In the API:
`Writable` changed to `ReadOnly`
`Populate` changed to `NoCopy`
Corresponding CLI options updated to:
`volume-writable` changed to `volume-readonly`
`volume-populate` changed to `volume-nocopy`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 56f3422468a0b43da7bae7a01762ce4f0a92d9ff
Component: engine
The current behavior of `docker swarm init` is to set up a swarm that
has no secret for joining, and does not require manual acceptance for
workers. Since workers may sometimes receive sensitive data such as pull
credentials, it makes sense to harden the defaults.
This change makes `docker swarm init` generate a random secret if none
is provided, and print it to the terminal. This secret will be needed to
join workers or managers to the swarm. In addition to improving access
control to the cluster, this setup removes an avenue for
denial-of-service attacks, since the secret is necessary to even create
an entry in the node list.
`docker swarm init --secret ""` will set up a swarm without a secret,
matching the old behavior. `docker swarm update --secret ""` removes the
automatically generated secret after `docker swarm init`.
Closes#23785
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 7342e42fcecbc243bcb8723b8422879662452017
Component: engine
This is done in a hacky way as currently there is no better way.
Uses known implementation details about how tasks are scheduled to be
able to operate on the underlying container.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: e5ec575b32d6979914dce576f1b8bb71f3057cea
Component: engine
[carry 23503] Always store the image digest when pulling and pushing an image.
Upstream-commit: ee0283c97a44fd8e67f2df81d076eb4b1858b3d2
Component: engine
schema1 manifests is not working on ARM64, we should skip integration-cli
tests for schema1 manifests on ARM64.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
Upstream-commit: 9c1566a1dfa3eccd12e09a3e2cbda60503600d44
Component: engine
This fix tries to address an issue raised in #24090 where
the title field of `docker node ls` use NAME instead of
HOSTNAME. Yet the content of this field is actually
hostname.
The fix makes needed changes for the output of
`docker node ls`.
An additional test has been added to cover the change in
this fix.
This fix fixes#24090.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 4bc91ceeb750db6a6270b2f1821cb0b2f30117fc
Component: engine
Fix two test issues:
- pidof is not available in PATH on some Jenkins systems (rhel, centos)
Use kill -0 instead.
- Cleanup after plugin test. This is a stop gap fix. The right way to
fix this, is to shutdown the plugin on daemon shutdown path (except
for the live-restore case). This will be done in a follow up PR.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Upstream-commit: 6d36431e2395867d7bb101dbfd4340e132fd5438
Component: engine
Always attempt to add digest even when tag already exists.
Ensure digest does not currently exist.
When image id is mismatched, output an error log.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 33984f256b1a281b1130ac7e8edb7bc311750ccf
Component: engine
Also live restore is stable now. So move experimental tests out to stable.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Upstream-commit: 006d58d7e6756848058bd69a12c698c44e64efd1
Component: engine
This also moves the variable holding the default runtime name from the
engine-api repository into docker repository
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Upstream-commit: 69af7d0d13670b8e2a03a38b4d9a849fc109b338
Component: engine
Add api side validation and defaults for init and
join requests.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: fb3eb1c27ef5520571c599ead8a72b343748db39
Component: engine
