This fix tries to address the issue raised in 35752
where container start will trigger a crash if EndpointSettings is nil.
This fix adds the validation to make sure EndpointSettings != nil
This fix fixes 35752.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 8d2f4cb24129d87674a13319ca48ce8636ee527a
Component: engine
Signed-off-by: John Howard <jhoward@microsoft.com>
The re-coalesces the daemon stores which were split as part of the
original LCOW implementation.
This is part of the work discussed in https://github.com/moby/moby/issues/34617,
in particular see the document linked to in that issue.
Upstream-commit: ce8e529e182bde057cdfafded62c210b7293b8ba
Component: engine
Instead of having to create a bunch of custom error types that are doing
nothing but wrapping another error in sub-packages, use a common helper
to create errors of the requested type.
e.g. instead of re-implementing this over and over:
```go
type notFoundError struct {
cause error
}
func(e notFoundError) Error() string {
return e.cause.Error()
}
func(e notFoundError) NotFound() {}
func(e notFoundError) Cause() error {
return e.cause
}
```
Packages can instead just do:
```
errdefs.NotFound(err)
```
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 87a12421a94faac294079bebc97c8abb4180dde5
Component: engine
For obvious reasons that it is not really supported now.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 5a9b5f10cf967f31f0856871ad08f9a0286b4a46
Component: engine
Signed-off-by: John Howard <jhoward@microsoft.com>
This PR has the API changes described in https://github.com/moby/moby/issues/34617.
Specifically, it adds an HTTP header "X-Requested-Platform" which is a JSON-encoded
OCI Image-spec `Platform` structure.
In addition, it renames (almost all) uses of a string variable platform (and associated)
methods/functions to os. This makes it much clearer to disambiguate with the swarm
"platform" which is really os/arch. This is a stepping stone to getting the daemon towards
fully multi-platform/arch-aware, and makes it clear when "operating system" is being
referred to rather than "platform" which is misleadingly used - sometimes in the swarm
meaning, but more often as just the operating system.
Upstream-commit: 0380fbff37922cadf294851b1546f4c212c7f364
Component: engine
Use strongly typed errors to set HTTP status codes.
Error interfaces are defined in the api/errors package and errors
returned from controllers are checked against these interfaces.
Errors can be wraeped in a pkg/errors.Causer, as long as somewhere in the
line of causes one of the interfaces is implemented. The special error
interfaces take precedence over Causer, meaning if both Causer and one
of the new error interfaces are implemented, the Causer is not
traversed.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: ebcb7d6b406fe50ea9a237c73004d75884184c33
Component: engine
Reuse existing structures and rely on json serialization to deep copy
Container objects.
Also consolidate all "save" operations on container.CheckpointTo, which
now both saves a serialized json to disk, and replicates state to the
ACID in-memory store.
Signed-off-by: Fabio Kung <fabio.kung@gmail.com>
Upstream-commit: edad52707c536116363031002e6633e3fec16af5
Component: engine
Replicate relevant mutations to the in-memory ACID store. Readers will
then be able to query container state without locking.
Signed-off-by: Fabio Kung <fabio.kung@gmail.com>
Upstream-commit: eed4c7b73f0cf98cf48943da1c082f3210b28c82
Component: engine
There is no case which would resolve in this error. The root user always exists, and if the id maps are empty, the default value of 0 is correct.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 93fbdb69acf9248283a91a1c5c6ea24711c26eda
Component: engine
Container state counts are used for reporting in the `/info` endpoint.
Currently when `/info` is called, each container is iterated over and
the containers 'StateString()' is called. This is not very efficient
with lots of containers, and is also racey since `StateString()` is not
using a mutex and the mutex is not otherwise locked.
We could just lock the container mutex, but this is proven to be
problematic since there are frequent deadlock scenarios and we should
always have the `/info` endpoint available since this endpoint is used
to get general information about the docker host.
Really, these metrics on `/info` should be deprecated. But until then,
we can just keep a running tally in memory for each of the reported
states.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: e4c03623c2fcd3013343d246e3432409850c8c37
Component: engine
If a caller specifies an SELinux type or MCS Label and still wants to
share an IPC Namespace or the host namespace, we should allow them.
Currently we are ignoring the label specification if ipcmod=container
or pidmode=host.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Upstream-commit: 881e20ee0be4bf048fb3b7e7f4c12b076a1607bb
Component: engine
Since Register() will never return err,remove the return value
Signed-off-by: NickrenREN <yuquan.ren@easystack.cn>
Upstream-commit: 78b50c129e06ceab460648b9c84d464b4c34cfee
Component: engine
After running the test suite with the race detector enabled I found
these gems that need to be fixed.
This is just round one, sadly lost my test results after I built the
binary to test this... (whoops)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 7917a36cc787ada58987320e67cc6d96858f3b55
Component: engine
This fix tries to address the issue raised in 29129 where
"--hostname" not working when running in "--net=host" for
`docker run`.
The fix fixes the issue by not resetting the `container.Config.Hostname`
if the `Hostname` has already been assigned through `--hostname`.
An integration test has been added to cover the changes.
This fix fixes 29129.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: b0a7b0120f4461daa34527a743087e73ef8f5963
Component: engine
Validation is still done by swarmkit on the service side.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: ef39256dfb711f8382a5c021b85d6c7d613282b0
Component: engine
Move some of the optional parameters of CreateRWLayer() in a struct
called CreateRWLayerOpts. This will make it easy to add more options
arguments without having to change signature of CreateRWLayer().
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Upstream-commit: f7f3d34210fd8d25a929c6b9048e74e7ee40a558
Component: engine
This adds a metrics packages that creates additional metrics. Add the
metrics endpoint to the docker api server under `/metrics`.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Add metrics to daemon package
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
api: use standard way for metrics route
Also add "type" query parameter
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Convert timers to ms
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 3343d234f3b131d4be1d4ca84385e184633a79bd
Component: engine
init layer is read/write layer and not read only layer. Following commit
introduced new graph driver method CreateReadWrite.
ef5bfad Adding readOnly parameter to graphdriver Create method
So far only windows seem to be differentiating between above two methods.
Making this change to make sure -init layer calls right method so that
we don't have surprises in future.
Windows does not need init layer. This patch also gets rid of creation of
init layer on windows.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Upstream-commit: 2508ca000e79dfe1a956b0078a0d196dd6b66dab
Component: engine
This PR adds support for running regular containers to be connected to
swarm mode multi-host network so that:
- containers connected to the same network across the cluster can
discover and connect to each other.
- Get access to services(and their associated loadbalancers)
connected to the same network
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Upstream-commit: 99a98ccc14a9427be47c8006e130750710db0a16
Component: engine
This moves the types for the `engine-api` repo to the existing types
package.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 91e197d614547f0202e6ae9b8a24d88ee131d950
Component: engine
This fix tries to address the issue raised in comment:
https://github.com/docker/docker/pull/25943#discussion_r76843081
Previously, the validation for `ip6` is done by checking ParseIP().To16().
However, in case an IPv4 address or an IPv4-mapped Ipv6 address has been
provided, the validation will pass (should fail).
This fix first check if `--ip6` is passed with a valid IP address and returns
error for invalid IP addresses. It then check if an IPv4 or IPv4-mapped Ipv6
address is passed, and return error accordingly.
This fix adds two more cases in the tests. One for IPv4 address passed to `--ip6`
and another for Ipv4-mapped IPv6 address passed to `--ip6`. In both cases,
without this fix the validation will pass through.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 1e6eccae69bd9b1f65ec87c33a6a872c81f7fb23
Component: engine
This fix tries to fix the issue raised in 25863 where `--ip` value
is not validated for `docker create`. As a result, the IP address
passed by `--ip` is not used for `docker create` (ignored silently).
This fix adds validation in the daemon so that `--ip` and `--ip6`
are properly validated for `docker create`.
An integration test has been added to cover the changes.
This fix fixes 25863.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: c7045eb93523df76feb9f3e00540e69471a1855e
Component: engine
fixes#25766
If a container's AutoRemove is enabled, client will wait until it's
removed after container exits, this is implemented based on "destroy"
event.
Currently an "AutoRemove" container will report "destroy" event to
notify a hanging client to exit before all volumes are removed, this is
wrong, we should wait container until everything is cleaned up.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Upstream-commit: 4df77c11e065bf96b04fc0328a7e7600a2e64937
Component: engine
This fix tries to address the issue raised in #23498 to allow unset
`--entrypoint` in `docker run` or `docker create`.
This fix checks the flag `--entrypoint` and, in case `--entrypoint=` (`""`)
is passed, unset the Entrypoint during the container run.
Additional integration tests have been created to cover changes in this fix.
This fix fixes#23498.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: c8d3ee80933d6337382fb4a52d90835e263c1aaf
Component: engine
In order to keep a little bit of "sanity" on the API side, validate
hostname only starting from v1.24 API version.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 6daf3d2a783fd042e870c8af8bbd19fc28989505
Component: engine
