Move plugins to shared distribution stack with images.
Create immutable plugin config that matches schema2 requirements.
Ensure data being pushed is same as pulled/created.
Store distribution artifacts in a blobstore.
Run init layer setup for every plugin start.
Fix breakouts from unsafe file accesses.
Add support for `docker plugin install --alias`
Uses normalized references for default names to avoid collisions when using default hosts/tags.
Some refactoring of the plugin manager to support the change, like removing the singleton manager and adding manager config struct.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Upstream-commit: 3d86b0c79b16334ce5836c0315e4c310b84c2e17
Component: engine
Also updates some of the structures being sent so plugins are getting
all the new options.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 677fa03654886ee776ff478c30681d5376cfc196
Component: engine
Ensures all known volumes (known b/c they are persisted to disk) have
their volume drivers refcounted properly.
In testing this, I found an issue with `--live-restore` (required since
currently the provided volume plugin doesn't keep state on restart)
where restorted plugins did not have a plugin client loaded causing a
panic when trying to use the plugin.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 6ef1060cd0acb847e06db890abb335faa837a9e2
Component: engine
This fix is a follow up to #29365. In #29365 a bug was fixed for
`docker exec -u user` after live restore by remounting.
However, #29365 will prevent containers from restored if mount failed.
In this fix, containers will be restored even if mount in that step failed.
Some functionalities might be missing (like `docker exec -u user`) but
at least it is possible to do certain operations like stop/restart/delete.
This fix is related to #29365.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 3003ae1d8bd112e78bcc8c1c70efd9d3ef6f0ddc
Component: engine
This fix tries to address the issue raised in 29342 where
`docker exec -u` after docker daemon restart returns an error:
```
unable to find user test: no matching entries in passwd file
```
The reason was that `container.BaseFS` is not present after restart.
This fix adds the `daemon.Mount` during the restore to bring up the
`container.BaseFS`.
An integration test has been added to cover the changes.
This fix fixes 29342.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 7feb2a17e4b9d1a5305a8a44004e916b79cbdd97
Component: engine
In certain cases (unattended upgrades), system services can disable
loaded AppArmor profiles. However, since /etc being read-only is a
supported setup we cannot just write a copy of the profile to
/etc/apparmor.d.
Instead, dynamically load the docker-default AppArmor profile if a
container is started with that profile set. This code will short-cut if
the profile is already loaded.
Fixes: 2f7596aaef3a ("apparmor: do not save profile to /etc/apparmor.d")
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Upstream-commit: 567ef8e7858ca4f282f598ba1f5a951cbad39e83
Component: engine
This ensures that graphdriver plugins can properly cleanup on daemon
exit.
Also prevents errors during shutdown when it tries to send the plugin a
`Cleanup()` request but ultimately times out since it's already been
shutdown.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 4b400ecc4df4bcf245f1f751a7fd0c9c193d9dbf
Component: engine
Currently the plugin initialization is too late for a loaded v2 plugin
to be usable as a graph driver.
This moves the initialization up before we create the graph driver.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 020b051dfb92edcb1e43cee77c881dd3e15481c0
Component: engine
Dump stack dumps to exec root instead of daemon root.
When no path is provided to the stack dumper, such is the case with
SIGQUIT, dump to stderr.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 0bd720b28dc7b416fe2193bdafaca011ec24d032
Component: engine
This fix tries to fix logrus formatting by removing `f` from
`logrus.[Error|Warn|Debug|Fatal|Panic|Info]f` when formatting string
is not present.
Fixed issue #23459
Signed-off-by: Daehyeok Mun <daehyeok@gmail.com>
Upstream-commit: fa710e504b0e3e51d4031790c18621b02dcd2600
Component: engine
This adds a metrics packages that creates additional metrics. Add the
metrics endpoint to the docker api server under `/metrics`.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Add metrics to daemon package
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
api: use standard way for metrics route
Also add "type" query parameter
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Convert timers to ms
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 3343d234f3b131d4be1d4ca84385e184633a79bd
Component: engine
This fix tries to add a daemon config parameter `--shutdown-timeout`
that specifies the timeout value to stop containers gracefully
(before SIGKILL). The default value is 15s.
The `--shutdown-timeout` parameter is added to daemon options and
config file. It will also be updated during daemon reload.
Additional test cases have been added to cover the change.
This fix fixes#22471.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: d7be6b2debb653739a32cfcb7c333ca062f62be0
Component: engine
This fix tries to add a flag `--stop-timeout` to specify the timeout value
(in seconds) for the container to stop before SIGKILL is issued. If stop timeout
is not specified then the default timeout (10s) is used.
Additional test cases have been added to cover the change.
This fix is related to #22471. Another pull request will add `--shutdown-timeout`
to daemon for #22471.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: e66d2108911a2fad016205bdd6bf181f7e822c1c
Component: engine
Also, do not shadow err with :=
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 44c280afbf27534dffdbc9c462692e4d2d3cc99a
Component: engine
