As is specified in 28018, it would be useful to know the manager's addresses
even in a worker node. This is especially useful when there are many
worker nodes in a big cluster.
The information is available in `info.Swarm.RemoteManagers`.
This fix add the information of `Manager Addresses` to the output
of `docker info`, to explicitly show it.
A test has been added for this fix.
This fix fixes 28018.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 828bd441eb828072044175f3e6867c7218e434c5
Component: engine
Add api/cli support for adding host port PublishMode in services.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Upstream-commit: 14ac9f60d0174256e0713701ebffaf5ca827da71
Component: engine
Add flag `--host` to `service create` and `--host-add/rm` to `service update`
Upstream-commit: bed96ce922da5fa9df98b826ff0e4ad4bf375a31
Component: engine
This fix tries to address 27902 by adding a flag `--host`
to `docker service create` and `--host-add/--host-rm` to
`docker service update`, so that it is possible to
specify extra `host:ip` settings in `/etc/hosts`.
This fix adds `Hosts` in swarmkit's `ContainerSpec` so that it
is possible to specify extra hosts during service creation.
Related docs has been updated.
An integration test has been added.
This fix fixes 27902.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: ea9a23ccdbd3a861e4cfa3441482b448fd1c17a5
Component: engine
Wire templating support of swarmkit for the engine, in order to be used
through services.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 6212ea669b4e92b3aa3985857f827ee9b95271fd
Component: engine
This fix is a follow up to #27567 based on:
https://github.com/docker/docker/pull/27567#issuecomment-259295055
In #27567, `--dns-options` has been added to `service create/update`,
together with `--dns` and `--dns-search`. The `--dns-opt` was used
in `docker run`.
This fix add `--dns-option` (not `--dns-options`) to `docker run/create`, and hide
`--dns-opt`. It is still possible to use `--dns-opt` with
`docker run/create`, though it will not show up in help output.
This fix change `--dns-options`to --dns-option` for `docker service create`
and `docker service update`.
This fix also updates the docs and bash/zsh completion scripts.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 9b6b3c2076911ea0a510548943180ac9d1b8c286
Component: engine
This fix adds `--dns-add`, `--dns-rm`, `--dns-opt-add`, `--dns-opt-rm`,
`--dns-search-add` and `--dns-search-rm` to `service update`.
An integration test and a unit test have been added to cover the changes in this fix.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: a39c0cf00780c021e98f638ab7edf151a8adb789
Component: engine
This fix tries to fix the issue raised in 24391 about allowing
custom DNS settings to service definition.
This fix adds `DNSConfig` (`Nameservers`, `Options`, `Search`) to
service definition, as well as `--dns`, `--dns-opt`, and `dns-search`
to `service create`.
An integration test has been added to cover the changes in this fix.
This fix fixes 24391.
A PR in swarmkit will be created separately.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 9e8adbecf505620a1cb3a840189b59450493a00b
Component: engine
This fix tries to add `--tty` to `docker service create/update`. As was
specified in 25644, `TTY` flag has been added to SwarmKit and is
already vendored.
This fix add `--tty` to `docker service create/update`.
Related document has been updated.
Additional integration tests has been added.
This fix fixes 25644.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 599be5a551bbadf23d76677c7d54c338901781f6
Component: engine
When a container is attached to an "--attachable" network, it strictly
forms the attacherKey using either the network-id or network-name
because at the time of attachment, the daemon may not have the network
downloaded locally from the manager. Hence, when the NetworkDettach is
called, it should use either network-name or network-id. This fix
addresses the missing network-id based dettachment case.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: 5f17e0f6c91b36a8f33d1efa1be879d6eb80132f
Component: engine
When a container is run on a --attachable network, the endpoint
configs passed by the user were incorrectly overwritten.
Copy the relevant configs instead of overwriting the entire configs.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: c5dd4d70c6ea3371d61409112a45c0573280111d
Component: engine
--group-add was used for specifying groups for both service create
and service update. For create it was confusing since we don't have
an existing set of groups. Instead I added --group to create, and
moved --group-add to service update only, like --group-rm
This deals with issue 27646
Signed-off-by: Lily Guo <lily.guo@docker.com>
Update flag documentation
Specify that --group, --group-add and --groupd-rm refers to
supplementary user groups
Signed-off-by: Lily Guo <lily.guo@docker.com>
Fix docs for groups and update completion scripts
Signed-off-by: Lily Guo <lily.guo@docker.com>
Upstream-commit: 2f58494ae6e796325329f849cf547bcf94bb68e3
Component: engine
This fix tries to address the issue in 24712 and add
`--env-file` file to `docker create service`.
Related documentation has been updated.
An additional integration has been added.
This fix fixes 24712.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: ee3105c68a94411f2c019324bd71c56e9663a80d
Component: engine
This adds support for two enhancements to swarm service rolling updates:
- Failure thresholds: In Docker 1.12, a service update could be set up
to either pause or continue after a single failure occurs. This adds
an --update-max-failure-ratio flag that controls how many tasks need to
fail to update for the update as a whole to be considered a failure. A
counterpart flag, --update-monitor, controls how long to monitor each
task for a failure after starting it during the update.
- Rollback flag: service update --rollback reverts the service to its
previous version. If a service update encounters task failures, or
fails to function properly for some other reason, the user can roll back
the update.
SwarmKit also has the ability to roll back updates automatically after
hitting the failure thresholds, but we've decided not to expose this in
the Docker API/CLI for now, favoring a workflow where the decision to
roll back is always made by an admin. Depending on user feedback, we may
add a "rollback" option to --update-failure-action in the future.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 6d4b527699b3e95d21d79f6b327252a6cdaca5b0
Component: engine
As of https://github.com/docker/swarmkit/pull/1607, swarmkit honors
global network plugins while allocating network resources.
This IT covers the e2e integration between libnetwork, swarmkit and
docker engine to support global network-plugins for swarm-mode
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: af185a380697433aef01aac0259f814ef9c42d43
Component: engine
This makes it easier to list containers that are part of a task
(swarm mode) and those who are not.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 5280ba83e55b94b9d4973a15381e18eb10920233
Component: engine
This fix tries to address the issue related to 24108 and 24790, and
also the case from 24620#issuecomment-233715656
The reason for the failure case in the above mentioned issues is that
currently Task names are actually indexed by Service Name
(`e.ServiceAnnotations.Name`)
To fix it, a pull request in swarmkit (swarmkit/pull/1193) has been
opened separately.
This fix adds the integration tests for the above mentioned issues.
Swarmkit revendoring is needed to completely fix the issues.
This fix fixes 24108.
This fix fixes 24790.
This fix is related to 24620.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: f676fc93c3791f72938a6be9c7517ac620c02d1c
Component: engine
This fix tries to address the issue raised in 24538
where the error message is unclear when removing pre-defined networks:
```
docker network rm ingress
Error response from daemon: rpc error: code = 7 desc = 4vlxuzpk8bxdsxpyvkxluol5g is a pre-defined network and cannot be removed
```
This fix improve the error message so that if network's name is specified
in the `RemoveNetwork`, then error message will contain the name and the ID
(instead of just an ID):
```
docker network rm ingress
Error response from daemon: rpc error: code = 7 desc = ingress (4vlxuzpk8bxdsxpyvkxluol5g) is a pre-defined network and cannot be removed
```
An integration test has been added to cover the changes.
This fix fixes 24538.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: de4871165b43ec813940858a1c96ab6bb1fbd776
Component: engine
The swarm scope network connected containers with autostart enabled
there was a dependency problem with the cluster to be initialized before
we can autostart them. With the current container restart code happening
before cluster init, these containers were not getting autostarted
properly. Added a fix to delay the container start of those containers
which has atleast one swarm scope endpoint to until after the cluster is
initialized.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Upstream-commit: c9fb551d60584ac4ad01561e2f56b7b7cc9483b9
Component: engine
This moves the types for the `engine-api` repo to the existing types
package.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 91e197d614547f0202e6ae9b8a24d88ee131d950
Component: engine
This fix tries to address the issue raised in 25304 to support
`--group-add` and `--group-rm` in `docker service create`.
This fix adds `--group-add` to `docker service create` and `docker service update`,
adds `--group-rm` to `docker service update`.
This fix updates docs for `docker service create` and `docker service update`:
1. Add `--group-add` to `docker service create` and `docker service update`
2. Add `--group-rm` to `docker service update`
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: b31969ee365f582eb71a7962af9638d79380cd54
Component: engine
This fix tries to address the issue raised in 25375 where
`service update --publish-add` returns an error if the exact
same value is repeated (idempotent).
This fix use a map to filter out repeated port configs so
that `--publish-add` does not error out.
An integration test has been added.
This fix fixes 25375.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: b487497cd2d7586fd7e10affdcc514ca6b7884f6
Component: engine
Rather than conflict with the unexposed task model, change the names of
the object-oriented task display to `docker <object> ps`. The command
works identically to `docker service tasks`. This change is superficial.
This provides a more sensical docker experience while not trampling on
the task model that may be introduced as a top-level command at a later
date.
The following is an example of the display using `docker service ps`
with a service named `condescending_cori`:
```
$ docker service ps condescending_cori
ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE
e2cd9vqb62qjk38lw65uoffd2 condescending_cori.1 condescending_cori alpine Running 13 minutes ago Running 6c6d232a5d0e
```
The following shows the output for the node on which the command is
running:
```console
$ docker node ps self
ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE
b1tpbi43k1ibevg2e94bmqo0s mad_kalam.1 mad_kalam apline Accepted 2 seconds ago Accepted 6c6d232a5d0e
e2cd9vqb62qjk38lw65uoffd2 condescending_cori.1 condescending_cori alpine Running 12 minutes ago Running 6c6d232a5d0e
4x609m5o0qyn0kgpzvf0ad8x5 furious_davinci.1 furious_davinci redis Running 32 minutes ago Running 6c6d232a5d0e
```
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Upstream-commit: 0aa4e1e68973ede0c73f8a4356e2a17fc903f549
Component: engine
This is an attempt to fix the flaky test of TestSwarmNodeTaskListFilter in 25029.
Basically this fix adds a check to wait until 3 containers has already up,
before processing `node tasks ...`.
This might fix 25029.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 63c0366bc9a7f326ad61cdfa69fa860cf844a2c7
Component: engine
Remove the swarm inspect command and use docker info instead to display
swarm information if the current node is a manager.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: e6923f6d75c2bd1b22cc1229214ffceca3251cc6
Component: engine
Implement the proposal from
https://github.com/docker/docker/issues/24430#issuecomment-233100121
Removes acceptance policy and secret in favor of an automatically
generated join token that combines the secret, CA hash, and
manager/worker role into a single opaque string.
Adds a docker swarm join-token subcommand to inspect and rotate the
tokens.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 2cc5bd33eef038bf5721582e2410ba459bb656e9
Component: engine
This fix is an extension to last commit to expand the partial
filter to node and task searches.
Additional integration tests have been added to cover the changes.
This fix fixes 24270.
This fix fixes 24112.
Note: A separate pull request will be opened on swarmkit.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: e734fa58eadb4dfaa33b4be275d6f8f29d899e78
Component: engine
This fix tries to address the issue raised in 24270 where it was
not possible to have a partial name match when list services
with name filter.
This fix updates swarmkit and allows prefix search when name is
provided as the filter for listing services.
An additional integration test is added to cover the changes.
This fix fixes 24270.
Note: A separate pull request will be opened on swarmkit.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 1d600ebcb5750c4c93356fae08e562d836ecee45
Component: engine
The current behavior of `docker swarm init` is to set up a swarm that
has no secret for joining, and does not require manual acceptance for
workers. Since workers may sometimes receive sensitive data such as pull
credentials, it makes sense to harden the defaults.
This change makes `docker swarm init` generate a random secret if none
is provided, and print it to the terminal. This secret will be needed to
join workers or managers to the swarm. In addition to improving access
control to the cluster, this setup removes an avenue for
denial-of-service attacks, since the secret is necessary to even create
an entry in the node list.
`docker swarm init --secret ""` will set up a swarm without a secret,
matching the old behavior. `docker swarm update --secret ""` removes the
automatically generated secret after `docker swarm init`.
Closes#23785
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 7342e42fcecbc243bcb8723b8422879662452017
Component: engine
This fix tries to address an issue raised in #24090 where
the title field of `docker node ls` use NAME instead of
HOSTNAME. Yet the content of this field is actually
hostname.
The fix makes needed changes for the output of
`docker node ls`.
An additional test has been added to cover the change in
this fix.
This fix fixes#24090.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 4bc91ceeb750db6a6270b2f1821cb0b2f30117fc
Component: engine
Add api side validation and defaults for init and
join requests.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: fb3eb1c27ef5520571c599ead8a72b343748db39
Component: engine
