[engine] Vendor swarmkit to 9edb625cfb4407da456cc7fc479db6d824fe81f3

Brings in these pull requests: - https://github.com/docker/swarmkit/pull/2224 - https://github.com/docker/swarmkit/pull/2268 - https://github.com/docker/swarmkit/pull/2263 Signed-off-by: Tibor Vass <tibor@docker.com>
2017-06-20 01:48:19 +00:00
parent 29fcd5dfae
commit 073d80bc46
5 changed files with 21 additions and 20 deletions
--- a/components/engine/vendor.conf
+++ b/components/engine/vendor.conf
@ -107,7 +107,7 @@ github.com/containerd/containerd cfb82a876ecc11b5ca0977d1733adbe58599088a
 github.com/tonistiigi/fifo 1405643975692217d6720f8b54aeee1bf2cd5cf4

 # cluster
-github.com/docker/swarmkit bf9b892c0b27bb3e13195bcef4d964fce2987bf1
+github.com/docker/swarmkit 9edb625cfb4407da456cc7fc479db6d824fe81f3
 github.com/gogo/protobuf v0.4
 github.com/cloudflare/cfssl 7fb22c8cba7ecaf98e4082d22d65800cf45e042a
 github.com/google/certificate-transparency d90e65c3a07988180c5b1ece71791c0b6506826e
--- a/components/engine/vendor/github.com/docker/swarmkit/ca/certificates.go
+++ b/components/engine/vendor/github.com/docker/swarmkit/ca/certificates.go
@ -887,7 +887,7 @@ func GetRemoteSignedCertificate(ctx context.Context, csr []byte, rootCAPool *x50
 			caClient = api.NewNodeCAClient(conn.ClientConn)

 		// If there was no deadline exceeded error, and the certificate was issued, return
-		case err == nil && statusResponse.Status.State == api.IssuanceStateIssued:
+		case err == nil && (statusResponse.Status.State == api.IssuanceStateIssued || statusResponse.Status.State == api.IssuanceStateRotate):
 			if statusResponse.Certificate == nil {
 				conn.Close(false)
 				return nil, errors.New("no certificate in CertificateStatus response")
--- a/components/engine/vendor/github.com/docker/swarmkit/manager/controlapi/cluster.go
+++ b/components/engine/vendor/github.com/docker/swarmkit/manager/controlapi/cluster.go
@ -247,6 +247,11 @@ func redactClusters(clusters []*api.Cluster) []*api.Cluster {
 		// Do not copy secret keys
 		redactedSpec := cluster.Spec.Copy()
 		redactedSpec.CAConfig.SigningCAKey = nil
+		// the cert is not a secret, but if API users get the cluster spec and then update,
+		// then because the cert is included but not the key, the user can get update errors
+		// or unintended consequences (such as telling swarm to forget about the key so long
+		// as there is a corresponding external CA)
+		redactedSpec.CAConfig.SigningCACert = nil

 		redactedRootCA := cluster.RootCA.Copy()
 		redactedRootCA.CAKey = nil
--- a/components/engine/vendor/github.com/docker/swarmkit/manager/scheduler/nodeset.go
+++ b/components/engine/vendor/github.com/docker/swarmkit/manager/scheduler/nodeset.go
@ -4,7 +4,6 @@ import (
 	"container/heap"
 	"errors"
 	"strings"
-	"time"

 	"github.com/docker/swarmkit/api"
 	"github.com/docker/swarmkit/manager/constraint"
@ -32,16 +31,6 @@ func (ns *nodeSet) nodeInfo(nodeID string) (NodeInfo, error) {
 // addOrUpdateNode sets the number of tasks for a given node. It adds the node
 // to the set if it wasn't already tracked.
 func (ns *nodeSet) addOrUpdateNode(n NodeInfo) {
-	if n.Tasks == nil {
-		n.Tasks = make(map[string]*api.Task)
-	}
-	if n.ActiveTasksCountByService == nil {
-		n.ActiveTasksCountByService = make(map[string]int)
-	}
-	if n.recentFailures == nil {
-		n.recentFailures = make(map[string][]time.Time)
-	}
-
 	ns.nodes[n.ID] = n
 }

--- a/components/engine/vendor/github.com/docker/swarmkit/manager/scheduler/scheduler.go
+++ b/components/engine/vendor/github.com/docker/swarmkit/manager/scheduler/scheduler.go
@ -296,19 +296,26 @@ func (s *Scheduler) deleteTask(ctx context.Context, t *api.Task) bool {
 }

 func (s *Scheduler) createOrUpdateNode(n *api.Node) {
-	nodeInfo, _ := s.nodeSet.nodeInfo(n.ID)
+	nodeInfo, nodeInfoErr := s.nodeSet.nodeInfo(n.ID)
 	var resources api.Resources
 	if n.Description != nil && n.Description.Resources != nil {
 		resources = *n.Description.Resources
 		// reconcile resources by looping over all tasks in this node
-		for _, task := range nodeInfo.Tasks {
-			reservations := taskReservations(task.Spec)
-			resources.MemoryBytes -= reservations.MemoryBytes
-			resources.NanoCPUs -= reservations.NanoCPUs
+		if nodeInfoErr == nil {
+			for _, task := range nodeInfo.Tasks {
+				reservations := taskReservations(task.Spec)
+				resources.MemoryBytes -= reservations.MemoryBytes
+				resources.NanoCPUs -= reservations.NanoCPUs
+			}
 		}
 	}
-	nodeInfo.Node = n
-	nodeInfo.AvailableResources = resources
+
+	if nodeInfoErr != nil {
+		nodeInfo = newNodeInfo(n, nil, resources)
+	} else {
+		nodeInfo.Node = n
+		nodeInfo.AvailableResources = resources
+	}
 	s.nodeSet.addOrUpdateNode(nodeInfo)
 }