This fix tries to fix the issue raised in 29044 where
the IPAM options is missing in swarm network mode
after the service is deployed. Before the service
is deployed, the IPAM options is available.
The reason for the issue is that, before service is
deployed, `network inspect` is querying the swarm and
obtained the correct information.
However, after service is deployed, swarm executor
does not pass the IPAM options to the backend (daemon).
Also after service is deployed, `network inspect` is
actually querying the local daemon for information.
At this time the network information with missing IPAM
options is returned.
This fix fixes the issue by updating the swarm network
allocator and swarm executor.
A separate PR for swarmkit will be opened.
An integration test has been added to cover the change.
This fix fixes 29044.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 4d958e99c178f7cd4196ed901c2834ae13f0f7d0
Component: engine
In certain cases (unattended upgrades), system services can disable
loaded AppArmor profiles. However, since /etc being read-only is a
supported setup we cannot just write a copy of the profile to
/etc/apparmor.d.
Instead, dynamically load the docker-default AppArmor profile if a
container is started with that profile set. This code will short-cut if
the profile is already loaded.
Fixes: 2f7596aaef3a ("apparmor: do not save profile to /etc/apparmor.d")
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Upstream-commit: 567ef8e7858ca4f282f598ba1f5a951cbad39e83
Component: engine
This fix tries to address the issue raised in 29129 where
"--hostname" not working when running in "--net=host" for
`docker run`.
The fix fixes the issue by not resetting the `container.Config.Hostname`
if the `Hostname` has already been assigned through `--hostname`.
An integration test has been added to cover the changes.
This fix fixes 29129.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: b0a7b0120f4461daa34527a743087e73ef8f5963
Component: engine
This fix convert DanglingOnly in ImagesPruneConfig to Filters,
so that it is possible to maintain API compatibility in the future.
Several integration tests have been added to cover changes.
This fix is related to 28497.
A follow up to this PR will be done once this PR is merged.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: a6be56b54e871c4e7a6e72881770a64676c27c3c
Component: engine
the restart policy validation was moved from
the client to the daemon in 94e95e4711643640701bd614902e75a2d01f12c5
As part of that change, retry-counts < 1
were marked as "invalid".
However, the default is 0 (unlimited), causing
docker run -d --restart=on-failure nginx
To fail.
This changes the validation to only invalidate
retry-counts < 0.
A test was added, and other tests renamed
to allow running just these tests :)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 9db5d649aea1c3d4728d0159bb5175a49f77748e
Component: engine
When UpdateStatus was not present, the empty values of the timestamps
would be present:
"UpdateStatus": {
"StartedAt": "0001-01-01T00:00:00Z",
"CompletedAt": "0001-01-01T00:00:00Z"
}
To fix this, make the timestamps pointers, so they can be set to nil
when they should not be shown.
Also make UpdateStatus itself a pointer, so an empty object does not
show up when there is no UpdateStatus.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 0e70d96a6813704498a3ce9cc2786648c84daa3a
Component: engine
Validation is still done by swarmkit on the service side.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: ef39256dfb711f8382a5c021b85d6c7d613282b0
Component: engine
Upon each container create I'm seeing these warning **every** time in the
daemon output:
```
WARN[0002] Your kernel does not support swap memory limit
WARN[0002] Your kernel does not support cgroup rt period
WARN[0002] Your kernel does not support cgroup rt runtime
```
Showing them for each container.create() fills up the logs and encourages
people to ignore the output being generated - which means its less likely
they'll see real issues when they happen. In short, I don't think we
need to show these warnings more than once, so let's only show these
warnings at daemon start-up time.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: ff42a2eb41a86217a440a1c4b2afd3c4cd1d48ac
Component: engine
This ensures that graphdriver plugins can properly cleanup on daemon
exit.
Also prevents errors during shutdown when it tries to send the plugin a
`Cleanup()` request but ultimately times out since it's already been
shutdown.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 4b400ecc4df4bcf245f1f751a7fd0c9c193d9dbf
Component: engine
If, using the API, a user submits an init request with a spec that has a
name other than "default", the engine will rename the "default" cluster
object. Some parts of swarmkit depend on having a cluster object named
"default". Reject any specs that use other names.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 9dba9e3248f8476d15242ce3ec0bf6d6d50c1a76
Component: engine
If a swarm service is created using an image ID, it's useless to try to
pull this reference or resolve it to a manifest digest. Avoid doing this
when a fully qualified image ID is given.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 089842c4b47c262187b0b1a8d6d124f3faa03752
Component: engine
The error didn't hint at how to resolve it. Google auto-suggest
also implies that people have been Googling this error.
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
Upstream-commit: 70acb89fa2e889393d33664bc780cf116795f3e4
Component: engine
