This change adds the ability to do --tail and --since on docker service
logs. It wires up the API endpoints to each other and fixes some older
bugs. It adds integration tests for these new features.
Signed-off-by: Drew Erny <drew.erny@docker.com>
Upstream-commit: 8dc437bd9b474c24a2cf802c2779dace2f91194a
Component: engine
Right now getting logs from a service with an attached TTY does not
work. The behavior was undefined and caused the command to hang and
strange messages to occur in the daemon logs.
This returns errors, both deep in the swarmkit adapter (to guard against
undefined behavior, which is Bad) and in the daemon (to tell users that
the thing they're asking for is not possible).
Signed-off-by: Drew Erny <drew.erny@docker.com>
Upstream-commit: 37ae1ef0ffcf8605daeaf41440da774370377a6d
Component: engine
I found that sometimes tasks would end up in a rejected state when
trying to update them quickly. The problem was that Shutdown could fail
if called before the container was started. Instead of returning an
error in this case, Shutdown should succeed. This allows tasks to
progress to the "shutdown" state as expected.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 37b492ae1b2ba5f84cd0b795dbc68804d7b2fec5
Component: engine
This fix tries to address the issue raised in 25696 where
it was not possible to specify `--stop-signal` for `docker service create`
and `docker service update`, in order to use special signal to stop
the container.
This fix adds `--stop-signal` and update the `StopSignal` in `Config`
through `service create` and `service update`.
Related docs has been updated.
Integration test has been added.
This fix fixes 25696.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: c2d49ec214649b0025f7060429334893350fbaee
Component: engine
Remove forked reference package. Use normalized named values
everywhere and familiar functions to convert back to familiar
strings for UX and storage compatibility.
Enforce that the source repository in the distribution metadata
is always a normalized string, ignore invalid values which are not.
Update distribution tests to use normalized values.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 3a1279393faf78632bf169619d407e584da84b66
Component: engine
While it is important to not create controllers for an invalid task,
certain properties should only be checked immediately before use. Early
host validation of mounts prevents resolution of the task Executor when
the mounts are not relevant to execution flow. In this case, we have a
check for the existence of a bind mount path in a creation function that
prevents a task controller from being resolved. Such early validation
prevents one from interacting directly with a controller and result in
unnecessary error reporting.
In accordance with the above, we move the validation of the existence of
host bind mount paths to the `Controller.Start` phase. We also call
these "checks", as they are valid mounts but reference non-existent
paths.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Upstream-commit: 92899ffac8ca1136e807dd234e8fa1dd49db7801
Component: engine
This fix tries to address the issue raised in 29972 where
it was not possible to specify `--read-only` for `docker service create`
and `docker service update`, in order to have the container's root file
system to be read only.
This fix adds `--read-only` and update the `ReadonlyRootfs` in `HostConfig`
through `service create` and `service update`.
Related docs has been updated.
Integration test has been added.
This fix fixes 29972.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 499a0dd43e50c6f253f8890f5c54ae99675b1e7e
Component: engine
This fix tries to address the issue raised in 30178 where
service healthcheck is `{}` in remote API will result in
dns resolve failue.
The reason was that when service healthcheck is `{}`,
service binding was not done.
This fix fixes the issue.
An integration test has been added.
This fix fixes 30178.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 8feb5c5a48eaadc1686e3b370f7ef9be128dd3cb
Component: engine
This fix adds `--filter enabled=true` to `docker plugin ls`,
as was specified in 28624.
The related API and docs has been updated.
An integration test has been added.
This fix fixes 28624.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: a66e0dc349dad2d45685846a95fe1d6da967a46d
Component: engine
Update swarmkit to 037b491.
As swarmkit switched to a newer gRPC version, this also involves
updating Docker's vendored gRPC, which in turn requires updating
containerd to a new version that has protobufs generated against this
gRPC version.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 3e987e1732ee5c51e95934afabba3fedfd16c4af
Component: engine
The `digest` data type, used throughout docker for image verification
and identity, has been broken out into `opencontainers/go-digest`. This
PR updates the dependencies and moves uses over to the new type.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Upstream-commit: 7a855799175b6b984886ef1cfa337d6df1d4c668
Component: engine
Signed-off-by: Ke Li <kel@splunk.com>
Add missing changes
Signed-off-by: Ke Li <kel@splunk.com>
User errors.New to create error
Signed-off-by: Ke Li <kel@splunk.com>
Upstream-commit: 514adcf4580effa4820be8d5e6d2c0ea9825ceb2
Component: engine
Move plugins to shared distribution stack with images.
Create immutable plugin config that matches schema2 requirements.
Ensure data being pushed is same as pulled/created.
Store distribution artifacts in a blobstore.
Run init layer setup for every plugin start.
Fix breakouts from unsafe file accesses.
Add support for `docker plugin install --alias`
Uses normalized references for default names to avoid collisions when using default hosts/tags.
Some refactoring of the plugin manager to support the change, like removing the singleton manager and adding manager config struct.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Upstream-commit: 3d86b0c79b16334ce5836c0315e4c310b84c2e17
Component: engine
This fix tries to fix the issue raised in 29044 where
the IPAM options is missing in swarm network mode
after the service is deployed. Before the service
is deployed, the IPAM options is available.
The reason for the issue is that, before service is
deployed, `network inspect` is querying the swarm and
obtained the correct information.
However, after service is deployed, swarm executor
does not pass the IPAM options to the backend (daemon).
Also after service is deployed, `network inspect` is
actually querying the local daemon for information.
At this time the network information with missing IPAM
options is returned.
This fix fixes the issue by updating the swarm network
allocator and swarm executor.
A separate PR for swarmkit will be opened.
An integration test has been added to cover the change.
This fix fixes 29044.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 4d958e99c178f7cd4196ed901c2834ae13f0f7d0
Component: engine
Validation is still done by swarmkit on the service side.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: ef39256dfb711f8382a5c021b85d6c7d613282b0
Component: engine
If a swarm service is created using an image ID, it's useless to try to
pull this reference or resolve it to a manifest digest. Avoid doing this
when a fully qualified image ID is given.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 089842c4b47c262187b0b1a8d6d124f3faa03752
Component: engine
Instead of converting nicely typed service mounts into untyped `Binds`
when creating containers, use the new `Mounts` API which is a 1-1
mapping between service mounts and container mounts.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 821aeb6a6f72f070ae045cb7813759cbbaba7bda
Component: engine
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
use secret store interface instead of embedded secret data into container
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
Upstream-commit: bebd472e40cae91b548e983872a2665a5836ba43
Component: engine
Add api/cli support for adding host port PublishMode in services.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Upstream-commit: 14ac9f60d0174256e0713701ebffaf5ca827da71
Component: engine
Add flag `--host` to `service create` and `--host-add/rm` to `service update`
Upstream-commit: bed96ce922da5fa9df98b826ff0e4ad4bf375a31
Component: engine
If the image reference in the spec uses a digest, and an image with that
digest already exists locally, avoid an unnecessary repull.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: f69e5c18ac1186af96a75918fc60f0b8e5ae7675
Component: engine
Plumbed the executor to the container logs backend.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Upstream-commit: 0ec68657139f029e2740780a58e0019df0e42b6a
Component: engine
This fix tries to address 27902 by adding a flag `--host`
to `docker service create` and `--host-add/--host-rm` to
`docker service update`, so that it is possible to
specify extra `host:ip` settings in `/etc/hosts`.
This fix adds `Hosts` in swarmkit's `ContainerSpec` so that it
is possible to specify extra hosts during service creation.
Related docs has been updated.
An integration test has been added.
This fix fixes 27902.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: ea9a23ccdbd3a861e4cfa3441482b448fd1c17a5
Component: engine
Pass the hostname from ContainerSpec to the actual container.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: d0117238fa74ea75cdec7b9205620c59bafc4508
Component: engine
Wire templating support of swarmkit for the engine, in order to be used
through services.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 6212ea669b4e92b3aa3985857f827ee9b95271fd
Component: engine
- use Filters instead of Filter for secret list
- UID, GID -> string
- getSecrets -> getSecretsByName
- updated test case for secrets with better source
- use golang.org/x/context instead of context
- for grpc conversion allocate with make
- check for nil with task.Spec.GetContainer()
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
Upstream-commit: b2e4c7f3b5b30fc6940768ec41836d708a48b463
Component: engine
- use /secrets for swarm secret create route
- do not specify omitempty for secret and secret reference
- simplify lookup for secret ids
- do not use pointer for secret grpc conversion
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
Upstream-commit: 189f89301e0abfee32447f2ca23dacd3a96de06d
Component: engine
- fix lint issues
- use errors pkg for wrapping errors
- cleanup on error when setting up secrets mount
- fix erroneous import
- remove unneeded switch for secret reference mode
- return single mount for secrets instead of slice
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
Upstream-commit: 857e60c2f943a09e3ec0ac0f236821b797935900
Component: engine
