As described in our ROADMAP.md, introduce new Swarm management commands
to call to the corresponding API endpoints.
This PR is fully backward compatible (joining a Swarm is an optional
feature of the Engine, and existing commands are not impacted).
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: 12a00e60177ca42bfb1dd9ebd5dce1c7039da6dd
Component: engine
This flags enables full support of daemonless containers in docker. It
ensures that docker does not stop containers on shutdown or restore and
properly reconnects to the container when restarted.
This is not the default because of backwards compat but should be the
desired outcome for people running containers in prod.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: d705dab1b1bd0a946d647374325d61fac57736db
Component: engine
This fix tries to fix logrus formatting by adding `f` to the end of
`logrus.[Error|Warn|Debug|Fatal|Panic|Info](` when formatting string
is present but the function `logrus.[Error|Warn|Debug|Fatal|Panic|Info](`
is used (incorrectly).
This fix is related to #23459, and is a follow up of #23461.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: d917723331c090d5003b70decda7f80bf123f966
Component: engine
from a docker push output digest.DigestRegexp.FindString(output) does
not retrive the sha256: prefixed digest but just a string - in many
cases it's the registry host. The checks in the code are completely
wrong then. Fix this by using the DigestRegexp from the
distribution/reference package which correctly retrieves the digest
from the output.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Upstream-commit: 0bc88d5b0a14e6c7291bb5fbf99283a05511d07c
Component: engine
the order in which disconnect takes place is undetermined,
so don't check for the full name
this test was passing due to a previous bug, that
always returned the same network-name.
this bug was recently fixed in 148bcda3292563df8e433a3d7987810cd5702dec
(pull request 23375), exposing this test to be
flaky.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 7d22eb072cd277048e678d6244e5fb395b34f1ff
Component: engine
During a `docker load` there are times when nothing is printed
to the screen, leaving the user with no idea whether something happened.
When something *is* printed, often its just something like:
```
1834950e52ce: Loading layer 1.311 MB/1.311 MB
5f70bf18a086: Loading layer 1.024 kB/1.024 kB
```
which isn't necessarily the same as the image IDs.
This PR will either show:
- all of the tags for the image, or
- all of the image IDs if there are no tags
Sample output:
```
$ docker load -i busybox.tar
Loaded image: busybox:latest
$ docker load -i a.tar
Loaded image ID: sha256:47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb
```
IOW, show the human-friendly stuff first and then only if there are no tags
default back to the image IDs, so they have something to work with.
For me this this is needed because I have lots of images and after a
recent `docker load` I had no idea what image I just imported and had a
hard time figuring it out. This should fix that by telling the user
which images they just imported.
I'll add tests once there's agreement that we want this change.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 6986a3220fe59146eeddeaa865561472abc7baeb
Component: engine
As map reference, if all networks use same, it could cause strange
results.
Closes: #23304
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
Upstream-commit: 1cac7e6cbd3d1501d0fc29fc55b7ada981974998
Component: engine
This adds support for filtering by network ID, to be
consistent with other filter options.
Note that only *full* matches are returned; this is
consistent with other filters (e.g. volume), that
also return full matches only.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 7c46ba02e694ae540866b29ebf0dab76e556cc13
Component: engine
Change the test back to what it was before
e83dad090a1e890ac870808d776fa584276bf7ab
And added an extra test-case to check the
output if an incorrect number of arguments
is passed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 085f41b6a5764cba33fb5bda387f8ebe165d5828
Component: engine
Any command that expects extra flags after positional args needs to set flags.SetInterspersed(false).
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: aa00520fc8bb4e04c37c2eb41f3bc3558deab533
Component: engine
This fix is part of the effort to convert commands to spf13/cobra #23211.
Thif fix coverted command `docker rename` to use spf13/cobra
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 70f7ccb304f9246bc9c2bfe0e30d3a2bd8fd42f8
Component: engine
To implement seccomp for s390x the following changes are required:
1) seccomp_default: Add s390 compat mode
On s390x (64 bit) we can run s390 (32 bit) programs in 32 bit
compat mode. Therefore add this information to arches().
2) seccomp_default: Use correct flags parameter for sys_clone on s390x
On s390x the second parameter for the clone system call is the flags
parameter. On all other architectures it is the first one.
See kernel code kernel/fork.c:
#elif defined(CONFIG_CLONE_BACKWARDS2)
SYSCALL_DEFINE5(clone, unsigned long, newsp, unsigned long, clone_flags,
int __user *, parent_tidptr,
So fix the docker default seccomp rule and check for the second
parameter on s390/s390x.
3) seccomp_default: Add s390 specific syscalls
For s390 we currently have three additional system calls that should
be added to the seccomp whitelist:
- Other architectures can read/write unprivileged from/to PCI MMIO memory.
On s390 the instructions are privileged and therefore we need system
calls for that purpose:
* s390_pci_mmio_write()
* s390_pci_mmio_read()
- Runtime instrumentation:
* s390_runtime_instr()
4) test_integration: Do not run seccomp default profile test on s390x
The generated profile that we check in is for amd64 and i386
architectures and does not work correctly on s390x.
See also: 75385dc216e ("Do not run the seccomp tests that use
default.json on non x86 architectures")
5) Dockerfile.s390x: Add "seccomp" to DOCKER_BUILDTAGS
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Upstream-commit: bf2a577c131d8998eb6ecac986d80e1289e6c801
Component: engine
- Migrates network command and subcommands (connect, create, disconnect,
inspect, list and remove) to spf13/cobra
- Create a RequiredExactArgs helper function for command that require an
exact number of arguments.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 4bd202b00f7859ebeb4ba87511a0618ad08d0605
Component: engine
e.g.
```
$ docker run -i --restart always busybox sh
pwd
/
exit 11
<...hang...>
```
This is because Attach(daemon side) and Run(client side) both hangs on
WaitStop, if container is restarted too quickly, wait won't have chance
to get exit signal.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Upstream-commit: c498d4700df8216ccefd6d2f03b5ebe6d6e9fd47
Component: engine
This fix is part of the effort to convert commands to spf13/cobra #23211.
Thif fix coverted command `docker diff` to use spf13/cobra
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 5899afae52b10d2457848c6e62a7476835befef3
Component: engine
