The latest libkv uses a different etcd library. Unfortunately
that library uses some funky import paths, so I've added a new cleanup
routine for our vendor scripts to be able to normalize the imports
to be consistent with how imports work in this tree.
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
Upstream-commit: 7078e7ddf42ad0beeb61e82cb1544d74def98adf
Component: engine
introduced --subnet, --ip-range and --gateway options in docker network
command. Also, user can allocate driver specific ip-address if any using
the --aux-address option.
Supports multiple subnets per network and also sharing ip range
across networks if the network-driver and ipam-driver supports it.
Example, Bridge driver doesnt support sharing same ip range across
networks.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: cc6aece1fdefbc10638fe9e462a15608c6093115
Component: engine
* Made use of IPAM driver primitives for legacy IP configurations
* Replaced custom Generics with backend labels
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: 0f351ce3643a97d4b6af0021826b851f9ba41967
Component: engine
Carry #15975 - Add extra fields based on label and env for gelf/fluentd/json-file/journald log drivers
Upstream-commit: 3856c5efa685013b5e82347d5812de4c7788d4ff
Component: engine
Add docker info show base filesystem size of container/image when use devicemapper
Upstream-commit: 5ecbc9747fab243136402ea78d65e928e6d4678b
Component: engine
Tags and digests are kept in the same storage. We want to make sure that they are completely separated - tags are something users set and digests can only be set by pull-by-digest code path.
Reverts #14664
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: d08ca5c2b65d442f37424957e53d81f96356d12c
Component: engine
It is possible that network files do not exist, especially in the case
of `--net=host` where a host OS (like CoreOS) does not use certain
standard network files. This patch verifies that the source file of a
network mount point exists before adding it to the list of mount points
for bind mounting from the container's metadata directory.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: ed68486f687ce9d5963d7250f70dc66c9f14cd63
Component: engine
this allows jsonfile logger to collect extra metadata from containers with
`--log-opt labels=label1,label2 --log-opt env=env1,env2`.
Extra attributes are saved into `attrs` attributes for each log data.
Signed-off-by: Daniel Dao <dqminh@cloudflare.com>
Upstream-commit: 0083f6e984894b4d3697c1ae63547c07eea697af
Component: engine
this allows journald logger to collect extra metadata from containers with
`--log-opt labels=label1,label2 --log-opt env=env1,env2`
Signed-off-by: Daniel Dao <dqminh@cloudflare.com>
Upstream-commit: 11a24f19c2da88b6c3b50114863f24c06c5ce2fd
Component: engine
this allows fluentd logger to collect extra metadata from containers with
`--log-opt labels=label1,label2 --log-opt env=env1,env2`
Signed-off-by: Daniel Dao <dqminh@cloudflare.com>
Upstream-commit: 4cc8490283fdc8315f595be3e32951929e65bb40
Component: engine
this allows gelf logger to collect extra metadata from containers with
`--log-opt labels=label1,label2 --log-opt env=env1,env2`
Additional log field will be prefixed with `_` as per gelf protocol
https://www.graylog.org/resources/gelf/
Signed-off-by: Daniel Dao <dqminh@cloudflare.com>
Upstream-commit: 5794a0190d7505e998116f1321ae39b001d0e710
Component: engine
Add a unit test for validateManifest which ensures extra data can't be
injected by adding data to the JSON object outside the payload area.
This also removes validation of legacy signatures at pull time. This
starts the path of deprecating legacy signatures, whose presence in the
very JSON document they attempt to sign is problematic. These
signatures were only checked for official images, and since they only
caused a weakly-worded message to be printed, removing the verification
should not cause impact.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 011bfd666eeb21a111ca450c42a3893ad03c9324
Component: engine
Generate a hash chain involving the image configuration, layer digests,
and parent image hashes. Use the digests to compute IDs for each image
in a manifest, instead of using the remotely specified IDs.
To avoid breaking users' caches, check for images already in the graph
under old IDs, and avoid repulling an image if the version on disk under
the legacy ID ends up with the same digest that was computed from the
manifest for that image.
When a calculated ID already exists in the graph but can't be verified,
continue trying SHA256(digest) until a suitable ID is found.
"save" and "load" are not changed to use a similar scheme. "load" will
preserve the IDs present in the tar file.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 504e67b867865a2835e8002c01087a2cfd7bfd0e
Component: engine
