Expected %d got %d", expectedFlag, flag) + } +} + +func TestMounted(t *testing.T) { + tmp := path.Join(os.TempDir(), "graphdriver-tests") + if err := os.MkdirAll(tmp, 0777); err != nil { + t.Fatal(err) + } + defer os.RemoveAll(tmp) + + var ( + sourcePath = path.Join(tmp, "sourcefile.txt") + targetPath = path.Join(tmp, "targetfile.txt") + ) + + f, err := os.Create(sourcePath) + if err != nil { + t.Fatal(err) + } + f.WriteString("hello") + f.Close() + + f, err = os.Create(targetPath) + if err != nil { + t.Fatal(err) + } + f.Close() + + mount := &Mount{ + Device: sourcePath, + Target: targetPath, + Type: "none", + Options: "bind,ro", + } + + if err := mount.Mount("/"); err != nil { + t.Fatal(err) + } + defer func() { + if err := mount.Unmount("/"); err != nil { + t.Fatal(err) + } + }() + + mounted, err := Mounted(targetPath) + if err != nil { + t.Fatal(err) + } + if !mounted { + t.Fatalf("Expected %s to be mounted", targetPath) + } +} From dd4dc32856d8e712fe443460f3e1a4be008274ab Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Wed, 18 Dec 2013 16:42:49 -0800 Subject: [PATCH 050/126] Improve interface by moving to subpkg Enable builds on OSX Upstream-commit: 7bc96aec7bf978e87cb87935bd55f85e2cb1664a Component: engine --- components/engine/container.go | 57 ++++++- components/engine/graphdriver/aufs/aufs.go | 3 +- components/engine/graphdriver/driver.go | 147 ------------------ components/engine/mount/MAINTAINERS | 1 + components/engine/mount/flags_darwin.go | 5 + components/engine/mount/flags_linux.go | 61 ++++++++ components/engine/mount/mount.go | 53 +++++++ .../driver_test.go => mount/mount_test.go} | 15 +- components/engine/mount/mounter_darwin.go | 9 ++ components/engine/mount/mounter_linux.go | 13 ++ components/engine/mount/mountinfo.go | 45 ++++++ components/engine/runtime.go | 61 -------- 12 files changed, 243 insertions(+), 227 deletions(-) create mode 100644 components/engine/mount/MAINTAINERS create mode 100644 components/engine/mount/flags_darwin.go create mode 100644 components/engine/mount/flags_linux.go create mode 100644 components/engine/mount/mount.go rename components/engine/{graphdriver/driver_test.go => mount/mount_test.go} (78%) create mode 100644 components/engine/mount/mounter_darwin.go create mode 100644 components/engine/mount/mounter_linux.go create mode 100644 components/engine/mount/mountinfo.go diff --git a/components/engine/container.go b/components/engine/container.go index 8cc3ecf972..d440b6f6c4 100644 --- a/components/engine/container.go +++ b/components/engine/container.go @@ -7,6 +7,7 @@ import ( "fmt" "github.com/dotcloud/docker/archive" "github.com/dotcloud/docker/graphdriver" + "github.com/dotcloud/docker/mount" "github.com/dotcloud/docker/term" "github.com/dotcloud/docker/utils" "github.com/kr/pty" @@ -684,13 +685,41 @@ func (container *Container) Start() (err error) { } } - mounts, err := runtime.getMounts(container) + root := container.RootfsPath() + envPath, err := container.EnvConfigPath() if err != nil { return err } - for _, m := range mounts { - if err := m.Mount(container.RootfsPath()); err != nil { + // Mount docker specific files into the containers root fs + if err := mount.Mount(runtime.sysInitPath, path.Join(root, "/.dockerinit"), "none", "bind,ro"); err != nil { + return err + } + if err := mount.Mount(envPath, path.Join(root, "/.dockerenv"), "none", "bind,ro"); err != nil { + return err + } + if err := mount.Mount(container.ResolvConfPath, path.Join(root, "/etc/resolv.conf"), "none", "bind,ro"); err != nil { + return err + } + + if container.HostnamePath != "" && container.HostsPath != "" { + if err := mount.Mount(container.HostnamePath, path.Join(root, "/etc/hostname"), "none", "bind,ro"); err != nil { + return err + } + if err := mount.Mount(container.HostsPath, path.Join(root, "/etc/hosts"), "none", "bind,ro"); err != nil { + return err + } + } + + // Mount user specified volumes + + for r, v := range container.Volumes { + mountAs := "ro" + if container.VolumesRW[v] { + mountAs = "rw" + } + + if err := mount.Mount(v, path.Join(root, r), "none", fmt.Sprintf("bind,%s", mountAs)); err != nil { return err } } @@ -1372,12 +1401,26 @@ func (container *Container) GetImage() (*Image, error) { } func (container *Container) Unmount() error { - mounts, err := container.runtime.getMounts(container) - if err != nil { - return err + var ( + err error + root = container.RootfsPath() + mounts = []string{ + path.Join(root, "/.dockerinit"), + path.Join(root, "/.dockerenv"), + path.Join(root, "/etc/resolv.conf"), + } + ) + + if container.HostnamePath != "" && container.HostsPath != "" { + mounts = append(mounts, path.Join(root, "/etc/hostname"), path.Join(root, "/etc/hosts")) } + + for r := range container.Volumes { + mounts = append(mounts, path.Join(root, r)) + } + for _, m := range mounts { - if lastError := m.Unmount(container.RootfsPath()); lastError != nil { + if lastError := mount.Unmount(m); lastError != nil { err = lastError } } diff --git a/components/engine/graphdriver/aufs/aufs.go b/components/engine/graphdriver/aufs/aufs.go index 6b4b9024a9..8875cac6d9 100644 --- a/components/engine/graphdriver/aufs/aufs.go +++ b/components/engine/graphdriver/aufs/aufs.go @@ -25,6 +25,7 @@ import ( "fmt" "github.com/dotcloud/docker/archive" "github.com/dotcloud/docker/graphdriver" + mountpk "github.com/dotcloud/docker/mount" "github.com/dotcloud/docker/utils" "os" "os/exec" @@ -295,7 +296,7 @@ func (a *Driver) unmount(id string) error { func (a *Driver) mounted(id string) (bool, error) { target := path.Join(a.rootPath(), "mnt", id) - return graphdriver.Mounted(target) + return mountpk.Mounted(target) } // During cleanup aufs needs to unmount all mountpoints diff --git a/components/engine/graphdriver/driver.go b/components/engine/graphdriver/driver.go index 7ca303cf12..1d5995dffc 100644 --- a/components/engine/graphdriver/driver.go +++ b/components/engine/graphdriver/driver.go @@ -1,19 +1,13 @@ package graphdriver import ( - "bufio" "fmt" "github.com/dotcloud/docker/archive" "github.com/dotcloud/docker/utils" "os" "path" - "strings" - "syscall" - "time" ) -const mountinfoFormat = "%d %d %d:%d %s %s %s - %s %s %s" - type InitFunc func(root string) (Driver, error) type Driver interface { @@ -37,13 +31,6 @@ type Differ interface { DiffSize(id string) (bytes int64, err error) } -type Mount struct { - Device string - Target string - Type string - Options string -} - var ( DefaultDriver string // All registred drivers @@ -101,137 +88,3 @@ func New(root string) (driver Driver, err error) { } return nil, err } - -func (m *Mount) Mount(root string) error { - target := path.Join(root, m.Target) - if mounted, err := Mounted(target); err != nil || mounted { - return err - } - - flag, data := parseOptions(m.Options) - if err := syscall.Mount(m.Device, target, m.Type, uintptr(flag), data); err != nil { - return err - } - return nil -} - -func parseOptions(options string) (int, string) { - var ( - flag int - data []string - ) - - flags := map[string]struct { - clear bool - flag int - }{ - "defaults": {false, 0}, - "ro": {false, syscall.MS_RDONLY}, - "rw": {true, syscall.MS_RDONLY}, - "suid": {true, syscall.MS_NOSUID}, - "nosuid": {false, syscall.MS_NOSUID}, - "dev": {true, syscall.MS_NODEV}, - "nodev": {false, syscall.MS_NODEV}, - "exec": {true, syscall.MS_NOEXEC}, - "noexec": {false, syscall.MS_NOEXEC}, - "sync": {false, syscall.MS_SYNCHRONOUS}, - "async": {true, syscall.MS_SYNCHRONOUS}, - "dirsync": {false, syscall.MS_DIRSYNC}, - "remount": {false, syscall.MS_REMOUNT}, - "mand": {false, syscall.MS_MANDLOCK}, - "nomand": {true, syscall.MS_MANDLOCK}, - "atime": {true, syscall.MS_NOATIME}, - "noatime": {false, syscall.MS_NOATIME}, - "diratime": {true, syscall.MS_NODIRATIME}, - "nodiratime": {false, syscall.MS_NODIRATIME}, - "bind": {false, syscall.MS_BIND}, - "rbind": {false, syscall.MS_BIND | syscall.MS_REC}, - "relatime": {false, syscall.MS_RELATIME}, - "norelatime": {true, syscall.MS_RELATIME}, - "strictatime": {false, syscall.MS_STRICTATIME}, - "nostrictatime": {true, syscall.MS_STRICTATIME}, - } - - for _, o := range strings.Split(options, ",") { - // If the option does not exist in the flags table then it is a - // data value for a specific fs type - if f, exists := flags[o]; exists { - if f.clear { - flag &= ^f.flag - } else { - flag |= f.flag - } - } else { - data = append(data, o) - } - } - return flag, strings.Join(data, ",") -} - -func (m *Mount) Unmount(root string) (err error) { - target := path.Join(root, m.Target) - if mounted, err := Mounted(target); err != nil || !mounted { - return err - } - - // Simple retry logic for unmount - for i := 0; i < 10; i++ { - if err = syscall.Unmount(target, 0); err == nil { - return nil - } - utils.Debugf("[Unmount] %s", err) - time.Sleep(100 * time.Millisecond) - } - return -} - -func Mounted(mountpoint string) (bool, error) { - entries, err := parseMountTable() - if err != nil { - return false, err - } - - // Search the table for the mountpoint - for _, e := range entries { - if e.mountpoint == mountpoint { - return true, nil - } - } - return false, nil -} - -// Represents one line from /proc/self/mountinfo -type procEntry struct { - id, parent, major, minor int - source, mountpoint, fstype, device string - vfsopts, opts string -} - -// Parse /proc/self/mountinfo because comparing Dev and ino does not work from bind mounts -// -// 180 20 0:2851 / /var/lib/docker/aufs/mnt/a22632d4ed3cb2438246064408f9f07734cbd331f50c81f1ca3dcbd78541ce83 rw,relatime - aufs none rw,si=e9663ac1adbdb4f8 -func parseMountTable() ([]*procEntry, error) { - f, err := os.Open("/proc/self/mountinfo") - if err != nil { - return nil, err - } - defer f.Close() - - s := bufio.NewScanner(f) - out := []*procEntry{} - for s.Scan() { - if err := s.Err(); err != nil { - return nil, err - } - - p := &procEntry{} - if _, err := fmt.Sscanf(s.Text(), mountinfoFormat, - &p.id, &p.parent, &p.major, &p.minor, - &p.source, &p.mountpoint, &p.vfsopts, &p.fstype, - &p.device, &p.opts); err != nil { - return nil, err - } - out = append(out, p) - } - return out, nil -} diff --git a/components/engine/mount/MAINTAINERS b/components/engine/mount/MAINTAINERS new file mode 100644 index 0000000000..1e998f8ac1 --- /dev/null +++ b/components/engine/mount/MAINTAINERS @@ -0,0 +1 @@ +Michael Crosby (@crosbymichael) diff --git a/components/engine/mount/flags_darwin.go b/components/engine/mount/flags_darwin.go new file mode 100644 index 0000000000..e89d5e703a --- /dev/null +++ b/components/engine/mount/flags_darwin.go @@ -0,0 +1,5 @@ +package mount + +func parseOptions(options string) (int, string) { + panic("Not implemented") +} diff --git a/components/engine/mount/flags_linux.go b/components/engine/mount/flags_linux.go new file mode 100644 index 0000000000..6f4c7acffa --- /dev/null +++ b/components/engine/mount/flags_linux.go @@ -0,0 +1,61 @@ +package mount + +import ( + "strings" + "syscall" +) + +// Parse fstab type mount options into mount() flags +// and device specific data +func parseOptions(options string) (int, string) { + var ( + flag int + data []string + ) + + flags := map[string]struct { + clear bool + flag int + }{ + "defaults": {false, 0}, + "ro": {false, syscall.MS_RDONLY}, + "rw": {true, syscall.MS_RDONLY}, + "suid": {true, syscall.MS_NOSUID}, + "nosuid": {false, syscall.MS_NOSUID}, + "dev": {true, syscall.MS_NODEV}, + "nodev": {false, syscall.MS_NODEV}, + "exec": {true, syscall.MS_NOEXEC}, + "noexec": {false, syscall.MS_NOEXEC}, + "sync": {false, syscall.MS_SYNCHRONOUS}, + "async": {true, syscall.MS_SYNCHRONOUS}, + "dirsync": {false, syscall.MS_DIRSYNC}, + "remount": {false, syscall.MS_REMOUNT}, + "mand": {false, syscall.MS_MANDLOCK}, + "nomand": {true, syscall.MS_MANDLOCK}, + "atime": {true, syscall.MS_NOATIME}, + "noatime": {false, syscall.MS_NOATIME}, + "diratime": {true, syscall.MS_NODIRATIME}, + "nodiratime": {false, syscall.MS_NODIRATIME}, + "bind": {false, syscall.MS_BIND}, + "rbind": {false, syscall.MS_BIND | syscall.MS_REC}, + "relatime": {false, syscall.MS_RELATIME}, + "norelatime": {true, syscall.MS_RELATIME}, + "strictatime": {false, syscall.MS_STRICTATIME}, + "nostrictatime": {true, syscall.MS_STRICTATIME}, + } + + for _, o := range strings.Split(options, ",") { + // If the option does not exist in the flags table then it is a + // data value for a specific fs type + if f, exists := flags[o]; exists { + if f.clear { + flag &= ^f.flag + } else { + flag |= f.flag + } + } else { + data = append(data, o) + } + } + return flag, strings.Join(data, ",") +} diff --git a/components/engine/mount/mount.go b/components/engine/mount/mount.go new file mode 100644 index 0000000000..253a4681ef --- /dev/null +++ b/components/engine/mount/mount.go @@ -0,0 +1,53 @@ +package mount + +import ( + "time" +) + +// Looks at /proc/self/mountinfo to determine of the specified +// mountpoint has been mounted +func Mounted(mountpoint string) (bool, error) { + entries, err := parseMountTable() + if err != nil { + return false, err + } + + // Search the table for the mountpoint + for _, e := range entries { + if e.mountpoint == mountpoint { + return true, nil + } + } + return false, nil +} + +// Mount the specified options at the target path +// Options must be specified as fstab style +func Mount(device, target, mType, options string) error { + if mounted, err := Mounted(target); err != nil || mounted { + return err + } + + flag, data := parseOptions(options) + if err := mount(device, target, mType, uintptr(flag), data); err != nil { + return err + } + return nil + +} + +// Unmount the target only if it is mounted +func Unmount(target string) (err error) { + if mounted, err := Mounted(target); err != nil || !mounted { + return err + } + + // Simple retry logic for unmount + for i := 0; i < 10; i++ { + if err = unmount(target, 0); err == nil { + return nil + } + time.Sleep(100 * time.Millisecond) + } + return +} diff --git a/components/engine/graphdriver/driver_test.go b/components/engine/mount/mount_test.go similarity index 78% rename from components/engine/graphdriver/driver_test.go rename to components/engine/mount/mount_test.go index c16ce70369..5dc9dc256a 100644 --- a/components/engine/graphdriver/driver_test.go +++ b/components/engine/mount/mount_test.go @@ -1,4 +1,4 @@ -package graphdriver +package mount import ( "os" @@ -24,7 +24,7 @@ func TestMountOptionsParsing(t *testing.T) { } func TestMounted(t *testing.T) { - tmp := path.Join(os.TempDir(), "graphdriver-tests") + tmp := path.Join(os.TempDir(), "mount-tests") if err := os.MkdirAll(tmp, 0777); err != nil { t.Fatal(err) } @@ -48,18 +48,11 @@ func TestMounted(t *testing.T) { } f.Close() - mount := &Mount{ - Device: sourcePath, - Target: targetPath, - Type: "none", - Options: "bind,ro", - } - - if err := mount.Mount("/"); err != nil { + if err := Mount(sourcePath, targetPath, "none", "bind,ro"); err != nil { t.Fatal(err) } defer func() { - if err := mount.Unmount("/"); err != nil { + if err := Unmount(targetPath); err != nil { t.Fatal(err) } }() diff --git a/components/engine/mount/mounter_darwin.go b/components/engine/mount/mounter_darwin.go new file mode 100644 index 0000000000..7615f94f9e --- /dev/null +++ b/components/engine/mount/mounter_darwin.go @@ -0,0 +1,9 @@ +package mount + +func mount(device, target, mType string, flag uintptr, data string) error { + panic("Not implemented") +} + +func unmount(target string, flag int) error { + panic("Not implemented") +} diff --git a/components/engine/mount/mounter_linux.go b/components/engine/mount/mounter_linux.go new file mode 100644 index 0000000000..1371f72bd9 --- /dev/null +++ b/components/engine/mount/mounter_linux.go @@ -0,0 +1,13 @@ +package mount + +import ( + "syscall" +) + +func mount(device, target, mType string, flag uintptr, data string) error { + return syscall.Mount(device, target, mType, flag, data) +} + +func unmount(target string, flag int) error { + return syscall.Unmount(target, flag) +} diff --git a/components/engine/mount/mountinfo.go b/components/engine/mount/mountinfo.go new file mode 100644 index 0000000000..397e792259 --- /dev/null +++ b/components/engine/mount/mountinfo.go @@ -0,0 +1,45 @@ +package mount + +import ( + "bufio" + "fmt" + "os" +) + +const ( + mountinfoFormat = "%d %d %d:%d %s %s %s - %s %s %s" +) + +// Represents one line from /proc/self/mountinfo +type procEntry struct { + id, parent, major, minor int + source, mountpoint, fstype, device string + vfsopts, opts string +} + +// Parse /proc/self/mountinfo because comparing Dev and ino does not work from bind mounts +func parseMountTable() ([]*procEntry, error) { + f, err := os.Open("/proc/self/mountinfo") + if err != nil { + return nil, err + } + defer f.Close() + + s := bufio.NewScanner(f) + out := []*procEntry{} + for s.Scan() { + if err := s.Err(); err != nil { + return nil, err + } + + p := &procEntry{} + if _, err := fmt.Sscanf(s.Text(), mountinfoFormat, + &p.id, &p.parent, &p.major, &p.minor, + &p.source, &p.mountpoint, &p.vfsopts, &p.fstype, + &p.device, &p.opts); err != nil { + return nil, err + } + out = append(out, p) + } + return out, nil +} diff --git a/components/engine/runtime.go b/components/engine/runtime.go index a9e1e2a6fd..63ac795d02 100644 --- a/components/engine/runtime.go +++ b/components/engine/runtime.go @@ -788,67 +788,6 @@ func (runtime *Runtime) Close() error { return nil } -func (runtime *Runtime) getMounts(container *Container) ([]*graphdriver.Mount, error) { - // Generate additional bind mounts - envPath, err := container.EnvConfigPath() - if err != nil { - return nil, err - } - mounts := []*graphdriver.Mount{ - { - Device: runtime.sysInitPath, - Target: "/.dockerinit", - Type: "none", - Options: "bind,ro", - }, - { - Device: envPath, - Target: "/.dockerenv", - Type: "none", - Options: "bind,ro", - }, - // In order to get a working DNS environment, mount bind (ro) the host's /etc/resolv.conf into the container - { - Device: container.ResolvConfPath, - Target: "/etc/resolv.conf", - Type: "none", - Options: "bind,ro", - }, - } - - if container.HostnamePath != "" && container.HostsPath != "" { - mounts = append(mounts, - &graphdriver.Mount{ - Device: container.HostnamePath, - Target: "/etc/hostname", - Type: "none", - Options: "bind,ro", - }, - &graphdriver.Mount{ - Device: container.HostsPath, - Target: "/etc/hosts", - Type: "none", - Options: "bind,ro", - }) - } - - for r, v := range container.Volumes { - mountAs := "ro" - if container.VolumesRW[v] { - mountAs = "rw" - } - - mounts = append(mounts, - &graphdriver.Mount{ - Device: v, - Target: r, - Type: "none", - Options: fmt.Sprintf("bind,%s", mountAs), - }) - } - return mounts, nil -} - func (runtime *Runtime) Mount(container *Container) error { dir, err := runtime.driver.Get(container.ID) if err != nil { From 69bf3879ed532655739094865c054d24f767b12b Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Wed, 18 Dec 2013 21:14:16 -0800 Subject: [PATCH 051/126] Move sqlite conn to graph db for cross compile support Upstream-commit: 329d154209f8da83226e729222dafff4e214b25d Component: engine --- components/engine/graphdb/conn_darwin.go | 5 +++++ components/engine/graphdb/conn_linux.go | 23 +++++++++++++++++++++++ components/engine/runtime.go | 16 +--------------- 3 files changed, 29 insertions(+), 15 deletions(-) create mode 100644 components/engine/graphdb/conn_darwin.go create mode 100644 components/engine/graphdb/conn_linux.go diff --git a/components/engine/graphdb/conn_darwin.go b/components/engine/graphdb/conn_darwin.go new file mode 100644 index 0000000000..6e75fd8edb --- /dev/null +++ b/components/engine/graphdb/conn_darwin.go @@ -0,0 +1,5 @@ +package graphdb + +func NewSqliteConn(root string) (*Database, error) { + panic("Not implemented") +} diff --git a/components/engine/graphdb/conn_linux.go b/components/engine/graphdb/conn_linux.go new file mode 100644 index 0000000000..2bd51940ce --- /dev/null +++ b/components/engine/graphdb/conn_linux.go @@ -0,0 +1,23 @@ +package graphdb + +import ( + _ "code.google.com/p/gosqlite/sqlite3" // registers sqlite + "database/sql" + "os" +) + +func NewSqliteConn(root string) (*Database, error) { + initDatabase := false + if _, err := os.Stat(root); err != nil { + if os.IsNotExist(err) { + initDatabase = true + } else { + return nil, err + } + } + conn, err := sql.Open("sqlite3", root) + if err != nil { + return nil, err + } + return NewDatabase(conn, initDatabase) +} diff --git a/components/engine/runtime.go b/components/engine/runtime.go index 54c2a47e4e..a6233339cb 100644 --- a/components/engine/runtime.go +++ b/components/engine/runtime.go @@ -1,9 +1,7 @@ package docker import ( - _ "code.google.com/p/gosqlite/sqlite3" // registers sqlite "container/list" - "database/sql" "fmt" "github.com/dotcloud/docker/archive" "github.com/dotcloud/docker/graphdb" @@ -718,19 +716,7 @@ func NewRuntimeFromDirectory(config *DaemonConfig) (*Runtime, error) { } graphdbPath := path.Join(config.Root, "linkgraph.db") - initDatabase := false - if _, err := os.Stat(graphdbPath); err != nil { - if os.IsNotExist(err) { - initDatabase = true - } else { - return nil, err - } - } - conn, err := sql.Open("sqlite3", graphdbPath) - if err != nil { - return nil, err - } - graph, err := graphdb.NewDatabase(conn, initDatabase) + graph, err := graphdb.NewSqliteConn(graphdbPath) if err != nil { return nil, err } From 8a97983c9fb5eb09a467b6551f67e4664932fb68 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 18 Dec 2013 22:29:48 -0700 Subject: [PATCH 052/126] Make Tianon the official root "Dockerfile" maintainer, since it's so hard-locked to hack changes most of the time Upstream-commit: 14d1c5a2c331f9abe4199b1064ff8f642981fa77 Component: engine --- components/engine/MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/components/engine/MAINTAINERS b/components/engine/MAINTAINERS index 96469c9814..8ee1f86b7c 100644 --- a/components/engine/MAINTAINERS +++ b/components/engine/MAINTAINERS @@ -3,4 +3,5 @@ Guillaume Charmes (@creack) Victor Vieux (@vieux) Michael Crosby (@crosbymichael) api.go: Victor Vieux (@vieux) +Dockerfile: Tianon Gravi (@tianon) Vagrantfile: Daniel Mizyrycki (@mzdaniel) From 5fd54c24bc7abde9f10eb6524b962f512ba25370 Mon Sep 17 00:00:00 2001 From: Jesse Dubay Date: Wed, 18 Dec 2013 14:45:47 -0800 Subject: [PATCH 053/126] Use box-drawing characters in `docker images -tree` MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This makes the output of `docker images -tree` look a little prettier. Previously it displayed a combination of box-drawing characters and pipe characters, so the lines didn't quite connect... Before: └─aceb1e132fe5 Size: 487 MB (virtual 1.728 GB) |─c5480c55e00a Size: 44.89 MB (virtual 1.773 GB) | └─96c21b5e3c80 Size: 17.25 kB (virtual 1.773 GB) | └─58f3f2293512 Size: 8.191 MB (virtual 1.782 GB) After: └─aceb1e132fe5 Size: 487 MB (virtual 1.728 GB) ├─c5480c55e00a Size: 44.89 MB (virtual 1.773 GB) │ └─96c21b5e3c80 Size: 17.25 kB (virtual 1.773 GB) │ └─58f3f2293512 Size: 8.191 MB (virtual 1.782 GB) Upstream-commit: d14c162fd621da809baa48e8af007443c4f2ae0a Component: engine --- components/engine/commands.go | 4 ++-- components/engine/docs/sources/commandline/cli.rst | 14 +++++++------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/components/engine/commands.go b/components/engine/commands.go index 4fed585062..5ad35636c2 100644 --- a/components/engine/commands.go +++ b/components/engine/commands.go @@ -1237,9 +1237,9 @@ func (cli *DockerCli) WalkTree(noTrunc bool, images *[]APIImages, byParent map[s cli.WalkTree(noTrunc, &subimages, byParent, prefix+" ", printNode) } } else { - printNode(cli, noTrunc, image, prefix+"|─") + printNode(cli, noTrunc, image, prefix+"├─") if subimages, exists := byParent[image.ID]; exists { - cli.WalkTree(noTrunc, &subimages, byParent, prefix+"| ", printNode) + cli.WalkTree(noTrunc, &subimages, byParent, prefix+"│ ", printNode) } } } diff --git a/components/engine/docs/sources/commandline/cli.rst b/components/engine/docs/sources/commandline/cli.rst index 346720aaf1..fc18066533 100644 --- a/components/engine/docs/sources/commandline/cli.rst +++ b/components/engine/docs/sources/commandline/cli.rst @@ -553,15 +553,15 @@ Displaying image hierarchy $ sudo docker images -tree - |─8dbd9e392a96 Size: 131.5 MB (virtual 131.5 MB) Tags: ubuntu:12.04,ubuntu:latest,ubuntu:precise + ├─8dbd9e392a96 Size: 131.5 MB (virtual 131.5 MB) Tags: ubuntu:12.04,ubuntu:latest,ubuntu:precise └─27cf78414709 Size: 180.1 MB (virtual 180.1 MB) └─b750fe79269d Size: 24.65 kB (virtual 180.1 MB) Tags: ubuntu:12.10,ubuntu:quantal - |─f98de3b610d5 Size: 12.29 kB (virtual 180.1 MB) - | └─7da80deb7dbf Size: 16.38 kB (virtual 180.1 MB) - | └─65ed2fee0a34 Size: 20.66 kB (virtual 180.2 MB) - | └─a2b9ea53dddc Size: 819.7 MB (virtual 999.8 MB) - | └─a29b932eaba8 Size: 28.67 kB (virtual 999.9 MB) - | └─e270a44f124d Size: 12.29 kB (virtual 999.9 MB) Tags: progrium/buildstep:latest + ├─f98de3b610d5 Size: 12.29 kB (virtual 180.1 MB) + │ └─7da80deb7dbf Size: 16.38 kB (virtual 180.1 MB) + │ └─65ed2fee0a34 Size: 20.66 kB (virtual 180.2 MB) + │ └─a2b9ea53dddc Size: 819.7 MB (virtual 999.8 MB) + │ └─a29b932eaba8 Size: 28.67 kB (virtual 999.9 MB) + │ └─e270a44f124d Size: 12.29 kB (virtual 999.9 MB) Tags: progrium/buildstep:latest └─17e74ac162d8 Size: 53.93 kB (virtual 180.2 MB) └─339a3f56b760 Size: 24.65 kB (virtual 180.2 MB) └─904fcc40e34d Size: 96.7 MB (virtual 276.9 MB) From f633c6e7d1c7169a722352755b045539328ede96 Mon Sep 17 00:00:00 2001 From: Josh Poimboeuf Date: Thu, 19 Dec 2013 00:03:34 -0600 Subject: [PATCH 054/126] Move root symlink check to engine.New Since commit c91c365, when starting the docker daemon without an existing /var/lib/docker directory, it fails with: 2013/12/18 23:39:36 Unable to canonicalize root (%!s(*string=0xc210077c80)): lstat /var/lib/docker: no such file or directory Move the symlink checking code to engine.New after the root dir has been created. Upstream-commit: 94821a33534a25fe906f3f66e1c06b1f2c877aac Component: engine --- components/engine/docker/docker.go | 14 -------------- components/engine/engine/engine.go | 16 ++++++++++++++++ 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go index 62f71d54d0..a0108630bd 100644 --- a/components/engine/docker/docker.go +++ b/components/engine/docker/docker.go @@ -9,7 +9,6 @@ import ( "github.com/dotcloud/docker/utils" "log" "os" - "path/filepath" "strings" ) @@ -71,19 +70,6 @@ func main() { return } - // Docker makes some assumptions about the "absoluteness" of flRoot - // ... so let's make sure it has no symlinks - if p, err := filepath.Abs(*flRoot); err != nil { - log.Fatalf("Unable to get absolute root (%s): %s", flRoot, err) - } else { - *flRoot = p - } - if p, err := filepath.EvalSymlinks(*flRoot); err != nil { - log.Fatalf("Unable to canonicalize root (%s): %s", flRoot, err) - } else { - *flRoot = p - } - eng, err := engine.New(*flRoot) if err != nil { log.Fatal(err) diff --git a/components/engine/engine/engine.go b/components/engine/engine/engine.go index 5da0a97233..ad830ce2e4 100644 --- a/components/engine/engine/engine.go +++ b/components/engine/engine/engine.go @@ -6,6 +6,7 @@ import ( "io" "log" "os" + "path/filepath" "runtime" "strings" ) @@ -79,9 +80,24 @@ func New(root string) (*Engine, error) { } } } + if err := os.MkdirAll(root, 0700); err != nil && !os.IsExist(err) { return nil, err } + + // Docker makes some assumptions about the "absoluteness" of root + // ... so let's make sure it has no symlinks + if p, err := filepath.Abs(root); err != nil { + log.Fatalf("Unable to get absolute root (%s): %s", root, err) + } else { + root = p + } + if p, err := filepath.EvalSymlinks(root); err != nil { + log.Fatalf("Unable to canonicalize root (%s): %s", root, err) + } else { + root = p + } + eng := &Engine{ root: root, handlers: make(map[string]Handler), From a7fc58e1eb11c1f9c94348203647b59eff438fdf Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 18 Dec 2013 23:06:14 -0700 Subject: [PATCH 055/126] Add new "cross" bundle to cross-compile the Docker client for other platforms (currently just 32-bit and 64-bit OS X) Upstream-commit: 62a81370fffb3cfdb15ef19702f0ea07ab2f4c36 Component: engine --- components/engine/Dockerfile | 7 ++++++- components/engine/Makefile | 5 ++++- components/engine/hack/make.sh | 1 + components/engine/hack/make/cross | 13 +++++++++++++ components/engine/hack/release.sh | 12 ++++++++++++ 5 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 components/engine/hack/make/cross diff --git a/components/engine/Dockerfile b/components/engine/Dockerfile index 47fb58a693..3391505f0a 100644 --- a/components/engine/Dockerfile +++ b/components/engine/Dockerfile @@ -39,7 +39,12 @@ RUN apt-get install -y -q build-essential libsqlite3-dev RUN curl -s https://go.googlecode.com/files/go1.2.src.tar.gz | tar -v -C /usr/local -xz ENV PATH /usr/local/go/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin ENV GOPATH /go:/go/src/github.com/dotcloud/docker/vendor -RUN cd /usr/local/go/src && ./make.bash +RUN cd /usr/local/go/src && ./make.bash --no-clean 2>&1 + +# Cross compilation +ENV DOCKER_CROSSPLATFORMS darwin/amd64 darwin/386 +# TODO add linux/386 and linux/arm +RUN cd /usr/local/go/src && bash -xc 'for platform in $DOCKER_CROSSPLATFORMS; do GOOS=${platform%/*} GOARCH=${platform##*/} ./make.bash --no-clean 2>&1; done' # Ubuntu stuff RUN apt-get install -y -q ruby1.9.3 rubygems libffi-dev diff --git a/components/engine/Makefile b/components/engine/Makefile index 21ff0dc57d..613425531b 100644 --- a/components/engine/Makefile +++ b/components/engine/Makefile @@ -1,4 +1,4 @@ -.PHONY: all binary build default docs shell test +.PHONY: all binary build cross default docs shell test DOCKER_RUN_DOCKER := docker run -rm -i -t -privileged -e TESTFLAGS -v $(CURDIR)/bundles:/go/src/github.com/dotcloud/docker/bundles docker @@ -10,6 +10,9 @@ all: build binary: build $(DOCKER_RUN_DOCKER) hack/make.sh binary +cross: build + $(DOCKER_RUN_DOCKER) hack/make.sh cross + docs: docker build -t docker-docs docs && docker run -p 8000:8000 docker-docs diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh index 0993b80065..657233381c 100755 --- a/components/engine/hack/make.sh +++ b/components/engine/hack/make.sh @@ -40,6 +40,7 @@ DEFAULT_BUNDLES=( dyntest dyntest-integration cover + cross tgz ubuntu ) diff --git a/components/engine/hack/make/cross b/components/engine/hack/make/cross new file mode 100644 index 0000000000..fe68d7b4b8 --- /dev/null +++ b/components/engine/hack/make/cross @@ -0,0 +1,13 @@ +#!/bin/bash + +DEST=$1 + +for platform in $DOCKER_CROSSPLATFORMS; do + ( + export GOOS=${platform%/*} + export GOARCH=${platform##*/} + export VERSION="$GOOS-$GOARCH-$VERSION" # for a nice filename + export LDFLAGS_STATIC="" # we just need a simple client for these platforms (TODO this might change someday) + source "$(dirname "$BASH_SOURCE")/binary" + ) +done diff --git a/components/engine/hack/release.sh b/components/engine/hack/release.sh index 2ec40677e7..9021345eb2 100755 --- a/components/engine/hack/release.sh +++ b/components/engine/hack/release.sh @@ -47,6 +47,7 @@ cd /go/src/github.com/dotcloud/docker RELEASE_BUNDLES=( binary + cross tgz ubuntu ) @@ -233,6 +234,16 @@ EOF fi } +# Upload a cross-compiled client binaries to S3 +release_cross() { + [ -e bundles/$VERSION/cross ] || { + echo >&2 './hack/make.sh must be run before release_binary' + exit 1 + } + + # TODO find out from @shykes what URLs he'd like to use here +} + # Upload the index script release_index() { sed "s,https://get.docker.io/,$(s3_url)/," hack/install.sh | write_to_s3 s3://$BUCKET/index @@ -247,6 +258,7 @@ release_test() { main() { setup_s3 release_binary + release_cross release_tgz release_ubuntu release_index From b1321196bf1cf76980a1797d104316321efe9a7b Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Thu, 19 Dec 2013 14:27:47 -0500 Subject: [PATCH 056/126] Added some more items to the FAQ Upstream-commit: 8c52140059c83b9ef6f4f9336f162945cd360c4f Component: engine --- components/engine/docs/sources/faq.rst | 54 +++++++++++++++++++++++++- 1 file changed, 53 insertions(+), 1 deletion(-) diff --git a/components/engine/docs/sources/faq.rst b/components/engine/docs/sources/faq.rst index 23460f4b55..6d02fa660c 100644 --- a/components/engine/docs/sources/faq.rst +++ b/components/engine/docs/sources/faq.rst @@ -111,7 +111,7 @@ What does Docker add to just plain LXC? registry to store and transfer private containers, for internal server deployments for example. - * *Tool ecosystem.* + * *Tool ecosystem.* Docker defines an API for automating and customizing the creation and deployment of containers. There are a huge number of tools integrating with Docker to extend its @@ -122,6 +122,12 @@ What does Docker add to just plain LXC? (Jenkins, Strider, Travis), etc. Docker is rapidly establishing itself as the standard for container-based tooling. +What is different between a Docker container and a VM? +...................................................... + +There's a great StackOverflow answer `here +`_. + Do I lose my data when the container exits? ........................................... @@ -129,6 +135,52 @@ Not at all! Any data that your application writes to disk gets preserved in its container until you explicitly delete the container. The file system for the container persists even after the container halts. +How far do Docker containers scale? +................................... + +Some of the largest server farms in the world today are based on containers. +Large web deployments like Google and Twitter, and platform providers such as +Heroku and dotCloud all run on container technology, at a scale of hundreds of +thousands or even millions of containers running in parallel. + +How do I connect Docker containers? +................................... + +Currently the recommended way to link containers is via the `link` primitive. +You can see details of how to use it `here `_. + +Also of useful when enabling more flexible service portability is the +`Ambassador linking pattern +`_. + +How do I run more than one process in a Docker container? +......................................................... + +Any capable process supervisor such as http://supervisord.org/, runit, s6, or +daemontools can do the trick. Docker will start up the process management +daemon which will then fork to run additional processes. As long as the +processor manager daemon continues to run, the container will continue to as +well. You can see a more subsantial example `here +`_. + +What platforms does Docker run on? +.................................. + +Linux: + +- Ubuntu 12.04, 13.04 et al +- Fedora 19/20+ +- RHEL 6.5+ +- Centos 6+ +- Gento +- ArchLinux + +Cloud: + +- Amazon EC2 +- Google Compute Engine +- Rackspace + Can I help by adding some questions and answers? ................................................ From 0bf2305d2f238bfb0bea1d75e8f7d6a0a028a7bf Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Wed, 18 Dec 2013 20:41:34 -0800 Subject: [PATCH 057/126] Move MTU setting outside of lxc and set with netlink Upstream-commit: 0e6f0c4e02f4a29a1495f68f8aa52c5a10f587da Component: engine --- components/engine/container.go | 1 + components/engine/lxc_template.go | 1 - components/engine/netlink/netlink_darwin.go | 4 +++ components/engine/netlink/netlink_linux.go | 32 ++++++++++++++++++++- components/engine/sysinit/sysinit.go | 6 ++++ 5 files changed, 42 insertions(+), 2 deletions(-) diff --git a/components/engine/container.go b/components/engine/container.go index e13747df51..1c55fbbe91 100644 --- a/components/engine/container.go +++ b/components/engine/container.go @@ -582,6 +582,7 @@ func (container *Container) Start() (err error) { params = append(params, "-g", network.Gateway, "-i", fmt.Sprintf("%s/%d", network.IPAddress, network.IPPrefixLen), + "-mtu", "1500", ) } diff --git a/components/engine/lxc_template.go b/components/engine/lxc_template.go index c0dc4f39a9..f96323b5ea 100644 --- a/components/engine/lxc_template.go +++ b/components/engine/lxc_template.go @@ -14,7 +14,6 @@ lxc.network.type = empty lxc.network.type = veth lxc.network.link = {{.NetworkSettings.Bridge}} lxc.network.name = eth0 -lxc.network.mtu = 1500 {{end}} # root filesystem diff --git a/components/engine/netlink/netlink_darwin.go b/components/engine/netlink/netlink_darwin.go index 9a972fe63f..dcc60b6764 100644 --- a/components/engine/netlink/netlink_darwin.go +++ b/components/engine/netlink/netlink_darwin.go @@ -25,3 +25,7 @@ func AddDefaultGw(ip net.IP) error { return fmt.Errorf("Not implemented") } + +func NetworkSetMTU(iface *net.Interface, mtu int) error { + return fmt.Errorf("Not implemented") +} diff --git a/components/engine/netlink/netlink_linux.go b/components/engine/netlink/netlink_linux.go index 239614b5fb..4417f5249e 100644 --- a/components/engine/netlink/netlink_linux.go +++ b/components/engine/netlink/netlink_linux.go @@ -328,7 +328,6 @@ func AddDefaultGw(ip net.IP) error { } return s.HandleAck(wb.Seq) - } // Bring up a particular network interface @@ -354,6 +353,37 @@ func NetworkLinkUp(iface *net.Interface) error { return s.HandleAck(wb.Seq) } +func NetworkSetMTU(iface *net.Interface, mtu int) error { + s, err := getNetlinkSocket() + if err != nil { + return err + } + defer s.Close() + + wb := newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK) + + msg := newIfInfomsg(syscall.AF_UNSPEC) + msg.Type = syscall.RTM_SETLINK + msg.Flags = syscall.NLM_F_REQUEST + msg.Index = int32(iface.Index) + msg.Change = 0xFFFFFFFF + wb.AddData(msg) + + var ( + b = make([]byte, 4) + native = nativeEndian() + ) + native.PutUint32(b, uint32(mtu)) + + data := newRtAttr(syscall.IFLA_MTU, b) + wb.AddData(data) + + if err := s.Send(wb); err != nil { + return err + } + return s.HandleAck(wb.Seq) +} + // Add an Ip address to an interface. This is identical to: // ip addr add $ip/$ipNet dev $iface func NetworkLinkAddIp(iface *net.Interface, ip net.IP, ipNet *net.IPNet) error { diff --git a/components/engine/sysinit/sysinit.go b/components/engine/sysinit/sysinit.go index ad97439450..01c7473b5d 100644 --- a/components/engine/sysinit/sysinit.go +++ b/components/engine/sysinit/sysinit.go @@ -25,6 +25,7 @@ type DockerInitArgs struct { privileged bool env []string args []string + mtu int } func setupHostname(args *DockerInitArgs) error { @@ -50,6 +51,9 @@ func setupNetworking(args *DockerInitArgs) error { if err := netlink.NetworkLinkAddIp(iface, ip, ipNet); err != nil { return fmt.Errorf("Unable to set up networking: %v", err) } + if err := netlink.NetworkSetMTU(iface, args.mtu); err != nil { + return fmt.Errorf("Unable to set MTU: %v", err) + } if err := netlink.NetworkLinkUp(iface); err != nil { return fmt.Errorf("Unable to set up networking: %v", err) } @@ -227,6 +231,7 @@ func SysInit() { ip := flag.String("i", "", "ip address") workDir := flag.String("w", "", "workdir") privileged := flag.Bool("privileged", false, "privileged mode") + mtu := flag.Int("mtu", 1500, "interface mtu") flag.Parse() // Get env @@ -250,6 +255,7 @@ func SysInit() { privileged: *privileged, env: env, args: flag.Args(), + mtu: *mtu, } if err := executeProgram(args); err != nil { From d29d3cbd9340daaec0ed418c6bd7fbc2fd2bb561 Mon Sep 17 00:00:00 2001 From: Josh Poimboeuf Date: Thu, 19 Dec 2013 11:01:55 -0600 Subject: [PATCH 058/126] add gosqlite to vendor.sh Add gosqlite and its latest revision to vendor.sh so that the vendor directory can be reliably recreated. Upstream-commit: d215724ad6f70a783cb00b77f3c1a0cf9f69c83e Component: engine --- components/engine/hack/vendor.sh | 35 ++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/components/engine/hack/vendor.sh b/components/engine/hack/vendor.sh index fc0180c538..f76b30bba1 100755 --- a/components/engine/hack/vendor.sh +++ b/components/engine/hack/vendor.sh @@ -6,7 +6,7 @@ if [[ ! -d vendor ]]; then fi vendor_dir=${PWD}/vendor -git_clone () { +rm_pkg_dir () { PKG=$1 REV=$2 ( @@ -16,11 +16,31 @@ git_clone () { echo "src/$PKG already exists. Removing." rm -fr src/$PKG fi + ) +} + +git_clone () { + PKG=$1 + REV=$2 + ( + set -e + rm_pkg_dir $PKG $REV cd $vendor_dir && git clone http://$PKG src/$PKG cd src/$PKG && git checkout -f $REV && rm -fr .git ) } +hg_clone () { + PKG=$1 + REV=$2 + ( + set -e + rm_pkg_dir $PKG $REV + cd $vendor_dir && hg clone http://$PKG src/$PKG + cd src/$PKG && hg checkout -r $REV && rm -fr .hg + ) +} + git_clone github.com/kr/pty 3b1f6487b git_clone github.com/gorilla/context/ 708054d61e5 @@ -29,13 +49,6 @@ git_clone github.com/gorilla/mux/ 9b36453141c git_clone github.com/syndtr/gocapability 3454319be2 -# Docker requires code.google.com/p/go.net/websocket -PKG=code.google.com/p/go.net REV=84a4013f96e0 -( - set -e - cd $vendor_dir - if [[ ! -d src/$PKG ]]; then - hg clone https://$PKG src/$PKG - fi - cd src/$PKG && hg checkout -r $REV -) +hg_clone code.google.com/p/go.net 84a4013f96e0 + +hg_clone code.google.com/p/gosqlite 74691fb6f837 From f4c2be3a58632c8aae5e4b02d62146364cac0663 Mon Sep 17 00:00:00 2001 From: pandrew Date: Thu, 19 Dec 2013 20:55:19 +0100 Subject: [PATCH 059/126] Update docs to include images for docker inspect Upstream-commit: 8072d3a4e009f404fbc31507887c3418ea7327fc Component: engine --- components/engine/docs/sources/commandline/cli.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/components/engine/docs/sources/commandline/cli.rst b/components/engine/docs/sources/commandline/cli.rst index fc18066533..e5d6b05cd8 100644 --- a/components/engine/docs/sources/commandline/cli.rst +++ b/components/engine/docs/sources/commandline/cli.rst @@ -681,11 +681,11 @@ Insert file from github :: - Usage: docker inspect [OPTIONS] CONTAINER + Usage: docker inspect CONTAINER|IMAGE [CONTAINER|IMAGE...] - Return low-level information on a container + Return low-level information on a container/image - -format="": template to output results + -format="": Format the output using the given go template. By default, this will render all results in a JSON array. If a format is specified, the given template will be executed for each result. From 36b27a819f656ac40eac8ac73ff2641c7db1d961 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 19 Dec 2013 13:42:06 -0700 Subject: [PATCH 060/126] Add Tianon as Makefile maintainer Upstream-commit: cd89fe5c4f342adae870a04f04729e3b50ae20ea Component: engine --- components/engine/MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/components/engine/MAINTAINERS b/components/engine/MAINTAINERS index 8ee1f86b7c..ef3aeda493 100644 --- a/components/engine/MAINTAINERS +++ b/components/engine/MAINTAINERS @@ -4,4 +4,5 @@ Victor Vieux (@vieux) Michael Crosby (@crosbymichael) api.go: Victor Vieux (@vieux) Dockerfile: Tianon Gravi (@tianon) +Makefile: Tianon Gravi (@tianon) Vagrantfile: Daniel Mizyrycki (@mzdaniel) From e69eef70c1ecd307af7df62e377353b9fefff0ba Mon Sep 17 00:00:00 2001 From: Dinesh Subhraveti Date: Thu, 19 Dec 2013 21:41:22 -0800 Subject: [PATCH 061/126] Add -S option to tar for efficient sparse file handling Fixes issue #3282 Upstream-commit: 733bf5d3ddbfb6dba7c2c0996c4af47a765e4593 Component: engine --- components/engine/AUTHORS | 1 + components/engine/archive/archive.go | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/components/engine/AUTHORS b/components/engine/AUTHORS index 60533c1cc2..2476208d13 100644 --- a/components/engine/AUTHORS +++ b/components/engine/AUTHORS @@ -47,6 +47,7 @@ Daniel YC Lin Darren Coxall David Calavera David Sissitka +Dinesh Subhraveti Deni Bertovic Dominik Honnef Don Spaulding diff --git a/components/engine/archive/archive.go b/components/engine/archive/archive.go index ae2c030cb7..f8fcf0b163 100644 --- a/components/engine/archive/archive.go +++ b/components/engine/archive/archive.go @@ -149,7 +149,7 @@ func escapeName(name string) string { // Tar creates an archive from the directory at `path`, only including files whose relative // paths are included in `filter`. If `filter` is nil, then all files are included. func TarFilter(path string, options *TarOptions) (io.Reader, error) { - args := []string{"tar", "--numeric-owner", "-f", "-", "-C", path, "-T", "-"} + args := []string{"tar", "-S", "--numeric-owner", "-f", "-", "-C", path, "-T", "-"} if options.Includes == nil { options.Includes = []string{"."} } @@ -228,7 +228,7 @@ func Untar(archive io.Reader, path string, options *TarOptions) error { compression := DetectCompression(buf) utils.Debugf("Archive compression detected: %s", compression.Extension()) - args := []string{"--numeric-owner", "-f", "-", "-C", path, "-x" + compression.Flag()} + args := []string{"-S", "--numeric-owner", "-f", "-", "-C", path, "-x" + compression.Flag()} if options != nil { for _, exclude := range options.Excludes { From 8afb99df88421d26c574bbdb732afe5d65c4e52a Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 19 Dec 2013 09:29:46 +1000 Subject: [PATCH 062/126] make a more complete example of docker run, showing the use of most of the options (Closes #1500) Upstream-commit: df87919165e8874fe53d9405e3833bbaff4f0147 Component: engine --- .../engine/docs/sources/commandline/cli.rst | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/components/engine/docs/sources/commandline/cli.rst b/components/engine/docs/sources/commandline/cli.rst index e5d6b05cd8..451a270d96 100644 --- a/components/engine/docs/sources/commandline/cli.rst +++ b/components/engine/docs/sources/commandline/cli.rst @@ -1120,6 +1120,26 @@ id may be optionally suffixed with ``:ro`` or ``:rw`` to mount the volumes in read-only or read-write mode, respectively. By default, the volumes are mounted in the same mode (rw or ro) as the reference container. +A complete example +.................. + +.. code-block:: bash + + $ sudo docker run -d -name static static-web-files sh + $ sudo docker run -d -expose=8098 -name riak riakserver + $ sudo docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro -name app appserver + $ sudo docker run -d -p 1443:443 -dns=dns.dev.org -v /var/log/httpd -volumes-from static -link riak -link app -h www.sven.dev.org -name web webserver + $ sudo docker run -t -i -rm -volumes-from web -w /var/log/httpd busybox tail -f access.log + +This example shows 5 containers that might be set up to test a web application change: + +1. Start a pre-prepared volume image ``static-web-files`` (in the background) that has css, image and static html in it, (with a VOLUME statement in the Dockerfile to allow the web server to use those files); +2. Start a pre-prepared ``riakserver`` image, give the container name ``riak`` and expose 8098 to any containers that link to it; +3. Start the ``appserver`` image, restricting its memory usage to 100MB, setting two environment variables ``DEVELOPMENT`` and ``BRANCH`` and bind-mounting the current directory (``$(pwd)``) in the container in read-only mode as ``/app/bin``; +4. Start the ``webserver``, mapping port 443 (https) in the container to port 1443 on the docker server, setting the dns server to ``dns.dev.org``, creating a volume to put the log files into (so we can access it from another container), then importing the files from the volume exposed by the ``static`` container, and linking to all exposed ports from ``riak`` and ``app``. Lastly, we set the hostname to ``web.sven.dev.org`` so its consistent with the pre-generated ssl certificate; +5. Finally, we create a container that runs ``tail -f access.log`` using the logs volume from the ``web`` container, setting the workdir to ``/var/log/httpd``. The ``-rm`` option means that when the container exits, the container's layer is removed. + + .. _cli_save: ``save`` From 0b51803275413adcb3c22575e882c4ffadcc9bbc Mon Sep 17 00:00:00 2001 From: Johannes 'fish' Ziemke Date: Fri, 20 Dec 2013 13:26:11 +0100 Subject: [PATCH 063/126] Return error if Dockerfile is empty Upstream-commit: f7ba1c34bb7670b1a8d761b73eb9a775fa0f6bbe Component: engine --- components/engine/buildfile.go | 8 ++++++++ components/engine/integration/buildfile_test.go | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/components/engine/buildfile.go b/components/engine/buildfile.go index 7d87a17d3a..1f82245cc5 100644 --- a/components/engine/buildfile.go +++ b/components/engine/buildfile.go @@ -2,6 +2,7 @@ package docker import ( "encoding/json" + "errors" "fmt" "github.com/dotcloud/docker/archive" "github.com/dotcloud/docker/auth" @@ -16,6 +17,10 @@ import ( "strings" ) +var ( + ErrDockerfileEmpty = errors.New("Dockerfile cannot be empty") +) + type BuildFile interface { Build(io.Reader) (string, error) CmdFrom(string) error @@ -529,6 +534,9 @@ func (b *buildFile) Build(context io.Reader) (string, error) { if err != nil { return "", err } + if len(fileBytes) == 0 { + return "", ErrDockerfileEmpty + } dockerfile := string(fileBytes) dockerfile = lineContinuation.ReplaceAllString(dockerfile, "") stepN := 0 diff --git a/components/engine/integration/buildfile_test.go b/components/engine/integration/buildfile_test.go index 4d15031d30..598edff0dd 100644 --- a/components/engine/integration/buildfile_test.go +++ b/components/engine/integration/buildfile_test.go @@ -630,3 +630,11 @@ func TestBuildFails(t *testing.T) { t.Fatalf("StatusCode %d unexpected, should be 23", sterr.Code) } } + +func TestBuildFailsDockerfileEmpty(t *testing.T) { + _, err := buildImage(testContextTemplate{``, nil, nil}, t, nil, true) + + if err != docker.ErrDockerfileEmpty { + t.Fatal("Expected: %v, got: %v", docker.ErrDockerfileEmpty, err) + } +} From 9e800ce4e1caa4f33179be8225f1cb8901f8b40e Mon Sep 17 00:00:00 2001 From: "Guillaume J. Charmes" Date: Fri, 20 Dec 2013 08:11:35 -0800 Subject: [PATCH 064/126] Add arch/os info to user agent (Registry) Upstream-commit: e4561438f1156a96ee7fd2e25a8b9e6a3831fa83 Component: engine --- components/engine/server.go | 2 ++ components/engine/utils/http.go | 18 +++++++++--------- components/engine/version.go | 2 ++ 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/components/engine/server.go b/components/engine/server.go index 6a3ff2cd2d..3040494196 100644 --- a/components/engine/server.go +++ b/components/engine/server.go @@ -2018,6 +2018,8 @@ func (srv *Server) HTTPRequestFactory(metaHeaders map[string][]string) *utils.HT httpVersion = append(httpVersion, &simpleVersionInfo{"go", v.Get("GoVersion")}) httpVersion = append(httpVersion, &simpleVersionInfo{"git-commit", v.Get("GitCommit")}) httpVersion = append(httpVersion, &simpleVersionInfo{"kernel", v.Get("KernelVersion")}) + httpVersion = append(httpVersion, &simpleVersionInfo{"os", v.Get("Os")}) + httpVersion = append(httpVersion, &simpleVersionInfo{"arch", v.Get("Arch")}) ud := utils.NewHTTPUserAgentDecorator(httpVersion...) md := &utils.HTTPMetaHeadersDecorator{ Headers: metaHeaders, diff --git a/components/engine/utils/http.go b/components/engine/utils/http.go index 463d3b4fdd..68e93d8eb9 100644 --- a/components/engine/utils/http.go +++ b/components/engine/utils/http.go @@ -76,9 +76,9 @@ type HTTPUserAgentDecorator struct { } func NewHTTPUserAgentDecorator(versions ...VersionInfo) HTTPRequestDecorator { - ret := new(HTTPUserAgentDecorator) - ret.versions = versions - return ret + return &HTTPUserAgentDecorator{ + versions: versions, + } } func (h *HTTPUserAgentDecorator) ChangeRequest(req *http.Request) (newReq *http.Request, err error) { @@ -108,15 +108,15 @@ func (h *HTTPMetaHeadersDecorator) ChangeRequest(req *http.Request) (newReq *htt } type HTTPAuthDecorator struct { - login string + login string password string } func NewHTTPAuthDecorator(login, password string) HTTPRequestDecorator { - ret := new(HTTPAuthDecorator) - ret.login = login - ret.password = password - return ret + return &HTTPAuthDecorator{ + login: login, + password: password, + } } func (self *HTTPAuthDecorator) ChangeRequest(req *http.Request) (*http.Request, error) { @@ -136,7 +136,7 @@ func NewHTTPRequestFactory(d ...HTTPRequestDecorator) *HTTPRequestFactory { } } -func (self *HTTPRequestFactory) AddDecorator(d... HTTPRequestDecorator) { +func (self *HTTPRequestFactory) AddDecorator(d ...HTTPRequestDecorator) { self.decorators = append(self.decorators, d...) } diff --git a/components/engine/version.go b/components/engine/version.go index c85e77c59a..a4288245f7 100644 --- a/components/engine/version.go +++ b/components/engine/version.go @@ -25,6 +25,8 @@ func dockerVersion() *engine.Env { v.Set("Version", VERSION) v.Set("GitCommit", GITCOMMIT) v.Set("GoVersion", runtime.Version()) + v.Set("Os", runtime.GOOS) + v.Set("Arch", runtime.GOARCH) // FIXME:utils.GetKernelVersion should only be needed here if kernelVersion, err := utils.GetKernelVersion(); err == nil { v.Set("KernelVersion", kernelVersion.String()) From c47d358db6f5a6f5a5d5619e4f19879ed8b7f0f6 Mon Sep 17 00:00:00 2001 From: "Guillaume J. Charmes" Date: Fri, 20 Dec 2013 08:20:08 -0800 Subject: [PATCH 065/126] Add dynamic os/arch detection to Images Upstream-commit: f9359f59a88f109a7764406c33529a20098b0c7f Component: engine --- components/engine/graph.go | 4 +++- components/engine/image.go | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/components/engine/graph.go b/components/engine/graph.go index 277bd1a55b..058ef7e93d 100644 --- a/components/engine/graph.go +++ b/components/engine/graph.go @@ -10,6 +10,7 @@ import ( "os" "path" "path/filepath" + "runtime" "strings" "syscall" "time" @@ -131,7 +132,8 @@ func (graph *Graph) Create(layerData archive.Archive, container *Container, comm DockerVersion: VERSION, Author: author, Config: config, - Architecture: "x86_64", + Architecture: runtime.GOARCH, + OS: runtime.GOOS, } if container != nil { img.Parent = container.Image diff --git a/components/engine/image.go b/components/engine/image.go index 0f07a74ee8..f062910ef8 100644 --- a/components/engine/image.go +++ b/components/engine/image.go @@ -28,6 +28,7 @@ type Image struct { Author string `json:"author,omitempty"` Config *Config `json:"config,omitempty"` Architecture string `json:"architecture,omitempty"` + OS string `json:"os,omitempty"` graph *Graph Size int64 } From 44050b9219d3aa1d2c93f9bfe8e5d773bee1039b Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Thu, 19 Dec 2013 15:16:54 -0800 Subject: [PATCH 066/126] Allow mtu to be configured at daemon start Upstream-commit: 566ff54d0ddffbeb3ba2e5f1e400db8528faf0a7 Component: engine --- components/engine/config.go | 6 ++++++ components/engine/container.go | 2 +- components/engine/docker/docker.go | 2 ++ components/engine/docs/sources/commandline/cli.rst | 1 + components/engine/integration/utils_test.go | 1 + components/engine/network.go | 2 +- 6 files changed, 12 insertions(+), 2 deletions(-) diff --git a/components/engine/config.go b/components/engine/config.go index 1f743f6290..5a6de7a873 100644 --- a/components/engine/config.go +++ b/components/engine/config.go @@ -18,6 +18,7 @@ type DaemonConfig struct { DefaultIp net.IP InterContainerCommunication bool GraphDriver string + Mtu int } // ConfigFromJob creates and returns a new DaemonConfig object @@ -41,5 +42,10 @@ func ConfigFromJob(job *engine.Job) *DaemonConfig { config.DefaultIp = net.ParseIP(job.Getenv("DefaultIp")) config.InterContainerCommunication = job.GetenvBool("InterContainerCommunication") config.GraphDriver = job.Getenv("GraphDriver") + if mtu := job.GetenvInt("Mtu"); mtu != -1 { + config.Mtu = mtu + } else { + config.Mtu = DefaultNetworkMtu + } return &config } diff --git a/components/engine/container.go b/components/engine/container.go index 1c55fbbe91..bb591669af 100644 --- a/components/engine/container.go +++ b/components/engine/container.go @@ -582,7 +582,7 @@ func (container *Container) Start() (err error) { params = append(params, "-g", network.Gateway, "-i", fmt.Sprintf("%s/%d", network.IPAddress, network.IPPrefixLen), - "-mtu", "1500", + "-mtu", strconv.Itoa(container.runtime.config.Mtu), ) } diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go index a0108630bd..1b5457984c 100644 --- a/components/engine/docker/docker.go +++ b/components/engine/docker/docker.go @@ -40,6 +40,7 @@ func main() { flInterContainerComm = flag.Bool("icc", true, "Enable inter-container communication") flGraphDriver = flag.String("s", "", "Force the docker runtime to use a specific storage driver") flHosts = docker.NewListOpts(docker.ValidateHost) + flMtu = flag.Int("mtu", docker.DefaultNetworkMtu, "Set the containers network mtu") ) flag.Var(&flDns, "dns", "Force docker to use specific DNS servers") flag.Var(&flHosts, "H", "Multiple tcp://host:port or unix://path/to/socket to bind in daemon mode, single connection otherwise") @@ -87,6 +88,7 @@ func main() { job.Setenv("DefaultIp", *flDefaultIp) job.SetenvBool("InterContainerCommunication", *flInterContainerComm) job.Setenv("GraphDriver", *flGraphDriver) + job.SetenvInt("Mtu", *flMtu) if err := job.Run(); err != nil { log.Fatal(err) } diff --git a/components/engine/docs/sources/commandline/cli.rst b/components/engine/docs/sources/commandline/cli.rst index fc18066533..523dc24ad8 100644 --- a/components/engine/docs/sources/commandline/cli.rst +++ b/components/engine/docs/sources/commandline/cli.rst @@ -37,6 +37,7 @@ To list available commands, either run ``docker`` with no parameters or execute -icc=true: Enable inter-container communication -ip="0.0.0.0": Default IP address to use when binding container ports -iptables=true: Disable docker's addition of iptables rules + -mtu=1500: Set the containers network mtu -p="/var/run/docker.pid": Path to use for daemon PID file -r=true: Restart previously running containers -s="": Force the docker runtime to use a specific storage driver diff --git a/components/engine/integration/utils_test.go b/components/engine/integration/utils_test.go index 8ee1a0af08..85ba13d698 100644 --- a/components/engine/integration/utils_test.go +++ b/components/engine/integration/utils_test.go @@ -32,6 +32,7 @@ func mkRuntime(f utils.Fataler) *docker.Runtime { config := &docker.DaemonConfig{ Root: root, AutoRestart: false, + Mtu: docker.DefaultNetworkMtu, } r, err := docker.NewRuntimeFromDirectory(config) if err != nil { diff --git a/components/engine/network.go b/components/engine/network.go index 09db965bb0..cccb7c52e1 100644 --- a/components/engine/network.go +++ b/components/engine/network.go @@ -19,6 +19,7 @@ import ( const ( DefaultNetworkBridge = "docker0" DisableNetworkBridge = "none" + DefaultNetworkMtu = 1500 portRangeStart = 49153 portRangeEnd = 65535 siocBRADDBR = 0x89a0 @@ -118,7 +119,6 @@ func CreateBridgeIface(config *DaemonConfig) error { "192.168.44.1/24", } - nameservers := []string{} resolvConf, _ := utils.GetResolvConf() // we don't check for an error here, because we don't really care From 70588a976264ebba63c0d9dd10ec2d9494d71bc4 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Fri, 20 Dec 2013 13:34:05 -0500 Subject: [PATCH 067/126] Only parse upto the mountpoint in mountinfo Upstream-commit: 8051b6c1a1f9c381d42f5c776020658700c63c57 Component: engine --- components/engine/mount/mountinfo.go | 33 +- components/engine/mount/mountinfo_test.go | 445 ++++++++++++++++++++++ 2 files changed, 467 insertions(+), 11 deletions(-) create mode 100644 components/engine/mount/mountinfo_test.go diff --git a/components/engine/mount/mountinfo.go b/components/engine/mount/mountinfo.go index 397e792259..f4fd24b633 100644 --- a/components/engine/mount/mountinfo.go +++ b/components/engine/mount/mountinfo.go @@ -3,18 +3,20 @@ package mount import ( "bufio" "fmt" + "io" "os" ) const ( - mountinfoFormat = "%d %d %d:%d %s %s %s - %s %s %s" + // We only parse upto the mountinfo because that is all we + // care about right now + mountinfoFormat = "%d %d %d:%d %s %s %s" ) // Represents one line from /proc/self/mountinfo type procEntry struct { - id, parent, major, minor int - source, mountpoint, fstype, device string - vfsopts, opts string + id, parent, major, minor int + source, mountpoint, opts string } // Parse /proc/self/mountinfo because comparing Dev and ino does not work from bind mounts @@ -25,19 +27,28 @@ func parseMountTable() ([]*procEntry, error) { } defer f.Close() - s := bufio.NewScanner(f) - out := []*procEntry{} + return parseInfoFile(f) +} + +func parseInfoFile(r io.Reader) ([]*procEntry, error) { + var ( + s = bufio.NewScanner(r) + out = []*procEntry{} + ) + for s.Scan() { if err := s.Err(); err != nil { return nil, err } - p := &procEntry{} - if _, err := fmt.Sscanf(s.Text(), mountinfoFormat, + var ( + p = &procEntry{} + text = s.Text() + ) + if _, err := fmt.Sscanf(text, mountinfoFormat, &p.id, &p.parent, &p.major, &p.minor, - &p.source, &p.mountpoint, &p.vfsopts, &p.fstype, - &p.device, &p.opts); err != nil { - return nil, err + &p.source, &p.mountpoint, &p.opts); err != nil { + return nil, fmt.Errorf("Scanning '%s' failed: %s", text, err) } out = append(out, p) } diff --git a/components/engine/mount/mountinfo_test.go b/components/engine/mount/mountinfo_test.go new file mode 100644 index 0000000000..f2e3daa8b3 --- /dev/null +++ b/components/engine/mount/mountinfo_test.go @@ -0,0 +1,445 @@ +package mount + +import ( + "bytes" + "testing" +) + +const ( + fedoraMountinfo = `15 35 0:3 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw + 16 35 0:14 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel + 17 35 0:5 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=8056484k,nr_inodes=2014121,mode=755 + 18 16 0:15 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw + 19 16 0:13 / /sys/fs/selinux rw,relatime shared:8 - selinuxfs selinuxfs rw + 20 17 0:16 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel + 21 17 0:10 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000 + 22 35 0:17 / /run rw,nosuid,nodev shared:21 - tmpfs tmpfs rw,seclabel,mode=755 + 23 16 0:18 / /sys/fs/cgroup rw,nosuid,nodev,noexec shared:9 - tmpfs tmpfs rw,seclabel,mode=755 + 24 23 0:19 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd + 25 16 0:20 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:20 - pstore pstore rw + 26 23 0:21 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,cpuset,clone_children + 27 23 0:22 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,cpuacct,cpu,clone_children + 28 23 0:23 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,memory,clone_children + 29 23 0:24 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,devices,clone_children + 30 23 0:25 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,freezer,clone_children + 31 23 0:26 / /sys/fs/cgroup/net_cls rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,net_cls,clone_children + 32 23 0:27 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,blkio,clone_children + 33 23 0:28 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,perf_event,clone_children + 34 23 0:29 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:19 - cgroup cgroup rw,hugetlb,clone_children + 35 1 253:2 / / rw,relatime shared:1 - ext4 /dev/mapper/ssd-root--f20 rw,seclabel,data=ordered + 36 15 0:30 / /proc/sys/fs/binfmt_misc rw,relatime shared:22 - autofs systemd-1 rw,fd=38,pgrp=1,timeout=300,minproto=5,maxproto=5,direct + 37 17 0:12 / /dev/mqueue rw,relatime shared:23 - mqueue mqueue rw,seclabel + 38 35 0:31 / /tmp rw shared:24 - tmpfs tmpfs rw,seclabel + 39 17 0:32 / /dev/hugepages rw,relatime shared:25 - hugetlbfs hugetlbfs rw,seclabel + 40 16 0:7 / /sys/kernel/debug rw,relatime shared:26 - debugfs debugfs rw + 41 16 0:33 / /sys/kernel/config rw,relatime shared:27 - configfs configfs rw + 42 35 0:34 / /var/lib/nfs/rpc_pipefs rw,relatime shared:28 - rpc_pipefs sunrpc rw + 43 15 0:35 / /proc/fs/nfsd rw,relatime shared:29 - nfsd sunrpc rw + 45 35 8:17 / /boot rw,relatime shared:30 - ext4 /dev/sdb1 rw,seclabel,data=ordered + 46 35 253:4 / /home rw,relatime shared:31 - ext4 /dev/mapper/ssd-home rw,seclabel,data=ordered + 47 35 253:5 / /var/lib/libvirt/images rw,noatime,nodiratime shared:32 - ext4 /dev/mapper/ssd-virt rw,seclabel,discard,data=ordered + 48 35 253:12 / /mnt/old rw,relatime shared:33 - ext4 /dev/mapper/HelpDeskRHEL6-FedoraRoot rw,seclabel,data=ordered + 121 22 0:36 / /run/user/1000/gvfs rw,nosuid,nodev,relatime shared:104 - fuse.gvfsd-fuse gvfsd-fuse rw,user_id=1000,group_id=1000 + 124 16 0:37 / /sys/fs/fuse/connections rw,relatime shared:107 - fusectl fusectl rw + 165 38 253:3 / /tmp/mnt rw,relatime shared:147 - ext4 /dev/mapper/ssd-root rw,seclabel,data=ordered + 167 35 253:15 / /var/lib/docker/devicemapper/mnt/aae4076022f0e2b80a2afbf8fc6df450c52080191fcef7fb679a73e6f073e5c2 rw,relatime shared:149 - ext4 /dev/mapper/docker-253:2-425882-aae4076022f0e2b80a2afbf8fc6df450c52080191fcef7fb679a73e6f073e5c2 rw,seclabel,discard,stripe=16,data=ordered + 171 35 253:16 / /var/lib/docker/devicemapper/mnt/c71be651f114db95180e472f7871b74fa597ee70a58ccc35cb87139ddea15373 rw,relatime shared:153 - ext4 /dev/mapper/docker-253:2-425882-c71be651f114db95180e472f7871b74fa597ee70a58ccc35cb87139ddea15373 rw,seclabel,discard,stripe=16,data=ordered + 175 35 253:17 / /var/lib/docker/devicemapper/mnt/1bac6ab72862d2d5626560df6197cf12036b82e258c53d981fa29adce6f06c3c rw,relatime shared:157 - ext4 /dev/mapper/docker-253:2-425882-1bac6ab72862d2d5626560df6197cf12036b82e258c53d981fa29adce6f06c3c rw,seclabel,discard,stripe=16,data=ordered + 179 35 253:18 / /var/lib/docker/devicemapper/mnt/d710a357d77158e80d5b2c55710ae07c94e76d34d21ee7bae65ce5418f739b09 rw,relatime shared:161 - ext4 /dev/mapper/docker-253:2-425882-d710a357d77158e80d5b2c55710ae07c94e76d34d21ee7bae65ce5418f739b09 rw,seclabel,discard,stripe=16,data=ordered + 183 35 253:19 / /var/lib/docker/devicemapper/mnt/6479f52366114d5f518db6837254baab48fab39f2ac38d5099250e9a6ceae6c7 rw,relatime shared:165 - ext4 /dev/mapper/docker-253:2-425882-6479f52366114d5f518db6837254baab48fab39f2ac38d5099250e9a6ceae6c7 rw,seclabel,discard,stripe=16,data=ordered + 187 35 253:20 / /var/lib/docker/devicemapper/mnt/8d9df91c4cca5aef49eeb2725292aab324646f723a7feab56be34c2ad08268e1 rw,relatime shared:169 - ext4 /dev/mapper/docker-253:2-425882-8d9df91c4cca5aef49eeb2725292aab324646f723a7feab56be34c2ad08268e1 rw,seclabel,discard,stripe=16,data=ordered + 191 35 253:21 / /var/lib/docker/devicemapper/mnt/c8240b768603d32e920d365dc9d1dc2a6af46cd23e7ae819947f969e1b4ec661 rw,relatime shared:173 - ext4 /dev/mapper/docker-253:2-425882-c8240b768603d32e920d365dc9d1dc2a6af46cd23e7ae819947f969e1b4ec661 rw,seclabel,discard,stripe=16,data=ordered + 195 35 253:22 / /var/lib/docker/devicemapper/mnt/2eb3a01278380bbf3ed12d86ac629eaa70a4351301ee307a5cabe7b5f3b1615f rw,relatime shared:177 - ext4 /dev/mapper/docker-253:2-425882-2eb3a01278380bbf3ed12d86ac629eaa70a4351301ee307a5cabe7b5f3b1615f rw,seclabel,discard,stripe=16,data=ordered + 199 35 253:23 / /var/lib/docker/devicemapper/mnt/37a17fb7c9d9b80821235d5f2662879bd3483915f245f9b49cdaa0e38779b70b rw,relatime shared:181 - ext4 /dev/mapper/docker-253:2-425882-37a17fb7c9d9b80821235d5f2662879bd3483915f245f9b49cdaa0e38779b70b rw,seclabel,discard,stripe=16,data=ordered + 203 35 253:24 / /var/lib/docker/devicemapper/mnt/aea459ae930bf1de913e2f29428fd80ee678a1e962d4080019d9f9774331ee2b rw,relatime shared:185 - ext4 /dev/mapper/docker-253:2-425882-aea459ae930bf1de913e2f29428fd80ee678a1e962d4080019d9f9774331ee2b rw,seclabel,discard,stripe=16,data=ordered + 207 35 253:25 / /var/lib/docker/devicemapper/mnt/928ead0bc06c454bd9f269e8585aeae0a6bd697f46dc8754c2a91309bc810882 rw,relatime shared:189 - ext4 /dev/mapper/docker-253:2-425882-928ead0bc06c454bd9f269e8585aeae0a6bd697f46dc8754c2a91309bc810882 rw,seclabel,discard,stripe=16,data=ordered + 211 35 253:26 / /var/lib/docker/devicemapper/mnt/0f284d18481d671644706e7a7244cbcf63d590d634cc882cb8721821929d0420 rw,relatime shared:193 - ext4 /dev/mapper/docker-253:2-425882-0f284d18481d671644706e7a7244cbcf63d590d634cc882cb8721821929d0420 rw,seclabel,discard,stripe=16,data=ordered + 215 35 253:27 / /var/lib/docker/devicemapper/mnt/d9dd16722ab34c38db2733e23f69e8f4803ce59658250dd63e98adff95d04919 rw,relatime shared:197 - ext4 /dev/mapper/docker-253:2-425882-d9dd16722ab34c38db2733e23f69e8f4803ce59658250dd63e98adff95d04919 rw,seclabel,discard,stripe=16,data=ordered + 219 35 253:28 / /var/lib/docker/devicemapper/mnt/bc4500479f18c2c08c21ad5282e5f826a016a386177d9874c2764751c031d634 rw,relatime shared:201 - ext4 /dev/mapper/docker-253:2-425882-bc4500479f18c2c08c21ad5282e5f826a016a386177d9874c2764751c031d634 rw,seclabel,discard,stripe=16,data=ordered + 223 35 253:29 / /var/lib/docker/devicemapper/mnt/7770c8b24eb3d5cc159a065910076938910d307ab2f5d94e1dc3b24c06ee2c8a rw,relatime shared:205 - ext4 /dev/mapper/docker-253:2-425882-7770c8b24eb3d5cc159a065910076938910d307ab2f5d94e1dc3b24c06ee2c8a rw,seclabel,discard,stripe=16,data=ordered + 227 35 253:30 / /var/lib/docker/devicemapper/mnt/c280cd3d0bf0aa36b478b292279671624cceafc1a67eaa920fa1082601297adf rw,relatime shared:209 - ext4 /dev/mapper/docker-253:2-425882-c280cd3d0bf0aa36b478b292279671624cceafc1a67eaa920fa1082601297adf rw,seclabel,discard,stripe=16,data=ordered + 231 35 253:31 / /var/lib/docker/devicemapper/mnt/8b59a7d9340279f09fea67fd6ad89ddef711e9e7050eb647984f8b5ef006335f rw,relatime shared:213 - ext4 /dev/mapper/docker-253:2-425882-8b59a7d9340279f09fea67fd6ad89ddef711e9e7050eb647984f8b5ef006335f rw,seclabel,discard,stripe=16,data=ordered + 235 35 253:32 / /var/lib/docker/devicemapper/mnt/1a28059f29eda821578b1bb27a60cc71f76f846a551abefabce6efd0146dce9f rw,relatime shared:217 - ext4 /dev/mapper/docker-253:2-425882-1a28059f29eda821578b1bb27a60cc71f76f846a551abefabce6efd0146dce9f rw,seclabel,discard,stripe=16,data=ordered + 239 35 253:33 / /var/lib/docker/devicemapper/mnt/e9aa60c60128cad1 rw,relatime shared:221 - ext4 /dev/mapper/docker-253:2-425882-e9aa60c60128cad1 rw,seclabel,discard,stripe=16,data=ordered + 243 35 253:34 / /var/lib/docker/devicemapper/mnt/5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d-init rw,relatime shared:225 - ext4 /dev/mapper/docker-253:2-425882-5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d-init rw,seclabel,discard,stripe=16,data=ordered + 247 35 253:35 / /var/lib/docker/devicemapper/mnt/5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d rw,relatime shared:229 - ext4 /dev/mapper/docker-253:2-425882-5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d rw,seclabel,discard,stripe=16,data=ordered` + + ubuntuMountInfo = `15 20 0:14 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw +16 20 0:3 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw +17 20 0:5 / /dev rw,relatime - devtmpfs udev rw,size=1015140k,nr_inodes=253785,mode=755 +18 17 0:11 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=000 +19 20 0:15 / /run rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=205044k,mode=755 +20 1 253:0 / / rw,relatime - ext4 /dev/disk/by-label/DOROOT rw,errors=remount-ro,data=ordered +21 15 0:16 / /sys/fs/cgroup rw,relatime - tmpfs none rw,size=4k,mode=755 +22 15 0:17 / /sys/fs/fuse/connections rw,relatime - fusectl none rw +23 15 0:6 / /sys/kernel/debug rw,relatime - debugfs none rw +24 15 0:10 / /sys/kernel/security rw,relatime - securityfs none rw +25 19 0:18 / /run/lock rw,nosuid,nodev,noexec,relatime - tmpfs none rw,size=5120k +26 21 0:19 / /sys/fs/cgroup/cpuset rw,relatime - cgroup cgroup rw,cpuset,clone_children +27 19 0:20 / /run/shm rw,nosuid,nodev,relatime - tmpfs none rw +28 21 0:21 / /sys/fs/cgroup/cpu rw,relatime - cgroup cgroup rw,cpu +29 19 0:22 / /run/user rw,nosuid,nodev,noexec,relatime - tmpfs none rw,size=102400k,mode=755 +30 15 0:23 / /sys/fs/pstore rw,relatime - pstore none rw +31 21 0:24 / /sys/fs/cgroup/cpuacct rw,relatime - cgroup cgroup rw,cpuacct +32 21 0:25 / /sys/fs/cgroup/memory rw,relatime - cgroup cgroup rw,memory +33 21 0:26 / /sys/fs/cgroup/devices rw,relatime - cgroup cgroup rw,devices +34 21 0:27 / /sys/fs/cgroup/freezer rw,relatime - cgroup cgroup rw,freezer +35 21 0:28 / /sys/fs/cgroup/blkio rw,relatime - cgroup cgroup rw,blkio +36 21 0:29 / /sys/fs/cgroup/perf_event rw,relatime - cgroup cgroup rw,perf_event +37 21 0:30 / /sys/fs/cgroup/hugetlb rw,relatime - cgroup cgroup rw,hugetlb +38 21 0:31 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime - cgroup systemd rw,name=systemd +39 20 0:32 / /var/lib/docker/aufs/mnt/b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc rw,relatime - aufs none rw,si=caafa54fdc06525 +40 20 0:33 / /var/lib/docker/aufs/mnt/2eed44ac7ce7c75af04f088ed6cb4ce9d164801e91d78c6db65d7ef6d572bba8-init rw,relatime - aufs none rw,si=caafa54f882b525 +41 20 0:34 / /var/lib/docker/aufs/mnt/2eed44ac7ce7c75af04f088ed6cb4ce9d164801e91d78c6db65d7ef6d572bba8 rw,relatime - aufs none rw,si=caafa54f8829525 +42 20 0:35 / /var/lib/docker/aufs/mnt/16f4d7e96dd612903f425bfe856762f291ff2e36a8ecd55a2209b7d7cd81c30b rw,relatime - aufs none rw,si=caafa54f882d525 +43 20 0:36 / /var/lib/docker/aufs/mnt/63ca08b75d7438a9469a5954e003f48ffede73541f6286ce1cb4d7dd4811da7e-init rw,relatime - aufs none rw,si=caafa54f882f525 +44 20 0:37 / /var/lib/docker/aufs/mnt/63ca08b75d7438a9469a5954e003f48ffede73541f6286ce1cb4d7dd4811da7e rw,relatime - aufs none rw,si=caafa54f88ba525 +45 20 0:38 / /var/lib/docker/aufs/mnt/283f35a910233c756409313be71ecd8fcfef0df57108b8d740b61b3e88860452 rw,relatime - aufs none rw,si=caafa54f88b8525 +46 20 0:39 / /var/lib/docker/aufs/mnt/2c6c7253d4090faa3886871fb21bd660609daeb0206588c0602007f7d0f254b1-init rw,relatime - aufs none rw,si=caafa54f88be525 +47 20 0:40 / /var/lib/docker/aufs/mnt/2c6c7253d4090faa3886871fb21bd660609daeb0206588c0602007f7d0f254b1 rw,relatime - aufs none rw,si=caafa54f882c525 +48 20 0:41 / /var/lib/docker/aufs/mnt/de2b538c97d6366cc80e8658547c923ea1d042f85580df379846f36a4df7049d rw,relatime - aufs none rw,si=caafa54f85bb525 +49 20 0:42 / /var/lib/docker/aufs/mnt/94a3d8ed7c27e5b0aa71eba46c736bfb2742afda038e74f2dd6035fb28415b49-init rw,relatime - aufs none rw,si=caafa54fdc00525 +50 20 0:43 / /var/lib/docker/aufs/mnt/94a3d8ed7c27e5b0aa71eba46c736bfb2742afda038e74f2dd6035fb28415b49 rw,relatime - aufs none rw,si=caafa54fbaec525 +51 20 0:44 / /var/lib/docker/aufs/mnt/6ac1cace985c9fc9bea32234de8b36dba49bdd5e29a2972b327ff939d78a6274 rw,relatime - aufs none rw,si=caafa54f8e1a525 +52 20 0:45 / /var/lib/docker/aufs/mnt/dff147033e3a0ef061e1de1ad34256b523d4a8c1fa6bba71a0ab538e8628ff0b-init rw,relatime - aufs none rw,si=caafa54f8e1d525 +53 20 0:46 / /var/lib/docker/aufs/mnt/dff147033e3a0ef061e1de1ad34256b523d4a8c1fa6bba71a0ab538e8628ff0b rw,relatime - aufs none rw,si=caafa54f8e1b525 +54 20 0:47 / /var/lib/docker/aufs/mnt/cabb117d997f0f93519185aea58389a9762770b7496ed0b74a3e4a083fa45902 rw,relatime - aufs none rw,si=caafa54f810a525 +55 20 0:48 / /var/lib/docker/aufs/mnt/e1c8a94ffaa9d532bbbdc6ef771ce8a6c2c06757806ecaf8b68e9108fec65f33-init rw,relatime - aufs none rw,si=caafa54f8529525 +56 20 0:49 / /var/lib/docker/aufs/mnt/e1c8a94ffaa9d532bbbdc6ef771ce8a6c2c06757806ecaf8b68e9108fec65f33 rw,relatime - aufs none rw,si=caafa54f852f525 +57 20 0:50 / /var/lib/docker/aufs/mnt/16a1526fa445b84ce84f89506d219e87fa488a814063baf045d88b02f21166b3 rw,relatime - aufs none rw,si=caafa54f9e1d525 +58 20 0:51 / /var/lib/docker/aufs/mnt/57b9c92e1e368fa7dbe5079f7462e917777829caae732828b003c355fe49da9f-init rw,relatime - aufs none rw,si=caafa54f854d525 +59 20 0:52 / /var/lib/docker/aufs/mnt/57b9c92e1e368fa7dbe5079f7462e917777829caae732828b003c355fe49da9f rw,relatime - aufs none rw,si=caafa54f854e525 +60 20 0:53 / /var/lib/docker/aufs/mnt/e370c3e286bea027917baa0e4d251262681a472a87056e880dfd0513516dffd9 rw,relatime - aufs none rw,si=caafa54f840a525 +61 20 0:54 / /var/lib/docker/aufs/mnt/6b00d3b4f32b41997ec07412b5e18204f82fbe643e7122251cdeb3582abd424e-init rw,relatime - aufs none rw,si=caafa54f8408525 +62 20 0:55 / /var/lib/docker/aufs/mnt/6b00d3b4f32b41997ec07412b5e18204f82fbe643e7122251cdeb3582abd424e rw,relatime - aufs none rw,si=caafa54f8409525 +63 20 0:56 / /var/lib/docker/aufs/mnt/abd0b5ea5d355a67f911475e271924a5388ee60c27185fcd60d095afc4a09dc7 rw,relatime - aufs none rw,si=caafa54f9eb1525 +64 20 0:57 / /var/lib/docker/aufs/mnt/336222effc3f7b89867bb39ff7792ae5412c35c749f127c29159d046b6feedd2-init rw,relatime - aufs none rw,si=caafa54f85bf525 +65 20 0:58 / /var/lib/docker/aufs/mnt/336222effc3f7b89867bb39ff7792ae5412c35c749f127c29159d046b6feedd2 rw,relatime - aufs none rw,si=caafa54f85b8525 +66 20 0:59 / /var/lib/docker/aufs/mnt/912e1bf28b80a09644503924a8a1a4fb8ed10b808ca847bda27a369919aa52fa rw,relatime - aufs none rw,si=caafa54fbaea525 +67 20 0:60 / /var/lib/docker/aufs/mnt/386f722875013b4a875118367abc783fc6617a3cb7cf08b2b4dcf550b4b9c576-init rw,relatime - aufs none rw,si=caafa54f8472525 +68 20 0:61 / /var/lib/docker/aufs/mnt/386f722875013b4a875118367abc783fc6617a3cb7cf08b2b4dcf550b4b9c576 rw,relatime - aufs none rw,si=caafa54f8474525 +69 20 0:62 / /var/lib/docker/aufs/mnt/5aaebb79ef3097dfca377889aeb61a0c9d5e3795117d2b08d0751473c671dfb2 rw,relatime - aufs none rw,si=caafa54f8c5e525 +70 20 0:63 / /var/lib/docker/aufs/mnt/5ba3e493279d01277d583600b81c7c079e691b73c3a2bdea8e4b12a35a418be2-init rw,relatime - aufs none rw,si=caafa54f8c3b525 +71 20 0:64 / /var/lib/docker/aufs/mnt/5ba3e493279d01277d583600b81c7c079e691b73c3a2bdea8e4b12a35a418be2 rw,relatime - aufs none rw,si=caafa54f8c3d525 +72 20 0:65 / /var/lib/docker/aufs/mnt/2777f0763da4de93f8bebbe1595cc77f739806a158657b033eca06f827b6028a rw,relatime - aufs none rw,si=caafa54f8c3e525 +73 20 0:66 / /var/lib/docker/aufs/mnt/5d7445562acf73c6f0ae34c3dd0921d7457de1ba92a587d9e06a44fa209eeb3e-init rw,relatime - aufs none rw,si=caafa54f8c39525 +74 20 0:67 / /var/lib/docker/aufs/mnt/5d7445562acf73c6f0ae34c3dd0921d7457de1ba92a587d9e06a44fa209eeb3e rw,relatime - aufs none rw,si=caafa54f854f525 +75 20 0:68 / /var/lib/docker/aufs/mnt/06400b526ec18b66639c96efc41a84f4ae0b117cb28dafd56be420651b4084a0 rw,relatime - aufs none rw,si=caafa54f840b525 +76 20 0:69 / /var/lib/docker/aufs/mnt/e051d45ec42d8e3e1cc57bb39871a40de486dc123522e9c067fbf2ca6a357785-init rw,relatime - aufs none rw,si=caafa54fdddf525 +77 20 0:70 / /var/lib/docker/aufs/mnt/e051d45ec42d8e3e1cc57bb39871a40de486dc123522e9c067fbf2ca6a357785 rw,relatime - aufs none rw,si=caafa54f854b525 +78 20 0:71 / /var/lib/docker/aufs/mnt/1ff414fa93fd61ec81b0ab7b365a841ff6545accae03cceac702833aaeaf718f rw,relatime - aufs none rw,si=caafa54f8d85525 +79 20 0:72 / /var/lib/docker/aufs/mnt/c661b2f871dd5360e46a2aebf8f970f6d39a2ff64e06979aa0361227c88128b8-init rw,relatime - aufs none rw,si=caafa54f8da3525 +80 20 0:73 / /var/lib/docker/aufs/mnt/c661b2f871dd5360e46a2aebf8f970f6d39a2ff64e06979aa0361227c88128b8 rw,relatime - aufs none rw,si=caafa54f8da2525 +81 20 0:74 / /var/lib/docker/aufs/mnt/b68b1d4fe4d30016c552398e78b379a39f651661d8e1fa5f2460c24a5e723420 rw,relatime - aufs none rw,si=caafa54f8d81525 +82 20 0:75 / /var/lib/docker/aufs/mnt/c5c5979c936cd0153a4c626fa9d69ce4fce7d924cc74fa68b025d2f585031739-init rw,relatime - aufs none rw,si=caafa54f8da1525 +83 20 0:76 / /var/lib/docker/aufs/mnt/c5c5979c936cd0153a4c626fa9d69ce4fce7d924cc74fa68b025d2f585031739 rw,relatime - aufs none rw,si=caafa54f8da0525 +84 20 0:77 / /var/lib/docker/aufs/mnt/53e10b0329afc0e0d3322d31efaed4064139dc7027fe6ae445cffd7104bcc94f rw,relatime - aufs none rw,si=caafa54f8c35525 +85 20 0:78 / /var/lib/docker/aufs/mnt/3bfafd09ff2603e2165efacc2215c1f51afabba6c42d04a68cc2df0e8cc31494-init rw,relatime - aufs none rw,si=caafa54f8db8525 +86 20 0:79 / /var/lib/docker/aufs/mnt/3bfafd09ff2603e2165efacc2215c1f51afabba6c42d04a68cc2df0e8cc31494 rw,relatime - aufs none rw,si=caafa54f8dba525 +87 20 0:80 / /var/lib/docker/aufs/mnt/90fdd2c03eeaf65311f88f4200e18aef6d2772482712d9aea01cd793c64781b5 rw,relatime - aufs none rw,si=caafa54f8315525 +88 20 0:81 / /var/lib/docker/aufs/mnt/7bdf2591c06c154ceb23f5e74b1d03b18fbf6fe96e35fbf539b82d446922442f-init rw,relatime - aufs none rw,si=caafa54f8fc6525 +89 20 0:82 / /var/lib/docker/aufs/mnt/7bdf2591c06c154ceb23f5e74b1d03b18fbf6fe96e35fbf539b82d446922442f rw,relatime - aufs none rw,si=caafa54f8468525 +90 20 0:83 / /var/lib/docker/aufs/mnt/8cf9a993f50f3305abad3da268c0fc44ff78a1e7bba595ef9de963497496c3f9 rw,relatime - aufs none rw,si=caafa54f8c59525 +91 20 0:84 / /var/lib/docker/aufs/mnt/ecc896fd74b21840a8d35e8316b92a08b1b9c83d722a12acff847e9f0ff17173-init rw,relatime - aufs none rw,si=caafa54f846a525 +92 20 0:85 / /var/lib/docker/aufs/mnt/ecc896fd74b21840a8d35e8316b92a08b1b9c83d722a12acff847e9f0ff17173 rw,relatime - aufs none rw,si=caafa54f846b525 +93 20 0:86 / /var/lib/docker/aufs/mnt/d8c8288ec920439a48b5796bab5883ee47a019240da65e8d8f33400c31bac5df rw,relatime - aufs none rw,si=caafa54f8dbf525 +94 20 0:87 / /var/lib/docker/aufs/mnt/ecba66710bcd03199b9398e46c005cd6b68d0266ec81dc8b722a29cc417997c6-init rw,relatime - aufs none rw,si=caafa54f810f525 +95 20 0:88 / /var/lib/docker/aufs/mnt/ecba66710bcd03199b9398e46c005cd6b68d0266ec81dc8b722a29cc417997c6 rw,relatime - aufs none rw,si=caafa54fbae9525 +96 20 0:89 / /var/lib/docker/aufs/mnt/befc1c67600df449dddbe796c0d06da7caff1d2bbff64cde1f0ba82d224996b5 rw,relatime - aufs none rw,si=caafa54f8dab525 +97 20 0:90 / /var/lib/docker/aufs/mnt/c9f470e73d2742629cdc4084a1b2c1a8302914f2aa0d0ec4542371df9a050562-init rw,relatime - aufs none rw,si=caafa54fdc02525 +98 20 0:91 / /var/lib/docker/aufs/mnt/c9f470e73d2742629cdc4084a1b2c1a8302914f2aa0d0ec4542371df9a050562 rw,relatime - aufs none rw,si=caafa54f9eb0525 +99 20 0:92 / /var/lib/docker/aufs/mnt/2a31f10029f04ff9d4381167a9b739609853d7220d55a56cb654779a700ee246 rw,relatime - aufs none rw,si=caafa54f8c37525 +100 20 0:93 / /var/lib/docker/aufs/mnt/8c4261b8e3e4b21ebba60389bd64b6261217e7e6b9fd09e201d5a7f6760f6927-init rw,relatime - aufs none rw,si=caafa54fd173525 +101 20 0:94 / /var/lib/docker/aufs/mnt/8c4261b8e3e4b21ebba60389bd64b6261217e7e6b9fd09e201d5a7f6760f6927 rw,relatime - aufs none rw,si=caafa54f8108525 +102 20 0:95 / /var/lib/docker/aufs/mnt/eaa0f57403a3dc685268f91df3fbcd7a8423cee50e1a9ee5c3e1688d9d676bb4 rw,relatime - aufs none rw,si=caafa54f852d525 +103 20 0:96 / /var/lib/docker/aufs/mnt/9cfe69a2cbffd9bfc7f396d4754f6fe5cc457ef417b277797be3762dfe955a6b-init rw,relatime - aufs none rw,si=caafa54f8d80525 +104 20 0:97 / /var/lib/docker/aufs/mnt/9cfe69a2cbffd9bfc7f396d4754f6fe5cc457ef417b277797be3762dfe955a6b rw,relatime - aufs none rw,si=caafa54f8fc3525 +105 20 0:98 / /var/lib/docker/aufs/mnt/d1b322ae17613c6adee84e709641a9244ac56675244a89a64dc0075075fcbb83 rw,relatime - aufs none rw,si=caafa54f8c58525 +106 20 0:99 / /var/lib/docker/aufs/mnt/d46c2a8e9da7e91ab34fd9c192851c246a4e770a46720bda09e55c7554b9dbbd-init rw,relatime - aufs none rw,si=caafa54f8c63525 +107 20 0:100 / /var/lib/docker/aufs/mnt/d46c2a8e9da7e91ab34fd9c192851c246a4e770a46720bda09e55c7554b9dbbd rw,relatime - aufs none rw,si=caafa54f8c67525 +108 20 0:101 / /var/lib/docker/aufs/mnt/bc9d2a264158f83a617a069bf17cbbf2a2ba453db7d3951d9dc63cc1558b1c2b rw,relatime - aufs none rw,si=caafa54f8dbe525 +109 20 0:102 / /var/lib/docker/aufs/mnt/9e6abb8d72bbeb4d5cf24b96018528015ba830ce42b4859965bd482cbd034e99-init rw,relatime - aufs none rw,si=caafa54f9e0d525 +110 20 0:103 / /var/lib/docker/aufs/mnt/9e6abb8d72bbeb4d5cf24b96018528015ba830ce42b4859965bd482cbd034e99 rw,relatime - aufs none rw,si=caafa54f9e1b525 +111 20 0:104 / /var/lib/docker/aufs/mnt/d4dca7b02569c732e740071e1c654d4ad282de5c41edb619af1f0aafa618be26 rw,relatime - aufs none rw,si=caafa54f8dae525 +112 20 0:105 / /var/lib/docker/aufs/mnt/fea63da40fa1c5ffbad430dde0bc64a8fc2edab09a051fff55b673c40a08f6b7-init rw,relatime - aufs none rw,si=caafa54f8c5c525 +113 20 0:106 / /var/lib/docker/aufs/mnt/fea63da40fa1c5ffbad430dde0bc64a8fc2edab09a051fff55b673c40a08f6b7 rw,relatime - aufs none rw,si=caafa54fd172525 +114 20 0:107 / /var/lib/docker/aufs/mnt/e60c57499c0b198a6734f77f660cdbbd950a5b78aa23f470ca4f0cfcc376abef rw,relatime - aufs none rw,si=caafa54909c4525 +115 20 0:108 / /var/lib/docker/aufs/mnt/099c78e7ccd9c8717471bb1bbfff838c0a9913321ba2f214fbeaf92c678e5b35-init rw,relatime - aufs none rw,si=caafa54909c3525 +116 20 0:109 / /var/lib/docker/aufs/mnt/099c78e7ccd9c8717471bb1bbfff838c0a9913321ba2f214fbeaf92c678e5b35 rw,relatime - aufs none rw,si=caafa54909c7525 +117 20 0:110 / /var/lib/docker/aufs/mnt/2997be666d58b9e71469759bcb8bd9608dad0e533a1a7570a896919ba3388825 rw,relatime - aufs none rw,si=caafa54f8557525 +118 20 0:111 / /var/lib/docker/aufs/mnt/730694eff438ef20569df38dfb38a920969d7ff2170cc9aa7cb32a7ed8147a93-init rw,relatime - aufs none rw,si=caafa54c6e88525 +119 20 0:112 / /var/lib/docker/aufs/mnt/730694eff438ef20569df38dfb38a920969d7ff2170cc9aa7cb32a7ed8147a93 rw,relatime - aufs none rw,si=caafa54c6e8e525 +120 20 0:113 / /var/lib/docker/aufs/mnt/a672a1e2f2f051f6e19ed1dfbe80860a2d774174c49f7c476695f5dd1d5b2f67 rw,relatime - aufs none rw,si=caafa54c6e15525 +121 20 0:114 / /var/lib/docker/aufs/mnt/aba3570e17859f76cf29d282d0d150659c6bd80780fdc52a465ba05245c2a420-init rw,relatime - aufs none rw,si=caafa54f8dad525 +122 20 0:115 / /var/lib/docker/aufs/mnt/aba3570e17859f76cf29d282d0d150659c6bd80780fdc52a465ba05245c2a420 rw,relatime - aufs none rw,si=caafa54f8d84525 +123 20 0:116 / /var/lib/docker/aufs/mnt/2abc86007aca46fb4a817a033e2a05ccacae40b78ea4b03f8ea616b9ada40e2e rw,relatime - aufs none rw,si=caafa54c6e8b525 +124 20 0:117 / /var/lib/docker/aufs/mnt/36352f27f7878e648367a135bd1ec3ed497adcb8ac13577ee892a0bd921d2374-init rw,relatime - aufs none rw,si=caafa54c6e8d525 +125 20 0:118 / /var/lib/docker/aufs/mnt/36352f27f7878e648367a135bd1ec3ed497adcb8ac13577ee892a0bd921d2374 rw,relatime - aufs none rw,si=caafa54f8c34525 +126 20 0:119 / /var/lib/docker/aufs/mnt/2f95ca1a629cea8363b829faa727dd52896d5561f2c96ddee4f697ea2fc872c2 rw,relatime - aufs none rw,si=caafa54c6e8a525 +127 20 0:120 / /var/lib/docker/aufs/mnt/f108c8291654f179ef143a3e07de2b5a34adbc0b28194a0ab17742b6db9a7fb2-init rw,relatime - aufs none rw,si=caafa54f8e19525 +128 20 0:121 / /var/lib/docker/aufs/mnt/f108c8291654f179ef143a3e07de2b5a34adbc0b28194a0ab17742b6db9a7fb2 rw,relatime - aufs none rw,si=caafa54fa8c6525 +129 20 0:122 / /var/lib/docker/aufs/mnt/c1d04dfdf8cccb3676d5a91e84e9b0781ce40623d127d038bcfbe4c761b27401 rw,relatime - aufs none rw,si=caafa54f8c30525 +130 20 0:123 / /var/lib/docker/aufs/mnt/3f4898ffd0e1239aeebf1d1412590cdb7254207fa3883663e2c40cf772e5f05a-init rw,relatime - aufs none rw,si=caafa54c6e1a525 +131 20 0:124 / /var/lib/docker/aufs/mnt/3f4898ffd0e1239aeebf1d1412590cdb7254207fa3883663e2c40cf772e5f05a rw,relatime - aufs none rw,si=caafa54c6e1c525 +132 20 0:125 / /var/lib/docker/aufs/mnt/5ae3b6fccb1539fc02d420e86f3e9637bef5b711fed2ca31a2f426c8f5deddbf rw,relatime - aufs none rw,si=caafa54c4fea525 +133 20 0:126 / /var/lib/docker/aufs/mnt/310bfaf80d57020f2e73b06aeffb0b9b0ca2f54895f88bf5e4d1529ccac58fe0-init rw,relatime - aufs none rw,si=caafa54c6e1e525 +134 20 0:127 / /var/lib/docker/aufs/mnt/310bfaf80d57020f2e73b06aeffb0b9b0ca2f54895f88bf5e4d1529ccac58fe0 rw,relatime - aufs none rw,si=caafa54fa8c0525 +135 20 0:128 / /var/lib/docker/aufs/mnt/f382bd5aaccaf2d04a59089ac7cb12ec87efd769fd0c14d623358fbfd2a3f896 rw,relatime - aufs none rw,si=caafa54c4fec525 +136 20 0:129 / /var/lib/docker/aufs/mnt/50d45e9bb2d779bc6362824085564c7578c231af5ae3b3da116acf7e17d00735-init rw,relatime - aufs none rw,si=caafa54c4fef525 +137 20 0:130 / /var/lib/docker/aufs/mnt/50d45e9bb2d779bc6362824085564c7578c231af5ae3b3da116acf7e17d00735 rw,relatime - aufs none rw,si=caafa54c4feb525 +138 20 0:131 / /var/lib/docker/aufs/mnt/a9c5ee0854dc083b6bf62b7eb1e5291aefbb10702289a446471ce73aba0d5d7d rw,relatime - aufs none rw,si=caafa54909c6525 +139 20 0:134 / /var/lib/docker/aufs/mnt/03a613e7bd5078819d1fd92df4e671c0127559a5e0b5a885cc8d5616875162f0-init rw,relatime - aufs none rw,si=caafa54804fe525 +140 20 0:135 / /var/lib/docker/aufs/mnt/03a613e7bd5078819d1fd92df4e671c0127559a5e0b5a885cc8d5616875162f0 rw,relatime - aufs none rw,si=caafa54804fa525 +141 20 0:136 / /var/lib/docker/aufs/mnt/7ec3277e5c04c907051caf9c9c35889f5fcd6463e5485971b25404566830bb70 rw,relatime - aufs none rw,si=caafa54804f9525 +142 20 0:139 / /var/lib/docker/aufs/mnt/26b5b5d71d79a5b2bfcf8bc4b2280ee829f261eb886745dd90997ed410f7e8b8-init rw,relatime - aufs none rw,si=caafa54c6ef6525 +143 20 0:140 / /var/lib/docker/aufs/mnt/26b5b5d71d79a5b2bfcf8bc4b2280ee829f261eb886745dd90997ed410f7e8b8 rw,relatime - aufs none rw,si=caafa54c6ef5525 +144 20 0:356 / /var/lib/docker/aufs/mnt/e6ecde9e2c18cd3c75f424c67b6d89685cfee0fc67abf2cb6bdc0867eb998026 rw,relatime - aufs none rw,si=caafa548068e525` + + gentooMountinfo = `15 1 8:6 / / rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered +16 15 0:3 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw +17 15 0:14 / /run rw,nosuid,nodev,relatime - tmpfs tmpfs rw,size=3292172k,mode=755 +18 15 0:5 / /dev rw,nosuid,relatime - devtmpfs udev rw,size=10240k,nr_inodes=4106451,mode=755 +19 18 0:12 / /dev/mqueue rw,nosuid,nodev,noexec,relatime - mqueue mqueue rw +20 18 0:10 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=000 +21 18 0:15 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw +22 15 0:16 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw +23 22 0:7 / /sys/kernel/debug rw,nosuid,nodev,noexec,relatime - debugfs debugfs rw +24 22 0:17 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs cgroup_root rw,size=10240k,mode=755 +25 24 0:18 / /sys/fs/cgroup/openrc rw,nosuid,nodev,noexec,relatime - cgroup openrc rw,release_agent=/lib64/rc/sh/cgroup-release-agent.sh,name=openrc +26 24 0:19 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime - cgroup cpuset rw,cpuset,clone_children +27 24 0:20 / /sys/fs/cgroup/cpu rw,nosuid,nodev,noexec,relatime - cgroup cpu rw,cpu,clone_children +28 24 0:21 / /sys/fs/cgroup/cpuacct rw,nosuid,nodev,noexec,relatime - cgroup cpuacct rw,cpuacct,clone_children +29 24 0:22 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime - cgroup memory rw,memory,clone_children +30 24 0:23 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime - cgroup devices rw,devices,clone_children +31 24 0:24 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime - cgroup freezer rw,freezer,clone_children +32 24 0:25 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime - cgroup blkio rw,blkio,clone_children +33 15 8:1 / /boot rw,noatime,nodiratime - vfat /dev/sda1 rw,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro +34 15 8:18 / /mnt/xfs rw,noatime,nodiratime - xfs /dev/sdb2 rw,attr2,inode64,noquota +35 15 0:26 / /tmp rw,relatime - tmpfs tmpfs rw +36 16 0:27 / /proc/sys/fs/binfmt_misc rw,nosuid,nodev,noexec,relatime - binfmt_misc binfmt_misc rw +42 15 0:33 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs rpc_pipefs rw +43 16 0:34 / /proc/fs/nfsd rw,nosuid,nodev,noexec,relatime - nfsd nfsd rw +44 15 0:35 / /home/tianon/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=1000,group_id=1000 +68 15 0:3336 / /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd rw,relatime - aufs none rw,si=9b4a7640128db39c +85 68 8:6 /var/lib/docker/init/dockerinit-0.7.2-dev//deleted /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/.dockerinit rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered +86 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/config.env /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/.dockerenv rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered +87 68 8:6 /etc/resolv.conf /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/resolv.conf rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered +88 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/hostname /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/hostname rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered +89 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/hosts /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/hosts rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered +38 15 0:3384 / /var/lib/docker/aufs/mnt/0292005a9292401bb5197657f2b682d97d8edcb3b72b5e390d2a680139985b55 rw,relatime - aufs none rw,si=9b4a7642b584939c +39 15 0:3385 / /var/lib/docker/aufs/mnt/59db98c889de5f71b70cfb82c40cbe47b64332f0f56042a2987a9e5df6e5e3aa rw,relatime - aufs none rw,si=9b4a7642b584e39c +40 15 0:3386 / /var/lib/docker/aufs/mnt/0545f0f2b6548eb9601d08f35a08f5a0a385407d36027a28f58e06e9f61e0278 rw,relatime - aufs none rw,si=9b4a7642b584b39c +41 15 0:3387 / /var/lib/docker/aufs/mnt/d882cfa16d1aa8fe0331a36e79be3d80b151e49f24fc39a39c3fed1735d5feb5 rw,relatime - aufs none rw,si=9b4a76453040039c +45 15 0:3388 / /var/lib/docker/aufs/mnt/055ca3befcb1626e74f5344b3398724ff05c0de0e20021683d04305c9e70a3f6 rw,relatime - aufs none rw,si=9b4a76453040739c +46 15 0:3389 / /var/lib/docker/aufs/mnt/b899e4567a351745d4285e7f1c18fdece75d877deb3041981cd290be348b7aa6 rw,relatime - aufs none rw,si=9b4a7647def4039c +47 15 0:3390 / /var/lib/docker/aufs/mnt/067ca040292c58954c5129f953219accfae0d40faca26b4d05e76ca76a998f16 rw,relatime - aufs none rw,si=9b4a7647def4239c +48 15 0:3391 / /var/lib/docker/aufs/mnt/8c995e7cb6e5082742daeea720e340b021d288d25d92e0412c03d200df308a11 rw,relatime - aufs none rw,si=9b4a764479c1639c +49 15 0:3392 / /var/lib/docker/aufs/mnt/07cc54dfae5b45300efdacdd53cc72c01b9044956a86ce7bff42d087e426096d rw,relatime - aufs none rw,si=9b4a764479c1739c +50 15 0:3393 / /var/lib/docker/aufs/mnt/0a9c95cf4c589c05b06baa79150b0cc1d8e7102759fe3ce4afaabb8247ca4f85 rw,relatime - aufs none rw,si=9b4a7644059c839c +51 15 0:3394 / /var/lib/docker/aufs/mnt/468fa98cececcf4e226e8370f18f4f848d63faf287fb8321a07f73086441a3a0 rw,relatime - aufs none rw,si=9b4a7644059ca39c +52 15 0:3395 / /var/lib/docker/aufs/mnt/0b826192231c5ce066fffb5beff4397337b5fc19a377aa7c6282c7c0ce7f111f rw,relatime - aufs none rw,si=9b4a764479c1339c +53 15 0:3396 / /var/lib/docker/aufs/mnt/93b8ba1b772fbe79709b909c43ea4b2c30d712e53548f467db1ffdc7a384f196 rw,relatime - aufs none rw,si=9b4a7640798a739c +54 15 0:3397 / /var/lib/docker/aufs/mnt/0c0d0acfb506859b12ef18cdfef9ebed0b43a611482403564224bde9149d373c rw,relatime - aufs none rw,si=9b4a7640798a039c +55 15 0:3398 / /var/lib/docker/aufs/mnt/33648c39ab6c7c74af0243d6d6a81b052e9e25ad1e04b19892eb2dde013e358b rw,relatime - aufs none rw,si=9b4a7644b439b39c +56 15 0:3399 / /var/lib/docker/aufs/mnt/0c12bea97a1c958a3c739fb148536c1c89351d48e885ecda8f0499b5cc44407e rw,relatime - aufs none rw,si=9b4a7640798a239c +57 15 0:3400 / /var/lib/docker/aufs/mnt/ed443988ce125f172d7512e84a4de2627405990fd767a16adefa8ce700c19ce8 rw,relatime - aufs none rw,si=9b4a7644c8ed339c +59 15 0:3402 / /var/lib/docker/aufs/mnt/f61612c324ff3c924d3f7a82fb00a0f8d8f73c248c41897061949e9f5ab7e3b1 rw,relatime - aufs none rw,si=9b4a76442810c39c +60 15 0:3403 / /var/lib/docker/aufs/mnt/0f1ee55c6c4e25027b80de8e64b8b6fb542b3b41aa0caab9261da75752e22bfd rw,relatime - aufs none rw,si=9b4a76442810e39c +61 15 0:3404 / /var/lib/docker/aufs/mnt/956f6cc4af5785cb3ee6963dcbca668219437d9b28f513290b1453ac64a34f97 rw,relatime - aufs none rw,si=9b4a7644303ec39c +62 15 0:3405 / /var/lib/docker/aufs/mnt/1099769158c4b4773e2569e38024e8717e400f87a002c41d8cf47cb81b051ba6 rw,relatime - aufs none rw,si=9b4a7644303ee39c +63 15 0:3406 / /var/lib/docker/aufs/mnt/11890ceb98d4442595b676085cd7b21550ab85c5df841e0fba997ff54e3d522d rw,relatime - aufs none rw,si=9b4a7644303ed39c +64 15 0:3407 / /var/lib/docker/aufs/mnt/acdb90dc378e8ed2420b43a6d291f1c789a081cd1904018780cc038fcd7aae53 rw,relatime - aufs none rw,si=9b4a76434be2139c +65 15 0:3408 / /var/lib/docker/aufs/mnt/120e716f19d4714fbe63cc1ed246204f2c1106eefebc6537ba2587d7e7711959 rw,relatime - aufs none rw,si=9b4a76434be2339c +66 15 0:3409 / /var/lib/docker/aufs/mnt/b197b7fffb61d89e0ba1c40de9a9fc0d912e778b3c1bd828cf981ff37c1963bc rw,relatime - aufs none rw,si=9b4a76434be2039c +70 15 0:3412 / /var/lib/docker/aufs/mnt/1434b69d2e1bb18a9f0b96b9cdac30132b2688f5d1379f68a39a5e120c2f93eb rw,relatime - aufs none rw,si=9b4a76434be2639c +71 15 0:3413 / /var/lib/docker/aufs/mnt/16006e83caf33ab5eb0cd6afc92ea2ee8edeff897496b0bb3ec3a75b767374b3 rw,relatime - aufs none rw,si=9b4a7644d790439c +72 15 0:3414 / /var/lib/docker/aufs/mnt/55bfa5f44e94d27f91f79ba901b118b15098449165c87abf1b53ffff147ff164 rw,relatime - aufs none rw,si=9b4a7644d790239c +73 15 0:3415 / /var/lib/docker/aufs/mnt/1912b97a07ab21ccd98a2a27bc779bf3cf364a3138afa3c3e6f7f169a3c3eab5 rw,relatime - aufs none rw,si=9b4a76441822739c +76 15 0:3418 / /var/lib/docker/aufs/mnt/1a7c3292e8879bd91ffd9282e954f643b1db5683093574c248ff14a9609f2f56 rw,relatime - aufs none rw,si=9b4a76438cb7239c +77 15 0:3419 / /var/lib/docker/aufs/mnt/bb1faaf0d076ddba82c2318305a85f490dafa4e8a8640a8db8ed657c439120cc rw,relatime - aufs none rw,si=9b4a76438cb7339c +78 15 0:3420 / /var/lib/docker/aufs/mnt/1ab869f21d2241a73ac840c7f988490313f909ac642eba71d092204fec66dd7c rw,relatime - aufs none rw,si=9b4a76438cb7639c +79 15 0:3421 / /var/lib/docker/aufs/mnt/fd7245b2cfe3890fa5f5b452260e4edf9e7fb7746532ed9d83f7a0d7dbaa610e rw,relatime - aufs none rw,si=9b4a7644bdc0139c +80 15 0:3422 / /var/lib/docker/aufs/mnt/1e5686c5301f26b9b3cd24e322c608913465cc6c5d0dcd7c5e498d1314747d61 rw,relatime - aufs none rw,si=9b4a7644bdc0639c +81 15 0:3423 / /var/lib/docker/aufs/mnt/52edf6ee6e40bfec1e9301a4d4a92ab83d144e2ae4ce5099e99df6138cb844bf rw,relatime - aufs none rw,si=9b4a7644bdc0239c +82 15 0:3424 / /var/lib/docker/aufs/mnt/1ea10fb7085d28cda4904657dff0454e52598d28e1d77e4f2965bbc3666e808f rw,relatime - aufs none rw,si=9b4a76438cb7139c +83 15 0:3425 / /var/lib/docker/aufs/mnt/9c03e98c3593946dbd4087f8d83f9ca262f4a2efdc952ce60690838b9ba6c526 rw,relatime - aufs none rw,si=9b4a76443020639c +84 15 0:3426 / /var/lib/docker/aufs/mnt/220a2344d67437602c6d2cee9a98c46be13f82c2a8063919dd2fad52bf2fb7dd rw,relatime - aufs none rw,si=9b4a76434bff339c +94 15 0:3427 / /var/lib/docker/aufs/mnt/3b32876c5b200312c50baa476ff342248e88c8ea96e6a1032cd53a88738a1cf2 rw,relatime - aufs none rw,si=9b4a76434bff139c +95 15 0:3428 / /var/lib/docker/aufs/mnt/23ee2b8b0d4ae8db6f6d1e168e2c6f79f8a18f953b09f65e0d22cc1e67a3a6fa rw,relatime - aufs none rw,si=9b4a7646c305c39c +96 15 0:3429 / /var/lib/docker/aufs/mnt/e86e6daa70b61b57945fa178222615f3c3d6bcef12c9f28e9f8623d44dc2d429 rw,relatime - aufs none rw,si=9b4a7646c305f39c +97 15 0:3430 / /var/lib/docker/aufs/mnt/2413d07623e80860bb2e9e306fbdee699afd07525785c025c591231e864aa162 rw,relatime - aufs none rw,si=9b4a76434bff039c +98 15 0:3431 / /var/lib/docker/aufs/mnt/adfd622eb22340fc80b429e5564b125668e260bf9068096c46dd59f1386a4b7d rw,relatime - aufs none rw,si=9b4a7646a7a1039c +102 15 0:3435 / /var/lib/docker/aufs/mnt/27cd92e7a91d02e2d6b44d16679a00fb6d169b19b88822891084e7fd1a84882d rw,relatime - aufs none rw,si=9b4a7646f25ec39c +103 15 0:3436 / /var/lib/docker/aufs/mnt/27dfdaf94cfbf45055c748293c37dd68d9140240bff4c646cb09216015914a88 rw,relatime - aufs none rw,si=9b4a7646732f939c +104 15 0:3437 / /var/lib/docker/aufs/mnt/5ed7524aff68dfbf0fc601cbaeac01bab14391850a973dabf3653282a627920f rw,relatime - aufs none rw,si=9b4a7646732f839c +105 15 0:3438 / /var/lib/docker/aufs/mnt/2a0d4767e536beb5785b60e071e3ac8e5e812613ab143a9627bee77d0c9ab062 rw,relatime - aufs none rw,si=9b4a7646732fe39c +106 15 0:3439 / /var/lib/docker/aufs/mnt/dea3fc045d9f4ae51ba952450b948a822cf85c39411489ca5224f6d9a8d02bad rw,relatime - aufs none rw,si=9b4a764012ad839c +107 15 0:3440 / /var/lib/docker/aufs/mnt/2d140a787160798da60cb67c21b1210054ad4dafecdcf832f015995b9aa99cfd rw,relatime - aufs none rw,si=9b4a764012add39c +108 15 0:3441 / /var/lib/docker/aufs/mnt/cb190b2a8e984475914430fbad2382e0d20b9b659f8ef83ae8d170cc672e519c rw,relatime - aufs none rw,si=9b4a76454d9c239c +109 15 0:3442 / /var/lib/docker/aufs/mnt/2f4a012d5a7ffd90256a6e9aa479054b3dddbc3c6a343f26dafbf3196890223b rw,relatime - aufs none rw,si=9b4a76454d9c439c +110 15 0:3443 / /var/lib/docker/aufs/mnt/63cc77904b80c4ffbf49cb974c5d8733dc52ad7640d3ae87554b325d7312d87f rw,relatime - aufs none rw,si=9b4a76454d9c339c +111 15 0:3444 / /var/lib/docker/aufs/mnt/30333e872c451482ea2d235ff2192e875bd234006b238ae2bdde3b91a86d7522 rw,relatime - aufs none rw,si=9b4a76422cebf39c +112 15 0:3445 / /var/lib/docker/aufs/mnt/6c54fc1125da3925cae65b5c9a98f3be55b0a2c2666082e5094a4ba71beb5bff rw,relatime - aufs none rw,si=9b4a7646dd5a439c +113 15 0:3446 / /var/lib/docker/aufs/mnt/3087d48cb01cda9d0a83a9ca301e6ea40e8593d18c4921be4794c91a420ab9a3 rw,relatime - aufs none rw,si=9b4a7646dd5a739c +114 15 0:3447 / /var/lib/docker/aufs/mnt/cc2607462a8f55b179a749b144c3fdbb50678e1a4f3065ea04e283e9b1f1d8e2 rw,relatime - aufs none rw,si=9b4a7646dd5a239c +117 15 0:3450 / /var/lib/docker/aufs/mnt/310c5e8392b29e8658a22e08d96d63936633b7e2c38e8d220047928b00a03d24 rw,relatime - aufs none rw,si=9b4a7647932d739c +118 15 0:3451 / /var/lib/docker/aufs/mnt/38a1f0029406ba9c3b6058f2f406d8a1d23c855046cf355c91d87d446fcc1460 rw,relatime - aufs none rw,si=9b4a76445abc939c +119 15 0:3452 / /var/lib/docker/aufs/mnt/42e109ab7914ae997a11ccd860fd18e4d488c50c044c3240423ce15774b8b62e rw,relatime - aufs none rw,si=9b4a76445abca39c +120 15 0:3453 / /var/lib/docker/aufs/mnt/365d832af0402d052b389c1e9c0d353b48487533d20cd4351df8e24ec4e4f9d8 rw,relatime - aufs none rw,si=9b4a7644066aa39c +121 15 0:3454 / /var/lib/docker/aufs/mnt/d3fa8a24d695b6cda9b64f96188f701963d28bef0473343f8b212df1a2cf1d2b rw,relatime - aufs none rw,si=9b4a7644066af39c +122 15 0:3455 / /var/lib/docker/aufs/mnt/37d4f491919abc49a15d0c7a7cc8383f087573525d7d288accd14f0b4af9eae0 rw,relatime - aufs none rw,si=9b4a7644066ad39c +123 15 0:3456 / /var/lib/docker/aufs/mnt/93902707fe12cbdd0068ce73f2baad4b3a299189b1b19cb5f8a2025e106ae3f5 rw,relatime - aufs none rw,si=9b4a76444445f39c +126 15 0:3459 / /var/lib/docker/aufs/mnt/3b49291670a625b9bbb329ffba99bf7fa7abff80cefef040f8b89e2b3aad4f9f rw,relatime - aufs none rw,si=9b4a7640798a339c +127 15 0:3460 / /var/lib/docker/aufs/mnt/8d9c7b943cc8f854f4d0d4ec19f7c16c13b0cc4f67a41472a072648610cecb59 rw,relatime - aufs none rw,si=9b4a76427383039c +128 15 0:3461 / /var/lib/docker/aufs/mnt/3b6c90036526c376307df71d49c9f5fce334c01b926faa6a78186842de74beac rw,relatime - aufs none rw,si=9b4a7644badd439c +130 15 0:3463 / /var/lib/docker/aufs/mnt/7b24158eeddfb5d31b7e932e406ea4899fd728344335ff8e0765e89ddeb351dd rw,relatime - aufs none rw,si=9b4a7644badd539c +131 15 0:3464 / /var/lib/docker/aufs/mnt/3ead6dd5773765c74850cf6c769f21fe65c29d622ffa712664f9f5b80364ce27 rw,relatime - aufs none rw,si=9b4a7642f469939c +132 15 0:3465 / /var/lib/docker/aufs/mnt/3f825573b29547744a37b65597a9d6d15a8350be4429b7038d126a4c9a8e178f rw,relatime - aufs none rw,si=9b4a7642f469c39c +133 15 0:3466 / /var/lib/docker/aufs/mnt/f67aaaeb3681e5dcb99a41f847087370bd1c206680cb8c7b6a9819fd6c97a331 rw,relatime - aufs none rw,si=9b4a7647cc25939c +134 15 0:3467 / /var/lib/docker/aufs/mnt/41afe6cfb3c1fc2280b869db07699da88552786e28793f0bc048a265c01bd942 rw,relatime - aufs none rw,si=9b4a7647cc25c39c +135 15 0:3468 / /var/lib/docker/aufs/mnt/b8092ea59da34a40b120e8718c3ae9fa8436996edc4fc50e4b99c72dfd81e1af rw,relatime - aufs none rw,si=9b4a76445abc439c +136 15 0:3469 / /var/lib/docker/aufs/mnt/42c69d2cc179e2684458bb8596a9da6dad182c08eae9b74d5f0e615b399f75a5 rw,relatime - aufs none rw,si=9b4a76455ddbe39c +137 15 0:3470 / /var/lib/docker/aufs/mnt/ea0871954acd2d62a211ac60e05969622044d4c74597870c4f818fbb0c56b09b rw,relatime - aufs none rw,si=9b4a76455ddbf39c +138 15 0:3471 / /var/lib/docker/aufs/mnt/4307906b275ab3fc971786b3841ae3217ac85b6756ddeb7ad4ba09cd044c2597 rw,relatime - aufs none rw,si=9b4a76455ddb839c +139 15 0:3472 / /var/lib/docker/aufs/mnt/4390b872928c53500a5035634f3421622ed6299dc1472b631fc45de9f56dc180 rw,relatime - aufs none rw,si=9b4a76402f2fd39c +140 15 0:3473 / /var/lib/docker/aufs/mnt/6bb41e78863b85e4aa7da89455314855c8c3bda64e52a583bab15dc1fa2e80c2 rw,relatime - aufs none rw,si=9b4a76402f2fa39c +141 15 0:3474 / /var/lib/docker/aufs/mnt/4444f583c2a79c66608f4673a32c9c812154f027045fbd558c2d69920c53f835 rw,relatime - aufs none rw,si=9b4a764479dbd39c +142 15 0:3475 / /var/lib/docker/aufs/mnt/6f11883af4a05ea362e0c54df89058da4859f977efd07b6f539e1f55c1d2a668 rw,relatime - aufs none rw,si=9b4a76402f30b39c +143 15 0:3476 / /var/lib/docker/aufs/mnt/453490dd32e7c2e9ef906f995d8fb3c2753923d1a5e0ba3fd3296e2e4dc238e7 rw,relatime - aufs none rw,si=9b4a76402f30c39c +144 15 0:3477 / /var/lib/docker/aufs/mnt/45e5945735ee102b5e891c91650c57ec4b52bb53017d68f02d50ea8a6e230610 rw,relatime - aufs none rw,si=9b4a76423260739c +147 15 0:3480 / /var/lib/docker/aufs/mnt/4727a64a5553a1125f315b96bed10d3073d6988225a292cce732617c925b56ab rw,relatime - aufs none rw,si=9b4a76443030339c +150 15 0:3483 / /var/lib/docker/aufs/mnt/4e348b5187b9a567059306afc72d42e0ec5c893b0d4abd547526d5f9b6fb4590 rw,relatime - aufs none rw,si=9b4a7644f5d8c39c +151 15 0:3484 / /var/lib/docker/aufs/mnt/4efc616bfbc3f906718b052da22e4335f8e9f91ee9b15866ed3a8029645189ef rw,relatime - aufs none rw,si=9b4a7644f5d8939c +152 15 0:3485 / /var/lib/docker/aufs/mnt/83e730ae9754d5adb853b64735472d98dfa17136b8812ac9cfcd1eba7f4e7d2d rw,relatime - aufs none rw,si=9b4a76469aa7139c +153 15 0:3486 / /var/lib/docker/aufs/mnt/4fc5ba8a5b333be2b7eefacccb626772eeec0ae8a6975112b56c9fb36c0d342f rw,relatime - aufs none rw,si=9b4a7640128dc39c +154 15 0:3487 / /var/lib/docker/aufs/mnt/50200d5edff5dfe8d1ef3c78b0bbd709793ac6e936aa16d74ff66f7ea577b6f9 rw,relatime - aufs none rw,si=9b4a7640128da39c +155 15 0:3488 / /var/lib/docker/aufs/mnt/51e5e51604361448f0b9777f38329f414bc5ba9cf238f26d465ff479bd574b61 rw,relatime - aufs none rw,si=9b4a76444f68939c +156 15 0:3489 / /var/lib/docker/aufs/mnt/52a142149aa98bba83df8766bbb1c629a97b9799944ead90dd206c4bdf0b8385 rw,relatime - aufs none rw,si=9b4a76444f68b39c +157 15 0:3490 / /var/lib/docker/aufs/mnt/52dd21a94a00f58a1ed489312fcfffb91578089c76c5650364476f1d5de031bc rw,relatime - aufs none rw,si=9b4a76444f68f39c +158 15 0:3491 / /var/lib/docker/aufs/mnt/ee562415ddaad353ed22c88d0ca768a0c74bfba6333b6e25c46849ee22d990da rw,relatime - aufs none rw,si=9b4a7640128d839c +159 15 0:3492 / /var/lib/docker/aufs/mnt/db47a9e87173f7554f550c8a01891de79cf12acdd32e01f95c1a527a08bdfb2c rw,relatime - aufs none rw,si=9b4a764405a1d39c +160 15 0:3493 / /var/lib/docker/aufs/mnt/55e827bf6d44d930ec0b827c98356eb8b68c3301e2d60d1429aa72e05b4c17df rw,relatime - aufs none rw,si=9b4a764405a1a39c +162 15 0:3495 / /var/lib/docker/aufs/mnt/578dc4e0a87fc37ec081ca098430499a59639c09f6f12a8f48de29828a091aa6 rw,relatime - aufs none rw,si=9b4a76406d7d439c +163 15 0:3496 / /var/lib/docker/aufs/mnt/728cc1cb04fa4bc6f7bf7a90980beda6d8fc0beb71630874c0747b994efb0798 rw,relatime - aufs none rw,si=9b4a76444f20e39c +164 15 0:3497 / /var/lib/docker/aufs/mnt/5850cc4bd9b55aea46c7ad598f1785117607974084ea643580f58ce3222e683a rw,relatime - aufs none rw,si=9b4a7644a824239c +165 15 0:3498 / /var/lib/docker/aufs/mnt/89443b3f766d5a37bc8b84e29da8b84e6a3ea8486d3cf154e2aae1816516e4a8 rw,relatime - aufs none rw,si=9b4a7644a824139c +166 15 0:3499 / /var/lib/docker/aufs/mnt/f5ae8fd5a41a337907d16515bc3162525154b59c32314c695ecd092c3b47943d rw,relatime - aufs none rw,si=9b4a7644a824439c +167 15 0:3500 / /var/lib/docker/aufs/mnt/5a430854f2a03a9e5f7cbc9f3fb46a8ebca526a5b3f435236d8295e5998798f5 rw,relatime - aufs none rw,si=9b4a7647fc82439c +168 15 0:3501 / /var/lib/docker/aufs/mnt/eda16901ae4cead35070c39845cbf1e10bd6b8cb0ffa7879ae2d8a186e460f91 rw,relatime - aufs none rw,si=9b4a76441e0df39c +169 15 0:3502 / /var/lib/docker/aufs/mnt/5a593721430c2a51b119ff86a7e06ea2b37e3b4131f8f1344d402b61b0c8d868 rw,relatime - aufs none rw,si=9b4a764248bad39c +170 15 0:3503 / /var/lib/docker/aufs/mnt/d662ad0a30fbfa902e0962108685b9330597e1ee2abb16dc9462eb5a67fdd23f rw,relatime - aufs none rw,si=9b4a764248bae39c +171 15 0:3504 / /var/lib/docker/aufs/mnt/5bc9de5c79812843fb36eee96bef1ddba812407861f572e33242f4ee10da2c15 rw,relatime - aufs none rw,si=9b4a764248ba839c +172 15 0:3505 / /var/lib/docker/aufs/mnt/5e763de8e9b0f7d58d2e12a341e029ab4efb3b99788b175090d8209e971156c1 rw,relatime - aufs none rw,si=9b4a764248baa39c +173 15 0:3506 / /var/lib/docker/aufs/mnt/b4431dc2739936f1df6387e337f5a0c99cf051900c896bd7fd46a870ce61c873 rw,relatime - aufs none rw,si=9b4a76401263539c +174 15 0:3507 / /var/lib/docker/aufs/mnt/5f37830e5a02561ab8c67ea3113137ba69f67a60e41c05cb0e7a0edaa1925b24 rw,relatime - aufs none rw,si=9b4a76401263639c +184 15 0:3508 / /var/lib/docker/aufs/mnt/62ea10b957e6533538a4633a1e1d678502f50ddcdd354b2ca275c54dd7a7793a rw,relatime - aufs none rw,si=9b4a76401263039c +187 15 0:3509 / /var/lib/docker/aufs/mnt/d56ee9d44195fe390e042fda75ec15af5132adb6d5c69468fa8792f4e54a6953 rw,relatime - aufs none rw,si=9b4a76401263239c +188 15 0:3510 / /var/lib/docker/aufs/mnt/6a300930673174549c2b62f36c933f0332a20735978c007c805a301f897146c5 rw,relatime - aufs none rw,si=9b4a76455d4c539c +189 15 0:3511 / /var/lib/docker/aufs/mnt/64496c45c84d348c24d410015456d101601c30cab4d1998c395591caf7e57a70 rw,relatime - aufs none rw,si=9b4a76455d4c639c +190 15 0:3512 / /var/lib/docker/aufs/mnt/65a6a645883fe97a7422cd5e71ebe0bc17c8e6302a5361edf52e89747387e908 rw,relatime - aufs none rw,si=9b4a76455d4c039c +191 15 0:3513 / /var/lib/docker/aufs/mnt/672be40695f7b6e13b0a3ed9fc996c73727dede3481f58155950fcfad57ed616 rw,relatime - aufs none rw,si=9b4a76455d4c239c +192 15 0:3514 / /var/lib/docker/aufs/mnt/d42438acb2bfb2169e1c0d8e917fc824f7c85d336dadb0b0af36dfe0f001b3ba rw,relatime - aufs none rw,si=9b4a7642bfded39c +193 15 0:3515 / /var/lib/docker/aufs/mnt/b48a54abf26d01cb2ddd908b1ed6034d17397c1341bf0eb2b251a3e5b79be854 rw,relatime - aufs none rw,si=9b4a7642bfdee39c +194 15 0:3516 / /var/lib/docker/aufs/mnt/76f27134491f052bfb87f59092126e53ef875d6851990e59195a9da16a9412f8 rw,relatime - aufs none rw,si=9b4a7642bfde839c +195 15 0:3517 / /var/lib/docker/aufs/mnt/6bd626a5462b4f8a8e1cc7d10351326dca97a59b2758e5ea549a4f6350ce8a90 rw,relatime - aufs none rw,si=9b4a7642bfdea39c +196 15 0:3518 / /var/lib/docker/aufs/mnt/f1fe3549dbd6f5ca615e9139d9b53f0c83a3b825565df37628eacc13e70cbd6d rw,relatime - aufs none rw,si=9b4a7642bfdf539c +197 15 0:3519 / /var/lib/docker/aufs/mnt/6d0458c8426a9e93d58d0625737e6122e725c9408488ed9e3e649a9984e15c34 rw,relatime - aufs none rw,si=9b4a7642bfdf639c +198 15 0:3520 / /var/lib/docker/aufs/mnt/6e4c97db83aa82145c9cf2bafc20d500c0b5389643b689e3ae84188c270a48c5 rw,relatime - aufs none rw,si=9b4a7642bfdf039c +199 15 0:3521 / /var/lib/docker/aufs/mnt/eb94d6498f2c5969eaa9fa11ac2934f1ab90ef88e2d002258dca08e5ba74ea27 rw,relatime - aufs none rw,si=9b4a7642bfdf239c +200 15 0:3522 / /var/lib/docker/aufs/mnt/fe3f88f0c511608a2eec5f13a98703aa16e55dbf930309723d8a37101f539fe1 rw,relatime - aufs none rw,si=9b4a7642bfc3539c +201 15 0:3523 / /var/lib/docker/aufs/mnt/6f40c229fb9cad85fabf4b64a2640a5403ec03fe5ac1a57d0609fb8b606b9c83 rw,relatime - aufs none rw,si=9b4a7642bfc3639c +202 15 0:3524 / /var/lib/docker/aufs/mnt/7513e9131f7a8acf58ff15248237feb767c78732ca46e159f4d791e6ef031dbc rw,relatime - aufs none rw,si=9b4a7642bfc3039c +203 15 0:3525 / /var/lib/docker/aufs/mnt/79f48b00aa713cdf809c6bb7c7cb911b66e9a8076c81d6c9d2504139984ea2da rw,relatime - aufs none rw,si=9b4a7642bfc3239c +204 15 0:3526 / /var/lib/docker/aufs/mnt/c3680418350d11358f0a96c676bc5aa74fa00a7c89e629ef5909d3557b060300 rw,relatime - aufs none rw,si=9b4a7642f47cd39c +205 15 0:3527 / /var/lib/docker/aufs/mnt/7a1744dd350d7fcc0cccb6f1757ca4cbe5453f203a5888b0f1014d96ad5a5ef9 rw,relatime - aufs none rw,si=9b4a7642f47ce39c +206 15 0:3528 / /var/lib/docker/aufs/mnt/7fa99662db046be9f03c33c35251afda9ccdc0085636bbba1d90592cec3ff68d rw,relatime - aufs none rw,si=9b4a7642f47c839c +207 15 0:3529 / /var/lib/docker/aufs/mnt/f815021ef20da9c9b056bd1d52d8aaf6e2c0c19f11122fc793eb2b04eb995e35 rw,relatime - aufs none rw,si=9b4a7642f47ca39c +208 15 0:3530 / /var/lib/docker/aufs/mnt/801086ae3110192d601dfcebdba2db92e86ce6b6a9dba6678ea04488e4513669 rw,relatime - aufs none rw,si=9b4a7642dc6dd39c +209 15 0:3531 / /var/lib/docker/aufs/mnt/822ba7db69f21daddda87c01cfbfbf73013fc03a879daf96d16cdde6f9b1fbd6 rw,relatime - aufs none rw,si=9b4a7642dc6de39c +210 15 0:3532 / /var/lib/docker/aufs/mnt/834227c1a950fef8cae3827489129d0dd220541e60c6b731caaa765bf2e6a199 rw,relatime - aufs none rw,si=9b4a7642dc6d839c +211 15 0:3533 / /var/lib/docker/aufs/mnt/83dccbc385299bd1c7cf19326e791b33a544eea7b4cdfb6db70ea94eed4389fb rw,relatime - aufs none rw,si=9b4a7642dc6da39c +212 15 0:3534 / /var/lib/docker/aufs/mnt/f1b8e6f0e7c8928b5dcdab944db89306ebcae3e0b32f9ff40d2daa8329f21600 rw,relatime - aufs none rw,si=9b4a7645a126039c +213 15 0:3535 / /var/lib/docker/aufs/mnt/970efb262c7a020c2404cbcc5b3259efba0d110a786079faeef05bc2952abf3a rw,relatime - aufs none rw,si=9b4a7644c8ed139c +214 15 0:3536 / /var/lib/docker/aufs/mnt/84b6d73af7450f3117a77e15a5ca1255871fea6182cd8e8a7be6bc744be18c2c rw,relatime - aufs none rw,si=9b4a76406559139c +215 15 0:3537 / /var/lib/docker/aufs/mnt/88be2716e026bc681b5e63fe7942068773efbd0b6e901ca7ba441412006a96b6 rw,relatime - aufs none rw,si=9b4a76406559339c +216 15 0:3538 / /var/lib/docker/aufs/mnt/c81939aa166ce50cd8bca5cfbbcc420a78e0318dd5cd7c755209b9166a00a752 rw,relatime - aufs none rw,si=9b4a76406559239c +217 15 0:3539 / /var/lib/docker/aufs/mnt/e0f241645d64b7dc5ff6a8414087cca226be08fb54ce987d1d1f6350c57083aa rw,relatime - aufs none rw,si=9b4a7647cfc0f39c +218 15 0:3540 / /var/lib/docker/aufs/mnt/e10e2bf75234ed51d8a6a4bb39e465404fecbe318e54400d3879cdb2b0679c78 rw,relatime - aufs none rw,si=9b4a7647cfc0939c +219 15 0:3541 / /var/lib/docker/aufs/mnt/8f71d74c8cfc3228b82564aa9f09b2e576cff0083ddfb6aa5cb350346063f080 rw,relatime - aufs none rw,si=9b4a7647cfc0a39c +220 15 0:3542 / /var/lib/docker/aufs/mnt/9159f1eba2aef7f5205cc18d015cda7f5933cd29bba3b1b8aed5ccb5824c69ee rw,relatime - aufs none rw,si=9b4a76468cedd39c +221 15 0:3543 / /var/lib/docker/aufs/mnt/932cad71e652e048e500d9fbb5b8ea4fc9a269d42a3134ce527ceef42a2be56b rw,relatime - aufs none rw,si=9b4a76468cede39c +222 15 0:3544 / /var/lib/docker/aufs/mnt/bf1e1b5f529e8943cc0144ee86dbaaa37885c1ddffcef29537e0078ee7dd316a rw,relatime - aufs none rw,si=9b4a76468ced839c +223 15 0:3545 / /var/lib/docker/aufs/mnt/949d93ecf3322e09f858ce81d5f4b434068ec44ff84c375de03104f7b45ee955 rw,relatime - aufs none rw,si=9b4a76468ceda39c +224 15 0:3546 / /var/lib/docker/aufs/mnt/d65c6087f92dc2a3841b5251d2fe9ca07d4c6e5b021597692479740816e4e2a1 rw,relatime - aufs none rw,si=9b4a7645a126239c +225 15 0:3547 / /var/lib/docker/aufs/mnt/98a0153119d0651c193d053d254f6e16a68345a141baa80c87ae487e9d33f290 rw,relatime - aufs none rw,si=9b4a7640787cf39c +226 15 0:3548 / /var/lib/docker/aufs/mnt/99daf7fe5847c017392f6e59aa9706b3dfdd9e6d1ba11dae0f7fffde0a60b5e5 rw,relatime - aufs none rw,si=9b4a7640787c839c +227 15 0:3549 / /var/lib/docker/aufs/mnt/9ad1f2fe8a5599d4e10c5a6effa7f03d932d4e92ee13149031a372087a359079 rw,relatime - aufs none rw,si=9b4a7640787ca39c +228 15 0:3550 / /var/lib/docker/aufs/mnt/c26d64494da782ddac26f8370d86ac93e7c1666d88a7b99110fc86b35ea6a85d rw,relatime - aufs none rw,si=9b4a7642fc6b539c +229 15 0:3551 / /var/lib/docker/aufs/mnt/a49e4a8275133c230ec640997f35f172312eb0ea5bd2bbe10abf34aae98f30eb rw,relatime - aufs none rw,si=9b4a7642fc6b639c +230 15 0:3552 / /var/lib/docker/aufs/mnt/b5e2740c867ed843025f49d84e8d769de9e8e6039b3c8cb0735b5bf358994bc7 rw,relatime - aufs none rw,si=9b4a7642fc6b039c +231 15 0:3553 / /var/lib/docker/aufs/mnt/a826fdcf3a7039b30570054579b65763db605a314275d7aef31b872c13311b4b rw,relatime - aufs none rw,si=9b4a7642fc6b239c +232 15 0:3554 / /var/lib/docker/aufs/mnt/addf3025babf5e43b5a3f4a0da7ad863dda3c01fb8365c58fd8d28bb61dc11bc rw,relatime - aufs none rw,si=9b4a76407871d39c +233 15 0:3555 / /var/lib/docker/aufs/mnt/c5b6c6813ab3e5ebdc6d22cb2a3d3106a62095f2c298be52b07a3b0fa20ff690 rw,relatime - aufs none rw,si=9b4a76407871e39c +234 15 0:3556 / /var/lib/docker/aufs/mnt/af0609eaaf64e2392060cb46f5a9f3d681a219bb4c651d4f015bf573fbe6c4cf rw,relatime - aufs none rw,si=9b4a76407871839c +235 15 0:3557 / /var/lib/docker/aufs/mnt/e7f20e3c37ecad39cd90a97cd3549466d0d106ce4f0a930b8495442634fa4a1f rw,relatime - aufs none rw,si=9b4a76407871a39c +237 15 0:3559 / /var/lib/docker/aufs/mnt/b57a53d440ffd0c1295804fa68cdde35d2fed5409484627e71b9c37e4249fd5c rw,relatime - aufs none rw,si=9b4a76444445a39c +238 15 0:3560 / /var/lib/docker/aufs/mnt/b5e7d7b8f35e47efbba3d80c5d722f5e7bd43e54c824e54b4a4b351714d36d42 rw,relatime - aufs none rw,si=9b4a7647932d439c +239 15 0:3561 / /var/lib/docker/aufs/mnt/f1b136def157e9465640658f277f3347de593c6ae76412a2e79f7002f091cae2 rw,relatime - aufs none rw,si=9b4a76445abcd39c +240 15 0:3562 / /var/lib/docker/aufs/mnt/b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc rw,relatime - aufs none rw,si=9b4a7644403b339c +241 15 0:3563 / /var/lib/docker/aufs/mnt/b89b140cdbc95063761864e0a23346207fa27ee4c5c63a1ae85c9069a9d9cf1d rw,relatime - aufs none rw,si=9b4a7644aa19739c +242 15 0:3564 / /var/lib/docker/aufs/mnt/bc6a69ed51c07f5228f6b4f161c892e6a949c0e7e86a9c3432049d4c0e5cd298 rw,relatime - aufs none rw,si=9b4a7644aa19139c +243 15 0:3565 / /var/lib/docker/aufs/mnt/be4e2ba3f136933e239f7cf3d136f484fb9004f1fbdfee24a62a2c7b0ab30670 rw,relatime - aufs none rw,si=9b4a7644aa19339c +244 15 0:3566 / /var/lib/docker/aufs/mnt/e04ca1a4a5171e30d20f0c92f90a50b8b6f8600af5459c4b4fb25e42e864dfe1 rw,relatime - aufs none rw,si=9b4a7647932d139c +245 15 0:3567 / /var/lib/docker/aufs/mnt/be61576b31db893129aaffcd3dcb5ce35e49c4b71b30c392a78609a45c7323d8 rw,relatime - aufs none rw,si=9b4a7642d85f739c +246 15 0:3568 / /var/lib/docker/aufs/mnt/dda42c191e56becf672327658ab84fcb563322db3764b91c2fefe4aaef04c624 rw,relatime - aufs none rw,si=9b4a7642d85f139c +247 15 0:3569 / /var/lib/docker/aufs/mnt/c0a7995053330f3d88969247a2e72b07e2dd692133f5668a4a35ea3905561072 rw,relatime - aufs none rw,si=9b4a7642d85f339c +249 15 0:3571 / /var/lib/docker/aufs/mnt/c3594b2e5f08c59ff5ed338a1ba1eceeeb1f7fc5d180068338110c00b1eb8502 rw,relatime - aufs none rw,si=9b4a7642738c739c +250 15 0:3572 / /var/lib/docker/aufs/mnt/c58dce03a0ab0a7588393880379dc3bce9f96ec08ed3f99cf1555260ff0031e8 rw,relatime - aufs none rw,si=9b4a7642738c139c +251 15 0:3573 / /var/lib/docker/aufs/mnt/c73e9f1d109c9d14cb36e1c7489df85649be3911116d76c2fd3648ec8fd94e23 rw,relatime - aufs none rw,si=9b4a7642738c339c +252 15 0:3574 / /var/lib/docker/aufs/mnt/c9eef28c344877cd68aa09e543c0710ab2b305a0ff96dbb859bfa7808c3e8d01 rw,relatime - aufs none rw,si=9b4a7642d85f439c +253 15 0:3575 / /var/lib/docker/aufs/mnt/feb67148f548d70cb7484f2aaad2a86051cd6867a561741a2f13b552457d666e rw,relatime - aufs none rw,si=9b4a76468c55739c +254 15 0:3576 / /var/lib/docker/aufs/mnt/cdf1f96c36d35a96041a896bf398ec0f7dc3b0fb0643612a0f4b6ff96e04e1bb rw,relatime - aufs none rw,si=9b4a76468c55139c +255 15 0:3577 / /var/lib/docker/aufs/mnt/ec6e505872353268451ac4bc034c1df00f3bae4a3ea2261c6e48f7bd5417c1b3 rw,relatime - aufs none rw,si=9b4a76468c55339c +256 15 0:3578 / /var/lib/docker/aufs/mnt/d6dc8aca64efd90e0bc10274001882d0efb310d42ccbf5712b99b169053b8b1a rw,relatime - aufs none rw,si=9b4a7642738c439c +257 15 0:3579 / /var/lib/docker/aufs/mnt/d712594e2ff6eaeb895bfd150d694bd1305fb927e7a186b2dab7df2ea95f8f81 rw,relatime - aufs none rw,si=9b4a76401268f39c +259 15 0:3581 / /var/lib/docker/aufs/mnt/dbfa1174cd78cde2d7410eae442af0b416c4a0e6f87ed4ff1e9f169a0029abc0 rw,relatime - aufs none rw,si=9b4a76401268b39c +260 15 0:3582 / /var/lib/docker/aufs/mnt/e883f5a82316d7856fbe93ee8c0af5a920b7079619dd95c4ffd88bbd309d28dd rw,relatime - aufs none rw,si=9b4a76468c55439c +261 15 0:3583 / /var/lib/docker/aufs/mnt/fdec3eff581c4fc2b09f87befa2fa021f3f2d373bea636a87f1fb5b367d6347a rw,relatime - aufs none rw,si=9b4a7644aa1af39c +262 15 0:3584 / /var/lib/docker/aufs/mnt/ef764e26712184653067ecf7afea18a80854c41331ca0f0ef03e1bacf90a6ffc rw,relatime - aufs none rw,si=9b4a7644aa1a939c +263 15 0:3585 / /var/lib/docker/aufs/mnt/f3176b40c41fce8ce6942936359a2001a6f1b5c1bb40ee224186db0789ec2f76 rw,relatime - aufs none rw,si=9b4a7644aa1ab39c +264 15 0:3586 / /var/lib/docker/aufs/mnt/f5daf06785d3565c6dd18ea7d953d9a8b9606107781e63270fe0514508736e6a rw,relatime - aufs none rw,si=9b4a76401268c39c +58 15 0:3587 / /var/lib/docker/aufs/mnt/cde8c40f6524b7361af4f5ad05bb857dc9ee247c20852ba666195c0739e3a2b8-init rw,relatime - aufs none rw,si=9b4a76444445839c +67 15 0:3588 / /var/lib/docker/aufs/mnt/cde8c40f6524b7361af4f5ad05bb857dc9ee247c20852ba666195c0739e3a2b8 rw,relatime - aufs none rw,si=9b4a7644badd339c +265 15 0:3610 / /var/lib/docker/aufs/mnt/e812472cd2c8c4748d1ef71fac4e77e50d661b9349abe66ce3e23511ed44f414 rw,relatime - aufs none rw,si=9b4a76427937d39c +270 15 0:3615 / /var/lib/docker/aufs/mnt/997636e7c5c9d0d1376a217e295c14c205350b62bc12052804fb5f90abe6f183 rw,relatime - aufs none rw,si=9b4a76406540739c +273 15 0:3618 / /var/lib/docker/aufs/mnt/d5794d080417b6e52e69227c3873e0e4c1ff0d5a845ebe3860ec2f89a47a2a1e rw,relatime - aufs none rw,si=9b4a76454814039c +278 15 0:3623 / /var/lib/docker/aufs/mnt/586bdd48baced671bb19bc4d294ec325f26c55545ae267db426424f157d59c48 rw,relatime - aufs none rw,si=9b4a7644b439f39c +281 15 0:3626 / /var/lib/docker/aufs/mnt/69739d022f89f8586908bbd5edbbdd95ea5256356f177f9ffcc6ef9c0ea752d2 rw,relatime - aufs none rw,si=9b4a7644a0f1b39c +286 15 0:3631 / /var/lib/docker/aufs/mnt/ff28c27d5f894363993622de26d5dd352dba072f219e4691d6498c19bbbc15a9 rw,relatime - aufs none rw,si=9b4a7642265b339c +289 15 0:3634 / /var/lib/docker/aufs/mnt/aa128fe0e64fdede333aa48fd9de39530c91a9244a0f0649a3c411c61e372daa rw,relatime - aufs none rw,si=9b4a764012ada39c +99 15 8:33 / /media/REMOVE\040ME rw,nosuid,nodev,relatime - fuseblk /dev/sdc1 rw,user_id=0,group_id=0,allow_other,blksize=4096` +) + +func TestParseFedoraMountinfo(t *testing.T) { + r := bytes.NewBuffer([]byte(fedoraMountinfo)) + _, err := parseInfoFile(r) + if err != nil { + t.Fatal(err) + } +} + +func TestParseUbuntuMountinfo(t *testing.T) { + r := bytes.NewBuffer([]byte(ubuntuMountInfo)) + _, err := parseInfoFile(r) + if err != nil { + t.Fatal(err) + } +} + +func TestParseGentooMountinfo(t *testing.T) { + r := bytes.NewBuffer([]byte(gentooMountinfo)) + _, err := parseInfoFile(r) + if err != nil { + t.Fatal(err) + } +} From b58bf0fa051281d1f091909cc612246506c53157 Mon Sep 17 00:00:00 2001 From: Gabriel Monroy Date: Fri, 20 Dec 2013 16:52:34 -0700 Subject: [PATCH 068/126] add TestContainerOrphaning integration test Upstream-commit: c995c9bb91a2bf5b2038330d063a073d2e0c611c Component: engine --- .../engine/integration/commands_test.go | 63 +++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/components/engine/integration/commands_test.go b/components/engine/integration/commands_test.go index af720f67e6..bcf79c1534 100644 --- a/components/engine/integration/commands_test.go +++ b/components/engine/integration/commands_test.go @@ -968,3 +968,66 @@ func TestRunCidFile(t *testing.T) { }) } + +func TestContainerOrphaning(t *testing.T) { + + // setup a temporary directory + tmpDir, err := ioutil.TempDir("", "project") + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll(tmpDir) + + // setup a CLI and server + cli := docker.NewDockerCli(nil, os.Stdout, ioutil.Discard, testDaemonProto, testDaemonAddr) + defer cleanup(globalEngine, t) + srv := mkServerFromEngine(globalEngine, t) + + // closure to build something + buildSomething := func(template string, image string) string { + dockerfile := path.Join(tmpDir, "Dockerfile") + replacer := strings.NewReplacer("{IMAGE}", unitTestImageID) + contents := replacer.Replace(template) + ioutil.WriteFile(dockerfile, []byte(contents), 0x777) + if err := cli.CmdBuild("-t", image, tmpDir); err != nil { + t.Fatal(err) + } + img, err := srv.ImageInspect(image) + if err != nil { + t.Fatal(err) + } + return img.ID + } + + // build an image + imageName := "orphan-test" + template1 := ` + from {IMAGE} + cmd ["/bin/echo", "holla"] + ` + img1 := buildSomething(template1, imageName) + + // create a container using the fist image + if err := cli.CmdRun(imageName); err != nil { + t.Fatal(err) + } + + // build a new image that splits lineage + template2 := ` + from {IMAGE} + cmd ["/bin/echo", "holla"] + expose 22 + ` + buildSomething(template2, imageName) + + // remove the second image by name + resp, err := srv.ImageDelete(imageName, true) + + // see if we deleted the first image (and orphaned the container) + for _, i := range resp { + if img1 == i.Deleted { + t.Fatal("Orphaned image with container") + } + } + +} From 118dcafff9bf4baf4ef1143e4ad4d8633640ee4d Mon Sep 17 00:00:00 2001 From: Brian Dorsey Date: Fri, 20 Dec 2013 16:06:28 -0800 Subject: [PATCH 069/126] Added a note about a networking work around. An additional flag to limit the networking MTU is required in three Compute Engine zones for reliable networking from inside the docker container. Added a warning to that effect to the QuickStart guide. Upstream-commit: 37ed178611622da42e3a4a0aed2288b00b4eb208 Component: engine --- components/engine/docs/sources/installation/google.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/components/engine/docs/sources/installation/google.rst b/components/engine/docs/sources/installation/google.rst index e3286d1d90..2f6ac214f4 100644 --- a/components/engine/docs/sources/installation/google.rst +++ b/components/engine/docs/sources/installation/google.rst @@ -63,3 +63,12 @@ docker-playground:~$ sudo docker run busybox echo 'docker on GCE \o/' docker on GCE \o/ + +**The -lxc-conf flag below is required** when running docker images in zones: us-central1-a, europe-west1-1, and europe-west1-b. Without the MTU flag, you may experience intermittent network pauses. +`See this issue `_ for more details. + +.. code-block:: bash + + docker-playground:~$ sudo docker run -lxc-conf="lxc.network.mtu = 1460" busybox echo 'docker on GCE \o/' + docker on GCE \o/ + From 652202543c4f1535fcaafb23538468f21bb61f75 Mon Sep 17 00:00:00 2001 From: Brian Dorsey Date: Fri, 20 Dec 2013 16:19:35 -0800 Subject: [PATCH 070/126] Update MTU work-around to use the new -mtu flag Upstream-commit: cdd14b1a31603e602ab36522582b4356264ccb60 Component: engine --- .../engine/docs/sources/installation/google.rst | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/components/engine/docs/sources/installation/google.rst b/components/engine/docs/sources/installation/google.rst index 2f6ac214f4..ff38e1e6e4 100644 --- a/components/engine/docs/sources/installation/google.rst +++ b/components/engine/docs/sources/installation/google.rst @@ -57,18 +57,17 @@ docker-playground:~$ curl get.docker.io | bash docker-playground:~$ sudo update-rc.d docker defaults -7. Start a new container: +7. If running in zones: us-central1-a, europe-west1-1, and europe-west1-b, the docker daemon must be started with the `-mtu` flag. Without the flag, you may experience intermittent network pauses. +`See this issue `_ for more details. + +.. code-block:: bash + + docker -d -mtu 1460 + +8. Start a new container: .. code-block:: bash docker-playground:~$ sudo docker run busybox echo 'docker on GCE \o/' docker on GCE \o/ -**The -lxc-conf flag below is required** when running docker images in zones: us-central1-a, europe-west1-1, and europe-west1-b. Without the MTU flag, you may experience intermittent network pauses. -`See this issue `_ for more details. - -.. code-block:: bash - - docker-playground:~$ sudo docker run -lxc-conf="lxc.network.mtu = 1460" busybox echo 'docker on GCE \o/' - docker on GCE \o/ - From bfdf325ac2c5741d8cda2a77ce36af15b64034e9 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Fri, 20 Dec 2013 16:26:02 -0800 Subject: [PATCH 071/126] prevent orphan Upstream-commit: 8dcca2125a2176924ea9d816214d88b8b6450bf2 Component: engine --- components/engine/server.go | 46 +++++++++++++++++++------------------ 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/components/engine/server.go b/components/engine/server.go index 6a3ff2cd2d..a6ded6a996 100644 --- a/components/engine/server.go +++ b/components/engine/server.go @@ -1543,7 +1543,7 @@ func (srv *Server) deleteImageAndChildren(id string, imgs *[]APIRmi, byParents m if err != nil { return err } - if len(byParents[id]) == 0 { + if len(byParents[id]) == 0 && srv.canDeleteImage(id) == nil { if err := srv.runtime.repositories.DeleteAll(id); err != nil { return err } @@ -1631,9 +1631,8 @@ func (srv *Server) deleteImage(img *Image, repoName, tag string) ([]APIRmi, erro func (srv *Server) ImageDelete(name string, autoPrune bool) ([]APIRmi, error) { var ( repository, tag string - validate = true + img, err = srv.runtime.repositories.LookupImage(name) ) - img, err := srv.runtime.repositories.LookupImage(name) if err != nil { return nil, fmt.Errorf("No such image: %s", name) } @@ -1655,31 +1654,34 @@ func (srv *Server) ImageDelete(name string, autoPrune bool) ([]APIRmi, error) { // // i.e. only validate if we are performing an actual delete and not // an untag op - if repository != "" { - validate = len(srv.runtime.repositories.ByID()[img.ID]) == 1 - } - - if validate { + if repository != "" && len(srv.runtime.repositories.ByID()[img.ID]) == 1 { // Prevent deletion if image is used by a container - for _, container := range srv.runtime.List() { - parent, err := srv.runtime.repositories.LookupImage(container.Image) - if err != nil { - return nil, err - } - - if err := parent.WalkHistory(func(p *Image) error { - if img.ID == p.ID { - return fmt.Errorf("Conflict, cannot delete %s because the container %s is using it", name, container.ID) - } - return nil - }); err != nil { - return nil, err - } + if err := srv.canDeleteImage(img.ID); err != nil { + return nil, err } } return srv.deleteImage(img, repository, tag) } +func (srv *Server) canDeleteImage(imgID string) error { + for _, container := range srv.runtime.List() { + parent, err := srv.runtime.repositories.LookupImage(container.Image) + if err != nil { + return err + } + + if err := parent.WalkHistory(func(p *Image) error { + if imgID == p.ID { + return fmt.Errorf("Conflict, cannot delete %s because the container %s is using it", utils.TruncateID(imgID), utils.TruncateID(container.ID)) + } + return nil + }); err != nil { + return err + } + } + return nil +} + func (srv *Server) ImageGetCached(imgID string, config *Config) (*Image, error) { // Retrieve all images From a0bbcd5fb88f3213ce655061ea9ce086575edf83 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Fri, 20 Dec 2013 16:50:31 -0800 Subject: [PATCH 072/126] discard test output Upstream-commit: 369cde4ad7b2618e24294839761b743c5c25911b Component: engine --- components/engine/integration/commands_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/integration/commands_test.go b/components/engine/integration/commands_test.go index bcf79c1534..84a9008224 100644 --- a/components/engine/integration/commands_test.go +++ b/components/engine/integration/commands_test.go @@ -979,7 +979,7 @@ func TestContainerOrphaning(t *testing.T) { defer os.RemoveAll(tmpDir) // setup a CLI and server - cli := docker.NewDockerCli(nil, os.Stdout, ioutil.Discard, testDaemonProto, testDaemonAddr) + cli := docker.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, testDaemonAddr) defer cleanup(globalEngine, t) srv := mkServerFromEngine(globalEngine, t) From 6071fba45d9cdacf1fa570342e98d7ac3073d2c2 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Thu, 19 Dec 2013 12:32:58 -0800 Subject: [PATCH 073/126] fix progressbar in docker push Upstream-commit: 85f9b778f54a823566dd5d81e0e0a9875a64569d Component: engine --- components/engine/registry/registry.go | 5 +++++ components/engine/server.go | 1 + components/engine/utils/jsonmessage.go | 2 +- components/engine/utils/progressreader.go | 19 +++++++++---------- 4 files changed, 16 insertions(+), 11 deletions(-) diff --git a/components/engine/registry/registry.go b/components/engine/registry/registry.go index 6c9255aa46..3c793cf08c 100644 --- a/components/engine/registry/registry.go +++ b/components/engine/registry/registry.go @@ -448,6 +448,11 @@ func (r *Registry) PushImageLayerRegistry(imgID string, layer io.Reader, registr if err != nil { return "", fmt.Errorf("Failed to upload layer: %s", err) } + if rc, ok := layer.(io.Closer); ok { + if err := rc.Close(); err != nil { + return "", err + } + } defer res.Body.Close() if res.StatusCode != 200 { diff --git a/components/engine/server.go b/components/engine/server.go index 51e0aac4db..201fd83ab8 100644 --- a/components/engine/server.go +++ b/components/engine/server.go @@ -1272,6 +1272,7 @@ func (srv *Server) pushImage(r *registry.Registry, out io.Writer, remote, imgID, return "", err } + out.Write(sf.FormatProgress(utils.TruncateID(imgData.ID), "Image successfully pushed", nil)) return imgData.Checksum, nil } diff --git a/components/engine/utils/jsonmessage.go b/components/engine/utils/jsonmessage.go index cc467162f9..6c8711b266 100644 --- a/components/engine/utils/jsonmessage.go +++ b/components/engine/utils/jsonmessage.go @@ -52,7 +52,7 @@ func (p *JSONProgress) String() string { } numbersBox = fmt.Sprintf("%8v/%v", current, total) - if p.Start > 0 { + if p.Start > 0 && percentage < 50 { fromStart := time.Now().UTC().Sub(time.Unix(int64(p.Start), 0)) perEntry := fromStart / time.Duration(p.Current) left := time.Duration(p.Total-p.Current) * perEntry diff --git a/components/engine/utils/progressreader.go b/components/engine/utils/progressreader.go index 81f076682e..a43ee55b0f 100644 --- a/components/engine/utils/progressreader.go +++ b/components/engine/utils/progressreader.go @@ -7,21 +7,18 @@ import ( // Reader with progress bar type progressReader struct { - reader io.ReadCloser // Stream to read from - output io.Writer // Where to send progress bar to - progress JSONProgress - // readTotal int // Expected stream length (bytes) - // readProgress int // How much has been read so far (bytes) + reader io.ReadCloser // Stream to read from + output io.Writer // Where to send progress bar to + progress JSONProgress lastUpdate int // How many bytes read at least update ID string action string - // template string // Template to print. Default "%v/%v (%v)" - sf *StreamFormatter - newLine bool + sf *StreamFormatter + newLine bool } func (r *progressReader) Read(p []byte) (n int, err error) { - read, err := io.ReadCloser(r.reader).Read(p) + read, err := r.reader.Read(p) r.progress.Current += read updateEvery := 1024 * 512 //512kB if r.progress.Total > 0 { @@ -41,7 +38,9 @@ func (r *progressReader) Read(p []byte) (n int, err error) { return read, err } func (r *progressReader) Close() error { - return io.ReadCloser(r.reader).Close() + r.progress.Current = r.progress.Total + r.output.Write(r.sf.FormatProgress(r.ID, r.action, &r.progress)) + return r.reader.Close() } func ProgressReader(r io.ReadCloser, size int, output io.Writer, sf *StreamFormatter, newline bool, ID, action string) *progressReader { return &progressReader{ From 3658b14c94cda2524759eb3cf8e545cbc9355e4e Mon Sep 17 00:00:00 2001 From: Tzu-Jung Lee Date: Fri, 20 Dec 2013 17:30:21 -0800 Subject: [PATCH 074/126] network: fix a typo in udp cleanup path Fix #3224 - Port already in use error when running a container Signed-off-by: Tzu-Jung Lee Upstream-commit: 7d2e851d8e921bf8f07f54c8afb8262580b36e8d Component: engine --- components/engine/network.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/network.go b/components/engine/network.go index cccb7c52e1..9cb6231855 100644 --- a/components/engine/network.go +++ b/components/engine/network.go @@ -628,7 +628,7 @@ func (iface *NetworkInterface) Release() { log.Printf("Unable to release port %s", nat) } } else if nat.Port.Proto() == "udp" { - if err := iface.manager.tcpPortAllocator.Release(ip, hostPort); err != nil { + if err := iface.manager.udpPortAllocator.Release(ip, hostPort); err != nil { log.Printf("Unable to release port %s: %s", nat, err) } } From f27c5dcccdbc79ad1bc285ba10deffcae335cf71 Mon Sep 17 00:00:00 2001 From: Christopher Rigor Date: Sat, 21 Dec 2013 16:23:13 +0800 Subject: [PATCH 075/126] Change an to a Upstream-commit: 071528e1033623b4c2da7450b4492616101dd018 Component: engine --- components/engine/docs/sources/use/port_redirection.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/docs/sources/use/port_redirection.rst b/components/engine/docs/sources/use/port_redirection.rst index b35d27a3db..5cddb238e4 100644 --- a/components/engine/docs/sources/use/port_redirection.rst +++ b/components/engine/docs/sources/use/port_redirection.rst @@ -31,7 +31,7 @@ container, Docker provide ways to bind the container port to an interface of the host system. To simplify communication between containers, Docker provides the linking mechanism. -Binding a port to an host interface +Binding a port to a host interface ----------------------------------- To bind a port of the container to a specific interface of the host From c6977efcc725a1a2ed04db42c41efe10499fb53d Mon Sep 17 00:00:00 2001 From: apocas Date: Sat, 21 Dec 2013 16:41:41 +0000 Subject: [PATCH 076/126] Wrong HTTP method in events endpoint. Upstream-commit: e4e579b40d79764781cbb0a63d12d307ca8a71dc Component: engine --- components/engine/docs/sources/api/docker_remote_api_v1.8.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/docs/sources/api/docker_remote_api_v1.8.rst b/components/engine/docs/sources/api/docker_remote_api_v1.8.rst index bc51e209ef..e14cf295d3 100644 --- a/components/engine/docs/sources/api/docker_remote_api_v1.8.rst +++ b/components/engine/docs/sources/api/docker_remote_api_v1.8.rst @@ -1173,7 +1173,7 @@ Monitor Docker's events .. sourcecode:: http - POST /events?since=1374067924 + GET /events?since=1374067924 **Example response**: From b028910bf6983a6b3302f7eaae97f9c543a81e43 Mon Sep 17 00:00:00 2001 From: Daniel Exner Date: Sat, 21 Dec 2013 23:38:13 +0100 Subject: [PATCH 077/126] Installation for FrugalWare Upstream-commit: 158e3d60ec016778b2a2615885f6a880509644f3 Component: engine --- .../docs/sources/installation/frugalware.rst | 80 +++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 components/engine/docs/sources/installation/frugalware.rst diff --git a/components/engine/docs/sources/installation/frugalware.rst b/components/engine/docs/sources/installation/frugalware.rst new file mode 100644 index 0000000000..62f8a701c1 --- /dev/null +++ b/components/engine/docs/sources/installation/frugalware.rst @@ -0,0 +1,80 @@ +:title: Installation on FrugalWare +:description: Docker installation on FrugalWare. +:keywords: frugalware linux, virtualization, docker, documentation, installation + +.. _frugalware: + +FrugalWare +========== + +.. include:: install_header.inc + +.. include:: install_unofficial.inc + +Installing on FrugalWare is handled via the official packages: + +* `lxc-docker i686 `_ + +* `lxc-docker x86_64 `_ + +The lxc-docker package will install the latest tagged version of docker. + +Dependencies +------------ + +Docker depends on several packages which are specified as dependencies in +the packages. The core dependencies are: + +* systemd +* lvm2 +* sqlite3 +* libguestfs +* lxc +* iproute2 +* bridge-utils + + +Installation +------------ + +A simple +:: + + pacman -S lxc-docker + +is all that is needed. + + +Starting Docker +--------------- + +There is a systemd service unit created for docker. To start the docker service: + +:: + + sudo systemctl start lxc-docker + + +To start on system boot: + +:: + + sudo systemctl enable lxc-docker + +Network Configuration +--------------------- + +IPv4 packet forwarding is disabled by default on FrugalWare, so internet access from inside +the container may not work. + +To enable the forwarding, run as root on the host system: + +:: + + sysctl net.ipv4.ip_forward=1 + +And, to make it persistent across reboots, enable it on the host's **/etc/sysctl.d/docker.conf**: + +:: + + net.ipv4.ip_forward=1 From 2bbee621e754310344f079e60ef505aa762af668 Mon Sep 17 00:00:00 2001 From: Daniel Exner Date: Sun, 22 Dec 2013 00:00:20 +0100 Subject: [PATCH 078/126] + added missing link in index.rst * some gramatic and spelling fixes Thx jamtur :) Upstream-commit: 3edbf416bfaed2c7bacc3c5ef572efb59b4e2082 Component: engine --- .../engine/docs/sources/installation/frugalware.rst | 10 +++++----- components/engine/docs/sources/installation/index.rst | 1 + 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/components/engine/docs/sources/installation/frugalware.rst b/components/engine/docs/sources/installation/frugalware.rst index 62f8a701c1..d4b404278e 100644 --- a/components/engine/docs/sources/installation/frugalware.rst +++ b/components/engine/docs/sources/installation/frugalware.rst @@ -17,7 +17,7 @@ Installing on FrugalWare is handled via the official packages: * `lxc-docker x86_64 `_ -The lxc-docker package will install the latest tagged version of docker. +The `lxc-docker` package will install the latest tagged version of docker. Dependencies ------------ @@ -48,7 +48,7 @@ is all that is needed. Starting Docker --------------- -There is a systemd service unit created for docker. To start the docker service: +There is a systemd service unit created for Docker. To start Docker as service: :: @@ -64,16 +64,16 @@ To start on system boot: Network Configuration --------------------- -IPv4 packet forwarding is disabled by default on FrugalWare, so internet access from inside +IPv4 packet forwarding is disabled by default on FrugalWare, so Internet access from inside the container may not work. -To enable the forwarding, run as root on the host system: +To enable packet forwarding, run the following command as the ``root`` user on the host system: :: sysctl net.ipv4.ip_forward=1 -And, to make it persistent across reboots, enable it on the host's **/etc/sysctl.d/docker.conf**: +And, to make it persistent across reboots, add the following to a file named **/etc/sysctl.d/docker.conf**: :: diff --git a/components/engine/docs/sources/installation/index.rst b/components/engine/docs/sources/installation/index.rst index b2882a5cb3..9026b1f7f4 100644 --- a/components/engine/docs/sources/installation/index.rst +++ b/components/engine/docs/sources/installation/index.rst @@ -22,6 +22,7 @@ Contents: fedora archlinux gentoolinux + frugalware vagrant windows amazon From d4d3461e3170f4f8d820be5986fbceb2b22fcd8d Mon Sep 17 00:00:00 2001 From: Tatsuki Sugiura Date: Mon, 23 Dec 2013 17:27:22 +0900 Subject: [PATCH 079/126] Fix glob expansion for no-cache setting. On previous version, glob pattern will be expanded to actual file names when writing setting to etc/apt/apt.conf.d/no-cache. This patch fixes to quote to work cache clean command properly. Upstream-commit: e3b878ce983e5e01960ba5ec5c330749df7dcac4 Component: engine --- components/engine/contrib/mkimage-debootstrap.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/components/engine/contrib/mkimage-debootstrap.sh b/components/engine/contrib/mkimage-debootstrap.sh index f9992d6e3c..3f268b52da 100755 --- a/components/engine/contrib/mkimage-debootstrap.sh +++ b/components/engine/contrib/mkimage-debootstrap.sh @@ -144,9 +144,9 @@ if [ -z "$strictDebootstrap" ]; then echo 'force-unsafe-io' | sudo tee etc/dpkg/dpkg.cfg.d/02apt-speedup > /dev/null # we want to effectively run "apt-get clean" after every install to keep images small (see output of "apt-get clean -s" for context) { - aptGetClean='rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true' - echo 'DPkg::Post-Invoke { "'$aptGetClean'"; };' - echo 'APT::Update::Post-Invoke { "'$aptGetClean'"; };' + aptGetClean='"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true";' + echo "DPkg::Post-Invoke { ${aptGetClean} };" + echo "APT::Update::Post-Invoke { ${aptGetClean} };" echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' } | sudo tee etc/apt/apt.conf.d/no-cache > /dev/null # and remove the translations, too From 9526d02fc2db911dd0b75f04372aadb727ef6683 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Mon, 2 Dec 2013 17:59:45 +1000 Subject: [PATCH 080/126] use the Makefile - it makes life so much simpler Upstream-commit: 83d81758b0ca7de9ca38f4ea3a7eaaa8a0c275ad Component: engine --- components/engine/hack/make.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh index 657233381c..cc9b9f32ee 100755 --- a/components/engine/hack/make.sh +++ b/components/engine/hack/make.sh @@ -15,8 +15,9 @@ set -e # - The script is intented to be run inside the docker container specified # in the Dockerfile at the root of the source. In other words: # DO NOT CALL THIS SCRIPT DIRECTLY. -# - The right way to call this script is to invoke "docker build ." from -# your checkout of the Docker repository, and then +# - The right way to call this script is to invoke "make" from +# your checkout of the Docker repository. +# the Makefile will so a "docker build -t docker ." and then # "docker run hack/make.sh" in the resulting container image. # @@ -28,7 +29,7 @@ RESOLVCONF=$(readlink --canonicalize /etc/resolv.conf) grep -q "$RESOLVCONF" /proc/mounts || { echo >&2 "# WARNING! I don't seem to be running in a docker container." echo >&2 "# The result of this command might be an incorrect build, and will not be officially supported." - echo >&2 "# Try this: 'docker build -t docker . && docker run docker ./hack/make.sh'" + echo >&2 "# Try this: 'make all'" } # List of bundles to create when no argument is passed From 93dba8079c90452a1df018f3fccaf0b894f29986 Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Mon, 23 Dec 2013 09:08:28 -0500 Subject: [PATCH 081/126] API documentation update for Privileged The 1.7 API docs show the ability to pass Privileged when creating a container. This is not supported as. Privileged is now part of hostConfig and can only be passed when starting a container. This fixes the documentation issue. Upstream-commit: bf17383e35afa12f5d6cb145b26542f2dc4f95de Component: engine --- components/engine/docs/sources/api/docker_remote_api_v1.7.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/engine/docs/sources/api/docker_remote_api_v1.7.rst b/components/engine/docs/sources/api/docker_remote_api_v1.7.rst index 9857948732..93bd1dd6e5 100644 --- a/components/engine/docs/sources/api/docker_remote_api_v1.7.rst +++ b/components/engine/docs/sources/api/docker_remote_api_v1.7.rst @@ -122,7 +122,6 @@ Create a container "AttachStdout":true, "AttachStderr":true, "PortSpecs":null, - "Privileged": false, "Tty":false, "OpenStdin":false, "StdinOnce":false, @@ -364,7 +363,8 @@ Start a container { "Binds":["/tmp:/tmp"], "LxcConf":{"lxc.utsname":"docker"}, - "PortBindings":null + "PortBindings":null, + "Privileged":false, "PublishAllPorts":false } From db836da6ccf3177816287c5c162c856dff0f7e0c Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Mon, 23 Dec 2013 11:45:51 -0500 Subject: [PATCH 082/126] Minor style cleanups to the API spec docs Upstream-commit: ea8a3438f769c85725f34c6e51d7c73ed1fff962 Component: engine --- .../engine/docs/sources/api/registry_api.rst | 8 +- .../docs/sources/api/registry_index_spec.rst | 131 +++++++++++++----- 2 files changed, 100 insertions(+), 39 deletions(-) diff --git a/components/engine/docs/sources/api/registry_api.rst b/components/engine/docs/sources/api/registry_api.rst index 8803b70ba8..b5c36cc344 100644 --- a/components/engine/docs/sources/api/registry_api.rst +++ b/components/engine/docs/sources/api/registry_api.rst @@ -19,7 +19,8 @@ Docker Registry API - It doesn’t have a local database - It will be open-sourced at some point -We expect that there will be multiple registries out there. To help to grasp the context, here are some examples of registries: +We expect that there will be multiple registries out there. To help to grasp +the context, here are some examples of registries: - **sponsor registry**: such a registry is provided by a third-party hosting infrastructure as a convenience for their customers and the docker community as a whole. Its costs are supported by the third party, but the management and operation of the registry are supported by dotCloud. It features read/write access, and delegates authentication and authorization to the Index. - **mirror registry**: such a registry is provided by a third-party hosting infrastructure but is targeted at their customers only. Some mechanism (unspecified to date) ensures that public images are pulled from a sponsor registry to the mirror registry, to make sure that the customers of the third-party provider can “docker pull” those images locally. @@ -37,7 +38,10 @@ We expect that there will be multiple registries out there. To help to grasp the - local mount point; - remote docker addressed through SSH. -The latter would only require two new commands in docker, e.g. “registryget” and “registryput”, wrapping access to the local filesystem (and optionally doing consistency checks). Authentication and authorization are then delegated to SSH (e.g. with public keys). +The latter would only require two new commands in docker, e.g. ``registryget`` +and ``registryput``, wrapping access to the local filesystem (and optionally +doing consistency checks). Authentication and authorization are then delegated +to SSH (e.g. with public keys). 2. Endpoints ============ diff --git a/components/engine/docs/sources/api/registry_index_spec.rst b/components/engine/docs/sources/api/registry_index_spec.rst index 449569414e..89f6319f5c 100644 --- a/components/engine/docs/sources/api/registry_index_spec.rst +++ b/components/engine/docs/sources/api/registry_index_spec.rst @@ -15,11 +15,13 @@ Registry & Index Spec --------- The Index is responsible for centralizing information about: + - User accounts - Checksums of the images - Public namespaces The Index has different components: + - Web UI - Meta-data store (comments, stars, list public repositories) - Authentication service @@ -27,7 +29,7 @@ The Index has different components: The index is authoritative for those information. -We expect that there will be only one instance of the index, run and managed by dotCloud. +We expect that there will be only one instance of the index, run and managed by Docker Inc. 1.2 Registry ------------ @@ -53,12 +55,16 @@ We expect that there will be multiple registries out there. To help to grasp the - local mount point; - remote docker addressed through SSH. -The latter would only require two new commands in docker, e.g. “registryget” and “registryput”, wrapping access to the local filesystem (and optionally doing consistency checks). Authentication and authorization are then delegated to SSH (e.g. with public keys). +The latter would only require two new commands in docker, e.g. ``registryget`` +and ``registryput``, wrapping access to the local filesystem (and optionally +doing consistency checks). Authentication and authorization are then delegated +to SSH (e.g. with public keys). 1.3 Docker ---------- On top of being a runtime for LXC, Docker is the Registry client. It supports: + - Push / Pull on the registry - Client authentication on the Index @@ -72,21 +78,33 @@ On top of being a runtime for LXC, Docker is the Registry client. It supports: 1. Contact the Index to know where I should download “samalba/busybox” 2. Index replies: - a. “samalba/busybox” is on Registry A - b. here are the checksums for “samalba/busybox” (for all layers) + a. ``samalba/busybox`` is on Registry A + b. here are the checksums for ``samalba/busybox`` (for all layers) c. token -3. Contact Registry A to receive the layers for “samalba/busybox” (all of them to the base image). Registry A is authoritative for “samalba/busybox” but keeps a copy of all inherited layers and serve them all from the same location. +3. Contact Registry A to receive the layers for ``samalba/busybox`` (all of them to the base image). Registry A is authoritative for “samalba/busybox” but keeps a copy of all inherited layers and serve them all from the same location. 4. registry contacts index to verify if token/user is allowed to download images 5. Index returns true/false lettings registry know if it should proceed or error out 6. Get the payload for all layers -It’s possible to run docker pull \https:///repositories/samalba/busybox. In this case, docker bypasses the Index. However the security is not guaranteed (in case Registry A is corrupted) because there won’t be any checksum checks. +It's possible to run: -Currently registry redirects to s3 urls for downloads, going forward all downloads need to be streamed through the registry. The Registry will then abstract the calls to S3 by a top-level class which implements sub-classes for S3 and local storage. +.. code-block:: bash -Token is only returned when the 'X-Docker-Token' header is sent with request. + docker pull https:///repositories/samalba/busybox -Basic Auth is required to pull private repos. Basic auth isn't required for pulling public repos, but if one is provided, it needs to be valid and for an active account. +In this case, Docker bypasses the Index. However the security is not guaranteed +(in case Registry A is corrupted) because there won’t be any checksum checks. + +Currently registry redirects to s3 urls for downloads, going forward all +downloads need to be streamed through the registry. The Registry will then +abstract the calls to S3 by a top-level class which implements sub-classes for +S3 and local storage. + +Token is only returned when the ``X-Docker-Token`` header is sent with request. + +Basic Auth is required to pull private repos. Basic auth isn't required for +pulling public repos, but if one is provided, it needs to be valid and for an +active account. API (pulling repository foo/bar): ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -155,7 +173,9 @@ API (pulling repository foo/bar): **Index can be replaced!** For a private Registry deployed, a custom Index can be used to serve and validate token according to different policies. -Docker computes the checksums and submit them to the Index at the end of the push. When a repository name does not have checksums on the Index, it means that the push is in progress (since checksums are submitted at the end). +Docker computes the checksums and submit them to the Index at the end of the +push. When a repository name does not have checksums on the Index, it means +that the push is in progress (since checksums are submitted at the end). API (pushing repos foo/bar): ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -237,10 +257,11 @@ API (pushing repos foo/bar): 2.3 Delete ---------- -If you need to delete something from the index or registry, we need a nice clean way to do that. Here is the workflow. +If you need to delete something from the index or registry, we need a nice +clean way to do that. Here is the workflow. -1. Docker contacts the index to request a delete of a repository “samalba/busybox” (authentication required with user credentials) -2. If authentication works and repository is valid, “samalba/busybox” is marked as deleted and a temporary token is returned +1. Docker contacts the index to request a delete of a repository ``samalba/busybox`` (authentication required with user credentials) +2. If authentication works and repository is valid, ``samalba/busybox`` is marked as deleted and a temporary token is returned 3. Send a delete request to the registry for the repository (along with the token) 4. Registry A contacts the Index to verify the token (token must corresponds to the repository name) 5. Index validates the token. Registry A deletes the repository and everything associated to it. @@ -312,24 +333,40 @@ The Index has two main purposes (along with its fancy social features): 3.1 Without an Index -------------------- -Using the Registry without the Index can be useful to store the images on a private network without having to rely on an external entity controlled by dotCloud. -In this case, the registry will be launched in a special mode (--standalone? --no-index?). In this mode, the only thing which changes is that Registry will never contact the Index to verify a token. It will be the Registry owner responsibility to authenticate the user who pushes (or even pulls) an image using any mechanism (HTTP auth, IP based, etc...). +Using the Registry without the Index can be useful to store the images on a +private network without having to rely on an external entity controlled by +Docker Inc. -In this scenario, the Registry is responsible for the security in case of data corruption since the checksums are not delivered by a trusted entity. +In this case, the registry will be launched in a special mode (--standalone? +--no-index?). In this mode, the only thing which changes is that Registry will +never contact the Index to verify a token. It will be the Registry owner +responsibility to authenticate the user who pushes (or even pulls) an image +using any mechanism (HTTP auth, IP based, etc...). -As hinted previously, a standalone registry can also be implemented by any HTTP server handling GET/PUT requests (or even only GET requests if no write access is necessary). +In this scenario, the Registry is responsible for the security in case of data +corruption since the checksums are not delivered by a trusted entity. + +As hinted previously, a standalone registry can also be implemented by any HTTP +server handling GET/PUT requests (or even only GET requests if no write access +is necessary). 3.2 With an Index ----------------- The Index data needed by the Registry are simple: + - Serve the checksums - Provide and authorize a Token -In the scenario of a Registry running on a private network with the need of centralizing and authorizing, it’s easy to use a custom Index. +In the scenario of a Registry running on a private network with the need of +centralizing and authorizing, it’s easy to use a custom Index. -The only challenge will be to tell Docker to contact (and trust) this custom Index. Docker will be configurable at some point to use a specific Index, it’ll be the private entity responsibility (basically the organization who uses Docker in a private environment) to maintain the Index and the Docker’s configuration among its consumers. +The only challenge will be to tell Docker to contact (and trust) this custom +Index. Docker will be configurable at some point to use a specific Index, it’ll +be the private entity responsibility (basically the organization who uses +Docker in a private environment) to maintain the Index and the Docker’s +configuration among its consumers. 4. The API ========== @@ -339,16 +376,22 @@ The first version of the api is available here: https://github.com/jpetazzo/dock 4.1 Images ---------- -The format returned in the images is not defined here (for layer and json), basically because Registry stores exactly the same kind of information as Docker uses to manage them. +The format returned in the images is not defined here (for layer and JSON), +basically because Registry stores exactly the same kind of information as +Docker uses to manage them. -The format of ancestry is a line-separated list of image ids, in age order. I.e. the image’s parent is on the last line, the parent of the parent on the next-to-last line, etc.; if the image has no parent, the file is empty. +The format of ancestry is a line-separated list of image ids, in age order, +i.e. the image’s parent is on the last line, the parent of the parent on the +next-to-last line, etc.; if the image has no parent, the file is empty. -GET /v1/images//layer -PUT /v1/images//layer -GET /v1/images//json -PUT /v1/images//json -GET /v1/images//ancestry -PUT /v1/images//ancestry +.. code-block:: bash + + GET /v1/images//layer + PUT /v1/images//layer + GET /v1/images//json + PUT /v1/images//json + GET /v1/images//ancestry + PUT /v1/images//ancestry 4.2 Users --------- @@ -393,7 +436,9 @@ PUT /v1/users/ 4.2.3 Login (Index) ^^^^^^^^^^^^^^^^^^^ -Does nothing else but asking for a user authentication. Can be used to validate credentials. HTTP Basic Auth for now, maybe change in future. + +Does nothing else but asking for a user authentication. Can be used to validate +credentials. HTTP Basic Auth for now, maybe change in future. GET /v1/users @@ -405,7 +450,10 @@ GET /v1/users 4.3 Tags (Registry) ------------------- -The Registry does not know anything about users. Even though repositories are under usernames, it’s just a namespace for the registry. Allowing us to implement organizations or different namespaces per user later, without modifying the Registry’s API. +The Registry does not know anything about users. Even though repositories are +under usernames, it’s just a namespace for the registry. Allowing us to +implement organizations or different namespaces per user later, without +modifying the Registry’s API. The following naming restrictions apply: @@ -439,7 +487,10 @@ DELETE /v1/repositories///tags/ 4.4 Images (Index) ------------------ -For the Index to “resolve” the repository name to a Registry location, it uses the X-Docker-Endpoints header. In other terms, this requests always add a “X-Docker-Endpoints” to indicate the location of the registry which hosts this repository. +For the Index to “resolve” the repository name to a Registry location, it uses +the X-Docker-Endpoints header. In other terms, this requests always add a +``X-Docker-Endpoints`` to indicate the location of the registry which hosts this +repository. 4.4.1 Get the images ^^^^^^^^^^^^^^^^^^^^^ @@ -484,17 +535,20 @@ Return 202 OK ====================== It’s possible to chain Registries server for several reasons: + - Load balancing - Delegate the next request to another server -When a Registry is a reference for a repository, it should host the entire images chain in order to avoid breaking the chain during the download. +When a Registry is a reference for a repository, it should host the entire +images chain in order to avoid breaking the chain during the download. The Index and Registry use this mechanism to redirect on one or the other. Example with an image download: -On every request, a special header can be returned: -X-Docker-Endpoints: server1,server2 +On every request, a special header can be returned:: + + X-Docker-Endpoints: server1,server2 On the next request, the client will always pick a server from this list. @@ -504,7 +558,8 @@ On the next request, the client will always pick a server from this list. 6.1 On the Index ----------------- -The Index supports both “Basic” and “Token” challenges. Usually when there is a “401 Unauthorized”, the Index replies this:: +The Index supports both “Basic” and “Token” challenges. Usually when there is a +``401 Unauthorized``, the Index replies this:: 401 Unauthorized WWW-Authenticate: Basic realm="auth required",Token @@ -543,11 +598,13 @@ The Registry only supports the Token challenge:: 401 Unauthorized WWW-Authenticate: Token -The only way is to provide a token on “401 Unauthorized” responses:: +The only way is to provide a token on ``401 Unauthorized`` responses:: - Authorization: Token signature=123abc,repository=”foo/bar”,access=read + Authorization: Token signature=123abc,repository="foo/bar",access=read -Usually, the Registry provides a Cookie when a Token verification succeeded. Every time the Registry passes a Cookie, you have to pass it back the same cookie.:: +Usually, the Registry provides a Cookie when a Token verification succeeded. +Every time the Registry passes a Cookie, you have to pass it back the same +cookie.:: 200 OK Set-Cookie: session="wD/J7LqL5ctqw8haL10vgfhrb2Q=?foo=UydiYXInCnAxCi4=×tamp=RjEzNjYzMTQ5NDcuNDc0NjQzCi4="; Path=/; HttpOnly From 562f5b51cb50df2e5633c9a4f8f032ff662499d7 Mon Sep 17 00:00:00 2001 From: apocas Date: Mon, 23 Dec 2013 21:21:01 +0000 Subject: [PATCH 083/126] http method typo in documentation for events endpoint (all api versions) Upstream-commit: 614bc5c1e1e4f134f9844844ef7d8171c7f0d598 Component: engine --- components/engine/docs/sources/api/docker_remote_api_v1.3.rst | 2 +- components/engine/docs/sources/api/docker_remote_api_v1.4.rst | 2 +- components/engine/docs/sources/api/docker_remote_api_v1.5.rst | 2 +- components/engine/docs/sources/api/docker_remote_api_v1.6.rst | 2 +- components/engine/docs/sources/api/docker_remote_api_v1.7.rst | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/components/engine/docs/sources/api/docker_remote_api_v1.3.rst b/components/engine/docs/sources/api/docker_remote_api_v1.3.rst index b6661bfdb6..ab452798b9 100644 --- a/components/engine/docs/sources/api/docker_remote_api_v1.3.rst +++ b/components/engine/docs/sources/api/docker_remote_api_v1.3.rst @@ -1078,7 +1078,7 @@ Monitor Docker's events .. sourcecode:: http - POST /events?since=1374067924 + GET /events?since=1374067924 **Example response**: diff --git a/components/engine/docs/sources/api/docker_remote_api_v1.4.rst b/components/engine/docs/sources/api/docker_remote_api_v1.4.rst index 0441e068d0..5c8884b16f 100644 --- a/components/engine/docs/sources/api/docker_remote_api_v1.4.rst +++ b/components/engine/docs/sources/api/docker_remote_api_v1.4.rst @@ -1122,7 +1122,7 @@ Monitor Docker's events .. sourcecode:: http - POST /events?since=1374067924 + GET /events?since=1374067924 **Example response**: diff --git a/components/engine/docs/sources/api/docker_remote_api_v1.5.rst b/components/engine/docs/sources/api/docker_remote_api_v1.5.rst index 8cd501e2a1..609fc6b056 100644 --- a/components/engine/docs/sources/api/docker_remote_api_v1.5.rst +++ b/components/engine/docs/sources/api/docker_remote_api_v1.5.rst @@ -1093,7 +1093,7 @@ Monitor Docker's events .. sourcecode:: http - POST /events?since=1374067924 + GET /events?since=1374067924 **Example response**: diff --git a/components/engine/docs/sources/api/docker_remote_api_v1.6.rst b/components/engine/docs/sources/api/docker_remote_api_v1.6.rst index 25be478a1b..df53275a4f 100644 --- a/components/engine/docs/sources/api/docker_remote_api_v1.6.rst +++ b/components/engine/docs/sources/api/docker_remote_api_v1.6.rst @@ -1228,7 +1228,7 @@ Monitor Docker's events .. sourcecode:: http - POST /events?since=1374067924 + GET /events?since=1374067924 **Example response**: diff --git a/components/engine/docs/sources/api/docker_remote_api_v1.7.rst b/components/engine/docs/sources/api/docker_remote_api_v1.7.rst index 9857948732..edc2f28c9f 100644 --- a/components/engine/docs/sources/api/docker_remote_api_v1.7.rst +++ b/components/engine/docs/sources/api/docker_remote_api_v1.7.rst @@ -1159,7 +1159,7 @@ Monitor Docker's events .. sourcecode:: http - POST /events?since=1374067924 + GET /events?since=1374067924 **Example response**: From c952ec0ff76a80349d129d4d442ec4b515fe1a8f Mon Sep 17 00:00:00 2001 From: Tzu-Jung Lee Date: Mon, 23 Dec 2013 14:42:04 -0800 Subject: [PATCH 084/126] docker-top: improve error message for non-running containers Signed-off-by: Tzu-Jung Lee Upstream-commit: b1a3a5580285b58d643ff0c09c263f78d1088f37 Component: engine --- components/engine/server.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/components/engine/server.go b/components/engine/server.go index 3040494196..312a362800 100644 --- a/components/engine/server.go +++ b/components/engine/server.go @@ -698,6 +698,9 @@ func (srv *Server) ImageHistory(name string) ([]APIHistory, error) { func (srv *Server) ContainerTop(name, psArgs string) (*APITop, error) { if container := srv.runtime.Get(name); container != nil { + if !container.State.IsRunning() { + return nil, fmt.Errorf("Container %s is not running", name) + } pids, err := utils.GetPidsForContainer(container.ID) if err != nil { return nil, err From 60759a8d1a77405141dd6da22eb0bba66a3991cf Mon Sep 17 00:00:00 2001 From: Solomon Hykes Date: Mon, 23 Dec 2013 23:07:01 +0000 Subject: [PATCH 085/126] Move utility package 'systemd' to pkg/systemd Upstream-commit: 8e7db0432e21adb3a753188d5321ce1165fa8964 Component: engine --- components/engine/api.go | 2 +- components/engine/{ => pkg}/systemd/sd_notify.go | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename components/engine/{ => pkg}/systemd/sd_notify.go (100%) diff --git a/components/engine/api.go b/components/engine/api.go index da1fa9edee..1128c7a2b7 100644 --- a/components/engine/api.go +++ b/components/engine/api.go @@ -10,7 +10,7 @@ import ( "fmt" "github.com/dotcloud/docker/archive" "github.com/dotcloud/docker/auth" - "github.com/dotcloud/docker/systemd" + "github.com/dotcloud/docker/pkg/systemd" "github.com/dotcloud/docker/utils" "github.com/gorilla/mux" "io" diff --git a/components/engine/systemd/sd_notify.go b/components/engine/pkg/systemd/sd_notify.go similarity index 100% rename from components/engine/systemd/sd_notify.go rename to components/engine/pkg/systemd/sd_notify.go From 3df2c5ea875cdfdb9ac0bf95583025113d380b65 Mon Sep 17 00:00:00 2001 From: Solomon Hykes Date: Mon, 23 Dec 2013 23:12:19 +0000 Subject: [PATCH 086/126] Add README to pkg Upstream-commit: 652c2c2a80cd119ffb8017c25e741ddad9399236 Component: engine --- components/engine/pkg/README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 components/engine/pkg/README.md diff --git a/components/engine/pkg/README.md b/components/engine/pkg/README.md new file mode 100644 index 0000000000..c4b78a8ad8 --- /dev/null +++ b/components/engine/pkg/README.md @@ -0,0 +1,11 @@ +pkg/ is a collection of utility packages used by the Docker project without being specific to its internals. + +Utility packages are kept separate from the docker core codebase to keep it as small and concise as possible. +If some utilities grow larger and their APIs stabilize, they may be moved to their own repository under the +Docker organization, to facilitate re-use by other projects. However that is not the priority. + +The directory `pkg` is named after the same directory in the camlistore project. Since Brad is a core +Go maintainer, we thought it made sense to copy his methods for organizing Go code :) Thanks Brad! + +Because utility packages are small and neatly separated from the rest of the codebase, they are a good +place to start for aspiring maintainers and contributors. Get in touch if you want to help maintain them! From 10227320c8e96a36c370628b98ba293363e4e182 Mon Sep 17 00:00:00 2001 From: Solomon Hykes Date: Mon, 23 Dec 2013 23:33:06 +0000 Subject: [PATCH 087/126] Move utility package 'graphdb' to pkg/graphdb Upstream-commit: d16d748132330ff58e142472a579d1f6c65e3eac Component: engine --- components/engine/{ => pkg}/graphdb/MAINTAINERS | 0 components/engine/{ => pkg}/graphdb/conn_darwin.go | 0 components/engine/{ => pkg}/graphdb/conn_linux.go | 0 components/engine/{ => pkg}/graphdb/graphdb.go | 0 components/engine/{ => pkg}/graphdb/graphdb_test.go | 0 components/engine/{ => pkg}/graphdb/sort.go | 0 components/engine/{ => pkg}/graphdb/sort_test.go | 0 components/engine/{ => pkg}/graphdb/utils.go | 0 components/engine/runtime.go | 2 +- components/engine/server.go | 2 +- 10 files changed, 2 insertions(+), 2 deletions(-) rename components/engine/{ => pkg}/graphdb/MAINTAINERS (100%) rename components/engine/{ => pkg}/graphdb/conn_darwin.go (100%) rename components/engine/{ => pkg}/graphdb/conn_linux.go (100%) rename components/engine/{ => pkg}/graphdb/graphdb.go (100%) rename components/engine/{ => pkg}/graphdb/graphdb_test.go (100%) rename components/engine/{ => pkg}/graphdb/sort.go (100%) rename components/engine/{ => pkg}/graphdb/sort_test.go (100%) rename components/engine/{ => pkg}/graphdb/utils.go (100%) diff --git a/components/engine/graphdb/MAINTAINERS b/components/engine/pkg/graphdb/MAINTAINERS similarity index 100% rename from components/engine/graphdb/MAINTAINERS rename to components/engine/pkg/graphdb/MAINTAINERS diff --git a/components/engine/graphdb/conn_darwin.go b/components/engine/pkg/graphdb/conn_darwin.go similarity index 100% rename from components/engine/graphdb/conn_darwin.go rename to components/engine/pkg/graphdb/conn_darwin.go diff --git a/components/engine/graphdb/conn_linux.go b/components/engine/pkg/graphdb/conn_linux.go similarity index 100% rename from components/engine/graphdb/conn_linux.go rename to components/engine/pkg/graphdb/conn_linux.go diff --git a/components/engine/graphdb/graphdb.go b/components/engine/pkg/graphdb/graphdb.go similarity index 100% rename from components/engine/graphdb/graphdb.go rename to components/engine/pkg/graphdb/graphdb.go diff --git a/components/engine/graphdb/graphdb_test.go b/components/engine/pkg/graphdb/graphdb_test.go similarity index 100% rename from components/engine/graphdb/graphdb_test.go rename to components/engine/pkg/graphdb/graphdb_test.go diff --git a/components/engine/graphdb/sort.go b/components/engine/pkg/graphdb/sort.go similarity index 100% rename from components/engine/graphdb/sort.go rename to components/engine/pkg/graphdb/sort.go diff --git a/components/engine/graphdb/sort_test.go b/components/engine/pkg/graphdb/sort_test.go similarity index 100% rename from components/engine/graphdb/sort_test.go rename to components/engine/pkg/graphdb/sort_test.go diff --git a/components/engine/graphdb/utils.go b/components/engine/pkg/graphdb/utils.go similarity index 100% rename from components/engine/graphdb/utils.go rename to components/engine/pkg/graphdb/utils.go diff --git a/components/engine/runtime.go b/components/engine/runtime.go index 2ecaf12086..7c7f722c5d 100644 --- a/components/engine/runtime.go +++ b/components/engine/runtime.go @@ -4,7 +4,7 @@ import ( "container/list" "fmt" "github.com/dotcloud/docker/archive" - "github.com/dotcloud/docker/graphdb" + "github.com/dotcloud/docker/pkg/graphdb" "github.com/dotcloud/docker/graphdriver" "github.com/dotcloud/docker/graphdriver/aufs" _ "github.com/dotcloud/docker/graphdriver/devmapper" diff --git a/components/engine/server.go b/components/engine/server.go index 3040494196..7840c16279 100644 --- a/components/engine/server.go +++ b/components/engine/server.go @@ -7,7 +7,7 @@ import ( "github.com/dotcloud/docker/archive" "github.com/dotcloud/docker/auth" "github.com/dotcloud/docker/engine" - "github.com/dotcloud/docker/graphdb" + "github.com/dotcloud/docker/pkg/graphdb" "github.com/dotcloud/docker/registry" "github.com/dotcloud/docker/utils" "io" From e7204ea88ebbdcd6c4a731723c53067caf161e6d Mon Sep 17 00:00:00 2001 From: Solomon Hykes Date: Mon, 23 Dec 2013 23:39:39 +0000 Subject: [PATCH 088/126] Move utility package 'netlink' to pkg/netlink Upstream-commit: f6b91262a77b2e70da8572850dd8b56d92384dfe Component: engine --- components/engine/network.go | 2 +- components/engine/{ => pkg}/netlink/netlink_darwin.go | 0 components/engine/{ => pkg}/netlink/netlink_linux.go | 0 components/engine/sysinit/sysinit.go | 2 +- 4 files changed, 2 insertions(+), 2 deletions(-) rename components/engine/{ => pkg}/netlink/netlink_darwin.go (100%) rename components/engine/{ => pkg}/netlink/netlink_linux.go (100%) diff --git a/components/engine/network.go b/components/engine/network.go index 9cb6231855..5ee5c4bee8 100644 --- a/components/engine/network.go +++ b/components/engine/network.go @@ -5,7 +5,7 @@ import ( "errors" "fmt" "github.com/dotcloud/docker/iptables" - "github.com/dotcloud/docker/netlink" + "github.com/dotcloud/docker/pkg/netlink" "github.com/dotcloud/docker/proxy" "github.com/dotcloud/docker/utils" "log" diff --git a/components/engine/netlink/netlink_darwin.go b/components/engine/pkg/netlink/netlink_darwin.go similarity index 100% rename from components/engine/netlink/netlink_darwin.go rename to components/engine/pkg/netlink/netlink_darwin.go diff --git a/components/engine/netlink/netlink_linux.go b/components/engine/pkg/netlink/netlink_linux.go similarity index 100% rename from components/engine/netlink/netlink_linux.go rename to components/engine/pkg/netlink/netlink_linux.go diff --git a/components/engine/sysinit/sysinit.go b/components/engine/sysinit/sysinit.go index 01c7473b5d..f906b7d2dd 100644 --- a/components/engine/sysinit/sysinit.go +++ b/components/engine/sysinit/sysinit.go @@ -4,7 +4,7 @@ import ( "encoding/json" "flag" "fmt" - "github.com/dotcloud/docker/netlink" + "github.com/dotcloud/docker/pkg/netlink" "github.com/dotcloud/docker/utils" "github.com/syndtr/gocapability/capability" "io/ioutil" From a481c1b450352a8a503bea359c5d623c95db411f Mon Sep 17 00:00:00 2001 From: Solomon Hykes Date: Mon, 23 Dec 2013 23:42:37 +0000 Subject: [PATCH 089/126] Move utility package 'term' to pkg/term Upstream-commit: 7ce7516c12f58aa71cd055b7c0bef6585d3f2ab3 Component: engine --- components/engine/commands.go | 2 +- components/engine/container.go | 2 +- components/engine/integration/commands_test.go | 2 +- components/engine/{ => pkg}/term/MAINTAINERS | 0 components/engine/{ => pkg}/term/term.go | 0 components/engine/{ => pkg}/term/termios_darwin.go | 0 components/engine/{ => pkg}/term/termios_linux.go | 0 components/engine/utils/jsonmessage.go | 2 +- 8 files changed, 4 insertions(+), 4 deletions(-) rename components/engine/{ => pkg}/term/MAINTAINERS (100%) rename components/engine/{ => pkg}/term/term.go (100%) rename components/engine/{ => pkg}/term/termios_darwin.go (100%) rename components/engine/{ => pkg}/term/termios_linux.go (100%) diff --git a/components/engine/commands.go b/components/engine/commands.go index ff4b12e942..0627261d53 100644 --- a/components/engine/commands.go +++ b/components/engine/commands.go @@ -13,7 +13,7 @@ import ( "github.com/dotcloud/docker/auth" "github.com/dotcloud/docker/engine" "github.com/dotcloud/docker/registry" - "github.com/dotcloud/docker/term" + "github.com/dotcloud/docker/pkg/term" "github.com/dotcloud/docker/utils" "io" "io/ioutil" diff --git a/components/engine/container.go b/components/engine/container.go index bb591669af..532a697839 100644 --- a/components/engine/container.go +++ b/components/engine/container.go @@ -8,7 +8,7 @@ import ( "github.com/dotcloud/docker/archive" "github.com/dotcloud/docker/graphdriver" "github.com/dotcloud/docker/mount" - "github.com/dotcloud/docker/term" + "github.com/dotcloud/docker/pkg/term" "github.com/dotcloud/docker/utils" "github.com/kr/pty" "io" diff --git a/components/engine/integration/commands_test.go b/components/engine/integration/commands_test.go index af720f67e6..a4884470fb 100644 --- a/components/engine/integration/commands_test.go +++ b/components/engine/integration/commands_test.go @@ -5,7 +5,7 @@ import ( "fmt" "github.com/dotcloud/docker" "github.com/dotcloud/docker/engine" - "github.com/dotcloud/docker/term" + "github.com/dotcloud/docker/pkg/term" "github.com/dotcloud/docker/utils" "io" "io/ioutil" diff --git a/components/engine/term/MAINTAINERS b/components/engine/pkg/term/MAINTAINERS similarity index 100% rename from components/engine/term/MAINTAINERS rename to components/engine/pkg/term/MAINTAINERS diff --git a/components/engine/term/term.go b/components/engine/pkg/term/term.go similarity index 100% rename from components/engine/term/term.go rename to components/engine/pkg/term/term.go diff --git a/components/engine/term/termios_darwin.go b/components/engine/pkg/term/termios_darwin.go similarity index 100% rename from components/engine/term/termios_darwin.go rename to components/engine/pkg/term/termios_darwin.go diff --git a/components/engine/term/termios_linux.go b/components/engine/pkg/term/termios_linux.go similarity index 100% rename from components/engine/term/termios_linux.go rename to components/engine/pkg/term/termios_linux.go diff --git a/components/engine/utils/jsonmessage.go b/components/engine/utils/jsonmessage.go index cc467162f9..e06780fc1e 100644 --- a/components/engine/utils/jsonmessage.go +++ b/components/engine/utils/jsonmessage.go @@ -3,7 +3,7 @@ package utils import ( "encoding/json" "fmt" - "github.com/dotcloud/docker/term" + "github.com/dotcloud/docker/pkg/term" "io" "strings" "time" From a4e77f8375516686573e4941bc71feb039aaea0e Mon Sep 17 00:00:00 2001 From: Solomon Hykes Date: Mon, 23 Dec 2013 23:45:18 +0000 Subject: [PATCH 090/126] Move utility package 'namesgenerator' to pkg/namesgenerator Upstream-commit: a009d4ae8d67b40c0109865f4d83e6e294931ce7 Component: engine --- components/engine/{ => pkg}/namesgenerator/names-generator.go | 0 .../engine/{ => pkg}/namesgenerator/names-generator_test.go | 0 components/engine/utils.go | 2 +- 3 files changed, 1 insertion(+), 1 deletion(-) rename components/engine/{ => pkg}/namesgenerator/names-generator.go (100%) rename components/engine/{ => pkg}/namesgenerator/names-generator_test.go (100%) diff --git a/components/engine/namesgenerator/names-generator.go b/components/engine/pkg/namesgenerator/names-generator.go similarity index 100% rename from components/engine/namesgenerator/names-generator.go rename to components/engine/pkg/namesgenerator/names-generator.go diff --git a/components/engine/namesgenerator/names-generator_test.go b/components/engine/pkg/namesgenerator/names-generator_test.go similarity index 100% rename from components/engine/namesgenerator/names-generator_test.go rename to components/engine/pkg/namesgenerator/names-generator_test.go diff --git a/components/engine/utils.go b/components/engine/utils.go index 96dd9ed442..5bcc678184 100644 --- a/components/engine/utils.go +++ b/components/engine/utils.go @@ -3,7 +3,7 @@ package docker import ( "fmt" "github.com/dotcloud/docker/archive" - "github.com/dotcloud/docker/namesgenerator" + "github.com/dotcloud/docker/pkg/namesgenerator" "github.com/dotcloud/docker/utils" "io/ioutil" "strconv" From 7db2296200bd17783bd20a3dc9a102e5f40245f3 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 23 Dec 2013 23:31:53 -0700 Subject: [PATCH 091/126] Update cross and tgz to play nicely together (creating a tgz for each supported OS/ARCH), and update release.sh to upload binaries and tgz files for all the supported OS/ARCH combos Upstream-commit: 4100e9b7df5cbce855b47b3625d34c9667e40dc1 Component: engine --- components/engine/Makefile | 2 +- components/engine/hack/make/cross | 14 +++- components/engine/hack/make/tgz | 34 +++++---- components/engine/hack/release.sh | 122 +++++++++++++++++++++--------- 4 files changed, 120 insertions(+), 52 deletions(-) diff --git a/components/engine/Makefile b/components/engine/Makefile index 613425531b..86b2a0207f 100644 --- a/components/engine/Makefile +++ b/components/engine/Makefile @@ -11,7 +11,7 @@ binary: build $(DOCKER_RUN_DOCKER) hack/make.sh binary cross: build - $(DOCKER_RUN_DOCKER) hack/make.sh cross + $(DOCKER_RUN_DOCKER) hack/make.sh binary cross docs: docker build -t docker-docs docs && docker run -p 8000:8000 docker-docs diff --git a/components/engine/hack/make/cross b/components/engine/hack/make/cross index fe68d7b4b8..a67ab6c28a 100644 --- a/components/engine/hack/make/cross +++ b/components/engine/hack/make/cross @@ -2,12 +2,22 @@ DEST=$1 +# if we have our linux/amd64 version compiled, let's symlink it in +if [ -x "$DEST/../binary/docker-$VERSION" ]; then + mkdir -p "$DEST/linux/amd64" + ( + cd "$DEST/linux/amd64" + ln -s ../../../binary/* ./ + ) + echo "Created symlinks:" "$DEST/linux/amd64/"* +fi + for platform in $DOCKER_CROSSPLATFORMS; do ( + mkdir -p "$DEST/$platform" # bundles/VERSION/cross/GOOS/GOARCH/docker-VERSION export GOOS=${platform%/*} export GOARCH=${platform##*/} - export VERSION="$GOOS-$GOARCH-$VERSION" # for a nice filename export LDFLAGS_STATIC="" # we just need a simple client for these platforms (TODO this might change someday) - source "$(dirname "$BASH_SOURCE")/binary" + source "$(dirname "$BASH_SOURCE")/binary" "$DEST/$platform" ) done diff --git a/components/engine/hack/make/tgz b/components/engine/hack/make/tgz index 86a7a9827d..5d03306322 100644 --- a/components/engine/hack/make/tgz +++ b/components/engine/hack/make/tgz @@ -1,23 +1,29 @@ #!/bin/bash DEST="$1" -BINARY="$DEST/../binary/docker-$VERSION" -TGZ="$DEST/docker-$VERSION.tgz" +CROSS="$DEST/../cross" set -e -if [ ! -x "$BINARY" ]; then - echo >&2 'error: binary must be run before tgz' +if [ ! -d "$CROSS/linux/amd64" ]; then + echo >&2 'error: binary and cross must be run before tgz' false fi -mkdir -p "$DEST/build" - -mkdir -p "$DEST/build/usr/local/bin" -cp -L "$BINARY" "$DEST/build/usr/local/bin/docker" - -tar --numeric-owner --owner 0 -C "$DEST/build" -czf "$TGZ" usr - -rm -rf "$DEST/build" - -echo "Created tgz: $TGZ" +for d in "$CROSS/"*/*; do + GOARCH="$(basename "$d")" + GOOS="$(basename "$(dirname "$d")")" + mkdir -p "$DEST/$GOOS/$GOARCH" + TGZ="$DEST/$GOOS/$GOARCH/docker-$VERSION.tgz" + + mkdir -p "$DEST/build" + + mkdir -p "$DEST/build/usr/local/bin" + cp -L "$d/docker-$VERSION" "$DEST/build/usr/local/bin/docker" + + tar --numeric-owner --owner 0 -C "$DEST/build" -czf "$TGZ" usr + + rm -rf "$DEST/build" + + echo "Created tgz: $TGZ" +done diff --git a/components/engine/hack/release.sh b/components/engine/hack/release.sh index 9021345eb2..d1278a4c36 100755 --- a/components/engine/hack/release.sh +++ b/components/engine/hack/release.sh @@ -114,6 +114,77 @@ s3_url() { esac } +release_build() { + GOOS=$1 + GOARCH=$2 + + BINARY=bundles/$VERSION/cross/$GOOS/$GOARCH/docker-$VERSION + TGZ=bundles/$VERSION/tgz/$GOOS/$GOARCH/docker-$VERSION.tgz + + # we need to map our GOOS and GOARCH to uname values + # see https://en.wikipedia.org/wiki/Uname + # ie, GOOS=linux -> "uname -s"=Linux + + S3OS=$GOOS + case "$S3OS" in + darwin) + S3OS=Darwin + ;; + freebsd) + S3OS=FreeBSD + ;; + linux) + S3OS=Linux + ;; + *) + echo >&2 "error: can't convert $S3OS to an appropriate value for 'uname -s'" + exit 1 + ;; + esac + + S3ARCH=$GOARCH + case "$S3ARCH" in + amd64) + S3ARCH=x86_64 + ;; + 386) + S3ARCH=i386 + ;; + arm) + # GOARCH is fine + ;; + *) + echo >&2 "error: can't convert $S3ARCH to an appropriate value for 'uname -m'" + exit 1 + ;; + esac + + S3DIR=s3://$BUCKET/builds/$S3OS/$S3ARCH + + if [ ! -x "$BINARY" ]; then + echo >&2 "error: can't find $BINARY - was it compiled properly?" + exit 1 + fi + if [ ! -f "$TGZ" ]; then + echo >&2 "error: can't find $TGZ - was it packaged properly?" + exit 1 + fi + + echo "Uploading $BINARY to $S3OS/$S3ARCH/docker-$VERSION" + s3cmd --follow-symlinks --preserve --acl-public put $BINARY $S3DIR/docker-$VERSION + + echo "Uploading $TGZ to $S3OS/$S3ARCH/docker-$VERSION.tgz" + s3cmd --follow-symlinks --preserve --acl-public put $TGZ $S3DIR/docker-$VERSION.tgz + + if [ -z "$NOLATEST" ]; then + echo "Copying $S3OS/$S3ARCH/docker-$VERSION to $S3OS/$S3ARCH/docker-latest" + s3cmd --acl-public cp $S3DIR/docker-$VERSION $S3DIR/docker-latest + + echo "Copying $S3OS/$S3ARCH/docker-$VERSION.tgz to $S3OS/$S3ARCH/docker-latest.tgz" + s3cmd --acl-public cp $S3DIR/docker-$VERSION.tgz $S3DIR/docker-latest.tgz + fi +} + # Upload the 'ubuntu' bundle to S3: # 1. A full APT repository is published at $BUCKET/ubuntu/ # 2. Instructions for using the APT repository are uploaded at $BUCKET/ubuntu/index @@ -190,31 +261,21 @@ EOF echo "APT repository uploaded. Instructions available at $(s3_url)/ubuntu" } -# Upload a tgz to S3 -release_tgz() { - [ -e bundles/$VERSION/tgz/docker-$VERSION.tgz ] || { - echo >&2 './hack/make.sh must be run before release_binary' +# Upload binaries and tgz files to S3 +release_binaries() { + [ -e bundles/$VERSION/cross/linux/amd64/docker-$VERSION ] || { + echo >&2 './hack/make.sh must be run before release_binaries' exit 1 } - S3DIR=s3://$BUCKET/builds/Linux/x86_64 - s3cmd --acl-public put bundles/$VERSION/tgz/docker-$VERSION.tgz $S3DIR/docker-$VERSION.tgz + for d in bundles/$VERSION/cross/*/*; do + GOARCH="$(basename "$d")" + GOOS="$(basename "$(dirname "$d")")" + release_build "$GOOS" "$GOARCH" + done - if [ -z "$NOLATEST" ]; then - echo "Copying docker-$VERSION.tgz to docker-latest.tgz" - s3cmd --acl-public cp $S3DIR/docker-$VERSION.tgz $S3DIR/docker-latest.tgz - fi -} + # TODO create redirect from builds/*/i686 to builds/*/i386 -# Upload a static binary to S3 -release_binary() { - [ -e bundles/$VERSION/binary/docker-$VERSION ] || { - echo >&2 './hack/make.sh must be run before release_binary' - exit 1 - } - - S3DIR=s3://$BUCKET/builds/Linux/x86_64 - s3cmd --acl-public put bundles/$VERSION/binary/docker-$VERSION $S3DIR/docker-$VERSION cat <&2 './hack/make.sh must be run before release_binary' - exit 1 - } - - # TODO find out from @shykes what URLs he'd like to use here -} - # Upload the index script release_index() { sed "s,https://get.docker.io/,$(s3_url)/," hack/install.sh | write_to_s3 s3://$BUCKET/index @@ -257,12 +306,15 @@ release_test() { main() { setup_s3 - release_binary - release_cross - release_tgz + release_binaries release_ubuntu release_index release_test } main + +echo +echo +echo "Release complete; see $(s3_url)" +echo From 4fb94b472ac8f93bb14736d3454c7483996ae4dc Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Tue, 24 Dec 2013 13:01:59 -0500 Subject: [PATCH 092/126] Fixed #3039 - Added clarify on port options in API Upstream-commit: d2d8a4a6c507bc8e7d591925276d79d89ce6beaf Component: engine --- .../engine/docs/sources/api/docker_remote_api_v1.7.rst | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/components/engine/docs/sources/api/docker_remote_api_v1.7.rst b/components/engine/docs/sources/api/docker_remote_api_v1.7.rst index c985f4f018..c33b276d25 100644 --- a/components/engine/docs/sources/api/docker_remote_api_v1.7.rst +++ b/components/engine/docs/sources/api/docker_remote_api_v1.7.rst @@ -136,9 +136,11 @@ Create a container }, "VolumesFrom":"", "WorkingDir":"" - + "ExposedPorts":{ + "22/tcp": {} + } } - + **Example response**: .. sourcecode:: http @@ -363,11 +365,11 @@ Start a container { "Binds":["/tmp:/tmp"], "LxcConf":{"lxc.utsname":"docker"}, - "PortBindings":null, + "PortBindings":{ "22/tcp": [{ "HostPort": "11022" }] }, "Privileged":false, "PublishAllPorts":false } - + Binds need to reference Volumes that were defined during container creation. **Example response**: From 044c307631d4c0c03af03ce2bfa7795f47e48cac Mon Sep 17 00:00:00 2001 From: Ben Wiklund Date: Tue, 24 Dec 2013 16:37:00 -0800 Subject: [PATCH 093/126] small batch of edits/corrections to comments Upstream-commit: 0fccf0f68655fd01973e4c00bbb063fad1bce56c Component: engine --- components/engine/AUTHORS | 1 + components/engine/archive/changes_test.go | 2 +- components/engine/archive/diff.go | 14 +++++++------- components/engine/archive/stat_linux.go | 2 +- components/engine/auth/auth.go | 10 +++++----- components/engine/engine/engine_test.go | 2 +- 6 files changed, 16 insertions(+), 15 deletions(-) diff --git a/components/engine/AUTHORS b/components/engine/AUTHORS index 2476208d13..f9ee14854b 100644 --- a/components/engine/AUTHORS +++ b/components/engine/AUTHORS @@ -20,6 +20,7 @@ Antony Messerli Asbjørn Enge Barry Allard Ben Toews +Ben Wiklund Benoit Chesneau Bhiraj Butala Bouke Haarsma diff --git a/components/engine/archive/changes_test.go b/components/engine/archive/changes_test.go index e11ed90ac1..1302b76f47 100644 --- a/components/engine/archive/changes_test.go +++ b/components/engine/archive/changes_test.go @@ -296,6 +296,6 @@ func TestApplyLayer(t *testing.T) { } if len(changes2) != 0 { - t.Fatalf("Unexpected differences after re applying mutation: %v", changes2) + t.Fatalf("Unexpected differences after reapplying mutation: %v", changes2) } } diff --git a/components/engine/archive/diff.go b/components/engine/archive/diff.go index 72a53de02e..464d57a742 100644 --- a/components/engine/archive/diff.go +++ b/components/engine/archive/diff.go @@ -11,9 +11,9 @@ import ( "time" ) -// Linux device nodes are a bit weird due to backwards compat with 16 bit device nodes -// The lower 8 bit is the lower 8 bit in the minor, the following 12 bits are the major, -// and then there is the top 12 bits of then minor +// Linux device nodes are a bit weird due to backwards compat with 16 bit device nodes. +// They are, from low to high: the lower 8 bits of the minor, then 12 bits of the major, +// then the top 12 bits of the minor func mkdev(major int64, minor int64) uint32 { return uint32(((minor & 0xfff00) << 12) | ((major & 0xfff) << 8) | (minor & 0xff)) } @@ -58,9 +58,9 @@ func ApplyLayer(dest string, layer Archive) error { hdr.Name = filepath.Clean(hdr.Name) if !strings.HasSuffix(hdr.Name, "/") { - // Not the root directory, ensure that the parent directory exists + // Not the root directory, ensure that the parent directory exists. // This happened in some tests where an image had a tarfile without any - // parent directories + // parent directories. parent := filepath.Dir(hdr.Name) parentPath := filepath.Join(dest, parent) if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) { @@ -85,7 +85,7 @@ func ApplyLayer(dest string, layer Archive) error { return err } } else { - // If path exits we almost always just want to remove and replace it + // If path exits we almost always just want to remove and replace it. // The only exception is when it is a directory *and* the file from // the layer is also a directory. Then we want to merge them (i.e. // just apply the metadata from the layer). @@ -155,7 +155,7 @@ func ApplyLayer(dest string, layer Archive) error { return err } - // There is no LChmod, so ignore mode for symlink. Also, this + // There is no LChmod, so ignore mode for symlink. Also, this // must happen after chown, as that can modify the file mode if hdr.Typeflag != tar.TypeSymlink { err = syscall.Chmod(path, uint32(hdr.Mode&07777)) diff --git a/components/engine/archive/stat_linux.go b/components/engine/archive/stat_linux.go index 2203a46aff..2f7a520ccd 100644 --- a/components/engine/archive/stat_linux.go +++ b/components/engine/archive/stat_linux.go @@ -14,7 +14,7 @@ func getLastModification(stat *syscall.Stat_t) syscall.Timespec { } func LUtimesNano(path string, ts []syscall.Timespec) error { - // These are not currently availible in syscall + // These are not currently available in syscall AT_FDCWD := -100 AT_SYMLINK_NOFOLLOW := 0x100 diff --git a/components/engine/auth/auth.go b/components/engine/auth/auth.go index e88fb908f9..770a6a0c0f 100644 --- a/components/engine/auth/auth.go +++ b/components/engine/auth/auth.go @@ -163,7 +163,7 @@ func Login(authConfig *AuthConfig, factory *utils.HTTPRequestFactory) (string, e loginAgainstOfficialIndex := serverAddress == IndexServerAddress() - // to avoid sending the server address to the server it should be removed before marshalled + // to avoid sending the server address to the server it should be removed before being marshalled authCopy := *authConfig authCopy.ServerAddress = "" @@ -254,11 +254,11 @@ func (config *ConfigFile) ResolveAuthConfig(registry string) AuthConfig { // default to the index server return config.Configs[IndexServerAddress()] } - // if its not the index server there are three cases: + // if it's not the index server there are three cases: // - // 1. this is a full config url -> it should be used as is - // 2. it could be a full url, but with the wrong protocol - // 3. it can be the hostname optionally with a port + // 1. a full config url -> it should be used as is + // 2. a full url, but with the wrong protocol + // 3. a hostname, with an optional port // // as there is only one auth entry which is fully qualified we need to start // parsing and matching diff --git a/components/engine/engine/engine_test.go b/components/engine/engine/engine_test.go index 793867f50a..065a19f492 100644 --- a/components/engine/engine/engine_test.go +++ b/components/engine/engine/engine_test.go @@ -18,7 +18,7 @@ func TestRegister(t *testing.T) { eng := newTestEngine(t) - //Should fail because globan handlers are copied + //Should fail because global handlers are copied //at the engine creation if err := eng.Register("dummy1", nil); err == nil { t.Fatalf("Expecting error, got none") From 010169891ede536fdee9ec43b73c8ee0eb4662b9 Mon Sep 17 00:00:00 2001 From: Clayton Coleman Date: Wed, 25 Dec 2013 15:49:58 -0500 Subject: [PATCH 094/126] Fix typo in devmapper error message Upstream-commit: 029625981d3872872f0de95c5a4ea68cb1fa93af Component: engine --- components/engine/graphdriver/devmapper/deviceset.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/graphdriver/devmapper/deviceset.go b/components/engine/graphdriver/devmapper/deviceset.go index aeda1db24e..7308c0e922 100644 --- a/components/engine/graphdriver/devmapper/deviceset.go +++ b/components/engine/graphdriver/devmapper/deviceset.go @@ -154,7 +154,7 @@ func (devices *DeviceSet) allocateTransactionId() uint64 { func (devices *DeviceSet) saveMetadata() error { jsonData, err := json.Marshal(devices.MetaData) if err != nil { - return fmt.Errorf("Error encoding metaadata to json: %s", err) + return fmt.Errorf("Error encoding metadata to json: %s", err) } tmpFile, err := ioutil.TempFile(filepath.Dir(devices.jsonFile()), ".json") if err != nil { From 1a7338c42340e244bd9914110153865622fca404 Mon Sep 17 00:00:00 2001 From: Manuel Woelker Date: Thu, 26 Dec 2013 06:43:26 +0100 Subject: [PATCH 095/126] Document "name" query parameter for "POST /containers/create" in Remote API v1.8 Upstream-commit: 721bb410f6caa213b7d4eed9373be74287605ffc Component: engine --- components/engine/AUTHORS | 1 + components/engine/docs/sources/api/docker_remote_api_v1.8.rst | 1 + 2 files changed, 2 insertions(+) diff --git a/components/engine/AUTHORS b/components/engine/AUTHORS index 263501c33f..d4b89bdf35 100644 --- a/components/engine/AUTHORS +++ b/components/engine/AUTHORS @@ -115,6 +115,7 @@ Kyle Conroy Laurie Voss Louis Opter Manuel Meurer +Manuel Woelker Marco Hennings Marcus Farkas Marcus Ramberg diff --git a/components/engine/docs/sources/api/docker_remote_api_v1.8.rst b/components/engine/docs/sources/api/docker_remote_api_v1.8.rst index e14cf295d3..21dd4a46cf 100644 --- a/components/engine/docs/sources/api/docker_remote_api_v1.8.rst +++ b/components/engine/docs/sources/api/docker_remote_api_v1.8.rst @@ -151,6 +151,7 @@ Create a container } :jsonparam config: the container's configuration + :query name: Assign the specified name to the container. Must match ``/?[a-zA-Z0-9_-]+``. :statuscode 201: no error :statuscode 404: no such container :statuscode 406: impossible to attach (container not running) From d755e22ee63461c1d11f55f5a605cc97f3b389d9 Mon Sep 17 00:00:00 2001 From: "Guillaume J. Charmes" Date: Thu, 26 Dec 2013 12:27:51 -0800 Subject: [PATCH 096/126] Remove old debug from tarsum Upstream-commit: 360078d7613e1939c6d2f949ccac14c6ab9d568e Component: engine --- components/engine/utils/tarsum.go | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/components/engine/utils/tarsum.go b/components/engine/utils/tarsum.go index 9cba516a34..c441c25766 100644 --- a/components/engine/utils/tarsum.go +++ b/components/engine/utils/tarsum.go @@ -1,26 +1,17 @@ package utils import ( + "archive/tar" "bytes" "compress/gzip" "crypto/sha256" "encoding/hex" - "archive/tar" "hash" "io" "sort" "strconv" ) -type verboseHash struct { - hash.Hash -} - -func (h verboseHash) Write(buf []byte) (int, error) { - Debugf("--->%s<---", buf) - return h.Hash.Write(buf) -} - type TarSum struct { io.Reader tarR *tar.Reader @@ -29,7 +20,6 @@ type TarSum struct { bufTar *bytes.Buffer bufGz *bytes.Buffer h hash.Hash - h2 verboseHash sums []string finished bool first bool @@ -52,7 +42,6 @@ func (ts *TarSum) encodeHeader(h *tar.Header) error { // {"atime", strconv.Itoa(int(h.AccessTime.UTC().Unix()))}, // {"ctime", strconv.Itoa(int(h.ChangeTime.UTC().Unix()))}, } { - // Debugf("-->%s<-- -->%s<--", elem[0], elem[1]) if _, err := ts.h.Write([]byte(elem[0] + elem[1])); err != nil { return err } @@ -68,7 +57,6 @@ func (ts *TarSum) Read(buf []byte) (int, error) { ts.tarW = tar.NewWriter(ts.bufTar) ts.gz = gzip.NewWriter(ts.bufGz) ts.h = sha256.New() - // ts.h = verboseHash{sha256.New()} ts.h.Reset() ts.first = true } From a3c5984691ed894667958df41b093ac22ea0ee64 Mon Sep 17 00:00:00 2001 From: "Guillaume J. Charmes" Date: Thu, 26 Dec 2013 15:43:27 -0800 Subject: [PATCH 097/126] Make sure the cache lookup returns always the same result Upstream-commit: 1d4b7d8fa1af95ce83f263a49ed24e686fa7cb62 Component: engine --- components/engine/server.go | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/components/engine/server.go b/components/engine/server.go index 9f6842dbae..02486f9b5e 100644 --- a/components/engine/server.go +++ b/components/engine/server.go @@ -21,6 +21,7 @@ import ( "path" "path/filepath" "runtime" + "sort" "strconv" "strings" "sync" @@ -1694,16 +1695,13 @@ func (srv *Server) ImageGetCached(imgID string, config *Config) (*Image, error) } // Store the tree in a map of map (map[parentId][childId]) - imageMap := make(map[string]map[string]struct{}) + imageMap := make(map[string][]string) for _, img := range images { - if _, exists := imageMap[img.Parent]; !exists { - imageMap[img.Parent] = make(map[string]struct{}) - } - imageMap[img.Parent][img.ID] = struct{}{} + imageMap[img.Parent] = append(imageMap[img.Parent], img.ID) } - + sort.Strings(imageMap[imgID]) // Loop on the children of the given image and check the config - for elem := range imageMap[imgID] { + for _, elem := range imageMap[imgID] { img, err := srv.runtime.graph.Get(elem) if err != nil { return nil, err From ad158880995e00d5cbc37131e6b4bc933ae8280b Mon Sep 17 00:00:00 2001 From: "Guillaume J. Charmes" Date: Thu, 26 Dec 2013 16:01:36 -0800 Subject: [PATCH 098/126] Log files name along with their checksum in TarSum + add a Method to retrieve the checksum map Upstream-commit: fc9f4d8bad975ffe060eb741b38c5502dd9886a4 Component: engine --- components/engine/utils/tarsum.go | 35 ++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/components/engine/utils/tarsum.go b/components/engine/utils/tarsum.go index c441c25766..ab57d54110 100644 --- a/components/engine/utils/tarsum.go +++ b/components/engine/utils/tarsum.go @@ -14,15 +14,16 @@ import ( type TarSum struct { io.Reader - tarR *tar.Reader - tarW *tar.Writer - gz *gzip.Writer - bufTar *bytes.Buffer - bufGz *bytes.Buffer - h hash.Hash - sums []string - finished bool - first bool + tarR *tar.Reader + tarW *tar.Writer + gz *gzip.Writer + bufTar *bytes.Buffer + bufGz *bytes.Buffer + h hash.Hash + sums map[string]string + currentFile string + finished bool + first bool } func (ts *TarSum) encodeHeader(h *tar.Header) error { @@ -59,6 +60,7 @@ func (ts *TarSum) Read(buf []byte) (int, error) { ts.h = sha256.New() ts.h.Reset() ts.first = true + ts.sums = make(map[string]string) } if ts.finished { @@ -73,7 +75,7 @@ func (ts *TarSum) Read(buf []byte) (int, error) { return 0, err } if !ts.first { - ts.sums = append(ts.sums, hex.EncodeToString(ts.h.Sum(nil))) + ts.sums[ts.currentFile] = hex.EncodeToString(ts.h.Sum(nil)) ts.h.Reset() } else { ts.first = false @@ -131,12 +133,17 @@ func (ts *TarSum) Read(buf []byte) (int, error) { } func (ts *TarSum) Sum(extra []byte) string { - sort.Strings(ts.sums) + var sums []string + + for _, sum := range ts.sums { + sums = append(sums, sum) + } + sort.Strings(sums) h := sha256.New() if extra != nil { h.Write(extra) } - for _, sum := range ts.sums { + for _, sum := range sums { Debugf("-->%s<--", sum) h.Write([]byte(sum)) } @@ -144,3 +151,7 @@ func (ts *TarSum) Sum(extra []byte) string { Debugf("checksum processed: %s", checksum) return checksum } + +func (ts *TarSum) GetSums() map[string]string { + return ts.sums +} From e4850233647429ddd62b6e2ef9b0b7a19e2183ce Mon Sep 17 00:00:00 2001 From: "Guillaume J. Charmes" Date: Thu, 26 Dec 2013 16:02:15 -0800 Subject: [PATCH 099/126] Change BuildFile in order to use TarSum instead of custom checksum Upstream-commit: 894d4a23fba1a67087ae5bbe9c50c56e6dc09289 Component: engine --- components/engine/buildfile.go | 132 ++++++++++-------------------- components/engine/utils/tarsum.go | 2 + 2 files changed, 45 insertions(+), 89 deletions(-) diff --git a/components/engine/buildfile.go b/components/engine/buildfile.go index fb97f26dcc..aab5c24eff 100644 --- a/components/engine/buildfile.go +++ b/components/engine/buildfile.go @@ -1,9 +1,6 @@ package docker import ( - "archive/tar" - "crypto/sha256" - "encoding/hex" "encoding/json" "errors" "fmt" @@ -18,8 +15,8 @@ import ( "path/filepath" "reflect" "regexp" + "sort" "strings" - "time" ) var ( @@ -36,10 +33,13 @@ type buildFile struct { runtime *Runtime srv *Server - image string - maintainer string - config *Config - context string + image string + maintainer string + config *Config + + contextPath string + context *utils.TarSum + verbose bool utilizeCache bool rm bool @@ -118,66 +118,6 @@ func (b *buildFile) probeCache() (bool, error) { return false, nil } -// hashPath calculates a strong hash (sha256) value for a file tree located -// at `basepth`/`pth`, including all attributes that would normally be -// captured by `tar`. The path to hash is passed in two pieces only to -// permit logging the second piece in isolation, assuming the first is a -// temporary directory in which docker is running. If `clobberTimes` is -// true and hashPath is applied to a single file, the ctime/atime/mtime of -// the file is considered to be unix time 0, for purposes of hashing. -func (b *buildFile) hashPath(basePth, pth string, clobberTimes bool) (string, error) { - - p := path.Join(basePth, pth) - - st, err := os.Stat(p) - if err != nil { - return "", err - } - - h := sha256.New() - - if st.IsDir() { - tarRd, err := archive.Tar(p, archive.Uncompressed) - if err != nil { - return "", err - } - _, err = io.Copy(h, tarRd) - if err != nil { - return "", err - } - - } else { - hdr, err := tar.FileInfoHeader(st, "") - if err != nil { - return "", err - } - if clobberTimes { - hdr.AccessTime = time.Unix(0, 0) - hdr.ChangeTime = time.Unix(0, 0) - hdr.ModTime = time.Unix(0, 0) - } - hdr.Name = filepath.Base(p) - tarWr := tar.NewWriter(h) - if err := tarWr.WriteHeader(hdr); err != nil { - return "", err - } - - fileRd, err := os.Open(p) - if err != nil { - return "", err - } - - if _, err = io.Copy(tarWr, fileRd); err != nil { - return "", err - } - tarWr.Close() - } - - hstr := hex.EncodeToString(h.Sum(nil)) - fmt.Fprintf(b.outStream, " ---> data at %s has sha256 %.12s...\n", pth, hstr) - return hstr, nil -} - func (b *buildFile) CmdRun(args string) error { if b.image == "" { return fmt.Errorf("Please provide a source image with `from` prior to run") @@ -347,8 +287,8 @@ func (b *buildFile) CmdVolume(args string) error { } func (b *buildFile) checkPathForAddition(orig string) error { - origPath := path.Join(b.context, orig) - if !strings.HasPrefix(origPath, b.context) { + origPath := path.Join(b.contextPath, orig) + if !strings.HasPrefix(origPath, b.contextPath) { return fmt.Errorf("Forbidden path outside the build context: %s (%s)", orig, origPath) } _, err := os.Stat(origPath) @@ -359,8 +299,10 @@ func (b *buildFile) checkPathForAddition(orig string) error { } func (b *buildFile) addContext(container *Container, orig, dest string) error { - origPath := path.Join(b.context, orig) - destPath := path.Join(container.RootfsPath(), dest) + var ( + origPath = path.Join(b.contextPath, orig) + destPath = path.Join(container.RootfsPath(), dest) + ) // Preserve the trailing '/' if strings.HasSuffix(dest, "/") { destPath = destPath + "/" @@ -388,7 +330,7 @@ func (b *buildFile) addContext(container *Container, orig, dest string) error { } func (b *buildFile) CmdAdd(args string) error { - if b.context == "" { + if b.context == nil { return fmt.Errorf("No context given. Impossible to use ADD") } tmp := strings.SplitN(args, " ", 2) @@ -408,22 +350,20 @@ func (b *buildFile) CmdAdd(args string) error { cmd := b.config.Cmd b.config.Cmd = []string{"/bin/sh", "-c", fmt.Sprintf("#(nop) ADD %s in %s", orig, dest)} - b.config.Image = b.image - origPath := orig - destPath := dest - clobberTimes := false + // FIXME: do we really need this? + var ( + origPath = orig + destPath = dest + ) if utils.IsURL(orig) { - - clobberTimes = true - resp, err := utils.Download(orig) if err != nil { return err } - tmpDirName, err := ioutil.TempDir(b.context, "docker-remote") + tmpDirName, err := ioutil.TempDir(b.contextPath, "docker-remote") if err != nil { return err } @@ -464,9 +404,23 @@ func (b *buildFile) CmdAdd(args string) error { // Hash path and check the cache if b.utilizeCache { - hash, err := b.hashPath(b.context, origPath, clobberTimes) - if err != nil { + var ( + hash string + sums = b.context.GetSums() + ) + if fi, err := os.Stat(path.Join(b.contextPath, origPath)); err != nil { return err + } else if fi.IsDir() { + var subfiles []string + for file, sum := range sums { + if strings.HasPrefix(file, origPath) { + subfiles = append(subfiles, sum) + } + } + sort.Strings(subfiles) + hash = strings.Join(subfiles, ",") + } else { + hash = sums[origPath] } b.config.Cmd = []string{"/bin/sh", "-c", fmt.Sprintf("#(nop) ADD %s in %s", hash, dest)} hit, err := b.probeCache() @@ -635,17 +589,17 @@ func (b *buildFile) commit(id string, autoCmd []string, comment string) error { var lineContinuation = regexp.MustCompile(`\s*\\\s*\n`) func (b *buildFile) Build(context io.Reader) (string, error) { - // FIXME: @creack "name" is a terrible variable name - name, err := ioutil.TempDir("", "docker-build") + tmpdirPath, err := ioutil.TempDir("", "docker-build") if err != nil { return "", err } - if err := archive.Untar(context, name, nil); err != nil { + b.context = &utils.TarSum{Reader: context} + if err := archive.Untar(b.context, tmpdirPath, nil); err != nil { return "", err } - defer os.RemoveAll(name) - b.context = name - filename := path.Join(name, "Dockerfile") + defer os.RemoveAll(tmpdirPath) + b.contextPath = tmpdirPath + filename := path.Join(tmpdirPath, "Dockerfile") if _, err := os.Stat(filename); os.IsNotExist(err) { return "", fmt.Errorf("Can't build a directory with no Dockerfile") } diff --git a/components/engine/utils/tarsum.go b/components/engine/utils/tarsum.go index ab57d54110..7de3dbe5be 100644 --- a/components/engine/utils/tarsum.go +++ b/components/engine/utils/tarsum.go @@ -10,6 +10,7 @@ import ( "io" "sort" "strconv" + "strings" ) type TarSum struct { @@ -92,6 +93,7 @@ func (ts *TarSum) Read(buf []byte) (int, error) { } return n, err } + ts.currentFile = strings.TrimSuffix(strings.TrimPrefix(currentHeader.Name, "./"), "/") if err := ts.encodeHeader(currentHeader); err != nil { return 0, err } From 5791b4e848ab026e571c7ea3aa66a1759bf3622c Mon Sep 17 00:00:00 2001 From: "Guillaume J. Charmes" Date: Thu, 26 Dec 2013 16:42:05 -0800 Subject: [PATCH 100/126] Hash the sums for directory (ureadable when there is too many Upstream-commit: cd735496da6d977748d5c3b19976f42d2cc1933e Component: engine --- components/engine/buildfile.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/components/engine/buildfile.go b/components/engine/buildfile.go index aab5c24eff..4f72a73520 100644 --- a/components/engine/buildfile.go +++ b/components/engine/buildfile.go @@ -1,6 +1,8 @@ package docker import ( + "crypto/sha256" + "encoding/hex" "encoding/json" "errors" "fmt" @@ -418,9 +420,11 @@ func (b *buildFile) CmdAdd(args string) error { } } sort.Strings(subfiles) - hash = strings.Join(subfiles, ",") + hasher := sha256.New() + hasher.Write([]byte(strings.Join(subfiles, ","))) + hash = "dir:" + hex.EncodeToString(hasher.Sum(nil)) } else { - hash = sums[origPath] + hash = "file:" + sums[origPath] } b.config.Cmd = []string{"/bin/sh", "-c", fmt.Sprintf("#(nop) ADD %s in %s", hash, dest)} hit, err := b.probeCache() From 63c010af992e458c782dd735f71a50a5d18ca2d5 Mon Sep 17 00:00:00 2001 From: "Guillaume J. Charmes" Date: Thu, 26 Dec 2013 17:49:41 -0800 Subject: [PATCH 101/126] Exit with code 1 in case of error for `docker build` Upstream-commit: 4986958e7e61bb0439a59c46af000b157798b94a Component: engine --- components/engine/commands.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/components/engine/commands.go b/components/engine/commands.go index 0627261d53..97bfda5194 100644 --- a/components/engine/commands.go +++ b/components/engine/commands.go @@ -12,8 +12,8 @@ import ( "github.com/dotcloud/docker/archive" "github.com/dotcloud/docker/auth" "github.com/dotcloud/docker/engine" - "github.com/dotcloud/docker/registry" "github.com/dotcloud/docker/pkg/term" + "github.com/dotcloud/docker/registry" "github.com/dotcloud/docker/utils" "io" "io/ioutil" @@ -238,6 +238,10 @@ func (cli *DockerCli) CmdBuild(args ...string) error { } err = cli.stream("POST", fmt.Sprintf("/build?%s", v.Encode()), body, cli.out, headers) if jerr, ok := err.(*utils.JSONError); ok { + // If no error code is set, default to 1 + if jerr.Code == 0 { + jerr.Code = 1 + } return &utils.StatusError{Status: jerr.Message, StatusCode: jerr.Code} } return err From 1bab794e11725379ff74e5a1547dc1b596d68c2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Asbj=C3=B8rn=20Enge?= Date: Fri, 27 Dec 2013 10:05:25 +0100 Subject: [PATCH 102/126] Apply automatically to files named 'Dockerfile' Upstream-commit: a1a4a99d7e80cadb97bf58963b76cd0c762888a6 Component: engine --- .../contrib/Dockerfile.tmLanguage/Dockerfile.tmLanguage | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/components/engine/contrib/Dockerfile.tmLanguage/Dockerfile.tmLanguage b/components/engine/contrib/Dockerfile.tmLanguage/Dockerfile.tmLanguage index ce5bb5e917..fa8f38992e 100644 --- a/components/engine/contrib/Dockerfile.tmLanguage/Dockerfile.tmLanguage +++ b/components/engine/contrib/Dockerfile.tmLanguage/Dockerfile.tmLanguage @@ -4,6 +4,10 @@ name Dockerfile + fileTypes + + Dockerfile + patterns From 0cd52002c86d955003d2c852362379d5ae511395 Mon Sep 17 00:00:00 2001 From: Daniel Exner Date: Fri, 27 Dec 2013 11:55:57 +0100 Subject: [PATCH 103/126] * s/docker/Docker/ Upstream-commit: d256f3049b36ae1a1dd596535b4a82d265ff9eee Component: engine --- components/engine/docs/sources/installation/frugalware.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/docs/sources/installation/frugalware.rst b/components/engine/docs/sources/installation/frugalware.rst index d4b404278e..cda6c4bfc4 100644 --- a/components/engine/docs/sources/installation/frugalware.rst +++ b/components/engine/docs/sources/installation/frugalware.rst @@ -17,7 +17,7 @@ Installing on FrugalWare is handled via the official packages: * `lxc-docker x86_64 `_ -The `lxc-docker` package will install the latest tagged version of docker. +The `lxc-docker` package will install the latest tagged version of Docker. Dependencies ------------ From a3a982cef5f521aa0f782a8b3b773d4434a36108 Mon Sep 17 00:00:00 2001 From: grunny Date: Sat, 28 Dec 2013 20:22:46 +1000 Subject: [PATCH 104/126] Fix typo in working with volumes doc page Upstream-commit: a17fd7b294e1334788e1812f8cc1a99e5300724b Component: engine --- components/engine/docs/sources/use/working_with_volumes.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/docs/sources/use/working_with_volumes.rst b/components/engine/docs/sources/use/working_with_volumes.rst index 341bfe8d6a..16359e3ee2 100644 --- a/components/engine/docs/sources/use/working_with_volumes.rst +++ b/components/engine/docs/sources/use/working_with_volumes.rst @@ -13,7 +13,7 @@ Share Directories via Volumes A *data volume* is a specially-designated directory within one or more containers that bypasses the :ref:`ufs_def` to provide several useful -features for persistant or shared data: +features for persistent or shared data: * **Data volumes can be shared and reused between containers.** This is the feature that makes data volumes so powerful. You can use it From af79735338fb7e3eedca5997bca010e8a11c5ce6 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Sat, 28 Dec 2013 06:35:00 -0700 Subject: [PATCH 105/126] Replace FPM --vendor with --license, and give it the proper value of "Apache-2.0" Fixes #3372 Upstream-commit: cda146547e59ff875b3eb6202a87004a3f7ea96d Component: engine --- components/engine/hack/make/ubuntu | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/components/engine/hack/make/ubuntu b/components/engine/hack/make/ubuntu index 578f254558..8fa3149d4e 100644 --- a/components/engine/hack/make/ubuntu +++ b/components/engine/hack/make/ubuntu @@ -17,6 +17,7 @@ repeatability across servers. Docker is a great building block for automating distributed systems: large-scale web deployments, database clusters, continuous deployment systems, private PaaS, service-oriented architectures, etc." +PACKAGE_LICENSE="Apache-2.0" # Build docker as an ubuntu package using FPM and REPREPRO (sue me). # bundle_binary must be called first. @@ -104,7 +105,7 @@ EOF --replaces lxc-docker \ --replaces lxc-docker-virtual-package \ --url "$PACKAGE_URL" \ - --vendor "$PACKAGE_VENDOR" \ + --license "$PACKAGE_LICENSE" \ --config-files /etc/init/docker.conf \ --config-files /etc/init.d/docker \ --config-files /etc/default/docker \ @@ -118,7 +119,7 @@ EOF --description "$PACKAGE_DESCRIPTION" \ --maintainer "$PACKAGE_MAINTAINER" \ --url "$PACKAGE_URL" \ - --vendor "$PACKAGE_VENDOR" \ + --license "$PACKAGE_LICENSE" \ --config-files /etc/init/docker.conf \ --config-files /etc/init.d/docker \ --config-files /etc/default/docker \ From 87ba43c927f27d03c69677d6f33b68aa2f46adb0 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Fri, 20 Dec 2013 19:30:41 -0500 Subject: [PATCH 106/126] Add DOCKER_HOST env var for client This env var will set the -H flag on the docker client. Upstream-commit: f50b8b08b5742c8e55df2d610d428c39cf1f4947 Component: engine --- components/engine/docker/docker.go | 9 +++++++-- components/engine/docs/sources/commandline/cli.rst | 12 ++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/components/engine/docker/docker.go b/components/engine/docker/docker.go index 1b5457984c..2d7e04ce92 100644 --- a/components/engine/docker/docker.go +++ b/components/engine/docker/docker.go @@ -52,8 +52,13 @@ func main() { return } if flHosts.Len() == 0 { - // If we do not have a host, default to unix socket - flHosts.Set(fmt.Sprintf("unix://%s", docker.DEFAULTUNIXSOCKET)) + defaultHost := os.Getenv("DOCKER_HOST") + + if defaultHost == "" || *flDaemon { + // If we do not have a host, default to unix socket + defaultHost = fmt.Sprintf("unix://%s", docker.DEFAULTUNIXSOCKET) + } + flHosts.Set(defaultHost) } if *bridgeName != "" && *bridgeIp != "" { diff --git a/components/engine/docs/sources/commandline/cli.rst b/components/engine/docs/sources/commandline/cli.rst index 2d4e37d885..511bd4970f 100644 --- a/components/engine/docs/sources/commandline/cli.rst +++ b/components/engine/docs/sources/commandline/cli.rst @@ -52,6 +52,18 @@ To set the dns server for all docker containers, use ``docker -d -dns 8.8.8.8`` To run the daemon with debug output, use ``docker -d -D`` +The docker client will also honor the ``DOCKER_HOST`` environment variable to set +the ``-H`` flag for the client. + +:: + + docker -H tcp://0.0.0.0:4243 ps + # or + export DOCKER_HOST="tcp://0.0.0.0:4243" + docker ps + # both are equal + + .. _cli_attach: ``attach`` From e302881b24694dbc71673b35ffc7dfcf15eb63f4 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Sun, 29 Dec 2013 01:46:00 -0700 Subject: [PATCH 107/126] Reorganize the syntax highlighting files in contrib under a common directory to match "contrib/init" and "contrib/completion" This is split off from #2970. Upstream-commit: 06a818616bfce86e90152aeaffaf9394a085c356 Component: engine --- .../textmate}/Dockerfile.YAML-tmLanguage | 0 .../textmate}/Dockerfile.tmLanguage | 0 .../{Dockerfile.tmLanguage => syntax/textmate}/MAINTAINERS | 0 .../contrib/{Dockerfile.tmLanguage => syntax/textmate}/README.md | 0 components/engine/contrib/{vim-syntax => syntax/vim}/LICENSE | 0 components/engine/contrib/{vim-syntax => syntax/vim}/README.md | 0 .../engine/contrib/{vim-syntax => syntax/vim}/doc/dockerfile.txt | 0 .../contrib/{vim-syntax => syntax/vim}/ftdetect/dockerfile.vim | 0 .../contrib/{vim-syntax => syntax/vim}/syntax/dockerfile.vim | 0 9 files changed, 0 insertions(+), 0 deletions(-) rename components/engine/contrib/{Dockerfile.tmLanguage => syntax/textmate}/Dockerfile.YAML-tmLanguage (100%) rename components/engine/contrib/{Dockerfile.tmLanguage => syntax/textmate}/Dockerfile.tmLanguage (100%) rename components/engine/contrib/{Dockerfile.tmLanguage => syntax/textmate}/MAINTAINERS (100%) rename components/engine/contrib/{Dockerfile.tmLanguage => syntax/textmate}/README.md (100%) rename components/engine/contrib/{vim-syntax => syntax/vim}/LICENSE (100%) rename components/engine/contrib/{vim-syntax => syntax/vim}/README.md (100%) rename components/engine/contrib/{vim-syntax => syntax/vim}/doc/dockerfile.txt (100%) rename components/engine/contrib/{vim-syntax => syntax/vim}/ftdetect/dockerfile.vim (100%) rename components/engine/contrib/{vim-syntax => syntax/vim}/syntax/dockerfile.vim (100%) diff --git a/components/engine/contrib/Dockerfile.tmLanguage/Dockerfile.YAML-tmLanguage b/components/engine/contrib/syntax/textmate/Dockerfile.YAML-tmLanguage similarity index 100% rename from components/engine/contrib/Dockerfile.tmLanguage/Dockerfile.YAML-tmLanguage rename to components/engine/contrib/syntax/textmate/Dockerfile.YAML-tmLanguage diff --git a/components/engine/contrib/Dockerfile.tmLanguage/Dockerfile.tmLanguage b/components/engine/contrib/syntax/textmate/Dockerfile.tmLanguage similarity index 100% rename from components/engine/contrib/Dockerfile.tmLanguage/Dockerfile.tmLanguage rename to components/engine/contrib/syntax/textmate/Dockerfile.tmLanguage diff --git a/components/engine/contrib/Dockerfile.tmLanguage/MAINTAINERS b/components/engine/contrib/syntax/textmate/MAINTAINERS similarity index 100% rename from components/engine/contrib/Dockerfile.tmLanguage/MAINTAINERS rename to components/engine/contrib/syntax/textmate/MAINTAINERS diff --git a/components/engine/contrib/Dockerfile.tmLanguage/README.md b/components/engine/contrib/syntax/textmate/README.md similarity index 100% rename from components/engine/contrib/Dockerfile.tmLanguage/README.md rename to components/engine/contrib/syntax/textmate/README.md diff --git a/components/engine/contrib/vim-syntax/LICENSE b/components/engine/contrib/syntax/vim/LICENSE similarity index 100% rename from components/engine/contrib/vim-syntax/LICENSE rename to components/engine/contrib/syntax/vim/LICENSE diff --git a/components/engine/contrib/vim-syntax/README.md b/components/engine/contrib/syntax/vim/README.md similarity index 100% rename from components/engine/contrib/vim-syntax/README.md rename to components/engine/contrib/syntax/vim/README.md diff --git a/components/engine/contrib/vim-syntax/doc/dockerfile.txt b/components/engine/contrib/syntax/vim/doc/dockerfile.txt similarity index 100% rename from components/engine/contrib/vim-syntax/doc/dockerfile.txt rename to components/engine/contrib/syntax/vim/doc/dockerfile.txt diff --git a/components/engine/contrib/vim-syntax/ftdetect/dockerfile.vim b/components/engine/contrib/syntax/vim/ftdetect/dockerfile.vim similarity index 100% rename from components/engine/contrib/vim-syntax/ftdetect/dockerfile.vim rename to components/engine/contrib/syntax/vim/ftdetect/dockerfile.vim diff --git a/components/engine/contrib/vim-syntax/syntax/dockerfile.vim b/components/engine/contrib/syntax/vim/syntax/dockerfile.vim similarity index 100% rename from components/engine/contrib/vim-syntax/syntax/dockerfile.vim rename to components/engine/contrib/syntax/vim/syntax/dockerfile.vim From 5e0630fcf866f798def48bf36f6913789ac4763b Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Sun, 29 Dec 2013 21:27:59 +1000 Subject: [PATCH 108/126] add a simple note to suggest to the user to use RUN curl/wget/tool if the URL they need is behind auth Upstream-commit: e93b7b464733470a08a46b9937678fbfdff0abb0 Component: engine --- components/engine/docs/sources/use/builder.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/components/engine/docs/sources/use/builder.rst b/components/engine/docs/sources/use/builder.rst index 10140313a8..81145a6ee8 100644 --- a/components/engine/docs/sources/use/builder.rst +++ b/components/engine/docs/sources/use/builder.rst @@ -251,6 +251,11 @@ All new files and directories are created with mode 0755, uid and gid if you build using STDIN (``docker build - < somefile``), there is no build context, so the Dockerfile can only contain an URL based ADD statement. +.. note:: + if your URL files are protected using authentication, you will need to use + an ``RUN wget`` , ``RUN curl`` or other tool from within the container as + ADD does not support authentication. + The copy obeys the following rules: * The ```` path must be inside the *context* of the build; you cannot From c647c27460f0145c90c26306a3695eb645629c97 Mon Sep 17 00:00:00 2001 From: Ben Wiklund Date: Sun, 29 Dec 2013 19:22:52 -0800 Subject: [PATCH 109/126] fixed header size on narrow desktop window Upstream-commit: 434cf6c8ca5d20306dc27e770155ba05a931adec Component: engine --- components/engine/docs/theme/docker/static/css/main.css | 5 ++++- components/engine/docs/theme/docker/static/css/main.less | 6 ++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/components/engine/docs/theme/docker/static/css/main.css b/components/engine/docs/theme/docker/static/css/main.css index bc47c549a9..1195801542 100755 --- a/components/engine/docs/theme/docker/static/css/main.css +++ b/components/engine/docs/theme/docker/static/css/main.css @@ -62,9 +62,12 @@ p a.btn { -moz-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); } -.brand.logo a { +.brand-logo a { color: white; } +.brand-logo a img { + width: auto; +} .inline-icon { margin-bottom: 6px; } diff --git a/components/engine/docs/theme/docker/static/css/main.less b/components/engine/docs/theme/docker/static/css/main.less index 164da0497b..8c9296d979 100644 --- a/components/engine/docs/theme/docker/static/css/main.less +++ b/components/engine/docs/theme/docker/static/css/main.less @@ -125,9 +125,11 @@ p a { box-shadow: 0 1px 4px rgba(0, 0, 0, 0.065); } -.brand.logo a { +.brand-logo a { color: white; - + img { + width: auto; + } } .logo { From 5ca82c401df8f0d035205702e2b6848d6afa3910 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 24 Dec 2013 20:40:41 -0700 Subject: [PATCH 110/126] Update Dockerfile to use stackbrew/ubuntu (until it graduates), update Dockerfile MAINTAINER line, coalesce all apt-get installs into one invocation (including s3cmd by bringing in backports) Upstream-commit: 484a75f3549239d0489cb0ad518d79ed6783584a Component: engine --- components/engine/Dockerfile | 78 ++++++++++++++++++------------------ 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/components/engine/Dockerfile b/components/engine/Dockerfile index 64232155f3..fb17f48ffb 100644 --- a/components/engine/Dockerfile +++ b/components/engine/Dockerfile @@ -24,49 +24,32 @@ # docker-version 0.6.1 -FROM ubuntu:12.04 -MAINTAINER Solomon Hykes +FROM stackbrew/ubuntu:12.04 +MAINTAINER Tianon Gravi (@tianon) -# Prevent apt-get install from trying to prompt for stuff -ENV DEBIAN_FRONTEND noninteractive +# Add precise-backports to get s3cmd >= 1.1.0 (so we get ENV variable support in our .s3cfg) +RUN echo 'deb http://archive.ubuntu.com/ubuntu precise-backports main universe' > /etc/apt/sources.list.d/backports.list -# Build dependencies -RUN echo 'deb http://archive.ubuntu.com/ubuntu precise main universe' > /etc/apt/sources.list -RUN apt-get update -RUN apt-get install -y -q apt-utils -RUN apt-get install -y -q curl -RUN apt-get install -y -q git -RUN apt-get install -y -q mercurial -RUN apt-get install -y -q build-essential libsqlite3-dev - -# Install Go -RUN curl -s https://go.googlecode.com/files/go1.2.src.tar.gz | tar -v -C /usr/local -xz -ENV PATH /usr/local/go/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin -ENV GOPATH /go:/go/src/github.com/dotcloud/docker/vendor -RUN cd /usr/local/go/src && ./make.bash --no-clean 2>&1 - -# Cross compilation -ENV DOCKER_CROSSPLATFORMS darwin/amd64 darwin/386 -# TODO add linux/386 and linux/arm -RUN cd /usr/local/go/src && bash -xc 'for platform in $DOCKER_CROSSPLATFORMS; do GOOS=${platform%/*} GOARCH=${platform##*/} ./make.bash --no-clean 2>&1; done' - -# Ubuntu stuff -RUN apt-get install -y -q ruby1.9.3 rubygems libffi-dev -RUN gem install --no-rdoc --no-ri fpm -RUN apt-get install -y -q reprepro dpkg-sig - -RUN apt-get install -y -q python-pip -RUN pip install s3cmd==1.1.0-beta3 -RUN pip install python-magic==0.4.6 -RUN /bin/echo -e '[default]\naccess_key=$AWS_ACCESS_KEY\nsecret_key=$AWS_SECRET_KEY\n' > /.s3cfg - -# Runtime dependencies -RUN apt-get install -y -q iptables -RUN apt-get install -y -q lxc -RUN apt-get install -y -q aufs-tools +# Packaged dependencies +RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq \ + apt-utils \ + aufs-tools \ + build-essential \ + curl \ + dpkg-sig \ + git \ + iptables \ + libsqlite3-dev \ + lxc \ + mercurial \ + reprepro \ + ruby1.9.1 \ + ruby1.9.1-dev \ + s3cmd=1.1.0* \ + --no-install-recommends # Get lvm2 source for compiling statically -RUN git clone https://git.fedorahosted.org/git/lvm2.git /usr/local/lvm2 && cd /usr/local/lvm2 && git checkout v2_02_103 +RUN git clone https://git.fedorahosted.org/git/lvm2.git /usr/local/lvm2 && cd /usr/local/lvm2 && git checkout -q v2_02_103 # see https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags # note: we can't use "git clone -b" above because it requires at least git 1.7.10 to be able to use that on a tag instead of a branch and we only have 1.7.9.5 @@ -74,9 +57,26 @@ RUN git clone https://git.fedorahosted.org/git/lvm2.git /usr/local/lvm2 && cd /u RUN cd /usr/local/lvm2 && ./configure --enable-static_link && make device-mapper && make install_device-mapper # see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL +# Install Go +RUN curl -s https://go.googlecode.com/files/go1.2.src.tar.gz | tar -v -C /usr/local -xz +ENV PATH /usr/local/go/bin:$PATH +ENV GOPATH /go:/go/src/github.com/dotcloud/docker/vendor +RUN cd /usr/local/go/src && ./make.bash --no-clean 2>&1 + +# Compile Go for cross compilation +ENV DOCKER_CROSSPLATFORMS darwin/amd64 darwin/386 +# TODO add linux/386 and linux/arm +RUN cd /usr/local/go/src && bash -xc 'for platform in $DOCKER_CROSSPLATFORMS; do GOOS=${platform%/*} GOARCH=${platform##*/} ./make.bash --no-clean 2>&1; done' + # Grab Go's cover tool for dead-simple code coverage testing RUN go get code.google.com/p/go.tools/cmd/cover +# TODO replace FPM with some very minimal debhelper stuff +RUN gem install --no-rdoc --no-ri fpm + +# Setup s3cmd config +RUN /bin/echo -e '[default]\naccess_key=$AWS_ACCESS_KEY\nsecret_key=$AWS_SECRET_KEY' > /.s3cfg + VOLUME /var/lib/docker WORKDIR /go/src/github.com/dotcloud/docker From 06c747c2124e0f8ea250c89c4d845da07a6b43dc Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 30 Dec 2013 08:38:43 -0700 Subject: [PATCH 111/126] Fix install failure when busybox can't be downloaded Whether or not the "busybox" image downloads and runs properly at the end of the build, we don't want to have the script return a failing exit code, especially since at that point, Docker is successfully installed, and we're just tooting our own horn for good measure. Upstream-commit: fc197188d7f4098b6035d0e13031431871a2dc95 Component: engine --- components/engine/hack/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/hack/install.sh b/components/engine/hack/install.sh index 34d5b7fbde..a22bb5c48e 100755 --- a/components/engine/hack/install.sh +++ b/components/engine/hack/install.sh @@ -116,7 +116,7 @@ case "$lsb_dist" in ( set -x $sh_c 'docker run busybox echo "Docker has been successfully installed!"' - ) + ) || true fi exit 0 ;; From 70af7e708f812f5a56f4c3b4776e43683b83cdbc Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Mon, 30 Dec 2013 13:36:52 -0500 Subject: [PATCH 112/126] Numerous small fixes to the CLI documentation Upstream-commit: a1dba16fe8562ed0545eaa3c6ed23bb1043dd102 Component: engine --- .../engine/docs/sources/commandline/cli.rst | 157 +++++++++--------- 1 file changed, 81 insertions(+), 76 deletions(-) diff --git a/components/engine/docs/sources/commandline/cli.rst b/components/engine/docs/sources/commandline/cli.rst index 6d50af7ff1..1fecbe496d 100644 --- a/components/engine/docs/sources/commandline/cli.rst +++ b/components/engine/docs/sources/commandline/cli.rst @@ -43,14 +43,14 @@ To list available commands, either run ``docker`` with no parameters or execute -s="": Force the docker runtime to use a specific storage driver -v=false: Print version information and quit -The docker daemon is the persistent process that manages containers. Docker uses the same binary for both the +The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the daemon and client. To run the daemon you provide the ``-d`` flag. -To force docker to use devicemapper as the storage driver, use ``docker -d -s devicemapper`` +To force Docker to use devicemapper as the storage driver, use ``docker -d -s devicemapper``. -To set the dns server for all docker containers, use ``docker -d -dns 8.8.8.8`` +To set the DNS server for all Docker containers, use ``docker -d -dns 8.8.8.8``. -To run the daemon with debug output, use ``docker -d -D`` +To run the daemon with debug output, use ``docker -d -D``. .. _cli_attach: @@ -69,11 +69,11 @@ To run the daemon with debug output, use ``docker -d -D`` You can detach from the container again (and leave it running) with ``CTRL-c`` (for a quiet exit) or ``CTRL-\`` to get a stacktrace of the Docker client when it quits. When you detach from the container's -process the exit code will be retuned to the client. +process the exit code will be returned to the client. -To stop a container, use ``docker stop`` +To stop a container, use ``docker stop``. -To kill the container, use ``docker kill`` +To kill the container, use ``docker kill``. .. _cli_attach_examples: @@ -129,12 +129,11 @@ Examples: -no-cache: Do not use the cache when building the image. -rm: Remove intermediate containers after a successful build -The files at PATH or URL are called the "context" of the build. The -build process may refer to any of the files in the context, for -example when using an :ref:`ADD ` instruction. When a -single ``Dockerfile`` is given as URL, then no context is set. When a -git repository is set as URL, then the repository is used as the -context +The files at ``PATH`` or ``URL`` are called the "context" of the build. The +build process may refer to any of the files in the context, for example when +using an :ref:`ADD ` instruction. When a single ``Dockerfile`` +is given as ``URL``, then no context is set. When a Git repository is set as +``URL``, then the repository is used as the context .. _cli_build_examples: @@ -169,13 +168,13 @@ Examples: ---> f52f38b7823e Successfully built f52f38b7823e -This example specifies that the PATH is ``.``, and so all the files in -the local directory get tar'd and sent to the Docker daemon. The PATH +This example specifies that the ``PATH`` is ``.``, and so all the files in +the local directory get tar'd and sent to the Docker daemon. The ``PATH`` specifies where to find the files for the "context" of the build on the Docker daemon. Remember that the daemon could be running on a -remote machine and that no parsing of the Dockerfile happens at the +remote machine and that no parsing of the ``Dockerfile`` happens at the client side (where you're running ``docker build``). That means that -*all* the files at PATH get sent, not just the ones listed to +*all* the files at ``PATH`` get sent, not just the ones listed to :ref:`ADD ` in the ``Dockerfile``. The transfer of context from the local machine to the Docker daemon is @@ -198,16 +197,16 @@ tag will be ``2.0`` This will read a ``Dockerfile`` from *stdin* without context. Due to the lack of a context, no contents of any local directory will be sent -to the ``docker`` daemon. Since there is no context, a Dockerfile +to the ``docker`` daemon. Since there is no context, a ``Dockerfile`` ``ADD`` only works if it refers to a remote URL. .. code-block:: bash $ sudo docker build github.com/creack/docker-firefox -This will clone the Github repository and use the cloned repository as +This will clone the GitHub repository and use the cloned repository as context. The ``Dockerfile`` at the root of the repository is used as -``Dockerfile``. Note that you can specify an arbitrary git repository +``Dockerfile``. Note that you can specify an arbitrary Git repository by using the ``git://`` schema. @@ -248,7 +247,7 @@ Change the command that a container runs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sometimes you have an application container running just a service and you need -to make a quick change (run bash?) and then change it back. +to make a quick change and then change it back. In this example, we run a container with ``ls`` and then change the image to run ``ls /etc``. @@ -271,9 +270,9 @@ Full -run example The ``-run`` JSON hash changes the ``Config`` section when running ``docker inspect CONTAINERID`` or ``config`` when running ``docker inspect IMAGEID``. -(multiline is ok within a single quote ``'``) +(Multiline is okay within a single quote ``'``) -:: +.. code-block:: bash $ sudo docker commit -run=' { @@ -316,7 +315,7 @@ or ``config`` when running ``docker inspect IMAGEID``. Copy files/folders from the containers filesystem to the host path. Paths are relative to the root of the filesystem. - + .. code-block:: bash $ sudo docker cp 7bb0e258aefe:/etc/debian_version . @@ -330,7 +329,7 @@ or ``config`` when running ``docker inspect IMAGEID``. :: Usage: docker diff CONTAINER - + List the changed files and directories in a container's filesystem There are 3 events that are listed in the 'diff': @@ -339,7 +338,7 @@ There are 3 events that are listed in the 'diff': 2. ```D``` - Delete 3. ```C``` - Change -for example: +For example: .. code-block:: bash @@ -367,7 +366,7 @@ for example: Usage: docker events Get real time events from the server - + -since="": Show previously created events and then stream. (either seconds since epoch, or date string as below) @@ -430,8 +429,8 @@ Show events in the past from a specified time Usage: docker export CONTAINER Export the contents of a filesystem as a tar archive to STDOUT - -for example: + +For example: .. code-block:: bash @@ -451,7 +450,7 @@ for example: -notrunc=false: Don't truncate output -q=false: only show numeric IDs -To see how the docker:latest image was built: +To see how the ``docker:latest`` image was built: .. code-block:: bash @@ -483,7 +482,7 @@ To see how the docker:latest image was built: d5e85dc5b1d8 2 weeks ago /bin/sh -c apt-get update 13e642467c11 2 weeks ago /bin/sh -c echo 'deb http://archive.ubuntu.com/ubuntu precise main universe' > /etc/apt/sources.list ae6dde92a94e 2 weeks ago /bin/sh -c #(nop) MAINTAINER Solomon Hykes - ubuntu:12.04 6 months ago + ubuntu:12.04 6 months ago .. _cli_images: @@ -501,7 +500,7 @@ To see how the docker:latest image was built: -q=false: only show numeric IDs -tree=false: output graph in tree format -viz=false: output graph in graphviz format - + Listing the most recently created images ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -589,10 +588,9 @@ Displaying image hierarchy (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. At this time, the URL must start with ``http`` and point to a single -file archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) containing a +file archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a root filesystem. If you would like to import from a local directory or -archive, you can use the ``-`` parameter to take the data from -standard in. +archive, you can use the ``-`` parameter to take the data from *stdin*. Examples ~~~~~~~~ @@ -602,24 +600,30 @@ Import from a remote location This will create a new untagged image. -``$ sudo docker import http://example.com/exampleimage.tgz`` +.. code-block:: bash + + $ sudo docker import http://example.com/exampleimage.tgz Import from a local file ........................ -Import to docker via pipe and standard in +Import to docker via pipe and *stdin*. -``$ cat exampleimage.tgz | sudo docker import - exampleimagelocal:new`` +.. code-block:: bash + + $ cat exampleimage.tgz | sudo docker import - exampleimagelocal:new Import from a local directory ............................. -``$ sudo tar -c . | docker import - exampleimagedir`` +.. code-block:: bash -Note the ``sudo`` in this example -- you must preserve the ownership -of the files (especially root ownership) during the archiving with -tar. If you are not root (or sudo) when you tar, then the ownerships -might not get preserved. + $ sudo tar -c . | docker import - exampleimagedir + +Note the ``sudo`` in this example -- you must preserve the ownership of the +files (especially root ownership) during the archiving with tar. If you are not +root (or the sudo command) when you tar, then the ownerships might not get +preserved. .. _cli_info: @@ -658,16 +662,16 @@ might not get preserved. Insert a file from URL in the IMAGE at PATH -Use the specified IMAGE as the parent for a new image which adds a -:ref:`layer ` containing the new file. ``insert`` does not modify -the original image, and the new image has the contents of the parent image, -plus the new file. +Use the specified ``IMAGE`` as the parent for a new image which adds a +:ref:`layer ` containing the new file. The ``insert`` command does +not modify the original image, and the new image has the contents of the parent +image, plus the new file. Examples ~~~~~~~~ -Insert file from github +Insert file from GitHub ....................... .. code-block:: bash @@ -691,7 +695,7 @@ Insert file from github By default, this will render all results in a JSON array. If a format is specified, the given template will be executed for each result. -Go's `text/template ` package +Go's `text/template `_ package describes all the details of the format. Examples @@ -796,14 +800,14 @@ Known Issues (kill) Fetch the logs of a container -``docker logs`` is a convenience which batch-retrieves whatever logs -are present at the time of execution. This does not guarantee -execution order when combined with a ``docker run`` (i.e. your run may -not have generated any logs at the time you execute ``docker logs``). +The ``docker logs`` command is a convenience which batch-retrieves whatever +logs are present at the time of execution. This does not guarantee execution +order when combined with a ``docker run`` (i.e. your run may not have generated +any logs at the time you execute ``docker logs``). -``docker logs -f`` combines ``docker logs`` and ``docker attach``: it -will first return all logs from the beginning and then continue -streaming new output from the container's stdout and stderr. +The ``docker logs -f`` command combines ``docker logs`` and ``docker attach``: +it will first return all logs from the beginning and then continue streaming +new output from the container's stdout and stderr. .. _cli_port: @@ -941,7 +945,7 @@ Removing tagged images ~~~~~~~~~~~~~~~~~~~~~~ Images can be removed either by their short or long ID's, or their image names. -If an image has more than one name, each of them needs to be removed before the +If an image has more than one name, each of them needs to be removed before the image is removed. .. code-block:: bash @@ -1005,13 +1009,14 @@ image is removed. -link="": Add link to another container (name:alias) -name="": Assign the specified name to the container. If no name is specific docker will generate a random name -P=false: Publish all exposed ports to the host interfaces - -``'docker run'`` first ``'creates'`` a writeable container layer over -the specified image, and then ``'starts'`` it using the specified -command. That is, ``'docker run'`` is equivalent to the API -``/containers/create`` then ``/containers/(id)/start``. -``docker run`` can be used in combination with ``docker commit`` to :ref:`change the command that a container runs `. +The ``docker run`` command first ``creates`` a writeable container layer over +the specified image, and then ``starts`` it using the specified command. That +is, ``docker run`` is equivalent to the API ``/containers/create`` then +``/containers/(id)/start``. + +The ``docker run`` command can be used in combination with ``docker commit`` to +:ref:`change the command that a container runs `. Known Issues (run -volumes-from) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -1027,10 +1032,10 @@ Examples: $ sudo docker run -cidfile /tmp/docker_test.cid ubuntu echo "test" -This will create a container and print "test" to the console. The -``cidfile`` flag makes docker attempt to create a new file and write the -container ID to it. If the file exists already, docker will return an -error. Docker will close this file when docker run exits. +This will create a container and print ``test`` to the console. The +``cidfile`` flag makes Docker attempt to create a new file and write the +container ID to it. If the file exists already, Docker will return an +error. Docker will close this file when ``docker run`` exits. .. code-block:: bash @@ -1064,7 +1069,7 @@ use-cases, like running Docker within Docker. $ sudo docker run -w /path/to/dir/ -i -t ubuntu pwd The ``-w`` lets the command being executed inside directory given, -here /path/to/dir/. If the path does not exists it is created inside the +here ``/path/to/dir/``. If the path does not exists it is created inside the container. .. code-block:: bash @@ -1081,7 +1086,7 @@ using the container, but inside the current working directory. $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash -This binds port ``8080`` of the container to port ``80`` on 127.0.0.1 of the +This binds port ``8080`` of the container to port ``80`` on ``127.0.0.1`` of the host machine. :ref:`port_redirection` explains in detail how to manipulate ports in Docker. @@ -1115,11 +1120,11 @@ to the newly created container. $ sudo docker run -volumes-from 777f7dc92da7,ba8c0c54f0f2:ro -i -t ubuntu pwd The ``-volumes-from`` flag mounts all the defined volumes from the -refrence containers. Containers can be specified by a comma seperated +referenced containers. Containers can be specified by a comma seperated list or by repetitions of the ``-volumes-from`` argument. The container -id may be optionally suffixed with ``:ro`` or ``:rw`` to mount the volumes in +ID may be optionally suffixed with ``:ro`` or ``:rw`` to mount the volumes in read-only or read-write mode, respectively. By default, the volumes are mounted -in the same mode (rw or ro) as the reference container. +in the same mode (read write or read only) as the reference container. A complete example .................. @@ -1134,10 +1139,10 @@ A complete example This example shows 5 containers that might be set up to test a web application change: -1. Start a pre-prepared volume image ``static-web-files`` (in the background) that has css, image and static html in it, (with a VOLUME statement in the Dockerfile to allow the web server to use those files); -2. Start a pre-prepared ``riakserver`` image, give the container name ``riak`` and expose 8098 to any containers that link to it; +1. Start a pre-prepared volume image ``static-web-files`` (in the background) that has CSS, image and static HTML in it, (with a ``VOLUME`` instruction in the ``Dockerfile`` to allow the web server to use those files); +2. Start a pre-prepared ``riakserver`` image, give the container name ``riak`` and expose port ``8098`` to any containers that link to it; 3. Start the ``appserver`` image, restricting its memory usage to 100MB, setting two environment variables ``DEVELOPMENT`` and ``BRANCH`` and bind-mounting the current directory (``$(pwd)``) in the container in read-only mode as ``/app/bin``; -4. Start the ``webserver``, mapping port 443 (https) in the container to port 1443 on the docker server, setting the dns server to ``dns.dev.org``, creating a volume to put the log files into (so we can access it from another container), then importing the files from the volume exposed by the ``static`` container, and linking to all exposed ports from ``riak`` and ``app``. Lastly, we set the hostname to ``web.sven.dev.org`` so its consistent with the pre-generated ssl certificate; +4. Start the ``webserver``, mapping port ``443`` in the container to port ``1443`` on the Docker server, setting the DNS server to ``dns.dev.org``, creating a volume to put the log files into (so we can access it from another container), then importing the files from the volume exposed by the ``static`` container, and linking to all exposed ports from ``riak`` and ``app``. Lastly, we set the hostname to ``web.sven.dev.org`` so its consistent with the pre-generated SSL certificate; 5. Finally, we create a container that runs ``tail -f access.log`` using the logs volume from the ``web`` container, setting the workdir to ``/var/log/httpd``. The ``-rm`` option means that when the container exits, the container's layer is removed. @@ -1226,7 +1231,7 @@ The main process inside the container will receive SIGTERM, and after a grace pe ``version`` ----------- -Show the version of the docker client, daemon, and latest released version. +Show the version of the Docker client, daemon, and latest released version. .. _cli_wait: From 1a0b6cfa05431b63e386c31dbd4a52ad40e5d16b Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Mon, 30 Dec 2013 13:57:11 -0500 Subject: [PATCH 113/126] Minor fixes to the basic command documentation Upstream-commit: 0dfebf2d93e4990f12ba5d434e1750046008782f Component: engine --- components/engine/docs/sources/use/basics.rst | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/components/engine/docs/sources/use/basics.rst b/components/engine/docs/sources/use/basics.rst index 6b2c588817..8c896ae793 100644 --- a/components/engine/docs/sources/use/basics.rst +++ b/components/engine/docs/sources/use/basics.rst @@ -9,7 +9,7 @@ Learn Basic Commands Starting Docker --------------- -If you have used one of the quick install paths', Docker may have been +If you have used one of the quick install paths, Docker may have been installed with upstart, Ubuntu's system for starting processes at boot time. You should be able to run ``sudo docker help`` and get output. @@ -30,8 +30,8 @@ Download a pre-built image # Download an ubuntu image sudo docker pull ubuntu -This will find the ``ubuntu`` image by name in the :ref:`Central Index -` and download it from the top-level Central +This will find the ``ubuntu`` image by name in the :ref:`Central Index +` and download it from the top-level Central Repository to a local image cache. .. NOTE:: When the image has successfully downloaded, you will see a @@ -53,21 +53,23 @@ Running an interactive shell .. _dockergroup: -sudo and the docker Group -------------------------- +The sudo command and the docker Group +------------------------------------- -The ``docker`` daemon always runs as root, and since ``docker`` -version 0.5.2, ``docker`` binds to a Unix socket instead of a TCP -port. By default that Unix socket is owned by the user *root*, and so, -by default, you can access it with ``sudo``. +The ``docker`` daemon always runs as the root user, and since Docker version +0.5.2, the ``docker`` daemon binds to a Unix socket instead of a TCP port. By +default that Unix socket is owned by the user *root*, and so, by default, you +can access it with ``sudo``. Starting in version 0.5.3, if you (or your Docker installer) create a Unix group called *docker* and add users to it, then the ``docker`` daemon will make the ownership of the Unix socket read/writable by the *docker* group when the daemon starts. The ``docker`` daemon must -always run as root, but if you run the ``docker`` client as a user in +always run as the root user, but if you run the ``docker`` client as a user in the *docker* group then you don't need to add ``sudo`` to all the -client commands. Warning: the *docker* group is root-equivalent. +client commands. + +.. warning:: The *docker* group is root-equivalent. **Example:** @@ -97,10 +99,10 @@ Bind Docker to another host/port or a Unix socket `_). Make sure you control access to ``docker``. -With -H it is possible to make the Docker daemon to listen on a -specific ip and port. By default, it will listen on +With ``-H`` it is possible to make the Docker daemon to listen on a +specific IP and port. By default, it will listen on ``unix:///var/run/docker.sock`` to allow only local connections by the -*root* user. You *could* set it to 0.0.0.0:4243 or a specific host ip to +*root* user. You *could* set it to ``0.0.0.0:4243`` or a specific host IP to give access to everybody, but that is **not recommended** because then it is trivial for someone to gain root access to the host where the daemon is running. @@ -179,10 +181,10 @@ Committing (saving) a container state Save your containers state to a container image, so the state can be re-used. -When you commit your container only the differences between the image -the container was created from and the current state of the container -will be stored (as a diff). See which images you already have using -``sudo docker images`` +When you commit your container only the differences between the image the +container was created from and the current state of the container will be +stored (as a diff). See which images you already have using the ``docker +images`` command. .. code-block:: bash @@ -194,7 +196,5 @@ will be stored (as a diff). See which images you already have using You now have a image state from which you can create new instances. - - Read more about :ref:`working_with_the_repository` or continue to the complete :ref:`cli` From f0c55c27eed2d4012f9eba90dd9a6793139301f7 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Mon, 30 Dec 2013 20:44:02 +1000 Subject: [PATCH 114/126] simplify the volumes documentation and mention more details Upstream-commit: fd240413ff835ee72741d839dccbee24e5cc410c Component: engine --- .../docs/sources/use/working_with_volumes.rst | 70 +++++++++++++------ 1 file changed, 48 insertions(+), 22 deletions(-) diff --git a/components/engine/docs/sources/use/working_with_volumes.rst b/components/engine/docs/sources/use/working_with_volumes.rst index 16359e3ee2..86576b05e4 100644 --- a/components/engine/docs/sources/use/working_with_volumes.rst +++ b/components/engine/docs/sources/use/working_with_volumes.rst @@ -30,35 +30,58 @@ Each container can have zero or more data volumes. Getting Started ............... -Using data volumes is as simple as adding a new flag: ``-v``. The -parameter ``-v`` can be used more than once in order to create more -volumes within the new container. The example below shows the -instruction to create a container with two new volumes:: +Using data volumes is as simple as adding a ``-v`` parameter to the ``docker run`` +command. The ``-v`` parameter can be used more than once in order to +create more volumes within the new container. To create a new container with +two new volumes:: - docker run -v /var/volume1 -v /var/volume2 shykes/couchdb + $ docker run -v /var/volume1 -v /var/volume2 busybox true -For a Dockerfile, the VOLUME instruction will add one or more new -volumes to any container created from the image:: +This command will create the new container with two new volumes that +exits instantly (``true`` is pretty much the smallest, simplest program +that you can run). Once created you can mount its volumes in any other +container using the ``-volumes-from`` option; irrespecive of whether the +container is running or not. - VOLUME ["/var/volume1", "/var/volume2"] +Or, you can use the VOLUME instruction in a Dockerfile to add one or more new +volumes to any container created from that image:: + # BUILD-USING: docker build -t data . + # RUN-USING: docker run -name DATA data + FROM busybox + VOLUME ["/var/volume1", "/var/volume2"] + CMD ["/usr/bin/true"] -Mount Volumes from an Existing Container: ------------------------------------------ +Creating and mounting a Data Volume Container +--------------------------------------------- -The command below creates a new container which is running as daemon -``-d`` and with one volume ``/var/lib/couchdb``:: +If you have some persistent data that you want to share between containers, +or want to use from non-persistent containers, its best to create a named +Data Volume Container, and then to mount the data from it. - COUCH1=$(sudo docker run -d -v /var/lib/couchdb shykes/couchdb:2013-05-03) +Create a named container with volumes to share (``/var/volume1`` and ``/var/volume2``):: -From the container id of that previous container ``$COUCH1`` it's -possible to create new container sharing the same volume using the -parameter ``-volumes-from container_id``:: + $ docker run -v /var/volume1 -v /var/volume2 -name DATA busybox true - COUCH2=$(sudo docker run -d -volumes-from $COUCH1 shykes/couchdb:2013-05-03) +Then mount those data volumes into your application containers:: -Now, the second container has the all the information from the first volume. + $ docker run -t -i -rm -volumes-from DATA -name client1 ubuntu bash +You can use multiple ``-volumes-from`` parameters to bring together multiple +data volumes from multiple containers. + +Interestingly, you can mount the volumes that came from the ``DATA`` container in +yet another container via the ``client1`` middleman container:: + + $ docker run -t -i -rm -volumes-from client1 ubuntu -name client2 bash + +This allows you to abstract the actual data source from users of that data, +similar to :ref:`ambassador_pattern_linking `. + +If you remove containers that mount volumes, including the initial DATA container, +or the middleman, the volumes will not be deleted until there are no containers still +referencing those volumes. This allows you to upgrade, or effectivly migrate data volumes +between containers. Mount a Host Directory as a Container Volume: --------------------------------------------- @@ -68,13 +91,13 @@ Mount a Host Directory as a Container Volume: -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. If "host-dir" is missing, then docker creates a new volume. -This is not available for a Dockerfile due the portability and sharing -purpose of it. The [host-dir] volumes is something 100% host dependent -and will break on any other machine. +This is not available from a Dockerfile as it makes the built image less portable +or shareable. [host-dir] volumes are 100% host dependent and will break on any +other machine. For example:: - sudo docker run -v /var/logs:/var/host_logs:ro shykes/couchdb:2013-05-03 + sudo docker run -v /var/logs:/var/host_logs:ro ubuntu bash The command above mounts the host directory ``/var/logs`` into the container with read only permissions as ``/var/host_logs``. @@ -87,3 +110,6 @@ Known Issues * :issue:`2702`: "lxc-start: Permission denied - failed to mount" could indicate a permissions problem with AppArmor. Please see the issue for a workaround. +* :issue:`2528`: the busybox container is used to make the resulting container as small and + simple as possible - whenever you need to interact with the data in the volume + you mount it into another container. From d5ba3da1793da1f4b227e0600d678c1b0e39316a Mon Sep 17 00:00:00 2001 From: rgstephens Date: Mon, 30 Dec 2013 17:50:58 -0800 Subject: [PATCH 115/126] Update for Ubuntu 13.10 With two additional commands, this procedure will work for Ubuntu 13.10 using the image stackbrew/ubuntu:13.10. 1) change /etc/pam.d/sshd, pam_loginuid line 'required' to 'optional' 2) echo LANG=\"en_US.UTF-8\" > /etc/default/locale Upstream-commit: 1f80c2a652b03d84718c2e61b7761f939de3b07a Component: engine --- .../engine/docs/sources/examples/running_ssh_service.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/components/engine/docs/sources/examples/running_ssh_service.rst b/components/engine/docs/sources/examples/running_ssh_service.rst index 3d0a782678..923614951d 100644 --- a/components/engine/docs/sources/examples/running_ssh_service.rst +++ b/components/engine/docs/sources/examples/running_ssh_service.rst @@ -94,5 +94,8 @@ The password is ``screencast``. $ ifconfig $ ssh root@192.168.33.10 -p 49154 # Thanks for watching, Thatcher thatcher@dotcloud.com + # For Ubuntu 13.10 using stackbrew/ubuntu, I had do these additional steps: + # change /etc/pam.d/sshd, pam_loginuid line 'required' to 'optional' + # echo LANG=\"en_US.UTF-8\" > /etc/default/locale From 93593cd471a0f77a36b902c8ecf576728812dc9b Mon Sep 17 00:00:00 2001 From: Ryan O'Donnell Date: Mon, 30 Dec 2013 20:58:25 -0500 Subject: [PATCH 116/126] Fixes Issue #3400 See Issue #3400 Upstream-commit: ad80da33895aa9f2200279282acc25e4b2bcbf27 Component: engine --- components/engine/hack/make.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh index cc9b9f32ee..90683b6ead 100755 --- a/components/engine/hack/make.sh +++ b/components/engine/hack/make.sh @@ -69,7 +69,7 @@ BUILDFLAGS='-tags netgo -a' HAVE_GO_TEST_COVER= if \ - go help testflag | grep -q -- -cover \ + go help testflag | grep -- -cover > /dev/null \ && go tool -n cover > /dev/null 2>&1 \ ; then HAVE_GO_TEST_COVER=1 From deba21c185104b1c771279b89f9404228ffd7681 Mon Sep 17 00:00:00 2001 From: Thomas LEVEIL Date: Tue, 31 Dec 2013 01:09:42 +0000 Subject: [PATCH 117/126] support for container names in bash completion Upstream-commit: 055b32e3f4adfd490449b41d0cd6bc6ad5b7466a Component: engine --- components/engine/contrib/completion/bash/docker | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/components/engine/contrib/completion/bash/docker b/components/engine/contrib/completion/bash/docker index 8e535285e1..f1a515d00a 100755 --- a/components/engine/contrib/completion/bash/docker +++ b/components/engine/contrib/completion/bash/docker @@ -4,7 +4,7 @@ # # This script provides supports completion of: # - commands and their options -# - container ids +# - container ids and names # - image repos and tags # - filepaths # @@ -25,21 +25,24 @@ __docker_containers_all() { local containers containers="$( docker ps -a -q )" - COMPREPLY=( $( compgen -W "$containers" -- "$cur" ) ) + names="$( docker inspect -format '{{.Name}}' $containers | sed 's,^/,,' )" + COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) } __docker_containers_running() { local containers containers="$( docker ps -q )" - COMPREPLY=( $( compgen -W "$containers" -- "$cur" ) ) + names="$( docker inspect -format '{{.Name}}' $containers | sed 's,^/,,' )" + COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) } __docker_containers_stopped() { local containers containers="$( comm -13 <(docker ps -q | sort -u) <(docker ps -a -q | sort -u) )" - COMPREPLY=( $( compgen -W "$containers" -- "$cur" ) ) + names="$( docker inspect -format '{{.Name}}' $containers | sed 's,^/,,' )" + COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) } __docker_image_repos() @@ -70,8 +73,9 @@ __docker_containers_and_images() { local containers images containers="$( docker ps -a -q )" + names="$( docker inspect -format '{{.Name}}' $containers | sed 's,^/,,' )" images="$( docker images | awk 'NR>1{print $1":"$2}' )" - COMPREPLY=( $( compgen -W "$images $containers" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "$images $names $containers" -- "$cur" ) ) __ltrim_colon_completions "$cur" } From f1fad2f495eb8a5ac1bb50cf266b69382e3fb704 Mon Sep 17 00:00:00 2001 From: Christophe Troestler Date: Wed, 1 Jan 2014 00:59:47 +0100 Subject: [PATCH 118/126] Mention lxc-checkconfig This is important because the list below is not complete when one build one's own kernel. Plus it is more robust in the face of changes. Upstream-commit: 22269894105d8553fc3608fe3f749f5001a37ca0 Component: engine --- components/engine/docs/sources/installation/kernel.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/components/engine/docs/sources/installation/kernel.rst b/components/engine/docs/sources/installation/kernel.rst index b2cf4f1479..f9821e0211 100644 --- a/components/engine/docs/sources/installation/kernel.rst +++ b/components/engine/docs/sources/installation/kernel.rst @@ -115,6 +115,8 @@ Then run ``update-grub``, and reboot. Details ------- +An easy way to check that the requirements below are met is to run `lxc-checkconfig`. + Networking: - CONFIG_BRIDGE From a97ab92d81948f68dd916de23f0764cf63cf2d45 Mon Sep 17 00:00:00 2001 From: Christophe Troestler Date: Wed, 1 Jan 2014 12:28:22 +0100 Subject: [PATCH 119/126] Implement suggestions Upstream-commit: 0b3e153588876fdc2bddde2e9064598e26276a09 Component: engine --- components/engine/docs/sources/installation/kernel.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/docs/sources/installation/kernel.rst b/components/engine/docs/sources/installation/kernel.rst index f9821e0211..8338cfdc88 100644 --- a/components/engine/docs/sources/installation/kernel.rst +++ b/components/engine/docs/sources/installation/kernel.rst @@ -115,7 +115,7 @@ Then run ``update-grub``, and reboot. Details ------- -An easy way to check that the requirements below are met is to run `lxc-checkconfig`. +To automatically check some of the requirements below, you can run `lxc-checkconfig`. Networking: From 5d674e11a20505e134f73dff7935363c44d64bd0 Mon Sep 17 00:00:00 2001 From: Paul Date: Thu, 2 Jan 2014 09:52:07 +1300 Subject: [PATCH 120/126] Mac OSX command for pip was incorrect Upstream-commit: f3816ee024fe66a207381832bfc97ea123ec72ed Component: engine --- components/engine/docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/docs/README.md b/components/engine/docs/README.md index 768cabdbb1..3fdbad2ead 100644 --- a/components/engine/docs/README.md +++ b/components/engine/docs/README.md @@ -46,7 +46,7 @@ directory: * Linux: `pip install -r docs/requirements.txt` -* Mac OS X: `[sudo] pip-2.7 -r docs/requirements.txt` +* Mac OS X: `[sudo] pip-2.7 install -r docs/requirements.txt` ###Alternative Installation: Docker Container From 92d3a8ac6c883180ca65cc3329c6ac72d3911f72 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 1 Jan 2014 22:34:22 -0700 Subject: [PATCH 121/126] Add stubbed and commented "/etc/default/docker" to our deb package This is to especially fix FPM 1.0+ complaining that we told it we have an /etc/default/docker "config file", but didn't actually include one. Upstream-commit: 7fd6dcc831d28cc1ca1a5d56c9043354228f087d Component: engine --- components/engine/Dockerfile | 2 +- components/engine/hack/make/ubuntu | 18 ++++++++++++++---- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/components/engine/Dockerfile b/components/engine/Dockerfile index fb17f48ffb..9da4e8f039 100644 --- a/components/engine/Dockerfile +++ b/components/engine/Dockerfile @@ -72,7 +72,7 @@ RUN cd /usr/local/go/src && bash -xc 'for platform in $DOCKER_CROSSPLATFORMS; do RUN go get code.google.com/p/go.tools/cmd/cover # TODO replace FPM with some very minimal debhelper stuff -RUN gem install --no-rdoc --no-ri fpm +RUN gem install --no-rdoc --no-ri fpm --version 1.0.1 # Setup s3cmd config RUN /bin/echo -e '[default]\naccess_key=$AWS_ACCESS_KEY\nsecret_key=$AWS_SECRET_KEY' > /.s3cfg diff --git a/components/engine/hack/make/ubuntu b/components/engine/hack/make/ubuntu index 8fa3149d4e..bcffc6560f 100644 --- a/components/engine/hack/make/ubuntu +++ b/components/engine/hack/make/ubuntu @@ -31,6 +31,20 @@ bundle_ubuntu() { mkdir -p $DIR/lib/systemd cp -R contrib/init/systemd $DIR/lib/systemd/system + mkdir -p $DIR/etc/default + cat > $DIR/etc/default/docker <<'EOF' +# Docker Upstart and SysVinit configuration file + +# Customize location of Docker binary (especially for development testing). +#DOCKER="/usr/local/bin/docker" + +# Use DOCKER_OPTS to modify the daemon startup options. +#DOCKER_OPTS="-dns 8.8.8.8" + +# If you need Docker to use an HTTP proxy, it can also be specified here. +#export http_proxy=http://127.0.0.1:3128/ +EOF + # Copy the binary # This will fail if the binary bundle hasn't been built mkdir -p $DIR/usr/bin @@ -120,12 +134,8 @@ EOF --maintainer "$PACKAGE_MAINTAINER" \ --url "$PACKAGE_URL" \ --license "$PACKAGE_LICENSE" \ - --config-files /etc/init/docker.conf \ - --config-files /etc/init.d/docker \ - --config-files /etc/default/docker \ --deb-compression xz \ -t deb . - # note: the --config-files lines have to be duplicated to stop overwrite on package upgrade (since we have to use this funky virtual package) ) } From 8ca6e8443f53ceff8f70d570cf9bc7c064c431ff Mon Sep 17 00:00:00 2001 From: Andy Rothfusz Date: Thu, 2 Jan 2014 16:17:52 -0800 Subject: [PATCH 122/126] Keep original transcript in Thatcher's voice and clarify that this is an update to the example. Upstream-commit: 82a47b0e82367aa5f1b6d15816c7e66abdffb06a Component: engine --- .../docs/sources/examples/running_ssh_service.rst | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/components/engine/docs/sources/examples/running_ssh_service.rst b/components/engine/docs/sources/examples/running_ssh_service.rst index 923614951d..a0ce532d8d 100644 --- a/components/engine/docs/sources/examples/running_ssh_service.rst +++ b/components/engine/docs/sources/examples/running_ssh_service.rst @@ -94,8 +94,13 @@ The password is ``screencast``. $ ifconfig $ ssh root@192.168.33.10 -p 49154 # Thanks for watching, Thatcher thatcher@dotcloud.com - # For Ubuntu 13.10 using stackbrew/ubuntu, I had do these additional steps: - # change /etc/pam.d/sshd, pam_loginuid line 'required' to 'optional' - # echo LANG=\"en_US.UTF-8\" > /etc/default/locale + +Update: +------- + +For Ubuntu 13.10 using stackbrew/ubuntu, you may need do these additional steps: + +1. change /etc/pam.d/sshd, pam_loginuid line 'required' to 'optional' +2. echo LANG=\"en_US.UTF-8\" > /etc/default/locale From ca1a9efe84cb172944be0ac8953a725b6dbed869 Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Thu, 2 Jan 2014 04:17:33 -0500 Subject: [PATCH 123/126] Added some 1.7 API updates that were missing from 1.8 Upstream-commit: 69db6ea867ca155ecf6c342e82df491cdcd6aa96 Component: engine --- .../sources/api/docker_remote_api_v1.7.rst | 10 +++++----- .../sources/api/docker_remote_api_v1.8.rst | 18 ++++++++++++------ 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/components/engine/docs/sources/api/docker_remote_api_v1.7.rst b/components/engine/docs/sources/api/docker_remote_api_v1.7.rst index c33b276d25..d47f672df0 100644 --- a/components/engine/docs/sources/api/docker_remote_api_v1.7.rst +++ b/components/engine/docs/sources/api/docker_remote_api_v1.7.rst @@ -135,12 +135,12 @@ Create a container "/tmp": {} }, "VolumesFrom":"", - "WorkingDir":"" - "ExposedPorts":{ - "22/tcp": {} - } + "WorkingDir":"", + "ExposedPorts":{ + "22/tcp": {} + } } - + **Example response**: .. sourcecode:: http diff --git a/components/engine/docs/sources/api/docker_remote_api_v1.8.rst b/components/engine/docs/sources/api/docker_remote_api_v1.8.rst index 21dd4a46cf..3fe5cd73e0 100644 --- a/components/engine/docs/sources/api/docker_remote_api_v1.8.rst +++ b/components/engine/docs/sources/api/docker_remote_api_v1.8.rst @@ -122,7 +122,6 @@ Create a container "AttachStdout":true, "AttachStderr":true, "PortSpecs":null, - "Privileged": false, "Tty":false, "OpenStdin":false, "StdinOnce":false, @@ -132,12 +131,16 @@ Create a container ], "Dns":null, "Image":"base", - "Volumes":{}, + "Volumes":{ + "/tmp": {} + }, "VolumesFrom":"", - "WorkingDir":"" - + "WorkingDir":"", + "ExposedPorts":{ + "22/tcp": {} + } } - + **Example response**: .. sourcecode:: http @@ -378,7 +381,10 @@ Start a container { "Binds":["/tmp:/tmp"], - "LxcConf":{"lxc.utsname":"docker"} + "LxcConf":{"lxc.utsname":"docker"}, + "PortBindings":{ "22/tcp": [{ "HostPort": "11022" }] }, + "PublishAllPorts":false, + "Privileged":false } **Example response**: From 64b666faf6d97b76cd6bb0994434280d1b244da4 Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Thu, 2 Jan 2014 19:40:19 -0500 Subject: [PATCH 124/126] Fixed duplicate here references in FAQ Upstream-commit: 5a9f45cb7ae44bb194b2643994c6a0d53b856645 Component: engine --- components/engine/docs/sources/faq.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/components/engine/docs/sources/faq.rst b/components/engine/docs/sources/faq.rst index 6d02fa660c..e4f5c86ee7 100644 --- a/components/engine/docs/sources/faq.rst +++ b/components/engine/docs/sources/faq.rst @@ -125,8 +125,7 @@ What does Docker add to just plain LXC? What is different between a Docker container and a VM? ...................................................... -There's a great StackOverflow answer `here -`_. +There's a great StackOverflow answer `showing the differences `_. Do I lose my data when the container exits? ........................................... @@ -147,7 +146,8 @@ How do I connect Docker containers? ................................... Currently the recommended way to link containers is via the `link` primitive. -You can see details of how to use it `here `_. +You can see details of how to `work with links here +`_. Also of useful when enabling more flexible service portability is the `Ambassador linking pattern @@ -160,7 +160,7 @@ Any capable process supervisor such as http://supervisord.org/, runit, s6, or daemontools can do the trick. Docker will start up the process management daemon which will then fork to run additional processes. As long as the processor manager daemon continues to run, the container will continue to as -well. You can see a more subsantial example `here +well. You can see a more subsantial example `that uses supervisord here `_. What platforms does Docker run on? From c5289665c4c5d39a047517d7df67d2641ec4e735 Mon Sep 17 00:00:00 2001 From: Andy Rothfusz Date: Thu, 2 Jan 2014 16:46:50 -0800 Subject: [PATCH 125/126] substantial spelling fix Upstream-commit: 58ec7855bc4f724a32f585f4455b5d954f335c3c Component: engine --- components/engine/docs/sources/faq.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/docs/sources/faq.rst b/components/engine/docs/sources/faq.rst index e4f5c86ee7..e2e16c362b 100644 --- a/components/engine/docs/sources/faq.rst +++ b/components/engine/docs/sources/faq.rst @@ -160,7 +160,7 @@ Any capable process supervisor such as http://supervisord.org/, runit, s6, or daemontools can do the trick. Docker will start up the process management daemon which will then fork to run additional processes. As long as the processor manager daemon continues to run, the container will continue to as -well. You can see a more subsantial example `that uses supervisord here +well. You can see a more substantial example `that uses supervisord here `_. What platforms does Docker run on? From 5e06bc9bb4aad460b93bc4247c0fb1efe438b8fd Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 2 Jan 2014 19:21:24 -0700 Subject: [PATCH 126/126] Bump version to v0.7.3 Upstream-commit: 8502ad4ba7b5410eb55f3517a801b33f61b1f625 Component: engine --- components/engine/CHANGELOG.md | 83 ++++++++++++++++++++++++++++------ components/engine/VERSION | 2 +- 2 files changed, 71 insertions(+), 14 deletions(-) diff --git a/components/engine/CHANGELOG.md b/components/engine/CHANGELOG.md index 5fb81b4207..55d8d756a8 100644 --- a/components/engine/CHANGELOG.md +++ b/components/engine/CHANGELOG.md @@ -1,8 +1,65 @@ # Changelog +## 0.7.3 (2013-01-02) + #### Builder -- ADD now uses image cache, based on sha256 of added content. ++ Update ADD to use the image cache, based on a hash of the added content +* Add error message for empty Dockerfile + +#### Documentation + +- Fix outdated link to the "Introduction" on www.docker.io ++ Update the docs to get wider when the screen does +- Add information about needing to install LXC when using raw binaries +* Update Fedora documentation to disentangle the docker and docker.io conflict +* Add a note about using the new `-mtu` flag in several GCE zones ++ Add FrugalWare installation instructions ++ Add a more complete example of `docker run` +- Fix API documentation for creating and starting Privileged containers +- Add missing "name" parameter documentation on "/containers/create" +* Add a mention of `lxc-checkconfig` as a way to check for some of the necessary kernel configuration +- Update the 1.8 API documentation with some additions that were added to the docs for 1.7 + +#### Hack + +- Add missing libdevmapper dependency to the packagers documentation +* Update minimum Go requirement to a hard line at Go 1.2+ +* Many minor improvements to the Vagrantfile ++ Add ability to customize dockerinit search locations when compiling (to be used very sparingly only by packagers of platforms who require a nonstandard location) ++ Add coverprofile generation reporting +- Add `-a` to our Go build flags, removing the need for recompiling the stdlib manually +* Update Dockerfile to be more canonical and have less spurious warnings during build +- Fix some miscellaneous `docker pull` progress bar display issues +* Migrate more miscellaneous packages under the "pkg" folder +* Update TextMate highlighting to automatically be enabled for files named "Dockerfile" +* Reorganize syntax highlighting files under a common "contrib/syntax" directory +* Update install.sh script (https://get.docker.io/) to not fail if busybox fails to download or run at the end of the Ubuntu/Debian installation +* Add support for container names in bash completion + +#### Packaging + ++ Add an official Docker client binary for Darwin (Mac OS X) +* Remove empty "Vendor" string and added "License" on deb package ++ Add a stubbed version of "/etc/default/docker" in the deb package + +#### Runtime + +* Update layer application to extract tars in place, avoiding file churn while handling whiteouts +- Fix permissiveness of mtime comparisons in tar handling (since GNU tar and Go tar do not yet support sub-second mtime precision) +* Reimplement `docker top` in pure Go to work more consistently, and even inside Docker-in-Docker (thus removing the shell injection vulnerability present in some versions of `lxc-ps`) ++ Update `-H unix://` to work similarly to `-H tcp://` by inserting the default values for missing portions +- Fix more edge cases regarding dockerinit and deleted or replaced docker or dockerinit files +* Update container name validation to include '.' +- Fix use of a symlink or non-absolute path as the argument to `-g` to work as expected +* Update to handle external mounts outside of LXC, fixing many small mounting quirks and making future execution backends and other features simpler +* Update to use proper box-drawing characters everywhere in `docker images -tree` +* Move MTU setting from LXC configuration to directly use netlink +* Add `-S` option to external tar invocation for more efficient spare file handling ++ Add arch/os info to User-Agent string, especially for registry requests ++ Add `-mtu` option to Docker daemon for configuring MTU +- Fix `docker build` to exit with a non-zero exit code on error ++ Add `DOCKER_HOST` environment variable to configure the client `-H` flag without specifying it manually for every invocation ## 0.7.2 (2013-12-16) @@ -19,7 +76,7 @@ - Prevent deletion of image if ANY container is depending on it even if the container is not running * Update docker push to use new progress display * Use os.Lstat to allow mounting unix sockets when inspecting volumes -- Adjusted handling of inactive user login +- Adjust handling of inactive user login - Add missing defines in devicemapper for older kernels - Allow untag operations with no container validation - Add auth config to docker build @@ -114,7 +171,7 @@ #### Runtime -* Improved stability, fixes some race conditons +* Improve stability, fixes some race conditons * Skip the volumes mounted when deleting the volumes of container. * Fix layer size computation: handle hard links correctly * Use the work Path for docker cp CONTAINER:PATH @@ -157,7 +214,7 @@ + Add lock around write operations in graph * Check if port is valid * Fix restart runtime error with ghost container networking -+ Added some more colors and animals to increase the pool of generated names ++ Add some more colors and animals to increase the pool of generated names * Fix issues in docker inspect + Escape apparmor confinement + Set environment variables using a file. @@ -311,7 +368,7 @@ * Improve network performance for VirtualBox * Revamp install.sh to be usable by more people, and to use official install methods whenever possible (apt repo, portage tree, etc.) - Fix contrib/mkimage-debian.sh apt caching prevention -+ Added Dockerfile.tmLanguage to contrib ++ Add Dockerfile.tmLanguage to contrib * Configured FPM to make /etc/init/docker.conf a config file * Enable SSH Agent forwarding in Vagrant VM * Several small tweaks/fixes for contrib/mkimage-debian.sh @@ -425,7 +482,7 @@ * Mount /dev/shm as a tmpfs - Switch from http to https for get.docker.io * Let userland proxy handle container-bound traffic -* Updated the Docker CLI to specify a value for the "Host" header. +* Update the Docker CLI to specify a value for the "Host" header. - Change network range to avoid conflict with EC2 DNS - Reduce connect and read timeout when pinging the registry * Parallel pull @@ -621,7 +678,7 @@ + Builder: 'docker build git://URL' fetches and builds a remote git repository * Runtime: 'docker ps -s' optionally prints container size -* Tests: Improved and simplified +* Tests: improved and simplified - Runtime: fix a regression introduced in 0.4.3 which caused the logs command to fail. - Builder: fix a regression when using ADD with single regular file. @@ -636,7 +693,7 @@ + ADD of a local file will detect tar archives and unpack them * ADD improvements: use tar for copy + automatically unpack local archives * ADD uses tar/untar for copies instead of calling 'cp -ar' -* Fixed the behavior of ADD to be (mostly) reverse-compatible, predictable and well-documented. +* Fix the behavior of ADD to be (mostly) reverse-compatible, predictable and well-documented. - Fix a bug which caused builds to fail if ADD was the first command * Nicer output for 'docker build' @@ -681,7 +738,7 @@ + Detect faulty DNS configuration and replace it with a public default + Allow docker run : + You can now specify public port (ex: -p 80:4500) -* Improved image removal to garbage-collect unreferenced parents +* Improve image removal to garbage-collect unreferenced parents #### Client @@ -735,7 +792,7 @@ #### Documentation -* Improved install instructions. +* Improve install instructions. ## 0.3.3 (2013-05-23) @@ -820,7 +877,7 @@ + Support for data volumes ('docker run -v=PATH') + Share data volumes between containers ('docker run -volumes-from') -+ Improved documentation ++ Improve documentation * Upgrade to Go 1.0.3 * Various upgrades to the dev environment for contributors @@ -876,7 +933,7 @@ - Add debian packaging - Documentation: installing on Arch Linux - Documentation: running Redis on docker -- Fixed lxc 0.9 compatibility +- Fix lxc 0.9 compatibility - Automatically load aufs module - Various bugfixes and stability improvements @@ -911,7 +968,7 @@ - Stabilize process management - Layers can include a commit message - Simplified 'docker attach' -- Fixed support for re-attaching +- Fix support for re-attaching - Various bugfixes and stability improvements - Auto-download at run - Auto-login on push diff --git a/components/engine/VERSION b/components/engine/VERSION index c7d2522718..f38fc5393f 100644 --- a/components/engine/VERSION +++ b/components/engine/VERSION @@ -1 +1 @@ -0.7.2-dev +0.7.3