This is required for swarmkit to be able to filter based on log driver.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 17abacb8946ed89496fcbf07a0288fafe24cb7b0
Component: engine
When a container was being destroyed was possible to have
flows in conntrack left behind on the host.
If a flow is present into the conntrack table, the packet
processing will skip the POSTROUTING table of iptables and
will use the information in conntrack to do the translation.
For this reason is possible that long lived flows created
towards a container that is destroyed, will actually affect
new flows incoming to the host, creating erroneous conditions
where traffic cannot reach new containers.
The fix takes care of cleaning them up when a container is
destroyed.
The test of this commit is actually reproducing the condition
where an UDP flow is established towards a container that is then
destroyed. The test verifies that the flow established is gone
after the container is destroyed.
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
Upstream-commit: 1c4286bcffcdc6668f84570a2754c78cccbbf7e1
Component: engine
This adds a new parameter insertDefaults to /services/{id}. When this is
set, an empty field (such as UpdateConfig) will be populated with
default values in the API response. Make "service inspect" use this, so
that empty fields do not result in missing information when inspecting a
service.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 1d274e9acfe96b98be3ec956636ff4e5c70e98af
Component: engine
Service logs API is now stable. Service logs now support all features,
except retrieving details provided to the log driver.
Signed-off-by: Drew Erny <drew.erny@docker.com>
Upstream-commit: 306cfecc8c146ea8addb44dd35296808b25916a2
Component: engine
Logging plugins use the same HTTP interface as other plugins for basic
command operations meanwhile actual logging operations are handled (on
Unix) via a fifo.
The plugin interface looks like so:
```go
type loggingPlugin interface {
StartLogging(fifoPath string, loggingContext Context) error
StopLogging(fifoPath)
```
This means a plugin must implement `LoggingDriver.StartLogging` and
`LoggingDriver.StopLogging` endpoints and be able to consume the passed
in fifo.
Logs are sent via stream encoder to the fifo encoded with protobuf.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 27bd6842f8518780b99fdb42f8e7f84c17856d87
Component: engine
Resolve networks IDs on the client side.
Avoid filling in deprecated Spec.Networks field.
Sort networks in the TaskSpec for update stability.
Add an integration test for changing service networks.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 0f2669a63834844fb0ef5c017f517d8c321ad3c7
Component: engine
Add MetaArgs for ARG that occur before the first FROM
Integration test for these cases.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 239c53bf836174108dbae445a394a290f5fe2898
Component: engine
Paths resolving to c:\ or c:\windows are forbidden
Replaced the obscure (and non-working) regex with a simple case
insensitive comparison to the black listed paths (we should forbid c:\,
c:\windows but not d:\)
Also, add a test ensuring paths are case insensitive on windows
Also, made sure existing multi-staged build tests pass on windows
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
Upstream-commit: b0e75888738f6e427b545922a195837c00158749
Component: engine
Refactor container logs system to make communicating log messages
internally much simpler. Move responsibility for marshalling log
messages into the REST server. Support TTY logs. Pave the way for fixing
the ambiguous bytestream format. Pave the way for fixing details.
Signed-off-by: Drew Erny <drew.erny@docker.com>
Upstream-commit: 1044093bb0aa12eb8972361a93b9bc8c4ddd857b
Component: engine
This fix tries to address the issue raised in 31032 where it was
not possible to specify `--cpus` for `docker update`.
This fix adds `--cpus` support for `docker update`. In case both
`--cpus` and `--cpu-period/--cpu-quota` have been specified,
an error will be returned.
Related docs has been updated.
Integration tests have been added.
This fix fixes 31032.
This fix is related to 27921, 27958.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 61022436926a8d0c92068e8116a2ad77f43eb6d6
Component: engine
Improve test coverage of ReplaceFileTarWrapper()
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 8cd6c30a489f7a0210526b0f94469c525ba8e0ee
Component: engine
This fix tries to address the issue raised in 29999 where it was not
possible to mask these items (like important non-removable stuff)
from `docker system prune`.
This fix adds `label` and `label!` field for `--filter` in `system prune`,
so that it is possible to selectively prune items like:
```
$ docker container prune --filter label=foo
$ docker container prune --filter label!=bar
```
Additional unit tests and integration tests have been added.
This fix fixes 29999.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 702524732427ce028277f99f215e1fab297e6001
Component: engine
Heavily based on implementation by David Sheets
Signed-off-by: David Sheets <sheets@alum.mit.edu>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: 3f6dc81e10b8b813fffaa9b4167a60c5a507fa38
Component: engine
Allowing the retries to go up to 10 causes the test to always
hit the check against ensuring the retry wait went up to 15 seconds.
Additionally we have the max download attempts in the code set to
5. This change did not protect against using this test to expose
a problem in the underlying code. Remove checks for retry since
there may be additional requests before the upload.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 5ff82cffeeecfb452a9bc1f1ff5d4f5eb3c8e55b
Component: engine
Refactored the API to more easily accept new endpoints. Added REST,
client, and CLI endpoints for getting logs from a specific task. All
that is needed after this commit to enable arbitrary service log
selectors is a REST endpoint and handler.
Task logs can be retrieved by putting in a task ID at the CLI instead of
a service ID.
Signed-off-by: Drew Erny <drew.erny@docker.com>
Upstream-commit: d330dc3223df7e6c2b066373718709e34e19efca
Component: engine
These integration tests were basically testing if a
decent error message was printed when attempting
to remove a running, paused, or restarting container.
Moving these tests to a unit-test to make the tests
not flaky (especially on the "restarting" container
test).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 2759194d44634b88d7a39134a24a61ca8d60c0ab
Component: engine
Change "service create" and "service update" to wait until the creation
or update finishes, when --detach=false is specified. Show progress bars
for the overall operation and for each individual task (when there are a
small enough number of tasks), unless "-q" / "--quiet" is specified.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 330a0035334871d92207b583c1c36d52a244753f
Component: engine
Test used to check whether ulimits applied by docker are in effect by
setting up nproc. However, in some environments (e.g. inside Virtuozzo
Containers), number of processes is higher and testcase fails. Hence, we
instead change testcase to check ulimits by setting nofile limit instead
of nproc.
Signed-off-by: Vitaly Ostrosablin <vostrosablin@virtuozzo.com>
Upstream-commit: d4e132f84da72b5c2f2f63c95a8ca5cddabf8433
Component: engine
