The absence of the file /proc/sys/net/ipv6/conf/all/disable_ipv6
doesn't appear to affect functionality, at least at this time.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: d58c4cbe6c781c78db352db2956e9949b8fc8609
Component: engine
Bump libnetwork to 3ac297bc7fd0afec9051bbb47024c9bc1d75bf5b in order to
get fix 0c3d9f00 which addresses a flaw that the scalable load balancing
code revealed. Attempting to print sandbox IDs where the sandbox name
was too short results in a goroutine panic. This can occur with
sandboxes with names of 1 or 2 characters in the previous code. But due
to naming updates in the scalable load balancing code, it could now
occur for networks whose name was 3 characters and at least one of the
integration tests employed such networks (named 'foo', 'bar' and 'baz').
This update also brings in several changes as well:
* 6c7c6017 - Fix error handling about bridgeSetup
* 5ed38221 - Optimize networkDB queue
* cfa9afdb - ndots: produce error on negative numbers
* 5586e226 - improve error message for invalid ndots number
* 449672e5 - Allows to set generic knobs on the Sandbox
* 6b4c4af7 - do not ignore user-provided "ndots:0" option
* 843a0e42 - Adjust corner case for reconnect logic
Signed-off-by: Chris Telfer <ctelfer@docker.com>
Upstream-commit: 0e162d992394d9216f590176991d33ff48ef3389
Component: engine
Bump libnetwork to b0186632522c68f4e1222c4f6d7dbe518882024f. This
includes the following changes:
* Dockerize protocol buffer generation and update (78d9390a..e12dd44c)
* Use new plugin interfaces provided by plugin pkg (be94e134)
* Improve linux load-balancing scalability (5111c24e..366b9110)
Signed-off-by: Chris Telfer <ctelfer@docker.com>
Upstream-commit: 92335eaef12fb0fb86e5e7503f88b8873a9fa973
Component: engine
Bump libnetwork to 430c00a6a6b3dfdd774f21e1abd4ad6b0216c629. This
includes the following moby-affecting changes:
* Update vendoring for go-sockaddr (8df9f31a)
* Fix inconsistent subnet allocation by preventing allocation of
overlapping subnets (8579c5d2)
* Handle IPv6 literals correctly in port bindings (474fcaf4)
* Update vendoring for miekg/dns (8f307ac8)
* Avoid subnet reallocation until required (9756ff7ed)
* Bump libnetwork build to use go version 1.10.2 (603d2c1a)
* Unwrap error type returned by PluginGetter (aacec8e1)
* Update vendored components to match moby (d768021dd)
* Add retry field to cluster-peers probe (dbbd06a7)
* Fix net driver response loss on createEndpoint (1ab6e506)
(fixes https://github.com/docker/for-linux/issues/348)
Signed-off-by: Chris Telfer <ctelfer@docker.com>
Upstream-commit: f155f828a26cfb3ee0dd8ca48bd2c702c9032b0b
Component: engine
Updates swarmkit, grpc, and all related vendors
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Upstream-commit: 52ed3e0896c203013388a3eb603658f345a9d80a
Component: engine
Changes included:
- libnetwork#2147 Adding logs for ipam state
- libnetwork#2143 Fix race conditions in the overlay network driver
- possibly addresses moby#36743 services do not start: ingress-sbox is already present
- possibly addresses moby#30427 Flaky Test: TestSwarmPublishDuplicatePorts on s390
- possibly addresses moby#36501 Flaky tests: Service "port" tests
- libnetwork#2142 Add wait time into xtables lock warning
- libnetwork#2135 filter xtables lock warnings when firewalld is active
- libnetwork#2140 Switch from x/net/context to context
- libnetwork#2134 Adding a recovery mechanism for a split gossip cluster
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 158ab95c17bed9e849e0d935899b75018cdf61a4
Component: engine
vendored distribution is quite old, and current distribution contains an
API break, which means it's not possible to vendor a bugfixed
distribution and a docker/docker at the same time.
Signed-off-by: Mike Lundy <mike@fluffypenguin.org>
Upstream-commit: 07ffa1cea9d995a7ab55793b5b08758c38fec3f0
Component: engine
Updates swarmkit to 33d06bf5189881b4d1e371b5571f4d3acf832816, to bring in
docker/swarmkit#2610 (Don't use wrappers for grpc metadata)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: b18f7033b2644c0246345bb5747a5436568b1a71
Component: engine
Full diff
5c1218c956...c15b372ef2
Fixes a panic on concurrent read/write to a map.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 248aed5766ba330ab8cb2b10b03b6ce57dc64283
Component: engine
* libnetwork#2121: Retry other external DNS servers on ServFail
* libnetwork#2125: Fix README flag and expose orphan network peers
* libnetwork#2126: Adding goreport card
* libnetwork#2130: Modify awk to use cut in check_ip_overlap
* libnetwork#2117: [Carry 1534] Improve scalabiltiy of bridge network isolation rules
Full changes: 2bf63300c5...5c1218c956
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Upstream-commit: b159da19734269c4a162763ebfa28dff07b703f3
Component: engine
Changes included:
- Ingress network should not be attachable
- [manager/state] Add fernet as an option for raft encryption
- Log GRPC server errors
- Log leadership changes at manager level
- [state/raft] Increase raft ElectionTick to 10xHeartbeatTick
- Remove the containerd executor
- agent: backoff session when no remotes are available
- [ca/manager] Remove root CA key encryption support entirely
- Fix agent logging race (fixes https://github.com/docker/swarmkit/issues/2576)
- Adding logic to restore networks in order
Also adds github.com/fernet/fernet-go as a new dependency
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 27749659d5a30999691e401a351221780a483099
Component: engine
This patch allows endpoints to complete servicing connections while
being removed from a service. The fix is entirely within libnetwork
and requires no changes to the moby codebase proper. It operates
by initially down-weighting a container endpoint in the load balancer
to 0 while keeping the endpoint present in the load balancer. This
allows traffic to continue to flow to the endpoint while preventing new
connections from going to the endpoint. This allows the container
to complete requests during the "stop_grace_period" and then exit when
finished without interruption of service.
This change requires propagating the status of disabled service
endpoints via the networkDB. Accordingly, the patch includes both code
to generate and handle service update messages. It also augments the
service structure with a ServiceDisabled boolean to convey whether an
endpoint should ultimately be removed or just disabled. This,
naturally, required a rebuild of the protocol buffer code.
The protocol buffer encoding is designed to support additions of fields
to messages in a backwards-compatible manner. Protocol buffer
unmarshalling code automatically skips past any fields that it isn't
aware of. As a result, an older moby daemon without this fix can
receive and will process correctly networkDB messages from newer moby
daemons with this patch.
As it turns out, the additional field is simply a bool that is otherwise
irrelevent on networkDB create and delete events. So its absence in
older moby daemon processing has no impact. However, the fix leverages
the "update" networkDB message which was previously unused in
libnetwork. Although older libnetwork implementations parse the message
cleanly, they will see the message as unexpected and as such issue a log
at error level indicating the receipt of such.
Other than this there should be no other negative impact for use of this
patch in mixed environments. (Although older mobys won't be able to
gracefully downgrade connections on their nodes of course.)
Signed-off-by: Chris Telfer <ctelfer@docker.com>
Upstream-commit: 50dbdeff9fd186bb0e9926996436e1f56529a831
Component: engine
Update libnetwork to 1b91bc94094ecfdae41daa465cc0c8df37dfb3dd to bring in a fix
for stale HNS endpoints on Windows:
When Windows Server 2016 is restarted with the Docker service running, it is
possible for endpoints to be deleted from the libnetwork store without being
deleted from HNS. This does not occur if the Docker service is stopped cleanly
first, or forcibly terminated (since the endpoints still exist in both). This
change works around the issue by removing any stale HNS endpoints for a network
when creating it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: fb364f07468e94226250a1e77579ee6117c64be2
Component: engine
This updates libnetwork to 8892d7537c67232591f1f3af60587e3e77e61d41 to bring in
IPAM fixes for duplicate IP addresses.
- IPAM tests (libnetwork PR 2104) (no changes in vendored files)
- Fix for Duplicate IP issues (libnetwork PR 2105)
Also bump golang/x/sync to match libnetwork (no code-changes, other
than the README being updated)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 55e0fe24db68b16edccb2fa49c3b1b9d3a9ce58c
Component: engine
This PR prevents automatic removal of the load balancing sandbox
endpoint when the endpoint is the last one in the network but
the network is marked as ingress.
Signed-off-by: Chris Telfer <ctelfer@docker.com>
Upstream-commit: bebad150c9c3bc6eb63758c10ef24b9298ecf6e2
Component: engine
- Replace EC Private Key with PKCS#8 PEMs
- Fix IP overlap with empty EndpointSpec
- Add support for Support SCTP port mapping (depends on changes in libnetwork)
- [orchestrator/updater] Do not reschedule tasks if only placement constraints change and are satisfied by the assigned node
- Ensure task reaper stopChan is closed no more than once
- [manager/dispatcher] Synchronization fixes
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 191324b8f1e1a2b2dbe692f869bfbf525d150ade
Component: engine
Revendor swarmkit to 713d79dc8799b33465c58ed120b870c52eb5eb4f to include
https://github.com/docker/swarmkit/pull/2473.
Signed-off-by: Marcus Martins <marcus@docker.com>
Upstream-commit: af73d31e60fd5c26d58bb8275785e628c3febdc0
Component: engine
- removed support for Solaris
- networkdb fixed race on node management
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
Upstream-commit: 2e5d5c1d325662ac56de4772e4e1fe3a9c7a2d19
Component: engine
Fix for networkDB garbage collection (PR: https://github.com/docker/libnetwork/pull/1944)
Added extra logs to monitor the netowrkDB status and number of entries per network
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
Upstream-commit: 04043428ea5ce679618aec2007b77ac51d0b6af0
Component: engine
