From a01023929b9eb51ea781f33dc881fef905470693 Mon Sep 17 00:00:00 2001 From: Simon Ferquel Date: Fri, 24 Mar 2017 15:39:47 +0100 Subject: [PATCH 001/191] Fix behavior of absolute paths in .dockerignore According to documentation (https://docs.docker.com/engine/reference/builder/#dockerignore-file), absolute paths like `/foo/bar` should have the same effect as `foo/bar`. This is not the case today. This fix normalize paths when reading the .dockerignore file by removing leading slashes. Signed-off-by: Simon Ferquel Upstream-commit: 1cde87c43abd100f4233e965e040e30a6bd34112 Component: engine --- .../builder/dockerignore/dockerignore.go | 19 ++++++++++++++-- .../builder/dockerignore/dockerignore_test.go | 22 ++++++++++++++----- 2 files changed, 34 insertions(+), 7 deletions(-) diff --git a/components/engine/builder/dockerignore/dockerignore.go b/components/engine/builder/dockerignore/dockerignore.go index 2db67be799..cc22381339 100644 --- a/components/engine/builder/dockerignore/dockerignore.go +++ b/components/engine/builder/dockerignore/dockerignore.go @@ -38,8 +38,23 @@ func ReadAll(reader io.Reader) ([]string, error) { if pattern == "" { continue } - pattern = filepath.Clean(pattern) - pattern = filepath.ToSlash(pattern) + // normalize absolute paths to paths relative to the context + // (taking care of '!' prefix) + invert := pattern[0] == '!' + if invert { + pattern = strings.TrimSpace(pattern[1:]) + } + if len(pattern) > 0 { + pattern = filepath.Clean(pattern) + pattern = filepath.ToSlash(pattern) + if len(pattern) > 1 && pattern[0] == '/' { + pattern = pattern[1:] + } + } + if invert { + pattern = "!" + pattern + } + excludes = append(excludes, pattern) } if err := scanner.Err(); err != nil { diff --git a/components/engine/builder/dockerignore/dockerignore_test.go b/components/engine/builder/dockerignore/dockerignore_test.go index 948f9d886b..bda38745cc 100644 --- a/components/engine/builder/dockerignore/dockerignore_test.go +++ b/components/engine/builder/dockerignore/dockerignore_test.go @@ -25,7 +25,7 @@ func TestReadAll(t *testing.T) { } diName := filepath.Join(tmpDir, ".dockerignore") - content := fmt.Sprintf("test1\n/test2\n/a/file/here\n\nlastfile") + content := fmt.Sprintf("test1\n/test2\n/a/file/here\n\nlastfile\n# this is a comment\n! /inverted/abs/path\n!\n! \n") err = ioutil.WriteFile(diName, []byte(content), 0777) if err != nil { t.Fatal(err) @@ -42,16 +42,28 @@ func TestReadAll(t *testing.T) { t.Fatal(err) } + if len(di) != 7 { + t.Fatalf("Expected 5 entries, got %v", len(di)) + } if di[0] != "test1" { t.Fatal("First element is not test1") } - if di[1] != "/test2" { - t.Fatal("Second element is not /test2") + if di[1] != "test2" { // according to https://docs.docker.com/engine/reference/builder/#dockerignore-file, /foo/bar should be treated as foo/bar + t.Fatal("Second element is not test2") } - if di[2] != "/a/file/here" { - t.Fatal("Third element is not /a/file/here") + if di[2] != "a/file/here" { // according to https://docs.docker.com/engine/reference/builder/#dockerignore-file, /foo/bar should be treated as foo/bar + t.Fatal("Third element is not a/file/here") } if di[3] != "lastfile" { t.Fatal("Fourth element is not lastfile") } + if di[4] != "!inverted/abs/path" { + t.Fatal("Fifth element is not !inverted/abs/path") + } + if di[5] != "!" { + t.Fatalf("Sixth element is not !, but %s", di[5]) + } + if di[6] != "!" { + t.Fatalf("Sixth element is not !, but %s", di[6]) + } } From bde265f61b7d94738b5e9e1ca733d18e324dc934 Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Mon, 10 Apr 2017 13:11:39 -0400 Subject: [PATCH 002/191] devicemapper: remove thin pool if 'initDevmapper' failed if initDevmapper failed after creating thin-pool, the thin-pool will not be removed, this would cause we can't use the same lvm to create another thin-pool. Signed-off-by: Lei Jitang Upstream-commit: ea22d7ab91e7febc69433b979160dda8a79ad46e Component: engine --- .../engine/daemon/graphdriver/devmapper/deviceset.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/components/engine/daemon/graphdriver/devmapper/deviceset.go b/components/engine/daemon/graphdriver/devmapper/deviceset.go index ba845d4d01..930b5ce7cc 100644 --- a/components/engine/daemon/graphdriver/devmapper/deviceset.go +++ b/components/engine/daemon/graphdriver/devmapper/deviceset.go @@ -1686,7 +1686,7 @@ func (devices *DeviceSet) enableDeferredRemovalDeletion() error { return nil } -func (devices *DeviceSet) initDevmapper(doInit bool) error { +func (devices *DeviceSet) initDevmapper(doInit bool) (retErr error) { // give ourselves to libdm as a log handler devicemapper.LogInit(devices) @@ -1840,6 +1840,14 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error { if err := devicemapper.CreatePool(devices.getPoolName(), dataFile, metadataFile, devices.thinpBlockSize); err != nil { return err } + defer func() { + if retErr != nil { + err = devices.deactivatePool() + if err != nil { + logrus.Warnf("devmapper: Failed to deactivatePool: %v", err) + } + } + }() } // Pool already exists and caller did not pass us a pool. That means From 957a7e39a2690e4582289c3c0796f20ca37342b8 Mon Sep 17 00:00:00 2001 From: Stephen J Day Date: Mon, 8 May 2017 17:02:02 -0700 Subject: [PATCH 003/191] pkg: remove random package The unnecessary `random` package has been removed in favor of using the `math/rand` package directly. Seeding of the random value from crypto has been added to the `stringid` package to account for the change. May need to add an equivalent seed to `namesgenerator`, but this is often used with `stringid` and has collision protection. Signed-off-by: Stephen J Day Upstream-commit: 66cfe61f71252f528ddb458d554cd241e996d9f1 Component: engine --- .../pkg/namesgenerator/names-generator.go | 8 +-- components/engine/pkg/random/random.go | 71 ------------------- components/engine/pkg/random/random_test.go | 22 ------ components/engine/pkg/stringid/stringid.go | 38 +++++++--- .../engine/pkg/stringutils/stringutils.go | 4 +- 5 files changed, 32 insertions(+), 111 deletions(-) delete mode 100644 components/engine/pkg/random/random.go delete mode 100644 components/engine/pkg/random/random_test.go diff --git a/components/engine/pkg/namesgenerator/names-generator.go b/components/engine/pkg/namesgenerator/names-generator.go index d732a4795f..2f869ed925 100644 --- a/components/engine/pkg/namesgenerator/names-generator.go +++ b/components/engine/pkg/namesgenerator/names-generator.go @@ -2,8 +2,7 @@ package namesgenerator import ( "fmt" - - "github.com/docker/docker/pkg/random" + "math/rand" ) var ( @@ -594,15 +593,14 @@ var ( // formatted as "adjective_surname". For example 'focused_turing'. If retry is non-zero, a random // integer between 0 and 10 will be added to the end of the name, e.g `focused_turing3` func GetRandomName(retry int) string { - rnd := random.Rand begin: - name := fmt.Sprintf("%s_%s", left[rnd.Intn(len(left))], right[rnd.Intn(len(right))]) + name := fmt.Sprintf("%s_%s", left[rand.Intn(len(left))], right[rand.Intn(len(right))]) if name == "boring_wozniak" /* Steve Wozniak is not boring */ { goto begin } if retry > 0 { - name = fmt.Sprintf("%s%d", name, rnd.Intn(10)) + name = fmt.Sprintf("%s%d", name, rand.Intn(10)) } return name } diff --git a/components/engine/pkg/random/random.go b/components/engine/pkg/random/random.go deleted file mode 100644 index 70de4d1304..0000000000 --- a/components/engine/pkg/random/random.go +++ /dev/null @@ -1,71 +0,0 @@ -package random - -import ( - cryptorand "crypto/rand" - "io" - "math" - "math/big" - "math/rand" - "sync" - "time" -) - -// Rand is a global *rand.Rand instance, which initialized with NewSource() source. -var Rand = rand.New(NewSource()) - -// Reader is a global, shared instance of a pseudorandom bytes generator. -// It doesn't consume entropy. -var Reader io.Reader = &reader{rnd: Rand} - -// copypaste from standard math/rand -type lockedSource struct { - lk sync.Mutex - src rand.Source -} - -func (r *lockedSource) Int63() (n int64) { - r.lk.Lock() - n = r.src.Int63() - r.lk.Unlock() - return -} - -func (r *lockedSource) Seed(seed int64) { - r.lk.Lock() - r.src.Seed(seed) - r.lk.Unlock() -} - -// NewSource returns math/rand.Source safe for concurrent use and initialized -// with current unix-nano timestamp -func NewSource() rand.Source { - var seed int64 - if cryptoseed, err := cryptorand.Int(cryptorand.Reader, big.NewInt(math.MaxInt64)); err != nil { - // This should not happen, but worst-case fallback to time-based seed. - seed = time.Now().UnixNano() - } else { - seed = cryptoseed.Int64() - } - return &lockedSource{ - src: rand.NewSource(seed), - } -} - -type reader struct { - rnd *rand.Rand -} - -func (r *reader) Read(b []byte) (int, error) { - i := 0 - for { - val := r.rnd.Int63() - for val > 0 { - b[i] = byte(val) - i++ - if i == len(b) { - return i, nil - } - val >>= 8 - } - } -} diff --git a/components/engine/pkg/random/random_test.go b/components/engine/pkg/random/random_test.go deleted file mode 100644 index cf405f78cb..0000000000 --- a/components/engine/pkg/random/random_test.go +++ /dev/null @@ -1,22 +0,0 @@ -package random - -import ( - "math/rand" - "sync" - "testing" -) - -// for go test -v -race -func TestConcurrency(t *testing.T) { - rnd := rand.New(NewSource()) - var wg sync.WaitGroup - - for i := 0; i < 10; i++ { - wg.Add(1) - go func() { - rnd.Int63() - wg.Done() - }() - } - wg.Wait() -} diff --git a/components/engine/pkg/stringid/stringid.go b/components/engine/pkg/stringid/stringid.go index 82f85596c7..a0c7c42a05 100644 --- a/components/engine/pkg/stringid/stringid.go +++ b/components/engine/pkg/stringid/stringid.go @@ -2,15 +2,17 @@ package stringid import ( - "crypto/rand" + cryptorand "crypto/rand" "encoding/hex" "fmt" "io" + "math" + "math/big" + "math/rand" "regexp" "strconv" "strings" - - "github.com/docker/docker/pkg/random" + "time" ) const shortLen = 12 @@ -39,12 +41,8 @@ func TruncateID(id string) string { return id } -func generateID(crypto bool) string { +func generateID(r io.Reader) string { b := make([]byte, 32) - r := random.Reader - if crypto { - r = rand.Reader - } for { if _, err := io.ReadFull(r, b); err != nil { panic(err) // This shouldn't happen @@ -62,14 +60,14 @@ func generateID(crypto bool) string { // GenerateRandomID returns a unique id. func GenerateRandomID() string { - return generateID(true) + return generateID(cryptorand.Reader) } // GenerateNonCryptoID generates unique id without using cryptographically // secure sources of random. // It helps you to save entropy. func GenerateNonCryptoID() string { - return generateID(false) + return generateID(readerFunc(rand.Read)) } // ValidateID checks whether an ID string is a valid image ID. @@ -79,3 +77,23 @@ func ValidateID(id string) error { } return nil } + +func init() { + // safely set the seed globally so we generate random ids. Tries to use a + // crypto seed before falling back to time. + var seed int64 + if cryptoseed, err := cryptorand.Int(cryptorand.Reader, big.NewInt(math.MaxInt64)); err != nil { + // This should not happen, but worst-case fallback to time-based seed. + seed = time.Now().UnixNano() + } else { + seed = cryptoseed.Int64() + } + + rand.Seed(seed) +} + +type readerFunc func(p []byte) (int, error) + +func (fn readerFunc) Read(p []byte) (int, error) { + return fn(p) +} diff --git a/components/engine/pkg/stringutils/stringutils.go b/components/engine/pkg/stringutils/stringutils.go index e17951bfc8..8c4c39875e 100644 --- a/components/engine/pkg/stringutils/stringutils.go +++ b/components/engine/pkg/stringutils/stringutils.go @@ -5,8 +5,6 @@ import ( "bytes" "math/rand" "strings" - - "github.com/docker/docker/pkg/random" ) // GenerateRandomAlphaOnlyString generates an alphabetical random string with length n. @@ -15,7 +13,7 @@ func GenerateRandomAlphaOnlyString(n int) string { letters := []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") b := make([]byte, n) for i := range b { - b[i] = letters[random.Rand.Intn(len(letters))] + b[i] = letters[rand.Intn(len(letters))] } return string(b) } From b1f02f908e0e7a1992027998625aa5f5fd4df1da Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Fri, 19 May 2017 10:17:26 -0400 Subject: [PATCH 004/191] Make TestLogsAPIStdout a bit less racey Signed-off-by: Brian Goff Upstream-commit: 960b8d9294356b5651938244a62e0d485da72211 Component: engine --- .../integration-cli/docker_api_logs_test.go | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/components/engine/integration-cli/docker_api_logs_test.go b/components/engine/integration-cli/docker_api_logs_test.go index 535b210a3b..5e953b79de 100644 --- a/components/engine/integration-cli/docker_api_logs_test.go +++ b/components/engine/integration-cli/docker_api_logs_test.go @@ -19,34 +19,31 @@ func (s *DockerSuite) TestLogsAPIWithStdout(c *check.C) { type logOut struct { out string - res *http.Response err error } + chLog := make(chan logOut) + res, body, err := request.Get(fmt.Sprintf("/containers/%s/logs?follow=1&stdout=1×tamps=1", id)) + c.Assert(err, checker.IsNil) + c.Assert(res.StatusCode, checker.Equals, http.StatusOK) go func() { - res, body, err := request.Get(fmt.Sprintf("/containers/%s/logs?follow=1&stdout=1×tamps=1", id)) - if err != nil { - chLog <- logOut{"", nil, err} - return - } defer body.Close() out, err := bufio.NewReader(body).ReadString('\n') if err != nil { - chLog <- logOut{"", nil, err} + chLog <- logOut{"", err} return } - chLog <- logOut{strings.TrimSpace(out), res, err} + chLog <- logOut{strings.TrimSpace(out), err} }() select { case l := <-chLog: c.Assert(l.err, checker.IsNil) - c.Assert(l.res.StatusCode, checker.Equals, http.StatusOK) if !strings.HasSuffix(l.out, "hello") { c.Fatalf("expected log output to container 'hello', but it does not") } - case <-time.After(20 * time.Second): + case <-time.After(30 * time.Second): c.Fatal("timeout waiting for logs to exit") } } From 630485f440d710ba152545a8af85eee7c79e6be2 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Mon, 22 May 2017 15:00:50 -0700 Subject: [PATCH 005/191] Add builder dev report for 2017-05-22 Signed-off-by: Tonis Tiigi Upstream-commit: c07d8fc3be3ad6007f54f80c5e986d7dde2dc882 Component: engine --- .../engine/reports/builder/2017-05-22.md | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 components/engine/reports/builder/2017-05-22.md diff --git a/components/engine/reports/builder/2017-05-22.md b/components/engine/reports/builder/2017-05-22.md new file mode 100644 index 0000000000..29ecc6bb9a --- /dev/null +++ b/components/engine/reports/builder/2017-05-22.md @@ -0,0 +1,47 @@ +# Development Report for May 22, 2017 + +### New feature: Long running session + +PR for [adding long-running session between daemon and cli](https://github.com/moby/moby/pull/32677) that enables advanced features like incremental context send, build credentials from the client, ssh forwarding etc. is ready for reviews. This is blocking many new features like token signing, not pulling unnecessary context files, exposing sources outside working directory etc. + + +### Quality: Dependency interface switch + +Work continues on making the builder dependency interface more stable. + +Merged as part of this effort this week: + +- [Refactor COPY/ADD dispatchers](https://github.com/moby/moby/pull/33116) + +In review: +- [Refactor builder probe cache and container backend](https://github.com/moby/moby/pull/33061) + +### Buildkit + +[Diff and snapshot services](https://github.com/containerd/containerd/pull/849) were added to containerd. This is a required dependency for [buildkit](https://github.com/moby/moby/issues/32925). + +### Proposals discussed in maintainers meeting + +New builder proposals were discussed in maintainers meeting. The decision was to give 2 more weeks for anyone to post feedback to [IMPORT/EXPORT commands](https://github.com/moby/moby/issues/32100) and [`RUN --mount`](https://github.com/moby/moby/issues/32507) and accept them for development if nothing significant comes up. + +Build secrets and its possible overlap with [--mount](https://github.com/moby/moby/issues/32507) was discussed as well. The decision was to create a [new issue](https://github.com/moby/moby/issues/33343)(as the [old PR](https://github.com/moby/moby/pull/30637) is closed) to track this and avoid it from blocking `--mount` implementation. + +### Proposals for new Dockerfile features that need design feedback: + +[Add IMPORT/EXPORT commands to Dockerfile](https://github.com/moby/moby/issues/32100) + +[Add `DOCKEROS/DOCKERARCH` default ARG to Dockerfile](https://github.com/moby/moby/issues/32487) + +[Add support for `RUN --mount`](https://github.com/moby/moby/issues/32507) + +[DAG image builder](https://github.com/moby/moby/issues/32550) + +[Option to export the hash of the build context](https://github.com/moby/moby/issues/32963) (new) + +[Allow --cache-from=*](https://github.com/moby/moby/issues/33002#issuecomment-299041162) (new) + +If you are interested in implementing any of them, leave a comment on the specific issues. + +### Other new builder features currently in code-review: + +- From f36cffe0bdc6f2ad6ce47a243b9f62d33407bbcc Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Tue, 23 May 2017 14:27:31 -0700 Subject: [PATCH 006/191] cluster: Only pass a join address when in the process of joining a cluster This code currently passes a random manager address when creating a new Node. This doesn't really make sense - we should only pass a join address on the initial join, or when retrying that join. An upcoming change to swarmkit will pay attention to JoinAddr significant when a node is already part of a cluster, so passing in the random value needs to be avoided. Signed-off-by: Aaron Lehmann Upstream-commit: 24477e70040019ca421ec1031dc553dc780c02f1 Component: engine --- .../engine/daemon/cluster/noderunner.go | 29 ++++++++++++------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/components/engine/daemon/cluster/noderunner.go b/components/engine/daemon/cluster/noderunner.go index 2ec13b4639..c0c7529ed9 100644 --- a/components/engine/daemon/cluster/noderunner.go +++ b/components/engine/daemon/cluster/noderunner.go @@ -50,6 +50,9 @@ type nodeStartConfig struct { AdvertiseAddr string // DataPathAddr is the address that has to be used for the data path DataPathAddr string + // JoinInProgress is set to true if a join operation has started, but + // not completed yet. + JoinInProgress bool joinAddr string forceNewCluster bool @@ -98,6 +101,13 @@ func (n *nodeRunner) start(conf nodeStartConfig) error { control = filepath.Join(n.cluster.runtimeRoot, controlSocket) } + joinAddr := conf.joinAddr + if joinAddr == "" && conf.JoinInProgress { + // We must have been restarted while trying to join a cluster. + // Continue trying to join instead of forming our own cluster. + joinAddr = conf.RemoteAddr + } + // Hostname is not set here. Instead, it is obtained from // the node description that is reported periodically swarmnodeConfig := swarmnode.Config{ @@ -105,7 +115,7 @@ func (n *nodeRunner) start(conf nodeStartConfig) error { ListenControlAPI: control, ListenRemoteAPI: conf.ListenAddr, AdvertiseRemoteAPI: conf.AdvertiseAddr, - JoinAddr: conf.joinAddr, + JoinAddr: joinAddr, StateDir: n.cluster.root, JoinToken: conf.joinToken, Executor: container.NewExecutor(n.cluster.config.Backend), @@ -133,6 +143,9 @@ func (n *nodeRunner) start(conf nodeStartConfig) error { n.done = make(chan struct{}) n.ready = make(chan struct{}) n.swarmNode = node + if conf.joinAddr != "" { + conf.JoinInProgress = true + } n.config = conf savePersistentState(n.cluster.root, conf) @@ -216,6 +229,10 @@ func (n *nodeRunner) handleReadyEvent(ctx context.Context, node *swarmnode.Node, case <-node.Ready(): n.mu.Lock() n.err = nil + if n.config.JoinInProgress { + n.config.JoinInProgress = false + savePersistentState(n.cluster.root, n.config) + } n.mu.Unlock() close(ready) case <-ctx.Done(): @@ -306,7 +323,6 @@ func (n *nodeRunner) enableReconnectWatcher() { delayCtx, cancel := context.WithTimeout(context.Background(), n.reconnectDelay) n.cancelReconnect = cancel - config := n.config go func() { <-delayCtx.Done() if delayCtx.Err() != context.DeadlineExceeded { @@ -317,15 +333,8 @@ func (n *nodeRunner) enableReconnectWatcher() { if n.stopping { return } - remotes := n.cluster.getRemoteAddressList() - if len(remotes) > 0 { - config.RemoteAddr = remotes[0] - } else { - config.RemoteAddr = "" - } - config.joinAddr = config.RemoteAddr - if err := n.start(config); err != nil { + if err := n.start(n.config); err != nil { n.err = err } }() From db321ad50e8bac856c6f38c24afb92482ec82f06 Mon Sep 17 00:00:00 2001 From: allencloud Date: Mon, 29 May 2017 00:02:21 +0800 Subject: [PATCH 007/191] add swarm unlock test in client Signed-off-by: allencloud Upstream-commit: 8ff023fe5a6c33a7d4663978cf57afb2fffba9af Component: engine --- components/engine/client/swarm_unlock_test.go | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 components/engine/client/swarm_unlock_test.go diff --git a/components/engine/client/swarm_unlock_test.go b/components/engine/client/swarm_unlock_test.go new file mode 100644 index 0000000000..c242d41784 --- /dev/null +++ b/components/engine/client/swarm_unlock_test.go @@ -0,0 +1,49 @@ +package client + +import ( + "bytes" + "fmt" + "io/ioutil" + "net/http" + "strings" + "testing" + + "golang.org/x/net/context" + + "github.com/docker/docker/api/types/swarm" +) + +func TestSwarmUnlockError(t *testing.T) { + client := &Client{ + client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), + } + + err := client.SwarmUnlock(context.Background(), swarm.UnlockRequest{"SWMKEY-1-y6guTZNTwpQeTL5RhUfOsdBdXoQjiB2GADHSRJvbXeU"}) + if err == nil || err.Error() != "Error response from daemon: Server error" { + t.Fatalf("expected a Server Error, got %v", err) + } +} + +func TestSwarmUnlock(t *testing.T) { + expectedURL := "/swarm/unlock" + + client := &Client{ + client: newMockClient(func(req *http.Request) (*http.Response, error) { + if !strings.HasPrefix(req.URL.Path, expectedURL) { + return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL) + } + if req.Method != "POST" { + return nil, fmt.Errorf("expected POST method, got %s", req.Method) + } + return &http.Response{ + StatusCode: http.StatusOK, + Body: ioutil.NopCloser(bytes.NewReader([]byte(""))), + }, nil + }), + } + + err := client.SwarmUnlock(context.Background(), swarm.UnlockRequest{"SWMKEY-1-y6guTZNTwpQeTL5RhUfOsdBdXoQjiB2GADHSRJvbXeU"}) + if err != nil { + t.Fatal(err) + } +} From 0a1989cb372188113de53c8d60c65f6cbdfa770b Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Mon, 22 May 2017 09:57:39 -0400 Subject: [PATCH 008/191] Check signal is unset before using user stopsignal This fixes an issue where if a stop signal is set, and a user sends SIGKILL, `container.ExitOnNext()` is not set, thus causing the container to restart. Signed-off-by: Brian Goff Upstream-commit: 114652ab86609e5c0cbfad84f642942b466a0596 Component: engine --- components/engine/daemon/kill.go | 2 +- .../integration-cli/docker_api_containers_test.go | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/components/engine/daemon/kill.go b/components/engine/daemon/kill.go index ba0dbe1f55..a24f0bb031 100644 --- a/components/engine/daemon/kill.go +++ b/components/engine/daemon/kill.go @@ -68,7 +68,7 @@ func (daemon *Daemon) killWithSignal(container *container.Container, sig int) er return errNotRunning{container.ID} } - if container.Config.StopSignal != "" { + if container.Config.StopSignal != "" && syscall.Signal(sig) != syscall.SIGKILL { containerStopSignal, err := signal.ParseSignal(container.Config.StopSignal) if err != nil { return err diff --git a/components/engine/integration-cli/docker_api_containers_test.go b/components/engine/integration-cli/docker_api_containers_test.go index e2b20b746b..84e009207a 100644 --- a/components/engine/integration-cli/docker_api_containers_test.go +++ b/components/engine/integration-cli/docker_api_containers_test.go @@ -1933,3 +1933,18 @@ func (s *DockerSuite) TestContainersAPICreateMountsTmpfs(c *check.C) { } } } + +// Regression test for #33334 +// Makes sure that when a container which has a custom stop signal + restart=always +// gets killed (with SIGKILL) by the kill API, that the restart policy is cancelled. +func (s *DockerSuite) TestContainerKillCustomStopSignal(c *check.C) { + id := strings.TrimSpace(runSleepingContainer(c, "--stop-signal=SIGTERM", "--restart=always")) + res, _, err := request.Post("/containers/" + id + "/kill") + c.Assert(err, checker.IsNil) + defer res.Body.Close() + + b, err := ioutil.ReadAll(res.Body) + c.Assert(res.StatusCode, checker.Equals, http.StatusNoContent, check.Commentf(string(b))) + err = waitInspect(id, "{{.State.Running}} {{.State.Restarting}}", "false false", 30*time.Second) + c.Assert(err, checker.IsNil) +} From f2f752196e7b17c300d0a7a6f6ca38633575afb1 Mon Sep 17 00:00:00 2001 From: Darren Stahl Date: Thu, 25 May 2017 17:52:01 -0700 Subject: [PATCH 009/191] Check for Windows 10 IoT Core to use process isolation on IoT Signed-off-by: Darren Stahl Upstream-commit: 75f7f2a83a5a6fb276606a2fff4041da9bcd30a3 Component: engine --- components/engine/daemon/daemon_windows.go | 9 ++++---- .../engine/pkg/system/syscall_windows.go | 21 +++++++++++++++++-- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/components/engine/daemon/daemon_windows.go b/components/engine/daemon/daemon_windows.go index efe1b1f6a0..8d6bcf5316 100644 --- a/components/engine/daemon/daemon_windows.go +++ b/components/engine/daemon/daemon_windows.go @@ -217,7 +217,7 @@ func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes. warnings := []string{} hyperv := daemon.runAsHyperVContainer(hostConfig) - if !hyperv && system.IsWindowsClient() { + if !hyperv && system.IsWindowsClient() && !system.IsIoTCore() { // @engine maintainers. This block should not be removed. It partially enforces licensing // restrictions on Windows. Ping @jhowardmsft if there are concerns or PRs to change this. return warnings, fmt.Errorf("Windows client operating systems only support Hyper-V containers") @@ -566,8 +566,9 @@ func (daemon *Daemon) stats(c *container.Container) (*types.StatsJSON, error) { // daemon to run in. This is only applicable on Windows func (daemon *Daemon) setDefaultIsolation() error { daemon.defaultIsolation = containertypes.Isolation("process") - // On client SKUs, default to Hyper-V - if system.IsWindowsClient() { + // On client SKUs, default to Hyper-V. Note that IoT reports as a client SKU + // but it should not be treated as such. + if system.IsWindowsClient() && !system.IsIoTCore() { daemon.defaultIsolation = containertypes.Isolation("hyperv") } for _, option := range daemon.configStore.ExecOptions { @@ -586,7 +587,7 @@ func (daemon *Daemon) setDefaultIsolation() error { daemon.defaultIsolation = containertypes.Isolation("hyperv") } if containertypes.Isolation(val).IsProcess() { - if system.IsWindowsClient() { + if system.IsWindowsClient() && !system.IsIoTCore() { // @engine maintainers. This block should not be removed. It partially enforces licensing // restrictions on Windows. Ping @jhowardmsft if there are concerns or PRs to change this. return fmt.Errorf("Windows client operating systems only support Hyper-V containers") diff --git a/components/engine/pkg/system/syscall_windows.go b/components/engine/pkg/system/syscall_windows.go index 1f311874f4..c328a6fb86 100644 --- a/components/engine/pkg/system/syscall_windows.go +++ b/components/engine/pkg/system/syscall_windows.go @@ -8,8 +8,9 @@ import ( ) var ( - ntuserApiset = syscall.NewLazyDLL("ext-ms-win-ntuser-window-l1-1-0") - procGetVersionExW = modkernel32.NewProc("GetVersionExW") + ntuserApiset = syscall.NewLazyDLL("ext-ms-win-ntuser-window-l1-1-0") + procGetVersionExW = modkernel32.NewProc("GetVersionExW") + procGetProductInfo = modkernel32.NewProc("GetProductInfo") ) // OSVersion is a wrapper for Windows version information @@ -66,6 +67,22 @@ func IsWindowsClient() bool { return osviex.ProductType == verNTWorkstation } +// IsIoTCore returns true if the currently running image is based off of +// Windows 10 IoT Core. +// @engine maintainers - this function should not be removed or modified as it +// is used to enforce licensing restrictions on Windows. +func IsIoTCore() bool { + var returnedProductType uint32 + r1, _, err := procGetProductInfo.Call(6, 1, 0, 0, uintptr(unsafe.Pointer(&returnedProductType))) + if r1 == 0 { + logrus.Warnf("GetProductInfo failed - assuming this is not IoT: %v", err) + return false + } + const productIoTUAP = 0x0000007B + const productIoTUAPCommercial = 0x00000083 + return returnedProductType == productIoTUAP || returnedProductType == productIoTUAPCommercial +} + // Unmount is a platform-specific helper function to call // the unmount syscall. Not supported on Windows func Unmount(dest string) error { From fe2c9ff86c276da635ff8258d0ee3714e51be2b5 Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Mon, 22 May 2017 03:44:01 -0400 Subject: [PATCH 010/191] Don't create source directory while the daemon is being shutdown, fix #30348 If a container mount the socket the daemon is listening on into container while the daemon is being shutdown, the socket will not exist on the host, then daemon will assume it's a directory and create it on the host, this will cause the daemon can't start next time. fix issue https://github.com/moby/moby/issues/30348 To reproduce this issue, you can add following code ``` --- a/daemon/oci_linux.go +++ b/daemon/oci_linux.go @@ -8,6 +8,7 @@ import ( "sort" "strconv" "strings" + "time" "github.com/Sirupsen/logrus" "github.com/docker/docker/container" @@ -666,7 +667,8 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e if err := daemon.setupIpcDirs(c); err != nil { return nil, err } - + fmt.Printf("===please stop the daemon===\n") + time.Sleep(time.Second * 2) ms, err := daemon.setupMounts(c) if err != nil { return nil, err ``` step1 run a container which has `--restart always` and `-v /var/run/docker.sock:/sock` ``` $ docker run -ti --restart always -v /var/run/docker.sock:/sock busybox / # ``` step2 exit the the container ``` / # exit ``` and kill the daemon when you see ``` ===please stop the daemon=== ``` in the daemon log The daemon can't restart again and fail with `can't create unix socket /var/run/docker.sock: is a directory`. Signed-off-by: Lei Jitang Upstream-commit: 7318eba5b2f8bb4b867ca943c3229260ca98a3bc Component: engine --- components/engine/cmd/dockerd/daemon.go | 5 +++++ components/engine/daemon/daemon.go | 11 +++++++++++ components/engine/daemon/monitor.go | 3 ++- components/engine/daemon/volumes_unix.go | 14 +++++++++++++- components/engine/daemon/volumes_windows.go | 2 +- components/engine/volume/volume.go | 12 +++++++++++- 6 files changed, 43 insertions(+), 4 deletions(-) diff --git a/components/engine/cmd/dockerd/daemon.go b/components/engine/cmd/dockerd/daemon.go index 5898df77f6..2650e176b0 100644 --- a/components/engine/cmd/dockerd/daemon.go +++ b/components/engine/cmd/dockerd/daemon.go @@ -155,6 +155,8 @@ func (cli *DaemonCli) start(opts daemonOptions) (err error) { api := apiserver.New(serverConfig) cli.api = api + var hosts []string + for i := 0; i < len(cli.Config.Hosts); i++ { var err error if cli.Config.Hosts[i], err = dopts.ParseHost(cli.Config.TLS, cli.Config.Hosts[i]); err != nil { @@ -186,6 +188,7 @@ func (cli *DaemonCli) start(opts daemonOptions) (err error) { } } logrus.Debugf("Listener created for HTTP on %s (%s)", proto, addr) + hosts = append(hosts, protoAddrParts[1]) api.Accept(addr, ls...) } @@ -213,6 +216,8 @@ func (cli *DaemonCli) start(opts daemonOptions) (err error) { return fmt.Errorf("Error starting daemon: %v", err) } + d.StoreHosts(hosts) + // validate after NewDaemon has restored enabled plugins. Dont change order. if err := validateAuthzPlugins(cli.Config.AuthorizationPlugins, pluginStore); err != nil { return fmt.Errorf("Error validating authorization plugin: %v", err) diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go index 3d45c71bf8..05017775d4 100644 --- a/components/engine/daemon/daemon.go +++ b/components/engine/daemon/daemon.go @@ -116,6 +116,17 @@ type Daemon struct { diskUsageRunning int32 pruneRunning int32 + hosts map[string]bool // hosts stores the addresses the daemon is listening on +} + +// StoreHosts stores the addresses the daemon is listening on +func (daemon *Daemon) StoreHosts(hosts []string) { + if daemon.hosts == nil { + daemon.hosts = make(map[string]bool) + } + for _, h := range hosts { + daemon.hosts[h] = true + } } // HasExperimental returns whether the experimental features of the daemon are enabled or not diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go index 6861a5c3c8..5bf9d945d1 100644 --- a/components/engine/daemon/monitor.go +++ b/components/engine/daemon/monitor.go @@ -46,7 +46,8 @@ func (daemon *Daemon) StateChanged(id string, e libcontainerd.StateInfo) error { c.StreamConfig.Wait() c.Reset(false) - restart, wait, err := c.RestartManager().ShouldRestart(e.ExitCode, c.HasBeenManuallyStopped, time.Since(c.StartedAt)) + // If daemon is being shutdown, don't let the container restart + restart, wait, err := c.RestartManager().ShouldRestart(e.ExitCode, daemon.IsShuttingDown() || c.HasBeenManuallyStopped, time.Since(c.StartedAt)) if err == nil && restart { c.RestartCount++ c.SetRestarting(platformConstructExitStatus(e)) diff --git a/components/engine/daemon/volumes_unix.go b/components/engine/daemon/volumes_unix.go index 29dffa9ea0..370eb74218 100644 --- a/components/engine/daemon/volumes_unix.go +++ b/components/engine/daemon/volumes_unix.go @@ -6,6 +6,7 @@ package daemon import ( "encoding/json" + "fmt" "os" "path/filepath" "sort" @@ -42,8 +43,19 @@ func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, er if err := daemon.lazyInitializeVolume(c.ID, m); err != nil { return nil, err } + // If the daemon is being shutdown, we should not let a container start if it is trying to + // mount the socket the daemon is listening on. During daemon shutdown, the socket + // (/var/run/docker.sock by default) doesn't exist anymore causing the call to m.Setup to + // create at directory instead. This in turn will prevent the daemon to restart. + checkfunc := func(m *volume.MountPoint) error { + if _, exist := daemon.hosts[m.Source]; exist && daemon.IsShuttingDown() { + return fmt.Errorf("Could not mount %q to container while the daemon is shutting down", m.Source) + } + return nil + } + rootUID, rootGID := daemon.GetRemappedUIDGID() - path, err := m.Setup(c.MountLabel, rootUID, rootGID) + path, err := m.Setup(c.MountLabel, rootUID, rootGID, checkfunc) if err != nil { return nil, err } diff --git a/components/engine/daemon/volumes_windows.go b/components/engine/daemon/volumes_windows.go index b43de47b65..76940c67df 100644 --- a/components/engine/daemon/volumes_windows.go +++ b/components/engine/daemon/volumes_windows.go @@ -24,7 +24,7 @@ func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, er if err := daemon.lazyInitializeVolume(c.ID, mount); err != nil { return nil, err } - s, err := mount.Setup(c.MountLabel, 0, 0) + s, err := mount.Setup(c.MountLabel, 0, 0, nil) if err != nil { return nil, err } diff --git a/components/engine/volume/volume.go b/components/engine/volume/volume.go index 5135605281..774d9f78c1 100644 --- a/components/engine/volume/volume.go +++ b/components/engine/volume/volume.go @@ -146,7 +146,9 @@ func (m *MountPoint) Cleanup() error { // Setup sets up a mount point by either mounting the volume if it is // configured, or creating the source directory if supplied. -func (m *MountPoint) Setup(mountLabel string, rootUID, rootGID int) (path string, err error) { +// The, optional, checkFun parameter allows doing additional checking +// before creating the source directory on the host. +func (m *MountPoint) Setup(mountLabel string, rootUID, rootGID int, checkFun func(m *MountPoint) error) (path string, err error) { defer func() { if err == nil { if label.RelabelNeeded(m.Mode) { @@ -181,6 +183,14 @@ func (m *MountPoint) Setup(mountLabel string, rootUID, rootGID int) (path string // system.MkdirAll() produces an error if m.Source exists and is a file (not a directory), if m.Type == mounttypes.TypeBind { + // Before creating the source directory on the host, invoke checkFun if it's not nil. One of + // the use case is to forbid creating the daemon socket as a directory if the daemon is in + // the process of shutting down. + if checkFun != nil { + if err := checkFun(m); err != nil { + return "", err + } + } // idtools.MkdirAllNewAs() produces an error if m.Source exists and is a file (not a directory) // also, makes sure that if the directory is created, the correct remapped rootUID/rootGID will own it if err := idtools.MkdirAllNewAs(m.Source, 0755, rootUID, rootGID); err != nil { From 103f3041e58fb75f924bcf9c6293a056c37af561 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Wed, 31 May 2017 14:52:43 -0400 Subject: [PATCH 011/191] Lock container while connecting to a new network. `ConnectToNetwork` is modfying the container but is not locking the object. Signed-off-by: Brian Goff Upstream-commit: 4d0888e32bccfd8c0f27a7b66b2a5607d42e2698 Component: engine --- components/engine/daemon/container_operations.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/components/engine/daemon/container_operations.go b/components/engine/daemon/container_operations.go index 82ca4701af..1b6f02d0a1 100644 --- a/components/engine/daemon/container_operations.go +++ b/components/engine/daemon/container_operations.go @@ -980,6 +980,9 @@ func (daemon *Daemon) ConnectToNetwork(container *container.Container, idOrName if endpointConfig == nil { endpointConfig = &networktypes.EndpointSettings{} } + container.Lock() + defer container.Unlock() + if !container.Running { if container.RemovalInProgress || container.Dead { return errRemovalContainer(container.ID) @@ -1002,7 +1005,7 @@ func (daemon *Daemon) ConnectToNetwork(container *container.Container, idOrName return err } } - if err := container.ToDiskLocking(); err != nil { + if err := container.ToDisk(); err != nil { return fmt.Errorf("Error saving container to disk: %v", err) } return nil @@ -1011,6 +1014,9 @@ func (daemon *Daemon) ConnectToNetwork(container *container.Container, idOrName // DisconnectFromNetwork disconnects container from network n. func (daemon *Daemon) DisconnectFromNetwork(container *container.Container, networkName string, force bool) error { n, err := daemon.FindNetwork(networkName) + container.Lock() + defer container.Unlock() + if !container.Running || (err != nil && force) { if container.RemovalInProgress || container.Dead { return errRemovalContainer(container.ID) @@ -1038,7 +1044,7 @@ func (daemon *Daemon) DisconnectFromNetwork(container *container.Container, netw return err } - if err := container.ToDiskLocking(); err != nil { + if err := container.ToDisk(); err != nil { return fmt.Errorf("Error saving container to disk: %v", err) } From e930dafbb3560be4613db4baab219089dbf67846 Mon Sep 17 00:00:00 2001 From: Madhu Venugopal Date: Wed, 31 May 2017 16:04:00 -0700 Subject: [PATCH 012/191] Vendoring libnetwork 2e99f06621c23a5f4038968f1af1e28c84e4104e Fixes #33415 Fixes #33346 Implemented few additional IPVS APIs to be used by other projects Signed-off-by: Madhu Venugopal Upstream-commit: 0484bdb6ca0ddd0bebc490e335a7f788cdc30f13 Component: engine --- components/engine/vendor.conf | 2 +- .../docker/libnetwork/controller.go | 1 - .../docker/libnetwork/ipvs/constants.go | 17 + .../github.com/docker/libnetwork/ipvs/ipvs.go | 42 +++ .../docker/libnetwork/ipvs/netlink.go | 325 +++++++++++++++++- .../github.com/docker/libnetwork/network.go | 3 + .../docker/libnetwork/networkdb/cluster.go | 1 - .../docker/libnetwork/networkdb/delegate.go | 41 ++- .../libnetwork/networkdb/event_delegate.go | 13 +- .../docker/libnetwork/networkdb/networkdb.go | 10 + 10 files changed, 442 insertions(+), 13 deletions(-) diff --git a/components/engine/vendor.conf b/components/engine/vendor.conf index 35708e168c..3d9f47c944 100644 --- a/components/engine/vendor.conf +++ b/components/engine/vendor.conf @@ -26,7 +26,7 @@ github.com/imdario/mergo 0.2.1 golang.org/x/sync de49d9dcd27d4f764488181bea099dfe6179bcf0 #get libnetwork packages -github.com/docker/libnetwork 83e1e49475b88a9f1f8ba89a690a7d5de42e24b9 +github.com/docker/libnetwork 2e99f06621c23a5f4038968f1af1e28c84e4104e github.com/docker/go-events 18b43f1bc85d9cdd42c05a6cd2d444c7a200a894 github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec diff --git a/components/engine/vendor/github.com/docker/libnetwork/controller.go b/components/engine/vendor/github.com/docker/libnetwork/controller.go index df75be707f..ae7dac0b82 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/controller.go +++ b/components/engine/vendor/github.com/docker/libnetwork/controller.go @@ -738,7 +738,6 @@ func (c *controller) NewNetwork(networkType, name string, id string, options ... if network.configOnly { network.scope = datastore.LocalScope network.networkType = "null" - network.ipamType = "" goto addToStore } diff --git a/components/engine/vendor/github.com/docker/libnetwork/ipvs/constants.go b/components/engine/vendor/github.com/docker/libnetwork/ipvs/constants.go index 103e71a37c..d36bec0e80 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/ipvs/constants.go +++ b/components/engine/vendor/github.com/docker/libnetwork/ipvs/constants.go @@ -85,6 +85,23 @@ const ( ipvsDestAttrInactiveConnections ipvsDestAttrPersistentConnections ipvsDestAttrStats + ipvsDestAttrAddressFamily +) + +// IPVS Svc Statistics constancs + +const ( + ipvsSvcStatsUnspec int = iota + ipvsSvcStatsConns + ipvsSvcStatsPktsIn + ipvsSvcStatsPktsOut + ipvsSvcStatsBytesIn + ipvsSvcStatsBytesOut + ipvsSvcStatsCPS + ipvsSvcStatsPPSIn + ipvsSvcStatsPPSOut + ipvsSvcStatsBPSIn + ipvsSvcStatsBPSOut ) // Destination forwarding methods diff --git a/components/engine/vendor/github.com/docker/libnetwork/ipvs/ipvs.go b/components/engine/vendor/github.com/docker/libnetwork/ipvs/ipvs.go index 266cc24dbe..a285e102e3 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/ipvs/ipvs.go +++ b/components/engine/vendor/github.com/docker/libnetwork/ipvs/ipvs.go @@ -6,6 +6,7 @@ import ( "net" "syscall" + "fmt" "github.com/vishvananda/netlink/nl" "github.com/vishvananda/netns" ) @@ -25,6 +26,21 @@ type Service struct { Netmask uint32 AddressFamily uint16 PEName string + Stats SvcStats +} + +// SvcStats defines an IPVS service statistics +type SvcStats struct { + Connections uint32 + PacketsIn uint32 + PacketsOut uint32 + BytesIn uint64 + BytesOut uint64 + CPS uint32 + BPSOut uint32 + PPSIn uint32 + PPSOut uint32 + BPSIn uint32 } // Destination defines an IPVS destination (real server) in its @@ -117,3 +133,29 @@ func (i *Handle) UpdateDestination(s *Service, d *Destination) error { func (i *Handle) DelDestination(s *Service, d *Destination) error { return i.doCmd(s, d, ipvsCmdDelDest) } + +// GetServices returns an array of services configured on the Node +func (i *Handle) GetServices() ([]*Service, error) { + return i.doGetServicesCmd(nil) +} + +// GetDestinations returns an array of Destinations configured for this Service +func (i *Handle) GetDestinations(s *Service) ([]*Destination, error) { + return i.doGetDestinationsCmd(s, nil) +} + +// GetService gets details of a specific IPVS services, useful in updating statisics etc., +func (i *Handle) GetService(s *Service) (*Service, error) { + + res, err := i.doGetServicesCmd(s) + if err != nil { + return nil, err + } + + // We are looking for exactly one service otherwise error out + if len(res) != 1 { + return nil, fmt.Errorf("Expected only one service obtained=%d", len(res)) + } + + return res[0], nil +} diff --git a/components/engine/vendor/github.com/docker/libnetwork/ipvs/netlink.go b/components/engine/vendor/github.com/docker/libnetwork/ipvs/netlink.go index 635606dacd..5450679c3b 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/ipvs/netlink.go +++ b/components/engine/vendor/github.com/docker/libnetwork/ipvs/netlink.go @@ -19,6 +19,7 @@ import ( "github.com/vishvananda/netns" ) +// For Quick Reference IPVS related netlink message is described at the end of this file. var ( native = nl.NativeEndian() ipvsFamily int @@ -89,7 +90,6 @@ func fillService(s *Service) nl.NetlinkRequestData { if s.PEName != "" { nl.NewRtAttrChild(cmdAttr, ipvsSvcAttrPEName, nl.ZeroTerminated(s.PEName)) } - f := &ipvsFlags{ flags: s.Flags, mask: 0xFFFFFFFF, @@ -117,20 +117,38 @@ func fillDestinaton(d *Destination) nl.NetlinkRequestData { return cmdAttr } -func (i *Handle) doCmd(s *Service, d *Destination, cmd uint8) error { +func (i *Handle) doCmdwithResponse(s *Service, d *Destination, cmd uint8) ([][]byte, error) { req := newIPVSRequest(cmd) req.Seq = atomic.AddUint32(&i.seq, 1) - req.AddData(fillService(s)) - if d != nil { + if s == nil { + req.Flags |= syscall.NLM_F_DUMP //Flag to dump all messages + req.AddData(nl.NewRtAttr(ipvsCmdAttrService, nil)) //Add a dummy attribute + } else { + req.AddData(fillService(s)) + } + + if d == nil { + if cmd == ipvsCmdGetDest { + req.Flags |= syscall.NLM_F_DUMP + } + + } else { req.AddData(fillDestinaton(d)) } - if _, err := execute(i.sock, req, 0); err != nil { - return err + res, err := execute(i.sock, req, 0) + if err != nil { + return [][]byte{}, err } - return nil + return res, nil +} + +func (i *Handle) doCmd(s *Service, d *Destination, cmd uint8) error { + _, err := i.doCmdwithResponse(s, d, cmd) + + return err } func getIPVSFamily() (int, error) { @@ -171,7 +189,6 @@ func rawIPData(ip net.IP) []byte { if family == nl.FAMILY_V4 { return ip.To4() } - return ip } @@ -235,3 +252,295 @@ done: } return res, nil } + +func parseIP(ip []byte, family uint16) (net.IP, error) { + + var resIP net.IP + + switch family { + case syscall.AF_INET: + resIP = (net.IP)(ip[:4]) + case syscall.AF_INET6: + resIP = (net.IP)(ip[:16]) + default: + return nil, fmt.Errorf("parseIP Error ip=%v", ip) + + } + return resIP, nil +} + +// parseStats +func assembleStats(msg []byte) (SvcStats, error) { + + var s SvcStats + + attrs, err := nl.ParseRouteAttr(msg) + if err != nil { + return s, err + } + + for _, attr := range attrs { + attrType := int(attr.Attr.Type) + switch attrType { + case ipvsSvcStatsConns: + s.Connections = native.Uint32(attr.Value) + case ipvsSvcStatsPktsIn: + s.PacketsIn = native.Uint32(attr.Value) + case ipvsSvcStatsPktsOut: + s.PacketsOut = native.Uint32(attr.Value) + case ipvsSvcStatsBytesIn: + s.BytesIn = native.Uint64(attr.Value) + case ipvsSvcStatsBytesOut: + s.BytesOut = native.Uint64(attr.Value) + case ipvsSvcStatsCPS: + s.CPS = native.Uint32(attr.Value) + case ipvsSvcStatsPPSIn: + s.PPSIn = native.Uint32(attr.Value) + case ipvsSvcStatsPPSOut: + s.PPSOut = native.Uint32(attr.Value) + case ipvsSvcStatsBPSIn: + s.BPSIn = native.Uint32(attr.Value) + case ipvsSvcStatsBPSOut: + s.BPSOut = native.Uint32(attr.Value) + } + } + return s, nil +} + +// assembleService assembles a services back from a hain of netlink attributes +func assembleService(attrs []syscall.NetlinkRouteAttr) (*Service, error) { + + var s Service + + for _, attr := range attrs { + + attrType := int(attr.Attr.Type) + + switch attrType { + + case ipvsSvcAttrAddressFamily: + s.AddressFamily = native.Uint16(attr.Value) + case ipvsSvcAttrProtocol: + s.Protocol = native.Uint16(attr.Value) + case ipvsSvcAttrAddress: + ip, err := parseIP(attr.Value, s.AddressFamily) + if err != nil { + return nil, err + } + s.Address = ip + case ipvsSvcAttrPort: + s.Port = binary.BigEndian.Uint16(attr.Value) + case ipvsSvcAttrFWMark: + s.FWMark = native.Uint32(attr.Value) + case ipvsSvcAttrSchedName: + s.SchedName = nl.BytesToString(attr.Value) + case ipvsSvcAttrFlags: + s.Flags = native.Uint32(attr.Value) + case ipvsSvcAttrTimeout: + s.Timeout = native.Uint32(attr.Value) + case ipvsSvcAttrNetmask: + s.Netmask = native.Uint32(attr.Value) + case ipvsSvcAttrStats: + stats, err := assembleStats(attr.Value) + if err != nil { + return nil, err + } + s.Stats = stats + } + + } + return &s, nil +} + +// parseService given a ipvs netlink response this function will respond with a valid service entry, an error otherwise +func (i *Handle) parseService(msg []byte) (*Service, error) { + + var s *Service + + //Remove General header for this message and parse the NetLink message + hdr := deserializeGenlMsg(msg) + NetLinkAttrs, err := nl.ParseRouteAttr(msg[hdr.Len():]) + if err != nil { + return nil, err + } + if len(NetLinkAttrs) == 0 { + return nil, fmt.Errorf("error no valid netlink message found while parsing service record") + } + + //Now Parse and get IPVS related attributes messages packed in this message. + ipvsAttrs, err := nl.ParseRouteAttr(NetLinkAttrs[0].Value) + if err != nil { + return nil, err + } + + //Assemble all the IPVS related attribute messages and create a service record + s, err = assembleService(ipvsAttrs) + if err != nil { + return nil, err + } + + return s, nil +} + +// doGetServicesCmd a wrapper which could be used commonly for both GetServices() and GetService(*Service) +func (i *Handle) doGetServicesCmd(svc *Service) ([]*Service, error) { + var res []*Service + + msgs, err := i.doCmdwithResponse(svc, nil, ipvsCmdGetService) + if err != nil { + return nil, err + } + + for _, msg := range msgs { + srv, err := i.parseService(msg) + if err != nil { + return nil, err + } + res = append(res, srv) + } + + return res, nil +} + +func assembleDestination(attrs []syscall.NetlinkRouteAttr) (*Destination, error) { + + var d Destination + + for _, attr := range attrs { + + attrType := int(attr.Attr.Type) + + switch attrType { + case ipvsDestAttrAddress: + ip, err := parseIP(attr.Value, syscall.AF_INET) + if err != nil { + return nil, err + } + d.Address = ip + case ipvsDestAttrPort: + d.Port = binary.BigEndian.Uint16(attr.Value) + case ipvsDestAttrForwardingMethod: + d.ConnectionFlags = native.Uint32(attr.Value) + case ipvsDestAttrWeight: + d.Weight = int(native.Uint16(attr.Value)) + case ipvsDestAttrUpperThreshold: + d.UpperThreshold = native.Uint32(attr.Value) + case ipvsDestAttrLowerThreshold: + d.LowerThreshold = native.Uint32(attr.Value) + case ipvsDestAttrAddressFamily: + d.AddressFamily = native.Uint16(attr.Value) + } + } + return &d, nil +} + +// parseDestination given a ipvs netlink response this function will respond with a valid destination entry, an error otherwise +func (i *Handle) parseDestination(msg []byte) (*Destination, error) { + var dst *Destination + + //Remove General header for this message + hdr := deserializeGenlMsg(msg) + NetLinkAttrs, err := nl.ParseRouteAttr(msg[hdr.Len():]) + if err != nil { + return nil, err + } + if len(NetLinkAttrs) == 0 { + return nil, fmt.Errorf("error no valid netlink message found while parsing destination record") + } + + //Now Parse and get IPVS related attributes messages packed in this message. + ipvsAttrs, err := nl.ParseRouteAttr(NetLinkAttrs[0].Value) + if err != nil { + return nil, err + } + + //Assemble netlink attributes and create a Destination record + dst, err = assembleDestination(ipvsAttrs) + if err != nil { + return nil, err + } + + return dst, nil +} + +// doGetDestinationsCmd a wrapper function to be used by GetDestinations and GetDestination(d) apis +func (i *Handle) doGetDestinationsCmd(s *Service, d *Destination) ([]*Destination, error) { + + var res []*Destination + + msgs, err := i.doCmdwithResponse(s, d, ipvsCmdGetDest) + if err != nil { + return nil, err + } + + for _, msg := range msgs { + dest, err := i.parseDestination(msg) + if err != nil { + return res, err + } + res = append(res, dest) + } + return res, nil +} + +// IPVS related netlink message format explained + +/* EACH NETLINK MSG is of the below format, this is what we will receive from execute() api. + If we have multiple netlink objects to process like GetServices() etc., execute() will + supply an array of this below object + + NETLINK MSG +|-----------------------------------| + 0 1 2 3 +|--------|--------|--------|--------| - +| CMD ID | VER | RESERVED | |==> General Message Header represented by genlMsgHdr +|-----------------------------------| - +| ATTR LEN | ATTR TYPE | | +|-----------------------------------| | +| | | +| VALUE | | +| []byte Array of IPVS MSG | |==> Attribute Message represented by syscall.NetlinkRouteAttr +| PADDED BY 4 BYTES | | +| | | +|-----------------------------------| - + + + Once We strip genlMsgHdr from above NETLINK MSG, we should parse the VALUE. + VALUE will have an array of netlink attributes (syscall.NetlinkRouteAttr) such that each attribute will + represent a "Service" or "Destination" object's field. If we assemble these attributes we can construct + Service or Destination. + + IPVS MSG +|-----------------------------------| + 0 1 2 3 +|--------|--------|--------|--------| +| ATTR LEN | ATTR TYPE | +|-----------------------------------| +| | +| | +| []byte IPVS ATTRIBUTE BY 4 BYTES | +| | +| | +|-----------------------------------| + NEXT ATTRIBUTE +|-----------------------------------| +| ATTR LEN | ATTR TYPE | +|-----------------------------------| +| | +| | +| []byte IPVS ATTRIBUTE BY 4 BYTES | +| | +| | +|-----------------------------------| + NEXT ATTRIBUTE +|-----------------------------------| +| ATTR LEN | ATTR TYPE | +|-----------------------------------| +| | +| | +| []byte IPVS ATTRIBUTE BY 4 BYTES | +| | +| | +|-----------------------------------| + +*/ diff --git a/components/engine/vendor/github.com/docker/libnetwork/network.go b/components/engine/vendor/github.com/docker/libnetwork/network.go index 2b6c705a7b..fa2ab800ae 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/network.go +++ b/components/engine/vendor/github.com/docker/libnetwork/network.go @@ -412,6 +412,9 @@ func (n *network) applyConfigurationTo(to *network) error { } } } + if len(n.ipamType) != 0 { + to.ipamType = n.ipamType + } if len(n.ipamOptions) > 0 { to.ipamOptions = make(map[string]string, len(n.ipamOptions)) for k, v := range n.ipamOptions { diff --git a/components/engine/vendor/github.com/docker/libnetwork/networkdb/cluster.go b/components/engine/vendor/github.com/docker/libnetwork/networkdb/cluster.go index d448c8caef..9156d0da68 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/networkdb/cluster.go +++ b/components/engine/vendor/github.com/docker/libnetwork/networkdb/cluster.go @@ -284,7 +284,6 @@ func (nDB *NetworkDB) reconnectNode() { } if err := nDB.sendNodeEvent(NodeEventTypeJoin); err != nil { - logrus.Errorf("failed to send node join during reconnect: %v", err) return } diff --git a/components/engine/vendor/github.com/docker/libnetwork/networkdb/delegate.go b/components/engine/vendor/github.com/docker/libnetwork/networkdb/delegate.go index 2096ea622e..6df358382f 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/networkdb/delegate.go +++ b/components/engine/vendor/github.com/docker/libnetwork/networkdb/delegate.go @@ -17,6 +17,25 @@ func (d *delegate) NodeMeta(limit int) []byte { return []byte{} } +func (nDB *NetworkDB) getNode(nEvent *NodeEvent) *node { + nDB.Lock() + defer nDB.Unlock() + + for _, nodes := range []map[string]*node{ + nDB.failedNodes, + nDB.leftNodes, + nDB.nodes, + } { + if n, ok := nodes[nEvent.NodeName]; ok { + if n.ltime >= nEvent.LTime { + return nil + } + return n + } + } + return nil +} + func (nDB *NetworkDB) checkAndGetNode(nEvent *NodeEvent) *node { nDB.Lock() defer nDB.Unlock() @@ -63,10 +82,28 @@ func (nDB *NetworkDB) purgeSameNode(n *node) { } func (nDB *NetworkDB) handleNodeEvent(nEvent *NodeEvent) bool { - n := nDB.checkAndGetNode(nEvent) + // Update our local clock if the received messages has newer + // time. + nDB.networkClock.Witness(nEvent.LTime) + + n := nDB.getNode(nEvent) if n == nil { return false } + // If its a node leave event for a manager and this is the only manager we + // know of we want the reconnect logic to kick in. In a single manager + // cluster manager's gossip can't be bootstrapped unless some other node + // connects to it. + if len(nDB.bootStrapIP) == 1 && nEvent.Type == NodeEventTypeLeave { + for _, ip := range nDB.bootStrapIP { + if ip.Equal(n.Addr) { + n.ltime = nEvent.LTime + return true + } + } + } + + n = nDB.checkAndGetNode(nEvent) nDB.purgeSameNode(n) n.ltime = nEvent.LTime @@ -76,11 +113,13 @@ func (nDB *NetworkDB) handleNodeEvent(nEvent *NodeEvent) bool { nDB.Lock() nDB.nodes[n.Name] = n nDB.Unlock() + logrus.Infof("Node join event for %s/%s", n.Name, n.Addr) return true case NodeEventTypeLeave: nDB.Lock() nDB.leftNodes[n.Name] = n nDB.Unlock() + logrus.Infof("Node leave event for %s/%s", n.Name, n.Addr) return true } diff --git a/components/engine/vendor/github.com/docker/libnetwork/networkdb/event_delegate.go b/components/engine/vendor/github.com/docker/libnetwork/networkdb/event_delegate.go index 6ae0a32ad1..23e16832e7 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/networkdb/event_delegate.go +++ b/components/engine/vendor/github.com/docker/libnetwork/networkdb/event_delegate.go @@ -22,6 +22,7 @@ func (e *eventDelegate) broadcastNodeEvent(addr net.IP, op opType) { } func (e *eventDelegate) NotifyJoin(mn *memberlist.Node) { + logrus.Infof("Node %s/%s, joined gossip cluster", mn.Name, mn.Addr) e.broadcastNodeEvent(mn.Addr, opCreate) e.nDB.Lock() // In case the node is rejoining after a failure or leave, @@ -37,9 +38,12 @@ func (e *eventDelegate) NotifyJoin(mn *memberlist.Node) { e.nDB.nodes[mn.Name] = &node{Node: *mn} e.nDB.Unlock() + logrus.Infof("Node %s/%s, added to nodes list", mn.Name, mn.Addr) } func (e *eventDelegate) NotifyLeave(mn *memberlist.Node) { + var failed bool + logrus.Infof("Node %s/%s, left gossip cluster", mn.Name, mn.Addr) e.broadcastNodeEvent(mn.Addr, opDelete) e.nDB.deleteNodeTableEntries(mn.Name) e.nDB.deleteNetworkEntriesForNode(mn.Name) @@ -47,10 +51,17 @@ func (e *eventDelegate) NotifyLeave(mn *memberlist.Node) { if n, ok := e.nDB.nodes[mn.Name]; ok { delete(e.nDB.nodes, mn.Name) - n.reapTime = reapInterval + // In case of node failure, keep retrying to reconnect every retryInterval (1sec) for nodeReapInterval (24h) + // Explicit leave will have already removed the node from the list of nodes (nDB.nodes) and put it into the leftNodes map + n.reapTime = nodeReapInterval e.nDB.failedNodes[mn.Name] = n + failed = true } e.nDB.Unlock() + if failed { + logrus.Infof("Node %s/%s, added to failed nodes list", mn.Name, mn.Addr) + } + } func (e *eventDelegate) NotifyUpdate(n *memberlist.Node) { diff --git a/components/engine/vendor/github.com/docker/libnetwork/networkdb/networkdb.go b/components/engine/vendor/github.com/docker/libnetwork/networkdb/networkdb.go index 86b0128b60..ecb2d714a4 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/networkdb/networkdb.go +++ b/components/engine/vendor/github.com/docker/libnetwork/networkdb/networkdb.go @@ -4,6 +4,7 @@ package networkdb import ( "fmt" + "net" "strings" "sync" "time" @@ -88,6 +89,10 @@ type NetworkDB struct { // Reference to the memberlist's keyring to add & remove keys keyring *memberlist.Keyring + + // bootStrapIP is the list of IPs that can be used to bootstrap + // the gossip. + bootStrapIP []net.IP } // PeerInfo represents the peer (gossip cluster) nodes of a network @@ -194,6 +199,11 @@ func New(c *Config) (*NetworkDB, error) { // Join joins this NetworkDB instance with a list of peer NetworkDB // instances passed by the caller in the form of addr:port func (nDB *NetworkDB) Join(members []string) error { + nDB.Lock() + for _, m := range members { + nDB.bootStrapIP = append(nDB.bootStrapIP, net.ParseIP(m)) + } + nDB.Unlock() return nDB.clusterJoin(members) } From dbc4b6c5bd78a5b9e7527c3db5c84fe6faffcb2a Mon Sep 17 00:00:00 2001 From: Ying Li Date: Wed, 31 May 2017 18:15:33 -0700 Subject: [PATCH 013/191] Do not log the CA config CA signing key in debug mode. Signed-off-by: Ying Li Upstream-commit: d60f18204978d438d1eb336512576d47991c8ac1 Component: engine --- components/engine/api/server/middleware/debug.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/api/server/middleware/debug.go b/components/engine/api/server/middleware/debug.go index 8c8567669b..b931f1906b 100644 --- a/components/engine/api/server/middleware/debug.go +++ b/components/engine/api/server/middleware/debug.go @@ -64,7 +64,7 @@ func maskSecretKeys(inp interface{}) { if form, ok := inp.(map[string]interface{}); ok { loop0: for k, v := range form { - for _, m := range []string{"password", "secret", "jointoken", "unlockkey"} { + for _, m := range []string{"password", "secret", "jointoken", "unlockkey", "signingcakey"} { if strings.EqualFold(m, k) { form[k] = "*****" continue loop0 From 4cb2e1a089fd486772a3d1d24ed01d5ad13f3ef7 Mon Sep 17 00:00:00 2001 From: John Howard Date: Tue, 30 May 2017 09:45:27 -0700 Subject: [PATCH 014/191] Builder: Fix parser directive refactoring Signed-off-by: John Howard Upstream-commit: c97170d618b7a1f35f47672143bd287666802287 Component: engine --- .../builder/dockerfile/parser/parser.go | 70 +++++++++---------- 1 file changed, 32 insertions(+), 38 deletions(-) diff --git a/components/engine/builder/dockerfile/parser/parser.go b/components/engine/builder/dockerfile/parser/parser.go index 0729fa539d..fa57d3953c 100644 --- a/components/engine/builder/dockerfile/parser/parser.go +++ b/components/engine/builder/dockerfile/parser/parser.go @@ -107,29 +107,28 @@ func (d *Directive) setEscapeToken(s string) error { return nil } -// processLine looks for a parser directive '# escapeToken=. Parser -// directives must precede any builder instruction or other comments, and cannot -// be repeated. -func (d *Directive) processLine(line string) error { +// possibleParserDirective looks for one or more parser directives '# escapeToken=' and +// '# platform='. Parser directives must precede any builder instruction +// or other comments, and cannot be repeated. +func (d *Directive) possibleParserDirective(line string) error { if d.processingComplete { return nil } - // Processing is finished after the first call - defer func() { d.processingComplete = true }() tecMatch := tokenEscapeCommand.FindStringSubmatch(strings.ToLower(line)) - if len(tecMatch) == 0 { - return nil - } - if d.escapeSeen == true { - return errors.New("only one escape parser directive can be used") - } - for i, n := range tokenEscapeCommand.SubexpNames() { - if n == "escapechar" { - d.escapeSeen = true - return d.setEscapeToken(tecMatch[i]) + if len(tecMatch) != 0 { + for i, n := range tokenEscapeCommand.SubexpNames() { + if n == "escapechar" { + if d.escapeSeen == true { + return errors.New("only one escape parser directive can be used") + } + d.escapeSeen = true + return d.setEscapeToken(tecMatch[i]) + } } } + + d.processingComplete = true return nil } @@ -213,34 +212,36 @@ func Parse(rwc io.Reader) (*Result, error) { var err error for scanner.Scan() { - bytes := scanner.Bytes() - switch currentLine { - case 0: - bytes, err = processFirstLine(d, bytes) - if err != nil { - return nil, err - } - default: - bytes = processLine(bytes, true) + bytesRead := scanner.Bytes() + if currentLine == 0 { + // First line, strip the byte-order-marker if present + bytesRead = bytes.TrimPrefix(bytesRead, utf8bom) + } + bytesRead, err = processLine(d, bytesRead, true) + if err != nil { + return nil, err } currentLine++ startLine := currentLine - line, isEndOfLine := trimContinuationCharacter(string(bytes), d) + line, isEndOfLine := trimContinuationCharacter(string(bytesRead), d) if isEndOfLine && line == "" { continue } for !isEndOfLine && scanner.Scan() { - bytes := processLine(scanner.Bytes(), false) + bytesRead, err := processLine(d, scanner.Bytes(), false) + if err != nil { + return nil, err + } currentLine++ // TODO: warn this is being deprecated/removed - if isEmptyContinuationLine(bytes) { + if isEmptyContinuationLine(bytesRead) { continue } - continuationLine := string(bytes) + continuationLine := string(bytesRead) continuationLine, isEndOfLine = trimContinuationCharacter(continuationLine, d) line += continuationLine } @@ -251,7 +252,6 @@ func Parse(rwc io.Reader) (*Result, error) { } root.AddChild(child, startLine, currentLine) } - return &Result{AST: root, EscapeToken: d.escapeToken}, nil } @@ -279,16 +279,10 @@ func trimContinuationCharacter(line string, d *Directive) (string, bool) { // TODO: remove stripLeftWhitespace after deprecation period. It seems silly // to preserve whitespace on continuation lines. Why is that done? -func processLine(token []byte, stripLeftWhitespace bool) []byte { +func processLine(d *Directive, token []byte, stripLeftWhitespace bool) ([]byte, error) { if stripLeftWhitespace { token = trimWhitespace(token) } - return trimComments(token) -} - -func processFirstLine(d *Directive, token []byte) ([]byte, error) { - token = bytes.TrimPrefix(token, utf8bom) - token = trimWhitespace(token) - err := d.processLine(string(token)) + err := d.possibleParserDirective(string(token)) return trimComments(token), err } From e17da4238989308586e3b3bc09b1c610967ad09b Mon Sep 17 00:00:00 2001 From: Naveed Jamil Date: Wed, 31 May 2017 21:40:41 +0500 Subject: [PATCH 015/191] Add test coverage to pkg/signal Signed-off-by: Naveed Jamil Upstream-commit: 4b0df45c1a261354f10abb151b9acfa6b61f517d Component: engine --- .../engine/pkg/signal/signal_linux_test.go | 58 +++++++++++++++++++ components/engine/pkg/signal/signal_test.go | 33 +++++++++++ 2 files changed, 91 insertions(+) create mode 100644 components/engine/pkg/signal/signal_linux_test.go create mode 100644 components/engine/pkg/signal/signal_test.go diff --git a/components/engine/pkg/signal/signal_linux_test.go b/components/engine/pkg/signal/signal_linux_test.go new file mode 100644 index 0000000000..32c056fe49 --- /dev/null +++ b/components/engine/pkg/signal/signal_linux_test.go @@ -0,0 +1,58 @@ +// +build darwin linux solaris + +package signal + +import ( + "os" + "syscall" + "testing" + "time" + + "github.com/stretchr/testify/assert" +) + +func TestCatchAll(t *testing.T) { + sigs := make(chan os.Signal, 1) + CatchAll(sigs) + defer StopCatch(sigs) + + listOfSignals := map[string]string{ + "CONT": syscall.SIGCONT.String(), + "HUP": syscall.SIGHUP.String(), + "CHLD": syscall.SIGCHLD.String(), + "ILL": syscall.SIGILL.String(), + "FPE": syscall.SIGFPE.String(), + "CLD": syscall.SIGCLD.String(), + } + + for sigStr := range listOfSignals { + signal, ok := SignalMap[sigStr] + if ok { + go func() { + time.Sleep(1 * time.Millisecond) + syscall.Kill(syscall.Getpid(), signal) + }() + + s := <-sigs + assert.EqualValues(t, s.String(), signal.String()) + } + + } +} + +func TestStopCatch(t *testing.T) { + signal, _ := SignalMap["HUP"] + channel := make(chan os.Signal, 1) + CatchAll(channel) + go func() { + + time.Sleep(1 * time.Millisecond) + syscall.Kill(syscall.Getpid(), signal) + }() + signalString := <-channel + assert.EqualValues(t, signalString.String(), signal.String()) + + StopCatch(channel) + _, ok := <-channel + assert.EqualValues(t, ok, false) +} diff --git a/components/engine/pkg/signal/signal_test.go b/components/engine/pkg/signal/signal_test.go new file mode 100644 index 0000000000..df02f5bed1 --- /dev/null +++ b/components/engine/pkg/signal/signal_test.go @@ -0,0 +1,33 @@ +package signal + +import ( + "syscall" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestParseSignal(t *testing.T) { + _, checkAtoiError := ParseSignal("0") + assert.EqualError(t, checkAtoiError, "Invalid signal: 0") + + _, error := ParseSignal("SIG") + assert.EqualError(t, error, "Invalid signal: SIG") + + for sigStr := range SignalMap { + responseSignal, error := ParseSignal(sigStr) + assert.NoError(t, error) + signal := SignalMap[sigStr] + assert.EqualValues(t, signal, responseSignal) + } +} + +func TestValidSignalForPlatform(t *testing.T) { + isValidSignal := ValidSignalForPlatform(syscall.Signal(0)) + assert.EqualValues(t, false, isValidSignal) + + for _, sigN := range SignalMap { + isValidSignal = ValidSignalForPlatform(syscall.Signal(sigN)) + assert.EqualValues(t, true, isValidSignal) + } +} From 52c11cb15245772fd34e0148554c15f2cc5ba735 Mon Sep 17 00:00:00 2001 From: Wentao Zhang Date: Wed, 24 May 2017 00:40:33 +0800 Subject: [PATCH 016/191] Fix delete a image while saving it, delete successfully but failed to save it Issue Description: * 1. Saving more than one images, `docker save -o a.tar aaa bbb` * 2. Delete the last image which in saving progress. `docker rmi bbb` Espected: Saving images operation shouldn't be disturbed. But the real result is that failed to save image and get an error as below: `Error response from daemon: open /var/lib/docker/image/devicemapper/imagedb/content/sha256/7c24e4d533a76e801662ad1b7e6e06bc1204f80110b5623e96ba2877c51479a1: no such file or directory` Analysis: 1. While saving more than one images, it will get all the image info from reference/imagestore, and then using the `cached data` to save the images to a tar file. 2. But this process doesn't have a resource lock, if a deletion operation comes, the image will be deleted, so saving operation will fail. Solution: When begin to save an image, `Get` all the layers first. then the deletion operation won't delete the layers. Signed-off-by: Wentao Zhang Upstream-commit: 4a014e6b0d7e2d310ee1ba442128a6802559a63a Component: engine --- components/engine/image/tarexport/save.go | 87 +++++++++++++++++------ 1 file changed, 67 insertions(+), 20 deletions(-) diff --git a/components/engine/image/tarexport/save.go b/components/engine/image/tarexport/save.go index 8d33a58724..d304a54c34 100644 --- a/components/engine/image/tarexport/save.go +++ b/components/engine/image/tarexport/save.go @@ -21,8 +21,10 @@ import ( ) type imageDescriptor struct { - refs []reference.NamedTagged - layers []string + refs []reference.NamedTagged + layers []string + image *image.Image + layerRef layer.Layer } type saveSession struct { @@ -39,33 +41,47 @@ func (l *tarexporter) Save(names []string, outStream io.Writer) error { return err } + // Release all the image top layer references + defer l.releaseLayerReferences(images) return (&saveSession{tarexporter: l, images: images}).save(outStream) } -func (l *tarexporter) parseNames(names []string) (map[image.ID]*imageDescriptor, error) { +// parseNames will parse the image names to a map which contains image.ID to *imageDescriptor. +// Each imageDescriptor holds an image top layer reference named 'layerRef'. It is taken here, should be released later. +func (l *tarexporter) parseNames(names []string) (desc map[image.ID]*imageDescriptor, rErr error) { imgDescr := make(map[image.ID]*imageDescriptor) + defer func() { + if rErr != nil { + l.releaseLayerReferences(imgDescr) + } + }() - addAssoc := func(id image.ID, ref reference.Named) { + addAssoc := func(id image.ID, ref reference.Named) error { if _, ok := imgDescr[id]; !ok { - imgDescr[id] = &imageDescriptor{} + descr := &imageDescriptor{} + if err := l.takeLayerReference(id, descr); err != nil { + return err + } + imgDescr[id] = descr } if ref != nil { if _, ok := ref.(reference.Canonical); ok { - return + return nil } tagged, ok := reference.TagNameOnly(ref).(reference.NamedTagged) if !ok { - return + return nil } for _, t := range imgDescr[id].refs { if tagged.String() == t.String() { - return + return nil } } imgDescr[id].refs = append(imgDescr[id].refs, tagged) } + return nil } for _, name := range names { @@ -78,11 +94,9 @@ func (l *tarexporter) parseNames(names []string) (map[image.ID]*imageDescriptor, // Check if digest ID reference if digested, ok := ref.(reference.Digested); ok { id := image.IDFromDigest(digested.Digest()) - _, err := l.is.Get(id) - if err != nil { + if err := addAssoc(id, nil); err != nil { return nil, err } - addAssoc(id, nil) continue } return nil, errors.Errorf("invalid reference: %v", name) @@ -93,20 +107,26 @@ func (l *tarexporter) parseNames(names []string) (map[image.ID]*imageDescriptor, if err != nil { return nil, err } - addAssoc(imgID, nil) + if err := addAssoc(imgID, nil); err != nil { + return nil, err + } continue } if reference.IsNameOnly(namedRef) { assocs := l.rs.ReferencesByName(namedRef) for _, assoc := range assocs { - addAssoc(image.IDFromDigest(assoc.ID), assoc.Ref) + if err := addAssoc(image.IDFromDigest(assoc.ID), assoc.Ref); err != nil { + return nil, err + } } if len(assocs) == 0 { imgID, err := l.is.Search(name) if err != nil { return nil, err } - addAssoc(imgID, nil) + if err := addAssoc(imgID, nil); err != nil { + return nil, err + } } continue } @@ -114,12 +134,43 @@ func (l *tarexporter) parseNames(names []string) (map[image.ID]*imageDescriptor, if err != nil { return nil, err } - addAssoc(image.IDFromDigest(id), namedRef) + if err := addAssoc(image.IDFromDigest(id), namedRef); err != nil { + return nil, err + } } return imgDescr, nil } +// takeLayerReference will take/Get the image top layer reference +func (l *tarexporter) takeLayerReference(id image.ID, imgDescr *imageDescriptor) error { + img, err := l.is.Get(id) + if err != nil { + return err + } + imgDescr.image = img + topLayerID := img.RootFS.ChainID() + if topLayerID == "" { + return nil + } + layer, err := l.ls.Get(topLayerID) + if err != nil { + return err + } + imgDescr.layerRef = layer + return nil +} + +// releaseLayerReferences will release all the image top layer references +func (l *tarexporter) releaseLayerReferences(imgDescr map[image.ID]*imageDescriptor) error { + for _, descr := range imgDescr { + if descr.layerRef != nil { + l.ls.Release(descr.layerRef) + } + } + return nil +} + func (s *saveSession) save(outStream io.Writer) error { s.savedLayers = make(map[string]struct{}) s.diffIDPaths = make(map[layer.DiffID]string) @@ -224,11 +275,7 @@ func (s *saveSession) save(outStream io.Writer) error { } func (s *saveSession) saveImage(id image.ID) (map[layer.DiffID]distribution.Descriptor, error) { - img, err := s.is.Get(id) - if err != nil { - return nil, err - } - + img := s.images[id].image if len(img.RootFS.DiffIDs) == 0 { return nil, fmt.Errorf("empty export - not implemented") } From 9d937bfa8854669c047e679fcbc15507134da064 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 1 Jun 2017 17:05:42 +0200 Subject: [PATCH 017/191] Update deprecated.md for removal of --email flag Signed-off-by: Sebastiaan van Stijn Upstream-commit: 43239f62bedc4721d27744d21c122622988bb3ae Component: engine --- components/engine/docs/deprecated.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/docs/deprecated.md b/components/engine/docs/deprecated.md index 7e0bfc0a60..e1e7e12645 100644 --- a/components/engine/docs/deprecated.md +++ b/components/engine/docs/deprecated.md @@ -138,7 +138,7 @@ on all subcommands (due to it conflicting with, e.g. `-h` / `--hostname` on ### `-e` and `--email` flags on `docker login` **Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)** -**Target For Removal In Release: v17.06** +**Removed In Release: [v17.06](https://github.com/docker/docker-ce/releases/tag/v17.06.0-ce)** The docker login command is removing the ability to automatically register for an account with the target registry if the given username doesn't exist. Due to this change, the email flag is no longer required, and will be deprecated. From 008c8eb2066f93f93ca696bec5f255ac529b653d Mon Sep 17 00:00:00 2001 From: Pavel Tikhomirov Date: Thu, 1 Jun 2017 14:01:55 +0300 Subject: [PATCH 018/191] Do not treat C.sysconf(C._SC_NPROCESSORS_ONLN) non-zero errno as error Treat return code -1 as error instead. People from glibc say that errno is undefined in case of successful sysconf call according to POSIX standard: Glibc bug: https://sourceware.org/bugzilla/show_bug.cgi?id=21536 More over in sysconf man it is wrongly said that "errno is not changed" on success. So I've created a bug to man-pages: https://bugzilla.kernel.org/show_bug.cgi?id=195955 Background: Glibc's sysconf(_SC_NPROCESSORS_ONLN) changes errno to ENOENT, if there is no /sys/devices/system/cpu/online file, while the call itself is successful. In Virtuozzo containers we prohibit most of sysfs files for security reasons. So we have Run():daemon /stats/collector.go infinitely loop never actualy collecting stats from publisher pairs. v2: add comment Signed-off-by: Pavel Tikhomirov Upstream-commit: dec084962eab41eb20b1808955de34cfec4fc8b3 Component: engine --- components/engine/daemon/stats/collector_unix.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/components/engine/daemon/stats/collector_unix.go b/components/engine/daemon/stats/collector_unix.go index 5ad9658690..cd522e07ce 100644 --- a/components/engine/daemon/stats/collector_unix.go +++ b/components/engine/daemon/stats/collector_unix.go @@ -72,7 +72,11 @@ func (s *Collector) getSystemCPUUsage() (uint64, error) { func (s *Collector) getNumberOnlineCPUs() (uint32, error) { i, err := C.sysconf(C._SC_NPROCESSORS_ONLN) - if err != nil { + // According to POSIX - errno is undefined after successful + // sysconf, and can be non-zero in several cases, so look for + // error in returned value not in errno. + // (https://sourceware.org/bugzilla/show_bug.cgi?id=21536) + if i == -1 { return 0, err } return uint32(i), nil From be69462c2881d45896c8e2d26a992f9d8cf2737d Mon Sep 17 00:00:00 2001 From: Kenfe-Mickael Laventure Date: Thu, 1 Jun 2017 09:35:30 -0700 Subject: [PATCH 019/191] Use actual cli version for TestConfigHTTPHeader Signed-off-by: Kenfe-Mickael Laventure Upstream-commit: 0b90edc22fa95e04b4d3208a72bb276be699b260 Component: engine --- components/engine/hack/make/.integration-daemon-start | 2 ++ components/engine/hack/make/.integration-test-helpers | 1 + components/engine/integration-cli/docker_cli_config_test.go | 3 +-- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/components/engine/hack/make/.integration-daemon-start b/components/engine/hack/make/.integration-daemon-start index 57101ffad0..c6f9ce8cc5 100644 --- a/components/engine/hack/make/.integration-daemon-start +++ b/components/engine/hack/make/.integration-daemon-start @@ -17,6 +17,8 @@ if ! command -v "$TEST_CLIENT_BINARY" &> /dev/null; then false fi +export DOCKER_CLI_VERSION=$(${TEST_CLIENT_BINARY} --version | awk '{ gsub(",", " "); print $3 }') + # This is a temporary hack for split-binary mode. It can be removed once # https://github.com/docker/docker/pull/22134 is merged into docker master if [ "$(go env GOOS)" = 'windows' ]; then diff --git a/components/engine/hack/make/.integration-test-helpers b/components/engine/hack/make/.integration-test-helpers index 6c099e4c72..4ff9677c79 100644 --- a/components/engine/hack/make/.integration-test-helpers +++ b/components/engine/hack/make/.integration-test-helpers @@ -60,6 +60,7 @@ test_env() { # use "env -i" to tightly control the environment variables that bleed into the tests env -i \ DEST="$DEST" \ + DOCKER_CLI_VERSION="$DOCKER_CLI_VERSION" \ DOCKER_API_VERSION="$DOCKER_API_VERSION" \ DOCKER_INTEGRATION_DAEMON_DEST="$DOCKER_INTEGRATION_DAEMON_DEST" \ DOCKER_TLS_VERIFY="$DOCKER_TEST_TLS_VERIFY" \ diff --git a/components/engine/integration-cli/docker_cli_config_test.go b/components/engine/integration-cli/docker_cli_config_test.go index 08521c171d..46fe456bd5 100644 --- a/components/engine/integration-cli/docker_cli_config_test.go +++ b/components/engine/integration-cli/docker_cli_config_test.go @@ -58,8 +58,7 @@ func (s *DockerSuite) TestConfigHTTPHeader(c *check.C) { c.Assert(headers["User-Agent"], checker.NotNil, check.Commentf("Missing User-Agent")) - //TODO(tiborvass): restore dockerversion.Version instead of library-import - c.Assert(headers["User-Agent"][0], checker.Equals, "Docker-Client/unknown-version ("+runtime.GOOS+")", check.Commentf("Badly formatted User-Agent,out:%v", result.Combined())) + c.Assert(headers["User-Agent"][0], checker.Equals, "Docker-Client/"+os.Getenv("DOCKER_CLI_VERSION")+" ("+runtime.GOOS+")", check.Commentf("Badly formatted User-Agent,out:%v", result.Combined())) c.Assert(headers["Myheader"], checker.NotNil) c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("Missing/bad header,out:%v", result.Combined())) From eb999c14d08874033f371c70bf7a886146089dca Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Mon, 29 May 2017 15:01:55 -0700 Subject: [PATCH 020/191] Add builder dev report for 2017-05-29 Signed-off-by: Tonis Tiigi Upstream-commit: 1e1ec2fbca9aa67882ebc722dbdbc50c54255660 Component: engine --- .../engine/reports/builder/2017-05-29.md | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 components/engine/reports/builder/2017-05-29.md diff --git a/components/engine/reports/builder/2017-05-29.md b/components/engine/reports/builder/2017-05-29.md new file mode 100644 index 0000000000..33043d9f3b --- /dev/null +++ b/components/engine/reports/builder/2017-05-29.md @@ -0,0 +1,52 @@ +# Development Report for May 29, 2017 + +### New feature: Long running session + +PR for [adding long-running session between daemon and cli](https://github.com/moby/moby/pull/32677) that enables advanced features like incremental context send, build credentials from the client, ssh forwarding, etc. is ready for reviews. It is blocking many new features like the token signing, not pulling unnecessary context files, exposing sources outside working directory, etc. Maintainers are encouraged to give this one a review! + + +### Quality: Dependency interface switch + +Work continues on making the builder dependency interface more stable. + +Merged as part of this effort this week: + +- [Refactor builder probe cache and container backend](https://github.com/moby/moby/pull/33061) + +@dnephin continues working on the copy/export aspects of the interface. + +### Buildkit + +Some initial proof of concept code for [buildkit](https://github.com/moby/moby/issues/32925) has been pushed to https://github.com/tonistiigi/buildkit_poc . It's in a very early exploratory stage. Current development has been about providing concurrent references based access to the snapshot data that is backed by containerd. More info should follow in next weeks, including hopefully opening up an official repo. If you have questions or want to help, stop by the issues section of that repo or the proposal in moby/moby. + +### Proposals discussed in maintainers meeting + +Reminder from last week: New builder proposals were discussed in maintainers meeting. The decision was to give 2 more weeks for anyone to post feedback to [IMPORT/EXPORT commands](https://github.com/moby/moby/issues/32100) and [`RUN --mount`](https://github.com/moby/moby/issues/32507) and accept them for development if nothing significant comes up. + +New issue about [build secrets](https://github.com/moby/moby/issues/33343) has not got much traction. If you want this feature to become a reality please make yourself heard. + +### Proposals for new Dockerfile features that need design feedback: + +[Add IMPORT/EXPORT commands to Dockerfile](https://github.com/moby/moby/issues/32100) + +[Add `DOCKEROS/DOCKERARCH` default ARG to Dockerfile](https://github.com/moby/moby/issues/32487) + +[Add support for `RUN --mount`](https://github.com/moby/moby/issues/32507) + +[DAG image builder](https://github.com/moby/moby/issues/32550) + +[Option to export the hash of the build context](https://github.com/moby/moby/issues/32963) (new) + +[Allow --cache-from=*](https://github.com/moby/moby/issues/33002#issuecomment-299041162) (new) + +If you are interested in implementing any of them, leave a comment on the specific issues. + +### Other new builder features currently in code-review: + +[Fix canceling builder on chunked requests](https://github.com/moby/moby/pull/33363) + +[Fix parser directive refactoring](https://github.com/moby/moby/pull/33436) + +[Warn/deprecate continuing on empty lines in `Dockerfile`](https://github.com/moby/moby/pull/29161) + +[Fix behavior of absolute paths in .dockerignore](https://github.com/moby/moby/pull/32088) \ No newline at end of file From 1fd0a9619a754b5591037b4954a9a5df038a4bc9 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Thu, 1 Jun 2017 13:34:31 -0700 Subject: [PATCH 021/191] Remove `cli/flags` package MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Moving the `common*.go` files in `cmd/dockerd` directly (it's the only place it's getting used) - Rename `cli/flags` to `cli/config` because it's the only thing left in that package 👼 Now, `integration-cli` does *truly* not depend on `cobra` stuff. Signed-off-by: Vincent Demeester Upstream-commit: 9ff9a91ab7f964f4e5042f94fe22dd50b5c3d832 Component: engine --- .../engine/cli/{flags => config}/configdir.go | 6 +- components/engine/cli/flags/client.go | 13 ---- components/engine/cmd/dockerd/daemon.go | 29 ++++---- components/engine/cmd/dockerd/daemon_test.go | 24 +++---- .../engine/cmd/dockerd/daemon_unix_test.go | 4 +- components/engine/cmd/dockerd/docker.go | 19 +----- .../common.go => cmd/dockerd/options.go} | 67 ++++++++++--------- .../dockerd/options_test.go} | 10 +-- .../engine/integration-cli/check_test.go | 4 +- .../integration-cli/docker_cli_push_test.go | 10 +-- .../integration-cli/trust_server_test.go | 4 +- 11 files changed, 84 insertions(+), 106 deletions(-) rename components/engine/cli/{flags => config}/configdir.go (68%) delete mode 100644 components/engine/cli/flags/client.go rename components/engine/{cli/flags/common.go => cmd/dockerd/options.go} (62%) rename components/engine/{cli/flags/common_test.go => cmd/dockerd/options_test.go} (80%) diff --git a/components/engine/cli/flags/configdir.go b/components/engine/cli/config/configdir.go similarity index 68% rename from components/engine/cli/flags/configdir.go rename to components/engine/cli/config/configdir.go index 5ac7b4fbb9..de22577811 100644 --- a/components/engine/cli/flags/configdir.go +++ b/components/engine/cli/config/configdir.go @@ -1,4 +1,4 @@ -package flags +package config import ( "os" @@ -12,9 +12,9 @@ var ( configFileDir = ".docker" ) -// ConfigurationDir returns the path to the configuration directory as specified by the DOCKER_CONFIG environment variable. +// Dir returns the path to the configuration directory as specified by the DOCKER_CONFIG environment variable. // TODO: this was copied from cli/config/configfile and should be removed once cmd/dockerd moves -func ConfigurationDir() string { +func Dir() string { return configDir } diff --git a/components/engine/cli/flags/client.go b/components/engine/cli/flags/client.go deleted file mode 100644 index 9b6940f6bd..0000000000 --- a/components/engine/cli/flags/client.go +++ /dev/null @@ -1,13 +0,0 @@ -package flags - -// ClientOptions are the options used to configure the client cli -type ClientOptions struct { - Common *CommonOptions - ConfigDir string - Version bool -} - -// NewClientOptions returns a new ClientOptions -func NewClientOptions() *ClientOptions { - return &ClientOptions{Common: NewCommonOptions()} -} diff --git a/components/engine/cmd/dockerd/daemon.go b/components/engine/cmd/dockerd/daemon.go index 5898df77f6..6fe92af210 100644 --- a/components/engine/cmd/dockerd/daemon.go +++ b/components/engine/cmd/dockerd/daemon.go @@ -27,7 +27,6 @@ import ( systemrouter "github.com/docker/docker/api/server/router/system" "github.com/docker/docker/api/server/router/volume" "github.com/docker/docker/cli/debug" - cliflags "github.com/docker/docker/cli/flags" "github.com/docker/docker/daemon" "github.com/docker/docker/daemon/cluster" "github.com/docker/docker/daemon/config" @@ -65,14 +64,14 @@ func NewDaemonCli() *DaemonCli { return &DaemonCli{} } -func (cli *DaemonCli) start(opts daemonOptions) (err error) { +func (cli *DaemonCli) start(opts *daemonOptions) (err error) { stopc := make(chan bool) defer close(stopc) // warn from uuid package when running the daemon uuid.Loggerf = logrus.Warnf - opts.common.SetDefaultOptions(opts.flags) + opts.SetDefaultOptions(opts.flags) if cli.Config, err = loadDaemonCliConfig(opts); err != nil { return err @@ -358,20 +357,20 @@ func shutdownDaemon(d *daemon.Daemon) { } } -func loadDaemonCliConfig(opts daemonOptions) (*config.Config, error) { +func loadDaemonCliConfig(opts *daemonOptions) (*config.Config, error) { conf := opts.daemonConfig flags := opts.flags - conf.Debug = opts.common.Debug - conf.Hosts = opts.common.Hosts - conf.LogLevel = opts.common.LogLevel - conf.TLS = opts.common.TLS - conf.TLSVerify = opts.common.TLSVerify + conf.Debug = opts.Debug + conf.Hosts = opts.Hosts + conf.LogLevel = opts.LogLevel + conf.TLS = opts.TLS + conf.TLSVerify = opts.TLSVerify conf.CommonTLSOptions = config.CommonTLSOptions{} - if opts.common.TLSOptions != nil { - conf.CommonTLSOptions.CAFile = opts.common.TLSOptions.CAFile - conf.CommonTLSOptions.CertFile = opts.common.TLSOptions.CertFile - conf.CommonTLSOptions.KeyFile = opts.common.TLSOptions.KeyFile + if opts.TLSOptions != nil { + conf.CommonTLSOptions.CAFile = opts.TLSOptions.CAFile + conf.CommonTLSOptions.CertFile = opts.TLSOptions.CertFile + conf.CommonTLSOptions.KeyFile = opts.TLSOptions.KeyFile } if conf.TrustKeyPath == "" { @@ -425,12 +424,12 @@ func loadDaemonCliConfig(opts daemonOptions) (*config.Config, error) { // Regardless of whether the user sets it to true or false, if they // specify TLSVerify at all then we need to turn on TLS - if conf.IsValueSet(cliflags.FlagTLSVerify) { + if conf.IsValueSet(FlagTLSVerify) { conf.TLS = true } // ensure that the log level is the one set after merging configurations - cliflags.SetLogLevel(conf.LogLevel) + setLogLevel(conf.LogLevel) return conf, nil } diff --git a/components/engine/cmd/dockerd/daemon_test.go b/components/engine/cmd/dockerd/daemon_test.go index c3ad617c78..7ae91fe1a7 100644 --- a/components/engine/cmd/dockerd/daemon_test.go +++ b/components/engine/cmd/dockerd/daemon_test.go @@ -4,7 +4,6 @@ import ( "testing" "github.com/Sirupsen/logrus" - cliflags "github.com/docker/docker/cli/flags" "github.com/docker/docker/daemon/config" "github.com/docker/docker/pkg/testutil" "github.com/docker/docker/pkg/testutil/tempfile" @@ -13,13 +12,10 @@ import ( "github.com/stretchr/testify/require" ) -func defaultOptions(configFile string) daemonOptions { - opts := daemonOptions{ - daemonConfig: &config.Config{}, - flags: &pflag.FlagSet{}, - common: cliflags.NewCommonOptions(), - } - opts.common.InstallFlags(opts.flags) +func defaultOptions(configFile string) *daemonOptions { + opts := newDaemonOptions(&config.Config{}) + opts.flags = &pflag.FlagSet{} + opts.InstallFlags(opts.flags) installConfigFlags(opts.daemonConfig, opts.flags) opts.flags.StringVar(&opts.configFile, "config-file", defaultDaemonConfigFile, "") opts.configFile = configFile @@ -28,7 +24,7 @@ func defaultOptions(configFile string) daemonOptions { func TestLoadDaemonCliConfigWithoutOverriding(t *testing.T) { opts := defaultOptions("") - opts.common.Debug = true + opts.Debug = true loadedConfig, err := loadDaemonCliConfig(opts) require.NoError(t, err) @@ -40,8 +36,8 @@ func TestLoadDaemonCliConfigWithoutOverriding(t *testing.T) { func TestLoadDaemonCliConfigWithTLS(t *testing.T) { opts := defaultOptions("") - opts.common.TLSOptions.CAFile = "/tmp/ca.pem" - opts.common.TLS = true + opts.TLSOptions.CAFile = "/tmp/ca.pem" + opts.TLS = true loadedConfig, err := loadDaemonCliConfig(opts) require.NoError(t, err) @@ -70,7 +66,7 @@ func TestLoadDaemonCliConfigWithTLSVerify(t *testing.T) { defer tempFile.Remove() opts := defaultOptions(tempFile.Name()) - opts.common.TLSOptions.CAFile = "/tmp/ca.pem" + opts.TLSOptions.CAFile = "/tmp/ca.pem" loadedConfig, err := loadDaemonCliConfig(opts) require.NoError(t, err) @@ -83,7 +79,7 @@ func TestLoadDaemonCliConfigWithExplicitTLSVerifyFalse(t *testing.T) { defer tempFile.Remove() opts := defaultOptions(tempFile.Name()) - opts.common.TLSOptions.CAFile = "/tmp/ca.pem" + opts.TLSOptions.CAFile = "/tmp/ca.pem" loadedConfig, err := loadDaemonCliConfig(opts) require.NoError(t, err) @@ -96,7 +92,7 @@ func TestLoadDaemonCliConfigWithoutTLSVerify(t *testing.T) { defer tempFile.Remove() opts := defaultOptions(tempFile.Name()) - opts.common.TLSOptions.CAFile = "/tmp/ca.pem" + opts.TLSOptions.CAFile = "/tmp/ca.pem" loadedConfig, err := loadDaemonCliConfig(opts) require.NoError(t, err) diff --git a/components/engine/cmd/dockerd/daemon_unix_test.go b/components/engine/cmd/dockerd/daemon_unix_test.go index 4aaa758d53..18761493d0 100644 --- a/components/engine/cmd/dockerd/daemon_unix_test.go +++ b/components/engine/cmd/dockerd/daemon_unix_test.go @@ -20,8 +20,8 @@ func TestLoadDaemonCliConfigWithDaemonFlags(t *testing.T) { defer tempFile.Remove() opts := defaultOptions(tempFile.Name()) - opts.common.Debug = true - opts.common.LogLevel = "info" + opts.Debug = true + opts.LogLevel = "info" assert.NoError(t, opts.flags.Set("selinux-enabled", "true")) loadedConfig, err := loadDaemonCliConfig(opts) diff --git a/components/engine/cmd/dockerd/docker.go b/components/engine/cmd/dockerd/docker.go index c0bc965674..8a5c8f5433 100644 --- a/components/engine/cmd/dockerd/docker.go +++ b/components/engine/cmd/dockerd/docker.go @@ -8,28 +8,15 @@ import ( "github.com/Sirupsen/logrus" "github.com/docker/docker/cli" - cliflags "github.com/docker/docker/cli/flags" "github.com/docker/docker/daemon/config" "github.com/docker/docker/dockerversion" "github.com/docker/docker/pkg/reexec" "github.com/docker/docker/pkg/term" "github.com/spf13/cobra" - "github.com/spf13/pflag" ) -type daemonOptions struct { - version bool - configFile string - daemonConfig *config.Config - common *cliflags.CommonOptions - flags *pflag.FlagSet -} - func newDaemonCommand() *cobra.Command { - opts := daemonOptions{ - daemonConfig: config.New(), - common: cliflags.NewCommonOptions(), - } + opts := newDaemonOptions(config.New()) cmd := &cobra.Command{ Use: "dockerd [OPTIONS]", @@ -47,14 +34,14 @@ func newDaemonCommand() *cobra.Command { flags := cmd.Flags() flags.BoolVarP(&opts.version, "version", "v", false, "Print version information and quit") flags.StringVar(&opts.configFile, "config-file", defaultDaemonConfigFile, "Daemon configuration file") - opts.common.InstallFlags(flags) + opts.InstallFlags(flags) installConfigFlags(opts.daemonConfig, flags) installServiceFlags(flags) return cmd } -func runDaemon(opts daemonOptions) error { +func runDaemon(opts *daemonOptions) error { if opts.version { showVersion() return nil diff --git a/components/engine/cli/flags/common.go b/components/engine/cmd/dockerd/options.go similarity index 62% rename from components/engine/cli/flags/common.go rename to components/engine/cmd/dockerd/options.go index 38a793c402..629b0223e9 100644 --- a/components/engine/cli/flags/common.go +++ b/components/engine/cmd/dockerd/options.go @@ -1,4 +1,4 @@ -package flags +package main import ( "fmt" @@ -6,6 +6,8 @@ import ( "path/filepath" "github.com/Sirupsen/logrus" + cliconfig "github.com/docker/docker/cli/config" + "github.com/docker/docker/daemon/config" "github.com/docker/docker/opts" "github.com/docker/go-connections/tlsconfig" "github.com/spf13/pflag" @@ -27,64 +29,69 @@ var ( dockerTLSVerify = os.Getenv("DOCKER_TLS_VERIFY") != "" ) -// CommonOptions are options common to both the client and the daemon. -type CommonOptions struct { - Debug bool - Hosts []string - LogLevel string - TLS bool - TLSVerify bool - TLSOptions *tlsconfig.Options +type daemonOptions struct { + version bool + configFile string + daemonConfig *config.Config + flags *pflag.FlagSet + Debug bool + Hosts []string + LogLevel string + TLS bool + TLSVerify bool + TLSOptions *tlsconfig.Options } -// NewCommonOptions returns a new CommonOptions -func NewCommonOptions() *CommonOptions { - return &CommonOptions{} +// newDaemonOptions returns a new daemonFlags +func newDaemonOptions(config *config.Config) *daemonOptions { + return &daemonOptions{ + daemonConfig: config, + } } // InstallFlags adds flags for the common options on the FlagSet -func (commonOpts *CommonOptions) InstallFlags(flags *pflag.FlagSet) { +func (o *daemonOptions) InstallFlags(flags *pflag.FlagSet) { if dockerCertPath == "" { - dockerCertPath = ConfigurationDir() + dockerCertPath = cliconfig.Dir() } - flags.BoolVarP(&commonOpts.Debug, "debug", "D", false, "Enable debug mode") - flags.StringVarP(&commonOpts.LogLevel, "log-level", "l", "info", `Set the logging level ("debug"|"info"|"warn"|"error"|"fatal")`) - flags.BoolVar(&commonOpts.TLS, "tls", false, "Use TLS; implied by --tlsverify") - flags.BoolVar(&commonOpts.TLSVerify, FlagTLSVerify, dockerTLSVerify, "Use TLS and verify the remote") + flags.BoolVarP(&o.Debug, "debug", "D", false, "Enable debug mode") + flags.StringVarP(&o.LogLevel, "log-level", "l", "info", `Set the logging level ("debug"|"info"|"warn"|"error"|"fatal")`) + flags.BoolVar(&o.TLS, "tls", false, "Use TLS; implied by --tlsverify") + flags.BoolVar(&o.TLSVerify, FlagTLSVerify, dockerTLSVerify, "Use TLS and verify the remote") // TODO use flag flags.String("identity"}, "i", "", "Path to libtrust key file") - commonOpts.TLSOptions = &tlsconfig.Options{ + o.TLSOptions = &tlsconfig.Options{ CAFile: filepath.Join(dockerCertPath, DefaultCaFile), CertFile: filepath.Join(dockerCertPath, DefaultCertFile), KeyFile: filepath.Join(dockerCertPath, DefaultKeyFile), } - tlsOptions := commonOpts.TLSOptions + tlsOptions := o.TLSOptions flags.Var(opts.NewQuotedString(&tlsOptions.CAFile), "tlscacert", "Trust certs signed only by this CA") flags.Var(opts.NewQuotedString(&tlsOptions.CertFile), "tlscert", "Path to TLS certificate file") flags.Var(opts.NewQuotedString(&tlsOptions.KeyFile), "tlskey", "Path to TLS key file") - hostOpt := opts.NewNamedListOptsRef("hosts", &commonOpts.Hosts, opts.ValidateHost) + hostOpt := opts.NewNamedListOptsRef("hosts", &o.Hosts, opts.ValidateHost) flags.VarP(hostOpt, "host", "H", "Daemon socket(s) to connect to") } // SetDefaultOptions sets default values for options after flag parsing is // complete -func (commonOpts *CommonOptions) SetDefaultOptions(flags *pflag.FlagSet) { +func (o *daemonOptions) SetDefaultOptions(flags *pflag.FlagSet) { // Regardless of whether the user sets it to true or false, if they // specify --tlsverify at all then we need to turn on TLS // TLSVerify can be true even if not set due to DOCKER_TLS_VERIFY env var, so we need // to check that here as well - if flags.Changed(FlagTLSVerify) || commonOpts.TLSVerify { - commonOpts.TLS = true + if flags.Changed(FlagTLSVerify) || o.TLSVerify { + o.TLS = true } - if !commonOpts.TLS { - commonOpts.TLSOptions = nil + if !o.TLS { + o.TLSOptions = nil } else { - tlsOptions := commonOpts.TLSOptions - tlsOptions.InsecureSkipVerify = !commonOpts.TLSVerify + tlsOptions := o.TLSOptions + tlsOptions.InsecureSkipVerify = !o.TLSVerify // Reset CertFile and KeyFile to empty string if the user did not specify // the respective flags and the respective default files were not found. @@ -101,8 +108,8 @@ func (commonOpts *CommonOptions) SetDefaultOptions(flags *pflag.FlagSet) { } } -// SetLogLevel sets the logrus logging level -func SetLogLevel(logLevel string) { +// setLogLevel sets the logrus logging level +func setLogLevel(logLevel string) { if logLevel != "" { lvl, err := logrus.ParseLevel(logLevel) if err != nil { diff --git a/components/engine/cli/flags/common_test.go b/components/engine/cmd/dockerd/options_test.go similarity index 80% rename from components/engine/cli/flags/common_test.go rename to components/engine/cmd/dockerd/options_test.go index 52aa3d8b54..c3298a0ac6 100644 --- a/components/engine/cli/flags/common_test.go +++ b/components/engine/cmd/dockerd/options_test.go @@ -1,16 +1,18 @@ -package flags +package main import ( "path/filepath" "testing" + cliconfig "github.com/docker/docker/cli/config" + "github.com/docker/docker/daemon/config" "github.com/spf13/pflag" "github.com/stretchr/testify/assert" ) func TestCommonOptionsInstallFlags(t *testing.T) { flags := pflag.NewFlagSet("testing", pflag.ContinueOnError) - opts := NewCommonOptions() + opts := newDaemonOptions(&config.Config{}) opts.InstallFlags(flags) err := flags.Parse([]string{ @@ -25,12 +27,12 @@ func TestCommonOptionsInstallFlags(t *testing.T) { } func defaultPath(filename string) string { - return filepath.Join(ConfigurationDir(), filename) + return filepath.Join(cliconfig.Dir(), filename) } func TestCommonOptionsInstallFlagsWithDefaults(t *testing.T) { flags := pflag.NewFlagSet("testing", pflag.ContinueOnError) - opts := NewCommonOptions() + opts := newDaemonOptions(&config.Config{}) opts.InstallFlags(flags) err := flags.Parse([]string{}) diff --git a/components/engine/integration-cli/check_test.go b/components/engine/integration-cli/check_test.go index a1927e4c9a..cc3b80c94f 100644 --- a/components/engine/integration-cli/check_test.go +++ b/components/engine/integration-cli/check_test.go @@ -12,7 +12,7 @@ import ( "testing" "github.com/docker/docker/api/types/swarm" - "github.com/docker/docker/cli/flags" + "github.com/docker/docker/cli/config" "github.com/docker/docker/integration-cli/cli" "github.com/docker/docker/integration-cli/cli/build/fakestorage" "github.com/docker/docker/integration-cli/daemon" @@ -406,7 +406,7 @@ func (s *DockerTrustSuite) TearDownTest(c *check.C) { } // Remove trusted keys and metadata after test - os.RemoveAll(filepath.Join(flags.ConfigurationDir(), "trust")) + os.RemoveAll(filepath.Join(config.Dir(), "trust")) s.ds.TearDownTest(c) } diff --git a/components/engine/integration-cli/docker_cli_push_test.go b/components/engine/integration-cli/docker_cli_push_test.go index f0548e6907..2ae206df7d 100644 --- a/components/engine/integration-cli/docker_cli_push_test.go +++ b/components/engine/integration-cli/docker_cli_push_test.go @@ -12,7 +12,7 @@ import ( "sync" "github.com/docker/distribution/reference" - "github.com/docker/docker/cli/flags" + "github.com/docker/docker/cli/config" "github.com/docker/docker/integration-cli/checker" "github.com/docker/docker/integration-cli/cli" "github.com/docker/docker/integration-cli/cli/build" @@ -294,7 +294,7 @@ func (s *DockerTrustSuite) TestTrustedPush(c *check.C) { }) // Assert that we rotated the snapshot key to the server by checking our local keystore - contents, err := ioutil.ReadDir(filepath.Join(flags.ConfigurationDir(), "trust/private/tuf_keys", privateRegistryURL, "dockerclitrusted/pushtest")) + contents, err := ioutil.ReadDir(filepath.Join(config.Dir(), "trust/private/tuf_keys", privateRegistryURL, "dockerclitrusted/pushtest")) c.Assert(err, check.IsNil, check.Commentf("Unable to read local tuf key files")) // Check that we only have 1 key (targets key) c.Assert(contents, checker.HasLen, 1) @@ -399,7 +399,7 @@ func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegationOnly(c *check.C) s.assertTargetNotInRoles(c, repoName, "latest", "targets") // Try pull after push - os.RemoveAll(filepath.Join(flags.ConfigurationDir(), "trust")) + os.RemoveAll(filepath.Join(config.Dir(), "trust")) cli.Docker(cli.Args("pull", targetName), trustedCmd).Assert(c, icmd.Expected{ Out: "Status: Image is up to date", @@ -436,7 +436,7 @@ func (s *DockerTrustSuite) TestTrustedPushSignsAllFirstLevelRolesWeHaveKeysFor(c s.assertTargetNotInRoles(c, repoName, "latest", "targets") // Try pull after push - os.RemoveAll(filepath.Join(flags.ConfigurationDir(), "trust")) + os.RemoveAll(filepath.Join(config.Dir(), "trust")) // pull should fail because none of these are the releases role cli.Docker(cli.Args("pull", targetName), trustedCmd).Assert(c, icmd.Expected{ @@ -472,7 +472,7 @@ func (s *DockerTrustSuite) TestTrustedPushSignsForRolesWithKeysAndValidPaths(c * s.assertTargetNotInRoles(c, repoName, "latest", "targets") // Try pull after push - os.RemoveAll(filepath.Join(flags.ConfigurationDir(), "trust")) + os.RemoveAll(filepath.Join(config.Dir(), "trust")) // pull should fail because none of these are the releases role cli.Docker(cli.Args("pull", targetName), trustedCmd).Assert(c, icmd.Expected{ diff --git a/components/engine/integration-cli/trust_server_test.go b/components/engine/integration-cli/trust_server_test.go index d1eb62e794..e3f0674cf3 100644 --- a/components/engine/integration-cli/trust_server_test.go +++ b/components/engine/integration-cli/trust_server_test.go @@ -11,7 +11,7 @@ import ( "strings" "time" - "github.com/docker/docker/cli/flags" + cliconfig "github.com/docker/docker/cli/config" "github.com/docker/docker/integration-cli/checker" "github.com/docker/docker/integration-cli/cli" icmd "github.com/docker/docker/pkg/testutil/cmd" @@ -108,7 +108,7 @@ func newTestNotary(c *check.C) (*testNotary, error) { "skipTLSVerify": true } }` - if _, err = fmt.Fprintf(clientConfig, template, filepath.Join(flags.ConfigurationDir(), "trust"), notaryURL); err != nil { + if _, err = fmt.Fprintf(clientConfig, template, filepath.Join(cliconfig.Dir(), "trust"), notaryURL); err != nil { os.RemoveAll(tmp) return nil, err } From a1a5b0a48d9d5233f5ffb2ead7ee492a7c2d42a4 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Thu, 1 Jun 2017 16:22:00 -0700 Subject: [PATCH 022/191] move multireader out of /pkg Signed-off-by: Victor Vieux Upstream-commit: 2445e6b99d4beecb25d556d9a099bdf47703e174 Component: engine --- .../logger/jsonfilelog/multireader}/multireader.go | 2 +- .../logger/jsonfilelog/multireader}/multireader_test.go | 2 +- components/engine/daemon/logger/jsonfilelog/read.go | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) rename components/engine/{pkg/ioutils => daemon/logger/jsonfilelog/multireader}/multireader.go (99%) rename components/engine/{pkg/ioutils => daemon/logger/jsonfilelog/multireader}/multireader_test.go (99%) diff --git a/components/engine/pkg/ioutils/multireader.go b/components/engine/daemon/logger/jsonfilelog/multireader/multireader.go similarity index 99% rename from components/engine/pkg/ioutils/multireader.go rename to components/engine/daemon/logger/jsonfilelog/multireader/multireader.go index edb043ddc3..06a7307ce4 100644 --- a/components/engine/pkg/ioutils/multireader.go +++ b/components/engine/daemon/logger/jsonfilelog/multireader/multireader.go @@ -1,4 +1,4 @@ -package ioutils +package multireader import ( "bytes" diff --git a/components/engine/pkg/ioutils/multireader_test.go b/components/engine/daemon/logger/jsonfilelog/multireader/multireader_test.go similarity index 99% rename from components/engine/pkg/ioutils/multireader_test.go rename to components/engine/daemon/logger/jsonfilelog/multireader/multireader_test.go index 0604739897..bd59b78ca7 100644 --- a/components/engine/pkg/ioutils/multireader_test.go +++ b/components/engine/daemon/logger/jsonfilelog/multireader/multireader_test.go @@ -1,4 +1,4 @@ -package ioutils +package multireader import ( "bytes" diff --git a/components/engine/daemon/logger/jsonfilelog/read.go b/components/engine/daemon/logger/jsonfilelog/read.go index 9f282eafbb..312aa551d0 100644 --- a/components/engine/daemon/logger/jsonfilelog/read.go +++ b/components/engine/daemon/logger/jsonfilelog/read.go @@ -14,8 +14,8 @@ import ( "github.com/Sirupsen/logrus" "github.com/docker/docker/daemon/logger" + "github.com/docker/docker/daemon/logger/jsonfilelog/multireader" "github.com/docker/docker/pkg/filenotify" - "github.com/docker/docker/pkg/ioutils" "github.com/docker/docker/pkg/jsonlog" "github.com/docker/docker/pkg/tailfile" ) @@ -77,7 +77,7 @@ func (l *JSONFileLogger) readLogs(logWatcher *logger.LogWatcher, config logger.R defer latestFile.Close() if config.Tail != 0 { - tailer := ioutils.MultiReadSeeker(append(files, latestFile)...) + tailer := multireader.MultiReadSeeker(append(files, latestFile)...) tailFile(tailer, logWatcher, config.Tail, config.Since) } From b6073e5ee67c44bb948b55ad3715e30a83e3c546 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 2 Jun 2017 10:13:06 +1000 Subject: [PATCH 023/191] Fix incorrect assert message in TestReadProcBool Closes #33480. Signed-off-by: Tim Potter Upstream-commit: cd457e7885ecb0b00e91162113ce597f131c8386 Component: engine --- components/engine/pkg/sysinfo/sysinfo_linux_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/pkg/sysinfo/sysinfo_linux_test.go b/components/engine/pkg/sysinfo/sysinfo_linux_test.go index fae0fdffbb..b7432eb706 100644 --- a/components/engine/pkg/sysinfo/sysinfo_linux_test.go +++ b/components/engine/pkg/sysinfo/sysinfo_linux_test.go @@ -28,7 +28,7 @@ func TestReadProcBool(t *testing.T) { t.Fatal(err) } if readProcBool(procFile) { - t.Fatal("expected proc bool to be false, got false") + t.Fatal("expected proc bool to be false, got true") } if readProcBool(path.Join(tmpDir, "no-exist")) { From f9502cbcaf0f374cca5f1fcb09684de2d9d0c6c5 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 2 Jun 2017 12:27:10 +1000 Subject: [PATCH 024/191] Use octal values for file mode in filenotify poller and sysinfo_linux tests Closes #33484. Signed-off-by: Tim Potter Upstream-commit: c35ea6b2cda8ac68f2b4a9f6471ca7e09865a6ee Component: engine --- components/engine/pkg/filenotify/poller_test.go | 2 +- components/engine/pkg/sysinfo/sysinfo_linux_test.go | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/engine/pkg/filenotify/poller_test.go b/components/engine/pkg/filenotify/poller_test.go index b74bd935a0..d854201991 100644 --- a/components/engine/pkg/filenotify/poller_test.go +++ b/components/engine/pkg/filenotify/poller_test.go @@ -61,7 +61,7 @@ func TestPollerEvent(t *testing.T) { default: } - if err := ioutil.WriteFile(f.Name(), []byte("hello"), 644); err != nil { + if err := ioutil.WriteFile(f.Name(), []byte("hello"), 0644); err != nil { t.Fatal(err) } if err := assertEvent(w, fsnotify.Write); err != nil { diff --git a/components/engine/pkg/sysinfo/sysinfo_linux_test.go b/components/engine/pkg/sysinfo/sysinfo_linux_test.go index fae0fdffbb..849e8f5cdc 100644 --- a/components/engine/pkg/sysinfo/sysinfo_linux_test.go +++ b/components/engine/pkg/sysinfo/sysinfo_linux_test.go @@ -16,7 +16,7 @@ func TestReadProcBool(t *testing.T) { defer os.RemoveAll(tmpDir) procFile := filepath.Join(tmpDir, "read-proc-bool") - if err := ioutil.WriteFile(procFile, []byte("1"), 644); err != nil { + if err := ioutil.WriteFile(procFile, []byte("1"), 0644); err != nil { t.Fatal(err) } @@ -24,7 +24,7 @@ func TestReadProcBool(t *testing.T) { t.Fatal("expected proc bool to be true, got false") } - if err := ioutil.WriteFile(procFile, []byte("0"), 644); err != nil { + if err := ioutil.WriteFile(procFile, []byte("0"), 0644); err != nil { t.Fatal(err) } if readProcBool(procFile) { @@ -48,7 +48,7 @@ func TestCgroupEnabled(t *testing.T) { t.Fatal("cgroupEnabled should be false") } - if err := ioutil.WriteFile(path.Join(cgroupDir, "test"), []byte{}, 644); err != nil { + if err := ioutil.WriteFile(path.Join(cgroupDir, "test"), []byte{}, 0644); err != nil { t.Fatal(err) } From 080b2a353f928f1478277ef785a1996f67f0c5e5 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 14 Dec 2016 21:21:18 +0000 Subject: [PATCH 025/191] Remove btrfs quota groups after containers destroyed This fix tries to address the issue raised in 29325 where btrfs quota groups are not clean up even after containers have been destroyed. The reason for the issue is that btrfs quota groups have to be explicitly destroyed. This fix fixes this issue. This fix is tested manually in Ubuntu 16.04, with steps specified in 29325. This fix fixes 29325. Signed-off-by: Yong Tang Upstream-commit: e907c6418a2ae7754f69fede5897a7176250e8bd Component: engine --- .../engine/daemon/graphdriver/btrfs/btrfs.go | 99 +++++++++++++++---- 1 file changed, 79 insertions(+), 20 deletions(-) diff --git a/components/engine/daemon/graphdriver/btrfs/btrfs.go b/components/engine/daemon/graphdriver/btrfs/btrfs.go index 2ff41a0b8b..63c68dc6a2 100644 --- a/components/engine/daemon/graphdriver/btrfs/btrfs.go +++ b/components/engine/daemon/graphdriver/btrfs/btrfs.go @@ -16,13 +16,16 @@ import "C" import ( "fmt" + "math" "os" "path" "path/filepath" "strings" + "sync" "syscall" "unsafe" + "github.com/Sirupsen/logrus" "github.com/docker/docker/daemon/graphdriver" "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/mount" @@ -119,6 +122,7 @@ type Driver struct { gidMaps []idtools.IDMap options btrfsOptions quotaEnabled bool + once sync.Once } // String prints the name of the driver (btrfs). @@ -237,7 +241,7 @@ func isSubvolume(p string) (bool, error) { return bufStat.Ino == C.BTRFS_FIRST_FREE_OBJECTID, nil } -func subvolDelete(dirpath, name string) error { +func subvolDelete(dirpath, name string, quotaEnabled bool) error { dir, err := openDir(dirpath) if err != nil { return err @@ -265,7 +269,7 @@ func subvolDelete(dirpath, name string) error { return fmt.Errorf("Failed to test if %s is a btrfs subvolume: %v", p, err) } if sv { - if err := subvolDelete(path.Dir(p), f.Name()); err != nil { + if err := subvolDelete(path.Dir(p), f.Name(), quotaEnabled); err != nil { return fmt.Errorf("Failed to destroy btrfs child subvolume (%s) of parent (%s): %v", p, dirpath, err) } } @@ -276,6 +280,21 @@ func subvolDelete(dirpath, name string) error { return fmt.Errorf("Recursively walking subvolumes for %s failed: %v", dirpath, err) } + if quotaEnabled { + if qgroupid, err := subvolLookupQgroup(fullPath); err == nil { + var args C.struct_btrfs_ioctl_qgroup_create_args + args.qgroupid = C.__u64(qgroupid) + + _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QGROUP_CREATE, + uintptr(unsafe.Pointer(&args))) + if errno != 0 { + logrus.Errorf("Failed to delete btrfs qgroup %v for %s: %v", qgroupid, fullPath, errno.Error()) + } + } else { + logrus.Errorf("Failed to lookup btrfs qgroup for %s: %v", fullPath, err.Error()) + } + } + // all subvolumes have been removed // now remove the one originally passed in for i, c := range []byte(name) { @@ -289,15 +308,25 @@ func subvolDelete(dirpath, name string) error { return nil } +func (d *Driver) updateQuotaStatus() { + d.once.Do(func() { + if !d.quotaEnabled { + // In case quotaEnabled is not set, check qgroup and update quotaEnabled as needed + if err := subvolQgroupStatus(d.home); err != nil { + // quota is still not enabled + return + } + d.quotaEnabled = true + } + }) +} + func (d *Driver) subvolEnableQuota() error { + d.updateQuotaStatus() + if d.quotaEnabled { return nil } - // In case quotaEnabled is not set, check qgroup and update quotaEnabled as needed - if _, err := subvolLookupQgroup(d.home); err == nil { - d.quotaEnabled = true - return nil - } dir, err := openDir(d.home) if err != nil { @@ -319,13 +348,10 @@ func (d *Driver) subvolEnableQuota() error { } func (d *Driver) subvolDisableQuota() error { + d.updateQuotaStatus() + if !d.quotaEnabled { - // In case quotaEnabled is not set, check qgroup and update quotaEnabled as needed - if _, err := subvolLookupQgroup(d.home); err != nil { - // quota is still not enabled - return nil - } - d.quotaEnabled = true + return nil } dir, err := openDir(d.home) @@ -348,13 +374,10 @@ func (d *Driver) subvolDisableQuota() error { } func (d *Driver) subvolRescanQuota() error { + d.updateQuotaStatus() + if !d.quotaEnabled { - // In case quotaEnabled is not set, check qgroup and update quotaEnabled as needed - if _, err := subvolLookupQgroup(d.home); err != nil { - // quota is still not enabled - return nil - } - d.quotaEnabled = true + return nil } dir, err := openDir(d.home) @@ -392,6 +415,38 @@ func subvolLimitQgroup(path string, size uint64) error { return nil } +// subvolQgroupStatus performs a BTRFS_IOC_TREE_SEARCH on the root path +// with search key of BTRFS_QGROUP_STATUS_KEY. +// In case qgroup is enabled, the retuned key type will match BTRFS_QGROUP_STATUS_KEY. +// For more details please see https://github.com/kdave/btrfs-progs/blob/v4.9/qgroup.c#L1035 +func subvolQgroupStatus(path string) error { + dir, err := openDir(path) + if err != nil { + return err + } + defer closeDir(dir) + + var args C.struct_btrfs_ioctl_search_args + args.key.tree_id = C.BTRFS_QUOTA_TREE_OBJECTID + args.key.min_type = C.BTRFS_QGROUP_STATUS_KEY + args.key.max_type = C.BTRFS_QGROUP_STATUS_KEY + args.key.max_objectid = C.__u64(math.MaxUint64) + args.key.max_offset = C.__u64(math.MaxUint64) + args.key.max_transid = C.__u64(math.MaxUint64) + args.key.nr_items = 4096 + + _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_TREE_SEARCH, + uintptr(unsafe.Pointer(&args))) + if errno != 0 { + return fmt.Errorf("Failed to search qgroup for %s: %v", path, errno.Error()) + } + sh := (*C.struct_btrfs_ioctl_search_header)(unsafe.Pointer(&args.buf)) + if sh._type != C.BTRFS_QGROUP_STATUS_KEY { + return fmt.Errorf("Invalid qgroup search header type for %s: %v", path, sh._type) + } + return nil +} + func subvolLookupQgroup(path string) (uint64, error) { dir, err := openDir(path) if err != nil { @@ -533,7 +588,11 @@ func (d *Driver) Remove(id string) error { if _, err := os.Stat(dir); err != nil { return err } - if err := subvolDelete(d.subvolumesDir(), id); err != nil { + + // Call updateQuotaStatus() to invoke status update + d.updateQuotaStatus() + + if err := subvolDelete(d.subvolumesDir(), id, d.quotaEnabled); err != nil { return err } if err := system.EnsureRemoveAll(dir); err != nil { From a81b0c835e5ac56a17524efc3cd14275bcaadba3 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 24 May 2017 18:00:02 -0700 Subject: [PATCH 026/191] Persist the quota size for btrfs so that daemon restart keeps quota This commit is an extension of fix for 29325 based on the review comment. In this commit, the quota size for btrfs is kept in `/var/lib/docker/btrfs/quotas` so that a daemon restart keeps quota. Signed-off-by: Yong Tang Upstream-commit: 16328cc207a493ecff0cabc11ebf51e958131418 Component: engine --- .../engine/daemon/graphdriver/btrfs/btrfs.go | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/components/engine/daemon/graphdriver/btrfs/btrfs.go b/components/engine/daemon/graphdriver/btrfs/btrfs.go index 63c68dc6a2..3eb4ce8ed1 100644 --- a/components/engine/daemon/graphdriver/btrfs/btrfs.go +++ b/components/engine/daemon/graphdriver/btrfs/btrfs.go @@ -16,10 +16,12 @@ import "C" import ( "fmt" + "io/ioutil" "math" "os" "path" "path/filepath" + "strconv" "strings" "sync" "syscall" @@ -477,6 +479,14 @@ func (d *Driver) subvolumesDirID(id string) string { return path.Join(d.subvolumesDir(), id) } +func (d *Driver) quotasDir() string { + return path.Join(d.home, "quotas") +} + +func (d *Driver) quotasDirID(id string) string { + return path.Join(d.quotasDir(), id) +} + // CreateReadWrite creates a layer that is writable for use as a container // file system. func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts) error { @@ -485,6 +495,7 @@ func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts // Create the filesystem with given id. func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error { + quotas := path.Join(d.home, "quotas") subvolumes := path.Join(d.home, "subvolumes") rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps) if err != nil { @@ -521,9 +532,16 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error { if err := d.parseStorageOpt(storageOpt, driver); err != nil { return err } + if err := d.setStorageSize(path.Join(subvolumes, id), driver); err != nil { return err } + if err := idtools.MkdirAllAs(quotas, 0700, rootUID, rootGID); err != nil { + return err + } + if err := ioutil.WriteFile(path.Join(quotas, id), []byte(fmt.Sprint(driver.options.size)), 0644); err != nil { + return err + } } // if we have a remapped root (user namespaces enabled), change the created snapshot @@ -588,6 +606,14 @@ func (d *Driver) Remove(id string) error { if _, err := os.Stat(dir); err != nil { return err } + quotasDir := d.quotasDirID(id) + if _, err := os.Stat(quotasDir); err == nil { + if err := os.Remove(quotasDir); err != nil { + return err + } + } else if !os.IsNotExist(err) { + return err + } // Call updateQuotaStatus() to invoke status update d.updateQuotaStatus() @@ -616,6 +642,17 @@ func (d *Driver) Get(id, mountLabel string) (string, error) { return "", fmt.Errorf("%s: not a directory", dir) } + if quota, err := ioutil.ReadFile(d.quotasDirID(id)); err == nil { + if size, err := strconv.ParseUint(string(quota), 10, 64); err == nil && size >= d.options.minSpace { + if err := d.subvolEnableQuota(); err != nil { + return "", err + } + if err := subvolLimitQgroup(dir, size); err != nil { + return "", err + } + } + } + return dir, nil } From 6d3cd41f83dc72fd36a7eef6f6d749bfaf4ffda1 Mon Sep 17 00:00:00 2001 From: Wentao Zhang Date: Fri, 2 Jun 2017 18:15:49 +0800 Subject: [PATCH 027/191] Limit max backoff delay to 2 seconds for GRPC connection Docker use default GRPC backoff strategy to reconnect to containerd when connection is lost. and the delay time grows exponentially, until reaches 120s. So Change the max delay time to 2s to avoid docker and containerd connection failure. Signed-off-by: Wentao Zhang Upstream-commit: d3d8c77d195ce74f36ae6eee24578b9cac48f897 Component: engine --- components/engine/libcontainerd/remote_unix.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/components/engine/libcontainerd/remote_unix.go b/components/engine/libcontainerd/remote_unix.go index e09c9822d0..e63fcc7a62 100644 --- a/components/engine/libcontainerd/remote_unix.go +++ b/components/engine/libcontainerd/remote_unix.go @@ -96,11 +96,13 @@ func New(stateDir string, options ...RemoteOption) (_ Remote, err error) { // don't output the grpc reconnect logging grpclog.SetLogger(log.New(ioutil.Discard, "", log.LstdFlags)) - dialOpts := append([]grpc.DialOption{grpc.WithInsecure()}, + dialOpts := []grpc.DialOption{ + grpc.WithInsecure(), + grpc.WithBackoffMaxDelay(2 * time.Second), grpc.WithDialer(func(addr string, timeout time.Duration) (net.Conn, error) { return net.DialTimeout("unix", addr, timeout) }), - ) + } conn, err := grpc.Dial(r.rpcAddr, dialOpts...) if err != nil { return nil, fmt.Errorf("error connecting to containerd: %v", err) From 6f84604b78eb20a70f5f50a7eb5c51cf6a9f7a7e Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Fri, 2 Jun 2017 14:00:56 +0200 Subject: [PATCH 028/191] client: Use string concatenation instead of Sprintf Signed-off-by: Aaron Lehmann Upstream-commit: 44c9ccc069c1bfda25ad6fb5932eeeceaa8de491 Component: engine --- components/engine/client/client.go | 4 ++-- components/engine/client/container_copy.go | 6 +++--- components/engine/client/ping.go | 4 +--- components/engine/client/plugin_upgrade.go | 3 +-- 4 files changed, 7 insertions(+), 10 deletions(-) diff --git a/components/engine/client/client.go b/components/engine/client/client.go index 34897b9549..10fd73759b 100644 --- a/components/engine/client/client.go +++ b/components/engine/client/client.go @@ -216,9 +216,9 @@ func (cli *Client) getAPIPath(p string, query url.Values) string { var apiPath string if cli.version != "" { v := strings.TrimPrefix(cli.version, "v") - apiPath = fmt.Sprintf("%s/v%s%s", cli.basePath, v, p) + apiPath = cli.basePath + "/v" + v + p } else { - apiPath = fmt.Sprintf("%s%s", cli.basePath, p) + apiPath = cli.basePath + p } u := &url.URL{ diff --git a/components/engine/client/container_copy.go b/components/engine/client/container_copy.go index 545aa54383..66ee5c1b3b 100644 --- a/components/engine/client/container_copy.go +++ b/components/engine/client/container_copy.go @@ -20,7 +20,7 @@ func (cli *Client) ContainerStatPath(ctx context.Context, containerID, path stri query := url.Values{} query.Set("path", filepath.ToSlash(path)) // Normalize the paths used in the API. - urlStr := fmt.Sprintf("/containers/%s/archive", containerID) + urlStr := "/containers/" + containerID + "/archive" response, err := cli.head(ctx, urlStr, query, nil) if err != nil { return types.ContainerPathStat{}, err @@ -42,7 +42,7 @@ func (cli *Client) CopyToContainer(ctx context.Context, container, path string, query.Set("copyUIDGID", "true") } - apiPath := fmt.Sprintf("/containers/%s/archive", container) + apiPath := "/containers/" + container + "/archive" response, err := cli.putRaw(ctx, apiPath, query, content, nil) if err != nil { @@ -63,7 +63,7 @@ func (cli *Client) CopyFromContainer(ctx context.Context, container, srcPath str query := make(url.Values, 1) query.Set("path", filepath.ToSlash(srcPath)) // Normalize the paths used in the API. - apiPath := fmt.Sprintf("/containers/%s/archive", container) + apiPath := "/containers/" + container + "/archive" response, err := cli.get(ctx, apiPath, query, nil) if err != nil { return nil, types.ContainerPathStat{}, err diff --git a/components/engine/client/ping.go b/components/engine/client/ping.go index d6212ef8bb..631ed02005 100644 --- a/components/engine/client/ping.go +++ b/components/engine/client/ping.go @@ -1,8 +1,6 @@ package client import ( - "fmt" - "github.com/docker/docker/api/types" "golang.org/x/net/context" ) @@ -10,7 +8,7 @@ import ( // Ping pings the server and returns the value of the "Docker-Experimental", "OS-Type" & "API-Version" headers func (cli *Client) Ping(ctx context.Context) (types.Ping, error) { var ping types.Ping - req, err := cli.buildRequest("GET", fmt.Sprintf("%s/_ping", cli.basePath), nil, nil) + req, err := cli.buildRequest("GET", cli.basePath+"/_ping", nil, nil) if err != nil { return ping, err } diff --git a/components/engine/client/plugin_upgrade.go b/components/engine/client/plugin_upgrade.go index 24293c5073..28415156cd 100644 --- a/components/engine/client/plugin_upgrade.go +++ b/components/engine/client/plugin_upgrade.go @@ -1,7 +1,6 @@ package client import ( - "fmt" "io" "net/url" @@ -33,5 +32,5 @@ func (cli *Client) PluginUpgrade(ctx context.Context, name string, options types func (cli *Client) tryPluginUpgrade(ctx context.Context, query url.Values, privileges types.PluginPrivileges, name, registryAuth string) (serverResponse, error) { headers := map[string][]string{"X-Registry-Auth": {registryAuth}} - return cli.post(ctx, fmt.Sprintf("/plugins/%s/upgrade", name), query, privileges, headers) + return cli.post(ctx, "/plugins/"+name+"/upgrade", query, privileges, headers) } From 048c29d3768b02e49754eb6d9cbcafcdc4dfea6a Mon Sep 17 00:00:00 2001 From: Miklos Szegedi Date: Mon, 22 May 2017 22:42:47 -0700 Subject: [PATCH 029/191] Whitelist adjtimex get operation. Adjustment operations are gated by CAP_SYS_TIME Signed-off-by: Miklos Szegedi Upstream-commit: 2db05316d09214f5cd6de24e9f17784cbc2f2573 Component: engine --- components/engine/profiles/seccomp/default.json | 2 +- components/engine/profiles/seccomp/seccomp_default.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/components/engine/profiles/seccomp/default.json b/components/engine/profiles/seccomp/default.json index 0d43e60795..b71a8718a4 100755 --- a/components/engine/profiles/seccomp/default.json +++ b/components/engine/profiles/seccomp/default.json @@ -55,6 +55,7 @@ "accept", "accept4", "access", + "adjtimex", "alarm", "alarm", "bind", @@ -719,7 +720,6 @@ "names": [ "settimeofday", "stime", - "adjtimex", "clock_settime" ], "action": "SCMP_ACT_ALLOW", diff --git a/components/engine/profiles/seccomp/seccomp_default.go b/components/engine/profiles/seccomp/seccomp_default.go index 8cf0df2698..833dcd5a8a 100644 --- a/components/engine/profiles/seccomp/seccomp_default.go +++ b/components/engine/profiles/seccomp/seccomp_default.go @@ -49,6 +49,7 @@ func DefaultProfile() *types.Seccomp { "accept", "accept4", "access", + "adjtimex", "alarm", "alarm", "bind", @@ -611,7 +612,6 @@ func DefaultProfile() *types.Seccomp { Names: []string{ "settimeofday", "stime", - "adjtimex", "clock_settime", }, Action: types.ActAllow, From 3386def2424e7ad8df08f9c1efed921f1462afa3 Mon Sep 17 00:00:00 2001 From: John Howard Date: Fri, 2 Jun 2017 11:51:30 -0700 Subject: [PATCH 030/191] Windows: Correct comment Signed-off-by: John Howard Upstream-commit: 6e33c4158cc895d9b7fb274c13ecac0612c88aaa Component: engine --- components/engine/libcontainerd/client_windows.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/components/engine/libcontainerd/client_windows.go b/components/engine/libcontainerd/client_windows.go index b04bdbde9b..34f4c87d10 100644 --- a/components/engine/libcontainerd/client_windows.go +++ b/components/engine/libcontainerd/client_windows.go @@ -58,7 +58,6 @@ const defaultOwner = "docker" // "SystemType": "Container", // "Name": "5e0055c814a6005b8e57ac59f9a522066e0af12b48b3c26a9416e23907698776", // "Owner": "docker", -// "IsDummy": false, // "VolumePath": "\\\\\\\\?\\\\Volume{66d1ef4c-7a00-11e6-8948-00155ddbef9d}", // "IgnoreFlushesDuringBoot": true, // "LayerFolderPath": "C:\\\\control\\\\windowsfilter\\\\5e0055c814a6005b8e57ac59f9a522066e0af12b48b3c26a9416e23907698776", @@ -79,7 +78,6 @@ const defaultOwner = "docker" // "SystemType": "Container", // "Name": "475c2c58933b72687a88a441e7e0ca4bd72d76413c5f9d5031fee83b98f6045d", // "Owner": "docker", -// "IsDummy": false, // "IgnoreFlushesDuringBoot": true, // "Layers": [{ // "ID": "18955d65-d45a-557b-bf1c-49d6dfefc526", From 899cb8ee5f6c76d63879331692e612e280c9eeb3 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Fri, 2 Jun 2017 12:53:49 -0700 Subject: [PATCH 031/191] Set OPOST on bsd Signed-off-by: Michael Crosby Upstream-commit: 17ec46a24316f59c808c112e3ca46d7c442a785a Component: engine --- components/engine/pkg/term/termios_bsd.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/pkg/term/termios_bsd.go b/components/engine/pkg/term/termios_bsd.go index c47341e873..9fdc720f25 100644 --- a/components/engine/pkg/term/termios_bsd.go +++ b/components/engine/pkg/term/termios_bsd.go @@ -27,7 +27,7 @@ func MakeRaw(fd uintptr) (*State, error) { newState := oldState.termios newState.Iflag &^= (unix.IGNBRK | unix.BRKINT | unix.PARMRK | unix.ISTRIP | unix.INLCR | unix.IGNCR | unix.ICRNL | unix.IXON) - newState.Oflag &^= unix.OPOST + newState.Oflag |= unix.OPOST newState.Lflag &^= (unix.ECHO | unix.ECHONL | unix.ICANON | unix.ISIG | unix.IEXTEN) newState.Cflag &^= (unix.CSIZE | unix.PARENB) newState.Cflag |= unix.CS8 From 04eec7106a21ae3d2dc13acadf15f5511a43b8b3 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 1 Jun 2017 15:46:27 -0400 Subject: [PATCH 032/191] Move httputils/mimtype to the single consumser, and remove unused function. Signed-off-by: Daniel Nephin Upstream-commit: c91521be68182b450a22f018ccc9d780571a5936 Component: engine --- .../engine/builder/remotecontext/detect.go | 3 +- .../remotecontext}/mimetype.go | 12 ++--- .../builder/remotecontext/mimetype_test.go | 16 ++++++ .../engine/builder/remotecontext/remote.go | 4 +- .../builder/remotecontext/remote_test.go | 3 +- components/engine/pkg/httputils/httputils.go | 29 ----------- .../engine/pkg/httputils/httputils_test.go | 51 ------------------- .../engine/pkg/httputils/mimetype_test.go | 13 ----- 8 files changed, 25 insertions(+), 106 deletions(-) rename components/engine/{pkg/httputils => builder/remotecontext}/mimetype.go (73%) create mode 100644 components/engine/builder/remotecontext/mimetype_test.go delete mode 100644 components/engine/pkg/httputils/mimetype_test.go diff --git a/components/engine/builder/remotecontext/detect.go b/components/engine/builder/remotecontext/detect.go index 448782dcca..efac27f7ff 100644 --- a/components/engine/builder/remotecontext/detect.go +++ b/components/engine/builder/remotecontext/detect.go @@ -14,7 +14,6 @@ import ( "github.com/docker/docker/builder/dockerfile/parser" "github.com/docker/docker/builder/dockerignore" "github.com/docker/docker/pkg/fileutils" - "github.com/docker/docker/pkg/httputils" "github.com/docker/docker/pkg/symlink" "github.com/docker/docker/pkg/urlutil" "github.com/pkg/errors" @@ -93,7 +92,7 @@ func newURLRemote(url string, dockerfilePath string, progressReader func(in io.R var dockerfile io.ReadCloser dockerfileFoundErr := errors.New("found-dockerfile") c, err := MakeRemoteContext(url, map[string]func(io.ReadCloser) (io.ReadCloser, error){ - httputils.MimeTypes.TextPlain: func(rc io.ReadCloser) (io.ReadCloser, error) { + mimeTypes.TextPlain: func(rc io.ReadCloser) (io.ReadCloser, error) { dockerfile = rc return nil, dockerfileFoundErr }, diff --git a/components/engine/pkg/httputils/mimetype.go b/components/engine/builder/remotecontext/mimetype.go similarity index 73% rename from components/engine/pkg/httputils/mimetype.go rename to components/engine/builder/remotecontext/mimetype.go index abef9e9e83..083d609978 100644 --- a/components/engine/pkg/httputils/mimetype.go +++ b/components/engine/builder/remotecontext/mimetype.go @@ -1,29 +1,27 @@ -package httputils +package remotecontext import ( "mime" "net/http" ) -// MimeTypes stores the MIME content type. -var MimeTypes = struct { +// mimeTypes stores the MIME content type. +var mimeTypes = struct { TextPlain string OctetStream string }{"text/plain", "application/octet-stream"} -// DetectContentType returns a best guess representation of the MIME +// detectContentType returns a best guess representation of the MIME // content type for the bytes at c. The value detected by // http.DetectContentType is guaranteed not be nil, defaulting to // application/octet-stream when a better guess cannot be made. The // result of this detection is then run through mime.ParseMediaType() // which separates the actual MIME string from any parameters. -func DetectContentType(c []byte) (string, map[string]string, error) { - +func detectContentType(c []byte) (string, map[string]string, error) { ct := http.DetectContentType(c) contentType, args, err := mime.ParseMediaType(ct) if err != nil { return "", nil, err } - return contentType, args, nil } diff --git a/components/engine/builder/remotecontext/mimetype_test.go b/components/engine/builder/remotecontext/mimetype_test.go new file mode 100644 index 0000000000..8c00ec2860 --- /dev/null +++ b/components/engine/builder/remotecontext/mimetype_test.go @@ -0,0 +1,16 @@ +package remotecontext + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestDetectContentType(t *testing.T) { + input := []byte("That is just a plain text") + + contentType, _, err := detectContentType(input) + require.NoError(t, err) + assert.Equal(t, "text/plain", contentType) +} diff --git a/components/engine/builder/remotecontext/remote.go b/components/engine/builder/remotecontext/remote.go index 6be464fff1..5a8ba0f35d 100644 --- a/components/engine/builder/remotecontext/remote.go +++ b/components/engine/builder/remotecontext/remote.go @@ -94,8 +94,8 @@ func inspectResponse(ct string, r io.ReadCloser, clen int64) (string, io.ReadClo // content type for files without an extension (e.g. 'Dockerfile') // so if we receive this value we better check for text content contentType := ct - if len(ct) == 0 || ct == httputils.MimeTypes.OctetStream { - contentType, _, err = httputils.DetectContentType(preamble) + if len(ct) == 0 || ct == mimeTypes.OctetStream { + contentType, _, err = detectContentType(preamble) if err != nil { return contentType, bodyReader, err } diff --git a/components/engine/builder/remotecontext/remote_test.go b/components/engine/builder/remotecontext/remote_test.go index af9db4b927..b0b17a02b6 100644 --- a/components/engine/builder/remotecontext/remote_test.go +++ b/components/engine/builder/remotecontext/remote_test.go @@ -11,7 +11,6 @@ import ( "github.com/docker/docker/builder" "github.com/docker/docker/pkg/archive" - "github.com/docker/docker/pkg/httputils" ) var binaryContext = []byte{0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00} //xz magic @@ -188,7 +187,7 @@ func TestMakeRemoteContext(t *testing.T) { mux.Handle("/", http.FileServer(http.Dir(contextDir))) remoteContext, err := MakeRemoteContext(remoteURL, map[string]func(io.ReadCloser) (io.ReadCloser, error){ - httputils.MimeTypes.TextPlain: func(rc io.ReadCloser) (io.ReadCloser, error) { + mimeTypes.TextPlain: func(rc io.ReadCloser) (io.ReadCloser, error) { dockerfile, err := ioutil.ReadAll(rc) if err != nil { return nil, err diff --git a/components/engine/pkg/httputils/httputils.go b/components/engine/pkg/httputils/httputils.go index af86835bd9..1e44ee4854 100644 --- a/components/engine/pkg/httputils/httputils.go +++ b/components/engine/pkg/httputils/httputils.go @@ -1,20 +1,12 @@ package httputils import ( - "errors" "fmt" "net/http" - "regexp" - "strings" "github.com/docker/docker/pkg/jsonmessage" ) -var ( - headerRegexp = regexp.MustCompile(`^(?:(.+)/(.+?))\((.+)\).*$`) - errInvalidHeader = errors.New("Bad header, should be in format `docker/version (platform)`") -) - // Download requests a given URL and returns an io.Reader. func Download(url string) (resp *http.Response, err error) { if resp, err = http.Get(url); err != nil { @@ -33,24 +25,3 @@ func NewHTTPRequestError(msg string, res *http.Response) error { Code: res.StatusCode, } } - -// ServerHeader contains the server information. -type ServerHeader struct { - App string // docker - Ver string // 1.8.0-dev - OS string // windows or linux -} - -// ParseServerHeader extracts pieces from an HTTP server header -// which is in the format "docker/version (os)" e.g. docker/1.8.0-dev (windows). -func ParseServerHeader(hdr string) (*ServerHeader, error) { - matches := headerRegexp.FindStringSubmatch(hdr) - if len(matches) != 4 { - return nil, errInvalidHeader - } - return &ServerHeader{ - App: strings.TrimSpace(matches[1]), - Ver: strings.TrimSpace(matches[2]), - OS: strings.TrimSpace(matches[3]), - }, nil -} diff --git a/components/engine/pkg/httputils/httputils_test.go b/components/engine/pkg/httputils/httputils_test.go index 725c68f415..c439a91610 100644 --- a/components/engine/pkg/httputils/httputils_test.go +++ b/components/engine/pkg/httputils/httputils_test.go @@ -62,54 +62,3 @@ func TestNewHTTPRequestError(t *testing.T) { t.Fatalf("Expected err to be %q, got %q", errorMessage, err) } } - -func TestParseServerHeader(t *testing.T) { - inputs := map[string][]string{ - "bad header": {"error"}, - "(bad header)": {"error"}, - "(without/spaces)": {"error"}, - "(header/with spaces)": {"error"}, - "foo/bar (baz)": {"foo", "bar", "baz"}, - "foo/bar": {"error"}, - "foo": {"error"}, - "foo/bar (baz space)": {"foo", "bar", "baz space"}, - " f f / b b ( b s ) ": {"f f", "b b", "b s"}, - "foo/bar (baz) ignore": {"foo", "bar", "baz"}, - "foo/bar ()": {"error"}, - "foo/bar()": {"error"}, - "foo/bar(baz)": {"foo", "bar", "baz"}, - "foo/bar/zzz(baz)": {"foo/bar", "zzz", "baz"}, - "foo/bar(baz/abc)": {"foo", "bar", "baz/abc"}, - "foo/bar(baz (abc))": {"foo", "bar", "baz (abc)"}, - } - - for header, values := range inputs { - serverHeader, err := ParseServerHeader(header) - if err != nil { - if err != errInvalidHeader { - t.Fatalf("Failed to parse %q, and got some unexpected error: %q", header, err) - } - if values[0] == "error" { - continue - } - t.Fatalf("Header %q failed to parse when it shouldn't have", header) - } - if values[0] == "error" { - t.Fatalf("Header %q parsed ok when it should have failed(%q).", header, serverHeader) - } - - if serverHeader.App != values[0] { - t.Fatalf("Expected serverHeader.App for %q to equal %q, got %q", header, values[0], serverHeader.App) - } - - if serverHeader.Ver != values[1] { - t.Fatalf("Expected serverHeader.Ver for %q to equal %q, got %q", header, values[1], serverHeader.Ver) - } - - if serverHeader.OS != values[2] { - t.Fatalf("Expected serverHeader.OS for %q to equal %q, got %q", header, values[2], serverHeader.OS) - } - - } - -} diff --git a/components/engine/pkg/httputils/mimetype_test.go b/components/engine/pkg/httputils/mimetype_test.go deleted file mode 100644 index a6cc047db8..0000000000 --- a/components/engine/pkg/httputils/mimetype_test.go +++ /dev/null @@ -1,13 +0,0 @@ -package httputils - -import ( - "testing" -) - -func TestDetectContentType(t *testing.T) { - input := []byte("That is just a plain text") - - if contentType, _, err := DetectContentType(input); err != nil || contentType != "text/plain" { - t.Error("TestDetectContentType failed") - } -} From 7636bfd2c7f6b1b4563738d68e0e909a1532557f Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 1 Jun 2017 15:59:24 -0400 Subject: [PATCH 033/191] Move httputils/reasumablerequestreader to the single consumer. Signed-off-by: Daniel Nephin Upstream-commit: 65515af075ce5f8037750c253b2834008840afc1 Component: engine --- .../resumable}/resumablerequestreader.go | 24 ++-- .../resumable}/resumablerequestreader_test.go | 132 ++++++------------ components/engine/registry/session.go | 3 +- 3 files changed, 53 insertions(+), 106 deletions(-) rename components/engine/{pkg/httputils => registry/resumable}/resumablerequestreader.go (66%) rename components/engine/{pkg/httputils => registry/resumable}/resumablerequestreader_test.go (69%) diff --git a/components/engine/pkg/httputils/resumablerequestreader.go b/components/engine/registry/resumable/resumablerequestreader.go similarity index 66% rename from components/engine/pkg/httputils/resumablerequestreader.go rename to components/engine/registry/resumable/resumablerequestreader.go index de488fb531..5403c76847 100644 --- a/components/engine/pkg/httputils/resumablerequestreader.go +++ b/components/engine/registry/resumable/resumablerequestreader.go @@ -1,4 +1,4 @@ -package httputils +package resumable import ( "fmt" @@ -9,7 +9,7 @@ import ( "github.com/Sirupsen/logrus" ) -type resumableRequestReader struct { +type requestReader struct { client *http.Client request *http.Request lastRange int64 @@ -20,22 +20,22 @@ type resumableRequestReader struct { waitDuration time.Duration } -// ResumableRequestReader makes it possible to resume reading a request's body transparently +// NewRequestReader makes it possible to resume reading a request's body transparently // maxfail is the number of times we retry to make requests again (not resumes) // totalsize is the total length of the body; auto detect if not provided -func ResumableRequestReader(c *http.Client, r *http.Request, maxfail uint32, totalsize int64) io.ReadCloser { - return &resumableRequestReader{client: c, request: r, maxFailures: maxfail, totalSize: totalsize, waitDuration: 5 * time.Second} +func NewRequestReader(c *http.Client, r *http.Request, maxfail uint32, totalsize int64) io.ReadCloser { + return &requestReader{client: c, request: r, maxFailures: maxfail, totalSize: totalsize, waitDuration: 5 * time.Second} } -// ResumableRequestReaderWithInitialResponse makes it possible to resume +// NewRequestReaderWithInitialResponse makes it possible to resume // reading the body of an already initiated request. -func ResumableRequestReaderWithInitialResponse(c *http.Client, r *http.Request, maxfail uint32, totalsize int64, initialResponse *http.Response) io.ReadCloser { - return &resumableRequestReader{client: c, request: r, maxFailures: maxfail, totalSize: totalsize, currentResponse: initialResponse, waitDuration: 5 * time.Second} +func NewRequestReaderWithInitialResponse(c *http.Client, r *http.Request, maxfail uint32, totalsize int64, initialResponse *http.Response) io.ReadCloser { + return &requestReader{client: c, request: r, maxFailures: maxfail, totalSize: totalsize, currentResponse: initialResponse, waitDuration: 5 * time.Second} } -func (r *resumableRequestReader) Read(p []byte) (n int, err error) { +func (r *requestReader) Read(p []byte) (n int, err error) { if r.client == nil || r.request == nil { - return 0, fmt.Errorf("client and request can't be nil\n") + return 0, fmt.Errorf("client and request can't be nil") } isFreshRequest := false if r.lastRange != 0 && r.currentResponse == nil { @@ -81,14 +81,14 @@ func (r *resumableRequestReader) Read(p []byte) (n int, err error) { return n, err } -func (r *resumableRequestReader) Close() error { +func (r *requestReader) Close() error { r.cleanUpResponse() r.client = nil r.request = nil return nil } -func (r *resumableRequestReader) cleanUpResponse() { +func (r *requestReader) cleanUpResponse() { if r.currentResponse != nil { r.currentResponse.Body.Close() r.currentResponse = nil diff --git a/components/engine/pkg/httputils/resumablerequestreader_test.go b/components/engine/registry/resumable/resumablerequestreader_test.go similarity index 69% rename from components/engine/pkg/httputils/resumablerequestreader_test.go rename to components/engine/registry/resumable/resumablerequestreader_test.go index 81cafae579..a632bc673a 100644 --- a/components/engine/pkg/httputils/resumablerequestreader_test.go +++ b/components/engine/registry/resumable/resumablerequestreader_test.go @@ -1,7 +1,9 @@ -package httputils +package resumable import ( "fmt" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "io" "io/ioutil" "net/http" @@ -21,28 +23,19 @@ func TestResumableRequestHeaderSimpleErrors(t *testing.T) { var req *http.Request req, err := http.NewRequest("GET", ts.URL, nil) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) - expectedError := "client and request can't be nil\n" - resreq := &resumableRequestReader{} + resreq := &requestReader{} _, err = resreq.Read([]byte{}) - if err == nil || err.Error() != expectedError { - t.Fatalf("Expected an error with '%s', got %v.", expectedError, err) - } + assert.EqualError(t, err, "client and request can't be nil") - resreq = &resumableRequestReader{ + resreq = &requestReader{ client: client, request: req, totalSize: -1, } - expectedError = "failed to auto detect content length" _, err = resreq.Read([]byte{}) - if err == nil || err.Error() != expectedError { - t.Fatalf("Expected an error with '%s', got %v.", expectedError, err) - } - + assert.EqualError(t, err, "failed to auto detect content length") } // Not too much failures, bails out after some wait @@ -51,11 +44,9 @@ func TestResumableRequestHeaderNotTooMuchFailures(t *testing.T) { var badReq *http.Request badReq, err := http.NewRequest("GET", "I'm not an url", nil) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) - resreq := &resumableRequestReader{ + resreq := &requestReader{ client: client, request: badReq, failures: 0, @@ -63,9 +54,8 @@ func TestResumableRequestHeaderNotTooMuchFailures(t *testing.T) { waitDuration: 10 * time.Millisecond, } read, err := resreq.Read([]byte{}) - if err != nil || read != 0 { - t.Fatalf("Expected no error and no byte read, got err:%v, read:%v.", err, read) - } + require.NoError(t, err) + assert.Equal(t, 0, read) } // Too much failures, returns the error @@ -74,11 +64,9 @@ func TestResumableRequestHeaderTooMuchFailures(t *testing.T) { var badReq *http.Request badReq, err := http.NewRequest("GET", "I'm not an url", nil) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) - resreq := &resumableRequestReader{ + resreq := &requestReader{ client: client, request: badReq, failures: 0, @@ -88,9 +76,8 @@ func TestResumableRequestHeaderTooMuchFailures(t *testing.T) { expectedError := `Get I%27m%20not%20an%20url: unsupported protocol scheme ""` read, err := resreq.Read([]byte{}) - if err == nil || err.Error() != expectedError || read != 0 { - t.Fatalf("Expected the error '%s', got err:%v, read:%v.", expectedError, err, read) - } + assert.EqualError(t, err, expectedError) + assert.Equal(t, 0, read) } type errorReaderCloser struct{} @@ -105,9 +92,7 @@ func (errorReaderCloser) Read(p []byte) (n int, err error) { func TestResumableRequestReaderWithReadError(t *testing.T) { var req *http.Request req, err := http.NewRequest("GET", "", nil) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) client := &http.Client{} @@ -119,7 +104,7 @@ func TestResumableRequestReaderWithReadError(t *testing.T) { Body: errorReaderCloser{}, } - resreq := &resumableRequestReader{ + resreq := &requestReader{ client: client, request: req, currentResponse: response, @@ -130,21 +115,15 @@ func TestResumableRequestReaderWithReadError(t *testing.T) { buf := make([]byte, 1) read, err := resreq.Read(buf) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) - if read != 0 { - t.Fatalf("Expected to have read nothing, but read %v", read) - } + assert.Equal(t, 0, read) } func TestResumableRequestReaderWithEOFWith416Response(t *testing.T) { var req *http.Request req, err := http.NewRequest("GET", "", nil) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) client := &http.Client{} @@ -156,7 +135,7 @@ func TestResumableRequestReaderWithEOFWith416Response(t *testing.T) { Body: ioutil.NopCloser(strings.NewReader("")), } - resreq := &resumableRequestReader{ + resreq := &requestReader{ client: client, request: req, currentResponse: response, @@ -167,9 +146,7 @@ func TestResumableRequestReaderWithEOFWith416Response(t *testing.T) { buf := make([]byte, 1) _, err = resreq.Read(buf) - if err == nil || err != io.EOF { - t.Fatalf("Expected an io.EOF error, got %v", err) - } + assert.EqualError(t, err, io.EOF.Error()) } func TestResumableRequestReaderWithServerDoesntSupportByteRanges(t *testing.T) { @@ -182,29 +159,23 @@ func TestResumableRequestReaderWithServerDoesntSupportByteRanges(t *testing.T) { var req *http.Request req, err := http.NewRequest("GET", ts.URL, nil) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) client := &http.Client{} - resreq := &resumableRequestReader{ + resreq := &requestReader{ client: client, request: req, lastRange: 1, } defer resreq.Close() - expectedError := "the server doesn't support byte ranges" buf := make([]byte, 2) _, err = resreq.Read(buf) - if err == nil || err.Error() != expectedError { - t.Fatalf("Expected an error '%s', got %v", expectedError, err) - } + assert.EqualError(t, err, "the server doesn't support byte ranges") } func TestResumableRequestReaderWithZeroTotalSize(t *testing.T) { - srvtxt := "some response text data" ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -214,30 +185,22 @@ func TestResumableRequestReaderWithZeroTotalSize(t *testing.T) { var req *http.Request req, err := http.NewRequest("GET", ts.URL, nil) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) client := &http.Client{} retries := uint32(5) - resreq := ResumableRequestReader(client, req, retries, 0) + resreq := NewRequestReader(client, req, retries, 0) defer resreq.Close() data, err := ioutil.ReadAll(resreq) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) resstr := strings.TrimSuffix(string(data), "\n") - - if resstr != srvtxt { - t.Error("resstr != srvtxt") - } + assert.Equal(t, srvtxt, resstr) } func TestResumableRequestReader(t *testing.T) { - srvtxt := "some response text data" ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -247,31 +210,23 @@ func TestResumableRequestReader(t *testing.T) { var req *http.Request req, err := http.NewRequest("GET", ts.URL, nil) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) client := &http.Client{} retries := uint32(5) imgSize := int64(len(srvtxt)) - resreq := ResumableRequestReader(client, req, retries, imgSize) + resreq := NewRequestReader(client, req, retries, imgSize) defer resreq.Close() data, err := ioutil.ReadAll(resreq) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) resstr := strings.TrimSuffix(string(data), "\n") - - if resstr != srvtxt { - t.Error("resstr != srvtxt") - } + assert.Equal(t, srvtxt, resstr) } func TestResumableRequestReaderWithInitialResponse(t *testing.T) { - srvtxt := "some response text data" ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -281,30 +236,21 @@ func TestResumableRequestReaderWithInitialResponse(t *testing.T) { var req *http.Request req, err := http.NewRequest("GET", ts.URL, nil) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) client := &http.Client{} retries := uint32(5) imgSize := int64(len(srvtxt)) res, err := client.Do(req) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) - resreq := ResumableRequestReaderWithInitialResponse(client, req, retries, imgSize, res) + resreq := NewRequestReaderWithInitialResponse(client, req, retries, imgSize, res) defer resreq.Close() data, err := ioutil.ReadAll(resreq) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) resstr := strings.TrimSuffix(string(data), "\n") - - if resstr != srvtxt { - t.Error("resstr != srvtxt") - } + assert.Equal(t, srvtxt, resstr) } diff --git a/components/engine/registry/session.go b/components/engine/registry/session.go index c71e778037..39bd80acc4 100644 --- a/components/engine/registry/session.go +++ b/components/engine/registry/session.go @@ -27,6 +27,7 @@ import ( "github.com/docker/docker/pkg/ioutils" "github.com/docker/docker/pkg/stringid" "github.com/docker/docker/pkg/tarsum" + "github.com/docker/docker/registry/resumable" ) var ( @@ -313,7 +314,7 @@ func (r *Session) GetRemoteImageLayer(imgID, registry string, imgSize int64) (io if res.Header.Get("Accept-Ranges") == "bytes" && imgSize > 0 { logrus.Debug("server supports resume") - return httputils.ResumableRequestReaderWithInitialResponse(r.client, req, 5, imgSize, res), nil + return resumable.NewRequestReaderWithInitialResponse(r.client, req, 5, imgSize, res), nil } logrus.Debug("server doesn't support resume") return res.Body, nil From 16c0836e84fc43d41ebae60a9c6925fe3cf0a192 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 1 Jun 2017 17:00:00 -0400 Subject: [PATCH 034/191] Move an error helper to registry/session. Signed-off-by: Daniel Nephin Upstream-commit: a6ac5495e11d34b1887476ca89f841df1056249a Component: engine --- components/engine/pkg/httputils/httputils.go | 10 ----- .../engine/pkg/httputils/httputils_test.go | 37 +++++-------------- components/engine/registry/session.go | 37 +++++++++++-------- 3 files changed, 32 insertions(+), 52 deletions(-) diff --git a/components/engine/pkg/httputils/httputils.go b/components/engine/pkg/httputils/httputils.go index 1e44ee4854..fe84d34d9b 100644 --- a/components/engine/pkg/httputils/httputils.go +++ b/components/engine/pkg/httputils/httputils.go @@ -3,8 +3,6 @@ package httputils import ( "fmt" "net/http" - - "github.com/docker/docker/pkg/jsonmessage" ) // Download requests a given URL and returns an io.Reader. @@ -17,11 +15,3 @@ func Download(url string) (resp *http.Response, err error) { } return resp, nil } - -// NewHTTPRequestError returns a JSON response error. -func NewHTTPRequestError(msg string, res *http.Response) error { - return &jsonmessage.JSONError{ - Message: msg, - Code: res.StatusCode, - } -} diff --git a/components/engine/pkg/httputils/httputils_test.go b/components/engine/pkg/httputils/httputils_test.go index c439a91610..6c62ba7838 100644 --- a/components/engine/pkg/httputils/httputils_test.go +++ b/components/engine/pkg/httputils/httputils_test.go @@ -5,8 +5,11 @@ import ( "io/ioutil" "net/http" "net/http/httptest" - "strings" "testing" + + "github.com/docker/docker/pkg/testutil" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestDownload(t *testing.T) { @@ -22,10 +25,8 @@ func TestDownload(t *testing.T) { actual, err := ioutil.ReadAll(response.Body) response.Body.Close() - - if err != nil || string(actual) != expected { - t.Fatalf("Expected the response %q, got err:%q, actual:%q", expected, err, string(actual)) - } + require.NoError(t, err) + assert.Equal(t, expected, string(actual)) } func TestDownload400Errors(t *testing.T) { @@ -36,29 +37,11 @@ func TestDownload400Errors(t *testing.T) { })) defer ts.Close() // Expected status code = 403 - if _, err := Download(ts.URL); err == nil || err.Error() != expectedError { - t.Fatalf("Expected the error %q, got %q", expectedError, err) - } + _, err := Download(ts.URL) + assert.EqualError(t, err, expectedError) } func TestDownloadOtherErrors(t *testing.T) { - if _, err := Download("I'm not an url.."); err == nil || !strings.Contains(err.Error(), "unsupported protocol scheme") { - t.Fatalf("Expected an error with 'unsupported protocol scheme', got %q", err) - } -} - -func TestNewHTTPRequestError(t *testing.T) { - errorMessage := "Some error message" - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - // 403 - http.Error(w, errorMessage, http.StatusForbidden) - })) - defer ts.Close() - httpResponse, err := http.Get(ts.URL) - if err != nil { - t.Fatal(err) - } - if err := NewHTTPRequestError(errorMessage, httpResponse); err.Error() != errorMessage { - t.Fatalf("Expected err to be %q, got %q", errorMessage, err) - } + _, err := Download("I'm not an url..") + testutil.ErrorContains(t, err, "unsupported protocol scheme") } diff --git a/components/engine/registry/session.go b/components/engine/registry/session.go index 39bd80acc4..746b8fb5b5 100644 --- a/components/engine/registry/session.go +++ b/components/engine/registry/session.go @@ -23,8 +23,8 @@ import ( "github.com/docker/distribution/registry/api/errcode" "github.com/docker/docker/api/types" registrytypes "github.com/docker/docker/api/types/registry" - "github.com/docker/docker/pkg/httputils" "github.com/docker/docker/pkg/ioutils" + "github.com/docker/docker/pkg/jsonmessage" "github.com/docker/docker/pkg/stringid" "github.com/docker/docker/pkg/tarsum" "github.com/docker/docker/registry/resumable" @@ -227,7 +227,7 @@ func (r *Session) GetRemoteHistory(imgID, registry string) ([]string, error) { if res.StatusCode == 401 { return nil, errcode.ErrorCodeUnauthorized.WithArgs() } - return nil, httputils.NewHTTPRequestError(fmt.Sprintf("Server error: %d trying to fetch remote history for %s", res.StatusCode, imgID), res) + return nil, newJSONError(fmt.Sprintf("Server error: %d trying to fetch remote history for %s", res.StatusCode, imgID), res) } var history []string @@ -247,7 +247,7 @@ func (r *Session) LookupRemoteImage(imgID, registry string) error { } res.Body.Close() if res.StatusCode != 200 { - return httputils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d", res.StatusCode), res) + return newJSONError(fmt.Sprintf("HTTP code %d", res.StatusCode), res) } return nil } @@ -260,7 +260,7 @@ func (r *Session) GetRemoteImageJSON(imgID, registry string) ([]byte, int64, err } defer res.Body.Close() if res.StatusCode != 200 { - return nil, -1, httputils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d", res.StatusCode), res) + return nil, -1, newJSONError(fmt.Sprintf("HTTP code %d", res.StatusCode), res) } // if the size header is not present, then set it to '-1' imageSize := int64(-1) @@ -445,13 +445,13 @@ func (r *Session) GetRepositoryData(name reference.Named) (*RepositoryData, erro // TODO: Right now we're ignoring checksums in the response body. // In the future, we need to use them to check image validity. if res.StatusCode == 404 { - return nil, httputils.NewHTTPRequestError(fmt.Sprintf("HTTP code: %d", res.StatusCode), res) + return nil, newJSONError(fmt.Sprintf("HTTP code: %d", res.StatusCode), res) } else if res.StatusCode != 200 { errBody, err := ioutil.ReadAll(res.Body) if err != nil { logrus.Debugf("Error reading response body: %s", err) } - return nil, httputils.NewHTTPRequestError(fmt.Sprintf("Error: Status %d trying to pull repository %s: %q", res.StatusCode, reference.Path(name), errBody), res) + return nil, newJSONError(fmt.Sprintf("Error: Status %d trying to pull repository %s: %q", res.StatusCode, reference.Path(name), errBody), res) } var endpoints []string @@ -538,12 +538,12 @@ func (r *Session) PushImageJSONRegistry(imgData *ImgData, jsonRaw []byte, regist } defer res.Body.Close() if res.StatusCode == 401 && strings.HasPrefix(registry, "http://") { - return httputils.NewHTTPRequestError("HTTP code 401, Docker will not send auth headers over HTTP.", res) + return newJSONError("HTTP code 401, Docker will not send auth headers over HTTP.", res) } if res.StatusCode != 200 { errBody, err := ioutil.ReadAll(res.Body) if err != nil { - return httputils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err), res) + return newJSONError(fmt.Sprintf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err), res) } var jsonBody map[string]string if err := json.Unmarshal(errBody, &jsonBody); err != nil { @@ -551,7 +551,7 @@ func (r *Session) PushImageJSONRegistry(imgData *ImgData, jsonRaw []byte, regist } else if jsonBody["error"] == "Image already exists" { return ErrAlreadyExists } - return httputils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d while uploading metadata: %q", res.StatusCode, errBody), res) + return newJSONError(fmt.Sprintf("HTTP code %d while uploading metadata: %q", res.StatusCode, errBody), res) } return nil } @@ -592,9 +592,9 @@ func (r *Session) PushImageLayerRegistry(imgID string, layer io.Reader, registry if res.StatusCode != 200 { errBody, err := ioutil.ReadAll(res.Body) if err != nil { - return "", "", httputils.NewHTTPRequestError(fmt.Sprintf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err), res) + return "", "", newJSONError(fmt.Sprintf("HTTP code %d while uploading metadata and error when trying to parse response body: %s", res.StatusCode, err), res) } - return "", "", httputils.NewHTTPRequestError(fmt.Sprintf("Received HTTP code %d while uploading layer: %q", res.StatusCode, errBody), res) + return "", "", newJSONError(fmt.Sprintf("Received HTTP code %d while uploading layer: %q", res.StatusCode, errBody), res) } checksumPayload = "sha256:" + hex.EncodeToString(h.Sum(nil)) @@ -620,7 +620,7 @@ func (r *Session) PushRegistryTag(remote reference.Named, revision, tag, registr } res.Body.Close() if res.StatusCode != 200 && res.StatusCode != 201 { - return httputils.NewHTTPRequestError(fmt.Sprintf("Internal server error: %d trying to push tag %s on %s", res.StatusCode, tag, reference.Path(remote)), res) + return newJSONError(fmt.Sprintf("Internal server error: %d trying to push tag %s on %s", res.StatusCode, tag, reference.Path(remote)), res) } return nil } @@ -684,7 +684,7 @@ func (r *Session) PushImageJSONIndex(remote reference.Named, imgList []*ImgData, if err != nil { logrus.Debugf("Error reading response body: %s", err) } - return nil, httputils.NewHTTPRequestError(fmt.Sprintf("Error: Status %d trying to push repository %s: %q", res.StatusCode, reference.Path(remote), errBody), res) + return nil, newJSONError(fmt.Sprintf("Error: Status %d trying to push repository %s: %q", res.StatusCode, reference.Path(remote), errBody), res) } tokens = res.Header["X-Docker-Token"] logrus.Debugf("Auth token: %v", tokens) @@ -702,7 +702,7 @@ func (r *Session) PushImageJSONIndex(remote reference.Named, imgList []*ImgData, if err != nil { logrus.Debugf("Error reading response body: %s", err) } - return nil, httputils.NewHTTPRequestError(fmt.Sprintf("Error: Status %d trying to push checksums %s: %q", res.StatusCode, reference.Path(remote), errBody), res) + return nil, newJSONError(fmt.Sprintf("Error: Status %d trying to push checksums %s: %q", res.StatusCode, reference.Path(remote), errBody), res) } } @@ -751,7 +751,7 @@ func (r *Session) SearchRepositories(term string, limit int) (*registrytypes.Sea } defer res.Body.Close() if res.StatusCode != 200 { - return nil, httputils.NewHTTPRequestError(fmt.Sprintf("Unexpected status code %d", res.StatusCode), res) + return nil, newJSONError(fmt.Sprintf("Unexpected status code %d", res.StatusCode), res) } result := new(registrytypes.SearchResults) return result, json.NewDecoder(res.Body).Decode(result) @@ -782,3 +782,10 @@ func isTimeout(err error) bool { t, ok := e.(timeout) return ok && t.Timeout() } + +func newJSONError(msg string, res *http.Response) error { + return &jsonmessage.JSONError{ + Message: msg, + Code: res.StatusCode, + } +} From b9c4f53912c3999bd0067883ec36b7b41ee234ce Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 1 Jun 2017 17:05:44 -0400 Subject: [PATCH 035/191] Remove the last of pkg/httputil Signed-off-by: Daniel Nephin Upstream-commit: 4060d6ee0b130cf74294c309dfbd3c860fd2a7f8 Component: engine --- components/engine/builder/dockerfile/copy.go | 5 +- .../engine/builder/remotecontext/remote.go | 24 ++++++++-- .../builder/remotecontext/remote_test.go | 43 +++++++++++++++++ components/engine/daemon/import.go | 4 +- components/engine/pkg/httputils/httputils.go | 17 ------- .../engine/pkg/httputils/httputils_test.go | 47 ------------------- 6 files changed, 67 insertions(+), 73 deletions(-) delete mode 100644 components/engine/pkg/httputils/httputils.go delete mode 100644 components/engine/pkg/httputils/httputils_test.go diff --git a/components/engine/builder/dockerfile/copy.go b/components/engine/builder/dockerfile/copy.go index 77f0a44d55..db98eb92e1 100644 --- a/components/engine/builder/dockerfile/copy.go +++ b/components/engine/builder/dockerfile/copy.go @@ -13,7 +13,6 @@ import ( "github.com/docker/docker/builder" "github.com/docker/docker/builder/remotecontext" - "github.com/docker/docker/pkg/httputils" "github.com/docker/docker/pkg/ioutils" "github.com/docker/docker/pkg/progress" "github.com/docker/docker/pkg/streamformatter" @@ -292,7 +291,6 @@ func errOnSourceDownload(_ string) (builder.Source, string, error) { } func downloadSource(output io.Writer, stdout io.Writer, srcURL string) (remote builder.Source, p string, err error) { - // get filename from URL u, err := url.Parse(srcURL) if err != nil { return @@ -303,8 +301,7 @@ func downloadSource(output io.Writer, stdout io.Writer, srcURL string) (remote b return } - // Initiate the download - resp, err := httputils.Download(srcURL) + resp, err := remotecontext.GetWithStatusError(srcURL) if err != nil { return } diff --git a/components/engine/builder/remotecontext/remote.go b/components/engine/builder/remotecontext/remote.go index 5a8ba0f35d..bf45fca064 100644 --- a/components/engine/builder/remotecontext/remote.go +++ b/components/engine/builder/remotecontext/remote.go @@ -2,14 +2,14 @@ package remotecontext import ( "bytes" - "errors" "fmt" "io" "io/ioutil" + "net/http" "regexp" "github.com/docker/docker/builder" - "github.com/docker/docker/pkg/httputils" + "github.com/pkg/errors" ) // When downloading remote contexts, limit the amount (in bytes) @@ -30,7 +30,7 @@ var mimeRe = regexp.MustCompile(acceptableRemoteMIME) // to be returned. If no match is found, it is assumed the body is a tar stream (compressed or not). // In either case, an (assumed) tar stream is passed to MakeTarSumContext whose result is returned. func MakeRemoteContext(remoteURL string, contentTypeHandlers map[string]func(io.ReadCloser) (io.ReadCloser, error)) (builder.Source, error) { - f, err := httputils.Download(remoteURL) + f, err := GetWithStatusError(remoteURL) if err != nil { return nil, fmt.Errorf("error downloading remote context %s: %v", remoteURL, err) } @@ -66,6 +66,24 @@ func MakeRemoteContext(remoteURL string, contentTypeHandlers map[string]func(io. return MakeTarSumContext(contextReader) } +// GetWithStatusError does an http.Get() and returns an error if the +// status code is 4xx or 5xx. +func GetWithStatusError(url string) (resp *http.Response, err error) { + if resp, err = http.Get(url); err != nil { + return nil, err + } + if resp.StatusCode < 400 { + return resp, nil + } + msg := fmt.Sprintf("failed to GET %s with status %s", url, resp.Status) + body, err := ioutil.ReadAll(resp.Body) + resp.Body.Close() + if err != nil { + return nil, errors.Wrapf(err, msg+": error reading body") + } + return nil, errors.Errorf(msg+": %s", bytes.TrimSpace(body)) +} + // inspectResponse looks into the http response data at r to determine whether its // content-type is on the list of acceptable content types for remote build contexts. // This function returns: diff --git a/components/engine/builder/remotecontext/remote_test.go b/components/engine/builder/remotecontext/remote_test.go index b0b17a02b6..37c2740674 100644 --- a/components/engine/builder/remotecontext/remote_test.go +++ b/components/engine/builder/remotecontext/remote_test.go @@ -11,6 +11,9 @@ import ( "github.com/docker/docker/builder" "github.com/docker/docker/pkg/archive" + "github.com/docker/docker/pkg/testutil" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) var binaryContext = []byte{0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00} //xz magic @@ -231,3 +234,43 @@ func TestMakeRemoteContext(t *testing.T) { t.Fatalf("File %s should have position 0, got %d", builder.DefaultDockerfileName, fileInfo.Pos()) } } + +func TestGetWithStatusError(t *testing.T) { + var testcases = []struct { + err error + statusCode int + expectedErr string + expectedBody string + }{ + { + statusCode: 200, + expectedBody: "THE BODY", + }, + { + statusCode: 400, + expectedErr: "with status 400 Bad Request: broke", + expectedBody: "broke", + }, + } + for _, testcase := range testcases { + ts := httptest.NewServer( + http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + buffer := bytes.NewBufferString(testcase.expectedBody) + w.WriteHeader(testcase.statusCode) + w.Write(buffer.Bytes()) + }), + ) + defer ts.Close() + response, err := GetWithStatusError(ts.URL) + + if testcase.expectedErr == "" { + require.NoError(t, err) + + body, err := testutil.ReadBody(response.Body) + require.NoError(t, err) + assert.Contains(t, string(body), testcase.expectedBody) + } else { + testutil.ErrorContains(t, err, testcase.expectedErr) + } + } +} diff --git a/components/engine/daemon/import.go b/components/engine/daemon/import.go index 17b9d870a3..0687533a0b 100644 --- a/components/engine/daemon/import.go +++ b/components/engine/daemon/import.go @@ -12,11 +12,11 @@ import ( "github.com/docker/distribution/reference" "github.com/docker/docker/api/types/container" "github.com/docker/docker/builder/dockerfile" + "github.com/docker/docker/builder/remotecontext" "github.com/docker/docker/dockerversion" "github.com/docker/docker/image" "github.com/docker/docker/layer" "github.com/docker/docker/pkg/archive" - "github.com/docker/docker/pkg/httputils" "github.com/docker/docker/pkg/progress" "github.com/docker/docker/pkg/streamformatter" "github.com/pkg/errors" @@ -67,7 +67,7 @@ func (daemon *Daemon) ImportImage(src string, repository, tag string, msg string return err } - resp, err = httputils.Download(u.String()) + resp, err = remotecontext.GetWithStatusError(u.String()) if err != nil { return err } diff --git a/components/engine/pkg/httputils/httputils.go b/components/engine/pkg/httputils/httputils.go deleted file mode 100644 index fe84d34d9b..0000000000 --- a/components/engine/pkg/httputils/httputils.go +++ /dev/null @@ -1,17 +0,0 @@ -package httputils - -import ( - "fmt" - "net/http" -) - -// Download requests a given URL and returns an io.Reader. -func Download(url string) (resp *http.Response, err error) { - if resp, err = http.Get(url); err != nil { - return nil, err - } - if resp.StatusCode >= 400 { - return nil, fmt.Errorf("Got HTTP status code >= 400: %s", resp.Status) - } - return resp, nil -} diff --git a/components/engine/pkg/httputils/httputils_test.go b/components/engine/pkg/httputils/httputils_test.go deleted file mode 100644 index 6c62ba7838..0000000000 --- a/components/engine/pkg/httputils/httputils_test.go +++ /dev/null @@ -1,47 +0,0 @@ -package httputils - -import ( - "fmt" - "io/ioutil" - "net/http" - "net/http/httptest" - "testing" - - "github.com/docker/docker/pkg/testutil" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -func TestDownload(t *testing.T) { - expected := "Hello, docker !" - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - fmt.Fprintf(w, expected) - })) - defer ts.Close() - response, err := Download(ts.URL) - if err != nil { - t.Fatal(err) - } - - actual, err := ioutil.ReadAll(response.Body) - response.Body.Close() - require.NoError(t, err) - assert.Equal(t, expected, string(actual)) -} - -func TestDownload400Errors(t *testing.T) { - expectedError := "Got HTTP status code >= 400: 403 Forbidden" - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - // 403 - http.Error(w, "something failed (forbidden)", http.StatusForbidden) - })) - defer ts.Close() - // Expected status code = 403 - _, err := Download(ts.URL) - assert.EqualError(t, err, expectedError) -} - -func TestDownloadOtherErrors(t *testing.T) { - _, err := Download("I'm not an url..") - testutil.ErrorContains(t, err, "unsupported protocol scheme") -} From b8e386fca43658dc8b5c4a1c13313e0301f7a6ba Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 1 Jun 2017 17:15:13 -0400 Subject: [PATCH 036/191] Move pkg/gitutils to remotecontext/git Signed-off-by: Daniel Nephin Upstream-commit: b9d85ac58db8b8d4480fca93f8b952d084ea36f5 Component: engine --- .../engine/builder/remotecontext/git.go | 4 +- .../remotecontext/git}/gitutils.go | 2 +- .../remotecontext/git}/gitutils_test.go | 104 +++++++----------- 3 files changed, 40 insertions(+), 70 deletions(-) rename components/engine/{pkg/gitutils => builder/remotecontext/git}/gitutils.go (99%) rename components/engine/{pkg/gitutils => builder/remotecontext/git}/gitutils_test.go (65%) diff --git a/components/engine/builder/remotecontext/git.go b/components/engine/builder/remotecontext/git.go index 4204c9f7bb..7a55bfa9d4 100644 --- a/components/engine/builder/remotecontext/git.go +++ b/components/engine/builder/remotecontext/git.go @@ -4,13 +4,13 @@ import ( "os" "github.com/docker/docker/builder" + "github.com/docker/docker/builder/remotecontext/git" "github.com/docker/docker/pkg/archive" - "github.com/docker/docker/pkg/gitutils" ) // MakeGitContext returns a Context from gitURL that is cloned in a temporary directory. func MakeGitContext(gitURL string) (builder.Source, error) { - root, err := gitutils.Clone(gitURL) + root, err := git.Clone(gitURL) if err != nil { return nil, err } diff --git a/components/engine/pkg/gitutils/gitutils.go b/components/engine/builder/remotecontext/git/gitutils.go similarity index 99% rename from components/engine/pkg/gitutils/gitutils.go rename to components/engine/builder/remotecontext/git/gitutils.go index 4e09e05239..fd8250dbc3 100644 --- a/components/engine/pkg/gitutils/gitutils.go +++ b/components/engine/builder/remotecontext/git/gitutils.go @@ -1,4 +1,4 @@ -package gitutils +package git import ( "fmt" diff --git a/components/engine/pkg/gitutils/gitutils_test.go b/components/engine/builder/remotecontext/git/gitutils_test.go similarity index 65% rename from components/engine/pkg/gitutils/gitutils_test.go rename to components/engine/builder/remotecontext/git/gitutils_test.go index b5fbd18128..eb771f8c98 100644 --- a/components/engine/pkg/gitutils/gitutils_test.go +++ b/components/engine/builder/remotecontext/git/gitutils_test.go @@ -1,4 +1,4 @@ -package gitutils +package git import ( "fmt" @@ -8,10 +8,12 @@ import ( "net/url" "os" "path/filepath" - "reflect" "runtime" "strings" "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestCloneArgsSmartHttp(t *testing.T) { @@ -28,9 +30,7 @@ func TestCloneArgsSmartHttp(t *testing.T) { args := fetchArgs(serverURL, "master") exp := []string{"fetch", "--recurse-submodules=yes", "--depth", "1", "origin", "master"} - if !reflect.DeepEqual(args, exp) { - t.Fatalf("Expected %v, got %v", exp, args) - } + assert.Equal(t, exp, args) } func TestCloneArgsDumbHttp(t *testing.T) { @@ -46,18 +46,14 @@ func TestCloneArgsDumbHttp(t *testing.T) { args := fetchArgs(serverURL, "master") exp := []string{"fetch", "--recurse-submodules=yes", "origin", "master"} - if !reflect.DeepEqual(args, exp) { - t.Fatalf("Expected %v, got %v", exp, args) - } + assert.Equal(t, exp, args) } func TestCloneArgsGit(t *testing.T) { u, _ := url.Parse("git://github.com/docker/docker") args := fetchArgs(u, "master") exp := []string{"fetch", "--recurse-submodules=yes", "--depth", "1", "origin", "master"} - if !reflect.DeepEqual(args, exp) { - t.Fatalf("Expected %v, got %v", exp, args) - } + assert.Equal(t, exp, args) } func gitGetConfig(name string) string { @@ -72,9 +68,7 @@ func gitGetConfig(name string) string { func TestCheckoutGit(t *testing.T) { root, err := ioutil.TempDir("", "docker-build-git-checkout") - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) defer os.RemoveAll(root) autocrlf := gitGetConfig("core.autocrlf") @@ -89,30 +83,22 @@ func TestCheckoutGit(t *testing.T) { gitDir := filepath.Join(root, "repo") _, err = git("init", gitDir) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) - if _, err = gitWithinDir(gitDir, "config", "user.email", "test@docker.com"); err != nil { - t.Fatal(err) - } + _, err = gitWithinDir(gitDir, "config", "user.email", "test@docker.com") + require.NoError(t, err) - if _, err = gitWithinDir(gitDir, "config", "user.name", "Docker test"); err != nil { - t.Fatal(err) - } + _, err = gitWithinDir(gitDir, "config", "user.name", "Docker test") + require.NoError(t, err) - if err = ioutil.WriteFile(filepath.Join(gitDir, "Dockerfile"), []byte("FROM scratch"), 0644); err != nil { - t.Fatal(err) - } + err = ioutil.WriteFile(filepath.Join(gitDir, "Dockerfile"), []byte("FROM scratch"), 0644) + require.NoError(t, err) subDir := filepath.Join(gitDir, "subdir") - if err = os.Mkdir(subDir, 0755); err != nil { - t.Fatal(err) - } + require.NoError(t, os.Mkdir(subDir, 0755)) - if err = ioutil.WriteFile(filepath.Join(subDir, "Dockerfile"), []byte("FROM scratch\nEXPOSE 5000"), 0644); err != nil { - t.Fatal(err) - } + err = ioutil.WriteFile(filepath.Join(subDir, "Dockerfile"), []byte("FROM scratch\nEXPOSE 5000"), 0644) + require.NoError(t, err) if runtime.GOOS != "windows" { if err = os.Symlink("../subdir", filepath.Join(gitDir, "parentlink")); err != nil { @@ -124,37 +110,29 @@ func TestCheckoutGit(t *testing.T) { } } - if _, err = gitWithinDir(gitDir, "add", "-A"); err != nil { - t.Fatal(err) - } + _, err = gitWithinDir(gitDir, "add", "-A") + require.NoError(t, err) - if _, err = gitWithinDir(gitDir, "commit", "-am", "First commit"); err != nil { - t.Fatal(err) - } + _, err = gitWithinDir(gitDir, "commit", "-am", "First commit") + require.NoError(t, err) - if _, err = gitWithinDir(gitDir, "checkout", "-b", "test"); err != nil { - t.Fatal(err) - } + _, err = gitWithinDir(gitDir, "checkout", "-b", "test") + require.NoError(t, err) - if err = ioutil.WriteFile(filepath.Join(gitDir, "Dockerfile"), []byte("FROM scratch\nEXPOSE 3000"), 0644); err != nil { - t.Fatal(err) - } + err = ioutil.WriteFile(filepath.Join(gitDir, "Dockerfile"), []byte("FROM scratch\nEXPOSE 3000"), 0644) + require.NoError(t, err) - if err = ioutil.WriteFile(filepath.Join(subDir, "Dockerfile"), []byte("FROM busybox\nEXPOSE 5000"), 0644); err != nil { - t.Fatal(err) - } + err = ioutil.WriteFile(filepath.Join(subDir, "Dockerfile"), []byte("FROM busybox\nEXPOSE 5000"), 0644) + require.NoError(t, err) - if _, err = gitWithinDir(gitDir, "add", "-A"); err != nil { - t.Fatal(err) - } + _, err = gitWithinDir(gitDir, "add", "-A") + require.NoError(t, err) - if _, err = gitWithinDir(gitDir, "commit", "-am", "Branch commit"); err != nil { - t.Fatal(err) - } + _, err = gitWithinDir(gitDir, "commit", "-am", "Branch commit") + require.NoError(t, err) - if _, err = gitWithinDir(gitDir, "checkout", "master"); err != nil { - t.Fatal(err) - } + _, err = gitWithinDir(gitDir, "checkout", "master") + require.NoError(t, err) type singleCase struct { frag string @@ -190,21 +168,13 @@ func TestCheckoutGit(t *testing.T) { ref, subdir := getRefAndSubdir(c.frag) r, err := checkoutGit(gitDir, ref, subdir) - fail := err != nil - if fail != c.fail { - t.Fatalf("Expected %v failure, error was %v\n", c.fail, err) - } if c.fail { + assert.Error(t, err) continue } b, err := ioutil.ReadFile(filepath.Join(r, "Dockerfile")) - if err != nil { - t.Fatal(err) - } - - if string(b) != c.exp { - t.Fatalf("Expected %v, was %v\n", c.exp, string(b)) - } + require.NoError(t, err) + assert.Equal(t, c.exp, string(b)) } } From 4358607de56f5818b77814e863c861d892a3a8b5 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Fri, 2 Jun 2017 16:06:14 -0400 Subject: [PATCH 037/191] Fix ONBUILD COPY the source was missing from the second dispatch Signed-off-by: Daniel Nephin Upstream-commit: 3f2604157790408acf5ad05c74cebe105f2b6979 Component: engine --- .../engine/builder/dockerfile/builder.go | 5 ++-- .../engine/builder/dockerfile/dispatchers.go | 2 +- .../cli/build/fakecontext/context.go | 12 +++++++++ .../integration-cli/docker_api_build_test.go | 25 +++++++++++++++++++ 4 files changed, 41 insertions(+), 3 deletions(-) diff --git a/components/engine/builder/dockerfile/builder.go b/components/engine/builder/dockerfile/builder.go index f507766220..52b540ab5d 100644 --- a/components/engine/builder/dockerfile/builder.go +++ b/components/engine/builder/dockerfile/builder.go @@ -274,7 +274,7 @@ func BuildFromConfig(config *container.Config, changes []string) (*container.Con } dispatchState := newDispatchState() dispatchState.runConfig = config - return dispatchFromDockerfile(b, dockerfile, dispatchState) + return dispatchFromDockerfile(b, dockerfile, dispatchState, nil) } func checkDispatchDockerfile(dockerfile *parser.Node) error { @@ -286,7 +286,7 @@ func checkDispatchDockerfile(dockerfile *parser.Node) error { return nil } -func dispatchFromDockerfile(b *Builder, result *parser.Result, dispatchState *dispatchState) (*container.Config, error) { +func dispatchFromDockerfile(b *Builder, result *parser.Result, dispatchState *dispatchState, source builder.Source) (*container.Config, error) { shlex := NewShellLex(result.EscapeToken) ast := result.AST total := len(ast.Children) @@ -297,6 +297,7 @@ func dispatchFromDockerfile(b *Builder, result *parser.Result, dispatchState *di stepMsg: formatStep(i, total), node: n, shlex: shlex, + source: source, } if _, err := b.dispatch(opts); err != nil { return nil, err diff --git a/components/engine/builder/dockerfile/dispatchers.go b/components/engine/builder/dockerfile/dispatchers.go index dd5714ecb0..ca67eb7f30 100644 --- a/components/engine/builder/dockerfile/dispatchers.go +++ b/components/engine/builder/dockerfile/dispatchers.go @@ -325,7 +325,7 @@ func processOnBuild(req dispatchRequest) error { } } - if _, err := dispatchFromDockerfile(req.builder, dockerfile, dispatchState); err != nil { + if _, err := dispatchFromDockerfile(req.builder, dockerfile, dispatchState, req.source); err != nil { return err } } diff --git a/components/engine/integration-cli/cli/build/fakecontext/context.go b/components/engine/integration-cli/cli/build/fakecontext/context.go index 94f05c3623..8ecf4e3c63 100644 --- a/components/engine/integration-cli/cli/build/fakecontext/context.go +++ b/components/engine/integration-cli/cli/build/fakecontext/context.go @@ -2,9 +2,12 @@ package fakecontext import ( "bytes" + "io" "io/ioutil" "os" "path/filepath" + + "github.com/docker/docker/pkg/archive" ) type testingT interface { @@ -110,3 +113,12 @@ func (f *Fake) Delete(file string) error { func (f *Fake) Close() error { return os.RemoveAll(f.Dir) } + +// AsTarReader returns a ReadCloser with the contents of Dir as a tar archive. +func (f *Fake) AsTarReader(t testingT) io.ReadCloser { + reader, err := archive.TarWithOptions(f.Dir, &archive.TarOptions{}) + if err != nil { + t.Fatalf("Failed to create tar from %s: %s", f.Dir, err) + } + return reader +} diff --git a/components/engine/integration-cli/docker_api_build_test.go b/components/engine/integration-cli/docker_api_build_test.go index feb20ee724..12d3374dd5 100644 --- a/components/engine/integration-cli/docker_api_build_test.go +++ b/components/engine/integration-cli/docker_api_build_test.go @@ -249,3 +249,28 @@ func (s *DockerSuite) TestBuildAPIUnnormalizedTarPaths(c *check.C) { c.Assert(imageA, checker.Not(checker.Equals), imageB) } + +func (s *DockerSuite) TestBuildOnBuildWithCopy(c *check.C) { + dockerfile := ` + FROM ` + minimalBaseImage() + ` as onbuildbase + ONBUILD COPY file /file + + FROM onbuildbase + ` + ctx := fakecontext.New(c, "", + fakecontext.WithDockerfile(dockerfile), + fakecontext.WithFile("file", "some content"), + ) + defer ctx.Close() + + res, body, err := request.Post( + "/build", + request.RawContent(ctx.AsTarReader(c)), + request.ContentType("application/x-tar")) + c.Assert(err, checker.IsNil) + c.Assert(res.StatusCode, checker.Equals, http.StatusOK) + + out, err := testutil.ReadBody(body) + c.Assert(err, checker.IsNil) + c.Assert(string(out), checker.Contains, "Successfully built") +} From b52fb8f6d285517466690d916ac8fc31c521a88a Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Sat, 3 Jun 2017 15:07:33 -0700 Subject: [PATCH 038/191] Remove some more `opts` from runconfig (not used anymore) Signed-off-by: Vincent Demeester Upstream-commit: b0226a890fa6c25cd9664d037114237a1d85b602 Component: engine --- components/engine/runconfig/opts/envfile.go | 81 ---------- .../engine/runconfig/opts/envfile_test.go | 141 ------------------ components/engine/runconfig/opts/parse.go | 67 --------- 3 files changed, 289 deletions(-) delete mode 100644 components/engine/runconfig/opts/envfile.go delete mode 100644 components/engine/runconfig/opts/envfile_test.go diff --git a/components/engine/runconfig/opts/envfile.go b/components/engine/runconfig/opts/envfile.go deleted file mode 100644 index f723799215..0000000000 --- a/components/engine/runconfig/opts/envfile.go +++ /dev/null @@ -1,81 +0,0 @@ -package opts - -import ( - "bufio" - "bytes" - "fmt" - "os" - "strings" - "unicode" - "unicode/utf8" -) - -// ParseEnvFile reads a file with environment variables enumerated by lines -// -// ``Environment variable names used by the utilities in the Shell and -// Utilities volume of IEEE Std 1003.1-2001 consist solely of uppercase -// letters, digits, and the '_' (underscore) from the characters defined in -// Portable Character Set and do not begin with a digit. *But*, other -// characters may be permitted by an implementation; applications shall -// tolerate the presence of such names.'' -// -- http://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap08.html -// -// As of #16585, it's up to application inside docker to validate or not -// environment variables, that's why we just strip leading whitespace and -// nothing more. -func ParseEnvFile(filename string) ([]string, error) { - fh, err := os.Open(filename) - if err != nil { - return []string{}, err - } - defer fh.Close() - - lines := []string{} - scanner := bufio.NewScanner(fh) - currentLine := 0 - utf8bom := []byte{0xEF, 0xBB, 0xBF} - for scanner.Scan() { - scannedBytes := scanner.Bytes() - if !utf8.Valid(scannedBytes) { - return []string{}, fmt.Errorf("env file %s contains invalid utf8 bytes at line %d: %v", filename, currentLine+1, scannedBytes) - } - // We trim UTF8 BOM - if currentLine == 0 { - scannedBytes = bytes.TrimPrefix(scannedBytes, utf8bom) - } - // trim the line from all leading whitespace first - line := strings.TrimLeftFunc(string(scannedBytes), unicode.IsSpace) - currentLine++ - // line is not empty, and not starting with '#' - if len(line) > 0 && !strings.HasPrefix(line, "#") { - data := strings.SplitN(line, "=", 2) - - // trim the front of a variable, but nothing else - variable := strings.TrimLeft(data[0], whiteSpaces) - if strings.ContainsAny(variable, whiteSpaces) { - return []string{}, ErrBadEnvVariable{fmt.Sprintf("variable '%s' has white spaces", variable)} - } - - if len(data) > 1 { - - // pass the value through, no trimming - lines = append(lines, fmt.Sprintf("%s=%s", variable, data[1])) - } else { - // if only a pass-through variable is given, clean it up. - lines = append(lines, fmt.Sprintf("%s=%s", strings.TrimSpace(line), os.Getenv(line))) - } - } - } - return lines, scanner.Err() -} - -var whiteSpaces = " \t" - -// ErrBadEnvVariable typed error for bad environment variable -type ErrBadEnvVariable struct { - msg string -} - -func (e ErrBadEnvVariable) Error() string { - return fmt.Sprintf("poorly formatted environment: %s", e.msg) -} diff --git a/components/engine/runconfig/opts/envfile_test.go b/components/engine/runconfig/opts/envfile_test.go deleted file mode 100644 index f3faabe3c0..0000000000 --- a/components/engine/runconfig/opts/envfile_test.go +++ /dev/null @@ -1,141 +0,0 @@ -package opts - -import ( - "bufio" - "fmt" - "io/ioutil" - "os" - "reflect" - "strings" - "testing" -) - -func tmpFileWithContent(content string, t *testing.T) string { - tmpFile, err := ioutil.TempFile("", "envfile-test") - if err != nil { - t.Fatal(err) - } - defer tmpFile.Close() - - tmpFile.WriteString(content) - return tmpFile.Name() -} - -// Test ParseEnvFile for a file with a few well formatted lines -func TestParseEnvFileGoodFile(t *testing.T) { - content := `foo=bar - baz=quux -# comment - -_foobar=foobaz -with.dots=working -and_underscore=working too -` - // Adding a newline + a line with pure whitespace. - // This is being done like this instead of the block above - // because it's common for editors to trim trailing whitespace - // from lines, which becomes annoying since that's the - // exact thing we need to test. - content += "\n \t " - tmpFile := tmpFileWithContent(content, t) - defer os.Remove(tmpFile) - - lines, err := ParseEnvFile(tmpFile) - if err != nil { - t.Fatal(err) - } - - expectedLines := []string{ - "foo=bar", - "baz=quux", - "_foobar=foobaz", - "with.dots=working", - "and_underscore=working too", - } - - if !reflect.DeepEqual(lines, expectedLines) { - t.Fatal("lines not equal to expectedLines") - } -} - -// Test ParseEnvFile for an empty file -func TestParseEnvFileEmptyFile(t *testing.T) { - tmpFile := tmpFileWithContent("", t) - defer os.Remove(tmpFile) - - lines, err := ParseEnvFile(tmpFile) - if err != nil { - t.Fatal(err) - } - - if len(lines) != 0 { - t.Fatal("lines not empty; expected empty") - } -} - -// Test ParseEnvFile for a non existent file -func TestParseEnvFileNonExistentFile(t *testing.T) { - _, err := ParseEnvFile("foo_bar_baz") - if err == nil { - t.Fatal("ParseEnvFile succeeded; expected failure") - } - if _, ok := err.(*os.PathError); !ok { - t.Fatalf("Expected a PathError, got [%v]", err) - } -} - -// Test ParseEnvFile for a badly formatted file -func TestParseEnvFileBadlyFormattedFile(t *testing.T) { - content := `foo=bar - f =quux -` - - tmpFile := tmpFileWithContent(content, t) - defer os.Remove(tmpFile) - - _, err := ParseEnvFile(tmpFile) - if err == nil { - t.Fatalf("Expected an ErrBadEnvVariable, got nothing") - } - if _, ok := err.(ErrBadEnvVariable); !ok { - t.Fatalf("Expected an ErrBadEnvVariable, got [%v]", err) - } - expectedMessage := "poorly formatted environment: variable 'f ' has white spaces" - if err.Error() != expectedMessage { - t.Fatalf("Expected [%v], got [%v]", expectedMessage, err.Error()) - } -} - -// Test ParseEnvFile for a file with a line exceeding bufio.MaxScanTokenSize -func TestParseEnvFileLineTooLongFile(t *testing.T) { - content := strings.Repeat("a", bufio.MaxScanTokenSize+42) - content = fmt.Sprint("foo=", content) - - tmpFile := tmpFileWithContent(content, t) - defer os.Remove(tmpFile) - - _, err := ParseEnvFile(tmpFile) - if err == nil { - t.Fatal("ParseEnvFile succeeded; expected failure") - } -} - -// ParseEnvFile with a random file, pass through -func TestParseEnvFileRandomFile(t *testing.T) { - content := `first line -another invalid line` - tmpFile := tmpFileWithContent(content, t) - defer os.Remove(tmpFile) - - _, err := ParseEnvFile(tmpFile) - if err == nil { - t.Fatalf("Expected an ErrBadEnvVariable, got nothing") - } - if _, ok := err.(ErrBadEnvVariable); !ok { - t.Fatalf("Expected an ErrBadEnvVariable, got [%v]", err) - } - expectedMessage := "poorly formatted environment: variable 'first line' has white spaces" - if err.Error() != expectedMessage { - t.Fatalf("Expected [%v], got [%v]", expectedMessage, err.Error()) - } -} diff --git a/components/engine/runconfig/opts/parse.go b/components/engine/runconfig/opts/parse.go index a88ea1385a..a7f1b79f16 100644 --- a/components/engine/runconfig/opts/parse.go +++ b/components/engine/runconfig/opts/parse.go @@ -1,30 +1,9 @@ package opts import ( - "fmt" - "strconv" "strings" - - "github.com/docker/docker/api/types/container" ) -// ReadKVStrings reads a file of line terminated key=value pairs, and overrides any keys -// present in the file with additional pairs specified in the override parameter -func ReadKVStrings(files []string, override []string) ([]string, error) { - envVariables := []string{} - for _, ef := range files { - parsedVars, err := ParseEnvFile(ef) - if err != nil { - return nil, err - } - envVariables = append(envVariables, parsedVars...) - } - // parse the '-e' and '--env' after, to allow override - envVariables = append(envVariables, override...) - - return envVariables, nil -} - // ConvertKVStringsToMap converts ["key=value"] to {"key":"value"} func ConvertKVStringsToMap(values []string) map[string]string { result := make(map[string]string, len(values)) @@ -39,49 +18,3 @@ func ConvertKVStringsToMap(values []string) map[string]string { return result } - -// ConvertKVStringsToMapWithNil converts ["key=value"] to {"key":"value"} -// but set unset keys to nil - meaning the ones with no "=" in them. -// We use this in cases where we need to distinguish between -// FOO= and FOO -// where the latter case just means FOO was mentioned but not given a value -func ConvertKVStringsToMapWithNil(values []string) map[string]*string { - result := make(map[string]*string, len(values)) - for _, value := range values { - kv := strings.SplitN(value, "=", 2) - if len(kv) == 1 { - result[kv[0]] = nil - } else { - result[kv[0]] = &kv[1] - } - } - - return result -} - -// ParseRestartPolicy returns the parsed policy or an error indicating what is incorrect -func ParseRestartPolicy(policy string) (container.RestartPolicy, error) { - p := container.RestartPolicy{} - - if policy == "" { - return p, nil - } - - parts := strings.Split(policy, ":") - - if len(parts) > 2 { - return p, fmt.Errorf("invalid restart policy format") - } - if len(parts) == 2 { - count, err := strconv.Atoi(parts[1]) - if err != nil { - return p, fmt.Errorf("maximum retry count must be an integer") - } - - p.MaximumRetryCount = count - } - - p.Name = parts[0] - - return p, nil -} From b13daf9d283d4e207ed2588a010f428c1273786d Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Sat, 3 Jun 2017 15:19:10 -0700 Subject: [PATCH 039/191] Remove unused functions Signed-off-by: Vincent Demeester Upstream-commit: 236a125c3afdee30b739399aaea263c37cb28b04 Component: engine --- components/engine/cli/required.go | 69 ------------------------------- 1 file changed, 69 deletions(-) diff --git a/components/engine/cli/required.go b/components/engine/cli/required.go index d28af86be5..d56bc213ad 100644 --- a/components/engine/cli/required.go +++ b/components/engine/cli/required.go @@ -25,72 +25,3 @@ func NoArgs(cmd *cobra.Command, args []string) error { cmd.Short, ) } - -// RequiresMinArgs returns an error if there is not at least min args -func RequiresMinArgs(min int) cobra.PositionalArgs { - return func(cmd *cobra.Command, args []string) error { - if len(args) >= min { - return nil - } - return errors.Errorf( - "\"%s\" requires at least %d argument(s).\nSee '%s --help'.\n\nUsage: %s\n\n%s", - cmd.CommandPath(), - min, - cmd.CommandPath(), - cmd.UseLine(), - cmd.Short, - ) - } -} - -// RequiresMaxArgs returns an error if there is not at most max args -func RequiresMaxArgs(max int) cobra.PositionalArgs { - return func(cmd *cobra.Command, args []string) error { - if len(args) <= max { - return nil - } - return errors.Errorf( - "\"%s\" requires at most %d argument(s).\nSee '%s --help'.\n\nUsage: %s\n\n%s", - cmd.CommandPath(), - max, - cmd.CommandPath(), - cmd.UseLine(), - cmd.Short, - ) - } -} - -// RequiresRangeArgs returns an error if there is not at least min args and at most max args -func RequiresRangeArgs(min int, max int) cobra.PositionalArgs { - return func(cmd *cobra.Command, args []string) error { - if len(args) >= min && len(args) <= max { - return nil - } - return errors.Errorf( - "\"%s\" requires at least %d and at most %d argument(s).\nSee '%s --help'.\n\nUsage: %s\n\n%s", - cmd.CommandPath(), - min, - max, - cmd.CommandPath(), - cmd.UseLine(), - cmd.Short, - ) - } -} - -// ExactArgs returns an error if there is not the exact number of args -func ExactArgs(number int) cobra.PositionalArgs { - return func(cmd *cobra.Command, args []string) error { - if len(args) == number { - return nil - } - return errors.Errorf( - "\"%s\" requires exactly %d argument(s).\nSee '%s --help'.\n\nUsage: %s\n\n%s", - cmd.CommandPath(), - number, - cmd.CommandPath(), - cmd.UseLine(), - cmd.Short, - ) - } -} From 56fb42b6121a5dc654b06ef0e1b73bb898761df2 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 5 Jun 2017 00:36:05 +0000 Subject: [PATCH 040/191] Remove dead code: GetAuthConfig Signed-off-by: Shishir Mahajan Upstream-commit: 02a759fa96bd16c0483c8e48c5658ee6b9739aa4 Component: engine --- components/engine/registry/session.go | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/components/engine/registry/session.go b/components/engine/registry/session.go index 746b8fb5b5..9d7f32193f 100644 --- a/components/engine/registry/session.go +++ b/components/engine/registry/session.go @@ -757,19 +757,6 @@ func (r *Session) SearchRepositories(term string, limit int) (*registrytypes.Sea return result, json.NewDecoder(res.Body).Decode(result) } -// GetAuthConfig returns the authentication settings for a session -// TODO(tiborvass): remove this once registry client v2 is vendored -func (r *Session) GetAuthConfig(withPasswd bool) *types.AuthConfig { - password := "" - if withPasswd { - password = r.authConfig.Password - } - return &types.AuthConfig{ - Username: r.authConfig.Username, - Password: password, - } -} - func isTimeout(err error) bool { type timeout interface { Timeout() bool From cf0286328e4dcc2c2016e61295d12d48b0bc905d Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Mon, 5 Jun 2017 18:18:32 -0700 Subject: [PATCH 041/191] Add builder dev report for 2017-06-05 Signed-off-by: Tonis Tiigi Upstream-commit: 0477bc4587d025b5b9b54ab810b6503b568d085c Component: engine --- .../engine/reports/builder/2017-06-05.md | 62 +++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 components/engine/reports/builder/2017-06-05.md diff --git a/components/engine/reports/builder/2017-06-05.md b/components/engine/reports/builder/2017-06-05.md new file mode 100644 index 0000000000..b6b83dc1b7 --- /dev/null +++ b/components/engine/reports/builder/2017-06-05.md @@ -0,0 +1,62 @@ +# Development Report for June 5, 2017 + +### New feature: Long running session + +Similarly to last week, the PR for [adding long-running session between daemon and cli](https://github.com/moby/moby/pull/32677) is waiting for reviews. It is blocking many new features like the token signing, not pulling unnecessary context files, exposing sources outside working directory, etc. Maintainers are encouraged to give this one a review so it can be included in `v17.07` release. + + +### Quality: Dependency interface switch + +Work continues on making the builder dependency interface more stable. + +PRs currently in review as part of this effort: + +- [Move file copying from the daemon to the builder](https://github.com/moby/moby/pull/33454) + +This PR is the core of the update that removes the need to track active containers and instead of lets builder hold references to layers while it's running. + +Related to this, @simonferquel opened a [WIP PR](https://github.com/moby/moby/pull/33492) that introduces typed Dockerfile parsing. This enables making [decisions about dependencies](https://github.com/moby/moby/issues/32550#issuecomment-297867334) between build stages and reusing Dockerfile parsing as a buildkit frontend. + +### Buildkit + +Some initial proof of concept code for [buildkit](https://github.com/moby/moby/issues/32925) has been pushed to https://github.com/tonistiigi/buildkit_poc . It's in a very early exploratory stage. Current codebase includes libraries for getting concurrency safe references to containerd snapshots using a centralized cache management instance. There is a sample source implementation for pulling images to these snapshots and executing jobs with runc on top of them. There is also some utility code for concurrent execution and progress stream handling. More info should follow in next weeks, including hopefully opening up an official repo. If you have questions or want to help, stop by the issues section of that repo or the proposal in moby/moby. + +### `v17.06` release + +Some bugs [1](https://github.com/moby/moby/issues/33493), [2](https://github.com/moby/moby/pull/33524) were found with the `ONBUILD` instruction in `v17.06-rc1`. They should be fixed in `rc2`. As quite a lot has changed in the builder internals, users are recommended to test the release candidate. + +### Proposals discussed in maintainers meeting + +Reminder from last week: New builder proposals were discussed in maintainers meeting. The decision was to give two more weeks for anyone to post feedback to [IMPORT/EXPORT commands](https://github.com/moby/moby/issues/32100) and [`RUN --mount`](https://github.com/moby/moby/issues/32507) and accept them for development if nothing significant comes up. It is the last week to post your feedback on these proposals or the comments in them. You can also volunteer to implement them. + +A new issue about [build secrets](https://github.com/moby/moby/issues/33343) has not got much traction. If you want this feature to become a reality, please make yourself heard. + +### Proposals for new Dockerfile features that need design feedback: + +[Add IMPORT/EXPORT commands to Dockerfile](https://github.com/moby/moby/issues/32100) + +[Add `DOCKEROS/DOCKERARCH` default ARG to Dockerfile](https://github.com/moby/moby/issues/32487) + +[Add support for `RUN --mount`](https://github.com/moby/moby/issues/32507) + +[DAG image builder](https://github.com/moby/moby/issues/32550) + +[Option to export the hash of the build context](https://github.com/moby/moby/issues/32963) (new) + +[Allow --cache-from=*](https://github.com/moby/moby/issues/33002#issuecomment-299041162) (new) + +[Provide advanced .dockeringore use-cases](https://github.com/moby/moby/issues/12886) [2](https://github.com/moby/moby/issues/12886#issuecomment-306247989) + +If you are interested in implementing any of them, leave a comment on the specific issues. + +### Other builder PRs merged last week + +[Fix canceling builder on chunked requests](https://github.com/moby/moby/pull/33363) + +[Fix parser directive refactoring](https://github.com/moby/moby/pull/33436) + +### Builder features currently in code-review: + +[Warn/deprecate continuing on empty lines in `Dockerfile`](https://github.com/moby/moby/pull/29161) + +[Fix behavior of absolute paths in .dockerignore](https://github.com/moby/moby/pull/32088) \ No newline at end of file From 9244630a6b3c73aaa8d1a8d5719b6924f742e019 Mon Sep 17 00:00:00 2001 From: allencloud Date: Thu, 23 Mar 2017 23:28:45 +0800 Subject: [PATCH 042/191] choose rpc code to determine status code Signed-off-by: allencloud Upstream-commit: f257f77c6c13ee851d3b899f8d51628a5dec92db Component: engine --- components/engine/Dockerfile | 2 +- components/engine/Dockerfile.aarch64 | 2 +- components/engine/Dockerfile.armhf | 2 +- components/engine/Dockerfile.ppc64le | 2 +- components/engine/Dockerfile.s390x | 2 +- .../engine/api/server/httputils/errors.go | 40 +++++++++++++++++++ components/engine/docs/api/version-history.md | 4 ++ .../docker_api_swarm_config_test.go | 2 +- .../docker_api_swarm_secret_test.go | 20 ++++++++-- .../integration-cli/docker_api_swarm_test.go | 2 +- 10 files changed, 68 insertions(+), 10 deletions(-) diff --git a/components/engine/Dockerfile b/components/engine/Dockerfile index ddcd3e9daa..a51b2f7a54 100644 --- a/components/engine/Dockerfile +++ b/components/engine/Dockerfile @@ -186,7 +186,7 @@ RUN set -x \ && rm -rf "$GOPATH" # Get the "docker-py" source so we can run their integration tests -ENV DOCKER_PY_COMMIT 4a08d04aef0595322e1b5ac7c52f28a931da85a5 +ENV DOCKER_PY_COMMIT dc2b24dcdd4ed7c8f6874ee5dd95716761ab6c93 # To run integration tests docker-pycreds is required. # Before running the integration tests conftest.py is # loaded which results in loads auth.py that diff --git a/components/engine/Dockerfile.aarch64 b/components/engine/Dockerfile.aarch64 index b96d473d5b..0560ae60c2 100644 --- a/components/engine/Dockerfile.aarch64 +++ b/components/engine/Dockerfile.aarch64 @@ -142,7 +142,7 @@ RUN set -x \ && rm -rf "$GOPATH" # Get the "docker-py" source so we can run their integration tests -ENV DOCKER_PY_COMMIT 4a08d04aef0595322e1b5ac7c52f28a931da85a5 +ENV DOCKER_PY_COMMIT dc2b24dcdd4ed7c8f6874ee5dd95716761ab6c93 # Before running the integration tests conftest.py is # loaded which results in loads auth.py that # imports the docker-pycreds module. diff --git a/components/engine/Dockerfile.armhf b/components/engine/Dockerfile.armhf index fe190a3fd0..59f673197d 100644 --- a/components/engine/Dockerfile.armhf +++ b/components/engine/Dockerfile.armhf @@ -137,7 +137,7 @@ RUN set -x \ && rm -rf "$GOPATH" # Get the "docker-py" source so we can run their integration tests -ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324 +ENV DOCKER_PY_COMMIT dc2b24dcdd4ed7c8f6874ee5dd95716761ab6c93 RUN git clone https://github.com/docker/docker-py.git /docker-py \ && cd /docker-py \ && git checkout -q $DOCKER_PY_COMMIT \ diff --git a/components/engine/Dockerfile.ppc64le b/components/engine/Dockerfile.ppc64le index d61205573a..9bbdacc003 100644 --- a/components/engine/Dockerfile.ppc64le +++ b/components/engine/Dockerfile.ppc64le @@ -143,7 +143,7 @@ RUN set -x \ && rm -rf "$GOPATH" # Get the "docker-py" source so we can run their integration tests -ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324 +ENV DOCKER_PY_COMMIT dc2b24dcdd4ed7c8f6874ee5dd95716761ab6c93 RUN git clone https://github.com/docker/docker-py.git /docker-py \ && cd /docker-py \ && git checkout -q $DOCKER_PY_COMMIT \ diff --git a/components/engine/Dockerfile.s390x b/components/engine/Dockerfile.s390x index c568480ecd..2c3385aff9 100644 --- a/components/engine/Dockerfile.s390x +++ b/components/engine/Dockerfile.s390x @@ -136,7 +136,7 @@ RUN set -x \ && rm -rf "$GOPATH" # Get the "docker-py" source so we can run their integration tests -ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324 +ENV DOCKER_PY_COMMIT dc2b24dcdd4ed7c8f6874ee5dd95716761ab6c93 RUN git clone https://github.com/docker/docker-py.git /docker-py \ && cd /docker-py \ && git checkout -q $DOCKER_PY_COMMIT \ diff --git a/components/engine/api/server/httputils/errors.go b/components/engine/api/server/httputils/errors.go index 40ff351495..6b1c50411e 100644 --- a/components/engine/api/server/httputils/errors.go +++ b/components/engine/api/server/httputils/errors.go @@ -9,6 +9,7 @@ import ( "github.com/docker/docker/api/types/versions" "github.com/gorilla/mux" "google.golang.org/grpc" + "google.golang.org/grpc/codes" ) // httpStatusError is an interface @@ -44,11 +45,17 @@ func GetHTTPErrorStatusCode(err error) int { case inputValidationError: statusCode = http.StatusBadRequest default: + statusCode = statusCodeFromGRPCError(err) + if statusCode != http.StatusInternalServerError { + return statusCode + } + // FIXME: this is brittle and should not be necessary, but we still need to identify if // there are errors falling back into this logic. // If we need to differentiate between different possible error types, // we should create appropriate error types that implement the httpStatusError interface. errStr := strings.ToLower(errMsg) + for _, status := range []struct { keyword string code int @@ -102,3 +109,36 @@ func MakeErrorHandler(err error) http.HandlerFunc { } } } + +// statusCodeFromGRPCError returns status code according to gRPC error +func statusCodeFromGRPCError(err error) int { + switch grpc.Code(err) { + case codes.InvalidArgument: // code 3 + return http.StatusBadRequest + case codes.NotFound: // code 5 + return http.StatusNotFound + case codes.AlreadyExists: // code 6 + return http.StatusConflict + case codes.PermissionDenied: // code 7 + return http.StatusForbidden + case codes.FailedPrecondition: // code 9 + return http.StatusBadRequest + case codes.Unauthenticated: // code 16 + return http.StatusUnauthorized + case codes.OutOfRange: // code 11 + return http.StatusBadRequest + case codes.Unimplemented: // code 12 + return http.StatusNotImplemented + case codes.Unavailable: // code 14 + return http.StatusServiceUnavailable + default: + // codes.Canceled(1) + // codes.Unknown(2) + // codes.DeadlineExceeded(4) + // codes.ResourceExhausted(8) + // codes.Aborted(10) + // codes.Internal(13) + // codes.DataLoss(15) + return http.StatusInternalServerError + } +} diff --git a/components/engine/docs/api/version-history.md b/components/engine/docs/api/version-history.md index 3891d35c04..d909a92c18 100644 --- a/components/engine/docs/api/version-history.md +++ b/components/engine/docs/api/version-history.md @@ -29,6 +29,10 @@ keywords: "API, Docker, rcli, REST, documentation" generate and rotate to a new CA certificate/key pair. * `POST /service/create` and `POST /services/(id or name)/update` now take the field `Platforms` as part of the service `Placement`, allowing to specify platforms supported by the service. * `POST /containers/(name)/wait` now accepts a `condition` query parameter to indicate which state change condition to wait for. Also, response headers are now returned immediately to acknowledge that the server has registered a wait callback for the client. +* `DELETE /secrets/(name)` now returns status code 404 instead of 500 when the secret does not exist. +* `POST /secrets/create` now returns status code 409 instead of 500 when creating an already existing secret. +* `POST /secrets/(name)/update` now returns status code 400 instead of 500 when updating a secret's content which is not the labels. +* `POST /nodes/(name)/update` now returns status code 400 instead of 500 when demoting last node fails. ## v1.29 API changes diff --git a/components/engine/integration-cli/docker_api_swarm_config_test.go b/components/engine/integration-cli/docker_api_swarm_config_test.go index 5d80ad0661..fab65ccbd0 100644 --- a/components/engine/integration-cli/docker_api_swarm_config_test.go +++ b/components/engine/integration-cli/docker_api_swarm_config_test.go @@ -114,5 +114,5 @@ func (s *DockerSwarmSuite) TestAPISwarmConfigsUpdate(c *check.C) { status, out, err := d.SockRequest("POST", url, config.Spec) c.Assert(err, checker.IsNil, check.Commentf(string(out))) - c.Assert(status, checker.Equals, http.StatusInternalServerError, check.Commentf("output: %q", string(out))) + c.Assert(status, checker.Equals, http.StatusBadRequest, check.Commentf("output: %q", string(out))) } diff --git a/components/engine/integration-cli/docker_api_swarm_secret_test.go b/components/engine/integration-cli/docker_api_swarm_secret_test.go index 64a1fc8d87..cb82af8e2e 100644 --- a/components/engine/integration-cli/docker_api_swarm_secret_test.go +++ b/components/engine/integration-cli/docker_api_swarm_secret_test.go @@ -23,18 +23,25 @@ func (s *DockerSwarmSuite) TestAPISwarmSecretsCreate(c *check.C) { d := s.AddDaemon(c, true, true) testName := "test_secret" - id := d.CreateSecret(c, swarm.SecretSpec{ + secretSpec := swarm.SecretSpec{ Annotations: swarm.Annotations{ Name: testName, }, Data: []byte("TESTINGDATA"), - }) + } + + id := d.CreateSecret(c, secretSpec) c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id)) secrets := d.ListSecrets(c) c.Assert(len(secrets), checker.Equals, 1, check.Commentf("secrets: %#v", secrets)) name := secrets[0].Spec.Annotations.Name c.Assert(name, checker.Equals, testName, check.Commentf("secret: %s", name)) + + // create an already existing secret, daemon should return a status code of 409 + status, out, err := d.SockRequest("POST", "/secrets/create", secretSpec) + c.Assert(err, checker.IsNil) + c.Assert(status, checker.Equals, http.StatusConflict, check.Commentf("secret create: %s", string(out))) } func (s *DockerSwarmSuite) TestAPISwarmSecretsDelete(c *check.C) { @@ -55,6 +62,13 @@ func (s *DockerSwarmSuite) TestAPISwarmSecretsDelete(c *check.C) { status, out, err := d.SockRequest("GET", "/secrets/"+id, nil) c.Assert(err, checker.IsNil) c.Assert(status, checker.Equals, http.StatusNotFound, check.Commentf("secret delete: %s", string(out))) + + // delete non-existing secret, daemon should return a status code of 404 + id = "non-existing" + status, out, err = d.SockRequest("DELETE", "/secrets/"+id, nil) + c.Assert(err, checker.IsNil) + c.Assert(status, checker.Equals, http.StatusNotFound, check.Commentf("secret delete: %s", string(out))) + } func (s *DockerSwarmSuite) TestAPISwarmSecretsUpdate(c *check.C) { @@ -114,5 +128,5 @@ func (s *DockerSwarmSuite) TestAPISwarmSecretsUpdate(c *check.C) { status, out, err := d.SockRequest("POST", url, secret.Spec) c.Assert(err, checker.IsNil, check.Commentf(string(out))) - c.Assert(status, checker.Equals, http.StatusInternalServerError, check.Commentf("output: %q", string(out))) + c.Assert(status, checker.Equals, http.StatusBadRequest, check.Commentf("output: %q", string(out))) } diff --git a/components/engine/integration-cli/docker_api_swarm_test.go b/components/engine/integration-cli/docker_api_swarm_test.go index 9f3f3e53ca..0e0f0e6f7a 100644 --- a/components/engine/integration-cli/docker_api_swarm_test.go +++ b/components/engine/integration-cli/docker_api_swarm_test.go @@ -229,7 +229,7 @@ func (s *DockerSwarmSuite) TestAPISwarmPromoteDemote(c *check.C) { url := fmt.Sprintf("/nodes/%s/update?version=%d", node.ID, node.Version.Index) status, out, err := d1.SockRequest("POST", url, node.Spec) c.Assert(err, checker.IsNil) - c.Assert(status, checker.Equals, http.StatusInternalServerError, check.Commentf("output: %q", string(out))) + c.Assert(status, checker.Equals, http.StatusBadRequest, check.Commentf("output: %q", string(out))) // The warning specific to demoting the last manager is best-effort and // won't appear until the Role field of the demoted manager has been // updated. From a7fe10a4408dff78e286e145f614eb7d1de9259d Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Mon, 5 Jun 2017 11:12:26 -0400 Subject: [PATCH 043/191] Fix Cache with ONBUILD Signed-off-by: Daniel Nephin Upstream-commit: f1ade82d82e6436971c6b7d08eb1da57ed9ba756 Component: engine --- .../engine/builder/dockerfile/evaluator.go | 6 +- .../integration-cli/docker_api_attach_test.go | 2 +- .../integration-cli/docker_api_build_test.go | 69 +++++++++++++++++++ .../engine/integration-cli/request/request.go | 16 ++++- 4 files changed, 85 insertions(+), 8 deletions(-) diff --git a/components/engine/builder/dockerfile/evaluator.go b/components/engine/builder/dockerfile/evaluator.go index deeda66b05..6ee4f2cfce 100644 --- a/components/engine/builder/dockerfile/evaluator.go +++ b/components/engine/builder/dockerfile/evaluator.go @@ -171,11 +171,9 @@ func (b *Builder) dispatch(options dispatchOptions) (*dispatchState, error) { buildsFailed.WithValues(metricsUnknownInstructionError).Inc() return nil, fmt.Errorf("unknown instruction: %s", upperCasedCmd) } - if err := f(newDispatchRequestFromOptions(options, b, args)); err != nil { - return nil, err - } options.state.updateRunConfig() - return options.state, nil + err = f(newDispatchRequestFromOptions(options, b, args)) + return options.state, err } type dispatchOptions struct { diff --git a/components/engine/integration-cli/docker_api_attach_test.go b/components/engine/integration-cli/docker_api_attach_test.go index 88dba3e974..11f7340c1f 100644 --- a/components/engine/integration-cli/docker_api_attach_test.go +++ b/components/engine/integration-cli/docker_api_attach_test.go @@ -74,7 +74,7 @@ func (s *DockerSuite) TestGetContainersAttachWebsocket(c *check.C) { // regression gh14320 func (s *DockerSuite) TestPostContainersAttachContainerNotFound(c *check.C) { - client, err := request.NewClient(daemonHost()) + client, err := request.NewHTTPClient(daemonHost()) c.Assert(err, checker.IsNil) req, err := request.New(daemonHost(), "/containers/doesnotexist/attach", request.Method(http.MethodPost)) resp, err := client.Do(req) diff --git a/components/engine/integration-cli/docker_api_build_test.go b/components/engine/integration-cli/docker_api_build_test.go index 12d3374dd5..64ad7c3251 100644 --- a/components/engine/integration-cli/docker_api_build_test.go +++ b/components/engine/integration-cli/docker_api_build_test.go @@ -3,6 +3,7 @@ package main import ( "archive/tar" "bytes" + "encoding/json" "io/ioutil" "net/http" "regexp" @@ -15,6 +16,9 @@ import ( "github.com/docker/docker/integration-cli/request" "github.com/docker/docker/pkg/testutil" "github.com/go-check/check" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "golang.org/x/net/context" ) func (s *DockerSuite) TestBuildAPIDockerFileRemote(c *check.C) { @@ -274,3 +278,68 @@ func (s *DockerSuite) TestBuildOnBuildWithCopy(c *check.C) { c.Assert(err, checker.IsNil) c.Assert(string(out), checker.Contains, "Successfully built") } + +func (s *DockerSuite) TestBuildOnBuildCache(c *check.C) { + build := func(dockerfile string) []byte { + ctx := fakecontext.New(c, "", + fakecontext.WithDockerfile(dockerfile), + ) + defer ctx.Close() + + res, body, err := request.Post( + "/build", + request.RawContent(ctx.AsTarReader(c)), + request.ContentType("application/x-tar")) + require.NoError(c, err) + assert.Equal(c, http.StatusOK, res.StatusCode) + + out, err := testutil.ReadBody(body) + require.NoError(c, err) + assert.Contains(c, string(out), "Successfully built") + return out + } + + dockerfile := ` + FROM ` + minimalBaseImage() + ` as onbuildbase + ENV something=bar + ONBUILD ENV foo=bar + ` + build(dockerfile) + + dockerfile += "FROM onbuildbase" + out := build(dockerfile) + + imageIDs := getImageIDsFromBuild(c, out) + assert.Len(c, imageIDs, 2) + parentID, childID := imageIDs[0], imageIDs[1] + + client, err := request.NewClient() + require.NoError(c, err) + + // check parentID is correct + image, _, err := client.ImageInspectWithRaw(context.Background(), childID) + require.NoError(c, err) + assert.Equal(c, parentID, image.Parent) +} + +type buildLine struct { + Stream string + Aux struct { + ID string + } +} + +func getImageIDsFromBuild(c *check.C, output []byte) []string { + ids := []string{} + for _, line := range bytes.Split(output, []byte("\n")) { + if len(line) == 0 { + continue + } + entry := buildLine{} + require.NoError(c, json.Unmarshal(line, &entry)) + if entry.Aux.ID != "" { + ids = append(ids, entry.Aux.ID) + } + } + return ids +} diff --git a/components/engine/integration-cli/request/request.go b/components/engine/integration-cli/request/request.go index be3628b9b2..1cb3ffec12 100644 --- a/components/engine/integration-cli/request/request.go +++ b/components/engine/integration-cli/request/request.go @@ -100,7 +100,7 @@ func DoOnHost(host, endpoint string, modifiers ...func(*http.Request) error) (*h if err != nil { return nil, nil, err } - client, err := NewClient(host) + client, err := NewHTTPClient(host) if err != nil { return nil, nil, err } @@ -140,8 +140,8 @@ func New(host, endpoint string, modifiers ...func(*http.Request) error) (*http.R return req, nil } -// NewClient creates an http client for the specific host -func NewClient(host string) (*http.Client, error) { +// NewHTTPClient creates an http client for the specific host +func NewHTTPClient(host string) (*http.Client, error) { // FIXME(vdemeester) 10*time.Second timeout of SockRequest… ? proto, addr, _, err := dclient.ParseHost(host) if err != nil { @@ -163,6 +163,16 @@ func NewClient(host string) (*http.Client, error) { }, err } +// NewClient returns a new Docker API client +func NewClient() (dclient.APIClient, error) { + host := DaemonHost() + httpClient, err := NewHTTPClient(host) + if err != nil { + return nil, err + } + return dclient.NewClient(host, "", httpClient, nil) +} + // FIXME(vdemeester) httputil.ClientConn is deprecated, use http.Client instead (closer to actual client) // Deprecated: Use New instead of NewRequestClient // Deprecated: use request.Do (or Get, Delete, Post) instead From bd56d0486b3de7556f6456448c16255019980ffb Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Tue, 6 Jun 2017 19:36:24 +0200 Subject: [PATCH 044/191] daemon: correctly try to retrieve init/runtime versions Signed-off-by: Antonio Murdaca Upstream-commit: 858b4b44c8172eb2c92767c8f624f4138db5212b Component: engine --- .../engine/daemon/config/config_common_unix.go | 2 +- components/engine/daemon/info_unix.go | 15 ++++++++------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/components/engine/daemon/config/config_common_unix.go b/components/engine/daemon/config/config_common_unix.go index 2e818cb344..d11cceba20 100644 --- a/components/engine/daemon/config/config_common_unix.go +++ b/components/engine/daemon/config/config_common_unix.go @@ -59,7 +59,7 @@ func (conf *Config) GetExecRoot() string { return conf.ExecRoot } -// GetInitPath returns the configure docker-init path +// GetInitPath returns the configured docker-init path func (conf *Config) GetInitPath() string { conf.Lock() defer conf.Unlock() diff --git a/components/engine/daemon/info_unix.go b/components/engine/daemon/info_unix.go index 5c387541b3..2ad979c285 100644 --- a/components/engine/daemon/info_unix.go +++ b/components/engine/daemon/info_unix.go @@ -9,7 +9,6 @@ import ( "github.com/Sirupsen/logrus" "github.com/docker/docker/api/types" - daemonconfig "github.com/docker/docker/daemon/config" "github.com/docker/docker/dockerversion" "github.com/docker/docker/pkg/sysinfo" "github.com/pkg/errors" @@ -38,7 +37,8 @@ func (daemon *Daemon) FillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo) } v.RuncCommit.Expected = dockerversion.RuncCommitID - if rv, err := exec.Command(DefaultRuntimeBinary, "--version").Output(); err == nil { + defaultRuntimeBinary := daemon.configStore.GetRuntime(daemon.configStore.GetDefaultRuntimeName()).Path + if rv, err := exec.Command(defaultRuntimeBinary).Output(); err == nil { parts := strings.Split(strings.TrimSpace(string(rv)), "\n") if len(parts) == 3 { parts = strings.Split(parts[1], ": ") @@ -48,23 +48,24 @@ func (daemon *Daemon) FillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo) } if v.RuncCommit.ID == "" { - logrus.Warnf("failed to retrieve %s version: unknown output format: %s", DefaultRuntimeBinary, string(rv)) + logrus.Warnf("failed to retrieve %s version: unknown output format: %s", defaultRuntimeBinary, string(rv)) v.RuncCommit.ID = "N/A" } } else { - logrus.Warnf("failed to retrieve %s version: %v", DefaultRuntimeBinary, err) + logrus.Warnf("failed to retrieve %s version: %v", defaultRuntimeBinary, err) v.RuncCommit.ID = "N/A" } - if rv, err := exec.Command(daemonconfig.DefaultInitBinary, "--version").Output(); err == nil { + defaultInitBinary := daemon.configStore.GetInitPath() + if rv, err := exec.Command(defaultInitBinary, "--version").Output(); err == nil { ver, err := parseInitVersion(string(rv)) if err != nil { - logrus.Warnf("failed to retrieve %s version: %s", daemonconfig.DefaultInitBinary, err) + logrus.Warnf("failed to retrieve %s version: %s", defaultInitBinary, err) } v.InitCommit = ver } else { - logrus.Warnf("failed to retrieve %s version: %s", daemonconfig.DefaultInitBinary, err) + logrus.Warnf("failed to retrieve %s version: %s", defaultInitBinary, err) v.InitCommit.ID = "N/A" } } From cc0cc953bea9dd35ff60a2b72048827d4e0f9bcc Mon Sep 17 00:00:00 2001 From: Boaz Shuster Date: Tue, 6 Jun 2017 21:33:02 +0300 Subject: [PATCH 045/191] Describe the differences between container-inspect and container-list Signed-off-by: Boaz Shuster Upstream-commit: e8a1d99afb42d0931f7e1fd3df41611aafddf5a9 Component: engine --- components/engine/api/swagger.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/components/engine/api/swagger.yaml b/components/engine/api/swagger.yaml index 14b5e4864c..fc9ecd39bc 100644 --- a/components/engine/api/swagger.yaml +++ b/components/engine/api/swagger.yaml @@ -2698,6 +2698,11 @@ paths: /containers/json: get: summary: "List containers" + description: | + Returns a list of containers. For details on the format, see [the inspect endpoint](#operation/ContainerInspect). + + Note that it uses a different, smaller representation of a container than inspecting a single container. For example, + the list of linked containers is not propagated . operationId: "ContainerList" produces: - "application/json" From 4eb3d3cbf0df16a8344b9ec59ae6be7e8858e6a9 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Tue, 6 Jun 2017 10:54:30 -0700 Subject: [PATCH 046/191] Moby report 2017-06-05 Signed-off-by: Victor Vieux Upstream-commit: 7a295b03336e48b0596d0e4d44ae19add3a56fb3 Component: engine --- components/engine/reports/2017-06-05.md | 36 +++++++++++++++++++ .../engine/reports/builder/2017-06-05.md | 4 --- 2 files changed, 36 insertions(+), 4 deletions(-) create mode 100644 components/engine/reports/2017-06-05.md diff --git a/components/engine/reports/2017-06-05.md b/components/engine/reports/2017-06-05.md new file mode 100644 index 0000000000..8e2cc3c458 --- /dev/null +++ b/components/engine/reports/2017-06-05.md @@ -0,0 +1,36 @@ +# Development Report for June 5, 2017 + +## Daily Meeting + +A daily meeting is hosted on [slack](https://dockercommunity.slack.com) every business day at 9am PST on the channel `#moby-project`. +Lots of discussion happened during this meeting to kickstart the project, but now that we have the forums, we see less activity there. +We are discussing the future of this meeting [here](https://forums.mobyproject.org/t/of-standups-future), we will possibily move the meeting +to weekly. + +## Topics discussed last week + +### The CLI split + +Thanks to @tiborvass, the man pages, docs and completion scripts were imported to `github.com/docker/cli` [last week](https://github.com/docker/cli/pull/147) +Once everything is finalised, we will remove them from `github.com/moby/moby` + +### Find a good and non-confusing home for the remaining monolith + +Discussion on this topic is still ongoing, and possible approaches are looked into. The active discussion has moved +from GitHub to [https://forums.mobyproject.org/](https://forums.mobyproject.org/t/topic-find-a-good-an-non-confusing-home-for-the-remaining-monolith) + + +### Find a place for `/pkg` + +Thanks to @dnephin this topic in on-going, you can follow progress [here](https://github.com/moby/moby/issues/32989) +Many pkgs were reorganised last week, and more to come this week. + + +### Builder + +The builder dev report can be found [here](builder/2017-06-05.md) + + +### LinuxKit + +The LinuxKit dev report can be found [here](https://github.com/linuxkit/linuxkit/blob/master/reports/2017-06-03.md) \ No newline at end of file diff --git a/components/engine/reports/builder/2017-06-05.md b/components/engine/reports/builder/2017-06-05.md index b6b83dc1b7..3746c2639e 100644 --- a/components/engine/reports/builder/2017-06-05.md +++ b/components/engine/reports/builder/2017-06-05.md @@ -21,10 +21,6 @@ Related to this, @simonferquel opened a [WIP PR](https://github.com/moby/moby/pu Some initial proof of concept code for [buildkit](https://github.com/moby/moby/issues/32925) has been pushed to https://github.com/tonistiigi/buildkit_poc . It's in a very early exploratory stage. Current codebase includes libraries for getting concurrency safe references to containerd snapshots using a centralized cache management instance. There is a sample source implementation for pulling images to these snapshots and executing jobs with runc on top of them. There is also some utility code for concurrent execution and progress stream handling. More info should follow in next weeks, including hopefully opening up an official repo. If you have questions or want to help, stop by the issues section of that repo or the proposal in moby/moby. -### `v17.06` release - -Some bugs [1](https://github.com/moby/moby/issues/33493), [2](https://github.com/moby/moby/pull/33524) were found with the `ONBUILD` instruction in `v17.06-rc1`. They should be fixed in `rc2`. As quite a lot has changed in the builder internals, users are recommended to test the release candidate. - ### Proposals discussed in maintainers meeting Reminder from last week: New builder proposals were discussed in maintainers meeting. The decision was to give two more weeks for anyone to post feedback to [IMPORT/EXPORT commands](https://github.com/moby/moby/issues/32100) and [`RUN --mount`](https://github.com/moby/moby/issues/32507) and accept them for development if nothing significant comes up. It is the last week to post your feedback on these proposals or the comments in them. You can also volunteer to implement them. From 63a5fba1a841cad9920a6d8d955c27c59fb9f1de Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Wed, 7 Jun 2017 05:23:26 +0000 Subject: [PATCH 047/191] builder: add a test for `ENV name` (without `=value`) Signed-off-by: Akihiro Suda Upstream-commit: 09eca591f723f9acd0909b04144c229b6cd59912 Component: engine --- .../engine/builder/dockerfile/parser/line_parsers_test.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/components/engine/builder/dockerfile/parser/line_parsers_test.go b/components/engine/builder/dockerfile/parser/line_parsers_test.go index cd6d57af3a..cf0b21bb51 100644 --- a/components/engine/builder/dockerfile/parser/line_parsers_test.go +++ b/components/engine/builder/dockerfile/parser/line_parsers_test.go @@ -64,3 +64,11 @@ func TestNodeFromLabels(t *testing.T) { assert.Equal(t, expected, node) } + +func TestParseNameValWithoutVal(t *testing.T) { + directive := Directive{} + // In Config.Env, a variable without `=` is removed from the environment. (#31634) + // However, in Dockerfile, we don't allow "unsetting" an environment variable. (#11922) + _, err := parseNameVal("foo", "ENV", &directive) + assert.Error(t, err, "ENV must have two arguments") +} From af043a1e5bfb1f3963821d3032548e56ec75cd58 Mon Sep 17 00:00:00 2001 From: Madhu Venugopal Date: Tue, 6 Jun 2017 21:17:35 -0700 Subject: [PATCH 048/191] Vendoring libnetwork and netlink libnetwork eb57059e91bc54c9da23c5a633b75b3faf910a68 netlink bd6d5de5ccef2d66b0a26177928d0d8895d7f969 Signed-off-by: Madhu Venugopal Upstream-commit: 5fd65a6b6c524e670f3b4ccced3974f63c1fd9a6 Component: engine --- components/engine/vendor.conf | 4 +- .../github.com/docker/libnetwork/agent.go | 10 +- .../drivers/overlay/ostweaks_linux.go | 30 +++ .../drivers/overlay/ostweaks_unsupported.go | 5 + .../libnetwork/drivers/overlay/ov_network.go | 91 +++++++ .../libnetwork/drivers/overlay/overlay.go | 6 +- .../libnetwork/drivers/overlay/peerdb.go | 4 +- .../docker/libnetwork/networkdb/watch.go | 4 +- .../docker/libnetwork/osl/neigh_linux.go | 17 ++ .../github.com/docker/libnetwork/vendor.conf | 14 +- .../github.com/vishvananda/netlink/addr.go | 12 +- .../vishvananda/netlink/addr_linux.go | 18 +- .../vishvananda/netlink/filter_linux.go | 22 +- .../vishvananda/netlink/genetlink_linux.go | 167 ++++++++++++ .../netlink/genetlink_unspecified.go | 25 ++ .../vishvananda/netlink/gtp_linux.go | 238 ++++++++++++++++++ .../github.com/vishvananda/netlink/link.go | 37 ++- .../vishvananda/netlink/link_linux.go | 136 +++++++++- .../vishvananda/netlink/nl/addr_linux.go | 29 +++ .../vishvananda/netlink/nl/genetlink_linux.go | 89 +++++++ .../vishvananda/netlink/nl/link_linux.go | 74 +++++- .../vishvananda/netlink/nl/nl_linux.go | 25 +- .../vishvananda/netlink/protinfo.go | 20 +- .../vishvananda/netlink/protinfo_linux.go | 4 + .../vishvananda/netlink/route_linux.go | 2 +- 25 files changed, 1014 insertions(+), 69 deletions(-) create mode 100644 components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/ostweaks_linux.go create mode 100644 components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/ostweaks_unsupported.go create mode 100644 components/engine/vendor/github.com/vishvananda/netlink/genetlink_linux.go create mode 100644 components/engine/vendor/github.com/vishvananda/netlink/genetlink_unspecified.go create mode 100644 components/engine/vendor/github.com/vishvananda/netlink/gtp_linux.go create mode 100644 components/engine/vendor/github.com/vishvananda/netlink/nl/genetlink_linux.go diff --git a/components/engine/vendor.conf b/components/engine/vendor.conf index 3d9f47c944..cdbc0decb1 100644 --- a/components/engine/vendor.conf +++ b/components/engine/vendor.conf @@ -26,7 +26,7 @@ github.com/imdario/mergo 0.2.1 golang.org/x/sync de49d9dcd27d4f764488181bea099dfe6179bcf0 #get libnetwork packages -github.com/docker/libnetwork 2e99f06621c23a5f4038968f1af1e28c84e4104e +github.com/docker/libnetwork eb57059e91bc54c9da23c5a633b75b3faf910a68 github.com/docker/go-events 18b43f1bc85d9cdd42c05a6cd2d444c7a200a894 github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec @@ -38,7 +38,7 @@ github.com/hashicorp/go-multierror fcdddc395df1ddf4247c69bd436e84cfa0733f7e github.com/hashicorp/serf 598c54895cc5a7b1a24a398d635e8c0ea0959870 github.com/docker/libkv 1d8431073ae03cdaedb198a89722f3aab6d418ef github.com/vishvananda/netns 604eaf189ee867d8c147fafc28def2394e878d25 -github.com/vishvananda/netlink 1e86b2bee5b6a7d377e4c02bb7f98209d6a7297c +github.com/vishvananda/netlink bd6d5de5ccef2d66b0a26177928d0d8895d7f969 github.com/BurntSushi/toml f706d00e3de6abe700c994cdd545a1a4915af060 github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374 github.com/deckarep/golang-set ef32fa3046d9f249d399f98ebaf9be944430fd1d diff --git a/components/engine/vendor/github.com/docker/libnetwork/agent.go b/components/engine/vendor/github.com/docker/libnetwork/agent.go index d67d446fe8..485713171e 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/agent.go +++ b/components/engine/vendor/github.com/docker/libnetwork/agent.go @@ -722,15 +722,13 @@ func (n *network) cancelDriverWatches() { } } -func (c *controller) handleTableEvents(ch chan events.Event, fn func(events.Event)) { +func (c *controller) handleTableEvents(ch *events.Channel, fn func(events.Event)) { for { select { - case ev, ok := <-ch: - if !ok { - return - } - + case ev := <-ch.C: fn(ev) + case <-ch.Done(): + return } } } diff --git a/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/ostweaks_linux.go b/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/ostweaks_linux.go new file mode 100644 index 0000000000..85840cf8c4 --- /dev/null +++ b/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/ostweaks_linux.go @@ -0,0 +1,30 @@ +package overlay + +import ( + "io/ioutil" + "path" + "strings" + + "github.com/Sirupsen/logrus" +) + +var sysctlConf = map[string]string{ + "net.ipv4.neigh.default.gc_thresh1": "8192", + "net.ipv4.neigh.default.gc_thresh2": "49152", + "net.ipv4.neigh.default.gc_thresh3": "65536", +} + +// writeSystemProperty writes the value to a path under /proc/sys as determined from the key. +// For e.g. net.ipv4.ip_forward translated to /proc/sys/net/ipv4/ip_forward. +func writeSystemProperty(key, value string) error { + keyPath := strings.Replace(key, ".", "/", -1) + return ioutil.WriteFile(path.Join("/proc/sys", keyPath), []byte(value), 0644) +} + +func applyOStweaks() { + for k, v := range sysctlConf { + if err := writeSystemProperty(k, v); err != nil { + logrus.Errorf("error setting the kernel parameter %s = %s, err: %s", k, v, err) + } + } +} diff --git a/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/ostweaks_unsupported.go b/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/ostweaks_unsupported.go new file mode 100644 index 0000000000..a5e8d91083 --- /dev/null +++ b/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/ostweaks_unsupported.go @@ -0,0 +1,5 @@ +// +build !linux + +package overlay + +func applyOStweaks() {} diff --git a/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/ov_network.go b/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/ov_network.go index 64e5744403..6be88d9179 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/ov_network.go +++ b/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/ov_network.go @@ -3,8 +3,10 @@ package overlay import ( "encoding/json" "fmt" + "io/ioutil" "net" "os" + "os/exec" "path/filepath" "strconv" "strings" @@ -12,6 +14,7 @@ import ( "syscall" "github.com/Sirupsen/logrus" + "github.com/docker/docker/pkg/reexec" "github.com/docker/libnetwork/datastore" "github.com/docker/libnetwork/driverapi" "github.com/docker/libnetwork/netlabel" @@ -55,6 +58,7 @@ type network struct { dbIndex uint64 dbExists bool sbox osl.Sandbox + nlSocket *nl.NetlinkSocket endpoints endpointTable driver *driver joinCnt int @@ -67,6 +71,54 @@ type network struct { sync.Mutex } +func init() { + reexec.Register("set-default-vlan", setDefaultVlan) +} + +func setDefaultVlan() { + if len(os.Args) < 3 { + logrus.Error("insufficient number of arguments") + os.Exit(1) + } + nsPath := os.Args[1] + ns, err := netns.GetFromPath(nsPath) + if err != nil { + logrus.Errorf("overlay namespace get failed, %v", err) + os.Exit(1) + } + if err = netns.Set(ns); err != nil { + logrus.Errorf("setting into overlay namespace failed, %v", err) + os.Exit(1) + } + + // make sure the sysfs mount doesn't propagate back + if err = syscall.Unshare(syscall.CLONE_NEWNS); err != nil { + logrus.Errorf("unshare failed, %v", err) + os.Exit(1) + } + + flag := syscall.MS_PRIVATE | syscall.MS_REC + if err = syscall.Mount("", "/", "", uintptr(flag), ""); err != nil { + logrus.Errorf("root mount failed, %v", err) + os.Exit(1) + } + + if err = syscall.Mount("sysfs", "/sys", "sysfs", 0, ""); err != nil { + logrus.Errorf("mounting sysfs failed, %v", err) + os.Exit(1) + } + + brName := os.Args[2] + path := filepath.Join("/sys/class/net", brName, "bridge/default_pvid") + data := []byte{'0', '\n'} + + if err = ioutil.WriteFile(path, data, 0644); err != nil { + logrus.Errorf("endbling default vlan on bridge %s failed %v", brName, err) + os.Exit(1) + } + os.Exit(0) +} + func (d *driver) NetworkAllocate(id string, option map[string]string, ipV4Data, ipV6Data []driverapi.IPAMData) (map[string]string, error) { return nil, types.NotImplementedErrorf("not implemented") } @@ -294,6 +346,12 @@ func (n *network) destroySandbox() { } } + // Close the netlink socket, this will also release the watchMiss goroutine that is using it + if n.nlSocket != nil { + n.nlSocket.Close() + n.nlSocket = nil + } + n.sbox.Destroy() n.sbox = nil } @@ -505,6 +563,25 @@ func (n *network) setupSubnetSandbox(s *subnet, brName, vxlanName string) error return fmt.Errorf("vxlan interface creation failed for subnet %q: %v", s.subnetIP.String(), err) } + if !hostMode { + var name string + for _, i := range sbox.Info().Interfaces() { + if i.Bridge() { + name = i.DstName() + } + } + cmd := &exec.Cmd{ + Path: reexec.Self(), + Args: []string{"set-default-vlan", sbox.Key(), name}, + Stdout: os.Stdout, + Stderr: os.Stderr, + } + if err := cmd.Run(); err != nil { + // not a fatal error + logrus.Errorf("reexec to set bridge default vlan failed %v", err) + } + } + if hostMode { if err := addFilters(n.id[:12], brName); err != nil { return err @@ -615,6 +692,7 @@ func (n *network) initSandbox(restore bool) error { sbox.InvokeFunc(func() { nlSock, err = nl.Subscribe(syscall.NETLINK_ROUTE, syscall.RTNLGRP_NEIGH) }) + n.setNetlinkSocket(nlSock) if err == nil { go n.watchMiss(nlSock) @@ -630,6 +708,13 @@ func (n *network) watchMiss(nlSock *nl.NetlinkSocket) { for { msgs, err := nlSock.Receive() if err != nil { + n.Lock() + nlFd := nlSock.GetFd() + n.Unlock() + if nlFd == -1 { + // The netlink socket got closed, simply exit to not leak this goroutine + return + } logrus.Errorf("Failed to receive from netlink: %v ", err) continue } @@ -746,6 +831,12 @@ func (n *network) setSandbox(sbox osl.Sandbox) { n.Unlock() } +func (n *network) setNetlinkSocket(nlSk *nl.NetlinkSocket) { + n.Lock() + n.nlSocket = nlSk + n.Unlock() +} + func (n *network) vxlanID(s *subnet) uint32 { n.Lock() defer n.Unlock() diff --git a/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/overlay.go b/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/overlay.go index 8a932cf370..8d19b2e1d4 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/overlay.go +++ b/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/overlay.go @@ -46,7 +46,7 @@ type driver struct { store datastore.DataStore localStore datastore.DataStore vxlanIdm *idm.Idm - once sync.Once + initOS sync.Once joinOnce sync.Once localJoinOnce sync.Once keys []*key @@ -180,6 +180,10 @@ func Fini(drv driverapi.Driver) { } func (d *driver) configure() error { + + // Apply OS specific kernel configs if needed + d.initOS.Do(applyOStweaks) + if d.store == nil { return nil } diff --git a/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/peerdb.go b/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/peerdb.go index 6551e7bcad..21cd1fbe3d 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/peerdb.go +++ b/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/peerdb.go @@ -222,7 +222,7 @@ func (d *driver) peerDbUpdateSandbox(nid string) { for pKeyStr, pEntry := range pMap.mp { var pKey peerKey if _, err := fmt.Sscan(pKeyStr, &pKey); err != nil { - fmt.Printf("peer key scan failed: %v", err) + logrus.Errorf("peer key scan failed: %v", err) } if pEntry.isLocal { @@ -237,7 +237,7 @@ func (d *driver) peerDbUpdateSandbox(nid string) { if err := d.peerAdd(nid, entry.eid, pKey.peerIP, entry.peerIPMask, pKey.peerMac, entry.vtep, false, false, false); err != nil { - fmt.Printf("peerdbupdate in sandbox failed for ip %s and mac %s: %v", + logrus.Errorf("peerdbupdate in sandbox failed for ip %s and mac %s: %v", pKey.peerIP, pKey.peerMac, err) } } diff --git a/components/engine/vendor/github.com/docker/libnetwork/networkdb/watch.go b/components/engine/vendor/github.com/docker/libnetwork/networkdb/watch.go index 088b666f01..2ef30422a8 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/networkdb/watch.go +++ b/components/engine/vendor/github.com/docker/libnetwork/networkdb/watch.go @@ -43,7 +43,7 @@ type DeleteEvent event // filter is an empty string it acts as a wildcard for that // field. Watch returns a channel of events, where the events will be // sent. -func (nDB *NetworkDB) Watch(tname, nid, key string) (chan events.Event, func()) { +func (nDB *NetworkDB) Watch(tname, nid, key string) (*events.Channel, func()) { var matcher events.Matcher if tname != "" || nid != "" || key != "" { @@ -82,7 +82,7 @@ func (nDB *NetworkDB) Watch(tname, nid, key string) (chan events.Event, func()) } nDB.broadcaster.Add(sink) - return ch.C, func() { + return ch, func() { nDB.broadcaster.Remove(sink) ch.Close() sink.Close() diff --git a/components/engine/vendor/github.com/docker/libnetwork/osl/neigh_linux.go b/components/engine/vendor/github.com/docker/libnetwork/osl/neigh_linux.go index 81b6cd9c1c..161ffa7beb 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/osl/neigh_linux.go +++ b/components/engine/vendor/github.com/docker/libnetwork/osl/neigh_linux.go @@ -78,6 +78,23 @@ func (n *networkNamespace) DeleteNeighbor(dstIP net.IP, dstMac net.HardwareAddr, if err := nlh.NeighDel(nlnh); err != nil { logrus.Warnf("Deleting neighbor IP %s, mac %s failed, %v", dstIP, dstMac, err) } + + // Delete the dynamic entry in the bridge + if nlnh.Family > 0 { + nlnh := &netlink.Neigh{ + IP: dstIP, + Family: nh.family, + } + + nlnh.HardwareAddr = dstMac + nlnh.Flags = netlink.NTF_MASTER + if nh.linkDst != "" { + nlnh.LinkIndex = iface.Attrs().Index + } + if err := nlh.NeighDel(nlnh); err != nil { + logrus.Warnf("Deleting bridge mac mac %s failed, %v", dstMac, err) + } + } } n.Lock() diff --git a/components/engine/vendor/github.com/docker/libnetwork/vendor.conf b/components/engine/vendor/github.com/docker/libnetwork/vendor.conf index 0f1db6d18f..203e1cebf5 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/vendor.conf +++ b/components/engine/vendor/github.com/docker/libnetwork/vendor.conf @@ -19,11 +19,11 @@ github.com/docker/libkv 1d8431073ae03cdaedb198a89722f3aab6d418ef github.com/godbus/dbus 5f6efc7ef2759c81b7ba876593971bfce311eab3 github.com/gogo/protobuf 8d70fb3182befc465c4a1eac8ad4d38ff49778e2 -github.com/golang/protobuf/proto f7137ae6b19afbfd61a94b746fda3b3fe0491874 +github.com/golang/protobuf f7137ae6b19afbfd61a94b746fda3b3fe0491874 github.com/gorilla/context 215affda49addc4c8ef7e2534915df2c8c35c6cd github.com/gorilla/mux 8096f47503459bcc74d1f4c487b7e6e42e5746b5 -github.com/hashicorp/consul/api 954aec66231b79c161a4122b023fbcad13047f79 -github.com/hashicorp/go-msgpack/codec 71c2886f5a673a35f909803f38ece5810165097b +github.com/hashicorp/consul 954aec66231b79c161a4122b023fbcad13047f79 +github.com/hashicorp/go-msgpack 71c2886f5a673a35f909803f38ece5810165097b github.com/hashicorp/go-multierror 2167c8ec40776024589f483a6b836489e47e1049 github.com/hashicorp/memberlist v0.1.0 github.com/sean-/seed e2103e2c35297fb7e17febb81e49b312087a2372 @@ -31,13 +31,13 @@ github.com/hashicorp/go-sockaddr acd314c5781ea706c710d9ea70069fd2e110d61d github.com/hashicorp/serf 598c54895cc5a7b1a24a398d635e8c0ea0959870 github.com/mattn/go-shellwords 525bedee691b5a8df547cb5cf9f86b7fb1883e24 github.com/miekg/dns d27455715200c7d3e321a1e5cadb27c9ee0b0f02 -github.com/opencontainers/runc/libcontainer ba1568de399395774ad84c2ace65937814c542ed -github.com/samuel/go-zookeeper/zk d0e0d8e11f318e000a8cc434616d69e329edc374 +github.com/opencontainers/runc ba1568de399395774ad84c2ace65937814c542ed +github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374 github.com/seccomp/libseccomp-golang 1b506fc7c24eec5a3693cdcbed40d9c226cfc6a1 github.com/stretchr/testify dab07ac62d4905d3e48d17dc549c684ac3b7c15a -github.com/syndtr/gocapability/capability 2c00daeb6c3b45114c80ac44119e7b8801fdd852 +github.com/syndtr/gocapability 2c00daeb6c3b45114c80ac44119e7b8801fdd852 github.com/ugorji/go f1f1a805ed361a0e078bb537e4ea78cd37dcf065 -github.com/vishvananda/netlink 1e86b2bee5b6a7d377e4c02bb7f98209d6a7297c +github.com/vishvananda/netlink bd6d5de5ccef2d66b0a26177928d0d8895d7f969 github.com/vishvananda/netns 604eaf189ee867d8c147fafc28def2394e878d25 golang.org/x/net c427ad74c6d7a814201695e9ffde0c5d400a7674 golang.org/x/sys 8f0908ab3b2457e2e15403d3697c9ef5cb4b57a9 diff --git a/components/engine/vendor/github.com/vishvananda/netlink/addr.go b/components/engine/vendor/github.com/vishvananda/netlink/addr.go index fe3e3d3668..f08c956969 100644 --- a/components/engine/vendor/github.com/vishvananda/netlink/addr.go +++ b/components/engine/vendor/github.com/vishvananda/netlink/addr.go @@ -10,11 +10,13 @@ import ( // include a mask, so it stores the address as a net.IPNet. type Addr struct { *net.IPNet - Label string - Flags int - Scope int - Peer *net.IPNet - Broadcast net.IP + Label string + Flags int + Scope int + Peer *net.IPNet + Broadcast net.IP + PreferedLft int + ValidLft int } // String returns $ip/$netmask $label diff --git a/components/engine/vendor/github.com/vishvananda/netlink/addr_linux.go b/components/engine/vendor/github.com/vishvananda/netlink/addr_linux.go index 220f0f22f1..f33242a7c2 100644 --- a/components/engine/vendor/github.com/vishvananda/netlink/addr_linux.go +++ b/components/engine/vendor/github.com/vishvananda/netlink/addr_linux.go @@ -195,10 +195,16 @@ func parseAddr(m []byte) (addr Addr, family, index int, err error) { Mask: net.CIDRMask(int(msg.Prefixlen), 8*len(attr.Value)), } addr.IPNet = local + case syscall.IFA_BROADCAST: + addr.Broadcast = attr.Value case syscall.IFA_LABEL: addr.Label = string(attr.Value[:len(attr.Value)-1]) case IFA_FLAGS: addr.Flags = int(native.Uint32(attr.Value[0:4])) + case nl.IFA_CACHEINFO: + ci := nl.DeserializeIfaCacheInfo(attr.Value) + addr.PreferedLft = int(ci.IfaPrefered) + addr.ValidLft = int(ci.IfaValid) } } @@ -216,6 +222,10 @@ func parseAddr(m []byte) (addr Addr, family, index int, err error) { type AddrUpdate struct { LinkAddress net.IPNet LinkIndex int + Flags int + Scope int + PreferedLft int + ValidLft int NewAddr bool // true=added false=deleted } @@ -263,7 +273,13 @@ func addrSubscribe(newNs, curNs netns.NsHandle, ch chan<- AddrUpdate, done <-cha continue } - ch <- AddrUpdate{LinkAddress: *addr.IPNet, LinkIndex: ifindex, NewAddr: msgType == syscall.RTM_NEWADDR} + ch <- AddrUpdate{LinkAddress: *addr.IPNet, + LinkIndex: ifindex, + NewAddr: msgType == syscall.RTM_NEWADDR, + Flags: addr.Flags, + Scope: addr.Scope, + PreferedLft: addr.PreferedLft, + ValidLft: addr.ValidLft} } } }() diff --git a/components/engine/vendor/github.com/vishvananda/netlink/filter_linux.go b/components/engine/vendor/github.com/vishvananda/netlink/filter_linux.go index eb1802c444..dc0f90af88 100644 --- a/components/engine/vendor/github.com/vishvananda/netlink/filter_linux.go +++ b/components/engine/vendor/github.com/vishvananda/netlink/filter_linux.go @@ -141,19 +141,19 @@ func (h *Handle) FilterAdd(filter Filter) error { } if native != networkOrder { - // Copy Tcu32Sel. - cSel := sel + // Copy TcU32Sel. + cSel := *sel keys := make([]nl.TcU32Key, cap(sel.Keys)) copy(keys, sel.Keys) cSel.Keys = keys - sel = cSel + sel = &cSel // Handle the endianness of attributes sel.Offmask = native.Uint16(htons(sel.Offmask)) sel.Hmask = native.Uint32(htonl(sel.Hmask)) - for _, key := range sel.Keys { - key.Mask = native.Uint32(htonl(key.Mask)) - key.Val = native.Uint32(htonl(key.Val)) + for i, key := range sel.Keys { + sel.Keys[i].Mask = native.Uint32(htonl(key.Mask)) + sel.Keys[i].Val = native.Uint32(htonl(key.Val)) } } sel.Nkeys = uint8(len(sel.Keys)) @@ -453,15 +453,11 @@ func parseU32Data(filter Filter, data []syscall.NetlinkRouteAttr) (bool, error) // Handle the endianness of attributes u32.Sel.Offmask = native.Uint16(htons(sel.Offmask)) u32.Sel.Hmask = native.Uint32(htonl(sel.Hmask)) - for _, key := range u32.Sel.Keys { - key.Mask = native.Uint32(htonl(key.Mask)) - key.Val = native.Uint32(htonl(key.Val)) + for i, key := range u32.Sel.Keys { + u32.Sel.Keys[i].Mask = native.Uint32(htonl(key.Mask)) + u32.Sel.Keys[i].Val = native.Uint32(htonl(key.Val)) } } - // only parse if we have a very basic redirect - if sel.Flags&nl.TC_U32_TERMINAL == 0 || sel.Nkeys != 1 { - return detailed, nil - } case nl.TCA_U32_ACT: tables, err := nl.ParseRouteAttr(datum.Value) if err != nil { diff --git a/components/engine/vendor/github.com/vishvananda/netlink/genetlink_linux.go b/components/engine/vendor/github.com/vishvananda/netlink/genetlink_linux.go new file mode 100644 index 0000000000..a388a87001 --- /dev/null +++ b/components/engine/vendor/github.com/vishvananda/netlink/genetlink_linux.go @@ -0,0 +1,167 @@ +package netlink + +import ( + "fmt" + "syscall" + + "github.com/vishvananda/netlink/nl" +) + +type GenlOp struct { + ID uint32 + Flags uint32 +} + +type GenlMulticastGroup struct { + ID uint32 + Name string +} + +type GenlFamily struct { + ID uint16 + HdrSize uint32 + Name string + Version uint32 + MaxAttr uint32 + Ops []GenlOp + Groups []GenlMulticastGroup +} + +func parseOps(b []byte) ([]GenlOp, error) { + attrs, err := nl.ParseRouteAttr(b) + if err != nil { + return nil, err + } + ops := make([]GenlOp, 0, len(attrs)) + for _, a := range attrs { + nattrs, err := nl.ParseRouteAttr(a.Value) + if err != nil { + return nil, err + } + var op GenlOp + for _, na := range nattrs { + switch na.Attr.Type { + case nl.GENL_CTRL_ATTR_OP_ID: + op.ID = native.Uint32(na.Value) + case nl.GENL_CTRL_ATTR_OP_FLAGS: + op.Flags = native.Uint32(na.Value) + } + } + ops = append(ops, op) + } + return ops, nil +} + +func parseMulticastGroups(b []byte) ([]GenlMulticastGroup, error) { + attrs, err := nl.ParseRouteAttr(b) + if err != nil { + return nil, err + } + groups := make([]GenlMulticastGroup, 0, len(attrs)) + for _, a := range attrs { + nattrs, err := nl.ParseRouteAttr(a.Value) + if err != nil { + return nil, err + } + var g GenlMulticastGroup + for _, na := range nattrs { + switch na.Attr.Type { + case nl.GENL_CTRL_ATTR_MCAST_GRP_NAME: + g.Name = nl.BytesToString(na.Value) + case nl.GENL_CTRL_ATTR_MCAST_GRP_ID: + g.ID = native.Uint32(na.Value) + } + } + groups = append(groups, g) + } + return groups, nil +} + +func (f *GenlFamily) parseAttributes(attrs []syscall.NetlinkRouteAttr) error { + for _, a := range attrs { + switch a.Attr.Type { + case nl.GENL_CTRL_ATTR_FAMILY_NAME: + f.Name = nl.BytesToString(a.Value) + case nl.GENL_CTRL_ATTR_FAMILY_ID: + f.ID = native.Uint16(a.Value) + case nl.GENL_CTRL_ATTR_VERSION: + f.Version = native.Uint32(a.Value) + case nl.GENL_CTRL_ATTR_HDRSIZE: + f.HdrSize = native.Uint32(a.Value) + case nl.GENL_CTRL_ATTR_MAXATTR: + f.MaxAttr = native.Uint32(a.Value) + case nl.GENL_CTRL_ATTR_OPS: + ops, err := parseOps(a.Value) + if err != nil { + return err + } + f.Ops = ops + case nl.GENL_CTRL_ATTR_MCAST_GROUPS: + groups, err := parseMulticastGroups(a.Value) + if err != nil { + return err + } + f.Groups = groups + } + } + + return nil +} + +func parseFamilies(msgs [][]byte) ([]*GenlFamily, error) { + families := make([]*GenlFamily, 0, len(msgs)) + for _, m := range msgs { + attrs, err := nl.ParseRouteAttr(m[nl.SizeofGenlmsg:]) + if err != nil { + return nil, err + } + family := &GenlFamily{} + if err := family.parseAttributes(attrs); err != nil { + return nil, err + } + + families = append(families, family) + } + return families, nil +} + +func (h *Handle) GenlFamilyList() ([]*GenlFamily, error) { + msg := &nl.Genlmsg{ + Command: nl.GENL_CTRL_CMD_GETFAMILY, + Version: nl.GENL_CTRL_VERSION, + } + req := h.newNetlinkRequest(nl.GENL_ID_CTRL, syscall.NLM_F_DUMP) + req.AddData(msg) + msgs, err := req.Execute(syscall.NETLINK_GENERIC, 0) + if err != nil { + return nil, err + } + return parseFamilies(msgs) +} + +func GenlFamilyList() ([]*GenlFamily, error) { + return pkgHandle.GenlFamilyList() +} + +func (h *Handle) GenlFamilyGet(name string) (*GenlFamily, error) { + msg := &nl.Genlmsg{ + Command: nl.GENL_CTRL_CMD_GETFAMILY, + Version: nl.GENL_CTRL_VERSION, + } + req := h.newNetlinkRequest(nl.GENL_ID_CTRL, 0) + req.AddData(msg) + req.AddData(nl.NewRtAttr(nl.GENL_CTRL_ATTR_FAMILY_NAME, nl.ZeroTerminated(name))) + msgs, err := req.Execute(syscall.NETLINK_GENERIC, 0) + if err != nil { + return nil, err + } + families, err := parseFamilies(msgs) + if len(families) != 1 { + return nil, fmt.Errorf("invalid response for GENL_CTRL_CMD_GETFAMILY") + } + return families[0], nil +} + +func GenlFamilyGet(name string) (*GenlFamily, error) { + return pkgHandle.GenlFamilyGet(name) +} diff --git a/components/engine/vendor/github.com/vishvananda/netlink/genetlink_unspecified.go b/components/engine/vendor/github.com/vishvananda/netlink/genetlink_unspecified.go new file mode 100644 index 0000000000..0192b991e3 --- /dev/null +++ b/components/engine/vendor/github.com/vishvananda/netlink/genetlink_unspecified.go @@ -0,0 +1,25 @@ +// +build !linux + +package netlink + +type GenlOp struct{} + +type GenlMulticastGroup struct{} + +type GenlFamily struct{} + +func (h *Handle) GenlFamilyList() ([]*GenlFamily, error) { + return nil, ErrNotImplemented +} + +func GenlFamilyList() ([]*GenlFamily, error) { + return nil, ErrNotImplemented +} + +func (h *Handle) GenlFamilyGet(name string) (*GenlFamily, error) { + return nil, ErrNotImplemented +} + +func GenlFamilyGet(name string) (*GenlFamily, error) { + return nil, ErrNotImplemented +} diff --git a/components/engine/vendor/github.com/vishvananda/netlink/gtp_linux.go b/components/engine/vendor/github.com/vishvananda/netlink/gtp_linux.go new file mode 100644 index 0000000000..7331303ecb --- /dev/null +++ b/components/engine/vendor/github.com/vishvananda/netlink/gtp_linux.go @@ -0,0 +1,238 @@ +package netlink + +import ( + "fmt" + "net" + "strings" + "syscall" + + "github.com/vishvananda/netlink/nl" +) + +type PDP struct { + Version uint32 + TID uint64 + PeerAddress net.IP + MSAddress net.IP + Flow uint16 + NetNSFD uint32 + ITEI uint32 + OTEI uint32 +} + +func (pdp *PDP) String() string { + elems := []string{} + elems = append(elems, fmt.Sprintf("Version: %d", pdp.Version)) + if pdp.Version == 0 { + elems = append(elems, fmt.Sprintf("TID: %d", pdp.TID)) + } else if pdp.Version == 1 { + elems = append(elems, fmt.Sprintf("TEI: %d/%d", pdp.ITEI, pdp.OTEI)) + } + elems = append(elems, fmt.Sprintf("MS-Address: %s", pdp.MSAddress)) + elems = append(elems, fmt.Sprintf("Peer-Address: %s", pdp.PeerAddress)) + return fmt.Sprintf("{%s}", strings.Join(elems, " ")) +} + +func (p *PDP) parseAttributes(attrs []syscall.NetlinkRouteAttr) error { + for _, a := range attrs { + switch a.Attr.Type { + case nl.GENL_GTP_ATTR_VERSION: + p.Version = native.Uint32(a.Value) + case nl.GENL_GTP_ATTR_TID: + p.TID = native.Uint64(a.Value) + case nl.GENL_GTP_ATTR_PEER_ADDRESS: + p.PeerAddress = net.IP(a.Value) + case nl.GENL_GTP_ATTR_MS_ADDRESS: + p.MSAddress = net.IP(a.Value) + case nl.GENL_GTP_ATTR_FLOW: + p.Flow = native.Uint16(a.Value) + case nl.GENL_GTP_ATTR_NET_NS_FD: + p.NetNSFD = native.Uint32(a.Value) + case nl.GENL_GTP_ATTR_I_TEI: + p.ITEI = native.Uint32(a.Value) + case nl.GENL_GTP_ATTR_O_TEI: + p.OTEI = native.Uint32(a.Value) + } + } + return nil +} + +func parsePDP(msgs [][]byte) ([]*PDP, error) { + pdps := make([]*PDP, 0, len(msgs)) + for _, m := range msgs { + attrs, err := nl.ParseRouteAttr(m[nl.SizeofGenlmsg:]) + if err != nil { + return nil, err + } + pdp := &PDP{} + if err := pdp.parseAttributes(attrs); err != nil { + return nil, err + } + pdps = append(pdps, pdp) + } + return pdps, nil +} + +func (h *Handle) GTPPDPList() ([]*PDP, error) { + f, err := h.GenlFamilyGet(nl.GENL_GTP_NAME) + if err != nil { + return nil, err + } + msg := &nl.Genlmsg{ + Command: nl.GENL_GTP_CMD_GETPDP, + Version: nl.GENL_GTP_VERSION, + } + req := h.newNetlinkRequest(int(f.ID), syscall.NLM_F_DUMP) + req.AddData(msg) + msgs, err := req.Execute(syscall.NETLINK_GENERIC, 0) + if err != nil { + return nil, err + } + return parsePDP(msgs) +} + +func GTPPDPList() ([]*PDP, error) { + return pkgHandle.GTPPDPList() +} + +func gtpPDPGet(req *nl.NetlinkRequest) (*PDP, error) { + msgs, err := req.Execute(syscall.NETLINK_GENERIC, 0) + if err != nil { + return nil, err + } + pdps, err := parsePDP(msgs) + if err != nil { + return nil, err + } + if len(pdps) != 1 { + return nil, fmt.Errorf("invalid reqponse for GENL_GTP_CMD_GETPDP") + } + return pdps[0], nil +} + +func (h *Handle) GTPPDPByTID(link Link, tid int) (*PDP, error) { + f, err := h.GenlFamilyGet(nl.GENL_GTP_NAME) + if err != nil { + return nil, err + } + msg := &nl.Genlmsg{ + Command: nl.GENL_GTP_CMD_GETPDP, + Version: nl.GENL_GTP_VERSION, + } + req := h.newNetlinkRequest(int(f.ID), 0) + req.AddData(msg) + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_VERSION, nl.Uint32Attr(0))) + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_LINK, nl.Uint32Attr(uint32(link.Attrs().Index)))) + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_TID, nl.Uint64Attr(uint64(tid)))) + return gtpPDPGet(req) +} + +func GTPPDPByTID(link Link, tid int) (*PDP, error) { + return pkgHandle.GTPPDPByTID(link, tid) +} + +func (h *Handle) GTPPDPByITEI(link Link, itei int) (*PDP, error) { + f, err := h.GenlFamilyGet(nl.GENL_GTP_NAME) + if err != nil { + return nil, err + } + msg := &nl.Genlmsg{ + Command: nl.GENL_GTP_CMD_GETPDP, + Version: nl.GENL_GTP_VERSION, + } + req := h.newNetlinkRequest(int(f.ID), 0) + req.AddData(msg) + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_VERSION, nl.Uint32Attr(1))) + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_LINK, nl.Uint32Attr(uint32(link.Attrs().Index)))) + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_I_TEI, nl.Uint32Attr(uint32(itei)))) + return gtpPDPGet(req) +} + +func GTPPDPByITEI(link Link, itei int) (*PDP, error) { + return pkgHandle.GTPPDPByITEI(link, itei) +} + +func (h *Handle) GTPPDPByMSAddress(link Link, addr net.IP) (*PDP, error) { + f, err := h.GenlFamilyGet(nl.GENL_GTP_NAME) + if err != nil { + return nil, err + } + msg := &nl.Genlmsg{ + Command: nl.GENL_GTP_CMD_GETPDP, + Version: nl.GENL_GTP_VERSION, + } + req := h.newNetlinkRequest(int(f.ID), 0) + req.AddData(msg) + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_VERSION, nl.Uint32Attr(0))) + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_LINK, nl.Uint32Attr(uint32(link.Attrs().Index)))) + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_MS_ADDRESS, []byte(addr.To4()))) + return gtpPDPGet(req) +} + +func GTPPDPByMSAddress(link Link, addr net.IP) (*PDP, error) { + return pkgHandle.GTPPDPByMSAddress(link, addr) +} + +func (h *Handle) GTPPDPAdd(link Link, pdp *PDP) error { + f, err := h.GenlFamilyGet(nl.GENL_GTP_NAME) + if err != nil { + return err + } + msg := &nl.Genlmsg{ + Command: nl.GENL_GTP_CMD_NEWPDP, + Version: nl.GENL_GTP_VERSION, + } + req := h.newNetlinkRequest(int(f.ID), syscall.NLM_F_EXCL|syscall.NLM_F_ACK) + req.AddData(msg) + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_VERSION, nl.Uint32Attr(pdp.Version))) + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_LINK, nl.Uint32Attr(uint32(link.Attrs().Index)))) + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_PEER_ADDRESS, []byte(pdp.PeerAddress.To4()))) + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_MS_ADDRESS, []byte(pdp.MSAddress.To4()))) + + switch pdp.Version { + case 0: + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_TID, nl.Uint64Attr(pdp.TID))) + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_FLOW, nl.Uint16Attr(pdp.Flow))) + case 1: + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_I_TEI, nl.Uint32Attr(pdp.ITEI))) + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_O_TEI, nl.Uint32Attr(pdp.OTEI))) + default: + return fmt.Errorf("unsupported GTP version: %d", pdp.Version) + } + _, err = req.Execute(syscall.NETLINK_GENERIC, 0) + return err +} + +func GTPPDPAdd(link Link, pdp *PDP) error { + return pkgHandle.GTPPDPAdd(link, pdp) +} + +func (h *Handle) GTPPDPDel(link Link, pdp *PDP) error { + f, err := h.GenlFamilyGet(nl.GENL_GTP_NAME) + if err != nil { + return err + } + msg := &nl.Genlmsg{ + Command: nl.GENL_GTP_CMD_DELPDP, + Version: nl.GENL_GTP_VERSION, + } + req := h.newNetlinkRequest(int(f.ID), syscall.NLM_F_EXCL|syscall.NLM_F_ACK) + req.AddData(msg) + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_VERSION, nl.Uint32Attr(pdp.Version))) + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_LINK, nl.Uint32Attr(uint32(link.Attrs().Index)))) + + switch pdp.Version { + case 0: + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_TID, nl.Uint64Attr(pdp.TID))) + case 1: + req.AddData(nl.NewRtAttr(nl.GENL_GTP_ATTR_I_TEI, nl.Uint32Attr(pdp.ITEI))) + default: + return fmt.Errorf("unsupported GTP version: %d", pdp.Version) + } + _, err = req.Execute(syscall.NETLINK_GENERIC, 0) + return err +} + +func GTPPDPDel(link Link, pdp *PDP) error { + return pkgHandle.GTPPDPDel(link, pdp) +} diff --git a/components/engine/vendor/github.com/vishvananda/netlink/link.go b/components/engine/vendor/github.com/vishvananda/netlink/link.go index 924211cd48..547e92ec12 100644 --- a/components/engine/vendor/github.com/vishvananda/netlink/link.go +++ b/components/engine/vendor/github.com/vishvananda/netlink/link.go @@ -170,6 +170,7 @@ type LinkStatistics64 struct { type LinkXdp struct { Fd int Attached bool + Flags uint32 } // Device links cannot be created via netlink. These links @@ -215,6 +216,8 @@ func (ifb *Ifb) Type() string { // Bridge links are simple linux bridges type Bridge struct { LinkAttrs + MulticastSnooping *bool + HelloTime *uint32 } func (bridge *Bridge) Attrs() *LinkAttrs { @@ -590,7 +593,11 @@ type Bond struct { LacpRate BondLacpRate AdSelect BondAdSelect // looking at iproute tool AdInfo can only be retrived. It can't be set. - AdInfo *BondAdInfo + AdInfo *BondAdInfo + AdActorSysPrio int + AdUserPortKey int + AdActorSystem net.HardwareAddr + TlbDynamicLb int } func NewLinkBond(atr LinkAttrs) *Bond { @@ -618,6 +625,10 @@ func NewLinkBond(atr LinkAttrs) *Bond { PackersPerSlave: -1, LacpRate: -1, AdSelect: -1, + AdActorSysPrio: -1, + AdUserPortKey: -1, + AdActorSystem: nil, + TlbDynamicLb: -1, } } @@ -731,8 +742,32 @@ func (vrf *Vrf) Type() string { return "vrf" } +type GTP struct { + LinkAttrs + FD0 int + FD1 int + Role int + PDPHashsize int +} + +func (gtp *GTP) Attrs() *LinkAttrs { + return >p.LinkAttrs +} + +func (gtp *GTP) Type() string { + return "gtp" +} + // iproute2 supported devices; // vlan | veth | vcan | dummy | ifb | macvlan | macvtap | // bridge | bond | ipoib | ip6tnl | ipip | sit | vxlan | // gre | gretap | ip6gre | ip6gretap | vti | nlmon | // bond_slave | ipvlan + +// LinkNotFoundError wraps the various not found errors when +// getting/reading links. This is intended for better error +// handling by dependent code so that "not found error" can +// be distinguished from other errors +type LinkNotFoundError struct { + error +} diff --git a/components/engine/vendor/github.com/vishvananda/netlink/link_linux.go b/components/engine/vendor/github.com/vishvananda/netlink/link_linux.go index 0c04d3adde..1c1bc52c4d 100644 --- a/components/engine/vendor/github.com/vishvananda/netlink/link_linux.go +++ b/components/engine/vendor/github.com/vishvananda/netlink/link_linux.go @@ -103,7 +103,7 @@ func (h *Handle) SetPromiscOn(link Link) error { msg := nl.NewIfInfomsg(syscall.AF_UNSPEC) msg.Change = syscall.IFF_PROMISC - msg.Flags = syscall.IFF_UP + msg.Flags = syscall.IFF_PROMISC msg.Index = int32(base.Index) req.AddData(msg) @@ -111,6 +111,16 @@ func (h *Handle) SetPromiscOn(link Link) error { return err } +func BridgeSetMcastSnoop(link Link, on bool) error { + return pkgHandle.BridgeSetMcastSnoop(link, on) +} + +func (h *Handle) BridgeSetMcastSnoop(link Link, on bool) error { + bridge := link.(*Bridge) + bridge.MulticastSnooping = &on + return h.linkModify(bridge, syscall.NLM_F_ACK) +} + func SetPromiscOn(link Link) error { return pkgHandle.SetPromiscOn(link) } @@ -122,7 +132,7 @@ func (h *Handle) SetPromiscOff(link Link) error { msg := nl.NewIfInfomsg(syscall.AF_UNSPEC) msg.Change = syscall.IFF_PROMISC - msg.Flags = 0 & ^syscall.IFF_UP + msg.Flags = 0 & ^syscall.IFF_PROMISC msg.Index = int32(base.Index) req.AddData(msg) @@ -659,6 +669,18 @@ func addBondAttrs(bond *Bond, linkInfo *nl.RtAttr) { if bond.AdSelect >= 0 { nl.NewRtAttrChild(data, nl.IFLA_BOND_AD_SELECT, nl.Uint8Attr(uint8(bond.AdSelect))) } + if bond.AdActorSysPrio >= 0 { + nl.NewRtAttrChild(data, nl.IFLA_BOND_AD_ACTOR_SYS_PRIO, nl.Uint16Attr(uint16(bond.AdActorSysPrio))) + } + if bond.AdUserPortKey >= 0 { + nl.NewRtAttrChild(data, nl.IFLA_BOND_AD_USER_PORT_KEY, nl.Uint16Attr(uint16(bond.AdUserPortKey))) + } + if bond.AdActorSystem != nil { + nl.NewRtAttrChild(data, nl.IFLA_BOND_AD_ACTOR_SYSTEM, []byte(bond.AdActorSystem)) + } + if bond.TlbDynamicLb >= 0 { + nl.NewRtAttrChild(data, nl.IFLA_BOND_TLB_DYNAMIC_LB, nl.Uint8Attr(uint8(bond.TlbDynamicLb))) + } } // LinkAdd adds a new link device. The type and features of the device @@ -672,7 +694,10 @@ func LinkAdd(link Link) error { // are taken fromt the parameters in the link object. // Equivalent to: `ip link add $link` func (h *Handle) LinkAdd(link Link) error { - // TODO: set mtu and hardware address + return h.linkModify(link, syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK) +} + +func (h *Handle) linkModify(link Link, flags int) error { // TODO: support extra data for macvlan base := link.Attrs() @@ -719,7 +744,7 @@ func (h *Handle) LinkAdd(link Link) error { return nil } - req := h.newNetlinkRequest(syscall.RTM_NEWLINK, syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK) + req := h.newNetlinkRequest(syscall.RTM_NEWLINK, flags) msg := nl.NewIfInfomsg(syscall.AF_UNSPEC) // TODO: make it shorter @@ -767,6 +792,11 @@ func (h *Handle) LinkAdd(link Link) error { req.AddData(qlen) } + if base.HardwareAddr != nil { + hwaddr := nl.NewRtAttr(syscall.IFLA_ADDRESS, []byte(base.HardwareAddr)) + req.AddData(hwaddr) + } + if base.Namespace != nil { var attr *nl.RtAttr switch base.Namespace.(type) { @@ -830,6 +860,10 @@ func (h *Handle) LinkAdd(link Link) error { addVtiAttrs(vti, linkInfo) } else if vrf, ok := link.(*Vrf); ok { addVrfAttrs(vrf, linkInfo) + } else if bridge, ok := link.(*Bridge); ok { + addBridgeAttrs(bridge, linkInfo) + } else if gtp, ok := link.(*GTP); ok { + addGTPAttrs(gtp, linkInfo) } req.AddData(linkInfo) @@ -885,7 +919,7 @@ func (h *Handle) linkByNameDump(name string) (Link, error) { return link, nil } } - return nil, fmt.Errorf("Link %s not found", name) + return nil, LinkNotFoundError{fmt.Errorf("Link %s not found", name)} } func (h *Handle) linkByAliasDump(alias string) (Link, error) { @@ -899,7 +933,7 @@ func (h *Handle) linkByAliasDump(alias string) (Link, error) { return link, nil } } - return nil, fmt.Errorf("Link alias %s not found", alias) + return nil, LinkNotFoundError{fmt.Errorf("Link alias %s not found", alias)} } // LinkByName finds a link by name and returns a pointer to the object. @@ -985,7 +1019,7 @@ func execGetLink(req *nl.NetlinkRequest) (Link, error) { if err != nil { if errno, ok := err.(syscall.Errno); ok { if errno == syscall.ENODEV { - return nil, fmt.Errorf("Link not found") + return nil, LinkNotFoundError{fmt.Errorf("Link not found")} } } return nil, err @@ -993,7 +1027,7 @@ func execGetLink(req *nl.NetlinkRequest) (Link, error) { switch { case len(msgs) == 0: - return nil, fmt.Errorf("Link not found") + return nil, LinkNotFoundError{fmt.Errorf("Link not found")} case len(msgs) == 1: return LinkDeserialize(nil, msgs[0]) @@ -1063,6 +1097,8 @@ func LinkDeserialize(hdr *syscall.NlMsghdr, m []byte) (Link, error) { link = &Vti{} case "vrf": link = &Vrf{} + case "gtp": + link = >P{} default: link = &GenericLink{LinkType: linkType} } @@ -1092,6 +1128,10 @@ func LinkDeserialize(hdr *syscall.NlMsghdr, m []byte) (Link, error) { parseVtiData(link, data) case "vrf": parseVrfData(link, data) + case "bridge": + parseBridgeData(link, data) + case "gtp": + parseGTPData(link, data) } } } @@ -1288,6 +1328,22 @@ func (h *Handle) LinkSetFlood(link Link, mode bool) error { return h.setProtinfoAttr(link, mode, nl.IFLA_BRPORT_UNICAST_FLOOD) } +func LinkSetBrProxyArp(link Link, mode bool) error { + return pkgHandle.LinkSetBrProxyArp(link, mode) +} + +func (h *Handle) LinkSetBrProxyArp(link Link, mode bool) error { + return h.setProtinfoAttr(link, mode, nl.IFLA_BRPORT_PROXYARP) +} + +func LinkSetBrProxyArpWiFi(link Link, mode bool) error { + return pkgHandle.LinkSetBrProxyArpWiFi(link, mode) +} + +func (h *Handle) LinkSetBrProxyArpWiFi(link Link, mode bool) error { + return h.setProtinfoAttr(link, mode, nl.IFLA_BRPORT_PROXYARP_WIFI) +} + func (h *Handle) setProtinfoAttr(link Link, mode bool, attr int) error { base := link.Attrs() h.ensureIndex(base) @@ -1370,7 +1426,7 @@ func parseVxlanData(link Link, data []syscall.NetlinkRouteAttr) { } func parseBondData(link Link, data []syscall.NetlinkRouteAttr) { - bond := NewLinkBond(NewLinkAttrs()) + bond := link.(*Bond) for i := range data { switch data[i].Attr.Type { case nl.IFLA_BOND_MODE: @@ -1419,6 +1475,14 @@ func parseBondData(link Link, data []syscall.NetlinkRouteAttr) { bond.AdSelect = BondAdSelect(data[i].Value[0]) case nl.IFLA_BOND_AD_INFO: // TODO: implement + case nl.IFLA_BOND_AD_ACTOR_SYS_PRIO: + bond.AdActorSysPrio = int(native.Uint16(data[i].Value[0:2])) + case nl.IFLA_BOND_AD_USER_PORT_KEY: + bond.AdUserPortKey = int(native.Uint16(data[i].Value[0:2])) + case nl.IFLA_BOND_AD_ACTOR_SYSTEM: + bond.AdActorSystem = net.HardwareAddr(data[i].Value[0:6]) + case nl.IFLA_BOND_TLB_DYNAMIC_LB: + bond.TlbDynamicLb = int(data[i].Value[0]) } } } @@ -1566,6 +1630,8 @@ func addXdpAttrs(xdp *LinkXdp, req *nl.NetlinkRequest) { b := make([]byte, 4) native.PutUint32(b, uint32(xdp.Fd)) nl.NewRtAttrChild(attrs, nl.IFLA_XDP_FD, b) + native.PutUint32(b, xdp.Flags) + nl.NewRtAttrChild(attrs, nl.IFLA_XDP_FLAGS, b) req.AddData(attrs) } @@ -1581,6 +1647,8 @@ func parseLinkXdp(data []byte) (*LinkXdp, error) { xdp.Fd = int(native.Uint32(attr.Value[0:4])) case nl.IFLA_XDP_ATTACHED: xdp.Attached = attr.Value[0] != 0 + case nl.IFLA_XDP_FLAGS: + xdp.Flags = native.Uint32(attr.Value[0:4]) } } return xdp, nil @@ -1678,3 +1746,53 @@ func parseVrfData(link Link, data []syscall.NetlinkRouteAttr) { } } } + +func addBridgeAttrs(bridge *Bridge, linkInfo *nl.RtAttr) { + data := nl.NewRtAttrChild(linkInfo, nl.IFLA_INFO_DATA, nil) + if bridge.MulticastSnooping != nil { + nl.NewRtAttrChild(data, nl.IFLA_BR_MCAST_SNOOPING, boolToByte(*bridge.MulticastSnooping)) + } + if bridge.HelloTime != nil { + nl.NewRtAttrChild(data, nl.IFLA_BR_HELLO_TIME, nl.Uint32Attr(*bridge.HelloTime)) + } +} + +func parseBridgeData(bridge Link, data []syscall.NetlinkRouteAttr) { + br := bridge.(*Bridge) + for _, datum := range data { + switch datum.Attr.Type { + case nl.IFLA_BR_HELLO_TIME: + helloTime := native.Uint32(datum.Value[0:4]) + br.HelloTime = &helloTime + case nl.IFLA_BR_MCAST_SNOOPING: + mcastSnooping := datum.Value[0] == 1 + br.MulticastSnooping = &mcastSnooping + } + } +} + +func addGTPAttrs(gtp *GTP, linkInfo *nl.RtAttr) { + data := nl.NewRtAttrChild(linkInfo, nl.IFLA_INFO_DATA, nil) + nl.NewRtAttrChild(data, nl.IFLA_GTP_FD0, nl.Uint32Attr(uint32(gtp.FD0))) + nl.NewRtAttrChild(data, nl.IFLA_GTP_FD1, nl.Uint32Attr(uint32(gtp.FD1))) + nl.NewRtAttrChild(data, nl.IFLA_GTP_PDP_HASHSIZE, nl.Uint32Attr(131072)) + if gtp.Role != nl.GTP_ROLE_GGSN { + nl.NewRtAttrChild(data, nl.IFLA_GTP_ROLE, nl.Uint32Attr(uint32(gtp.Role))) + } +} + +func parseGTPData(link Link, data []syscall.NetlinkRouteAttr) { + gtp := link.(*GTP) + for _, datum := range data { + switch datum.Attr.Type { + case nl.IFLA_GTP_FD0: + gtp.FD0 = int(native.Uint32(datum.Value)) + case nl.IFLA_GTP_FD1: + gtp.FD1 = int(native.Uint32(datum.Value)) + case nl.IFLA_GTP_PDP_HASHSIZE: + gtp.PDPHashsize = int(native.Uint32(datum.Value)) + case nl.IFLA_GTP_ROLE: + gtp.Role = int(native.Uint32(datum.Value)) + } + } +} diff --git a/components/engine/vendor/github.com/vishvananda/netlink/nl/addr_linux.go b/components/engine/vendor/github.com/vishvananda/netlink/nl/addr_linux.go index 17088fa0c0..fe362e9fa7 100644 --- a/components/engine/vendor/github.com/vishvananda/netlink/nl/addr_linux.go +++ b/components/engine/vendor/github.com/vishvananda/netlink/nl/addr_linux.go @@ -45,3 +45,32 @@ func (msg *IfAddrmsg) Serialize() []byte { func (msg *IfAddrmsg) Len() int { return syscall.SizeofIfAddrmsg } + +// struct ifa_cacheinfo { +// __u32 ifa_prefered; +// __u32 ifa_valid; +// __u32 cstamp; /* created timestamp, hundredths of seconds */ +// __u32 tstamp; /* updated timestamp, hundredths of seconds */ +// }; + +const IFA_CACHEINFO = 6 +const SizeofIfaCacheInfo = 0x10 + +type IfaCacheInfo struct { + IfaPrefered uint32 + IfaValid uint32 + Cstamp uint32 + Tstamp uint32 +} + +func (msg *IfaCacheInfo) Len() int { + return SizeofIfaCacheInfo +} + +func DeserializeIfaCacheInfo(b []byte) *IfaCacheInfo { + return (*IfaCacheInfo)(unsafe.Pointer(&b[0:SizeofIfaCacheInfo][0])) +} + +func (msg *IfaCacheInfo) Serialize() []byte { + return (*(*[SizeofIfaCacheInfo]byte)(unsafe.Pointer(msg)))[:] +} diff --git a/components/engine/vendor/github.com/vishvananda/netlink/nl/genetlink_linux.go b/components/engine/vendor/github.com/vishvananda/netlink/nl/genetlink_linux.go new file mode 100644 index 0000000000..81b46f2c79 --- /dev/null +++ b/components/engine/vendor/github.com/vishvananda/netlink/nl/genetlink_linux.go @@ -0,0 +1,89 @@ +package nl + +import ( + "unsafe" +) + +const SizeofGenlmsg = 4 + +const ( + GENL_ID_CTRL = 0x10 + GENL_CTRL_VERSION = 2 + GENL_CTRL_NAME = "nlctrl" +) + +const ( + GENL_CTRL_CMD_GETFAMILY = 3 +) + +const ( + GENL_CTRL_ATTR_UNSPEC = iota + GENL_CTRL_ATTR_FAMILY_ID + GENL_CTRL_ATTR_FAMILY_NAME + GENL_CTRL_ATTR_VERSION + GENL_CTRL_ATTR_HDRSIZE + GENL_CTRL_ATTR_MAXATTR + GENL_CTRL_ATTR_OPS + GENL_CTRL_ATTR_MCAST_GROUPS +) + +const ( + GENL_CTRL_ATTR_OP_UNSPEC = iota + GENL_CTRL_ATTR_OP_ID + GENL_CTRL_ATTR_OP_FLAGS +) + +const ( + GENL_ADMIN_PERM = 1 << iota + GENL_CMD_CAP_DO + GENL_CMD_CAP_DUMP + GENL_CMD_CAP_HASPOL +) + +const ( + GENL_CTRL_ATTR_MCAST_GRP_UNSPEC = iota + GENL_CTRL_ATTR_MCAST_GRP_NAME + GENL_CTRL_ATTR_MCAST_GRP_ID +) + +const ( + GENL_GTP_VERSION = 0 + GENL_GTP_NAME = "gtp" +) + +const ( + GENL_GTP_CMD_NEWPDP = iota + GENL_GTP_CMD_DELPDP + GENL_GTP_CMD_GETPDP +) + +const ( + GENL_GTP_ATTR_UNSPEC = iota + GENL_GTP_ATTR_LINK + GENL_GTP_ATTR_VERSION + GENL_GTP_ATTR_TID + GENL_GTP_ATTR_PEER_ADDRESS + GENL_GTP_ATTR_MS_ADDRESS + GENL_GTP_ATTR_FLOW + GENL_GTP_ATTR_NET_NS_FD + GENL_GTP_ATTR_I_TEI + GENL_GTP_ATTR_O_TEI + GENL_GTP_ATTR_PAD +) + +type Genlmsg struct { + Command uint8 + Version uint8 +} + +func (msg *Genlmsg) Len() int { + return SizeofGenlmsg +} + +func DeserializeGenlmsg(b []byte) *Genlmsg { + return (*Genlmsg)(unsafe.Pointer(&b[0:SizeofGenlmsg][0])) +} + +func (msg *Genlmsg) Serialize() []byte { + return (*(*[SizeofGenlmsg]byte)(unsafe.Pointer(msg)))[:] +} diff --git a/components/engine/vendor/github.com/vishvananda/netlink/nl/link_linux.go b/components/engine/vendor/github.com/vishvananda/netlink/nl/link_linux.go index 6d9af56998..f7b9575919 100644 --- a/components/engine/vendor/github.com/vishvananda/netlink/nl/link_linux.go +++ b/components/engine/vendor/github.com/vishvananda/netlink/nl/link_linux.go @@ -102,7 +102,10 @@ const ( IFLA_BRPORT_FAST_LEAVE IFLA_BRPORT_LEARNING IFLA_BRPORT_UNICAST_FLOOD - IFLA_BRPORT_MAX = IFLA_BRPORT_UNICAST_FLOOD + IFLA_BRPORT_PROXYARP + IFLA_BRPORT_LEARNING_SYNC + IFLA_BRPORT_PROXYARP_WIFI + IFLA_BRPORT_MAX = IFLA_BRPORT_PROXYARP_WIFI ) const ( @@ -151,6 +154,10 @@ const ( IFLA_BOND_AD_LACP_RATE IFLA_BOND_AD_SELECT IFLA_BOND_AD_INFO + IFLA_BOND_AD_ACTOR_SYS_PRIO + IFLA_BOND_AD_USER_PORT_KEY + IFLA_BOND_AD_ACTOR_SYSTEM + IFLA_BOND_TLB_DYNAMIC_LB ) const ( @@ -416,7 +423,8 @@ const ( IFLA_XDP_UNSPEC = iota IFLA_XDP_FD /* fd of xdp program to attach, or -1 to remove */ IFLA_XDP_ATTACHED /* read-only bool indicating if prog is attached */ - IFLA_XDP_MAX = IFLA_XDP_ATTACHED + IFLA_XDP_FLAGS /* xdp prog related flags */ + IFLA_XDP_MAX = IFLA_XDP_FLAGS ) const ( @@ -452,3 +460,65 @@ const ( IFLA_VRF_UNSPEC = iota IFLA_VRF_TABLE ) + +const ( + IFLA_BR_UNSPEC = iota + IFLA_BR_FORWARD_DELAY + IFLA_BR_HELLO_TIME + IFLA_BR_MAX_AGE + IFLA_BR_AGEING_TIME + IFLA_BR_STP_STATE + IFLA_BR_PRIORITY + IFLA_BR_VLAN_FILTERING + IFLA_BR_VLAN_PROTOCOL + IFLA_BR_GROUP_FWD_MASK + IFLA_BR_ROOT_ID + IFLA_BR_BRIDGE_ID + IFLA_BR_ROOT_PORT + IFLA_BR_ROOT_PATH_COST + IFLA_BR_TOPOLOGY_CHANGE + IFLA_BR_TOPOLOGY_CHANGE_DETECTED + IFLA_BR_HELLO_TIMER + IFLA_BR_TCN_TIMER + IFLA_BR_TOPOLOGY_CHANGE_TIMER + IFLA_BR_GC_TIMER + IFLA_BR_GROUP_ADDR + IFLA_BR_FDB_FLUSH + IFLA_BR_MCAST_ROUTER + IFLA_BR_MCAST_SNOOPING + IFLA_BR_MCAST_QUERY_USE_IFADDR + IFLA_BR_MCAST_QUERIER + IFLA_BR_MCAST_HASH_ELASTICITY + IFLA_BR_MCAST_HASH_MAX + IFLA_BR_MCAST_LAST_MEMBER_CNT + IFLA_BR_MCAST_STARTUP_QUERY_CNT + IFLA_BR_MCAST_LAST_MEMBER_INTVL + IFLA_BR_MCAST_MEMBERSHIP_INTVL + IFLA_BR_MCAST_QUERIER_INTVL + IFLA_BR_MCAST_QUERY_INTVL + IFLA_BR_MCAST_QUERY_RESPONSE_INTVL + IFLA_BR_MCAST_STARTUP_QUERY_INTVL + IFLA_BR_NF_CALL_IPTABLES + IFLA_BR_NF_CALL_IP6TABLES + IFLA_BR_NF_CALL_ARPTABLES + IFLA_BR_VLAN_DEFAULT_PVID + IFLA_BR_PAD + IFLA_BR_VLAN_STATS_ENABLED + IFLA_BR_MCAST_STATS_ENABLED + IFLA_BR_MCAST_IGMP_VERSION + IFLA_BR_MCAST_MLD_VERSION + IFLA_BR_MAX = IFLA_BR_MCAST_MLD_VERSION +) + +const ( + IFLA_GTP_UNSPEC = iota + IFLA_GTP_FD0 + IFLA_GTP_FD1 + IFLA_GTP_PDP_HASHSIZE + IFLA_GTP_ROLE +) + +const ( + GTP_ROLE_GGSN = iota + GTP_ROLE_SGSN +) diff --git a/components/engine/vendor/github.com/vishvananda/netlink/nl/nl_linux.go b/components/engine/vendor/github.com/vishvananda/netlink/nl/nl_linux.go index 5820e8422b..1329acd864 100644 --- a/components/engine/vendor/github.com/vishvananda/netlink/nl/nl_linux.go +++ b/components/engine/vendor/github.com/vishvananda/netlink/nl/nl_linux.go @@ -459,7 +459,7 @@ func NewNetlinkRequest(proto, flags int) *NetlinkRequest { } type NetlinkSocket struct { - fd int + fd int32 lsa syscall.SockaddrNetlink sync.Mutex } @@ -470,7 +470,7 @@ func getNetlinkSocket(protocol int) (*NetlinkSocket, error) { return nil, err } s := &NetlinkSocket{ - fd: fd, + fd: int32(fd), } s.lsa.Family = syscall.AF_NETLINK if err := syscall.Bind(fd, &s.lsa); err != nil { @@ -556,7 +556,7 @@ func Subscribe(protocol int, groups ...uint) (*NetlinkSocket, error) { return nil, err } s := &NetlinkSocket{ - fd: fd, + fd: int32(fd), } s.lsa.Family = syscall.AF_NETLINK @@ -585,30 +585,32 @@ func SubscribeAt(newNs, curNs netns.NsHandle, protocol int, groups ...uint) (*Ne } func (s *NetlinkSocket) Close() { - syscall.Close(s.fd) - s.fd = -1 + fd := int(atomic.SwapInt32(&s.fd, -1)) + syscall.Close(fd) } func (s *NetlinkSocket) GetFd() int { - return s.fd + return int(atomic.LoadInt32(&s.fd)) } func (s *NetlinkSocket) Send(request *NetlinkRequest) error { - if s.fd < 0 { + fd := int(atomic.LoadInt32(&s.fd)) + if fd < 0 { return fmt.Errorf("Send called on a closed socket") } - if err := syscall.Sendto(s.fd, request.Serialize(), 0, &s.lsa); err != nil { + if err := syscall.Sendto(fd, request.Serialize(), 0, &s.lsa); err != nil { return err } return nil } func (s *NetlinkSocket) Receive() ([]syscall.NetlinkMessage, error) { - if s.fd < 0 { + fd := int(atomic.LoadInt32(&s.fd)) + if fd < 0 { return nil, fmt.Errorf("Receive called on a closed socket") } rb := make([]byte, syscall.Getpagesize()) - nr, _, err := syscall.Recvfrom(s.fd, rb, 0) + nr, _, err := syscall.Recvfrom(fd, rb, 0) if err != nil { return nil, err } @@ -620,7 +622,8 @@ func (s *NetlinkSocket) Receive() ([]syscall.NetlinkMessage, error) { } func (s *NetlinkSocket) GetPid() (uint32, error) { - lsa, err := syscall.Getsockname(s.fd) + fd := int(atomic.LoadInt32(&s.fd)) + lsa, err := syscall.Getsockname(fd) if err != nil { return 0, err } diff --git a/components/engine/vendor/github.com/vishvananda/netlink/protinfo.go b/components/engine/vendor/github.com/vishvananda/netlink/protinfo.go index ead3f2f15e..0087c4438b 100644 --- a/components/engine/vendor/github.com/vishvananda/netlink/protinfo.go +++ b/components/engine/vendor/github.com/vishvananda/netlink/protinfo.go @@ -6,12 +6,14 @@ import ( // Protinfo represents bridge flags from netlink. type Protinfo struct { - Hairpin bool - Guard bool - FastLeave bool - RootBlock bool - Learning bool - Flood bool + Hairpin bool + Guard bool + FastLeave bool + RootBlock bool + Learning bool + Flood bool + ProxyArp bool + ProxyArpWiFi bool } // String returns a list of enabled flags @@ -35,6 +37,12 @@ func (prot *Protinfo) String() string { if prot.Flood { boolStrings = append(boolStrings, "Flood") } + if prot.ProxyArp { + boolStrings = append(boolStrings, "ProxyArp") + } + if prot.ProxyArpWiFi { + boolStrings = append(boolStrings, "ProxyArpWiFi") + } return strings.Join(boolStrings, " ") } diff --git a/components/engine/vendor/github.com/vishvananda/netlink/protinfo_linux.go b/components/engine/vendor/github.com/vishvananda/netlink/protinfo_linux.go index ea72695343..10dd0d5335 100644 --- a/components/engine/vendor/github.com/vishvananda/netlink/protinfo_linux.go +++ b/components/engine/vendor/github.com/vishvananda/netlink/protinfo_linux.go @@ -64,6 +64,10 @@ func parseProtinfo(infos []syscall.NetlinkRouteAttr) *Protinfo { pi.Learning = byteToBool(info.Value[0]) case nl.IFLA_BRPORT_UNICAST_FLOOD: pi.Flood = byteToBool(info.Value[0]) + case nl.IFLA_BRPORT_PROXYARP: + pi.ProxyArp = byteToBool(info.Value[0]) + case nl.IFLA_BRPORT_PROXYARP_WIFI: + pi.ProxyArpWiFi = byteToBool(info.Value[0]) } } return &pi diff --git a/components/engine/vendor/github.com/vishvananda/netlink/route_linux.go b/components/engine/vendor/github.com/vishvananda/netlink/route_linux.go index 9e0f1f932d..cd739e7146 100644 --- a/components/engine/vendor/github.com/vishvananda/netlink/route_linux.go +++ b/components/engine/vendor/github.com/vishvananda/netlink/route_linux.go @@ -401,7 +401,7 @@ func (h *Handle) RouteListFiltered(family int, filter *Route, filterMask uint64) } if filter != nil { switch { - case filterMask&RT_FILTER_TABLE != 0 && route.Table != filter.Table: + case filterMask&RT_FILTER_TABLE != 0 && filter.Table != syscall.RT_TABLE_UNSPEC && route.Table != filter.Table: continue case filterMask&RT_FILTER_PROTOCOL != 0 && route.Protocol != filter.Protocol: continue From 779caabedf9cd4762a1be3c4f1cc3f84008f91aa Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Fri, 19 May 2017 18:06:46 -0400 Subject: [PATCH 049/191] Partial refactor of UID/GID usage to use a unified struct. Signed-off-by: Daniel Nephin Upstream-commit: 09cd96c5ad2de369912cdf708c3c50f41e4586ac Component: engine --- components/engine/container/container.go | 4 +- components/engine/daemon/archive.go | 13 ++-- .../engine/daemon/archive_tarcopyoptions.go | 5 +- .../daemon/container_operations_unix.go | 24 +++---- components/engine/daemon/create.go | 6 +- components/engine/daemon/create_unix.go | 4 +- components/engine/daemon/daemon.go | 52 +++++--------- components/engine/daemon/daemon_test.go | 3 +- components/engine/daemon/daemon_unix.go | 26 ++++--- components/engine/daemon/daemon_unix_test.go | 3 +- components/engine/daemon/daemon_windows.go | 6 +- components/engine/daemon/export.go | 5 +- components/engine/daemon/info.go | 4 +- .../engine/daemon/initlayer/setup_unix.go | 8 +-- .../engine/daemon/initlayer/setup_windows.go | 6 +- components/engine/daemon/oci_linux.go | 10 +-- components/engine/daemon/oci_solaris.go | 4 +- components/engine/daemon/volumes_unix.go | 8 +-- components/engine/daemon/volumes_windows.go | 3 +- components/engine/daemon/workdir.go | 4 +- components/engine/layer/layer_store.go | 7 +- components/engine/pkg/idtools/idtools.go | 70 +++++++++++++++++-- components/engine/pkg/idtools/idtools_unix.go | 6 +- .../engine/pkg/idtools/idtools_windows.go | 2 +- components/engine/plugin/manager_linux.go | 3 +- components/engine/volume/local/local.go | 12 ++-- components/engine/volume/local/local_test.go | 19 ++--- components/engine/volume/volume.go | 4 +- 28 files changed, 180 insertions(+), 141 deletions(-) diff --git a/components/engine/container/container.go b/components/engine/container/container.go index e89340610c..f22b4aa574 100644 --- a/components/engine/container/container.go +++ b/components/engine/container/container.go @@ -216,7 +216,7 @@ func (container *Container) WriteHostConfig() error { } // SetupWorkingDirectory sets up the container's working directory as set in container.Config.WorkingDir -func (container *Container) SetupWorkingDirectory(rootUID, rootGID int) error { +func (container *Container) SetupWorkingDirectory(rootIDs idtools.IDPair) error { if container.Config.WorkingDir == "" { return nil } @@ -228,7 +228,7 @@ func (container *Container) SetupWorkingDirectory(rootUID, rootGID int) error { return err } - if err := idtools.MkdirAllNewAs(pth, 0755, rootUID, rootGID); err != nil { + if err := idtools.MkdirAllAndChownNew(pth, 0755, rootIDs); err != nil { pthInfo, err2 := os.Stat(pth) if err2 == nil && pthInfo != nil && !pthInfo.IsDir() { return fmt.Errorf("Cannot mkdir: %s is not a directory", container.Config.WorkingDir) diff --git a/components/engine/daemon/archive.go b/components/engine/daemon/archive.go index dbef0b4d48..c41298df0e 100644 --- a/components/engine/daemon/archive.go +++ b/components/engine/daemon/archive.go @@ -375,7 +375,7 @@ func (daemon *Daemon) CopyOnBuild(cID, destPath, srcRoot, srcPath string, decomp destExists := true destDir := false - rootUID, rootGID := daemon.GetRemappedUIDGID() + rootIDs, _ := daemon.idMappings.RootPair() // Work in daemon-local OS specific file paths destPath = filepath.FromSlash(destPath) @@ -413,11 +413,10 @@ func (daemon *Daemon) CopyOnBuild(cID, destPath, srcRoot, srcPath string, decomp destExists = false } - uidMaps, gidMaps := daemon.GetUIDGIDMaps() archiver := &archive.Archiver{ Untar: chrootarchive.Untar, - UIDMaps: uidMaps, - GIDMaps: gidMaps, + UIDMaps: daemon.idMappings.UIDs(), + GIDMaps: daemon.idMappings.GIDs(), } src, err := os.Stat(fullSrcPath) @@ -430,7 +429,7 @@ func (daemon *Daemon) CopyOnBuild(cID, destPath, srcRoot, srcPath string, decomp if err := archiver.CopyWithTar(fullSrcPath, destPath); err != nil { return err } - return fixPermissions(fullSrcPath, destPath, rootUID, rootGID, destExists) + return fixPermissions(fullSrcPath, destPath, rootIDs.UID, rootIDs.GID, destExists) } if decompress && archive.IsArchivePath(fullSrcPath) { // Only try to untar if it is a file and that we've been told to decompress (when ADD-ing a remote file) @@ -459,12 +458,12 @@ func (daemon *Daemon) CopyOnBuild(cID, destPath, srcRoot, srcPath string, decomp destPath = filepath.Join(destPath, filepath.Base(srcPath)) } - if err := idtools.MkdirAllNewAs(filepath.Dir(destPath), 0755, rootUID, rootGID); err != nil { + if err := idtools.MkdirAllAndChownNew(filepath.Dir(destPath), 0755, rootIDs); err != nil { return err } if err := archiver.CopyFileWithTar(fullSrcPath, destPath); err != nil { return err } - return fixPermissions(fullSrcPath, destPath, rootUID, rootGID, destExists) + return fixPermissions(fullSrcPath, destPath, rootIDs.UID, rootIDs.GID, destExists) } diff --git a/components/engine/daemon/archive_tarcopyoptions.go b/components/engine/daemon/archive_tarcopyoptions.go index cbd1fc2cee..fe7722fdb4 100644 --- a/components/engine/daemon/archive_tarcopyoptions.go +++ b/components/engine/daemon/archive_tarcopyoptions.go @@ -7,10 +7,9 @@ import ( // defaultTarCopyOptions is the setting that is used when unpacking an archive // for a copy API event. func (daemon *Daemon) defaultTarCopyOptions(noOverwriteDirNonDir bool) *archive.TarOptions { - uidMaps, gidMaps := daemon.GetUIDGIDMaps() return &archive.TarOptions{ NoOverwriteDirNonDir: noOverwriteDirNonDir, - UIDMaps: uidMaps, - GIDMaps: gidMaps, + UIDMaps: daemon.idMappings.UIDs(), + GIDMaps: daemon.idMappings.GIDs(), } } diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go index 6889c10956..5ae7a68f0b 100644 --- a/components/engine/daemon/container_operations_unix.go +++ b/components/engine/daemon/container_operations_unix.go @@ -109,14 +109,14 @@ func (daemon *Daemon) setupIpcDirs(c *container.Container) error { } c.ShmPath = "/dev/shm" } else { - rootUID, rootGID := daemon.GetRemappedUIDGID() + rootIDs, _ := daemon.idMappings.RootPair() if !c.HasMountFor("/dev/shm") { shmPath, err := c.ShmResourcePath() if err != nil { return err } - if err := idtools.MkdirAllAs(shmPath, 0700, rootUID, rootGID); err != nil { + if err := idtools.MkdirAllAndChown(shmPath, 0700, rootIDs); err != nil { return err } @@ -128,7 +128,7 @@ func (daemon *Daemon) setupIpcDirs(c *container.Container) error { if err := syscall.Mount("shm", shmPath, "tmpfs", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), label.FormatMountLabel(shmproperty, c.GetMountLabel())); err != nil { return fmt.Errorf("mounting shm tmpfs: %s", err) } - if err := os.Chown(shmPath, rootUID, rootGID); err != nil { + if err := os.Chown(shmPath, rootIDs.UID, rootIDs.GID); err != nil { return err } } @@ -147,9 +147,9 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { logrus.Debugf("secrets: setting up secret dir: %s", localMountPath) // retrieve possible remapped range start for root UID, GID - rootUID, rootGID := daemon.GetRemappedUIDGID() + rootIDs, _ := daemon.idMappings.RootPair() // create tmpfs - if err := idtools.MkdirAllAs(localMountPath, 0700, rootUID, rootGID); err != nil { + if err := idtools.MkdirAllAndChown(localMountPath, 0700, rootIDs); err != nil { return errors.Wrap(err, "error creating secret local mount path") } @@ -164,7 +164,7 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { } }() - tmpfsOwnership := fmt.Sprintf("uid=%d,gid=%d", rootUID, rootGID) + tmpfsOwnership := fmt.Sprintf("uid=%d,gid=%d", rootIDs.UID, rootIDs.GID) if err := mount.Mount("tmpfs", localMountPath, "tmpfs", "nodev,nosuid,noexec,"+tmpfsOwnership); err != nil { return errors.Wrap(err, "unable to setup secret mount") } @@ -183,7 +183,7 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { // secrets are created in the SecretMountPath on the host, at a // single level fPath := c.SecretFilePath(*s) - if err := idtools.MkdirAllAs(filepath.Dir(fPath), 0700, rootUID, rootGID); err != nil { + if err := idtools.MkdirAllAndChown(filepath.Dir(fPath), 0700, rootIDs); err != nil { return errors.Wrap(err, "error creating secret mount path") } @@ -208,7 +208,7 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { return err } - if err := os.Chown(fPath, rootUID+uid, rootGID+gid); err != nil { + if err := os.Chown(fPath, rootIDs.UID+uid, rootIDs.GID+gid); err != nil { return errors.Wrap(err, "error setting ownership for secret") } } @@ -232,9 +232,9 @@ func (daemon *Daemon) setupConfigDir(c *container.Container) (setupErr error) { logrus.Debugf("configs: setting up config dir: %s", localPath) // retrieve possible remapped range start for root UID, GID - rootUID, rootGID := daemon.GetRemappedUIDGID() + rootIDs, _ := daemon.idMappings.RootPair() // create tmpfs - if err := idtools.MkdirAllAs(localPath, 0700, rootUID, rootGID); err != nil { + if err := idtools.MkdirAllAndChown(localPath, 0700, rootIDs); err != nil { return errors.Wrap(err, "error creating config dir") } @@ -261,7 +261,7 @@ func (daemon *Daemon) setupConfigDir(c *container.Container) (setupErr error) { log := logrus.WithFields(logrus.Fields{"name": configRef.File.Name, "path": fPath}) - if err := idtools.MkdirAllAs(filepath.Dir(fPath), 0700, rootUID, rootGID); err != nil { + if err := idtools.MkdirAllAndChown(filepath.Dir(fPath), 0700, rootIDs); err != nil { return errors.Wrap(err, "error creating config path") } @@ -283,7 +283,7 @@ func (daemon *Daemon) setupConfigDir(c *container.Container) (setupErr error) { return err } - if err := os.Chown(fPath, rootUID+uid, rootGID+gid); err != nil { + if err := os.Chown(fPath, rootIDs.UID+uid, rootIDs.GID+gid); err != nil { return errors.Wrap(err, "error setting ownership for config") } } diff --git a/components/engine/daemon/create.go b/components/engine/daemon/create.go index de129ca60d..52b4b0e6fa 100644 --- a/components/engine/daemon/create.go +++ b/components/engine/daemon/create.go @@ -117,14 +117,14 @@ func (daemon *Daemon) create(params types.ContainerCreateConfig, managed bool) ( return nil, err } - rootUID, rootGID, err := idtools.GetRootUIDGID(daemon.uidMaps, daemon.gidMaps) + rootIDs, err := daemon.idMappings.RootPair() if err != nil { return nil, err } - if err := idtools.MkdirAs(container.Root, 0700, rootUID, rootGID); err != nil { + if err := idtools.MkdirAndChown(container.Root, 0700, rootIDs); err != nil { return nil, err } - if err := idtools.MkdirAs(container.CheckpointDir(), 0700, rootUID, rootGID); err != nil { + if err := idtools.MkdirAndChown(container.CheckpointDir(), 0700, rootIDs); err != nil { return nil, err } diff --git a/components/engine/daemon/create_unix.go b/components/engine/daemon/create_unix.go index 7b067bdc22..27471e7556 100644 --- a/components/engine/daemon/create_unix.go +++ b/components/engine/daemon/create_unix.go @@ -22,8 +22,8 @@ func (daemon *Daemon) createContainerPlatformSpecificSettings(container *contain } defer daemon.Unmount(container) - rootUID, rootGID := daemon.GetRemappedUIDGID() - if err := container.SetupWorkingDirectory(rootUID, rootGID); err != nil { + rootIDs, _ := daemon.idMappings.RootPair() + if err := container.SetupWorkingDirectory(rootIDs); err != nil { return err } diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go index 05017775d4..3e8b3106a2 100644 --- a/components/engine/daemon/daemon.go +++ b/components/engine/daemon/daemon.go @@ -94,8 +94,7 @@ type Daemon struct { seccompEnabled bool apparmorEnabled bool shutdown bool - uidMaps []idtools.IDMap - gidMaps []idtools.IDMap + idMappings *idtools.IDMappings layerStore layer.Store imageStore image.Store PluginStore *plugin.Store // todo: remove @@ -524,11 +523,11 @@ func NewDaemon(config *config.Config, registryService registry.Service, containe return nil, err } - uidMaps, gidMaps, err := setupRemappedRoot(config) + idMappings, err := setupRemappedRoot(config) if err != nil { return nil, err } - rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps) + rootIDs, err := idMappings.RootPair() if err != nil { return nil, err } @@ -538,7 +537,7 @@ func NewDaemon(config *config.Config, registryService registry.Service, containe } // set up the tmpDir to use a canonical path - tmp, err := prepareTempDir(config.Root, rootUID, rootGID) + tmp, err := prepareTempDir(config.Root, rootIDs) if err != nil { return nil, fmt.Errorf("Unable to get the TempDir under %s: %s", config.Root, err) } @@ -587,7 +586,7 @@ func NewDaemon(config *config.Config, registryService registry.Service, containe } daemonRepo := filepath.Join(config.Root, "containers") - if err := idtools.MkdirAllAs(daemonRepo, 0700, rootUID, rootGID); err != nil && !os.IsExist(err) { + if err := idtools.MkdirAllAndChown(daemonRepo, 0700, rootIDs); err != nil && !os.IsExist(err) { return nil, err } @@ -632,8 +631,7 @@ func NewDaemon(config *config.Config, registryService registry.Service, containe MetadataStorePathTemplate: filepath.Join(config.Root, "image", "%s", "layerdb"), GraphDriver: driverName, GraphDriverOptions: config.GraphOptions, - UIDMaps: uidMaps, - GIDMaps: gidMaps, + IDMappings: idMappings, PluginGetter: d.PluginStore, ExperimentalEnabled: config.Experimental, }) @@ -665,7 +663,7 @@ func NewDaemon(config *config.Config, registryService registry.Service, containe } // Configure the volumes driver - volStore, err := d.configureVolumes(rootUID, rootGID) + volStore, err := d.configureVolumes(rootIDs) if err != nil { return nil, err } @@ -728,8 +726,7 @@ func NewDaemon(config *config.Config, registryService registry.Service, containe d.EventsService = eventsService d.volumes = volStore d.root = config.Root - d.uidMaps = uidMaps - d.gidMaps = gidMaps + d.idMappings = idMappings d.seccompEnabled = sysInfo.Seccomp d.apparmorEnabled = sysInfo.AppArmor @@ -970,25 +967,10 @@ func (daemon *Daemon) GraphDriverName() string { return daemon.layerStore.DriverName() } -// GetUIDGIDMaps returns the current daemon's user namespace settings -// for the full uid and gid maps which will be applied to containers -// started in this instance. -func (daemon *Daemon) GetUIDGIDMaps() ([]idtools.IDMap, []idtools.IDMap) { - return daemon.uidMaps, daemon.gidMaps -} - -// GetRemappedUIDGID returns the current daemon's uid and gid values -// if user namespaces are in use for this daemon instance. If not -// this function will return "real" root values of 0, 0. -func (daemon *Daemon) GetRemappedUIDGID() (int, int) { - uid, gid, _ := idtools.GetRootUIDGID(daemon.uidMaps, daemon.gidMaps) - return uid, gid -} - // prepareTempDir prepares and returns the default directory to use // for temporary files. // If it doesn't exist, it is created. If it exists, its content is removed. -func prepareTempDir(rootDir string, rootUID, rootGID int) (string, error) { +func prepareTempDir(rootDir string, rootIDs idtools.IDPair) (string, error) { var tmpDir string if tmpDir = os.Getenv("DOCKER_TMPDIR"); tmpDir == "" { tmpDir = filepath.Join(rootDir, "tmp") @@ -1008,12 +990,12 @@ func prepareTempDir(rootDir string, rootUID, rootGID int) (string, error) { } // We don't remove the content of tmpdir if it's not the default, // it may hold things that do not belong to us. - return tmpDir, idtools.MkdirAllAs(tmpDir, 0700, rootUID, rootGID) + return tmpDir, idtools.MkdirAllAndChown(tmpDir, 0700, rootIDs) } func (daemon *Daemon) setupInitLayer(initPath string) error { - rootUID, rootGID := daemon.GetRemappedUIDGID() - return initlayer.Setup(initPath, rootUID, rootGID) + rootIDs, _ := daemon.idMappings.RootPair() + return initlayer.Setup(initPath, rootIDs) } func setDefaultMtu(conf *config.Config) { @@ -1024,8 +1006,8 @@ func setDefaultMtu(conf *config.Config) { conf.Mtu = config.DefaultNetworkMtu } -func (daemon *Daemon) configureVolumes(rootUID, rootGID int) (*store.VolumeStore, error) { - volumesDriver, err := local.New(daemon.configStore.Root, rootUID, rootGID) +func (daemon *Daemon) configureVolumes(rootIDs idtools.IDPair) (*store.VolumeStore, error) { + volumesDriver, err := local.New(daemon.configStore.Root, rootIDs) if err != nil { return nil, err } @@ -1171,16 +1153,16 @@ func CreateDaemonRoot(config *config.Config) error { } } - uidMaps, gidMaps, err := setupRemappedRoot(config) + idMappings, err := setupRemappedRoot(config) if err != nil { return err } - rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps) + rootIDs, err := idMappings.RootPair() if err != nil { return err } - if err := setupDaemonRoot(config, realRoot, rootUID, rootGID); err != nil { + if err := setupDaemonRoot(config, realRoot, rootIDs); err != nil { return err } diff --git a/components/engine/daemon/daemon_test.go b/components/engine/daemon/daemon_test.go index eaa3be44d8..e728abddf8 100644 --- a/components/engine/daemon/daemon_test.go +++ b/components/engine/daemon/daemon_test.go @@ -11,6 +11,7 @@ import ( containertypes "github.com/docker/docker/api/types/container" "github.com/docker/docker/container" _ "github.com/docker/docker/pkg/discovery/memory" + "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/registrar" "github.com/docker/docker/pkg/truncindex" "github.com/docker/docker/volume" @@ -127,7 +128,7 @@ func initDaemonWithVolumeStore(tmp string) (*Daemon, error) { return nil, err } - volumesDriver, err := local.New(tmp, 0, 0) + volumesDriver, err := local.New(tmp, idtools.IDPair{UID: 0, GID: 0}) if err != nil { return nil, err } diff --git a/components/engine/daemon/daemon_unix.go b/components/engine/daemon/daemon_unix.go index 031cdc4a8b..07c323d63f 100644 --- a/components/engine/daemon/daemon_unix.go +++ b/components/engine/daemon/daemon_unix.go @@ -1026,40 +1026,38 @@ func parseRemappedRoot(usergrp string) (string, string, error) { return username, groupname, nil } -func setupRemappedRoot(config *config.Config) ([]idtools.IDMap, []idtools.IDMap, error) { +func setupRemappedRoot(config *config.Config) (*idtools.IDMappings, error) { if runtime.GOOS != "linux" && config.RemappedRoot != "" { - return nil, nil, fmt.Errorf("User namespaces are only supported on Linux") + return nil, fmt.Errorf("User namespaces are only supported on Linux") } // if the daemon was started with remapped root option, parse // the config option to the int uid,gid values - var ( - uidMaps, gidMaps []idtools.IDMap - ) if config.RemappedRoot != "" { username, groupname, err := parseRemappedRoot(config.RemappedRoot) if err != nil { - return nil, nil, err + return nil, err } if username == "root" { // Cannot setup user namespaces with a 1-to-1 mapping; "--root=0:0" is a no-op // effectively logrus.Warn("User namespaces: root cannot be remapped with itself; user namespaces are OFF") - return uidMaps, gidMaps, nil + return &idtools.IDMappings{}, nil } logrus.Infof("User namespaces: ID ranges will be mapped to subuid/subgid ranges of: %s:%s", username, groupname) // update remapped root setting now that we have resolved them to actual names config.RemappedRoot = fmt.Sprintf("%s:%s", username, groupname) - uidMaps, gidMaps, err = idtools.CreateIDMappings(username, groupname) + mappings, err := idtools.NewIDMappings(username, groupname) if err != nil { - return nil, nil, fmt.Errorf("Can't create ID mappings: %v", err) + return nil, errors.Wrapf(err, "Can't create ID mappings: %v") } + return mappings, nil } - return uidMaps, gidMaps, nil + return &idtools.IDMappings{}, nil } -func setupDaemonRoot(config *config.Config, rootDir string, rootUID, rootGID int) error { +func setupDaemonRoot(config *config.Config, rootDir string, rootIDs idtools.IDPair) error { config.Root = rootDir // the docker root metadata directory needs to have execute permissions for all users (g+x,o+x) // so that syscalls executing as non-root, operating on subdirectories of the graph root @@ -1084,10 +1082,10 @@ func setupDaemonRoot(config *config.Config, rootDir string, rootUID, rootGID int // a new subdirectory with ownership set to the remapped uid/gid (so as to allow // `chdir()` to work for containers namespaced to that uid/gid) if config.RemappedRoot != "" { - config.Root = filepath.Join(rootDir, fmt.Sprintf("%d.%d", rootUID, rootGID)) + config.Root = filepath.Join(rootDir, fmt.Sprintf("%d.%d", rootIDs.UID, rootIDs.GID)) logrus.Debugf("Creating user namespaced daemon root: %s", config.Root) // Create the root directory if it doesn't exist - if err := idtools.MkdirAllAs(config.Root, 0700, rootUID, rootGID); err != nil { + if err := idtools.MkdirAllAndChown(config.Root, 0700, rootIDs); err != nil { return fmt.Errorf("Cannot create daemon root: %s: %v", config.Root, err) } // we also need to verify that any pre-existing directories in the path to @@ -1100,7 +1098,7 @@ func setupDaemonRoot(config *config.Config, rootDir string, rootUID, rootGID int if dirPath == "/" { break } - if !idtools.CanAccess(dirPath, rootUID, rootGID) { + if !idtools.CanAccess(dirPath, rootIDs) { return fmt.Errorf("A subdirectory in your graphroot path (%s) restricts access to the remapped root uid/gid; please fix by allowing 'o+x' permissions on existing directories.", config.Root) } } diff --git a/components/engine/daemon/daemon_unix_test.go b/components/engine/daemon/daemon_unix_test.go index e8afe629e0..a2847bfbee 100644 --- a/components/engine/daemon/daemon_unix_test.go +++ b/components/engine/daemon/daemon_unix_test.go @@ -11,6 +11,7 @@ import ( containertypes "github.com/docker/docker/api/types/container" "github.com/docker/docker/container" "github.com/docker/docker/daemon/config" + "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/volume" "github.com/docker/docker/volume/drivers" "github.com/docker/docker/volume/local" @@ -277,7 +278,7 @@ func TestMigratePre17Volumes(t *testing.T) { if err != nil { t.Fatal(err) } - drv, err := local.New(volumeRoot, 0, 0) + drv, err := local.New(volumeRoot, idtools.IDPair{UID: 0, GID: 0}) if err != nil { t.Fatal(err) } diff --git a/components/engine/daemon/daemon_windows.go b/components/engine/daemon/daemon_windows.go index efe1b1f6a0..aced740df3 100644 --- a/components/engine/daemon/daemon_windows.go +++ b/components/engine/daemon/daemon_windows.go @@ -454,11 +454,11 @@ func (daemon *Daemon) cleanupMounts() error { return nil } -func setupRemappedRoot(config *config.Config) ([]idtools.IDMap, []idtools.IDMap, error) { - return nil, nil, nil +func setupRemappedRoot(config *config.Config) (*idtools.IDMappings, error) { + return &idtools.IDMappings{}, nil } -func setupDaemonRoot(config *config.Config, rootDir string, rootUID, rootGID int) error { +func setupDaemonRoot(config *config.Config, rootDir string, rootIDs idtools.IDPair) error { config.Root = rootDir // Create the root directory if it doesn't exists if err := system.MkdirAllWithACL(config.Root, 0); err != nil && !os.IsExist(err) { diff --git a/components/engine/daemon/export.go b/components/engine/daemon/export.go index 5ef6dbb0e5..402e67583d 100644 --- a/components/engine/daemon/export.go +++ b/components/engine/daemon/export.go @@ -40,11 +40,10 @@ func (daemon *Daemon) containerExport(container *container.Container) (io.ReadCl return nil, err } - uidMaps, gidMaps := daemon.GetUIDGIDMaps() archive, err := archive.TarWithOptions(container.BaseFS, &archive.TarOptions{ Compression: archive.Uncompressed, - UIDMaps: uidMaps, - GIDMaps: gidMaps, + UIDMaps: daemon.idMappings.UIDs(), + GIDMaps: daemon.idMappings.GIDs(), }) if err != nil { daemon.Unmount(container) diff --git a/components/engine/daemon/info.go b/components/engine/daemon/info.go index 2be4b395fa..3cadea791e 100644 --- a/components/engine/daemon/info.go +++ b/components/engine/daemon/info.go @@ -72,8 +72,8 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) { if selinuxEnabled() { securityOptions = append(securityOptions, "name=selinux") } - uid, gid := daemon.GetRemappedUIDGID() - if uid != 0 || gid != 0 { + rootIDs, _ := daemon.idMappings.RootPair() + if rootIDs.UID != 0 || rootIDs.GID != 0 { securityOptions = append(securityOptions, "name=userns") } diff --git a/components/engine/daemon/initlayer/setup_unix.go b/components/engine/daemon/initlayer/setup_unix.go index e83c2751ed..cdd8973481 100644 --- a/components/engine/daemon/initlayer/setup_unix.go +++ b/components/engine/daemon/initlayer/setup_unix.go @@ -16,7 +16,7 @@ import ( // // This extra layer is used by all containers as the top-most ro layer. It protects // the container from unwanted side-effects on the rw layer. -func Setup(initLayer string, rootUID, rootGID int) error { +func Setup(initLayer string, rootIDs idtools.IDPair) error { for pth, typ := range map[string]string{ "/dev/pts": "dir", "/dev/shm": "dir", @@ -38,12 +38,12 @@ func Setup(initLayer string, rootUID, rootGID int) error { if _, err := os.Stat(filepath.Join(initLayer, pth)); err != nil { if os.IsNotExist(err) { - if err := idtools.MkdirAllNewAs(filepath.Join(initLayer, filepath.Dir(pth)), 0755, rootUID, rootGID); err != nil { + if err := idtools.MkdirAllAndChownNew(filepath.Join(initLayer, filepath.Dir(pth)), 0755, rootIDs); err != nil { return err } switch typ { case "dir": - if err := idtools.MkdirAllNewAs(filepath.Join(initLayer, pth), 0755, rootUID, rootGID); err != nil { + if err := idtools.MkdirAllAndChownNew(filepath.Join(initLayer, pth), 0755, rootIDs); err != nil { return err } case "file": @@ -51,7 +51,7 @@ func Setup(initLayer string, rootUID, rootGID int) error { if err != nil { return err } - f.Chown(rootUID, rootGID) + f.Chown(rootIDs.UID, rootIDs.GID) f.Close() default: if err := os.Symlink(typ, filepath.Join(initLayer, pth)); err != nil { diff --git a/components/engine/daemon/initlayer/setup_windows.go b/components/engine/daemon/initlayer/setup_windows.go index 48a9d71aa5..2b22f58b5e 100644 --- a/components/engine/daemon/initlayer/setup_windows.go +++ b/components/engine/daemon/initlayer/setup_windows.go @@ -2,12 +2,16 @@ package initlayer +import ( + "github.com/docker/docker/pkg/idtools" +) + // Setup populates a directory with mountpoints suitable // for bind-mounting dockerinit into the container. The mountpoint is simply an // empty file at /.dockerinit // // This extra layer is used by all containers as the top-most ro layer. It protects // the container from unwanted side-effects on the rw layer. -func Setup(initLayer string, rootUID, rootGID int) error { +func Setup(initLayer string, rootIDs idtools.IDPair) error { return nil } diff --git a/components/engine/daemon/oci_linux.go b/components/engine/daemon/oci_linux.go index 55a6cd8ae0..850fb76ecf 100644 --- a/components/engine/daemon/oci_linux.go +++ b/components/engine/daemon/oci_linux.go @@ -271,13 +271,13 @@ func setNamespaces(daemon *Daemon, s *specs.Spec, c *container.Container) error userNS := false // user if c.HostConfig.UsernsMode.IsPrivate() { - uidMap, gidMap := daemon.GetUIDGIDMaps() + uidMap := daemon.idMappings.UIDs() if uidMap != nil { userNS = true ns := specs.LinuxNamespace{Type: "user"} setNamespace(s, ns) s.Linux.UIDMappings = specMapping(uidMap) - s.Linux.GIDMappings = specMapping(gidMap) + s.Linux.GIDMappings = specMapping(daemon.idMappings.GIDs()) } } // network @@ -591,7 +591,7 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c // TODO: until a kernel/mount solution exists for handling remount in a user namespace, // we must clear the readonly flag for the cgroups mount (@mrunalp concurs) - if uidMap, _ := daemon.GetUIDGIDMaps(); uidMap != nil || c.HostConfig.Privileged { + if uidMap := daemon.idMappings.UIDs(); uidMap != nil || c.HostConfig.Privileged { for i, m := range s.Mounts { if m.Type == "cgroup" { clearReadOnly(&s.Mounts[i]) @@ -611,8 +611,8 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container) Path: c.BaseFS, Readonly: c.HostConfig.ReadonlyRootfs, } - rootUID, rootGID := daemon.GetRemappedUIDGID() - if err := c.SetupWorkingDirectory(rootUID, rootGID); err != nil { + rootIDs, _ := daemon.idMappings.RootPair() + if err := c.SetupWorkingDirectory(rootIDs); err != nil { return err } cwd := c.Config.WorkingDir diff --git a/components/engine/daemon/oci_solaris.go b/components/engine/daemon/oci_solaris.go index 0c757f9196..b4d39e476d 100644 --- a/components/engine/daemon/oci_solaris.go +++ b/components/engine/daemon/oci_solaris.go @@ -130,8 +130,8 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container) Path: filepath.Dir(c.BaseFS), Readonly: c.HostConfig.ReadonlyRootfs, } - rootUID, rootGID := daemon.GetRemappedUIDGID() - if err := c.SetupWorkingDirectory(rootUID, rootGID); err != nil { + rootIDs, _ := daemon.idMappings.RootPair() + if err := c.SetupWorkingDirectory(rootIDs); err != nil { return err } cwd := c.Config.WorkingDir diff --git a/components/engine/daemon/volumes_unix.go b/components/engine/daemon/volumes_unix.go index 370eb74218..8736b7dffc 100644 --- a/components/engine/daemon/volumes_unix.go +++ b/components/engine/daemon/volumes_unix.go @@ -54,8 +54,8 @@ func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, er return nil } - rootUID, rootGID := daemon.GetRemappedUIDGID() - path, err := m.Setup(c.MountLabel, rootUID, rootGID, checkfunc) + rootIDs, _ := daemon.idMappings.RootPair() + path, err := m.Setup(c.MountLabel, rootIDs, checkfunc) if err != nil { return nil, err } @@ -85,9 +85,9 @@ func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, er // if we are going to mount any of the network files from container // metadata, the ownership must be set properly for potential container // remapped root (user namespaces) - rootUID, rootGID := daemon.GetRemappedUIDGID() + rootIDs, _ := daemon.idMappings.RootPair() for _, mount := range netMounts { - if err := os.Chown(mount.Source, rootUID, rootGID); err != nil { + if err := os.Chown(mount.Source, rootIDs.UID, rootIDs.GID); err != nil { return nil, err } } diff --git a/components/engine/daemon/volumes_windows.go b/components/engine/daemon/volumes_windows.go index 76940c67df..62c9e23ac0 100644 --- a/components/engine/daemon/volumes_windows.go +++ b/components/engine/daemon/volumes_windows.go @@ -6,6 +6,7 @@ import ( "sort" "github.com/docker/docker/container" + "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/volume" ) @@ -24,7 +25,7 @@ func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, er if err := daemon.lazyInitializeVolume(c.ID, mount); err != nil { return nil, err } - s, err := mount.Setup(c.MountLabel, 0, 0, nil) + s, err := mount.Setup(c.MountLabel, idtools.IDPair{0, 0}, nil) if err != nil { return nil, err } diff --git a/components/engine/daemon/workdir.go b/components/engine/daemon/workdir.go index 99a2a8ea57..90e4d709a2 100644 --- a/components/engine/daemon/workdir.go +++ b/components/engine/daemon/workdir.go @@ -16,6 +16,6 @@ func (daemon *Daemon) ContainerCreateWorkdir(cID string) error { return err } defer daemon.Unmount(container) - rootUID, rootGID := daemon.GetRemappedUIDGID() - return container.SetupWorkingDirectory(rootUID, rootGID) + rootIDs, _ := daemon.idMappings.RootPair() + return container.SetupWorkingDirectory(rootIDs) } diff --git a/components/engine/layer/layer_store.go b/components/engine/layer/layer_store.go index 5caa5d41f2..25861c6669 100644 --- a/components/engine/layer/layer_store.go +++ b/components/engine/layer/layer_store.go @@ -44,8 +44,7 @@ type StoreOptions struct { MetadataStorePathTemplate string GraphDriver string GraphDriverOptions []string - UIDMaps []idtools.IDMap - GIDMaps []idtools.IDMap + IDMappings *idtools.IDMappings PluginGetter plugingetter.PluginGetter ExperimentalEnabled bool } @@ -55,8 +54,8 @@ func NewStoreFromOptions(options StoreOptions) (Store, error) { driver, err := graphdriver.New(options.GraphDriver, options.PluginGetter, graphdriver.Options{ Root: options.StorePath, DriverOptions: options.GraphDriverOptions, - UIDMaps: options.UIDMaps, - GIDMaps: options.GIDMaps, + UIDMaps: options.IDMappings.UIDs(), + GIDMaps: options.IDMappings.GIDs(), ExperimentalEnabled: options.ExperimentalEnabled, }) if err != nil { diff --git a/components/engine/pkg/idtools/idtools.go b/components/engine/pkg/idtools/idtools.go index 6bca466286..d7a3a45387 100644 --- a/components/engine/pkg/idtools/idtools.go +++ b/components/engine/pkg/idtools/idtools.go @@ -37,6 +37,7 @@ const ( // MkdirAllAs creates a directory (include any along the path) and then modifies // ownership to the requested uid/gid. If the directory already exists, this // function will still change ownership to the requested uid/gid pair. +// Deprecated: Use MkdirAllAndChown func MkdirAllAs(path string, mode os.FileMode, ownerUID, ownerGID int) error { return mkdirAs(path, mode, ownerUID, ownerGID, true, true) } @@ -44,16 +45,38 @@ func MkdirAllAs(path string, mode os.FileMode, ownerUID, ownerGID int) error { // MkdirAllNewAs creates a directory (include any along the path) and then modifies // ownership ONLY of newly created directories to the requested uid/gid. If the // directories along the path exist, no change of ownership will be performed +// Deprecated: Use MkdirAllAndChownNew func MkdirAllNewAs(path string, mode os.FileMode, ownerUID, ownerGID int) error { return mkdirAs(path, mode, ownerUID, ownerGID, true, false) } // MkdirAs creates a directory and then modifies ownership to the requested uid/gid. // If the directory already exists, this function still changes ownership +// Deprecated: Use MkdirAndChown with a IDPair func MkdirAs(path string, mode os.FileMode, ownerUID, ownerGID int) error { return mkdirAs(path, mode, ownerUID, ownerGID, false, true) } +// MkdirAllAndChown creates a directory (include any along the path) and then modifies +// ownership to the requested uid/gid. If the directory already exists, this +// function will still change ownership to the requested uid/gid pair. +func MkdirAllAndChown(path string, mode os.FileMode, ids IDPair) error { + return mkdirAs(path, mode, ids.UID, ids.GID, true, true) +} + +// MkdirAndChown creates a directory and then modifies ownership to the requested uid/gid. +// If the directory already exists, this function still changes ownership +func MkdirAndChown(path string, mode os.FileMode, ids IDPair) error { + return mkdirAs(path, mode, ids.UID, ids.GID, false, true) +} + +// MkdirAllAndChownNew creates a directory (include any along the path) and then modifies +// ownership ONLY of newly created directories to the requested uid/gid. If the +// directories along the path exist, no change of ownership will be performed +func MkdirAllAndChownNew(path string, mode os.FileMode, ids IDPair) error { + return mkdirAs(path, mode, ids.UID, ids.GID, true, false) +} + // GetRootUIDGID retrieves the remapped root uid/gid pair from the set of maps. // If the maps are empty, then the root uid/gid will default to "real" 0/0 func GetRootUIDGID(uidMap, gidMap []IDMap) (int, int, error) { @@ -108,26 +131,59 @@ func ToHost(contID int, idMap []IDMap) (int, error) { return -1, fmt.Errorf("Container ID %d cannot be mapped to a host ID", contID) } -// CreateIDMappings takes a requested user and group name and +// IDPair is a UID and GID pair +type IDPair struct { + UID int + GID int +} + +// IDMappings contains a mappings of UIDs and GIDs +type IDMappings struct { + uids []IDMap + gids []IDMap +} + +// NewIDMappings takes a requested user and group name and // using the data from /etc/sub{uid,gid} ranges, creates the // proper uid and gid remapping ranges for that user/group pair -func CreateIDMappings(username, groupname string) ([]IDMap, []IDMap, error) { +func NewIDMappings(username, groupname string) (*IDMappings, error) { subuidRanges, err := parseSubuid(username) if err != nil { - return nil, nil, err + return nil, err } subgidRanges, err := parseSubgid(groupname) if err != nil { - return nil, nil, err + return nil, err } if len(subuidRanges) == 0 { - return nil, nil, fmt.Errorf("No subuid ranges found for user %q", username) + return nil, fmt.Errorf("No subuid ranges found for user %q", username) } if len(subgidRanges) == 0 { - return nil, nil, fmt.Errorf("No subgid ranges found for group %q", groupname) + return nil, fmt.Errorf("No subgid ranges found for group %q", groupname) } - return createIDMap(subuidRanges), createIDMap(subgidRanges), nil + return &IDMappings{ + uids: createIDMap(subuidRanges), + gids: createIDMap(subgidRanges), + }, nil +} + +// RootPair returns a uid and gid pair for the root user +func (i *IDMappings) RootPair() (IDPair, error) { + uid, gid, err := GetRootUIDGID(i.uids, i.gids) + return IDPair{UID: uid, GID: gid}, err +} + +// UIDs return the UID mapping +// TODO: remove this once everything has been refactored to use pairs +func (i *IDMappings) UIDs() []IDMap { + return i.uids +} + +// GIDs return the UID mapping +// TODO: remove this once everything has been refactored to use pairs +func (i *IDMappings) GIDs() []IDMap { + return i.gids } func createIDMap(subidRanges ranges) []IDMap { diff --git a/components/engine/pkg/idtools/idtools_unix.go b/components/engine/pkg/idtools/idtools_unix.go index 7c7e82aee2..0b28249fa8 100644 --- a/components/engine/pkg/idtools/idtools_unix.go +++ b/components/engine/pkg/idtools/idtools_unix.go @@ -69,15 +69,15 @@ func mkdirAs(path string, mode os.FileMode, ownerUID, ownerGID int, mkAll, chown // CanAccess takes a valid (existing) directory and a uid, gid pair and determines // if that uid, gid pair has access (execute bit) to the directory -func CanAccess(path string, uid, gid int) bool { +func CanAccess(path string, pair IDPair) bool { statInfo, err := system.Stat(path) if err != nil { return false } fileMode := os.FileMode(statInfo.Mode()) permBits := fileMode.Perm() - return accessible(statInfo.UID() == uint32(uid), - statInfo.GID() == uint32(gid), permBits) + return accessible(statInfo.UID() == uint32(pair.UID), + statInfo.GID() == uint32(pair.GID), permBits) } func accessible(isOwner, isGroup bool, perms os.FileMode) bool { diff --git a/components/engine/pkg/idtools/idtools_windows.go b/components/engine/pkg/idtools/idtools_windows.go index 49f67e78c1..8ed8353060 100644 --- a/components/engine/pkg/idtools/idtools_windows.go +++ b/components/engine/pkg/idtools/idtools_windows.go @@ -20,6 +20,6 @@ func mkdirAs(path string, mode os.FileMode, ownerUID, ownerGID int, mkAll, chown // CanAccess takes a valid (existing) directory and a uid, gid pair and determines // if that uid, gid pair has access (execute bit) to the directory // Windows does not require/support this function, so always return true -func CanAccess(path string, uid, gid int) bool { +func CanAccess(path string, pair IDPair) bool { return true } diff --git a/components/engine/plugin/manager_linux.go b/components/engine/plugin/manager_linux.go index 80fc041623..5396b15bec 100644 --- a/components/engine/plugin/manager_linux.go +++ b/components/engine/plugin/manager_linux.go @@ -15,6 +15,7 @@ import ( "github.com/docker/docker/api/types" "github.com/docker/docker/daemon/initlayer" "github.com/docker/docker/libcontainerd" + "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/mount" "github.com/docker/docker/pkg/plugins" "github.com/docker/docker/pkg/stringid" @@ -58,7 +59,7 @@ func (pm *Manager) enable(p *v2.Plugin, c *controller, force bool) error { } } - if err := initlayer.Setup(filepath.Join(pm.config.Root, p.PluginObj.ID, rootFSFileName), 0, 0); err != nil { + if err := initlayer.Setup(filepath.Join(pm.config.Root, p.PluginObj.ID, rootFSFileName), idtools.IDPair{0, 0}); err != nil { return errors.WithStack(err) } diff --git a/components/engine/volume/local/local.go b/components/engine/volume/local/local.go index 6631423bbc..43ba1e1db7 100644 --- a/components/engine/volume/local/local.go +++ b/components/engine/volume/local/local.go @@ -55,10 +55,10 @@ type activeMount struct { // New instantiates a new Root instance with the provided scope. Scope // is the base path that the Root instance uses to store its // volumes. The base path is created here if it does not exist. -func New(scope string, rootUID, rootGID int) (*Root, error) { +func New(scope string, rootIDs idtools.IDPair) (*Root, error) { rootDirectory := filepath.Join(scope, volumesPathName) - if err := idtools.MkdirAllAs(rootDirectory, 0700, rootUID, rootGID); err != nil { + if err := idtools.MkdirAllAndChown(rootDirectory, 0700, rootIDs); err != nil { return nil, err } @@ -66,8 +66,7 @@ func New(scope string, rootUID, rootGID int) (*Root, error) { scope: scope, path: rootDirectory, volumes: make(map[string]*localVolume), - rootUID: rootUID, - rootGID: rootGID, + rootIDs: rootIDs, } dirs, err := ioutil.ReadDir(rootDirectory) @@ -125,8 +124,7 @@ type Root struct { scope string path string volumes map[string]*localVolume - rootUID int - rootGID int + rootIDs idtools.IDPair } // List lists all the volumes @@ -167,7 +165,7 @@ func (r *Root) Create(name string, opts map[string]string) (volume.Volume, error } path := r.DataPath(name) - if err := idtools.MkdirAllAs(path, 0755, r.rootUID, r.rootGID); err != nil { + if err := idtools.MkdirAllAndChown(path, 0755, r.rootIDs); err != nil { if os.IsExist(err) { return nil, fmt.Errorf("volume already exists under %s", filepath.Dir(path)) } diff --git a/components/engine/volume/local/local_test.go b/components/engine/volume/local/local_test.go index f5a519b883..2353391aa5 100644 --- a/components/engine/volume/local/local_test.go +++ b/components/engine/volume/local/local_test.go @@ -9,6 +9,7 @@ import ( "strings" "testing" + "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/mount" ) @@ -40,7 +41,7 @@ func TestRemove(t *testing.T) { } defer os.RemoveAll(rootDir) - r, err := New(rootDir, 0, 0) + r, err := New(rootDir, idtools.IDPair{UID: 0, GID: 0}) if err != nil { t.Fatal(err) } @@ -82,7 +83,7 @@ func TestInitializeWithVolumes(t *testing.T) { } defer os.RemoveAll(rootDir) - r, err := New(rootDir, 0, 0) + r, err := New(rootDir, idtools.IDPair{UID: 0, GID: 0}) if err != nil { t.Fatal(err) } @@ -92,7 +93,7 @@ func TestInitializeWithVolumes(t *testing.T) { t.Fatal(err) } - r, err = New(rootDir, 0, 0) + r, err = New(rootDir, idtools.IDPair{UID: 0, GID: 0}) if err != nil { t.Fatal(err) } @@ -114,7 +115,7 @@ func TestCreate(t *testing.T) { } defer os.RemoveAll(rootDir) - r, err := New(rootDir, 0, 0) + r, err := New(rootDir, idtools.IDPair{UID: 0, GID: 0}) if err != nil { t.Fatal(err) } @@ -151,7 +152,7 @@ func TestCreate(t *testing.T) { } } - r, err = New(rootDir, 0, 0) + r, err = New(rootDir, idtools.IDPair{UID: 0, GID: 0}) if err != nil { t.Fatal(err) } @@ -189,7 +190,7 @@ func TestCreateWithOpts(t *testing.T) { } defer os.RemoveAll(rootDir) - r, err := New(rootDir, 0, 0) + r, err := New(rootDir, idtools.IDPair{UID: 0, GID: 0}) if err != nil { t.Fatal(err) } @@ -270,7 +271,7 @@ func TestCreateWithOpts(t *testing.T) { t.Fatal("expected mount to still be active") } - r, err = New(rootDir, 0, 0) + r, err = New(rootDir, idtools.IDPair{UID: 0, GID: 0}) if err != nil { t.Fatal(err) } @@ -292,7 +293,7 @@ func TestRealodNoOpts(t *testing.T) { } defer os.RemoveAll(rootDir) - r, err := New(rootDir, 0, 0) + r, err := New(rootDir, idtools.IDPair{UID: 0, GID: 0}) if err != nil { t.Fatal(err) } @@ -320,7 +321,7 @@ func TestRealodNoOpts(t *testing.T) { t.Fatal(err) } - r, err = New(rootDir, 0, 0) + r, err = New(rootDir, idtools.IDPair{UID: 0, GID: 0}) if err != nil { t.Fatal(err) } diff --git a/components/engine/volume/volume.go b/components/engine/volume/volume.go index 4d761fa10c..2abfcc7b58 100644 --- a/components/engine/volume/volume.go +++ b/components/engine/volume/volume.go @@ -151,7 +151,7 @@ func (m *MountPoint) Cleanup() error { // configured, or creating the source directory if supplied. // The, optional, checkFun parameter allows doing additional checking // before creating the source directory on the host. -func (m *MountPoint) Setup(mountLabel string, rootUID, rootGID int, checkFun func(m *MountPoint) error) (path string, err error) { +func (m *MountPoint) Setup(mountLabel string, rootIDs idtools.IDPair, checkFun func(m *MountPoint) error) (path string, err error) { defer func() { if err == nil { if label.RelabelNeeded(m.Mode) { @@ -196,7 +196,7 @@ func (m *MountPoint) Setup(mountLabel string, rootUID, rootGID int, checkFun fun } // idtools.MkdirAllNewAs() produces an error if m.Source exists and is a file (not a directory) // also, makes sure that if the directory is created, the correct remapped rootUID/rootGID will own it - if err := idtools.MkdirAllNewAs(m.Source, 0755, rootUID, rootGID); err != nil { + if err := idtools.MkdirAllAndChownNew(m.Source, 0755, rootIDs); err != nil { if perr, ok := err.(*os.PathError); ok { if perr.Err != syscall.ENOTDIR { return "", errors.Wrapf(err, "error while creating mount source path '%s'", m.Source) From 5d87b0ddc99a7326ca50f75070a9274e6e629035 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Wed, 24 May 2017 11:53:41 -0400 Subject: [PATCH 050/191] Remove unused functions from archive. Signed-off-by: Daniel Nephin Upstream-commit: 967ef7e6d2bd88a5d7010863f3d7138ca61b1939 Component: engine --- components/engine/container/container_unix.go | 2 +- components/engine/daemon/archive.go | 7 +- .../daemon/archive_tarcopyoptions_unix.go | 5 +- .../engine/daemon/graphdriver/vfs/driver.go | 2 +- .../engine/distribution/registry_unit_test.go | 2 +- components/engine/layer/layer_test.go | 3 +- components/engine/pkg/archive/archive.go | 133 +++++------------- components/engine/pkg/archive/archive_test.go | 65 ++++----- .../pkg/archive/archive_windows_test.go | 2 +- .../engine/pkg/chrootarchive/archive.go | 39 +---- .../engine/pkg/chrootarchive/archive_test.go | 18 +++ components/engine/pkg/idtools/idtools.go | 11 ++ 12 files changed, 104 insertions(+), 185 deletions(-) diff --git a/components/engine/container/container_unix.go b/components/engine/container/container_unix.go index b46e100bb1..530343d5ca 100644 --- a/components/engine/container/container_unix.go +++ b/components/engine/container/container_unix.go @@ -425,7 +425,7 @@ func copyExistingContents(source, destination string) error { } if len(srcList) == 0 { // If the source volume is empty, copies files from the root into the volume - if err := chrootarchive.CopyWithTar(source, destination); err != nil { + if err := chrootarchive.NewArchiver(nil).CopyWithTar(source, destination); err != nil { return err } } diff --git a/components/engine/daemon/archive.go b/components/engine/daemon/archive.go index c41298df0e..79b2ae362f 100644 --- a/components/engine/daemon/archive.go +++ b/components/engine/daemon/archive.go @@ -413,12 +413,7 @@ func (daemon *Daemon) CopyOnBuild(cID, destPath, srcRoot, srcPath string, decomp destExists = false } - archiver := &archive.Archiver{ - Untar: chrootarchive.Untar, - UIDMaps: daemon.idMappings.UIDs(), - GIDMaps: daemon.idMappings.GIDs(), - } - + archiver := chrootarchive.NewArchiver(daemon.idMappings) src, err := os.Stat(fullSrcPath) if err != nil { return err diff --git a/components/engine/daemon/archive_tarcopyoptions_unix.go b/components/engine/daemon/archive_tarcopyoptions_unix.go index 7b68bc463d..e7f47058a4 100644 --- a/components/engine/daemon/archive_tarcopyoptions_unix.go +++ b/components/engine/daemon/archive_tarcopyoptions_unix.go @@ -20,9 +20,6 @@ func (daemon *Daemon) tarCopyOptions(container *container.Container, noOverwrite return &archive.TarOptions{ NoOverwriteDirNonDir: noOverwriteDirNonDir, - ChownOpts: &archive.TarChownOptions{ - UID: user.Uid, - GID: user.Gid, - }, + ChownOpts: idtools.IDPair{UID: user.Uid, GID: user.Gid}, }, nil } diff --git a/components/engine/daemon/graphdriver/vfs/driver.go b/components/engine/daemon/graphdriver/vfs/driver.go index 846215e810..26dc89c36d 100644 --- a/components/engine/daemon/graphdriver/vfs/driver.go +++ b/components/engine/daemon/graphdriver/vfs/driver.go @@ -15,7 +15,7 @@ import ( var ( // CopyWithTar defines the copy method to use. - CopyWithTar = chrootarchive.CopyWithTar + CopyWithTar = chrootarchive.NewArchiver(nil).CopyWithTar ) func init() { diff --git a/components/engine/distribution/registry_unit_test.go b/components/engine/distribution/registry_unit_test.go index ebe6ecad97..910061f45a 100644 --- a/components/engine/distribution/registry_unit_test.go +++ b/components/engine/distribution/registry_unit_test.go @@ -152,7 +152,7 @@ func testDirectory(templateDir string) (dir string, err error) { return } if templateDir != "" { - if err = archive.CopyWithTar(templateDir, dir); err != nil { + if err = archive.NewDefaultArchiver().CopyWithTar(templateDir, dir); err != nil { return } } diff --git a/components/engine/layer/layer_test.go b/components/engine/layer/layer_test.go index 5c4da4f9a9..56340d3012 100644 --- a/components/engine/layer/layer_test.go +++ b/components/engine/layer/layer_test.go @@ -20,7 +20,8 @@ import ( func init() { graphdriver.ApplyUncompressedLayer = archive.UnpackLayer - vfs.CopyWithTar = archive.CopyWithTar + defaultArchiver := archive.NewDefaultArchiver() + vfs.CopyWithTar = defaultArchiver.CopyWithTar } func newVFSGraphDriver(td string) (graphdriver.Driver, error) { diff --git a/components/engine/pkg/archive/archive.go b/components/engine/pkg/archive/archive.go index 30b3c5b36f..bf5ed85566 100644 --- a/components/engine/pkg/archive/archive.go +++ b/components/engine/pkg/archive/archive.go @@ -6,7 +6,6 @@ import ( "bytes" "compress/bzip2" "compress/gzip" - "errors" "fmt" "io" "io/ioutil" @@ -31,10 +30,6 @@ type ( Compression int // WhiteoutFormat is the format of whiteouts unpacked WhiteoutFormat int - // TarChownOptions wraps the chown options UID and GID. - TarChownOptions struct { - UID, GID int - } // TarOptions wraps the tar options. TarOptions struct { @@ -44,7 +39,7 @@ type ( NoLchown bool UIDMaps []idtools.IDMap GIDMaps []idtools.IDMap - ChownOpts *TarChownOptions + ChownOpts idtools.IDPair IncludeSourceDir bool // WhiteoutFormat is the expected on disk format for whiteout files. // This format will be converted to the standard format on pack @@ -58,33 +53,26 @@ type ( RebaseNames map[string]string InUserNS bool } - - // Archiver allows the reuse of most utility functions of this package - // with a pluggable Untar function. Also, to facilitate the passing of - // specific id mappings for untar, an archiver can be created with maps - // which will then be passed to Untar operations - Archiver struct { - Untar func(io.Reader, string, *TarOptions) error - UIDMaps []idtools.IDMap - GIDMaps []idtools.IDMap - } - - // breakoutError is used to differentiate errors related to breaking out - // When testing archive breakout in the unit tests, this error is expected - // in order for the test to pass. - breakoutError error ) -var ( - // ErrNotImplemented is the error message of function not implemented. - ErrNotImplemented = errors.New("Function not implemented") - defaultArchiver = &Archiver{Untar: Untar, UIDMaps: nil, GIDMaps: nil} -) +// Archiver allows the reuse of most utility functions of this package +// with a pluggable Untar function. Also, to facilitate the passing of +// specific id mappings for untar, an archiver can be created with maps +// which will then be passed to Untar operations +type Archiver struct { + Untar func(io.Reader, string, *TarOptions) error + IDMappings *idtools.IDMappings +} -const ( - // HeaderSize is the size in bytes of a tar header - HeaderSize = 512 -) +// NewDefaultArchiver returns a new Archiver without any IDMappings +func NewDefaultArchiver() *Archiver { + return &Archiver{Untar: Untar, IDMappings: &idtools.IDMappings{}} +} + +// breakoutError is used to differentiate errors related to breaking out +// When testing archive breakout in the unit tests, this error is expected +// in order for the test to pass. +type breakoutError error const ( // Uncompressed represents the uncompressed. @@ -105,18 +93,6 @@ const ( OverlayWhiteoutFormat ) -// IsArchive checks for the magic bytes of a tar or any supported compression -// algorithm. -func IsArchive(header []byte) bool { - compression := DetectCompression(header) - if compression != Uncompressed { - return true - } - r := tar.NewReader(bytes.NewBuffer(header)) - _, err := r.Next() - return err == nil -} - // IsArchivePath checks if the (possibly compressed) file at the given path // starts with a tar file header. func IsArchivePath(path string) bool { @@ -496,7 +472,7 @@ func (ta *tarAppender) addTarFile(path, name string) error { return nil } -func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, Lchown bool, chownOpts *TarChownOptions, inUserns bool) error { +func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, Lchown bool, chownOpts *idtools.IDPair, inUserns bool) error { // hdr.Mode is in linux format, which we can use for sycalls, // but for os.Foo() calls we need the mode converted to os.FileMode, // so use hdrInfo.Mode() (they differ for e.g. setuid bits) @@ -576,7 +552,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L // Lchown is not supported on Windows. if Lchown && runtime.GOOS != "windows" { if chownOpts == nil { - chownOpts = &TarChownOptions{UID: hdr.Uid, GID: hdr.Gid} + chownOpts = &idtools.IDPair{UID: hdr.Uid, GID: hdr.Gid} } if err := os.Lchown(path, chownOpts.UID, chownOpts.GID); err != nil { return err @@ -941,7 +917,7 @@ loop: } } - if err := createTarFile(path, dest, hdr, trBuf, !options.NoLchown, options.ChownOpts, options.InUserNS); err != nil { + if err := createTarFile(path, dest, hdr, trBuf, !options.NoLchown, &options.ChownOpts, options.InUserNS); err != nil { return err } @@ -1013,23 +989,13 @@ func (archiver *Archiver) TarUntar(src, dst string) error { return err } defer archive.Close() - - var options *TarOptions - if archiver.UIDMaps != nil || archiver.GIDMaps != nil { - options = &TarOptions{ - UIDMaps: archiver.UIDMaps, - GIDMaps: archiver.GIDMaps, - } + options := &TarOptions{ + UIDMaps: archiver.IDMappings.UIDs(), + GIDMaps: archiver.IDMappings.GIDs(), } return archiver.Untar(archive, dst, options) } -// TarUntar is a convenience function which calls Tar and Untar, with the output of one piped into the other. -// If either Tar or Untar fails, TarUntar aborts and returns the error. -func TarUntar(src, dst string) error { - return defaultArchiver.TarUntar(src, dst) -} - // UntarPath untar a file from path to a destination, src is the source tar file path. func (archiver *Archiver) UntarPath(src, dst string) error { archive, err := os.Open(src) @@ -1037,22 +1003,13 @@ func (archiver *Archiver) UntarPath(src, dst string) error { return err } defer archive.Close() - var options *TarOptions - if archiver.UIDMaps != nil || archiver.GIDMaps != nil { - options = &TarOptions{ - UIDMaps: archiver.UIDMaps, - GIDMaps: archiver.GIDMaps, - } + options := &TarOptions{ + UIDMaps: archiver.IDMappings.UIDs(), + GIDMaps: archiver.IDMappings.GIDs(), } return archiver.Untar(archive, dst, options) } -// UntarPath is a convenience function which looks for an archive -// at filesystem path `src`, and unpacks it at `dst`. -func UntarPath(src, dst string) error { - return defaultArchiver.UntarPath(src, dst) -} - // CopyWithTar creates a tar archive of filesystem path `src`, and // unpacks it at filesystem path `dst`. // The archive is streamed directly with fixed buffering and no @@ -1069,27 +1026,19 @@ func (archiver *Archiver) CopyWithTar(src, dst string) error { // if this archiver is set up with ID mapping we need to create // the new destination directory with the remapped root UID/GID pair // as owner - rootUID, rootGID, err := idtools.GetRootUIDGID(archiver.UIDMaps, archiver.GIDMaps) + rootIDs, err := archiver.IDMappings.RootPair() if err != nil { return err } // Create dst, copy src's content into it logrus.Debugf("Creating dest directory: %s", dst) - if err := idtools.MkdirAllNewAs(dst, 0755, rootUID, rootGID); err != nil { + if err := idtools.MkdirAllAndChownNew(dst, 0755, rootIDs); err != nil { return err } logrus.Debugf("Calling TarUntar(%s, %s)", src, dst) return archiver.TarUntar(src, dst) } -// CopyWithTar creates a tar archive of filesystem path `src`, and -// unpacks it at filesystem path `dst`. -// The archive is streamed directly with fixed buffering and no -// intermediary disk IO. -func CopyWithTar(src, dst string) error { - return defaultArchiver.CopyWithTar(src, dst) -} - // CopyFileWithTar emulates the behavior of the 'cp' command-line // for a single file. It copies a regular file from path `src` to // path `dst`, and preserves all its metadata. @@ -1131,26 +1080,24 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) { hdr.Name = filepath.Base(dst) hdr.Mode = int64(chmodTarEntry(os.FileMode(hdr.Mode))) - remappedRootUID, remappedRootGID, err := idtools.GetRootUIDGID(archiver.UIDMaps, archiver.GIDMaps) + remappedRootIDs, err := archiver.IDMappings.RootPair() if err != nil { return err } // only perform mapping if the file being copied isn't already owned by the // uid or gid of the remapped root in the container - if remappedRootUID != hdr.Uid { - xUID, err := idtools.ToHost(hdr.Uid, archiver.UIDMaps) + if remappedRootIDs.UID != hdr.Uid { + hdr.Uid, err = archiver.IDMappings.UIDToHost(hdr.Uid) if err != nil { return err } - hdr.Uid = xUID } - if remappedRootGID != hdr.Gid { - xGID, err := idtools.ToHost(hdr.Gid, archiver.GIDMaps) + if remappedRootIDs.GID != hdr.Gid { + hdr.Gid, err = archiver.IDMappings.GIDToHost(hdr.Gid) if err != nil { return err } - hdr.Gid = xGID } tw := tar.NewWriter(w) @@ -1176,18 +1123,6 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) { return err } -// CopyFileWithTar emulates the behavior of the 'cp' command-line -// for a single file. It copies a regular file from path `src` to -// path `dst`, and preserves all its metadata. -// -// Destination handling is in an operating specific manner depending -// where the daemon is running. If `dst` ends with a trailing slash -// the final destination path will be `dst/base(src)` (Linux) or -// `dst\base(src)` (Windows). -func CopyFileWithTar(src, dst string) (err error) { - return defaultArchiver.CopyFileWithTar(src, dst) -} - // cmdStream executes a command, and returns its stdout as a stream. // If the command fails to run or doesn't complete successfully, an error // will be returned, including anything written on stderr. diff --git a/components/engine/pkg/archive/archive_test.go b/components/engine/pkg/archive/archive_test.go index e351a0455b..e85878fd0f 100644 --- a/components/engine/pkg/archive/archive_test.go +++ b/components/engine/pkg/archive/archive_test.go @@ -27,35 +27,22 @@ func init() { } } -func TestIsArchiveNilHeader(t *testing.T) { - out := IsArchive(nil) - if out { - t.Fatalf("isArchive should return false as nil is not a valid archive header") - } +var defaultArchiver = NewDefaultArchiver() + +func defaultTarUntar(src, dst string) error { + return defaultArchiver.TarUntar(src, dst) } -func TestIsArchiveInvalidHeader(t *testing.T) { - header := []byte{0x00, 0x01, 0x02} - out := IsArchive(header) - if out { - t.Fatalf("isArchive should return false as %s is not a valid archive header", header) - } +func defaultUntarPath(src, dst string) error { + return defaultArchiver.UntarPath(src, dst) } -func TestIsArchiveBzip2(t *testing.T) { - header := []byte{0x42, 0x5A, 0x68} - out := IsArchive(header) - if !out { - t.Fatalf("isArchive should return true as %s is a bz2 header", header) - } +func defaultCopyFileWithTar(src, dst string) (err error) { + return defaultArchiver.CopyFileWithTar(src, dst) } -func TestIsArchive7zip(t *testing.T) { - header := []byte{0x50, 0x4b, 0x03, 0x04} - out := IsArchive(header) - if out { - t.Fatalf("isArchive should return false as %s is a 7z header and it is not supported", header) - } +func defaultCopyWithTar(src, dst string) error { + return defaultArchiver.CopyWithTar(src, dst) } func TestIsArchivePathDir(t *testing.T) { @@ -301,7 +288,7 @@ func TestUntarPathWithInvalidDest(t *testing.T) { t.Fatal(err) } - err = UntarPath(tarFile, invalidDestFolder) + err = defaultUntarPath(tarFile, invalidDestFolder) if err == nil { t.Fatalf("UntarPath with invalid destination path should throw an error.") } @@ -313,7 +300,7 @@ func TestUntarPathWithInvalidSrc(t *testing.T) { t.Fatalf("Fail to create the destination file") } defer os.RemoveAll(dest) - err = UntarPath("/invalid/path", dest) + err = defaultUntarPath("/invalid/path", dest) if err == nil { t.Fatalf("UntarPath with invalid src path should throw an error.") } @@ -348,7 +335,7 @@ func TestUntarPath(t *testing.T) { t.Fatal(err) } - err = UntarPath(tarFile, destFolder) + err = defaultUntarPath(tarFile, destFolder) if err != nil { t.Fatalf("UntarPath shouldn't throw an error, %s.", err) } @@ -387,7 +374,7 @@ func TestUntarPathWithDestinationFile(t *testing.T) { if err != nil { t.Fatalf("Fail to create the destination file") } - err = UntarPath(tarFile, destFile) + err = defaultUntarPath(tarFile, destFile) if err == nil { t.Fatalf("UntarPath should throw an error if the destination if a file") } @@ -430,7 +417,7 @@ func TestUntarPathWithDestinationSrcFileAsFolder(t *testing.T) { if err != nil { t.Fatal(err) } - err = UntarPath(tarFile, destFolder) + err = defaultUntarPath(tarFile, destFolder) if err != nil { t.Fatalf("UntarPath should throw not throw an error if the extracted file already exists and is a folder") } @@ -447,7 +434,7 @@ func TestCopyWithTarInvalidSrc(t *testing.T) { if err != nil { t.Fatal(err) } - err = CopyWithTar(invalidSrc, destFolder) + err = defaultCopyWithTar(invalidSrc, destFolder) if err == nil { t.Fatalf("archiver.CopyWithTar with invalid src path should throw an error.") } @@ -464,7 +451,7 @@ func TestCopyWithTarInexistentDestWillCreateIt(t *testing.T) { if err != nil { t.Fatal(err) } - err = CopyWithTar(srcFolder, inexistentDestFolder) + err = defaultCopyWithTar(srcFolder, inexistentDestFolder) if err != nil { t.Fatalf("CopyWithTar with an inexistent folder shouldn't fail.") } @@ -493,7 +480,7 @@ func TestCopyWithTarSrcFile(t *testing.T) { t.Fatal(err) } ioutil.WriteFile(src, []byte("content"), 0777) - err = CopyWithTar(src, dest) + err = defaultCopyWithTar(src, dest) if err != nil { t.Fatalf("archiver.CopyWithTar shouldn't throw an error, %s.", err) } @@ -522,7 +509,7 @@ func TestCopyWithTarSrcFolder(t *testing.T) { t.Fatal(err) } ioutil.WriteFile(filepath.Join(src, "file"), []byte("content"), 0777) - err = CopyWithTar(src, dest) + err = defaultCopyWithTar(src, dest) if err != nil { t.Fatalf("archiver.CopyWithTar shouldn't throw an error, %s.", err) } @@ -545,7 +532,7 @@ func TestCopyFileWithTarInvalidSrc(t *testing.T) { t.Fatal(err) } invalidFile := filepath.Join(tempFolder, "doesnotexists") - err = CopyFileWithTar(invalidFile, destFolder) + err = defaultCopyFileWithTar(invalidFile, destFolder) if err == nil { t.Fatalf("archiver.CopyWithTar with invalid src path should throw an error.") } @@ -563,7 +550,7 @@ func TestCopyFileWithTarInexistentDestWillCreateIt(t *testing.T) { if err != nil { t.Fatal(err) } - err = CopyFileWithTar(srcFile, inexistentDestFolder) + err = defaultCopyFileWithTar(srcFile, inexistentDestFolder) if err != nil { t.Fatalf("CopyWithTar with an inexistent folder shouldn't fail.") } @@ -590,7 +577,7 @@ func TestCopyFileWithTarSrcFolder(t *testing.T) { if err != nil { t.Fatal(err) } - err = CopyFileWithTar(src, dest) + err = defaultCopyFileWithTar(src, dest) if err == nil { t.Fatalf("CopyFileWithTar should throw an error with a folder.") } @@ -614,7 +601,7 @@ func TestCopyFileWithTarSrcFile(t *testing.T) { t.Fatal(err) } ioutil.WriteFile(src, []byte("content"), 0777) - err = CopyWithTar(src, dest+"/") + err = defaultCopyWithTar(src, dest+"/") if err != nil { t.Fatalf("archiver.CopyFileWithTar shouldn't throw an error, %s.", err) } @@ -657,7 +644,7 @@ func checkNoChanges(fileNum int, hardlinks bool) error { return err } - err = TarUntar(srcDir, destDir) + err = defaultTarUntar(srcDir, destDir) if err != nil { return err } @@ -871,7 +858,7 @@ func BenchmarkTarUntar(b *testing.B) { b.ResetTimer() b.SetBytes(int64(n)) for n := 0; n < b.N; n++ { - err := TarUntar(origin, target) + err := defaultTarUntar(origin, target) if err != nil { b.Fatal(err) } @@ -899,7 +886,7 @@ func BenchmarkTarUntarWithLinks(b *testing.B) { b.ResetTimer() b.SetBytes(int64(n)) for n := 0; n < b.N; n++ { - err := TarUntar(origin, target) + err := defaultTarUntar(origin, target) if err != nil { b.Fatal(err) } diff --git a/components/engine/pkg/archive/archive_windows_test.go b/components/engine/pkg/archive/archive_windows_test.go index 9dd937f296..685e114baf 100644 --- a/components/engine/pkg/archive/archive_windows_test.go +++ b/components/engine/pkg/archive/archive_windows_test.go @@ -27,7 +27,7 @@ func TestCopyFileWithInvalidDest(t *testing.T) { t.Fatal(err) } ioutil.WriteFile(src, []byte("content"), 0777) - err = CopyWithTar(src, dest) + err = defaultCopyWithTar(src, dest) if err == nil { t.Fatalf("archiver.CopyWithTar should throw an error on invalid dest.") } diff --git a/components/engine/pkg/chrootarchive/archive.go b/components/engine/pkg/chrootarchive/archive.go index a7814f5b90..d996ef774a 100644 --- a/components/engine/pkg/chrootarchive/archive.go +++ b/components/engine/pkg/chrootarchive/archive.go @@ -11,7 +11,13 @@ import ( "github.com/docker/docker/pkg/idtools" ) -var chrootArchiver = &archive.Archiver{Untar: Untar} +// NewArchiver returns a new Archiver which uses chrootarchive.Untar +func NewArchiver(idMappings *idtools.IDMappings) *archive.Archiver { + if idMappings == nil { + idMappings = &idtools.IDMappings{} + } + return &archive.Archiver{Untar: Untar, IDMappings: idMappings} +} // Untar reads a stream of bytes from `archive`, parses it as a tar archive, // and unpacks it into the directory at `dest`. @@ -30,7 +36,6 @@ func UntarUncompressed(tarArchive io.Reader, dest string, options *archive.TarOp // Handler for teasing out the automatic decompression func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions, decompress bool) error { - if tarArchive == nil { return fmt.Errorf("Empty archive") } @@ -65,33 +70,3 @@ func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions return invokeUnpack(r, dest, options) } - -// TarUntar is a convenience function which calls Tar and Untar, with the output of one piped into the other. -// If either Tar or Untar fails, TarUntar aborts and returns the error. -func TarUntar(src, dst string) error { - return chrootArchiver.TarUntar(src, dst) -} - -// CopyWithTar creates a tar archive of filesystem path `src`, and -// unpacks it at filesystem path `dst`. -// The archive is streamed directly with fixed buffering and no -// intermediary disk IO. -func CopyWithTar(src, dst string) error { - return chrootArchiver.CopyWithTar(src, dst) -} - -// CopyFileWithTar emulates the behavior of the 'cp' command-line -// for a single file. It copies a regular file from path `src` to -// path `dst`, and preserves all its metadata. -// -// If `dst` ends with a trailing slash '/' ('\' on Windows), the final -// destination path will be `dst/base(src)` or `dst\base(src)` -func CopyFileWithTar(src, dst string) (err error) { - return chrootArchiver.CopyFileWithTar(src, dst) -} - -// UntarPath is a convenience function which looks for an archive -// at filesystem path `src`, and unpacks it at `dst`. -func UntarPath(src, dst string) error { - return chrootArchiver.UntarPath(src, dst) -} diff --git a/components/engine/pkg/chrootarchive/archive_test.go b/components/engine/pkg/chrootarchive/archive_test.go index 80e54a0edc..4780f3be08 100644 --- a/components/engine/pkg/chrootarchive/archive_test.go +++ b/components/engine/pkg/chrootarchive/archive_test.go @@ -22,6 +22,24 @@ func init() { reexec.Init() } +var chrootArchiver = NewArchiver(nil) + +func TarUntar(src, dst string) error { + return chrootArchiver.TarUntar(src, dst) +} + +func CopyFileWithTar(src, dst string) (err error) { + return chrootArchiver.CopyFileWithTar(src, dst) +} + +func UntarPath(src, dst string) error { + return chrootArchiver.UntarPath(src, dst) +} + +func CopyWithTar(src, dst string) error { + return chrootArchiver.CopyWithTar(src, dst) +} + func TestChrootTarUntar(t *testing.T) { tmpdir, err := ioutil.TempDir("", "docker-TestChrootTarUntar") if err != nil { diff --git a/components/engine/pkg/idtools/idtools.go b/components/engine/pkg/idtools/idtools.go index d7a3a45387..39c9805df2 100644 --- a/components/engine/pkg/idtools/idtools.go +++ b/components/engine/pkg/idtools/idtools.go @@ -118,6 +118,7 @@ func ToContainer(hostID int, idMap []IDMap) (int, error) { // ToHost takes an id mapping and a remapped ID, and translates the // ID to the mapped host ID. If no map is provided, then the translation // assumes a 1-to-1 mapping and returns the passed in id # +// Depercated: use IDMappings.UIDToHost and IDMappings.GIDToHost func ToHost(contID int, idMap []IDMap) (int, error) { if idMap == nil { return contID, nil @@ -174,6 +175,16 @@ func (i *IDMappings) RootPair() (IDPair, error) { return IDPair{UID: uid, GID: gid}, err } +// UIDToHost returns the host UID for the container uid +func (i *IDMappings) UIDToHost(uid int) (int, error) { + return ToHost(uid, i.uids) +} + +// GIDToHost returns the host GID for the container gid +func (i *IDMappings) GIDToHost(gid int) (int, error) { + return ToHost(gid, i.gids) +} + // UIDs return the UID mapping // TODO: remove this once everything has been refactored to use pairs func (i *IDMappings) UIDs() []IDMap { From c41fc33a7a22e083cc3da09ff1cbde78c0d9417e Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Wed, 24 May 2017 14:10:15 -0400 Subject: [PATCH 051/191] Convert tarAppender to the newIDMappings. Signed-off-by: Daniel Nephin Upstream-commit: 5672eeb5e06fe96451f36f35be7cfa18a4cf5063 Component: engine --- components/engine/pkg/archive/archive.go | 35 +++++++++++++----------- components/engine/pkg/archive/changes.go | 9 ++---- components/engine/pkg/idtools/idtools.go | 25 +++++++++++++++-- 3 files changed, 44 insertions(+), 25 deletions(-) diff --git a/components/engine/pkg/archive/archive.go b/components/engine/pkg/archive/archive.go index bf5ed85566..0418829c26 100644 --- a/components/engine/pkg/archive/archive.go +++ b/components/engine/pkg/archive/archive.go @@ -345,9 +345,8 @@ type tarAppender struct { Buffer *bufio.Writer // for hardlink mapping - SeenFiles map[uint64]string - UIDMaps []idtools.IDMap - GIDMaps []idtools.IDMap + SeenFiles map[uint64]string + IDMappings *idtools.IDMappings // For packing and unpacking whiteout files in the // non standard format. The whiteout files defined @@ -356,6 +355,15 @@ type tarAppender struct { WhiteoutConverter tarWhiteoutConverter } +func newTarAppender(idMapping *idtools.IDMappings, writer io.Writer) *tarAppender { + return &tarAppender{ + SeenFiles: make(map[uint64]string), + TarWriter: tar.NewWriter(writer), + Buffer: pools.BufioWriter32KPool.Get(nil), + IDMappings: idMapping, + } +} + // canonicalTarName provides a platform-independent and consistent posix-style //path for files and directories to be archived regardless of the platform. func canonicalTarName(name string, isDir bool) (string, error) { @@ -404,21 +412,19 @@ func (ta *tarAppender) addTarFile(path, name string) error { //handle re-mapping container ID mappings back to host ID mappings before //writing tar headers/files. We skip whiteout files because they were written //by the kernel and already have proper ownership relative to the host - if !strings.HasPrefix(filepath.Base(hdr.Name), WhiteoutPrefix) && (ta.UIDMaps != nil || ta.GIDMaps != nil) { + if !strings.HasPrefix(filepath.Base(hdr.Name), WhiteoutPrefix) && !ta.IDMappings.Empty() { uid, gid, err := getFileUIDGID(fi.Sys()) if err != nil { return err } - xUID, err := idtools.ToContainer(uid, ta.UIDMaps) + hdr.Uid, err = ta.IDMappings.UIDToContainer(uid) if err != nil { return err } - xGID, err := idtools.ToContainer(gid, ta.GIDMaps) + hdr.Gid, err = ta.IDMappings.GIDToContainer(gid) if err != nil { return err } - hdr.Uid = xUID - hdr.Gid = xGID } if ta.WhiteoutConverter != nil { @@ -640,14 +646,11 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error) } go func() { - ta := &tarAppender{ - TarWriter: tar.NewWriter(compressWriter), - Buffer: pools.BufioWriter32KPool.Get(nil), - SeenFiles: make(map[uint64]string), - UIDMaps: options.UIDMaps, - GIDMaps: options.GIDMaps, - WhiteoutConverter: getWhiteoutConverter(options.WhiteoutFormat), - } + ta := newTarAppender( + idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps), + compressWriter, + ) + ta.WhiteoutConverter = getWhiteoutConverter(options.WhiteoutFormat) defer func() { // Make sure to check the error on Close. diff --git a/components/engine/pkg/archive/changes.go b/components/engine/pkg/archive/changes.go index ca2c0ca1bf..5ca39b7215 100644 --- a/components/engine/pkg/archive/changes.go +++ b/components/engine/pkg/archive/changes.go @@ -394,13 +394,8 @@ func ChangesSize(newDir string, changes []Change) int64 { func ExportChanges(dir string, changes []Change, uidMaps, gidMaps []idtools.IDMap) (io.ReadCloser, error) { reader, writer := io.Pipe() go func() { - ta := &tarAppender{ - TarWriter: tar.NewWriter(writer), - Buffer: pools.BufioWriter32KPool.Get(nil), - SeenFiles: make(map[uint64]string), - UIDMaps: uidMaps, - GIDMaps: gidMaps, - } + ta := newTarAppender(idtools.NewIDMappingsFromMaps(uidMaps, gidMaps), writer) + // this buffer is needed for the duration of this piped stream defer pools.BufioWriter32KPool.Put(ta.Buffer) diff --git a/components/engine/pkg/idtools/idtools.go b/components/engine/pkg/idtools/idtools.go index 39c9805df2..5488a8be50 100644 --- a/components/engine/pkg/idtools/idtools.go +++ b/components/engine/pkg/idtools/idtools.go @@ -99,10 +99,10 @@ func GetRootUIDGID(uidMap, gidMap []IDMap) (int, int, error) { return uid, gid, nil } -// ToContainer takes an id mapping, and uses it to translate a +// toContainer takes an id mapping, and uses it to translate a // host ID to the remapped ID. If no map is provided, then the translation // assumes a 1-to-1 mapping and returns the passed in id -func ToContainer(hostID int, idMap []IDMap) (int, error) { +func toContainer(hostID int, idMap []IDMap) (int, error) { if idMap == nil { return hostID, nil } @@ -169,6 +169,12 @@ func NewIDMappings(username, groupname string) (*IDMappings, error) { }, nil } +// NewIDMappingsFromMaps creates a new mapping from two slices +// Deprecated: this is a temporary shim while transitioning to IDMapping +func NewIDMappingsFromMaps(uids []IDMap, gids []IDMap) *IDMappings { + return &IDMappings{uids: uids, gids: gids} +} + // RootPair returns a uid and gid pair for the root user func (i *IDMappings) RootPair() (IDPair, error) { uid, gid, err := GetRootUIDGID(i.uids, i.gids) @@ -185,6 +191,21 @@ func (i *IDMappings) GIDToHost(gid int) (int, error) { return ToHost(gid, i.gids) } +// UIDToContainer returns the container UID for the host uid +func (i *IDMappings) UIDToContainer(uid int) (int, error) { + return toContainer(uid, i.uids) +} + +// GIDToContainer returns the container GID for the host gid +func (i *IDMappings) GIDToContainer(gid int) (int, error) { + return toContainer(gid, i.gids) +} + +// Empty returns true if there are no id mappings +func (i *IDMappings) Empty() bool { + return len(i.uids) == 0 && len(i.gids) == 0 +} + // UIDs return the UID mapping // TODO: remove this once everything has been refactored to use pairs func (i *IDMappings) UIDs() []IDMap { From 03637cd7aab516f9c6fca510343080c33496c8db Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Wed, 24 May 2017 16:25:13 -0400 Subject: [PATCH 052/191] Fix vfs unit test and port VFS to the new IDMappings The test was failing because TarOptions was using a non-pointer for ChownOpts, which meant the check for nil was never true, and createTarFile was never using the hdr.UID/GID Signed-off-by: Daniel Nephin Upstream-commit: acdbc285e29ddd92e7a1cc99daf8b16502204d2e Component: engine --- .../daemon/archive_tarcopyoptions_unix.go | 2 +- .../graphdriver/devmapper/devmapper_test.go | 44 ++++++- .../graphdriver/graphtest/graphtest_unix.go | 52 +++----- .../graphdriver/graphtest/testutil_unix.go | 118 ++++-------------- .../engine/daemon/graphdriver/vfs/driver.go | 26 ++-- components/engine/pkg/archive/archive.go | 4 +- 6 files changed, 93 insertions(+), 153 deletions(-) diff --git a/components/engine/daemon/archive_tarcopyoptions_unix.go b/components/engine/daemon/archive_tarcopyoptions_unix.go index e7f47058a4..83e6fd9e17 100644 --- a/components/engine/daemon/archive_tarcopyoptions_unix.go +++ b/components/engine/daemon/archive_tarcopyoptions_unix.go @@ -20,6 +20,6 @@ func (daemon *Daemon) tarCopyOptions(container *container.Container, noOverwrite return &archive.TarOptions{ NoOverwriteDirNonDir: noOverwriteDirNonDir, - ChownOpts: idtools.IDPair{UID: user.Uid, GID: user.Gid}, + ChownOpts: &idtools.IDPair{UID: user.Uid, GID: user.Gid}, }, nil } diff --git a/components/engine/daemon/graphdriver/devmapper/devmapper_test.go b/components/engine/daemon/graphdriver/devmapper/devmapper_test.go index c5be97ae3f..7501397fdc 100644 --- a/components/engine/daemon/graphdriver/devmapper/devmapper_test.go +++ b/components/engine/daemon/graphdriver/devmapper/devmapper_test.go @@ -4,6 +4,8 @@ package devmapper import ( "fmt" + "os" + "syscall" "testing" "time" @@ -17,11 +19,51 @@ func init() { defaultMetaDataLoopbackSize = 200 * 1024 * 1024 defaultBaseFsSize = 300 * 1024 * 1024 defaultUdevSyncOverride = true - if err := graphtest.InitLoopbacks(); err != nil { + if err := initLoopbacks(); err != nil { panic(err) } } +// initLoopbacks ensures that the loopback devices are properly created within +// the system running the device mapper tests. +func initLoopbacks() error { + statT, err := getBaseLoopStats() + if err != nil { + return err + } + // create at least 8 loopback files, ya, that is a good number + for i := 0; i < 8; i++ { + loopPath := fmt.Sprintf("/dev/loop%d", i) + // only create new loopback files if they don't exist + if _, err := os.Stat(loopPath); err != nil { + if mkerr := syscall.Mknod(loopPath, + uint32(statT.Mode|syscall.S_IFBLK), int((7<<8)|(i&0xff)|((i&0xfff00)<<12))); mkerr != nil { + return mkerr + } + os.Chown(loopPath, int(statT.Uid), int(statT.Gid)) + } + } + return nil +} + +// getBaseLoopStats inspects /dev/loop0 to collect uid,gid, and mode for the +// loop0 device on the system. If it does not exist we assume 0,0,0660 for the +// stat data +func getBaseLoopStats() (*syscall.Stat_t, error) { + loop0, err := os.Stat("/dev/loop0") + if err != nil { + if os.IsNotExist(err) { + return &syscall.Stat_t{ + Uid: 0, + Gid: 0, + Mode: 0660, + }, nil + } + return nil, err + } + return loop0.Sys().(*syscall.Stat_t), nil +} + // This avoids creating a new driver for each test if all tests are run // Make sure to put new tests between TestDevmapperSetup and TestDevmapperTeardown func TestDevmapperSetup(t *testing.T) { diff --git a/components/engine/daemon/graphdriver/graphtest/graphtest_unix.go b/components/engine/daemon/graphdriver/graphtest/graphtest_unix.go index 6e952de78b..6852ca9f4c 100644 --- a/components/engine/daemon/graphdriver/graphtest/graphtest_unix.go +++ b/components/engine/daemon/graphdriver/graphtest/graphtest_unix.go @@ -16,6 +16,8 @@ import ( "github.com/docker/docker/daemon/graphdriver" "github.com/docker/docker/pkg/stringid" "github.com/docker/go-units" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) var ( @@ -33,14 +35,9 @@ type Driver struct { func newDriver(t testing.TB, name string, options []string) *Driver { root, err := ioutil.TempDir("", "docker-graphtest-") - if err != nil { - t.Fatal(err) - } - - if err := os.MkdirAll(root, 0755); err != nil { - t.Fatal(err) - } + require.NoError(t, err) + require.NoError(t, os.MkdirAll(root, 0755)) d, err := graphdriver.GetDriver(name, nil, graphdriver.Options{DriverOptions: options, Root: root}) if err != nil { t.Logf("graphdriver: %v\n", err) @@ -86,14 +83,11 @@ func DriverTestCreateEmpty(t testing.TB, drivername string, driverOptions ...str driver := GetDriver(t, drivername, driverOptions...) defer PutDriver(t) - if err := driver.Create("empty", "", nil); err != nil { - t.Fatal(err) - } + err := driver.Create("empty", "", nil) + require.NoError(t, err) defer func() { - if err := driver.Remove("empty"); err != nil { - t.Fatal(err) - } + require.NoError(t, driver.Remove("empty")) }() if !driver.Exists("empty") { @@ -101,21 +95,14 @@ func DriverTestCreateEmpty(t testing.TB, drivername string, driverOptions ...str } dir, err := driver.Get("empty", "") - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) verifyFile(t, dir, 0755|os.ModeDir, 0, 0) // Verify that the directory is empty fis, err := readDir(dir) - if err != nil { - t.Fatal(err) - } - - if len(fis) != 0 { - t.Fatal("New directory not empty") - } + require.NoError(t, err) + assert.Len(t, fis, 0) driver.Put("empty") } @@ -127,9 +114,7 @@ func DriverTestCreateBase(t testing.TB, drivername string, driverOptions ...stri createBase(t, driver, "Base") defer func() { - if err := driver.Remove("Base"); err != nil { - t.Fatal(err) - } + require.NoError(t, driver.Remove("Base")) }() verifyBase(t, driver, "Base") } @@ -140,21 +125,14 @@ func DriverTestCreateSnap(t testing.TB, drivername string, driverOptions ...stri defer PutDriver(t) createBase(t, driver, "Base") - defer func() { - if err := driver.Remove("Base"); err != nil { - t.Fatal(err) - } + require.NoError(t, driver.Remove("Base")) }() - if err := driver.Create("Snap", "Base", nil); err != nil { - t.Fatal(err) - } - + err := driver.Create("Snap", "Base", nil) + require.NoError(t, err) defer func() { - if err := driver.Remove("Snap"); err != nil { - t.Fatal(err) - } + require.NoError(t, driver.Remove("Snap")) }() verifyBase(t, driver, "Snap") diff --git a/components/engine/daemon/graphdriver/graphtest/testutil_unix.go b/components/engine/daemon/graphdriver/graphtest/testutil_unix.go index 49b0c2cc35..63a934176e 100644 --- a/components/engine/daemon/graphdriver/graphtest/testutil_unix.go +++ b/components/engine/daemon/graphdriver/graphtest/testutil_unix.go @@ -3,7 +3,6 @@ package graphtest import ( - "fmt" "io/ioutil" "os" "path" @@ -11,81 +10,24 @@ import ( "testing" "github.com/docker/docker/daemon/graphdriver" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) -// InitLoopbacks ensures that the loopback devices are properly created within -// the system running the device mapper tests. -func InitLoopbacks() error { - statT, err := getBaseLoopStats() - if err != nil { - return err - } - // create at least 8 loopback files, ya, that is a good number - for i := 0; i < 8; i++ { - loopPath := fmt.Sprintf("/dev/loop%d", i) - // only create new loopback files if they don't exist - if _, err := os.Stat(loopPath); err != nil { - if mkerr := syscall.Mknod(loopPath, - uint32(statT.Mode|syscall.S_IFBLK), int((7<<8)|(i&0xff)|((i&0xfff00)<<12))); mkerr != nil { - return mkerr - } - os.Chown(loopPath, int(statT.Uid), int(statT.Gid)) - } - } - return nil -} - -// getBaseLoopStats inspects /dev/loop0 to collect uid,gid, and mode for the -// loop0 device on the system. If it does not exist we assume 0,0,0660 for the -// stat data -func getBaseLoopStats() (*syscall.Stat_t, error) { - loop0, err := os.Stat("/dev/loop0") - if err != nil { - if os.IsNotExist(err) { - return &syscall.Stat_t{ - Uid: 0, - Gid: 0, - Mode: 0660, - }, nil - } - return nil, err - } - return loop0.Sys().(*syscall.Stat_t), nil -} - func verifyFile(t testing.TB, path string, mode os.FileMode, uid, gid uint32) { fi, err := os.Stat(path) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) - if fi.Mode()&os.ModeType != mode&os.ModeType { - t.Fatalf("Expected %s type 0x%x, got 0x%x", path, mode&os.ModeType, fi.Mode()&os.ModeType) - } - - if fi.Mode()&os.ModePerm != mode&os.ModePerm { - t.Fatalf("Expected %s mode %o, got %o", path, mode&os.ModePerm, fi.Mode()&os.ModePerm) - } - - if fi.Mode()&os.ModeSticky != mode&os.ModeSticky { - t.Fatalf("Expected %s sticky 0x%x, got 0x%x", path, mode&os.ModeSticky, fi.Mode()&os.ModeSticky) - } - - if fi.Mode()&os.ModeSetuid != mode&os.ModeSetuid { - t.Fatalf("Expected %s setuid 0x%x, got 0x%x", path, mode&os.ModeSetuid, fi.Mode()&os.ModeSetuid) - } - - if fi.Mode()&os.ModeSetgid != mode&os.ModeSetgid { - t.Fatalf("Expected %s setgid 0x%x, got 0x%x", path, mode&os.ModeSetgid, fi.Mode()&os.ModeSetgid) - } + actual := fi.Mode() + assert.Equal(t, mode&os.ModeType, actual&os.ModeType, path) + assert.Equal(t, mode&os.ModePerm, actual&os.ModePerm, path) + assert.Equal(t, mode&os.ModeSticky, actual&os.ModeSticky, path) + assert.Equal(t, mode&os.ModeSetuid, actual&os.ModeSetuid, path) + assert.Equal(t, mode&os.ModeSetgid, actual&os.ModeSetgid, path) if stat, ok := fi.Sys().(*syscall.Stat_t); ok { - if stat.Uid != uid { - t.Fatalf("%s no owned by uid %d", path, uid) - } - if stat.Gid != gid { - t.Fatalf("%s not owned by gid %d", path, gid) - } + assert.Equal(t, uid, stat.Uid, path) + assert.Equal(t, gid, stat.Gid, path) } } @@ -94,35 +36,25 @@ func createBase(t testing.TB, driver graphdriver.Driver, name string) { oldmask := syscall.Umask(0) defer syscall.Umask(oldmask) - if err := driver.CreateReadWrite(name, "", nil); err != nil { - t.Fatal(err) - } + err := driver.CreateReadWrite(name, "", nil) + require.NoError(t, err) dir, err := driver.Get(name, "") - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) defer driver.Put(name) subdir := path.Join(dir, "a subdir") - if err := os.Mkdir(subdir, 0705|os.ModeSticky); err != nil { - t.Fatal(err) - } - if err := os.Chown(subdir, 1, 2); err != nil { - t.Fatal(err) - } + require.NoError(t, os.Mkdir(subdir, 0705|os.ModeSticky)) + require.NoError(t, os.Chown(subdir, 1, 2)) file := path.Join(dir, "a file") - if err := ioutil.WriteFile(file, []byte("Some data"), 0222|os.ModeSetuid); err != nil { - t.Fatal(err) - } + err = ioutil.WriteFile(file, []byte("Some data"), 0222|os.ModeSetuid) + require.NoError(t, err) } func verifyBase(t testing.TB, driver graphdriver.Driver, name string) { dir, err := driver.Get(name, "") - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) defer driver.Put(name) subdir := path.Join(dir, "a subdir") @@ -131,13 +63,7 @@ func verifyBase(t testing.TB, driver graphdriver.Driver, name string) { file := path.Join(dir, "a file") verifyFile(t, file, 0222|os.ModeSetuid, 0, 0) - fis, err := readDir(dir) - if err != nil { - t.Fatal(err) - } - - if len(fis) != 2 { - t.Fatal("Unexpected files in base image") - } - + files, err := readDir(dir) + require.NoError(t, err) + assert.Len(t, files, 2) } diff --git a/components/engine/daemon/graphdriver/vfs/driver.go b/components/engine/daemon/graphdriver/vfs/driver.go index 26dc89c36d..f1b8b8661c 100644 --- a/components/engine/daemon/graphdriver/vfs/driver.go +++ b/components/engine/daemon/graphdriver/vfs/driver.go @@ -9,7 +9,6 @@ import ( "github.com/docker/docker/pkg/chrootarchive" "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/system" - "github.com/opencontainers/selinux/go-selinux/label" ) @@ -26,15 +25,14 @@ func init() { // This sets the home directory for the driver and returns NaiveDiffDriver. func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (graphdriver.Driver, error) { d := &Driver{ - home: home, - uidMaps: uidMaps, - gidMaps: gidMaps, + home: home, + idMappings: idtools.NewIDMappingsFromMaps(uidMaps, gidMaps), } - rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps) + rootIDs, err := d.idMappings.RootPair() if err != nil { return nil, err } - if err := idtools.MkdirAllAs(home, 0700, rootUID, rootGID); err != nil { + if err := idtools.MkdirAllAndChown(home, 0700, rootIDs); err != nil { return nil, err } return graphdriver.NewNaiveDiffDriver(d, uidMaps, gidMaps), nil @@ -45,9 +43,8 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap // In order to support layering, files are copied from the parent layer into the new layer. There is no copy-on-write support. // Driver must be wrapped in NaiveDiffDriver to be used as a graphdriver.Driver type Driver struct { - home string - uidMaps []idtools.IDMap - gidMaps []idtools.IDMap + home string + idMappings *idtools.IDMappings } func (d *Driver) String() string { @@ -82,14 +79,14 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error { } dir := d.dir(id) - rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps) + rootIDs, err := d.idMappings.RootPair() if err != nil { return err } - if err := idtools.MkdirAllAs(filepath.Dir(dir), 0700, rootUID, rootGID); err != nil { + if err := idtools.MkdirAllAndChown(filepath.Dir(dir), 0700, rootIDs); err != nil { return err } - if err := idtools.MkdirAs(dir, 0755, rootUID, rootGID); err != nil { + if err := idtools.MkdirAndChown(dir, 0755, rootIDs); err != nil { return err } labelOpts := []string{"level:s0"} @@ -103,10 +100,7 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error { if err != nil { return fmt.Errorf("%s: %s", parent, err) } - if err := CopyWithTar(parentDir, dir); err != nil { - return err - } - return nil + return CopyWithTar(parentDir, dir) } func (d *Driver) dir(id string) string { diff --git a/components/engine/pkg/archive/archive.go b/components/engine/pkg/archive/archive.go index 0418829c26..59154a4bde 100644 --- a/components/engine/pkg/archive/archive.go +++ b/components/engine/pkg/archive/archive.go @@ -39,7 +39,7 @@ type ( NoLchown bool UIDMaps []idtools.IDMap GIDMaps []idtools.IDMap - ChownOpts idtools.IDPair + ChownOpts *idtools.IDPair IncludeSourceDir bool // WhiteoutFormat is the expected on disk format for whiteout files. // This format will be converted to the standard format on pack @@ -920,7 +920,7 @@ loop: } } - if err := createTarFile(path, dest, hdr, trBuf, !options.NoLchown, &options.ChownOpts, options.InUserNS); err != nil { + if err := createTarFile(path, dest, hdr, trBuf, !options.NoLchown, options.ChownOpts, options.InUserNS); err != nil { return err } From f40a1d3270858fb0ae34fae09db683055d946fdb Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Wed, 31 May 2017 17:18:04 -0400 Subject: [PATCH 053/191] Remove ToHost and replace it with IDMappings.ToHost Signed-off-by: Daniel Nephin Upstream-commit: df248d31d9d61342575fc1b5d3d848f0b282bbc5 Component: engine --- components/engine/pkg/archive/archive.go | 59 ++++------------ components/engine/pkg/archive/archive_unix.go | 7 +- .../engine/pkg/archive/archive_windows.go | 5 +- components/engine/pkg/archive/diff.go | 28 ++------ components/engine/pkg/idtools/idtools.go | 68 ++++++++++--------- 5 files changed, 60 insertions(+), 107 deletions(-) diff --git a/components/engine/pkg/archive/archive.go b/components/engine/pkg/archive/archive.go index 59154a4bde..fe09cdec4a 100644 --- a/components/engine/pkg/archive/archive.go +++ b/components/engine/pkg/archive/archive.go @@ -413,15 +413,11 @@ func (ta *tarAppender) addTarFile(path, name string) error { //writing tar headers/files. We skip whiteout files because they were written //by the kernel and already have proper ownership relative to the host if !strings.HasPrefix(filepath.Base(hdr.Name), WhiteoutPrefix) && !ta.IDMappings.Empty() { - uid, gid, err := getFileUIDGID(fi.Sys()) + fileIDPair, err := getFileUIDGID(fi.Sys()) if err != nil { return err } - hdr.Uid, err = ta.IDMappings.UIDToContainer(uid) - if err != nil { - return err - } - hdr.Gid, err = ta.IDMappings.GIDToContainer(gid) + hdr.Uid, hdr.Gid, err = ta.IDMappings.ToContainer(fileIDPair) if err != nil { return err } @@ -806,7 +802,8 @@ func Unpack(decompressedArchive io.Reader, dest string, options *TarOptions) err defer pools.BufioReader32KPool.Put(trBuf) var dirs []*tar.Header - remappedRootUID, remappedRootGID, err := idtools.GetRootUIDGID(options.UIDMaps, options.GIDMaps) + idMappings := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps) + rootIDs, err := idMappings.RootPair() if err != nil { return err } @@ -843,7 +840,7 @@ loop: parent := filepath.Dir(hdr.Name) parentPath := filepath.Join(dest, parent) if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) { - err = idtools.MkdirAllNewAs(parentPath, 0777, remappedRootUID, remappedRootGID) + err = idtools.MkdirAllAndChownNew(parentPath, 0777, rootIDs) if err != nil { return err } @@ -888,26 +885,8 @@ loop: } trBuf.Reset(tr) - // if the options contain a uid & gid maps, convert header uid/gid - // entries using the maps such that lchown sets the proper mapped - // uid/gid after writing the file. We only perform this mapping if - // the file isn't already owned by the remapped root UID or GID, as - // that specific uid/gid has no mapping from container -> host, and - // those files already have the proper ownership for inside the - // container. - if hdr.Uid != remappedRootUID { - xUID, err := idtools.ToHost(hdr.Uid, options.UIDMaps) - if err != nil { - return err - } - hdr.Uid = xUID - } - if hdr.Gid != remappedRootGID { - xGID, err := idtools.ToHost(hdr.Gid, options.GIDMaps) - if err != nil { - return err - } - hdr.Gid = xGID + if err := remapIDs(idMappings, hdr); err != nil { + return err } if whiteoutConverter != nil { @@ -1083,26 +1062,10 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) { hdr.Name = filepath.Base(dst) hdr.Mode = int64(chmodTarEntry(os.FileMode(hdr.Mode))) - remappedRootIDs, err := archiver.IDMappings.RootPair() - if err != nil { + if err := remapIDs(archiver.IDMappings, hdr); err != nil { return err } - // only perform mapping if the file being copied isn't already owned by the - // uid or gid of the remapped root in the container - if remappedRootIDs.UID != hdr.Uid { - hdr.Uid, err = archiver.IDMappings.UIDToHost(hdr.Uid) - if err != nil { - return err - } - } - if remappedRootIDs.GID != hdr.Gid { - hdr.Gid, err = archiver.IDMappings.GIDToHost(hdr.Gid) - if err != nil { - return err - } - } - tw := tar.NewWriter(w) defer tw.Close() if err := tw.WriteHeader(hdr); err != nil { @@ -1126,6 +1089,12 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) { return err } +func remapIDs(idMappings *idtools.IDMappings, hdr *tar.Header) error { + ids, err := idMappings.ToHost(idtools.IDPair{UID: hdr.Uid, GID: hdr.Gid}) + hdr.Uid, hdr.Gid = ids.UID, ids.GID + return err +} + // cmdStream executes a command, and returns its stdout as a stream. // If the command fails to run or doesn't complete successfully, an error // will be returned, including anything written on stderr. diff --git a/components/engine/pkg/archive/archive_unix.go b/components/engine/pkg/archive/archive_unix.go index 68d3c97d27..33ee88766f 100644 --- a/components/engine/pkg/archive/archive_unix.go +++ b/components/engine/pkg/archive/archive_unix.go @@ -9,6 +9,7 @@ import ( "path/filepath" "syscall" + "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/system" rsystem "github.com/opencontainers/runc/libcontainer/system" ) @@ -72,13 +73,13 @@ func getInodeFromStat(stat interface{}) (inode uint64, err error) { return } -func getFileUIDGID(stat interface{}) (int, int, error) { +func getFileUIDGID(stat interface{}) (idtools.IDPair, error) { s, ok := stat.(*syscall.Stat_t) if !ok { - return -1, -1, errors.New("cannot convert stat value to syscall.Stat_t") + return idtools.IDPair{}, errors.New("cannot convert stat value to syscall.Stat_t") } - return int(s.Uid), int(s.Gid), nil + return idtools.IDPair{UID: int(s.Uid), GID: int(s.Gid)}, nil } func major(device uint64) uint64 { diff --git a/components/engine/pkg/archive/archive_windows.go b/components/engine/pkg/archive/archive_windows.go index 9c7094738d..a22410c039 100644 --- a/components/engine/pkg/archive/archive_windows.go +++ b/components/engine/pkg/archive/archive_windows.go @@ -9,6 +9,7 @@ import ( "path/filepath" "strings" + "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/longpath" ) @@ -72,7 +73,7 @@ func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error { return nil } -func getFileUIDGID(stat interface{}) (int, int, error) { +func getFileUIDGID(stat interface{}) (idtools.IDPair, error) { // no notion of file ownership mapping yet on Windows - return 0, 0, nil + return idtools.IDPair{0, 0}, nil } diff --git a/components/engine/pkg/archive/diff.go b/components/engine/pkg/archive/diff.go index 2292193942..d20854e2a2 100644 --- a/components/engine/pkg/archive/diff.go +++ b/components/engine/pkg/archive/diff.go @@ -33,10 +33,7 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64, if options.ExcludePatterns == nil { options.ExcludePatterns = []string{} } - remappedRootUID, remappedRootGID, err := idtools.GetRootUIDGID(options.UIDMaps, options.GIDMaps) - if err != nil { - return 0, err - } + idMappings := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps) aufsTempdir := "" aufsHardlinks := make(map[string]*tar.Header) @@ -195,27 +192,10 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64, srcData = tmpFile } - // if the options contain a uid & gid maps, convert header uid/gid - // entries using the maps such that lchown sets the proper mapped - // uid/gid after writing the file. We only perform this mapping if - // the file isn't already owned by the remapped root UID or GID, as - // that specific uid/gid has no mapping from container -> host, and - // those files already have the proper ownership for inside the - // container. - if srcHdr.Uid != remappedRootUID { - xUID, err := idtools.ToHost(srcHdr.Uid, options.UIDMaps) - if err != nil { - return 0, err - } - srcHdr.Uid = xUID - } - if srcHdr.Gid != remappedRootGID { - xGID, err := idtools.ToHost(srcHdr.Gid, options.GIDMaps) - if err != nil { - return 0, err - } - srcHdr.Gid = xGID + if err := remapIDs(idMappings, srcHdr); err != nil { + return 0, err } + if err := createTarFile(path, dest, srcHdr, srcData, true, nil, options.InUserNS); err != nil { return 0, err } diff --git a/components/engine/pkg/idtools/idtools.go b/components/engine/pkg/idtools/idtools.go index 5488a8be50..cd5ca51dfb 100644 --- a/components/engine/pkg/idtools/idtools.go +++ b/components/engine/pkg/idtools/idtools.go @@ -80,21 +80,13 @@ func MkdirAllAndChownNew(path string, mode os.FileMode, ids IDPair) error { // GetRootUIDGID retrieves the remapped root uid/gid pair from the set of maps. // If the maps are empty, then the root uid/gid will default to "real" 0/0 func GetRootUIDGID(uidMap, gidMap []IDMap) (int, int, error) { - var uid, gid int - - if uidMap != nil { - xUID, err := ToHost(0, uidMap) - if err != nil { - return -1, -1, err - } - uid = xUID + uid, err := toHost(0, uidMap) + if err != nil { + return -1, -1, err } - if gidMap != nil { - xGID, err := ToHost(0, gidMap) - if err != nil { - return -1, -1, err - } - gid = xGID + gid, err := toHost(0, gidMap) + if err != nil { + return -1, -1, err } return uid, gid, nil } @@ -115,11 +107,10 @@ func toContainer(hostID int, idMap []IDMap) (int, error) { return -1, fmt.Errorf("Host ID %d cannot be mapped to a container ID", hostID) } -// ToHost takes an id mapping and a remapped ID, and translates the +// toHost takes an id mapping and a remapped ID, and translates the // ID to the mapped host ID. If no map is provided, then the translation // assumes a 1-to-1 mapping and returns the passed in id # -// Depercated: use IDMappings.UIDToHost and IDMappings.GIDToHost -func ToHost(contID int, idMap []IDMap) (int, error) { +func toHost(contID int, idMap []IDMap) (int, error) { if idMap == nil { return contID, nil } @@ -181,24 +172,35 @@ func (i *IDMappings) RootPair() (IDPair, error) { return IDPair{UID: uid, GID: gid}, err } -// UIDToHost returns the host UID for the container uid -func (i *IDMappings) UIDToHost(uid int) (int, error) { - return ToHost(uid, i.uids) +// ToHost returns the host UID and GID for the container uid, gid. +// Remapping is only performed if the ids aren't already the remapped root ids +func (i *IDMappings) ToHost(pair IDPair) (IDPair, error) { + target, err := i.RootPair() + if err != nil { + return IDPair{}, err + } + + if pair.UID != target.UID { + target.UID, err = toHost(pair.UID, i.uids) + if err != nil { + return target, err + } + } + + if pair.GID != target.GID { + target.GID, err = toHost(pair.GID, i.gids) + } + return target, err } -// GIDToHost returns the host GID for the container gid -func (i *IDMappings) GIDToHost(gid int) (int, error) { - return ToHost(gid, i.gids) -} - -// UIDToContainer returns the container UID for the host uid -func (i *IDMappings) UIDToContainer(uid int) (int, error) { - return toContainer(uid, i.uids) -} - -// GIDToContainer returns the container GID for the host gid -func (i *IDMappings) GIDToContainer(gid int) (int, error) { - return toContainer(gid, i.gids) +// ToContainer returns the container UID and GID for the host uid and gid +func (i *IDMappings) ToContainer(pair IDPair) (int, int, error) { + uid, err := toContainer(pair.UID, i.uids) + if err != nil { + return -1, -1, err + } + gid, err := toContainer(pair.GID, i.gids) + return uid, gid, err } // Empty returns true if there are no id mappings From b35fc7f2687873d71c5ec079569fc2ff111b28df Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Wed, 31 May 2017 17:36:48 -0400 Subject: [PATCH 054/191] Remove MkdirAllNewAs and update tests. Signed-off-by: Daniel Nephin Upstream-commit: 6150ebf7b483197f4b8755df60e750b6410e95ca Component: engine --- .../engine/libcontainerd/client_unix.go | 4 +- .../engine/pkg/chrootarchive/archive.go | 5 +- components/engine/pkg/idtools/idtools.go | 8 --- .../engine/pkg/idtools/idtools_unix_test.go | 54 +++++++------------ 4 files changed, 23 insertions(+), 48 deletions(-) diff --git a/components/engine/libcontainerd/client_unix.go b/components/engine/libcontainerd/client_unix.go index 906026024d..456e21fceb 100644 --- a/components/engine/libcontainerd/client_unix.go +++ b/components/engine/libcontainerd/client_unix.go @@ -34,7 +34,7 @@ func (clnt *client) prepareBundleDir(uid, gid int) (string, error) { } if os.IsNotExist(err) || fi.Mode()&1 == 0 { p = fmt.Sprintf("%s.%d.%d", p, uid, gid) - if err := idtools.MkdirAs(p, 0700, uid, gid); err != nil && !os.IsExist(err) { + if err := idtools.MkdirAndChown(p, 0700, idtools.IDPair{uid, gid}); err != nil && !os.IsExist(err) { return "", err } } @@ -71,7 +71,7 @@ func (clnt *client) Create(containerID string, checkpoint string, checkpointDir } }() - if err := idtools.MkdirAllAs(container.dir, 0700, uid, gid); err != nil && !os.IsExist(err) { + if err := idtools.MkdirAllAndChown(container.dir, 0700, idtools.IDPair{uid, gid}); err != nil && !os.IsExist(err) { return err } diff --git a/components/engine/pkg/chrootarchive/archive.go b/components/engine/pkg/chrootarchive/archive.go index d996ef774a..61522c75fc 100644 --- a/components/engine/pkg/chrootarchive/archive.go +++ b/components/engine/pkg/chrootarchive/archive.go @@ -46,14 +46,15 @@ func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions options.ExcludePatterns = []string{} } - rootUID, rootGID, err := idtools.GetRootUIDGID(options.UIDMaps, options.GIDMaps) + idMappings := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps) + rootIDs, err := idMappings.RootPair() if err != nil { return err } dest = filepath.Clean(dest) if _, err := os.Stat(dest); os.IsNotExist(err) { - if err := idtools.MkdirAllNewAs(dest, 0755, rootUID, rootGID); err != nil { + if err := idtools.MkdirAllAndChownNew(dest, 0755, rootIDs); err != nil { return err } } diff --git a/components/engine/pkg/idtools/idtools.go b/components/engine/pkg/idtools/idtools.go index cd5ca51dfb..36cd688c7d 100644 --- a/components/engine/pkg/idtools/idtools.go +++ b/components/engine/pkg/idtools/idtools.go @@ -42,14 +42,6 @@ func MkdirAllAs(path string, mode os.FileMode, ownerUID, ownerGID int) error { return mkdirAs(path, mode, ownerUID, ownerGID, true, true) } -// MkdirAllNewAs creates a directory (include any along the path) and then modifies -// ownership ONLY of newly created directories to the requested uid/gid. If the -// directories along the path exist, no change of ownership will be performed -// Deprecated: Use MkdirAllAndChownNew -func MkdirAllNewAs(path string, mode os.FileMode, ownerUID, ownerGID int) error { - return mkdirAs(path, mode, ownerUID, ownerGID, true, false) -} - // MkdirAs creates a directory and then modifies ownership to the requested uid/gid. // If the directory already exists, this function still changes ownership // Deprecated: Use MkdirAndChown with a IDPair diff --git a/components/engine/pkg/idtools/idtools_unix_test.go b/components/engine/pkg/idtools/idtools_unix_test.go index 540d3079ee..31522a547d 100644 --- a/components/engine/pkg/idtools/idtools_unix_test.go +++ b/components/engine/pkg/idtools/idtools_unix_test.go @@ -9,6 +9,8 @@ import ( "path/filepath" "syscall" "testing" + + "github.com/stretchr/testify/require" ) type node struct { @@ -76,12 +78,9 @@ func TestMkdirAllAs(t *testing.T) { } } -func TestMkdirAllNewAs(t *testing.T) { - +func TestMkdirAllAndChownNew(t *testing.T) { dirName, err := ioutil.TempDir("", "mkdirnew") - if err != nil { - t.Fatalf("Couldn't create temp dir: %v", err) - } + require.NoError(t, err) defer os.RemoveAll(dirName) testTree := map[string]node{ @@ -91,49 +90,32 @@ func TestMkdirAllNewAs(t *testing.T) { "lib/x86_64": {45, 45}, "lib/x86_64/share": {1, 1}, } - - if err := buildTree(dirName, testTree); err != nil { - t.Fatal(err) - } + require.NoError(t, buildTree(dirName, testTree)) // test adding a directory to a pre-existing dir; only the new dir is owned by the uid/gid - if err := MkdirAllNewAs(filepath.Join(dirName, "usr", "share"), 0755, 99, 99); err != nil { - t.Fatal(err) - } + err = MkdirAllAndChownNew(filepath.Join(dirName, "usr", "share"), 0755, IDPair{99, 99}) + require.NoError(t, err) + testTree["usr/share"] = node{99, 99} verifyTree, err := readTree(dirName, "") - if err != nil { - t.Fatal(err) - } - if err := compareTrees(testTree, verifyTree); err != nil { - t.Fatal(err) - } + require.NoError(t, err) + require.NoError(t, compareTrees(testTree, verifyTree)) // test 2-deep new directories--both should be owned by the uid/gid pair - if err := MkdirAllNewAs(filepath.Join(dirName, "lib", "some", "other"), 0755, 101, 101); err != nil { - t.Fatal(err) - } + err = MkdirAllAndChownNew(filepath.Join(dirName, "lib", "some", "other"), 0755, IDPair{101, 101}) + require.NoError(t, err) testTree["lib/some"] = node{101, 101} testTree["lib/some/other"] = node{101, 101} verifyTree, err = readTree(dirName, "") - if err != nil { - t.Fatal(err) - } - if err := compareTrees(testTree, verifyTree); err != nil { - t.Fatal(err) - } + require.NoError(t, err) + require.NoError(t, compareTrees(testTree, verifyTree)) // test a directory that already exists; should NOT be chowned - if err := MkdirAllNewAs(filepath.Join(dirName, "usr"), 0755, 102, 102); err != nil { - t.Fatal(err) - } + err = MkdirAllAndChownNew(filepath.Join(dirName, "usr"), 0755, IDPair{102, 102}) + require.NoError(t, err) verifyTree, err = readTree(dirName, "") - if err != nil { - t.Fatal(err) - } - if err := compareTrees(testTree, verifyTree); err != nil { - t.Fatal(err) - } + require.NoError(t, err) + require.NoError(t, compareTrees(testTree, verifyTree)) } func TestMkdirAs(t *testing.T) { From 583893964eeeb09807cbe914bd3955c9842b00d4 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Wed, 31 May 2017 17:56:23 -0400 Subject: [PATCH 055/191] Remove error return from RootPair There is no case which would resolve in this error. The root user always exists, and if the id maps are empty, the default value of 0 is correct. Signed-off-by: Daniel Nephin Upstream-commit: 93fbdb69acf9248283a91a1c5c6ea24711c26eda Component: engine --- components/engine/daemon/archive.go | 2 +- .../daemon/container_operations_unix.go | 6 +++--- components/engine/daemon/create.go | 5 +---- components/engine/daemon/create_unix.go | 2 +- components/engine/daemon/daemon.go | 19 +++---------------- .../engine/daemon/graphdriver/vfs/driver.go | 10 ++-------- components/engine/daemon/info.go | 2 +- components/engine/daemon/oci_linux.go | 3 +-- components/engine/daemon/oci_solaris.go | 3 +-- components/engine/daemon/volumes_unix.go | 5 ++--- components/engine/daemon/workdir.go | 3 +-- components/engine/pkg/archive/archive.go | 10 ++-------- .../engine/pkg/chrootarchive/archive.go | 5 +---- components/engine/pkg/idtools/idtools.go | 16 ++++++++-------- 14 files changed, 28 insertions(+), 63 deletions(-) diff --git a/components/engine/daemon/archive.go b/components/engine/daemon/archive.go index 79b2ae362f..3fb75bbb22 100644 --- a/components/engine/daemon/archive.go +++ b/components/engine/daemon/archive.go @@ -375,7 +375,7 @@ func (daemon *Daemon) CopyOnBuild(cID, destPath, srcRoot, srcPath string, decomp destExists := true destDir := false - rootIDs, _ := daemon.idMappings.RootPair() + rootIDs := daemon.idMappings.RootPair() // Work in daemon-local OS specific file paths destPath = filepath.FromSlash(destPath) diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go index 5ae7a68f0b..99d17e41b5 100644 --- a/components/engine/daemon/container_operations_unix.go +++ b/components/engine/daemon/container_operations_unix.go @@ -109,7 +109,7 @@ func (daemon *Daemon) setupIpcDirs(c *container.Container) error { } c.ShmPath = "/dev/shm" } else { - rootIDs, _ := daemon.idMappings.RootPair() + rootIDs := daemon.idMappings.RootPair() if !c.HasMountFor("/dev/shm") { shmPath, err := c.ShmResourcePath() if err != nil { @@ -147,7 +147,7 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { logrus.Debugf("secrets: setting up secret dir: %s", localMountPath) // retrieve possible remapped range start for root UID, GID - rootIDs, _ := daemon.idMappings.RootPair() + rootIDs := daemon.idMappings.RootPair() // create tmpfs if err := idtools.MkdirAllAndChown(localMountPath, 0700, rootIDs); err != nil { return errors.Wrap(err, "error creating secret local mount path") @@ -232,7 +232,7 @@ func (daemon *Daemon) setupConfigDir(c *container.Container) (setupErr error) { logrus.Debugf("configs: setting up config dir: %s", localPath) // retrieve possible remapped range start for root UID, GID - rootIDs, _ := daemon.idMappings.RootPair() + rootIDs := daemon.idMappings.RootPair() // create tmpfs if err := idtools.MkdirAllAndChown(localPath, 0700, rootIDs); err != nil { return errors.Wrap(err, "error creating config dir") diff --git a/components/engine/daemon/create.go b/components/engine/daemon/create.go index 52b4b0e6fa..697886274f 100644 --- a/components/engine/daemon/create.go +++ b/components/engine/daemon/create.go @@ -117,10 +117,7 @@ func (daemon *Daemon) create(params types.ContainerCreateConfig, managed bool) ( return nil, err } - rootIDs, err := daemon.idMappings.RootPair() - if err != nil { - return nil, err - } + rootIDs := daemon.idMappings.RootPair() if err := idtools.MkdirAndChown(container.Root, 0700, rootIDs); err != nil { return nil, err } diff --git a/components/engine/daemon/create_unix.go b/components/engine/daemon/create_unix.go index 27471e7556..2501a3374a 100644 --- a/components/engine/daemon/create_unix.go +++ b/components/engine/daemon/create_unix.go @@ -22,7 +22,7 @@ func (daemon *Daemon) createContainerPlatformSpecificSettings(container *contain } defer daemon.Unmount(container) - rootIDs, _ := daemon.idMappings.RootPair() + rootIDs := daemon.idMappings.RootPair() if err := container.SetupWorkingDirectory(rootIDs); err != nil { return err } diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go index 3e8b3106a2..4b78d01370 100644 --- a/components/engine/daemon/daemon.go +++ b/components/engine/daemon/daemon.go @@ -527,11 +527,7 @@ func NewDaemon(config *config.Config, registryService registry.Service, containe if err != nil { return nil, err } - rootIDs, err := idMappings.RootPair() - if err != nil { - return nil, err - } - + rootIDs := idMappings.RootPair() if err := setupDaemonProcess(config); err != nil { return nil, err } @@ -994,7 +990,7 @@ func prepareTempDir(rootDir string, rootIDs idtools.IDPair) (string, error) { } func (daemon *Daemon) setupInitLayer(initPath string) error { - rootIDs, _ := daemon.idMappings.RootPair() + rootIDs := daemon.idMappings.RootPair() return initlayer.Setup(initPath, rootIDs) } @@ -1157,14 +1153,5 @@ func CreateDaemonRoot(config *config.Config) error { if err != nil { return err } - rootIDs, err := idMappings.RootPair() - if err != nil { - return err - } - - if err := setupDaemonRoot(config, realRoot, rootIDs); err != nil { - return err - } - - return nil + return setupDaemonRoot(config, realRoot, idMappings.RootPair()) } diff --git a/components/engine/daemon/graphdriver/vfs/driver.go b/components/engine/daemon/graphdriver/vfs/driver.go index f1b8b8661c..15a4de3606 100644 --- a/components/engine/daemon/graphdriver/vfs/driver.go +++ b/components/engine/daemon/graphdriver/vfs/driver.go @@ -28,10 +28,7 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap home: home, idMappings: idtools.NewIDMappingsFromMaps(uidMaps, gidMaps), } - rootIDs, err := d.idMappings.RootPair() - if err != nil { - return nil, err - } + rootIDs := d.idMappings.RootPair() if err := idtools.MkdirAllAndChown(home, 0700, rootIDs); err != nil { return nil, err } @@ -79,10 +76,7 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error { } dir := d.dir(id) - rootIDs, err := d.idMappings.RootPair() - if err != nil { - return err - } + rootIDs := d.idMappings.RootPair() if err := idtools.MkdirAllAndChown(filepath.Dir(dir), 0700, rootIDs); err != nil { return err } diff --git a/components/engine/daemon/info.go b/components/engine/daemon/info.go index 3cadea791e..3c28cdf7f1 100644 --- a/components/engine/daemon/info.go +++ b/components/engine/daemon/info.go @@ -72,7 +72,7 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) { if selinuxEnabled() { securityOptions = append(securityOptions, "name=selinux") } - rootIDs, _ := daemon.idMappings.RootPair() + rootIDs := daemon.idMappings.RootPair() if rootIDs.UID != 0 || rootIDs.GID != 0 { securityOptions = append(securityOptions, "name=userns") } diff --git a/components/engine/daemon/oci_linux.go b/components/engine/daemon/oci_linux.go index 850fb76ecf..6d74301a05 100644 --- a/components/engine/daemon/oci_linux.go +++ b/components/engine/daemon/oci_linux.go @@ -611,8 +611,7 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container) Path: c.BaseFS, Readonly: c.HostConfig.ReadonlyRootfs, } - rootIDs, _ := daemon.idMappings.RootPair() - if err := c.SetupWorkingDirectory(rootIDs); err != nil { + if err := c.SetupWorkingDirectory(daemon.idMappings.RootPair()); err != nil { return err } cwd := c.Config.WorkingDir diff --git a/components/engine/daemon/oci_solaris.go b/components/engine/daemon/oci_solaris.go index b4d39e476d..610efe10a1 100644 --- a/components/engine/daemon/oci_solaris.go +++ b/components/engine/daemon/oci_solaris.go @@ -130,8 +130,7 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container) Path: filepath.Dir(c.BaseFS), Readonly: c.HostConfig.ReadonlyRootfs, } - rootIDs, _ := daemon.idMappings.RootPair() - if err := c.SetupWorkingDirectory(rootIDs); err != nil { + if err := c.SetupWorkingDirectory(daemon.idMappings.RootPair()); err != nil { return err } cwd := c.Config.WorkingDir diff --git a/components/engine/daemon/volumes_unix.go b/components/engine/daemon/volumes_unix.go index 8736b7dffc..d91100f1c9 100644 --- a/components/engine/daemon/volumes_unix.go +++ b/components/engine/daemon/volumes_unix.go @@ -54,8 +54,7 @@ func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, er return nil } - rootIDs, _ := daemon.idMappings.RootPair() - path, err := m.Setup(c.MountLabel, rootIDs, checkfunc) + path, err := m.Setup(c.MountLabel, daemon.idMappings.RootPair(), checkfunc) if err != nil { return nil, err } @@ -85,7 +84,7 @@ func (daemon *Daemon) setupMounts(c *container.Container) ([]container.Mount, er // if we are going to mount any of the network files from container // metadata, the ownership must be set properly for potential container // remapped root (user namespaces) - rootIDs, _ := daemon.idMappings.RootPair() + rootIDs := daemon.idMappings.RootPair() for _, mount := range netMounts { if err := os.Chown(mount.Source, rootIDs.UID, rootIDs.GID); err != nil { return nil, err diff --git a/components/engine/daemon/workdir.go b/components/engine/daemon/workdir.go index 90e4d709a2..6360f24138 100644 --- a/components/engine/daemon/workdir.go +++ b/components/engine/daemon/workdir.go @@ -16,6 +16,5 @@ func (daemon *Daemon) ContainerCreateWorkdir(cID string) error { return err } defer daemon.Unmount(container) - rootIDs, _ := daemon.idMappings.RootPair() - return container.SetupWorkingDirectory(rootIDs) + return container.SetupWorkingDirectory(daemon.idMappings.RootPair()) } diff --git a/components/engine/pkg/archive/archive.go b/components/engine/pkg/archive/archive.go index fe09cdec4a..5fb774d602 100644 --- a/components/engine/pkg/archive/archive.go +++ b/components/engine/pkg/archive/archive.go @@ -803,10 +803,7 @@ func Unpack(decompressedArchive io.Reader, dest string, options *TarOptions) err var dirs []*tar.Header idMappings := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps) - rootIDs, err := idMappings.RootPair() - if err != nil { - return err - } + rootIDs := idMappings.RootPair() whiteoutConverter := getWhiteoutConverter(options.WhiteoutFormat) // Iterate through the files in the archive. @@ -1008,10 +1005,7 @@ func (archiver *Archiver) CopyWithTar(src, dst string) error { // if this archiver is set up with ID mapping we need to create // the new destination directory with the remapped root UID/GID pair // as owner - rootIDs, err := archiver.IDMappings.RootPair() - if err != nil { - return err - } + rootIDs := archiver.IDMappings.RootPair() // Create dst, copy src's content into it logrus.Debugf("Creating dest directory: %s", dst) if err := idtools.MkdirAllAndChownNew(dst, 0755, rootIDs); err != nil { diff --git a/components/engine/pkg/chrootarchive/archive.go b/components/engine/pkg/chrootarchive/archive.go index 61522c75fc..7604418767 100644 --- a/components/engine/pkg/chrootarchive/archive.go +++ b/components/engine/pkg/chrootarchive/archive.go @@ -47,10 +47,7 @@ func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions } idMappings := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps) - rootIDs, err := idMappings.RootPair() - if err != nil { - return err - } + rootIDs := idMappings.RootPair() dest = filepath.Clean(dest) if _, err := os.Stat(dest); os.IsNotExist(err) { diff --git a/components/engine/pkg/idtools/idtools.go b/components/engine/pkg/idtools/idtools.go index 36cd688c7d..68a072db22 100644 --- a/components/engine/pkg/idtools/idtools.go +++ b/components/engine/pkg/idtools/idtools.go @@ -158,19 +158,19 @@ func NewIDMappingsFromMaps(uids []IDMap, gids []IDMap) *IDMappings { return &IDMappings{uids: uids, gids: gids} } -// RootPair returns a uid and gid pair for the root user -func (i *IDMappings) RootPair() (IDPair, error) { - uid, gid, err := GetRootUIDGID(i.uids, i.gids) - return IDPair{UID: uid, GID: gid}, err +// RootPair returns a uid and gid pair for the root user. The error is ignored +// because a root user always exists, and the defaults are correct when the uid +// and gid maps are empty. +func (i *IDMappings) RootPair() IDPair { + uid, gid, _ := GetRootUIDGID(i.uids, i.gids) + return IDPair{UID: uid, GID: gid} } // ToHost returns the host UID and GID for the container uid, gid. // Remapping is only performed if the ids aren't already the remapped root ids func (i *IDMappings) ToHost(pair IDPair) (IDPair, error) { - target, err := i.RootPair() - if err != nil { - return IDPair{}, err - } + var err error + target := i.RootPair() if pair.UID != target.UID { target.UID, err = toHost(pair.UID, i.uids) From 7911166df9fb70e67ff4ff80731da5027eb2734c Mon Sep 17 00:00:00 2001 From: Madhu Venugopal Date: Wed, 7 Jun 2017 11:14:14 -0700 Subject: [PATCH 056/191] Service alias should not be copied to task alias If a service alias is copied to task, then the DNS resolution on the service name will resolve to service VIP and all of Task-IPs and that will break the concept of vip based load-balancing resulting in all the dns-rr caching issues. This is a regression introduced in #33130 Signed-off-by: Madhu Venugopal Upstream-commit: 38c15531501578b96d34be5ce7f33a0be6be078f Component: engine --- .../cluster/executor/container/container.go | 1 - .../docker_cli_service_create_test.go | 35 +++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/components/engine/daemon/cluster/executor/container/container.go b/components/engine/daemon/cluster/executor/container/container.go index 31a9c91e05..501da3286c 100644 --- a/components/engine/daemon/cluster/executor/container/container.go +++ b/components/engine/daemon/cluster/executor/container/container.go @@ -495,7 +495,6 @@ func getEndpointConfig(na *api.NetworkAttachment, b executorpkg.Backend) *networ IPv4Address: ipv4, IPv6Address: ipv6, }, - Aliases: na.Aliases, DriverOpts: na.DriverAttachmentOpts, } if v, ok := na.Network.Spec.Annotations.Labels["com.docker.swarm.predefined"]; ok && v == "true" { diff --git a/components/engine/integration-cli/docker_cli_service_create_test.go b/components/engine/integration-cli/docker_cli_service_create_test.go index 85a8cba576..6fc92c237d 100644 --- a/components/engine/integration-cli/docker_cli_service_create_test.go +++ b/components/engine/integration-cli/docker_cli_service_create_test.go @@ -410,3 +410,38 @@ func (s *DockerSwarmSuite) TestServiceCreateMountTmpfs(c *check.C) { c.Assert(strings.TrimSpace(out), checker.HasPrefix, "tmpfs on /foo type tmpfs") c.Assert(strings.TrimSpace(out), checker.Contains, "size=1024k") } + +func (s *DockerSwarmSuite) TestServiceCreateWithNetworkAlias(c *check.C) { + d := s.AddDaemon(c, true, true) + out, err := d.Cmd("network", "create", "--scope=swarm", "test_swarm_br") + c.Assert(err, checker.IsNil, check.Commentf(out)) + + out, err = d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--network=name=test_swarm_br,alias=srv_alias", "--name=alias_tst_container", "busybox", "top") + c.Assert(err, checker.IsNil, check.Commentf(out)) + id := strings.TrimSpace(out) + + var tasks []swarm.Task + waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { + tasks = d.GetServiceTasks(c, id) + return len(tasks) > 0, nil + }, checker.Equals, true) + + task := tasks[0] + waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { + if task.NodeID == "" || task.Status.ContainerStatus.ContainerID == "" { + task = d.GetTask(c, task.ID) + } + return task.NodeID != "" && task.Status.ContainerStatus.ContainerID != "", nil + }, checker.Equals, true) + + // check container alias config + out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .NetworkSettings.Networks.test_swarm_br.Aliases}}", task.Status.ContainerStatus.ContainerID) + c.Assert(err, checker.IsNil, check.Commentf(out)) + + // Make sure the only alias seen is the container-id + var aliases []string + c.Assert(json.Unmarshal([]byte(out), &aliases), checker.IsNil) + c.Assert(aliases, checker.HasLen, 1) + + c.Assert(task.Status.ContainerStatus.ContainerID, checker.Contains, aliases[0]) +} From f3ef17e47ddd86d84e07bd182a7fef9b0af88ded Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Wed, 7 Jun 2017 11:29:33 -0700 Subject: [PATCH 057/191] Revert ONCLR and OPOST changes This reverts to a version of runc without the ONCLR cleared to not cause a regression with different clients using --tty. This also reverts the OPOST changes to the term package to support the initial change. Signed-off-by: Michael Crosby Upstream-commit: a5e83836a49547b2add871bb52cbd8bfedb57114 Component: engine --- components/engine/hack/dockerfile/binaries-commits | 2 +- components/engine/hack/dockerfile/install-binaries.sh | 2 +- .../engine/integration-cli/docker_cli_service_logs_test.go | 2 +- components/engine/pkg/term/termios_bsd.go | 2 +- components/engine/pkg/term/termios_linux.go | 2 +- components/engine/vendor.conf | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/components/engine/hack/dockerfile/binaries-commits b/components/engine/hack/dockerfile/binaries-commits index cec6ebbd35..9991736fe3 100644 --- a/components/engine/hack/dockerfile/binaries-commits +++ b/components/engine/hack/dockerfile/binaries-commits @@ -3,7 +3,7 @@ TOMLV_COMMIT=9baf8a8a9f2ed20a8e54160840c492f937eeaf9a # When updating RUNC_COMMIT, also update runc in vendor.conf accordingly -RUNC_COMMIT=992a5be178a62e026f4069f443c6164912adbf09 +RUNC_COMMIT=2d41c047c83e09a6d61d464906feb2a2f3c52aa4 CONTAINERD_COMMIT=3addd840653146c90a254301d6c3a663c7fd6429 TINI_COMMIT=949e6facb77383876aeff8a6944dde66b3089574 LIBNETWORK_COMMIT=7b2b1feb1de4817d522cc372af149ff48d25028e diff --git a/components/engine/hack/dockerfile/install-binaries.sh b/components/engine/hack/dockerfile/install-binaries.sh index fd8f97f4f9..2bfe06d829 100755 --- a/components/engine/hack/dockerfile/install-binaries.sh +++ b/components/engine/hack/dockerfile/install-binaries.sh @@ -20,7 +20,7 @@ RUNC_BUILDTAGS="${RUNC_BUILDTAGS:-"seccomp apparmor selinux"}" install_runc() { echo "Install runc version $RUNC_COMMIT" - git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" + git clone https://github.com/docker/runc.git "$GOPATH/src/github.com/opencontainers/runc" cd "$GOPATH/src/github.com/opencontainers/runc" git checkout -q "$RUNC_COMMIT" make BUILDTAGS="$RUNC_BUILDTAGS" $1 diff --git a/components/engine/integration-cli/docker_cli_service_logs_test.go b/components/engine/integration-cli/docker_cli_service_logs_test.go index c9af7fc6f7..d38cdefea8 100644 --- a/components/engine/integration-cli/docker_cli_service_logs_test.go +++ b/components/engine/integration-cli/docker_cli_service_logs_test.go @@ -287,7 +287,7 @@ func (s *DockerSwarmSuite) TestServiceLogsTTY(c *check.C) { result = icmd.RunCmd(cmd) // for some reason there is carriage return in the output. i think this is // just expected. - c.Assert(result, icmd.Matches, icmd.Expected{Out: "out\nerr\n"}) + c.Assert(result, icmd.Matches, icmd.Expected{Out: "out\r\nerr\r\n"}) } func (s *DockerSwarmSuite) TestServiceLogsNoHangDeletedContainer(c *check.C) { diff --git a/components/engine/pkg/term/termios_bsd.go b/components/engine/pkg/term/termios_bsd.go index 9fdc720f25..c47341e873 100644 --- a/components/engine/pkg/term/termios_bsd.go +++ b/components/engine/pkg/term/termios_bsd.go @@ -27,7 +27,7 @@ func MakeRaw(fd uintptr) (*State, error) { newState := oldState.termios newState.Iflag &^= (unix.IGNBRK | unix.BRKINT | unix.PARMRK | unix.ISTRIP | unix.INLCR | unix.IGNCR | unix.ICRNL | unix.IXON) - newState.Oflag |= unix.OPOST + newState.Oflag &^= unix.OPOST newState.Lflag &^= (unix.ECHO | unix.ECHONL | unix.ICANON | unix.ISIG | unix.IEXTEN) newState.Cflag &^= (unix.CSIZE | unix.PARENB) newState.Cflag |= unix.CS8 diff --git a/components/engine/pkg/term/termios_linux.go b/components/engine/pkg/term/termios_linux.go index b1d9c8d1b5..31bfa8419e 100644 --- a/components/engine/pkg/term/termios_linux.go +++ b/components/engine/pkg/term/termios_linux.go @@ -26,7 +26,7 @@ func MakeRaw(fd uintptr) (*State, error) { newState := oldState.termios newState.Iflag &^= (unix.IGNBRK | unix.BRKINT | unix.PARMRK | unix.ISTRIP | unix.INLCR | unix.IGNCR | unix.ICRNL | unix.IXON) - newState.Oflag |= unix.OPOST + newState.Oflag &^= unix.OPOST newState.Lflag &^= (unix.ECHO | unix.ECHONL | unix.ICANON | unix.ISIG | unix.IEXTEN) newState.Cflag &^= (unix.CSIZE | unix.PARENB) newState.Cflag |= unix.CS8 diff --git a/components/engine/vendor.conf b/components/engine/vendor.conf index 3d9f47c944..77d6bc0616 100644 --- a/components/engine/vendor.conf +++ b/components/engine/vendor.conf @@ -61,7 +61,7 @@ google.golang.org/grpc v1.0.4 github.com/miekg/pkcs11 df8ae6ca730422dba20c768ff38ef7d79077a59f # When updating, also update RUNC_COMMIT in hack/dockerfile/binaries-commits accordingly -github.com/opencontainers/runc 992a5be178a62e026f4069f443c6164912adbf09 +github.com/opencontainers/runc 2d41c047c83e09a6d61d464906feb2a2f3c52aa4 https://github.com/docker/runc github.com/opencontainers/image-spec f03dbe35d449c54915d235f1a3cf8f585a24babe github.com/opencontainers/runtime-spec d42f1eb741e6361e858d83fc75aa6893b66292c4 # specs From 523841f2f9c92e0730f3a087c175c3cc1bf46952 Mon Sep 17 00:00:00 2001 From: yangshukui Date: Thu, 8 Jun 2017 15:46:50 +0800 Subject: [PATCH 058/191] Add a error check in postHijacked to avoid docker exec command blocking. When user execute docker exec command, docker daemon maybe have err return because of ExecExists check, and then the hijack stream will not be close, it can lead to docker exec command block. Signed-off-by: yangshukui Upstream-commit: 26231b29e7881d25822bffd740d5f73fc2687460 Component: engine --- components/engine/client/hijack.go | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/components/engine/client/hijack.go b/components/engine/client/hijack.go index 74c53f52b3..2b61a80950 100644 --- a/components/engine/client/hijack.go +++ b/components/engine/client/hijack.go @@ -1,9 +1,11 @@ package client import ( + "bytes" "crypto/tls" "errors" "fmt" + "io/ioutil" "net" "net/http" "net/http/httputil" @@ -72,11 +74,23 @@ func (cli *Client) postHijacked(ctx context.Context, path string, query url.Valu defer clientconn.Close() // Server hijacks the connection, error 'connection closed' expected - _, err = clientconn.Do(req) + resp, err := clientconn.Do(req) + if err != nil { + return types.HijackedResponse{}, err + } - rwc, br := clientconn.Hijack() + defer resp.Body.Close() + switch resp.StatusCode { + case http.StatusOK, http.StatusSwitchingProtocols: + rwc, br := clientconn.Hijack() + return types.HijackedResponse{Conn: rwc, Reader: br}, err + } - return types.HijackedResponse{Conn: rwc, Reader: br}, err + errbody, err := ioutil.ReadAll(resp.Body) + if err != nil { + return types.HijackedResponse{}, err + } + return types.HijackedResponse{}, fmt.Errorf("Error response from daemon: %s", bytes.TrimSpace(errbody)) } func tlsDial(network, addr string, config *tls.Config) (net.Conn, error) { From fef5c78683157be9b9a6548fd85f376682275e56 Mon Sep 17 00:00:00 2001 From: Naveed Jamil Date: Mon, 5 Jun 2017 16:57:01 +0500 Subject: [PATCH 059/191] Add test coverage to pkg/term/proxy.go Signed-off-by: Naveed Jamil Upstream-commit: a267248b5af9e58f878b0e2ba604c7256d637be2 Component: engine --- components/engine/hack/make/test-unit | 1 + components/engine/pkg/term/proxy_test.go | 92 ++++++++++++++ components/engine/pkg/term/term_linux_test.go | 120 ++++++++++++++++++ 3 files changed, 213 insertions(+) create mode 100644 components/engine/pkg/term/proxy_test.go create mode 100644 components/engine/pkg/term/term_linux_test.go diff --git a/components/engine/hack/make/test-unit b/components/engine/hack/make/test-unit index 1c2ba3ff3b..d3f182c094 100644 --- a/components/engine/hack/make/test-unit +++ b/components/engine/hack/make/test-unit @@ -50,6 +50,7 @@ bundle_test_unit() { fi go test -cover -ldflags "$LDFLAGS" "${BUILDFLAGS[@]}" $TESTFLAGS $pkg_list + go test -cover -ldflags "$LDFLAGS" "${BUILDFLAGS[@]}" $TESTFLAGS github.com/docker/docker/pkg/term -test.root } bundle_test_unit 2>&1 | tee -a "$DEST/test.log" diff --git a/components/engine/pkg/term/proxy_test.go b/components/engine/pkg/term/proxy_test.go new file mode 100644 index 0000000000..baba193d16 --- /dev/null +++ b/components/engine/pkg/term/proxy_test.go @@ -0,0 +1,92 @@ +package term + +import ( + "bytes" + "fmt" + "reflect" + "testing" + + "github.com/stretchr/testify/require" +) + +func TestEscapeProxyRead(t *testing.T) { + escapeKeys, _ := ToBytes("DEL") + keys, _ := ToBytes("a,b,c,+") + reader := NewEscapeProxy(bytes.NewReader(keys), escapeKeys) + buf := make([]byte, len(keys)) + nr, err := reader.Read(buf) + require.NoError(t, err) + require.EqualValues(t, nr, len(keys), fmt.Sprintf("nr %d should be equal to the number of %d", nr, len(keys))) + require.Equal(t, keys, buf, "keys & the read buffer should be equal") + + keys, _ = ToBytes("") + reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys) + buf = make([]byte, len(keys)) + nr, err = reader.Read(buf) + require.Error(t, err, "Should throw error when no keys are to read") + require.EqualValues(t, nr, 0, "nr should be zero") + require.Condition(t, func() (success bool) { return len(keys) == 0 && len(buf) == 0 }, "keys & the read buffer size should be zero") + + escapeKeys, _ = ToBytes("ctrl-x,ctrl-@") + keys, _ = ToBytes("DEL") + reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys) + buf = make([]byte, len(keys)) + nr, err = reader.Read(buf) + require.NoError(t, err) + require.EqualValues(t, nr, 1, fmt.Sprintf("nr %d should be equal to the number of 1", nr)) + require.Equal(t, keys, buf, "keys & the read buffer should be equal") + + escapeKeys, _ = ToBytes("ctrl-c") + keys, _ = ToBytes("ctrl-c") + reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys) + buf = make([]byte, len(keys)) + nr, err = reader.Read(buf) + require.Condition(t, func() (success bool) { + return reflect.TypeOf(err).Name() == "EscapeError" + }, err) + require.EqualValues(t, nr, 0, "nr should be equal to 0") + require.Equal(t, keys, buf, "keys & the read buffer should be equal") + + escapeKeys, _ = ToBytes("ctrl-c,ctrl-z") + keys, _ = ToBytes("ctrl-c,ctrl-z") + reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys) + buf = make([]byte, 1) + nr, err = reader.Read(buf) + require.NoError(t, err) + require.EqualValues(t, nr, 0, "nr should be equal to 0") + require.Equal(t, keys[0:1], buf, "keys & the read buffer should be equal") + nr, err = reader.Read(buf) + require.Condition(t, func() (success bool) { + return reflect.TypeOf(err).Name() == "EscapeError" + }, err) + require.EqualValues(t, nr, 0, "nr should be equal to 0") + require.Equal(t, keys[1:], buf, "keys & the read buffer should be equal") + + escapeKeys, _ = ToBytes("ctrl-c,ctrl-z") + keys, _ = ToBytes("ctrl-c,DEL,+") + reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys) + buf = make([]byte, 1) + nr, err = reader.Read(buf) + require.NoError(t, err) + require.EqualValues(t, nr, 0, "nr should be equal to 0") + require.Equal(t, keys[0:1], buf, "keys & the read buffer should be equal") + buf = make([]byte, len(keys)) + nr, err = reader.Read(buf) + require.NoError(t, err) + require.EqualValues(t, nr, len(keys), fmt.Sprintf("nr should be equal to %d", len(keys))) + require.Equal(t, keys, buf, "keys & the read buffer should be equal") + + escapeKeys, _ = ToBytes("ctrl-c,ctrl-z") + keys, _ = ToBytes("ctrl-c,DEL") + reader = NewEscapeProxy(bytes.NewReader(keys), escapeKeys) + buf = make([]byte, 1) + nr, err = reader.Read(buf) + require.NoError(t, err) + require.EqualValues(t, nr, 0, "nr should be equal to 0") + require.Equal(t, keys[0:1], buf, "keys & the read buffer should be equal") + buf = make([]byte, len(keys)) + nr, err = reader.Read(buf) + require.NoError(t, err) + require.EqualValues(t, nr, len(keys), fmt.Sprintf("nr should be equal to %d", len(keys))) + require.Equal(t, keys, buf, "keys & the read buffer should be equal") +} diff --git a/components/engine/pkg/term/term_linux_test.go b/components/engine/pkg/term/term_linux_test.go new file mode 100644 index 0000000000..a1628c4c6d --- /dev/null +++ b/components/engine/pkg/term/term_linux_test.go @@ -0,0 +1,120 @@ +//+build linux + +package term + +import ( + "flag" + "io/ioutil" + "os" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +var rootEnabled bool + +func init() { + flag.BoolVar(&rootEnabled, "test.root", false, "enable tests that require root") +} + +// RequiresRoot skips tests that require root, unless the test.root flag has +// been set +func RequiresRoot(t *testing.T) { + if !rootEnabled { + t.Skip("skipping test that requires root") + return + } + assert.Equal(t, 0, os.Getuid(), "This test must be run as root.") +} + +func newTtyForTest(t *testing.T) (*os.File, error) { + RequiresRoot(t) + return os.OpenFile("/dev/tty", os.O_RDWR, os.ModeDevice) +} + +func newTempFile() (*os.File, error) { + return ioutil.TempFile(os.TempDir(), "temp") +} + +func TestGetWinsize(t *testing.T) { + tty, err := newTtyForTest(t) + defer tty.Close() + require.NoError(t, err) + winSize, err := GetWinsize(tty.Fd()) + require.NoError(t, err) + require.NotNil(t, winSize) + require.NotNil(t, winSize.Height) + require.NotNil(t, winSize.Width) + newSize := Winsize{Width: 200, Height: 200, x: winSize.x, y: winSize.y} + err = SetWinsize(tty.Fd(), &newSize) + require.NoError(t, err) + winSize, err = GetWinsize(tty.Fd()) + require.NoError(t, err) + require.Equal(t, *winSize, newSize) +} + +func TestSetWinsize(t *testing.T) { + tty, err := newTtyForTest(t) + defer tty.Close() + require.NoError(t, err) + winSize, err := GetWinsize(tty.Fd()) + require.NoError(t, err) + require.NotNil(t, winSize) + newSize := Winsize{Width: 200, Height: 200, x: winSize.x, y: winSize.y} + err = SetWinsize(tty.Fd(), &newSize) + require.NoError(t, err) + winSize, err = GetWinsize(tty.Fd()) + require.NoError(t, err) + require.Equal(t, *winSize, newSize) +} + +func TestGetFdInfo(t *testing.T) { + tty, err := newTtyForTest(t) + defer tty.Close() + require.NoError(t, err) + inFd, isTerminal := GetFdInfo(tty) + require.Equal(t, inFd, tty.Fd()) + require.Equal(t, isTerminal, true) + tmpFile, err := newTempFile() + defer tmpFile.Close() + inFd, isTerminal = GetFdInfo(tmpFile) + require.Equal(t, inFd, tmpFile.Fd()) + require.Equal(t, isTerminal, false) +} + +func TestIsTerminal(t *testing.T) { + tty, err := newTtyForTest(t) + defer tty.Close() + require.NoError(t, err) + isTerminal := IsTerminal(tty.Fd()) + require.Equal(t, isTerminal, true) + tmpFile, err := newTempFile() + defer tmpFile.Close() + isTerminal = IsTerminal(tmpFile.Fd()) + require.Equal(t, isTerminal, false) +} + +func TestSaveState(t *testing.T) { + tty, err := newTtyForTest(t) + defer tty.Close() + require.NoError(t, err) + state, err := SaveState(tty.Fd()) + require.NoError(t, err) + require.NotNil(t, state) + tty, err = newTtyForTest(t) + defer tty.Close() + err = RestoreTerminal(tty.Fd(), state) + require.NoError(t, err) +} + +func TestDisableEcho(t *testing.T) { + tty, err := newTtyForTest(t) + defer tty.Close() + require.NoError(t, err) + state, err := SetRawTerminal(tty.Fd()) + require.NoError(t, err) + require.NotNil(t, state) + err = DisableEcho(tty.Fd(), state) + require.NoError(t, err) +} From a53424fe865204825baffcf9f49c865a665e8bcc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Peter=20B=C3=BCcker?= Date: Thu, 8 Jun 2017 10:05:52 +0200 Subject: [PATCH 060/191] Logging driver should receive same file in start/stop request MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Bücker Upstream-commit: e908e1a357b435d7fab497d51cdd3e58458a0590 Component: engine --- components/engine/daemon/logger/adapter.go | 4 +++- components/engine/daemon/logger/plugin.go | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/components/engine/daemon/logger/adapter.go b/components/engine/daemon/logger/adapter.go index e6d7598b44..a187b30fdd 100644 --- a/components/engine/daemon/logger/adapter.go +++ b/components/engine/daemon/logger/adapter.go @@ -3,6 +3,7 @@ package logger import ( "io" "os" + "strings" "sync" "time" @@ -18,6 +19,7 @@ type pluginAdapter struct { driverName string id string plugin logPlugin + basePath string fifoPath string capabilities Capability logInfo Info @@ -56,7 +58,7 @@ func (a *pluginAdapter) Close() error { a.mu.Lock() defer a.mu.Unlock() - if err := a.plugin.StopLogging(a.fifoPath); err != nil { + if err := a.plugin.StopLogging(strings.TrimPrefix(a.fifoPath, a.basePath)); err != nil { return err } diff --git a/components/engine/daemon/logger/plugin.go b/components/engine/daemon/logger/plugin.go index de618c5aea..bdccea5b21 100644 --- a/components/engine/daemon/logger/plugin.go +++ b/components/engine/daemon/logger/plugin.go @@ -59,6 +59,7 @@ func makePluginCreator(name string, l *logPluginProxy, basePath string) Creator driverName: name, id: id, plugin: l, + basePath: basePath, fifoPath: filepath.Join(root, id), logInfo: logCtx, } From 228595a0e9dacb4ade32ff209170c1360168d3cd Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Thu, 8 Jun 2017 19:21:52 +0800 Subject: [PATCH 061/191] fix aufs mount option length calculation We add ",dirperm1" but only increase length by len("dirperm1"). Signed-off-by: Peng Tao Upstream-commit: 1a6bf8248a32c160347e4daf3dd4f15023357889 Component: engine --- components/engine/daemon/graphdriver/aufs/aufs.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/daemon/graphdriver/aufs/aufs.go b/components/engine/daemon/graphdriver/aufs/aufs.go index 85cd5d1d26..b245143e1e 100644 --- a/components/engine/daemon/graphdriver/aufs/aufs.go +++ b/components/engine/daemon/graphdriver/aufs/aufs.go @@ -573,7 +573,7 @@ func (a *Driver) aufsMount(ro []string, rw, target, mountLabel string) (err erro offset := 54 if useDirperm() { - offset += len("dirperm1") + offset += len(",dirperm1") } b := make([]byte, syscall.Getpagesize()-len(mountLabel)-offset) // room for xino & mountLabel bp := copy(b, fmt.Sprintf("br:%s=rw", rw)) From 6eb59ca44c6dff968027373e76920bc976cf1b8c Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Thu, 8 Jun 2017 14:34:23 +0100 Subject: [PATCH 062/191] Update grpc to v1.3.0 and bump protobuf bindings. and update some dependent packages. We would like to keep moby/moby and swarmkit somewhat in sync here and https://github.com/docker/swarmkit/pull/2229 proposes a similar bump to swarmkit, needed due to https://github.com/docker/swarmkit/pull/1965 which pulls in containerd which uses some newer features of the grpc package. Signed-off-by: Ian Campbell Upstream-commit: 379557a95873aad26b7eb20a7a48f8e1e7551041 Component: engine --- components/engine/vendor.conf | 8 +- .../github.com/golang/protobuf/README.md | 2 +- .../protoc-gen-go/descriptor/descriptor.pb.go | 383 +++++---- .../golang/protobuf/ptypes/any/any.pb.go | 31 +- .../golang/protobuf/ptypes/any/any.proto | 1 - .../protobuf/ptypes/duration/duration.pb.go | 44 +- .../protobuf/ptypes/duration/duration.proto | 23 +- .../golang/protobuf/ptypes/empty/empty.pb.go | 17 +- .../golang/protobuf/ptypes/empty/empty.proto | 1 - .../protobuf/ptypes/struct/struct.pb.go | 54 +- .../protobuf/ptypes/struct/struct.proto | 2 +- .../protobuf/ptypes/timestamp/timestamp.pb.go | 65 +- .../protobuf/ptypes/timestamp/timestamp.proto | 34 +- .../golang.org/x/net/context/context.go | 30 +- .../vendor/golang.org/x/net/context/go17.go | 4 +- .../golang.org/x/net/context/pre_go17.go | 18 +- .../vendor/golang.org/x/net/http2/ciphers.go | 641 +++++++++++++++ .../x/net/http2/client_conn_pool.go | 2 +- .../golang.org/x/net/http2/databuffer.go | 146 ++++ .../golang.org/x/net/http2/fixed_buffer.go | 60 -- .../vendor/golang.org/x/net/http2/frame.go | 81 +- .../vendor/golang.org/x/net/http2/go16.go | 27 - .../vendor/golang.org/x/net/http2/go18.go | 6 +- .../vendor/golang.org/x/net/http2/go19.go | 16 + .../golang.org/x/net/http2/hpack/encode.go | 29 +- .../golang.org/x/net/http2/hpack/hpack.go | 104 +-- .../golang.org/x/net/http2/hpack/tables.go | 255 ++++-- .../vendor/golang.org/x/net/http2/not_go16.go | 25 - .../vendor/golang.org/x/net/http2/not_go19.go | 16 + .../vendor/golang.org/x/net/http2/pipe.go | 16 +- .../vendor/golang.org/x/net/http2/server.go | 421 ++++++---- .../golang.org/x/net/http2/transport.go | 16 +- .../x/net/http2/writesched_priority.go | 2 +- .../vendor/golang.org/x/net/idna/idna.go | 390 ++++++--- .../vendor/golang.org/x/net/idna/punycode.go | 2 +- .../vendor/golang.org/x/net/idna/tables.go | 4 +- .../vendor/golang.org/x/net/idna/trie.go | 5 +- .../vendor/golang.org/x/net/idna/trieval.go | 4 +- .../x/net/internal/timeseries/timeseries.go | 2 +- .../vendor/golang.org/x/net/proxy/socks5.go | 59 +- .../vendor/golang.org/x/net/trace/trace.go | 13 - .../golang.org/x/net/trace/trace_go16.go | 21 + .../golang.org/x/net/trace/trace_go17.go | 21 + .../api/distribution/distribution.pb.go | 507 ++++++++++++ .../googleapis/api/metric/metric.pb.go | 359 +++++++++ .../googleapis/logging/v2/log_entry.pb.go | 117 +-- .../googleapis/logging/v2/logging.pb.go | 210 +++-- .../logging/v2/logging_config.pb.go | 160 ++-- .../logging/v2/logging_metrics.pb.go | 87 +- .../vendor/google.golang.org/grpc/README.md | 13 +- .../vendor/google.golang.org/grpc/call.go | 144 +++- .../google.golang.org/grpc/clientconn.go | 260 ++++-- .../vendor/google.golang.org/grpc/codec.go | 118 +++ .../grpc/credentials/credentials.go | 8 +- .../grpc/credentials/credentials_util_go17.go | 3 +- .../grpc/credentials/credentials_util_go18.go | 53 ++ .../credentials/credentials_util_pre_go17.go | 2 - .../vendor/google.golang.org/grpc/go16.go | 56 ++ .../grpc/{transport/pre_go16.go => go17.go} | 20 +- .../vendor/google.golang.org/grpc/grpclb.go | 749 ++++++++++++++++++ .../grpc/grpclb/grpc_lb_v1/grpclb.pb.go | 629 +++++++++++++++ .../grpc/grpclb/grpc_lb_v1/grpclb.proto | 179 +++++ .../google.golang.org/grpc/interceptor.go | 2 +- .../grpc/keepalive/keepalive.go | 80 ++ .../grpc/metadata/metadata.go | 85 +- .../vendor/google.golang.org/grpc/proxy.go | 145 ++++ .../vendor/google.golang.org/grpc/rpc_util.go | 206 +++-- .../vendor/google.golang.org/grpc/server.go | 348 +++++--- .../google.golang.org/grpc/stats/handlers.go | 76 ++ .../google.golang.org/grpc/stats/stats.go | 223 ++++++ .../google.golang.org/grpc/status/status.go | 145 ++++ .../vendor/google.golang.org/grpc/stream.go | 207 +++-- .../vendor/google.golang.org/grpc/tap/tap.go | 54 ++ .../grpc/transport/control.go | 52 +- .../grpc/transport/handler_server.go | 29 +- .../grpc/transport/http2_client.go | 382 ++++++--- .../grpc/transport/http2_server.go | 371 ++++++++- .../grpc/transport/http_util.go | 112 ++- .../grpc/transport/transport.go | 121 ++- 79 files changed, 7650 insertions(+), 1763 deletions(-) create mode 100644 components/engine/vendor/golang.org/x/net/http2/ciphers.go create mode 100644 components/engine/vendor/golang.org/x/net/http2/databuffer.go delete mode 100644 components/engine/vendor/golang.org/x/net/http2/fixed_buffer.go create mode 100644 components/engine/vendor/golang.org/x/net/http2/go19.go create mode 100644 components/engine/vendor/golang.org/x/net/http2/not_go19.go create mode 100644 components/engine/vendor/golang.org/x/net/trace/trace_go16.go create mode 100644 components/engine/vendor/golang.org/x/net/trace/trace_go17.go create mode 100644 components/engine/vendor/google.golang.org/genproto/googleapis/api/distribution/distribution.pb.go create mode 100644 components/engine/vendor/google.golang.org/genproto/googleapis/api/metric/metric.pb.go create mode 100644 components/engine/vendor/google.golang.org/grpc/codec.go create mode 100644 components/engine/vendor/google.golang.org/grpc/credentials/credentials_util_go18.go create mode 100644 components/engine/vendor/google.golang.org/grpc/go16.go rename components/engine/vendor/google.golang.org/grpc/{transport/pre_go16.go => go17.go} (86%) create mode 100644 components/engine/vendor/google.golang.org/grpc/grpclb.go create mode 100644 components/engine/vendor/google.golang.org/grpc/grpclb/grpc_lb_v1/grpclb.pb.go create mode 100644 components/engine/vendor/google.golang.org/grpc/grpclb/grpc_lb_v1/grpclb.proto create mode 100644 components/engine/vendor/google.golang.org/grpc/keepalive/keepalive.go create mode 100644 components/engine/vendor/google.golang.org/grpc/proxy.go create mode 100644 components/engine/vendor/google.golang.org/grpc/stats/handlers.go create mode 100644 components/engine/vendor/google.golang.org/grpc/stats/stats.go create mode 100644 components/engine/vendor/google.golang.org/grpc/status/status.go create mode 100644 components/engine/vendor/google.golang.org/grpc/tap/tap.go diff --git a/components/engine/vendor.conf b/components/engine/vendor.conf index a9f8671560..33aa27688b 100644 --- a/components/engine/vendor.conf +++ b/components/engine/vendor.conf @@ -13,7 +13,7 @@ github.com/mattn/go-shellwords v1.0.3 github.com/tchap/go-patricia v2.2.6 github.com/vdemeester/shakers 24d7f1d6a71aa5d9cbe7390e4afb66b7eef9e1b3 # forked golang.org/x/net package includes a patch for lazy loading trace templates -golang.org/x/net c427ad74c6d7a814201695e9ffde0c5d400a7674 +golang.org/x/net 7dcfb8076726a3fdd9353b6b8a1f1b6be6811bd6 golang.org/x/sys 8f0908ab3b2457e2e15403d3697c9ef5cb4b57a9 github.com/docker/go-units 9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1 github.com/docker/go-connections e15c02316c12de00874640cd76311849de2aeed5 @@ -57,7 +57,7 @@ github.com/opencontainers/go-digest a6d0ee40d4207ea02364bd3b9e8e77b9159ba1eb github.com/mistifyio/go-zfs 22c9b32c84eb0d0c6f4043b6e90fc94073de92fa github.com/pborman/uuid v1.0 -google.golang.org/grpc v1.0.4 +google.golang.org/grpc v1.3.0 github.com/miekg/pkcs11 df8ae6ca730422dba20c768ff38ef7d79077a59f # When updating, also update RUNC_COMMIT in hack/dockerfile/binaries-commits accordingly @@ -71,7 +71,7 @@ github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0 github.com/coreos/go-systemd v4 github.com/godbus/dbus v4.0.0 github.com/syndtr/gocapability 2c00daeb6c3b45114c80ac44119e7b8801fdd852 -github.com/golang/protobuf 8ee79997227bf9b34611aee7946ae64735e6fd93 +github.com/golang/protobuf 7a211bcf3bce0e3f1d74f9894916e6f116ae83b4 # gelf logging driver deps github.com/Graylog2/go-gelf 7029da823dad4ef3a876df61065156acb703b2ea @@ -97,7 +97,7 @@ golang.org/x/oauth2 96382aa079b72d8c014eb0c50f6c223d1e6a2de0 google.golang.org/api 3cc2e591b550923a2c5f0ab5a803feda924d5823 cloud.google.com/go 9d965e63e8cceb1b5d7977a202f0fcb8866d6525 github.com/googleapis/gax-go da06d194a00e19ce00d9011a13931c3f6f6887c7 -google.golang.org/genproto b3e7c2fb04031add52c4817f53f43757ccbf9c18 +google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944 # containerd github.com/containerd/containerd 3addd840653146c90a254301d6c3a663c7fd6429 diff --git a/components/engine/vendor/github.com/golang/protobuf/README.md b/components/engine/vendor/github.com/golang/protobuf/README.md index 037fc7c8e2..aa933d7884 100644 --- a/components/engine/vendor/github.com/golang/protobuf/README.md +++ b/components/engine/vendor/github.com/golang/protobuf/README.md @@ -22,7 +22,7 @@ To use this software, you must: for details or, if you are using gccgo, follow the instructions at https://golang.org/doc/install/gccgo - Grab the code from the repository and install the proto package. - The simplest way is to run `go get -u github.com/golang/protobuf/{proto,protoc-gen-go}`. + The simplest way is to run `go get -u github.com/golang/protobuf/protoc-gen-go`. The compiler plugin, protoc-gen-go, will be installed in $GOBIN, defaulting to $GOPATH/bin. It must be in your $PATH for the protocol compiler, protoc, to find it. diff --git a/components/engine/vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.pb.go b/components/engine/vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.pb.go index a1d8a764f2..63cf2c80aa 100644 --- a/components/engine/vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.pb.go +++ b/components/engine/vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.pb.go @@ -1,6 +1,5 @@ -// Code generated by protoc-gen-go. +// Code generated by protoc-gen-go. DO NOT EDIT. // source: google/protobuf/descriptor.proto -// DO NOT EDIT! /* Package descriptor is a generated protocol buffer package. @@ -65,6 +64,10 @@ const ( FieldDescriptorProto_TYPE_FIXED32 FieldDescriptorProto_Type = 7 FieldDescriptorProto_TYPE_BOOL FieldDescriptorProto_Type = 8 FieldDescriptorProto_TYPE_STRING FieldDescriptorProto_Type = 9 + // Tag-delimited aggregate. + // Group type is deprecated and not supported in proto3. However, Proto3 + // implementations should still be able to parse the group wire format and + // treat group fields as unknown fields. FieldDescriptorProto_TYPE_GROUP FieldDescriptorProto_Type = 10 FieldDescriptorProto_TYPE_MESSAGE FieldDescriptorProto_Type = 11 // New in version 2. @@ -293,6 +296,48 @@ func (x *FieldOptions_JSType) UnmarshalJSON(data []byte) error { } func (FieldOptions_JSType) EnumDescriptor() ([]byte, []int) { return fileDescriptor0, []int{11, 1} } +// Is this method side-effect-free (or safe in HTTP parlance), or idempotent, +// or neither? HTTP based RPC implementation may choose GET verb for safe +// methods, and PUT verb for idempotent methods instead of the default POST. +type MethodOptions_IdempotencyLevel int32 + +const ( + MethodOptions_IDEMPOTENCY_UNKNOWN MethodOptions_IdempotencyLevel = 0 + MethodOptions_NO_SIDE_EFFECTS MethodOptions_IdempotencyLevel = 1 + MethodOptions_IDEMPOTENT MethodOptions_IdempotencyLevel = 2 +) + +var MethodOptions_IdempotencyLevel_name = map[int32]string{ + 0: "IDEMPOTENCY_UNKNOWN", + 1: "NO_SIDE_EFFECTS", + 2: "IDEMPOTENT", +} +var MethodOptions_IdempotencyLevel_value = map[string]int32{ + "IDEMPOTENCY_UNKNOWN": 0, + "NO_SIDE_EFFECTS": 1, + "IDEMPOTENT": 2, +} + +func (x MethodOptions_IdempotencyLevel) Enum() *MethodOptions_IdempotencyLevel { + p := new(MethodOptions_IdempotencyLevel) + *p = x + return p +} +func (x MethodOptions_IdempotencyLevel) String() string { + return proto.EnumName(MethodOptions_IdempotencyLevel_name, int32(x)) +} +func (x *MethodOptions_IdempotencyLevel) UnmarshalJSON(data []byte) error { + value, err := proto.UnmarshalJSONEnum(MethodOptions_IdempotencyLevel_value, data, "MethodOptions_IdempotencyLevel") + if err != nil { + return err + } + *x = MethodOptions_IdempotencyLevel(value) + return nil +} +func (MethodOptions_IdempotencyLevel) EnumDescriptor() ([]byte, []int) { + return fileDescriptor0, []int{16, 0} +} + // The protocol compiler can output a FileDescriptorSet containing the .proto // files it parses. type FileDescriptorSet struct { @@ -942,6 +987,14 @@ type FileOptions struct { ObjcClassPrefix *string `protobuf:"bytes,36,opt,name=objc_class_prefix,json=objcClassPrefix" json:"objc_class_prefix,omitempty"` // Namespace for generated classes; defaults to the package. CsharpNamespace *string `protobuf:"bytes,37,opt,name=csharp_namespace,json=csharpNamespace" json:"csharp_namespace,omitempty"` + // By default Swift generators will take the proto package and CamelCase it + // replacing '.' with underscore and use that to prefix the types/symbols + // defined. When this options is provided, they will use this value instead + // to prefix the types/symbols defined. + SwiftPrefix *string `protobuf:"bytes,39,opt,name=swift_prefix,json=swiftPrefix" json:"swift_prefix,omitempty"` + // Sets the php class prefix which is prepended to all php generated classes + // from this .proto. Default is empty. + PhpClassPrefix *string `protobuf:"bytes,40,opt,name=php_class_prefix,json=phpClassPrefix" json:"php_class_prefix,omitempty"` // The parser stores options it doesn't recognize here. See above. UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` proto.XXX_InternalExtensions `json:"-"` @@ -1068,6 +1121,20 @@ func (m *FileOptions) GetCsharpNamespace() string { return "" } +func (m *FileOptions) GetSwiftPrefix() string { + if m != nil && m.SwiftPrefix != nil { + return *m.SwiftPrefix + } + return "" +} + +func (m *FileOptions) GetPhpClassPrefix() string { + if m != nil && m.PhpClassPrefix != nil { + return *m.PhpClassPrefix + } + return "" +} + func (m *FileOptions) GetUninterpretedOption() []*UninterpretedOption { if m != nil { return m.UninterpretedOption @@ -1481,7 +1548,8 @@ type MethodOptions struct { // Depending on the target platform, this can emit Deprecated annotations // for the method, or it will be completely ignored; in the very least, // this is a formalization for deprecating methods. - Deprecated *bool `protobuf:"varint,33,opt,name=deprecated,def=0" json:"deprecated,omitempty"` + Deprecated *bool `protobuf:"varint,33,opt,name=deprecated,def=0" json:"deprecated,omitempty"` + IdempotencyLevel *MethodOptions_IdempotencyLevel `protobuf:"varint,34,opt,name=idempotency_level,json=idempotencyLevel,enum=google.protobuf.MethodOptions_IdempotencyLevel,def=0" json:"idempotency_level,omitempty"` // The parser stores options it doesn't recognize here. See above. UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` proto.XXX_InternalExtensions `json:"-"` @@ -1502,6 +1570,7 @@ func (*MethodOptions) ExtensionRangeArray() []proto.ExtensionRange { } const Default_MethodOptions_Deprecated bool = false +const Default_MethodOptions_IdempotencyLevel MethodOptions_IdempotencyLevel = MethodOptions_IDEMPOTENCY_UNKNOWN func (m *MethodOptions) GetDeprecated() bool { if m != nil && m.Deprecated != nil { @@ -1510,6 +1579,13 @@ func (m *MethodOptions) GetDeprecated() bool { return Default_MethodOptions_Deprecated } +func (m *MethodOptions) GetIdempotencyLevel() MethodOptions_IdempotencyLevel { + if m != nil && m.IdempotencyLevel != nil { + return *m.IdempotencyLevel + } + return Default_MethodOptions_IdempotencyLevel +} + func (m *MethodOptions) GetUninterpretedOption() []*UninterpretedOption { if m != nil { return m.UninterpretedOption @@ -1912,154 +1988,165 @@ func init() { proto.RegisterEnum("google.protobuf.FileOptions_OptimizeMode", FileOptions_OptimizeMode_name, FileOptions_OptimizeMode_value) proto.RegisterEnum("google.protobuf.FieldOptions_CType", FieldOptions_CType_name, FieldOptions_CType_value) proto.RegisterEnum("google.protobuf.FieldOptions_JSType", FieldOptions_JSType_name, FieldOptions_JSType_value) + proto.RegisterEnum("google.protobuf.MethodOptions_IdempotencyLevel", MethodOptions_IdempotencyLevel_name, MethodOptions_IdempotencyLevel_value) } func init() { proto.RegisterFile("google/protobuf/descriptor.proto", fileDescriptor0) } var fileDescriptor0 = []byte{ - // 2295 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xcc, 0x59, 0x4f, 0x6f, 0x1b, 0xc7, - 0x15, 0xcf, 0xf2, 0x9f, 0xc8, 0x47, 0x8a, 0x1a, 0x8d, 0x14, 0x67, 0xad, 0xfc, 0xb1, 0xcc, 0xd8, - 0xb1, 0x6c, 0xb7, 0x74, 0x20, 0xff, 0x89, 0xa3, 0x14, 0x29, 0x28, 0x71, 0xad, 0xd0, 0x90, 0x44, - 0x76, 0x29, 0xb5, 0x4e, 0x2e, 0x8b, 0xd1, 0xee, 0x90, 0x5a, 0x7b, 0x39, 0xbb, 0xdd, 0x5d, 0xda, - 0x56, 0x4e, 0x06, 0x7a, 0xea, 0xa5, 0xe7, 0xa2, 0x2d, 0x7a, 0xc8, 0x25, 0x40, 0x3f, 0x40, 0x0f, - 0xfd, 0x0a, 0x05, 0x0a, 0xf4, 0x2b, 0x14, 0x05, 0xda, 0x6f, 0xd0, 0x6b, 0x31, 0x33, 0xbb, 0xcb, - 0x5d, 0xfe, 0x89, 0xd5, 0x00, 0x49, 0x7a, 0x12, 0xe7, 0xf7, 0x7e, 0xef, 0xcd, 0x9b, 0x37, 0x6f, - 0xde, 0xbc, 0x1d, 0xc1, 0xe6, 0xd0, 0x75, 0x87, 0x0e, 0xbd, 0xe3, 0xf9, 0x6e, 0xe8, 0x9e, 0x8e, - 0x07, 0x77, 0x2c, 0x1a, 0x98, 0xbe, 0xed, 0x85, 0xae, 0xdf, 0x14, 0x18, 0x5e, 0x91, 0x8c, 0x66, - 0xcc, 0x68, 0x1c, 0xc2, 0xea, 0x23, 0xdb, 0xa1, 0xed, 0x84, 0xd8, 0xa7, 0x21, 0x7e, 0x08, 0x85, - 0x81, 0xed, 0x50, 0x55, 0xd9, 0xcc, 0x6f, 0x55, 0xb7, 0xaf, 0x35, 0xa7, 0x94, 0x9a, 0x59, 0x8d, - 0x1e, 0x87, 0x75, 0xa1, 0xd1, 0xf8, 0x67, 0x01, 0xd6, 0xe6, 0x48, 0x31, 0x86, 0x02, 0x23, 0x23, - 0x6e, 0x51, 0xd9, 0xaa, 0xe8, 0xe2, 0x37, 0x56, 0x61, 0xc9, 0x23, 0xe6, 0x33, 0x32, 0xa4, 0x6a, - 0x4e, 0xc0, 0xf1, 0x10, 0xbf, 0x07, 0x60, 0x51, 0x8f, 0x32, 0x8b, 0x32, 0xf3, 0x5c, 0xcd, 0x6f, - 0xe6, 0xb7, 0x2a, 0x7a, 0x0a, 0xc1, 0xb7, 0x61, 0xd5, 0x1b, 0x9f, 0x3a, 0xb6, 0x69, 0xa4, 0x68, - 0xb0, 0x99, 0xdf, 0x2a, 0xea, 0x48, 0x0a, 0xda, 0x13, 0xf2, 0x0d, 0x58, 0x79, 0x41, 0xc9, 0xb3, - 0x34, 0xb5, 0x2a, 0xa8, 0x75, 0x0e, 0xa7, 0x88, 0x7b, 0x50, 0x1b, 0xd1, 0x20, 0x20, 0x43, 0x6a, - 0x84, 0xe7, 0x1e, 0x55, 0x0b, 0x62, 0xf5, 0x9b, 0x33, 0xab, 0x9f, 0x5e, 0x79, 0x35, 0xd2, 0x3a, - 0x3e, 0xf7, 0x28, 0x6e, 0x41, 0x85, 0xb2, 0xf1, 0x48, 0x5a, 0x28, 0x2e, 0x88, 0x9f, 0xc6, 0xc6, - 0xa3, 0x69, 0x2b, 0x65, 0xae, 0x16, 0x99, 0x58, 0x0a, 0xa8, 0xff, 0xdc, 0x36, 0xa9, 0x5a, 0x12, - 0x06, 0x6e, 0xcc, 0x18, 0xe8, 0x4b, 0xf9, 0xb4, 0x8d, 0x58, 0x0f, 0xef, 0x41, 0x85, 0xbe, 0x0c, - 0x29, 0x0b, 0x6c, 0x97, 0xa9, 0x4b, 0xc2, 0xc8, 0xf5, 0x39, 0xbb, 0x48, 0x1d, 0x6b, 0xda, 0xc4, - 0x44, 0x0f, 0x3f, 0x80, 0x25, 0xd7, 0x0b, 0x6d, 0x97, 0x05, 0x6a, 0x79, 0x53, 0xd9, 0xaa, 0x6e, - 0xbf, 0x33, 0x37, 0x11, 0xba, 0x92, 0xa3, 0xc7, 0x64, 0xdc, 0x01, 0x14, 0xb8, 0x63, 0xdf, 0xa4, - 0x86, 0xe9, 0x5a, 0xd4, 0xb0, 0xd9, 0xc0, 0x55, 0x2b, 0xc2, 0xc0, 0x95, 0xd9, 0x85, 0x08, 0xe2, - 0x9e, 0x6b, 0xd1, 0x0e, 0x1b, 0xb8, 0x7a, 0x3d, 0xc8, 0x8c, 0xf1, 0x25, 0x28, 0x05, 0xe7, 0x2c, - 0x24, 0x2f, 0xd5, 0x9a, 0xc8, 0x90, 0x68, 0xd4, 0xf8, 0x4f, 0x11, 0x56, 0x2e, 0x92, 0x62, 0x9f, - 0x40, 0x71, 0xc0, 0x57, 0xa9, 0xe6, 0xfe, 0x97, 0x18, 0x48, 0x9d, 0x6c, 0x10, 0x4b, 0xdf, 0x32, - 0x88, 0x2d, 0xa8, 0x32, 0x1a, 0x84, 0xd4, 0x92, 0x19, 0x91, 0xbf, 0x60, 0x4e, 0x81, 0x54, 0x9a, - 0x4d, 0xa9, 0xc2, 0xb7, 0x4a, 0xa9, 0x27, 0xb0, 0x92, 0xb8, 0x64, 0xf8, 0x84, 0x0d, 0xe3, 0xdc, - 0xbc, 0xf3, 0x3a, 0x4f, 0x9a, 0x5a, 0xac, 0xa7, 0x73, 0x35, 0xbd, 0x4e, 0x33, 0x63, 0xdc, 0x06, - 0x70, 0x19, 0x75, 0x07, 0x86, 0x45, 0x4d, 0x47, 0x2d, 0x2f, 0x88, 0x52, 0x97, 0x53, 0x66, 0xa2, - 0xe4, 0x4a, 0xd4, 0x74, 0xf0, 0xc7, 0x93, 0x54, 0x5b, 0x5a, 0x90, 0x29, 0x87, 0xf2, 0x90, 0xcd, - 0x64, 0xdb, 0x09, 0xd4, 0x7d, 0xca, 0xf3, 0x9e, 0x5a, 0xd1, 0xca, 0x2a, 0xc2, 0x89, 0xe6, 0x6b, - 0x57, 0xa6, 0x47, 0x6a, 0x72, 0x61, 0xcb, 0x7e, 0x7a, 0x88, 0xdf, 0x87, 0x04, 0x30, 0x44, 0x5a, - 0x81, 0xa8, 0x42, 0xb5, 0x18, 0x3c, 0x22, 0x23, 0xba, 0xf1, 0x10, 0xea, 0xd9, 0xf0, 0xe0, 0x75, - 0x28, 0x06, 0x21, 0xf1, 0x43, 0x91, 0x85, 0x45, 0x5d, 0x0e, 0x30, 0x82, 0x3c, 0x65, 0x96, 0xa8, - 0x72, 0x45, 0x9d, 0xff, 0xdc, 0xf8, 0x08, 0x96, 0x33, 0xd3, 0x5f, 0x54, 0xb1, 0xf1, 0xdb, 0x12, - 0xac, 0xcf, 0xcb, 0xb9, 0xb9, 0xe9, 0x7f, 0x09, 0x4a, 0x6c, 0x3c, 0x3a, 0xa5, 0xbe, 0x9a, 0x17, - 0x16, 0xa2, 0x11, 0x6e, 0x41, 0xd1, 0x21, 0xa7, 0xd4, 0x51, 0x0b, 0x9b, 0xca, 0x56, 0x7d, 0xfb, - 0xf6, 0x85, 0xb2, 0xba, 0x79, 0xc0, 0x55, 0x74, 0xa9, 0x89, 0x3f, 0x85, 0x42, 0x54, 0xe2, 0xb8, - 0x85, 0x5b, 0x17, 0xb3, 0xc0, 0x73, 0x51, 0x17, 0x7a, 0xf8, 0x6d, 0xa8, 0xf0, 0xbf, 0x32, 0xb6, - 0x25, 0xe1, 0x73, 0x99, 0x03, 0x3c, 0xae, 0x78, 0x03, 0xca, 0x22, 0xcd, 0x2c, 0x1a, 0x5f, 0x0d, - 0xc9, 0x98, 0x6f, 0x8c, 0x45, 0x07, 0x64, 0xec, 0x84, 0xc6, 0x73, 0xe2, 0x8c, 0xa9, 0x48, 0x98, - 0x8a, 0x5e, 0x8b, 0xc0, 0x9f, 0x73, 0x0c, 0x5f, 0x81, 0xaa, 0xcc, 0x4a, 0x9b, 0x59, 0xf4, 0xa5, - 0xa8, 0x3e, 0x45, 0x5d, 0x26, 0x6a, 0x87, 0x23, 0x7c, 0xfa, 0xa7, 0x81, 0xcb, 0xe2, 0xad, 0x15, - 0x53, 0x70, 0x40, 0x4c, 0xff, 0xd1, 0x74, 0xe1, 0x7b, 0x77, 0xfe, 0xf2, 0xa6, 0x73, 0xb1, 0xf1, - 0xe7, 0x1c, 0x14, 0xc4, 0x79, 0x5b, 0x81, 0xea, 0xf1, 0xe7, 0x3d, 0xcd, 0x68, 0x77, 0x4f, 0x76, - 0x0f, 0x34, 0xa4, 0xe0, 0x3a, 0x80, 0x00, 0x1e, 0x1d, 0x74, 0x5b, 0xc7, 0x28, 0x97, 0x8c, 0x3b, - 0x47, 0xc7, 0x0f, 0xee, 0xa1, 0x7c, 0xa2, 0x70, 0x22, 0x81, 0x42, 0x9a, 0x70, 0x77, 0x1b, 0x15, - 0x31, 0x82, 0x9a, 0x34, 0xd0, 0x79, 0xa2, 0xb5, 0x1f, 0xdc, 0x43, 0xa5, 0x2c, 0x72, 0x77, 0x1b, - 0x2d, 0xe1, 0x65, 0xa8, 0x08, 0x64, 0xb7, 0xdb, 0x3d, 0x40, 0xe5, 0xc4, 0x66, 0xff, 0x58, 0xef, - 0x1c, 0xed, 0xa3, 0x4a, 0x62, 0x73, 0x5f, 0xef, 0x9e, 0xf4, 0x10, 0x24, 0x16, 0x0e, 0xb5, 0x7e, - 0xbf, 0xb5, 0xaf, 0xa1, 0x6a, 0xc2, 0xd8, 0xfd, 0xfc, 0x58, 0xeb, 0xa3, 0x5a, 0xc6, 0xad, 0xbb, - 0xdb, 0x68, 0x39, 0x99, 0x42, 0x3b, 0x3a, 0x39, 0x44, 0x75, 0xbc, 0x0a, 0xcb, 0x72, 0x8a, 0xd8, - 0x89, 0x95, 0x29, 0xe8, 0xc1, 0x3d, 0x84, 0x26, 0x8e, 0x48, 0x2b, 0xab, 0x19, 0xe0, 0xc1, 0x3d, - 0x84, 0x1b, 0x7b, 0x50, 0x14, 0xd9, 0x85, 0x31, 0xd4, 0x0f, 0x5a, 0xbb, 0xda, 0x81, 0xd1, 0xed, - 0x1d, 0x77, 0xba, 0x47, 0xad, 0x03, 0xa4, 0x4c, 0x30, 0x5d, 0xfb, 0xd9, 0x49, 0x47, 0xd7, 0xda, - 0x28, 0x97, 0xc6, 0x7a, 0x5a, 0xeb, 0x58, 0x6b, 0xa3, 0x7c, 0xc3, 0x84, 0xf5, 0x79, 0x75, 0x66, - 0xee, 0xc9, 0x48, 0x6d, 0x71, 0x6e, 0xc1, 0x16, 0x0b, 0x5b, 0x33, 0x5b, 0xfc, 0x95, 0x02, 0x6b, - 0x73, 0x6a, 0xed, 0xdc, 0x49, 0x7e, 0x0a, 0x45, 0x99, 0xa2, 0xf2, 0xf6, 0xb9, 0x39, 0xb7, 0x68, - 0x8b, 0x84, 0x9d, 0xb9, 0x81, 0x84, 0x5e, 0xfa, 0x06, 0xce, 0x2f, 0xb8, 0x81, 0xb9, 0x89, 0x19, - 0x27, 0x7f, 0xa5, 0x80, 0xba, 0xc8, 0xf6, 0x6b, 0x0a, 0x45, 0x2e, 0x53, 0x28, 0x3e, 0x99, 0x76, - 0xe0, 0xea, 0xe2, 0x35, 0xcc, 0x78, 0xf1, 0xb5, 0x02, 0x97, 0xe6, 0x37, 0x2a, 0x73, 0x7d, 0xf8, - 0x14, 0x4a, 0x23, 0x1a, 0x9e, 0xb9, 0xf1, 0x65, 0xfd, 0xc1, 0x9c, 0x2b, 0x80, 0x8b, 0xa7, 0x63, - 0x15, 0x69, 0xa5, 0xef, 0x90, 0xfc, 0xa2, 0x6e, 0x43, 0x7a, 0x33, 0xe3, 0xe9, 0xaf, 0x73, 0xf0, - 0xe6, 0x5c, 0xe3, 0x73, 0x1d, 0x7d, 0x17, 0xc0, 0x66, 0xde, 0x38, 0x94, 0x17, 0xb2, 0xac, 0x4f, - 0x15, 0x81, 0x88, 0xb3, 0xcf, 0x6b, 0xcf, 0x38, 0x4c, 0xe4, 0x79, 0x21, 0x07, 0x09, 0x09, 0xc2, - 0xc3, 0x89, 0xa3, 0x05, 0xe1, 0xe8, 0x7b, 0x0b, 0x56, 0x3a, 0x73, 0xd7, 0x7d, 0x08, 0xc8, 0x74, - 0x6c, 0xca, 0x42, 0x23, 0x08, 0x7d, 0x4a, 0x46, 0x36, 0x1b, 0x8a, 0x02, 0x5c, 0xde, 0x29, 0x0e, - 0x88, 0x13, 0x50, 0x7d, 0x45, 0x8a, 0xfb, 0xb1, 0x94, 0x6b, 0x88, 0x5b, 0xc6, 0x4f, 0x69, 0x94, - 0x32, 0x1a, 0x52, 0x9c, 0x68, 0x34, 0x7e, 0xb3, 0x04, 0xd5, 0x54, 0x5b, 0x87, 0xaf, 0x42, 0xed, - 0x29, 0x79, 0x4e, 0x8c, 0xb8, 0x55, 0x97, 0x91, 0xa8, 0x72, 0xac, 0x17, 0xb5, 0xeb, 0x1f, 0xc2, - 0xba, 0xa0, 0xb8, 0xe3, 0x90, 0xfa, 0x86, 0xe9, 0x90, 0x20, 0x10, 0x41, 0x2b, 0x0b, 0x2a, 0xe6, - 0xb2, 0x2e, 0x17, 0xed, 0xc5, 0x12, 0x7c, 0x1f, 0xd6, 0x84, 0xc6, 0x68, 0xec, 0x84, 0xb6, 0xe7, - 0x50, 0x83, 0x7f, 0x3c, 0x04, 0xa2, 0x10, 0x27, 0x9e, 0xad, 0x72, 0xc6, 0x61, 0x44, 0xe0, 0x1e, - 0x05, 0xb8, 0x0d, 0xef, 0x0a, 0xb5, 0x21, 0x65, 0xd4, 0x27, 0x21, 0x35, 0xe8, 0x2f, 0xc7, 0xc4, - 0x09, 0x0c, 0xc2, 0x2c, 0xe3, 0x8c, 0x04, 0x67, 0xea, 0x3a, 0x37, 0xb0, 0x9b, 0x53, 0x15, 0xfd, - 0x32, 0x27, 0xee, 0x47, 0x3c, 0x4d, 0xd0, 0x5a, 0xcc, 0xfa, 0x8c, 0x04, 0x67, 0x78, 0x07, 0x2e, - 0x09, 0x2b, 0x41, 0xe8, 0xdb, 0x6c, 0x68, 0x98, 0x67, 0xd4, 0x7c, 0x66, 0x8c, 0xc3, 0xc1, 0x43, - 0xf5, 0xed, 0xf4, 0xfc, 0xc2, 0xc3, 0xbe, 0xe0, 0xec, 0x71, 0xca, 0x49, 0x38, 0x78, 0x88, 0xfb, - 0x50, 0xe3, 0x9b, 0x31, 0xb2, 0xbf, 0xa4, 0xc6, 0xc0, 0xf5, 0xc5, 0xcd, 0x52, 0x9f, 0x73, 0xb2, - 0x53, 0x11, 0x6c, 0x76, 0x23, 0x85, 0x43, 0xd7, 0xa2, 0x3b, 0xc5, 0x7e, 0x4f, 0xd3, 0xda, 0x7a, - 0x35, 0xb6, 0xf2, 0xc8, 0xf5, 0x79, 0x42, 0x0d, 0xdd, 0x24, 0xc0, 0x55, 0x99, 0x50, 0x43, 0x37, - 0x0e, 0xef, 0x7d, 0x58, 0x33, 0x4d, 0xb9, 0x66, 0xdb, 0x34, 0xa2, 0x16, 0x3f, 0x50, 0x51, 0x26, - 0x58, 0xa6, 0xb9, 0x2f, 0x09, 0x51, 0x8e, 0x07, 0xf8, 0x63, 0x78, 0x73, 0x12, 0xac, 0xb4, 0xe2, - 0xea, 0xcc, 0x2a, 0xa7, 0x55, 0xef, 0xc3, 0x9a, 0x77, 0x3e, 0xab, 0x88, 0x33, 0x33, 0x7a, 0xe7, - 0xd3, 0x6a, 0xd7, 0xc5, 0x67, 0x9b, 0x4f, 0x4d, 0x12, 0x52, 0x4b, 0x7d, 0x2b, 0xcd, 0x4e, 0x09, - 0xf0, 0x1d, 0x40, 0xa6, 0x69, 0x50, 0x46, 0x4e, 0x1d, 0x6a, 0x10, 0x9f, 0x32, 0x12, 0xa8, 0x57, - 0xd2, 0xe4, 0xba, 0x69, 0x6a, 0x42, 0xda, 0x12, 0x42, 0x7c, 0x0b, 0x56, 0xdd, 0xd3, 0xa7, 0xa6, - 0xcc, 0x2c, 0xc3, 0xf3, 0xe9, 0xc0, 0x7e, 0xa9, 0x5e, 0x13, 0x61, 0x5a, 0xe1, 0x02, 0x91, 0x57, - 0x3d, 0x01, 0xe3, 0x9b, 0x80, 0xcc, 0xe0, 0x8c, 0xf8, 0x9e, 0xb8, 0xda, 0x03, 0x8f, 0x98, 0x54, - 0xbd, 0x2e, 0xa9, 0x12, 0x3f, 0x8a, 0x61, 0xfc, 0x04, 0xd6, 0xc7, 0xcc, 0x66, 0x21, 0xf5, 0x3d, - 0x9f, 0xf2, 0x0e, 0x5d, 0x1e, 0x33, 0xf5, 0x5f, 0x4b, 0x0b, 0x7a, 0xec, 0x93, 0x34, 0x5b, 0xee, - 0xae, 0xbe, 0x36, 0x9e, 0x05, 0x1b, 0x3b, 0x50, 0x4b, 0x6f, 0x3a, 0xae, 0x80, 0xdc, 0x76, 0xa4, - 0xf0, 0x0b, 0x74, 0xaf, 0xdb, 0xe6, 0x57, 0xdf, 0x17, 0x1a, 0xca, 0xf1, 0x2b, 0xf8, 0xa0, 0x73, - 0xac, 0x19, 0xfa, 0xc9, 0xd1, 0x71, 0xe7, 0x50, 0x43, 0xf9, 0x5b, 0x95, 0xf2, 0xbf, 0x97, 0xd0, - 0xab, 0x57, 0xaf, 0x5e, 0xe5, 0x1e, 0x17, 0xca, 0x1f, 0xa0, 0x1b, 0x8d, 0xbf, 0xe6, 0xa0, 0x9e, - 0x6d, 0x7e, 0xf1, 0x4f, 0xe0, 0xad, 0xf8, 0x4b, 0x35, 0xa0, 0xa1, 0xf1, 0xc2, 0xf6, 0x45, 0x36, - 0x8e, 0x88, 0x6c, 0x1f, 0x93, 0x40, 0xae, 0x47, 0xac, 0x3e, 0x0d, 0x7f, 0x61, 0xfb, 0x3c, 0xd7, - 0x46, 0x24, 0xc4, 0x07, 0x70, 0x85, 0xb9, 0x46, 0x10, 0x12, 0x66, 0x11, 0xdf, 0x32, 0x26, 0x6f, - 0x04, 0x06, 0x31, 0x4d, 0x1a, 0x04, 0xae, 0xbc, 0x05, 0x12, 0x2b, 0xef, 0x30, 0xb7, 0x1f, 0x91, - 0x27, 0xe5, 0xb1, 0x15, 0x51, 0xa7, 0x36, 0x3d, 0xbf, 0x68, 0xd3, 0xdf, 0x86, 0xca, 0x88, 0x78, - 0x06, 0x65, 0xa1, 0x7f, 0x2e, 0x5a, 0xb6, 0xb2, 0x5e, 0x1e, 0x11, 0x4f, 0xe3, 0xe3, 0xef, 0x6e, - 0x27, 0xb2, 0xd1, 0x2c, 0xa3, 0x4a, 0xe3, 0x1f, 0x79, 0xa8, 0xa5, 0x9b, 0x37, 0xde, 0x0b, 0x9b, - 0xa2, 0x50, 0x2b, 0xe2, 0x28, 0xbf, 0xff, 0x8d, 0xad, 0x5e, 0x73, 0x8f, 0x57, 0xf0, 0x9d, 0x92, - 0x6c, 0xa9, 0x74, 0xa9, 0xc9, 0x6f, 0x4f, 0x7e, 0x78, 0xa9, 0x6c, 0xd4, 0xcb, 0x7a, 0x34, 0xc2, - 0xfb, 0x50, 0x7a, 0x1a, 0x08, 0xdb, 0x25, 0x61, 0xfb, 0xda, 0x37, 0xdb, 0x7e, 0xdc, 0x17, 0xc6, - 0x2b, 0x8f, 0xfb, 0xc6, 0x51, 0x57, 0x3f, 0x6c, 0x1d, 0xe8, 0x91, 0x3a, 0xbe, 0x0c, 0x05, 0x87, - 0x7c, 0x79, 0x9e, 0xad, 0xf5, 0x02, 0xba, 0x68, 0xf8, 0x2f, 0x43, 0xe1, 0x05, 0x25, 0xcf, 0xb2, - 0x15, 0x56, 0x40, 0xdf, 0xe1, 0x31, 0xb8, 0x03, 0x45, 0x11, 0x2f, 0x0c, 0x10, 0x45, 0x0c, 0xbd, - 0x81, 0xcb, 0x50, 0xd8, 0xeb, 0xea, 0xfc, 0x28, 0x20, 0xa8, 0x49, 0xd4, 0xe8, 0x75, 0xb4, 0x3d, - 0x0d, 0xe5, 0x1a, 0xf7, 0xa1, 0x24, 0x83, 0xc0, 0x8f, 0x49, 0x12, 0x06, 0xf4, 0x46, 0x34, 0x8c, - 0x6c, 0x28, 0xb1, 0xf4, 0xe4, 0x70, 0x57, 0xd3, 0x51, 0x2e, 0xbb, 0xc9, 0x05, 0x54, 0x6c, 0x04, - 0x50, 0x4b, 0x77, 0x6f, 0xdf, 0x4b, 0x7e, 0x35, 0xfe, 0xa2, 0x40, 0x35, 0xd5, 0x8d, 0xf1, 0x3e, - 0x80, 0x38, 0x8e, 0xfb, 0xc2, 0x20, 0x8e, 0x4d, 0x82, 0x28, 0x35, 0x40, 0x40, 0x2d, 0x8e, 0x5c, - 0x74, 0xeb, 0xbe, 0x17, 0xe7, 0xff, 0xa8, 0x00, 0x9a, 0xee, 0xe4, 0xa6, 0x1c, 0x54, 0x7e, 0x50, - 0x07, 0xff, 0xa0, 0x40, 0x3d, 0xdb, 0xbe, 0x4d, 0xb9, 0x77, 0xf5, 0x07, 0x75, 0xef, 0xf7, 0x0a, - 0x2c, 0x67, 0x9a, 0xb6, 0xff, 0x2b, 0xef, 0x7e, 0x97, 0x87, 0xb5, 0x39, 0x7a, 0xb8, 0x15, 0x75, - 0xb7, 0xb2, 0xe1, 0xfe, 0xf1, 0x45, 0xe6, 0x6a, 0xf2, 0xfb, 0xb3, 0x47, 0xfc, 0x30, 0x6a, 0x86, - 0x6f, 0x02, 0xb2, 0x2d, 0xca, 0x42, 0x7b, 0x60, 0x53, 0x3f, 0xfa, 0x22, 0x97, 0x2d, 0xef, 0xca, - 0x04, 0x97, 0x1f, 0xe5, 0x3f, 0x02, 0xec, 0xb9, 0x81, 0x1d, 0xda, 0xcf, 0xa9, 0x61, 0xb3, 0xf8, - 0xf3, 0x9d, 0xb7, 0xc0, 0x05, 0x1d, 0xc5, 0x92, 0x0e, 0x0b, 0x13, 0x36, 0xa3, 0x43, 0x32, 0xc5, - 0xe6, 0x15, 0x30, 0xaf, 0xa3, 0x58, 0x92, 0xb0, 0xaf, 0x42, 0xcd, 0x72, 0xc7, 0xbc, 0xa1, 0x90, - 0x3c, 0x5e, 0x70, 0x15, 0xbd, 0x2a, 0xb1, 0x84, 0x12, 0x75, 0x7c, 0x93, 0x77, 0x83, 0x9a, 0x5e, - 0x95, 0x98, 0xa4, 0xdc, 0x80, 0x15, 0x32, 0x1c, 0xfa, 0xdc, 0x78, 0x6c, 0x48, 0xf6, 0xb0, 0xf5, - 0x04, 0x16, 0xc4, 0x8d, 0xc7, 0x50, 0x8e, 0xe3, 0xc0, 0x6f, 0x36, 0x1e, 0x09, 0xc3, 0x93, 0xaf, - 0x37, 0xb9, 0xad, 0x8a, 0x5e, 0x66, 0xb1, 0xf0, 0x2a, 0xd4, 0xec, 0xc0, 0x98, 0x3c, 0x23, 0xe6, - 0x36, 0x73, 0x5b, 0x65, 0xbd, 0x6a, 0x07, 0xc9, 0xbb, 0x51, 0xe3, 0xeb, 0x1c, 0xd4, 0xb3, 0xcf, - 0xa0, 0xb8, 0x0d, 0x65, 0xc7, 0x35, 0x89, 0x48, 0x04, 0xf9, 0x06, 0xbf, 0xf5, 0x9a, 0x97, 0xd3, - 0xe6, 0x41, 0xc4, 0xd7, 0x13, 0xcd, 0x8d, 0xbf, 0x29, 0x50, 0x8e, 0x61, 0x7c, 0x09, 0x0a, 0x1e, - 0x09, 0xcf, 0x84, 0xb9, 0xe2, 0x6e, 0x0e, 0x29, 0xba, 0x18, 0x73, 0x3c, 0xf0, 0x08, 0x13, 0x29, - 0x10, 0xe1, 0x7c, 0xcc, 0xf7, 0xd5, 0xa1, 0xc4, 0x12, 0x0d, 0xb2, 0x3b, 0x1a, 0x51, 0x16, 0x06, - 0xf1, 0xbe, 0x46, 0xf8, 0x5e, 0x04, 0xe3, 0xdb, 0xb0, 0x1a, 0xfa, 0xc4, 0x76, 0x32, 0xdc, 0x82, - 0xe0, 0xa2, 0x58, 0x90, 0x90, 0x77, 0xe0, 0x72, 0x6c, 0xd7, 0xa2, 0x21, 0x31, 0xcf, 0xa8, 0x35, - 0x51, 0x2a, 0x89, 0x37, 0xb6, 0xb7, 0x22, 0x42, 0x3b, 0x92, 0xc7, 0xba, 0x8d, 0xbf, 0x2b, 0xb0, - 0x1a, 0xb7, 0xf4, 0x56, 0x12, 0xac, 0x43, 0x00, 0xc2, 0x98, 0x1b, 0xa6, 0xc3, 0x35, 0x9b, 0xca, - 0x33, 0x7a, 0xcd, 0x56, 0xa2, 0xa4, 0xa7, 0x0c, 0x6c, 0x8c, 0x00, 0x26, 0x92, 0x85, 0x61, 0xbb, - 0x02, 0xd5, 0xe8, 0x8d, 0x5b, 0xfc, 0xa3, 0x44, 0x7e, 0x04, 0x82, 0x84, 0x78, 0xef, 0x8f, 0xd7, - 0xa1, 0x78, 0x4a, 0x87, 0x36, 0x8b, 0x5e, 0xde, 0xe4, 0x20, 0x7e, 0xcf, 0x2b, 0x24, 0xef, 0x79, - 0xbb, 0x4f, 0x60, 0xcd, 0x74, 0x47, 0xd3, 0xee, 0xee, 0xa2, 0xa9, 0x0f, 0xd1, 0xe0, 0x33, 0xe5, - 0x0b, 0x98, 0x74, 0x6a, 0x5f, 0xe5, 0xf2, 0xfb, 0xbd, 0xdd, 0x3f, 0xe5, 0x36, 0xf6, 0xa5, 0x5e, - 0x2f, 0x5e, 0xa6, 0x4e, 0x07, 0x0e, 0x35, 0xb9, 0xeb, 0xff, 0x0d, 0x00, 0x00, 0xff, 0xff, 0x5f, - 0x1c, 0x48, 0x4f, 0x0d, 0x1a, 0x00, 0x00, + // 2460 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x59, 0x5b, 0x6f, 0xdb, 0xc8, + 0x15, 0x5e, 0x5d, 0x2d, 0x1d, 0xc9, 0xf2, 0x78, 0xec, 0x4d, 0x18, 0xef, 0x25, 0x8e, 0xf6, 0x12, + 0x6f, 0xd2, 0xc8, 0x0b, 0xe7, 0xb2, 0x59, 0xa7, 0x48, 0x21, 0x4b, 0x8c, 0x57, 0xa9, 0x2c, 0xa9, + 0x94, 0xdc, 0x4d, 0xf6, 0x85, 0x18, 0x93, 0x23, 0x99, 0x09, 0x45, 0x72, 0x49, 0x2a, 0x89, 0xf7, + 0x29, 0x40, 0x9f, 0x0a, 0xf4, 0x07, 0x14, 0x45, 0xd1, 0x87, 0x7d, 0x59, 0xa0, 0x3f, 0xa0, 0xcf, + 0xfd, 0x05, 0x05, 0xf6, 0xb9, 0x2f, 0x45, 0x51, 0xa0, 0xfd, 0x07, 0x7d, 0x2d, 0x66, 0x86, 0xa4, + 0x48, 0x5d, 0x12, 0x77, 0x81, 0xec, 0x3e, 0xd9, 0x73, 0xce, 0x77, 0x0e, 0xcf, 0x9c, 0xf9, 0x66, + 0xce, 0x99, 0x11, 0x6c, 0x8f, 0x6c, 0x7b, 0x64, 0xd2, 0x5d, 0xc7, 0xb5, 0x7d, 0xfb, 0x64, 0x32, + 0xdc, 0xd5, 0xa9, 0xa7, 0xb9, 0x86, 0xe3, 0xdb, 0x6e, 0x8d, 0xcb, 0xf0, 0x9a, 0x40, 0xd4, 0x42, + 0x44, 0xf5, 0x08, 0xd6, 0x1f, 0x18, 0x26, 0x6d, 0x46, 0xc0, 0x3e, 0xf5, 0xf1, 0x5d, 0xc8, 0x0e, + 0x0d, 0x93, 0x4a, 0xa9, 0xed, 0xcc, 0x4e, 0x69, 0xef, 0xc3, 0xda, 0x8c, 0x51, 0x2d, 0x69, 0xd1, + 0x63, 0x62, 0x85, 0x5b, 0x54, 0xff, 0x95, 0x85, 0x8d, 0x05, 0x5a, 0x8c, 0x21, 0x6b, 0x91, 0x31, + 0xf3, 0x98, 0xda, 0x29, 0x2a, 0xfc, 0x7f, 0x2c, 0xc1, 0x8a, 0x43, 0xb4, 0xa7, 0x64, 0x44, 0xa5, + 0x34, 0x17, 0x87, 0x43, 0xfc, 0x3e, 0x80, 0x4e, 0x1d, 0x6a, 0xe9, 0xd4, 0xd2, 0xce, 0xa4, 0xcc, + 0x76, 0x66, 0xa7, 0xa8, 0xc4, 0x24, 0xf8, 0x3a, 0xac, 0x3b, 0x93, 0x13, 0xd3, 0xd0, 0xd4, 0x18, + 0x0c, 0xb6, 0x33, 0x3b, 0x39, 0x05, 0x09, 0x45, 0x73, 0x0a, 0xbe, 0x0a, 0x6b, 0xcf, 0x29, 0x79, + 0x1a, 0x87, 0x96, 0x38, 0xb4, 0xc2, 0xc4, 0x31, 0x60, 0x03, 0xca, 0x63, 0xea, 0x79, 0x64, 0x44, + 0x55, 0xff, 0xcc, 0xa1, 0x52, 0x96, 0xcf, 0x7e, 0x7b, 0x6e, 0xf6, 0xb3, 0x33, 0x2f, 0x05, 0x56, + 0x83, 0x33, 0x87, 0xe2, 0x3a, 0x14, 0xa9, 0x35, 0x19, 0x0b, 0x0f, 0xb9, 0x25, 0xf9, 0x93, 0xad, + 0xc9, 0x78, 0xd6, 0x4b, 0x81, 0x99, 0x05, 0x2e, 0x56, 0x3c, 0xea, 0x3e, 0x33, 0x34, 0x2a, 0xe5, + 0xb9, 0x83, 0xab, 0x73, 0x0e, 0xfa, 0x42, 0x3f, 0xeb, 0x23, 0xb4, 0xc3, 0x0d, 0x28, 0xd2, 0x17, + 0x3e, 0xb5, 0x3c, 0xc3, 0xb6, 0xa4, 0x15, 0xee, 0xe4, 0xa3, 0x05, 0xab, 0x48, 0x4d, 0x7d, 0xd6, + 0xc5, 0xd4, 0x0e, 0xdf, 0x81, 0x15, 0xdb, 0xf1, 0x0d, 0xdb, 0xf2, 0xa4, 0xc2, 0x76, 0x6a, 0xa7, + 0xb4, 0xf7, 0xee, 0x42, 0x22, 0x74, 0x05, 0x46, 0x09, 0xc1, 0xb8, 0x05, 0xc8, 0xb3, 0x27, 0xae, + 0x46, 0x55, 0xcd, 0xd6, 0xa9, 0x6a, 0x58, 0x43, 0x5b, 0x2a, 0x72, 0x07, 0x97, 0xe7, 0x27, 0xc2, + 0x81, 0x0d, 0x5b, 0xa7, 0x2d, 0x6b, 0x68, 0x2b, 0x15, 0x2f, 0x31, 0xc6, 0x17, 0x20, 0xef, 0x9d, + 0x59, 0x3e, 0x79, 0x21, 0x95, 0x39, 0x43, 0x82, 0x51, 0xf5, 0xbf, 0x39, 0x58, 0x3b, 0x0f, 0xc5, + 0xee, 0x41, 0x6e, 0xc8, 0x66, 0x29, 0xa5, 0xff, 0x9f, 0x1c, 0x08, 0x9b, 0x64, 0x12, 0xf3, 0x3f, + 0x30, 0x89, 0x75, 0x28, 0x59, 0xd4, 0xf3, 0xa9, 0x2e, 0x18, 0x91, 0x39, 0x27, 0xa7, 0x40, 0x18, + 0xcd, 0x53, 0x2a, 0xfb, 0x83, 0x28, 0xf5, 0x08, 0xd6, 0xa2, 0x90, 0x54, 0x97, 0x58, 0xa3, 0x90, + 0x9b, 0xbb, 0xaf, 0x8b, 0xa4, 0x26, 0x87, 0x76, 0x0a, 0x33, 0x53, 0x2a, 0x34, 0x31, 0xc6, 0x4d, + 0x00, 0xdb, 0xa2, 0xf6, 0x50, 0xd5, 0xa9, 0x66, 0x4a, 0x85, 0x25, 0x59, 0xea, 0x32, 0xc8, 0x5c, + 0x96, 0x6c, 0x21, 0xd5, 0x4c, 0xfc, 0xf9, 0x94, 0x6a, 0x2b, 0x4b, 0x98, 0x72, 0x24, 0x36, 0xd9, + 0x1c, 0xdb, 0x8e, 0xa1, 0xe2, 0x52, 0xc6, 0x7b, 0xaa, 0x07, 0x33, 0x2b, 0xf2, 0x20, 0x6a, 0xaf, + 0x9d, 0x99, 0x12, 0x98, 0x89, 0x89, 0xad, 0xba, 0xf1, 0x21, 0xfe, 0x00, 0x22, 0x81, 0xca, 0x69, + 0x05, 0xfc, 0x14, 0x2a, 0x87, 0xc2, 0x0e, 0x19, 0xd3, 0xad, 0xbb, 0x50, 0x49, 0xa6, 0x07, 0x6f, + 0x42, 0xce, 0xf3, 0x89, 0xeb, 0x73, 0x16, 0xe6, 0x14, 0x31, 0xc0, 0x08, 0x32, 0xd4, 0xd2, 0xf9, + 0x29, 0x97, 0x53, 0xd8, 0xbf, 0x5b, 0x9f, 0xc1, 0x6a, 0xe2, 0xf3, 0xe7, 0x35, 0xac, 0xfe, 0x3e, + 0x0f, 0x9b, 0x8b, 0x38, 0xb7, 0x90, 0xfe, 0x17, 0x20, 0x6f, 0x4d, 0xc6, 0x27, 0xd4, 0x95, 0x32, + 0xdc, 0x43, 0x30, 0xc2, 0x75, 0xc8, 0x99, 0xe4, 0x84, 0x9a, 0x52, 0x76, 0x3b, 0xb5, 0x53, 0xd9, + 0xbb, 0x7e, 0x2e, 0x56, 0xd7, 0xda, 0xcc, 0x44, 0x11, 0x96, 0xf8, 0x3e, 0x64, 0x83, 0x23, 0x8e, + 0x79, 0xb8, 0x76, 0x3e, 0x0f, 0x8c, 0x8b, 0x0a, 0xb7, 0xc3, 0xef, 0x40, 0x91, 0xfd, 0x15, 0xb9, + 0xcd, 0xf3, 0x98, 0x0b, 0x4c, 0xc0, 0xf2, 0x8a, 0xb7, 0xa0, 0xc0, 0x69, 0xa6, 0xd3, 0xb0, 0x34, + 0x44, 0x63, 0xb6, 0x30, 0x3a, 0x1d, 0x92, 0x89, 0xe9, 0xab, 0xcf, 0x88, 0x39, 0xa1, 0x9c, 0x30, + 0x45, 0xa5, 0x1c, 0x08, 0x7f, 0xcd, 0x64, 0xf8, 0x32, 0x94, 0x04, 0x2b, 0x0d, 0x4b, 0xa7, 0x2f, + 0xf8, 0xe9, 0x93, 0x53, 0x04, 0x51, 0x5b, 0x4c, 0xc2, 0x3e, 0xff, 0xc4, 0xb3, 0xad, 0x70, 0x69, + 0xf9, 0x27, 0x98, 0x80, 0x7f, 0xfe, 0xb3, 0xd9, 0x83, 0xef, 0xbd, 0xc5, 0xd3, 0x9b, 0xe5, 0x62, + 0xf5, 0x2f, 0x69, 0xc8, 0xf2, 0xfd, 0xb6, 0x06, 0xa5, 0xc1, 0xe3, 0x9e, 0xac, 0x36, 0xbb, 0xc7, + 0x07, 0x6d, 0x19, 0xa5, 0x70, 0x05, 0x80, 0x0b, 0x1e, 0xb4, 0xbb, 0xf5, 0x01, 0x4a, 0x47, 0xe3, + 0x56, 0x67, 0x70, 0xe7, 0x16, 0xca, 0x44, 0x06, 0xc7, 0x42, 0x90, 0x8d, 0x03, 0x6e, 0xee, 0xa1, + 0x1c, 0x46, 0x50, 0x16, 0x0e, 0x5a, 0x8f, 0xe4, 0xe6, 0x9d, 0x5b, 0x28, 0x9f, 0x94, 0xdc, 0xdc, + 0x43, 0x2b, 0x78, 0x15, 0x8a, 0x5c, 0x72, 0xd0, 0xed, 0xb6, 0x51, 0x21, 0xf2, 0xd9, 0x1f, 0x28, + 0xad, 0xce, 0x21, 0x2a, 0x46, 0x3e, 0x0f, 0x95, 0xee, 0x71, 0x0f, 0x41, 0xe4, 0xe1, 0x48, 0xee, + 0xf7, 0xeb, 0x87, 0x32, 0x2a, 0x45, 0x88, 0x83, 0xc7, 0x03, 0xb9, 0x8f, 0xca, 0x89, 0xb0, 0x6e, + 0xee, 0xa1, 0xd5, 0xe8, 0x13, 0x72, 0xe7, 0xf8, 0x08, 0x55, 0xf0, 0x3a, 0xac, 0x8a, 0x4f, 0x84, + 0x41, 0xac, 0xcd, 0x88, 0xee, 0xdc, 0x42, 0x68, 0x1a, 0x88, 0xf0, 0xb2, 0x9e, 0x10, 0xdc, 0xb9, + 0x85, 0x70, 0xb5, 0x01, 0x39, 0xce, 0x2e, 0x8c, 0xa1, 0xd2, 0xae, 0x1f, 0xc8, 0x6d, 0xb5, 0xdb, + 0x1b, 0xb4, 0xba, 0x9d, 0x7a, 0x1b, 0xa5, 0xa6, 0x32, 0x45, 0xfe, 0xd5, 0x71, 0x4b, 0x91, 0x9b, + 0x28, 0x1d, 0x97, 0xf5, 0xe4, 0xfa, 0x40, 0x6e, 0xa2, 0x4c, 0x55, 0x83, 0xcd, 0x45, 0xe7, 0xcc, + 0xc2, 0x9d, 0x11, 0x5b, 0xe2, 0xf4, 0x92, 0x25, 0xe6, 0xbe, 0xe6, 0x96, 0xf8, 0xdb, 0x14, 0x6c, + 0x2c, 0x38, 0x6b, 0x17, 0x7e, 0xe4, 0x17, 0x90, 0x13, 0x14, 0x15, 0xd5, 0xe7, 0x93, 0x85, 0x87, + 0x36, 0x27, 0xec, 0x5c, 0x05, 0xe2, 0x76, 0xf1, 0x0a, 0x9c, 0x59, 0x52, 0x81, 0x99, 0x8b, 0xb9, + 0x20, 0x7f, 0x93, 0x02, 0x69, 0x99, 0xef, 0xd7, 0x1c, 0x14, 0xe9, 0xc4, 0x41, 0x71, 0x6f, 0x36, + 0x80, 0x2b, 0xcb, 0xe7, 0x30, 0x17, 0xc5, 0x77, 0x29, 0xb8, 0xb0, 0xb8, 0x51, 0x59, 0x18, 0xc3, + 0x7d, 0xc8, 0x8f, 0xa9, 0x7f, 0x6a, 0x87, 0xc5, 0xfa, 0xe3, 0x05, 0x25, 0x80, 0xa9, 0x67, 0x73, + 0x15, 0x58, 0xc5, 0x6b, 0x48, 0x66, 0x59, 0xb7, 0x21, 0xa2, 0x99, 0x8b, 0xf4, 0xb7, 0x69, 0x78, + 0x7b, 0xa1, 0xf3, 0x85, 0x81, 0xbe, 0x07, 0x60, 0x58, 0xce, 0xc4, 0x17, 0x05, 0x59, 0x9c, 0x4f, + 0x45, 0x2e, 0xe1, 0x7b, 0x9f, 0x9d, 0x3d, 0x13, 0x3f, 0xd2, 0x67, 0xb8, 0x1e, 0x84, 0x88, 0x03, + 0xee, 0x4e, 0x03, 0xcd, 0xf2, 0x40, 0xdf, 0x5f, 0x32, 0xd3, 0xb9, 0x5a, 0xf7, 0x29, 0x20, 0xcd, + 0x34, 0xa8, 0xe5, 0xab, 0x9e, 0xef, 0x52, 0x32, 0x36, 0xac, 0x11, 0x3f, 0x80, 0x0b, 0xfb, 0xb9, + 0x21, 0x31, 0x3d, 0xaa, 0xac, 0x09, 0x75, 0x3f, 0xd4, 0x32, 0x0b, 0x5e, 0x65, 0xdc, 0x98, 0x45, + 0x3e, 0x61, 0x21, 0xd4, 0x91, 0x45, 0xf5, 0xef, 0x2b, 0x50, 0x8a, 0xb5, 0x75, 0xf8, 0x0a, 0x94, + 0x9f, 0x90, 0x67, 0x44, 0x0d, 0x5b, 0x75, 0x91, 0x89, 0x12, 0x93, 0xf5, 0x82, 0x76, 0xfd, 0x53, + 0xd8, 0xe4, 0x10, 0x7b, 0xe2, 0x53, 0x57, 0xd5, 0x4c, 0xe2, 0x79, 0x3c, 0x69, 0x05, 0x0e, 0xc5, + 0x4c, 0xd7, 0x65, 0xaa, 0x46, 0xa8, 0xc1, 0xb7, 0x61, 0x83, 0x5b, 0x8c, 0x27, 0xa6, 0x6f, 0x38, + 0x26, 0x55, 0xd9, 0xe5, 0xc1, 0xe3, 0x07, 0x71, 0x14, 0xd9, 0x3a, 0x43, 0x1c, 0x05, 0x00, 0x16, + 0x91, 0x87, 0x9b, 0xf0, 0x1e, 0x37, 0x1b, 0x51, 0x8b, 0xba, 0xc4, 0xa7, 0x2a, 0xfd, 0x7a, 0x42, + 0x4c, 0x4f, 0x25, 0x96, 0xae, 0x9e, 0x12, 0xef, 0x54, 0xda, 0x64, 0x0e, 0x0e, 0xd2, 0x52, 0x4a, + 0xb9, 0xc4, 0x80, 0x87, 0x01, 0x4e, 0xe6, 0xb0, 0xba, 0xa5, 0x7f, 0x41, 0xbc, 0x53, 0xbc, 0x0f, + 0x17, 0xb8, 0x17, 0xcf, 0x77, 0x0d, 0x6b, 0xa4, 0x6a, 0xa7, 0x54, 0x7b, 0xaa, 0x4e, 0xfc, 0xe1, + 0x5d, 0xe9, 0x9d, 0xf8, 0xf7, 0x79, 0x84, 0x7d, 0x8e, 0x69, 0x30, 0xc8, 0xb1, 0x3f, 0xbc, 0x8b, + 0xfb, 0x50, 0x66, 0x8b, 0x31, 0x36, 0xbe, 0xa1, 0xea, 0xd0, 0x76, 0x79, 0x65, 0xa9, 0x2c, 0xd8, + 0xd9, 0xb1, 0x0c, 0xd6, 0xba, 0x81, 0xc1, 0x91, 0xad, 0xd3, 0xfd, 0x5c, 0xbf, 0x27, 0xcb, 0x4d, + 0xa5, 0x14, 0x7a, 0x79, 0x60, 0xbb, 0x8c, 0x50, 0x23, 0x3b, 0x4a, 0x70, 0x49, 0x10, 0x6a, 0x64, + 0x87, 0xe9, 0xbd, 0x0d, 0x1b, 0x9a, 0x26, 0xe6, 0x6c, 0x68, 0x6a, 0xd0, 0xe2, 0x7b, 0x12, 0x4a, + 0x24, 0x4b, 0xd3, 0x0e, 0x05, 0x20, 0xe0, 0xb8, 0x87, 0x3f, 0x87, 0xb7, 0xa7, 0xc9, 0x8a, 0x1b, + 0xae, 0xcf, 0xcd, 0x72, 0xd6, 0xf4, 0x36, 0x6c, 0x38, 0x67, 0xf3, 0x86, 0x38, 0xf1, 0x45, 0xe7, + 0x6c, 0xd6, 0xec, 0x23, 0x7e, 0x6d, 0x73, 0xa9, 0x46, 0x7c, 0xaa, 0x4b, 0x17, 0xe3, 0xe8, 0x98, + 0x02, 0xef, 0x02, 0xd2, 0x34, 0x95, 0x5a, 0xe4, 0xc4, 0xa4, 0x2a, 0x71, 0xa9, 0x45, 0x3c, 0xe9, + 0x72, 0x1c, 0x5c, 0xd1, 0x34, 0x99, 0x6b, 0xeb, 0x5c, 0x89, 0xaf, 0xc1, 0xba, 0x7d, 0xf2, 0x44, + 0x13, 0xcc, 0x52, 0x1d, 0x97, 0x0e, 0x8d, 0x17, 0xd2, 0x87, 0x3c, 0x4d, 0x6b, 0x4c, 0xc1, 0x79, + 0xd5, 0xe3, 0x62, 0xfc, 0x09, 0x20, 0xcd, 0x3b, 0x25, 0xae, 0xc3, 0x4b, 0xbb, 0xe7, 0x10, 0x8d, + 0x4a, 0x1f, 0x09, 0xa8, 0x90, 0x77, 0x42, 0x31, 0x63, 0xb6, 0xf7, 0xdc, 0x18, 0xfa, 0xa1, 0xc7, + 0xab, 0x82, 0xd9, 0x5c, 0x16, 0x78, 0xdb, 0x01, 0xe4, 0x9c, 0x3a, 0xc9, 0x0f, 0xef, 0x70, 0x58, + 0xc5, 0x39, 0x75, 0xe2, 0xdf, 0x7d, 0x04, 0x9b, 0x13, 0xcb, 0xb0, 0x7c, 0xea, 0x3a, 0x2e, 0x65, + 0xed, 0xbe, 0xd8, 0xb3, 0xd2, 0xbf, 0x57, 0x96, 0x34, 0xec, 0xc7, 0x71, 0xb4, 0xa0, 0x8a, 0xb2, + 0x31, 0x99, 0x17, 0x56, 0xf7, 0xa1, 0x1c, 0x67, 0x10, 0x2e, 0x82, 0xe0, 0x10, 0x4a, 0xb1, 0x6a, + 0xdc, 0xe8, 0x36, 0x59, 0x1d, 0xfd, 0x4a, 0x46, 0x69, 0x56, 0xcf, 0xdb, 0xad, 0x81, 0xac, 0x2a, + 0xc7, 0x9d, 0x41, 0xeb, 0x48, 0x46, 0x99, 0x6b, 0xc5, 0xc2, 0x7f, 0x56, 0xd0, 0xcb, 0x97, 0x2f, + 0x5f, 0xa6, 0x1f, 0x66, 0x0b, 0x1f, 0xa3, 0xab, 0xd5, 0xef, 0xd3, 0x50, 0x49, 0x76, 0xd2, 0xf8, + 0xe7, 0x70, 0x31, 0xbc, 0xf6, 0x7a, 0xd4, 0x57, 0x9f, 0x1b, 0x2e, 0xa7, 0xf6, 0x98, 0x88, 0x5e, + 0x34, 0x5a, 0x95, 0xcd, 0x00, 0xd5, 0xa7, 0xfe, 0x97, 0x86, 0xcb, 0x88, 0x3b, 0x26, 0x3e, 0x6e, + 0xc3, 0x65, 0xcb, 0x56, 0x3d, 0x9f, 0x58, 0x3a, 0x71, 0x75, 0x75, 0xfa, 0xe0, 0xa0, 0x12, 0x4d, + 0xa3, 0x9e, 0x67, 0x8b, 0x92, 0x12, 0x79, 0x79, 0xd7, 0xb2, 0xfb, 0x01, 0x78, 0x7a, 0xd6, 0xd6, + 0x03, 0xe8, 0x0c, 0x83, 0x32, 0xcb, 0x18, 0xf4, 0x0e, 0x14, 0xc7, 0xc4, 0x51, 0xa9, 0xe5, 0xbb, + 0x67, 0xbc, 0xff, 0x2b, 0x28, 0x85, 0x31, 0x71, 0x64, 0x36, 0x7e, 0x73, 0x2b, 0x91, 0xcc, 0x66, + 0x01, 0x15, 0x1f, 0x66, 0x0b, 0x45, 0x04, 0xd5, 0x7f, 0x66, 0xa0, 0x1c, 0xef, 0x07, 0x59, 0x7b, + 0xad, 0xf1, 0xb3, 0x3f, 0xc5, 0x4f, 0x87, 0x0f, 0x5e, 0xd9, 0x3d, 0xd6, 0x1a, 0xac, 0x28, 0xec, + 0xe7, 0x45, 0x97, 0xa6, 0x08, 0x4b, 0x56, 0x90, 0xd9, 0x79, 0x40, 0x45, 0xef, 0x5f, 0x50, 0x82, + 0x11, 0x3e, 0x84, 0xfc, 0x13, 0x8f, 0xfb, 0xce, 0x73, 0xdf, 0x1f, 0xbe, 0xda, 0xf7, 0xc3, 0x3e, + 0x77, 0x5e, 0x7c, 0xd8, 0x57, 0x3b, 0x5d, 0xe5, 0xa8, 0xde, 0x56, 0x02, 0x73, 0x7c, 0x09, 0xb2, + 0x26, 0xf9, 0xe6, 0x2c, 0x59, 0x3e, 0xb8, 0xe8, 0xbc, 0x8b, 0x70, 0x09, 0xb2, 0xcf, 0x29, 0x79, + 0x9a, 0x3c, 0xb4, 0xb9, 0xe8, 0x0d, 0x6e, 0x86, 0x5d, 0xc8, 0xf1, 0x7c, 0x61, 0x80, 0x20, 0x63, + 0xe8, 0x2d, 0x5c, 0x80, 0x6c, 0xa3, 0xab, 0xb0, 0x0d, 0x81, 0xa0, 0x2c, 0xa4, 0x6a, 0xaf, 0x25, + 0x37, 0x64, 0x94, 0xae, 0xde, 0x86, 0xbc, 0x48, 0x02, 0xdb, 0x2c, 0x51, 0x1a, 0xd0, 0x5b, 0xc1, + 0x30, 0xf0, 0x91, 0x0a, 0xb5, 0xc7, 0x47, 0x07, 0xb2, 0x82, 0xd2, 0xc9, 0xa5, 0xce, 0xa2, 0x5c, + 0xd5, 0x83, 0x72, 0xbc, 0x21, 0xfc, 0x51, 0x58, 0x56, 0xfd, 0x6b, 0x0a, 0x4a, 0xb1, 0x06, 0x8f, + 0xb5, 0x16, 0xc4, 0x34, 0xed, 0xe7, 0x2a, 0x31, 0x0d, 0xe2, 0x05, 0xd4, 0x00, 0x2e, 0xaa, 0x33, + 0xc9, 0x79, 0x97, 0xee, 0x47, 0xda, 0x22, 0x39, 0x94, 0xaf, 0xfe, 0x29, 0x05, 0x68, 0xb6, 0x45, + 0x9c, 0x09, 0x33, 0xf5, 0x53, 0x86, 0x59, 0xfd, 0x63, 0x0a, 0x2a, 0xc9, 0xbe, 0x70, 0x26, 0xbc, + 0x2b, 0x3f, 0x69, 0x78, 0xff, 0x48, 0xc3, 0x6a, 0xa2, 0x1b, 0x3c, 0x6f, 0x74, 0x5f, 0xc3, 0xba, + 0xa1, 0xd3, 0xb1, 0x63, 0xfb, 0xd4, 0xd2, 0xce, 0x54, 0x93, 0x3e, 0xa3, 0xa6, 0x54, 0xe5, 0x87, + 0xc6, 0xee, 0xab, 0xfb, 0xcd, 0x5a, 0x6b, 0x6a, 0xd7, 0x66, 0x66, 0xfb, 0x1b, 0xad, 0xa6, 0x7c, + 0xd4, 0xeb, 0x0e, 0xe4, 0x4e, 0xe3, 0xb1, 0x7a, 0xdc, 0xf9, 0x65, 0xa7, 0xfb, 0x65, 0x47, 0x41, + 0xc6, 0x0c, 0xec, 0x0d, 0x6e, 0xfb, 0x1e, 0xa0, 0xd9, 0xa0, 0xf0, 0x45, 0x58, 0x14, 0x16, 0x7a, + 0x0b, 0x6f, 0xc0, 0x5a, 0xa7, 0xab, 0xf6, 0x5b, 0x4d, 0x59, 0x95, 0x1f, 0x3c, 0x90, 0x1b, 0x83, + 0xbe, 0xb8, 0x80, 0x47, 0xe8, 0x41, 0x62, 0x83, 0x57, 0xff, 0x90, 0x81, 0x8d, 0x05, 0x91, 0xe0, + 0x7a, 0xd0, 0xfb, 0x8b, 0xeb, 0xc8, 0x8d, 0xf3, 0x44, 0x5f, 0x63, 0xdd, 0x45, 0x8f, 0xb8, 0x7e, + 0x70, 0x55, 0xf8, 0x04, 0x58, 0x96, 0x2c, 0xdf, 0x18, 0x1a, 0xd4, 0x0d, 0xde, 0x2b, 0xc4, 0x85, + 0x60, 0x6d, 0x2a, 0x17, 0x4f, 0x16, 0x3f, 0x03, 0xec, 0xd8, 0x9e, 0xe1, 0x1b, 0xcf, 0xa8, 0x6a, + 0x58, 0xe1, 0xe3, 0x06, 0xbb, 0x20, 0x64, 0x15, 0x14, 0x6a, 0x5a, 0x96, 0x1f, 0xa1, 0x2d, 0x3a, + 0x22, 0x33, 0x68, 0x76, 0x98, 0x67, 0x14, 0x14, 0x6a, 0x22, 0xf4, 0x15, 0x28, 0xeb, 0xf6, 0x84, + 0xb5, 0x5b, 0x02, 0xc7, 0x6a, 0x47, 0x4a, 0x29, 0x09, 0x59, 0x04, 0x09, 0xfa, 0xe1, 0xe9, 0xab, + 0x4a, 0x59, 0x29, 0x09, 0x99, 0x80, 0x5c, 0x85, 0x35, 0x32, 0x1a, 0xb9, 0xcc, 0x79, 0xe8, 0x48, + 0x74, 0xf8, 0x95, 0x48, 0xcc, 0x81, 0x5b, 0x0f, 0xa1, 0x10, 0xe6, 0x81, 0x95, 0x6a, 0x96, 0x09, + 0xd5, 0x11, 0x6f, 0x5b, 0xe9, 0x9d, 0xa2, 0x52, 0xb0, 0x42, 0xe5, 0x15, 0x28, 0x1b, 0x9e, 0x3a, + 0x7d, 0x64, 0x4d, 0x6f, 0xa7, 0x77, 0x0a, 0x4a, 0xc9, 0xf0, 0xa2, 0x57, 0xb5, 0xea, 0x77, 0x69, + 0xa8, 0x24, 0x1f, 0x89, 0x71, 0x13, 0x0a, 0xa6, 0xad, 0x11, 0x4e, 0x2d, 0xf1, 0x0b, 0xc5, 0xce, + 0x6b, 0xde, 0x95, 0x6b, 0xed, 0x00, 0xaf, 0x44, 0x96, 0x5b, 0x7f, 0x4b, 0x41, 0x21, 0x14, 0xe3, + 0x0b, 0x90, 0x75, 0x88, 0x7f, 0xca, 0xdd, 0xe5, 0x0e, 0xd2, 0x28, 0xa5, 0xf0, 0x31, 0x93, 0x7b, + 0x0e, 0xb1, 0x38, 0x05, 0x02, 0x39, 0x1b, 0xb3, 0x75, 0x35, 0x29, 0xd1, 0xf9, 0xf5, 0xc1, 0x1e, + 0x8f, 0xa9, 0xe5, 0x7b, 0xe1, 0xba, 0x06, 0xf2, 0x46, 0x20, 0xc6, 0xd7, 0x61, 0xdd, 0x77, 0x89, + 0x61, 0x26, 0xb0, 0x59, 0x8e, 0x45, 0xa1, 0x22, 0x02, 0xef, 0xc3, 0xa5, 0xd0, 0xaf, 0x4e, 0x7d, + 0xa2, 0x9d, 0x52, 0x7d, 0x6a, 0x94, 0xe7, 0x2f, 0x90, 0x17, 0x03, 0x40, 0x33, 0xd0, 0x87, 0xb6, + 0xd5, 0xef, 0x53, 0xb0, 0x1e, 0x5e, 0x78, 0xf4, 0x28, 0x59, 0x47, 0x00, 0xc4, 0xb2, 0x6c, 0x3f, + 0x9e, 0xae, 0x79, 0x2a, 0xcf, 0xd9, 0xd5, 0xea, 0x91, 0x91, 0x12, 0x73, 0xb0, 0x35, 0x06, 0x98, + 0x6a, 0x96, 0xa6, 0xed, 0x32, 0x94, 0x82, 0x5f, 0x00, 0xf8, 0xcf, 0x48, 0xe2, 0x8a, 0x0c, 0x42, + 0xc4, 0x6e, 0x46, 0x78, 0x13, 0x72, 0x27, 0x74, 0x64, 0x58, 0xc1, 0xbb, 0xa4, 0x18, 0x84, 0xaf, + 0x9d, 0xd9, 0xe8, 0xb5, 0xf3, 0xe0, 0x77, 0x29, 0xd8, 0xd0, 0xec, 0xf1, 0x6c, 0xbc, 0x07, 0x68, + 0xe6, 0x9e, 0xee, 0x7d, 0x91, 0xfa, 0xea, 0xfe, 0xc8, 0xf0, 0x4f, 0x27, 0x27, 0x35, 0xcd, 0x1e, + 0xef, 0x8e, 0x6c, 0x93, 0x58, 0xa3, 0xe9, 0xef, 0x60, 0xfc, 0x1f, 0xed, 0xc6, 0x88, 0x5a, 0x37, + 0x46, 0x76, 0xec, 0x57, 0xb1, 0x7b, 0xd3, 0x7f, 0xbf, 0x4d, 0x67, 0x0e, 0x7b, 0x07, 0x7f, 0x4e, + 0x6f, 0x1d, 0x8a, 0x6f, 0xf5, 0xc2, 0xdc, 0x28, 0x74, 0x68, 0x52, 0x8d, 0xcd, 0xf7, 0x7f, 0x01, + 0x00, 0x00, 0xff, 0xff, 0x8e, 0x54, 0xe7, 0xef, 0x60, 0x1b, 0x00, 0x00, } diff --git a/components/engine/vendor/github.com/golang/protobuf/ptypes/any/any.pb.go b/components/engine/vendor/github.com/golang/protobuf/ptypes/any/any.pb.go index f2c6906b91..1fbaa44caa 100644 --- a/components/engine/vendor/github.com/golang/protobuf/ptypes/any/any.pb.go +++ b/components/engine/vendor/github.com/golang/protobuf/ptypes/any/any.pb.go @@ -1,6 +1,5 @@ -// Code generated by protoc-gen-go. +// Code generated by protoc-gen-go. DO NOT EDIT. // source: github.com/golang/protobuf/ptypes/any/any.proto -// DO NOT EDIT! /* Package any is a generated protocol buffer package. @@ -132,6 +131,20 @@ func (*Any) ProtoMessage() {} func (*Any) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} } func (*Any) XXX_WellKnownType() string { return "Any" } +func (m *Any) GetTypeUrl() string { + if m != nil { + return m.TypeUrl + } + return "" +} + +func (m *Any) GetValue() []byte { + if m != nil { + return m.Value + } + return nil +} + func init() { proto.RegisterType((*Any)(nil), "google.protobuf.Any") } @@ -139,17 +152,17 @@ func init() { func init() { proto.RegisterFile("github.com/golang/protobuf/ptypes/any/any.proto", fileDescriptor0) } var fileDescriptor0 = []byte{ - // 187 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xe2, 0xd2, 0x4f, 0xcf, 0x2c, 0xc9, + // 184 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xd2, 0x4f, 0xcf, 0x2c, 0xc9, 0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xcf, 0xcf, 0x49, 0xcc, 0x4b, 0xd7, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x2f, 0x28, 0xa9, 0x2c, 0x48, 0x2d, 0xd6, 0x4f, 0xcc, 0xab, 0x04, 0x61, 0x3d, 0xb0, 0xb8, 0x10, 0x7f, 0x7a, 0x7e, 0x7e, 0x7a, 0x4e, 0xaa, 0x1e, 0x4c, 0x95, 0x92, 0x19, 0x17, 0xb3, 0x63, 0x5e, 0xa5, 0x90, 0x24, 0x17, 0x07, 0x48, 0x79, 0x7c, 0x69, 0x51, 0x8e, 0x04, 0xa3, 0x02, 0xa3, 0x06, 0x67, 0x10, 0x3b, 0x88, 0x1f, 0x5a, 0x94, 0x23, 0x24, 0xc2, 0xc5, 0x5a, 0x96, 0x98, 0x53, 0x9a, 0x2a, 0xc1, 0xa4, 0xc0, 0xa8, 0xc1, 0x13, 0x04, 0xe1, - 0x38, 0x15, 0x71, 0x09, 0x27, 0xe7, 0xe7, 0xea, 0xa1, 0x19, 0xe7, 0xc4, 0xe1, 0x98, 0x57, 0x19, - 0x00, 0xe2, 0x04, 0x30, 0x46, 0xa9, 0x12, 0xe5, 0xb8, 0x05, 0x8c, 0x8c, 0x8b, 0x98, 0x98, 0xdd, - 0x03, 0x9c, 0x56, 0x31, 0xc9, 0xb9, 0x43, 0x4c, 0x0b, 0x80, 0xaa, 0xd2, 0x0b, 0x4f, 0xcd, 0xc9, - 0xf1, 0xce, 0xcb, 0x2f, 0xcf, 0x0b, 0x01, 0xa9, 0x4e, 0x62, 0x03, 0x6b, 0x37, 0x06, 0x04, 0x00, - 0x00, 0xff, 0xff, 0xc6, 0x4d, 0x03, 0x23, 0xf6, 0x00, 0x00, 0x00, + 0x38, 0xe5, 0x73, 0x09, 0x27, 0xe7, 0xe7, 0xea, 0xa1, 0x19, 0xe7, 0xc4, 0xe1, 0x98, 0x57, 0x19, + 0x00, 0xe2, 0x04, 0x30, 0x46, 0xa9, 0x12, 0xe5, 0xb8, 0x45, 0x4c, 0xcc, 0xee, 0x01, 0x4e, 0xab, + 0x98, 0xe4, 0xdc, 0x21, 0x46, 0x05, 0x40, 0x95, 0xe8, 0x85, 0xa7, 0xe6, 0xe4, 0x78, 0xe7, 0xe5, + 0x97, 0xe7, 0x85, 0x80, 0x94, 0x26, 0xb1, 0x81, 0xf5, 0x1a, 0x03, 0x02, 0x00, 0x00, 0xff, 0xff, + 0x45, 0x1f, 0x1a, 0xf2, 0xf3, 0x00, 0x00, 0x00, } diff --git a/components/engine/vendor/github.com/golang/protobuf/ptypes/any/any.proto b/components/engine/vendor/github.com/golang/protobuf/ptypes/any/any.proto index 81dcf46ccf..9bd3f50a45 100644 --- a/components/engine/vendor/github.com/golang/protobuf/ptypes/any/any.proto +++ b/components/engine/vendor/github.com/golang/protobuf/ptypes/any/any.proto @@ -37,7 +37,6 @@ option go_package = "github.com/golang/protobuf/ptypes/any"; option java_package = "com.google.protobuf"; option java_outer_classname = "AnyProto"; option java_multiple_files = true; -option java_generate_equals_and_hash = true; option objc_class_prefix = "GPB"; // `Any` contains an arbitrary serialized protocol buffer message along with a diff --git a/components/engine/vendor/github.com/golang/protobuf/ptypes/duration/duration.pb.go b/components/engine/vendor/github.com/golang/protobuf/ptypes/duration/duration.pb.go index 569748346d..fe3350bed0 100644 --- a/components/engine/vendor/github.com/golang/protobuf/ptypes/duration/duration.pb.go +++ b/components/engine/vendor/github.com/golang/protobuf/ptypes/duration/duration.pb.go @@ -1,6 +1,5 @@ -// Code generated by protoc-gen-go. +// Code generated by protoc-gen-go. DO NOT EDIT. // source: github.com/golang/protobuf/ptypes/duration/duration.proto -// DO NOT EDIT! /* Package duration is a generated protocol buffer package. @@ -35,6 +34,8 @@ const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package // two Timestamp values is a Duration and it can be added or subtracted // from a Timestamp. Range is approximately +-10,000 years. // +// # Examples +// // Example 1: Compute Duration from two Timestamps in pseudo code. // // Timestamp start = ...; @@ -69,10 +70,27 @@ const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package // end.nanos -= 1000000000; // } // +// Example 3: Compute Duration from datetime.timedelta in Python. +// +// td = datetime.timedelta(days=3, minutes=10) +// duration = Duration() +// duration.FromTimedelta(td) +// +// # JSON Mapping +// +// In JSON format, the Duration type is encoded as a string rather than an +// object, where the string ends in the suffix "s" (indicating seconds) and +// is preceded by the number of seconds, with nanoseconds expressed as +// fractional seconds. For example, 3 seconds with 0 nanoseconds should be +// encoded in JSON format as "3s", while 3 seconds and 1 nanosecond should +// be expressed in JSON format as "3.000000001s", and 3 seconds and 1 +// microsecond should be expressed in JSON format as "3.000001s". +// // type Duration struct { // Signed seconds of the span of time. Must be from -315,576,000,000 - // to +315,576,000,000 inclusive. + // to +315,576,000,000 inclusive. Note: these bounds are computed from: + // 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years Seconds int64 `protobuf:"varint,1,opt,name=seconds" json:"seconds,omitempty"` // Signed fractions of a second at nanosecond resolution of the span // of time. Durations less than one second are represented with a 0 @@ -89,6 +107,20 @@ func (*Duration) ProtoMessage() {} func (*Duration) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} } func (*Duration) XXX_WellKnownType() string { return "Duration" } +func (m *Duration) GetSeconds() int64 { + if m != nil { + return m.Seconds + } + return 0 +} + +func (m *Duration) GetNanos() int32 { + if m != nil { + return m.Nanos + } + return 0 +} + func init() { proto.RegisterType((*Duration)(nil), "google.protobuf.Duration") } @@ -99,7 +131,7 @@ func init() { var fileDescriptor0 = []byte{ // 189 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xe2, 0xb2, 0x4c, 0xcf, 0x2c, 0xc9, + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xb2, 0x4c, 0xcf, 0x2c, 0xc9, 0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xcf, 0xcf, 0x49, 0xcc, 0x4b, 0xd7, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x2f, 0x28, 0xa9, 0x2c, 0x48, 0x2d, 0xd6, 0x4f, 0x29, 0x2d, 0x4a, 0x2c, 0xc9, 0xcc, 0xcf, 0x83, 0x33, 0xf4, 0xc0, 0x2a, 0x84, 0xf8, 0xd3, 0xf3, 0xf3, @@ -107,8 +139,8 @@ var fileDescriptor0 = []byte{ 0xd8, 0x8b, 0x53, 0x93, 0xf3, 0xf3, 0x52, 0x8a, 0x25, 0x18, 0x15, 0x18, 0x35, 0x98, 0x83, 0x60, 0x5c, 0x21, 0x11, 0x2e, 0xd6, 0xbc, 0xc4, 0xbc, 0xfc, 0x62, 0x09, 0x26, 0x05, 0x46, 0x0d, 0xd6, 0x20, 0x08, 0xc7, 0xa9, 0x86, 0x4b, 0x38, 0x39, 0x3f, 0x57, 0x0f, 0xcd, 0x48, 0x27, 0x5e, 0x98, - 0x81, 0x01, 0x20, 0x91, 0x00, 0xc6, 0x28, 0x2d, 0xe2, 0xdd, 0xbb, 0x80, 0x91, 0x71, 0x11, 0x13, + 0x81, 0x01, 0x20, 0x91, 0x00, 0xc6, 0x28, 0x2d, 0xe2, 0xdd, 0xfb, 0x83, 0x91, 0x71, 0x11, 0x13, 0xb3, 0x7b, 0x80, 0xd3, 0x2a, 0x26, 0x39, 0x77, 0x88, 0xb9, 0x01, 0x50, 0xa5, 0x7a, 0xe1, 0xa9, 0x39, 0x39, 0xde, 0x79, 0xf9, 0xe5, 0x79, 0x21, 0x20, 0x2d, 0x49, 0x6c, 0x60, 0x33, 0x8c, 0x01, - 0x01, 0x00, 0x00, 0xff, 0xff, 0x62, 0xfb, 0xb1, 0x51, 0x0e, 0x01, 0x00, 0x00, + 0x01, 0x00, 0x00, 0xff, 0xff, 0x45, 0x5a, 0x81, 0x3d, 0x0e, 0x01, 0x00, 0x00, } diff --git a/components/engine/vendor/github.com/golang/protobuf/ptypes/duration/duration.proto b/components/engine/vendor/github.com/golang/protobuf/ptypes/duration/duration.proto index 96c1796d65..975fce41aa 100644 --- a/components/engine/vendor/github.com/golang/protobuf/ptypes/duration/duration.proto +++ b/components/engine/vendor/github.com/golang/protobuf/ptypes/duration/duration.proto @@ -33,11 +33,11 @@ syntax = "proto3"; package google.protobuf; option csharp_namespace = "Google.Protobuf.WellKnownTypes"; +option cc_enable_arenas = true; option go_package = "github.com/golang/protobuf/ptypes/duration"; option java_package = "com.google.protobuf"; option java_outer_classname = "DurationProto"; option java_multiple_files = true; -option java_generate_equals_and_hash = true; option objc_class_prefix = "GPB"; // A Duration represents a signed, fixed-length span of time represented @@ -47,6 +47,8 @@ option objc_class_prefix = "GPB"; // two Timestamp values is a Duration and it can be added or subtracted // from a Timestamp. Range is approximately +-10,000 years. // +// # Examples +// // Example 1: Compute Duration from two Timestamps in pseudo code. // // Timestamp start = ...; @@ -81,11 +83,28 @@ option objc_class_prefix = "GPB"; // end.nanos -= 1000000000; // } // +// Example 3: Compute Duration from datetime.timedelta in Python. +// +// td = datetime.timedelta(days=3, minutes=10) +// duration = Duration() +// duration.FromTimedelta(td) +// +// # JSON Mapping +// +// In JSON format, the Duration type is encoded as a string rather than an +// object, where the string ends in the suffix "s" (indicating seconds) and +// is preceded by the number of seconds, with nanoseconds expressed as +// fractional seconds. For example, 3 seconds with 0 nanoseconds should be +// encoded in JSON format as "3s", while 3 seconds and 1 nanosecond should +// be expressed in JSON format as "3.000000001s", and 3 seconds and 1 +// microsecond should be expressed in JSON format as "3.000001s". +// // message Duration { // Signed seconds of the span of time. Must be from -315,576,000,000 - // to +315,576,000,000 inclusive. + // to +315,576,000,000 inclusive. Note: these bounds are computed from: + // 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years int64 seconds = 1; // Signed fractions of a second at nanosecond resolution of the span diff --git a/components/engine/vendor/github.com/golang/protobuf/ptypes/empty/empty.pb.go b/components/engine/vendor/github.com/golang/protobuf/ptypes/empty/empty.pb.go index 46c765a96e..ae15941446 100644 --- a/components/engine/vendor/github.com/golang/protobuf/ptypes/empty/empty.pb.go +++ b/components/engine/vendor/github.com/golang/protobuf/ptypes/empty/empty.pb.go @@ -1,6 +1,5 @@ -// Code generated by protoc-gen-go. +// Code generated by protoc-gen-go. DO NOT EDIT. // source: github.com/golang/protobuf/ptypes/empty/empty.proto -// DO NOT EDIT! /* Package empty is a generated protocol buffer package. @@ -55,15 +54,15 @@ func init() { } var fileDescriptor0 = []byte{ - // 150 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xe2, 0x32, 0x4e, 0xcf, 0x2c, 0xc9, + // 147 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x32, 0x4e, 0xcf, 0x2c, 0xc9, 0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xcf, 0xcf, 0x49, 0xcc, 0x4b, 0xd7, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x2f, 0x28, 0xa9, 0x2c, 0x48, 0x2d, 0xd6, 0x4f, 0xcd, 0x2d, 0x28, 0xa9, 0x84, 0x90, 0x7a, 0x60, 0x39, 0x21, 0xfe, 0xf4, 0xfc, 0xfc, 0xf4, 0x9c, 0x54, - 0x3d, 0x98, 0x4a, 0x25, 0x76, 0x2e, 0x56, 0x57, 0x90, 0xbc, 0x53, 0x25, 0x97, 0x70, 0x72, 0x7e, + 0x3d, 0x98, 0x4a, 0x25, 0x76, 0x2e, 0x56, 0x57, 0x90, 0xbc, 0x53, 0x19, 0x97, 0x70, 0x72, 0x7e, 0xae, 0x1e, 0x9a, 0xbc, 0x13, 0x17, 0x58, 0x36, 0x00, 0xc4, 0x0d, 0x60, 0x8c, 0x52, 0x27, 0xd2, - 0xce, 0x05, 0x8c, 0x8c, 0x3f, 0x18, 0x19, 0x17, 0x31, 0x31, 0xbb, 0x07, 0x38, 0xad, 0x62, 0x92, - 0x73, 0x87, 0x18, 0x1a, 0x00, 0x55, 0xaa, 0x17, 0x9e, 0x9a, 0x93, 0xe3, 0x9d, 0x97, 0x5f, 0x9e, - 0x17, 0x02, 0xd2, 0x92, 0xc4, 0x06, 0x36, 0xc3, 0x18, 0x10, 0x00, 0x00, 0xff, 0xff, 0x7f, 0xbb, - 0xf4, 0x0e, 0xd2, 0x00, 0x00, 0x00, + 0xce, 0x1f, 0x8c, 0x8c, 0x8b, 0x98, 0x98, 0xdd, 0x03, 0x9c, 0x56, 0x31, 0xc9, 0xb9, 0x43, 0x4c, + 0x0c, 0x80, 0xaa, 0xd3, 0x0b, 0x4f, 0xcd, 0xc9, 0xf1, 0xce, 0xcb, 0x2f, 0xcf, 0x0b, 0x01, 0xa9, + 0x4f, 0x62, 0x03, 0x1b, 0x60, 0x0c, 0x08, 0x00, 0x00, 0xff, 0xff, 0x6e, 0x8e, 0x0a, 0x06, 0xcf, + 0x00, 0x00, 0x00, } diff --git a/components/engine/vendor/github.com/golang/protobuf/ptypes/empty/empty.proto b/components/engine/vendor/github.com/golang/protobuf/ptypes/empty/empty.proto index 37f4cd10ee..03cacd2330 100644 --- a/components/engine/vendor/github.com/golang/protobuf/ptypes/empty/empty.proto +++ b/components/engine/vendor/github.com/golang/protobuf/ptypes/empty/empty.proto @@ -37,7 +37,6 @@ option go_package = "github.com/golang/protobuf/ptypes/empty"; option java_package = "com.google.protobuf"; option java_outer_classname = "EmptyProto"; option java_multiple_files = true; -option java_generate_equals_and_hash = true; option objc_class_prefix = "GPB"; option cc_enable_arenas = true; diff --git a/components/engine/vendor/github.com/golang/protobuf/ptypes/struct/struct.pb.go b/components/engine/vendor/github.com/golang/protobuf/ptypes/struct/struct.pb.go index 197042ed52..35a8ec5994 100644 --- a/components/engine/vendor/github.com/golang/protobuf/ptypes/struct/struct.pb.go +++ b/components/engine/vendor/github.com/golang/protobuf/ptypes/struct/struct.pb.go @@ -1,6 +1,5 @@ -// Code generated by protoc-gen-go. +// Code generated by protoc-gen-go. DO NOT EDIT. // source: github.com/golang/protobuf/ptypes/struct/struct.proto -// DO NOT EDIT! /* Package structpb is a generated protocol buffer package. @@ -352,31 +351,32 @@ func init() { } var fileDescriptor0 = []byte{ - // 416 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x8c, 0x92, 0x41, 0x8b, 0xd3, 0x40, + // 417 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x92, 0x41, 0x8b, 0xd3, 0x40, 0x14, 0x80, 0x3b, 0xc9, 0x36, 0x98, 0x17, 0x59, 0x97, 0x11, 0xb4, 0xac, 0xa0, 0xa1, 0x7b, 0x09, 0x22, 0x09, 0x56, 0x04, 0x31, 0x5e, 0x0c, 0xac, 0xbb, 0x60, 0x58, 0x62, 0x74, 0x57, 0xf0, 0x52, - 0x9a, 0x34, 0x8d, 0xa1, 0xd3, 0x99, 0x90, 0xcc, 0x28, 0x3d, 0xfa, 0x2f, 0x3c, 0x8a, 0x47, 0x8f, - 0xfe, 0x42, 0x99, 0x99, 0x24, 0x4a, 0x4b, 0xc1, 0xd3, 0xf4, 0xbd, 0xf9, 0xde, 0x37, 0xef, 0xbd, - 0x06, 0x9e, 0x97, 0x15, 0xff, 0x2c, 0x32, 0x3f, 0x67, 0x9b, 0xa0, 0x64, 0x64, 0x41, 0xcb, 0xa0, - 0x6e, 0x18, 0x67, 0x99, 0x58, 0x05, 0x35, 0xdf, 0xd6, 0x45, 0x1b, 0xb4, 0xbc, 0x11, 0x39, 0xef, - 0x0e, 0x5f, 0xdd, 0xe2, 0x3b, 0x25, 0x63, 0x25, 0x29, 0xfc, 0x9e, 0x9d, 0x7e, 0x47, 0x60, 0xbd, - 0x57, 0x04, 0x0e, 0xc1, 0x5a, 0x55, 0x05, 0x59, 0xb6, 0x13, 0xe4, 0x9a, 0x9e, 0x33, 0x3b, 0xf3, - 0x77, 0x60, 0x5f, 0x83, 0xfe, 0x1b, 0x45, 0x9d, 0x53, 0xde, 0x6c, 0xd3, 0xae, 0xe4, 0xf4, 0x1d, - 0x38, 0xff, 0xa4, 0xf1, 0x09, 0x98, 0xeb, 0x62, 0x3b, 0x41, 0x2e, 0xf2, 0xec, 0x54, 0xfe, 0xc4, - 0x4f, 0x60, 0xfc, 0x65, 0x41, 0x44, 0x31, 0x31, 0x5c, 0xe4, 0x39, 0xb3, 0x7b, 0x7b, 0xf2, 0x1b, - 0x79, 0x9b, 0x6a, 0xe8, 0xa5, 0xf1, 0x02, 0x4d, 0x7f, 0x1b, 0x30, 0x56, 0x49, 0x1c, 0x02, 0x50, - 0x41, 0xc8, 0x5c, 0x0b, 0xa4, 0xf4, 0x78, 0x76, 0xba, 0x27, 0xb8, 0x12, 0x84, 0x28, 0xfe, 0x72, - 0x94, 0xda, 0xb4, 0x0f, 0xf0, 0x19, 0xdc, 0xa6, 0x62, 0x93, 0x15, 0xcd, 0xfc, 0xef, 0xfb, 0xe8, - 0x72, 0x94, 0x3a, 0x3a, 0x3b, 0x40, 0x2d, 0x6f, 0x2a, 0x5a, 0x76, 0x90, 0x29, 0x1b, 0x97, 0x90, - 0xce, 0x6a, 0xe8, 0x11, 0x40, 0xc6, 0x58, 0xdf, 0xc6, 0x91, 0x8b, 0xbc, 0x5b, 0xf2, 0x29, 0x99, - 0xd3, 0xc0, 0x2b, 0x65, 0x11, 0x39, 0xef, 0x90, 0xb1, 0x1a, 0xf5, 0xfe, 0x81, 0x3d, 0x76, 0x7a, - 0x91, 0xf3, 0x61, 0x4a, 0x52, 0xb5, 0x7d, 0xad, 0xa5, 0x6a, 0xf7, 0xa7, 0x8c, 0xab, 0x96, 0x0f, - 0x53, 0x92, 0x3e, 0x88, 0x2c, 0x38, 0x5a, 0x57, 0x74, 0x39, 0x0d, 0xc1, 0x1e, 0x08, 0xec, 0x83, - 0xa5, 0x64, 0xfd, 0x3f, 0x7a, 0x68, 0xe9, 0x1d, 0xf5, 0xf8, 0x01, 0xd8, 0xc3, 0x12, 0xf1, 0x31, - 0xc0, 0xd5, 0x75, 0x1c, 0xcf, 0x6f, 0x5e, 0xc7, 0xd7, 0xe7, 0x27, 0xa3, 0xe8, 0x1b, 0x82, 0xbb, - 0x39, 0xdb, 0xec, 0x2a, 0x22, 0x47, 0x4f, 0x93, 0xc8, 0x38, 0x41, 0x9f, 0x9e, 0xfe, 0xef, 0x87, - 0x19, 0xea, 0xa3, 0xce, 0x7e, 0x20, 0xf4, 0xd3, 0x30, 0x2f, 0x92, 0xe8, 0x97, 0xf1, 0xf0, 0x42, - 0xcb, 0x93, 0xbe, 0xbf, 0x8f, 0x05, 0x21, 0x6f, 0x29, 0xfb, 0x4a, 0x3f, 0xc8, 0xca, 0xcc, 0x52, - 0xaa, 0x67, 0x7f, 0x02, 0x00, 0x00, 0xff, 0xff, 0xbc, 0xcf, 0x6d, 0x50, 0xfe, 0x02, 0x00, 0x00, + 0x9a, 0x34, 0x8d, 0xa1, 0xd3, 0x99, 0x90, 0xcc, 0x28, 0x3d, 0xfa, 0x2f, 0x3c, 0x7b, 0xf4, 0xe8, + 0xaf, 0xf3, 0x28, 0x33, 0x93, 0x44, 0x69, 0x29, 0x78, 0x9a, 0xbe, 0x37, 0xdf, 0xfb, 0xe6, 0xbd, + 0xd7, 0xc0, 0xf3, 0xb2, 0xe2, 0x9f, 0x45, 0xe6, 0xe7, 0x6c, 0x13, 0x94, 0x8c, 0x2c, 0x68, 0x19, + 0xd4, 0x0d, 0xe3, 0x2c, 0x13, 0xab, 0xa0, 0xe6, 0xdb, 0xba, 0x68, 0x83, 0x96, 0x37, 0x22, 0xe7, + 0xdd, 0xe1, 0xab, 0x5b, 0x7c, 0xa7, 0x64, 0xac, 0x24, 0x85, 0xdf, 0xb3, 0xd3, 0xef, 0x08, 0xac, + 0xf7, 0x8a, 0xc0, 0x21, 0x58, 0xab, 0xaa, 0x20, 0xcb, 0x76, 0x82, 0x5c, 0xd3, 0x73, 0x66, 0x67, + 0xfe, 0x0e, 0xec, 0x6b, 0xd0, 0x7f, 0xa3, 0xa8, 0x73, 0xca, 0x9b, 0x6d, 0xda, 0x95, 0x9c, 0xbe, + 0x03, 0xe7, 0x9f, 0x34, 0x3e, 0x01, 0x73, 0x5d, 0x6c, 0x27, 0xc8, 0x45, 0x9e, 0x9d, 0xca, 0x9f, + 0xf8, 0x09, 0x8c, 0xbf, 0x2c, 0x88, 0x28, 0x26, 0x86, 0x8b, 0x3c, 0x67, 0x76, 0x6f, 0x4f, 0x7e, + 0x23, 0x6f, 0x53, 0x0d, 0xbd, 0x34, 0x5e, 0xa0, 0xe9, 0x2f, 0x03, 0xc6, 0x2a, 0x89, 0x43, 0x00, + 0x2a, 0x08, 0x99, 0x6b, 0x81, 0x94, 0x1e, 0xcf, 0x4e, 0xf7, 0x04, 0x57, 0x82, 0x10, 0xc5, 0x5f, + 0x8e, 0x52, 0x9b, 0xf6, 0x01, 0x3e, 0x83, 0xdb, 0x54, 0x6c, 0xb2, 0xa2, 0x99, 0xff, 0x7d, 0x1f, + 0x5d, 0x8e, 0x52, 0x47, 0x67, 0x07, 0xa8, 0xe5, 0x4d, 0x45, 0xcb, 0x0e, 0x32, 0x65, 0xe3, 0x12, + 0xd2, 0x59, 0x0d, 0x3d, 0x02, 0xc8, 0x18, 0xeb, 0xdb, 0x38, 0x72, 0x91, 0x77, 0x4b, 0x3e, 0x25, + 0x73, 0x1a, 0x78, 0xa5, 0x2c, 0x22, 0xe7, 0x1d, 0x32, 0x56, 0xa3, 0xde, 0x3f, 0xb0, 0xc7, 0x4e, + 0x2f, 0x72, 0x3e, 0x4c, 0x49, 0xaa, 0xb6, 0xaf, 0xb5, 0x54, 0xed, 0xfe, 0x94, 0x71, 0xd5, 0xf2, + 0x61, 0x4a, 0xd2, 0x07, 0x91, 0x05, 0x47, 0xeb, 0x8a, 0x2e, 0xa7, 0x21, 0xd8, 0x03, 0x81, 0x7d, + 0xb0, 0x94, 0xac, 0xff, 0x47, 0x0f, 0x2d, 0xbd, 0xa3, 0x1e, 0x3f, 0x00, 0x7b, 0x58, 0x22, 0x3e, + 0x06, 0xb8, 0xba, 0x8e, 0xe3, 0xf9, 0xcd, 0xeb, 0xf8, 0xfa, 0xfc, 0x64, 0x14, 0x7d, 0x43, 0x70, + 0x37, 0x67, 0x9b, 0x5d, 0x45, 0xe4, 0xe8, 0x69, 0x12, 0x19, 0x27, 0xe8, 0xd3, 0xd3, 0xff, 0xfd, + 0x30, 0x43, 0x7d, 0xd4, 0xd9, 0x6f, 0x84, 0x7e, 0x18, 0xe6, 0x45, 0x12, 0xfd, 0x34, 0x1e, 0x5e, + 0x68, 0x79, 0xd2, 0xf7, 0xf7, 0xb1, 0x20, 0xe4, 0x2d, 0x65, 0x5f, 0xe9, 0x07, 0x59, 0x99, 0x59, + 0x4a, 0xf5, 0xec, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x9b, 0x6e, 0x5d, 0x3c, 0xfe, 0x02, 0x00, + 0x00, } diff --git a/components/engine/vendor/github.com/golang/protobuf/ptypes/struct/struct.proto b/components/engine/vendor/github.com/golang/protobuf/ptypes/struct/struct.proto index beeba81188..7d7808e7fb 100644 --- a/components/engine/vendor/github.com/golang/protobuf/ptypes/struct/struct.proto +++ b/components/engine/vendor/github.com/golang/protobuf/ptypes/struct/struct.proto @@ -33,11 +33,11 @@ syntax = "proto3"; package google.protobuf; option csharp_namespace = "Google.Protobuf.WellKnownTypes"; +option cc_enable_arenas = true; option go_package = "github.com/golang/protobuf/ptypes/struct;structpb"; option java_package = "com.google.protobuf"; option java_outer_classname = "StructProto"; option java_multiple_files = true; -option java_generate_equals_and_hash = true; option objc_class_prefix = "GPB"; diff --git a/components/engine/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.pb.go b/components/engine/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.pb.go index ffcc51594a..3b76261ec5 100644 --- a/components/engine/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.pb.go +++ b/components/engine/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.pb.go @@ -1,6 +1,5 @@ -// Code generated by protoc-gen-go. +// Code generated by protoc-gen-go. DO NOT EDIT. // source: github.com/golang/protobuf/ptypes/timestamp/timestamp.proto -// DO NOT EDIT! /* Package timestamp is a generated protocol buffer package. @@ -40,6 +39,8 @@ const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package // and from RFC 3339 date strings. // See [https://www.ietf.org/rfc/rfc3339.txt](https://www.ietf.org/rfc/rfc3339.txt). // +// # Examples +// // Example 1: Compute Timestamp from POSIX `time()`. // // Timestamp timestamp; @@ -77,15 +78,36 @@ const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package // // Example 5: Compute Timestamp from current time in Python. // -// now = time.time() -// seconds = int(now) -// nanos = int((now - seconds) * 10**9) -// timestamp = Timestamp(seconds=seconds, nanos=nanos) +// timestamp = Timestamp() +// timestamp.GetCurrentTime() +// +// # JSON Mapping +// +// In JSON format, the Timestamp type is encoded as a string in the +// [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the +// format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" +// where {year} is always expressed using four digits while {month}, {day}, +// {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional +// seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), +// are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone +// is required, though only UTC (as indicated by "Z") is presently supported. +// +// For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past +// 01:30 UTC on January 15, 2017. +// +// In JavaScript, one can convert a Date object to this format using the +// standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString] +// method. In Python, a standard `datetime.datetime` object can be converted +// to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) +// with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one +// can use the Joda Time's [`ISODateTimeFormat.dateTime()`]( +// http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime()) +// to obtain a formatter capable of generating timestamps in this format. // // type Timestamp struct { // Represents seconds of UTC time since Unix epoch - // 1970-01-01T00:00:00Z. Must be from from 0001-01-01T00:00:00Z to + // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to // 9999-12-31T23:59:59Z inclusive. Seconds int64 `protobuf:"varint,1,opt,name=seconds" json:"seconds,omitempty"` // Non-negative fractions of a second at nanosecond resolution. Negative @@ -101,6 +123,20 @@ func (*Timestamp) ProtoMessage() {} func (*Timestamp) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} } func (*Timestamp) XXX_WellKnownType() string { return "Timestamp" } +func (m *Timestamp) GetSeconds() int64 { + if m != nil { + return m.Seconds + } + return 0 +} + +func (m *Timestamp) GetNanos() int32 { + if m != nil { + return m.Nanos + } + return 0 +} + func init() { proto.RegisterType((*Timestamp)(nil), "google.protobuf.Timestamp") } @@ -110,18 +146,17 @@ func init() { } var fileDescriptor0 = []byte{ - // 194 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xe2, 0xb2, 0x4e, 0xcf, 0x2c, 0xc9, + // 190 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xb2, 0x4e, 0xcf, 0x2c, 0xc9, 0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xcf, 0xcf, 0x49, 0xcc, 0x4b, 0xd7, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x2f, 0x28, 0xa9, 0x2c, 0x48, 0x2d, 0xd6, 0x2f, 0xc9, 0xcc, 0x4d, 0x2d, 0x2e, 0x49, 0xcc, 0x2d, 0x40, 0xb0, 0xf4, 0xc0, 0x6a, 0x84, 0xf8, 0xd3, 0xf3, 0xf3, 0xd3, 0x73, 0x52, 0xf5, 0x60, 0x3a, 0x94, 0xac, 0xb9, 0x38, 0x43, 0x60, 0x6a, 0x84, 0x24, 0xb8, 0xd8, 0x8b, 0x53, 0x93, 0xf3, 0xf3, 0x52, 0x8a, 0x25, 0x18, 0x15, 0x18, 0x35, 0x98, 0x83, 0x60, 0x5c, 0x21, 0x11, 0x2e, 0xd6, 0xbc, 0xc4, 0xbc, 0xfc, 0x62, 0x09, 0x26, 0x05, 0x46, 0x0d, - 0xd6, 0x20, 0x08, 0xc7, 0xa9, 0x91, 0x91, 0x4b, 0x38, 0x39, 0x3f, 0x57, 0x0f, 0xcd, 0x50, 0x27, - 0x3e, 0xb8, 0x91, 0x01, 0x20, 0xa1, 0x00, 0xc6, 0x28, 0x6d, 0x12, 0x1c, 0xbd, 0x80, 0x91, 0xf1, - 0x07, 0x23, 0xe3, 0x22, 0x26, 0x66, 0xf7, 0x00, 0xa7, 0x55, 0x4c, 0x72, 0xee, 0x10, 0xc3, 0x03, - 0xa0, 0xca, 0xf5, 0xc2, 0x53, 0x73, 0x72, 0xbc, 0xf3, 0xf2, 0xcb, 0xf3, 0x42, 0x40, 0xda, 0x92, - 0xd8, 0xc0, 0xe6, 0x18, 0x03, 0x02, 0x00, 0x00, 0xff, 0xff, 0x17, 0x5f, 0xb7, 0xdc, 0x17, 0x01, - 0x00, 0x00, + 0xd6, 0x20, 0x08, 0xc7, 0xa9, 0x8e, 0x4b, 0x38, 0x39, 0x3f, 0x57, 0x0f, 0xcd, 0x4c, 0x27, 0x3e, + 0xb8, 0x89, 0x01, 0x20, 0xa1, 0x00, 0xc6, 0x28, 0x6d, 0x12, 0xdc, 0xfc, 0x83, 0x91, 0x71, 0x11, + 0x13, 0xb3, 0x7b, 0x80, 0xd3, 0x2a, 0x26, 0x39, 0x77, 0x88, 0xc9, 0x01, 0x50, 0xb5, 0x7a, 0xe1, + 0xa9, 0x39, 0x39, 0xde, 0x79, 0xf9, 0xe5, 0x79, 0x21, 0x20, 0x3d, 0x49, 0x6c, 0x60, 0x43, 0x8c, + 0x01, 0x01, 0x00, 0x00, 0xff, 0xff, 0x6b, 0x59, 0x0a, 0x4d, 0x13, 0x01, 0x00, 0x00, } diff --git a/components/engine/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.proto b/components/engine/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.proto index 7992a85886..b7cbd17502 100644 --- a/components/engine/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.proto +++ b/components/engine/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.proto @@ -38,7 +38,6 @@ option go_package = "github.com/golang/protobuf/ptypes/timestamp"; option java_package = "com.google.protobuf"; option java_outer_classname = "TimestampProto"; option java_multiple_files = true; -option java_generate_equals_and_hash = true; option objc_class_prefix = "GPB"; // A Timestamp represents a point in time independent of any time zone @@ -53,6 +52,8 @@ option objc_class_prefix = "GPB"; // and from RFC 3339 date strings. // See [https://www.ietf.org/rfc/rfc3339.txt](https://www.ietf.org/rfc/rfc3339.txt). // +// # Examples +// // Example 1: Compute Timestamp from POSIX `time()`. // // Timestamp timestamp; @@ -90,16 +91,37 @@ option objc_class_prefix = "GPB"; // // Example 5: Compute Timestamp from current time in Python. // -// now = time.time() -// seconds = int(now) -// nanos = int((now - seconds) * 10**9) -// timestamp = Timestamp(seconds=seconds, nanos=nanos) +// timestamp = Timestamp() +// timestamp.GetCurrentTime() +// +// # JSON Mapping +// +// In JSON format, the Timestamp type is encoded as a string in the +// [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the +// format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" +// where {year} is always expressed using four digits while {month}, {day}, +// {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional +// seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), +// are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone +// is required, though only UTC (as indicated by "Z") is presently supported. +// +// For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past +// 01:30 UTC on January 15, 2017. +// +// In JavaScript, one can convert a Date object to this format using the +// standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString] +// method. In Python, a standard `datetime.datetime` object can be converted +// to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) +// with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one +// can use the Joda Time's [`ISODateTimeFormat.dateTime()`]( +// http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime()) +// to obtain a formatter capable of generating timestamps in this format. // // message Timestamp { // Represents seconds of UTC time since Unix epoch - // 1970-01-01T00:00:00Z. Must be from from 0001-01-01T00:00:00Z to + // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to // 9999-12-31T23:59:59Z inclusive. int64 seconds = 1; diff --git a/components/engine/vendor/golang.org/x/net/context/context.go b/components/engine/vendor/golang.org/x/net/context/context.go index 134654cf7e..f143ed6a1e 100644 --- a/components/engine/vendor/golang.org/x/net/context/context.go +++ b/components/engine/vendor/golang.org/x/net/context/context.go @@ -7,7 +7,7 @@ // and between processes. // // Incoming requests to a server should create a Context, and outgoing calls to -// servers should accept a Context. The chain of function calls between must +// servers should accept a Context. The chain of function calls between must // propagate the Context, optionally replacing it with a modified copy created // using WithDeadline, WithTimeout, WithCancel, or WithValue. // @@ -16,14 +16,14 @@ // propagation: // // Do not store Contexts inside a struct type; instead, pass a Context -// explicitly to each function that needs it. The Context should be the first +// explicitly to each function that needs it. The Context should be the first // parameter, typically named ctx: // // func DoSomething(ctx context.Context, arg Arg) error { // // ... use ctx ... // } // -// Do not pass a nil Context, even if a function permits it. Pass context.TODO +// Do not pass a nil Context, even if a function permits it. Pass context.TODO // if you are unsure about which Context to use. // // Use context Values only for request-scoped data that transits processes and @@ -44,13 +44,13 @@ import "time" // Context's methods may be called by multiple goroutines simultaneously. type Context interface { // Deadline returns the time when work done on behalf of this context - // should be canceled. Deadline returns ok==false when no deadline is - // set. Successive calls to Deadline return the same results. + // should be canceled. Deadline returns ok==false when no deadline is + // set. Successive calls to Deadline return the same results. Deadline() (deadline time.Time, ok bool) // Done returns a channel that's closed when work done on behalf of this - // context should be canceled. Done may return nil if this context can - // never be canceled. Successive calls to Done return the same value. + // context should be canceled. Done may return nil if this context can + // never be canceled. Successive calls to Done return the same value. // // WithCancel arranges for Done to be closed when cancel is called; // WithDeadline arranges for Done to be closed when the deadline @@ -79,24 +79,24 @@ type Context interface { // a Done channel for cancelation. Done() <-chan struct{} - // Err returns a non-nil error value after Done is closed. Err returns + // Err returns a non-nil error value after Done is closed. Err returns // Canceled if the context was canceled or DeadlineExceeded if the - // context's deadline passed. No other values for Err are defined. + // context's deadline passed. No other values for Err are defined. // After Done is closed, successive calls to Err return the same value. Err() error // Value returns the value associated with this context for key, or nil - // if no value is associated with key. Successive calls to Value with + // if no value is associated with key. Successive calls to Value with // the same key returns the same result. // // Use context values only for request-scoped data that transits // processes and API boundaries, not for passing optional parameters to // functions. // - // A key identifies a specific value in a Context. Functions that wish + // A key identifies a specific value in a Context. Functions that wish // to store values in Context typically allocate a key in a global // variable then use that key as the argument to context.WithValue and - // Context.Value. A key can be any type that supports equality; + // Context.Value. A key can be any type that supports equality; // packages should define keys as an unexported type to avoid // collisions. // @@ -115,7 +115,7 @@ type Context interface { // // This prevents collisions with keys defined in other packages. // type key int // - // // userKey is the key for user.User values in Contexts. It is + // // userKey is the key for user.User values in Contexts. It is // // unexported; clients use user.NewContext and user.FromContext // // instead of using this key directly. // var userKey key = 0 @@ -134,14 +134,14 @@ type Context interface { } // Background returns a non-nil, empty Context. It is never canceled, has no -// values, and has no deadline. It is typically used by the main function, +// values, and has no deadline. It is typically used by the main function, // initialization, and tests, and as the top-level Context for incoming // requests. func Background() Context { return background } -// TODO returns a non-nil, empty Context. Code should use context.TODO when +// TODO returns a non-nil, empty Context. Code should use context.TODO when // it's unclear which Context to use or it is not yet available (because the // surrounding function has not yet been extended to accept a Context // parameter). TODO is recognized by static analysis tools that determine diff --git a/components/engine/vendor/golang.org/x/net/context/go17.go b/components/engine/vendor/golang.org/x/net/context/go17.go index f8cda19ada..d20f52b7de 100644 --- a/components/engine/vendor/golang.org/x/net/context/go17.go +++ b/components/engine/vendor/golang.org/x/net/context/go17.go @@ -35,8 +35,8 @@ func WithCancel(parent Context) (ctx Context, cancel CancelFunc) { } // WithDeadline returns a copy of the parent context with the deadline adjusted -// to be no later than d. If the parent's deadline is already earlier than d, -// WithDeadline(parent, d) is semantically equivalent to parent. The returned +// to be no later than d. If the parent's deadline is already earlier than d, +// WithDeadline(parent, d) is semantically equivalent to parent. The returned // context's Done channel is closed when the deadline expires, when the returned // cancel function is called, or when the parent context's Done channel is // closed, whichever happens first. diff --git a/components/engine/vendor/golang.org/x/net/context/pre_go17.go b/components/engine/vendor/golang.org/x/net/context/pre_go17.go index 5a30acabd0..0f35592df5 100644 --- a/components/engine/vendor/golang.org/x/net/context/pre_go17.go +++ b/components/engine/vendor/golang.org/x/net/context/pre_go17.go @@ -13,7 +13,7 @@ import ( "time" ) -// An emptyCtx is never canceled, has no values, and has no deadline. It is not +// An emptyCtx is never canceled, has no values, and has no deadline. It is not // struct{}, since vars of this type must have distinct addresses. type emptyCtx int @@ -104,7 +104,7 @@ func propagateCancel(parent Context, child canceler) { } // parentCancelCtx follows a chain of parent references until it finds a -// *cancelCtx. This function understands how each of the concrete types in this +// *cancelCtx. This function understands how each of the concrete types in this // package represents its parent. func parentCancelCtx(parent Context) (*cancelCtx, bool) { for { @@ -134,14 +134,14 @@ func removeChild(parent Context, child canceler) { p.mu.Unlock() } -// A canceler is a context type that can be canceled directly. The +// A canceler is a context type that can be canceled directly. The // implementations are *cancelCtx and *timerCtx. type canceler interface { cancel(removeFromParent bool, err error) Done() <-chan struct{} } -// A cancelCtx can be canceled. When canceled, it also cancels any children +// A cancelCtx can be canceled. When canceled, it also cancels any children // that implement canceler. type cancelCtx struct { Context @@ -193,8 +193,8 @@ func (c *cancelCtx) cancel(removeFromParent bool, err error) { } // WithDeadline returns a copy of the parent context with the deadline adjusted -// to be no later than d. If the parent's deadline is already earlier than d, -// WithDeadline(parent, d) is semantically equivalent to parent. The returned +// to be no later than d. If the parent's deadline is already earlier than d, +// WithDeadline(parent, d) is semantically equivalent to parent. The returned // context's Done channel is closed when the deadline expires, when the returned // cancel function is called, or when the parent context's Done channel is // closed, whichever happens first. @@ -226,8 +226,8 @@ func WithDeadline(parent Context, deadline time.Time) (Context, CancelFunc) { return c, func() { c.cancel(true, Canceled) } } -// A timerCtx carries a timer and a deadline. It embeds a cancelCtx to -// implement Done and Err. It implements cancel by stopping its timer then +// A timerCtx carries a timer and a deadline. It embeds a cancelCtx to +// implement Done and Err. It implements cancel by stopping its timer then // delegating to cancelCtx.cancel. type timerCtx struct { *cancelCtx @@ -281,7 +281,7 @@ func WithValue(parent Context, key interface{}, val interface{}) Context { return &valueCtx{parent, key, val} } -// A valueCtx carries a key-value pair. It implements Value for that key and +// A valueCtx carries a key-value pair. It implements Value for that key and // delegates all other calls to the embedded Context. type valueCtx struct { Context diff --git a/components/engine/vendor/golang.org/x/net/http2/ciphers.go b/components/engine/vendor/golang.org/x/net/http2/ciphers.go new file mode 100644 index 0000000000..698860b777 --- /dev/null +++ b/components/engine/vendor/golang.org/x/net/http2/ciphers.go @@ -0,0 +1,641 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package http2 + +// A list of the possible cipher suite ids. Taken from +// http://www.iana.org/assignments/tls-parameters/tls-parameters.txt + +const ( + cipher_TLS_NULL_WITH_NULL_NULL uint16 = 0x0000 + cipher_TLS_RSA_WITH_NULL_MD5 uint16 = 0x0001 + cipher_TLS_RSA_WITH_NULL_SHA uint16 = 0x0002 + cipher_TLS_RSA_EXPORT_WITH_RC4_40_MD5 uint16 = 0x0003 + cipher_TLS_RSA_WITH_RC4_128_MD5 uint16 = 0x0004 + cipher_TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005 + cipher_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 uint16 = 0x0006 + cipher_TLS_RSA_WITH_IDEA_CBC_SHA uint16 = 0x0007 + cipher_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0008 + cipher_TLS_RSA_WITH_DES_CBC_SHA uint16 = 0x0009 + cipher_TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000A + cipher_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x000B + cipher_TLS_DH_DSS_WITH_DES_CBC_SHA uint16 = 0x000C + cipher_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0x000D + cipher_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x000E + cipher_TLS_DH_RSA_WITH_DES_CBC_SHA uint16 = 0x000F + cipher_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x0010 + cipher_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0011 + cipher_TLS_DHE_DSS_WITH_DES_CBC_SHA uint16 = 0x0012 + cipher_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0x0013 + cipher_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0014 + cipher_TLS_DHE_RSA_WITH_DES_CBC_SHA uint16 = 0x0015 + cipher_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x0016 + cipher_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 uint16 = 0x0017 + cipher_TLS_DH_anon_WITH_RC4_128_MD5 uint16 = 0x0018 + cipher_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA uint16 = 0x0019 + cipher_TLS_DH_anon_WITH_DES_CBC_SHA uint16 = 0x001A + cipher_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA uint16 = 0x001B + // Reserved uint16 = 0x001C-1D + cipher_TLS_KRB5_WITH_DES_CBC_SHA uint16 = 0x001E + cipher_TLS_KRB5_WITH_3DES_EDE_CBC_SHA uint16 = 0x001F + cipher_TLS_KRB5_WITH_RC4_128_SHA uint16 = 0x0020 + cipher_TLS_KRB5_WITH_IDEA_CBC_SHA uint16 = 0x0021 + cipher_TLS_KRB5_WITH_DES_CBC_MD5 uint16 = 0x0022 + cipher_TLS_KRB5_WITH_3DES_EDE_CBC_MD5 uint16 = 0x0023 + cipher_TLS_KRB5_WITH_RC4_128_MD5 uint16 = 0x0024 + cipher_TLS_KRB5_WITH_IDEA_CBC_MD5 uint16 = 0x0025 + cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA uint16 = 0x0026 + cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA uint16 = 0x0027 + cipher_TLS_KRB5_EXPORT_WITH_RC4_40_SHA uint16 = 0x0028 + cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 uint16 = 0x0029 + cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 uint16 = 0x002A + cipher_TLS_KRB5_EXPORT_WITH_RC4_40_MD5 uint16 = 0x002B + cipher_TLS_PSK_WITH_NULL_SHA uint16 = 0x002C + cipher_TLS_DHE_PSK_WITH_NULL_SHA uint16 = 0x002D + cipher_TLS_RSA_PSK_WITH_NULL_SHA uint16 = 0x002E + cipher_TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002F + cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA uint16 = 0x0030 + cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA uint16 = 0x0031 + cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA uint16 = 0x0032 + cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0x0033 + cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA uint16 = 0x0034 + cipher_TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035 + cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA uint16 = 0x0036 + cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0037 + cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA uint16 = 0x0038 + cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0039 + cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA uint16 = 0x003A + cipher_TLS_RSA_WITH_NULL_SHA256 uint16 = 0x003B + cipher_TLS_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003C + cipher_TLS_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x003D + cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA256 uint16 = 0x003E + cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003F + cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 uint16 = 0x0040 + cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0041 + cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0042 + cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0043 + cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0044 + cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0045 + cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA uint16 = 0x0046 + // Reserved uint16 = 0x0047-4F + // Reserved uint16 = 0x0050-58 + // Reserved uint16 = 0x0059-5C + // Unassigned uint16 = 0x005D-5F + // Reserved uint16 = 0x0060-66 + cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x0067 + cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA256 uint16 = 0x0068 + cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x0069 + cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 uint16 = 0x006A + cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x006B + cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA256 uint16 = 0x006C + cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA256 uint16 = 0x006D + // Unassigned uint16 = 0x006E-83 + cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0084 + cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0085 + cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0086 + cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0087 + cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0088 + cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA uint16 = 0x0089 + cipher_TLS_PSK_WITH_RC4_128_SHA uint16 = 0x008A + cipher_TLS_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x008B + cipher_TLS_PSK_WITH_AES_128_CBC_SHA uint16 = 0x008C + cipher_TLS_PSK_WITH_AES_256_CBC_SHA uint16 = 0x008D + cipher_TLS_DHE_PSK_WITH_RC4_128_SHA uint16 = 0x008E + cipher_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x008F + cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA uint16 = 0x0090 + cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA uint16 = 0x0091 + cipher_TLS_RSA_PSK_WITH_RC4_128_SHA uint16 = 0x0092 + cipher_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0x0093 + cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA uint16 = 0x0094 + cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA uint16 = 0x0095 + cipher_TLS_RSA_WITH_SEED_CBC_SHA uint16 = 0x0096 + cipher_TLS_DH_DSS_WITH_SEED_CBC_SHA uint16 = 0x0097 + cipher_TLS_DH_RSA_WITH_SEED_CBC_SHA uint16 = 0x0098 + cipher_TLS_DHE_DSS_WITH_SEED_CBC_SHA uint16 = 0x0099 + cipher_TLS_DHE_RSA_WITH_SEED_CBC_SHA uint16 = 0x009A + cipher_TLS_DH_anon_WITH_SEED_CBC_SHA uint16 = 0x009B + cipher_TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009C + cipher_TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009D + cipher_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009E + cipher_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009F + cipher_TLS_DH_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x00A0 + cipher_TLS_DH_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x00A1 + cipher_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 uint16 = 0x00A2 + cipher_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 uint16 = 0x00A3 + cipher_TLS_DH_DSS_WITH_AES_128_GCM_SHA256 uint16 = 0x00A4 + cipher_TLS_DH_DSS_WITH_AES_256_GCM_SHA384 uint16 = 0x00A5 + cipher_TLS_DH_anon_WITH_AES_128_GCM_SHA256 uint16 = 0x00A6 + cipher_TLS_DH_anon_WITH_AES_256_GCM_SHA384 uint16 = 0x00A7 + cipher_TLS_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00A8 + cipher_TLS_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00A9 + cipher_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00AA + cipher_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00AB + cipher_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 uint16 = 0x00AC + cipher_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 uint16 = 0x00AD + cipher_TLS_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00AE + cipher_TLS_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00AF + cipher_TLS_PSK_WITH_NULL_SHA256 uint16 = 0x00B0 + cipher_TLS_PSK_WITH_NULL_SHA384 uint16 = 0x00B1 + cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00B2 + cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00B3 + cipher_TLS_DHE_PSK_WITH_NULL_SHA256 uint16 = 0x00B4 + cipher_TLS_DHE_PSK_WITH_NULL_SHA384 uint16 = 0x00B5 + cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0x00B6 + cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0x00B7 + cipher_TLS_RSA_PSK_WITH_NULL_SHA256 uint16 = 0x00B8 + cipher_TLS_RSA_PSK_WITH_NULL_SHA384 uint16 = 0x00B9 + cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BA + cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BB + cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BC + cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BD + cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BE + cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0x00BF + cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C0 + cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C1 + cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C2 + cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C3 + cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C4 + cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 uint16 = 0x00C5 + // Unassigned uint16 = 0x00C6-FE + cipher_TLS_EMPTY_RENEGOTIATION_INFO_SCSV uint16 = 0x00FF + // Unassigned uint16 = 0x01-55,* + cipher_TLS_FALLBACK_SCSV uint16 = 0x5600 + // Unassigned uint16 = 0x5601 - 0xC000 + cipher_TLS_ECDH_ECDSA_WITH_NULL_SHA uint16 = 0xC001 + cipher_TLS_ECDH_ECDSA_WITH_RC4_128_SHA uint16 = 0xC002 + cipher_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC003 + cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xC004 + cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xC005 + cipher_TLS_ECDHE_ECDSA_WITH_NULL_SHA uint16 = 0xC006 + cipher_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xC007 + cipher_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC008 + cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xC009 + cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xC00A + cipher_TLS_ECDH_RSA_WITH_NULL_SHA uint16 = 0xC00B + cipher_TLS_ECDH_RSA_WITH_RC4_128_SHA uint16 = 0xC00C + cipher_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC00D + cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC00E + cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC00F + cipher_TLS_ECDHE_RSA_WITH_NULL_SHA uint16 = 0xC010 + cipher_TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xC011 + cipher_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC012 + cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC013 + cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC014 + cipher_TLS_ECDH_anon_WITH_NULL_SHA uint16 = 0xC015 + cipher_TLS_ECDH_anon_WITH_RC4_128_SHA uint16 = 0xC016 + cipher_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA uint16 = 0xC017 + cipher_TLS_ECDH_anon_WITH_AES_128_CBC_SHA uint16 = 0xC018 + cipher_TLS_ECDH_anon_WITH_AES_256_CBC_SHA uint16 = 0xC019 + cipher_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01A + cipher_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01B + cipher_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA uint16 = 0xC01C + cipher_TLS_SRP_SHA_WITH_AES_128_CBC_SHA uint16 = 0xC01D + cipher_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA uint16 = 0xC01E + cipher_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA uint16 = 0xC01F + cipher_TLS_SRP_SHA_WITH_AES_256_CBC_SHA uint16 = 0xC020 + cipher_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA uint16 = 0xC021 + cipher_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA uint16 = 0xC022 + cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC023 + cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC024 + cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC025 + cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC026 + cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC027 + cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC028 + cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xC029 + cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xC02A + cipher_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02B + cipher_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC02C + cipher_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02D + cipher_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC02E + cipher_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC02F + cipher_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC030 + cipher_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xC031 + cipher_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xC032 + cipher_TLS_ECDHE_PSK_WITH_RC4_128_SHA uint16 = 0xC033 + cipher_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA uint16 = 0xC034 + cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA uint16 = 0xC035 + cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA uint16 = 0xC036 + cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 uint16 = 0xC037 + cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 uint16 = 0xC038 + cipher_TLS_ECDHE_PSK_WITH_NULL_SHA uint16 = 0xC039 + cipher_TLS_ECDHE_PSK_WITH_NULL_SHA256 uint16 = 0xC03A + cipher_TLS_ECDHE_PSK_WITH_NULL_SHA384 uint16 = 0xC03B + cipher_TLS_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC03C + cipher_TLS_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC03D + cipher_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC03E + cipher_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC03F + cipher_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC040 + cipher_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC041 + cipher_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC042 + cipher_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC043 + cipher_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC044 + cipher_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC045 + cipher_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC046 + cipher_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC047 + cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC048 + cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC049 + cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04A + cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04B + cipher_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04C + cipher_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04D + cipher_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC04E + cipher_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC04F + cipher_TLS_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC050 + cipher_TLS_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC051 + cipher_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC052 + cipher_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC053 + cipher_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC054 + cipher_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC055 + cipher_TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC056 + cipher_TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC057 + cipher_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC058 + cipher_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC059 + cipher_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05A + cipher_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05B + cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05C + cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05D + cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC05E + cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC05F + cipher_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC060 + cipher_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC061 + cipher_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC062 + cipher_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC063 + cipher_TLS_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC064 + cipher_TLS_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC065 + cipher_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC066 + cipher_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC067 + cipher_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC068 + cipher_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC069 + cipher_TLS_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06A + cipher_TLS_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06B + cipher_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06C + cipher_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06D + cipher_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 uint16 = 0xC06E + cipher_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 uint16 = 0xC06F + cipher_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 uint16 = 0xC070 + cipher_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 uint16 = 0xC071 + cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC072 + cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC073 + cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC074 + cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC075 + cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC076 + cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC077 + cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC078 + cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC079 + cipher_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07A + cipher_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07B + cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07C + cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07D + cipher_TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC07E + cipher_TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC07F + cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC080 + cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC081 + cipher_TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC082 + cipher_TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC083 + cipher_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC084 + cipher_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC085 + cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC086 + cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC087 + cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC088 + cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC089 + cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08A + cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08B + cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08C + cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08D + cipher_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC08E + cipher_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC08F + cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC090 + cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC091 + cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 uint16 = 0xC092 + cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 uint16 = 0xC093 + cipher_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC094 + cipher_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC095 + cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC096 + cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC097 + cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC098 + cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC099 + cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 uint16 = 0xC09A + cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 uint16 = 0xC09B + cipher_TLS_RSA_WITH_AES_128_CCM uint16 = 0xC09C + cipher_TLS_RSA_WITH_AES_256_CCM uint16 = 0xC09D + cipher_TLS_DHE_RSA_WITH_AES_128_CCM uint16 = 0xC09E + cipher_TLS_DHE_RSA_WITH_AES_256_CCM uint16 = 0xC09F + cipher_TLS_RSA_WITH_AES_128_CCM_8 uint16 = 0xC0A0 + cipher_TLS_RSA_WITH_AES_256_CCM_8 uint16 = 0xC0A1 + cipher_TLS_DHE_RSA_WITH_AES_128_CCM_8 uint16 = 0xC0A2 + cipher_TLS_DHE_RSA_WITH_AES_256_CCM_8 uint16 = 0xC0A3 + cipher_TLS_PSK_WITH_AES_128_CCM uint16 = 0xC0A4 + cipher_TLS_PSK_WITH_AES_256_CCM uint16 = 0xC0A5 + cipher_TLS_DHE_PSK_WITH_AES_128_CCM uint16 = 0xC0A6 + cipher_TLS_DHE_PSK_WITH_AES_256_CCM uint16 = 0xC0A7 + cipher_TLS_PSK_WITH_AES_128_CCM_8 uint16 = 0xC0A8 + cipher_TLS_PSK_WITH_AES_256_CCM_8 uint16 = 0xC0A9 + cipher_TLS_PSK_DHE_WITH_AES_128_CCM_8 uint16 = 0xC0AA + cipher_TLS_PSK_DHE_WITH_AES_256_CCM_8 uint16 = 0xC0AB + cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CCM uint16 = 0xC0AC + cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CCM uint16 = 0xC0AD + cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 uint16 = 0xC0AE + cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 uint16 = 0xC0AF + // Unassigned uint16 = 0xC0B0-FF + // Unassigned uint16 = 0xC1-CB,* + // Unassigned uint16 = 0xCC00-A7 + cipher_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA8 + cipher_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCA9 + cipher_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAA + cipher_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAB + cipher_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAC + cipher_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAD + cipher_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xCCAE +) + +// isBadCipher reports whether the cipher is blacklisted by the HTTP/2 spec. +// References: +// https://tools.ietf.org/html/rfc7540#appendix-A +// Reject cipher suites from Appendix A. +// "This list includes those cipher suites that do not +// offer an ephemeral key exchange and those that are +// based on the TLS null, stream or block cipher type" +func isBadCipher(cipher uint16) bool { + switch cipher { + case cipher_TLS_NULL_WITH_NULL_NULL, + cipher_TLS_RSA_WITH_NULL_MD5, + cipher_TLS_RSA_WITH_NULL_SHA, + cipher_TLS_RSA_EXPORT_WITH_RC4_40_MD5, + cipher_TLS_RSA_WITH_RC4_128_MD5, + cipher_TLS_RSA_WITH_RC4_128_SHA, + cipher_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, + cipher_TLS_RSA_WITH_IDEA_CBC_SHA, + cipher_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, + cipher_TLS_RSA_WITH_DES_CBC_SHA, + cipher_TLS_RSA_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, + cipher_TLS_DH_DSS_WITH_DES_CBC_SHA, + cipher_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, + cipher_TLS_DH_RSA_WITH_DES_CBC_SHA, + cipher_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, + cipher_TLS_DHE_DSS_WITH_DES_CBC_SHA, + cipher_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, + cipher_TLS_DHE_RSA_WITH_DES_CBC_SHA, + cipher_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5, + cipher_TLS_DH_anon_WITH_RC4_128_MD5, + cipher_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, + cipher_TLS_DH_anon_WITH_DES_CBC_SHA, + cipher_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_KRB5_WITH_DES_CBC_SHA, + cipher_TLS_KRB5_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_KRB5_WITH_RC4_128_SHA, + cipher_TLS_KRB5_WITH_IDEA_CBC_SHA, + cipher_TLS_KRB5_WITH_DES_CBC_MD5, + cipher_TLS_KRB5_WITH_3DES_EDE_CBC_MD5, + cipher_TLS_KRB5_WITH_RC4_128_MD5, + cipher_TLS_KRB5_WITH_IDEA_CBC_MD5, + cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, + cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, + cipher_TLS_KRB5_EXPORT_WITH_RC4_40_SHA, + cipher_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, + cipher_TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, + cipher_TLS_KRB5_EXPORT_WITH_RC4_40_MD5, + cipher_TLS_PSK_WITH_NULL_SHA, + cipher_TLS_DHE_PSK_WITH_NULL_SHA, + cipher_TLS_RSA_PSK_WITH_NULL_SHA, + cipher_TLS_RSA_WITH_AES_128_CBC_SHA, + cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA, + cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA, + cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA, + cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA, + cipher_TLS_RSA_WITH_AES_256_CBC_SHA, + cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA, + cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA, + cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA, + cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA, + cipher_TLS_RSA_WITH_NULL_SHA256, + cipher_TLS_RSA_WITH_AES_128_CBC_SHA256, + cipher_TLS_RSA_WITH_AES_256_CBC_SHA256, + cipher_TLS_DH_DSS_WITH_AES_128_CBC_SHA256, + cipher_TLS_DH_RSA_WITH_AES_128_CBC_SHA256, + cipher_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, + cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, + cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, + cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, + cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA, + cipher_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, + cipher_TLS_DH_DSS_WITH_AES_256_CBC_SHA256, + cipher_TLS_DH_RSA_WITH_AES_256_CBC_SHA256, + cipher_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, + cipher_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + cipher_TLS_DH_anon_WITH_AES_128_CBC_SHA256, + cipher_TLS_DH_anon_WITH_AES_256_CBC_SHA256, + cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, + cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, + cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, + cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA, + cipher_TLS_PSK_WITH_RC4_128_SHA, + cipher_TLS_PSK_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_PSK_WITH_AES_128_CBC_SHA, + cipher_TLS_PSK_WITH_AES_256_CBC_SHA, + cipher_TLS_DHE_PSK_WITH_RC4_128_SHA, + cipher_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, + cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, + cipher_TLS_RSA_PSK_WITH_RC4_128_SHA, + cipher_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, + cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, + cipher_TLS_RSA_WITH_SEED_CBC_SHA, + cipher_TLS_DH_DSS_WITH_SEED_CBC_SHA, + cipher_TLS_DH_RSA_WITH_SEED_CBC_SHA, + cipher_TLS_DHE_DSS_WITH_SEED_CBC_SHA, + cipher_TLS_DHE_RSA_WITH_SEED_CBC_SHA, + cipher_TLS_DH_anon_WITH_SEED_CBC_SHA, + cipher_TLS_RSA_WITH_AES_128_GCM_SHA256, + cipher_TLS_RSA_WITH_AES_256_GCM_SHA384, + cipher_TLS_DH_RSA_WITH_AES_128_GCM_SHA256, + cipher_TLS_DH_RSA_WITH_AES_256_GCM_SHA384, + cipher_TLS_DH_DSS_WITH_AES_128_GCM_SHA256, + cipher_TLS_DH_DSS_WITH_AES_256_GCM_SHA384, + cipher_TLS_DH_anon_WITH_AES_128_GCM_SHA256, + cipher_TLS_DH_anon_WITH_AES_256_GCM_SHA384, + cipher_TLS_PSK_WITH_AES_128_GCM_SHA256, + cipher_TLS_PSK_WITH_AES_256_GCM_SHA384, + cipher_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, + cipher_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, + cipher_TLS_PSK_WITH_AES_128_CBC_SHA256, + cipher_TLS_PSK_WITH_AES_256_CBC_SHA384, + cipher_TLS_PSK_WITH_NULL_SHA256, + cipher_TLS_PSK_WITH_NULL_SHA384, + cipher_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, + cipher_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, + cipher_TLS_DHE_PSK_WITH_NULL_SHA256, + cipher_TLS_DHE_PSK_WITH_NULL_SHA384, + cipher_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, + cipher_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, + cipher_TLS_RSA_PSK_WITH_NULL_SHA256, + cipher_TLS_RSA_PSK_WITH_NULL_SHA384, + cipher_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, + cipher_TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256, + cipher_TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256, + cipher_TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, + cipher_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + cipher_TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256, + cipher_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, + cipher_TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256, + cipher_TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256, + cipher_TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, + cipher_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, + cipher_TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256, + cipher_TLS_EMPTY_RENEGOTIATION_INFO_SCSV, + cipher_TLS_ECDH_ECDSA_WITH_NULL_SHA, + cipher_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, + cipher_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + cipher_TLS_ECDHE_ECDSA_WITH_NULL_SHA, + cipher_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + cipher_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + cipher_TLS_ECDH_RSA_WITH_NULL_SHA, + cipher_TLS_ECDH_RSA_WITH_RC4_128_SHA, + cipher_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, + cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, + cipher_TLS_ECDHE_RSA_WITH_NULL_SHA, + cipher_TLS_ECDHE_RSA_WITH_RC4_128_SHA, + cipher_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + cipher_TLS_ECDH_anon_WITH_NULL_SHA, + cipher_TLS_ECDH_anon_WITH_RC4_128_SHA, + cipher_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_ECDH_anon_WITH_AES_128_CBC_SHA, + cipher_TLS_ECDH_anon_WITH_AES_256_CBC_SHA, + cipher_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_SRP_SHA_WITH_AES_128_CBC_SHA, + cipher_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + cipher_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, + cipher_TLS_SRP_SHA_WITH_AES_256_CBC_SHA, + cipher_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + cipher_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, + cipher_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + cipher_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + cipher_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, + cipher_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, + cipher_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + cipher_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + cipher_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, + cipher_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, + cipher_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, + cipher_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, + cipher_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, + cipher_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, + cipher_TLS_ECDHE_PSK_WITH_RC4_128_SHA, + cipher_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, + cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, + cipher_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + cipher_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, + cipher_TLS_ECDHE_PSK_WITH_NULL_SHA, + cipher_TLS_ECDHE_PSK_WITH_NULL_SHA256, + cipher_TLS_ECDHE_PSK_WITH_NULL_SHA384, + cipher_TLS_RSA_WITH_ARIA_128_CBC_SHA256, + cipher_TLS_RSA_WITH_ARIA_256_CBC_SHA384, + cipher_TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256, + cipher_TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384, + cipher_TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256, + cipher_TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384, + cipher_TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256, + cipher_TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384, + cipher_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, + cipher_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, + cipher_TLS_DH_anon_WITH_ARIA_128_CBC_SHA256, + cipher_TLS_DH_anon_WITH_ARIA_256_CBC_SHA384, + cipher_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, + cipher_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, + cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, + cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, + cipher_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, + cipher_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, + cipher_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, + cipher_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, + cipher_TLS_RSA_WITH_ARIA_128_GCM_SHA256, + cipher_TLS_RSA_WITH_ARIA_256_GCM_SHA384, + cipher_TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256, + cipher_TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384, + cipher_TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256, + cipher_TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384, + cipher_TLS_DH_anon_WITH_ARIA_128_GCM_SHA256, + cipher_TLS_DH_anon_WITH_ARIA_256_GCM_SHA384, + cipher_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, + cipher_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, + cipher_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, + cipher_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, + cipher_TLS_PSK_WITH_ARIA_128_CBC_SHA256, + cipher_TLS_PSK_WITH_ARIA_256_CBC_SHA384, + cipher_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, + cipher_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, + cipher_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, + cipher_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, + cipher_TLS_PSK_WITH_ARIA_128_GCM_SHA256, + cipher_TLS_PSK_WITH_ARIA_256_GCM_SHA384, + cipher_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, + cipher_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, + cipher_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, + cipher_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, + cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + cipher_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + cipher_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, + cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, + cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, + cipher_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, + cipher_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, + cipher_TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256, + cipher_TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384, + cipher_TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256, + cipher_TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384, + cipher_TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256, + cipher_TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384, + cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, + cipher_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, + cipher_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, + cipher_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, + cipher_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, + cipher_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, + cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, + cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, + cipher_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, + cipher_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, + cipher_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + cipher_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + cipher_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, + cipher_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, + cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + cipher_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + cipher_TLS_RSA_WITH_AES_128_CCM, + cipher_TLS_RSA_WITH_AES_256_CCM, + cipher_TLS_RSA_WITH_AES_128_CCM_8, + cipher_TLS_RSA_WITH_AES_256_CCM_8, + cipher_TLS_PSK_WITH_AES_128_CCM, + cipher_TLS_PSK_WITH_AES_256_CCM, + cipher_TLS_PSK_WITH_AES_128_CCM_8, + cipher_TLS_PSK_WITH_AES_256_CCM_8: + return true + default: + return false + } +} diff --git a/components/engine/vendor/golang.org/x/net/http2/client_conn_pool.go b/components/engine/vendor/golang.org/x/net/http2/client_conn_pool.go index b13941258a..bdf5652b01 100644 --- a/components/engine/vendor/golang.org/x/net/http2/client_conn_pool.go +++ b/components/engine/vendor/golang.org/x/net/http2/client_conn_pool.go @@ -247,7 +247,7 @@ func filterOutClientConn(in []*ClientConn, exclude *ClientConn) []*ClientConn { } // noDialClientConnPool is an implementation of http2.ClientConnPool -// which never dials. We let the HTTP/1.1 client dial and use its TLS +// which never dials. We let the HTTP/1.1 client dial and use its TLS // connection instead. type noDialClientConnPool struct{ *clientConnPool } diff --git a/components/engine/vendor/golang.org/x/net/http2/databuffer.go b/components/engine/vendor/golang.org/x/net/http2/databuffer.go new file mode 100644 index 0000000000..a3067f8de7 --- /dev/null +++ b/components/engine/vendor/golang.org/x/net/http2/databuffer.go @@ -0,0 +1,146 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package http2 + +import ( + "errors" + "fmt" + "sync" +) + +// Buffer chunks are allocated from a pool to reduce pressure on GC. +// The maximum wasted space per dataBuffer is 2x the largest size class, +// which happens when the dataBuffer has multiple chunks and there is +// one unread byte in both the first and last chunks. We use a few size +// classes to minimize overheads for servers that typically receive very +// small request bodies. +// +// TODO: Benchmark to determine if the pools are necessary. The GC may have +// improved enough that we can instead allocate chunks like this: +// make([]byte, max(16<<10, expectedBytesRemaining)) +var ( + dataChunkSizeClasses = []int{ + 1 << 10, + 2 << 10, + 4 << 10, + 8 << 10, + 16 << 10, + } + dataChunkPools = [...]sync.Pool{ + {New: func() interface{} { return make([]byte, 1<<10) }}, + {New: func() interface{} { return make([]byte, 2<<10) }}, + {New: func() interface{} { return make([]byte, 4<<10) }}, + {New: func() interface{} { return make([]byte, 8<<10) }}, + {New: func() interface{} { return make([]byte, 16<<10) }}, + } +) + +func getDataBufferChunk(size int64) []byte { + i := 0 + for ; i < len(dataChunkSizeClasses)-1; i++ { + if size <= int64(dataChunkSizeClasses[i]) { + break + } + } + return dataChunkPools[i].Get().([]byte) +} + +func putDataBufferChunk(p []byte) { + for i, n := range dataChunkSizeClasses { + if len(p) == n { + dataChunkPools[i].Put(p) + return + } + } + panic(fmt.Sprintf("unexpected buffer len=%v", len(p))) +} + +// dataBuffer is an io.ReadWriter backed by a list of data chunks. +// Each dataBuffer is used to read DATA frames on a single stream. +// The buffer is divided into chunks so the server can limit the +// total memory used by a single connection without limiting the +// request body size on any single stream. +type dataBuffer struct { + chunks [][]byte + r int // next byte to read is chunks[0][r] + w int // next byte to write is chunks[len(chunks)-1][w] + size int // total buffered bytes + expected int64 // we expect at least this many bytes in future Write calls (ignored if <= 0) +} + +var errReadEmpty = errors.New("read from empty dataBuffer") + +// Read copies bytes from the buffer into p. +// It is an error to read when no data is available. +func (b *dataBuffer) Read(p []byte) (int, error) { + if b.size == 0 { + return 0, errReadEmpty + } + var ntotal int + for len(p) > 0 && b.size > 0 { + readFrom := b.bytesFromFirstChunk() + n := copy(p, readFrom) + p = p[n:] + ntotal += n + b.r += n + b.size -= n + // If the first chunk has been consumed, advance to the next chunk. + if b.r == len(b.chunks[0]) { + putDataBufferChunk(b.chunks[0]) + end := len(b.chunks) - 1 + copy(b.chunks[:end], b.chunks[1:]) + b.chunks[end] = nil + b.chunks = b.chunks[:end] + b.r = 0 + } + } + return ntotal, nil +} + +func (b *dataBuffer) bytesFromFirstChunk() []byte { + if len(b.chunks) == 1 { + return b.chunks[0][b.r:b.w] + } + return b.chunks[0][b.r:] +} + +// Len returns the number of bytes of the unread portion of the buffer. +func (b *dataBuffer) Len() int { + return b.size +} + +// Write appends p to the buffer. +func (b *dataBuffer) Write(p []byte) (int, error) { + ntotal := len(p) + for len(p) > 0 { + // If the last chunk is empty, allocate a new chunk. Try to allocate + // enough to fully copy p plus any additional bytes we expect to + // receive. However, this may allocate less than len(p). + want := int64(len(p)) + if b.expected > want { + want = b.expected + } + chunk := b.lastChunkOrAlloc(want) + n := copy(chunk[b.w:], p) + p = p[n:] + b.w += n + b.size += n + b.expected -= int64(n) + } + return ntotal, nil +} + +func (b *dataBuffer) lastChunkOrAlloc(want int64) []byte { + if len(b.chunks) != 0 { + last := b.chunks[len(b.chunks)-1] + if b.w < len(last) { + return last + } + } + chunk := getDataBufferChunk(want) + b.chunks = append(b.chunks, chunk) + b.w = 0 + return chunk +} diff --git a/components/engine/vendor/golang.org/x/net/http2/fixed_buffer.go b/components/engine/vendor/golang.org/x/net/http2/fixed_buffer.go deleted file mode 100644 index 47da0f0bf7..0000000000 --- a/components/engine/vendor/golang.org/x/net/http2/fixed_buffer.go +++ /dev/null @@ -1,60 +0,0 @@ -// Copyright 2014 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package http2 - -import ( - "errors" -) - -// fixedBuffer is an io.ReadWriter backed by a fixed size buffer. -// It never allocates, but moves old data as new data is written. -type fixedBuffer struct { - buf []byte - r, w int -} - -var ( - errReadEmpty = errors.New("read from empty fixedBuffer") - errWriteFull = errors.New("write on full fixedBuffer") -) - -// Read copies bytes from the buffer into p. -// It is an error to read when no data is available. -func (b *fixedBuffer) Read(p []byte) (n int, err error) { - if b.r == b.w { - return 0, errReadEmpty - } - n = copy(p, b.buf[b.r:b.w]) - b.r += n - if b.r == b.w { - b.r = 0 - b.w = 0 - } - return n, nil -} - -// Len returns the number of bytes of the unread portion of the buffer. -func (b *fixedBuffer) Len() int { - return b.w - b.r -} - -// Write copies bytes from p into the buffer. -// It is an error to write more data than the buffer can hold. -func (b *fixedBuffer) Write(p []byte) (n int, err error) { - // Slide existing data to beginning. - if b.r > 0 && len(p) > len(b.buf)-b.w { - copy(b.buf, b.buf[b.r:b.w]) - b.w -= b.r - b.r = 0 - } - - // Write new data. - n = copy(b.buf[b.w:], p) - b.w += n - if n < len(p) { - err = errWriteFull - } - return n, err -} diff --git a/components/engine/vendor/golang.org/x/net/http2/frame.go b/components/engine/vendor/golang.org/x/net/http2/frame.go index 358833fedf..3b14890728 100644 --- a/components/engine/vendor/golang.org/x/net/http2/frame.go +++ b/components/engine/vendor/golang.org/x/net/http2/frame.go @@ -122,7 +122,7 @@ var flagName = map[FrameType]map[Flags]string{ // a frameParser parses a frame given its FrameHeader and payload // bytes. The length of payload will always equal fh.Length (which // might be 0). -type frameParser func(fh FrameHeader, payload []byte) (Frame, error) +type frameParser func(fc *frameCache, fh FrameHeader, payload []byte) (Frame, error) var frameParsers = map[FrameType]frameParser{ FrameData: parseDataFrame, @@ -312,7 +312,7 @@ type Framer struct { MaxHeaderListSize uint32 // TODO: track which type of frame & with which flags was sent - // last. Then return an error (unless AllowIllegalWrites) if + // last. Then return an error (unless AllowIllegalWrites) if // we're in the middle of a header block and a // non-Continuation or Continuation on a different stream is // attempted to be written. @@ -323,6 +323,8 @@ type Framer struct { debugFramerBuf *bytes.Buffer debugReadLoggerf func(string, ...interface{}) debugWriteLoggerf func(string, ...interface{}) + + frameCache *frameCache // nil if frames aren't reused (default) } func (fr *Framer) maxHeaderListSize() uint32 { @@ -398,6 +400,27 @@ const ( maxFrameSize = 1<<24 - 1 ) +// SetReuseFrames allows the Framer to reuse Frames. +// If called on a Framer, Frames returned by calls to ReadFrame are only +// valid until the next call to ReadFrame. +func (fr *Framer) SetReuseFrames() { + if fr.frameCache != nil { + return + } + fr.frameCache = &frameCache{} +} + +type frameCache struct { + dataFrame DataFrame +} + +func (fc *frameCache) getDataFrame() *DataFrame { + if fc == nil { + return &DataFrame{} + } + return &fc.dataFrame +} + // NewFramer returns a Framer that writes frames to w and reads them from r. func NewFramer(w io.Writer, r io.Reader) *Framer { fr := &Framer{ @@ -477,7 +500,7 @@ func (fr *Framer) ReadFrame() (Frame, error) { if _, err := io.ReadFull(fr.r, payload); err != nil { return nil, err } - f, err := typeFrameParser(fh.Type)(fh, payload) + f, err := typeFrameParser(fh.Type)(fr.frameCache, fh, payload) if err != nil { if ce, ok := err.(connError); ok { return nil, fr.connError(ce.Code, ce.Reason) @@ -565,7 +588,7 @@ func (f *DataFrame) Data() []byte { return f.data } -func parseDataFrame(fh FrameHeader, payload []byte) (Frame, error) { +func parseDataFrame(fc *frameCache, fh FrameHeader, payload []byte) (Frame, error) { if fh.StreamID == 0 { // DATA frames MUST be associated with a stream. If a // DATA frame is received whose stream identifier @@ -574,9 +597,9 @@ func parseDataFrame(fh FrameHeader, payload []byte) (Frame, error) { // PROTOCOL_ERROR. return nil, connError{ErrCodeProtocol, "DATA frame with stream ID 0"} } - f := &DataFrame{ - FrameHeader: fh, - } + f := fc.getDataFrame() + f.FrameHeader = fh + var padSize byte if fh.Flags.Has(FlagDataPadded) { var err error @@ -600,6 +623,7 @@ var ( errStreamID = errors.New("invalid stream ID") errDepStreamID = errors.New("invalid dependent stream ID") errPadLength = errors.New("pad length too large") + errPadBytes = errors.New("padding bytes must all be zeros unless AllowIllegalWrites is enabled") ) func validStreamIDOrZero(streamID uint32) bool { @@ -623,6 +647,7 @@ func (f *Framer) WriteData(streamID uint32, endStream bool, data []byte) error { // // If pad is nil, the padding bit is not sent. // The length of pad must not exceed 255 bytes. +// The bytes of pad must all be zero, unless f.AllowIllegalWrites is set. // // It will perform exactly one Write to the underlying Writer. // It is the caller's responsibility not to violate the maximum frame size @@ -631,8 +656,18 @@ func (f *Framer) WriteDataPadded(streamID uint32, endStream bool, data, pad []by if !validStreamID(streamID) && !f.AllowIllegalWrites { return errStreamID } - if len(pad) > 255 { - return errPadLength + if len(pad) > 0 { + if len(pad) > 255 { + return errPadLength + } + if !f.AllowIllegalWrites { + for _, b := range pad { + if b != 0 { + // "Padding octets MUST be set to zero when sending." + return errPadBytes + } + } + } } var flags Flags if endStream { @@ -660,10 +695,10 @@ type SettingsFrame struct { p []byte } -func parseSettingsFrame(fh FrameHeader, p []byte) (Frame, error) { +func parseSettingsFrame(_ *frameCache, fh FrameHeader, p []byte) (Frame, error) { if fh.Flags.Has(FlagSettingsAck) && fh.Length > 0 { // When this (ACK 0x1) bit is set, the payload of the - // SETTINGS frame MUST be empty. Receipt of a + // SETTINGS frame MUST be empty. Receipt of a // SETTINGS frame with the ACK flag set and a length // field value other than 0 MUST be treated as a // connection error (Section 5.4.1) of type @@ -672,7 +707,7 @@ func parseSettingsFrame(fh FrameHeader, p []byte) (Frame, error) { } if fh.StreamID != 0 { // SETTINGS frames always apply to a connection, - // never a single stream. The stream identifier for a + // never a single stream. The stream identifier for a // SETTINGS frame MUST be zero (0x0). If an endpoint // receives a SETTINGS frame whose stream identifier // field is anything other than 0x0, the endpoint MUST @@ -762,7 +797,7 @@ type PingFrame struct { func (f *PingFrame) IsAck() bool { return f.Flags.Has(FlagPingAck) } -func parsePingFrame(fh FrameHeader, payload []byte) (Frame, error) { +func parsePingFrame(_ *frameCache, fh FrameHeader, payload []byte) (Frame, error) { if len(payload) != 8 { return nil, ConnectionError(ErrCodeFrameSize) } @@ -802,7 +837,7 @@ func (f *GoAwayFrame) DebugData() []byte { return f.debugData } -func parseGoAwayFrame(fh FrameHeader, p []byte) (Frame, error) { +func parseGoAwayFrame(_ *frameCache, fh FrameHeader, p []byte) (Frame, error) { if fh.StreamID != 0 { return nil, ConnectionError(ErrCodeProtocol) } @@ -842,7 +877,7 @@ func (f *UnknownFrame) Payload() []byte { return f.p } -func parseUnknownFrame(fh FrameHeader, p []byte) (Frame, error) { +func parseUnknownFrame(_ *frameCache, fh FrameHeader, p []byte) (Frame, error) { return &UnknownFrame{fh, p}, nil } @@ -853,7 +888,7 @@ type WindowUpdateFrame struct { Increment uint32 // never read with high bit set } -func parseWindowUpdateFrame(fh FrameHeader, p []byte) (Frame, error) { +func parseWindowUpdateFrame(_ *frameCache, fh FrameHeader, p []byte) (Frame, error) { if len(p) != 4 { return nil, ConnectionError(ErrCodeFrameSize) } @@ -918,12 +953,12 @@ func (f *HeadersFrame) HasPriority() bool { return f.FrameHeader.Flags.Has(FlagHeadersPriority) } -func parseHeadersFrame(fh FrameHeader, p []byte) (_ Frame, err error) { +func parseHeadersFrame(_ *frameCache, fh FrameHeader, p []byte) (_ Frame, err error) { hf := &HeadersFrame{ FrameHeader: fh, } if fh.StreamID == 0 { - // HEADERS frames MUST be associated with a stream. If a HEADERS frame + // HEADERS frames MUST be associated with a stream. If a HEADERS frame // is received whose stream identifier field is 0x0, the recipient MUST // respond with a connection error (Section 5.4.1) of type // PROTOCOL_ERROR. @@ -1045,7 +1080,7 @@ type PriorityParam struct { Exclusive bool // Weight is the stream's zero-indexed weight. It should be - // set together with StreamDep, or neither should be set. Per + // set together with StreamDep, or neither should be set. Per // the spec, "Add one to the value to obtain a weight between // 1 and 256." Weight uint8 @@ -1055,7 +1090,7 @@ func (p PriorityParam) IsZero() bool { return p == PriorityParam{} } -func parsePriorityFrame(fh FrameHeader, payload []byte) (Frame, error) { +func parsePriorityFrame(_ *frameCache, fh FrameHeader, payload []byte) (Frame, error) { if fh.StreamID == 0 { return nil, connError{ErrCodeProtocol, "PRIORITY frame with stream ID 0"} } @@ -1102,7 +1137,7 @@ type RSTStreamFrame struct { ErrCode ErrCode } -func parseRSTStreamFrame(fh FrameHeader, p []byte) (Frame, error) { +func parseRSTStreamFrame(_ *frameCache, fh FrameHeader, p []byte) (Frame, error) { if len(p) != 4 { return nil, ConnectionError(ErrCodeFrameSize) } @@ -1132,7 +1167,7 @@ type ContinuationFrame struct { headerFragBuf []byte } -func parseContinuationFrame(fh FrameHeader, p []byte) (Frame, error) { +func parseContinuationFrame(_ *frameCache, fh FrameHeader, p []byte) (Frame, error) { if fh.StreamID == 0 { return nil, connError{ErrCodeProtocol, "CONTINUATION frame with stream ID 0"} } @@ -1182,7 +1217,7 @@ func (f *PushPromiseFrame) HeadersEnded() bool { return f.FrameHeader.Flags.Has(FlagPushPromiseEndHeaders) } -func parsePushPromise(fh FrameHeader, p []byte) (_ Frame, err error) { +func parsePushPromise(_ *frameCache, fh FrameHeader, p []byte) (_ Frame, err error) { pp := &PushPromiseFrame{ FrameHeader: fh, } diff --git a/components/engine/vendor/golang.org/x/net/http2/go16.go b/components/engine/vendor/golang.org/x/net/http2/go16.go index 2b72855f55..00b2e9e3cf 100644 --- a/components/engine/vendor/golang.org/x/net/http2/go16.go +++ b/components/engine/vendor/golang.org/x/net/http2/go16.go @@ -7,7 +7,6 @@ package http2 import ( - "crypto/tls" "net/http" "time" ) @@ -15,29 +14,3 @@ import ( func transportExpectContinueTimeout(t1 *http.Transport) time.Duration { return t1.ExpectContinueTimeout } - -// isBadCipher reports whether the cipher is blacklisted by the HTTP/2 spec. -func isBadCipher(cipher uint16) bool { - switch cipher { - case tls.TLS_RSA_WITH_RC4_128_SHA, - tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, - tls.TLS_RSA_WITH_AES_128_CBC_SHA, - tls.TLS_RSA_WITH_AES_256_CBC_SHA, - tls.TLS_RSA_WITH_AES_128_GCM_SHA256, - tls.TLS_RSA_WITH_AES_256_GCM_SHA384, - tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, - tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, - tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: - // Reject cipher suites from Appendix A. - // "This list includes those cipher suites that do not - // offer an ephemeral key exchange and those that are - // based on the TLS null, stream or block cipher type" - return true - default: - return false - } -} diff --git a/components/engine/vendor/golang.org/x/net/http2/go18.go b/components/engine/vendor/golang.org/x/net/http2/go18.go index 633202c39f..73cc2381f3 100644 --- a/components/engine/vendor/golang.org/x/net/http2/go18.go +++ b/components/engine/vendor/golang.org/x/net/http2/go18.go @@ -12,7 +12,11 @@ import ( "net/http" ) -func cloneTLSConfig(c *tls.Config) *tls.Config { return c.Clone() } +func cloneTLSConfig(c *tls.Config) *tls.Config { + c2 := c.Clone() + c2.GetClientCertificate = c.GetClientCertificate // golang.org/issue/19264 + return c2 +} var _ http.Pusher = (*responseWriter)(nil) diff --git a/components/engine/vendor/golang.org/x/net/http2/go19.go b/components/engine/vendor/golang.org/x/net/http2/go19.go new file mode 100644 index 0000000000..38124ba56e --- /dev/null +++ b/components/engine/vendor/golang.org/x/net/http2/go19.go @@ -0,0 +1,16 @@ +// Copyright 2015 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build go1.9 + +package http2 + +import ( + "net/http" +) + +func configureServer19(s *http.Server, conf *Server) error { + s.RegisterOnShutdown(conf.state.startGracefulShutdown) + return nil +} diff --git a/components/engine/vendor/golang.org/x/net/http2/hpack/encode.go b/components/engine/vendor/golang.org/x/net/http2/hpack/encode.go index f9bb033984..54726c2a3c 100644 --- a/components/engine/vendor/golang.org/x/net/http2/hpack/encode.go +++ b/components/engine/vendor/golang.org/x/net/http2/hpack/encode.go @@ -39,13 +39,14 @@ func NewEncoder(w io.Writer) *Encoder { tableSizeUpdate: false, w: w, } + e.dynTab.table.init() e.dynTab.setMaxSize(initialHeaderTableSize) return e } // WriteField encodes f into a single Write to e's underlying Writer. // This function may also produce bytes for "Header Table Size Update" -// if necessary. If produced, it is done before encoding f. +// if necessary. If produced, it is done before encoding f. func (e *Encoder) WriteField(f HeaderField) error { e.buf = e.buf[:0] @@ -88,29 +89,17 @@ func (e *Encoder) WriteField(f HeaderField) error { // only name matches, i points to that index and nameValueMatch // becomes false. func (e *Encoder) searchTable(f HeaderField) (i uint64, nameValueMatch bool) { - for idx, hf := range staticTable { - if !constantTimeStringCompare(hf.Name, f.Name) { - continue - } - if i == 0 { - i = uint64(idx + 1) - } - if f.Sensitive { - continue - } - if !constantTimeStringCompare(hf.Value, f.Value) { - continue - } - i = uint64(idx + 1) - nameValueMatch = true - return + i, nameValueMatch = staticTable.search(f) + if nameValueMatch { + return i, true } - j, nameValueMatch := e.dynTab.search(f) + j, nameValueMatch := e.dynTab.table.search(f) if nameValueMatch || (i == 0 && j != 0) { - i = j + uint64(len(staticTable)) + return j + uint64(staticTable.len()), nameValueMatch } - return + + return i, false } // SetMaxDynamicTableSize changes the dynamic header table size to v. diff --git a/components/engine/vendor/golang.org/x/net/http2/hpack/hpack.go b/components/engine/vendor/golang.org/x/net/http2/hpack/hpack.go index 135b9f62cd..176644acda 100644 --- a/components/engine/vendor/golang.org/x/net/http2/hpack/hpack.go +++ b/components/engine/vendor/golang.org/x/net/http2/hpack/hpack.go @@ -61,7 +61,7 @@ func (hf HeaderField) String() string { func (hf HeaderField) Size() uint32 { // http://http2.github.io/http2-spec/compression.html#rfc.section.4.1 // "The size of the dynamic table is the sum of the size of - // its entries. The size of an entry is the sum of its name's + // its entries. The size of an entry is the sum of its name's // length in octets (as defined in Section 5.2), its value's // length in octets (see Section 5.2), plus 32. The size of // an entry is calculated using the length of the name and @@ -102,6 +102,7 @@ func NewDecoder(maxDynamicTableSize uint32, emitFunc func(f HeaderField)) *Decod emit: emitFunc, emitEnabled: true, } + d.dynTab.table.init() d.dynTab.allowedMaxSize = maxDynamicTableSize d.dynTab.setMaxSize(maxDynamicTableSize) return d @@ -154,12 +155,9 @@ func (d *Decoder) SetAllowedMaxDynamicTableSize(v uint32) { } type dynamicTable struct { - // ents is the FIFO described at // http://http2.github.io/http2-spec/compression.html#rfc.section.2.3.2 - // The newest (low index) is append at the end, and items are - // evicted from the front. - ents []HeaderField - size uint32 + table headerFieldTable + size uint32 // in bytes maxSize uint32 // current maxSize allowedMaxSize uint32 // maxSize may go up to this, inclusive } @@ -169,95 +167,45 @@ func (dt *dynamicTable) setMaxSize(v uint32) { dt.evict() } -// TODO: change dynamicTable to be a struct with a slice and a size int field, -// per http://http2.github.io/http2-spec/compression.html#rfc.section.4.1: -// -// -// Then make add increment the size. maybe the max size should move from Decoder to -// dynamicTable and add should return an ok bool if there was enough space. -// -// Later we'll need a remove operation on dynamicTable. - func (dt *dynamicTable) add(f HeaderField) { - dt.ents = append(dt.ents, f) + dt.table.addEntry(f) dt.size += f.Size() dt.evict() } -// If we're too big, evict old stuff (front of the slice) +// If we're too big, evict old stuff. func (dt *dynamicTable) evict() { - base := dt.ents // keep base pointer of slice - for dt.size > dt.maxSize { - dt.size -= dt.ents[0].Size() - dt.ents = dt.ents[1:] + var n int + for dt.size > dt.maxSize && n < dt.table.len() { + dt.size -= dt.table.ents[n].Size() + n++ } - - // Shift slice contents down if we evicted things. - if len(dt.ents) != len(base) { - copy(base, dt.ents) - dt.ents = base[:len(dt.ents)] - } -} - -// constantTimeStringCompare compares string a and b in a constant -// time manner. -func constantTimeStringCompare(a, b string) bool { - if len(a) != len(b) { - return false - } - - c := byte(0) - - for i := 0; i < len(a); i++ { - c |= a[i] ^ b[i] - } - - return c == 0 -} - -// Search searches f in the table. The return value i is 0 if there is -// no name match. If there is name match or name/value match, i is the -// index of that entry (1-based). If both name and value match, -// nameValueMatch becomes true. -func (dt *dynamicTable) search(f HeaderField) (i uint64, nameValueMatch bool) { - l := len(dt.ents) - for j := l - 1; j >= 0; j-- { - ent := dt.ents[j] - if !constantTimeStringCompare(ent.Name, f.Name) { - continue - } - if i == 0 { - i = uint64(l - j) - } - if f.Sensitive { - continue - } - if !constantTimeStringCompare(ent.Value, f.Value) { - continue - } - i = uint64(l - j) - nameValueMatch = true - return - } - return + dt.table.evictOldest(n) } func (d *Decoder) maxTableIndex() int { - return len(d.dynTab.ents) + len(staticTable) + // This should never overflow. RFC 7540 Section 6.5.2 limits the size of + // the dynamic table to 2^32 bytes, where each entry will occupy more than + // one byte. Further, the staticTable has a fixed, small length. + return d.dynTab.table.len() + staticTable.len() } func (d *Decoder) at(i uint64) (hf HeaderField, ok bool) { - if i < 1 { + // See Section 2.3.3. + if i == 0 { return } + if i <= uint64(staticTable.len()) { + return staticTable.ents[i-1], true + } if i > uint64(d.maxTableIndex()) { return } - if i <= uint64(len(staticTable)) { - return staticTable[i-1], true - } - dents := d.dynTab.ents - return dents[len(dents)-(int(i)-len(staticTable))], true + // In the dynamic table, newer entries have lower indices. + // However, dt.ents[0] is the oldest entry. Hence, dt.ents is + // the reversed dynamic table. + dt := d.dynTab.table + return dt.ents[dt.len()-(int(i)-staticTable.len())], true } // Decode decodes an entire block. @@ -307,7 +255,7 @@ func (d *Decoder) Write(p []byte) (n int, err error) { err = d.parseHeaderFieldRepr() if err == errNeedMore { // Extra paranoia, making sure saveBuf won't - // get too large. All the varint and string + // get too large. All the varint and string // reading code earlier should already catch // overlong things and return ErrStringLength, // but keep this as a last resort. diff --git a/components/engine/vendor/golang.org/x/net/http2/hpack/tables.go b/components/engine/vendor/golang.org/x/net/http2/hpack/tables.go index b9283a0233..a66cfbea69 100644 --- a/components/engine/vendor/golang.org/x/net/http2/hpack/tables.go +++ b/components/engine/vendor/golang.org/x/net/http2/hpack/tables.go @@ -4,73 +4,200 @@ package hpack -func pair(name, value string) HeaderField { - return HeaderField{Name: name, Value: value} +import ( + "fmt" +) + +// headerFieldTable implements a list of HeaderFields. +// This is used to implement the static and dynamic tables. +type headerFieldTable struct { + // For static tables, entries are never evicted. + // + // For dynamic tables, entries are evicted from ents[0] and added to the end. + // Each entry has a unique id that starts at one and increments for each + // entry that is added. This unique id is stable across evictions, meaning + // it can be used as a pointer to a specific entry. As in hpack, unique ids + // are 1-based. The unique id for ents[k] is k + evictCount + 1. + // + // Zero is not a valid unique id. + // + // evictCount should not overflow in any remotely practical situation. In + // practice, we will have one dynamic table per HTTP/2 connection. If we + // assume a very powerful server that handles 1M QPS per connection and each + // request adds (then evicts) 100 entries from the table, it would still take + // 2M years for evictCount to overflow. + ents []HeaderField + evictCount uint64 + + // byName maps a HeaderField name to the unique id of the newest entry with + // the same name. See above for a definition of "unique id". + byName map[string]uint64 + + // byNameValue maps a HeaderField name/value pair to the unique id of the newest + // entry with the same name and value. See above for a definition of "unique id". + byNameValue map[pairNameValue]uint64 +} + +type pairNameValue struct { + name, value string +} + +func (t *headerFieldTable) init() { + t.byName = make(map[string]uint64) + t.byNameValue = make(map[pairNameValue]uint64) +} + +// len reports the number of entries in the table. +func (t *headerFieldTable) len() int { + return len(t.ents) +} + +// addEntry adds a new entry. +func (t *headerFieldTable) addEntry(f HeaderField) { + id := uint64(t.len()) + t.evictCount + 1 + t.byName[f.Name] = id + t.byNameValue[pairNameValue{f.Name, f.Value}] = id + t.ents = append(t.ents, f) +} + +// evictOldest evicts the n oldest entries in the table. +func (t *headerFieldTable) evictOldest(n int) { + if n > t.len() { + panic(fmt.Sprintf("evictOldest(%v) on table with %v entries", n, t.len())) + } + for k := 0; k < n; k++ { + f := t.ents[k] + id := t.evictCount + uint64(k) + 1 + if t.byName[f.Name] == id { + delete(t.byName, f.Name) + } + if p := (pairNameValue{f.Name, f.Value}); t.byNameValue[p] == id { + delete(t.byNameValue, p) + } + } + copy(t.ents, t.ents[n:]) + for k := t.len() - n; k < t.len(); k++ { + t.ents[k] = HeaderField{} // so strings can be garbage collected + } + t.ents = t.ents[:t.len()-n] + if t.evictCount+uint64(n) < t.evictCount { + panic("evictCount overflow") + } + t.evictCount += uint64(n) +} + +// search finds f in the table. If there is no match, i is 0. +// If both name and value match, i is the matched index and nameValueMatch +// becomes true. If only name matches, i points to that index and +// nameValueMatch becomes false. +// +// The returned index is a 1-based HPACK index. For dynamic tables, HPACK says +// that index 1 should be the newest entry, but t.ents[0] is the oldest entry, +// meaning t.ents is reversed for dynamic tables. Hence, when t is a dynamic +// table, the return value i actually refers to the entry t.ents[t.len()-i]. +// +// All tables are assumed to be a dynamic tables except for the global +// staticTable pointer. +// +// See Section 2.3.3. +func (t *headerFieldTable) search(f HeaderField) (i uint64, nameValueMatch bool) { + if !f.Sensitive { + if id := t.byNameValue[pairNameValue{f.Name, f.Value}]; id != 0 { + return t.idToIndex(id), true + } + } + if id := t.byName[f.Name]; id != 0 { + return t.idToIndex(id), false + } + return 0, false +} + +// idToIndex converts a unique id to an HPACK index. +// See Section 2.3.3. +func (t *headerFieldTable) idToIndex(id uint64) uint64 { + if id <= t.evictCount { + panic(fmt.Sprintf("id (%v) <= evictCount (%v)", id, t.evictCount)) + } + k := id - t.evictCount - 1 // convert id to an index t.ents[k] + if t != staticTable { + return uint64(t.len()) - k // dynamic table + } + return k + 1 } // http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-07#appendix-B -var staticTable = [...]HeaderField{ - pair(":authority", ""), // index 1 (1-based) - pair(":method", "GET"), - pair(":method", "POST"), - pair(":path", "/"), - pair(":path", "/index.html"), - pair(":scheme", "http"), - pair(":scheme", "https"), - pair(":status", "200"), - pair(":status", "204"), - pair(":status", "206"), - pair(":status", "304"), - pair(":status", "400"), - pair(":status", "404"), - pair(":status", "500"), - pair("accept-charset", ""), - pair("accept-encoding", "gzip, deflate"), - pair("accept-language", ""), - pair("accept-ranges", ""), - pair("accept", ""), - pair("access-control-allow-origin", ""), - pair("age", ""), - pair("allow", ""), - pair("authorization", ""), - pair("cache-control", ""), - pair("content-disposition", ""), - pair("content-encoding", ""), - pair("content-language", ""), - pair("content-length", ""), - pair("content-location", ""), - pair("content-range", ""), - pair("content-type", ""), - pair("cookie", ""), - pair("date", ""), - pair("etag", ""), - pair("expect", ""), - pair("expires", ""), - pair("from", ""), - pair("host", ""), - pair("if-match", ""), - pair("if-modified-since", ""), - pair("if-none-match", ""), - pair("if-range", ""), - pair("if-unmodified-since", ""), - pair("last-modified", ""), - pair("link", ""), - pair("location", ""), - pair("max-forwards", ""), - pair("proxy-authenticate", ""), - pair("proxy-authorization", ""), - pair("range", ""), - pair("referer", ""), - pair("refresh", ""), - pair("retry-after", ""), - pair("server", ""), - pair("set-cookie", ""), - pair("strict-transport-security", ""), - pair("transfer-encoding", ""), - pair("user-agent", ""), - pair("vary", ""), - pair("via", ""), - pair("www-authenticate", ""), +var staticTable = newStaticTable() +var staticTableEntries = [...]HeaderField{ + {Name: ":authority"}, + {Name: ":method", Value: "GET"}, + {Name: ":method", Value: "POST"}, + {Name: ":path", Value: "/"}, + {Name: ":path", Value: "/index.html"}, + {Name: ":scheme", Value: "http"}, + {Name: ":scheme", Value: "https"}, + {Name: ":status", Value: "200"}, + {Name: ":status", Value: "204"}, + {Name: ":status", Value: "206"}, + {Name: ":status", Value: "304"}, + {Name: ":status", Value: "400"}, + {Name: ":status", Value: "404"}, + {Name: ":status", Value: "500"}, + {Name: "accept-charset"}, + {Name: "accept-encoding", Value: "gzip, deflate"}, + {Name: "accept-language"}, + {Name: "accept-ranges"}, + {Name: "accept"}, + {Name: "access-control-allow-origin"}, + {Name: "age"}, + {Name: "allow"}, + {Name: "authorization"}, + {Name: "cache-control"}, + {Name: "content-disposition"}, + {Name: "content-encoding"}, + {Name: "content-language"}, + {Name: "content-length"}, + {Name: "content-location"}, + {Name: "content-range"}, + {Name: "content-type"}, + {Name: "cookie"}, + {Name: "date"}, + {Name: "etag"}, + {Name: "expect"}, + {Name: "expires"}, + {Name: "from"}, + {Name: "host"}, + {Name: "if-match"}, + {Name: "if-modified-since"}, + {Name: "if-none-match"}, + {Name: "if-range"}, + {Name: "if-unmodified-since"}, + {Name: "last-modified"}, + {Name: "link"}, + {Name: "location"}, + {Name: "max-forwards"}, + {Name: "proxy-authenticate"}, + {Name: "proxy-authorization"}, + {Name: "range"}, + {Name: "referer"}, + {Name: "refresh"}, + {Name: "retry-after"}, + {Name: "server"}, + {Name: "set-cookie"}, + {Name: "strict-transport-security"}, + {Name: "transfer-encoding"}, + {Name: "user-agent"}, + {Name: "vary"}, + {Name: "via"}, + {Name: "www-authenticate"}, +} + +func newStaticTable() *headerFieldTable { + t := &headerFieldTable{} + t.init() + for _, e := range staticTableEntries[:] { + t.addEntry(e) + } + return t } var huffmanCodes = [256]uint32{ diff --git a/components/engine/vendor/golang.org/x/net/http2/not_go16.go b/components/engine/vendor/golang.org/x/net/http2/not_go16.go index efd2e1282c..508cebcc4d 100644 --- a/components/engine/vendor/golang.org/x/net/http2/not_go16.go +++ b/components/engine/vendor/golang.org/x/net/http2/not_go16.go @@ -7,7 +7,6 @@ package http2 import ( - "crypto/tls" "net/http" "time" ) @@ -20,27 +19,3 @@ func transportExpectContinueTimeout(t1 *http.Transport) time.Duration { return 0 } - -// isBadCipher reports whether the cipher is blacklisted by the HTTP/2 spec. -func isBadCipher(cipher uint16) bool { - switch cipher { - case tls.TLS_RSA_WITH_RC4_128_SHA, - tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, - tls.TLS_RSA_WITH_AES_128_CBC_SHA, - tls.TLS_RSA_WITH_AES_256_CBC_SHA, - tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, - tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, - tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: - // Reject cipher suites from Appendix A. - // "This list includes those cipher suites that do not - // offer an ephemeral key exchange and those that are - // based on the TLS null, stream or block cipher type" - return true - default: - return false - } -} diff --git a/components/engine/vendor/golang.org/x/net/http2/not_go19.go b/components/engine/vendor/golang.org/x/net/http2/not_go19.go new file mode 100644 index 0000000000..5ae07726b7 --- /dev/null +++ b/components/engine/vendor/golang.org/x/net/http2/not_go19.go @@ -0,0 +1,16 @@ +// Copyright 2016 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build !go1.9 + +package http2 + +import ( + "net/http" +) + +func configureServer19(s *http.Server, conf *Server) error { + // not supported prior to go1.9 + return nil +} diff --git a/components/engine/vendor/golang.org/x/net/http2/pipe.go b/components/engine/vendor/golang.org/x/net/http2/pipe.go index 53b7a1daf6..0b9848be8c 100644 --- a/components/engine/vendor/golang.org/x/net/http2/pipe.go +++ b/components/engine/vendor/golang.org/x/net/http2/pipe.go @@ -10,13 +10,13 @@ import ( "sync" ) -// pipe is a goroutine-safe io.Reader/io.Writer pair. It's like +// pipe is a goroutine-safe io.Reader/io.Writer pair. It's like // io.Pipe except there are no PipeReader/PipeWriter halves, and the // underlying buffer is an interface. (io.Pipe is always unbuffered) type pipe struct { mu sync.Mutex - c sync.Cond // c.L lazily initialized to &p.mu - b pipeBuffer + c sync.Cond // c.L lazily initialized to &p.mu + b pipeBuffer // nil when done reading err error // read error once empty. non-nil means closed. breakErr error // immediate read error (caller doesn't see rest of b) donec chan struct{} // closed on error @@ -32,6 +32,9 @@ type pipeBuffer interface { func (p *pipe) Len() int { p.mu.Lock() defer p.mu.Unlock() + if p.b == nil { + return 0 + } return p.b.Len() } @@ -55,6 +58,7 @@ func (p *pipe) Read(d []byte) (n int, err error) { p.readFn() // e.g. copy trailers p.readFn = nil // not sticky like p.err } + p.b = nil return 0, p.err } p.c.Wait() @@ -75,6 +79,9 @@ func (p *pipe) Write(d []byte) (n int, err error) { if p.err != nil { return 0, errClosedPipeWrite } + if p.breakErr != nil { + return len(d), nil // discard when there is no reader + } return p.b.Write(d) } @@ -109,6 +116,9 @@ func (p *pipe) closeWithError(dst *error, err error, fn func()) { return } p.readFn = fn + if dst == &p.breakErr { + p.b = nil + } *dst = err p.closeDoneLocked() } diff --git a/components/engine/vendor/golang.org/x/net/http2/server.go b/components/engine/vendor/golang.org/x/net/http2/server.go index 3c6b90ccd5..7367b31c57 100644 --- a/components/engine/vendor/golang.org/x/net/http2/server.go +++ b/components/engine/vendor/golang.org/x/net/http2/server.go @@ -110,9 +110,41 @@ type Server struct { // activity for the purposes of IdleTimeout. IdleTimeout time.Duration + // MaxUploadBufferPerConnection is the size of the initial flow + // control window for each connections. The HTTP/2 spec does not + // allow this to be smaller than 65535 or larger than 2^32-1. + // If the value is outside this range, a default value will be + // used instead. + MaxUploadBufferPerConnection int32 + + // MaxUploadBufferPerStream is the size of the initial flow control + // window for each stream. The HTTP/2 spec does not allow this to + // be larger than 2^32-1. If the value is zero or larger than the + // maximum, a default value will be used instead. + MaxUploadBufferPerStream int32 + // NewWriteScheduler constructs a write scheduler for a connection. // If nil, a default scheduler is chosen. NewWriteScheduler func() WriteScheduler + + // Internal state. This is a pointer (rather than embedded directly) + // so that we don't embed a Mutex in this struct, which will make the + // struct non-copyable, which might break some callers. + state *serverInternalState +} + +func (s *Server) initialConnRecvWindowSize() int32 { + if s.MaxUploadBufferPerConnection > initialWindowSize { + return s.MaxUploadBufferPerConnection + } + return 1 << 20 +} + +func (s *Server) initialStreamRecvWindowSize() int32 { + if s.MaxUploadBufferPerStream > 0 { + return s.MaxUploadBufferPerStream + } + return 1 << 20 } func (s *Server) maxReadFrameSize() uint32 { @@ -129,6 +161,40 @@ func (s *Server) maxConcurrentStreams() uint32 { return defaultMaxStreams } +type serverInternalState struct { + mu sync.Mutex + activeConns map[*serverConn]struct{} +} + +func (s *serverInternalState) registerConn(sc *serverConn) { + if s == nil { + return // if the Server was used without calling ConfigureServer + } + s.mu.Lock() + s.activeConns[sc] = struct{}{} + s.mu.Unlock() +} + +func (s *serverInternalState) unregisterConn(sc *serverConn) { + if s == nil { + return // if the Server was used without calling ConfigureServer + } + s.mu.Lock() + delete(s.activeConns, sc) + s.mu.Unlock() +} + +func (s *serverInternalState) startGracefulShutdown() { + if s == nil { + return // if the Server was used without calling ConfigureServer + } + s.mu.Lock() + for sc := range s.activeConns { + sc.startGracefulShutdown() + } + s.mu.Unlock() +} + // ConfigureServer adds HTTP/2 support to a net/http Server. // // The configuration conf may be nil. @@ -141,9 +207,13 @@ func ConfigureServer(s *http.Server, conf *Server) error { if conf == nil { conf = new(Server) } + conf.state = &serverInternalState{activeConns: make(map[*serverConn]struct{})} if err := configureServer18(s, conf); err != nil { return err } + if err := configureServer19(s, conf); err != nil { + return err + } if s.TLSConfig == nil { s.TLSConfig = new(tls.Config) @@ -255,35 +325,37 @@ func (s *Server) ServeConn(c net.Conn, opts *ServeConnOpts) { defer cancel() sc := &serverConn{ - srv: s, - hs: opts.baseConfig(), - conn: c, - baseCtx: baseCtx, - remoteAddrStr: c.RemoteAddr().String(), - bw: newBufferedWriter(c), - handler: opts.handler(), - streams: make(map[uint32]*stream), - readFrameCh: make(chan readFrameResult), - wantWriteFrameCh: make(chan FrameWriteRequest, 8), - wantStartPushCh: make(chan startPushRequest, 8), - wroteFrameCh: make(chan frameWriteResult, 1), // buffered; one send in writeFrameAsync - bodyReadCh: make(chan bodyReadMsg), // buffering doesn't matter either way - doneServing: make(chan struct{}), - clientMaxStreams: math.MaxUint32, // Section 6.5.2: "Initially, there is no limit to this value" - advMaxStreams: s.maxConcurrentStreams(), - initialWindowSize: initialWindowSize, - maxFrameSize: initialMaxFrameSize, - headerTableSize: initialHeaderTableSize, - serveG: newGoroutineLock(), - pushEnabled: true, + srv: s, + hs: opts.baseConfig(), + conn: c, + baseCtx: baseCtx, + remoteAddrStr: c.RemoteAddr().String(), + bw: newBufferedWriter(c), + handler: opts.handler(), + streams: make(map[uint32]*stream), + readFrameCh: make(chan readFrameResult), + wantWriteFrameCh: make(chan FrameWriteRequest, 8), + serveMsgCh: make(chan interface{}, 8), + wroteFrameCh: make(chan frameWriteResult, 1), // buffered; one send in writeFrameAsync + bodyReadCh: make(chan bodyReadMsg), // buffering doesn't matter either way + doneServing: make(chan struct{}), + clientMaxStreams: math.MaxUint32, // Section 6.5.2: "Initially, there is no limit to this value" + advMaxStreams: s.maxConcurrentStreams(), + initialStreamSendWindowSize: initialWindowSize, + maxFrameSize: initialMaxFrameSize, + headerTableSize: initialHeaderTableSize, + serveG: newGoroutineLock(), + pushEnabled: true, } + s.state.registerConn(sc) + defer s.state.unregisterConn(sc) + // The net/http package sets the write deadline from the // http.Server.WriteTimeout during the TLS handshake, but then - // passes the connection off to us with the deadline already - // set. Disarm it here so that it is not applied to additional - // streams opened on this connection. - // TODO: implement WriteTimeout fully. See Issue 18437. + // passes the connection off to us with the deadline already set. + // Write deadlines are set per stream in serverConn.newStream. + // Disarm the net.Conn write deadline here. if sc.hs.WriteTimeout != 0 { sc.conn.SetWriteDeadline(time.Time{}) } @@ -294,6 +366,9 @@ func (s *Server) ServeConn(c net.Conn, opts *ServeConnOpts) { sc.writeSched = NewRandomWriteScheduler() } + // These start at the RFC-specified defaults. If there is a higher + // configured value for inflow, that will be updated when we send a + // WINDOW_UPDATE shortly after sending SETTINGS. sc.flow.add(initialWindowSize) sc.inflow.add(initialWindowSize) sc.hpackEncoder = hpack.NewEncoder(&sc.headerWriteBuf) @@ -376,10 +451,9 @@ type serverConn struct { doneServing chan struct{} // closed when serverConn.serve ends readFrameCh chan readFrameResult // written by serverConn.readFrames wantWriteFrameCh chan FrameWriteRequest // from handlers -> serve - wantStartPushCh chan startPushRequest // from handlers -> serve wroteFrameCh chan frameWriteResult // from writeFrameAsync -> serve, tickles more frame writes bodyReadCh chan bodyReadMsg // from handlers -> serve - testHookCh chan func(int) // code to run on the serve loop + serveMsgCh chan interface{} // misc messages & code to send to / run on the serve loop flow flow // conn-wide (not stream-specific) outbound flow control inflow flow // conn-wide inbound flow control tlsState *tls.ConnectionState // shared by all handlers, like net/http @@ -387,38 +461,39 @@ type serverConn struct { writeSched WriteScheduler // Everything following is owned by the serve loop; use serveG.check(): - serveG goroutineLock // used to verify funcs are on serve() - pushEnabled bool - sawFirstSettings bool // got the initial SETTINGS frame after the preface - needToSendSettingsAck bool - unackedSettings int // how many SETTINGS have we sent without ACKs? - clientMaxStreams uint32 // SETTINGS_MAX_CONCURRENT_STREAMS from client (our PUSH_PROMISE limit) - advMaxStreams uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client - curClientStreams uint32 // number of open streams initiated by the client - curPushedStreams uint32 // number of open streams initiated by server push - maxClientStreamID uint32 // max ever seen from client (odd), or 0 if there have been no client requests - maxPushPromiseID uint32 // ID of the last push promise (even), or 0 if there have been no pushes - streams map[uint32]*stream - initialWindowSize int32 - maxFrameSize int32 - headerTableSize uint32 - peerMaxHeaderListSize uint32 // zero means unknown (default) - canonHeader map[string]string // http2-lower-case -> Go-Canonical-Case - writingFrame bool // started writing a frame (on serve goroutine or separate) - writingFrameAsync bool // started a frame on its own goroutine but haven't heard back on wroteFrameCh - needsFrameFlush bool // last frame write wasn't a flush - inGoAway bool // we've started to or sent GOAWAY - inFrameScheduleLoop bool // whether we're in the scheduleFrameWrite loop - needToSendGoAway bool // we need to schedule a GOAWAY frame write - goAwayCode ErrCode - shutdownTimerCh <-chan time.Time // nil until used - shutdownTimer *time.Timer // nil until used - idleTimer *time.Timer // nil if unused - idleTimerCh <-chan time.Time // nil if unused + serveG goroutineLock // used to verify funcs are on serve() + pushEnabled bool + sawFirstSettings bool // got the initial SETTINGS frame after the preface + needToSendSettingsAck bool + unackedSettings int // how many SETTINGS have we sent without ACKs? + clientMaxStreams uint32 // SETTINGS_MAX_CONCURRENT_STREAMS from client (our PUSH_PROMISE limit) + advMaxStreams uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client + curClientStreams uint32 // number of open streams initiated by the client + curPushedStreams uint32 // number of open streams initiated by server push + maxClientStreamID uint32 // max ever seen from client (odd), or 0 if there have been no client requests + maxPushPromiseID uint32 // ID of the last push promise (even), or 0 if there have been no pushes + streams map[uint32]*stream + initialStreamSendWindowSize int32 + maxFrameSize int32 + headerTableSize uint32 + peerMaxHeaderListSize uint32 // zero means unknown (default) + canonHeader map[string]string // http2-lower-case -> Go-Canonical-Case + writingFrame bool // started writing a frame (on serve goroutine or separate) + writingFrameAsync bool // started a frame on its own goroutine but haven't heard back on wroteFrameCh + needsFrameFlush bool // last frame write wasn't a flush + inGoAway bool // we've started to or sent GOAWAY + inFrameScheduleLoop bool // whether we're in the scheduleFrameWrite loop + needToSendGoAway bool // we need to schedule a GOAWAY frame write + goAwayCode ErrCode + shutdownTimer *time.Timer // nil until used + idleTimer *time.Timer // nil if unused // Owned by the writeFrameAsync goroutine: headerWriteBuf bytes.Buffer hpackEncoder *hpack.Encoder + + // Used by startGracefulShutdown. + shutdownOnce sync.Once } func (sc *serverConn) maxHeaderListSize() uint32 { @@ -463,10 +538,10 @@ type stream struct { numTrailerValues int64 weight uint8 state streamState - resetQueued bool // RST_STREAM queued for write; set by sc.resetStream - gotTrailerHeader bool // HEADER frame for trailers was seen - wroteHeaders bool // whether we wrote headers (not status 100) - reqBuf []byte // if non-nil, body pipe buffer to return later at EOF + resetQueued bool // RST_STREAM queued for write; set by sc.resetStream + gotTrailerHeader bool // HEADER frame for trailers was seen + wroteHeaders bool // whether we wrote headers (not status 100) + writeDeadline *time.Timer // nil if unused trailer http.Header // accumulated trailers reqTrailer http.Header // handler's Request.Trailer @@ -696,48 +771,48 @@ func (sc *serverConn) serve() { {SettingMaxFrameSize, sc.srv.maxReadFrameSize()}, {SettingMaxConcurrentStreams, sc.advMaxStreams}, {SettingMaxHeaderListSize, sc.maxHeaderListSize()}, - - // TODO: more actual settings, notably - // SettingInitialWindowSize, but then we also - // want to bump up the conn window size the - // same amount here right after the settings + {SettingInitialWindowSize, uint32(sc.srv.initialStreamRecvWindowSize())}, }, }) sc.unackedSettings++ + // Each connection starts with intialWindowSize inflow tokens. + // If a higher value is configured, we add more tokens. + if diff := sc.srv.initialConnRecvWindowSize() - initialWindowSize; diff > 0 { + sc.sendWindowUpdate(nil, int(diff)) + } + if err := sc.readPreface(); err != nil { sc.condlogf(err, "http2: server: error reading preface from client %v: %v", sc.conn.RemoteAddr(), err) return } // Now that we've got the preface, get us out of the - // "StateNew" state. We can't go directly to idle, though. + // "StateNew" state. We can't go directly to idle, though. // Active means we read some data and anticipate a request. We'll // do another Active when we get a HEADERS frame. sc.setConnState(http.StateActive) sc.setConnState(http.StateIdle) if sc.srv.IdleTimeout != 0 { - sc.idleTimer = time.NewTimer(sc.srv.IdleTimeout) + sc.idleTimer = time.AfterFunc(sc.srv.IdleTimeout, sc.onIdleTimer) defer sc.idleTimer.Stop() - sc.idleTimerCh = sc.idleTimer.C - } - - var gracefulShutdownCh <-chan struct{} - if sc.hs != nil { - gracefulShutdownCh = h1ServerShutdownChan(sc.hs) } go sc.readFrames() // closed by defer sc.conn.Close above - settingsTimer := time.NewTimer(firstSettingsTimeout) + settingsTimer := time.AfterFunc(firstSettingsTimeout, sc.onSettingsTimer) + defer settingsTimer.Stop() + loopNum := 0 for { loopNum++ select { case wr := <-sc.wantWriteFrameCh: + if se, ok := wr.write.(StreamError); ok { + sc.resetStream(se) + break + } sc.writeFrame(wr) - case spr := <-sc.wantStartPushCh: - sc.startPush(spr) case res := <-sc.wroteFrameCh: sc.wroteFrame(res) case res := <-sc.readFrameCh: @@ -745,26 +820,37 @@ func (sc *serverConn) serve() { return } res.readMore() - if settingsTimer.C != nil { + if settingsTimer != nil { settingsTimer.Stop() - settingsTimer.C = nil + settingsTimer = nil } case m := <-sc.bodyReadCh: sc.noteBodyRead(m.st, m.n) - case <-settingsTimer.C: - sc.logf("timeout waiting for SETTINGS frames from %v", sc.conn.RemoteAddr()) - return - case <-gracefulShutdownCh: - gracefulShutdownCh = nil - sc.startGracefulShutdown() - case <-sc.shutdownTimerCh: - sc.vlogf("GOAWAY close timer fired; closing conn from %v", sc.conn.RemoteAddr()) - return - case <-sc.idleTimerCh: - sc.vlogf("connection is idle") - sc.goAway(ErrCodeNo) - case fn := <-sc.testHookCh: - fn(loopNum) + case msg := <-sc.serveMsgCh: + switch v := msg.(type) { + case func(int): + v(loopNum) // for testing + case *serverMessage: + switch v { + case settingsTimerMsg: + sc.logf("timeout waiting for SETTINGS frames from %v", sc.conn.RemoteAddr()) + return + case idleTimerMsg: + sc.vlogf("connection is idle") + sc.goAway(ErrCodeNo) + case shutdownTimerMsg: + sc.vlogf("GOAWAY close timer fired; closing conn from %v", sc.conn.RemoteAddr()) + return + case gracefulShutdownMsg: + sc.startGracefulShutdownInternal() + default: + panic("unknown timer") + } + case *startPushRequest: + sc.startPush(v) + default: + panic(fmt.Sprintf("unexpected type %T", v)) + } } if sc.inGoAway && sc.curOpenStreams() == 0 && !sc.needToSendGoAway && !sc.writingFrame { @@ -773,6 +859,36 @@ func (sc *serverConn) serve() { } } +func (sc *serverConn) awaitGracefulShutdown(sharedCh <-chan struct{}, privateCh chan struct{}) { + select { + case <-sc.doneServing: + case <-sharedCh: + close(privateCh) + } +} + +type serverMessage int + +// Message values sent to serveMsgCh. +var ( + settingsTimerMsg = new(serverMessage) + idleTimerMsg = new(serverMessage) + shutdownTimerMsg = new(serverMessage) + gracefulShutdownMsg = new(serverMessage) +) + +func (sc *serverConn) onSettingsTimer() { sc.sendServeMsg(settingsTimerMsg) } +func (sc *serverConn) onIdleTimer() { sc.sendServeMsg(idleTimerMsg) } +func (sc *serverConn) onShutdownTimer() { sc.sendServeMsg(shutdownTimerMsg) } + +func (sc *serverConn) sendServeMsg(msg interface{}) { + sc.serveG.checkNotOn() // NOT + select { + case sc.serveMsgCh <- msg: + case <-sc.doneServing: + } +} + // readPreface reads the ClientPreface greeting from the peer // or returns an error on timeout or an invalid greeting. func (sc *serverConn) readPreface() error { @@ -1014,7 +1130,11 @@ func (sc *serverConn) wroteFrame(res frameWriteResult) { // stateClosed after the RST_STREAM frame is // written. st.state = stateHalfClosedLocal - sc.resetStream(streamError(st.id, ErrCodeCancel)) + // Section 8.1: a server MAY request that the client abort + // transmission of a request without error by sending a + // RST_STREAM with an error code of NO_ERROR after sending + // a complete response. + sc.resetStream(streamError(st.id, ErrCodeNo)) case stateHalfClosedRemote: sc.closeStream(st, errHandlerComplete) } @@ -1086,10 +1206,19 @@ func (sc *serverConn) scheduleFrameWrite() { sc.inFrameScheduleLoop = false } -// startGracefulShutdown sends a GOAWAY with ErrCodeNo to tell the -// client we're gracefully shutting down. The connection isn't closed -// until all current streams are done. +// startGracefulShutdown gracefully shuts down a connection. This +// sends GOAWAY with ErrCodeNo to tell the client we're gracefully +// shutting down. The connection isn't closed until all current +// streams are done. +// +// startGracefulShutdown returns immediately; it does not wait until +// the connection has shut down. func (sc *serverConn) startGracefulShutdown() { + sc.serveG.checkNotOn() // NOT + sc.shutdownOnce.Do(func() { sc.sendServeMsg(gracefulShutdownMsg) }) +} + +func (sc *serverConn) startGracefulShutdownInternal() { sc.goAwayIn(ErrCodeNo, 0) } @@ -1121,8 +1250,7 @@ func (sc *serverConn) goAwayIn(code ErrCode, forceCloseIn time.Duration) { func (sc *serverConn) shutDownIn(d time.Duration) { sc.serveG.check() - sc.shutdownTimer = time.NewTimer(d) - sc.shutdownTimerCh = sc.shutdownTimer.C + sc.shutdownTimer = time.AfterFunc(d, sc.onShutdownTimer) } func (sc *serverConn) resetStream(se StreamError) { @@ -1305,6 +1433,9 @@ func (sc *serverConn) closeStream(st *stream, err error) { panic(fmt.Sprintf("invariant; can't close stream in state %v", st.state)) } st.state = stateClosed + if st.writeDeadline != nil { + st.writeDeadline.Stop() + } if st.isPushed() { sc.curPushedStreams-- } else { @@ -1317,7 +1448,7 @@ func (sc *serverConn) closeStream(st *stream, err error) { sc.idleTimer.Reset(sc.srv.IdleTimeout) } if h1ServerKeepAlivesDisabled(sc.hs) { - sc.startGracefulShutdown() + sc.startGracefulShutdownInternal() } } if p := st.body; p != nil { @@ -1395,9 +1526,9 @@ func (sc *serverConn) processSettingInitialWindowSize(val uint32) error { // adjust the size of all stream flow control windows that it // maintains by the difference between the new value and the // old value." - old := sc.initialWindowSize - sc.initialWindowSize = int32(val) - growth := sc.initialWindowSize - old // may be negative + old := sc.initialStreamSendWindowSize + sc.initialStreamSendWindowSize = int32(val) + growth := int32(val) - old // may be negative for _, st := range sc.streams { if !st.flow.add(growth) { // 6.9.2 Initial Flow Control Window Size @@ -1504,7 +1635,7 @@ func (sc *serverConn) processGoAway(f *GoAwayFrame) error { } else { sc.vlogf("http2: received GOAWAY %+v, starting graceful shutdown", f) } - sc.startGracefulShutdown() + sc.startGracefulShutdownInternal() // http://tools.ietf.org/html/rfc7540#section-6.8 // We should not create any new streams, which means we should disable push. sc.pushEnabled = false @@ -1543,6 +1674,12 @@ func (st *stream) copyTrailersToHandlerRequest() { } } +// onWriteTimeout is run on its own goroutine (from time.AfterFunc) +// when the stream's WriteTimeout has fired. +func (st *stream) onWriteTimeout() { + st.sc.writeFrameFromHandler(FrameWriteRequest{write: streamError(st.id, ErrCodeInternal)}) +} + func (sc *serverConn) processHeaders(f *MetaHeadersFrame) error { sc.serveG.check() id := f.StreamID @@ -1719,9 +1856,12 @@ func (sc *serverConn) newStream(id, pusherID uint32, state streamState) *stream } st.cw.Init() st.flow.conn = &sc.flow // link to conn-level counter - st.flow.add(sc.initialWindowSize) - st.inflow.conn = &sc.inflow // link to conn-level counter - st.inflow.add(initialWindowSize) // TODO: update this when we send a higher initial window size in the initial settings + st.flow.add(sc.initialStreamSendWindowSize) + st.inflow.conn = &sc.inflow // link to conn-level counter + st.inflow.add(sc.srv.initialStreamRecvWindowSize()) + if sc.hs.WriteTimeout != 0 { + st.writeDeadline = time.AfterFunc(sc.hs.WriteTimeout, st.onWriteTimeout) + } sc.streams[id] = st sc.writeSched.OpenStream(st.id, OpenStreamOptions{PusherID: pusherID}) @@ -1785,16 +1925,14 @@ func (sc *serverConn) newWriterAndRequest(st *stream, f *MetaHeadersFrame) (*res return nil, nil, err } if bodyOpen { - st.reqBuf = getRequestBodyBuf() - req.Body.(*requestBody).pipe = &pipe{ - b: &fixedBuffer{buf: st.reqBuf}, - } - if vv, ok := rp.header["Content-Length"]; ok { req.ContentLength, _ = strconv.ParseInt(vv[0], 10, 64) } else { req.ContentLength = -1 } + req.Body.(*requestBody).pipe = &pipe{ + b: &dataBuffer{expected: req.ContentLength}, + } } return rw, req, nil } @@ -1890,24 +2028,6 @@ func (sc *serverConn) newWriterAndRequestNoBody(st *stream, rp requestParam) (*r return rw, req, nil } -var reqBodyCache = make(chan []byte, 8) - -func getRequestBodyBuf() []byte { - select { - case b := <-reqBodyCache: - return b - default: - return make([]byte, initialWindowSize) - } -} - -func putRequestBodyBuf(b []byte) { - select { - case reqBodyCache <- b: - default: - } -} - // Run on its own goroutine. func (sc *serverConn) runHandler(rw *responseWriter, req *http.Request, handler func(http.ResponseWriter, *http.Request)) { didPanic := true @@ -2003,12 +2123,6 @@ func (sc *serverConn) noteBodyReadFromHandler(st *stream, n int, err error) { case <-sc.doneServing: } } - if err == io.EOF { - if buf := st.reqBuf; buf != nil { - st.reqBuf = nil // shouldn't matter; field unused by other - putRequestBodyBuf(buf) - } - } } func (sc *serverConn) noteBodyRead(st *stream, n int) { @@ -2103,8 +2217,8 @@ func (b *requestBody) Read(p []byte) (n int, err error) { return } -// responseWriter is the http.ResponseWriter implementation. It's -// intentionally small (1 pointer wide) to minimize garbage. The +// responseWriter is the http.ResponseWriter implementation. It's +// intentionally small (1 pointer wide) to minimize garbage. The // responseWriterState pointer inside is zeroed at the end of a // request (in handlerDone) and calls on the responseWriter thereafter // simply crash (caller's mistake), but the much larger responseWriterState @@ -2278,7 +2392,7 @@ const TrailerPrefix = "Trailer:" // says you SHOULD (but not must) predeclare any trailers in the // header, the official ResponseWriter rules said trailers in Go must // be predeclared, and then we reuse the same ResponseWriter.Header() -// map to mean both Headers and Trailers. When it's time to write the +// map to mean both Headers and Trailers. When it's time to write the // Trailers, we pick out the fields of Headers that were declared as // trailers. That worked for a while, until we found the first major // user of Trailers in the wild: gRPC (using them only over http2), @@ -2514,7 +2628,7 @@ func (w *responseWriter) push(target string, opts pushOptions) error { return fmt.Errorf("method %q must be GET or HEAD", opts.Method) } - msg := startPushRequest{ + msg := &startPushRequest{ parent: st, method: opts.Method, url: u, @@ -2527,7 +2641,7 @@ func (w *responseWriter) push(target string, opts pushOptions) error { return errClientDisconnected case <-st.cw: return errStreamClosed - case sc.wantStartPushCh <- msg: + case sc.serveMsgCh <- msg: } select { @@ -2549,7 +2663,7 @@ type startPushRequest struct { done chan error } -func (sc *serverConn) startPush(msg startPushRequest) { +func (sc *serverConn) startPush(msg *startPushRequest) { sc.serveG.check() // http://tools.ietf.org/html/rfc7540#section-6.6. @@ -2588,7 +2702,7 @@ func (sc *serverConn) startPush(msg startPushRequest) { // A server that is unable to establish a new stream identifier can send a GOAWAY // frame so that the client is forced to open a new connection for new streams. if sc.maxPushPromiseID+2 >= 1<<31 { - sc.startGracefulShutdown() + sc.startGracefulShutdownInternal() return 0, ErrPushLimitReached } sc.maxPushPromiseID += 2 @@ -2713,31 +2827,6 @@ var badTrailer = map[string]bool{ "Www-Authenticate": true, } -// h1ServerShutdownChan returns a channel that will be closed when the -// provided *http.Server wants to shut down. -// -// This is a somewhat hacky way to get at http1 innards. It works -// when the http2 code is bundled into the net/http package in the -// standard library. The alternatives ended up making the cmd/go tool -// depend on http Servers. This is the lightest option for now. -// This is tested via the TestServeShutdown* tests in net/http. -func h1ServerShutdownChan(hs *http.Server) <-chan struct{} { - if fn := testh1ServerShutdownChan; fn != nil { - return fn(hs) - } - var x interface{} = hs - type I interface { - getDoneChan() <-chan struct{} - } - if hs, ok := x.(I); ok { - return hs.getDoneChan() - } - return nil -} - -// optional test hook for h1ServerShutdownChan. -var testh1ServerShutdownChan func(hs *http.Server) <-chan struct{} - // h1ServerKeepAlivesDisabled reports whether hs has its keep-alives // disabled. See comments on h1ServerShutdownChan above for why // the code is written this way. diff --git a/components/engine/vendor/golang.org/x/net/http2/transport.go b/components/engine/vendor/golang.org/x/net/http2/transport.go index 0c7e859db1..3a85f25a20 100644 --- a/components/engine/vendor/golang.org/x/net/http2/transport.go +++ b/components/engine/vendor/golang.org/x/net/http2/transport.go @@ -575,7 +575,7 @@ func (cc *ClientConn) canTakeNewRequestLocked() bool { cc.nextStreamID < math.MaxInt32 } -// onIdleTimeout is called from a time.AfterFunc goroutine. It will +// onIdleTimeout is called from a time.AfterFunc goroutine. It will // only be called when we're idle, but because we're coming from a new // goroutine, there could be a new request coming in at the same time, // so this simply calls the synchronized closeIfIdle to shut down this @@ -809,8 +809,8 @@ func (cc *ClientConn) RoundTrip(req *http.Request) (*http.Response, error) { // 2xx, however, then assume the server DOES potentially // want our body (e.g. full-duplex streaming: // golang.org/issue/13444). If it turns out the server - // doesn't, they'll RST_STREAM us soon enough. This is a - // heuristic to avoid adding knobs to Transport. Hopefully + // doesn't, they'll RST_STREAM us soon enough. This is a + // heuristic to avoid adding knobs to Transport. Hopefully // we can keep it. bodyWriter.cancel() cs.abortRequestBodyWrite(errStopReqBodyWrite) @@ -1528,8 +1528,7 @@ func (rl *clientConnReadLoop) handleResponse(cs *clientStream, f *MetaHeadersFra return res, nil } - buf := new(bytes.Buffer) // TODO(bradfitz): recycle this garbage - cs.bufPipe = pipe{b: buf} + cs.bufPipe = pipe{b: &dataBuffer{expected: res.ContentLength}} cs.bytesRemain = res.ContentLength res.Body = transportResponseBody{cs} go cs.awaitRequestCancel(cs.req) @@ -1656,6 +1655,7 @@ func (b transportResponseBody) Close() error { cc.wmu.Lock() if !serverSentStreamEnd { cc.fr.WriteRSTStream(cs.ID, ErrCodeCancel) + cs.didReset = true } // Return connection-level flow control. if unread > 0 { @@ -1703,12 +1703,6 @@ func (rl *clientConnReadLoop) processData(f *DataFrame) error { return nil } if f.Length > 0 { - if len(data) > 0 && cs.bufPipe.b == nil { - // Data frame after it's already closed? - cc.logf("http2: Transport received DATA frame for closed stream; closing connection") - return ConnectionError(ErrCodeProtocol) - } - // Check connection-level flow control. cc.mu.Lock() if cs.inflow.available() >= int32(f.Length) { diff --git a/components/engine/vendor/golang.org/x/net/http2/writesched_priority.go b/components/engine/vendor/golang.org/x/net/http2/writesched_priority.go index 01132721bd..848fed6ec7 100644 --- a/components/engine/vendor/golang.org/x/net/http2/writesched_priority.go +++ b/components/engine/vendor/golang.org/x/net/http2/writesched_priority.go @@ -53,7 +53,7 @@ type PriorityWriteSchedulerConfig struct { } // NewPriorityWriteScheduler constructs a WriteScheduler that schedules -// frames by following HTTP/2 priorities as described in RFC 7340 Section 5.3. +// frames by following HTTP/2 priorities as described in RFC 7540 Section 5.3. // If cfg is nil, default options are used. func NewPriorityWriteScheduler(cfg *PriorityWriteSchedulerConfig) WriteScheduler { if cfg == nil { diff --git a/components/engine/vendor/golang.org/x/net/idna/idna.go b/components/engine/vendor/golang.org/x/net/idna/idna.go index 47466e947a..ee2dbda6d0 100644 --- a/components/engine/vendor/golang.org/x/net/idna/idna.go +++ b/components/engine/vendor/golang.org/x/net/idna/idna.go @@ -1,4 +1,4 @@ -// Copied from the golang.org/x/text repo; DO NOT EDIT +// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. // Copyright 2016 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style @@ -39,27 +39,24 @@ import ( // error in the future. // I think Option 1 is best, but it is quite opinionated. -// ToASCII converts a domain or domain label to its ASCII form. For example, -// ToASCII("bücher.example.com") is "xn--bcher-kva.example.com", and -// ToASCII("golang") is "golang". If an error is encountered it will return -// an error and a (partially) processed result. +// ToASCII is a wrapper for Punycode.ToASCII. func ToASCII(s string) (string, error) { - return Resolve.process(s, true) + return Punycode.process(s, true) } -// ToUnicode converts a domain or domain label to its Unicode form. For example, -// ToUnicode("xn--bcher-kva.example.com") is "bücher.example.com", and -// ToUnicode("golang") is "golang". If an error is encountered it will return -// an error and a (partially) processed result. +// ToUnicode is a wrapper for Punycode.ToUnicode. func ToUnicode(s string) (string, error) { - return NonTransitional.process(s, false) + return Punycode.process(s, false) } // An Option configures a Profile at creation time. type Option func(*options) -// Transitional sets a Profile to use the Transitional mapping as defined -// in UTS #46. +// Transitional sets a Profile to use the Transitional mapping as defined in UTS +// #46. This will cause, for example, "ß" to be mapped to "ss". Using the +// transitional mapping provides a compromise between IDNA2003 and IDNA2008 +// compatibility. It is used by most browsers when resolving domain names. This +// option is only meaningful if combined with MapForLookup. func Transitional(transitional bool) Option { return func(o *options) { o.transitional = true } } @@ -70,19 +67,93 @@ func VerifyDNSLength(verify bool) Option { return func(o *options) { o.verifyDNSLength = verify } } -// IgnoreSTD3Rules sets whether ASCII characters outside the A-Z, a-z, 0-9 and -// the hyphen should be allowed. By default this is not allowed, but IDNA2003, -// and as a consequence UTS #46, allows this to be overridden to support -// browsers that allow characters outside this range, for example a '_' (U+005F -// LOW LINE). See http://www.rfc- editor.org/std/std3.txt for more details. -func IgnoreSTD3Rules(ignore bool) Option { - return func(o *options) { o.ignoreSTD3Rules = ignore } +// ValidateLabels sets whether to check the mandatory label validation criteria +// as defined in Section 5.4 of RFC 5891. This includes testing for correct use +// of hyphens ('-'), normalization, validity of runes, and the context rules. +func ValidateLabels(enable bool) Option { + return func(o *options) { + // Don't override existing mappings, but set one that at least checks + // normalization if it is not set. + if o.mapping == nil && enable { + o.mapping = normalize + } + o.trie = trie + o.validateLabels = enable + o.fromPuny = validateFromPunycode + } +} + +// StrictDomainName limits the set of permissable ASCII characters to those +// allowed in domain names as defined in RFC 1034 (A-Z, a-z, 0-9 and the +// hyphen). This is set by default for MapForLookup and ValidateForRegistration. +// +// This option is useful, for instance, for browsers that allow characters +// outside this range, for example a '_' (U+005F LOW LINE). See +// http://www.rfc-editor.org/std/std3.txt for more details This option +// corresponds to the UseSTD3ASCIIRules option in UTS #46. +func StrictDomainName(use bool) Option { + return func(o *options) { + o.trie = trie + o.useSTD3Rules = use + o.fromPuny = validateFromPunycode + } +} + +// NOTE: the following options pull in tables. The tables should not be linked +// in as long as the options are not used. + +// BidiRule enables the Bidi rule as defined in RFC 5893. Any application +// that relies on proper validation of labels should include this rule. +func BidiRule() Option { + return func(o *options) { o.bidirule = bidirule.ValidString } +} + +// ValidateForRegistration sets validation options to verify that a given IDN is +// properly formatted for registration as defined by Section 4 of RFC 5891. +func ValidateForRegistration() Option { + return func(o *options) { + o.mapping = validateRegistration + StrictDomainName(true)(o) + ValidateLabels(true)(o) + VerifyDNSLength(true)(o) + BidiRule()(o) + } +} + +// MapForLookup sets validation and mapping options such that a given IDN is +// transformed for domain name lookup according to the requirements set out in +// Section 5 of RFC 5891. The mappings follow the recommendations of RFC 5894, +// RFC 5895 and UTS 46. It does not add the Bidi Rule. Use the BidiRule option +// to add this check. +// +// The mappings include normalization and mapping case, width and other +// compatibility mappings. +func MapForLookup() Option { + return func(o *options) { + o.mapping = validateAndMap + StrictDomainName(true)(o) + ValidateLabels(true)(o) + } } type options struct { transitional bool - ignoreSTD3Rules bool + useSTD3Rules bool + validateLabels bool verifyDNSLength bool + + trie *idnaTrie + + // fromPuny calls validation rules when converting A-labels to U-labels. + fromPuny func(p *Profile, s string) error + + // mapping implements a validation and mapping step as defined in RFC 5895 + // or UTS 46, tailored to, for example, domain registration or lookup. + mapping func(p *Profile, s string) (string, error) + + // bidirule, if specified, checks whether s conforms to the Bidi Rule + // defined in RFC 5893. + bidirule func(s string) bool } // A Profile defines the configuration of a IDNA mapper. @@ -97,8 +168,13 @@ func apply(o *options, opts []Option) { } // New creates a new Profile. -// With no options, the returned profile is the non-transitional profile as -// defined in UTS #46. +// +// With no options, the returned Profile is the most permissive and equals the +// Punycode Profile. Options can be passed to further restrict the Profile. The +// MapForLookup and ValidateForRegistration options set a collection of options, +// for lookup and registration purposes respectively, which can be tailored by +// adding more fine-grained options, where later options override earlier +// options. func New(o ...Option) *Profile { p := &Profile{} apply(&p.options, o) @@ -132,33 +208,67 @@ func (p *Profile) String() string { } else { s = "NonTransitional" } - if p.ignoreSTD3Rules { - s += ":NoSTD3Rules" + if p.useSTD3Rules { + s += ":UseSTD3Rules" + } + if p.validateLabels { + s += ":ValidateLabels" + } + if p.verifyDNSLength { + s += ":VerifyDNSLength" } return s } var ( - // Resolve is the recommended profile for resolving domain names. - // The configuration of this profile may change over time. - Resolve = resolve + // Punycode is a Profile that does raw punycode processing with a minimum + // of validation. + Punycode *Profile = punycode + + // Lookup is the recommended profile for looking up domain names, according + // to Section 5 of RFC 5891. The exact configuration of this profile may + // change over time. + Lookup *Profile = lookup // Display is the recommended profile for displaying domain names. // The configuration of this profile may change over time. - Display = display + Display *Profile = display - // NonTransitional defines a profile that implements the Transitional - // mapping as defined in UTS #46 with no additional constraints. - NonTransitional = nonTransitional + // Registration is the recommended profile for checking whether a given + // IDN is valid for registration, according to Section 4 of RFC 5891. + Registration *Profile = registration - resolve = &Profile{options{transitional: true}} - display = &Profile{} - nonTransitional = &Profile{} + punycode = &Profile{} + lookup = &Profile{options{ + transitional: true, + useSTD3Rules: true, + validateLabels: true, + trie: trie, + fromPuny: validateFromPunycode, + mapping: validateAndMap, + bidirule: bidirule.ValidString, + }} + display = &Profile{options{ + useSTD3Rules: true, + validateLabels: true, + trie: trie, + fromPuny: validateFromPunycode, + mapping: validateAndMap, + bidirule: bidirule.ValidString, + }} + registration = &Profile{options{ + useSTD3Rules: true, + validateLabels: true, + verifyDNSLength: true, + trie: trie, + fromPuny: validateFromPunycode, + mapping: validateRegistration, + bidirule: bidirule.ValidString, + }} // TODO: profiles - // V2008: strict IDNA2008 - // Register: recommended for approving domain names: nontransitional, but - // bundle or block deviation characters. + // Register: recommended for approving domain names: don't do any mappings + // but rather reject on invalid input. Bundle or block deviation characters. ) type labelError struct{ label, code_ string } @@ -178,12 +288,117 @@ func (e runeError) Error() string { // process implements the algorithm described in section 4 of UTS #46, // see http://www.unicode.org/reports/tr46. func (p *Profile) process(s string, toASCII bool) (string, error) { + var err error + if p.mapping != nil { + s, err = p.mapping(p, s) + } + // Remove leading empty labels. + for ; len(s) > 0 && s[0] == '.'; s = s[1:] { + } + // It seems like we should only create this error on ToASCII, but the + // UTS 46 conformance tests suggests we should always check this. + if err == nil && p.verifyDNSLength && s == "" { + err = &labelError{s, "A4"} + } + labels := labelIter{orig: s} + for ; !labels.done(); labels.next() { + label := labels.label() + if label == "" { + // Empty labels are not okay. The label iterator skips the last + // label if it is empty. + if err == nil && p.verifyDNSLength { + err = &labelError{s, "A4"} + } + continue + } + if strings.HasPrefix(label, acePrefix) { + u, err2 := decode(label[len(acePrefix):]) + if err2 != nil { + if err == nil { + err = err2 + } + // Spec says keep the old label. + continue + } + labels.set(u) + if err == nil && p.validateLabels { + err = p.fromPuny(p, u) + } + if err == nil { + // This should be called on NonTransitional, according to the + // spec, but that currently does not have any effect. Use the + // original profile to preserve options. + err = p.validateLabel(u) + } + } else if err == nil { + err = p.validateLabel(label) + } + } + if toASCII { + for labels.reset(); !labels.done(); labels.next() { + label := labels.label() + if !ascii(label) { + a, err2 := encode(acePrefix, label) + if err == nil { + err = err2 + } + label = a + labels.set(a) + } + n := len(label) + if p.verifyDNSLength && err == nil && (n == 0 || n > 63) { + err = &labelError{label, "A4"} + } + } + } + s = labels.result() + if toASCII && p.verifyDNSLength && err == nil { + // Compute the length of the domain name minus the root label and its dot. + n := len(s) + if n > 0 && s[n-1] == '.' { + n-- + } + if len(s) < 1 || n > 253 { + err = &labelError{s, "A4"} + } + } + return s, err +} + +func normalize(p *Profile, s string) (string, error) { + return norm.NFC.String(s), nil +} + +func validateRegistration(p *Profile, s string) (string, error) { + if !norm.NFC.IsNormalString(s) { + return s, &labelError{s, "V1"} + } + var err error + for i := 0; i < len(s); { + v, sz := trie.lookupString(s[i:]) + i += sz + // Copy bytes not copied so far. + switch p.simplify(info(v).category()) { + // TODO: handle the NV8 defined in the Unicode idna data set to allow + // for strict conformance to IDNA2008. + case valid, deviation: + case disallowed, mapped, unknown, ignored: + if err == nil { + r, _ := utf8.DecodeRuneInString(s[i:]) + err = runeError(r) + } + } + } + return s, err +} + +func validateAndMap(p *Profile, s string) (string, error) { var ( - b []byte - err error - k, i int + err error + b []byte + k int ) - for i < len(s) { + for i := 0; i < len(s); { v, sz := trie.lookupString(s[i:]) start := i i += sz @@ -220,71 +435,6 @@ func (p *Profile) process(s string, toASCII bool) (string, error) { // TODO: the punycode converters require strings as input. s = string(b) } - // Remove leading empty labels - for ; len(s) > 0 && s[0] == '.'; s = s[1:] { - } - if s == "" { - return "", &labelError{s, "A4"} - } - labels := labelIter{orig: s} - for ; !labels.done(); labels.next() { - label := labels.label() - if label == "" { - // Empty labels are not okay. The label iterator skips the last - // label if it is empty. - if err == nil { - err = &labelError{s, "A4"} - } - continue - } - if strings.HasPrefix(label, acePrefix) { - u, err2 := decode(label[len(acePrefix):]) - if err2 != nil { - if err == nil { - err = err2 - } - // Spec says keep the old label. - continue - } - labels.set(u) - if err == nil { - err = p.validateFromPunycode(u) - } - if err == nil { - err = NonTransitional.validate(u) - } - } else if err == nil { - err = p.validate(label) - } - } - if toASCII { - for labels.reset(); !labels.done(); labels.next() { - label := labels.label() - if !ascii(label) { - a, err2 := encode(acePrefix, label) - if err == nil { - err = err2 - } - label = a - labels.set(a) - } - n := len(label) - if p.verifyDNSLength && err == nil && (n == 0 || n > 63) { - err = &labelError{label, "A4"} - } - } - } - s = labels.result() - if toASCII && p.verifyDNSLength && err == nil { - // Compute the length of the domain name minus the root label and its dot. - n := len(s) - if n > 0 && s[n-1] == '.' { - n-- - } - if len(s) < 1 || n > 253 { - err = &labelError{s, "A4"} - } - } return s, err } @@ -354,13 +504,13 @@ const acePrefix = "xn--" func (p *Profile) simplify(cat category) category { switch cat { case disallowedSTD3Mapped: - if !p.ignoreSTD3Rules { + if p.useSTD3Rules { cat = disallowed } else { cat = mapped } case disallowedSTD3Valid: - if !p.ignoreSTD3Rules { + if p.useSTD3Rules { cat = disallowed } else { cat = valid @@ -376,7 +526,7 @@ func (p *Profile) simplify(cat category) category { return cat } -func (p *Profile) validateFromPunycode(s string) error { +func validateFromPunycode(p *Profile, s string) error { if !norm.NFC.IsNormalString(s) { return &labelError{s, "V1"} } @@ -452,9 +602,22 @@ var joinStates = [][numJoinTypes]joinState{ }, } -// validate validates the criteria from Section 4.1. Item 1, 4, and 6 are +// validateLabel validates the criteria from Section 4.1. Item 1, 4, and 6 are // already implicitly satisfied by the overall implementation. -func (p *Profile) validate(s string) error { +func (p *Profile) validateLabel(s string) error { + if s == "" { + if p.verifyDNSLength { + return &labelError{s, "A4"} + } + return nil + } + if p.bidirule != nil && !p.bidirule(s) { + return &labelError{s, "B"} + } + if !p.validateLabels { + return nil + } + trie := p.trie // p.validateLabels is only set if trie is set. if len(s) > 4 && s[2] == '-' && s[3] == '-' { return &labelError{s, "V2"} } @@ -467,9 +630,6 @@ func (p *Profile) validate(s string) error { if x.isModifier() { return &labelError{s, "V5"} } - if !bidirule.ValidString(s) { - return &labelError{s, "B"} - } // Quickly return in the absence of zero-width (non) joiners. if strings.Index(s, zwj) == -1 && strings.Index(s, zwnj) == -1 { return nil diff --git a/components/engine/vendor/golang.org/x/net/idna/punycode.go b/components/engine/vendor/golang.org/x/net/idna/punycode.go index df3411a5bc..02c7d59af3 100644 --- a/components/engine/vendor/golang.org/x/net/idna/punycode.go +++ b/components/engine/vendor/golang.org/x/net/idna/punycode.go @@ -1,4 +1,4 @@ -// Copied from the golang.org/x/text repo; DO NOT EDIT +// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. // Copyright 2016 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style diff --git a/components/engine/vendor/golang.org/x/net/idna/tables.go b/components/engine/vendor/golang.org/x/net/idna/tables.go index 663d73c531..d2819345fc 100644 --- a/components/engine/vendor/golang.org/x/net/idna/tables.go +++ b/components/engine/vendor/golang.org/x/net/idna/tables.go @@ -1,6 +1,4 @@ -// Copied from the golang.org/x/text repo; DO NOT EDIT - -// This file was generated by go generate; DO NOT EDIT +// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. package idna diff --git a/components/engine/vendor/golang.org/x/net/idna/trie.go b/components/engine/vendor/golang.org/x/net/idna/trie.go index 6d37998f5d..c4ef847e7a 100644 --- a/components/engine/vendor/golang.org/x/net/idna/trie.go +++ b/components/engine/vendor/golang.org/x/net/idna/trie.go @@ -1,4 +1,4 @@ -// Copied from the golang.org/x/text repo; DO NOT EDIT +// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. // Copyright 2016 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style @@ -44,7 +44,8 @@ var idnaSparse = sparseBlocks{ offset: idnaSparseOffset[:], } -var trie = newIdnaTrie(0) +// Don't use newIdnaTrie to avoid unconditional linking in of the table. +var trie = &idnaTrie{} // lookup determines the type of block n and looks up the value for b. // For n < t.cutoff, the block is a simple lookup table. Otherwise, the block diff --git a/components/engine/vendor/golang.org/x/net/idna/trieval.go b/components/engine/vendor/golang.org/x/net/idna/trieval.go index d1b3256c8b..63cb03b59b 100644 --- a/components/engine/vendor/golang.org/x/net/idna/trieval.go +++ b/components/engine/vendor/golang.org/x/net/idna/trieval.go @@ -1,6 +1,4 @@ -// Copied from the golang.org/x/text repo; DO NOT EDIT - -// This file was generated by go generate; DO NOT EDIT +// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT. package idna diff --git a/components/engine/vendor/golang.org/x/net/internal/timeseries/timeseries.go b/components/engine/vendor/golang.org/x/net/internal/timeseries/timeseries.go index 1119f34482..685f0e7ea2 100644 --- a/components/engine/vendor/golang.org/x/net/internal/timeseries/timeseries.go +++ b/components/engine/vendor/golang.org/x/net/internal/timeseries/timeseries.go @@ -371,7 +371,7 @@ func (ts *timeSeries) ComputeRange(start, finish time.Time, num int) []Observabl } } - // Failed to find a level that covers the desired range. So just + // Failed to find a level that covers the desired range. So just // extract from the last level, even if it doesn't cover the entire // desired range. ts.extract(ts.levels[len(ts.levels)-1], start, finish, num, results) diff --git a/components/engine/vendor/golang.org/x/net/proxy/socks5.go b/components/engine/vendor/golang.org/x/net/proxy/socks5.go index 9b9628239a..973f57f197 100644 --- a/components/engine/vendor/golang.org/x/net/proxy/socks5.go +++ b/components/engine/vendor/golang.org/x/net/proxy/socks5.go @@ -72,24 +72,28 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) { if err != nil { return nil, err } - closeConn := &conn - defer func() { - if closeConn != nil { - (*closeConn).Close() - } - }() - - host, portStr, err := net.SplitHostPort(addr) - if err != nil { + if err := s.connect(conn, addr); err != nil { + conn.Close() return nil, err } + return conn, nil +} + +// connect takes an existing connection to a socks5 proxy server, +// and commands the server to extend that connection to target, +// which must be a canonical address with a host and port. +func (s *socks5) connect(conn net.Conn, target string) error { + host, portStr, err := net.SplitHostPort(target) + if err != nil { + return err + } port, err := strconv.Atoi(portStr) if err != nil { - return nil, errors.New("proxy: failed to parse port number: " + portStr) + return errors.New("proxy: failed to parse port number: " + portStr) } if port < 1 || port > 0xffff { - return nil, errors.New("proxy: port number out of range: " + portStr) + return errors.New("proxy: port number out of range: " + portStr) } // the size here is just an estimate @@ -103,17 +107,17 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) { } if _, err := conn.Write(buf); err != nil { - return nil, errors.New("proxy: failed to write greeting to SOCKS5 proxy at " + s.addr + ": " + err.Error()) + return errors.New("proxy: failed to write greeting to SOCKS5 proxy at " + s.addr + ": " + err.Error()) } if _, err := io.ReadFull(conn, buf[:2]); err != nil { - return nil, errors.New("proxy: failed to read greeting from SOCKS5 proxy at " + s.addr + ": " + err.Error()) + return errors.New("proxy: failed to read greeting from SOCKS5 proxy at " + s.addr + ": " + err.Error()) } if buf[0] != 5 { - return nil, errors.New("proxy: SOCKS5 proxy at " + s.addr + " has unexpected version " + strconv.Itoa(int(buf[0]))) + return errors.New("proxy: SOCKS5 proxy at " + s.addr + " has unexpected version " + strconv.Itoa(int(buf[0]))) } if buf[1] == 0xff { - return nil, errors.New("proxy: SOCKS5 proxy at " + s.addr + " requires authentication") + return errors.New("proxy: SOCKS5 proxy at " + s.addr + " requires authentication") } if buf[1] == socks5AuthPassword { @@ -125,15 +129,15 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) { buf = append(buf, s.password...) if _, err := conn.Write(buf); err != nil { - return nil, errors.New("proxy: failed to write authentication request to SOCKS5 proxy at " + s.addr + ": " + err.Error()) + return errors.New("proxy: failed to write authentication request to SOCKS5 proxy at " + s.addr + ": " + err.Error()) } if _, err := io.ReadFull(conn, buf[:2]); err != nil { - return nil, errors.New("proxy: failed to read authentication reply from SOCKS5 proxy at " + s.addr + ": " + err.Error()) + return errors.New("proxy: failed to read authentication reply from SOCKS5 proxy at " + s.addr + ": " + err.Error()) } if buf[1] != 0 { - return nil, errors.New("proxy: SOCKS5 proxy at " + s.addr + " rejected username/password") + return errors.New("proxy: SOCKS5 proxy at " + s.addr + " rejected username/password") } } @@ -150,7 +154,7 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) { buf = append(buf, ip...) } else { if len(host) > 255 { - return nil, errors.New("proxy: destination hostname too long: " + host) + return errors.New("proxy: destination hostname too long: " + host) } buf = append(buf, socks5Domain) buf = append(buf, byte(len(host))) @@ -159,11 +163,11 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) { buf = append(buf, byte(port>>8), byte(port)) if _, err := conn.Write(buf); err != nil { - return nil, errors.New("proxy: failed to write connect request to SOCKS5 proxy at " + s.addr + ": " + err.Error()) + return errors.New("proxy: failed to write connect request to SOCKS5 proxy at " + s.addr + ": " + err.Error()) } if _, err := io.ReadFull(conn, buf[:4]); err != nil { - return nil, errors.New("proxy: failed to read connect reply from SOCKS5 proxy at " + s.addr + ": " + err.Error()) + return errors.New("proxy: failed to read connect reply from SOCKS5 proxy at " + s.addr + ": " + err.Error()) } failure := "unknown error" @@ -172,7 +176,7 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) { } if len(failure) > 0 { - return nil, errors.New("proxy: SOCKS5 proxy at " + s.addr + " failed to connect: " + failure) + return errors.New("proxy: SOCKS5 proxy at " + s.addr + " failed to connect: " + failure) } bytesToDiscard := 0 @@ -184,11 +188,11 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) { case socks5Domain: _, err := io.ReadFull(conn, buf[:1]) if err != nil { - return nil, errors.New("proxy: failed to read domain length from SOCKS5 proxy at " + s.addr + ": " + err.Error()) + return errors.New("proxy: failed to read domain length from SOCKS5 proxy at " + s.addr + ": " + err.Error()) } bytesToDiscard = int(buf[0]) default: - return nil, errors.New("proxy: got unknown address type " + strconv.Itoa(int(buf[3])) + " from SOCKS5 proxy at " + s.addr) + return errors.New("proxy: got unknown address type " + strconv.Itoa(int(buf[3])) + " from SOCKS5 proxy at " + s.addr) } if cap(buf) < bytesToDiscard { @@ -197,14 +201,13 @@ func (s *socks5) Dial(network, addr string) (net.Conn, error) { buf = buf[:bytesToDiscard] } if _, err := io.ReadFull(conn, buf); err != nil { - return nil, errors.New("proxy: failed to read address from SOCKS5 proxy at " + s.addr + ": " + err.Error()) + return errors.New("proxy: failed to read address from SOCKS5 proxy at " + s.addr + ": " + err.Error()) } // Also need to discard the port number if _, err := io.ReadFull(conn, buf[:2]); err != nil { - return nil, errors.New("proxy: failed to read port from SOCKS5 proxy at " + s.addr + ": " + err.Error()) + return errors.New("proxy: failed to read port from SOCKS5 proxy at " + s.addr + ": " + err.Error()) } - closeConn = nil - return conn, nil + return nil } diff --git a/components/engine/vendor/golang.org/x/net/trace/trace.go b/components/engine/vendor/golang.org/x/net/trace/trace.go index 64f56a3736..3d9b646111 100644 --- a/components/engine/vendor/golang.org/x/net/trace/trace.go +++ b/components/engine/vendor/golang.org/x/net/trace/trace.go @@ -77,7 +77,6 @@ import ( "sync/atomic" "time" - "golang.org/x/net/context" "golang.org/x/net/internal/timeseries" ) @@ -271,18 +270,6 @@ type contextKeyT string var contextKey = contextKeyT("golang.org/x/net/trace.Trace") -// NewContext returns a copy of the parent context -// and associates it with a Trace. -func NewContext(ctx context.Context, tr Trace) context.Context { - return context.WithValue(ctx, contextKey, tr) -} - -// FromContext returns the Trace bound to the context, if any. -func FromContext(ctx context.Context) (tr Trace, ok bool) { - tr, ok = ctx.Value(contextKey).(Trace) - return -} - // Trace represents an active request. type Trace interface { // LazyLog adds x to the event log. It will be evaluated each time the diff --git a/components/engine/vendor/golang.org/x/net/trace/trace_go16.go b/components/engine/vendor/golang.org/x/net/trace/trace_go16.go new file mode 100644 index 0000000000..d608191185 --- /dev/null +++ b/components/engine/vendor/golang.org/x/net/trace/trace_go16.go @@ -0,0 +1,21 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build !go1.7 + +package trace + +import "golang.org/x/net/context" + +// NewContext returns a copy of the parent context +// and associates it with a Trace. +func NewContext(ctx context.Context, tr Trace) context.Context { + return context.WithValue(ctx, contextKey, tr) +} + +// FromContext returns the Trace bound to the context, if any. +func FromContext(ctx context.Context) (tr Trace, ok bool) { + tr, ok = ctx.Value(contextKey).(Trace) + return +} diff --git a/components/engine/vendor/golang.org/x/net/trace/trace_go17.go b/components/engine/vendor/golang.org/x/net/trace/trace_go17.go new file mode 100644 index 0000000000..df6e1fba7c --- /dev/null +++ b/components/engine/vendor/golang.org/x/net/trace/trace_go17.go @@ -0,0 +1,21 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build go1.7 + +package trace + +import "context" + +// NewContext returns a copy of the parent context +// and associates it with a Trace. +func NewContext(ctx context.Context, tr Trace) context.Context { + return context.WithValue(ctx, contextKey, tr) +} + +// FromContext returns the Trace bound to the context, if any. +func FromContext(ctx context.Context) (tr Trace, ok bool) { + tr, ok = ctx.Value(contextKey).(Trace) + return +} diff --git a/components/engine/vendor/google.golang.org/genproto/googleapis/api/distribution/distribution.pb.go b/components/engine/vendor/google.golang.org/genproto/googleapis/api/distribution/distribution.pb.go new file mode 100644 index 0000000000..1ff5823f8c --- /dev/null +++ b/components/engine/vendor/google.golang.org/genproto/googleapis/api/distribution/distribution.pb.go @@ -0,0 +1,507 @@ +// Code generated by protoc-gen-go. +// source: google/api/distribution.proto +// DO NOT EDIT! + +/* +Package distribution is a generated protocol buffer package. + +It is generated from these files: + google/api/distribution.proto + +It has these top-level messages: + Distribution +*/ +package distribution + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" +import _ "google.golang.org/genproto/googleapis/api/annotations" +import _ "github.com/golang/protobuf/ptypes/any" +import _ "github.com/golang/protobuf/ptypes/timestamp" + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package + +// Distribution contains summary statistics for a population of values and, +// optionally, a histogram representing the distribution of those values across +// a specified set of histogram buckets. +// +// The summary statistics are the count, mean, sum of the squared deviation from +// the mean, the minimum, and the maximum of the set of population of values. +// +// The histogram is based on a sequence of buckets and gives a count of values +// that fall into each bucket. The boundaries of the buckets are given either +// explicitly or by specifying parameters for a method of computing them +// (buckets of fixed width or buckets of exponentially increasing width). +// +// Although it is not forbidden, it is generally a bad idea to include +// non-finite values (infinities or NaNs) in the population of values, as this +// will render the `mean` and `sum_of_squared_deviation` fields meaningless. +type Distribution struct { + // The number of values in the population. Must be non-negative. + Count int64 `protobuf:"varint,1,opt,name=count" json:"count,omitempty"` + // The arithmetic mean of the values in the population. If `count` is zero + // then this field must be zero. + Mean float64 `protobuf:"fixed64,2,opt,name=mean" json:"mean,omitempty"` + // The sum of squared deviations from the mean of the values in the + // population. For values x_i this is: + // + // Sum[i=1..n]((x_i - mean)^2) + // + // Knuth, "The Art of Computer Programming", Vol. 2, page 323, 3rd edition + // describes Welford's method for accumulating this sum in one pass. + // + // If `count` is zero then this field must be zero. + SumOfSquaredDeviation float64 `protobuf:"fixed64,3,opt,name=sum_of_squared_deviation,json=sumOfSquaredDeviation" json:"sum_of_squared_deviation,omitempty"` + // If specified, contains the range of the population values. The field + // must not be present if the `count` is zero. + Range *Distribution_Range `protobuf:"bytes,4,opt,name=range" json:"range,omitempty"` + // Defines the histogram bucket boundaries. + BucketOptions *Distribution_BucketOptions `protobuf:"bytes,6,opt,name=bucket_options,json=bucketOptions" json:"bucket_options,omitempty"` + // If `bucket_options` is given, then the sum of the values in `bucket_counts` + // must equal the value in `count`. If `bucket_options` is not given, no + // `bucket_counts` fields may be given. + // + // Bucket counts are given in order under the numbering scheme described + // above (the underflow bucket has number 0; the finite buckets, if any, + // have numbers 1 through N-2; the overflow bucket has number N-1). + // + // The size of `bucket_counts` must be no greater than N as defined in + // `bucket_options`. + // + // Any suffix of trailing zero bucket_count fields may be omitted. + BucketCounts []int64 `protobuf:"varint,7,rep,packed,name=bucket_counts,json=bucketCounts" json:"bucket_counts,omitempty"` +} + +func (m *Distribution) Reset() { *m = Distribution{} } +func (m *Distribution) String() string { return proto.CompactTextString(m) } +func (*Distribution) ProtoMessage() {} +func (*Distribution) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} } + +func (m *Distribution) GetCount() int64 { + if m != nil { + return m.Count + } + return 0 +} + +func (m *Distribution) GetMean() float64 { + if m != nil { + return m.Mean + } + return 0 +} + +func (m *Distribution) GetSumOfSquaredDeviation() float64 { + if m != nil { + return m.SumOfSquaredDeviation + } + return 0 +} + +func (m *Distribution) GetRange() *Distribution_Range { + if m != nil { + return m.Range + } + return nil +} + +func (m *Distribution) GetBucketOptions() *Distribution_BucketOptions { + if m != nil { + return m.BucketOptions + } + return nil +} + +func (m *Distribution) GetBucketCounts() []int64 { + if m != nil { + return m.BucketCounts + } + return nil +} + +// The range of the population values. +type Distribution_Range struct { + // The minimum of the population values. + Min float64 `protobuf:"fixed64,1,opt,name=min" json:"min,omitempty"` + // The maximum of the population values. + Max float64 `protobuf:"fixed64,2,opt,name=max" json:"max,omitempty"` +} + +func (m *Distribution_Range) Reset() { *m = Distribution_Range{} } +func (m *Distribution_Range) String() string { return proto.CompactTextString(m) } +func (*Distribution_Range) ProtoMessage() {} +func (*Distribution_Range) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0, 0} } + +func (m *Distribution_Range) GetMin() float64 { + if m != nil { + return m.Min + } + return 0 +} + +func (m *Distribution_Range) GetMax() float64 { + if m != nil { + return m.Max + } + return 0 +} + +// A Distribution may optionally contain a histogram of the values in the +// population. The histogram is given in `bucket_counts` as counts of values +// that fall into one of a sequence of non-overlapping buckets. The sequence +// of buckets is described by `bucket_options`. +// +// A bucket specifies an inclusive lower bound and exclusive upper bound for +// the values that are counted for that bucket. The upper bound of a bucket +// is strictly greater than the lower bound. +// +// The sequence of N buckets for a Distribution consists of an underflow +// bucket (number 0), zero or more finite buckets (number 1 through N - 2) and +// an overflow bucket (number N - 1). The buckets are contiguous: the lower +// bound of bucket i (i > 0) is the same as the upper bound of bucket i - 1. +// The buckets span the whole range of finite values: lower bound of the +// underflow bucket is -infinity and the upper bound of the overflow bucket is +// +infinity. The finite buckets are so-called because both bounds are +// finite. +// +// `BucketOptions` describes bucket boundaries in one of three ways. Two +// describe the boundaries by giving parameters for a formula to generate +// boundaries and one gives the bucket boundaries explicitly. +// +// If `bucket_boundaries` is not given, then no `bucket_counts` may be given. +type Distribution_BucketOptions struct { + // Exactly one of these three fields must be set. + // + // Types that are valid to be assigned to Options: + // *Distribution_BucketOptions_LinearBuckets + // *Distribution_BucketOptions_ExponentialBuckets + // *Distribution_BucketOptions_ExplicitBuckets + Options isDistribution_BucketOptions_Options `protobuf_oneof:"options"` +} + +func (m *Distribution_BucketOptions) Reset() { *m = Distribution_BucketOptions{} } +func (m *Distribution_BucketOptions) String() string { return proto.CompactTextString(m) } +func (*Distribution_BucketOptions) ProtoMessage() {} +func (*Distribution_BucketOptions) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0, 1} } + +type isDistribution_BucketOptions_Options interface { + isDistribution_BucketOptions_Options() +} + +type Distribution_BucketOptions_LinearBuckets struct { + LinearBuckets *Distribution_BucketOptions_Linear `protobuf:"bytes,1,opt,name=linear_buckets,json=linearBuckets,oneof"` +} +type Distribution_BucketOptions_ExponentialBuckets struct { + ExponentialBuckets *Distribution_BucketOptions_Exponential `protobuf:"bytes,2,opt,name=exponential_buckets,json=exponentialBuckets,oneof"` +} +type Distribution_BucketOptions_ExplicitBuckets struct { + ExplicitBuckets *Distribution_BucketOptions_Explicit `protobuf:"bytes,3,opt,name=explicit_buckets,json=explicitBuckets,oneof"` +} + +func (*Distribution_BucketOptions_LinearBuckets) isDistribution_BucketOptions_Options() {} +func (*Distribution_BucketOptions_ExponentialBuckets) isDistribution_BucketOptions_Options() {} +func (*Distribution_BucketOptions_ExplicitBuckets) isDistribution_BucketOptions_Options() {} + +func (m *Distribution_BucketOptions) GetOptions() isDistribution_BucketOptions_Options { + if m != nil { + return m.Options + } + return nil +} + +func (m *Distribution_BucketOptions) GetLinearBuckets() *Distribution_BucketOptions_Linear { + if x, ok := m.GetOptions().(*Distribution_BucketOptions_LinearBuckets); ok { + return x.LinearBuckets + } + return nil +} + +func (m *Distribution_BucketOptions) GetExponentialBuckets() *Distribution_BucketOptions_Exponential { + if x, ok := m.GetOptions().(*Distribution_BucketOptions_ExponentialBuckets); ok { + return x.ExponentialBuckets + } + return nil +} + +func (m *Distribution_BucketOptions) GetExplicitBuckets() *Distribution_BucketOptions_Explicit { + if x, ok := m.GetOptions().(*Distribution_BucketOptions_ExplicitBuckets); ok { + return x.ExplicitBuckets + } + return nil +} + +// XXX_OneofFuncs is for the internal use of the proto package. +func (*Distribution_BucketOptions) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) { + return _Distribution_BucketOptions_OneofMarshaler, _Distribution_BucketOptions_OneofUnmarshaler, _Distribution_BucketOptions_OneofSizer, []interface{}{ + (*Distribution_BucketOptions_LinearBuckets)(nil), + (*Distribution_BucketOptions_ExponentialBuckets)(nil), + (*Distribution_BucketOptions_ExplicitBuckets)(nil), + } +} + +func _Distribution_BucketOptions_OneofMarshaler(msg proto.Message, b *proto.Buffer) error { + m := msg.(*Distribution_BucketOptions) + // options + switch x := m.Options.(type) { + case *Distribution_BucketOptions_LinearBuckets: + b.EncodeVarint(1<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.LinearBuckets); err != nil { + return err + } + case *Distribution_BucketOptions_ExponentialBuckets: + b.EncodeVarint(2<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.ExponentialBuckets); err != nil { + return err + } + case *Distribution_BucketOptions_ExplicitBuckets: + b.EncodeVarint(3<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.ExplicitBuckets); err != nil { + return err + } + case nil: + default: + return fmt.Errorf("Distribution_BucketOptions.Options has unexpected type %T", x) + } + return nil +} + +func _Distribution_BucketOptions_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) { + m := msg.(*Distribution_BucketOptions) + switch tag { + case 1: // options.linear_buckets + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(Distribution_BucketOptions_Linear) + err := b.DecodeMessage(msg) + m.Options = &Distribution_BucketOptions_LinearBuckets{msg} + return true, err + case 2: // options.exponential_buckets + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(Distribution_BucketOptions_Exponential) + err := b.DecodeMessage(msg) + m.Options = &Distribution_BucketOptions_ExponentialBuckets{msg} + return true, err + case 3: // options.explicit_buckets + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(Distribution_BucketOptions_Explicit) + err := b.DecodeMessage(msg) + m.Options = &Distribution_BucketOptions_ExplicitBuckets{msg} + return true, err + default: + return false, nil + } +} + +func _Distribution_BucketOptions_OneofSizer(msg proto.Message) (n int) { + m := msg.(*Distribution_BucketOptions) + // options + switch x := m.Options.(type) { + case *Distribution_BucketOptions_LinearBuckets: + s := proto.Size(x.LinearBuckets) + n += proto.SizeVarint(1<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case *Distribution_BucketOptions_ExponentialBuckets: + s := proto.Size(x.ExponentialBuckets) + n += proto.SizeVarint(2<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case *Distribution_BucketOptions_ExplicitBuckets: + s := proto.Size(x.ExplicitBuckets) + n += proto.SizeVarint(3<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case nil: + default: + panic(fmt.Sprintf("proto: unexpected type %T in oneof", x)) + } + return n +} + +// Specify a sequence of buckets that all have the same width (except +// overflow and underflow). Each bucket represents a constant absolute +// uncertainty on the specific value in the bucket. +// +// Defines `num_finite_buckets + 2` (= N) buckets with these boundaries for +// bucket `i`: +// +// Upper bound (0 <= i < N-1): offset + (width * i). +// Lower bound (1 <= i < N): offset + (width * (i - 1)). +type Distribution_BucketOptions_Linear struct { + // Must be greater than 0. + NumFiniteBuckets int32 `protobuf:"varint,1,opt,name=num_finite_buckets,json=numFiniteBuckets" json:"num_finite_buckets,omitempty"` + // Must be greater than 0. + Width float64 `protobuf:"fixed64,2,opt,name=width" json:"width,omitempty"` + // Lower bound of the first bucket. + Offset float64 `protobuf:"fixed64,3,opt,name=offset" json:"offset,omitempty"` +} + +func (m *Distribution_BucketOptions_Linear) Reset() { *m = Distribution_BucketOptions_Linear{} } +func (m *Distribution_BucketOptions_Linear) String() string { return proto.CompactTextString(m) } +func (*Distribution_BucketOptions_Linear) ProtoMessage() {} +func (*Distribution_BucketOptions_Linear) Descriptor() ([]byte, []int) { + return fileDescriptor0, []int{0, 1, 0} +} + +func (m *Distribution_BucketOptions_Linear) GetNumFiniteBuckets() int32 { + if m != nil { + return m.NumFiniteBuckets + } + return 0 +} + +func (m *Distribution_BucketOptions_Linear) GetWidth() float64 { + if m != nil { + return m.Width + } + return 0 +} + +func (m *Distribution_BucketOptions_Linear) GetOffset() float64 { + if m != nil { + return m.Offset + } + return 0 +} + +// Specify a sequence of buckets that have a width that is proportional to +// the value of the lower bound. Each bucket represents a constant relative +// uncertainty on a specific value in the bucket. +// +// Defines `num_finite_buckets + 2` (= N) buckets with these boundaries for +// bucket i: +// +// Upper bound (0 <= i < N-1): scale * (growth_factor ^ i). +// Lower bound (1 <= i < N): scale * (growth_factor ^ (i - 1)). +type Distribution_BucketOptions_Exponential struct { + // Must be greater than 0. + NumFiniteBuckets int32 `protobuf:"varint,1,opt,name=num_finite_buckets,json=numFiniteBuckets" json:"num_finite_buckets,omitempty"` + // Must be greater than 1. + GrowthFactor float64 `protobuf:"fixed64,2,opt,name=growth_factor,json=growthFactor" json:"growth_factor,omitempty"` + // Must be greater than 0. + Scale float64 `protobuf:"fixed64,3,opt,name=scale" json:"scale,omitempty"` +} + +func (m *Distribution_BucketOptions_Exponential) Reset() { + *m = Distribution_BucketOptions_Exponential{} +} +func (m *Distribution_BucketOptions_Exponential) String() string { return proto.CompactTextString(m) } +func (*Distribution_BucketOptions_Exponential) ProtoMessage() {} +func (*Distribution_BucketOptions_Exponential) Descriptor() ([]byte, []int) { + return fileDescriptor0, []int{0, 1, 1} +} + +func (m *Distribution_BucketOptions_Exponential) GetNumFiniteBuckets() int32 { + if m != nil { + return m.NumFiniteBuckets + } + return 0 +} + +func (m *Distribution_BucketOptions_Exponential) GetGrowthFactor() float64 { + if m != nil { + return m.GrowthFactor + } + return 0 +} + +func (m *Distribution_BucketOptions_Exponential) GetScale() float64 { + if m != nil { + return m.Scale + } + return 0 +} + +// A set of buckets with arbitrary widths. +// +// Defines `size(bounds) + 1` (= N) buckets with these boundaries for +// bucket i: +// +// Upper bound (0 <= i < N-1): bounds[i] +// Lower bound (1 <= i < N); bounds[i - 1] +// +// There must be at least one element in `bounds`. If `bounds` has only one +// element, there are no finite buckets, and that single element is the +// common boundary of the overflow and underflow buckets. +type Distribution_BucketOptions_Explicit struct { + // The values must be monotonically increasing. + Bounds []float64 `protobuf:"fixed64,1,rep,packed,name=bounds" json:"bounds,omitempty"` +} + +func (m *Distribution_BucketOptions_Explicit) Reset() { *m = Distribution_BucketOptions_Explicit{} } +func (m *Distribution_BucketOptions_Explicit) String() string { return proto.CompactTextString(m) } +func (*Distribution_BucketOptions_Explicit) ProtoMessage() {} +func (*Distribution_BucketOptions_Explicit) Descriptor() ([]byte, []int) { + return fileDescriptor0, []int{0, 1, 2} +} + +func (m *Distribution_BucketOptions_Explicit) GetBounds() []float64 { + if m != nil { + return m.Bounds + } + return nil +} + +func init() { + proto.RegisterType((*Distribution)(nil), "google.api.Distribution") + proto.RegisterType((*Distribution_Range)(nil), "google.api.Distribution.Range") + proto.RegisterType((*Distribution_BucketOptions)(nil), "google.api.Distribution.BucketOptions") + proto.RegisterType((*Distribution_BucketOptions_Linear)(nil), "google.api.Distribution.BucketOptions.Linear") + proto.RegisterType((*Distribution_BucketOptions_Exponential)(nil), "google.api.Distribution.BucketOptions.Exponential") + proto.RegisterType((*Distribution_BucketOptions_Explicit)(nil), "google.api.Distribution.BucketOptions.Explicit") +} + +func init() { proto.RegisterFile("google/api/distribution.proto", fileDescriptor0) } + +var fileDescriptor0 = []byte{ + // 544 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x54, 0x5d, 0x6f, 0xd3, 0x30, + 0x14, 0x5d, 0x96, 0xb5, 0x85, 0xdb, 0x0f, 0x8a, 0x19, 0x28, 0x44, 0x7c, 0x54, 0x9b, 0x84, 0x2a, + 0x01, 0x89, 0x54, 0x90, 0x78, 0xe0, 0xad, 0x1b, 0x53, 0x1f, 0x40, 0x9b, 0x8c, 0xc4, 0x03, 0x42, + 0x8a, 0x9c, 0xc4, 0xc9, 0x0c, 0x89, 0x1d, 0x62, 0x67, 0x2b, 0xef, 0xfc, 0x29, 0xfe, 0x1d, 0x8a, + 0xed, 0x6e, 0x19, 0x08, 0xa9, 0xbc, 0xf9, 0xde, 0x73, 0x7c, 0xce, 0xb9, 0x57, 0x71, 0xe0, 0x71, + 0x2e, 0x44, 0x5e, 0xd0, 0x90, 0x54, 0x2c, 0x4c, 0x99, 0x54, 0x35, 0x8b, 0x1b, 0xc5, 0x04, 0x0f, + 0xaa, 0x5a, 0x28, 0x81, 0xc0, 0xc0, 0x01, 0xa9, 0x98, 0xff, 0xa8, 0x43, 0x25, 0x9c, 0x0b, 0x45, + 0x5a, 0xa2, 0x34, 0x4c, 0xff, 0xa1, 0x45, 0x75, 0x15, 0x37, 0x59, 0x48, 0xf8, 0x0f, 0x0b, 0x3d, + 0xfd, 0x13, 0x52, 0xac, 0xa4, 0x52, 0x91, 0xb2, 0x32, 0x84, 0x83, 0x9f, 0x03, 0x18, 0x1d, 0x77, + 0xcc, 0xd1, 0x3e, 0xf4, 0x12, 0xd1, 0x70, 0xe5, 0x39, 0x33, 0x67, 0xee, 0x62, 0x53, 0x20, 0x04, + 0x7b, 0x25, 0x25, 0xdc, 0xdb, 0x9d, 0x39, 0x73, 0x07, 0xeb, 0x33, 0x7a, 0x03, 0x9e, 0x6c, 0xca, + 0x48, 0x64, 0x91, 0xfc, 0xde, 0x90, 0x9a, 0xa6, 0x51, 0x4a, 0x2f, 0x98, 0x4e, 0xe6, 0xb9, 0x9a, + 0x77, 0x5f, 0x36, 0xe5, 0x69, 0xf6, 0xd1, 0xa0, 0xc7, 0x1b, 0x10, 0xbd, 0x86, 0x5e, 0x4d, 0x78, + 0x4e, 0xbd, 0xbd, 0x99, 0x33, 0x1f, 0x2e, 0x9e, 0x04, 0xd7, 0x93, 0x06, 0xdd, 0x2c, 0x01, 0x6e, + 0x59, 0xd8, 0x90, 0xd1, 0x07, 0x98, 0xc4, 0x4d, 0xf2, 0x8d, 0xaa, 0x48, 0x54, 0x7a, 0x7a, 0xaf, + 0xaf, 0xaf, 0x3f, 0xfb, 0xe7, 0xf5, 0xa5, 0xa6, 0x9f, 0x1a, 0x36, 0x1e, 0xc7, 0xdd, 0x12, 0x1d, + 0x82, 0x6d, 0x44, 0x7a, 0x42, 0xe9, 0x0d, 0x66, 0xee, 0xdc, 0xc5, 0x23, 0xd3, 0x3c, 0xd2, 0x3d, + 0xff, 0x39, 0xf4, 0x74, 0x06, 0x34, 0x05, 0xb7, 0x64, 0x5c, 0xef, 0xc4, 0xc1, 0xed, 0x51, 0x77, + 0xc8, 0xda, 0x2e, 0xa4, 0x3d, 0xfa, 0xbf, 0xf6, 0x60, 0x7c, 0xc3, 0x12, 0x7d, 0x82, 0x49, 0xc1, + 0x38, 0x25, 0x75, 0x64, 0x54, 0xa5, 0x16, 0x18, 0x2e, 0x5e, 0x6e, 0x17, 0x39, 0x78, 0xaf, 0x2f, + 0xaf, 0x76, 0xf0, 0xd8, 0xc8, 0x18, 0x54, 0x22, 0x0a, 0xf7, 0xe8, 0xba, 0x12, 0x9c, 0x72, 0xc5, + 0x48, 0x71, 0x25, 0xbe, 0xab, 0xc5, 0x17, 0x5b, 0x8a, 0xbf, 0xbb, 0x56, 0x58, 0xed, 0x60, 0xd4, + 0x11, 0xdc, 0xd8, 0x7c, 0x81, 0x29, 0x5d, 0x57, 0x05, 0x4b, 0x98, 0xba, 0xf2, 0x70, 0xb5, 0x47, + 0xb8, 0xbd, 0x87, 0xbe, 0xbe, 0xda, 0xc1, 0x77, 0x36, 0x52, 0x56, 0xdd, 0x4f, 0xa1, 0x6f, 0xe6, + 0x43, 0x2f, 0x00, 0xf1, 0xa6, 0x8c, 0x32, 0xc6, 0x99, 0xa2, 0x37, 0x56, 0xd5, 0xc3, 0x53, 0xde, + 0x94, 0x27, 0x1a, 0xd8, 0xa4, 0xda, 0x87, 0xde, 0x25, 0x4b, 0xd5, 0xb9, 0x5d, 0xbd, 0x29, 0xd0, + 0x03, 0xe8, 0x8b, 0x2c, 0x93, 0x54, 0xd9, 0x4f, 0xcf, 0x56, 0xfe, 0x05, 0x0c, 0x3b, 0x83, 0xfe, + 0xa7, 0xd5, 0x21, 0x8c, 0xf3, 0x5a, 0x5c, 0xaa, 0xf3, 0x28, 0x23, 0x89, 0x12, 0xb5, 0xb5, 0x1c, + 0x99, 0xe6, 0x89, 0xee, 0xb5, 0x79, 0x64, 0x42, 0x0a, 0x6a, 0x8d, 0x4d, 0xe1, 0x1f, 0xc0, 0xad, + 0xcd, 0xf0, 0x6d, 0xb6, 0x58, 0x34, 0x3c, 0x6d, 0x8d, 0xdc, 0x36, 0x9b, 0xa9, 0x96, 0xb7, 0x61, + 0x60, 0x3f, 0xe5, 0xe5, 0x57, 0x98, 0x24, 0xa2, 0xec, 0x6c, 0x75, 0x79, 0xb7, 0xbb, 0xd6, 0xb3, + 0xf6, 0xad, 0x9e, 0x39, 0x9f, 0x8f, 0x2c, 0x21, 0x17, 0x05, 0xe1, 0x79, 0x20, 0xea, 0x3c, 0xcc, + 0x29, 0xd7, 0x2f, 0x39, 0x34, 0x10, 0xa9, 0x98, 0xfc, 0xeb, 0x8f, 0xf2, 0xb6, 0x5b, 0xc4, 0x7d, + 0xcd, 0x7f, 0xf5, 0x3b, 0x00, 0x00, 0xff, 0xff, 0x88, 0x8e, 0xc5, 0x4b, 0x80, 0x04, 0x00, 0x00, +} diff --git a/components/engine/vendor/google.golang.org/genproto/googleapis/api/metric/metric.pb.go b/components/engine/vendor/google.golang.org/genproto/googleapis/api/metric/metric.pb.go new file mode 100644 index 0000000000..738ff43e03 --- /dev/null +++ b/components/engine/vendor/google.golang.org/genproto/googleapis/api/metric/metric.pb.go @@ -0,0 +1,359 @@ +// Code generated by protoc-gen-go. +// source: google/api/metric.proto +// DO NOT EDIT! + +/* +Package metric is a generated protocol buffer package. + +It is generated from these files: + google/api/metric.proto + +It has these top-level messages: + MetricDescriptor + Metric +*/ +package metric + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" +import google_api "google.golang.org/genproto/googleapis/api/label" + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package + +// The kind of measurement. It describes how the data is reported. +type MetricDescriptor_MetricKind int32 + +const ( + // Do not use this default value. + MetricDescriptor_METRIC_KIND_UNSPECIFIED MetricDescriptor_MetricKind = 0 + // An instantaneous measurement of a value. + MetricDescriptor_GAUGE MetricDescriptor_MetricKind = 1 + // The change in a value during a time interval. + MetricDescriptor_DELTA MetricDescriptor_MetricKind = 2 + // A value accumulated over a time interval. Cumulative + // measurements in a time series should have the same start time + // and increasing end times, until an event resets the cumulative + // value to zero and sets a new start time for the following + // points. + MetricDescriptor_CUMULATIVE MetricDescriptor_MetricKind = 3 +) + +var MetricDescriptor_MetricKind_name = map[int32]string{ + 0: "METRIC_KIND_UNSPECIFIED", + 1: "GAUGE", + 2: "DELTA", + 3: "CUMULATIVE", +} +var MetricDescriptor_MetricKind_value = map[string]int32{ + "METRIC_KIND_UNSPECIFIED": 0, + "GAUGE": 1, + "DELTA": 2, + "CUMULATIVE": 3, +} + +func (x MetricDescriptor_MetricKind) String() string { + return proto.EnumName(MetricDescriptor_MetricKind_name, int32(x)) +} +func (MetricDescriptor_MetricKind) EnumDescriptor() ([]byte, []int) { + return fileDescriptor0, []int{0, 0} +} + +// The value type of a metric. +type MetricDescriptor_ValueType int32 + +const ( + // Do not use this default value. + MetricDescriptor_VALUE_TYPE_UNSPECIFIED MetricDescriptor_ValueType = 0 + // The value is a boolean. + // This value type can be used only if the metric kind is `GAUGE`. + MetricDescriptor_BOOL MetricDescriptor_ValueType = 1 + // The value is a signed 64-bit integer. + MetricDescriptor_INT64 MetricDescriptor_ValueType = 2 + // The value is a double precision floating point number. + MetricDescriptor_DOUBLE MetricDescriptor_ValueType = 3 + // The value is a text string. + // This value type can be used only if the metric kind is `GAUGE`. + MetricDescriptor_STRING MetricDescriptor_ValueType = 4 + // The value is a [`Distribution`][google.api.Distribution]. + MetricDescriptor_DISTRIBUTION MetricDescriptor_ValueType = 5 + // The value is money. + MetricDescriptor_MONEY MetricDescriptor_ValueType = 6 +) + +var MetricDescriptor_ValueType_name = map[int32]string{ + 0: "VALUE_TYPE_UNSPECIFIED", + 1: "BOOL", + 2: "INT64", + 3: "DOUBLE", + 4: "STRING", + 5: "DISTRIBUTION", + 6: "MONEY", +} +var MetricDescriptor_ValueType_value = map[string]int32{ + "VALUE_TYPE_UNSPECIFIED": 0, + "BOOL": 1, + "INT64": 2, + "DOUBLE": 3, + "STRING": 4, + "DISTRIBUTION": 5, + "MONEY": 6, +} + +func (x MetricDescriptor_ValueType) String() string { + return proto.EnumName(MetricDescriptor_ValueType_name, int32(x)) +} +func (MetricDescriptor_ValueType) EnumDescriptor() ([]byte, []int) { + return fileDescriptor0, []int{0, 1} +} + +// Defines a metric type and its schema. Once a metric descriptor is created, +// deleting or altering it stops data collection and makes the metric type's +// existing data unusable. +type MetricDescriptor struct { + // The resource name of the metric descriptor. Depending on the + // implementation, the name typically includes: (1) the parent resource name + // that defines the scope of the metric type or of its data; and (2) the + // metric's URL-encoded type, which also appears in the `type` field of this + // descriptor. For example, following is the resource name of a custom + // metric within the GCP project `my-project-id`: + // + // "projects/my-project-id/metricDescriptors/custom.googleapis.com%2Finvoice%2Fpaid%2Famount" + Name string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` + // The metric type, including its DNS name prefix. The type is not + // URL-encoded. All user-defined custom metric types have the DNS name + // `custom.googleapis.com`. Metric types should use a natural hierarchical + // grouping. For example: + // + // "custom.googleapis.com/invoice/paid/amount" + // "appengine.googleapis.com/http/server/response_latencies" + Type string `protobuf:"bytes,8,opt,name=type" json:"type,omitempty"` + // The set of labels that can be used to describe a specific + // instance of this metric type. For example, the + // `appengine.googleapis.com/http/server/response_latencies` metric + // type has a label for the HTTP response code, `response_code`, so + // you can look at latencies for successful responses or just + // for responses that failed. + Labels []*google_api.LabelDescriptor `protobuf:"bytes,2,rep,name=labels" json:"labels,omitempty"` + // Whether the metric records instantaneous values, changes to a value, etc. + // Some combinations of `metric_kind` and `value_type` might not be supported. + MetricKind MetricDescriptor_MetricKind `protobuf:"varint,3,opt,name=metric_kind,json=metricKind,enum=google.api.MetricDescriptor_MetricKind" json:"metric_kind,omitempty"` + // Whether the measurement is an integer, a floating-point number, etc. + // Some combinations of `metric_kind` and `value_type` might not be supported. + ValueType MetricDescriptor_ValueType `protobuf:"varint,4,opt,name=value_type,json=valueType,enum=google.api.MetricDescriptor_ValueType" json:"value_type,omitempty"` + // The unit in which the metric value is reported. It is only applicable + // if the `value_type` is `INT64`, `DOUBLE`, or `DISTRIBUTION`. The + // supported units are a subset of [The Unified Code for Units of + // Measure](http://unitsofmeasure.org/ucum.html) standard: + // + // **Basic units (UNIT)** + // + // * `bit` bit + // * `By` byte + // * `s` second + // * `min` minute + // * `h` hour + // * `d` day + // + // **Prefixes (PREFIX)** + // + // * `k` kilo (10**3) + // * `M` mega (10**6) + // * `G` giga (10**9) + // * `T` tera (10**12) + // * `P` peta (10**15) + // * `E` exa (10**18) + // * `Z` zetta (10**21) + // * `Y` yotta (10**24) + // * `m` milli (10**-3) + // * `u` micro (10**-6) + // * `n` nano (10**-9) + // * `p` pico (10**-12) + // * `f` femto (10**-15) + // * `a` atto (10**-18) + // * `z` zepto (10**-21) + // * `y` yocto (10**-24) + // * `Ki` kibi (2**10) + // * `Mi` mebi (2**20) + // * `Gi` gibi (2**30) + // * `Ti` tebi (2**40) + // + // **Grammar** + // + // The grammar includes the dimensionless unit `1`, such as `1/s`. + // + // The grammar also includes these connectors: + // + // * `/` division (as an infix operator, e.g. `1/s`). + // * `.` multiplication (as an infix operator, e.g. `GBy.d`) + // + // The grammar for a unit is as follows: + // + // Expression = Component { "." Component } { "/" Component } ; + // + // Component = [ PREFIX ] UNIT [ Annotation ] + // | Annotation + // | "1" + // ; + // + // Annotation = "{" NAME "}" ; + // + // Notes: + // + // * `Annotation` is just a comment if it follows a `UNIT` and is + // equivalent to `1` if it is used alone. For examples, + // `{requests}/s == 1/s`, `By{transmitted}/s == By/s`. + // * `NAME` is a sequence of non-blank printable ASCII characters not + // containing '{' or '}'. + Unit string `protobuf:"bytes,5,opt,name=unit" json:"unit,omitempty"` + // A detailed description of the metric, which can be used in documentation. + Description string `protobuf:"bytes,6,opt,name=description" json:"description,omitempty"` + // A concise name for the metric, which can be displayed in user interfaces. + // Use sentence case without an ending period, for example "Request count". + DisplayName string `protobuf:"bytes,7,opt,name=display_name,json=displayName" json:"display_name,omitempty"` +} + +func (m *MetricDescriptor) Reset() { *m = MetricDescriptor{} } +func (m *MetricDescriptor) String() string { return proto.CompactTextString(m) } +func (*MetricDescriptor) ProtoMessage() {} +func (*MetricDescriptor) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} } + +func (m *MetricDescriptor) GetName() string { + if m != nil { + return m.Name + } + return "" +} + +func (m *MetricDescriptor) GetType() string { + if m != nil { + return m.Type + } + return "" +} + +func (m *MetricDescriptor) GetLabels() []*google_api.LabelDescriptor { + if m != nil { + return m.Labels + } + return nil +} + +func (m *MetricDescriptor) GetMetricKind() MetricDescriptor_MetricKind { + if m != nil { + return m.MetricKind + } + return MetricDescriptor_METRIC_KIND_UNSPECIFIED +} + +func (m *MetricDescriptor) GetValueType() MetricDescriptor_ValueType { + if m != nil { + return m.ValueType + } + return MetricDescriptor_VALUE_TYPE_UNSPECIFIED +} + +func (m *MetricDescriptor) GetUnit() string { + if m != nil { + return m.Unit + } + return "" +} + +func (m *MetricDescriptor) GetDescription() string { + if m != nil { + return m.Description + } + return "" +} + +func (m *MetricDescriptor) GetDisplayName() string { + if m != nil { + return m.DisplayName + } + return "" +} + +// A specific metric, identified by specifying values for all of the +// labels of a [`MetricDescriptor`][google.api.MetricDescriptor]. +type Metric struct { + // An existing metric type, see [google.api.MetricDescriptor][google.api.MetricDescriptor]. + // For example, `custom.googleapis.com/invoice/paid/amount`. + Type string `protobuf:"bytes,3,opt,name=type" json:"type,omitempty"` + // The set of label values that uniquely identify this metric. All + // labels listed in the `MetricDescriptor` must be assigned values. + Labels map[string]string `protobuf:"bytes,2,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` +} + +func (m *Metric) Reset() { *m = Metric{} } +func (m *Metric) String() string { return proto.CompactTextString(m) } +func (*Metric) ProtoMessage() {} +func (*Metric) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{1} } + +func (m *Metric) GetType() string { + if m != nil { + return m.Type + } + return "" +} + +func (m *Metric) GetLabels() map[string]string { + if m != nil { + return m.Labels + } + return nil +} + +func init() { + proto.RegisterType((*MetricDescriptor)(nil), "google.api.MetricDescriptor") + proto.RegisterType((*Metric)(nil), "google.api.Metric") + proto.RegisterEnum("google.api.MetricDescriptor_MetricKind", MetricDescriptor_MetricKind_name, MetricDescriptor_MetricKind_value) + proto.RegisterEnum("google.api.MetricDescriptor_ValueType", MetricDescriptor_ValueType_name, MetricDescriptor_ValueType_value) +} + +func init() { proto.RegisterFile("google/api/metric.proto", fileDescriptor0) } + +var fileDescriptor0 = []byte{ + // 506 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x53, 0x4d, 0x6f, 0xda, 0x40, + 0x10, 0xad, 0x3f, 0x70, 0xc3, 0x10, 0xa1, 0xd5, 0xaa, 0x4a, 0x2c, 0x22, 0x55, 0x94, 0x43, 0xcb, + 0x09, 0xa4, 0xa4, 0x4a, 0xbf, 0x4e, 0x80, 0xb7, 0xd4, 0x8a, 0xb1, 0x91, 0x63, 0x23, 0xa5, 0x17, + 0xcb, 0x81, 0x95, 0x65, 0xc5, 0xd8, 0xae, 0x71, 0x22, 0xf9, 0x57, 0xf4, 0x17, 0xf4, 0xd2, 0x5f, + 0x5a, 0xed, 0xae, 0x03, 0x16, 0x95, 0x72, 0xe2, 0xed, 0x9b, 0x37, 0x6f, 0x67, 0x96, 0x67, 0x38, + 0x8f, 0xb2, 0x2c, 0x4a, 0xe8, 0x38, 0xcc, 0xe3, 0xf1, 0x96, 0x96, 0x45, 0xbc, 0x1e, 0xe5, 0x45, + 0x56, 0x66, 0x18, 0x44, 0x61, 0x14, 0xe6, 0x71, 0xef, 0xac, 0x21, 0x4a, 0xc2, 0x7b, 0x9a, 0x08, + 0xcd, 0xe0, 0x8f, 0x0a, 0x68, 0xc1, 0x9b, 0x0c, 0xba, 0x5b, 0x17, 0x71, 0x5e, 0x66, 0x05, 0xc6, + 0xa0, 0xa6, 0xe1, 0x96, 0xea, 0x52, 0x5f, 0x1a, 0xb6, 0x5d, 0x8e, 0x19, 0x57, 0x56, 0x39, 0xd5, + 0x4f, 0x04, 0xc7, 0x30, 0xbe, 0x02, 0x8d, 0x7b, 0xed, 0x74, 0xb9, 0xaf, 0x0c, 0x3b, 0x97, 0x17, + 0xa3, 0xc3, 0x8d, 0x23, 0x8b, 0x55, 0x0e, 0xa6, 0x6e, 0x2d, 0xc5, 0x3f, 0xa0, 0x23, 0xa6, 0x0c, + 0x1e, 0xe2, 0x74, 0xa3, 0x2b, 0x7d, 0x69, 0xd8, 0xbd, 0xfc, 0xd0, 0xec, 0x3c, 0x9e, 0xa7, 0x26, + 0x6e, 0xe2, 0x74, 0xe3, 0xc2, 0x76, 0x8f, 0x31, 0x01, 0x78, 0x0a, 0x93, 0x47, 0x1a, 0xf0, 0xc1, + 0x54, 0x6e, 0xf4, 0xfe, 0x45, 0xa3, 0x15, 0x93, 0x7b, 0x55, 0x4e, 0xdd, 0xf6, 0xd3, 0x33, 0x64, + 0x9b, 0x3d, 0xa6, 0x71, 0xa9, 0xb7, 0xc4, 0x66, 0x0c, 0xe3, 0x3e, 0x74, 0x36, 0x75, 0x5b, 0x9c, + 0xa5, 0xba, 0xc6, 0x4b, 0x4d, 0x0a, 0xbf, 0x83, 0xd3, 0x4d, 0xbc, 0xcb, 0x93, 0xb0, 0x0a, 0xf8, + 0x5b, 0xbd, 0xae, 0x25, 0x82, 0xb3, 0xc3, 0x2d, 0x1d, 0x38, 0x00, 0x87, 0xc9, 0xf1, 0x05, 0x9c, + 0x2f, 0x88, 0xe7, 0x9a, 0xb3, 0xe0, 0xc6, 0xb4, 0x8d, 0xc0, 0xb7, 0x6f, 0x97, 0x64, 0x66, 0x7e, + 0x37, 0x89, 0x81, 0x5e, 0xe1, 0x36, 0xb4, 0xe6, 0x13, 0x7f, 0x4e, 0x90, 0xc4, 0xa0, 0x41, 0x2c, + 0x6f, 0x82, 0x64, 0xdc, 0x05, 0x98, 0xf9, 0x0b, 0xdf, 0x9a, 0x78, 0xe6, 0x8a, 0x20, 0x65, 0xf0, + 0x0b, 0xda, 0xfb, 0x0d, 0x70, 0x0f, 0xce, 0x56, 0x13, 0xcb, 0x27, 0x81, 0x77, 0xb7, 0x24, 0x47, + 0x76, 0x27, 0xa0, 0x4e, 0x1d, 0xc7, 0x12, 0x6e, 0xa6, 0xed, 0x5d, 0x7f, 0x44, 0x32, 0x06, 0xd0, + 0x0c, 0xc7, 0x9f, 0x5a, 0x04, 0x29, 0x0c, 0xdf, 0x7a, 0xae, 0x69, 0xcf, 0x91, 0x8a, 0x11, 0x9c, + 0x1a, 0x26, 0x3b, 0x4d, 0x7d, 0xcf, 0x74, 0x6c, 0xd4, 0x62, 0x4d, 0x0b, 0xc7, 0x26, 0x77, 0x48, + 0x1b, 0xfc, 0x96, 0x40, 0x13, 0x4b, 0xec, 0x13, 0xa0, 0x34, 0x12, 0x70, 0x7d, 0x94, 0x80, 0xb7, + 0xff, 0x3f, 0xbf, 0x08, 0xc2, 0x8e, 0xa4, 0x65, 0x51, 0x3d, 0x87, 0xa0, 0xf7, 0x05, 0x3a, 0x0d, + 0x1a, 0x23, 0x50, 0x1e, 0x68, 0x55, 0xe7, 0x8d, 0x41, 0xfc, 0x06, 0x5a, 0xfc, 0x1f, 0xd2, 0x65, + 0xce, 0x89, 0xc3, 0x57, 0xf9, 0xb3, 0x34, 0x0d, 0xa0, 0xbb, 0xce, 0xb6, 0x8d, 0x7b, 0xa6, 0x1d, + 0x71, 0xd1, 0x92, 0x05, 0x7a, 0x29, 0xfd, 0xfc, 0x54, 0x97, 0xa2, 0x2c, 0x09, 0xd3, 0x68, 0x94, + 0x15, 0xd1, 0x38, 0xa2, 0x29, 0x8f, 0xfb, 0x58, 0x94, 0xc2, 0x3c, 0xde, 0x35, 0x3e, 0x97, 0x6f, + 0xe2, 0xe7, 0xaf, 0xac, 0xce, 0x27, 0x4b, 0xf3, 0x5e, 0xe3, 0xd2, 0xab, 0x7f, 0x01, 0x00, 0x00, + 0xff, 0xff, 0x18, 0x04, 0x05, 0x82, 0x58, 0x03, 0x00, 0x00, +} diff --git a/components/engine/vendor/google.golang.org/genproto/googleapis/logging/v2/log_entry.pb.go b/components/engine/vendor/google.golang.org/genproto/googleapis/logging/v2/log_entry.pb.go index be85190cd6..d81b52c4b8 100644 --- a/components/engine/vendor/google.golang.org/genproto/googleapis/logging/v2/log_entry.pb.go +++ b/components/engine/vendor/google.golang.org/genproto/googleapis/logging/v2/log_entry.pb.go @@ -18,6 +18,7 @@ It has these top-level messages: DeleteLogRequest WriteLogEntriesRequest WriteLogEntriesResponse + WriteLogEntriesPartialErrors ListLogEntriesRequest ListLogEntriesResponse ListMonitoredResourceDescriptorsRequest @@ -69,6 +70,8 @@ type LogEntry struct { // // "projects/[PROJECT_ID]/logs/[LOG_ID]" // "organizations/[ORGANIZATION_ID]/logs/[LOG_ID]" + // "billingAccounts/[BILLING_ACCOUNT_ID]/logs/[LOG_ID]" + // "folders/[FOLDER_ID]/logs/[LOG_ID]" // // `[LOG_ID]` must be URL-encoded within `log_name`. Example: // `"organizations/1234567890/logs/cloudresourcemanager.googleapis.com%2Factivity"`. @@ -95,16 +98,22 @@ type LogEntry struct { // *LogEntry_JsonPayload Payload isLogEntry_Payload `protobuf_oneof:"payload"` // Optional. The time the event described by the log entry occurred. If - // omitted, Stackdriver Logging will use the time the log entry is received. + // omitted in a new log entry, Stackdriver Logging will insert the time the + // log entry is received. Stackdriver Logging might reject log entries whose + // time stamps are more than a couple of hours in the future. Log entries + // with time stamps in the past are accepted. Timestamp *google_protobuf4.Timestamp `protobuf:"bytes,9,opt,name=timestamp" json:"timestamp,omitempty"` + // Output only. The time the log entry was received by Stackdriver Logging. + ReceiveTimestamp *google_protobuf4.Timestamp `protobuf:"bytes,24,opt,name=receive_timestamp,json=receiveTimestamp" json:"receive_timestamp,omitempty"` // Optional. The severity of the log entry. The default value is // `LogSeverity.DEFAULT`. Severity google_logging_type1.LogSeverity `protobuf:"varint,10,opt,name=severity,enum=google.logging.type.LogSeverity" json:"severity,omitempty"` - // Optional. A unique ID for the log entry. If you provide this - // field, the logging service considers other log entries in the - // same project with the same ID as duplicates which can be removed. If - // omitted, Stackdriver Logging will generate a unique ID for this - // log entry. + // Optional. A unique identifier for the log entry. If you provide a value, + // then Stackdriver Logging considers other log entries in the same project, + // with the same `timestamp`, and with the same `insert_id` to be duplicates + // which can be removed. If omitted in new log entries, then Stackdriver + // Logging will insert its own unique identifier. The `insert_id` is used + // to order log entries that have the same `timestamp` value. InsertId string `protobuf:"bytes,4,opt,name=insert_id,json=insertId" json:"insert_id,omitempty"` // Optional. Information about the HTTP request associated with this // log entry, if applicable. @@ -197,6 +206,13 @@ func (m *LogEntry) GetTimestamp() *google_protobuf4.Timestamp { return nil } +func (m *LogEntry) GetReceiveTimestamp() *google_protobuf4.Timestamp { + if m != nil { + return m.ReceiveTimestamp + } + return nil +} + func (m *LogEntry) GetSeverity() google_logging_type1.LogSeverity { if m != nil { return m.Severity @@ -437,48 +453,49 @@ func init() { func init() { proto.RegisterFile("google/logging/v2/log_entry.proto", fileDescriptor0) } var fileDescriptor0 = []byte{ - // 679 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x94, 0xd1, 0x6e, 0xd3, 0x3c, - 0x14, 0xc7, 0x97, 0x76, 0x5f, 0x97, 0xba, 0xdd, 0xf6, 0xcd, 0x1a, 0x5b, 0x56, 0x86, 0x28, 0x1b, - 0x82, 0x72, 0x93, 0x4a, 0xe5, 0x66, 0x63, 0x93, 0x10, 0x9d, 0x10, 0x43, 0x2a, 0x30, 0x79, 0x88, - 0x0b, 0x84, 0x54, 0x79, 0x89, 0x9b, 0x19, 0x52, 0x3b, 0x38, 0x4e, 0x45, 0xaf, 0x78, 0x04, 0xde, - 0x83, 0x27, 0xe4, 0x12, 0xf9, 0xd8, 0xe9, 0x4a, 0x3b, 0xed, 0xee, 0x9c, 0xfa, 0xf7, 0x3f, 0xff, - 0xe3, 0xe3, 0x93, 0xa2, 0x47, 0x89, 0x94, 0x49, 0xca, 0xba, 0xa9, 0x4c, 0x12, 0x2e, 0x92, 0xee, - 0xa4, 0x67, 0xc2, 0x21, 0x13, 0x5a, 0x4d, 0xc3, 0x4c, 0x49, 0x2d, 0xf1, 0x96, 0x45, 0x42, 0x87, - 0x84, 0x93, 0x5e, 0x6b, 0xdf, 0xa9, 0x68, 0xc6, 0xbb, 0x54, 0x08, 0xa9, 0xa9, 0xe6, 0x52, 0xe4, - 0x56, 0xd0, 0x3a, 0x9c, 0x3b, 0x1d, 0x4b, 0xc1, 0xb5, 0x54, 0x2c, 0x1e, 0x2a, 0x96, 0xcb, 0x42, - 0x45, 0xcc, 0x41, 0x4f, 0x16, 0x8c, 0xf5, 0x34, 0x63, 0xdd, 0x6b, 0xad, 0xb3, 0xa1, 0x62, 0xdf, - 0x0b, 0x96, 0xeb, 0xbb, 0x38, 0xd3, 0x62, 0xce, 0x26, 0x4c, 0x71, 0xed, 0xba, 0x6c, 0xed, 0x39, - 0x0e, 0xb2, 0xab, 0x62, 0xd4, 0xa5, 0xa2, 0x3c, 0xda, 0x5f, 0x3c, 0xca, 0xb5, 0x2a, 0xa2, 0xd2, - 0xe0, 0xe1, 0xe2, 0xa9, 0xe6, 0x63, 0x96, 0x6b, 0x3a, 0xce, 0x2c, 0x70, 0xf0, 0xab, 0x86, 0xfc, - 0x81, 0x4c, 0x5e, 0x9b, 0x91, 0xe0, 0x3d, 0xe4, 0x1b, 0x73, 0x41, 0xc7, 0x2c, 0x68, 0xb6, 0xbd, - 0x4e, 0x9d, 0xac, 0xa5, 0x32, 0x79, 0x4f, 0xc7, 0x0c, 0x1f, 0x23, 0xbf, 0xbc, 0x63, 0xe0, 0xb7, - 0xbd, 0x4e, 0xa3, 0xf7, 0x20, 0x74, 0xa3, 0xa3, 0x19, 0x0f, 0xdf, 0x95, 0x93, 0x20, 0x0e, 0x22, - 0x33, 0x1c, 0x9f, 0xa0, 0x75, 0xf0, 0x1a, 0x66, 0x74, 0x9a, 0x4a, 0x1a, 0x07, 0x15, 0xd0, 0x6f, - 0x97, 0xfa, 0xb2, 0xb7, 0xf0, 0x95, 0x98, 0x9e, 0xaf, 0x90, 0x26, 0xe4, 0x17, 0x96, 0xc5, 0x87, - 0xa8, 0xa9, 0xd9, 0x0f, 0x3d, 0xd3, 0x56, 0x4d, 0x5b, 0xe7, 0x2b, 0xa4, 0x61, 0x7e, 0x2d, 0xa1, - 0x53, 0xd4, 0xfc, 0x9a, 0x4b, 0x31, 0x83, 0x6a, 0x60, 0xb0, 0xbb, 0x64, 0x70, 0x09, 0xa3, 0x31, - 0x6a, 0x83, 0x97, 0xea, 0x23, 0x54, 0x9f, 0x4d, 0x25, 0xa8, 0x83, 0xb4, 0xb5, 0x24, 0xfd, 0x58, - 0x12, 0xe4, 0x06, 0xc6, 0xa7, 0xc8, 0x2f, 0x1f, 0x2a, 0x40, 0x6d, 0xaf, 0xb3, 0xd1, 0x6b, 0x87, - 0x0b, 0xfb, 0x64, 0x5e, 0x34, 0x1c, 0xc8, 0xe4, 0xd2, 0x71, 0x64, 0xa6, 0xc0, 0xf7, 0x51, 0x9d, - 0x8b, 0x9c, 0x29, 0x3d, 0xe4, 0x71, 0xb0, 0x0a, 0xe3, 0xf6, 0xed, 0x0f, 0x6f, 0x63, 0x7c, 0x86, - 0x9a, 0xf3, 0xfb, 0x12, 0xac, 0x41, 0x5f, 0xb7, 0x97, 0x3f, 0xd7, 0x3a, 0x23, 0x96, 0x23, 0x8d, - 0xeb, 0x9b, 0x04, 0xbf, 0x44, 0xb5, 0x94, 0x5e, 0xb1, 0x34, 0x0f, 0x1a, 0xed, 0x6a, 0xa7, 0xd1, - 0x7b, 0x1a, 0x2e, 0x6d, 0x7b, 0x58, 0x3e, 0x7e, 0x38, 0x00, 0x12, 0x62, 0xe2, 0x64, 0xb8, 0x8f, - 0xea, 0x32, 0x63, 0x0a, 0x3e, 0x80, 0x60, 0x13, 0x5a, 0x78, 0x7c, 0x47, 0x8d, 0x0f, 0x25, 0x4b, - 0x6e, 0x64, 0x78, 0x1b, 0xfd, 0xa7, 0x15, 0x8d, 0x58, 0xb0, 0x03, 0x57, 0xb4, 0x09, 0x26, 0x68, - 0xd3, 0xae, 0xc7, 0x30, 0x95, 0x91, 0xad, 0xbf, 0x0b, 0xf5, 0x9f, 0xdd, 0x51, 0xff, 0x12, 0x14, - 0x03, 0x27, 0x20, 0x1b, 0xf9, 0x3f, 0x79, 0xeb, 0x18, 0x35, 0xe6, 0x2e, 0x81, 0xff, 0x47, 0xd5, - 0x6f, 0x6c, 0x1a, 0x78, 0x60, 0x6b, 0x42, 0xd3, 0xca, 0x84, 0xa6, 0x05, 0x83, 0x0d, 0xac, 0x13, - 0x9b, 0xbc, 0xa8, 0x1c, 0x79, 0xfd, 0x3a, 0x5a, 0x73, 0xcb, 0x73, 0xc0, 0xd1, 0xd6, 0xd2, 0x7d, - 0xf0, 0x06, 0xaa, 0xf0, 0xd8, 0x95, 0xaa, 0xf0, 0x18, 0xb7, 0x90, 0x9f, 0x29, 0x19, 0x17, 0x11, - 0x53, 0xae, 0xd8, 0x2c, 0x37, 0x2e, 0x23, 0xae, 0x72, 0x0d, 0xbb, 0xea, 0x13, 0x9b, 0x60, 0x8c, - 0x56, 0x53, 0x9a, 0x6b, 0x78, 0x68, 0x9f, 0x40, 0x7c, 0xf0, 0x05, 0xed, 0xdc, 0x7e, 0x35, 0x43, - 0x8f, 0x78, 0xca, 0x9c, 0x23, 0xc4, 0x50, 0x81, 0x0b, 0xdb, 0x7c, 0x95, 0x40, 0x6c, 0xfa, 0x18, - 0x15, 0x22, 0x82, 0xf9, 0x55, 0x6d, 0x1f, 0x65, 0xde, 0xff, 0x89, 0xee, 0x45, 0x72, 0xbc, 0x3c, - 0xce, 0xfe, 0x7a, 0x69, 0x7a, 0x01, 0x5f, 0x9a, 0xf7, 0xf9, 0xc8, 0x31, 0x89, 0x4c, 0xa9, 0x48, - 0x42, 0xa9, 0x92, 0x6e, 0xc2, 0x04, 0xec, 0x7e, 0xd7, 0x1e, 0xd1, 0x8c, 0xe7, 0x73, 0x7f, 0xa3, - 0x27, 0x2e, 0xfc, 0xe3, 0x79, 0xbf, 0x2b, 0xbb, 0x6f, 0xac, 0xfa, 0x2c, 0x95, 0x45, 0x6c, 0xde, - 0x0a, 0x7c, 0x3e, 0xf5, 0xae, 0x6a, 0x50, 0xe1, 0xf9, 0xdf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x34, - 0x32, 0x8a, 0x87, 0x87, 0x05, 0x00, 0x00, + // 699 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x54, 0x5f, 0x6f, 0xdb, 0x36, + 0x10, 0x8f, 0xec, 0xcc, 0x91, 0x69, 0xe7, 0x1f, 0x91, 0x25, 0x8a, 0x97, 0x61, 0x5e, 0x32, 0x6c, + 0xde, 0x8b, 0x0c, 0x78, 0x2f, 0xc9, 0x12, 0xa0, 0xa8, 0x83, 0x22, 0x29, 0xe0, 0xb6, 0x01, 0x53, + 0xf4, 0xa1, 0x28, 0x60, 0x30, 0x12, 0xad, 0xb0, 0x95, 0x49, 0x95, 0xa2, 0x8c, 0xfa, 0xa9, 0xdf, + 0xa7, 0x9f, 0xa8, 0x1f, 0xa5, 0x8f, 0x05, 0x8f, 0x94, 0xed, 0xda, 0x41, 0xfa, 0x76, 0x27, 0xfe, + 0xfe, 0xdc, 0x1d, 0x8f, 0x42, 0x7f, 0x26, 0x52, 0x26, 0x29, 0xeb, 0xa6, 0x32, 0x49, 0xb8, 0x48, + 0xba, 0x93, 0x9e, 0x09, 0x87, 0x4c, 0x68, 0x35, 0x0d, 0x33, 0x25, 0xb5, 0xc4, 0xbb, 0x16, 0x12, + 0x3a, 0x48, 0x38, 0xe9, 0xb5, 0x8e, 0x1c, 0x8b, 0x66, 0xbc, 0x4b, 0x85, 0x90, 0x9a, 0x6a, 0x2e, + 0x45, 0x6e, 0x09, 0xad, 0x93, 0x85, 0xd3, 0xb1, 0x14, 0x5c, 0x4b, 0xc5, 0xe2, 0xa1, 0x62, 0xb9, + 0x2c, 0x54, 0xc4, 0x1c, 0xe8, 0xef, 0x25, 0x63, 0x3d, 0xcd, 0x58, 0xf7, 0x5e, 0xeb, 0x6c, 0xa8, + 0xd8, 0xc7, 0x82, 0xe5, 0xfa, 0x31, 0x9c, 0x29, 0x31, 0x67, 0x13, 0xa6, 0xb8, 0x76, 0x55, 0xb6, + 0x0e, 0x1d, 0x0e, 0xb2, 0xbb, 0x62, 0xd4, 0xa5, 0xa2, 0x3c, 0x3a, 0x5a, 0x3e, 0xca, 0xb5, 0x2a, + 0xa2, 0xd2, 0xe0, 0x8f, 0xe5, 0x53, 0xcd, 0xc7, 0x2c, 0xd7, 0x74, 0x9c, 0x59, 0xc0, 0xf1, 0xd7, + 0x1a, 0xf2, 0x07, 0x32, 0x79, 0x66, 0x46, 0x82, 0x0f, 0x91, 0x6f, 0xcc, 0x05, 0x1d, 0xb3, 0xa0, + 0xd9, 0xf6, 0x3a, 0x75, 0xb2, 0x91, 0xca, 0xe4, 0x25, 0x1d, 0x33, 0x7c, 0x86, 0xfc, 0xb2, 0xc7, + 0xc0, 0x6f, 0x7b, 0x9d, 0x46, 0xef, 0xf7, 0xd0, 0x8d, 0x8e, 0x66, 0x3c, 0x7c, 0x51, 0x4e, 0x82, + 0x38, 0x10, 0x99, 0xc1, 0xf1, 0x39, 0xda, 0x04, 0xaf, 0x61, 0x46, 0xa7, 0xa9, 0xa4, 0x71, 0x50, + 0x01, 0xfe, 0x5e, 0xc9, 0x2f, 0x6b, 0x0b, 0x9f, 0x8a, 0xe9, 0xf5, 0x1a, 0x69, 0x42, 0x7e, 0x63, + 0xb1, 0xf8, 0x04, 0x35, 0x35, 0xfb, 0xa4, 0x67, 0xdc, 0xaa, 0x29, 0xeb, 0x7a, 0x8d, 0x34, 0xcc, + 0xd7, 0x12, 0x74, 0x81, 0x9a, 0xef, 0x73, 0x29, 0x66, 0xa0, 0x1a, 0x18, 0x1c, 0xac, 0x18, 0xdc, + 0xc2, 0x68, 0x0c, 0xdb, 0xc0, 0x4b, 0xf6, 0x29, 0xaa, 0xcf, 0xa6, 0x12, 0xd4, 0x81, 0xda, 0x5a, + 0xa1, 0xbe, 0x2e, 0x11, 0x64, 0x0e, 0xc6, 0x57, 0x68, 0x57, 0xb1, 0x88, 0xf1, 0x09, 0x1b, 0xce, + 0x15, 0x82, 0x9f, 0x2a, 0xec, 0x38, 0xd2, 0xec, 0x0b, 0xbe, 0x40, 0x7e, 0x79, 0xe3, 0x01, 0x6a, + 0x7b, 0x9d, 0xad, 0x5e, 0x3b, 0x5c, 0x5a, 0x4c, 0xb3, 0x1a, 0xe1, 0x40, 0x26, 0xb7, 0x0e, 0x47, + 0x66, 0x0c, 0xfc, 0x1b, 0xaa, 0x73, 0x91, 0x33, 0xa5, 0x87, 0x3c, 0x0e, 0xd6, 0xe1, 0xde, 0x7c, + 0xfb, 0xe1, 0x79, 0x8c, 0x2f, 0x51, 0x73, 0x71, 0xf1, 0x82, 0x0d, 0x28, 0xef, 0x61, 0xf9, 0x6b, + 0xad, 0x33, 0x62, 0x71, 0xa4, 0x71, 0x3f, 0x4f, 0xf0, 0x13, 0x54, 0x4b, 0xe9, 0x1d, 0x4b, 0xf3, + 0xa0, 0xd1, 0xae, 0x76, 0x1a, 0xbd, 0x7f, 0xc2, 0x95, 0x67, 0x13, 0x96, 0x5b, 0x14, 0x0e, 0x00, + 0x09, 0x31, 0x71, 0x34, 0xdc, 0x47, 0x75, 0x99, 0x31, 0x05, 0x2f, 0x29, 0xd8, 0x86, 0x12, 0xfe, + 0x7a, 0x44, 0xe3, 0x55, 0x89, 0x25, 0x73, 0x1a, 0xde, 0x43, 0xbf, 0x68, 0x45, 0x23, 0x16, 0xec, + 0x43, 0x8b, 0x36, 0xc1, 0x04, 0x6d, 0xdb, 0x3d, 0x1b, 0xa6, 0x32, 0xb2, 0xfa, 0x07, 0xa0, 0xff, + 0xef, 0x23, 0xfa, 0xb7, 0xc0, 0x18, 0x38, 0x02, 0xd9, 0xca, 0x7f, 0xc8, 0x5b, 0x67, 0xa8, 0xb1, + 0xd0, 0x04, 0xde, 0x41, 0xd5, 0x0f, 0x6c, 0x1a, 0x78, 0x60, 0x6b, 0x42, 0x53, 0xca, 0x84, 0xa6, + 0x05, 0x83, 0x55, 0xae, 0x13, 0x9b, 0xfc, 0x5f, 0x39, 0xf5, 0xfa, 0x75, 0xb4, 0xe1, 0xb6, 0xf0, + 0x98, 0xa3, 0xdd, 0x95, 0x7e, 0xf0, 0x16, 0xaa, 0xf0, 0xd8, 0x49, 0x55, 0x78, 0x8c, 0x5b, 0xc8, + 0xcf, 0x94, 0x8c, 0x8b, 0x88, 0x29, 0x27, 0x36, 0xcb, 0x8d, 0xcb, 0x88, 0xab, 0x5c, 0xc3, 0xd2, + 0xfb, 0xc4, 0x26, 0x18, 0xa3, 0xf5, 0x94, 0xe6, 0x1a, 0x2e, 0xda, 0x27, 0x10, 0x1f, 0xbf, 0x43, + 0xfb, 0x0f, 0xb7, 0x66, 0xd0, 0x23, 0x9e, 0x32, 0xe7, 0x08, 0x31, 0x28, 0x70, 0x61, 0x8b, 0xaf, + 0x12, 0x88, 0x4d, 0x1d, 0xa3, 0x42, 0x44, 0x30, 0xbf, 0xaa, 0xad, 0xa3, 0xcc, 0xfb, 0x9f, 0xd1, + 0xaf, 0x91, 0x1c, 0xaf, 0x8e, 0xb3, 0xbf, 0x59, 0x9a, 0xde, 0xc0, 0x93, 0xf5, 0xde, 0x9e, 0x3a, + 0x4c, 0x22, 0x53, 0x2a, 0x92, 0x50, 0xaa, 0xa4, 0x9b, 0x30, 0x01, 0x4f, 0xa0, 0x6b, 0x8f, 0x68, + 0xc6, 0xf3, 0x85, 0xff, 0xf1, 0xb9, 0x0b, 0xbf, 0x79, 0xde, 0x97, 0xca, 0xc1, 0x95, 0x65, 0x5f, + 0xa6, 0xb2, 0x88, 0xcd, 0x5d, 0x81, 0xcf, 0x9b, 0xde, 0x5d, 0x0d, 0x14, 0xfe, 0xfb, 0x1e, 0x00, + 0x00, 0xff, 0xff, 0xa9, 0x61, 0x44, 0xa8, 0xd0, 0x05, 0x00, 0x00, } diff --git a/components/engine/vendor/google.golang.org/genproto/googleapis/logging/v2/logging.pb.go b/components/engine/vendor/google.golang.org/genproto/googleapis/logging/v2/logging.pb.go index 4e443f630b..06eeb2350b 100644 --- a/components/engine/vendor/google.golang.org/genproto/googleapis/logging/v2/logging.pb.go +++ b/components/engine/vendor/google.golang.org/genproto/googleapis/logging/v2/logging.pb.go @@ -12,7 +12,7 @@ import google_api3 "google.golang.org/genproto/googleapis/api/monitoredres" import _ "github.com/golang/protobuf/ptypes/duration" import google_protobuf5 "github.com/golang/protobuf/ptypes/empty" import _ "github.com/golang/protobuf/ptypes/timestamp" -import _ "google.golang.org/genproto/googleapis/rpc/status" +import google_rpc "google.golang.org/genproto/googleapis/rpc/status" import ( context "golang.org/x/net/context" @@ -30,6 +30,8 @@ type DeleteLogRequest struct { // // "projects/[PROJECT_ID]/logs/[LOG_ID]" // "organizations/[ORGANIZATION_ID]/logs/[LOG_ID]" + // "billingAccounts/[BILLING_ACCOUNT_ID]/logs/[LOG_ID]" + // "folders/[FOLDER_ID]/logs/[LOG_ID]" // // `[LOG_ID]` must be URL-encoded. For example, // `"projects/my-project-id/logs/syslog"`, @@ -58,6 +60,8 @@ type WriteLogEntriesRequest struct { // // "projects/[PROJECT_ID]/logs/[LOG_ID]" // "organizations/[ORGANIZATION_ID]/logs/[LOG_ID]" + // "billingAccounts/[BILLING_ACCOUNT_ID]/logs/[LOG_ID]" + // "folders/[FOLDER_ID]/logs/[LOG_ID]" // // `[LOG_ID]` must be URL-encoded. For example, // `"projects/my-project-id/logs/syslog"` or @@ -79,10 +83,16 @@ type WriteLogEntriesRequest struct { // as a label in this parameter, then the log entry's label is not changed. // See [LogEntry][google.logging.v2.LogEntry]. Labels map[string]string `protobuf:"bytes,3,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` - // Required. The log entries to write. Values supplied for the fields + // Required. The log entries to write. Values supplied for the fields // `log_name`, `resource`, and `labels` in this `entries.write` request are - // added to those log entries that do not provide their own values for the - // fields. + // inserted into those log entries in this list that do not provide their own + // values. + // + // Stackdriver Logging also creates and inserts values for `timestamp` and + // `insert_id` if the entries do not provide them. The created `insert_id` for + // the N'th entry in this list will be greater than earlier entries and less + // than later entries. Otherwise, the order of log entries in this list does + // not matter. // // To improve throughput and to avoid exceeding the // [quota limit](/logging/quota-policy) for calls to `entries.write`, @@ -91,9 +101,9 @@ type WriteLogEntriesRequest struct { Entries []*LogEntry `protobuf:"bytes,4,rep,name=entries" json:"entries,omitempty"` // Optional. Whether valid entries should be written even if some other // entries fail due to INVALID_ARGUMENT or PERMISSION_DENIED errors. If any - // entry is not written, the response status will be the error associated - // with one of the failed entries and include error details in the form of - // WriteLogEntriesPartialErrors. + // entry is not written, then the response status is the error associated + // with one of the failed entries and the response includes error details + // keyed by the entries' zero-based index in the `entries.write` method. PartialSuccess bool `protobuf:"varint,5,opt,name=partial_success,json=partialSuccess" json:"partial_success,omitempty"` } @@ -147,6 +157,29 @@ func (m *WriteLogEntriesResponse) String() string { return proto.Comp func (*WriteLogEntriesResponse) ProtoMessage() {} func (*WriteLogEntriesResponse) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{2} } +// Error details for WriteLogEntries with partial success. +type WriteLogEntriesPartialErrors struct { + // When `WriteLogEntriesRequest.partial_success` is true, records the error + // status for entries that were not written due to a permanent error, keyed + // by the entry's zero-based index in `WriteLogEntriesRequest.entries`. + // + // Failed requests for which no entries are written will not include + // per-entry errors. + LogEntryErrors map[int32]*google_rpc.Status `protobuf:"bytes,1,rep,name=log_entry_errors,json=logEntryErrors" json:"log_entry_errors,omitempty" protobuf_key:"varint,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` +} + +func (m *WriteLogEntriesPartialErrors) Reset() { *m = WriteLogEntriesPartialErrors{} } +func (m *WriteLogEntriesPartialErrors) String() string { return proto.CompactTextString(m) } +func (*WriteLogEntriesPartialErrors) ProtoMessage() {} +func (*WriteLogEntriesPartialErrors) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{3} } + +func (m *WriteLogEntriesPartialErrors) GetLogEntryErrors() map[int32]*google_rpc.Status { + if m != nil { + return m.LogEntryErrors + } + return nil +} + // The parameters to `ListLogEntries`. type ListLogEntriesRequest struct { // Deprecated. Use `resource_names` instead. One or more project identifiers @@ -155,11 +188,13 @@ type ListLogEntriesRequest struct { // resource name format and added to the list of resources in // `resource_names`. ProjectIds []string `protobuf:"bytes,1,rep,name=project_ids,json=projectIds" json:"project_ids,omitempty"` - // Required. Names of one or more resources from which to retrieve log - // entries: + // Required. Names of one or more parent resources from which to + // retrieve log entries: // // "projects/[PROJECT_ID]" // "organizations/[ORGANIZATION_ID]" + // "billingAccounts/[BILLING_ACCOUNT_ID]" + // "folders/[FOLDER_ID]" // // Projects listed in the `project_ids` field are added to this list. ResourceNames []string `protobuf:"bytes,8,rep,name=resource_names,json=resourceNames" json:"resource_names,omitempty"` @@ -176,15 +211,15 @@ type ListLogEntriesRequest struct { // option returns entries in order of increasing values of // `LogEntry.timestamp` (oldest first), and the second option returns entries // in order of decreasing timestamps (newest first). Entries with equal - // timestamps are returned in order of `LogEntry.insertId`. + // timestamps are returned in order of their `insert_id` values. OrderBy string `protobuf:"bytes,3,opt,name=order_by,json=orderBy" json:"order_by,omitempty"` // Optional. The maximum number of results to return from this request. - // Non-positive values are ignored. The presence of `nextPageToken` in the + // Non-positive values are ignored. The presence of `next_page_token` in the // response indicates that more results might be available. PageSize int32 `protobuf:"varint,4,opt,name=page_size,json=pageSize" json:"page_size,omitempty"` // Optional. If present, then retrieve the next batch of results from the - // preceding call to this method. `pageToken` must be the value of - // `nextPageToken` from the previous response. The values of other method + // preceding call to this method. `page_token` must be the value of + // `next_page_token` from the previous response. The values of other method // parameters should be identical to those in the previous call. PageToken string `protobuf:"bytes,5,opt,name=page_token,json=pageToken" json:"page_token,omitempty"` } @@ -192,7 +227,7 @@ type ListLogEntriesRequest struct { func (m *ListLogEntriesRequest) Reset() { *m = ListLogEntriesRequest{} } func (m *ListLogEntriesRequest) String() string { return proto.CompactTextString(m) } func (*ListLogEntriesRequest) ProtoMessage() {} -func (*ListLogEntriesRequest) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{3} } +func (*ListLogEntriesRequest) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{4} } func (m *ListLogEntriesRequest) GetProjectIds() []string { if m != nil { @@ -256,7 +291,7 @@ type ListLogEntriesResponse struct { func (m *ListLogEntriesResponse) Reset() { *m = ListLogEntriesResponse{} } func (m *ListLogEntriesResponse) String() string { return proto.CompactTextString(m) } func (*ListLogEntriesResponse) ProtoMessage() {} -func (*ListLogEntriesResponse) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{4} } +func (*ListLogEntriesResponse) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{5} } func (m *ListLogEntriesResponse) GetEntries() []*LogEntry { if m != nil { @@ -291,7 +326,7 @@ func (m *ListMonitoredResourceDescriptorsRequest) Reset() { func (m *ListMonitoredResourceDescriptorsRequest) String() string { return proto.CompactTextString(m) } func (*ListMonitoredResourceDescriptorsRequest) ProtoMessage() {} func (*ListMonitoredResourceDescriptorsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor1, []int{5} + return fileDescriptor1, []int{6} } func (m *ListMonitoredResourceDescriptorsRequest) GetPageSize() int32 { @@ -324,7 +359,7 @@ func (m *ListMonitoredResourceDescriptorsResponse) Reset() { func (m *ListMonitoredResourceDescriptorsResponse) String() string { return proto.CompactTextString(m) } func (*ListMonitoredResourceDescriptorsResponse) ProtoMessage() {} func (*ListMonitoredResourceDescriptorsResponse) Descriptor() ([]byte, []int) { - return fileDescriptor1, []int{6} + return fileDescriptor1, []int{7} } func (m *ListMonitoredResourceDescriptorsResponse) GetResourceDescriptors() []*google_api3.MonitoredResourceDescriptor { @@ -347,6 +382,8 @@ type ListLogsRequest struct { // // "projects/[PROJECT_ID]" // "organizations/[ORGANIZATION_ID]" + // "billingAccounts/[BILLING_ACCOUNT_ID]" + // "folders/[FOLDER_ID]" Parent string `protobuf:"bytes,1,opt,name=parent" json:"parent,omitempty"` // Optional. The maximum number of results to return from this request. // Non-positive values are ignored. The presence of `nextPageToken` in the @@ -362,7 +399,7 @@ type ListLogsRequest struct { func (m *ListLogsRequest) Reset() { *m = ListLogsRequest{} } func (m *ListLogsRequest) String() string { return proto.CompactTextString(m) } func (*ListLogsRequest) ProtoMessage() {} -func (*ListLogsRequest) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{7} } +func (*ListLogsRequest) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{8} } func (m *ListLogsRequest) GetParent() string { if m != nil { @@ -400,7 +437,7 @@ type ListLogsResponse struct { func (m *ListLogsResponse) Reset() { *m = ListLogsResponse{} } func (m *ListLogsResponse) String() string { return proto.CompactTextString(m) } func (*ListLogsResponse) ProtoMessage() {} -func (*ListLogsResponse) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{8} } +func (*ListLogsResponse) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{9} } func (m *ListLogsResponse) GetLogNames() []string { if m != nil { @@ -420,6 +457,7 @@ func init() { proto.RegisterType((*DeleteLogRequest)(nil), "google.logging.v2.DeleteLogRequest") proto.RegisterType((*WriteLogEntriesRequest)(nil), "google.logging.v2.WriteLogEntriesRequest") proto.RegisterType((*WriteLogEntriesResponse)(nil), "google.logging.v2.WriteLogEntriesResponse") + proto.RegisterType((*WriteLogEntriesPartialErrors)(nil), "google.logging.v2.WriteLogEntriesPartialErrors") proto.RegisterType((*ListLogEntriesRequest)(nil), "google.logging.v2.ListLogEntriesRequest") proto.RegisterType((*ListLogEntriesResponse)(nil), "google.logging.v2.ListLogEntriesResponse") proto.RegisterType((*ListMonitoredResourceDescriptorsRequest)(nil), "google.logging.v2.ListMonitoredResourceDescriptorsRequest") @@ -441,9 +479,10 @@ const _ = grpc.SupportPackageIsVersion4 type LoggingServiceV2Client interface { // Deletes all the log entries in a log. // The log reappears if it receives new entries. + // Log entries written shortly before the delete operation might not be + // deleted. DeleteLog(ctx context.Context, in *DeleteLogRequest, opts ...grpc.CallOption) (*google_protobuf5.Empty, error) - // Writes log entries to Stackdriver Logging. All log entries are - // written by this method. + // Writes log entries to Stackdriver Logging. WriteLogEntries(ctx context.Context, in *WriteLogEntriesRequest, opts ...grpc.CallOption) (*WriteLogEntriesResponse, error) // Lists log entries. Use this method to retrieve log entries from // Stackdriver Logging. For ways to export log entries, see @@ -452,7 +491,7 @@ type LoggingServiceV2Client interface { // Lists the descriptors for monitored resource types used by Stackdriver // Logging. ListMonitoredResourceDescriptors(ctx context.Context, in *ListMonitoredResourceDescriptorsRequest, opts ...grpc.CallOption) (*ListMonitoredResourceDescriptorsResponse, error) - // Lists the logs in projects or organizations. + // Lists the logs in projects, organizations, folders, or billing accounts. // Only logs that have entries are listed. ListLogs(ctx context.Context, in *ListLogsRequest, opts ...grpc.CallOption) (*ListLogsResponse, error) } @@ -515,9 +554,10 @@ func (c *loggingServiceV2Client) ListLogs(ctx context.Context, in *ListLogsReque type LoggingServiceV2Server interface { // Deletes all the log entries in a log. // The log reappears if it receives new entries. + // Log entries written shortly before the delete operation might not be + // deleted. DeleteLog(context.Context, *DeleteLogRequest) (*google_protobuf5.Empty, error) - // Writes log entries to Stackdriver Logging. All log entries are - // written by this method. + // Writes log entries to Stackdriver Logging. WriteLogEntries(context.Context, *WriteLogEntriesRequest) (*WriteLogEntriesResponse, error) // Lists log entries. Use this method to retrieve log entries from // Stackdriver Logging. For ways to export log entries, see @@ -526,7 +566,7 @@ type LoggingServiceV2Server interface { // Lists the descriptors for monitored resource types used by Stackdriver // Logging. ListMonitoredResourceDescriptors(context.Context, *ListMonitoredResourceDescriptorsRequest) (*ListMonitoredResourceDescriptorsResponse, error) - // Lists the logs in projects or organizations. + // Lists the logs in projects, organizations, folders, or billing accounts. // Only logs that have entries are listed. ListLogs(context.Context, *ListLogsRequest) (*ListLogsResponse, error) } @@ -657,62 +697,66 @@ var _LoggingServiceV2_serviceDesc = grpc.ServiceDesc{ func init() { proto.RegisterFile("google/logging/v2/logging.proto", fileDescriptor1) } var fileDescriptor1 = []byte{ - // 912 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x56, 0x4f, 0x6f, 0x1b, 0x45, - 0x14, 0xd7, 0xd8, 0x4d, 0x6a, 0xbf, 0xd0, 0xc4, 0x1d, 0x1a, 0xc7, 0xb5, 0xd3, 0xc6, 0x6c, 0x28, - 0xd9, 0x5a, 0xea, 0xae, 0x30, 0xaa, 0xd4, 0xa6, 0xe2, 0x12, 0x5a, 0x21, 0xa4, 0x14, 0x45, 0x1b, - 0xd4, 0x4a, 0xbd, 0x58, 0x6b, 0xfb, 0x75, 0x35, 0x74, 0xbd, 0xb3, 0xcc, 0x8c, 0x1d, 0xdc, 0xaa, - 0x1c, 0x7a, 0xe0, 0x0b, 0xf0, 0x2d, 0x38, 0xf0, 0x2d, 0xb8, 0x72, 0xe1, 0xc2, 0x81, 0x23, 0x1f, - 0x82, 0x23, 0x9a, 0xd9, 0x59, 0xc7, 0xb1, 0x5d, 0xc7, 0xe5, 0xb6, 0xf3, 0xe6, 0x37, 0xef, 0xfd, - 0xde, 0xef, 0xfd, 0xb1, 0x61, 0x2f, 0xe2, 0x3c, 0x8a, 0xd1, 0x8f, 0x79, 0x14, 0xb1, 0x24, 0xf2, - 0x47, 0xed, 0xfc, 0xd3, 0x4b, 0x05, 0x57, 0x9c, 0x5e, 0xcf, 0x00, 0x5e, 0x6e, 0x1d, 0xb5, 0xeb, - 0xbb, 0xf6, 0x4d, 0x98, 0x32, 0x3f, 0x4c, 0x12, 0xae, 0x42, 0xc5, 0x78, 0x22, 0xb3, 0x07, 0xf5, - 0xfd, 0xa9, 0xdb, 0x01, 0x4f, 0x98, 0xe2, 0x02, 0xfb, 0x1d, 0x81, 0x92, 0x0f, 0x45, 0x0f, 0x2d, - 0xe8, 0x93, 0x85, 0x61, 0x3b, 0x98, 0x28, 0x31, 0xb6, 0x90, 0xdb, 0x16, 0x62, 0x4e, 0xdd, 0xe1, - 0x4b, 0xbf, 0x3f, 0x14, 0x26, 0x90, 0xbd, 0x6f, 0xcc, 0xde, 0xe3, 0x20, 0x55, 0xf9, 0xe3, 0xbd, - 0xd9, 0x4b, 0xc5, 0x06, 0x28, 0x55, 0x38, 0x48, 0x2d, 0x60, 0xc7, 0x02, 0x44, 0xda, 0xf3, 0xa5, - 0x0a, 0xd5, 0xd0, 0xd2, 0x77, 0xee, 0x41, 0xe5, 0x31, 0xc6, 0xa8, 0xf0, 0x98, 0x47, 0x01, 0xfe, - 0x30, 0x44, 0xa9, 0xe8, 0x4d, 0x28, 0x69, 0x76, 0x49, 0x38, 0xc0, 0x1a, 0x69, 0x12, 0xb7, 0x1c, - 0x5c, 0x8d, 0x79, 0xf4, 0x6d, 0x38, 0x40, 0xe7, 0xaf, 0x02, 0x54, 0x9f, 0x0b, 0x66, 0xe0, 0x4f, - 0x12, 0x25, 0x18, 0xca, 0xcb, 0x5f, 0xd1, 0x87, 0x50, 0xca, 0x05, 0xa9, 0x15, 0x9a, 0xc4, 0xdd, - 0x68, 0xdf, 0xf2, 0xac, 0xce, 0x61, 0xca, 0xbc, 0xa7, 0xb9, 0x6c, 0x81, 0x05, 0x05, 0x13, 0x38, - 0x7d, 0x0a, 0xeb, 0x71, 0xd8, 0xc5, 0x58, 0xd6, 0x8a, 0xcd, 0xa2, 0xbb, 0xd1, 0xbe, 0xef, 0xcd, - 0x15, 0xc8, 0x5b, 0x4c, 0xc8, 0x3b, 0x36, 0xef, 0xb4, 0x71, 0x1c, 0x58, 0x27, 0xf4, 0x3e, 0x5c, - 0xc5, 0x0c, 0x55, 0xbb, 0x62, 0xfc, 0x35, 0x16, 0xf8, 0xb3, 0xae, 0xc6, 0x41, 0x8e, 0xa5, 0x07, - 0xb0, 0x95, 0x86, 0x42, 0xb1, 0x30, 0xee, 0xc8, 0x61, 0xaf, 0x87, 0x52, 0xd6, 0xd6, 0x9a, 0xc4, - 0x2d, 0x05, 0x9b, 0xd6, 0x7c, 0x9a, 0x59, 0xeb, 0x0f, 0x61, 0x63, 0x2a, 0x2c, 0xad, 0x40, 0xf1, - 0x15, 0x8e, 0xad, 0x1c, 0xfa, 0x93, 0xde, 0x80, 0xb5, 0x51, 0x18, 0x0f, 0x33, 0x1d, 0xca, 0x41, - 0x76, 0x38, 0x2c, 0x3c, 0x20, 0xce, 0x4d, 0xd8, 0x99, 0x4b, 0x44, 0xa6, 0x3c, 0x91, 0xe8, 0xfc, - 0x41, 0x60, 0xfb, 0x98, 0x49, 0x35, 0x2f, 0xfa, 0x1e, 0x6c, 0xa4, 0x82, 0x7f, 0x8f, 0x3d, 0xd5, - 0x61, 0x7d, 0x59, 0x23, 0xcd, 0xa2, 0x5b, 0x0e, 0xc0, 0x9a, 0xbe, 0xe9, 0x4b, 0x7a, 0x07, 0x36, - 0x73, 0x2d, 0x4d, 0x69, 0x64, 0xad, 0x64, 0x30, 0xd7, 0x72, 0xab, 0x2e, 0x90, 0xa4, 0x55, 0x58, - 0x7f, 0xc9, 0x62, 0x85, 0xc2, 0xf2, 0xb2, 0x27, 0x5d, 0x54, 0x2e, 0xfa, 0x28, 0x3a, 0xdd, 0x71, - 0xad, 0x98, 0x15, 0xd5, 0x9c, 0x8f, 0xc6, 0xb4, 0x01, 0xe5, 0x34, 0x8c, 0xb0, 0x23, 0xd9, 0x6b, - 0xac, 0x5d, 0x69, 0x12, 0x77, 0x2d, 0x28, 0x69, 0xc3, 0x29, 0x7b, 0x8d, 0xf4, 0x16, 0x80, 0xb9, - 0x54, 0xfc, 0x15, 0x26, 0x46, 0xab, 0x72, 0x60, 0xe0, 0xdf, 0x69, 0x83, 0x73, 0x06, 0xd5, 0xd9, - 0x7c, 0xb2, 0x54, 0xa7, 0x0b, 0x44, 0x3e, 0xa0, 0x40, 0x9f, 0xc1, 0x56, 0x82, 0x3f, 0xaa, 0xce, - 0x54, 0xd0, 0x2c, 0x91, 0x6b, 0xda, 0x7c, 0x32, 0x09, 0x8c, 0x70, 0xa0, 0x03, 0xcf, 0x75, 0xdc, - 0x63, 0x94, 0x3d, 0xc1, 0x52, 0xc5, 0xc5, 0x44, 0xda, 0x0b, 0xf9, 0x91, 0xa5, 0xf9, 0x15, 0x66, - 0xf3, 0xfb, 0x8d, 0x80, 0x7b, 0x79, 0x1c, 0x9b, 0xf2, 0x0b, 0xb8, 0x31, 0x29, 0x51, 0xff, 0xfc, - 0xde, 0xe6, 0x7f, 0xb0, 0x74, 0x52, 0xce, 0xfd, 0x05, 0x1f, 0x8b, 0xf9, 0x18, 0x1f, 0xa0, 0xcb, - 0x96, 0x2d, 0xc8, 0x24, 0xff, 0x2a, 0xac, 0xa7, 0xa1, 0xc0, 0x44, 0xd9, 0xf6, 0xb5, 0xa7, 0x8b, - 0xba, 0x14, 0x96, 0xea, 0x52, 0x9c, 0xd5, 0xe5, 0x39, 0x54, 0xce, 0xc3, 0xd8, 0xf4, 0x1b, 0x50, - 0xce, 0xf7, 0x46, 0x36, 0xe4, 0xe5, 0xa0, 0x64, 0x17, 0xc7, 0xca, 0xfc, 0xdb, 0x7f, 0xaf, 0x41, - 0xe5, 0x38, 0x6b, 0x90, 0x53, 0x14, 0x23, 0xd6, 0xc3, 0x67, 0x6d, 0x7a, 0x06, 0xe5, 0xc9, 0x6e, - 0xa3, 0xfb, 0x0b, 0xfa, 0x68, 0x76, 0xf3, 0xd5, 0xab, 0x39, 0x28, 0x5f, 0xa4, 0xde, 0x13, 0xbd, - 0x65, 0x9d, 0x7b, 0xef, 0xfe, 0xfc, 0xe7, 0x97, 0xc2, 0x41, 0xeb, 0x8e, 0x3f, 0x6a, 0x77, 0x51, - 0x85, 0x9f, 0xfb, 0x6f, 0x72, 0xce, 0x5f, 0xda, 0x61, 0x93, 0x7e, 0x4b, 0xef, 0x74, 0xe9, 0xb7, - 0xde, 0xd2, 0x9f, 0x09, 0x6c, 0xcd, 0xcc, 0x32, 0xbd, 0xbb, 0xf2, 0xe2, 0xaa, 0xb7, 0x56, 0x81, - 0xda, 0xd5, 0xb0, 0x6b, 0x98, 0x55, 0x9d, 0xeb, 0xfa, 0x37, 0xc5, 0x4e, 0xc3, 0xe1, 0x99, 0x06, - 0x1f, 0x92, 0x16, 0x7d, 0x47, 0x60, 0xf3, 0xe2, 0xa0, 0x51, 0x77, 0xd1, 0x3c, 0x2d, 0xda, 0x2d, - 0xf5, 0xbb, 0x2b, 0x20, 0x2d, 0x8b, 0x86, 0x61, 0xb1, 0xed, 0x54, 0xa6, 0x59, 0xc4, 0x4c, 0x2a, - 0x4d, 0xe2, 0x77, 0x02, 0xcd, 0xcb, 0x86, 0x81, 0x1e, 0xbe, 0x27, 0xd8, 0x0a, 0x93, 0x5a, 0x7f, - 0xf4, 0xbf, 0xde, 0x5a, 0xea, 0xae, 0xa1, 0xee, 0xd0, 0xa6, 0xa6, 0x3e, 0x58, 0x46, 0x71, 0x0c, - 0xa5, 0xbc, 0x79, 0xa9, 0xf3, 0x7e, 0x6d, 0x26, 0xb4, 0xf6, 0x97, 0x62, 0x6c, 0xf8, 0x4f, 0x4d, - 0xf8, 0xdb, 0x74, 0x57, 0x87, 0x7f, 0x93, 0x8d, 0xd8, 0x54, 0x4b, 0xbd, 0x35, 0x3d, 0x75, 0xf4, - 0x13, 0x6c, 0xf7, 0xf8, 0x60, 0xde, 0xdf, 0xd1, 0x47, 0xb6, 0xe9, 0x4f, 0x74, 0xbf, 0x9e, 0x90, - 0x17, 0x0f, 0x2c, 0x24, 0xe2, 0x71, 0x98, 0x44, 0x1e, 0x17, 0x91, 0x1f, 0x61, 0x62, 0xba, 0xd9, - 0xcf, 0xae, 0xc2, 0x94, 0xc9, 0xa9, 0xff, 0x21, 0x8f, 0xec, 0xe7, 0xbf, 0x84, 0xfc, 0x5a, 0xd8, - 0xf9, 0x3a, 0x7b, 0xfd, 0x55, 0xcc, 0x87, 0x7d, 0xcf, 0xba, 0xf6, 0x9e, 0xb5, 0xbb, 0xeb, 0xc6, - 0xc3, 0x17, 0xff, 0x05, 0x00, 0x00, 0xff, 0xff, 0x9a, 0x9f, 0x7c, 0xe8, 0x3f, 0x09, 0x00, 0x00, + // 975 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x56, 0xcd, 0x6e, 0xdb, 0x46, + 0x10, 0x06, 0xa5, 0xd8, 0x91, 0x46, 0x8d, 0xad, 0x6c, 0x62, 0x59, 0x91, 0x9c, 0x58, 0xa5, 0x9b, + 0x5a, 0x11, 0x10, 0x12, 0x55, 0x11, 0x20, 0x71, 0xd0, 0x8b, 0x13, 0xa3, 0x28, 0xe0, 0x14, 0x06, + 0xdd, 0x26, 0x40, 0x2e, 0x02, 0x25, 0x4d, 0x88, 0x6d, 0x28, 0x2e, 0xbb, 0xbb, 0x92, 0xab, 0x04, + 0xe9, 0x21, 0x87, 0xbe, 0x40, 0xdf, 0xa2, 0x87, 0xbe, 0x45, 0xaf, 0xbd, 0xf4, 0xd2, 0x43, 0x8f, + 0x79, 0x88, 0x1e, 0x0b, 0xee, 0x2e, 0x65, 0xea, 0x27, 0xb2, 0xdc, 0x9b, 0x76, 0xe6, 0xdb, 0x99, + 0xf9, 0x86, 0xdf, 0xcc, 0x0a, 0x76, 0x03, 0xc6, 0x82, 0x10, 0xdd, 0x90, 0x05, 0x01, 0x8d, 0x02, + 0x77, 0xd4, 0x4e, 0x7f, 0x3a, 0x31, 0x67, 0x92, 0x91, 0xeb, 0x1a, 0xe0, 0xa4, 0xd6, 0x51, 0xbb, + 0xb6, 0x63, 0xee, 0xf8, 0x31, 0x75, 0xfd, 0x28, 0x62, 0xd2, 0x97, 0x94, 0x45, 0x42, 0x5f, 0xa8, + 0xed, 0x65, 0xbc, 0x03, 0x16, 0x51, 0xc9, 0x38, 0xf6, 0x3b, 0x1c, 0x05, 0x1b, 0xf2, 0x1e, 0x1a, + 0xd0, 0xa7, 0x0b, 0xd3, 0x76, 0x30, 0x92, 0x7c, 0x6c, 0x20, 0x77, 0x0c, 0x44, 0x9d, 0xba, 0xc3, + 0x57, 0x6e, 0x7f, 0xc8, 0x55, 0x22, 0xe3, 0xaf, 0xcf, 0xfa, 0x71, 0x10, 0xcb, 0xf4, 0xf2, 0xee, + 0xac, 0x53, 0xd2, 0x01, 0x0a, 0xe9, 0x0f, 0x62, 0x03, 0xd8, 0x36, 0x00, 0x1e, 0xf7, 0x5c, 0x21, + 0x7d, 0x39, 0x34, 0xe5, 0xdb, 0xf7, 0xa1, 0xfc, 0x14, 0x43, 0x94, 0x78, 0xcc, 0x02, 0x0f, 0x7f, + 0x1c, 0xa2, 0x90, 0xe4, 0x16, 0x14, 0x92, 0xea, 0x22, 0x7f, 0x80, 0x55, 0xab, 0x61, 0x35, 0x8b, + 0xde, 0xd5, 0x90, 0x05, 0xdf, 0xfa, 0x03, 0xb4, 0xff, 0xce, 0x41, 0xe5, 0x05, 0xa7, 0x0a, 0x7e, + 0x14, 0x49, 0x4e, 0x51, 0x5c, 0x7c, 0x8b, 0x3c, 0x82, 0x42, 0xda, 0x90, 0x6a, 0xae, 0x61, 0x35, + 0x4b, 0xed, 0xdb, 0x8e, 0xe9, 0xb3, 0x1f, 0x53, 0xe7, 0x59, 0xda, 0x36, 0xcf, 0x80, 0xbc, 0x09, + 0x9c, 0x3c, 0x83, 0xf5, 0xd0, 0xef, 0x62, 0x28, 0xaa, 0xf9, 0x46, 0xbe, 0x59, 0x6a, 0x3f, 0x70, + 0xe6, 0x3e, 0x90, 0xb3, 0xb8, 0x20, 0xe7, 0x58, 0xdd, 0x4b, 0x8c, 0x63, 0xcf, 0x04, 0x21, 0x0f, + 0xe0, 0x2a, 0x6a, 0x54, 0xf5, 0x8a, 0x8a, 0x57, 0x5f, 0x10, 0xcf, 0x84, 0x1a, 0x7b, 0x29, 0x96, + 0xec, 0xc3, 0x66, 0xec, 0x73, 0x49, 0xfd, 0xb0, 0x23, 0x86, 0xbd, 0x1e, 0x0a, 0x51, 0x5d, 0x6b, + 0x58, 0xcd, 0x82, 0xb7, 0x61, 0xcc, 0xa7, 0xda, 0x5a, 0x7b, 0x04, 0xa5, 0x4c, 0x5a, 0x52, 0x86, + 0xfc, 0x6b, 0x1c, 0x9b, 0x76, 0x24, 0x3f, 0xc9, 0x4d, 0x58, 0x1b, 0xf9, 0xe1, 0x50, 0xf7, 0xa1, + 0xe8, 0xe9, 0xc3, 0x41, 0xee, 0xa1, 0x65, 0xdf, 0x82, 0xed, 0x39, 0x22, 0x22, 0x66, 0x91, 0x40, + 0xfb, 0x83, 0x05, 0x3b, 0x33, 0xbe, 0x13, 0x9d, 0xf7, 0x88, 0x73, 0xc6, 0x05, 0x19, 0x40, 0x79, + 0xa2, 0xa7, 0x0e, 0x2a, 0x5b, 0xd5, 0x52, 0xfc, 0x9e, 0x5c, 0xdc, 0xaf, 0xa9, 0x50, 0x13, 0xf2, + 0xfa, 0xa8, 0xfb, 0xb0, 0x11, 0x4e, 0x19, 0x6b, 0xdf, 0xc3, 0x8d, 0x05, 0xb0, 0x2c, 0xdb, 0x35, + 0xcd, 0xb6, 0x99, 0x65, 0x5b, 0x6a, 0x93, 0xb4, 0x18, 0x1e, 0xf7, 0x9c, 0x53, 0x25, 0xc3, 0x6c, + 0x07, 0xfe, 0xb4, 0x60, 0xeb, 0x98, 0x0a, 0x39, 0xaf, 0xad, 0x5d, 0x28, 0xc5, 0x9c, 0xfd, 0x80, + 0x3d, 0xd9, 0xa1, 0x7d, 0x4d, 0xad, 0xe8, 0x81, 0x31, 0x7d, 0xd3, 0x17, 0xe4, 0x2e, 0x6c, 0xa4, + 0x92, 0x51, 0x0a, 0x14, 0xd5, 0x82, 0xc2, 0x5c, 0x4b, 0xad, 0x89, 0x0e, 0x05, 0xa9, 0xc0, 0xfa, + 0x2b, 0x1a, 0x4a, 0xe4, 0xa6, 0xfd, 0xe6, 0x94, 0x68, 0x97, 0xf1, 0x3e, 0xf2, 0x4e, 0x77, 0x5c, + 0xcd, 0x6b, 0xed, 0xaa, 0xf3, 0xe1, 0x98, 0xd4, 0xa1, 0x18, 0xfb, 0x01, 0x76, 0x04, 0x7d, 0x83, + 0xd5, 0x2b, 0x8a, 0x5a, 0x21, 0x31, 0x9c, 0xd2, 0x37, 0x48, 0x6e, 0x03, 0x28, 0xa7, 0x64, 0xaf, + 0x31, 0x52, 0x92, 0x28, 0x7a, 0x0a, 0xfe, 0x5d, 0x62, 0xb0, 0xcf, 0xa0, 0x32, 0xcb, 0x47, 0x7f, + 0xd1, 0xac, 0x0e, 0xad, 0x4b, 0xe8, 0xf0, 0x73, 0xd8, 0x8c, 0xf0, 0x27, 0xd9, 0xc9, 0x24, 0xd5, + 0x44, 0xae, 0x25, 0xe6, 0x93, 0x49, 0x62, 0x84, 0xfd, 0x24, 0xf1, 0xdc, 0x60, 0x3d, 0x45, 0xd1, + 0xe3, 0x34, 0x96, 0x8c, 0x4f, 0x5a, 0x3b, 0xc5, 0xcf, 0x5a, 0xca, 0x2f, 0x37, 0xcb, 0xef, 0x77, + 0x0b, 0x9a, 0x17, 0xe7, 0x31, 0x94, 0x5f, 0xc2, 0xcd, 0xc9, 0x27, 0xea, 0x9f, 0xfb, 0x0d, 0xff, + 0xfd, 0xa5, 0x0b, 0xe1, 0x3c, 0x9e, 0x77, 0x83, 0xcf, 0xe7, 0xb8, 0x44, 0x5f, 0x36, 0xcd, 0x07, + 0x99, 0xf0, 0xaf, 0xc0, 0x7a, 0xec, 0x73, 0x8c, 0xa4, 0x99, 0x52, 0x73, 0x9a, 0xee, 0x4b, 0x6e, + 0x69, 0x5f, 0xf2, 0xb3, 0x7d, 0x79, 0x01, 0xe5, 0xf3, 0x34, 0x86, 0x7e, 0x1d, 0x8a, 0xe9, 0x7a, + 0xd4, 0xbb, 0xac, 0xe8, 0x15, 0xcc, 0x7e, 0x5c, 0xb9, 0xfe, 0xf6, 0x3f, 0x6b, 0x50, 0x3e, 0xd6, + 0x02, 0x39, 0x45, 0x3e, 0xa2, 0x3d, 0x7c, 0xde, 0x26, 0x67, 0x50, 0x9c, 0xac, 0x70, 0xb2, 0xb7, + 0x40, 0x47, 0xb3, 0x0b, 0xbe, 0x56, 0x49, 0x41, 0xe9, 0x7b, 0xe1, 0x1c, 0x25, 0x8f, 0x89, 0x7d, + 0xff, 0xfd, 0x5f, 0x1f, 0x7e, 0xcd, 0xed, 0xb7, 0xee, 0xba, 0xa3, 0x76, 0x17, 0xa5, 0xff, 0x85, + 0xfb, 0x36, 0xad, 0xf9, 0x2b, 0x33, 0x6c, 0xc2, 0x6d, 0x25, 0x4f, 0x97, 0x70, 0x5b, 0xef, 0xc8, + 0x2f, 0x16, 0x6c, 0xce, 0xec, 0x12, 0x72, 0x6f, 0xe5, 0xfd, 0x5c, 0x6b, 0xad, 0x02, 0x35, 0x1b, + 0x70, 0x47, 0x55, 0x56, 0xb1, 0xaf, 0x27, 0x4f, 0xa7, 0x99, 0x86, 0x83, 0xb3, 0x04, 0x7c, 0x60, + 0xb5, 0xc8, 0x7b, 0x0b, 0x36, 0xa6, 0x07, 0x8d, 0x34, 0x17, 0xcd, 0xd3, 0xa2, 0xdd, 0x52, 0xbb, + 0xb7, 0x02, 0xd2, 0x54, 0x51, 0x57, 0x55, 0x6c, 0xd9, 0xe5, 0x6c, 0x15, 0x21, 0x15, 0x32, 0x29, + 0xe2, 0x0f, 0x0b, 0x1a, 0x17, 0x0d, 0x03, 0x39, 0xf8, 0x48, 0xb2, 0x15, 0x26, 0xb5, 0xf6, 0xf8, + 0x7f, 0xdd, 0x35, 0xa5, 0x37, 0x55, 0xe9, 0x36, 0x69, 0x24, 0xa5, 0x0f, 0x96, 0x95, 0x38, 0x86, + 0x42, 0x2a, 0x5e, 0x62, 0x7f, 0xbc, 0x37, 0x93, 0xb2, 0xf6, 0x96, 0x62, 0x4c, 0xfa, 0xcf, 0x54, + 0xfa, 0x3b, 0x64, 0x27, 0x49, 0xff, 0x56, 0x8f, 0x58, 0x46, 0x52, 0xef, 0x94, 0xa6, 0x0e, 0x7f, + 0x86, 0xad, 0x1e, 0x1b, 0xcc, 0xc7, 0x3b, 0xfc, 0xc4, 0x88, 0xfe, 0x24, 0xd1, 0xeb, 0x89, 0xf5, + 0xf2, 0xa1, 0x81, 0x04, 0x2c, 0xf4, 0xa3, 0xc0, 0x61, 0x3c, 0x70, 0x03, 0x8c, 0x94, 0x9a, 0x5d, + 0xed, 0xf2, 0x63, 0x2a, 0x32, 0x7f, 0xb7, 0x1e, 0x9b, 0x9f, 0xff, 0x5a, 0xd6, 0x6f, 0xb9, 0xed, + 0xaf, 0xf5, 0xed, 0x27, 0x21, 0x1b, 0xf6, 0x1d, 0x13, 0xda, 0x79, 0xde, 0xee, 0xae, 0xab, 0x08, + 0x5f, 0xfe, 0x17, 0x00, 0x00, 0xff, 0xff, 0xe2, 0xc4, 0xaa, 0x91, 0x26, 0x0a, 0x00, 0x00, } diff --git a/components/engine/vendor/google.golang.org/genproto/googleapis/logging/v2/logging_config.pb.go b/components/engine/vendor/google.golang.org/genproto/googleapis/logging/v2/logging_config.pb.go index c5cf56c522..f96a1a5bd5 100644 --- a/components/engine/vendor/google.golang.org/genproto/googleapis/logging/v2/logging_config.pb.go +++ b/components/engine/vendor/google.golang.org/genproto/googleapis/logging/v2/logging_config.pb.go @@ -54,7 +54,8 @@ func (LogSink_VersionFormat) EnumDescriptor() ([]byte, []int) { return fileDescr // Describes a sink used to export log entries to one of the following // destinations in any project: a Cloud Storage bucket, a BigQuery dataset, or a // Cloud Pub/Sub topic. A logs filter controls which log entries are -// exported. The sink must be created within a project or organization. +// exported. The sink must be created within a project, organization, billing +// account, or folder. type LogSink struct { // Required. The client-assigned sink identifier, unique within the // project. Example: `"my-syslog-errors-to-pubsub"`. Sink identifiers are @@ -102,6 +103,20 @@ type LogSink struct { // Consult the destination service's documentation to determine the // appropriate IAM roles to assign to the identity. WriterIdentity string `protobuf:"bytes,8,opt,name=writer_identity,json=writerIdentity" json:"writer_identity,omitempty"` + // Optional. This field applies only to sinks owned by organizations and + // folders. If the field is false, the default, only the logs owned by the + // sink's parent resource are available for export. If the field is true, then + // logs from all the projects, folders, and billing accounts contained in the + // sink's parent resource are also available for export. Whether a particular + // log entry from the children is exported depends on the sink's filter + // expression. For example, if this field is true, then the filter + // `resource.type=gce_instance` would export all Compute Engine VM instance + // log entries from all projects in the sink's parent. To only export entries + // from certain child projects, filter on the project part of the log name: + // + // logName:("projects/test-project1/" OR "projects/test-project2/") AND + // resource.type=gce_instance + IncludeChildren bool `protobuf:"varint,9,opt,name=include_children,json=includeChildren" json:"include_children,omitempty"` // Optional. The time at which this sink will begin exporting log entries. // Log entries are exported only if their timestamp is not earlier than the // start time. The default value of this field is the time the sink is @@ -155,6 +170,13 @@ func (m *LogSink) GetWriterIdentity() string { return "" } +func (m *LogSink) GetIncludeChildren() bool { + if m != nil { + return m.IncludeChildren + } + return false +} + func (m *LogSink) GetStartTime() *google_protobuf4.Timestamp { if m != nil { return m.StartTime @@ -171,8 +193,12 @@ func (m *LogSink) GetEndTime() *google_protobuf4.Timestamp { // The parameters to `ListSinks`. type ListSinksRequest struct { - // Required. The parent resource whose sinks are to be listed. - // Examples: `"projects/my-logging-project"`, `"organizations/123456789"`. + // Required. The parent resource whose sinks are to be listed: + // + // "projects/[PROJECT_ID]" + // "organizations/[ORGANIZATION_ID]" + // "billingAccounts/[BILLING_ACCOUNT_ID]" + // "folders/[FOLDER_ID]" Parent string `protobuf:"bytes,1,opt,name=parent" json:"parent,omitempty"` // Optional. If present, then retrieve the next batch of results from the // preceding call to this method. `pageToken` must be the value of @@ -242,10 +268,12 @@ func (m *ListSinksResponse) GetNextPageToken() string { // The parameters to `GetSink`. type GetSinkRequest struct { - // Required. The parent resource name of the sink: + // Required. The resource name of the sink: // // "projects/[PROJECT_ID]/sinks/[SINK_ID]" // "organizations/[ORGANIZATION_ID]/sinks/[SINK_ID]" + // "billingAccounts/[BILLING_ACCOUNT_ID]/sinks/[SINK_ID]" + // "folders/[FOLDER_ID]/sinks/[SINK_ID]" // // Example: `"projects/my-project-id/sinks/my-sink-id"`. SinkName string `protobuf:"bytes,1,opt,name=sink_name,json=sinkName" json:"sink_name,omitempty"` @@ -269,6 +297,8 @@ type CreateSinkRequest struct { // // "projects/[PROJECT_ID]" // "organizations/[ORGANIZATION_ID]" + // "billingAccounts/[BILLING_ACCOUNT_ID]" + // "folders/[FOLDER_ID]" // // Examples: `"projects/my-logging-project"`, `"organizations/123456789"`. Parent string `protobuf:"bytes,1,opt,name=parent" json:"parent,omitempty"` @@ -278,9 +308,9 @@ type CreateSinkRequest struct { // Optional. Determines the kind of IAM identity returned as `writer_identity` // in the new sink. If this value is omitted or set to false, and if the // sink's parent is a project, then the value returned as `writer_identity` is - // `cloud-logs@google.com`, the same identity used before the addition of - // writer identities to this API. The sink's destination must be in the same - // project as the sink itself. + // the same group or service account used by Stackdriver Logging before the + // addition of writer identities to this API. The sink's destination must be + // in the same project as the sink itself. // // If this field is set to true, or if the sink is owned by a non-project // resource such as an organization, then the value of `writer_identity` will @@ -322,6 +352,8 @@ type UpdateSinkRequest struct { // // "projects/[PROJECT_ID]/sinks/[SINK_ID]" // "organizations/[ORGANIZATION_ID]/sinks/[SINK_ID]" + // "billingAccounts/[BILLING_ACCOUNT_ID]/sinks/[SINK_ID]" + // "folders/[FOLDER_ID]/sinks/[SINK_ID]" // // Example: `"projects/my-project-id/sinks/my-sink-id"`. SinkName string `protobuf:"bytes,1,opt,name=sink_name,json=sinkName" json:"sink_name,omitempty"` @@ -337,9 +369,9 @@ type UpdateSinkRequest struct { // // + If the old and new values of this field are both false or both true, // then there is no change to the sink's `writer_identity`. - // + If the old value was false and the new value is true, then + // + If the old value is false and the new value is true, then // `writer_identity` is changed to a unique service account. - // + It is an error if the old value was true and the new value is false. + // + It is an error if the old value is true and the new value is false. UniqueWriterIdentity bool `protobuf:"varint,3,opt,name=unique_writer_identity,json=uniqueWriterIdentity" json:"unique_writer_identity,omitempty"` } @@ -376,10 +408,10 @@ type DeleteSinkRequest struct { // // "projects/[PROJECT_ID]/sinks/[SINK_ID]" // "organizations/[ORGANIZATION_ID]/sinks/[SINK_ID]" + // "billingAccounts/[BILLING_ACCOUNT_ID]/sinks/[SINK_ID]" + // "folders/[FOLDER_ID]/sinks/[SINK_ID]" // - // It is an error if the sink does not exist. Example: - // `"projects/my-project-id/sinks/my-sink-id"`. It is an error if - // the sink does not exist. + // Example: `"projects/my-project-id/sinks/my-sink-id"`. SinkName string `protobuf:"bytes,1,opt,name=sink_name,json=sinkName" json:"sink_name,omitempty"` } @@ -647,55 +679,57 @@ var _ConfigServiceV2_serviceDesc = grpc.ServiceDesc{ func init() { proto.RegisterFile("google/logging/v2/logging_config.proto", fileDescriptor2) } var fileDescriptor2 = []byte{ - // 787 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0xed, 0x4e, 0x33, 0x45, - 0x14, 0x76, 0x0b, 0x94, 0xf6, 0x90, 0x17, 0xda, 0xd1, 0x17, 0x37, 0x8b, 0xaf, 0xd4, 0x15, 0xb0, - 0xa9, 0x71, 0x17, 0x57, 0x4d, 0xfc, 0x88, 0x31, 0x52, 0x0a, 0x69, 0x82, 0xd0, 0x6c, 0xa1, 0x26, - 0xc6, 0x64, 0xb3, 0xb4, 0xd3, 0xcd, 0x48, 0x77, 0x66, 0xd9, 0x9d, 0x56, 0x81, 0x90, 0xa8, 0x77, - 0x40, 0x4c, 0xbc, 0x08, 0x6f, 0xc7, 0x5b, 0xf0, 0x3a, 0x8c, 0x99, 0x99, 0x2d, 0xb4, 0xdd, 0x5a, - 0xf9, 0xe5, 0xaf, 0x9d, 0xf3, 0x35, 0xcf, 0x73, 0xce, 0x79, 0x32, 0x0b, 0x7b, 0x01, 0x63, 0xc1, - 0x00, 0xdb, 0x03, 0x16, 0x04, 0x84, 0x06, 0xf6, 0xc8, 0x19, 0x1f, 0xbd, 0x2e, 0xa3, 0x7d, 0x12, - 0x58, 0x51, 0xcc, 0x38, 0x43, 0x65, 0x95, 0x67, 0xa5, 0x41, 0x6b, 0xe4, 0x18, 0x6f, 0xa5, 0xa5, - 0x7e, 0x44, 0x6c, 0x9f, 0x52, 0xc6, 0x7d, 0x4e, 0x18, 0x4d, 0x54, 0x81, 0xb1, 0x95, 0x46, 0xa5, - 0x75, 0x39, 0xec, 0xdb, 0x38, 0x8c, 0xf8, 0x4d, 0x1a, 0xdc, 0x9e, 0x0d, 0x72, 0x12, 0xe2, 0x84, - 0xfb, 0x61, 0xa4, 0x12, 0xcc, 0x87, 0x25, 0x58, 0x3d, 0x61, 0x41, 0x9b, 0xd0, 0x2b, 0x84, 0x60, - 0x99, 0xfa, 0x21, 0xd6, 0xb5, 0x8a, 0x56, 0x2d, 0xba, 0xf2, 0x8c, 0x2a, 0xb0, 0xd6, 0xc3, 0x09, - 0x27, 0x54, 0x62, 0xea, 0x4b, 0x32, 0x34, 0xe9, 0x42, 0x9b, 0x90, 0xef, 0x93, 0x01, 0xc7, 0xb1, - 0xbe, 0x22, 0x83, 0xa9, 0x85, 0xbe, 0x87, 0x97, 0x6c, 0xc8, 0xa3, 0x21, 0xf7, 0x46, 0x38, 0x4e, - 0x08, 0xa3, 0x5e, 0x9f, 0xc5, 0xa1, 0xcf, 0xf5, 0x7c, 0x45, 0xab, 0xae, 0x3b, 0x55, 0x2b, 0xd3, - 0xa8, 0x95, 0x12, 0xb1, 0x3a, 0xaa, 0xe0, 0x48, 0xe6, 0xbb, 0xaf, 0xab, 0x6b, 0xa6, 0x9c, 0xe8, - 0x3d, 0xd8, 0xf8, 0x31, 0x26, 0x1c, 0xc7, 0x1e, 0xe9, 0x61, 0xca, 0x09, 0xbf, 0xd1, 0x0b, 0x12, - 0x7e, 0x5d, 0xb9, 0x9b, 0xa9, 0x17, 0x7d, 0x06, 0x90, 0x70, 0x3f, 0xe6, 0x9e, 0xe8, 0x5c, 0x87, - 0x8a, 0x56, 0x5d, 0x73, 0x8c, 0x31, 0xf6, 0x78, 0x2c, 0xd6, 0xf9, 0x78, 0x2c, 0x6e, 0x51, 0x66, - 0x0b, 0x1b, 0x7d, 0x02, 0x05, 0x4c, 0x7b, 0xaa, 0x70, 0xed, 0x3f, 0x0b, 0x57, 0x31, 0xed, 0x09, - 0xcb, 0xfc, 0x0a, 0x5e, 0x4c, 0x73, 0x7d, 0x1b, 0x8c, 0x4e, 0xc3, 0x6d, 0x37, 0xcf, 0x4e, 0xbd, - 0xa3, 0x33, 0xf7, 0x9b, 0xaf, 0xcf, 0xbd, 0x8b, 0xd3, 0x76, 0xab, 0x51, 0x6f, 0x1e, 0x35, 0x1b, - 0x87, 0xa5, 0xd7, 0x50, 0x1e, 0x72, 0x1d, 0xa7, 0xa4, 0xc9, 0xef, 0x87, 0xa5, 0x9c, 0xd9, 0x87, - 0xd2, 0x09, 0x49, 0xb8, 0x18, 0x45, 0xe2, 0xe2, 0xeb, 0x21, 0x4e, 0xb8, 0x98, 0x72, 0xe4, 0xc7, - 0x98, 0xf2, 0x74, 0x3b, 0xa9, 0x85, 0x5e, 0x01, 0x44, 0x7e, 0x80, 0x3d, 0xce, 0xae, 0x30, 0xd5, - 0x73, 0x32, 0x56, 0x14, 0x9e, 0x73, 0xe1, 0x40, 0x5b, 0x20, 0x0d, 0x2f, 0x21, 0xb7, 0x58, 0x2e, - 0x6f, 0xc5, 0x2d, 0x08, 0x47, 0x9b, 0xdc, 0x62, 0x33, 0x84, 0xf2, 0x04, 0x4e, 0x12, 0x31, 0x9a, - 0x60, 0xb4, 0x0f, 0x2b, 0x89, 0x70, 0xe8, 0x5a, 0x65, 0x69, 0xb2, 0xe3, 0xec, 0x9a, 0x5c, 0x95, - 0x88, 0xf6, 0x60, 0x83, 0xe2, 0x9f, 0xb8, 0x97, 0xe1, 0xf1, 0x42, 0xb8, 0x5b, 0x63, 0x2e, 0xe6, - 0x07, 0xb0, 0x7e, 0x8c, 0x25, 0xda, 0xb8, 0xa9, 0x2d, 0x28, 0x8a, 0x2b, 0xbc, 0x09, 0xd5, 0x15, - 0x84, 0xe3, 0xd4, 0x0f, 0xb1, 0xf9, 0xa0, 0x41, 0xb9, 0x1e, 0x63, 0x9f, 0xe3, 0xc9, 0x92, 0x7f, - 0x9b, 0x83, 0x05, 0xcb, 0xa2, 0x52, 0x22, 0x2f, 0x66, 0x2d, 0xf3, 0xd0, 0xc7, 0xb0, 0x39, 0xa4, - 0xe4, 0x7a, 0x88, 0xbd, 0x59, 0x19, 0x89, 0x29, 0x15, 0xdc, 0x37, 0x54, 0xf4, 0xdb, 0x29, 0x31, - 0x99, 0xbf, 0x6b, 0x50, 0xbe, 0x88, 0x7a, 0x33, 0x9c, 0x16, 0xb5, 0xf1, 0x3f, 0x11, 0xdb, 0x87, - 0xf2, 0x21, 0x1e, 0xe0, 0xe7, 0xf3, 0x72, 0xfe, 0x5e, 0x86, 0x8d, 0xba, 0x7c, 0x78, 0xda, 0x38, - 0x1e, 0x91, 0x2e, 0xee, 0x38, 0xe8, 0x1e, 0x8a, 0x8f, 0x82, 0x40, 0xef, 0xce, 0xa3, 0x3a, 0x23, - 0x4b, 0x63, 0x67, 0x71, 0x92, 0xd2, 0x94, 0xb9, 0xfb, 0xeb, 0x9f, 0x7f, 0xfd, 0x96, 0xdb, 0x46, - 0xaf, 0xc4, 0xab, 0x77, 0xa7, 0x36, 0xf6, 0x65, 0x14, 0xb3, 0x1f, 0x70, 0x97, 0x27, 0x76, 0xed, - 0xde, 0x56, 0x42, 0xe2, 0xb0, 0x9a, 0x0a, 0x04, 0xbd, 0x33, 0xe7, 0xde, 0x69, 0xf1, 0x18, 0x0b, - 0x46, 0x69, 0xd6, 0x24, 0xe0, 0x0e, 0x32, 0x25, 0xe0, 0xe3, 0x10, 0x26, 0x30, 0x15, 0xa4, 0x5d, - 0xbb, 0x47, 0x77, 0x00, 0x4f, 0x32, 0x43, 0xf3, 0x1a, 0xca, 0xa8, 0x70, 0x21, 0xf6, 0xfb, 0x12, - 0x7b, 0xd7, 0x5c, 0xdc, 0xec, 0xe7, 0x6a, 0xdb, 0x3f, 0x6b, 0x00, 0x4f, 0x82, 0x9a, 0x8b, 0x9e, - 0xd1, 0xdb, 0x42, 0xf4, 0x7d, 0x89, 0x5e, 0x33, 0x9e, 0xd1, 0x79, 0x4a, 0x61, 0x04, 0xf0, 0x24, - 0x9d, 0xb9, 0x0c, 0x32, 0xca, 0x32, 0x36, 0x33, 0xef, 0x60, 0x43, 0xfc, 0x74, 0xc6, 0x73, 0xaf, - 0x3d, 0x03, 0xfd, 0xe0, 0x17, 0x0d, 0x5e, 0x76, 0x59, 0x98, 0xc5, 0x3b, 0x40, 0x27, 0xea, 0xac, - 0xe4, 0xd9, 0x12, 0x10, 0x2d, 0xed, 0xbb, 0x4f, 0xd3, 0xc4, 0x80, 0x0d, 0x7c, 0x1a, 0x58, 0x2c, - 0x0e, 0xec, 0x00, 0x53, 0x49, 0xc0, 0x56, 0x21, 0x3f, 0x22, 0xc9, 0xc4, 0xff, 0xf5, 0x8b, 0xf4, - 0xf8, 0x47, 0xee, 0xcd, 0x63, 0x55, 0x5a, 0x1f, 0xb0, 0x61, 0xcf, 0x4a, 0x6f, 0xb7, 0x3a, 0xce, - 0x65, 0x5e, 0x96, 0x7f, 0xf4, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xdc, 0x9e, 0xa5, 0xee, 0x9d, - 0x07, 0x00, 0x00, + // 818 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0xff, 0x6e, 0xdb, 0x54, + 0x14, 0xc6, 0xe9, 0xaf, 0xe4, 0x54, 0x6b, 0x93, 0x0b, 0x2b, 0x56, 0xca, 0x58, 0x30, 0xdb, 0x08, + 0x41, 0xd8, 0x25, 0x80, 0xc4, 0x0f, 0x21, 0xc4, 0xb2, 0x76, 0xaa, 0x54, 0xba, 0xca, 0xe9, 0x82, + 0x84, 0x90, 0x2c, 0x2f, 0x3e, 0x31, 0x97, 0xd9, 0xf7, 0x7a, 0xf6, 0x75, 0x60, 0x9b, 0x2a, 0x01, + 0x6f, 0x80, 0x90, 0x78, 0x08, 0x9e, 0x81, 0xb7, 0xe0, 0x15, 0x78, 0x0e, 0x84, 0xee, 0x8f, 0xac, + 0x69, 0x1d, 0x42, 0xff, 0xe2, 0xaf, 0xdc, 0xfb, 0x9d, 0x73, 0xee, 0xf7, 0x9d, 0x73, 0x3e, 0x39, + 0x70, 0x27, 0xe6, 0x3c, 0x4e, 0xd0, 0x4b, 0x78, 0x1c, 0x53, 0x16, 0x7b, 0xd3, 0xfe, 0xec, 0x18, + 0x8c, 0x39, 0x9b, 0xd0, 0xd8, 0xcd, 0x72, 0x2e, 0x38, 0x69, 0xe9, 0x3c, 0xd7, 0x04, 0xdd, 0x69, + 0xbf, 0xfd, 0x9a, 0x29, 0x0d, 0x33, 0xea, 0x85, 0x8c, 0x71, 0x11, 0x0a, 0xca, 0x59, 0xa1, 0x0b, + 0xda, 0xbb, 0x26, 0xaa, 0x6e, 0x8f, 0xca, 0x89, 0x87, 0x69, 0x26, 0x9e, 0x9a, 0xe0, 0xcd, 0xcb, + 0x41, 0x41, 0x53, 0x2c, 0x44, 0x98, 0x66, 0x3a, 0xc1, 0xf9, 0x63, 0x05, 0x36, 0x8e, 0x78, 0x3c, + 0xa4, 0xec, 0x31, 0x21, 0xb0, 0xca, 0xc2, 0x14, 0x6d, 0xab, 0x63, 0x75, 0x1b, 0xbe, 0x3a, 0x93, + 0x0e, 0x6c, 0x46, 0x58, 0x08, 0xca, 0x14, 0xa7, 0xbd, 0xa2, 0x42, 0xf3, 0x10, 0xd9, 0x81, 0xf5, + 0x09, 0x4d, 0x04, 0xe6, 0xf6, 0x9a, 0x0a, 0x9a, 0x1b, 0xf9, 0x06, 0xae, 0xf3, 0x52, 0x64, 0xa5, + 0x08, 0xa6, 0x98, 0x17, 0x94, 0xb3, 0x60, 0xc2, 0xf3, 0x34, 0x14, 0xf6, 0x7a, 0xc7, 0xea, 0x6e, + 0xf5, 0xbb, 0x6e, 0xa5, 0x51, 0xd7, 0x08, 0x71, 0x47, 0xba, 0xe0, 0x40, 0xe5, 0xfb, 0x2f, 0xeb, + 0x67, 0x2e, 0x80, 0xe4, 0x2d, 0xd8, 0xfe, 0x3e, 0xa7, 0x02, 0xf3, 0x80, 0x46, 0xc8, 0x04, 0x15, + 0x4f, 0xed, 0xba, 0xa2, 0xdf, 0xd2, 0xf0, 0xa1, 0x41, 0xc9, 0xdb, 0xd0, 0xa4, 0x6c, 0x9c, 0x94, + 0x11, 0x06, 0xe3, 0x6f, 0x69, 0x12, 0xe5, 0xc8, 0xec, 0x46, 0xc7, 0xea, 0xd6, 0xfd, 0x6d, 0x83, + 0x0f, 0x0c, 0x4c, 0x3e, 0x06, 0x28, 0x44, 0x98, 0x8b, 0x40, 0x0e, 0xc9, 0x86, 0x8e, 0xd5, 0xdd, + 0xec, 0xb7, 0x67, 0x32, 0x67, 0x13, 0x74, 0x4f, 0x67, 0x13, 0xf4, 0x1b, 0x2a, 0x5b, 0xde, 0xc9, + 0x87, 0x50, 0x47, 0x16, 0xe9, 0xc2, 0xcd, 0xff, 0x2c, 0xdc, 0x40, 0x16, 0xc9, 0x9b, 0xf3, 0x39, + 0x5c, 0xbb, 0xd8, 0xd6, 0xeb, 0xd0, 0x1e, 0xed, 0xfb, 0xc3, 0xc3, 0x07, 0xc7, 0xc1, 0xc1, 0x03, + 0xff, 0xcb, 0x2f, 0x4e, 0x83, 0x87, 0xc7, 0xc3, 0x93, 0xfd, 0xc1, 0xe1, 0xc1, 0xe1, 0xfe, 0xbd, + 0xe6, 0x4b, 0x64, 0x1d, 0x6a, 0xa3, 0x7e, 0xd3, 0x52, 0xbf, 0xef, 0x35, 0x6b, 0xce, 0x04, 0x9a, + 0x47, 0xb4, 0x10, 0x72, 0x6a, 0x85, 0x8f, 0x4f, 0x4a, 0x2c, 0x84, 0x5c, 0x48, 0x16, 0xe6, 0xc8, + 0x84, 0x59, 0xa4, 0xb9, 0x91, 0x1b, 0x00, 0x59, 0x18, 0x63, 0x20, 0xf8, 0x63, 0x64, 0x76, 0x4d, + 0xc5, 0x1a, 0x12, 0x39, 0x95, 0x00, 0xd9, 0x05, 0x75, 0x09, 0x0a, 0xfa, 0x0c, 0xd5, 0x9e, 0xd7, + 0xfc, 0xba, 0x04, 0x86, 0xf4, 0x19, 0x3a, 0x29, 0xb4, 0xe6, 0x78, 0x8a, 0x8c, 0xb3, 0x02, 0xc9, + 0x1e, 0xac, 0x15, 0x12, 0xb0, 0xad, 0xce, 0xca, 0x7c, 0xc7, 0xd5, 0x8d, 0xfa, 0x3a, 0x91, 0xdc, + 0x81, 0x6d, 0x86, 0x3f, 0x88, 0xa0, 0xa2, 0xe3, 0x9a, 0x84, 0x4f, 0x66, 0x5a, 0x9c, 0x77, 0x61, + 0xeb, 0x3e, 0x2a, 0xb6, 0x59, 0x53, 0xbb, 0xd0, 0x90, 0x4f, 0x04, 0x73, 0x06, 0xad, 0x4b, 0xe0, + 0x38, 0x4c, 0xd1, 0xf9, 0xc5, 0x82, 0xd6, 0x20, 0xc7, 0x50, 0xe0, 0x7c, 0xc9, 0xbf, 0xcd, 0xc1, + 0x85, 0x55, 0x59, 0xa9, 0x98, 0x97, 0xab, 0x56, 0x79, 0xe4, 0x03, 0xd8, 0x29, 0x19, 0x7d, 0x52, + 0x62, 0x70, 0xd9, 0x71, 0x2b, 0xca, 0x47, 0xaf, 0xe8, 0xe8, 0x57, 0x17, 0x7c, 0xe7, 0xfc, 0x66, + 0x41, 0xeb, 0x61, 0x16, 0x5d, 0xd2, 0xb4, 0xac, 0x8d, 0xff, 0x49, 0xd8, 0x1e, 0xb4, 0xee, 0x61, + 0x82, 0x57, 0xd7, 0xd5, 0xff, 0x7b, 0x15, 0xb6, 0x07, 0xea, 0x1b, 0x35, 0xc4, 0x7c, 0x4a, 0xc7, + 0x38, 0xea, 0x93, 0x33, 0x68, 0xbc, 0x30, 0x04, 0x79, 0x73, 0x91, 0xd4, 0x4b, 0xb6, 0x6c, 0xdf, + 0x5a, 0x9e, 0xa4, 0x3d, 0xe5, 0xdc, 0xfe, 0xf9, 0xcf, 0xbf, 0x7e, 0xad, 0xdd, 0x24, 0x37, 0xe4, + 0x07, 0xf2, 0xb9, 0xde, 0xd8, 0x67, 0x59, 0xce, 0xbf, 0xc3, 0xb1, 0x28, 0xbc, 0xde, 0x99, 0xa7, + 0x8d, 0x24, 0x60, 0xc3, 0x18, 0x84, 0xbc, 0xb1, 0xe0, 0xdd, 0x8b, 0xe6, 0x69, 0x2f, 0x19, 0xa5, + 0xd3, 0x53, 0x84, 0xb7, 0x88, 0xa3, 0x08, 0x5f, 0x0c, 0x61, 0x8e, 0x53, 0x53, 0x7a, 0xbd, 0x33, + 0xf2, 0x1c, 0xe0, 0xdc, 0x66, 0x64, 0x51, 0x43, 0x15, 0x17, 0x2e, 0xe5, 0x7e, 0x47, 0x71, 0xdf, + 0x76, 0x96, 0x37, 0xfb, 0x89, 0xde, 0xf6, 0x8f, 0x16, 0xc0, 0xb9, 0xa1, 0x16, 0xb2, 0x57, 0xfc, + 0xb6, 0x94, 0x7d, 0x4f, 0xb1, 0xf7, 0xda, 0x57, 0xe8, 0xdc, 0x48, 0x98, 0x02, 0x9c, 0x5b, 0x67, + 0xa1, 0x82, 0x8a, 0xb3, 0xda, 0x3b, 0x95, 0xef, 0xe0, 0xbe, 0xfc, 0x7f, 0x9a, 0xcd, 0xbd, 0x77, + 0x05, 0xf6, 0xbb, 0x3f, 0x59, 0x70, 0x7d, 0xcc, 0xd3, 0x2a, 0xdf, 0x5d, 0x72, 0xa4, 0xcf, 0xda, + 0x9e, 0x27, 0x92, 0xe2, 0xc4, 0xfa, 0xfa, 0x23, 0x93, 0x18, 0xf3, 0x24, 0x64, 0xb1, 0xcb, 0xf3, + 0xd8, 0x8b, 0x91, 0x29, 0x01, 0x9e, 0x0e, 0x85, 0x19, 0x2d, 0xe6, 0xfe, 0x8a, 0x3f, 0x35, 0xc7, + 0xdf, 0x6b, 0xaf, 0xde, 0xd7, 0xa5, 0x83, 0x84, 0x97, 0x91, 0x6b, 0x5e, 0x77, 0x47, 0xfd, 0x47, + 0xeb, 0xaa, 0xfc, 0xfd, 0x7f, 0x02, 0x00, 0x00, 0xff, 0xff, 0xda, 0xa4, 0xe3, 0x1e, 0xc8, 0x07, + 0x00, 0x00, } diff --git a/components/engine/vendor/google.golang.org/genproto/googleapis/logging/v2/logging_metrics.pb.go b/components/engine/vendor/google.golang.org/genproto/googleapis/logging/v2/logging_metrics.pb.go index ef047de752..24782649eb 100644 --- a/components/engine/vendor/google.golang.org/genproto/googleapis/logging/v2/logging_metrics.pb.go +++ b/components/engine/vendor/google.golang.org/genproto/googleapis/logging/v2/logging_metrics.pb.go @@ -8,6 +8,8 @@ import proto "github.com/golang/protobuf/proto" import fmt "fmt" import math "math" import _ "google.golang.org/genproto/googleapis/api/annotations" +import _ "google.golang.org/genproto/googleapis/api/distribution" +import _ "google.golang.org/genproto/googleapis/api/metric" import google_protobuf5 "github.com/golang/protobuf/ptypes/empty" import ( @@ -517,46 +519,47 @@ var _MetricsServiceV2_serviceDesc = grpc.ServiceDesc{ func init() { proto.RegisterFile("google/logging/v2/logging_metrics.proto", fileDescriptor3) } var fileDescriptor3 = []byte{ - // 646 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x55, 0x4f, 0x53, 0xd3, 0x40, - 0x14, 0x77, 0x0b, 0x14, 0x79, 0x28, 0xc5, 0x65, 0x88, 0x9d, 0x80, 0x43, 0xcd, 0x01, 0x0a, 0x87, - 0x44, 0xa3, 0xc3, 0xf8, 0x67, 0x3c, 0x00, 0x3a, 0x5c, 0xd0, 0xe9, 0x14, 0xed, 0xc1, 0x4b, 0x27, - 0xb4, 0xaf, 0x99, 0x95, 0x34, 0x1b, 0x93, 0x6d, 0x07, 0x71, 0xb8, 0x30, 0xdc, 0x9c, 0xf1, 0xa0, - 0xdf, 0xc2, 0x8f, 0xe0, 0xd7, 0xd0, 0x8f, 0xe0, 0x07, 0x71, 0xb2, 0xd9, 0x94, 0xd8, 0x46, 0xda, - 0xe1, 0xd4, 0xdd, 0xf7, 0xef, 0xf7, 0x7b, 0xef, 0xfd, 0xba, 0x81, 0x0d, 0x97, 0x73, 0xd7, 0x43, - 0xcb, 0xe3, 0xae, 0xcb, 0x7c, 0xd7, 0xea, 0xdb, 0xe9, 0xb1, 0xd9, 0x45, 0x11, 0xb2, 0x56, 0x64, - 0x06, 0x21, 0x17, 0x9c, 0xde, 0x49, 0x02, 0x4d, 0xe5, 0x35, 0xfb, 0xb6, 0xbe, 0xaa, 0x72, 0x9d, - 0x80, 0x59, 0x8e, 0xef, 0x73, 0xe1, 0x08, 0xc6, 0x7d, 0x95, 0xa0, 0xaf, 0x28, 0xaf, 0xbc, 0x1d, - 0xf5, 0x3a, 0x16, 0x76, 0x03, 0xf1, 0x29, 0x71, 0x1a, 0x3f, 0x09, 0xcc, 0x1d, 0x70, 0xf7, 0xb5, - 0x84, 0xa0, 0x14, 0xa6, 0x7d, 0xa7, 0x8b, 0x65, 0x52, 0x21, 0xd5, 0xb9, 0xba, 0x3c, 0xd3, 0x0a, - 0xcc, 0xb7, 0x31, 0x6a, 0x85, 0x2c, 0x88, 0x8b, 0x96, 0x0b, 0xd2, 0x95, 0x35, 0x51, 0x0d, 0x8a, - 0x1d, 0xe6, 0x09, 0x0c, 0xcb, 0x53, 0xd2, 0xa9, 0x6e, 0x74, 0x07, 0x66, 0xfb, 0x18, 0x46, 0x71, - 0xd6, 0x74, 0x85, 0x54, 0x17, 0xec, 0x0d, 0x73, 0x84, 0xbb, 0x39, 0x00, 0x37, 0x77, 0x02, 0xd6, - 0x48, 0xc2, 0xeb, 0x69, 0x9e, 0xb1, 0x0a, 0x70, 0x69, 0xa6, 0x45, 0x28, 0x34, 0xec, 0xc5, 0x1b, - 0xf2, 0xf7, 0xe1, 0x22, 0x31, 0x8e, 0x61, 0xf9, 0x80, 0x45, 0x62, 0x50, 0x22, 0xaa, 0xe3, 0xc7, - 0x1e, 0x46, 0x22, 0x66, 0x14, 0x38, 0x21, 0xfa, 0x42, 0x75, 0xa2, 0x6e, 0xf4, 0x1e, 0x40, 0xe0, - 0xb8, 0xd8, 0x14, 0xfc, 0x18, 0xd3, 0x56, 0xe6, 0x62, 0xcb, 0xdb, 0xd8, 0x40, 0x57, 0x40, 0x5e, - 0x9a, 0x11, 0x3b, 0x45, 0xd9, 0xcb, 0x4c, 0xfd, 0x66, 0x6c, 0x38, 0x64, 0xa7, 0x68, 0x9c, 0x80, - 0x36, 0x0c, 0x16, 0x05, 0xdc, 0x8f, 0x90, 0x6e, 0xc3, 0xac, 0x5a, 0x51, 0x99, 0x54, 0xa6, 0xaa, - 0xf3, 0xf6, 0xea, 0x55, 0x7d, 0xd6, 0xd3, 0x60, 0xba, 0x0e, 0x25, 0x1f, 0x4f, 0x44, 0x73, 0x84, - 0xd2, 0xed, 0xd8, 0x5c, 0x4b, 0x69, 0x19, 0xdb, 0xb0, 0xb4, 0x8f, 0x97, 0xc0, 0x69, 0x93, 0x6b, - 0x30, 0x9f, 0x54, 0x6a, 0x66, 0x76, 0x06, 0x89, 0xe9, 0x8d, 0xd3, 0x45, 0xa3, 0x03, 0xda, 0x5e, - 0x88, 0x8e, 0xc0, 0x91, 0xd4, 0xff, 0xcd, 0xe7, 0x31, 0x14, 0x93, 0x7c, 0x49, 0x64, 0x5c, 0x23, - 0x2a, 0xd6, 0xe0, 0xa0, 0xbd, 0x0b, 0xda, 0x79, 0x38, 0xe3, 0x28, 0x5e, 0x13, 0xf0, 0x29, 0x68, - 0x2f, 0xd1, 0xc3, 0x6b, 0x00, 0xda, 0xbf, 0x67, 0x60, 0x51, 0xed, 0xef, 0x10, 0xc3, 0x3e, 0x6b, - 0x61, 0xc3, 0xa6, 0x5f, 0x09, 0x2c, 0xfc, 0xbb, 0x5b, 0x5a, 0xcd, 0x23, 0x92, 0xa7, 0x35, 0x7d, - 0x73, 0x82, 0xc8, 0x44, 0x28, 0xc6, 0xc6, 0xf9, 0xaf, 0x3f, 0xdf, 0x0b, 0xf7, 0xe9, 0x5a, 0xfc, - 0xef, 0xfe, 0x9c, 0xcc, 0xfc, 0x45, 0x10, 0xf2, 0x0f, 0xd8, 0x12, 0x91, 0xb5, 0x75, 0x66, 0xa5, - 0xca, 0xb8, 0x20, 0x70, 0x2b, 0xbb, 0x72, 0xba, 0x9e, 0x03, 0x92, 0xa3, 0x09, 0xfd, 0xca, 0xf9, - 0x19, 0xa6, 0xc4, 0xaf, 0xd2, 0x75, 0x89, 0x9f, 0x19, 0x54, 0x86, 0x44, 0xca, 0xc1, 0xda, 0x3a, - 0xa3, 0x5f, 0x08, 0x94, 0x86, 0x14, 0x44, 0xf3, 0xda, 0xcd, 0x57, 0xd9, 0x18, 0x32, 0x96, 0x24, - 0xb3, 0x69, 0x8c, 0x1b, 0xc6, 0x33, 0xb5, 0x75, 0xfa, 0x8d, 0x40, 0x69, 0x48, 0x67, 0xb9, 0x6c, - 0xf2, 0xb5, 0x38, 0x86, 0xcd, 0xb6, 0x64, 0xf3, 0x40, 0x9f, 0x70, 0x34, 0x03, 0x52, 0x17, 0x04, - 0x4a, 0x43, 0x5a, 0xcc, 0x25, 0x95, 0xaf, 0x57, 0x5d, 0x4b, 0x43, 0xd3, 0xc7, 0xd9, 0x7c, 0x15, - 0x3f, 0xce, 0xe9, 0xa6, 0xb6, 0x26, 0xa4, 0xb3, 0x7b, 0x4e, 0x60, 0xb9, 0xc5, 0xbb, 0xa3, 0xc0, - 0xbb, 0x4b, 0x07, 0xc9, 0x59, 0x69, 0xb1, 0x16, 0xe3, 0xd4, 0xc8, 0xfb, 0x27, 0x2a, 0xd2, 0xe5, - 0x9e, 0xe3, 0xbb, 0x26, 0x0f, 0x5d, 0xcb, 0x45, 0x5f, 0xb2, 0xb0, 0x12, 0x97, 0x13, 0xb0, 0x28, - 0xf3, 0x35, 0x7a, 0xae, 0x8e, 0x3f, 0x0a, 0x77, 0xf7, 0x93, 0xd4, 0x3d, 0x8f, 0xf7, 0xda, 0xa6, - 0x2a, 0x6f, 0x36, 0xec, 0xa3, 0xa2, 0x4c, 0x7f, 0xf4, 0x37, 0x00, 0x00, 0xff, 0xff, 0x52, 0x8b, - 0x69, 0xfe, 0xcb, 0x06, 0x00, 0x00, + // 665 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x55, 0x4f, 0x4f, 0x13, 0x41, + 0x14, 0x77, 0x0a, 0x14, 0x79, 0x28, 0xc5, 0x21, 0x94, 0xa6, 0x40, 0xa8, 0x7b, 0x80, 0xc2, 0x61, + 0x57, 0x57, 0x43, 0xfc, 0x13, 0x0f, 0x80, 0x86, 0x0b, 0x1a, 0x52, 0xb4, 0x07, 0x2f, 0xcd, 0xd2, + 0x3e, 0x36, 0x23, 0xed, 0xce, 0xba, 0x33, 0x6d, 0x10, 0xc3, 0x85, 0x70, 0x33, 0xf1, 0xa0, 0xdf, + 0xc2, 0x8f, 0xe0, 0xd7, 0xd0, 0x8f, 0xe0, 0x07, 0x31, 0x3b, 0x33, 0x0b, 0x6b, 0xbb, 0xd2, 0x86, + 0x53, 0x67, 0xde, 0xef, 0xbd, 0xfd, 0xfd, 0xde, 0x7b, 0xbf, 0x4c, 0x61, 0xcd, 0xe7, 0xdc, 0x6f, + 0xa3, 0xd3, 0xe6, 0xbe, 0xcf, 0x02, 0xdf, 0xe9, 0xb9, 0xc9, 0xb1, 0xd1, 0x41, 0x19, 0xb1, 0xa6, + 0xb0, 0xc3, 0x88, 0x4b, 0x4e, 0xef, 0xe9, 0x44, 0xdb, 0xa0, 0x76, 0xcf, 0x2d, 0x2f, 0x99, 0x5a, + 0x2f, 0x64, 0x8e, 0x17, 0x04, 0x5c, 0x7a, 0x92, 0xf1, 0xc0, 0x14, 0x94, 0x97, 0x53, 0x68, 0x8b, + 0x09, 0x19, 0xb1, 0xc3, 0x6e, 0x8c, 0x1b, 0x78, 0x21, 0x05, 0x6b, 0x26, 0x03, 0x2c, 0x1a, 0x40, + 0xdd, 0x0e, 0xbb, 0x47, 0x0e, 0x76, 0x42, 0xf9, 0x49, 0x83, 0xd6, 0x4f, 0x02, 0x53, 0x7b, 0xdc, + 0x7f, 0xad, 0x0a, 0x28, 0x85, 0xf1, 0xc0, 0xeb, 0x60, 0x89, 0x54, 0x48, 0x75, 0xaa, 0xa6, 0xce, + 0xb4, 0x02, 0xd3, 0x2d, 0x14, 0xcd, 0x88, 0x85, 0x31, 0x59, 0x29, 0xa7, 0xa0, 0x74, 0x88, 0x16, + 0x21, 0x7f, 0xc4, 0xda, 0x12, 0xa3, 0xd2, 0x98, 0x02, 0xcd, 0x8d, 0x6e, 0xc1, 0x64, 0x0f, 0x23, + 0x11, 0x57, 0x8d, 0x57, 0x48, 0x75, 0xc6, 0x5d, 0xb3, 0x07, 0x7a, 0xb6, 0x2f, 0xc9, 0xed, 0xad, + 0x90, 0xd5, 0x75, 0x7a, 0x2d, 0xa9, 0xb3, 0x96, 0x00, 0xae, 0xc2, 0x34, 0x0f, 0xb9, 0xba, 0x3b, + 0x7b, 0x4b, 0xfd, 0x3e, 0x9c, 0x25, 0xd6, 0x31, 0xcc, 0xef, 0x31, 0x21, 0x2f, 0x3f, 0x21, 0x6a, + 0xf8, 0xb1, 0x8b, 0x42, 0xc6, 0x8a, 0x42, 0x2f, 0xc2, 0x40, 0x9a, 0x4e, 0xcc, 0x8d, 0x2e, 0x03, + 0x84, 0x9e, 0x8f, 0x0d, 0xc9, 0x8f, 0x31, 0x69, 0x65, 0x2a, 0x8e, 0xbc, 0x8d, 0x03, 0x74, 0x11, + 0xd4, 0xa5, 0x21, 0xd8, 0x29, 0xaa, 0x5e, 0x26, 0x6a, 0xb7, 0xe3, 0xc0, 0x01, 0x3b, 0x45, 0xeb, + 0x04, 0x8a, 0xfd, 0x64, 0x22, 0xe4, 0x81, 0x40, 0xba, 0x09, 0x93, 0x66, 0xb5, 0x25, 0x52, 0x19, + 0xab, 0x4e, 0xbb, 0x4b, 0xd7, 0xf5, 0x59, 0x4b, 0x92, 0xe9, 0x2a, 0x14, 0x02, 0x3c, 0x91, 0x8d, + 0x01, 0x49, 0x77, 0xe3, 0xf0, 0x7e, 0x22, 0xcb, 0xda, 0x84, 0xb9, 0x5d, 0xbc, 0x22, 0x4e, 0x9a, + 0x5c, 0x81, 0x69, 0xfd, 0xa5, 0x46, 0x6a, 0x67, 0xa0, 0x43, 0x6f, 0xbc, 0x0e, 0x5a, 0x47, 0x50, + 0xdc, 0x89, 0xd0, 0x93, 0x38, 0x50, 0xfa, 0xbf, 0xf9, 0x3c, 0x86, 0xbc, 0xae, 0x57, 0x42, 0x86, + 0x35, 0x62, 0x72, 0x2d, 0x0e, 0xc5, 0x77, 0x61, 0x2b, 0x8b, 0x67, 0x98, 0xc4, 0x1b, 0x12, 0x3e, + 0x85, 0xe2, 0x4b, 0x6c, 0xe3, 0x0d, 0x08, 0xdd, 0xdf, 0x13, 0x30, 0x6b, 0xf6, 0x77, 0x80, 0x51, + 0x8f, 0x35, 0xb1, 0xee, 0xd2, 0xaf, 0x04, 0x66, 0xfe, 0xdd, 0x2d, 0xad, 0x66, 0x09, 0xc9, 0xf2, + 0x5a, 0x79, 0x7d, 0x84, 0x4c, 0x6d, 0x14, 0x6b, 0xed, 0xfc, 0xd7, 0x9f, 0xef, 0xb9, 0xfb, 0x74, + 0x25, 0x7e, 0x15, 0x3e, 0xeb, 0x99, 0xbf, 0x08, 0x23, 0xfe, 0x01, 0x9b, 0x52, 0x38, 0x1b, 0x67, + 0x4e, 0xe2, 0x8c, 0x0b, 0x02, 0x77, 0xd2, 0x2b, 0xa7, 0xab, 0x19, 0x24, 0x19, 0x9e, 0x28, 0x5f, + 0x3b, 0x3f, 0xcb, 0x56, 0xfc, 0x55, 0xba, 0xaa, 0xf8, 0x53, 0x83, 0x4a, 0x89, 0x48, 0x34, 0x38, + 0x1b, 0x67, 0xf4, 0x0b, 0x81, 0x42, 0x9f, 0x83, 0x68, 0x56, 0xbb, 0xd9, 0x2e, 0x1b, 0x22, 0xc6, + 0x51, 0x62, 0xd6, 0xad, 0x61, 0xc3, 0x78, 0x66, 0xb6, 0x4e, 0xbf, 0x11, 0x28, 0xf4, 0xf9, 0x2c, + 0x53, 0x4d, 0xb6, 0x17, 0x87, 0xa8, 0xd9, 0x54, 0x6a, 0x1e, 0x94, 0x47, 0x1c, 0xcd, 0xa5, 0xa8, + 0x0b, 0x02, 0x85, 0x3e, 0x2f, 0x66, 0x8a, 0xca, 0xf6, 0x6b, 0xb9, 0x98, 0xa4, 0x26, 0x8f, 0xb3, + 0xfd, 0x2a, 0x7e, 0x9c, 0x93, 0x4d, 0x6d, 0x8c, 0x28, 0x67, 0xfb, 0x9c, 0xc0, 0x7c, 0x93, 0x77, + 0x06, 0x89, 0xb7, 0xe7, 0xf6, 0xf4, 0xd9, 0x78, 0x71, 0x3f, 0xe6, 0xd9, 0x27, 0xef, 0x9f, 0x98, + 0x4c, 0x9f, 0xb7, 0xbd, 0xc0, 0xb7, 0x79, 0xe4, 0x3b, 0x3e, 0x06, 0x4a, 0x85, 0xa3, 0x21, 0x2f, + 0x64, 0x22, 0xf5, 0x2f, 0xf6, 0xdc, 0x1c, 0x7f, 0xe4, 0x16, 0x76, 0x75, 0xe9, 0x4e, 0x9b, 0x77, + 0x5b, 0xb6, 0xf9, 0xbc, 0x5d, 0x77, 0x0f, 0xf3, 0xaa, 0xfc, 0xd1, 0xdf, 0x00, 0x00, 0x00, 0xff, + 0xff, 0x22, 0xd3, 0x7f, 0x20, 0x03, 0x07, 0x00, 0x00, } diff --git a/components/engine/vendor/google.golang.org/grpc/README.md b/components/engine/vendor/google.golang.org/grpc/README.md index 110a8cf425..ae0236f92f 100644 --- a/components/engine/vendor/google.golang.org/grpc/README.md +++ b/components/engine/vendor/google.golang.org/grpc/README.md @@ -1,4 +1,4 @@ -#gRPC-Go +# gRPC-Go [![Build Status](https://travis-ci.org/grpc/grpc-go.svg)](https://travis-ci.org/grpc/grpc-go) [![GoDoc](https://godoc.org/google.golang.org/grpc?status.svg)](https://godoc.org/google.golang.org/grpc) @@ -16,7 +16,7 @@ $ go get google.golang.org/grpc Prerequisites ------------- -This requires Go 1.5 or later. +This requires Go 1.6 or later. Constraints ----------- @@ -30,3 +30,12 @@ Status ------ GA +FAQ +--- + +#### Compiling error, undefined: grpc.SupportPackageIsVersion + +Please update proto package, gRPC package and rebuild the proto files: + - `go get -u github.com/golang/protobuf/{proto,protoc-gen-go}` + - `go get -u google.golang.org/grpc` + - `protoc --go_out=plugins=grpc:. *.proto` diff --git a/components/engine/vendor/google.golang.org/grpc/call.go b/components/engine/vendor/google.golang.org/grpc/call.go index 772c817edd..af34a71316 100644 --- a/components/engine/vendor/google.golang.org/grpc/call.go +++ b/components/engine/vendor/google.golang.org/grpc/call.go @@ -36,12 +36,14 @@ package grpc import ( "bytes" "io" - "math" "time" "golang.org/x/net/context" "golang.org/x/net/trace" "google.golang.org/grpc/codes" + "google.golang.org/grpc/peer" + "google.golang.org/grpc/stats" + "google.golang.org/grpc/status" "google.golang.org/grpc/transport" ) @@ -49,7 +51,8 @@ import ( // On error, it returns the error and indicates whether the call should be retried. // // TODO(zhaoq): Check whether the received message sequence is valid. -func recvResponse(dopts dialOptions, t transport.ClientTransport, c *callInfo, stream *transport.Stream, reply interface{}) (err error) { +// TODO ctx is used for stats collection and processing. It is the context passed from the application. +func recvResponse(ctx context.Context, dopts dialOptions, t transport.ClientTransport, c *callInfo, stream *transport.Stream, reply interface{}) (err error) { // Try to acquire header metadata from the server if there is any. defer func() { if err != nil { @@ -63,24 +66,34 @@ func recvResponse(dopts dialOptions, t transport.ClientTransport, c *callInfo, s return } p := &parser{r: stream} + var inPayload *stats.InPayload + if dopts.copts.StatsHandler != nil { + inPayload = &stats.InPayload{ + Client: true, + } + } for { - if err = recv(p, dopts.codec, stream, dopts.dc, reply, math.MaxInt32); err != nil { + if err = recv(p, dopts.codec, stream, dopts.dc, reply, dopts.maxMsgSize, inPayload); err != nil { if err == io.EOF { break } return } } + if inPayload != nil && err == io.EOF && stream.Status().Code() == codes.OK { + // TODO in the current implementation, inTrailer may be handled before inPayload in some cases. + // Fix the order if necessary. + dopts.copts.StatsHandler.HandleRPC(ctx, inPayload) + } c.trailerMD = stream.Trailer() + if peer, ok := peer.FromContext(stream.Context()); ok { + c.peer = peer + } return nil } // sendRequest writes out various information of an RPC such as Context and Message. -func sendRequest(ctx context.Context, codec Codec, compressor Compressor, callHdr *transport.CallHdr, t transport.ClientTransport, args interface{}, opts *transport.Options) (_ *transport.Stream, err error) { - stream, err := t.NewStream(ctx, callHdr) - if err != nil { - return nil, err - } +func sendRequest(ctx context.Context, dopts dialOptions, compressor Compressor, callHdr *transport.CallHdr, stream *transport.Stream, t transport.ClientTransport, args interface{}, opts *transport.Options) (err error) { defer func() { if err != nil { // If err is connection error, t will be closed, no need to close stream here. @@ -89,23 +102,35 @@ func sendRequest(ctx context.Context, codec Codec, compressor Compressor, callHd } } }() - var cbuf *bytes.Buffer + var ( + cbuf *bytes.Buffer + outPayload *stats.OutPayload + ) if compressor != nil { cbuf = new(bytes.Buffer) } - outBuf, err := encode(codec, args, compressor, cbuf) + if dopts.copts.StatsHandler != nil { + outPayload = &stats.OutPayload{ + Client: true, + } + } + outBuf, err := encode(dopts.codec, args, compressor, cbuf, outPayload) if err != nil { - return nil, Errorf(codes.Internal, "grpc: %v", err) + return Errorf(codes.Internal, "grpc: %v", err) } err = t.Write(stream, outBuf, opts) + if err == nil && outPayload != nil { + outPayload.SentTime = time.Now() + dopts.copts.StatsHandler.HandleRPC(ctx, outPayload) + } // t.NewStream(...) could lead to an early rejection of the RPC (e.g., the service/method // does not exist.) so that t.Write could get io.EOF from wait(...). Leave the following // recvResponse to get the final status. if err != nil && err != io.EOF { - return nil, err + return err } // Sent successfully. - return stream, nil + return nil } // Invoke sends the RPC request on the wire and returns after response is received. @@ -118,8 +143,16 @@ func Invoke(ctx context.Context, method string, args, reply interface{}, cc *Cli return invoke(ctx, method, args, reply, cc, opts...) } -func invoke(ctx context.Context, method string, args, reply interface{}, cc *ClientConn, opts ...CallOption) (err error) { +func invoke(ctx context.Context, method string, args, reply interface{}, cc *ClientConn, opts ...CallOption) (e error) { c := defaultCallInfo + if mc, ok := cc.getMethodConfig(method); ok { + c.failFast = !mc.WaitForReady + if mc.Timeout > 0 { + var cancel context.CancelFunc + ctx, cancel = context.WithTimeout(ctx, mc.Timeout) + defer cancel() + } + } for _, o := range opts { if err := o.before(&c); err != nil { return toRPCErr(err) @@ -140,12 +173,33 @@ func invoke(ctx context.Context, method string, args, reply interface{}, cc *Cli c.traceInfo.tr.LazyLog(&c.traceInfo.firstLine, false) // TODO(dsymonds): Arrange for c.traceInfo.firstLine.remoteAddr to be set. defer func() { - if err != nil { - c.traceInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true) + if e != nil { + c.traceInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{e}}, true) c.traceInfo.tr.SetError() } }() } + ctx = newContextWithRPCInfo(ctx) + sh := cc.dopts.copts.StatsHandler + if sh != nil { + ctx = sh.TagRPC(ctx, &stats.RPCTagInfo{FullMethodName: method}) + begin := &stats.Begin{ + Client: true, + BeginTime: time.Now(), + FailFast: c.failFast, + } + sh.HandleRPC(ctx, begin) + } + defer func() { + if sh != nil { + end := &stats.End{ + Client: true, + EndTime: time.Now(), + Error: e, + } + sh.HandleRPC(ctx, end) + } + }() topts := &transport.Options{ Last: true, Delay: false, @@ -167,13 +221,14 @@ func invoke(ctx context.Context, method string, args, reply interface{}, cc *Cli if cc.dopts.cp != nil { callHdr.SendCompress = cc.dopts.cp.Type() } + gopts := BalancerGetOptions{ BlockingWait: !c.failFast, } t, put, err = cc.getTransport(ctx, gopts) if err != nil { // TODO(zhaoq): Probably revisit the error handling. - if _, ok := err.(*rpcError); ok { + if _, ok := status.FromError(err); ok { return err } if err == errConnClosing || err == errConnUnavailable { @@ -188,33 +243,49 @@ func invoke(ctx context.Context, method string, args, reply interface{}, cc *Cli if c.traceInfo.tr != nil { c.traceInfo.tr.LazyLog(&payload{sent: true, msg: args}, true) } - stream, err = sendRequest(ctx, cc.dopts.codec, cc.dopts.cp, callHdr, t, args, topts) + stream, err = t.NewStream(ctx, callHdr) if err != nil { if put != nil { - put() - put = nil - } - // Retry a non-failfast RPC when - // i) there is a connection error; or - // ii) the server started to drain before this RPC was initiated. - if _, ok := err.(transport.ConnectionError); ok || err == transport.ErrStreamDrain { - if c.failFast { - return toRPCErr(err) + if _, ok := err.(transport.ConnectionError); ok { + // If error is connection error, transport was sending data on wire, + // and we are not sure if anything has been sent on wire. + // If error is not connection error, we are sure nothing has been sent. + updateRPCInfoInContext(ctx, rpcInfo{bytesSent: true, bytesReceived: false}) } + put() + } + if _, ok := err.(transport.ConnectionError); (ok || err == transport.ErrStreamDrain) && !c.failFast { continue } return toRPCErr(err) } - err = recvResponse(cc.dopts, t, &c, stream, reply) + err = sendRequest(ctx, cc.dopts, cc.dopts.cp, callHdr, stream, t, args, topts) if err != nil { if put != nil { + updateRPCInfoInContext(ctx, rpcInfo{ + bytesSent: stream.BytesSent(), + bytesReceived: stream.BytesReceived(), + }) put() - put = nil } - if _, ok := err.(transport.ConnectionError); ok || err == transport.ErrStreamDrain { - if c.failFast { - return toRPCErr(err) - } + // Retry a non-failfast RPC when + // i) there is a connection error; or + // ii) the server started to drain before this RPC was initiated. + if _, ok := err.(transport.ConnectionError); (ok || err == transport.ErrStreamDrain) && !c.failFast { + continue + } + return toRPCErr(err) + } + err = recvResponse(ctx, cc.dopts, t, &c, stream, reply) + if err != nil { + if put != nil { + updateRPCInfoInContext(ctx, rpcInfo{ + bytesSent: stream.BytesSent(), + bytesReceived: stream.BytesReceived(), + }) + put() + } + if _, ok := err.(transport.ConnectionError); (ok || err == transport.ErrStreamDrain) && !c.failFast { continue } return toRPCErr(err) @@ -224,9 +295,12 @@ func invoke(ctx context.Context, method string, args, reply interface{}, cc *Cli } t.CloseStream(stream, nil) if put != nil { + updateRPCInfoInContext(ctx, rpcInfo{ + bytesSent: stream.BytesSent(), + bytesReceived: stream.BytesReceived(), + }) put() - put = nil } - return Errorf(stream.StatusCode(), "%s", stream.StatusDesc()) + return stream.Status().Err() } } diff --git a/components/engine/vendor/google.golang.org/grpc/clientconn.go b/components/engine/vendor/google.golang.org/grpc/clientconn.go index 61674729a7..f542d8bd04 100644 --- a/components/engine/vendor/google.golang.org/grpc/clientconn.go +++ b/components/engine/vendor/google.golang.org/grpc/clientconn.go @@ -36,8 +36,8 @@ package grpc import ( "errors" "fmt" + "math" "net" - "strings" "sync" "time" @@ -45,6 +45,8 @@ import ( "golang.org/x/net/trace" "google.golang.org/grpc/credentials" "google.golang.org/grpc/grpclog" + "google.golang.org/grpc/keepalive" + "google.golang.org/grpc/stats" "google.golang.org/grpc/transport" ) @@ -54,6 +56,8 @@ var ( ErrClientConnClosing = errors.New("grpc: the client connection is closing") // ErrClientConnTimeout indicates that the ClientConn cannot establish the // underlying connections within the specified timeout. + // DEPRECATED: Please use context.DeadlineExceeded instead. This error will be + // removed in Q1 2017. ErrClientConnTimeout = errors.New("grpc: timed out when dialing") // errNoTransportSecurity indicates that there is no transport security @@ -75,7 +79,6 @@ var ( errConnClosing = errors.New("grpc: the connection is closing") // errConnUnavailable indicates that the connection is unavailable. errConnUnavailable = errors.New("grpc: the connection is unavailable") - errNoAddr = errors.New("grpc: there is no address available to dial") // minimum time to give a connection to complete minConnectTimeout = 20 * time.Second ) @@ -83,22 +86,33 @@ var ( // dialOptions configure a Dial call. dialOptions are set by the DialOption // values passed to Dial. type dialOptions struct { - unaryInt UnaryClientInterceptor - streamInt StreamClientInterceptor - codec Codec - cp Compressor - dc Decompressor - bs backoffStrategy - balancer Balancer - block bool - insecure bool - timeout time.Duration - copts transport.ConnectOptions + unaryInt UnaryClientInterceptor + streamInt StreamClientInterceptor + codec Codec + cp Compressor + dc Decompressor + bs backoffStrategy + balancer Balancer + block bool + insecure bool + timeout time.Duration + scChan <-chan ServiceConfig + copts transport.ConnectOptions + maxMsgSize int } +const defaultClientMaxMsgSize = math.MaxInt32 + // DialOption configures how we set up the connection. type DialOption func(*dialOptions) +// WithMaxMsgSize returns a DialOption which sets the maximum message size the client can receive. +func WithMaxMsgSize(s int) DialOption { + return func(o *dialOptions) { + o.maxMsgSize = s + } +} + // WithCodec returns a DialOption which sets a codec for message marshaling and unmarshaling. func WithCodec(c Codec) DialOption { return func(o *dialOptions) { @@ -129,6 +143,13 @@ func WithBalancer(b Balancer) DialOption { } } +// WithServiceConfig returns a DialOption which has a channel to read the service configuration. +func WithServiceConfig(c <-chan ServiceConfig) DialOption { + return func(o *dialOptions) { + o.scChan = c + } +} + // WithBackoffMaxDelay configures the dialer to use the provided maximum delay // when backing off after failed connection attempts. func WithBackoffMaxDelay(md time.Duration) DialOption { @@ -199,6 +220,8 @@ func WithTimeout(d time.Duration) DialOption { } // WithDialer returns a DialOption that specifies a function to use for dialing network addresses. +// If FailOnNonTempDialError() is set to true, and an error is returned by f, gRPC checks the error's +// Temporary() method to decide if it should try to reconnect to the network address. func WithDialer(f func(string, time.Duration) (net.Conn, error)) DialOption { return func(o *dialOptions) { o.copts.Dialer = func(ctx context.Context, addr string) (net.Conn, error) { @@ -210,6 +233,25 @@ func WithDialer(f func(string, time.Duration) (net.Conn, error)) DialOption { } } +// WithStatsHandler returns a DialOption that specifies the stats handler +// for all the RPCs and underlying network connections in this ClientConn. +func WithStatsHandler(h stats.Handler) DialOption { + return func(o *dialOptions) { + o.copts.StatsHandler = h + } +} + +// FailOnNonTempDialError returns a DialOption that specified if gRPC fails on non-temporary dial errors. +// If f is true, and dialer returns a non-temporary error, gRPC will fail the connection to the network +// address and won't try to reconnect. +// The default value of FailOnNonTempDialError is false. +// This is an EXPERIMENTAL API. +func FailOnNonTempDialError(f bool) DialOption { + return func(o *dialOptions) { + o.copts.FailOnNonTempDialError = f + } +} + // WithUserAgent returns a DialOption that specifies a user agent string for all the RPCs. func WithUserAgent(s string) DialOption { return func(o *dialOptions) { @@ -217,6 +259,13 @@ func WithUserAgent(s string) DialOption { } } +// WithKeepaliveParams returns a DialOption that specifies keepalive paramaters for the client transport. +func WithKeepaliveParams(kp keepalive.ClientParameters) DialOption { + return func(o *dialOptions) { + o.copts.KeepaliveParams = kp + } +} + // WithUnaryInterceptor returns a DialOption that specifies the interceptor for unary RPCs. func WithUnaryInterceptor(f UnaryClientInterceptor) DialOption { return func(o *dialOptions) { @@ -231,6 +280,15 @@ func WithStreamInterceptor(f StreamClientInterceptor) DialOption { } } +// WithAuthority returns a DialOption that specifies the value to be used as +// the :authority pseudo-header. This value only works with WithInsecure and +// has no effect if TransportCredentials are present. +func WithAuthority(a string) DialOption { + return func(o *dialOptions) { + o.copts.Authority = a + } +} + // Dial creates a client connection to the given target. func Dial(target string, opts ...DialOption) (*ClientConn, error) { return DialContext(context.Background(), target, opts...) @@ -247,6 +305,32 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn * conns: make(map[Address]*addrConn), } cc.ctx, cc.cancel = context.WithCancel(context.Background()) + cc.dopts.maxMsgSize = defaultClientMaxMsgSize + for _, opt := range opts { + opt(&cc.dopts) + } + cc.mkp = cc.dopts.copts.KeepaliveParams + + if cc.dopts.copts.Dialer == nil { + cc.dopts.copts.Dialer = newProxyDialer( + func(ctx context.Context, addr string) (net.Conn, error) { + return dialContext(ctx, "tcp", addr) + }, + ) + } + + if cc.dopts.copts.UserAgent != "" { + cc.dopts.copts.UserAgent += " " + grpcUA + } else { + cc.dopts.copts.UserAgent = grpcUA + } + + if cc.dopts.timeout > 0 { + var cancel context.CancelFunc + ctx, cancel = context.WithTimeout(ctx, cc.dopts.timeout) + defer cancel() + } + defer func() { select { case <-ctx.Done(): @@ -259,10 +343,17 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn * } }() - for _, opt := range opts { - opt(&cc.dopts) + if cc.dopts.scChan != nil { + // Wait for the initial service config. + select { + case sc, ok := <-cc.dopts.scChan: + if ok { + cc.sc = sc + } + case <-ctx.Done(): + return nil, ctx.Err() + } } - // Set defaults. if cc.dopts.codec == nil { cc.dopts.codec = protoCodec{} @@ -273,21 +364,18 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn * creds := cc.dopts.copts.TransportCredentials if creds != nil && creds.Info().ServerName != "" { cc.authority = creds.Info().ServerName + } else if cc.dopts.insecure && cc.dopts.copts.Authority != "" { + cc.authority = cc.dopts.copts.Authority } else { - colonPos := strings.LastIndex(target, ":") - if colonPos == -1 { - colonPos = len(target) - } - cc.authority = target[:colonPos] + cc.authority = target } - var ok bool waitC := make(chan error, 1) go func() { - var addrs []Address - if cc.dopts.balancer == nil { - // Connect to target directly if balancer is nil. - addrs = append(addrs, Address{Addr: target}) - } else { + defer close(waitC) + if cc.dopts.balancer == nil && cc.sc.LB != nil { + cc.dopts.balancer = cc.sc.LB + } + if cc.dopts.balancer != nil { var credsClone credentials.TransportCredentials if creds != nil { credsClone = creds.Clone() @@ -300,29 +388,23 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn * return } ch := cc.dopts.balancer.Notify() - if ch == nil { - // There is no name resolver installed. - addrs = append(addrs, Address{Addr: target}) - } else { - addrs, ok = <-ch - if !ok || len(addrs) == 0 { - waitC <- errNoAddr - return + if ch != nil { + if cc.dopts.block { + doneChan := make(chan struct{}) + go cc.lbWatcher(doneChan) + <-doneChan + } else { + go cc.lbWatcher(nil) } - } - } - for _, a := range addrs { - if err := cc.resetAddrConn(a, false, nil); err != nil { - waitC <- err return } } - close(waitC) + // No balancer, or no resolver within the balancer. Connect directly. + if err := cc.resetAddrConn(Address{Addr: target}, cc.dopts.block, nil); err != nil { + waitC <- err + return + } }() - var timeoutCh <-chan time.Time - if cc.dopts.timeout > 0 { - timeoutCh = time.After(cc.dopts.timeout) - } select { case <-ctx.Done(): return nil, ctx.Err() @@ -330,14 +412,12 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn * if err != nil { return nil, err } - case <-timeoutCh: - return nil, ErrClientConnTimeout } - // If balancer is nil or balancer.Notify() is nil, ok will be false here. - // The lbWatcher goroutine will not be created. - if ok { - go cc.lbWatcher() + + if cc.dopts.scChan != nil { + go cc.scWatcher() } + return cc, nil } @@ -384,10 +464,16 @@ type ClientConn struct { dopts dialOptions mu sync.RWMutex + sc ServiceConfig conns map[Address]*addrConn + // Keepalive parameter can be udated if a GoAway is received. + mkp keepalive.ClientParameters } -func (cc *ClientConn) lbWatcher() { +// lbWatcher watches the Notify channel of the balancer in cc and manages +// connections accordingly. If doneChan is not nil, it is closed after the +// first successfull connection is made. +func (cc *ClientConn) lbWatcher(doneChan chan struct{}) { for addrs := range cc.dopts.balancer.Notify() { var ( add []Address // Addresses need to setup connections. @@ -414,7 +500,15 @@ func (cc *ClientConn) lbWatcher() { } cc.mu.Unlock() for _, a := range add { - cc.resetAddrConn(a, true, nil) + if doneChan != nil { + err := cc.resetAddrConn(a, true, nil) + if err == nil { + close(doneChan) + doneChan = nil + } + } else { + cc.resetAddrConn(a, false, nil) + } } for _, c := range del { c.tearDown(errConnDrain) @@ -422,15 +516,36 @@ func (cc *ClientConn) lbWatcher() { } } +func (cc *ClientConn) scWatcher() { + for { + select { + case sc, ok := <-cc.dopts.scChan: + if !ok { + return + } + cc.mu.Lock() + // TODO: load balance policy runtime change is ignored. + // We may revist this decision in the future. + cc.sc = sc + cc.mu.Unlock() + case <-cc.ctx.Done(): + return + } + } +} + // resetAddrConn creates an addrConn for addr and adds it to cc.conns. // If there is an old addrConn for addr, it will be torn down, using tearDownErr as the reason. // If tearDownErr is nil, errConnDrain will be used instead. -func (cc *ClientConn) resetAddrConn(addr Address, skipWait bool, tearDownErr error) error { +func (cc *ClientConn) resetAddrConn(addr Address, block bool, tearDownErr error) error { ac := &addrConn{ cc: cc, addr: addr, dopts: cc.dopts, } + cc.mu.RLock() + ac.dopts.copts.KeepaliveParams = cc.mkp + cc.mu.RUnlock() ac.ctx, ac.cancel = context.WithCancel(cc.ctx) ac.stateCV = sync.NewCond(&ac.mu) if EnableTracing { @@ -475,8 +590,7 @@ func (cc *ClientConn) resetAddrConn(addr Address, skipWait bool, tearDownErr err stale.tearDown(tearDownErr) } } - // skipWait may overwrite the decision in ac.dopts.block. - if ac.dopts.block && !skipWait { + if block { if err := ac.resetTransport(false); err != nil { if err != errConnClosing { // Tear down ac and delete it from cc.conns. @@ -509,6 +623,14 @@ func (cc *ClientConn) resetAddrConn(addr Address, skipWait bool, tearDownErr err return nil } +// TODO: Avoid the locking here. +func (cc *ClientConn) getMethodConfig(method string) (m MethodConfig, ok bool) { + cc.mu.RLock() + defer cc.mu.RUnlock() + m, ok = cc.sc.Methods[method] + return +} + func (cc *ClientConn) getTransport(ctx context.Context, opts BalancerGetOptions) (transport.ClientTransport, func(), error) { var ( ac *addrConn @@ -547,6 +669,7 @@ func (cc *ClientConn) getTransport(ctx context.Context, opts BalancerGetOptions) } if !ok { if put != nil { + updateRPCInfoInContext(ctx, rpcInfo{bytesSent: false, bytesReceived: false}) put() } return nil, nil, errConnClosing @@ -554,6 +677,7 @@ func (cc *ClientConn) getTransport(ctx context.Context, opts BalancerGetOptions) t, err := ac.wait(ctx, cc.dopts.balancer != nil, !opts.BlockingWait) if err != nil { if put != nil { + updateRPCInfoInContext(ctx, rpcInfo{bytesSent: false, bytesReceived: false}) put() } return nil, nil, err @@ -605,6 +729,20 @@ type addrConn struct { tearDownErr error } +// adjustParams updates parameters used to create transports upon +// receiving a GoAway. +func (ac *addrConn) adjustParams(r transport.GoAwayReason) { + switch r { + case transport.TooManyPings: + v := 2 * ac.dopts.copts.KeepaliveParams.Time + ac.cc.mu.Lock() + if v > ac.cc.mkp.Time { + ac.cc.mkp.Time = v + } + ac.cc.mu.Unlock() + } +} + // printf records an event in ac's event log, unless ac has been closed. // REQUIRES ac.mu is held. func (ac *addrConn) printf(format string, a ...interface{}) { @@ -689,6 +827,8 @@ func (ac *addrConn) resetTransport(closeTransport bool) error { Metadata: ac.addr.Metadata, } newTransport, err := transport.NewClientTransport(ctx, sinfo, ac.dopts.copts) + // Don't call cancel in success path due to a race in Go 1.6: + // https://github.com/golang/go/issues/15078. if err != nil { cancel() @@ -759,6 +899,7 @@ func (ac *addrConn) transportMonitor() { } return case <-t.GoAway(): + ac.adjustParams(t.GetGoAwayReason()) // If GoAway happens without any network I/O error, ac is closed without shutting down the // underlying transport (the transport will be closed when all the pending RPCs finished or // failed.). @@ -767,9 +908,9 @@ func (ac *addrConn) transportMonitor() { // In both cases, a new ac is created. select { case <-t.Error(): - ac.cc.resetAddrConn(ac.addr, true, errNetworkIO) + ac.cc.resetAddrConn(ac.addr, false, errNetworkIO) default: - ac.cc.resetAddrConn(ac.addr, true, errConnDrain) + ac.cc.resetAddrConn(ac.addr, false, errConnDrain) } return case <-t.Error(): @@ -778,7 +919,8 @@ func (ac *addrConn) transportMonitor() { t.Close() return case <-t.GoAway(): - ac.cc.resetAddrConn(ac.addr, true, errNetworkIO) + ac.adjustParams(t.GetGoAwayReason()) + ac.cc.resetAddrConn(ac.addr, false, errNetworkIO) return default: } diff --git a/components/engine/vendor/google.golang.org/grpc/codec.go b/components/engine/vendor/google.golang.org/grpc/codec.go new file mode 100644 index 0000000000..bd76ebb7f1 --- /dev/null +++ b/components/engine/vendor/google.golang.org/grpc/codec.go @@ -0,0 +1,118 @@ +/* +* + * Copyright 2014, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * +*/ + +package grpc + +import ( + "math" + "sync" + + "github.com/golang/protobuf/proto" +) + +// Codec defines the interface gRPC uses to encode and decode messages. +// Note that implementations of this interface must be thread safe; +// a Codec's methods can be called from concurrent goroutines. +type Codec interface { + // Marshal returns the wire format of v. + Marshal(v interface{}) ([]byte, error) + // Unmarshal parses the wire format into v. + Unmarshal(data []byte, v interface{}) error + // String returns the name of the Codec implementation. The returned + // string will be used as part of content type in transmission. + String() string +} + +// protoCodec is a Codec implementation with protobuf. It is the default codec for gRPC. +type protoCodec struct { +} + +type cachedProtoBuffer struct { + lastMarshaledSize uint32 + proto.Buffer +} + +func capToMaxInt32(val int) uint32 { + if val > math.MaxInt32 { + return uint32(math.MaxInt32) + } + return uint32(val) +} + +func (p protoCodec) marshal(v interface{}, cb *cachedProtoBuffer) ([]byte, error) { + protoMsg := v.(proto.Message) + newSlice := make([]byte, 0, cb.lastMarshaledSize) + + cb.SetBuf(newSlice) + cb.Reset() + if err := cb.Marshal(protoMsg); err != nil { + return nil, err + } + out := cb.Bytes() + cb.lastMarshaledSize = capToMaxInt32(len(out)) + return out, nil +} + +func (p protoCodec) Marshal(v interface{}) ([]byte, error) { + cb := protoBufferPool.Get().(*cachedProtoBuffer) + out, err := p.marshal(v, cb) + + // put back buffer and lose the ref to the slice + cb.SetBuf(nil) + protoBufferPool.Put(cb) + return out, err +} + +func (p protoCodec) Unmarshal(data []byte, v interface{}) error { + cb := protoBufferPool.Get().(*cachedProtoBuffer) + cb.SetBuf(data) + err := cb.Unmarshal(v.(proto.Message)) + cb.SetBuf(nil) + protoBufferPool.Put(cb) + return err +} + +func (protoCodec) String() string { + return "proto" +} + +var ( + protoBufferPool = &sync.Pool{ + New: func() interface{} { + return &cachedProtoBuffer{ + Buffer: proto.Buffer{}, + lastMarshaledSize: 16, + } + }, + } +) diff --git a/components/engine/vendor/google.golang.org/grpc/credentials/credentials.go b/components/engine/vendor/google.golang.org/grpc/credentials/credentials.go index 5555ef024f..a8114d6713 100644 --- a/components/engine/vendor/google.golang.org/grpc/credentials/credentials.go +++ b/components/engine/vendor/google.golang.org/grpc/credentials/credentials.go @@ -102,6 +102,10 @@ type TransportCredentials interface { // authentication protocol on rawConn for clients. It returns the authenticated // connection and the corresponding auth information about the connection. // Implementations must use the provided context to implement timely cancellation. + // gRPC will try to reconnect if the error returned is a temporary error + // (io.EOF, context.DeadlineExceeded or err.Temporary() == true). + // If the returned error is a wrapper error, implementations should make sure that + // the error implements Temporary() to have the correct retry behaviors. ClientHandshake(context.Context, string, net.Conn) (net.Conn, AuthInfo, error) // ServerHandshake does the authentication handshake for servers. It returns // the authenticated connection and the corresponding auth information about @@ -165,9 +169,7 @@ func (c *tlsCreds) ClientHandshake(ctx context.Context, addr string, rawConn net case <-ctx.Done(): return nil, nil, ctx.Err() } - // TODO(zhaoq): Omit the auth info for client now. It is more for - // information than anything else. - return conn, nil, nil + return conn, TLSInfo{conn.ConnectionState()}, nil } func (c *tlsCreds) ServerHandshake(rawConn net.Conn) (net.Conn, AuthInfo, error) { diff --git a/components/engine/vendor/google.golang.org/grpc/credentials/credentials_util_go17.go b/components/engine/vendor/google.golang.org/grpc/credentials/credentials_util_go17.go index 9647b9ec83..7597b09e35 100644 --- a/components/engine/vendor/google.golang.org/grpc/credentials/credentials_util_go17.go +++ b/components/engine/vendor/google.golang.org/grpc/credentials/credentials_util_go17.go @@ -1,4 +1,5 @@ // +build go1.7 +// +build !go1.8 /* * @@ -44,8 +45,6 @@ import ( // contains a mutex and must not be copied. // // If cfg is nil, a new zero tls.Config is returned. -// -// TODO replace this function with official clone function. func cloneTLSConfig(cfg *tls.Config) *tls.Config { if cfg == nil { return &tls.Config{} diff --git a/components/engine/vendor/google.golang.org/grpc/credentials/credentials_util_go18.go b/components/engine/vendor/google.golang.org/grpc/credentials/credentials_util_go18.go new file mode 100644 index 0000000000..0ecf342da8 --- /dev/null +++ b/components/engine/vendor/google.golang.org/grpc/credentials/credentials_util_go18.go @@ -0,0 +1,53 @@ +// +build go1.8 + +/* + * + * Copyright 2017, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +package credentials + +import ( + "crypto/tls" +) + +// cloneTLSConfig returns a shallow clone of the exported +// fields of cfg, ignoring the unexported sync.Once, which +// contains a mutex and must not be copied. +// +// If cfg is nil, a new zero tls.Config is returned. +func cloneTLSConfig(cfg *tls.Config) *tls.Config { + if cfg == nil { + return &tls.Config{} + } + + return cfg.Clone() +} diff --git a/components/engine/vendor/google.golang.org/grpc/credentials/credentials_util_pre_go17.go b/components/engine/vendor/google.golang.org/grpc/credentials/credentials_util_pre_go17.go index 09b8d12c79..cfd40dfa34 100644 --- a/components/engine/vendor/google.golang.org/grpc/credentials/credentials_util_pre_go17.go +++ b/components/engine/vendor/google.golang.org/grpc/credentials/credentials_util_pre_go17.go @@ -44,8 +44,6 @@ import ( // contains a mutex and must not be copied. // // If cfg is nil, a new zero tls.Config is returned. -// -// TODO replace this function with official clone function. func cloneTLSConfig(cfg *tls.Config) *tls.Config { if cfg == nil { return &tls.Config{} diff --git a/components/engine/vendor/google.golang.org/grpc/go16.go b/components/engine/vendor/google.golang.org/grpc/go16.go new file mode 100644 index 0000000000..b61c57e88d --- /dev/null +++ b/components/engine/vendor/google.golang.org/grpc/go16.go @@ -0,0 +1,56 @@ +// +build go1.6,!go1.7 + +/* + * Copyright 2016, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +package grpc + +import ( + "fmt" + "net" + "net/http" + + "golang.org/x/net/context" +) + +// dialContext connects to the address on the named network. +func dialContext(ctx context.Context, network, address string) (net.Conn, error) { + return (&net.Dialer{Cancel: ctx.Done()}).Dial(network, address) +} + +func sendHTTPRequest(ctx context.Context, req *http.Request, conn net.Conn) error { + req.Cancel = ctx.Done() + if err := req.Write(conn); err != nil { + return fmt.Errorf("failed to write the HTTP request: %v", err) + } + return nil +} diff --git a/components/engine/vendor/google.golang.org/grpc/transport/pre_go16.go b/components/engine/vendor/google.golang.org/grpc/go17.go similarity index 86% rename from components/engine/vendor/google.golang.org/grpc/transport/pre_go16.go rename to components/engine/vendor/google.golang.org/grpc/go17.go index 33d91c17c4..844f0e1899 100644 --- a/components/engine/vendor/google.golang.org/grpc/transport/pre_go16.go +++ b/components/engine/vendor/google.golang.org/grpc/go17.go @@ -1,4 +1,4 @@ -// +build !go1.6 +// +build go1.7 /* * Copyright 2016, Google Inc. @@ -32,20 +32,24 @@ * */ -package transport +package grpc import ( "net" - "time" + "net/http" "golang.org/x/net/context" ) // dialContext connects to the address on the named network. func dialContext(ctx context.Context, network, address string) (net.Conn, error) { - var dialer net.Dialer - if deadline, ok := ctx.Deadline(); ok { - dialer.Timeout = deadline.Sub(time.Now()) - } - return dialer.Dial(network, address) + return (&net.Dialer{}).DialContext(ctx, network, address) +} + +func sendHTTPRequest(ctx context.Context, req *http.Request, conn net.Conn) error { + req = req.WithContext(ctx) + if err := req.Write(conn); err != nil { + return err + } + return nil } diff --git a/components/engine/vendor/google.golang.org/grpc/grpclb.go b/components/engine/vendor/google.golang.org/grpc/grpclb.go new file mode 100644 index 0000000000..524e429df3 --- /dev/null +++ b/components/engine/vendor/google.golang.org/grpc/grpclb.go @@ -0,0 +1,749 @@ +/* + * + * Copyright 2016, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +package grpc + +import ( + "errors" + "fmt" + "math/rand" + "net" + "sync" + "time" + + "golang.org/x/net/context" + "google.golang.org/grpc/codes" + lbpb "google.golang.org/grpc/grpclb/grpc_lb_v1" + "google.golang.org/grpc/grpclog" + "google.golang.org/grpc/metadata" + "google.golang.org/grpc/naming" +) + +// Client API for LoadBalancer service. +// Mostly copied from generated pb.go file. +// To avoid circular dependency. +type loadBalancerClient struct { + cc *ClientConn +} + +func (c *loadBalancerClient) BalanceLoad(ctx context.Context, opts ...CallOption) (*balanceLoadClientStream, error) { + desc := &StreamDesc{ + StreamName: "BalanceLoad", + ServerStreams: true, + ClientStreams: true, + } + stream, err := NewClientStream(ctx, desc, c.cc, "/grpc.lb.v1.LoadBalancer/BalanceLoad", opts...) + if err != nil { + return nil, err + } + x := &balanceLoadClientStream{stream} + return x, nil +} + +type balanceLoadClientStream struct { + ClientStream +} + +func (x *balanceLoadClientStream) Send(m *lbpb.LoadBalanceRequest) error { + return x.ClientStream.SendMsg(m) +} + +func (x *balanceLoadClientStream) Recv() (*lbpb.LoadBalanceResponse, error) { + m := new(lbpb.LoadBalanceResponse) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +// AddressType indicates the address type returned by name resolution. +type AddressType uint8 + +const ( + // Backend indicates the server is a backend server. + Backend AddressType = iota + // GRPCLB indicates the server is a grpclb load balancer. + GRPCLB +) + +// AddrMetadataGRPCLB contains the information the name resolution for grpclb should provide. The +// name resolver used by grpclb balancer is required to provide this type of metadata in +// its address updates. +type AddrMetadataGRPCLB struct { + // AddrType is the type of server (grpc load balancer or backend). + AddrType AddressType + // ServerName is the name of the grpc load balancer. Used for authentication. + ServerName string +} + +// NewGRPCLBBalancer creates a grpclb load balancer. +func NewGRPCLBBalancer(r naming.Resolver) Balancer { + return &balancer{ + r: r, + } +} + +type remoteBalancerInfo struct { + addr string + // the server name used for authentication with the remote LB server. + name string +} + +// grpclbAddrInfo consists of the information of a backend server. +type grpclbAddrInfo struct { + addr Address + connected bool + // dropForRateLimiting indicates whether this particular request should be + // dropped by the client for rate limiting. + dropForRateLimiting bool + // dropForLoadBalancing indicates whether this particular request should be + // dropped by the client for load balancing. + dropForLoadBalancing bool +} + +type balancer struct { + r naming.Resolver + target string + mu sync.Mutex + seq int // a sequence number to make sure addrCh does not get stale addresses. + w naming.Watcher + addrCh chan []Address + rbs []remoteBalancerInfo + addrs []*grpclbAddrInfo + next int + waitCh chan struct{} + done bool + expTimer *time.Timer + rand *rand.Rand + + clientStats lbpb.ClientStats +} + +func (b *balancer) watchAddrUpdates(w naming.Watcher, ch chan []remoteBalancerInfo) error { + updates, err := w.Next() + if err != nil { + return err + } + b.mu.Lock() + defer b.mu.Unlock() + if b.done { + return ErrClientConnClosing + } + for _, update := range updates { + switch update.Op { + case naming.Add: + var exist bool + for _, v := range b.rbs { + // TODO: Is the same addr with different server name a different balancer? + if update.Addr == v.addr { + exist = true + break + } + } + if exist { + continue + } + md, ok := update.Metadata.(*AddrMetadataGRPCLB) + if !ok { + // TODO: Revisit the handling here and may introduce some fallback mechanism. + grpclog.Printf("The name resolution contains unexpected metadata %v", update.Metadata) + continue + } + switch md.AddrType { + case Backend: + // TODO: Revisit the handling here and may introduce some fallback mechanism. + grpclog.Printf("The name resolution does not give grpclb addresses") + continue + case GRPCLB: + b.rbs = append(b.rbs, remoteBalancerInfo{ + addr: update.Addr, + name: md.ServerName, + }) + default: + grpclog.Printf("Received unknow address type %d", md.AddrType) + continue + } + case naming.Delete: + for i, v := range b.rbs { + if update.Addr == v.addr { + copy(b.rbs[i:], b.rbs[i+1:]) + b.rbs = b.rbs[:len(b.rbs)-1] + break + } + } + default: + grpclog.Println("Unknown update.Op ", update.Op) + } + } + // TODO: Fall back to the basic round-robin load balancing if the resulting address is + // not a load balancer. + select { + case <-ch: + default: + } + ch <- b.rbs + return nil +} + +func (b *balancer) serverListExpire(seq int) { + b.mu.Lock() + defer b.mu.Unlock() + // TODO: gRPC interanls do not clear the connections when the server list is stale. + // This means RPCs will keep using the existing server list until b receives new + // server list even though the list is expired. Revisit this behavior later. + if b.done || seq < b.seq { + return + } + b.next = 0 + b.addrs = nil + // Ask grpc internals to close all the corresponding connections. + b.addrCh <- nil +} + +func convertDuration(d *lbpb.Duration) time.Duration { + if d == nil { + return 0 + } + return time.Duration(d.Seconds)*time.Second + time.Duration(d.Nanos)*time.Nanosecond +} + +func (b *balancer) processServerList(l *lbpb.ServerList, seq int) { + if l == nil { + return + } + servers := l.GetServers() + expiration := convertDuration(l.GetExpirationInterval()) + var ( + sl []*grpclbAddrInfo + addrs []Address + ) + for _, s := range servers { + md := metadata.Pairs("lb-token", s.LoadBalanceToken) + addr := Address{ + Addr: fmt.Sprintf("%s:%d", net.IP(s.IpAddress), s.Port), + Metadata: &md, + } + sl = append(sl, &grpclbAddrInfo{ + addr: addr, + dropForRateLimiting: s.DropForRateLimiting, + dropForLoadBalancing: s.DropForLoadBalancing, + }) + addrs = append(addrs, addr) + } + b.mu.Lock() + defer b.mu.Unlock() + if b.done || seq < b.seq { + return + } + if len(sl) > 0 { + // reset b.next to 0 when replacing the server list. + b.next = 0 + b.addrs = sl + b.addrCh <- addrs + if b.expTimer != nil { + b.expTimer.Stop() + b.expTimer = nil + } + if expiration > 0 { + b.expTimer = time.AfterFunc(expiration, func() { + b.serverListExpire(seq) + }) + } + } + return +} + +func (b *balancer) sendLoadReport(s *balanceLoadClientStream, interval time.Duration, done <-chan struct{}) { + ticker := time.NewTicker(interval) + defer ticker.Stop() + for { + select { + case <-ticker.C: + case <-done: + return + } + b.mu.Lock() + stats := b.clientStats + b.clientStats = lbpb.ClientStats{} // Clear the stats. + b.mu.Unlock() + t := time.Now() + stats.Timestamp = &lbpb.Timestamp{ + Seconds: t.Unix(), + Nanos: int32(t.Nanosecond()), + } + if err := s.Send(&lbpb.LoadBalanceRequest{ + LoadBalanceRequestType: &lbpb.LoadBalanceRequest_ClientStats{ + ClientStats: &stats, + }, + }); err != nil { + return + } + } +} + +func (b *balancer) callRemoteBalancer(lbc *loadBalancerClient, seq int) (retry bool) { + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + stream, err := lbc.BalanceLoad(ctx) + if err != nil { + grpclog.Printf("Failed to perform RPC to the remote balancer %v", err) + return + } + b.mu.Lock() + if b.done { + b.mu.Unlock() + return + } + b.mu.Unlock() + initReq := &lbpb.LoadBalanceRequest{ + LoadBalanceRequestType: &lbpb.LoadBalanceRequest_InitialRequest{ + InitialRequest: &lbpb.InitialLoadBalanceRequest{ + Name: b.target, + }, + }, + } + if err := stream.Send(initReq); err != nil { + // TODO: backoff on retry? + return true + } + reply, err := stream.Recv() + if err != nil { + // TODO: backoff on retry? + return true + } + initResp := reply.GetInitialResponse() + if initResp == nil { + grpclog.Println("Failed to receive the initial response from the remote balancer.") + return + } + // TODO: Support delegation. + if initResp.LoadBalancerDelegate != "" { + // delegation + grpclog.Println("TODO: Delegation is not supported yet.") + return + } + streamDone := make(chan struct{}) + defer close(streamDone) + b.mu.Lock() + b.clientStats = lbpb.ClientStats{} // Clear client stats. + b.mu.Unlock() + if d := convertDuration(initResp.ClientStatsReportInterval); d > 0 { + go b.sendLoadReport(stream, d, streamDone) + } + // Retrieve the server list. + for { + reply, err := stream.Recv() + if err != nil { + break + } + b.mu.Lock() + if b.done || seq < b.seq { + b.mu.Unlock() + return + } + b.seq++ // tick when receiving a new list of servers. + seq = b.seq + b.mu.Unlock() + if serverList := reply.GetServerList(); serverList != nil { + b.processServerList(serverList, seq) + } + } + return true +} + +func (b *balancer) Start(target string, config BalancerConfig) error { + b.rand = rand.New(rand.NewSource(time.Now().Unix())) + // TODO: Fall back to the basic direct connection if there is no name resolver. + if b.r == nil { + return errors.New("there is no name resolver installed") + } + b.target = target + b.mu.Lock() + if b.done { + b.mu.Unlock() + return ErrClientConnClosing + } + b.addrCh = make(chan []Address) + w, err := b.r.Resolve(target) + if err != nil { + b.mu.Unlock() + return err + } + b.w = w + b.mu.Unlock() + balancerAddrsCh := make(chan []remoteBalancerInfo, 1) + // Spawn a goroutine to monitor the name resolution of remote load balancer. + go func() { + for { + if err := b.watchAddrUpdates(w, balancerAddrsCh); err != nil { + grpclog.Printf("grpc: the naming watcher stops working due to %v.\n", err) + close(balancerAddrsCh) + return + } + } + }() + // Spawn a goroutine to talk to the remote load balancer. + go func() { + var ( + cc *ClientConn + // ccError is closed when there is an error in the current cc. + // A new rb should be picked from rbs and connected. + ccError chan struct{} + rb *remoteBalancerInfo + rbs []remoteBalancerInfo + rbIdx int + ) + + defer func() { + if ccError != nil { + select { + case <-ccError: + default: + close(ccError) + } + } + if cc != nil { + cc.Close() + } + }() + + for { + var ok bool + select { + case rbs, ok = <-balancerAddrsCh: + if !ok { + return + } + foundIdx := -1 + if rb != nil { + for i, trb := range rbs { + if trb == *rb { + foundIdx = i + break + } + } + } + if foundIdx >= 0 { + if foundIdx >= 1 { + // Move the address in use to the beginning of the list. + b.rbs[0], b.rbs[foundIdx] = b.rbs[foundIdx], b.rbs[0] + rbIdx = 0 + } + continue // If found, don't dial new cc. + } else if len(rbs) > 0 { + // Pick a random one from the list, instead of always using the first one. + if l := len(rbs); l > 1 && rb != nil { + tmpIdx := b.rand.Intn(l - 1) + b.rbs[0], b.rbs[tmpIdx] = b.rbs[tmpIdx], b.rbs[0] + } + rbIdx = 0 + rb = &rbs[0] + } else { + // foundIdx < 0 && len(rbs) <= 0. + rb = nil + } + case <-ccError: + ccError = nil + if rbIdx < len(rbs)-1 { + rbIdx++ + rb = &rbs[rbIdx] + } else { + rb = nil + } + } + + if rb == nil { + continue + } + + if cc != nil { + cc.Close() + } + // Talk to the remote load balancer to get the server list. + var err error + creds := config.DialCreds + ccError = make(chan struct{}) + if creds == nil { + cc, err = Dial(rb.addr, WithInsecure()) + } else { + if rb.name != "" { + if err := creds.OverrideServerName(rb.name); err != nil { + grpclog.Printf("Failed to override the server name in the credentials: %v", err) + continue + } + } + cc, err = Dial(rb.addr, WithTransportCredentials(creds)) + } + if err != nil { + grpclog.Printf("Failed to setup a connection to the remote balancer %v: %v", rb.addr, err) + close(ccError) + continue + } + b.mu.Lock() + b.seq++ // tick when getting a new balancer address + seq := b.seq + b.next = 0 + b.mu.Unlock() + go func(cc *ClientConn, ccError chan struct{}) { + lbc := &loadBalancerClient{cc} + b.callRemoteBalancer(lbc, seq) + cc.Close() + select { + case <-ccError: + default: + close(ccError) + } + }(cc, ccError) + } + }() + return nil +} + +func (b *balancer) down(addr Address, err error) { + b.mu.Lock() + defer b.mu.Unlock() + for _, a := range b.addrs { + if addr == a.addr { + a.connected = false + break + } + } +} + +func (b *balancer) Up(addr Address) func(error) { + b.mu.Lock() + defer b.mu.Unlock() + if b.done { + return nil + } + var cnt int + for _, a := range b.addrs { + if a.addr == addr { + if a.connected { + return nil + } + a.connected = true + } + if a.connected && !a.dropForRateLimiting && !a.dropForLoadBalancing { + cnt++ + } + } + // addr is the only one which is connected. Notify the Get() callers who are blocking. + if cnt == 1 && b.waitCh != nil { + close(b.waitCh) + b.waitCh = nil + } + return func(err error) { + b.down(addr, err) + } +} + +func (b *balancer) Get(ctx context.Context, opts BalancerGetOptions) (addr Address, put func(), err error) { + var ch chan struct{} + b.mu.Lock() + if b.done { + b.mu.Unlock() + err = ErrClientConnClosing + return + } + seq := b.seq + + defer func() { + if err != nil { + return + } + put = func() { + s, ok := rpcInfoFromContext(ctx) + if !ok { + return + } + b.mu.Lock() + defer b.mu.Unlock() + if b.done || seq < b.seq { + return + } + b.clientStats.NumCallsFinished++ + if !s.bytesSent { + b.clientStats.NumCallsFinishedWithClientFailedToSend++ + } else if s.bytesReceived { + b.clientStats.NumCallsFinishedKnownReceived++ + } + } + }() + + b.clientStats.NumCallsStarted++ + if len(b.addrs) > 0 { + if b.next >= len(b.addrs) { + b.next = 0 + } + next := b.next + for { + a := b.addrs[next] + next = (next + 1) % len(b.addrs) + if a.connected { + if !a.dropForRateLimiting && !a.dropForLoadBalancing { + addr = a.addr + b.next = next + b.mu.Unlock() + return + } + if !opts.BlockingWait { + b.next = next + if a.dropForLoadBalancing { + b.clientStats.NumCallsFinished++ + b.clientStats.NumCallsFinishedWithDropForLoadBalancing++ + } else if a.dropForRateLimiting { + b.clientStats.NumCallsFinished++ + b.clientStats.NumCallsFinishedWithDropForRateLimiting++ + } + b.mu.Unlock() + err = Errorf(codes.Unavailable, "%s drops requests", a.addr.Addr) + return + } + } + if next == b.next { + // Has iterated all the possible address but none is connected. + break + } + } + } + if !opts.BlockingWait { + if len(b.addrs) == 0 { + b.clientStats.NumCallsFinished++ + b.clientStats.NumCallsFinishedWithClientFailedToSend++ + b.mu.Unlock() + err = Errorf(codes.Unavailable, "there is no address available") + return + } + // Returns the next addr on b.addrs for a failfast RPC. + addr = b.addrs[b.next].addr + b.next++ + b.mu.Unlock() + return + } + // Wait on b.waitCh for non-failfast RPCs. + if b.waitCh == nil { + ch = make(chan struct{}) + b.waitCh = ch + } else { + ch = b.waitCh + } + b.mu.Unlock() + for { + select { + case <-ctx.Done(): + b.mu.Lock() + b.clientStats.NumCallsFinished++ + b.clientStats.NumCallsFinishedWithClientFailedToSend++ + b.mu.Unlock() + err = ctx.Err() + return + case <-ch: + b.mu.Lock() + if b.done { + b.clientStats.NumCallsFinished++ + b.clientStats.NumCallsFinishedWithClientFailedToSend++ + b.mu.Unlock() + err = ErrClientConnClosing + return + } + + if len(b.addrs) > 0 { + if b.next >= len(b.addrs) { + b.next = 0 + } + next := b.next + for { + a := b.addrs[next] + next = (next + 1) % len(b.addrs) + if a.connected { + if !a.dropForRateLimiting && !a.dropForLoadBalancing { + addr = a.addr + b.next = next + b.mu.Unlock() + return + } + if !opts.BlockingWait { + b.next = next + if a.dropForLoadBalancing { + b.clientStats.NumCallsFinished++ + b.clientStats.NumCallsFinishedWithDropForLoadBalancing++ + } else if a.dropForRateLimiting { + b.clientStats.NumCallsFinished++ + b.clientStats.NumCallsFinishedWithDropForRateLimiting++ + } + b.mu.Unlock() + err = Errorf(codes.Unavailable, "drop requests for the addreess %s", a.addr.Addr) + return + } + } + if next == b.next { + // Has iterated all the possible address but none is connected. + break + } + } + } + // The newly added addr got removed by Down() again. + if b.waitCh == nil { + ch = make(chan struct{}) + b.waitCh = ch + } else { + ch = b.waitCh + } + b.mu.Unlock() + } + } +} + +func (b *balancer) Notify() <-chan []Address { + return b.addrCh +} + +func (b *balancer) Close() error { + b.mu.Lock() + defer b.mu.Unlock() + b.done = true + if b.expTimer != nil { + b.expTimer.Stop() + } + if b.waitCh != nil { + close(b.waitCh) + } + if b.addrCh != nil { + close(b.addrCh) + } + if b.w != nil { + b.w.Close() + } + return nil +} diff --git a/components/engine/vendor/google.golang.org/grpc/grpclb/grpc_lb_v1/grpclb.pb.go b/components/engine/vendor/google.golang.org/grpc/grpclb/grpc_lb_v1/grpclb.pb.go new file mode 100644 index 0000000000..f63941bd80 --- /dev/null +++ b/components/engine/vendor/google.golang.org/grpc/grpclb/grpc_lb_v1/grpclb.pb.go @@ -0,0 +1,629 @@ +// Code generated by protoc-gen-go. +// source: grpclb.proto +// DO NOT EDIT! + +/* +Package grpc_lb_v1 is a generated protocol buffer package. + +It is generated from these files: + grpclb.proto + +It has these top-level messages: + Duration + Timestamp + LoadBalanceRequest + InitialLoadBalanceRequest + ClientStats + LoadBalanceResponse + InitialLoadBalanceResponse + ServerList + Server +*/ +package grpc_lb_v1 + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package + +type Duration struct { + // Signed seconds of the span of time. Must be from -315,576,000,000 + // to +315,576,000,000 inclusive. + Seconds int64 `protobuf:"varint,1,opt,name=seconds" json:"seconds,omitempty"` + // Signed fractions of a second at nanosecond resolution of the span + // of time. Durations less than one second are represented with a 0 + // `seconds` field and a positive or negative `nanos` field. For durations + // of one second or more, a non-zero value for the `nanos` field must be + // of the same sign as the `seconds` field. Must be from -999,999,999 + // to +999,999,999 inclusive. + Nanos int32 `protobuf:"varint,2,opt,name=nanos" json:"nanos,omitempty"` +} + +func (m *Duration) Reset() { *m = Duration{} } +func (m *Duration) String() string { return proto.CompactTextString(m) } +func (*Duration) ProtoMessage() {} +func (*Duration) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} } + +func (m *Duration) GetSeconds() int64 { + if m != nil { + return m.Seconds + } + return 0 +} + +func (m *Duration) GetNanos() int32 { + if m != nil { + return m.Nanos + } + return 0 +} + +type Timestamp struct { + // Represents seconds of UTC time since Unix epoch + // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to + // 9999-12-31T23:59:59Z inclusive. + Seconds int64 `protobuf:"varint,1,opt,name=seconds" json:"seconds,omitempty"` + // Non-negative fractions of a second at nanosecond resolution. Negative + // second values with fractions must still have non-negative nanos values + // that count forward in time. Must be from 0 to 999,999,999 + // inclusive. + Nanos int32 `protobuf:"varint,2,opt,name=nanos" json:"nanos,omitempty"` +} + +func (m *Timestamp) Reset() { *m = Timestamp{} } +func (m *Timestamp) String() string { return proto.CompactTextString(m) } +func (*Timestamp) ProtoMessage() {} +func (*Timestamp) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{1} } + +func (m *Timestamp) GetSeconds() int64 { + if m != nil { + return m.Seconds + } + return 0 +} + +func (m *Timestamp) GetNanos() int32 { + if m != nil { + return m.Nanos + } + return 0 +} + +type LoadBalanceRequest struct { + // Types that are valid to be assigned to LoadBalanceRequestType: + // *LoadBalanceRequest_InitialRequest + // *LoadBalanceRequest_ClientStats + LoadBalanceRequestType isLoadBalanceRequest_LoadBalanceRequestType `protobuf_oneof:"load_balance_request_type"` +} + +func (m *LoadBalanceRequest) Reset() { *m = LoadBalanceRequest{} } +func (m *LoadBalanceRequest) String() string { return proto.CompactTextString(m) } +func (*LoadBalanceRequest) ProtoMessage() {} +func (*LoadBalanceRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{2} } + +type isLoadBalanceRequest_LoadBalanceRequestType interface { + isLoadBalanceRequest_LoadBalanceRequestType() +} + +type LoadBalanceRequest_InitialRequest struct { + InitialRequest *InitialLoadBalanceRequest `protobuf:"bytes,1,opt,name=initial_request,json=initialRequest,oneof"` +} +type LoadBalanceRequest_ClientStats struct { + ClientStats *ClientStats `protobuf:"bytes,2,opt,name=client_stats,json=clientStats,oneof"` +} + +func (*LoadBalanceRequest_InitialRequest) isLoadBalanceRequest_LoadBalanceRequestType() {} +func (*LoadBalanceRequest_ClientStats) isLoadBalanceRequest_LoadBalanceRequestType() {} + +func (m *LoadBalanceRequest) GetLoadBalanceRequestType() isLoadBalanceRequest_LoadBalanceRequestType { + if m != nil { + return m.LoadBalanceRequestType + } + return nil +} + +func (m *LoadBalanceRequest) GetInitialRequest() *InitialLoadBalanceRequest { + if x, ok := m.GetLoadBalanceRequestType().(*LoadBalanceRequest_InitialRequest); ok { + return x.InitialRequest + } + return nil +} + +func (m *LoadBalanceRequest) GetClientStats() *ClientStats { + if x, ok := m.GetLoadBalanceRequestType().(*LoadBalanceRequest_ClientStats); ok { + return x.ClientStats + } + return nil +} + +// XXX_OneofFuncs is for the internal use of the proto package. +func (*LoadBalanceRequest) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) { + return _LoadBalanceRequest_OneofMarshaler, _LoadBalanceRequest_OneofUnmarshaler, _LoadBalanceRequest_OneofSizer, []interface{}{ + (*LoadBalanceRequest_InitialRequest)(nil), + (*LoadBalanceRequest_ClientStats)(nil), + } +} + +func _LoadBalanceRequest_OneofMarshaler(msg proto.Message, b *proto.Buffer) error { + m := msg.(*LoadBalanceRequest) + // load_balance_request_type + switch x := m.LoadBalanceRequestType.(type) { + case *LoadBalanceRequest_InitialRequest: + b.EncodeVarint(1<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.InitialRequest); err != nil { + return err + } + case *LoadBalanceRequest_ClientStats: + b.EncodeVarint(2<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.ClientStats); err != nil { + return err + } + case nil: + default: + return fmt.Errorf("LoadBalanceRequest.LoadBalanceRequestType has unexpected type %T", x) + } + return nil +} + +func _LoadBalanceRequest_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) { + m := msg.(*LoadBalanceRequest) + switch tag { + case 1: // load_balance_request_type.initial_request + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(InitialLoadBalanceRequest) + err := b.DecodeMessage(msg) + m.LoadBalanceRequestType = &LoadBalanceRequest_InitialRequest{msg} + return true, err + case 2: // load_balance_request_type.client_stats + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(ClientStats) + err := b.DecodeMessage(msg) + m.LoadBalanceRequestType = &LoadBalanceRequest_ClientStats{msg} + return true, err + default: + return false, nil + } +} + +func _LoadBalanceRequest_OneofSizer(msg proto.Message) (n int) { + m := msg.(*LoadBalanceRequest) + // load_balance_request_type + switch x := m.LoadBalanceRequestType.(type) { + case *LoadBalanceRequest_InitialRequest: + s := proto.Size(x.InitialRequest) + n += proto.SizeVarint(1<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case *LoadBalanceRequest_ClientStats: + s := proto.Size(x.ClientStats) + n += proto.SizeVarint(2<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case nil: + default: + panic(fmt.Sprintf("proto: unexpected type %T in oneof", x)) + } + return n +} + +type InitialLoadBalanceRequest struct { + // Name of load balanced service (IE, balancer.service.com) + // length should be less than 256 bytes. + Name string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` +} + +func (m *InitialLoadBalanceRequest) Reset() { *m = InitialLoadBalanceRequest{} } +func (m *InitialLoadBalanceRequest) String() string { return proto.CompactTextString(m) } +func (*InitialLoadBalanceRequest) ProtoMessage() {} +func (*InitialLoadBalanceRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{3} } + +func (m *InitialLoadBalanceRequest) GetName() string { + if m != nil { + return m.Name + } + return "" +} + +// Contains client level statistics that are useful to load balancing. Each +// count except the timestamp should be reset to zero after reporting the stats. +type ClientStats struct { + // The timestamp of generating the report. + Timestamp *Timestamp `protobuf:"bytes,1,opt,name=timestamp" json:"timestamp,omitempty"` + // The total number of RPCs that started. + NumCallsStarted int64 `protobuf:"varint,2,opt,name=num_calls_started,json=numCallsStarted" json:"num_calls_started,omitempty"` + // The total number of RPCs that finished. + NumCallsFinished int64 `protobuf:"varint,3,opt,name=num_calls_finished,json=numCallsFinished" json:"num_calls_finished,omitempty"` + // The total number of RPCs that were dropped by the client because of rate + // limiting. + NumCallsFinishedWithDropForRateLimiting int64 `protobuf:"varint,4,opt,name=num_calls_finished_with_drop_for_rate_limiting,json=numCallsFinishedWithDropForRateLimiting" json:"num_calls_finished_with_drop_for_rate_limiting,omitempty"` + // The total number of RPCs that were dropped by the client because of load + // balancing. + NumCallsFinishedWithDropForLoadBalancing int64 `protobuf:"varint,5,opt,name=num_calls_finished_with_drop_for_load_balancing,json=numCallsFinishedWithDropForLoadBalancing" json:"num_calls_finished_with_drop_for_load_balancing,omitempty"` + // The total number of RPCs that failed to reach a server except dropped RPCs. + NumCallsFinishedWithClientFailedToSend int64 `protobuf:"varint,6,opt,name=num_calls_finished_with_client_failed_to_send,json=numCallsFinishedWithClientFailedToSend" json:"num_calls_finished_with_client_failed_to_send,omitempty"` + // The total number of RPCs that finished and are known to have been received + // by a server. + NumCallsFinishedKnownReceived int64 `protobuf:"varint,7,opt,name=num_calls_finished_known_received,json=numCallsFinishedKnownReceived" json:"num_calls_finished_known_received,omitempty"` +} + +func (m *ClientStats) Reset() { *m = ClientStats{} } +func (m *ClientStats) String() string { return proto.CompactTextString(m) } +func (*ClientStats) ProtoMessage() {} +func (*ClientStats) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{4} } + +func (m *ClientStats) GetTimestamp() *Timestamp { + if m != nil { + return m.Timestamp + } + return nil +} + +func (m *ClientStats) GetNumCallsStarted() int64 { + if m != nil { + return m.NumCallsStarted + } + return 0 +} + +func (m *ClientStats) GetNumCallsFinished() int64 { + if m != nil { + return m.NumCallsFinished + } + return 0 +} + +func (m *ClientStats) GetNumCallsFinishedWithDropForRateLimiting() int64 { + if m != nil { + return m.NumCallsFinishedWithDropForRateLimiting + } + return 0 +} + +func (m *ClientStats) GetNumCallsFinishedWithDropForLoadBalancing() int64 { + if m != nil { + return m.NumCallsFinishedWithDropForLoadBalancing + } + return 0 +} + +func (m *ClientStats) GetNumCallsFinishedWithClientFailedToSend() int64 { + if m != nil { + return m.NumCallsFinishedWithClientFailedToSend + } + return 0 +} + +func (m *ClientStats) GetNumCallsFinishedKnownReceived() int64 { + if m != nil { + return m.NumCallsFinishedKnownReceived + } + return 0 +} + +type LoadBalanceResponse struct { + // Types that are valid to be assigned to LoadBalanceResponseType: + // *LoadBalanceResponse_InitialResponse + // *LoadBalanceResponse_ServerList + LoadBalanceResponseType isLoadBalanceResponse_LoadBalanceResponseType `protobuf_oneof:"load_balance_response_type"` +} + +func (m *LoadBalanceResponse) Reset() { *m = LoadBalanceResponse{} } +func (m *LoadBalanceResponse) String() string { return proto.CompactTextString(m) } +func (*LoadBalanceResponse) ProtoMessage() {} +func (*LoadBalanceResponse) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{5} } + +type isLoadBalanceResponse_LoadBalanceResponseType interface { + isLoadBalanceResponse_LoadBalanceResponseType() +} + +type LoadBalanceResponse_InitialResponse struct { + InitialResponse *InitialLoadBalanceResponse `protobuf:"bytes,1,opt,name=initial_response,json=initialResponse,oneof"` +} +type LoadBalanceResponse_ServerList struct { + ServerList *ServerList `protobuf:"bytes,2,opt,name=server_list,json=serverList,oneof"` +} + +func (*LoadBalanceResponse_InitialResponse) isLoadBalanceResponse_LoadBalanceResponseType() {} +func (*LoadBalanceResponse_ServerList) isLoadBalanceResponse_LoadBalanceResponseType() {} + +func (m *LoadBalanceResponse) GetLoadBalanceResponseType() isLoadBalanceResponse_LoadBalanceResponseType { + if m != nil { + return m.LoadBalanceResponseType + } + return nil +} + +func (m *LoadBalanceResponse) GetInitialResponse() *InitialLoadBalanceResponse { + if x, ok := m.GetLoadBalanceResponseType().(*LoadBalanceResponse_InitialResponse); ok { + return x.InitialResponse + } + return nil +} + +func (m *LoadBalanceResponse) GetServerList() *ServerList { + if x, ok := m.GetLoadBalanceResponseType().(*LoadBalanceResponse_ServerList); ok { + return x.ServerList + } + return nil +} + +// XXX_OneofFuncs is for the internal use of the proto package. +func (*LoadBalanceResponse) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) { + return _LoadBalanceResponse_OneofMarshaler, _LoadBalanceResponse_OneofUnmarshaler, _LoadBalanceResponse_OneofSizer, []interface{}{ + (*LoadBalanceResponse_InitialResponse)(nil), + (*LoadBalanceResponse_ServerList)(nil), + } +} + +func _LoadBalanceResponse_OneofMarshaler(msg proto.Message, b *proto.Buffer) error { + m := msg.(*LoadBalanceResponse) + // load_balance_response_type + switch x := m.LoadBalanceResponseType.(type) { + case *LoadBalanceResponse_InitialResponse: + b.EncodeVarint(1<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.InitialResponse); err != nil { + return err + } + case *LoadBalanceResponse_ServerList: + b.EncodeVarint(2<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.ServerList); err != nil { + return err + } + case nil: + default: + return fmt.Errorf("LoadBalanceResponse.LoadBalanceResponseType has unexpected type %T", x) + } + return nil +} + +func _LoadBalanceResponse_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) { + m := msg.(*LoadBalanceResponse) + switch tag { + case 1: // load_balance_response_type.initial_response + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(InitialLoadBalanceResponse) + err := b.DecodeMessage(msg) + m.LoadBalanceResponseType = &LoadBalanceResponse_InitialResponse{msg} + return true, err + case 2: // load_balance_response_type.server_list + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(ServerList) + err := b.DecodeMessage(msg) + m.LoadBalanceResponseType = &LoadBalanceResponse_ServerList{msg} + return true, err + default: + return false, nil + } +} + +func _LoadBalanceResponse_OneofSizer(msg proto.Message) (n int) { + m := msg.(*LoadBalanceResponse) + // load_balance_response_type + switch x := m.LoadBalanceResponseType.(type) { + case *LoadBalanceResponse_InitialResponse: + s := proto.Size(x.InitialResponse) + n += proto.SizeVarint(1<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case *LoadBalanceResponse_ServerList: + s := proto.Size(x.ServerList) + n += proto.SizeVarint(2<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case nil: + default: + panic(fmt.Sprintf("proto: unexpected type %T in oneof", x)) + } + return n +} + +type InitialLoadBalanceResponse struct { + // This is an application layer redirect that indicates the client should use + // the specified server for load balancing. When this field is non-empty in + // the response, the client should open a separate connection to the + // load_balancer_delegate and call the BalanceLoad method. Its length should + // be less than 64 bytes. + LoadBalancerDelegate string `protobuf:"bytes,1,opt,name=load_balancer_delegate,json=loadBalancerDelegate" json:"load_balancer_delegate,omitempty"` + // This interval defines how often the client should send the client stats + // to the load balancer. Stats should only be reported when the duration is + // positive. + ClientStatsReportInterval *Duration `protobuf:"bytes,2,opt,name=client_stats_report_interval,json=clientStatsReportInterval" json:"client_stats_report_interval,omitempty"` +} + +func (m *InitialLoadBalanceResponse) Reset() { *m = InitialLoadBalanceResponse{} } +func (m *InitialLoadBalanceResponse) String() string { return proto.CompactTextString(m) } +func (*InitialLoadBalanceResponse) ProtoMessage() {} +func (*InitialLoadBalanceResponse) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{6} } + +func (m *InitialLoadBalanceResponse) GetLoadBalancerDelegate() string { + if m != nil { + return m.LoadBalancerDelegate + } + return "" +} + +func (m *InitialLoadBalanceResponse) GetClientStatsReportInterval() *Duration { + if m != nil { + return m.ClientStatsReportInterval + } + return nil +} + +type ServerList struct { + // Contains a list of servers selected by the load balancer. The list will + // be updated when server resolutions change or as needed to balance load + // across more servers. The client should consume the server list in order + // unless instructed otherwise via the client_config. + Servers []*Server `protobuf:"bytes,1,rep,name=servers" json:"servers,omitempty"` + // Indicates the amount of time that the client should consider this server + // list as valid. It may be considered stale after waiting this interval of + // time after receiving the list. If the interval is not positive, the + // client can assume the list is valid until the next list is received. + ExpirationInterval *Duration `protobuf:"bytes,3,opt,name=expiration_interval,json=expirationInterval" json:"expiration_interval,omitempty"` +} + +func (m *ServerList) Reset() { *m = ServerList{} } +func (m *ServerList) String() string { return proto.CompactTextString(m) } +func (*ServerList) ProtoMessage() {} +func (*ServerList) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{7} } + +func (m *ServerList) GetServers() []*Server { + if m != nil { + return m.Servers + } + return nil +} + +func (m *ServerList) GetExpirationInterval() *Duration { + if m != nil { + return m.ExpirationInterval + } + return nil +} + +// Contains server information. When none of the [drop_for_*] fields are true, +// use the other fields. When drop_for_rate_limiting is true, ignore all other +// fields. Use drop_for_load_balancing only when it is true and +// drop_for_rate_limiting is false. +type Server struct { + // A resolved address for the server, serialized in network-byte-order. It may + // either be an IPv4 or IPv6 address. + IpAddress []byte `protobuf:"bytes,1,opt,name=ip_address,json=ipAddress,proto3" json:"ip_address,omitempty"` + // A resolved port number for the server. + Port int32 `protobuf:"varint,2,opt,name=port" json:"port,omitempty"` + // An opaque but printable token given to the frontend for each pick. All + // frontend requests for that pick must include the token in its initial + // metadata. The token is used by the backend to verify the request and to + // allow the backend to report load to the gRPC LB system. + // + // Its length is variable but less than 50 bytes. + LoadBalanceToken string `protobuf:"bytes,3,opt,name=load_balance_token,json=loadBalanceToken" json:"load_balance_token,omitempty"` + // Indicates whether this particular request should be dropped by the client + // for rate limiting. + DropForRateLimiting bool `protobuf:"varint,4,opt,name=drop_for_rate_limiting,json=dropForRateLimiting" json:"drop_for_rate_limiting,omitempty"` + // Indicates whether this particular request should be dropped by the client + // for load balancing. + DropForLoadBalancing bool `protobuf:"varint,5,opt,name=drop_for_load_balancing,json=dropForLoadBalancing" json:"drop_for_load_balancing,omitempty"` +} + +func (m *Server) Reset() { *m = Server{} } +func (m *Server) String() string { return proto.CompactTextString(m) } +func (*Server) ProtoMessage() {} +func (*Server) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{8} } + +func (m *Server) GetIpAddress() []byte { + if m != nil { + return m.IpAddress + } + return nil +} + +func (m *Server) GetPort() int32 { + if m != nil { + return m.Port + } + return 0 +} + +func (m *Server) GetLoadBalanceToken() string { + if m != nil { + return m.LoadBalanceToken + } + return "" +} + +func (m *Server) GetDropForRateLimiting() bool { + if m != nil { + return m.DropForRateLimiting + } + return false +} + +func (m *Server) GetDropForLoadBalancing() bool { + if m != nil { + return m.DropForLoadBalancing + } + return false +} + +func init() { + proto.RegisterType((*Duration)(nil), "grpc.lb.v1.Duration") + proto.RegisterType((*Timestamp)(nil), "grpc.lb.v1.Timestamp") + proto.RegisterType((*LoadBalanceRequest)(nil), "grpc.lb.v1.LoadBalanceRequest") + proto.RegisterType((*InitialLoadBalanceRequest)(nil), "grpc.lb.v1.InitialLoadBalanceRequest") + proto.RegisterType((*ClientStats)(nil), "grpc.lb.v1.ClientStats") + proto.RegisterType((*LoadBalanceResponse)(nil), "grpc.lb.v1.LoadBalanceResponse") + proto.RegisterType((*InitialLoadBalanceResponse)(nil), "grpc.lb.v1.InitialLoadBalanceResponse") + proto.RegisterType((*ServerList)(nil), "grpc.lb.v1.ServerList") + proto.RegisterType((*Server)(nil), "grpc.lb.v1.Server") +} + +func init() { proto.RegisterFile("grpclb.proto", fileDescriptor0) } + +var fileDescriptor0 = []byte{ + // 733 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x55, 0xdd, 0x4e, 0x1b, 0x39, + 0x14, 0x66, 0x36, 0xfc, 0xe5, 0x24, 0x5a, 0x58, 0x93, 0x85, 0xc0, 0xc2, 0x2e, 0x1b, 0xa9, 0x34, + 0xaa, 0x68, 0x68, 0x43, 0x7b, 0xd1, 0x9f, 0x9b, 0x02, 0x45, 0x41, 0xe5, 0xa2, 0x72, 0xa8, 0x7a, + 0x55, 0x59, 0x4e, 0xc6, 0x80, 0xc5, 0xc4, 0x9e, 0xda, 0x4e, 0x68, 0x2f, 0x7b, 0xd9, 0x47, 0xe9, + 0x63, 0x54, 0x7d, 0x86, 0xbe, 0x4f, 0x65, 0x7b, 0x26, 0x33, 0x90, 0x1f, 0xd4, 0xbb, 0xf1, 0xf1, + 0x77, 0xbe, 0xf3, 0xf9, 0xd8, 0xdf, 0x19, 0x28, 0x5f, 0xa8, 0xb8, 0x1b, 0x75, 0x1a, 0xb1, 0x92, + 0x46, 0x22, 0xb0, 0xab, 0x46, 0xd4, 0x69, 0x0c, 0x1e, 0xd7, 0x9e, 0xc3, 0xe2, 0x51, 0x5f, 0x51, + 0xc3, 0xa5, 0x40, 0x55, 0x58, 0xd0, 0xac, 0x2b, 0x45, 0xa8, 0xab, 0xc1, 0x76, 0x50, 0x2f, 0xe0, + 0x74, 0x89, 0x2a, 0x30, 0x27, 0xa8, 0x90, 0xba, 0xfa, 0xc7, 0x76, 0x50, 0x9f, 0xc3, 0x7e, 0x51, + 0x7b, 0x01, 0xc5, 0x33, 0xde, 0x63, 0xda, 0xd0, 0x5e, 0xfc, 0xdb, 0xc9, 0xdf, 0x03, 0x40, 0xa7, + 0x92, 0x86, 0x07, 0x34, 0xa2, 0xa2, 0xcb, 0x30, 0xfb, 0xd8, 0x67, 0xda, 0xa0, 0xb7, 0xb0, 0xc4, + 0x05, 0x37, 0x9c, 0x46, 0x44, 0xf9, 0x90, 0xa3, 0x2b, 0x35, 0xef, 0x35, 0x32, 0xd5, 0x8d, 0x13, + 0x0f, 0x19, 0xcd, 0x6f, 0xcd, 0xe0, 0x3f, 0x93, 0xfc, 0x94, 0xf1, 0x25, 0x94, 0xbb, 0x11, 0x67, + 0xc2, 0x10, 0x6d, 0xa8, 0xf1, 0x2a, 0x4a, 0xcd, 0xb5, 0x3c, 0xdd, 0xa1, 0xdb, 0x6f, 0xdb, 0xed, + 0xd6, 0x0c, 0x2e, 0x75, 0xb3, 0xe5, 0xc1, 0x3f, 0xb0, 0x1e, 0x49, 0x1a, 0x92, 0x8e, 0x2f, 0x93, + 0x8a, 0x22, 0xe6, 0x73, 0xcc, 0x6a, 0x7b, 0xb0, 0x3e, 0x51, 0x09, 0x42, 0x30, 0x2b, 0x68, 0x8f, + 0x39, 0xf9, 0x45, 0xec, 0xbe, 0x6b, 0x5f, 0x67, 0xa1, 0x94, 0x2b, 0x86, 0xf6, 0xa1, 0x68, 0xd2, + 0x0e, 0x26, 0xe7, 0xfc, 0x3b, 0x2f, 0x6c, 0xd8, 0x5e, 0x9c, 0xe1, 0xd0, 0x03, 0xf8, 0x4b, 0xf4, + 0x7b, 0xa4, 0x4b, 0xa3, 0x48, 0xdb, 0x33, 0x29, 0xc3, 0x42, 0x77, 0xaa, 0x02, 0x5e, 0x12, 0xfd, + 0xde, 0xa1, 0x8d, 0xb7, 0x7d, 0x18, 0xed, 0x02, 0xca, 0xb0, 0xe7, 0x5c, 0x70, 0x7d, 0xc9, 0xc2, + 0x6a, 0xc1, 0x81, 0x97, 0x53, 0xf0, 0x71, 0x12, 0x47, 0x04, 0x1a, 0xa3, 0x68, 0x72, 0xcd, 0xcd, + 0x25, 0x09, 0x95, 0x8c, 0xc9, 0xb9, 0x54, 0x44, 0x51, 0xc3, 0x48, 0xc4, 0x7b, 0xdc, 0x70, 0x71, + 0x51, 0x9d, 0x75, 0x4c, 0xf7, 0x6f, 0x33, 0xbd, 0xe7, 0xe6, 0xf2, 0x48, 0xc9, 0xf8, 0x58, 0x2a, + 0x4c, 0x0d, 0x3b, 0x4d, 0xe0, 0x88, 0xc2, 0xde, 0x9d, 0x05, 0x72, 0xed, 0xb6, 0x15, 0xe6, 0x5c, + 0x85, 0xfa, 0x94, 0x0a, 0x59, 0xef, 0x6d, 0x89, 0x0f, 0xf0, 0x70, 0x52, 0x89, 0xe4, 0x19, 0x9c, + 0x53, 0x1e, 0xb1, 0x90, 0x18, 0x49, 0x34, 0x13, 0x61, 0x75, 0xde, 0x15, 0xd8, 0x19, 0x57, 0xc0, + 0x5f, 0xd5, 0xb1, 0xc3, 0x9f, 0xc9, 0x36, 0x13, 0x21, 0x6a, 0xc1, 0xff, 0x63, 0xe8, 0xaf, 0x84, + 0xbc, 0x16, 0x44, 0xb1, 0x2e, 0xe3, 0x03, 0x16, 0x56, 0x17, 0x1c, 0xe5, 0xd6, 0x6d, 0xca, 0x37, + 0x16, 0x85, 0x13, 0x50, 0xed, 0x47, 0x00, 0x2b, 0x37, 0x9e, 0x8d, 0x8e, 0xa5, 0xd0, 0x0c, 0xb5, + 0x61, 0x39, 0x73, 0x80, 0x8f, 0x25, 0x4f, 0x63, 0xe7, 0x2e, 0x0b, 0x78, 0x74, 0x6b, 0x06, 0x2f, + 0x0d, 0x3d, 0x90, 0x90, 0x3e, 0x83, 0x92, 0x66, 0x6a, 0xc0, 0x14, 0x89, 0xb8, 0x36, 0x89, 0x07, + 0x56, 0xf3, 0x7c, 0x6d, 0xb7, 0x7d, 0xca, 0x9d, 0x87, 0x40, 0x0f, 0x57, 0x07, 0x9b, 0xb0, 0x71, + 0xcb, 0x01, 0x9e, 0xd3, 0x5b, 0xe0, 0x5b, 0x00, 0x1b, 0x93, 0xa5, 0xa0, 0x27, 0xb0, 0x9a, 0x4f, + 0x56, 0x24, 0x64, 0x11, 0xbb, 0xa0, 0x26, 0xb5, 0x45, 0x25, 0xca, 0x92, 0xd4, 0x51, 0xb2, 0x87, + 0xde, 0xc1, 0x66, 0xde, 0xb2, 0x44, 0xb1, 0x58, 0x2a, 0x43, 0xb8, 0x30, 0x4c, 0x0d, 0x68, 0x94, + 0xc8, 0xaf, 0xe4, 0xe5, 0xa7, 0x43, 0x0c, 0xaf, 0xe7, 0xdc, 0x8b, 0x5d, 0xde, 0x49, 0x92, 0x56, + 0xfb, 0x12, 0x00, 0x64, 0xc7, 0x44, 0xbb, 0x76, 0x62, 0xd9, 0x95, 0x9d, 0x58, 0x85, 0x7a, 0xa9, + 0x89, 0x46, 0xfb, 0x81, 0x53, 0x08, 0x7a, 0x0d, 0x2b, 0xec, 0x53, 0xcc, 0x7d, 0x95, 0x4c, 0x4a, + 0x61, 0x8a, 0x14, 0x94, 0x25, 0x0c, 0x35, 0xfc, 0x0c, 0x60, 0xde, 0x53, 0xa3, 0x2d, 0x00, 0x1e, + 0x13, 0x1a, 0x86, 0x8a, 0x69, 0x3f, 0x34, 0xcb, 0xb8, 0xc8, 0xe3, 0x57, 0x3e, 0x60, 0xe7, 0x87, + 0x55, 0x9f, 0x4c, 0x4d, 0xf7, 0x6d, 0xed, 0x7c, 0xe3, 0x2e, 0x8c, 0xbc, 0x62, 0xc2, 0x69, 0x28, + 0xe2, 0xe5, 0x5c, 0x2b, 0xcf, 0x6c, 0x1c, 0xed, 0xc3, 0xea, 0x14, 0xdb, 0x2e, 0xe2, 0x95, 0x70, + 0x8c, 0x45, 0x9f, 0xc2, 0xda, 0x34, 0x2b, 0x2e, 0xe2, 0x4a, 0x38, 0xc6, 0x76, 0xcd, 0x0e, 0x94, + 0x73, 0xf7, 0xaf, 0x10, 0x86, 0x52, 0xf2, 0x6d, 0xc3, 0xe8, 0xdf, 0x7c, 0x83, 0x46, 0x87, 0xe5, + 0xc6, 0x7f, 0x13, 0xf7, 0xfd, 0x43, 0xaa, 0x07, 0x8f, 0x82, 0xce, 0xbc, 0xfb, 0x7d, 0xed, 0xff, + 0x0a, 0x00, 0x00, 0xff, 0xff, 0x64, 0xbf, 0xda, 0x5e, 0xce, 0x06, 0x00, 0x00, +} diff --git a/components/engine/vendor/google.golang.org/grpc/grpclb/grpc_lb_v1/grpclb.proto b/components/engine/vendor/google.golang.org/grpc/grpclb/grpc_lb_v1/grpclb.proto new file mode 100644 index 0000000000..a2502fb284 --- /dev/null +++ b/components/engine/vendor/google.golang.org/grpc/grpclb/grpc_lb_v1/grpclb.proto @@ -0,0 +1,179 @@ +// Copyright 2016, Google Inc. +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +syntax = "proto3"; + +package grpc.lb.v1; + +message Duration { + // Signed seconds of the span of time. Must be from -315,576,000,000 + // to +315,576,000,000 inclusive. + int64 seconds = 1; + + // Signed fractions of a second at nanosecond resolution of the span + // of time. Durations less than one second are represented with a 0 + // `seconds` field and a positive or negative `nanos` field. For durations + // of one second or more, a non-zero value for the `nanos` field must be + // of the same sign as the `seconds` field. Must be from -999,999,999 + // to +999,999,999 inclusive. + int32 nanos = 2; +} + +message Timestamp { + + // Represents seconds of UTC time since Unix epoch + // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to + // 9999-12-31T23:59:59Z inclusive. + int64 seconds = 1; + + // Non-negative fractions of a second at nanosecond resolution. Negative + // second values with fractions must still have non-negative nanos values + // that count forward in time. Must be from 0 to 999,999,999 + // inclusive. + int32 nanos = 2; +} + +service LoadBalancer { + // Bidirectional rpc to get a list of servers. + rpc BalanceLoad(stream LoadBalanceRequest) + returns (stream LoadBalanceResponse); +} + +message LoadBalanceRequest { + oneof load_balance_request_type { + // This message should be sent on the first request to the load balancer. + InitialLoadBalanceRequest initial_request = 1; + + // The client stats should be periodically reported to the load balancer + // based on the duration defined in the InitialLoadBalanceResponse. + ClientStats client_stats = 2; + } +} + +message InitialLoadBalanceRequest { + // Name of load balanced service (IE, balancer.service.com) + // length should be less than 256 bytes. + string name = 1; +} + +// Contains client level statistics that are useful to load balancing. Each +// count except the timestamp should be reset to zero after reporting the stats. +message ClientStats { + // The timestamp of generating the report. + Timestamp timestamp = 1; + + // The total number of RPCs that started. + int64 num_calls_started = 2; + + // The total number of RPCs that finished. + int64 num_calls_finished = 3; + + // The total number of RPCs that were dropped by the client because of rate + // limiting. + int64 num_calls_finished_with_drop_for_rate_limiting = 4; + + // The total number of RPCs that were dropped by the client because of load + // balancing. + int64 num_calls_finished_with_drop_for_load_balancing = 5; + + // The total number of RPCs that failed to reach a server except dropped RPCs. + int64 num_calls_finished_with_client_failed_to_send = 6; + + // The total number of RPCs that finished and are known to have been received + // by a server. + int64 num_calls_finished_known_received = 7; +} + +message LoadBalanceResponse { + oneof load_balance_response_type { + // This message should be sent on the first response to the client. + InitialLoadBalanceResponse initial_response = 1; + + // Contains the list of servers selected by the load balancer. The client + // should send requests to these servers in the specified order. + ServerList server_list = 2; + } +} + +message InitialLoadBalanceResponse { + // This is an application layer redirect that indicates the client should use + // the specified server for load balancing. When this field is non-empty in + // the response, the client should open a separate connection to the + // load_balancer_delegate and call the BalanceLoad method. Its length should + // be less than 64 bytes. + string load_balancer_delegate = 1; + + // This interval defines how often the client should send the client stats + // to the load balancer. Stats should only be reported when the duration is + // positive. + Duration client_stats_report_interval = 2; +} + +message ServerList { + // Contains a list of servers selected by the load balancer. The list will + // be updated when server resolutions change or as needed to balance load + // across more servers. The client should consume the server list in order + // unless instructed otherwise via the client_config. + repeated Server servers = 1; + + // Indicates the amount of time that the client should consider this server + // list as valid. It may be considered stale after waiting this interval of + // time after receiving the list. If the interval is not positive, the + // client can assume the list is valid until the next list is received. + Duration expiration_interval = 3; +} + +// Contains server information. When none of the [drop_for_*] fields are true, +// use the other fields. When drop_for_rate_limiting is true, ignore all other +// fields. Use drop_for_load_balancing only when it is true and +// drop_for_rate_limiting is false. +message Server { + // A resolved address for the server, serialized in network-byte-order. It may + // either be an IPv4 or IPv6 address. + bytes ip_address = 1; + + // A resolved port number for the server. + int32 port = 2; + + // An opaque but printable token given to the frontend for each pick. All + // frontend requests for that pick must include the token in its initial + // metadata. The token is used by the backend to verify the request and to + // allow the backend to report load to the gRPC LB system. + // + // Its length is variable but less than 50 bytes. + string load_balance_token = 3; + + // Indicates whether this particular request should be dropped by the client + // for rate limiting. + bool drop_for_rate_limiting = 4; + + // Indicates whether this particular request should be dropped by the client + // for load balancing. + bool drop_for_load_balancing = 5; +} diff --git a/components/engine/vendor/google.golang.org/grpc/interceptor.go b/components/engine/vendor/google.golang.org/grpc/interceptor.go index 8d932efed7..a692161457 100644 --- a/components/engine/vendor/google.golang.org/grpc/interceptor.go +++ b/components/engine/vendor/google.golang.org/grpc/interceptor.go @@ -40,7 +40,7 @@ import ( // UnaryInvoker is called by UnaryClientInterceptor to complete RPCs. type UnaryInvoker func(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, opts ...CallOption) error -// UnaryClientInterceptor intercepts the execution of a unary RPC on the client. inovker is the handler to complete the RPC +// UnaryClientInterceptor intercepts the execution of a unary RPC on the client. invoker is the handler to complete the RPC // and it is the responsibility of the interceptor to call it. // This is the EXPERIMENTAL API. type UnaryClientInterceptor func(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, invoker UnaryInvoker, opts ...CallOption) error diff --git a/components/engine/vendor/google.golang.org/grpc/keepalive/keepalive.go b/components/engine/vendor/google.golang.org/grpc/keepalive/keepalive.go new file mode 100644 index 0000000000..d492589c96 --- /dev/null +++ b/components/engine/vendor/google.golang.org/grpc/keepalive/keepalive.go @@ -0,0 +1,80 @@ +/* + * + * Copyright 2017, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +// Package keepalive defines configurable parameters for point-to-point healthcheck. +package keepalive + +import ( + "time" +) + +// ClientParameters is used to set keepalive parameters on the client-side. +// These configure how the client will actively probe to notice when a connection broken +// and to cause activity so intermediaries are aware the connection is still in use. +// Make sure these parameters are set in coordination with the keepalive policy on the server, +// as incompatible settings can result in closing of connection. +type ClientParameters struct { + // After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive. + Time time.Duration // The current default value is infinity. + // After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that + // the connection is closed. + Timeout time.Duration // The current default value is 20 seconds. + // If true, client runs keepalive checks even with no active RPCs. + PermitWithoutStream bool // false by default. +} + +// ServerParameters is used to set keepalive and max-age parameters on the server-side. +type ServerParameters struct { + // MaxConnectionIdle is a duration for the amount of time after which an idle connection would be closed by sending a GoAway. + // Idleness duration is defined since the most recent time the number of outstanding RPCs became zero or the connection establishment. + MaxConnectionIdle time.Duration // The current default value is infinity. + // MaxConnectionAge is a duration for the maximum amount of time a connection may exist before it will be closed by sending a GoAway. + // A random jitter of +/-10% will be added to MaxConnectionAge to spread out connection storms. + MaxConnectionAge time.Duration // The current default value is infinity. + // MaxConnectinoAgeGrace is an additive period after MaxConnectionAge after which the connection will be forcibly closed. + MaxConnectionAgeGrace time.Duration // The current default value is infinity. + // After a duration of this time if the server doesn't see any activity it pings the client to see if the transport is still alive. + Time time.Duration // The current default value is 2 hours. + // After having pinged for keepalive check, the server waits for a duration of Timeout and if no activity is seen even after that + // the connection is closed. + Timeout time.Duration // The current default value is 20 seconds. +} + +// EnforcementPolicy is used to set keepalive enforcement policy on the server-side. +// Server will close connection with a client that violates this policy. +type EnforcementPolicy struct { + // MinTime is the minimum amount of time a client should wait before sending a keepalive ping. + MinTime time.Duration // The current default value is 5 minutes. + // If true, server expects keepalive pings even when there are no active streams(RPCs). + PermitWithoutStream bool // false by default. +} diff --git a/components/engine/vendor/google.golang.org/grpc/metadata/metadata.go b/components/engine/vendor/google.golang.org/grpc/metadata/metadata.go index 3c0ca7a36c..5395ca8200 100644 --- a/components/engine/vendor/google.golang.org/grpc/metadata/metadata.go +++ b/components/engine/vendor/google.golang.org/grpc/metadata/metadata.go @@ -32,49 +32,19 @@ */ // Package metadata define the structure of the metadata supported by gRPC library. +// Please refer to http://www.grpc.io/docs/guides/wire.html for more information about custom-metadata. package metadata // import "google.golang.org/grpc/metadata" import ( - "encoding/base64" "fmt" "strings" "golang.org/x/net/context" ) -const ( - binHdrSuffix = "-bin" -) - -// encodeKeyValue encodes key and value qualified for transmission via gRPC. -// Transmitting binary headers violates HTTP/2 spec. -// TODO(zhaoq): Maybe check if k is ASCII also. -func encodeKeyValue(k, v string) (string, string) { - k = strings.ToLower(k) - if strings.HasSuffix(k, binHdrSuffix) { - val := base64.StdEncoding.EncodeToString([]byte(v)) - v = string(val) - } - return k, v -} - -// DecodeKeyValue returns the original key and value corresponding to the -// encoded data in k, v. -// If k is a binary header and v contains comma, v is split on comma before decoded, -// and the decoded v will be joined with comma before returned. +// DecodeKeyValue returns k, v, nil. It is deprecated and should not be used. func DecodeKeyValue(k, v string) (string, string, error) { - if !strings.HasSuffix(k, binHdrSuffix) { - return k, v, nil - } - vvs := strings.Split(v, ",") - for i, vv := range vvs { - val, err := base64.StdEncoding.DecodeString(vv) - if err != nil { - return "", "", err - } - vvs[i] = string(val) - } - return k, strings.Join(vvs, ","), nil + return k, v, nil } // MD is a mapping from metadata keys to values. Users should use the following @@ -82,10 +52,11 @@ func DecodeKeyValue(k, v string) (string, string, error) { type MD map[string][]string // New creates a MD from given key-value map. +// Keys are automatically converted to lowercase. func New(m map[string]string) MD { md := MD{} - for k, v := range m { - key, val := encodeKeyValue(k, v) + for k, val := range m { + key := strings.ToLower(k) md[key] = append(md[key], val) } return md @@ -93,19 +64,19 @@ func New(m map[string]string) MD { // Pairs returns an MD formed by the mapping of key, value ... // Pairs panics if len(kv) is odd. +// Keys are automatically converted to lowercase. func Pairs(kv ...string) MD { if len(kv)%2 == 1 { panic(fmt.Sprintf("metadata: Pairs got the odd number of input pairs for metadata: %d", len(kv))) } md := MD{} - var k string + var key string for i, s := range kv { if i%2 == 0 { - k = s + key = strings.ToLower(s) continue } - key, val := encodeKeyValue(k, s) - md[key] = append(md[key], val) + md[key] = append(md[key], s) } return md } @@ -133,15 +104,41 @@ func Join(mds ...MD) MD { return out } -type mdKey struct{} +type mdIncomingKey struct{} +type mdOutgoingKey struct{} -// NewContext creates a new context with md attached. +// NewContext is a wrapper for NewOutgoingContext(ctx, md). Deprecated. func NewContext(ctx context.Context, md MD) context.Context { - return context.WithValue(ctx, mdKey{}, md) + return NewOutgoingContext(ctx, md) } -// FromContext returns the MD in ctx if it exists. +// NewIncomingContext creates a new context with incoming md attached. +func NewIncomingContext(ctx context.Context, md MD) context.Context { + return context.WithValue(ctx, mdIncomingKey{}, md) +} + +// NewOutgoingContext creates a new context with outgoing md attached. +func NewOutgoingContext(ctx context.Context, md MD) context.Context { + return context.WithValue(ctx, mdOutgoingKey{}, md) +} + +// FromContext is a wrapper for FromIncomingContext(ctx). Deprecated. func FromContext(ctx context.Context) (md MD, ok bool) { - md, ok = ctx.Value(mdKey{}).(MD) + return FromIncomingContext(ctx) +} + +// FromIncomingContext returns the incoming MD in ctx if it exists. The +// returned md should be immutable, writing to it may cause races. +// Modification should be made to the copies of the returned md. +func FromIncomingContext(ctx context.Context) (md MD, ok bool) { + md, ok = ctx.Value(mdIncomingKey{}).(MD) + return +} + +// FromOutgoingContext returns the outgoing MD in ctx if it exists. The +// returned md should be immutable, writing to it may cause races. +// Modification should be made to the copies of the returned md. +func FromOutgoingContext(ctx context.Context) (md MD, ok bool) { + md, ok = ctx.Value(mdOutgoingKey{}).(MD) return } diff --git a/components/engine/vendor/google.golang.org/grpc/proxy.go b/components/engine/vendor/google.golang.org/grpc/proxy.go new file mode 100644 index 0000000000..10188dc343 --- /dev/null +++ b/components/engine/vendor/google.golang.org/grpc/proxy.go @@ -0,0 +1,145 @@ +/* + * + * Copyright 2017, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +package grpc + +import ( + "bufio" + "errors" + "fmt" + "io" + "net" + "net/http" + "net/http/httputil" + "net/url" + + "golang.org/x/net/context" +) + +var ( + // errDisabled indicates that proxy is disabled for the address. + errDisabled = errors.New("proxy is disabled for the address") + // The following variable will be overwritten in the tests. + httpProxyFromEnvironment = http.ProxyFromEnvironment +) + +func mapAddress(ctx context.Context, address string) (string, error) { + req := &http.Request{ + URL: &url.URL{ + Scheme: "https", + Host: address, + }, + } + url, err := httpProxyFromEnvironment(req) + if err != nil { + return "", err + } + if url == nil { + return "", errDisabled + } + return url.Host, nil +} + +// To read a response from a net.Conn, http.ReadResponse() takes a bufio.Reader. +// It's possible that this reader reads more than what's need for the response and stores +// those bytes in the buffer. +// bufConn wraps the original net.Conn and the bufio.Reader to make sure we don't lose the +// bytes in the buffer. +type bufConn struct { + net.Conn + r io.Reader +} + +func (c *bufConn) Read(b []byte) (int, error) { + return c.r.Read(b) +} + +func doHTTPConnectHandshake(ctx context.Context, conn net.Conn, addr string) (_ net.Conn, err error) { + defer func() { + if err != nil { + conn.Close() + } + }() + + req := (&http.Request{ + Method: http.MethodConnect, + URL: &url.URL{Host: addr}, + Header: map[string][]string{"User-Agent": {grpcUA}}, + }) + + if err := sendHTTPRequest(ctx, req, conn); err != nil { + return nil, fmt.Errorf("failed to write the HTTP request: %v", err) + } + + r := bufio.NewReader(conn) + resp, err := http.ReadResponse(r, req) + if err != nil { + return nil, fmt.Errorf("reading server HTTP response: %v", err) + } + defer resp.Body.Close() + if resp.StatusCode != http.StatusOK { + dump, err := httputil.DumpResponse(resp, true) + if err != nil { + return nil, fmt.Errorf("failed to do connect handshake, status code: %s", resp.Status) + } + return nil, fmt.Errorf("failed to do connect handshake, response: %q", dump) + } + + return &bufConn{Conn: conn, r: r}, nil +} + +// newProxyDialer returns a dialer that connects to proxy first if necessary. +// The returned dialer checks if a proxy is necessary, dial to the proxy with the +// provided dialer, does HTTP CONNECT handshake and returns the connection. +func newProxyDialer(dialer func(context.Context, string) (net.Conn, error)) func(context.Context, string) (net.Conn, error) { + return func(ctx context.Context, addr string) (conn net.Conn, err error) { + var skipHandshake bool + newAddr, err := mapAddress(ctx, addr) + if err != nil { + if err != errDisabled { + return nil, err + } + skipHandshake = true + newAddr = addr + } + + conn, err = dialer(ctx, newAddr) + if err != nil { + return + } + if !skipHandshake { + conn, err = doHTTPConnectHandshake(ctx, conn, addr) + } + return + } +} diff --git a/components/engine/vendor/google.golang.org/grpc/rpc_util.go b/components/engine/vendor/google.golang.org/grpc/rpc_util.go index a25eaa8a28..34e1ad03b9 100644 --- a/components/engine/vendor/google.golang.org/grpc/rpc_util.go +++ b/components/engine/vendor/google.golang.org/grpc/rpc_util.go @@ -37,45 +37,21 @@ import ( "bytes" "compress/gzip" "encoding/binary" - "fmt" "io" "io/ioutil" "math" "os" + "time" - "github.com/golang/protobuf/proto" "golang.org/x/net/context" "google.golang.org/grpc/codes" "google.golang.org/grpc/metadata" + "google.golang.org/grpc/peer" + "google.golang.org/grpc/stats" + "google.golang.org/grpc/status" "google.golang.org/grpc/transport" ) -// Codec defines the interface gRPC uses to encode and decode messages. -type Codec interface { - // Marshal returns the wire format of v. - Marshal(v interface{}) ([]byte, error) - // Unmarshal parses the wire format into v. - Unmarshal(data []byte, v interface{}) error - // String returns the name of the Codec implementation. The returned - // string will be used as part of content type in transmission. - String() string -} - -// protoCodec is a Codec implementation with protobuf. It is the default codec for gRPC. -type protoCodec struct{} - -func (protoCodec) Marshal(v interface{}) ([]byte, error) { - return proto.Marshal(v.(proto.Message)) -} - -func (protoCodec) Unmarshal(data []byte, v interface{}) error { - return proto.Unmarshal(data, v.(proto.Message)) -} - -func (protoCodec) String() string { - return "proto" -} - // Compressor defines the interface gRPC uses to compress a message. type Compressor interface { // Do compresses p into w. @@ -138,6 +114,7 @@ type callInfo struct { failFast bool headerMD metadata.MD trailerMD metadata.MD + peer *peer.Peer traceInfo traceInfo // in trace.go } @@ -181,12 +158,22 @@ func Trailer(md *metadata.MD) CallOption { }) } +// Peer returns a CallOption that retrieves peer information for a +// unary RPC. +func Peer(peer *peer.Peer) CallOption { + return afterCall(func(c *callInfo) { + if c.peer != nil { + *peer = *c.peer + } + }) +} + // FailFast configures the action to take when an RPC is attempted on broken // connections or unreachable servers. If failfast is true, the RPC will fail // immediately. Otherwise, the RPC client will block the call until a // connection is available (or the call is canceled or times out) and will retry // the call if it fails due to a transient error. Please refer to -// https://github.com/grpc/grpc/blob/master/doc/fail_fast.md +// https://github.com/grpc/grpc/blob/master/doc/fail_fast.md. Note: failFast is default to true. func FailFast(failFast bool) CallOption { return beforeCall(func(c *callInfo) error { c.failFast = failFast @@ -255,9 +242,11 @@ func (p *parser) recvMsg(maxMsgSize int) (pf payloadFormat, msg []byte, err erro // encode serializes msg and prepends the message header. If msg is nil, it // generates the message header of 0 message length. -func encode(c Codec, msg interface{}, cp Compressor, cbuf *bytes.Buffer) ([]byte, error) { - var b []byte - var length uint +func encode(c Codec, msg interface{}, cp Compressor, cbuf *bytes.Buffer, outPayload *stats.OutPayload) ([]byte, error) { + var ( + b []byte + length uint + ) if msg != nil { var err error // TODO(zhaoq): optimize to reduce memory alloc and copying. @@ -265,6 +254,12 @@ func encode(c Codec, msg interface{}, cp Compressor, cbuf *bytes.Buffer) ([]byte if err != nil { return nil, err } + if outPayload != nil { + outPayload.Payload = msg + // TODO truncate large payload. + outPayload.Data = b + outPayload.Length = len(b) + } if cp != nil { if err := cp.Do(cbuf, b); err != nil { return nil, err @@ -295,6 +290,10 @@ func encode(c Codec, msg interface{}, cp Compressor, cbuf *bytes.Buffer) ([]byte // Copy encoded msg to buf copy(buf[5:], b) + if outPayload != nil { + outPayload.WireLength = len(buf) + } + return buf, nil } @@ -311,11 +310,14 @@ func checkRecvPayload(pf payloadFormat, recvCompress string, dc Decompressor) er return nil } -func recv(p *parser, c Codec, s *transport.Stream, dc Decompressor, m interface{}, maxMsgSize int) error { +func recv(p *parser, c Codec, s *transport.Stream, dc Decompressor, m interface{}, maxMsgSize int, inPayload *stats.InPayload) error { pf, d, err := p.recvMsg(maxMsgSize) if err != nil { return err } + if inPayload != nil { + inPayload.WireLength = len(d) + } if err := checkRecvPayload(pf, s.RecvCompress(), dc); err != nil { return err } @@ -333,91 +335,90 @@ func recv(p *parser, c Codec, s *transport.Stream, dc Decompressor, m interface{ if err := c.Unmarshal(d, m); err != nil { return Errorf(codes.Internal, "grpc: failed to unmarshal the received message %v", err) } + if inPayload != nil { + inPayload.RecvTime = time.Now() + inPayload.Payload = m + // TODO truncate large payload. + inPayload.Data = d + inPayload.Length = len(d) + } return nil } -// rpcError defines the status from an RPC. -type rpcError struct { - code codes.Code - desc string +type rpcInfo struct { + bytesSent bool + bytesReceived bool } -func (e *rpcError) Error() string { - return fmt.Sprintf("rpc error: code = %d desc = %s", e.code, e.desc) +type rpcInfoContextKey struct{} + +func newContextWithRPCInfo(ctx context.Context) context.Context { + return context.WithValue(ctx, rpcInfoContextKey{}, &rpcInfo{}) +} + +func rpcInfoFromContext(ctx context.Context) (s *rpcInfo, ok bool) { + s, ok = ctx.Value(rpcInfoContextKey{}).(*rpcInfo) + return +} + +func updateRPCInfoInContext(ctx context.Context, s rpcInfo) { + if ss, ok := rpcInfoFromContext(ctx); ok { + *ss = s + } + return } // Code returns the error code for err if it was produced by the rpc system. // Otherwise, it returns codes.Unknown. +// +// Deprecated; use status.FromError and Code method instead. func Code(err error) codes.Code { - if err == nil { - return codes.OK - } - if e, ok := err.(*rpcError); ok { - return e.code + if s, ok := status.FromError(err); ok { + return s.Code() } return codes.Unknown } // ErrorDesc returns the error description of err if it was produced by the rpc system. // Otherwise, it returns err.Error() or empty string when err is nil. +// +// Deprecated; use status.FromError and Message method instead. func ErrorDesc(err error) string { - if err == nil { - return "" - } - if e, ok := err.(*rpcError); ok { - return e.desc + if s, ok := status.FromError(err); ok { + return s.Message() } return err.Error() } // Errorf returns an error containing an error code and a description; // Errorf returns nil if c is OK. +// +// Deprecated; use status.Errorf instead. func Errorf(c codes.Code, format string, a ...interface{}) error { - if c == codes.OK { - return nil - } - return &rpcError{ - code: c, - desc: fmt.Sprintf(format, a...), - } + return status.Errorf(c, format, a...) } -// toRPCErr converts an error into a rpcError. +// toRPCErr converts an error into an error from the status package. func toRPCErr(err error) error { - switch e := err.(type) { - case *rpcError: + if _, ok := status.FromError(err); ok { return err + } + switch e := err.(type) { case transport.StreamError: - return &rpcError{ - code: e.Code, - desc: e.Desc, - } + return status.Error(e.Code, e.Desc) case transport.ConnectionError: - return &rpcError{ - code: codes.Internal, - desc: e.Desc, - } + return status.Error(codes.Internal, e.Desc) default: switch err { case context.DeadlineExceeded: - return &rpcError{ - code: codes.DeadlineExceeded, - desc: err.Error(), - } + return status.Error(codes.DeadlineExceeded, err.Error()) case context.Canceled: - return &rpcError{ - code: codes.Canceled, - desc: err.Error(), - } + return status.Error(codes.Canceled, err.Error()) case ErrClientConnClosing: - return &rpcError{ - code: codes.FailedPrecondition, - desc: err.Error(), - } + return status.Error(codes.FailedPrecondition, err.Error()) } - } - return Errorf(codes.Unknown, "%v", err) + return status.Error(codes.Unknown, err.Error()) } // convertCode converts a standard Go error into its canonical code. Note that @@ -448,6 +449,44 @@ func convertCode(err error) codes.Code { return codes.Unknown } +// MethodConfig defines the configuration recommended by the service providers for a +// particular method. +// This is EXPERIMENTAL and subject to change. +type MethodConfig struct { + // WaitForReady indicates whether RPCs sent to this method should wait until + // the connection is ready by default (!failfast). The value specified via the + // gRPC client API will override the value set here. + WaitForReady bool + // Timeout is the default timeout for RPCs sent to this method. The actual + // deadline used will be the minimum of the value specified here and the value + // set by the application via the gRPC client API. If either one is not set, + // then the other will be used. If neither is set, then the RPC has no deadline. + Timeout time.Duration + // MaxReqSize is the maximum allowed payload size for an individual request in a + // stream (client->server) in bytes. The size which is measured is the serialized + // payload after per-message compression (but before stream compression) in bytes. + // The actual value used is the minumum of the value specified here and the value set + // by the application via the gRPC client API. If either one is not set, then the other + // will be used. If neither is set, then the built-in default is used. + // TODO: support this. + MaxReqSize uint32 + // MaxRespSize is the maximum allowed payload size for an individual response in a + // stream (server->client) in bytes. + // TODO: support this. + MaxRespSize uint32 +} + +// ServiceConfig is provided by the service provider and contains parameters for how +// clients that connect to the service should behave. +// This is EXPERIMENTAL and subject to change. +type ServiceConfig struct { + // LB is the load balancer the service providers recommends. The balancer specified + // via grpc.WithBalancer will override this. + LB Balancer + // Methods contains a map for the methods in this service. + Methods map[string]MethodConfig +} + // SupportPackageIsVersion4 is referenced from generated protocol buffer files // to assert that that code is compatible with this version of the grpc package. // @@ -455,3 +494,8 @@ func convertCode(err error) codes.Code { // requires a synchronised update of grpc-go and protoc-gen-go. This constant // should not be referenced from any other code. const SupportPackageIsVersion4 = true + +// Version is the current grpc version. +const Version = "1.3.0" + +const grpcUA = "grpc-go/" + Version diff --git a/components/engine/vendor/google.golang.org/grpc/server.go b/components/engine/vendor/google.golang.org/grpc/server.go index e0bb187ef9..b15f71c6c1 100644 --- a/components/engine/vendor/google.golang.org/grpc/server.go +++ b/components/engine/vendor/google.golang.org/grpc/server.go @@ -53,7 +53,11 @@ import ( "google.golang.org/grpc/credentials" "google.golang.org/grpc/grpclog" "google.golang.org/grpc/internal" + "google.golang.org/grpc/keepalive" "google.golang.org/grpc/metadata" + "google.golang.org/grpc/stats" + "google.golang.org/grpc/status" + "google.golang.org/grpc/tap" "google.golang.org/grpc/transport" ) @@ -110,8 +114,13 @@ type options struct { maxMsgSize int unaryInt UnaryServerInterceptor streamInt StreamServerInterceptor + inTapHandle tap.ServerInHandle + statsHandler stats.Handler maxConcurrentStreams uint32 useHandlerImpl bool // use http.Handler-based server + unknownStreamDesc *StreamDesc + keepaliveParams keepalive.ServerParameters + keepalivePolicy keepalive.EnforcementPolicy } var defaultMaxMsgSize = 1024 * 1024 * 4 // use 4MB as the default message size limit @@ -119,6 +128,20 @@ var defaultMaxMsgSize = 1024 * 1024 * 4 // use 4MB as the default message size l // A ServerOption sets options. type ServerOption func(*options) +// KeepaliveParams returns a ServerOption that sets keepalive and max-age parameters for the server. +func KeepaliveParams(kp keepalive.ServerParameters) ServerOption { + return func(o *options) { + o.keepaliveParams = kp + } +} + +// KeepaliveEnforcementPolicy returns a ServerOption that sets keepalive enforcement policy for the server. +func KeepaliveEnforcementPolicy(kep keepalive.EnforcementPolicy) ServerOption { + return func(o *options) { + o.keepalivePolicy = kep + } +} + // CustomCodec returns a ServerOption that sets a codec for message marshaling and unmarshaling. func CustomCodec(codec Codec) ServerOption { return func(o *options) { @@ -186,6 +209,42 @@ func StreamInterceptor(i StreamServerInterceptor) ServerOption { } } +// InTapHandle returns a ServerOption that sets the tap handle for all the server +// transport to be created. Only one can be installed. +func InTapHandle(h tap.ServerInHandle) ServerOption { + return func(o *options) { + if o.inTapHandle != nil { + panic("The tap handle has been set.") + } + o.inTapHandle = h + } +} + +// StatsHandler returns a ServerOption that sets the stats handler for the server. +func StatsHandler(h stats.Handler) ServerOption { + return func(o *options) { + o.statsHandler = h + } +} + +// UnknownServiceHandler returns a ServerOption that allows for adding a custom +// unknown service handler. The provided method is a bidi-streaming RPC service +// handler that will be invoked instead of returning the the "unimplemented" gRPC +// error whenever a request is received for an unregistered service or method. +// The handling function has full access to the Context of the request and the +// stream, and the invocation passes through interceptors. +func UnknownServiceHandler(streamHandler StreamHandler) ServerOption { + return func(o *options) { + o.unknownStreamDesc = &StreamDesc{ + StreamName: "unknown_service_handler", + Handler: streamHandler, + // We need to assume that the users of the streamHandler will want to use both. + ClientStreams: true, + ServerStreams: true, + } + } +} + // NewServer creates a gRPC server which has no service registered and has not // started to accept requests yet. func NewServer(opt ...ServerOption) *Server { @@ -329,6 +388,7 @@ func (s *Server) useTransportAuthenticator(rawConn net.Conn) (net.Conn, credenti // read gRPC requests and then call the registered handlers to reply to them. // Serve returns when lis.Accept fails with fatal errors. lis will be closed when // this method returns. +// Serve always returns non-nil error. func (s *Server) Serve(lis net.Listener) error { s.mu.Lock() s.printf("serving") @@ -412,17 +472,25 @@ func (s *Server) handleRawConn(rawConn net.Conn) { if s.opts.useHandlerImpl { s.serveUsingHandler(conn) } else { - s.serveNewHTTP2Transport(conn, authInfo) + s.serveHTTP2Transport(conn, authInfo) } } -// serveNewHTTP2Transport sets up a new http/2 transport (using the +// serveHTTP2Transport sets up a http/2 transport (using the // gRPC http2 server transport in transport/http2_server.go) and // serves streams on it. // This is run in its own goroutine (it does network I/O in // transport.NewServerTransport). -func (s *Server) serveNewHTTP2Transport(c net.Conn, authInfo credentials.AuthInfo) { - st, err := transport.NewServerTransport("http2", c, s.opts.maxConcurrentStreams, authInfo) +func (s *Server) serveHTTP2Transport(c net.Conn, authInfo credentials.AuthInfo) { + config := &transport.ServerConfig{ + MaxStreams: s.opts.maxConcurrentStreams, + AuthInfo: authInfo, + InTapHandle: s.opts.inTapHandle, + StatsHandler: s.opts.statsHandler, + KeepaliveParams: s.opts.keepaliveParams, + KeepalivePolicy: s.opts.keepalivePolicy, + } + st, err := transport.NewServerTransport("http2", c, config) if err != nil { s.mu.Lock() s.errorf("NewServerTransport(%q) failed: %v", c.RemoteAddr(), err) @@ -448,6 +516,12 @@ func (s *Server) serveStreams(st transport.ServerTransport) { defer wg.Done() s.handleStream(st, stream, s.traceInfo(st, stream)) }() + }, func(ctx context.Context, method string) context.Context { + if !EnableTracing { + return ctx + } + tr := trace.New("grpc.Recv."+methodFamily(method), method) + return trace.NewContext(ctx, tr) }) wg.Wait() } @@ -497,15 +571,17 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { // traceInfo returns a traceInfo and associates it with stream, if tracing is enabled. // If tracing is not enabled, it returns nil. func (s *Server) traceInfo(st transport.ServerTransport, stream *transport.Stream) (trInfo *traceInfo) { - if !EnableTracing { + tr, ok := trace.FromContext(stream.Context()) + if !ok { return nil } + trInfo = &traceInfo{ - tr: trace.New("grpc.Recv."+methodFamily(stream.Method()), stream.Method()), + tr: tr, } trInfo.firstLine.client = false trInfo.firstLine.remoteAddr = st.RemoteAddr() - stream.TraceContext(trInfo.tr) + if dl, ok := stream.Context().Deadline(); ok { trInfo.firstLine.deadline = dl.Sub(time.Now()) } @@ -532,11 +608,17 @@ func (s *Server) removeConn(c io.Closer) { } func (s *Server) sendResponse(t transport.ServerTransport, stream *transport.Stream, msg interface{}, cp Compressor, opts *transport.Options) error { - var cbuf *bytes.Buffer + var ( + cbuf *bytes.Buffer + outPayload *stats.OutPayload + ) if cp != nil { cbuf = new(bytes.Buffer) } - p, err := encode(s.opts.codec, msg, cp, cbuf) + if s.opts.statsHandler != nil { + outPayload = &stats.OutPayload{} + } + p, err := encode(s.opts.codec, msg, cp, cbuf, outPayload) if err != nil { // This typically indicates a fatal issue (e.g., memory // corruption or hardware faults) the application program @@ -547,10 +629,33 @@ func (s *Server) sendResponse(t transport.ServerTransport, stream *transport.Str // the optimal option. grpclog.Fatalf("grpc: Server failed to encode response %v", err) } - return t.Write(stream, p, opts) + err = t.Write(stream, p, opts) + if err == nil && outPayload != nil { + outPayload.SentTime = time.Now() + s.opts.statsHandler.HandleRPC(stream.Context(), outPayload) + } + return err } func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.Stream, srv *service, md *MethodDesc, trInfo *traceInfo) (err error) { + sh := s.opts.statsHandler + if sh != nil { + begin := &stats.Begin{ + BeginTime: time.Now(), + } + sh.HandleRPC(stream.Context(), begin) + } + defer func() { + if sh != nil { + end := &stats.End{ + EndTime: time.Now(), + } + if err != nil && err != io.EOF { + end.Error = toRPCErr(err) + } + sh.HandleRPC(stream.Context(), end) + } + }() if trInfo != nil { defer trInfo.tr.Finish() trInfo.firstLine.client = false @@ -567,7 +672,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport. stream.SetSendCompress(s.opts.cp.Type()) } p := &parser{r: stream} - for { + for { // TODO: delete pf, req, err := p.recvMsg(s.opts.maxMsgSize) if err == io.EOF { // The entire stream is done (for unary RPC only). @@ -577,58 +682,68 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport. err = Errorf(codes.Internal, io.ErrUnexpectedEOF.Error()) } if err != nil { - switch err := err.(type) { - case *rpcError: - if err := t.WriteStatus(stream, err.code, err.desc); err != nil { - grpclog.Printf("grpc: Server.processUnaryRPC failed to write status %v", err) + if st, ok := status.FromError(err); ok { + if e := t.WriteStatus(stream, st); e != nil { + grpclog.Printf("grpc: Server.processUnaryRPC failed to write status %v", e) } - case transport.ConnectionError: - // Nothing to do here. - case transport.StreamError: - if err := t.WriteStatus(stream, err.Code, err.Desc); err != nil { - grpclog.Printf("grpc: Server.processUnaryRPC failed to write status %v", err) + } else { + switch st := err.(type) { + case transport.ConnectionError: + // Nothing to do here. + case transport.StreamError: + if e := t.WriteStatus(stream, status.New(st.Code, st.Desc)); e != nil { + grpclog.Printf("grpc: Server.processUnaryRPC failed to write status %v", e) + } + default: + panic(fmt.Sprintf("grpc: Unexpected error (%T) from recvMsg: %v", st, st)) } - default: - panic(fmt.Sprintf("grpc: Unexpected error (%T) from recvMsg: %v", err, err)) } return err } if err := checkRecvPayload(pf, stream.RecvCompress(), s.opts.dc); err != nil { - switch err := err.(type) { - case *rpcError: - if err := t.WriteStatus(stream, err.code, err.desc); err != nil { - grpclog.Printf("grpc: Server.processUnaryRPC failed to write status %v", err) + if st, ok := status.FromError(err); ok { + if e := t.WriteStatus(stream, st); e != nil { + grpclog.Printf("grpc: Server.processUnaryRPC failed to write status %v", e) } - default: - if err := t.WriteStatus(stream, codes.Internal, err.Error()); err != nil { - grpclog.Printf("grpc: Server.processUnaryRPC failed to write status %v", err) - } - + return err + } + if e := t.WriteStatus(stream, status.New(codes.Internal, err.Error())); e != nil { + grpclog.Printf("grpc: Server.processUnaryRPC failed to write status %v", e) + } + + // TODO checkRecvPayload always return RPC error. Add a return here if necessary. + } + var inPayload *stats.InPayload + if sh != nil { + inPayload = &stats.InPayload{ + RecvTime: time.Now(), } - return err } - statusCode := codes.OK - statusDesc := "" df := func(v interface{}) error { + if inPayload != nil { + inPayload.WireLength = len(req) + } if pf == compressionMade { var err error req, err = s.opts.dc.Do(bytes.NewReader(req)) if err != nil { - if err := t.WriteStatus(stream, codes.Internal, err.Error()); err != nil { - grpclog.Printf("grpc: Server.processUnaryRPC failed to write status %v", err) - } - return err + return Errorf(codes.Internal, err.Error()) } } if len(req) > s.opts.maxMsgSize { // TODO: Revisit the error code. Currently keep it consistent with // java implementation. - statusCode = codes.Internal - statusDesc = fmt.Sprintf("grpc: server received a message of %d bytes exceeding %d limit", len(req), s.opts.maxMsgSize) + return status.Errorf(codes.Internal, "grpc: server received a message of %d bytes exceeding %d limit", len(req), s.opts.maxMsgSize) } if err := s.opts.codec.Unmarshal(req, v); err != nil { - return err + return status.Errorf(codes.Internal, "grpc: error unmarshalling request: %v", err) + } + if inPayload != nil { + inPayload.Payload = v + inPayload.Data = req + inPayload.Length = len(req) + sh.HandleRPC(stream.Context(), inPayload) } if trInfo != nil { trInfo.tr.LazyLog(&payload{sent: false, msg: v}, true) @@ -637,22 +752,20 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport. } reply, appErr := md.Handler(srv.server, stream.Context(), df, s.opts.unaryInt) if appErr != nil { - if err, ok := appErr.(*rpcError); ok { - statusCode = err.code - statusDesc = err.desc - } else { - statusCode = convertCode(appErr) - statusDesc = appErr.Error() + appStatus, ok := status.FromError(appErr) + if !ok { + // Convert appErr if it is not a grpc status error. + appErr = status.Error(convertCode(appErr), appErr.Error()) + appStatus, _ = status.FromError(appErr) } - if trInfo != nil && statusCode != codes.OK { - trInfo.tr.LazyLog(stringer(statusDesc), true) + if trInfo != nil { + trInfo.tr.LazyLog(stringer(appStatus.Message()), true) trInfo.tr.SetError() } - if err := t.WriteStatus(stream, statusCode, statusDesc); err != nil { - grpclog.Printf("grpc: Server.processUnaryRPC failed to write status: %v", err) - return err + if e := t.WriteStatus(stream, appStatus); e != nil { + grpclog.Printf("grpc: Server.processUnaryRPC failed to write status: %v", e) } - return nil + return appErr } if trInfo != nil { trInfo.tr.LazyLog(stringer("OK"), false) @@ -662,38 +775,70 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport. Delay: false, } if err := s.sendResponse(t, stream, reply, s.opts.cp, opts); err != nil { - switch err := err.(type) { - case transport.ConnectionError: - // Nothing to do here. - case transport.StreamError: - statusCode = err.Code - statusDesc = err.Desc - default: - statusCode = codes.Unknown - statusDesc = err.Error() + if err == io.EOF { + // The entire stream is done (for unary RPC only). + return err + } + if s, ok := status.FromError(err); ok { + if e := t.WriteStatus(stream, s); e != nil { + grpclog.Printf("grpc: Server.processUnaryRPC failed to write status: %v", e) + } + } else { + switch st := err.(type) { + case transport.ConnectionError: + // Nothing to do here. + case transport.StreamError: + if e := t.WriteStatus(stream, status.New(st.Code, st.Desc)); e != nil { + grpclog.Printf("grpc: Server.processUnaryRPC failed to write status %v", e) + } + default: + panic(fmt.Sprintf("grpc: Unexpected error (%T) from sendResponse: %v", st, st)) + } } return err } if trInfo != nil { trInfo.tr.LazyLog(&payload{sent: true, msg: reply}, true) } - return t.WriteStatus(stream, statusCode, statusDesc) + // TODO: Should we be logging if writing status failed here, like above? + // Should the logging be in WriteStatus? Should we ignore the WriteStatus + // error or allow the stats handler to see it? + return t.WriteStatus(stream, status.New(codes.OK, "")) } } func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transport.Stream, srv *service, sd *StreamDesc, trInfo *traceInfo) (err error) { + sh := s.opts.statsHandler + if sh != nil { + begin := &stats.Begin{ + BeginTime: time.Now(), + } + sh.HandleRPC(stream.Context(), begin) + } + defer func() { + if sh != nil { + end := &stats.End{ + EndTime: time.Now(), + } + if err != nil && err != io.EOF { + end.Error = toRPCErr(err) + } + sh.HandleRPC(stream.Context(), end) + } + }() if s.opts.cp != nil { stream.SetSendCompress(s.opts.cp.Type()) } ss := &serverStream{ - t: t, - s: stream, - p: &parser{r: stream}, - codec: s.opts.codec, - cp: s.opts.cp, - dc: s.opts.dc, - maxMsgSize: s.opts.maxMsgSize, - trInfo: trInfo, + t: t, + s: stream, + p: &parser{r: stream}, + codec: s.opts.codec, + cp: s.opts.cp, + dc: s.opts.dc, + maxMsgSize: s.opts.maxMsgSize, + trInfo: trInfo, + statsHandler: sh, } if ss.cp != nil { ss.cbuf = new(bytes.Buffer) @@ -712,39 +857,47 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp }() } var appErr error + var server interface{} + if srv != nil { + server = srv.server + } if s.opts.streamInt == nil { - appErr = sd.Handler(srv.server, ss) + appErr = sd.Handler(server, ss) } else { info := &StreamServerInfo{ FullMethod: stream.Method(), IsClientStream: sd.ClientStreams, IsServerStream: sd.ServerStreams, } - appErr = s.opts.streamInt(srv.server, ss, info, sd.Handler) + appErr = s.opts.streamInt(server, ss, info, sd.Handler) } if appErr != nil { - if err, ok := appErr.(*rpcError); ok { - ss.statusCode = err.code - ss.statusDesc = err.desc - } else if err, ok := appErr.(transport.StreamError); ok { - ss.statusCode = err.Code - ss.statusDesc = err.Desc - } else { - ss.statusCode = convertCode(appErr) - ss.statusDesc = appErr.Error() + appStatus, ok := status.FromError(appErr) + if !ok { + switch err := appErr.(type) { + case transport.StreamError: + appStatus = status.New(err.Code, err.Desc) + default: + appStatus = status.New(convertCode(appErr), appErr.Error()) + } + appErr = appStatus.Err() } + if trInfo != nil { + ss.mu.Lock() + ss.trInfo.tr.LazyLog(stringer(appStatus.Message()), true) + ss.trInfo.tr.SetError() + ss.mu.Unlock() + } + t.WriteStatus(ss.s, appStatus) + // TODO: Should we log an error from WriteStatus here and below? + return appErr } if trInfo != nil { ss.mu.Lock() - if ss.statusCode != codes.OK { - ss.trInfo.tr.LazyLog(stringer(ss.statusDesc), true) - ss.trInfo.tr.SetError() - } else { - ss.trInfo.tr.LazyLog(stringer("OK"), false) - } + ss.trInfo.tr.LazyLog(stringer("OK"), false) ss.mu.Unlock() } - return t.WriteStatus(ss.s, ss.statusCode, ss.statusDesc) + return t.WriteStatus(ss.s, status.New(codes.OK, "")) } @@ -759,7 +912,8 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str trInfo.tr.LazyLog(&fmtStringer{"Malformed method name %q", []interface{}{sm}}, true) trInfo.tr.SetError() } - if err := t.WriteStatus(stream, codes.InvalidArgument, fmt.Sprintf("malformed method name: %q", stream.Method())); err != nil { + errDesc := fmt.Sprintf("malformed method name: %q", stream.Method()) + if err := t.WriteStatus(stream, status.New(codes.InvalidArgument, errDesc)); err != nil { if trInfo != nil { trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true) trInfo.tr.SetError() @@ -775,11 +929,16 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str method := sm[pos+1:] srv, ok := s.m[service] if !ok { + if unknownDesc := s.opts.unknownStreamDesc; unknownDesc != nil { + s.processStreamingRPC(t, stream, nil, unknownDesc, trInfo) + return + } if trInfo != nil { trInfo.tr.LazyLog(&fmtStringer{"Unknown service %v", []interface{}{service}}, true) trInfo.tr.SetError() } - if err := t.WriteStatus(stream, codes.Unimplemented, fmt.Sprintf("unknown service %v", service)); err != nil { + errDesc := fmt.Sprintf("unknown service %v", service) + if err := t.WriteStatus(stream, status.New(codes.Unimplemented, errDesc)); err != nil { if trInfo != nil { trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true) trInfo.tr.SetError() @@ -804,7 +963,12 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str trInfo.tr.LazyLog(&fmtStringer{"Unknown method %v", []interface{}{method}}, true) trInfo.tr.SetError() } - if err := t.WriteStatus(stream, codes.Unimplemented, fmt.Sprintf("unknown method %v", method)); err != nil { + if unknownDesc := s.opts.unknownStreamDesc; unknownDesc != nil { + s.processStreamingRPC(t, stream, nil, unknownDesc, trInfo) + return + } + errDesc := fmt.Sprintf("unknown method %v", method) + if err := t.WriteStatus(stream, status.New(codes.Unimplemented, errDesc)); err != nil { if trInfo != nil { trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true) trInfo.tr.SetError() diff --git a/components/engine/vendor/google.golang.org/grpc/stats/handlers.go b/components/engine/vendor/google.golang.org/grpc/stats/handlers.go new file mode 100644 index 0000000000..26e1a8e2f0 --- /dev/null +++ b/components/engine/vendor/google.golang.org/grpc/stats/handlers.go @@ -0,0 +1,76 @@ +/* + * + * Copyright 2016, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +package stats + +import ( + "net" + + "golang.org/x/net/context" +) + +// ConnTagInfo defines the relevant information needed by connection context tagger. +type ConnTagInfo struct { + // RemoteAddr is the remote address of the corresponding connection. + RemoteAddr net.Addr + // LocalAddr is the local address of the corresponding connection. + LocalAddr net.Addr + // TODO add QOS related fields. +} + +// RPCTagInfo defines the relevant information needed by RPC context tagger. +type RPCTagInfo struct { + // FullMethodName is the RPC method in the format of /package.service/method. + FullMethodName string +} + +// Handler defines the interface for the related stats handling (e.g., RPCs, connections). +type Handler interface { + // TagRPC can attach some information to the given context. + // The returned context is used in the rest lifetime of the RPC. + TagRPC(context.Context, *RPCTagInfo) context.Context + // HandleRPC processes the RPC stats. + HandleRPC(context.Context, RPCStats) + + // TagConn can attach some information to the given context. + // The returned context will be used for stats handling. + // For conn stats handling, the context used in HandleConn for this + // connection will be derived from the context returned. + // For RPC stats handling, + // - On server side, the context used in HandleRPC for all RPCs on this + // connection will be derived from the context returned. + // - On client side, the context is not derived from the context returned. + TagConn(context.Context, *ConnTagInfo) context.Context + // HandleConn processes the Conn stats. + HandleConn(context.Context, ConnStats) +} diff --git a/components/engine/vendor/google.golang.org/grpc/stats/stats.go b/components/engine/vendor/google.golang.org/grpc/stats/stats.go new file mode 100644 index 0000000000..43d6f0054d --- /dev/null +++ b/components/engine/vendor/google.golang.org/grpc/stats/stats.go @@ -0,0 +1,223 @@ +/* + * + * Copyright 2016, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +// Package stats is for collecting and reporting various network and RPC stats. +// This package is for monitoring purpose only. All fields are read-only. +// All APIs are experimental. +package stats // import "google.golang.org/grpc/stats" + +import ( + "net" + "time" +) + +// RPCStats contains stats information about RPCs. +type RPCStats interface { + isRPCStats() + // IsClient returns true if this RPCStats is from client side. + IsClient() bool +} + +// Begin contains stats when an RPC begins. +// FailFast are only valid if Client is true. +type Begin struct { + // Client is true if this Begin is from client side. + Client bool + // BeginTime is the time when the RPC begins. + BeginTime time.Time + // FailFast indicates if this RPC is failfast. + FailFast bool +} + +// IsClient indicates if this is from client side. +func (s *Begin) IsClient() bool { return s.Client } + +func (s *Begin) isRPCStats() {} + +// InPayload contains the information for an incoming payload. +type InPayload struct { + // Client is true if this InPayload is from client side. + Client bool + // Payload is the payload with original type. + Payload interface{} + // Data is the serialized message payload. + Data []byte + // Length is the length of uncompressed data. + Length int + // WireLength is the length of data on wire (compressed, signed, encrypted). + WireLength int + // RecvTime is the time when the payload is received. + RecvTime time.Time +} + +// IsClient indicates if this is from client side. +func (s *InPayload) IsClient() bool { return s.Client } + +func (s *InPayload) isRPCStats() {} + +// InHeader contains stats when a header is received. +// FullMethod, addresses and Compression are only valid if Client is false. +type InHeader struct { + // Client is true if this InHeader is from client side. + Client bool + // WireLength is the wire length of header. + WireLength int + + // FullMethod is the full RPC method string, i.e., /package.service/method. + FullMethod string + // RemoteAddr is the remote address of the corresponding connection. + RemoteAddr net.Addr + // LocalAddr is the local address of the corresponding connection. + LocalAddr net.Addr + // Compression is the compression algorithm used for the RPC. + Compression string +} + +// IsClient indicates if this is from client side. +func (s *InHeader) IsClient() bool { return s.Client } + +func (s *InHeader) isRPCStats() {} + +// InTrailer contains stats when a trailer is received. +type InTrailer struct { + // Client is true if this InTrailer is from client side. + Client bool + // WireLength is the wire length of trailer. + WireLength int +} + +// IsClient indicates if this is from client side. +func (s *InTrailer) IsClient() bool { return s.Client } + +func (s *InTrailer) isRPCStats() {} + +// OutPayload contains the information for an outgoing payload. +type OutPayload struct { + // Client is true if this OutPayload is from client side. + Client bool + // Payload is the payload with original type. + Payload interface{} + // Data is the serialized message payload. + Data []byte + // Length is the length of uncompressed data. + Length int + // WireLength is the length of data on wire (compressed, signed, encrypted). + WireLength int + // SentTime is the time when the payload is sent. + SentTime time.Time +} + +// IsClient indicates if this is from client side. +func (s *OutPayload) IsClient() bool { return s.Client } + +func (s *OutPayload) isRPCStats() {} + +// OutHeader contains stats when a header is sent. +// FullMethod, addresses and Compression are only valid if Client is true. +type OutHeader struct { + // Client is true if this OutHeader is from client side. + Client bool + // WireLength is the wire length of header. + WireLength int + + // FullMethod is the full RPC method string, i.e., /package.service/method. + FullMethod string + // RemoteAddr is the remote address of the corresponding connection. + RemoteAddr net.Addr + // LocalAddr is the local address of the corresponding connection. + LocalAddr net.Addr + // Compression is the compression algorithm used for the RPC. + Compression string +} + +// IsClient indicates if this is from client side. +func (s *OutHeader) IsClient() bool { return s.Client } + +func (s *OutHeader) isRPCStats() {} + +// OutTrailer contains stats when a trailer is sent. +type OutTrailer struct { + // Client is true if this OutTrailer is from client side. + Client bool + // WireLength is the wire length of trailer. + WireLength int +} + +// IsClient indicates if this is from client side. +func (s *OutTrailer) IsClient() bool { return s.Client } + +func (s *OutTrailer) isRPCStats() {} + +// End contains stats when an RPC ends. +type End struct { + // Client is true if this End is from client side. + Client bool + // EndTime is the time when the RPC ends. + EndTime time.Time + // Error is the error just happened. It implements status.Status if non-nil. + Error error +} + +// IsClient indicates if this is from client side. +func (s *End) IsClient() bool { return s.Client } + +func (s *End) isRPCStats() {} + +// ConnStats contains stats information about connections. +type ConnStats interface { + isConnStats() + // IsClient returns true if this ConnStats is from client side. + IsClient() bool +} + +// ConnBegin contains the stats of a connection when it is established. +type ConnBegin struct { + // Client is true if this ConnBegin is from client side. + Client bool +} + +// IsClient indicates if this is from client side. +func (s *ConnBegin) IsClient() bool { return s.Client } + +func (s *ConnBegin) isConnStats() {} + +// ConnEnd contains the stats of a connection when it ends. +type ConnEnd struct { + // Client is true if this ConnEnd is from client side. + Client bool +} + +// IsClient indicates if this is from client side. +func (s *ConnEnd) IsClient() bool { return s.Client } + +func (s *ConnEnd) isConnStats() {} diff --git a/components/engine/vendor/google.golang.org/grpc/status/status.go b/components/engine/vendor/google.golang.org/grpc/status/status.go new file mode 100644 index 0000000000..99a4cbe511 --- /dev/null +++ b/components/engine/vendor/google.golang.org/grpc/status/status.go @@ -0,0 +1,145 @@ +/* + * + * Copyright 2017, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +// Package status implements errors returned by gRPC. These errors are +// serialized and transmitted on the wire between server and client, and allow +// for additional data to be transmitted via the Details field in the status +// proto. gRPC service handlers should return an error created by this +// package, and gRPC clients should expect a corresponding error to be +// returned from the RPC call. +// +// This package upholds the invariants that a non-nil error may not +// contain an OK code, and an OK code must result in a nil error. +package status + +import ( + "fmt" + + "github.com/golang/protobuf/proto" + spb "google.golang.org/genproto/googleapis/rpc/status" + "google.golang.org/grpc/codes" +) + +// statusError is an alias of a status proto. It implements error and Status, +// and a nil statusError should never be returned by this package. +type statusError spb.Status + +func (se *statusError) Error() string { + p := (*spb.Status)(se) + return fmt.Sprintf("rpc error: code = %s desc = %s", codes.Code(p.GetCode()), p.GetMessage()) +} + +func (se *statusError) status() *Status { + return &Status{s: (*spb.Status)(se)} +} + +// Status represents an RPC status code, message, and details. It is immutable +// and should be created with New, Newf, or FromProto. +type Status struct { + s *spb.Status +} + +// Code returns the status code contained in s. +func (s *Status) Code() codes.Code { + if s == nil || s.s == nil { + return codes.OK + } + return codes.Code(s.s.Code) +} + +// Message returns the message contained in s. +func (s *Status) Message() string { + if s == nil || s.s == nil { + return "" + } + return s.s.Message +} + +// Proto returns s's status as an spb.Status proto message. +func (s *Status) Proto() *spb.Status { + if s == nil { + return nil + } + return proto.Clone(s.s).(*spb.Status) +} + +// Err returns an immutable error representing s; returns nil if s.Code() is +// OK. +func (s *Status) Err() error { + if s.Code() == codes.OK { + return nil + } + return (*statusError)(s.s) +} + +// New returns a Status representing c and msg. +func New(c codes.Code, msg string) *Status { + return &Status{s: &spb.Status{Code: int32(c), Message: msg}} +} + +// Newf returns New(c, fmt.Sprintf(format, a...)). +func Newf(c codes.Code, format string, a ...interface{}) *Status { + return New(c, fmt.Sprintf(format, a...)) +} + +// Error returns an error representing c and msg. If c is OK, returns nil. +func Error(c codes.Code, msg string) error { + return New(c, msg).Err() +} + +// Errorf returns Error(c, fmt.Sprintf(format, a...)). +func Errorf(c codes.Code, format string, a ...interface{}) error { + return Error(c, fmt.Sprintf(format, a...)) +} + +// ErrorProto returns an error representing s. If s.Code is OK, returns nil. +func ErrorProto(s *spb.Status) error { + return FromProto(s).Err() +} + +// FromProto returns a Status representing s. +func FromProto(s *spb.Status) *Status { + return &Status{s: proto.Clone(s).(*spb.Status)} +} + +// FromError returns a Status representing err if it was produced from this +// package, otherwise it returns nil, false. +func FromError(err error) (s *Status, ok bool) { + if err == nil { + return &Status{s: &spb.Status{Code: int32(codes.OK)}}, true + } + if s, ok := err.(*statusError); ok { + return s.status(), true + } + return nil, false +} diff --git a/components/engine/vendor/google.golang.org/grpc/stream.go b/components/engine/vendor/google.golang.org/grpc/stream.go index 46810544f1..33f1c787b3 100644 --- a/components/engine/vendor/google.golang.org/grpc/stream.go +++ b/components/engine/vendor/google.golang.org/grpc/stream.go @@ -37,7 +37,6 @@ import ( "bytes" "errors" "io" - "math" "sync" "time" @@ -45,6 +44,8 @@ import ( "golang.org/x/net/trace" "google.golang.org/grpc/codes" "google.golang.org/grpc/metadata" + "google.golang.org/grpc/stats" + "google.golang.org/grpc/status" "google.golang.org/grpc/transport" ) @@ -97,7 +98,7 @@ type ClientStream interface { // NewClientStream creates a new Stream for the client side. This is called // by generated code. -func NewClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, opts ...CallOption) (ClientStream, error) { +func NewClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, opts ...CallOption) (_ ClientStream, err error) { if cc.dopts.streamInt != nil { return cc.dopts.streamInt(ctx, desc, cc, method, newClientStream, opts...) } @@ -106,11 +107,18 @@ func NewClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, opts ...CallOption) (_ ClientStream, err error) { var ( - t transport.ClientTransport - s *transport.Stream - put func() + t transport.ClientTransport + s *transport.Stream + put func() + cancel context.CancelFunc ) c := defaultCallInfo + if mc, ok := cc.getMethodConfig(method); ok { + c.failFast = !mc.WaitForReady + if mc.Timeout > 0 { + ctx, cancel = context.WithTimeout(ctx, mc.Timeout) + } + } for _, o := range opts { if err := o.before(&c); err != nil { return nil, toRPCErr(err) @@ -143,6 +151,27 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth } }() } + ctx = newContextWithRPCInfo(ctx) + sh := cc.dopts.copts.StatsHandler + if sh != nil { + ctx = sh.TagRPC(ctx, &stats.RPCTagInfo{FullMethodName: method}) + begin := &stats.Begin{ + Client: true, + BeginTime: time.Now(), + FailFast: c.failFast, + } + sh.HandleRPC(ctx, begin) + } + defer func() { + if err != nil && sh != nil { + // Only handle end stats if err != nil. + end := &stats.End{ + Client: true, + Error: err, + } + sh.HandleRPC(ctx, end) + } + }() gopts := BalancerGetOptions{ BlockingWait: !c.failFast, } @@ -150,7 +179,7 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth t, put, err = cc.getTransport(ctx, gopts) if err != nil { // TODO(zhaoq): Probably revisit the error handling. - if _, ok := err.(*rpcError); ok { + if _, ok := status.FromError(err); ok { return nil, err } if err == errConnClosing || err == errConnUnavailable { @@ -165,14 +194,17 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth s, err = t.NewStream(ctx, callHdr) if err != nil { + if _, ok := err.(transport.ConnectionError); ok && put != nil { + // If error is connection error, transport was sending data on wire, + // and we are not sure if anything has been sent on wire. + // If error is not connection error, we are sure nothing has been sent. + updateRPCInfoInContext(ctx, rpcInfo{bytesSent: true, bytesReceived: false}) + } if put != nil { put() put = nil } - if _, ok := err.(transport.ConnectionError); ok || err == transport.ErrStreamDrain { - if c.failFast { - return nil, toRPCErr(err) - } + if _, ok := err.(transport.ConnectionError); (ok || err == transport.ErrStreamDrain) && !c.failFast { continue } return nil, toRPCErr(err) @@ -180,12 +212,14 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth break } cs := &clientStream{ - opts: opts, - c: c, - desc: desc, - codec: cc.dopts.codec, - cp: cc.dopts.cp, - dc: cc.dopts.dc, + opts: opts, + c: c, + desc: desc, + codec: cc.dopts.codec, + cp: cc.dopts.cp, + dc: cc.dopts.dc, + maxMsgSize: cc.dopts.maxMsgSize, + cancel: cancel, put: put, t: t, @@ -194,6 +228,9 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth tracing: EnableTracing, trInfo: trInfo, + + statsCtx: ctx, + statsHandler: cc.dopts.copts.StatsHandler, } if cc.dopts.cp != nil { cs.cbuf = new(bytes.Buffer) @@ -204,14 +241,13 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth select { case <-t.Error(): // Incur transport error, simply exit. + case <-cc.ctx.Done(): + cs.finish(ErrClientConnClosing) + cs.closeTransportStream(ErrClientConnClosing) case <-s.Done(): // TODO: The trace of the RPC is terminated here when there is no pending // I/O, which is probably not the optimal solution. - if s.StatusCode() == codes.OK { - cs.finish(nil) - } else { - cs.finish(Errorf(s.StatusCode(), "%s", s.StatusDesc())) - } + cs.finish(s.Status().Err()) cs.closeTransportStream(nil) case <-s.GoAway(): cs.finish(errConnDrain) @@ -227,25 +263,34 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth // clientStream implements a client side Stream. type clientStream struct { - opts []CallOption - c callInfo - t transport.ClientTransport - s *transport.Stream - p *parser - desc *StreamDesc - codec Codec - cp Compressor - cbuf *bytes.Buffer - dc Decompressor + opts []CallOption + c callInfo + t transport.ClientTransport + s *transport.Stream + p *parser + desc *StreamDesc + codec Codec + cp Compressor + cbuf *bytes.Buffer + dc Decompressor + maxMsgSize int + cancel context.CancelFunc tracing bool // set to EnableTracing when the clientStream is created. - mu sync.Mutex - put func() - closed bool + mu sync.Mutex + put func() + closed bool + finished bool // trInfo.tr is set when the clientStream is created (if EnableTracing is true), // and is set to nil when the clientStream's finish method is called. trInfo traceInfo + + // statsCtx keeps the user context for stats handling. + // All stats collection should use the statsCtx (instead of the stream context) + // so that all the generated stats for a particular RPC can be associated in the processing phase. + statsCtx context.Context + statsHandler stats.Handler } func (cs *clientStream) Context() context.Context { @@ -274,6 +319,8 @@ func (cs *clientStream) SendMsg(m interface{}) (err error) { } cs.mu.Unlock() } + // TODO Investigate how to signal the stats handling party. + // generate error stats if err != nil && err != io.EOF? defer func() { if err != nil { cs.finish(err) @@ -296,7 +343,13 @@ func (cs *clientStream) SendMsg(m interface{}) (err error) { } err = toRPCErr(err) }() - out, err := encode(cs.codec, m, cs.cp, cs.cbuf) + var outPayload *stats.OutPayload + if cs.statsHandler != nil { + outPayload = &stats.OutPayload{ + Client: true, + } + } + out, err := encode(cs.codec, m, cs.cp, cs.cbuf, outPayload) defer func() { if cs.cbuf != nil { cs.cbuf.Reset() @@ -305,11 +358,22 @@ func (cs *clientStream) SendMsg(m interface{}) (err error) { if err != nil { return Errorf(codes.Internal, "grpc: %v", err) } - return cs.t.Write(cs.s, out, &transport.Options{Last: false}) + err = cs.t.Write(cs.s, out, &transport.Options{Last: false}) + if err == nil && outPayload != nil { + outPayload.SentTime = time.Now() + cs.statsHandler.HandleRPC(cs.statsCtx, outPayload) + } + return err } func (cs *clientStream) RecvMsg(m interface{}) (err error) { - err = recv(cs.p, cs.codec, cs.s, cs.dc, m, math.MaxInt32) + var inPayload *stats.InPayload + if cs.statsHandler != nil { + inPayload = &stats.InPayload{ + Client: true, + } + } + err = recv(cs.p, cs.codec, cs.s, cs.dc, m, cs.maxMsgSize, inPayload) defer func() { // err != nil indicates the termination of the stream. if err != nil { @@ -324,21 +388,25 @@ func (cs *clientStream) RecvMsg(m interface{}) (err error) { } cs.mu.Unlock() } + if inPayload != nil { + cs.statsHandler.HandleRPC(cs.statsCtx, inPayload) + } if !cs.desc.ClientStreams || cs.desc.ServerStreams { return } // Special handling for client streaming rpc. - err = recv(cs.p, cs.codec, cs.s, cs.dc, m, math.MaxInt32) + // This recv expects EOF or errors, so we don't collect inPayload. + err = recv(cs.p, cs.codec, cs.s, cs.dc, m, cs.maxMsgSize, nil) cs.closeTransportStream(err) if err == nil { return toRPCErr(errors.New("grpc: client streaming protocol violation: get , want ")) } if err == io.EOF { - if cs.s.StatusCode() == codes.OK { - cs.finish(err) - return nil + if se := cs.s.Status().Err(); se != nil { + return se } - return Errorf(cs.s.StatusCode(), "%s", cs.s.StatusDesc()) + cs.finish(err) + return nil } return toRPCErr(err) } @@ -346,11 +414,11 @@ func (cs *clientStream) RecvMsg(m interface{}) (err error) { cs.closeTransportStream(err) } if err == io.EOF { - if cs.s.StatusCode() == codes.OK { - // Returns io.EOF to indicate the end of the stream. - return + if statusErr := cs.s.Status().Err(); statusErr != nil { + return statusErr } - return Errorf(cs.s.StatusCode(), "%s", cs.s.StatusDesc()) + // Returns io.EOF to indicate the end of the stream. + return } return toRPCErr(err) } @@ -386,13 +454,37 @@ func (cs *clientStream) closeTransportStream(err error) { func (cs *clientStream) finish(err error) { cs.mu.Lock() defer cs.mu.Unlock() + if cs.finished { + return + } + cs.finished = true + defer func() { + if cs.cancel != nil { + cs.cancel() + } + }() for _, o := range cs.opts { o.after(&cs.c) } if cs.put != nil { + updateRPCInfoInContext(cs.s.Context(), rpcInfo{ + bytesSent: cs.s.BytesSent(), + bytesReceived: cs.s.BytesReceived(), + }) cs.put() cs.put = nil } + if cs.statsHandler != nil { + end := &stats.End{ + Client: true, + EndTime: time.Now(), + } + if err != io.EOF { + // end.Error is nil if the RPC finished successfully. + end.Error = toRPCErr(err) + } + cs.statsHandler.HandleRPC(cs.statsCtx, end) + } if !cs.tracing { return } @@ -437,10 +529,10 @@ type serverStream struct { dc Decompressor cbuf *bytes.Buffer maxMsgSize int - statusCode codes.Code - statusDesc string trInfo *traceInfo + statsHandler stats.Handler + mu sync.Mutex // protects trInfo.tr after the service handler runs. } @@ -482,7 +574,11 @@ func (ss *serverStream) SendMsg(m interface{}) (err error) { ss.mu.Unlock() } }() - out, err := encode(ss.codec, m, ss.cp, ss.cbuf) + var outPayload *stats.OutPayload + if ss.statsHandler != nil { + outPayload = &stats.OutPayload{} + } + out, err := encode(ss.codec, m, ss.cp, ss.cbuf, outPayload) defer func() { if ss.cbuf != nil { ss.cbuf.Reset() @@ -495,6 +591,10 @@ func (ss *serverStream) SendMsg(m interface{}) (err error) { if err := ss.t.Write(ss.s, out, &transport.Options{Last: false}); err != nil { return toRPCErr(err) } + if outPayload != nil { + outPayload.SentTime = time.Now() + ss.statsHandler.HandleRPC(ss.s.Context(), outPayload) + } return nil } @@ -513,7 +613,11 @@ func (ss *serverStream) RecvMsg(m interface{}) (err error) { ss.mu.Unlock() } }() - if err := recv(ss.p, ss.codec, ss.s, ss.dc, m, ss.maxMsgSize); err != nil { + var inPayload *stats.InPayload + if ss.statsHandler != nil { + inPayload = &stats.InPayload{} + } + if err := recv(ss.p, ss.codec, ss.s, ss.dc, m, ss.maxMsgSize, inPayload); err != nil { if err == io.EOF { return err } @@ -522,5 +626,8 @@ func (ss *serverStream) RecvMsg(m interface{}) (err error) { } return toRPCErr(err) } + if inPayload != nil { + ss.statsHandler.HandleRPC(ss.s.Context(), inPayload) + } return nil } diff --git a/components/engine/vendor/google.golang.org/grpc/tap/tap.go b/components/engine/vendor/google.golang.org/grpc/tap/tap.go new file mode 100644 index 0000000000..0f36647674 --- /dev/null +++ b/components/engine/vendor/google.golang.org/grpc/tap/tap.go @@ -0,0 +1,54 @@ +/* + * + * Copyright 2016, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +// Package tap defines the function handles which are executed on the transport +// layer of gRPC-Go and related information. Everything here is EXPERIMENTAL. +package tap + +import ( + "golang.org/x/net/context" +) + +// Info defines the relevant information needed by the handles. +type Info struct { + // FullMethodName is the string of grpc method (in the format of + // /package.service/method). + FullMethodName string + // TODO: More to be added. +} + +// ServerInHandle defines the function which runs when a new stream is created +// on the server side. Note that it is executed in the per-connection I/O goroutine(s) instead +// of per-RPC goroutine. Therefore, users should NOT have any blocking/time-consuming +// work in this handle. Otherwise all the RPCs would slow down. +type ServerInHandle func(ctx context.Context, info *Info) (context.Context, error) diff --git a/components/engine/vendor/google.golang.org/grpc/transport/control.go b/components/engine/vendor/google.golang.org/grpc/transport/control.go index 4ef0830b56..8d29aee53d 100644 --- a/components/engine/vendor/google.golang.org/grpc/transport/control.go +++ b/components/engine/vendor/google.golang.org/grpc/transport/control.go @@ -35,7 +35,9 @@ package transport import ( "fmt" + "math" "sync" + "time" "golang.org/x/net/http2" ) @@ -44,8 +46,18 @@ const ( // The default value of flow control window size in HTTP2 spec. defaultWindowSize = 65535 // The initial window size for flow control. - initialWindowSize = defaultWindowSize // for an RPC - initialConnWindowSize = defaultWindowSize * 16 // for a connection + initialWindowSize = defaultWindowSize // for an RPC + initialConnWindowSize = defaultWindowSize * 16 // for a connection + infinity = time.Duration(math.MaxInt64) + defaultClientKeepaliveTime = infinity + defaultClientKeepaliveTimeout = time.Duration(20 * time.Second) + defaultMaxStreamsClient = 100 + defaultMaxConnectionIdle = infinity + defaultMaxConnectionAge = infinity + defaultMaxConnectionAgeGrace = infinity + defaultServerKeepaliveTime = time.Duration(2 * time.Hour) + defaultServerKeepaliveTimeout = time.Duration(20 * time.Second) + defaultKeepalivePolicyMinTime = time.Duration(5 * time.Minute) ) // The following defines various control items which could flow through @@ -73,6 +85,8 @@ type resetStream struct { func (*resetStream) item() {} type goAway struct { + code http2.ErrCode + debugData []byte } func (*goAway) item() {} @@ -111,35 +125,9 @@ func newQuotaPool(q int) *quotaPool { return qb } -// add adds n to the available quota and tries to send it on acquire. -func (qb *quotaPool) add(n int) { - qb.mu.Lock() - defer qb.mu.Unlock() - qb.quota += n - if qb.quota <= 0 { - return - } - select { - case qb.c <- qb.quota: - qb.quota = 0 - default: - } -} - -// cancel cancels the pending quota sent on acquire, if any. -func (qb *quotaPool) cancel() { - qb.mu.Lock() - defer qb.mu.Unlock() - select { - case n := <-qb.c: - qb.quota += n - default: - } -} - -// reset cancels the pending quota sent on acquired, incremented by v and sends +// add cancels the pending quota sent on acquired, incremented by v and sends // it back on acquire. -func (qb *quotaPool) reset(v int) { +func (qb *quotaPool) add(v int) { qb.mu.Lock() defer qb.mu.Unlock() select { @@ -151,6 +139,10 @@ func (qb *quotaPool) reset(v int) { if qb.quota <= 0 { return } + // After the pool has been created, this is the only place that sends on + // the channel. Since mu is held at this point and any quota that was sent + // on the channel has been retrieved, we know that this code will always + // place any positive quota value on the channel. select { case qb.c <- qb.quota: qb.quota = 0 diff --git a/components/engine/vendor/google.golang.org/grpc/transport/handler_server.go b/components/engine/vendor/google.golang.org/grpc/transport/handler_server.go index 114e34906a..24f306babb 100644 --- a/components/engine/vendor/google.golang.org/grpc/transport/handler_server.go +++ b/components/engine/vendor/google.golang.org/grpc/transport/handler_server.go @@ -53,6 +53,7 @@ import ( "google.golang.org/grpc/credentials" "google.golang.org/grpc/metadata" "google.golang.org/grpc/peer" + "google.golang.org/grpc/status" ) // NewServerHandlerTransport returns a ServerTransport handling gRPC @@ -110,6 +111,10 @@ func NewServerHandlerTransport(w http.ResponseWriter, r *http.Request) (ServerTr v = v[:i] } } + v, err := decodeMetadataHeader(k, v) + if err != nil { + return nil, streamErrorf(codes.InvalidArgument, "malformed binary metadata: %v", err) + } metakv = append(metakv, k, v) } } @@ -182,7 +187,7 @@ func (ht *serverHandlerTransport) do(fn func()) error { } } -func (ht *serverHandlerTransport) WriteStatus(s *Stream, statusCode codes.Code, statusDesc string) error { +func (ht *serverHandlerTransport) WriteStatus(s *Stream, st *status.Status) error { err := ht.do(func() { ht.writeCommonHeaders(s) @@ -192,10 +197,13 @@ func (ht *serverHandlerTransport) WriteStatus(s *Stream, statusCode codes.Code, ht.rw.(http.Flusher).Flush() h := ht.rw.Header() - h.Set("Grpc-Status", fmt.Sprintf("%d", statusCode)) - if statusDesc != "" { - h.Set("Grpc-Message", encodeGrpcMessage(statusDesc)) + h.Set("Grpc-Status", fmt.Sprintf("%d", st.Code())) + if m := st.Message(); m != "" { + h.Set("Grpc-Message", encodeGrpcMessage(m)) } + + // TODO: Support Grpc-Status-Details-Bin + if md := s.Trailer(); len(md) > 0 { for k, vv := range md { // Clients don't tolerate reading restricted headers after some non restricted ones were sent. @@ -203,10 +211,9 @@ func (ht *serverHandlerTransport) WriteStatus(s *Stream, statusCode codes.Code, continue } for _, v := range vv { - // http2 ResponseWriter mechanism to - // send undeclared Trailers after the - // headers have possibly been written. - h.Add(http2.TrailerPrefix+k, v) + // http2 ResponseWriter mechanism to send undeclared Trailers after + // the headers have possibly been written. + h.Add(http2.TrailerPrefix+k, encodeMetadataHeader(k, v)) } } } @@ -234,6 +241,7 @@ func (ht *serverHandlerTransport) writeCommonHeaders(s *Stream) { // and https://golang.org/pkg/net/http/#example_ResponseWriter_trailers h.Add("Trailer", "Grpc-Status") h.Add("Trailer", "Grpc-Message") + // TODO: Support Grpc-Status-Details-Bin if s.sendCompress != "" { h.Set("Grpc-Encoding", s.sendCompress) @@ -260,6 +268,7 @@ func (ht *serverHandlerTransport) WriteHeader(s *Stream, md metadata.MD) error { continue } for _, v := range vv { + v = encodeMetadataHeader(k, v) h.Add(k, v) } } @@ -268,7 +277,7 @@ func (ht *serverHandlerTransport) WriteHeader(s *Stream, md metadata.MD) error { }) } -func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream)) { +func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream), traceCtx func(context.Context, string) context.Context) { // With this transport type there will be exactly 1 stream: this HTTP request. var ctx context.Context @@ -314,7 +323,7 @@ func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream)) { if req.TLS != nil { pr.AuthInfo = credentials.TLSInfo{State: *req.TLS} } - ctx = metadata.NewContext(ctx, ht.headerMD) + ctx = metadata.NewIncomingContext(ctx, ht.headerMD) ctx = peer.NewContext(ctx, pr) s.ctx = newContextWithStream(ctx, s) s.dec = &recvBufferReader{ctx: s.ctx, recv: s.buf} diff --git a/components/engine/vendor/google.golang.org/grpc/transport/http2_client.go b/components/engine/vendor/google.golang.org/grpc/transport/http2_client.go index 2b0f68016a..380fff665f 100644 --- a/components/engine/vendor/google.golang.org/grpc/transport/http2_client.go +++ b/components/engine/vendor/google.golang.org/grpc/transport/http2_client.go @@ -35,12 +35,12 @@ package transport import ( "bytes" - "fmt" "io" "math" "net" "strings" "sync" + "sync/atomic" "time" "golang.org/x/net/context" @@ -49,18 +49,24 @@ import ( "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials" "google.golang.org/grpc/grpclog" + "google.golang.org/grpc/keepalive" "google.golang.org/grpc/metadata" "google.golang.org/grpc/peer" + "google.golang.org/grpc/stats" + "google.golang.org/grpc/status" ) // http2Client implements the ClientTransport interface with HTTP2. type http2Client struct { - target string // server name/addr - userAgent string - md interface{} - conn net.Conn // underlying communication channel - authInfo credentials.AuthInfo // auth info about the connection - nextID uint32 // the next stream ID to be used + ctx context.Context + target string // server name/addr + userAgent string + md interface{} + conn net.Conn // underlying communication channel + remoteAddr net.Addr + localAddr net.Addr + authInfo credentials.AuthInfo // auth info about the connection + nextID uint32 // the next stream ID to be used // writableChan synchronizes write access to the transport. // A writer acquires the write lock by sending a value on writableChan @@ -76,6 +82,8 @@ type http2Client struct { // goAway is closed to notify the upper layer (i.e., addrConn.transportMonitor) // that the server sent GoAway on this transport. goAway chan struct{} + // awakenKeepalive is used to wake up keepalive when after it has gone dormant. + awakenKeepalive chan struct{} framer *framer hBuf *bytes.Buffer // the buffer for HPACK encoding @@ -95,6 +103,13 @@ type http2Client struct { creds []credentials.PerRPCCredentials + // Boolean to keep track of reading activity on transport. + // 1 is true and 0 is false. + activity uint32 // Accessed atomically. + kp keepalive.ClientParameters + + statsHandler stats.Handler + mu sync.Mutex // guard the following variables state transportState // the state of underlying connection activeStreams map[uint32]*Stream @@ -106,6 +121,9 @@ type http2Client struct { goAwayID uint32 // prevGoAway ID records the Last-Stream-ID in the previous GOAway frame. prevGoAwayID uint32 + // goAwayReason records the http2.ErrCode and debug data received with the + // GoAway frame. + goAwayReason GoAwayReason } func dial(ctx context.Context, fn func(context.Context, string) (net.Conn, error), addr string) (net.Conn, error) { @@ -150,6 +168,9 @@ func newHTTP2Client(ctx context.Context, addr TargetInfo, opts ConnectOptions) ( scheme := "http" conn, err := dial(ctx, opts.Dialer, addr.Addr) if err != nil { + if opts.FailOnNonTempDialError { + return nil, connectionErrorf(isTemporary(err), err, "transport: %v", err) + } return nil, connectionErrorf(true, err, "transport: %v", err) } // Any further errors will close the underlying connection @@ -169,23 +190,31 @@ func newHTTP2Client(ctx context.Context, addr TargetInfo, opts ConnectOptions) ( return nil, connectionErrorf(temp, err, "transport: %v", err) } } - ua := primaryUA - if opts.UserAgent != "" { - ua = opts.UserAgent + " " + ua + kp := opts.KeepaliveParams + // Validate keepalive parameters. + if kp.Time == 0 { + kp.Time = defaultClientKeepaliveTime + } + if kp.Timeout == 0 { + kp.Timeout = defaultClientKeepaliveTimeout } var buf bytes.Buffer t := &http2Client{ - target: addr.Addr, - userAgent: ua, - md: addr.Metadata, - conn: conn, - authInfo: authInfo, + ctx: ctx, + target: addr.Addr, + userAgent: opts.UserAgent, + md: addr.Metadata, + conn: conn, + remoteAddr: conn.RemoteAddr(), + localAddr: conn.LocalAddr(), + authInfo: authInfo, // The client initiated stream id is odd starting from 1. nextID: 1, writableChan: make(chan int, 1), shutdownChan: make(chan struct{}), errorChan: make(chan struct{}), goAway: make(chan struct{}), + awakenKeepalive: make(chan struct{}, 1), framer: newFramer(conn), hBuf: &buf, hEnc: hpack.NewEncoder(&buf), @@ -196,8 +225,24 @@ func newHTTP2Client(ctx context.Context, addr TargetInfo, opts ConnectOptions) ( state: reachable, activeStreams: make(map[uint32]*Stream), creds: opts.PerRPCCredentials, - maxStreams: math.MaxInt32, + maxStreams: defaultMaxStreamsClient, + streamsQuota: newQuotaPool(defaultMaxStreamsClient), streamSendQuota: defaultWindowSize, + kp: kp, + statsHandler: opts.StatsHandler, + } + // Make sure awakenKeepalive can't be written upon. + // keepalive routine will make it writable, if need be. + t.awakenKeepalive <- struct{}{} + if t.statsHandler != nil { + t.ctx = t.statsHandler.TagConn(t.ctx, &stats.ConnTagInfo{ + RemoteAddr: t.remoteAddr, + LocalAddr: t.localAddr, + }) + connBegin := &stats.ConnBegin{ + Client: true, + } + t.statsHandler.HandleConn(t.ctx, connBegin) } // Start the reader goroutine for incoming message. Each transport has // a dedicated goroutine which reads HTTP2 frame from network. Then it @@ -233,6 +278,9 @@ func newHTTP2Client(ctx context.Context, addr TargetInfo, opts ConnectOptions) ( } } go t.controller() + if t.kp.Time != infinity { + go t.keepalive() + } t.writableChan <- 0 return t, nil } @@ -266,16 +314,17 @@ func (t *http2Client) newStream(ctx context.Context, callHdr *CallHdr) *Stream { return s } -// NewStream creates a stream and register it into the transport as "active" +// NewStream creates a stream and registers it into the transport as "active" // streams. func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (_ *Stream, err error) { pr := &peer.Peer{ - Addr: t.conn.RemoteAddr(), + Addr: t.remoteAddr, } // Attach Auth info if there is any. if t.authInfo != nil { pr.AuthInfo = t.authInfo } + userCtx := ctx ctx = peer.NewContext(ctx, pr) authData := make(map[string]string) for _, c := range t.creds { @@ -313,21 +362,18 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (_ *Strea t.mu.Unlock() return nil, ErrConnClosing } - checkStreamsQuota := t.streamsQuota != nil t.mu.Unlock() - if checkStreamsQuota { - sq, err := wait(ctx, nil, nil, t.shutdownChan, t.streamsQuota.acquire()) - if err != nil { - return nil, err - } - // Returns the quota balance back. - if sq > 1 { - t.streamsQuota.add(sq - 1) - } + sq, err := wait(ctx, nil, nil, t.shutdownChan, t.streamsQuota.acquire()) + if err != nil { + return nil, err + } + // Returns the quota balance back. + if sq > 1 { + t.streamsQuota.add(sq - 1) } if _, err := wait(ctx, nil, nil, t.shutdownChan, t.writableChan); err != nil { // Return the quota back now because there is no stream returned to the caller. - if _, ok := err.(StreamError); ok && checkStreamsQuota { + if _, ok := err.(StreamError); ok { t.streamsQuota.add(1) } return nil, err @@ -335,9 +381,7 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (_ *Strea t.mu.Lock() if t.state == draining { t.mu.Unlock() - if checkStreamsQuota { - t.streamsQuota.add(1) - } + t.streamsQuota.add(1) // Need to make t writable again so that the rpc in flight can still proceed. t.writableChan <- 0 return nil, ErrStreamDrain @@ -347,18 +391,19 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (_ *Strea return nil, ErrConnClosing } s := t.newStream(ctx, callHdr) + s.clientStatsCtx = userCtx t.activeStreams[s.id] = s + // If the number of active streams change from 0 to 1, then check if keepalive + // has gone dormant. If so, wake it up. + if len(t.activeStreams) == 1 { + select { + case t.awakenKeepalive <- struct{}{}: + t.framer.writePing(false, false, [8]byte{}) + default: + } + } - // This stream is not counted when applySetings(...) initialize t.streamsQuota. - // Reset t.streamsQuota to the right value. - var reset bool - if !checkStreamsQuota && t.streamsQuota != nil { - reset = true - } t.mu.Unlock() - if reset { - t.streamsQuota.reset(-1) - } // HPACK encodes various headers. Note that once WriteField(...) is // called, the corresponding headers/continuation frame has to be sent @@ -390,29 +435,30 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (_ *Strea hasMD bool endHeaders bool ) - if md, ok := metadata.FromContext(ctx); ok { + if md, ok := metadata.FromOutgoingContext(ctx); ok { hasMD = true - for k, v := range md { + for k, vv := range md { // HTTP doesn't allow you to set pseudoheaders after non pseudoheaders were set. if isReservedHeader(k) { continue } - for _, entry := range v { - t.hEnc.WriteField(hpack.HeaderField{Name: k, Value: entry}) + for _, v := range vv { + t.hEnc.WriteField(hpack.HeaderField{Name: k, Value: encodeMetadataHeader(k, v)}) } } } if md, ok := t.md.(*metadata.MD); ok { - for k, v := range *md { + for k, vv := range *md { if isReservedHeader(k) { continue } - for _, entry := range v { - t.hEnc.WriteField(hpack.HeaderField{Name: k, Value: entry}) + for _, v := range vv { + t.hEnc.WriteField(hpack.HeaderField{Name: k, Value: encodeMetadataHeader(k, v)}) } } } first := true + bufLen := t.hBuf.Len() // Sends the headers in a single batch even when they span multiple frames. for !endHeaders { size := t.hBuf.Len() @@ -447,6 +493,19 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (_ *Strea return nil, connectionErrorf(true, err, "transport: %v", err) } } + s.bytesSent = true + + if t.statsHandler != nil { + outHeader := &stats.OutHeader{ + Client: true, + WireLength: bufLen, + FullMethod: callHdr.Method, + RemoteAddr: t.remoteAddr, + LocalAddr: t.localAddr, + Compression: callHdr.SendCompress, + } + t.statsHandler.HandleRPC(s.clientStatsCtx, outHeader) + } t.writableChan <- 0 return s, nil } @@ -454,15 +513,11 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (_ *Strea // CloseStream clears the footprint of a stream when the stream is not needed any more. // This must not be executed in reader's goroutine. func (t *http2Client) CloseStream(s *Stream, err error) { - var updateStreams bool t.mu.Lock() if t.activeStreams == nil { t.mu.Unlock() return } - if t.streamsQuota != nil { - updateStreams = true - } delete(t.activeStreams, s.id) if t.state == draining && len(t.activeStreams) == 0 { // The transport is draining and s is the last live stream on t. @@ -471,10 +526,27 @@ func (t *http2Client) CloseStream(s *Stream, err error) { return } t.mu.Unlock() - if updateStreams { - t.streamsQuota.add(1) - } + // rstStream is true in case the stream is being closed at the client-side + // and the server needs to be intimated about it by sending a RST_STREAM + // frame. + // To make sure this frame is written to the wire before the headers of the + // next stream waiting for streamsQuota, we add to streamsQuota pool only + // after having acquired the writableChan to send RST_STREAM out (look at + // the controller() routine). + var rstStream bool + var rstError http2.ErrCode + defer func() { + // In case, the client doesn't have to send RST_STREAM to server + // we can safely add back to streamsQuota pool now. + if !rstStream { + t.streamsQuota.add(1) + return + } + t.controlBuf.put(&resetStream{s.id, rstError}) + }() s.mu.Lock() + rstStream = s.rstStream + rstError = s.rstError if q := s.fc.resetPendingData(); q > 0 { if n := t.fc.onRead(q); n > 0 { t.controlBuf.put(&windowUpdate{0, n}) @@ -490,8 +562,9 @@ func (t *http2Client) CloseStream(s *Stream, err error) { } s.state = streamDone s.mu.Unlock() - if se, ok := err.(StreamError); ok && se.Code != codes.DeadlineExceeded { - t.controlBuf.put(&resetStream{s.id, http2.ErrCodeCancel}) + if _, ok := err.(StreamError); ok { + rstStream = true + rstError = http2.ErrCodeCancel } } @@ -525,6 +598,12 @@ func (t *http2Client) Close() (err error) { s.mu.Unlock() s.write(recvMsg{err: ErrConnClosing}) } + if t.statsHandler != nil { + connEnd := &stats.ConnEnd{ + Client: true, + } + t.statsHandler.HandleConn(t.ctx, connEnd) + } return } @@ -582,19 +661,14 @@ func (t *http2Client) Write(s *Stream, data []byte, opts *Options) error { var p []byte if r.Len() > 0 { size := http2MaxFrameLen - s.sendQuotaPool.add(0) // Wait until the stream has some quota to send the data. sq, err := wait(s.ctx, s.done, s.goAway, t.shutdownChan, s.sendQuotaPool.acquire()) if err != nil { return err } - t.sendQuotaPool.add(0) // Wait until the transport has some quota to send the data. tq, err := wait(s.ctx, s.done, s.goAway, t.shutdownChan, t.sendQuotaPool.acquire()) if err != nil { - if _, ok := err.(StreamError); ok || err == io.EOF { - t.sendQuotaPool.cancel() - } return err } if sq < size { @@ -704,7 +778,7 @@ func (t *http2Client) updateWindow(s *Stream, n uint32) { } func (t *http2Client) handleData(f *http2.DataFrame) { - size := len(f.Data()) + size := f.Header().Length if err := t.fc.onData(uint32(size)); err != nil { t.notifyError(connectionErrorf(true, err, "%v", err)) return @@ -718,6 +792,11 @@ func (t *http2Client) handleData(f *http2.DataFrame) { return } if size > 0 { + if f.Header().Flags.Has(http2.FlagDataPadded) { + if w := t.fc.onRead(uint32(size) - uint32(len(f.Data()))); w > 0 { + t.controlBuf.put(&windowUpdate{0, w}) + } + } s.mu.Lock() if s.state == streamDone { s.mu.Unlock() @@ -728,22 +807,27 @@ func (t *http2Client) handleData(f *http2.DataFrame) { return } if err := s.fc.onData(uint32(size)); err != nil { - s.state = streamDone - s.statusCode = codes.Internal - s.statusDesc = err.Error() - close(s.done) + s.rstStream = true + s.rstError = http2.ErrCodeFlowControl + s.finish(status.New(codes.Internal, err.Error())) s.mu.Unlock() s.write(recvMsg{err: io.EOF}) - t.controlBuf.put(&resetStream{s.id, http2.ErrCodeFlowControl}) return } + if f.Header().Flags.Has(http2.FlagDataPadded) { + if w := s.fc.onRead(uint32(size) - uint32(len(f.Data()))); w > 0 { + t.controlBuf.put(&windowUpdate{s.id, w}) + } + } s.mu.Unlock() // TODO(bradfitz, zhaoq): A copy is required here because there is no // guarantee f.Data() is consumed before the arrival of next frame. // Can this copy be eliminated? - data := make([]byte, size) - copy(data, f.Data()) - s.write(recvMsg{data: data}) + if len(f.Data()) > 0 { + data := make([]byte, len(f.Data())) + copy(data, f.Data()) + s.write(recvMsg{data: data}) + } } // The server has closed the stream without sending trailers. Record that // the read direction is closed, and set the status appropriately. @@ -753,10 +837,7 @@ func (t *http2Client) handleData(f *http2.DataFrame) { s.mu.Unlock() return } - s.state = streamDone - s.statusCode = codes.Internal - s.statusDesc = "server closed the stream without sending trailers" - close(s.done) + s.finish(status.New(codes.Internal, "server closed the stream without sending trailers")) s.mu.Unlock() s.write(recvMsg{err: io.EOF}) } @@ -772,18 +853,16 @@ func (t *http2Client) handleRSTStream(f *http2.RSTStreamFrame) { s.mu.Unlock() return } - s.state = streamDone if !s.headerDone { close(s.headerChan) s.headerDone = true } - s.statusCode, ok = http2ErrConvTab[http2.ErrCode(f.ErrCode)] + statusCode, ok := http2ErrConvTab[http2.ErrCode(f.ErrCode)] if !ok { grpclog.Println("transport: http2Client.handleRSTStream found no mapped gRPC status for the received http2 error ", f.ErrCode) - s.statusCode = codes.Unknown + statusCode = codes.Unknown } - s.statusDesc = fmt.Sprintf("stream terminated by RST_STREAM with error code: %d", f.ErrCode) - close(s.done) + s.finish(status.Newf(statusCode, "stream terminated by RST_STREAM with error code: %d", f.ErrCode)) s.mu.Unlock() s.write(recvMsg{err: io.EOF}) } @@ -811,6 +890,9 @@ func (t *http2Client) handlePing(f *http2.PingFrame) { } func (t *http2Client) handleGoAway(f *http2.GoAwayFrame) { + if f.ErrCode == http2.ErrCodeEnhanceYourCalm { + grpclog.Printf("Client received GoAway with http2.ErrCodeEnhanceYourCalm.") + } t.mu.Lock() if t.state == reachable || t.state == draining { if f.LastStreamID > 0 && f.LastStreamID%2 != 1 { @@ -832,6 +914,7 @@ func (t *http2Client) handleGoAway(f *http2.GoAwayFrame) { t.mu.Unlock() return default: + t.setGoAwayReason(f) } t.goAwayID = f.LastStreamID close(t.goAway) @@ -839,6 +922,26 @@ func (t *http2Client) handleGoAway(f *http2.GoAwayFrame) { t.mu.Unlock() } +// setGoAwayReason sets the value of t.goAwayReason based +// on the GoAway frame received. +// It expects a lock on transport's mutext to be held by +// the caller. +func (t *http2Client) setGoAwayReason(f *http2.GoAwayFrame) { + t.goAwayReason = NoReason + switch f.ErrCode { + case http2.ErrCodeEnhanceYourCalm: + if string(f.DebugData()) == "too_many_pings" { + t.goAwayReason = TooManyPings + } + } +} + +func (t *http2Client) GetGoAwayReason() GoAwayReason { + t.mu.Lock() + defer t.mu.Unlock() + return t.goAwayReason +} + func (t *http2Client) handleWindowUpdate(f *http2.WindowUpdateFrame) { id := f.Header().StreamID incr := f.Increment @@ -857,23 +960,41 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) { if !ok { return } + s.bytesReceived = true var state decodeState for _, hf := range frame.Fields { - state.processHeaderField(hf) - } - if state.err != nil { - s.mu.Lock() - if !s.headerDone { - close(s.headerChan) - s.headerDone = true + if err := state.processHeaderField(hf); err != nil { + s.mu.Lock() + if !s.headerDone { + close(s.headerChan) + s.headerDone = true + } + s.mu.Unlock() + s.write(recvMsg{err: err}) + // Something wrong. Stops reading even when there is remaining. + return } - s.mu.Unlock() - s.write(recvMsg{err: state.err}) - // Something wrong. Stops reading even when there is remaining. - return } endStream := frame.StreamEnded() + var isHeader bool + defer func() { + if t.statsHandler != nil { + if isHeader { + inHeader := &stats.InHeader{ + Client: true, + WireLength: int(frame.Header().Length), + } + t.statsHandler.HandleRPC(s.clientStatsCtx, inHeader) + } else { + inTrailer := &stats.InTrailer{ + Client: true, + WireLength: int(frame.Header().Length), + } + t.statsHandler.HandleRPC(s.clientStatsCtx, inTrailer) + } + } + }() s.mu.Lock() if !endStream { @@ -885,6 +1006,7 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) { } close(s.headerChan) s.headerDone = true + isHeader = true } if !endStream || s.state == streamDone { s.mu.Unlock() @@ -894,10 +1016,7 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) { if len(state.mdata) > 0 { s.trailer = state.mdata } - s.statusCode = state.statusCode - s.statusDesc = state.statusDesc - close(s.done) - s.state = streamDone + s.finish(state.status()) s.mu.Unlock() s.write(recvMsg{err: io.EOF}) } @@ -925,6 +1044,7 @@ func (t *http2Client) reader() { t.notifyError(err) return } + atomic.CompareAndSwapUint32(&t.activity, 0, 1) sf, ok := frame.(*http2.SettingsFrame) if !ok { t.notifyError(err) @@ -935,6 +1055,7 @@ func (t *http2Client) reader() { // loop to keep reading incoming messages on this transport. for { frame, err := t.framer.readFrame() + atomic.CompareAndSwapUint32(&t.activity, 0, 1) if err != nil { // Abort an active stream if the http2.Framer returns a // http2.StreamError. This can happen only if the server's response @@ -986,21 +1107,15 @@ func (t *http2Client) applySettings(ss []http2.Setting) { s.Val = math.MaxInt32 } t.mu.Lock() - reset := t.streamsQuota != nil - if !reset { - t.streamsQuota = newQuotaPool(int(s.Val) - len(t.activeStreams)) - } ms := t.maxStreams t.maxStreams = int(s.Val) t.mu.Unlock() - if reset { - t.streamsQuota.reset(int(s.Val) - ms) - } + t.streamsQuota.add(int(s.Val) - ms) case http2.SettingInitialWindowSize: t.mu.Lock() for _, stream := range t.activeStreams { // Adjust the sending quota for each stream. - stream.sendQuotaPool.reset(int(s.Val - t.streamSendQuota)) + stream.sendQuotaPool.add(int(s.Val - t.streamSendQuota)) } t.streamSendQuota = s.Val t.mu.Unlock() @@ -1028,6 +1143,12 @@ func (t *http2Client) controller() { t.framer.writeSettings(true, i.ss...) } case *resetStream: + // If the server needs to be to intimated about stream closing, + // then we need to make sure the RST_STREAM frame is written to + // the wire before the headers of the next stream waiting on + // streamQuota. We ensure this by adding to the streamsQuota pool + // only after having acquired the writableChan to send RST_STREAM. + t.streamsQuota.add(1) t.framer.writeRSTStream(true, i.streamID, i.code) case *flushIO: t.framer.flushWrite() @@ -1047,6 +1168,61 @@ func (t *http2Client) controller() { } } +// keepalive running in a separate goroutune makes sure the connection is alive by sending pings. +func (t *http2Client) keepalive() { + p := &ping{data: [8]byte{}} + timer := time.NewTimer(t.kp.Time) + for { + select { + case <-timer.C: + if atomic.CompareAndSwapUint32(&t.activity, 1, 0) { + timer.Reset(t.kp.Time) + continue + } + // Check if keepalive should go dormant. + t.mu.Lock() + if len(t.activeStreams) < 1 && !t.kp.PermitWithoutStream { + // Make awakenKeepalive writable. + <-t.awakenKeepalive + t.mu.Unlock() + select { + case <-t.awakenKeepalive: + // If the control gets here a ping has been sent + // need to reset the timer with keepalive.Timeout. + case <-t.shutdownChan: + return + } + } else { + t.mu.Unlock() + // Send ping. + t.controlBuf.put(p) + } + + // By the time control gets here a ping has been sent one way or the other. + timer.Reset(t.kp.Timeout) + select { + case <-timer.C: + if atomic.CompareAndSwapUint32(&t.activity, 1, 0) { + timer.Reset(t.kp.Time) + continue + } + t.Close() + return + case <-t.shutdownChan: + if !timer.Stop() { + <-timer.C + } + return + } + case <-t.shutdownChan: + if !timer.Stop() { + <-timer.C + } + return + } + } +} + func (t *http2Client) Error() <-chan struct{} { return t.errorChan } diff --git a/components/engine/vendor/google.golang.org/grpc/transport/http2_server.go b/components/engine/vendor/google.golang.org/grpc/transport/http2_server.go index a62fb7c228..14cd19c64c 100644 --- a/components/engine/vendor/google.golang.org/grpc/transport/http2_server.go +++ b/components/engine/vendor/google.golang.org/grpc/transport/http2_server.go @@ -38,18 +38,26 @@ import ( "errors" "io" "math" + "math/rand" "net" "strconv" "sync" + "sync/atomic" + "time" + "github.com/golang/protobuf/proto" "golang.org/x/net/context" "golang.org/x/net/http2" "golang.org/x/net/http2/hpack" "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials" "google.golang.org/grpc/grpclog" + "google.golang.org/grpc/keepalive" "google.golang.org/grpc/metadata" "google.golang.org/grpc/peer" + "google.golang.org/grpc/stats" + "google.golang.org/grpc/status" + "google.golang.org/grpc/tap" ) // ErrIllegalHeaderWrite indicates that setting header is illegal because of @@ -58,9 +66,13 @@ var ErrIllegalHeaderWrite = errors.New("transport: the stream is done or WriteHe // http2Server implements the ServerTransport interface with HTTP2. type http2Server struct { + ctx context.Context conn net.Conn + remoteAddr net.Addr + localAddr net.Addr maxStreamID uint32 // max stream ID ever seen authInfo credentials.AuthInfo // auth info about the connection + inTapHandle tap.ServerInHandle // writableChan synchronizes write access to the transport. // A writer acquires the write lock by receiving a value on writableChan // and releases it by sending on writableChan. @@ -82,21 +94,46 @@ type http2Server struct { // sendQuotaPool provides flow control to outbound message. sendQuotaPool *quotaPool + stats stats.Handler + + // Flag to keep track of reading activity on transport. + // 1 is true and 0 is false. + activity uint32 // Accessed atomically. + // Keepalive and max-age parameters for the server. + kp keepalive.ServerParameters + + // Keepalive enforcement policy. + kep keepalive.EnforcementPolicy + // The time instance last ping was received. + lastPingAt time.Time + // Number of times the client has violated keepalive ping policy so far. + pingStrikes uint8 + // Flag to signify that number of ping strikes should be reset to 0. + // This is set whenever data or header frames are sent. + // 1 means yes. + resetPingStrikes uint32 // Accessed atomically. + mu sync.Mutex // guard the following state transportState activeStreams map[uint32]*Stream // the per-stream outbound flow control window size set by the peer. streamSendQuota uint32 + // idle is the time instant when the connection went idle. + // This is either the begining of the connection or when the number of + // RPCs go down to 0. + // When the connection is busy, this value is set to 0. + idle time.Time } // newHTTP2Server constructs a ServerTransport based on HTTP2. ConnectionError is // returned if something goes wrong. -func newHTTP2Server(conn net.Conn, maxStreams uint32, authInfo credentials.AuthInfo) (_ ServerTransport, err error) { +func newHTTP2Server(conn net.Conn, config *ServerConfig) (_ ServerTransport, err error) { framer := newFramer(conn) // Send initial settings as connection preface to client. var settings []http2.Setting // TODO(zhaoq): Have a better way to signal "no limit" because 0 is // permitted in the HTTP2 spec. + maxStreams := config.MaxStreams if maxStreams == 0 { maxStreams = math.MaxUint32 } else { @@ -119,14 +156,40 @@ func newHTTP2Server(conn net.Conn, maxStreams uint32, authInfo credentials.AuthI return nil, connectionErrorf(true, err, "transport: %v", err) } } + kp := config.KeepaliveParams + if kp.MaxConnectionIdle == 0 { + kp.MaxConnectionIdle = defaultMaxConnectionIdle + } + if kp.MaxConnectionAge == 0 { + kp.MaxConnectionAge = defaultMaxConnectionAge + } + // Add a jitter to MaxConnectionAge. + kp.MaxConnectionAge += getJitter(kp.MaxConnectionAge) + if kp.MaxConnectionAgeGrace == 0 { + kp.MaxConnectionAgeGrace = defaultMaxConnectionAgeGrace + } + if kp.Time == 0 { + kp.Time = defaultServerKeepaliveTime + } + if kp.Timeout == 0 { + kp.Timeout = defaultServerKeepaliveTimeout + } + kep := config.KeepalivePolicy + if kep.MinTime == 0 { + kep.MinTime = defaultKeepalivePolicyMinTime + } var buf bytes.Buffer t := &http2Server{ + ctx: context.Background(), conn: conn, - authInfo: authInfo, + remoteAddr: conn.RemoteAddr(), + localAddr: conn.LocalAddr(), + authInfo: config.AuthInfo, framer: framer, hBuf: &buf, hEnc: hpack.NewEncoder(&buf), maxStreams: maxStreams, + inTapHandle: config.InTapHandle, controlBuf: newRecvBuffer(), fc: &inFlow{limit: initialConnWindowSize}, sendQuotaPool: newQuotaPool(defaultWindowSize), @@ -135,14 +198,27 @@ func newHTTP2Server(conn net.Conn, maxStreams uint32, authInfo credentials.AuthI shutdownChan: make(chan struct{}), activeStreams: make(map[uint32]*Stream), streamSendQuota: defaultWindowSize, + stats: config.StatsHandler, + kp: kp, + idle: time.Now(), + kep: kep, + } + if t.stats != nil { + t.ctx = t.stats.TagConn(t.ctx, &stats.ConnTagInfo{ + RemoteAddr: t.remoteAddr, + LocalAddr: t.localAddr, + }) + connBegin := &stats.ConnBegin{} + t.stats.HandleConn(t.ctx, connBegin) } go t.controller() + go t.keepalive() t.writableChan <- 0 return t, nil } // operateHeader takes action on the decoded headers. -func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(*Stream)) (close bool) { +func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(*Stream), traceCtx func(context.Context, string) context.Context) (close bool) { buf := newRecvBuffer() s := &Stream{ id: frame.Header().StreamID, @@ -153,13 +229,12 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func( var state decodeState for _, hf := range frame.Fields { - state.processHeaderField(hf) - } - if err := state.err; err != nil { - if se, ok := err.(StreamError); ok { - t.controlBuf.put(&resetStream{s.id, statusCodeConvTab[se.Code]}) + if err := state.processHeaderField(hf); err != nil { + if se, ok := err.(StreamError); ok { + t.controlBuf.put(&resetStream{s.id, statusCodeConvTab[se.Code]}) + } + return } - return } if frame.StreamEnded() { @@ -168,12 +243,12 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func( } s.recvCompress = state.encoding if state.timeoutSet { - s.ctx, s.cancel = context.WithTimeout(context.TODO(), state.timeout) + s.ctx, s.cancel = context.WithTimeout(t.ctx, state.timeout) } else { - s.ctx, s.cancel = context.WithCancel(context.TODO()) + s.ctx, s.cancel = context.WithCancel(t.ctx) } pr := &peer.Peer{ - Addr: t.conn.RemoteAddr(), + Addr: t.remoteAddr, } // Attach Auth info if there is any. if t.authInfo != nil { @@ -186,7 +261,7 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func( s.ctx = newContextWithStream(s.ctx, s) // Attach the received metadata to the context. if len(state.mdata) > 0 { - s.ctx = metadata.NewContext(s.ctx, state.mdata) + s.ctx = metadata.NewIncomingContext(s.ctx, state.mdata) } s.dec = &recvBufferReader{ @@ -195,6 +270,18 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func( } s.recvCompress = state.encoding s.method = state.method + if t.inTapHandle != nil { + var err error + info := &tap.Info{ + FullMethodName: state.method, + } + s.ctx, err = t.inTapHandle(s.ctx, info) + if err != nil { + // TODO: Log the real error. + t.controlBuf.put(&resetStream{s.id, http2.ErrCodeRefusedStream}) + return + } + } t.mu.Lock() if t.state != reachable { t.mu.Unlock() @@ -214,17 +301,33 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func( t.maxStreamID = s.id s.sendQuotaPool = newQuotaPool(int(t.streamSendQuota)) t.activeStreams[s.id] = s + if len(t.activeStreams) == 1 { + t.idle = time.Time{} + } t.mu.Unlock() s.windowHandler = func(n int) { t.updateWindow(s, uint32(n)) } + s.ctx = traceCtx(s.ctx, s.method) + if t.stats != nil { + s.ctx = t.stats.TagRPC(s.ctx, &stats.RPCTagInfo{FullMethodName: s.method}) + inHeader := &stats.InHeader{ + FullMethod: s.method, + RemoteAddr: t.remoteAddr, + LocalAddr: t.localAddr, + Compression: s.recvCompress, + WireLength: int(frame.Header().Length), + } + t.stats.HandleRPC(s.ctx, inHeader) + } handle(s) return } // HandleStreams receives incoming streams using the given handler. This is // typically run in a separate goroutine. -func (t *http2Server) HandleStreams(handle func(*Stream)) { +// traceCtx attaches trace to ctx and returns the new context. +func (t *http2Server) HandleStreams(handle func(*Stream), traceCtx func(context.Context, string) context.Context) { // Check the validity of client preface. preface := make([]byte, len(clientPreface)) if _, err := io.ReadFull(t.conn, preface); err != nil { @@ -248,6 +351,7 @@ func (t *http2Server) HandleStreams(handle func(*Stream)) { t.Close() return } + atomic.StoreUint32(&t.activity, 1) sf, ok := frame.(*http2.SettingsFrame) if !ok { grpclog.Printf("transport: http2Server.HandleStreams saw invalid preface type %T from client", frame) @@ -258,6 +362,7 @@ func (t *http2Server) HandleStreams(handle func(*Stream)) { for { frame, err := t.framer.readFrame() + atomic.StoreUint32(&t.activity, 1) if err != nil { if se, ok := err.(http2.StreamError); ok { t.mu.Lock() @@ -279,7 +384,7 @@ func (t *http2Server) HandleStreams(handle func(*Stream)) { } switch frame := frame.(type) { case *http2.MetaHeadersFrame: - if t.operateHeaders(frame, handle) { + if t.operateHeaders(frame, handle, traceCtx) { t.Close() break } @@ -334,7 +439,7 @@ func (t *http2Server) updateWindow(s *Stream, n uint32) { } func (t *http2Server) handleData(f *http2.DataFrame) { - size := len(f.Data()) + size := f.Header().Length if err := t.fc.onData(uint32(size)); err != nil { grpclog.Printf("transport: http2Server %v", err) t.Close() @@ -349,6 +454,11 @@ func (t *http2Server) handleData(f *http2.DataFrame) { return } if size > 0 { + if f.Header().Flags.Has(http2.FlagDataPadded) { + if w := t.fc.onRead(uint32(size) - uint32(len(f.Data()))); w > 0 { + t.controlBuf.put(&windowUpdate{0, w}) + } + } s.mu.Lock() if s.state == streamDone { s.mu.Unlock() @@ -364,13 +474,20 @@ func (t *http2Server) handleData(f *http2.DataFrame) { t.controlBuf.put(&resetStream{s.id, http2.ErrCodeFlowControl}) return } + if f.Header().Flags.Has(http2.FlagDataPadded) { + if w := s.fc.onRead(uint32(size) - uint32(len(f.Data()))); w > 0 { + t.controlBuf.put(&windowUpdate{s.id, w}) + } + } s.mu.Unlock() // TODO(bradfitz, zhaoq): A copy is required here because there is no // guarantee f.Data() is consumed before the arrival of next frame. // Can this copy be eliminated? - data := make([]byte, size) - copy(data, f.Data()) - s.write(recvMsg{data: data}) + if len(f.Data()) > 0 { + data := make([]byte, len(f.Data())) + copy(data, f.Data()) + s.write(recvMsg{data: data}) + } } if f.Header().Flags.Has(http2.FlagDataEndStream) { // Received the end of stream from the client. @@ -404,6 +521,11 @@ func (t *http2Server) handleSettings(f *http2.SettingsFrame) { t.controlBuf.put(&settings{ack: true, ss: ss}) } +const ( + maxPingStrikes = 2 + defaultPingTimeout = 2 * time.Hour +) + func (t *http2Server) handlePing(f *http2.PingFrame) { if f.IsAck() { // Do nothing. return @@ -411,6 +533,38 @@ func (t *http2Server) handlePing(f *http2.PingFrame) { pingAck := &ping{ack: true} copy(pingAck.data[:], f.Data[:]) t.controlBuf.put(pingAck) + + now := time.Now() + defer func() { + t.lastPingAt = now + }() + // A reset ping strikes means that we don't need to check for policy + // violation for this ping and the pingStrikes counter should be set + // to 0. + if atomic.CompareAndSwapUint32(&t.resetPingStrikes, 1, 0) { + t.pingStrikes = 0 + return + } + t.mu.Lock() + ns := len(t.activeStreams) + t.mu.Unlock() + if ns < 1 && !t.kep.PermitWithoutStream { + // Keepalive shouldn't be active thus, this new ping should + // have come after atleast defaultPingTimeout. + if t.lastPingAt.Add(defaultPingTimeout).After(now) { + t.pingStrikes++ + } + } else { + // Check if keepalive policy is respected. + if t.lastPingAt.Add(t.kep.MinTime).After(now) { + t.pingStrikes++ + } + } + + if t.pingStrikes > maxPingStrikes { + // Send goaway and close the connection. + t.controlBuf.put(&goAway{code: http2.ErrCodeEnhanceYourCalm, debugData: []byte("too_many_pings")}) + } } func (t *http2Server) handleWindowUpdate(f *http2.WindowUpdateFrame) { @@ -429,6 +583,13 @@ func (t *http2Server) writeHeaders(s *Stream, b *bytes.Buffer, endStream bool) e first := true endHeaders := false var err error + defer func() { + if err == nil { + // Reset ping strikes when seding headers since that might cause the + // peer to send ping. + atomic.StoreUint32(&t.resetPingStrikes, 1) + } + }() // Sends the headers in a single batch. for !endHeaders { size := t.hBuf.Len() @@ -483,18 +644,25 @@ func (t *http2Server) WriteHeader(s *Stream, md metadata.MD) error { if s.sendCompress != "" { t.hEnc.WriteField(hpack.HeaderField{Name: "grpc-encoding", Value: s.sendCompress}) } - for k, v := range md { + for k, vv := range md { if isReservedHeader(k) { // Clients don't tolerate reading restricted headers after some non restricted ones were sent. continue } - for _, entry := range v { - t.hEnc.WriteField(hpack.HeaderField{Name: k, Value: entry}) + for _, v := range vv { + t.hEnc.WriteField(hpack.HeaderField{Name: k, Value: encodeMetadataHeader(k, v)}) } } + bufLen := t.hBuf.Len() if err := t.writeHeaders(s, t.hBuf, false); err != nil { return err } + if t.stats != nil { + outHeader := &stats.OutHeader{ + WireLength: bufLen, + } + t.stats.HandleRPC(s.Context(), outHeader) + } t.writableChan <- 0 return nil } @@ -503,7 +671,7 @@ func (t *http2Server) WriteHeader(s *Stream, md metadata.MD) error { // There is no further I/O operations being able to perform on this stream. // TODO(zhaoq): Now it indicates the end of entire stream. Revisit if early // OK is adopted. -func (t *http2Server) WriteStatus(s *Stream, statusCode codes.Code, statusDesc string) error { +func (t *http2Server) WriteStatus(s *Stream, st *status.Status) error { var headersSent, hasHeader bool s.mu.Lock() if s.state == streamDone { @@ -534,23 +702,41 @@ func (t *http2Server) WriteStatus(s *Stream, statusCode codes.Code, statusDesc s t.hEnc.WriteField( hpack.HeaderField{ Name: "grpc-status", - Value: strconv.Itoa(int(statusCode)), + Value: strconv.Itoa(int(st.Code())), }) - t.hEnc.WriteField(hpack.HeaderField{Name: "grpc-message", Value: encodeGrpcMessage(statusDesc)}) + t.hEnc.WriteField(hpack.HeaderField{Name: "grpc-message", Value: encodeGrpcMessage(st.Message())}) + + if p := st.Proto(); p != nil && len(p.Details) > 0 { + stBytes, err := proto.Marshal(p) + if err != nil { + // TODO: return error instead, when callers are able to handle it. + panic(err) + } + + t.hEnc.WriteField(hpack.HeaderField{Name: "grpc-status-details-bin", Value: encodeBinHeader(stBytes)}) + } + // Attach the trailer metadata. - for k, v := range s.trailer { + for k, vv := range s.trailer { // Clients don't tolerate reading restricted headers after some non restricted ones were sent. if isReservedHeader(k) { continue } - for _, entry := range v { - t.hEnc.WriteField(hpack.HeaderField{Name: k, Value: entry}) + for _, v := range vv { + t.hEnc.WriteField(hpack.HeaderField{Name: k, Value: encodeMetadataHeader(k, v)}) } } + bufLen := t.hBuf.Len() if err := t.writeHeaders(s, t.hBuf, true); err != nil { t.Close() return err } + if t.stats != nil { + outTrailer := &stats.OutTrailer{ + WireLength: bufLen, + } + t.stats.HandleRPC(s.Context(), outTrailer) + } t.closeStream(s) t.writableChan <- 0 return nil @@ -558,7 +744,7 @@ func (t *http2Server) WriteStatus(s *Stream, statusCode codes.Code, statusDesc s // Write converts the data into HTTP2 data frame and sends it out. Non-nil error // is returns if it fails (e.g., framing error, transport error). -func (t *http2Server) Write(s *Stream, data []byte, opts *Options) error { +func (t *http2Server) Write(s *Stream, data []byte, opts *Options) (err error) { // TODO(zhaoq): Support multi-writers for a single stream. var writeHeaderFrame bool s.mu.Lock() @@ -573,25 +759,27 @@ func (t *http2Server) Write(s *Stream, data []byte, opts *Options) error { if writeHeaderFrame { t.WriteHeader(s, nil) } + defer func() { + if err == nil { + // Reset ping strikes when sending data since this might cause + // the peer to send ping. + atomic.StoreUint32(&t.resetPingStrikes, 1) + } + }() r := bytes.NewBuffer(data) for { if r.Len() == 0 { return nil } size := http2MaxFrameLen - s.sendQuotaPool.add(0) // Wait until the stream has some quota to send the data. sq, err := wait(s.ctx, nil, nil, t.shutdownChan, s.sendQuotaPool.acquire()) if err != nil { return err } - t.sendQuotaPool.add(0) // Wait until the transport has some quota to send the data. tq, err := wait(s.ctx, nil, nil, t.shutdownChan, t.sendQuotaPool.acquire()) if err != nil { - if _, ok := err.(StreamError); ok { - t.sendQuotaPool.cancel() - } return err } if sq < size { @@ -659,7 +847,7 @@ func (t *http2Server) applySettings(ss []http2.Setting) { t.mu.Lock() defer t.mu.Unlock() for _, stream := range t.activeStreams { - stream.sendQuotaPool.reset(int(s.Val - t.streamSendQuota)) + stream.sendQuotaPool.add(int(s.Val - t.streamSendQuota)) } t.streamSendQuota = s.Val } @@ -667,6 +855,91 @@ func (t *http2Server) applySettings(ss []http2.Setting) { } } +// keepalive running in a separate goroutine does the following: +// 1. Gracefully closes an idle connection after a duration of keepalive.MaxConnectionIdle. +// 2. Gracefully closes any connection after a duration of keepalive.MaxConnectionAge. +// 3. Forcibly closes a connection after an additive period of keepalive.MaxConnectionAgeGrace over keepalive.MaxConnectionAge. +// 4. Makes sure a connection is alive by sending pings with a frequency of keepalive.Time and closes a non-resposive connection +// after an additional duration of keepalive.Timeout. +func (t *http2Server) keepalive() { + p := &ping{} + var pingSent bool + maxIdle := time.NewTimer(t.kp.MaxConnectionIdle) + maxAge := time.NewTimer(t.kp.MaxConnectionAge) + keepalive := time.NewTimer(t.kp.Time) + // NOTE: All exit paths of this function should reset their + // respecitve timers. A failure to do so will cause the + // following clean-up to deadlock and eventually leak. + defer func() { + if !maxIdle.Stop() { + <-maxIdle.C + } + if !maxAge.Stop() { + <-maxAge.C + } + if !keepalive.Stop() { + <-keepalive.C + } + }() + for { + select { + case <-maxIdle.C: + t.mu.Lock() + idle := t.idle + if idle.IsZero() { // The connection is non-idle. + t.mu.Unlock() + maxIdle.Reset(t.kp.MaxConnectionIdle) + continue + } + val := t.kp.MaxConnectionIdle - time.Since(idle) + if val <= 0 { + // The connection has been idle for a duration of keepalive.MaxConnectionIdle or more. + // Gracefully close the connection. + t.state = draining + t.mu.Unlock() + t.Drain() + // Reseting the timer so that the clean-up doesn't deadlock. + maxIdle.Reset(infinity) + return + } + t.mu.Unlock() + maxIdle.Reset(val) + case <-maxAge.C: + t.mu.Lock() + t.state = draining + t.mu.Unlock() + t.Drain() + maxAge.Reset(t.kp.MaxConnectionAgeGrace) + select { + case <-maxAge.C: + // Close the connection after grace period. + t.Close() + // Reseting the timer so that the clean-up doesn't deadlock. + maxAge.Reset(infinity) + case <-t.shutdownChan: + } + return + case <-keepalive.C: + if atomic.CompareAndSwapUint32(&t.activity, 1, 0) { + pingSent = false + keepalive.Reset(t.kp.Time) + continue + } + if pingSent { + t.Close() + // Reseting the timer so that the clean-up doesn't deadlock. + keepalive.Reset(infinity) + return + } + pingSent = true + t.controlBuf.put(p) + keepalive.Reset(t.kp.Timeout) + case <-t.shutdownChan: + return + } + } +} + // controller running in a separate goroutine takes charge of sending control // frames (e.g., window update, reset stream, setting, etc.) to the server. func (t *http2Server) controller() { @@ -698,7 +971,10 @@ func (t *http2Server) controller() { sid := t.maxStreamID t.state = draining t.mu.Unlock() - t.framer.writeGoAway(true, sid, http2.ErrCodeNo, nil) + t.framer.writeGoAway(true, sid, i.code, i.debugData) + if i.code == http2.ErrCodeEnhanceYourCalm { + t.Close() + } case *flushIO: t.framer.flushWrite() case *ping: @@ -736,6 +1012,10 @@ func (t *http2Server) Close() (err error) { for _, s := range streams { s.cancel() } + if t.stats != nil { + connEnd := &stats.ConnEnd{} + t.stats.HandleConn(t.ctx, connEnd) + } return } @@ -744,6 +1024,9 @@ func (t *http2Server) Close() (err error) { func (t *http2Server) closeStream(s *Stream) { t.mu.Lock() delete(t.activeStreams, s.id) + if len(t.activeStreams) == 0 { + t.idle = time.Now() + } if t.state == draining && len(t.activeStreams) == 0 { defer t.Close() } @@ -767,9 +1050,21 @@ func (t *http2Server) closeStream(s *Stream) { } func (t *http2Server) RemoteAddr() net.Addr { - return t.conn.RemoteAddr() + return t.remoteAddr } func (t *http2Server) Drain() { - t.controlBuf.put(&goAway{}) + t.controlBuf.put(&goAway{code: http2.ErrCodeNo}) +} + +var rgen = rand.New(rand.NewSource(time.Now().UnixNano())) + +func getJitter(v time.Duration) time.Duration { + if v == infinity { + return 0 + } + // Generate a jitter between +/- 10% of the value. + r := int64(v / 10) + j := rgen.Int63n(2*r) - r + return time.Duration(j) } diff --git a/components/engine/vendor/google.golang.org/grpc/transport/http_util.go b/components/engine/vendor/google.golang.org/grpc/transport/http_util.go index a3c68d4cac..795d5d18a4 100644 --- a/components/engine/vendor/google.golang.org/grpc/transport/http_util.go +++ b/components/engine/vendor/google.golang.org/grpc/transport/http_util.go @@ -36,6 +36,7 @@ package transport import ( "bufio" "bytes" + "encoding/base64" "fmt" "io" "net" @@ -44,16 +45,16 @@ import ( "sync/atomic" "time" + "github.com/golang/protobuf/proto" "golang.org/x/net/http2" "golang.org/x/net/http2/hpack" + spb "google.golang.org/genproto/googleapis/rpc/status" "google.golang.org/grpc/codes" "google.golang.org/grpc/grpclog" - "google.golang.org/grpc/metadata" + "google.golang.org/grpc/status" ) const ( - // The primary user agent - primaryUA = "grpc-go/1.0" // http2MaxFrameLen specifies the max length of a HTTP2 frame. http2MaxFrameLen = 16384 // 16KB frame // http://http2.github.io/http2-spec/#SettingValues @@ -92,13 +93,15 @@ var ( // Records the states during HPACK decoding. Must be reset once the // decoding of the entire headers are finished. type decodeState struct { - err error // first error encountered decoding - encoding string - // statusCode caches the stream status received from the trailer - // the server sent. Client side only. - statusCode codes.Code - statusDesc string + // statusGen caches the stream status received from the trailer the server + // sent. Client side only. Do not access directly. After all trailers are + // parsed, use the status method to retrieve the status. + statusGen *status.Status + // rawStatusCode and rawStatusMsg are set from the raw trailer fields and are not + // intended for direct access outside of parsing. + rawStatusCode int32 + rawStatusMsg string // Server side only fields. timeoutSet bool timeout time.Duration @@ -121,6 +124,7 @@ func isReservedHeader(hdr string) bool { "grpc-message", "grpc-status", "grpc-timeout", + "grpc-status-details-bin", "te": return true default: @@ -139,12 +143,6 @@ func isWhitelistedPseudoHeader(hdr string) bool { } } -func (d *decodeState) setErr(err error) { - if d.err == nil { - d.err = err - } -} - func validContentType(t string) bool { e := "application/grpc" if !strings.HasPrefix(t, e) { @@ -158,56 +156,91 @@ func validContentType(t string) bool { return true } -func (d *decodeState) processHeaderField(f hpack.HeaderField) { +func (d *decodeState) status() *status.Status { + if d.statusGen == nil { + // No status-details were provided; generate status using code/msg. + d.statusGen = status.New(codes.Code(d.rawStatusCode), d.rawStatusMsg) + } + return d.statusGen +} + +const binHdrSuffix = "-bin" + +func encodeBinHeader(v []byte) string { + return base64.RawStdEncoding.EncodeToString(v) +} + +func decodeBinHeader(v string) ([]byte, error) { + if len(v)%4 == 0 { + // Input was padded, or padding was not necessary. + return base64.StdEncoding.DecodeString(v) + } + return base64.RawStdEncoding.DecodeString(v) +} + +func encodeMetadataHeader(k, v string) string { + if strings.HasSuffix(k, binHdrSuffix) { + return encodeBinHeader(([]byte)(v)) + } + return v +} + +func decodeMetadataHeader(k, v string) (string, error) { + if strings.HasSuffix(k, binHdrSuffix) { + b, err := decodeBinHeader(v) + return string(b), err + } + return v, nil +} + +func (d *decodeState) processHeaderField(f hpack.HeaderField) error { switch f.Name { case "content-type": if !validContentType(f.Value) { - d.setErr(streamErrorf(codes.FailedPrecondition, "transport: received the unexpected content-type %q", f.Value)) - return + return streamErrorf(codes.FailedPrecondition, "transport: received the unexpected content-type %q", f.Value) } case "grpc-encoding": d.encoding = f.Value case "grpc-status": code, err := strconv.Atoi(f.Value) if err != nil { - d.setErr(streamErrorf(codes.Internal, "transport: malformed grpc-status: %v", err)) - return + return streamErrorf(codes.Internal, "transport: malformed grpc-status: %v", err) } - d.statusCode = codes.Code(code) + d.rawStatusCode = int32(code) case "grpc-message": - d.statusDesc = decodeGrpcMessage(f.Value) + d.rawStatusMsg = decodeGrpcMessage(f.Value) + case "grpc-status-details-bin": + v, err := decodeBinHeader(f.Value) + if err != nil { + return streamErrorf(codes.Internal, "transport: malformed grpc-status-details-bin: %v", err) + } + s := &spb.Status{} + if err := proto.Unmarshal(v, s); err != nil { + return streamErrorf(codes.Internal, "transport: malformed grpc-status-details-bin: %v", err) + } + d.statusGen = status.FromProto(s) case "grpc-timeout": d.timeoutSet = true var err error - d.timeout, err = decodeTimeout(f.Value) - if err != nil { - d.setErr(streamErrorf(codes.Internal, "transport: malformed time-out: %v", err)) - return + if d.timeout, err = decodeTimeout(f.Value); err != nil { + return streamErrorf(codes.Internal, "transport: malformed time-out: %v", err) } case ":path": d.method = f.Value default: if !isReservedHeader(f.Name) || isWhitelistedPseudoHeader(f.Name) { - if f.Name == "user-agent" { - i := strings.LastIndex(f.Value, " ") - if i == -1 { - // There is no application user agent string being set. - return - } - // Extract the application user agent string. - f.Value = f.Value[:i] - } if d.mdata == nil { d.mdata = make(map[string][]string) } - k, v, err := metadata.DecodeKeyValue(f.Name, f.Value) + v, err := decodeMetadataHeader(f.Name, f.Value) if err != nil { grpclog.Printf("Failed to decode (%q, %q): %v", f.Name, f.Value, err) - return + return nil } - d.mdata[k] = append(d.mdata[k], v) + d.mdata[f.Name] = append(d.mdata[f.Name], v) } } + return nil } type timeoutUnit uint8 @@ -379,6 +412,9 @@ func newFramer(conn net.Conn) *framer { writer: bufio.NewWriterSize(conn, http2IOBufSize), } f.fr = http2.NewFramer(f.writer, f.reader) + // Opt-in to Frame reuse API on framer to reduce garbage. + // Frames aren't safe to read from after a subsequent call to ReadFrame. + f.fr.SetReuseFrames() f.fr.ReadMetaHeaders = hpack.NewDecoder(http2InitHeaderTableSize, nil) return f } diff --git a/components/engine/vendor/google.golang.org/grpc/transport/transport.go b/components/engine/vendor/google.golang.org/grpc/transport/transport.go index 413f7493b4..88c2c98721 100644 --- a/components/engine/vendor/google.golang.org/grpc/transport/transport.go +++ b/components/engine/vendor/google.golang.org/grpc/transport/transport.go @@ -45,10 +45,14 @@ import ( "sync" "golang.org/x/net/context" - "golang.org/x/net/trace" + "golang.org/x/net/http2" "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials" + "google.golang.org/grpc/keepalive" "google.golang.org/grpc/metadata" + "google.golang.org/grpc/stats" + "google.golang.org/grpc/status" + "google.golang.org/grpc/tap" ) // recvMsg represents the received msg from the transport. All transport @@ -167,6 +171,11 @@ type Stream struct { id uint32 // nil for client side Stream. st ServerTransport + // clientStatsCtx keeps the user context for stats handling. + // It's only valid on client side. Server side stats context is same as s.ctx. + // All client side stats collection should use the clientStatsCtx (instead of the stream context) + // so that all the generated stats for a particular RPC can be associated in the processing phase. + clientStatsCtx context.Context // ctx is the associated context of the stream. ctx context.Context // cancel is always nil for client side Stream. @@ -204,9 +213,17 @@ type Stream struct { // true iff headerChan is closed. Used to avoid closing headerChan // multiple times. headerDone bool - // the status received from the server. - statusCode codes.Code - statusDesc string + // the status error received from the server. + status *status.Status + // rstStream indicates whether a RST_STREAM frame needs to be sent + // to the server to signify that this stream is closing. + rstStream bool + // rstError is the error that needs to be sent along with the RST_STREAM frame. + rstError http2.ErrCode + // bytesSent and bytesReceived indicates whether any bytes have been sent or + // received on this stream. + bytesSent bool + bytesReceived bool } // RecvCompress returns the compression algorithm applied to the inbound @@ -266,24 +283,14 @@ func (s *Stream) Context() context.Context { return s.ctx } -// TraceContext recreates the context of s with a trace.Trace. -func (s *Stream) TraceContext(tr trace.Trace) { - s.ctx = trace.NewContext(s.ctx, tr) -} - // Method returns the method for the stream. func (s *Stream) Method() string { return s.method } -// StatusCode returns statusCode received from the server. -func (s *Stream) StatusCode() codes.Code { - return s.statusCode -} - -// StatusDesc returns statusDesc received from the server. -func (s *Stream) StatusDesc() string { - return s.statusDesc +// Status returns the status received from the server. +func (s *Stream) Status() *status.Status { + return s.status } // SetHeader sets the header metadata. This can be called multiple times. @@ -330,6 +337,34 @@ func (s *Stream) Read(p []byte) (n int, err error) { return } +// finish sets the stream's state and status, and closes the done channel. +// s.mu must be held by the caller. st must always be non-nil. +func (s *Stream) finish(st *status.Status) { + s.status = st + s.state = streamDone + close(s.done) +} + +// BytesSent indicates whether any bytes have been sent on this stream. +func (s *Stream) BytesSent() bool { + s.mu.Lock() + defer s.mu.Unlock() + return s.bytesSent +} + +// BytesReceived indicates whether any bytes have been received on this stream. +func (s *Stream) BytesReceived() bool { + s.mu.Lock() + defer s.mu.Unlock() + return s.bytesReceived +} + +// GoString is implemented by Stream so context.String() won't +// race when printing %#v. +func (s *Stream) GoString() string { + return fmt.Sprintf("", s, s.method) +} + // The key to save transport.Stream in the context. type streamKey struct{} @@ -355,22 +390,41 @@ const ( draining ) +// ServerConfig consists of all the configurations to establish a server transport. +type ServerConfig struct { + MaxStreams uint32 + AuthInfo credentials.AuthInfo + InTapHandle tap.ServerInHandle + StatsHandler stats.Handler + KeepaliveParams keepalive.ServerParameters + KeepalivePolicy keepalive.EnforcementPolicy +} + // NewServerTransport creates a ServerTransport with conn or non-nil error // if it fails. -func NewServerTransport(protocol string, conn net.Conn, maxStreams uint32, authInfo credentials.AuthInfo) (ServerTransport, error) { - return newHTTP2Server(conn, maxStreams, authInfo) +func NewServerTransport(protocol string, conn net.Conn, config *ServerConfig) (ServerTransport, error) { + return newHTTP2Server(conn, config) } // ConnectOptions covers all relevant options for communicating with the server. type ConnectOptions struct { // UserAgent is the application user agent. UserAgent string + // Authority is the :authority pseudo-header to use. This field has no effect if + // TransportCredentials is set. + Authority string // Dialer specifies how to dial a network address. Dialer func(context.Context, string) (net.Conn, error) + // FailOnNonTempDialError specifies if gRPC fails on non-temporary dial errors. + FailOnNonTempDialError bool // PerRPCCredentials stores the PerRPCCredentials required to issue RPCs. PerRPCCredentials []credentials.PerRPCCredentials // TransportCredentials stores the Authenticator required to setup a client connection. TransportCredentials credentials.TransportCredentials + // KeepaliveParams stores the keepalive parameters. + KeepaliveParams keepalive.ClientParameters + // StatsHandler stores the handler for stats. + StatsHandler stats.Handler } // TargetInfo contains the information of the target such as network address and metadata. @@ -457,6 +511,9 @@ type ClientTransport interface { // receives the draining signal from the server (e.g., GOAWAY frame in // HTTP/2). GoAway() <-chan struct{} + + // GetGoAwayReason returns the reason why GoAway frame was received. + GetGoAwayReason() GoAwayReason } // ServerTransport is the common interface for all gRPC server-side transport @@ -466,7 +523,7 @@ type ClientTransport interface { // Write methods for a given Stream will be called serially. type ServerTransport interface { // HandleStreams receives incoming streams using the given handler. - HandleStreams(func(*Stream)) + HandleStreams(func(*Stream), func(context.Context, string) context.Context) // WriteHeader sends the header metadata for the given stream. // WriteHeader may not be called on all streams. @@ -476,10 +533,9 @@ type ServerTransport interface { // Write may not be called on all streams. Write(s *Stream, data []byte, opts *Options) error - // WriteStatus sends the status of a stream to the client. - // WriteStatus is the final call made on a stream and always - // occurs. - WriteStatus(s *Stream, statusCode codes.Code, statusDesc string) error + // WriteStatus sends the status of a stream to the client. WriteStatus is + // the final call made on a stream and always occurs. + WriteStatus(s *Stream, st *status.Status) error // Close tears down the transport. Once it is called, the transport // should not be accessed any more. All the pending streams and their @@ -545,6 +601,8 @@ var ( ErrStreamDrain = streamErrorf(codes.Unavailable, "the server stops accepting new RPCs") ) +// TODO: See if we can replace StreamError with status package errors. + // StreamError is an error that only affects one stream within a connection. type StreamError struct { Code codes.Code @@ -552,7 +610,7 @@ type StreamError struct { } func (e StreamError) Error() string { - return fmt.Sprintf("stream error: code = %d desc = %q", e.Code, e.Desc) + return fmt.Sprintf("stream error: code = %s desc = %q", e.Code, e.Desc) } // ContextErr converts the error from context package into a StreamError. @@ -593,3 +651,16 @@ func wait(ctx context.Context, done, goAway, closing <-chan struct{}, proceed <- return i, nil } } + +// GoAwayReason contains the reason for the GoAway frame received. +type GoAwayReason uint8 + +const ( + // Invalid indicates that no GoAway frame is received. + Invalid GoAwayReason = 0 + // NoReason is the default value when GoAway frame is received. + NoReason GoAwayReason = 1 + // TooManyPings indicates that a GoAway frame with ErrCodeEnhanceYourCalm + // was recieved and that the debug data said "too_many_pings". + TooManyPings GoAwayReason = 2 +) From 932c771fa135ac8b0ba5d612fd14d2a1e1189c81 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Sun, 14 May 2017 14:18:48 -0400 Subject: [PATCH 063/191] Remove CopyOnBuild from the daemon. Add CreateImage() to the daemon Refactor daemon.Comit() and expose a Image.NewChild() Update copy to use IDMappings. Signed-off-by: Daniel Nephin Upstream-commit: bd5f92d2631df7c932b93e72e45b39cba19f2f3b Component: engine --- components/engine/builder/builder.go | 14 ++- .../engine/builder/dockerfile/builder.go | 4 + components/engine/builder/dockerfile/copy.go | 57 ++++++++++ .../engine/builder/dockerfile/copy_unix.go | 64 +++++++++++ .../engine/builder/dockerfile/copy_windows.go | 8 ++ .../engine/builder/dockerfile/dispatchers.go | 11 +- .../engine/builder/dockerfile/imagecontext.go | 32 +++--- .../engine/builder/dockerfile/internals.go | 43 +++++++- .../builder/dockerfile/mockbackend_test.go | 25 +++++ components/engine/daemon/archive.go | 104 +----------------- components/engine/daemon/archive_unix.go | 35 ------ components/engine/daemon/archive_windows.go | 5 - components/engine/daemon/build.go | 28 +++++ components/engine/daemon/commit.go | 66 +++-------- components/engine/image/image.go | 58 ++++++++++ components/engine/layer/empty.go | 5 + 16 files changed, 334 insertions(+), 225 deletions(-) create mode 100644 components/engine/builder/dockerfile/copy_unix.go create mode 100644 components/engine/builder/dockerfile/copy_windows.go diff --git a/components/engine/builder/builder.go b/components/engine/builder/builder.go index 1aea99ea90..07a5500adb 100644 --- a/components/engine/builder/builder.go +++ b/components/engine/builder/builder.go @@ -11,6 +11,9 @@ import ( "github.com/docker/docker/api/types/backend" "github.com/docker/docker/api/types/container" containerpkg "github.com/docker/docker/container" + "github.com/docker/docker/image" + "github.com/docker/docker/layer" + "github.com/docker/docker/pkg/idtools" "golang.org/x/net/context" ) @@ -42,11 +45,9 @@ type Backend interface { // ContainerCreateWorkdir creates the workdir ContainerCreateWorkdir(containerID string) error - // ContainerCopy copies/extracts a source FileInfo to a destination path inside a container - // specified by a container object. - // TODO: extract in the builder instead of passing `decompress` - // TODO: use containerd/fs.changestream instead as a source - CopyOnBuild(containerID string, destPath string, srcRoot string, srcPath string, decompress bool) error + CreateImage(config []byte, parent string) (string, error) + + IDMappings() *idtools.IDMappings ImageCacheBuilder } @@ -96,10 +97,13 @@ type ImageCache interface { type Image interface { ImageID() string RunConfig() *container.Config + MarshalJSON() ([]byte, error) + NewChild(child image.ChildConfig) *image.Image } // ReleaseableLayer is an image layer that can be mounted and released type ReleaseableLayer interface { Release() error Mount() (string, error) + DiffID() layer.DiffID } diff --git a/components/engine/builder/dockerfile/builder.go b/components/engine/builder/dockerfile/builder.go index 52b540ab5d..c50570a6fd 100644 --- a/components/engine/builder/dockerfile/builder.go +++ b/components/engine/builder/dockerfile/builder.go @@ -15,6 +15,8 @@ import ( "github.com/docker/docker/builder/dockerfile/command" "github.com/docker/docker/builder/dockerfile/parser" "github.com/docker/docker/builder/remotecontext" + "github.com/docker/docker/pkg/archive" + "github.com/docker/docker/pkg/chrootarchive" "github.com/docker/docker/pkg/streamformatter" "github.com/docker/docker/pkg/stringid" "github.com/pkg/errors" @@ -98,6 +100,7 @@ type Builder struct { docker builder.Backend clientCtx context.Context + archiver *archive.Archiver buildStages *buildStages disableCommit bool buildArgs *buildArgs @@ -121,6 +124,7 @@ func newBuilder(clientCtx context.Context, options builderOptions) *Builder { Aux: options.ProgressWriter.AuxFormatter, Output: options.ProgressWriter.Output, docker: options.Backend, + archiver: chrootarchive.NewArchiver(options.Backend.IDMappings()), buildArgs: newBuildArgs(config.BuildArgs), buildStages: newBuildStages(), imageSources: newImageSources(clientCtx, options), diff --git a/components/engine/builder/dockerfile/copy.go b/components/engine/builder/dockerfile/copy.go index db98eb92e1..ace6b9878a 100644 --- a/components/engine/builder/dockerfile/copy.go +++ b/components/engine/builder/dockerfile/copy.go @@ -13,9 +13,12 @@ import ( "github.com/docker/docker/builder" "github.com/docker/docker/builder/remotecontext" + "github.com/docker/docker/pkg/archive" + "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/ioutils" "github.com/docker/docker/pkg/progress" "github.com/docker/docker/pkg/streamformatter" + "github.com/docker/docker/pkg/symlink" "github.com/docker/docker/pkg/system" "github.com/docker/docker/pkg/urlutil" "github.com/pkg/errors" @@ -34,6 +37,10 @@ type copyInfo struct { hash string } +func (c copyInfo) fullPath() (string, error) { + return symlink.FollowSymlinkInScope(filepath.Join(c.root, c.path), c.root) +} + func newCopyInfoFromSource(source builder.Source, path string, hash string) copyInfo { return copyInfo{root: source.Root(), path: path, hash: hash} } @@ -355,3 +362,53 @@ func downloadSource(output io.Writer, stdout io.Writer, srcURL string) (remote b lc, err := remotecontext.NewLazyContext(tmpDir) return lc, filename, err } + +type copyFileOptions struct { + decompress bool + archiver *archive.Archiver +} + +func copyFile(dest copyInfo, source copyInfo, options copyFileOptions) error { + srcPath, err := source.fullPath() + if err != nil { + return err + } + destPath, err := dest.fullPath() + if err != nil { + return err + } + + archiver := options.archiver + rootIDs := archiver.IDMappings.RootPair() + + src, err := os.Stat(srcPath) + if err != nil { + return err // TODO: errors.Wrapf + } + if src.IsDir() { + if err := archiver.CopyWithTar(srcPath, destPath); err != nil { + return err + } + return fixPermissions(srcPath, destPath, rootIDs) + } + + if options.decompress && archive.IsArchivePath(srcPath) { + // To support the untar feature we need to clean up the path a little bit + // because tar is not very forgiving + tarDest := dest.path + // TODO: could this be just TrimSuffix()? + if strings.HasSuffix(tarDest, string(os.PathSeparator)) { + tarDest = filepath.Dir(dest.path) + } + return archiver.UntarPath(srcPath, tarDest) + } + + if err := idtools.MkdirAllAndChownNew(filepath.Dir(destPath), 0755, rootIDs); err != nil { + return err + } + if err := archiver.CopyFileWithTar(srcPath, destPath); err != nil { + return err + } + // TODO: do I have to change destPath to the filename? + return fixPermissions(srcPath, destPath, rootIDs) +} diff --git a/components/engine/builder/dockerfile/copy_unix.go b/components/engine/builder/dockerfile/copy_unix.go new file mode 100644 index 0000000000..ecbbd33368 --- /dev/null +++ b/components/engine/builder/dockerfile/copy_unix.go @@ -0,0 +1,64 @@ +package dockerfile + +import ( + "os" + "path/filepath" + + "github.com/docker/docker/pkg/idtools" +) + +func pathExists(path string) (bool, error) { + _, err := os.Stat(path) + switch { + case err == nil: + return true, nil + case os.IsNotExist(err): + return false, nil + } + return false, err +} + +// TODO: review this +func fixPermissions(source, destination string, rootIDs idtools.IDPair) error { + doChownDestination, err := chownDestinationRoot(destination) + if err != nil { + return err + } + + // We Walk on the source rather than on the destination because we don't + // want to change permissions on things we haven't created or modified. + return filepath.Walk(source, func(fullpath string, info os.FileInfo, err error) error { + // Do not alter the walk root iff. it existed before, as it doesn't fall under + // the domain of "things we should chown". + if !doChownDestination && (source == fullpath) { + return nil + } + + // Path is prefixed by source: substitute with destination instead. + cleaned, err := filepath.Rel(source, fullpath) + if err != nil { + return err + } + + fullpath = filepath.Join(destination, cleaned) + return os.Lchown(fullpath, rootIDs.UID, rootIDs.GID) + }) +} + +// If the destination didn't already exist, or the destination isn't a +// directory, then we should Lchown the destination. Otherwise, we shouldn't +// Lchown the destination. +func chownDestinationRoot(destination string) (bool, error) { + destExists, err := pathExists(destination) + if err != nil { + return false, err + } + destStat, err := os.Stat(destination) + if err != nil { + // This should *never* be reached, because the destination must've already + // been created while untar-ing the context. + return false, err + } + + return !destExists || !destStat.IsDir(), nil +} diff --git a/components/engine/builder/dockerfile/copy_windows.go b/components/engine/builder/dockerfile/copy_windows.go new file mode 100644 index 0000000000..78f5b09457 --- /dev/null +++ b/components/engine/builder/dockerfile/copy_windows.go @@ -0,0 +1,8 @@ +package dockerfile + +import "github.com/docker/docker/pkg/idtools" + +func fixPermissions(source, destination string, rootIDs idtools.IDPair) error { + // chown is not supported on Windows + return nil +} diff --git a/components/engine/builder/dockerfile/dispatchers.go b/components/engine/builder/dockerfile/dispatchers.go index ca67eb7f30..1935ac85c5 100644 --- a/components/engine/builder/dockerfile/dispatchers.go +++ b/components/engine/builder/dockerfile/dispatchers.go @@ -23,6 +23,7 @@ import ( "github.com/docker/docker/api/types/strslice" "github.com/docker/docker/builder" "github.com/docker/docker/builder/dockerfile/parser" + "github.com/docker/docker/image" "github.com/docker/docker/pkg/jsonmessage" "github.com/docker/docker/pkg/signal" "github.com/docker/go-connections/nat" @@ -251,10 +252,8 @@ func parseBuildStageName(args []string) (string, error) { return stageName, nil } -// scratchImage is used as a token for the empty base image. It uses buildStage -// as a convenient implementation of builder.Image, but is not actually a -// buildStage. -var scratchImage builder.Image = &buildStage{} +// scratchImage is used as a token for the empty base image. +var scratchImage builder.Image = &image.Image{} func (b *Builder) getFromImage(shlex *ShellLex, name string) (builder.Image, error) { substitutionArgs := []string{} @@ -267,8 +266,8 @@ func (b *Builder) getFromImage(shlex *ShellLex, name string) (builder.Image, err return nil, err } - if im, ok := b.buildStages.getByName(name); ok { - return im, nil + if stage, ok := b.buildStages.getByName(name); ok { + name = stage.ImageID() } // Windows cannot support a container with no base image. diff --git a/components/engine/builder/dockerfile/imagecontext.go b/components/engine/builder/dockerfile/imagecontext.go index f89cc8d9ce..5aba2ff936 100644 --- a/components/engine/builder/dockerfile/imagecontext.go +++ b/components/engine/builder/dockerfile/imagecontext.go @@ -6,37 +6,29 @@ import ( "github.com/Sirupsen/logrus" "github.com/docker/docker/api/types/backend" - "github.com/docker/docker/api/types/container" "github.com/docker/docker/builder" "github.com/docker/docker/builder/remotecontext" + "github.com/docker/docker/layer" "github.com/pkg/errors" "golang.org/x/net/context" ) type buildStage struct { - id string - config *container.Config + id string } -func newBuildStageFromImage(image builder.Image) *buildStage { - return &buildStage{id: image.ImageID(), config: image.RunConfig()} +func newBuildStage(imageID string) *buildStage { + return &buildStage{id: imageID} } func (b *buildStage) ImageID() string { return b.id } -func (b *buildStage) RunConfig() *container.Config { - return b.config -} - -func (b *buildStage) update(imageID string, runConfig *container.Config) { +func (b *buildStage) update(imageID string) { b.id = imageID - b.config = runConfig } -var _ builder.Image = &buildStage{} - // buildStages tracks each stage of a build so they can be retrieved by index // or by name. type buildStages struct { @@ -48,12 +40,12 @@ func newBuildStages() *buildStages { return &buildStages{byName: make(map[string]*buildStage)} } -func (s *buildStages) getByName(name string) (builder.Image, bool) { +func (s *buildStages) getByName(name string) (*buildStage, bool) { stage, ok := s.byName[strings.ToLower(name)] return stage, ok } -func (s *buildStages) get(indexOrName string) (builder.Image, error) { +func (s *buildStages) get(indexOrName string) (*buildStage, error) { index, err := strconv.Atoi(indexOrName) if err == nil { if err := s.validateIndex(index); err != nil { @@ -78,7 +70,7 @@ func (s *buildStages) validateIndex(i int) error { } func (s *buildStages) add(name string, image builder.Image) error { - stage := newBuildStageFromImage(image) + stage := newBuildStage(image.ImageID()) name = strings.ToLower(name) if len(name) > 0 { if _, ok := s.byName[name]; ok { @@ -90,8 +82,8 @@ func (s *buildStages) add(name string, image builder.Image) error { return nil } -func (s *buildStages) update(imageID string, runConfig *container.Config) { - s.sequence[len(s.sequence)-1].update(imageID, runConfig) +func (s *buildStages) update(imageID string) { + s.sequence[len(s.sequence)-1].update(imageID) } type getAndMountFunc func(string) (builder.Image, builder.ReleaseableLayer, error) @@ -190,3 +182,7 @@ func (im *imageMount) Image() builder.Image { func (im *imageMount) ImageID() string { return im.image.ImageID() } + +func (im *imageMount) DiffID() layer.DiffID { + return im.layer.DiffID() +} diff --git a/components/engine/builder/dockerfile/internals.go b/components/engine/builder/dockerfile/internals.go index 2d02e57a69..ef64455ffb 100644 --- a/components/engine/builder/dockerfile/internals.go +++ b/components/engine/builder/dockerfile/internals.go @@ -12,6 +12,8 @@ import ( "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/backend" "github.com/docker/docker/api/types/container" + "github.com/docker/docker/builder" + "github.com/docker/docker/image" "github.com/docker/docker/pkg/stringid" "github.com/pkg/errors" ) @@ -37,7 +39,6 @@ func (b *Builder) commit(dispatchState *dispatchState, comment string) error { return b.commitContainer(dispatchState, id, runConfigWithCommentCmd) } -// TODO: see if any args can be dropped func (b *Builder) commitContainer(dispatchState *dispatchState, id string, containerConfig *container.Config) error { if b.disableCommit { return nil @@ -60,10 +61,20 @@ func (b *Builder) commitContainer(dispatchState *dispatchState, id string, conta } dispatchState.imageID = imageID - b.buildStages.update(imageID, dispatchState.runConfig) + b.buildStages.update(imageID) return nil } +func (b *Builder) exportImage(state *dispatchState, image builder.Image) error { + config, err := image.MarshalJSON() + if err != nil { + return errors.Wrap(err, "failed to encode image config") + } + + state.imageID, err = b.docker.CreateImage(config, state.imageID) + return err +} + func (b *Builder) performCopy(state *dispatchState, inst copyInstruction) error { srcHash := getSourceHashFromInfos(inst.infos) @@ -83,12 +94,34 @@ func (b *Builder) performCopy(state *dispatchState, inst copyInstruction) error return err } + imageMount, err := b.imageSources.Get(state.imageID) + if err != nil { + return err + } + destSource, err := imageMount.Source() + if err != nil { + return err + } + + destInfo := newCopyInfoFromSource(destSource, dest, "") + opts := copyFileOptions{ + decompress: inst.allowLocalDecompression, + archiver: b.archiver, + } for _, info := range inst.infos { - if err := b.docker.CopyOnBuild(containerID, dest, info.root, info.path, inst.allowLocalDecompression); err != nil { + if err := copyFile(destInfo, info, opts); err != nil { return err } } - return b.commitContainer(state, containerID, runConfigWithCommentCmd) + + newImage := imageMount.Image().NewChild(image.ChildConfig{ + Author: state.maintainer, + DiffID: imageMount.DiffID(), + ContainerConfig: runConfigWithCommentCmd, + // TODO: ContainerID? + // TODO: Config? + }) + return b.exportImage(state, newImage) } // For backwards compat, if there's just one info then use it as the @@ -182,7 +215,7 @@ func (b *Builder) probeCache(dispatchState *dispatchState, runConfig *container. fmt.Fprint(b.Stdout, " ---> Using cache\n") dispatchState.imageID = string(cachedID) - b.buildStages.update(dispatchState.imageID, runConfig) + b.buildStages.update(dispatchState.imageID) return true, nil } diff --git a/components/engine/builder/dockerfile/mockbackend_test.go b/components/engine/builder/dockerfile/mockbackend_test.go index 08ce18c2e8..cf4c83edd8 100644 --- a/components/engine/builder/dockerfile/mockbackend_test.go +++ b/components/engine/builder/dockerfile/mockbackend_test.go @@ -1,6 +1,7 @@ package dockerfile import ( + "encoding/json" "io" "github.com/docker/docker/api/types" @@ -8,6 +9,9 @@ import ( "github.com/docker/docker/api/types/container" "github.com/docker/docker/builder" containerpkg "github.com/docker/docker/container" + "github.com/docker/docker/image" + "github.com/docker/docker/layer" + "github.com/docker/docker/pkg/idtools" "golang.org/x/net/context" ) @@ -76,6 +80,14 @@ func (m *MockBackend) MakeImageCache(cacheFrom []string) builder.ImageCache { return nil } +func (m *MockBackend) CreateImage(config []byte, parent string) (string, error) { + return "c411d1d", nil +} + +func (m *MockBackend) IDMappings() *idtools.IDMappings { + return &idtools.IDMappings{} +} + type mockImage struct { id string config *container.Config @@ -89,6 +101,15 @@ func (i *mockImage) RunConfig() *container.Config { return i.config } +func (i *mockImage) MarshalJSON() ([]byte, error) { + type rawImage mockImage + return json.Marshal(rawImage(*i)) +} + +func (i *mockImage) NewChild(child image.ChildConfig) *image.Image { + return nil +} + type mockImageCache struct { getCacheFunc func(parentID string, cfg *container.Config) (string, error) } @@ -109,3 +130,7 @@ func (l *mockLayer) Release() error { func (l *mockLayer) Mount() (string, error) { return "mountPath", nil } + +func (l *mockLayer) DiffID() layer.DiffID { + return layer.DiffID("abcdef12345") +} diff --git a/components/engine/daemon/archive.go b/components/engine/daemon/archive.go index 3fb75bbb22..5db1ef9826 100644 --- a/components/engine/daemon/archive.go +++ b/components/engine/daemon/archive.go @@ -10,9 +10,7 @@ import ( "github.com/docker/docker/container" "github.com/docker/docker/pkg/archive" "github.com/docker/docker/pkg/chrootarchive" - "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/ioutils" - "github.com/docker/docker/pkg/symlink" "github.com/docker/docker/pkg/system" "github.com/pkg/errors" ) @@ -361,104 +359,4 @@ func (daemon *Daemon) containerCopy(container *container.Container, resource str }) daemon.LogContainerEvent(container, "copy") return reader, nil -} - -// CopyOnBuild copies/extracts a source FileInfo to a destination path inside a container -// specified by a container object. -// TODO: make sure callers don't unnecessarily convert destPath with filepath.FromSlash (Copy does it already). -// CopyOnBuild should take in abstract paths (with slashes) and the implementation should convert it to OS-specific paths. -func (daemon *Daemon) CopyOnBuild(cID, destPath, srcRoot, srcPath string, decompress bool) error { - fullSrcPath, err := symlink.FollowSymlinkInScope(filepath.Join(srcRoot, srcPath), srcRoot) - if err != nil { - return err - } - - destExists := true - destDir := false - rootIDs := daemon.idMappings.RootPair() - - // Work in daemon-local OS specific file paths - destPath = filepath.FromSlash(destPath) - - c, err := daemon.GetContainer(cID) - if err != nil { - return err - } - err = daemon.Mount(c) - if err != nil { - return err - } - defer daemon.Unmount(c) - - dest, err := c.GetResourcePath(destPath) - if err != nil { - return err - } - - // Preserve the trailing slash - // TODO: why are we appending another path separator if there was already one? - if strings.HasSuffix(destPath, string(os.PathSeparator)) || destPath == "." { - destDir = true - dest += string(os.PathSeparator) - } - - destPath = dest - - destStat, err := os.Stat(destPath) - if err != nil { - if !os.IsNotExist(err) { - //logrus.Errorf("Error performing os.Stat on %s. %s", destPath, err) - return err - } - destExists = false - } - - archiver := chrootarchive.NewArchiver(daemon.idMappings) - src, err := os.Stat(fullSrcPath) - if err != nil { - return err - } - - if src.IsDir() { - // copy as directory - if err := archiver.CopyWithTar(fullSrcPath, destPath); err != nil { - return err - } - return fixPermissions(fullSrcPath, destPath, rootIDs.UID, rootIDs.GID, destExists) - } - if decompress && archive.IsArchivePath(fullSrcPath) { - // Only try to untar if it is a file and that we've been told to decompress (when ADD-ing a remote file) - - // First try to unpack the source as an archive - // to support the untar feature we need to clean up the path a little bit - // because tar is very forgiving. First we need to strip off the archive's - // filename from the path but this is only added if it does not end in slash - tarDest := destPath - if strings.HasSuffix(tarDest, string(os.PathSeparator)) { - tarDest = filepath.Dir(destPath) - } - - // try to successfully untar the orig - err := archiver.UntarPath(fullSrcPath, tarDest) - /* - if err != nil { - logrus.Errorf("Couldn't untar to %s: %v", tarDest, err) - } - */ - return err - } - - // only needed for fixPermissions, but might as well put it before CopyFileWithTar - if destDir || (destExists && destStat.IsDir()) { - destPath = filepath.Join(destPath, filepath.Base(srcPath)) - } - - if err := idtools.MkdirAllAndChownNew(filepath.Dir(destPath), 0755, rootIDs); err != nil { - return err - } - if err := archiver.CopyFileWithTar(fullSrcPath, destPath); err != nil { - return err - } - - return fixPermissions(fullSrcPath, destPath, rootIDs.UID, rootIDs.GID, destExists) -} +} \ No newline at end of file diff --git a/components/engine/daemon/archive_unix.go b/components/engine/daemon/archive_unix.go index 8806e2e198..d5dfad78cb 100644 --- a/components/engine/daemon/archive_unix.go +++ b/components/engine/daemon/archive_unix.go @@ -3,9 +3,6 @@ package daemon import ( - "os" - "path/filepath" - "github.com/docker/docker/container" ) @@ -25,38 +22,6 @@ func checkIfPathIsInAVolume(container *container.Container, absPath string) (boo return toVolume, nil } -func fixPermissions(source, destination string, uid, gid int, destExisted bool) error { - // If the destination didn't already exist, or the destination isn't a - // directory, then we should Lchown the destination. Otherwise, we shouldn't - // Lchown the destination. - destStat, err := os.Stat(destination) - if err != nil { - // This should *never* be reached, because the destination must've already - // been created while untar-ing the context. - return err - } - doChownDestination := !destExisted || !destStat.IsDir() - - // We Walk on the source rather than on the destination because we don't - // want to change permissions on things we haven't created or modified. - return filepath.Walk(source, func(fullpath string, info os.FileInfo, err error) error { - // Do not alter the walk root iff. it existed before, as it doesn't fall under - // the domain of "things we should chown". - if !doChownDestination && (source == fullpath) { - return nil - } - - // Path is prefixed by source: substitute with destination instead. - cleaned, err := filepath.Rel(source, fullpath) - if err != nil { - return err - } - - fullpath = filepath.Join(destination, cleaned) - return os.Lchown(fullpath, uid, gid) - }) -} - // isOnlineFSOperationPermitted returns an error if an online filesystem operation // is not permitted. func (daemon *Daemon) isOnlineFSOperationPermitted(container *container.Container) error { diff --git a/components/engine/daemon/archive_windows.go b/components/engine/daemon/archive_windows.go index 1c5a894f7c..ab105607d5 100644 --- a/components/engine/daemon/archive_windows.go +++ b/components/engine/daemon/archive_windows.go @@ -17,11 +17,6 @@ func checkIfPathIsInAVolume(container *container.Container, absPath string) (boo return false, nil } -func fixPermissions(source, destination string, uid, gid int, destExisted bool) error { - // chown is not supported on Windows - return nil -} - // isOnlineFSOperationPermitted returns an error if an online filesystem operation // is not permitted (such as stat or for copying). Running Hyper-V containers // cannot have their file-system interrogated from the host as the filter is diff --git a/components/engine/daemon/build.go b/components/engine/daemon/build.go index 1bf05ded2c..3005ede7d1 100644 --- a/components/engine/daemon/build.go +++ b/components/engine/daemon/build.go @@ -8,6 +8,7 @@ import ( "github.com/docker/docker/builder" "github.com/docker/docker/image" "github.com/docker/docker/layer" + "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/stringid" "github.com/docker/docker/registry" "github.com/pkg/errors" @@ -40,6 +41,10 @@ func (rl *releaseableLayer) Release() error { return rl.releaseROLayer() } +func (rl *releaseableLayer) DiffID() layer.DiffID { + return rl.roLayer.DiffID() +} + func (rl *releaseableLayer) releaseRWLayer() error { if rl.rwLayer == nil { return nil @@ -120,3 +125,26 @@ func (daemon *Daemon) GetImageAndReleasableLayer(ctx context.Context, refOrID st layer, err := newReleasableLayerForImage(image, daemon.layerStore) return image, layer, err } + +// CreateImage creates a new image by adding a config and ID to the image store. +// This is similar to LoadImage() except that it receives JSON encoded bytes of +// an image instead of a tar archive. +func (daemon *Daemon) CreateImage(config []byte, parent string) (string, error) { + id, err := daemon.imageStore.Create(config) + if err != nil { + return "", err + } + + if parent != "" { + if err := daemon.imageStore.SetParent(id, image.ID(parent)); err != nil { + return "", err + } + } + // TODO: do we need any daemon.LogContainerEventWithAttributes? + return id.String(), nil +} + +// IDMappings returns uid/gid mappings for the builder +func (daemon *Daemon) IDMappings() *idtools.IDMappings { + return daemon.idMappings +} diff --git a/components/engine/daemon/commit.go b/components/engine/daemon/commit.go index e64c7d3333..8125d28f65 100644 --- a/components/engine/daemon/commit.go +++ b/components/engine/daemon/commit.go @@ -12,7 +12,6 @@ import ( containertypes "github.com/docker/docker/api/types/container" "github.com/docker/docker/builder/dockerfile" "github.com/docker/docker/container" - "github.com/docker/docker/dockerversion" "github.com/docker/docker/image" "github.com/docker/docker/layer" "github.com/docker/docker/pkg/ioutils" @@ -129,11 +128,6 @@ func (daemon *Daemon) Commit(name string, c *backend.ContainerCommitConfig) (str return "", err } - containerConfig := c.ContainerConfig - if containerConfig == nil { - containerConfig = container.Config - } - // It is not possible to commit a running container on Windows and on Solaris. if (runtime.GOOS == "windows" || runtime.GOOS == "solaris") && container.IsRunning() { return "", errors.Errorf("%+v does not support commit of a running container", runtime.GOOS) @@ -165,60 +159,36 @@ func (daemon *Daemon) Commit(name string, c *backend.ContainerCommitConfig) (str } }() - var history []image.History - rootFS := image.NewRootFS() - osVersion := "" - var osFeatures []string - - if container.ImageID != "" { - img, err := daemon.imageStore.Get(container.ImageID) + var parent *image.Image + if container.ImageID == "" { + parent = new(image.Image) + parent.RootFS = image.NewRootFS() + } else { + parent, err = daemon.imageStore.Get(container.ImageID) if err != nil { return "", err } - history = img.History - rootFS = img.RootFS - osVersion = img.OSVersion - osFeatures = img.OSFeatures } - l, err := daemon.layerStore.Register(rwTar, rootFS.ChainID()) + l, err := daemon.layerStore.Register(rwTar, parent.RootFS.ChainID()) if err != nil { return "", err } defer layer.ReleaseAndLog(daemon.layerStore, l) - h := image.History{ - Author: c.Author, - Created: time.Now().UTC(), - CreatedBy: strings.Join(containerConfig.Cmd, " "), - Comment: c.Comment, - EmptyLayer: true, + containerConfig := c.ContainerConfig + if containerConfig == nil { + containerConfig = container.Config } - - if diffID := l.DiffID(); layer.DigestSHA256EmptyTar != diffID { - h.EmptyLayer = false - rootFS.Append(diffID) + cc := image.ChildConfig{ + ContainerID: container.ID, + Author: c.Author, + Comment: c.Comment, + ContainerConfig: containerConfig, + Config: newConfig, + DiffID: l.DiffID(), } - - history = append(history, h) - - config, err := json.Marshal(&image.Image{ - V1Image: image.V1Image{ - DockerVersion: dockerversion.Version, - Config: newConfig, - Architecture: runtime.GOARCH, - OS: runtime.GOOS, - Container: container.ID, - ContainerConfig: *containerConfig, - Author: c.Author, - Created: h.Created, - }, - RootFS: rootFS, - History: history, - OSFeatures: osFeatures, - OSVersion: osVersion, - }) - + config, err := json.Marshal(parent.NewChild(cc)) if err != nil { return "", err } diff --git a/components/engine/image/image.go b/components/engine/image/image.go index 17935ac234..20650a8429 100644 --- a/components/engine/image/image.go +++ b/components/engine/image/image.go @@ -7,7 +7,11 @@ import ( "time" "github.com/docker/docker/api/types/container" + "github.com/docker/docker/dockerversion" + "github.com/docker/docker/layer" "github.com/opencontainers/go-digest" + "runtime" + "strings" ) // ID is the content-addressable ID of an image. @@ -110,6 +114,48 @@ func (img *Image) MarshalJSON() ([]byte, error) { return json.Marshal(c) } +// ChildConfig is the configuration to apply to an Image to create a new +// Child image. Other properties of the image are copied from the parent. +type ChildConfig struct { + ContainerID string + Author string + Comment string + DiffID layer.DiffID + ContainerConfig *container.Config + Config *container.Config +} + +// NewChild creates a new Image as a child of this image. +func (img *Image) NewChild(child ChildConfig) *Image { + isEmptyLayer := layer.IsEmpty(child.DiffID) + rootFS := img.RootFS + if !isEmptyLayer { + rootFS.Append(child.DiffID) + } + imgHistory := NewHistory( + child.Author, + child.Comment, + strings.Join(child.ContainerConfig.Cmd, " "), + isEmptyLayer) + + return &Image{ + V1Image: V1Image{ + DockerVersion: dockerversion.Version, + Config: child.Config, + Architecture: runtime.GOARCH, + OS: runtime.GOOS, + Container: child.ContainerID, + ContainerConfig: *child.ContainerConfig, + Author: child.Author, + Created: imgHistory.Created, + }, + RootFS: rootFS, + History: append(img.History, imgHistory), + OSFeatures: img.OSFeatures, + OSVersion: img.OSVersion, + } +} + // History stores build commands that were used to create an image type History struct { // Created is the timestamp at which the image was created @@ -126,6 +172,18 @@ type History struct { EmptyLayer bool `json:"empty_layer,omitempty"` } +// NewHistory creates a new history struct from arguments, and sets the created +// time to the current time in UTC +func NewHistory(author, comment, createdBy string, isEmptyLayer bool) History { + return History{ + Author: author, + Created: time.Now().UTC(), + CreatedBy: createdBy, + Comment: comment, + EmptyLayer: isEmptyLayer, + } +} + // Exporter provides interface for loading and saving images type Exporter interface { Load(io.ReadCloser, io.Writer, bool) error diff --git a/components/engine/layer/empty.go b/components/engine/layer/empty.go index 3b6ffc82f7..80f2c12439 100644 --- a/components/engine/layer/empty.go +++ b/components/engine/layer/empty.go @@ -54,3 +54,8 @@ func (el *emptyLayer) DiffSize() (size int64, err error) { func (el *emptyLayer) Metadata() (map[string]string, error) { return make(map[string]string), nil } + +// IsEmpty returns true if the layer is an EmptyLayer +func IsEmpty(diffID DiffID) bool { + return diffID == DigestSHA256EmptyTar +} From 7be28755e37c371353fe1928e21b08544d357e0a Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 25 May 2017 16:02:29 -0400 Subject: [PATCH 064/191] Rename LazyContext to LazySource. Signed-off-by: Daniel Nephin Upstream-commit: ecd44d23cc3c863c20467377cf568b920e2dd89c Component: engine --- components/engine/builder/dockerfile/copy.go | 6 +++--- .../engine/builder/dockerfile/imagecontext.go | 2 +- .../engine/builder/dockerfile/internals.go | 2 +- .../engine/builder/remotecontext/detect.go | 2 +- .../engine/builder/remotecontext/lazycontext.go | 16 ++++++++-------- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/components/engine/builder/dockerfile/copy.go b/components/engine/builder/dockerfile/copy.go index ace6b9878a..268036e26c 100644 --- a/components/engine/builder/dockerfile/copy.go +++ b/components/engine/builder/dockerfile/copy.go @@ -155,7 +155,7 @@ func (o *copier) calcCopyInfo(origPath string, allowWildcards bool) ([]copyInfo, var err error o.source, err = imageSource.Source() if err != nil { - return nil, errors.Wrapf(err, "failed to copy") + return nil, errors.Wrapf(err, "failed to copy from %s", imageSource.ImageID()) } } @@ -359,7 +359,7 @@ func downloadSource(output io.Writer, stdout io.Writer, srcURL string) (remote b return } - lc, err := remotecontext.NewLazyContext(tmpDir) + lc, err := remotecontext.NewLazySource(tmpDir) return lc, filename, err } @@ -383,7 +383,7 @@ func copyFile(dest copyInfo, source copyInfo, options copyFileOptions) error { src, err := os.Stat(srcPath) if err != nil { - return err // TODO: errors.Wrapf + return errors.Wrapf(err, "source path not found") } if src.IsDir() { if err := archiver.CopyWithTar(srcPath, destPath); err != nil { diff --git a/components/engine/builder/dockerfile/imagecontext.go b/components/engine/builder/dockerfile/imagecontext.go index 5aba2ff936..4b47862ce6 100644 --- a/components/engine/builder/dockerfile/imagecontext.go +++ b/components/engine/builder/dockerfile/imagecontext.go @@ -156,7 +156,7 @@ func (im *imageMount) Source() (builder.Source, error) { if err != nil { return nil, errors.Wrapf(err, "failed to mount %s", im.image.ImageID()) } - source, err := remotecontext.NewLazyContext(mountPath) + source, err := remotecontext.NewLazySource(mountPath) if err != nil { return nil, errors.Wrapf(err, "failed to create lazycontext for %s", mountPath) } diff --git a/components/engine/builder/dockerfile/internals.go b/components/engine/builder/dockerfile/internals.go index ef64455ffb..095b6069c4 100644 --- a/components/engine/builder/dockerfile/internals.go +++ b/components/engine/builder/dockerfile/internals.go @@ -100,7 +100,7 @@ func (b *Builder) performCopy(state *dispatchState, inst copyInstruction) error } destSource, err := imageMount.Source() if err != nil { - return err + return errors.Wrapf(err, "failed to mount copy source") } destInfo := newCopyInfoFromSource(destSource, dest, "") diff --git a/components/engine/builder/remotecontext/detect.go b/components/engine/builder/remotecontext/detect.go index efac27f7ff..99385698cf 100644 --- a/components/engine/builder/remotecontext/detect.go +++ b/components/engine/builder/remotecontext/detect.go @@ -81,7 +81,7 @@ func withDockerfileFromContext(c modifiableContext, dockerfilePath string) (buil } func newGitRemote(gitURL string, dockerfilePath string) (builder.Source, *parser.Result, error) { - c, err := MakeGitContext(gitURL) // TODO: change this to NewLazyContext + c, err := MakeGitContext(gitURL) // TODO: change this to NewLazySource if err != nil { return nil, nil, err } diff --git a/components/engine/builder/remotecontext/lazycontext.go b/components/engine/builder/remotecontext/lazycontext.go index 283d82a7b1..41351a3583 100644 --- a/components/engine/builder/remotecontext/lazycontext.go +++ b/components/engine/builder/remotecontext/lazycontext.go @@ -12,30 +12,30 @@ import ( "github.com/pkg/errors" ) -// NewLazyContext creates a new LazyContext. LazyContext defines a hashed build +// NewLazySource creates a new LazyContext. LazyContext defines a hashed build // context based on a root directory. Individual files are hashed first time // they are asked. It is not safe to call methods of LazyContext concurrently. -func NewLazyContext(root string) (builder.Source, error) { - return &lazyContext{ +func NewLazySource(root string) (builder.Source, error) { + return &lazySource{ root: root, sums: make(map[string]string), }, nil } -type lazyContext struct { +type lazySource struct { root string sums map[string]string } -func (c *lazyContext) Root() string { +func (c *lazySource) Root() string { return c.root } -func (c *lazyContext) Close() error { +func (c *lazySource) Close() error { return nil } -func (c *lazyContext) Hash(path string) (string, error) { +func (c *lazySource) Hash(path string) (string, error) { cleanPath, fullPath, err := normalize(path, c.root) if err != nil { return "", err @@ -62,7 +62,7 @@ func (c *lazyContext) Hash(path string) (string, error) { return sum, nil } -func (c *lazyContext) prepareHash(relPath string, fi os.FileInfo) (string, error) { +func (c *lazySource) prepareHash(relPath string, fi os.FileInfo) (string, error) { p := filepath.Join(c.root, relPath) h, err := NewFileHash(p, relPath, fi) if err != nil { From 13d2adae3f0f304448a1e46a11088a21202e475b Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 25 May 2017 17:03:29 -0400 Subject: [PATCH 065/191] Fix copy when used with scratch and images with empty RootFS Commit the rwLayer to get the correct DiffID Refacator copy in thebuilder move more code into exportImage cleanup some windows tests Release the newly commited layer. Set the imageID on the buildStage after exporting a new image. Move archiver to BuildManager. Have ReleaseableLayer.Commit return a layer and store the Image from exportImage in the local imageSources cache Remove NewChild from image interface. Signed-off-by: Daniel Nephin Upstream-commit: 51360965206b0db49cc0365dabb590063a17a9df Component: engine --- .../api/server/backend/build/backend.go | 5 +- components/engine/builder/builder.go | 8 +- .../engine/builder/dockerfile/builder.go | 9 +- components/engine/builder/dockerfile/copy.go | 67 +++++++++----- .../engine/builder/dockerfile/copy_test.go | 45 ++++++++++ .../engine/builder/dockerfile/copy_unix.go | 36 +------- .../engine/builder/dockerfile/imagecontext.go | 30 +++++-- .../engine/builder/dockerfile/internals.go | 87 ++++++++++++------- .../builder/dockerfile/internals_unix.go | 2 +- .../builder/dockerfile/internals_windows.go | 6 +- .../dockerfile/internals_windows_test.go | 36 ++++---- .../builder/dockerfile/mockbackend_test.go | 22 ++--- components/engine/cmd/dockerd/daemon.go | 2 +- components/engine/daemon/archive.go | 2 +- components/engine/daemon/build.go | 64 ++++++++++---- components/engine/daemon/commit.go | 2 +- components/engine/image/image.go | 11 ++- components/engine/image/store.go | 4 +- .../integration-cli/docker_cli_build_test.go | 41 ++++----- .../engine/pkg/testutil/tempfile/tempfile.go | 20 +++++ 20 files changed, 319 insertions(+), 180 deletions(-) create mode 100644 components/engine/builder/dockerfile/copy_test.go diff --git a/components/engine/api/server/backend/build/backend.go b/components/engine/api/server/backend/build/backend.go index bf171441ca..00aa7c3126 100644 --- a/components/engine/api/server/backend/build/backend.go +++ b/components/engine/api/server/backend/build/backend.go @@ -8,6 +8,7 @@ import ( "github.com/docker/docker/builder" "github.com/docker/docker/builder/dockerfile" "github.com/docker/docker/image" + "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/stringid" "github.com/pkg/errors" "golang.org/x/net/context" @@ -26,8 +27,8 @@ type Backend struct { } // NewBackend creates a new build backend from components -func NewBackend(components ImageComponent, builderBackend builder.Backend) *Backend { - manager := dockerfile.NewBuildManager(builderBackend) +func NewBackend(components ImageComponent, builderBackend builder.Backend, idMappings *idtools.IDMappings) *Backend { + manager := dockerfile.NewBuildManager(builderBackend, idMappings) return &Backend{imageComponent: components, manager: manager} } diff --git a/components/engine/builder/builder.go b/components/engine/builder/builder.go index 07a5500adb..5cd6c838f9 100644 --- a/components/engine/builder/builder.go +++ b/components/engine/builder/builder.go @@ -11,9 +11,7 @@ import ( "github.com/docker/docker/api/types/backend" "github.com/docker/docker/api/types/container" containerpkg "github.com/docker/docker/container" - "github.com/docker/docker/image" "github.com/docker/docker/layer" - "github.com/docker/docker/pkg/idtools" "golang.org/x/net/context" ) @@ -45,9 +43,7 @@ type Backend interface { // ContainerCreateWorkdir creates the workdir ContainerCreateWorkdir(containerID string) error - CreateImage(config []byte, parent string) (string, error) - - IDMappings() *idtools.IDMappings + CreateImage(config []byte, parent string) (Image, error) ImageCacheBuilder } @@ -98,12 +94,12 @@ type Image interface { ImageID() string RunConfig() *container.Config MarshalJSON() ([]byte, error) - NewChild(child image.ChildConfig) *image.Image } // ReleaseableLayer is an image layer that can be mounted and released type ReleaseableLayer interface { Release() error Mount() (string, error) + Commit() (ReleaseableLayer, error) DiffID() layer.DiffID } diff --git a/components/engine/builder/dockerfile/builder.go b/components/engine/builder/dockerfile/builder.go index c50570a6fd..d35ed9b91a 100644 --- a/components/engine/builder/dockerfile/builder.go +++ b/components/engine/builder/dockerfile/builder.go @@ -17,6 +17,7 @@ import ( "github.com/docker/docker/builder/remotecontext" "github.com/docker/docker/pkg/archive" "github.com/docker/docker/pkg/chrootarchive" + "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/streamformatter" "github.com/docker/docker/pkg/stringid" "github.com/pkg/errors" @@ -39,15 +40,17 @@ var validCommitCommands = map[string]bool{ // BuildManager is shared across all Builder objects type BuildManager struct { + archiver *archive.Archiver backend builder.Backend pathCache pathCache // TODO: make this persistent } // NewBuildManager creates a BuildManager -func NewBuildManager(b builder.Backend) *BuildManager { +func NewBuildManager(b builder.Backend, idMappings *idtools.IDMappings) *BuildManager { return &BuildManager{ backend: b, pathCache: &syncmap.Map{}, + archiver: chrootarchive.NewArchiver(idMappings), } } @@ -75,6 +78,7 @@ func (bm *BuildManager) Build(ctx context.Context, config backend.BuildConfig) ( ProgressWriter: config.ProgressWriter, Backend: bm.backend, PathCache: bm.pathCache, + Archiver: bm.archiver, } return newBuilder(ctx, builderOptions).build(source, dockerfile) } @@ -85,6 +89,7 @@ type builderOptions struct { Backend builder.Backend ProgressWriter backend.ProgressWriter PathCache pathCache + Archiver *archive.Archiver } // Builder is a Dockerfile builder @@ -124,7 +129,7 @@ func newBuilder(clientCtx context.Context, options builderOptions) *Builder { Aux: options.ProgressWriter.AuxFormatter, Output: options.ProgressWriter.Output, docker: options.Backend, - archiver: chrootarchive.NewArchiver(options.Backend.IDMappings()), + archiver: options.Archiver, buildArgs: newBuildArgs(config.BuildArgs), buildStages: newBuildStages(), imageSources: newImageSources(clientCtx, options), diff --git a/components/engine/builder/dockerfile/copy.go b/components/engine/builder/dockerfile/copy.go index 268036e26c..0026bdc158 100644 --- a/components/engine/builder/dockerfile/copy.go +++ b/components/engine/builder/dockerfile/copy.go @@ -368,7 +368,7 @@ type copyFileOptions struct { archiver *archive.Archiver } -func copyFile(dest copyInfo, source copyInfo, options copyFileOptions) error { +func performCopyForInfo(dest copyInfo, source copyInfo, options copyFileOptions) error { srcPath, err := source.fullPath() if err != nil { return err @@ -379,36 +379,63 @@ func copyFile(dest copyInfo, source copyInfo, options copyFileOptions) error { } archiver := options.archiver - rootIDs := archiver.IDMappings.RootPair() src, err := os.Stat(srcPath) if err != nil { return errors.Wrapf(err, "source path not found") } if src.IsDir() { - if err := archiver.CopyWithTar(srcPath, destPath); err != nil { - return err - } - return fixPermissions(srcPath, destPath, rootIDs) + return copyDirectory(archiver, srcPath, destPath) } - if options.decompress && archive.IsArchivePath(srcPath) { - // To support the untar feature we need to clean up the path a little bit - // because tar is not very forgiving - tarDest := dest.path - // TODO: could this be just TrimSuffix()? - if strings.HasSuffix(tarDest, string(os.PathSeparator)) { - tarDest = filepath.Dir(dest.path) - } - return archiver.UntarPath(srcPath, tarDest) + return archiver.UntarPath(srcPath, destPath) } - if err := idtools.MkdirAllAndChownNew(filepath.Dir(destPath), 0755, rootIDs); err != nil { + destExistsAsDir, err := isExistingDirectory(destPath) + if err != nil { return err } - if err := archiver.CopyFileWithTar(srcPath, destPath); err != nil { - return err + // dest.path must be used because destPath has already been cleaned of any + // trailing slash + if endsInSlash(dest.path) || destExistsAsDir { + // source.path must be used to get the correct filename when the source + // is a symlink + destPath = filepath.Join(destPath, filepath.Base(source.path)) } - // TODO: do I have to change destPath to the filename? - return fixPermissions(srcPath, destPath, rootIDs) + return copyFile(archiver, srcPath, destPath) +} + +func copyDirectory(archiver *archive.Archiver, source, dest string) error { + if err := archiver.CopyWithTar(source, dest); err != nil { + return errors.Wrapf(err, "failed to copy directory") + } + return fixPermissions(source, dest, archiver.IDMappings.RootPair()) +} + +func copyFile(archiver *archive.Archiver, source, dest string) error { + rootIDs := archiver.IDMappings.RootPair() + + if err := idtools.MkdirAllAndChownNew(filepath.Dir(dest), 0755, rootIDs); err != nil { + return errors.Wrapf(err, "failed to create new directory") + } + if err := archiver.CopyFileWithTar(source, dest); err != nil { + return errors.Wrapf(err, "failed to copy file") + } + return fixPermissions(source, dest, rootIDs) +} + +func endsInSlash(path string) bool { + return strings.HasSuffix(path, string(os.PathSeparator)) +} + +// isExistingDirectory returns true if the path exists and is a directory +func isExistingDirectory(path string) (bool, error) { + destStat, err := os.Stat(path) + switch { + case os.IsNotExist(err): + return false, nil + case err != nil: + return false, err + } + return destStat.IsDir(), nil } diff --git a/components/engine/builder/dockerfile/copy_test.go b/components/engine/builder/dockerfile/copy_test.go new file mode 100644 index 0000000000..aee225b5ff --- /dev/null +++ b/components/engine/builder/dockerfile/copy_test.go @@ -0,0 +1,45 @@ +package dockerfile + +import ( + "testing" + + "github.com/docker/docker/pkg/testutil/tempfile" + "github.com/stretchr/testify/assert" +) + +func TestIsExistingDirectory(t *testing.T) { + tmpfile := tempfile.NewTempFile(t, "file-exists-test", "something") + defer tmpfile.Remove() + tmpdir := tempfile.NewTempDir(t, "dir-exists-test") + defer tmpdir.Remove() + + var testcases = []struct { + doc string + path string + expected bool + }{ + { + doc: "directory exists", + path: tmpdir.Path, + expected: true, + }, + { + doc: "path doesn't exist", + path: "/bogus/path/does/not/exist", + expected: false, + }, + { + doc: "file exists", + path: tmpfile.Name(), + expected: false, + }, + } + + for _, testcase := range testcases { + result, err := isExistingDirectory(testcase.path) + if !assert.NoError(t, err) { + continue + } + assert.Equal(t, testcase.expected, result, testcase.doc) + } +} diff --git a/components/engine/builder/dockerfile/copy_unix.go b/components/engine/builder/dockerfile/copy_unix.go index ecbbd33368..326d95bb39 100644 --- a/components/engine/builder/dockerfile/copy_unix.go +++ b/components/engine/builder/dockerfile/copy_unix.go @@ -1,3 +1,5 @@ +// +build !windows + package dockerfile import ( @@ -7,20 +9,8 @@ import ( "github.com/docker/docker/pkg/idtools" ) -func pathExists(path string) (bool, error) { - _, err := os.Stat(path) - switch { - case err == nil: - return true, nil - case os.IsNotExist(err): - return false, nil - } - return false, err -} - -// TODO: review this func fixPermissions(source, destination string, rootIDs idtools.IDPair) error { - doChownDestination, err := chownDestinationRoot(destination) + skipChownRoot, err := isExistingDirectory(destination) if err != nil { return err } @@ -30,7 +20,7 @@ func fixPermissions(source, destination string, rootIDs idtools.IDPair) error { return filepath.Walk(source, func(fullpath string, info os.FileInfo, err error) error { // Do not alter the walk root iff. it existed before, as it doesn't fall under // the domain of "things we should chown". - if !doChownDestination && (source == fullpath) { + if skipChownRoot && source == fullpath { return nil } @@ -44,21 +34,3 @@ func fixPermissions(source, destination string, rootIDs idtools.IDPair) error { return os.Lchown(fullpath, rootIDs.UID, rootIDs.GID) }) } - -// If the destination didn't already exist, or the destination isn't a -// directory, then we should Lchown the destination. Otherwise, we shouldn't -// Lchown the destination. -func chownDestinationRoot(destination string) (bool, error) { - destExists, err := pathExists(destination) - if err != nil { - return false, err - } - destStat, err := os.Stat(destination) - if err != nil { - // This should *never* be reached, because the destination must've already - // been created while untar-ing the context. - return false, err - } - - return !destExists || !destStat.IsDir(), nil -} diff --git a/components/engine/builder/dockerfile/imagecontext.go b/components/engine/builder/dockerfile/imagecontext.go index 4b47862ce6..2a5b6e2579 100644 --- a/components/engine/builder/dockerfile/imagecontext.go +++ b/components/engine/builder/dockerfile/imagecontext.go @@ -8,7 +8,7 @@ import ( "github.com/docker/docker/api/types/backend" "github.com/docker/docker/builder" "github.com/docker/docker/builder/remotecontext" - "github.com/docker/docker/layer" + dockerimage "github.com/docker/docker/image" "github.com/pkg/errors" "golang.org/x/net/context" ) @@ -92,6 +92,7 @@ type getAndMountFunc func(string) (builder.Image, builder.ReleaseableLayer, erro // all images so they can be unmounted at the end of the build. type imageSources struct { byImageID map[string]*imageMount + withoutID []*imageMount getImage getAndMountFunc cache pathCache // TODO: remove } @@ -121,7 +122,7 @@ func (m *imageSources) Get(idOrRef string) (*imageMount, error) { return nil, err } im := newImageMount(image, layer) - m.byImageID[image.ImageID()] = im + m.Add(im) return im, nil } @@ -132,9 +133,25 @@ func (m *imageSources) Unmount() (retErr error) { retErr = err } } + for _, im := range m.withoutID { + if err := im.unmount(); err != nil { + logrus.Error(err) + retErr = err + } + } return } +func (m *imageSources) Add(im *imageMount) { + switch im.image { + case nil: + im.image = &dockerimage.Image{} + m.withoutID = append(m.withoutID, im) + default: + m.byImageID[im.image.ImageID()] = im + } +} + // imageMount is a reference to an image that can be used as a builder.Source type imageMount struct { image builder.Image @@ -172,6 +189,7 @@ func (im *imageMount) unmount() error { if err := im.layer.Release(); err != nil { return errors.Wrapf(err, "failed to unmount previous build image %s", im.image.ImageID()) } + im.layer = nil return nil } @@ -179,10 +197,10 @@ func (im *imageMount) Image() builder.Image { return im.image } +func (im *imageMount) Layer() builder.ReleaseableLayer { + return im.layer +} + func (im *imageMount) ImageID() string { return im.image.ImageID() } - -func (im *imageMount) DiffID() layer.DiffID { - return im.layer.DiffID() -} diff --git a/components/engine/builder/dockerfile/internals.go b/components/engine/builder/dockerfile/internals.go index 095b6069c4..213e64a52e 100644 --- a/components/engine/builder/dockerfile/internals.go +++ b/components/engine/builder/dockerfile/internals.go @@ -12,7 +12,6 @@ import ( "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/backend" "github.com/docker/docker/api/types/container" - "github.com/docker/docker/builder" "github.com/docker/docker/image" "github.com/docker/docker/pkg/stringid" "github.com/pkg/errors" @@ -65,14 +64,44 @@ func (b *Builder) commitContainer(dispatchState *dispatchState, id string, conta return nil } -func (b *Builder) exportImage(state *dispatchState, image builder.Image) error { - config, err := image.MarshalJSON() +func (b *Builder) exportImage(state *dispatchState, imageMount *imageMount, runConfig *container.Config) error { + newLayer, err := imageMount.Layer().Commit() + if err != nil { + return err + } + + // add an image mount without an image so the layer is properly unmounted + // if there is an error before we can add the full mount with image + b.imageSources.Add(newImageMount(nil, newLayer)) + + parentImage, ok := imageMount.Image().(*image.Image) + if !ok { + return errors.Errorf("unexpected image type") + } + + newImage := image.NewChildImage(parentImage, image.ChildConfig{ + Author: state.maintainer, + ContainerConfig: runConfig, + DiffID: newLayer.DiffID(), + Config: copyRunConfig(state.runConfig), + }) + + // TODO: it seems strange to marshal this here instead of just passing in the + // image struct + config, err := newImage.MarshalJSON() if err != nil { return errors.Wrap(err, "failed to encode image config") } - state.imageID, err = b.docker.CreateImage(config, state.imageID) - return err + exportedImage, err := b.docker.CreateImage(config, state.imageID) + if err != nil { + return errors.Wrapf(err, "failed to export image") + } + + state.imageID = exportedImage.ImageID() + b.imageSources.Add(newImageMount(exportedImage, newLayer)) + b.buildStages.update(state.imageID) + return nil } func (b *Builder) performCopy(state *dispatchState, inst copyInstruction) error { @@ -82,46 +111,46 @@ func (b *Builder) performCopy(state *dispatchState, inst copyInstruction) error runConfigWithCommentCmd := copyRunConfig( state.runConfig, withCmdCommentString(fmt.Sprintf("%s %s in %s ", inst.cmdName, srcHash, inst.dest))) - containerID, err := b.probeAndCreate(state, runConfigWithCommentCmd) - if err != nil || containerID == "" { - return err - } - - // Twiddle the destination when it's a relative path - meaning, make it - // relative to the WORKINGDIR - dest, err := normaliseDest(inst.cmdName, state.runConfig.WorkingDir, inst.dest) - if err != nil { + hit, err := b.probeCache(state, runConfigWithCommentCmd) + if err != nil || hit { return err } imageMount, err := b.imageSources.Get(state.imageID) + if err != nil { + return errors.Wrapf(err, "failed to get destination image %q", state.imageID) + } + destInfo, err := createDestInfo(state.runConfig.WorkingDir, inst, imageMount) if err != nil { return err } - destSource, err := imageMount.Source() - if err != nil { - return errors.Wrapf(err, "failed to mount copy source") - } - destInfo := newCopyInfoFromSource(destSource, dest, "") opts := copyFileOptions{ decompress: inst.allowLocalDecompression, archiver: b.archiver, } for _, info := range inst.infos { - if err := copyFile(destInfo, info, opts); err != nil { - return err + if err := performCopyForInfo(destInfo, info, opts); err != nil { + return errors.Wrapf(err, "failed to copy files") } } + return b.exportImage(state, imageMount, runConfigWithCommentCmd) +} - newImage := imageMount.Image().NewChild(image.ChildConfig{ - Author: state.maintainer, - DiffID: imageMount.DiffID(), - ContainerConfig: runConfigWithCommentCmd, - // TODO: ContainerID? - // TODO: Config? - }) - return b.exportImage(state, newImage) +func createDestInfo(workingDir string, inst copyInstruction, imageMount *imageMount) (copyInfo, error) { + // Twiddle the destination when it's a relative path - meaning, make it + // relative to the WORKINGDIR + dest, err := normaliseDest(workingDir, inst.dest) + if err != nil { + return copyInfo{}, errors.Wrapf(err, "invalid %s", inst.cmdName) + } + + destMount, err := imageMount.Source() + if err != nil { + return copyInfo{}, errors.Wrapf(err, "failed to mount copy source") + } + + return newCopyInfoFromSource(destMount, dest, ""), nil } // For backwards compat, if there's just one info then use it as the diff --git a/components/engine/builder/dockerfile/internals_unix.go b/components/engine/builder/dockerfile/internals_unix.go index 17102cb443..f4784e1cca 100644 --- a/components/engine/builder/dockerfile/internals_unix.go +++ b/components/engine/builder/dockerfile/internals_unix.go @@ -12,7 +12,7 @@ import ( // normaliseDest normalises the destination of a COPY/ADD command in a // platform semantically consistent way. -func normaliseDest(cmdName, workingDir, requested string) (string, error) { +func normaliseDest(workingDir, requested string) (string, error) { dest := filepath.FromSlash(requested) endsInSlash := strings.HasSuffix(requested, string(os.PathSeparator)) if !system.IsAbs(requested) { diff --git a/components/engine/builder/dockerfile/internals_windows.go b/components/engine/builder/dockerfile/internals_windows.go index 81a0386251..bb3285925f 100644 --- a/components/engine/builder/dockerfile/internals_windows.go +++ b/components/engine/builder/dockerfile/internals_windows.go @@ -12,7 +12,7 @@ import ( // normaliseDest normalises the destination of a COPY/ADD command in a // platform semantically consistent way. -func normaliseDest(cmdName, workingDir, requested string) (string, error) { +func normaliseDest(workingDir, requested string) (string, error) { dest := filepath.FromSlash(requested) endsInSlash := strings.HasSuffix(dest, string(os.PathSeparator)) @@ -32,7 +32,7 @@ func normaliseDest(cmdName, workingDir, requested string) (string, error) { // we only want to validate where the DriveColon part has been supplied. if filepath.IsAbs(dest) { if strings.ToUpper(string(dest[0])) != "C" { - return "", fmt.Errorf("Windows does not support %s with a destinations not on the system drive (C:)", cmdName) + return "", fmt.Errorf("Windows does not support destinations not on the system drive (C:)") } dest = dest[2:] // Strip the drive letter } @@ -44,7 +44,7 @@ func normaliseDest(cmdName, workingDir, requested string) (string, error) { } if !system.IsAbs(dest) { if string(workingDir[0]) != "C" { - return "", fmt.Errorf("Windows does not support %s with relative paths when WORKDIR is not the system drive", cmdName) + return "", fmt.Errorf("Windows does not support relative paths when WORKDIR is not the system drive") } dest = filepath.Join(string(os.PathSeparator), workingDir[2:], dest) // Make sure we preserve any trailing slash diff --git a/components/engine/builder/dockerfile/internals_windows_test.go b/components/engine/builder/dockerfile/internals_windows_test.go index 868a6671a3..b4c8d4b3cb 100644 --- a/components/engine/builder/dockerfile/internals_windows_test.go +++ b/components/engine/builder/dockerfile/internals_windows_test.go @@ -2,16 +2,22 @@ package dockerfile -import "testing" +import ( + "fmt" + "testing" + + "github.com/docker/docker/pkg/testutil" + "github.com/stretchr/testify/assert" +) func TestNormaliseDest(t *testing.T) { tests := []struct{ current, requested, expected, etext string }{ - {``, `D:\`, ``, `Windows does not support TEST with a destinations not on the system drive (C:)`}, - {``, `e:/`, ``, `Windows does not support TEST with a destinations not on the system drive (C:)`}, + {``, `D:\`, ``, `Windows does not support destinations not on the system drive (C:)`}, + {``, `e:/`, ``, `Windows does not support destinations not on the system drive (C:)`}, {`invalid`, `./c1`, ``, `Current WorkingDir invalid is not platform consistent`}, {`C:`, ``, ``, `Current WorkingDir C: is not platform consistent`}, {`C`, ``, ``, `Current WorkingDir C is not platform consistent`}, - {`D:\`, `.`, ``, "Windows does not support TEST with relative paths when WORKDIR is not the system drive"}, + {`D:\`, `.`, ``, "Windows does not support relative paths when WORKDIR is not the system drive"}, {``, `D`, `D`, ``}, {``, `./a1`, `.\a1`, ``}, {``, `.\b1`, `.\b1`, ``}, @@ -32,20 +38,16 @@ func TestNormaliseDest(t *testing.T) { {`C:\wdm`, `foo/bar/`, `\wdm\foo\bar\`, ``}, {`C:\wdn`, `foo\bar/`, `\wdn\foo\bar\`, ``}, } - for _, i := range tests { - got, err := normaliseDest("TEST", i.current, i.requested) - if err != nil && i.etext == "" { - t.Fatalf("TestNormaliseDest Got unexpected error %q for %s %s. ", err.Error(), i.current, i.requested) - } - if i.etext != "" && ((err == nil) || (err != nil && err.Error() != i.etext)) { - if err == nil { - t.Fatalf("TestNormaliseDest Expected an error for %s %s but didn't get one", i.current, i.requested) - } else { - t.Fatalf("TestNormaliseDest Wrong error text for %s %s - %s", i.current, i.requested, err.Error()) + for _, testcase := range tests { + msg := fmt.Sprintf("Input: %s, %s", testcase.current, testcase.requested) + actual, err := normaliseDest(testcase.current, testcase.requested) + if testcase.etext == "" { + if !assert.NoError(t, err, msg) { + continue } - } - if i.etext == "" && got != i.expected { - t.Fatalf("TestNormaliseDest Expected %q for %q and %q. Got %q", i.expected, i.current, i.requested, got) + assert.Equal(t, testcase.expected, actual, msg) + } else { + testutil.ErrorContains(t, err, testcase.etext) } } } diff --git a/components/engine/builder/dockerfile/mockbackend_test.go b/components/engine/builder/dockerfile/mockbackend_test.go index cf4c83edd8..876bb91f1b 100644 --- a/components/engine/builder/dockerfile/mockbackend_test.go +++ b/components/engine/builder/dockerfile/mockbackend_test.go @@ -9,9 +9,7 @@ import ( "github.com/docker/docker/api/types/container" "github.com/docker/docker/builder" containerpkg "github.com/docker/docker/container" - "github.com/docker/docker/image" "github.com/docker/docker/layer" - "github.com/docker/docker/pkg/idtools" "golang.org/x/net/context" ) @@ -80,12 +78,8 @@ func (m *MockBackend) MakeImageCache(cacheFrom []string) builder.ImageCache { return nil } -func (m *MockBackend) CreateImage(config []byte, parent string) (string, error) { - return "c411d1d", nil -} - -func (m *MockBackend) IDMappings() *idtools.IDMappings { - return &idtools.IDMappings{} +func (m *MockBackend) CreateImage(config []byte, parent string) (builder.Image, error) { + return nil, nil } type mockImage struct { @@ -106,10 +100,6 @@ func (i *mockImage) MarshalJSON() ([]byte, error) { return json.Marshal(rawImage(*i)) } -func (i *mockImage) NewChild(child image.ChildConfig) *image.Image { - return nil -} - type mockImageCache struct { getCacheFunc func(parentID string, cfg *container.Config) (string, error) } @@ -131,6 +121,10 @@ func (l *mockLayer) Mount() (string, error) { return "mountPath", nil } -func (l *mockLayer) DiffID() layer.DiffID { - return layer.DiffID("abcdef12345") +func (l *mockLayer) Commit() (builder.ReleaseableLayer, error) { + return nil, nil +} + +func (l *mockLayer) DiffID() layer.DiffID { + return layer.DiffID("abcdef") } diff --git a/components/engine/cmd/dockerd/daemon.go b/components/engine/cmd/dockerd/daemon.go index 428a877dc9..d5c411f06d 100644 --- a/components/engine/cmd/dockerd/daemon.go +++ b/components/engine/cmd/dockerd/daemon.go @@ -449,7 +449,7 @@ func initRouter(s *apiserver.Server, d *daemon.Daemon, c *cluster.Cluster) { image.NewRouter(d, decoder), systemrouter.NewRouter(d, c), volume.NewRouter(d), - build.NewRouter(buildbackend.NewBackend(d, d), d), + build.NewRouter(buildbackend.NewBackend(d, d, d.IDMappings()), d), swarmrouter.NewRouter(c), pluginrouter.NewRouter(d.PluginManager()), distributionrouter.NewRouter(d), diff --git a/components/engine/daemon/archive.go b/components/engine/daemon/archive.go index 5db1ef9826..bd00daca53 100644 --- a/components/engine/daemon/archive.go +++ b/components/engine/daemon/archive.go @@ -359,4 +359,4 @@ func (daemon *Daemon) containerCopy(container *container.Container, resource str }) daemon.LogContainerEvent(container, "copy") return reader, nil -} \ No newline at end of file +} diff --git a/components/engine/daemon/build.go b/components/engine/daemon/build.go index 3005ede7d1..3faa2affd4 100644 --- a/components/engine/daemon/build.go +++ b/components/engine/daemon/build.go @@ -1,6 +1,8 @@ package daemon import ( + "io" + "github.com/Sirupsen/logrus" "github.com/docker/distribution/reference" "github.com/docker/docker/api/types" @@ -13,7 +15,6 @@ import ( "github.com/docker/docker/registry" "github.com/pkg/errors" "golang.org/x/net/context" - "io" ) type releaseableLayer struct { @@ -23,12 +24,14 @@ type releaseableLayer struct { } func (rl *releaseableLayer) Mount() (string, error) { - if rl.roLayer == nil { - return "", errors.New("can not mount an image with no root FS") - } var err error + var chainID layer.ChainID + if rl.roLayer != nil { + chainID = rl.roLayer.ChainID() + } + mountID := stringid.GenerateRandomID() - rl.rwLayer, err = rl.layerStore.CreateRWLayer(mountID, rl.roLayer.ChainID(), nil) + rl.rwLayer, err = rl.layerStore.CreateRWLayer(mountID, chainID, nil) if err != nil { return "", errors.Wrap(err, "failed to create rwlayer") } @@ -36,15 +39,41 @@ func (rl *releaseableLayer) Mount() (string, error) { return rl.rwLayer.Mount("") } -func (rl *releaseableLayer) Release() error { - rl.releaseRWLayer() - return rl.releaseROLayer() +func (rl *releaseableLayer) Commit() (builder.ReleaseableLayer, error) { + var chainID layer.ChainID + if rl.roLayer != nil { + chainID = rl.roLayer.ChainID() + } + + stream, err := rl.rwLayer.TarStream() + if err != nil { + return nil, err + } + + newLayer, err := rl.layerStore.Register(stream, chainID) + if err != nil { + return nil, err + } + + if layer.IsEmpty(newLayer.DiffID()) { + _, err := rl.layerStore.Release(newLayer) + return &releaseableLayer{layerStore: rl.layerStore}, err + } + return &releaseableLayer{layerStore: rl.layerStore, roLayer: newLayer}, nil } func (rl *releaseableLayer) DiffID() layer.DiffID { + if rl.roLayer == nil { + return layer.DigestSHA256EmptyTar + } return rl.roLayer.DiffID() } +func (rl *releaseableLayer) Release() error { + rl.releaseRWLayer() + return rl.releaseROLayer() +} + func (rl *releaseableLayer) releaseRWLayer() error { if rl.rwLayer == nil { return nil @@ -67,8 +96,8 @@ func (rl *releaseableLayer) releaseROLayer() error { } func newReleasableLayerForImage(img *image.Image, layerStore layer.Store) (builder.ReleaseableLayer, error) { - if img.RootFS.ChainID() == "" { - return nil, nil + if img == nil || img.RootFS.ChainID() == "" { + return &releaseableLayer{layerStore: layerStore}, nil } // Hold a reference to the image layer so that it can't be removed before // it is released @@ -109,6 +138,11 @@ func (daemon *Daemon) pullForBuilder(ctx context.Context, name string, authConfi // Every call to GetImageAndReleasableLayer MUST call releasableLayer.Release() to prevent // leaking of layers. func (daemon *Daemon) GetImageAndReleasableLayer(ctx context.Context, refOrID string, opts backend.GetImageAndLayerOptions) (builder.Image, builder.ReleaseableLayer, error) { + if refOrID == "" { + layer, err := newReleasableLayerForImage(nil, daemon.layerStore) + return nil, layer, err + } + if !opts.ForcePull { image, _ := daemon.GetImage(refOrID) // TODO: shouldn't we error out if error is different from "not found" ? @@ -129,19 +163,19 @@ func (daemon *Daemon) GetImageAndReleasableLayer(ctx context.Context, refOrID st // CreateImage creates a new image by adding a config and ID to the image store. // This is similar to LoadImage() except that it receives JSON encoded bytes of // an image instead of a tar archive. -func (daemon *Daemon) CreateImage(config []byte, parent string) (string, error) { +func (daemon *Daemon) CreateImage(config []byte, parent string) (builder.Image, error) { id, err := daemon.imageStore.Create(config) if err != nil { - return "", err + return nil, errors.Wrapf(err, "failed to create image") } if parent != "" { if err := daemon.imageStore.SetParent(id, image.ID(parent)); err != nil { - return "", err + return nil, errors.Wrapf(err, "failed to set parent %s", parent) } } - // TODO: do we need any daemon.LogContainerEventWithAttributes? - return id.String(), nil + + return daemon.imageStore.Get(id) } // IDMappings returns uid/gid mappings for the builder diff --git a/components/engine/daemon/commit.go b/components/engine/daemon/commit.go index 8125d28f65..6011628092 100644 --- a/components/engine/daemon/commit.go +++ b/components/engine/daemon/commit.go @@ -188,7 +188,7 @@ func (daemon *Daemon) Commit(name string, c *backend.ContainerCommitConfig) (str Config: newConfig, DiffID: l.DiffID(), } - config, err := json.Marshal(parent.NewChild(cc)) + config, err := json.Marshal(image.NewChildImage(parent, cc)) if err != nil { return "", err } diff --git a/components/engine/image/image.go b/components/engine/image/image.go index 20650a8429..9f892d298a 100644 --- a/components/engine/image/image.go +++ b/components/engine/image/image.go @@ -4,14 +4,14 @@ import ( "encoding/json" "errors" "io" + "runtime" + "strings" "time" "github.com/docker/docker/api/types/container" "github.com/docker/docker/dockerversion" "github.com/docker/docker/layer" "github.com/opencontainers/go-digest" - "runtime" - "strings" ) // ID is the content-addressable ID of an image. @@ -125,10 +125,13 @@ type ChildConfig struct { Config *container.Config } -// NewChild creates a new Image as a child of this image. -func (img *Image) NewChild(child ChildConfig) *Image { +// NewChildImage creates a new Image as a child of this image. +func NewChildImage(img *Image, child ChildConfig) *Image { isEmptyLayer := layer.IsEmpty(child.DiffID) rootFS := img.RootFS + if rootFS == nil { + rootFS = NewRootFS() + } if !isEmptyLayer { rootFS.Append(child.DiffID) } diff --git a/components/engine/image/store.go b/components/engine/image/store.go index 26ae109a06..17a3b7880a 100644 --- a/components/engine/image/store.go +++ b/components/engine/image/store.go @@ -2,7 +2,6 @@ package image import ( "encoding/json" - "errors" "fmt" "sync" @@ -10,6 +9,7 @@ import ( "github.com/docker/distribution/digestset" "github.com/docker/docker/layer" "github.com/opencontainers/go-digest" + "github.com/pkg/errors" ) // Store is an interface for creating and accessing images @@ -147,7 +147,7 @@ func (is *store) Create(config []byte) (ID, error) { if layerID != "" { l, err = is.ls.Get(layerID) if err != nil { - return "", err + return "", errors.Wrapf(err, "failed to get layer %s", layerID) } } diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go index 482de38b6c..b9a5dff789 100644 --- a/components/engine/integration-cli/docker_cli_build_test.go +++ b/components/engine/integration-cli/docker_cli_build_test.go @@ -5870,15 +5870,17 @@ func (s *DockerSuite) TestBuildCopyFromPreviousRootFS(c *check.C) { dockerfile := ` FROM busybox AS first COPY foo bar + FROM busybox - %s - COPY baz baz - RUN echo mno > baz/cc + %s + COPY baz baz + RUN echo mno > baz/cc + FROM busybox - COPY bar / - COPY --from=1 baz sub/ - COPY --from=0 bar baz - COPY --from=first bar bay` + COPY bar / + COPY --from=1 baz sub/ + COPY --from=0 bar baz + COPY --from=first bar bay` ctx := fakecontext.New(c, "", fakecontext.WithDockerfile(fmt.Sprintf(dockerfile, "")), @@ -5892,32 +5894,25 @@ func (s *DockerSuite) TestBuildCopyFromPreviousRootFS(c *check.C) { cli.BuildCmd(c, "build1", build.WithExternalBuildContext(ctx)) - out := cli.DockerCmd(c, "run", "build1", "cat", "bar").Combined() - c.Assert(strings.TrimSpace(out), check.Equals, "def") - out = cli.DockerCmd(c, "run", "build1", "cat", "sub/aa").Combined() - c.Assert(strings.TrimSpace(out), check.Equals, "ghi") - out = cli.DockerCmd(c, "run", "build1", "cat", "sub/cc").Combined() - c.Assert(strings.TrimSpace(out), check.Equals, "mno") - out = cli.DockerCmd(c, "run", "build1", "cat", "baz").Combined() - c.Assert(strings.TrimSpace(out), check.Equals, "abc") - out = cli.DockerCmd(c, "run", "build1", "cat", "bay").Combined() - c.Assert(strings.TrimSpace(out), check.Equals, "abc") + cli.DockerCmd(c, "run", "build1", "cat", "bar").Assert(c, icmd.Expected{Out: "def"}) + cli.DockerCmd(c, "run", "build1", "cat", "sub/aa").Assert(c, icmd.Expected{Out: "ghi"}) + cli.DockerCmd(c, "run", "build1", "cat", "sub/cc").Assert(c, icmd.Expected{Out: "mno"}) + cli.DockerCmd(c, "run", "build1", "cat", "baz").Assert(c, icmd.Expected{Out: "abc"}) + cli.DockerCmd(c, "run", "build1", "cat", "bay").Assert(c, icmd.Expected{Out: "abc"}) result := cli.BuildCmd(c, "build2", build.WithExternalBuildContext(ctx)) // all commands should be cached c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 7) + c.Assert(getIDByName(c, "build1"), checker.Equals, getIDByName(c, "build2")) err := ioutil.WriteFile(filepath.Join(ctx.Dir, "Dockerfile"), []byte(fmt.Sprintf(dockerfile, "COPY baz/aa foo")), 0644) c.Assert(err, checker.IsNil) // changing file in parent block should not affect last block result = cli.BuildCmd(c, "build3", build.WithExternalBuildContext(ctx)) - c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 5) - c.Assert(getIDByName(c, "build1"), checker.Equals, getIDByName(c, "build2")) - err = ioutil.WriteFile(filepath.Join(ctx.Dir, "foo"), []byte("pqr"), 0644) c.Assert(err, checker.IsNil) @@ -5925,10 +5920,8 @@ func (s *DockerSuite) TestBuildCopyFromPreviousRootFS(c *check.C) { result = cli.BuildCmd(c, "build4", build.WithExternalBuildContext(ctx)) c.Assert(strings.Count(result.Combined(), "Using cache"), checker.Equals, 5) - out = cli.DockerCmd(c, "run", "build4", "cat", "bay").Combined() - c.Assert(strings.TrimSpace(out), check.Equals, "pqr") - out = cli.DockerCmd(c, "run", "build4", "cat", "baz").Combined() - c.Assert(strings.TrimSpace(out), check.Equals, "pqr") + cli.DockerCmd(c, "run", "build4", "cat", "bay").Assert(c, icmd.Expected{Out: "pqr"}) + cli.DockerCmd(c, "run", "build4", "cat", "baz").Assert(c, icmd.Expected{Out: "pqr"}) } func (s *DockerSuite) TestBuildCopyFromPreviousRootFSErrors(c *check.C) { diff --git a/components/engine/pkg/testutil/tempfile/tempfile.go b/components/engine/pkg/testutil/tempfile/tempfile.go index b375cb9561..01474babff 100644 --- a/components/engine/pkg/testutil/tempfile/tempfile.go +++ b/components/engine/pkg/testutil/tempfile/tempfile.go @@ -34,3 +34,23 @@ func (f *TempFile) Name() string { func (f *TempFile) Remove() { os.Remove(f.Name()) } + +// TempDir is a temporary directory that can be used with unit tests. TempDir +// reduces the boilerplate setup required in each test case by handling +// setup errors. +type TempDir struct { + Path string +} + +// NewTempDir returns a new temp file with contents +func NewTempDir(t require.TestingT, prefix string) *TempDir { + path, err := ioutil.TempDir("", prefix+"-") + require.NoError(t, err) + + return &TempDir{Path: path} +} + +// Remove removes the file +func (f *TempDir) Remove() { + os.Remove(f.Path) +} From 29886fb9781392cdcb93b37a90419bcd0acb00d9 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Thu, 8 Jun 2017 14:08:49 -0700 Subject: [PATCH 066/191] daemon: Remove daemon datastructure dump functionality When sending SIGUSR1 to the daemon, it can crash because of a concurrent map access panic, showing a stack trace involving dumpDaemon. It appears it's not possible to recover from a concurrent map access panic. Since it's important that SIGUSR1 not be a destructive operation, sadly the best course of action I can think of is to remove this functionality. Signed-off-by: Aaron Lehmann Upstream-commit: a4c68ee8574c9b8a3309ebebee0d90108042ba61 Component: engine --- components/engine/daemon/debugtrap.go | 62 ------------------- components/engine/daemon/debugtrap_unix.go | 6 -- components/engine/daemon/debugtrap_windows.go | 6 -- 3 files changed, 74 deletions(-) delete mode 100644 components/engine/daemon/debugtrap.go diff --git a/components/engine/daemon/debugtrap.go b/components/engine/daemon/debugtrap.go deleted file mode 100644 index 209048b589..0000000000 --- a/components/engine/daemon/debugtrap.go +++ /dev/null @@ -1,62 +0,0 @@ -package daemon - -import ( - "fmt" - "os" - "path/filepath" - "strings" - "time" - - "github.com/davecgh/go-spew/spew" - "github.com/pkg/errors" -) - -const dataStructuresLogNameTemplate = "daemon-data-%s.log" - -// dumpDaemon appends the daemon datastructures into file in dir and returns full path -// to that file. -func (d *Daemon) dumpDaemon(dir string) (string, error) { - // Ensure we recover from a panic as we are doing this without any locking - defer func() { - recover() - }() - - path := filepath.Join(dir, fmt.Sprintf(dataStructuresLogNameTemplate, strings.Replace(time.Now().Format(time.RFC3339), ":", "", -1))) - f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, 0666) - if err != nil { - return "", errors.Wrap(err, "failed to open file to write the daemon datastructure dump") - } - defer f.Close() - - dump := struct { - containers interface{} - names interface{} - links interface{} - execs interface{} - volumes interface{} - images interface{} - layers interface{} - imageReferences interface{} - downloads interface{} - uploads interface{} - registry interface{} - plugins interface{} - }{ - containers: d.containers, - execs: d.execCommands, - volumes: d.volumes, - images: d.imageStore, - layers: d.layerStore, - imageReferences: d.referenceStore, - downloads: d.downloadManager, - uploads: d.uploadManager, - registry: d.RegistryService, - plugins: d.PluginStore, - names: d.nameIndex, - links: d.linkIndex, - } - - spew.Fdump(f, dump) // Does not return an error - f.Sync() - return path, nil -} diff --git a/components/engine/daemon/debugtrap_unix.go b/components/engine/daemon/debugtrap_unix.go index d650eb7f8c..8605d1d2b5 100644 --- a/components/engine/daemon/debugtrap_unix.go +++ b/components/engine/daemon/debugtrap_unix.go @@ -22,12 +22,6 @@ func (d *Daemon) setupDumpStackTrap(root string) { } else { logrus.Infof("goroutine stacks written to %s", path) } - path, err = d.dumpDaemon(root) - if err != nil { - logrus.WithError(err).Error("failed to write daemon datastructure dump") - } else { - logrus.Infof("daemon datastructure dump written to %s", path) - } } }() } diff --git a/components/engine/daemon/debugtrap_windows.go b/components/engine/daemon/debugtrap_windows.go index fb20c9d2c5..d01f7f332d 100644 --- a/components/engine/daemon/debugtrap_windows.go +++ b/components/engine/daemon/debugtrap_windows.go @@ -41,12 +41,6 @@ func (d *Daemon) setupDumpStackTrap(root string) { } else { logrus.Infof("goroutine stacks written to %s", path) } - path, err = d.dumpDaemon(root) - if err != nil { - logrus.WithError(err).Error("failed to write daemon datastructure dump") - } else { - logrus.Infof("daemon datastructure dump written to %s", path) - } } }() } From 944e6f404ad3e852acd55acc44427ac28496882c Mon Sep 17 00:00:00 2001 From: Naveed Jamil Date: Mon, 5 Jun 2017 13:50:15 +0500 Subject: [PATCH 067/191] Increased Unit Test Coverage for PKG/SYSINFO Signed-off-by: Naveed Jamil Upstream-commit: 6181bd7a7cf27bb2695c98708ce6464724a4c33a Component: engine --- .../engine/pkg/sysinfo/sysinfo_linux_test.go | 70 +++++++++++++++---- 1 file changed, 58 insertions(+), 12 deletions(-) diff --git a/components/engine/pkg/sysinfo/sysinfo_linux_test.go b/components/engine/pkg/sysinfo/sysinfo_linux_test.go index d8e204395b..77c54f27c9 100644 --- a/components/engine/pkg/sysinfo/sysinfo_linux_test.go +++ b/components/engine/pkg/sysinfo/sysinfo_linux_test.go @@ -5,20 +5,20 @@ import ( "os" "path" "path/filepath" + "syscall" "testing" + + "github.com/stretchr/testify/require" ) func TestReadProcBool(t *testing.T) { tmpDir, err := ioutil.TempDir("", "test-sysinfo-proc") - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) defer os.RemoveAll(tmpDir) procFile := filepath.Join(tmpDir, "read-proc-bool") - if err := ioutil.WriteFile(procFile, []byte("1"), 0644); err != nil { - t.Fatal(err) - } + err = ioutil.WriteFile(procFile, []byte("1"), 0644) + require.NoError(t, err) if !readProcBool(procFile) { t.Fatal("expected proc bool to be true, got false") @@ -39,20 +39,66 @@ func TestReadProcBool(t *testing.T) { func TestCgroupEnabled(t *testing.T) { cgroupDir, err := ioutil.TempDir("", "cgroup-test") - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) defer os.RemoveAll(cgroupDir) if cgroupEnabled(cgroupDir, "test") { t.Fatal("cgroupEnabled should be false") } - if err := ioutil.WriteFile(path.Join(cgroupDir, "test"), []byte{}, 0644); err != nil { - t.Fatal(err) - } + err = ioutil.WriteFile(path.Join(cgroupDir, "test"), []byte{}, 0644) + require.NoError(t, err) if !cgroupEnabled(cgroupDir, "test") { t.Fatal("cgroupEnabled should be true") } } + +func TestNew(t *testing.T) { + sysInfo := New(false) + require.NotNil(t, sysInfo) + checkSysInfo(t, sysInfo) + + sysInfo = New(true) + require.NotNil(t, sysInfo) + checkSysInfo(t, sysInfo) +} + +func checkSysInfo(t *testing.T, sysInfo *SysInfo) { + // Check if Seccomp is supported, via CONFIG_SECCOMP.then sysInfo.Seccomp must be TRUE , else FALSE + if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_GET_SECCOMP, 0, 0); err != syscall.EINVAL { + // Make sure the kernel has CONFIG_SECCOMP_FILTER. + if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_SECCOMP, SeccompModeFilter, 0); err != syscall.EINVAL { + require.True(t, sysInfo.Seccomp) + } + } else { + require.False(t, sysInfo.Seccomp) + } +} + +func TestNewAppArmorEnabled(t *testing.T) { + // Check if AppArmor is supported. then it must be TRUE , else FALSE + if _, err := os.Stat("/sys/kernel/security/apparmor"); err != nil { + t.Skip("App Armor Must be Enabled") + } + + sysInfo := New(true) + require.True(t, sysInfo.AppArmor) +} + +func TestNewAppArmorDisabled(t *testing.T) { + // Check if AppArmor is supported. then it must be TRUE , else FALSE + if _, err := os.Stat("/sys/kernel/security/apparmor"); !os.IsNotExist(err) { + t.Skip("App Armor Must be Disabled") + } + + sysInfo := New(true) + require.False(t, sysInfo.AppArmor) +} + +func TestNumCPU(t *testing.T) { + cpuNumbers := NumCPU() + if cpuNumbers <= 0 { + t.Fatal("CPU returned must be greater than zero") + } +} From f5bb6cc8981fa0af5ddc880f6077d851fde752dd Mon Sep 17 00:00:00 2001 From: Naveed Jamil Date: Thu, 1 Jun 2017 16:58:10 +0500 Subject: [PATCH 068/191] Added Test Case Coverage for PKG/REEXEC Signed-off-by: Naveed Jamil Upstream-commit: 7e03cebff42717a9a6f04cefdaab931fc152ba51 Component: engine --- components/engine/pkg/reexec/reexec_test.go | 53 +++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 components/engine/pkg/reexec/reexec_test.go diff --git a/components/engine/pkg/reexec/reexec_test.go b/components/engine/pkg/reexec/reexec_test.go new file mode 100644 index 0000000000..39e87a4a27 --- /dev/null +++ b/components/engine/pkg/reexec/reexec_test.go @@ -0,0 +1,53 @@ +package reexec + +import ( + "os" + "os/exec" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func init() { + Register("reexec", func() { + panic("Return Error") + }) + Init() +} + +func TestRegister(t *testing.T) { + defer func() { + if r := recover(); r != nil { + require.Equal(t, `reexec func already registered under name "reexec"`, r) + } + }() + Register("reexec", func() {}) +} + +func TestCommand(t *testing.T) { + cmd := Command("reexec") + w, err := cmd.StdinPipe() + require.NoError(t, err, "Error on pipe creation: %v", err) + defer w.Close() + + err = cmd.Start() + require.NoError(t, err, "Error on re-exec cmd: %v", err) + err = cmd.Wait() + require.EqualError(t, err, "exit status 2") +} + +func TestNaiveSelf(t *testing.T) { + if os.Getenv("TEST_CHECK") == "1" { + os.Exit(2) + } + cmd := exec.Command(naiveSelf(), "-test.run=TestNaiveSelf") + cmd.Env = append(os.Environ(), "TEST_CHECK=1") + err := cmd.Start() + require.NoError(t, err, "Unable to start command") + err = cmd.Wait() + require.EqualError(t, err, "exit status 2") + + os.Args[0] = "mkdir" + assert.NotEqual(t, naiveSelf(), os.Args[0]) +} From 4df261773736ae409b4bfe3f02b15d92d07f7d77 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Wed, 26 Apr 2017 15:08:31 -0700 Subject: [PATCH 069/191] bump to rc2 Signed-off-by: Victor Vieux (cherry picked from commit c57fdb2a14cfba584686ddad909e3006284d10aa) Signed-off-by: Sebastiaan van Stijn Upstream-commit: b4d36e47c3501541dc66b6336e286b8c11cbcec7 Component: engine --- components/engine/CHANGELOG.md | 86 ++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) diff --git a/components/engine/CHANGELOG.md b/components/engine/CHANGELOG.md index 26185624e0..4fd1cf73ac 100644 --- a/components/engine/CHANGELOG.md +++ b/components/engine/CHANGELOG.md @@ -5,6 +5,92 @@ information on the list of deprecated flags and APIs please have a look at https://docs.docker.com/engine/deprecated/ where target removal dates can also be found. +## 17.05.0-ce (2017-05-03) + +### Builder + ++ Add multi-stage build support [#31257](https://github.com/docker/docker/pull/31257) [#32063](https://github.com/docker/docker/pull/32063) ++ Allow using build-time args (`ARG`) in `FROM` [#31352](https://github.com/docker/docker/pull/31352) ++ Add an option for specifying build target [#32496](https://github.com/docker/docker/pull/32496) +* Accept `-f -` to read Dockerfile from `stdin`, but use local context for building [#31236](https://github.com/docker/docker/pull/31236) +* The values of default build time arguments (e.g `HTTP_PROXY`) are no longer displayed in docker image history unless a corresponding `ARG` instruction is written in the Dockerfile. [#31584](https://github.com/docker/docker/pull/31584) +- Fix setting command if a custom shell is used in a parent image [#32236](https://github.com/docker/docker/pull/32236) +- Fix `docker build --label` when the label includes single quotes and a space [#31750](https://github.com/docker/docker/pull/31750) + +### Client + +* Add `--mount` flag to `docker run` and `docker create` [#32251](https://github.com/docker/docker/pull/32251) +* Add `--type=secret` to `docker inspect` [#32124](https://github.com/docker/docker/pull/32124) +* Add `--format` option to `docker secret ls` [#31552](https://github.com/docker/docker/pull/31552) +* Add `--filter` option to `docker secret ls` [#30810](https://github.com/docker/docker/pull/30810) +* Add `--filter scope=` to `docker network ls` [#31529](https://github.com/docker/docker/pull/31529) +* Add `--cpus` support to `docker update` [#31148](https://github.com/docker/docker/pull/31148) +* Add label filter to `docker system prune` and other `prune` commands [#30740](https://github.com/docker/docker/pull/30740) +* `docker stack rm` now accepts multiple stacks as input [#32110](https://github.com/docker/docker/pull/32110) +* Improve `docker version --format` option when the client has downgraded the API version [#31022](https://github.com/docker/docker/pull/31022) +* Prompt when using an encrypted client certificate to connect to a docker daemon [#31364](https://github.com/docker/docker/pull/31364) +* Display created tags on successful `docker build` [#32077](https://github.com/docker/docker/pull/32077) +* Cleanup compose convert error messages [#32087](https://github.com/moby/moby/pull/32087) + +### Contrib + ++ Add support for building docker debs for Ubuntu 17.04 Zesty on amd64 [#32435](https://github.com/docker/docker/pull/32435) + +### Daemon + +- Fix `--api-cors-header` being ignored if `--api-enable-cors` is not set [#32174](https://github.com/docker/docker/pull/32174) +- Cleanup docker tmp dir on start [#31741](https://github.com/docker/docker/pull/31741) +- Deprecate `--graph` flag in favor or `--data-root` [#28696](https://github.com/docker/docker/pull/28696) + +### Logging + ++ Add support for logging driver plugins [#28403](https://github.com/docker/docker/pull/28403) +* Add support for showing logs of individual tasks to `docker service logs`, and add `/task/{id}/logs` REST endpoint [#32015](https://github.com/docker/docker/pull/32015) +* Add `--log-opt env-regex` option to match environment variables using a regular expression [#27565](https://github.com/docker/docker/pull/27565) + +### Networking + ++ Allow user to replace, and customize the ingress network [#31714](https://github.com/docker/docker/pull/31714) +- Fix UDP traffic in containers not working after the container is restarted [#32505](https://github.com/docker/docker/pull/32505) +- Fix files being written to `/var/lib/docker` if a different data-root is set [#32505](https://github.com/docker/docker/pull/32505) + +### Runtime + +- Ensure health probe is stopped when a container exits [#32274](https://github.com/docker/docker/pull/32274) + +### Swarm Mode + ++ Add update/rollback order for services (`--update-order` / `--rollback-order`) [#30261](https://github.com/docker/docker/pull/30261) ++ Add support for synchronous `service create` and `service update` [#31144](https://github.com/docker/docker/pull/31144) ++ Add support for "grace periods" on healthchecks through the `HEALTHCHECK --start-period` and `--health-start-period` flag to + `docker service create`, `docker service update`, `docker create`, and `docker run` to support containers with an initial startup + time [#28938](https://github.com/docker/docker/pull/28938) +* `docker service create` now omits fields that are not specified by the user, when possible. This will allow defaults to be applied inside the manager [#32284](https://github.com/docker/docker/pull/32284) +* `docker service inspect` now shows default values for fields that are not specified by the user [#32284](https://github.com/docker/docker/pull/32284) +* Move `docker service logs` out of experimental [#32462](https://github.com/docker/docker/pull/32462) +* Add support for Credential Spec and SELinux to services to the API [#32339](https://github.com/docker/docker/pull/32339) +* Add `--entrypoint` flag to `docker service create` and `docker service update` [#29228](https://github.com/docker/docker/pull/29228) +* Add `--network-add` and `--network-rm` to `docker service update` [#32062](https://github.com/docker/docker/pull/32062) +* Add `--credential-spec` flag to `docker service create` and `docker service update` [#32339](https://github.com/docker/docker/pull/32339) +* Add `--filter mode=` to `docker service ls` [#31538](https://github.com/docker/docker/pull/31538) +* Resolve network IDs on the client side, instead of in the daemon when creating services [#32062](https://github.com/docker/docker/pull/32062) +* Add `--format` option to `docker node ls` [#30424](https://github.com/docker/docker/pull/30424) +* Add `--prune` option to `docker stack deploy` to remove services that are no longer defined in the docker-compose file [#31302](https://github.com/docker/docker/pull/31302) +* Add `PORTS` column for `docker service ls` when using `ingress` mode [#30813](https://github.com/docker/docker/pull/30813) +- Fix unnescessary re-deploying of tasks when environment-variables are used [#32364](https://github.com/docker/docker/pull/32364) +- Fix `docker stack deploy` not supporting `endpoint_mode` when deploying from a docker compose file [#32333](https://github.com/docker/docker/pull/32333) +- Proceed with startup if cluster component cannot be created to allow recovering from a broken swarm setup [#31631](https://github.com/docker/docker/pull/31631) + +### Security + +* Allow setting SELinux type or MCS labels when using `--ipc=container:` or `--ipc=host` [#30652](https://github.com/docker/docker/pull/30652) + + +### Deprecation + +- Deprecate `--api-enable-cors` daemon flag. This flag was marked deprecated in Docker 1.6.0 but not listed in deprecated features [#32352](https://github.com/docker/docker/pull/32352) +- Remove Ubuntu 12.04 (Precise Pangolin) as supported platform. Ubuntu 12.04 is EOL, and no longer receives updates [#32520](https://github.com/docker/docker/pull/32520) + ## 17.04.0-ce (2017-04-05) ### Builder From 14c90f7c2ae598d0e9e369a4f2e94f607b6d5883 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Thu, 4 May 2017 13:25:03 -0700 Subject: [PATCH 070/191] bump to GA Signed-off-by: Victor Vieux (cherry picked from commit 89658bed64c2a8fe05a978e5b87dbec409d57a0f) Signed-off-by: Sebastiaan van Stijn Upstream-commit: d94f281d78e85f4c7de6b8347ab95d0afd5b8a8d Component: engine --- components/engine/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/CHANGELOG.md b/components/engine/CHANGELOG.md index 4fd1cf73ac..18668ce549 100644 --- a/components/engine/CHANGELOG.md +++ b/components/engine/CHANGELOG.md @@ -5,7 +5,7 @@ information on the list of deprecated flags and APIs please have a look at https://docs.docker.com/engine/deprecated/ where target removal dates can also be found. -## 17.05.0-ce (2017-05-03) +## 17.05.0-ce (2017-05-04) ### Builder From a4b1e4c35bcbfeb527f1f2ec026ef7e519cb6ba7 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Mon, 5 Dec 2016 13:46:20 -0800 Subject: [PATCH 071/191] Merge pull request #29083 from cpuguy83/fix_volume_rm_metadata [1.12.x] Fix issue where volume metadata was not removed (cherry picked from commit 7613b23a583dba87f18005076ecbc84b408ebc5c) Signed-off-by: Sebastiaan van Stijn Conflicts: volume/store/store.go volume/store/store_test.go Upstream-commit: 9ffbc8b8144917deed71a35d2f044f6e674c66f5 Component: engine --- components/engine/volume/store/store_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/volume/store/store_test.go b/components/engine/volume/store/store_test.go index c94237ac33..f5f00255a1 100644 --- a/components/engine/volume/store/store_test.go +++ b/components/engine/volume/store/store_test.go @@ -212,7 +212,7 @@ func TestDerefMultipleOfSameRef(t *testing.T) { if err != nil { t.Fatal(err) } - + defer os.RemoveAll(dir) s, err := New(dir) if err != nil { t.Fatal(err) From 758ca586cf5d8cd25e49a1b343ad32c2c8e02af0 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Wed, 14 Dec 2016 15:28:58 -0800 Subject: [PATCH 072/191] Merge pull request #29418 from aboch/p66 [1.13.x] Fix buildIpamResources() (cherry picked from commit 4d2be03b68dd54d8f2307e8b4178ad8ed8d5d343) Signed-off-by: Sebastiaan van Stijn Upstream-commit: 27498a3c60018ea2880a18beec65710fd27971a7 Component: engine --- components/engine/api/server/router/network/network_routes.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/components/engine/api/server/router/network/network_routes.go b/components/engine/api/server/router/network/network_routes.go index 05faffddb1..bff3561523 100644 --- a/components/engine/api/server/router/network/network_routes.go +++ b/components/engine/api/server/router/network/network_routes.go @@ -410,6 +410,9 @@ func buildIpamResources(r *types.NetworkResource, nwInfo libnetwork.NetworkInfo) if !hasIpv6Conf { for _, ip6Info := range ipv6Info { + if ip6Info.IPAMData.Pool == nil { + continue + } iData := network.IPAMConfig{} iData.Subnet = ip6Info.IPAMData.Pool.String() iData.Gateway = ip6Info.IPAMData.Gateway.String() From 6df95bba9306897644298d89d302ae8ca65dd0d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?T=C3=B5nis=20Tiigi?= Date: Thu, 20 Apr 2017 20:11:26 -0700 Subject: [PATCH 073/191] Merge pull request #32684 from scjane/patch-3 Update builder.md (cherry picked from commit 831066337743fc29ff122fce51afe44b8b3b3ba9) Signed-off-by: Sebastiaan van Stijn Upstream-commit: bc66821abbcf50c721ce9b8f52b339fda102d389 Component: engine --- components/engine/docs/reference/builder.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/engine/docs/reference/builder.md b/components/engine/docs/reference/builder.md index 2571511b64..502e41dfbb 100644 --- a/components/engine/docs/reference/builder.md +++ b/components/engine/docs/reference/builder.md @@ -94,8 +94,8 @@ instructions. Whenever possible, Docker will re-use the intermediate images (cache), to accelerate the `docker build` process significantly. This is indicated by the `Using cache` message in the console output. -(For more information, see the [Build cache section](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#/build-cache)) in the -`Dockerfile` best practices guide: +(For more information, see the [Build cache section](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#build-cache) in the +`Dockerfile` best practices guide): $ docker build -t svendowideit/ambassador . Sending build context to Docker daemon 15.36 kB From c377be45992e292f5c21831c25ca1b870cf3c4ac Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Wed, 26 Apr 2017 15:30:09 +0200 Subject: [PATCH 074/191] Merge pull request #32724 from PatrickLang/patricklang-win-memory Adding more on -m and --memory (cherry picked from commit c3fbca106552f2dadcb89510ff87945b50f36419) Signed-off-by: Sebastiaan van Stijn Upstream-commit: b4047a849bd3018f8a8eabf34613a4fca57f818e Component: engine --- .../engine/docs/reference/commandline/run.md | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/components/engine/docs/reference/commandline/run.md b/components/engine/docs/reference/commandline/run.md index ecb676dc20..2216319415 100644 --- a/components/engine/docs/reference/commandline/run.md +++ b/components/engine/docs/reference/commandline/run.md @@ -745,6 +745,41 @@ PS C:\> docker run -d --isolation default microsoft/nanoserver powershell echo h PS C:\> docker run -d --isolation hyperv microsoft/nanoserver powershell echo hyperv ``` +### Specify hard limits on memory available to containers (-m, --memory) + +These parameters always set an upper limit on the memory available to the container. On Linux, this +is set on the cgroup and applications in a container can query it at `/sys/fs/cgroup/memory/memory.limit_in_bytes`. + +On Windows, this will affect containers differently depending on what type of isolation is used. + +- With `process` isolation, Windows will report the full memory of the host system, not the limit to applications running inside the container + ```powershell + docker run -it -m 2GB --isolation=process microsoft/nanoserver powershell Get-ComputerInfo *memory* + + CsTotalPhysicalMemory : 17064509440 + CsPhyicallyInstalledMemory : 16777216 + OsTotalVisibleMemorySize : 16664560 + OsFreePhysicalMemory : 14646720 + OsTotalVirtualMemorySize : 19154928 + OsFreeVirtualMemory : 17197440 + OsInUseVirtualMemory : 1957488 + OsMaxProcessMemorySize : 137438953344 + ``` +- With `hyperv` isolation, Windows will create a utility VM that is big enough to hold the memory limit, plus the minimal OS needed to host the container. That size is reported as "Total Physical Memory." + ```powershell + docker run -it -m 2GB --isolation=hyperv microsoft/nanoserver powershell Get-ComputerInfo *memory* + + CsTotalPhysicalMemory : 2683355136 + CsPhyicallyInstalledMemory : + OsTotalVisibleMemorySize : 2620464 + OsFreePhysicalMemory : 2306552 + OsTotalVirtualMemorySize : 2620464 + OsFreeVirtualMemory : 2356692 + OsInUseVirtualMemory : 263772 + OsMaxProcessMemorySize : 137438953344 + ``` + + ### Configure namespaced kernel parameters (sysctls) at runtime The `--sysctl` sets namespaced kernel parameters (sysctls) in the From aa4ab28f5ce3f5c152deb24f3c9a97d0c079ea4e Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 25 Apr 2017 10:18:16 -0700 Subject: [PATCH 075/191] Merge pull request #32735 from bhavin192/patch-1 Add note about host-dir in VOLUME (cherry picked from commit f2fff9d913a8ab0436dd56033189a7c3713a59a2) Signed-off-by: Sebastiaan van Stijn Upstream-commit: 8fd6547fc3eb67e7efa7efb007ae6a4494cd2bb3 Component: engine --- components/engine/docs/reference/builder.md | 30 ++++++++++++++------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/components/engine/docs/reference/builder.md b/components/engine/docs/reference/builder.md index 502e41dfbb..f8ef9cf56b 100644 --- a/components/engine/docs/reference/builder.md +++ b/components/engine/docs/reference/builder.md @@ -1281,18 +1281,28 @@ This Dockerfile results in an image that causes `docker run`, to create a new mount point at `/myvol` and copy the `greeting` file into the newly created volume. -> **Note**: -> When using Windows-based containers, the destination of a volume inside the -> container must be one of: a non-existing or empty directory; or a drive other -> than C:. +### Notes about specifying volumes -> **Note**: -> If any build steps change the data within the volume after it has been -> declared, those changes will be discarded. +Keep the following things in mind about volumes in the `Dockerfile`. -> **Note**: -> The list is parsed as a JSON array, which means that -> you must use double-quotes (") around words not single-quotes ('). +- **Volumes on Windows-based containers**: When using Windows-based containers, + the destination of a volume inside the container must be one of: + + - a non-existing or empty directory + - a drive other than `C:` + +- **Changing the volume from within the Dockerfile**: If any build steps change the + data within the volume after it has been declared, those changes will be discarded. + +- **JSON formatting**: The list is parsed as a JSON array. + You must enclose words with double quotes (`"`)rather than single quotes (`'`). + +- **The host directory is declared at container run-time**: The host directory + (the mountpoint) is, by its nature, host-dependent. This is to preserve image + portability. since a given host directory can't be guaranteed to be available + on all hosts.For this reason, you can't mount a host directory from + within the Dockerfile. The `VOLUME` instruction does not support specifying a `host-dir` + parameter. You must specify the mountpoint when you create or run the container. ## USER From 25d0a85dce58456d6b91475e8d78601fa5a8b7ac Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Mon, 24 Apr 2017 08:53:30 -0400 Subject: [PATCH 076/191] Merge pull request #32791 from djalal/patch-1 fix typo (cherry picked from commit 32a52716b964373b4ac464052e73ea5da79856c6) Signed-off-by: Sebastiaan van Stijn Upstream-commit: fcbd93f52032593cc71b298c00a46fd354356650 Component: engine --- components/engine/docs/reference/commandline/node_ls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/docs/reference/commandline/node_ls.md b/components/engine/docs/reference/commandline/node_ls.md index 224642c2e5..2f9c2becdf 100644 --- a/components/engine/docs/reference/commandline/node_ls.md +++ b/components/engine/docs/reference/commandline/node_ls.md @@ -89,7 +89,7 @@ ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active ``` -#### membersip +#### membership The `membership` filter matches nodes based on the presence of a `membership` and a value `accepted` or `pending`. From 74c45938b062dba2fa3d73db80b3f89200ad5af1 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Fri, 28 Apr 2017 18:39:52 -0400 Subject: [PATCH 077/191] Merge pull request #32804 from bbodenmiller/patch-1 remove extra word (cherry picked from commit 9db03bd8cdad3c8804105cb5794ebad5e728f48f) Signed-off-by: Sebastiaan van Stijn Upstream-commit: 3eaec0071c3ce1b7201e37859afe5bcb78d4f215 Component: engine --- components/engine/docs/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/docs/reference/run.md b/components/engine/docs/reference/run.md index b209343b58..817c20c969 100644 --- a/components/engine/docs/reference/run.md +++ b/components/engine/docs/reference/run.md @@ -1123,7 +1123,7 @@ by default a container is not allowed to access any devices, but a the documentation on [cgroups devices](https://www.kernel.org/doc/Documentation/cgroup-v1/devices.txt)). When the operator executes `docker run --privileged`, Docker will enable -to access to all devices on the host as well as set some configuration +access to all devices on the host as well as set some configuration in AppArmor or SELinux to allow the container nearly all the same access to the host as processes running outside containers on the host. Additional information about running with `--privileged` is available on the From 9d1aaaa2978bec0c44f0af9a585479443ec31615 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 8 Jun 2017 01:09:45 +0200 Subject: [PATCH 078/191] Merge pull request #33572 from hsluoyz/patch-1 Add Casbin plugin to the list of Authorization plugins in docs. (cherry picked from commit 220831d541bfe9bf566c1038773198d431560dd3) Signed-off-by: Sebastiaan van Stijn Upstream-commit: 0ad3e3294e74f443130b5e1fb1ef6b31f4f92366 Component: engine --- components/engine/docs/extend/legacy_plugins.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/components/engine/docs/extend/legacy_plugins.md b/components/engine/docs/extend/legacy_plugins.md index 68bba59f46..dc77743b86 100644 --- a/components/engine/docs/extend/legacy_plugins.md +++ b/components/engine/docs/extend/legacy_plugins.md @@ -87,8 +87,9 @@ Plugin Plugin | Description ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ - [Twistlock AuthZ Broker](https://github.com/twistlock/authz) | A basic extendable authorization plugin that runs directly on the host or inside a container. This plugin allows you to define user policies that it evaluates during authorization. Basic authorization is provided if Docker daemon is started with the --tlsverify flag (username is extracted from the certificate common name). - [HBM plugin](https://github.com/kassisol/hbm) | An authorization plugin that prevents from executing commands with certains parameters. +[Casbin AuthZ Plugin](https://github.com/casbin/casbin-authz-plugin) | An authorization plugin based on [Casbin](https://github.com/casbin/casbin), which supports access control models like ACL, RBAC, ABAC. The access control model can be customized. The policy can be persisted into file or DB. +[HBM plugin](https://github.com/kassisol/hbm) | An authorization plugin that prevents from executing commands with certains parameters. +[Twistlock AuthZ Broker](https://github.com/twistlock/authz) | A basic extendable authorization plugin that runs directly on the host or inside a container. This plugin allows you to define user policies that it evaluates during authorization. Basic authorization is provided if Docker daemon is started with the --tlsverify flag (username is extracted from the certificate common name). ## Troubleshooting a plugin From aed3533620d6dc0241d13f6463d6ba6d05655f99 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 9 Jun 2017 14:39:55 +0200 Subject: [PATCH 079/191] Bump API version With the Moby/Docker split, no decisions have been made yet how, and when to bump the API version. Although these decisions should not be lead by Docker releases, I'm bumping the API version to not complicate things for now; after this bump we should make a plan how to handle this in future (for example, using SemVer for the REST api, and bump with every change). Signed-off-by: Sebastiaan van Stijn Upstream-commit: 7839ff2244a7fcbac0882b1426bbd2c5477c1abe Component: engine --- components/engine/api/common.go | 2 +- components/engine/api/swagger.yaml | 7 ++++--- components/engine/docs/api/version-history.md | 13 +++++++++---- .../engine/hack/make/.integration-daemon-start | 4 ++++ 4 files changed, 18 insertions(+), 8 deletions(-) diff --git a/components/engine/api/common.go b/components/engine/api/common.go index 9df6255c08..142b76966c 100644 --- a/components/engine/api/common.go +++ b/components/engine/api/common.go @@ -21,7 +21,7 @@ import ( // Common constants for daemon and client. const ( // DefaultVersion of Current REST API - DefaultVersion string = "1.30" + DefaultVersion string = "1.31" // NoBaseImageSpecifier is the symbol used by the FROM // command to specify that no base image is to be used. diff --git a/components/engine/api/swagger.yaml b/components/engine/api/swagger.yaml index fc9ecd39bc..ff9486f303 100644 --- a/components/engine/api/swagger.yaml +++ b/components/engine/api/swagger.yaml @@ -19,10 +19,10 @@ produces: consumes: - "application/json" - "text/plain" -basePath: "/v1.30" +basePath: "/v1.31" info: title: "Docker Engine API" - version: "1.30" + version: "1.31" x-logo: url: "https://docs.docker.com/images/logo-docker-main.png" description: | @@ -52,10 +52,11 @@ info: The API uses an open schema model, which means server may add extra properties to responses. Likewise, the server will ignore any extra query parameters and request body properties. When you write clients, you need to ignore additional properties in responses to ensure they do not break when talking to newer Docker daemons. - This documentation is for version 1.30 of the API, which was introduced with Docker 17.06. Use this table to find documentation for previous versions of the API: + This documentation is for version 1.31 of the API. Use this table to find documentation for previous versions of the API: Docker version | API version | Changes ----------------|-------------|--------- + 17.06.x | [1.30](https://docs.docker.com/engine/api/v1.30/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-30-api-changes) 17.05.x | [1.29](https://docs.docker.com/engine/api/v1.29/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-29-api-changes) 17.04.x | [1.28](https://docs.docker.com/engine/api/v1.28/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-28-api-changes) 17.03.1 | [1.27](https://docs.docker.com/engine/api/v1.27/) | [API changes](https://docs.docker.com/engine/api/version-history/#v1-27-api-changes) diff --git a/components/engine/docs/api/version-history.md b/components/engine/docs/api/version-history.md index d909a92c18..41f53a6041 100644 --- a/components/engine/docs/api/version-history.md +++ b/components/engine/docs/api/version-history.md @@ -13,6 +13,15 @@ keywords: "API, Docker, rcli, REST, documentation" will be rejected. --> +## v1.31 API changes + +[Docker Engine API v1.31](https://docs.docker.com/engine/api/v1.31/) documentation + +* `DELETE /secrets/(name)` now returns status code 404 instead of 500 when the secret does not exist. +* `POST /secrets/create` now returns status code 409 instead of 500 when creating an already existing secret. +* `POST /secrets/(name)/update` now returns status code 400 instead of 500 when updating a secret's content which is not the labels. +* `POST /nodes/(name)/update` now returns status code 400 instead of 500 when demoting last node fails. + ## v1.30 API changes [Docker Engine API v1.30](https://docs.docker.com/engine/api/v1.30/) documentation @@ -29,10 +38,6 @@ keywords: "API, Docker, rcli, REST, documentation" generate and rotate to a new CA certificate/key pair. * `POST /service/create` and `POST /services/(id or name)/update` now take the field `Platforms` as part of the service `Placement`, allowing to specify platforms supported by the service. * `POST /containers/(name)/wait` now accepts a `condition` query parameter to indicate which state change condition to wait for. Also, response headers are now returned immediately to acknowledge that the server has registered a wait callback for the client. -* `DELETE /secrets/(name)` now returns status code 404 instead of 500 when the secret does not exist. -* `POST /secrets/create` now returns status code 409 instead of 500 when creating an already existing secret. -* `POST /secrets/(name)/update` now returns status code 400 instead of 500 when updating a secret's content which is not the labels. -* `POST /nodes/(name)/update` now returns status code 400 instead of 500 when demoting last node fails. ## v1.29 API changes diff --git a/components/engine/hack/make/.integration-daemon-start b/components/engine/hack/make/.integration-daemon-start index c6f9ce8cc5..dafd0533d9 100644 --- a/components/engine/hack/make/.integration-daemon-start +++ b/components/engine/hack/make/.integration-daemon-start @@ -6,6 +6,10 @@ base="$ABS_DEST/.." export PATH="$base/binary-daemon:$base/dynbinary-daemon:$PATH" export TEST_CLIENT_BINARY=docker + +# Do not bump this version! Integration tests should no longer rely on the docker cli, they should be +# API tests instead. For the existing tests the scripts will use a frozen version of the docker cli +# with a DOCKER_API_VERSION frozen to 1.30, which should ensure that the CI remains green at all times. export DOCKER_API_VERSION=1.30 if [ -n "$DOCKER_CLI_PATH" ]; then export TEST_CLIENT_BINARY=/usr/local/cli/$(basename "$DOCKER_CLI_PATH") From 83a1ff66bdbea09ca5b450203908e545223eca15 Mon Sep 17 00:00:00 2001 From: Alfred Landrum Date: Wed, 3 May 2017 14:58:45 -0700 Subject: [PATCH 080/191] Suggest login on pull denial Signed-off-by: Alfred Landrum Upstream-commit: 8d9f51ea55c8c9373d20bcc7561ca34c59aaf8c2 Component: engine --- components/engine/api/server/httputils/errors.go | 1 + components/engine/distribution/errors.go | 2 +- components/engine/integration-cli/docker_cli_pull_test.go | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/components/engine/api/server/httputils/errors.go b/components/engine/api/server/httputils/errors.go index 6b1c50411e..82da21c2a0 100644 --- a/components/engine/api/server/httputils/errors.go +++ b/components/engine/api/server/httputils/errors.go @@ -73,6 +73,7 @@ func GetHTTPErrorStatusCode(err error) int { {"this node", http.StatusServiceUnavailable}, {"needs to be unlocked", http.StatusServiceUnavailable}, {"certificates have expired", http.StatusServiceUnavailable}, + {"repository does not exist", http.StatusNotFound}, } { if strings.Contains(errStr, status.keyword) { statusCode = status.code diff --git a/components/engine/distribution/errors.go b/components/engine/distribution/errors.go index adf272a5cf..7f97c1d5eb 100644 --- a/components/engine/distribution/errors.go +++ b/components/engine/distribution/errors.go @@ -78,7 +78,7 @@ func TranslatePullError(err error, ref reference.Named) error { switch v.Code { case errcode.ErrorCodeDenied: // ErrorCodeDenied is used when access to the repository was denied - newErr = errors.Errorf("repository %s not found: does not exist or no pull access", reference.FamiliarName(ref)) + newErr = errors.Errorf("pull access denied for %s, repository does not exist or may require 'docker login'", reference.FamiliarName(ref)) case v2.ErrorCodeManifestUnknown: newErr = errors.Errorf("manifest for %s not found", reference.FamiliarString(ref)) case v2.ErrorCodeNameUnknown: diff --git a/components/engine/integration-cli/docker_cli_pull_test.go b/components/engine/integration-cli/docker_cli_pull_test.go index 0b1be6cd97..9bf902d89c 100644 --- a/components/engine/integration-cli/docker_cli_pull_test.go +++ b/components/engine/integration-cli/docker_cli_pull_test.go @@ -98,11 +98,11 @@ func (s *DockerHubPullSuite) TestPullNonExistingImage(c *check.C) { for record := range recordChan { if len(record.option) == 0 { c.Assert(record.err, checker.NotNil, check.Commentf("expected non-zero exit status when pulling non-existing image: %s", record.out)) - c.Assert(record.out, checker.Contains, fmt.Sprintf("repository %s not found: does not exist or no pull access", record.e.repo), check.Commentf("expected image not found error messages")) + c.Assert(record.out, checker.Contains, fmt.Sprintf("pull access denied for %s, repository does not exist or may require 'docker login'", record.e.repo), check.Commentf("expected image not found error messages")) } else { // pull -a on a nonexistent registry should fall back as well c.Assert(record.err, checker.NotNil, check.Commentf("expected non-zero exit status when pulling non-existing image: %s", record.out)) - c.Assert(record.out, checker.Contains, fmt.Sprintf("repository %s not found", record.e.repo), check.Commentf("expected image not found error messages")) + c.Assert(record.out, checker.Contains, fmt.Sprintf("pull access denied for %s, repository does not exist or may require 'docker login'", record.e.repo), check.Commentf("expected image not found error messages")) c.Assert(record.out, checker.Not(checker.Contains), "unauthorized", check.Commentf(`message should not contain "unauthorized"`)) } } From 0aad6bdefbc288760f24d03a1216aeac2ab37037 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Fri, 9 Jun 2017 18:25:05 -0400 Subject: [PATCH 081/191] Do not calculate size for local volumes with mount Local volumes support mount options which, when in use, can mount external file systems. We don't really need to enumerate these external filesystems which may be a very slow process. Signed-off-by: Brian Goff Upstream-commit: 0822d903642e02c44b086e6856a30f80887412ee Component: engine --- components/engine/daemon/disk_usage.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/components/engine/daemon/disk_usage.go b/components/engine/daemon/disk_usage.go index 83de00ab2e..fb15c3c373 100644 --- a/components/engine/daemon/disk_usage.go +++ b/components/engine/daemon/disk_usage.go @@ -65,6 +65,13 @@ func (daemon *Daemon) SystemDiskUsage(ctx context.Context) (*types.DiskUsage, er case <-ctx.Done(): return ctx.Err() default: + if d, ok := v.(volume.DetailedVolume); ok { + // skip local volumes with mount options since these could have external + // mounted filesystems that will be slow to enumerate. + if len(d.Options()) > 0 { + return nil + } + } name := v.Name() refs := daemon.volumes.Refs(v) From 1674838b6ad6f5a5962c87838778643049e13bce Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 7 Jun 2017 18:09:07 +0200 Subject: [PATCH 082/191] Add API version checks to client The Docker CLI already performs version-checks when running commands, but other clients consuming the API client may not do so. This patch adds a version check to various client functions. Signed-off-by: Sebastiaan van Stijn Upstream-commit: 1401342f466bafbb902157a2460746ac829e0b01 Component: engine --- components/engine/client/config_create.go | 3 +++ .../engine/client/config_create_test.go | 16 ++++++++++++++-- components/engine/client/config_inspect.go | 3 +++ .../engine/client/config_inspect_test.go | 19 ++++++++++++++++--- components/engine/client/config_list.go | 3 +++ components/engine/client/config_list_test.go | 16 ++++++++++++++-- components/engine/client/config_remove.go | 3 +++ .../engine/client/config_remove_test.go | 16 ++++++++++++++-- components/engine/client/config_update.go | 3 +++ .../engine/client/config_update_test.go | 19 +++++++++++++++---- .../engine/client/distribution_inspect.go | 8 ++++++-- .../client/distribution_inspect_test.go | 18 ++++++++++++++++++ components/engine/client/plugin_upgrade.go | 3 +++ components/engine/client/secret_create.go | 3 +++ .../engine/client/secret_create_test.go | 16 ++++++++++++++-- components/engine/client/secret_inspect.go | 3 +++ .../engine/client/secret_inspect_test.go | 19 ++++++++++++++++--- components/engine/client/secret_list.go | 3 +++ components/engine/client/secret_list_test.go | 16 ++++++++++++++-- components/engine/client/secret_remove.go | 3 +++ .../engine/client/secret_remove_test.go | 16 ++++++++++++++-- components/engine/client/secret_update.go | 3 +++ .../engine/client/secret_update_test.go | 19 +++++++++++++++---- .../engine/client/service_create_test.go | 12 +++++++----- 24 files changed, 210 insertions(+), 33 deletions(-) create mode 100644 components/engine/client/distribution_inspect_test.go diff --git a/components/engine/client/config_create.go b/components/engine/client/config_create.go index 7ddeaf4b43..bc4a952b2f 100644 --- a/components/engine/client/config_create.go +++ b/components/engine/client/config_create.go @@ -11,6 +11,9 @@ import ( // ConfigCreate creates a new Config. func (cli *Client) ConfigCreate(ctx context.Context, config swarm.ConfigSpec) (types.ConfigCreateResponse, error) { var response types.ConfigCreateResponse + if err := cli.NewVersionError("1.30", "config create"); err != nil { + return response, err + } resp, err := cli.post(ctx, "/configs/create", nil, config, nil) if err != nil { return response, err diff --git a/components/engine/client/config_create_test.go b/components/engine/client/config_create_test.go index accc554133..000eaf1cba 100644 --- a/components/engine/client/config_create_test.go +++ b/components/engine/client/config_create_test.go @@ -11,12 +11,23 @@ import ( "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/swarm" + "github.com/stretchr/testify/assert" "golang.org/x/net/context" ) +func TestConfigCreateUnsupported(t *testing.T) { + client := &Client{ + version: "1.29", + client: &http.Client{}, + } + _, err := client.ConfigCreate(context.Background(), swarm.ConfigSpec{}) + assert.EqualError(t, err, `"config create" requires API version 1.30, but the Docker daemon API version is 1.29`) +} + func TestConfigCreateError(t *testing.T) { client := &Client{ - client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), + version: "1.30", + client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), } _, err := client.ConfigCreate(context.Background(), swarm.ConfigSpec{}) if err == nil || err.Error() != "Error response from daemon: Server error" { @@ -25,8 +36,9 @@ func TestConfigCreateError(t *testing.T) { } func TestConfigCreate(t *testing.T) { - expectedURL := "/configs/create" + expectedURL := "/v1.30/configs/create" client := &Client{ + version: "1.30", client: newMockClient(func(req *http.Request) (*http.Response, error) { if !strings.HasPrefix(req.URL.Path, expectedURL) { return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL) diff --git a/components/engine/client/config_inspect.go b/components/engine/client/config_inspect.go index 1917b181fa..ebb6d636c2 100644 --- a/components/engine/client/config_inspect.go +++ b/components/engine/client/config_inspect.go @@ -12,6 +12,9 @@ import ( // ConfigInspectWithRaw returns the config information with raw data func (cli *Client) ConfigInspectWithRaw(ctx context.Context, id string) (swarm.Config, []byte, error) { + if err := cli.NewVersionError("1.30", "config inspect"); err != nil { + return swarm.Config{}, nil, err + } resp, err := cli.get(ctx, "/configs/"+id, nil, nil) if err != nil { if resp.statusCode == http.StatusNotFound { diff --git a/components/engine/client/config_inspect_test.go b/components/engine/client/config_inspect_test.go index b9597cbc3f..010b188413 100644 --- a/components/engine/client/config_inspect_test.go +++ b/components/engine/client/config_inspect_test.go @@ -10,12 +10,23 @@ import ( "testing" "github.com/docker/docker/api/types/swarm" + "github.com/stretchr/testify/assert" "golang.org/x/net/context" ) +func TestConfigInspectUnsupported(t *testing.T) { + client := &Client{ + version: "1.29", + client: &http.Client{}, + } + _, _, err := client.ConfigInspectWithRaw(context.Background(), "nothing") + assert.EqualError(t, err, `"config inspect" requires API version 1.30, but the Docker daemon API version is 1.29`) +} + func TestConfigInspectError(t *testing.T) { client := &Client{ - client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), + version: "1.30", + client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), } _, _, err := client.ConfigInspectWithRaw(context.Background(), "nothing") @@ -26,7 +37,8 @@ func TestConfigInspectError(t *testing.T) { func TestConfigInspectConfigNotFound(t *testing.T) { client := &Client{ - client: newMockClient(errorMock(http.StatusNotFound, "Server error")), + version: "1.30", + client: newMockClient(errorMock(http.StatusNotFound, "Server error")), } _, _, err := client.ConfigInspectWithRaw(context.Background(), "unknown") @@ -36,8 +48,9 @@ func TestConfigInspectConfigNotFound(t *testing.T) { } func TestConfigInspect(t *testing.T) { - expectedURL := "/configs/config_id" + expectedURL := "/v1.30/configs/config_id" client := &Client{ + version: "1.30", client: newMockClient(func(req *http.Request) (*http.Response, error) { if !strings.HasPrefix(req.URL.Path, expectedURL) { return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL) diff --git a/components/engine/client/config_list.go b/components/engine/client/config_list.go index cea11708a7..8483ca14d1 100644 --- a/components/engine/client/config_list.go +++ b/components/engine/client/config_list.go @@ -12,6 +12,9 @@ import ( // ConfigList returns the list of configs. func (cli *Client) ConfigList(ctx context.Context, options types.ConfigListOptions) ([]swarm.Config, error) { + if err := cli.NewVersionError("1.30", "config list"); err != nil { + return nil, err + } query := url.Values{} if options.Filters.Len() > 0 { diff --git a/components/engine/client/config_list_test.go b/components/engine/client/config_list_test.go index 101e6eafdb..4fe05469fe 100644 --- a/components/engine/client/config_list_test.go +++ b/components/engine/client/config_list_test.go @@ -12,12 +12,23 @@ import ( "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/filters" "github.com/docker/docker/api/types/swarm" + "github.com/stretchr/testify/assert" "golang.org/x/net/context" ) +func TestConfigListUnsupported(t *testing.T) { + client := &Client{ + version: "1.29", + client: &http.Client{}, + } + _, err := client.ConfigList(context.Background(), types.ConfigListOptions{}) + assert.EqualError(t, err, `"config list" requires API version 1.30, but the Docker daemon API version is 1.29`) +} + func TestConfigListError(t *testing.T) { client := &Client{ - client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), + version: "1.30", + client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), } _, err := client.ConfigList(context.Background(), types.ConfigListOptions{}) @@ -27,7 +38,7 @@ func TestConfigListError(t *testing.T) { } func TestConfigList(t *testing.T) { - expectedURL := "/configs" + expectedURL := "/v1.30/configs" filters := filters.NewArgs() filters.Add("label", "label1") @@ -54,6 +65,7 @@ func TestConfigList(t *testing.T) { } for _, listCase := range listCases { client := &Client{ + version: "1.30", client: newMockClient(func(req *http.Request) (*http.Response, error) { if !strings.HasPrefix(req.URL.Path, expectedURL) { return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL) diff --git a/components/engine/client/config_remove.go b/components/engine/client/config_remove.go index f04b8df17a..726b5c8530 100644 --- a/components/engine/client/config_remove.go +++ b/components/engine/client/config_remove.go @@ -4,6 +4,9 @@ import "golang.org/x/net/context" // ConfigRemove removes a Config. func (cli *Client) ConfigRemove(ctx context.Context, id string) error { + if err := cli.NewVersionError("1.30", "config remove"); err != nil { + return err + } resp, err := cli.delete(ctx, "/configs/"+id, nil, nil) ensureReaderClosed(resp) return err diff --git a/components/engine/client/config_remove_test.go b/components/engine/client/config_remove_test.go index 4a9c69937f..f2a9feea74 100644 --- a/components/engine/client/config_remove_test.go +++ b/components/engine/client/config_remove_test.go @@ -8,12 +8,23 @@ import ( "strings" "testing" + "github.com/stretchr/testify/assert" "golang.org/x/net/context" ) +func TestConfigRemoveUnsupported(t *testing.T) { + client := &Client{ + version: "1.29", + client: &http.Client{}, + } + err := client.ConfigRemove(context.Background(), "config_id") + assert.EqualError(t, err, `"config remove" requires API version 1.30, but the Docker daemon API version is 1.29`) +} + func TestConfigRemoveError(t *testing.T) { client := &Client{ - client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), + version: "1.30", + client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), } err := client.ConfigRemove(context.Background(), "config_id") @@ -23,9 +34,10 @@ func TestConfigRemoveError(t *testing.T) { } func TestConfigRemove(t *testing.T) { - expectedURL := "/configs/config_id" + expectedURL := "/v1.30/configs/config_id" client := &Client{ + version: "1.30", client: newMockClient(func(req *http.Request) (*http.Response, error) { if !strings.HasPrefix(req.URL.Path, expectedURL) { return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL) diff --git a/components/engine/client/config_update.go b/components/engine/client/config_update.go index da171cb44c..823751bb86 100644 --- a/components/engine/client/config_update.go +++ b/components/engine/client/config_update.go @@ -10,6 +10,9 @@ import ( // ConfigUpdate attempts to update a Config func (cli *Client) ConfigUpdate(ctx context.Context, id string, version swarm.Version, config swarm.ConfigSpec) error { + if err := cli.NewVersionError("1.30", "config update"); err != nil { + return err + } query := url.Values{} query.Set("version", strconv.FormatUint(version.Index, 10)) resp, err := cli.post(ctx, "/configs/"+id+"/update", query, config, nil) diff --git a/components/engine/client/config_update_test.go b/components/engine/client/config_update_test.go index 64c2f27263..799e544da7 100644 --- a/components/engine/client/config_update_test.go +++ b/components/engine/client/config_update_test.go @@ -8,14 +8,24 @@ import ( "strings" "testing" - "golang.org/x/net/context" - "github.com/docker/docker/api/types/swarm" + "github.com/stretchr/testify/assert" + "golang.org/x/net/context" ) +func TestConfigUpdateUnsupported(t *testing.T) { + client := &Client{ + version: "1.29", + client: &http.Client{}, + } + err := client.ConfigUpdate(context.Background(), "config_id", swarm.Version{}, swarm.ConfigSpec{}) + assert.EqualError(t, err, `"config update" requires API version 1.30, but the Docker daemon API version is 1.29`) +} + func TestConfigUpdateError(t *testing.T) { client := &Client{ - client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), + version: "1.30", + client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), } err := client.ConfigUpdate(context.Background(), "config_id", swarm.Version{}, swarm.ConfigSpec{}) @@ -25,9 +35,10 @@ func TestConfigUpdateError(t *testing.T) { } func TestConfigUpdate(t *testing.T) { - expectedURL := "/configs/config_id/update" + expectedURL := "/v1.30/configs/config_id/update" client := &Client{ + version: "1.30", client: newMockClient(func(req *http.Request) (*http.Response, error) { if !strings.HasPrefix(req.URL.Path, expectedURL) { return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL) diff --git a/components/engine/client/distribution_inspect.go b/components/engine/client/distribution_inspect.go index d17ab73213..aa5bc6a6c6 100644 --- a/components/engine/client/distribution_inspect.go +++ b/components/engine/client/distribution_inspect.go @@ -10,6 +10,12 @@ import ( // DistributionInspect returns the image digest with full Manifest func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegistryAuth string) (registrytypes.DistributionInspect, error) { + // Contact the registry to retrieve digest and platform information + var distributionInspect registrytypes.DistributionInspect + + if err := cli.NewVersionError("1.30", "distribution inspect"); err != nil { + return distributionInspect, err + } var headers map[string][]string if encodedRegistryAuth != "" { @@ -18,8 +24,6 @@ func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegist } } - // Contact the registry to retrieve digest and platform information - var distributionInspect registrytypes.DistributionInspect resp, err := cli.get(ctx, "/distribution/"+image+"/json", url.Values{}, headers) if err != nil { return distributionInspect, err diff --git a/components/engine/client/distribution_inspect_test.go b/components/engine/client/distribution_inspect_test.go new file mode 100644 index 0000000000..eff28d7ca7 --- /dev/null +++ b/components/engine/client/distribution_inspect_test.go @@ -0,0 +1,18 @@ +package client + +import ( + "net/http" + "testing" + + "github.com/stretchr/testify/assert" + "golang.org/x/net/context" +) + +func TestDistributionInspectUnsupported(t *testing.T) { + client := &Client{ + version: "1.29", + client: &http.Client{}, + } + _, err := client.DistributionInspect(context.Background(), "foobar:1.0", "") + assert.EqualError(t, err, `"distribution inspect" requires API version 1.30, but the Docker daemon API version is 1.29`) +} diff --git a/components/engine/client/plugin_upgrade.go b/components/engine/client/plugin_upgrade.go index 28415156cd..049ebfa2a5 100644 --- a/components/engine/client/plugin_upgrade.go +++ b/components/engine/client/plugin_upgrade.go @@ -12,6 +12,9 @@ import ( // PluginUpgrade upgrades a plugin func (cli *Client) PluginUpgrade(ctx context.Context, name string, options types.PluginInstallOptions) (rc io.ReadCloser, err error) { + if err := cli.NewVersionError("1.26", "plugin upgrade"); err != nil { + return nil, err + } query := url.Values{} if _, err := reference.ParseNormalizedNamed(options.RemoteRef); err != nil { return nil, errors.Wrap(err, "invalid remote reference") diff --git a/components/engine/client/secret_create.go b/components/engine/client/secret_create.go index b5325a560f..4354afea60 100644 --- a/components/engine/client/secret_create.go +++ b/components/engine/client/secret_create.go @@ -11,6 +11,9 @@ import ( // SecretCreate creates a new Secret. func (cli *Client) SecretCreate(ctx context.Context, secret swarm.SecretSpec) (types.SecretCreateResponse, error) { var response types.SecretCreateResponse + if err := cli.NewVersionError("1.25", "secret create"); err != nil { + return response, err + } resp, err := cli.post(ctx, "/secrets/create", nil, secret, nil) if err != nil { return response, err diff --git a/components/engine/client/secret_create_test.go b/components/engine/client/secret_create_test.go index cb378c77ff..ccc7349008 100644 --- a/components/engine/client/secret_create_test.go +++ b/components/engine/client/secret_create_test.go @@ -11,12 +11,23 @@ import ( "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/swarm" + "github.com/stretchr/testify/assert" "golang.org/x/net/context" ) +func TestSecretCreateUnsupported(t *testing.T) { + client := &Client{ + version: "1.24", + client: &http.Client{}, + } + _, err := client.SecretCreate(context.Background(), swarm.SecretSpec{}) + assert.EqualError(t, err, `"secret create" requires API version 1.25, but the Docker daemon API version is 1.24`) +} + func TestSecretCreateError(t *testing.T) { client := &Client{ - client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), + version: "1.25", + client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), } _, err := client.SecretCreate(context.Background(), swarm.SecretSpec{}) if err == nil || err.Error() != "Error response from daemon: Server error" { @@ -25,8 +36,9 @@ func TestSecretCreateError(t *testing.T) { } func TestSecretCreate(t *testing.T) { - expectedURL := "/secrets/create" + expectedURL := "/v1.25/secrets/create" client := &Client{ + version: "1.25", client: newMockClient(func(req *http.Request) (*http.Response, error) { if !strings.HasPrefix(req.URL.Path, expectedURL) { return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL) diff --git a/components/engine/client/secret_inspect.go b/components/engine/client/secret_inspect.go index f774576118..9b602972bc 100644 --- a/components/engine/client/secret_inspect.go +++ b/components/engine/client/secret_inspect.go @@ -12,6 +12,9 @@ import ( // SecretInspectWithRaw returns the secret information with raw data func (cli *Client) SecretInspectWithRaw(ctx context.Context, id string) (swarm.Secret, []byte, error) { + if err := cli.NewVersionError("1.25", "secret inspect"); err != nil { + return swarm.Secret{}, nil, err + } resp, err := cli.get(ctx, "/secrets/"+id, nil, nil) if err != nil { if resp.statusCode == http.StatusNotFound { diff --git a/components/engine/client/secret_inspect_test.go b/components/engine/client/secret_inspect_test.go index 0142a3ca9f..1581da1015 100644 --- a/components/engine/client/secret_inspect_test.go +++ b/components/engine/client/secret_inspect_test.go @@ -10,12 +10,23 @@ import ( "testing" "github.com/docker/docker/api/types/swarm" + "github.com/stretchr/testify/assert" "golang.org/x/net/context" ) +func TestSecretInspectUnsupported(t *testing.T) { + client := &Client{ + version: "1.24", + client: &http.Client{}, + } + _, _, err := client.SecretInspectWithRaw(context.Background(), "nothing") + assert.EqualError(t, err, `"secret inspect" requires API version 1.25, but the Docker daemon API version is 1.24`) +} + func TestSecretInspectError(t *testing.T) { client := &Client{ - client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), + version: "1.25", + client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), } _, _, err := client.SecretInspectWithRaw(context.Background(), "nothing") @@ -26,7 +37,8 @@ func TestSecretInspectError(t *testing.T) { func TestSecretInspectSecretNotFound(t *testing.T) { client := &Client{ - client: newMockClient(errorMock(http.StatusNotFound, "Server error")), + version: "1.25", + client: newMockClient(errorMock(http.StatusNotFound, "Server error")), } _, _, err := client.SecretInspectWithRaw(context.Background(), "unknown") @@ -36,8 +48,9 @@ func TestSecretInspectSecretNotFound(t *testing.T) { } func TestSecretInspect(t *testing.T) { - expectedURL := "/secrets/secret_id" + expectedURL := "/v1.25/secrets/secret_id" client := &Client{ + version: "1.25", client: newMockClient(func(req *http.Request) (*http.Response, error) { if !strings.HasPrefix(req.URL.Path, expectedURL) { return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL) diff --git a/components/engine/client/secret_list.go b/components/engine/client/secret_list.go index 7e9d5ec167..0d33ecfbc9 100644 --- a/components/engine/client/secret_list.go +++ b/components/engine/client/secret_list.go @@ -12,6 +12,9 @@ import ( // SecretList returns the list of secrets. func (cli *Client) SecretList(ctx context.Context, options types.SecretListOptions) ([]swarm.Secret, error) { + if err := cli.NewVersionError("1.25", "secret list"); err != nil { + return nil, err + } query := url.Values{} if options.Filters.Len() > 0 { diff --git a/components/engine/client/secret_list_test.go b/components/engine/client/secret_list_test.go index 1ac11cddb3..67a94d3df5 100644 --- a/components/engine/client/secret_list_test.go +++ b/components/engine/client/secret_list_test.go @@ -12,12 +12,23 @@ import ( "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/filters" "github.com/docker/docker/api/types/swarm" + "github.com/stretchr/testify/assert" "golang.org/x/net/context" ) +func TestSecretListUnsupported(t *testing.T) { + client := &Client{ + version: "1.24", + client: &http.Client{}, + } + _, err := client.SecretList(context.Background(), types.SecretListOptions{}) + assert.EqualError(t, err, `"secret list" requires API version 1.25, but the Docker daemon API version is 1.24`) +} + func TestSecretListError(t *testing.T) { client := &Client{ - client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), + version: "1.25", + client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), } _, err := client.SecretList(context.Background(), types.SecretListOptions{}) @@ -27,7 +38,7 @@ func TestSecretListError(t *testing.T) { } func TestSecretList(t *testing.T) { - expectedURL := "/secrets" + expectedURL := "/v1.25/secrets" filters := filters.NewArgs() filters.Add("label", "label1") @@ -54,6 +65,7 @@ func TestSecretList(t *testing.T) { } for _, listCase := range listCases { client := &Client{ + version: "1.25", client: newMockClient(func(req *http.Request) (*http.Response, error) { if !strings.HasPrefix(req.URL.Path, expectedURL) { return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL) diff --git a/components/engine/client/secret_remove.go b/components/engine/client/secret_remove.go index 1955b988a9..c5e37af17d 100644 --- a/components/engine/client/secret_remove.go +++ b/components/engine/client/secret_remove.go @@ -4,6 +4,9 @@ import "golang.org/x/net/context" // SecretRemove removes a Secret. func (cli *Client) SecretRemove(ctx context.Context, id string) error { + if err := cli.NewVersionError("1.25", "secret remove"); err != nil { + return err + } resp, err := cli.delete(ctx, "/secrets/"+id, nil, nil) ensureReaderClosed(resp) return err diff --git a/components/engine/client/secret_remove_test.go b/components/engine/client/secret_remove_test.go index f269f787d2..bb41edfe5d 100644 --- a/components/engine/client/secret_remove_test.go +++ b/components/engine/client/secret_remove_test.go @@ -8,12 +8,23 @@ import ( "strings" "testing" + "github.com/stretchr/testify/assert" "golang.org/x/net/context" ) +func TestSecretRemoveUnsupported(t *testing.T) { + client := &Client{ + version: "1.24", + client: &http.Client{}, + } + err := client.SecretRemove(context.Background(), "secret_id") + assert.EqualError(t, err, `"secret remove" requires API version 1.25, but the Docker daemon API version is 1.24`) +} + func TestSecretRemoveError(t *testing.T) { client := &Client{ - client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), + version: "1.25", + client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), } err := client.SecretRemove(context.Background(), "secret_id") @@ -23,9 +34,10 @@ func TestSecretRemoveError(t *testing.T) { } func TestSecretRemove(t *testing.T) { - expectedURL := "/secrets/secret_id" + expectedURL := "/v1.25/secrets/secret_id" client := &Client{ + version: "1.25", client: newMockClient(func(req *http.Request) (*http.Response, error) { if !strings.HasPrefix(req.URL.Path, expectedURL) { return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL) diff --git a/components/engine/client/secret_update.go b/components/engine/client/secret_update.go index 3af5287068..875a4c901e 100644 --- a/components/engine/client/secret_update.go +++ b/components/engine/client/secret_update.go @@ -10,6 +10,9 @@ import ( // SecretUpdate attempts to update a Secret func (cli *Client) SecretUpdate(ctx context.Context, id string, version swarm.Version, secret swarm.SecretSpec) error { + if err := cli.NewVersionError("1.25", "secret update"); err != nil { + return err + } query := url.Values{} query.Set("version", strconv.FormatUint(version.Index, 10)) resp, err := cli.post(ctx, "/secrets/"+id+"/update", query, secret, nil) diff --git a/components/engine/client/secret_update_test.go b/components/engine/client/secret_update_test.go index c620985bd5..4a791328ed 100644 --- a/components/engine/client/secret_update_test.go +++ b/components/engine/client/secret_update_test.go @@ -8,14 +8,24 @@ import ( "strings" "testing" - "golang.org/x/net/context" - "github.com/docker/docker/api/types/swarm" + "github.com/stretchr/testify/assert" + "golang.org/x/net/context" ) +func TestSecretUpdateUnsupported(t *testing.T) { + client := &Client{ + version: "1.24", + client: &http.Client{}, + } + err := client.SecretUpdate(context.Background(), "secret_id", swarm.Version{}, swarm.SecretSpec{}) + assert.EqualError(t, err, `"secret update" requires API version 1.25, but the Docker daemon API version is 1.24`) +} + func TestSecretUpdateError(t *testing.T) { client := &Client{ - client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), + version: "1.25", + client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), } err := client.SecretUpdate(context.Background(), "secret_id", swarm.Version{}, swarm.SecretSpec{}) @@ -25,9 +35,10 @@ func TestSecretUpdateError(t *testing.T) { } func TestSecretUpdate(t *testing.T) { - expectedURL := "/secrets/secret_id/update" + expectedURL := "/v1.25/secrets/secret_id/update" client := &Client{ + version: "1.25", client: newMockClient(func(req *http.Request) (*http.Response, error) { if !strings.HasPrefix(req.URL.Path, expectedURL) { return nil, fmt.Errorf("Expected URL '%s', got '%s'", expectedURL, req.URL) diff --git a/components/engine/client/service_create_test.go b/components/engine/client/service_create_test.go index 3c5ba5a5fc..0604794953 100644 --- a/components/engine/client/service_create_test.go +++ b/components/engine/client/service_create_test.go @@ -68,8 +68,9 @@ func TestServiceCreateCompatiblePlatforms(t *testing.T) { ) client := &Client{ + version: "1.30", client: newMockClient(func(req *http.Request) (*http.Response, error) { - if strings.HasPrefix(req.URL.Path, "/services/create") { + if strings.HasPrefix(req.URL.Path, "/v1.30/services/create") { // check if the /distribution endpoint returned correct output err := json.NewDecoder(distributionInspectBody).Decode(&distributionInspect) if err != nil { @@ -89,7 +90,7 @@ func TestServiceCreateCompatiblePlatforms(t *testing.T) { StatusCode: http.StatusOK, Body: ioutil.NopCloser(bytes.NewReader(b)), }, nil - } else if strings.HasPrefix(req.URL.Path, "/distribution/") { + } else if strings.HasPrefix(req.URL.Path, "/v1.30/distribution/") { platforms = []v1.Platform{ { Architecture: "amd64", @@ -146,8 +147,9 @@ func TestServiceCreateDigestPinning(t *testing.T) { } client := &Client{ + version: "1.30", client: newMockClient(func(req *http.Request) (*http.Response, error) { - if strings.HasPrefix(req.URL.Path, "/services/create") { + if strings.HasPrefix(req.URL.Path, "/v1.30/services/create") { // reset and set image received by the service create endpoint serviceCreateImage = "" var service swarm.ServiceSpec @@ -166,10 +168,10 @@ func TestServiceCreateDigestPinning(t *testing.T) { StatusCode: http.StatusOK, Body: ioutil.NopCloser(bytes.NewReader(b)), }, nil - } else if strings.HasPrefix(req.URL.Path, "/distribution/cannotresolve") { + } else if strings.HasPrefix(req.URL.Path, "/v1.30/distribution/cannotresolve") { // unresolvable image return nil, fmt.Errorf("cannot resolve image") - } else if strings.HasPrefix(req.URL.Path, "/distribution/") { + } else if strings.HasPrefix(req.URL.Path, "/v1.30/distribution/") { // resolvable images b, err := json.Marshal(registrytypes.DistributionInspect{ Descriptor: v1.Descriptor{ From b183d65011b2be5bba1c81b83b9b99c91a73c3b2 Mon Sep 17 00:00:00 2001 From: unclejack Date: Sat, 10 Jun 2017 15:03:49 +0300 Subject: [PATCH 083/191] pkg/pools: add buffer32KPool & use it for copy Signed-off-by: Cristian Staretu Upstream-commit: ba40f4593f79a653f1e3a8b9597b7900fb68a564 Component: engine --- components/engine/pkg/pools/pools.go | 31 +++++++++++++++++++---- components/engine/pkg/pools/pools_test.go | 5 ++++ 2 files changed, 31 insertions(+), 5 deletions(-) diff --git a/components/engine/pkg/pools/pools.go b/components/engine/pkg/pools/pools.go index 5c5aead698..6a111a3ba7 100644 --- a/components/engine/pkg/pools/pools.go +++ b/components/engine/pkg/pools/pools.go @@ -17,15 +17,16 @@ import ( "github.com/docker/docker/pkg/ioutils" ) +const buffer32K = 32 * 1024 + var ( // BufioReader32KPool is a pool which returns bufio.Reader with a 32K buffer. BufioReader32KPool = newBufioReaderPoolWithSize(buffer32K) // BufioWriter32KPool is a pool which returns bufio.Writer with a 32K buffer. BufioWriter32KPool = newBufioWriterPoolWithSize(buffer32K) + buffer32KPool = newBufferPoolWithSize(buffer32K) ) -const buffer32K = 32 * 1024 - // BufioReaderPool is a bufio reader that uses sync.Pool. type BufioReaderPool struct { pool sync.Pool @@ -54,11 +55,31 @@ func (bufPool *BufioReaderPool) Put(b *bufio.Reader) { bufPool.pool.Put(b) } +type bufferPool struct { + pool sync.Pool +} + +func newBufferPoolWithSize(size int) *bufferPool { + return &bufferPool{ + pool: sync.Pool{ + New: func() interface{} { return make([]byte, size) }, + }, + } +} + +func (bp *bufferPool) Get() []byte { + return bp.pool.Get().([]byte) +} + +func (bp *bufferPool) Put(b []byte) { + bp.pool.Put(b) +} + // Copy is a convenience wrapper which uses a buffer to avoid allocation in io.Copy. func Copy(dst io.Writer, src io.Reader) (written int64, err error) { - buf := BufioReader32KPool.Get(src) - written, err = io.Copy(dst, buf) - BufioReader32KPool.Put(buf) + buf := buffer32KPool.Get() + written, err = io.CopyBuffer(dst, src, buf) + buffer32KPool.Put(buf) return } diff --git a/components/engine/pkg/pools/pools_test.go b/components/engine/pkg/pools/pools_test.go index 1661b780c9..d71cb99ac7 100644 --- a/components/engine/pkg/pools/pools_test.go +++ b/components/engine/pkg/pools/pools_test.go @@ -159,3 +159,8 @@ func TestNewWriteCloserWrapperWithAWriteCloser(t *testing.T) { t.Fatalf("The ReaderCloser should have been closed, it is not.") } } + +func TestBufferPoolPutAndGet(t *testing.T) { + buf := buffer32KPool.Get() + buffer32KPool.Put(buf) +} From 11c8449db64fc74c9751b0860771098004bf9b64 Mon Sep 17 00:00:00 2001 From: unclejack Date: Thu, 1 Jun 2017 17:02:43 +0300 Subject: [PATCH 084/191] container/stream/attach: use pools.Copy The use of pools.Copy avoids io.Copy's internal buffer allocation. This commit replaces io.Copy with pools.Copy to avoid the allocation of buffers in io.Copy. Signed-off-by: Cristian Staretu Upstream-commit: 014095e6a07748d0e1ce2f759f5c4f4b3783e765 Component: engine --- components/engine/container/stream/attach.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/components/engine/container/stream/attach.go b/components/engine/container/stream/attach.go index 5f63f88f39..3dd53d3354 100644 --- a/components/engine/container/stream/attach.go +++ b/components/engine/container/stream/attach.go @@ -7,6 +7,7 @@ import ( "golang.org/x/net/context" "github.com/Sirupsen/logrus" + "github.com/docker/docker/pkg/pools" "github.com/docker/docker/pkg/promise" "github.com/docker/docker/pkg/term" ) @@ -86,7 +87,7 @@ func (c *Config) CopyStreams(ctx context.Context, cfg *AttachConfig) chan error if cfg.TTY { _, err = copyEscapable(cfg.CStdin, cfg.Stdin, cfg.DetachKeys) } else { - _, err = io.Copy(cfg.CStdin, cfg.Stdin) + _, err = pools.Copy(cfg.CStdin, cfg.Stdin) } if err == io.ErrClosedPipe { err = nil @@ -116,7 +117,7 @@ func (c *Config) CopyStreams(ctx context.Context, cfg *AttachConfig) chan error } logrus.Debugf("attach: %s: begin", name) - _, err := io.Copy(stream, streamPipe) + _, err := pools.Copy(stream, streamPipe) if err == io.ErrClosedPipe { err = nil } @@ -174,5 +175,5 @@ func copyEscapable(dst io.Writer, src io.ReadCloser, keys []byte) (written int64 pr := term.NewEscapeProxy(src, keys) defer src.Close() - return io.Copy(dst, pr) + return pools.Copy(dst, pr) } From bf95ed2bb929b29261dec287340fe32263d5ece4 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 10 Jun 2017 03:07:21 +0200 Subject: [PATCH 085/191] Fix missing "--version" argument Commit 858b4b44c8172eb2c92767c8f624f4138db5212b added support for obtaining the runtime version if a custom path was set, but accidentally removed the "--version" flag. This patch restores the flag, and adds an integration test to verify the behavior.. Signed-off-by: Sebastiaan van Stijn Upstream-commit: 6400ce8f0a97e456f9694396f58c0958f3580277 Component: engine --- components/engine/daemon/info_unix.go | 2 +- .../integration-cli/docker_api_info_test.go | 22 +++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/components/engine/daemon/info_unix.go b/components/engine/daemon/info_unix.go index 2ad979c285..e816f8dff1 100644 --- a/components/engine/daemon/info_unix.go +++ b/components/engine/daemon/info_unix.go @@ -38,7 +38,7 @@ func (daemon *Daemon) FillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo) v.RuncCommit.Expected = dockerversion.RuncCommitID defaultRuntimeBinary := daemon.configStore.GetRuntime(daemon.configStore.GetDefaultRuntimeName()).Path - if rv, err := exec.Command(defaultRuntimeBinary).Output(); err == nil { + if rv, err := exec.Command(defaultRuntimeBinary, "--version").Output(); err == nil { parts := strings.Split(strings.TrimSpace(string(rv)), "\n") if len(parts) == 3 { parts = strings.Split(parts[1], ": ") diff --git a/components/engine/integration-cli/docker_api_info_test.go b/components/engine/integration-cli/docker_api_info_test.go index 57dac36e18..9cb873d608 100644 --- a/components/engine/integration-cli/docker_api_info_test.go +++ b/components/engine/integration-cli/docker_api_info_test.go @@ -3,8 +3,11 @@ package main import ( "net/http" + "encoding/json" + "github.com/docker/docker/api/types" "github.com/docker/docker/integration-cli/checker" "github.com/docker/docker/integration-cli/request" + "github.com/docker/docker/pkg/testutil" "github.com/go-check/check" ) @@ -40,6 +43,25 @@ func (s *DockerSuite) TestInfoAPI(c *check.C) { } } +// TestInfoAPIRuncCommit tests that dockerd is able to obtain RunC version +// information, and that the version matches the expected version +func (s *DockerSuite) TestInfoAPIRuncCommit(c *check.C) { + testRequires(c, DaemonIsLinux) // Windows does not have RunC version information + + res, body, err := request.Get("/v1.30/info") + c.Assert(res.StatusCode, checker.Equals, http.StatusOK) + c.Assert(err, checker.IsNil) + + b, err := testutil.ReadBody(body) + c.Assert(err, checker.IsNil) + + var i types.Info + + c.Assert(json.Unmarshal(b, &i), checker.IsNil) + c.Assert(i.RuncCommit.ID, checker.Not(checker.Equals), "N/A") + c.Assert(i.RuncCommit.ID, checker.Equals, i.RuncCommit.Expected) +} + func (s *DockerSuite) TestInfoAPIVersioned(c *check.C) { testRequires(c, DaemonIsLinux) // Windows only supports 1.25 or later endpoint := "/v1.20/info" From dd213075577b147cde543ca82ea5001a071d3dd9 Mon Sep 17 00:00:00 2001 From: Raja Sami Date: Mon, 22 May 2017 14:38:23 +0500 Subject: [PATCH 086/191] Increase the Coverage of pkg/plugins Increases the test coverage of pkg/plugins. Changed signature of function NewClientWithTimeout in pkg/plugin/client, to take time.Duration instead of integers. Signed-off-by: Raja Sami Upstream-commit: 8dd100a2297a34a0aef422383117fb0c3314fba1 Component: engine --- components/engine/pkg/plugins/client.go | 8 +- components/engine/pkg/plugins/client_test.go | 87 +++++++++++++- .../engine/pkg/plugins/discovery_unix_test.go | 39 ++++++ components/engine/pkg/plugins/plugin_test.go | 112 ++++++++++++++++++ .../engine/pkg/plugins/transport/http_test.go | 20 ++++ components/engine/plugin/manager_linux.go | 2 +- 6 files changed, 259 insertions(+), 9 deletions(-) create mode 100644 components/engine/pkg/plugins/transport/http_test.go diff --git a/components/engine/pkg/plugins/client.go b/components/engine/pkg/plugins/client.go index 84103c7ae7..f221a46fcf 100644 --- a/components/engine/pkg/plugins/client.go +++ b/components/engine/pkg/plugins/client.go @@ -57,20 +57,20 @@ func NewClient(addr string, tlsConfig *tlsconfig.Options) (*Client, error) { } // NewClientWithTimeout creates a new plugin client (http). -func NewClientWithTimeout(addr string, tlsConfig *tlsconfig.Options, timeoutInSecs int) (*Client, error) { +func NewClientWithTimeout(addr string, tlsConfig *tlsconfig.Options, timeout time.Duration) (*Client, error) { clientTransport, err := newTransport(addr, tlsConfig) if err != nil { return nil, err } - return newClientWithTransport(clientTransport, timeoutInSecs), nil + return newClientWithTransport(clientTransport, timeout), nil } // newClientWithTransport creates a new plugin client with a given transport. -func newClientWithTransport(tr transport.Transport, timeoutInSecs int) *Client { +func newClientWithTransport(tr transport.Transport, timeout time.Duration) *Client { return &Client{ http: &http.Client{ Transport: tr, - Timeout: time.Duration(timeoutInSecs) * time.Second, + Timeout: timeout, }, requestFactory: tr, } diff --git a/components/engine/pkg/plugins/client_test.go b/components/engine/pkg/plugins/client_test.go index fc583fe0c2..7c519a2765 100644 --- a/components/engine/pkg/plugins/client_test.go +++ b/components/engine/pkg/plugins/client_test.go @@ -1,17 +1,19 @@ package plugins import ( + "bytes" + "encoding/json" "io" "net/http" "net/http/httptest" "net/url" - "reflect" "strings" "testing" "time" "github.com/docker/docker/pkg/plugins/transport" "github.com/docker/go-connections/tlsconfig" + "github.com/stretchr/testify/assert" ) var ( @@ -83,9 +85,7 @@ func TestEchoInputOutput(t *testing.T) { t.Fatal(err) } - if !reflect.DeepEqual(output, m) { - t.Fatalf("Expected %v, was %v\n", m, output) - } + assert.Equal(t, m, output) err = c.Call("Test.Echo", nil, nil) if err != nil { t.Fatal(err) @@ -153,3 +153,82 @@ func TestClientScheme(t *testing.T) { } } } + +func TestNewClientWithTimeout(t *testing.T) { + addr := setupRemotePluginServer() + defer teardownRemotePluginServer() + + m := Manifest{[]string{"VolumeDriver", "NetworkDriver"}} + + mux.HandleFunc("/Test.Echo", func(w http.ResponseWriter, r *http.Request) { + time.Sleep(time.Duration(600) * time.Millisecond) + io.Copy(w, r.Body) + }) + + // setting timeout of 500ms + timeout := time.Duration(500) * time.Millisecond + c, _ := NewClientWithTimeout(addr, &tlsconfig.Options{InsecureSkipVerify: true}, timeout) + var output Manifest + err := c.Call("Test.Echo", m, &output) + if err == nil { + t.Fatal("Expected timeout error") + } +} + +func TestClientStream(t *testing.T) { + addr := setupRemotePluginServer() + defer teardownRemotePluginServer() + + m := Manifest{[]string{"VolumeDriver", "NetworkDriver"}} + var output Manifest + + mux.HandleFunc("/Test.Echo", func(w http.ResponseWriter, r *http.Request) { + if r.Method != "POST" { + t.Fatalf("Expected POST, got %s", r.Method) + } + + header := w.Header() + header.Set("Content-Type", transport.VersionMimetype) + + io.Copy(w, r.Body) + }) + + c, _ := NewClient(addr, &tlsconfig.Options{InsecureSkipVerify: true}) + body, err := c.Stream("Test.Echo", m) + if err != nil { + t.Fatal(err) + } + defer body.Close() + if err := json.NewDecoder(body).Decode(&output); err != nil { + t.Fatalf("Test.Echo: error reading plugin resp: %v", err) + } + assert.Equal(t, m, output) +} + +func TestClientSendFile(t *testing.T) { + addr := setupRemotePluginServer() + defer teardownRemotePluginServer() + + m := Manifest{[]string{"VolumeDriver", "NetworkDriver"}} + var output Manifest + var buf bytes.Buffer + if err := json.NewEncoder(&buf).Encode(m); err != nil { + t.Fatal(err) + } + mux.HandleFunc("/Test.Echo", func(w http.ResponseWriter, r *http.Request) { + if r.Method != "POST" { + t.Fatalf("Expected POST, got %s\n", r.Method) + } + + header := w.Header() + header.Set("Content-Type", transport.VersionMimetype) + + io.Copy(w, r.Body) + }) + + c, _ := NewClient(addr, &tlsconfig.Options{InsecureSkipVerify: true}) + if err := c.SendFile("Test.Echo", &buf, &output); err != nil { + t.Fatal(err) + } + assert.Equal(t, m, output) +} diff --git a/components/engine/pkg/plugins/discovery_unix_test.go b/components/engine/pkg/plugins/discovery_unix_test.go index 1b232b7ade..66f50353c3 100644 --- a/components/engine/pkg/plugins/discovery_unix_test.go +++ b/components/engine/pkg/plugins/discovery_unix_test.go @@ -4,6 +4,7 @@ package plugins import ( "fmt" + "io/ioutil" "net" "os" "path/filepath" @@ -59,3 +60,41 @@ func TestLocalSocket(t *testing.T) { l.Close() } } + +func TestScan(t *testing.T) { + tmpdir, unregister := Setup(t) + defer unregister() + + pluginNames, err := Scan() + if err != nil { + t.Fatal(err) + } + if pluginNames != nil { + t.Fatal("Plugin names should be empty.") + } + + path := filepath.Join(tmpdir, "echo.spec") + addr := "unix://var/lib/docker/plugins/echo.sock" + name := "echo" + + err = os.MkdirAll(filepath.Dir(path), 0755) + if err != nil { + t.Fatal(err) + } + + err = ioutil.WriteFile(path, []byte(addr), 0644) + if err != nil { + t.Fatal(err) + } + + r := newLocalRegistry() + p, err := r.Plugin(name) + + pluginNamesNotEmpty, err := Scan() + if err != nil { + t.Fatal(err) + } + if p.Name() != pluginNamesNotEmpty[0] { + t.Fatalf("Unable to scan plugin with name %s", p.name) + } +} diff --git a/components/engine/pkg/plugins/plugin_test.go b/components/engine/pkg/plugins/plugin_test.go index b19c0d52f1..00fcb85f58 100644 --- a/components/engine/pkg/plugins/plugin_test.go +++ b/components/engine/pkg/plugins/plugin_test.go @@ -1,12 +1,26 @@ package plugins import ( + "bytes" + "encoding/json" "errors" + "io" + "io/ioutil" + "net/http" "path/filepath" "runtime" "sync" "testing" "time" + + "github.com/docker/docker/pkg/plugins/transport" + "github.com/docker/go-connections/tlsconfig" + "github.com/stretchr/testify/assert" +) + +const ( + fruitPlugin = "fruit" + fruitImplements = "apple" ) // regression test for deadlock in handlers @@ -42,3 +56,101 @@ func testActive(t *testing.T, p *Plugin) { } } + +func TestGet(t *testing.T) { + p := &Plugin{name: fruitPlugin, activateWait: sync.NewCond(&sync.Mutex{})} + p.Manifest = &Manifest{Implements: []string{fruitImplements}} + storage.plugins[fruitPlugin] = p + + plugin, err := Get(fruitPlugin, fruitImplements) + if err != nil { + t.Fatal(err) + } + if p.Name() != plugin.Name() { + t.Fatalf("No matching plugin with name %s found", plugin.Name()) + } + if plugin.Client() != nil { + t.Fatal("expected nil Client but found one") + } + if !plugin.IsV1() { + t.Fatal("Expected true for V1 plugin") + } + + // check negative case where plugin fruit doesn't implement banana + _, err = Get("fruit", "banana") + assert.Equal(t, err, ErrNotImplements) + + // check negative case where plugin vegetable doesn't exist + _, err = Get("vegetable", "potato") + assert.Equal(t, err, ErrNotFound) + +} + +func TestPluginWithNoManifest(t *testing.T) { + addr := setupRemotePluginServer() + defer teardownRemotePluginServer() + + m := Manifest{[]string{fruitImplements}} + var buf bytes.Buffer + if err := json.NewEncoder(&buf).Encode(m); err != nil { + t.Fatal(err) + } + + mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) { + if r.Method != "POST" { + t.Fatalf("Expected POST, got %s\n", r.Method) + } + + header := w.Header() + header.Set("Content-Type", transport.VersionMimetype) + + io.Copy(w, &buf) + }) + + p := &Plugin{ + name: fruitPlugin, + activateWait: sync.NewCond(&sync.Mutex{}), + Addr: addr, + TLSConfig: &tlsconfig.Options{InsecureSkipVerify: true}, + } + storage.plugins[fruitPlugin] = p + + plugin, err := Get(fruitPlugin, fruitImplements) + if err != nil { + t.Fatal(err) + } + if p.Name() != plugin.Name() { + t.Fatalf("No matching plugin with name %s found", plugin.Name()) + } +} + +func TestGetAll(t *testing.T) { + tmpdir, unregister := Setup(t) + defer unregister() + + p := filepath.Join(tmpdir, "example.json") + spec := `{ + "Name": "example", + "Addr": "https://example.com/docker/plugin" +}` + + if err := ioutil.WriteFile(p, []byte(spec), 0644); err != nil { + t.Fatal(err) + } + + r := newLocalRegistry() + plugin, err := r.Plugin("example") + if err != nil { + t.Fatal(err) + } + plugin.Manifest = &Manifest{Implements: []string{"apple"}} + storage.plugins["example"] = plugin + + fetchedPlugins, err := GetAll("apple") + if err != nil { + t.Fatal(err) + } + if fetchedPlugins[0].Name() != plugin.Name() { + t.Fatalf("Expected to get plugin with name %s", plugin.Name()) + } +} diff --git a/components/engine/pkg/plugins/transport/http_test.go b/components/engine/pkg/plugins/transport/http_test.go new file mode 100644 index 0000000000..b724fd0df0 --- /dev/null +++ b/components/engine/pkg/plugins/transport/http_test.go @@ -0,0 +1,20 @@ +package transport + +import ( + "io" + "net/http" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestHTTPTransport(t *testing.T) { + var r io.Reader + roundTripper := &http.Transport{} + newTransport := NewHTTPTransport(roundTripper, "http", "0.0.0.0") + request, err := newTransport.NewRequest("", r) + if err != nil { + t.Fatal(err) + } + assert.Equal(t, "POST", request.Method) +} diff --git a/components/engine/plugin/manager_linux.go b/components/engine/plugin/manager_linux.go index 5396b15bec..1e8994043f 100644 --- a/components/engine/plugin/manager_linux.go +++ b/components/engine/plugin/manager_linux.go @@ -80,7 +80,7 @@ func (pm *Manager) enable(p *v2.Plugin, c *controller, force bool) error { func (pm *Manager) pluginPostStart(p *v2.Plugin, c *controller) error { sockAddr := filepath.Join(pm.config.ExecRoot, p.GetID(), p.GetSocket()) - client, err := plugins.NewClientWithTimeout("unix://"+sockAddr, nil, c.timeoutInSecs) + client, err := plugins.NewClientWithTimeout("unix://"+sockAddr, nil, time.Duration(c.timeoutInSecs)*time.Second) if err != nil { c.restart = false shutdownPlugin(p, c, pm.containerdClient) From 3f80d858fdbe525d26c20d6c0a460d120ab892da Mon Sep 17 00:00:00 2001 From: Madhu Venugopal Date: Mon, 12 Jun 2017 01:01:45 -0700 Subject: [PATCH 087/191] Vendoring libnetwork f4a15a0890383619ad797b3bd2481cc6f46a978d Contains Service Discovery hardening fixes via https://github.com/docker/libnetwork/pull/1796 Fixes multiple issues such as #32830 Signed-off-by: Madhu Venugopal Upstream-commit: 6868b8ef230fea7bc5758e2d252d4297033029fa Component: engine --- components/engine/vendor.conf | 2 +- .../github.com/docker/libnetwork/agent.go | 135 ++++++--- .../github.com/docker/libnetwork/agent.proto | 2 +- .../docker/libnetwork/common/setmatrix.go | 123 ++++++++ .../github.com/docker/libnetwork/endpoint.go | 16 +- .../github.com/docker/libnetwork/network.go | 81 ++++-- .../docker/libnetwork/networkdb/networkdb.go | 3 - .../github.com/docker/libnetwork/sandbox.go | 16 +- .../github.com/docker/libnetwork/service.go | 36 ++- .../docker/libnetwork/service_common.go | 265 +++++++++++++----- .../docker/libnetwork/service_linux.go | 9 +- 11 files changed, 522 insertions(+), 166 deletions(-) create mode 100644 components/engine/vendor/github.com/docker/libnetwork/common/setmatrix.go diff --git a/components/engine/vendor.conf b/components/engine/vendor.conf index 33aa27688b..184c02dc9b 100644 --- a/components/engine/vendor.conf +++ b/components/engine/vendor.conf @@ -26,7 +26,7 @@ github.com/imdario/mergo 0.2.1 golang.org/x/sync de49d9dcd27d4f764488181bea099dfe6179bcf0 #get libnetwork packages -github.com/docker/libnetwork eb57059e91bc54c9da23c5a633b75b3faf910a68 +github.com/docker/libnetwork f4a15a0890383619ad797b3bd2481cc6f46a978d github.com/docker/go-events 18b43f1bc85d9cdd42c05a6cd2d444c7a200a894 github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec diff --git a/components/engine/vendor/github.com/docker/libnetwork/agent.go b/components/engine/vendor/github.com/docker/libnetwork/agent.go index 485713171e..3fa5341481 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/agent.go +++ b/components/engine/vendor/github.com/docker/libnetwork/agent.go @@ -583,7 +583,7 @@ func (ep *endpoint) deleteDriverInfoFromCluster() error { return nil } -func (ep *endpoint) addServiceInfoToCluster() error { +func (ep *endpoint) addServiceInfoToCluster(sb *sandbox) error { if ep.isAnonymous() && len(ep.myAliases) == 0 || ep.Iface().Address() == nil { return nil } @@ -593,26 +593,51 @@ func (ep *endpoint) addServiceInfoToCluster() error { return nil } + sb.Service.Lock() + defer sb.Service.Unlock() + logrus.Debugf("addServiceInfoToCluster START for %s %s", ep.svcName, ep.ID()) + + // Check that the endpoint is still present on the sandbox before adding it to the service discovery. + // This is to handle a race between the EnableService and the sbLeave + // It is possible that the EnableService starts, fetches the list of the endpoints and + // by the time the addServiceInfoToCluster is called the endpoint got removed from the sandbox + // The risk is that the deleteServiceInfoToCluster happens before the addServiceInfoToCluster. + // This check under the Service lock of the sandbox ensure the correct behavior. + // If the addServiceInfoToCluster arrives first may find or not the endpoint and will proceed or exit + // but in any case the deleteServiceInfoToCluster will follow doing the cleanup if needed. + // In case the deleteServiceInfoToCluster arrives first, this one is happening after the endpoint is + // removed from the list, in this situation the delete will bail out not finding any data to cleanup + // and the add will bail out not finding the endpoint on the sandbox. + if e := sb.getEndpoint(ep.ID()); e == nil { + logrus.Warnf("addServiceInfoToCluster suppressing service resolution ep is not anymore in the sandbox %s", ep.ID()) + return nil + } + c := n.getController() agent := c.getAgent() - var ingressPorts []*PortConfig - if ep.svcID != "" { - // Gossip ingress ports only in ingress network. - if n.ingress { - ingressPorts = ep.ingressPorts - } - - if err := c.addServiceBinding(ep.svcName, ep.svcID, n.ID(), ep.ID(), ep.virtualIP, ingressPorts, ep.svcAliases, ep.Iface().Address().IP); err != nil { - return err - } - } - name := ep.Name() if ep.isAnonymous() { name = ep.MyAliases()[0] } + var ingressPorts []*PortConfig + if ep.svcID != "" { + // This is a task part of a service + // Gossip ingress ports only in ingress network. + if n.ingress { + ingressPorts = ep.ingressPorts + } + if err := c.addServiceBinding(ep.svcName, ep.svcID, n.ID(), ep.ID(), name, ep.virtualIP, ingressPorts, ep.svcAliases, ep.myAliases, ep.Iface().Address().IP, "addServiceInfoToCluster"); err != nil { + return err + } + } else { + // This is a container simply attached to an attachable network + if err := c.addContainerNameResolution(n.ID(), ep.ID(), name, ep.myAliases, ep.Iface().Address().IP, "addServiceInfoToCluster"); err != nil { + return err + } + } + buf, err := proto.Marshal(&EndpointRecord{ Name: name, ServiceName: ep.svcName, @@ -634,10 +659,12 @@ func (ep *endpoint) addServiceInfoToCluster() error { } } + logrus.Debugf("addServiceInfoToCluster END for %s %s", ep.svcName, ep.ID()) + return nil } -func (ep *endpoint) deleteServiceInfoFromCluster() error { +func (ep *endpoint) deleteServiceInfoFromCluster(sb *sandbox, method string) error { if ep.isAnonymous() && len(ep.myAliases) == 0 { return nil } @@ -647,17 +674,33 @@ func (ep *endpoint) deleteServiceInfoFromCluster() error { return nil } + sb.Service.Lock() + defer sb.Service.Unlock() + logrus.Debugf("deleteServiceInfoFromCluster from %s START for %s %s", method, ep.svcName, ep.ID()) + c := n.getController() agent := c.getAgent() - if ep.svcID != "" && ep.Iface().Address() != nil { - var ingressPorts []*PortConfig - if n.ingress { - ingressPorts = ep.ingressPorts - } + name := ep.Name() + if ep.isAnonymous() { + name = ep.MyAliases()[0] + } - if err := c.rmServiceBinding(ep.svcName, ep.svcID, n.ID(), ep.ID(), ep.virtualIP, ingressPorts, ep.svcAliases, ep.Iface().Address().IP); err != nil { - return err + if ep.Iface().Address() != nil { + if ep.svcID != "" { + // This is a task part of a service + var ingressPorts []*PortConfig + if n.ingress { + ingressPorts = ep.ingressPorts + } + if err := c.rmServiceBinding(ep.svcName, ep.svcID, n.ID(), ep.ID(), name, ep.virtualIP, ingressPorts, ep.svcAliases, ep.myAliases, ep.Iface().Address().IP, "deleteServiceInfoFromCluster"); err != nil { + return err + } + } else { + // This is a container simply attached to an attachable network + if err := c.delContainerNameResolution(n.ID(), ep.ID(), name, ep.myAliases, ep.Iface().Address().IP, "deleteServiceInfoFromCluster"); err != nil { + return err + } } } @@ -667,6 +710,8 @@ func (ep *endpoint) deleteServiceInfoFromCluster() error { } } + logrus.Debugf("deleteServiceInfoFromCluster from %s END for %s %s", method, ep.svcName, ep.ID()) + return nil } @@ -814,58 +859,56 @@ func (c *controller) handleEpTableEvent(ev events.Event) { value = event.Value case networkdb.UpdateEvent: logrus.Errorf("Unexpected update service table event = %#v", event) - } - - nw, err := c.NetworkByID(nid) - if err != nil { - logrus.Errorf("Could not find network %s while handling service table event: %v", nid, err) return } - n := nw.(*network) - err = proto.Unmarshal(value, &epRec) + err := proto.Unmarshal(value, &epRec) if err != nil { logrus.Errorf("Failed to unmarshal service table value: %v", err) return } - name := epRec.Name + containerName := epRec.Name svcName := epRec.ServiceName svcID := epRec.ServiceID vip := net.ParseIP(epRec.VirtualIP) ip := net.ParseIP(epRec.EndpointIP) ingressPorts := epRec.IngressPorts - aliases := epRec.Aliases - taskaliases := epRec.TaskAliases + serviceAliases := epRec.Aliases + taskAliases := epRec.TaskAliases - if name == "" || ip == nil { + if containerName == "" || ip == nil { logrus.Errorf("Invalid endpoint name/ip received while handling service table event %s", value) return } if isAdd { + logrus.Debugf("handleEpTableEvent ADD %s R:%v", isAdd, eid, epRec) if svcID != "" { - if err := c.addServiceBinding(svcName, svcID, nid, eid, vip, ingressPorts, aliases, ip); err != nil { - logrus.Errorf("Failed adding service binding for value %s: %v", value, err) + // This is a remote task part of a service + if err := c.addServiceBinding(svcName, svcID, nid, eid, containerName, vip, ingressPorts, serviceAliases, taskAliases, ip, "handleEpTableEvent"); err != nil { + logrus.Errorf("failed adding service binding for %s epRec:%v err:%s", eid, epRec, err) return } - } - - n.addSvcRecords(name, ip, nil, true) - for _, alias := range taskaliases { - n.addSvcRecords(alias, ip, nil, true) + } else { + // This is a remote container simply attached to an attachable network + if err := c.addContainerNameResolution(nid, eid, containerName, taskAliases, ip, "handleEpTableEvent"); err != nil { + logrus.Errorf("failed adding service binding for %s epRec:%v err:%s", eid, epRec, err) + } } } else { + logrus.Debugf("handleEpTableEvent DEL %s R:%v", isAdd, eid, epRec) if svcID != "" { - if err := c.rmServiceBinding(svcName, svcID, nid, eid, vip, ingressPorts, aliases, ip); err != nil { - logrus.Errorf("Failed adding service binding for value %s: %v", value, err) + // This is a remote task part of a service + if err := c.rmServiceBinding(svcName, svcID, nid, eid, containerName, vip, ingressPorts, serviceAliases, taskAliases, ip, "handleEpTableEvent"); err != nil { + logrus.Errorf("failed removing service binding for %s epRec:%v err:%s", eid, epRec, err) return } - } - - n.deleteSvcRecords(name, ip, nil, true) - for _, alias := range taskaliases { - n.deleteSvcRecords(alias, ip, nil, true) + } else { + // This is a remote container simply attached to an attachable network + if err := c.delContainerNameResolution(nid, eid, containerName, taskAliases, ip, "handleEpTableEvent"); err != nil { + logrus.Errorf("failed adding service binding for %s epRec:%v err:%s", eid, epRec, err) + } } } } diff --git a/components/engine/vendor/github.com/docker/libnetwork/agent.proto b/components/engine/vendor/github.com/docker/libnetwork/agent.proto index 0b7708e32b..54c71c0e2a 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/agent.proto +++ b/components/engine/vendor/github.com/docker/libnetwork/agent.proto @@ -14,7 +14,7 @@ option (gogoproto.goproto_stringer_all) = false; // EndpointRecord specifies all the endpoint specific information that // needs to gossiped to nodes participating in the network. message EndpointRecord { - // Name of the endpoint + // Name of the container string name = 1; // Service name of the service to which this endpoint belongs. diff --git a/components/engine/vendor/github.com/docker/libnetwork/common/setmatrix.go b/components/engine/vendor/github.com/docker/libnetwork/common/setmatrix.go new file mode 100644 index 0000000000..0fdb542be4 --- /dev/null +++ b/components/engine/vendor/github.com/docker/libnetwork/common/setmatrix.go @@ -0,0 +1,123 @@ +package common + +import ( + "sync" + + mapset "github.com/deckarep/golang-set" +) + +// SetMatrix is a map of Sets +type SetMatrix interface { + // Get returns the members of the set for a specific key as a slice. + Get(key string) ([]interface{}, bool) + // Contains is used to verify is an element is in a set for a specific key + // returns true if the element is in the set + // returns true if there is a set for the key + Contains(key string, value interface{}) (bool, bool) + // Insert inserts the mapping between the IP and the endpoint identifier + // returns true if the mapping was not present, false otherwise + // returns also the number of endpoints associated to the IP + Insert(key string, value interface{}) (bool, int) + // Remove removes the mapping between the IP and the endpoint identifier + // returns true if the mapping was deleted, false otherwise + // returns also the number of endpoints associated to the IP + Remove(key string, value interface{}) (bool, int) + // Cardinality returns the number of elements in the set of a specfic key + // returns false if the key is not in the map + Cardinality(key string) (int, bool) + // String returns the string version of the set, empty otherwise + // returns false if the key is not in the map + String(key string) (string, bool) +} + +type setMatrix struct { + matrix map[string]mapset.Set + + sync.Mutex +} + +// NewSetMatrix creates a new set matrix object +func NewSetMatrix() SetMatrix { + s := &setMatrix{} + s.init() + return s +} + +func (s *setMatrix) init() { + s.matrix = make(map[string]mapset.Set) +} + +func (s *setMatrix) Get(key string) ([]interface{}, bool) { + s.Lock() + defer s.Unlock() + set, ok := s.matrix[key] + if !ok { + return nil, ok + } + return set.ToSlice(), ok +} + +func (s *setMatrix) Contains(key string, value interface{}) (bool, bool) { + s.Lock() + defer s.Unlock() + set, ok := s.matrix[key] + if !ok { + return false, ok + } + return set.Contains(value), ok +} + +func (s *setMatrix) Insert(key string, value interface{}) (bool, int) { + s.Lock() + defer s.Unlock() + set, ok := s.matrix[key] + if !ok { + s.matrix[key] = mapset.NewSet() + s.matrix[key].Add(value) + return true, 1 + } + + return set.Add(value), set.Cardinality() +} + +func (s *setMatrix) Remove(key string, value interface{}) (bool, int) { + s.Lock() + defer s.Unlock() + set, ok := s.matrix[key] + if !ok { + return false, 0 + } + + var removed bool + if set.Contains(value) { + set.Remove(value) + removed = true + // If the set is empty remove it from the matrix + if set.Cardinality() == 0 { + delete(s.matrix, key) + } + } + + return removed, set.Cardinality() +} + +func (s *setMatrix) Cardinality(key string) (int, bool) { + s.Lock() + defer s.Unlock() + set, ok := s.matrix[key] + if !ok { + return 0, ok + } + + return set.Cardinality(), ok +} + +func (s *setMatrix) String(key string) (string, bool) { + s.Lock() + defer s.Unlock() + set, ok := s.matrix[key] + if !ok { + return "", ok + } + return set.String(), ok +} diff --git a/components/engine/vendor/github.com/docker/libnetwork/endpoint.go b/components/engine/vendor/github.com/docker/libnetwork/endpoint.go index e607eddaf2..111b747352 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/endpoint.go +++ b/components/engine/vendor/github.com/docker/libnetwork/endpoint.go @@ -597,8 +597,14 @@ func (ep *endpoint) rename(name string) error { c := n.getController() + sb, ok := ep.getSandbox() + if !ok { + logrus.Warnf("rename for %s aborted, sandbox %s is not anymore present", ep.ID(), ep.sandboxID) + return nil + } + if c.isAgent() { - if err = ep.deleteServiceInfoFromCluster(); err != nil { + if err = ep.deleteServiceInfoFromCluster(sb, "rename"); err != nil { return types.InternalErrorf("Could not delete service state for endpoint %s from cluster on rename: %v", ep.Name(), err) } } else { @@ -617,15 +623,15 @@ func (ep *endpoint) rename(name string) error { ep.anonymous = false if c.isAgent() { - if err = ep.addServiceInfoToCluster(); err != nil { + if err = ep.addServiceInfoToCluster(sb); err != nil { return types.InternalErrorf("Could not add service state for endpoint %s to cluster on rename: %v", ep.Name(), err) } defer func() { if err != nil { - ep.deleteServiceInfoFromCluster() + ep.deleteServiceInfoFromCluster(sb, "rename") ep.name = oldName ep.anonymous = oldAnonymous - ep.addServiceInfoToCluster() + ep.addServiceInfoToCluster(sb) } }() } else { @@ -746,7 +752,7 @@ func (ep *endpoint) sbLeave(sb *sandbox, force bool, options ...EndpointOption) return err } - if e := ep.deleteServiceInfoFromCluster(); e != nil { + if e := ep.deleteServiceInfoFromCluster(sb, "sbLeave"); e != nil { logrus.Errorf("Could not delete service state for endpoint %s from cluster: %v", ep.Name(), e) } diff --git a/components/engine/vendor/github.com/docker/libnetwork/network.go b/components/engine/vendor/github.com/docker/libnetwork/network.go index fa2ab800ae..ed9a61b456 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/network.go +++ b/components/engine/vendor/github.com/docker/libnetwork/network.go @@ -10,6 +10,7 @@ import ( "github.com/Sirupsen/logrus" "github.com/docker/docker/pkg/stringid" + "github.com/docker/libnetwork/common" "github.com/docker/libnetwork/config" "github.com/docker/libnetwork/datastore" "github.com/docker/libnetwork/driverapi" @@ -97,7 +98,7 @@ type ipInfo struct { type svcInfo struct { svcMap map[string][]net.IP svcIPv6Map map[string][]net.IP - ipMap map[string]*ipInfo + ipMap common.SetMatrix service map[string][]servicePorts } @@ -990,6 +991,12 @@ func (n *network) delete(force bool) error { c.cleanupServiceBindings(n.ID()) + // The network had been left, the service discovery can be cleaned up + c.Lock() + logrus.Debugf("network %s delete, clean svcRecords", n.id) + delete(c.svcRecords, n.id) + c.Unlock() + removeFromStore: // deleteFromStore performs an atomic delete operation and the // network.epCnt will help prevent any possible @@ -1227,36 +1234,34 @@ func (n *network) updateSvcRecord(ep *endpoint, localEps []*endpoint, isAdd bool // breaks some apps if ep.isAnonymous() { if len(myAliases) > 0 { - n.addSvcRecords(myAliases[0], iface.Address().IP, ipv6, true) + n.addSvcRecords(ep.ID(), myAliases[0], iface.Address().IP, ipv6, true, "updateSvcRecord") } } else { - n.addSvcRecords(epName, iface.Address().IP, ipv6, true) + n.addSvcRecords(ep.ID(), epName, iface.Address().IP, ipv6, true, "updateSvcRecord") } for _, alias := range myAliases { - n.addSvcRecords(alias, iface.Address().IP, ipv6, false) + n.addSvcRecords(ep.ID(), alias, iface.Address().IP, ipv6, false, "updateSvcRecord") } } else { if ep.isAnonymous() { if len(myAliases) > 0 { - n.deleteSvcRecords(myAliases[0], iface.Address().IP, ipv6, true) + n.deleteSvcRecords(ep.ID(), myAliases[0], iface.Address().IP, ipv6, true, "updateSvcRecord") } } else { - n.deleteSvcRecords(epName, iface.Address().IP, ipv6, true) + n.deleteSvcRecords(ep.ID(), epName, iface.Address().IP, ipv6, true, "updateSvcRecord") } for _, alias := range myAliases { - n.deleteSvcRecords(alias, iface.Address().IP, ipv6, false) + n.deleteSvcRecords(ep.ID(), alias, iface.Address().IP, ipv6, false, "updateSvcRecord") } } } } -func addIPToName(ipMap map[string]*ipInfo, name string, ip net.IP) { +func addIPToName(ipMap common.SetMatrix, name string, ip net.IP) { reverseIP := netutils.ReverseIP(ip.String()) - if _, ok := ipMap[reverseIP]; !ok { - ipMap[reverseIP] = &ipInfo{ - name: name, - } - } + ipMap.Insert(reverseIP, ipInfo{ + name: name, + }) } func addNameToIP(svcMap map[string][]net.IP, name string, epIP net.IP) { @@ -1284,24 +1289,25 @@ func delNameToIP(svcMap map[string][]net.IP, name string, epIP net.IP) { } } -func (n *network) addSvcRecords(name string, epIP net.IP, epIPv6 net.IP, ipMapUpdate bool) { +func (n *network) addSvcRecords(eID, name string, epIP net.IP, epIPv6 net.IP, ipMapUpdate bool, method string) { // Do not add service names for ingress network as this is a // routing only network if n.ingress { return } - logrus.Debugf("(%s).addSvcRecords(%s, %s, %s, %t)", n.ID()[0:7], name, epIP, epIPv6, ipMapUpdate) + logrus.Debugf("%s (%s).addSvcRecords(%s, %s, %s, %t) %s", eID, n.ID()[0:7], name, epIP, epIPv6, ipMapUpdate, method) c := n.getController() c.Lock() defer c.Unlock() + sr, ok := c.svcRecords[n.ID()] if !ok { sr = svcInfo{ svcMap: make(map[string][]net.IP), svcIPv6Map: make(map[string][]net.IP), - ipMap: make(map[string]*ipInfo), + ipMap: common.NewSetMatrix(), } c.svcRecords[n.ID()] = sr } @@ -1319,28 +1325,33 @@ func (n *network) addSvcRecords(name string, epIP net.IP, epIPv6 net.IP, ipMapUp } } -func (n *network) deleteSvcRecords(name string, epIP net.IP, epIPv6 net.IP, ipMapUpdate bool) { +func (n *network) deleteSvcRecords(eID, name string, epIP net.IP, epIPv6 net.IP, ipMapUpdate bool, method string) { // Do not delete service names from ingress network as this is a // routing only network if n.ingress { return } - logrus.Debugf("(%s).deleteSvcRecords(%s, %s, %s, %t)", n.ID()[0:7], name, epIP, epIPv6, ipMapUpdate) + logrus.Debugf("%s (%s).deleteSvcRecords(%s, %s, %s, %t) %s", eID, n.ID()[0:7], name, epIP, epIPv6, ipMapUpdate, method) c := n.getController() c.Lock() defer c.Unlock() + sr, ok := c.svcRecords[n.ID()] if !ok { return } if ipMapUpdate { - delete(sr.ipMap, netutils.ReverseIP(epIP.String())) + sr.ipMap.Remove(netutils.ReverseIP(epIP.String()), ipInfo{ + name: name, + }) if epIPv6 != nil { - delete(sr.ipMap, netutils.ReverseIP(epIPv6.String())) + sr.ipMap.Remove(netutils.ReverseIP(epIPv6.String()), ipInfo{ + name: name, + }) } } @@ -1868,9 +1879,11 @@ func (n *network) HandleQueryResp(name string, ip net.IP) { } ipStr := netutils.ReverseIP(ip.String()) - - if ipInfo, ok := sr.ipMap[ipStr]; ok { - ipInfo.extResolver = true + // If an object with extResolver == true is already in the set this call will fail + // but anyway it means that has already been inserted before + if ok, _ := sr.ipMap.Contains(ipStr, ipInfo{name: name}); ok { + sr.ipMap.Remove(ipStr, ipInfo{name: name}) + sr.ipMap.Insert(ipStr, ipInfo{name: name, extResolver: true}) } } @@ -1886,13 +1899,27 @@ func (n *network) ResolveIP(ip string) string { nwName := n.Name() - ipInfo, ok := sr.ipMap[ip] - - if !ok || ipInfo.extResolver { + elemSet, ok := sr.ipMap.Get(ip) + if !ok || len(elemSet) == 0 { + return "" + } + // NOTE it is possible to have more than one element in the Set, this will happen + // because of interleave of diffent events from differnt sources (local container create vs + // network db notifications) + // In such cases the resolution will be based on the first element of the set, and can vary + // during the system stabilitation + elem, ok := elemSet[0].(ipInfo) + if !ok { + setStr, b := sr.ipMap.String(ip) + logrus.Errorf("expected set of ipInfo type for key %s set:%t %s", ip, b, setStr) return "" } - return ipInfo.name + "." + nwName + if elem.extResolver { + return "" + } + + return elem.name + "." + nwName } func (n *network) ResolveService(name string) ([]*net.SRV, []net.IP) { diff --git a/components/engine/vendor/github.com/docker/libnetwork/networkdb/networkdb.go b/components/engine/vendor/github.com/docker/libnetwork/networkdb/networkdb.go index ecb2d714a4..b93a90d019 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/networkdb/networkdb.go +++ b/components/engine/vendor/github.com/docker/libnetwork/networkdb/networkdb.go @@ -285,7 +285,6 @@ func (nDB *NetworkDB) CreateEntry(tname, nid, key string, value []byte) error { nDB.indexes[byNetwork].Insert(fmt.Sprintf("/%s/%s/%s", nid, tname, key), entry) nDB.Unlock() - nDB.broadcaster.Write(makeEvent(opCreate, tname, nid, key, value)) return nil } @@ -313,7 +312,6 @@ func (nDB *NetworkDB) UpdateEntry(tname, nid, key string, value []byte) error { nDB.indexes[byNetwork].Insert(fmt.Sprintf("/%s/%s/%s", nid, tname, key), entry) nDB.Unlock() - nDB.broadcaster.Write(makeEvent(opUpdate, tname, nid, key, value)) return nil } @@ -359,7 +357,6 @@ func (nDB *NetworkDB) DeleteEntry(tname, nid, key string) error { nDB.indexes[byNetwork].Insert(fmt.Sprintf("/%s/%s/%s", nid, tname, key), entry) nDB.Unlock() - nDB.broadcaster.Write(makeEvent(opDelete, tname, nid, key, value)) return nil } diff --git a/components/engine/vendor/github.com/docker/libnetwork/sandbox.go b/components/engine/vendor/github.com/docker/libnetwork/sandbox.go index c820cc04e9..472dbeafe7 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/sandbox.go +++ b/components/engine/vendor/github.com/docker/libnetwork/sandbox.go @@ -86,6 +86,9 @@ type sandbox struct { ingress bool ndotsSet bool sync.Mutex + // This mutex is used to serialize service related operation for an endpoint + // The lock is here because the endpoint is saved into the store so is not unique + Service sync.Mutex } // These are the container configs used to customize container /etc/hosts file. @@ -668,26 +671,25 @@ func (sb *sandbox) SetKey(basePath string) error { } func (sb *sandbox) EnableService() error { + logrus.Debugf("EnableService %s START", sb.containerID) for _, ep := range sb.getConnectedEndpoints() { if ep.enableService(true) { - if err := ep.addServiceInfoToCluster(); err != nil { + if err := ep.addServiceInfoToCluster(sb); err != nil { ep.enableService(false) return fmt.Errorf("could not update state for endpoint %s into cluster: %v", ep.Name(), err) } } } + logrus.Debugf("EnableService %s DONE", sb.containerID) return nil } func (sb *sandbox) DisableService() error { + logrus.Debugf("DisableService %s START", sb.containerID) for _, ep := range sb.getConnectedEndpoints() { - if ep.enableService(false) { - if err := ep.deleteServiceInfoFromCluster(); err != nil { - ep.enableService(true) - return fmt.Errorf("could not delete state for endpoint %s from cluster: %v", ep.Name(), err) - } - } + ep.enableService(false) } + logrus.Debugf("DisableService %s DONE", sb.containerID) return nil } diff --git a/components/engine/vendor/github.com/docker/libnetwork/service.go b/components/engine/vendor/github.com/docker/libnetwork/service.go index a957026b2f..c890e01a39 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/service.go +++ b/components/engine/vendor/github.com/docker/libnetwork/service.go @@ -4,6 +4,8 @@ import ( "fmt" "net" "sync" + + "github.com/docker/libnetwork/common" ) var ( @@ -48,17 +50,49 @@ type service struct { // Service aliases aliases []string + // This maps tracks for each IP address the list of endpoints ID + // associated with it. At stable state the endpoint ID expected is 1 + // but during transition and service change it is possible to have + // temporary more than 1 + ipToEndpoint common.SetMatrix + + deleted bool + sync.Mutex } +// assignIPToEndpoint inserts the mapping between the IP and the endpoint identifier +// returns true if the mapping was not present, false otherwise +// returns also the number of endpoints associated to the IP +func (s *service) assignIPToEndpoint(ip, eID string) (bool, int) { + return s.ipToEndpoint.Insert(ip, eID) +} + +// removeIPToEndpoint removes the mapping between the IP and the endpoint identifier +// returns true if the mapping was deleted, false otherwise +// returns also the number of endpoints associated to the IP +func (s *service) removeIPToEndpoint(ip, eID string) (bool, int) { + return s.ipToEndpoint.Remove(ip, eID) +} + +func (s *service) printIPToEndpoint(ip string) (string, bool) { + return s.ipToEndpoint.String(ip) +} + type loadBalancer struct { vip net.IP fwMark uint32 // Map of backend IPs backing this loadbalancer on this // network. It is keyed with endpoint ID. - backEnds map[string]net.IP + backEnds map[string]loadBalancerBackend // Back pointer to service to which the loadbalancer belongs. service *service } + +type loadBalancerBackend struct { + ip net.IP + containerName string + taskAliases []string +} diff --git a/components/engine/vendor/github.com/docker/libnetwork/service_common.go b/components/engine/vendor/github.com/docker/libnetwork/service_common.go index 049d308423..e57ce1498b 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/service_common.go +++ b/components/engine/vendor/github.com/docker/libnetwork/service_common.go @@ -6,15 +6,126 @@ import ( "net" "github.com/Sirupsen/logrus" + "github.com/docker/libnetwork/common" ) -func newService(name string, id string, ingressPorts []*PortConfig, aliases []string) *service { +func (c *controller) addEndpointNameResolution(svcName, svcID, nID, eID, containerName string, vip net.IP, serviceAliases, taskAliases []string, ip net.IP, addService bool, method string) error { + n, err := c.NetworkByID(nID) + if err != nil { + return err + } + + logrus.Debugf("addEndpointNameResolution %s %s add_service:%t", eID, svcName, addService) + + // Add container resolution mappings + c.addContainerNameResolution(nID, eID, containerName, taskAliases, ip, method) + + // Add endpoint IP to special "tasks.svc_name" so that the applications have access to DNS RR. + n.(*network).addSvcRecords(eID, "tasks."+svcName, ip, nil, false, method) + for _, alias := range serviceAliases { + n.(*network).addSvcRecords(eID, "tasks."+alias, ip, nil, false, method) + } + + // Add service name to vip in DNS, if vip is valid. Otherwise resort to DNS RR + if len(vip) == 0 { + n.(*network).addSvcRecords(eID, svcName, ip, nil, false, method) + for _, alias := range serviceAliases { + n.(*network).addSvcRecords(eID, alias, ip, nil, false, method) + } + } + + if addService && len(vip) != 0 { + n.(*network).addSvcRecords(eID, svcName, vip, nil, false, method) + for _, alias := range serviceAliases { + n.(*network).addSvcRecords(eID, alias, vip, nil, false, method) + } + } + + return nil +} + +func (c *controller) addContainerNameResolution(nID, eID, containerName string, taskAliases []string, ip net.IP, method string) error { + n, err := c.NetworkByID(nID) + if err != nil { + return err + } + logrus.Debugf("addContainerNameResolution %s %s", eID, containerName) + + // Add resolution for container name + n.(*network).addSvcRecords(eID, containerName, ip, nil, true, method) + + // Add resolution for taskaliases + for _, alias := range taskAliases { + n.(*network).addSvcRecords(eID, alias, ip, nil, true, method) + } + + return nil +} + +func (c *controller) deleteEndpointNameResolution(svcName, svcID, nID, eID, containerName string, vip net.IP, serviceAliases, taskAliases []string, ip net.IP, rmService, multipleEntries bool, method string) error { + n, err := c.NetworkByID(nID) + if err != nil { + return err + } + + logrus.Debugf("deleteEndpointNameResolution %s %s rm_service:%t suppress:%t", eID, svcName, rmService, multipleEntries) + + // Delete container resolution mappings + c.delContainerNameResolution(nID, eID, containerName, taskAliases, ip, method) + + // Delete the special "tasks.svc_name" backend record. + if !multipleEntries { + n.(*network).deleteSvcRecords(eID, "tasks."+svcName, ip, nil, false, method) + for _, alias := range serviceAliases { + n.(*network).deleteSvcRecords(eID, "tasks."+alias, ip, nil, false, method) + } + } + + // If we are doing DNS RR delete the endpoint IP from DNS record right away. + if !multipleEntries && len(vip) == 0 { + n.(*network).deleteSvcRecords(eID, svcName, ip, nil, false, method) + for _, alias := range serviceAliases { + n.(*network).deleteSvcRecords(eID, alias, ip, nil, false, method) + } + } + + // Remove the DNS record for VIP only if we are removing the service + if rmService && len(vip) != 0 && !multipleEntries { + n.(*network).deleteSvcRecords(eID, svcName, vip, nil, false, method) + for _, alias := range serviceAliases { + n.(*network).deleteSvcRecords(eID, alias, vip, nil, false, method) + } + } + + return nil +} + +func (c *controller) delContainerNameResolution(nID, eID, containerName string, taskAliases []string, ip net.IP, method string) error { + n, err := c.NetworkByID(nID) + if err != nil { + return err + } + logrus.Debugf("delContainerNameResolution %s %s", eID, containerName) + + // Delete resolution for container name + n.(*network).deleteSvcRecords(eID, containerName, ip, nil, true, method) + + // Delete resolution for taskaliases + for _, alias := range taskAliases { + n.(*network).deleteSvcRecords(eID, alias, ip, nil, true, method) + } + + return nil +} + +func newService(name string, id string, ingressPorts []*PortConfig, serviceAliases []string) *service { return &service{ name: name, id: id, ingressPorts: ingressPorts, loadBalancers: make(map[string]*loadBalancer), - aliases: aliases, + aliases: serviceAliases, + ipToEndpoint: common.NewSetMatrix(), } } @@ -50,21 +161,26 @@ func (c *controller) cleanupServiceBindings(cleanupNID string) { for _, s := range services { s.Lock() + // Skip the serviceBindings that got deleted + if s.deleted { + s.Unlock() + continue + } for nid, lb := range s.loadBalancers { if cleanupNID != "" && nid != cleanupNID { continue } - for eid, ip := range lb.backEnds { + for eid, be := range lb.backEnds { service := s loadBalancer := lb networkID := nid epID := eid - epIP := ip + epIP := be.ip cleanupFuncs = append(cleanupFuncs, func() { - if err := c.rmServiceBinding(service.name, service.id, networkID, epID, loadBalancer.vip, - service.ingressPorts, service.aliases, epIP); err != nil { + if err := c.rmServiceBinding(service.name, service.id, networkID, epID, be.containerName, loadBalancer.vip, + service.ingressPorts, service.aliases, be.taskAliases, epIP, "cleanupServiceBindings"); err != nil { logrus.Errorf("Failed to remove service bindings for service %s network %s endpoint %s while cleanup: %v", service.id, networkID, epID, err) } @@ -80,67 +196,72 @@ func (c *controller) cleanupServiceBindings(cleanupNID string) { } -func (c *controller) addServiceBinding(name, sid, nid, eid string, vip net.IP, ingressPorts []*PortConfig, aliases []string, ip net.IP) error { - n, err := c.NetworkByID(nid) +func (c *controller) addServiceBinding(svcName, svcID, nID, eID, containerName string, vip net.IP, ingressPorts []*PortConfig, serviceAliases, taskAliases []string, ip net.IP, method string) error { + var addService bool + + n, err := c.NetworkByID(nID) if err != nil { return err } skey := serviceKey{ - id: sid, + id: svcID, ports: portConfigs(ingressPorts).String(), } - c.Lock() - s, ok := c.serviceBindings[skey] - if !ok { - // Create a new service if we are seeing this service - // for the first time. - s = newService(name, sid, ingressPorts, aliases) - c.serviceBindings[skey] = s + var s *service + for { + c.Lock() + var ok bool + s, ok = c.serviceBindings[skey] + if !ok { + // Create a new service if we are seeing this service + // for the first time. + s = newService(svcName, svcID, ingressPorts, serviceAliases) + c.serviceBindings[skey] = s + } + c.Unlock() + s.Lock() + if !s.deleted { + // ok the object is good to be used + break + } + s.Unlock() } - c.Unlock() + logrus.Debugf("addServiceBinding from %s START for %s %s", method, svcName, eID) - // Add endpoint IP to special "tasks.svc_name" so that the - // applications have access to DNS RR. - n.(*network).addSvcRecords("tasks."+name, ip, nil, false) - for _, alias := range aliases { - n.(*network).addSvcRecords("tasks."+alias, ip, nil, false) - } - - // Add service name to vip in DNS, if vip is valid. Otherwise resort to DNS RR - svcIP := vip - if len(svcIP) == 0 { - svcIP = ip - } - n.(*network).addSvcRecords(name, svcIP, nil, false) - for _, alias := range aliases { - n.(*network).addSvcRecords(alias, svcIP, nil, false) - } - - s.Lock() defer s.Unlock() - lb, ok := s.loadBalancers[nid] + lb, ok := s.loadBalancers[nID] if !ok { // Create a new load balancer if we are seeing this // network attachment on the service for the first // time. + fwMarkCtrMu.Lock() + lb = &loadBalancer{ vip: vip, fwMark: fwMarkCtr, - backEnds: make(map[string]net.IP), + backEnds: make(map[string]loadBalancerBackend), service: s, } - fwMarkCtrMu.Lock() fwMarkCtr++ fwMarkCtrMu.Unlock() - s.loadBalancers[nid] = lb + s.loadBalancers[nID] = lb + addService = true } - lb.backEnds[eid] = ip + lb.backEnds[eID] = loadBalancerBackend{ip: ip, + containerName: containerName, + taskAliases: taskAliases} + + ok, entries := s.assignIPToEndpoint(ip.String(), eID) + if !ok || entries > 1 { + setStr, b := s.printIPToEndpoint(ip.String()) + logrus.Warnf("addServiceBinding %s possible trainsient state ok:%t entries:%d set:%t %s", eID, ok, entries, b, setStr) + } // Add loadbalancer service and backend in all sandboxes in // the network only if vip is valid. @@ -148,89 +269,87 @@ func (c *controller) addServiceBinding(name, sid, nid, eid string, vip net.IP, i n.(*network).addLBBackend(ip, vip, lb.fwMark, ingressPorts) } + // Add the appropriate name resolutions + c.addEndpointNameResolution(svcName, svcID, nID, eID, containerName, vip, serviceAliases, taskAliases, ip, addService, "addServiceBinding") + + logrus.Debugf("addServiceBinding from %s END for %s %s", method, svcName, eID) + return nil } -func (c *controller) rmServiceBinding(name, sid, nid, eid string, vip net.IP, ingressPorts []*PortConfig, aliases []string, ip net.IP) error { +func (c *controller) rmServiceBinding(svcName, svcID, nID, eID, containerName string, vip net.IP, ingressPorts []*PortConfig, serviceAliases []string, taskAliases []string, ip net.IP, method string) error { + var rmService bool - n, err := c.NetworkByID(nid) + n, err := c.NetworkByID(nID) if err != nil { return err } skey := serviceKey{ - id: sid, + id: svcID, ports: portConfigs(ingressPorts).String(), } c.Lock() s, ok := c.serviceBindings[skey] c.Unlock() + logrus.Debugf("rmServiceBinding from %s START for %s %s", method, svcName, eID) if !ok { + logrus.Warnf("rmServiceBinding %s %s %s aborted c.serviceBindings[skey] !ok", method, svcName, eID) return nil } s.Lock() - lb, ok := s.loadBalancers[nid] + defer s.Unlock() + lb, ok := s.loadBalancers[nID] if !ok { - s.Unlock() + logrus.Warnf("rmServiceBinding %s %s %s aborted s.loadBalancers[nid] !ok", method, svcName, eID) return nil } - _, ok = lb.backEnds[eid] + _, ok = lb.backEnds[eID] if !ok { - s.Unlock() + logrus.Warnf("rmServiceBinding %s %s %s aborted lb.backEnds[eid] !ok", method, svcName, eID) return nil } - delete(lb.backEnds, eid) + delete(lb.backEnds, eID) if len(lb.backEnds) == 0 { // All the backends for this service have been // removed. Time to remove the load balancer and also // remove the service entry in IPVS. rmService = true - delete(s.loadBalancers, nid) + delete(s.loadBalancers, nID) } if len(s.loadBalancers) == 0 { // All loadbalancers for the service removed. Time to // remove the service itself. c.Lock() + + // Mark the object as deleted so that the add won't use it wrongly + s.deleted = true delete(c.serviceBindings, skey) c.Unlock() } + ok, entries := s.removeIPToEndpoint(ip.String(), eID) + if !ok || entries > 0 { + setStr, b := s.printIPToEndpoint(ip.String()) + logrus.Warnf("rmServiceBinding %s possible trainsient state ok:%t entries:%d set:%t %s", eID, ok, entries, b, setStr) + } + // Remove loadbalancer service(if needed) and backend in all // sandboxes in the network only if the vip is valid. - if len(vip) != 0 { + if len(vip) != 0 && entries == 0 { n.(*network).rmLBBackend(ip, vip, lb.fwMark, ingressPorts, rmService) } - s.Unlock() - // Delete the special "tasks.svc_name" backend record. - n.(*network).deleteSvcRecords("tasks."+name, ip, nil, false) - for _, alias := range aliases { - n.(*network).deleteSvcRecords("tasks."+alias, ip, nil, false) - } - - // If we are doing DNS RR add the endpoint IP to DNS record - // right away. - if len(vip) == 0 { - n.(*network).deleteSvcRecords(name, ip, nil, false) - for _, alias := range aliases { - n.(*network).deleteSvcRecords(alias, ip, nil, false) - } - } - - // Remove the DNS record for VIP only if we are removing the service - if rmService && len(vip) != 0 { - n.(*network).deleteSvcRecords(name, vip, nil, false) - for _, alias := range aliases { - n.(*network).deleteSvcRecords(alias, vip, nil, false) - } - } + // Delete the name resolutions + c.deleteEndpointNameResolution(svcName, svcID, nID, eID, containerName, vip, serviceAliases, taskAliases, ip, rmService, entries > 0, "rmServiceBinding") + logrus.Debugf("rmServiceBinding from %s END for %s %s", method, svcName, eID) return nil } diff --git a/components/engine/vendor/github.com/docker/libnetwork/service_linux.go b/components/engine/vendor/github.com/docker/libnetwork/service_linux.go index 2bcb6de5eb..70af7e33bc 100644 --- a/components/engine/vendor/github.com/docker/libnetwork/service_linux.go +++ b/components/engine/vendor/github.com/docker/libnetwork/service_linux.go @@ -44,6 +44,11 @@ func (n *network) connectedLoadbalancers() []*loadBalancer { var lbs []*loadBalancer for _, s := range serviceBindings { s.Lock() + // Skip the serviceBindings that got deleted + if s.deleted { + s.Unlock() + continue + } if lb, ok := s.loadBalancers[n.ID()]; ok { lbs = append(lbs, lb) } @@ -97,8 +102,8 @@ func (sb *sandbox) populateLoadbalancers(ep *endpoint) { } lb.service.Lock() - for _, ip := range lb.backEnds { - sb.addLBBackend(ip, lb.vip, lb.fwMark, lb.service.ingressPorts, eIP, gwIP, n.ingress) + for _, l := range lb.backEnds { + sb.addLBBackend(l.ip, lb.vip, lb.fwMark, lb.service.ingressPorts, eIP, gwIP, n.ingress) } lb.service.Unlock() } From af2183c2c4baea8520bb59b2cbd353d0673918a9 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 11 Jun 2017 14:39:28 +0200 Subject: [PATCH 088/191] Disable legacy (v1) registries by default Deprecation of interacting with v1 registries was started in docker 1.8.3, which added a `--disable-legacy-registry` flag. This option was anounced to be the default starting with docker 17.06, and v1 registries completely removed in docker 17.12. This patch updates the default, and disables interaction with v1 registres by default. Signed-off-by: Sebastiaan van Stijn Upstream-commit: 128280013f2ad90520c97b47a787be0db883e870 Component: engine --- components/engine/cmd/dockerd/daemon.go | 6 +++++- .../engine/cmd/dockerd/daemon_unix_test.go | 4 ++-- .../integration-cli/docker_cli_logout_test.go | 20 +++++++++++++------ .../integration-cli/docker_cli_pull_test.go | 5 ++++- .../docker_cli_registry_user_agent_test.go | 3 +-- .../docker_cli_v2_only_test.go | 6 +++--- components/engine/registry/config_unix.go | 2 +- 7 files changed, 30 insertions(+), 16 deletions(-) diff --git a/components/engine/cmd/dockerd/daemon.go b/components/engine/cmd/dockerd/daemon.go index 428a877dc9..ec2f477c48 100644 --- a/components/engine/cmd/dockerd/daemon.go +++ b/components/engine/cmd/dockerd/daemon.go @@ -406,8 +406,12 @@ func loadDaemonCliConfig(opts *daemonOptions) (*config.Config, error) { return nil, err } + if conf.V2Only == false { + logrus.Warnf(`The "disable-legacy-registry" option is deprecated and wil be removed in Docker v17.12. Interacting with legacy (v1) registries will no longer be supported in Docker v17.12"`) + } + if flags.Changed("graph") { - logrus.Warnf(`the "-g / --graph" flag is deprecated. Please use "--data-root" instead`) + logrus.Warnf(`The "-g / --graph" flag is deprecated. Please use "--data-root" instead`) } // Labels of the docker engine used to allow multiple values associated with the same key. diff --git a/components/engine/cmd/dockerd/daemon_unix_test.go b/components/engine/cmd/dockerd/daemon_unix_test.go index 18761493d0..ebe73362f8 100644 --- a/components/engine/cmd/dockerd/daemon_unix_test.go +++ b/components/engine/cmd/dockerd/daemon_unix_test.go @@ -102,7 +102,7 @@ func TestLoadDaemonConfigWithTrueDefaultValuesLeaveDefaults(t *testing.T) { } func TestLoadDaemonConfigWithLegacyRegistryOptions(t *testing.T) { - content := `{"disable-legacy-registry": true}` + content := `{"disable-legacy-registry": false}` tempFile := tempfile.NewTempFile(t, "config", content) defer tempFile.Remove() @@ -110,5 +110,5 @@ func TestLoadDaemonConfigWithLegacyRegistryOptions(t *testing.T) { loadedConfig, err := loadDaemonCliConfig(opts) require.NoError(t, err) require.NotNil(t, loadedConfig) - assert.True(t, loadedConfig.V2Only) + assert.False(t, loadedConfig.V2Only) } diff --git a/components/engine/integration-cli/docker_cli_logout_test.go b/components/engine/integration-cli/docker_cli_logout_test.go index 49ee1f7866..5076ceba09 100644 --- a/components/engine/integration-cli/docker_cli_logout_test.go +++ b/components/engine/integration-cli/docker_cli_logout_test.go @@ -13,6 +13,10 @@ import ( ) func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithExternalAuth(c *check.C) { + + // @TODO TestLogoutWithExternalAuth expects docker to fall back to a v1 registry, so has to be updated for v17.12, when v1 registries are no longer supported + s.d.StartWithBusybox(c, "--disable-legacy-registry=false") + osPath := os.Getenv("PATH") defer os.Setenv("PATH", osPath) @@ -28,6 +32,7 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithExternalAuth(c *check.C) tmp, err := ioutil.TempDir("", "integration-cli-") c.Assert(err, checker.IsNil) + defer os.RemoveAll(tmp) externalAuthConfig := `{ "credsStore": "shell-test" }` @@ -35,24 +40,27 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithExternalAuth(c *check.C) err = ioutil.WriteFile(configPath, []byte(externalAuthConfig), 0644) c.Assert(err, checker.IsNil) - dockerCmd(c, "--config", tmp, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL) + _, err = s.d.Cmd("--config", tmp, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL) + c.Assert(err, checker.IsNil) b, err := ioutil.ReadFile(configPath) c.Assert(err, checker.IsNil) c.Assert(string(b), checker.Not(checker.Contains), "\"auth\":") c.Assert(string(b), checker.Contains, privateRegistryURL) - dockerCmd(c, "--config", tmp, "tag", "busybox", repoName) - dockerCmd(c, "--config", tmp, "push", repoName) - - dockerCmd(c, "--config", tmp, "logout", privateRegistryURL) + _, err = s.d.Cmd("--config", tmp, "tag", "busybox", repoName) + c.Assert(err, checker.IsNil) + _, err = s.d.Cmd("--config", tmp, "push", repoName) + c.Assert(err, checker.IsNil) + _, err = s.d.Cmd("--config", tmp, "logout", privateRegistryURL) + c.Assert(err, checker.IsNil) b, err = ioutil.ReadFile(configPath) c.Assert(err, checker.IsNil) c.Assert(string(b), checker.Not(checker.Contains), privateRegistryURL) // check I cannot pull anymore - out, _, err := dockerCmdWithError("--config", tmp, "pull", repoName) + out, err := s.d.Cmd("--config", tmp, "pull", repoName) c.Assert(err, check.NotNil, check.Commentf(out)) c.Assert(out, checker.Contains, "Error: image dockercli/busybox:authtest not found") } diff --git a/components/engine/integration-cli/docker_cli_pull_test.go b/components/engine/integration-cli/docker_cli_pull_test.go index 0b1be6cd97..cfd9933bd9 100644 --- a/components/engine/integration-cli/docker_cli_pull_test.go +++ b/components/engine/integration-cli/docker_cli_pull_test.go @@ -258,10 +258,13 @@ func (s *DockerHubPullSuite) TestPullClientDisconnect(c *check.C) { } func (s *DockerRegistryAuthHtpasswdSuite) TestPullNoCredentialsNotFound(c *check.C) { + // @TODO TestPullNoCredentialsNotFound expects docker to fall back to a v1 registry, so has to be updated for v17.12, when v1 registries are no longer supported + s.d.StartWithBusybox(c, "--disable-legacy-registry=false") + // we don't care about the actual image, we just want to see image not found // because that means v2 call returned 401 and we fell back to v1 which usually // gives a 404 (in this case the test registry doesn't handle v1 at all) - out, _, err := dockerCmdWithError("pull", privateRegistryURL+"/busybox") + out, err := s.d.Cmd("pull", privateRegistryURL+"/busybox") c.Assert(err, check.NotNil, check.Commentf(out)) c.Assert(out, checker.Contains, "Error: image busybox:latest not found") } diff --git a/components/engine/integration-cli/docker_cli_registry_user_agent_test.go b/components/engine/integration-cli/docker_cli_registry_user_agent_test.go index 5e1c00aa8a..24aa308ba2 100644 --- a/components/engine/integration-cli/docker_cli_registry_user_agent_test.go +++ b/components/engine/integration-cli/docker_cli_registry_user_agent_test.go @@ -98,8 +98,7 @@ func (s *DockerRegistrySuite) TestUserAgentPassThrough(c *check.C) { "--insecure-registry", buildReg.URL(), "--insecure-registry", pullReg.URL(), "--insecure-registry", pushReg.URL(), - "--insecure-registry", loginReg.URL(), - "--disable-legacy-registry=true") + "--insecure-registry", loginReg.URL()) dockerfileName, cleanup1, err := makefile(fmt.Sprintf("FROM %s", buildRepoName)) c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile")) diff --git a/components/engine/integration-cli/docker_cli_v2_only_test.go b/components/engine/integration-cli/docker_cli_v2_only_test.go index 77974c4ef4..16ec6d42e2 100644 --- a/components/engine/integration-cli/docker_cli_v2_only_test.go +++ b/components/engine/integration-cli/docker_cli_v2_only_test.go @@ -34,7 +34,7 @@ func makefile(contents string) (string, func(), error) { } -// TestV2Only ensures that a daemon in v2-only mode does not +// TestV2Only ensures that a daemon by default does not // attempt to contact any v1 registry endpoints. func (s *DockerRegistrySuite) TestV2Only(c *check.C) { reg, err := registry.NewMock(c) @@ -51,7 +51,7 @@ func (s *DockerRegistrySuite) TestV2Only(c *check.C) { repoName := fmt.Sprintf("%s/busybox", reg.URL()) - s.d.Start(c, "--insecure-registry", reg.URL(), "--disable-legacy-registry=true") + s.d.Start(c, "--insecure-registry", reg.URL()) dockerfileName, cleanup, err := makefile(fmt.Sprintf("FROM %s/busybox", reg.URL())) c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile")) @@ -66,7 +66,7 @@ func (s *DockerRegistrySuite) TestV2Only(c *check.C) { s.d.Cmd("pull", repoName) } -// TestV1 starts a daemon in 'normal' mode +// TestV1 starts a daemon with legacy registries enabled // and ensure v1 endpoints are hit for the following operations: // login, push, pull, build & run func (s *DockerRegistrySuite) TestV1(c *check.C) { diff --git a/components/engine/registry/config_unix.go b/components/engine/registry/config_unix.go index d692e8ef50..fdc39a1d68 100644 --- a/components/engine/registry/config_unix.go +++ b/components/engine/registry/config_unix.go @@ -21,5 +21,5 @@ func cleanPath(s string) string { // installCliPlatformFlags handles any platform specific flags for the service. func (options *ServiceOptions) installCliPlatformFlags(flags *pflag.FlagSet) { - flags.BoolVar(&options.V2Only, "disable-legacy-registry", false, "Disable contacting legacy registries") + flags.BoolVar(&options.V2Only, "disable-legacy-registry", true, "Disable contacting legacy registries") } From cf3b2671293e4204b05a10ac485ac2cc6a34860d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 11 Jun 2017 14:47:23 +0200 Subject: [PATCH 089/191] Update docs, completion scripts for disable-legacy-registry Signed-off-by: Sebastiaan van Stijn Upstream-commit: 2b8f0eef7338f37104464154ba65aef7db3b9703 Component: engine --- components/engine/contrib/completion/zsh/_docker | 2 +- components/engine/docs/deprecated.md | 2 +- .../engine/docs/reference/commandline/dockerd.md | 15 +++++++++++++-- components/engine/man/dockerd.8.md | 2 +- 4 files changed, 16 insertions(+), 5 deletions(-) diff --git a/components/engine/contrib/completion/zsh/_docker b/components/engine/contrib/completion/zsh/_docker index 0860907839..4b0c1e25c7 100644 --- a/components/engine/contrib/completion/zsh/_docker +++ b/components/engine/contrib/completion/zsh/_docker @@ -2620,7 +2620,7 @@ __docker_subcommand() { "($help)--default-gateway-v6[Container default gateway IPv6 address]:IPv6 address: " \ "($help)--default-shm-size=[Default shm size for containers]:size:" \ "($help)*--default-ulimit=[Default ulimits for containers]:ulimit: " \ - "($help)--disable-legacy-registry[Disable contacting legacy registries]" \ + "($help)--disable-legacy-registry[Disable contacting legacy registries (default true)]" \ "($help)*--dns=[DNS server to use]:DNS: " \ "($help)*--dns-opt=[DNS options to use]:DNS option: " \ "($help)*--dns-search=[DNS search domains to use]:DNS search: " \ diff --git a/components/engine/docs/deprecated.md b/components/engine/docs/deprecated.md index e1e7e12645..9905994b73 100644 --- a/components/engine/docs/deprecated.md +++ b/components/engine/docs/deprecated.md @@ -292,7 +292,7 @@ of the `--changes` flag that allows to pass `Dockerfile` commands. **Target For Removal In Release: v17.12** -Version 1.9 adds a flag (`--disable-legacy-registry=false`) which prevents the +Version 1.8.3 added a flag (`--disable-legacy-registry=false`) which prevents the docker daemon from `pull`, `push`, and `login` operations against v1 registries. Though enabled by default, this signals the intent to deprecate the v1 protocol. diff --git a/components/engine/docs/reference/commandline/dockerd.md b/components/engine/docs/reference/commandline/dockerd.md index 93774c841b..ef6bcd3831 100644 --- a/components/engine/docs/reference/commandline/dockerd.md +++ b/components/engine/docs/reference/commandline/dockerd.md @@ -42,7 +42,7 @@ Options: --default-gateway-v6 ip Container default gateway IPv6 address --default-runtime string Default OCI runtime for containers (default "runc") --default-ulimit ulimit Default ulimits for containers (default []) - --disable-legacy-registry Disable contacting legacy registries + --disable-legacy-registry Disable contacting legacy registries (default true) --dns list DNS server to use (default []) --dns-opt list DNS options to use (default []) --dns-search list DNS search domains to use (default []) @@ -901,7 +901,18 @@ system's list of trusted CAs instead of enabling `--insecure-registry`. ##### Legacy Registries -Enabling `--disable-legacy-registry` forces a docker daemon to only interact with registries which support the V2 protocol. Specifically, the daemon will not attempt `push`, `pull` and `login` to v1 registries. The exception to this is `search` which can still be performed on v1 registries. +Operations against registries supporting only the legacy v1 protocol are +disabled by default. Specifically, the daemon will not attempt `push`, +`pull` and `login` to v1 registries. The exception to this is `search` +which can still be performed on v1 registries. + +Add `"disable-legacy-registry":false` to the [daemon configuration +file](#daemon-configuration-file), or set the +`--disable-legacy-registry=false` flag, if you need to interact with +registries that have not yet migrated to the v2 protocol. + +Interaction v1 registries will no longer be supported in Docker v17.12, +and the `disable-legacy-registry` configuration option will be removed. #### Running a Docker daemon behind an HTTPS_PROXY diff --git a/components/engine/man/dockerd.8.md b/components/engine/man/dockerd.8.md index a4e079074f..e9d7e68739 100644 --- a/components/engine/man/dockerd.8.md +++ b/components/engine/man/dockerd.8.md @@ -192,7 +192,7 @@ $ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-ru Default ulimits for containers. **--disable-legacy-registry**=*true*|*false* - Disable contacting legacy registries + Disable contacting legacy registries. Default is `true`. **--dns**="" Force Docker to use specific DNS servers From e253cdd33c18f92066f3798debef8d100dbfa3b8 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 12 Jun 2017 13:25:26 +0200 Subject: [PATCH 090/191] Remove "-e" / "--email" from integration tests This option is no longer supported in docker 17.06, so should not be used. Signed-off-by: Sebastiaan van Stijn Upstream-commit: a7672b8331b1b96db6390a9356650e67893fbe36 Component: engine --- .../integration-cli/docker_cli_login_test.go | 14 -------------- .../docker_cli_registry_user_agent_test.go | 2 +- .../integration-cli/docker_cli_v2_only_test.go | 2 +- 3 files changed, 2 insertions(+), 16 deletions(-) diff --git a/components/engine/integration-cli/docker_cli_login_test.go b/components/engine/integration-cli/docker_cli_login_test.go index f805035769..94dc03778f 100644 --- a/components/engine/integration-cli/docker_cli_login_test.go +++ b/components/engine/integration-cli/docker_cli_login_test.go @@ -28,17 +28,3 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestLoginToPrivateRegistry(c *check.C) // now it's fine dockerCmd(c, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL) } - -func (s *DockerRegistryAuthHtpasswdSuite) TestLoginToPrivateRegistryDeprecatedEmailFlag(c *check.C) { - // Test to make sure login still works with the deprecated -e and --email flags - // wrong credentials - out, _, err := dockerCmdWithError("login", "-u", s.reg.Username(), "-p", "WRONGPASSWORD", "-e", s.reg.Email(), privateRegistryURL) - c.Assert(err, checker.NotNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "401 Unauthorized") - - // now it's fine - // -e flag - dockerCmd(c, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), "-e", s.reg.Email(), privateRegistryURL) - // --email flag - dockerCmd(c, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), "--email", s.reg.Email(), privateRegistryURL) -} diff --git a/components/engine/integration-cli/docker_cli_registry_user_agent_test.go b/components/engine/integration-cli/docker_cli_registry_user_agent_test.go index 5e1c00aa8a..406fb7c2ee 100644 --- a/components/engine/integration-cli/docker_cli_registry_user_agent_test.go +++ b/components/engine/integration-cli/docker_cli_registry_user_agent_test.go @@ -107,7 +107,7 @@ func (s *DockerRegistrySuite) TestUserAgentPassThrough(c *check.C) { s.d.Cmd("build", "--file", dockerfileName, ".") regexpCheckUA(c, buildUA) - s.d.Cmd("login", "-u", "richard", "-p", "testtest", "-e", "testuser@testdomain.com", loginReg.URL()) + s.d.Cmd("login", "-u", "richard", "-p", "testtest", loginReg.URL()) regexpCheckUA(c, loginUA) s.d.Cmd("pull", pullRepoName) diff --git a/components/engine/integration-cli/docker_cli_v2_only_test.go b/components/engine/integration-cli/docker_cli_v2_only_test.go index 77974c4ef4..348c2e9c27 100644 --- a/components/engine/integration-cli/docker_cli_v2_only_test.go +++ b/components/engine/integration-cli/docker_cli_v2_only_test.go @@ -60,7 +60,7 @@ func (s *DockerRegistrySuite) TestV2Only(c *check.C) { s.d.Cmd("build", "--file", dockerfileName, ".") s.d.Cmd("run", repoName) - s.d.Cmd("login", "-u", "richard", "-p", "testtest", "-e", "testuser@testdomain.com", reg.URL()) + s.d.Cmd("login", "-u", "richard", "-p", "testtest", reg.URL()) s.d.Cmd("tag", "busybox", repoName) s.d.Cmd("push", repoName) s.d.Cmd("pull", repoName) From ad022709e6019689756dbc5fe1e32249acc0565d Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Mon, 12 Jun 2017 09:07:25 -0400 Subject: [PATCH 091/191] Use lazy umount on Put for overlay2 and overlay we see a lot of ``` level=debug msg="Failed to unmount a03b1bb6f569421857e5407d73d89451f92724674caa56bfc2170de7e585a00b-init overlay: device or resource busy" ``` in daemon logs and there is a lot of mountpoint leftover. This cause failed to remove container. Signed-off-by: Lei Jitang Upstream-commit: f65fa1f115df896b2440f50c374f032fc781188d Component: engine --- components/engine/daemon/graphdriver/overlay/overlay.go | 2 +- components/engine/daemon/graphdriver/overlay2/overlay.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/components/engine/daemon/graphdriver/overlay/overlay.go b/components/engine/daemon/graphdriver/overlay/overlay.go index 88d6602e07..7f849c96ff 100644 --- a/components/engine/daemon/graphdriver/overlay/overlay.go +++ b/components/engine/daemon/graphdriver/overlay/overlay.go @@ -404,7 +404,7 @@ func (d *Driver) Put(id string) error { if count := d.ctr.Decrement(mountpoint); count > 0 { return nil } - if err := syscall.Unmount(mountpoint, 0); err != nil { + if err := syscall.Unmount(mountpoint, syscall.MNT_DETACH); err != nil { logrus.Debugf("Failed to unmount %s overlay: %v", id, err) } return nil diff --git a/components/engine/daemon/graphdriver/overlay2/overlay.go b/components/engine/daemon/graphdriver/overlay2/overlay.go index e327ec508a..ccb2c3669d 100644 --- a/components/engine/daemon/graphdriver/overlay2/overlay.go +++ b/components/engine/daemon/graphdriver/overlay2/overlay.go @@ -587,7 +587,7 @@ func (d *Driver) Put(id string) error { if count := d.ctr.Decrement(mountpoint); count > 0 { return nil } - if err := syscall.Unmount(mountpoint, 0); err != nil { + if err := syscall.Unmount(mountpoint, syscall.MNT_DETACH); err != nil { logrus.Debugf("Failed to unmount %s overlay: %s - %v", id, mountpoint, err) } return nil From 99aad7f08b601284352e85287083f047cad888ba Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Sun, 11 Jun 2017 11:04:35 -0700 Subject: [PATCH 092/191] Add `scope` filter in `/networks/` This fix tries to add a `scope` in the query of `/networks/` (`NetworkInspect`) so that in case of duplicate network names, it is possible to locate the network ID based on the network scope (`local`, 'swarm', or `global`). Multiple networks might exist in different scopes, which is a legitimate case. For example, a network name `foo` might exists locally and in swarm network. However, before this PR it was not possible to query a network name `foo` in a specific scope like swarm. This fix fixes the issue by allowing a `scope` query in `/networks/`. Additional test cases have been added to unit tests and integration tests. This fix is related to docker/cli#167, moby/moby#30897, moby/moby#33561, moby/moby#30242 This fix fixes docker/cli#167 Signed-off-by: Yong Tang Upstream-commit: 158b2a1875cf33f3560dedaeb0149e1fbe54c1ef Component: engine --- .../server/router/network/network_routes.go | 20 +++++++---- components/engine/api/swagger.yaml | 4 +++ components/engine/api/types/types.go | 6 ++++ components/engine/client/interface.go | 4 +-- components/engine/client/network_inspect.go | 11 +++--- .../engine/client/network_inspect_test.go | 21 +++++++++--- components/engine/docs/api/version-history.md | 1 + .../integration-cli/docker_api_swarm_test.go | 34 +++++++++++++++++++ 8 files changed, 84 insertions(+), 17 deletions(-) diff --git a/components/engine/api/server/router/network/network_routes.go b/components/engine/api/server/router/network/network_routes.go index bff3561523..6f2041e35e 100644 --- a/components/engine/api/server/router/network/network_routes.go +++ b/components/engine/api/server/router/network/network_routes.go @@ -98,6 +98,14 @@ func (n *networkRouter) getNetwork(ctx context.Context, w http.ResponseWriter, r return errors.NewBadRequestError(err) } } + scope := r.URL.Query().Get("scope") + + isMatchingScope := func(scope, term string) bool { + if term != "" { + return scope == term + } + return true + } // In case multiple networks have duplicate names, return error. // TODO (yongtang): should we wrap with version here for backward compatibility? @@ -112,15 +120,15 @@ func (n *networkRouter) getNetwork(ctx context.Context, w http.ResponseWriter, r nw := n.backend.GetNetworks() for _, network := range nw { - if network.ID() == term { + if network.ID() == term && isMatchingScope(network.Info().Scope(), scope) { return httputils.WriteJSON(w, http.StatusOK, *n.buildDetailedNetworkResources(network, verbose)) } - if network.Name() == term { + if network.Name() == term && isMatchingScope(network.Info().Scope(), scope) { // No need to check the ID collision here as we are still in // local scope and the network ID is unique in this scope. listByFullName[network.ID()] = *n.buildDetailedNetworkResources(network, verbose) } - if strings.HasPrefix(network.ID(), term) { + if strings.HasPrefix(network.ID(), term) && isMatchingScope(network.Info().Scope(), scope) { // No need to check the ID collision here as we are still in // local scope and the network ID is unique in this scope. listByPartialID[network.ID()] = *n.buildDetailedNetworkResources(network, verbose) @@ -129,10 +137,10 @@ func (n *networkRouter) getNetwork(ctx context.Context, w http.ResponseWriter, r nr, _ := n.cluster.GetNetworks() for _, network := range nr { - if network.ID == term { + if network.ID == term && isMatchingScope(network.Scope, scope) { return httputils.WriteJSON(w, http.StatusOK, network) } - if network.Name == term { + if network.Name == term && isMatchingScope(network.Scope, scope) { // Check the ID collision as we are in swarm scope here, and // the map (of the listByFullName) may have already had a // network with the same ID (from local scope previously) @@ -140,7 +148,7 @@ func (n *networkRouter) getNetwork(ctx context.Context, w http.ResponseWriter, r listByFullName[network.ID] = network } } - if strings.HasPrefix(network.ID, term) { + if strings.HasPrefix(network.ID, term) && isMatchingScope(network.Scope, scope) { // Check the ID collision as we are in swarm scope here, and // the map (of the listByPartialID) may have already had a // network with the same ID (from local scope previously) diff --git a/components/engine/api/swagger.yaml b/components/engine/api/swagger.yaml index ff9486f303..1433256b98 100644 --- a/components/engine/api/swagger.yaml +++ b/components/engine/api/swagger.yaml @@ -6437,6 +6437,10 @@ paths: description: "Detailed inspect output for troubleshooting" type: "boolean" default: false + - name: "scope" + in: "query" + description: "Filter the network by scope (swarm, global, or local)" + type: "string" tags: ["Network"] delete: diff --git a/components/engine/api/types/types.go b/components/engine/api/types/types.go index c905466e29..37adca2f57 100644 --- a/components/engine/api/types/types.go +++ b/components/engine/api/types/types.go @@ -468,6 +468,12 @@ type NetworkDisconnect struct { Force bool } +// NetworkInspectOptions holds parameters to inspect network +type NetworkInspectOptions struct { + Scope string + Verbose bool +} + // Checkpoint represents the details of a checkpoint type Checkpoint struct { Name string // Name is the name of the checkpoint diff --git a/components/engine/client/interface.go b/components/engine/client/interface.go index d5f3a14ec3..aa00622127 100644 --- a/components/engine/client/interface.go +++ b/components/engine/client/interface.go @@ -99,8 +99,8 @@ type NetworkAPIClient interface { NetworkConnect(ctx context.Context, networkID, container string, config *network.EndpointSettings) error NetworkCreate(ctx context.Context, name string, options types.NetworkCreate) (types.NetworkCreateResponse, error) NetworkDisconnect(ctx context.Context, networkID, container string, force bool) error - NetworkInspect(ctx context.Context, networkID string, verbose bool) (types.NetworkResource, error) - NetworkInspectWithRaw(ctx context.Context, networkID string, verbose bool) (types.NetworkResource, []byte, error) + NetworkInspect(ctx context.Context, networkID string, options types.NetworkInspectOptions) (types.NetworkResource, error) + NetworkInspectWithRaw(ctx context.Context, networkID string, options types.NetworkInspectOptions) (types.NetworkResource, []byte, error) NetworkList(ctx context.Context, options types.NetworkListOptions) ([]types.NetworkResource, error) NetworkRemove(ctx context.Context, networkID string) error NetworksPrune(ctx context.Context, pruneFilter filters.Args) (types.NetworksPruneReport, error) diff --git a/components/engine/client/network_inspect.go b/components/engine/client/network_inspect.go index 7242304025..848c9799fb 100644 --- a/components/engine/client/network_inspect.go +++ b/components/engine/client/network_inspect.go @@ -12,22 +12,25 @@ import ( ) // NetworkInspect returns the information for a specific network configured in the docker host. -func (cli *Client) NetworkInspect(ctx context.Context, networkID string, verbose bool) (types.NetworkResource, error) { - networkResource, _, err := cli.NetworkInspectWithRaw(ctx, networkID, verbose) +func (cli *Client) NetworkInspect(ctx context.Context, networkID string, options types.NetworkInspectOptions) (types.NetworkResource, error) { + networkResource, _, err := cli.NetworkInspectWithRaw(ctx, networkID, options) return networkResource, err } // NetworkInspectWithRaw returns the information for a specific network configured in the docker host and its raw representation. -func (cli *Client) NetworkInspectWithRaw(ctx context.Context, networkID string, verbose bool) (types.NetworkResource, []byte, error) { +func (cli *Client) NetworkInspectWithRaw(ctx context.Context, networkID string, options types.NetworkInspectOptions) (types.NetworkResource, []byte, error) { var ( networkResource types.NetworkResource resp serverResponse err error ) query := url.Values{} - if verbose { + if options.Verbose { query.Set("verbose", "true") } + if options.Scope != "" { + query.Set("scope", options.Scope) + } resp, err = cli.get(ctx, "/networks/"+networkID, query, nil) if err != nil { if resp.statusCode == http.StatusNotFound { diff --git a/components/engine/client/network_inspect_test.go b/components/engine/client/network_inspect_test.go index 1504289f5d..9bfb55d74e 100644 --- a/components/engine/client/network_inspect_test.go +++ b/components/engine/client/network_inspect_test.go @@ -11,6 +11,7 @@ import ( "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/network" + "github.com/stretchr/testify/assert" "golang.org/x/net/context" ) @@ -19,7 +20,7 @@ func TestNetworkInspectError(t *testing.T) { client: newMockClient(errorMock(http.StatusInternalServerError, "Server error")), } - _, err := client.NetworkInspect(context.Background(), "nothing", false) + _, err := client.NetworkInspect(context.Background(), "nothing", types.NetworkInspectOptions{}) if err == nil || err.Error() != "Error response from daemon: Server error" { t.Fatalf("expected a Server Error, got %v", err) } @@ -30,7 +31,7 @@ func TestNetworkInspectContainerNotFound(t *testing.T) { client: newMockClient(errorMock(http.StatusNotFound, "Server error")), } - _, err := client.NetworkInspect(context.Background(), "unknown", false) + _, err := client.NetworkInspect(context.Background(), "unknown", types.NetworkInspectOptions{}) if err == nil || !IsErrNetworkNotFound(err) { t.Fatalf("expected a networkNotFound error, got %v", err) } @@ -51,7 +52,14 @@ func TestNetworkInspect(t *testing.T) { content []byte err error ) - if strings.HasPrefix(req.URL.RawQuery, "verbose=true") { + if strings.Contains(req.URL.RawQuery, "scope=global") { + return &http.Response{ + StatusCode: http.StatusNotFound, + Body: ioutil.NopCloser(bytes.NewReader(content)), + }, nil + } + + if strings.Contains(req.URL.RawQuery, "verbose=true") { s := map[string]network.ServiceInfo{ "web": {}, } @@ -74,7 +82,7 @@ func TestNetworkInspect(t *testing.T) { }), } - r, err := client.NetworkInspect(context.Background(), "network_id", false) + r, err := client.NetworkInspect(context.Background(), "network_id", types.NetworkInspectOptions{}) if err != nil { t.Fatal(err) } @@ -82,7 +90,7 @@ func TestNetworkInspect(t *testing.T) { t.Fatalf("expected `mynetwork`, got %s", r.Name) } - r, err = client.NetworkInspect(context.Background(), "network_id", true) + r, err = client.NetworkInspect(context.Background(), "network_id", types.NetworkInspectOptions{Verbose: true}) if err != nil { t.Fatal(err) } @@ -93,4 +101,7 @@ func TestNetworkInspect(t *testing.T) { if !ok { t.Fatalf("expected service `web` missing in the verbose output") } + + _, err = client.NetworkInspect(context.Background(), "network_id", types.NetworkInspectOptions{Scope: "global"}) + assert.EqualError(t, err, "Error: No such network: network_id") } diff --git a/components/engine/docs/api/version-history.md b/components/engine/docs/api/version-history.md index 41f53a6041..e546559957 100644 --- a/components/engine/docs/api/version-history.md +++ b/components/engine/docs/api/version-history.md @@ -21,6 +21,7 @@ keywords: "API, Docker, rcli, REST, documentation" * `POST /secrets/create` now returns status code 409 instead of 500 when creating an already existing secret. * `POST /secrets/(name)/update` now returns status code 400 instead of 500 when updating a secret's content which is not the labels. * `POST /nodes/(name)/update` now returns status code 400 instead of 500 when demoting last node fails. +* `GET /networks/(id or name)` now takes an optional query parameter `scope` that will filter the network based on the scope (`local`, `swarm`, or `global`). ## v1.30 API changes diff --git a/components/engine/integration-cli/docker_api_swarm_test.go b/components/engine/integration-cli/docker_api_swarm_test.go index 0e0f0e6f7a..d9d3d94433 100644 --- a/components/engine/integration-cli/docker_api_swarm_test.go +++ b/components/engine/integration-cli/docker_api_swarm_test.go @@ -8,6 +8,7 @@ import ( "io/ioutil" "net" "net/http" + "net/url" "os" "path/filepath" "strings" @@ -1002,3 +1003,36 @@ func (s *DockerSwarmSuite) TestSwarmRepeatedRootRotation(c *check.C) { currentTrustRoot = clusterTLSInfo.TrustRoot } } + +func (s *DockerSwarmSuite) TestAPINetworkInspectWithScope(c *check.C) { + d := s.AddDaemon(c, true, true) + + name := "foo" + networkCreateRequest := types.NetworkCreateRequest{ + Name: name, + } + + var n types.NetworkCreateResponse + networkCreateRequest.NetworkCreate.Driver = "overlay" + + status, out, err := d.SockRequest("POST", "/networks/create", networkCreateRequest) + c.Assert(err, checker.IsNil, check.Commentf(string(out))) + c.Assert(status, checker.Equals, http.StatusCreated, check.Commentf(string(out))) + c.Assert(json.Unmarshal(out, &n), checker.IsNil) + + var r types.NetworkResource + + status, body, err := d.SockRequest("GET", "/networks/"+name, nil) + c.Assert(err, checker.IsNil, check.Commentf(string(out))) + c.Assert(status, checker.Equals, http.StatusOK, check.Commentf(string(out))) + c.Assert(json.Unmarshal(body, &r), checker.IsNil) + c.Assert(r.Scope, checker.Equals, "swarm") + c.Assert(r.ID, checker.Equals, n.ID) + + v := url.Values{} + v.Set("scope", "local") + + status, body, err = d.SockRequest("GET", "/networks/"+name+"?"+v.Encode(), nil) + c.Assert(err, checker.IsNil, check.Commentf(string(out))) + c.Assert(status, checker.Equals, http.StatusNotFound, check.Commentf(string(out))) +} From cc2f78397537b7cba70174ed3917eec9082c99a9 Mon Sep 17 00:00:00 2001 From: David Sheets Date: Mon, 12 Jun 2017 15:36:46 +0100 Subject: [PATCH 093/191] plugin/store.Get: return a specific error if plugin is disabled Previously, a 'plugin not found' error would be returned if a plugin to be retrieved was found but disabled. This was misleading and incorrect. Now, a new error plugin.ErrDisabled is returned in this case. This makes the error message when trying to statically start plugins (from daemon.json or dockerd command line) accurate. Signed-off-by: David Sheets Upstream-commit: e33d598059d8af8c57995a2c52f1f9f5691c09e8 Component: engine --- components/engine/plugin/store.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/components/engine/plugin/store.go b/components/engine/plugin/store.go index 244522e10a..285489f4bf 100644 --- a/components/engine/plugin/store.go +++ b/components/engine/plugin/store.go @@ -36,6 +36,13 @@ func (name ErrAmbiguous) Error() string { return fmt.Sprintf("multiple plugins found for %q", string(name)) } +// ErrDisabled indicates that a plugin was found but it is disabled +type ErrDisabled string + +func (name ErrDisabled) Error() string { + return fmt.Sprintf("plugin %s found but disabled", string(name)) +} + // GetV2Plugin retrieves a plugin by name, id or partial ID. func (ps *Store) GetV2Plugin(refOrID string) (*v2.Plugin, error) { ps.RLock() @@ -138,7 +145,7 @@ func (ps *Store) Get(name, capability string, mode int) (plugingetter.CompatPlug } // Plugin was found but it is disabled, so we should not fall back to legacy plugins // but we should error out right away - return nil, ErrNotFound(name) + return nil, ErrDisabled(name) } if _, ok := errors.Cause(err).(ErrNotFound); !ok { return nil, err From 234706e29f30a50f6014d8452df1bb80d30cde75 Mon Sep 17 00:00:00 2001 From: David Sheets Date: Mon, 12 Jun 2017 18:07:42 +0100 Subject: [PATCH 094/191] plugin/store: fix ErrAmbiguous docstring Signed-off-by: David Sheets Upstream-commit: 2b79dfc240307ab948e0341f7668a3cdfdebf033 Component: engine --- components/engine/plugin/store.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/plugin/store.go b/components/engine/plugin/store.go index 285489f4bf..7f6e954bf8 100644 --- a/components/engine/plugin/store.go +++ b/components/engine/plugin/store.go @@ -29,7 +29,7 @@ type ErrNotFound string func (name ErrNotFound) Error() string { return fmt.Sprintf("plugin %q not found", string(name)) } -// ErrAmbiguous indicates that a plugin was not found locally. +// ErrAmbiguous indicates that more than one plugin was found type ErrAmbiguous string func (name ErrAmbiguous) Error() string { From f10437130230cc68f246b7acb99f390cc904dabf Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Mon, 12 Jun 2017 10:27:11 -0700 Subject: [PATCH 095/191] Vendor swarmkit a4bf013 Signed-off-by: Aaron Lehmann Upstream-commit: 32d7b0f3601258edf94ecf0e2e9018a406846888 Component: engine --- components/engine/vendor.conf | 2 +- .../github.com/docker/swarmkit/agent/agent.go | 20 +- .../docker/swarmkit/agent/config.go | 17 + .../docker/swarmkit/agent/session.go | 2 +- .../swarmkit/api/genericresource/helpers.go | 111 ++ .../swarmkit/api/genericresource/parse.go | 47 + .../genericresource/resource_management.go | 202 ++ .../swarmkit/api/genericresource/string.go | 54 + .../swarmkit/api/genericresource/validate.go | 84 + .../docker/swarmkit/api/objects.pb.go | 248 ++- .../docker/swarmkit/api/objects.proto | 2 + .../docker/swarmkit/api/types.pb.go | 1714 ++++++++++++----- .../docker/swarmkit/api/types.proto | 20 + .../docker/swarmkit/ca/certificates.go | 2 +- .../github.com/docker/swarmkit/ca/config.go | 51 +- .../github.com/docker/swarmkit/ca/external.go | 20 +- .../docker/swarmkit/ca/reconciler.go | 6 +- .../swarmkit/manager/allocator/allocator.go | 80 +- .../drivers_darwin.go | 5 +- .../drivers_ipam.go | 2 +- .../drivers_network_linux.go | 11 +- .../drivers_network_windows.go | 5 +- .../cnmallocator/drivers_unsupported.go | 14 + .../cnmallocator/networkallocator.go | 957 +++++++++ .../portallocator.go | 2 +- .../swarmkit/manager/allocator/network.go | 286 +-- .../networkallocator/drivers_unsupported.go | 10 - .../networkallocator/networkallocator.go | 1018 +--------- .../swarmkit/manager/controlapi/common.go | 8 +- .../swarmkit/manager/controlapi/service.go | 4 + .../docker/swarmkit/manager/manager.go | 12 +- .../constraintenforcer/constraint_enforcer.go | 28 +- .../swarmkit/manager/orchestrator/task.go | 2 +- .../swarmkit/manager/scheduler/filter.go | 19 +- .../swarmkit/manager/scheduler/nodeinfo.go | 35 +- .../swarmkit/manager/scheduler/scheduler.go | 11 +- .../swarmkit/manager/state/raft/raft.go | 2 +- .../github.com/docker/swarmkit/node/node.go | 59 +- .../github.com/docker/swarmkit/vendor.conf | 7 +- 39 files changed, 3468 insertions(+), 1711 deletions(-) create mode 100644 components/engine/vendor/github.com/docker/swarmkit/api/genericresource/helpers.go create mode 100644 components/engine/vendor/github.com/docker/swarmkit/api/genericresource/parse.go create mode 100644 components/engine/vendor/github.com/docker/swarmkit/api/genericresource/resource_management.go create mode 100644 components/engine/vendor/github.com/docker/swarmkit/api/genericresource/string.go create mode 100644 components/engine/vendor/github.com/docker/swarmkit/api/genericresource/validate.go rename components/engine/vendor/github.com/docker/swarmkit/manager/allocator/{networkallocator => cnmallocator}/drivers_darwin.go (65%) rename components/engine/vendor/github.com/docker/swarmkit/manager/allocator/{networkallocator => cnmallocator}/drivers_ipam.go (95%) rename components/engine/vendor/github.com/docker/swarmkit/manager/allocator/{networkallocator => cnmallocator}/drivers_network_linux.go (68%) rename components/engine/vendor/github.com/docker/swarmkit/manager/allocator/{networkallocator => cnmallocator}/drivers_network_windows.go (65%) create mode 100644 components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_unsupported.go create mode 100644 components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/networkallocator.go rename components/engine/vendor/github.com/docker/swarmkit/manager/allocator/{networkallocator => cnmallocator}/portallocator.go (99%) delete mode 100644 components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_unsupported.go diff --git a/components/engine/vendor.conf b/components/engine/vendor.conf index 184c02dc9b..e524c518ab 100644 --- a/components/engine/vendor.conf +++ b/components/engine/vendor.conf @@ -104,7 +104,7 @@ github.com/containerd/containerd 3addd840653146c90a254301d6c3a663c7fd6429 github.com/tonistiigi/fifo 1405643975692217d6720f8b54aeee1bf2cd5cf4 # cluster -github.com/docker/swarmkit eb07af52aa2216100cff1ad0b13df48daa8914bf +github.com/docker/swarmkit a4bf0135f63fb60f0e76ae81579cde87f580db6e github.com/gogo/protobuf v0.4 github.com/cloudflare/cfssl 7fb22c8cba7ecaf98e4082d22d65800cf45e042a github.com/google/certificate-transparency d90e65c3a07988180c5b1ece71791c0b6506826e diff --git a/components/engine/vendor/github.com/docker/swarmkit/agent/agent.go b/components/engine/vendor/github.com/docker/swarmkit/agent/agent.go index 841048ffe0..dc72fa0407 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/agent/agent.go +++ b/components/engine/vendor/github.com/docker/swarmkit/agent/agent.go @@ -206,6 +206,9 @@ func (a *Agent) run(ctx context.Context) { leaving = a.leaving subscriptions = map[string]context.CancelFunc{} ) + defer func() { + session.close() + }() if err := a.worker.Init(ctx); err != nil { log.G(ctx).WithError(err).Error("worker initialization failed") @@ -314,6 +317,9 @@ func (a *Agent) run(ctx context.Context) { if ready != nil { close(ready) } + if a.config.SessionTracker != nil { + a.config.SessionTracker.SessionEstablished() + } ready = nil registered = nil // we only care about this once per session backoff = 0 // reset backoff @@ -323,6 +329,10 @@ func (a *Agent) run(ctx context.Context) { // but no error was sent. This must be the only place // session.close is called in response to errors, for this to work. if err != nil { + if a.config.SessionTracker != nil { + a.config.SessionTracker.SessionError(err) + } + log.G(ctx).WithError(err).Error("agent: session failed") backoff = initialSessionFailureBackoff + 2*backoff if backoff > maxSessionFailureBackoff { @@ -337,6 +347,14 @@ func (a *Agent) run(ctx context.Context) { // if we're here before <-registered, do nothing for that event registered = nil case <-session.closed: + if a.config.SessionTracker != nil { + if err := a.config.SessionTracker.SessionClosed(); err != nil { + log.G(ctx).WithError(err).Error("agent: exiting") + a.err = err + return + } + } + log.G(ctx).Debugf("agent: rebuild session") // select a session registration delay from backoff range. @@ -365,8 +383,6 @@ func (a *Agent) run(ctx context.Context) { if a.err == nil { a.err = ctx.Err() } - session.close() - return } } diff --git a/components/engine/vendor/github.com/docker/swarmkit/agent/config.go b/components/engine/vendor/github.com/docker/swarmkit/agent/config.go index 70c94ecb65..98d5bf5728 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/agent/config.go +++ b/components/engine/vendor/github.com/docker/swarmkit/agent/config.go @@ -43,6 +43,10 @@ type Config struct { // NodeTLSInfo contains the starting node TLS info to bootstrap into the agent NodeTLSInfo *api.NodeTLSInfo + + // SessionTracker, if provided, will have its SessionClosed and SessionError methods called + // when sessions close and error. + SessionTracker SessionTracker } func (c *Config) validate() error { @@ -64,3 +68,16 @@ func (c *Config) validate() error { return nil } + +// A SessionTracker gets notified when sessions close and error +type SessionTracker interface { + // SessionClosed is called whenever a session is closed - if the function errors, the agent + // will exit with the returned error. Otherwise the agent can continue and rebuild a new session. + SessionClosed() error + + // SessionError is called whenever a session errors + SessionError(err error) + + // SessionEstablished is called whenever a session is established + SessionEstablished() +} diff --git a/components/engine/vendor/github.com/docker/swarmkit/agent/session.go b/components/engine/vendor/github.com/docker/swarmkit/agent/session.go index 36a3a375cb..faa1fa8cac 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/agent/session.go +++ b/components/engine/vendor/github.com/docker/swarmkit/agent/session.go @@ -409,7 +409,7 @@ func (s *session) sendError(err error) { } // close closing session. It should be called only in <-session.errs branch -// of event loop. +// of event loop, or when cleaning up the agent. func (s *session) close() error { s.closeOnce.Do(func() { s.cancel() diff --git a/components/engine/vendor/github.com/docker/swarmkit/api/genericresource/helpers.go b/components/engine/vendor/github.com/docker/swarmkit/api/genericresource/helpers.go new file mode 100644 index 0000000000..f9c22ac6cc --- /dev/null +++ b/components/engine/vendor/github.com/docker/swarmkit/api/genericresource/helpers.go @@ -0,0 +1,111 @@ +package genericresource + +import ( + "github.com/docker/swarmkit/api" +) + +// NewSet creates a set object +func NewSet(key string, vals ...string) []*api.GenericResource { + rs := make([]*api.GenericResource, 0, len(vals)) + + for _, v := range vals { + rs = append(rs, NewString(key, v)) + } + + return rs +} + +// NewString creates a String resource +func NewString(key, val string) *api.GenericResource { + return &api.GenericResource{ + Resource: &api.GenericResource_Str{ + Str: &api.GenericString{ + Kind: key, + Value: val, + }, + }, + } +} + +// NewDiscrete creates a Discrete resource +func NewDiscrete(key string, val int64) *api.GenericResource { + return &api.GenericResource{ + Resource: &api.GenericResource_Discrete{ + Discrete: &api.GenericDiscrete{ + Kind: key, + Value: val, + }, + }, + } +} + +// GetResource returns resources from the "resources" parameter matching the kind key +func GetResource(kind string, resources []*api.GenericResource) []*api.GenericResource { + var res []*api.GenericResource + + for _, r := range resources { + if Kind(r) != kind { + continue + } + + res = append(res, r) + } + + return res +} + +// ConsumeNodeResources removes "res" from nodeAvailableResources +func ConsumeNodeResources(nodeAvailableResources *[]*api.GenericResource, res []*api.GenericResource) { + if nodeAvailableResources == nil { + return + } + + w := 0 + +loop: + for _, na := range *nodeAvailableResources { + for _, r := range res { + if Kind(na) != Kind(r) { + continue + } + + if remove(na, r) { + continue loop + } + // If this wasn't the right element then + // we need to continue + } + + (*nodeAvailableResources)[w] = na + w++ + } + + *nodeAvailableResources = (*nodeAvailableResources)[:w] +} + +// Returns true if the element is to be removed from the list +func remove(na, r *api.GenericResource) bool { + switch tr := r.Resource.(type) { + case *api.GenericResource_Discrete: + if na.GetDiscrete() == nil { + return false // Type change, ignore + } + + na.GetDiscrete().Value -= tr.Discrete.Value + if na.GetDiscrete().Value <= 0 { + return true + } + case *api.GenericResource_Str: + if na.GetStr() == nil { + return false // Type change, ignore + } + + if tr.Str.Value != na.GetStr().Value { + return false // not the right item, ignore + } + + return true + } + + return false +} diff --git a/components/engine/vendor/github.com/docker/swarmkit/api/genericresource/parse.go b/components/engine/vendor/github.com/docker/swarmkit/api/genericresource/parse.go new file mode 100644 index 0000000000..de30908104 --- /dev/null +++ b/components/engine/vendor/github.com/docker/swarmkit/api/genericresource/parse.go @@ -0,0 +1,47 @@ +package genericresource + +import ( + "fmt" + "strconv" + "strings" + + "github.com/docker/swarmkit/api" +) + +func newParseError(format string, args ...interface{}) error { + return fmt.Errorf("could not parse GenericResource: "+format, args...) +} + +// Parse parses the GenericResource resources given by the arguments +func Parse(cmd string) ([]*api.GenericResource, error) { + var rs []*api.GenericResource + + for _, term := range strings.Split(cmd, ";") { + kva := strings.Split(term, "=") + if len(kva) != 2 { + return nil, newParseError("incorrect term %s, missing '=' or malformed expr", term) + } + + key := strings.TrimSpace(kva[0]) + val := strings.TrimSpace(kva[1]) + + u, err := strconv.ParseInt(val, 10, 64) + if err == nil { + if u < 0 { + return nil, newParseError("cannot ask for negative resource %s", key) + } + rs = append(rs, NewDiscrete(key, u)) + continue + } + + if len(val) > 2 && val[0] == '{' && val[len(val)-1] == '}' { + val = val[1 : len(val)-1] + rs = append(rs, NewSet(key, strings.Split(val, ",")...)...) + continue + } + + return nil, newParseError("could not parse expression '%s'", term) + } + + return rs, nil +} diff --git a/components/engine/vendor/github.com/docker/swarmkit/api/genericresource/resource_management.go b/components/engine/vendor/github.com/docker/swarmkit/api/genericresource/resource_management.go new file mode 100644 index 0000000000..217c52051a --- /dev/null +++ b/components/engine/vendor/github.com/docker/swarmkit/api/genericresource/resource_management.go @@ -0,0 +1,202 @@ +package genericresource + +import ( + "fmt" + "github.com/docker/swarmkit/api" +) + +// Claim assigns GenericResources to a task by taking them from the +// node's GenericResource list and storing them in the task's available list +func Claim(nodeAvailableResources, taskAssigned *[]*api.GenericResource, + taskReservations []*api.GenericResource) error { + var resSelected []*api.GenericResource + + for _, res := range taskReservations { + tr := res.GetDiscrete() + if tr == nil { + return fmt.Errorf("task should only hold Discrete type") + } + + // Select the resources + nrs, err := selectNodeResources(*nodeAvailableResources, tr) + if err != nil { + return err + } + + resSelected = append(resSelected, nrs...) + } + + ClaimResources(nodeAvailableResources, taskAssigned, resSelected) + return nil +} + +// ClaimResources adds the specified resources to the task's list +// and removes them from the node's generic resource list +func ClaimResources(nodeAvailableResources, taskAssigned *[]*api.GenericResource, + resSelected []*api.GenericResource) { + *taskAssigned = append(*taskAssigned, resSelected...) + ConsumeNodeResources(nodeAvailableResources, resSelected) +} + +func selectNodeResources(nodeRes []*api.GenericResource, + tr *api.GenericDiscrete) ([]*api.GenericResource, error) { + var nrs []*api.GenericResource + + for _, res := range nodeRes { + if Kind(res) != tr.Kind { + continue + } + + switch nr := res.Resource.(type) { + case *api.GenericResource_Discrete: + if nr.Discrete.Value >= tr.Value && tr.Value != 0 { + nrs = append(nrs, NewDiscrete(tr.Kind, tr.Value)) + } + + return nrs, nil + case *api.GenericResource_Str: + nrs = append(nrs, res.Copy()) + + if int64(len(nrs)) == tr.Value { + return nrs, nil + } + } + } + + if len(nrs) == 0 { + return nil, fmt.Errorf("not enough resources available for task reservations: %+v", tr) + } + + return nrs, nil +} + +// Reclaim adds the resources taken by the task to the node's store +func Reclaim(nodeAvailableResources *[]*api.GenericResource, taskAssigned, nodeRes []*api.GenericResource) error { + err := reclaimResources(nodeAvailableResources, taskAssigned) + if err != nil { + return err + } + + sanitize(nodeRes, nodeAvailableResources) + + return nil +} + +func reclaimResources(nodeAvailableResources *[]*api.GenericResource, taskAssigned []*api.GenericResource) error { + // The node could have been updated + if nodeAvailableResources == nil { + return fmt.Errorf("node no longer has any resources") + } + + for _, res := range taskAssigned { + switch tr := res.Resource.(type) { + case *api.GenericResource_Discrete: + nrs := GetResource(tr.Discrete.Kind, *nodeAvailableResources) + + // If the resource went down to 0 it's no longer in the + // available list + if len(nrs) == 0 { + *nodeAvailableResources = append(*nodeAvailableResources, res.Copy()) + } + + if len(nrs) != 1 { + continue // Type change + } + + nr := nrs[0].GetDiscrete() + if nr == nil { + continue // Type change + } + + nr.Value += tr.Discrete.Value + case *api.GenericResource_Str: + *nodeAvailableResources = append(*nodeAvailableResources, res.Copy()) + } + } + + return nil +} + +// sanitize checks that nodeAvailableResources does not add resources unknown +// to the nodeSpec (nodeRes) or goes over the integer bound specified +// by the spec. +// Note this is because the user is able to update a node's resources +func sanitize(nodeRes []*api.GenericResource, nodeAvailableResources *[]*api.GenericResource) { + // - We add the sanitized resources at the end, after + // having removed the elements from the list + + // - When a set changes to a Discrete we also need + // to make sure that we don't add the Discrete multiple + // time hence, the need of a map to remember that + var sanitized []*api.GenericResource + kindSanitized := make(map[string]struct{}) + w := 0 + + for _, na := range *nodeAvailableResources { + ok, nrs := sanitizeResource(nodeRes, na) + if !ok { + if _, ok = kindSanitized[Kind(na)]; ok { + continue + } + + kindSanitized[Kind(na)] = struct{}{} + sanitized = append(sanitized, nrs...) + + continue + } + + (*nodeAvailableResources)[w] = na + w++ + } + + *nodeAvailableResources = (*nodeAvailableResources)[:w] + *nodeAvailableResources = append(*nodeAvailableResources, sanitized...) +} + +// Returns true if the element is in nodeRes and "sane" +// Returns false if the element isn't in nodeRes and "sane" and the element(s) that should be replacing it +func sanitizeResource(nodeRes []*api.GenericResource, res *api.GenericResource) (ok bool, nrs []*api.GenericResource) { + switch na := res.Resource.(type) { + case *api.GenericResource_Discrete: + nrs := GetResource(na.Discrete.Kind, nodeRes) + + // Type change or removed: reset + if len(nrs) != 1 { + return false, nrs + } + + // Type change: reset + nr := nrs[0].GetDiscrete() + if nr == nil { + return false, nrs + } + + // Amount change: reset + if na.Discrete.Value > nr.Value { + return false, nrs + } + case *api.GenericResource_Str: + nrs := GetResource(na.Str.Kind, nodeRes) + + // Type change + if len(nrs) == 0 { + return false, nrs + } + + for _, nr := range nrs { + // Type change: reset + if nr.GetDiscrete() != nil { + return false, nrs + } + + if na.Str.Value == nr.GetStr().Value { + return true, nil + } + } + + // Removed + return false, nil + } + + return true, nil +} diff --git a/components/engine/vendor/github.com/docker/swarmkit/api/genericresource/string.go b/components/engine/vendor/github.com/docker/swarmkit/api/genericresource/string.go new file mode 100644 index 0000000000..a353853135 --- /dev/null +++ b/components/engine/vendor/github.com/docker/swarmkit/api/genericresource/string.go @@ -0,0 +1,54 @@ +package genericresource + +import ( + "strconv" + "strings" + + "github.com/docker/swarmkit/api" +) + +func discreteToString(d *api.GenericResource_Discrete) string { + return strconv.FormatInt(d.Discrete.Value, 10) +} + +// Kind returns the kind key as a string +func Kind(res *api.GenericResource) string { + switch r := res.Resource.(type) { + case *api.GenericResource_Discrete: + return r.Discrete.Kind + case *api.GenericResource_Str: + return r.Str.Kind + } + + return "" +} + +// Value returns the value key as a string +func Value(res *api.GenericResource) string { + switch res := res.Resource.(type) { + case *api.GenericResource_Discrete: + return discreteToString(res) + case *api.GenericResource_Str: + return res.Str.Value + } + + return "" +} + +// EnvFormat returns the environment string version of the resource +func EnvFormat(res []*api.GenericResource, prefix string) []string { + envs := make(map[string][]string) + for _, v := range res { + key := Kind(v) + val := Value(v) + envs[key] = append(envs[key], val) + } + + env := make([]string, 0, len(res)) + for k, v := range envs { + k = strings.ToUpper(prefix + "_" + k) + env = append(env, k+"="+strings.Join(v, ",")) + } + + return env +} diff --git a/components/engine/vendor/github.com/docker/swarmkit/api/genericresource/validate.go b/components/engine/vendor/github.com/docker/swarmkit/api/genericresource/validate.go new file mode 100644 index 0000000000..98953e107d --- /dev/null +++ b/components/engine/vendor/github.com/docker/swarmkit/api/genericresource/validate.go @@ -0,0 +1,84 @@ +package genericresource + +import ( + "fmt" + "github.com/docker/swarmkit/api" +) + +// ValidateTask validates that the task only uses integers +// for generic resources +func ValidateTask(resources *api.Resources) error { + for _, v := range resources.Generic { + if v.GetDiscrete() != nil { + continue + } + + return fmt.Errorf("invalid argument for resource %s", Kind(v)) + } + + return nil +} + +// HasEnough returns true if node can satisfy the task's GenericResource request +func HasEnough(nodeRes []*api.GenericResource, taskRes *api.GenericResource) (bool, error) { + t := taskRes.GetDiscrete() + if t == nil { + return false, fmt.Errorf("task should only hold Discrete type") + } + + if nodeRes == nil { + return false, nil + } + + nrs := GetResource(t.Kind, nodeRes) + if len(nrs) == 0 { + return false, nil + } + + switch nr := nrs[0].Resource.(type) { + case *api.GenericResource_Discrete: + if t.Value > nr.Discrete.Value { + return false, nil + } + case *api.GenericResource_Str: + if t.Value > int64(len(nrs)) { + return false, nil + } + } + + return true, nil +} + +// HasResource checks if there is enough "res" in the "resources" argument +func HasResource(res *api.GenericResource, resources []*api.GenericResource) bool { + for _, r := range resources { + if Kind(res) != Kind(r) { + continue + } + + switch rtype := r.Resource.(type) { + case *api.GenericResource_Discrete: + if res.GetDiscrete() == nil { + return false + } + + if res.GetDiscrete().Value < rtype.Discrete.Value { + return false + } + + return true + case *api.GenericResource_Str: + if res.GetStr() == nil { + return false + } + + if res.GetStr().Value != rtype.Str.Value { + continue + } + + return true + } + } + + return false +} diff --git a/components/engine/vendor/github.com/docker/swarmkit/api/objects.pb.go b/components/engine/vendor/github.com/docker/swarmkit/api/objects.pb.go index e9c2438502..b6a9389a6d 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/api/objects.pb.go +++ b/components/engine/vendor/github.com/docker/swarmkit/api/objects.pb.go @@ -198,7 +198,8 @@ type Task struct { // such a cluster default or policy-based value. // // If not present, the daemon's default will be used. - LogDriver *Driver `protobuf:"bytes,13,opt,name=log_driver,json=logDriver" json:"log_driver,omitempty"` + LogDriver *Driver `protobuf:"bytes,13,opt,name=log_driver,json=logDriver" json:"log_driver,omitempty"` + AssignedGenericResources []*GenericResource `protobuf:"bytes,15,rep,name=assigned_generic_resources,json=assignedGenericResources" json:"assigned_generic_resources,omitempty"` } func (m *Task) Reset() { *m = Task{} } @@ -529,6 +530,14 @@ func (m *Task) CopyFrom(src interface{}) { m.LogDriver = &Driver{} github_com_docker_swarmkit_api_deepcopy.Copy(m.LogDriver, o.LogDriver) } + if o.AssignedGenericResources != nil { + m.AssignedGenericResources = make([]*GenericResource, len(o.AssignedGenericResources)) + for i := range m.AssignedGenericResources { + m.AssignedGenericResources[i] = &GenericResource{} + github_com_docker_swarmkit_api_deepcopy.Copy(m.AssignedGenericResources[i], o.AssignedGenericResources[i]) + } + } + } func (m *NetworkAttachment) Copy() *NetworkAttachment { @@ -1140,6 +1149,18 @@ func (m *Task) MarshalTo(dAtA []byte) (int, error) { } i += n26 } + if len(m.AssignedGenericResources) > 0 { + for _, msg := range m.AssignedGenericResources { + dAtA[i] = 0x7a + i++ + i = encodeVarintObjects(dAtA, i, uint64(msg.Size())) + n, err := msg.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n + } + } return i, nil } @@ -1771,6 +1792,12 @@ func (m *Task) Size() (n int) { l = m.SpecVersion.Size() n += 1 + l + sovObjects(uint64(l)) } + if len(m.AssignedGenericResources) > 0 { + for _, e := range m.AssignedGenericResources { + l = e.Size() + n += 1 + l + sovObjects(uint64(l)) + } + } return n } @@ -4419,6 +4446,7 @@ func (this *Task) String() string { `Endpoint:` + strings.Replace(fmt.Sprintf("%v", this.Endpoint), "Endpoint", "Endpoint", 1) + `,`, `LogDriver:` + strings.Replace(fmt.Sprintf("%v", this.LogDriver), "Driver", "Driver", 1) + `,`, `SpecVersion:` + strings.Replace(fmt.Sprintf("%v", this.SpecVersion), "Version", "Version", 1) + `,`, + `AssignedGenericResources:` + strings.Replace(fmt.Sprintf("%v", this.AssignedGenericResources), "GenericResource", "GenericResource", 1) + `,`, `}`, }, "") return s @@ -6001,6 +6029,37 @@ func (m *Task) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 15: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AssignedGenericResources", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowObjects + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthObjects + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.AssignedGenericResources = append(m.AssignedGenericResources, &GenericResource{}) + if err := m.AssignedGenericResources[len(m.AssignedGenericResources)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipObjects(dAtA[iNdEx:]) @@ -7630,96 +7689,99 @@ var ( func init() { proto.RegisterFile("objects.proto", fileDescriptorObjects) } var fileDescriptorObjects = []byte{ - // 1451 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x58, 0xcd, 0x6f, 0x1b, 0x45, - 0x14, 0xef, 0xda, 0x1b, 0x7f, 0x3c, 0x27, 0x56, 0x98, 0x86, 0xe0, 0x9a, 0x60, 0x07, 0x57, 0xa0, - 0x0a, 0x55, 0x4e, 0x09, 0x05, 0xa5, 0x81, 0xd2, 0xda, 0x49, 0xd4, 0x5a, 0xa5, 0x34, 0x9a, 0x96, - 0x96, 0x9b, 0x99, 0xec, 0x4e, 0xdd, 0xc5, 0xeb, 0x9d, 0xd5, 0xce, 0xd8, 0xc5, 0x37, 0xce, 0xf9, - 0x07, 0x72, 0xe3, 0xd0, 0x13, 0x77, 0xb8, 0x70, 0xe1, 0xc0, 0xa9, 0x47, 0x4e, 0x88, 0x53, 0x44, - 0xfd, 0x5f, 0x20, 0x71, 0x40, 0x33, 0x3b, 0x6b, 0x6f, 0xea, 0x75, 0x92, 0xa2, 0x2a, 0xe2, 0xe4, - 0xf9, 0xf8, 0xfd, 0xde, 0xd7, 0xbc, 0xf7, 0x66, 0xd6, 0xb0, 0xc0, 0xf6, 0xbe, 0xa5, 0x96, 0xe0, - 0x75, 0x3f, 0x60, 0x82, 0x21, 0x64, 0x33, 0xab, 0x4b, 0x83, 0x3a, 0x7f, 0x4a, 0x82, 0x5e, 0xd7, - 0x11, 0xf5, 0xc1, 0x87, 0xe5, 0x82, 0x18, 0xfa, 0x54, 0x03, 0xca, 0x05, 0xee, 0x53, 0x2b, 0x9a, - 0x54, 0x3b, 0x8c, 0x75, 0x5c, 0xba, 0xa6, 0x66, 0x7b, 0xfd, 0xc7, 0x6b, 0xc2, 0xe9, 0x51, 0x2e, - 0x48, 0xcf, 0xd7, 0x80, 0xa5, 0x0e, 0xeb, 0x30, 0x35, 0x5c, 0x93, 0x23, 0xbd, 0x7a, 0xe1, 0x65, - 0x1a, 0xf1, 0x86, 0x7a, 0xeb, 0xbc, 0xef, 0xf6, 0x3b, 0x8e, 0xb7, 0x16, 0xfe, 0x84, 0x8b, 0xb5, - 0x5f, 0x0c, 0x30, 0xef, 0x52, 0x41, 0xd0, 0xa7, 0x90, 0x1d, 0xd0, 0x80, 0x3b, 0xcc, 0x2b, 0x19, - 0xab, 0xc6, 0xa5, 0xc2, 0xfa, 0xdb, 0xf5, 0x69, 0x7b, 0xeb, 0x0f, 0x43, 0x48, 0xd3, 0x7c, 0x7e, - 0x58, 0x3d, 0x87, 0x23, 0x06, 0xba, 0x06, 0x60, 0x05, 0x94, 0x08, 0x6a, 0xb7, 0x89, 0x28, 0xa5, - 0x14, 0xbf, 0x5c, 0x0f, 0x4d, 0xa9, 0x47, 0xa6, 0xd4, 0x1f, 0x44, 0x1e, 0xe0, 0xbc, 0x46, 0x37, - 0x84, 0xa4, 0xf6, 0x7d, 0x3b, 0xa2, 0xa6, 0x4f, 0xa6, 0x6a, 0x74, 0x43, 0xd4, 0x7e, 0x32, 0xc1, - 0xfc, 0x92, 0xd9, 0x14, 0x2d, 0x43, 0xca, 0xb1, 0x95, 0xd9, 0xf9, 0x66, 0x66, 0x74, 0x58, 0x4d, - 0xb5, 0xb6, 0x71, 0xca, 0xb1, 0xd1, 0x3a, 0x98, 0x3d, 0x2a, 0x88, 0x36, 0xa8, 0x94, 0xe4, 0x90, - 0xf4, 0x5d, 0x7b, 0xa3, 0xb0, 0xe8, 0x13, 0x30, 0xe5, 0x31, 0x68, 0x4b, 0x56, 0x92, 0x38, 0x52, - 0xe7, 0x7d, 0x9f, 0x5a, 0x11, 0x4f, 0xe2, 0xd1, 0x0e, 0x14, 0x6c, 0xca, 0xad, 0xc0, 0xf1, 0x85, - 0x8c, 0xa1, 0xa9, 0xe8, 0x17, 0x67, 0xd1, 0xb7, 0x27, 0x50, 0x1c, 0xe7, 0xa1, 0xcf, 0x20, 0xc3, - 0x05, 0x11, 0x7d, 0x5e, 0x9a, 0x53, 0x12, 0x2a, 0x33, 0x0d, 0x50, 0x28, 0x6d, 0x82, 0xe6, 0xa0, - 0xdb, 0x50, 0xec, 0x11, 0x8f, 0x74, 0x68, 0xd0, 0xd6, 0x52, 0x32, 0x4a, 0xca, 0xbb, 0x89, 0xae, - 0x87, 0xc8, 0x50, 0x10, 0x5e, 0xe8, 0xc5, 0xa7, 0x68, 0x07, 0x80, 0x08, 0x41, 0xac, 0x27, 0x3d, - 0xea, 0x89, 0x52, 0x56, 0x49, 0x79, 0x2f, 0xd1, 0x16, 0x2a, 0x9e, 0xb2, 0xa0, 0xdb, 0x18, 0x83, - 0x71, 0x8c, 0x88, 0x6e, 0x41, 0xc1, 0xa2, 0x81, 0x70, 0x1e, 0x3b, 0x16, 0x11, 0xb4, 0x94, 0x53, - 0x72, 0xaa, 0x49, 0x72, 0xb6, 0x26, 0x30, 0xed, 0x54, 0x9c, 0x89, 0xae, 0x80, 0x19, 0x30, 0x97, - 0x96, 0xf2, 0xab, 0xc6, 0xa5, 0xe2, 0xec, 0x63, 0xc1, 0xcc, 0xa5, 0x58, 0x21, 0x37, 0x97, 0xf7, - 0x0f, 0x6a, 0x08, 0x16, 0x73, 0xc6, 0xa2, 0xa1, 0x52, 0xc3, 0xb8, 0x62, 0x7c, 0x6d, 0x7c, 0x63, - 0xd4, 0xfe, 0x49, 0x43, 0xf6, 0x3e, 0x0d, 0x06, 0x8e, 0xf5, 0x7a, 0x13, 0xe7, 0xda, 0x91, 0xc4, - 0x49, 0xf4, 0x51, 0xab, 0x9d, 0xca, 0x9d, 0x0d, 0xc8, 0x51, 0xcf, 0xf6, 0x99, 0xe3, 0x09, 0x9d, - 0x38, 0x89, 0x0e, 0xee, 0x68, 0x0c, 0x1e, 0xa3, 0xd1, 0x0e, 0x2c, 0x84, 0xf5, 0xd0, 0x3e, 0x92, - 0x35, 0xab, 0x49, 0xf4, 0xaf, 0x14, 0x50, 0x1f, 0xf7, 0x7c, 0x3f, 0x36, 0x43, 0xdb, 0xb0, 0xe0, - 0x07, 0x74, 0xe0, 0xb0, 0x3e, 0x6f, 0x2b, 0x27, 0x32, 0xa7, 0x72, 0x02, 0xcf, 0x47, 0x2c, 0x39, - 0x43, 0x9f, 0xc3, 0xbc, 0x24, 0xb7, 0xa3, 0x3e, 0x02, 0x27, 0xf6, 0x11, 0xac, 0x5a, 0x9e, 0x9e, - 0xa0, 0x7b, 0xf0, 0xe6, 0x11, 0x2b, 0xc6, 0x82, 0x0a, 0x27, 0x0b, 0x3a, 0x1f, 0xb7, 0x44, 0x2f, - 0x6e, 0xa2, 0xfd, 0x83, 0x5a, 0x11, 0xe6, 0xe3, 0x29, 0x50, 0xfb, 0x21, 0x05, 0xb9, 0x28, 0x90, - 0xe8, 0xaa, 0x3e, 0x33, 0x63, 0x76, 0xd4, 0x22, 0xac, 0xf2, 0x37, 0x3c, 0xae, 0xab, 0x30, 0xe7, - 0xb3, 0x40, 0xf0, 0x52, 0x6a, 0x35, 0x3d, 0xab, 0x44, 0x77, 0x59, 0x20, 0xb6, 0x98, 0xf7, 0xd8, - 0xe9, 0xe0, 0x10, 0x8c, 0x1e, 0x41, 0x61, 0xe0, 0x04, 0xa2, 0x4f, 0xdc, 0xb6, 0xe3, 0xf3, 0x52, - 0x5a, 0x71, 0xdf, 0x3f, 0x4e, 0x65, 0xfd, 0x61, 0x88, 0x6f, 0xed, 0x36, 0x8b, 0xa3, 0xc3, 0x2a, - 0x8c, 0xa7, 0x1c, 0x83, 0x16, 0xd5, 0xf2, 0x79, 0xf9, 0x2e, 0xe4, 0xc7, 0x3b, 0xe8, 0x32, 0x80, - 0x17, 0x56, 0x64, 0x7b, 0x9c, 0xd9, 0x0b, 0xa3, 0xc3, 0x6a, 0x5e, 0xd7, 0x69, 0x6b, 0x1b, 0xe7, - 0x35, 0xa0, 0x65, 0x23, 0x04, 0x26, 0xb1, 0xed, 0x40, 0xe5, 0x79, 0x1e, 0xab, 0x71, 0xed, 0xc7, - 0x0c, 0x98, 0x0f, 0x08, 0xef, 0x9e, 0x75, 0x57, 0x95, 0x3a, 0xa7, 0x2a, 0xe3, 0x32, 0x00, 0x0f, - 0xf3, 0x4d, 0xba, 0x63, 0x4e, 0xdc, 0xd1, 0x59, 0x28, 0xdd, 0xd1, 0x80, 0xd0, 0x1d, 0xee, 0x32, - 0xa1, 0x8a, 0xc0, 0xc4, 0x6a, 0x8c, 0x2e, 0x42, 0xd6, 0x63, 0xb6, 0xa2, 0x67, 0x14, 0x1d, 0x46, - 0x87, 0xd5, 0x8c, 0xec, 0x15, 0xad, 0x6d, 0x9c, 0x91, 0x5b, 0x2d, 0x5b, 0xb6, 0x29, 0xe2, 0x79, - 0x4c, 0x10, 0xd9, 0x83, 0xb9, 0x6e, 0x77, 0x89, 0xd9, 0xdf, 0x98, 0xc0, 0xa2, 0x36, 0x15, 0x63, - 0xa2, 0x87, 0x70, 0x3e, 0xb2, 0x37, 0x2e, 0x30, 0xf7, 0x2a, 0x02, 0x91, 0x96, 0x10, 0xdb, 0x89, - 0x5d, 0x0b, 0xf9, 0xd9, 0xd7, 0x82, 0x8a, 0x60, 0xd2, 0xb5, 0xd0, 0x84, 0x05, 0x9b, 0x72, 0x27, - 0xa0, 0xb6, 0x6a, 0x13, 0x54, 0x55, 0x66, 0x71, 0xfd, 0x9d, 0xe3, 0x84, 0x50, 0x3c, 0xaf, 0x39, - 0x6a, 0x86, 0x1a, 0x90, 0xd3, 0x79, 0xc3, 0x4b, 0x05, 0x95, 0xbb, 0xa7, 0xbc, 0x0e, 0xc6, 0xb4, - 0x23, 0x6d, 0x6e, 0xfe, 0x95, 0xda, 0xdc, 0x35, 0x00, 0x97, 0x75, 0xda, 0x76, 0xe0, 0x0c, 0x68, - 0x50, 0x5a, 0xd0, 0x8f, 0x84, 0x04, 0xee, 0xb6, 0x42, 0xe0, 0xbc, 0xcb, 0x3a, 0xe1, 0x70, 0xaa, - 0x29, 0x15, 0x5f, 0xad, 0x29, 0x6d, 0x96, 0xf7, 0x0f, 0x6a, 0xcb, 0xb0, 0x14, 0xef, 0x21, 0x1b, - 0xc6, 0x4d, 0xe3, 0xb6, 0xb1, 0x6b, 0xd4, 0x7e, 0x4b, 0xc1, 0x1b, 0x53, 0x0e, 0xa3, 0x8f, 0x21, - 0xab, 0x5d, 0x3e, 0xee, 0x25, 0xa5, 0x79, 0x38, 0xc2, 0xa2, 0x15, 0xc8, 0xcb, 0xfa, 0xa3, 0x9c, - 0xd3, 0xb0, 0xb3, 0xe4, 0xf1, 0x64, 0x01, 0x95, 0x20, 0x4b, 0x5c, 0x87, 0xc8, 0xbd, 0xb4, 0xda, - 0x8b, 0xa6, 0xa8, 0x0f, 0xcb, 0x61, 0x5c, 0xda, 0x93, 0x7b, 0xb7, 0xcd, 0x7c, 0xc1, 0x4b, 0xa6, - 0x3a, 0xa6, 0x1b, 0xa7, 0x3a, 0x26, 0x1d, 0xb9, 0xc9, 0xc2, 0x3d, 0x5f, 0xf0, 0x1d, 0x4f, 0x04, - 0x43, 0xbc, 0x64, 0x27, 0x6c, 0x95, 0x6f, 0xc1, 0x85, 0x99, 0x14, 0xb4, 0x08, 0xe9, 0x2e, 0x1d, - 0x86, 0xbd, 0x03, 0xcb, 0x21, 0x5a, 0x82, 0xb9, 0x01, 0x71, 0xfb, 0x54, 0xb7, 0x9a, 0x70, 0xb2, - 0x99, 0xda, 0x30, 0x6a, 0xcf, 0x52, 0x90, 0xd5, 0xe6, 0x9c, 0xf5, 0x7d, 0xac, 0xd5, 0x4e, 0x75, - 0x9d, 0xeb, 0x30, 0xaf, 0x43, 0x1a, 0x96, 0x8b, 0x79, 0x62, 0xc2, 0x15, 0x42, 0x7c, 0x58, 0x2a, - 0xd7, 0xc1, 0x74, 0x7c, 0xd2, 0xd3, 0x77, 0x71, 0xa2, 0xe6, 0xd6, 0x6e, 0xe3, 0xee, 0x3d, 0x3f, - 0xac, 0xfa, 0xdc, 0xe8, 0xb0, 0x6a, 0xca, 0x05, 0xac, 0x68, 0x89, 0xb7, 0xd6, 0xcf, 0x73, 0x90, - 0xdd, 0x72, 0xfb, 0x5c, 0xd0, 0xe0, 0xac, 0x83, 0xa4, 0xd5, 0x4e, 0x05, 0x69, 0x0b, 0xb2, 0x01, - 0x63, 0xa2, 0x6d, 0x91, 0xe3, 0xe2, 0x83, 0x19, 0x13, 0x5b, 0x8d, 0x66, 0x51, 0x12, 0x65, 0xe3, - 0x0d, 0xe7, 0x38, 0x23, 0xa9, 0x5b, 0x04, 0x3d, 0x82, 0xe5, 0xe8, 0xba, 0xda, 0x63, 0x4c, 0x70, - 0x11, 0x10, 0xbf, 0xdd, 0xa5, 0x43, 0xf9, 0x90, 0x49, 0xcf, 0x7a, 0xb8, 0xee, 0x78, 0x56, 0x30, - 0x54, 0xc1, 0xbb, 0x43, 0x87, 0x78, 0x49, 0x0b, 0x68, 0x46, 0xfc, 0x3b, 0x74, 0xc8, 0xd1, 0x0d, - 0x58, 0xa1, 0x63, 0x98, 0x94, 0xd8, 0x76, 0x49, 0x4f, 0x5e, 0xc4, 0x6d, 0xcb, 0x65, 0x56, 0x57, - 0xdd, 0x05, 0x26, 0xbe, 0x40, 0xe3, 0xa2, 0xbe, 0x08, 0x11, 0x5b, 0x12, 0x80, 0x38, 0x94, 0xf6, - 0x5c, 0x62, 0x75, 0x5d, 0x87, 0xcb, 0x6f, 0x93, 0xd8, 0x5b, 0x54, 0xb6, 0x73, 0x69, 0xdb, 0xc6, - 0x31, 0xd1, 0xaa, 0x37, 0x27, 0xdc, 0xd8, 0xcb, 0x56, 0x57, 0xd4, 0x5b, 0x7b, 0xc9, 0xbb, 0xa8, - 0x09, 0x85, 0xbe, 0x27, 0xd5, 0x87, 0x31, 0xc8, 0x9f, 0x36, 0x06, 0x10, 0xb2, 0xa4, 0xe7, 0xe5, - 0x01, 0xac, 0x1c, 0xa7, 0x3c, 0xa1, 0x36, 0x6f, 0xc6, 0x6b, 0xb3, 0xb0, 0xfe, 0x41, 0x92, 0xbe, - 0x64, 0x91, 0xb1, 0x3a, 0x4e, 0x4c, 0xdb, 0x5f, 0x0d, 0xc8, 0xdc, 0xa7, 0x56, 0x40, 0xc5, 0x6b, - 0xcd, 0xda, 0x8d, 0x23, 0x59, 0x5b, 0x49, 0x7e, 0xa5, 0x4a, 0xad, 0x53, 0x49, 0x5b, 0x86, 0x9c, - 0xe3, 0x09, 0x1a, 0x78, 0xc4, 0x55, 0x59, 0x9b, 0xc3, 0xe3, 0x79, 0xa2, 0x03, 0xcf, 0x0c, 0xc8, - 0x84, 0xcf, 0xb8, 0xb3, 0x76, 0x20, 0xd4, 0xfa, 0xb2, 0x03, 0x89, 0x46, 0xfe, 0x6d, 0x40, 0x0e, - 0x53, 0xce, 0xfa, 0xc1, 0x6b, 0xfe, 0xa4, 0x79, 0xe9, 0x59, 0x94, 0xfe, 0xcf, 0xcf, 0x22, 0x04, - 0x66, 0xd7, 0xf1, 0xf4, 0x03, 0x0e, 0xab, 0x31, 0xaa, 0x43, 0xd6, 0x27, 0x43, 0x97, 0x11, 0x5b, - 0x37, 0xca, 0xa5, 0xa9, 0xaf, 0xfe, 0x86, 0x37, 0xc4, 0x11, 0x68, 0x73, 0x69, 0xff, 0xa0, 0xb6, - 0x08, 0xc5, 0xb8, 0xe7, 0x4f, 0x8c, 0xda, 0x1f, 0x06, 0xe4, 0x77, 0xbe, 0x13, 0xd4, 0x53, 0x5f, - 0x10, 0xff, 0x4b, 0xe7, 0x57, 0xa7, 0xff, 0x19, 0xc8, 0x1f, 0xf9, 0xe8, 0x4f, 0x3a, 0xd4, 0x66, - 0xe9, 0xf9, 0x8b, 0xca, 0xb9, 0x3f, 0x5f, 0x54, 0xce, 0x7d, 0x3f, 0xaa, 0x18, 0xcf, 0x47, 0x15, - 0xe3, 0xf7, 0x51, 0xc5, 0xf8, 0x6b, 0x54, 0x31, 0xf6, 0x32, 0x2a, 0x3e, 0x1f, 0xfd, 0x1b, 0x00, - 0x00, 0xff, 0xff, 0x1b, 0x47, 0x17, 0xba, 0x5f, 0x12, 0x00, 0x00, + // 1491 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x58, 0xcf, 0x6f, 0x1b, 0x4f, + 0x15, 0xef, 0xda, 0x1b, 0xff, 0x78, 0x4e, 0x4c, 0x98, 0x86, 0xb0, 0x35, 0xc1, 0x0e, 0xae, 0x40, + 0x15, 0xaa, 0x9c, 0x12, 0x0a, 0x4a, 0x03, 0xa5, 0xb5, 0x93, 0xa8, 0xb5, 0x4a, 0x69, 0x34, 0x2d, + 0x2d, 0xb7, 0x65, 0xb2, 0x3b, 0x75, 0x17, 0xaf, 0x77, 0x56, 0x3b, 0x63, 0x17, 0xdf, 0x38, 0x87, + 0x3f, 0x20, 0x37, 0x0e, 0xfd, 0x17, 0xe0, 0xc2, 0x85, 0x03, 0xa7, 0x1e, 0x39, 0x21, 0x4e, 0x11, + 0xf5, 0x7f, 0x81, 0xc4, 0xe1, 0xab, 0x99, 0x9d, 0xb5, 0x37, 0xf1, 0x3a, 0x49, 0xbf, 0xaa, 0xa2, + 0xef, 0x29, 0x33, 0x3b, 0x9f, 0xcf, 0x9b, 0xf7, 0xde, 0xbc, 0x5f, 0x31, 0xac, 0xb0, 0xa3, 0x3f, + 0x50, 0x47, 0xf0, 0x56, 0x18, 0x31, 0xc1, 0x10, 0x72, 0x99, 0xd3, 0xa7, 0x51, 0x8b, 0xbf, 0x27, + 0xd1, 0xa0, 0xef, 0x89, 0xd6, 0xe8, 0x27, 0xb5, 0x8a, 0x18, 0x87, 0x54, 0x03, 0x6a, 0x15, 0x1e, + 0x52, 0x27, 0xd9, 0x34, 0x7a, 0x8c, 0xf5, 0x7c, 0xba, 0xa5, 0x76, 0x47, 0xc3, 0xb7, 0x5b, 0xc2, + 0x1b, 0x50, 0x2e, 0xc8, 0x20, 0xd4, 0x80, 0xb5, 0x1e, 0xeb, 0x31, 0xb5, 0xdc, 0x92, 0x2b, 0xfd, + 0xf5, 0xd6, 0x79, 0x1a, 0x09, 0xc6, 0xfa, 0xe8, 0x66, 0xe8, 0x0f, 0x7b, 0x5e, 0xb0, 0x15, 0xff, + 0x89, 0x3f, 0x36, 0xff, 0x6e, 0x80, 0xf9, 0x9c, 0x0a, 0x82, 0x7e, 0x01, 0xc5, 0x11, 0x8d, 0xb8, + 0xc7, 0x02, 0xcb, 0xd8, 0x34, 0xee, 0x54, 0xb6, 0xbf, 0xd7, 0x9a, 0xd7, 0xb7, 0xf5, 0x3a, 0x86, + 0x74, 0xcc, 0x8f, 0xa7, 0x8d, 0x1b, 0x38, 0x61, 0xa0, 0x07, 0x00, 0x4e, 0x44, 0x89, 0xa0, 0xae, + 0x4d, 0x84, 0x95, 0x53, 0xfc, 0x5a, 0x2b, 0x56, 0xa5, 0x95, 0xa8, 0xd2, 0x7a, 0x95, 0x58, 0x80, + 0xcb, 0x1a, 0xdd, 0x16, 0x92, 0x3a, 0x0c, 0xdd, 0x84, 0x9a, 0xbf, 0x9c, 0xaa, 0xd1, 0x6d, 0xd1, + 0xfc, 0xab, 0x09, 0xe6, 0x6f, 0x98, 0x4b, 0xd1, 0x3a, 0xe4, 0x3c, 0x57, 0xa9, 0x5d, 0xee, 0x14, + 0x26, 0xa7, 0x8d, 0x5c, 0x77, 0x1f, 0xe7, 0x3c, 0x17, 0x6d, 0x83, 0x39, 0xa0, 0x82, 0x68, 0x85, + 0xac, 0x2c, 0x83, 0xa4, 0xed, 0xda, 0x1a, 0x85, 0x45, 0x3f, 0x07, 0x53, 0x3e, 0x83, 0xd6, 0x64, + 0x23, 0x8b, 0x23, 0xef, 0x7c, 0x19, 0x52, 0x27, 0xe1, 0x49, 0x3c, 0x3a, 0x80, 0x8a, 0x4b, 0xb9, + 0x13, 0x79, 0xa1, 0x90, 0x3e, 0x34, 0x15, 0xfd, 0xf6, 0x22, 0xfa, 0xfe, 0x0c, 0x8a, 0xd3, 0x3c, + 0xf4, 0x4b, 0x28, 0x70, 0x41, 0xc4, 0x90, 0x5b, 0x4b, 0x4a, 0x42, 0x7d, 0xa1, 0x02, 0x0a, 0xa5, + 0x55, 0xd0, 0x1c, 0xf4, 0x14, 0xaa, 0x03, 0x12, 0x90, 0x1e, 0x8d, 0x6c, 0x2d, 0xa5, 0xa0, 0xa4, + 0xfc, 0x20, 0xd3, 0xf4, 0x18, 0x19, 0x0b, 0xc2, 0x2b, 0x83, 0xf4, 0x16, 0x1d, 0x00, 0x10, 0x21, + 0x88, 0xf3, 0x6e, 0x40, 0x03, 0x61, 0x15, 0x95, 0x94, 0x1f, 0x66, 0xea, 0x42, 0xc5, 0x7b, 0x16, + 0xf5, 0xdb, 0x53, 0x30, 0x4e, 0x11, 0xd1, 0x13, 0xa8, 0x38, 0x34, 0x12, 0xde, 0x5b, 0xcf, 0x21, + 0x82, 0x5a, 0x25, 0x25, 0xa7, 0x91, 0x25, 0x67, 0x6f, 0x06, 0xd3, 0x46, 0xa5, 0x99, 0xe8, 0x1e, + 0x98, 0x11, 0xf3, 0xa9, 0x55, 0xde, 0x34, 0xee, 0x54, 0x17, 0x3f, 0x0b, 0x66, 0x3e, 0xc5, 0x0a, + 0xb9, 0xbb, 0x7e, 0x7c, 0xd2, 0x44, 0xb0, 0x5a, 0x32, 0x56, 0x0d, 0x15, 0x1a, 0xc6, 0x3d, 0xe3, + 0x77, 0xc6, 0xef, 0x8d, 0xe6, 0xff, 0xf3, 0x50, 0x7c, 0x49, 0xa3, 0x91, 0xe7, 0x7c, 0xd9, 0xc0, + 0x79, 0x70, 0x26, 0x70, 0x32, 0x6d, 0xd4, 0xd7, 0xce, 0xc5, 0xce, 0x0e, 0x94, 0x68, 0xe0, 0x86, + 0xcc, 0x0b, 0x84, 0x0e, 0x9c, 0x4c, 0x03, 0x0f, 0x34, 0x06, 0x4f, 0xd1, 0xe8, 0x00, 0x56, 0xe2, + 0x7c, 0xb0, 0xcf, 0x44, 0xcd, 0x66, 0x16, 0xfd, 0xb7, 0x0a, 0xa8, 0x9f, 0x7b, 0x79, 0x98, 0xda, + 0xa1, 0x7d, 0x58, 0x09, 0x23, 0x3a, 0xf2, 0xd8, 0x90, 0xdb, 0xca, 0x88, 0xc2, 0x95, 0x8c, 0xc0, + 0xcb, 0x09, 0x4b, 0xee, 0xd0, 0xaf, 0x60, 0x59, 0x92, 0xed, 0xa4, 0x8e, 0xc0, 0xa5, 0x75, 0x04, + 0xab, 0x92, 0xa7, 0x37, 0xe8, 0x05, 0x7c, 0xe7, 0x8c, 0x16, 0x53, 0x41, 0x95, 0xcb, 0x05, 0xdd, + 0x4c, 0x6b, 0xa2, 0x3f, 0xee, 0xa2, 0xe3, 0x93, 0x66, 0x15, 0x96, 0xd3, 0x21, 0xd0, 0xfc, 0x4b, + 0x0e, 0x4a, 0x89, 0x23, 0xd1, 0x7d, 0xfd, 0x66, 0xc6, 0x62, 0xaf, 0x25, 0x58, 0x65, 0x6f, 0xfc, + 0x5c, 0xf7, 0x61, 0x29, 0x64, 0x91, 0xe0, 0x56, 0x6e, 0x33, 0xbf, 0x28, 0x45, 0x0f, 0x59, 0x24, + 0xf6, 0x58, 0xf0, 0xd6, 0xeb, 0xe1, 0x18, 0x8c, 0xde, 0x40, 0x65, 0xe4, 0x45, 0x62, 0x48, 0x7c, + 0xdb, 0x0b, 0xb9, 0x95, 0x57, 0xdc, 0x1f, 0x5d, 0x74, 0x65, 0xeb, 0x75, 0x8c, 0xef, 0x1e, 0x76, + 0xaa, 0x93, 0xd3, 0x06, 0x4c, 0xb7, 0x1c, 0x83, 0x16, 0xd5, 0x0d, 0x79, 0xed, 0x39, 0x94, 0xa7, + 0x27, 0xe8, 0x2e, 0x40, 0x10, 0x67, 0xa4, 0x3d, 0x8d, 0xec, 0x95, 0xc9, 0x69, 0xa3, 0xac, 0xf3, + 0xb4, 0xbb, 0x8f, 0xcb, 0x1a, 0xd0, 0x75, 0x11, 0x02, 0x93, 0xb8, 0x6e, 0xa4, 0xe2, 0xbc, 0x8c, + 0xd5, 0xba, 0xf9, 0xe7, 0x22, 0x98, 0xaf, 0x08, 0xef, 0x5f, 0x77, 0x55, 0x95, 0x77, 0xce, 0x65, + 0xc6, 0x5d, 0x00, 0x1e, 0xc7, 0x9b, 0x34, 0xc7, 0x9c, 0x99, 0xa3, 0xa3, 0x50, 0x9a, 0xa3, 0x01, + 0xb1, 0x39, 0xdc, 0x67, 0x42, 0x25, 0x81, 0x89, 0xd5, 0x1a, 0xdd, 0x86, 0x62, 0xc0, 0x5c, 0x45, + 0x2f, 0x28, 0x3a, 0x4c, 0x4e, 0x1b, 0x05, 0x59, 0x2b, 0xba, 0xfb, 0xb8, 0x20, 0x8f, 0xba, 0xae, + 0x2c, 0x53, 0x24, 0x08, 0x98, 0x20, 0xb2, 0x06, 0x73, 0x5d, 0xee, 0x32, 0xa3, 0xbf, 0x3d, 0x83, + 0x25, 0x65, 0x2a, 0xc5, 0x44, 0xaf, 0xe1, 0x66, 0xa2, 0x6f, 0x5a, 0x60, 0xe9, 0x73, 0x04, 0x22, + 0x2d, 0x21, 0x75, 0x92, 0x6a, 0x0b, 0xe5, 0xc5, 0x6d, 0x41, 0x79, 0x30, 0xab, 0x2d, 0x74, 0x60, + 0xc5, 0xa5, 0xdc, 0x8b, 0xa8, 0xab, 0xca, 0x04, 0x55, 0x99, 0x59, 0xdd, 0xfe, 0xfe, 0x45, 0x42, + 0x28, 0x5e, 0xd6, 0x1c, 0xb5, 0x43, 0x6d, 0x28, 0xe9, 0xb8, 0xe1, 0x56, 0x45, 0xc5, 0xee, 0x15, + 0xdb, 0xc1, 0x94, 0x76, 0xa6, 0xcc, 0x2d, 0x7f, 0x56, 0x99, 0x7b, 0x00, 0xe0, 0xb3, 0x9e, 0xed, + 0x46, 0xde, 0x88, 0x46, 0xd6, 0x8a, 0x1e, 0x12, 0x32, 0xb8, 0xfb, 0x0a, 0x81, 0xcb, 0x3e, 0xeb, + 0xc5, 0xcb, 0xb9, 0xa2, 0x54, 0xfd, 0xcc, 0xa2, 0x44, 0xa0, 0x46, 0x38, 0xf7, 0x7a, 0x01, 0x75, + 0xed, 0x1e, 0x0d, 0x68, 0xe4, 0x39, 0x76, 0x44, 0x39, 0x1b, 0x46, 0x0e, 0xe5, 0xd6, 0xb7, 0x94, + 0x27, 0x32, 0xdb, 0xfc, 0x93, 0x18, 0x8c, 0x35, 0x16, 0x5b, 0x89, 0x98, 0x73, 0x07, 0x7c, 0xb7, + 0x76, 0x7c, 0xd2, 0x5c, 0x87, 0xb5, 0x74, 0x99, 0xda, 0x31, 0x1e, 0x1b, 0x4f, 0x8d, 0x43, 0xa3, + 0xf9, 0xcf, 0x1c, 0x7c, 0x7b, 0xce, 0xa7, 0xe8, 0x67, 0x50, 0xd4, 0x5e, 0xbd, 0x68, 0x58, 0xd3, + 0x3c, 0x9c, 0x60, 0xd1, 0x06, 0x94, 0x65, 0x8a, 0x53, 0xce, 0x69, 0x5c, 0xbc, 0xca, 0x78, 0xf6, + 0x01, 0x59, 0x50, 0x24, 0xbe, 0x47, 0xe4, 0x59, 0x5e, 0x9d, 0x25, 0x5b, 0x34, 0x84, 0xf5, 0xd8, + 0xf5, 0xf6, 0xac, 0xb5, 0xdb, 0x2c, 0x14, 0xdc, 0x32, 0x95, 0xfd, 0x8f, 0xae, 0x14, 0x09, 0xfa, + 0x71, 0x66, 0x1f, 0x5e, 0x84, 0x82, 0x1f, 0x04, 0x22, 0x1a, 0xe3, 0x35, 0x37, 0xe3, 0xa8, 0xf6, + 0x04, 0x6e, 0x2d, 0xa4, 0xa0, 0x55, 0xc8, 0xf7, 0xe9, 0x38, 0x2e, 0x4f, 0x58, 0x2e, 0xd1, 0x1a, + 0x2c, 0x8d, 0x88, 0x3f, 0xa4, 0xba, 0x9a, 0xc5, 0x9b, 0xdd, 0xdc, 0x8e, 0xd1, 0xfc, 0x90, 0x83, + 0xa2, 0x56, 0xe7, 0xba, 0x5b, 0xbe, 0xbe, 0x76, 0xae, 0xb0, 0x3d, 0x84, 0x65, 0xed, 0xd2, 0x38, + 0x23, 0xcd, 0x4b, 0x63, 0xba, 0x12, 0xe3, 0xe3, 0x6c, 0x7c, 0x08, 0xa6, 0x17, 0x92, 0x81, 0x6e, + 0xf7, 0x99, 0x37, 0x77, 0x0f, 0xdb, 0xcf, 0x5f, 0x84, 0x71, 0x61, 0x29, 0x4d, 0x4e, 0x1b, 0xa6, + 0xfc, 0x80, 0x15, 0x2d, 0xb3, 0x31, 0xfe, 0x6d, 0x09, 0x8a, 0x7b, 0xfe, 0x90, 0x0b, 0x1a, 0x5d, + 0xb7, 0x93, 0xf4, 0xb5, 0x73, 0x4e, 0xda, 0x83, 0x62, 0xc4, 0x98, 0xb0, 0x1d, 0x72, 0x91, 0x7f, + 0x30, 0x63, 0x62, 0xaf, 0xdd, 0xa9, 0x4a, 0xa2, 0xac, 0xed, 0xf1, 0x1e, 0x17, 0x24, 0x75, 0x8f, + 0xa0, 0x37, 0xb0, 0x9e, 0x74, 0xc4, 0x23, 0xc6, 0x04, 0x17, 0x11, 0x09, 0xed, 0x3e, 0x1d, 0xcb, + 0x59, 0x29, 0xbf, 0x68, 0x36, 0x3e, 0x08, 0x9c, 0x68, 0xac, 0x9c, 0xf7, 0x8c, 0x8e, 0xf1, 0x9a, + 0x16, 0xd0, 0x49, 0xf8, 0xcf, 0xe8, 0x98, 0xa3, 0x47, 0xb0, 0x41, 0xa7, 0x30, 0x29, 0xd1, 0xf6, + 0xc9, 0x40, 0xf6, 0x7a, 0xdb, 0xf1, 0x99, 0xd3, 0x57, 0xed, 0xc6, 0xc4, 0xb7, 0x68, 0x5a, 0xd4, + 0xaf, 0x63, 0xc4, 0x9e, 0x04, 0x20, 0x0e, 0xd6, 0x91, 0x4f, 0x9c, 0xbe, 0xef, 0x71, 0xf9, 0xef, + 0x4f, 0x6a, 0xdc, 0x95, 0x1d, 0x43, 0xea, 0xb6, 0x73, 0x81, 0xb7, 0x5a, 0x9d, 0x19, 0x37, 0x35, + 0x3c, 0xeb, 0x8c, 0xfa, 0xee, 0x51, 0xf6, 0x29, 0xea, 0x40, 0x65, 0x18, 0xc8, 0xeb, 0x63, 0x1f, + 0x94, 0xaf, 0xea, 0x03, 0x88, 0x59, 0xd2, 0xf2, 0xda, 0x08, 0x36, 0x2e, 0xba, 0x3c, 0x23, 0x37, + 0x1f, 0xa7, 0x73, 0xb3, 0xb2, 0xfd, 0xe3, 0xac, 0xfb, 0xb2, 0x45, 0xa6, 0xf2, 0x38, 0x33, 0x6c, + 0xff, 0x61, 0x40, 0xe1, 0x25, 0x75, 0x22, 0x2a, 0xbe, 0x68, 0xd4, 0xee, 0x9c, 0x89, 0xda, 0x7a, + 0xf6, 0x20, 0x2c, 0x6f, 0x9d, 0x0b, 0xda, 0x1a, 0x94, 0xbc, 0x40, 0xd0, 0x28, 0x20, 0xbe, 0x8a, + 0xda, 0x12, 0x9e, 0xee, 0x33, 0x0d, 0xf8, 0x60, 0x40, 0x21, 0x9e, 0x14, 0xaf, 0xdb, 0x80, 0xf8, + 0xd6, 0xf3, 0x06, 0x64, 0x2a, 0xf9, 0x3f, 0x03, 0x4a, 0x49, 0xc3, 0xfa, 0xa2, 0x6a, 0x9e, 0x9b, + 0xbc, 0xf2, 0x5f, 0x7b, 0xf2, 0x42, 0x60, 0xf6, 0xbd, 0x40, 0xcf, 0x88, 0x58, 0xad, 0x51, 0x0b, + 0x8a, 0x21, 0x19, 0xfb, 0x8c, 0xb8, 0xba, 0x50, 0xae, 0xcd, 0xfd, 0xb0, 0xd0, 0x0e, 0xc6, 0x38, + 0x01, 0xed, 0xae, 0x1d, 0x9f, 0x34, 0x57, 0xa1, 0x9a, 0xb6, 0xfc, 0x9d, 0xd1, 0xfc, 0xb7, 0x01, + 0xe5, 0x83, 0x3f, 0x0a, 0x1a, 0xa8, 0x79, 0xe0, 0x1b, 0x69, 0xfc, 0xe6, 0xfc, 0x8f, 0x0f, 0xe5, + 0x33, 0xbf, 0x2b, 0x64, 0x3d, 0x6a, 0xc7, 0xfa, 0xf8, 0xa9, 0x7e, 0xe3, 0x3f, 0x9f, 0xea, 0x37, + 0xfe, 0x34, 0xa9, 0x1b, 0x1f, 0x27, 0x75, 0xe3, 0x5f, 0x93, 0xba, 0xf1, 0xdf, 0x49, 0xdd, 0x38, + 0x2a, 0x28, 0xff, 0xfc, 0xf4, 0xab, 0x00, 0x00, 0x00, 0xff, 0xff, 0xe4, 0x48, 0xcb, 0x39, 0xc2, + 0x12, 0x00, 0x00, } diff --git a/components/engine/vendor/github.com/docker/swarmkit/api/objects.proto b/components/engine/vendor/github.com/docker/swarmkit/api/objects.proto index 5f7cf26b7f..311c1f2fb6 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/api/objects.proto +++ b/components/engine/vendor/github.com/docker/swarmkit/api/objects.proto @@ -239,6 +239,8 @@ message Task { // // If not present, the daemon's default will be used. Driver log_driver = 13; + + repeated GenericResource assigned_generic_resources = 15; } // NetworkAttachment specifies the network parameters of attachment to diff --git a/components/engine/vendor/github.com/docker/swarmkit/api/types.pb.go b/components/engine/vendor/github.com/docker/swarmkit/api/types.pb.go index 7ff65e47ca..2befc03577 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/api/types.pb.go +++ b/components/engine/vendor/github.com/docker/swarmkit/api/types.pb.go @@ -23,6 +23,9 @@ Version IndexEntry Annotations + GenericString + GenericDiscrete + GenericResource Resources ResourceRequirements Platform @@ -354,7 +357,7 @@ func (x RaftMemberStatus_Reachability) String() string { return proto.EnumName(RaftMemberStatus_Reachability_name, int32(x)) } func (RaftMemberStatus_Reachability) EnumDescriptor() ([]byte, []int) { - return fileDescriptorTypes, []int{10, 0} + return fileDescriptorTypes, []int{13, 0} } // TODO(aluzzardi) These should be using `gogoproto.enumvalue_customname`. @@ -387,7 +390,7 @@ var NodeStatus_State_value = map[string]int32{ func (x NodeStatus_State) String() string { return proto.EnumName(NodeStatus_State_name, int32(x)) } -func (NodeStatus_State) EnumDescriptor() ([]byte, []int) { return fileDescriptorTypes, []int{11, 0} } +func (NodeStatus_State) EnumDescriptor() ([]byte, []int) { return fileDescriptorTypes, []int{14, 0} } type Mount_MountType int32 @@ -411,7 +414,7 @@ var Mount_MountType_value = map[string]int32{ func (x Mount_MountType) String() string { return proto.EnumName(Mount_MountType_name, int32(x)) } -func (Mount_MountType) EnumDescriptor() ([]byte, []int) { return fileDescriptorTypes, []int{13, 0} } +func (Mount_MountType) EnumDescriptor() ([]byte, []int) { return fileDescriptorTypes, []int{16, 0} } type Mount_BindOptions_MountPropagation int32 @@ -445,7 +448,7 @@ func (x Mount_BindOptions_MountPropagation) String() string { return proto.EnumName(Mount_BindOptions_MountPropagation_name, int32(x)) } func (Mount_BindOptions_MountPropagation) EnumDescriptor() ([]byte, []int) { - return fileDescriptorTypes, []int{13, 0, 0} + return fileDescriptorTypes, []int{16, 0, 0} } type RestartPolicy_RestartCondition int32 @@ -471,7 +474,7 @@ func (x RestartPolicy_RestartCondition) String() string { return proto.EnumName(RestartPolicy_RestartCondition_name, int32(x)) } func (RestartPolicy_RestartCondition) EnumDescriptor() ([]byte, []int) { - return fileDescriptorTypes, []int{14, 0} + return fileDescriptorTypes, []int{17, 0} } type UpdateConfig_FailureAction int32 @@ -497,7 +500,7 @@ func (x UpdateConfig_FailureAction) String() string { return proto.EnumName(UpdateConfig_FailureAction_name, int32(x)) } func (UpdateConfig_FailureAction) EnumDescriptor() ([]byte, []int) { - return fileDescriptorTypes, []int{15, 0} + return fileDescriptorTypes, []int{18, 0} } // UpdateOrder controls the order of operations when rolling out an @@ -524,7 +527,7 @@ func (x UpdateConfig_UpdateOrder) String() string { return proto.EnumName(UpdateConfig_UpdateOrder_name, int32(x)) } func (UpdateConfig_UpdateOrder) EnumDescriptor() ([]byte, []int) { - return fileDescriptorTypes, []int{15, 1} + return fileDescriptorTypes, []int{18, 1} } type UpdateStatus_UpdateState int32 @@ -562,7 +565,7 @@ func (x UpdateStatus_UpdateState) String() string { return proto.EnumName(UpdateStatus_UpdateState_name, int32(x)) } func (UpdateStatus_UpdateState) EnumDescriptor() ([]byte, []int) { - return fileDescriptorTypes, []int{16, 0} + return fileDescriptorTypes, []int{19, 0} } // AddressFamily specifies the network address family that @@ -590,7 +593,7 @@ func (x IPAMConfig_AddressFamily) String() string { return proto.EnumName(IPAMConfig_AddressFamily_name, int32(x)) } func (IPAMConfig_AddressFamily) EnumDescriptor() ([]byte, []int) { - return fileDescriptorTypes, []int{21, 0} + return fileDescriptorTypes, []int{24, 0} } type PortConfig_Protocol int32 @@ -612,7 +615,7 @@ var PortConfig_Protocol_value = map[string]int32{ func (x PortConfig_Protocol) String() string { return proto.EnumName(PortConfig_Protocol_name, int32(x)) } -func (PortConfig_Protocol) EnumDescriptor() ([]byte, []int) { return fileDescriptorTypes, []int{22, 0} } +func (PortConfig_Protocol) EnumDescriptor() ([]byte, []int) { return fileDescriptorTypes, []int{25, 0} } // PublishMode controls how ports are published on the swarm. type PortConfig_PublishMode int32 @@ -640,7 +643,7 @@ func (x PortConfig_PublishMode) String() string { return proto.EnumName(PortConfig_PublishMode_name, int32(x)) } func (PortConfig_PublishMode) EnumDescriptor() ([]byte, []int) { - return fileDescriptorTypes, []int{22, 1} + return fileDescriptorTypes, []int{25, 1} } type IssuanceStatus_State int32 @@ -680,7 +683,7 @@ var IssuanceStatus_State_value = map[string]int32{ func (x IssuanceStatus_State) String() string { return proto.EnumName(IssuanceStatus_State_name, int32(x)) } -func (IssuanceStatus_State) EnumDescriptor() ([]byte, []int) { return fileDescriptorTypes, []int{27, 0} } +func (IssuanceStatus_State) EnumDescriptor() ([]byte, []int) { return fileDescriptorTypes, []int{30, 0} } type ExternalCA_CAProtocol int32 @@ -699,7 +702,7 @@ func (x ExternalCA_CAProtocol) String() string { return proto.EnumName(ExternalCA_CAProtocol_name, int32(x)) } func (ExternalCA_CAProtocol) EnumDescriptor() ([]byte, []int) { - return fileDescriptorTypes, []int{29, 0} + return fileDescriptorTypes, []int{32, 0} } // Encryption algorithm that can implemented using this key @@ -720,7 +723,7 @@ func (x EncryptionKey_Algorithm) String() string { return proto.EnumName(EncryptionKey_Algorithm_name, int32(x)) } func (EncryptionKey_Algorithm) EnumDescriptor() ([]byte, []int) { - return fileDescriptorTypes, []int{42, 0} + return fileDescriptorTypes, []int{45, 0} } type MaybeEncryptedRecord_Algorithm int32 @@ -743,7 +746,7 @@ func (x MaybeEncryptedRecord_Algorithm) String() string { return proto.EnumName(MaybeEncryptedRecord_Algorithm_name, int32(x)) } func (MaybeEncryptedRecord_Algorithm) EnumDescriptor() ([]byte, []int) { - return fileDescriptorTypes, []int{49, 0} + return fileDescriptorTypes, []int{52, 0} } // Version tracks the last time an object in the store was updated. @@ -778,16 +781,158 @@ func (m *Annotations) Reset() { *m = Annotations{} } func (*Annotations) ProtoMessage() {} func (*Annotations) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{2} } +type GenericString struct { + Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"` + Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` +} + +func (m *GenericString) Reset() { *m = GenericString{} } +func (*GenericString) ProtoMessage() {} +func (*GenericString) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{3} } + +type GenericDiscrete struct { + Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"` + Value int64 `protobuf:"varint,2,opt,name=value,proto3" json:"value,omitempty"` +} + +func (m *GenericDiscrete) Reset() { *m = GenericDiscrete{} } +func (*GenericDiscrete) ProtoMessage() {} +func (*GenericDiscrete) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{4} } + +type GenericResource struct { + // Types that are valid to be assigned to Resource: + // *GenericResource_Str + // *GenericResource_Discrete + Resource isGenericResource_Resource `protobuf_oneof:"resource"` +} + +func (m *GenericResource) Reset() { *m = GenericResource{} } +func (*GenericResource) ProtoMessage() {} +func (*GenericResource) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{5} } + +type isGenericResource_Resource interface { + isGenericResource_Resource() + MarshalTo([]byte) (int, error) + Size() int +} + +type GenericResource_Str struct { + Str *GenericString `protobuf:"bytes,1,opt,name=str,oneof"` +} +type GenericResource_Discrete struct { + Discrete *GenericDiscrete `protobuf:"bytes,2,opt,name=discrete,oneof"` +} + +func (*GenericResource_Str) isGenericResource_Resource() {} +func (*GenericResource_Discrete) isGenericResource_Resource() {} + +func (m *GenericResource) GetResource() isGenericResource_Resource { + if m != nil { + return m.Resource + } + return nil +} + +func (m *GenericResource) GetStr() *GenericString { + if x, ok := m.GetResource().(*GenericResource_Str); ok { + return x.Str + } + return nil +} + +func (m *GenericResource) GetDiscrete() *GenericDiscrete { + if x, ok := m.GetResource().(*GenericResource_Discrete); ok { + return x.Discrete + } + return nil +} + +// XXX_OneofFuncs is for the internal use of the proto package. +func (*GenericResource) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) { + return _GenericResource_OneofMarshaler, _GenericResource_OneofUnmarshaler, _GenericResource_OneofSizer, []interface{}{ + (*GenericResource_Str)(nil), + (*GenericResource_Discrete)(nil), + } +} + +func _GenericResource_OneofMarshaler(msg proto.Message, b *proto.Buffer) error { + m := msg.(*GenericResource) + // resource + switch x := m.Resource.(type) { + case *GenericResource_Str: + _ = b.EncodeVarint(1<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.Str); err != nil { + return err + } + case *GenericResource_Discrete: + _ = b.EncodeVarint(2<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.Discrete); err != nil { + return err + } + case nil: + default: + return fmt.Errorf("GenericResource.Resource has unexpected type %T", x) + } + return nil +} + +func _GenericResource_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) { + m := msg.(*GenericResource) + switch tag { + case 1: // resource.str + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(GenericString) + err := b.DecodeMessage(msg) + m.Resource = &GenericResource_Str{msg} + return true, err + case 2: // resource.discrete + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(GenericDiscrete) + err := b.DecodeMessage(msg) + m.Resource = &GenericResource_Discrete{msg} + return true, err + default: + return false, nil + } +} + +func _GenericResource_OneofSizer(msg proto.Message) (n int) { + m := msg.(*GenericResource) + // resource + switch x := m.Resource.(type) { + case *GenericResource_Str: + s := proto.Size(x.Str) + n += proto.SizeVarint(1<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case *GenericResource_Discrete: + s := proto.Size(x.Discrete) + n += proto.SizeVarint(2<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case nil: + default: + panic(fmt.Sprintf("proto: unexpected type %T in oneof", x)) + } + return n +} + type Resources struct { // Amount of CPUs (e.g. 2000000000 = 2 CPU cores) NanoCPUs int64 `protobuf:"varint,1,opt,name=nano_cpus,json=nanoCpus,proto3" json:"nano_cpus,omitempty"` // Amount of memory in bytes. MemoryBytes int64 `protobuf:"varint,2,opt,name=memory_bytes,json=memoryBytes,proto3" json:"memory_bytes,omitempty"` + // User specified resource (e.g: bananas=2;apple={red,yellow,green}) + Generic []*GenericResource `protobuf:"bytes,3,rep,name=generic" json:"generic,omitempty"` } func (m *Resources) Reset() { *m = Resources{} } func (*Resources) ProtoMessage() {} -func (*Resources) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{3} } +func (*Resources) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{6} } type ResourceRequirements struct { Limits *Resources `protobuf:"bytes,1,opt,name=limits" json:"limits,omitempty"` @@ -796,7 +941,7 @@ type ResourceRequirements struct { func (m *ResourceRequirements) Reset() { *m = ResourceRequirements{} } func (*ResourceRequirements) ProtoMessage() {} -func (*ResourceRequirements) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{4} } +func (*ResourceRequirements) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{7} } type Platform struct { // Architecture (e.g. x86_64) @@ -807,7 +952,7 @@ type Platform struct { func (m *Platform) Reset() { *m = Platform{} } func (*Platform) ProtoMessage() {} -func (*Platform) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{5} } +func (*Platform) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{8} } // PluginDescription describes an engine plugin. type PluginDescription struct { @@ -821,7 +966,7 @@ type PluginDescription struct { func (m *PluginDescription) Reset() { *m = PluginDescription{} } func (*PluginDescription) ProtoMessage() {} -func (*PluginDescription) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{6} } +func (*PluginDescription) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{9} } type EngineDescription struct { // Docker daemon version running on the node. @@ -834,7 +979,7 @@ type EngineDescription struct { func (m *EngineDescription) Reset() { *m = EngineDescription{} } func (*EngineDescription) ProtoMessage() {} -func (*EngineDescription) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{7} } +func (*EngineDescription) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{10} } type NodeDescription struct { // Hostname of the node as reported by the agent. @@ -852,7 +997,7 @@ type NodeDescription struct { func (m *NodeDescription) Reset() { *m = NodeDescription{} } func (*NodeDescription) ProtoMessage() {} -func (*NodeDescription) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{8} } +func (*NodeDescription) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{11} } type NodeTLSInfo struct { // Information about which root certs the node trusts @@ -864,7 +1009,7 @@ type NodeTLSInfo struct { func (m *NodeTLSInfo) Reset() { *m = NodeTLSInfo{} } func (*NodeTLSInfo) ProtoMessage() {} -func (*NodeTLSInfo) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{9} } +func (*NodeTLSInfo) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{12} } type RaftMemberStatus struct { Leader bool `protobuf:"varint,1,opt,name=leader,proto3" json:"leader,omitempty"` @@ -874,7 +1019,7 @@ type RaftMemberStatus struct { func (m *RaftMemberStatus) Reset() { *m = RaftMemberStatus{} } func (*RaftMemberStatus) ProtoMessage() {} -func (*RaftMemberStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{10} } +func (*RaftMemberStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{13} } type NodeStatus struct { State NodeStatus_State `protobuf:"varint,1,opt,name=state,proto3,enum=docker.swarmkit.v1.NodeStatus_State" json:"state,omitempty"` @@ -885,7 +1030,7 @@ type NodeStatus struct { func (m *NodeStatus) Reset() { *m = NodeStatus{} } func (*NodeStatus) ProtoMessage() {} -func (*NodeStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{11} } +func (*NodeStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{14} } type Image struct { // reference is a docker image reference. This can include a rpository, tag @@ -896,7 +1041,7 @@ type Image struct { func (m *Image) Reset() { *m = Image{} } func (*Image) ProtoMessage() {} -func (*Image) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{12} } +func (*Image) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{15} } // Mount describes volume mounts for a container. // @@ -931,7 +1076,7 @@ type Mount struct { func (m *Mount) Reset() { *m = Mount{} } func (*Mount) ProtoMessage() {} -func (*Mount) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{13} } +func (*Mount) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{16} } // BindOptions specifies options that are specific to a bind mount. type Mount_BindOptions struct { @@ -941,7 +1086,7 @@ type Mount_BindOptions struct { func (m *Mount_BindOptions) Reset() { *m = Mount_BindOptions{} } func (*Mount_BindOptions) ProtoMessage() {} -func (*Mount_BindOptions) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{13, 0} } +func (*Mount_BindOptions) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{16, 0} } // VolumeOptions contains parameters for mounting the volume. type Mount_VolumeOptions struct { @@ -958,7 +1103,7 @@ type Mount_VolumeOptions struct { func (m *Mount_VolumeOptions) Reset() { *m = Mount_VolumeOptions{} } func (*Mount_VolumeOptions) ProtoMessage() {} -func (*Mount_VolumeOptions) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{13, 1} } +func (*Mount_VolumeOptions) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{16, 1} } type Mount_TmpfsOptions struct { // Size sets the size of the tmpfs, in bytes. @@ -976,7 +1121,7 @@ type Mount_TmpfsOptions struct { func (m *Mount_TmpfsOptions) Reset() { *m = Mount_TmpfsOptions{} } func (*Mount_TmpfsOptions) ProtoMessage() {} -func (*Mount_TmpfsOptions) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{13, 2} } +func (*Mount_TmpfsOptions) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{16, 2} } type RestartPolicy struct { Condition RestartPolicy_RestartCondition `protobuf:"varint,1,opt,name=condition,proto3,enum=docker.swarmkit.v1.RestartPolicy_RestartCondition" json:"condition,omitempty"` @@ -994,7 +1139,7 @@ type RestartPolicy struct { func (m *RestartPolicy) Reset() { *m = RestartPolicy{} } func (*RestartPolicy) ProtoMessage() {} -func (*RestartPolicy) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{14} } +func (*RestartPolicy) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{17} } // UpdateConfig specifies the rate and policy of updates. // TODO(aluzzardi): Consider making this a oneof with RollingStrategy and LockstepStrategy. @@ -1034,7 +1179,7 @@ type UpdateConfig struct { func (m *UpdateConfig) Reset() { *m = UpdateConfig{} } func (*UpdateConfig) ProtoMessage() {} -func (*UpdateConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{15} } +func (*UpdateConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{18} } // UpdateStatus is the status of an update in progress. type UpdateStatus struct { @@ -1058,7 +1203,7 @@ type UpdateStatus struct { func (m *UpdateStatus) Reset() { *m = UpdateStatus{} } func (*UpdateStatus) ProtoMessage() {} -func (*UpdateStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{16} } +func (*UpdateStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{19} } // Container specific status. type ContainerStatus struct { @@ -1069,7 +1214,7 @@ type ContainerStatus struct { func (m *ContainerStatus) Reset() { *m = ContainerStatus{} } func (*ContainerStatus) ProtoMessage() {} -func (*ContainerStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{17} } +func (*ContainerStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{20} } // PortStatus specifies the actual allocated runtime state of a list // of port configs. @@ -1079,7 +1224,7 @@ type PortStatus struct { func (m *PortStatus) Reset() { *m = PortStatus{} } func (*PortStatus) ProtoMessage() {} -func (*PortStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{18} } +func (*PortStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{21} } type TaskStatus struct { // Note: can't use stdtime because this field is nullable. @@ -1116,7 +1261,7 @@ type TaskStatus struct { func (m *TaskStatus) Reset() { *m = TaskStatus{} } func (*TaskStatus) ProtoMessage() {} -func (*TaskStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{19} } +func (*TaskStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{22} } type isTaskStatus_RuntimeStatus interface { isTaskStatus_RuntimeStatus() @@ -1220,7 +1365,7 @@ type NetworkAttachmentConfig struct { func (m *NetworkAttachmentConfig) Reset() { *m = NetworkAttachmentConfig{} } func (*NetworkAttachmentConfig) ProtoMessage() {} -func (*NetworkAttachmentConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{20} } +func (*NetworkAttachmentConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{23} } // IPAMConfig specifies parameters for IP Address Management. type IPAMConfig struct { @@ -1241,7 +1386,7 @@ type IPAMConfig struct { func (m *IPAMConfig) Reset() { *m = IPAMConfig{} } func (*IPAMConfig) ProtoMessage() {} -func (*IPAMConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{21} } +func (*IPAMConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{24} } // PortConfig specifies an exposed port which can be // addressed using the given name. This can be later queried @@ -1267,7 +1412,7 @@ type PortConfig struct { func (m *PortConfig) Reset() { *m = PortConfig{} } func (*PortConfig) ProtoMessage() {} -func (*PortConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{22} } +func (*PortConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{25} } // Driver is a generic driver type to be used throughout the API. For now, a // driver is simply a name and set of options. The field contents depend on the @@ -1280,7 +1425,7 @@ type Driver struct { func (m *Driver) Reset() { *m = Driver{} } func (*Driver) ProtoMessage() {} -func (*Driver) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{23} } +func (*Driver) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{26} } type IPAMOptions struct { Driver *Driver `protobuf:"bytes,1,opt,name=driver" json:"driver,omitempty"` @@ -1289,7 +1434,7 @@ type IPAMOptions struct { func (m *IPAMOptions) Reset() { *m = IPAMOptions{} } func (*IPAMOptions) ProtoMessage() {} -func (*IPAMOptions) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{24} } +func (*IPAMOptions) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{27} } // Peer should be used anywhere where we are describing a remote peer. type Peer struct { @@ -1299,7 +1444,7 @@ type Peer struct { func (m *Peer) Reset() { *m = Peer{} } func (*Peer) ProtoMessage() {} -func (*Peer) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{25} } +func (*Peer) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{28} } // WeightedPeer should be used anywhere where we are describing a remote peer // with a weight. @@ -1310,7 +1455,7 @@ type WeightedPeer struct { func (m *WeightedPeer) Reset() { *m = WeightedPeer{} } func (*WeightedPeer) ProtoMessage() {} -func (*WeightedPeer) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{26} } +func (*WeightedPeer) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{29} } type IssuanceStatus struct { State IssuanceStatus_State `protobuf:"varint,1,opt,name=state,proto3,enum=docker.swarmkit.v1.IssuanceStatus_State" json:"state,omitempty"` @@ -1322,7 +1467,7 @@ type IssuanceStatus struct { func (m *IssuanceStatus) Reset() { *m = IssuanceStatus{} } func (*IssuanceStatus) ProtoMessage() {} -func (*IssuanceStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{27} } +func (*IssuanceStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{30} } type AcceptancePolicy struct { Policies []*AcceptancePolicy_RoleAdmissionPolicy `protobuf:"bytes,1,rep,name=policies" json:"policies,omitempty"` @@ -1330,7 +1475,7 @@ type AcceptancePolicy struct { func (m *AcceptancePolicy) Reset() { *m = AcceptancePolicy{} } func (*AcceptancePolicy) ProtoMessage() {} -func (*AcceptancePolicy) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{28} } +func (*AcceptancePolicy) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{31} } type AcceptancePolicy_RoleAdmissionPolicy struct { Role NodeRole `protobuf:"varint,1,opt,name=role,proto3,enum=docker.swarmkit.v1.NodeRole" json:"role,omitempty"` @@ -1345,7 +1490,7 @@ type AcceptancePolicy_RoleAdmissionPolicy struct { func (m *AcceptancePolicy_RoleAdmissionPolicy) Reset() { *m = AcceptancePolicy_RoleAdmissionPolicy{} } func (*AcceptancePolicy_RoleAdmissionPolicy) ProtoMessage() {} func (*AcceptancePolicy_RoleAdmissionPolicy) Descriptor() ([]byte, []int) { - return fileDescriptorTypes, []int{28, 0} + return fileDescriptorTypes, []int{31, 0} } type AcceptancePolicy_RoleAdmissionPolicy_Secret struct { @@ -1360,7 +1505,7 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy_Secret) Reset() { } func (*AcceptancePolicy_RoleAdmissionPolicy_Secret) ProtoMessage() {} func (*AcceptancePolicy_RoleAdmissionPolicy_Secret) Descriptor() ([]byte, []int) { - return fileDescriptorTypes, []int{28, 0, 0} + return fileDescriptorTypes, []int{31, 0, 0} } type ExternalCA struct { @@ -1377,7 +1522,7 @@ type ExternalCA struct { func (m *ExternalCA) Reset() { *m = ExternalCA{} } func (*ExternalCA) ProtoMessage() {} -func (*ExternalCA) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{29} } +func (*ExternalCA) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{32} } type CAConfig struct { // NodeCertExpiry is the duration certificates should be issued for @@ -1402,7 +1547,7 @@ type CAConfig struct { func (m *CAConfig) Reset() { *m = CAConfig{} } func (*CAConfig) ProtoMessage() {} -func (*CAConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{30} } +func (*CAConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{33} } // OrchestrationConfig defines cluster-level orchestration settings. type OrchestrationConfig struct { @@ -1413,7 +1558,7 @@ type OrchestrationConfig struct { func (m *OrchestrationConfig) Reset() { *m = OrchestrationConfig{} } func (*OrchestrationConfig) ProtoMessage() {} -func (*OrchestrationConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{31} } +func (*OrchestrationConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{34} } // TaskDefaults specifies default values for task creation. type TaskDefaults struct { @@ -1427,7 +1572,7 @@ type TaskDefaults struct { func (m *TaskDefaults) Reset() { *m = TaskDefaults{} } func (*TaskDefaults) ProtoMessage() {} -func (*TaskDefaults) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{32} } +func (*TaskDefaults) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{35} } // DispatcherConfig defines cluster-level dispatcher settings. type DispatcherConfig struct { @@ -1439,7 +1584,7 @@ type DispatcherConfig struct { func (m *DispatcherConfig) Reset() { *m = DispatcherConfig{} } func (*DispatcherConfig) ProtoMessage() {} -func (*DispatcherConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{33} } +func (*DispatcherConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{36} } // RaftConfig defines raft settings for the cluster. type RaftConfig struct { @@ -1461,7 +1606,7 @@ type RaftConfig struct { func (m *RaftConfig) Reset() { *m = RaftConfig{} } func (*RaftConfig) ProtoMessage() {} -func (*RaftConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{34} } +func (*RaftConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{37} } type EncryptionConfig struct { // AutoLockManagers specifies whether or not managers TLS keys and raft data @@ -1472,7 +1617,7 @@ type EncryptionConfig struct { func (m *EncryptionConfig) Reset() { *m = EncryptionConfig{} } func (*EncryptionConfig) ProtoMessage() {} -func (*EncryptionConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{35} } +func (*EncryptionConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{38} } type SpreadOver struct { SpreadDescriptor string `protobuf:"bytes,1,opt,name=spread_descriptor,json=spreadDescriptor,proto3" json:"spread_descriptor,omitempty"` @@ -1480,7 +1625,7 @@ type SpreadOver struct { func (m *SpreadOver) Reset() { *m = SpreadOver{} } func (*SpreadOver) ProtoMessage() {} -func (*SpreadOver) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{36} } +func (*SpreadOver) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{39} } type PlacementPreference struct { // Types that are valid to be assigned to Preference: @@ -1490,7 +1635,7 @@ type PlacementPreference struct { func (m *PlacementPreference) Reset() { *m = PlacementPreference{} } func (*PlacementPreference) ProtoMessage() {} -func (*PlacementPreference) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{37} } +func (*PlacementPreference) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{40} } type isPlacementPreference_Preference interface { isPlacementPreference_Preference() @@ -1589,7 +1734,7 @@ type Placement struct { func (m *Placement) Reset() { *m = Placement{} } func (*Placement) ProtoMessage() {} -func (*Placement) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{38} } +func (*Placement) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{41} } // JoinToken contains the join tokens for workers and managers. type JoinTokens struct { @@ -1601,7 +1746,7 @@ type JoinTokens struct { func (m *JoinTokens) Reset() { *m = JoinTokens{} } func (*JoinTokens) ProtoMessage() {} -func (*JoinTokens) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{39} } +func (*JoinTokens) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{42} } type RootCA struct { // CAKey is the root CA private key. @@ -1622,7 +1767,7 @@ type RootCA struct { func (m *RootCA) Reset() { *m = RootCA{} } func (*RootCA) ProtoMessage() {} -func (*RootCA) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{40} } +func (*RootCA) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{43} } type Certificate struct { Role NodeRole `protobuf:"varint,1,opt,name=role,proto3,enum=docker.swarmkit.v1.NodeRole" json:"role,omitempty"` @@ -1635,7 +1780,7 @@ type Certificate struct { func (m *Certificate) Reset() { *m = Certificate{} } func (*Certificate) ProtoMessage() {} -func (*Certificate) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{41} } +func (*Certificate) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{44} } // Symmetric keys to encrypt inter-agent communication. type EncryptionKey struct { @@ -1651,7 +1796,7 @@ type EncryptionKey struct { func (m *EncryptionKey) Reset() { *m = EncryptionKey{} } func (*EncryptionKey) ProtoMessage() {} -func (*EncryptionKey) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{42} } +func (*EncryptionKey) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{45} } // ManagerStatus provides informations about the state of a manager in the cluster. type ManagerStatus struct { @@ -1668,7 +1813,7 @@ type ManagerStatus struct { func (m *ManagerStatus) Reset() { *m = ManagerStatus{} } func (*ManagerStatus) ProtoMessage() {} -func (*ManagerStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{43} } +func (*ManagerStatus) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{46} } // FileTarget represents a specific target that is backed by a file type FileTarget struct { @@ -1684,7 +1829,7 @@ type FileTarget struct { func (m *FileTarget) Reset() { *m = FileTarget{} } func (*FileTarget) ProtoMessage() {} -func (*FileTarget) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{44} } +func (*FileTarget) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{47} } // SecretReference is the linkage between a service and a secret that it uses. type SecretReference struct { @@ -1704,7 +1849,7 @@ type SecretReference struct { func (m *SecretReference) Reset() { *m = SecretReference{} } func (*SecretReference) ProtoMessage() {} -func (*SecretReference) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{45} } +func (*SecretReference) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{48} } type isSecretReference_Target interface { isSecretReference_Target() @@ -1804,7 +1949,7 @@ type ConfigReference struct { func (m *ConfigReference) Reset() { *m = ConfigReference{} } func (*ConfigReference) ProtoMessage() {} -func (*ConfigReference) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{46} } +func (*ConfigReference) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{49} } type isConfigReference_Target interface { isConfigReference_Target() @@ -1898,7 +2043,7 @@ type BlacklistedCertificate struct { func (m *BlacklistedCertificate) Reset() { *m = BlacklistedCertificate{} } func (*BlacklistedCertificate) ProtoMessage() {} -func (*BlacklistedCertificate) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{47} } +func (*BlacklistedCertificate) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{50} } // HealthConfig holds configuration settings for the HEALTHCHECK feature. type HealthConfig struct { @@ -1928,7 +2073,7 @@ type HealthConfig struct { func (m *HealthConfig) Reset() { *m = HealthConfig{} } func (*HealthConfig) ProtoMessage() {} -func (*HealthConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{48} } +func (*HealthConfig) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{51} } type MaybeEncryptedRecord struct { Algorithm MaybeEncryptedRecord_Algorithm `protobuf:"varint,1,opt,name=algorithm,proto3,enum=docker.swarmkit.v1.MaybeEncryptedRecord_Algorithm" json:"algorithm,omitempty"` @@ -1938,7 +2083,7 @@ type MaybeEncryptedRecord struct { func (m *MaybeEncryptedRecord) Reset() { *m = MaybeEncryptedRecord{} } func (*MaybeEncryptedRecord) ProtoMessage() {} -func (*MaybeEncryptedRecord) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{49} } +func (*MaybeEncryptedRecord) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{52} } type RootRotation struct { CACert []byte `protobuf:"bytes,1,opt,name=ca_cert,json=caCert,proto3" json:"ca_cert,omitempty"` @@ -1949,7 +2094,7 @@ type RootRotation struct { func (m *RootRotation) Reset() { *m = RootRotation{} } func (*RootRotation) ProtoMessage() {} -func (*RootRotation) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{50} } +func (*RootRotation) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{53} } // Privileges specifies security configuration/permissions. type Privileges struct { @@ -1959,7 +2104,7 @@ type Privileges struct { func (m *Privileges) Reset() { *m = Privileges{} } func (*Privileges) ProtoMessage() {} -func (*Privileges) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{51} } +func (*Privileges) Descriptor() ([]byte, []int) { return fileDescriptorTypes, []int{54} } // CredentialSpec for managed service account (Windows only). type Privileges_CredentialSpec struct { @@ -1972,7 +2117,7 @@ type Privileges_CredentialSpec struct { func (m *Privileges_CredentialSpec) Reset() { *m = Privileges_CredentialSpec{} } func (*Privileges_CredentialSpec) ProtoMessage() {} func (*Privileges_CredentialSpec) Descriptor() ([]byte, []int) { - return fileDescriptorTypes, []int{51, 0} + return fileDescriptorTypes, []int{54, 0} } type isPrivileges_CredentialSpec_Source interface { @@ -2090,13 +2235,16 @@ type Privileges_SELinuxContext struct { func (m *Privileges_SELinuxContext) Reset() { *m = Privileges_SELinuxContext{} } func (*Privileges_SELinuxContext) ProtoMessage() {} func (*Privileges_SELinuxContext) Descriptor() ([]byte, []int) { - return fileDescriptorTypes, []int{51, 1} + return fileDescriptorTypes, []int{54, 1} } func init() { proto.RegisterType((*Version)(nil), "docker.swarmkit.v1.Version") proto.RegisterType((*IndexEntry)(nil), "docker.swarmkit.v1.IndexEntry") proto.RegisterType((*Annotations)(nil), "docker.swarmkit.v1.Annotations") + proto.RegisterType((*GenericString)(nil), "docker.swarmkit.v1.GenericString") + proto.RegisterType((*GenericDiscrete)(nil), "docker.swarmkit.v1.GenericDiscrete") + proto.RegisterType((*GenericResource)(nil), "docker.swarmkit.v1.GenericResource") proto.RegisterType((*Resources)(nil), "docker.swarmkit.v1.Resources") proto.RegisterType((*ResourceRequirements)(nil), "docker.swarmkit.v1.ResourceRequirements") proto.RegisterType((*Platform)(nil), "docker.swarmkit.v1.Platform") @@ -2231,6 +2379,68 @@ func (m *Annotations) CopyFrom(src interface{}) { } +func (m *GenericString) Copy() *GenericString { + if m == nil { + return nil + } + o := &GenericString{} + o.CopyFrom(m) + return o +} + +func (m *GenericString) CopyFrom(src interface{}) { + + o := src.(*GenericString) + *m = *o +} + +func (m *GenericDiscrete) Copy() *GenericDiscrete { + if m == nil { + return nil + } + o := &GenericDiscrete{} + o.CopyFrom(m) + return o +} + +func (m *GenericDiscrete) CopyFrom(src interface{}) { + + o := src.(*GenericDiscrete) + *m = *o +} + +func (m *GenericResource) Copy() *GenericResource { + if m == nil { + return nil + } + o := &GenericResource{} + o.CopyFrom(m) + return o +} + +func (m *GenericResource) CopyFrom(src interface{}) { + + o := src.(*GenericResource) + *m = *o + if o.Resource != nil { + switch o.Resource.(type) { + case *GenericResource_Str: + v := GenericResource_Str{ + Str: &GenericString{}, + } + github_com_docker_swarmkit_api_deepcopy.Copy(v.Str, o.GetStr()) + m.Resource = &v + case *GenericResource_Discrete: + v := GenericResource_Discrete{ + Discrete: &GenericDiscrete{}, + } + github_com_docker_swarmkit_api_deepcopy.Copy(v.Discrete, o.GetDiscrete()) + m.Resource = &v + } + } + +} + func (m *Resources) Copy() *Resources { if m == nil { return nil @@ -2244,6 +2454,14 @@ func (m *Resources) CopyFrom(src interface{}) { o := src.(*Resources) *m = *o + if o.Generic != nil { + m.Generic = make([]*GenericResource, len(o.Generic)) + for i := range m.Generic { + m.Generic[i] = &GenericResource{} + github_com_docker_swarmkit_api_deepcopy.Copy(m.Generic[i], o.Generic[i]) + } + } + } func (m *ResourceRequirements) Copy() *ResourceRequirements { @@ -3544,6 +3762,118 @@ func (m *Annotations) MarshalTo(dAtA []byte) (int, error) { return i, nil } +func (m *GenericString) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GenericString) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.Kind) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind))) + i += copy(dAtA[i:], m.Kind) + } + if len(m.Value) > 0 { + dAtA[i] = 0x12 + i++ + i = encodeVarintTypes(dAtA, i, uint64(len(m.Value))) + i += copy(dAtA[i:], m.Value) + } + return i, nil +} + +func (m *GenericDiscrete) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GenericDiscrete) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.Kind) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind))) + i += copy(dAtA[i:], m.Kind) + } + if m.Value != 0 { + dAtA[i] = 0x10 + i++ + i = encodeVarintTypes(dAtA, i, uint64(m.Value)) + } + return i, nil +} + +func (m *GenericResource) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GenericResource) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if m.Resource != nil { + nn1, err := m.Resource.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += nn1 + } + return i, nil +} + +func (m *GenericResource_Str) MarshalTo(dAtA []byte) (int, error) { + i := 0 + if m.Str != nil { + dAtA[i] = 0xa + i++ + i = encodeVarintTypes(dAtA, i, uint64(m.Str.Size())) + n2, err := m.Str.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n2 + } + return i, nil +} +func (m *GenericResource_Discrete) MarshalTo(dAtA []byte) (int, error) { + i := 0 + if m.Discrete != nil { + dAtA[i] = 0x12 + i++ + i = encodeVarintTypes(dAtA, i, uint64(m.Discrete.Size())) + n3, err := m.Discrete.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n3 + } + return i, nil +} func (m *Resources) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -3569,6 +3899,18 @@ func (m *Resources) MarshalTo(dAtA []byte) (int, error) { i++ i = encodeVarintTypes(dAtA, i, uint64(m.MemoryBytes)) } + if len(m.Generic) > 0 { + for _, msg := range m.Generic { + dAtA[i] = 0x1a + i++ + i = encodeVarintTypes(dAtA, i, uint64(msg.Size())) + n, err := msg.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n + } + } return i, nil } @@ -3591,21 +3933,21 @@ func (m *ResourceRequirements) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintTypes(dAtA, i, uint64(m.Limits.Size())) - n1, err := m.Limits.MarshalTo(dAtA[i:]) + n4, err := m.Limits.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n1 + i += n4 } if m.Reservations != nil { dAtA[i] = 0x12 i++ i = encodeVarintTypes(dAtA, i, uint64(m.Reservations.Size())) - n2, err := m.Reservations.MarshalTo(dAtA[i:]) + n5, err := m.Reservations.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n2 + i += n5 } return i, nil } @@ -3748,41 +4090,41 @@ func (m *NodeDescription) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x12 i++ i = encodeVarintTypes(dAtA, i, uint64(m.Platform.Size())) - n3, err := m.Platform.MarshalTo(dAtA[i:]) + n6, err := m.Platform.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n3 + i += n6 } if m.Resources != nil { dAtA[i] = 0x1a i++ i = encodeVarintTypes(dAtA, i, uint64(m.Resources.Size())) - n4, err := m.Resources.MarshalTo(dAtA[i:]) + n7, err := m.Resources.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n4 + i += n7 } if m.Engine != nil { dAtA[i] = 0x22 i++ i = encodeVarintTypes(dAtA, i, uint64(m.Engine.Size())) - n5, err := m.Engine.MarshalTo(dAtA[i:]) + n8, err := m.Engine.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n5 + i += n8 } if m.TLSInfo != nil { dAtA[i] = 0x2a i++ i = encodeVarintTypes(dAtA, i, uint64(m.TLSInfo.Size())) - n6, err := m.TLSInfo.MarshalTo(dAtA[i:]) + n9, err := m.TLSInfo.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n6 + i += n9 } return i, nil } @@ -3967,31 +4309,31 @@ func (m *Mount) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x2a i++ i = encodeVarintTypes(dAtA, i, uint64(m.BindOptions.Size())) - n7, err := m.BindOptions.MarshalTo(dAtA[i:]) + n10, err := m.BindOptions.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n7 + i += n10 } if m.VolumeOptions != nil { dAtA[i] = 0x32 i++ i = encodeVarintTypes(dAtA, i, uint64(m.VolumeOptions.Size())) - n8, err := m.VolumeOptions.MarshalTo(dAtA[i:]) + n11, err := m.VolumeOptions.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n8 + i += n11 } if m.TmpfsOptions != nil { dAtA[i] = 0x3a i++ i = encodeVarintTypes(dAtA, i, uint64(m.TmpfsOptions.Size())) - n9, err := m.TmpfsOptions.MarshalTo(dAtA[i:]) + n12, err := m.TmpfsOptions.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n9 + i += n12 } return i, nil } @@ -4065,11 +4407,11 @@ func (m *Mount_VolumeOptions) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x1a i++ i = encodeVarintTypes(dAtA, i, uint64(m.DriverConfig.Size())) - n10, err := m.DriverConfig.MarshalTo(dAtA[i:]) + n13, err := m.DriverConfig.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n10 + i += n13 } return i, nil } @@ -4126,11 +4468,11 @@ func (m *RestartPolicy) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x12 i++ i = encodeVarintTypes(dAtA, i, uint64(m.Delay.Size())) - n11, err := m.Delay.MarshalTo(dAtA[i:]) + n14, err := m.Delay.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n11 + i += n14 } if m.MaxAttempts != 0 { dAtA[i] = 0x18 @@ -4141,11 +4483,11 @@ func (m *RestartPolicy) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x22 i++ i = encodeVarintTypes(dAtA, i, uint64(m.Window.Size())) - n12, err := m.Window.MarshalTo(dAtA[i:]) + n15, err := m.Window.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n12 + i += n15 } return i, nil } @@ -4173,11 +4515,11 @@ func (m *UpdateConfig) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x12 i++ i = encodeVarintTypes(dAtA, i, uint64(github_com_gogo_protobuf_types.SizeOfStdDuration(m.Delay))) - n13, err := github_com_gogo_protobuf_types.StdDurationMarshalTo(m.Delay, dAtA[i:]) + n16, err := github_com_gogo_protobuf_types.StdDurationMarshalTo(m.Delay, dAtA[i:]) if err != nil { return 0, err } - i += n13 + i += n16 if m.FailureAction != 0 { dAtA[i] = 0x18 i++ @@ -4187,11 +4529,11 @@ func (m *UpdateConfig) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x22 i++ i = encodeVarintTypes(dAtA, i, uint64(m.Monitor.Size())) - n14, err := m.Monitor.MarshalTo(dAtA[i:]) + n17, err := m.Monitor.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n14 + i += n17 } if m.MaxFailureRatio != 0 { dAtA[i] = 0x2d @@ -4230,21 +4572,21 @@ func (m *UpdateStatus) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x12 i++ i = encodeVarintTypes(dAtA, i, uint64(m.StartedAt.Size())) - n15, err := m.StartedAt.MarshalTo(dAtA[i:]) + n18, err := m.StartedAt.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n15 + i += n18 } if m.CompletedAt != nil { dAtA[i] = 0x1a i++ i = encodeVarintTypes(dAtA, i, uint64(m.CompletedAt.Size())) - n16, err := m.CompletedAt.MarshalTo(dAtA[i:]) + n19, err := m.CompletedAt.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n16 + i += n19 } if len(m.Message) > 0 { dAtA[i] = 0x22 @@ -4338,11 +4680,11 @@ func (m *TaskStatus) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintTypes(dAtA, i, uint64(m.Timestamp.Size())) - n17, err := m.Timestamp.MarshalTo(dAtA[i:]) + n20, err := m.Timestamp.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n17 + i += n20 } if m.State != 0 { dAtA[i] = 0x10 @@ -4362,21 +4704,21 @@ func (m *TaskStatus) MarshalTo(dAtA []byte) (int, error) { i += copy(dAtA[i:], m.Err) } if m.RuntimeStatus != nil { - nn18, err := m.RuntimeStatus.MarshalTo(dAtA[i:]) + nn21, err := m.RuntimeStatus.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += nn18 + i += nn21 } if m.PortStatus != nil { dAtA[i] = 0x32 i++ i = encodeVarintTypes(dAtA, i, uint64(m.PortStatus.Size())) - n19, err := m.PortStatus.MarshalTo(dAtA[i:]) + n22, err := m.PortStatus.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n19 + i += n22 } return i, nil } @@ -4387,11 +4729,11 @@ func (m *TaskStatus_Container) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x2a i++ i = encodeVarintTypes(dAtA, i, uint64(m.Container.Size())) - n20, err := m.Container.MarshalTo(dAtA[i:]) + n23, err := m.Container.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n20 + i += n23 } return i, nil } @@ -4628,11 +4970,11 @@ func (m *IPAMOptions) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintTypes(dAtA, i, uint64(m.Driver.Size())) - n21, err := m.Driver.MarshalTo(dAtA[i:]) + n24, err := m.Driver.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n21 + i += n24 } if len(m.Configs) > 0 { for _, msg := range m.Configs { @@ -4698,11 +5040,11 @@ func (m *WeightedPeer) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintTypes(dAtA, i, uint64(m.Peer.Size())) - n22, err := m.Peer.MarshalTo(dAtA[i:]) + n25, err := m.Peer.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n22 + i += n25 } if m.Weight != 0 { dAtA[i] = 0x10 @@ -4805,11 +5147,11 @@ func (m *AcceptancePolicy_RoleAdmissionPolicy) MarshalTo(dAtA []byte) (int, erro dAtA[i] = 0x1a i++ i = encodeVarintTypes(dAtA, i, uint64(m.Secret.Size())) - n23, err := m.Secret.MarshalTo(dAtA[i:]) + n26, err := m.Secret.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n23 + i += n26 } return i, nil } @@ -4915,11 +5257,11 @@ func (m *CAConfig) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintTypes(dAtA, i, uint64(m.NodeCertExpiry.Size())) - n24, err := m.NodeCertExpiry.MarshalTo(dAtA[i:]) + n27, err := m.NodeCertExpiry.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n24 + i += n27 } if len(m.ExternalCAs) > 0 { for _, msg := range m.ExternalCAs { @@ -4995,11 +5337,11 @@ func (m *TaskDefaults) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintTypes(dAtA, i, uint64(m.LogDriver.Size())) - n25, err := m.LogDriver.MarshalTo(dAtA[i:]) + n28, err := m.LogDriver.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n25 + i += n28 } return i, nil } @@ -5023,11 +5365,11 @@ func (m *DispatcherConfig) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintTypes(dAtA, i, uint64(m.HeartbeatPeriod.Size())) - n26, err := m.HeartbeatPeriod.MarshalTo(dAtA[i:]) + n29, err := m.HeartbeatPeriod.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n26 + i += n29 } return i, nil } @@ -5143,11 +5485,11 @@ func (m *PlacementPreference) MarshalTo(dAtA []byte) (int, error) { var l int _ = l if m.Preference != nil { - nn27, err := m.Preference.MarshalTo(dAtA[i:]) + nn30, err := m.Preference.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += nn27 + i += nn30 } return i, nil } @@ -5158,11 +5500,11 @@ func (m *PlacementPreference_Spread) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintTypes(dAtA, i, uint64(m.Spread.Size())) - n28, err := m.Spread.MarshalTo(dAtA[i:]) + n31, err := m.Spread.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n28 + i += n31 } return i, nil } @@ -5289,20 +5631,20 @@ func (m *RootCA) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x22 i++ i = encodeVarintTypes(dAtA, i, uint64(m.JoinTokens.Size())) - n29, err := m.JoinTokens.MarshalTo(dAtA[i:]) + n32, err := m.JoinTokens.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n29 + i += n32 if m.RootRotation != nil { dAtA[i] = 0x2a i++ i = encodeVarintTypes(dAtA, i, uint64(m.RootRotation.Size())) - n30, err := m.RootRotation.MarshalTo(dAtA[i:]) + n33, err := m.RootRotation.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n30 + i += n33 } if m.LastForcedRotation != 0 { dAtA[i] = 0x30 @@ -5341,11 +5683,11 @@ func (m *Certificate) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x1a i++ i = encodeVarintTypes(dAtA, i, uint64(m.Status.Size())) - n31, err := m.Status.MarshalTo(dAtA[i:]) + n34, err := m.Status.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n31 + i += n34 if len(m.Certificate) > 0 { dAtA[i] = 0x22 i++ @@ -5514,11 +5856,11 @@ func (m *SecretReference) MarshalTo(dAtA []byte) (int, error) { i += copy(dAtA[i:], m.SecretName) } if m.Target != nil { - nn32, err := m.Target.MarshalTo(dAtA[i:]) + nn35, err := m.Target.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += nn32 + i += nn35 } return i, nil } @@ -5529,11 +5871,11 @@ func (m *SecretReference_File) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x1a i++ i = encodeVarintTypes(dAtA, i, uint64(m.File.Size())) - n33, err := m.File.MarshalTo(dAtA[i:]) + n36, err := m.File.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n33 + i += n36 } return i, nil } @@ -5565,11 +5907,11 @@ func (m *ConfigReference) MarshalTo(dAtA []byte) (int, error) { i += copy(dAtA[i:], m.ConfigName) } if m.Target != nil { - nn34, err := m.Target.MarshalTo(dAtA[i:]) + nn37, err := m.Target.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += nn34 + i += nn37 } return i, nil } @@ -5580,11 +5922,11 @@ func (m *ConfigReference_File) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x1a i++ i = encodeVarintTypes(dAtA, i, uint64(m.File.Size())) - n35, err := m.File.MarshalTo(dAtA[i:]) + n38, err := m.File.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n35 + i += n38 } return i, nil } @@ -5607,11 +5949,11 @@ func (m *BlacklistedCertificate) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintTypes(dAtA, i, uint64(m.Expiry.Size())) - n36, err := m.Expiry.MarshalTo(dAtA[i:]) + n39, err := m.Expiry.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n36 + i += n39 } return i, nil } @@ -5650,21 +5992,21 @@ func (m *HealthConfig) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x12 i++ i = encodeVarintTypes(dAtA, i, uint64(m.Interval.Size())) - n37, err := m.Interval.MarshalTo(dAtA[i:]) + n40, err := m.Interval.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n37 + i += n40 } if m.Timeout != nil { dAtA[i] = 0x1a i++ i = encodeVarintTypes(dAtA, i, uint64(m.Timeout.Size())) - n38, err := m.Timeout.MarshalTo(dAtA[i:]) + n41, err := m.Timeout.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n38 + i += n41 } if m.Retries != 0 { dAtA[i] = 0x20 @@ -5675,11 +6017,11 @@ func (m *HealthConfig) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0x2a i++ i = encodeVarintTypes(dAtA, i, uint64(m.StartPeriod.Size())) - n39, err := m.StartPeriod.MarshalTo(dAtA[i:]) + n42, err := m.StartPeriod.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n39 + i += n42 } return i, nil } @@ -5774,21 +6116,21 @@ func (m *Privileges) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintTypes(dAtA, i, uint64(m.CredentialSpec.Size())) - n40, err := m.CredentialSpec.MarshalTo(dAtA[i:]) + n43, err := m.CredentialSpec.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n40 + i += n43 } if m.SELinuxContext != nil { dAtA[i] = 0x12 i++ i = encodeVarintTypes(dAtA, i, uint64(m.SELinuxContext.Size())) - n41, err := m.SELinuxContext.MarshalTo(dAtA[i:]) + n44, err := m.SELinuxContext.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n41 + i += n44 } return i, nil } @@ -5809,11 +6151,11 @@ func (m *Privileges_CredentialSpec) MarshalTo(dAtA []byte) (int, error) { var l int _ = l if m.Source != nil { - nn42, err := m.Source.MarshalTo(dAtA[i:]) + nn45, err := m.Source.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += nn42 + i += nn45 } return i, nil } @@ -5961,6 +6303,60 @@ func (m *Annotations) Size() (n int) { return n } +func (m *GenericString) Size() (n int) { + var l int + _ = l + l = len(m.Kind) + if l > 0 { + n += 1 + l + sovTypes(uint64(l)) + } + l = len(m.Value) + if l > 0 { + n += 1 + l + sovTypes(uint64(l)) + } + return n +} + +func (m *GenericDiscrete) Size() (n int) { + var l int + _ = l + l = len(m.Kind) + if l > 0 { + n += 1 + l + sovTypes(uint64(l)) + } + if m.Value != 0 { + n += 1 + sovTypes(uint64(m.Value)) + } + return n +} + +func (m *GenericResource) Size() (n int) { + var l int + _ = l + if m.Resource != nil { + n += m.Resource.Size() + } + return n +} + +func (m *GenericResource_Str) Size() (n int) { + var l int + _ = l + if m.Str != nil { + l = m.Str.Size() + n += 1 + l + sovTypes(uint64(l)) + } + return n +} +func (m *GenericResource_Discrete) Size() (n int) { + var l int + _ = l + if m.Discrete != nil { + l = m.Discrete.Size() + n += 1 + l + sovTypes(uint64(l)) + } + return n +} func (m *Resources) Size() (n int) { var l int _ = l @@ -5970,6 +6366,12 @@ func (m *Resources) Size() (n int) { if m.MemoryBytes != 0 { n += 1 + sovTypes(uint64(m.MemoryBytes)) } + if len(m.Generic) > 0 { + for _, e := range m.Generic { + l = e.Size() + n += 1 + l + sovTypes(uint64(l)) + } + } return n } @@ -7056,6 +7458,58 @@ func (this *Annotations) String() string { }, "") return s } +func (this *GenericString) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&GenericString{`, + `Kind:` + fmt.Sprintf("%v", this.Kind) + `,`, + `Value:` + fmt.Sprintf("%v", this.Value) + `,`, + `}`, + }, "") + return s +} +func (this *GenericDiscrete) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&GenericDiscrete{`, + `Kind:` + fmt.Sprintf("%v", this.Kind) + `,`, + `Value:` + fmt.Sprintf("%v", this.Value) + `,`, + `}`, + }, "") + return s +} +func (this *GenericResource) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&GenericResource{`, + `Resource:` + fmt.Sprintf("%v", this.Resource) + `,`, + `}`, + }, "") + return s +} +func (this *GenericResource_Str) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&GenericResource_Str{`, + `Str:` + strings.Replace(fmt.Sprintf("%v", this.Str), "GenericString", "GenericString", 1) + `,`, + `}`, + }, "") + return s +} +func (this *GenericResource_Discrete) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&GenericResource_Discrete{`, + `Discrete:` + strings.Replace(fmt.Sprintf("%v", this.Discrete), "GenericDiscrete", "GenericDiscrete", 1) + `,`, + `}`, + }, "") + return s +} func (this *Resources) String() string { if this == nil { return "nil" @@ -7063,6 +7517,7 @@ func (this *Resources) String() string { s := strings.Join([]string{`&Resources{`, `NanoCPUs:` + fmt.Sprintf("%v", this.NanoCPUs) + `,`, `MemoryBytes:` + fmt.Sprintf("%v", this.MemoryBytes) + `,`, + `Generic:` + strings.Replace(fmt.Sprintf("%v", this.Generic), "GenericResource", "GenericResource", 1) + `,`, `}`, }, "") return s @@ -8258,6 +8713,326 @@ func (m *Annotations) Unmarshal(dAtA []byte) error { } return nil } +func (m *GenericString) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GenericString: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GenericString: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Kind = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Value", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Value = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTypes(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GenericDiscrete) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GenericDiscrete: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GenericDiscrete: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Kind = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Value", wireType) + } + m.Value = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Value |= (int64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + default: + iNdEx = preIndex + skippy, err := skipTypes(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GenericResource) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GenericResource: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GenericResource: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Str", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &GenericString{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &GenericResource_Str{v} + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Discrete", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &GenericDiscrete{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.Resource = &GenericResource_Discrete{v} + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTypes(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthTypes + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *Resources) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -8325,6 +9100,37 @@ func (m *Resources) Unmarshal(dAtA []byte) error { break } } + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Generic", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTypes + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTypes + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Generic = append(m.Generic, &GenericResource{}) + if err := m.Generic[len(m.Generic)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTypes(dAtA[iNdEx:]) @@ -16245,300 +17051,306 @@ var ( func init() { proto.RegisterFile("types.proto", fileDescriptorTypes) } var fileDescriptorTypes = []byte{ - // 4705 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x7a, 0x4d, 0x6c, 0x24, 0xd7, - 0x56, 0xbf, 0xfb, 0xd3, 0xdd, 0xa7, 0xdb, 0x76, 0xf9, 0x8e, 0x33, 0xf1, 0x74, 0x26, 0x76, 0xa7, - 0x92, 0x79, 0xf9, 0x78, 0xf9, 0x77, 0x66, 0x3c, 0x49, 0x34, 0x49, 0xfe, 0x2f, 0x49, 0x7f, 0x79, - 0xdc, 0x6f, 0xec, 0xee, 0xd6, 0xed, 0xf6, 0xcc, 0xcb, 0x02, 0x4a, 0xe5, 0xaa, 0xeb, 0x76, 0xc5, - 0xd5, 0x75, 0x9b, 0xaa, 0x6a, 0x7b, 0x9a, 0x07, 0x62, 0xc4, 0x02, 0x90, 0x57, 0xb0, 0x43, 0x42, - 0x66, 0x03, 0x2b, 0x84, 0xc4, 0x02, 0x24, 0x04, 0x1b, 0x82, 0xc4, 0x22, 0x3b, 0x1e, 0x20, 0xa1, - 0x27, 0x90, 0x0c, 0xf1, 0x82, 0x1d, 0x82, 0xcd, 0x13, 0x1b, 0x90, 0xd0, 0xfd, 0xa8, 0xea, 0x6a, - 0x4f, 0xd9, 0x9e, 0x90, 0xb7, 0xb1, 0xeb, 0x9e, 0xf3, 0x3b, 0xe7, 0xde, 0x7b, 0xee, 0xb9, 0xe7, - 0x9e, 0x73, 0x6f, 0x43, 0xc1, 0x9f, 0x8c, 0x88, 0x57, 0x19, 0xb9, 0xd4, 0xa7, 0x08, 0x99, 0xd4, - 0x38, 0x24, 0x6e, 0xc5, 0x3b, 0xd6, 0xdd, 0xe1, 0xa1, 0xe5, 0x57, 0x8e, 0xee, 0x95, 0xd6, 0x07, - 0x94, 0x0e, 0x6c, 0xf2, 0x1e, 0x47, 0xec, 0x8d, 0xf7, 0xdf, 0xf3, 0xad, 0x21, 0xf1, 0x7c, 0x7d, - 0x38, 0x12, 0x42, 0xa5, 0xb5, 0x8b, 0x00, 0x73, 0xec, 0xea, 0xbe, 0x45, 0x1d, 0xc9, 0x5f, 0x19, - 0xd0, 0x01, 0xe5, 0x9f, 0xef, 0xb1, 0x2f, 0x41, 0x55, 0xd7, 0x61, 0xfe, 0x31, 0x71, 0x3d, 0x8b, - 0x3a, 0x68, 0x05, 0x32, 0x96, 0x63, 0x92, 0xa7, 0xab, 0x89, 0x72, 0xe2, 0xad, 0x34, 0x16, 0x0d, - 0xf5, 0x2e, 0x40, 0x8b, 0x7d, 0x34, 0x1d, 0xdf, 0x9d, 0x20, 0x05, 0x52, 0x87, 0x64, 0xc2, 0x11, - 0x79, 0xcc, 0x3e, 0x19, 0xe5, 0x48, 0xb7, 0x57, 0x93, 0x82, 0x72, 0xa4, 0xdb, 0xea, 0x37, 0x09, - 0x28, 0x54, 0x1d, 0x87, 0xfa, 0xbc, 0x77, 0x0f, 0x21, 0x48, 0x3b, 0xfa, 0x90, 0x48, 0x21, 0xfe, - 0x8d, 0xea, 0x90, 0xb5, 0xf5, 0x3d, 0x62, 0x7b, 0xab, 0xc9, 0x72, 0xea, 0xad, 0xc2, 0xc6, 0xf7, - 0x2b, 0xcf, 0x4f, 0xb9, 0x12, 0x51, 0x52, 0xd9, 0xe6, 0x68, 0x3e, 0x08, 0x2c, 0x45, 0xd1, 0xa7, - 0x30, 0x6f, 0x39, 0xa6, 0x65, 0x10, 0x6f, 0x35, 0xcd, 0xb5, 0xac, 0xc5, 0x69, 0x99, 0x8e, 0xbe, - 0x96, 0xfe, 0xfa, 0x6c, 0x7d, 0x0e, 0x07, 0x42, 0xa5, 0x8f, 0xa0, 0x10, 0x51, 0x1b, 0x33, 0xb7, - 0x15, 0xc8, 0x1c, 0xe9, 0xf6, 0x98, 0xc8, 0xd9, 0x89, 0xc6, 0xc7, 0xc9, 0x07, 0x09, 0xf5, 0x0b, - 0xc8, 0x63, 0xe2, 0xd1, 0xb1, 0x6b, 0x10, 0x0f, 0xbd, 0x0d, 0x79, 0x47, 0x77, 0xa8, 0x66, 0x8c, - 0xc6, 0x1e, 0x17, 0x4f, 0xd5, 0x8a, 0xe7, 0x67, 0xeb, 0xb9, 0xb6, 0xee, 0xd0, 0x7a, 0x77, 0xd7, - 0xc3, 0x39, 0xc6, 0xae, 0x8f, 0xc6, 0x1e, 0x7a, 0x0d, 0x8a, 0x43, 0x32, 0xa4, 0xee, 0x44, 0xdb, - 0x9b, 0xf8, 0xc4, 0xe3, 0x8a, 0x53, 0xb8, 0x20, 0x68, 0x35, 0x46, 0x52, 0x7f, 0x3b, 0x01, 0x2b, - 0x81, 0x6e, 0x4c, 0x7e, 0x69, 0x6c, 0xb9, 0x64, 0x48, 0x1c, 0xdf, 0x43, 0x1f, 0x40, 0xd6, 0xb6, - 0x86, 0x96, 0x2f, 0xfa, 0x28, 0x6c, 0xbc, 0x1a, 0x37, 0xdb, 0x70, 0x54, 0x58, 0x82, 0x51, 0x15, - 0x8a, 0x2e, 0xf1, 0x88, 0x7b, 0x24, 0x2c, 0xc9, 0xbb, 0xbc, 0x56, 0x78, 0x46, 0x44, 0xdd, 0x84, - 0x5c, 0xd7, 0xd6, 0xfd, 0x7d, 0xea, 0x0e, 0x91, 0x0a, 0x45, 0xdd, 0x35, 0x0e, 0x2c, 0x9f, 0x18, - 0xfe, 0xd8, 0x0d, 0x56, 0x75, 0x86, 0x86, 0x6e, 0x42, 0x92, 0x8a, 0x8e, 0xf2, 0xb5, 0xec, 0xf9, - 0xd9, 0x7a, 0xb2, 0xd3, 0xc3, 0x49, 0xea, 0xa9, 0x9f, 0xc0, 0x72, 0xd7, 0x1e, 0x0f, 0x2c, 0xa7, - 0x41, 0x3c, 0xc3, 0xb5, 0x46, 0x4c, 0x3b, 0x73, 0x0f, 0xe6, 0xfb, 0x81, 0x7b, 0xb0, 0xef, 0xd0, - 0x65, 0x92, 0x53, 0x97, 0x51, 0x7f, 0x33, 0x09, 0xcb, 0x4d, 0x67, 0x60, 0x39, 0x24, 0x2a, 0x7d, - 0x07, 0x16, 0x09, 0x27, 0x6a, 0x47, 0xc2, 0x8d, 0xa5, 0x9e, 0x05, 0x41, 0x0d, 0x7c, 0xbb, 0x75, - 0xc1, 0xdf, 0xee, 0xc5, 0x4d, 0xff, 0x39, 0xed, 0xb1, 0x5e, 0xd7, 0x84, 0xf9, 0x11, 0x9f, 0x84, - 0xb7, 0x9a, 0xe2, 0xba, 0xee, 0xc4, 0xe9, 0x7a, 0x6e, 0x9e, 0x81, 0xf3, 0x49, 0xd9, 0xef, 0xe2, - 0x7c, 0x7f, 0x9c, 0x84, 0xa5, 0x36, 0x35, 0x67, 0xec, 0x50, 0x82, 0xdc, 0x01, 0xf5, 0xfc, 0xc8, - 0x46, 0x0b, 0xdb, 0xe8, 0x01, 0xe4, 0x46, 0x72, 0xf9, 0xe4, 0xea, 0xdf, 0x8e, 0x1f, 0xb2, 0xc0, - 0xe0, 0x10, 0x8d, 0x3e, 0x81, 0xbc, 0x1b, 0xf8, 0xc4, 0x6a, 0xea, 0x45, 0x1c, 0x67, 0x8a, 0x47, - 0x3f, 0x80, 0xac, 0x58, 0x84, 0xd5, 0x34, 0x97, 0xbc, 0xf3, 0x42, 0x36, 0xc7, 0x52, 0x08, 0x3d, - 0x84, 0x9c, 0x6f, 0x7b, 0x9a, 0xe5, 0xec, 0xd3, 0xd5, 0x0c, 0x57, 0xb0, 0x1e, 0xa7, 0x80, 0x19, - 0xa2, 0xbf, 0xdd, 0x6b, 0x39, 0xfb, 0xb4, 0x56, 0x38, 0x3f, 0x5b, 0x9f, 0x97, 0x0d, 0x3c, 0xef, - 0xdb, 0x1e, 0xfb, 0x50, 0x7f, 0x27, 0x01, 0x85, 0x08, 0x0a, 0xbd, 0x0a, 0xe0, 0xbb, 0x63, 0xcf, - 0xd7, 0x5c, 0x4a, 0x7d, 0x6e, 0xac, 0x22, 0xce, 0x73, 0x0a, 0xa6, 0xd4, 0x47, 0x15, 0xb8, 0x61, - 0x10, 0xd7, 0xd7, 0x2c, 0xcf, 0x1b, 0x13, 0x57, 0xf3, 0xc6, 0x7b, 0x5f, 0x12, 0xc3, 0xe7, 0x86, - 0x2b, 0xe2, 0x65, 0xc6, 0x6a, 0x71, 0x4e, 0x4f, 0x30, 0xd0, 0x7d, 0xb8, 0x19, 0xc5, 0x8f, 0xc6, - 0x7b, 0xb6, 0x65, 0x68, 0x6c, 0x31, 0x53, 0x5c, 0xe4, 0xc6, 0x54, 0xa4, 0xcb, 0x79, 0x8f, 0xc8, - 0x44, 0xfd, 0x69, 0x02, 0x14, 0xac, 0xef, 0xfb, 0x3b, 0x64, 0xb8, 0x47, 0xdc, 0x9e, 0xaf, 0xfb, - 0x63, 0x0f, 0xdd, 0x84, 0xac, 0x4d, 0x74, 0x93, 0xb8, 0x7c, 0x50, 0x39, 0x2c, 0x5b, 0x68, 0x97, - 0xed, 0x60, 0xdd, 0x38, 0xd0, 0xf7, 0x2c, 0xdb, 0xf2, 0x27, 0x7c, 0x28, 0x8b, 0xf1, 0x2e, 0x7c, - 0x51, 0x67, 0x05, 0x47, 0x04, 0xf1, 0x8c, 0x1a, 0xb4, 0x0a, 0xf3, 0x43, 0xe2, 0x79, 0xfa, 0x80, - 0xf0, 0x91, 0xe6, 0x71, 0xd0, 0x54, 0x3f, 0x81, 0x62, 0x54, 0x0e, 0x15, 0x60, 0x7e, 0xb7, 0xfd, - 0xa8, 0xdd, 0x79, 0xd2, 0x56, 0xe6, 0xd0, 0x12, 0x14, 0x76, 0xdb, 0xb8, 0x59, 0xad, 0x6f, 0x55, - 0x6b, 0xdb, 0x4d, 0x25, 0x81, 0x16, 0x20, 0x3f, 0x6d, 0x26, 0xd5, 0x3f, 0x4d, 0x00, 0x30, 0x73, - 0xcb, 0x49, 0x7d, 0x0c, 0x19, 0xcf, 0xd7, 0x7d, 0xe1, 0x95, 0x8b, 0x1b, 0x6f, 0x5c, 0xb6, 0x86, - 0x72, 0xbc, 0xec, 0x1f, 0xc1, 0x42, 0x24, 0x3a, 0xc2, 0xe4, 0xcc, 0x08, 0x59, 0x80, 0xd0, 0x4d, - 0xd3, 0x95, 0x03, 0xe7, 0xdf, 0xea, 0x27, 0x90, 0xe1, 0xd2, 0xb3, 0xc3, 0xcd, 0x41, 0xba, 0xc1, - 0xbe, 0x12, 0x28, 0x0f, 0x19, 0xdc, 0xac, 0x36, 0xbe, 0x50, 0x92, 0x48, 0x81, 0x62, 0xa3, 0xd5, - 0xab, 0x77, 0xda, 0xed, 0x66, 0xbd, 0xdf, 0x6c, 0x28, 0x29, 0xf5, 0x0e, 0x64, 0x5a, 0x43, 0xa6, - 0xf9, 0x36, 0x73, 0xf9, 0x7d, 0xe2, 0x12, 0xc7, 0x08, 0x76, 0xd2, 0x94, 0xa0, 0xfe, 0x24, 0x0f, - 0x99, 0x1d, 0x3a, 0x76, 0x7c, 0xb4, 0x11, 0x09, 0x5b, 0x8b, 0xf1, 0x27, 0x0f, 0x07, 0x56, 0xfa, - 0x93, 0x11, 0x91, 0x61, 0xed, 0x26, 0x64, 0xc5, 0xe6, 0x90, 0xd3, 0x91, 0x2d, 0x46, 0xf7, 0x75, - 0x77, 0x40, 0x7c, 0x39, 0x1f, 0xd9, 0x42, 0x6f, 0x41, 0xce, 0x25, 0xba, 0x49, 0x1d, 0x7b, 0xc2, - 0xf7, 0x50, 0x4e, 0x9c, 0x2b, 0x98, 0xe8, 0x66, 0xc7, 0xb1, 0x27, 0x38, 0xe4, 0xa2, 0x2d, 0x28, - 0xee, 0x59, 0x8e, 0xa9, 0xd1, 0x91, 0x08, 0xf2, 0x99, 0xcb, 0x77, 0x9c, 0x18, 0x55, 0xcd, 0x72, - 0xcc, 0x8e, 0x00, 0xe3, 0xc2, 0xde, 0xb4, 0x81, 0xda, 0xb0, 0x78, 0x44, 0xed, 0xf1, 0x90, 0x84, - 0xba, 0xb2, 0x5c, 0xd7, 0x9b, 0x97, 0xeb, 0x7a, 0xcc, 0xf1, 0x81, 0xb6, 0x85, 0xa3, 0x68, 0x13, - 0x3d, 0x82, 0x05, 0x7f, 0x38, 0xda, 0xf7, 0x42, 0x75, 0xf3, 0x5c, 0xdd, 0xf7, 0xae, 0x30, 0x18, - 0x83, 0x07, 0xda, 0x8a, 0x7e, 0xa4, 0x55, 0xfa, 0xf5, 0x14, 0x14, 0x22, 0x23, 0x47, 0x3d, 0x28, - 0x8c, 0x5c, 0x3a, 0xd2, 0x07, 0xfc, 0xa0, 0x92, 0x6b, 0x71, 0xef, 0x85, 0x66, 0x5d, 0xe9, 0x4e, - 0x05, 0x71, 0x54, 0x8b, 0x7a, 0x9a, 0x84, 0x42, 0x84, 0x89, 0xde, 0x81, 0x1c, 0xee, 0xe2, 0xd6, - 0xe3, 0x6a, 0xbf, 0xa9, 0xcc, 0x95, 0x6e, 0x9f, 0x9c, 0x96, 0x57, 0xb9, 0xb6, 0xa8, 0x82, 0xae, - 0x6b, 0x1d, 0x31, 0xd7, 0x7b, 0x0b, 0xe6, 0x03, 0x68, 0xa2, 0xf4, 0xca, 0xc9, 0x69, 0xf9, 0xe5, - 0x8b, 0xd0, 0x08, 0x12, 0xf7, 0xb6, 0xaa, 0xb8, 0xd9, 0x50, 0x92, 0xf1, 0x48, 0xdc, 0x3b, 0xd0, - 0x5d, 0x62, 0xa2, 0xef, 0x41, 0x56, 0x02, 0x53, 0xa5, 0xd2, 0xc9, 0x69, 0xf9, 0xe6, 0x45, 0xe0, - 0x14, 0x87, 0x7b, 0xdb, 0xd5, 0xc7, 0x4d, 0x25, 0x1d, 0x8f, 0xc3, 0x3d, 0x5b, 0x3f, 0x22, 0xe8, - 0x0d, 0xc8, 0x08, 0x58, 0xa6, 0x74, 0xeb, 0xe4, 0xb4, 0xfc, 0xd2, 0x73, 0xea, 0x18, 0xaa, 0xb4, - 0xfa, 0x5b, 0x7f, 0xb0, 0x36, 0xf7, 0x97, 0x7f, 0xb8, 0xa6, 0x5c, 0x64, 0x97, 0xfe, 0x3b, 0x01, - 0x0b, 0x33, 0x4b, 0x8e, 0x54, 0xc8, 0x3a, 0xd4, 0xa0, 0x23, 0x71, 0x7e, 0xe5, 0x6a, 0x70, 0x7e, - 0xb6, 0x9e, 0x6d, 0xd3, 0x3a, 0x1d, 0x4d, 0xb0, 0xe4, 0xa0, 0x47, 0x17, 0x4e, 0xe0, 0xfb, 0x2f, - 0xe8, 0x4f, 0xb1, 0x67, 0xf0, 0x67, 0xb0, 0x60, 0xba, 0xd6, 0x11, 0x71, 0x35, 0x83, 0x3a, 0xfb, - 0xd6, 0x40, 0x9e, 0x4d, 0xa5, 0x38, 0x9d, 0x0d, 0x0e, 0xc4, 0x45, 0x21, 0x50, 0xe7, 0xf8, 0xef, - 0x70, 0xfa, 0x96, 0x1e, 0x43, 0x31, 0xea, 0xa1, 0xec, 0x38, 0xf1, 0xac, 0x5f, 0x26, 0x32, 0xa1, - 0xe3, 0xe9, 0x1f, 0xce, 0x33, 0x0a, 0x4f, 0xe7, 0xd0, 0x9b, 0x90, 0x1e, 0x52, 0x53, 0xe8, 0x59, - 0xa8, 0xdd, 0x60, 0x49, 0xc0, 0x3f, 0x9d, 0xad, 0x17, 0xa8, 0x57, 0xd9, 0xb4, 0x6c, 0xb2, 0x43, - 0x4d, 0x82, 0x39, 0x40, 0x3d, 0x82, 0x34, 0x0b, 0x15, 0xe8, 0x15, 0x48, 0xd7, 0x5a, 0xed, 0x86, - 0x32, 0x57, 0x5a, 0x3e, 0x39, 0x2d, 0x2f, 0x70, 0x93, 0x30, 0x06, 0xf3, 0x5d, 0xb4, 0x0e, 0xd9, - 0xc7, 0x9d, 0xed, 0xdd, 0x1d, 0xe6, 0x5e, 0x37, 0x4e, 0x4e, 0xcb, 0x4b, 0x21, 0x5b, 0x18, 0x0d, - 0xbd, 0x0a, 0x99, 0xfe, 0x4e, 0x77, 0xb3, 0xa7, 0x24, 0x4b, 0xe8, 0xe4, 0xb4, 0xbc, 0x18, 0xf2, - 0xf9, 0x98, 0x4b, 0xcb, 0x72, 0x55, 0xf3, 0x21, 0x5d, 0xfd, 0x59, 0x12, 0x16, 0x30, 0xab, 0x24, - 0x5c, 0xbf, 0x4b, 0x6d, 0xcb, 0x98, 0xa0, 0x2e, 0xe4, 0x0d, 0xea, 0x98, 0x56, 0x64, 0x4f, 0x6d, - 0x5c, 0x72, 0xea, 0x4f, 0xa5, 0x82, 0x56, 0x3d, 0x90, 0xc4, 0x53, 0x25, 0xe8, 0x3d, 0xc8, 0x98, - 0xc4, 0xd6, 0x27, 0x32, 0xfd, 0xb8, 0x55, 0x11, 0xb5, 0x4a, 0x25, 0xa8, 0x55, 0x2a, 0x0d, 0x59, - 0xab, 0x60, 0x81, 0xe3, 0x79, 0xb2, 0xfe, 0x54, 0xd3, 0x7d, 0x9f, 0x0c, 0x47, 0xbe, 0xc8, 0x3d, - 0xd2, 0xb8, 0x30, 0xd4, 0x9f, 0x56, 0x25, 0x09, 0xdd, 0x83, 0xec, 0xb1, 0xe5, 0x98, 0xf4, 0x58, - 0xa6, 0x17, 0x57, 0x28, 0x95, 0x40, 0xf5, 0x84, 0x9d, 0xba, 0x17, 0x86, 0xc9, 0xec, 0xdd, 0xee, - 0xb4, 0x9b, 0x81, 0xbd, 0x25, 0xbf, 0xe3, 0xb4, 0xa9, 0xc3, 0xf6, 0x0a, 0x74, 0xda, 0xda, 0x66, - 0xb5, 0xb5, 0xbd, 0x8b, 0x99, 0xcd, 0x57, 0x4e, 0x4e, 0xcb, 0x4a, 0x08, 0xd9, 0xd4, 0x2d, 0x9b, - 0xe5, 0xbb, 0xb7, 0x20, 0x55, 0x6d, 0x7f, 0xa1, 0x24, 0x4b, 0xca, 0xc9, 0x69, 0xb9, 0x18, 0xb2, - 0xab, 0xce, 0x64, 0xba, 0x8d, 0x2e, 0xf6, 0xab, 0xfe, 0x6d, 0x0a, 0x8a, 0xbb, 0x23, 0x53, 0xf7, - 0x89, 0xf0, 0x49, 0x54, 0x86, 0xc2, 0x48, 0x77, 0x75, 0xdb, 0x26, 0xb6, 0xe5, 0x0d, 0x65, 0x15, - 0x16, 0x25, 0xa1, 0x8f, 0x5e, 0xd4, 0x8c, 0xb5, 0x1c, 0xf3, 0xb3, 0xdf, 0xfd, 0x97, 0xf5, 0x44, - 0x60, 0xd0, 0x5d, 0x58, 0xdc, 0x17, 0xa3, 0xd5, 0x74, 0x83, 0x2f, 0x6c, 0x8a, 0x2f, 0x6c, 0x25, - 0x6e, 0x61, 0xa3, 0xc3, 0xaa, 0xc8, 0x49, 0x56, 0xb9, 0x14, 0x5e, 0xd8, 0x8f, 0x36, 0xd1, 0x7d, - 0x98, 0x1f, 0x52, 0xc7, 0xf2, 0xa9, 0x7b, 0xfd, 0x2a, 0x04, 0x48, 0xf4, 0x0e, 0x2c, 0xb3, 0xc5, - 0x0d, 0xc6, 0xc3, 0xd9, 0xfc, 0xc4, 0x4a, 0xe2, 0xa5, 0xa1, 0xfe, 0x54, 0x76, 0x88, 0x19, 0x19, - 0xd5, 0x20, 0x43, 0x5d, 0x96, 0x12, 0x65, 0xf9, 0x70, 0xdf, 0xbd, 0x76, 0xb8, 0xa2, 0xd1, 0x61, - 0x32, 0x58, 0x88, 0xaa, 0x1f, 0xc2, 0xc2, 0xcc, 0x24, 0x58, 0x26, 0xd0, 0xad, 0xee, 0xf6, 0x9a, - 0xca, 0x1c, 0x2a, 0x42, 0xae, 0xde, 0x69, 0xf7, 0x5b, 0xed, 0x5d, 0x96, 0xca, 0x14, 0x21, 0x87, - 0x3b, 0xdb, 0xdb, 0xb5, 0x6a, 0xfd, 0x91, 0x92, 0x54, 0x2b, 0x50, 0x88, 0x68, 0x43, 0x8b, 0x00, - 0xbd, 0x7e, 0xa7, 0xab, 0x6d, 0xb6, 0x70, 0xaf, 0x2f, 0x12, 0xa1, 0x5e, 0xbf, 0x8a, 0xfb, 0x92, - 0x90, 0x50, 0xff, 0x23, 0x19, 0xac, 0xa8, 0xcc, 0x7d, 0x6a, 0xb3, 0xb9, 0xcf, 0x15, 0x83, 0x97, - 0xd9, 0xcf, 0xb4, 0x11, 0xe6, 0x40, 0x1f, 0x01, 0x70, 0xc7, 0x21, 0xa6, 0xa6, 0xfb, 0x72, 0xe1, - 0x4b, 0xcf, 0x19, 0xb9, 0x1f, 0x5c, 0x06, 0xe0, 0xbc, 0x44, 0x57, 0x7d, 0xf4, 0x03, 0x28, 0x1a, - 0x74, 0x38, 0xb2, 0x89, 0x14, 0x4e, 0x5d, 0x2b, 0x5c, 0x08, 0xf1, 0x55, 0x3f, 0x9a, 0x7d, 0xa5, - 0x67, 0xf3, 0xc3, 0xdf, 0x48, 0x04, 0x96, 0x89, 0x49, 0xb8, 0x8a, 0x90, 0xdb, 0xed, 0x36, 0xaa, - 0xfd, 0x56, 0xfb, 0xa1, 0x92, 0x40, 0x00, 0x59, 0x6e, 0xea, 0x86, 0x92, 0x64, 0x89, 0x62, 0xbd, - 0xb3, 0xd3, 0xdd, 0x6e, 0xf2, 0x94, 0x0b, 0xad, 0x80, 0x12, 0x18, 0x5b, 0xe3, 0x86, 0x6c, 0x36, - 0x94, 0x34, 0xba, 0x01, 0x4b, 0x21, 0x55, 0x4a, 0x66, 0xd0, 0x4d, 0x40, 0x21, 0x71, 0xaa, 0x22, - 0xab, 0xfe, 0x2a, 0x2c, 0xd5, 0xa9, 0xe3, 0xeb, 0x96, 0x13, 0x26, 0xd1, 0x1b, 0x6c, 0xd2, 0x92, - 0xa4, 0x59, 0xa6, 0x88, 0xe9, 0xb5, 0xa5, 0xf3, 0xb3, 0xf5, 0x42, 0x08, 0x6d, 0x35, 0xd8, 0x4c, - 0x83, 0x86, 0xc9, 0xf6, 0xef, 0xc8, 0x32, 0xb9, 0x71, 0x33, 0xb5, 0xf9, 0xf3, 0xb3, 0xf5, 0x54, - 0xb7, 0xd5, 0xc0, 0x8c, 0x86, 0x5e, 0x81, 0x3c, 0x79, 0x6a, 0xf9, 0x9a, 0xc1, 0x62, 0x38, 0x33, - 0x60, 0x06, 0xe7, 0x18, 0xa1, 0xce, 0x42, 0x76, 0x0d, 0xa0, 0x4b, 0x5d, 0x5f, 0xf6, 0xfc, 0x3e, - 0x64, 0x46, 0xd4, 0xe5, 0xe5, 0xf9, 0xa5, 0x97, 0x11, 0x0c, 0x2e, 0x1c, 0x15, 0x0b, 0xb0, 0xfa, - 0x57, 0x49, 0x80, 0xbe, 0xee, 0x1d, 0x4a, 0x25, 0x0f, 0x20, 0x1f, 0x5e, 0xec, 0xc8, 0x3a, 0xff, - 0xca, 0xd5, 0x0e, 0xc1, 0xe8, 0x7e, 0xe0, 0x6c, 0xa2, 0x3c, 0x88, 0xad, 0xd3, 0x82, 0x8e, 0xe2, - 0x32, 0xec, 0xd9, 0x1a, 0x80, 0x1d, 0x89, 0xc4, 0x75, 0xe5, 0xca, 0xb3, 0x4f, 0x54, 0xe7, 0xc7, - 0x82, 0x30, 0x9a, 0x4c, 0x30, 0x5f, 0x8f, 0xeb, 0xe4, 0xc2, 0x8a, 0x6c, 0xcd, 0xe1, 0xa9, 0x1c, - 0xfa, 0x0c, 0x0a, 0x6c, 0xde, 0x9a, 0xc7, 0x79, 0x32, 0xb7, 0xbc, 0xd4, 0x54, 0x42, 0x03, 0x86, - 0x51, 0xf8, 0x5d, 0x53, 0x60, 0xd1, 0x1d, 0x3b, 0x6c, 0xda, 0x52, 0x87, 0xfa, 0x27, 0x49, 0x78, - 0xb9, 0x4d, 0xfc, 0x63, 0xea, 0x1e, 0x56, 0x7d, 0x5f, 0x37, 0x0e, 0x86, 0xc4, 0x91, 0x46, 0x8e, - 0x64, 0xd6, 0x89, 0x99, 0xcc, 0x7a, 0x15, 0xe6, 0x75, 0xdb, 0xd2, 0x3d, 0x22, 0xd2, 0x91, 0x3c, - 0x0e, 0x9a, 0x2c, 0xff, 0x67, 0xd5, 0x04, 0xf1, 0x3c, 0x22, 0x0a, 0xfc, 0x3c, 0x9e, 0x12, 0xd0, - 0x8f, 0xe1, 0xa6, 0x4c, 0x3c, 0xf4, 0xb0, 0x2b, 0x96, 0xd9, 0x06, 0x37, 0x50, 0xcd, 0xd8, 0xf2, - 0x26, 0x7e, 0x70, 0x32, 0x33, 0x99, 0x92, 0x3b, 0x23, 0x5f, 0xe6, 0x39, 0x2b, 0x66, 0x0c, 0xab, - 0xf4, 0x10, 0x6e, 0x5d, 0x2a, 0xf2, 0xad, 0x2e, 0x10, 0xfe, 0x21, 0x09, 0xd0, 0xea, 0x56, 0x77, - 0xa4, 0x91, 0x1a, 0x90, 0xdd, 0xd7, 0x87, 0x96, 0x3d, 0xb9, 0x2a, 0x4e, 0x4d, 0xf1, 0x95, 0xaa, - 0x30, 0xc7, 0x26, 0x97, 0xc1, 0x52, 0x96, 0x17, 0x37, 0xe3, 0x3d, 0x87, 0xf8, 0x61, 0x71, 0xc3, - 0x5b, 0x6c, 0x18, 0xae, 0xee, 0x84, 0x0e, 0x26, 0x1a, 0x6c, 0x01, 0x06, 0xba, 0x4f, 0x8e, 0xf5, - 0x49, 0x10, 0x5c, 0x64, 0x13, 0x6d, 0xb1, 0xa2, 0xc7, 0x23, 0xee, 0x11, 0x31, 0x57, 0x33, 0xdc, - 0xa8, 0xd7, 0x8d, 0x07, 0x4b, 0xb8, 0xb0, 0x5d, 0x28, 0x5d, 0xfa, 0x84, 0x27, 0x36, 0x53, 0xd6, - 0xb7, 0xb2, 0xd1, 0x5d, 0x58, 0x98, 0x99, 0xe7, 0x73, 0x55, 0x65, 0xab, 0xfb, 0xf8, 0x7d, 0x25, - 0x2d, 0xbf, 0x3e, 0x54, 0xb2, 0xea, 0x1f, 0xa5, 0x44, 0x38, 0x90, 0x56, 0x8d, 0xbf, 0xf6, 0xcc, - 0xf1, 0x4d, 0x6c, 0x50, 0x5b, 0x6e, 0xd3, 0x37, 0xaf, 0x8e, 0x12, 0xac, 0x4a, 0xe1, 0x70, 0x1c, - 0x0a, 0xa2, 0x75, 0x28, 0x08, 0x2f, 0xd6, 0xd8, 0xb6, 0xe0, 0x66, 0x5d, 0xc0, 0x20, 0x48, 0x4c, - 0x12, 0xdd, 0x81, 0x45, 0x7e, 0x0b, 0xe1, 0x1d, 0x10, 0x53, 0x60, 0xd2, 0x1c, 0xb3, 0x10, 0x52, - 0x39, 0x6c, 0x07, 0x8a, 0x92, 0xa0, 0xf1, 0x0c, 0x35, 0xc3, 0x07, 0xf4, 0xce, 0x75, 0x03, 0x12, - 0x22, 0x3c, 0x71, 0x2d, 0x8c, 0xa6, 0x0d, 0xb5, 0x01, 0xb9, 0x60, 0xb0, 0x68, 0x15, 0x52, 0xfd, - 0x7a, 0x57, 0x99, 0x2b, 0x2d, 0x9d, 0x9c, 0x96, 0x0b, 0x01, 0xb9, 0x5f, 0xef, 0x32, 0xce, 0x6e, - 0xa3, 0xab, 0x24, 0x66, 0x39, 0xbb, 0x8d, 0x6e, 0x29, 0xcd, 0x32, 0x25, 0x75, 0x1f, 0x0a, 0x91, - 0x1e, 0xd0, 0xeb, 0x30, 0xdf, 0x6a, 0x3f, 0xc4, 0xcd, 0x5e, 0x4f, 0x99, 0x2b, 0xdd, 0x3c, 0x39, - 0x2d, 0xa3, 0x08, 0xb7, 0xe5, 0x0c, 0xd8, 0xfa, 0xa0, 0x57, 0x21, 0xbd, 0xd5, 0x61, 0x27, 0xb0, - 0x48, 0x89, 0x23, 0x88, 0x2d, 0xea, 0xf9, 0xa5, 0x1b, 0x32, 0x05, 0x8b, 0x2a, 0x56, 0x7f, 0x2f, - 0x01, 0x59, 0xb1, 0x99, 0x62, 0x17, 0xaa, 0x0a, 0xf3, 0x41, 0xbd, 0x2a, 0xca, 0x95, 0x37, 0x2f, - 0x2f, 0x2d, 0x2a, 0xb2, 0x12, 0x10, 0xee, 0x17, 0xc8, 0x95, 0x3e, 0x86, 0x62, 0x94, 0xf1, 0xad, - 0x9c, 0xef, 0xc7, 0x50, 0x60, 0xfe, 0x1d, 0x94, 0x18, 0x1b, 0x90, 0x15, 0x01, 0x21, 0x3c, 0x11, - 0x2e, 0xaf, 0x73, 0x24, 0x12, 0x3d, 0x80, 0x79, 0x51, 0x1b, 0x05, 0xd7, 0x94, 0x6b, 0x57, 0xef, - 0x22, 0x1c, 0xc0, 0xd5, 0xcf, 0x20, 0xdd, 0x25, 0xc4, 0x65, 0xb6, 0x77, 0xa8, 0x49, 0xa6, 0x87, - 0xa8, 0x2c, 0xeb, 0x4c, 0xd2, 0x6a, 0xb0, 0xb2, 0xce, 0x24, 0x2d, 0x33, 0xbc, 0x88, 0x49, 0x46, - 0x2e, 0x62, 0xfa, 0x50, 0x7c, 0x42, 0xac, 0xc1, 0x81, 0x4f, 0x4c, 0xae, 0xe8, 0x5d, 0x48, 0x8f, - 0x48, 0x38, 0xf8, 0xd5, 0x58, 0x07, 0x23, 0xc4, 0xc5, 0x1c, 0xc5, 0xe2, 0xc8, 0x31, 0x97, 0x96, - 0x97, 0xe3, 0xb2, 0xa5, 0xfe, 0x7d, 0x12, 0x16, 0x5b, 0x9e, 0x37, 0xd6, 0x1d, 0x23, 0xc8, 0xaf, - 0x3e, 0x9d, 0xcd, 0xaf, 0xde, 0x8a, 0x9d, 0xe1, 0x8c, 0xc8, 0xec, 0xfd, 0x92, 0x3c, 0xe3, 0x92, - 0xe1, 0x19, 0xa7, 0xfe, 0x7b, 0x22, 0xb8, 0x44, 0xba, 0x13, 0xd9, 0xee, 0xa5, 0xd5, 0x93, 0xd3, - 0xf2, 0x4a, 0x54, 0x13, 0xd9, 0x75, 0x0e, 0x1d, 0x7a, 0xec, 0xa0, 0xd7, 0x20, 0x83, 0x9b, 0xed, - 0xe6, 0x13, 0x25, 0x21, 0xdc, 0x73, 0x06, 0x84, 0x89, 0x43, 0x8e, 0x99, 0xa6, 0x6e, 0xb3, 0xdd, - 0x60, 0xf9, 0x50, 0x32, 0x46, 0x53, 0x97, 0x38, 0xa6, 0xe5, 0x0c, 0xd0, 0xeb, 0x90, 0x6d, 0xf5, - 0x7a, 0xbb, 0xbc, 0xcc, 0x7f, 0xf9, 0xe4, 0xb4, 0x7c, 0x63, 0x06, 0xc5, 0x2f, 0x10, 0x4d, 0x06, - 0x62, 0xc5, 0x08, 0xcb, 0x94, 0x62, 0x40, 0x2c, 0xcb, 0x15, 0x20, 0xdc, 0xe9, 0x57, 0xfb, 0xac, - 0xc2, 0x7f, 0x1e, 0x84, 0x29, 0xfb, 0x2b, 0xb7, 0xdb, 0x3f, 0x27, 0x41, 0xa9, 0x1a, 0x06, 0x19, - 0xf9, 0x8c, 0x2f, 0xeb, 0xbf, 0x3e, 0xe4, 0x46, 0xec, 0xcb, 0x22, 0x41, 0x2e, 0xf3, 0x20, 0xf6, - 0x79, 0xe6, 0x82, 0x5c, 0x05, 0x53, 0x9b, 0x54, 0xcd, 0xa1, 0xe5, 0x79, 0x16, 0x75, 0x04, 0x0d, - 0x87, 0x9a, 0x4a, 0xff, 0x99, 0x80, 0x1b, 0x31, 0x08, 0x74, 0x17, 0xd2, 0x2e, 0xb5, 0x83, 0x35, - 0xbc, 0x7d, 0xd9, 0xfd, 0x20, 0x13, 0xc5, 0x1c, 0x89, 0xd6, 0x00, 0xf4, 0xb1, 0x4f, 0x75, 0xde, - 0x3f, 0x5f, 0xbd, 0x1c, 0x8e, 0x50, 0xd0, 0x13, 0xc8, 0x7a, 0xc4, 0x70, 0x49, 0x90, 0xf1, 0x7e, - 0xf6, 0x7f, 0x1d, 0x7d, 0xa5, 0xc7, 0xd5, 0x60, 0xa9, 0xae, 0x54, 0x81, 0xac, 0xa0, 0x30, 0xb7, - 0x37, 0x75, 0x5f, 0x97, 0xb7, 0xc7, 0xfc, 0x9b, 0x79, 0x93, 0x6e, 0x0f, 0x02, 0x6f, 0xd2, 0xed, - 0x81, 0xfa, 0x37, 0x49, 0x80, 0xe6, 0x53, 0x9f, 0xb8, 0x8e, 0x6e, 0xd7, 0xab, 0xa8, 0x19, 0x89, - 0xfe, 0x62, 0xb6, 0x6f, 0xc7, 0x5e, 0x89, 0x87, 0x12, 0x95, 0x7a, 0x35, 0x26, 0xfe, 0xdf, 0x82, - 0xd4, 0xd8, 0x95, 0x2f, 0x6e, 0x22, 0x5b, 0xdd, 0xc5, 0xdb, 0x98, 0xd1, 0x50, 0x73, 0x1a, 0xb6, - 0x52, 0x97, 0xbf, 0xab, 0x45, 0x3a, 0x88, 0x0d, 0x5d, 0x6c, 0xe7, 0x1b, 0xba, 0x66, 0x10, 0x79, - 0x72, 0x14, 0xc5, 0xce, 0xaf, 0x57, 0xeb, 0xc4, 0xf5, 0x71, 0xd6, 0xd0, 0xd9, 0xff, 0xef, 0x14, - 0xdf, 0xde, 0x05, 0x98, 0x4e, 0x0d, 0xad, 0x41, 0xa6, 0xbe, 0xd9, 0xeb, 0x6d, 0x2b, 0x73, 0x22, - 0x80, 0x4f, 0x59, 0x9c, 0xac, 0xfe, 0x45, 0x12, 0x72, 0xf5, 0xaa, 0x3c, 0x56, 0xeb, 0xa0, 0xf0, - 0xa8, 0xc4, 0xef, 0xdc, 0xc9, 0xd3, 0x91, 0xe5, 0x4e, 0x64, 0x60, 0xb9, 0xa2, 0xf4, 0x5c, 0x64, - 0x22, 0x6c, 0xd4, 0x4d, 0x2e, 0x80, 0x30, 0x14, 0x89, 0x34, 0x82, 0x66, 0xe8, 0x41, 0x8c, 0x5f, - 0xbb, 0xda, 0x58, 0xa2, 0x88, 0x98, 0xb6, 0x3d, 0x5c, 0x08, 0x94, 0xd4, 0x75, 0x0f, 0x7d, 0x04, - 0x4b, 0x9e, 0x35, 0x70, 0x2c, 0x67, 0xa0, 0x05, 0xc6, 0xe3, 0x0f, 0x00, 0xb5, 0xe5, 0xf3, 0xb3, - 0xf5, 0x85, 0x9e, 0x60, 0x49, 0x1b, 0x2e, 0x48, 0x64, 0x9d, 0x9b, 0x12, 0x7d, 0x08, 0x8b, 0x11, - 0x51, 0x66, 0x45, 0x61, 0x76, 0xe5, 0xfc, 0x6c, 0xbd, 0x18, 0x4a, 0x3e, 0x22, 0x13, 0x5c, 0x0c, - 0x05, 0x1f, 0x11, 0x7e, 0x4b, 0xb2, 0x4f, 0x5d, 0x83, 0x68, 0x2e, 0xdf, 0xd3, 0xfc, 0x04, 0x4f, - 0xe3, 0x02, 0xa7, 0x89, 0x6d, 0xae, 0x3e, 0x86, 0x1b, 0x1d, 0xd7, 0x38, 0x20, 0x9e, 0x2f, 0x4c, - 0x21, 0xad, 0xf8, 0x19, 0xdc, 0xf6, 0x75, 0xef, 0x50, 0x3b, 0xb0, 0x3c, 0x9f, 0xba, 0x13, 0xcd, - 0x25, 0x3e, 0x71, 0x18, 0x5f, 0xe3, 0xaf, 0x86, 0xf2, 0x1a, 0xeb, 0x16, 0xc3, 0x6c, 0x09, 0x08, - 0x0e, 0x10, 0xdb, 0x0c, 0xa0, 0xb6, 0xa0, 0xc8, 0x8a, 0x89, 0x06, 0xd9, 0xd7, 0xc7, 0xb6, 0xcf, - 0x66, 0x0f, 0x36, 0x1d, 0x68, 0x2f, 0x7c, 0x4c, 0xe5, 0x6d, 0x3a, 0x10, 0x9f, 0xea, 0x8f, 0x40, - 0x69, 0x58, 0xde, 0x48, 0xf7, 0x8d, 0x83, 0xe0, 0x7e, 0x0e, 0x35, 0x40, 0x39, 0x20, 0xba, 0xeb, - 0xef, 0x11, 0xdd, 0xd7, 0x46, 0xc4, 0xb5, 0xa8, 0x79, 0xfd, 0x2a, 0x2f, 0x85, 0x22, 0x5d, 0x2e, - 0xa1, 0xfe, 0x57, 0x02, 0x00, 0xeb, 0xfb, 0x41, 0x46, 0xf6, 0x7d, 0x58, 0xf6, 0x1c, 0x7d, 0xe4, - 0x1d, 0x50, 0x5f, 0xb3, 0x1c, 0x9f, 0xb8, 0x47, 0xba, 0x2d, 0xaf, 0x59, 0x94, 0x80, 0xd1, 0x92, - 0x74, 0xf4, 0x2e, 0xa0, 0x43, 0x42, 0x46, 0x1a, 0xb5, 0x4d, 0x2d, 0x60, 0x8a, 0x37, 0xcd, 0x34, - 0x56, 0x18, 0xa7, 0x63, 0x9b, 0xbd, 0x80, 0x8e, 0x6a, 0xb0, 0xc6, 0xa6, 0x4f, 0x1c, 0xdf, 0xb5, - 0x88, 0xa7, 0xed, 0x53, 0x57, 0xf3, 0x6c, 0x7a, 0xac, 0xed, 0x53, 0xdb, 0xa6, 0xc7, 0xc4, 0x0d, - 0x6e, 0xb0, 0x4a, 0x36, 0x1d, 0x34, 0x05, 0x68, 0x93, 0xba, 0x3d, 0x9b, 0x1e, 0x6f, 0x06, 0x08, - 0x96, 0xb6, 0x4d, 0xe7, 0xec, 0x5b, 0xc6, 0x61, 0x90, 0xb6, 0x85, 0xd4, 0xbe, 0x65, 0x1c, 0xa2, - 0xd7, 0x61, 0x81, 0xd8, 0x84, 0x5f, 0x64, 0x08, 0x54, 0x86, 0xa3, 0x8a, 0x01, 0x91, 0x81, 0xd4, - 0xcf, 0x41, 0x69, 0x3a, 0x86, 0x3b, 0x19, 0x45, 0xd6, 0xfc, 0x5d, 0x40, 0x2c, 0x48, 0x6a, 0x36, - 0x35, 0x0e, 0xb5, 0xa1, 0xee, 0xe8, 0x03, 0x36, 0x2e, 0xf1, 0xd4, 0xa4, 0x30, 0xce, 0x36, 0x35, - 0x0e, 0x77, 0x24, 0x5d, 0xfd, 0x08, 0xa0, 0x37, 0x72, 0x89, 0x6e, 0x76, 0x58, 0x36, 0xc1, 0x4c, - 0xc7, 0x5b, 0x9a, 0x29, 0x9f, 0xea, 0xa8, 0x2b, 0xb7, 0xba, 0x22, 0x18, 0x8d, 0x90, 0xae, 0xfe, - 0x02, 0xdc, 0xe8, 0xda, 0xba, 0xc1, 0x9f, 0xad, 0xbb, 0xe1, 0xdb, 0x09, 0x7a, 0x00, 0x59, 0x01, - 0x95, 0x2b, 0x19, 0xbb, 0xdd, 0xa6, 0x7d, 0x6e, 0xcd, 0x61, 0x89, 0xaf, 0x15, 0x01, 0xa6, 0x7a, - 0xd4, 0x3f, 0x4b, 0x40, 0x3e, 0xd4, 0x8f, 0xca, 0xc0, 0x4a, 0x79, 0xe6, 0xde, 0x96, 0x23, 0x6b, - 0xef, 0x3c, 0x8e, 0x92, 0x50, 0x0b, 0x0a, 0xa3, 0x50, 0xfa, 0xca, 0x7c, 0x2e, 0x66, 0xd4, 0x38, - 0x2a, 0x8b, 0x3e, 0x86, 0x7c, 0xf0, 0x36, 0x1a, 0x44, 0xd8, 0xab, 0x9f, 0x52, 0xa7, 0x70, 0xf5, - 0x53, 0x80, 0x1f, 0x52, 0xcb, 0xe9, 0xd3, 0x43, 0xe2, 0xf0, 0xb7, 0x3e, 0x56, 0x13, 0x92, 0xc0, - 0x8a, 0xb2, 0xc5, 0x0b, 0x72, 0xb1, 0x04, 0xe1, 0x93, 0x97, 0x68, 0xaa, 0x7f, 0x9d, 0x84, 0x2c, - 0xa6, 0xd4, 0xaf, 0x57, 0x51, 0x19, 0xb2, 0x32, 0x4e, 0xf0, 0xf3, 0xa7, 0x96, 0x3f, 0x3f, 0x5b, - 0xcf, 0x88, 0x00, 0x91, 0x31, 0x78, 0x64, 0x88, 0x44, 0xf0, 0xe4, 0x65, 0x11, 0x1c, 0xdd, 0x85, - 0xa2, 0x04, 0x69, 0x07, 0xba, 0x77, 0x20, 0x0a, 0xb4, 0xda, 0xe2, 0xf9, 0xd9, 0x3a, 0x08, 0xe4, - 0x96, 0xee, 0x1d, 0x60, 0x10, 0x68, 0xf6, 0x8d, 0x9a, 0x50, 0xf8, 0x92, 0x5a, 0x8e, 0xe6, 0xf3, - 0x49, 0xc8, 0x2b, 0xbf, 0xd8, 0x75, 0x9c, 0x4e, 0x55, 0x3e, 0x7c, 0xc3, 0x97, 0xd3, 0xc9, 0x37, - 0x61, 0xc1, 0xa5, 0xd4, 0x17, 0x61, 0xcb, 0xa2, 0x8e, 0xbc, 0x4d, 0x28, 0xc7, 0x5e, 0x32, 0x53, - 0xea, 0x63, 0x89, 0xc3, 0x45, 0x37, 0xd2, 0x42, 0x77, 0x61, 0xc5, 0xd6, 0x3d, 0x5f, 0xe3, 0xf1, - 0xce, 0x9c, 0x6a, 0xcb, 0xf2, 0xad, 0x86, 0x18, 0x6f, 0x93, 0xb3, 0x02, 0x09, 0xf5, 0x1f, 0x13, - 0x50, 0x60, 0x93, 0xb1, 0xf6, 0x2d, 0x83, 0x25, 0x79, 0xdf, 0x3e, 0xf7, 0xb8, 0x05, 0x29, 0xc3, - 0x73, 0xa5, 0x51, 0xf9, 0xe1, 0x5b, 0xef, 0x61, 0xcc, 0x68, 0xe8, 0x73, 0xc8, 0xca, 0x5b, 0x0d, - 0x91, 0x76, 0xa8, 0xd7, 0xa7, 0xa3, 0xd2, 0x36, 0x52, 0x8e, 0xfb, 0xf2, 0x74, 0x74, 0xe2, 0x10, - 0xc0, 0x51, 0x12, 0xba, 0x09, 0x49, 0x43, 0x98, 0x4b, 0xfe, 0xb2, 0xa2, 0xde, 0xc6, 0x49, 0xc3, - 0x51, 0xff, 0x2e, 0x01, 0x0b, 0xd3, 0x0d, 0xcf, 0x3c, 0xe0, 0x36, 0xe4, 0xbd, 0xf1, 0x9e, 0x37, - 0xf1, 0x7c, 0x32, 0x0c, 0xde, 0x31, 0x43, 0x02, 0x6a, 0x41, 0x5e, 0xb7, 0x07, 0xd4, 0xb5, 0xfc, - 0x83, 0xa1, 0xac, 0x44, 0xe3, 0x53, 0x85, 0xa8, 0xce, 0x4a, 0x35, 0x10, 0xc1, 0x53, 0xe9, 0xe0, - 0xdc, 0x17, 0x8f, 0xdd, 0xfc, 0xdc, 0x7f, 0x0d, 0x8a, 0xb6, 0x3e, 0xe4, 0xd7, 0x3c, 0xbe, 0x35, - 0x14, 0xf3, 0x48, 0xe3, 0x82, 0xa4, 0xf5, 0xad, 0x21, 0x51, 0x55, 0xc8, 0x87, 0xca, 0xd0, 0x12, - 0x14, 0xaa, 0xcd, 0x9e, 0x76, 0x6f, 0xe3, 0x81, 0xf6, 0xb0, 0xbe, 0xa3, 0xcc, 0xc9, 0xdc, 0xf4, - 0xcf, 0x13, 0xb0, 0x20, 0xc3, 0x91, 0xcc, 0xf7, 0x5f, 0x87, 0x79, 0x57, 0xdf, 0xf7, 0x83, 0x8a, - 0x24, 0x2d, 0xbc, 0x9a, 0x45, 0x78, 0x56, 0x91, 0x30, 0x56, 0x7c, 0x45, 0x12, 0x79, 0x59, 0x4f, - 0x5d, 0xf9, 0xb2, 0x9e, 0xfe, 0xb9, 0xbc, 0xac, 0xab, 0xbf, 0x06, 0xb0, 0x69, 0xd9, 0xa4, 0x2f, - 0xee, 0x9a, 0xe2, 0xea, 0x4b, 0x96, 0xc3, 0xc9, 0x1b, 0xc7, 0x20, 0x87, 0x6b, 0x35, 0x30, 0xa3, - 0x31, 0xd6, 0xc0, 0x32, 0xe5, 0x66, 0xe4, 0xac, 0x87, 0x8c, 0x35, 0xb0, 0xcc, 0xf0, 0x2d, 0x29, - 0x7d, 0xdd, 0x5b, 0xd2, 0x69, 0x02, 0x96, 0x64, 0xee, 0x1a, 0x86, 0xdf, 0xb7, 0x21, 0x2f, 0xd2, - 0xd8, 0x69, 0x41, 0xc7, 0x5f, 0x93, 0x05, 0xae, 0xd5, 0xc0, 0x39, 0xc1, 0x6e, 0x99, 0x68, 0x1d, - 0x0a, 0x12, 0x1a, 0xf9, 0x15, 0x0e, 0x08, 0x52, 0x9b, 0x0d, 0xff, 0x7d, 0x48, 0xef, 0x5b, 0x36, - 0x91, 0x8e, 0x1e, 0x1b, 0x00, 0xa6, 0x06, 0xd8, 0x9a, 0xc3, 0x1c, 0x5d, 0xcb, 0x05, 0x97, 0x71, - 0x7c, 0x7c, 0xb2, 0xec, 0x8c, 0x8e, 0x4f, 0x54, 0xa0, 0x17, 0xc6, 0x27, 0x70, 0x6c, 0x7c, 0x82, - 0x2d, 0xc6, 0x27, 0xa1, 0xd1, 0xf1, 0x09, 0xd2, 0xcf, 0x65, 0x7c, 0xdb, 0x70, 0xb3, 0x66, 0xeb, - 0xc6, 0xa1, 0x6d, 0x79, 0x3e, 0x31, 0xa3, 0x11, 0x63, 0x03, 0xb2, 0x33, 0x49, 0xe7, 0x55, 0x97, - 0xb3, 0x12, 0xa9, 0xfe, 0x5b, 0x02, 0x8a, 0x5b, 0x44, 0xb7, 0xfd, 0x83, 0xe9, 0xd5, 0x90, 0x4f, - 0x3c, 0x5f, 0x1e, 0x56, 0xfc, 0x1b, 0x7d, 0x00, 0xb9, 0x30, 0x27, 0xb9, 0xf6, 0x95, 0x2c, 0x84, - 0xa2, 0xfb, 0x30, 0xcf, 0xf6, 0x18, 0x1d, 0x07, 0xc5, 0xce, 0x55, 0x0f, 0x30, 0x12, 0xc9, 0x0e, - 0x19, 0x97, 0xf0, 0x24, 0x84, 0xbb, 0x52, 0x06, 0x07, 0x4d, 0xf4, 0xff, 0xa1, 0xc8, 0xdf, 0x0f, - 0x82, 0x9c, 0x2b, 0x73, 0x9d, 0xce, 0x82, 0x78, 0x02, 0x14, 0xf9, 0xd6, 0xff, 0x24, 0x60, 0x65, - 0x47, 0x9f, 0xec, 0x11, 0x19, 0x36, 0x88, 0x89, 0x89, 0x41, 0x5d, 0x13, 0x75, 0xa3, 0xe1, 0xe6, - 0x8a, 0x17, 0xc5, 0x38, 0xe1, 0xf8, 0xa8, 0x13, 0x14, 0x60, 0xc9, 0x48, 0x01, 0xb6, 0x02, 0x19, - 0x87, 0x3a, 0x06, 0x91, 0xb1, 0x48, 0x34, 0x54, 0x2b, 0x1a, 0x6a, 0x4a, 0xe1, 0x63, 0x1f, 0x7f, - 0xaa, 0x6b, 0x53, 0x3f, 0xec, 0x0d, 0x7d, 0x0e, 0xa5, 0x5e, 0xb3, 0x8e, 0x9b, 0xfd, 0x5a, 0xe7, - 0x47, 0x5a, 0xaf, 0xba, 0xdd, 0xab, 0x6e, 0xdc, 0xd5, 0xba, 0x9d, 0xed, 0x2f, 0xee, 0xdd, 0xbf, - 0xfb, 0x81, 0x92, 0x28, 0x95, 0x4f, 0x4e, 0xcb, 0xb7, 0xdb, 0xd5, 0xfa, 0xb6, 0xd8, 0x31, 0x7b, - 0xf4, 0x69, 0x4f, 0xb7, 0x3d, 0x7d, 0xe3, 0x6e, 0x97, 0xda, 0x13, 0x86, 0x61, 0x6e, 0x5d, 0x8c, - 0x9e, 0x57, 0xd1, 0x63, 0x38, 0x71, 0xe9, 0x31, 0x3c, 0x3d, 0xcd, 0x93, 0x97, 0x9c, 0xe6, 0x9b, - 0xb0, 0x62, 0xb8, 0xd4, 0xf3, 0x34, 0x96, 0xfd, 0x13, 0xf3, 0x42, 0x7d, 0xf1, 0xd2, 0xf9, 0xd9, - 0xfa, 0x72, 0x9d, 0xf1, 0x7b, 0x9c, 0x2d, 0xd5, 0x2f, 0x1b, 0x11, 0x12, 0xef, 0x49, 0xfd, 0xfd, - 0x14, 0x4b, 0xa4, 0xac, 0x23, 0xcb, 0x26, 0x03, 0xe2, 0xa1, 0xc7, 0xb0, 0x64, 0xb8, 0xc4, 0x64, - 0x69, 0xbd, 0x6e, 0x6b, 0xde, 0x88, 0x18, 0xd2, 0xa9, 0xff, 0x5f, 0x6c, 0x4e, 0x13, 0x0a, 0x56, - 0xea, 0xa1, 0x54, 0x6f, 0x44, 0x0c, 0xbc, 0x68, 0xcc, 0xb4, 0xd1, 0x97, 0xb0, 0xe4, 0x11, 0xdb, - 0x72, 0xc6, 0x4f, 0x35, 0x83, 0x3a, 0x3e, 0x79, 0x1a, 0xbc, 0x5b, 0x5d, 0xa7, 0xb7, 0xd7, 0xdc, - 0x66, 0x52, 0x75, 0x21, 0x54, 0x43, 0xe7, 0x67, 0xeb, 0x8b, 0xb3, 0x34, 0xbc, 0x28, 0x35, 0xcb, - 0x76, 0xa9, 0x0d, 0x8b, 0xb3, 0xa3, 0x41, 0x2b, 0x72, 0xef, 0xf3, 0x10, 0x12, 0xec, 0x6d, 0x74, - 0x1b, 0x72, 0x2e, 0x19, 0x58, 0x9e, 0xef, 0x0a, 0x33, 0x33, 0x4e, 0x48, 0x61, 0x3b, 0x5f, 0xfc, - 0x14, 0xa7, 0xf4, 0x2b, 0x70, 0xa1, 0x47, 0xb6, 0x59, 0x4c, 0xcb, 0xd3, 0xf7, 0xa4, 0xca, 0x1c, - 0x0e, 0x9a, 0xcc, 0x07, 0xc7, 0x5e, 0x98, 0xa8, 0xf1, 0x6f, 0x46, 0xe3, 0x19, 0x85, 0xfc, 0x61, - 0x12, 0xcf, 0x19, 0x82, 0x5f, 0x38, 0xa6, 0x23, 0xbf, 0x70, 0x5c, 0x81, 0x8c, 0x4d, 0x8e, 0x88, - 0x2d, 0xce, 0x72, 0x2c, 0x1a, 0xef, 0xfc, 0x2c, 0x05, 0xf9, 0xf0, 0x8d, 0x86, 0x9d, 0x04, 0xed, - 0xe6, 0x93, 0xc0, 0x57, 0x43, 0x7a, 0x9b, 0x1c, 0xa3, 0xd7, 0xa6, 0x77, 0x4a, 0x9f, 0x8b, 0x47, - 0xe9, 0x90, 0x1d, 0xdc, 0x27, 0xbd, 0x01, 0xb9, 0x6a, 0xaf, 0xd7, 0x7a, 0xd8, 0x6e, 0x36, 0x94, - 0xaf, 0x12, 0xa5, 0x97, 0x4e, 0x4e, 0xcb, 0xcb, 0x21, 0xa8, 0xea, 0x09, 0x57, 0xe2, 0xa8, 0x7a, - 0xbd, 0xd9, 0xed, 0x37, 0x1b, 0xca, 0xb3, 0xe4, 0x45, 0x14, 0xbf, 0x23, 0xe1, 0x3f, 0x2d, 0xc9, - 0x77, 0x71, 0xb3, 0x5b, 0xc5, 0xac, 0xc3, 0xaf, 0x92, 0xe2, 0xaa, 0x6b, 0xda, 0xa3, 0x4b, 0x46, - 0xba, 0xcb, 0xfa, 0x5c, 0x0b, 0x7e, 0x62, 0xf5, 0x2c, 0x25, 0x7e, 0x7e, 0x30, 0x7d, 0x70, 0x22, - 0xba, 0x39, 0x61, 0xbd, 0xf1, 0x97, 0x3e, 0xae, 0x26, 0x75, 0xa1, 0xb7, 0x1e, 0x8b, 0x24, 0x4c, - 0x8b, 0x0a, 0xf3, 0x78, 0xb7, 0xdd, 0x66, 0xa0, 0x67, 0xe9, 0x0b, 0xb3, 0xc3, 0x63, 0x87, 0xd5, - 0xbf, 0xe8, 0x0e, 0xe4, 0x82, 0x87, 0x40, 0xe5, 0xab, 0xf4, 0x85, 0x01, 0xd5, 0x83, 0x57, 0x4c, - 0xde, 0xe1, 0xd6, 0x6e, 0x9f, 0xff, 0x02, 0xec, 0x59, 0xe6, 0x62, 0x87, 0x07, 0x63, 0xdf, 0xa4, - 0xc7, 0x0e, 0xdb, 0x81, 0xf2, 0x56, 0xed, 0xab, 0x8c, 0xb8, 0x82, 0x08, 0x31, 0xf2, 0x4a, 0xed, - 0x0d, 0xc8, 0xe1, 0xe6, 0x0f, 0xc5, 0x8f, 0xc5, 0x9e, 0x65, 0x2f, 0xe8, 0xc1, 0xe4, 0x4b, 0x62, - 0xc8, 0xde, 0x3a, 0xb8, 0xbb, 0x55, 0xe5, 0x26, 0xbf, 0x88, 0xea, 0xb8, 0xa3, 0x03, 0xdd, 0x21, - 0xe6, 0xf4, 0x37, 0x18, 0x21, 0xeb, 0x9d, 0x5f, 0x84, 0x5c, 0x90, 0x67, 0xa2, 0x35, 0xc8, 0x3e, - 0xe9, 0xe0, 0x47, 0x4d, 0xac, 0xcc, 0x09, 0x1b, 0x06, 0x9c, 0x27, 0xa2, 0x42, 0x28, 0xc3, 0xfc, - 0x4e, 0xb5, 0x5d, 0x7d, 0xd8, 0xc4, 0xc1, 0x85, 0x77, 0x00, 0x90, 0xc9, 0x52, 0x49, 0x91, 0x1d, - 0x84, 0x3a, 0x6b, 0xab, 0x5f, 0x7f, 0xb3, 0x36, 0xf7, 0xd3, 0x6f, 0xd6, 0xe6, 0x9e, 0x9d, 0xaf, - 0x25, 0xbe, 0x3e, 0x5f, 0x4b, 0xfc, 0xe4, 0x7c, 0x2d, 0xf1, 0xaf, 0xe7, 0x6b, 0x89, 0xbd, 0x2c, - 0x0f, 0xe9, 0xf7, 0xff, 0x37, 0x00, 0x00, 0xff, 0xff, 0x62, 0x46, 0x73, 0x55, 0x80, 0x2e, 0x00, - 0x00, + // 4808 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x7a, 0x4d, 0x6c, 0x24, 0x49, + 0x56, 0xbf, 0xeb, 0xd3, 0x55, 0xaf, 0xca, 0x76, 0x76, 0xb4, 0xb7, 0xd7, 0x5d, 0xd3, 0x63, 0xd7, + 0xe4, 0x4c, 0xef, 0x7c, 0xec, 0xfc, 0x6b, 0xba, 0xdd, 0x33, 0xa3, 0xee, 0xe9, 0xff, 0x7c, 0xd4, + 0x97, 0xdb, 0xb5, 0x6d, 0x57, 0x95, 0xa2, 0xca, 0xdd, 0x3b, 0x07, 0x48, 0xa5, 0x33, 0xc3, 0xe5, + 0x1c, 0x67, 0x65, 0x14, 0x99, 0x59, 0x76, 0x17, 0x0b, 0xa2, 0xc5, 0x01, 0x90, 0x4f, 0x70, 0x62, + 0x25, 0x64, 0x2e, 0x70, 0x42, 0x48, 0x1c, 0x40, 0x42, 0x70, 0x61, 0x90, 0x38, 0xcc, 0x8d, 0x05, + 0x24, 0xb4, 0x02, 0xc9, 0x30, 0x3e, 0x70, 0x43, 0x70, 0x59, 0x71, 0x01, 0x09, 0xc5, 0x47, 0x66, + 0x65, 0xb9, 0xd3, 0x76, 0x0f, 0xb3, 0x17, 0x3b, 0xe3, 0xbd, 0xdf, 0x7b, 0xf1, 0xe2, 0x45, 0xc4, + 0x8b, 0xf7, 0x22, 0x0a, 0x0a, 0xfe, 0x64, 0x44, 0xbc, 0xca, 0xc8, 0xa5, 0x3e, 0x45, 0xc8, 0xa4, + 0xc6, 0x01, 0x71, 0x2b, 0xde, 0x91, 0xee, 0x0e, 0x0f, 0x2c, 0xbf, 0x72, 0x78, 0xb7, 0xb4, 0x36, + 0xa0, 0x74, 0x60, 0x93, 0xf7, 0x38, 0x62, 0x77, 0xbc, 0xf7, 0x9e, 0x6f, 0x0d, 0x89, 0xe7, 0xeb, + 0xc3, 0x91, 0x10, 0x2a, 0xad, 0x9e, 0x07, 0x98, 0x63, 0x57, 0xf7, 0x2d, 0xea, 0x48, 0xfe, 0xf2, + 0x80, 0x0e, 0x28, 0xff, 0x7c, 0x8f, 0x7d, 0x09, 0xaa, 0xba, 0x06, 0xf3, 0x4f, 0x88, 0xeb, 0x59, + 0xd4, 0x41, 0xcb, 0x90, 0xb1, 0x1c, 0x93, 0x3c, 0x5b, 0x49, 0x94, 0x13, 0x6f, 0xa5, 0xb1, 0x68, + 0xa8, 0x77, 0x00, 0x5a, 0xec, 0xa3, 0xe9, 0xf8, 0xee, 0x04, 0x29, 0x90, 0x3a, 0x20, 0x13, 0x8e, + 0xc8, 0x63, 0xf6, 0xc9, 0x28, 0x87, 0xba, 0xbd, 0x92, 0x14, 0x94, 0x43, 0xdd, 0x56, 0xbf, 0x4e, + 0x40, 0xa1, 0xea, 0x38, 0xd4, 0xe7, 0xbd, 0x7b, 0x08, 0x41, 0xda, 0xd1, 0x87, 0x44, 0x0a, 0xf1, + 0x6f, 0x54, 0x87, 0xac, 0xad, 0xef, 0x12, 0xdb, 0x5b, 0x49, 0x96, 0x53, 0x6f, 0x15, 0xd6, 0xbf, + 0x5f, 0x79, 0x71, 0xc8, 0x95, 0x88, 0x92, 0xca, 0x16, 0x47, 0x73, 0x23, 0xb0, 0x14, 0x45, 0x9f, + 0xc0, 0xbc, 0xe5, 0x98, 0x96, 0x41, 0xbc, 0x95, 0x34, 0xd7, 0xb2, 0x1a, 0xa7, 0x65, 0x6a, 0x7d, + 0x2d, 0xfd, 0xd5, 0xe9, 0xda, 0x1c, 0x0e, 0x84, 0x4a, 0x0f, 0xa0, 0x10, 0x51, 0x1b, 0x33, 0xb6, + 0x65, 0xc8, 0x1c, 0xea, 0xf6, 0x98, 0xc8, 0xd1, 0x89, 0xc6, 0x47, 0xc9, 0xfb, 0x09, 0xf5, 0x01, + 0x2c, 0x3c, 0x22, 0x0e, 0x71, 0x2d, 0xa3, 0xe7, 0xbb, 0x96, 0x33, 0x60, 0x83, 0x3c, 0xb0, 0x1c, + 0x33, 0x18, 0x24, 0xfb, 0x8e, 0x17, 0x57, 0x1f, 0xc2, 0x92, 0x14, 0x6d, 0x58, 0x9e, 0xe1, 0x12, + 0x9f, 0x5c, 0x2d, 0x9c, 0x0a, 0x84, 0x7f, 0x37, 0x11, 0x4a, 0x63, 0xe2, 0xd1, 0xb1, 0x6b, 0x10, + 0xf4, 0x01, 0xa4, 0x3c, 0xdf, 0xe5, 0xc2, 0x85, 0xf5, 0xd7, 0xe2, 0x5c, 0x30, 0x63, 0xea, 0xe6, + 0x1c, 0x66, 0x78, 0x54, 0x85, 0x9c, 0x29, 0x0d, 0xe0, 0x7d, 0x14, 0xd6, 0x5f, 0xbf, 0x44, 0x36, + 0xb0, 0x75, 0x73, 0x0e, 0x87, 0x62, 0x35, 0x80, 0x9c, 0x2b, 0xad, 0x50, 0x7f, 0x9c, 0x80, 0x7c, + 0x60, 0x92, 0x87, 0xde, 0x86, 0xbc, 0xa3, 0x3b, 0x54, 0x33, 0x46, 0x63, 0x8f, 0x5b, 0x96, 0xaa, + 0x15, 0xcf, 0x4e, 0xd7, 0x72, 0x6d, 0xdd, 0xa1, 0xf5, 0xee, 0x8e, 0x87, 0x73, 0x8c, 0x5d, 0x1f, + 0x8d, 0x3d, 0xf4, 0x1a, 0x14, 0x87, 0x64, 0x48, 0xdd, 0x89, 0xb6, 0x3b, 0xf1, 0x89, 0x27, 0xc7, + 0x5b, 0x10, 0xb4, 0x1a, 0x23, 0xa1, 0x8f, 0x61, 0x7e, 0x20, 0xcc, 0x58, 0x49, 0xf1, 0x89, 0xbe, + 0xcc, 0xd2, 0xc0, 0x08, 0x1c, 0xc8, 0xa8, 0xbf, 0x9d, 0x80, 0xe5, 0x90, 0x4a, 0x7e, 0x69, 0x6c, + 0xb9, 0x64, 0x48, 0x1c, 0xdf, 0x43, 0x1f, 0x40, 0xd6, 0xb6, 0x86, 0x96, 0xef, 0x49, 0xe7, 0xbd, + 0x1a, 0xa7, 0x36, 0x1c, 0x14, 0x96, 0x60, 0x54, 0x85, 0xa2, 0x4b, 0x3c, 0xe2, 0x1e, 0x8a, 0xb5, + 0x29, 0xbd, 0x77, 0x85, 0xf0, 0x8c, 0x88, 0xba, 0x01, 0xb9, 0xae, 0xad, 0xfb, 0x7b, 0xd4, 0x1d, + 0x22, 0x15, 0x8a, 0xba, 0x6b, 0xec, 0x5b, 0x3e, 0x31, 0xfc, 0xb1, 0x1b, 0xec, 0x93, 0x19, 0x1a, + 0xba, 0x01, 0x49, 0x2a, 0x3a, 0xca, 0xd7, 0xb2, 0x67, 0xa7, 0x6b, 0xc9, 0x4e, 0x0f, 0x27, 0xa9, + 0xa7, 0x3e, 0x84, 0x6b, 0x5d, 0x7b, 0x3c, 0xb0, 0x9c, 0x06, 0xf1, 0x0c, 0xd7, 0x1a, 0x31, 0xed, + 0x6c, 0x39, 0xb1, 0x68, 0x12, 0x2c, 0x27, 0xf6, 0x1d, 0x6e, 0xc2, 0xe4, 0x74, 0x13, 0xaa, 0xbf, + 0x99, 0x84, 0x6b, 0x4d, 0x67, 0x60, 0x39, 0x24, 0x2a, 0x7d, 0x1b, 0x16, 0x09, 0x27, 0x6a, 0x87, + 0x22, 0x30, 0x48, 0x3d, 0x0b, 0x82, 0x1a, 0x44, 0x8b, 0xd6, 0xb9, 0x1d, 0x7c, 0x37, 0x6e, 0xf8, + 0x2f, 0x68, 0x8f, 0xdd, 0xc7, 0x4d, 0x98, 0x1f, 0xf1, 0x41, 0x78, 0x72, 0x7a, 0x6f, 0xc7, 0xe9, + 0x7a, 0x61, 0x9c, 0xc1, 0x76, 0x96, 0xb2, 0xdf, 0x66, 0x3b, 0xff, 0x71, 0x12, 0x96, 0xda, 0xd4, + 0x9c, 0xf1, 0x43, 0x09, 0x72, 0xfb, 0xd4, 0xf3, 0x23, 0xa1, 0x2b, 0x6c, 0xa3, 0xfb, 0x90, 0x1b, + 0xc9, 0xe9, 0x93, 0xb3, 0x7f, 0x2b, 0xde, 0x64, 0x81, 0xc1, 0x21, 0x1a, 0x3d, 0x84, 0x7c, 0xb0, + 0x65, 0xd8, 0x68, 0x5f, 0x62, 0xe1, 0x4c, 0xf1, 0xe8, 0x63, 0xc8, 0x8a, 0x49, 0x58, 0x49, 0x73, + 0xc9, 0xdb, 0x2f, 0xe5, 0x73, 0x2c, 0x85, 0xd0, 0x23, 0xc8, 0xf9, 0xb6, 0xa7, 0x59, 0xce, 0x1e, + 0x5d, 0xc9, 0x70, 0x05, 0x6b, 0x71, 0x0a, 0x98, 0x23, 0xfa, 0x5b, 0xbd, 0x96, 0xb3, 0x47, 0x6b, + 0x85, 0xb3, 0xd3, 0xb5, 0x79, 0xd9, 0xc0, 0xf3, 0xbe, 0xed, 0xb1, 0x0f, 0xf5, 0x77, 0x12, 0x50, + 0x88, 0xa0, 0xd0, 0xab, 0x00, 0xbe, 0x3b, 0xf6, 0x7c, 0xcd, 0xa5, 0xd4, 0xe7, 0xce, 0x2a, 0xe2, + 0x3c, 0xa7, 0x60, 0x4a, 0x7d, 0x54, 0x81, 0xeb, 0x06, 0x71, 0x7d, 0xcd, 0xf2, 0xbc, 0x31, 0x71, + 0x35, 0x6f, 0xbc, 0xfb, 0x05, 0x31, 0x7c, 0xee, 0xb8, 0x22, 0xbe, 0xc6, 0x58, 0x2d, 0xce, 0xe9, + 0x09, 0x06, 0xba, 0x07, 0x37, 0xa2, 0xf8, 0xd1, 0x78, 0xd7, 0xb6, 0x0c, 0x8d, 0x4d, 0x66, 0x8a, + 0x8b, 0x5c, 0x9f, 0x8a, 0x74, 0x39, 0xef, 0x31, 0x99, 0xa8, 0x3f, 0x4d, 0x80, 0x82, 0xf5, 0x3d, + 0x7f, 0x9b, 0x0c, 0x77, 0x89, 0xdb, 0xf3, 0x75, 0x7f, 0xec, 0xa1, 0x1b, 0x90, 0xb5, 0x89, 0x6e, + 0x12, 0x11, 0x1d, 0x73, 0x58, 0xb6, 0xd0, 0x0e, 0xdb, 0xc1, 0xba, 0xb1, 0xaf, 0xef, 0x5a, 0xb6, + 0xe5, 0x4f, 0xb8, 0x29, 0x8b, 0xf1, 0x4b, 0xf8, 0xbc, 0xce, 0x0a, 0x8e, 0x08, 0xe2, 0x19, 0x35, + 0x68, 0x05, 0xe6, 0x87, 0xc4, 0xf3, 0xf4, 0x01, 0xe1, 0x96, 0xe6, 0x71, 0xd0, 0x54, 0x1f, 0x42, + 0x31, 0x2a, 0x87, 0x0a, 0x30, 0xbf, 0xd3, 0x7e, 0xdc, 0xee, 0x3c, 0x6d, 0x2b, 0x73, 0x68, 0x09, + 0x0a, 0x3b, 0x6d, 0xdc, 0xac, 0xd6, 0x37, 0xab, 0xb5, 0xad, 0xa6, 0x92, 0x40, 0x0b, 0x90, 0x9f, + 0x36, 0x93, 0xea, 0x9f, 0x26, 0x00, 0x98, 0xbb, 0xe5, 0xa0, 0x3e, 0x82, 0x8c, 0xe7, 0xeb, 0xbe, + 0x58, 0x95, 0x8b, 0xeb, 0x6f, 0x5c, 0x34, 0x87, 0xd2, 0x5e, 0xf6, 0x8f, 0x60, 0x21, 0x12, 0xb5, + 0x30, 0x39, 0x63, 0x21, 0x0b, 0x10, 0xba, 0x69, 0xba, 0xd2, 0x70, 0xfe, 0xad, 0x3e, 0x84, 0x0c, + 0x97, 0x9e, 0x35, 0x37, 0x07, 0xe9, 0x06, 0xfb, 0x4a, 0xa0, 0x3c, 0x64, 0x70, 0xb3, 0xda, 0xf8, + 0x5c, 0x49, 0x22, 0x05, 0x8a, 0x8d, 0x56, 0xaf, 0xde, 0x69, 0xb7, 0x9b, 0xf5, 0x7e, 0xb3, 0xa1, + 0xa4, 0xd4, 0xdb, 0x90, 0x69, 0x0d, 0x99, 0xe6, 0x5b, 0x6c, 0xc9, 0xef, 0x11, 0x97, 0x38, 0x46, + 0xb0, 0x93, 0xa6, 0x04, 0xf5, 0x27, 0x79, 0xc8, 0x6c, 0xd3, 0xb1, 0xe3, 0xa3, 0xf5, 0x48, 0xd8, + 0x5a, 0x8c, 0x3f, 0xcb, 0x39, 0xb0, 0xd2, 0x9f, 0x8c, 0x88, 0x0c, 0x6b, 0x37, 0x20, 0x2b, 0x36, + 0x87, 0x1c, 0x8e, 0x6c, 0x31, 0xba, 0xaf, 0xbb, 0x03, 0xe2, 0xcb, 0xf1, 0xc8, 0x16, 0x7a, 0x8b, + 0x9d, 0x58, 0xba, 0x49, 0x1d, 0x7b, 0xc2, 0xf7, 0x50, 0x4e, 0x1c, 0x4b, 0x98, 0xe8, 0x66, 0xc7, + 0xb1, 0x27, 0x38, 0xe4, 0xa2, 0x4d, 0x28, 0xee, 0x5a, 0x8e, 0xa9, 0xd1, 0x91, 0x08, 0xf2, 0x99, + 0x8b, 0x77, 0x9c, 0xb0, 0xaa, 0x66, 0x39, 0x66, 0x47, 0x80, 0x71, 0x61, 0x77, 0xda, 0x40, 0x6d, + 0x58, 0x3c, 0xa4, 0xf6, 0x78, 0x48, 0x42, 0x5d, 0x59, 0xae, 0xeb, 0xcd, 0x8b, 0x75, 0x3d, 0xe1, + 0xf8, 0x40, 0xdb, 0xc2, 0x61, 0xb4, 0x89, 0x1e, 0xc3, 0x82, 0x3f, 0x1c, 0xed, 0x79, 0xa1, 0xba, + 0x79, 0xae, 0xee, 0x7b, 0x97, 0x38, 0x8c, 0xc1, 0x03, 0x6d, 0x45, 0x3f, 0xd2, 0x2a, 0xfd, 0x7a, + 0x0a, 0x0a, 0x11, 0xcb, 0x51, 0x0f, 0x0a, 0x23, 0x97, 0x8e, 0xf4, 0x01, 0x3f, 0xa8, 0xe4, 0x5c, + 0xdc, 0x7d, 0xa9, 0x51, 0x57, 0xba, 0x53, 0x41, 0x1c, 0xd5, 0xa2, 0x9e, 0x24, 0xa1, 0x10, 0x61, + 0xa2, 0x77, 0x20, 0x87, 0xbb, 0xb8, 0xf5, 0xa4, 0xda, 0x6f, 0x2a, 0x73, 0xa5, 0x5b, 0xc7, 0x27, + 0xe5, 0x15, 0xae, 0x2d, 0xaa, 0xa0, 0xeb, 0x5a, 0x87, 0x6c, 0xe9, 0xbd, 0x05, 0xf3, 0x01, 0x34, + 0x51, 0x7a, 0xe5, 0xf8, 0xa4, 0xfc, 0xdd, 0xf3, 0xd0, 0x08, 0x12, 0xf7, 0x36, 0xab, 0xb8, 0xd9, + 0x50, 0x92, 0xf1, 0x48, 0xdc, 0xdb, 0xd7, 0x5d, 0x62, 0xa2, 0xef, 0x41, 0x56, 0x02, 0x53, 0xa5, + 0xd2, 0xf1, 0x49, 0xf9, 0xc6, 0x79, 0xe0, 0x14, 0x87, 0x7b, 0x5b, 0xd5, 0x27, 0x4d, 0x25, 0x1d, + 0x8f, 0xc3, 0x3d, 0x5b, 0x3f, 0x24, 0xe8, 0x0d, 0xc8, 0x08, 0x58, 0xa6, 0x74, 0xf3, 0xf8, 0xa4, + 0xfc, 0x9d, 0x17, 0xd4, 0x31, 0x54, 0x69, 0xe5, 0xb7, 0xfe, 0x60, 0x75, 0xee, 0x2f, 0xff, 0x70, + 0x55, 0x39, 0xcf, 0x2e, 0xfd, 0x77, 0x02, 0x16, 0x66, 0xa6, 0x1c, 0xa9, 0x90, 0x75, 0xa8, 0x41, + 0x47, 0xe2, 0xfc, 0xca, 0xd5, 0xe0, 0xec, 0x74, 0x2d, 0xdb, 0xa6, 0x75, 0x3a, 0x9a, 0x60, 0xc9, + 0x41, 0x8f, 0xcf, 0x9d, 0xc0, 0xf7, 0x5e, 0x72, 0x3d, 0xc5, 0x9e, 0xc1, 0x9f, 0xc2, 0x82, 0xe9, + 0x5a, 0x87, 0xc4, 0xd5, 0x0c, 0xea, 0xec, 0x59, 0x03, 0x79, 0x36, 0x95, 0xe2, 0x74, 0x36, 0x38, + 0x10, 0x17, 0x85, 0x40, 0x9d, 0xe3, 0xbf, 0xc5, 0xe9, 0x5b, 0x7a, 0x02, 0xc5, 0xe8, 0x0a, 0x65, + 0xc7, 0x89, 0x67, 0xfd, 0x32, 0x91, 0xf9, 0x20, 0xcf, 0x1e, 0x71, 0x9e, 0x51, 0x44, 0x36, 0xf8, + 0x26, 0xa4, 0x87, 0xd4, 0x14, 0x7a, 0x16, 0x6a, 0xd7, 0x59, 0x12, 0xf0, 0x4f, 0xa7, 0x6b, 0x05, + 0xea, 0x55, 0x36, 0x2c, 0x9b, 0x6c, 0x53, 0x93, 0x60, 0x0e, 0x50, 0x0f, 0x21, 0xcd, 0x42, 0x05, + 0x7a, 0x05, 0xd2, 0xb5, 0x56, 0xbb, 0xa1, 0xcc, 0x95, 0xae, 0x1d, 0x9f, 0x94, 0x17, 0xb8, 0x4b, + 0x18, 0x83, 0xad, 0x5d, 0xb4, 0x06, 0xd9, 0x27, 0x9d, 0xad, 0x9d, 0x6d, 0xb6, 0xbc, 0xae, 0x1f, + 0x9f, 0x94, 0x97, 0x42, 0xb6, 0x70, 0x1a, 0x7a, 0x15, 0x32, 0xfd, 0xed, 0xee, 0x46, 0x4f, 0x49, + 0x96, 0xd0, 0xf1, 0x49, 0x79, 0x31, 0xe4, 0x73, 0x9b, 0x4b, 0xd7, 0xe4, 0xac, 0xe6, 0x43, 0xba, + 0xfa, 0xb3, 0x24, 0x2c, 0x60, 0x56, 0x9b, 0xb9, 0x7e, 0x97, 0xda, 0x96, 0x31, 0x41, 0x5d, 0xc8, + 0x1b, 0xd4, 0x31, 0xad, 0xc8, 0x9e, 0x5a, 0xbf, 0xe0, 0xd4, 0x9f, 0x4a, 0x05, 0xad, 0x7a, 0x20, + 0x89, 0xa7, 0x4a, 0xd0, 0x7b, 0x90, 0x31, 0x89, 0xad, 0x4f, 0x64, 0xfa, 0x71, 0xb3, 0x22, 0xaa, + 0xbf, 0x4a, 0x50, 0xfd, 0x55, 0x1a, 0xb2, 0xfa, 0xc3, 0x02, 0xc7, 0xd3, 0x6c, 0xfd, 0x99, 0xa6, + 0xfb, 0x3e, 0x19, 0x8e, 0x7c, 0x91, 0x7b, 0xa4, 0x71, 0x61, 0xa8, 0x3f, 0xab, 0x4a, 0x12, 0xba, + 0x0b, 0xd9, 0x23, 0xcb, 0x31, 0xe9, 0x91, 0x4c, 0x2f, 0x2e, 0x51, 0x2a, 0x81, 0xea, 0x31, 0x3b, + 0x75, 0xcf, 0x99, 0xc9, 0xfc, 0xdd, 0xee, 0xb4, 0x9b, 0x81, 0xbf, 0x25, 0xbf, 0xe3, 0xb4, 0xa9, + 0xc3, 0xf6, 0x0a, 0x74, 0xda, 0xda, 0x46, 0xb5, 0xb5, 0xb5, 0x83, 0x99, 0xcf, 0x97, 0x8f, 0x4f, + 0xca, 0x4a, 0x08, 0xd9, 0xd0, 0x2d, 0x9b, 0xe5, 0xbb, 0x37, 0x21, 0x55, 0x6d, 0x7f, 0xae, 0x24, + 0x4b, 0xca, 0xf1, 0x49, 0xb9, 0x18, 0xb2, 0xab, 0xce, 0x64, 0xba, 0x8d, 0xce, 0xf7, 0xab, 0xfe, + 0x6d, 0x0a, 0x8a, 0x3b, 0x23, 0x53, 0xf7, 0x89, 0x58, 0x93, 0xa8, 0x0c, 0x85, 0x91, 0xee, 0xea, + 0xb6, 0x4d, 0x6c, 0xcb, 0x1b, 0xca, 0xba, 0x36, 0x4a, 0x42, 0x0f, 0x5e, 0xd6, 0x8d, 0xb5, 0x1c, + 0x5b, 0x67, 0x3f, 0xfe, 0x97, 0xb5, 0x44, 0xe0, 0xd0, 0x1d, 0x58, 0xdc, 0x13, 0xd6, 0x6a, 0xba, + 0xc1, 0x27, 0x36, 0xc5, 0x27, 0xb6, 0x12, 0x37, 0xb1, 0x51, 0xb3, 0x2a, 0x72, 0x90, 0x55, 0x2e, + 0x85, 0x17, 0xf6, 0xa2, 0x4d, 0x74, 0x0f, 0xe6, 0x87, 0xd4, 0xb1, 0x7c, 0xea, 0x5e, 0x3d, 0x0b, + 0x01, 0x12, 0xbd, 0x03, 0xd7, 0xd8, 0xe4, 0x06, 0xf6, 0x70, 0x36, 0x3f, 0xb1, 0x92, 0x78, 0x69, + 0xa8, 0x3f, 0x93, 0x1d, 0x62, 0x46, 0x46, 0x35, 0xc8, 0x50, 0x97, 0xa5, 0x44, 0x59, 0x6e, 0xee, + 0xbb, 0x57, 0x9a, 0x2b, 0x1a, 0x1d, 0x26, 0x83, 0x85, 0xa8, 0xfa, 0x21, 0x2c, 0xcc, 0x0c, 0x82, + 0x65, 0x02, 0xdd, 0xea, 0x4e, 0xaf, 0xa9, 0xcc, 0xa1, 0x22, 0xe4, 0xea, 0x9d, 0x76, 0xbf, 0xd5, + 0xde, 0x61, 0xa9, 0x4c, 0x11, 0x72, 0xb8, 0xb3, 0xb5, 0x55, 0xab, 0xd6, 0x1f, 0x2b, 0x49, 0xb5, + 0x02, 0x85, 0x88, 0x36, 0xb4, 0x08, 0xd0, 0xeb, 0x77, 0xba, 0xda, 0x46, 0x0b, 0xf7, 0xfa, 0x22, + 0x11, 0xea, 0xf5, 0xab, 0xb8, 0x2f, 0x09, 0x09, 0xf5, 0x3f, 0x92, 0xc1, 0x8c, 0xca, 0xdc, 0xa7, + 0x36, 0x9b, 0xfb, 0x5c, 0x62, 0xbc, 0xcc, 0x7e, 0xa6, 0x8d, 0x30, 0x07, 0x7a, 0x00, 0xc0, 0x17, + 0x0e, 0x31, 0x35, 0xdd, 0x97, 0x13, 0x5f, 0x7a, 0xc1, 0xc9, 0xfd, 0xe0, 0x7a, 0x05, 0xe7, 0x25, + 0xba, 0xea, 0xa3, 0x8f, 0xa1, 0x68, 0xd0, 0xe1, 0xc8, 0x26, 0x52, 0x38, 0x75, 0xa5, 0x70, 0x21, + 0xc4, 0x57, 0xfd, 0x68, 0xf6, 0x95, 0x9e, 0xcd, 0x0f, 0x7f, 0x23, 0x11, 0x78, 0x26, 0x26, 0xe1, + 0x2a, 0x42, 0x6e, 0xa7, 0xdb, 0xa8, 0xf6, 0x5b, 0xed, 0x47, 0x4a, 0x02, 0x01, 0x64, 0xb9, 0xab, + 0x1b, 0x4a, 0x92, 0x25, 0x8a, 0xf5, 0xce, 0x76, 0x77, 0xab, 0xc9, 0x53, 0x2e, 0xb4, 0x0c, 0x4a, + 0xe0, 0x6c, 0x8d, 0x3b, 0xb2, 0xd9, 0x50, 0xd2, 0xe8, 0x3a, 0x2c, 0x85, 0x54, 0x29, 0x99, 0x41, + 0x37, 0x00, 0x85, 0xc4, 0xa9, 0x8a, 0xac, 0xfa, 0xab, 0xb0, 0x54, 0xa7, 0x8e, 0xaf, 0x5b, 0x4e, + 0x98, 0x44, 0xaf, 0xb3, 0x41, 0x4b, 0x92, 0x66, 0xc9, 0x5b, 0x8a, 0xda, 0xd2, 0xd9, 0xe9, 0x5a, + 0x21, 0x84, 0xb6, 0x1a, 0x6c, 0xa4, 0x41, 0xc3, 0x64, 0xfb, 0x77, 0x64, 0x99, 0xdc, 0xb9, 0x99, + 0xda, 0xfc, 0xd9, 0xe9, 0x5a, 0xaa, 0xdb, 0x6a, 0x60, 0x46, 0x43, 0xaf, 0x40, 0x9e, 0x3c, 0xb3, + 0x7c, 0xcd, 0x60, 0x31, 0x9c, 0x39, 0x30, 0x83, 0x73, 0x8c, 0x50, 0x67, 0x21, 0xbb, 0x06, 0xd0, + 0xa5, 0xae, 0x2f, 0x7b, 0x7e, 0x1f, 0x32, 0x23, 0xea, 0xf2, 0xf2, 0xfc, 0xc2, 0xeb, 0x1d, 0x06, + 0x17, 0x0b, 0x15, 0x0b, 0xb0, 0xfa, 0x57, 0x49, 0x80, 0xbe, 0xee, 0x1d, 0x48, 0x25, 0xf7, 0x21, + 0x1f, 0x5e, 0x95, 0xc9, 0x3a, 0xff, 0xd2, 0xd9, 0x0e, 0xc1, 0xe8, 0x5e, 0xb0, 0xd8, 0x44, 0x79, + 0x10, 0x5b, 0xa7, 0x05, 0x1d, 0xc5, 0x65, 0xd8, 0xb3, 0x35, 0x00, 0x3b, 0x12, 0x89, 0xeb, 0xca, + 0x99, 0x67, 0x9f, 0xa8, 0xce, 0x8f, 0x05, 0xe1, 0x34, 0x99, 0x60, 0xc6, 0xde, 0x6c, 0x9c, 0x9b, + 0x91, 0xcd, 0x39, 0x3c, 0x95, 0x43, 0x9f, 0x42, 0x81, 0x8d, 0x5b, 0xf3, 0x38, 0x4f, 0xe6, 0x96, + 0x17, 0xba, 0x4a, 0x68, 0xc0, 0x30, 0x0a, 0xbf, 0x6b, 0x0a, 0x2c, 0xba, 0x63, 0x87, 0x0d, 0x5b, + 0xea, 0x50, 0xff, 0x24, 0x09, 0xdf, 0x6d, 0x13, 0xff, 0x88, 0xba, 0x07, 0x55, 0xdf, 0xd7, 0x8d, + 0xfd, 0x21, 0x71, 0xa4, 0x93, 0x23, 0x99, 0x75, 0x62, 0x26, 0xb3, 0x5e, 0x81, 0x79, 0xdd, 0xb6, + 0x74, 0x8f, 0x88, 0x74, 0x24, 0x8f, 0x83, 0x26, 0xcb, 0xff, 0x59, 0x35, 0x41, 0x3c, 0x8f, 0x88, + 0x02, 0x3f, 0x8f, 0xa7, 0x04, 0xf4, 0x23, 0xb8, 0x21, 0x13, 0x0f, 0x3d, 0xec, 0x8a, 0x65, 0xb6, + 0xc1, 0x9d, 0x5e, 0x33, 0xb6, 0xbc, 0x89, 0x37, 0x4e, 0x66, 0x26, 0x53, 0x72, 0x67, 0xe4, 0xcb, + 0x3c, 0x67, 0xd9, 0x8c, 0x61, 0x95, 0x1e, 0xc1, 0xcd, 0x0b, 0x45, 0xbe, 0xd1, 0x05, 0xc2, 0x3f, + 0x24, 0x01, 0x5a, 0xdd, 0xea, 0xb6, 0x74, 0x52, 0x03, 0xb2, 0x7b, 0xfa, 0xd0, 0xb2, 0x27, 0x97, + 0xc5, 0xa9, 0x29, 0xbe, 0x52, 0x15, 0xee, 0xd8, 0xe0, 0x32, 0x58, 0xca, 0xf2, 0xe2, 0x66, 0xbc, + 0xeb, 0x10, 0x3f, 0x2c, 0x6e, 0x78, 0x8b, 0x99, 0xe1, 0xea, 0x4e, 0xb8, 0xc0, 0x44, 0x83, 0x4d, + 0xc0, 0x40, 0xf7, 0xc9, 0x91, 0x3e, 0x09, 0x82, 0x8b, 0x6c, 0xa2, 0x4d, 0x7e, 0x4d, 0x47, 0xdc, + 0x43, 0x62, 0xae, 0x64, 0xb8, 0x53, 0xaf, 0xb2, 0x07, 0x4b, 0xb8, 0xf0, 0x5d, 0x28, 0x5d, 0x7a, + 0xc8, 0x13, 0x9b, 0x29, 0xeb, 0x1b, 0xf9, 0xe8, 0x0e, 0x2c, 0xcc, 0x8c, 0xf3, 0x85, 0xaa, 0xb2, + 0xd5, 0x7d, 0xf2, 0xbe, 0x92, 0x96, 0x5f, 0x1f, 0x2a, 0x59, 0xf5, 0x8f, 0x52, 0x22, 0x1c, 0x48, + 0xaf, 0xc6, 0x5f, 0x24, 0xe7, 0xf8, 0x26, 0x36, 0xa8, 0x2d, 0xb7, 0xe9, 0x9b, 0x97, 0x47, 0x09, + 0x56, 0xa5, 0x70, 0x38, 0x0e, 0x05, 0xd1, 0x1a, 0x14, 0xc4, 0x2a, 0xd6, 0xd8, 0xb6, 0xe0, 0x6e, + 0x5d, 0xc0, 0x20, 0x48, 0x4c, 0x12, 0xdd, 0x86, 0x45, 0x7e, 0x0b, 0xe1, 0xed, 0x13, 0x53, 0x60, + 0xd2, 0x1c, 0xb3, 0x10, 0x52, 0x39, 0x6c, 0x1b, 0x8a, 0x92, 0xa0, 0xf1, 0x0c, 0x35, 0xc3, 0x0d, + 0x7a, 0xe7, 0x2a, 0x83, 0x84, 0x08, 0x4f, 0x5c, 0x0b, 0xa3, 0x69, 0x43, 0x6d, 0x40, 0x2e, 0x30, + 0x16, 0xad, 0x40, 0xaa, 0x5f, 0xef, 0x2a, 0x73, 0xa5, 0xa5, 0xe3, 0x93, 0x72, 0x21, 0x20, 0xf7, + 0xeb, 0x5d, 0xc6, 0xd9, 0x69, 0x74, 0x95, 0xc4, 0x2c, 0x67, 0xa7, 0xd1, 0x2d, 0xa5, 0x59, 0xa6, + 0xa4, 0xee, 0x41, 0x21, 0xd2, 0x03, 0x7a, 0x1d, 0xe6, 0x5b, 0xed, 0x47, 0xb8, 0xd9, 0xeb, 0x29, + 0x73, 0xa5, 0x1b, 0xc7, 0x27, 0x65, 0x14, 0xe1, 0xb6, 0x9c, 0x01, 0x9b, 0x1f, 0xf4, 0x2a, 0xa4, + 0x37, 0x3b, 0xec, 0x04, 0x16, 0x29, 0x71, 0x04, 0xb1, 0x49, 0x3d, 0xbf, 0x74, 0x5d, 0xa6, 0x60, + 0x51, 0xc5, 0xea, 0xef, 0x25, 0x20, 0x2b, 0x36, 0x53, 0xec, 0x44, 0x55, 0x61, 0x3e, 0xa8, 0x57, + 0x45, 0xb9, 0xf2, 0xe6, 0xc5, 0xa5, 0x45, 0x45, 0x56, 0x02, 0x62, 0xf9, 0x05, 0x72, 0xa5, 0x8f, + 0xa0, 0x18, 0x65, 0x7c, 0xa3, 0xc5, 0xf7, 0x23, 0x28, 0xb0, 0xf5, 0x1d, 0x94, 0x18, 0xeb, 0x90, + 0x15, 0x01, 0x21, 0x3c, 0x11, 0x2e, 0xae, 0x73, 0x24, 0x12, 0xdd, 0x87, 0x79, 0x51, 0x1b, 0x05, + 0xd7, 0x94, 0xab, 0x97, 0xef, 0x22, 0x1c, 0xc0, 0xd5, 0x4f, 0x21, 0xdd, 0x25, 0xc4, 0x65, 0xbe, + 0x77, 0xa8, 0x49, 0xa6, 0x87, 0xa8, 0x2c, 0xeb, 0x4c, 0xd2, 0x6a, 0xb0, 0xb2, 0xce, 0x24, 0x2d, + 0x33, 0xbc, 0x88, 0x49, 0x46, 0x2e, 0x62, 0xfa, 0x50, 0x7c, 0x4a, 0xac, 0xc1, 0xbe, 0x4f, 0x4c, + 0xae, 0xe8, 0x5d, 0x48, 0x8f, 0x48, 0x68, 0xfc, 0x4a, 0xec, 0x02, 0x23, 0xc4, 0xc5, 0x1c, 0xc5, + 0xe2, 0xc8, 0x11, 0x97, 0x96, 0x77, 0xeb, 0xb2, 0xa5, 0xfe, 0x7d, 0x12, 0x16, 0x5b, 0x9e, 0x37, + 0xd6, 0x1d, 0x23, 0xc8, 0xaf, 0x3e, 0x99, 0xcd, 0xaf, 0xde, 0x8a, 0x1d, 0xe1, 0x8c, 0xc8, 0xec, + 0xfd, 0x92, 0x3c, 0xe3, 0x92, 0xe1, 0x19, 0xa7, 0xfe, 0x7b, 0x22, 0xb8, 0x44, 0xba, 0x1d, 0xd9, + 0xee, 0xa5, 0x95, 0xe3, 0x93, 0xf2, 0x72, 0x54, 0x13, 0xd9, 0x71, 0x0e, 0x1c, 0x7a, 0xe4, 0xa0, + 0xd7, 0x20, 0x83, 0x9b, 0xed, 0xe6, 0x53, 0x25, 0x21, 0x96, 0xe7, 0x0c, 0x08, 0x13, 0x87, 0x1c, + 0x31, 0x4d, 0xdd, 0x66, 0xbb, 0xc1, 0xf2, 0xa1, 0x64, 0x8c, 0xa6, 0x2e, 0x71, 0x4c, 0xcb, 0x19, + 0xa0, 0xd7, 0x21, 0xdb, 0xea, 0xf5, 0x76, 0x78, 0x99, 0xff, 0xdd, 0xe3, 0x93, 0xf2, 0xf5, 0x19, + 0x14, 0xbf, 0x40, 0x34, 0x19, 0x88, 0x15, 0x23, 0x2c, 0x53, 0x8a, 0x01, 0xb1, 0x2c, 0x57, 0x80, + 0x70, 0xa7, 0x5f, 0xed, 0xb3, 0x0a, 0xff, 0x45, 0x10, 0xa6, 0xec, 0xaf, 0xdc, 0x6e, 0xff, 0x9c, + 0x04, 0xa5, 0x6a, 0x18, 0x64, 0xe4, 0x33, 0xbe, 0xac, 0xff, 0xfa, 0x90, 0x1b, 0xb1, 0x2f, 0x8b, + 0x04, 0xb9, 0xcc, 0xfd, 0xd8, 0x07, 0xaf, 0x73, 0x72, 0x15, 0x4c, 0x6d, 0x52, 0x35, 0x87, 0x96, + 0xe7, 0x59, 0xd4, 0x11, 0x34, 0x1c, 0x6a, 0x2a, 0xfd, 0x67, 0x02, 0xae, 0xc7, 0x20, 0xd0, 0x1d, + 0x48, 0xbb, 0xd4, 0x0e, 0xe6, 0xf0, 0xd6, 0x45, 0xf7, 0x83, 0x4c, 0x14, 0x73, 0x24, 0x5a, 0x05, + 0xd0, 0xc7, 0x3e, 0xd5, 0x79, 0xff, 0x7c, 0xf6, 0x72, 0x38, 0x42, 0x41, 0x4f, 0x21, 0xeb, 0x11, + 0xc3, 0x25, 0x41, 0xc6, 0xfb, 0xe9, 0xff, 0xd5, 0xfa, 0x4a, 0x8f, 0xab, 0xc1, 0x52, 0x5d, 0xa9, + 0x02, 0x59, 0x41, 0x61, 0xcb, 0xde, 0xd4, 0x7d, 0x5d, 0xde, 0x1e, 0xf3, 0x6f, 0xb6, 0x9a, 0x74, + 0x7b, 0x10, 0xac, 0x26, 0xdd, 0x1e, 0xa8, 0x7f, 0x93, 0x04, 0x68, 0x3e, 0xf3, 0x89, 0xeb, 0xe8, + 0x76, 0xbd, 0x8a, 0x9a, 0x91, 0xe8, 0x2f, 0x46, 0xfb, 0x76, 0xec, 0x95, 0x78, 0x28, 0x51, 0xa9, + 0x57, 0x63, 0xe2, 0xff, 0x4d, 0x48, 0x8d, 0x5d, 0xf9, 0x86, 0x29, 0xb2, 0xd5, 0x1d, 0xbc, 0x85, + 0x19, 0x0d, 0x35, 0xa7, 0x61, 0x2b, 0x75, 0xf1, 0x4b, 0x65, 0xa4, 0x83, 0xd8, 0xd0, 0xc5, 0x76, + 0xbe, 0xa1, 0x6b, 0x06, 0x91, 0x27, 0x47, 0x51, 0xec, 0xfc, 0x7a, 0xb5, 0x4e, 0x5c, 0x1f, 0x67, + 0x0d, 0x9d, 0xfd, 0xff, 0x56, 0xf1, 0xed, 0x5d, 0x80, 0xe9, 0xd0, 0xd0, 0x2a, 0x64, 0xea, 0x1b, + 0xbd, 0xde, 0x96, 0x32, 0x27, 0x02, 0xf8, 0x94, 0xc5, 0xc9, 0xea, 0x5f, 0x24, 0x21, 0x57, 0xaf, + 0xca, 0x63, 0xb5, 0x0e, 0x0a, 0x8f, 0x4a, 0xfc, 0xce, 0x9d, 0x3c, 0x1b, 0x59, 0xee, 0x44, 0x06, + 0x96, 0x4b, 0x4a, 0xcf, 0x45, 0x26, 0xc2, 0xac, 0x6e, 0x72, 0x01, 0x84, 0xa1, 0x48, 0xa4, 0x13, + 0x34, 0x43, 0x0f, 0x62, 0xfc, 0xea, 0xe5, 0xce, 0x12, 0x45, 0xc4, 0xb4, 0xed, 0xe1, 0x42, 0xa0, + 0xa4, 0xae, 0x7b, 0xe8, 0x01, 0x2c, 0x79, 0xd6, 0xc0, 0xb1, 0x9c, 0x81, 0x16, 0x38, 0x8f, 0x3f, + 0x00, 0xd4, 0xae, 0x9d, 0x9d, 0xae, 0x2d, 0xf4, 0x04, 0x4b, 0xfa, 0x70, 0x41, 0x22, 0xeb, 0xdc, + 0x95, 0xe8, 0x43, 0x58, 0x8c, 0x88, 0x32, 0x2f, 0x0a, 0xb7, 0x2b, 0x67, 0xa7, 0x6b, 0xc5, 0x50, + 0xf2, 0x31, 0x99, 0xe0, 0x62, 0x28, 0xf8, 0x98, 0xf0, 0x5b, 0x92, 0x3d, 0xea, 0x1a, 0x44, 0x73, + 0xf9, 0x9e, 0xe6, 0x27, 0x78, 0x1a, 0x17, 0x38, 0x4d, 0x6c, 0x73, 0xf5, 0x09, 0x5c, 0xef, 0xb8, + 0xc6, 0x3e, 0xf1, 0x7c, 0xe1, 0x0a, 0xe9, 0xc5, 0x4f, 0xe1, 0x96, 0xaf, 0x7b, 0x07, 0xda, 0xbe, + 0xe5, 0xf9, 0xd4, 0x9d, 0x68, 0x2e, 0xf1, 0x89, 0xc3, 0xf8, 0x1a, 0x7f, 0x35, 0x94, 0xd7, 0x58, + 0x37, 0x19, 0x66, 0x53, 0x40, 0x70, 0x80, 0xd8, 0x62, 0x00, 0xb5, 0x05, 0x45, 0x56, 0x4c, 0x34, + 0xc8, 0x9e, 0x3e, 0xb6, 0x7d, 0x36, 0x7a, 0xb0, 0xe9, 0x40, 0x7b, 0xe9, 0x63, 0x2a, 0x6f, 0xd3, + 0x81, 0xf8, 0x54, 0x7f, 0x08, 0x4a, 0xc3, 0xf2, 0x46, 0xba, 0x6f, 0xec, 0x07, 0xf7, 0x73, 0xa8, + 0x01, 0xca, 0x3e, 0xd1, 0x5d, 0x7f, 0x97, 0xe8, 0xbe, 0x36, 0x22, 0xae, 0x45, 0xcd, 0xab, 0x67, + 0x79, 0x29, 0x14, 0xe9, 0x72, 0x09, 0xf5, 0xbf, 0x12, 0x00, 0x58, 0xdf, 0x0b, 0x32, 0xb2, 0xef, + 0xc3, 0x35, 0xcf, 0xd1, 0x47, 0xde, 0x3e, 0xf5, 0x35, 0xcb, 0xf1, 0x89, 0x7b, 0xa8, 0xdb, 0xf2, + 0x9a, 0x45, 0x09, 0x18, 0x2d, 0x49, 0x47, 0xef, 0x02, 0x3a, 0x20, 0x64, 0xa4, 0x51, 0xdb, 0xd4, + 0x02, 0xa6, 0x78, 0xd3, 0x4c, 0x63, 0x85, 0x71, 0x3a, 0xb6, 0xd9, 0x0b, 0xe8, 0xa8, 0x06, 0xab, + 0x6c, 0xf8, 0xc4, 0xf1, 0x5d, 0x8b, 0x78, 0xda, 0x1e, 0x75, 0x35, 0xcf, 0xa6, 0x47, 0xda, 0x1e, + 0xb5, 0x6d, 0x7a, 0x44, 0xdc, 0xe0, 0x06, 0xab, 0x64, 0xd3, 0x41, 0x53, 0x80, 0x36, 0xa8, 0xdb, + 0xb3, 0xe9, 0xd1, 0x46, 0x80, 0x60, 0x69, 0xdb, 0x74, 0xcc, 0xbe, 0x65, 0x1c, 0x04, 0x69, 0x5b, + 0x48, 0xed, 0x5b, 0xc6, 0x01, 0x7a, 0x1d, 0x16, 0x88, 0x4d, 0xf8, 0x45, 0x86, 0x40, 0x65, 0x38, + 0xaa, 0x18, 0x10, 0x19, 0x48, 0xfd, 0x0c, 0x94, 0xa6, 0x63, 0xb8, 0x93, 0x51, 0x64, 0xce, 0xdf, + 0x05, 0xc4, 0x82, 0xa4, 0x66, 0x53, 0xe3, 0x40, 0x1b, 0xea, 0x8e, 0x3e, 0x60, 0x76, 0x89, 0xa7, + 0x26, 0x85, 0x71, 0xb6, 0xa8, 0x71, 0xb0, 0x2d, 0xe9, 0xea, 0x03, 0x80, 0xde, 0xc8, 0x25, 0xba, + 0xd9, 0x61, 0xd9, 0x04, 0x73, 0x1d, 0x6f, 0x69, 0xa6, 0x7c, 0xaa, 0xa3, 0xae, 0xdc, 0xea, 0x8a, + 0x60, 0x34, 0x42, 0xba, 0xfa, 0x0b, 0x70, 0xbd, 0x6b, 0xeb, 0x06, 0x7f, 0xb6, 0xee, 0x86, 0x6f, + 0x27, 0xe8, 0x3e, 0x64, 0x05, 0x54, 0xce, 0x64, 0xec, 0x76, 0x9b, 0xf6, 0xb9, 0x39, 0x87, 0x25, + 0xbe, 0x56, 0x04, 0x98, 0xea, 0x51, 0xff, 0x2c, 0x01, 0xf9, 0x50, 0x3f, 0x2a, 0x03, 0x2b, 0xe5, + 0xd9, 0xf2, 0xb6, 0x1c, 0x59, 0x7b, 0xe7, 0x71, 0x94, 0x84, 0x5a, 0x50, 0x18, 0x85, 0xd2, 0x97, + 0xe6, 0x73, 0x31, 0x56, 0xe3, 0xa8, 0x2c, 0xfa, 0x08, 0xf2, 0xc1, 0xdb, 0x68, 0x10, 0x61, 0x2f, + 0x7f, 0x4a, 0x9d, 0xc2, 0xd5, 0x4f, 0x00, 0x7e, 0x40, 0x2d, 0xa7, 0x4f, 0x0f, 0x88, 0xc3, 0xdf, + 0xfa, 0x58, 0x4d, 0x48, 0x02, 0x2f, 0xca, 0x16, 0x2f, 0xc8, 0xc5, 0x14, 0x84, 0x4f, 0x5e, 0xa2, + 0xa9, 0xfe, 0x75, 0x12, 0xb2, 0x98, 0x52, 0xbf, 0x5e, 0x45, 0x65, 0xc8, 0xca, 0x38, 0xc1, 0xcf, + 0x9f, 0x5a, 0xfe, 0xec, 0x74, 0x2d, 0x23, 0x02, 0x44, 0xc6, 0xe0, 0x91, 0x21, 0x12, 0xc1, 0x93, + 0x17, 0x45, 0x70, 0x74, 0x07, 0x8a, 0x12, 0xa4, 0xed, 0xeb, 0xde, 0xbe, 0x28, 0xd0, 0x6a, 0x8b, + 0x67, 0xa7, 0x6b, 0x20, 0x90, 0x9b, 0xba, 0xb7, 0x8f, 0x41, 0xa0, 0xd9, 0x37, 0x6a, 0x42, 0xe1, + 0x0b, 0x6a, 0x39, 0x9a, 0xcf, 0x07, 0x21, 0xaf, 0xfc, 0x62, 0xe7, 0x71, 0x3a, 0x54, 0xf9, 0xf0, + 0x0d, 0x5f, 0x4c, 0x07, 0xdf, 0x84, 0x05, 0x97, 0x52, 0x5f, 0x84, 0x2d, 0x8b, 0x3a, 0xf2, 0x36, + 0xa1, 0x1c, 0x7b, 0xc9, 0x4c, 0xa9, 0x8f, 0x25, 0x0e, 0x17, 0xdd, 0x48, 0x0b, 0xdd, 0x81, 0x65, + 0x5b, 0xf7, 0x7c, 0x8d, 0xc7, 0x3b, 0x73, 0xaa, 0x2d, 0xcb, 0xb7, 0x1a, 0x62, 0xbc, 0x0d, 0xce, + 0x0a, 0x24, 0xd4, 0x7f, 0x4c, 0x40, 0x81, 0x0d, 0xc6, 0xda, 0xb3, 0x0c, 0x96, 0xe4, 0x7d, 0xf3, + 0xdc, 0xe3, 0x26, 0xa4, 0x0c, 0xcf, 0x95, 0x4e, 0xe5, 0x87, 0x6f, 0xbd, 0x87, 0x31, 0xa3, 0xa1, + 0xcf, 0x20, 0x2b, 0x6f, 0x35, 0x44, 0xda, 0xa1, 0x5e, 0x9d, 0x8e, 0x4a, 0xdf, 0x48, 0x39, 0xbe, + 0x96, 0xa7, 0xd6, 0x89, 0x43, 0x00, 0x47, 0x49, 0xe8, 0x06, 0x24, 0x0d, 0xe1, 0x2e, 0xf9, 0xcb, + 0x8a, 0x7a, 0x1b, 0x27, 0x0d, 0x47, 0xfd, 0xbb, 0x04, 0x2c, 0x4c, 0x37, 0x3c, 0x5b, 0x01, 0xb7, + 0x20, 0xef, 0x8d, 0x77, 0xbd, 0x89, 0xe7, 0x93, 0x61, 0xf0, 0x8e, 0x19, 0x12, 0x50, 0x0b, 0xf2, + 0xba, 0x3d, 0xa0, 0xae, 0xe5, 0xef, 0x0f, 0x65, 0x25, 0x1a, 0x9f, 0x2a, 0x44, 0x75, 0x56, 0xaa, + 0x81, 0x08, 0x9e, 0x4a, 0x07, 0xe7, 0xbe, 0x78, 0xec, 0xe6, 0xe7, 0xfe, 0x6b, 0x50, 0xb4, 0xf5, + 0x21, 0xbf, 0xe6, 0xf1, 0xad, 0xa1, 0x18, 0x47, 0x1a, 0x17, 0x24, 0xad, 0x6f, 0x0d, 0x89, 0xaa, + 0x42, 0x3e, 0x54, 0x86, 0x96, 0xa0, 0x50, 0x6d, 0xf6, 0xb4, 0xbb, 0xeb, 0xf7, 0xb5, 0x47, 0xf5, + 0x6d, 0x65, 0x4e, 0xe6, 0xa6, 0x7f, 0x9e, 0x80, 0x05, 0x19, 0x8e, 0x64, 0xbe, 0xff, 0x3a, 0xcc, + 0xbb, 0xfa, 0x9e, 0x1f, 0x54, 0x24, 0x69, 0xb1, 0xaa, 0x59, 0x84, 0x67, 0x15, 0x09, 0x63, 0xc5, + 0x57, 0x24, 0x91, 0x97, 0xf5, 0xd4, 0xa5, 0x2f, 0xeb, 0xe9, 0x9f, 0xcb, 0xcb, 0xba, 0xfa, 0x6b, + 0x00, 0x1b, 0x96, 0x4d, 0xfa, 0xe2, 0xae, 0x29, 0xae, 0xbe, 0x64, 0x39, 0x9c, 0xbc, 0x71, 0x0c, + 0x72, 0xb8, 0x56, 0x03, 0x33, 0x1a, 0x63, 0x0d, 0x2c, 0x53, 0x6e, 0x46, 0xce, 0x7a, 0xc4, 0x58, + 0x03, 0xcb, 0x0c, 0xdf, 0x92, 0xd2, 0x57, 0xbd, 0x25, 0x9d, 0x24, 0x60, 0x49, 0xe6, 0xae, 0x61, + 0xf8, 0x7d, 0x1b, 0xf2, 0x22, 0x8d, 0x9d, 0x16, 0x74, 0xfc, 0x35, 0x59, 0xe0, 0x5a, 0x0d, 0x9c, + 0x13, 0xec, 0x96, 0x89, 0xd6, 0xa0, 0x20, 0xa1, 0x91, 0x5f, 0xe1, 0x80, 0x20, 0xb5, 0x99, 0xf9, + 0xef, 0x43, 0x7a, 0xcf, 0xb2, 0x89, 0x5c, 0xe8, 0xb1, 0x01, 0x60, 0xea, 0x80, 0xcd, 0x39, 0xcc, + 0xd1, 0xb5, 0x5c, 0x70, 0x19, 0xc7, 0xed, 0x93, 0x65, 0x67, 0xd4, 0x3e, 0x51, 0x81, 0x9e, 0xb3, + 0x4f, 0xe0, 0x98, 0x7d, 0x82, 0x2d, 0xec, 0x93, 0xd0, 0xa8, 0x7d, 0x82, 0xf4, 0x73, 0xb1, 0x6f, + 0x0b, 0x6e, 0xd4, 0x6c, 0xdd, 0x38, 0xb0, 0x2d, 0xcf, 0x27, 0x66, 0x34, 0x62, 0xac, 0x43, 0x76, + 0x26, 0xe9, 0xbc, 0xec, 0x72, 0x56, 0x22, 0xd5, 0x7f, 0x4b, 0x40, 0x71, 0x93, 0xe8, 0xb6, 0xbf, + 0x3f, 0xbd, 0x1a, 0xf2, 0x89, 0xe7, 0xcb, 0xc3, 0x8a, 0x7f, 0xa3, 0x0f, 0x20, 0x17, 0xe6, 0x24, + 0x57, 0xbe, 0x92, 0x85, 0x50, 0x74, 0x0f, 0xe6, 0xd9, 0x1e, 0xa3, 0xe3, 0xa0, 0xd8, 0xb9, 0xec, + 0x01, 0x46, 0x22, 0xd9, 0x21, 0xe3, 0x12, 0x9e, 0x84, 0xf0, 0xa5, 0x94, 0xc1, 0x41, 0x13, 0xfd, + 0x7f, 0x28, 0xf2, 0xf7, 0x83, 0x20, 0xe7, 0xca, 0x5c, 0xa5, 0xb3, 0x20, 0x9e, 0x00, 0x45, 0xbe, + 0xf5, 0x3f, 0x09, 0x58, 0xde, 0xd6, 0x27, 0xbb, 0x44, 0x86, 0x0d, 0x62, 0x62, 0x62, 0x50, 0xd7, + 0x44, 0xdd, 0x68, 0xb8, 0xb9, 0xe4, 0x45, 0x31, 0x4e, 0x38, 0x3e, 0xea, 0x04, 0x05, 0x58, 0x32, + 0x52, 0x80, 0x2d, 0x43, 0xc6, 0xa1, 0x8e, 0x41, 0x64, 0x2c, 0x12, 0x0d, 0xd5, 0x8a, 0x86, 0x9a, + 0x52, 0xf8, 0xd8, 0xc7, 0x9f, 0xea, 0xda, 0xd4, 0x0f, 0x7b, 0x43, 0x9f, 0x41, 0xa9, 0xd7, 0xac, + 0xe3, 0x66, 0xbf, 0xd6, 0xf9, 0xa1, 0xd6, 0xab, 0x6e, 0xf5, 0xaa, 0xeb, 0x77, 0xb4, 0x6e, 0x67, + 0xeb, 0xf3, 0xbb, 0xf7, 0xee, 0x7c, 0xa0, 0x24, 0x4a, 0xe5, 0xe3, 0x93, 0xf2, 0xad, 0x76, 0xb5, + 0xbe, 0x25, 0x76, 0xcc, 0x2e, 0x7d, 0xd6, 0xd3, 0x6d, 0x4f, 0x5f, 0xbf, 0xd3, 0xa5, 0xf6, 0x84, + 0x61, 0xd8, 0xb2, 0x2e, 0x46, 0xcf, 0xab, 0xe8, 0x31, 0x9c, 0xb8, 0xf0, 0x18, 0x9e, 0x9e, 0xe6, + 0xc9, 0x0b, 0x4e, 0xf3, 0x0d, 0x58, 0x36, 0x5c, 0xea, 0x79, 0x1a, 0xcb, 0xfe, 0x89, 0x79, 0xae, + 0xbe, 0xf8, 0xce, 0xd9, 0xe9, 0xda, 0xb5, 0x3a, 0xe3, 0xf7, 0x38, 0x5b, 0xaa, 0xbf, 0x66, 0x44, + 0x48, 0xbc, 0x27, 0xf5, 0xf7, 0x53, 0x2c, 0x91, 0xb2, 0x0e, 0x2d, 0x9b, 0x0c, 0x88, 0x87, 0x9e, + 0xc0, 0x92, 0xe1, 0x12, 0x93, 0xa5, 0xf5, 0xba, 0xad, 0x79, 0x23, 0x62, 0xc8, 0x45, 0xfd, 0xff, + 0x62, 0x73, 0x9a, 0x50, 0xb0, 0x52, 0x0f, 0xa5, 0x7a, 0x23, 0x62, 0xe0, 0x45, 0x63, 0xa6, 0x8d, + 0xbe, 0x80, 0x25, 0x8f, 0xd8, 0x96, 0x33, 0x7e, 0xa6, 0x19, 0xd4, 0xf1, 0xc9, 0xb3, 0xe0, 0xdd, + 0xea, 0x2a, 0xbd, 0xbd, 0xe6, 0x16, 0x93, 0xaa, 0x0b, 0xa1, 0x1a, 0x3a, 0x3b, 0x5d, 0x5b, 0x9c, + 0xa5, 0xe1, 0x45, 0xa9, 0x59, 0xb6, 0x4b, 0x6d, 0x58, 0x9c, 0xb5, 0x06, 0x2d, 0xcb, 0xbd, 0xcf, + 0x43, 0x48, 0xb0, 0xb7, 0xd1, 0x2d, 0xc8, 0xb9, 0x64, 0x60, 0x79, 0xbe, 0x2b, 0xdc, 0xcc, 0x38, + 0x21, 0x85, 0xed, 0x7c, 0xf1, 0x53, 0x9c, 0xd2, 0xaf, 0xc0, 0xb9, 0x1e, 0xd9, 0x66, 0x31, 0x2d, + 0x4f, 0xdf, 0x95, 0x2a, 0x73, 0x38, 0x68, 0xb2, 0x35, 0x38, 0xf6, 0xc2, 0x44, 0x8d, 0x7f, 0x33, + 0x1a, 0xcf, 0x28, 0xe4, 0x0f, 0x93, 0x78, 0xce, 0x10, 0xfc, 0xc2, 0x31, 0x1d, 0xf9, 0x85, 0xe3, + 0x32, 0x64, 0x6c, 0x72, 0x48, 0x6c, 0x71, 0x96, 0x63, 0xd1, 0x78, 0xe7, 0x67, 0x29, 0xc8, 0x87, + 0x6f, 0x34, 0xec, 0x24, 0x68, 0x37, 0x9f, 0x06, 0x6b, 0x35, 0xa4, 0xb7, 0xc9, 0x11, 0x7a, 0x6d, + 0x7a, 0xa7, 0xf4, 0x99, 0x78, 0x94, 0x0e, 0xd9, 0xc1, 0x7d, 0xd2, 0x1b, 0x90, 0xab, 0xf6, 0x7a, + 0xad, 0x47, 0xed, 0x66, 0x43, 0xf9, 0x32, 0x51, 0xfa, 0xce, 0xf1, 0x49, 0xf9, 0x5a, 0x08, 0xaa, + 0x7a, 0x62, 0x29, 0x71, 0x54, 0xbd, 0xde, 0xec, 0xf6, 0x9b, 0x0d, 0xe5, 0x79, 0xf2, 0x3c, 0x8a, + 0xdf, 0x91, 0xf0, 0x9f, 0x96, 0xe4, 0xbb, 0xb8, 0xd9, 0xad, 0x62, 0xd6, 0xe1, 0x97, 0x49, 0x71, + 0xd5, 0x35, 0xed, 0xd1, 0x25, 0x23, 0x9d, 0xff, 0xae, 0x78, 0x35, 0xf8, 0x89, 0xd5, 0xf3, 0x94, + 0xf8, 0xf9, 0xc1, 0xf4, 0xc1, 0x89, 0xe8, 0xe6, 0x84, 0xf5, 0xc6, 0x5f, 0xfa, 0xb8, 0x9a, 0xd4, + 0xb9, 0xde, 0x7a, 0x2c, 0x92, 0x30, 0x2d, 0x2a, 0xcc, 0xe3, 0x9d, 0x76, 0x9b, 0x81, 0x9e, 0xa7, + 0xcf, 0x8d, 0x0e, 0x8f, 0x1d, 0x56, 0xff, 0xa2, 0xdb, 0x90, 0x0b, 0x1e, 0x02, 0x95, 0x2f, 0xd3, + 0xe7, 0x0c, 0xaa, 0x07, 0xaf, 0x98, 0xbc, 0xc3, 0xcd, 0x9d, 0x3e, 0xff, 0x05, 0xd8, 0xf3, 0xcc, + 0xf9, 0x0e, 0xf7, 0xc7, 0xbe, 0x49, 0x8f, 0x1c, 0xb6, 0x03, 0xe5, 0xad, 0xda, 0x97, 0x19, 0x71, + 0x05, 0x11, 0x62, 0xe4, 0x95, 0xda, 0x1b, 0x90, 0xc3, 0xcd, 0x1f, 0x88, 0x1f, 0x8b, 0x3d, 0xcf, + 0x9e, 0xd3, 0x83, 0xc9, 0x17, 0xc4, 0x90, 0xbd, 0x75, 0x70, 0x77, 0xb3, 0xca, 0x5d, 0x7e, 0x1e, + 0xd5, 0x71, 0x47, 0xfb, 0xba, 0x43, 0xcc, 0xe9, 0x6f, 0x30, 0x42, 0xd6, 0x3b, 0xbf, 0x08, 0xb9, + 0x20, 0xcf, 0x44, 0xab, 0x90, 0x7d, 0xda, 0xc1, 0x8f, 0x9b, 0x58, 0x99, 0x13, 0x3e, 0x0c, 0x38, + 0x4f, 0x45, 0x85, 0x50, 0x86, 0xf9, 0xed, 0x6a, 0xbb, 0xfa, 0xa8, 0x89, 0x83, 0x0b, 0xef, 0x00, + 0x20, 0x93, 0xa5, 0x92, 0x22, 0x3b, 0x08, 0x75, 0xd6, 0x56, 0xbe, 0xfa, 0x7a, 0x75, 0xee, 0xa7, + 0x5f, 0xaf, 0xce, 0x3d, 0x3f, 0x5b, 0x4d, 0x7c, 0x75, 0xb6, 0x9a, 0xf8, 0xc9, 0xd9, 0x6a, 0xe2, + 0x5f, 0xcf, 0x56, 0x13, 0xbb, 0x59, 0x1e, 0xd2, 0xef, 0xfd, 0x6f, 0x00, 0x00, 0x00, 0xff, 0xff, + 0xdb, 0x9d, 0xe2, 0x3d, 0xd2, 0x2f, 0x00, 0x00, } diff --git a/components/engine/vendor/github.com/docker/swarmkit/api/types.proto b/components/engine/vendor/github.com/docker/swarmkit/api/types.proto index 719b88a9c6..201bc3587f 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/api/types.proto +++ b/components/engine/vendor/github.com/docker/swarmkit/api/types.proto @@ -30,12 +30,32 @@ message Annotations { repeated IndexEntry indices = 4 [(gogoproto.nullable) = false]; } +message GenericString { + string kind = 1; + string value = 2; +} + +message GenericDiscrete { + string kind = 1; + int64 value = 2; +} + +message GenericResource { + oneof resource { + GenericString str = 1; + GenericDiscrete discrete = 2; + } +} + message Resources { // Amount of CPUs (e.g. 2000000000 = 2 CPU cores) int64 nano_cpus = 1 [(gogoproto.customname) = "NanoCPUs"]; // Amount of memory in bytes. int64 memory_bytes = 2; + + // User specified resource (e.g: bananas=2;apple={red,yellow,green}) + repeated GenericResource generic = 3; } message ResourceRequirements { diff --git a/components/engine/vendor/github.com/docker/swarmkit/ca/certificates.go b/components/engine/vendor/github.com/docker/swarmkit/ca/certificates.go index 37c8a172de..642c07772b 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/ca/certificates.go +++ b/components/engine/vendor/github.com/docker/swarmkit/ca/certificates.go @@ -871,7 +871,7 @@ func GetRemoteSignedCertificate(ctx context.Context, csr []byte, rootCAPool *x50 caClient = api.NewNodeCAClient(conn.ClientConn) // If there was no deadline exceeded error, and the certificate was issued, return - case err == nil && statusResponse.Status.State == api.IssuanceStateIssued: + case err == nil && (statusResponse.Status.State == api.IssuanceStateIssued || statusResponse.Status.State == api.IssuanceStateRotate): if statusResponse.Certificate == nil { conn.Close(false) return nil, errors.New("no certificate in CertificateStatus response") diff --git a/components/engine/vendor/github.com/docker/swarmkit/ca/config.go b/components/engine/vendor/github.com/docker/swarmkit/ca/config.go index 2aaaf78aba..8f16cc22b5 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/ca/config.go +++ b/components/engine/vendor/github.com/docker/swarmkit/ca/config.go @@ -89,6 +89,39 @@ type CertificateUpdate struct { Err error } +func validateRootCAAndTLSCert(rootCA *RootCA, externalCARootPool *x509.CertPool, tlsKeyPair *tls.Certificate) error { + var ( + leafCert *x509.Certificate + intermediatePool *x509.CertPool + ) + for i, derBytes := range tlsKeyPair.Certificate { + parsed, err := x509.ParseCertificate(derBytes) + if err != nil { + return errors.Wrap(err, "could not validate new root certificates due to parse error") + } + if i == 0 { + leafCert = parsed + } else { + if intermediatePool == nil { + intermediatePool = x509.NewCertPool() + } + intermediatePool.AddCert(parsed) + } + } + opts := x509.VerifyOptions{ + Roots: rootCA.Pool, + Intermediates: intermediatePool, + } + if _, err := leafCert.Verify(opts); err != nil { + return errors.Wrap(err, "new root CA does not match existing TLS credentials") + } + opts.Roots = externalCARootPool + if _, err := leafCert.Verify(opts); err != nil { + return errors.Wrap(err, "new external root pool does not match existing TLS credentials") + } + return nil +} + // NewSecurityConfig initializes and returns a new SecurityConfig. func NewSecurityConfig(rootCA *RootCA, krw *KeyReadWriter, tlsKeyPair *tls.Certificate, issuerInfo *IssuerInfo) (*SecurityConfig, error) { // Create the Server TLS Credentials for this node. These will not be used by workers. @@ -155,8 +188,15 @@ func (s *SecurityConfig) UpdateRootCA(rootCA *RootCA, externalCARootPool *x509.C s.mu.Lock() defer s.mu.Unlock() + // refuse to update the root CA if the current TLS credentials do not validate against it + if err := validateRootCAAndTLSCert(rootCA, externalCARootPool, s.certificate); err != nil { + return err + } + s.rootCA = rootCA s.externalCAClientRootPool = externalCARootPool + s.externalCA.UpdateRootCA(rootCA) + return s.updateTLSCredentials(s.certificate, s.issuerInfo) } @@ -215,6 +255,13 @@ func (s *SecurityConfig) updateTLSCredentials(certificate *tls.Certificate, issu return nil } +// UpdateTLSCredentials updates the security config with an updated TLS certificate and issuer info +func (s *SecurityConfig) UpdateTLSCredentials(certificate *tls.Certificate, issuerInfo *IssuerInfo) error { + s.mu.Lock() + defer s.mu.Unlock() + return s.updateTLSCredentials(certificate, issuerInfo) +} + // SigningPolicy creates a policy used by the signer to ensure that the only fields // from the remote CSRs we trust are: PublicKey, PublicKeyAlgorithm and SignatureAlgorithm. // It receives the duration a certificate will be valid for @@ -470,9 +517,7 @@ func RenewTLSConfigNow(ctx context.Context, s *SecurityConfig, connBroker *conne return err } - s.mu.Lock() - defer s.mu.Unlock() - return s.updateTLSCredentials(tlsKeyPair, issuerInfo) + return s.UpdateTLSCredentials(tlsKeyPair, issuerInfo) } // calculateRandomExpiry returns a random duration between 50% and 80% of the diff --git a/components/engine/vendor/github.com/docker/swarmkit/ca/external.go b/components/engine/vendor/github.com/docker/swarmkit/ca/external.go index 6f23ff1fbf..d6a9421e0d 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/ca/external.go +++ b/components/engine/vendor/github.com/docker/swarmkit/ca/external.go @@ -18,11 +18,15 @@ import ( "github.com/cloudflare/cfssl/config" "github.com/cloudflare/cfssl/csr" "github.com/cloudflare/cfssl/signer" + "github.com/docker/swarmkit/log" "github.com/pkg/errors" "golang.org/x/net/context" "golang.org/x/net/context/ctxhttp" ) +// ExternalCrossSignProfile is the profile that we will be sending cross-signing CSR sign requests with +const ExternalCrossSignProfile = "CA" + // ErrNoExternalCAURLs is an error used it indicate that an ExternalCA is // configured with no URLs to which it can proxy certificate signing requests. var ErrNoExternalCAURLs = errors.New("no external CA URLs") @@ -79,8 +83,7 @@ func (eca *ExternalCA) UpdateTLSConfig(tlsConfig *tls.Config) { } } -// UpdateURLs updates the list of CSR API endpoints by setting it to the given -// urls. +// UpdateURLs updates the list of CSR API endpoints by setting it to the given urls. func (eca *ExternalCA) UpdateURLs(urls ...string) { eca.mu.Lock() defer eca.mu.Unlock() @@ -88,6 +91,13 @@ func (eca *ExternalCA) UpdateURLs(urls ...string) { eca.urls = urls } +// UpdateRootCA changes the root CA used to append intermediates +func (eca *ExternalCA) UpdateRootCA(rca *RootCA) { + eca.mu.Lock() + eca.rootCA = rca + eca.mu.Unlock() +} + // Sign signs a new certificate by proxying the given certificate signing // request to an external CFSSL API server. func (eca *ExternalCA) Sign(ctx context.Context, req signer.SignRequest) (cert []byte, err error) { @@ -96,6 +106,7 @@ func (eca *ExternalCA) Sign(ctx context.Context, req signer.SignRequest) (cert [ eca.mu.Lock() urls := eca.urls client := eca.client + intermediates := eca.rootCA.Intermediates eca.mu.Unlock() if len(urls) == 0 { @@ -114,9 +125,9 @@ func (eca *ExternalCA) Sign(ctx context.Context, req signer.SignRequest) (cert [ cert, err = makeExternalSignRequest(requestCtx, client, url, csrJSON) cancel() if err == nil { - return append(cert, eca.rootCA.Intermediates...), err + return append(cert, intermediates...), err } - logrus.Debugf("unable to proxy certificate signing request to %s: %s", url, err) + log.G(ctx).Debugf("unable to proxy certificate signing request to %s: %s", url, err) } return nil, err @@ -157,6 +168,7 @@ func (eca *ExternalCA) CrossSignRootCA(ctx context.Context, rca RootCA) ([]byte, CN: rootCert.Subject.CommonName, Names: cfCSRObj.Names, }, + Profile: ExternalCrossSignProfile, } // cfssl actually ignores non subject alt name extensions in the CSR, so we have to add the CA extension in the signing // request as well diff --git a/components/engine/vendor/github.com/docker/swarmkit/ca/reconciler.go b/components/engine/vendor/github.com/docker/swarmkit/ca/reconciler.go index 6651393b50..6daec76d39 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/ca/reconciler.go +++ b/components/engine/vendor/github.com/docker/swarmkit/ca/reconciler.go @@ -99,7 +99,7 @@ func (r *rootRotationReconciler) UpdateRootCA(newRootCA *api.RootCA) { if newRootCA.RootRotation != nil { var nodes []*api.Node r.store.View(func(tx store.ReadTx) { - nodes, err = store.FindNodes(tx, store.ByMembership(api.NodeMembershipAccepted)) + nodes, err = store.FindNodes(tx, store.All) }) if err != nil { log.G(r.ctx).WithError(err).Error("unable to list nodes, so unable to process the current root CA") @@ -132,8 +132,8 @@ func (r *rootRotationReconciler) UpdateRootCA(newRootCA *api.RootCA) { func (r *rootRotationReconciler) UpdateNode(node *api.Node) { r.mu.Lock() defer r.mu.Unlock() - // if we're not in the middle of a root rotation, or if this node does not have membership, ignore it - if r.currentRootCA == nil || r.currentRootCA.RootRotation == nil || node.Spec.Membership != api.NodeMembershipAccepted { + // if we're not in the middle of a root rotation ignore the update + if r.currentRootCA == nil || r.currentRootCA.RootRotation == nil { return } if hasIssuer(node, &r.currentIssuer) { diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/allocator.go b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/allocator.go index 95528e750e..5ca50623bb 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/allocator.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/allocator.go @@ -51,13 +51,6 @@ type taskBallot struct { // allocActor controls the various phases in the lifecycle of one kind of allocator. type allocActor struct { - // Channel through which the allocator gets all the events - // that it is interested in. - ch chan events.Event - - // cancel unregisters the watcher. - cancel func() - // Task voter identity of the allocator. taskVoter string @@ -90,7 +83,10 @@ func New(store *store.MemoryStore, pg plugingetter.PluginGetter) (*Allocator, er func (a *Allocator) Run(ctx context.Context) error { // Setup cancel context for all goroutines to use. ctx, cancel := context.WithCancel(ctx) - var wg sync.WaitGroup + var ( + wg sync.WaitGroup + actors []func() error + ) defer func() { cancel() @@ -98,26 +94,8 @@ func (a *Allocator) Run(ctx context.Context) error { close(a.doneChan) }() - var actors []func() error - watch, watchCancel := state.Watch(a.store.WatchQueue(), - api.EventCreateNetwork{}, - api.EventDeleteNetwork{}, - api.EventCreateService{}, - api.EventUpdateService{}, - api.EventDeleteService{}, - api.EventCreateTask{}, - api.EventUpdateTask{}, - api.EventDeleteTask{}, - api.EventCreateNode{}, - api.EventUpdateNode{}, - api.EventDeleteNode{}, - state.EventCommit{}, - ) - for _, aa := range []allocActor{ { - ch: watch, - cancel: watchCancel, taskVoter: networkVoter, init: a.doNetworkInit, action: a.doNetworkAlloc, @@ -127,8 +105,8 @@ func (a *Allocator) Run(ctx context.Context) error { a.registerToVote(aa.taskVoter) } - // Copy the iterated value for variable capture. - aaCopy := aa + // Assign a pointer for variable capture + aaPtr := &aa actor := func() error { wg.Add(1) defer wg.Done() @@ -136,19 +114,19 @@ func (a *Allocator) Run(ctx context.Context) error { // init might return an allocator specific context // which is a child of the passed in context to hold // allocator specific state - if err := aaCopy.init(ctx); err != nil { - // Stop the watches for this allocator - // if we are failing in the init of - // this allocator. - aa.cancel() + watch, watchCancel, err := a.init(ctx, aaPtr) + if err != nil { return err } wg.Add(1) - go func() { - defer wg.Done() - a.run(ctx, aaCopy) - }() + go func(watch <-chan events.Event, watchCancel func()) { + defer func() { + wg.Done() + watchCancel() + }() + a.run(ctx, *aaPtr, watch) + }(watch, watchCancel) return nil } @@ -172,10 +150,34 @@ func (a *Allocator) Stop() { <-a.doneChan } -func (a *Allocator) run(ctx context.Context, aa allocActor) { +func (a *Allocator) init(ctx context.Context, aa *allocActor) (<-chan events.Event, func(), error) { + watch, watchCancel := state.Watch(a.store.WatchQueue(), + api.EventCreateNetwork{}, + api.EventDeleteNetwork{}, + api.EventCreateService{}, + api.EventUpdateService{}, + api.EventDeleteService{}, + api.EventCreateTask{}, + api.EventUpdateTask{}, + api.EventDeleteTask{}, + api.EventCreateNode{}, + api.EventUpdateNode{}, + api.EventDeleteNode{}, + state.EventCommit{}, + ) + + if err := aa.init(ctx); err != nil { + watchCancel() + return nil, nil, err + } + + return watch, watchCancel, nil +} + +func (a *Allocator) run(ctx context.Context, aa allocActor, watch <-chan events.Event) { for { select { - case ev, ok := <-aa.ch: + case ev, ok := <-watch: if !ok { return } diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_darwin.go b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_darwin.go similarity index 65% rename from components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_darwin.go rename to components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_darwin.go index 9b56f7be36..8cbedbd6b8 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_darwin.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_darwin.go @@ -1,8 +1,9 @@ -package networkallocator +package cnmallocator import ( "github.com/docker/libnetwork/drivers/overlay/ovmanager" "github.com/docker/libnetwork/drivers/remote" + "github.com/docker/swarmkit/manager/allocator/networkallocator" ) var initializers = []initializer{ @@ -11,6 +12,6 @@ var initializers = []initializer{ } // PredefinedNetworks returns the list of predefined network structures -func PredefinedNetworks() []PredefinedNetworkData { +func PredefinedNetworks() []networkallocator.PredefinedNetworkData { return nil } diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_ipam.go b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_ipam.go similarity index 95% rename from components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_ipam.go rename to components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_ipam.go index 56b944a1a7..eb854c56bf 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_ipam.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_ipam.go @@ -1,4 +1,4 @@ -package networkallocator +package cnmallocator import ( "github.com/docker/libnetwork/drvregistry" diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_network_linux.go b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_network_linux.go similarity index 68% rename from components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_network_linux.go rename to components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_network_linux.go index 035a904b18..5d6a0e74bf 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_network_linux.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_network_linux.go @@ -1,4 +1,4 @@ -package networkallocator +package cnmallocator import ( "github.com/docker/libnetwork/drivers/bridge/brmanager" @@ -7,6 +7,7 @@ import ( "github.com/docker/libnetwork/drivers/macvlan/mvmanager" "github.com/docker/libnetwork/drivers/overlay/ovmanager" "github.com/docker/libnetwork/drivers/remote" + "github.com/docker/swarmkit/manager/allocator/networkallocator" ) var initializers = []initializer{ @@ -19,9 +20,9 @@ var initializers = []initializer{ } // PredefinedNetworks returns the list of predefined network structures -func PredefinedNetworks() []PredefinedNetworkData { - return []PredefinedNetworkData{ - {"bridge", "bridge"}, - {"host", "host"}, +func PredefinedNetworks() []networkallocator.PredefinedNetworkData { + return []networkallocator.PredefinedNetworkData{ + {Name: "bridge", Driver: "bridge"}, + {Name: "host", Driver: "host"}, } } diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_network_windows.go b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_network_windows.go similarity index 65% rename from components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_network_windows.go rename to components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_network_windows.go index 9b56f7be36..8cbedbd6b8 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_network_windows.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_network_windows.go @@ -1,8 +1,9 @@ -package networkallocator +package cnmallocator import ( "github.com/docker/libnetwork/drivers/overlay/ovmanager" "github.com/docker/libnetwork/drivers/remote" + "github.com/docker/swarmkit/manager/allocator/networkallocator" ) var initializers = []initializer{ @@ -11,6 +12,6 @@ var initializers = []initializer{ } // PredefinedNetworks returns the list of predefined network structures -func PredefinedNetworks() []PredefinedNetworkData { +func PredefinedNetworks() []networkallocator.PredefinedNetworkData { return nil } diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_unsupported.go b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_unsupported.go new file mode 100644 index 0000000000..f9de277e38 --- /dev/null +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/drivers_unsupported.go @@ -0,0 +1,14 @@ +// +build !linux,!darwin,!windows + +package cnmallocator + +import ( + "github.com/docker/swarmkit/manager/allocator/networkallocator" +) + +const initializers = nil + +// PredefinedNetworks returns the list of predefined network structures +func PredefinedNetworks() []networkallocator.PredefinedNetworkData { + return nil +} diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/networkallocator.go b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/networkallocator.go new file mode 100644 index 0000000000..6d9193b308 --- /dev/null +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/networkallocator.go @@ -0,0 +1,957 @@ +package cnmallocator + +import ( + "fmt" + "net" + "strings" + + "github.com/docker/docker/pkg/plugingetter" + "github.com/docker/libnetwork/datastore" + "github.com/docker/libnetwork/driverapi" + "github.com/docker/libnetwork/drvregistry" + "github.com/docker/libnetwork/ipamapi" + "github.com/docker/libnetwork/netlabel" + "github.com/docker/swarmkit/api" + "github.com/docker/swarmkit/log" + "github.com/docker/swarmkit/manager/allocator/networkallocator" + "github.com/pkg/errors" + "golang.org/x/net/context" +) + +const ( + // DefaultDriver defines the name of the driver to be used by + // default if a network without any driver name specified is + // created. + DefaultDriver = "overlay" +) + +// cnmNetworkAllocator acts as the controller for all network related operations +// like managing network and IPAM drivers and also creating and +// deleting networks and the associated resources. +type cnmNetworkAllocator struct { + // The driver register which manages all internal and external + // IPAM and network drivers. + drvRegistry *drvregistry.DrvRegistry + + // The port allocator instance for allocating node ports + portAllocator *portAllocator + + // Local network state used by cnmNetworkAllocator to do network management. + networks map[string]*network + + // Allocator state to indicate if allocation has been + // successfully completed for this service. + services map[string]struct{} + + // Allocator state to indicate if allocation has been + // successfully completed for this task. + tasks map[string]struct{} + + // Allocator state to indicate if allocation has been + // successfully completed for this node. + nodes map[string]struct{} +} + +// Local in-memory state related to network that need to be tracked by cnmNetworkAllocator +type network struct { + // A local cache of the store object. + nw *api.Network + + // pools is used to save the internal poolIDs needed when + // releasing the pool. + pools map[string]string + + // endpoints is a map of endpoint IP to the poolID from which it + // was allocated. + endpoints map[string]string + + // isNodeLocal indicates whether the scope of the network's resources + // is local to the node. If true, it means the resources can only be + // allocated locally by the node where the network will be deployed. + // In this the swarm manager will skip the allocations. + isNodeLocal bool +} + +type networkDriver struct { + driver driverapi.Driver + name string + capability *driverapi.Capability +} + +type initializer struct { + fn drvregistry.InitFunc + ntype string +} + +// New returns a new NetworkAllocator handle +func New(pg plugingetter.PluginGetter) (networkallocator.NetworkAllocator, error) { + na := &cnmNetworkAllocator{ + networks: make(map[string]*network), + services: make(map[string]struct{}), + tasks: make(map[string]struct{}), + nodes: make(map[string]struct{}), + } + + // There are no driver configurations and notification + // functions as of now. + reg, err := drvregistry.New(nil, nil, nil, nil, pg) + if err != nil { + return nil, err + } + + if err := initializeDrivers(reg); err != nil { + return nil, err + } + + if err = initIPAMDrivers(reg); err != nil { + return nil, err + } + + pa, err := newPortAllocator() + if err != nil { + return nil, err + } + + na.portAllocator = pa + na.drvRegistry = reg + return na, nil +} + +// Allocate allocates all the necessary resources both general +// and driver-specific which may be specified in the NetworkSpec +func (na *cnmNetworkAllocator) Allocate(n *api.Network) error { + if _, ok := na.networks[n.ID]; ok { + return fmt.Errorf("network %s already allocated", n.ID) + } + + d, err := na.resolveDriver(n) + if err != nil { + return err + } + + nw := &network{ + nw: n, + endpoints: make(map[string]string), + isNodeLocal: d.capability.DataScope == datastore.LocalScope, + } + + // No swarm-level allocation can be provided by the network driver for + // node-local networks. Only thing needed is populating the driver's name + // in the driver's state. + if nw.isNodeLocal { + n.DriverState = &api.Driver{ + Name: d.name, + } + } else { + nw.pools, err = na.allocatePools(n) + if err != nil { + return errors.Wrapf(err, "failed allocating pools and gateway IP for network %s", n.ID) + } + + if err := na.allocateDriverState(n); err != nil { + na.freePools(n, nw.pools) + return errors.Wrapf(err, "failed while allocating driver state for network %s", n.ID) + } + } + + na.networks[n.ID] = nw + + return nil +} + +func (na *cnmNetworkAllocator) getNetwork(id string) *network { + return na.networks[id] +} + +// Deallocate frees all the general and driver specific resources +// which were assigned to the passed network. +func (na *cnmNetworkAllocator) Deallocate(n *api.Network) error { + localNet := na.getNetwork(n.ID) + if localNet == nil { + return fmt.Errorf("could not get networker state for network %s", n.ID) + } + + // No swarm-level resource deallocation needed for node-local networks + if localNet.isNodeLocal { + delete(na.networks, n.ID) + return nil + } + + if err := na.freeDriverState(n); err != nil { + return errors.Wrapf(err, "failed to free driver state for network %s", n.ID) + } + + delete(na.networks, n.ID) + + return na.freePools(n, localNet.pools) +} + +// AllocateService allocates all the network resources such as virtual +// IP and ports needed by the service. +func (na *cnmNetworkAllocator) AllocateService(s *api.Service) (err error) { + if err = na.portAllocator.serviceAllocatePorts(s); err != nil { + return err + } + defer func() { + if err != nil { + na.DeallocateService(s) + } + }() + + if s.Endpoint == nil { + s.Endpoint = &api.Endpoint{} + } + s.Endpoint.Spec = s.Spec.Endpoint.Copy() + + // If ResolutionMode is DNSRR do not try allocating VIPs, but + // free any VIP from previous state. + if s.Spec.Endpoint != nil && s.Spec.Endpoint.Mode == api.ResolutionModeDNSRoundRobin { + for _, vip := range s.Endpoint.VirtualIPs { + if err := na.deallocateVIP(vip); err != nil { + // don't bail here, deallocate as many as possible. + log.L.WithError(err). + WithField("vip.network", vip.NetworkID). + WithField("vip.addr", vip.Addr).Error("error deallocating vip") + } + } + + s.Endpoint.VirtualIPs = nil + + delete(na.services, s.ID) + return nil + } + + specNetworks := serviceNetworks(s) + + // Allocate VIPs for all the pre-populated endpoint attachments + eVIPs := s.Endpoint.VirtualIPs[:0] + +vipLoop: + for _, eAttach := range s.Endpoint.VirtualIPs { + if na.IsVIPOnIngressNetwork(eAttach) && networkallocator.IsIngressNetworkNeeded(s) { + if err = na.allocateVIP(eAttach); err != nil { + return err + } + eVIPs = append(eVIPs, eAttach) + continue vipLoop + + } + for _, nAttach := range specNetworks { + if nAttach.Target == eAttach.NetworkID { + if err = na.allocateVIP(eAttach); err != nil { + return err + } + eVIPs = append(eVIPs, eAttach) + continue vipLoop + } + } + // If the network of the VIP is not part of the service spec, + // deallocate the vip + na.deallocateVIP(eAttach) + } + +networkLoop: + for _, nAttach := range specNetworks { + for _, vip := range s.Endpoint.VirtualIPs { + if vip.NetworkID == nAttach.Target { + continue networkLoop + } + } + + vip := &api.Endpoint_VirtualIP{NetworkID: nAttach.Target} + if err = na.allocateVIP(vip); err != nil { + return err + } + + eVIPs = append(eVIPs, vip) + } + + if len(eVIPs) > 0 { + na.services[s.ID] = struct{}{} + } else { + delete(na.services, s.ID) + } + + s.Endpoint.VirtualIPs = eVIPs + return nil +} + +// DeallocateService de-allocates all the network resources such as +// virtual IP and ports associated with the service. +func (na *cnmNetworkAllocator) DeallocateService(s *api.Service) error { + if s.Endpoint == nil { + return nil + } + + for _, vip := range s.Endpoint.VirtualIPs { + if err := na.deallocateVIP(vip); err != nil { + // don't bail here, deallocate as many as possible. + log.L.WithError(err). + WithField("vip.network", vip.NetworkID). + WithField("vip.addr", vip.Addr).Error("error deallocating vip") + } + } + s.Endpoint.VirtualIPs = nil + + na.portAllocator.serviceDeallocatePorts(s) + delete(na.services, s.ID) + + return nil +} + +// IsAllocated returns if the passed network has been allocated or not. +func (na *cnmNetworkAllocator) IsAllocated(n *api.Network) bool { + _, ok := na.networks[n.ID] + return ok +} + +// IsTaskAllocated returns if the passed task has its network resources allocated or not. +func (na *cnmNetworkAllocator) IsTaskAllocated(t *api.Task) bool { + // If the task is not found in the allocated set, then it is + // not allocated. + if _, ok := na.tasks[t.ID]; !ok { + return false + } + + // If Networks is empty there is no way this Task is allocated. + if len(t.Networks) == 0 { + return false + } + + // To determine whether the task has its resources allocated, + // we just need to look at one global scope network (in case of + // multi-network attachment). This is because we make sure we + // allocate for every network or we allocate for none. + + // Find the first global scope network + for _, nAttach := range t.Networks { + // If the network is not allocated, the task cannot be allocated. + localNet, ok := na.networks[nAttach.Network.ID] + if !ok { + return false + } + + // Nothing else to check for local scope network + if localNet.isNodeLocal { + continue + } + + // Addresses empty. Task is not allocated. + if len(nAttach.Addresses) == 0 { + return false + } + + // The allocated IP address not found in local endpoint state. Not allocated. + if _, ok := localNet.endpoints[nAttach.Addresses[0]]; !ok { + return false + } + } + + return true +} + +// HostPublishPortsNeedUpdate returns true if the passed service needs +// allocations for its published ports in host (non ingress) mode +func (na *cnmNetworkAllocator) HostPublishPortsNeedUpdate(s *api.Service) bool { + return na.portAllocator.hostPublishPortsNeedUpdate(s) +} + +// IsServiceAllocated returns false if the passed service needs to have network resources allocated/updated. +func (na *cnmNetworkAllocator) IsServiceAllocated(s *api.Service, flags ...func(*networkallocator.ServiceAllocationOpts)) bool { + var options networkallocator.ServiceAllocationOpts + for _, flag := range flags { + flag(&options) + } + + specNetworks := serviceNetworks(s) + + // If endpoint mode is VIP and allocator does not have the + // service in VIP allocated set then it needs to be allocated. + if len(specNetworks) != 0 && + (s.Spec.Endpoint == nil || + s.Spec.Endpoint.Mode == api.ResolutionModeVirtualIP) { + + if _, ok := na.services[s.ID]; !ok { + return false + } + + if s.Endpoint == nil || len(s.Endpoint.VirtualIPs) == 0 { + return false + } + + // If the spec has networks which don't have a corresponding VIP, + // the service needs to be allocated. + networkLoop: + for _, net := range specNetworks { + for _, vip := range s.Endpoint.VirtualIPs { + if vip.NetworkID == net.Target { + continue networkLoop + } + } + return false + } + } + + // If the spec no longer has networks attached and has a vip allocated + // from previous spec the service needs to allocated. + if s.Endpoint != nil { + vipLoop: + for _, vip := range s.Endpoint.VirtualIPs { + if na.IsVIPOnIngressNetwork(vip) && networkallocator.IsIngressNetworkNeeded(s) { + continue vipLoop + } + for _, net := range specNetworks { + if vip.NetworkID == net.Target { + continue vipLoop + } + } + return false + } + } + + // If the endpoint mode is DNSRR and allocator has the service + // in VIP allocated set then we return to be allocated to make + // sure the allocator triggers networkallocator to free up the + // resources if any. + if s.Spec.Endpoint != nil && s.Spec.Endpoint.Mode == api.ResolutionModeDNSRoundRobin { + if _, ok := na.services[s.ID]; ok { + return false + } + } + + if (s.Spec.Endpoint != nil && len(s.Spec.Endpoint.Ports) != 0) || + (s.Endpoint != nil && len(s.Endpoint.Ports) != 0) { + return na.portAllocator.isPortsAllocatedOnInit(s, options.OnInit) + } + return true +} + +// IsNodeAllocated returns if the passed node has its network resources allocated or not. +func (na *cnmNetworkAllocator) IsNodeAllocated(node *api.Node) bool { + // If the node is not found in the allocated set, then it is + // not allocated. + if _, ok := na.nodes[node.ID]; !ok { + return false + } + + // If no attachment, not allocated. + if node.Attachment == nil { + return false + } + + // If the network is not allocated, the node cannot be allocated. + localNet, ok := na.networks[node.Attachment.Network.ID] + if !ok { + return false + } + + // Addresses empty, not allocated. + if len(node.Attachment.Addresses) == 0 { + return false + } + + // The allocated IP address not found in local endpoint state. Not allocated. + if _, ok := localNet.endpoints[node.Attachment.Addresses[0]]; !ok { + return false + } + + return true +} + +// AllocateNode allocates the IP addresses for the network to which +// the node is attached. +func (na *cnmNetworkAllocator) AllocateNode(node *api.Node) error { + if err := na.allocateNetworkIPs(node.Attachment); err != nil { + return err + } + + na.nodes[node.ID] = struct{}{} + return nil +} + +// DeallocateNode deallocates the IP addresses for the network to +// which the node is attached. +func (na *cnmNetworkAllocator) DeallocateNode(node *api.Node) error { + delete(na.nodes, node.ID) + return na.releaseEndpoints([]*api.NetworkAttachment{node.Attachment}) +} + +// AllocateTask allocates all the endpoint resources for all the +// networks that a task is attached to. +func (na *cnmNetworkAllocator) AllocateTask(t *api.Task) error { + for i, nAttach := range t.Networks { + if localNet := na.getNetwork(nAttach.Network.ID); localNet != nil && localNet.isNodeLocal { + continue + } + if err := na.allocateNetworkIPs(nAttach); err != nil { + if err := na.releaseEndpoints(t.Networks[:i]); err != nil { + log.G(context.TODO()).WithError(err).Errorf("Failed to release IP addresses while rolling back allocation for task %s network %s", t.ID, nAttach.Network.ID) + } + return errors.Wrapf(err, "failed to allocate network IP for task %s network %s", t.ID, nAttach.Network.ID) + } + } + + na.tasks[t.ID] = struct{}{} + + return nil +} + +// DeallocateTask releases all the endpoint resources for all the +// networks that a task is attached to. +func (na *cnmNetworkAllocator) DeallocateTask(t *api.Task) error { + delete(na.tasks, t.ID) + return na.releaseEndpoints(t.Networks) +} + +func (na *cnmNetworkAllocator) releaseEndpoints(networks []*api.NetworkAttachment) error { + for _, nAttach := range networks { + localNet := na.getNetwork(nAttach.Network.ID) + if localNet == nil { + return fmt.Errorf("could not find network allocator state for network %s", nAttach.Network.ID) + } + + if localNet.isNodeLocal { + continue + } + + ipam, _, _, err := na.resolveIPAM(nAttach.Network) + if err != nil { + return errors.Wrap(err, "failed to resolve IPAM while releasing") + } + + // Do not fail and bail out if we fail to release IP + // address here. Keep going and try releasing as many + // addresses as possible. + for _, addr := range nAttach.Addresses { + // Retrieve the poolID and immediately nuke + // out the mapping. + poolID := localNet.endpoints[addr] + delete(localNet.endpoints, addr) + + ip, _, err := net.ParseCIDR(addr) + if err != nil { + log.G(context.TODO()).Errorf("Could not parse IP address %s while releasing", addr) + continue + } + + if err := ipam.ReleaseAddress(poolID, ip); err != nil { + log.G(context.TODO()).WithError(err).Errorf("IPAM failure while releasing IP address %s", addr) + } + } + + // Clear out the address list when we are done with + // this network. + nAttach.Addresses = nil + } + + return nil +} + +// allocate virtual IP for a single endpoint attachment of the service. +func (na *cnmNetworkAllocator) allocateVIP(vip *api.Endpoint_VirtualIP) error { + localNet := na.getNetwork(vip.NetworkID) + if localNet == nil { + return errors.New("networkallocator: could not find local network state") + } + + if localNet.isNodeLocal { + return nil + } + + // If this IP is already allocated in memory we don't need to + // do anything. + if _, ok := localNet.endpoints[vip.Addr]; ok { + return nil + } + + ipam, _, _, err := na.resolveIPAM(localNet.nw) + if err != nil { + return errors.Wrap(err, "failed to resolve IPAM while allocating") + } + + var addr net.IP + if vip.Addr != "" { + var err error + + addr, _, err = net.ParseCIDR(vip.Addr) + if err != nil { + return err + } + } + + for _, poolID := range localNet.pools { + ip, _, err := ipam.RequestAddress(poolID, addr, nil) + if err != nil && err != ipamapi.ErrNoAvailableIPs && err != ipamapi.ErrIPOutOfRange { + return errors.Wrap(err, "could not allocate VIP from IPAM") + } + + // If we got an address then we are done. + if err == nil { + ipStr := ip.String() + localNet.endpoints[ipStr] = poolID + vip.Addr = ipStr + return nil + } + } + + return errors.New("could not find an available IP while allocating VIP") +} + +func (na *cnmNetworkAllocator) deallocateVIP(vip *api.Endpoint_VirtualIP) error { + localNet := na.getNetwork(vip.NetworkID) + if localNet == nil { + return errors.New("networkallocator: could not find local network state") + } + if localNet.isNodeLocal { + return nil + } + ipam, _, _, err := na.resolveIPAM(localNet.nw) + if err != nil { + return errors.Wrap(err, "failed to resolve IPAM while allocating") + } + + // Retrieve the poolID and immediately nuke + // out the mapping. + poolID := localNet.endpoints[vip.Addr] + delete(localNet.endpoints, vip.Addr) + + ip, _, err := net.ParseCIDR(vip.Addr) + if err != nil { + log.G(context.TODO()).Errorf("Could not parse VIP address %s while releasing", vip.Addr) + return err + } + + if err := ipam.ReleaseAddress(poolID, ip); err != nil { + log.G(context.TODO()).WithError(err).Errorf("IPAM failure while releasing VIP address %s", vip.Addr) + return err + } + + return nil +} + +// allocate the IP addresses for a single network attachment of the task. +func (na *cnmNetworkAllocator) allocateNetworkIPs(nAttach *api.NetworkAttachment) error { + var ip *net.IPNet + + ipam, _, _, err := na.resolveIPAM(nAttach.Network) + if err != nil { + return errors.Wrap(err, "failed to resolve IPAM while allocating") + } + + localNet := na.getNetwork(nAttach.Network.ID) + if localNet == nil { + return fmt.Errorf("could not find network allocator state for network %s", nAttach.Network.ID) + } + + addresses := nAttach.Addresses + if len(addresses) == 0 { + addresses = []string{""} + } + + for i, rawAddr := range addresses { + var addr net.IP + if rawAddr != "" { + var err error + addr, _, err = net.ParseCIDR(rawAddr) + if err != nil { + addr = net.ParseIP(rawAddr) + + if addr == nil { + return errors.Wrapf(err, "could not parse address string %s", rawAddr) + } + } + } + + for _, poolID := range localNet.pools { + var err error + + ip, _, err = ipam.RequestAddress(poolID, addr, nil) + if err != nil && err != ipamapi.ErrNoAvailableIPs && err != ipamapi.ErrIPOutOfRange { + return errors.Wrap(err, "could not allocate IP from IPAM") + } + + // If we got an address then we are done. + if err == nil { + ipStr := ip.String() + localNet.endpoints[ipStr] = poolID + addresses[i] = ipStr + nAttach.Addresses = addresses + return nil + } + } + } + + return errors.New("could not find an available IP") +} + +func (na *cnmNetworkAllocator) freeDriverState(n *api.Network) error { + d, err := na.resolveDriver(n) + if err != nil { + return err + } + + return d.driver.NetworkFree(n.ID) +} + +func (na *cnmNetworkAllocator) allocateDriverState(n *api.Network) error { + d, err := na.resolveDriver(n) + if err != nil { + return err + } + + options := make(map[string]string) + // reconcile the driver specific options from the network spec + // and from the operational state retrieved from the store + if n.Spec.DriverConfig != nil { + for k, v := range n.Spec.DriverConfig.Options { + options[k] = v + } + } + if n.DriverState != nil { + for k, v := range n.DriverState.Options { + options[k] = v + } + } + + // Construct IPAM data for driver consumption. + ipv4Data := make([]driverapi.IPAMData, 0, len(n.IPAM.Configs)) + for _, ic := range n.IPAM.Configs { + if ic.Family == api.IPAMConfig_IPV6 { + continue + } + + _, subnet, err := net.ParseCIDR(ic.Subnet) + if err != nil { + return errors.Wrapf(err, "error parsing subnet %s while allocating driver state", ic.Subnet) + } + + gwIP := net.ParseIP(ic.Gateway) + gwNet := &net.IPNet{ + IP: gwIP, + Mask: subnet.Mask, + } + + data := driverapi.IPAMData{ + Pool: subnet, + Gateway: gwNet, + } + + ipv4Data = append(ipv4Data, data) + } + + ds, err := d.driver.NetworkAllocate(n.ID, options, ipv4Data, nil) + if err != nil { + return err + } + + // Update network object with the obtained driver state. + n.DriverState = &api.Driver{ + Name: d.name, + Options: ds, + } + + return nil +} + +// Resolve network driver +func (na *cnmNetworkAllocator) resolveDriver(n *api.Network) (*networkDriver, error) { + dName := DefaultDriver + if n.Spec.DriverConfig != nil && n.Spec.DriverConfig.Name != "" { + dName = n.Spec.DriverConfig.Name + } + + d, drvcap := na.drvRegistry.Driver(dName) + if d == nil { + var err error + err = na.loadDriver(dName) + if err != nil { + return nil, err + } + + d, drvcap = na.drvRegistry.Driver(dName) + if d == nil { + return nil, fmt.Errorf("could not resolve network driver %s", dName) + } + } + + return &networkDriver{driver: d, capability: drvcap, name: dName}, nil +} + +func (na *cnmNetworkAllocator) loadDriver(name string) error { + pg := na.drvRegistry.GetPluginGetter() + if pg == nil { + return errors.New("plugin store is uninitialized") + } + _, err := pg.Get(name, driverapi.NetworkPluginEndpointType, plugingetter.Lookup) + return err +} + +// Resolve the IPAM driver +func (na *cnmNetworkAllocator) resolveIPAM(n *api.Network) (ipamapi.Ipam, string, map[string]string, error) { + dName := ipamapi.DefaultIPAM + if n.Spec.IPAM != nil && n.Spec.IPAM.Driver != nil && n.Spec.IPAM.Driver.Name != "" { + dName = n.Spec.IPAM.Driver.Name + } + + var dOptions map[string]string + if n.Spec.IPAM != nil && n.Spec.IPAM.Driver != nil && len(n.Spec.IPAM.Driver.Options) != 0 { + dOptions = n.Spec.IPAM.Driver.Options + } + + ipam, _ := na.drvRegistry.IPAM(dName) + if ipam == nil { + return nil, "", nil, fmt.Errorf("could not resolve IPAM driver %s", dName) + } + + return ipam, dName, dOptions, nil +} + +func (na *cnmNetworkAllocator) freePools(n *api.Network, pools map[string]string) error { + ipam, _, _, err := na.resolveIPAM(n) + if err != nil { + return errors.Wrapf(err, "failed to resolve IPAM while freeing pools for network %s", n.ID) + } + + releasePools(ipam, n.IPAM.Configs, pools) + return nil +} + +func releasePools(ipam ipamapi.Ipam, icList []*api.IPAMConfig, pools map[string]string) { + for _, ic := range icList { + if err := ipam.ReleaseAddress(pools[ic.Subnet], net.ParseIP(ic.Gateway)); err != nil { + log.G(context.TODO()).WithError(err).Errorf("Failed to release address %s", ic.Subnet) + } + } + + for k, p := range pools { + if err := ipam.ReleasePool(p); err != nil { + log.G(context.TODO()).WithError(err).Errorf("Failed to release pool %s", k) + } + } +} + +func (na *cnmNetworkAllocator) allocatePools(n *api.Network) (map[string]string, error) { + ipam, dName, dOptions, err := na.resolveIPAM(n) + if err != nil { + return nil, err + } + + // We don't support user defined address spaces yet so just + // retrieve default address space names for the driver. + _, asName, err := na.drvRegistry.IPAMDefaultAddressSpaces(dName) + if err != nil { + return nil, err + } + + pools := make(map[string]string) + + var ipamConfigs []*api.IPAMConfig + + // If there is non-nil IPAM state always prefer those subnet + // configs over Spec configs. + if n.IPAM != nil { + ipamConfigs = n.IPAM.Configs + } else if n.Spec.IPAM != nil { + ipamConfigs = make([]*api.IPAMConfig, len(n.Spec.IPAM.Configs)) + copy(ipamConfigs, n.Spec.IPAM.Configs) + } + + // Append an empty slot for subnet allocation if there are no + // IPAM configs from either spec or state. + if len(ipamConfigs) == 0 { + ipamConfigs = append(ipamConfigs, &api.IPAMConfig{Family: api.IPAMConfig_IPV4}) + } + + // Update the runtime IPAM configurations with initial state + n.IPAM = &api.IPAMOptions{ + Driver: &api.Driver{Name: dName, Options: dOptions}, + Configs: ipamConfigs, + } + + for i, ic := range ipamConfigs { + poolID, poolIP, meta, err := ipam.RequestPool(asName, ic.Subnet, ic.Range, dOptions, false) + if err != nil { + // Rollback by releasing all the resources allocated so far. + releasePools(ipam, ipamConfigs[:i], pools) + return nil, err + } + pools[poolIP.String()] = poolID + + // The IPAM contract allows the IPAM driver to autonomously + // provide a network gateway in response to the pool request. + // But if the network spec contains a gateway, we will allocate + // it irrespective of whether the ipam driver returned one already. + // If none of the above is true, we need to allocate one now, and + // let the driver know this request is for the network gateway. + var ( + gwIP *net.IPNet + ip net.IP + ) + if gws, ok := meta[netlabel.Gateway]; ok { + if ip, gwIP, err = net.ParseCIDR(gws); err != nil { + return nil, fmt.Errorf("failed to parse gateway address (%v) returned by ipam driver: %v", gws, err) + } + gwIP.IP = ip + } + if ic.Gateway != "" || gwIP == nil { + gwIP, _, err = ipam.RequestAddress(poolID, net.ParseIP(ic.Gateway), map[string]string{ipamapi.RequestAddressType: netlabel.Gateway}) + if err != nil { + // Rollback by releasing all the resources allocated so far. + releasePools(ipam, ipamConfigs[:i], pools) + return nil, err + } + } + + if ic.Subnet == "" { + ic.Subnet = poolIP.String() + } + + if ic.Gateway == "" { + ic.Gateway = gwIP.IP.String() + } + + } + + return pools, nil +} + +func initializeDrivers(reg *drvregistry.DrvRegistry) error { + for _, i := range initializers { + if err := reg.AddDriver(i.ntype, i.fn, nil); err != nil { + return err + } + } + return nil +} + +func serviceNetworks(s *api.Service) []*api.NetworkAttachmentConfig { + // Always prefer NetworkAttachmentConfig in the TaskSpec + if len(s.Spec.Task.Networks) == 0 && len(s.Spec.Networks) != 0 { + return s.Spec.Networks + } + return s.Spec.Task.Networks +} + +// IsVIPOnIngressNetwork check if the vip is in ingress network +func (na *cnmNetworkAllocator) IsVIPOnIngressNetwork(vip *api.Endpoint_VirtualIP) bool { + if vip == nil { + return false + } + + localNet := na.getNetwork(vip.NetworkID) + if localNet != nil && localNet.nw != nil { + return networkallocator.IsIngressNetwork(localNet.nw) + } + return false +} + +// IsBuiltInDriver returns whether the passed driver is an internal network driver +func IsBuiltInDriver(name string) bool { + n := strings.ToLower(name) + for _, d := range initializers { + if n == d.ntype { + return true + } + } + return false +} diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/portallocator.go b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/portallocator.go similarity index 99% rename from components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/portallocator.go rename to components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/portallocator.go index af8126ea25..b09ac47c79 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/portallocator.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/cnmallocator/portallocator.go @@ -1,4 +1,4 @@ -package networkallocator +package cnmallocator import ( "fmt" diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/network.go b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/network.go index 23d3f6f0a1..1675dbe249 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/network.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/network.go @@ -7,6 +7,7 @@ import ( "github.com/docker/go-events" "github.com/docker/swarmkit/api" "github.com/docker/swarmkit/log" + "github.com/docker/swarmkit/manager/allocator/cnmallocator" "github.com/docker/swarmkit/manager/allocator/networkallocator" "github.com/docker/swarmkit/manager/state" "github.com/docker/swarmkit/manager/state/store" @@ -34,7 +35,7 @@ type networkContext struct { ingressNetwork *api.Network // Instance of the low-level network allocator which performs // the actual network allocation. - nwkAllocator *networkallocator.NetworkAllocator + nwkAllocator networkallocator.NetworkAllocator // A set of tasks which are ready to be allocated as a batch. This is // distinct from "unallocatedTasks" which are tasks that failed to @@ -61,7 +62,7 @@ type networkContext struct { } func (a *Allocator) doNetworkInit(ctx context.Context) (err error) { - na, err := networkallocator.New(a.pluginGetter) + na, err := cnmallocator.New(a.pluginGetter) if err != nil { return err } @@ -145,110 +146,31 @@ func (a *Allocator) doNetworkInit(ctx context.Context) (err error) { log.G(ctx).WithError(err).Error("failed committing allocation of networks during init") } - // Allocate nodes in the store so far before we process watched events, - // if the ingress network is present. + // First, allocate objects that already have addresses associated with + // them, to reserve these IP addresses in internal state. if nc.ingressNetwork != nil { - if err := a.allocateNodes(ctx); err != nil { + if err := a.allocateNodes(ctx, true); err != nil { return err } } - - // Allocate services in the store so far before we process watched events. - var services []*api.Service - a.store.View(func(tx store.ReadTx) { - services, err = store.FindServices(tx, store.All) - }) - if err != nil { - return errors.Wrap(err, "error listing all services in store while trying to allocate during init") + if err := a.allocateServices(ctx, true); err != nil { + return err + } + if err := a.allocateTasks(ctx, true); err != nil { + return err } - var allocatedServices []*api.Service - for _, s := range services { - if !nc.nwkAllocator.ServiceNeedsAllocation(s, networkallocator.OnInit) { - continue - } - - if err := a.allocateService(ctx, s); err != nil { - log.G(ctx).WithError(err).Errorf("failed allocating service %s during init", s.ID) - continue - } - allocatedServices = append(allocatedServices, s) - } - - if err := a.store.Batch(func(batch *store.Batch) error { - for _, s := range allocatedServices { - if err := a.commitAllocatedService(ctx, batch, s); err != nil { - log.G(ctx).WithError(err).Errorf("failed committing allocation of service %s during init", s.ID) - } - } - return nil - }); err != nil { - log.G(ctx).WithError(err).Error("failed committing allocation of services during init") - } - - // Allocate tasks in the store so far before we started watching. - var ( - tasks []*api.Task - allocatedTasks []*api.Task - ) - a.store.View(func(tx store.ReadTx) { - tasks, err = store.FindTasks(tx, store.All) - }) - if err != nil { - return errors.Wrap(err, "error listing all tasks in store while trying to allocate during init") - } - - for _, t := range tasks { - if t.Status.State > api.TaskStateRunning { - continue - } - - var s *api.Service - if t.ServiceID != "" { - a.store.View(func(tx store.ReadTx) { - s = store.GetService(tx, t.ServiceID) - }) - } - - // Populate network attachments in the task - // based on service spec. - a.taskCreateNetworkAttachments(t, s) - - if taskReadyForNetworkVote(t, s, nc) { - if t.Status.State >= api.TaskStatePending { - continue - } - - if a.taskAllocateVote(networkVoter, t.ID) { - // If the task is not attached to any network, network - // allocators job is done. Immediately cast a vote so - // that the task can be moved to the PENDING state as - // soon as possible. - updateTaskStatus(t, api.TaskStatePending, allocatedStatusMessage) - allocatedTasks = append(allocatedTasks, t) - } - continue - } - - err := a.allocateTask(ctx, t) - if err == nil { - allocatedTasks = append(allocatedTasks, t) - } else if err != errNoChanges { - log.G(ctx).WithError(err).Errorf("failed allocating task %s during init", t.ID) - nc.unallocatedTasks[t.ID] = t + // Now allocate objects that don't have addresses yet. + if nc.ingressNetwork != nil { + if err := a.allocateNodes(ctx, false); err != nil { + return err } } - - if err := a.store.Batch(func(batch *store.Batch) error { - for _, t := range allocatedTasks { - if err := a.commitAllocatedTask(ctx, batch, t); err != nil { - log.G(ctx).WithError(err).Errorf("failed committing allocation of task %s during init", t.ID) - } - } - - return nil - }); err != nil { - log.G(ctx).WithError(err).Error("failed committing allocation of tasks during init") + if err := a.allocateServices(ctx, false); err != nil { + return err + } + if err := a.allocateTasks(ctx, false); err != nil { + return err } return nil @@ -283,7 +205,7 @@ func (a *Allocator) doNetworkAlloc(ctx context.Context, ev events.Event) { if IsIngressNetwork(n) { nc.ingressNetwork = n - err := a.allocateNodes(ctx) + err := a.allocateNodes(ctx, false) if err != nil { log.G(ctx).WithError(err).Error(err) } @@ -317,7 +239,7 @@ func (a *Allocator) doNetworkAlloc(ctx context.Context, ev events.Event) { break } - if !nc.nwkAllocator.ServiceNeedsAllocation(s) { + if nc.nwkAllocator.IsServiceAllocated(s) { break } @@ -345,7 +267,7 @@ func (a *Allocator) doNetworkAlloc(ctx context.Context, ev events.Event) { break } - if !nc.nwkAllocator.ServiceNeedsAllocation(s) { + if nc.nwkAllocator.IsServiceAllocated(s) { if !nc.nwkAllocator.HostPublishPortsNeedUpdate(s) { break } @@ -368,7 +290,7 @@ func (a *Allocator) doNetworkAlloc(ctx context.Context, ev events.Event) { case api.EventDeleteService: s := v.Service.Copy() - if err := nc.nwkAllocator.ServiceDeallocate(s); err != nil { + if err := nc.nwkAllocator.DeallocateService(s); err != nil { log.G(ctx).WithError(err).Errorf("Failed deallocation during delete of service %s", s.ID) } @@ -455,7 +377,7 @@ func (a *Allocator) doNodeAlloc(ctx context.Context, ev events.Event) { } } -func (a *Allocator) allocateNodes(ctx context.Context) error { +func (a *Allocator) allocateNodes(ctx context.Context, existingAddressesOnly bool) error { // Allocate nodes in the store so far before we process watched events. var ( allocatedNodes []*api.Node @@ -480,6 +402,10 @@ func (a *Allocator) allocateNodes(ctx context.Context) error { node.Attachment = &api.NetworkAttachment{} } + if existingAddressesOnly && len(node.Attachment.Addresses) == 0 { + continue + } + node.Attachment.Network = nc.ingressNetwork.Copy() if err := a.allocateNode(ctx, node); err != nil { log.G(ctx).WithError(err).Errorf("Failed to allocate network resources for node %s", node.ID) @@ -534,6 +460,138 @@ func (a *Allocator) deallocateNodes(ctx context.Context) error { return nil } +// allocateServices allocates services in the store so far before we process +// watched events. +func (a *Allocator) allocateServices(ctx context.Context, existingAddressesOnly bool) error { + var ( + nc = a.netCtx + services []*api.Service + err error + ) + a.store.View(func(tx store.ReadTx) { + services, err = store.FindServices(tx, store.All) + }) + if err != nil { + return errors.Wrap(err, "error listing all services in store while trying to allocate during init") + } + + var allocatedServices []*api.Service + for _, s := range services { + if nc.nwkAllocator.IsServiceAllocated(s, networkallocator.OnInit) { + continue + } + + if existingAddressesOnly && + (s.Endpoint == nil || + len(s.Endpoint.VirtualIPs) == 0) { + continue + } + + if err := a.allocateService(ctx, s); err != nil { + log.G(ctx).WithError(err).Errorf("failed allocating service %s during init", s.ID) + continue + } + allocatedServices = append(allocatedServices, s) + } + + if err := a.store.Batch(func(batch *store.Batch) error { + for _, s := range allocatedServices { + if err := a.commitAllocatedService(ctx, batch, s); err != nil { + log.G(ctx).WithError(err).Errorf("failed committing allocation of service %s during init", s.ID) + } + } + return nil + }); err != nil { + log.G(ctx).WithError(err).Error("failed committing allocation of services during init") + } + + return nil +} + +// allocateTasks allocates tasks in the store so far before we started watching. +func (a *Allocator) allocateTasks(ctx context.Context, existingAddressesOnly bool) error { + var ( + nc = a.netCtx + tasks []*api.Task + allocatedTasks []*api.Task + err error + ) + a.store.View(func(tx store.ReadTx) { + tasks, err = store.FindTasks(tx, store.All) + }) + if err != nil { + return errors.Wrap(err, "error listing all tasks in store while trying to allocate during init") + } + + for _, t := range tasks { + if t.Status.State > api.TaskStateRunning { + continue + } + + if existingAddressesOnly { + hasAddresses := false + for _, nAttach := range t.Networks { + if len(nAttach.Addresses) != 0 { + hasAddresses = true + break + } + } + if !hasAddresses { + continue + } + } + + var s *api.Service + if t.ServiceID != "" { + a.store.View(func(tx store.ReadTx) { + s = store.GetService(tx, t.ServiceID) + }) + } + + // Populate network attachments in the task + // based on service spec. + a.taskCreateNetworkAttachments(t, s) + + if taskReadyForNetworkVote(t, s, nc) { + if t.Status.State >= api.TaskStatePending { + continue + } + + if a.taskAllocateVote(networkVoter, t.ID) { + // If the task is not attached to any network, network + // allocators job is done. Immediately cast a vote so + // that the task can be moved to the PENDING state as + // soon as possible. + updateTaskStatus(t, api.TaskStatePending, allocatedStatusMessage) + allocatedTasks = append(allocatedTasks, t) + } + continue + } + + err := a.allocateTask(ctx, t) + if err == nil { + allocatedTasks = append(allocatedTasks, t) + } else if err != errNoChanges { + log.G(ctx).WithError(err).Errorf("failed allocating task %s during init", t.ID) + nc.unallocatedTasks[t.ID] = t + } + } + + if err := a.store.Batch(func(batch *store.Batch) error { + for _, t := range allocatedTasks { + if err := a.commitAllocatedTask(ctx, batch, t); err != nil { + log.G(ctx).WithError(err).Errorf("failed committing allocation of task %s during init", t.ID) + } + } + + return nil + }); err != nil { + log.G(ctx).WithError(err).Error("failed committing allocation of tasks during init") + } + + return nil +} + // taskReadyForNetworkVote checks if the task is ready for a network // vote to move it to PENDING state. func taskReadyForNetworkVote(t *api.Task, s *api.Service, nc *networkContext) bool { @@ -544,7 +602,7 @@ func taskReadyForNetworkVote(t *api.Task, s *api.Service, nc *networkContext) bo // network configured or service endpoints have been // allocated. return (len(t.Networks) == 0 || nc.nwkAllocator.IsTaskAllocated(t)) && - (s == nil || !nc.nwkAllocator.ServiceNeedsAllocation(s)) + (s == nil || nc.nwkAllocator.IsServiceAllocated(s)) } func taskUpdateNetworks(t *api.Task, networks []*api.NetworkAttachment) { @@ -774,12 +832,12 @@ func (a *Allocator) allocateService(ctx context.Context, s *api.Service) error { } else if s.Endpoint != nil { // service has no user-defined endpoints while has already allocated network resources, // need deallocated. - if err := nc.nwkAllocator.ServiceDeallocate(s); err != nil { + if err := nc.nwkAllocator.DeallocateService(s); err != nil { return err } } - if err := nc.nwkAllocator.ServiceAllocate(s); err != nil { + if err := nc.nwkAllocator.AllocateService(s); err != nil { nc.unallocatedServices[s.ID] = s return err } @@ -814,7 +872,7 @@ func (a *Allocator) commitAllocatedService(ctx context.Context, batch *store.Bat return errors.Wrapf(err, "failed updating state in store transaction for service %s", s.ID) }); err != nil { - if err := a.netCtx.nwkAllocator.ServiceDeallocate(s); err != nil { + if err := a.netCtx.nwkAllocator.DeallocateService(s); err != nil { log.G(ctx).WithError(err).Errorf("failed rolling back allocation of service %s", s.ID) } @@ -869,7 +927,7 @@ func (a *Allocator) allocateTask(ctx context.Context, t *api.Task) (err error) { return } - if nc.nwkAllocator.ServiceNeedsAllocation(s) { + if !nc.nwkAllocator.IsServiceAllocated(s) { err = fmt.Errorf("service %s to which this task %s belongs has pending allocations", s.ID, t.ID) return } @@ -986,7 +1044,7 @@ func (a *Allocator) procUnallocatedServices(ctx context.Context) { nc := a.netCtx var allocatedServices []*api.Service for _, s := range nc.unallocatedServices { - if nc.nwkAllocator.ServiceNeedsAllocation(s) { + if !nc.nwkAllocator.IsServiceAllocated(s) { if err := a.allocateService(ctx, s); err != nil { log.G(ctx).WithError(err).Debugf("Failed allocation of unallocated service %s", s.ID) continue @@ -1071,6 +1129,16 @@ func (a *Allocator) procTasksNetwork(ctx context.Context, onRetry bool) { } } +// IsBuiltInNetworkDriver returns whether the passed driver is an internal network driver +func IsBuiltInNetworkDriver(name string) bool { + return cnmallocator.IsBuiltInDriver(name) +} + +// PredefinedNetworks returns the list of predefined network structures for a given network model +func PredefinedNetworks() []networkallocator.PredefinedNetworkData { + return cnmallocator.PredefinedNetworks() +} + // updateTaskStatus sets TaskStatus and updates timestamp. func updateTaskStatus(t *api.Task, newStatus api.TaskState, message string) { t.Status.State = newStatus diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_unsupported.go b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_unsupported.go deleted file mode 100644 index 5facfdc7f4..0000000000 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_unsupported.go +++ /dev/null @@ -1,10 +0,0 @@ -// +build !linux,!darwin,!windows - -package networkallocator - -const initializers = nil - -// PredefinedNetworks returns the list of predefined network structures -func PredefinedNetworks() []PredefinedNetworkData { - return nil -} diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/networkallocator.go b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/networkallocator.go index a2fda20348..04dd168126 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/networkallocator.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/networkallocator.go @@ -1,91 +1,15 @@ package networkallocator import ( - "fmt" - "net" - "strings" - - "github.com/docker/docker/pkg/plugingetter" - "github.com/docker/libnetwork/datastore" - "github.com/docker/libnetwork/driverapi" - "github.com/docker/libnetwork/drvregistry" - "github.com/docker/libnetwork/ipamapi" - "github.com/docker/libnetwork/netlabel" "github.com/docker/swarmkit/api" - "github.com/docker/swarmkit/log" - "github.com/pkg/errors" - "golang.org/x/net/context" ) const ( - // DefaultDriver defines the name of the driver to be used by - // default if a network without any driver name specified is - // created. - DefaultDriver = "overlay" - // PredefinedLabel identifies internally allocated swarm networks // corresponding to the node-local predefined networks on the host. PredefinedLabel = "com.docker.swarm.predefined" ) -// NetworkAllocator acts as the controller for all network related operations -// like managing network and IPAM drivers and also creating and -// deleting networks and the associated resources. -type NetworkAllocator struct { - // The driver register which manages all internal and external - // IPAM and network drivers. - drvRegistry *drvregistry.DrvRegistry - - // The port allocator instance for allocating node ports - portAllocator *portAllocator - - // Local network state used by NetworkAllocator to do network management. - networks map[string]*network - - // Allocator state to indicate if allocation has been - // successfully completed for this service. - services map[string]struct{} - - // Allocator state to indicate if allocation has been - // successfully completed for this task. - tasks map[string]struct{} - - // Allocator state to indicate if allocation has been - // successfully completed for this node. - nodes map[string]struct{} -} - -// Local in-memory state related to network that need to be tracked by NetworkAllocator -type network struct { - // A local cache of the store object. - nw *api.Network - - // pools is used to save the internal poolIDs needed when - // releasing the pool. - pools map[string]string - - // endpoints is a map of endpoint IP to the poolID from which it - // was allocated. - endpoints map[string]string - - // isNodeLocal indicates whether the scope of the network's resources - // is local to the node. If true, it means the resources can only be - // allocated locally by the node where the network will be deployed. - // In this the swarm manager will skip the allocations. - isNodeLocal bool -} - -type networkDriver struct { - driver driverapi.Driver - name string - capability *driverapi.Capability -} - -type initializer struct { - fn drvregistry.InitFunc - ntype string -} - // PredefinedNetworkData contains the minimum set of data needed // to create the correspondent predefined network object in the store. type PredefinedNetworkData struct { @@ -93,280 +17,8 @@ type PredefinedNetworkData struct { Driver string } -// New returns a new NetworkAllocator handle -func New(pg plugingetter.PluginGetter) (*NetworkAllocator, error) { - na := &NetworkAllocator{ - networks: make(map[string]*network), - services: make(map[string]struct{}), - tasks: make(map[string]struct{}), - nodes: make(map[string]struct{}), - } - - // There are no driver configurations and notification - // functions as of now. - reg, err := drvregistry.New(nil, nil, nil, nil, pg) - if err != nil { - return nil, err - } - - if err := initializeDrivers(reg); err != nil { - return nil, err - } - - if err = initIPAMDrivers(reg); err != nil { - return nil, err - } - - pa, err := newPortAllocator() - if err != nil { - return nil, err - } - - na.portAllocator = pa - na.drvRegistry = reg - return na, nil -} - -// Allocate allocates all the necessary resources both general -// and driver-specific which may be specified in the NetworkSpec -func (na *NetworkAllocator) Allocate(n *api.Network) error { - if _, ok := na.networks[n.ID]; ok { - return fmt.Errorf("network %s already allocated", n.ID) - } - - d, err := na.resolveDriver(n) - if err != nil { - return err - } - - nw := &network{ - nw: n, - endpoints: make(map[string]string), - isNodeLocal: d.capability.DataScope == datastore.LocalScope, - } - - // No swarm-level allocation can be provided by the network driver for - // node-local networks. Only thing needed is populating the driver's name - // in the driver's state. - if nw.isNodeLocal { - n.DriverState = &api.Driver{ - Name: d.name, - } - } else { - nw.pools, err = na.allocatePools(n) - if err != nil { - return errors.Wrapf(err, "failed allocating pools and gateway IP for network %s", n.ID) - } - - if err := na.allocateDriverState(n); err != nil { - na.freePools(n, nw.pools) - return errors.Wrapf(err, "failed while allocating driver state for network %s", n.ID) - } - } - - na.networks[n.ID] = nw - - return nil -} - -func (na *NetworkAllocator) getNetwork(id string) *network { - return na.networks[id] -} - -// Deallocate frees all the general and driver specific resources -// which were assigned to the passed network. -func (na *NetworkAllocator) Deallocate(n *api.Network) error { - localNet := na.getNetwork(n.ID) - if localNet == nil { - return fmt.Errorf("could not get networker state for network %s", n.ID) - } - - // No swarm-level resource deallocation needed for node-local networks - if localNet.isNodeLocal { - delete(na.networks, n.ID) - return nil - } - - if err := na.freeDriverState(n); err != nil { - return errors.Wrapf(err, "failed to free driver state for network %s", n.ID) - } - - delete(na.networks, n.ID) - - return na.freePools(n, localNet.pools) -} - -// ServiceAllocate allocates all the network resources such as virtual -// IP and ports needed by the service. -func (na *NetworkAllocator) ServiceAllocate(s *api.Service) (err error) { - if err = na.portAllocator.serviceAllocatePorts(s); err != nil { - return err - } - defer func() { - if err != nil { - na.ServiceDeallocate(s) - } - }() - - if s.Endpoint == nil { - s.Endpoint = &api.Endpoint{} - } - s.Endpoint.Spec = s.Spec.Endpoint.Copy() - - // If ResolutionMode is DNSRR do not try allocating VIPs, but - // free any VIP from previous state. - if s.Spec.Endpoint != nil && s.Spec.Endpoint.Mode == api.ResolutionModeDNSRoundRobin { - for _, vip := range s.Endpoint.VirtualIPs { - if err := na.deallocateVIP(vip); err != nil { - // don't bail here, deallocate as many as possible. - log.L.WithError(err). - WithField("vip.network", vip.NetworkID). - WithField("vip.addr", vip.Addr).Error("error deallocating vip") - } - } - - s.Endpoint.VirtualIPs = nil - - delete(na.services, s.ID) - return nil - } - - specNetworks := serviceNetworks(s) - - // Allocate VIPs for all the pre-populated endpoint attachments - eVIPs := s.Endpoint.VirtualIPs[:0] - -vipLoop: - for _, eAttach := range s.Endpoint.VirtualIPs { - if na.IsVIPOnIngressNetwork(eAttach) && IsIngressNetworkNeeded(s) { - if err = na.allocateVIP(eAttach); err != nil { - return err - } - eVIPs = append(eVIPs, eAttach) - continue vipLoop - - } - for _, nAttach := range specNetworks { - if nAttach.Target == eAttach.NetworkID { - if err = na.allocateVIP(eAttach); err != nil { - return err - } - eVIPs = append(eVIPs, eAttach) - continue vipLoop - } - } - // If the network of the VIP is not part of the service spec, - // deallocate the vip - na.deallocateVIP(eAttach) - } - -networkLoop: - for _, nAttach := range specNetworks { - for _, vip := range s.Endpoint.VirtualIPs { - if vip.NetworkID == nAttach.Target { - continue networkLoop - } - } - - vip := &api.Endpoint_VirtualIP{NetworkID: nAttach.Target} - if err = na.allocateVIP(vip); err != nil { - return err - } - - eVIPs = append(eVIPs, vip) - } - - if len(eVIPs) > 0 { - na.services[s.ID] = struct{}{} - } else { - delete(na.services, s.ID) - } - - s.Endpoint.VirtualIPs = eVIPs - return nil -} - -// ServiceDeallocate de-allocates all the network resources such as -// virtual IP and ports associated with the service. -func (na *NetworkAllocator) ServiceDeallocate(s *api.Service) error { - if s.Endpoint == nil { - return nil - } - - for _, vip := range s.Endpoint.VirtualIPs { - if err := na.deallocateVIP(vip); err != nil { - // don't bail here, deallocate as many as possible. - log.L.WithError(err). - WithField("vip.network", vip.NetworkID). - WithField("vip.addr", vip.Addr).Error("error deallocating vip") - } - } - s.Endpoint.VirtualIPs = nil - - na.portAllocator.serviceDeallocatePorts(s) - delete(na.services, s.ID) - - return nil -} - -// IsAllocated returns if the passed network has been allocated or not. -func (na *NetworkAllocator) IsAllocated(n *api.Network) bool { - _, ok := na.networks[n.ID] - return ok -} - -// IsTaskAllocated returns if the passed task has its network resources allocated or not. -func (na *NetworkAllocator) IsTaskAllocated(t *api.Task) bool { - // If the task is not found in the allocated set, then it is - // not allocated. - if _, ok := na.tasks[t.ID]; !ok { - return false - } - - // If Networks is empty there is no way this Task is allocated. - if len(t.Networks) == 0 { - return false - } - - // To determine whether the task has its resources allocated, - // we just need to look at one global scope network (in case of - // multi-network attachment). This is because we make sure we - // allocate for every network or we allocate for none. - - // Find the first global scope network - for _, nAttach := range t.Networks { - // If the network is not allocated, the task cannot be allocated. - localNet, ok := na.networks[nAttach.Network.ID] - if !ok { - return false - } - - // Nothing else to check for local scope network - if localNet.isNodeLocal { - continue - } - - // Addresses empty. Task is not allocated. - if len(nAttach.Addresses) == 0 { - return false - } - - // The allocated IP address not found in local endpoint state. Not allocated. - if _, ok := localNet.endpoints[nAttach.Addresses[0]]; !ok { - return false - } - } - - return true -} - -// HostPublishPortsNeedUpdate returns true if the passed service needs -// allocations for its published ports in host (non ingress) mode -func (na *NetworkAllocator) HostPublishPortsNeedUpdate(s *api.Service) bool { - return na.portAllocator.hostPublishPortsNeedUpdate(s) -} - -// ServiceAllocationOpts is struct used for functional options in IsServiceAllocated +// ServiceAllocationOpts is struct used for functional options in +// IsServiceAllocated type ServiceAllocationOpts struct { OnInit bool } @@ -376,593 +28,74 @@ func OnInit(options *ServiceAllocationOpts) { options.OnInit = true } -// ServiceNeedsAllocation returns true if the passed service needs to have network resources allocated/updated. -func (na *NetworkAllocator) ServiceNeedsAllocation(s *api.Service, flags ...func(*ServiceAllocationOpts)) bool { - var options ServiceAllocationOpts - for _, flag := range flags { - flag(&options) - } - - specNetworks := serviceNetworks(s) - - // If endpoint mode is VIP and allocator does not have the - // service in VIP allocated set then it needs to be allocated. - if len(specNetworks) != 0 && - (s.Spec.Endpoint == nil || - s.Spec.Endpoint.Mode == api.ResolutionModeVirtualIP) { - - if _, ok := na.services[s.ID]; !ok { - return true - } - - if s.Endpoint == nil || len(s.Endpoint.VirtualIPs) == 0 { - return true - } - - // If the spec has networks which don't have a corresponding VIP, - // the service needs to be allocated. - networkLoop: - for _, net := range specNetworks { - for _, vip := range s.Endpoint.VirtualIPs { - if vip.NetworkID == net.Target { - continue networkLoop - } - } - return true - } - } - - // If the spec no longer has networks attached and has a vip allocated - // from previous spec the service needs to allocated. - if s.Endpoint != nil { - vipLoop: - for _, vip := range s.Endpoint.VirtualIPs { - if na.IsVIPOnIngressNetwork(vip) && IsIngressNetworkNeeded(s) { - continue vipLoop - } - for _, net := range specNetworks { - if vip.NetworkID == net.Target { - continue vipLoop - } - } - return true - } - } - - // If the endpoint mode is DNSRR and allocator has the service - // in VIP allocated set then we return to be allocated to make - // sure the allocator triggers networkallocator to free up the - // resources if any. - if s.Spec.Endpoint != nil && s.Spec.Endpoint.Mode == api.ResolutionModeDNSRoundRobin { - if _, ok := na.services[s.ID]; ok { - return true - } - } - - if (s.Spec.Endpoint != nil && len(s.Spec.Endpoint.Ports) != 0) || - (s.Endpoint != nil && len(s.Endpoint.Ports) != 0) { - return !na.portAllocator.isPortsAllocatedOnInit(s, options.OnInit) - } - return false -} - -// IsNodeAllocated returns if the passed node has its network resources allocated or not. -func (na *NetworkAllocator) IsNodeAllocated(node *api.Node) bool { - // If the node is not found in the allocated set, then it is - // not allocated. - if _, ok := na.nodes[node.ID]; !ok { - return false - } - - // If no attachment, not allocated. - if node.Attachment == nil { - return false - } - - // If the network is not allocated, the node cannot be allocated. - localNet, ok := na.networks[node.Attachment.Network.ID] - if !ok { - return false - } - - // Addresses empty, not allocated. - if len(node.Attachment.Addresses) == 0 { - return false - } - - // The allocated IP address not found in local endpoint state. Not allocated. - if _, ok := localNet.endpoints[node.Attachment.Addresses[0]]; !ok { - return false - } - - return true -} - -// AllocateNode allocates the IP addresses for the network to which -// the node is attached. -func (na *NetworkAllocator) AllocateNode(node *api.Node) error { - if err := na.allocateNetworkIPs(node.Attachment); err != nil { - return err - } - - na.nodes[node.ID] = struct{}{} - return nil -} - -// DeallocateNode deallocates the IP addresses for the network to -// which the node is attached. -func (na *NetworkAllocator) DeallocateNode(node *api.Node) error { - delete(na.nodes, node.ID) - return na.releaseEndpoints([]*api.NetworkAttachment{node.Attachment}) -} - -// AllocateTask allocates all the endpoint resources for all the -// networks that a task is attached to. -func (na *NetworkAllocator) AllocateTask(t *api.Task) error { - for i, nAttach := range t.Networks { - if localNet := na.getNetwork(nAttach.Network.ID); localNet != nil && localNet.isNodeLocal { - continue - } - if err := na.allocateNetworkIPs(nAttach); err != nil { - if err := na.releaseEndpoints(t.Networks[:i]); err != nil { - log.G(context.TODO()).WithError(err).Errorf("Failed to release IP addresses while rolling back allocation for task %s network %s", t.ID, nAttach.Network.ID) - } - return errors.Wrapf(err, "failed to allocate network IP for task %s network %s", t.ID, nAttach.Network.ID) - } - } - - na.tasks[t.ID] = struct{}{} - - return nil -} - -// DeallocateTask releases all the endpoint resources for all the -// networks that a task is attached to. -func (na *NetworkAllocator) DeallocateTask(t *api.Task) error { - delete(na.tasks, t.ID) - return na.releaseEndpoints(t.Networks) -} - -func (na *NetworkAllocator) releaseEndpoints(networks []*api.NetworkAttachment) error { - for _, nAttach := range networks { - localNet := na.getNetwork(nAttach.Network.ID) - if localNet == nil { - return fmt.Errorf("could not find network allocator state for network %s", nAttach.Network.ID) - } - - if localNet.isNodeLocal { - continue - } - - ipam, _, _, err := na.resolveIPAM(nAttach.Network) - if err != nil { - return errors.Wrap(err, "failed to resolve IPAM while releasing") - } - - // Do not fail and bail out if we fail to release IP - // address here. Keep going and try releasing as many - // addresses as possible. - for _, addr := range nAttach.Addresses { - // Retrieve the poolID and immediately nuke - // out the mapping. - poolID := localNet.endpoints[addr] - delete(localNet.endpoints, addr) - - ip, _, err := net.ParseCIDR(addr) - if err != nil { - log.G(context.TODO()).Errorf("Could not parse IP address %s while releasing", addr) - continue - } - - if err := ipam.ReleaseAddress(poolID, ip); err != nil { - log.G(context.TODO()).WithError(err).Errorf("IPAM failure while releasing IP address %s", addr) - } - } - - // Clear out the address list when we are done with - // this network. - nAttach.Addresses = nil - } - - return nil -} - -// allocate virtual IP for a single endpoint attachment of the service. -func (na *NetworkAllocator) allocateVIP(vip *api.Endpoint_VirtualIP) error { - localNet := na.getNetwork(vip.NetworkID) - if localNet == nil { - return errors.New("networkallocator: could not find local network state") - } - - if localNet.isNodeLocal { - return nil - } - - // If this IP is already allocated in memory we don't need to - // do anything. - if _, ok := localNet.endpoints[vip.Addr]; ok { - return nil - } - - ipam, _, _, err := na.resolveIPAM(localNet.nw) - if err != nil { - return errors.Wrap(err, "failed to resolve IPAM while allocating") - } - - var addr net.IP - if vip.Addr != "" { - var err error - - addr, _, err = net.ParseCIDR(vip.Addr) - if err != nil { - return err - } - } - - for _, poolID := range localNet.pools { - ip, _, err := ipam.RequestAddress(poolID, addr, nil) - if err != nil && err != ipamapi.ErrNoAvailableIPs && err != ipamapi.ErrIPOutOfRange { - return errors.Wrap(err, "could not allocate VIP from IPAM") - } - - // If we got an address then we are done. - if err == nil { - ipStr := ip.String() - localNet.endpoints[ipStr] = poolID - vip.Addr = ipStr - return nil - } - } - - return errors.New("could not find an available IP while allocating VIP") -} - -func (na *NetworkAllocator) deallocateVIP(vip *api.Endpoint_VirtualIP) error { - localNet := na.getNetwork(vip.NetworkID) - if localNet == nil { - return errors.New("networkallocator: could not find local network state") - } - if localNet.isNodeLocal { - return nil - } - ipam, _, _, err := na.resolveIPAM(localNet.nw) - if err != nil { - return errors.Wrap(err, "failed to resolve IPAM while allocating") - } - - // Retrieve the poolID and immediately nuke - // out the mapping. - poolID := localNet.endpoints[vip.Addr] - delete(localNet.endpoints, vip.Addr) - - ip, _, err := net.ParseCIDR(vip.Addr) - if err != nil { - log.G(context.TODO()).Errorf("Could not parse VIP address %s while releasing", vip.Addr) - return err - } - - if err := ipam.ReleaseAddress(poolID, ip); err != nil { - log.G(context.TODO()).WithError(err).Errorf("IPAM failure while releasing VIP address %s", vip.Addr) - return err - } - - return nil -} - -// allocate the IP addresses for a single network attachment of the task. -func (na *NetworkAllocator) allocateNetworkIPs(nAttach *api.NetworkAttachment) error { - var ip *net.IPNet - - ipam, _, _, err := na.resolveIPAM(nAttach.Network) - if err != nil { - return errors.Wrap(err, "failed to resolve IPAM while allocating") - } - - localNet := na.getNetwork(nAttach.Network.ID) - if localNet == nil { - return fmt.Errorf("could not find network allocator state for network %s", nAttach.Network.ID) - } - - addresses := nAttach.Addresses - if len(addresses) == 0 { - addresses = []string{""} - } - - for i, rawAddr := range addresses { - var addr net.IP - if rawAddr != "" { - var err error - addr, _, err = net.ParseCIDR(rawAddr) - if err != nil { - addr = net.ParseIP(rawAddr) - - if addr == nil { - return errors.Wrapf(err, "could not parse address string %s", rawAddr) - } - } - } - - for _, poolID := range localNet.pools { - var err error - - ip, _, err = ipam.RequestAddress(poolID, addr, nil) - if err != nil && err != ipamapi.ErrNoAvailableIPs && err != ipamapi.ErrIPOutOfRange { - return errors.Wrap(err, "could not allocate IP from IPAM") - } - - // If we got an address then we are done. - if err == nil { - ipStr := ip.String() - localNet.endpoints[ipStr] = poolID - addresses[i] = ipStr - nAttach.Addresses = addresses - return nil - } - } - } - - return errors.New("could not find an available IP") -} - -func (na *NetworkAllocator) freeDriverState(n *api.Network) error { - d, err := na.resolveDriver(n) - if err != nil { - return err - } - - return d.driver.NetworkFree(n.ID) -} - -func (na *NetworkAllocator) allocateDriverState(n *api.Network) error { - d, err := na.resolveDriver(n) - if err != nil { - return err - } - - options := make(map[string]string) - // reconcile the driver specific options from the network spec - // and from the operational state retrieved from the store - if n.Spec.DriverConfig != nil { - for k, v := range n.Spec.DriverConfig.Options { - options[k] = v - } - } - if n.DriverState != nil { - for k, v := range n.DriverState.Options { - options[k] = v - } - } - - // Construct IPAM data for driver consumption. - ipv4Data := make([]driverapi.IPAMData, 0, len(n.IPAM.Configs)) - for _, ic := range n.IPAM.Configs { - if ic.Family == api.IPAMConfig_IPV6 { - continue - } - - _, subnet, err := net.ParseCIDR(ic.Subnet) - if err != nil { - return errors.Wrapf(err, "error parsing subnet %s while allocating driver state", ic.Subnet) - } - - gwIP := net.ParseIP(ic.Gateway) - gwNet := &net.IPNet{ - IP: gwIP, - Mask: subnet.Mask, - } - - data := driverapi.IPAMData{ - Pool: subnet, - Gateway: gwNet, - } - - ipv4Data = append(ipv4Data, data) - } - - ds, err := d.driver.NetworkAllocate(n.ID, options, ipv4Data, nil) - if err != nil { - return err - } - - // Update network object with the obtained driver state. - n.DriverState = &api.Driver{ - Name: d.name, - Options: ds, - } - - return nil -} - -// Resolve network driver -func (na *NetworkAllocator) resolveDriver(n *api.Network) (*networkDriver, error) { - dName := DefaultDriver - if n.Spec.DriverConfig != nil && n.Spec.DriverConfig.Name != "" { - dName = n.Spec.DriverConfig.Name - } - - d, drvcap := na.drvRegistry.Driver(dName) - if d == nil { - var err error - err = na.loadDriver(dName) - if err != nil { - return nil, err - } - - d, drvcap = na.drvRegistry.Driver(dName) - if d == nil { - return nil, fmt.Errorf("could not resolve network driver %s", dName) - } - } - - return &networkDriver{driver: d, capability: drvcap, name: dName}, nil -} - -func (na *NetworkAllocator) loadDriver(name string) error { - pg := na.drvRegistry.GetPluginGetter() - if pg == nil { - return errors.New("plugin store is uninitialized") - } - _, err := pg.Get(name, driverapi.NetworkPluginEndpointType, plugingetter.Lookup) - return err -} - -// Resolve the IPAM driver -func (na *NetworkAllocator) resolveIPAM(n *api.Network) (ipamapi.Ipam, string, map[string]string, error) { - dName := ipamapi.DefaultIPAM - if n.Spec.IPAM != nil && n.Spec.IPAM.Driver != nil && n.Spec.IPAM.Driver.Name != "" { - dName = n.Spec.IPAM.Driver.Name - } - - var dOptions map[string]string - if n.Spec.IPAM != nil && n.Spec.IPAM.Driver != nil && len(n.Spec.IPAM.Driver.Options) != 0 { - dOptions = n.Spec.IPAM.Driver.Options - } - - ipam, _ := na.drvRegistry.IPAM(dName) - if ipam == nil { - return nil, "", nil, fmt.Errorf("could not resolve IPAM driver %s", dName) - } - - return ipam, dName, dOptions, nil -} - -func (na *NetworkAllocator) freePools(n *api.Network, pools map[string]string) error { - ipam, _, _, err := na.resolveIPAM(n) - if err != nil { - return errors.Wrapf(err, "failed to resolve IPAM while freeing pools for network %s", n.ID) - } - - releasePools(ipam, n.IPAM.Configs, pools) - return nil -} - -func releasePools(ipam ipamapi.Ipam, icList []*api.IPAMConfig, pools map[string]string) { - for _, ic := range icList { - if err := ipam.ReleaseAddress(pools[ic.Subnet], net.ParseIP(ic.Gateway)); err != nil { - log.G(context.TODO()).WithError(err).Errorf("Failed to release address %s", ic.Subnet) - } - } - - for k, p := range pools { - if err := ipam.ReleasePool(p); err != nil { - log.G(context.TODO()).WithError(err).Errorf("Failed to release pool %s", k) - } - } -} - -func (na *NetworkAllocator) allocatePools(n *api.Network) (map[string]string, error) { - ipam, dName, dOptions, err := na.resolveIPAM(n) - if err != nil { - return nil, err - } - - // We don't support user defined address spaces yet so just - // retrieve default address space names for the driver. - _, asName, err := na.drvRegistry.IPAMDefaultAddressSpaces(dName) - if err != nil { - return nil, err - } - - pools := make(map[string]string) - - var ipamConfigs []*api.IPAMConfig - - // If there is non-nil IPAM state always prefer those subnet - // configs over Spec configs. - if n.IPAM != nil { - ipamConfigs = n.IPAM.Configs - } else if n.Spec.IPAM != nil { - ipamConfigs = make([]*api.IPAMConfig, len(n.Spec.IPAM.Configs)) - copy(ipamConfigs, n.Spec.IPAM.Configs) - } - - // Append an empty slot for subnet allocation if there are no - // IPAM configs from either spec or state. - if len(ipamConfigs) == 0 { - ipamConfigs = append(ipamConfigs, &api.IPAMConfig{Family: api.IPAMConfig_IPV4}) - } - - // Update the runtime IPAM configurations with initial state - n.IPAM = &api.IPAMOptions{ - Driver: &api.Driver{Name: dName, Options: dOptions}, - Configs: ipamConfigs, - } - - for i, ic := range ipamConfigs { - poolID, poolIP, meta, err := ipam.RequestPool(asName, ic.Subnet, ic.Range, dOptions, false) - if err != nil { - // Rollback by releasing all the resources allocated so far. - releasePools(ipam, ipamConfigs[:i], pools) - return nil, err - } - pools[poolIP.String()] = poolID - - // The IPAM contract allows the IPAM driver to autonomously - // provide a network gateway in response to the pool request. - // But if the network spec contains a gateway, we will allocate - // it irrespective of whether the ipam driver returned one already. - // If none of the above is true, we need to allocate one now, and - // let the driver know this request is for the network gateway. - var ( - gwIP *net.IPNet - ip net.IP - ) - if gws, ok := meta[netlabel.Gateway]; ok { - if ip, gwIP, err = net.ParseCIDR(gws); err != nil { - return nil, fmt.Errorf("failed to parse gateway address (%v) returned by ipam driver: %v", gws, err) - } - gwIP.IP = ip - } - if ic.Gateway != "" || gwIP == nil { - gwIP, _, err = ipam.RequestAddress(poolID, net.ParseIP(ic.Gateway), map[string]string{ipamapi.RequestAddressType: netlabel.Gateway}) - if err != nil { - // Rollback by releasing all the resources allocated so far. - releasePools(ipam, ipamConfigs[:i], pools) - return nil, err - } - } - - if ic.Subnet == "" { - ic.Subnet = poolIP.String() - } - - if ic.Gateway == "" { - ic.Gateway = gwIP.IP.String() - } - - } - - return pools, nil -} - -func initializeDrivers(reg *drvregistry.DrvRegistry) error { - for _, i := range initializers { - if err := reg.AddDriver(i.ntype, i.fn, nil); err != nil { - return err - } - } - return nil -} - -func serviceNetworks(s *api.Service) []*api.NetworkAttachmentConfig { - // Always prefer NetworkAttachmentConfig in the TaskSpec - if len(s.Spec.Task.Networks) == 0 && len(s.Spec.Networks) != 0 { - return s.Spec.Networks - } - return s.Spec.Task.Networks -} - -// IsVIPOnIngressNetwork check if the vip is in ingress network -func (na *NetworkAllocator) IsVIPOnIngressNetwork(vip *api.Endpoint_VirtualIP) bool { - if vip == nil { - return false - } - - localNet := na.getNetwork(vip.NetworkID) - if localNet != nil && localNet.nw != nil { - return IsIngressNetwork(localNet.nw) - } - return false +// NetworkAllocator provides network model specific allocation functionality. +type NetworkAllocator interface { + // + // Network Allocation + // + + // IsAllocated returns if the passed network has been allocated or not. + IsAllocated(n *api.Network) bool + + // Allocate allocates all the necessary resources both general + // and driver-specific which may be specified in the NetworkSpec + Allocate(n *api.Network) error + + // Deallocate frees all the general and driver specific resources + // which were assigned to the passed network. + Deallocate(n *api.Network) error + + // + // Service Allocation + // + + // IsServiceAllocated returns false if the passed service + // needs to have network resources allocated/updated. + IsServiceAllocated(s *api.Service, flags ...func(*ServiceAllocationOpts)) bool + + // AllocateService allocates all the network resources such as virtual + // IP and ports needed by the service. + AllocateService(s *api.Service) (err error) + + // DeallocateService de-allocates all the network resources such as + // virtual IP and ports associated with the service. + DeallocateService(s *api.Service) error + + // HostPublishPortsNeedUpdate returns true if the passed service needs + // allocations for its published ports in host (non ingress) mode + HostPublishPortsNeedUpdate(s *api.Service) bool + + // + // Node Allocation + // + + // IsNodeAllocated returns if the passed node has its network + // resources allocated or not. + IsNodeAllocated(node *api.Node) bool + + // AllocateNode allocates the IP addresses for the network to which + // the node is attached. + AllocateNode(node *api.Node) error + + // DeallocateNode deallocates the IP addresses for the network to + // which the node is attached. + DeallocateNode(node *api.Node) error + + // + // Task Allocation + // + + // IsTaskAllocated returns if the passed task has its network + // resources allocated or not. + IsTaskAllocated(t *api.Task) bool + + // AllocateTask allocates all the endpoint resources for all the + // networks that a task is attached to. + AllocateTask(t *api.Task) error + + // DeallocateTask releases all the endpoint resources for all the + // networks that a task is attached to. + DeallocateTask(t *api.Task) error } // IsIngressNetwork check if the network is an ingress network @@ -997,14 +130,3 @@ func IsIngressNetworkNeeded(s *api.Service) bool { return false } - -// IsBuiltInDriver returns whether the passed driver is an internal network driver -func IsBuiltInDriver(name string) bool { - n := strings.ToLower(name) - for _, d := range initializers { - if n == d.ntype { - return true - } - } - return false -} diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/controlapi/common.go b/components/engine/vendor/github.com/docker/swarmkit/manager/controlapi/common.go index 56f0f8a00d..c01662379e 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/controlapi/common.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/controlapi/common.go @@ -5,9 +5,10 @@ import ( "strings" "github.com/docker/docker/pkg/plugingetter" + "github.com/docker/libnetwork/driverapi" "github.com/docker/libnetwork/ipamapi" "github.com/docker/swarmkit/api" - "github.com/docker/swarmkit/manager/allocator/networkallocator" + "github.com/docker/swarmkit/manager/allocator" "github.com/docker/swarmkit/manager/state/store" "google.golang.org/grpc" "google.golang.org/grpc/codes" @@ -110,10 +111,11 @@ func validateDriver(driver *api.Driver, pg plugingetter.PluginGetter, pluginType if strings.ToLower(driver.Name) == ipamapi.DefaultIPAM { return nil } - default: - if networkallocator.IsBuiltInDriver(driver.Name) { + case driverapi.NetworkPluginEndpointType: + if allocator.IsBuiltInNetworkDriver(driver.Name) { return nil } + default: } if pg == nil { diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/controlapi/service.go b/components/engine/vendor/github.com/docker/swarmkit/manager/controlapi/service.go index ecf79579c6..d556b6c0e7 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/controlapi/service.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/controlapi/service.go @@ -9,6 +9,7 @@ import ( "github.com/docker/distribution/reference" "github.com/docker/swarmkit/api" "github.com/docker/swarmkit/api/defaults" + "github.com/docker/swarmkit/api/genericresource" "github.com/docker/swarmkit/api/naming" "github.com/docker/swarmkit/identity" "github.com/docker/swarmkit/manager/allocator" @@ -42,6 +43,9 @@ func validateResources(r *api.Resources) error { if r.MemoryBytes != 0 && r.MemoryBytes < 4*1024*1024 { return grpc.Errorf(codes.InvalidArgument, "invalid memory value %d: Must be at least 4MiB", r.MemoryBytes) } + if err := genericresource.ValidateTask(r); err != nil { + return nil + } return nil } diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/manager.go b/components/engine/vendor/github.com/docker/swarmkit/manager/manager.go index 005a56c33d..c29e9050b7 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/manager.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/manager.go @@ -217,7 +217,6 @@ func New(config *Config) (*Manager, error) { m := &Manager{ config: *config, - collector: metrics.NewCollector(raftNode.MemoryStore()), caserver: ca.NewServer(raftNode.MemoryStore(), config.SecurityConfig, config.RootCAPaths), dispatcher: dispatcher.New(raftNode, dispatcher.DefaultConfig()), logbroker: logbroker.New(raftNode.MemoryStore()), @@ -502,12 +501,16 @@ func (m *Manager) Run(parent context.Context) error { healthServer.SetServingStatus("Raft", api.HealthCheckResponse_SERVING) if err := m.raftNode.JoinAndStart(ctx); err != nil { + // Don't block future calls to Stop. + close(m.started) return errors.Wrap(err, "can't initialize raft node") } localHealthServer.SetServingStatus("ControlAPI", api.HealthCheckResponse_SERVING) // Start metrics collection. + + m.collector = metrics.NewCollector(m.raftNode.MemoryStore()) go func(collector *metrics.Collector) { if err := collector.Run(ctx); err != nil { log.G(ctx).WithError(err).Error("collector failed with an error") @@ -590,7 +593,10 @@ func (m *Manager) Stop(ctx context.Context, clearData bool) { m.raftNode.Cancel() - m.collector.Stop() + if m.collector != nil { + m.collector.Stop() + } + m.dispatcher.Stop() m.logbroker.Stop() m.caserver.Stop() @@ -944,7 +950,7 @@ func (m *Manager) becomeLeader(ctx context.Context) { // in order to allow running services on the predefined docker // networks like `bridge` and `host`. log.G(ctx).Info("Creating node-local predefined networks") - for _, p := range networkallocator.PredefinedNetworks() { + for _, p := range allocator.PredefinedNetworks() { if err := store.CreateNetwork(tx, newPredefinedNetwork(p.Name, p.Driver)); err != nil { log.G(ctx).WithError(err).Error("failed to create predefined network " + p.Name) } diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/orchestrator/constraintenforcer/constraint_enforcer.go b/components/engine/vendor/github.com/docker/swarmkit/manager/orchestrator/constraintenforcer/constraint_enforcer.go index 06c34d9a21..2978898ccb 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/orchestrator/constraintenforcer/constraint_enforcer.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/orchestrator/constraintenforcer/constraint_enforcer.go @@ -4,6 +4,7 @@ import ( "time" "github.com/docker/swarmkit/api" + "github.com/docker/swarmkit/api/genericresource" "github.com/docker/swarmkit/log" "github.com/docker/swarmkit/manager/constraint" "github.com/docker/swarmkit/manager/state" @@ -83,10 +84,11 @@ func (ce *ConstraintEnforcer) rejectNoncompliantTasks(node *api.Node) { log.L.WithError(err).Errorf("failed to list tasks for node ID %s", node.ID) } - var availableMemoryBytes, availableNanoCPUs int64 + available := &api.Resources{} + var fakeStore []*api.GenericResource + if node.Description != nil && node.Description.Resources != nil { - availableMemoryBytes = node.Description.Resources.MemoryBytes - availableNanoCPUs = node.Description.Resources.NanoCPUs + available = node.Description.Resources.Copy() } removeTasks := make(map[string]*api.Task) @@ -97,6 +99,7 @@ func (ce *ConstraintEnforcer) rejectNoncompliantTasks(node *api.Node) { // a separate pass over the tasks for each type of // resource, and sort by the size of the reservation // to remove the most resource-intensive tasks. +loop: for _, t := range tasks { if t.DesiredState < api.TaskStateAssigned || t.DesiredState > api.TaskStateRunning { continue @@ -115,16 +118,27 @@ func (ce *ConstraintEnforcer) rejectNoncompliantTasks(node *api.Node) { // Ensure that the task assigned to the node // still satisfies the resource limits. if t.Spec.Resources != nil && t.Spec.Resources.Reservations != nil { - if t.Spec.Resources.Reservations.MemoryBytes > availableMemoryBytes { + if t.Spec.Resources.Reservations.MemoryBytes > available.MemoryBytes { removeTasks[t.ID] = t continue } - if t.Spec.Resources.Reservations.NanoCPUs > availableNanoCPUs { + if t.Spec.Resources.Reservations.NanoCPUs > available.NanoCPUs { removeTasks[t.ID] = t continue } - availableMemoryBytes -= t.Spec.Resources.Reservations.MemoryBytes - availableNanoCPUs -= t.Spec.Resources.Reservations.NanoCPUs + for _, ta := range t.AssignedGenericResources { + // Type change or no longer available + if genericresource.HasResource(ta, available.Generic) { + removeTasks[t.ID] = t + break loop + } + } + + available.MemoryBytes -= t.Spec.Resources.Reservations.MemoryBytes + available.NanoCPUs -= t.Spec.Resources.Reservations.NanoCPUs + + genericresource.ClaimResources(&available.Generic, + &fakeStore, t.AssignedGenericResources) } } diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/orchestrator/task.go b/components/engine/vendor/github.com/docker/swarmkit/manager/orchestrator/task.go index 54a069e199..32a22d5f5a 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/orchestrator/task.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/orchestrator/task.go @@ -63,7 +63,7 @@ func IsTaskDirty(s *api.Service, t *api.Task) bool { // If the spec version matches, we know the task is not dirty. However, // if it does not match, that doesn't mean the task is dirty, since // only a portion of the spec is included in the comparison. - if t.SpecVersion != nil && *s.SpecVersion == *t.SpecVersion { + if t.SpecVersion != nil && s.SpecVersion != nil && *s.SpecVersion == *t.SpecVersion { return false } diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/scheduler/filter.go b/components/engine/vendor/github.com/docker/swarmkit/manager/scheduler/filter.go index 2909a648d7..6ce3f2c8b8 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/scheduler/filter.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/scheduler/filter.go @@ -5,6 +5,7 @@ import ( "strings" "github.com/docker/swarmkit/api" + "github.com/docker/swarmkit/api/genericresource" "github.com/docker/swarmkit/manager/constraint" ) @@ -61,9 +62,12 @@ func (f *ResourceFilter) SetTask(t *api.Task) bool { if r == nil || r.Reservations == nil { return false } - if r.Reservations.NanoCPUs == 0 && r.Reservations.MemoryBytes == 0 { + + res := r.Reservations + if res.NanoCPUs == 0 && res.MemoryBytes == 0 && len(res.Generic) == 0 { return false } + f.reservations = r.Reservations return true } @@ -78,6 +82,13 @@ func (f *ResourceFilter) Check(n *NodeInfo) bool { return false } + for _, v := range f.reservations.Generic { + enough, err := genericresource.HasEnough(n.AvailableResources.Generic, v) + if err != nil || !enough { + return false + } + } + return true } @@ -128,6 +139,12 @@ func (f *PluginFilter) SetTask(t *api.Task) bool { // Check returns true if the task can be scheduled into the given node. // TODO(amitshukla): investigate storing Plugins as a map so it can be easily probed func (f *PluginFilter) Check(n *NodeInfo) bool { + if n.Description == nil || n.Description.Engine == nil { + // If the node is not running Engine, plugins are not + // supported. + return true + } + // Get list of plugins on the node nodePlugins := n.Description.Engine.Plugins diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/scheduler/nodeinfo.go b/components/engine/vendor/github.com/docker/swarmkit/manager/scheduler/nodeinfo.go index 25b22d7b15..51322a054d 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/scheduler/nodeinfo.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/scheduler/nodeinfo.go @@ -4,6 +4,7 @@ import ( "time" "github.com/docker/swarmkit/api" + "github.com/docker/swarmkit/api/genericresource" "github.com/docker/swarmkit/log" "golang.org/x/net/context" ) @@ -20,7 +21,7 @@ type NodeInfo struct { Tasks map[string]*api.Task ActiveTasksCount int ActiveTasksCountByService map[string]int - AvailableResources api.Resources + AvailableResources *api.Resources usedHostPorts map[hostPortSpec]struct{} // recentFailures is a map from service ID to the timestamps of the @@ -36,7 +37,7 @@ func newNodeInfo(n *api.Node, tasks map[string]*api.Task, availableResources api Node: n, Tasks: make(map[string]*api.Task), ActiveTasksCountByService: make(map[string]int), - AvailableResources: availableResources, + AvailableResources: availableResources.Copy(), usedHostPorts: make(map[hostPortSpec]struct{}), recentFailures: make(map[string][]time.Time), } @@ -44,6 +45,7 @@ func newNodeInfo(n *api.Node, tasks map[string]*api.Task, availableResources api for _, t := range tasks { nodeInfo.addTask(t) } + return nodeInfo } @@ -62,8 +64,20 @@ func (nodeInfo *NodeInfo) removeTask(t *api.Task) bool { } reservations := taskReservations(t.Spec) - nodeInfo.AvailableResources.MemoryBytes += reservations.MemoryBytes - nodeInfo.AvailableResources.NanoCPUs += reservations.NanoCPUs + resources := nodeInfo.AvailableResources + + resources.MemoryBytes += reservations.MemoryBytes + resources.NanoCPUs += reservations.NanoCPUs + + if nodeInfo.Description == nil || nodeInfo.Description.Resources == nil || + nodeInfo.Description.Resources.Generic == nil { + return true + } + + taskAssigned := t.AssignedGenericResources + nodeAvailableResources := &resources.Generic + nodeRes := nodeInfo.Description.Resources.Generic + genericresource.Reclaim(nodeAvailableResources, taskAssigned, nodeRes) if t.Endpoint != nil { for _, port := range t.Endpoint.Ports { @@ -97,9 +111,18 @@ func (nodeInfo *NodeInfo) addTask(t *api.Task) bool { } nodeInfo.Tasks[t.ID] = t + reservations := taskReservations(t.Spec) - nodeInfo.AvailableResources.MemoryBytes -= reservations.MemoryBytes - nodeInfo.AvailableResources.NanoCPUs -= reservations.NanoCPUs + resources := nodeInfo.AvailableResources + + resources.MemoryBytes -= reservations.MemoryBytes + resources.NanoCPUs -= reservations.NanoCPUs + + // minimum size required + t.AssignedGenericResources = make([]*api.GenericResource, 0, len(resources.Generic)) + taskAssigned := &t.AssignedGenericResources + + genericresource.Claim(&resources.Generic, taskAssigned, reservations.Generic) if t.Endpoint != nil { for _, port := range t.Endpoint.Ports { diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/scheduler/scheduler.go b/components/engine/vendor/github.com/docker/swarmkit/manager/scheduler/scheduler.go index a6479b8834..3e5bbd0870 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/scheduler/scheduler.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/scheduler/scheduler.go @@ -4,6 +4,7 @@ import ( "time" "github.com/docker/swarmkit/api" + "github.com/docker/swarmkit/api/genericresource" "github.com/docker/swarmkit/log" "github.com/docker/swarmkit/manager/state" "github.com/docker/swarmkit/manager/state/store" @@ -297,15 +298,21 @@ func (s *Scheduler) deleteTask(ctx context.Context, t *api.Task) bool { func (s *Scheduler) createOrUpdateNode(n *api.Node) { nodeInfo, _ := s.nodeSet.nodeInfo(n.ID) - var resources api.Resources + var resources *api.Resources if n.Description != nil && n.Description.Resources != nil { - resources = *n.Description.Resources + resources = n.Description.Resources.Copy() // reconcile resources by looping over all tasks in this node for _, task := range nodeInfo.Tasks { reservations := taskReservations(task.Spec) + resources.MemoryBytes -= reservations.MemoryBytes resources.NanoCPUs -= reservations.NanoCPUs + + genericresource.ConsumeNodeResources(&resources.Generic, + task.AssignedGenericResources) } + } else { + resources = &api.Resources{} } nodeInfo.Node = n nodeInfo.AvailableResources = resources diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/state/raft/raft.go b/components/engine/vendor/github.com/docker/swarmkit/manager/state/raft/raft.go index 82a550d0f6..b793374095 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/state/raft/raft.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/state/raft/raft.go @@ -361,7 +361,7 @@ func (n *Node) JoinAndStart(ctx context.Context) (err error) { if err != nil { n.stopMu.Lock() // to shutdown transport - close(n.stopped) + n.cancelFunc() n.stopMu.Unlock() n.done() } else { diff --git a/components/engine/vendor/github.com/docker/swarmkit/node/node.go b/components/engine/vendor/github.com/docker/swarmkit/node/node.go index 6a40a06e16..ab8504c232 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/node/node.go +++ b/components/engine/vendor/github.com/docker/swarmkit/node/node.go @@ -10,6 +10,7 @@ import ( "path/filepath" "reflect" "sort" + "strings" "sync" "time" @@ -33,6 +34,7 @@ import ( "github.com/pkg/errors" "golang.org/x/net/context" "google.golang.org/grpc" + "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials" ) @@ -344,14 +346,14 @@ func (n *Node) run(ctx context.Context) (err error) { log.G(ctx).WithError(err).Error("invalid new root certificate from the dispatcher") continue } - if err := ca.SaveRootCA(newRootCA, paths.RootCA); err != nil { - log.G(ctx).WithError(err).Error("could not save new root certificate from the dispatcher") - continue - } if err := securityConfig.UpdateRootCA(&newRootCA, newRootCA.Pool); err != nil { log.G(ctx).WithError(err).Error("could not use new root CA from dispatcher") continue } + if err := ca.SaveRootCA(newRootCA, paths.RootCA); err != nil { + log.G(ctx).WithError(err).Error("could not save new root certificate from the dispatcher") + continue + } } } } @@ -432,10 +434,10 @@ func (n *Node) run(ctx context.Context) (err error) { }() wg.Wait() - if managerErr != nil && managerErr != context.Canceled { + if managerErr != nil && errors.Cause(managerErr) != context.Canceled { return managerErr } - if agentErr != nil && agentErr != context.Canceled { + if agentErr != nil && errors.Cause(agentErr) != context.Canceled { return agentErr } return err @@ -516,7 +518,7 @@ waitPeer: rootCA := securityConfig.RootCA() issuer := securityConfig.IssuerInfo() - a, err := agent.New(&agent.Config{ + agentConfig := &agent.Config{ Hostname: n.config.Hostname, ConnBroker: n.connBroker, Executor: n.config.Executor, @@ -529,7 +531,14 @@ waitPeer: CertIssuerPublicKey: issuer.PublicKey, CertIssuerSubject: issuer.Subject, }, - }) + } + // if a join address has been specified, then if the agent fails to connect due to a TLS error, fail fast - don't + // keep re-trying to join + if n.config.JoinAddr != "" { + agentConfig.SessionTracker = &firstSessionErrorTracker{} + } + + a, err := agent.New(agentConfig) if err != nil { return err } @@ -1055,3 +1064,37 @@ func (sp sortablePeers) Less(i, j int) bool { return sp[i].NodeID < sp[j].NodeID func (sp sortablePeers) Len() int { return len(sp) } func (sp sortablePeers) Swap(i, j int) { sp[i], sp[j] = sp[j], sp[i] } + +// firstSessionErrorTracker is a utility that helps determine whether the agent should exit after +// a TLS failure on establishing the first session. This should only happen if a join address +// is specified. If establishing the first session succeeds, but later on some session fails +// because of a TLS error, we don't want to exit the agent because a previously successful +// session indicates that the TLS error may be a transient issue. +type firstSessionErrorTracker struct { + mu sync.Mutex + pastFirstSession bool + err error +} + +func (fs *firstSessionErrorTracker) SessionEstablished() { + fs.mu.Lock() + fs.pastFirstSession = true + fs.mu.Unlock() +} + +func (fs *firstSessionErrorTracker) SessionError(err error) { + fs.mu.Lock() + fs.err = err + fs.mu.Unlock() +} + +func (fs *firstSessionErrorTracker) SessionClosed() error { + fs.mu.Lock() + defer fs.mu.Unlock() + // unfortunately grpc connection errors are type grpc.rpcError, which are not exposed, and we can't get at the underlying error type + if !fs.pastFirstSession && grpc.Code(fs.err) == codes.Internal && + strings.HasPrefix(grpc.ErrorDesc(fs.err), "connection error") && strings.Contains(grpc.ErrorDesc(fs.err), "transport: x509:") { + return fs.err + } + return nil +} diff --git a/components/engine/vendor/github.com/docker/swarmkit/vendor.conf b/components/engine/vendor/github.com/docker/swarmkit/vendor.conf index 0fdffeb0d5..6e86d96796 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/vendor.conf +++ b/components/engine/vendor/github.com/docker/swarmkit/vendor.conf @@ -1,8 +1,9 @@ # grpc and protobuf -google.golang.org/grpc v1.0.4 +google.golang.org/grpc v1.3.0 github.com/gogo/protobuf v0.4 -github.com/golang/protobuf 8ee79997227bf9b34611aee7946ae64735e6fd93 +github.com/golang/protobuf 7a211bcf3bce0e3f1d74f9894916e6f116ae83b4 github.com/matttproud/golang_protobuf_extensions v1.0.0 +google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944 # metrics github.com/grpc-ecosystem/go-grpc-prometheus 6b7015e65d366bf3f19b2b2a000a831940f0f7e0 @@ -50,7 +51,7 @@ github.com/spf13/cobra 8e91712f174ced10270cf66615e0a9127e7c4de5 github.com/spf13/pflag 7f60f83a2c81bc3c3c0d5297f61ddfa68da9d3b7 github.com/stretchr/testify v1.1.4 golang.org/x/crypto 3fbbcd23f1cb824e69491a5930cfeff09b12f4d2 -golang.org/x/net c427ad74c6d7a814201695e9ffde0c5d400a7674 +golang.org/x/net 7dcfb8076726a3fdd9353b6b8a1f1b6be6811bd6 golang.org/x/sys 5eaf0df67e70d6997a9fe0ed24383fa1b01638d3 golang.org/x/text f72d8390a633d5dfb0cc84043294db9f6c935756 golang.org/x/time a4bde12657593d5e90d0533a3e4fd95e635124cb From f3ddace46876373f481fbbd4be24d3227b5567b9 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 12 Jun 2017 14:47:27 +0200 Subject: [PATCH 096/191] Use tempdir instead of working directory as build-context The `makefile()` utility was used to create a temporary Dockerfile, and after tests completed, this file was deleted. However, the _build_ used the current path (`/usr/local/bin/docker`) as build-context. As a result, roughtly 20 MB was sent as build-context for each build, but none of the builds actually required a build-context. This patch; - creates a temp-dir for the test, which can be used as build-context - changes the `makefile()` utility and removes the `cleanup` functionality - instead, the `temp-dir` is removed after the test finishes (which also removes the temporary `Dockerfile`) Signed-off-by: Sebastiaan van Stijn Upstream-commit: ebe66b1d0f52dc58a98a428d4efa4d2f2743b96e Component: engine --- .../docker_cli_registry_user_agent_test.go | 15 ++++--- .../docker_cli_v2_only_test.go | 44 ++++++++----------- 2 files changed, 29 insertions(+), 30 deletions(-) diff --git a/components/engine/integration-cli/docker_cli_registry_user_agent_test.go b/components/engine/integration-cli/docker_cli_registry_user_agent_test.go index 9f50aa676a..62ec130e51 100644 --- a/components/engine/integration-cli/docker_cli_registry_user_agent_test.go +++ b/components/engine/integration-cli/docker_cli_registry_user_agent_test.go @@ -2,7 +2,9 @@ package main import ( "fmt" + "io/ioutil" "net/http" + "os" "regexp" "github.com/docker/docker/integration-cli/registry" @@ -100,10 +102,14 @@ func (s *DockerRegistrySuite) TestUserAgentPassThrough(c *check.C) { "--insecure-registry", pushReg.URL(), "--insecure-registry", loginReg.URL()) - dockerfileName, cleanup1, err := makefile(fmt.Sprintf("FROM %s", buildRepoName)) + tmp, err := ioutil.TempDir("", "integration-cli-") + c.Assert(err, check.IsNil) + defer os.RemoveAll(tmp) + + dockerfileName, err := makefile(tmp, fmt.Sprintf("FROM %s", buildRepoName)) c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile")) - defer cleanup1() - s.d.Cmd("build", "--file", dockerfileName, ".") + + s.d.Cmd("build", "--file", dockerfileName, tmp) regexpCheckUA(c, buildUA) s.d.Cmd("login", "-u", "richard", "-p", "testtest", loginReg.URL()) @@ -112,10 +118,9 @@ func (s *DockerRegistrySuite) TestUserAgentPassThrough(c *check.C) { s.d.Cmd("pull", pullRepoName) regexpCheckUA(c, pullUA) - dockerfileName, cleanup2, err := makefile(`FROM scratch + dockerfileName, err = makefile(tmp, `FROM scratch ENV foo bar`) c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile")) - defer cleanup2() s.d.Cmd("build", "-t", pushRepoName, "--file", dockerfileName, ".") s.d.Cmd("push", pushRepoName) diff --git a/components/engine/integration-cli/docker_cli_v2_only_test.go b/components/engine/integration-cli/docker_cli_v2_only_test.go index 3500e787ca..b82cdbde1f 100644 --- a/components/engine/integration-cli/docker_cli_v2_only_test.go +++ b/components/engine/integration-cli/docker_cli_v2_only_test.go @@ -10,28 +10,16 @@ import ( "github.com/go-check/check" ) -func makefile(contents string) (string, func(), error) { - cleanup := func() { - - } - - f, err := ioutil.TempFile(".", "tmp") +func makefile(path string, contents string) (string, error) { + f, err := ioutil.TempFile(path, "tmp") if err != nil { - return "", cleanup, err + return "", err } err = ioutil.WriteFile(f.Name(), []byte(contents), os.ModePerm) if err != nil { - return "", cleanup, err + return "", err } - - cleanup = func() { - err := os.Remove(f.Name()) - if err != nil { - fmt.Println("Error removing tmpfile") - } - } - return f.Name(), cleanup, nil - + return f.Name(), nil } // TestV2Only ensures that a daemon by default does not @@ -53,11 +41,14 @@ func (s *DockerRegistrySuite) TestV2Only(c *check.C) { s.d.Start(c, "--insecure-registry", reg.URL()) - dockerfileName, cleanup, err := makefile(fmt.Sprintf("FROM %s/busybox", reg.URL())) - c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile")) - defer cleanup() + tmp, err := ioutil.TempDir("", "integration-cli-") + c.Assert(err, check.IsNil) + defer os.RemoveAll(tmp) - s.d.Cmd("build", "--file", dockerfileName, ".") + dockerfileName, err := makefile(tmp, fmt.Sprintf("FROM %s/busybox", reg.URL())) + c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile")) + + s.d.Cmd("build", "--file", dockerfileName, tmp) s.d.Cmd("run", repoName) s.d.Cmd("login", "-u", "richard", "-p", "testtest", reg.URL()) @@ -102,11 +93,14 @@ func (s *DockerRegistrySuite) TestV1(c *check.C) { s.d.Start(c, "--insecure-registry", reg.URL(), "--disable-legacy-registry=false") - dockerfileName, cleanup, err := makefile(fmt.Sprintf("FROM %s/busybox", reg.URL())) - c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile")) - defer cleanup() + tmp, err := ioutil.TempDir("", "integration-cli-") + c.Assert(err, check.IsNil) + defer os.RemoveAll(tmp) - s.d.Cmd("build", "--file", dockerfileName, ".") + dockerfileName, err := makefile(tmp, fmt.Sprintf("FROM %s/busybox", reg.URL())) + c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile")) + + s.d.Cmd("build", "--file", dockerfileName, tmp) c.Assert(v1Repo, check.Equals, 1, check.Commentf("Expected v1 repository access after build")) repoName := fmt.Sprintf("%s/busybox", reg.URL()) From 01267bd230e481a2e5fdb241c301a96205fd3281 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 12 Jun 2017 15:02:51 +0200 Subject: [PATCH 097/191] Simplify DockerRegistrySuite.TestUserAgentPassThrough() This patch simplifies the test by; - re-using the registry-mock / handler - skipping the last `docker build`, which was only used to make sure a local image was present. Instead, the daemon is started with a `busybox` image loaded. Also added a comment, explaining why the mock always returns a 404 (hence, error/output-string should not be checked in the test), and made the mock return a valid/correctly formatted error response. Signed-off-by: Sebastiaan van Stijn Upstream-commit: 5d04fe73bf9fa7cff1b99206f39536aed807efb3 Component: engine --- .../docker_cli_registry_user_agent_test.go | 67 ++++++------------- 1 file changed, 21 insertions(+), 46 deletions(-) diff --git a/components/engine/integration-cli/docker_cli_registry_user_agent_test.go b/components/engine/integration-cli/docker_cli_registry_user_agent_test.go index 62ec130e51..6cbe6e7e66 100644 --- a/components/engine/integration-cli/docker_cli_registry_user_agent_test.go +++ b/components/engine/integration-cli/docker_cli_registry_user_agent_test.go @@ -49,9 +49,14 @@ func regexpCheckUA(c *check.C, ua string) { c.Assert(bMatchUpstreamUA, check.Equals, true, check.Commentf("(Upstream) Docker Client User-Agent malformed")) } +// registerUserAgentHandler registers a handler for the `/v2/*` endpoint. +// Note that a 404 is returned to prevent the client to proceed. +// We are only checking if the client sent a valid User Agent string along +// with the request. func registerUserAgentHandler(reg *registry.Mock, result *string) { reg.RegisterHandler("/v2/", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(404) + w.Write([]byte(`{"errors":[{"code": "UNSUPPORTED","message": "this is a mock registry"}]}`)) var ua string for k, v := range r.Header { if k == "User-Agent" { @@ -66,63 +71,33 @@ func registerUserAgentHandler(reg *registry.Mock, result *string) { // a registry, the registry should see a User-Agent string of the form // [docker engine UA] UpstreamClientSTREAM-CLIENT([client UA]) func (s *DockerRegistrySuite) TestUserAgentPassThrough(c *check.C) { - var ( - buildUA string - pullUA string - pushUA string - loginUA string - ) + var ua string - buildReg, err := registry.NewMock(c) - defer buildReg.Close() + reg, err := registry.NewMock(c) + defer reg.Close() c.Assert(err, check.IsNil) - registerUserAgentHandler(buildReg, &buildUA) - buildRepoName := fmt.Sprintf("%s/busybox", buildReg.URL()) + registerUserAgentHandler(reg, &ua) + repoName := fmt.Sprintf("%s/busybox", reg.URL()) - pullReg, err := registry.NewMock(c) - defer pullReg.Close() - c.Assert(err, check.IsNil) - registerUserAgentHandler(pullReg, &pullUA) - pullRepoName := fmt.Sprintf("%s/busybox", pullReg.URL()) - - pushReg, err := registry.NewMock(c) - defer pushReg.Close() - c.Assert(err, check.IsNil) - registerUserAgentHandler(pushReg, &pushUA) - pushRepoName := fmt.Sprintf("%s/busybox", pushReg.URL()) - - loginReg, err := registry.NewMock(c) - defer loginReg.Close() - c.Assert(err, check.IsNil) - registerUserAgentHandler(loginReg, &loginUA) - - s.d.Start(c, - "--insecure-registry", buildReg.URL(), - "--insecure-registry", pullReg.URL(), - "--insecure-registry", pushReg.URL(), - "--insecure-registry", loginReg.URL()) + s.d.StartWithBusybox(c, "--insecure-registry", reg.URL()) tmp, err := ioutil.TempDir("", "integration-cli-") c.Assert(err, check.IsNil) defer os.RemoveAll(tmp) - dockerfileName, err := makefile(tmp, fmt.Sprintf("FROM %s", buildRepoName)) + dockerfile, err := makefile(tmp, fmt.Sprintf("FROM %s", repoName)) c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile")) - s.d.Cmd("build", "--file", dockerfileName, tmp) - regexpCheckUA(c, buildUA) + s.d.Cmd("build", "--file", dockerfile, tmp) + regexpCheckUA(c, ua) - s.d.Cmd("login", "-u", "richard", "-p", "testtest", loginReg.URL()) - regexpCheckUA(c, loginUA) + s.d.Cmd("login", "-u", "richard", "-p", "testtest", reg.URL()) + regexpCheckUA(c, ua) - s.d.Cmd("pull", pullRepoName) - regexpCheckUA(c, pullUA) + s.d.Cmd("pull", repoName) + regexpCheckUA(c, ua) - dockerfileName, err = makefile(tmp, `FROM scratch - ENV foo bar`) - c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile")) - s.d.Cmd("build", "-t", pushRepoName, "--file", dockerfileName, ".") - - s.d.Cmd("push", pushRepoName) - regexpCheckUA(c, pushUA) + s.d.Cmd("tag", "busybox", repoName) + s.d.Cmd("push", repoName) + regexpCheckUA(c, ua) } From e90e6dfee2d1cff3ab7d1094b25843c837eab8a7 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 13 Jun 2017 03:32:48 +0200 Subject: [PATCH 098/191] Disable auto-assigning PR's to milestones Moby and Docker are separate projects, so don't assign docker milestones to pull requests in this repository. Signed-off-by: Sebastiaan van Stijn Upstream-commit: e481509c746bb53c93b11c349f42ed2549ab728c Component: engine --- components/engine/poule.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/components/engine/poule.yml b/components/engine/poule.yml index 0f440437ff..2abf0df7f0 100644 --- a/components/engine/poule.yml +++ b/components/engine/poule.yml @@ -35,12 +35,6 @@ } - type: version-label -# When a pull request is closed, attach it to the currently active milestone. -- triggers: - pull_request: [ closed ] - operations: - - type: version-milestone - # Labeling a PR with `rebuild/` triggers a rebuild job for the associated # configuration. The label is automatically removed after the rebuild is initiated. There's no such # thing as "templating" in this configuration, so we need one operation for each type of From 2a61337b11d34d504493d027d2cdc138a8aa4e6c Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Mon, 12 Jun 2017 19:07:06 -0700 Subject: [PATCH 099/191] Add builder dev report for 2017-06-12 Signed-off-by: Tonis Tiigi Upstream-commit: 810015c5ff04fae45b12bb0a61709aaa4e7f7e41 Component: engine --- .../engine/reports/builder/2017-06-12.md | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 components/engine/reports/builder/2017-06-12.md diff --git a/components/engine/reports/builder/2017-06-12.md b/components/engine/reports/builder/2017-06-12.md new file mode 100644 index 0000000000..df5d801e76 --- /dev/null +++ b/components/engine/reports/builder/2017-06-12.md @@ -0,0 +1,58 @@ +# Development Report for June 12, 2017 + + +### Buildkit + +[Proposal](https://github.com/moby/moby/issues/32925) + +More updates to the [POC repo](https://github.com/tonistiigi/buildkit_poc). It now contains binaries for the daemon and client. Examples directory shows a way for invoking a build job by generating the internal low-level build graph definition with a helper binary(as there is not support for frontends yet). The grpc control server binary can be built in two versions, one that connects to containerD socket and other that doesn't have any external dependencies. + +If you have questions or want to help, stop by the issues section of that repo or the proposal in moby/moby. + +### Typed Dockerfile parsing + +[PR](https://github.com/moby/moby/pull/33492) + +New PR that enables parsing Dockerfiles into typed structures so they can be preprocessed to eliminate unnecessary build stages and reused with different kinds of dispatchers. + +### Long running session & incremental file sending + +[PR ](https://github.com/moby/moby/pull/32677) + +Same status as last week. The PR went through one pass of review from @dnephin and has been rebased again. Maintainers are encouraged to give this one a review so it can be included in `v17.07` release. + + +### Quality: Dependency interface switch + +[Move file copying from the daemon to the builder](https://github.com/moby/moby/pull/33454) PR is waiting for a second review. + +### Proposals for new Dockerfile features that need design feedback: + +[Add IMPORT/EXPORT commands to Dockerfile](https://github.com/moby/moby/issues/32100) + +[Add `DOCKEROS/DOCKERARCH` default ARG to Dockerfile](https://github.com/moby/moby/issues/32487) + +[Add support for `RUN --mount`](https://github.com/moby/moby/issues/32507) + +[DAG image builder](https://github.com/moby/moby/issues/32550) + +[Option to export the hash of the build context](https://github.com/moby/moby/issues/32963) (new) + +[Allow --cache-from=*](https://github.com/moby/moby/issues/33002#issuecomment-299041162) (new) + +[Provide advanced .dockeringore use-cases](https://github.com/moby/moby/issues/12886) [2](https://github.com/moby/moby/issues/12886#issuecomment-306247989) + +If you are interested in implementing any of them, leave a comment on the specific issues. + +### Other builder PRs merged last week + + +### Builder features currently in code-review: + +[Warn/deprecate continuing on empty lines in `Dockerfile`](https://github.com/moby/moby/pull/29161) + +[Fix behavior of absolute paths in .dockerignore](https://github.com/moby/moby/pull/32088) + +### Backlog + +[Build secrets](https://github.com/moby/moby/issues/33343) has not got much traction. If you want this feature to become a reality, please make yourself heard. \ No newline at end of file From 101aa410f324dcd84f63b873d6a576bd0b30149d Mon Sep 17 00:00:00 2001 From: Naveed Jamil Date: Mon, 5 Jun 2017 17:57:49 +0500 Subject: [PATCH 100/191] Added Test Case Coverage for PKG/PROMISE Signed-off-by: Naveed Jamil Upstream-commit: cffa6d52a2819c126517333b8b31337ded5cc0d9 Component: engine --- components/engine/pkg/promise/promise_test.go | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 components/engine/pkg/promise/promise_test.go diff --git a/components/engine/pkg/promise/promise_test.go b/components/engine/pkg/promise/promise_test.go new file mode 100644 index 0000000000..287213b504 --- /dev/null +++ b/components/engine/pkg/promise/promise_test.go @@ -0,0 +1,25 @@ +package promise + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/require" +) + +func TestGo(t *testing.T) { + errCh := Go(functionWithError) + er := <-errCh + require.EqualValues(t, "Error Occurred", er.Error()) + + noErrCh := Go(functionWithNoError) + er = <-noErrCh + require.Nil(t, er) +} + +func functionWithError() (err error) { + return errors.New("Error Occurred") +} +func functionWithNoError() (err error) { + return nil +} From b7238aa6a558fabe3c26bfb2a2a9e778e5622919 Mon Sep 17 00:00:00 2001 From: Simon Ferquel Date: Fri, 5 May 2017 18:03:22 +0200 Subject: [PATCH 101/191] Ignore HNS networks with type Private Fix #33052 (workaround style) **- What I did** HNS reports networks that don't have anything to do with the Daemon, and for which no networking plugin is available. This make the Daemon start sequence pause for 15 secs, as the plugin resolving logic has a wait & retry logic **- How I did it** Just after retrieving the HNS networks, I filter out those with type `Private` **- How to verify it** Replace dockerd coming with Docker for Windows from one built from this PR. Windows containers daemon should now launch pretty quickly Signed-off-by: Simon Ferquel Upstream-commit: b91fd26bb57c94a7ea7f77e5e548233506b78d21 Component: engine --- components/engine/daemon/daemon_windows.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/components/engine/daemon/daemon_windows.go b/components/engine/daemon/daemon_windows.go index efe1b1f6a0..000bf423fa 100644 --- a/components/engine/daemon/daemon_windows.go +++ b/components/engine/daemon/daemon_windows.go @@ -327,6 +327,9 @@ func (daemon *Daemon) initNetworkController(config *config.Config, activeSandbox // discover and add HNS networks to windows // network that exist are removed and added again for _, v := range hnsresponse { + if strings.ToLower(v.Type) == "private" { + continue // workaround for HNS reporting unsupported networks + } var n libnetwork.Network s := func(current libnetwork.Network) bool { options := current.Info().DriverOptions() From da632307b9e0fb13628f4400f779a25643abd90d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 12 Jun 2017 16:10:15 +0200 Subject: [PATCH 102/191] Make TestServiceCreateCompatiblePlatforms use actual API response The `TestServiceCreateCompatiblePlatforms()` test was confusing, because it did not actually use the mocked API response, but used a local `distributionInspectBody` variable to verify that the `/distribution/` endpoint was called. This flow was especially confusing, because a comment in the test describes; "check if the /distribution endpoint returned correct output" If (for whatever reason), the endpoint was not called, the test would panic, because the `distributionInspectBody` would not be set. This patch rewrites the test to use the actual API response that is returned by the mock, and verifies that the information returned by the `/distribution/` endpoint is properly used in the service's definition. Signed-off-by: Sebastiaan van Stijn Upstream-commit: f3fce00ef3f3b7ead5ac211f9aafabfebf820c2f Component: engine --- .../engine/client/service_create_test.go | 51 +++++++++---------- 1 file changed, 23 insertions(+), 28 deletions(-) diff --git a/components/engine/client/service_create_test.go b/components/engine/client/service_create_test.go index 0604794953..eb9e1b59df 100644 --- a/components/engine/client/service_create_test.go +++ b/components/engine/client/service_create_test.go @@ -4,7 +4,6 @@ import ( "bytes" "encoding/json" "fmt" - "io" "io/ioutil" "net/http" "strings" @@ -15,6 +14,7 @@ import ( "github.com/docker/docker/api/types/swarm" "github.com/opencontainers/go-digest" "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/stretchr/testify/assert" "golang.org/x/net/context" ) @@ -61,27 +61,24 @@ func TestServiceCreate(t *testing.T) { } func TestServiceCreateCompatiblePlatforms(t *testing.T) { - var ( - platforms []v1.Platform - distributionInspectBody io.ReadCloser - distributionInspect registrytypes.DistributionInspect - ) - client := &Client{ version: "1.30", client: newMockClient(func(req *http.Request) (*http.Response, error) { if strings.HasPrefix(req.URL.Path, "/v1.30/services/create") { + var serviceSpec swarm.ServiceSpec + // check if the /distribution endpoint returned correct output - err := json.NewDecoder(distributionInspectBody).Decode(&distributionInspect) + err := json.NewDecoder(req.Body).Decode(&serviceSpec) if err != nil { return nil, err } - if len(distributionInspect.Platforms) == 0 || distributionInspect.Platforms[0].Architecture != platforms[0].Architecture || distributionInspect.Platforms[0].OS != platforms[0].OS { - return nil, fmt.Errorf("received incorrect platform information from registry") - } + assert.Equal(t, "foobar:1.0@sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96", serviceSpec.TaskTemplate.ContainerSpec.Image) + assert.Len(t, serviceSpec.TaskTemplate.Placement.Platforms, 1) + + p := serviceSpec.TaskTemplate.Placement.Platforms[0] b, err := json.Marshal(types.ServiceCreateResponse{ - ID: "service_" + platforms[0].Architecture, + ID: "service_" + p.OS + "_" + p.Architecture, }) if err != nil { return nil, err @@ -91,20 +88,20 @@ func TestServiceCreateCompatiblePlatforms(t *testing.T) { Body: ioutil.NopCloser(bytes.NewReader(b)), }, nil } else if strings.HasPrefix(req.URL.Path, "/v1.30/distribution/") { - platforms = []v1.Platform{ - { - Architecture: "amd64", - OS: "linux", - }, - } b, err := json.Marshal(registrytypes.DistributionInspect{ - Descriptor: v1.Descriptor{}, - Platforms: platforms, + Descriptor: v1.Descriptor{ + Digest: "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96", + }, + Platforms: []v1.Platform{ + { + Architecture: "amd64", + OS: "linux", + }, + }, }) if err != nil { return nil, err } - distributionInspectBody = ioutil.NopCloser(bytes.NewReader(b)) return &http.Response{ StatusCode: http.StatusOK, Body: ioutil.NopCloser(bytes.NewReader(b)), @@ -115,13 +112,11 @@ func TestServiceCreateCompatiblePlatforms(t *testing.T) { }), } - r, err := client.ServiceCreate(context.Background(), swarm.ServiceSpec{}, types.ServiceCreateOptions{QueryRegistry: true}) - if err != nil { - t.Fatal(err) - } - if r.ID != "service_amd64" { - t.Fatalf("expected `service_amd64`, got %s", r.ID) - } + spec := swarm.ServiceSpec{TaskTemplate: swarm.TaskSpec{ContainerSpec: swarm.ContainerSpec{Image: "foobar:1.0"}}} + + r, err := client.ServiceCreate(context.Background(), spec, types.ServiceCreateOptions{QueryRegistry: true}) + assert.NoError(t, err) + assert.Equal(t, "service_linux_amd64", r.ID) } func TestServiceCreateDigestPinning(t *testing.T) { From 8857822260c0ed62948f216f7e0ffbff5601a011 Mon Sep 17 00:00:00 2001 From: David Sheets Date: Tue, 13 Jun 2017 11:52:04 +0100 Subject: [PATCH 103/191] authz: eliminate race during plugin removal from middleware Also, this removes the use of a questionable golang range feature which corrects for mutation of a slice during iteration over that slice. This makes the filter operation easier to read and reason about. Signed-off-by: David Sheets Upstream-commit: 7da3986297e04b419ce08b19766633dba36b7d30 Component: engine --- components/engine/pkg/authorization/middleware.go | 13 +++++++++++++ components/engine/plugin/backend_linux.go | 9 +-------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/components/engine/pkg/authorization/middleware.go b/components/engine/pkg/authorization/middleware.go index 05130121e9..595a06d53c 100644 --- a/components/engine/pkg/authorization/middleware.go +++ b/components/engine/pkg/authorization/middleware.go @@ -46,6 +46,19 @@ func (m *Middleware) SetPlugins(names []string) { m.mu.Unlock() } +// RemovePlugin removes a single plugin from this authz middleware chain +func (m *Middleware) RemovePlugin(name string) { + m.mu.Lock() + defer m.mu.Unlock() + plugins := m.plugins[:0] + for _, authPlugin := range m.plugins { + if authPlugin.Name() != name { + plugins = append(plugins, authPlugin) + } + } + m.plugins = plugins +} + // WrapHandler returns a new handler function wrapping the previous one in the request chain. func (m *Middleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error { return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error { diff --git a/components/engine/plugin/backend_linux.go b/components/engine/plugin/backend_linux.go index 1d7f3a838c..012f6cf22b 100644 --- a/components/engine/plugin/backend_linux.go +++ b/components/engine/plugin/backend_linux.go @@ -60,14 +60,7 @@ func (pm *Manager) Disable(refOrID string, config *types.PluginDisableConfig) er for _, typ := range p.GetTypes() { if typ.Capability == authorization.AuthZApiImplements { - authzList := pm.config.AuthzMiddleware.GetAuthzPlugins() - for i, authPlugin := range authzList { - if authPlugin.Name() == p.Name() { - // Remove plugin from authzmiddleware chain - authzList = append(authzList[:i], authzList[i+1:]...) - pm.config.AuthzMiddleware.SetAuthzPlugins(authzList) - } - } + pm.config.AuthzMiddleware.RemovePlugin(p.Name()) } } From 142f748495776b274719f575ae16fd16b80cc5c4 Mon Sep 17 00:00:00 2001 From: David Sheets Date: Tue, 13 Jun 2017 12:12:42 +0100 Subject: [PATCH 104/191] authz: remove and hide unused and local-only methods respectively Signed-off-by: David Sheets Upstream-commit: 24264697c54843ea8dbd30ac37652409943e7bf4 Component: engine --- components/engine/pkg/authorization/middleware.go | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/components/engine/pkg/authorization/middleware.go b/components/engine/pkg/authorization/middleware.go index 595a06d53c..7789a758df 100644 --- a/components/engine/pkg/authorization/middleware.go +++ b/components/engine/pkg/authorization/middleware.go @@ -25,20 +25,12 @@ func NewMiddleware(names []string, pg plugingetter.PluginGetter) *Middleware { } } -// GetAuthzPlugins gets authorization plugins -func (m *Middleware) GetAuthzPlugins() []Plugin { +func (m *Middleware) getAuthzPlugins() []Plugin { m.mu.Lock() defer m.mu.Unlock() return m.plugins } -// SetAuthzPlugins sets authorization plugins -func (m *Middleware) SetAuthzPlugins(plugins []Plugin) { - m.mu.Lock() - m.plugins = plugins - m.mu.Unlock() -} - // SetPlugins sets the plugin used for authorization func (m *Middleware) SetPlugins(names []string) { m.mu.Lock() @@ -62,7 +54,7 @@ func (m *Middleware) RemovePlugin(name string) { // WrapHandler returns a new handler function wrapping the previous one in the request chain. func (m *Middleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error { return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error { - plugins := m.GetAuthzPlugins() + plugins := m.getAuthzPlugins() if len(plugins) == 0 { return handler(ctx, w, r, vars) } @@ -96,7 +88,7 @@ func (m *Middleware) WrapHandler(handler func(ctx context.Context, w http.Respon // There's a chance that the authCtx.plugins was updated. One of the reasons // this can happen is when an authzplugin is disabled. - plugins = m.GetAuthzPlugins() + plugins = m.getAuthzPlugins() if len(plugins) == 0 { logrus.Debug("There are no authz plugins in the chain") return nil From 1b032e855d69221c1521b30008624866c251492f Mon Sep 17 00:00:00 2001 From: Darren Stahl Date: Wed, 31 May 2017 17:11:42 -0700 Subject: [PATCH 105/191] Skip evaluation of symlinks to data root on IoT Core Signed-off-by: Darren Stahl Upstream-commit: 8e71b1e210dc0eff980f39271d6c1dd48d87024e Component: engine --- components/engine/daemon/daemon.go | 5 ++--- components/engine/daemon/daemon_linux.go | 5 +++++ components/engine/daemon/daemon_solaris.go | 5 +++++ components/engine/daemon/daemon_windows.go | 11 +++++++++++ 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go index 4b78d01370..9d421295a2 100644 --- a/components/engine/daemon/daemon.go +++ b/components/engine/daemon/daemon.go @@ -40,7 +40,6 @@ import ( "github.com/docker/docker/layer" "github.com/docker/docker/libcontainerd" "github.com/docker/docker/migrate/v1" - "github.com/docker/docker/pkg/fileutils" "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/plugingetter" "github.com/docker/docker/pkg/registrar" @@ -537,7 +536,7 @@ func NewDaemon(config *config.Config, registryService registry.Service, containe if err != nil { return nil, fmt.Errorf("Unable to get the TempDir under %s: %s", config.Root, err) } - realTmp, err := fileutils.ReadSymlinkedDirectory(tmp) + realTmp, err := getRealPath(tmp) if err != nil { return nil, fmt.Errorf("Unable to get the full path to the TempDir (%s): %s", tmp, err) } @@ -1143,7 +1142,7 @@ func CreateDaemonRoot(config *config.Config) error { if _, err := os.Stat(config.Root); err != nil && os.IsNotExist(err) { realRoot = config.Root } else { - realRoot, err = fileutils.ReadSymlinkedDirectory(config.Root) + realRoot, err = getRealPath(config.Root) if err != nil { return fmt.Errorf("Unable to get the full path to root (%s): %s", config.Root, err) } diff --git a/components/engine/daemon/daemon_linux.go b/components/engine/daemon/daemon_linux.go index 5faf533fde..000a048699 100644 --- a/components/engine/daemon/daemon_linux.go +++ b/components/engine/daemon/daemon_linux.go @@ -9,6 +9,7 @@ import ( "strings" "github.com/Sirupsen/logrus" + "github.com/docker/docker/pkg/fileutils" "github.com/docker/docker/pkg/mount" ) @@ -86,3 +87,7 @@ func getCleanPatterns(id string) (regexps []*regexp.Regexp) { } return } + +func getRealPath(path string) (string, error) { + return fileutils.ReadSymlinkedDirectory(path) +} diff --git a/components/engine/daemon/daemon_solaris.go b/components/engine/daemon/daemon_solaris.go index aacb416a88..de0f3ac3e7 100644 --- a/components/engine/daemon/daemon_solaris.go +++ b/components/engine/daemon/daemon_solaris.go @@ -13,6 +13,7 @@ import ( "github.com/docker/docker/container" "github.com/docker/docker/image" "github.com/docker/docker/layer" + "github.com/docker/docker/pkg/fileutils" "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/parsers/kernel" "github.com/docker/docker/pkg/sysinfo" @@ -525,3 +526,7 @@ func setupDaemonProcess(config *Config) error { func (daemon *Daemon) setupSeccompProfile() error { return nil } + +func getRealPath(path string) (string, error) { + return fileutils.ReadSymlinkedDirectory(path) +} diff --git a/components/engine/daemon/daemon_windows.go b/components/engine/daemon/daemon_windows.go index 7243ac42fe..8618d61817 100644 --- a/components/engine/daemon/daemon_windows.go +++ b/components/engine/daemon/daemon_windows.go @@ -14,6 +14,7 @@ import ( "github.com/docker/docker/container" "github.com/docker/docker/daemon/config" "github.com/docker/docker/image" + "github.com/docker/docker/pkg/fileutils" "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/parsers" "github.com/docker/docker/pkg/platform" @@ -628,3 +629,13 @@ func (daemon *Daemon) verifyVolumesInfo(container *container.Container) error { func (daemon *Daemon) setupSeccompProfile() error { return nil } + +func getRealPath(path string) (string, error) { + if system.IsIoTCore() { + // Due to https://github.com/golang/go/issues/20506, path expansion + // does not work correctly on the default IoT Core configuration. + // TODO @darrenstahlmsft remove this once golang/go/20506 is fixed + return path, nil + } + return fileutils.ReadSymlinkedDirectory(path) +} From ce3a475d7a312db0bc60cd33f0afb62a96211744 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Tue, 13 Jun 2017 19:02:26 -0700 Subject: [PATCH 106/191] Moby June 12th dev report Signed-off-by: Victor Vieux Upstream-commit: b9dfa9ab753c6239905b4cc506d84dba458800a1 Component: engine --- components/engine/reports/2017-06-12.md | 78 +++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 components/engine/reports/2017-06-12.md diff --git a/components/engine/reports/2017-06-12.md b/components/engine/reports/2017-06-12.md new file mode 100644 index 0000000000..48f0b5d579 --- /dev/null +++ b/components/engine/reports/2017-06-12.md @@ -0,0 +1,78 @@ +# Development Report for June 12, 2017 + +## Moby Summit + +The next Moby Summit will be at Docker HQ on June 19th, register [here](https://www.eventbrite.com/e/moby-summit-tickets-34483396768) + +## Daily Meeting + +### The CLI split + +Manpages and docs yaml files can now be generated on [docker/cli](https://github.com/docker/cli). +Man pages, docs and completion scripts will be removed next week thanks to @tiborvass + +### Find a good and non-confusing home for the remaining monolith + +Lot's of dicussion happened on the [forums](https://forums.mobyproject.org/t/topic-find-a-good-an-non-confusing-home-for-the-remaining-monolith) +We should expect to do those changes after the moby summit. We contacted github to work with them so we have a smooth move. + +### Moby tool + +`moby` tool docs were moved from [LinuxKit](https://github.com/linuxkit/linuxkit) to the [moby tool repo](https://github.com/moby/tool) thanks to @justincormack + +### Custom golang URLs + +More discussions on the [forums]https://forums.mobyproject.org/t/cutoms-golang-urls), no agreement for now. + +### Buildkit + +[Proposal](https://github.com/moby/moby/issues/32925) + +More updates to the [POC repo](https://github.com/tonistiigi/buildkit_poc). It now contains binaries for the daemon and client. Examples directory shows a way for invoking a build job by generating the internal low-level build graph definition with a helper binary(as there is not support for frontends yet). The grpc control server binary can be built in two versions, one that connects to containerD socket and other that doesn't have any external dependencies. + +If you have questions or want to help, stop by the issues section of that repo or the proposal in moby/moby. + +#### Typed Dockerfile parsing + +[PR](https://github.com/moby/moby/pull/33492) + +New PR that enables parsing Dockerfiles into typed structures so they can be preprocessed to eliminate unnecessary build stages and reused with different kinds of dispatchers. + +#### Long running session & incremental file sending + +[PR ](https://github.com/moby/moby/pull/32677) + +Same status as last week. The PR went through one pass of review from @dnephin and has been rebased again. Maintainers are encouraged to give this one a review so it can be included in `v17.07` release. + + +#### Quality: Dependency interface switch + +[Move file copying from the daemon to the builder](https://github.com/moby/moby/pull/33454) PR is waiting for a second review. + +#### Proposals for new Dockerfile features that need design feedback: + +[Add IMPORT/EXPORT commands to Dockerfile](https://github.com/moby/moby/issues/32100) + +[Add `DOCKEROS/DOCKERARCH` default ARG to Dockerfile](https://github.com/moby/moby/issues/32487) + +[Add support for `RUN --mount`](https://github.com/moby/moby/issues/32507) + +[DAG image builder](https://github.com/moby/moby/issues/32550) + +[Option to export the hash of the build context](https://github.com/moby/moby/issues/32963) (new) + +[Allow --cache-from=*](https://github.com/moby/moby/issues/33002#issuecomment-299041162) (new) + +[Provide advanced .dockeringore use-cases](https://github.com/moby/moby/issues/12886) [2](https://github.com/moby/moby/issues/12886#issuecomment-306247989) + +If you are interested in implementing any of them, leave a comment on the specific issues. + +#### Builder features currently in code-review: + +[Warn/deprecate continuing on empty lines in `Dockerfile`](https://github.com/moby/moby/pull/29161) + +[Fix behavior of absolute paths in .dockerignore](https://github.com/moby/moby/pull/32088) + +#### Backlog + +[Build secrets](https://github.com/moby/moby/issues/33343) has not got much traction. If you want this feature to become a reality, please make yourself heard. \ No newline at end of file From 42c5a6e86e2a6bcdacd5805123ea96349d2ca048 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Wed, 14 Jun 2017 03:14:46 +0000 Subject: [PATCH 107/191] Remove docs (except docs/api), experimental/, contrib/completion, man/ They have been moved to github.com/docker/cli. Signed-off-by: Tibor Vass Upstream-commit: b5579a4ce33af4c1f67118e11b5a01008a36d26a Component: engine --- .../engine/contrib/completion/REVIEWERS | 2 - .../engine/contrib/completion/bash/docker | 4629 ----------------- .../contrib/completion/fish/docker.fish | 409 -- .../contrib/completion/powershell/readme.txt | 1 - .../engine/contrib/completion/zsh/REVIEWERS | 2 - .../engine/contrib/completion/zsh/_docker | 3014 ----------- components/engine/docs/README.md | 30 - components/engine/docs/deprecated.md | 321 -- components/engine/docs/extend/EBS_volume.md | 164 - components/engine/docs/extend/config.md | 238 - .../extend/images/authz_additional_info.png | Bin 45916 -> 0 bytes .../engine/docs/extend/images/authz_allow.png | Bin 33505 -> 0 bytes .../docs/extend/images/authz_chunked.png | Bin 33168 -> 0 bytes .../extend/images/authz_connection_hijack.png | Bin 38780 -> 0 bytes .../engine/docs/extend/images/authz_deny.png | Bin 27099 -> 0 bytes components/engine/docs/extend/index.md | 262 - .../engine/docs/extend/legacy_plugins.md | 102 - components/engine/docs/extend/plugin_api.md | 196 - .../docs/extend/plugins_authorization.md | 260 - .../engine/docs/extend/plugins_graphdriver.md | 403 -- .../engine/docs/extend/plugins_logging.md | 220 - .../engine/docs/extend/plugins_metrics.md | 85 - .../engine/docs/extend/plugins_network.md | 77 - .../engine/docs/extend/plugins_services.md | 186 - .../engine/docs/extend/plugins_volume.md | 360 -- components/engine/docs/reference/builder.md | 1859 ------- .../docs/reference/commandline/attach.md | 160 - .../docs/reference/commandline/build.md | 581 --- .../engine/docs/reference/commandline/cli.md | 317 -- .../docs/reference/commandline/commit.md | 117 - .../docs/reference/commandline/container.md | 61 - .../reference/commandline/container_prune.md | 126 - .../engine/docs/reference/commandline/cp.md | 115 - .../docs/reference/commandline/create.md | 260 - .../docs/reference/commandline/deploy.md | 112 - .../engine/docs/reference/commandline/diff.md | 67 - .../docs/reference/commandline/dockerd.md | 1480 ------ .../docs/reference/commandline/events.md | 345 -- .../engine/docs/reference/commandline/exec.md | 99 - .../docs/reference/commandline/export.md | 48 - .../docs/reference/commandline/history.md | 93 - .../docs/reference/commandline/image.md | 47 - .../docs/reference/commandline/image_prune.md | 171 - .../docs/reference/commandline/images.md | 343 -- .../docs/reference/commandline/import.md | 89 - .../docs/reference/commandline/index.md | 184 - .../engine/docs/reference/commandline/info.md | 245 - .../docs/reference/commandline/inspect.md | 122 - .../engine/docs/reference/commandline/kill.md | 35 - .../engine/docs/reference/commandline/load.md | 62 - .../docs/reference/commandline/login.md | 158 - .../docs/reference/commandline/logout.md | 32 - .../engine/docs/reference/commandline/logs.md | 68 - .../docs/reference/commandline/network.md | 51 - .../reference/commandline/network_connect.md | 117 - .../reference/commandline/network_create.md | 227 - .../commandline/network_disconnect.md | 48 - .../reference/commandline/network_inspect.md | 307 -- .../docs/reference/commandline/network_ls.md | 250 - .../reference/commandline/network_prune.md | 104 - .../docs/reference/commandline/network_rm.md | 68 - .../engine/docs/reference/commandline/node.md | 42 - .../docs/reference/commandline/node_demote.md | 47 - .../reference/commandline/node_inspect.md | 167 - .../docs/reference/commandline/node_ls.md | 171 - .../reference/commandline/node_promote.md | 45 - .../docs/reference/commandline/node_ps.md | 148 - .../docs/reference/commandline/node_rm.md | 80 - .../docs/reference/commandline/node_update.md | 77 - .../docs/reference/commandline/pause.md | 48 - .../docs/reference/commandline/plugin.md | 44 - .../reference/commandline/plugin_create.md | 66 - .../reference/commandline/plugin_disable.md | 69 - .../reference/commandline/plugin_enable.md | 68 - .../reference/commandline/plugin_inspect.md | 166 - .../reference/commandline/plugin_install.md | 75 - .../docs/reference/commandline/plugin_ls.md | 118 - .../docs/reference/commandline/plugin_push.md | 57 - .../docs/reference/commandline/plugin_rm.md | 63 - .../docs/reference/commandline/plugin_set.md | 172 - .../reference/commandline/plugin_upgrade.md | 100 - .../engine/docs/reference/commandline/port.md | 47 - .../engine/docs/reference/commandline/ps.md | 432 -- .../engine/docs/reference/commandline/pull.md | 254 - .../engine/docs/reference/commandline/push.md | 82 - .../docs/reference/commandline/rename.md | 35 - .../docs/reference/commandline/restart.md | 32 - .../engine/docs/reference/commandline/rm.md | 100 - .../engine/docs/reference/commandline/rmi.md | 105 - .../engine/docs/reference/commandline/run.md | 812 --- .../engine/docs/reference/commandline/save.md | 62 - .../docs/reference/commandline/search.md | 149 - .../docs/reference/commandline/secret.md | 45 - .../reference/commandline/secret_create.md | 99 - .../reference/commandline/secret_inspect.md | 95 - .../docs/reference/commandline/secret_ls.md | 157 - .../docs/reference/commandline/secret_rm.md | 54 - .../docs/reference/commandline/service.md | 42 - .../reference/commandline/service_create.md | 846 --- .../reference/commandline/service_inspect.md | 170 - .../reference/commandline/service_logs.md | 85 - .../docs/reference/commandline/service_ls.md | 164 - .../docs/reference/commandline/service_ps.md | 194 - .../docs/reference/commandline/service_rm.md | 60 - .../reference/commandline/service_scale.md | 104 - .../reference/commandline/service_update.md | 265 - .../docs/reference/commandline/stack.md | 39 - .../reference/commandline/stack_deploy.md | 107 - .../docs/reference/commandline/stack_ls.md | 76 - .../docs/reference/commandline/stack_ps.md | 230 - .../docs/reference/commandline/stack_rm.md | 78 - .../reference/commandline/stack_services.md | 105 - .../docs/reference/commandline/start.md | 34 - .../docs/reference/commandline/stats.md | 140 - .../engine/docs/reference/commandline/stop.md | 37 - .../docs/reference/commandline/swarm.md | 41 - .../docs/reference/commandline/swarm_ca.md | 122 - .../docs/reference/commandline/swarm_init.md | 168 - .../docs/reference/commandline/swarm_join.md | 130 - .../reference/commandline/swarm_join_token.md | 115 - .../docs/reference/commandline/swarm_leave.md | 72 - .../reference/commandline/swarm_unlock.md | 49 - .../reference/commandline/swarm_unlock_key.md | 92 - .../reference/commandline/swarm_update.md | 52 - .../docs/reference/commandline/system.md | 37 - .../docs/reference/commandline/system_df.md | 140 - .../reference/commandline/system_events.md | 345 -- .../reference/commandline/system_prune.md | 110 - .../engine/docs/reference/commandline/tag.md | 84 - .../engine/docs/reference/commandline/top.md | 25 - .../docs/reference/commandline/unpause.md | 44 - .../docs/reference/commandline/update.md | 123 - .../docs/reference/commandline/version.md | 74 - .../docs/reference/commandline/volume.md | 48 - .../reference/commandline/volume_create.md | 125 - .../reference/commandline/volume_inspect.md | 61 - .../docs/reference/commandline/volume_ls.md | 199 - .../reference/commandline/volume_prune.md | 73 - .../docs/reference/commandline/volume_rm.md | 48 - .../engine/docs/reference/commandline/wait.md | 58 - components/engine/docs/reference/glossary.md | 374 -- components/engine/docs/reference/index.md | 21 - components/engine/docs/reference/run.md | 1605 ------ components/engine/experimental/README.md | 53 - .../engine/experimental/checkpoint-restore.md | 88 - .../experimental/docker-stacks-and-bundles.md | 205 - .../experimental/images/ipvlan-l3.gliffy | 1 - .../engine/experimental/images/ipvlan-l3.png | Bin 18260 -> 0 bytes .../engine/experimental/images/ipvlan-l3.svg | 1 - .../images/ipvlan_l2_simple.gliffy | 1 - .../experimental/images/ipvlan_l2_simple.png | Bin 20145 -> 0 bytes .../experimental/images/ipvlan_l2_simple.svg | 1 - .../images/macvlan-bridge-ipvlan-l2.gliffy | 1 - .../images/macvlan-bridge-ipvlan-l2.png | Bin 14527 -> 0 bytes .../images/macvlan-bridge-ipvlan-l2.svg | 1 - .../images/multi_tenant_8021q_vlans.gliffy | 1 - .../images/multi_tenant_8021q_vlans.png | Bin 17879 -> 0 bytes .../images/multi_tenant_8021q_vlans.svg | 1 - .../images/vlans-deeper-look.gliffy | 1 - .../experimental/images/vlans-deeper-look.png | Bin 38837 -> 0 bytes .../experimental/images/vlans-deeper-look.svg | 1 - .../engine/experimental/vlan-networks.md | 475 -- components/engine/man/Dockerfile | 24 - components/engine/man/Dockerfile.5.md | 474 -- components/engine/man/Dockerfile.aarch64 | 34 - components/engine/man/Dockerfile.armhf | 43 - components/engine/man/Dockerfile.ppc64le | 35 - components/engine/man/Dockerfile.s390x | 35 - components/engine/man/README.md | 15 - components/engine/man/docker-build.1.md | 359 -- components/engine/man/docker-config-json.5.md | 72 - components/engine/man/docker-run.1.md | 1108 ---- components/engine/man/docker.1.md | 70 - components/engine/man/dockerd.8.md | 797 --- components/engine/man/generate.go | 106 - components/engine/man/generate.sh | 15 - components/engine/man/glide.lock | 52 - components/engine/man/glide.yaml | 12 - components/engine/man/md2man-all.sh | 22 - components/engine/man/src/attach.md | 2 - components/engine/man/src/commit.md | 1 - components/engine/man/src/container/attach.md | 66 - components/engine/man/src/container/commit.md | 30 - components/engine/man/src/container/cp.md | 145 - .../man/src/container/create-example.md | 35 - components/engine/man/src/container/create.md | 87 - components/engine/man/src/container/diff.md | 39 - components/engine/man/src/container/exec.md | 25 - components/engine/man/src/container/export.md | 20 - components/engine/man/src/container/kill.md | 2 - components/engine/man/src/container/logs.md | 28 - components/engine/man/src/container/ls.md | 110 - components/engine/man/src/container/pause.md | 12 - components/engine/man/src/container/port.md | 26 - components/engine/man/src/container/rename.md | 1 - .../engine/man/src/container/restart.md | 1 - components/engine/man/src/container/rm.md | 37 - components/engine/man/src/container/run.md | 1 - components/engine/man/src/container/start.md | 1 - components/engine/man/src/container/stats.md | 43 - components/engine/man/src/container/stop.md | 1 - components/engine/man/src/container/top.md | 11 - .../engine/man/src/container/unpause.md | 6 - components/engine/man/src/container/update.md | 102 - components/engine/man/src/container/wait.md | 8 - components/engine/man/src/cp.md | 1 - components/engine/man/src/create.md | 1 - components/engine/man/src/diff.md | 1 - components/engine/man/src/events.md | 1 - components/engine/man/src/exec.md | 1 - components/engine/man/src/export.md | 1 - components/engine/man/src/history.md | 1 - components/engine/man/src/image/build.md | 1 - components/engine/man/src/image/history.md | 54 - components/engine/man/src/image/import.md | 42 - components/engine/man/src/image/load.md | 25 - components/engine/man/src/image/ls.md | 118 - components/engine/man/src/image/pull.md | 189 - components/engine/man/src/image/push.md | 34 - components/engine/man/src/image/rm.md | 11 - components/engine/man/src/image/save.md | 19 - components/engine/man/src/image/tag.md | 54 - components/engine/man/src/images.md | 1 - components/engine/man/src/import.md | 1 - components/engine/man/src/info.md | 1 - components/engine/man/src/inspect.md | 286 - components/engine/man/src/kill.md | 1 - components/engine/man/src/load.md | 1 - components/engine/man/src/login.md | 22 - components/engine/man/src/logout.md | 13 - components/engine/man/src/logs.md | 1 - components/engine/man/src/network/connect.md | 39 - components/engine/man/src/network/create.md | 177 - .../engine/man/src/network/disconnect.md | 5 - components/engine/man/src/network/inspect.md | 183 - components/engine/man/src/network/ls.md | 182 - components/engine/man/src/network/rm.md | 20 - components/engine/man/src/pause.md | 1 - components/engine/man/src/plugin/ls.md | 43 - components/engine/man/src/port.md | 1 - components/engine/man/src/ps.md | 1 - components/engine/man/src/pull.md | 1 - components/engine/man/src/push.md | 1 - components/engine/man/src/rename.md | 1 - components/engine/man/src/restart.md | 1 - components/engine/man/src/rm.md | 1 - components/engine/man/src/rmi.md | 1 - components/engine/man/src/save.md | 1 - components/engine/man/src/search.md | 36 - components/engine/man/src/start.md | 1 - components/engine/man/src/stats.md | 1 - components/engine/man/src/stop.md | 1 - components/engine/man/src/system/events.md | 134 - components/engine/man/src/system/info.md | 163 - components/engine/man/src/tag.md | 1 - components/engine/man/src/top.md | 1 - components/engine/man/src/unpause.md | 1 - components/engine/man/src/update.md | 1 - components/engine/man/src/version.md | 37 - components/engine/man/src/volume.md | 14 - components/engine/man/src/volume/create.md | 35 - components/engine/man/src/volume/inspect.md | 4 - components/engine/man/src/volume/ls.md | 11 - components/engine/man/src/wait.md | 1 - 264 files changed, 38049 deletions(-) delete mode 100644 components/engine/contrib/completion/REVIEWERS delete mode 100644 components/engine/contrib/completion/bash/docker delete mode 100644 components/engine/contrib/completion/fish/docker.fish delete mode 100644 components/engine/contrib/completion/powershell/readme.txt delete mode 100644 components/engine/contrib/completion/zsh/REVIEWERS delete mode 100644 components/engine/contrib/completion/zsh/_docker delete mode 100644 components/engine/docs/README.md delete mode 100644 components/engine/docs/deprecated.md delete mode 100644 components/engine/docs/extend/EBS_volume.md delete mode 100644 components/engine/docs/extend/config.md delete mode 100644 components/engine/docs/extend/images/authz_additional_info.png delete mode 100644 components/engine/docs/extend/images/authz_allow.png delete mode 100644 components/engine/docs/extend/images/authz_chunked.png delete mode 100644 components/engine/docs/extend/images/authz_connection_hijack.png delete mode 100644 components/engine/docs/extend/images/authz_deny.png delete mode 100644 components/engine/docs/extend/index.md delete mode 100644 components/engine/docs/extend/legacy_plugins.md delete mode 100644 components/engine/docs/extend/plugin_api.md delete mode 100644 components/engine/docs/extend/plugins_authorization.md delete mode 100644 components/engine/docs/extend/plugins_graphdriver.md delete mode 100644 components/engine/docs/extend/plugins_logging.md delete mode 100644 components/engine/docs/extend/plugins_metrics.md delete mode 100644 components/engine/docs/extend/plugins_network.md delete mode 100644 components/engine/docs/extend/plugins_services.md delete mode 100644 components/engine/docs/extend/plugins_volume.md delete mode 100644 components/engine/docs/reference/builder.md delete mode 100644 components/engine/docs/reference/commandline/attach.md delete mode 100644 components/engine/docs/reference/commandline/build.md delete mode 100644 components/engine/docs/reference/commandline/cli.md delete mode 100644 components/engine/docs/reference/commandline/commit.md delete mode 100644 components/engine/docs/reference/commandline/container.md delete mode 100644 components/engine/docs/reference/commandline/container_prune.md delete mode 100644 components/engine/docs/reference/commandline/cp.md delete mode 100644 components/engine/docs/reference/commandline/create.md delete mode 100644 components/engine/docs/reference/commandline/deploy.md delete mode 100644 components/engine/docs/reference/commandline/diff.md delete mode 100644 components/engine/docs/reference/commandline/dockerd.md delete mode 100644 components/engine/docs/reference/commandline/events.md delete mode 100644 components/engine/docs/reference/commandline/exec.md delete mode 100644 components/engine/docs/reference/commandline/export.md delete mode 100644 components/engine/docs/reference/commandline/history.md delete mode 100644 components/engine/docs/reference/commandline/image.md delete mode 100644 components/engine/docs/reference/commandline/image_prune.md delete mode 100644 components/engine/docs/reference/commandline/images.md delete mode 100644 components/engine/docs/reference/commandline/import.md delete mode 100644 components/engine/docs/reference/commandline/index.md delete mode 100644 components/engine/docs/reference/commandline/info.md delete mode 100644 components/engine/docs/reference/commandline/inspect.md delete mode 100644 components/engine/docs/reference/commandline/kill.md delete mode 100644 components/engine/docs/reference/commandline/load.md delete mode 100644 components/engine/docs/reference/commandline/login.md delete mode 100644 components/engine/docs/reference/commandline/logout.md delete mode 100644 components/engine/docs/reference/commandline/logs.md delete mode 100644 components/engine/docs/reference/commandline/network.md delete mode 100644 components/engine/docs/reference/commandline/network_connect.md delete mode 100644 components/engine/docs/reference/commandline/network_create.md delete mode 100644 components/engine/docs/reference/commandline/network_disconnect.md delete mode 100644 components/engine/docs/reference/commandline/network_inspect.md delete mode 100644 components/engine/docs/reference/commandline/network_ls.md delete mode 100644 components/engine/docs/reference/commandline/network_prune.md delete mode 100644 components/engine/docs/reference/commandline/network_rm.md delete mode 100644 components/engine/docs/reference/commandline/node.md delete mode 100644 components/engine/docs/reference/commandline/node_demote.md delete mode 100644 components/engine/docs/reference/commandline/node_inspect.md delete mode 100644 components/engine/docs/reference/commandline/node_ls.md delete mode 100644 components/engine/docs/reference/commandline/node_promote.md delete mode 100644 components/engine/docs/reference/commandline/node_ps.md delete mode 100644 components/engine/docs/reference/commandline/node_rm.md delete mode 100644 components/engine/docs/reference/commandline/node_update.md delete mode 100644 components/engine/docs/reference/commandline/pause.md delete mode 100644 components/engine/docs/reference/commandline/plugin.md delete mode 100644 components/engine/docs/reference/commandline/plugin_create.md delete mode 100644 components/engine/docs/reference/commandline/plugin_disable.md delete mode 100644 components/engine/docs/reference/commandline/plugin_enable.md delete mode 100644 components/engine/docs/reference/commandline/plugin_inspect.md delete mode 100644 components/engine/docs/reference/commandline/plugin_install.md delete mode 100644 components/engine/docs/reference/commandline/plugin_ls.md delete mode 100644 components/engine/docs/reference/commandline/plugin_push.md delete mode 100644 components/engine/docs/reference/commandline/plugin_rm.md delete mode 100644 components/engine/docs/reference/commandline/plugin_set.md delete mode 100644 components/engine/docs/reference/commandline/plugin_upgrade.md delete mode 100644 components/engine/docs/reference/commandline/port.md delete mode 100644 components/engine/docs/reference/commandline/ps.md delete mode 100644 components/engine/docs/reference/commandline/pull.md delete mode 100644 components/engine/docs/reference/commandline/push.md delete mode 100644 components/engine/docs/reference/commandline/rename.md delete mode 100644 components/engine/docs/reference/commandline/restart.md delete mode 100644 components/engine/docs/reference/commandline/rm.md delete mode 100644 components/engine/docs/reference/commandline/rmi.md delete mode 100644 components/engine/docs/reference/commandline/run.md delete mode 100644 components/engine/docs/reference/commandline/save.md delete mode 100644 components/engine/docs/reference/commandline/search.md delete mode 100644 components/engine/docs/reference/commandline/secret.md delete mode 100644 components/engine/docs/reference/commandline/secret_create.md delete mode 100644 components/engine/docs/reference/commandline/secret_inspect.md delete mode 100644 components/engine/docs/reference/commandline/secret_ls.md delete mode 100644 components/engine/docs/reference/commandline/secret_rm.md delete mode 100644 components/engine/docs/reference/commandline/service.md delete mode 100644 components/engine/docs/reference/commandline/service_create.md delete mode 100644 components/engine/docs/reference/commandline/service_inspect.md delete mode 100644 components/engine/docs/reference/commandline/service_logs.md delete mode 100644 components/engine/docs/reference/commandline/service_ls.md delete mode 100644 components/engine/docs/reference/commandline/service_ps.md delete mode 100644 components/engine/docs/reference/commandline/service_rm.md delete mode 100644 components/engine/docs/reference/commandline/service_scale.md delete mode 100644 components/engine/docs/reference/commandline/service_update.md delete mode 100644 components/engine/docs/reference/commandline/stack.md delete mode 100644 components/engine/docs/reference/commandline/stack_deploy.md delete mode 100644 components/engine/docs/reference/commandline/stack_ls.md delete mode 100644 components/engine/docs/reference/commandline/stack_ps.md delete mode 100644 components/engine/docs/reference/commandline/stack_rm.md delete mode 100644 components/engine/docs/reference/commandline/stack_services.md delete mode 100644 components/engine/docs/reference/commandline/start.md delete mode 100644 components/engine/docs/reference/commandline/stats.md delete mode 100644 components/engine/docs/reference/commandline/stop.md delete mode 100644 components/engine/docs/reference/commandline/swarm.md delete mode 100644 components/engine/docs/reference/commandline/swarm_ca.md delete mode 100644 components/engine/docs/reference/commandline/swarm_init.md delete mode 100644 components/engine/docs/reference/commandline/swarm_join.md delete mode 100644 components/engine/docs/reference/commandline/swarm_join_token.md delete mode 100644 components/engine/docs/reference/commandline/swarm_leave.md delete mode 100644 components/engine/docs/reference/commandline/swarm_unlock.md delete mode 100644 components/engine/docs/reference/commandline/swarm_unlock_key.md delete mode 100644 components/engine/docs/reference/commandline/swarm_update.md delete mode 100644 components/engine/docs/reference/commandline/system.md delete mode 100644 components/engine/docs/reference/commandline/system_df.md delete mode 100644 components/engine/docs/reference/commandline/system_events.md delete mode 100644 components/engine/docs/reference/commandline/system_prune.md delete mode 100644 components/engine/docs/reference/commandline/tag.md delete mode 100644 components/engine/docs/reference/commandline/top.md delete mode 100644 components/engine/docs/reference/commandline/unpause.md delete mode 100644 components/engine/docs/reference/commandline/update.md delete mode 100644 components/engine/docs/reference/commandline/version.md delete mode 100644 components/engine/docs/reference/commandline/volume.md delete mode 100644 components/engine/docs/reference/commandline/volume_create.md delete mode 100644 components/engine/docs/reference/commandline/volume_inspect.md delete mode 100644 components/engine/docs/reference/commandline/volume_ls.md delete mode 100644 components/engine/docs/reference/commandline/volume_prune.md delete mode 100644 components/engine/docs/reference/commandline/volume_rm.md delete mode 100644 components/engine/docs/reference/commandline/wait.md delete mode 100644 components/engine/docs/reference/glossary.md delete mode 100644 components/engine/docs/reference/index.md delete mode 100644 components/engine/docs/reference/run.md delete mode 100644 components/engine/experimental/README.md delete mode 100644 components/engine/experimental/checkpoint-restore.md delete mode 100644 components/engine/experimental/docker-stacks-and-bundles.md delete mode 100644 components/engine/experimental/images/ipvlan-l3.gliffy delete mode 100644 components/engine/experimental/images/ipvlan-l3.png delete mode 100644 components/engine/experimental/images/ipvlan-l3.svg delete mode 100644 components/engine/experimental/images/ipvlan_l2_simple.gliffy delete mode 100644 components/engine/experimental/images/ipvlan_l2_simple.png delete mode 100644 components/engine/experimental/images/ipvlan_l2_simple.svg delete mode 100644 components/engine/experimental/images/macvlan-bridge-ipvlan-l2.gliffy delete mode 100644 components/engine/experimental/images/macvlan-bridge-ipvlan-l2.png delete mode 100644 components/engine/experimental/images/macvlan-bridge-ipvlan-l2.svg delete mode 100644 components/engine/experimental/images/multi_tenant_8021q_vlans.gliffy delete mode 100644 components/engine/experimental/images/multi_tenant_8021q_vlans.png delete mode 100644 components/engine/experimental/images/multi_tenant_8021q_vlans.svg delete mode 100644 components/engine/experimental/images/vlans-deeper-look.gliffy delete mode 100644 components/engine/experimental/images/vlans-deeper-look.png delete mode 100644 components/engine/experimental/images/vlans-deeper-look.svg delete mode 100644 components/engine/experimental/vlan-networks.md delete mode 100644 components/engine/man/Dockerfile delete mode 100644 components/engine/man/Dockerfile.5.md delete mode 100644 components/engine/man/Dockerfile.aarch64 delete mode 100644 components/engine/man/Dockerfile.armhf delete mode 100644 components/engine/man/Dockerfile.ppc64le delete mode 100644 components/engine/man/Dockerfile.s390x delete mode 100644 components/engine/man/README.md delete mode 100644 components/engine/man/docker-build.1.md delete mode 100644 components/engine/man/docker-config-json.5.md delete mode 100644 components/engine/man/docker-run.1.md delete mode 100644 components/engine/man/docker.1.md delete mode 100644 components/engine/man/dockerd.8.md delete mode 100644 components/engine/man/generate.go delete mode 100755 components/engine/man/generate.sh delete mode 100644 components/engine/man/glide.lock delete mode 100644 components/engine/man/glide.yaml delete mode 100755 components/engine/man/md2man-all.sh delete mode 100644 components/engine/man/src/attach.md delete mode 100644 components/engine/man/src/commit.md delete mode 100644 components/engine/man/src/container/attach.md delete mode 100644 components/engine/man/src/container/commit.md delete mode 100644 components/engine/man/src/container/cp.md delete mode 100644 components/engine/man/src/container/create-example.md delete mode 100644 components/engine/man/src/container/create.md delete mode 100644 components/engine/man/src/container/diff.md delete mode 100644 components/engine/man/src/container/exec.md delete mode 100644 components/engine/man/src/container/export.md delete mode 100644 components/engine/man/src/container/kill.md delete mode 100644 components/engine/man/src/container/logs.md delete mode 100644 components/engine/man/src/container/ls.md delete mode 100644 components/engine/man/src/container/pause.md delete mode 100644 components/engine/man/src/container/port.md delete mode 100644 components/engine/man/src/container/rename.md delete mode 100644 components/engine/man/src/container/restart.md delete mode 100644 components/engine/man/src/container/rm.md delete mode 100644 components/engine/man/src/container/run.md delete mode 100644 components/engine/man/src/container/start.md delete mode 100644 components/engine/man/src/container/stats.md delete mode 100644 components/engine/man/src/container/stop.md delete mode 100644 components/engine/man/src/container/top.md delete mode 100644 components/engine/man/src/container/unpause.md delete mode 100644 components/engine/man/src/container/update.md delete mode 100644 components/engine/man/src/container/wait.md delete mode 100644 components/engine/man/src/cp.md delete mode 100644 components/engine/man/src/create.md delete mode 100644 components/engine/man/src/diff.md delete mode 100644 components/engine/man/src/events.md delete mode 100644 components/engine/man/src/exec.md delete mode 100644 components/engine/man/src/export.md delete mode 100644 components/engine/man/src/history.md delete mode 100644 components/engine/man/src/image/build.md delete mode 100644 components/engine/man/src/image/history.md delete mode 100644 components/engine/man/src/image/import.md delete mode 100644 components/engine/man/src/image/load.md delete mode 100644 components/engine/man/src/image/ls.md delete mode 100644 components/engine/man/src/image/pull.md delete mode 100644 components/engine/man/src/image/push.md delete mode 100644 components/engine/man/src/image/rm.md delete mode 100644 components/engine/man/src/image/save.md delete mode 100644 components/engine/man/src/image/tag.md delete mode 100644 components/engine/man/src/images.md delete mode 100644 components/engine/man/src/import.md delete mode 100644 components/engine/man/src/info.md delete mode 100644 components/engine/man/src/inspect.md delete mode 100644 components/engine/man/src/kill.md delete mode 100644 components/engine/man/src/load.md delete mode 100644 components/engine/man/src/login.md delete mode 100644 components/engine/man/src/logout.md delete mode 100644 components/engine/man/src/logs.md delete mode 100644 components/engine/man/src/network/connect.md delete mode 100644 components/engine/man/src/network/create.md delete mode 100644 components/engine/man/src/network/disconnect.md delete mode 100644 components/engine/man/src/network/inspect.md delete mode 100644 components/engine/man/src/network/ls.md delete mode 100644 components/engine/man/src/network/rm.md delete mode 100644 components/engine/man/src/pause.md delete mode 100644 components/engine/man/src/plugin/ls.md delete mode 100644 components/engine/man/src/port.md delete mode 100644 components/engine/man/src/ps.md delete mode 100644 components/engine/man/src/pull.md delete mode 100644 components/engine/man/src/push.md delete mode 100644 components/engine/man/src/rename.md delete mode 100644 components/engine/man/src/restart.md delete mode 100644 components/engine/man/src/rm.md delete mode 100644 components/engine/man/src/rmi.md delete mode 100644 components/engine/man/src/save.md delete mode 100644 components/engine/man/src/search.md delete mode 100644 components/engine/man/src/start.md delete mode 100644 components/engine/man/src/stats.md delete mode 100644 components/engine/man/src/stop.md delete mode 100644 components/engine/man/src/system/events.md delete mode 100644 components/engine/man/src/system/info.md delete mode 100644 components/engine/man/src/tag.md delete mode 100644 components/engine/man/src/top.md delete mode 100644 components/engine/man/src/unpause.md delete mode 100644 components/engine/man/src/update.md delete mode 100644 components/engine/man/src/version.md delete mode 100644 components/engine/man/src/volume.md delete mode 100644 components/engine/man/src/volume/create.md delete mode 100644 components/engine/man/src/volume/inspect.md delete mode 100644 components/engine/man/src/volume/ls.md delete mode 100644 components/engine/man/src/wait.md diff --git a/components/engine/contrib/completion/REVIEWERS b/components/engine/contrib/completion/REVIEWERS deleted file mode 100644 index 03ee2dde3d..0000000000 --- a/components/engine/contrib/completion/REVIEWERS +++ /dev/null @@ -1,2 +0,0 @@ -Tianon Gravi (@tianon) -Jessie Frazelle (@jfrazelle) diff --git a/components/engine/contrib/completion/bash/docker b/components/engine/contrib/completion/bash/docker deleted file mode 100644 index 79209c2941..0000000000 --- a/components/engine/contrib/completion/bash/docker +++ /dev/null @@ -1,4629 +0,0 @@ -#!/usr/bin/env bash -# -# bash completion file for core docker commands -# -# This script provides completion of: -# - commands and their options -# - container ids and names -# - image repos and tags -# - filepaths -# -# To enable the completions either: -# - place this file in /etc/bash_completion.d -# or -# - copy this file to e.g. ~/.docker-completion.sh and add the line -# below to your .bashrc after bash completion features are loaded -# . ~/.docker-completion.sh -# -# Configuration: -# -# For several commands, the amount of completions can be configured by -# setting environment variables. -# -# DOCKER_COMPLETION_SHOW_CONTAINER_IDS -# DOCKER_COMPLETION_SHOW_NETWORK_IDS -# DOCKER_COMPLETION_SHOW_NODE_IDS -# DOCKER_COMPLETION_SHOW_PLUGIN_IDS -# DOCKER_COMPLETION_SHOW_SECRET_IDS -# DOCKER_COMPLETION_SHOW_SERVICE_IDS -# "no" - Show names only (default) -# "yes" - Show names and ids -# -# You can tailor completion for the "events", "history", "inspect", "run", -# "rmi" and "save" commands by settings the following environment -# variables: -# -# DOCKER_COMPLETION_SHOW_IMAGE_IDS -# "none" - Show names only (default) -# "non-intermediate" - Show names and ids, but omit intermediate image IDs -# "all" - Show names and ids, including intermediate image IDs -# -# DOCKER_COMPLETION_SHOW_TAGS -# "yes" - include tags in completion options (default) -# "no" - don't include tags in completion options - -# -# Note: -# Currently, the completions will not work if the docker daemon is not -# bound to the default communication port/socket -# If the docker daemon is using a unix socket for communication your user -# must have access to the socket for the completions to function correctly -# -# Note for developers: -# Please arrange options sorted alphabetically by long name with the short -# options immediately following their corresponding long form. -# This order should be applied to lists, alternatives and code blocks. - -__docker_previous_extglob_setting=$(shopt -p extglob) -shopt -s extglob - -__docker_q() { - docker ${host:+-H "$host"} ${config:+--config "$config"} 2>/dev/null "$@" -} - -# __docker_containers returns a list of containers. Additional options to -# `docker ps` may be specified in order to filter the list, e.g. -# `__docker_containers --filter status=running` -# By default, only names are returned. -# Set DOCKER_COMPLETION_SHOW_CONTAINER_IDS=yes to also complete IDs. -# An optional first option `--id|--name` may be used to limit the -# output to the IDs or names of matching items. This setting takes -# precedence over the environment setting. -__docker_containers() { - local format - if [ "$1" = "--id" ] ; then - format='{{.ID}}' - shift - elif [ "$1" = "--name" ] ; then - format='{{.Names}}' - shift - elif [ "${DOCKER_COMPLETION_SHOW_CONTAINER_IDS}" = yes ] ; then - format='{{.ID}} {{.Names}}' - else - format='{{.Names}}' - fi - __docker_q ps --format "$format" "$@" -} - -# __docker_complete_containers applies completion of containers based on the current -# value of `$cur` or the value of the optional first option `--cur`, if given. -# Additional filters may be appended, see `__docker_containers`. -__docker_complete_containers() { - local current="$cur" - if [ "$1" = "--cur" ] ; then - current="$2" - shift 2 - fi - COMPREPLY=( $(compgen -W "$(__docker_containers "$@")" -- "$current") ) -} - -__docker_complete_containers_all() { - __docker_complete_containers "$@" --all -} - -__docker_complete_containers_removable() { - __docker_complete_containers "$@" --filter status=created --filter status=exited -} - -__docker_complete_containers_running() { - __docker_complete_containers "$@" --filter status=running -} - -__docker_complete_containers_stopped() { - __docker_complete_containers "$@" --filter status=exited -} - -__docker_complete_containers_unpauseable() { - __docker_complete_containers "$@" --filter status=paused -} - -__docker_complete_container_names() { - local containers=( $(__docker_q ps -aq --no-trunc) ) - local names=( $(__docker_q inspect --format '{{.Name}}' "${containers[@]}") ) - names=( "${names[@]#/}" ) # trim off the leading "/" from the container names - COMPREPLY=( $(compgen -W "${names[*]}" -- "$cur") ) -} - -__docker_complete_container_ids() { - local containers=( $(__docker_q ps -aq) ) - COMPREPLY=( $(compgen -W "${containers[*]}" -- "$cur") ) -} - -__docker_images() { - local images_args="" - - case "$DOCKER_COMPLETION_SHOW_IMAGE_IDS" in - all) - images_args="--no-trunc -a" - ;; - non-intermediate) - images_args="--no-trunc" - ;; - esac - - local repo_print_command - if [ "${DOCKER_COMPLETION_SHOW_TAGS:-yes}" = "yes" ]; then - repo_print_command='print $1; print $1":"$2' - else - repo_print_command='print $1' - fi - - local awk_script - case "$DOCKER_COMPLETION_SHOW_IMAGE_IDS" in - all|non-intermediate) - awk_script='NR>1 { print $3; if ($1 != "") { '"$repo_print_command"' } }' - ;; - none|*) - awk_script='NR>1 && $1 != "" { '"$repo_print_command"' }' - ;; - esac - - __docker_q images $images_args | awk "$awk_script" | grep -v '$' -} - -__docker_complete_images() { - COMPREPLY=( $(compgen -W "$(__docker_images)" -- "$cur") ) - __ltrim_colon_completions "$cur" -} - -__docker_complete_image_repos() { - local repos="$(__docker_q images | awk 'NR>1 && $1 != "" { print $1 }')" - COMPREPLY=( $(compgen -W "$repos" -- "$cur") ) -} - -__docker_complete_image_repos_and_tags() { - local reposAndTags="$(__docker_q images | awk 'NR>1 && $1 != "" { print $1; print $1":"$2 }')" - COMPREPLY=( $(compgen -W "$reposAndTags" -- "$cur") ) - __ltrim_colon_completions "$cur" -} - -# __docker_networks returns a list of all networks. Additional options to -# `docker network ls` may be specified in order to filter the list, e.g. -# `__docker_networks --filter type=custom` -# By default, only names are returned. -# Set DOCKER_COMPLETION_SHOW_NETWORK_IDS=yes to also complete IDs. -# An optional first option `--id|--name` may be used to limit the -# output to the IDs or names of matching items. This setting takes -# precedence over the environment setting. -__docker_networks() { - local format - if [ "$1" = "--id" ] ; then - format='{{.ID}}' - shift - elif [ "$1" = "--name" ] ; then - format='{{.Name}}' - shift - elif [ "${DOCKER_COMPLETION_SHOW_NETWORK_IDS}" = yes ] ; then - format='{{.ID}} {{.Name}}' - else - format='{{.Name}}' - fi - __docker_q network ls --format "$format" "$@" -} - -# __docker_complete_networks applies completion of networks based on the current -# value of `$cur` or the value of the optional first option `--cur`, if given. -# Additional filters may be appended, see `__docker_networks`. -__docker_complete_networks() { - local current="$cur" - if [ "$1" = "--cur" ] ; then - current="$2" - shift 2 - fi - COMPREPLY=( $(compgen -W "$(__docker_networks "$@")" -- "$current") ) -} - -__docker_complete_containers_in_network() { - local containers=$(__docker_q network inspect -f '{{range $i, $c := .Containers}}{{$i}} {{$c.Name}} {{end}}' "$1") - COMPREPLY=( $(compgen -W "$containers" -- "$cur") ) -} - -# __docker_volumes returns a list of all volumes. Additional options to -# `docker volume ls` may be specified in order to filter the list, e.g. -# `__docker_volumes --filter dangling=true` -# Because volumes do not have IDs, this function does not distinguish between -# IDs and names. -__docker_volumes() { - __docker_q volume ls -q "$@" -} - -# __docker_complete_volumes applies completion of volumes based on the current -# value of `$cur` or the value of the optional first option `--cur`, if given. -# Additional filters may be appended, see `__docker_volumes`. -__docker_complete_volumes() { - local current="$cur" - if [ "$1" = "--cur" ] ; then - current="$2" - shift 2 - fi - COMPREPLY=( $(compgen -W "$(__docker_volumes "$@")" -- "$current") ) -} - -# __docker_plugins_bundled returns a list of all plugins of a given type. -# The type has to be specified with the mandatory option `--type`. -# Valid types are: Network, Volume, Authorization. -# Completions may be added or removed with `--add` and `--remove` -# This function only deals with plugins that come bundled with Docker. -# For plugins managed by `docker plugin`, see `__docker_plugins_installed`. -__docker_plugins_bundled() { - local type add=() remove=() - while true ; do - case "$1" in - --type) - type="$2" - shift 2 - ;; - --add) - add+=("$2") - shift 2 - ;; - --remove) - remove+=("$2") - shift 2 - ;; - *) - break - ;; - esac - done - - local plugins=($(__docker_q info --format "{{range \$i, \$p := .Plugins.$type}}{{.}} {{end}}")) - for del in "${remove[@]}" ; do - plugins=(${plugins[@]/$del/}) - done - echo "${plugins[@]} ${add[@]}" -} - -# __docker_complete_plugins_bundled applies completion of plugins based on the current -# value of `$cur` or the value of the optional first option `--cur`, if given. -# The plugin type has to be specified with the next option `--type`. -# This function only deals with plugins that come bundled with Docker. -# For completion of plugins managed by `docker plugin`, see -# `__docker_complete_plugins_installed`. -__docker_complete_plugins_bundled() { - local current="$cur" - if [ "$1" = "--cur" ] ; then - current="$2" - shift 2 - fi - COMPREPLY=( $(compgen -W "$(__docker_plugins_bundled "$@")" -- "$current") ) -} - -# __docker_plugins_installed returns a list of all plugins that were installed with -# the Docker plugin API. -# By default, only names are returned. -# Set DOCKER_COMPLETION_SHOW_PLUGIN_IDS=yes to also complete IDs. -# Additional options to `docker plugin ls` may be specified in order to filter the list, -# e.g. `__docker_plugins_installed --filter enabled=true` -# For built-in pugins, see `__docker_plugins_bundled`. -__docker_plugins_installed() { - local format - if [ "$DOCKER_COMPLETION_SHOW_PLUGIN_IDS" = yes ] ; then - format='{{.ID}} {{.Name}}' - else - format='{{.Name}}' - fi - __docker_q plugin ls --format "$format" "$@" -} - -# __docker_complete_plugins_installed applies completion of plugins that were installed -# with the Docker plugin API, based on the current value of `$cur` or the value of -# the optional first option `--cur`, if given. -# Additional filters may be appended, see `__docker_plugins_installed`. -# For completion of built-in pugins, see `__docker_complete_plugins_bundled`. -__docker_complete_plugins_installed() { - local current="$cur" - if [ "$1" = "--cur" ] ; then - current="$2" - shift 2 - fi - COMPREPLY=( $(compgen -W "$(__docker_plugins_installed "$@")" -- "$current") ) -} - -__docker_runtimes() { - __docker_q info | sed -n 's/^Runtimes: \(.*\)/\1/p' -} - -__docker_complete_runtimes() { - COMPREPLY=( $(compgen -W "$(__docker_runtimes)" -- "$cur") ) -} - -# __docker_secrets returns a list of secrets. Additional options to -# `docker secret ls` may be specified in order to filter the list, e.g. -# `__docker_secrets --filter label=stage=production` -# By default, only names are returned. -# Set DOCKER_COMPLETION_SHOW_SECRET_IDS=yes to also complete IDs. -# An optional first option `--id|--name` may be used to limit the -# output to the IDs or names of matching items. This setting takes -# precedence over the environment setting. -__docker_secrets() { - local format - if [ "$1" = "--id" ] ; then - format='{{.ID}}' - shift - elif [ "$1" = "--name" ] ; then - format='{{.Name}}' - shift - elif [ "$DOCKER_COMPLETION_SHOW_SECRET_IDS" = yes ] ; then - format='{{.ID}} {{.Name}}' - else - format='{{.Name}}' - fi - - __docker_q secret ls --format "$format" "$@" -} - -# __docker_complete_secrets applies completion of secrets based on the current value -# of `$cur` or the value of the optional first option `--cur`, if given. -__docker_complete_secrets() { - local current="$cur" - if [ "$1" = "--cur" ] ; then - current="$2" - shift 2 - fi - COMPREPLY=( $(compgen -W "$(__docker_secrets "$@")" -- "$current") ) -} - -# __docker_stacks returns a list of all stacks. -__docker_stacks() { - __docker_q stack ls | awk 'NR>1 {print $1}' -} - -# __docker_complete_stacks applies completion of stacks based on the current value -# of `$cur` or the value of the optional first option `--cur`, if given. -__docker_complete_stacks() { - local current="$cur" - if [ "$1" = "--cur" ] ; then - current="$2" - shift 2 - fi - COMPREPLY=( $(compgen -W "$(__docker_stacks "$@")" -- "$current") ) -} - -# __docker_nodes returns a list of all nodes. Additional options to -# `docker node ls` may be specified in order to filter the list, e.g. -# `__docker_nodes --filter role=manager` -# By default, only node names are returned. -# Set DOCKER_COMPLETION_SHOW_NODE_IDS=yes to also complete node IDs. -# An optional first option `--id|--name` may be used to limit the -# output to the IDs or names of matching items. This setting takes -# precedence over the environment setting. -# Completions may be added with `--add`, e.g. `--add self`. -__docker_nodes() { - local add=() - local fields='$2' # default: node name only - [ "${DOCKER_COMPLETION_SHOW_NODE_IDS}" = yes ] && fields='$1,$2' # ID and name - - while true ; do - case "$1" in - --id) - fields='$1' # IDs only - shift - ;; - --name) - fields='$2' # names only - shift - ;; - --add) - add+=("$2") - shift 2 - ;; - *) - break - ;; - esac - done - - echo $(__docker_q node ls "$@" | tr -d '*' | awk "NR>1 {print $fields}") "${add[@]}" -} - -# __docker_complete_nodes applies completion of nodes based on the current -# value of `$cur` or the value of the optional first option `--cur`, if given. -# Additional filters may be appended, see `__docker_nodes`. -__docker_complete_nodes() { - local current="$cur" - if [ "$1" = "--cur" ] ; then - current="$2" - shift 2 - fi - COMPREPLY=( $(compgen -W "$(__docker_nodes "$@")" -- "$current") ) -} - -# __docker_services returns a list of all services. Additional options to -# `docker service ls` may be specified in order to filter the list, e.g. -# `__docker_services --filter name=xxx` -# By default, only node names are returned. -# Set DOCKER_COMPLETION_SHOW_SERVICE_IDS=yes to also complete IDs. -# An optional first option `--id|--name` may be used to limit the -# output to the IDs or names of matching items. This setting takes -# precedence over the environment setting. -__docker_services() { - local fields='$2' # default: service name only - [ "${DOCKER_COMPLETION_SHOW_SERVICE_IDS}" = yes ] && fields='$1,$2' # ID & name - - if [ "$1" = "--id" ] ; then - fields='$1' # IDs only - shift - elif [ "$1" = "--name" ] ; then - fields='$2' # names only - shift - fi - __docker_q service ls "$@" | awk "NR>1 {print $fields}" -} - -# __docker_complete_services applies completion of services based on the current -# value of `$cur` or the value of the optional first option `--cur`, if given. -# Additional filters may be appended, see `__docker_services`. -__docker_complete_services() { - local current="$cur" - if [ "$1" = "--cur" ] ; then - current="$2" - shift 2 - fi - COMPREPLY=( $(compgen -W "$(__docker_services "$@")" -- "$current") ) -} - -# __docker_tasks returns a list of all task IDs. -__docker_tasks() { - __docker_q service ps --format '{{.ID}}' "" -} - -# __docker_complete_services_and_tasks applies completion of services and task IDs. -__docker_complete_services_and_tasks() { - COMPREPLY=( $(compgen -W "$(__docker_services "$@") $(__docker_tasks)" -- "$cur") ) -} - -# __docker_append_to_completions appends the word passed as an argument to every -# word in `$COMPREPLY`. -# Normally you do this with `compgen -S` while generating the completions. -# This function allows you to append a suffix later. It allows you to use -# the __docker_complete_XXX functions in cases where you need a suffix. -__docker_append_to_completions() { - COMPREPLY=( ${COMPREPLY[@]/%/"$1"} ) -} - -# __docker_daemon_is_experimental tests whether the currently configured Docker -# daemon runs in experimental mode. If so, the function exits with 0 (true). -# Otherwise, or if the result cannot be determined, the exit value is 1 (false). -__docker_daemon_is_experimental() { - [ "$(__docker_q version -f '{{.Server.Experimental}}')" = "true" ] -} - -# __docker_daemon_os_is tests whether the currently configured Docker daemon runs -# on the operating system passed in as the first argument. -# It does so by querying the daemon for its OS. The result is cached for the duration -# of one invocation of bash completion so that this function can be used to test for -# several different operating systems without additional costs. -# Known operating systems: linux, windows. -__docker_daemon_os_is() { - local expected_os="$1" - local actual_os=${daemon_os=$(__docker_q version -f '{{.Server.Os}}')} - [ "$actual_os" = "$expected_os" ] -} - -# __docker_pos_first_nonflag finds the position of the first word that is neither -# option nor an option's argument. If there are options that require arguments, -# you should pass a glob describing those options, e.g. "--option1|-o|--option2" -# Use this function to restrict completions to exact positions after the argument list. -__docker_pos_first_nonflag() { - local argument_flags=$1 - - local counter=$((${subcommand_pos:-${command_pos}} + 1)) - while [ $counter -le $cword ]; do - if [ -n "$argument_flags" ] && eval "case '${words[$counter]}' in $argument_flags) true ;; *) false ;; esac"; then - (( counter++ )) - # eat "=" in case of --option=arg syntax - [ "${words[$counter]}" = "=" ] && (( counter++ )) - else - case "${words[$counter]}" in - -*) - ;; - *) - break - ;; - esac - fi - - # Bash splits words at "=", retaining "=" as a word, examples: - # "--debug=false" => 3 words, "--log-opt syslog-facility=daemon" => 4 words - while [ "${words[$counter + 1]}" = "=" ] ; do - counter=$(( counter + 2)) - done - - (( counter++ )) - done - - echo $counter -} - -# __docker_map_key_of_current_option returns `key` if we are currently completing the -# value of a map option (`key=value`) which matches the extglob given as an argument. -# This function is needed for key-specific completions. -__docker_map_key_of_current_option() { - local glob="$1" - - local key glob_pos - if [ "$cur" = "=" ] ; then # key= case - key="$prev" - glob_pos=$((cword - 2)) - elif [[ $cur == *=* ]] ; then # key=value case (OSX) - key=${cur%=*} - glob_pos=$((cword - 1)) - elif [ "$prev" = "=" ] ; then - key=${words[$cword - 2]} # key=value case - glob_pos=$((cword - 3)) - else - return - fi - - [ "${words[$glob_pos]}" = "=" ] && ((glob_pos--)) # --option=key=value syntax - - [[ ${words[$glob_pos]} == @($glob) ]] && echo "$key" -} - -# __docker_value_of_option returns the value of the first option matching `option_glob`. -# Valid values for `option_glob` are option names like `--log-level` and globs like -# `--log-level|-l` -# Only positions between the command and the current word are considered. -__docker_value_of_option() { - local option_extglob=$(__docker_to_extglob "$1") - - local counter=$((command_pos + 1)) - while [ $counter -lt $cword ]; do - case ${words[$counter]} in - $option_extglob ) - echo ${words[$counter + 1]} - break - ;; - esac - (( counter++ )) - done -} - -# __docker_to_alternatives transforms a multiline list of strings into a single line -# string with the words separated by `|`. -# This is used to prepare arguments to __docker_pos_first_nonflag(). -__docker_to_alternatives() { - local parts=( $1 ) - local IFS='|' - echo "${parts[*]}" -} - -# __docker_to_extglob transforms a multiline list of options into an extglob pattern -# suitable for use in case statements. -__docker_to_extglob() { - local extglob=$( __docker_to_alternatives "$1" ) - echo "@($extglob)" -} - -# __docker_subcommands processes subcommands -# Locates the first occurrence of any of the subcommands contained in the -# first argument. In case of a match, calls the corresponding completion -# function and returns 0. -# If no match is found, 1 is returned. The calling function can then -# continue processing its completion. -# -# TODO if the preceding command has options that accept arguments and an -# argument is equal ot one of the subcommands, this is falsely detected as -# a match. -__docker_subcommands() { - local subcommands="$1" - - local counter=$(($command_pos + 1)) - while [ $counter -lt $cword ]; do - case "${words[$counter]}" in - $(__docker_to_extglob "$subcommands") ) - subcommand_pos=$counter - local subcommand=${words[$counter]} - local completions_func=_docker_${command}_${subcommand//-/_} - declare -F $completions_func >/dev/null && $completions_func - return 0 - ;; - esac - (( counter++ )) - done - return 1 -} - -# __docker_nospace suppresses trailing whitespace -__docker_nospace() { - # compopt is not available in ancient bash versions - type compopt &>/dev/null && compopt -o nospace -} - -__docker_complete_resolved_hostname() { - command -v host >/dev/null 2>&1 || return - COMPREPLY=( $(host 2>/dev/null "${cur%:}" | awk '/has address/ {print $4}') ) -} - -__docker_local_interfaces() { - command -v ip >/dev/null 2>&1 || return - ip addr show scope global 2>/dev/null | sed -n 's| \+inet \([0-9.]\+\).* \([^ ]\+\)|\1 \2|p' -} - -__docker_complete_local_interfaces() { - local additional_interface - if [ "$1" = "--add" ] ; then - additional_interface="$2" - fi - - COMPREPLY=( $( compgen -W "$(__docker_local_interfaces) $additional_interface" -- "$cur" ) ) -} - -# __docker_complete_capabilities_addable completes Linux capabilities which are -# not granted by default and may be added. -# see https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities -__docker_complete_capabilities_addable() { - COMPREPLY=( $( compgen -W " - ALL - AUDIT_CONTROL - BLOCK_SUSPEND - DAC_READ_SEARCH - IPC_LOCK - IPC_OWNER - LEASE - LINUX_IMMUTABLE - MAC_ADMIN - MAC_OVERRIDE - NET_ADMIN - NET_BROADCAST - SYS_ADMIN - SYS_BOOT - SYSLOG - SYS_MODULE - SYS_NICE - SYS_PACCT - SYS_PTRACE - SYS_RAWIO - SYS_RESOURCE - SYS_TIME - SYS_TTY_CONFIG - WAKE_ALARM - " -- "$cur" ) ) -} - -# __docker_complete_capabilities_droppable completes Linux capability options which are -# allowed by default and can be dropped. -# see https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities -__docker_complete_capabilities_droppable() { - COMPREPLY=( $( compgen -W " - ALL - AUDIT_WRITE - CHOWN - DAC_OVERRIDE - FOWNER - FSETID - KILL - MKNOD - NET_BIND_SERVICE - NET_RAW - SETFCAP - SETGID - SETPCAP - SETUID - SYS_CHROOT - " -- "$cur" ) ) -} - -__docker_complete_detach_keys() { - case "$prev" in - --detach-keys) - case "$cur" in - *,) - COMPREPLY=( $( compgen -W "${cur}ctrl-" -- "$cur" ) ) - ;; - *) - COMPREPLY=( $( compgen -W "ctrl-" -- "$cur" ) ) - ;; - esac - - __docker_nospace - return - ;; - esac - return 1 -} - -__docker_complete_isolation() { - COMPREPLY=( $( compgen -W "default hyperv process" -- "$cur" ) ) -} - -__docker_complete_log_drivers() { - COMPREPLY=( $( compgen -W " - awslogs - etwlogs - fluentd - gcplogs - gelf - journald - json-file - logentries - none - splunk - syslog - " -- "$cur" ) ) -} - -__docker_complete_log_options() { - # see repository docker/docker.github.io/engine/admin/logging/ - - # really global options, defined in https://github.com/moby/moby/blob/master/daemon/logger/factory.go - local common_options1="max-buffer-size mode" - # common options defined in https://github.com/moby/moby/blob/master/daemon/logger/loginfo.go - # but not implemented in all log drivers - local common_options2="env env-regex labels" - - # awslogs does not implement the $common_options2. - local awslogs_options="$common_options1 awslogs-create-group awslogs-group awslogs-region awslogs-stream tag" - - local fluentd_options="$common_options1 $common_options2 fluentd-address fluentd-async-connect fluentd-buffer-limit fluentd-retry-wait fluentd-max-retries tag" - local gcplogs_options="$common_options1 $common_options2 gcp-log-cmd gcp-meta-id gcp-meta-name gcp-meta-zone gcp-project" - local gelf_options="$common_options1 $common_options2 gelf-address gelf-compression-level gelf-compression-type tag" - local journald_options="$common_options1 $common_options2 tag" - local json_file_options="$common_options1 $common_options2 max-file max-size" - local logentries_options="$common_options1 $common_options2 logentries-token tag" - local splunk_options="$common_options1 $common_options2 splunk-caname splunk-capath splunk-format splunk-gzip splunk-gzip-level splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url splunk-verify-connection tag" - local syslog_options="$common_options1 $common_options2 syslog-address syslog-facility syslog-format syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify tag" - - local all_options="$fluentd_options $gcplogs_options $gelf_options $journald_options $logentries_options $json_file_options $syslog_options $splunk_options" - - case $(__docker_value_of_option --log-driver) in - '') - COMPREPLY=( $( compgen -W "$all_options" -S = -- "$cur" ) ) - ;; - awslogs) - COMPREPLY=( $( compgen -W "$awslogs_options" -S = -- "$cur" ) ) - ;; - fluentd) - COMPREPLY=( $( compgen -W "$fluentd_options" -S = -- "$cur" ) ) - ;; - gcplogs) - COMPREPLY=( $( compgen -W "$gcplogs_options" -S = -- "$cur" ) ) - ;; - gelf) - COMPREPLY=( $( compgen -W "$gelf_options" -S = -- "$cur" ) ) - ;; - journald) - COMPREPLY=( $( compgen -W "$journald_options" -S = -- "$cur" ) ) - ;; - json-file) - COMPREPLY=( $( compgen -W "$json_file_options" -S = -- "$cur" ) ) - ;; - logentries) - COMPREPLY=( $( compgen -W "$logentries_options" -S = -- "$cur" ) ) - ;; - syslog) - COMPREPLY=( $( compgen -W "$syslog_options" -S = -- "$cur" ) ) - ;; - splunk) - COMPREPLY=( $( compgen -W "$splunk_options" -S = -- "$cur" ) ) - ;; - *) - return - ;; - esac - - __docker_nospace -} - -__docker_complete_log_driver_options() { - local key=$(__docker_map_key_of_current_option '--log-opt') - case "$key" in - awslogs-create-group) - COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) - return - ;; - fluentd-async-connect) - COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) - return - ;; - gelf-address) - COMPREPLY=( $( compgen -W "udp" -S "://" -- "${cur##*=}" ) ) - __docker_nospace - return - ;; - gelf-compression-level) - COMPREPLY=( $( compgen -W "1 2 3 4 5 6 7 8 9" -- "${cur##*=}" ) ) - return - ;; - gelf-compression-type) - COMPREPLY=( $( compgen -W "gzip none zlib" -- "${cur##*=}" ) ) - return - ;; - mode) - COMPREPLY=( $( compgen -W "blocking non-blocking" -- "${cur##*=}" ) ) - return - ;; - syslog-address) - COMPREPLY=( $( compgen -W "tcp:// tcp+tls:// udp:// unix://" -- "${cur##*=}" ) ) - __docker_nospace - __ltrim_colon_completions "${cur}" - return - ;; - syslog-facility) - COMPREPLY=( $( compgen -W " - auth - authpriv - cron - daemon - ftp - kern - local0 - local1 - local2 - local3 - local4 - local5 - local6 - local7 - lpr - mail - news - syslog - user - uucp - " -- "${cur##*=}" ) ) - return - ;; - syslog-format) - COMPREPLY=( $( compgen -W "rfc3164 rfc5424 rfc5424micro" -- "${cur##*=}" ) ) - return - ;; - syslog-tls-ca-cert|syslog-tls-cert|syslog-tls-key) - _filedir - return - ;; - syslog-tls-skip-verify) - COMPREPLY=( $( compgen -W "true" -- "${cur##*=}" ) ) - return - ;; - splunk-url) - COMPREPLY=( $( compgen -W "http:// https://" -- "${cur##*=}" ) ) - __docker_nospace - __ltrim_colon_completions "${cur}" - return - ;; - splunk-gzip|splunk-insecureskipverify|splunk-verify-connection) - COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) - return - ;; - splunk-format) - COMPREPLY=( $( compgen -W "inline json raw" -- "${cur##*=}" ) ) - return - ;; - esac - return 1 -} - -__docker_complete_log_levels() { - COMPREPLY=( $( compgen -W "debug info warn error fatal" -- "$cur" ) ) -} - -__docker_complete_restart() { - case "$prev" in - --restart) - case "$cur" in - on-failure:*) - ;; - *) - COMPREPLY=( $( compgen -W "always no on-failure on-failure: unless-stopped" -- "$cur") ) - ;; - esac - return - ;; - esac - return 1 -} - -# __docker_complete_signals returns a subset of the available signals that is most likely -# relevant in the context of docker containers -__docker_complete_signals() { - local signals=( - SIGCONT - SIGHUP - SIGINT - SIGKILL - SIGQUIT - SIGSTOP - SIGTERM - SIGUSR1 - SIGUSR2 - ) - COMPREPLY=( $( compgen -W "${signals[*]} ${signals[*]#SIG}" -- "$( echo $cur | tr '[:lower:]' '[:upper:]')" ) ) -} - -__docker_complete_user_group() { - if [[ $cur == *:* ]] ; then - COMPREPLY=( $(compgen -g -- "${cur#*:}") ) - else - COMPREPLY=( $(compgen -u -S : -- "$cur") ) - __docker_nospace - fi -} - -_docker_docker() { - # global options that may appear after the docker command - local boolean_options=" - $global_boolean_options - --help - --version -v - " - - case "$prev" in - --config) - _filedir -d - return - ;; - --log-level|-l) - __docker_complete_log_levels - return - ;; - $(__docker_to_extglob "$global_options_with_args") ) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "$boolean_options $global_options_with_args" -- "$cur" ) ) - ;; - *) - local counter=$( __docker_pos_first_nonflag "$(__docker_to_extglob "$global_options_with_args")" ) - if [ $cword -eq $counter ]; then - __docker_daemon_is_experimental && commands+=(${experimental_commands[*]}) - COMPREPLY=( $( compgen -W "${commands[*]} help" -- "$cur" ) ) - fi - ;; - esac -} - -_docker_attach() { - _docker_container_attach -} - -_docker_build() { - _docker_image_build -} - - -_docker_checkpoint() { - local subcommands=" - create - ls - rm - " - local aliases=" - list - remove - " - __docker_subcommands "$subcommands $aliases" && return - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) - ;; - esac -} - -_docker_checkpoint_create() { - case "$prev" in - --checkpoint-dir) - _filedir -d - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--checkpoint-dir --help --leave-running" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag '--checkpoint-dir') - if [ $cword -eq $counter ]; then - __docker_complete_containers_running - fi - ;; - esac -} - -_docker_checkpoint_ls() { - case "$prev" in - --checkpoint-dir) - _filedir -d - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--checkpoint-dir --help" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag '--checkpoint-dir') - if [ $cword -eq $counter ]; then - __docker_complete_containers_all - fi - ;; - esac -} - -_docker_checkpoint_rm() { - case "$prev" in - --checkpoint-dir) - _filedir -d - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--checkpoint-dir --help" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag '--checkpoint-dir') - if [ $cword -eq $counter ]; then - __docker_complete_containers_all - elif [ $cword -eq $(($counter + 1)) ]; then - COMPREPLY=( $( compgen -W "$(__docker_q checkpoint ls "$prev" | sed 1d)" -- "$cur" ) ) - fi - ;; - esac -} - - -_docker_container() { - local subcommands=" - attach - commit - cp - create - diff - exec - export - inspect - kill - logs - ls - pause - port - prune - rename - restart - rm - run - start - stats - stop - top - unpause - update - wait - " - local aliases=" - list - ps - " - __docker_subcommands "$subcommands $aliases" && return - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) - ;; - esac -} - -_docker_container_attach() { - __docker_complete_detach_keys && return - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--detach-keys --help --no-stdin --sig-proxy=false" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag '--detach-keys') - if [ $cword -eq $counter ]; then - __docker_complete_containers_running - fi - ;; - esac -} - -_docker_container_commit() { - case "$prev" in - --author|-a|--change|-c|--message|-m) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--author -a --change -c --help --message -m --pause=false -p=false" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag '--author|-a|--change|-c|--message|-m') - - if [ $cword -eq $counter ]; then - __docker_complete_containers_all - return - fi - (( counter++ )) - - if [ $cword -eq $counter ]; then - __docker_complete_image_repos_and_tags - return - fi - ;; - esac -} - -_docker_container_cp() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--follow-link -L --help" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - case "$cur" in - *:) - return - ;; - *) - # combined container and filename completion - _filedir - local files=( ${COMPREPLY[@]} ) - - __docker_complete_containers_all - COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) ) - local containers=( ${COMPREPLY[@]} ) - - COMPREPLY=( $( compgen -W "${files[*]} ${containers[*]}" -- "$cur" ) ) - if [[ "$COMPREPLY" == *: ]]; then - __docker_nospace - fi - return - ;; - esac - fi - (( counter++ )) - - if [ $cword -eq $counter ]; then - if [ -e "$prev" ]; then - __docker_complete_containers_all - COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) ) - __docker_nospace - else - _filedir - fi - return - fi - ;; - esac -} - -_docker_container_create() { - _docker_container_run_and_create -} - -_docker_container_diff() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_complete_containers_all - fi - ;; - esac -} - -_docker_container_exec() { - __docker_complete_detach_keys && return - - case "$prev" in - --env|-e) - # we do not append a "=" here because "-e VARNAME" is legal systax, too - COMPREPLY=( $( compgen -e -- "$cur" ) ) - __docker_nospace - return - ;; - --user|-u) - __docker_complete_user_group - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--detach -d --detach-keys --env -e --help --interactive -i --privileged -t --tty -u --user" -- "$cur" ) ) - ;; - *) - __docker_complete_containers_running - ;; - esac -} - -_docker_container_export() { - case "$prev" in - --output|-o) - _filedir - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help --output -o" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_complete_containers_all - fi - ;; - esac -} - -_docker_container_inspect() { - _docker_inspect --type container -} - -_docker_container_kill() { - case "$prev" in - --signal|-s) - __docker_complete_signals - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help --signal -s" -- "$cur" ) ) - ;; - *) - __docker_complete_containers_running - ;; - esac -} - -_docker_container_logs() { - case "$prev" in - --since|--tail) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--details --follow -f --help --since --tail --timestamps -t" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag '--since|--tail') - if [ $cword -eq $counter ]; then - __docker_complete_containers_all - fi - ;; - esac -} - -_docker_container_list() { - _docker_container_ls -} - -_docker_container_ls() { - local key=$(__docker_map_key_of_current_option '--filter|-f') - case "$key" in - ancestor) - cur="${cur##*=}" - __docker_complete_images - return - ;; - before) - __docker_complete_containers_all --cur "${cur##*=}" - return - ;; - expose|publish) - return - ;; - id) - __docker_complete_containers_all --cur "${cur##*=}" --id - return - ;; - health) - COMPREPLY=( $( compgen -W "healthy starting none unhealthy" -- "${cur##*=}" ) ) - return - ;; - is-task) - COMPREPLY=( $( compgen -W "true false" -- "${cur##*=}" ) ) - return - ;; - name) - __docker_complete_containers_all --cur "${cur##*=}" --name - return - ;; - network) - __docker_complete_networks --cur "${cur##*=}" - return - ;; - since) - __docker_complete_containers_all --cur "${cur##*=}" - return - ;; - status) - COMPREPLY=( $( compgen -W "created dead exited paused restarting running removing" -- "${cur##*=}" ) ) - return - ;; - volume) - __docker_complete_volumes --cur "${cur##*=}" - return - ;; - esac - - case "$prev" in - --filter|-f) - COMPREPLY=( $( compgen -S = -W "ancestor before exited expose health id is-task label name network publish since status volume" -- "$cur" ) ) - __docker_nospace - return - ;; - --format|--last|-n) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--all -a --filter -f --format --help --last -n --latest -l --no-trunc --quiet -q --size -s" -- "$cur" ) ) - ;; - esac -} - -_docker_container_pause() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - __docker_complete_containers_running - ;; - esac -} - -_docker_container_port() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_complete_containers_all - fi - ;; - esac -} - -_docker_container_prune() { - case "$prev" in - --filter) - COMPREPLY=( $( compgen -W "until" -S = -- "$cur" ) ) - __docker_nospace - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--force -f --filter --help" -- "$cur" ) ) - ;; - esac -} - -_docker_container_ps() { - _docker_container_ls -} - -_docker_container_rename() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_complete_containers_all - fi - ;; - esac -} - -_docker_container_restart() { - case "$prev" in - --time|-t) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help --time -t" -- "$cur" ) ) - ;; - *) - __docker_complete_containers_all - ;; - esac -} - -_docker_container_rm() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--force -f --help --link -l --volumes -v" -- "$cur" ) ) - ;; - *) - for arg in "${COMP_WORDS[@]}"; do - case "$arg" in - --force|-f) - __docker_complete_containers_all - return - ;; - esac - done - __docker_complete_containers_removable - ;; - esac -} - -_docker_container_run() { - _docker_container_run_and_create -} - -# _docker_container_run_and_create is the combined completion for `_docker_container_run` -# and `_docker_container_create` -_docker_container_run_and_create() { - local options_with_args=" - --add-host - --attach -a - --blkio-weight - --blkio-weight-device - --cap-add - --cap-drop - --cgroup-parent - --cidfile - --cpu-period - --cpu-quota - --cpu-rt-period - --cpu-rt-runtime - --cpuset-cpus - --cpus - --cpuset-mems - --cpu-shares -c - --device - --device-cgroup-rule - --device-read-bps - --device-read-iops - --device-write-bps - --device-write-iops - --dns - --dns-option - --dns-search - --entrypoint - --env -e - --env-file - --expose - --group-add - --health-cmd - --health-interval - --health-retries - --health-start-period - --health-timeout - --hostname -h - --ip - --ip6 - --ipc - --kernel-memory - --label-file - --label -l - --link - --link-local-ip - --log-driver - --log-opt - --mac-address - --memory -m - --memory-swap - --memory-swappiness - --memory-reservation - --mount - --name - --network - --network-alias - --oom-score-adj - --pid - --pids-limit - --publish -p - --restart - --runtime - --security-opt - --shm-size - --stop-signal - --stop-timeout - --storage-opt - --tmpfs - --sysctl - --ulimit - --user -u - --userns - --uts - --volume-driver - --volumes-from - --volume -v - --workdir -w - " - __docker_daemon_os_is windows && options_with_args+=" - --cpu-count - --cpu-percent - --io-maxbandwidth - --io-maxiops - --isolation - " - - local boolean_options=" - --disable-content-trust=false - --help - --init - --interactive -i - --no-healthcheck - --oom-kill-disable - --privileged - --publish-all -P - --read-only - --tty -t - " - - if [ "$command" = "run" -o "$subcommand" = "run" ] ; then - options_with_args="$options_with_args - --detach-keys - " - boolean_options="$boolean_options - --detach -d - --rm - --sig-proxy=false - " - __docker_complete_detach_keys && return - fi - - local all_options="$options_with_args $boolean_options" - - - __docker_complete_log_driver_options && return - __docker_complete_restart && return - - local key=$(__docker_map_key_of_current_option '--security-opt') - case "$key" in - label) - [[ $cur == *: ]] && return - COMPREPLY=( $( compgen -W "user: role: type: level: disable" -- "${cur##*=}") ) - if [ "${COMPREPLY[*]}" != "disable" ] ; then - __docker_nospace - fi - return - ;; - seccomp) - local cur=${cur##*=} - _filedir - COMPREPLY+=( $( compgen -W "unconfined" -- "$cur" ) ) - return - ;; - esac - - case "$prev" in - --add-host) - case "$cur" in - *:) - __docker_complete_resolved_hostname - return - ;; - esac - ;; - --attach|-a) - COMPREPLY=( $( compgen -W 'stdin stdout stderr' -- "$cur" ) ) - return - ;; - --cap-add) - __docker_complete_capabilities_addable - return - ;; - --cap-drop) - __docker_complete_capabilities_droppable - return - ;; - --cidfile|--env-file|--label-file) - _filedir - return - ;; - --device|--tmpfs|--volume|-v) - case "$cur" in - *:*) - # TODO somehow do _filedir for stuff inside the image, if it's already specified (which is also somewhat difficult to determine) - ;; - '') - COMPREPLY=( $( compgen -W '/' -- "$cur" ) ) - __docker_nospace - ;; - /*) - _filedir - __docker_nospace - ;; - esac - return - ;; - --env|-e) - # we do not append a "=" here because "-e VARNAME" is legal systax, too - COMPREPLY=( $( compgen -e -- "$cur" ) ) - __docker_nospace - return - ;; - --ipc) - case "$cur" in - *:*) - cur="${cur#*:}" - __docker_complete_containers_running - ;; - *) - COMPREPLY=( $( compgen -W 'host container:' -- "$cur" ) ) - if [ "$COMPREPLY" = "container:" ]; then - __docker_nospace - fi - ;; - esac - return - ;; - --isolation) - if __docker_daemon_os_is windows ; then - __docker_complete_isolation - return - fi - ;; - --link) - case "$cur" in - *:*) - ;; - *) - __docker_complete_containers_running - COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) ) - __docker_nospace - ;; - esac - return - ;; - --log-driver) - __docker_complete_log_drivers - return - ;; - --log-opt) - __docker_complete_log_options - return - ;; - --network) - case "$cur" in - container:*) - __docker_complete_containers_all --cur "${cur#*:}" - ;; - *) - COMPREPLY=( $( compgen -W "$(__docker_plugins_bundled --type Network) $(__docker_networks) container:" -- "$cur") ) - if [ "${COMPREPLY[*]}" = "container:" ] ; then - __docker_nospace - fi - ;; - esac - return - ;; - --pid) - case "$cur" in - *:*) - __docker_complete_containers_running --cur "${cur#*:}" - ;; - *) - COMPREPLY=( $( compgen -W 'host container:' -- "$cur" ) ) - if [ "$COMPREPLY" = "container:" ]; then - __docker_nospace - fi - ;; - esac - return - ;; - --runtime) - __docker_complete_runtimes - return - ;; - --security-opt) - COMPREPLY=( $( compgen -W "apparmor= label= no-new-privileges seccomp=" -- "$cur") ) - if [ "${COMPREPLY[*]}" != "no-new-privileges" ] ; then - __docker_nospace - fi - return - ;; - --stop-signal) - __docker_complete_signals - return - ;; - --storage-opt) - COMPREPLY=( $( compgen -W "size" -S = -- "$cur") ) - __docker_nospace - return - ;; - --user|-u) - __docker_complete_user_group - return - ;; - --userns) - COMPREPLY=( $( compgen -W "host" -- "$cur" ) ) - return - ;; - --volume-driver) - __docker_complete_plugins_bundled --type Volume - return - ;; - --volumes-from) - __docker_complete_containers_all - return - ;; - $(__docker_to_extglob "$options_with_args") ) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "$all_options" -- "$cur" ) ) - ;; - *) - local counter=$( __docker_pos_first_nonflag $( __docker_to_alternatives "$options_with_args" ) ) - if [ $cword -eq $counter ]; then - __docker_complete_images - fi - ;; - esac -} - -_docker_container_start() { - __docker_complete_detach_keys && return - - case "$prev" in - --checkpoint) - if [ __docker_daemon_is_experimental ] ; then - return - fi - ;; - --checkpoint-dir) - if [ __docker_daemon_is_experimental ] ; then - _filedir -d - return - fi - ;; - esac - - case "$cur" in - -*) - local options="--attach -a --detach-keys --help --interactive -i" - __docker_daemon_is_experimental && options+=" --checkpoint --checkpoint-dir" - COMPREPLY=( $( compgen -W "$options" -- "$cur" ) ) - ;; - *) - __docker_complete_containers_stopped - ;; - esac -} - -_docker_container_stats() { - case "$prev" in - --format) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--all -a --format --help --no-stream" -- "$cur" ) ) - ;; - *) - __docker_complete_containers_running - ;; - esac -} - -_docker_container_stop() { - case "$prev" in - --time|-t) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help --time -t" -- "$cur" ) ) - ;; - *) - __docker_complete_containers_running - ;; - esac -} - -_docker_container_top() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_complete_containers_running - fi - ;; - esac -} - -_docker_container_unpause() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_complete_containers_unpauseable - fi - ;; - esac -} - -_docker_container_update() { - local options_with_args=" - --blkio-weight - --cpu-period - --cpu-quota - --cpu-rt-period - --cpu-rt-runtime - --cpus - --cpuset-cpus - --cpuset-mems - --cpu-shares -c - --kernel-memory - --memory -m - --memory-reservation - --memory-swap - --restart - " - - local boolean_options=" - --help - " - - local all_options="$options_with_args $boolean_options" - - __docker_complete_restart && return - - case "$prev" in - $(__docker_to_extglob "$options_with_args") ) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "$all_options" -- "$cur" ) ) - ;; - *) - __docker_complete_containers_all - ;; - esac -} - -_docker_container_wait() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - __docker_complete_containers_all - ;; - esac -} - - -_docker_commit() { - _docker_container_commit -} - -_docker_cp() { - _docker_container_cp -} - -_docker_create() { - _docker_container_create -} - -_docker_daemon() { - local boolean_options=" - $global_boolean_options - --disable-legacy-registry - --experimental - --help - --icc=false - --init - --ip-forward=false - --ip-masq=false - --iptables=false - --ipv6 - --live-restore - --raw-logs - --selinux-enabled - --userland-proxy=false - " - local options_with_args=" - $global_options_with_args - --add-runtime - --allow-nondistributable-artifacts - --api-cors-header - --authorization-plugin - --bip - --bridge -b - --cgroup-parent - --cluster-advertise - --cluster-store - --cluster-store-opt - --config-file - --containerd - --data-root - --default-gateway - --default-gateway-v6 - --default-shm-size - --default-ulimit - --dns - --dns-search - --dns-opt - --exec-opt - --exec-root - --fixed-cidr - --fixed-cidr-v6 - --group -G - --init-path - --insecure-registry - --ip - --label - --log-driver - --log-opt - --max-concurrent-downloads - --max-concurrent-uploads - --mtu - --oom-score-adjust - --pidfile -p - --registry-mirror - --seccomp-profile - --shutdown-timeout - --storage-driver -s - --storage-opt - --userland-proxy-path - --userns-remap - " - - __docker_complete_log_driver_options && return - - key=$(__docker_map_key_of_current_option '--cluster-store-opt') - case "$key" in - kv.*file) - cur=${cur##*=} - _filedir - return - ;; - esac - - local key=$(__docker_map_key_of_current_option '--storage-opt') - case "$key" in - dm.blkdiscard|dm.override_udev_sync_check|dm.use_deferred_removal|dm.use_deferred_deletion) - COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) - return - ;; - dm.directlvm_device|dm.thinpooldev) - cur=${cur##*=} - _filedir - return - ;; - dm.fs) - COMPREPLY=( $( compgen -W "ext4 xfs" -- "${cur##*=}" ) ) - return - ;; - esac - - case "$prev" in - --authorization-plugin) - __docker_complete_plugins_bundled --type Authorization - return - ;; - --cluster-store) - COMPREPLY=( $( compgen -W "consul etcd zk" -S "://" -- "$cur" ) ) - __docker_nospace - return - ;; - --cluster-store-opt) - COMPREPLY=( $( compgen -W "discovery.heartbeat discovery.ttl kv.cacertfile kv.certfile kv.keyfile kv.path" -S = -- "$cur" ) ) - __docker_nospace - return - ;; - --config-file|--containerd|--init-path|--pidfile|-p|--tlscacert|--tlscert|--tlskey|--userland-proxy-path) - _filedir - return - ;; - --exec-root|--data-root) - _filedir -d - return - ;; - --log-driver) - __docker_complete_log_drivers - return - ;; - --storage-driver|-s) - COMPREPLY=( $( compgen -W "aufs btrfs devicemapper overlay overlay2 vfs zfs" -- "$(echo $cur | tr '[:upper:]' '[:lower:]')" ) ) - return - ;; - --storage-opt) - local btrfs_options="btrfs.min_space" - local devicemapper_options=" - dm.basesize - dm.blkdiscard - dm.blocksize - dm.directlvm_device - dm.fs - dm.loopdatasize - dm.loopmetadatasize - dm.min_free_space - dm.mkfsarg - dm.mountopt - dm.override_udev_sync_check - dm.thinpooldev - dm.thinp_autoextend_percent - dm.thinp_autoextend_threshold - dm.thinp_metapercent - dm.thinp_percent - dm.use_deferred_deletion - dm.use_deferred_removal - " - local zfs_options="zfs.fsname" - - case $(__docker_value_of_option '--storage-driver|-s') in - '') - COMPREPLY=( $( compgen -W "$btrfs_options $devicemapper_options $zfs_options" -S = -- "$cur" ) ) - ;; - btrfs) - COMPREPLY=( $( compgen -W "$btrfs_options" -S = -- "$cur" ) ) - ;; - devicemapper) - COMPREPLY=( $( compgen -W "$devicemapper_options" -S = -- "$cur" ) ) - ;; - zfs) - COMPREPLY=( $( compgen -W "$zfs_options" -S = -- "$cur" ) ) - ;; - *) - return - ;; - esac - __docker_nospace - return - ;; - --log-level|-l) - __docker_complete_log_levels - return - ;; - --log-opt) - __docker_complete_log_options - return - ;; - --seccomp-profile) - _filedir json - return - ;; - --userns-remap) - __docker_complete_user_group - return - ;; - $(__docker_to_extglob "$options_with_args") ) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) ) - ;; - esac -} - -_docker_deploy() { - __docker_daemon_is_experimental && _docker_stack_deploy -} - -_docker_diff() { - _docker_container_diff -} - -_docker_events() { - _docker_system_events -} - -_docker_exec() { - _docker_container_exec -} - -_docker_export() { - _docker_container_export -} - -_docker_help() { - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - COMPREPLY=( $( compgen -W "${commands[*]}" -- "$cur" ) ) - fi -} - -_docker_history() { - _docker_image_history -} - - -_docker_image() { - local subcommands=" - build - history - import - inspect - load - ls - prune - pull - push - rm - save - tag - " - local aliases=" - images - list - remove - rmi - " - __docker_subcommands "$subcommands $aliases" && return - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) - ;; - esac -} - -_docker_image_build() { - local options_with_args=" - --add-host - --build-arg - --cache-from - --cgroup-parent - --cpuset-cpus - --cpuset-mems - --cpu-shares -c - --cpu-period - --cpu-quota - --file -f - --label - --memory -m - --memory-swap - --network - --shm-size - --tag -t - --ulimit - " - __docker_daemon_os_is windows && options_with_args+=" - --isolation - " - - local boolean_options=" - --compress - --disable-content-trust=false - --force-rm - --help - --no-cache - --pull - --quiet -q - --rm - " - __docker_daemon_is_experimental && boolean_options+="--squash" - - local all_options="$options_with_args $boolean_options" - - case "$prev" in - --add-host) - case "$cur" in - *:) - __docker_complete_resolved_hostname - return - ;; - esac - ;; - --build-arg) - COMPREPLY=( $( compgen -e -- "$cur" ) ) - __docker_nospace - return - ;; - --cache-from) - __docker_complete_image_repos_and_tags - return - ;; - --file|-f) - _filedir - return - ;; - --isolation) - if __docker_daemon_os_is windows ; then - __docker_complete_isolation - return - fi - ;; - --network) - case "$cur" in - container:*) - __docker_complete_containers_all --cur "${cur#*:}" - ;; - *) - COMPREPLY=( $( compgen -W "$(__docker_plugins_bundled --type Network) $(__docker_networks) container:" -- "$cur") ) - if [ "${COMPREPLY[*]}" = "container:" ] ; then - __docker_nospace - fi - ;; - esac - return - ;; - --tag|-t) - __docker_complete_image_repos_and_tags - return - ;; - $(__docker_to_extglob "$options_with_args") ) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "$all_options" -- "$cur" ) ) - ;; - *) - local counter=$( __docker_pos_first_nonflag $( __docker_to_alternatives "$options_with_args" ) ) - if [ $cword -eq $counter ]; then - _filedir -d - fi - ;; - esac -} - -_docker_image_history() { - case "$prev" in - --format) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--format --help --human=false -H=false --no-trunc --quiet -q" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_complete_images - fi - ;; - esac -} - -_docker_image_images() { - _docker_image_ls -} - -_docker_image_import() { - case "$prev" in - --change|-c|--message|-m) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--change -c --help --message -m" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag '--change|-c|--message|-m') - if [ $cword -eq $counter ]; then - return - fi - (( counter++ )) - - if [ $cword -eq $counter ]; then - __docker_complete_image_repos_and_tags - return - fi - ;; - esac -} - -_docker_image_inspect() { - _docker_inspect --type image -} - -_docker_image_load() { - case "$prev" in - --input|-i) - _filedir - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help --input -i --quiet -q" -- "$cur" ) ) - ;; - esac -} - -_docker_image_list() { - _docker_image_ls -} - -_docker_image_ls() { - local key=$(__docker_map_key_of_current_option '--filter|-f') - case "$key" in - before|since|reference) - cur="${cur##*=}" - __docker_complete_images - return - ;; - dangling) - COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) - return - ;; - label) - return - ;; - esac - - case "$prev" in - --filter|-f) - COMPREPLY=( $( compgen -S = -W "before dangling label reference since" -- "$cur" ) ) - __docker_nospace - return - ;; - --format) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--all -a --digests --filter -f --format --help --no-trunc --quiet -q" -- "$cur" ) ) - ;; - =) - return - ;; - *) - __docker_complete_image_repos - ;; - esac -} - -_docker_image_prune() { - case "$prev" in - --filter) - COMPREPLY=( $( compgen -W "until" -S = -- "$cur" ) ) - __docker_nospace - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--all -a --force -f --filter --help" -- "$cur" ) ) - ;; - esac -} - -_docker_image_pull() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--all-tags -a --disable-content-trust=false --help" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - for arg in "${COMP_WORDS[@]}"; do - case "$arg" in - --all-tags|-a) - __docker_complete_image_repos - return - ;; - esac - done - __docker_complete_image_repos_and_tags - fi - ;; - esac -} - -_docker_image_push() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--disable-content-trust=false --help" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_complete_image_repos_and_tags - fi - ;; - esac -} - -_docker_image_remove() { - _docker_image_rm -} - -_docker_image_rm() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--force -f --help --no-prune" -- "$cur" ) ) - ;; - *) - __docker_complete_images - ;; - esac -} - -_docker_image_rmi() { - _docker_image_rm -} - -_docker_image_save() { - case "$prev" in - --output|-o) - _filedir - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help --output -o" -- "$cur" ) ) - ;; - *) - __docker_complete_images - ;; - esac -} - -_docker_image_tag() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag) - - if [ $cword -eq $counter ]; then - __docker_complete_image_repos_and_tags - return - fi - (( counter++ )) - - if [ $cword -eq $counter ]; then - __docker_complete_image_repos_and_tags - return - fi - ;; - esac -} - - -_docker_images() { - _docker_image_ls -} - -_docker_import() { - _docker_image_import -} - -_docker_info() { - _docker_system_info -} - -_docker_inspect() { - local preselected_type - local type - - if [ "$1" = "--type" ] ; then - preselected_type=yes - type="$2" - else - type=$(__docker_value_of_option --type) - fi - - case "$prev" in - --format|-f) - return - ;; - --type) - if [ -z "$preselected_type" ] ; then - COMPREPLY=( $( compgen -W "container image network node plugin secret service volume" -- "$cur" ) ) - return - fi - ;; - esac - - case "$cur" in - -*) - local options="--format -f --help --size -s" - if [ -z "$preselected_type" ] ; then - options+=" --type" - fi - COMPREPLY=( $( compgen -W "$options" -- "$cur" ) ) - ;; - *) - case "$type" in - '') - COMPREPLY=( $( compgen -W " - $(__docker_containers --all) - $(__docker_images) - $(__docker_networks) - $(__docker_nodes) - $(__docker_plugins_installed) - $(__docker_secrets) - $(__docker_services) - $(__docker_volumes) - " -- "$cur" ) ) - ;; - container) - __docker_complete_containers_all - ;; - image) - __docker_complete_images - ;; - network) - __docker_complete_networks - ;; - node) - __docker_complete_nodes - ;; - plugin) - __docker_complete_plugins_installed - ;; - secret) - __docker_complete_secrets - ;; - service) - __docker_complete_services - ;; - volume) - __docker_complete_volumes - ;; - esac - esac -} - -_docker_kill() { - _docker_container_kill -} - -_docker_load() { - _docker_image_load -} - -_docker_login() { - case "$prev" in - --password|-p|--username|-u) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help --password -p --username -u" -- "$cur" ) ) - ;; - esac -} - -_docker_logout() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - esac -} - -_docker_logs() { - _docker_container_logs -} - -_docker_network_connect() { - local options_with_args=" - --alias - --ip - --ip6 - --link - --link-local-ip - " - - local boolean_options=" - --help - " - - case "$prev" in - --link) - case "$cur" in - *:*) - ;; - *) - __docker_complete_containers_running - COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) ) - __docker_nospace - ;; - esac - return - ;; - $(__docker_to_extglob "$options_with_args") ) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) ) - ;; - *) - local counter=$( __docker_pos_first_nonflag $( __docker_to_alternatives "$options_with_args" ) ) - if [ $cword -eq $counter ]; then - __docker_complete_networks - elif [ $cword -eq $(($counter + 1)) ]; then - __docker_complete_containers_all - fi - ;; - esac -} - -_docker_network_create() { - case "$prev" in - --aux-address|--gateway|--internal|--ip-range|--ipam-opt|--ipv6|--opt|-o|--subnet) - return - ;; - --ipam-driver) - COMPREPLY=( $( compgen -W "default" -- "$cur" ) ) - return - ;; - --driver|-d) - # remove drivers that allow one instance only, add drivers missing in `docker info` - __docker_complete_plugins_bundled --type Network --remove host --remove null --add macvlan - return - ;; - --label) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--attachable --aux-address --driver -d --gateway --help --internal --ip-range --ipam-driver --ipam-opt --ipv6 --label --opt -o --subnet" -- "$cur" ) ) - ;; - esac -} - -_docker_network_disconnect() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_complete_networks - elif [ $cword -eq $(($counter + 1)) ]; then - __docker_complete_containers_in_network "$prev" - fi - ;; - esac -} - -_docker_network_inspect() { - case "$prev" in - --format|-f) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--format -f --help --verbose" -- "$cur" ) ) - ;; - *) - __docker_complete_networks - esac -} - -_docker_network_ls() { - local key=$(__docker_map_key_of_current_option '--filter|-f') - case "$key" in - driver) - __docker_complete_plugins_bundled --cur "${cur##*=}" --type Network --add macvlan - return - ;; - id) - __docker_complete_networks --cur "${cur##*=}" --id - return - ;; - name) - __docker_complete_networks --cur "${cur##*=}" --name - return - ;; - scope) - COMPREPLY=( $( compgen -W "global local swarm" -- "${cur##*=}" ) ) - return - ;; - type) - COMPREPLY=( $( compgen -W "builtin custom" -- "${cur##*=}" ) ) - return - ;; - esac - - case "$prev" in - --filter|-f) - COMPREPLY=( $( compgen -S = -W "driver id label name scope type" -- "$cur" ) ) - __docker_nospace - return - ;; - --format) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--filter -f --format --help --no-trunc --quiet -q" -- "$cur" ) ) - ;; - esac -} - -_docker_network_prune() { - case "$prev" in - --filter) - COMPREPLY=( $( compgen -W "until" -S = -- "$cur" ) ) - __docker_nospace - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--force -f --filter --help" -- "$cur" ) ) - ;; - esac -} - -_docker_network_rm() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - __docker_complete_networks --filter type=custom - esac -} - -_docker_network() { - local subcommands=" - connect - create - disconnect - inspect - ls - prune - rm - " - local aliases=" - list - remove - " - __docker_subcommands "$subcommands $aliases" && return - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) - ;; - esac -} - -_docker_service() { - local subcommands=" - create - inspect - logs - ls - rm - scale - ps - update - " - - local aliases=" - list - remove - " - __docker_subcommands "$subcommands $aliases" && return - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) - ;; - esac -} - -_docker_service_create() { - _docker_service_update_and_create -} - -_docker_service_inspect() { - case "$prev" in - --format|-f) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--format -f --help --pretty" -- "$cur" ) ) - ;; - *) - __docker_complete_services - esac -} - -_docker_service_logs() { - case "$prev" in - --since|--tail) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--follow -f --help --no-resolve --no-task-ids --no-trunc --since --tail --timestamps -t" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag '--since|--tail') - if [ $cword -eq $counter ]; then - __docker_complete_services_and_tasks - fi - ;; - esac -} - -_docker_service_list() { - _docker_service_ls -} - -_docker_service_ls() { - local key=$(__docker_map_key_of_current_option '--filter|-f') - case "$key" in - id) - __docker_complete_services --cur "${cur##*=}" --id - return - ;; - mode) - COMPREPLY=( $( compgen -W "global replicated" -- "${cur##*=}" ) ) - return - ;; - name) - __docker_complete_services --cur "${cur##*=}" --name - return - ;; - esac - - case "$prev" in - --filter|-f) - COMPREPLY=( $( compgen -W "id label mode name" -S = -- "$cur" ) ) - __docker_nospace - return - ;; - --format) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--filter -f --format --help --quiet -q" -- "$cur" ) ) - ;; - esac -} - -_docker_service_remove() { - _docker_service_rm -} - -_docker_service_rm() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - __docker_complete_services - esac -} - -_docker_service_scale() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - __docker_complete_services - __docker_append_to_completions "=" - __docker_nospace - ;; - esac -} - -_docker_service_ps() { - local key=$(__docker_map_key_of_current_option '--filter|-f') - case "$key" in - desired-state) - COMPREPLY=( $( compgen -W "accepted running shutdown" -- "${cur##*=}" ) ) - return - ;; - name) - __docker_complete_services --cur "${cur##*=}" --name - return - ;; - node) - __docker_complete_nodes --cur "${cur##*=}" --add self - return - ;; - esac - - case "$prev" in - --filter|-f) - COMPREPLY=( $( compgen -W "desired-state id name node" -S = -- "$cur" ) ) - __docker_nospace - return - ;; - --format) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--filter -f --format --help --no-resolve --no-trunc --quiet -q" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag '--filter|-f') - if [ $cword -eq $counter ]; then - __docker_complete_services - fi - ;; - esac -} - -_docker_service_update() { - _docker_service_update_and_create -} - -# _docker_service_update_and_create is the combined completion for `docker service create` -# and `docker service update` -_docker_service_update_and_create() { - local options_with_args=" - --endpoint-mode - --env -e - --force - --health-cmd - --health-interval - --health-retries - --health-start-period - --health-timeout - --hostname - --label -l - --limit-cpu - --limit-memory - --log-driver - --log-opt - --mount - --network - --replicas - --reserve-cpu - --reserve-memory - --restart-condition - --restart-delay - --restart-max-attempts - --restart-window - --rollback-delay - --rollback-failure-action - --rollback-max-failure-ratio - --rollback-monitor - --rollback-parallelism - --stop-grace-period - --stop-signal - --update-delay - --update-failure-action - --update-max-failure-ratio - --update-monitor - --update-parallelism - --user -u - --workdir -w - " - - local boolean_options=" - --help - --no-healthcheck - --read-only - --tty -t - --with-registry-auth - " - - __docker_complete_log_driver_options && return - - if [ "$subcommand" = "create" ] ; then - options_with_args="$options_with_args - --constraint - --container-label - --dns - --dns-option - --dns-search - --env-file - --group - --host - --mode - --name - --placement-pref - --publish -p - --secret - " - - case "$prev" in - --env-file) - _filedir - return - ;; - --group) - COMPREPLY=( $(compgen -g -- "$cur") ) - return - ;; - --host) - case "$cur" in - *:) - __docker_complete_resolved_hostname - return - ;; - esac - ;; - --mode) - COMPREPLY=( $( compgen -W "global replicated" -- "$cur" ) ) - return - ;; - --placement-pref) - COMPREPLY=( $( compgen -W "spread" -S = -- "$cur" ) ) - __docker_nospace - return - ;; - --secret) - __docker_complete_secrets - return - ;; - esac - fi - if [ "$subcommand" = "update" ] ; then - options_with_args="$options_with_args - --arg - --constraint-add - --constraint-rm - --container-label-add - --container-label-rm - --dns-add - --dns-option-add - --dns-option-rm - --dns-rm - --dns-search-add - --dns-search-rm - --group-add - --group-rm - --host-add - --host-rm - --image - --placement-pref-add - --placement-pref-rm - --publish-add - --publish-rm - --rollback - --secret-add - --secret-rm - " - - case "$prev" in - --group-add|--group-rm) - COMPREPLY=( $(compgen -g -- "$cur") ) - return - ;; - --host-add|--host-rm) - case "$cur" in - *:) - __docker_complete_resolved_hostname - return - ;; - esac - ;; - --image) - __docker_complete_image_repos_and_tags - return - ;; - --placement-pref-add|--placement-pref-rm) - COMPREPLY=( $( compgen -W "spread" -S = -- "$cur" ) ) - __docker_nospace - return - ;; - --secret-add|--secret-rm) - __docker_complete_secrets - return - ;; - esac - fi - - local strategy=$(__docker_map_key_of_current_option '--placement-pref|--placement-pref-add|--placement-pref-rm') - case "$strategy" in - spread) - COMPREPLY=( $( compgen -W "engine.labels node.labels" -S . -- "${cur##*=}" ) ) - __docker_nospace - return - ;; - esac - - case "$prev" in - --endpoint-mode) - COMPREPLY=( $( compgen -W "dnsrr vip" -- "$cur" ) ) - return - ;; - --env|-e) - # we do not append a "=" here because "-e VARNAME" is legal systax, too - COMPREPLY=( $( compgen -e -- "$cur" ) ) - __docker_nospace - return - ;; - --log-driver) - __docker_complete_log_drivers - return - ;; - --log-opt) - __docker_complete_log_options - return - ;; - --network) - __docker_complete_networks - return - ;; - --restart-condition) - COMPREPLY=( $( compgen -W "any none on-failure" -- "$cur" ) ) - return - ;; - --rollback-failure-action) - COMPREPLY=( $( compgen -W "continue pause" -- "$cur" ) ) - return - ;; - --stop-signal) - __docker_complete_signals - return - ;; - --update-failure-action) - COMPREPLY=( $( compgen -W "continue pause rollback" -- "$cur" ) ) - return - ;; - --user|-u) - __docker_complete_user_group - return - ;; - $(__docker_to_extglob "$options_with_args") ) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) ) - ;; - *) - local counter=$( __docker_pos_first_nonflag $( __docker_to_alternatives "$options_with_args" ) ) - if [ "$subcommand" = "update" ] ; then - if [ $cword -eq $counter ]; then - __docker_complete_services - fi - else - if [ $cword -eq $counter ]; then - __docker_complete_images - fi - fi - ;; - esac -} - -_docker_swarm() { - local subcommands=" - init - join - join-token - leave - unlock - unlock-key - update - " - __docker_subcommands "$subcommands" && return - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) - ;; - esac -} - -_docker_swarm_init() { - case "$prev" in - --advertise-addr) - if [[ $cur == *: ]] ; then - COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) - else - __docker_complete_local_interfaces - __docker_nospace - fi - return - ;; - --availability) - COMPREPLY=( $( compgen -W "active drain pause" -- "$cur" ) ) - return - ;; - --cert-expiry|--dispatcher-heartbeat|--external-ca|--max-snapshots|--snapshot-interval|--task-history-limit) - return - ;; - --listen-addr) - if [[ $cur == *: ]] ; then - COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) - else - __docker_complete_local_interfaces --add 0.0.0.0 - __docker_nospace - fi - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--advertise-addr --data-path-addr --autolock --availability --cert-expiry --dispatcher-heartbeat --external-ca --force-new-cluster --help --listen-addr --max-snapshots --snapshot-interval --task-history-limit" -- "$cur" ) ) - ;; - esac -} - -_docker_swarm_join() { - case "$prev" in - --advertise-addr) - if [[ $cur == *: ]] ; then - COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) - else - __docker_complete_local_interfaces - __docker_nospace - fi - return - ;; - --listen-addr) - if [[ $cur == *: ]] ; then - COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) - else - __docker_complete_local_interfaces --add 0.0.0.0 - __docker_nospace - fi - return - ;; - --availability) - COMPREPLY=( $( compgen -W "active drain pause" -- "$cur" ) ) - return - ;; - --token) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--advertise-addr --data-path-addr --availability --help --listen-addr --token" -- "$cur" ) ) - ;; - *:) - COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) - ;; - esac -} - -_docker_swarm_join_token() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help --quiet -q --rotate" -- "$cur" ) ) - ;; - *) - local counter=$( __docker_pos_first_nonflag ) - if [ $cword -eq $counter ]; then - COMPREPLY=( $( compgen -W "manager worker" -- "$cur" ) ) - fi - ;; - esac -} - -_docker_swarm_leave() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) ) - ;; - esac -} - -_docker_swarm_unlock() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - esac -} - -_docker_swarm_unlock_key() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help --quiet -q --rotate" -- "$cur" ) ) - ;; - esac -} - -_docker_swarm_update() { - case "$prev" in - --cert-expiry|--dispatcher-heartbeat|--external-ca|--max-snapshots|--snapshot-interval|--task-history-limit) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--autolock --cert-expiry --dispatcher-heartbeat --external-ca --help --max-snapshots --snapshot-interval --task-history-limit" -- "$cur" ) ) - ;; - esac -} - -_docker_node() { - local subcommands=" - demote - inspect - ls - promote - rm - ps - update - " - local aliases=" - list - remove - " - __docker_subcommands "$subcommands $aliases" && return - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) - ;; - esac -} - -_docker_node_demote() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - __docker_complete_nodes --filter role=manager - esac -} - -_docker_node_inspect() { - case "$prev" in - --format|-f) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--format -f --help --pretty" -- "$cur" ) ) - ;; - *) - __docker_complete_nodes --add self - esac -} - -_docker_node_list() { - _docker_node_ls -} - -_docker_node_ls() { - local key=$(__docker_map_key_of_current_option '--filter|-f') - case "$key" in - id) - __docker_complete_nodes --cur "${cur##*=}" --id - return - ;; - membership) - COMPREPLY=( $( compgen -W "accepted pending" -- "${cur##*=}" ) ) - return - ;; - name) - __docker_complete_nodes --cur "${cur##*=}" --name - return - ;; - role) - COMPREPLY=( $( compgen -W "manager worker" -- "${cur##*=}" ) ) - return - ;; - esac - - case "$prev" in - --filter|-f) - COMPREPLY=( $( compgen -W "id label membership name role" -S = -- "$cur" ) ) - __docker_nospace - return - ;; - --format) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--filter -f --format --help --quiet -q" -- "$cur" ) ) - ;; - esac -} - -_docker_node_promote() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - __docker_complete_nodes --filter role=worker - esac -} - -_docker_node_remove() { - _docker_node_rm -} - -_docker_node_rm() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) ) - ;; - *) - __docker_complete_nodes - esac -} - -_docker_node_ps() { - local key=$(__docker_map_key_of_current_option '--filter|-f') - case "$key" in - desired-state) - COMPREPLY=( $( compgen -W "accepted running shutdown" -- "${cur##*=}" ) ) - return - ;; - name) - __docker_complete_services --cur "${cur##*=}" --name - return - ;; - esac - - case "$prev" in - --filter|-f) - COMPREPLY=( $( compgen -W "desired-state id label name" -S = -- "$cur" ) ) - __docker_nospace - return - ;; - --format) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--filter -f --format --help --no-resolve --no-trunc --quiet -q" -- "$cur" ) ) - ;; - *) - __docker_complete_nodes --add self - ;; - esac -} - -_docker_node_update() { - case "$prev" in - --availability) - COMPREPLY=( $( compgen -W "active drain pause" -- "$cur" ) ) - return - ;; - --role) - COMPREPLY=( $( compgen -W "manager worker" -- "$cur" ) ) - return - ;; - --label-add|--label-rm) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--availability --help --label-add --label-rm --role" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag '--availability|--label-add|--label-rm|--role') - if [ $cword -eq $counter ]; then - __docker_complete_nodes - fi - ;; - esac -} - -_docker_pause() { - _docker_container_pause -} - -_docker_plugin() { - local subcommands=" - create - disable - enable - inspect - install - ls - push - rm - set - upgrade - " - local aliases=" - list - remove - " - __docker_subcommands "$subcommands $aliases" && return - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) - ;; - esac -} - -_docker_plugin_create() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--compress --help" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - # reponame - return - elif [ $cword -eq $((counter + 1)) ]; then - _filedir -d - fi - ;; - esac -} - -_docker_plugin_disable() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_complete_plugins_installed --filter enabled=true - fi - ;; - esac -} - -_docker_plugin_enable() { - case "$prev" in - --timeout) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help --timeout" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag '--timeout') - if [ $cword -eq $counter ]; then - __docker_complete_plugins_installed --filter enabled=false - fi - ;; - esac -} - -_docker_plugin_inspect() { - case "$prev" in - --format|f) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) ) - ;; - *) - __docker_complete_plugins_installed - ;; - esac -} - -_docker_plugin_install() { - case "$prev" in - --alias) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--alias --disable --disable-content-trust=false --grant-all-permissions --help" -- "$cur" ) ) - ;; - esac -} - -_docker_plugin_list() { - _docker_plugin_ls -} - -_docker_plugin_ls() { - local key=$(__docker_map_key_of_current_option '--filter|-f') - case "$key" in - capability) - COMPREPLY=( $( compgen -W "authz ipamdriver networkdriver volumedriver" -- "${cur##*=}" ) ) - return - ;; - enabled) - COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) - return - ;; - esac - - case "$prev" in - --filter|-f) - COMPREPLY=( $( compgen -S = -W "capability enabled" -- "$cur" ) ) - __docker_nospace - return - ;; - --format) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--filter -f --format --help --no-trunc --quiet -q" -- "$cur" ) ) - ;; - esac -} - -_docker_plugin_push() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_complete_plugins_installed - fi - ;; - esac -} - -_docker_plugin_remove() { - _docker_plugin_rm -} - -_docker_plugin_rm() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) ) - ;; - *) - __docker_complete_plugins_installed - ;; - esac -} - -_docker_plugin_set() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_complete_plugins_installed - fi - ;; - esac -} - -_docker_plugin_upgrade() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--disable-content-trust --grant-all-permissions --help --skip-remote-check" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_complete_plugins_installed - __ltrim_colon_completions "$cur" - elif [ $cword -eq $((counter + 1)) ]; then - local plugin_images="$(__docker_plugins_installed)" - COMPREPLY=( $(compgen -S : -W "${plugin_images%:*}" -- "$cur") ) - __docker_nospace - fi - ;; - esac -} - - -_docker_port() { - _docker_container_port -} - -_docker_ps() { - _docker_container_ls -} - -_docker_pull() { - _docker_image_pull -} - -_docker_push() { - _docker_image_push -} - -_docker_rename() { - _docker_container_rename -} - -_docker_restart() { - _docker_container_restart -} - -_docker_rm() { - _docker_container_rm -} - -_docker_rmi() { - _docker_image_rm -} - -_docker_run() { - _docker_container_run -} - -_docker_save() { - _docker_image_save -} - - -_docker_secret() { - local subcommands=" - create - inspect - ls - rm - " - local aliases=" - list - remove - " - __docker_subcommands "$subcommands $aliases" && return - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) - ;; - esac -} - -_docker_secret_create() { - case "$prev" in - --label|-l) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help --label -l" -- "$cur" ) ) - ;; - esac -} - -_docker_secret_inspect() { - case "$prev" in - --format|-f) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) ) - ;; - *) - __docker_complete_secrets - ;; - esac -} - -_docker_secret_list() { - _docker_secret_ls -} - -_docker_secret_ls() { - local key=$(__docker_map_key_of_current_option '--filter|-f') - case "$key" in - id) - __docker_complete_secrets --cur "${cur##*=}" --id - return - ;; - name) - __docker_complete_secrets --cur "${cur##*=}" --name - return - ;; - esac - - case "$prev" in - --filter|-f) - COMPREPLY=( $( compgen -S = -W "id label name" -- "$cur" ) ) - __docker_nospace - return - ;; - --format) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--format --filter -f --help --quiet -q" -- "$cur" ) ) - ;; - esac -} - -_docker_secret_remove() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - __docker_complete_secrets - ;; - esac -} - -_docker_secret_rm() { - _docker_secret_remove -} - - - -_docker_search() { - local key=$(__docker_map_key_of_current_option '--filter|-f') - case "$key" in - is-automated) - COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) - return - ;; - is-official) - COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) - return - ;; - esac - - case "$prev" in - --filter|-f) - COMPREPLY=( $( compgen -S = -W "is-automated is-official stars" -- "$cur" ) ) - __docker_nospace - return - ;; - --limit) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--filter --help --limit --no-trunc" -- "$cur" ) ) - ;; - esac -} - - -_docker_stack() { - local subcommands=" - deploy - ls - ps - rm - services - " - local aliases=" - down - list - remove - up - " - __docker_subcommands "$subcommands $aliases" && return - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) - ;; - esac -} - -_docker_stack_deploy() { - case "$prev" in - --bundle-file) - if __docker_daemon_is_experimental ; then - _filedir dab - return - fi - ;; - --compose-file|-c) - _filedir yml - return - ;; - esac - - case "$cur" in - -*) - local options="--compose-file -c --help --prune --with-registry-auth" - __docker_daemon_is_experimental && options+=" --bundle-file" - COMPREPLY=( $( compgen -W "$options" -- "$cur" ) ) - ;; - esac -} - -_docker_stack_down() { - _docker_stack_rm -} - -_docker_stack_list() { - _docker_stack_ls -} - -_docker_stack_ls() { - case "$prev" in - --format) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--format --help" -- "$cur" ) ) - ;; - esac -} - -_docker_stack_ps() { - local key=$(__docker_map_key_of_current_option '--filter|-f') - case "$key" in - desired-state) - COMPREPLY=( $( compgen -W "accepted running shutdown" -- "${cur##*=}" ) ) - return - ;; - id) - __docker_complete_stacks --cur "${cur##*=}" --id - return - ;; - name) - __docker_complete_stacks --cur "${cur##*=}" --name - return - ;; - esac - - case "$prev" in - --filter|-f) - COMPREPLY=( $( compgen -S = -W "id name desired-state" -- "$cur" ) ) - __docker_nospace - return - ;; - --format) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--all -a --filter -f --format --help --no-resolve --no-trunc --quiet -q" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag '--filter|-f') - if [ $cword -eq $counter ]; then - __docker_complete_stacks - fi - ;; - esac -} - -_docker_stack_remove() { - _docker_stack_rm -} - -_docker_stack_rm() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - __docker_complete_stacks - esac -} - -_docker_stack_services() { - local key=$(__docker_map_key_of_current_option '--filter|-f') - case "$key" in - id) - __docker_complete_services --cur "${cur##*=}" --id - return - ;; - label) - return - ;; - name) - __docker_complete_services --cur "${cur##*=}" --name - return - ;; - esac - - case "$prev" in - --filter|-f) - COMPREPLY=( $( compgen -S = -W "id label name" -- "$cur" ) ) - __docker_nospace - return - ;; - --format) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--filter -f --format --help --quiet -q" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag '--filter|-f|--format') - if [ $cword -eq $counter ]; then - __docker_complete_stacks - fi - ;; - esac -} - -_docker_stack_up() { - _docker_stack_deploy -} - - -_docker_start() { - _docker_container_start -} - -_docker_stats() { - _docker_container_stats -} - -_docker_stop() { - _docker_container_stop -} - - -_docker_system() { - local subcommands=" - df - events - info - prune - " - __docker_subcommands "$subcommands $aliases" && return - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) - ;; - esac -} - -_docker_system_df() { - case "$prev" in - --format) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--format --help --verbose -v" -- "$cur" ) ) - ;; - esac -} - -_docker_system_events() { - local key=$(__docker_map_key_of_current_option '-f|--filter') - case "$key" in - container) - __docker_complete_containers_all --cur "${cur##*=}" - return - ;; - daemon) - local name=$(__docker_q info | sed -n 's/^\(ID\|Name\): //p') - COMPREPLY=( $( compgen -W "$name" -- "${cur##*=}" ) ) - return - ;; - event) - COMPREPLY=( $( compgen -W " - attach - commit - connect - copy - create - delete - destroy - detach - die - disconnect - exec_create - exec_detach - exec_start - export - health_status - import - kill - load - mount - oom - pause - pull - push - reload - rename - resize - restart - save - start - stop - tag - top - unmount - unpause - untag - update - " -- "${cur##*=}" ) ) - return - ;; - image) - cur="${cur##*=}" - __docker_complete_images - return - ;; - network) - __docker_complete_networks --cur "${cur##*=}" - return - ;; - type) - COMPREPLY=( $( compgen -W "container daemon image network volume" -- "${cur##*=}" ) ) - return - ;; - volume) - __docker_complete_volumes --cur "${cur##*=}" - return - ;; - esac - - case "$prev" in - --filter|-f) - COMPREPLY=( $( compgen -S = -W "container daemon event image label network type volume" -- "$cur" ) ) - __docker_nospace - return - ;; - --since|--until) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--filter -f --help --since --until --format" -- "$cur" ) ) - ;; - esac -} - -_docker_system_info() { - case "$prev" in - --format|-f) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) ) - ;; - esac -} - -_docker_system_prune() { - case "$prev" in - --filter) - COMPREPLY=( $( compgen -W "until" -S = -- "$cur" ) ) - __docker_nospace - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--all -a --force -f --filter --help" -- "$cur" ) ) - ;; - esac -} - - -_docker_tag() { - _docker_image_tag -} - -_docker_unpause() { - _docker_container_unpause -} - -_docker_update() { - _docker_container_update -} - -_docker_top() { - _docker_container_top -} - -_docker_version() { - case "$prev" in - --format|-f) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) ) - ;; - esac -} - -_docker_volume_create() { - case "$prev" in - --driver|-d) - __docker_complete_plugins_bundled --type Volume - return - ;; - --label|--opt|-o) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--driver -d --help --label --opt -o" -- "$cur" ) ) - ;; - esac -} - -_docker_volume_inspect() { - case "$prev" in - --format|-f) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) ) - ;; - *) - __docker_complete_volumes - ;; - esac -} - -_docker_volume_list() { - _docker_volume_ls -} - -_docker_volume_ls() { - local key=$(__docker_map_key_of_current_option '--filter|-f') - case "$key" in - dangling) - COMPREPLY=( $( compgen -W "true false" -- "${cur##*=}" ) ) - return - ;; - driver) - __docker_complete_plugins_bundled --cur "${cur##*=}" --type Volume - return - ;; - name) - __docker_complete_volumes --cur "${cur##*=}" - return - ;; - esac - - case "$prev" in - --filter|-f) - COMPREPLY=( $( compgen -S = -W "dangling driver label name" -- "$cur" ) ) - __docker_nospace - return - ;; - --format) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--filter -f --format --help --quiet -q" -- "$cur" ) ) - ;; - esac -} - -_docker_volume_prune() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) ) - ;; - esac -} - -_docker_volume_remove() { - _docker_volume_rm -} - -_docker_volume_rm() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) ) - ;; - *) - __docker_complete_volumes - ;; - esac -} - -_docker_volume() { - local subcommands=" - create - inspect - ls - prune - rm - " - local aliases=" - list - remove - " - __docker_subcommands "$subcommands $aliases" && return - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) - ;; - esac -} - -_docker_wait() { - _docker_container_wait -} - -_docker() { - local previous_extglob_setting=$(shopt -p extglob) - shopt -s extglob - - local management_commands=( - container - image - network - node - plugin - secret - service - stack - system - volume - ) - - local top_level_commands=( - build - login - logout - run - search - version - ) - - local legacy_commands=( - attach - commit - cp - create - diff - events - exec - export - history - images - import - info - inspect - kill - load - logs - pause - port - ps - pull - push - rename - restart - rm - rmi - save - start - stats - stop - swarm - tag - top - unpause - update - wait - ) - - local experimental_commands=( - checkpoint - deploy - ) - - local commands=(${management_commands[*]} ${top_level_commands[*]}) - [ -z "$DOCKER_HIDE_LEGACY_COMMANDS" ] && commands+=(${legacy_commands[*]}) - - # These options are valid as global options for all client commands - # and valid as command options for `docker daemon` - local global_boolean_options=" - --debug -D - --tls - --tlsverify - " - local global_options_with_args=" - --config - --host -H - --log-level -l - --tlscacert - --tlscert - --tlskey - " - - local host config daemon_os - - COMPREPLY=() - local cur prev words cword - _get_comp_words_by_ref -n : cur prev words cword - - local command='docker' command_pos=0 subcommand_pos - local counter=1 - while [ $counter -lt $cword ]; do - case "${words[$counter]}" in - # save host so that completion can use custom daemon - --host|-H) - (( counter++ )) - host="${words[$counter]}" - ;; - # save config so that completion can use custom configuration directories - --config) - (( counter++ )) - config="${words[$counter]}" - ;; - $(__docker_to_extglob "$global_options_with_args") ) - (( counter++ )) - ;; - -*) - ;; - =) - (( counter++ )) - ;; - *) - command="${words[$counter]}" - command_pos=$counter - break - ;; - esac - (( counter++ )) - done - - local binary="${words[0]}" - if [[ $binary == ?(*/)dockerd ]] ; then - # for the dockerd binary, we reuse completion of `docker daemon`. - # dockerd does not have subcommands and global options. - command=daemon - command_pos=0 - fi - - local completions_func=_docker_${command//-/_} - declare -F $completions_func >/dev/null && $completions_func - - eval "$previous_extglob_setting" - return 0 -} - -eval "$__docker_previous_extglob_setting" -unset __docker_previous_extglob_setting - -complete -F _docker docker docker.exe dockerd dockerd.exe diff --git a/components/engine/contrib/completion/fish/docker.fish b/components/engine/contrib/completion/fish/docker.fish deleted file mode 100644 index 38957b8b77..0000000000 --- a/components/engine/contrib/completion/fish/docker.fish +++ /dev/null @@ -1,409 +0,0 @@ -# docker.fish - docker completions for fish shell -# -# This file is generated by gen_docker_fish_completions.py from: -# https://github.com/barnybug/docker-fish-completion -# -# To install the completions: -# mkdir -p ~/.config/fish/completions -# cp docker.fish ~/.config/fish/completions -# -# Completion supported: -# - parameters -# - commands -# - containers -# - images -# - repositories - -function __fish_docker_no_subcommand --description 'Test if docker has yet to be given the subcommand' - for i in (commandline -opc) - if contains -- $i attach build commit cp create diff events exec export history images import info inspect kill load login logout logs pause port ps pull push rename restart rm rmi run save search start stop tag top unpause version wait stats - return 1 - end - end - return 0 -end - -function __fish_print_docker_containers --description 'Print a list of docker containers' -a select - switch $select - case running - docker ps -a --no-trunc --filter status=running --format "{{.ID}}\n{{.Names}}" | tr ',' '\n' - case stopped - docker ps -a --no-trunc --filter status=exited --format "{{.ID}}\n{{.Names}}" | tr ',' '\n' - case all - docker ps -a --no-trunc --format "{{.ID}}\n{{.Names}}" | tr ',' '\n' - end -end - -function __fish_print_docker_images --description 'Print a list of docker images' - docker images --format "{{.Repository}}:{{.Tag}}" | command grep -v '' -end - -function __fish_print_docker_repositories --description 'Print a list of docker repositories' - docker images --format "{{.Repository}}" | command grep -v '' | command sort | command uniq -end - -# common options -complete -c docker -f -n '__fish_docker_no_subcommand' -l api-cors-header -d "Set CORS headers in the Engine API. Default is cors disabled" -complete -c docker -f -n '__fish_docker_no_subcommand' -s b -l bridge -d 'Attach containers to a pre-existing network bridge' -complete -c docker -f -n '__fish_docker_no_subcommand' -l bip -d "Use this CIDR notation address for the network bridge's IP, not compatible with -b" -complete -c docker -f -n '__fish_docker_no_subcommand' -s D -l debug -d 'Enable debug mode' -complete -c docker -f -n '__fish_docker_no_subcommand' -s d -l daemon -d 'Enable daemon mode' -complete -c docker -f -n '__fish_docker_no_subcommand' -l dns -d 'Force Docker to use specific DNS servers' -complete -c docker -f -n '__fish_docker_no_subcommand' -l dns-opt -d 'Force Docker to use specific DNS options' -complete -c docker -f -n '__fish_docker_no_subcommand' -l dns-search -d 'Force Docker to use specific DNS search domains' -complete -c docker -f -n '__fish_docker_no_subcommand' -l exec-opt -d 'Set runtime execution options' -complete -c docker -f -n '__fish_docker_no_subcommand' -l fixed-cidr -d 'IPv4 subnet for fixed IPs (e.g. 10.20.0.0/16)' -complete -c docker -f -n '__fish_docker_no_subcommand' -l fixed-cidr-v6 -d 'IPv6 subnet for fixed IPs (e.g.: 2001:a02b/48)' -complete -c docker -f -n '__fish_docker_no_subcommand' -s G -l group -d 'Group to assign the unix socket specified by -H when running in daemon mode' -complete -c docker -f -n '__fish_docker_no_subcommand' -s g -l graph -d 'Path to use as the root of the Docker runtime' -complete -c docker -f -n '__fish_docker_no_subcommand' -s H -l host -d 'The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.' -complete -c docker -f -n '__fish_docker_no_subcommand' -s h -l help -d 'Print usage' -complete -c docker -f -n '__fish_docker_no_subcommand' -l icc -d 'Allow unrestricted inter-container and Docker daemon host communication' -complete -c docker -f -n '__fish_docker_no_subcommand' -l insecure-registry -d 'Enable insecure communication with specified registries (no certificate verification for HTTPS and enable HTTP fallback) (e.g., localhost:5000 or 10.20.0.0/16)' -complete -c docker -f -n '__fish_docker_no_subcommand' -l ip -d 'Default IP address to use when binding container ports' -complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-forward -d 'Enable net.ipv4.ip_forward and IPv6 forwarding if --fixed-cidr-v6 is defined. IPv6 forwarding may interfere with your existing IPv6 configuration when using Router Advertisement.' -complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-masq -d "Enable IP masquerading for bridge's IP range" -complete -c docker -f -n '__fish_docker_no_subcommand' -l iptables -d "Enable Docker's addition of iptables rules" -complete -c docker -f -n '__fish_docker_no_subcommand' -l ipv6 -d 'Enable IPv6 networking' -complete -c docker -f -n '__fish_docker_no_subcommand' -s l -l log-level -d 'Set the logging level ("debug", "info", "warn", "error", "fatal")' -complete -c docker -f -n '__fish_docker_no_subcommand' -l label -d 'Set key=value labels to the daemon (displayed in `docker info`)' -complete -c docker -f -n '__fish_docker_no_subcommand' -l mtu -d 'Set the containers network MTU' -complete -c docker -f -n '__fish_docker_no_subcommand' -s p -l pidfile -d 'Path to use for daemon PID file' -complete -c docker -f -n '__fish_docker_no_subcommand' -l registry-mirror -d 'Specify a preferred Docker registry mirror' -complete -c docker -f -n '__fish_docker_no_subcommand' -s s -l storage-driver -d 'Force the Docker runtime to use a specific storage driver' -complete -c docker -f -n '__fish_docker_no_subcommand' -l selinux-enabled -d 'Enable selinux support. SELinux does not presently support the BTRFS storage driver' -complete -c docker -f -n '__fish_docker_no_subcommand' -l storage-opt -d 'Set storage driver options' -complete -c docker -f -n '__fish_docker_no_subcommand' -l tls -d 'Use TLS; implied by --tlsverify' -complete -c docker -f -n '__fish_docker_no_subcommand' -l tlscacert -d 'Trust only remotes providing a certificate signed by the CA given here' -complete -c docker -f -n '__fish_docker_no_subcommand' -l tlscert -d 'Path to TLS certificate file' -complete -c docker -f -n '__fish_docker_no_subcommand' -l tlskey -d 'Path to TLS key file' -complete -c docker -f -n '__fish_docker_no_subcommand' -l tlsverify -d 'Use TLS and verify the remote (daemon: verify client, client: verify daemon)' -complete -c docker -f -n '__fish_docker_no_subcommand' -s v -l version -d 'Print version information and quit' - -# subcommands -# attach -complete -c docker -f -n '__fish_docker_no_subcommand' -a attach -d 'Attach to a running container' -complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l no-stdin -d 'Do not attach STDIN' -complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l sig-proxy -d 'Proxy all received signals to the process (non-TTY mode only). SIGCHLD, SIGKILL, and SIGSTOP are not proxied.' -complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -a '(__fish_print_docker_containers running)' -d "Container" - -# build -complete -c docker -f -n '__fish_docker_no_subcommand' -a build -d 'Build an image from a Dockerfile' -complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s f -l file -d "Name of the Dockerfile(Default is 'Dockerfile' at context root)" -complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l force-rm -d 'Always remove intermediate containers, even after unsuccessful builds' -complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l no-cache -d 'Do not use cache when building the image' -complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l pull -d 'Always attempt to pull a newer version of the image' -complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s q -l quiet -d 'Suppress the build output and print image ID on success' -complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l rm -d 'Remove intermediate containers after a successful build' -complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s t -l tag -d 'Repository name (and optionally a tag) to be applied to the resulting image in case of success' - -# commit -complete -c docker -f -n '__fish_docker_no_subcommand' -a commit -d "Create a new image from a container's changes" -complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s a -l author -d 'Author (e.g., "John Hannibal Smith ")' -complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s m -l message -d 'Commit message' -complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s p -l pause -d 'Pause container during commit' -complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_print_docker_containers all)' -d "Container" - -# cp -complete -c docker -f -n '__fish_docker_no_subcommand' -a cp -d "Copy files/folders between a container and the local filesystem" -complete -c docker -A -f -n '__fish_seen_subcommand_from cp' -l help -d 'Print usage' - -# create -complete -c docker -f -n '__fish_docker_no_subcommand' -a create -d 'Create a new container' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s a -l attach -d 'Attach to STDIN, STDOUT or STDERR.' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l add-host -d 'Add a custom host-to-IP mapping (host:ip)' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cpu-shares -d 'CPU shares (relative weight)' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cap-add -d 'Add Linux capabilities' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cap-drop -d 'Drop Linux capabilities' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cidfile -d 'Write the container ID to the file' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cpuset -d 'CPUs in which to allow execution (0-3, 0,1)' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l device -d 'Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l device-cgroup-rule -d 'Add a rule to the cgroup allowed devices list (e.g. --device-cgroup-rule="c 13:37 rwm")' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns -d 'Set custom DNS servers' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns-opt -d "Set custom DNS options (Use --dns-opt='' if you don't wish to set options)" -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns-search -d "Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)" -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s e -l env -d 'Set environment variables' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l entrypoint -d 'Overwrite the default ENTRYPOINT of the image' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l env-file -d 'Read in a line delimited file of environment variables' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l expose -d 'Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l group-add -d 'Add additional groups to run as' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s h -l hostname -d 'Container host name' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s i -l interactive -d 'Keep STDIN open even if not attached' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l ipc -d 'Default is to create a private IPC namespace (POSIX SysV IPC) for the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l link -d 'Add link to another container in the form of :alias' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s m -l memory -d 'Memory limit (format: [], where unit = b, k, m or g)' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l mac-address -d 'Container MAC address (e.g., 92:d0:c6:0a:29:33)' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: [], where unit = b, k, m or g)" -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l mount -d 'Attach a filesystem mount to the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l name -d 'Assign a name to the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l net -d 'Set the Network mode for the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s P -l publish-all -d 'Publish all exposed ports to random ports on the host interfaces' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s p -l publish -d "Publish a container's port to the host" -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l pid -d 'Default is to create a private PID namespace for the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l privileged -d 'Give extended privileges to this container' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l read-only -d "Mount the container's root filesystem as read only" -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l restart -d 'Restart policy to apply when a container exits (no, on-failure[:max-retry], always)' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l security-opt -d 'Security Options' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s t -l tty -d 'Allocate a pseudo-TTY' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s u -l user -d 'Username or UID' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s v -l volume -d 'Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l volumes-from -d 'Mount volumes from the specified container(s)' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s w -l workdir -d 'Working directory inside the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -a '(__fish_print_docker_images)' -d "Image" - -# diff -complete -c docker -f -n '__fish_docker_no_subcommand' -a diff -d "Inspect changes on a container's filesystem" -complete -c docker -A -f -n '__fish_seen_subcommand_from diff' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from diff' -a '(__fish_print_docker_containers all)' -d "Container" - -# events -complete -c docker -f -n '__fish_docker_no_subcommand' -a events -d 'Get real time events from the server' -complete -c docker -A -f -n '__fish_seen_subcommand_from events' -s f -l filter -d "Provide filter values (i.e., 'event=stop')" -complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l since -d 'Show all events created since timestamp' -complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l until -d 'Stream events until this timestamp' -complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l format -d 'Format the output using the given go template' - -# exec -complete -c docker -f -n '__fish_docker_no_subcommand' -a exec -d 'Run a command in a running container' -complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -s d -l detach -d 'Detached mode: run command in the background' -complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -s i -l interactive -d 'Keep STDIN open even if not attached' -complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -s t -l tty -d 'Allocate a pseudo-TTY' -complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -a '(__fish_print_docker_containers running)' -d "Container" - -# export -complete -c docker -f -n '__fish_docker_no_subcommand' -a export -d 'Stream the contents of a container as a tar archive' -complete -c docker -A -f -n '__fish_seen_subcommand_from export' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from export' -a '(__fish_print_docker_containers all)' -d "Container" - -# history -complete -c docker -f -n '__fish_docker_no_subcommand' -a history -d 'Show the history of an image' -complete -c docker -A -f -n '__fish_seen_subcommand_from history' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from history' -l no-trunc -d "Don't truncate output" -complete -c docker -A -f -n '__fish_seen_subcommand_from history' -s q -l quiet -d 'Only show numeric IDs' -complete -c docker -A -f -n '__fish_seen_subcommand_from history' -a '(__fish_print_docker_images)' -d "Image" - -# images -complete -c docker -f -n '__fish_docker_no_subcommand' -a images -d 'List images' -complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s a -l all -d 'Show all images (by default filter out the intermediate image layers)' -complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s f -l filter -d "Provide filter values (i.e., 'dangling=true')" -complete -c docker -A -f -n '__fish_seen_subcommand_from images' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from images' -l no-trunc -d "Don't truncate output" -complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s q -l quiet -d 'Only show numeric IDs' -complete -c docker -A -f -n '__fish_seen_subcommand_from images' -a '(__fish_print_docker_repositories)' -d "Repository" - -# import -complete -c docker -f -n '__fish_docker_no_subcommand' -a import -d 'Create a new filesystem image from the contents of a tarball' -complete -c docker -A -f -n '__fish_seen_subcommand_from import' -l help -d 'Print usage' - -# info -complete -c docker -f -n '__fish_docker_no_subcommand' -a info -d 'Display system-wide information' -complete -c docker -A -f -n '__fish_seen_subcommand_from info' -s f -l format -d 'Format the output using the given go template' -complete -c docker -A -f -n '__fish_seen_subcommand_from info' -l help -d 'Print usage' - -# inspect -complete -c docker -f -n '__fish_docker_no_subcommand' -a inspect -d 'Return low-level information on a container or image' -complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -s f -l format -d 'Format the output using the given go template.' -complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -s s -l size -d 'Display total file sizes if the type is container.' -complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_images)' -d "Image" -complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_containers all)' -d "Container" - -# kill -complete -c docker -f -n '__fish_docker_no_subcommand' -a kill -d 'Kill a running container' -complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -s s -l signal -d 'Signal to send to the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -a '(__fish_print_docker_containers running)' -d "Container" - -# load -complete -c docker -f -n '__fish_docker_no_subcommand' -a load -d 'Load an image from a tar archive' -complete -c docker -A -f -n '__fish_seen_subcommand_from load' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from load' -s i -l input -d 'Read from a tar archive file, instead of STDIN' - -# login -complete -c docker -f -n '__fish_docker_no_subcommand' -a login -d 'Log in to a Docker registry server' -complete -c docker -A -f -n '__fish_seen_subcommand_from login' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s p -l password -d 'Password' -complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s u -l username -d 'Username' - -# logout -complete -c docker -f -n '__fish_docker_no_subcommand' -a logout -d 'Log out from a Docker registry server' - -# logs -complete -c docker -f -n '__fish_docker_no_subcommand' -a logs -d 'Fetch the logs of a container' -complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -s f -l follow -d 'Follow log output' -complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -s t -l timestamps -d 'Show timestamps' -complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -l since -d 'Show logs since timestamp' -complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -l tail -d 'Output the specified number of lines at the end of logs (defaults to all logs)' -complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -a '(__fish_print_docker_containers running)' -d "Container" - -# port -complete -c docker -f -n '__fish_docker_no_subcommand' -a port -d 'Lookup the public-facing port that is NAT-ed to PRIVATE_PORT' -complete -c docker -A -f -n '__fish_seen_subcommand_from port' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from port' -a '(__fish_print_docker_containers running)' -d "Container" - -# pause -complete -c docker -f -n '__fish_docker_no_subcommand' -a pause -d 'Pause all processes within a container' -complete -c docker -A -f -n '__fish_seen_subcommand_from pause' -a '(__fish_print_docker_containers running)' -d "Container" - -# ps -complete -c docker -f -n '__fish_docker_no_subcommand' -a ps -d 'List containers' -complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s a -l all -d 'Show all containers. Only running containers are shown by default.' -complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l before -d 'Show only container created before Id or Name, include non-running ones.' -complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s f -l filter -d 'Provide filter values. Valid filters:' -complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s l -l latest -d 'Show only the latest created container, include non-running ones.' -complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s n -d 'Show n last created containers, include non-running ones.' -complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l no-trunc -d "Don't truncate output" -complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s q -l quiet -d 'Only display numeric IDs' -complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s s -l size -d 'Display total file sizes' -complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l since -d 'Show only containers created since Id or Name, include non-running ones.' - -# pull -complete -c docker -f -n '__fish_docker_no_subcommand' -a pull -d 'Pull an image or a repository from a Docker registry server' -complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -s a -l all-tags -d 'Download all tagged images in the repository' -complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -a '(__fish_print_docker_images)' -d "Image" -complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -a '(__fish_print_docker_repositories)' -d "Repository" - -# push -complete -c docker -f -n '__fish_docker_no_subcommand' -a push -d 'Push an image or a repository to a Docker registry server' -complete -c docker -A -f -n '__fish_seen_subcommand_from push' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print_docker_images)' -d "Image" -complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print_docker_repositories)' -d "Repository" - -# rename -complete -c docker -f -n '__fish_docker_no_subcommand' -a rename -d 'Rename an existing container' - -# restart -complete -c docker -f -n '__fish_docker_no_subcommand' -a restart -d 'Restart a container' -complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -s t -l time -d 'Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds.' -complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -a '(__fish_print_docker_containers running)' -d "Container" - -# rm -complete -c docker -f -n '__fish_docker_no_subcommand' -a rm -d 'Remove one or more containers' -complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s f -l force -d 'Force the removal of a running container (uses SIGKILL)' -complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s l -l link -d 'Remove the specified link and not the underlying container' -complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s v -l volumes -d 'Remove the volumes associated with the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -a '(__fish_print_docker_containers stopped)' -d "Container" -complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s f -l force -a '(__fish_print_docker_containers all)' -d "Container" - -# rmi -complete -c docker -f -n '__fish_docker_no_subcommand' -a rmi -d 'Remove one or more images' -complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -s f -l force -d 'Force removal of the image' -complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -l no-prune -d 'Do not delete untagged parents' -complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -a '(__fish_print_docker_images)' -d "Image" - -# run -complete -c docker -f -n '__fish_docker_no_subcommand' -a run -d 'Run a command in a new container' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s a -l attach -d 'Attach to STDIN, STDOUT or STDERR.' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l add-host -d 'Add a custom host-to-IP mapping (host:ip)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s c -l cpu-shares -d 'CPU shares (relative weight)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cap-add -d 'Add Linux capabilities' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cap-drop -d 'Drop Linux capabilities' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cidfile -d 'Write the container ID to the file' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cpuset -d 'CPUs in which to allow execution (0-3, 0,1)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s d -l detach -d 'Detached mode: run the container in the background and print the new container ID' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l device -d 'Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l device-cgroup-rule -d 'Add a rule to the cgroup allowed devices list (e.g. --device-cgroup-rule="c 13:37 rwm")' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns -d 'Set custom DNS servers' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns-opt -d "Set custom DNS options (Use --dns-opt='' if you don't wish to set options)" -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns-search -d "Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)" -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s e -l env -d 'Set environment variables' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l entrypoint -d 'Overwrite the default ENTRYPOINT of the image' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l env-file -d 'Read in a line delimited file of environment variables' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l expose -d 'Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l group-add -d 'Add additional groups to run as' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s h -l hostname -d 'Container host name' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep STDIN open even if not attached' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l ipc -d 'Default is to create a private IPC namespace (POSIX SysV IPC) for the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container in the form of :alias' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: [], where unit = b, k, m or g)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l mac-address -d 'Container MAC address (e.g., 92:d0:c6:0a:29:33)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: [], where unit = b, k, m or g)" -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l mount -d 'Attach a filesystem mount to the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l net -d 'Set the Network mode for the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s P -l publish-all -d 'Publish all exposed ports to random ports on the host interfaces' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s p -l publish -d "Publish a container's port to the host" -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l pid -d 'Default is to create a private PID namespace for the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l privileged -d 'Give extended privileges to this container' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l read-only -d "Mount the container's root filesystem as read only" -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l restart -d 'Restart policy to apply when a container exits (no, on-failure[:max-retry], always)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l rm -d 'Automatically remove the container when it exits (incompatible with -d)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l security-opt -d 'Security Options' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l sig-proxy -d 'Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied.' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l stop-signal -d 'Signal to kill a container' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s t -l tty -d 'Allocate a pseudo-TTY' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s u -l user -d 'Username or UID' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l tmpfs -d 'Mount tmpfs on a directory' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s v -l volume -d 'Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l volumes-from -d 'Mount volumes from the specified container(s)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s w -l workdir -d 'Working directory inside the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -a '(__fish_print_docker_images)' -d "Image" - -# save -complete -c docker -f -n '__fish_docker_no_subcommand' -a save -d 'Save an image to a tar archive' -complete -c docker -A -f -n '__fish_seen_subcommand_from save' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from save' -s o -l output -d 'Write to an file, instead of STDOUT' -complete -c docker -A -f -n '__fish_seen_subcommand_from save' -a '(__fish_print_docker_images)' -d "Image" - -# search -complete -c docker -f -n '__fish_docker_no_subcommand' -a search -d 'Search for an image on the registry (defaults to the Docker Hub)' -complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l automated -d 'Only show automated builds' -complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l no-trunc -d "Don't truncate output" -complete -c docker -A -f -n '__fish_seen_subcommand_from search' -s s -l stars -d 'Only displays with at least x stars' - -# start -complete -c docker -f -n '__fish_docker_no_subcommand' -a start -d 'Start a container' -complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s a -l attach -d "Attach container's STDOUT and STDERR and forward all signals to the process" -complete -c docker -A -f -n '__fish_seen_subcommand_from start' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s i -l interactive -d "Attach container's STDIN" -complete -c docker -A -f -n '__fish_seen_subcommand_from start' -a '(__fish_print_docker_containers stopped)' -d "Container" - -# stats -complete -c docker -f -n '__fish_docker_no_subcommand' -a stats -d "Display a live stream of one or more containers' resource usage statistics" -complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -l no-stream -d 'Disable streaming stats and only pull the first result' -complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -a '(__fish_print_docker_containers running)' -d "Container" - -# stop -complete -c docker -f -n '__fish_docker_no_subcommand' -a stop -d 'Stop a container' -complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -s t -l time -d 'Number of seconds to wait for the container to stop before killing it. Default is 10 seconds.' -complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -a '(__fish_print_docker_containers running)' -d "Container" - -# tag -complete -c docker -f -n '__fish_docker_no_subcommand' -a tag -d 'Tag an image into a repository' -complete -c docker -A -f -n '__fish_seen_subcommand_from tag' -s f -l force -d 'Force' -complete -c docker -A -f -n '__fish_seen_subcommand_from tag' -l help -d 'Print usage' - -# top -complete -c docker -f -n '__fish_docker_no_subcommand' -a top -d 'Lookup the running processes of a container' -complete -c docker -A -f -n '__fish_seen_subcommand_from top' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from top' -a '(__fish_print_docker_containers running)' -d "Container" - -# unpause -complete -c docker -f -n '__fish_docker_no_subcommand' -a unpause -d 'Unpause a paused container' -complete -c docker -A -f -n '__fish_seen_subcommand_from unpause' -a '(__fish_print_docker_containers running)' -d "Container" - -# version -complete -c docker -f -n '__fish_docker_no_subcommand' -a version -d 'Show the Docker version information' -complete -c docker -A -f -n '__fish_seen_subcommand_from version' -s f -l format -d 'Format the output using the given go template' -complete -c docker -A -f -n '__fish_seen_subcommand_from version' -l help -d 'Print usage' - -# wait -complete -c docker -f -n '__fish_docker_no_subcommand' -a wait -d 'Block until a container stops, then print its exit code' -complete -c docker -A -f -n '__fish_seen_subcommand_from wait' -l help -d 'Print usage' -complete -c docker -A -f -n '__fish_seen_subcommand_from wait' -a '(__fish_print_docker_containers running)' -d "Container" diff --git a/components/engine/contrib/completion/powershell/readme.txt b/components/engine/contrib/completion/powershell/readme.txt deleted file mode 100644 index 18e1b53c13..0000000000 --- a/components/engine/contrib/completion/powershell/readme.txt +++ /dev/null @@ -1 +0,0 @@ -See https://github.com/samneirinck/posh-docker \ No newline at end of file diff --git a/components/engine/contrib/completion/zsh/REVIEWERS b/components/engine/contrib/completion/zsh/REVIEWERS deleted file mode 100644 index 03ee2dde3d..0000000000 --- a/components/engine/contrib/completion/zsh/REVIEWERS +++ /dev/null @@ -1,2 +0,0 @@ -Tianon Gravi (@tianon) -Jessie Frazelle (@jfrazelle) diff --git a/components/engine/contrib/completion/zsh/_docker b/components/engine/contrib/completion/zsh/_docker deleted file mode 100644 index 4b0c1e25c7..0000000000 --- a/components/engine/contrib/completion/zsh/_docker +++ /dev/null @@ -1,3014 +0,0 @@ -#compdef docker dockerd -# -# zsh completion for docker (http://docker.com) -# -# version: 0.3.0 -# github: https://github.com/felixr/docker-zsh-completion -# -# contributors: -# - Felix Riedel -# - Steve Durrheimer -# - Vincent Bernat -# -# license: -# -# Copyright (c) 2013, Felix Riedel -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY -# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -# Short-option stacking can be enabled with: -# zstyle ':completion:*:*:docker:*' option-stacking yes -# zstyle ':completion:*:*:docker-*:*' option-stacking yes -__docker_arguments() { - if zstyle -t ":completion:${curcontext}:" option-stacking; then - print -- -s - fi -} - -__docker_get_containers() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - local kind type line s - declare -a running stopped lines args names - - kind=$1; shift - type=$1; shift - [[ $kind = (stopped|all) ]] && args=($args -a) - - lines=(${(f)${:-"$(_call_program commands docker $docker_options ps --format 'table' --no-trunc $args)"$'\n'}}) - - # Parse header line to find columns - local i=1 j=1 k header=${lines[1]} - declare -A begin end - while (( j < ${#header} - 1 )); do - i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 )) - j=$(( i + ${${header[$i,-1]}[(i) ]} - 1 )) - k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 )) - begin[${header[$i,$((j-1))]}]=$i - end[${header[$i,$((j-1))]}]=$k - done - end[${header[$i,$((j-1))]}]=-1 # Last column, should go to the end of the line - lines=(${lines[2,-1]}) - - # Container ID - if [[ $type = (ids|all) ]]; then - for line in $lines; do - s="${${line[${begin[CONTAINER ID]},${end[CONTAINER ID]}]%% ##}[0,12]}" - s="$s:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}" - s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}" - if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = (Exit*|Created*) ]]; then - stopped=($stopped $s) - else - running=($running $s) - fi - done - fi - - # Names: we only display the one without slash. All other names - # are generated and may clutter the completion. However, with - # Swarm, all names may be prefixed by the swarm node name. - if [[ $type = (names|all) ]]; then - for line in $lines; do - names=(${(ps:,:)${${line[${begin[NAMES]},${end[NAMES]}]}%% *}}) - # First step: find a common prefix and strip it (swarm node case) - (( ${#${(u)names%%/*}} == 1 )) && names=${names#${names[1]%%/*}/} - # Second step: only keep the first name without a / - s=${${names:#*/*}[1]} - # If no name, well give up. - (( $#s != 0 )) || continue - s="$s:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}" - s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}" - if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = (Exit*|Created*) ]]; then - stopped=($stopped $s) - else - running=($running $s) - fi - done - fi - - [[ $kind = (running|all) ]] && _describe -t containers-running "running containers" running "$@" && ret=0 - [[ $kind = (stopped|all) ]] && _describe -t containers-stopped "stopped containers" stopped "$@" && ret=0 - return ret -} - -__docker_complete_stopped_containers() { - [[ $PREFIX = -* ]] && return 1 - __docker_get_containers stopped all "$@" -} - -__docker_complete_running_containers() { - [[ $PREFIX = -* ]] && return 1 - __docker_get_containers running all "$@" -} - -__docker_complete_containers() { - [[ $PREFIX = -* ]] && return 1 - __docker_get_containers all all "$@" -} - -__docker_complete_containers_ids() { - [[ $PREFIX = -* ]] && return 1 - __docker_get_containers all ids "$@" -} - -__docker_complete_containers_names() { - [[ $PREFIX = -* ]] && return 1 - __docker_get_containers all names "$@" -} - -__docker_complete_info_plugins() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - emulate -L zsh - setopt extendedglob - local -a plugins - plugins=(${(ps: :)${(M)${(f)${${"$(_call_program commands docker $docker_options info)"##*$'\n'Plugins:}%%$'\n'^ *}}:# $1: *}## $1: }) - _describe -t plugins "$1 plugins" plugins && ret=0 - return ret -} - -__docker_complete_images() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - declare -a images - images=(${${${(f)${:-"$(_call_program commands docker $docker_options images)"$'\n'}}[2,-1]}/(#b)([^ ]##) ##([^ ]##) ##([^ ]##)*/${match[3]}:${(r:15:: :::)match[2]} in ${match[1]}}) - _describe -t docker-images "images" images && ret=0 - __docker_complete_repositories_with_tags && ret=0 - return ret -} - -__docker_complete_repositories() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - declare -a repos - repos=(${${${(f)${:-"$(_call_program commands docker $docker_options images)"$'\n'}}%% *}[2,-1]}) - repos=(${repos#}) - _describe -t docker-repos "repositories" repos && ret=0 - return ret -} - -__docker_complete_repositories_with_tags() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - declare -a repos onlyrepos matched - declare m - repos=(${${${${(f)${:-"$(_call_program commands docker $docker_options images)"$'\n'}}[2,-1]}/ ##/:::}%% *}) - repos=(${${repos%:::}#}) - # Check if we have a prefix-match for the current prefix. - onlyrepos=(${repos%::*}) - for m in $onlyrepos; do - [[ ${PREFIX##${~~m}} != ${PREFIX} ]] && { - # Yes, complete with tags - repos=(${${repos/:::/:}/:/\\:}) - _describe -t docker-repos-with-tags "repositories with tags" repos && ret=0 - return ret - } - done - # No, only complete repositories - onlyrepos=(${${repos%:::*}/:/\\:}) - _describe -t docker-repos "repositories" onlyrepos -qS : && ret=0 - - return ret -} - -__docker_search() { - [[ $PREFIX = -* ]] && return 1 - local cache_policy - zstyle -s ":completion:${curcontext}:" cache-policy cache_policy - if [[ -z "$cache_policy" ]]; then - zstyle ":completion:${curcontext}:" cache-policy __docker_caching_policy - fi - - local searchterm cachename - searchterm="${words[$CURRENT]%/}" - cachename=_docker-search-$searchterm - - local expl - local -a result - if ( [[ ${(P)+cachename} -eq 0 ]] || _cache_invalid ${cachename#_} ) \ - && ! _retrieve_cache ${cachename#_}; then - _message "Searching for ${searchterm}..." - result=(${${${(f)${:-"$(_call_program commands docker $docker_options search $searchterm)"$'\n'}}%% *}[2,-1]}) - _store_cache ${cachename#_} result - fi - _wanted dockersearch expl 'available images' compadd -a result -} - -__docker_get_log_options() { - [[ $PREFIX = -* ]] && return 1 - - integer ret=1 - local log_driver=${opt_args[--log-driver]:-"all"} - local -a common_options awslogs_options fluentd_options gelf_options journald_options json_file_options logentries_options syslog_options splunk_options - - common_options=("max-buffer-size" "mode") - awslogs_options=($common_options "awslogs-region" "awslogs-group" "awslogs-stream" "awslogs-create-group") - fluentd_options=($common_options "env" "fluentd-address" "fluentd-async-connect" "fluentd-buffer-limit" "fluentd-retry-wait" "fluentd-max-retries" "labels" "tag") - gcplogs_options=($common_options "env" "gcp-log-cmd" "gcp-project" "labels") - gelf_options=($common_options "env" "gelf-address" "gelf-compression-level" "gelf-compression-type" "labels" "tag") - journald_options=($common_options "env" "labels" "tag") - json_file_options=($common_options "env" "labels" "max-file" "max-size") - logentries_options=($common_options "logentries-token") - syslog_options=($common_options "env" "labels" "syslog-address" "syslog-facility" "syslog-format" "syslog-tls-ca-cert" "syslog-tls-cert" "syslog-tls-key" "syslog-tls-skip-verify" "tag") - splunk_options=($common_options "env" "labels" "splunk-caname" "splunk-capath" "splunk-format" "splunk-gzip" "splunk-gzip-level" "splunk-index" "splunk-insecureskipverify" "splunk-source" "splunk-sourcetype" "splunk-token" "splunk-url" "splunk-verify-connection" "tag") - - [[ $log_driver = (awslogs|all) ]] && _describe -t awslogs-options "awslogs options" awslogs_options "$@" && ret=0 - [[ $log_driver = (fluentd|all) ]] && _describe -t fluentd-options "fluentd options" fluentd_options "$@" && ret=0 - [[ $log_driver = (gcplogs|all) ]] && _describe -t gcplogs-options "gcplogs options" gcplogs_options "$@" && ret=0 - [[ $log_driver = (gelf|all) ]] && _describe -t gelf-options "gelf options" gelf_options "$@" && ret=0 - [[ $log_driver = (journald|all) ]] && _describe -t journald-options "journald options" journald_options "$@" && ret=0 - [[ $log_driver = (json-file|all) ]] && _describe -t json-file-options "json-file options" json_file_options "$@" && ret=0 - [[ $log_driver = (logentries|all) ]] && _describe -t logentries-options "logentries options" logentries_options "$@" && ret=0 - [[ $log_driver = (syslog|all) ]] && _describe -t syslog-options "syslog options" syslog_options "$@" && ret=0 - [[ $log_driver = (splunk|all) ]] && _describe -t splunk-options "splunk options" splunk_options "$@" && ret=0 - - return ret -} - -__docker_complete_log_drivers() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - drivers=(awslogs etwlogs fluentd gcplogs gelf journald json-file none splunk syslog) - _describe -t log-drivers "log drivers" drivers && ret=0 - return ret -} - -__docker_complete_log_options() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - - if compset -P '*='; then - case "${${words[-1]%=*}#*=}" in - (syslog-format) - local opts=('rfc3164' 'rfc5424' 'rfc5424micro') - _describe -t syslog-format-opts "syslog format options" opts && ret=0 - ;; - (mode) - local opts=('blocking' 'non-blocking') - _describe -t mode-opts "mode options" opts && ret=0 - ;; - *) - _message 'value' && ret=0 - ;; - esac - else - __docker_get_log_options -qS "=" && ret=0 - fi - - return ret -} - -__docker_complete_detach_keys() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - - compset -P "*," - keys=(${:-{a-z}}) - ctrl_keys=(${:-ctrl-{{a-z},{@,'[','\\','^',']',_}}}) - _describe -t detach_keys "[a-z]" keys -qS "," && ret=0 - _describe -t detach_keys-ctrl "'ctrl-' + 'a-z @ [ \\\\ ] ^ _'" ctrl_keys -qS "," && ret=0 -} - -__docker_complete_pid() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - local -a opts vopts - - opts=('host') - vopts=('container') - - if compset -P '*:'; then - case "${${words[-1]%:*}#*=}" in - (container) - __docker_complete_running_containers && ret=0 - ;; - *) - _message 'value' && ret=0 - ;; - esac - else - _describe -t pid-value-opts "PID Options with value" vopts -qS ":" && ret=0 - _describe -t pid-opts "PID Options" opts && ret=0 - fi - - return ret -} - -__docker_complete_runtimes() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - - emulate -L zsh - setopt extendedglob - local -a runtimes_opts - runtimes_opts=(${(ps: :)${(f)${${"$(_call_program commands docker $docker_options info)"##*$'\n'Runtimes: }%%$'\n'^ *}}}) - _describe -t runtimes-opts "runtimes options" runtimes_opts && ret=0 -} - -__docker_complete_ps_filters() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - - if compset -P '*='; then - case "${${words[-1]%=*}#*=}" in - (ancestor) - __docker_complete_images && ret=0 - ;; - (before|since) - __docker_complete_containers && ret=0 - ;; - (health) - health_opts=('healthy' 'none' 'starting' 'unhealthy') - _describe -t health-filter-opts "health filter options" health_opts && ret=0 - ;; - (id) - __docker_complete_containers_ids && ret=0 - ;; - (is-task) - _describe -t boolean-filter-opts "filter options" boolean_opts && ret=0 - ;; - (name) - __docker_complete_containers_names && ret=0 - ;; - (network) - __docker_complete_networks && ret=0 - ;; - (status) - status_opts=('created' 'dead' 'exited' 'paused' 'restarting' 'running' 'removing') - _describe -t status-filter-opts "status filter options" status_opts && ret=0 - ;; - (volume) - __docker_complete_volumes && ret=0 - ;; - *) - _message 'value' && ret=0 - ;; - esac - else - opts=('ancestor' 'before' 'exited' 'expose' 'health' 'id' 'label' 'name' 'network' 'publish' 'since' 'status' 'volume') - _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0 - fi - - return ret -} - -__docker_complete_search_filters() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - declare -a boolean_opts opts - - boolean_opts=('true' 'false') - opts=('is-automated' 'is-official' 'stars') - - if compset -P '*='; then - case "${${words[-1]%=*}#*=}" in - (is-automated|is-official) - _describe -t boolean-filter-opts "filter options" boolean_opts && ret=0 - ;; - *) - _message 'value' && ret=0 - ;; - esac - else - _describe -t filter-opts "filter options" opts -qS "=" && ret=0 - fi - - return ret -} - -__docker_complete_images_filters() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - declare -a boolean_opts opts - - boolean_opts=('true' 'false') - opts=('before' 'dangling' 'label' 'reference' 'since') - - if compset -P '*='; then - case "${${words[-1]%=*}#*=}" in - (before|reference|since) - __docker_complete_images && ret=0 - ;; - (dangling) - _describe -t boolean-filter-opts "filter options" boolean_opts && ret=0 - ;; - *) - _message 'value' && ret=0 - ;; - esac - else - _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0 - fi - - return ret -} - -__docker_complete_events_filter() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - declare -a opts - - opts=('container' 'daemon' 'event' 'image' 'label' 'network' 'type' 'volume') - - if compset -P '*='; then - case "${${words[-1]%=*}#*=}" in - (container) - __docker_complete_containers && ret=0 - ;; - (daemon) - emulate -L zsh - setopt extendedglob - local -a daemon_opts - daemon_opts=( - ${(f)${${"$(_call_program commands docker $docker_options info)"##*$'\n'Name: }%%$'\n'^ *}} - ${${(f)${${"$(_call_program commands docker $docker_options info)"##*$'\n'ID: }%%$'\n'^ *}}//:/\\:} - ) - _describe -t daemon-filter-opts "daemon filter options" daemon_opts && ret=0 - ;; - (event) - local -a event_opts - event_opts=('attach' 'commit' 'connect' 'copy' 'create' 'delete' 'destroy' 'detach' 'die' 'disconnect' 'exec_create' 'exec_detach' - 'exec_start' 'export' 'health_status' 'import' 'kill' 'load' 'mount' 'oom' 'pause' 'pull' 'push' 'reload' 'rename' 'resize' 'restart' 'save' 'start' - 'stop' 'tag' 'top' 'unmount' 'unpause' 'untag' 'update') - _describe -t event-filter-opts "event filter options" event_opts && ret=0 - ;; - (image) - __docker_complete_images && ret=0 - ;; - (network) - __docker_complete_networks && ret=0 - ;; - (type) - local -a type_opts - type_opts=('container' 'daemon' 'image' 'network' 'volume') - _describe -t type-filter-opts "type filter options" type_opts && ret=0 - ;; - (volume) - __docker_complete_volumes && ret=0 - ;; - *) - _message 'value' && ret=0 - ;; - esac - else - _describe -t filter-opts "filter options" opts -qS "=" && ret=0 - fi - - return ret -} - -__docker_complete_prune_filters() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - declare -a opts - - opts=('until') - - if compset -P '*='; then - case "${${words[-1]%=*}#*=}" in - *) - _message 'value' && ret=0 - ;; - esac - else - _describe -t filter-opts "filter options" opts -qS "=" && ret=0 - fi - - return ret -} - -# BO checkpoint - -__docker_checkpoint_commands() { - local -a _docker_checkpoint_subcommands - _docker_checkpoint_subcommands=( - "create:Create a checkpoint from a running container" - "ls:List checkpoints for a container" - "rm:Remove a checkpoint" - ) - _describe -t docker-checkpoint-commands "docker checkpoint command" _docker_checkpoint_subcommands -} - -__docker_checkpoint_subcommand() { - local -a _command_args opts_help - local expl help="--help" - integer ret=1 - - opts_help=("(: -)--help[Print usage]") - - case "$words[1]" in - (create) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)--checkpoint-dir=[Use a custom checkpoint storage directory]:dir:_directories" \ - "($help)--leave-running[Leave the container running after checkpoint]" \ - "($help -)1:container:__docker_complete_running_containers" \ - "($help -)2:checkpoint: " && ret=0 - ;; - (ls|list) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)--checkpoint-dir=[Use a custom checkpoint storage directory]:dir:_directories" \ - "($help -)1:container:__docker_complete_containers" && ret=0 - ;; - (rm|remove) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)--checkpoint-dir=[Use a custom checkpoint storage directory]:dir:_directories" \ - "($help -)1:container:__docker_complete_containers" \ - "($help -)2:checkpoint: " && ret=0 - ;; - (help) - _arguments $(__docker_arguments) ":subcommand:__docker_checkpoint_commands" && ret=0 - ;; - esac - - return ret -} - -# EO checkpoint - -# BO container - -__docker_container_commands() { - local -a _docker_container_subcommands - _docker_container_subcommands=( - "attach:Attach to a running container" - "commit:Create a new image from a container's changes" - "cp:Copy files/folders between a container and the local filesystem" - "create:Create a new container" - "diff:Inspect changes on a container's filesystem" - "exec:Run a command in a running container" - "export:Export a container's filesystem as a tar archive" - "inspect:Display detailed information on one or more containers" - "kill:Kill one or more running containers" - "logs:Fetch the logs of a container" - "ls:List containers" - "pause:Pause all processes within one or more containers" - "port:List port mappings or a specific mapping for the container" - "prune:Remove all stopped containers" - "rename:Rename a container" - "restart:Restart one or more containers" - "rm:Remove one or more containers" - "run:Run a command in a new container" - "start:Start one or more stopped containers" - "stats:Display a live stream of container(s) resource usage statistics" - "stop:Stop one or more running containers" - "top:Display the running processes of a container" - "unpause:Unpause all processes within one or more containers" - "update:Update configuration of one or more containers" - "wait:Block until one or more containers stop, then print their exit codes" - ) - _describe -t docker-container-commands "docker container command" _docker_container_subcommands -} - -__docker_container_subcommand() { - local -a _command_args opts_help opts_attach_exec_run_start opts_create_run opts_create_run_update - local expl help="--help" - integer ret=1 - - opts_attach_exec_run_start=( - "($help)--detach-keys=[Escape key sequence used to detach a container]:sequence:__docker_complete_detach_keys" - ) - opts_create_run=( - "($help -a --attach)"{-a=,--attach=}"[Attach to stdin, stdout or stderr]:device:(STDIN STDOUT STDERR)" - "($help)*--add-host=[Add a custom host-to-IP mapping]:host\:ip mapping: " - "($help)*--blkio-weight-device=[Block IO (relative device weight)]:device:Block IO weight: " - "($help)*--cap-add=[Add Linux capabilities]:capability: " - "($help)*--cap-drop=[Drop Linux capabilities]:capability: " - "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " - "($help)--cidfile=[Write the container ID to the file]:CID file:_files" - "($help)--cpus=[Number of CPUs (default 0.000)]:cpus: " - "($help)*--device=[Add a host device to the container]:device:_files" - "($help)*--device-cgroup-rule=[Add a rule to the cgroup allowed devices list]:device:cgroup: " - "($help)*--device-read-bps=[Limit the read rate (bytes per second) from a device]:device:IO rate: " - "($help)*--device-read-iops=[Limit the read rate (IO per second) from a device]:device:IO rate: " - "($help)*--device-write-bps=[Limit the write rate (bytes per second) to a device]:device:IO rate: " - "($help)*--device-write-iops=[Limit the write rate (IO per second) to a device]:device:IO rate: " - "($help)--disable-content-trust[Skip image verification]" - "($help)*--dns=[Custom DNS servers]:DNS server: " - "($help)*--dns-option=[Custom DNS options]:DNS option: " - "($help)*--dns-search=[Custom DNS search domains]:DNS domains: " - "($help)*"{-e=,--env=}"[Environment variables]:environment variable: " - "($help)--entrypoint=[Overwrite the default entrypoint of the image]:entry point: " - "($help)*--env-file=[Read environment variables from a file]:environment file:_files" - "($help)*--expose=[Expose a port from the container without publishing it]: " - "($help)*--group=[Set one or more supplementary user groups for the container]:group:_groups" - "($help -h --hostname)"{-h=,--hostname=}"[Container host name]:hostname:_hosts" - "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" - "($help)--init[Run an init inside the container that forwards signals and reaps processes]" - "($help)--ip=[IPv4 address]:IPv4: " - "($help)--ip6=[IPv6 address]:IPv6: " - "($help)--ipc=[IPC namespace to use]:IPC namespace: " - "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)" - "($help)*--link=[Add link to another container]:link:->link" - "($help)*--link-local-ip=[Container IPv4/IPv6 link-local addresses]:IPv4/IPv6: " - "($help)*"{-l=,--label=}"[Container metadata]:label: " - "($help)--log-driver=[Default driver for container logs]:logging driver:__docker_complete_log_drivers" - "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_complete_log_options" - "($help)--mac-address=[Container MAC address]:MAC address: " - "($help)*--mount=[Attach a filesystem mount to the container]:mount: " - "($help)--name=[Container name]:name: " - "($help)--network=[Connect a container to a network]:network mode:(bridge none container host)" - "($help)*--network-alias=[Add network-scoped alias for the container]:alias: " - "($help)--oom-kill-disable[Disable OOM Killer]" - "($help)--oom-score-adj[Tune the host's OOM preferences for containers (accepts -1000 to 1000)]" - "($help)--pids-limit[Tune container pids limit (set -1 for unlimited)]" - "($help -P --publish-all)"{-P,--publish-all}"[Publish all exposed ports]" - "($help)*"{-p=,--publish=}"[Expose a container's port to the host]:port:_ports" - "($help)--pid=[PID namespace to use]:PID namespace:__docker_complete_pid" - "($help)--privileged[Give extended privileges to this container]" - "($help)--read-only[Mount the container's root filesystem as read only]" - "($help)*--security-opt=[Security options]:security option: " - "($help)*--shm-size=[Size of '/dev/shm' (format is '')]:shm size: " - "($help)--stop-signal=[Signal to kill a container]:signal:_signals" - "($help)--stop-timeout=[Timeout (in seconds) to stop a container]:time: " - "($help)*--sysctl=-[sysctl options]:sysctl: " - "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" - "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" - "($help)*--ulimit=[ulimit options]:ulimit: " - "($help)--userns=[Container user namespace]:user namespace:(host)" - "($help)--tmpfs[mount tmpfs]" - "($help)*-v[Bind mount a volume]:volume: " - "($help)--volume-driver=[Optional volume driver for the container]:volume driver:(local)" - "($help)*--volumes-from=[Mount volumes from the specified container]:volume: " - "($help -w --workdir)"{-w=,--workdir=}"[Working directory inside the container]:directory:_directories" - ) - opts_create_run_update=( - "($help)--blkio-weight=[Block IO (relative weight), between 10 and 1000]:Block IO weight:(10 100 500 1000)" - "($help -c --cpu-shares)"{-c=,--cpu-shares=}"[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" - "($help)--cpu-period=[Limit the CPU CFS (Completely Fair Scheduler) period]:CPU period: " - "($help)--cpu-quota=[Limit the CPU CFS (Completely Fair Scheduler) quota]:CPU quota: " - "($help)--cpu-rt-period=[Limit the CPU real-time period]:CPU real-time period in microseconds: " - "($help)--cpu-rt-runtime=[Limit the CPU real-time runtime]:CPU real-time runtime in microseconds: " - "($help)--cpuset-cpus=[CPUs in which to allow execution]:CPUs: " - "($help)--cpuset-mems=[MEMs in which to allow execution]:MEMs: " - "($help)--kernel-memory=[Kernel memory limit in bytes]:Memory limit: " - "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: " - "($help)--memory-reservation=[Memory soft limit]:Memory limit: " - "($help)--memory-swap=[Total memory limit with swap]:Memory limit: " - "($help)--restart=[Restart policy]:restart policy:(no on-failure always unless-stopped)" - ) - opts_help=("(: -)--help[Print usage]") - - case "$words[1]" in - (attach) - _arguments $(__docker_arguments) \ - $opts_help \ - $opts_attach_exec_run_start \ - "($help)--no-stdin[Do not attach stdin]" \ - "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ - "($help -):containers:__docker_complete_running_containers" && ret=0 - ;; - (commit) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -a --author)"{-a=,--author=}"[Author]:author: " \ - "($help)*"{-c=,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ - "($help -m --message)"{-m=,--message=}"[Commit message]:message: " \ - "($help -p --pause)"{-p,--pause}"[Pause container during commit]" \ - "($help -):container:__docker_complete_containers" \ - "($help -): :__docker_complete_repositories_with_tags" && ret=0 - ;; - (cp) - local state - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -L --follow-link)"{-L,--follow-link}"[Always follow symbol link]" \ - "($help -)1:container:->container" \ - "($help -)2:hostpath:_files" && ret=0 - case $state in - (container) - if compset -P "*:"; then - _files && ret=0 - else - __docker_complete_containers -qS ":" && ret=0 - fi - ;; - esac - ;; - (create) - local state - _arguments $(__docker_arguments) \ - $opts_help \ - $opts_create_run \ - $opts_create_run_update \ - "($help -): :__docker_complete_images" \ - "($help -):command: _command_names -e" \ - "($help -)*::arguments: _normal" && ret=0 - case $state in - (link) - if compset -P "*:"; then - _wanted alias expl "Alias" compadd -E "" && ret=0 - else - __docker_complete_running_containers -qS ":" && ret=0 - fi - ;; - esac - ;; - (diff) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -)*:containers:__docker_complete_containers" && ret=0 - ;; - (exec) - local state - _arguments $(__docker_arguments) \ - $opts_help \ - $opts_attach_exec_run_start \ - "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \ - "($help)*"{-e=,--env=}"[Set environment variables]:environment variable: " \ - "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" \ - "($help)--privileged[Give extended Linux capabilities to the command]" \ - "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" \ - "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" \ - "($help -):containers:__docker_complete_running_containers" \ - "($help -)*::command:->anycommand" && ret=0 - case $state in - (anycommand) - shift 1 words - (( CURRENT-- )) - _normal && ret=0 - ;; - esac - ;; - (export) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -o --output)"{-o=,--output=}"[Write to a file, instead of stdout]:output file:_files" \ - "($help -)*:containers:__docker_complete_containers" && ret=0 - ;; - (inspect) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ - "($help -s --size)"{-s,--size}"[Display total file sizes]" \ - "($help -)*:containers:__docker_complete_containers" && ret=0 - ;; - (kill) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -s --signal)"{-s=,--signal=}"[Signal to send]:signal:_signals" \ - "($help -)*:containers:__docker_complete_running_containers" && ret=0 - ;; - (logs) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)--details[Show extra details provided to logs]" \ - "($help -f --follow)"{-f,--follow}"[Follow log output]" \ - "($help -s --since)"{-s=,--since=}"[Show logs since this timestamp]:timestamp: " \ - "($help -t --timestamps)"{-t,--timestamps}"[Show timestamps]" \ - "($help)--tail=[Output the last K lines]:lines:(1 10 20 50 all)" \ - "($help -)*:containers:__docker_complete_containers" && ret=0 - ;; - (ls|list) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -a --all)"{-a,--all}"[Show all containers]" \ - "($help)--before=[Show only container created before...]:containers:__docker_complete_containers" \ - "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_ps_filters" \ - "($help)--format=[Pretty-print containers using a Go template]:template: " \ - "($help -l --latest)"{-l,--latest}"[Show only the latest created container]" \ - "($help -n --last)"{-n=,--last=}"[Show n last created containers (includes all states)]:n:(1 5 10 25 50)" \ - "($help)--no-trunc[Do not truncate output]" \ - "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ - "($help -s --size)"{-s,--size}"[Display total file sizes]" \ - "($help)--since=[Show only containers created since...]:containers:__docker_complete_containers" && ret=0 - ;; - (pause|unpause) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -)*:containers:__docker_complete_running_containers" && ret=0 - ;; - (port) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -)1:containers:__docker_complete_running_containers" \ - "($help -)2:port:_ports" && ret=0 - ;; - (prune) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)*--filter=[Filter values]:filter:__docker_complete_prune_filters" \ - "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0 - ;; - (rename) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -):old name:__docker_complete_containers" \ - "($help -):new name: " && ret=0 - ;; - (restart) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -t --time)"{-t=,--time=}"[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)" \ - "($help -)*:containers:__docker_complete_containers_ids" && ret=0 - ;; - (rm) - local state - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --force)"{-f,--force}"[Force removal]" \ - "($help -l --link)"{-l,--link}"[Remove the specified link and not the underlying container]" \ - "($help -v --volumes)"{-v,--volumes}"[Remove the volumes associated to the container]" \ - "($help -)*:containers:->values" && ret=0 - case $state in - (values) - if [[ ${words[(r)-f]} == -f || ${words[(r)--force]} == --force ]]; then - __docker_complete_containers && ret=0 - else - __docker_complete_stopped_containers && ret=0 - fi - ;; - esac - ;; - (run) - local state - _arguments $(__docker_arguments) \ - $opts_help \ - $opts_create_run \ - $opts_create_run_update \ - $opts_attach_exec_run_start \ - "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \ - "($help)--health-cmd=[Command to run to check health]:command: " \ - "($help)--health-interval=[Time between running the check]:time: " \ - "($help)--health-retries=[Consecutive failures needed to report unhealthy]:retries:(1 2 3 4 5)" \ - "($help)--health-timeout=[Maximum time to allow one check to run]:time: " \ - "($help)--no-healthcheck[Disable any container-specified HEALTHCHECK]" \ - "($help)--rm[Remove intermediate containers when it exits]" \ - "($help)--runtime=[Name of the runtime to be used for that container]:runtime:__docker_complete_runtimes" \ - "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ - "($help)--storage-opt=[Storage driver options for the container]:storage options:->storage-opt" \ - "($help -): :__docker_complete_images" \ - "($help -):command: _command_names -e" \ - "($help -)*::arguments: _normal" && ret=0 - case $state in - (link) - if compset -P "*:"; then - _wanted alias expl "Alias" compadd -E "" && ret=0 - else - __docker_complete_running_containers -qS ":" && ret=0 - fi - ;; - (storage-opt) - if compset -P "*="; then - _message "value" && ret=0 - else - opts=('size') - _describe -t filter-opts "storage options" opts -qS "=" && ret=0 - fi - ;; - esac - ;; - (start) - _arguments $(__docker_arguments) \ - $opts_help \ - $opts_attach_exec_run_start \ - "($help -a --attach)"{-a,--attach}"[Attach container's stdout/stderr and forward all signals]" \ - "($help -i --interactive)"{-i,--interactive}"[Attach container's stding]" \ - "($help -)*:containers:__docker_complete_stopped_containers" && ret=0 - ;; - (stats) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -a --all)"{-a,--all}"[Show all containers (default shows just running)]" \ - "($help)--format=[Pretty-print images using a Go template]:template: " \ - "($help)--no-stream[Disable streaming stats and only pull the first result]" \ - "($help -)*:containers:__docker_complete_running_containers" && ret=0 - ;; - (stop) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -t --time)"{-t=,--time=}"[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)" \ - "($help -)*:containers:__docker_complete_running_containers" && ret=0 - ;; - (top) - local state - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -)1:containers:__docker_complete_running_containers" \ - "($help -)*:: :->ps-arguments" && ret=0 - case $state in - (ps-arguments) - _ps && ret=0 - ;; - esac - ;; - (update) - local state - _arguments $(__docker_arguments) \ - $opts_help \ - opts_create_run_update \ - "($help -)*: :->values" && ret=0 - case $state in - (values) - if [[ ${words[(r)--kernel-memory*]} = (--kernel-memory*) ]]; then - __docker_complete_stopped_containers && ret=0 - else - __docker_complete_containers && ret=0 - fi - ;; - esac - ;; - (wait) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -)*:containers:__docker_complete_running_containers" && ret=0 - ;; - (help) - _arguments $(__docker_arguments) ":subcommand:__docker_container_commands" && ret=0 - ;; - esac - - return ret -} - -# EO container - -# BO image - -__docker_image_commands() { - local -a _docker_image_subcommands - _docker_image_subcommands=( - "build:Build an image from a Dockerfile" - "history:Show the history of an image" - "import:Import the contents from a tarball to create a filesystem image" - "inspect:Display detailed information on one or more images" - "load:Load an image from a tar archive or STDIN" - "ls:List images" - "prune:Remove unused images" - "pull:Pull an image or a repository from a registry" - "push:Push an image or a repository to a registry" - "rm:Remove one or more images" - "save:Save one or more images to a tar archive (streamed to STDOUT by default)" - "tag:Tag an image into a repository" - ) - _describe -t docker-image-commands "docker image command" _docker_image_subcommands -} - -__docker_image_subcommand() { - local -a _command_args opts_help - local expl help="--help" - integer ret=1 - - opts_help=("(: -)--help[Print usage]") - - case "$words[1]" in - (build) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)*--add-host=[Add a custom host-to-IP mapping]:host\:ip mapping: " \ - "($help)*--build-arg=[Build-time variables]:=: " \ - "($help)*--cache-from=[Images to consider as cache sources]: :__docker_complete_repositories_with_tags" \ - "($help -c --cpu-shares)"{-c=,--cpu-shares=}"[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" \ - "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " \ - "($help)--compress[Compress the build context using gzip]" \ - "($help)--cpu-period=[Limit the CPU CFS (Completely Fair Scheduler) period]:CPU period: " \ - "($help)--cpu-quota=[Limit the CPU CFS (Completely Fair Scheduler) quota]:CPU quota: " \ - "($help)--cpu-rt-period=[Limit the CPU real-time period]:CPU real-time period in microseconds: " \ - "($help)--cpu-rt-runtime=[Limit the CPU real-time runtime]:CPU real-time runtime in microseconds: " \ - "($help)--cpuset-cpus=[CPUs in which to allow execution]:CPUs: " \ - "($help)--cpuset-mems=[MEMs in which to allow execution]:MEMs: " \ - "($help)--disable-content-trust[Skip image verification]" \ - "($help -f --file)"{-f=,--file=}"[Name of the Dockerfile]:Dockerfile:_files" \ - "($help)--force-rm[Always remove intermediate containers]" \ - "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)" \ - "($help)*--label=[Set metadata for an image]:label=value: " \ - "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: " \ - "($help)--memory-swap=[Total memory limit with swap]:Memory limit: " \ - "($help)--network=[Connect a container to a network]:network mode:(bridge none container host)" \ - "($help)--no-cache[Do not use cache when building the image]" \ - "($help)--pull[Attempt to pull a newer version of the image]" \ - "($help -q --quiet)"{-q,--quiet}"[Suppress verbose build output]" \ - "($help)--rm[Remove intermediate containers after a successful build]" \ - "($help)*--shm-size=[Size of '/dev/shm' (format is '')]:shm size: " \ - "($help)--squash[Squash newly built layers into a single new layer]" \ - "($help -t --tag)*"{-t=,--tag=}"[Repository, name and tag for the image]: :__docker_complete_repositories_with_tags" \ - "($help)*--ulimit=[ulimit options]:ulimit: " \ - "($help)--userns=[Container user namespace]:user namespace:(host)" \ - "($help -):path or URL:_directories" && ret=0 - ;; - (history) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -H --human)"{-H,--human}"[Print sizes and dates in human readable format]" \ - "($help)--no-trunc[Do not truncate output]" \ - "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ - "($help -)*: :__docker_complete_images" && ret=0 - ;; - (import) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)*"{-c=,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ - "($help -m --message)"{-m=,--message=}"[Commit message for imported image]:message: " \ - "($help -):URL:(- http:// file://)" \ - "($help -): :__docker_complete_repositories_with_tags" && ret=0 - ;; - (inspect) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ - "($help -)*:images:__docker_complete_images" && ret=0 - ;; - (load) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -i --input)"{-i=,--input=}"[Read from tar archive file]:archive file:_files -g \"*.((tar|TAR)(.gz|.GZ|.Z|.bz2|.lzma|.xz|)|(tbz|tgz|txz))(-.)\"" \ - "($help -q --quiet)"{-q,--quiet}"[Suppress the load output]" && ret=0 - ;; - (ls|list) - local state - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -a --all)"{-a,--all}"[Show all images]" \ - "($help)--digests[Show digests]" \ - "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_images_filters" \ - "($help)--format=[Pretty-print images using a Go template]:template: " \ - "($help)--no-trunc[Do not truncate output]" \ - "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ - "($help -): :__docker_complete_repositories" && ret=0 - ;; - (prune) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -a --all)"{-a,--all}"[Remove all unused images, not just dangling ones]" \ - "($help)*--filter=[Filter values]:filter:__docker_complete_prune_filters" \ - "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0 - ;; - (pull) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -a --all-tags)"{-a,--all-tags}"[Download all tagged images]" \ - "($help)--disable-content-trust[Skip image verification]" \ - "($help -):name:__docker_search" && ret=0 - ;; - (push) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)--disable-content-trust[Skip image signing]" \ - "($help -): :__docker_complete_images" && ret=0 - ;; - (rm) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --force)"{-f,--force}"[Force removal]" \ - "($help)--no-prune[Do not delete untagged parents]" \ - "($help -)*: :__docker_complete_images" && ret=0 - ;; - (save) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -o --output)"{-o=,--output=}"[Write to file]:file:_files" \ - "($help -)*: :__docker_complete_images" && ret=0 - ;; - (tag) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -):source:__docker_complete_images"\ - "($help -):destination:__docker_complete_repositories_with_tags" && ret=0 - ;; - (help) - _arguments $(__docker_arguments) ":subcommand:__docker_container_commands" && ret=0 - ;; - esac - - return ret -} - -# EO image - -# BO network - -__docker_network_complete_ls_filters() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - - if compset -P '*='; then - case "${${words[-1]%=*}#*=}" in - (driver) - __docker_complete_info_plugins Network && ret=0 - ;; - (id) - __docker_complete_networks_ids && ret=0 - ;; - (name) - __docker_complete_networks_names && ret=0 - ;; - (scope) - opts=('global' 'local' 'swarm') - _describe -t scope-filter-opts "Scope filter options" opts && ret=0 - ;; - (type) - opts=('builtin' 'custom') - _describe -t type-filter-opts "Type filter options" opts && ret=0 - ;; - *) - _message 'value' && ret=0 - ;; - esac - else - opts=('driver' 'id' 'label' 'name' 'scope' 'type') - _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0 - fi - - return ret -} - -__docker_get_networks() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - local line s - declare -a lines networks - - type=$1; shift - - lines=(${(f)${:-"$(_call_program commands docker $docker_options network ls)"$'\n'}}) - - # Parse header line to find columns - local i=1 j=1 k header=${lines[1]} - declare -A begin end - while (( j < ${#header} - 1 )); do - i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 )) - j=$(( i + ${${header[$i,-1]}[(i) ]} - 1 )) - k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 )) - begin[${header[$i,$((j-1))]}]=$i - end[${header[$i,$((j-1))]}]=$k - done - end[${header[$i,$((j-1))]}]=-1 - lines=(${lines[2,-1]}) - - # Network ID - if [[ $type = (ids|all) ]]; then - for line in $lines; do - s="${line[${begin[NETWORK ID]},${end[NETWORK ID]}]%% ##}" - s="$s:${(l:7:: :::)${${line[${begin[DRIVER]},${end[DRIVER]}]}%% ##}}" - s="$s, ${${line[${begin[SCOPE]},${end[SCOPE]}]}%% ##}" - networks=($networks $s) - done - fi - - # Names - if [[ $type = (names|all) ]]; then - for line in $lines; do - s="${line[${begin[NAME]},${end[NAME]}]%% ##}" - s="$s:${(l:7:: :::)${${line[${begin[DRIVER]},${end[DRIVER]}]}%% ##}}" - s="$s, ${${line[${begin[SCOPE]},${end[SCOPE]}]}%% ##}" - networks=($networks $s) - done - fi - - _describe -t networks-list "networks" networks "$@" && ret=0 - return ret -} - -__docker_complete_networks() { - [[ $PREFIX = -* ]] && return 1 - __docker_get_networks all "$@" -} - -__docker_complete_networks_ids() { - [[ $PREFIX = -* ]] && return 1 - __docker_get_networks ids "$@" -} - -__docker_complete_networks_names() { - [[ $PREFIX = -* ]] && return 1 - __docker_get_networks names "$@" -} - -__docker_network_commands() { - local -a _docker_network_subcommands - _docker_network_subcommands=( - "connect:Connect a container to a network" - "create:Creates a new network with a name specified by the user" - "disconnect:Disconnects a container from a network" - "inspect:Displays detailed information on a network" - "ls:Lists all the networks created by the user" - "prune:Remove all unused networks" - "rm:Deletes one or more networks" - ) - _describe -t docker-network-commands "docker network command" _docker_network_subcommands -} - -__docker_network_subcommand() { - local -a _command_args opts_help - local expl help="--help" - integer ret=1 - - opts_help=("(: -)--help[Print usage]") - - case "$words[1]" in - (connect) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)*--alias=[Add network-scoped alias for the container]:alias: " \ - "($help)--ip=[IPv4 address]:IPv4: " \ - "($help)--ip6=[IPv6 address]:IPv6: " \ - "($help)*--link=[Add a link to another container]:link:->link" \ - "($help)*--link-local-ip=[Add a link-local address for the container]:IPv4/IPv6: " \ - "($help -)1:network:__docker_complete_networks" \ - "($help -)2:containers:__docker_complete_containers" && ret=0 - - case $state in - (link) - if compset -P "*:"; then - _wanted alias expl "Alias" compadd -E "" && ret=0 - else - __docker_complete_running_containers -qS ":" && ret=0 - fi - ;; - esac - ;; - (create) - _arguments $(__docker_arguments) -A '-*' \ - $opts_help \ - "($help)--attachable[Enable manual container attachment]" \ - "($help)*--aux-address[Auxiliary IPv4 or IPv6 addresses used by network driver]:key=IP: " \ - "($help -d --driver)"{-d=,--driver=}"[Driver to manage the Network]:driver:(null host bridge overlay)" \ - "($help)*--gateway=[IPv4 or IPv6 Gateway for the master subnet]:IP: " \ - "($help)--internal[Restricts external access to the network]" \ - "($help)*--ip-range=[Allocate container ip from a sub-range]:IP/mask: " \ - "($help)--ipam-driver=[IP Address Management Driver]:driver:(default)" \ - "($help)*--ipam-opt=[Custom IPAM plugin options]:opt=value: " \ - "($help)--ipv6[Enable IPv6 networking]" \ - "($help)*--label=[Set metadata on a network]:label=value: " \ - "($help)*"{-o=,--opt=}"[Driver specific options]:opt=value: " \ - "($help)*--subnet=[Subnet in CIDR format that represents a network segment]:IP/mask: " \ - "($help -)1:Network Name: " && ret=0 - ;; - (disconnect) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -)1:network:__docker_complete_networks" \ - "($help -)2:containers:__docker_complete_containers" && ret=0 - ;; - (inspect) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ - "($help)--verbose[Show detailed information]" \ - "($help -)*:network:__docker_complete_networks" && ret=0 - ;; - (ls) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)--no-trunc[Do not truncate the output]" \ - "($help)*"{-f=,--filter=}"[Provide filter values]:filter:__docker_network_complete_ls_filters" \ - "($help)--format=[Pretty-print networks using a Go template]:template: " \ - "($help -q --quiet)"{-q,--quiet}"[Only display numeric IDs]" && ret=0 - ;; - (prune) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)*--filter=[Filter values]:filter:__docker_complete_prune_filters" \ - "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0 - ;; - (rm) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -)*:network:__docker_complete_networks" && ret=0 - ;; - (help) - _arguments $(__docker_arguments) ":subcommand:__docker_network_commands" && ret=0 - ;; - esac - - return ret -} - -# EO network - -# BO node - -__docker_node_complete_ls_filters() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - - if compset -P '*='; then - case "${${words[-1]%=*}#*=}" in - (id) - __docker_complete_nodes_ids && ret=0 - ;; - (membership) - membership_opts=('accepted' 'pending' 'rejected') - _describe -t membership-opts "membership options" membership_opts && ret=0 - ;; - (name) - __docker_complete_nodes_names && ret=0 - ;; - (role) - role_opts=('manager' 'worker') - _describe -t role-opts "role options" role_opts && ret=0 - ;; - *) - _message 'value' && ret=0 - ;; - esac - else - opts=('id' 'label' 'membership' 'name' 'role') - _describe -t filter-opts "filter options" opts -qS "=" && ret=0 - fi - - return ret -} - -__docker_node_complete_ps_filters() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - - if compset -P '*='; then - case "${${words[-1]%=*}#*=}" in - (desired-state) - state_opts=('accepted' 'running' 'shutdown') - _describe -t state-opts "desired state options" state_opts && ret=0 - ;; - *) - _message 'value' && ret=0 - ;; - esac - else - opts=('desired-state' 'id' 'label' 'name') - _describe -t filter-opts "filter options" opts -qS "=" && ret=0 - fi - - return ret -} - -__docker_nodes() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - local line s - declare -a lines nodes args - - type=$1; shift - filter=$1; shift - [[ $filter != "none" ]] && args=("-f $filter") - - lines=(${(f)${:-"$(_call_program commands docker $docker_options node ls $args)"$'\n'}}) - # Parse header line to find columns - local i=1 j=1 k header=${lines[1]} - declare -A begin end - while (( j < ${#header} - 1 )); do - i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 )) - j=$(( i + ${${header[$i,-1]}[(i) ]} - 1 )) - k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 )) - begin[${header[$i,$((j-1))]}]=$i - end[${header[$i,$((j-1))]}]=$k - done - end[${header[$i,$((j-1))]}]=-1 - lines=(${lines[2,-1]}) - - # Node ID - if [[ $type = (ids|all) ]]; then - for line in $lines; do - s="${line[${begin[ID]},${end[ID]}]%% ##}" - nodes=($nodes $s) - done - fi - - # Names - if [[ $type = (names|all) ]]; then - for line in $lines; do - s="${line[${begin[NAME]},${end[NAME]}]%% ##}" - nodes=($nodes $s) - done - fi - - _describe -t nodes-list "nodes" nodes "$@" && ret=0 - return ret -} - -__docker_complete_nodes() { - [[ $PREFIX = -* ]] && return 1 - __docker_nodes all none "$@" -} - -__docker_complete_nodes_ids() { - [[ $PREFIX = -* ]] && return 1 - __docker_nodes ids none "$@" -} - -__docker_complete_nodes_names() { - [[ $PREFIX = -* ]] && return 1 - __docker_nodes names none "$@" -} - -__docker_complete_pending_nodes() { - [[ $PREFIX = -* ]] && return 1 - __docker_nodes all "membership=pending" "$@" -} - -__docker_complete_manager_nodes() { - [[ $PREFIX = -* ]] && return 1 - __docker_nodes all "role=manager" "$@" -} - -__docker_complete_worker_nodes() { - [[ $PREFIX = -* ]] && return 1 - __docker_nodes all "role=worker" "$@" -} - -__docker_node_commands() { - local -a _docker_node_subcommands - _docker_node_subcommands=( - "demote:Demote a node as manager in the swarm" - "inspect:Display detailed information on one or more nodes" - "ls:List nodes in the swarm" - "promote:Promote a node as manager in the swarm" - "rm:Remove one or more nodes from the swarm" - "ps:List tasks running on one or more nodes, defaults to current node" - "update:Update a node" - ) - _describe -t docker-node-commands "docker node command" _docker_node_subcommands -} - -__docker_node_subcommand() { - local -a _command_args opts_help - local expl help="--help" - integer ret=1 - - opts_help=("(: -)--help[Print usage]") - - case "$words[1]" in - (rm|remove) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --force)"{-f,--force}"[Force remove a node from the swarm]" \ - "($help -)*:node:__docker_complete_pending_nodes" && ret=0 - ;; - (demote) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -)*:node:__docker_complete_manager_nodes" && ret=0 - ;; - (inspect) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ - "($help)--pretty[Print the information in a human friendly format]" \ - "($help -)*:node:__docker_complete_nodes" && ret=0 - ;; - (ls|list) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)*"{-f=,--filter=}"[Provide filter values]:filter:__docker_node_complete_ls_filters" \ - "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" && ret=0 - ;; - (promote) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -)*:node:__docker_complete_worker_nodes" && ret=0 - ;; - (ps) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -a --all)"{-a,--all}"[Display all instances]" \ - "($help)*"{-f=,--filter=}"[Provide filter values]:filter:__docker_node_complete_ps_filters" \ - "($help)--format=[Format the output using the given go template]:template: " \ - "($help)--no-resolve[Do not map IDs to Names]" \ - "($help)--no-trunc[Do not truncate output]" \ - "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" \ - "($help -)*:node:__docker_complete_nodes" && ret=0 - ;; - (update) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)--availability=[Availability of the node]:availability:(active pause drain)" \ - "($help)*--label-add=[Add or update a node label]:key=value: " \ - "($help)*--label-rm=[Remove a node label if exists]:label: " \ - "($help)--role=[Role of the node]:role:(manager worker)" \ - "($help -)1:node:__docker_complete_nodes" && ret=0 - ;; - (help) - _arguments $(__docker_arguments) ":subcommand:__docker_node_commands" && ret=0 - ;; - esac - - return ret -} - -# EO node - -# BO plugin - -__docker_plugin_complete_ls_filters() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - - if compset -P '*='; then - case "${${words[-1]%=*}#*=}" in - (capability) - opts=('authz' 'ipamdriver' 'networkdriver' 'volumedriver') - _describe -t capability-opts "capability options" opts && ret=0 - ;; - (enabled) - opts=('false' 'true') - _describe -t enabled-opts "enabled options" opts && ret=0 - ;; - *) - _message 'value' && ret=0 - ;; - esac - else - opts=('capability' 'enabled') - _describe -t filter-opts "filter options" opts -qS "=" && ret=0 - fi - - return ret -} - -__docker_plugins() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - local line s - declare -a lines plugins args - - filter=$1; shift - [[ $filter != "none" ]] && args=("-f $filter") - - lines=(${(f)${:-"$(_call_program commands docker $docker_options plugin ls $args)"$'\n'}}) - - # Parse header line to find columns - local i=1 j=1 k header=${lines[1]} - declare -A begin end - while (( j < ${#header} - 1 )); do - i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 )) - j=$(( i + ${${header[$i,-1]}[(i) ]} - 1 )) - k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 )) - begin[${header[$i,$((j-1))]}]=$i - end[${header[$i,$((j-1))]}]=$k - done - end[${header[$i,$((j-1))]}]=-1 - lines=(${lines[2,-1]}) - - # Name - for line in $lines; do - s="${line[${begin[NAME]},${end[NAME]}]%% ##}" - s="$s:${(l:7:: :::)${${line[${begin[TAG]},${end[TAG]}]}%% ##}}" - plugins=($plugins $s) - done - - _describe -t plugins-list "plugins" plugins "$@" && ret=0 - return ret -} - -__docker_complete_plugins() { - [[ $PREFIX = -* ]] && return 1 - __docker_plugins none "$@" -} - -__docker_complete_enabled_plugins() { - [[ $PREFIX = -* ]] && return 1 - __docker_plugins enabled=true "$@" -} - -__docker_complete_disabled_plugins() { - [[ $PREFIX = -* ]] && return 1 - __docker_plugins enabled=false "$@" -} - -__docker_plugin_commands() { - local -a _docker_plugin_subcommands - _docker_plugin_subcommands=( - "disable:Disable a plugin" - "enable:Enable a plugin" - "inspect:Return low-level information about a plugin" - "install:Install a plugin" - "ls:List plugins" - "push:Push a plugin" - "rm:Remove a plugin" - "set:Change settings for a plugin" - "upgrade:Upgrade an existing plugin" - ) - _describe -t docker-plugin-commands "docker plugin command" _docker_plugin_subcommands -} - -__docker_plugin_subcommand() { - local -a _command_args opts_help - local expl help="--help" - integer ret=1 - - opts_help=("(: -)--help[Print usage]") - - case "$words[1]" in - (disable) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --force)"{-f,--force}"[Force the disable of an active plugin]" \ - "($help -)1:plugin:__docker_complete_enabled_plugins" && ret=0 - ;; - (enable) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)--timeout=[HTTP client timeout (in seconds)]:timeout: " \ - "($help -)1:plugin:__docker_complete_disabled_plugins" && ret=0 - ;; - (inspect) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --format)"{-f=,--format=}"[Format the output using the given Go template]:template: " \ - "($help -)*:plugin:__docker_complete_plugins" && ret=0 - ;; - (install) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)--alias=[Local name for plugin]:alias: " \ - "($help)--disable[Do not enable the plugin on install]" \ - "($help)--disable-content-trust[Skip image verification (default true)]" \ - "($help)--grant-all-permissions[Grant all permissions necessary to run the plugin]" \ - "($help -)1:plugin:__docker_complete_plugins" \ - "($help -)*:key=value: " && ret=0 - ;; - (ls|list) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)*"{-f=,--filter=}"[Filter output based on conditions provided]:filter:__docker_plugin_complete_ls_filters" \ - "($help --format)--format=[Format the output using the given Go template]:template: " \ - "($help)--no-trunc[Don't truncate output]" \ - "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" && ret=0 - ;; - (push) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)--disable-content-trust[Skip image verification (default true)]" \ - "($help -)1:plugin:__docker_complete_plugins" && ret=0 - ;; - (rm|remove) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --force)"{-f,--force}"[Force the removal of an active plugin]" \ - "($help -)*:plugin:__docker_complete_plugins" && ret=0 - ;; - (set) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -)1:plugin:__docker_complete_plugins" \ - "($help -)*:key=value: " && ret=0 - ;; - (upgrade) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)--disable-content-trust[Skip image verification (default true)]" \ - "($help)--grant-all-permissions[Grant all permissions necessary to run the plugin]" \ - "($help)--skip-remote-check[Do not check if specified remote plugin matches existing plugin image]" \ - "($help -)1:plugin:__docker_complete_plugins" \ - "($help -):remote: " && ret=0 - ;; - (help) - _arguments $(__docker_arguments) ":subcommand:__docker_plugin_commands" && ret=0 - ;; - esac - - return ret -} - -# EO plugin - -# BO secret - -__docker_secrets() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - local line s - declare -a lines secrets - - type=$1; shift - - lines=(${(f)${:-"$(_call_program commands docker $docker_options secret ls)"$'\n'}}) - - # Parse header line to find columns - local i=1 j=1 k header=${lines[1]} - declare -A begin end - while (( j < ${#header} - 1 )); do - i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 )) - j=$(( i + ${${header[$i,-1]}[(i) ]} - 1 )) - k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 )) - begin[${header[$i,$((j-1))]}]=$i - end[${header[$i,$((j-1))]}]=$k - done - end[${header[$i,$((j-1))]}]=-1 - lines=(${lines[2,-1]}) - - # ID - if [[ $type = (ids|all) ]]; then - for line in $lines; do - s="${line[${begin[ID]},${end[ID]}]%% ##}" - secrets=($secrets $s) - done - fi - - # Names - if [[ $type = (names|all) ]]; then - for line in $lines; do - s="${line[${begin[NAME]},${end[NAME]}]%% ##}" - secrets=($secrets $s) - done - fi - - _describe -t secrets-list "secrets" secrets "$@" && ret=0 - return ret -} - -__docker_complete_secrets() { - [[ $PREFIX = -* ]] && return 1 - __docker_secrets all "$@" -} - -__docker_secret_commands() { - local -a _docker_secret_subcommands - _docker_secret_subcommands=( - "create:Create a secret using stdin as content" - "inspect:Display detailed information on one or more secrets" - "ls:List secrets" - "rm:Remove one or more secrets" - ) - _describe -t docker-secret-commands "docker secret command" _docker_secret_subcommands -} - -__docker_secret_subcommand() { - local -a _command_args opts_help - local expl help="--help" - integer ret=1 - - opts_help=("(: -)--help[Print usage]") - - case "$words[1]" in - (create) - _arguments $(__docker_arguments) -A '-*' \ - $opts_help \ - "($help)*"{-l=,--label=}"[Secret labels]:label: " \ - "($help -):secret: " && ret=0 - ;; - (inspect) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --format)"{-f=,--format=}"[Format the output using the given Go template]:template: " \ - "($help -)*:secret:__docker_complete_secrets" && ret=0 - ;; - (ls|list) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)--format=[Format the output using the given go template]:template: " \ - "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" && ret=0 - ;; - (rm|remove) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -)*:secret:__docker_complete_secrets" && ret=0 - ;; - (help) - _arguments $(__docker_arguments) ":subcommand:__docker_secret_commands" && ret=0 - ;; - esac - - return ret -} - -# EO secret - -# BO service - -__docker_service_complete_ls_filters() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - - if compset -P '*='; then - case "${${words[-1]%=*}#*=}" in - (id) - __docker_complete_services_ids && ret=0 - ;; - (mode) - opts=('global' 'replicated') - _describe -t mode-opts "mode options" opts && ret=0 - ;; - (name) - __docker_complete_services_names && ret=0 - ;; - *) - _message 'value' && ret=0 - ;; - esac - else - opts=('id' 'label' 'mode' 'name') - _describe -t filter-opts "filter options" opts -qS "=" && ret=0 - fi - - return ret -} - -__docker_service_complete_ps_filters() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - - if compset -P '*='; then - case "${${words[-1]%=*}#*=}" in - (desired-state) - state_opts=('accepted' 'running' 'shutdown') - _describe -t state-opts "desired state options" state_opts && ret=0 - ;; - *) - _message 'value' && ret=0 - ;; - esac - else - opts=('desired-state' 'id' 'label' 'name') - _describe -t filter-opts "filter options" opts -qS "=" && ret=0 - fi - - return ret -} - -__docker_service_complete_placement_pref() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - - if compset -P '*='; then - case "${${words[-1]%=*}#*=}" in - (spread) - opts=('engine.labels' 'node.labels') - _describe -t spread-opts "spread options" opts -qS "." && ret=0 - ;; - *) - _message 'value' && ret=0 - ;; - esac - else - opts=('spread') - _describe -t pref-opts "placement pref options" opts -qS "=" && ret=0 - fi - - return ret -} - -__docker_services() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - local line s - declare -a lines services - - type=$1; shift - - lines=(${(f)${:-"$(_call_program commands docker $docker_options service ls)"$'\n'}}) - - # Parse header line to find columns - local i=1 j=1 k header=${lines[1]} - declare -A begin end - while (( j < ${#header} - 1 )); do - i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 )) - j=$(( i + ${${header[$i,-1]}[(i) ]} - 1 )) - k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 )) - begin[${header[$i,$((j-1))]}]=$i - end[${header[$i,$((j-1))]}]=$k - done - end[${header[$i,$((j-1))]}]=-1 - lines=(${lines[2,-1]}) - - # Service ID - if [[ $type = (ids|all) ]]; then - for line in $lines; do - s="${line[${begin[ID]},${end[ID]}]%% ##}" - s="$s:${(l:7:: :::)${${line[${begin[IMAGE]},${end[IMAGE]}]}%% ##}}" - services=($services $s) - done - fi - - # Names - if [[ $type = (names|all) ]]; then - for line in $lines; do - s="${line[${begin[NAME]},${end[NAME]}]%% ##}" - s="$s:${(l:7:: :::)${${line[${begin[IMAGE]},${end[IMAGE]}]}%% ##}}" - services=($services $s) - done - fi - - _describe -t services-list "services" services "$@" && ret=0 - return ret -} - -__docker_complete_services() { - [[ $PREFIX = -* ]] && return 1 - __docker_services all "$@" -} - -__docker_complete_services_ids() { - [[ $PREFIX = -* ]] && return 1 - __docker_services ids "$@" -} - -__docker_complete_services_names() { - [[ $PREFIX = -* ]] && return 1 - __docker_services names "$@" -} - -__docker_service_commands() { - local -a _docker_service_subcommands - _docker_service_subcommands=( - "create:Create a new service" - "inspect:Display detailed information on one or more services" - "logs:Fetch the logs of a service or task" - "ls:List services" - "rm:Remove one or more services" - "scale:Scale one or multiple replicated services" - "ps:List the tasks of a service" - "update:Update a service" - ) - _describe -t docker-service-commands "docker service command" _docker_service_subcommands -} - -__docker_service_subcommand() { - local -a _command_args opts_help opts_create_update - local expl help="--help" - integer ret=1 - - opts_help=("(: -)--help[Print usage]") - opts_create_update=( - "($help)*--constraint=[Placement constraints]:constraint: " - "($help)--endpoint-mode=[Placement constraints]:mode:(dnsrr vip)" - "($help)*"{-e=,--env=}"[Set environment variables]:env: " - "($help)--health-cmd=[Command to run to check health]:command: " - "($help)--health-interval=[Time between running the check]:time: " - "($help)--health-retries=[Consecutive failures needed to report unhealthy]:retries:(1 2 3 4 5)" - "($help)--health-timeout=[Maximum time to allow one check to run]:time: " - "($help)--hostname=[Service container hostname]:hostname: " \ - "($help)*--label=[Service labels]:label: " - "($help)--limit-cpu=[Limit CPUs]:value: " - "($help)--limit-memory=[Limit Memory]:value: " - "($help)--log-driver=[Logging driver for service]:logging driver:__docker_complete_log_drivers" - "($help)*--log-opt=[Logging driver options]:log driver options:__docker_complete_log_options" - "($help)*--mount=[Attach a filesystem mount to the service]:mount: " - "($help)*--network=[Network attachments]:network: " - "($help)--no-healthcheck[Disable any container-specified HEALTHCHECK]" - "($help)*"{-p=,--publish=}"[Publish a port as a node port]:port: " - "($help)--read-only[Mount the container's root filesystem as read only]" - "($help)--replicas=[Number of tasks]:replicas: " - "($help)--reserve-cpu=[Reserve CPUs]:value: " - "($help)--reserve-memory=[Reserve Memory]:value: " - "($help)--restart-condition=[Restart when condition is met]:mode:(any none on-failure)" - "($help)--restart-delay=[Delay between restart attempts]:delay: " - "($help)--restart-max-attempts=[Maximum number of restarts before giving up]:max-attempts: " - "($help)--restart-window=[Window used to evaluate the restart policy]:duration: " - "($help)--rollback-delay=[Delay between task rollbacks]:duration: " - "($help)--rollback-failure-action=[Action on rollback failure]:action:(continue pause)" - "($help)--rollback-max-failure-ratio=[Failure rate to tolerate during a rollback]:failure rate: " - "($help)--rollback-monitor=[Duration after each task rollback to monitor for failure]:duration: " - "($help)--rollback-parallelism=[Maximum number of tasks rolled back simultaneously]:number: " - "($help)*--secret=[Specify secrets to expose to the service]:secret:__docker_complete_secrets" - "($help)--stop-grace-period=[Time to wait before force killing a container]:grace period: " - "($help)--stop-signal=[Signal to stop the container]:signal:_signals" - "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-TTY]" - "($help)--update-delay=[Delay between updates]:delay: " - "($help)--update-failure-action=[Action on update failure]:mode:(continue pause rollback)" - "($help)--update-max-failure-ratio=[Failure rate to tolerate during an update]:fraction: " - "($help)--update-monitor=[Duration after each task update to monitor for failure]:window: " - "($help)--update-parallelism=[Maximum number of tasks updated simultaneously]:number: " - "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" - "($help)--with-registry-auth[Send registry authentication details to swarm agents]" - "($help -w --workdir)"{-w=,--workdir=}"[Working directory inside the container]:directory:_directories" - ) - - case "$words[1]" in - (create) - _arguments $(__docker_arguments) \ - $opts_help \ - $opts_create_update \ - "($help)*--container-label=[Container labels]:label: " \ - "($help)*--dns=[Set custom DNS servers]:DNS: " \ - "($help)*--dns-option=[Set DNS options]:DNS option: " \ - "($help)*--dns-search=[Set custom DNS search domains]:DNS search: " \ - "($help)*--env-file=[Read environment variables from a file]:environment file:_files" \ - "($help)--mode=[Service Mode]:mode:(global replicated)" \ - "($help)--name=[Service name]:name: " \ - "($help)*--placement-pref=[Add a placement preference]:pref:__docker_service_complete_placement_pref" \ - "($help)*--publish=[Publish a port]:port: " \ - "($help -): :__docker_complete_images" \ - "($help -):command: _command_names -e" \ - "($help -)*::arguments: _normal" && ret=0 - ;; - (inspect) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ - "($help)--pretty[Print the information in a human friendly format]" \ - "($help -)*:service:__docker_complete_services" && ret=0 - ;; - (logs) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --follow)"{-f,--follow}"[Follow log output]" \ - "($help)--no-resolve[Do not map IDs to Names]" \ - "($help)--no-task-ids[Do not include task IDs]" \ - "($help)--no-trunc[Do not truncate output]" \ - "($help)--since=[Show logs since timestamp]:timestamp: " \ - "($help)--tail=[Number of lines to show from the end of the logs]:lines:(1 10 20 50 all)" \ - "($help -t --timestamps)"{-t,--timestamps}"[Show timestamps]" \ - "($help -)1:service:__docker_complete_services" && ret=0 - ;; - (ls|list) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)*"{-f=,--filter=}"[Filter output based on conditions provided]:filter:__docker_service_complete_ls_filters" \ - "($help)--format=[Pretty-print services using a Go template]:template: " \ - "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" && ret=0 - ;; - (rm|remove) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -)*:service:__docker_complete_services" && ret=0 - ;; - (scale) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -)*:service:->values" && ret=0 - case $state in - (values) - if compset -P '*='; then - _message 'replicas' && ret=0 - else - __docker_complete_services -qS "=" - fi - ;; - esac - ;; - (ps) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)*"{-f=,--filter=}"[Provide filter values]:filter:__docker_service_complete_ps_filters" \ - "($help)--format=[Format the output using the given go template]:template: " \ - "($help)--no-resolve[Do not map IDs to Names]" \ - "($help)--no-trunc[Do not truncate output]" \ - "($help -q --quiet)"{-q,--quiet}"[Only display task IDs]" \ - "($help -)*:service:__docker_complete_services" && ret=0 - ;; - (update) - _arguments $(__docker_arguments) \ - $opts_help \ - $opts_create_update \ - "($help)--arg=[Service command args]:arguments: _normal" \ - "($help)*--container-label-add=[Add or update container labels]:label: " \ - "($help)*--container-label-rm=[Remove a container label by its key]:label: " \ - "($help)*--dns-add=[Add or update custom DNS servers]:DNS: " \ - "($help)*--dns-rm=[Remove custom DNS servers]:DNS: " \ - "($help)*--dns-option-add=[Add or update DNS options]:DNS option: " \ - "($help)*--dns-option-rm=[Remove DNS options]:DNS option: " \ - "($help)*--dns-search-add=[Add or update custom DNS search domains]:DNS search: " \ - "($help)*--dns-search-rm=[Remove DNS search domains]:DNS search: " \ - "($help)--force[Force update]" \ - "($help)*--group-add=[Add additional supplementary user groups to the container]:group:_groups" \ - "($help)*--group-rm=[Remove previously added supplementary user groups from the container]:group:_groups" \ - "($help)--image=[Service image tag]:image:__docker_complete_repositories" \ - "($help)*--placement-pref-add=[Add a placement preference]:pref:__docker_service_complete_placement_pref" \ - "($help)*--placement-pref-rm=[Remove a placement preference]:pref:__docker_service_complete_placement_pref" \ - "($help)*--publish-add=[Add or update a port]:port: " \ - "($help)*--publish-rm=[Remove a port(target-port mandatory)]:port: " \ - "($help)--rollback[Rollback to previous specification]" \ - "($help -)1:service:__docker_complete_services" && ret=0 - ;; - (help) - _arguments $(__docker_arguments) ":subcommand:__docker_service_commands" && ret=0 - ;; - esac - - return ret -} - -# EO service - -# BO stack - -__docker_stack_complete_ps_filters() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - - if compset -P '*='; then - case "${${words[-1]%=*}#*=}" in - (desired-state) - state_opts=('accepted' 'running' 'shutdown') - _describe -t state-opts "desired state options" state_opts && ret=0 - ;; - *) - _message 'value' && ret=0 - ;; - esac - else - opts=('desired-state' 'id' 'name') - _describe -t filter-opts "filter options" opts -qS "=" && ret=0 - fi - - return ret -} - -__docker_stack_complete_services_filters() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - - if compset -P '*='; then - case "${${words[-1]%=*}#*=}" in - *) - _message 'value' && ret=0 - ;; - esac - else - opts=('id' 'label' 'name') - _describe -t filter-opts "filter options" opts -qS "=" && ret=0 - fi - - return ret -} - -__docker_stacks() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - local line s - declare -a lines stacks - - lines=(${(f)${:-"$(_call_program commands docker $docker_options stack ls)"$'\n'}}) - - # Parse header line to find columns - local i=1 j=1 k header=${lines[1]} - declare -A begin end - while (( j < ${#header} - 1 )); do - i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 )) - j=$(( i + ${${header[$i,-1]}[(i) ]} - 1 )) - k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 )) - begin[${header[$i,$((j-1))]}]=$i - end[${header[$i,$((j-1))]}]=$k - done - end[${header[$i,$((j-1))]}]=-1 - lines=(${lines[2,-1]}) - - # Service ID - for line in $lines; do - s="${line[${begin[ID]},${end[ID]}]%% ##}" - stacks=($stacks $s) - done - - _describe -t stacks-list "stacks" stacks "$@" && ret=0 - return ret -} - -__docker_complete_stacks() { - [[ $PREFIX = -* ]] && return 1 - __docker_stacks "$@" -} - -__docker_stack_commands() { - local -a _docker_stack_subcommands - _docker_stack_subcommands=( - "deploy:Deploy a new stack or update an existing stack" - "ls:List stacks" - "ps:List the tasks in the stack" - "rm:Remove the stack" - "services:List the services in the stack" - ) - _describe -t docker-stack-commands "docker stack command" _docker_stack_subcommands -} - -__docker_stack_subcommand() { - local -a _command_args opts_help - local expl help="--help" - integer ret=1 - - opts_help=("(: -)--help[Print usage]") - - case "$words[1]" in - (deploy|up) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)--bundle-file=[Path to a Distributed Application Bundle file]:dab:_files -g \"*.dab\"" \ - "($help -c --compose-file)"{-c=,--compose-file=}"[Path to a Compose file]:compose file:_files -g \"*.(yml|yaml)\"" \ - "($help)--with-registry-auth[Send registry authentication details to Swarm agents]" \ - "($help -):stack:__docker_complete_stacks" && ret=0 - ;; - (ls|list) - _arguments $(__docker_arguments) \ - $opts_help && ret=0 - ;; - (ps) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -a --all)"{-a,--all}"[Display all tasks]" \ - "($help)*"{-f=,--filter=}"[Filter output based on conditions provided]:filter:__docker_stack_complete_ps_filters" \ - "($help)--format=[Format the output using the given go template]:template: " \ - "($help)--no-resolve[Do not map IDs to Names]" \ - "($help)--no-trunc[Do not truncate output]" \ - "($help -q --quiet)"{-q,--quiet}"[Only display task IDs]" \ - "($help -):stack:__docker_complete_stacks" && ret=0 - ;; - (rm|remove|down) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -):stack:__docker_complete_stacks" && ret=0 - ;; - (services) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)*"{-f=,--filter=}"[Filter output based on conditions provided]:filter:__docker_stack_complete_services_filters" \ - "($help)--format=[Pretty-print services using a Go template]:template: " \ - "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" \ - "($help -):stack:__docker_complete_stacks" && ret=0 - ;; - (help) - _arguments $(__docker_arguments) ":subcommand:__docker_stack_commands" && ret=0 - ;; - esac - - return ret -} - -# EO stack - -# BO swarm - -__docker_swarm_commands() { - local -a _docker_swarm_subcommands - _docker_swarm_subcommands=( - "init:Initialize a swarm" - "join:Join a swarm as a node and/or manager" - "join-token:Manage join tokens" - "leave:Leave a swarm" - "unlock:Unlock swarm" - "unlock-key:Manage the unlock key" - "update:Update the swarm" - ) - _describe -t docker-swarm-commands "docker swarm command" _docker_swarm_subcommands -} - -__docker_swarm_subcommand() { - local -a _command_args opts_help - local expl help="--help" - integer ret=1 - - opts_help=("(: -)--help[Print usage]") - - case "$words[1]" in - (init) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)--advertise-addr=[Advertised address]:ip\:port: " \ - "($help)--data-path-addr=[Data path IP or interface]:ip " \ - "($help)--autolock[Enable manager autolocking]" \ - "($help)--availability=[Availability of the node]:availability:(active drain pause)" \ - "($help)--cert-expiry=[Validity period for node certificates]:duration: " \ - "($help)--dispatcher-heartbeat=[Dispatcher heartbeat period]:duration: " \ - "($help)*--external-ca=[Specifications of one or more certificate signing endpoints]:endpoint: " \ - "($help)--force-new-cluster[Force create a new cluster from current state]" \ - "($help)--listen-addr=[Listen address]:ip\:port: " \ - "($help)--max-snapshots[Number of additional Raft snapshots to retain]" \ - "($help)--snapshot-interval[Number of log entries between Raft snapshots]" \ - "($help)--task-history-limit=[Task history retention limit]:limit: " && ret=0 - ;; - (join) - _arguments $(__docker_arguments) -A '-*' \ - $opts_help \ - "($help)--advertise-addr=[Advertised address]:ip\:port: " \ - "($help)--data-path-addr=[Data path IP or interface]:ip " \ - "($help)--availability=[Availability of the node]:availability:(active drain pause)" \ - "($help)--listen-addr=[Listen address]:ip\:port: " \ - "($help)--token=[Token for entry into the swarm]:secret: " \ - "($help -):host\:port: " && ret=0 - ;; - (join-token) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -q --quiet)"{-q,--quiet}"[Only display token]" \ - "($help)--rotate[Rotate join token]" \ - "($help -):role:(manager worker)" && ret=0 - ;; - (leave) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --force)"{-f,--force}"[Force this node to leave the swarm, ignoring warnings]" && ret=0 - ;; - (unlock) - _arguments $(__docker_arguments) \ - $opts_help && ret=0 - ;; - (unlock-key) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -q --quiet)"{-q,--quiet}"[Only display token]" \ - "($help)--rotate[Rotate unlock token]" && ret=0 - ;; - (update) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)--autolock[Enable manager autolocking]" \ - "($help)--cert-expiry=[Validity period for node certificates]:duration: " \ - "($help)--dispatcher-heartbeat=[Dispatcher heartbeat period]:duration: " \ - "($help)*--external-ca=[Specifications of one or more certificate signing endpoints]:endpoint: " \ - "($help)--max-snapshots[Number of additional Raft snapshots to retain]" \ - "($help)--snapshot-interval[Number of log entries between Raft snapshots]" \ - "($help)--task-history-limit=[Task history retention limit]:limit: " && ret=0 - ;; - (help) - _arguments $(__docker_arguments) ":subcommand:__docker_network_commands" && ret=0 - ;; - esac - - return ret -} - -# EO swarm - -# BO system - -__docker_system_commands() { - local -a _docker_system_subcommands - _docker_system_subcommands=( - "df:Show docker filesystem usage" - "events:Get real time events from the server" - "info:Display system-wide information" - "prune:Remove unused data" - ) - _describe -t docker-system-commands "docker system command" _docker_system_subcommands -} - -__docker_system_subcommand() { - local -a _command_args opts_help - local expl help="--help" - integer ret=1 - - opts_help=("(: -)--help[Print usage]") - - case "$words[1]" in - (df) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -v --verbose)"{-v,--verbose}"[Show detailed information on space usage]" && ret=0 - ;; - (events) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_events_filter" \ - "($help)--since=[Events created since this timestamp]:timestamp: " \ - "($help)--until=[Events created until this timestamp]:timestamp: " \ - "($help)--format=[Format the output using the given go template]:template: " && ret=0 - ;; - (info) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " && ret=0 - ;; - (prune) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -a --all)"{-a,--all}"[Remove all unused data, not just dangling ones]" \ - "($help)*--filter=[Filter values]:filter:__docker_complete_prune_filters" \ - "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0 - ;; - (help) - _arguments $(__docker_arguments) ":subcommand:__docker_volume_commands" && ret=0 - ;; - esac - - return ret -} - -# EO system - -# BO volume - -__docker_volume_complete_ls_filters() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - - if compset -P '*='; then - case "${${words[-1]%=*}#*=}" in - (dangling) - dangling_opts=('true' 'false') - _describe -t dangling-filter-opts "Dangling Filter Options" dangling_opts && ret=0 - ;; - (driver) - __docker_complete_info_plugins Volume && ret=0 - ;; - (name) - __docker_complete_volumes && ret=0 - ;; - *) - _message 'value' && ret=0 - ;; - esac - else - opts=('dangling' 'driver' 'label' 'name') - _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0 - fi - - return ret -} - -__docker_complete_volumes() { - [[ $PREFIX = -* ]] && return 1 - integer ret=1 - declare -a lines volumes - - lines=(${(f)${:-"$(_call_program commands docker $docker_options volume ls)"$'\n'}}) - - # Parse header line to find columns - local i=1 j=1 k header=${lines[1]} - declare -A begin end - while (( j < ${#header} - 1 )); do - i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 )) - j=$(( i + ${${header[$i,-1]}[(i) ]} - 1 )) - k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 )) - begin[${header[$i,$((j-1))]}]=$i - end[${header[$i,$((j-1))]}]=$k - done - end[${header[$i,$((j-1))]}]=-1 - lines=(${lines[2,-1]}) - - # Names - local line s - for line in $lines; do - s="${line[${begin[VOLUME NAME]},${end[VOLUME NAME]}]%% ##}" - s="$s:${(l:7:: :::)${${line[${begin[DRIVER]},${end[DRIVER]}]}%% ##}}" - volumes=($volumes $s) - done - - _describe -t volumes-list "volumes" volumes && ret=0 - return ret -} - -__docker_volume_commands() { - local -a _docker_volume_subcommands - _docker_volume_subcommands=( - "create:Create a volume" - "inspect:Display detailed information on one or more volumes" - "ls:List volumes" - "prune:Remove all unused volumes" - "rm:Remove one or more volumes" - ) - _describe -t docker-volume-commands "docker volume command" _docker_volume_subcommands -} - -__docker_volume_subcommand() { - local -a _command_args opts_help - local expl help="--help" - integer ret=1 - - opts_help=("(: -)--help[Print usage]") - - case "$words[1]" in - (create) - _arguments $(__docker_arguments) -A '-*' \ - $opts_help \ - "($help -d --driver)"{-d=,--driver=}"[Volume driver name]:Driver name:(local)" \ - "($help)*--label=[Set metadata for a volume]:label=value: " \ - "($help)*"{-o=,--opt=}"[Driver specific options]:Driver option: " \ - "($help -)1:Volume name: " && ret=0 - ;; - (inspect) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ - "($help -)1:volume:__docker_complete_volumes" && ret=0 - ;; - (ls) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)*"{-f=,--filter=}"[Provide filter values]:filter:__docker_volume_complete_ls_filters" \ - "($help)--format=[Pretty-print volumes using a Go template]:template: " \ - "($help -q --quiet)"{-q,--quiet}"[Only display volume names]" && ret=0 - ;; - (prune) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0 - ;; - (rm) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --force)"{-f,--force}"[Force the removal of one or more volumes]" \ - "($help -):volume:__docker_complete_volumes" && ret=0 - ;; - (help) - _arguments $(__docker_arguments) ":subcommand:__docker_volume_commands" && ret=0 - ;; - esac - - return ret -} - -# EO volume - -__docker_caching_policy() { - oldp=( "$1"(Nmh+1) ) # 1 hour - (( $#oldp )) -} - -__docker_commands() { - local cache_policy - integer force_invalidation=0 - - zstyle -s ":completion:${curcontext}:" cache-policy cache_policy - if [[ -z "$cache_policy" ]]; then - zstyle ":completion:${curcontext}:" cache-policy __docker_caching_policy - fi - - if ( (( ! ${+_docker_hide_legacy_commands} )) || _cache_invalid docker_hide_legacy_commands ) \ - && ! _retrieve_cache docker_hide_legacy_commands; - then - _docker_hide_legacy_commands="${DOCKER_HIDE_LEGACY_COMMANDS}" - _store_cache docker_hide_legacy_commands _docker_hide_legacy_commands - fi - - if [[ "${_docker_hide_legacy_commands}" != "${DOCKER_HIDE_LEGACY_COMMANDS}" ]]; then - force_invalidation=1 - _docker_hide_legacy_commands="${DOCKER_HIDE_LEGACY_COMMANDS}" - _store_cache docker_hide_legacy_commands _docker_hide_legacy_commands - fi - - if ( [[ ${+_docker_subcommands} -eq 0 ]] || _cache_invalid docker_subcommands ) \ - && ! _retrieve_cache docker_subcommands || [[ ${force_invalidation} -eq 1 ]]; - then - local -a lines - lines=(${(f)"$(_call_program commands docker 2>&1)"}) - _docker_subcommands=(${${${(M)${lines[$((${lines[(i)*Commands:]} + 1)),-1]}:# *}## #}/ ##/:}) - _docker_subcommands=($_docker_subcommands 'daemon:Enable daemon mode' 'help:Show help for a command') - (( $#_docker_subcommands > 2 )) && _store_cache docker_subcommands _docker_subcommands - fi - _describe -t docker-commands "docker command" _docker_subcommands -} - -__docker_subcommand() { - local -a _command_args opts_help - local expl help="--help" - integer ret=1 - - opts_help=("(: -)--help[Print usage]") - - case "$words[1]" in - (attach|commit|cp|create|diff|exec|export|kill|logs|pause|unpause|port|rename|restart|rm|run|start|stats|stop|top|update|wait) - __docker_container_subcommand && ret=0 - ;; - (build|history|import|load|pull|push|save|tag) - __docker_image_subcommand && ret=0 - ;; - (checkpoint) - local curcontext="$curcontext" state - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -): :->command" \ - "($help -)*:: :->option-or-argument" && ret=0 - - case $state in - (command) - __docker_checkpoint_commands && ret=0 - ;; - (option-or-argument) - curcontext=${curcontext%:*:*}:docker-${words[-1]}: - __docker_checkpoint_subcommand && ret=0 - ;; - esac - ;; - (container) - local curcontext="$curcontext" state - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -): :->command" \ - "($help -)*:: :->option-or-argument" && ret=0 - - case $state in - (command) - __docker_container_commands && ret=0 - ;; - (option-or-argument) - curcontext=${curcontext%:*:*}:docker-${words[-1]}: - __docker_container_subcommand && ret=0 - ;; - esac - ;; - (daemon) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)*--add-runtime=[Register an additional OCI compatible runtime]:runtime:__docker_complete_runtimes" \ - "($help)*--allow-nondistributable-artifacts=[Push nondistributable artifacts to specified registries]:registry: " \ - "($help)--api-cors-header=[CORS headers in the Engine API]:CORS headers: " \ - "($help)*--authorization-plugin=[Authorization plugins to load]" \ - "($help -b --bridge)"{-b=,--bridge=}"[Attach containers to a network bridge]:bridge:_net_interfaces" \ - "($help)--bip=[Network bridge IP]:IP address: " \ - "($help)--cgroup-parent=[Parent cgroup for all containers]:cgroup: " \ - "($help)--cluster-advertise=[Address or interface name to advertise]:Instance to advertise (host\:port): " \ - "($help)--cluster-store=[URL of the distributed storage backend]:Cluster Store:->cluster-store" \ - "($help)*--cluster-store-opt=[Cluster store options]:Cluster options:->cluster-store-options" \ - "($help)--config-file=[Path to daemon configuration file]:Config File:_files" \ - "($help)--containerd=[Path to containerd socket]:socket:_files -g \"*.sock\"" \ - "($help)--data-root=[Root directory of persisted Docker data]:path:_directories" \ - "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \ - "($help)--default-gateway[Container default gateway IPv4 address]:IPv4 address: " \ - "($help)--default-gateway-v6[Container default gateway IPv6 address]:IPv6 address: " \ - "($help)--default-shm-size=[Default shm size for containers]:size:" \ - "($help)*--default-ulimit=[Default ulimits for containers]:ulimit: " \ - "($help)--disable-legacy-registry[Disable contacting legacy registries (default true)]" \ - "($help)*--dns=[DNS server to use]:DNS: " \ - "($help)*--dns-opt=[DNS options to use]:DNS option: " \ - "($help)*--dns-search=[DNS search domains to use]:DNS search: " \ - "($help)*--exec-opt=[Runtime execution options]:runtime execution options: " \ - "($help)--exec-root=[Root directory for execution state files]:path:_directories" \ - "($help)--experimental[Enable experimental features]" \ - "($help)--fixed-cidr=[IPv4 subnet for fixed IPs]:IPv4 subnet: " \ - "($help)--fixed-cidr-v6=[IPv6 subnet for fixed IPs]:IPv6 subnet: " \ - "($help -G --group)"{-G=,--group=}"[Group for the unix socket]:group:_groups" \ - "($help -H --host)"{-H=,--host=}"[tcp://host:port to bind/connect to]:host: " \ - "($help)--icc[Enable inter-container communication]" \ - "($help)--init[Run an init inside containers to forward signals and reap processes]" \ - "($help)--init-path=[Path to the docker-init binary]:docker-init binary:_files" \ - "($help)*--insecure-registry=[Enable insecure registry communication]:registry: " \ - "($help)--ip=[Default IP when binding container ports]" \ - "($help)--ip-forward[Enable net.ipv4.ip_forward]" \ - "($help)--ip-masq[Enable IP masquerading]" \ - "($help)--iptables[Enable addition of iptables rules]" \ - "($help)--ipv6[Enable IPv6 networking]" \ - "($help -l --log-level)"{-l=,--log-level=}"[Logging level]:level:(debug info warn error fatal)" \ - "($help)*--label=[Key=value labels]:label: " \ - "($help)--live-restore[Enable live restore of docker when containers are still running]" \ - "($help)--log-driver=[Default driver for container logs]:logging driver:__docker_complete_log_drivers" \ - "($help)*--log-opt=[Default log driver options for containers]:log driver options:__docker_complete_log_options" \ - "($help)--max-concurrent-downloads[Set the max concurrent downloads for each pull]" \ - "($help)--max-concurrent-uploads[Set the max concurrent uploads for each push]" \ - "($help)--mtu=[Network MTU]:mtu:(0 576 1420 1500 9000)" \ - "($help)--oom-score-adjust=[Set the oom_score_adj for the daemon]:oom-score:(-500)" \ - "($help -p --pidfile)"{-p=,--pidfile=}"[Path to use for daemon PID file]:PID file:_files" \ - "($help)--raw-logs[Full timestamps without ANSI coloring]" \ - "($help)*--registry-mirror=[Preferred Docker registry mirror]:registry mirror: " \ - "($help)--seccomp-profile=[Path to seccomp profile]:path:_files -g \"*.json\"" \ - "($help -s --storage-driver)"{-s=,--storage-driver=}"[Storage driver to use]:driver:(aufs btrfs devicemapper overlay overlay2 vfs zfs)" \ - "($help)--selinux-enabled[Enable selinux support]" \ - "($help)--shutdown-timeout=[Set the shutdown timeout value in seconds]:time: " \ - "($help)*--storage-opt=[Storage driver options]:storage driver options: " \ - "($help)--tls[Use TLS]" \ - "($help)--tlscacert=[Trust certs signed only by this CA]:PEM file:_files -g \"*.(pem|crt)\"" \ - "($help)--tlscert=[Path to TLS certificate file]:PEM file:_files -g \"*.(pem|crt)\"" \ - "($help)--tlskey=[Path to TLS key file]:Key file:_files -g \"*.(pem|key)\"" \ - "($help)--tlsverify[Use TLS and verify the remote]" \ - "($help)--userns-remap=[User/Group setting for user namespaces]:user\:group:->users-groups" \ - "($help)--userland-proxy[Use userland proxy for loopback traffic]" \ - "($help)--userland-proxy-path=[Path to the userland proxy binary]:binary:_files" && ret=0 - - case $state in - (cluster-store) - if compset -P '*://'; then - _message 'host:port' && ret=0 - else - store=('consul' 'etcd' 'zk') - _describe -t cluster-store "Cluster Store" store -qS "://" && ret=0 - fi - ;; - (cluster-store-options) - if compset -P '*='; then - _files && ret=0 - else - opts=('discovery.heartbeat' 'discovery.ttl' 'kv.cacertfile' 'kv.certfile' 'kv.keyfile' 'kv.path') - _describe -t cluster-store-opts "Cluster Store Options" opts -qS "=" && ret=0 - fi - ;; - (users-groups) - if compset -P '*:'; then - _groups && ret=0 - else - _describe -t userns-default "default Docker user management" '(default)' && ret=0 - _users && ret=0 - fi - ;; - esac - ;; - (events|info) - __docker_system_subcommand && ret=0 - ;; - (image) - local curcontext="$curcontext" state - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -): :->command" \ - "($help -)*:: :->option-or-argument" && ret=0 - - case $state in - (command) - __docker_image_commands && ret=0 - ;; - (option-or-argument) - curcontext=${curcontext%:*:*}:docker-${words[-1]}: - __docker_image_subcommand && ret=0 - ;; - esac - ;; - (images) - words[1]='ls' - __docker_image_subcommand && ret=0 - ;; - (inspect) - local state - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ - "($help -s --size)"{-s,--size}"[Display total file sizes if the type is container]" \ - "($help)--type=[Return JSON for specified type]:type:(container image network node plugin service volume)" \ - "($help -)*: :->values" && ret=0 - - case $state in - (values) - if [[ ${words[(r)--type=container]} == --type=container ]]; then - __docker_complete_containers && ret=0 - elif [[ ${words[(r)--type=image]} == --type=image ]]; then - __docker_complete_images && ret=0 - elif [[ ${words[(r)--type=network]} == --type=network ]]; then - __docker_complete_networks && ret=0 - elif [[ ${words[(r)--type=node]} == --type=node ]]; then - __docker_complete_nodes && ret=0 - elif [[ ${words[(r)--type=plugin]} == --type=plugin ]]; then - __docker_complete_plugins && ret=0 - elif [[ ${words[(r)--type=service]} == --type=secrets ]]; then - __docker_complete_secrets && ret=0 - elif [[ ${words[(r)--type=service]} == --type=service ]]; then - __docker_complete_services && ret=0 - elif [[ ${words[(r)--type=volume]} == --type=volume ]]; then - __docker_complete_volumes && ret=0 - else - __docker_complete_containers - __docker_complete_images - __docker_complete_networks - __docker_complete_nodes - __docker_complete_plugins - __docker_complete_secrets - __docker_complete_services - __docker_complete_volumes && ret=0 - fi - ;; - esac - ;; - (login) - _arguments $(__docker_arguments) -A '-*' \ - $opts_help \ - "($help -p --password)"{-p=,--password=}"[Password]:password: " \ - "($help -u --user)"{-u=,--user=}"[Username]:username: " \ - "($help -)1:server: " && ret=0 - ;; - (logout) - _arguments $(__docker_arguments) -A '-*' \ - $opts_help \ - "($help -)1:server: " && ret=0 - ;; - (network) - local curcontext="$curcontext" state - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -): :->command" \ - "($help -)*:: :->option-or-argument" && ret=0 - - case $state in - (command) - __docker_network_commands && ret=0 - ;; - (option-or-argument) - curcontext=${curcontext%:*:*}:docker-${words[-1]}: - __docker_network_subcommand && ret=0 - ;; - esac - ;; - (node) - local curcontext="$curcontext" state - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -): :->command" \ - "($help -)*:: :->option-or-argument" && ret=0 - - case $state in - (command) - __docker_node_commands && ret=0 - ;; - (option-or-argument) - curcontext=${curcontext%:*:*}:docker-${words[-1]}: - __docker_node_subcommand && ret=0 - ;; - esac - ;; - (plugin) - local curcontext="$curcontext" state - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -): :->command" \ - "($help -)*:: :->option-or-argument" && ret=0 - - case $state in - (command) - __docker_plugin_commands && ret=0 - ;; - (option-or-argument) - curcontext=${curcontext%:*:*}:docker-${words[-1]}: - __docker_plugin_subcommand && ret=0 - ;; - esac - ;; - (ps) - words[1]='ls' - __docker_container_subcommand && ret=0 - ;; - (rmi) - words[1]='rm' - __docker_image_subcommand && ret=0 - ;; - (search) - _arguments $(__docker_arguments) -A '-*' \ - $opts_help \ - "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_search_filters" \ - "($help)--limit=[Maximum returned search results]:limit:(1 5 10 25 50)" \ - "($help)--no-trunc[Do not truncate output]" \ - "($help -):term: " && ret=0 - ;; - (secret) - local curcontext="$curcontext" state - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -): :->command" \ - "($help -)*:: :->option-or-argument" && ret=0 - - case $state in - (command) - __docker_secret_commands && ret=0 - ;; - (option-or-argument) - curcontext=${curcontext%:*:*}:docker-${words[-1]}: - __docker_secret_subcommand && ret=0 - ;; - esac - ;; - (service) - local curcontext="$curcontext" state - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -): :->command" \ - "($help -)*:: :->option-or-argument" && ret=0 - - case $state in - (command) - __docker_service_commands && ret=0 - ;; - (option-or-argument) - curcontext=${curcontext%:*:*}:docker-${words[-1]}: - __docker_service_subcommand && ret=0 - ;; - esac - ;; - (stack) - local curcontext="$curcontext" state - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -): :->command" \ - "($help -)*:: :->option-or-argument" && ret=0 - - case $state in - (command) - __docker_stack_commands && ret=0 - ;; - (option-or-argument) - curcontext=${curcontext%:*:*}:docker-${words[-1]}: - __docker_stack_subcommand && ret=0 - ;; - esac - ;; - (swarm) - local curcontext="$curcontext" state - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -): :->command" \ - "($help -)*:: :->option-or-argument" && ret=0 - - case $state in - (command) - __docker_swarm_commands && ret=0 - ;; - (option-or-argument) - curcontext=${curcontext%:*:*}:docker-${words[-1]}: - __docker_swarm_subcommand && ret=0 - ;; - esac - ;; - (system) - local curcontext="$curcontext" state - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -): :->command" \ - "($help -)*:: :->option-or-argument" && ret=0 - - case $state in - (command) - __docker_system_commands && ret=0 - ;; - (option-or-argument) - curcontext=${curcontext%:*:*}:docker-${words[-1]}: - __docker_system_subcommand && ret=0 - ;; - esac - ;; - (version) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " && ret=0 - ;; - (volume) - local curcontext="$curcontext" state - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -): :->command" \ - "($help -)*:: :->option-or-argument" && ret=0 - - case $state in - (command) - __docker_volume_commands && ret=0 - ;; - (option-or-argument) - curcontext=${curcontext%:*:*}:docker-${words[-1]}: - __docker_volume_subcommand && ret=0 - ;; - esac - ;; - (help) - _arguments $(__docker_arguments) ":subcommand:__docker_commands" && ret=0 - ;; - esac - - return ret -} - -_docker() { - # Support for subservices, which allows for `compdef _docker docker-shell=_docker_containers`. - # Based on /usr/share/zsh/functions/Completion/Unix/_git without support for `ret`. - if [[ $service != docker ]]; then - _call_function - _$service - return - fi - - local curcontext="$curcontext" state line help="-h --help" - integer ret=1 - typeset -A opt_args - - _arguments $(__docker_arguments) -C \ - "(: -)"{-h,--help}"[Print usage]" \ - "($help)--config[Location of client config files]:path:_directories" \ - "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \ - "($help -H --host)"{-H=,--host=}"[tcp://host:port to bind/connect to]:host: " \ - "($help -l --log-level)"{-l=,--log-level=}"[Logging level]:level:(debug info warn error fatal)" \ - "($help)--tls[Use TLS]" \ - "($help)--tlscacert=[Trust certs signed only by this CA]:PEM file:_files -g "*.(pem|crt)"" \ - "($help)--tlscert=[Path to TLS certificate file]:PEM file:_files -g "*.(pem|crt)"" \ - "($help)--tlskey=[Path to TLS key file]:Key file:_files -g "*.(pem|key)"" \ - "($help)--tlsverify[Use TLS and verify the remote]" \ - "($help)--userland-proxy[Use userland proxy for loopback traffic]" \ - "($help -v --version)"{-v,--version}"[Print version information and quit]" \ - "($help -): :->command" \ - "($help -)*:: :->option-or-argument" && ret=0 - - local host=${opt_args[-H]}${opt_args[--host]} - local config=${opt_args[--config]} - local docker_options="${host:+--host $host} ${config:+--config $config}" - - case $state in - (command) - __docker_commands && ret=0 - ;; - (option-or-argument) - curcontext=${curcontext%:*:*}:docker-$words[1]: - __docker_subcommand && ret=0 - ;; - esac - - return ret -} - -_dockerd() { - integer ret=1 - words[1]='daemon' - __docker_subcommand && ret=0 - return ret -} - -_docker "$@" - -# Local Variables: -# mode: Shell-Script -# sh-indentation: 4 -# indent-tabs-mode: nil -# sh-basic-offset: 4 -# End: -# vim: ft=zsh sw=4 ts=4 et diff --git a/components/engine/docs/README.md b/components/engine/docs/README.md deleted file mode 100644 index da93093075..0000000000 --- a/components/engine/docs/README.md +++ /dev/null @@ -1,30 +0,0 @@ -# The non-reference docs have been moved! - - - -The documentation for Docker Engine has been merged into -[the general documentation repo](https://github.com/docker/docker.github.io). - -See the [README](https://github.com/docker/docker.github.io/blob/master/README.md) -for instructions on contributing to and building the documentation. - -If you'd like to edit the current published version of the Engine docs, -do it in the master branch here: -https://github.com/docker/docker.github.io/tree/master/engine - -If you need to document the functionality of an upcoming Engine release, -use the `vnext-engine` branch: -https://github.com/docker/docker.github.io/tree/vnext-engine/engine - -The reference docs have been left in docker/docker (this repo), which remains -the place to edit them. - -The docs in the general repo are open-source and we appreciate -your feedback and pull requests! diff --git a/components/engine/docs/deprecated.md b/components/engine/docs/deprecated.md deleted file mode 100644 index 9905994b73..0000000000 --- a/components/engine/docs/deprecated.md +++ /dev/null @@ -1,321 +0,0 @@ ---- -aliases: ["/engine/misc/deprecated/"] -title: "Deprecated Engine Features" -description: "Deprecated Features." -keywords: "docker, documentation, about, technology, deprecate" ---- - - - -# Deprecated Engine Features - -The following list of features are deprecated in Engine. -To learn more about Docker Engine's deprecation policy, -see [Feature Deprecation Policy](https://docs.docker.com/engine/#feature-deprecation-policy). - -### Asynchronous `service create` and `service update` - -**Deprecated In Release: v17.05.0** - -**Disabled by default in release: v17.09** - -Docker 17.05.0 added an optional `--detach=false` option to make the -`docker service create` and `docker service update` work synchronously. This -option will be enable by default in Docker 17.09, at which point the `--detach` -flag can be used to use the previous (asynchronous) behavior. - -### `-g` and `--graph` flags on `dockerd` - -**Deprecated In Release: v17.05.0** - -The `-g` or `--graph` flag for the `dockerd` or `docker daemon` command was -used to indicate the directory in which to store persistent data and resource -configuration and has been replaced with the more descriptive `--data-root` -flag. - -These flags were added before Docker 1.0, so will not be _removed_, only -_hidden_, to discourage their use. - -### Top-level network properties in NetworkSettings - -**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** - -**Target For Removal In Release: v17.12** - -When inspecting a container, `NetworkSettings` contains top-level information -about the default ("bridge") network; - -`EndpointID`, `Gateway`, `GlobalIPv6Address`, `GlobalIPv6PrefixLen`, `IPAddress`, -`IPPrefixLen`, `IPv6Gateway`, and `MacAddress`. - -These properties are deprecated in favor of per-network properties in -`NetworkSettings.Networks`. These properties were already "deprecated" in -docker 1.9, but kept around for backward compatibility. - -Refer to [#17538](https://github.com/docker/docker/pull/17538) for further -information. - -### `filter` param for `/images/json` endpoint -**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** - -**Target For Removal In Release: v17.12** - -The `filter` param to filter the list of image by reference (name or name:tag) is now implemented as a regular filter, named `reference`. - -### `repository:shortid` image references -**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** - -**Target For Removal In Release: v17.12** - -`repository:shortid` syntax for referencing images is very little used, collides with tag references can be confused with digest references. - -### `docker daemon` subcommand -**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** - -**Target For Removal In Release: v17.12** - -The daemon is moved to a separate binary (`dockerd`), and should be used instead. - -### Duplicate keys with conflicting values in engine labels -**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** - -**Target For Removal In Release: v17.12** - -Duplicate keys with conflicting values have been deprecated. A warning is displayed -in the output, and an error will be returned in the future. - -### `MAINTAINER` in Dockerfile -**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** - -`MAINTAINER` was an early very limited form of `LABEL` which should be used instead. - -### API calls without a version -**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** - -**Target For Removal In Release: v17.12** - -API versions should be supplied to all API calls to ensure compatibility with -future Engine versions. Instead of just requesting, for example, the URL -`/containers/json`, you must now request `/v1.25/containers/json`. - -### Backing filesystem without `d_type` support for overlay/overlay2 -**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** - -**Target For Removal In Release: v17.12** - -The overlay and overlay2 storage driver does not work as expected if the backing -filesystem does not support `d_type`. For example, XFS does not support `d_type` -if it is formatted with the `ftype=0` option. - -Please also refer to [#27358](https://github.com/docker/docker/issues/27358) for -further information. - -### Three arguments form in `docker import` -**Deprecated In Release: [v0.6.7](https://github.com/docker/docker/releases/tag/v0.6.7)** - -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -The `docker import` command format `file|URL|- [REPOSITORY [TAG]]` is deprecated since November 2013. It's no more supported. - -### `-h` shorthand for `--help` - -**Deprecated In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -**Target For Removal In Release: v17.09** - -The shorthand (`-h`) is less common than `--help` on Linux and cannot be used -on all subcommands (due to it conflicting with, e.g. `-h` / `--hostname` on -`docker create`). For this reason, the `-h` shorthand was not printed in the -"usage" output of subcommands, nor documented, and is now marked "deprecated". - -### `-e` and `--email` flags on `docker login` -**Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)** - -**Removed In Release: [v17.06](https://github.com/docker/docker-ce/releases/tag/v17.06.0-ce)** - -The docker login command is removing the ability to automatically register for an account with the target registry if the given username doesn't exist. Due to this change, the email flag is no longer required, and will be deprecated. - -### Separator (`:`) of `--security-opt` flag on `docker run` -**Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)** - -**Target For Removal In Release: v17.06** - -The flag `--security-opt` doesn't use the colon separator(`:`) anymore to divide keys and values, it uses the equal symbol(`=`) for consistency with other similar flags, like `--storage-opt`. - -### `/containers/(id or name)/copy` endpoint - -**Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)** - -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -The endpoint `/containers/(id or name)/copy` is deprecated in favor of `/containers/(id or name)/archive`. - -### Ambiguous event fields in API -**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** - -The fields `ID`, `Status` and `From` in the events API have been deprecated in favor of a more rich structure. -See the events API documentation for the new format. - -### `-f` flag on `docker tag` -**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** - -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -To make tagging consistent across the various `docker` commands, the `-f` flag on the `docker tag` command is deprecated. It is not longer necessary to specify `-f` to move a tag from one image to another. Nor will `docker` generate an error if the `-f` flag is missing and the specified tag is already in use. - -### HostConfig at API container start -**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** - -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -Passing an `HostConfig` to `POST /containers/{name}/start` is deprecated in favor of -defining it at container creation (`POST /containers/create`). - -### `--before` and `--since` flags on `docker ps` - -**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** - -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -The `docker ps --before` and `docker ps --since` options are deprecated. -Use `docker ps --filter=before=...` and `docker ps --filter=since=...` instead. - -### `--automated` and `--stars` flags on `docker search` - -**Deprecated in Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -**Target For Removal In Release: v17.09** - -The `docker search --automated` and `docker search --stars` options are deprecated. -Use `docker search --filter=is-automated=...` and `docker search --filter=stars=...` instead. - -### Driver Specific Log Tags -**Deprecated In Release: [v1.9.0](https://github.com/docker/docker/releases/tag/v1.9.0)** - -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -Log tags are now generated in a standard way across different logging drivers. -Because of which, the driver specific log tag options `syslog-tag`, `gelf-tag` and -`fluentd-tag` have been deprecated in favor of the generic `tag` option. - -```bash -{% raw %} -docker --log-driver=syslog --log-opt tag="{{.ImageName}}/{{.Name}}/{{.ID}}" -{% endraw %} -``` - -### LXC built-in exec driver -**Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)** - -**Removed In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** - -The built-in LXC execution driver, the lxc-conf flag, and API fields have been removed. - -### Old Command Line Options -**Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)** - -**Removed In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** - -The flags `-d` and `--daemon` are deprecated in favor of the `daemon` subcommand: - - docker daemon -H ... - -The following single-dash (`-opt`) variant of certain command line options -are deprecated and replaced with double-dash options (`--opt`): - - docker attach -nostdin - docker attach -sig-proxy - docker build -no-cache - docker build -rm - docker commit -author - docker commit -run - docker events -since - docker history -notrunc - docker images -notrunc - docker inspect -format - docker ps -beforeId - docker ps -notrunc - docker ps -sinceId - docker rm -link - docker run -cidfile - docker run -dns - docker run -entrypoint - docker run -expose - docker run -link - docker run -lxc-conf - docker run -n - docker run -privileged - docker run -volumes-from - docker search -notrunc - docker search -stars - docker search -t - docker search -trusted - docker tag -force - -The following double-dash options are deprecated and have no replacement: - - docker run --cpuset - docker run --networking - docker ps --since-id - docker ps --before-id - docker search --trusted - -**Deprecated In Release: [v1.5.0](https://github.com/docker/docker/releases/tag/v1.5.0)** - -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -The single-dash (`-help`) was removed, in favor of the double-dash `--help` - - docker -help - docker [COMMAND] -help - -### `--run` flag on docker commit - -**Deprecated In Release: [v0.10.0](https://github.com/docker/docker/releases/tag/v0.10.0)** - -**Removed In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** - -The flag `--run` of the docker commit (and its short version `-run`) were deprecated in favor -of the `--changes` flag that allows to pass `Dockerfile` commands. - - -### Interacting with V1 registries - -**Disabled By Default In Release: v17.06** - -**Target For Removal In Release: v17.12** - -Version 1.8.3 added a flag (`--disable-legacy-registry=false`) which prevents the -docker daemon from `pull`, `push`, and `login` operations against v1 -registries. Though enabled by default, this signals the intent to deprecate -the v1 protocol. - -Support for the v1 protocol to the public registry was removed in 1.13. Any -mirror configurations using v1 should be updated to use a -[v2 registry mirror](https://docs.docker.com/registry/recipes/mirror/). - -### Docker Content Trust ENV passphrase variables name change -**Deprecated In Release: [v1.9.0](https://github.com/docker/docker/releases/tag/v1.9.0)** - -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -Since 1.9, Docker Content Trust Offline key has been renamed to Root key and the Tagging key has been renamed to Repository key. Due to this renaming, we're also changing the corresponding environment variables - -- DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE is now named DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE -- DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE is now named DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE - -### `--api-enable-cors` flag on dockerd - -**Deprecated In Release: [v1.6.0](https://github.com/docker/docker/releases/tag/v1.6.0)** - -**Target For Removal In Release: v17.09** - -The flag `--api-enable-cors` is deprecated since v1.6.0. Use the flag -`--api-cors-header` instead. diff --git a/components/engine/docs/extend/EBS_volume.md b/components/engine/docs/extend/EBS_volume.md deleted file mode 100644 index 8c64efa164..0000000000 --- a/components/engine/docs/extend/EBS_volume.md +++ /dev/null @@ -1,164 +0,0 @@ ---- -description: Volume plugin for Amazon EBS -keywords: "API, Usage, plugins, documentation, developer, amazon, ebs, rexray, volume" -title: Volume plugin for Amazon EBS ---- - - - -# A proof-of-concept Rexray plugin - -In this example, a simple Rexray plugin will be created for the purposes of using -it on an Amazon EC2 instance with EBS. It is not meant to be a complete Rexray plugin. - -The example source is available at [https://github.com/tiborvass/rexray-plugin](https://github.com/tiborvass/rexray-plugin). - -To learn more about Rexray: [https://github.com/codedellemc/rexray](https://github.com/codedellemc/rexray) - -## 1. Make a Docker image - -The following is the Dockerfile used to containerize rexray. - -```Dockerfile -FROM debian:jessie -RUN apt-get update && apt-get install -y --no-install-recommends wget ca-certificates -RUN wget https://dl.bintray.com/emccode/rexray/stable/0.6.4/rexray-Linux-x86_64-0.6.4.tar.gz -O rexray.tar.gz && tar -xvzf rexray.tar.gz -C /usr/bin && rm rexray.tar.gz -RUN mkdir -p /run/docker/plugins /var/lib/libstorage/volumes -ENTRYPOINT ["rexray"] -CMD ["--help"] -``` - -To build it you can run `image=$(cat Dockerfile | docker build -q -)` and `$image` -will reference the containerized rexray image. - -## 2. Extract rootfs - -```sh -$ TMPDIR=/tmp/rexray # for the purpose of this example -$ # create container without running it, to extract the rootfs from image -$ docker create --name rexray "$image" -$ # save the rootfs to a tar archive -$ docker export -o $TMPDIR/rexray.tar rexray -$ # extract rootfs from tar archive to a rootfs folder -$ ( mkdir -p $TMPDIR/rootfs; cd $TMPDIR/rootfs; tar xf ../rexray.tar ) -``` - -## 3. Add plugin configuration - -We have to put the following JSON to `$TMPDIR/config.json`: - -```json -{ - "Args": { - "Description": "", - "Name": "", - "Settable": null, - "Value": null - }, - "Description": "A proof-of-concept EBS plugin (using rexray) for Docker", - "Documentation": "https://github.com/tiborvass/rexray-plugin", - "Entrypoint": [ - "/usr/bin/rexray", "service", "start", "-f" - ], - "Env": [ - { - "Description": "", - "Name": "REXRAY_SERVICE", - "Settable": [ - "value" - ], - "Value": "ebs" - }, - { - "Description": "", - "Name": "EBS_ACCESSKEY", - "Settable": [ - "value" - ], - "Value": "" - }, - { - "Description": "", - "Name": "EBS_SECRETKEY", - "Settable": [ - "value" - ], - "Value": "" - } - ], - "Interface": { - "Socket": "rexray.sock", - "Types": [ - "docker.volumedriver/1.0" - ] - }, - "Linux": { - "AllowAllDevices": true, - "Capabilities": ["CAP_SYS_ADMIN"], - "Devices": null - }, - "Mounts": [ - { - "Source": "/dev", - "Destination": "/dev", - "Type": "bind", - "Options": ["rbind"] - } - ], - "Network": { - "Type": "host" - }, - "PropagatedMount": "/var/lib/libstorage/volumes", - "User": {}, - "WorkDir": "" -} -``` - -Please note a couple of points: -- `PropagatedMount` is needed so that the docker daemon can see mounts done by the -rexray plugin from within the container, otherwise the docker daemon is not able -to mount a docker volume. -- The rexray plugin needs dynamic access to host devices. For that reason, we -have to give it access to all devices under `/dev` and set `AllowAllDevices` to -true for proper access. -- The user of this simple plugin can change only 3 settings: `REXRAY_SERVICE`, -`EBS_ACCESSKEY` and `EBS_SECRETKEY`. This is because of the reduced scope of this -plugin. Ideally other rexray parameters could also be set. - -## 4. Create plugin - -`docker plugin create tiborvass/rexray-plugin "$TMPDIR"` will create the plugin. - -```sh -$ docker plugin ls -ID NAME DESCRIPTION ENABLED -2475a4bd0ca5 tiborvass/rexray-plugin:latest A rexray volume plugin for Docker false -``` - -## 5. Test plugin - -```sh -$ docker plugin set tiborvass/rexray-plugin EBS_ACCESSKEY=$AWS_ACCESSKEY EBS_SECRETKEY=$AWS_SECRETKEY` -$ docker plugin enable tiborvass/rexray-plugin -$ docker volume create -d tiborvass/rexray-plugin my-ebs-volume -$ docker volume ls -DRIVER VOLUME NAME -tiborvass/rexray-plugin:latest my-ebs-volume -$ docker run --rm -v my-ebs-volume:/volume busybox sh -c 'echo bye > /volume/hi' -$ docker run --rm -v my-ebs-volume:/volume busybox cat /volume/hi -bye -``` - -## 6. Push plugin - -First, ensure you are logged in with `docker login`. Then you can run: -`docker plugin push tiborvass/rexray-plugin` to push it like a regular docker -image to a registry, to make it available for others to install via -`docker plugin install tiborvass/rexray-plugin EBS_ACCESSKEY=$AWS_ACCESSKEY EBS_SECRETKEY=$AWS_SECRETKEY`. diff --git a/components/engine/docs/extend/config.md b/components/engine/docs/extend/config.md deleted file mode 100644 index bb6c7f2ceb..0000000000 --- a/components/engine/docs/extend/config.md +++ /dev/null @@ -1,238 +0,0 @@ ---- -title: "Plugin config" -description: "How develop and use a plugin with the managed plugin system" -keywords: "API, Usage, plugins, documentation, developer" ---- - - - - -# Plugin Config Version 1 of Plugin V2 - -This document outlines the format of the V0 plugin configuration. The plugin -config described herein was introduced in the Docker daemon in the [v1.12.0 -release](https://github.com/docker/docker/commit/f37117045c5398fd3dca8016ea8ca0cb47e7312b). - -Plugin configs describe the various constituents of a docker plugin. Plugin -configs can be serialized to JSON format with the following media types: - -Config Type | Media Type -------------- | ------------- -config | "application/vnd.docker.plugin.v1+json" - - -## *Config* Field Descriptions - -Config provides the base accessible fields for working with V0 plugin format - in the registry. - -- **`description`** *string* - - description of the plugin - -- **`documentation`** *string* - - link to the documentation about the plugin - -- **`interface`** *PluginInterface* - - interface implemented by the plugins, struct consisting of the following fields - - - **`types`** *string array* - - types indicate what interface(s) the plugin currently implements. - - currently supported: - - - **docker.volumedriver/1.0** - - - **docker.networkdriver/1.0** - - - **docker.ipamdriver/1.0** - - - **docker.authz/1.0** - - - **docker.logdriver/1.0** - - - **docker.metricscollector/1.0** - - - **`socket`** *string* - - socket is the name of the socket the engine should use to communicate with the plugins. - the socket will be created in `/run/docker/plugins`. - - -- **`entrypoint`** *string array* - - entrypoint of the plugin, see [`ENTRYPOINT`](../reference/builder.md#entrypoint) - -- **`workdir`** *string* - - workdir of the plugin, see [`WORKDIR`](../reference/builder.md#workdir) - -- **`network`** *PluginNetwork* - - network of the plugin, struct consisting of the following fields - - - **`type`** *string* - - network type. - - currently supported: - - - **bridge** - - **host** - - **none** - -- **`mounts`** *PluginMount array* - - mount of the plugin, struct consisting of the following fields, see [`MOUNTS`](https://github.com/opencontainers/runtime-spec/blob/master/config.md#mounts) - - - **`name`** *string* - - name of the mount. - - - **`description`** *string* - - description of the mount. - - - **`source`** *string* - - source of the mount. - - - **`destination`** *string* - - destination of the mount. - - - **`type`** *string* - - mount type. - - - **`options`** *string array* - - options of the mount. - -- **`ipchost`** *boolean* - Access to host ipc namespace. -- **`pidhost`** *boolean* - Access to host pid namespace. - -- **`propagatedMount`** *string* - - path to be mounted as rshared, so that mounts under that path are visible to docker. This is useful for volume plugins. - This path will be bind-mounted outisde of the plugin rootfs so it's contents - are preserved on upgrade. - -- **`env`** *PluginEnv array* - - env of the plugin, struct consisting of the following fields - - - **`name`** *string* - - name of the env. - - - **`description`** *string* - - description of the env. - - - **`value`** *string* - - value of the env. - -- **`args`** *PluginArgs* - - args of the plugin, struct consisting of the following fields - - - **`name`** *string* - - name of the args. - - - **`description`** *string* - - description of the args. - - - **`value`** *string array* - - values of the args. - -- **`linux`** *PluginLinux* - - - **`capabilities`** *string array* - - capabilities of the plugin (*Linux only*), see list [`here`](https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md#security) - - - **`allowAllDevices`** *boolean* - - If `/dev` is bind mounted from the host, and allowAllDevices is set to true, the plugin will have `rwm` access to all devices on the host. - - - **`devices`** *PluginDevice array* - - device of the plugin, (*Linux only*), struct consisting of the following fields, see [`DEVICES`](https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#devices) - - - **`name`** *string* - - name of the device. - - - **`description`** *string* - - description of the device. - - - **`path`** *string* - - path of the device. - -## Example Config - -*Example showing the 'tiborvass/sample-volume-plugin' plugin config.* - -```json -{ - "Args": { - "Description": "", - "Name": "", - "Settable": null, - "Value": null - }, - "Description": "A sample volume plugin for Docker", - "Documentation": "https://docs.docker.com/engine/extend/plugins/", - "Entrypoint": [ - "/usr/bin/sample-volume-plugin", - "/data" - ], - "Env": [ - { - "Description": "", - "Name": "DEBUG", - "Settable": [ - "value" - ], - "Value": "0" - } - ], - "Interface": { - "Socket": "plugin.sock", - "Types": [ - "docker.volumedriver/1.0" - ] - }, - "Linux": { - "Capabilities": null, - "AllowAllDevices": false, - "Devices": null - }, - "Mounts": null, - "Network": { - "Type": "" - }, - "PropagatedMount": "/data", - "User": {}, - "Workdir": "" -} -``` diff --git a/components/engine/docs/extend/images/authz_additional_info.png b/components/engine/docs/extend/images/authz_additional_info.png deleted file mode 100644 index 1a6a6d01d2048fcb975b7d2b025cdfabd4c4f5f3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 45916 zcmd43bx@UE)He)x5RM?JfJle5lt_rQlp>N6($cM@(x9NyQUU^sbT>#NA)(SC4bm-w zNPg=w?&o>uo%!bb^P4&MJ;U}~wXeO`TEAH5*`3>RXU|Zc!N9;cs~|6?8mEj#}{hMznYINBu?&oe6G$A5M8Mr ztp2%?yOZk~NktGSO(E}t`um}Kj_Q>uvLRE#Vv_j#d5(dNzJ`Sk$N2q`=ttiPm#IZt z{P`34KQ{W{zd!!}_0JMA*zHq|{>*G_?Q1M*>9Dh#VM&LRcFg&rSx zqV8j@3jHsWhM6dpm8o)fUw9v_7<@n2sL#1iD7KdpOnpr=U%!@JyZC-ld^Fc=n`(Vf zM)_vzcntLu*&9zJ`cVqiE^F_shw^Vnd;OY=O}q7q&(Hq!q}M^-d*1oauSeN#GtfA# zk7;ij$t%$jUG;sZpjTY`IUxJC_u*EcN>L!KmzLE~zAaVT!R<_nr_a?GDsE&_@Fi0) zP6ZiKT(Jn3mgzU2sByQuS+|h%I9TZ5=Z4@6OjFa=YRMOo=jYgFK8Dl#&*oRJKRBG@ z_I8}AvEDoSIXO@!_2i5&pJ~T8x6MWzY6I`1vQ&e5FZPXG?Gj3b_pTduQ9oglMuoy& zCkj8zwnkoMpS!nhmFGdZ$xQRJ(B*-gYj@1vJ1tQaX2DAceSOW9(*3ISU{|5!cH?dv zt+%?PzS}hR?0d05y!T=k_|2RWuepBSI^6zp?fH3*`3A?ij%ezK^Ig0h-Pc%@lbn96 zj`T%{dwa>naB5Q#iXRr5w1rX=e8P0zWwDv48NsZ6LB_Q#pDb3(sGKAk`rdg(gp5-w zoc&h>qa4-vd*_GWI%B^?2tPE_xU{U2DtlIg`{84{qUgQ#VN{3O#X6@YRZ|m~C5;oz z&gl<<*Df2><)&uZ(j6Yn&FAaieo{^4_T0Wj_Aoi_AbG-jDJ?cpaXVJIGlomUYtLZ3 z(8xd4X{mSFTTob7doH8%1DPk$TFmvwE<2JshbOe6Zrwd;H_7GJ$Ev7d(LNOY{*f`% z`*=I~_U=>zZNAGodH(rc8>fqld3JaPHqKth<O{E%xZw@1v&Si_61$gmMUD=>Y9uD`AKSVZ);YO=~aOVtu2P{+n;3-nzPj= zq^!!r-LRq5JxbRW?`9|`52jQ4bsHROR#xT2suU(rD{t+Dw9#JN`J^&**M3L3o1ONk zTgD);yZhJ9VvqEIL@bVD@X41emc5x_p?8b#E6Dj`VXKRb5&m!w+Q%cmOmXgT&T7cZ zNWHl&&e>YFZ^qct{jSbU-k)lV* zTNPn%C^&YXL{>-d4t5*X^Y{~RrhF+$*>*De@*=JBezPuz6q>?|e%P3k1dY-sr|Py^FNW@{3|+gd_x@e} z!J}b1>N=H074qPY#Tp0x?nch=&9Fk3H65ID0(Di(d&jsWN6G;>XZP$z%RlkjjR`Rl z2ESk2{L!a;alv{ZdrqswEQGy8JxjIK{o!M+kd08K6j68qcEbTZ5%ouF_MvQQ=|Wb6 zxt59cJ#U}n$J5In&e=ansD5+-yLx2noWZ2qVUgodzFz3hN$<(b6*cASb9>)AxzE0_ ziw^U$cx$tX>V&N)a=aDhok?jyQ#tWYfs{G!OQP^><-vOO*^6h$FRu>QKCYN;4Y^2g zNK1cN3^p(y>!OFpj$HLFUMfR6wSn#Qi@bsIUVMLBJhk(|dIn>kJkO<;zhqI?Wc*4& zJhWzeT)+L3#)e|btZms-c6)1}?M~GB1E;#i2Nho@%;t|puZ_{+cV=axNydA|Y*z+y z78*j()BRa$trh76)FMKX-Gq*~q(>oWhX|JDhKbt8A$#>ly9x1pjRM=Jx;t>6o!2Fx z5;8pGf7565aesejr6Xyh{$v8P(U@SiElhC6`+Gaf{7nLHnyW<4B4bq#km9;|J0cNy}-r55^xow;zzj zB^tk6P=EYhjaTzm9BuqY?aw4NeIcI7;7>IWvyRQ6T#jTPRI$fAio%&1dy5V6QJO8T~s7rs(4oNw&7KK${cDNFc4aJ^?&w&$A} zyRzC(u>4)C=$OU%YA)UgN&aZl6f&wI>PDEp@kOIUS;FE6x^? z-S~TE@uMFv@6~x|6VQleex4pjn|8)%9PFvRce0GGcVzIP<|v9pD1^HXtjq1S1ybu8n#%bC+FPfSngyMl&03W^N?PvBi+_( z5*&97vHIivoQ^cO&)c5N(ogZfckzFrU^Z09wcc!@-GaCu@0uBURMexU-S{0-&HjyQ znqsTz_G8Pgs|z0^J_My62;2^MXq&M>p(Y1UV|1#mYa@@C+>{(TpmwMCq z*VVL^o*2&2thSTo{AB(%Yfp>US|?G3GddBmn40vpX~&~qbEGRlP`R-8G&d&9L4wXY zo=TDXwwWbtI-?AIzaUaK;g=cYSEh}ucNJZKPN24>hglm+{pZ@|Q)qMd6VK~9Y&Txh zxFdM9@ z&)XYnrlw-9@T%2^Jh$YqysOeWL}geGVU|=Hzw^FO8RDbcbMkHx822u;FTZf2CbH-i zGVAc*Z25%Qfl*F=#)y|*hC~HSRFUv-Ic_O|2z6cQEC2bl`Y4?$oP=%O4V(u^+{Lys z;2HC`w0C$WLo2ZTvz&H-n55=)nWX<|D|IH5*5HoYH9rlz;&`8a8YwXs+}%pQd&pRQ zAbPwv8_92ed#6>LN$BBxaK!BmNLw-+l)BqW1cYkTc9V5^6ZI)!MPccZ+oEC{LKW79oZM>U8E(-R)DA}A5 zIV7#!Y{DysP}?Z|9s(#k-jRgl<3)$#L-$&18|7p%+f|b`E02t3Nt!rp&N|7e(+?*d zS@J!$Dw;l(t=^$NDDKe}Zv5V!C|uIET04?<5Sh_DJx^&>h1L zIK8w?y%dESx5y$JrRU*tPJv>**U>kBLa{q)bVNdrhM~;VGxiEHj57X`bX_E?XaEb7 zrHgQm*88w0j=eV`Z`iN+((Oc6H?Hq3FUYaWy|!A&t-ikVI@)KyDf({b!7`rYaalX3Equj=e#2 zyz3Re>5s*p@5culoxvCQQO2n0c9vvy-EUjNCSmPwZ@jp_|6^%6dUe^alQ!6R(TBXG zanhva`S}hxspKJD2x4WU6xZWK-HX4AOVmNFs_xuP=!CCq6=6sw3z6|nFs-=$?#5)n z3xaksMm}7_zDh?ENnuEQC0A_kC$+UDFztMr8+V;Ne|^S?j3%yFssUFqS6^ zTLv&bd8wSDQPeSDcf`>B=s?lDqWnxib+rg=vg(@!U$m>fXf2t%DOMg`+8DH3TPqmP zntAd`Z&0bVZbBMM*{tT{t;fA4ujrZ}y=3cuOZ$>gq1EE6!69<5_R+waj!O*==1ts) z!J3Zw;UW_P&N;q?XP%rlTkv`c?Y(&8&+DEhq)B8qcqpuem3wO0uEjwPC_vi)r*fh42NZj=S&#j7%PinPJBl)_@ zTY1AlqP2Oeg&l1*Bq(kUr?ZcqVCsLqPoOoP`YPkyJBrxCbNb0`FP4dNAC&3V^RO?N zwdv~a8C#d-N%fG~Wg8}bZyg_#+o^u#B<1>(m*c15>#&u<4$oFA+7e@f%t~Ebd;W(8 zKQG^PnHDYogo}WRypKNR|HTv+B{qp?mqo3<}UUF>%+W3}v!+a0E z$^ZKHQn}wkCW7Hcl=MX^MWZhZ$=>-k{ktgy_O&}Pl)S$7vQN&OZ_e#E=-heL(}b=HqOsc@BV32x_V&wbFhQ`mPk z(E}?lLnGg1h1_>=^sY#CnFih1^?@EJAk=68m1rJlv9504ugKVTv9?!s*%wJhmCbUf z*4%5`c+lXD^&xOxgJnxq++b%9iqdGhhC<`^NapCmKFdNBxfhdwRXe?IUm8Lm{%u_bi0U2D8)xEB_HOGbkY`631^n91a87 z8ok*X92KA66`tuMj-!0&X{7yw)2#guL-S0kK~s$B8P;{3oo2j+!2$zrH*-7>olOS* zy&S{+(_(^?-Y3^vC=cmOpwG3 zQ3{p&Z33Z!>!3O7P!{k_2L4E6kJ%SS$X$XgRZlr15C_8>7F(Q@9Wu zL6VWDt@ih#gq0_iVr? zg7^pCZpg5WWZ(yS^2_&v(6b{$#&2KQSl{Q|aUPYzFEaW;kLJB&Cijm}GkgtG5kR^Sh!qLnC{QPZ2t{N-GUd=Eb)r^9}DN>495(<;>G?qAQ1$#TmS`Y z3FF^aMpAg&$FEt0KmGR$M5Yjz7xPRc(J51x|Cqf&I7Z97_1u30^p_+gNsLpvLjTc$ z4I-FlNLISy{QeElHN#tx!jBsH`=T+>S}gG1USClAyUsDt0deqVgM9g}{e5qAm@6n7 zHu<`fZ*Et8!H3A_dzTLp0 zXX!4rR2x{JdAwQ_KDV}>)B~GGkCkLYsn~!tMUxzU zID~`?)S3%Iz0%L7>-U<3~m&gnk-Nb>Afk*2&C{j z+PTZDD!#wSs9kCifmD7m-|yci*_6RBuz+1$P)Fo>{A=OCw~xfBC+>=~D;})t7l5`* z9(p`EWZ=yuXg3xPsb1uj$?-|!lhF$MPADYjXixS6_g6xXYYNGFy{GlT+s(Xa^FYHlhMcRn}pjL;ztUac{38b`5xJzDXF`2!QRwD2UHjU!02xKa=l!|beOYEu z;l(P8AE_%%-bxl5pA}aIj`ZD~H&T8^o=^8K`KS~(`r~xMZvEB~&9R(LIVoVa#&E+B zYX8V-AWmG{w5TevdW&vSNzX3oh;G`6^R08&FJM4T2==C%0EKXbOXxBE?NQonauV^O$xeayQs;++Y`Fi{4g(R_qA@UzcjR*bqcc_)IUZh+>ROBY*q zy=N~QF`*xWk5`HH&}Ga1%!sKIT3d&y2FwaV8|7m%irNpJn3lwcRpy4MG}n!Z?2QJw zq|i&y7iLz4uNk zKYMLPiqX9%K#+Fie=W0Kv6y*OU}hlL&9oY7i+biY^@00?t`8|=^9`sIYHsl7Pq$)7 zV$%C39OH4He-b=(V27l|5_2yK4>Q%hlsT9CZ8Wu(6LCXhyTEffbo{e+HbiZ;c6Kn!ckPb`v6 z?b0hD$G1>JOY{5)5mT-A@)UO4Oo@LaWAI^9$U}GYta_kyAb|qRxas$A?W)=8Y)hjR z1wejDrYj{}0tTsm>Zu*U@ehTE9_u)A7^#f7)Yn|pbwyW+d0L1pHW!jGRjMD%Df;qr zc`S6_-Qqdf9ksts_QI0+)?MTG*nXPcD&ON8K0O()cFifd@q*0x;lNk6A9{!O9*0|P zR#6vsTGiPT9rZTK)*qM|xXLm6eip{UXP|h8tM@TkT>Pmh6@-JrsHM~}vFu*G+D95` z)}!TlB4S>Ll_Klo)fFOM5CC3(*DEr9A~Kn!#xm;x#P2{=M$)4Wp}^P37J9t_kK^bC z1oHA2;OLNtZ@!`hM(>QwDT^`6g*xHWhz=)bdbI${9XuoIb?8>G_4vo)o0+_ORjMu4 zW0ggWKp1WT0uW9EO19{^x!vrY9}x(%KQ~%vB;5wwc`#qH_p!UP7jOivRr8+`avmal zk0Ze~&}CE>Xdf-o&(=hXSu&k5X6aue4`35}`Sin}ZiSujne*)5J||*1!Y8am(GCtP6p(s z>}^8PO&_r}huXW=1oJ0KGA^zs0(@v=7OEo_+=p@f(+$#3IQw$2?cv!axE;8SY$?PH876@*NJN5K7F;DadLuIT-8jTRVqJ85cKL~!M6tEJy z5Zpt8y7h_<^;M3C-IxFoBSf0r@ds8MfI-UC3y!BV)bfDUw>-+2Zqqdl!CQmz`b9xI zbv4wy_3BGA%IQ&{zchyp&z)s7#NE_DD$8Y#M?aXT$PAvtrG!11!xxR^i>5q1;?2*`qS_B0Z52 ziQ?2&-N??XQ<$1=frpO0toOhw2XbWg?8Al6?Xc|LH8V}z^-G(@rC655)u8n)z{E-{ z_=L%D5tGB0Xet5Ygyq&+C7#1i_ zE%Z190HY^tiuWess_j>GgE*q4&FK$M;~HWw4;@cO^?29cdR2dC`h`KA$1l_g3sGy_ zXZ)*%a~F>by1W=flsQ$qPw@5=GxDtUhKH_4Jg?s_CuVZU^`nEF8fKVRo8e>6O`+77 zSY3cIiGkYlsR1UNCRKVQ!9T;BN;$N2zH}^%0JHYn-N~-0jIG|A+*z)Ji*qBJ^u2^0 z<1xOw#L90+hH#T<8n;T%NFB&F(za3!vwXVJR6?jy?eXhDwD6(O7}x68u?(Y1*U6=Mo+~~*b7w_W|O1lEpwC6ek*li+0V@pI!Vptc6@7?XQcw8#f8bmLBA8oi# z#+bc#l`z9($cOu;gKDcf9hD&Qj~|INj(wK*u+zk7pL0!wUYJi+SkIA+K7TWikoNLM&35Q_vNnge)(uKj8>bq?aR)yioT0#K z5!A$`zV)fHZv1?X$z~qz@oBBMmduOZsvMRSf}$uM@sOn}xjYgVO*&2)qr9Xj%mi_Q zW9S#{Ur(c#$ z&R4JnkB^TIIzeze^m-OvC3^kJ#?q*d@a3N$q%jy!f(yJRt*pss4p%Y!Tx4Yo_;5Jc zJX#Y(F8=cZ%thbrXRE~*O!RENS3VKg-D;oO5Q_?ZI?wZX*Jg*({)hKngL4l>*8`I< z5i2V7=&Nk7qR9^hDO_2fwRYbK?a6X8AH?0mWa@6GZNBN>Whzo%vz;8*=nP&8}XQ$w6!Siw;ZP<`+ z*gE&&ty{?yC}tZu`mN3$qm7%FYI+21hEwdWQk1ue<41`n_GA5;$Eqfp;;c6NM7bk& z#w$mlFwg^s(EfUTSOj*k&9p9gVhX*)rcZ+vJL<x!Un#tu4m5t{jkG=h0UOt6(V=zo0CZPzLcJa8`e2Qjb(rs8m#xUU2q|WAJ z60PO=_BY*n%y?v+nO@{LsoX>iZiSMK6&5{GXV9UNQ?DBP`ifhyr5f+I)3We%3n)92{igaPb0467W&o`dy%5KLz}{`G!>m+ zpm!o}8jvf!p07LhuKr;CS|gu9|0z!r-CP%+J8XCJ6Rk;T0$*XE(0=--SF(hTT=Z*l z@jY?Xyol)Bo?v)=$GZ8RS0m^kCTY3b9sBW@ZZCGCp?&YhKC%Lt}pFRpOwu z-51QdCIu`gGhWSVqpvrWm6z@n`jMo{QW%|SAw0kA;XhJ*f|BMIwX_wGB1vNByZaj# z`pOeEuoCIFW7HEr^hqX{`tbDZr;I9PtlKD?Iq8}E7YP4=U*qQ(6UEPm_zZh6C&K(9 zNcN%((-@nBex1$d)!?PPNDMHTxUowL`7+%x+K^J_feg?m>RIsRexA|=4%<)dMPFaOdV_kiwr_QLEw^IynLR}Rp++2x?;(Z6%z!8sj! zf^$)S5qtAhK;y%9;yTKIc>qUAIOpZ~i0Hq7-FFxP;KM)?VI9t&wg{N(Gk-(8kY<6a3h)*2o6iSf3DLCE9s=5EDa3?tW2WD7!bMGnA_!VHxc@M(F zqCcaqZ4rhl*PPyEJ}9-R`B`SDP*QOEX801Ll8+cu#HG*Q|06n7iGenH62S7`00T19 zz0KM*{}CPRFp*i|oB!r9T;d&KNQxKg{EzvNzX8XbCrSE``3SlKb1hG5?*1Rqkp)xv zPO6FYzkvv3vMpyg!~P>W&ciY4@^1gbeDuO>Gbkm_{l|Q~V~~)HJcCvq4rxfc8T$>; zl?(ri-9J1?KsYQJT%-LC07UnS0RyV{Y;rV%xOZnkx6F!JK|#Sz94f9<}b z_L_fA)Q)`l(iCdEtd7tpq;2DMI~Wpi#0gGdy-iH=_mZ z_1QFY^KqR+;*b+bq zK*rMPw_j(^0KF;yVBs^@TxV=7zygY`p*&p{jcoM@QTOlizy8q{<8Gs!Euh*q z48W${3r`u-E-^#PYKvmuA~t$=AHYr|z4Yk|eD{OiDJSb^Yv!?o6D!)XFTEY8pm*R< z@;fBv5m5zNN?Dt70sI?tyvoC_-@hpcoB<$DgWxTRcQTAltHUa+if<*8OyNZ`iTFA_ zBcSWu;Z}VY1aw+Y)-cduBGiF1hTvPWT0W)5`f)OWsAujxxBk5~8d0}9q14wdIW!GS z@2-tnEuZdV0fae_F;I@!UE1bP-D;zA>nzc)eZ=Rweox@}_Wnu%hwkK~6)q5fUkK*} zt#TXG-P0+xpx2SO@$L?p)bD^rM@9dv?>2^aaItCUnPxw6V-y9QJ`tS|yGAw>u(5(- zaUG59)VV)?{j5J(lR4WbglpM*m~jpKJAIY;)T*^}Xcqn9_{hk&>AoPgaDu^!KW5*m zI{4OyniA7aGG;{~RT8uAuHPZ}7VNxRJe3EuSQPXPR*7iROSsM0C>#&P)-c+FL%Gk1 z!l|>`nVaOBx&{PNnqi}#D)_Fl4C?C; ztun94*Sif?adZjWp(@x+vQ(vHU_x*3=mltqSr6u_j*uktt zOe&1#`aAEFV?MC6I8!|nKgS%A(#3~FyD4u}B-NwH6Yqr?JNy1jl?T8dT@Ze7e{A3r z!TF|aD$a!gZr2ijCEu@8BG&^{D23Lnl1X;cB-;7(-k}Q%WFY|J#bC(E`!Rp~;i%-p z$m}>?lS_pT_X&YeH=N09@%%bE?gm=(BJbY-l_b%`d2qB|y@ARRq>xfhfhq_~ZpdvO zPo>y#R(8iL$}Qh~@iETB->d!vmnoP|A@=g?M`z!AYf-#FsggSEa4S&zoBxT_Sj^!( zeyGWrt;cNmOj98~89jt+W6xtN_3AuEbjfP|2n$3QnET-Jbt+w+yV8XEzTADo=e?th9G2+s|^GX1gdW8$?xColpkpTwm(f*a%J-OeaB#)8`2 zcuw8&TM$0XD2hPz7GQ8(`zkPd4`jdlz`6CND_s=!+%I)n?pHAToM?G3`KoPv6uX8Z z#Dq(bI${yx)VkVrBL-L(1>jxNJbr!WGik+lreWl$dN3E+lPY%;?jy~j=dG*=I4_vK zR@ieRu297n#IM01+YYo()MY&#voA@u!$n|mj5Ywbs`@d|iNyUM?j{*{?nL+J>E3-X z-^B)Q%a_kcS)PBGCbD;-eDWah&-!72iDmE;E`D+g*hx^q8C}PnV-f!%B9E&sUS@7S;{MS#8`;%pi)&EidcuO z50||#Qs-H{I##7tw>N_)Nu_K`_o?dP!aE4?y>Fy(%IXapv6hAkk`FgO5GsmF_(*)C zn}FE_nd1hSeO3j&K$2v;mh3izHYJ>4B;=|T9m!hx%=KqY+=o>z^Yme}Vx#{fNJUmr zr=HCC9s~2584(~6LcwbsV5t5UOg&cbrV%&Hgqg_wk3~KYtAhko@H*SBf@~z;KR3^A_D=xy^`i zf5PwOWXOWGw0a-k7M+A4D>oIO1J-Ls{#!2$OQ)gozWVuIa#vXTu1F(W7Iq9;E6Tj{T*mWVjC-@Ufm{ET$D(Xvh}Pe;HR_u@3Ue?$nlCO_8x zoXA;T>f8lSUG~zYhe>f>O&^~TXs)e-)D%o5tjbbxM7D-CT@Ju=>1$ce73;xUz;C6< zB(H^J_`dNj? zagBGIsSGoO^M2`wu1n+laRu}P`Ng!!xI9_!Evgyq%z#M}WCZmc@0eSD`s|w!%V2~c z#UY}R+B0OwCVUIEkpjT>=!eU|9Q0rLeE4fSIxO%r9wS|xj&J1_86@X7bW;v)YhoH0FX%P(u4lmK+rdp-Qj<-a&HTXY-CI1*IiJb(GiT(Q@0Dz$3bS zDgkCATZ}^3@Aam+`@(D2cfh@htp&H?I*>i3{RAZ?7dJXgjwY8Ba*8LCQ!=>x%2ABC zo1{RcFgI9H1OYk5j1nm;V=3MZSBS9+a{J(SQn61aQ zg0iXMJ`SOx(5I$ycnPW@&k;vl(xYWIjnkSFh;C)okE*+*wd6m=rW_nVr;N*e>l31y zeII-HB`a(sUFK_>6=QI`l%s#R1Jv_h2?PJn<1eZ`QPk3?lda#$BGmgujqKkuxW$ye(fBSx*=xX6z56JGRdS-_>u%$UcO`uDDKaGXbD6|u`+zE?@- zW=ZDd5b^t7SEXRx|30r8%2*>9338xE(IMRiPzki0dq@dsnP?Ioa;Dl-yPAin!Fs4D z{!$E;mJz?#N+z(a(2*d#bIRXH;sYm=`{)d@5{uCk)TEc#F}>48KtH$f$H}n-e?9{e zIqM@66BBJNj#}U%lWGAE6_2W5nqu*V?cMo(uCq2YoT_4^mPzh{M^o!bnXb zd?Zt3o{=EI7|azf97F%+szyMH=ulcU7FNt#-glyyEM`l-!h9LgLkc6y?YcsY3xiS| zC801Ffz%dky__tU(RZSnO-qVZVNit*2C)}8`Rd@C&37LcUxmRQc;CyzebLWQJY$D|gyL%KwmnJlavmQJWt)S{{JSfBxf3%W?2W2;#*qM1bDh5|OQP(<7)s4LijB-R8w**>n9vlgxW zXt@#qRVt(=c=zE0mESwS$w;!IW;QD~|B@7PLD!NMFcO?XW&<*tA#R{n7D)=dIR zr9dRuqi_EDK4;n*d_nfmd1X)mJkU(gs?nRP&A-(B#vkdE2`7|wy%S16anvY)idws@ z45pC(FJM<$*Z!&-M_YpD`kotm@`3_g4{#bxj|dHqOrA;rZXJj^ldkc@93*6;GFmJn zplGs1anY`rsYD=9#2y{|#FLQ$H{QS^zK0;srz^nt3(P%)CJCh137=X-9rhRtQjY=S zP}$kLGzP5q^?9_fzbKv7?L;B^ftH0TOXtV#=; zi4hsTIfGa*G&H*cQ8ow!Ci^78DBmE68B8`cTK~&`De6ujz)L(?txaD-bjND}>lnkR z7PW?R#IlOzcH`^-fx+APR31vOG^>H^-U@qzS5Pe?t_gPaOuCP>n1l-=&dY8cy+ZX? z1MFe$O?600SBV2V>&G}=6VwcSe$4$bKv{KV!8L*QJZeZ z%-b&}q$E);+Q5o!2pR;aKW??0yuZj2~{ z=k@2e%={}J)Qq_P`fjRGGe29vb=)fbnoaRAt;NlSrGf2Ybp_EHqb~(R_uCtIWt8Sk z0cb2o%tp-Q$gSBnj*|%R8f5kaLt<}-h-(UkY_N0c;z=JWwU2bAehQBihcqKlxN{ngWfFr)Q-rM^E)Dt4D z*L0`8Enjvk`MoM0-n}jKStTmKpM5*{iZ4@O5>tp%J2B_~M$)L8rYc+VKAvo)dCxV3 zwLa$t18N5>-8t~sDthv^ey&V7-Sjbhm(9o^r08^7RTD9Z3l<5TZvZ`p zcuc-tb*rtXuqsJ~QUcNWR62zqGc#rg#}XLa?jO`uMRB+kH}xrCAuuBgpC_&t0FqE-LNHq7`@2h~{*UApL6>4cO8cx>>ohtb0jiuz zG`}~J=5SB>Mn#>Qwuj)arQbMl6HI>&;ioHZjVQFregR^c~IHvSq#vE zggAfb<7|u>xa8!)LubMC`q=?HZE4UqkZs7zOvz=p73Hb8% zAM_^mg`NRL#M&??L&SWJDd`c`mwya>6j~yRQ>Rp3n|R}GfFD!G>yVbe|KuZxwMnah zQjwCJ$s^yS{F^w3eIyuyNY0R4bh;A%FD=&LHdnJw7aJH{_Zj+oO}aBE!~la-(GXRx zMeCQ_XlsMb0_h~7 z{tUWf0C)oh=u|$W!ItC-lGwnbfY%&K@UZ|oa;(~||0dsM60c`&-6@i)l@3PjV7-EL zcgJOQczQej^IiM#k>#vg@3g^127L`Tz^cOt{K89UmHG$)U*k2e4(hZBQkv*}D9RA6 z9Z3COtaDeQu$uYBpSouvEA5Rn!;zyEUS&tpz57eZI zPT!2-R3Y34kE1-|Dgw7$wvGMJ7%|W28DdP`@o4w|mA?(Gp*D#=yZ-%3GF~YSlBJDT z{$}a;lHe6jxMe$i&EKv~shcS<(~(@dS9c%}%c9Lb#WRDqn(xeVUq%=u+eoEjD&oLI zhk(nc^Dm^ovn778%HL?w`GUKSwes}VA5x$g(r}}7Zy^4KxA_`>83lMcH7^b~e>T}$ zAS^IKBa2EZIV;t!+j}#Lh2m7(8zV^_&AKWakkK=*VaduZ_h-#Usx5zzScwqHXcm%| zjHFoW()mrn$>SP!V5>1*b6r>WVx&lG==T#o2YfZP6csQ?9UcnQv?5OO;RI^p^LGI9 zw?}itA`AhLC+WM6!Cydv1SNt|wLt&+t81?Lxq8)_A)$uZ3*dlK9dWBRyWCb&V7sGv zDP8$F8JE@VOQs!Bjv`lS4Mk2j>L&RPTU}6Wi(o*ac#6BnxCsfSwSHJ`p8)w zd-HS!1;!s7?K_($R9j=8Imbh8x@xUUFC-d`P%9bnZyT@NhD^w;6o2ATQ18B-9{*md z^(*}VaK!k#>V(7DYkc@hKGcANBp6GcBb$%tEEa(B=-S6W*%vfL3wg6$E_43+=LPuw z`Pv393gvMXOqkqID#burXT!O>=Xbw7@&-Z($QmF<9{IpP@xyCClyd_ar+GW=Be~~OhouiP^F^on0jxExMvFhDxz-q{zM2Su~` z>ZVwv3>s|Ty}h|CzXNj|hO87%nP1?QfDf=3FN0Ajao>>g^bnZYGd&cNJiaUZn(`;? zzk;t>oNG|856$Up*mz`7V0Xgxvas9RobIi9Xg;U@+yoah(Vvucw^nak!`a@{xP^$y z%!osCx4}FeRxkU_pf}LTnK>Z6`3$J15Z)(qT*?OJGi}@ZKR39c>fJVdGQAhdOS`3rtJ>BA(}xI zyEC{7rH@ED|9Ra>cmVuRuvSX{!(~KVSocgxxxRD8A`1n`XHbuy(3c|ie4V7Oe>AT= z9R>ttObHW`{}5g`f&;mf=l|L2nScO46N!<+i~gHq!X+#q23aOLSRTAO7Vdn4zY~Wg*0a5mpSi-3{XSCPu_;?2F znVA(4zV;}#mumY!W8Hl4pg32*Rzzc@$l)#M-AF1gNC(UI5VB?q92uOqAo@H%0eQ)j zOc=x*$$G@12pTybfaRr`HSda3Ndljx`}7lX(bj2fk|2aX+UkwWmAggS@B!eK z@$ySZ4vqfuw0|YvXu&oJV2MZzAyl_Wt{zkg&hw(!T_4wlT|^JFsj&r{mI;XM7{Cok zhgt9*D4Q=q>yrmQ{vB*fgzdg?%_a9yrty88xkaBI+I!LxBkSLtgsAu|y6M=!_Vw*c zvH_^Ftk55R#}bHLM&OTQz%$Ioo4zezk92TAH5&tbb~|9vbE$$8Zqgv0b0Q%F8UWNL zJb&tC>6B%|4`4{>dmlM7{<>@6$qYC=8fN{BkW!+MieZ?>CE2G8SeOHKo{xV)Op3Zr zfqCKjqf)Sot3e)M2MkOelqr6+r2M_W`{*VT6@h@)&~_`vA*W{@g5DXVrM60F{iVbh zu{^n}fbkP~x(*cRRPSVky37o9-hg#VB%pWgc{VmqOE253&@h$XIfV>JYW!RIeTitr#kVOPt7@NDSJBy(4G!U+5E`I@^ zKo&7JE}3Wz4gpoB7?BvHdQx28AcCL^u0}9r>;|4^`zWD%RRzle{z=h6!e$K++x4!E zx&u4+{iTe7(la)XK)W!7xXA9cJ^u+1KWFy%p(&QiJlDNS2T7$io5?!8XVH&0YVRtI z8^vcCw>($ml(M0MWXt=&{0sjVQAQ9iqQRxf?ieJ5&qP#!1iAvQ&PO+%U^L^_EmfcX zAHYDW+=Z?cqb+Ysz9@|0?724r9Iq)y=$@FF@7s!$!YJ}Tn!5^@n z(v17PaZ&!Yh_k4vWuifuRdk!E(Ik-61O6_cbATOz!k1!;#qiwBsC|7j4vkv_n+VMm zt`6%oMXF#Sbt*j$A&vT53_lD8^iB;tdH)Zz(9#qkDfQ4OnQ4m0<`X6OT@$7A)WF zHWj~43U~sIbE3InP;SU_IK}^wByJ@eer=@ch+;DlbNbr$1LyzX2;y%0=5692lDV4x zI)NdJ&8fQ&8`Mdq;;)?i%74;BOYK0w$O>qCo)?G8l-bG`@67kYiQE+*v1hIdI{=y))L;HhedUl>9VKZ zC7TjT#VA&KXn=Q6e9FdA;?`&SxMY&epN`Jzp+G3E!xR7IB7;geql~uGNaCAtYFQ3PrL)jUeV`^xfSLZOE zviBWe#3dp|T;?1ag&jBqMOxIe9Kb9X&!PV>UEa^trSfzXnwCl^NarjCTD#gM??K!X z+(+QTpQ~C(QllNJso`}Dxwu#)zMGOn6bSp{3!>W>3x-+?TlKU0wjDrTn5~S-)nUSo zJBSqIjl?+7^h>MN!b}Ca0ew8rH)VsDq3tmvJXYx_z5agXvOpR3!d-9ws)GH5r(5!L z@yK>l+ULAxhIS)m>>?JM#)>g{&S@@JxlRb_ox0 zgB5;m`m^#=)^XY7{3FKgmnRGlyib05^O}@sNN+8>?X5MmJ@G}&yvDdY()<{&#EYJ# z5Twau_hk)AF~(LmRBj#8tdgq#0<0l7#-BP+`e?{$o|^C)EiqTlX{Sg=y+y1;R*TvW zxg9)vR~dTM_e1_~-+*j{>&t_ig{fqUqeub)IYJ);da zgx`7uz!V!zP4+R=rghCZ=IQjVL%^#f&!9|TD7(5ssfu-unZBjH3u+LOL>TmQ#n2QN zg2Bcu6Dy>sKJRXhg-YZ)uMYF7YM2WDsnJf5rp(m*LW>>-sKJA4 zcE4H|+l=rDyR60;jYHAVFZc^G;)R7D^3uQ#e*;X}3+*MZgde6mdP2TJ`ecyq3a5<; zJ+R+c-g^vPmUDoH5YGDIg2x)C-g|ZM&agrAR0RBV1_;S|s9i&u(`^W#9zuQ)NqqvO z$26$jA_c591^8wyzsbhZq6wgUiiOm5AsHx5dE^%Y)+#1rAOu;fRsJdDgNS^ch}i>M z_9P7fghCdgty;;i{uUue69L^i24HZT=4Woc2|odF9}ED!nJSFTMB$6jD-;DkkfM)p zI!I~p1dqJqrLtJocYle-%ri1AkkGSaPuHAB_4ro)Kh(W>IMjdpH_SAav5rwuqQTgg z$WmFyzGlr96{2s6P?jOvNTTdZDN9*eM4}``HKG*SktoKRJ(N_BV1fEka{0G!w;_A6|>^ePesiA=o}cnETh1WUiM zx!6w!fTSf7W}~v;&9meRze8{p*%`4pEM@bS{qHJ4AEwqqZC|MAy>r+JNzCX}f@w@n z!$DRZJS&QUu~*+5F+)XafL?HR&j;QgJ!-Sc^j`)q*3sDkBMBXjwbDco3vTm#d|+We zB0iukk$?i~Fsr1En%#B0u?GQ1G2Zw--}D&mAa|1~9JF45ELV)wYCo;E0$InWy|)L= zk~|xvaKD*ju}d)hyPMb_0-~6VK~7e)!Tr0Kc$*0l=7Q@zu=^WgS>_laK5d#jry3)2 zd~~6|eR>bN%9b0hca!!{(hD^}h!*zkjS0&;-CoRz}@JR($N#)Kly=wmjvo%PU`xNflI%Y#~nejihwyS zFzMIaN_`6VB1xTjWtx`wLVEH}vt0*x=1g^d4)HgzQ&yHE(%( ziKV>;A5+8W^+`|NhZ^l;A_Z+f)Q87n2)9pwM=#E5H5*!SOAk$Dok? z%IfQZX75_5XjZ=rt)D+?J!<8_SK*q-kyJj}`=H035G?Yt27KZwC`Q}sCx=Nh_TtHltiqKwBYOO>XOi(dbehjQ< zmxD1JkLVd&f6PX_KQ`iLN0V!$%VtzV*jZpOx3TdOAhzqu3d_2Irk? z*gBnOH|XW|zmEcVeUF48V3m1zUFn?B$n1G3s%0j#F@!myhbU7Kae?sh&V zN@)hrz%-PRw$B&Bi!7X6s|U*lzVK;f7Q zykO|LXR1bQ6>q2UKeS3_oY03D~KH z$S01x^$@&r?XB9u*JQXK5N?$XO8L@KQJA=c$dwR(sej$+rs5hlo?YI6&DX4u{5szaIM9C9O0fJ7o2I{SN)pOqP?SqwKSJe9VOy$Qw}Ko)UDXGRpk zH^7=(fZx_@?FVR>)a;NFxYW6-h_Dg$ThN+VBT2_VG<0#XZ_Wzri?9vg9ze-wJ|$k@ zwnI{PHCgIm_-C`BIc$MD8tV-JkzH~Qe8eW`h{21o_f~9pdOn00L+3wXn-5x}=MY<$ zElsT*e^Y#_#NwP4BKT00i;Tm;5R~V)Fp%^6=;VFg^@1BFV7i7%CZUSY;Y9CaHEN=J zhoyDL)SwcY!HTG$;UPd5)UqnZ_uJt zB7ghNDF(mMqtmn&o4JG7XUL29J*dK7irR*sobzA$bl+4}F2miWj_&N+tW{@rKwIGO zju>#{$=yRq*XzH&)HElfK_W33K$li%y0APIGb~76MN3~>jDoLh#!^JIuQLSph&MP3 zIDBaYpFr`Zoa+q_?;c*>N`2J&N_Ryb5GJG^eAc(J96G$O=-vK}9K2q_5yBIc+3J(2 z_$8{6`N@#|jH9v+^iEY47F}&TNpbW-HL#&dY!ZoH3JjaR_qmv3G!_o&yZT9Gb?rsn-b4g3f zwIC76q*z5TXUf$y2!|BPbqx;`T2JhvNW>8-4 zDfzRT8=nUQD+FdCQt(1B4%OvZ-9*2`-o_Nn@ssa=w*s}@k>C9_buYCof zLGaKsXCwgotj1P@RX{m9zRUY7!!Ni1LePOT_?wyJO@tf(DK_auI70%> znE1j;&&Ybe9`)JaJ>uuJkJqFh0W`)uts0P*l+C&o#Q_YZOcYXCaPo_%lOy>4m!iUr z|8GTwvJV^k(;y%cDZM44mzUnc!1)0np8FvX#R5%JSv>@^A;KGg$m3q4uM1;U+5gi3 zQF#d5U*j9!dVD(wvTM8B2X@NruD-Sky_8lQm*ovB(wUyz#WII{E2iuvoMwt`z%$Yu zu`qATLyHi63&-0FV})iu=P+~JGX}e11uDmn2O_^ux*#*gWZ$EGFbv2?|9W?^1k$vD zf!YYT;l81&W)XWa68JJuhbMt0im@UB13ClypL_2eHNstdk-M!GhCe6-={FH(*U8UJ;;`_7D*ij*2H#r?Bz=+MfYy} zL$W#o(ag!dMn&@A*h(jY&BxT{zy=cD0|T+z4&oew4zD*agvM!9`}gftdK}9eVQMoC zE;($md;tbH3Ol56_z#X^%YXDNyY`|8L~+zgrh_3rVZFFU9}0e&(x-nL@34SW?n_NZ zke-VaLP4Umfz8#c>R^o9gBt+^kPhCv^oFLbH{ej^LsMd_inkyC#xd-lpmh$zlT z%We6=5F##DuT%Z21=w@{+O>ddPp-xD;02%`#wX+ejW+hq=gc4gh#NlRolc?Q3Is>( z?WtGi>OYizP3&ARt{NZ~&x>D!YeHICXMeqJYm6<4X>%&{gS&4r4X`llY=SSJu)T3S z0F0SbY3d1uxt(Tae3q}s@{C3#pQw1{6lzaF?Ok5A(;uf5;SDs^FR}HV;5alXRh2Hiawp^cAWt zwZbbfq1Hh!X1z?#{LR?uRw z(K;l&Wy{;occlBj?JRkIyWWOidUW*8(ZaTl17U!cnbY^^LJDH8i}5kfWTr*CZ?0Ue zp`wPB_gP<7CvN=Ke(v6~px)b}xX2F6_{AzR6r-xw=6`&@OT*;zEVcsWS?R550==R~n zP;d;H;aVI+X2=aP!(aIdzc$@P6bsbqMF>Qc&})!G z0%(E*!@|NyXByp0k`I+`54t=?yuva7W#Hct1=`yOQIk%{9^6)RFt_6 z!HR!hVt@e=)Uve~o^lHooOVG{h&FX$ZjdgRdSUwU;=Oxo&OR&WzcG!v2w)4Xeq%yO z6EESsczeJF&7khbFbm9-D8jjh1U~U0xJ2Go?KimxlaJwXITka+z}tUQ4=cC))fZ+{ z)7OK(@cWcN_1`>0F)OAbFNhbu{?YU_fg>Yfn;Pd|#r<)9kTn`K8R1wGA1q>TtZF@| z*YF9|(uKrCbCugRe+n+4QkM$9t+;q6I{MN{^xEJLo(}`Z5!zFMR$1h?$iWPORMXRs zR-!)KIehNj9UEc5gin*cGI|~8qXeaFpiORAJP6=S{&h+1@Na2Am8*69w8;mF#yYc+ zztR?Et4nZ9#im}xTj}XYIlT=~;dJtoF@0=w_9sIqwuw+1K7So$OoxA;ltE0lsZY+oU5pOHp-`N} z_q{*-lx3Pi!k4v4n`)`cY=Q9*{?rm^{&_HR8SgzlrRGxOdwvtjJZo9y6wKX%Mqlee zLGyL{5yXut0rYhaC;-#{!e!*#6fH*CJmZ}=il=&VS}#L<=I-{|$B#609@ zLNN4a9Tk;*ZjR;7qU&UL*;v8|f4LTP6B9f=cE_l(B(+1g714E2xt-aK0yR_yaO|@t zB4G^P>L6b{2T>YDaovmfd5ey@d+43yoxUC&6J{~s)FFaK zL@@r;iJdu0dfrb?ZpI9PiZ#|l(z>P)brCr1#I2l7 zAc+leJ$*;4J2JU4OqKH!SI58Cyt*S?PB$d}jN5$#C~AZfoqTvhX_b{;#>Olc z#@uhn#QZTIT_2x}ig(mrgEq3a{}5U*kS$OMa1KFOSOFGb$DW5JMGa4Y@q2r{ z7fLnE{|+VaMiJg_!dHpo{T}ZW<8Lx1&a2eU0usnJV2*Z0_I^Lq)7Cd#dx_`U zkkh%@=m?8Z!@0{UD#p(Q(d>(KDW7oz+tcuOsr`J%Gy(_WUPX>9Ime%B-1GR!yE_qF z=Z0S7zTXqltlq_K%@esd31Q~82y28B(SCLFOfq)mIFVrpl5AZrlxD#g(%3WeYqRUe9Acs4r^IvB>3n! zFm&?V8Ur=w_}aPZR~_os6A4cmY}VJCxI?%)L`e%-|2**^KbF)L=c0qoT)6Tnf=Y&i z7w8*kTzqae{lT<+ZOk5JPS(9lZb|4ZDDW$Dul#%!jq*_gx=(IZicpUH6%-r@FZK>_ z$R?3_Tkn@^&9~dzf%I2x2uWXt&y%&-VvRC0@Lp#M3z0q6WefXq(9T}pMjNilWk`g| zme%*>rg#dnHtM0pPH^g&1NNAePigoB8KBsz?Kv`W^Puf3^UL`V=k34f=J&NabKmDzs*#<+-litkb{DXlBTSc~dnKFTKB!ome_B`dmkr(PxpWU9! zoZwc(nN8bp@#-be?AP$&58>=<_!eX7?)fm*l-Ii;Eo|@5H{rHpaUuk%cDL2i%zPY= zRug5LVBe+kE!Bac9VN%kQBKB^gQR7>^H)ng8B-_`!}h?#xf}|T&j?8r>95 zRsT~L(_&sA1b7MS{`IeCU=yO24Ys^qH7pV;cOXFfB9kxUONC#HLq5TPQI_sMjR^pZ zU^?;q${+J$RVPXfAkx^1PyT%lc76=S3CE9%V<4cbubbTflfJy`t&*WtrX_Z}*Z$ZB zqt)hzNPUegk=&u3ep#L7=AXf&-GqzhrWrLi4Oq;b}cGGQ=tM3p+I9W4=By7t2Bh3E&(ZWtM;_Ur<2F|!4p@5wDP@_ zL2eXbnWq)D)yx={NVyCQ4oZM7!44J)AqGP*UKA<`q?=y3wzaYV#%L5;THFRcyJv8l z2~W78GOY+-^Tc;y1zvj$%b;HKN<4P37)S{8_f)hf)E0Ava z31V$wiy9eVh;oi82pK|CAYNra0YC$5^K*&{&mdT0cPRuD&c)JH-ok<+mj~f@=0Ie1 z#~c=UDMH7U4JGwC46Y^68lbkx|H-k<@X;Ewqo+5uk3>9C#8? zllw56l=p;IYbCKCR0i4qywWY%dCLZy7AQwUty>=L8eqm?E+Tx2g7-g5rU7}?B!gCS zNdVa4<7fr?O>a;c`gB@>w6_GvZSy?Xo0AvYl(-T2=$KXkYaaNK|*^BU(S9bU|n@jA6^s(L_hAfocV=Hx((Q!D8VSx}&on zr>Dh!pw;~v8wMhbbjD9uZWno%*uOy!xZ1O)W%P6;;qrVYiWlCo)5F4)7>u(?T1x!^ zm+s7?b>}3wZj8p2)|sNr;UaziQ_s46 zHxHFd^L#n#Ax5U-8y*)e?dSf9MCXNHk3Oip1(#q7>LM>768377G#q1Tro>%X zlnVuFD;|e==xLTDX`(`p(r20K_-So?T3K?El250lyQ0wf#4ZSDUreEwUWgb20w!n% zZ|{L~3LgX?p`J+_hgdeS%O&6CdmxGi&jAk>UV5n^9uE&T1xW~j0{>6U`!tiIejyAoTVde9!uQY}G^z7|spJQnzq$mx!X9-EOH|D}x;j=VpGMu1GdOyaN|=$@)W` z`#C|Q1~=FpBi9e6j2B0O7e{{UA6-FKKDgB$qM$gnZvgs09(x?AYQD*lAEeM8V8 zAsM_2fbry#rsn2W$gOCsYd)BNg6S8mS9y4J^tC9uMfYn8{E^m`o6u@vNzkv`fs+); z$sr@j06gFdU~bAl$>ML$ATkR4lJ5n4W~Xx??XyUzrFa&8oii|9F^6vxTl8`<6Nqp(BF} zS{69y{Pi)2ZP3Zn;%WoVH;LMBQU1ZC4#()8;l%u#A<)`c27w^z%p=k8Fd?Ig zGEPa`(9IU2u)F%T(Y@cxkXz+Ni(x+UB?TPSKhrp z>S+(+K5uvmwD}X11*ZwDGvFN#X3RjK)y{+{{XN3muT0=bMVhu2{@CP|g=XD$9m>9M z8lH|K5i@$!ZCC??+RFYS4v!PNE}O3lzMG;+q3lbm{n4ry7d_Gfd^H&|~*52+U(d_|{lyG$}YiY4>#j!w+au)Voib0J2 z?5^_tnq44<=&L%CeG(=bWXZe?itV`$r+sE{8Qt*Im;%hKl9{>ZXs( z?%D>CQ5$rl>V3N^^>A2<(cH+3GM*EQb!g})zjq`ke^Ua?104XXlnAqO5$ zOOT)z4oEJ^u-WhT*y1)@%Nc+CAzDznUcx4LVSnnjklq&R4ZIhOf4in=uQ?5~A3b-< z1(V;6_)dIK65XY#CjuNFvM(`>Zs`TDqpCN276!>BwCSA8JsgB49(PCX1101nas++g zR2N?fiur|-edW72`?^JZF_rAlcE3S*9&{re^4vowgd(7>Ma|1;i6*$x%6Ygv==yI! z12R8*mDu)FZwF+z-y_&0JctRs3i{BN9zue~QdP5%rvGpZTfL>ABRP+|UJLKKEV<8( z@8Yq+r`*FE^dNY0%^Tcuh*<*51@LI@xzHK{fSz*Hx_fhmE=jcwB1+qM(47e`J4kIkFIBGZ3h*xHLs7Y&Z;@*feUdhxwhsRZ~c zy?ihXk3O-k^U!yMOh?veyJM>b&0eYw$82a|n5$`zp+3uh3{%zCV$XS!;2@$NALID- z-HFB%q#LL=QGw<{^M_7PfhWdst@uIJUbVO%tc({!u0_Mlxq?f=XT{welrgUx;M_z)k#NU)Hc#MYJ1)H|83c!DI=;sw;c{W3*T52s@SQ}VRH87o#Cv%s_IT- zvaZv=^&7-D$jpnN#PAcr&`0ZgvdJ;P2WxnHTIu~Egc*Gz(5ZXBpZ0oH@M&VXy%)zk z*M0b=8FZ-jbv~U8O}!aRV;LmNHbcyc_zVD9tzZ|c=lSsMOW#T~TL1&2H>F82KTTUO zY=RU(OCo?h>j7&5A+`6Wc$JM6=u0Bsg11Hz66UQ|p#t1xo7MFb>yEtf7?@Z|bW@j0 zd!Q5Qx_tEmjJecy$elrmnn@Gkl5}EMg?A%#19qTtG?QKPPjI>kDE{YuWhnr`U=e|(O_v6reEiqb>Y;ER>@|6Y0iPi-MXtx?S{@Szkr7RU z4(&Vyjzk)v&JCPdWi^Azk71ck;Gzr!iY|1g>O;dv4~hW2)@A4ofYHrZ93Nq26jzj5 z?9PASC;9-8=@_B_%B;a)a2bf}lzEU6oxb_IyX2M5Vq4%xs4&^YLlBLM3hqDs+t8<5 z!U0dPtD()@lvs&Hv3+3g+jS8+E`f#@o&dYTx_ygx)J7seVwD9=K`V5S-thbyX9gDm z`a{yZG0=%26*tPz%)SXN9RntJxSnNsLDg({8;PgcaD?1_XU#LX_YyME+zS2Z%d3y$`5X*l6bf#6%g^7(#bRqM~}e$G>PJqqN3D zXwwP&{KeQOkkLB~FgjXQL{$Jpz^>61qK#&p`#@T?>-_YjFYM~<36b;`?;a>k?j1*c zeD>6Z!M^3Q^^1?8>Y)%gil`xu96=RWC>k7>`|mNLdT;gIorM=i4%;E$5XyVr3`bTW{Ha6vPck z(REO{s5Nphd0V@fVjEmO*Il={WTlWJ1f9JA4TE2Nti9{IzZ24qdh&`Pf&IwI3gvHNC4i# za~SbA4U1jsj1Y~lC4Z`=2`KDtPv_-y)`iw}ztG(H+I8zBAhF@=?u*+rgLf=POcY9R zZ42|+Z#Uk)>33;QUMNhVXr^d`;W6SxeY^0*+jO&?1;rsCPeE^**n;Pk@>9iLxVWx*nF z*$)s&S?B4X#T9>h8QMizJ~hCBz4^CZEwQ?rEwNv`sbIatriW&%WD$ZRl&Z(qHNi&Z ze2OXF4W$WyRwN6hO~W%WoPQwh)w5ANKyw!s2=dJZU~G4%Ler!WS2Gd6egLaiKNIJk z!zK`wkOSbl1q6zqjjoSK+JT-wBqAy-&l5|a*#YeWOJOO?x#_>jT$>T*`7=9Mq{3GN}>P3G6$ z!Bkg#V5f#mW zQ!g(Jy|=VBoBJ^PYzCd{BEQLUaHi`UGVz{hOtUAEZcFP0DD&f-6Pf<`;9Pq5;9+O{ z!s;~S;c>&@?TJWUMO7g`-@R)i1*y0Lp3%(GGPy%YfPW!qL zzlN_CIps!lI8Mi3bi*Cgx%K0d-5dk~q8sBy%i-Cp1@&_8!cYnWOO^iDL&b?Sp!d+o zN)Ql`f*?bssj5yfmc%>1&U7-^X&W3}+rY9@%v~@ZL9!@A5u`eI%B4NH67Rg!+|3Y< z!8iPaFD4ZBvKC=Q_~j(wbNar~?{B9dfDx>yx&=~zz%iQ&^rQ%QalkpdWC3_NUtaua zwbIk$V;qo(Aot}EW8y;}$5v)IMBwQz23F@Y!W(Gcu~9#V1vY2|T?75r)3JA;BHIzY zTu<-eNQ`abcwi{B+Og2qP$4dtv)_=j_2BtcOcLU0tsf~ z=}^w&t~OM+*rD&YV~^@t^h5ds zHZcP@L%LZ%cN*!%fti%@fB5rCadJU->LAJ%gl2;QKtWpD5G2WFA=mhR?K^zmkKeMt z`{H`v8%MRgkUw}_+*zhLMy#E|4j|Ff0L^1q2N@Lg9N6B?z+Nx}*|wP|3yt#-fW;C3 z#K1~Jwb*!5ghZ2aA?Dc$~6n2 z?gLLB9`FHlXzT6*FZ~?$rIWw_BGMBGk?E zFr;d%+YZH|7z{X10mDcF=iv6KML_71Ae;G9j!xu#J^_Kx)o9U$F;EuC06qyRD=R;R z1~D1hr;QLX6+HB{=2iOGO%^BDOxMq73vhP?09PjKHb;I-w*?VpqwC^);6i69=xUy7 zeyJb4liWMmK3p5MIPUa*sc`q_wB+DwaRqcLP}BHnX`Jz<&kXvPt z?(6e=6*0LQ$*BGG?OeZe>;Y!Wem}U{O5EXsPJ*JUp`|Fe9%Wu3Z5gZqxE>#Vpe?8H zG=mrpbLqM8QNwn|Dn#K#PR{J?>DXe!;7jy@U9UA-KzA zbJov8CYK|3HaU+ZDS6!^39vu=4=#JRKkIS~AQct{~?k9`l zSdbhWxhF7gux4-p*{Wo|v;w=ZEA2C!Kv{Ib9Y;%uR%@yV(gI=q$+U0#<&XD#KI43J zqJ3D5eI8sh=7ypbSAgUhxbgef_RzlG?*126q24ZsgtSSH;|kpjx^TT1lQnz1vsy^RHBqNoxJ4wCs<($4uC=d>*r3I zS|7$rwaR?0Ptezu3Ff+KDt}KnI07yq(p`2D*m=eDN}_<>Q55cobz%*y=i*{QL{}RI zL)-0=W#8mZ`97YVEZn(z;Jd59k*Yosp#CR$2u{^>rv0XmtDFupfF9J11DO-o=*B!Q z6K;yZW<2>b!oq(^7op}t6Y(#wpUMP$01j`u{;&9plokQc{`{Y2$ZKR&4j91=;fyB} zT^LSv^ixoBe3J4rDmdfDX+dnGUmAy?eo8WhMFL*ECDzNL%8Jg z1elU7A|mP`)ZYQc?1EfoeWOyzDx2WI+W8eOe$WyGXSu+pk@IkX?$76hkGd1t`#(J_ z9`-P&Lr?7C<1+IC1PpoKCO_D72q?;@YRx4;tZnB%mzz_BGvng0Xgf=uZuDMAF%n1B z4!~p!5Mp`3k#{`_(sf!POVAt60-xXT8qr>tLoivs(m?Up#3i_v;-WXd(dUE!?6Iz@ z;*;_`d8J6h3obTO7;zj5(d-LJrJSC|^=S4r1B9OCCrprX$aS|DPchzo_lN>A5%*@m zC}su&2Ez7_j=hyY(msG!U7;hGzCoFWPP397KH4)uYhQ3hgE6MIcpvaa3qnFz&VJ#0 zAyXGXwqyp1uM()dErX~I-Mo_zVSbPjG@ivaF_VYV$BT-Ju%2uMgqa(TH!h$EvsENJ zP$Na|fB5ta$!F4`633@Il>WmJZwDv4C|YMr;Kkz?(CV=#Cn&eEm=TzltX#kxDG%?> z;r7wpHNG-H$2i^&K?DitgzW~r047*VvTCo@$8>_E)^lpPc;16dlQ*u|_eg|w{pE)^ zym(br6=v23-c9pWNO+ioSb-L3QMER90J@BpmeLxJf`14}Ls6s?0014zf;A0E`H1ZT ze=eeE<{*OK9J-Ve({wSB)?psF#}32sP~{l?rdvsztUR}(iLDY7EDGE?6NQXoF!T-I zZ>{37W*^W~a%DBp#uFLmtJmY%94oF@>~_Fb?6SnoA>`ALhdTP~5QnQirqm+Fb11q# zdZGW+%8goikAp^1mYN3)eJ^zuI2`gLDgMkP2^`Lv!$?qClDrs|Y#k1eiK8 zn%O%!bYSTRUF85beA?fU7Ubsgfx~OabSPs!HEh$PVOK?%F3B@iG#SPjsB3YX(yU=E zJMX#C(SuO#Qkun;>*5lz`esb84(kz>U}{3arw-w#L*myl*K56W9ca8?|EB+8JCW%P zz?zO?G?h;C2S%=qu{2=t%dcDs7rHeD44QM7x%i}oJ9sXRLh|k+#=TX+Bu1HZc4F(s zO+FaP(a|EKGbMoZz=zH6bIe&69c_kKIIt2%jn&2O;K0_HQbf8_cpEg;)C8oJe)FmI zDN81>!%AbfP$qaC`uJT_Z$Ds`Alnjb^5j8RO#8D+|*Ihce7U!q>-L zwxCz&jFz^0*QLatl7pP`)sf-==z;{F;5a>eV_w zU4;v6;IJ+Sa$LNd1+gI#E+9e0bXl$tv@_@r(G49CmH$Xu7sx{(h0{gIpf-mHhfNcJ zKp|9c>|*5i^Mkc;%*g2>zwVCU@vN7R{r?t-!%#6qCkr4A47mk6q<{&{0Hs`WI4re& z@;=J%{*HY>OnXDqh~&9wv**i!1)cw9dKiWsXo-M>?}2t#0#=>a{p4;;131nC;!8=8 zI>9jJ0L9gf0u+$C;;%6WC7vQ{LG1pt|Cm6iJ5iX)V!)<)lmBi&_+2n=aQEil@9ZbL_p(j}$j0{a!fiT|#KTtQBNTgRAt7&Z_$_`QL} z^J$<~eFoV7Fnq9R*$3Lyh0;}!`53B$lNd=uV>eh_%i@>}4Iwb4{U2bvuYUx8rCk4Q zk4Dyeps_})RB%ZkjWq-IxE@G#WbX+^yMod1fjj*lEHK6u!rw~b??OOaf7L^f{#@Jo z>B9#Q3*Ma?GXC?8OaOLdXh<{$Kd<1--s3C3e`K35?`8S@{{$DBCp-W#aRyTSfb|$T zZqUMx7L8*gNpm?!CItD>io26WkM@E5=?**fE9eQ(7WwR2X&^WVJEU*J_a=LURecQW zLG9YmWdlo_(7E{j7myJ{Z>;u6KKj$~lv~igix3jhp&|VgTF7m9ZsZR}D8+RQtKqR7 z+bB~@D~|BjH+;VbfrAtXWZe-qSF+Lg&Ejqp&8v$1i4DKK}k$9e>VKq`-%MWnAE2I|F8No!428W8F6 zR%rr_1|ZkU?&@+5mL9Mt1`P}hc+HP@+}}Q*+%LLM|2e|Ag03f^ss(?}lH7Ylg>Hj< zwG+fXqHRw%z=8}8d2LX_5;lP#VQo`9QD;q~Ou|Zx(;5SP=T4m7HHciciDj*lgS+n> zOhTpm@k(cM&I7#n99$DwId7WpEq-?dxbsu?6Td(I3Sc4@ytpUNR;=u}?v=x$XtdgB z!}fqnr{9saUVtQXm*sPCi6i7L_R?F_(*Q*6P|gu+m#(zP+NjJPb8`C|y?VI%GEsbl zp8?qyVRmc=TM7uVG1?uc_A|QeBY(t)l{{3{_=2m4gmZt_fT+JP_Pj7GiMC}fukCrN zlw9^t6RY&nfzM-1mVGDj4U-$O@46+w#dMsA&LV=ce|3|&*zgeG?WSY7%i4xB`unFdx!K!_1T!Qq#&7mKynUuvTvgP@2 z!P0)>m%FBBm6t2J)@Y39N$#}Y^Ma|Zl@bK#8wGrv(D0S$vT1&x?frQYGDm^e_RG zFcBlOOV*-i8FU>yE+gd*J1gDRO33IQa>g*835c%?F;iF^lU)|}m#XLAm56CuF*R#R zWMkWmTl}X?Ry9LpBCg9Zjj6~b3rmn?xOf=d_)Kcd4HlfuA=|e#ey%Ielo`YhdX;1v zJ85w^9AzDV#et$vk^xx#hK?Z;g|#}^lU^W2Bzuw64p=h@E7780`N*+3EkN`LBz^7l`R5N#PdX!R@X zii66%Q{%#m)wzrsfO?9T4-9%%Ybi|O2 z)Ai9Wz1mU*Xn_p0jL)FvbbJTUsB9kXX&>f%+5+S&O3!JKzTmxVL20pJ%MKG zMaw7>JOs_t=$l6%5bPX^&H$)^ku3sBCySt?cS@BvpRSH^6lx~m4&D1==HPL>S3@8VwVIX1+RjKH` zK+bC2`jLO({iEf}^|mvnexRj!xUziw9x!`^o6*ZZucAx^9uck4W%nZz%(^)8&_L0r zoBMRim8_SW%E6*gEwtRr3UX+f8lC|fHH-1n!FkyFw1~D)a;4LywbAPt*&RW-D zZ%_O6zP@nc+kH@EhTr^zbiE-en~13$9}b6`>)N0C9OZSJNSm>-Nb^URt-)@MJ&nsP z`;Mg6AY>cAC<~3<5x&o`-Bd}ELoHQQIQ03a+95=og1z}HkbW{wl5Q(#Km~Yz$2w}2 zTf%vm@r+P}h1$~#u*9qsmi5s-UAKpg9Ycvy1vX^~!3{Z+Xv=-*SIul3%FavK?3rhv z0rRm1piV_@u-m@rrHA$$Lz5y<`!FyCZ5u&BCh;PH6%E=cUF$zm$3YdO zTnahD5uiUtVmIV}(psRO*y`~Z8#Y>a3adLhl9hGrZQjLJ8F8jB>~;WsbZk@nZYt<$ zdc?fNpVe>*SbLU+>V*8pd#BI*gw=Z!RlB+5JZcGz3i#?@#?J?tkA$GS8$Sh5TjxGl z_IrHq%t|tpE150Zx|0icVF&Locixvf|M|YAta|qWl1d`YjIS0vK1XV`&~lca4v;>h zb3LUla4=p28odyo-*CD6Jb<`0pGeTES`A0R;sl@L0GSB)^i&@zuF(doOp2egGu%eq zy}++Ge}@d;Qa_N61^IHe>tFi7+EP)Hr2^{#_k(EC?D>TfEtry>@&LylQ;UYL(%~W4 zWv)lSyJI2uhn~v{r((kCb#PQ2Jk#Lqz zNa!$3#xJ)+SDU$~;*oCnXYk=w{386mnt8R4>r->^c)K!4Kd;{wLW>5xwZL_q;#a|m z)>5|EgEMFlD4>cu?tLq|P-C1{q#!py-CZT)aIV|?V2SDOE@)4@d0RSgey3AYoq9lH zRk}^6;!($i6F;N*&wu*8tifT{ps)1u;@X@>1MWt4Azs|HM!#coP&HY?Fn7Q7wSfM| zn7a>m^jEA4eU1G0z4)&>6puDsg*}ODSm~q`vvwIBpyU=Z*Yp0A8lY0FSQ}kq<3#yO zh6==IPUqNz=D1z9rqSUhZ2B2)7ps>v4LGv}T!o*sJ)b?zTLuS|to1AKjke>dVVhr> zsU*`C8jrQsuTsvlT+&b2S`M^C|&sF~Vo2C^aDi1dA^|r*2%Uhu~ zPUpH5f9*fsmZRJ~SNMsST^I?~56@s8l_u*dL}Tctn5GiJw}kTL!lmWKNG>j>uiVNsv`p%FSK5 zDgGZ(QHrWyDabpmp6DMmG&1@W+8AdEm_TR(?qkrsg3VSezk^l09~M4N-Uk>Sc0~&R zRPd$cp~r38miC<=Gz>bQQ*voV;G4R2Uxi=)z3IeVLw>wMda*QF_6#VZ>?7UB&1;WS zx3TP>en{|KlZIb|mMKu$c)b0s3YG)4Sl(Vp9X@)HeN^VruV${mjawdk%LqS^Tu_iK zC>Gi9KJxs>V@;U{zYq7n6WL^an;7J~cEF=8@pH*}msXDA}UD($H z>!kXRM4Q(fvYpr+uj4cy(j+eWkfm3h5*7L6Q-3YUlENe1Vih$d`hGPWnI0IUs|DTt zv?o&Q{U_V1<{CIq*?Zvw&J3SU*rpd7T@FLJb#K(79~wF9zh^jh*4807_kI1xLwhg_ z9`Pp3xA!O+#@4CkSZ#c-a>sAwZk0LVD{Q~GIw6_btMdGshZQzKAUULO*n+3bwQyU^?Tl%+|yzjMR``uVB_lhL=YYDM1-vofuQSS#;`km_r zGr!{XA8I{<&Jmw}9d7-6MBr|Ej2Iq9rNPT+-5FR=t{n`l<=?{})ikTcv~w4yzvpSMik@;EUO76(hx`uk(x^^oJudl%E-PU#*t+I-M zs$|YIQ5WXstL)$;6?#)8VCr!G`-}csmp9Iez))LhmHb&j;!bjHx}gwM>+pS<#F6T4 za}V=Bk}=VI?75d5xjxWw<$_X708YdU-|tdI&%pxdMvVA?aSB^THd+V22m!y*v+4zY?kG4)Q2#cv5613ZI!Z= zi5SjyYM0dJ-j?$@;ogx4T!qP@#l*8%YW&DIXsk<{DT7O)$wtbb2anQm#8JUVIKjDh zdXp7*=;xK$Psjf-IR0Vgp+X6yZ+%P`{(QbpbRcW_0R2#hwf210>BJM;n%{lBuqhsU zP_)#qDUB=sKHW$^?S@rCN8^kPKSXZe)kO$`r={+Q8Dm3b1I`aH>n`xo;FhOw+?6hn z-wq4g_e~w0Z2rXaF*m_@AE<|ZRZ)9HR+Ma(+3hS|=5tQ!>sL-9XZu%aiqiy5WQN79 zettnmi*v@ezk*ZmHJ(^Yc2{3Vcq#PphG@(>gKaquF|&RjKRmvXbn5K+&6suN$C~)D z6hC4ubk1S(Y3gmS8-6B-UZI<4OT4O^*(G)NxKs?yCeLZ6J$z9+hDd8{d2K>T*l@t1 ze+jwQx_Q!Lq73EJ%G^!I{8{76`V*I8M!CYJU_%o<6{0Tru6ao zfLZARwb|ea-H(=f(Q4sMAm}j=rZ}8*y~*D4GiV{WSF( zG{RCjBWFVBc}?36Xp*mG$-BIr$5*hOXTst#3RovfHGT)})hg%ujE`R;l4sbN>*p}` z_my`g^eJe!7q*&@`NyZ&Q)@d{I13)m>hfJ1vK9)Q_S{b3nu$K$=Ud;!+iJSJ6vEaL zb#}in=Fp7l*`b^>oPk?;cUlG4XgqE41vcvX0log@7nYsk?w6NuXWZ!2pXK=JT!BkJCkk$+sx8VZ! znu2Un)qi9wZaW`)nIJ)`6^0iy#JbC1C@r!gtubb76devNi3FJjOOph?ul#Nb9ZDN> zWno&iV^NVqHd*R3sTdFZ?;=x6D;oc4{g z&H6)sUHz-X=SjJ|7`swDN$h@l@?XyIFjA0&ti1WVJ0yV}25-JM$-ay%CaM|@eV^6yb}|Sc!~cVqyO6Q{^nwcAuFq4kT{?%e`fQ4u{3{2bv{Ja6$yP{|2sy5 zVwQ0D$L1S1sYYzMG~`JEodj=)nv5a<8mIZXA2OBY0ibcsi<3~t4iLnG@>%^G9My3rQ}2vgXj6;DwJ?hbi#iP!Kry(pDXOf4+|yv^0{9 zIQ>`kL}1qeNMe=TA>qGc(H9MZgI9>fNc|AjL3cfQ~JDl zEP(ab`+4e5nerZA`rhO3(}lLUr_8lAigk_Nh|vD13M00RV|mV{6d+lHlN4vbqA~~L z5=xI2gE{IPOc}0U=60)Z1$(R$04@&q7Ic9A7<7IwnhRMKjwlU6u(_#8S`+4-@n?^~ zomc8~vp|;fGv{`+L48UWA}j_#*SpyiELSDa&HB{c-5T5j`(g@zu?C00=m$zDap<^h zLoVr5@00TXeeLV0zyC+Tdn93WJ_q(yY2G&g+HFC*Do;r^E7oI^S2h3E82D6FP#>5A zmZbvdX?VmnG`efSZ`J+%|LW=5t#}G@+>|$LSDvMH*M402Y);0B6m&r6( zOGtyQXz7r0-PW|pamiM0p;;wLE-4c!!Z2j`*RGLDa?_=BZufNRuK9~3Rz2bW8 zC8z^O)}pW?*Kxh3KzMO?Z^%GZJ|F5WHdIPXu*Vsbg-86=etI#yr9ruu0U0`f-=7w2 zP`^wlo6<2Nmn}j7y9qe>UMOffC5TtdKql9{JERjBmbxpW-w)!G)fm8cI$#tUhPDkC zzRkPPanrn>Gvcwf|F#>Zx(&z`3|0{ zZqR#Qvb_>@RhpF|@jf$%XgG~-G=f3I6hKs!69b|aJ|fz74 z`NA{EWP%InF45)F=1ab5LSj zx{P#jvh=3LSNFFviTg1jV(}?stXeK&81e)*EHZ<20Jp}CMN~Dl^R@4OR9Ao|bIy5Y zNkFxr<%Z@#Qan#A>y7W8&?b7C4!x}+adaz$ERA9q8j#WQW%uDKeSKjjT7V5>4+8D~ z(thm1Yv7u*)74ERfLIu_Ej@`xdH_~TkvPE>+gKseg`^n?Uk*zyewgPdDeSTGw_clq zidYf_TYC%a0M8X`pK@Vz#bN||CvsOzG3ws#prLQD>r&CJwl<47{Oa-0RjukHVFG?t zEtq~k-W20mbutk=L-fEw2{37;x=lQpq>7s-GwFmh3Ax%SFVKIx>-V4c_Z~%@T12H(Ar-^1rWx0h24RG zuk%>N1VUWeAqNqf8i5RR(cVLQWJ-#FiO7(IDPec&W32xLYdE#~k0|LzoE%0w<4eBH z>*r@qwN)+Wh#yxR4!>USLZ`GO%Q9bxo2>#k70Y}-6j{bD=j&0|QkmwOL=b|oAh(8W zO-sKmA+&oFxpHaMrsz7TetoTE?%=e5B;mCRuWsI#saWwddqf<35JW`wB)bF*lR(kHd zr{0cl*g^LN2;55T)RwVGffVR7uf#H>u}~i$70ATCZR|+#k$UG|=!z4jFU`rAHG!KU zGraC@f4k2+i^7tKICDe;8DR}X?zI_XByEr9`N6c$nTIulE;th&8>Xr(YkE}AG6)Z? zoH%*qn#B||OTCwK2;Ogv(vVHN`nbX+LU8TjWTmFxt3%_TeM1=ve6c~kzqFLW-B*8# zcaAFwfkFgwXZGW1RGpju9QRbniV`ViW z0?9ptTbPE)Ya@x>JMn=10T_{?+Z$YzOu)Ap#6SCd6sG^1fo!<_ zB2Y%N?(aan&;GDAkVB>QAu3kpzc`no)wZ4u-yp~a*kLP|vkwTi+^?>=rngg%ACD3x zic~IdFfnn@*SwRp2m{T|7;#ZQB#Gi6jmC}x19J$y&;TPCm6ON`vz_hF5=B^DZHT%K z9O@66i*ixgCY?-$mL`V}L&ZTPrcaA(z=ROO7Q-|c+sM)0r8bgQ39r~*htA345(yYnR5`czI#;WUf zbz5I5a~FFHQKnr#|ErraZ()Ct Ol5(_nwX52}O8Ou06wbc@ diff --git a/components/engine/docs/extend/images/authz_allow.png b/components/engine/docs/extend/images/authz_allow.png deleted file mode 100644 index f42108040bbbf9facb9fff0c320428323f061e10..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 33505 zcmdSB1yEIg6hBBjN;;%dQfW}S1ZgBh8UaD1rBg{Mr4a;_loDxCN>UIMkWxZGLZm?& zY4%+8xBK7!?9S}Y&d%)4ym98ryZ65PjdRW?&V8hn=q!g+ci8JxciMc^7!KkZ>@vJuSY|M72eJ0*RBf^rxl2wv9?-oiI(lUN6 zFTW}e7?N}zG8p>)$&@ceomwRb_4h-s%3R0l@IfsB4KM!BhYN$k&kUDM4g>j2Tfh;H zC||MCpF=t1ZlOD;t;3&{XH}UwaPy)c z8F$#SHy>}Q*9Dx^o2<#69lQG;Z+3qFK~_~|J8;3M>4C4MCgG9zOY@PkTYBQ(s%(fI zd{4!$4aQdJC#H>uqm_$~U)H-unBT8V;e7}Hxr~4PB?0TMq(oj5kvgBv7d;u021+rs z>~>!YVoC%_c}jH)HAA%CJk(o_6v27QB#zNAf1z_slYPL`xp4U0`{6HzTHRxB9foKK z=|qwivI5PV%p3jmP7nG5JGzTZYVLJ3>{VKIPQ==Lex}Dze6uL=aYXm&+YvM2L8+tF zs^!|6gN^&Ye|^fn`Y=x=;le9-ojNz`nk5t~IjJ?3o zd3weAucUs$)B9aCYpBgreWGMPTv9aX`@GP!&MjX@w()N3Hl3Zv{`_<2uV1gVhG4OK zE`LpARVFIZEsX6+6ISNb={#}WxEtZ>MzTBPz}PQ-v^!!xH)LR*EFX66Vy4Aqs}2J9 z>VO)|qLe8DGO-6as|I>ZH39bS|!itj*|`F#IXAkVzVyWC6cZ?&Caw%Y;ATj zsSmx5OzTOK-oHM|o^BGi9-cRKuXCHbu|}X3VtVv)>6}}T5L?W@{#If z(FotI^;#RVUKO?NXEw`t=e1@}fA+iiY|Tqb{VC6~;fKfP^&WgFxE}MSp5Vdyw<=|Z z^`YVv*M=MUY8}<$Yp<=lC%SwN=2999+QjF&Q@n3A_zb8_y|z|Q7IB~NDbq+3qFL}< z8NQzHyE|kMBj)tw@p!!pg7rBp&2*6+%F(#dTz!igB{D^8XQvk30Ps<&+?rWfmv zT>t*A=CRgOp0pL18l{FB!i?dGGC#VJ?%z{^&gou9drk&1v{#~qJS9#DB|XLb58tdL zC^K$8tJcnuFN3AIlvidk&Yg;kS2-d68-EYK0Lh3TvBFCwkJ5rDLp_!T>&ncV%ZQTs zZjJ4?N_nlOiq~;d=S;oxE-$v}%j}4oJX&vFH?F!Hv(gbmcS-9+A%dxAXX(qkjyR_E z!@Y6mTY(4N=F#rYM4j&?$=VIFvC1gN(w7Au&oY&1$)0@GD>c5tI+<>EHp&v1r)=!u zDB?7hx3$Bew9uR3&TClFvSxLf5V$j-OsILqVff~pJoVkr&*sLO{NFjWN0Nr~*5@XX z;5d7=v{Q$?+sk~j_3KguQ-Hv#5(7!V!5kGU z(c0n87cIJ>i+Zn;B*Ir(&1?O3UvVowrnux3LBwFXSn=YanD5pdDha%gR1D}0lfDZK zxjhn|%e74qIff?d+k#_o+p@{>*Uwj!S#SKE>CpX@w+xo@yLjw_YNv618wXtJ zADDLK7Gvy!BQgZ|1^&^GUD^auTsyILU1xfCI%63+hz()=MPo8O*a#+#W8!wlRa$hN ze5sQg-LQdaM|Af#?Pc3|*Tu=k`+Oc!8<@DahpwK*&no+!ot{XH?ZU{@u^OhkPq(0Z z_8eRNhAl+5v>VPZIM}%vqa(i6&gn2*QkE5X`c3S3HcqzwZeQlw){ev?>8)?Ctz+Jt zitWE<9X)*J8*qBCp!AKHN#?T83#$}u+yb*E$KU6f95Z0$7L2YCO(b2^joy=cey1mO z!1L_XpGqRHKBFi1fwSk8!Z4pQlN!xi3M%jJ|Gq~hfiWM?Z!VK8Dy0w6Q<#X?=ym&0 z#chQVhw{b(DKsiRQx|rvOw)X)siwvRBD(rE{MHd))VNve8+FU_6N~ZA(!_~MY4qL! z$vfvdObHutiCyOv?J^|2MG~(+7a`1$vXV8Wd+RVF^19=NT;n;$np2i^ad#zn0Gqcl zZ&KZd(cNc#h=PbxJ9h}?kEP=d#-=K*B0Sb7Z!u_QO4apbN}H%X<*{Sq*DZ+lSRK`Q zb+hQg_CjAulmAf{)9D6|c))S3nmarqt5XG?YU#RFob+9aN4^f9$=yHWg}DrI3wpkn zAP$Y86FoQV>NxgBb?t03E|B8Qr_awt=iaS1J%Qj#Gh{#6P*=I;gz0`7Cv*5x;*IBu zzFmKIu!TQfQ{~gPp2gK~RUyO}^V`BUy^eRjy->tAg6$JcFMi|m_co%Q6V~aynr5HIj|<1)Ci`vSV_RZO*tFRQxMrAXbU@*JNX{{_qMePtrDJ z#Way@z&_~?K_){`9xh#g?Pqk$xa>eNe)A?r`i={neHO9r+~yuH+c60>z@{sABJ5+0sLQS*uS(xNu;6 z=9PivGHQTP(yL^m)>T2;MHOFq3_EJPqJo^^ozr;r#ch@!=ehO2>TMpz#Pqdf$j+jyrz9lD+@x}N`vdhSbjvXV*gS($mmt7n z?oKl_GOc>czettzzQ?LQadDbPGeg4q+HJ)*HZ5vPa+vK5vRi&^usS7uw?B)1*Hl)< zdrzDYp^VNwQAx|B5k<-SYLMe5XAOb0SE8}GyQJ@(HE+@MT{Vr2<>6B9G$HF7B3A5; zdr!X>8)z+$l$ZYybsS~(YftaDH8Wt$Oml8N(cfDeFZ?wsr!1lnPOvO+?JPgVjLh^4 z)II}+A7Ln>ogA4Nls3m!^48ibYiq^k@Dw_`wlTGWY*b!0CJz3a<32x^sY#UBiyH5v z4^@+^)n_Z_XRq#2ZE0M-^O5Arix0flsJ~4sYn@SF;8kkOS4+N8xc058liL6JwqR5S zW5)A1ocat-Eyj!bC8_k%em7&L1?mTWX?lniXlB^o!E)UoxGO0Y=lg4Rn5%Y;bi;yF zm^;G@M#XLGr|R3IF7EP=6}Q`VSUer*yn19O=eICt;=dl!cA)A=9UDVF$q0Iec>jb{ zq+fHh_t_Qo^AY3IYAJlYB=@COW>(6ZMara|FD%>5<|srY6*K8x?UVkU-mp7tviy*U zu>duFrDZLDQTx3@yr{F;?oDM=a-WXSUn+b?udiMIp6%pXoLT4ieY4*>m*A&Sjy%?G ze1S!lRzi}Op!xkVM&~Km0L}*jy-g5E_nhAOJT~%8cVa zEyPu_oM>uf2&i@Xf3JU-C+TKOCor-}tutG%!ZlIv zsqSkLPt+HmDrEgQiAzVGh)KrLV^SbFZ=5>!h*$#nHh9644EIOCy zD+!cKh)mT)TlvjNG=SE6z~8 zd6tLytLtMjcgjdZr9IO~Fj4CpgNn7pR0k$6_5yzo|9z)GjPzV@Ih*SSt*eg#BQ(aw z{*KXkY{nL$*Y1+ih8cvVp2~DROQzAnj5wE){&)2v4)>rS?fXSs_irwB&y+bg&+U?< z8;I#QS%pa|X&TaFQE_GJhYJaq$C3uHVJIcKeE(r|U=c#K*OCb}0NuR@CAcG63>pLx zwqHd@{jj{?rjOFinuWz6-GN+ubRqO6?xMbOYl zI&#%gzII%3JSlZ=U}0L_}3y`&iFiyC%708ZdKcj z24t-P_X)YrYwYqJESf0blPRFBhjku}E0Fp~hlW@>E|7Mu2FH{*s+^lyQ88K>qC94PBvBWm+m+x+UExs zNYH^wOnQ4Z02fzoagDYsnY*wI-;8e0@oGvpJ493bw9N)a`EVf);d8sY)K5qhL)~{O z$F@pD|6q7I4H&h~Yr<8Df2XZdEl8fJn77aG$sd5gP^=eSbGMmty`@$hu1fFg-g!s~hjUoFIQbmU^(?UwWHX^d8TrMD`~D?OyIfx%}$H zeWAB5AHTB~0?wV;j+mK`&wNi)S~h0d^zOfi+2!=z`kBb0fPGQtMd&f0fh8=yuPD7?G6Eh8&-H6VG!IryE(U%CR4zmYV3DA;Lq+x7=Vo zB$nBiJB51mV{V+xtI(59robeK)5aTd!BGv6>0Ud26I%LG7}r;SJyXi4H&dFs&V6Ao zje`QGzv}l6U+4w%`I(HCsnb2tIq6^=>+Si^Ti?B>J`EKc=oM}NoJ@g<=>mMynAKyb zOeTjzY&lwPF1y<-27s1rM3~}igema2(zW!5-<80zH+H$#nr;@|7|c~B7QO#@M6CA! z2!*5?``zWCLvk&rv!q8L+O}18J3ki-MG@%PTGiNZ(=mwZo@9pFMVcmpW@O@ zm8QdG?zs+xDConN0XUNgB}4H2l-6&k>7hqaQBO`!j=D=tYQ7TZR5|pFrQ!9Y3Mv3Z zF9>D)avzXS-4^QE7ehNbhOfU@!vh&d&ir)}MRxEBBm zOfM5QP$DoParT$c%k)jjH@I>d3bO)?`ycHR0JCT-hw=MxdHVf+?c_1Pszd!Y%4mbGN+^T)5@xJ#^lOgAgs=L>X zV6TR>_hrfQBc5a1romcZ zlJe31w)^vm*7BVn2lu;H2IQ=Y3A=F{DR1=LKf*VBfHlyYCEMJ5r$g{qSmEWs)t0!W z;_{|fdxABm?c`dxr|6&2-J4b7)}d}ZS3oX6HBn+D{0*oEHDJgLfH9033y*Kniy*>K z@W7ppIOlXQ?%Yh{6pE#nx*SZkSX7vKV~t3sV8bNZjb|;)7Tp!uT{gP z;nL?VjgKAj?tQO!JKlG_f)(aK$Y)r>&|<3*fv|?jm-Ox&?{D6CW2>|Dt*S7I@0Kx# zW;$2kej5`?_WeA`$18T4O!(u}pIJQ?`>*;dTqB*f*L1}Fc}B}n4`uy1N_5K;k}}T7 zpUtPc{8=9?{m^yQUEbvi7vkW_Xl=Mnw*+Hes+J4JFpI^e3R}S+SqJEvv_P@j@rH_$ z)bEthuRCodSM(BPoIATvq=hy^eLM^}!N4sbLkTZ^K_-2~e54Vw8*V&tlfhQ~GF=Bl&HIsho`9;QWU#;|J zNM=Ud!n-vKEC1$*8?4A%6*R3?nwdxSB+j0WL$8uw;~XppNeq?UGWj42b*jYJ+`;`< z;;CnW@uTC;c?qgyBJW*K*jnkwGwstzrIl1&%6~jf)W#}t{E*bb8YgwZW&IhZk`eVL z5L0q7lb<`MuL$7OE|5$Q+Ej3$H-;P>?yhvnX?(WuFnDXPC;CvZUO8xmo~3dGS7~!z zyV6qeZIn;#LrcK+yU}6s zL0U?9;}x?-qZ05$H}5YGoSyaKey7xLYi+L?Y#k88!KywCgGF%2QsH6i{-T z*!U_Q0816}1gAF~6>6eSCF2E%IRq9z0lPhItW-#%tEEaki0Bn2_LpArDf!fLi0cKGa@n&@aZYG!W=499G?qbYi&siSU9mD?Dz#Vx`HOS_4 z%C;#p`LiKBW5dy}cLAT4%{crHVWICle~PoFjwV|`jc&CoX*x$;Iqmn}_M|-Uq}Xlg zDZjbdcg5fjN`|3%3VG$Eqmk2f^=9L_k{KH=g6*6^MIt^+0*CD(N_|1W7?g6BW7zn; zBs(`B@BLVGmy*<#kfE5Wtzp971sXD&awq(PR-iA+SowQvyTvCHIpxddO%EoC1baJB z@LN+?XvJKz5f-adBdohic)FAHch`>>9sc=vShe2--pk`)@cH!>F5P}BrG%T>_n}m~ z6?GDKzDHbxju9i(r2Wk~ec{}gnZxjpRt(stb@OQJL?Mj9VcWEVDaAG1H(zF#nMaG= zez@QndcTx(qn|5$AN6LOv6(!zZI58%=d@<{!S+ITs-V@)1+6$47Ry?8O&sSq%{@or z43Si4sXFrQrBrj}LLsug9Y|c%*K%TEea9KFdnCSz;GVpyH2N&ansT<)Gmdlew&wZY z54;GtC%Ls^<1lKl@unK@6B*v z>wG)yB*9;FHsTYq05SdLFjni)^hz3YI19@dJetdAt1e74VjiNe=qt$rLm#F!FrLy3 zVDe{1M~M6EjLkf4Q()hSi?T7aYNa=I_EG!Fne~9o#UXovn2J`v2_bV&g6Aq{DA#hGQFQ3cqgGs0lqk#UzE0=&^SHJ51l(HR zOV(~whS0b_p`L5?d=&95l}U=M3^ok=jJ2HdUb2Ci4)J>HV}H{rA2Z2-$R}?6wdFz? zBym_yw)cI`j!*jJZ8u5iT-w{5TsTohCj~S;EEPXgdxwbXz%f5SNT#hN%dBeQCsmb+w_$8FC zvZ;Bh1P10Y|BUx}{;#bf@&e7}Ij^%0LQ~{~q|liK73HSMeC;hCM-{oR_IQ1aXIU=8 zZ3vEU4M53%56J253%FKlBlt_ZbtfXTpr7(b8K;lu<-LYtU5WLGoXk1iB}+w&N9bRDTo z5ZMMk-g|`}Hfgq|=%5PnH?u0L0((&_@bJkY+eOw)M>?Q)YOd=JX#e9Ha5K@uWPI*Q z{YPy$Dg?tPdFb9M+=)2xvr>yTpYQ+5B#Xv!DZYef+X)j1R+qUV!t2?0<=n;AuSV#fLT>!vFCk zB5-cC-6dMJf4Y1td3HZeU$o6%4L?4}372gtU&PhbwYrFlFoqtzfuVcOO|eYwDTNS* zLIhE=_L=#%AFk1MyQ$JlEu$6Di%2$i_AM$JLW>k2kCXtx#a_NQG0MlG4orlTRq?m} zwegzng6q$FbYjP5_)&SWFXA{%^PmV7RTH zg@peb61hbfLWRC0@qfb~WR0u6$oqxja_B!U3Vwk+lV3qk!oOo4WWLi1vRVF{Z$FsN zeqrm_|K^JZ=BxWM7U8DiG-#A=Gw-p?BWSe#{JiN1SPR7I+Du)~t`zf_)(V(a`xKi^ zHTmm3DAq4!1J2$|7D|wW&{)-mO|WjEAMb;aX?{tsMuz8HaQEAVPq&x#OawU<25q*scI(^@%wuvnwHPk zyMYMp(Eqzc^jTrF45NO2Oi(yS$@5YM)asEcxysRCE?9Y!m1?sPxBu9kd>{RyX*$RJ=;V=w~n zgQXz_7Kqx>-kSCP#!SeA=@>b2i58P!D_pK|lT05yPP6;zpyGW3j`eG~x%u9&@5Q}# z-|OF+Hu&gBc&)ya5SK6y_{&kDfahbPE{xA#{#x|Jt+cJNOcp>op3&)~P{>9sov3Cq zPVgS3fPHV$#V3di!Q2b5`^F@yC&sFNrt$ZrZrK@PfT-$|;l{)!0KikG0!YIe$dk#} z9#QYWqR}Tc;3~(sh?_3yt%=BWCx^Sb3;f1!R34oHe) zDf#A0?W=x!s}}(cCIQEz0*DjqfYsu%d9gmPxe@Iq2)x^AoU4-HJJ_P7m+(*l%)~)* zW*bVxAc6ZqhW4is2VT5fEp8rxK}XMsWbpC9wmJaz38K3n<6E6%DI~2rWA*r4Y6laV zWrIiN&I7;U#3&nJ+M6!UYAE%x4H)7ie5QLl7+B{PZFj*~;9BFqO*FBEd%9JEm@k0a z@MW0v|9#7P1=MUVL>IL=pRfjiNgdc4MQ@D@H@NUwAQA-&kWEL*M7!jsU73HUp2WpM zG9!15vHFE>5E=`=Np*>7quSDFdf?f3slCerE1TA7R`(K!%^j|d@xA7m zh7WK}K;6nN!2I#!2iQpXI(R+D_*lOPI6HoOt@ub16`3MeYsD&(ta=sBoWUHG3>2()v#Un<9W=R&y`o6|)3Y>ZMdL&KSpw0!@o(_7d~_ zeUN;M75yWKnVy1wpm+(hcDphr2sh4j$Su zWUlpCx`E{Jo2ABjh(-r{;%4!dV4#fmFVnXwMBAreE783YDi(OSR2X81S#oGzX&GkB z8~5;Zs~tm;XIX(}kt>^?=Y5-qJVeQ#;H`N=%BuA8MCCYVR5?Vb8`4@ND);1U^CtTt{3+)2o)1YD_hsmm*F_>#8%qpf)a9ROVz>Exf(6F#I-its%2y zghTU9B^`#XE>h#|t2-t-$z%|Jr4koo!86J@cL`naWvG|idB}pUG##g|f!fyEa zGl?GtkP>7({q92Mk+ASrhE7g2%WM|QiIC_@;)Ef{x&y9}n{nQ``LDlee(ZW;P! zT~Iv7{Y>RKlDk?sAu4NKmXgDG!8m3G8j8lB|Gfvn-pfI7j7|_^K0(TCtL=~d%!>_z zmR0eNd}PQ-;PFD`s;G}hvOkU&mfBu~t??dC#}l@EOwHONen9QuqMw4I z*94_t1N-i72y6cmBY=KS>;)gGr-=Y2+*5xpWV2OCkvA#a{F9}RXL13mzqmF5Ioeejwbzv!a zORP*Y^HI2jBvl-V+}9$ZijdD{y#+AoV6(&7k||=Pp4=hP;y^AC1$ux<9*evk_B~Q=FlRMv_e#D7 zQ<}K@e00JI1o^MHhd^>DnF2kIgzi5YI(W_yD?@=snk9XfnClA)UgMiWcYC;Qz4J;2 zXIPOH4iSAk1S+*^$8UMS$O?h4sLO#U$N*73S6I!w54+S1Ola{jkoG(;mF0c!jaOf{A1MQy$DITaNxFbn z{4nSCNLDgNzV0fLU`3!9sPV=06ApYIiidE)zCRO`5#ji$mdruB$!j0iMG9b8)xi*u z+kh_7nkjw%4v;}x0AJMsyz+r2kPIx7dahDTo>`-xy(ZIznXc_6^LxU*i!o1`v7U9dTl1FppX3(w9qN#^$q>dp1vFv?i9Dq_F;vd+ zYE|FYk0Y#hE$<#;6Ou*0fRs?I)B%3NsLh?)nyCO2u!*rlV2_6F{DBz{}?6T?*{=(?Y6CrE0i-r~1*|~45yD4)g zCy@O|h;h*>_gST`dh~pyPnpZid!_st#?Hlkq>v`HnGB*EHxJrhjt6m}F7T|09@5Zt zycWgsze&h^U18c2{Dfg3)@ZN$oj@#2Cu7@gg<_)U)@Ytjf=qhA*~JdjdA^&Il}DVGscHJNl<<5KRg`pJtkbrrQ`?!w|gZurWiIb%~-%S-a&jnC+e7}4@N{5~8a&XXnA{6N%0lmgbGa;brtR?`OY z7R~Ltc`MBcB~Efe4&fk8kBNhr8H_0*850G26+& zRQq)k6C#EZVn;N-De8adG1r?V?q2XrVZ^f|l7Y|5gZ4OV{`2!AzCwDnI<^1l-h}OoKVSC~A=lXSff{!~TLXcYh`#bNG`ELc+ z>GYU)gHD9d07WLHb0N%`k*OJgd% zHDn;x(M;jXcmUbWK9o2`YNF22x?BM=*;iX@xBuWaEIJpN;5%iZ9O4Wu7JxVH&(~(m>oEj< zPtbGedK-G>TSS$-3@W82u zHc?Ir!!SEyXrBNANiPHv?*O{0a8iyS#W>`D*euRN$S;0_T6006M?Qe`$e=@|9|Eb1 z2C_`At@7}D3>5R04>cj?pUV6ZTvo00s)?hzT+}g0Mvgi-J$+W0nZa6$y|(jg*_GKu%Ccw94X#Z9(Bi0B#JU;TKsF%Db0np~c00 zSoV|TZFuy0ZtwQkK7uTQ`W8dHzZbE@yku8dfe^2s7T(Gy|w;FUialCeF^!i^` zC9Ou^^T=Bq0#hKyf+nctcee+|Aqe$e1J1tN(leQcn#L|1m8^0y;wE#Ug<9Z?ankN1 zYV^nc?b=n$P+_t`uHr;z)M7_}EM1NyuVO&9CXHdXS#x;WtGrX!V0&9WgPdCMJS&;_ zJe>GaMTiMb)Q0axJmcDqGQu!kwW37h)`Y24g>hCF!H;>(jUIUd$!gVJW(`uJ3p3mq zlP+2BF&}!Q^xt_5gHgN0dsPytM-cQ*0CRUcsEg-6JbDR^_3iM+{^TE6C%2&zAjZ6T z_pgdBhoO()Q8o2`BKXb72Nx5n3F>Si^?%0|=ir`t#vxuXjmSri8t`WuS~4ZS)}kG!3I1kAZPs)4rW+fW;+P$TxR5b zglx*#rnTX@BSd(Lt(`Ey1elCa_`LFDSUq-YNE-13)%zi|qta}TE zVCc60`jQ0-ia3L6h6|Ywwp7102R1WkKJ z9gKzhEg^?!*pqjAS!8%R|_l@Cr7_i9vp0`Ld!rNuuZQab$e>A442M< z);b6U+R&$ggTuo;n}^MA$KMuW;>x!G*Z()cv8k;6;0>8Gj<|m-5UL$=eIk-c7~7&P z=Ke_xrO$|z3i{=__BycSbUhEMbJY-S_&s^QYd7$4$IchzR_m4^bcns@m&V=}^MDuG z}*0iT@*tzpJo`VH01tbStO5$b2YdQBmg02w+O$lRvDt@yG zr>O=^Z}E_3sgCze= zM_!>MU?U-fVX@V=Nn<0qijlg`r}N^PHv9hySI5=7ai!V=AaQM)?z$|ba2seQa-PLi zZ2(rae}?9}6y^a~&Qf8t9=ro}o-0quPQU@eWe^BPprMAq?DLy{SBUra{B^yCdGbi! zmpC6}NN#A5^I>>=kBH*gW=F>%u?5?%afU3EC&9J~9|dh>?Z0wekqv|z^U7fplt?^g z4Teyy723!2VilY#(8?;K{P{UuTo#vXLL0|Zy202eh61XP1BI4)IIbm;hGt^~io zu$J6Nx(n}@aEpLfq=7Dp|5NnRBqh}yHBC=|UCntT8MMM#Tc z?gbM;k;NEV@u@+HVUB+HY<9C$r5tJ0p*FU}IWC;2jf$B5QWH_%wYMX8pcJrY>Z5P@ zA?4hfMR?k^X_Hmsh7prHilg>;N&Y%>n!1*8n1l`foGAE95o0a^qtvLp{s4s}+4S3= z%|jLcQ0~4~#!l|kgYB5ri8@`gz?0oP8_IC{hPwTkjDGjMhRpY98ActfEu{WZY|#*1 zEAY`v$Pw$qnq}GRC#?5PuB5O==l4s#pfSQDi@c8Evrk+=u}b-7bk+z9mccz(1}@}x zPh(jHpjV(~p|ef8yDyO1BJ`w#&N;p_upBRtO17PGgbWie^f{VyIlk!a`E@Z2{^nz$ zk^5q0dTqKa&h9()Y&}B}%Lix@S^-ajL^0?G{&TwFvZ6OKmxF2JHcyz*la@e;iV%fN75i$znEaVs$zJcDnZb%vPyiRU616bBVK)*X0A z3Pg*HKr#<=5sGU|mHp%P6Nvs<6n;`ENH!p2mP^n=BO#8+fJC?&X@sN`9`gRUcQMx3 zCHFl5VB~gZ<-?7{Qqjz6x`%d&?pZv)8AIGtsj4ub0SW1d6gT4I(S6*w6I}7O9}uCt z%Wl1618d0B5)$Q|r;e1gib#%W!kf;|JvMxZK3TH?T>&(Dr4nnhv9$xWd>9EPk5$e)E*p)0&2r@57@=53QDeeO?!B0Z@7fV|NVx(r( zyc*SATnqHC{O2&FWVX<&EbKR#{*jG`j0qHI%od833u~Uewbh3Be^O~M7YWj#<2coH z3;3f6HGXhz@qowobR$CcBNza_$13_o$TQjf;EDT_IU(#L^o>vTRY0mghLGl`tzi@A z4^eR*s4$tqb|c2W`PT~fjs1|?#^(7F=AHE1-$N47f1iLE_As~*vq_Dx{-yE_MJVc{ z2xk8)4Tyv3MDKlsBzv4!(ZO=A@yb}R{-4=b!OerBoR_E#L-4_WmYoK^6qYwANUon= zmcJy z4nh|?cPcyrTZcA77<3k?R$6{QW#BTzn}fnQRBHV%r4}prRG9()&kllYBA7;s%$u85 zzrPc0wURJDS^KPSZv7)2Y+U$eG|#2)dm(N$1RRGGGnFk9tYcFz_Sd>vc@i8oZS5Gu zA(kj06!YQU2#cLj%HDkOe_LodENHGUhUqQ&#H80+R4Cs2?=0#BA0ZiZYr?(n6Zl~6 zoE{$tc`RzPn<1V6j_c33THC>CSCtQG|Bs;zaL|x1*uZqRzv5HzB|*m3x=t$RLd9d4 zjoJa=3kdrB(nxvMrSU02=PM%P=Ul@}C%dGebqVQs6S8PQ3oZq6Lr=t~`wM-_s2>lI z!Jd}DAh7Z`?j(wN{j&22L@K;_Vsdd`59LSMs34L&- zBNiczbTOS${1)A{sH(I%2Dvo;?D+Rtn>fU;8IND(r{eDPwJKRP?;V z(5txw-Q(}=!>j?C!!bGiCN)mBG{}--dyHnf?vlI?M8@ZCtDA&WRpN;IZB5<-8WQYf z^7gdS#aP6MbGNcJwg_oGt-H4f=*~$XP zVOPhLpu70IlT&fC(2Np45IqN%k-oq2CSRO;zNkQ7jt+fy8vSqcPc}>bt7+x0p+OtX zaD8)-xI^gsF#PU%&y|V9_xW)Hvey{jI}uS=${sG}s@(+cW2JhT-tq`)fw#CMbIzj` zR{>b&Uuy=a*|i23yP10&1g#9onmR5klksybzxC$9?D(T@d8U`&pe!9BoCVjwfcKRG zTWA=6>3HrDR!q|}y2;yH;W?Dwrz0m{5Gqvtsq)EC;Cf;Oa#%lVi#c=y0|Cj*J*ni) z(6<%MBy09-s=1tU{&tzP|KZMHgRlD>FE!B6(^8R_=KGYP9rL-UvwqY}JpZ8OCX?yj z=$H_GItZX~k z(I=wt>X~c)Hfphw{{IQF#>x9F>4wc1hJg^?$4M)?S9F|k zhI6oW7a7JXN+qiS#;-xC}ooJ8~Jcp8R_oHWF(nE4W0_qW&d{U>9I&BcAYW z|6yHWGPwYgD%YVKO8v<&Xn3JdAYZ3@r2X}2LmiL?$6bUiKmKJB=5%|2(%Gh7LSwoEv6^&%exs3-r3b*piU*zhlV0kaOvRKKzx{ z;^oAkHfU2#@%`^O38@t((0DRYt8&@UJQ`w<`)jna?ehfKfM4zd0*mw==Oy)qX?cOT z$n}nS(orQ^)Bh6@UD?$723WV27{JhkILNo9@DNY(V=8{W^@inN4e7IR#I4 z9?-#v_x+;L>%3?NN&OAJT`+=lL8uuLAMFFl1)}B1$6Vm;5WBrq79EVYDhQZbw6dAk zF*b1>Cu#-F(lb~A1~Nm!7?uZsbYc?Y3j7Wdi628m2h zzs&R^xOd}0?mFns?1bS8LC6FQ$|s3IvKS=3g)!FzpEdh#7nGd1Y5wO0px`q#ber$F z2uWU_bq7e?BLx;uy-&!Pk)57=u=e1^s$U(S^9f+kA{=etkg$eo(krgDRdG z5$zv6AvhH~wC!@BFbYCNsfjlYw#$`^qmA{ z?q6Wcvax#qp$zk0f&v$mlw=MJ#G8|^t)nJAj}RjC7;N)Orq3?hwX1$%RQgbR6@!ww zg|rciHke~HF6fKmWB{*x6ztmv&;fIFq0NVE<0=|=XJvgRt2R>*HEdXmivS8uUWwaA zGvKm$IM6HyExZ?wmy<^U6_C%!o31Uv$Qhi6JYN`NUyLdSShf?PVme|NSn*v+MYXHp zXdvvT8!V=vFTyN%Y~g6Pem~0Ta0fa}KV!BPA>88Zh)N*X1W5y~SR2rMGiZqdCQrGt z#_)MRJ;a1{h$oYE0#8w7Y;u)aB&5h%Hw=PZixDG7zN#K%={!}PJI6-CjRe%e!4jKM zT40H-Q7KateBM z^P;SMk$5=`v2T)-mXSHQoiu1v7|#EHMtLFE1gci>;tr7idgY`aim&PBsjvV;{{&g6 z(C%iD?3KfC#*S2>G%^or4H#LKqT@@9s?SnL-vLexzSs$-GuRpgE zSac4MAd+C&cR@{o`e6>1b?D#qDKW#ZE*2fD0Q1;?1@_wNpGRgR!NU;b-Vt~E86Sd$ z--Q@@5f>Q}0MDJj#Kz>mlhEpqL3~xP|B{xHsLp4C3`gjJt607 zko^V&G6#x7J?*_I*e5AS9|7{d39wJNNQN_*dzKkizR<{!(96fMc|$CLFY&d+NcV1U zdXe|RpJY_c89%sp1y=`a`n@xFI>;W}!Mhq#0hm}G2^4RMSu$h;n-G8nKZOmtWNvf@ z9&al9&ZpV10lL^4wTc5@h`~?j0}1JEfi~f!c(7jFf;__suhOWJg2HgCQ1(Q%?pXq{ z1Qi5igC)VRpx^1aEF>3kZJ`DJyM4?SY}OYjXP^RKLlZgDD!puI zk+)JFE$5^d99$3QnqmrsGAIuW{W%R5V`@tn^~ zJg#kK%236I&^3BNE=TmOH*k(gsVtZNDRW5Mk!f?lEj&J@S$OY3GQ3_y6^ObyxVgTK zRo*06?9)JerLAM#f)AJ8S;&?2-sF{;4ob|+`%Dc#5LWQu&r#V!!;BDe~7>jS%CV8^sHR$ylQpr)kEK3G-f#I3pAit z7Z$MeYywYu<6UqPX=JIyy4>KQRpIugKEKBcfecHc%m+Q451fvQg$pcOTtQZ{zjL-+ zTz*LlUkc&4Q(%!Db`3}3j00ytcjWc07PvS-<(%MYy9L7YBPnq5dkJQEL5<25EZ5UJ za9`+Q5Fe0rbq%hLP(*Bfv&s4dJ0^L|Gu#{Xh1J}D zH<@%9uY-p!gINtIB1`>6!39Fs z_C*@}8qlvfscBZij7VI1oGdG8l{QoPJ9tfDH=Xa+h5eL&m2=@J%#1AhC?~MUFUQ~CgolF`neL8y3jZ^(1R~Q&H zJ>uHw0V6ySwwnu3<-EK|$@8@Rg=~q<{_%F-kd#P)WICgE;8&Uv2GCZ5w(;6a`mOF! z7Oz&yGh86niFj#ok8uWk3`r1RU(FgyMOdX`c4A1Dyzj(y0dJK3kjP*wgM`a;OLiGG zBy;{~y-64ASsbVrCYQ-IlngWC9w2x~f+KZ2T=WHK$6b;nkA*@ik?}kT!fCkR!f(ZZ z*+90~j-n&`@pzZG#(7Gg)%R!2`Qyc&;J^}8$y>t;i>oC!Q+C;cQ#s;$!py}YBEUBB zGI6y<*#AMh?a?sKB>GO?RAHjM^0`kq0(>H9^X)b z9QKOJv@EFB3(0aAEX>)8GJ-Xj;n_ZS|L9FJaDD$5GoUI(2O0fb+ajUmX&06)6|8tB zbRI^S0sg!;YX9b&5NefcD=5O7bh;7ae8vLpTsOu10kruHli zsaisyYN4P=Q|=*E$&k46L1x}K<2(oYeZ*5!_1*R@78E$V{kWGwrewYfzX?Suh>o|< zAy@hPbGR~0O377F-D145&x^qS)ws?Mc#uV+!}q9d@8}C2qk1fvP6rJ!5PXM1Fsc}L z0ULTV>dk14{ZN;)1S1=Q=~a+tNEGRIllser(wl4PBXCIus;oUbZex3L43hiEz?1#I zDiZ#ynEr~}a5Ll+EC2;(1p1{al+M>Y> z9?jRFLAoc6K?_eM!g)E(#(0CEw0(%A9X1d8G$2HW*N)-+KdRu^yaST-X4hR5(ATSQ z-%d@Fssc(5clT?rSuupG%d-uj-f`zRk5`wbOW)V$oB=Q`7Y#*sr{Tk@ z`eC+sc%>9#S~-N*%IFN{samZre12{KXFFJH8oa)vN&`K+zy>N4(Tin2p`L=b1|@*u zQw`if?C_o?q1*3K$z`|O!V}@WTgY2{kg_b_yUuj5IWQ1$Yap&7cs~a}APYSxGbA}c z*NPXNdY}tgn>9{)FO`5=K+c8e{r>=SgRdimYo`li0|R2c2L44g7y~O0df(jEC#5|n z417P5?{3~Lywu;v^pz%)Twnk_GZ_jY&Uy`Jde6yY4s>o36+0|eTTDE$47ozhjGqS! zS>DAQs8V>d);-spiQrU_0X6G(AgirkS%H7mp~C$MRu(r9ri#oO>vxui)b&dYS!7T5 zbEUR>gw-ZM!o7%3$)k;d@A?Zk(Zdoj@y^{}8Rlir1WM~ER5dE4#&45cMC}HzAr%`^ z#Fm&hn`KNv>!d2Y?^jg=RAXz>ku#tIg z>L~|WKLxh(TbVeA)@k$R7ci%UmGcsX%6tiZ(sEYz(dFs;236(`JPVMMDh?hVY->jV zM}Q}Vv2PK}I0tW9(VITMab7?#DB%Q%6tBl{S_$!6gEG=i6zz2!p}Swd^=;Gz@x&qUQc2R&y! zg&7ik?GGNN{4dpgbx>9NyEot_50XlVgtQ0>qJVTtsDN}y3W79%g0}m%;Xd40h(E4rL?|o01jPQJ z9HBRTe7Bo#q1o+6|LJeBPyb-4NOlaVU~$0E({7obO4A)<`oc-~UKfm_Ec60}z7q|E zEF@Nc;NeA9R@r z??quvcY{KgTmzft8jEpcC14E!a$dqnYt10)mPWOCY7~;;2!__k8W5*RE!=CGGzOq7 zukc>$mC2(p5{&-V-F5bnCuL=*f&>HTn~OSwFta^A9BIOkgTC8^qYY-!WB zhIssd>D;?leSu-gXfX7|y&7Dhh(mq~=sH>65;BTHaqMu>B4J+`&~Hl(!JPUq8pKRW zyc>~Q_7xxbY9g--84Q0OzOFJ{ zQ)PD-^bnjeIu4704pR68%C{rhNFPi#-A8`Enc0nW;V%3C%MHj=?xo^gr?< z(24M>vo?-k0+Y!(qT91Ma+wY9Oc6DRvS@7pZ!6>!RLm+5Jm|3+UB~2;7={-MJ%k~5 ze@EnT?Sq_8>`P9A^GyAb01=8(x~HGi`;$4@i9vzQo|O2I6_ATUSWDc>&+BFXIynf7 zwrLv)k+)5mp!F4;NDjYXjLDC>=XKn_bY?#Qa>!n*xiQY(zDqA}3{rRsYU-H^54LRS zgt%a^T3p65jlw4w*Tqym!ZB;o2nAJ?il|5`Z6;A-M}RBE<~i(=53A;amE6ogt1+JL5%45iJoOCL8haJFyvZ2o}3h3rr2M96K!yBw0LD?W9 zC4WU7B%V>BOM|{J;9(;?weVqXEMC9@WCLAPY+M%*5+*h?yWsMwTko*mCR5Z}GBA@C zH4{jv`Tza;2#=U1thHsd0y4CD*IXV8)ou`|vy!3zB46yH3%K-e-B3vGrEP_X`O|Ba zQ>cYRe@TR4zE}+JN_W&{{rxUU8}dyE&A16GP%O9Z`EnHywS9vx7qH}j3m4+Ud85N~ zfotKf7{^X%SG2lL$iewPMUoHC<2@1|D8Fq_MkmF5l?iE#UcBvt-~zYFVPG>^YzQBe z{98?wWC#JWEJC1Ko;Xa_+JC()HX%yJ0(W6}E?2ki(L!fR;3o-M=PdX&f2jZaiq7;O zl=H#Yw#ofq%`U##!mJCj@Lb5qbnXVGD4u zA5RTQ-xr(*L6Hgq=oZN#o6tU>`A+rr*W_2Br&mG80!nKPDfB}d7-@q~bZ>oO~?0666%~7@3SLX=CmL6V5*#s<%58O*QkA0vcLNJWe z){42m16Uq3;Ir8PZHNcSq{2XfQ32*T)QebgZx3Xh0Sk|8=mg-_NZs6 z2W5$cytEGhMsaqDu7*==K;YhU>T=0>rg&s`d5XAOaksS>3 zfRBTNmF^`7A%`U<`ySo8j9BGI#*_po`g!wxLLrNwyAwU~gf`|IP&o zpkIrm0`cBJ2Ff__d2wfet;>gbt^yX>S&!v0|Cr8EK9(L|K~dXlHi-xO8#S6KD7)_1 zPl)Au2c6sGingyeL$wQ9BR>0P*Ka!N;ClM+3&?IP?q5<=Q z`BgK%4JpaE=zN>oza^BHy$a=_bg#?wzg|I-P%XK)`*HM%mi;q@7-O zN0Y4&VpUH`hw`Y;JZN-AqkIbGOZ{1h-Pn9lBi{A3yvAd*q)*>)JaRHbeCS@H1X}ZS z60j~WIuzCXY@)lJEo!g~Sg00bc$VW!;J8+N4>o*bA;j(vm8ywiMtAp?d>^Bv8(_P6 zpy7)K<)IREXj9;biiQq>h$`p!IYR?LJ6Mr-4xY*_(MM$L6(f}D>?0(>ej-@BJpPRV zWP2!Uw{hpWgu!yPwDkJ2`LlxE_q0!mDYwVDYl+;=MhMPu0L*2B>uebq0gnZ!GIhJx zfJP-7rP&-Lv9cZ)xI`eT^)<7^q>-%iZuZkL}jWucKdh0|hlxWp>dhQah} z->8*-?XW(aVu2)un1s|t=n-x{ra*R}-$UITj7Rzf*DT5Z6pecz5f;D6nfUj$P86VY z9=6gC{(LUeO>`WYmhivF@qpI@)|7g(e|X1Jz{Zi%Dp~w}J-|}CGyCcjd+Bd+#4ZJz z{ym@IE7pSU*FLAt7M(_+5Vk1e(>iy|`@wurKi@d_5)SVdNI3S&8WdW@kj{xO^S}yW z@#r41fFlZ6^Cn&SbHqBB5C6aT|4f$&5#9>?COaVS4lJ;GkstS+>7?hgf5$dK0>i2X z;#|X?2F3ZU6Ao2->!W4O{d@Lf7+CoR1QVzLaIAm}_HKL(-tEVMOiGH-L3~Sb9f<)= z07!doiN?7NgVpn2bq#bq@!%v1Yx@@a-(pgSsyqe%HbgH&}2pkwa}SrgwwGaV}p=VKaJcnV2?oP#?-c#Ie{uWE&vm9}2bB~=IqZABq5m<^D1yW#9_#1XuT@z62uT%bME zN2|be3dhX{i;DI9|5ZDPJi;Ow=O%F=krPXnKH5*?YJH5 z7XeFx?U37r;S(6nUjvr-dVuoA36|SFtTz@_Q--PmZ^mOh^R>7Ree}l|7D6~R>3kwMwI`tZQ-~s zkgS?OAkm!L0Q375WNjDKx;4pTIU@dF7~7F_7yb#3PrJJDO4{#;}kdGab4IY8~l)&Z$ zL}GmuoNIG+i~<21=dXG3He{J^?MqI9xa@U3mCJ{^ ztq=#U>ApkiJzU};R9B8U>V;VRO z@I!t9BacZ51PRU$%k_vo@b}X=D!h<^0)mL_+eEe6zcIVz-!rfRlem8Zl?TrXL_LP8 zG+pLPkOAqktSVI|*ypu9fA{5^zx#5@`65-aEjy4sj^zXsxPI@Id($05)rSEV6+zc8 z)cFpgNMr$YFdu&FA}q2VVHI#sm}$Rt_0}_esUc+42bzh6tR&yFBZV)|BqXl z@&~@2w{Vus9ya})u^82xzbH+R-bmFb7cLc}Z+ZUW{kvTJ>T&UjRJSdUab+{}a6%na z(`C-W9h5HCxDa2K|IKN7)w9XHYGd7K$@}2bf$!+(>ejOFW9LrK&W$G<-kt89&Ykq> zB#sih%Yj@g@B{oaJ;HZzw8R6Nmyhj{dDtiQ{Z|bvEOPE18>8z6W*a5%HTh>UdQl)x zE?o6K<$wt4AA-HB%-{Gm^eTV5$yt|uar{sAsJAfM@AFn6*cn)FWCHBG z@GVel-iE-{>{{A@j9*_KRsq-leewjkyL3^m=UOb^~EIZcg zM&+?ennm{z%Ck?$dnaAcuf~KObHVJB%r~RpTookNv0haH5H(a664D+Ii1aIFj2{?q*Il8i^H|V`2T@<^=FiF1g+<4r(rk^Fg089hWw+VD z>FR3K`qRtDj)ZK?hf~6wb=cII>C7Vs~?tr(I|v4 zQ*2(^PSX-?JJf5E5#wmA)#cuLbZF^gO2g#N9?|>BEpUj^@e-)^;Af`lDjoj5eiUgL zq?U~(pHY7S{Th>`9AmhL#p%Nd2}j8;cQ+vln`rR}P>Eb?x=dky5RfwIWL1^8tjBfl>ctfW^KkXw4r%E}7jDzU3Z zAazp=ItI_z4xvIwY5|+u2$C!EcbH*Nl=v%^{-QnC*3-`v0PD$uGUe2FO|S(jS<9I; zjPRY=w1o+%2pbWSxf{YPEHY0^0EEfyvI3h`pO$U%(e<4VEK!zv>0gB2Qv(ar8h@Gv znzh(ZhMqiMovTKxYy`bUTiTZLq6RJ07;tdKW;oW5Dea;Nbg(Arg!4V0?fKveK^afI ze)uY~3cx-i#-JzM@ zHFq6D6^~Nx9vk_b1{v&t@;EGe*+6g>LkrOz<9^WyrSi5G!g+3=1$BDu}9o zmhw96*N^>AAequ!K^UdJebq&MpJCgRj^bNWlx14p%XRo_6%Ho;xLBjFE8{D-Q>V=n z12$h~U0+lEfjr<`vyefd0I?G#ADcl=!vg@2Hvc|=LG=Qgz@^*(T9K1?No_?CTgPR4 zW9b~2Itq{wbNf{LD4WIiA&jB-y5^l8(*f_-#wnBD8LM^SWz0~PIsh%oA z8LhlegHm~}?xeH!Kk0?gg{f4}#Tb|e^WG4%k3l@_4QLBvcnI6;)8m$5rfI$S$slvp z4AFTI&Y@x4TjI30{;BQh!R{@wpmW&MeUKwzZNDlQMF{+G?Uq}{QC&1u?tWMCRdYUj zSymMfNT=@ajC4)=O?{WUeN;!aZ@4_n(S5FQ+6r1JWwzS>Fahib6sa4*61!3m%i9W< z-l&csAFyd*J((n$@x9H-sKJ1yFYG09M74xJ?xMbMXY{~uIWhngaLLkK?;TbL3kk-D z&o(=-fphk@&`%XZZnkZv>W1H65~2wK9jx`rJwbI&{7S^ZMIoE|R}_?GAu$GmW} zy$5t}$q`Kt)wdDLMUdc#=b&`e^^?wX(14Ox`q|YDoqIpIQPj*pd6mQXYz6S-NWgJ) z`*F>#oX6U1db27k@5l5&$xD|o%jwcL_Q61-OkbByq%Ky7Q)V};H%G68-6yHqo$$4c z!k$j*8J2C9WlzQmM8hh=YK%LrSsDW}uU2UPT!@HlkFx7*k{DmGfccFFf#pbjIQ7K2 zGY0&gS742pf*9p!SZ@f$-`j;|Uwd1RKTebB{({K4FrDCV zNN$p*i%BU0dwOBsjIYWsk1b)iC$S{(ULm>kkPhs5Ww7S=k>U|y4wc@ewIDS z7)tmRK$*VbNyBCSx>;2tb~mXd9a4E0o`T?$MCOh&M5k0x*uo`mYHM%rcLQB?&nlR= zzHjlA4`s~2GvEFQHPq`K0QjfOL1i1T1~sKq{kj*OcX;*kT z`IXUD7+VTF(#as3X{NZ4!wV_|&CdE@(kPm0&>WsXU*|+V9E6>Rr^5?okiiMKJc{*i z<~~OW^g@EfwT$8Wddl6lHmKh*(Y1tdO@J_mq%b`vx>eIQhs&B zc_&)cy#2$6?p>xEXE@b8Jl-1GLsm_2^6_%*A0*dR^z|$*EdcLtj$tURK^(ybO#M# zk`#*J{REqs*w8l3GT`)GVtra2pTu2%F=@*9U`PK7(mIssHzNNFwWtId*l! z?#;sMul?r{+wg++i+7amiqKIVvoS}~HsY6DWSiD^U|+AfzQ|uu&C5#!hD(J^y8d#c z6J_r|?-XjhucN8PfZJZYu5aXi{StWoJ}O~d!QMBy7eOwXbBqZ@&1CI~GnWek2uV5$ z{p#-64? zJF8o6YCYF_b(?hkQ}t(6qWCFRByzTK`S`~9me>Ihhf~0`3@D!%_-Yo)j+xd7F|x(1 zHjoKLyv0q?CeXr@#8r-<33g9gifBs&76t(91$78C4|TJKz+la6MRCsJFa<_(K)FH z<6J=2UIbG}y-8r^9SK8_0$4lz7G3+{*`p;cjR<8>$naf-f z`vfTR`A>8(oAZ#2i{`&tBHTSX^j=`g_rz>>6{ID31h}uL29OLxCi?T$?)1f(>7<2j z_rAh~7Q`jj8%d;Y2r?@6Oqy?ksF#IQY%N-Jb1aa&J2F%_Bke$5`SJzFWUTpW_s+ z)1Atzw*>nBq&r;_2VOViuy3&loziWY69^EMt{hnxka*ok_z(3rS)7F1fe%SCRfH~h z;2yyhLeaYHt)$T%D<3Q+kT&%N|=nd$J4bhu>3H1 zS1s4Ap<3r>gUROxvf3f$9L=$gaN+yk>693JXn4Q9#T}pzq4#Gij;MHQ9d)i^49B*H z#*vwH{Hi1*(sVeK8*q1?b_mV54doi(1w4^zn^KQYH zG+(;xgYdW5zj1|v+vxolS8m&S0-mJWN+Nvvmj&yQ`#+`jpi-VKs9aHMr_-)@dh1&0 zxJT1sp{O!3Hm9qXD%umrdEm1+ttowJ_oJZzb1Areo*EXn4O0wW9_o7CJX>pO1gX3A zTdh1`885bT3H!B_GUpon&kw$nCw`8YdNc`t@X$3j!VxksEw$qj+)Sp8hJi-7u7^tc z+RV3KRZS$RNE2Vfq{H}rfpFqx!?Qr0HiACU98u$SKj*aLn`ca(KZuneWbFuHa4X_x zm>%n~4%Q_}RvK$;WEgNr2>gEZovawxSouETdF=D1*R8I@W(~chnD%nZsaf25M-GlE zx2b<{IBI~rn)SFH`Q9}DQN`;IX>a^4F6&=c5fIG~eH z(Misw@eu_qZgd2fVG%J99jO`waxO1aFn;TthVY2>vR>nT&dsq}jgxln5rPa|&X=)9 zKKzREG}Z`C`M!L;$%3DTelpM;myydR{zx0C=;C;ne@&uahthI$%vf~r+^nQD#mCDw zK9x0_g=j~+fNys=@xQS8j6>LN?VFj@xrq19p+ehJ&Fg}}b9=meqmi+{j*m5U z>4nkOE#XkM===0oPAdeQ6(=uuv`pe0=Xf|sLVI3TTW;(enVMRZ-{|^`t4E&vg)OJ> z<6H^*g?+~af_2t0XYje1eRlnslI`q#27R1lmfVK2PV_K#QAHij_7qZBTK{mXG*wpW zkImt{nJ;b|dhGs$lz{c)NpJD77G?kyq9xTRYxD2wWDo~iyj*Jjz~KB#Ck4Z{G{Sc- z@1OVWjaOmrw9p{_9mATZf;H{1BOgDu8GeJV=m#N5+j3>sgKvI$Dtu*1l5$V=)*FWq z=pmU;P>Vl%pU$q^_l;6WjQV}7nOXIm=Ly#jF&B!Er!c+lw$uCt2Gs7u>sF29{D0$Z ze^RDpL_MW7L+6J+uaztE%CkA(IbG)<5~p{$}ke(8BA}>YDAGe;CgO6*z4l zi}1hcJ*Q>hwfXZf+P?w2n}n)8&0XPqe;7|DNQdotc2$!v^KklRC6j=OdNYylZ`yAb zvA@CIb<|QlyDF8~Q_1326KNja@(zDRv6>tu@i#1OBrVjH{~$Dw4z-N(59DOFVh=XD zse#4jh*^Zjpn)y5HXhh1ZpinzGDewjCxh^U?H3K?)oU~R%-~f=Gb_7m6D5V4XeP&~ zVa)y4Gnz#KOzAT8@RSLp7TsU{DZ$tumW!+MsrbXDM`^QC7TiB@X0*Sq3Ak!u819 zWIQa2Bqy!5U_B5N8lzVC(N0yV}`& z2v`K{v_KuEHu9D3xaTR{5pM3t777B%TJUNFHs!8{T+ zI{pOzq)5m`Z_EKSQr}=ne?-BiqyS)WHjJi_b601hSPjBZj{-=!LZN_zVDfZ6fM+z$ zx$}~I+R*Y4NM|l>WMo%abetG2u7JRf+rOGdsS2l;&>jOFqp$&vQ?GM!vm>9{_T4Wg z^Ph{4U~!oQq?n)5GiCW4&dATJ=lP^tkkkcx=-2@I~YXqb9;bZoeAbhb(2<>*t>(m zjSQpWb9i>Zk5Ov3+zy*tY9XsAaE5(eWA2pzbw41vs&88Hi>;d&vLi5zJF zt3)Kld5uR!siHfW$%Mzes)KPR#eOk+<(W9u^W!?d(|nD>P;EA3B;~;1n#7(kF?2pk(8!JTcvZ4^ z6s%0j!q{G)JB22Rok0Vj$)Fkr7|8`V?cPew0>fdH3H4lKmw1N9?d6u=gr6GXMxU^z z&Hr

n2L|QNjuH0gY?``98dz!+rP4sz-~>n0h2UJ|yt@5G3@|T*xn29kD-R9|CCI9twHC4;H|uCd8~Rv$ z1i0gpqA{5ZL|$$I!iAh?9>Ym}j=j0pSuQTv4^>>h*3HW|X$1PVY;dwU0R*Q6?qQ6D zdxA}U_R*+2SIvxDYn4!7UZqVJ%iiTHaQnecp?sd#B-4k9_pvqzT46?A8mgI2vR>8V00Sy@-%Q0`L7Ra6 z((r}bZ1IWwl|DS#t(R%aLo=YMzMEson@yh2VC%I*7y1?M$%`p{$|4Mf<<@lJMiO$xC-czcN^$OG@a?3J(6b$buiqzR`N zdk7_ik1UJ>v>A_pU-wg@ZXTCDi@xnES-|_0k!>|O__lavyp=AG0Z>V+%sG2jyXC%R z@%l%&ts_b=x1`;KCv|V{LgiIBfde;k9AJRC8NqQ>`w;jl3jtVX5vsrP-BpNV+zh`c z3&mvnKg4F71ySRygix%BRf7K3OL#IB_t9Y5Npx}p03HqiG_->usp~%Bdy{*SJ(i`V zd|`5KqFt>J5;vc&)A;6A7sJen%RyQh+4l88JB=Y;09dSm#au*cY#HxanWfdI7uqVT z)v!czU%d}wdKlabCsrkIgUd)hA7Gv-GR zoj8S{4z4PdYf3tc4&3Ut`Xi;L!mjMtZojd6Md>lvr{j7vw~)9lQfNXsRd43;>{xPe zn0UWi{7|Pi_*@-;PnNxXeI0PR?EuAE!5%p{aWOIJEuSxa1fuzQ;4pX|uK`xtA#t+e z$tf%>95+Q-DUE|Im8u$`d{bubv(QiX^NkWeyU@NWe}%3y3@Ud2EtAND4#Cm(>G0qk z2b_6GoZA+uRV3+*xXU1_w=J;b5K?j;0?E|D^e85`olqdJ`*Rnr2Tgw;Y65~fr-k={zlyfOERWx(D8w-jvNrt5Zvf@F-*aRyT&H&wM4sOv8lGzq$i7_aN|&5s zMhmxh^_PglegVeNKCSZ$kn_3blSB-R>#&UVv`A-_l3PNn^<$l6MqKDYUGgZ`m7xQ` zOkqiN>E9w9`Pn7DWAl0^rnlUk^x15Txac;BmD0j0prYX^J83azNASWTaKV`5Srt5` zb74o4UCT3q9}BnQ&Rh{ap^7rAz9z+=u$5>3_f$}T34aRks0DIq;19X9bq`AmyVmsx-HtJ33JiH40FuiB z1<_X4y*Fp@surD_qlyljW##kOZj)w-lW9_cS-^rh0SNkI@t)w2L%m|Bu9IkL&dyXW t{`B9d77A&U7VZb{!qJ#((6j~HnNeK-%)Zb~CNyMLr_wfZ6Ib^eZ5npA9(WRnkv0@}@nx)!0 zf;6vg_@mLt5TeTB#2`4yzqU$=OGYp4&il*s(vl-A8W)XAhMxBQR#^XS*Y~7vrzzd4 z(rM_O@zCBorxj;c-pDVr1Wbgqs26`<2xQjoykxnG9fk7u&zDY|u_rRh~JfX_t#|MQt`Kc<G$S()49>g@OyT0UJI2b91^yU{%mO~_LA@D+atkfKeEk+0*|Ngl3r)sM6y?)go{-yGX8YgKBFP2-_ z2zgq|Qs%AtB|4S&di={1H6IH!_J04!E_5skC-eLKima-1 zjFnr*=Weu9K9y%478= z{WzJCo5a_gWBKico}t?o2MZ}rb96qK$ua2^3I!E#iMefviyqDqy)&pOqm7``EYOJI zG8VP|QI`9Ayh@pjtK#v9mRQ5=oAZ;rm>T6bq8^E6WS762tUR_@`AGPrjxp!Ft!n*z z)%aZP+)B`CLF1ggT6_AuSvaZx*Oxqe!Og~u)tRx}U{+c`@6#i9Ny*d3lP&qC#ax-_ zdsKa~%#jYBFs}5$cj}ZQE5bXD3*E`>H4PrSYKyrF$ph*I8mtv-&;P(q2;1&U6`W;N z$q+B9=dp~S3NdyMi4-F&WV2K4K&CERhyIG?1J ztOi@cei30-PQTR~{#2im?6nq!fZgvZj-O<&`5(WHuZ*2a#uT;mic) z$D3bhC>IYuMyyXYl`M>!_?^KUyxu2nvnMZ!m?>5}j_1C{+E8vw7iyOzNWCIuWgqVC z_+>Ire(O=x$Y$Q(nwI=f_jw_toDj@C*~x5^`K}IxGEcihZ^>{?ulFW9Cz??RaH7YiU^o z)!ny81Jf-5maD_>ZM;d8u~Y9j+%x&QWKryNZ~W*JzLWDmqt6k2D z`e%P$ZyhMSz9sttkCKV2>7;Corl8StcSW=R^e8vcNUfgJpqlpkTSfIJw2^lAJ97Gh zRHE>PMRe#s2fwQomqZ)Vrr9@S$_X?1JG}=AX+oMWG1spbqrZXuR^WBKzn-XVN~N>>#O9-C*BSn z&bFJ|KU{o6c}yehHZ7aTnMT3$srA9pcApqt7yd9W$L%x|mq*FJOLGFEF)bH6qVLD! zb{!7n%IjV4YxFu6E~SfB=1y>K^gIl6DluxXnfv(U2d{Df2A=TKhTQ~H-Q;9EDxtwU z`;!gNF+TEIc3wLsvXRB?YJMWyw9$(D;I6omlaS9@J+u4P+=?5_X-}}Q$n!moW7CH0 zGi>X}C6^T`&D+CxEcD7OUM`1x$-XH+xErf1x+(M`TxEAYTRM`0w?%ET+97)}QtV7+ zetoQ>%W1xogiE*abWeZwL?Qr#{L8OT#AKf}jp@z5%XxNj@Ap-o<*6!o9(jL_VI;wH z+t?6$OEhY&e0^-I+3yne%6$jjftEAnQ5WNHyH49Ne&!Na`Zf-57UaB$9+XkzpFKU} zif7Z5+qmm>RL-GOD*kM3f;C0psTL`5Z|kE$V~?GF>F}SWg9I+&hYa1?H%zHWvDA8A z^P_L83Q1JLeMxD#box@aoe_VA}MGLJBnvje{i<_=DefQb{x@S5^~?|Wb?~VwpLO}Uku|b zQu=9LQH7rE-+n8rB^hmT1ls2>m8ZU(QwmG#Jv)h94y-0?3tDpbaHH7pAr3v3GH@wd zg*tW_+NZ9KE@?k3ab3*-@%4}L62 zyh&ix@FEZR2D@7>Pbn>otjNS9Xqx||`3l!noBpgI($DK~wO)K1+Qw5(rD;jLzgEOH zmybQfFDG+{Y$`5zC2|?>;n02ji2qrWxo!=&ao1_J(#Lj2i{kbmrBlD#G8*x%2UQ`% z?ZP+DtdS8`4l5_eVYW=}Vb`zDc=iuUpHtJ*SUF)oe>EpwTxTS|rivNcy}OmB{Uw|- zL4mgG&Q*D*ngtJ&s2m~;ZNIId#iWv<f~O%-RCQ5eeQM~V&2@q8bUU1+j+v=u<~EE-7+j3klMt zanB4J&yH4Cm`=O-`tqd}c0z=Um8fMHgwwOmRX07PCnQ~jJP%3Go z`thjIVLF<=ewi&P&?9-92mf}$P5p<$S>{)$ahQy~A{sZ%$A#@j8=hCqcn>c!J;PqL zZ}vr9QDvIrH*3Q(mqRJ}Flas79`2!elVJLLp*Gjy?~i?hJ1^2~ZK*pDTioJU+wP-R zER99oHZpJ`B*jVnt5weNC~vc9?XC=|D`e<&d&<IV7TaE1K9|P_pjO0PE>Y?Uw)x zs^Xn=@1Fl%N~0@j+y|*V<}W6RxywJ|laph9FdOl@5t3!#fD>Qd)AJ-<`Llk^j-tav zwL?~Xq;5@nm0LAtv`O;*Qvdy*gBcl{d)$Uvp4$rDho#S=RPrE%cP_s1;S8~e>{49T zf7^>mO1$tOGs-l`EF=57Q=dql_H0Gq=eOU*&NlJ+F>&UfM$`^}A*%CS$_ySX$4H-- z^1n-@MMp?Cv@5)WFLsjgR&ts#Nz|)WZ6Tj8%XKqMIK~hzKPSTrN@9BHi0i7BI;Yr{ z#_fe7GnV%(L>JU}xWX5sTBPtDdEzrMpZd*(aeWs*)cJ$&LJpUGt>Z=u?oJz#GS=I1 z?$S@^-H>jwB1~0cj`2lKTmEF&+Uk`h6S0PH@F6QU^-Z!ukaF&!N>ZK>* zx|+f~*S_69y1p)G{Tu&*IsUr92AZb96Q{f^4YJwHRvVC#Ke?fpeM?arq${t-esrr%Wu!y^47DBD{RMa(^f&T<-W0omiB8r*#G6)mA6XIev&zhOw{Kv z+HN1Ep@Nncy7t= zJ}5leU1etIk~9pcZNagbYHYCRN>HrX-PB^Qo^`&e!@aKEenN}(!o)9u(@?Kr7pK^3 z&>D($qo+NgCC!g8=fdl0aktRLBy}(;g^8zld2;=%;-XCyo6}w)3aRa$xk+q16l}Xm zJB_I&@|L@sVCGo`|5hMJshsL0eWdU&5{VMT_BQjN7kQsKJq0!OH8X-4wuyt2!|m{9p8Ds>FA*}$A_zC*(vtVq zvg2O{;sxL9e7LvK?=LR#*uJ5q0k`lq@(`-Ohoq@rZpRHwmZ9}Sa5uf|P!r~KIz4jP zJ-E6+$}<(}sxuozY#+cEje=brjIxfqSHXYN`dEjT`5(|+8jq4)XZ!hUw~Q|W`PVFp zrZKSh!9wXDkZi(^%4V(az{~gV@sTL;WP%%`fNubfapN@D!Qe1urQY)4Oc#HIb6 zKH36o6_~CCQJ-bPV!n$5qv5f7iw@pGlmN zYN)5H^I~o#dEsaoJCRPMze{m-2xdCF)?HWd;%FJ<(O=(7|B(H=@L8`>;+-`FxY(sH zj{XWq)7R{>+`YIA4di94ELhH8Y!kX(fOWEOL>piNrB(*t(SOfV zPQ=8gcH6WY%#S|eK25vpI(SBA?5S$|M&$YMYQ4%6&-2s$GWYET6^kC>)2r9`ZQ^Xk z;oIb0fLY{UTqe(P+x)dv)pV+etj7*&V(RFUn?Lr67LFa)ET(^aPjPnU3dLk`XN}vY zS?WBn1mjBq3ujApqRvYy@rg~1ubiOpV-$3pi$ZRTh2FGP&EoZjp4E(S%9(nrF_y~5 zWpc|oukWEYou3`^J{je132x5J>38=zKXv_4q+L5Zai9Hw+7Ck+}vL3lzY^u z$-9A~sKl^NODSF0y4>p?>gZ;Z{s%LuuIJy7n96m1GX9qJfZI#!wYobSkTg4?D4Ux) zKdU;T67|%y#W(@< zMhQ%L@|hGWrrcKSO%TLHpS_R5hHc#%Wgc7fat_dcVZ1{ z9HsEq&JJert;Z|hUl(#_SqpP}F^g^T4P9!u>Z$SW`E39fl3h=}oUbvz@ig0!*tx%5 zV%e1-Cy~gZtLCw@G{aa@v;ONf0BtRIpW*lV%dfX)hmvxhk%IqV%2zBOHFZvh3u1x5P&lD2D*T3e!(7 z2C}4ZYh2gUx2_{xq7|7p)2)d*u3FAsQ{0Xqj^inVBtLCsZTKjW`WniT8re-1OA>#{m*Q_Nym>#X+ip`za_ zg*>S3Wsr!SX`z>=3f5^`?1(#2Rwl#e{Hz_1@KiRh;rYH?-LpS&g~X(|b_ei%&F{=d z*Bio=eI$(UjU!s?1^=I^DLj{!ho%G?<4CLlR<$rF&`rnQ{XRTbk#eE zNJoJ!Yf!?g^zkqxZlQei(d&3m7SJT(JUIUxNWD|G58~TZ8>Q3dL?d+Q+fBIgbwEuN z{JgrZQmA$FN2%%kREEB^yUey@<*NH1zQ!`k|0uJZt#9{4TT_-<5;#*Ubr~F?7Ic&x zt9n|pW=+obkl5fHur7Oz&0v0}GSSrYx8q02sI8gou&R34X6YkrH|}8J>}Lj3mkIUU zdEukRqRZksae^dsD#B~#R)z|3&pvcxZ>QX$=^~(ifMu|ewC;I!xMY=1+(hBGy3+;iDDwEfE*VWP0wTs7oP_LsEJ)F0xFoQY2qc)gk?bI) zx;U2GcEjRf*AK6j7D{Bs%iZzP}j`B6;Yoyd96>1D6dV_ zh(KW2GpM$2VZS?d>??Y3yxznfVUnkwacR?Nq%Ld+ws2k)-xWz$OePdI`-w?Y$-aea*(?Dk$ zgP&RFR%tOQr$K(v!)+d&)dhqr8R5jVLN9X$y$yu$w}GDrF^Wn6!9K^vFQmX;dzcfr zN2b%appkhGz2fDmeZ|TSgy#ZHoe>%P$HjUTa=JqHt|{Lkn!C;uAi3JOS0kR?c&9{@ zc#_XPeMjX&C;W9q59+@$S^XamIiJ0!uce?SPn*7Ze{0ufX?6pRZkoht@fGRKP?G-l zeV-g#1F<`Wf`cMxIP`UT?LX0nQ{C0#mQGCy%rm`ef*VOV@lz;MX@dnLW#U_(zh!jX zBI6$?g}1L~btS4pukHj`W&e>$I3c$utBP-5A{24!7A+*gZ5ZFwNKp)6=iF`7=Q zs6|*w$l+IDritm*gUWF22R?W^Jpo?V7=d{v-ch|g$c+~}8kk4*Ew5+0S4bH#x8j|@ zkFIw#%t&#pn^Ak$y2(85mOoQQ4nDOoiyH=yO6wAZmcYWFUvf#tlC7y*m^7YOH=M(S zdstPNuMihKY)n{{RTdZX&V9<8wC}Z;<~q2&d-OrDjrkE{{y2Z;DdV>cUe1!J%AHG6 zD67@D-6bjN<@?H)%K(oQ6ok2(`d|kX{TZ(+bl3LzLiAA?zsz&{+o|Nb^b^#Dt{DQq zJkDY_3IlaHYyICvH7XZ2;u+h<HcHo!>o%*%p zDAG>OPn*t}12FLufQHlM9ikTtYqaW1w{_>le}IWP!ENeJ*GaKvsYAS^Um9cVwW~SL zc~iSMHFQE61rP19Gmfi|Uzkjz>VzJ(h+AOdS4C`fl?~sPmHR4bPg}*QCESu)#qEh> z(zU)B5qO2Kqe!n;nZLBEBGA|yR9Ak7qJDR)ypw)ZXhni1j2y1-6F|$uyKP=q7^bf= zhP%JHasNffQh&ClGlPM6BenpaF!RgaP%E5SIeYz<*M3{U`s4dIEkion^QoK?+$5Pq zWzRpgEmEXYdY~maeJV#}J?@{hC%Z2}kAZ5Z=HwrYE~_t-`I~FOan}QsDNW-SQds1k z$HeJ1QmtKH6LIB*l>2DiKaQB(9$dw4GHF307qCmEh_Wuk$H9tJT%KF!|InDaTeGSA z>wR#NSi2`LhR2K>*ZoqLz~}&>wb2jsTJhY?{nXhym^GiG5!Z?CV7LlQGQ4oVFWgl7 zeBX}C#7!7AvSRwjL*X;TW0qos00Wxh#*^HVp>WD+{ih9#d{(`ekAf~OY?ZU~eS0+I z$vJXg86}ilpa+n4fuLT!5veRDRi<$=5jBtd{!iB-&Qlo;mg847PZ}cpSSF>zYpfB( z$={*W%`_rX7N2`c1ByV3~cFgDbmB`5m!wn>I?3xoz5HESR+n>rQ(N#_f8C z%TB%5WIy!;C8AE#5U#IE*^?RQy7Be3y(9{F8`givKrN&Z*qZF4FTp89X=L>3hzte` z3%r`Bt5KC6yEeOFMdKXl8I&yxM48`qQW-f^-0qv)pk2Bu2XijDL!XJ?QYIdCZDKMc z|8pu;5qCBEW){JA7yZ2rD`z8@~u72eSVh?JQ^S-FNW6v9RkE|H$mzm1iE~6;%L-$T!@!atMJo z9-QAc4}M1~Q}LL5_QL0~^mhn2$CT_|ZHy4V^R|O_`kFjN^>lh5I%;n4Bk2j}OdV5f zbB*x*yYYD~i*=<}iy=^@pS#$5S=KIO~Y#n}dteXV79fSQl z3=iQ?`$Bfi=_py|yO`J}E;HfA)tkShXiMcB)CaHy=9of64Q9^G?KWKnJ1kIA2W5%XXmk^#M-$omte z5x4)|Ck^yCUh2ZO$3dHqDBs?(KmTTDmZl9?zFRMV@w}D>LoZ8gEdH0e^bVy$wlC_L zwEcS97m?Bk;y2Ip4Y&B-1QN)+V6Gx^WQ|it<5HAyD6VDF8@)m!Y9RG%w(y}sv^4GL z9`0U!2mRF=!dYxg1@cEDjm6mM8Gf#)=~#C~wX(JqyJJqjyiU*NuzsxS9(Ms6uc2*_ zPV;DX-%lYjyB)PMQu1`N#|4wfelWE>Kv4A-5*&tHLvz!=My)C3doz9Ng;cnpjqoxW zx~(^nZktADuD_aWUHOczEg`Mn5+e#(*_jG1n!{$oU15m;6g^3|;MwR8OSzPjuT^D( z6Xo^pm;dVp5RgY=UcV?Jaf2@QlKL#~8(d-NfpI8{Irl>olP?f%lz1y(TIN)$5@1V^ zs=i+o@CR2|jUHZrSaCFLW^u+e`)Bnr|L_g>fPWCmaZ48bhmT-L1svP@V^i+$*HH{-NIYg(~pIzBbm3@ zf3;GCUE{gue@bI@x2`l`RAc^Nhc6{GEdNQ2JE0pU`lyU7QV^jLdpek}niIkSB*Uv~ zx|gtP&A(hZ+;2LkTC#6jk8JZMF<#=g8I1DSUC}in{qyIE?jh}!+RQfyzm}~ylcQuy z3{_9=mIP-8R)Vnm#YPPjB%xd}M|5YK8?T1jymy;!QvUgqI(pXS9i!vF)|l=zux95o zoc?$6np@z~sV43ahhMz>2`_*CJS!5pU}gefCGJ)`uuxpQtb>?E_qKX`9RS6+XC1VGsk?&pCwQGy5^1kLWep_wKryJOVkhx`x4Qg^gm@l*H zqjph*vT+Wiw1G-neSUEs-US@wcqMt@eqgYfc=l(E)%BLaz)=+(A0>AwSJ1Q-p-CNA z*o1h@4^_M4TnB-lneAw4X4x+uvdd(rAm_%{oq)2x)r!m20gz`NfYCsWla+3@eP$C! z!=7Q?vzsRADn}icJVZ1x0TPpqO%aqKl0ox$-++gSMhE??A3 z3}9?fYxHzSIwb%#OCiacNa3vzS|0|Te(*S4iOc=q1GWLw?Lg1P-Zb^$qm}?n%ejtd zw9jc8%b+F`vaRG~^*O?R6sKk6VZieXruL8lx_e&J4fv<}%0Hvm#JuYrDLw{(M1eZu$ zh1jESw2Z4zTC+geC}2fWxr-FsVwn^r@i|(xxN+%_5v~dATTH}OvG3u}U!Py$5m>4XjB){C zyfcWJh=?B04=;7yfFpVG3sa>2E~olE>&m4kq!MThS6@MF1_RKKI@c1Rhw+Or*BU5e znfHSkypDD{=dY068IHax9Bl4pBxJA*?9V+ZD$X&EV4#u{;YQ{nu%kp=tq3=%1Sf}l zy0CkW<9w%DiIE7nkU~Pw+C4V`H*1QMEz}fhy)P&ZGE2K<9n(A%v9vW*s9l)<hCI^vOPT}HI76rue!V84U;u|7N8M*W!eAm{F1+B-1D_c3+L5&S-Sf2%?! z{l=(yB)0$8tTaC2UEtrc(`O>~YF`vraa+OinqXBwkcCaE)-c9B0I$*XLo_`J z`qsNrp~Q9%T52I&2KvE@UZedOvP5g5_026$@M3&OE;k>W?>wJY9G!}!r$a7Eyo~?| z+-j!m<{2h<&+ZpTBtk|Ug7z>&H3O;`B0u9)e1;Q-TMEZrp|l|-eu?NVK@FEYWaYz- z61PCozrXjgcWy9zt9N&r75RCC=_Bn+%VQOVVUz-#MllAp z&a6g@%ySk_s@f` z&hIRLe{n4spGGTT6)5j8uW$Sifg~6f23nK74y@~=bgiTfVR$XQp0ixt9*x`mMN>AW()?{AG zm@KJRod7#bJ3c(>r;9fRf<*HSLJrv=eX(%W(OT0NIF!Xs%N0`Z@UReMd;_ltBa+e5s&0G)v{c#S z5za#(!Ym-I^7@>4)_`;8){{|{bhlsF{K0tWLT(!-F4sp48$2{Qjp|t-Q^f)M*$J93 zViCc1X~dw>Q#ajfPuKcqZH3;OyROAMD?{?$N6XB)Dw%Pa2M&|zBF`-#o|ORr>=KTo z5i6d1^8Iai4CW#|z6cgJLtgRS#J?+Phg?Y}>h`US`YY7J`9-G0xQzQhtlqG`;>$F< zOeLgY(twl_b#t1|jtV!micv3N$P{S2%YjUZWC8t#-V=4U*Si5xo(llPap~I)ua5OC zz%``RO+0TRgn9bvK?b!{72ElCe+&4}F7VX6!@#y?g= zW}ia`@|0>&txZ?uJB7CCB#~5j;npm=byt)IdH_pVQ zkc8lB9Gw)7`^L22rp*dl?TS^3{b5cAXb34BdR6${uJ`o>2)pw%NPt z&lBWd)_ESXcbi#fq4Z3J%MAgveHQWWP!e{Ar<3*V@1SfkL3ip~KnV7XypEKb6~d4) zdDZe6=st7@Y_LUX-O`G8q4R?f#t0$oS{hEei)+uxsEsCVCf_%)I1 z4Gv0*pwnANKj1?3d&pNOOjtkN#0z>F|N547RuP|$g~|cY%W6(dkmf$rDp28SV4#g= zY=HKmZuy=*r0D5XqrbAWnGez@diVM;-$IY;@6j8e%T#oK1ev2ibc0)5sXH=~T0~FC zWra8|wcia5ZHt?$3F=Tcv2?Odye$K5_1RDT`Cqa;VHt!9^eYsD zah7-jw+%8v7KYzJR`2XQI+%^z|#6<0$XgI&=tks5CQEjG=UBSl`V57BztY+mu)Yjik{WuKM}|o9KPrYLokK!H3ixlkg&=#Qm|w zC1#~=C?N0UsB3U9zs&sdShg7-^?kO;Ro2Gq-C&dX}@@?+>zr7t7eEpEy*`yrOro|$B;D=RgK_pwNbSmVN? z-$vw{h1?3Xe*al`KZL>mU;ut?{~}J& zO>!Pg!VqrwZGvGFVu3Pji+?dEAu_FtdL8ATLJm#@_2lqW3hMMus7B@hupJSbyB}yw7OR=pgt z%*tAe{Exngmsxf(f$ulY`ukh*MdUpMv55J{N2^2t0`h<&Ea58rJ*Uyd1%+CWpp#|X zIGs9D8tLc(A{VJ4%L0M%SI>J5(7XdmryOtt+xTW}_KoflJ1@lbAcw_;{oky_-mm#$Eg+I1aSfGz%C& zA=Mn=GOE{MT?5~NELZ^>w!+q5XbNg=WnSl_xh&^AR`34NXg&t<1PCVEyJ`<*(1sBv znyqrT&Zk2w?^f6h$(g*I4HmSHyKCNl*^i%^rKRD@D-Xb=F+wgj5v#s}pa|_=ZzwyMNpRJ5kJk>#A6@B-%5ihbNY4 zn+_F|p!viO@cb+z0kIHaoIO&^p)1Ht&CG`xrR-|JBXa{OnbCdg+@%-H>dH04(TNuj z)!{EhbzB|3nOl0-WhG}~7W6!=?THqxHaQIB)z>-9zF;%j-i$}*RaZS$o2jINSXdcA zw@vHELjNsCmWTvh^x1D6zt$ka_UpSzJm!O*JJ41VKlJ?k%uBb{`Q4L=YE^>fW|XyE z&`%4dKfvzo0z>r>PoZ!Xlpb*t|ADL{xBi8!6xN?!;2~?fLYFBqt&7WlN`6*Zk@a?U zoQ7&m{=dS})z1j-#nAs}F!qu72PH7FPuoa4AA%66sd4*?-uz1wAw)*zWfu3i0AHRW zdY9z^sY&SQID}GQ=yp1*G;MN|1!DkmM;@|&nG%II2aRej9z=}$j)kI`qr*YPr(pa< zq&K0|^wV`t*3YjP(0*&5kLZP9e96{43gS3-Ww`Zt%KP~J?}-}qN%zIHZ^Tz44NhyC zXHdU64gO}{^!=)CPLRP!g^TTqEI`vx7Czr~UYge7u~xlXX-%iZ&9)r!m={L@jlq}f zV>90RTn-6;`dur!{}$8fctK zuh&|GWr;vH?Df!|E&4n21L;QW5l1>8Y zqV$!oH+sI|ArB4VH;AbG*qq25LyL;oa94cbz>IR83p*6W_#q)NQ~F;w+ZlG?Jqi5= z+RshI6O=Y+04-x_d`?u=@|37nvg)_;82k%XiL2p`abErl%#yG7vu$TB4x zK)44MOtB3J@SYHqb^I}5$c?%3g0K(PnHDve-~brfIb;$I{^Ii=mi7}v_!9?c%ZbY& zfpe>!aHRfo?te*IcCd#}%PT@4js`}y+vyt;0YtX zsi(n>@(ueCnLS0kHU0tZLV;Y)(9@y}+$b}ca$_Jtb^)CICH!`KNZzLmgNZY0g(c|h;JGatPYm!~PBSN`Y**b<^ZD(-|z!KKpFP)#1IDPT>$q*78{9q?#B04KY$yLA0=7fX*$@Shf*y^ zhu`IVdhr?^x!Zlc5CE|mfzH(cUiZ`MR6xmdJt-qBInt5TompqdHa5s_a))mri?V4I zu>iNIy6AJdJAzht(jzcMd_CYE(tuKy4=MD98~Or}z=I!PmgNETSpuPALw)_}FMms~ zjcEzsZgR>TRqxDUJ9l60wUX)zExQ!|vg*0WRtLR*EqzNU_!cXbl|Bd%=|zqT2KnH} zJ0B!}{L3%N+(NA`oH3dNs`GX53x3?HB0&-k9TnSqrlhQDZJsi=un`RGsU{W{c7XGf z9WK(H|A!NL>0Vhhc5Gwlg0wvQO+C+OW#mTg8+);9=!VT~`KWYYNW6*~ggD zWDfcEHkoD7W8KWaOYy+jjOnb|RyTv;i2ZBqc}b5u@X7Og((OV^U2MvTDf9wNiy=pH z{}=8-3C>A=AMYTe3YLH$1cOdUq#7vXao390!EA;b$F|^GVo*c(#{1|UlBz(DHnkIk zfVIw#e)bcByet?6bLq z_$Y5W|K`oo(vS659tJEKNJ4Qwwto zsw$Ij$1kW&SIQ0dMz03r>@Gtzc7 zU5#=glcvx;(#kw<>}6*A54F?7PjF4#&^AD_orz%!Dr;C;Q!3E1toau`VFH@EgK~kq zA+9r!pgwSACUH-Y{~ME|9-+A*I9?OoTz+I{ID8=k(q;jml6Kx!bwjQ=t=}Ugfa`hR zRr^oUx&>zpu@l9)i0W5+khrqOMOWbB=n&-5{XNn%7l|n=8JX0pI9DJ1{k^OGa5R1G zA&c*CvfA&gOjZ)C!B>{XfW#5>3FvlIfSfAtV?;1J&N^nRUn_=V2U;x zLbeZ$`7HKQ@svDIYr}&Dkc2Byx^?fNI9k8#Gyushpn&8cbX$VEqhD8cI23VR3Fcx3 zPjXX+_8k_Ig-4o`-QjeWP^yDqwVWaOqtUAlv@_{4i?4J@SP1X|w=vQHY->oqvh&h7 zl79kJd(C~gKvNzZv9?c~f5ZNBIUZupj3k8_XYsGguFN2dQ3{G z*R1@$MA9U}7L@~Q?;O+>NamKD$1D)3s{#o}2ev+K_aA)2#GBmIAKo02L3}WXjfsOkq}UyqJ;#D&>G* zkAYN$-K!kW7OzpHqpI6gngM5KqZF{y(AtG@L4!8uUjjFtT^kvdk*?jZ2{%(T_kGVU#UDUlG99bkY49KyQHyv1N#zx4UvS3@Q?`^rw@f#e> za?sg^xP+oJSX#ucUCe=Ol|@R;$d37v)oLhC#a#uCK_XTXXI}!J{Eu|kJG_CE9&lDz z20~!FH8x+pe5tzKrNt}$jz+{|a5WB8WElYPnzs%BlW@UVHTr)+g%A(MYcJ9wHW-y`mlhOVrj*1Q#-_GyeO>m@du7W7~d#cG;<%{?`;4hK9wjZN6 zgm-&(mUMf?`a zBkq<7zKQWhY%NE?jTS%?HwK5<>U1X=KZv_MF{jcA9KV)WYT)YTBQlOhIbUde40=>& zg@Jwa8%3zKPkt7GTWgc?>P;MqU4Uh-%`2a7z9*v2zQ<-%U#(W|Ax69oNo)7*2rt;G z9k&-0&5dE}FsS9BhsoIo!4?EQ5^IL{vFp_kCiFiMq~yi=L zV?czlD!-H)0OfQx2KJpmnDP4*{$`T+sB9}s*7C!Fh!~`pr&fj16)A_Nrz&kZ zufqyc`mankcNeEO-DqDfR2G}RPsaFvg;A@dt#Vn_vL48J z2_pJ^Xi;W>PU31X?+;Y}0)OBNUm&teb&v7cJhX7I^})tvxXo@2{U7jr2e$r0Nk@zW zw0^MrmK1OUh(|u`LEGio`s7Vyh8+6>VGd|y9LOvvH$T|V+_MJT0g^U@(w7MyY!L-f zPafo93+Ts3E&gSfN1*fZVYu-Agp(Xck@=9h6BN*S7 zM?YkLP%f$8Y^UV)*m>0OF2O!|ZLC5bq5$UZ*H);8o>T2t`9(HoUyiGAT{nXEfdCG@ z@{T(sodrO&Ii4Ii=+-@Zul81Duyk$n_aFGe&>@snT9&PflhA_UzTU7uh`BKHHW-su z1-$1mjx#jSTA-Wgw-sa-ppDwO`QOYU(SP8%B5{m3mLV-jY>EgV?Fbi!hni%sV6R`o zV1&*h?GcQECQWy(T>-?=V{`@Bbu7TmsRfX*EC6L$=yLhGk^4N!XR1pX;$J72(b6v9 z=2baJ?{xktJRFi~$j1mk&qE?Sx@6TbL0)G9NpnK4K6}?D_}nXmjcI-l6(*Kdnht3d zYAJ#&mV?hKPaR4*%(L(*S_{wznAj8k4^m<-@l0(H<2aObvY_=*m}o$YXh+|a9B4*y zQh1isEK^7!2rBTn&))wc6q%mGWkKT(q!yP9>4ieP`I4W|yIBK_;*#NFI&fMHEC`A17+sf zg6pn}RZp2py@57+9AcIXE^Ybh>Gx`I`wf{Edd{?`^FL0Y;AjrzgbtbRWWFyQ@aU3q z;Cfv%luD~JN4>hf++N9zZ93AAw_?oeRp+|#SV1AobL%T}==Zzp_1PGFCKy3fPwq`+ zWL-%h?Sm4nG{v_tzFg~@{g2n`@Z5mGlU306y6c9HsvTzIG_e@%;!R%Cn|kXpS0@E1 zmWCl8yy90;NZ-KYiuagm{0P%^7t--y{p|&ho@FR=7J776;kgCs$3IVAa)CBjksph$k0<6bXi>yuM*qSiTw2VTToZ#vm} zWfp|m3X>sR{um&f1GLFT%bK1%g(u_0wYD_k ziynxxD!&iB#7|u0fMD-Q6;$u}(Th|k{V;^4T*W5(u#5uAp2O`qWD2^eS$npm%9%=Q z(teP^P5nw@mKNAzZ1U9G<1Kn&T8C!E6w@vjkB;0V% zsy3T7JNkRSSqFB+-I;Hv&y}|p`Ll;^|AlOTz-vgtKGDN#94h@|_B4#Cx{z0rsUNO75_z!(AG#is< zAG8T|wq#tgyb1jK`_(5`ck$3eq|-7=fql%FYw;AqV77k@s*;As{@Q!*BOxF8i{ay5 z!jN>Mzp;e3y*uVK{oIawTw}0B<(DAT5zmNZ7B4(H z%3_*J+^uh5F(M?&kbEx>$=HAXMJkxIPpJOjg^VE+9f#3>7hHNvx9K}_F zXn85B&Nbpw_s8hrjctGV$V{ebHb%T8jls+{wf+<_66c-Dn~xu$DKSn9F^0d$$a-eu z>RfD~@vYaEQtkm-ze01o90i`76jjg9vB_FhiSe%38psL=W!T3QA^G_M>nwI6u{dMz zZ}xe_`to5_>&a$gmuEeD;G}|+NARr##pSg@9MaZBg)k_|>F-tt9dns!4H|%EIT!jVV4kjnLC5QLDX4mYZv0WS9jd-#fywVd`tvnG zM$%y(dnDy{3wAMNZYJoNA^m-hq$a;Bi@Cf$_&aa&069;ceWB;8v#_L*4f&KP2rcsO z)N*s|XIi($9+zNqd<3Q6&5+-+6PV$g5R2|4Riv;5rkhw`|Jh$1K(AbT%~)9wI)q>? zB*gkpU6RT{2YoOqmja;Gxf77W;El_q;3%R6K_(Uoq)zCS3zN@y(g}nQc<-X1*p{co zr74^5PFAmVUFQT^BmvT5p+rcNr>WuI|Cz(oNY2OX^nkX9T)UsOThQjz37R6_D`zlX zAt`W(x3A(@RPX(->b^Uk%f9cMpFNVj_g>keNcP@QRz}F?M~F~<_Ff@Mg~$$tl#!KP zl$}k=3`N7J=X2;hulu~N`?~Juy6@NPc|Ff_{&$|8bo`FraeTk;&wG74li4bh%tvNR z<*8jwZ{S44m=qf-_29=dgrBH+1^1=^^fw8p=0Z5c0ss(cf~JBXmnDDURr0Mm`2TNxCYbt*J{h9)m0ld}8J0*s`VKxFZpJ=hB0qy7L+ z!ltDC$@*)%rGhw)8`BLJPP&h?!+0p6ANe?p5@|Fmha9fJIeu4uX89LE(D3E=6MU_v z+31@pZyLYN1cf#J1*hyH5y<}nr{LmH@T-to1L)$VuTk`TKLNa}sX+jn7(Zh3dVbRI zu%h=#=?jiQ8zI~0-izwsYt3XVM?jhJGatuVAQ`=W9DEr_)DbIg!zu!Lv{RuxYd>NP z+Y@2n6|>-#`Q;}W6u;&=*JsmjccYvD-8*67J{ z3;q~*tX5Qd)1numK6e98{qDu3m&96kPuG&tiz%9i0uy`-_-MhxdYC{Rd+OZA^o<|t z3ef*|5DO9AXTVM)SSVJ)VTw^#u-T3TZvlEv&^biD_Od;u?AzyUdw`;_+)xU}Sj*ha z$ET;)Y&nOO`5{6lwv)*};uH&Dsn!N!-bt-7#%Y7r1A^~M4 zRkligw_{W9*i+c~@LkX0TYflNbQfh<=nf^=MBCUYJ*k`Rt7lBzUTgJYEPbX7% z<4Nx~P&AAi1H7fp6jNxZZIFr{Y*MS~53Qsh8uAV(#5aVFJAnPbOZZg3TzT)4w4oe= z(Hr2P<)?8gl_r`FzfP`- zeaN;GUo_(6zrk=8S1=dX<-}xn*v6CS zcbDAEACj&UPrdHzf_#C5QQx;p6KaQ-XK{5}DNr|>K1M*;ti1S*L^gcVlw;@U-#sR1 zN2n$|)FlfnTIuT;d?S*~2h*6Nb(c7K=-bF3hF1HmZ%8~}*rwSErm_d9ytzj#U`u{%XlG=Q zBWt8~jw^uV&HGmFvS9J9#2CNya3z9Xi^hOzi?KkiRVHHcb9O}BM;Kb9X@>0m@ReXK_3PqWa!6vd*w1QN??kBB+|;>5-Z86GYt7*kk-Isx$IynPt&?BVL%n97bLC0o9gKU&@JdM_M_us+YS_ich!udyRdQH? z)FoAn?!1^>PkQKdVv#dc0n^-ibiG;-OxP3s+{nOZO6TkOY@O;ijPm3FwlFjE@|oYr zg)<4*nGR_Nyx$rtngnQvr!`V*TEF>jZ-noD)Wd(|d`me(L6$W;u=N&d-Q-1TDtAwH zB1{>S0J>Ot?<^bb78U?&Nxx6o;Pd&tR>ns_IFxrXq+EwJK^e?g4(2=+j#%6Oj!ChA zE}?7)ls!xV|FhMZ4{=D-Zo`hAaHZCfXcLC%3uKUt7!SJ50QVIB=vSYBWa*)c*aM9Z5# zu!3Af>Px`qno7x|-3`3~;2nV(Hd?u2)hm=d6)IEtCxGb5$G3F81Gh&D5x!^Qo;VHk zBCQP~n0$R0{*kqK?C6CkIbvH-M{LWbf62B09Lxmvy9a5xQiw$K@XE!XCxLz}?Nu~K zT1Ub8)D8abgmZc25TFr6sCGbif{w&$$JST}Ht#_-#9gTUv^C|WHh>-OebcuYs`tla z&d6h7fYrE_UiJ-?r{3qJ>7vw3jl_mYhVC$7r$G*iabo7VpN<$gMxtX5&(nd_f?eh_ zVze&hYdlV$j&S!EnTnB3ab%W!xspa~8q%c0pbm(c{eZ^DLa;)*vfvPq`lPVo1Awq? z0U*Ip>E0jGwuU8hG$!f7)31grV{aC7`eHp=DUHuS1SpWv2H{&(^>Eij;Ofq2E>^zy z=^EIqFb*vnjvno$73V8%LkWo{n{lQ*wM_XU7+p&ak!F*B68$lb13t_s(;X?+Fpa@h zhr+YOgM$jh!)`uo_yO}-52_k-!2E2!4uv%7km41LAI`ad?@MIP^mD(Pa51IWxbo!1 zTn^B$laju z1I&!(Ri%oNw;w-;dt-lcHoZ&Hrt;P@lgaRHe8g2h&kM^XEX`JRA55SfL;BZg!0KN- zYZW}FWF2XgV=Z~64pPO=R!~{>xAK~GvW4uVw!9ljoyls50tx&uyn&Go(<0u#dwU2t zjQ%^-qc?eU9)2}n3R>tO5&)*3QP>uZdO22dj?W$o=fczf;9*{-5j=(t2boOf4=l+3 z>GB$94XLL|TfAj+-KbnlG4v&=C;CSFV;R03?E01vs;@^jv6Fz5>j~@6YY`X^VkNWZ zL&-&PD1ZG`iesdBF(GWhTNvXbIKywYh%N%<uqiP-4X~aO2EoK)6ET39WxEpyozPY$Y!n0uhfHDWudl@;+ftQ*Y z&XUrzGd&cmaZFaC$H#HD?2c*<#geaIJ>)s^di?>+N(w5dYocbrk+)k+b1yz>B+|*1 zLNOAHpE+JgDHWt`Ej6ijmS%`>LtT%D)vZ95E=4SDx-W%!(LmZ=q=-|0HS5^{Pm{hj#Tu6z46MR6W`o zu$B@uvT|DRAhO|XM!(h@??4f z?!Upoc)GZZ{*m2UK$JJDn?|-rd=B0(qfK8WMgjQAiJ(RbznBY5#TlwH%q502TFQ){WX5 ze+hsM7m0ryxWDN)HQNakuqgw-8@OH`+qL7HgPqJJd)&B;-WPtZZjWzH+g%;QZyo+I}{tPwfUE^ObRsB z8Kp+g{};?c<{LM5{YWXI0nsslm8WoD^13FwxM$Oy!hYR8ML33t%ovN%!QUQ2R8 zvfOkw;?4nFU6Vgom2MFjmAV1Og92~dfZ5gOce)E9#k}6($tqPlkJ~mj*Vf0y!Piye zlhJ-LiEV1LDjzD`x$uao2XB?}SZ$pz0a|pm%Cs46KkyfL0$|DBf#iY&K0h=Q{ZnxW zT49kZ-VN<)oNY{M{tteL5?z}%O8oBIhmA=r$a@=osr;Fbfqvkka%Fz+GF%;IqAx?I zTVFD}hdCa+(O@GgzsRzZ_{`00ZG7}>ec84VA#=M`e@mY~3H^tE>UoE@dlXW$UB;>|f6a z=6M+!SyC*B1BqowiLOW^JFkSJF!d5iQDYmSH<3Pc?Rnc-s2|ErFFN0bVI&!qMfH#u z^6~ zIN~x;rEu)P@L$xRfMG&J3{sW~6zc)(s4aO^_?{I*>%wI&Vt< zqMW$vRU)$P<6mmB23R21c-tm|XL;b|28x=)<5>MzUJj(}J{8ueSU3|(j(xgug<^|- z*-Q7%e#Q^xM>j*WvG!xL@y8Z*T1+#2m4%nTqn3WW(F>*Z^L;Anrh(Gu0^%Z(e?gJ9 zW{5HJv+SMF^TUL}zhiEOl$s2^{dd!4?u{f0{kY=Q>31x-iTsgyZ?F3x8-}VLis^nsWY(Y^RKGGZd) zz*y>1V%_w7Z_mtG+xAf&ckYWB>I)3+AL|LX>uE5*W@r2qHB5cy=LwW`3ZglibT+Y7 z_+!O=l`{xA)hJM%VVsN^BK)RG*Nl`m^E5Y`v^QC}+3#WzX>}ibY={p0=s2DEN@U&h z(;2?NO}%GcAMONRar)FG>E>}(va9{>qS^Gu>xw=K^-v153$B@FgYOsbc?RTP zZE>d_88F4!NEZX>^^F6U=3vp6F{=9{l4nzYU&wKK&~}|PM7AJ6fh1H?>OY0xy&RD zxCj%NPo=%1-Kh8pCb?g+kVTIHjwL2pVNWv$7HCaux>^`u6DMH^jNP7G5gK*g(c05fQ+!)}VPGd|0WHPWnc`>WG7lpLugtI>;pJ$A_mAWA^{#E7vC8G8!@oS#RL5m*WImI4FSwlk?FM)dr$$b z22^neDB3GHS9qDHn}i`dk0&n}x<(LB3XyMs?+jdEJg|XraAeGs!%@Mj zs+t;+mzUQ~mvsuvMBRMp3~O+9v?DI4=z5H#&f-Xb0otO3SrvjcZ#Do>i%&@*_Xf?Y zFF`hPh$~c!4%ZwukCmW1;`ZuseeTI#SHV$g!KQk4_*bpx^le;UP$oOTc$ikuxYryn z4}>23#sCbMkIH8Q`0=w*3ue4uWKkR_M3@!lY>fskxOPcmaeZf-C3F;Pi zf!$XSA9!6Ra%wxXq^|#1x>fVp=CMO;z+$3IxuC19ZLaf3X+}(PGT$qVY4&=0OqZ@4 z_6qw+eXbr(PEJ*2Wt86*s8mc9o{%5Jb(hQXP-gK=NSL_5dgdB8bojd&fk)Q(tkO}t zt2eN7+`_gu!$Mzxi0eG|h-D%U@wm-g-}k_#$2!L`6j@sHs&~uNI5H zIh#Aux<3>0?INb9nBx$*T$E5bI8olX63bVk8X(l3RxtW?fIHjjJGO^EpssCDp$LPa z+ZDe51Y+@XUoD-@wn8{XyKj5Z32lI{>|8_ZZ0p$A1&F}C;Y2rVFkB5!2d&If}! z?U!XL+hA1QEIpUoTJdM==e}CL%Y&FsDFXuo%mIvJ1wLR~)#0IvvcK%Q=EO*@e{E4p z*@8%EJn$7oPB=RnFuRvXHf?k=wK8oROZY4}Z`B8?c=o@4Ck!^b78XLa;(Z9kpm-)* zRae0ZWWs#PCn60A7UqMj<(rIQD-|WY`fw~63!kfI4NP3MU&C&a>+%eCeBa+c$JWwv zT#`6K$o*bi+N2Hp;2Rr>%l-V<_cvtTK)Vq3$nRR$4uBp#5#iSfc6r^G%uWaZ6?(fE zYB9baew$T$ldq-*Z<-o_pqG%nR0SRo58vX9`Ow+jm5V=E%bW*;Hk&jq5Gs-nKdDQT zo)zIW2S$+`Z5D1ox<`aN1(T$1Gp%4?mU(VzC$5g(g5G5@N^fASh(o@-l1c2~6(u~x zKlA}uSdgLGWQPiCzcZiZlyJp$)v0rJ)5PwrIwdOJeBTHvPOGIdy}iAAE-}KF{R7rV zejAuwR!#{D#vx^|`U5ZqYPZQqNTju?C@a@&!31V#27OXBVpHW7wQ+6m=$AxlsHz%{ z!nE1 z#Nq`@oNk&I5b^2yvol|pMX|B5JD$SSCm}9w6y#)PMjr|1zvz&-y{i$3gyw2}lJ-}i zHVRD5&f1U|=>Hm)D4gqj_w~uii#~B_DJkqgatk#zHWuvFEiNt=K7IOhXKO137F?~i z*Jx(LRInVdGh^;@o|}EtHU^KNx`syCdoTrVcW_BbnUF{}5*S8YHSVT%@f%o0g>&&osLo57T|8k?6LbF6o^1K( zF0LOPp(~pAqlRMOu)_6&EMk%&{PQ-*gKiv9UaDj$6YjntYIbG~RypmR7<91(4ZL1S zp4HFsl`5VAy=JkZI9*W$%SDPh;(jk!80jjE`bo5bFW->25}Jv^eGv}+RAadk(>hkV zpy~DoMn(p;!AuNkEu$c-g`#X@n}0L(nEwj!E%U8UVmo{9{719A#p6Pjx--` z`aS2|x|7`N6;aca{*1oPYT#Todg^P+CXDY5AC>*|>C;*bwa#zC?g3LR3V*Bq%@gZI zotX;cCK>EOyL96QN@)LKD&9QyfZT9fuShSv;e}2@Cmco7C_ zYedQf53zHyu?S9R3_>|(M#PB-glPUHnXQozc2zg%K}NOLX|*jcsoI>K=*mYl7E}l| zm2{S!vG({zs6xe4IiY*#Zqq}<$n58gqc2(ZvrC@KovR-rbdl9l)I_4$w#V}Y+SVD% zJjXYLDc0lJ$J4>?>nw5V^1W*kBe8m?%2vL7K3vmK^mt($PP*OH3c-rLLui^TY5K9U;WNJ3;NZ;?FJmEiQ{-=A_cEGymq_|W!2x)BTBR~ zIgXDQn8*f`*osE0j+;oaPgDutSZ^}N2@^f_$##?4+=&|NGYU|-rQA^pH?Y5S@P7zCu zref8lM<<~Ko`k)PE0&LnwVueTZND6Q zLZXLbx0Rdkc#)qxs_I#*F!rWJjm+>%^1&^o(Ay>kgH@r!#678pYQL=gY@n`wwa<(q zpEN3jILK2;c8X6r)!5HoIP}$MN-hJ2?*JsmmmuV5Q%TgWhGVtW38-}@#Y%UW7wWyH zDPnEAP8uY^d#!T83g2xlMvZK>9<;+>CPY-sh2nb#+yt^bDE&oQd_Ng|%J6CO{R>FU zk~`Ec2vt{W>m^xt)=t_XHa9Bb0nyjpRC7*9#0?dl6lAEMaHxL5V^{iN56LiSpoUgXnw`X$HmzkU$q!APcdZ4YYm zm$Nj3NuugJLQY?8h(5>Ctd}L2-u}>zrTRXz{tYu8Aw9y^KL}pkKWn3tbn@io585kF zYV#S2q; z2Na=mvb(G0w%IhHzdj-6p?jtoMwuy$29-m`kuHvIf4~-@5RrkG(~Et@4`@he?u#q%)v~hl=5INUNCu{ zCj2AtuXuG)VFt+8V%|A7wtZ$DqtuP{*BJT7G)|7(qhrp>1iXVP~B-vrs~X zhnTnRfuZZAmqLZJj~)lvKQ7wKD-qgz(8PbrPxS?c0grx;sdYS-?OV$k{!{kFO}zub z?keoZfV)qlY3u1MuWJ-BUGk=L2Yp-r-uLgOlDuOoEyzZCca3B2IZr1UK^AGctIY_m zoOABQP~JAyv*+`_KYZVN*d>2Wzc%fpjY*Q@?-{cSAKRIvN{`0h`An-5&Ty_0PKem7 zoH$C~@uvT!oOXP^EVu68zho{SxrP7pUvZKX4Ivkd${olx*m6Y=-}HclPCj(RnasnJNa+ct zIIS~Svc(VK_TdUYIeNs{YdKS3=%Zj|6#t4e&8i2)wLFQ1O)M*dAJUMF9;5&&7}USU(__WlvsO^ zdI0K8K3HWrL7&fullJn#T(JPj5G^wi%esUG`7>wKfZgnX`k9*V;Dm_j4Z5G{JsI;k9hIotR0*q zcp2k^1Z;I~K(5^g&KO#V{E1=)vO{GXj^^TI2HOn}BvE*km6iFYm<>$7L6paEa_%nD zt_N}od2@5K30dRu-3tznSWFrHq@yRnoS_QJsVdB!nm5U5X?ZW%+Y6MPSfZ3|xD$Ky zI0vy0LacrQ!ZDXJvaqmd2;S<&)D6+4Zph5^A{G+FwF0xW@jVRTL1Kcv$l=4F&J6~^t#O1&#W9+U<5-L%olx;i` z62{FCo%#${PMs_dxVT7Gr!n<{=wNFuL_TllKH)Anv3&t$hrDJJ8t^bdj!k=@JNX(Y z{Fd=HRkoNM8822Ml`Hk&LOeL@7(Hl8McR}CBw8l8V2Tssy4Eb^Pn`Ofb50u3T25$ zUgk?1Q0r9T2UOu@QiY5NuE~VqmD>x)2Aqn2=3Tz7Xw$ASlRf8w@xPf{L%d%3ujR)@KbCwuKV$pg>qTSl@tSNE`xph;OdV5zu%( zJdNq7kU~UNbv$PRiT-L3BX>2&Ad>7h0QV`P_&#S%?9Ykzb`?oC#Y4|h7Srp(DTla%x@h_oP1tQCucwC+7T{Bf{y z!~^w6K|#R*UU^aI>f{pM#wUx7jg32T5y+9sGxlq@I50(=ItQi`yYi_Q4o{1VNqi+M zsP3@LP`ZJ4)*jbV8dsK=WcfIdkaY0sa5ko}1~4w<_7;CE+B?=JylwKs#InTc+^+Ok z5_AR{Ppr6-$$aObZ&n$>3$sYAT~fa0&wQ?U8~N_n!xRk-Q^p@Vk`TGbQqRLW9dZd~ z_tms~>rbO~NFbdqu z#C>g!u6o?j0A!WPS8%ww1@1bIp(4rAw78jr<-rg-$OlI?w?oEOTO6YW2Ik-sOcC{` z9(N2`S=)Pmc=txE>C{veqsGM@k0>oGm{Lo;7(PE#sNmZ~c2!Ts{^x zB6mdPq|#qQ))dh7em}CiM5sOtIIIW<}7H~s&cTNzPdDF7ZhEo1b34M z4bDD=iA$yvJ119Q(@7Z`1*1`qof{OrNdOCNamuz#{R~uTsUG62P}qP(DOlvgECyyJNo~(Ay0)hN+>j&hZ6W3U#qb7q^u$ zCh3x=A@U3*Uom7yh7?KX6R-mzTw_7ezpb7RWmRccrJ3K%jpJ5&^DL9U0BX~`&fVO{ zB%JOmB-he9?kraJ9^1Kl9t#VbPfJzF#8X={{H%Nz69@syHHsJ%CE3L|_)WI~VQATs z5j+8deTq|qV1u=0I}_t>*aLRvCD@qXLuPXMZtoh~%u+WAskk>LoQ_wA-Cp?}rGdSl z3}3-E>y-`XarpH9^KE!-)b+5g=mgZZuQ563JbTOjz*NUmzvB-uW{6vL{2H_-IDGV9 zj?alXwcdyBBqk&r)E76T%SZYS5qap-Q^7RoWnwZ}Sf&%R zWWDp9;V3n#^iR8Vn5G7s8%$`TBUq(bOW3l;WI2z2oK;v^MMVvqsmsGpp^oOEh3*cG zliyR;W6gg9+c|{T=da2c*`tmAfMoR8XHdTgjE9x7LPN4EvEUyqHGS1b%C=$u3#2zz AiU0rr diff --git a/components/engine/docs/extend/images/authz_connection_hijack.png b/components/engine/docs/extend/images/authz_connection_hijack.png deleted file mode 100644 index f13a2987b28d70f81bda7096a54ec479f20b2690..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 38780 zcmdRWcQlrN{5QHQWZa>Wd6P|cLS$x-WJmTWTSjDrtVC8;86`53k(E6|W|FMz>~$kq z;dx*6UFY}5^T%_Z^PKaX<9p8c+}-zeeXh@Vzu&L%z8+mylP4ymBE-SLAy!n7y@7*+ zrw0GA;-7#|9MZp9Nu8EL$=dljUBrC8qOcZqwAp>oGp5>Y6`LFzYZtTam6~jq zl(O->Yv}U0x4S0Q8_JNEaN@t7u9aS2%^r1;MNd*kcE>vaFz z5`!y2a9wzpAnfBm*HrLpe6;=dC}A)=ihhkB)vv3_{WAtU3bpE!|9-z-9X{|4FysIC zNnSWjiBAaQ9qex>ynipe^-RF}iRHnK42757b01?{H@w+Mb#iW8>t~h;CXy?v@!A#| zE;Mf?No$QjeRCr6Kf|fhR%So)ZE^ao@hDl4(_ChP5&vrOXw|)at|5biD%SkSd0{MB3haB+ zu?K4qm?#;BPH3G{z`Q2VdZVK%dT%w4(xM~&;%j~3(skto?zsLpx&}HtpZ9wV4(NS% zOkdSl_2f85QNz5RfcZRj{IUXOfuO{3+z6X~jm2MKO~P^O!D_`Eiie6I%FhvxCU>(d zl$|lO9+v)9us$IL8z$#QX3X+XvGUuSr51<3b{*b+Dq^_vIU~C6=+MB(bLI@YUf~Oq zI`7?$jrCUgs?65z-dFN*bIWjPD!8EerNH~Oyl8BNWO6$H|*flr<}TKpI@tT-lk7%*fg_D^WJ#G!72ZQ zhC|$g_&mRCzG1~wyx1q9*nccoaHfEc7Ig9x8!xA zC@7Ur?a=r2^(cw(Q4WjYpvF~pgM|&Q@z0qiFnHWl1j6Bxb-o9NjOj+j z);(o;w>G|i?BD%X;X*xk+2Px~QXEH|^V@Ejx}Im3Iuu5Vt<~eWuZ2%B@`*f#Vnd303ey;0#-cUPNOQTi5y4&vQlKu2>sck;hC7b3B`MJy9J5J@w@I%jnI~@r;Yob1TCDB)r zc{-f$eU;xBbjsjsmPtcE{ss9bly2+gDG^kc-gT;PzbrqLky8BFayzs&*edw2^5}5? z;!^G18Kr3s$E~$*6~)dg#t#lGGf2M+%+VJLfZ~CI1p<%M^Shc4d z?RzOawF{Dwu@7ar-jJo$_o++Rch>d_tYCd%l|3GfdrT8ocy7Ml`wIKk@X`gFFWDM$ zqMSURS4PTb;3@FbyCSGBTm0Htm)j$~x>G+WHwF`;u^&pVUu+e@rTPhIXBvy>}WvM6J z>3f|sjr~43tQgCp*q^K2Uu5jNdo9)Hr+%sZ;k4uPAD0eahlDInG(229q!hdzWj9u> zFZYCoJ<-{72W#qo@7nXa74PlQdvPa~jkkY}ICfOJEoI0)BHN3a@yZ_5J9~I^@@Qw8 zG)dSw-Fttfe53Ic52a$3T8fR`$;#7h*6qeEscwE*d6pgV8w17)%-X%>A{|!P9bi&cq}6dT_zs3pLogx-*SUu0NOc zUmaGtuiTxaz5)kz`srmyqYEoRr_P0Y$MYDk=E5<31LuUh_Utd7+fq!0%3apN-`wuEdD{_mRDM(phX&uM^$Bh4wZ~^a{#+TcoNkF| z=k(XYTIdbcY>(N}1YbT?Jc{lK^dP1z<1u{yqRjS7Hbdx2Z*b)qZo@$~8G7~3Dwq%- z>z-8YYxVnY2CEHwK zULTSo3w*BCk@5o3z(h(HYNt=tjvw^qGRJ)~j~24hzORl}afs}lU$+{bun%}yH+lRR z>4TA+P5kfTU+k*;i4W3=jV}ApH@$jxeREsjOk2%&{c|27rErK99XC=?G|G^sif%Q9 z`Afdhd7EM0`efatK4neBFl6Eek%mc|oI(3j_TxN6Cz+J3#Q9f54yZ_J6VF=BzOY8A zc~J#Y1cwJ$)-Jm2ZdkrzBTDk5TFeev7wbvdE~RYdE8gMH>K(b6ZA$Mym}+&^ef672 zPv6uV)zou4N|AoP_V`vmiEe+LyY47(!Fc7%!0`<_8=r^ak@z~pRWug^nyCDPXQ zBv-@w4eHN!CPnnk^`u=c+iF?p%i6NKKIYTU3R_lAMCX)X-8PS;u*fSBnlC z`0H`oW9vPiJvnN0=5$_waqjLarSX}|O_Svbl1AHZ1q^USxl<*bC_D}0%$;31{24zs zur7I3^O0$I4=akCX#4A6k-3j{#GE1~4{DIcu(Y6)k8$wQx6oZ3Jau`8yH^i)rrY~o z){xiIwTvysz%e+3da}7gKq7X%1maK+KGi^L%pNT%`+=swxX*UV{lR&Dz94E&<9+kn z2_p2xIEJ;}6;!nk=T1s(plvBP0!-ORQt|Dvvt7v|nrlic!=(``8N=__YWKtQ1`3QF z?aYtic8Poae9Er*I(zb~R|gx;4eQED*#+NlS{*B4x`V!0UP zPB0RT?=V~~6<=>Aw;?w}1v7jWbz8&_R%TFh8ZD?h%gn*}o;-G-a=dZS zFa@fEoXH>e#ysU|TMFsF9)A_>XHFn2em`aFu{hqWzT08`bYPMrsTkIe?@E?JG-FF8 z?|mPZPRS~t{W3h8)QG?&8LPfxEH-~->ceC1PBrQI*xjJ>R`=z!3$6NhHR(Gu`j*BL zmmY3C#x@q^=@&09dim7d-^!)F>|!)XCw{-g`Jxp~ne9OL+k@F3aU9xrO?}wy{rO1* z59lBKnru%J$g=d|eT8kMfAB@y`S@owLu-d~WqcjzS$mzEH;VbFrix6hURz5nGU;p= zmG2pJ<(~Q>a0cIeGfz}p`3w=KR`!d*X@RN-N4}#JwXuG$@IOs|*Hi2WJ1&jW#7Sus za1y`iMCgGOhPRsJf?W7@eTM8k*o;I>1{W@x*$CMWGmTcdX%;UQ-rcznDVDBtIp3f> zKbl*M`u0ftMS~2P5R#ZnwmO%X9%<+Eg}*-bLPOp-81t>5c25awUk8c7X3M^L`GqP3 zkGlrfsAW&*x0#sxILYo3y?`z5d?S#8iBL!TZ_#pL(<~;cpl5f+t8GvYwI2 z7bJ6H^cQXuX4MIIW5gxHs^O%cXvCM%*?B}PHc@KoiE0)xedI5Bw&}~jrua{ML7OiM zSNE3%`klNNc-19C#i{K02nNX~?xG;q#iM8xO@7Sxwm5p0I*i_Y`!Z1P&GA!bDH|qd zjjQijT+quYB(LXKhYBmcN8-q^|G4tK!~{otujBf-WKI~|`^hwe?0IAaJB)=;uiW{X zmo!lCN|aM2=Iv5Cpzsj+@~?`*zB zZKIc^(4*AoL>s)qTeSeYAmjGk`>dibd=nWS318}b(G;%I$(RB4_aOO;){m*AJu&~F z3_mG9y5D8>-@rzpJ{2b@R-8VS`Cnx75I*q_K#K6c{!G*%G=7w9ApRGL6tYTA zTJ(fiEB5p*2*%^|Zmy~LKUYS-aN@u2^zdJ#wG1$6Xme8k-z)RtXYiIu zzt?yrN1UVmMh9Ox{B3$LG4)vkVs{VQb6k2Dm)XwfyEE+~)vxnXFXOo_eu+LoOyzNf z_LK7%Dek11*(tn+YWj=s<{0Qvjf}~)2R{w&4433Y=B~R+cQUJCdN=TbL;kZUvG6n2)2siv|2aUFM)g?Uf7i)_41UJc=<}cZOT!L0MM=l< z?;sH{nkxHV{onf=;a?Z_#BFN&&ma*<8;igFpZlMJr{yv6Nc?w@Vg#}&PJ4jHW_IV& z5}M!Th(41mp;EDz?7$K8q%p=t0KES4-Uy^C9*{hFP zQ#~3DV*DZv4(e>+AacxgCJ9{K^xByWiSW`MFVr>F1T!v-q5W1mQcO{dp`JmPI78C`ifRUv&~k7mC=;-Hzdt)7JD~JRE&`Am`y#!hUPBQ!l=*tKhco;27k;@Ct49EcIw0J? ztYzv9u&QT_j@{TtdxGm-OL}Wqa&PsP#1NqPq#Ab<{KLIp{7x_ zFFo(q1w`{~hF-+usreDJakJ5-;!YpSE>dg$+TC32Xaby+0oncCy|uBy0J7<~K_2t`ajnHaT@T~x02n@SBfK>B$%OO=R6 zRG$lVEuFlm9M2WQs!rEXcrpUT7>!e%gU}|v2YVlZh3J3COg7RW${Jn|@stYyoOUCD zDIstYFE{F0xym!@2m_Ajk9I;fqI@-Tj~TTez^RvMlcb?V-x+@Whdgvb~u9P0`Y+bKGqbN4x6mI(dnA zFPPuXfJ*=F-j6%wT)bnXy<2l>50st@*?$rC2H=z_7eR%mTVD2r_DVaT)VJ=Z9|t+_ zkNfVcrp;a@H?#+n<{mT;xV|K-X3i*>ik# z8aD46F(`-FA|(#rQ;9ZzB3yOzxT`T{9x2YU^KSYM;6E}CO2RW78Px=B-B&Pg zZ5PkFYY;8JaJ;uN%)GVOPyTBSH|y9*5oOA zgQixjt(@?G%uR-&a_4Kk;%jJgrghq!nHYW$~Rzs2a4C4 zvyUfbiI~k3iKp})B>lMW|KSmEb8lV&cT_G+J;?CQ`27O_D+O{~pB#u>E@Y2x9#w01 zSJS`EmR;x5rBp$wrA_DqWj85(ceL75;Drjr6KA(kh&*51E*g|+?YBnK>+U1f-2Phi z<`aWjh&j5gBc-<1G>(uVMSpe*^iZ}I7TNT3xK+zX(zUDuK7V80_gYop$#L5YgLV(K z3-r3J=Rdv7KRnn!N!$>6`ofn3*j|()Vn80Ie}1c1B%S#NjtM6>clTBksl@wR<+pno z@K@OaoyDrD`<3W7LPEA*Rr*iv+Q>YIl#%m90$YD;8Q@849Osa>lkKD8#~VGoh96 z;8flCu;5h)G>y#>WGbMA>e%=qw^9qWP7*b-7MhIihZg&r-VGkYGM@}idcfN}gIPt( z+}8!^-ca=l`{Ui>=fbZ}kg2?oDO^*r+s%yLHIJIjtr%TrQM#XL7W zj5(s`v6D@~^9|=Td#<{6%pcV`J*#t_>TrHSBZAuImlXu za@$18%m_(5hTa}yMCK}IP7xBNm z@Zp@XmW=RBM}ls##OYsQFZAqR)^2OaC(bR4+@e32L8V&W^v1(K?{|-8>@;f7i>mfI zBZj`I1m7=s;icw^<(C1EFijsZ$~8R$LjUQ=t9#kcgvrCjRyMHZ5jP8`l}qEK2Isn- z4=hqdeqck=Ii)7Om`7nao%qeJPkx*OeOUGLw$CP-0=Fc*&wuOLc}*l0%plU!-@->t zGX4X7Ie`7Ef8wF!$-BgTF_IV*`nf*?XQxhM&EuEcp)AdFrt>X!*xbgF5Dfd8k4we< zD(N7?MHhld{Kbjg-TIpnyj%{-kJTkf`zDX*&HTiOQ{_6f3`=fDBh1C4J1eyQZ1rS# z!+E~Bt;G_q!;)j`kBLL&rM<~y@3Vbv-z<;Vc^4t%Fj98WC>A4HdQxaikuFppPvbPr zlb51-_)i9j^AtBXdnBsd*j~RiyD9k9sPP8Q&g+#9-etdfrM!nz3n`5f8&`ey+JFrB zWmMQ@m`YcP{Yl)K96!Q@#>Wk17JDHVPWjTz7b_skOUoPH6FS5jv9~o~tQ+!U14q$w z?Rm%7k)8C1DgT#*TxxfW6nJx1eRxzgjCj2#J$Gjk z`puFPqeFTw`Z^MmmNn;H`~J4`w(t`i+aKc9tL{gSF@}X~%)(|xN}aB<^xG>Vy0jsQ zxVFu)o`lbv59_2uQDO$@wwoDV=EiStUOJ;Tx#Ep!J$C0pt=+@}@v}TF33lENyqX#h zSkTLA7jRWE9Aav>iGnX+S16=W0^C^O4*gs4$D6UwRTEDvUG&pF##aX-g2BNmZM8mH z#pC*v*VRSO@TSN%W z*~q}{6QnryJFSsHJd@5J!bO{RC(CJyb}+suYTPN|Cp=Vz8I{{^K4RnRFZL!w=usV{ zFKBo2CTRt-Fxg7+TnnBA+tv_2k ztrr=%Q*_Oaj2DDC@ZErg@@n;=<~o%T@xG2%i|E7-*QBREJ!Oj!SJa$b;bM<>vNDF` zjc!ooeKe6No6wgoB4tkt>a)vbK_t{dDqXWQqORHYqN%Pd{wCYTg_|xcrER%qtX`PC z*CbV595yc#s&>K-9-lrL>sI^7bM7FP@_s{wkd2sHLqmh%AEDDM0;k$W@AV01RV$f1 zOdiyevrXTgIOA!MPg6`Ew9Wnju1rxlItMK`E+q;FZe>n*N_Uc5Y0C&E=~AehoUY~y z10Z@$!}=ZjA0!HR37c@JaYu!>G52TU+lWU}iTdZlX2|ghE*0RP!zIjeingx!^VKI9 zzrjz|X+AnNG#U&#jlBq3pINx30W3dRrPF!xH|(uf1hAg`g*xxl->}>76)+znm0o%x|G;k6(=VLv-f%4B z{s&P%VF4cC|IUC+_oK(5YP&*3#3>K?$= zjQ8}f(3&wq?A>RAk7nn06p8@QwZoy#gai_O!*T(b@Rj|lDVEfu^f%Zc7O zPf#KNLJc>Rn-k;<#TE{~g{n`3^jfPw|p^VrtPp zOhWRjohI=LdlXFZs&hEe+kSqsM!7TH?}L){crtvp%vsd50$U|11xU z3M@}UN>lDX4glfDusp?k4@(*TrY@X#VR=s8BYE?W&_2Nh%hSC``Zf5UkoS4Z@SO4vv@EKi?58;M{{`bbdg}RZ_UrreEm^y+nSjZ09~83Hzn{AhLNL?#|6X zQCq5d?jq|!#Ys@MxnOIZ3+)Do(gqAbCNRpME8T4MAs}jj&4S}Uy{{93AAjBVz_&-=eC8@ zf9J=3tSW!At`msq%s0a z)@b{1<0KI!MkjCL8c-RzQ~p2DY|k1%K+ZI*xSPx6RO!9@PJ_o$Eb0Xe_jBEY2N&LY zHhnAC*{%lz!38yQ^z*#Xuf0vmj(y+frNf1sjDQ{kq0+;2%%` zMb&b$F-T6$N(U5iP3b#3*hw4VQvr@3PPe~#=#BYxxK;4rBk06WaUO1;v}!#zCm%t@ zoFeMR-%ey6Y8$IAgBdb4U_#d0lTi)5R-@-_r+l4L4x?8+2zg z-d=wh0Q!K;qcC8S43!eN-v)a-kr+Ki(5yjx%Q}z^_q)jPX1;%nU2Gs)>juosq|bj; za%K4E!S;9ua2O^}&$P8XcdX5ckr7O%2g-&O!BBLi09&(N)Wx@+ssNvL(V&Zvt`d|w zg-2w}PbmXF!LSmj$PPfwj$>7BHIiymNfy?aF>gI)R1N#3D(+kxiJ0p|$o(Dj!*84u zSMGdfDqpTY9zeED7=c7RvlKA&kd5N*Zp>)Pu+A>?Sy0$fOZZk(Z8Uy5zfn%EQn?&( z{8Vn&!;_@#Mdq!jCbi+!ZxyeCm$BEo(>3Y`##4A2(~-BO`!MfJ&~gw0<2L7d zsCkGcO?Bu{&A^M!$l*2J<6U8vE-VwG9kfqirEAOP41Ul1D`b$4NOOT1-?hdyb@tvZ zmgZQY&@(+AH29AY60T%I>L!u$0)JuT4s&wr(x;a)qF1(7*{NJpX1h~3HD9ZoCfc5) z3dQfDwwL3I8xrKaLO1(^U`WoJ!t4WY^}-z}3}YcCaF}NH?79^ArCGf#XsSxBux8fk zT6nLDq=8;Fzee_9uff+oSjKt-e)nZPfBeQKIzDytmT--ARmvyQonL^`?Jqe(D(!Dr z9J#^`fD%vHq(1!w)~jEnN{m62SFH5jnvr4xcM27EGa2DvFoPuBTw!W#Rs(s!Nl`KN zVP3&tN(PT2%nLNp0Wd$=49d-miNsP1l+T(vWl9K|Tf~ zpAKTHJTI+9Fg(QhHr=oR6T@SUb-dT3%uF52t*h$Vne3lf}QwUp>ZF#*b} zUQ>@)zjR(j1zdoo|H(&wdc_Y1ru4NX7b)uej)~5=`1ZF~va)MqHF5L)a|A|}U;&ck zx9-j}YesvJB9D##M81OH5|K+fv0ga=9g7N~B+k_*y8@_1eeNA;F@y6TV$YnRgQ79? z5}q?RZ8Dkd#qHvn#IF%aH#~$}E2W4`l5lH6t+PE%SZIRVup0vt{{AKb=af$g`dqBm z#n%a$`1EuBRU`)~+3VfbXANG#Geo>k!!n6W7ABQyNJ%GwZL@0@TNgOBRnP1NF8JmFX}y85bhh5YZ+AP+@e_EIR;e5eEwmFYNqobjSv zOc6s!a9!}4Y1TVMxDYPXfrOOjc`*Ki7vRfYKHXu$)au?iXG}<{4tC@OhNUXzweBP+*y*fD6E0uQ`J4kM~@%Jf}X?F7{aWmBw%v{bxbWZ^8Q+e;l0(nfFv+9lScPzSpYssM+P<`+XuNQr_ zQ_0~03t{!{?DKc73pYgEmlOR>#%q1rn_QrLo7RIe*y4Lz^k=Y$h=6Ud#CAZ4vQm)*K2U0l4rRv^V{Qa#(#jkn#ncxuN_t|rGqe;yLk6s%m8*O67hcgp39hjVnL~AE{H4rE zsVm+y72w{>fw*ANovaV2n|-=9@*K#&?puO{Gry(pW`G+I#eV78>_N)U^x9s%@!rYQ zbGfMXJHnE@*+uJ%xXeC<$>em5tDT2RA|C27joPC_Fa4VPrCfT2l2AvnL10e+yGwQ= zTj(=DT{)ZYSHT|%#pZcLU0nWFp;`NDLs^Q-(Q@LM%Uri2R79Ded)at_)$uc!IT1DP zX`BD`07{ukC{5cyLAU5lzgFf+C+e!uUksr=_o_mqSPAbB9raOnB>YB6a={i3n;DCY zE|a50xbTYo1nQVJ1*Yi)&m0ycG?fXs3#!Sf}Els7@DChpHnMYMC~~P$Ek$ zs}GLZ?>p<$@tzA0(YBWDPc>+wtRVwr0`TE?nN>-VO*xg33Oa=5O5>$ytWq>%5Cz+H zNsQQK$1%H-=hVpQo_H)tXiVUdiegN`saD0G<<`oM>ZKqGY4F+vU6ZP{lbW*Zoj~Y$ zd+-RxkCZ!hG(0@nkH!RlFBt`;lz3>t2cO0MV=QX|Y@Wqi9oyurYS|~NcfUiCR^YB7 z-)!HY`4kl93OFTNSA6;pU~z2{dy`p%X(u0jK6_gnv9+EDI;8g7`r7o#bwWrv|HPRFt}De250CQ@3?J_qdae5W={%y? z!k}6e7B8yfD>U;b5pM|^+g?2vF@k<;a;jk)D0cj*Z^#*pP_=vxC13!6XZAM9q?BTO zNkfyJ#gD9MTBJ&1T7vtreqo=^LWaeapJUq*)Uy=Lb~tQXpa}Z@mvzBApR-?zc_g7j zN`W;%jJEcvh$yw<&q}f-Tip*1;7kApSC`I55TIQng$sa3I8m*2O>n~m8SGy^ks*9m zoJgW6JuzaVbDh2q+Z3M*y;XT8sOb5E7Zox|-I?C^HBA%F*} zEhaGa-2lBO=T=o25uMl|f6eZTa(>?BkdvYTJsRa%X}&i-lQ^_)F!#R!#tRTAh zOpr7eh1Ji7>KTF_vW-B=<|xBh7S-SWZOeR3E_-u#hUzGEERwOv3NN7NHqM|;@3|2r zgC?E$jQEV=IyK*?i+1S`@nt)#QG7;v>9|EUCD_xU@%!xFDE+%Pz^}ueLm=>g4C5b) z@uR#%RPY%=xAjke!=R;2MT&*zz;>5n@WXij{!sQ9#GBjm z*UJ1+G%7ghh$2gp&+v!rID`Yek#b88$OxF>c-^B)9*kg~LQ0r^$#y{bx8h#uP9cz)oEArGIyvX@U}uLjB1C zp-v!t{0Qcq`Lv#uGG39A-xRx!SLzCj{~-9LD5wuQbz&qH2(F6-QCvO+H^*my;h`I? zG?>uJD7I9yobn+ZvQS!NO8N%u*a-rY{m!a0@FX5b%wCdYurrhx3p?T76Lly|s*v5F zBn=W3(Py9*NKdC8!Y6YQ!VLw_84UYBTL#%~NFl-mUy}|<3i^xv`v2}blAqCkmpXU& zt@Gj0*I}+d$TS{<|DD7{F)N?de`ldsolY%y8{@P8Q@i!~C0iC}XXp3=#%p1r1)FV5 zV7GA?$Wnc-1IB*_sDhs8x--#a8`V@U50`S1<+h8)NNRz6~C|b z?6M;_xJsTPF@4LnGM)jDHDG7qt0_CxQk!5x^7ogj(=6SNW>^9-;)@VhN)>4TN}Dfg|L zQ4&OqQ=qu~jL&rTo@tLW+LS#|OBKthz6nsODx8u}8gnpzn=bUNi9^vP!UqcBk+EVO+L=P>my@ z6-_Kw!j|Pfyd~nk)py+X>izLmTA4)r7Wr^0us}rsZmZXDOdjOSBZr7@ zP9W&;O|Pq#`igs=Bua{sVfGH3B#znz@J+Q}aRm#NewkfTo^hQ~>2Wh+nTJ4o-@u(h zJfBeB=eoFiIt-U6J_?8CHYKF4aAFAVFC>=n6YDk=XB|v1_GS0_xvVjg`e1p{1lb;9 z9oT!uk6B4Zc9p{yk`Y@YyLiKWBnYB#o3Ve02872}f9aC15Z~@J@_LBD#1FFvTmYrpb(3srZTVQ6lYrSZNV_!d9U?unK+7Ql~!; zmB(=FGhO_%<@{BmgK_4%5^wJQ5|>;5&cpuNh0I?#fo{V6##3FSBox0>jHf$_aU-aLRh}cQ!D@)9WOc35~Y8 zDQ5bX3tGgIpwfu-3URyOkI%qsKP*^2{-DW;$oR+-hx8L-SKHV*@@ia-5B6xRfx>_l zF-5Db(td^A6j%>CrAN3Pf8mXjZXZXB;s8OBTEopWrMZvy$nb@bVW~dd{iDmER3uM^ zp5xTvny~f61lzXt&IDW$3PPguWW$k{E_)MG~eCG-p)g=*2~zTQ4H z!mRlPG%)<#N^u>$)+rC>LQq2v4c zbJC3sA?5PL4>WPJx>7x#ym1yiO|Sh%m*#lJkV7)E?1^;E-WLiV|fR1s5; z8rc~gWOQQw5~dhKaGLu7_h|>cQWet>zSiy2_Utcrw`4O~(pyt7jFm7ewBoqF#_!35 zS>wX%WlIJ8zeHzY|Mxx8@nxTTOx;DDcH1v{_vd+-ChYJKs~!MBMd*qc<+zzHOMpZ? zc%W+_U(C33$GF2~a?15||GKo3us`I4Q(wQfL*G&LGxvqh*Ty`iBRpC!EWm;?ZJk|G z`aSECcqFU{(b3TH{92`xS$J%D>WuSW*MP~vLcQ}HH?ZojaUjqQB2(;TelfMbe$IqO z`@?Da2uKaDlI1g*rtr0!kwvwCet>&gA(kbAP)Dww-w5nOaZu8=E%v`T)*kZ6haA%N zec7JG%~9#ogsczP_=tbYd6Kf^J3yU%2kgHXl!Ha9LG+9P;4bf4m8`Q1)_u{pN>T-+ zL7JbU`DOkLH0yL5NMZ=ctU*vdID?~?1`0ZWg|-AzBIbfT$->vS&yluE7WGsvARXdh zPL!aX==cJd?0CQod}*m_tyZ&<6DZpod3t>QY< zz|IWqs5ipEIaJ>#j}k#0}m;Q`DY3!YE_JN5_(lG}x?_4h9W z*L$|h;C6i0ttt^yhZIl8;n^%UDj-`v+7)hnIeT1Bd!%QDB)l zSS6JxKuj>MbYHRQ=Fcr-PfpLhGDP`j1vv5E8kEOFRg`_sEP28WkzanJ+p!w2do!MU zV5>rssS-L9;U9GJ*pQ-b0ihcFw{yXF9N>c1Hz>2yNX-HPhS1l@qTUa8(eOXn{futV znbJxBJ;3*t&7r5;sRJ7|=pE<6+db{(E7R>9EzROqL7qJ|O!BaN0m=St?1v80Bc~;@ z=EbBZDN+vFb^gq4BECsBv5YxnYb|G0?4F6jM>{atXjP&45YaE~#(oG1Etz2mgGBKt zSQBHQ5*6{lzM#3{u3~RaUw|Zm=nL{0I&W_x9m*YW!s5yaWW1p$(jFR25lAo}`|4K8 zN#0}yjL~IdmcOci`Iib+V&pe;UC#FwcEvTldU#GiRHzzemIbk&+@RkXC#L-_?T$7?WVLUHI&+>S9qRGom&8izm-eTV(2Bnxt@B60EPduN&c zu0=y&W;(B(AF0eo%Z;@o{W;UbU8Xzm>D?Hvp$7*n;8VLH6W^wH(tTv+5ssJRisUV~ zn(#2W$rIvg8iP4@WPeUzBS8rW1wU7-Nrd11?FATp6VS}SHIWI*T#4j7=Jh<3cKps$ zvK8R-#9XH-Qi2T<3r2rVN2F`+_<&Rf=I}Pu3hzKKJd+&Z9euW8o-)0uY*fVfZ6PQ5 zx@u^zwAi`DO6XOSK}#!`&EJJw%^~Rxj@aB3wjOSEV>eZ>$D4(0C8zfTDk`-e;{H8n z{;1P_)&w#(XmYeLpnzxyB01-R$DJII8sO^!&@=JB+v6^G8p26W$pe?`-MQ|Iu(8hm znplB~EfY2$hcNX%noBs?#KvwUWwRfril0vg?LU{zX|=)d`VGKZ4&~4?#M?R)5IS@d zI)?dN?<8auR8Glz@Bdi10CoC?_ExAk{oLn=&rXj7X1o<{$%0N%3xxSw|AoO4PxO85B1>yKrzVQuF;PP5d7t0fPOU5gs_dL(lZj z&H$Fd>GVWi<-hh9CbSt|Xiqxx6C821N7Jou{>m3nt%gEGCvp>d{&z%YiV_Cs`Ty=a zhByMwzdU|}>?pru_!HYbAR!RK5MI9MPr-`;iv1d8{>>;R z*Pze~BaHlWLXjH554ik4ZB_q#O9!SWFB?nwdxyeTfWrrT_wN6r3;B`aK^+_qZ8E#7 zRcqgFKo77wE%f|XCYFzqIfnqQH$#XByMdx9cXJHNGel*g!{TV(%Qb=~S5?1iiozJpg3yce@)sc1vSEzBIvEu@`?h}BI zM4UEEU}AJ1+63}SG8BM(5We7J27f&!oL&n1R5Fj}+{U$BNZ5rg9R&#dPfvnL!n5p_ z_r`Zc_M0Wy22{&Ub^n2zZV2B|}%6By) zj(SV*OxVO5Ay5%%a$sD9f<4RW?yDABGJGCnRW_^_n9y;kbPd6muQ1O5?=hoAfQ#TY z0xmxadHcX82gk4PER~0IL~DigQm6s!;Xy3E-q1>g z2rKM2GD6GkJdlt3{j0D+NP>-@)=Vk1s}8g=mHU9 zx%4q_#%p3_!g{5rY%iN5uafYUcy3zNEd5LsvcC!K0b$NukkH6fo08?4-~|w;)%@tP z@Yf`D(oo6LnBi-&n!?3&$k|{963*z5D+QGvfMXSG`jbYSNuxK#4h4~e7-+zu`bmT} zJi_0378YrUt#SZU>@^IOZHrlU-kH;$Wd9lq(brJJ<&He?+LPif;f42UY&JsAV^Ao_ zuPnfWDg-1aF%zId01*c?MOQ>gs*u;`@pFAi1h+@xY<&v|F|rb{IP+`fWl<<;=@-yH zO`*=f&?OBI-U$75?8!g$g$QKNlFSeEgW$59V9gJsHlKmie`h0NIv2dhwa9MP+NgUX0(bJX@cA96fgU& zOMeT6|G9YLA7&BV$(3{t373HgqcHfX*aV?k(CWX*;m{Khq20}|kblN#xntS}&CA+h zDj-b3FsNl|^)cpJFeyDZ5F&9fk;*{X&3t`pfY)&BwC7Cw8MmZc&!LqhJ-;XZ;&Y4y z{`IE=|IunOR^po_=96!YDv6OMXCyI5_)|<4NPizNLEe?oH2po^ZoKvu68V2SwrpzQ zEi>!D?Mb3l5_zSFC*ydG$Gny7)2`f8gLY0fggAtk0NnKbwJz@ojYV-gP)3Jr+&w`0 z9FXR7f&$hw?;DUTSdk7kL(n2`xzRL*qV*8&6sV+jP+b|ezqv$;?JpP0i5$L;&{gd7 z2MwO>tO=f}3nVszKy>?8s{xi!X8cT0^L~q!&6HwyvBMW{Rcc|hpnvq$aL7whdx-Pz zEaBPErjsQK@9UaAhFHQuYd#Ac2-(oMM>bHam!m6~4rZ_cOv>>pp3cA6iBr#cD8esizq>b{ESll$AN7h$ypgYhOk12F#g-awz=qTyd!C``BV|Ps3oH&rO(q&enJ(`yE}W4500e*pjU3Qc9K@JjV(7nBDc}|pjk6tt-QU)!-R;8$5Mg!XpndCrtrSN}ca^ zNKnE3g=*=8C;Q&8c2BnRf}fr008J!R9I>+$_LSZR&f5mh1%Jg7-ck~sEaK7*8*=(g zcp{@mKquaD={NA+n;XzuYtS3mi8ipLi)kzZE`cz34C!%1b|)yc*(>KF7}R!vlx~ zNkK$(k#v-Mc3YZUGedy^kbX40I_DO&ZZJGJ*h(N16b_zPMtW?CXP9w9Fjy+h9ad-+ zEO#6~i_)$`oRLp*z+7NMX$P-n;=rLUQUkb&$ zi6v*0g)n|}W2~VXsDTSO^uhJsL2k12rj^*h4i{xo9>V;Pl2 z3109!za-Sq6e#JaQrF6ttekBsGzdV`67Y?Z3I>OkE(z?U?CM0_Qq?Auxd2i=BWYOa zwr6d=jLKIq8h=?952Z#qpQJLeA9!t@>M6&eo1bSz%IHCxda3!Ispm;Oh}vLmy~=O% zg{?f-?7hGju5TRZK-#b@jHJa`NU*0>G2Jugf1U2_BJiEz)21&@fu`x)V0KD;4;D z^p>2<5`dfh)5kCIlRfp9Uo(@2yk9!|V&zj};2RZiApN5xo0uuo2~e#aj4=p7>Q2oG zPQoY@lwV}H+K;njEgF;+foq&k(|r`${w@X?M^qr{*WTMo@VlxYZZLKb$jEd)BLU@c$D>noQ&uk7Vw4s90q%+(^ zqp{nqvy{Gbwn?nw#S3GKYn_(zZIk%c6OF$m0?MA=?c|?}`Ezl|Rg_~(=~n=Ihhx5& zoZuP<9+Y%!AciF|24QsjA1fWI<)yO+x-7IlO8jAC+(|IWV-QN*9RXj<{KgDl;;fIKt>NOqS zGjt`~DxPDF|7kf0TMwsPK>)p=fvD7{+;?kmOWmok+25);&tEr7Aa0N}8?3`b5+`H) z9MwiAM6`n*H3hFHYuj;xjb9vxQ^!#z|_4I0|0bD}h+FH7Kk=ge6 zW?|vWL%Ls}C>X(;G2e+59eg%3xp`(d!p8vb3Gslus!ID@#%Rx=6Ik^XRydps8n^1^ zeSWi9?x`3y*F{tH37w+JK3TUKU|CHMhxWa^X87y-2jVQ?G!O@4zSA#{0bQLFBp`|K zM8#zi$qpw45Az3yw(<5~hR@8wwg*`UE)e-L$%o=)kvdI%+dXUUY}Hu+`M%b2*b4TD zYwi-Ud3yDsSBDnt7NXvxfwe0%SWJzjdg)tmqwde5UG`W$)%vf-1ust*3SQDpmH?fFY!pO|ABVyN%j%oJ}zeScC65P8OOFVZKp&JO%9On?F4Tm@X zm6qY3O$*~0TWL)=mN8f>Ugy0I>JX{@EZemkJ8Z|%rh9RPzA#))8iIIhxo*a?Rte>w zsMkYteiUfFZ-2B8oSYH7O6KMXLhk|w46cmM(-YhOu(EVGT_^Ue@Sp8ElYHXw$-$2U zPR-fzvPj*s0o6Z7+0!Wi8rC=P!4EgLLr)-6C+|@C2;~)`m+Tc;WW(8$W8a>fndn&} zI)Gh~-tbkm!y8p?<%H|uUeyVUU|{WOCly^rZ8_l#=!Rp#QeJyZIYsqSy|87wWOhEveI8W;W>VvZDC~zN-_K*Y-CdH37JJj&sa}s~ zG#h=~0z^^Aw#(prJOO7etyVzUH8BIQu%2K^$(xzUZ*o>X(PQAwXXGP0`c4RC&S=m- zC>)sliY|dnJGlJs=|5J_o|C-ciiGj`U8dEhN*&v?cdA$o;s_`p+r&*SaTYySp211< zqtm8Px_={LnBmedtUc(Uto^vQS2S*cv+P|w!8PE_7f@U#ur#|6Tr4~~XBV*iS~#*C zqF1Z8YKzM#L$eEJ-vH#2p_{zgGwA*0ia@D`a-kRDb~S1oNvq{BgT^Isk2KNZbLsG-11dZj^xd_db)r$_|3(ZlHzTE!HsUzwcZw!26ExZh9qT?jCxsSRijP!h=sjf5>0FyzR_}O_=?u-1=^R%z-|zB7<2Ij2{`t$hO9m^F$ED=-%jE-$+62ISly*D^&*!*i%(C? z)-FcL?s#=?Px16zmu9_}Ymkp-gMF9b0Y1`WN?q$#O{vq zT~GL#G>IH39B55E%Uz_X+1n+!@%iLY$c0ps^USgj{2#`V5 zksRMr68o`>nX)Hvo;Hnr);KwVeXB~n31HSIz&{Pv8qm3dP$9xQ`BVEmfdK#sot=hVV9w71n>8xz`Cr7gg|HbiO^ zEyxMW0>1@|(ru!F+S#5H$~bE}Frp>FVT}$;G-^Z3zPDMj<4?8AZA5GrPKPPW$ZCg0 zTo}xAPO`m5_ciN9_NvK;A@zq{PTFgy5Dy@Sa{sTV1wH(7)?rOVd}gNdLE%L!EsH5G zh~uupnx%q?;l<7_o=fv=JC(})M2Z;i?kQQA;JnJUY}dNWbD7~ek&bqY)(9>fSO=3q zn+VJcXLVP!8$bE|Aj1l!>o>Nz0gL>x=kRHcVis*RVU%oHMNOiKe15MP*xr^B7Z$p@ za-1toO)XV}LmjQada5C+iB4G{*?E*Sha1a&1Hj;zihF@>LeuCE{x$pDqgOwe5S9;w zX&`-V1{lXodQ}@}^7;ovm~uE93Q--Wn|y5T-E7x-|2EQ(O=25|60bQ8cpXPR1Z4TwGAP$W{J4ecD(duP> z91%gqXFx1my{Ssm z<88_61n_hVMo^tnNTof!5EQ=9S6PI+OOH#U(jMc85YIHw(g4K$9=Ak zt}cA|5^~kOcS;7#I2aTw89y>6e2&m84lu9F_md)2-r6NvnX&vqY9Bqntx8(CDvpCE zLr9Y_@7cwZy@^f9J=NZa_&QfdCkc({`BPoS%XGIIYxLfCZK#?sq057xwDjWBAD$^$ zC{I+KOY_$kHtXcMcT=@|H}qo0gwq5j%tgFGn%yo6t%KA8zYo?Lts%nZE5m{lhltWD z>r=p(L++)!O5OC@EQ^Bl%}kO77SohR3fKqE2{t%>1udBqi>HlaZb1|e>Nt=sM%#W8%qGW5*EDL~rg^TyYhz*I&g3QLVTZ*&?nrUC zrmXfQp0n-`D+Le%H-mvPdg&{#ZL@j6>X$h_y@66>e|w+L8Hbk&qRZz+93k#>w2YD& zZm}zF_(m**0%#vgg?*cMV&}oXg-VDD9Sd8;-&{&8}~13Mg&D+lamIKjO!yn3sg(Db~S`2Hzjb zhh{b7|3uDoJF5X<$EO0wRHQo_VJoKsi))k8Q)HQkt^-MEPmLuc{pkOZm|2kh`Gol9 z%h9O4s?l3_L;<6EZn)@3yE*|NPkei8jGmGhN%g;?oh}LTd<>q&8u$}gc|s^MJvkPI zu)hgF=WT@AeAu(QeFrLg2|1F-^jPz4gw$j37_Y_e=$nfl9R45!>@gat2y>qznr?1v z%_U2Tk#-vN!QEg6!mN5FX~KVb8WXJcdU=LtI-Sc*;>)3azjI3NGjPYd+M$r8+*gPr z<06q2Hk^(elk{T{uP^dGy*4_iQ*jy!m|d41EbOu?4P;C&L|wb%vKtJUi4vy2{n>6| z;lAdaoWfnO(lReQ4;_xVw)bwY;j=4k3vC!LlUfJ$U-$iH+chJFFg4{8MZUr1UQP78 zfbnCHk)^4D87qri{vz@N>6;XGfqvATeV+b7p8vQ2<0vd0fhZG^VfwLw+Bp)arvUG! zVm

#p8!y=e%VSEz5A1!{}AOuQ0US)*&9cEQaDFTK4dXv*Ss2JHEZmqF*js$nh!g z7(PsTXuHQ67S_@q_Z*)uCN6R;d{j;IJ4VvHGM16B>XM=jEF?5eHM4mdr{asBpRXTD z-^GxJxM7R1ouXq#q|^xLGIbCUq(55SXt?xM33H$-@wfl^{X<6I_pCysXP#LpuhxhR zo^%;aF?uNv;)&ky(2Ff<{K}6w{cymn$bDnuNKiS@#<&?6elVBqC{bbw(29dI_9F@R zU|=cxcNhVVYnu2gxNRKb52_ym(j7}$7px`TQ^QsHCkM9oxDa?B7J<#xOKcVI+W9hU ze8-_dm?jN-7W^L4IjFt;pNggR^8T%+@utFqo(7y{VaOFsuU<>q{|-IOTka!)rPCoI zkt^(-YD4E3coMQ|@J;GGd{0n*! zxwy=q?<3)U7VsR^;NT)nPdpFb`Wx2=(GRHE83by29O-%2^d?LAeEi;;ncvg=M=d!{ zQ(5koaBcsL5*Z9)d1= z(}}O&GCvN~-p!C4*%;RdGE-*0RmlKfW!zfl%Uq|4>6hEauJY)E+hV^aE;e2EV2xJi zJ{{5w3ps2rj>EQ8i$>dp!De@!{aNJxI{Z@OrL8uoO&``;SD2tcH+@vtZA#ZMWV6vq=&r;om~9#2cM?*N|YfX zDc%r#TYK`?;9&FJ8_QG7Mwy<^0bNwCaWH)7Kdw#@*kEch!2kAnD2~KGvQ=R}sTIDu z8uE?3d*5_1`i;P37kXVu$zN>W^bmIKfTkXP#u(fgYjfsn&%)d@7AueEIz9QYigh^f z^f{PvOBDAo#Jyjixs*|dfp+EhYQh}Nq;BQ5ue~nvHVvo5M-!0CmHn{=F7z(6_9qk% z`|AW#-FWN&_$(au@|r+XR|oMgh!>omy%MMBsa_9KU_{730g!3FWtoprh>XqV0Wjb z+_-do-4VSP;rg9C^1CYL9#N9YjB*%&H$b48wNjVLxzAdRz7IIW_%CbWp$$m^p*USt zKh*t}YiR0@u$aF#zkao%LWmIO@vfFZQPknl?14^%J_3Ei;*MWhrhCgbq&qH&PNs83EiZkbbD&k2@2Mq`!nf$? zJPl=p{Y%9enL`+)m<)Jy{JAJ%Wn8~~iVEINZ74IU>pwhr*tBkI-QD#cc3GvEJhj^3 zUC?J~oZaU15h7N|?|NOD<6ZrNqPVyFss2mC0y%rZQ}2*7b4~Bm5lYcqRr&4j{gbpo z+czkRo#V!zZ(?o%gy|IH=q`4;{Y||{W+0+jRcd& z)BjldMpEhEUV`3sXzDW<*wqrB2z7N^NHRoz{~EkPat0(sB&Sz^m%}@3y2hN{yNMXY zKx0oSMV>{Qw*bUAM|UDuC1xhn+7rHoNT1Tgf0CjP4X|{nZb5~;Av`jc28i;K*lCx+ zv0NDb=Ga(@#x8D)&p6bO+N>nDA%?_v2E_xBUU>BJrOs4eS+n1SU*%Xb=_$`qcfj}n zE8S6|Nk#T08FFB?AcHKOUH{sqX(QRAgwT(Xl8A23VyaoWt zqeTKIZ!VwdV^11FfP)K<^gBTLUDn{{T-ER?!dbuGZUfkV zkvQW>=vf;+k*wiW71WZJIkq1%bP?a2Av|b{1;KU89V7mnM+s*pYm|?F4wH9&yE4fp z&))VZKoctVwq53~CvU3(PIE3@>I@0+n@3PlO2%8oNxp7hR8%1G;03X#XqrH-d1J*# z?_ax;pd1dens!t7>Z?z)ko@#=UHiSvq?jAqFAVO_JvnBa&~kiKC7QSI?hOmKSN9L5 z{h4OuYfPaw1*PSI8ZQ0p4tUa=kzW=jF9GHo|0zWieCV&d!9Rd%F^}x2ty@Nfl54%) zK;KgF98FcNOy!!fcW`K8SbV1p3T+X@<0vG;8PY{)CdkTLAN_pnMb-A^^2?0d_>PuI zU1W>R)|t-iJ7SU%@g~_&l%%p2XZ-pO+)la7y*eQ-o%zb;TQ~kZP3I(N+E*Ce-bSDK zNLvb75G-2!`v!dd=cM<2ZC|`7`59bVaID0^cu7a${C%Z9>1N*6}@Z^bc^$>cIFmHJ}_FfpH0dc+h*```U|`HCJ$eu;mC(9Wn~(-F@dP9la#bewn5O|XFu6qM>@Ky>DS7_F5)u;qCsInqBDpB;5y_OEYH3mVX-0Sr zdZ~-w-fFjlme0t>c+sbq=R|I|@_MtiDd_0y2ajfcv5ej+IMa?1-HMFXj@15r%r#&_bpC;s2G- zhB&ELl*ligFQ2$DLxXY zcuzaMCQUV1k<#?%*2&$g<5ON8fjQFr-E-idE^FYhoHx@io}e61R(TelD)R4^e6?}g z#|*U1{xk0X!kyUJJ*9LjX#R59NN^Kj)mr;E*85W8Oc4`*w1o)F2Sw#T8dk~w`xnF} zHiTVkU}+hBsP$gW<|k;MW_%kS9=2Eixv88RFm$dsmjBT83!(Umk{A2QZq2SnWqcdN z1HxlUzAUg3y>ek*-1R2<-jz_%2p2NWdHiEfdmtMojE7^W3L<6hfkH~?rhx3Vp?;G^ zw~wQYnha=^xJ8IB_(C2V^tVbx@1jgsz)@VM!j2U(kHD5_bf~*zC~VIFguK$qEgsS^ zG7XI|PKbE25Jn|h-%i0CjTmI9jZ}-0=yDar&9G%E=IG~0z`N%PibffJbV9C>cm#w) zbru{@GAykDf{a8*DlO8z5qw$EQ-sf|qe#nVjDUTTH2@*I7BKv6FmlsPh-?uLH?!BZ z%u;Y*Zex^*|0vxU-~iFX7sh9?IzN;v~?`7_Jc z5T*B7vTh>vD}#t#dYHt+@Mybxq>oGVD>c{Gc)c&ULhVXy)F)tnGoX}5CM>%Bn*xXZ%S=;q5C z8+H`I=iRZpxV~ifi4*rmw&tfxv1FkR_7qovUmDL!8?&rZlz8z3amZ?LMyrrCNcp$G zzB;9|TQ^)%EV2Mw|MqI1%O-T$VjX%(jI8uY(t!HuM9I9C8)!^T*5F)UnR+U*9<9iC zAh+3-_n|GCkLDLYl!&8!O`9D{P6%4}lDS6&hXTSK15%#>Np*0lFo<1l#@S&Wi?5$& z;j1o#;sMHgC&il|I-UonskHmPPDZLl@JsI`wJ&_z{GV}ISM3R94{De@kGVuN9;g%> zaBoC55>v>FhHhx(r=yK?PlQSO zHLk$3cE9@WPA*qYKky@-1G8DBA9t@k;(Yqcbg>0~EiE=Gn3SeqfWjg-m?ovKztcck zjN>&WH=Ska+I>K{ZmHys;GFp`i4$hputQshr^{JbwtS=27HnO0LT{EOw+E zP-SQ>=lc~s{^?lJn?H+VO;;R?dMc4X~uHZS6alTo6a#>JCv{y4{Mh)u(!I3GgOTEkS?>DsTIB;n} z)_Vo#4^eX*nJGLaF9>h<&(C{J9IH#W%QL!FLvQ^eL1R{lktosTy6A%_QFL^5C#Gf5 zUZR{2js&UIv#0KFc`^Oqoy*xDbbrrv_g&(ULW+prZat9kwM6H5;oprV-ix5bCxlwg~>ze4X) zs-(+p)r+s>SVZO-IX>=ANC_rg6YmMX9G-`hKL=z9@s`M0P7q!$XcUGZlRPw6{8-xt^0G?LsobyzoIsguZ^Jj75n?Ocx%Vi^b z6c6KQCL=+l(eYQC>`fvzj=VytYSlX4Q(x1Vx;5q&-!E4pQYrKPsgMz3E}TSV+ag)w zMAQYIKl{JNurJ&QaI!G_od;dO!LIUiPE0wVxu4NZfW952g~TGZWs&f)BXhC-=ei<* zzVa1m%eCW*qu=AukzL>dPQWoRjL7^*g+O8!w!_r+Pa}Xq2s`sqi#7Ecwe+Sw^^(+TtNdrv zKii1uQBFRgpX3~0ZvwTP45kxoxdpUKj6^9gjG6Va=;)1D?Yj>GV4TbB(0aFQfS-v0 z&OS18WCXy@bExzh87v9G4M+L0D#4EdX{6a-yGWbG?K)4TC1u?(Sj-zjk3X0lT>qD{#j<5%lo3DcpsIK7gfHg_xF9If?6(ggMnofwW@HW}_-mn#lqW-i7N@Aoui|@=cvq%wlWC5>`yZQM zj?0w7FKbHknWS?R!|z1zzaXugSwtKZkJZoM;fuxwey{8|$fY+!4PQ7b7RI&b$%19y zX!d_c(jryHTx3O*J183RI+Mij(@(i*oQL$)ErY!dd-*C19<^snB5Vs{xjL~1vQ`k03UusA{>r^ z9Zi`jn>QK=sIO(;@&*TfNnd(wEMK0&wG|hQLl`X9@;~79EeUKoK~3iCm$WO=@4sSl z?xLRWv~wK4jX{M^cnTk>?m5w22>oPqg z+zhOA`#XSsZNH%Wx=NZ7Y1Fleu2r%kCdT15dBb87puBv?*H@g;0K_r8{o{8z!5q>b zocnon9j7%%+e19UiZ?cbut_#Hfrm(f&Q+hUc!LX9_P2N_K1()y?v{gU;v9TYf2#%G z^CWxHacFSgL{Z%LPwTJ*aUr@|FL^lH!1cwyrsEzXTrZb^=~7cej*`s3pQK5*M~D1+ zDRZR-%xk!AQ`i4X<29A>E_=0QOWf`MD+n}D5PU!4@D|;wKLMs#0+)J-&QN~-4gZU~ z|8BDd9}#6NEd8JH@iYl;&%(F;)ji`(y^j0HXB4aWvoQGoqXdMTUk~M-=W7o;ZhSaI z0)M5t_(#9E4X#JZ=;`ZAianNXIQ;(678KYr7i~^$RTP%J*pJFjY<*XV3^vBCYi*n{ zx(V9Fch#dg9QlGcS9S`XdM_d(#w-yuJb&q89R_rSiUvD0;nc$-;mYCsYxF>VTZL`S zCR6Xi2x+G%DuV{J@E%%)kBQLkU>I7SM=yGI%Gh`M+%A#Zj2-;XKzs)mz|ufBc(3vX z(ELRhk2|agy9f5a2^c(Gm3?_8Vv&343iU6AMba5jS`v(??!5+dC)iHyy=yk-5;V8o zl3WPx<<>V%<}dGp7y{_UmmBA{*4*;P8DM3(cbrw7-%`pb9wqgam}CAcVOL<;Ob+q( z&3P4)H^W_`hab~l+-X%U(_-q}>o(DFe@TQ(-`1x49v|D6(t`NRhE=y0oa zY)OB28F`ejeWR`}jF>N_4T}A7tIWz_^LHvty9T$qPe5(HOcthP#;vaGpw8c^FXaXH z-qnLc|J!V^m1OVvmP!5h@l@n|AW{6kyP!v}TwC)U&#PeyrFoH;2jPa2nh`xwIWYdB zklJ|MJkXRLgXGQ7%d4>9BOqS4GYDHbCu)uosWLJv<6|LrjIMCIgVbiFq1)c%bL#!k zV31sN5tv11r@m+qJ<{rw;y(Hn_3)`_l0!3vTguQs=lAa-;;|z01sJnd4|pkcZ??K6 zjQvuvFJ};czFSCt5(-5~2|b8WHH1FPa*laFt9!b_Ma{70OJKN@MRYi&p;b!OO1DJH z6ZNmSgoGYTnOP9`;cUoGs?p(eL_<0sGkOT(1I<)HlP%m=hz1kB2AM@P=Df?8*>}*9 zU;<=XYWnpoTpFdGO^uxQG>nCkloZzuH?@OvvxIm}m1zq{vvxicT5beS>9K#%}ZBI^SO|~JwB#zOx9tg5E z#>HzzO%Tj5(dT!&`OS^=j#2}d^-Ct1Fda5{zmv4#h|=eV$LFiQMrcnHscIC$_aY+) zeagprFa2lzk(>E1>UKcEZJl(P@9|Ekx2HhJCGgzXi0fFN6>)LsZ+j@0pQz*RvWHss zh!2F!$qQG}jlXoRW!QTRiI3-`%w)zy4x}Nq2hjeDBelNmv}$7@ugy641jCZ49pRS& ztIrK7Zw>IHlwPFKvq(xxnzJp($lNhI#wt&MC2WVO?pf^k@OS%EoH&7Q3M+wOv7NXHWVD zDql?Sa!-SoW&7cLft@MJ*Z1}&y5l1eK2zH9rAwH9{KQ4PevOQ52Lp?sYU2-T>C>BK zNN$oLz;c>gc%sx1o-fW#Zm_Xkmb? zo_2>#{=R?Fg^N4qv}7gEFB};MS(09q1uJfm#29&wGX#nmPjS{U+aI+&w2}wffUInW zV-Tf%L&u4s4y|WFy23ufVK!as89g{RP85}fSfYty^}Dn#8>r3*D2a>2&%mnO0}9#3 zQ@@~eA$C(*KVrE%*7MU&Ki|!8|AOiu*oedvs_(QKY7GA=;`HE2yc|@oj;l+y2yHm9 z;xoSLC?%tgb$fX`6q!YP0Y=^1^!Z%b6$Ta|zMbP-v(3+DZolfh4%Wb`lJFyJL-Jal zUZ7Q*Q@t4y$e8UK1C*uHW$l0y&_*?c9QXvr53Da_?&m6T+_n8PWR`I!PbO%1% zBpJp~0P zP?5Ko9x7dZ)92>w8K@qdD(S{571zbJdO!OzZMe^8RKKF4In0t_1>b0%9O^`NZG%cY z&|G3*Yh0FT2Rde1M6%-_uro^g0ptGkAINq+YIb2NK*2`{>gvYOVo!G_0`e~cY{Z2m z``5STy5rvHA@#K)C+>Z`ui5Xzp@9b3OFe(vH4jAi;5E^wfg<^CG*rz;V!q>kEWg5u z>@d!6e$t@bTJ-q%m-G{#i=6e_$yBsUZJ3Yn3180*1#sMwvwd)g-*863XwghsEOl#_ z5&e3fCyXK0nz@hVcqoW>7JvVFcgOPdlhDj1!PQF-oL`n{?~^ECMFC3bA$JW&W5Sbj zX!`q`i=e7(DJ-!G)@A#72_ML(tk%4dpx zZ`gRrHFDXsBx9e>UhA!4%AGDt-muxEJ8dmyVmG428t$YH>|t}?QF;A0A=vj`QejKl z{@HhrGsUP=K2mcNSG{aBT4Fh&6+CP7gdnf&yuDB_frDxl6xmV~u|?u|Do9DH6>dhe zy=I^qyM=6#q8QyLZZS{4I;6i^cEhtzdhM|X5bv!W*n8pA)1R}7)a@a>ZhR``sX}y9 zA5hw+w^~H#P5ZF@zL1;FDjKJ1Cni{OD%z~dA&7?AqvJe=2u!tEH+(%Y9*05p0u`kO zi)W~Gft(UXA}hj#G;BMLM@Rd{G}|Z#a&9+j`s%B?=YdFL@eH3#+K}m$f^Q=(UBTWP zsNKx_ZTdg#)%Rtu#71j04wqin?)x;MW4*tM>w8yKGC@=*-E{h_e=z3)#$+*~3Qg@g zA%yxYX%43CCbZH@wV$U;tpyok)wOan2FvOe(w<-Qf>ut2!Db?u=Gn4wLHkX0yNlHi z#qJAakC>QI5E4zu-Y@pixs_TvdPSv}qj*&EXI=pJ$zy>q3ToTDlI0dq&G$de&*?yr zGt9TaU4G0(TTaUd^U8Ls4j+qyPoLKApo`&YpOY76>gl$x`z?R)s?CAq-x)=Vd*3`< zeeu1}0{LUl-L~?XxN-${-h=sj$r%wpx{uXVRr>aGcC_lt8HToaB4jO)sA>yUp%m26 zsU%JI@>;b@ za?Wi3Tzq=KN6}6g_9SNU#dX!YefIL4HFz6H(t_ZoLD!1*{eh?n#y2{;!k4O309oLtUKF zl;C>itVJf9^oL(JMg0f+RI(z@sFYMIlnqci6ntMF4ZBcW@^M|qSuVDT*gIzzDEi+} zZAuDLjmSBgp3^pb?&<9g<&XCcTHJT7WV>puurVu1sb$!FK(07f4uIA(DckdAblKE6 zYKl5Icmz4#e$(&f&URlp$Nq!<*BO8NP?-77R9;tLQ822R_^x!J$<_T$Ks&=_8%eR= zrK%zxv6m@a8)=I8WAjU$#7B1-xs@F7_gQ}D@C(|cbOz5rVU^!Sk9T_S#P~?J-S#>Z z)$xx)E#DT=UT;%)Z=z}Xrt>$ux@HlrXt+(9GO$+YC$5l2q< z-ea67ms2VhVw^FgHdxr_6ql7U`gi_ zzYPb81~6w~MZVR_^OYYrw=mHhX)U3j}izPk*X~ww&N_5|rl+mNp5iE!nnf(RiM{({(?J z7vm%Qa>kg_SDiz9O52tMW#nBID54JSFm~;zj8r^%-FtTWmp4B}t!nAApv!r5djWa% zoo9R_@aXZ7(t_aU<%Qu|aunrwL|)5*(`668`o1gbG z-7u3$w|LrjowKsPLoJ(ZbVr-t76v0LyW^XF==s+){aRqD8}8qEc7J`MmeU%O%<3}l z^X)sz0#-?%=A@T-!`j?w7yh6s^-0qyPL?HyHZfjk$>fq1d|fG5IOJcz=CClc)AX}* zi`dw2rqx`0@BIBT!$&py2Z6@*m~cv|i!^ha>lYsCc(VNZl277Gf3aH2^qr=A^_@j5 z@z3p-oS=L(*%M+{LBD)C^(56kaGm_rKJLpU3y;|~X}(ARd}#LUbnxqyd}L->Rx;^P z_m#EhK2q^XbjbWztmiv^tBhw;qT>_4ksqpzzBJZLzY49dNL_I9d!;tpb$$C$%q$Ze zs)z`elkW=UbsPFoc0|Sght?E>(z5cSf^q^3Sb_WMMG5X^(?ezK{sW85*xx&km)A=3 zSt8Dly(~S>dEb#qv$to$FR@qfL!PvFEB~83YIJTE)0sO=ZCZ8$OWLn`hHieosqa_J z&m{kw*}t6=O-FY;*|@PUWaey|J+=60;1~Kcc6?O~j2?$uZfo=?U(w__nX~EOm>o5F zW1jS`mzL5Ihb-uyINr?5%X3=0-^eJ;QB_Yh%J;*-{)cM&&6(x0a_M;A#CvWxcaCUk zXcJD@Nqb)$Mk>`PsOx}?f) zg z00;hWT~M;|D#sz`Miw!QH~`0l-iM{rP*_#9)w<%H(4h+cqow`dBRCgP&+%SRU@0@W z#j@|eA?q;ME>0^5Ik0cuThXAH4XeK)tGtmer^C(e7%(Uoc%vpJx%aOJ9#)?zSuP1KySf2M+x#s|7q3>>oQ;{ z!=_xn5yUNv?+ltIh2yFwsqV(~m3-$3qQKHxUHvRohG)FkA!OBKq zWeMfWb+5BJA>Ee0YhoBWpF92iD9vNzHyCJh~NyFilk zk-H6vVj7%{zj&b^PPDao>*G^=pRsR@iReb56GJ32qz8&JD+-*j=Kvm_>YRZlMP@ZB zAYu;i7$&`vXVCLChpVz*p6@Y;62G5gCYJvn8gln&lkr;DK9>$M^?l85_nF;gd`eKw zy$B8H~V|x4-*e4kxoS4J|xx(%OS#a ztEu<`dX1WgcS;|bm4FV&IeR!i?DJa=sqIK|JLoHlC@gC>`p}XtM#eaZOR{XllL4>V z1X@v}o9xws?{Isxb_q}r^62IyO)Ww}`|3Ah<|CNdx+Udxg7te?I6AuU~cGUdl@ z{&cTym~~u!jjl5)8No`3Cc{pDe_X|#+Kn~i0YVlml!FHTnk^x(2J=; zRpSi%lxp6Ef6~e{B#qRSR?8U3L(wabw(0!R-T# zHTr56Xd5o2J{pHOK>#@LmSO9GUe2Lke!LG+s|t`R5QL6zH46ptKqh62TgoxqjEGwP z<&z{i%pXN+g6`Oj<;(Z}eG>Ckjx<`nLc5Y6e@>xnZ%k2FUILS{_1dc?j;WqRIb)oJ zio8ygPHqCm3ReiJkZ6pvzkOX3M<&)e$qa(k;8e?Kv1uHhOV{o}JBXTA6q5!yjLPXDP6yn3>>L9CbEg=cnZeS zCh^GL`=S4wVpGL+8MJ*C1>>h(+Z^{tWf6qNkm2zAOWwiAMMc@fZ%eN1GdChL{3sA z!eHRV2lM*Y;Dotx{7^v0Qelf=yOI0f_g$@KF5{pLn~L#!WS1X9li(BiMXvZ4qaH7d z@+b~CRXq4Rc;u27neJxWu76kU!x7h2xLebQG3xA=yE9I%1TOh1TRrPhN!`nbEW4KQ znW_e+FKKwAveV-4E{N6y;YWP+Y7;<+0+sEcA?<~w73rUtW(}Bp;hg%VB{ecw@NIR8 z6yI`pGK0m(^-!g`=Z~@}xM~lF%wmVe3@_3j0ZLPgVlF!17jfnMO7#zXeaS9gzSe(K z$}||{q&{uOmX2;5pEsQO?$?XNdd07nHC#>rDFGJp zQ^!v*=&F0=rCVn?A+EHyz$R-L4O;;af8>d@rTjobG=h?B@F3(%{Me3)wjMpayy&BQ z_DE8y4v&kK>|SKjFcifkvGmoCwN8y@jwSj|FsZP8)fp0O;fV(}`Wau`gU&-a(;@yf z%>`vzJA&ccQJiX%cT4rG*ZBII*-{#qTfYo(|O!GSu@%Cl^ zC&kl05B0=8h3jEY^ae1}M8P0lzM;!BJA;Hys9(sRKlz+ z?&1Irb}PZ5p{lj*cKZvkGt!%mepc9c(FX`>5=w&F1E82iZ11@fe|ju{E#qBBCQBLd z^R>P3is;K@^e_UD4;rG)t>qWYXeWxz z9Cz7??Y}gGxVs%HY(dG6*#r9|&IKlIsx~!x*Wm2MXU8TvLKtkkXSbia+ZkweAa%*& z1;zYDczPbR z!LxJZOWhH>wIbGSB4Tvj{eaTnGzPN) z-PS&R0`H5u`vw~lBP^01sC|Q<&RqCE!(bO954%^?mbAvk)=5*+m~(^y9Z}eSVb&{~79<=wxrS^Z#E_0V5ay diff --git a/components/engine/docs/extend/images/authz_deny.png b/components/engine/docs/extend/images/authz_deny.png deleted file mode 100644 index fa4a48584abb3db280b8226d18888cb0539de89d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 27099 zcmdSBbySsY*Dnf)5~8$(2q@hlA|NS9OM`Tygn}SQH&QM-Rir~Y1VN-Fln`m8B_*Xh z_Po{i+k1awpYz`y`w4>|{)(SmnBm_`vP$p%`-!N8Fx9lYaf;>N>#OjT;s1Lx zpD;Aij7t}k<^H~tPiU0qzn?H4W4u7EAvq-JEXGqk>Gi z80oWdry&CguGZU=9&|Q?1@>}#Eo4UJn`31bFJBtT>(^}eDrlWvy=|))!rnq0)XyxV z#^yfhxo7oI=l#R`) z?Q5OqQKswG{N}J(#MdY~ndle|sWyh7U|Z2E$(U+M4Nq8->25k+U*8!r>iF^gk--?F zax(is{sU)wh4z*t!Dr@;e&^*vC^rS(87+K!>m>T|*}`QjuL*%nbHTg1a*WjRn8Wo= zWjY>LLPL9)(!XCwHuYiDHb(!WgPf^pdgtp~3ew?JEU$PiaG%WQCb|V(zJ}?Y z%kfh!ynnvoSW?pGgpE&M@-1tQn&kaqg+nZS>R1}DeTg8;v8qzxgV~tF{&#|c2Qh#Feh32>)UpQAunIX$j7lRR*`Y)mte)jbLcG{N6trxoib-BB*ddA zZpyEYR5%GJ+i<eGv#=TI>R^!uR?-PY7+XV6U;q3cY^EtGN4WB4W4;CBQ9h_{XoH=eh ztFLn1%Jx`q#B%suyN5d{-It@x^#YfaD6`&m>*3y%!@;J7>)yEYd7IT=M#et;E$=1` z?yB0w1c`ZGG>Pf$zE3SMExNbhRo3>?6_-FIR)da!hNf6b>g@hoALX|;p#k}hj zsJlh>lG>gItLLgQ#3d$LzVKctZF3x6`SCvg@sBc{jcUim^v~N%104=GEp)4%rp-O% z3Ob=Oq3ww0P^aKEe~Kq&(N1#h8yS}J+;_q_HQ)ZB^_tZWqZ$XBb50+}Ix3ADF=EPR zHr9WB&VyS}+0UjB&(3N$Q8RLFLHaVa@H<;rmtK>6K5Eh@Ap6-XU;uLvjtx8giyf;%WV|V4p z3=s!GOO^eM^gyk<^YZnZmfvZ2PWC4ApDlb_SjK^*s)5XVXdyn+3}WE z(iIL}?Slv!u?dH6*imk9_XgT%ybJO)^B;a3{rm>&La&TVK+DSpWwDdYzU|D&a4Ny{ zy5miS1hFIk&2M*pmkSIO8R#v%3|fAa;+Z{Ippy}ZPh%U`Qlq^;J(WwvY@E7Nu@#U$ zQf?JfwD7AZqmWlZ?kL*(bSp(`e`z3}tp>X@Swt_6U8mQflC4#%P}j^VQdW>8+n}Lchp?sL2MlR508JOpRC}c z@J065#>wDF24P@VWQ#Mw>x2Ki54K z#z)_hdc1t&dqhX{>b+`}&aK+C_k41;OAsFCS~q>vboYm`W5_AS0hC-)k{knEQr67R z{=O_Xj~BY$eFza^WL*+!%xo(9al#*-E;20(R$dKc-^8SzQQko%gAt~(vC|rUn`EQZvXD#_9ETz zLZ$O>!)x=0JIh+b;>yu_lcA(+x;my|{p-z#uWmPvOuxGM$T3p4!g|q3pP1UlwsO+z z)5rcc*gV*S>$Jnu{uQiS36YVh- zG3~JM*4a8Cj_rXwlp#!;p8}@iKfcYtiT4x39;AE!sM|Jc`&ULpJG=@PoiysZO+;Fe zv)WO7{fY3$lMal}F_DC+n$};w3o&`@ENMP*wZ7ZH-5S%-Z~>n{Saz(%z=TnTaLUAj zj9Dhw^;fchebZ*3Z_uaVak#&WYpa_+^(}q==cuWS9p>6eS1*1}4WjWHW}x477lo6$ zxz#PEx5mBFK!XZNRg7W%T3CE^!Q*pZZP!@Gqua)QJt3bOroJ+J?KggD!#)iCBoV*y zeyFYLKwY}VQoQuZ=!g4PLz>&#^rX2-Sv3gAtz3y~NIKu%d5~({g~hmD_ChqQ9#DXK zwsHz*p`cn|j@o30Y$|~+ zDzAGaKRsWatr#+V77|W&ky)Pk9!lE;9oI&an?t88^YU`O5+_cz0exlN?sEr)k!1_0 zJnY`ujGr!k*c@ii`|xW*L2Z>!Im=#Q zs-gwDx1Wq;7A9;&Com{nxrXPt`|43L;kJ?cIF!A$XuKwqSj$5f=H<6Zb#r!N%C=_? zzMo%45=;g2&}-K+S*J*^_GAR{%Q;8zn13MUH6%^q5x;>ITlXnB_h5JPChuKwg< z*xJhCaGXEI$&Zs05iXTfpIBB+`RBhUI1*V~u2#GX_4iBWvx<(>I62%YeD=(gE6Dzt zkm)FTw(9j^swa;urjMchm3g0ec|uuNrVw&`w^1gox{FmW;_WQ}*FehzL%5Ouf-qmi zwL94|+Agw^8DvL=g=-mJ-tgj zLc@hV&u|f!qHo?(=J81h+oAE$o$qxP#qVoVevFTItLJ-vOzgbNJT?0UOifAH}tjQ$>^Zkpl^1>I*sRclu~zd%V`C)uJ8Iw zbh}p5=+?7ZQUe9o=-DVacZbk(g-!|Knk9k;8j$W~kJIhKGI? z^_O}R+k_5Zd|CSv%eNj6t1S2?@L&&$l|JZA(64b( zjhH9AY>^~jpB~GiF3o+&$Hkx6dV4jbXXeiDnv5gi!R7T{|L4th(sU8Ro52BP6T21n zy$|DA9;CMQFB$p9-+cHvXreAia2N+g&eK%Zzx?BU&UnY1$G0RwErG;UNhpt*dtMX@ zV$T9t#CEx+M^?Ytj45L-*UGl2?I#bdwB;~7H8h`K__XPH_b>}Pcw zMKJZ->L<;WH!kPet_o()u2s!kCbJQ1>lAS@KE#VpD?w{vK7WBIG1Kbhs>wLSjM{y93*9M|b*!-@mvc3Z3Q{hvqwMo5h68iSuK_GVR& zj~|#`!l#o$;cjGIE59l2n&=kLcyTFN-}ibf53QelOr_UyG8x|Ub&)B?`>$nxHob5X z+P~W)i7%3wqr)T5=XXnJ`*-Dpn}YF}KNmw$(P|~9kpr$~?YULG>=j>XI27k~ zziD4exo~(}i>=!&1`TJQ5$)cS!SFY?Y_j8Ge{17OU_>eS*r1|DpR)_%1fb9cZ<$a% zTN@LsEo?I1-tJR=qfRYHYmM`?nY`kDM`)CIFHXbv*1D9-ECcUUB>^7I^=Pv%3i2@G z1kj)t@dO&ZDUqU&T*55j3=>JyUhwy89tv9@P1g3$h!ig;h8i}am$*ashfiV$qZyrH zG_^GRWrICRKB52nqoiiyRpg0(m@DlFjtY;o`^EQOf1ivFL=+F3>>PX`AfQrr&{OtyoG#~qw_H8&yz8w;C*QI@f82?QG!({7#X!Mbj1EX z*$12cVCdF5+r<70CwWV3JPO`so2J>{q{>n*ht_6BamF<3_kvIBu<0xD59P(wPGXJ= zHIBbCrUhpIINDies`FxuIhOn^nx(dr6XqHB!n1+w`k^}=0ZQ~2$BFE&LcHnr&U&~x zcdpKJ;dPJF9VSKVL0?yQCIZy%MQO?j1-VH}#)i|Gv1)xY$A^+Mf7e7#4>KOf zPb)y2YWn}*2MOXsH-?P7;}(+LmD&@yxBx4~QwciAj#oQbOgD!(Y|Yxdl*X?2ft^Gy$L00sz)O8&4ZX)%fY{2+zuvHDkBtJ* zul3={X#Dh?X<)9*)XyNALC>F2GSoP_*M-M#a_D{NKcEux8ha$_wA5dEn6sFZ9PW>W zKWOE;G=!ZZ>gk5iSYasqyk@O<2_EAqES$*_HL_nHX%f7=Ml3geMX4g7_o&tBpbob!CPBl?IRJIVMv7!yhU{3EsY(v- zslB8@xz8uNuWh*fE(W?(WLV2ear2=gOLnc%=b6^9s}9r6I0uV4Dch4p2A^iTZcjRf ze11vJm>SJ|74D=Ke4qsmlV1enzQ*N7+`Ug(cS=k?J9?7~JWUn7Ov(3!<=y0((q5-ogh=+5 ztfJ!f9S&u5nF#8_K9&bXNkY%&QJ1F+jp!Pp85A@E@hCI^ZV#kM202pgJqpdK@%tIC z*3Ftz7Fc#BFh{|%W^yyG+VkkSE1+Zq)|ELfs^w}GzV29-2hKY?YF9tdmp9WEk?=VP z|I_}Pmq2agLAp8L=My_c(D17U`0wUYesO!tOR^S4_47HS-P)s!zkQiRJBURqo1xgg{nM_R4901+BFT2b5E$c zuT0k0?@USPQTzZ>>-g)tgmQ(&mq-aQ+2w)!oSfSG~dF3tTp@^oAbC+Lbt#!nhU4+_Z;DndM7@6X8@(w?mX}BjxNx7k2`HQUagss z|FG*dV`7z9{xB8?U#=Gse`pUgb-}1BF}bh!S5i*>VLk2+{M*bVS4mi@LqS>U9n!v9 zpqddlm0fmmu%CdsZEwO|dBSa(1f3!D!S~G}uS>E3YjFHMVSu0qircnH zW6qPFeprbH$5!s{`<5bYmV}!T-p7(OX^ynSjEdjeGLN?wk{cDe5%H7z(Dw=YAwg_A zkj!iEn{`c&c2{@shzwmiFXo$J;!^|N=qb7vO0qF^HIev`yrP^l;O1?dj zNAFwJ+gJRP-(~vgsV#W;i-^7DG7_y7eY&$W;1fDqNBtcHwYQfCDXtrQdOk3OhzSbS zTk~CgYpbJ`m1AAHZGFmOPd@(qbBIhnIsdl(c&9Ky8$H^78eh-52~!Qz$cBfp5JV!& zE0Z2uVb865GeZpBk3nixB=9_*e#zx1aHqq#{2uUD$LdRzd@8r?CdxNK`^tH4^wA+} zZm`Dn+3Id17LB&8z`_1ZM1?yPbB;ank%`b)RLtMnQQWk%JfsOHRui^ttWISc<+Ib{ zgB{(ZBcarzlSjRu4=LKQilmd)C_dN0wp$we_>8fN^5#R7QU>g~_%}y#pr|+{y8o_y zU{L4rV_ffGX$SN=~)Yvh^P2Eo<^ebEgHo zR4aRU818PT+9C8a^du)t6fHRU?@Vr*Hvd9XH{i~=9N!>xNxd9l_r{dpImr!-Gq>OZ zEcK*~<7cRSGM2~kV;R&YGh21uUC{}{Q12y|8-vAgT5`Ju7_$;b_kU<$?%~wT)96Wf z+D7sr3RHw8b<~aPiC6SWjD5Xq+BEVElD$t|MK(`1+Guu2(#E+4N2%#Nv@=c1Bcg;b zZ8|}f?R#P=9rOHQqfn40^Fs!dG5>{W(X!j8i55*L^ufE2x|2O$GUVX|%_Q=eZ8MY5 zsUDkP1`*!KcDW9BhN$3xLB?1_%=^@1yplW48q=u>6<1HR?D^eDDGe{7+MW9Gt;8@Qsq<<~&o!ReCg2UPVQO{sLClcnNEH=>o7EqvUA zeJiU^#AIr;ZQL{VxkaqVgn#icgw-~4JK(&~c&F0Hpu=3_xY#?sIUOo~wD-F*meSB` ze6))p?X0$c#OUz`Mlz_`5@#(hiL=jQ*sk(F{(drE7jD@bz>~I^(b~26%P>KE*3G;-&a;p@Zsv-B=+T7D7P+^fU1(Ir^m%&t)^rzDa#C`NL9!fd`O=#Yun8;l{5 zR9#rO#tjRciR0_DYt)yAO2@E7He@eVmZ+k%&5_gN0iviODV@+hv=1W+XsvkU+zo6u zx3XVUjzckazoei%iMdYOgne-^EwQ@Ul3+Ek$2fvoWZO|MOFpjr78l+nV;^JstWgY$ zfGWL|*PDq6*E=;-P9xCbNx47!^;|;5kDcc#;)W0Cv58`@tu)5`wf&!w zbzW|$-h0Va7YUossGjy!&n4=^VN;XlzJ+t+qYVLkA+GzB*U{>2GHveMz*nNX)Ta5E(u{SO zeNVY58>rd$dKjotT=mCgim!NEes?wO9(QUa_l>5BJkCs!q?k70bNr=JJ0IA+D}l1V zFw)7%E$F>kF;pJ&LzJ-nL&?IEZyTmB>^w{h2?NQV9{}OndDQT|du)hx^{43~m9#ooS9CdYF|yLV5$e*$uN`3H)IUxQZl?=>T7 z-|p+lD8`xMQf63_pQG^QI2V7FIZBfDu{26NkZaQT5}{pDVtb>s!5C^^i4M=4+rXbo z(__0w#*4Uhlq=i7xHca2Njo>it+bix`vk3+a;`D=KGJe8>3~r&@rdkF20k<4`)>hJ zSET!0Mqj9skX)w@F4=sM>bV||CwWydw`l}_nVnqKSQqEb@6|Wik^@(&xv5W0NM4c^ zfK{~=aj7Al^aOkIv{{l}@Mu%moUBKQ+gQTgY`%5$1g$0D{+@AA*M7-m=})_heKMaU zb$q!7pN^A0aQIEZo?&brnn1lZJ%f647@%U3aiJ@KVrGFf4}bzg#-FEfU|S;Zgm zjTNOr&@kl2g^BV+xQE|-c>42h?OCoyt{SUZD~c5WT%KXA8}u!?N{@2`o)J+;6SV#K z?!|^~iwv5e=+~0v%SPSE1EJCy8YAbx?W5qaJ!=yhvL#TkJrma9&D8`QW>tpI-Gcf_ zRzIu1|9LQl+c&mxW$$kFZhcjifM%VC>kE;jC8WBWuHd6L5fKr|E^T`8Y}cCy zzpu4Yi*aK;_~cUkC~26^5V0mk1bz<|zEPNzqDVSj*Y`>ET3x)_AmkI|z1B^FiIW+Q zs9rm*@6ji(c+E!1@I8pFu%Btw3SaAHWxA}?O~aN(pPVX8(v8{MAjoof)h!J@d*yG`u7_JWsR2g#+igB!%cNnB_pkl<*)ep&j+@MNcWK2E5GLZDv+}jb<#%R zJzT&eL>48AFnaLr1mL1-u(q1NH5(T31`jG5bs5zqP@!g^j^^89O~n?|CMn&I&a<^NR^rWCT-#XsPZr?+ z^@;!2AEeb0yE9O1B(@N{NbGHJsmNJJEm|4%%)XHF>Kyp}|D=Q+EM6*n)UHf3HwXO*Vu2b#|U7EB!jiC1oh za*F6kEjUJg_*dKy*}!Gr-;}ul{=P#94H+3zh4n!6`HNS^qMhjl`U`Z_`RyjCaPC=9 zAYqAy7Z9Ad7@ldMm?WUO`+KtZ3_vI&zVNz_Q|-ep%8fZYhZE=ug)SWfgWHmmXK z3VKFHd4#{xoryd`V$6KX zeyTcv`px&&#xX1gGv$aybX!KKv%NtId6#2~Pc6(`s9O<@7(^gHv%J0I91k71S3R23 z79g*aB5~*yD{*^jK?kWktwL7Mquqgxh0a$QadWUA=fG{Tmm?+v8M?kD?DC(g!-;8o zF~Kk3nIN~D8&E@o(EYJz-5>R_X3~KlMROVmz3qQ-kt|c(7lYTTm%i~`pB%T-%cvPB zwG5Jhc$=+P?S7?#O&7m5{;31}ZiHVuv|V$??hP_7-v^c>z+m;UJ4I}gr)#3ty`v{X zX6Icw$UwXR4dmVo*6$TWh#tzSh$;%I|G7Y8e=g7sc+2?BxsFc(ozV<0JDj*Vr9mml zq35Xx*{)@giZKF}V|x)^a1Ka1hS_yGP;9=d=OqrZt7Qh;54J(}<&*v>7x#VKjrfPq zuFRMEbKNxV7&o993_4G^$_PDQu~crKIT$R|%X(03h{z|bG7$m4WHIO?Ut=D-w^L7qh8nqr|NaGDv(c$dh2SJV?8HUeNQfd?$!SOS__pclUSw+4Jimi<-d{b8xx3 zHg5;soahZGC2Yr?3tar+b#f>Nno2LpQ3{6P3C$qmte8K{_}8TktQyKn4%i0 zTjmvCzIJxzEG-;0+R5vZfnPu2yeG3`m4_7>s_?^$c5u<*+Rz4Yu=LWzgHVQLp^*F*HI& z(R$uM1-J)lem1l1!+9ki`JT7f#ZU;<-oT$)SBm2;C})v>4(rZ~5hn+s8*ipHWH9}e z(P4=<2B+?FyBh!iDQb}Wzu3GF=CX$f(t#d|a5A(2e$C~Z_@j*+^e)$1%V3dC`Ct5# zi^G<|pyCNM%a?L}^^PQ?##cv#DEKK{IKl}ZcF{jcHu0yho(l;~>VJ)iKab{q_W|!V z#;h&;1>b_oEMX|0B(84=(yYXZ;CM2kzYf{#Rp7$$8hHpby!C6bS=Z}Z76286Rsi8T zQiA!j$5vGDyW&bE@Kk)k{&3sMJHs81ER;{=p_I&@ZGR6IAs67i*vs&W|H*6Nt$v_xy$24n zUyx`;92CKeUWV;@f`y8%cM&V*r<8b$4T?(Y1aoRs&5 z`ynsY50NzX%Iy1Z^5BCmEn}R=eFyc&Fa=!KNuiY(Wzk%vB!M)r0J7oQWq_QU2L@*b z?iKcT6JAG8oFE5LVb#Z|nJG)S11Fu8xENaZ63F(fJUpr(ENXWp^322wBaL`Vz-cM= z8{LBaY%6Tg3K^dS@b|Eq98gl zDICe^H8L08eSzyX3waptug3>l|LHQaAc$u{8lxBTRE@uSu{T?V9!=D^W&sf@1LbdK zZexGkc@igEt5h_Uuhh26VNPDefnC3<CpGp*zNbB(4BL+8pFasQY-s$t~g` z zo)>tnlX4l3g@!G*1K#)|c6OlL(dFf5bhDS z>y&Z{oNqx+?$dV@M*1|MmZfQD5H^-=VhNYC6Q{wDCaCV56~|1a(q`qOm$r* z>pbJtQ|F|lj1F`|g1+Kp=b31{IJE~0p#6c7XI4(u=S&y&3&0UlpvIqITKJiCG=V3? z2sf>Q`~^lm5;iN&m*BaZD_)|M$fC~ZX?t70k@*WvWA%0E$W}j6`w~%{IZLDZ?bvvA zYL(CuwTg?7-?$ zCws)-)IBG>J8Z@a$-G6_-{o3SJ2!maF#!5D?lYA-uW;YF@g2@!hKi}Zz5OPrkjsSh zv7I277w*V5FZX7>tbv#augCt=J#+n{()oS(Fdc||eIA!26470khKji$jPgN2K$%R* z)mZm=Px?Jxn?d$Mv=p}`77_UZ-HJS6=ukrVs4F~v#|H~3JG%7jX4jRhOwEJ&HZXix z`oI&@INd4sUKCTdcu86bRjM5h_x3MAt)))4XmLIQ*>j^AmhXZqg&N4G|I&@$9ONfW z!D!h}GSX~Bk5=BhS(6?au&^l5>K>}JtC`u-HW1Psq2mNZiUWc&2a))Cr>`7Tc1)xN zm4xt$K+d^A_cs8#$DBwC8rvBP_0NgB>?txB+}M6;#4iw=+3!B|wPC4OhF@^RS>`(u zlp!WewONyh4jp0z*bJ(cKjIgqB#Y_Qi*=o5XO`kp4?HdNW-Hz zm?<3>of{8t3{tQ_8H|#ImvtCn%~r5}5DM-eiu_86>er}*Uc_=$W(zFaxrqEp+ zNh%5Qr7?Qsd?w|?zC91y*A+Zz))aUER_tRnuoSHZ^5V9C^+=vI$qOXh9_eVc%L21L zsK^T%Z#aj#5~D8`jmP)p;8O71j=4Q}DQ*hkL^c#+T6#QVBd!j>@jcjDSf-J0wY#VG z2LNZm2hAq2nkVK)e>|1rfJc6n4$uXC4BQ`HbY3@092LR9crJCgnpJUVq%(zzzla`U zzN7kFAfZh~6zl*OSaqVIM@@va&C*J4&>yoY1^#lsl2Bn^4CDD6Hj@XM&!3*t$Ot?A zak?T`CML?E`8N->n3r&-D~~-9t?w{>gD0x=#~Pu54RhN$tjk{@fqJ8wnq3%fuL}_b z8H7h)WNk{IwQu-hQLht*PW(Yn0)R{!UhzNyLVyAZ02tJCtHl8Fp?okgkRXD<&DOtJ z{a{mMnPXK2lz*Q*1qJKeqgF8ck#498N&-*l)dbCdS&1b008^dh{(l1wp~y|MpDDBc z`($4PC?!#tA#VyehzAzIY^$#o_V>vM*73b*hWD3RGb10lC9ESaN<08l7e*BX}Y1ax5;18R%C?Phym9rczE4Amp*IkdUL*fU6>TFMcsl#8=pLQx@vS zjuC`<8KAQaI)OLTl2D(UDxwb+)M9p&t_1O+WXiZ!Ai8(P|u?x2vLDQu_Pvvf!uxt5rh>XJX!`5DsaU+aUSnOxy_Ig_jEJOAbHep7|OuRP-1HA z=a3F(dr(Aj{A=^7UCniH84^H-SAf=M0WcCtIDVW7zk|6bnMw~Vb0#)(P83wpHa^ul z@Zy$K7a^Ey{_A@h2E&!d8^|SkoM0t_$c3cLNkfQ>p?`ZTJw3!(3Dk5fp zEU{ch6Im`gW#;xDFSoWpQhO(sKAS(P?)D4IO;AY_MPX2&m`cb|)|lOV7UB9cBozLXq8}dbUvHw`b2L5q^uPo&mUopg-4#+aR?c4S=jTdatsG!v5m;3dBn@_ z(OGds$VCc!BMJiO!K&qJCNB3e&Va98-El6Wr>Fm=n1zPM_TyHIpAy!zb-69f_?l2HZwaYT0=v_TR3J^%F~5-6Pp`aqRI#R4jB&H z5Vi6plFjH$7fp$!T`Lg#Dn zJARpP!X8CJRaweODXE*Kk@S&5nCqo}vP7R8P?-+z3x3}7QP2H3K+WEDhP_`VPtQ!W z9)y-NbCTA~y@n|ex1WFm=%f9o{LH%D};%Mi^b3%nbpNiuFS_w-LRWA9DgTMW;DZb$x zzA!CIA^h(1hdU+4f4duPWN&*^Xw*sg-*&cwlbPv|X^MBW)_?)m0veu=xI9bSXfOy1 zf7)zQ92)zJ@hk}EY<{7O_%d8-mIdMZwTZ8F*`|v8cNzcmS9$_m3}otTwmoh+KJ(`X z_dQ#kIuAk884kx^|DI5R*&0FfTl;oaEVRSc9x*{`NRM6?Y5hAF7c7Ld@1e{Bg1_w> z!Dfs>)H8pVg!#4s0zca_)BedNDL88XxqhZ^#6h>x7v-e>pQ>;(e_6BBVh=a z%kyyC0Vcv^A!O*d|GVx;iTluFF)IPnOC=o|Yd>Av9|&yXH4}Eb+z1l$S?+slytZQk z63Gx|8KC(j&7|9Q$z%3y*A8=12(D$c2stfP zWjQWes4d&u$g}*u+mg81`3lrI@c^O*4d!f4WcXl+l*jsWY>ELyPO`bu8sy{It@e6{ zK&9`?5K;U(G6$KacmxCf6PFLEhW4+5?Sm*;FeAkT$0-gd>0-}~Y-6#bm78x-x5eB= zcb}Kt$kb$$@Ncq|A56D1NvYK>L>(f@f z*WAVqd06e%?G~hbFO&sL6-}l(p|;TSW0za?Nk3m3%ME*)D!|=N#bX+9`hjV1TPa19 z1LiN&^y|G0u1*^lazh*KO}}?hgc51VwA8T#B$J3zT`6I5?B_^$rByWXZi`^u)uq{m zmsOR*rFFr#)CzLa3qZfFAQ3er;jR$=uO4lnJiEYg-^c=Fr;H-H-J98=@5m$f_g%oI zt0#YFwXLCw+3HS0BrD`AeiT`}Ak~VZ7yv=&+Qo9vdpfV@!T6_+2>|dc>!G5;vPa!T zz!{4`tVxI1TkeVX!5o<;=oPC-Nw@{Xn{5K zavq3TtPpR@gGa5wNfx5+b=rJSbUGQ5QzkSQ!i-4mJD^|ZSofsA0ROz25(Yz*oaNKTc6O4#b=Mjhak7qjREIPRf;7w$1Nzr5=vpmp4F>=5A7l6fbUHK4zx>A%;Xhr4 z9o7HR;0Vt$Hb?!d`CWi^GCn%#-2VGyAB4c5P(ZDb-je?+eAXySm~}uF4vF9WWB;;wiu?D=;C}$F!dj zi6-;khoKw)I3iH`Q%%ij{t`u6^s8X+UByfO+giYJraSu6_n`F+L)RHGUXT6P`e42r z>+f1+|1ZsV)BWjS1t}LH$@~_Yrvl6ma{_aFxe{8s4Yz;=PzujI`kE~Vl+0Lvciu8m(^DtHCLyLc=CT(Rgt^INA8;>p6UnJ~uc03inj2r14XacGzp z{)$ALF7^OJ%7pNNo78_)>D|%yk0JmIsv}b~Na&Y@MNLY`d5s-HUf8_vA*1$6(hpFg-&`7 z-1B1CEM(_yg(b6wPW|}J4je@lPQ4ROB#)W&pX|wPeLPA&*>T80kDNfO$}?{CTLNuc z3uvAuoLDs=MXHltM}>zl*-N^)+Lsei4P(>tii#TGFls^HQ~^Gvg2cDMv=~|hm~r3Y zYjjI>9fSHC|4LzSesi}x=HebWdI7U>`gjVj?N|o{yk~B_#KfPo4|qtN`xr3%VFyhu z&k2vM`>WwXsa{C5bms_Kpa#^30Wd{kD|tB~5)ZSrYS+ZP^bMe#rWM?O&DUe)wso!> zMlIffyLau%5b$g@5EoP-;r9S^M{5xBm%weX2HwvKPtWr{J2mW>R+FG1t2>O0__ZBw zf-#XIs)`X9%Ckw?J1Tieo(GBdK$qeqeWr#&#{ZemqLCDhA2jKxC(1oiTAJqf$7`VH76Rls=!hfvcAX6VaTD5#&5~ z#~~^lZ^~zHfRTGvOpavfYa1@<4;AV?I^Pw?mT(9${2B*eF+*IW6o0TC&$At?GHKbH z4?0$%!6x|)cT_WuRnt)jR9p?vT`PMV<&aFB>2_-egI~l&JI^mN8g6X@zN2?VZde@B z6DVT9%_LR)^j5@OOIh$RX1CO=ZM*z>lWE}wfC9I}Z_Ty#Gl9nP1K8R8VGY3xAV42( z=H?_v!(ClssYj%F@TC>Gi)Fkwn;nY{I(NW-L0qNhT%NUdlcF760TonZO2z@0a&LCe zw3Ny$Iv&38xw^Dah=S7?ldGQ7jwDF?Z9sCFd+R(wsQA)tOCd$HHrX2HM$^B20_(@& z^w?G8lE+j7I*VaVmFDH7SZ39`M(%7c6)+7W#e<v=IB?C5RBx!ld$tX+}my+}I4AqcY(!B|tRvFmAC4TM4(_wAb}9Rn128(luO@ia(P z3BsaTl0laTvGLHo_J3mifN!B79rTJ$5(YJ%?vC>s3He|Hwj~U;@tQVc`5;Wt)6saSA&dhRyKVnUbK6@hg!7&=!>L^&4l2BoMb~Rh6OKwS z1_#}W)O8B{j_m!a)nsW|FnejEGX_ya5&vxUZ9eT-4VI;R-$e<>`*w6K@E2JwZ@j=( z+JrfKy-`v{Nn_ooFlyw+XEo;H$mru_SdcRDtXo8jR`I@Bz*vS1eg}sjQ#L*W)1}t1 z`xr^`VO`H7f_2^1Ls<;aYqU)aHo;#TaKAjh)z*fY?6E25{K)VQ0b&$Ry!mMI`NEUq z_n>y@)Vftn7%dUJ_(mUT3LAP2|shA~$n37lRY(jmrU-hqZyZHW;h0y!l$A#oi z46h)WGdV4d^$3HMO)K{2=O6{>sXLTUK{+}fU-x|3cwu<^y6<-)kc2D`cz5WDumiI! zh~7UeXTCvjj_samzwS?UQl+dwWxW!5TTE(?b%`ejzvdqsn1&JJi~i9gjGai5BgK6H z-<-p2onnzO1`E*bkZ2U+kL@3+1`nu*@@?THqVcb*3tm8lA)qH(4!Zd(GzyV&P}e0p z5^}*M8G{bLp~dKka}z@&++>iJ{W6Y}Afhd)60k*fJsv&qyjqy?uFW?|%+y0<1#0N}u5qNxNs)A!?a)q^VG`{yqm zyIuH?(L&d1Ol;xCa`&&=E*n*oh=cqAB3KvhK78``OJ_U)PHdwG{}JNFF-q^j0zQnq zsrU;U*Cjwb!J9WO2ae3^B%ver7#kQcR=;1JVg6 zil1YWLEmTH?+^Y%p`~mZQu6)d*$MSvge{Z*H+J2dqfC>q4CQ&r^Et5GIH(h{h&qkX z?8~RJn*X|kzu{nAMa(}3O7!gZ7GBg9HD&JtisxStv`Dd8!dQl9`rsN5&O3m_6@dIS=V-ZCqsHRzL zI4+OH1as28p*?y!`ZxCNe@;+)NtwW!ufv-C{K?P>f)8%Bf&(M>{$ZE!4gvIm)YL*SfxF@zLjk!YCmzwWO1hW|dJQqsGvBDJj0Br$J8<*sS<$3VYt z>nxhV+{gBx_5M8_O^M=)Y|?mD>4L3n{;%m4CVEI;rbR;;U8WIb2MpGGKm`svn<(lz9HAna&&)F5qF30fz$O#j zn|Fp7&sP`)<45yD?*^<5o$1!$qvT{zrjXuFtvdZErS5Qv4bjydLu%s~d{}vyk&2Va z>5G~uQq_i&Z7WPp}t)KRT@}nQ!04AMn-mWA4^tH}2zM-c`SSHWl(}(tC zkxzzL&AK$GN5U^E7M`H&K$gmRYclJ1TxmCHd%gpvRe3K+a&IGv%cg2Gs3jUOmq$8? z6E(D4TwiqQkxB~qH2HAHmicN9;CqP-L738=140r9p^qJ~YKH6Oi#99P_?wzy8m62@xQkEkty-vLwEWF)5mR(XhK(am6cY_tXT)% zs3~4<)(&-F>St-3=!D>mFzN)I6^zknTi*`f}h;%@*Y|}qi75q#Xme?XJx7reH zVUm*c$$%-6-!@GY?__QTYwimm(AseFkJ+T6&KO2&O*tIeL`1>2FnHd#27AJ6Ap3Vc zQq#gH9iu<00QwnDGs+Y*8jIS+r@iN_t}*hD^bmt-D$kStBA3dnEaiPK@~f%azKQB6 zTFJRz&S%ErfBK6c22U<|PrF7q&(M&L3G%D;m*SnQ(%;h@w(}#n|7gk0B)*ASC`+ph zDzm%+9i6}LDTBdNOfGSuolvYx>Tj>2^`-ZgO1fGiIqK@+`Pk=JvO|nPZEv8puDwBY z>LtO6C!wq@&32qu<{{H^$L)asQQddHQ~AgLm&|0oDcdm$;n<<z ztYh!&y;s>QTU!d*LK(^4gwONteO=$b;QPbp^MjwxIoEYN_v?PWo{xDLURdqz`QJXt zp2?&xJ{*U)b^d)@Ix&7J#r1sFx2rJh{1~rZ?@2SsV=W94gNDuZ_TzeHtdh>%myNm6 z!xbjH(9K19>kCiDJfxaM#j8YpLB9kz`%)PWksp8_6TqOI@6niS{)@_Eej{ zZcQnmwP{G(ZPBNw_4Y7(7V}TQ{|lc7uwsHN6#JxM^n_kJ4Ie;MDL@1xRP~c)ez)*8 zn*ny);j$D^wz!&b9ab^-mlDt>_YrsatJ|K)UVidtOY>N36E6ELh>mDL#5Rv;qYerv zVbJw~Gw-m+6(~Swz;mT$oVCOq4c4oT3oMm;C-7+gguhteACfG_j>Mz@+_G_Lq(vj8 zEvJAfR1pp!Nunjh9Perj_sc-PGv>hqqef>2#i3|wgf z*b)*XU95KC-3p~+;89oZbMh_lc*jfkglDJB`KlfFQIvK@ z%q+__?P5sCBq7J;=0d*!f;531Xl$vV;nh=XgYGry^6Nf-JS4sLtHNJ5BBUt|j5~s4 z$|U4xai5T~h|0FZ5~SGWgQ%{fmi5&cWejNNvAp`|rSba8wgvDLm03G=R+n*q1xN_| zi|GKz1bpTW(7dbq_fo+G2F*x`h}ul`(kv!`CZxXv<$pn5*gRJnzPBq#&r13YkZM>; zU)=cjNym$`EFY2|?QmwyuK-ueaeA`%IvoxAQ&Fp(qkjqu=_gPMUy=++dtUUg`u;I*$=w}!?d!YT5m+bu5?qx_K>ubudLPXe z=o5_$7Mh-^g7b9BMp^0YwJ=Uy{|NM&3Y@z;gXn^eb`}9GgFqj!+Y<=ruR8x85qb)` zPCjt=0WaA;A{-tVJdFbm$9K^&Ioo(EjZo=l3k8T-r-2`VOp>}vUbxc$sCfAZ&x!41 zLd3xG_gHP|6YVm4-~f#fw4E7`3`Lq!8_#@va6t2|HZ7wwoqnH%uv3=iQ)=I3o7vT= zRwEdfi!v_*;->AMhBF+k4`;f%pp&m&HN|}!tz*u|G`aVr4C=S82;%w2@`5v=9+SxW z(T`3nJ-B7>R0cWCTm zz@|tqjje&?>#al>>21Pco_UXGGYA-c+DUxgF4JR6{3Y->#bBuOf}IC3_ChqE8PSCh z6{!&vCwvOQ=KZg`yXynk$N}~rtf%|IG73v_h_)A{afE%tF!Q7k8tV;Rr9r5J& z+GW+~-mx{%KN$!L@`Pd=;9^WZW44Jqbgpm~+xy?k0nW2HM_?wB=P?KD%!7q=w-f~V z>%hr%JRDi9(<}uoZ`dCQf%}U`q1mjgURr6tO1Z~|mBWpAIC&fhn(@!LD=QxY+{jDs zez-%|@%Tcw_XCGNLhql^pDPRclp%d|QB~(3@;)KU-o<;|N;&&o#N-@`Y8whj_m;ty zYGgas2Uv(E2lJ~##J`@=^ZH&MKFWHXra+H&+mjl3^j!LuV3EHQ(Jq?sX4O2b{>$E7 zm^*_eReMx+50g*(XtHCdFW*Vl_7)ZAWm&C8!}@bEM_OH%mcc9a4xCmMW-L|HR7Q5F zrly3%{ zgkR!PJLS>`6*}vv*_(MFkHk{p>+OituLG^<>S3bvhP*t_5pE?uznem<;Qy}Df2*>7 zEqvheaF`d#a1ClCSRA~#ecwI4z6#eSau?pO?u*!UDNB<3@G;!21)llk*8KT7QiJzm zVSR$CkBlT*IS*bK3Ub`%T2_3e6tSb#-0eI*mv6l~(a1nFd>}<)ibd3oZv#>XTzwx~ zwi^n~52Ky>t_ui0}-pv>G!{?qOzlmV;%-cz6rV7hO3hZnQ z!xQsdy6QK`({ljQaLZLC*LCFh5O(}7hn(#CR`cql4$ZI`?=d81w2^$5e@1n&?52=g z=m2VrEVqM28oRhu2NbcbohcndJ8+nH>IvQvJJrjG{S*?onOvL&ED;|s<~czwBOQMu zsp)<5AJ2+i=wLo~txKU7beb@eze8BQKoGD79VP(-~6OPt;WJ zPr~?y%B-~$iy9`{m`$KQN;od(uxh&72XyX)*5wwRWWzWksU=Ex{LbEeLha(@U+wp4 zciVv=aX?pLw8%ufe@l1kk>J$4ND5{!qJGi_tGTLDbdV2u2=iyybgKW#K}xYyVf{_d z5oOt6;qERQ@Z4cPl4Y(0(#>6{Nio4VpN!d6+H$?}W{p4HY-+iCsg23-h z&@6uS`(La0KkVaH#NRUt%&xnvu{4RU2+z5`&{{obsF|bb= z3nc_bG&Rs~q$|8m~-etE+C*k176>Zd!=5li@NKu;qB$Yq<&QJgRTC!G9E$gtMU`~4t^|k47 zarNL5ephp;KV94x1q`G;cL!M+{ciCdQnek21{*l<{(Sldos*7f57_Pf5K(`0HjE^7 zwSzo$!yFu-h*IVr{1VTsY^I5~;>VPTfl|jC8Ug9~p7$g`7Y*&ihR6A$R{aO51fo5r zzMo_Bi0Ny^Q#Es8ZBGuNK8qjQ^psP_6H_H_58Z9pQz!z?*8%-r7w9@&$m7Ae75C(T zu;hq^W3N@dh;`Sr6$&6q6ho=80(vp*w{(C49s*2aQsS^n)wnj)DT5wFIB@g~GIT(W zCcBF05$vC6pSO+c{|(21qiaE~E50C_m3SR&p7)fH_U70Dkb!7n2us&g4vb3{Aq7hr z+PEQW&vxdh1gX&oi=C(wJQ~(3GceB&jRQ~3vh$qHC9l&>Fy!moxOn}u1xrvL`cHFC zGAg8vv+NzBQscM&wzLR7?AyB)107xCxVXMK;2GR9ZyUIrf*XM5v5$v@@JAj$K0(b^WDx*A6(#xvTZ!}PbI zsvzr@!Nb4-pAKb?&Z;19C-d5fB^wd@$LBAEd*X70W;3Ap(n({8<0wkxq{`6J70v!P z&5aT!#!zt7#imRLi{-?8OZlt*w}U(3fAx$04~|(l+CFKhNaOv;#QyHOY`yF6 zXiJjF@d7&ctP68U@Rt9Y@_{;eex^{1jD+PsDneOK5qu3~|Nngr&uIN23q>kpTm=}a z>Z-oPMJq@)YeAK~Nev>mJ%Iw_+Y%SWa^5NS(B1pk(}@@`{H*a{vyFxEP8E_@(nMLM z)A+GFDiW_<%>Pn6DF0|`KMUXx9hJ9261pWVa0!W4(z%K4Fst(ezxeXkH&C3BIX(4r zN#Pl=;Ud2g;3jSTiHXOkt_=T1T0+OE#vgUo4hrZiMgShdF8~nFcbJ9)_#JH$C%`ki zl_W7cJp@qzlAqdSg&Tg>M6(UM{s17n?fL`2 zQ`z?KuL+LZiESx_$iskC!!8WK7|qb(0NSp)7^PRth=7Z>isHy2!r7XCVJD{Ao zHA%3@c#VWD%Oo`U9Aj-qsU*p1IK{gx9p6P9h?rScNaDPFu+(3Stb?O0WX97 z0NXtQ(|aQf(vdIXokMeA@hgh@1I=C1$Kt8>Z3Z^UtMIm8(6O(LSpS~%%bvDi0Zr;w zbv54H68G*dg>JA%Ukf6}ARGV;U_#T;YO^jdrEamIp`mvab%4tr1kHO8$WmRny*glQ zuSHT^y727}=G+P&got|i;oe#$yr}^3Yah4fd&5AA7z&0U_gf3tOU!;uH2vbN9OBp9 zQfg9qPR?BN-maoG-{GAptf};2*jU{r5rH!oVlXDiPaTv1e*~AMj))pR!I=WlON}E> z)$#b_w_KSzfQR&9f$BpWeAPRI88LC+2T4X_FA(OyQUs)z8@^Hk9YIAJ$xvm!PZB7F z);klo-y`>ch*DS2kTUG)=_y7!*^gLdybKD1uvuilV=arQYwrPuxGIPmDe*&O-3oOWl!pL4ZQqngo|(9JU_>ruvq9PBv5}L2A8(1Y`oSQzeUmoK z3C_aAQ?Oi=3tN3CT9?ZN3JW2<4*_-5$j%~E%+bLeMyHiKG$cqsHqm(_pUykqfu$2n z^!4v#AbO@-`$*S2V!vns91Z-ZaOaIbrb%k^q8yCDcjKu#n!SkAf+lxxS`;B%jY%tZ z=$$n@4<&GfA09%kRf*F+3l) z*5)R(pK7!?9YMpH4j{Q92tt(GaNle?{Wi7JqOcdV!SVWCuZ3_Nd)Q~3jYaI;N3muR ze7Kj@nA<03d3rh{Bh(%lQ1V>M;}*v8$c7Q}Dg{0^#AIJst?&POG*MwYabr!KaV@Q| zVIhOH-}}?T#GaH(#)8Pyj|U}3M$K7@^K=Jk=t^pTvoJY(`*IIY&wmyc7A$;yGZpNi zWrLlP_%1Q+Ovm9NHYPT9Gxs=WChS{eW25AGmxm7@7GGUwlco+0Nlj%m7fvb47)@*_ zE-TBsYbU`}5RFps*{>d7>HO&&IyGe)laYa@ymE_p<;EoDF?$(~60NGMOB-~wZ@Ts< zFVnvN{d?^pR9?uAKgug5E{@}a)vK|o(NUF$&uDiZ_l?+$Gm{f7=_DNU81P*jn4T7B zF|Cxiaf8D+GAb(Qqg5`8hklt}sh>UH(9n>Don5%Y(*3)4v!)oAencj-k`60+W+o;U zJpVv7cKn3-sg&7{BO^UMn{-M_%7h69y)RCAK1k8WM`p-waR2dnZD3+TyS24t;q0u%#Kc6*G1)$|wG}t?MNCXgw>4_#)JTCV zJjSQar1T%lnSHi)?qQM7R(Yv3ipK$M1_2WsX;+v;r-JM1t~oh7D|lqfuH$viMrOop?yq{o*Jp5Kep4{aAv%Brru zx9=t6j6*&AzOcBcTvk~bUQlqw%}RDsQ}<6HWz@;+tcAZe-?f^~PKCp>PWWbGpPvlt z>+6>shKG|nucChaURi;CjfDL(E-H$2yNiUfkeOpr;&QfZMj!PB!bastQgKa9%}2}{ z%zR3Rjnn_?r|qwIiT8{b6H46q{d<;; ztu0$$FZnsH+i5;#W@ba?j%iqnJZ*=^W!GBWaI2NUj2h|5;qD*TJ9s1|Q>MyoOq?c5 zc0fm# zGZtGCpOC<_va*u*+(m(mj7+iUsfWj1Ch}lmQBlPee>uNRSJWpISBMwAGWQ#8h9yGD z;+&j-j3B0;o12@LHp#~150@4fv%L6~g-{|+Ed9!|$BNjL^mJWeVPTyc(VpE> z&CShA$8x?kN%8T~>1u5xK?+i2J<8T)jo$_bxh*X%OUUEz5e*pKuCbfum!4pcAs!`D zljrPAi?JqBA=#{VH^*^KQ@U;@DSqGM@QWZ%y+V5J-@#k&HFsUEr+1@=WH?xk>+9>o z-v4ATd?1_>a{1j468QZMLIQgHNLvi%J88@VEcV4USqa6*0U{zIB_!CUfu+^eNP}$D zmLC&d9q)}xHEX|rbL*8Ryph2~X{f7v+kX4nU+23(m(7a%Ha~CWY%D1$d0ttF4?fAo zM9$mJ#L3(|sev=DGg+qVnC)(ntHT>DDlJttG&0Jy7B-?UGr$o%->*6odqE~k&O%a& zBfWaQVu5ah32wSi{kCIsTiX>i|M1brdhNXgMzov0zwdOmH$*1Bj8l|jM^Wt)QMK>U z=EV-7fbai#n_)Jes=qyv$qFivHO`FbB)MrEGI@!-8@;UeK z-^Abla@yPbeBDE;bH$yD@5)%Hs$R)OGQ&hzP@H%qerHBX_QyUfE*32=FaI+-I=cNW z7>mVHV|IJB - -# Docker Engine managed plugin system - -* [Installing and using a plugin](index.md#installing-and-using-a-plugin) -* [Developing a plugin](index.md#developing-a-plugin) -* [Debugging plugins](index.md#debugging-plugins) - -Docker Engine's plugin system allows you to install, start, stop, and remove -plugins using Docker Engine. - -For information about the legacy plugin system available in Docker Engine 1.12 -and earlier, see [Understand legacy Docker Engine plugins](legacy_plugins.md). - -> **Note**: Docker Engine managed plugins are currently not supported -on Windows daemons. - -## Installing and using a plugin - -Plugins are distributed as Docker images and can be hosted on Docker Hub or on -a private registry. - -To install a plugin, use the `docker plugin install` command, which pulls the -plugin from Docker Hub or your private registry, prompts you to grant -permissions or capabilities if necessary, and enables the plugin. - -To check the status of installed plugins, use the `docker plugin ls` command. -Plugins that start successfully are listed as enabled in the output. - -After a plugin is installed, you can use it as an option for another Docker -operation, such as creating a volume. - -In the following example, you install the `sshfs` plugin, verify that it is -enabled, and use it to create a volume. - -> **Note**: This example is intended for instructional purposes only. Once the volume is created, your SSH password to the remote host will be exposed as plaintext when inspecting the volume. You should delete the volume as soon as you are done with the example. - -1. Install the `sshfs` plugin. - - ```bash - $ docker plugin install vieux/sshfs - - Plugin "vieux/sshfs" is requesting the following privileges: - - network: [host] - - capabilities: [CAP_SYS_ADMIN] - Do you grant the above permissions? [y/N] y - - vieux/sshfs - ``` - - The plugin requests 2 privileges: - - - It needs access to the `host` network. - - It needs the `CAP_SYS_ADMIN` capability, which allows the plugin to run - the `mount` command. - -2. Check that the plugin is enabled in the output of `docker plugin ls`. - - ```bash - $ docker plugin ls - - ID NAME TAG DESCRIPTION ENABLED - 69553ca1d789 vieux/sshfs latest the `sshfs` plugin true - ``` - -3. Create a volume using the plugin. - This example mounts the `/remote` directory on host `1.2.3.4` into a - volume named `sshvolume`. - - This volume can now be mounted into containers. - - ```bash - $ docker volume create \ - -d vieux/sshfs \ - --name sshvolume \ - -o sshcmd=user@1.2.3.4:/remote \ - -o password=$(cat file_containing_password_for_remote_host) - - sshvolume - ``` -4. Verify that the volume was created successfully. - - ```bash - $ docker volume ls - - DRIVER NAME - vieux/sshfs sshvolume - ``` - -5. Start a container that uses the volume `sshvolume`. - - ```bash - $ docker run --rm -v sshvolume:/data busybox ls /data - - - ``` - -6. Remove the volume `sshvolume` - ```bash - docker volume rm sshvolume - - sshvolume - ``` -To disable a plugin, use the `docker plugin disable` command. To completely -remove it, use the `docker plugin remove` command. For other available -commands and options, see the -[command line reference](../reference/commandline/index.md). - - -## Developing a plugin - -#### The rootfs directory -The `rootfs` directory represents the root filesystem of the plugin. In this -example, it was created from a Dockerfile: - ->**Note:** The `/run/docker/plugins` directory is mandatory inside of the -plugin's filesystem for docker to communicate with the plugin. - -```bash -$ git clone https://github.com/vieux/docker-volume-sshfs -$ cd docker-volume-sshfs -$ docker build -t rootfsimage . -$ id=$(docker create rootfsimage true) # id was cd851ce43a403 when the image was created -$ sudo mkdir -p myplugin/rootfs -$ sudo docker export "$id" | sudo tar -x -C myplugin/rootfs -$ docker rm -vf "$id" -$ docker rmi rootfsimage -``` - -#### The config.json file - -The `config.json` file describes the plugin. See the [plugins config reference](config.md). - -Consider the following `config.json` file. - -```json -{ - "description": "sshFS plugin for Docker", - "documentation": "https://docs.docker.com/engine/extend/plugins/", - "entrypoint": ["/docker-volume-sshfs"], - "network": { - "type": "host" - }, - "interface" : { - "types": ["docker.volumedriver/1.0"], - "socket": "sshfs.sock" - }, - "linux": { - "capabilities": ["CAP_SYS_ADMIN"] - } -} -``` - -This plugin is a volume driver. It requires a `host` network and the -`CAP_SYS_ADMIN` capability. It depends upon the `/docker-volume-sshfs` -entrypoint and uses the `/run/docker/plugins/sshfs.sock` socket to communicate -with Docker Engine. This plugin has no runtime parameters. - -#### Creating the plugin - -A new plugin can be created by running -`docker plugin create ./path/to/plugin/data` where the plugin -data contains a plugin configuration file `config.json` and a root filesystem -in subdirectory `rootfs`. - -After that the plugin `` will show up in `docker plugin ls`. -Plugins can be pushed to remote registries with -`docker plugin push `. - - -## Debugging plugins - -Stdout of a plugin is redirected to dockerd logs. Such entries have a -`plugin=` suffix. Here are a few examples of commands for pluginID -`f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62` and their -corresponding log entries in the docker daemon logs. - -```bash -$ docker plugin install tiborvass/sample-volume-plugins - -INFO[0036] Starting... Found 0 volumes on startup plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 -``` - -```bash -$ docker volume create -d tiborvass/sample-volume-plugins samplevol - -INFO[0193] Create Called... Ensuring directory /data/samplevol exists on host... plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 -INFO[0193] open /var/lib/docker/plugin-data/local-persist.json: no such file or directory plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 -INFO[0193] Created volume samplevol with mountpoint /data/samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 -INFO[0193] Path Called... Returned path /data/samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 -``` - -```bash -$ docker run -v samplevol:/tmp busybox sh - -INFO[0421] Get Called... Found samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 -INFO[0421] Mount Called... Mounted samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 -INFO[0421] Path Called... Returned path /data/samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 -INFO[0421] Unmount Called... Unmounted samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 -``` - -#### Using docker-runc to obtain logfiles and shell into the plugin. - -`docker-runc`, the default docker container runtime can be used for debugging -plugins. This is specifically useful to collect plugin logs if they are -redirected to a file. - -```bash -$ docker-runc list -ID PID STATUS BUNDLE CREATED -f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 2679 running /run/docker/libcontainerd/f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 2017-02-06T21:53:03.031537592Z -r -``` - -```bash -$ docker-runc exec f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 cat /var/log/plugin.log -``` - -If the plugin has a built-in shell, then exec into the plugin can be done as -follows: -```bash -$ docker-runc exec -t f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 sh -``` - -#### Using curl to debug plugin socket issues. - -To verify if the plugin API socket that the docker daemon communicates with -is responsive, use curl. In this example, we will make API calls from the -docker host to volume and network plugins using curl 7.47.0 to ensure that -the plugin is listening on the said socket. For a well functioning plugin, -these basic requests should work. Note that plugin sockets are available on the host under `/var/run/docker/plugins/` - - -```bash -curl -H "Content-Type: application/json" -XPOST -d '{}' --unix-socket /var/run/docker/plugins/e8a37ba56fc879c991f7d7921901723c64df6b42b87e6a0b055771ecf8477a6d/plugin.sock http:/VolumeDriver.List - -{"Mountpoint":"","Err":"","Volumes":[{"Name":"myvol1","Mountpoint":"/data/myvol1"},{"Name":"myvol2","Mountpoint":"/data/myvol2"}],"Volume":null} -``` - -```bash -curl -H "Content-Type: application/json" -XPOST -d '{}' --unix-socket /var/run/docker/plugins/45e00a7ce6185d6e365904c8bcf62eb724b1fe307e0d4e7ecc9f6c1eb7bcdb70/plugin.sock http:/NetworkDriver.GetCapabilities - -{"Scope":"local"} -``` -When using curl 7.5 and above, the URL should be of the form -`http://hostname/APICall`, where `hostname` is the valid hostname where the -plugin is installed and `APICall` is the call to the plugin API. - -For example, `http://localhost/VolumeDriver.List` diff --git a/components/engine/docs/extend/legacy_plugins.md b/components/engine/docs/extend/legacy_plugins.md deleted file mode 100644 index dc77743b86..0000000000 --- a/components/engine/docs/extend/legacy_plugins.md +++ /dev/null @@ -1,102 +0,0 @@ ---- -redirect_from: -- "/engine/extend/plugins/" -title: "Use Docker Engine plugins" -description: "How to add additional functionality to Docker with plugins extensions" -keywords: "Examples, Usage, plugins, docker, documentation, user guide" ---- - - - -This document describes the Docker Engine plugins generally available in Docker -Engine. To view information on plugins managed by Docker, -refer to [Docker Engine plugin system](index.md). - -You can extend the capabilities of the Docker Engine by loading third-party -plugins. This page explains the types of plugins and provides links to several -volume and network plugins for Docker. - -## Types of plugins - -Plugins extend Docker's functionality. They come in specific types. For -example, a [volume plugin](plugins_volume.md) might enable Docker -volumes to persist across multiple Docker hosts and a -[network plugin](plugins_network.md) might provide network plumbing. - -Currently Docker supports authorization, volume and network driver plugins. In the future it -will support additional plugin types. - -## Installing a plugin - -Follow the instructions in the plugin's documentation. - -## Finding a plugin - -The sections below provide an inexhaustive overview of available plugins. - - - -### Network plugins - -Plugin | Description ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -[Contiv Networking](https://github.com/contiv/netplugin) | An open source network plugin to provide infrastructure and security policies for a multi-tenant micro services deployment, while providing an integration to physical network for non-container workload. Contiv Networking implements the remote driver and IPAM APIs available in Docker 1.9 onwards. -[Kuryr Network Plugin](https://github.com/openstack/kuryr) | A network plugin is developed as part of the OpenStack Kuryr project and implements the Docker networking (libnetwork) remote driver API by utilizing Neutron, the OpenStack networking service. It includes an IPAM driver as well. -[Weave Network Plugin](https://www.weave.works/docs/net/latest/introducing-weave/) | A network plugin that creates a virtual network that connects your Docker containers - across multiple hosts or clouds and enables automatic discovery of applications. Weave networks are resilient, partition tolerant, secure and work in partially connected networks, and other adverse environments - all configured with delightful simplicity. - -### Volume plugins - -Plugin | Description ------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -[Azure File Storage plugin](https://github.com/Azure/azurefile-dockervolumedriver) | Lets you mount Microsoft [Azure File Storage](https://azure.microsoft.com/blog/azure-file-storage-now-generally-available/) shares to Docker containers as volumes using the SMB 3.0 protocol. [Learn more](https://azure.microsoft.com/blog/persistent-docker-volumes-with-azure-file-storage/). -[BeeGFS Volume Plugin](https://github.com/RedCoolBeans/docker-volume-beegfs) | An open source volume plugin to create persistent volumes in a BeeGFS parallel file system. -[Blockbridge plugin](https://github.com/blockbridge/blockbridge-docker-volume) | A volume plugin that provides access to an extensible set of container-based persistent storage options. It supports single and multi-host Docker environments with features that include tenant isolation, automated provisioning, encryption, secure deletion, snapshots and QoS. -[Contiv Volume Plugin](https://github.com/contiv/volplugin) | An open source volume plugin that provides multi-tenant, persistent, distributed storage with intent based consumption. It has support for Ceph and NFS. -[Convoy plugin](https://github.com/rancher/convoy) | A volume plugin for a variety of storage back-ends including device mapper and NFS. It's a simple standalone executable written in Go and provides the framework to support vendor-specific extensions such as snapshots, backups and restore. -[DigitalOcean Block Storage plugin](https://github.com/omallo/docker-volume-plugin-dostorage) | Integrates DigitalOcean's [block storage solution](https://www.digitalocean.com/products/storage/) into the Docker ecosystem by automatically attaching a given block storage volume to a DigitalOcean droplet and making the contents of the volume available to Docker containers running on that droplet. -[DRBD plugin](https://www.drbd.org/en/supported-projects/docker) | A volume plugin that provides highly available storage replicated by [DRBD](https://www.drbd.org). Data written to the docker volume is replicated in a cluster of DRBD nodes. -[Flocker plugin](https://clusterhq.com/docker-plugin/) | A volume plugin that provides multi-host portable volumes for Docker, enabling you to run databases and other stateful containers and move them around across a cluster of machines. -[Fuxi Volume Plugin](https://github.com/openstack/fuxi) | A volume plugin that is developed as part of the OpenStack Kuryr project and implements the Docker volume plugin API by utilizing Cinder, the OpenStack block storage service. -[gce-docker plugin](https://github.com/mcuadros/gce-docker) | A volume plugin able to attach, format and mount Google Compute [persistent-disks](https://cloud.google.com/compute/docs/disks/persistent-disks). -[GlusterFS plugin](https://github.com/calavera/docker-volume-glusterfs) | A volume plugin that provides multi-host volumes management for Docker using GlusterFS. -[Horcrux Volume Plugin](https://github.com/muthu-r/horcrux) | A volume plugin that allows on-demand, version controlled access to your data. Horcrux is an open-source plugin, written in Go, and supports SCP, [Minio](https://www.minio.io) and Amazon S3. -[HPE 3Par Volume Plugin](https://github.com/hpe-storage/python-hpedockerplugin/) | A volume plugin that supports HPE 3Par and StoreVirtual iSCSI storage arrays. -[IPFS Volume Plugin](http://github.com/vdemeester/docker-volume-ipfs) | An open source volume plugin that allows using an [ipfs](https://ipfs.io/) filesystem as a volume. -[Keywhiz plugin](https://github.com/calavera/docker-volume-keywhiz) | A plugin that provides credentials and secret management using Keywhiz as a central repository. -[Local Persist Plugin](https://github.com/CWSpear/local-persist) | A volume plugin that extends the default `local` driver's functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to *always persist*, even if the volume is removed via `docker volume rm`. -[NetApp Plugin](https://github.com/NetApp/netappdvp) (nDVP) | A volume plugin that provides direct integration with the Docker ecosystem for the NetApp storage portfolio. The nDVP package supports the provisioning and management of storage resources from the storage platform to Docker hosts, with a robust framework for adding additional platforms in the future. -[Netshare plugin](https://github.com/ContainX/docker-volume-netshare) | A volume plugin that provides volume management for NFS 3/4, AWS EFS and CIFS file systems. -[Nimble Storage Volume Plugin](https://connect.nimblestorage.com/community/app-integration/docker)| A volume plug-in that integrates with Nimble Storage Unified Flash Fabric arrays. The plug-in abstracts array volume capabilities to the Docker administrator to allow self-provisioning of secure multi-tenant volumes and clones. -[OpenStorage Plugin](https://github.com/libopenstorage/openstorage) | A cluster-aware volume plugin that provides volume management for file and block storage solutions. It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few. -[Portworx Volume Plugin](https://github.com/portworx/px-dev) | A volume plugin that turns any server into a scale-out converged compute/storage node, providing container granular storage and highly available volumes across any node, using a shared-nothing storage backend that works with any docker scheduler. -[Quobyte Volume Plugin](https://github.com/quobyte/docker-volume) | A volume plugin that connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform. -[REX-Ray plugin](https://github.com/emccode/rexray) | A volume plugin which is written in Go and provides advanced storage functionality for many platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC. -[Virtuozzo Storage and Ploop plugin](https://github.com/virtuozzo/docker-volume-ploop) | A volume plugin with support for Virtuozzo Storage distributed cloud file system as well as ploop devices. -[VMware vSphere Storage Plugin](https://github.com/vmware/docker-volume-vsphere) | Docker Volume Driver for vSphere enables customers to address persistent storage requirements for Docker containers in vSphere environments. - -### Authorization plugins - - Plugin | Description -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ -[Casbin AuthZ Plugin](https://github.com/casbin/casbin-authz-plugin) | An authorization plugin based on [Casbin](https://github.com/casbin/casbin), which supports access control models like ACL, RBAC, ABAC. The access control model can be customized. The policy can be persisted into file or DB. -[HBM plugin](https://github.com/kassisol/hbm) | An authorization plugin that prevents from executing commands with certains parameters. -[Twistlock AuthZ Broker](https://github.com/twistlock/authz) | A basic extendable authorization plugin that runs directly on the host or inside a container. This plugin allows you to define user policies that it evaluates during authorization. Basic authorization is provided if Docker daemon is started with the --tlsverify flag (username is extracted from the certificate common name). - -## Troubleshooting a plugin - -If you are having problems with Docker after loading a plugin, ask the authors -of the plugin for help. The Docker team may not be able to assist you. - -## Writing a plugin - -If you are interested in writing a plugin for Docker, or seeing how they work -under the hood, see the [docker plugins reference](plugin_api.md). diff --git a/components/engine/docs/extend/plugin_api.md b/components/engine/docs/extend/plugin_api.md deleted file mode 100644 index 693b77a2f3..0000000000 --- a/components/engine/docs/extend/plugin_api.md +++ /dev/null @@ -1,196 +0,0 @@ ---- -title: "Plugins API" -description: "How to write Docker plugins extensions " -keywords: "API, Usage, plugins, documentation, developer" ---- - - - -# Docker Plugin API - -Docker plugins are out-of-process extensions which add capabilities to the -Docker Engine. - -This document describes the Docker Engine plugin API. To view information on -plugins managed by Docker Engine, refer to [Docker Engine plugin system](index.md). - -This page is intended for people who want to develop their own Docker plugin. -If you just want to learn about or use Docker plugins, look -[here](legacy_plugins.md). - -## What plugins are - -A plugin is a process running on the same or a different host as the docker daemon, -which registers itself by placing a file on the same docker host in one of the plugin -directories described in [Plugin discovery](#plugin-discovery). - -Plugins have human-readable names, which are short, lowercase strings. For -example, `flocker` or `weave`. - -Plugins can run inside or outside containers. Currently running them outside -containers is recommended. - -## Plugin discovery - -Docker discovers plugins by looking for them in the plugin directory whenever a -user or container tries to use one by name. - -There are three types of files which can be put in the plugin directory. - -* `.sock` files are UNIX domain sockets. -* `.spec` files are text files containing a URL, such as `unix:///other.sock` or `tcp://localhost:8080`. -* `.json` files are text files containing a full json specification for the plugin. - -Plugins with UNIX domain socket files must run on the same docker host, whereas -plugins with spec or json files can run on a different host if a remote URL is specified. - -UNIX domain socket files must be located under `/run/docker/plugins`, whereas -spec files can be located either under `/etc/docker/plugins` or `/usr/lib/docker/plugins`. - -The name of the file (excluding the extension) determines the plugin name. - -For example, the `flocker` plugin might create a UNIX socket at -`/run/docker/plugins/flocker.sock`. - -You can define each plugin into a separated subdirectory if you want to isolate definitions from each other. -For example, you can create the `flocker` socket under `/run/docker/plugins/flocker/flocker.sock` and only -mount `/run/docker/plugins/flocker` inside the `flocker` container. - -Docker always searches for unix sockets in `/run/docker/plugins` first. It checks for spec or json files under -`/etc/docker/plugins` and `/usr/lib/docker/plugins` if the socket doesn't exist. The directory scan stops as -soon as it finds the first plugin definition with the given name. - -### JSON specification - -This is the JSON format for a plugin: - -```json -{ - "Name": "plugin-example", - "Addr": "https://example.com/docker/plugin", - "TLSConfig": { - "InsecureSkipVerify": false, - "CAFile": "/usr/shared/docker/certs/example-ca.pem", - "CertFile": "/usr/shared/docker/certs/example-cert.pem", - "KeyFile": "/usr/shared/docker/certs/example-key.pem" - } -} -``` - -The `TLSConfig` field is optional and TLS will only be verified if this configuration is present. - -## Plugin lifecycle - -Plugins should be started before Docker, and stopped after Docker. For -example, when packaging a plugin for a platform which supports `systemd`, you -might use [`systemd` dependencies]( -http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Before=) to -manage startup and shutdown order. - -When upgrading a plugin, you should first stop the Docker daemon, upgrade the -plugin, then start Docker again. - -## Plugin activation - -When a plugin is first referred to -- either by a user referring to it by name -(e.g. `docker run --volume-driver=foo`) or a container already configured to -use a plugin being started -- Docker looks for the named plugin in the plugin -directory and activates it with a handshake. See Handshake API below. - -Plugins are *not* activated automatically at Docker daemon startup. Rather, -they are activated only lazily, or on-demand, when they are needed. - -## Systemd socket activation - -Plugins may also be socket activated by `systemd`. The official [Plugins helpers](https://github.com/docker/go-plugins-helpers) -natively supports socket activation. In order for a plugin to be socket activated it needs -a `service` file and a `socket` file. - -The `service` file (for example `/lib/systemd/system/your-plugin.service`): - -``` -[Unit] -Description=Your plugin -Before=docker.service -After=network.target your-plugin.socket -Requires=your-plugin.socket docker.service - -[Service] -ExecStart=/usr/lib/docker/your-plugin - -[Install] -WantedBy=multi-user.target -``` -The `socket` file (for example `/lib/systemd/system/your-plugin.socket`): - -``` -[Unit] -Description=Your plugin - -[Socket] -ListenStream=/run/docker/plugins/your-plugin.sock - -[Install] -WantedBy=sockets.target -``` - -This will allow plugins to be actually started when the Docker daemon connects to -the sockets they're listening on (for instance the first time the daemon uses them -or if one of the plugin goes down accidentally). - -## API design - -The Plugin API is RPC-style JSON over HTTP, much like webhooks. - -Requests flow *from* the Docker daemon *to* the plugin. So the plugin needs to -implement an HTTP server and bind this to the UNIX socket mentioned in the -"plugin discovery" section. - -All requests are HTTP `POST` requests. - -The API is versioned via an Accept header, which currently is always set to -`application/vnd.docker.plugins.v1+json`. - -## Handshake API - -Plugins are activated via the following "handshake" API call. - -### /Plugin.Activate - -**Request:** empty body - -**Response:** -``` -{ - "Implements": ["VolumeDriver"] -} -``` - -Responds with a list of Docker subsystems which this plugin implements. -After activation, the plugin will then be sent events from this subsystem. - -Possible values are: - -* [`authz`](plugins_authorization.md) -* [`NetworkDriver`](plugins_network.md) -* [`VolumeDriver`](plugins_volume.md) - - -## Plugin retries - -Attempts to call a method on a plugin are retried with an exponential backoff -for up to 30 seconds. This may help when packaging plugins as containers, since -it gives plugin containers a chance to start up before failing any user -containers which depend on them. - -## Plugins helpers - -To ease plugins development, we're providing an `sdk` for each kind of plugins -currently supported by Docker at [docker/go-plugins-helpers](https://github.com/docker/go-plugins-helpers). diff --git a/components/engine/docs/extend/plugins_authorization.md b/components/engine/docs/extend/plugins_authorization.md deleted file mode 100644 index ac1837f754..0000000000 --- a/components/engine/docs/extend/plugins_authorization.md +++ /dev/null @@ -1,260 +0,0 @@ ---- -title: "Access authorization plugin" -description: "How to create authorization plugins to manage access control to your Docker daemon." -keywords: "security, authorization, authentication, docker, documentation, plugin, extend" -redirect_from: -- "/engine/extend/authorization/" ---- - - - -# Create an authorization plugin - -This document describes the Docker Engine plugins generally available in Docker -Engine. To view information on plugins managed by Docker Engine, -refer to [Docker Engine plugin system](index.md). - -Docker's out-of-the-box authorization model is all or nothing. Any user with -permission to access the Docker daemon can run any Docker client command. The -same is true for callers using Docker's Engine API to contact the daemon. If you -require greater access control, you can create authorization plugins and add -them to your Docker daemon configuration. Using an authorization plugin, a -Docker administrator can configure granular access policies for managing access -to Docker daemon. - -Anyone with the appropriate skills can develop an authorization plugin. These -skills, at their most basic, are knowledge of Docker, understanding of REST, and -sound programming knowledge. This document describes the architecture, state, -and methods information available to an authorization plugin developer. - -## Basic principles - -Docker's [plugin infrastructure](plugin_api.md) enables -extending Docker by loading, removing and communicating with -third-party components using a generic API. The access authorization subsystem -was built using this mechanism. - -Using this subsystem, you don't need to rebuild the Docker daemon to add an -authorization plugin. You can add a plugin to an installed Docker daemon. You do -need to restart the Docker daemon to add a new plugin. - -An authorization plugin approves or denies requests to the Docker daemon based -on both the current authentication context and the command context. The -authentication context contains all user details and the authentication method. -The command context contains all the relevant request data. - -Authorization plugins must follow the rules described in [Docker Plugin API](plugin_api.md). -Each plugin must reside within directories described under the -[Plugin discovery](plugin_api.md#plugin-discovery) section. - -**Note**: the abbreviations `AuthZ` and `AuthN` mean authorization and authentication -respectively. - -## Default user authorization mechanism - -If TLS is enabled in the [Docker daemon](https://docs.docker.com/engine/security/https/), the default user authorization flow extracts the user details from the certificate subject name. -That is, the `User` field is set to the client certificate subject common name, and the `AuthenticationMethod` field is set to `TLS`. - -## Basic architecture - -You are responsible for registering your plugin as part of the Docker daemon -startup. You can install multiple plugins and chain them together. This chain -can be ordered. Each request to the daemon passes in order through the chain. -Only when all the plugins grant access to the resource, is the access granted. - -When an HTTP request is made to the Docker daemon through the CLI or via the -Engine API, the authentication subsystem passes the request to the installed -authentication plugin(s). The request contains the user (caller) and command -context. The plugin is responsible for deciding whether to allow or deny the -request. - -The sequence diagrams below depict an allow and deny authorization flow: - -![Authorization Allow flow](images/authz_allow.png) - -![Authorization Deny flow](images/authz_deny.png) - -Each request sent to the plugin includes the authenticated user, the HTTP -headers, and the request/response body. Only the user name and the -authentication method used are passed to the plugin. Most importantly, no user -credentials or tokens are passed. Finally, not all request/response bodies -are sent to the authorization plugin. Only those request/response bodies where -the `Content-Type` is either `text/*` or `application/json` are sent. - -For commands that can potentially hijack the HTTP connection (`HTTP -Upgrade`), such as `exec`, the authorization plugin is only called for the -initial HTTP requests. Once the plugin approves the command, authorization is -not applied to the rest of the flow. Specifically, the streaming data is not -passed to the authorization plugins. For commands that return chunked HTTP -response, such as `logs` and `events`, only the HTTP request is sent to the -authorization plugins. - -During request/response processing, some authorization flows might -need to do additional queries to the Docker daemon. To complete such flows, -plugins can call the daemon API similar to a regular user. To enable these -additional queries, the plugin must provide the means for an administrator to -configure proper authentication and security policies. - -## Docker client flows - -To enable and configure the authorization plugin, the plugin developer must -support the Docker client interactions detailed in this section. - -### Setting up Docker daemon - -Enable the authorization plugin with a dedicated command line flag in the -`--authorization-plugin=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID` -value. This value can be the plugin’s socket or a path to a specification file. -Authorization plugins can be loaded without restarting the daemon. Refer -to the [`dockerd` documentation](../reference/commandline/dockerd.md#configuration-reloading) for more information. - -```bash -$ dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,... -``` - -Docker's authorization subsystem supports multiple `--authorization-plugin` parameters. - -### Calling authorized command (allow) - -```bash -$ docker pull centos -... -f1b10cd84249: Pull complete -... -``` - -### Calling unauthorized command (deny) - -```bash -$ docker pull centos -... -docker: Error response from daemon: authorization denied by plugin PLUGIN_NAME: volumes are not allowed. -``` - -### Error from plugins - -```bash -$ docker pull centos -... -docker: Error response from daemon: plugin PLUGIN_NAME failed with error: AuthZPlugin.AuthZReq: Cannot connect to the Docker daemon. Is the docker daemon running on this host?. -``` - -## API schema and implementation - -In addition to Docker's standard plugin registration method, each plugin -should implement the following two methods: - -* `/AuthZPlugin.AuthZReq` This authorize request method is called before the Docker daemon processes the client request. - -* `/AuthZPlugin.AuthZRes` This authorize response method is called before the response is returned from Docker daemon to the client. - -#### /AuthZPlugin.AuthZReq - -**Request**: - -```json -{ - "User": "The user identification", - "UserAuthNMethod": "The authentication method used", - "RequestMethod": "The HTTP method", - "RequestURI": "The HTTP request URI", - "RequestBody": "Byte array containing the raw HTTP request body", - "RequestHeader": "Byte array containing the raw HTTP request header as a map[string][]string " -} -``` - -**Response**: - -```json -{ - "Allow": "Determined whether the user is allowed or not", - "Msg": "The authorization message", - "Err": "The error message if things go wrong" -} -``` -#### /AuthZPlugin.AuthZRes - -**Request**: - -```json -{ - "User": "The user identification", - "UserAuthNMethod": "The authentication method used", - "RequestMethod": "The HTTP method", - "RequestURI": "The HTTP request URI", - "RequestBody": "Byte array containing the raw HTTP request body", - "RequestHeader": "Byte array containing the raw HTTP request header as a map[string][]string", - "ResponseBody": "Byte array containing the raw HTTP response body", - "ResponseHeader": "Byte array containing the raw HTTP response header as a map[string][]string", - "ResponseStatusCode":"Response status code" -} -``` - -**Response**: - -```json -{ - "Allow": "Determined whether the user is allowed or not", - "Msg": "The authorization message", - "Err": "The error message if things go wrong" -} -``` - -### Request authorization - -Each plugin must support two request authorization messages formats, one from the daemon to the plugin and then from the plugin to the daemon. The tables below detail the content expected in each message. - -#### Daemon -> Plugin - -Name | Type | Description ------------------------|-------------------|------------------------------------------------------- -User | string | The user identification -Authentication method | string | The authentication method used -Request method | enum | The HTTP method (GET/DELETE/POST) -Request URI | string | The HTTP request URI including API version (e.g., v.1.17/containers/json) -Request headers | map[string]string | Request headers as key value pairs (without the authorization header) -Request body | []byte | Raw request body - - -#### Plugin -> Daemon - -Name | Type | Description ---------|--------|---------------------------------------------------------------------------------- -Allow | bool | Boolean value indicating whether the request is allowed or denied -Msg | string | Authorization message (will be returned to the client in case the access is denied) -Err | string | Error message (will be returned to the client in case the plugin encounter an error. The string value supplied may appear in logs, so should not include confidential information) - -### Response authorization - -The plugin must support two authorization messages formats, one from the daemon to the plugin and then from the plugin to the daemon. The tables below detail the content expected in each message. - -#### Daemon -> Plugin - - -Name | Type | Description ------------------------ |------------------ |---------------------------------------------------- -User | string | The user identification -Authentication method | string | The authentication method used -Request method | string | The HTTP method (GET/DELETE/POST) -Request URI | string | The HTTP request URI including API version (e.g., v.1.17/containers/json) -Request headers | map[string]string | Request headers as key value pairs (without the authorization header) -Request body | []byte | Raw request body -Response status code | int | Status code from the docker daemon -Response headers | map[string]string | Response headers as key value pairs -Response body | []byte | Raw docker daemon response body - - -#### Plugin -> Daemon - -Name | Type | Description ---------|--------|---------------------------------------------------------------------------------- -Allow | bool | Boolean value indicating whether the response is allowed or denied -Msg | string | Authorization message (will be returned to the client in case the access is denied) -Err | string | Error message (will be returned to the client in case the plugin encounter an error. The string value supplied may appear in logs, so should not include confidential information) diff --git a/components/engine/docs/extend/plugins_graphdriver.md b/components/engine/docs/extend/plugins_graphdriver.md deleted file mode 100644 index c134b1ebc4..0000000000 --- a/components/engine/docs/extend/plugins_graphdriver.md +++ /dev/null @@ -1,403 +0,0 @@ ---- -title: "Graphdriver plugins" -description: "How to manage image and container filesystems with external plugins" -keywords: "Examples, Usage, storage, image, docker, data, graph, plugin, api" -advisory: experimental ---- - - - - -## Changelog - -### 1.13.0 - -- Support v2 plugins - -# Docker graph driver plugins - -Docker graph driver plugins enable admins to use an external/out-of-process -graph driver for use with Docker engine. This is an alternative to using the -built-in storage drivers, such as aufs/overlay/devicemapper/btrfs. - -You need to install and enable the plugin and then restart the Docker daemon -before using the plugin. See the following example for the correct ordering -of steps. - -``` -$ docker plugin install cpuguy83/docker-overlay2-graphdriver-plugin # this command also enables the driver - -$ pkill dockerd -$ dockerd --experimental -s cpuguy83/docker-overlay2-graphdriver-plugin -``` - -# Write a graph driver plugin - -See the [plugin documentation](https://docs.docker.com/engine/extend/) for detailed information -on the underlying plugin protocol. - - -## Graph Driver plugin protocol - -If a plugin registers itself as a `GraphDriver` when activated, then it is -expected to provide the rootfs for containers as well as image layer storage. - -### /GraphDriver.Init - -**Request**: -```json -{ - "Home": "/graph/home/path", - "Opts": [], - "UIDMaps": [], - "GIDMaps": [] -} -``` - -Initialize the graph driver plugin with a home directory and array of options. -These are passed through from the user, but the plugin is not required to parse -or honor them. - -The request also includes a list of UID and GID mappings, structed as follows: -```json -{ - "ContainerID": 0, - "HostID": 0, - "Size": 0 -} -``` - -**Response**: -```json -{ - "Err": "" -} -``` - -Respond with a non-empty string error if an error occurred. - - -### /GraphDriver.Capabilities - -**Request**: -```json -{} -``` - -Get behavioral characteristics of the graph driver. If a plugin does not handle -this request, the engine will use default values for all capabilities. - -**Response**: -```json -{ - "ReproducesExactDiffs": false, -} -``` - -Respond with values of capabilities: - -* **ReproducesExactDiffs** Defaults to false. Flags that this driver is capable -of reproducing exactly equivalent diffs for read-only filesystem layers. - - -### /GraphDriver.Create - -**Request**: -```json -{ - "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", - "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142", - "MountLabel": "", - "StorageOpt": {} -} -``` - -Create a new, empty, read-only filesystem layer with the specified -`ID`, `Parent` and `MountLabel`. If `Parent` is an empty string, there is no -parent layer. `StorageOpt` is map of strings which indicate storage options. - -**Response**: -```json -{ - "Err": "" -} -``` - -Respond with a non-empty string error if an error occurred. - -### /GraphDriver.CreateReadWrite - -**Request**: -```json -{ - "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", - "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142", - "MountLabel": "", - "StorageOpt": {} -} -``` - -Similar to `/GraphDriver.Create` but creates a read-write filesystem layer. - -### /GraphDriver.Remove - -**Request**: -```json -{ - "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187" -} -``` - -Remove the filesystem layer with this given `ID`. - -**Response**: -```json -{ - "Err": "" -} -``` - -Respond with a non-empty string error if an error occurred. - -### /GraphDriver.Get - -**Request**: -```json -{ - "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", - "MountLabel": "" -} -``` - -Get the mountpoint for the layered filesystem referred to by the given `ID`. - -**Response**: -```json -{ - "Dir": "/var/mygraph/46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", - "Err": "" -} -``` - -Respond with the absolute path to the mounted layered filesystem. -Respond with a non-empty string error if an error occurred. - -### /GraphDriver.Put - -**Request**: -```json -{ - "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187" -} -``` - -Release the system resources for the specified `ID`, such as unmounting the -filesystem layer. - -**Response**: -```json -{ - "Err": "" -} -``` - -Respond with a non-empty string error if an error occurred. - -### /GraphDriver.Exists - -**Request**: -```json -{ - "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187" -} -``` - -Determine if a filesystem layer with the specified `ID` exists. - -**Response**: -```json -{ - "Exists": true -} -``` - -Respond with a boolean for whether or not the filesystem layer with the specified -`ID` exists. - -### /GraphDriver.Status - -**Request**: -```json -{} -``` - -Get low-level diagnostic information about the graph driver. - -**Response**: -```json -{ - "Status": [[]] -} -``` - -Respond with a 2-D array with key/value pairs for the underlying status -information. - - -### /GraphDriver.GetMetadata - -**Request**: -```json -{ - "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187" -} -``` - -Get low-level diagnostic information about the layered filesystem with the -with the specified `ID` - -**Response**: -```json -{ - "Metadata": {}, - "Err": "" -} -``` - -Respond with a set of key/value pairs containing the low-level diagnostic -information about the layered filesystem. -Respond with a non-empty string error if an error occurred. - -### /GraphDriver.Cleanup - -**Request**: -```json -{} -``` - -Perform necessary tasks to release resources help by the plugin, such as -unmounting all the layered file systems. - -**Response**: -```json -{ - "Err": "" -} -``` - -Respond with a non-empty string error if an error occurred. - - -### /GraphDriver.Diff - -**Request**: -```json -{ - "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", - "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142" -} -``` - -Get an archive of the changes between the filesystem layers specified by the `ID` -and `Parent`. `Parent` may be an empty string, in which case there is no parent. - -**Response**: -``` -{% raw %} -{{ TAR STREAM }} -{% endraw %} -``` - -### /GraphDriver.Changes - -**Request**: -```json -{ - "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", - "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142" -} -``` - -Get a list of changes between the filesystem layers specified by the `ID` and -`Parent`. If `Parent` is an empty string, there is no parent. - -**Response**: -```json -{ - "Changes": [{}], - "Err": "" -} -``` - -Respond with a list of changes. The structure of a change is: -```json - "Path": "/some/path", - "Kind": 0, -``` - -Where the `Path` is the filesystem path within the layered filesystem that is -changed and `Kind` is an integer specifying the type of change that occurred: - -- 0 - Modified -- 1 - Added -- 2 - Deleted - -Respond with a non-empty string error if an error occurred. - -### /GraphDriver.ApplyDiff - -**Request**: -``` -{% raw %} -{{ TAR STREAM }} -{% endraw %} -``` - -Extract the changeset from the given diff into the layer with the specified `ID` -and `Parent` - -**Query Parameters**: - -- id (required)- the `ID` of the new filesystem layer to extract the diff to -- parent (required)- the `Parent` of the given `ID` - -**Response**: -```json -{ - "Size": 512366, - "Err": "" -} -``` - -Respond with the size of the new layer in bytes. -Respond with a non-empty string error if an error occurred. - -### /GraphDriver.DiffSize - -**Request**: -```json -{ - "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", - "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142" -} -``` - -Calculate the changes between the specified `ID` - -**Response**: -```json -{ - "Size": 512366, - "Err": "" -} -``` - -Respond with the size changes between the specified `ID` and `Parent` -Respond with a non-empty string error if an error occurred. diff --git a/components/engine/docs/extend/plugins_logging.md b/components/engine/docs/extend/plugins_logging.md deleted file mode 100644 index 8f687b4a01..0000000000 --- a/components/engine/docs/extend/plugins_logging.md +++ /dev/null @@ -1,220 +0,0 @@ ---- -title: "Docker log driver plugins" -description: "Log driver plugins." -keywords: "Examples, Usage, plugins, docker, documentation, user guide, logging" ---- - - - -# Logging driver plugins - -This document describes logging driver plugins for Docker. - -Logging drivers enables users to forward container logs to another service for -processing. Docker includes several logging drivers as built-ins, however can -never hope to support all use-cases with built-in drivers. Plugins allow Docker -to support a wide range of logging services without requiring to embed client -libraries for these services in the main Docker codebase. See the -[plugin documentation](legacy_plugins.md) for more information. - -## Create a logging plugin - -The main interface for logging plugins uses the same JSON+HTTP RPC protocol used -by other plugin types. See the -[example](https://github.com/cpuguy83/docker-log-driver-test) plugin for a -reference implementation of a logging plugin. The example wraps the built-in -`jsonfilelog` log driver. - -## LogDriver protocol - -Logging plugins must register as a `LogDriver` during plugin activation. Once -activated users can specify the plugin as a log driver. - -There are two HTTP endpoints that logging plugins must implement: - -### `/LogDriver.StartLogging` - -Signals to the plugin that a container is starting that the plugin should start -receiving logs for. - -Logs will be streamed over the defined file in the request. On Linux this file -is a FIFO. Logging plugins are not currently supported on Windows. - -**Request**: -```json -{ - "File": "/path/to/file/stream", - "Info": { - "ContainerID": "123456" - } -} -``` - -`File` is the path to the log stream that needs to be consumed. Each call to -`StartLogging` should provide a different file path, even if it's a container -that the plugin has already received logs for prior. The file is created by -docker with a randomly generated name. - -`Info` is details about the container that's being logged. This is fairly -free-form, but is defined by the following struct definition: - -```go -type Info struct { - Config map[string]string - ContainerID string - ContainerName string - ContainerEntrypoint string - ContainerArgs []string - ContainerImageID string - ContainerImageName string - ContainerCreated time.Time - ContainerEnv []string - ContainerLabels map[string]string - LogPath string - DaemonName string -} -``` - - -`ContainerID` will always be supplied with this struct, but other fields may be -empty or missing. - -**Response** -```json -{ - "Err": "" -} -``` - -If an error occurred during this request, add an error message to the `Err` field -in the response. If no error then you can either send an empty response (`{}`) -or an empty value for the `Err` field. - -The driver should at this point be consuming log messages from the passed in file. -If messages are unconsumed, it may cause the container to block while trying to -write to its stdio streams. - -Log stream messages are encoded as protocol buffers. The protobuf definitions are -in the -[docker repository](https://github.com/docker/docker/blob/master/api/types/plugins/logdriver/entry.proto). - -Since protocol buffers are not self-delimited you must decode them from the stream -using the following stream format: - -``` -[size][message] -``` - -Where `size` is a 4-byte big endian binary encoded uint32. `size` in this case -defines the size of the next message. `message` is the actual log entry. - -A reference golang implementation of a stream encoder/decoder can be found -[here](https://github.com/docker/docker/blob/master/api/types/plugins/logdriver/io.go) - -### `/LogDriver.StopLogging` - -Signals to the plugin to stop collecting logs from the defined file. -Once a response is received, the file will be removed by Docker. You must make -sure to collect all logs on the stream before responding to this request or risk -losing log data. - -Requests on this endpoint does not mean that the container has been removed -only that it has stopped. - -**Request**: -```json -{ - "File": "/path/to/file/stream" -} -``` - -**Response**: -```json -{ - "Err": "" -} -``` - -If an error occurred during this request, add an error message to the `Err` field -in the response. If no error then you can either send an empty response (`{}`) -or an empty value for the `Err` field. - -## Optional endpoints - -Logging plugins can implement two extra logging endpoints: - -### `/LogDriver.Capabilities` - -Defines the capabilities of the log driver. You must implement this endpoint for -Docker to be able to take advantage of any of the defined capabilities. - -**Request**: -```json -{} -``` - -**Response**: -```json -{ - "ReadLogs": true -} -``` - -Supported capabilities: - -- `ReadLogs` - this tells Docker that the plugin is capable of reading back logs -to clients. Plugins that report that they support `ReadLogs` must implement the -`/LogDriver.ReadLogs` endpoint - -### `/LogDriver.ReadLogs` - -Reads back logs to the client. This is used when `docker logs ` is -called. - -In order for Docker to use this endpoint, the plugin must specify as much when -`/LogDriver.Capabilities` is called. - - -**Request**: -```json -{ - "ReadConfig": {}, - "Info": { - "ContainerID": "123456" - } -} -``` - -`ReadConfig` is the list of options for reading, it is defined with the following -golang struct: - -```go -type ReadConfig struct { - Since time.Time - Tail int - Follow bool -} -``` - -- `Since` defines the oldest log that should be sent. -- `Tail` defines the number of lines to read (e.g. like the command `tail -n 10`) -- `Follow` signals that the client wants to stay attached to receive new log messages -as they come in once the existing logs have been read. - -`Info` is the same type defined in `/LogDriver.StartLogging`. It should be used -to determine what set of logs to read. - -**Response**: -``` -{{ log stream }} -``` - -The response should be the encoded log message using the same format as the -messages that the plugin consumed from Docker. diff --git a/components/engine/docs/extend/plugins_metrics.md b/components/engine/docs/extend/plugins_metrics.md deleted file mode 100644 index a86c7f22d2..0000000000 --- a/components/engine/docs/extend/plugins_metrics.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: "Docker metrics collector plugins" -description: "Metrics plugins." -keywords: "Examples, Usage, plugins, docker, documentation, user guide, metrics" ---- - - - -# Metrics Collector Plugins - -Docker exposes internal metrics based on the prometheus format. Metrics plugins -enable accessing these metrics in a consistent way by providing a Unix -socket at a predefined path where the plugin can scrape the metrics. - -> **Note**: that while the plugin interface for metrics is non-experimental, the naming -of the metrics and metric labels is still considered experimental and may change -in a future version. - -## Creating a metrics plugin - -You must currently set `PropagatedMount` in the plugin `config.json` to -`/run/docker`. This allows the plugin to receive updated mounts -(the bind-mounted socket) from Docker after the plugin is already configured. - -## MetricsCollector protocol - -Metrics plugins must register as implementing the`MetricsCollector` interface -in `config.json`. - -On Unix platforms, the socket is located at `/run/docker/metrics.sock` in the -plugin's rootfs. - -`MetricsCollector` must implement two endpoints: - -### `MetricsCollector.StartMetrics` - -Signals to the plugin that the metrics socket is now available for scraping - -**Request** -```json -{} -``` - -The request has no playload. - -**Response** -```json -{ - "Err": "" -} -``` - -If an error occurred during this request, add an error message to the `Err` field -in the response. If no error then you can either send an empty response (`{}`) -or an empty value for the `Err` field. Errors will only be logged. - -### `MetricsCollector.StopMetrics` - -Signals to the plugin that the metrics socket is no longer available. -This may happen when the daemon is shutting down. - -**Request** -```json -{} -``` - -The request has no playload. - -**Response** -```json -{ - "Err": "" -} -``` - -If an error occurred during this request, add an error message to the `Err` field -in the response. If no error then you can either send an empty response (`{}`) -or an empty value for the `Err` field. Errors will only be logged. diff --git a/components/engine/docs/extend/plugins_network.md b/components/engine/docs/extend/plugins_network.md deleted file mode 100644 index a974862fa6..0000000000 --- a/components/engine/docs/extend/plugins_network.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: "Docker network driver plugins" -description: "Network driver plugins." -keywords: "Examples, Usage, plugins, docker, documentation, user guide" ---- - - - -# Engine network driver plugins - -This document describes Docker Engine network driver plugins generally -available in Docker Engine. To view information on plugins -managed by Docker Engine, refer to [Docker Engine plugin system](index.md). - -Docker Engine network plugins enable Engine deployments to be extended to -support a wide range of networking technologies, such as VXLAN, IPVLAN, MACVLAN -or something completely different. Network driver plugins are supported via the -LibNetwork project. Each plugin is implemented as a "remote driver" for -LibNetwork, which shares plugin infrastructure with Engine. Effectively, network -driver plugins are activated in the same way as other plugins, and use the same -kind of protocol. - -## Network driver plugins and swarm mode - -Docker 1.12 adds support for cluster management and orchestration called -[swarm mode](https://docs.docker.com/engine/swarm/). Docker Engine running in swarm mode currently -only supports the built-in overlay driver for networking. Therefore existing -networking plugins will not work in swarm mode. - -When you run Docker Engine outside of swarm mode, all networking plugins that -worked in Docker 1.11 will continue to function normally. They do not require -any modification. - -## Using network driver plugins - -The means of installing and running a network driver plugin depend on the -particular plugin. So, be sure to install your plugin according to the -instructions obtained from the plugin developer. - -Once running however, network driver plugins are used just like the built-in -network drivers: by being mentioned as a driver in network-oriented Docker -commands. For example, - - $ docker network create --driver weave mynet - -Some network driver plugins are listed in [plugins](legacy_plugins.md) - -The `mynet` network is now owned by `weave`, so subsequent commands -referring to that network will be sent to the plugin, - - $ docker run --network=mynet busybox top - - -## Write a network plugin - -Network plugins implement the [Docker plugin -API](plugin_api.md) and the network plugin protocol - -## Network plugin protocol - -The network driver protocol, in addition to the plugin activation call, is -documented as part of libnetwork: -[https://github.com/docker/libnetwork/blob/master/docs/remote.md](https://github.com/docker/libnetwork/blob/master/docs/remote.md). - -# Related Information - -To interact with the Docker maintainers and other interested users, see the IRC channel `#docker-network`. - -- [Docker networks feature overview](https://docs.docker.com/engine/userguide/networking/) -- The [LibNetwork](https://github.com/docker/libnetwork) project diff --git a/components/engine/docs/extend/plugins_services.md b/components/engine/docs/extend/plugins_services.md deleted file mode 100644 index 79e344f9ce..0000000000 --- a/components/engine/docs/extend/plugins_services.md +++ /dev/null @@ -1,186 +0,0 @@ ---- -description: Using services with plugins -keywords: "API, Usage, plugins, documentation, developer" -title: Plugins and Services ---- - - - -# Using Volume and Network plugins in Docker services - -In swarm mode, it is possible to create a service that allows for attaching -to networks or mounting volumes that are backed by plugins. Swarm schedules -services based on plugin availability on a node. - - -### Volume plugins - -In this example, a volume plugin is installed on a swarm worker and a volume -is created using the plugin. In the manager, a service is created with the -relevant mount options. It can be observed that the service is scheduled to -run on the worker node with the said volume plugin and volume. Note that, -node1 is the manager and node2 is the worker. - -1. Prepare manager. In node 1: - - ```bash - $ docker swarm init - Swarm initialized: current node (dxn1zf6l61qsb1josjja83ngz) is now a manager. - ``` - -2. Join swarm, install plugin and create volume on worker. In node 2: - - ```bash - $ docker swarm join \ - --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \ - 192.168.99.100:2377 - ``` - - ```bash - $ docker plugin install tiborvass/sample-volume-plugin - latest: Pulling from tiborvass/sample-volume-plugin - eb9c16fbdc53: Download complete - Digest: sha256:00b42de88f3a3e0342e7b35fa62394b0a9ceb54d37f4c50be5d3167899994639 - Status: Downloaded newer image for tiborvass/sample-volume-plugin:latest - Installed plugin tiborvass/sample-volume-plugin - ``` - - ```bash - $ docker volume create -d tiborvass/sample-volume-plugin --name pluginVol - ``` - -3. Create a service using the plugin and volume. In node1: - - ```bash - $ docker service create --name my-service --mount type=volume,volume-driver=tiborvass/sample-volume-plugin,source=pluginVol,destination=/tmp busybox top - - $ docker service ls - z1sj8bb8jnfn my-service replicated 1/1 busybox:latest - ``` - docker service ls shows service 1 instance of service running. - -4. Observe the task getting scheduled in node 2: - - ```bash - {% raw %} - $ docker ps --format '{{.ID}}\t {{.Status}} {{.Names}} {{.Command}}' - 83fc1e842599 Up 2 days my-service.1.9jn59qzn7nbc3m0zt1hij12xs "top" - {% endraw %} - ``` - -### Network plugins - -In this example, a global scope network plugin is installed on both the -swarm manager and worker. A service is created with replicated instances -using the installed plugin. We will observe how the availability of the -plugin determines network creation and container scheduling. - -Note that node1 is the manager and node2 is the worker. - - -1. Install a global scoped network plugin on both manager and worker. On node1 - and node2: - - ```bash - $ docker plugin install bboreham/weave2 - Plugin "bboreham/weave2" is requesting the following privileges: - - network: [host] - - capabilities: [CAP_SYS_ADMIN CAP_NET_ADMIN] - Do you grant the above permissions? [y/N] y - latest: Pulling from bboreham/weave2 - 7718f575adf7: Download complete - Digest: sha256:2780330cc15644b60809637ee8bd68b4c85c893d973cb17f2981aabfadfb6d72 - Status: Downloaded newer image for bboreham/weave2:latest - Installed plugin bboreham/weave2 - ``` - -2. Create a network using plugin on manager. On node1: - - ```bash - $ docker network create --driver=bboreham/weave2:latest globalnet - - $ docker network ls - NETWORK ID NAME DRIVER SCOPE - qlj7ueteg6ly globalnet bboreham/weave2:latest swarm - ``` - -3. Create a service on the manager and have replicas set to 8. Observe that -containers get scheduled on both manager and worker. - - On node 1: - - ```bash - $ docker service create --network globalnet --name myservice --replicas=8 mrjana/simpleweb simpleweb -w90drnfzw85nygbie9kb89vpa - ``` - - ```bash - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 87520965206a mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 5 seconds ago Up 4 seconds myservice.4.ytdzpktmwor82zjxkh118uf1v - 15e24de0f7aa mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 5 seconds ago Up 4 seconds myservice.2.kh7a9n3iauq759q9mtxyfs9hp - c8c8f0144cdc mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 5 seconds ago Up 4 seconds myservice.6.sjhpj5gr3xt33e3u2jycoj195 - 2e8e4b2c5c08 mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 5 seconds ago Up 4 seconds myservice.8.2z29zowsghx66u2velublwmrh - ``` - - On node 2: - - ```bash - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 53c0ae7c1dae mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 2 seconds ago Up Less than a second myservice.7.x44tvvdm3iwkt9kif35f7ykz1 - 9b56c627fee0 mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 2 seconds ago Up Less than a second myservice.1.x7n1rm6lltw5gja3ueikze57q - d4f5927ba52c mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 2 seconds ago Up 1 second myservice.5.i97bfo9uc6oe42lymafs9rz6k - 478c0d395bd7 mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 2 seconds ago Up Less than a second myservice.3.yr7nkffa48lff1vrl2r1m1ucs - ``` - -4. Scale down the number of instances. On node1: - - ```bash - $ docker service scale myservice=0 - myservice scaled to 0 - ``` - -5. Disable and uninstall the plugin on the worker. On node2: - - ```bash - $ docker plugin rm -f bboreham/weave2 - bboreham/weave2 - ``` - -6. Scale up the number of instances again. Observe that all containers are -scheduled on the master and not on the worker, because the plugin is not available on the worker anymore. - - On node 1: - - ```bash - $ docker service scale myservice=8 - myservice scaled to 8 - ``` - - ```bash - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - cf4b0ec2415e mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 39 seconds ago Up 36 seconds myservice.3.r7p5o208jmlzpcbm2ytl3q6n1 - 57c64a6a2b88 mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 39 seconds ago Up 36 seconds myservice.4.dwoezsbb02ccstkhlqjy2xe7h - 3ac68cc4e7b8 mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 39 seconds ago Up 35 seconds myservice.5.zx4ezdrm2nwxzkrwnxthv0284 - 006c3cb318fc mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 39 seconds ago Up 36 seconds myservice.8.q0e3umt19y3h3gzo1ty336k5r - dd2ffebde435 mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 39 seconds ago Up 36 seconds myservice.7.a77y3u22prjipnrjg7vzpv3ba - a86c74d8b84b mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 39 seconds ago Up 36 seconds myservice.6.z9nbn14bagitwol1biveeygl7 - 2846a7850ba0 mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 39 seconds ago Up 37 seconds myservice.2.ypufz2eh9fyhppgb89g8wtj76 - e2ec01efcd8a mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 39 seconds ago Up 38 seconds myservice.1.8w7c4ttzr6zcb9sjsqyhwp3yl - ``` - - On node 2: - - ```bash - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - ``` diff --git a/components/engine/docs/extend/plugins_volume.md b/components/engine/docs/extend/plugins_volume.md deleted file mode 100644 index 807ab5a486..0000000000 --- a/components/engine/docs/extend/plugins_volume.md +++ /dev/null @@ -1,360 +0,0 @@ ---- -title: "Volume plugins" -description: "How to manage data with external volume plugins" -keywords: "Examples, Usage, volume, docker, data, volumes, plugin, api" ---- - - - -# Write a volume plugin - -Docker Engine volume plugins enable Engine deployments to be integrated with -external storage systems such as Amazon EBS, and enable data volumes to persist -beyond the lifetime of a single Docker host. See the -[plugin documentation](legacy_plugins.md) for more information. - -## Changelog - -### 1.13.0 - -- If used as part of the v2 plugin architecture, mountpoints that are part of - paths returned by the plugin must be mounted under the directory specified by - `PropagatedMount` in the plugin configuration - ([#26398](https://github.com/docker/docker/pull/26398)) - -### 1.12.0 - -- Add `Status` field to `VolumeDriver.Get` response - ([#21006](https://github.com/docker/docker/pull/21006#)) -- Add `VolumeDriver.Capabilities` to get capabilities of the volume driver - ([#22077](https://github.com/docker/docker/pull/22077)) - -### 1.10.0 - -- Add `VolumeDriver.Get` which gets the details about the volume - ([#16534](https://github.com/docker/docker/pull/16534)) -- Add `VolumeDriver.List` which lists all volumes owned by the driver - ([#16534](https://github.com/docker/docker/pull/16534)) - -### 1.8.0 - -- Initial support for volume driver plugins - ([#14659](https://github.com/docker/docker/pull/14659)) - -## Command-line changes - -To give a container access to a volume, use the `--volume` and `--volume-driver` -flags on the `docker container run` command. The `--volume` (or `-v`) flag -accepts a volume name and path on the host, and the `--volume-driver` flag -accepts a driver type. - -```bash -$ docker volume create --driver=flocker volumename - -$ docker container run -it --volume volumename:/data busybox sh -``` - -### `--volume` - -The `--volume` (or `-v`) flag takes a value that is in the format -`:`. The two parts of the value are -separated by a colon (`:`) character. - -- The volume name is a human-readable name for the volume, and cannot begin with - a `/` character. It is referred to as `volume_name` in the rest of this topic. -- The `Mountpoint` is the path on the host (v1) or in the plugin (v2) where the - volume has been made available. - -### `volumedriver` - -Specifying a `volumedriver` in conjunction with a `volumename` allows you to -use plugins such as [Flocker](https://github.com/ScatterHQ/flocker) to manage -volumes external to a single host, such as those on EBS. - -## Create a VolumeDriver - -The container creation endpoint (`/containers/create`) accepts a `VolumeDriver` -field of type `string` allowing to specify the name of the driver. If not -specified, it defaults to `"local"` (the default driver for local volumes). - -## Volume plugin protocol - -If a plugin registers itself as a `VolumeDriver` when activated, it must -provide the Docker Daemon with writeable paths on the host filesystem. The Docker -daemon provides these paths to containers to consume. The Docker daemon makes -the volumes available by bind-mounting the provided paths into the containers. - -> **Note**: Volume plugins should *not* write data to the `/var/lib/docker/` -> directory, including `/var/lib/docker/volumes`. The `/var/lib/docker/` -> directory is reserved for Docker. - -### `/VolumeDriver.Create` - -**Request**: -```json -{ - "Name": "volume_name", - "Opts": {} -} -``` - -Instruct the plugin that the user wants to create a volume, given a user -specified volume name. The plugin does not need to actually manifest the -volume on the filesystem yet (until `Mount` is called). -`Opts` is a map of driver specific options passed through from the user request. - -**Response**: -```json -{ - "Err": "" -} -``` - -Respond with a string error if an error occurred. - -### `/VolumeDriver.Remove` - -**Request**: -```json -{ - "Name": "volume_name" -} -``` - -Delete the specified volume from disk. This request is issued when a user -invokes `docker rm -v` to remove volumes associated with a container. - -**Response**: -```json -{ - "Err": "" -} -``` - -Respond with a string error if an error occurred. - -### `/VolumeDriver.Mount` - -**Request**: -```json -{ - "Name": "volume_name", - "ID": "b87d7442095999a92b65b3d9691e697b61713829cc0ffd1bb72e4ccd51aa4d6c" -} -``` - -Docker requires the plugin to provide a volume, given a user specified volume -name. `Mount` is called once per container start. If the same `volume_name` is requested -more than once, the plugin may need to keep track of each new mount request and provision -at the first mount request and deprovision at the last corresponding unmount request. - -`ID` is a unique ID for the caller that is requesting the mount. - -**Response**: - -- **v1**: - - ```json - { - "Mountpoint": "/path/to/directory/on/host", - "Err": "" - } - ``` - -- **v2**: - - ```json - { - "Mountpoint": "/path/under/PropagatedMount", - "Err": "" - } - ``` - -`Mountpoint` is the path on the host (v1) or in the plugin (v2) where the volume -has been made available. - -`Err` is either empty or contains an error string. - -### `/VolumeDriver.Path` - -**Request**: - -```json -{ - "Name": "volume_name" -} -``` - -Request the path to the volume with the given `volume_name`. - -**Response**: - -- **v1**: - - ```json - { - "Mountpoin": "/path/to/directory/on/host", - "Err": "" - } - ``` - -- **v2**: - - ```json - { - "Mountpoint": "/path/under/PropagatedMount", - "Err": "" - } - ``` - -Respond with the path on the host (v1) or inside the plugin (v2) where the -volume has been made available, and/or a string error if an error occurred. - -`Mountpoint` is optional. However, the plugin may be queried again later if one -is not provided. - -### `/VolumeDriver.Unmount` - -**Request**: -```json -{ - "Name": "volume_name", - "ID": "b87d7442095999a92b65b3d9691e697b61713829cc0ffd1bb72e4ccd51aa4d6c" -} -``` - -Docker is no longer using the named volume. `Unmount` is called once per -container stop. Plugin may deduce that it is safe to deprovision the volume at -this point. - -`ID` is a unique ID for the caller that is requesting the mount. - -**Response**: -```json -{ - "Err": "" -} -``` - -Respond with a string error if an error occurred. - - -### `/VolumeDriver.Get` - -**Request**: -```json -{ - "Name": "volume_name" -} -``` - -Get info about `volume_name`. - - -**Response**: - -- **v1**: - - ```json - { - "Volume": { - "Name": "volume_name", - "Mountpoint": "/path/to/directory/on/host", - "Status": {} - }, - "Err": "" - } - ``` - -- **v2**: - - ```json - { - "Volume": { - "Name": "volume_name", - "Mountpoint": "/path/under/PropagatedMount", - "Status": {} - }, - "Err": "" - } - ``` - -Respond with a string error if an error occurred. `Mountpoint` and `Status` are -optional. - - -### /VolumeDriver.List - -**Request**: -```json -{} -``` - -Get the list of volumes registered with the plugin. - -**Response**: - -- **v1**: - - ```json - { - "Volumes": [ - { - "Name": "volume_name", - "Mountpoint": "/path/to/directory/on/host" - } - ], - "Err": "" - } - ``` - -- **v2**: - - ```json - { - "Volumes": [ - { - "Name": "volume_name", - "Mountpoint": "/path/under/PropagatedMount" - } - ], - "Err": "" - } - ``` - - -Respond with a string error if an error occurred. `Mountpoint` is optional. - -### /VolumeDriver.Capabilities - -**Request**: -```json -{} -``` - -Get the list of capabilities the driver supports. - -The driver is not required to implement `Capabilities`. If it is not -implemented, the default values are used. - -**Response**: -```json -{ - "Capabilities": { - "Scope": "global" - } -} -``` - -Supported scopes are `global` and `local`. Any other value in `Scope` will be -ignored, and `local` is used. `Scope` allows cluster managers to handle the -volume in different ways. For instance, a scope of `global`, signals to the -cluster manager that it only needs to create the volume once instead of on each -Docker host. More capabilities may be added in the future. diff --git a/components/engine/docs/reference/builder.md b/components/engine/docs/reference/builder.md deleted file mode 100644 index f8ef9cf56b..0000000000 --- a/components/engine/docs/reference/builder.md +++ /dev/null @@ -1,1859 +0,0 @@ ---- -title: "Dockerfile reference" -description: "Dockerfiles use a simple DSL which allows you to automate the steps you would normally manually take to create an image." -keywords: "builder, docker, Dockerfile, automation, image creation" -redirect_from: -- /reference/builder/ ---- - - - -# Dockerfile reference - -Docker can build images automatically by reading the instructions from a -`Dockerfile`. A `Dockerfile` is a text document that contains all the commands a -user could call on the command line to assemble an image. Using `docker build` -users can create an automated build that executes several command-line -instructions in succession. - -This page describes the commands you can use in a `Dockerfile`. When you are -done reading this page, refer to the [`Dockerfile` Best -Practices](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/) for a tip-oriented guide. - -## Usage - -The [`docker build`](commandline/build.md) command builds an image from -a `Dockerfile` and a *context*. The build's context is the files at a specified -location `PATH` or `URL`. The `PATH` is a directory on your local filesystem. -The `URL` is a Git repository location. - -A context is processed recursively. So, a `PATH` includes any subdirectories and -the `URL` includes the repository and its submodules. A simple build command -that uses the current directory as context: - - $ docker build . - Sending build context to Docker daemon 6.51 MB - ... - -The build is run by the Docker daemon, not by the CLI. The first thing a build -process does is send the entire context (recursively) to the daemon. In most -cases, it's best to start with an empty directory as context and keep your -Dockerfile in that directory. Add only the files needed for building the -Dockerfile. - ->**Warning**: Do not use your root directory, `/`, as the `PATH` as it causes ->the build to transfer the entire contents of your hard drive to the Docker ->daemon. - -To use a file in the build context, the `Dockerfile` refers to the file specified -in an instruction, for example, a `COPY` instruction. To increase the build's -performance, exclude files and directories by adding a `.dockerignore` file to -the context directory. For information about how to [create a `.dockerignore` -file](#dockerignore-file) see the documentation on this page. - -Traditionally, the `Dockerfile` is called `Dockerfile` and located in the root -of the context. You use the `-f` flag with `docker build` to point to a Dockerfile -anywhere in your file system. - - $ docker build -f /path/to/a/Dockerfile . - -You can specify a repository and tag at which to save the new image if -the build succeeds: - - $ docker build -t shykes/myapp . - -To tag the image into multiple repositories after the build, -add multiple `-t` parameters when you run the `build` command: - - $ docker build -t shykes/myapp:1.0.2 -t shykes/myapp:latest . - -Before the Docker daemon runs the instructions in the `Dockerfile`, it performs -a preliminary validation of the `Dockerfile` and returns an error if the syntax is incorrect: - - $ docker build -t test/myapp . - Sending build context to Docker daemon 2.048 kB - Error response from daemon: Unknown instruction: RUNCMD - -The Docker daemon runs the instructions in the `Dockerfile` one-by-one, -committing the result of each instruction -to a new image if necessary, before finally outputting the ID of your -new image. The Docker daemon will automatically clean up the context you -sent. - -Note that each instruction is run independently, and causes a new image -to be created - so `RUN cd /tmp` will not have any effect on the next -instructions. - -Whenever possible, Docker will re-use the intermediate images (cache), -to accelerate the `docker build` process significantly. This is indicated by -the `Using cache` message in the console output. -(For more information, see the [Build cache section](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#build-cache) in the -`Dockerfile` best practices guide): - - $ docker build -t svendowideit/ambassador . - Sending build context to Docker daemon 15.36 kB - Step 1/4 : FROM alpine:3.2 - ---> 31f630c65071 - Step 2/4 : MAINTAINER SvenDowideit@home.org.au - ---> Using cache - ---> 2a1c91448f5f - Step 3/4 : RUN apk update && apk add socat && rm -r /var/cache/ - ---> Using cache - ---> 21ed6e7fbb73 - Step 4/4 : CMD env | grep _TCP= | (sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat -t 100000000 TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' && echo wait) | sh - ---> Using cache - ---> 7ea8aef582cc - Successfully built 7ea8aef582cc - -Build cache is only used from images that have a local parent chain. This means -that these images were created by previous builds or the whole chain of images -was loaded with `docker load`. If you wish to use build cache of a specific -image you can specify it with `--cache-from` option. Images specified with -`--cache-from` do not need to have a parent chain and may be pulled from other -registries. - -When you're done with your build, you're ready to look into [*Pushing a -repository to its registry*](https://docs.docker.com/engine/tutorials/dockerrepos/#/contributing-to-docker-hub). - -## Format - -Here is the format of the `Dockerfile`: - -```Dockerfile -# Comment -INSTRUCTION arguments -``` - -The instruction is not case-sensitive. However, convention is for them to -be UPPERCASE to distinguish them from arguments more easily. - - -Docker runs instructions in a `Dockerfile` in order. A `Dockerfile` **must -start with a \`FROM\` instruction**. The `FROM` instruction specifies the [*Base -Image*](glossary.md#base-image) from which you are building. `FROM` may only be -proceeded by one or more `ARG` instructions, which declare arguments that are used -in `FROM` lines in the `Dockerfile`. - -Docker treats lines that *begin* with `#` as a comment, unless the line is -a valid [parser directive](#parser-directives). A `#` marker anywhere -else in a line is treated as an argument. This allows statements like: - -```Dockerfile -# Comment -RUN echo 'we are running some # of cool things' -``` - -Line continuation characters are not supported in comments. - -## Parser directives - -Parser directives are optional, and affect the way in which subsequent lines -in a `Dockerfile` are handled. Parser directives do not add layers to the build, -and will not be shown as a build step. Parser directives are written as a -special type of comment in the form `# directive=value`. A single directive -may only be used once. - -Once a comment, empty line or builder instruction has been processed, Docker -no longer looks for parser directives. Instead it treats anything formatted -as a parser directive as a comment and does not attempt to validate if it might -be a parser directive. Therefore, all parser directives must be at the very -top of a `Dockerfile`. - -Parser directives are not case-sensitive. However, convention is for them to -be lowercase. Convention is also to include a blank line following any -parser directives. Line continuation characters are not supported in parser -directives. - -Due to these rules, the following examples are all invalid: - -Invalid due to line continuation: - -```Dockerfile -# direc \ -tive=value -``` - -Invalid due to appearing twice: - -```Dockerfile -# directive=value1 -# directive=value2 - -FROM ImageName -``` - -Treated as a comment due to appearing after a builder instruction: - -```Dockerfile -FROM ImageName -# directive=value -``` - -Treated as a comment due to appearing after a comment which is not a parser -directive: - -```Dockerfile -# About my dockerfile -# directive=value -FROM ImageName -``` - -The unknown directive is treated as a comment due to not being recognized. In -addition, the known directive is treated as a comment due to appearing after -a comment which is not a parser directive. - -```Dockerfile -# unknowndirective=value -# knowndirective=value -``` - -Non line-breaking whitespace is permitted in a parser directive. Hence, the -following lines are all treated identically: - -```Dockerfile -#directive=value -# directive =value -# directive= value -# directive = value -# dIrEcTiVe=value -``` - -The following parser directive is supported: - -* `escape` - -## escape - - # escape=\ (backslash) - -Or - - # escape=` (backtick) - -The `escape` directive sets the character used to escape characters in a -`Dockerfile`. If not specified, the default escape character is `\`. - -The escape character is used both to escape characters in a line, and to -escape a newline. This allows a `Dockerfile` instruction to -span multiple lines. Note that regardless of whether the `escape` parser -directive is included in a `Dockerfile`, *escaping is not performed in -a `RUN` command, except at the end of a line.* - -Setting the escape character to `` ` `` is especially useful on -`Windows`, where `\` is the directory path separator. `` ` `` is consistent -with [Windows PowerShell](https://technet.microsoft.com/en-us/library/hh847755.aspx). - -Consider the following example which would fail in a non-obvious way on -`Windows`. The second `\` at the end of the second line would be interpreted as an -escape for the newline, instead of a target of the escape from the first `\`. -Similarly, the `\` at the end of the third line would, assuming it was actually -handled as an instruction, cause it be treated as a line continuation. The result -of this dockerfile is that second and third lines are considered a single -instruction: - -```Dockerfile -FROM microsoft/nanoserver -COPY testfile.txt c:\\ -RUN dir c:\ -``` - -Results in: - - PS C:\John> docker build -t cmd . - Sending build context to Docker daemon 3.072 kB - Step 1/2 : FROM microsoft/nanoserver - ---> 22738ff49c6d - Step 2/2 : COPY testfile.txt c:\RUN dir c: - GetFileAttributesEx c:RUN: The system cannot find the file specified. - PS C:\John> - -One solution to the above would be to use `/` as the target of both the `COPY` -instruction, and `dir`. However, this syntax is, at best, confusing as it is not -natural for paths on `Windows`, and at worst, error prone as not all commands on -`Windows` support `/` as the path separator. - -By adding the `escape` parser directive, the following `Dockerfile` succeeds as -expected with the use of natural platform semantics for file paths on `Windows`: - - # escape=` - - FROM microsoft/nanoserver - COPY testfile.txt c:\ - RUN dir c:\ - -Results in: - - PS C:\John> docker build -t succeeds --no-cache=true . - Sending build context to Docker daemon 3.072 kB - Step 1/3 : FROM microsoft/nanoserver - ---> 22738ff49c6d - Step 2/3 : COPY testfile.txt c:\ - ---> 96655de338de - Removing intermediate container 4db9acbb1682 - Step 3/3 : RUN dir c:\ - ---> Running in a2c157f842f5 - Volume in drive C has no label. - Volume Serial Number is 7E6D-E0F7 - - Directory of c:\ - - 10/05/2016 05:04 PM 1,894 License.txt - 10/05/2016 02:22 PM

Program Files - 10/05/2016 02:14 PM Program Files (x86) - 10/28/2016 11:18 AM 62 testfile.txt - 10/28/2016 11:20 AM Users - 10/28/2016 11:20 AM Windows - 2 File(s) 1,956 bytes - 4 Dir(s) 21,259,096,064 bytes free - ---> 01c7f3bef04f - Removing intermediate container a2c157f842f5 - Successfully built 01c7f3bef04f - PS C:\John> - -## Environment replacement - -Environment variables (declared with [the `ENV` statement](#env)) can also be -used in certain instructions as variables to be interpreted by the -`Dockerfile`. Escapes are also handled for including variable-like syntax -into a statement literally. - -Environment variables are notated in the `Dockerfile` either with -`$variable_name` or `${variable_name}`. They are treated equivalently and the -brace syntax is typically used to address issues with variable names with no -whitespace, like `${foo}_bar`. - -The `${variable_name}` syntax also supports a few of the standard `bash` -modifiers as specified below: - -* `${variable:-word}` indicates that if `variable` is set then the result - will be that value. If `variable` is not set then `word` will be the result. -* `${variable:+word}` indicates that if `variable` is set then `word` will be - the result, otherwise the result is the empty string. - -In all cases, `word` can be any string, including additional environment -variables. - -Escaping is possible by adding a `\` before the variable: `\$foo` or `\${foo}`, -for example, will translate to `$foo` and `${foo}` literals respectively. - -Example (parsed representation is displayed after the `#`): - - FROM busybox - ENV foo /bar - WORKDIR ${foo} # WORKDIR /bar - ADD . $foo # ADD . /bar - COPY \$foo /quux # COPY $foo /quux - -Environment variables are supported by the following list of instructions in -the `Dockerfile`: - -* `ADD` -* `COPY` -* `ENV` -* `EXPOSE` -* `FROM` -* `LABEL` -* `STOPSIGNAL` -* `USER` -* `VOLUME` -* `WORKDIR` - -as well as: - -* `ONBUILD` (when combined with one of the supported instructions above) - -> **Note**: -> prior to 1.4, `ONBUILD` instructions did **NOT** support environment -> variable, even when combined with any of the instructions listed above. - -Environment variable substitution will use the same value for each variable -throughout the entire instruction. In other words, in this example: - - ENV abc=hello - ENV abc=bye def=$abc - ENV ghi=$abc - -will result in `def` having a value of `hello`, not `bye`. However, -`ghi` will have a value of `bye` because it is not part of the same instruction -that set `abc` to `bye`. - -## .dockerignore file - -Before the docker CLI sends the context to the docker daemon, it looks -for a file named `.dockerignore` in the root directory of the context. -If this file exists, the CLI modifies the context to exclude files and -directories that match patterns in it. This helps to avoid -unnecessarily sending large or sensitive files and directories to the -daemon and potentially adding them to images using `ADD` or `COPY`. - -The CLI interprets the `.dockerignore` file as a newline-separated -list of patterns similar to the file globs of Unix shells. For the -purposes of matching, the root of the context is considered to be both -the working and the root directory. For example, the patterns -`/foo/bar` and `foo/bar` both exclude a file or directory named `bar` -in the `foo` subdirectory of `PATH` or in the root of the git -repository located at `URL`. Neither excludes anything else. - -If a line in `.dockerignore` file starts with `#` in column 1, then this line is -considered as a comment and is ignored before interpreted by the CLI. - -Here is an example `.dockerignore` file: - -``` -# comment -*/temp* -*/*/temp* -temp? -``` - -This file causes the following build behavior: - -| Rule | Behavior | -|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `# comment` | Ignored. | -| `*/temp*` | Exclude files and directories whose names start with `temp` in any immediate subdirectory of the root. For example, the plain file `/somedir/temporary.txt` is excluded, as is the directory `/somedir/temp`. | -| `*/*/temp*` | Exclude files and directories starting with `temp` from any subdirectory that is two levels below the root. For example, `/somedir/subdir/temporary.txt` is excluded. | -| `temp?` | Exclude files and directories in the root directory whose names are a one-character extension of `temp`. For example, `/tempa` and `/tempb` are excluded. - - -Matching is done using Go's -[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. A -preprocessing step removes leading and trailing whitespace and -eliminates `.` and `..` elements using Go's -[filepath.Clean](http://golang.org/pkg/path/filepath/#Clean). Lines -that are blank after preprocessing are ignored. - -Beyond Go's filepath.Match rules, Docker also supports a special -wildcard string `**` that matches any number of directories (including -zero). For example, `**/*.go` will exclude all files that end with `.go` -that are found in all directories, including the root of the build context. - -Lines starting with `!` (exclamation mark) can be used to make exceptions -to exclusions. The following is an example `.dockerignore` file that -uses this mechanism: - -``` - *.md - !README.md -``` - -All markdown files *except* `README.md` are excluded from the context. - -The placement of `!` exception rules influences the behavior: the last -line of the `.dockerignore` that matches a particular file determines -whether it is included or excluded. Consider the following example: - -``` - *.md - !README*.md - README-secret.md -``` - -No markdown files are included in the context except README files other than -`README-secret.md`. - -Now consider this example: - -``` - *.md - README-secret.md - !README*.md -``` - -All of the README files are included. The middle line has no effect because -`!README*.md` matches `README-secret.md` and comes last. - -You can even use the `.dockerignore` file to exclude the `Dockerfile` -and `.dockerignore` files. These files are still sent to the daemon -because it needs them to do its job. But the `ADD` and `COPY` instructions -do not copy them to the image. - -Finally, you may want to specify which files to include in the -context, rather than which to exclude. To achieve this, specify `*` as -the first pattern, followed by one or more `!` exception patterns. - -**Note**: For historical reasons, the pattern `.` is ignored. - -## FROM - - FROM [AS ] - -Or - - FROM [:] [AS ] - -Or - - FROM [@] [AS ] - -The `FROM` instruction initializes a new build stage and sets the -[*Base Image*](glossary.md#base-image) for subsequent instructions. As such, a -valid `Dockerfile` must start with a `FROM` instruction. The image can be -any valid image – it is especially easy to start by **pulling an image** from -the [*Public Repositories*](https://docs.docker.com/engine/tutorials/dockerrepos/). - -- `ARG` is the only instruction that may proceed `FROM` in the `Dockerfile`. - See [Understand how ARG and FROM interact](#understand-how-arg-and-from-interact). - -- `FROM` can appear multiple times within a single `Dockerfile` to - create multiple images or use one build stage as a dependency for another. - Simply make a note of the last image ID output by the commit before each new - `FROM` instruction. Each `FROM` instruction clears any state created by previous - instructions. - -- Optionally a name can be given to a new build stage by adding `AS name` to the - `FROM` instruction. The name can be used in subsequent `FROM` and - `COPY --from=` instructions to refer to the image built in this stage. - -- The `tag` or `digest` values are optional. If you omit either of them, the - builder assumes a `latest` tag by default. The builder returns an error if it - cannot find the `tag` value. - -### Understand how ARG and FROM interact - -`FROM` instructions support variables that are declared by any `ARG` -instructions that occur before the first `FROM`. - -```Dockerfile -ARG CODE_VERSION=latest -FROM base:${CODE_VERSION} -CMD /code/run-app - -FROM extras:${CODE_VERSION} -CMD /code/run-extras -``` - -To use the default value of an `ARG` declared before the first `FROM` use an -`ARG` instruction without a value: - -```Dockerfile -ARG SETTINGS=default - -FROM busybox -ARG SETTINGS - -``` - -## RUN - -RUN has 2 forms: - -- `RUN ` (*shell* form, the command is run in a shell, which by -default is `/bin/sh -c` on Linux or `cmd /S /C` on Windows) -- `RUN ["executable", "param1", "param2"]` (*exec* form) - -The `RUN` instruction will execute any commands in a new layer on top of the -current image and commit the results. The resulting committed image will be -used for the next step in the `Dockerfile`. - -Layering `RUN` instructions and generating commits conforms to the core -concepts of Docker where commits are cheap and containers can be created from -any point in an image's history, much like source control. - -The *exec* form makes it possible to avoid shell string munging, and to `RUN` -commands using a base image that does not contain the specified shell executable. - -The default shell for the *shell* form can be changed using the `SHELL` -command. - -In the *shell* form you can use a `\` (backslash) to continue a single -RUN instruction onto the next line. For example, consider these two lines: - -``` -RUN /bin/bash -c 'source $HOME/.bashrc; \ -echo $HOME' -``` -Together they are equivalent to this single line: - -``` -RUN /bin/bash -c 'source $HOME/.bashrc; echo $HOME' -``` - -> **Note**: -> To use a different shell, other than '/bin/sh', use the *exec* form -> passing in the desired shell. For example, -> `RUN ["/bin/bash", "-c", "echo hello"]` - -> **Note**: -> The *exec* form is parsed as a JSON array, which means that -> you must use double-quotes (") around words not single-quotes ('). - -> **Note**: -> Unlike the *shell* form, the *exec* form does not invoke a command shell. -> This means that normal shell processing does not happen. For example, -> `RUN [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`. -> If you want shell processing then either use the *shell* form or execute -> a shell directly, for example: `RUN [ "sh", "-c", "echo $HOME" ]`. -> When using the exec form and executing a shell directly, as in the case for -> the shell form, it is the shell that is doing the environment variable -> expansion, not docker. -> -> **Note**: -> In the *JSON* form, it is necessary to escape backslashes. This is -> particularly relevant on Windows where the backslash is the path separator. -> The following line would otherwise be treated as *shell* form due to not -> being valid JSON, and fail in an unexpected way: -> `RUN ["c:\windows\system32\tasklist.exe"]` -> The correct syntax for this example is: -> `RUN ["c:\\windows\\system32\\tasklist.exe"]` - -The cache for `RUN` instructions isn't invalidated automatically during -the next build. The cache for an instruction like -`RUN apt-get dist-upgrade -y` will be reused during the next build. The -cache for `RUN` instructions can be invalidated by using the `--no-cache` -flag, for example `docker build --no-cache`. - -See the [`Dockerfile` Best Practices -guide](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#/build-cache) for more information. - -The cache for `RUN` instructions can be invalidated by `ADD` instructions. See -[below](#add) for details. - -### Known issues (RUN) - -- [Issue 783](https://github.com/docker/docker/issues/783) is about file - permissions problems that can occur when using the AUFS file system. You - might notice it during an attempt to `rm` a file, for example. - - For systems that have recent aufs version (i.e., `dirperm1` mount option can - be set), docker will attempt to fix the issue automatically by mounting - the layers with `dirperm1` option. More details on `dirperm1` option can be - found at [`aufs` man page](https://github.com/sfjro/aufs3-linux/tree/aufs3.18/Documentation/filesystems/aufs) - - If your system doesn't have support for `dirperm1`, the issue describes a workaround. - -## CMD - -The `CMD` instruction has three forms: - -- `CMD ["executable","param1","param2"]` (*exec* form, this is the preferred form) -- `CMD ["param1","param2"]` (as *default parameters to ENTRYPOINT*) -- `CMD command param1 param2` (*shell* form) - -There can only be one `CMD` instruction in a `Dockerfile`. If you list more than one `CMD` -then only the last `CMD` will take effect. - -**The main purpose of a `CMD` is to provide defaults for an executing -container.** These defaults can include an executable, or they can omit -the executable, in which case you must specify an `ENTRYPOINT` -instruction as well. - -> **Note**: -> If `CMD` is used to provide default arguments for the `ENTRYPOINT` -> instruction, both the `CMD` and `ENTRYPOINT` instructions should be specified -> with the JSON array format. - -> **Note**: -> The *exec* form is parsed as a JSON array, which means that -> you must use double-quotes (") around words not single-quotes ('). - -> **Note**: -> Unlike the *shell* form, the *exec* form does not invoke a command shell. -> This means that normal shell processing does not happen. For example, -> `CMD [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`. -> If you want shell processing then either use the *shell* form or execute -> a shell directly, for example: `CMD [ "sh", "-c", "echo $HOME" ]`. -> When using the exec form and executing a shell directly, as in the case for -> the shell form, it is the shell that is doing the environment variable -> expansion, not docker. - -When used in the shell or exec formats, the `CMD` instruction sets the command -to be executed when running the image. - -If you use the *shell* form of the `CMD`, then the `` will execute in -`/bin/sh -c`: - - FROM ubuntu - CMD echo "This is a test." | wc - - -If you want to **run your** `` **without a shell** then you must -express the command as a JSON array and give the full path to the executable. -**This array form is the preferred format of `CMD`.** Any additional parameters -must be individually expressed as strings in the array: - - FROM ubuntu - CMD ["/usr/bin/wc","--help"] - -If you would like your container to run the same executable every time, then -you should consider using `ENTRYPOINT` in combination with `CMD`. See -[*ENTRYPOINT*](#entrypoint). - -If the user specifies arguments to `docker run` then they will override the -default specified in `CMD`. - -> **Note**: -> Don't confuse `RUN` with `CMD`. `RUN` actually runs a command and commits -> the result; `CMD` does not execute anything at build time, but specifies -> the intended command for the image. - -## LABEL - - LABEL = = = ... - -The `LABEL` instruction adds metadata to an image. A `LABEL` is a -key-value pair. To include spaces within a `LABEL` value, use quotes and -backslashes as you would in command-line parsing. A few usage examples: - - LABEL "com.example.vendor"="ACME Incorporated" - LABEL com.example.label-with-value="foo" - LABEL version="1.0" - LABEL description="This text illustrates \ - that label-values can span multiple lines." - -An image can have more than one label. To specify multiple labels, -Docker recommends combining labels into a single `LABEL` instruction where -possible. Each `LABEL` instruction produces a new layer which can result in an -inefficient image if you use many labels. This example results in a single image -layer. - - LABEL multi.label1="value1" multi.label2="value2" other="value3" - -The above can also be written as: - - LABEL multi.label1="value1" \ - multi.label2="value2" \ - other="value3" - -Labels are additive including `LABEL`s in `FROM` images. If Docker -encounters a label/key that already exists, the new value overrides any previous -labels with identical keys. - -To view an image's labels, use the `docker inspect` command. - - "Labels": { - "com.example.vendor": "ACME Incorporated" - "com.example.label-with-value": "foo", - "version": "1.0", - "description": "This text illustrates that label-values can span multiple lines.", - "multi.label1": "value1", - "multi.label2": "value2", - "other": "value3" - }, - -## MAINTAINER (deprecated) - - MAINTAINER - -The `MAINTAINER` instruction sets the *Author* field of the generated images. -The `LABEL` instruction is a much more flexible version of this and you should use -it instead, as it enables setting any metadata you require, and can be viewed -easily, for example with `docker inspect`. To set a label corresponding to the -`MAINTAINER` field you could use: - - LABEL maintainer="SvenDowideit@home.org.au" - -This will then be visible from `docker inspect` with the other labels. - -## EXPOSE - - EXPOSE [...] - -The `EXPOSE` instruction informs Docker that the container listens on the -specified network ports at runtime. `EXPOSE` does not make the ports of the -container accessible to the host. To do that, you must use either the `-p` flag -to publish a range of ports or the `-P` flag to publish all of the exposed -ports. You can expose one port number and publish it externally under another -number. - -To set up port redirection on the host system, see [using the -P -flag](run.md#expose-incoming-ports). The Docker network feature supports -creating networks without the need to expose ports within the network, for -detailed information see the [overview of this -feature](https://docs.docker.com/engine/userguide/networking/)). - -## ENV - - ENV - ENV = ... - -The `ENV` instruction sets the environment variable `` to the value -``. This value will be in the environment of all "descendant" -`Dockerfile` commands and can be [replaced inline](#environment-replacement) in -many as well. - -The `ENV` instruction has two forms. The first form, `ENV `, -will set a single variable to a value. The entire string after the first -space will be treated as the `` - including characters such as -spaces and quotes. - -The second form, `ENV = ...`, allows for multiple variables to -be set at one time. Notice that the second form uses the equals sign (=) -in the syntax, while the first form does not. Like command line parsing, -quotes and backslashes can be used to include spaces within values. - -For example: - - ENV myName="John Doe" myDog=Rex\ The\ Dog \ - myCat=fluffy - -and - - ENV myName John Doe - ENV myDog Rex The Dog - ENV myCat fluffy - -will yield the same net results in the final image, but the first form -is preferred because it produces a single cache layer. - -The environment variables set using `ENV` will persist when a container is run -from the resulting image. You can view the values using `docker inspect`, and -change them using `docker run --env =`. - -> **Note**: -> Environment persistence can cause unexpected side effects. For example, -> setting `ENV DEBIAN_FRONTEND noninteractive` may confuse apt-get -> users on a Debian-based image. To set a value for a single command, use -> `RUN = `. - -## ADD - -ADD has two forms: - -- `ADD ... ` -- `ADD ["",... ""]` (this form is required for paths containing -whitespace) - -The `ADD` instruction copies new files, directories or remote file URLs from `` -and adds them to the filesystem of the image at the path ``. - -Multiple `` resource may be specified but if they are files or -directories then they must be relative to the source directory that is -being built (the context of the build). - -Each `` may contain wildcards and matching will be done using Go's -[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. For example: - - ADD hom* /mydir/ # adds all files starting with "hom" - ADD hom?.txt /mydir/ # ? is replaced with any single character, e.g., "home.txt" - -The `` is an absolute path, or a path relative to `WORKDIR`, into which -the source will be copied inside the destination container. - - ADD test relativeDir/ # adds "test" to `WORKDIR`/relativeDir/ - ADD test /absoluteDir/ # adds "test" to /absoluteDir/ - -When adding files or directories that contain special characters (such as `[` -and `]`), you need to escape those paths following the Golang rules to prevent -them from being treated as a matching pattern. For example, to add a file -named `arr[0].txt`, use the following; - - ADD arr[[]0].txt /mydir/ # copy a file named "arr[0].txt" to /mydir/ - - -All new files and directories are created with a UID and GID of 0. - -In the case where `` is a remote file URL, the destination will -have permissions of 600. If the remote file being retrieved has an HTTP -`Last-Modified` header, the timestamp from that header will be used -to set the `mtime` on the destination file. However, like any other file -processed during an `ADD`, `mtime` will not be included in the determination -of whether or not the file has changed and the cache should be updated. - -> **Note**: -> If you build by passing a `Dockerfile` through STDIN (`docker -> build - < somefile`), there is no build context, so the `Dockerfile` -> can only contain a URL based `ADD` instruction. You can also pass a -> compressed archive through STDIN: (`docker build - < archive.tar.gz`), -> the `Dockerfile` at the root of the archive and the rest of the -> archive will be used as the context of the build. - -> **Note**: -> If your URL files are protected using authentication, you -> will need to use `RUN wget`, `RUN curl` or use another tool from -> within the container as the `ADD` instruction does not support -> authentication. - -> **Note**: -> The first encountered `ADD` instruction will invalidate the cache for all -> following instructions from the Dockerfile if the contents of `` have -> changed. This includes invalidating the cache for `RUN` instructions. -> See the [`Dockerfile` Best Practices -guide](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#/build-cache) for more information. - - -`ADD` obeys the following rules: - -- The `` path must be inside the *context* of the build; - you cannot `ADD ../something /something`, because the first step of a - `docker build` is to send the context directory (and subdirectories) to the - docker daemon. - -- If `` is a URL and `` does not end with a trailing slash, then a - file is downloaded from the URL and copied to ``. - -- If `` is a URL and `` does end with a trailing slash, then the - filename is inferred from the URL and the file is downloaded to - `/`. For instance, `ADD http://example.com/foobar /` would - create the file `/foobar`. The URL must have a nontrivial path so that an - appropriate filename can be discovered in this case (`http://example.com` - will not work). - -- If `` is a directory, the entire contents of the directory are copied, - including filesystem metadata. - -> **Note**: -> The directory itself is not copied, just its contents. - -- If `` is a *local* tar archive in a recognized compression format - (identity, gzip, bzip2 or xz) then it is unpacked as a directory. Resources - from *remote* URLs are **not** decompressed. When a directory is copied or - unpacked, it has the same behavior as `tar -x`, the result is the union of: - - 1. Whatever existed at the destination path and - 2. The contents of the source tree, with conflicts resolved in favor - of "2." on a file-by-file basis. - - > **Note**: - > Whether a file is identified as a recognized compression format or not - > is done solely based on the contents of the file, not the name of the file. - > For example, if an empty file happens to end with `.tar.gz` this will not - > be recognized as a compressed file and **will not** generate any kind of - > decompression error message, rather the file will simply be copied to the - > destination. - -- If `` is any other kind of file, it is copied individually along with - its metadata. In this case, if `` ends with a trailing slash `/`, it - will be considered a directory and the contents of `` will be written - at `/base()`. - -- If multiple `` resources are specified, either directly or due to the - use of a wildcard, then `` must be a directory, and it must end with - a slash `/`. - -- If `` does not end with a trailing slash, it will be considered a - regular file and the contents of `` will be written at ``. - -- If `` doesn't exist, it is created along with all missing directories - in its path. - -## COPY - -COPY has two forms: - -- `COPY ... ` -- `COPY ["",... ""]` (this form is required for paths containing -whitespace) - -The `COPY` instruction copies new files or directories from `` -and adds them to the filesystem of the container at the path ``. - -Multiple `` resource may be specified but they must be relative -to the source directory that is being built (the context of the build). - -Each `` may contain wildcards and matching will be done using Go's -[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. For example: - - COPY hom* /mydir/ # adds all files starting with "hom" - COPY hom?.txt /mydir/ # ? is replaced with any single character, e.g., "home.txt" - -The `` is an absolute path, or a path relative to `WORKDIR`, into which -the source will be copied inside the destination container. - - COPY test relativeDir/ # adds "test" to `WORKDIR`/relativeDir/ - COPY test /absoluteDir/ # adds "test" to /absoluteDir/ - - -When copying files or directories that contain special characters (such as `[` -and `]`), you need to escape those paths following the Golang rules to prevent -them from being treated as a matching pattern. For example, to copy a file -named `arr[0].txt`, use the following; - - COPY arr[[]0].txt /mydir/ # copy a file named "arr[0].txt" to /mydir/ - -All new files and directories are created with a UID and GID of 0. - -> **Note**: -> If you build using STDIN (`docker build - < somefile`), there is no -> build context, so `COPY` can't be used. - -Optionally `COPY` accepts a flag `--from=` that can be used to set -the source location to a previous build stage (created with `FROM .. AS `) -that will be used instead of a build context sent by the user. The flag also -accepts a numeric index assigned for all previous build stages started with -`FROM` instruction. In case a build stage with a specified name can't be found an -image with the same name is attempted to be used instead. - -`COPY` obeys the following rules: - -- The `` path must be inside the *context* of the build; - you cannot `COPY ../something /something`, because the first step of a - `docker build` is to send the context directory (and subdirectories) to the - docker daemon. - -- If `` is a directory, the entire contents of the directory are copied, - including filesystem metadata. - -> **Note**: -> The directory itself is not copied, just its contents. - -- If `` is any other kind of file, it is copied individually along with - its metadata. In this case, if `` ends with a trailing slash `/`, it - will be considered a directory and the contents of `` will be written - at `/base()`. - -- If multiple `` resources are specified, either directly or due to the - use of a wildcard, then `` must be a directory, and it must end with - a slash `/`. - -- If `` does not end with a trailing slash, it will be considered a - regular file and the contents of `` will be written at ``. - -- If `` doesn't exist, it is created along with all missing directories - in its path. - -## ENTRYPOINT - -ENTRYPOINT has two forms: - -- `ENTRYPOINT ["executable", "param1", "param2"]` - (*exec* form, preferred) -- `ENTRYPOINT command param1 param2` - (*shell* form) - -An `ENTRYPOINT` allows you to configure a container that will run as an executable. - -For example, the following will start nginx with its default content, listening -on port 80: - - docker run -i -t --rm -p 80:80 nginx - -Command line arguments to `docker run ` will be appended after all -elements in an *exec* form `ENTRYPOINT`, and will override all elements specified -using `CMD`. -This allows arguments to be passed to the entry point, i.e., `docker run -d` -will pass the `-d` argument to the entry point. -You can override the `ENTRYPOINT` instruction using the `docker run --entrypoint` -flag. - -The *shell* form prevents any `CMD` or `run` command line arguments from being -used, but has the disadvantage that your `ENTRYPOINT` will be started as a -subcommand of `/bin/sh -c`, which does not pass signals. -This means that the executable will not be the container's `PID 1` - and -will _not_ receive Unix signals - so your executable will not receive a -`SIGTERM` from `docker stop `. - -Only the last `ENTRYPOINT` instruction in the `Dockerfile` will have an effect. - -### Exec form ENTRYPOINT example - -You can use the *exec* form of `ENTRYPOINT` to set fairly stable default commands -and arguments and then use either form of `CMD` to set additional defaults that -are more likely to be changed. - - FROM ubuntu - ENTRYPOINT ["top", "-b"] - CMD ["-c"] - -When you run the container, you can see that `top` is the only process: - - $ docker run -it --rm --name test top -H - top - 08:25:00 up 7:27, 0 users, load average: 0.00, 0.01, 0.05 - Threads: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - %Cpu(s): 0.1 us, 0.1 sy, 0.0 ni, 99.7 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st - KiB Mem: 2056668 total, 1616832 used, 439836 free, 99352 buffers - KiB Swap: 1441840 total, 0 used, 1441840 free. 1324440 cached Mem - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 19744 2336 2080 R 0.0 0.1 0:00.04 top - -To examine the result further, you can use `docker exec`: - - $ docker exec -it test ps aux - USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND - root 1 2.6 0.1 19752 2352 ? Ss+ 08:24 0:00 top -b -H - root 7 0.0 0.1 15572 2164 ? R+ 08:25 0:00 ps aux - -And you can gracefully request `top` to shut down using `docker stop test`. - -The following `Dockerfile` shows using the `ENTRYPOINT` to run Apache in the -foreground (i.e., as `PID 1`): - -``` -FROM debian:stable -RUN apt-get update && apt-get install -y --force-yes apache2 -EXPOSE 80 443 -VOLUME ["/var/www", "/var/log/apache2", "/etc/apache2"] -ENTRYPOINT ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"] -``` - -If you need to write a starter script for a single executable, you can ensure that -the final executable receives the Unix signals by using `exec` and `gosu` -commands: - -```bash -#!/usr/bin/env bash -set -e - -if [ "$1" = 'postgres' ]; then - chown -R postgres "$PGDATA" - - if [ -z "$(ls -A "$PGDATA")" ]; then - gosu postgres initdb - fi - - exec gosu postgres "$@" -fi - -exec "$@" -``` - -Lastly, if you need to do some extra cleanup (or communicate with other containers) -on shutdown, or are co-ordinating more than one executable, you may need to ensure -that the `ENTRYPOINT` script receives the Unix signals, passes them on, and then -does some more work: - -``` -#!/bin/sh -# Note: I've written this using sh so it works in the busybox container too - -# USE the trap if you need to also do manual cleanup after the service is stopped, -# or need to start multiple services in the one container -trap "echo TRAPed signal" HUP INT QUIT TERM - -# start service in background here -/usr/sbin/apachectl start - -echo "[hit enter key to exit] or run 'docker stop '" -read - -# stop service and clean up here -echo "stopping apache" -/usr/sbin/apachectl stop - -echo "exited $0" -``` - -If you run this image with `docker run -it --rm -p 80:80 --name test apache`, -you can then examine the container's processes with `docker exec`, or `docker top`, -and then ask the script to stop Apache: - -```bash -$ docker exec -it test ps aux -USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND -root 1 0.1 0.0 4448 692 ? Ss+ 00:42 0:00 /bin/sh /run.sh 123 cmd cmd2 -root 19 0.0 0.2 71304 4440 ? Ss 00:42 0:00 /usr/sbin/apache2 -k start -www-data 20 0.2 0.2 360468 6004 ? Sl 00:42 0:00 /usr/sbin/apache2 -k start -www-data 21 0.2 0.2 360468 6000 ? Sl 00:42 0:00 /usr/sbin/apache2 -k start -root 81 0.0 0.1 15572 2140 ? R+ 00:44 0:00 ps aux -$ docker top test -PID USER COMMAND -10035 root {run.sh} /bin/sh /run.sh 123 cmd cmd2 -10054 root /usr/sbin/apache2 -k start -10055 33 /usr/sbin/apache2 -k start -10056 33 /usr/sbin/apache2 -k start -$ /usr/bin/time docker stop test -test -real 0m 0.27s -user 0m 0.03s -sys 0m 0.03s -``` - -> **Note:** you can override the `ENTRYPOINT` setting using `--entrypoint`, -> but this can only set the binary to *exec* (no `sh -c` will be used). - -> **Note**: -> The *exec* form is parsed as a JSON array, which means that -> you must use double-quotes (") around words not single-quotes ('). - -> **Note**: -> Unlike the *shell* form, the *exec* form does not invoke a command shell. -> This means that normal shell processing does not happen. For example, -> `ENTRYPOINT [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`. -> If you want shell processing then either use the *shell* form or execute -> a shell directly, for example: `ENTRYPOINT [ "sh", "-c", "echo $HOME" ]`. -> When using the exec form and executing a shell directly, as in the case for -> the shell form, it is the shell that is doing the environment variable -> expansion, not docker. - -### Shell form ENTRYPOINT example - -You can specify a plain string for the `ENTRYPOINT` and it will execute in `/bin/sh -c`. -This form will use shell processing to substitute shell environment variables, -and will ignore any `CMD` or `docker run` command line arguments. -To ensure that `docker stop` will signal any long running `ENTRYPOINT` executable -correctly, you need to remember to start it with `exec`: - - FROM ubuntu - ENTRYPOINT exec top -b - -When you run this image, you'll see the single `PID 1` process: - - $ docker run -it --rm --name test top - Mem: 1704520K used, 352148K free, 0K shrd, 0K buff, 140368121167873K cached - CPU: 5% usr 0% sys 0% nic 94% idle 0% io 0% irq 0% sirq - Load average: 0.08 0.03 0.05 2/98 6 - PID PPID USER STAT VSZ %VSZ %CPU COMMAND - 1 0 root R 3164 0% 0% top -b - -Which will exit cleanly on `docker stop`: - - $ /usr/bin/time docker stop test - test - real 0m 0.20s - user 0m 0.02s - sys 0m 0.04s - -If you forget to add `exec` to the beginning of your `ENTRYPOINT`: - - FROM ubuntu - ENTRYPOINT top -b - CMD --ignored-param1 - -You can then run it (giving it a name for the next step): - - $ docker run -it --name test top --ignored-param2 - Mem: 1704184K used, 352484K free, 0K shrd, 0K buff, 140621524238337K cached - CPU: 9% usr 2% sys 0% nic 88% idle 0% io 0% irq 0% sirq - Load average: 0.01 0.02 0.05 2/101 7 - PID PPID USER STAT VSZ %VSZ %CPU COMMAND - 1 0 root S 3168 0% 0% /bin/sh -c top -b cmd cmd2 - 7 1 root R 3164 0% 0% top -b - -You can see from the output of `top` that the specified `ENTRYPOINT` is not `PID 1`. - -If you then run `docker stop test`, the container will not exit cleanly - the -`stop` command will be forced to send a `SIGKILL` after the timeout: - - $ docker exec -it test ps aux - PID USER COMMAND - 1 root /bin/sh -c top -b cmd cmd2 - 7 root top -b - 8 root ps aux - $ /usr/bin/time docker stop test - test - real 0m 10.19s - user 0m 0.04s - sys 0m 0.03s - -### Understand how CMD and ENTRYPOINT interact - -Both `CMD` and `ENTRYPOINT` instructions define what command gets executed when running a container. -There are few rules that describe their co-operation. - -1. Dockerfile should specify at least one of `CMD` or `ENTRYPOINT` commands. - -2. `ENTRYPOINT` should be defined when using the container as an executable. - -3. `CMD` should be used as a way of defining default arguments for an `ENTRYPOINT` command -or for executing an ad-hoc command in a container. - -4. `CMD` will be overridden when running the container with alternative arguments. - -The table below shows what command is executed for different `ENTRYPOINT` / `CMD` combinations: - -| | No ENTRYPOINT | ENTRYPOINT exec_entry p1_entry | ENTRYPOINT ["exec_entry", "p1_entry"] | -|--------------------------------|----------------------------|--------------------------------|------------------------------------------------| -| **No CMD** | *error, not allowed* | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry | -| **CMD ["exec_cmd", "p1_cmd"]** | exec_cmd p1_cmd | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry exec_cmd p1_cmd | -| **CMD ["p1_cmd", "p2_cmd"]** | p1_cmd p2_cmd | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry p1_cmd p2_cmd | -| **CMD exec_cmd p1_cmd** | /bin/sh -c exec_cmd p1_cmd | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry /bin/sh -c exec_cmd p1_cmd | - -## VOLUME - - VOLUME ["/data"] - -The `VOLUME` instruction creates a mount point with the specified name -and marks it as holding externally mounted volumes from native host or other -containers. The value can be a JSON array, `VOLUME ["/var/log/"]`, or a plain -string with multiple arguments, such as `VOLUME /var/log` or `VOLUME /var/log -/var/db`. For more information/examples and mounting instructions via the -Docker client, refer to -[*Share Directories via Volumes*](https://docs.docker.com/engine/tutorials/dockervolumes/#/mount-a-host-directory-as-a-data-volume) -documentation. - -The `docker run` command initializes the newly created volume with any data -that exists at the specified location within the base image. For example, -consider the following Dockerfile snippet: - - FROM ubuntu - RUN mkdir /myvol - RUN echo "hello world" > /myvol/greeting - VOLUME /myvol - -This Dockerfile results in an image that causes `docker run`, to -create a new mount point at `/myvol` and copy the `greeting` file -into the newly created volume. - -### Notes about specifying volumes - -Keep the following things in mind about volumes in the `Dockerfile`. - -- **Volumes on Windows-based containers**: When using Windows-based containers, - the destination of a volume inside the container must be one of: - - - a non-existing or empty directory - - a drive other than `C:` - -- **Changing the volume from within the Dockerfile**: If any build steps change the - data within the volume after it has been declared, those changes will be discarded. - -- **JSON formatting**: The list is parsed as a JSON array. - You must enclose words with double quotes (`"`)rather than single quotes (`'`). - -- **The host directory is declared at container run-time**: The host directory - (the mountpoint) is, by its nature, host-dependent. This is to preserve image - portability. since a given host directory can't be guaranteed to be available - on all hosts.For this reason, you can't mount a host directory from - within the Dockerfile. The `VOLUME` instruction does not support specifying a `host-dir` - parameter. You must specify the mountpoint when you create or run the container. - -## USER - - USER daemon - -The `USER` instruction sets the user name or UID to use when running the image -and for any `RUN`, `CMD` and `ENTRYPOINT` instructions that follow it in the -`Dockerfile`. - -## WORKDIR - - WORKDIR /path/to/workdir - -The `WORKDIR` instruction sets the working directory for any `RUN`, `CMD`, -`ENTRYPOINT`, `COPY` and `ADD` instructions that follow it in the `Dockerfile`. -If the `WORKDIR` doesn't exist, it will be created even if it's not used in any -subsequent `Dockerfile` instruction. - -It can be used multiple times in the one `Dockerfile`. If a relative path -is provided, it will be relative to the path of the previous `WORKDIR` -instruction. For example: - - WORKDIR /a - WORKDIR b - WORKDIR c - RUN pwd - -The output of the final `pwd` command in this `Dockerfile` would be -`/a/b/c`. - -The `WORKDIR` instruction can resolve environment variables previously set using -`ENV`. You can only use environment variables explicitly set in the `Dockerfile`. -For example: - - ENV DIRPATH /path - WORKDIR $DIRPATH/$DIRNAME - RUN pwd - -The output of the final `pwd` command in this `Dockerfile` would be -`/path/$DIRNAME` - -## ARG - - ARG [=] - -The `ARG` instruction defines a variable that users can pass at build-time to -the builder with the `docker build` command using the `--build-arg =` -flag. If a user specifies a build argument that was not -defined in the Dockerfile, the build outputs a warning. - -``` -[Warning] One or more build-args [foo] were not consumed. -``` - -The Dockerfile author can define a single variable by specifying `ARG` once or many -variables by specifying `ARG` more than once. For example, a valid Dockerfile: - -``` -FROM busybox -ARG user1 -ARG buildno -... -``` - -A Dockerfile author may optionally specify a default value for an `ARG` instruction: - -``` -FROM busybox -ARG user1=someuser -ARG buildno=1 -... -``` - -If an `ARG` value has a default and if there is no value passed at build-time, the -builder uses the default. - -An `ARG` variable definition comes into effect from the line on which it is -defined in the `Dockerfile` not from the argument's use on the command-line or -elsewhere. For example, consider this Dockerfile: - -``` -1 FROM busybox -2 USER ${user:-some_user} -3 ARG user -4 USER $user -... -``` -A user builds this file by calling: - -``` -$ docker build --build-arg user=what_user . -``` - -The `USER` at line 2 evaluates to `some_user` as the `user` variable is defined on the -subsequent line 3. The `USER` at line 4 evaluates to `what_user` as `user` is -defined and the `what_user` value was passed on the command line. Prior to its definition by an -`ARG` instruction, any use of a variable results in an empty string. - -> **Warning:** It is not recommended to use build-time variables for -> passing secrets like github keys, user credentials etc. Build-time variable -> values are visible to any user of the image with the `docker history` command. - -You can use an `ARG` or an `ENV` instruction to specify variables that are -available to the `RUN` instruction. Environment variables defined using the -`ENV` instruction always override an `ARG` instruction of the same name. Consider -this Dockerfile with an `ENV` and `ARG` instruction. - -``` -1 FROM ubuntu -2 ARG CONT_IMG_VER -3 ENV CONT_IMG_VER v1.0.0 -4 RUN echo $CONT_IMG_VER -``` -Then, assume this image is built with this command: - -``` -$ docker build --build-arg CONT_IMG_VER=v2.0.1 . -``` - -In this case, the `RUN` instruction uses `v1.0.0` instead of the `ARG` setting -passed by the user:`v2.0.1` This behavior is similar to a shell -script where a locally scoped variable overrides the variables passed as -arguments or inherited from environment, from its point of definition. - -Using the example above but a different `ENV` specification you can create more -useful interactions between `ARG` and `ENV` instructions: - -``` -1 FROM ubuntu -2 ARG CONT_IMG_VER -3 ENV CONT_IMG_VER ${CONT_IMG_VER:-v1.0.0} -4 RUN echo $CONT_IMG_VER -``` - -Unlike an `ARG` instruction, `ENV` values are always persisted in the built -image. Consider a docker build without the `--build-arg` flag: - -``` -$ docker build . -``` - -Using this Dockerfile example, `CONT_IMG_VER` is still persisted in the image but -its value would be `v1.0.0` as it is the default set in line 3 by the `ENV` instruction. - -The variable expansion technique in this example allows you to pass arguments -from the command line and persist them in the final image by leveraging the -`ENV` instruction. Variable expansion is only supported for [a limited set of -Dockerfile instructions.](#environment-replacement) - -Docker has a set of predefined `ARG` variables that you can use without a -corresponding `ARG` instruction in the Dockerfile. - -* `HTTP_PROXY` -* `http_proxy` -* `HTTPS_PROXY` -* `https_proxy` -* `FTP_PROXY` -* `ftp_proxy` -* `NO_PROXY` -* `no_proxy` - -To use these, simply pass them on the command line using the flag: - -``` ---build-arg = -``` - -By default, these pre-defined variables are excluded from the output of -`docker history`. Excluding them reduces the risk of accidentally leaking -sensitive authentication information in an `HTTP_PROXY` variable. - -For example, consider building the following Dockerfile using -`--build-arg HTTP_PROXY=http://user:pass@proxy.lon.example.com` - -``` Dockerfile -FROM ubuntu -RUN echo "Hello World" -``` - -In this case, the value of the `HTTP_PROXY` variable is not available in the -`docker history` and is not cached. If you were to change location, and your -proxy server changed to `http://user:pass@proxy.sfo.example.com`, a subsequent -build does not result in a cache miss. - -If you need to override this behaviour then you may do so by adding an `ARG` -statement in the Dockerfile as follows: - -``` Dockerfile -FROM ubuntu -ARG HTTP_PROXY -RUN echo "Hello World" -``` - -When building this Dockerfile, the `HTTP_PROXY` is preserved in the -`docker history`, and changing its value invalidates the build cache. - -### Impact on build caching - -`ARG` variables are not persisted into the built image as `ENV` variables are. -However, `ARG` variables do impact the build cache in similar ways. If a -Dockerfile defines an `ARG` variable whose value is different from a previous -build, then a "cache miss" occurs upon its first usage, not its definition. In -particular, all `RUN` instructions following an `ARG` instruction use the `ARG` -variable implicitly (as an environment variable), thus can cause a cache miss. -All predefined `ARG` variables are exempt from caching unless there is a -matching `ARG` statement in the `Dockerfile`. - -For example, consider these two Dockerfile: - -``` -1 FROM ubuntu -2 ARG CONT_IMG_VER -3 RUN echo $CONT_IMG_VER -``` - -``` -1 FROM ubuntu -2 ARG CONT_IMG_VER -3 RUN echo hello -``` - -If you specify `--build-arg CONT_IMG_VER=` on the command line, in both -cases, the specification on line 2 does not cause a cache miss; line 3 does -cause a cache miss.`ARG CONT_IMG_VER` causes the RUN line to be identified -as the same as running `CONT_IMG_VER=` echo hello, so if the `` -changes, we get a cache miss. - -Consider another example under the same command line: - -``` -1 FROM ubuntu -2 ARG CONT_IMG_VER -3 ENV CONT_IMG_VER $CONT_IMG_VER -4 RUN echo $CONT_IMG_VER -``` -In this example, the cache miss occurs on line 3. The miss happens because -the variable's value in the `ENV` references the `ARG` variable and that -variable is changed through the command line. In this example, the `ENV` -command causes the image to include the value. - -If an `ENV` instruction overrides an `ARG` instruction of the same name, like -this Dockerfile: - -``` -1 FROM ubuntu -2 ARG CONT_IMG_VER -3 ENV CONT_IMG_VER hello -4 RUN echo $CONT_IMG_VER -``` - -Line 3 does not cause a cache miss because the value of `CONT_IMG_VER` is a -constant (`hello`). As a result, the environment variables and values used on -the `RUN` (line 4) doesn't change between builds. - -## ONBUILD - - ONBUILD [INSTRUCTION] - -The `ONBUILD` instruction adds to the image a *trigger* instruction to -be executed at a later time, when the image is used as the base for -another build. The trigger will be executed in the context of the -downstream build, as if it had been inserted immediately after the -`FROM` instruction in the downstream `Dockerfile`. - -Any build instruction can be registered as a trigger. - -This is useful if you are building an image which will be used as a base -to build other images, for example an application build environment or a -daemon which may be customized with user-specific configuration. - -For example, if your image is a reusable Python application builder, it -will require application source code to be added in a particular -directory, and it might require a build script to be called *after* -that. You can't just call `ADD` and `RUN` now, because you don't yet -have access to the application source code, and it will be different for -each application build. You could simply provide application developers -with a boilerplate `Dockerfile` to copy-paste into their application, but -that is inefficient, error-prone and difficult to update because it -mixes with application-specific code. - -The solution is to use `ONBUILD` to register advance instructions to -run later, during the next build stage. - -Here's how it works: - -1. When it encounters an `ONBUILD` instruction, the builder adds a - trigger to the metadata of the image being built. The instruction - does not otherwise affect the current build. -2. At the end of the build, a list of all triggers is stored in the - image manifest, under the key `OnBuild`. They can be inspected with - the `docker inspect` command. -3. Later the image may be used as a base for a new build, using the - `FROM` instruction. As part of processing the `FROM` instruction, - the downstream builder looks for `ONBUILD` triggers, and executes - them in the same order they were registered. If any of the triggers - fail, the `FROM` instruction is aborted which in turn causes the - build to fail. If all triggers succeed, the `FROM` instruction - completes and the build continues as usual. -4. Triggers are cleared from the final image after being executed. In - other words they are not inherited by "grand-children" builds. - -For example you might add something like this: - - [...] - ONBUILD ADD . /app/src - ONBUILD RUN /usr/local/bin/python-build --dir /app/src - [...] - -> **Warning**: Chaining `ONBUILD` instructions using `ONBUILD ONBUILD` isn't allowed. - -> **Warning**: The `ONBUILD` instruction may not trigger `FROM` or `MAINTAINER` instructions. - -## STOPSIGNAL - - STOPSIGNAL signal - -The `STOPSIGNAL` instruction sets the system call signal that will be sent to the container to exit. -This signal can be a valid unsigned number that matches a position in the kernel's syscall table, for instance 9, -or a signal name in the format SIGNAME, for instance SIGKILL. - -## HEALTHCHECK - -The `HEALTHCHECK` instruction has two forms: - -* `HEALTHCHECK [OPTIONS] CMD command` (check container health by running a command inside the container) -* `HEALTHCHECK NONE` (disable any healthcheck inherited from the base image) - -The `HEALTHCHECK` instruction tells Docker how to test a container to check that -it is still working. This can detect cases such as a web server that is stuck in -an infinite loop and unable to handle new connections, even though the server -process is still running. - -When a container has a healthcheck specified, it has a _health status_ in -addition to its normal status. This status is initially `starting`. Whenever a -health check passes, it becomes `healthy` (whatever state it was previously in). -After a certain number of consecutive failures, it becomes `unhealthy`. - -The options that can appear before `CMD` are: - -* `--interval=DURATION` (default: `30s`) -* `--timeout=DURATION` (default: `30s`) -* `--start-period=DURATION` (default: `0s`) -* `--retries=N` (default: `3`) - -The health check will first run **interval** seconds after the container is -started, and then again **interval** seconds after each previous check completes. - -If a single run of the check takes longer than **timeout** seconds then the check -is considered to have failed. - -It takes **retries** consecutive failures of the health check for the container -to be considered `unhealthy`. - -**start period** provides initialization time for containers that need time to bootstrap. -Probe failure during that period will not be counted towards the maximum number of retries. -However, if a health check succeeds during the start period, the container is considered -started and all consecutive failures will be counted towards the maximum number of retries. - -There can only be one `HEALTHCHECK` instruction in a Dockerfile. If you list -more than one then only the last `HEALTHCHECK` will take effect. - -The command after the `CMD` keyword can be either a shell command (e.g. `HEALTHCHECK -CMD /bin/check-running`) or an _exec_ array (as with other Dockerfile commands; -see e.g. `ENTRYPOINT` for details). - -The command's exit status indicates the health status of the container. -The possible values are: - -- 0: success - the container is healthy and ready for use -- 1: unhealthy - the container is not working correctly -- 2: reserved - do not use this exit code - -For example, to check every five minutes or so that a web-server is able to -serve the site's main page within three seconds: - - HEALTHCHECK --interval=5m --timeout=3s \ - CMD curl -f http://localhost/ || exit 1 - -To help debug failing probes, any output text (UTF-8 encoded) that the command writes -on stdout or stderr will be stored in the health status and can be queried with -`docker inspect`. Such output should be kept short (only the first 4096 bytes -are stored currently). - -When the health status of a container changes, a `health_status` event is -generated with the new status. - -The `HEALTHCHECK` feature was added in Docker 1.12. - - -## SHELL - - SHELL ["executable", "parameters"] - -The `SHELL` instruction allows the default shell used for the *shell* form of -commands to be overridden. The default shell on Linux is `["/bin/sh", "-c"]`, and on -Windows is `["cmd", "/S", "/C"]`. The `SHELL` instruction *must* be written in JSON -form in a Dockerfile. - -The `SHELL` instruction is particularly useful on Windows where there are -two commonly used and quite different native shells: `cmd` and `powershell`, as -well as alternate shells available including `sh`. - -The `SHELL` instruction can appear multiple times. Each `SHELL` instruction overrides -all previous `SHELL` instructions, and affects all subsequent instructions. For example: - - FROM microsoft/windowsservercore - - # Executed as cmd /S /C echo default - RUN echo default - - # Executed as cmd /S /C powershell -command Write-Host default - RUN powershell -command Write-Host default - - # Executed as powershell -command Write-Host hello - SHELL ["powershell", "-command"] - RUN Write-Host hello - - # Executed as cmd /S /C echo hello - SHELL ["cmd", "/S"", "/C"] - RUN echo hello - -The following instructions can be affected by the `SHELL` instruction when the -*shell* form of them is used in a Dockerfile: `RUN`, `CMD` and `ENTRYPOINT`. - -The following example is a common pattern found on Windows which can be -streamlined by using the `SHELL` instruction: - - ... - RUN powershell -command Execute-MyCmdlet -param1 "c:\foo.txt" - ... - -The command invoked by docker will be: - - cmd /S /C powershell -command Execute-MyCmdlet -param1 "c:\foo.txt" - -This is inefficient for two reasons. First, there is an un-necessary cmd.exe command -processor (aka shell) being invoked. Second, each `RUN` instruction in the *shell* -form requires an extra `powershell -command` prefixing the command. - -To make this more efficient, one of two mechanisms can be employed. One is to -use the JSON form of the RUN command such as: - - ... - RUN ["powershell", "-command", "Execute-MyCmdlet", "-param1 \"c:\\foo.txt\""] - ... - -While the JSON form is unambiguous and does not use the un-necessary cmd.exe, -it does require more verbosity through double-quoting and escaping. The alternate -mechanism is to use the `SHELL` instruction and the *shell* form, -making a more natural syntax for Windows users, especially when combined with -the `escape` parser directive: - - # escape=` - - FROM microsoft/nanoserver - SHELL ["powershell","-command"] - RUN New-Item -ItemType Directory C:\Example - ADD Execute-MyCmdlet.ps1 c:\example\ - RUN c:\example\Execute-MyCmdlet -sample 'hello world' - -Resulting in: - - PS E:\docker\build\shell> docker build -t shell . - Sending build context to Docker daemon 4.096 kB - Step 1/5 : FROM microsoft/nanoserver - ---> 22738ff49c6d - Step 2/5 : SHELL powershell -command - ---> Running in 6fcdb6855ae2 - ---> 6331462d4300 - Removing intermediate container 6fcdb6855ae2 - Step 3/5 : RUN New-Item -ItemType Directory C:\Example - ---> Running in d0eef8386e97 - - - Directory: C:\ - - - Mode LastWriteTime Length Name - ---- ------------- ------ ---- - d----- 10/28/2016 11:26 AM Example - - - ---> 3f2fbf1395d9 - Removing intermediate container d0eef8386e97 - Step 4/5 : ADD Execute-MyCmdlet.ps1 c:\example\ - ---> a955b2621c31 - Removing intermediate container b825593d39fc - Step 5/5 : RUN c:\example\Execute-MyCmdlet 'hello world' - ---> Running in be6d8e63fe75 - hello world - ---> 8e559e9bf424 - Removing intermediate container be6d8e63fe75 - Successfully built 8e559e9bf424 - PS E:\docker\build\shell> - -The `SHELL` instruction could also be used to modify the way in which -a shell operates. For example, using `SHELL cmd /S /C /V:ON|OFF` on Windows, delayed -environment variable expansion semantics could be modified. - -The `SHELL` instruction can also be used on Linux should an alternate shell be -required such as `zsh`, `csh`, `tcsh` and others. - -The `SHELL` feature was added in Docker 1.12. - -## Dockerfile examples - -Below you can see some examples of Dockerfile syntax. If you're interested in -something more realistic, take a look at the list of [Dockerization examples](https://docs.docker.com/engine/examples/). - -``` -# Nginx -# -# VERSION 0.0.1 - -FROM ubuntu -LABEL Description="This image is used to start the foobar executable" Vendor="ACME Products" Version="1.0" -RUN apt-get update && apt-get install -y inotify-tools nginx apache2 openssh-server -``` - -``` -# Firefox over VNC -# -# VERSION 0.3 - -FROM ubuntu - -# Install vnc, xvfb in order to create a 'fake' display and firefox -RUN apt-get update && apt-get install -y x11vnc xvfb firefox -RUN mkdir ~/.vnc -# Setup a password -RUN x11vnc -storepasswd 1234 ~/.vnc/passwd -# Autostart firefox (might not be the best way, but it does the trick) -RUN bash -c 'echo "firefox" >> /.bashrc' - -EXPOSE 5900 -CMD ["x11vnc", "-forever", "-usepw", "-create"] -``` - -``` -# Multiple images example -# -# VERSION 0.1 - -FROM ubuntu -RUN echo foo > bar -# Will output something like ===> 907ad6c2736f - -FROM ubuntu -RUN echo moo > oink -# Will output something like ===> 695d7793cbe4 - -# You'll now have two images, 907ad6c2736f with /bar, and 695d7793cbe4 with -# /oink. -``` diff --git a/components/engine/docs/reference/commandline/attach.md b/components/engine/docs/reference/commandline/attach.md deleted file mode 100644 index 4153331bad..0000000000 --- a/components/engine/docs/reference/commandline/attach.md +++ /dev/null @@ -1,160 +0,0 @@ ---- -title: "attach" -description: "The attach command description and usage" -keywords: "attach, running, container" ---- - - - -# attach - -```markdown -Usage: docker attach [OPTIONS] CONTAINER - -Attach local standard input, output, and error streams to a running container - -Options: - --detach-keys string Override the key sequence for detaching a container - --help Print usage - --no-stdin Do not attach STDIN - --sig-proxy Proxy all received signals to the process (default true) -``` - -## Description - -Use `docker attach` to attach your terminal's standard input, output, and error -(or any combination of the three) to a running container using the container's -ID or name. This allows you to view its ongoing output or to control it -interactively, as though the commands were running directly in your terminal. - -> **Note:** -> The `attach` command will display the output of the `ENTRYPOINT/CMD` process. This -> can appear as if the attach command is hung when in fact the process may simply -> not be interacting with the terminal at that time. - -You can attach to the same contained process multiple times simultaneously, -even as a different user with the appropriate permissions. - -To stop a container, use `CTRL-c`. This key sequence sends `SIGKILL` to the -container. If `--sig-proxy` is true (the default),`CTRL-c` sends a `SIGINT` to -the container. You can detach from a container and leave it running using the - `CTRL-p CTRL-q` key sequence. - -> **Note:** -> A process running as PID 1 inside a container is treated specially by -> Linux: it ignores any signal with the default action. So, the process -> will not terminate on `SIGINT` or `SIGTERM` unless it is coded to do -> so. - -It is forbidden to redirect the standard input of a `docker attach` command -while attaching to a tty-enabled container (i.e.: launched with `-t`). - -While a client is connected to container's stdio using `docker attach`, Docker -uses a ~1MB memory buffer to maximize the throughput of the application. If -this buffer is filled, the speed of the API connection will start to have an -effect on the process output writing speed. This is similar to other -applications like SSH. Because of this, it is not recommended to run -performance critical applications that generate a lot of output in the -foreground over a slow client connection. Instead, users should use the -`docker logs` command to get access to the logs. - -### Override the detach sequence - -If you want, you can configure an override the Docker key sequence for detach. -This is useful if the Docker default sequence conflicts with key sequence you -use for other applications. There are two ways to define your own detach key -sequence, as a per-container override or as a configuration property on your -entire configuration. - -To override the sequence for an individual container, use the -`--detach-keys=""` flag with the `docker attach` command. The format of -the `` is either a letter [a-Z], or the `ctrl-` combined with any of -the following: - -* `a-z` (a single lowercase alpha character ) -* `@` (at sign) -* `[` (left bracket) -* `\\` (two backward slashes) -* `_` (underscore) -* `^` (caret) - -These `a`, `ctrl-a`, `X`, or `ctrl-\\` values are all examples of valid key -sequences. To configure a different configuration default key sequence for all -containers, see [**Configuration file** section](cli.md#configuration-files). - -## Examples - -### Attach to and detach from a running container - -```bash -$ docker run -d --name topdemo ubuntu /usr/bin/top -b - -$ docker attach topdemo - -top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 -Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie -Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st -Mem: 373572k total, 355560k used, 18012k free, 27872k buffers -Swap: 786428k total, 0k used, 786428k free, 221740k cached - -PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17200 1116 912 R 0 0.3 0:00.03 top - - top - 02:05:55 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355244k used, 18328k free, 27872k buffers - Swap: 786428k total, 0k used, 786428k free, 221776k cached - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top - - - top - 02:05:58 up 3:06, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.2%us, 0.3%sy, 0.0%ni, 99.5%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355780k used, 17792k free, 27880k buffers - Swap: 786428k total, 0k used, 786428k free, 221776k cached - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top -^C$ - -$ echo $? -0 -$ docker ps -a | grep topdemo - -7998ac8581f9 ubuntu:14.04 "/usr/bin/top -b" 38 seconds ago Exited (0) 21 seconds ago topdemo -``` - -### Get the exit code of the container's command - -And in this second example, you can see the exit code returned by the `bash` -process is returned by the `docker attach` command to its caller too: - -```bash - $ docker run --name test -d -it debian - - 275c44472aebd77c926d4527885bb09f2f6db21d878c75f0a1c212c03d3bcfab - - $ docker attach test - - root@f38c87f2a42d:/# exit 13 - - exit - - $ echo $? - - 13 - - $ docker ps -a | grep test - - 275c44472aeb debian:7 "/bin/bash" 26 seconds ago Exited (13) 17 seconds ago test -``` diff --git a/components/engine/docs/reference/commandline/build.md b/components/engine/docs/reference/commandline/build.md deleted file mode 100644 index 9f587372c6..0000000000 --- a/components/engine/docs/reference/commandline/build.md +++ /dev/null @@ -1,581 +0,0 @@ ---- -title: "build" -description: "The build command description and usage" -keywords: "build, docker, image" ---- - - - -# build - -```markdown -Usage: docker build [OPTIONS] PATH | URL | - - -Build an image from a Dockerfile - -Options: - --add-host value Add a custom host-to-IP mapping (host:ip) (default []) - --build-arg value Set build-time variables (default []) - --cache-from value Images to consider as cache sources (default []) - --cgroup-parent string Optional parent cgroup for the container - --compress Compress the build context using gzip - --cpu-period int Limit the CPU CFS (Completely Fair Scheduler) period - --cpu-quota int Limit the CPU CFS (Completely Fair Scheduler) quota - -c, --cpu-shares int CPU shares (relative weight) - --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) - --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) - --disable-content-trust Skip image verification (default true) - -f, --file string Name of the Dockerfile (Default is 'PATH/Dockerfile') - --force-rm Always remove intermediate containers - --help Print usage - --iidfile string Write the image ID to the file - --isolation string Container isolation technology - --label value Set metadata for an image (default []) - -m, --memory string Memory limit - --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap - --network string Set the networking mode for the RUN instructions during build - 'bridge': use default Docker bridge - 'none': no networking - 'container:': reuse another container's network stack - 'host': use the Docker host network stack - '|': connect to a user-defined network - --no-cache Do not use cache when building the image - --pull Always attempt to pull a newer version of the image - -q, --quiet Suppress the build output and print image ID on success - --rm Remove intermediate containers after a successful build (default true) - --security-opt value Security Options (default []) - --shm-size bytes Size of /dev/shm - The format is ``. `number` must be greater than `0`. - Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), - or `g` (gigabytes). If you omit the unit, the system uses bytes. - --squash Squash newly built layers into a single new layer (**Experimental Only**) - -t, --tag value Name and optionally a tag in the 'name:tag' format (default []) - --target string Set the target build stage to build. - --ulimit value Ulimit options (default []) -``` - -## Description - -Builds Docker images from a Dockerfile and a "context". A build's context is -the files located in the specified `PATH` or `URL`. The build process can refer -to any of the files in the context. For example, your build can use an -[*ADD*](../builder.md#add) instruction to reference a file in the -context. - -The `URL` parameter can refer to three kinds of resources: Git repositories, -pre-packaged tarball contexts and plain text files. - -### Git repositories - -When the `URL` parameter points to the location of a Git repository, the -repository acts as the build context. The system recursively fetches the -repository and its submodules. The commit history is not preserved. A -repository is first pulled into a temporary directory on your local host. After -the that succeeds, the directory is sent to the Docker daemon as the context. -Local copy gives you the ability to access private repositories using local -user credentials, VPN's, and so forth. - -> **Note:** -> If the `URL` parameter contains a fragment the system will recursively clone -> the repository and its submodules using a `git clone --recursive` command. - -Git URLs accept context configuration in their fragment section, separated by a -colon `:`. The first part represents the reference that Git will check out, -this can be either a branch, a tag, or a remote reference. The second part -represents a subdirectory inside the repository that will be used as a build -context. - -For example, run this command to use a directory called `docker` in the branch -`container`: - -```bash -$ docker build https://github.com/docker/rootfs.git#container:docker -``` - -The following table represents all the valid suffixes with their build -contexts: - -Build Syntax Suffix | Commit Used | Build Context Used ---------------------------------|-----------------------|------------------- -`myrepo.git` | `refs/heads/master` | `/` -`myrepo.git#mytag` | `refs/tags/mytag` | `/` -`myrepo.git#mybranch` | `refs/heads/mybranch` | `/` -`myrepo.git#pull/42/head` | `refs/pull/42/head` | `/` -`myrepo.git#:myfolder` | `refs/heads/master` | `/myfolder` -`myrepo.git#master:myfolder` | `refs/heads/master` | `/myfolder` -`myrepo.git#mytag:myfolder` | `refs/tags/mytag` | `/myfolder` -`myrepo.git#mybranch:myfolder` | `refs/heads/mybranch` | `/myfolder` - - -### Tarball contexts - -If you pass an URL to a remote tarball, the URL itself is sent to the daemon: - -```bash -$ docker build http://server/context.tar.gz -``` - -The download operation will be performed on the host the Docker daemon is -running on, which is not necessarily the same host from which the build command -is being issued. The Docker daemon will fetch `context.tar.gz` and use it as the -build context. Tarball contexts must be tar archives conforming to the standard -`tar` UNIX format and can be compressed with any one of the 'xz', 'bzip2', -'gzip' or 'identity' (no compression) formats. - -### Text files - -Instead of specifying a context, you can pass a single `Dockerfile` in the -`URL` or pipe the file in via `STDIN`. To pipe a `Dockerfile` from `STDIN`: - -```bash -$ docker build - < Dockerfile -``` - -With Powershell on Windows, you can run: - -```powershell -Get-Content Dockerfile | docker build - -``` - -If you use `STDIN` or specify a `URL` pointing to a plain text file, the system -places the contents into a file called `Dockerfile`, and any `-f`, `--file` -option is ignored. In this scenario, there is no context. - -By default the `docker build` command will look for a `Dockerfile` at the root -of the build context. The `-f`, `--file`, option lets you specify the path to -an alternative file to use instead. This is useful in cases where the same set -of files are used for multiple builds. The path must be to a file within the -build context. If a relative path is specified then it is interpreted as -relative to the root of the context. - -In most cases, it's best to put each Dockerfile in an empty directory. Then, -add to that directory only the files needed for building the Dockerfile. To -increase the build's performance, you can exclude files and directories by -adding a `.dockerignore` file to that directory as well. For information on -creating one, see the [.dockerignore file](../builder.md#dockerignore-file). - -If the Docker client loses connection to the daemon, the build is canceled. -This happens if you interrupt the Docker client with `CTRL-c` or if the Docker -client is killed for any reason. If the build initiated a pull which is still -running at the time the build is cancelled, the pull is cancelled as well. - -## Return code - -On a successful build, a return code of success `0` will be returned. When the -build fails, a non-zero failure code will be returned. - -There should be informational output of the reason for failure output to -`STDERR`: - -```bash -$ docker build -t fail . - -Sending build context to Docker daemon 2.048 kB -Sending build context to Docker daemon -Step 1/3 : FROM busybox - ---> 4986bf8c1536 -Step 2/3 : RUN exit 13 - ---> Running in e26670ec7a0a -INFO[0000] The command [/bin/sh -c exit 13] returned a non-zero code: 13 -$ echo $? -1 -``` - -See also: - -[*Dockerfile Reference*](../builder.md). - -## Examples - -### Build with PATH - -```bash -$ docker build . - -Uploading context 10240 bytes -Step 1/3 : FROM busybox -Pulling repository busybox - ---> e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/ -Step 2/3 : RUN ls -lh / - ---> Running in 9c9e81692ae9 -total 24 -drwxr-xr-x 2 root root 4.0K Mar 12 2013 bin -drwxr-xr-x 5 root root 4.0K Oct 19 00:19 dev -drwxr-xr-x 2 root root 4.0K Oct 19 00:19 etc -drwxr-xr-x 2 root root 4.0K Nov 15 23:34 lib -lrwxrwxrwx 1 root root 3 Mar 12 2013 lib64 -> lib -dr-xr-xr-x 116 root root 0 Nov 15 23:34 proc -lrwxrwxrwx 1 root root 3 Mar 12 2013 sbin -> bin -dr-xr-xr-x 13 root root 0 Nov 15 23:34 sys -drwxr-xr-x 2 root root 4.0K Mar 12 2013 tmp -drwxr-xr-x 2 root root 4.0K Nov 15 23:34 usr - ---> b35f4035db3f -Step 3/3 : CMD echo Hello world - ---> Running in 02071fceb21b - ---> f52f38b7823e -Successfully built f52f38b7823e -Removing intermediate container 9c9e81692ae9 -Removing intermediate container 02071fceb21b -``` - -This example specifies that the `PATH` is `.`, and so all the files in the -local directory get `tar`d and sent to the Docker daemon. The `PATH` specifies -where to find the files for the "context" of the build on the Docker daemon. -Remember that the daemon could be running on a remote machine and that no -parsing of the Dockerfile happens at the client side (where you're running -`docker build`). That means that *all* the files at `PATH` get sent, not just -the ones listed to [*ADD*](../builder.md#add) in the Dockerfile. - -The transfer of context from the local machine to the Docker daemon is what the -`docker` client means when you see the "Sending build context" message. - -If you wish to keep the intermediate containers after the build is complete, -you must use `--rm=false`. This does not affect the build cache. - -### Build with URL - -```bash -$ docker build github.com/creack/docker-firefox -``` - -This will clone the GitHub repository and use the cloned repository as context. -The Dockerfile at the root of the repository is used as Dockerfile. You can -specify an arbitrary Git repository by using the `git://` or `git@` scheme. - -```bash -$ docker build -f ctx/Dockerfile http://server/ctx.tar.gz - -Downloading context: http://server/ctx.tar.gz [===================>] 240 B/240 B -Step 1/3 : FROM busybox - ---> 8c2e06607696 -Step 2/3 : ADD ctx/container.cfg / - ---> e7829950cee3 -Removing intermediate container b35224abf821 -Step 3/3 : CMD /bin/ls - ---> Running in fbc63d321d73 - ---> 3286931702ad -Removing intermediate container fbc63d321d73 -Successfully built 377c409b35e4 -``` - -This sends the URL `http://server/ctx.tar.gz` to the Docker daemon, which -downloads and extracts the referenced tarball. The `-f ctx/Dockerfile` -parameter specifies a path inside `ctx.tar.gz` to the `Dockerfile` that is used -to build the image. Any `ADD` commands in that `Dockerfile` that refers to local -paths must be relative to the root of the contents inside `ctx.tar.gz`. In the -example above, the tarball contains a directory `ctx/`, so the `ADD -ctx/container.cfg /` operation works as expected. - -### Build with - - -```bash -$ docker build - < Dockerfile -``` - -This will read a Dockerfile from `STDIN` without context. Due to the lack of a -context, no contents of any local directory will be sent to the Docker daemon. -Since there is no context, a Dockerfile `ADD` only works if it refers to a -remote URL. - -```bash -$ docker build - < context.tar.gz -``` - -This will build an image for a compressed context read from `STDIN`. Supported -formats are: bzip2, gzip and xz. - -### Use a .dockerignore file - -```bash -$ docker build . - -Uploading context 18.829 MB -Uploading context -Step 1/2 : FROM busybox - ---> 769b9341d937 -Step 2/2 : CMD echo Hello world - ---> Using cache - ---> 99cc1ad10469 -Successfully built 99cc1ad10469 -$ echo ".git" > .dockerignore -$ docker build . -Uploading context 6.76 MB -Uploading context -Step 1/2 : FROM busybox - ---> 769b9341d937 -Step 2/2 : CMD echo Hello world - ---> Using cache - ---> 99cc1ad10469 -Successfully built 99cc1ad10469 -``` - -This example shows the use of the `.dockerignore` file to exclude the `.git` -directory from the context. Its effect can be seen in the changed size of the -uploaded context. The builder reference contains detailed information on -[creating a .dockerignore file](../builder.md#dockerignore-file) - -### Tag an image (-t) - -```bash -$ docker build -t vieux/apache:2.0 . -``` - -This will build like the previous example, but it will then tag the resulting -image. The repository name will be `vieux/apache` and the tag will be `2.0`. -[Read more about valid tags](tag.md). - -You can apply multiple tags to an image. For example, you can apply the `latest` -tag to a newly built image and add another tag that references a specific -version. -For example, to tag an image both as `whenry/fedora-jboss:latest` and -`whenry/fedora-jboss:v2.1`, use the following: - -```bash -$ docker build -t whenry/fedora-jboss:latest -t whenry/fedora-jboss:v2.1 . -``` - -### Specify a Dockerfile (-f) - -```bash -$ docker build -f Dockerfile.debug . -``` - -This will use a file called `Dockerfile.debug` for the build instructions -instead of `Dockerfile`. - -```bash -$ curl example.com/remote/Dockerfile | docker build -f - . -``` - -The above command will use the current directory as the build context and read -a Dockerfile from stdin. - -```bash -$ docker build -f dockerfiles/Dockerfile.debug -t myapp_debug . -$ docker build -f dockerfiles/Dockerfile.prod -t myapp_prod . -``` - -The above commands will build the current build context (as specified by the -`.`) twice, once using a debug version of a `Dockerfile` and once using a -production version. - -```bash -$ cd /home/me/myapp/some/dir/really/deep -$ docker build -f /home/me/myapp/dockerfiles/debug /home/me/myapp -$ docker build -f ../../../../dockerfiles/debug /home/me/myapp -``` - -These two `docker build` commands do the exact same thing. They both use the -contents of the `debug` file instead of looking for a `Dockerfile` and will use -`/home/me/myapp` as the root of the build context. Note that `debug` is in the -directory structure of the build context, regardless of how you refer to it on -the command line. - -> **Note:** -> `docker build` will return a `no such file or directory` error if the -> file or directory does not exist in the uploaded context. This may -> happen if there is no context, or if you specify a file that is -> elsewhere on the Host system. The context is limited to the current -> directory (and its children) for security reasons, and to ensure -> repeatable builds on remote Docker hosts. This is also the reason why -> `ADD ../file` will not work. - -### Use a custom parent cgroup (--cgroup-parent) - -When `docker build` is run with the `--cgroup-parent` option the containers -used in the build will be run with the [corresponding `docker run` -flag](../run.md#specifying-custom-cgroups). - -### Set ulimits in container (--ulimit) - -Using the `--ulimit` option with `docker build` will cause each build step's -container to be started using those [`--ulimit` -flag values](./run.md#set-ulimits-in-container-ulimit). - -### Set build-time variables (--build-arg) - -You can use `ENV` instructions in a Dockerfile to define variable -values. These values persist in the built image. However, often -persistence is not what you want. Users want to specify variables differently -depending on which host they build an image on. - -A good example is `http_proxy` or source versions for pulling intermediate -files. The `ARG` instruction lets Dockerfile authors define values that users -can set at build-time using the `--build-arg` flag: - -```bash -$ docker build --build-arg HTTP_PROXY=http://10.20.30.2:1234 . -``` - -This flag allows you to pass the build-time variables that are -accessed like regular environment variables in the `RUN` instruction of the -Dockerfile. Also, these values don't persist in the intermediate or final images -like `ENV` values do. - -Using this flag will not alter the output you see when the `ARG` lines from the -Dockerfile are echoed during the build process. - -For detailed information on using `ARG` and `ENV` instructions, see the -[Dockerfile reference](../builder.md). - -### Optional security options (--security-opt) - -This flag is only supported on a daemon running on Windows, and only supports -the `credentialspec` option. The `credentialspec` must be in the format -`file://spec.txt` or `registry://keyname`. - -### Specify isolation technology for container (--isolation) - -This option is useful in situations where you are running Docker containers on -Windows. The `--isolation=` option sets a container's isolation -technology. On Linux, the only supported is the `default` option which uses -Linux namespaces. On Microsoft Windows, you can specify these values: - - -| Value | Description | -|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. | -| `process` | Namespace isolation only. | -| `hyperv` | Hyper-V hypervisor partition-based isolation. | - -Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. - -### Add entries to container hosts file (--add-host) - -You can add other hosts into a container's `/etc/hosts` file by using one or -more `--add-host` flags. This example adds a static address for a host named -`docker`: - - $ docker build --add-host=docker:10.180.0.1 . - -### Specifying target build stage (--target) - -When building a Dockerfile with multiple build stages, `--target` can be used to -specify an intermediate build stage by name as a final stage for the resulting -image. Commands after the target stage will be skipped. - -```Dockerfile -FROM debian AS build-env -... - -FROM alpine AS production-env -... -``` - -```bash -$ docker build -t mybuildimage --target build-env . -``` - -### Squash an image's layers (--squash) **Experimental Only** - -#### Overview - -Once the image is built, squash the new layers into a new image with a single -new layer. Squashing does not destroy any existing image, rather it creates a new -image with the content of the squashed layers. This effectively makes it look -like all `Dockerfile` commands were created with a single layer. The build -cache is preserved with this method. - -**Note**: using this option means the new image will not be able to take -advantage of layer sharing with other images and may use significantly more -space. - -**Note**: using this option you may see significantly more space used due to -storing two copies of the image, one for the build cache with all the cache -layers in tact, and one for the squashed version. - -#### Prerequisites - -The example on this page is using experimental mode in Docker 1.13. - -Experimental mode can be enabled by using the `--experimental` flag when starting the Docker daemon or setting `experimental: true` in the `daemon.json` configuration file. - -By default, experimental mode is disabled. To see the current configuration, use the `docker version` command. - -```none - -Server: - Version: 1.13.1 - API version: 1.26 (minimum version 1.12) - Go version: go1.7.5 - Git commit: 092cba3 - Built: Wed Feb 8 06:35:24 2017 - OS/Arch: linux/amd64 - Experimental: false - - [...] - -``` - -To enable experimental mode, users need to restart the docker daemon with the experimental flag enabled. - -#### Enable Docker experimental - -Experimental features are now included in the standard Docker binaries as of version 1.13.0. For enabling experimental features, you need to start the Docker daemon with `--experimental` flag. You can also enable the daemon flag via /etc/docker/daemon.json. e.g. - -``` - -{ - "experimental": true -} - -``` -Then make sure the experimental flag is enabled: - -```bash - -$ docker version -f '{{.Server.Experimental}}' -true - -``` - -#### Build an image with `--squash` argument - -The following is an example of docker build with `--squash` argument - -```Dockerfile - -FROM busybox -RUN echo hello > /hello -RUN echo world >> /hello -RUN touch remove_me /remove_me -ENV HELLO world -RUN rm /remove_me - -``` -An image named `test` is built with `--squash` argument. - -```bash - -$ docker build --squash -t test . - -[...] - -``` - -If everything is right, the history will look like this: - -```bash -$ docker history test - -IMAGE CREATED CREATED BY SIZE COMMENT -4e10cb5b4cac 3 seconds ago 12 B merge sha256:88a7b0112a41826885df0e7072698006ee8f621c6ab99fca7fe9151d7b599702 to sha256:47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb - 5 minutes ago /bin/sh -c rm /remove_me 0 B - 5 minutes ago /bin/sh -c #(nop) ENV HELLO=world 0 B - 5 minutes ago /bin/sh -c touch remove_me /remove_me 0 B - 5 minutes ago /bin/sh -c echo world >> /hello 0 B - 6 minutes ago /bin/sh -c echo hello > /hello 0 B - 7 weeks ago /bin/sh -c #(nop) CMD ["sh"] 0 B - 7 weeks ago /bin/sh -c #(nop) ADD file:47ca6e777c36a4cfff 1.113 MB - -``` -We could find that all layer's name is ``, and there is a new layer with COMMENT `merge`. - -Test the image, check for `/remove_me` being gone, make sure `hello\nworld` is in `/hello`, make sure the `HELLO` envvar's value is `world`. diff --git a/components/engine/docs/reference/commandline/cli.md b/components/engine/docs/reference/commandline/cli.md deleted file mode 100644 index 4d1cd2a638..0000000000 --- a/components/engine/docs/reference/commandline/cli.md +++ /dev/null @@ -1,317 +0,0 @@ ---- -title: "Use the Docker command line" -description: "Docker's CLI command description and usage" -keywords: "Docker, Docker documentation, CLI, command line" ---- - - - -# docker - -To list available commands, either run `docker` with no parameters -or execute `docker help`: - -```bash -$ docker -Usage: docker [OPTIONS] COMMAND [ARG...] - docker [ --help | -v | --version ] - -A self-sufficient runtime for containers. - -Options: - --config string Location of client config files (default "/root/.docker") - -D, --debug Enable debug mode - --help Print usage - -H, --host value Daemon socket(s) to connect to (default []) - -l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info") - --tls Use TLS; implied by --tlsverify - --tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem") - --tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem") - --tlskey string Path to TLS key file (default "/root/.docker/key.pem") - --tlsverify Use TLS and verify the remote - -v, --version Print version information and quit - -Commands: - attach Attach to a running container - # […] -``` - -## Description - -Depending on your Docker system configuration, you may be required to preface -each `docker` command with `sudo`. To avoid having to use `sudo` with the -`docker` command, your system administrator can create a Unix group called -`docker` and add users to it. - -For more information about installing Docker or `sudo` configuration, refer to -the [installation](https://docs.docker.com/engine/installation/) instructions for your operating system. - -### Environment variables - -For easy reference, the following list of environment variables are supported -by the `docker` command line: - -* `DOCKER_API_VERSION` The API version to use (e.g. `1.19`) -* `DOCKER_CONFIG` The location of your client configuration files. -* `DOCKER_CERT_PATH` The location of your authentication keys. -* `DOCKER_DRIVER` The graph driver to use. -* `DOCKER_HOST` Daemon socket to connect to. -* `DOCKER_NOWARN_KERNEL_VERSION` Prevent warnings that your Linux kernel is - unsuitable for Docker. -* `DOCKER_RAMDISK` If set this will disable 'pivot_root'. -* `DOCKER_TLS_VERIFY` When set Docker uses TLS and verifies the remote. -* `DOCKER_CONTENT_TRUST` When set Docker uses notary to sign and verify images. - Equates to `--disable-content-trust=false` for build, create, pull, push, run. -* `DOCKER_CONTENT_TRUST_SERVER` The URL of the Notary server to use. This defaults - to the same URL as the registry. -* `DOCKER_HIDE_LEGACY_COMMANDS` When set, Docker hides "legacy" top-level commands (such as `docker rm`, and - `docker pull`) in `docker help` output, and only `Management commands` per object-type (e.g., `docker container`) are - printed. This may become the default in a future release, at which point this environment-variable is removed. -* `DOCKER_TMPDIR` Location for temporary Docker files. - -Because Docker is developed using Go, you can also use any environment -variables used by the Go runtime. In particular, you may find these useful: - -* `HTTP_PROXY` -* `HTTPS_PROXY` -* `NO_PROXY` - -These Go environment variables are case-insensitive. See the -[Go specification](http://golang.org/pkg/net/http/) for details on these -variables. - -### Configuration files - -By default, the Docker command line stores its configuration files in a -directory called `.docker` within your `$HOME` directory. However, you can -specify a different location via the `DOCKER_CONFIG` environment variable -or the `--config` command line option. If both are specified, then the -`--config` option overrides the `DOCKER_CONFIG` environment variable. -For example: - - docker --config ~/testconfigs/ ps - -Instructs Docker to use the configuration files in your `~/testconfigs/` -directory when running the `ps` command. - -Docker manages most of the files in the configuration directory -and you should not modify them. However, you *can modify* the -`config.json` file to control certain aspects of how the `docker` -command behaves. - -Currently, you can modify the `docker` command behavior using environment -variables or command-line options. You can also use options within -`config.json` to modify some of the same behavior. When using these -mechanisms, you must keep in mind the order of precedence among them. Command -line options override environment variables and environment variables override -properties you specify in a `config.json` file. - -The `config.json` file stores a JSON encoding of several properties: - -The property `HttpHeaders` specifies a set of headers to include in all messages -sent from the Docker client to the daemon. Docker does not try to interpret or -understand these header; it simply puts them into the messages. Docker does -not allow these headers to change any headers it sets for itself. - -The property `psFormat` specifies the default format for `docker ps` output. -When the `--format` flag is not provided with the `docker ps` command, -Docker's client uses this property. If this property is not set, the client -falls back to the default table format. For a list of supported formatting -directives, see the -[**Formatting** section in the `docker ps` documentation](ps.md) - -The property `imagesFormat` specifies the default format for `docker images` output. -When the `--format` flag is not provided with the `docker images` command, -Docker's client uses this property. If this property is not set, the client -falls back to the default table format. For a list of supported formatting -directives, see the [**Formatting** section in the `docker images` documentation](images.md) - -The property `pluginsFormat` specifies the default format for `docker plugin ls` output. -When the `--format` flag is not provided with the `docker plugin ls` command, -Docker's client uses this property. If this property is not set, the client -falls back to the default table format. For a list of supported formatting -directives, see the [**Formatting** section in the `docker plugin ls` documentation](plugin_ls.md) - -The property `servicesFormat` specifies the default format for `docker -service ls` output. When the `--format` flag is not provided with the -`docker service ls` command, Docker's client uses this property. If this -property is not set, the client falls back to the default json format. For a -list of supported formatting directives, see the -[**Formatting** section in the `docker service ls` documentation](service_ls.md) - -The property `serviceInspectFormat` specifies the default format for `docker -service inspect` output. When the `--format` flag is not provided with the -`docker service inspect` command, Docker's client uses this property. If this -property is not set, the client falls back to the default json format. For a -list of supported formatting directives, see the -[**Formatting** section in the `docker service inspect` documentation](service_inspect.md) - -The property `statsFormat` specifies the default format for `docker -stats` output. When the `--format` flag is not provided with the -`docker stats` command, Docker's client uses this property. If this -property is not set, the client falls back to the default table -format. For a list of supported formatting directives, see -[**Formatting** section in the `docker stats` documentation](stats.md) - -The property `secretFormat` specifies the default format for `docker -secret ls` output. When the `--format` flag is not provided with the -`docker secret ls` command, Docker's client uses this property. If this -property is not set, the client falls back to the default table -format. For a list of supported formatting directives, see -[**Formatting** section in the `docker secret ls` documentation](secret_ls.md) - - -The property `nodesFormat` specifies the default format for `docker node ls` output. -When the `--format` flag is not provided with the `docker node ls` command, -Docker's client uses the value of `nodesFormat`. If the value of `nodesFormat` is not set, -the client uses the default table format. For a list of supported formatting -directives, see the [**Formatting** section in the `docker node ls` documentation](node_ls.md) - -The property `configFormat` specifies the default format for `docker -config ls` output. When the `--format` flag is not provided with the -`docker config ls` command, Docker's client uses this property. If this -property is not set, the client falls back to the default table -format. For a list of supported formatting directives, see -[**Formatting** section in the `docker config ls` documentation](config_ls.md) - -The property `credsStore` specifies an external binary to serve as the default -credential store. When this property is set, `docker login` will attempt to -store credentials in the binary specified by `docker-credential-` which -is visible on `$PATH`. If this property is not set, credentials will be stored -in the `auths` property of the config. For more information, see the -[**Credentials store** section in the `docker login` documentation](login.md#credentials-store) - -The property `credHelpers` specifies a set of credential helpers to use -preferentially over `credsStore` or `auths` when storing and retrieving -credentials for specific registries. If this property is set, the binary -`docker-credential-` will be used when storing or retrieving credentials -for a specific registry. For more information, see the -[**Credential helpers** section in the `docker login` documentation](login.md#credential-helpers) - -Once attached to a container, users detach from it and leave it running using -the using `CTRL-p CTRL-q` key sequence. This detach key sequence is customizable -using the `detachKeys` property. Specify a `` value for the -property. The format of the `` is a comma-separated list of either -a letter [a-Z], or the `ctrl-` combined with any of the following: - -* `a-z` (a single lowercase alpha character ) -* `@` (at sign) -* `[` (left bracket) -* `\\` (two backward slashes) -* `_` (underscore) -* `^` (caret) - -Your customization applies to all containers started in with your Docker client. -Users can override your custom or the default key sequence on a per-container -basis. To do this, the user specifies the `--detach-keys` flag with the `docker -attach`, `docker exec`, `docker run` or `docker start` command. - -Following is a sample `config.json` file: - -```json -{ - "HttpHeaders": { - "MyHeader": "MyValue" - }, - "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}", - "imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}", - "pluginsFormat": "table {{.ID}}\t{{.Name}}\t{{.Enabled}}", - "statsFormat": "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}", - "servicesFormat": "table {{.ID}}\t{{.Name}}\t{{.Mode}}", - "secretFormat": "table {{.ID}}\t{{.Name}}\t{{.CreatedAt}}\t{{.UpdatedAt}}", - "configFormat": "table {{.ID}}\t{{.Name}}\t{{.CreatedAt}}\t{{.UpdatedAt}}", - "serviceInspectFormat": "pretty", - "nodesFormat": "table {{.ID}}\t{{.Hostname}}\t{{.Availability}}", - "detachKeys": "ctrl-e,e", - "credsStore": "secretservice", - "credHelpers": { - "awesomereg.example.org": "hip-star", - "unicorn.example.com": "vcbait" - } -} -``` - -### Notary - -If using your own notary server and a self-signed certificate or an internal -Certificate Authority, you need to place the certificate at -`tls//ca.crt` in your docker config directory. - -Alternatively you can trust the certificate globally by adding it to your system's -list of root Certificate Authorities. - -## Examples - -### Display help text - -To list the help on any command just execute the command, followed by the -`--help` option. - - $ docker run --help - - Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] - - Run a command in a new container - - Options: - --add-host value Add a custom host-to-IP mapping (host:ip) (default []) - -a, --attach value Attach to STDIN, STDOUT or STDERR (default []) - ... - -### Option types - -Single character command line options can be combined, so rather than -typing `docker run -i -t --name test busybox sh`, -you can write `docker run -it --name test busybox sh`. - -#### Boolean - -Boolean options take the form `-d=false`. The value you see in the help text is -the default value which is set if you do **not** specify that flag. If you -specify a Boolean flag without a value, this will set the flag to `true`, -irrespective of the default value. - -For example, running `docker run -d` will set the value to `true`, so your -container **will** run in "detached" mode, in the background. - -Options which default to `true` (e.g., `docker build --rm=true`) can only be -set to the non-default value by explicitly setting them to `false`: - -```bash -$ docker build --rm=false . -``` - -#### Multi - -You can specify options like `-a=[]` multiple times in a single command line, -for example in these commands: - -```bash -$ docker run -a stdin -a stdout -i -t ubuntu /bin/bash - -$ docker run -a stdin -a stdout -a stderr ubuntu /bin/ls -``` - -Sometimes, multiple options can call for a more complex value string as for -`-v`: - -```bash -$ docker run -v /host:/container example/mysql -``` - -> **Note**: Do not use the `-t` and `-a stderr` options together due to -> limitations in the `pty` implementation. All `stderr` in `pty` mode -> simply goes to `stdout`. - -#### Strings and Integers - -Options like `--name=""` expect a string, and they -can only be specified once. Options like `-c=0` -expect an integer, and they can only be specified once. diff --git a/components/engine/docs/reference/commandline/commit.md b/components/engine/docs/reference/commandline/commit.md deleted file mode 100644 index f713eeab97..0000000000 --- a/components/engine/docs/reference/commandline/commit.md +++ /dev/null @@ -1,117 +0,0 @@ ---- -title: "commit" -description: "The commit command description and usage" -keywords: "commit, file, changes" ---- - - - -# commit - -```markdown -Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] - -Create a new image from a container's changes - -Options: - -a, --author string Author (e.g., "John Hannibal Smith ") - -c, --change value Apply Dockerfile instruction to the created image (default []) - --help Print usage - -m, --message string Commit message - -p, --pause Pause container during commit (default true) -``` - -## Description - -It can be useful to commit a container's file changes or settings into a new -image. This allows you to debug a container by running an interactive shell, or to -export a working dataset to another server. Generally, it is better to use -Dockerfiles to manage your images in a documented and maintainable way. -[Read more about valid image names and tags](tag.md). - -The commit operation will not include any data contained in -volumes mounted inside the container. - -By default, the container being committed and its processes will be paused -while the image is committed. This reduces the likelihood of encountering data -corruption during the process of creating the commit. If this behavior is -undesired, set the `--pause` option to false. - -The `--change` option will apply `Dockerfile` instructions to the image that is -created. Supported `Dockerfile` instructions: -`CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`LABEL`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` - -## Examples - -### Commit a container - -```bash -$ docker ps - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky -197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton - -$ docker commit c3f279d17e0a svendowideit/testimage:version3 - -f5283438590d - -$ docker images - -REPOSITORY TAG ID CREATED SIZE -svendowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB -``` - -### Commit a container with new configurations - -```bash -$ docker ps - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky -197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton - -$ docker inspect -f "{{ .Config.Env }}" c3f279d17e0a - -[HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] - -$ docker commit --change "ENV DEBUG true" c3f279d17e0a svendowideit/testimage:version3 - -f5283438590d - -$ docker inspect -f "{{ .Config.Env }}" f5283438590d - -[HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin DEBUG=true] -``` - -### Commit a container with new `CMD` and `EXPOSE` instructions - -```bash -$ docker ps - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky -197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton - -$ docker commit --change='CMD ["apachectl", "-DFOREGROUND"]' -c "EXPOSE 80" c3f279d17e0a svendowideit/testimage:version4 - -f5283438590d - -$ docker run -d svendowideit/testimage:version4 - -89373736e2e7f00bc149bd783073ac43d0507da250e999f3f1036e0db60817c0 - -$ docker ps - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -89373736e2e7 testimage:version4 "apachectl -DFOREGROU" 3 seconds ago Up 2 seconds 80/tcp distracted_fermat -c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky -197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton -``` diff --git a/components/engine/docs/reference/commandline/container.md b/components/engine/docs/reference/commandline/container.md deleted file mode 100644 index 5eefbf2c3e..0000000000 --- a/components/engine/docs/reference/commandline/container.md +++ /dev/null @@ -1,61 +0,0 @@ - ---- -title: "container" -description: "The container command description and usage" -keywords: "container" ---- - - - -# container - -```markdown -Usage: docker container COMMAND - -Manage containers - -Options: - --help Print usage - -Commands: - attach Attach to a running container - commit Create a new image from a container's changes - cp Copy files/folders between a container and the local filesystem - create Create a new container - diff Inspect changes to files or directories on a container's filesystem - exec Run a command in a running container - export Export a container's filesystem as a tar archive - inspect Display detailed information on one or more containers - kill Kill one or more running containers - logs Fetch the logs of a container - ls List containers - pause Pause all processes within one or more containers - port List port mappings or a specific mapping for the container - prune Remove all stopped containers - rename Rename a container - restart Restart one or more containers - rm Remove one or more containers - run Run a command in a new container - start Start one or more stopped containers - stats Display a live stream of container(s) resource usage statistics - stop Stop one or more running containers - top Display the running processes of a container - unpause Unpause all processes within one or more containers - update Update configuration of one or more containers - wait Block until one or more containers stop, then print their exit codes - -Run 'docker container COMMAND --help' for more information on a command. - -``` - -## Description - -Manage containers. - diff --git a/components/engine/docs/reference/commandline/container_prune.md b/components/engine/docs/reference/commandline/container_prune.md deleted file mode 100644 index 72488901ed..0000000000 --- a/components/engine/docs/reference/commandline/container_prune.md +++ /dev/null @@ -1,126 +0,0 @@ ---- -title: "container prune" -description: "Remove all stopped containers" -keywords: container, prune, delete, remove ---- - - - -# container prune - -```markdown -Usage: docker container prune [OPTIONS] - -Remove all stopped containers - -Options: -Options: - --filter filter Provide filter values (e.g. 'until=') - -f, --force Do not prompt for confirmation - --help Print usage -``` - -## Description - -Removes all stopped containers. - -## Examples - -### Prune containers - -```bash -$ docker container prune -WARNING! This will remove all stopped containers. -Are you sure you want to continue? [y/N] y -Deleted Containers: -4a7f7eebae0f63178aff7eb0aa39cd3f0627a203ab2df258c1a00b456cf20063 -f98f9c2aa1eaf727e4ec9c0283bc7d4aa4762fbdba7f26191f26c97f64090360 - -Total reclaimed space: 212 B -``` - -### Filtering - -The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more -than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - -The currently supported filters are: - -* until (``) - only remove containers created before given timestamp -* label (`label=`, `label==`, `label!=`, or `label!==`) - only remove containers with (or without, in case `label!=...` is used) the specified labels. - -The `until` filter can be Unix timestamps, date formatted -timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed -relative to the daemon machine’s time. Supported formats for date -formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, -`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local -timezone on the daemon will be used if you do not provide either a `Z` or a -`+-00:00` timezone offset at the end of the timestamp. When providing Unix -timestamps enter seconds[.nanoseconds], where seconds is the number of seconds -that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap -seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a -fraction of a second no more than nine digits long. - -The `label` filter accepts two formats. One is the `label=...` (`label=` or `label==`), -which removes containers with the specified labels. The other -format is the `label!=...` (`label!=` or `label!==`), which removes -containers without the specified labels. - -The following removes containers created more than 5 minutes ago: - -```bash -$ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}' - -CONTAINER ID IMAGE COMMAND CREATED AT STATUS -61b9efa71024 busybox "sh" 2017-01-04 13:23:33 -0800 PST Exited (0) 41 seconds ago -53a9bc23a516 busybox "sh" 2017-01-04 13:11:59 -0800 PST Exited (0) 12 minutes ago - -$ docker container prune --force --filter "until=5m" - -Deleted Containers: -53a9bc23a5168b6caa2bfbefddf1b30f93c7ad57f3dec271fd32707497cb9369 - -Total reclaimed space: 25 B - -$ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}' - -CONTAINER ID IMAGE COMMAND CREATED AT STATUS -61b9efa71024 busybox "sh" 2017-01-04 13:23:33 -0800 PST Exited (0) 44 seconds ago -``` - -The following removes containers created before `2017-01-04T13:10:00`: - -```bash -$ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}' - -CONTAINER ID IMAGE COMMAND CREATED AT STATUS -53a9bc23a516 busybox "sh" 2017-01-04 13:11:59 -0800 PST Exited (0) 7 minutes ago -4a75091a6d61 busybox "sh" 2017-01-04 13:09:53 -0800 PST Exited (0) 9 minutes ago - -$ docker container prune --force --filter "until=2017-01-04T13:10:00" - -Deleted Containers: -4a75091a6d618526fcd8b33ccd6e5928ca2a64415466f768a6180004b0c72c6c - -Total reclaimed space: 27 B - -$ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}' - -CONTAINER ID IMAGE COMMAND CREATED AT STATUS -53a9bc23a516 busybox "sh" 2017-01-04 13:11:59 -0800 PST Exited (0) 9 minutes ago -``` - -## Related commands - -* [system df](system_df.md) -* [volume prune](volume_prune.md) -* [image prune](image_prune.md) -* [network prune](network_prune.md) -* [system prune](system_prune.md) diff --git a/components/engine/docs/reference/commandline/cp.md b/components/engine/docs/reference/commandline/cp.md deleted file mode 100644 index 5cbbee25ae..0000000000 --- a/components/engine/docs/reference/commandline/cp.md +++ /dev/null @@ -1,115 +0,0 @@ ---- -title: "cp" -description: "The cp command description and usage" -keywords: "copy, container, files, folders" ---- - - - -# cp - -```markdown -Usage: docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|- - docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH - -Copy files/folders between a container and the local filesystem - -Use '-' as the source to read a tar archive from stdin -and extract it to a directory destination in a container. -Use '-' as the destination to stream a tar archive of a -container source to stdout. - -Options: - -L, --follow-link Always follow symbol link in SRC_PATH - --help Print usage -``` - -## Description - -The `docker cp` utility copies the contents of `SRC_PATH` to the `DEST_PATH`. -You can copy from the container's file system to the local machine or the -reverse, from the local filesystem to the container. If `-` is specified for -either the `SRC_PATH` or `DEST_PATH`, you can also stream a tar archive from -`STDIN` or to `STDOUT`. The `CONTAINER` can be a running or stopped container. -The `SRC_PATH` or `DEST_PATH` can be a file or directory. - -The `docker cp` command assumes container paths are relative to the container's -`/` (root) directory. This means supplying the initial forward slash is optional; -The command sees `compassionate_darwin:/tmp/foo/myfile.txt` and -`compassionate_darwin:tmp/foo/myfile.txt` as identical. Local machine paths can -be an absolute or relative value. The command interprets a local machine's -relative paths as relative to the current working directory where `docker cp` is -run. - -The `cp` command behaves like the Unix `cp -a` command in that directories are -copied recursively with permissions preserved if possible. Ownership is set to -the user and primary group at the destination. For example, files copied to a -container are created with `UID:GID` of the root user. Files copied to the local -machine are created with the `UID:GID` of the user which invoked the `docker cp` -command. If you specify the `-L` option, `docker cp` follows any symbolic link -in the `SRC_PATH`. `docker cp` does *not* create parent directories for -`DEST_PATH` if they do not exist. - -Assuming a path separator of `/`, a first argument of `SRC_PATH` and second -argument of `DEST_PATH`, the behavior is as follows: - -- `SRC_PATH` specifies a file - - `DEST_PATH` does not exist - - the file is saved to a file created at `DEST_PATH` - - `DEST_PATH` does not exist and ends with `/` - - Error condition: the destination directory must exist. - - `DEST_PATH` exists and is a file - - the destination is overwritten with the source file's contents - - `DEST_PATH` exists and is a directory - - the file is copied into this directory using the basename from - `SRC_PATH` -- `SRC_PATH` specifies a directory - - `DEST_PATH` does not exist - - `DEST_PATH` is created as a directory and the *contents* of the source - directory are copied into this directory - - `DEST_PATH` exists and is a file - - Error condition: cannot copy a directory to a file - - `DEST_PATH` exists and is a directory - - `SRC_PATH` does not end with `/.` (that is: _slash_ followed by _dot_) - - the source directory is copied into this directory - - `SRC_PATH` does end with `/.` (that is: _slash_ followed by _dot_) - - the *content* of the source directory is copied into this - directory - -The command requires `SRC_PATH` and `DEST_PATH` to exist according to the above -rules. If `SRC_PATH` is local and is a symbolic link, the symbolic link, not -the target, is copied by default. To copy the link target and not the link, specify -the `-L` option. - -A colon (`:`) is used as a delimiter between `CONTAINER` and its path. You can -also use `:` when specifying paths to a `SRC_PATH` or `DEST_PATH` on a local -machine, for example `file:name.txt`. If you use a `:` in a local machine path, -you must be explicit with a relative or absolute path, for example: - - `/path/to/file:name.txt` or `./file:name.txt` - -It is not possible to copy certain system files such as resources under -`/proc`, `/sys`, `/dev`, [tmpfs](run.md#mount-tmpfs-tmpfs), and mounts created by -the user in the container. However, you can still copy such files by manually -running `tar` in `docker exec`. Both of the following examples do the same thing -in different ways (consider `SRC_PATH` and `DEST_PATH` are directories): - -```bash -$ docker exec foo tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | tar Cxf DEST_PATH - -``` - -```bash -$ tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | docker exec -i foo tar Cxf DEST_PATH - -``` - -Using `-` as the `SRC_PATH` streams the contents of `STDIN` as a tar archive. -The command extracts the content of the tar to the `DEST_PATH` in container's -filesystem. In this case, `DEST_PATH` must specify a directory. Using `-` as -the `DEST_PATH` streams the contents of the resource as a tar archive to `STDOUT`. diff --git a/components/engine/docs/reference/commandline/create.md b/components/engine/docs/reference/commandline/create.md deleted file mode 100644 index 8a57f2ffe9..0000000000 --- a/components/engine/docs/reference/commandline/create.md +++ /dev/null @@ -1,260 +0,0 @@ ---- -title: "create" -description: "The create command description and usage" -keywords: "docker, create, container" ---- - - - -# create - -Creates a new container. - -```markdown -Usage: docker create [OPTIONS] IMAGE [COMMAND] [ARG...] - -Create a new container - -Options: - --add-host value Add a custom host-to-IP mapping (host:ip) (default []) - -a, --attach value Attach to STDIN, STDOUT or STDERR (default []) - --blkio-weight value Block IO (relative weight), between 10 and 1000 - --blkio-weight-device value Block IO weight (relative device weight) (default []) - --cap-add value Add Linux capabilities (default []) - --cap-drop value Drop Linux capabilities (default []) - --cgroup-parent string Optional parent cgroup for the container - --cidfile string Write the container ID to the file - --cpu-count int The number of CPUs available for execution by the container. - Windows daemon only. On Windows Server containers, this is - approximated as a percentage of total CPU usage. - --cpu-percent int CPU percent (Windows only) - --cpu-period int Limit CPU CFS (Completely Fair Scheduler) period - --cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota - -c, --cpu-shares int CPU shares (relative weight) - --cpus NanoCPUs Number of CPUs (default 0.000) - --cpu-rt-period int Limit the CPU real-time period in microseconds - --cpu-rt-runtime int Limit the CPU real-time runtime in microseconds - --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) - --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) - --device value Add a host device to the container (default []) - --device-cgroup-rule value Add a rule to the cgroup allowed devices list - --device-read-bps value Limit read rate (bytes per second) from a device (default []) - --device-read-iops value Limit read rate (IO per second) from a device (default []) - --device-write-bps value Limit write rate (bytes per second) to a device (default []) - --device-write-iops value Limit write rate (IO per second) to a device (default []) - --disable-content-trust Skip image verification (default true) - --dns value Set custom DNS servers (default []) - --dns-option value Set DNS options (default []) - --dns-search value Set custom DNS search domains (default []) - --entrypoint string Overwrite the default ENTRYPOINT of the image - -e, --env value Set environment variables (default []) - --env-file value Read in a file of environment variables (default []) - --expose value Expose a port or a range of ports (default []) - --group-add value Add additional groups to join (default []) - --health-cmd string Command to run to check health - --health-interval duration Time between running the check (ns|us|ms|s|m|h) (default 0s) - --health-retries int Consecutive failures needed to report unhealthy - --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s) - --health-start-period duration Start period for the container to initialize before counting retries towards unstable (ns|us|ms|s|m|h) (default 0s) - --help Print usage - -h, --hostname string Container host name - --init Run an init inside the container that forwards signals and reaps processes - -i, --interactive Keep STDIN open even if not attached - --io-maxbandwidth string Maximum IO bandwidth limit for the system drive (Windows only) - --io-maxiops uint Maximum IOps limit for the system drive (Windows only) - --ip string IPv4 address (e.g., 172.30.100.104) - --ip6 string IPv6 address (e.g., 2001:db8::33) - --ipc string IPC namespace to use - --isolation string Container isolation technology - --kernel-memory string Kernel memory limit - -l, --label value Set meta data on a container (default []) - --label-file value Read in a line delimited file of labels (default []) - --link value Add link to another container (default []) - --link-local-ip value Container IPv4/IPv6 link-local addresses (default []) - --log-driver string Logging driver for the container - --log-opt value Log driver options (default []) - --mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33) - -m, --memory string Memory limit - --memory-reservation string Memory soft limit - --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap - --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1) - --mount value Attach a filesytem mount to the container (default []) - --name string Assign a name to the container - --network-alias value Add network-scoped alias for the container (default []) - --network string Connect a container to a network (default "default") - 'bridge': create a network stack on the default Docker bridge - 'none': no networking - 'container:': reuse another container's network stack - 'host': use the Docker host network stack - '|': connect to a user-defined network - --no-healthcheck Disable any container-specified HEALTHCHECK - --oom-kill-disable Disable OOM Killer - --oom-score-adj int Tune host's OOM preferences (-1000 to 1000) - --pid string PID namespace to use - --pids-limit int Tune container pids limit (set -1 for unlimited), kernel >= 4.3 - --privileged Give extended privileges to this container - -p, --publish value Publish a container's port(s) to the host (default []) - -P, --publish-all Publish all exposed ports to random ports - --read-only Mount the container's root filesystem as read only - --restart string Restart policy to apply when a container exits (default "no") - Possible values are: no, on-failure[:max-retry], always, unless-stopped - --rm Automatically remove the container when it exits - --runtime string Runtime to use for this container - --security-opt value Security Options (default []) - --shm-size bytes Size of /dev/shm - The format is ``. `number` must be greater than `0`. - Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), - or `g` (gigabytes). If you omit the unit, the system uses bytes. - --stop-signal string Signal to stop a container (default "SIGTERM") - --stop-timeout=10 Timeout (in seconds) to stop a container - --storage-opt value Storage driver options for the container (default []) - --sysctl value Sysctl options (default map[]) - --tmpfs value Mount a tmpfs directory (default []) - -t, --tty Allocate a pseudo-TTY - --ulimit value Ulimit options (default []) - -u, --user string Username or UID (format: [:]) - --userns string User namespace to use - 'host': Use the Docker host user namespace - '': Use the Docker daemon user namespace specified by `--userns-remap` option. - --uts string UTS namespace to use - -v, --volume value Bind mount a volume (default []). The format - is `[host-src:]container-dest[:]`. - The comma-delimited `options` are [rw|ro], - [z|Z], [[r]shared|[r]slave|[r]private], - [delegated|cached|consistent], and - [nocopy]. The 'host-src' is an absolute path - or a name value. - --volume-driver string Optional volume driver for the container - --volumes-from value Mount volumes from the specified container(s) (default []) - -w, --workdir string Working directory inside the container -``` -## Description - -The `docker create` command creates a writeable container layer over the -specified image and prepares it for running the specified command. The -container ID is then printed to `STDOUT`. This is similar to `docker run -d` -except the container is never started. You can then use the -`docker start ` command to start the container at any point. - -This is useful when you want to set up a container configuration ahead of time -so that it is ready to start when you need it. The initial status of the -new container is `created`. - -Please see the [run command](run.md) section and the [Docker run reference](../run.md) for more details. - -## Examples - -### Create and start a container - -```bash -$ docker create -t -i fedora bash - -6d8af538ec541dd581ebc2a24153a28329acb5268abe5ef868c1f1a261221752 - -$ docker start -a -i 6d8af538ec5 - -bash-4.2# -``` - -### Initialize volumes - -As of v1.4.0 container volumes are initialized during the `docker create` phase -(i.e., `docker run` too). For example, this allows you to `create` the `data` -volume container, and then use it from another container: - -```bash -$ docker create -v /data --name data ubuntu - -240633dfbb98128fa77473d3d9018f6123b99c454b3251427ae190a7d951ad57 - -$ docker run --rm --volumes-from data ubuntu ls -la /data - -total 8 -drwxr-xr-x 2 root root 4096 Dec 5 04:10 . -drwxr-xr-x 48 root root 4096 Dec 5 04:11 .. -``` - -Similarly, `create` a host directory bind mounted volume container, which can -then be used from the subsequent container: - -```bash -$ docker create -v /home/docker:/docker --name docker ubuntu - -9aa88c08f319cd1e4515c3c46b0de7cc9aa75e878357b1e96f91e2c773029f03 - -$ docker run --rm --volumes-from docker ubuntu ls -la /docker - -total 20 -drwxr-sr-x 5 1000 staff 180 Dec 5 04:00 . -drwxr-xr-x 48 root root 4096 Dec 5 04:13 .. --rw-rw-r-- 1 1000 staff 3833 Dec 5 04:01 .ash_history --rw-r--r-- 1 1000 staff 446 Nov 28 11:51 .ashrc --rw-r--r-- 1 1000 staff 25 Dec 5 04:00 .gitconfig -drwxr-sr-x 3 1000 staff 60 Dec 1 03:28 .local --rw-r--r-- 1 1000 staff 920 Nov 28 11:51 .profile -drwx--S--- 2 1000 staff 460 Dec 5 00:51 .ssh -drwxr-xr-x 32 1000 staff 1140 Dec 5 04:01 docker -``` - - -Set storage driver options per container. - -```bash -$ docker create -it --storage-opt size=120G fedora /bin/bash -``` - -This (size) will allow to set the container rootfs size to 120G at creation time. -This option is only available for the `devicemapper`, `btrfs`, `overlay2`, -`windowsfilter` and `zfs` graph drivers. -For the `devicemapper`, `btrfs`, `windowsfilter` and `zfs` graph drivers, -user cannot pass a size less than the Default BaseFS Size. -For the `overlay2` storage driver, the size option is only available if the -backing fs is `xfs` and mounted with the `pquota` mount option. -Under these conditions, user can pass any size less then the backing fs size. - -### Specify isolation technology for container (--isolation) - -This option is useful in situations where you are running Docker containers on -Windows. The `--isolation=` option sets a container's isolation -technology. On Linux, the only supported is the `default` option which uses -Linux namespaces. On Microsoft Windows, you can specify these values: - - -| Value | Description | -|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value if the -daemon is running on Windows server, or `hyperv` if running on Windows client. | -| `process` | Namespace isolation only. | -| `hyperv` | Hyper-V hypervisor partition-based isolation. | - -Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. - -### Dealing with dynamically created devices (--device-cgroup-rule) - -Devices available to a container are assigned at creation time. The -assigned devices will both be added to the cgroup.allow file and -created into the container once it is run. This poses a problem when -a new device needs to be added to running container. - -One of the solution is to add a more permissive rule to a container -allowing it access to a wider range of devices. For example, supposing -our container needs access to a character device with major `42` and -any number of minor number (added as new devices appear), the -following rule would be added: - -``` -docker create --device-cgroup-rule='c 42:* rmw' -name my-container my-image -``` - -Then, a user could ask `udev` to execute a script that would `docker exec my-container mknod newDevX c 42 ` -the required device when it is added. - -NOTE: initially present devices still need to be explicitely added to -the create/run command diff --git a/components/engine/docs/reference/commandline/deploy.md b/components/engine/docs/reference/commandline/deploy.md deleted file mode 100644 index a86b2b4b45..0000000000 --- a/components/engine/docs/reference/commandline/deploy.md +++ /dev/null @@ -1,112 +0,0 @@ ---- -title: "deploy" -description: "The deploy command description and usage" -keywords: "stack, deploy" -advisory: "experimental" ---- - - - -# deploy (experimental) - -An alias for `stack deploy`. - -```markdown -Usage: docker deploy [OPTIONS] STACK - -Deploy a new stack or update an existing stack - -Aliases: - deploy, up - -Options: - --bundle-file string Path to a Distributed Application Bundle file - --compose-file string Path to a Compose file - --help Print usage - --prune Prune services that are no longer referenced - --with-registry-auth Send registry authentication details to Swarm agents -``` - -## Description - -Create and update a stack from a `compose` or a `dab` file on the swarm. This command -has to be run targeting a manager node. - -## Examples - -### Compose file - -The `deploy` command supports compose file version `3.0` and above. - -```bash -$ docker stack deploy --compose-file docker-compose.yml vossibility - -Ignoring unsupported options: links - -Creating network vossibility_vossibility -Creating network vossibility_default -Creating service vossibility_nsqd -Creating service vossibility_logstash -Creating service vossibility_elasticsearch -Creating service vossibility_kibana -Creating service vossibility_ghollector -Creating service vossibility_lookupd -``` - -You can verify that the services were correctly created - -```bash -$ docker service ls - -ID NAME MODE REPLICAS IMAGE -29bv0vnlm903 vossibility_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 -4awt47624qwh vossibility_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 -4tjx9biia6fs vossibility_elasticsearch replicated 1/1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa -7563uuzr9eys vossibility_kibana replicated 1/1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 -9gc5m4met4he vossibility_logstash replicated 1/1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe -axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba -``` - -### DAB file - -```bash -$ docker stack deploy --bundle-file vossibility-stack.dab vossibility - -Loading bundle from vossibility-stack.dab -Creating service vossibility_elasticsearch -Creating service vossibility_kibana -Creating service vossibility_logstash -Creating service vossibility_lookupd -Creating service vossibility_nsqd -Creating service vossibility_vossibility-collector -``` - -You can verify that the services were correctly created: - -```bash -$ docker service ls - -ID NAME MODE REPLICAS IMAGE -29bv0vnlm903 vossibility_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 -4awt47624qwh vossibility_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 -4tjx9biia6fs vossibility_elasticsearch replicated 1/1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa -7563uuzr9eys vossibility_kibana replicated 1/1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 -9gc5m4met4he vossibility_logstash replicated 1/1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe -axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba -``` - -## Related commands - -* [stack config](stack_config.md) -* [stack deploy](stack_deploy.md) -* [stack ls](stack_ls.md) -* [stack ps](stack_ps.md) -* [stack rm](stack_rm.md) -* [stack services](stack_services.md) diff --git a/components/engine/docs/reference/commandline/diff.md b/components/engine/docs/reference/commandline/diff.md deleted file mode 100644 index e6e12cef80..0000000000 --- a/components/engine/docs/reference/commandline/diff.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: "diff" -description: "The diff command description and usage" -keywords: "list, changed, files, container" ---- - - - -# diff - -```markdown -Usage: docker diff CONTAINER - -Inspect changes to files or directories on a container's filesystem - -Options: - --help Print usage -``` - -## Description - -List the changed files and directories in a container᾿s filesystem since the -container was created. Three different types of change are tracked: - -| Symbol | Description | -|--------|---------------------------------| -| `A` | A file or directory was added | -| `D` | A file or directory was deleted | -| `C` | A file or directory was changed | - -You can use the full or shortened container ID or the container name set using -`docker run --name` option. - -## Examples - -Inspect the changes to an `nginx` container: - -```bash -$ docker diff 1fdfd1f54c1b - -C /dev -C /dev/console -C /dev/core -C /dev/stdout -C /dev/fd -C /dev/ptmx -C /dev/stderr -C /dev/stdin -C /run -A /run/nginx.pid -C /var/lib/nginx/tmp -A /var/lib/nginx/tmp/client_body -A /var/lib/nginx/tmp/fastcgi -A /var/lib/nginx/tmp/proxy -A /var/lib/nginx/tmp/scgi -A /var/lib/nginx/tmp/uwsgi -C /var/log/nginx -A /var/log/nginx/access.log -A /var/log/nginx/error.log -``` diff --git a/components/engine/docs/reference/commandline/dockerd.md b/components/engine/docs/reference/commandline/dockerd.md deleted file mode 100644 index ef6bcd3831..0000000000 --- a/components/engine/docs/reference/commandline/dockerd.md +++ /dev/null @@ -1,1480 +0,0 @@ ---- -title: "dockerd" -aliases: ["/engine/reference/commandline/daemon/"] -description: "The daemon command description and usage" -keywords: "container, daemon, runtime" ---- - - - -# daemon - -```markdown -Usage: dockerd COMMAND - -A self-sufficient runtime for containers. - -Options: - --add-runtime runtime Register an additional OCI compatible runtime (default []) - --allow-nondistributable-artifacts list Push nondistributable artifacts to specified registries (default []) - --api-cors-header string Set CORS headers in the Engine API - --authorization-plugin list Authorization plugins to load (default []) - --bip string Specify network bridge IP - -b, --bridge string Attach containers to a network bridge - --cgroup-parent string Set parent cgroup for all containers - --cluster-advertise string Address or interface name to advertise - --cluster-store string URL of the distributed storage backend - --cluster-store-opt map Set cluster store options (default map[]) - --config-file string Daemon configuration file (default "/etc/docker/daemon.json") - --containerd string Path to containerd socket - --cpu-rt-period int Limit the CPU real-time period in microseconds - --cpu-rt-runtime int Limit the CPU real-time runtime in microseconds - --data-root string Root directory of persistent Docker state (default "/var/lib/docker") - -D, --debug Enable debug mode - --default-gateway ip Container default gateway IPv4 address - --default-gateway-v6 ip Container default gateway IPv6 address - --default-runtime string Default OCI runtime for containers (default "runc") - --default-ulimit ulimit Default ulimits for containers (default []) - --disable-legacy-registry Disable contacting legacy registries (default true) - --dns list DNS server to use (default []) - --dns-opt list DNS options to use (default []) - --dns-search list DNS search domains to use (default []) - --exec-opt list Runtime execution options (default []) - --exec-root string Root directory for execution state files (default "/var/run/docker") - --experimental Enable experimental features - --fixed-cidr string IPv4 subnet for fixed IPs - --fixed-cidr-v6 string IPv6 subnet for fixed IPs - -G, --group string Group for the unix socket (default "docker") - --help Print usage - -H, --host list Daemon socket(s) to connect to (default []) - --icc Enable inter-container communication (default true) - --init Run an init in the container to forward signals and reap processes - --init-path string Path to the docker-init binary - --insecure-registry list Enable insecure registry communication (default []) - --ip ip Default IP when binding container ports (default 0.0.0.0) - --ip-forward Enable net.ipv4.ip_forward (default true) - --ip-masq Enable IP masquerading (default true) - --iptables Enable addition of iptables rules (default true) - --ipv6 Enable IPv6 networking - --label list Set key=value labels to the daemon (default []) - --live-restore Enable live restore of docker when containers are still running - --log-driver string Default driver for container logs (default "json-file") - -l, --log-level string Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info") - --log-opt map Default log driver options for containers (default map[]) - --max-concurrent-downloads int Set the max concurrent downloads for each pull (default 3) - --max-concurrent-uploads int Set the max concurrent uploads for each push (default 5) - --metrics-addr string Set default address and port to serve the metrics api on - --mtu int Set the containers network MTU - --no-new-privileges Set no-new-privileges by default for new containers - --oom-score-adjust int Set the oom_score_adj for the daemon (default -500) - -p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid") - --raw-logs Full timestamps without ANSI coloring - --registry-mirror list Preferred Docker registry mirror (default []) - --seccomp-profile string Path to seccomp profile - --selinux-enabled Enable selinux support - --shutdown-timeout int Set the default shutdown timeout (default 15) - -s, --storage-driver string Storage driver to use - --storage-opt list Storage driver options (default []) - --swarm-default-advertise-addr string Set default address or interface for swarm advertised address - --tls Use TLS; implied by --tlsverify - --tlscacert string Trust certs signed only by this CA (default "~/.docker/ca.pem") - --tlscert string Path to TLS certificate file (default "~/.docker/cert.pem") - --tlskey string Path to TLS key file (default ~/.docker/key.pem") - --tlsverify Use TLS and verify the remote - --userland-proxy Use userland proxy for loopback traffic (default true) - --userland-proxy-path string Path to the userland proxy binary - --userns-remap string User/Group setting for user namespaces - -v, --version Print version information and quit -``` - -Options with [] may be specified multiple times. - -## Description - -`dockerd` is the persistent process that manages containers. Docker -uses different binaries for the daemon and client. To run the daemon you -type `dockerd`. - -To run the daemon with debug output, use `dockerd -D` or add `debug: true` to -the `daemon.json` file. - -> **Note**: In Docker 1.13 and higher, enable experimental features by starting -> `dockerd` with the `--experimental` flag or adding `experimental: true` to the -> `daemon.json` file. In earlier Docker versions, a different build was required -> to enable experimental features. - -## Examples - -### Daemon socket option - -The Docker daemon can listen for [Docker Engine API](../api/) -requests via three different types of Socket: `unix`, `tcp`, and `fd`. - -By default, a `unix` domain socket (or IPC socket) is created at -`/var/run/docker.sock`, requiring either `root` permission, or `docker` group -membership. - -If you need to access the Docker daemon remotely, you need to enable the `tcp` -Socket. Beware that the default setup provides un-encrypted and -un-authenticated direct access to the Docker daemon - and should be secured -either using the [built in HTTPS encrypted socket](https://docs.docker.com/engine/security/https/), or by -putting a secure web proxy in front of it. You can listen on port `2375` on all -network interfaces with `-H tcp://0.0.0.0:2375`, or on a particular network -interface using its IP address: `-H tcp://192.168.59.103:2375`. It is -conventional to use port `2375` for un-encrypted, and port `2376` for encrypted -communication with the daemon. - -> **Note**: If you're using an HTTPS encrypted socket, keep in mind that only -> TLS1.0 and greater are supported. Protocols SSLv3 and under are not -> supported anymore for security reasons. - -On Systemd based systems, you can communicate with the daemon via -[Systemd socket activation](http://0pointer.de/blog/projects/socket-activation.html), -use `dockerd -H fd://`. Using `fd://` will work perfectly for most setups but -you can also specify individual sockets: `dockerd -H fd://3`. If the -specified socket activated files aren't found, then Docker will exit. You can -find examples of using Systemd socket activation with Docker and Systemd in the -[Docker source tree](https://github.com/docker/docker/tree/master/contrib/init/systemd/). - -You can configure the Docker daemon to listen to multiple sockets at the same -time using multiple `-H` options: - -```bash -# listen using the default unix socket, and on 2 specific IP addresses on this host. - -$ sudo dockerd -H unix:///var/run/docker.sock -H tcp://192.168.59.106 -H tcp://10.10.10.2 -``` - -The Docker client will honor the `DOCKER_HOST` environment variable to set the -`-H` flag for the client. Use **one** of the following commands: - -```bash -$ docker -H tcp://0.0.0.0:2375 ps -``` - -```bash -$ export DOCKER_HOST="tcp://0.0.0.0:2375" - -$ docker ps -``` - -Setting the `DOCKER_TLS_VERIFY` environment variable to any value other than -the empty string is equivalent to setting the `--tlsverify` flag. The following -are equivalent: - -```bash -$ docker --tlsverify ps -# or -$ export DOCKER_TLS_VERIFY=1 -$ docker ps -``` - -The Docker client will honor the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` -environment variables (or the lowercase versions thereof). `HTTPS_PROXY` takes -precedence over `HTTP_PROXY`. - -#### Bind Docker to another host/port or a Unix socket - -> **Warning**: -> Changing the default `docker` daemon binding to a -> TCP port or Unix *docker* user group will increase your security risks -> by allowing non-root users to gain *root* access on the host. Make sure -> you control access to `docker`. If you are binding -> to a TCP port, anyone with access to that port has full Docker access; -> so it is not advisable on an open network. - -With `-H` it is possible to make the Docker daemon to listen on a -specific IP and port. By default, it will listen on -`unix:///var/run/docker.sock` to allow only local connections by the -*root* user. You *could* set it to `0.0.0.0:2375` or a specific host IP -to give access to everybody, but that is **not recommended** because -then it is trivial for someone to gain root access to the host where the -daemon is running. - -Similarly, the Docker client can use `-H` to connect to a custom port. -The Docker client will default to connecting to `unix:///var/run/docker.sock` -on Linux, and `tcp://127.0.0.1:2376` on Windows. - -`-H` accepts host and port assignment in the following format: - - tcp://[host]:[port][path] or unix://path - -For example: - -- `tcp://` -> TCP connection to `127.0.0.1` on either port `2376` when TLS encryption - is on, or port `2375` when communication is in plain text. -- `tcp://host:2375` -> TCP connection on - host:2375 -- `tcp://host:2375/path` -> TCP connection on - host:2375 and prepend path to all requests -- `unix://path/to/socket` -> Unix socket located - at `path/to/socket` - -`-H`, when empty, will default to the same value as -when no `-H` was passed in. - -`-H` also accepts short form for TCP bindings: `host:` or `host:port` or `:port` - -Run Docker in daemon mode: - -```bash -$ sudo /dockerd -H 0.0.0.0:5555 & -``` - -Download an `ubuntu` image: - -```bash -$ docker -H :5555 pull ubuntu -``` - -You can use multiple `-H`, for example, if you want to listen on both -TCP and a Unix socket - -```bash -# Run docker in daemon mode -$ sudo /dockerd -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock & -# Download an ubuntu image, use default Unix socket -$ docker pull ubuntu -# OR use the TCP port -$ docker -H tcp://127.0.0.1:2375 pull ubuntu -``` - -### Daemon storage-driver - -The Docker daemon has support for several different image layer storage -drivers: `aufs`, `devicemapper`, `btrfs`, `zfs`, `overlay` and `overlay2`. - -The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that -is unlikely to be merged into the main kernel. These are also known to cause -some serious kernel crashes. However `aufs` allows containers to share -executable and shared library memory, so is a useful choice when running -thousands of containers with the same program or libraries. - -The `devicemapper` driver uses thin provisioning and Copy on Write (CoW) -snapshots. For each devicemapper graph location – typically -`/var/lib/docker/devicemapper` – a thin pool is created based on two block -devices, one for data and one for metadata. By default, these block devices -are created automatically by using loopback mounts of automatically created -sparse files. Refer to [Storage driver options](#storage-driver-options) below -for a way how to customize this setup. -[~jpetazzo/Resizing Docker containers with the Device Mapper plugin](http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/) -article explains how to tune your existing setup without the use of options. - -The `btrfs` driver is very fast for `docker build` - but like `devicemapper` -does not share executable memory between devices. Use -`dockerd -s btrfs -g /mnt/btrfs_partition`. - -The `zfs` driver is probably not as fast as `btrfs` but has a longer track record -on stability. Thanks to `Single Copy ARC` shared blocks between clones will be -cached only once. Use `dockerd -s zfs`. To select a different zfs filesystem -set `zfs.fsname` option as described in [Storage driver options](#storage-driver-options). - -The `overlay` is a very fast union filesystem. It is now merged in the main -Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). `overlay` -also supports page cache sharing, this means multiple containers accessing -the same file can share a single page cache entry (or entries), it makes -`overlay` as efficient with memory as `aufs` driver. Call -`dockerd -s overlay` to use it. - -> **Note**: As promising as `overlay` is, the feature is still quite young and -> should not be used in production. Most notably, using `overlay` can cause -> excessive inode consumption (especially as the number of images grows), as -> well as > being incompatible with the use of RPMs. - -The `overlay2` uses the same fast union filesystem but takes advantage of -[additional features](https://lkml.org/lkml/2015/2/11/106) added in Linux -kernel 4.0 to avoid excessive inode consumption. Call `dockerd -s overlay2` -to use it. - -> **Note**: Both `overlay` and `overlay2` are currently unsupported on `btrfs` -> or any Copy on Write filesystem and should only be used over `ext4` partitions. - -### Options per storage driver - -Particular storage-driver can be configured with options specified with -`--storage-opt` flags. Options for `devicemapper` are prefixed with `dm`, -options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. - -#### Devicemapper options - -This is an example of the configuration file for devicemapper on Linux: - -```json -{ - "storage-driver": "devicemapper", - "storage-opts": [ - "dm.thinpooldev=/dev/mapper/thin-pool", - "dm.use_deferred_deletion=true", - "dm.use_deferred_removal=true" - ] -} -``` - -##### `dm.thinpooldev` - -Specifies a custom block storage device to use for the thin pool. - -If using a block device for device mapper storage, it is best to use `lvm` -to create and manage the thin-pool volume. This volume is then handed to Docker -to exclusively create snapshot volumes needed for images and containers. - -Managing the thin-pool outside of Engine makes for the most feature-rich -method of having Docker utilize device mapper thin provisioning as the -backing storage for Docker containers. The highlights of the lvm-based -thin-pool management feature include: automatic or interactive thin-pool -resize support, dynamically changing thin-pool features, automatic thinp -metadata checking when lvm activates the thin-pool, etc. - -As a fallback if no thin pool is provided, loopback files are -created. Loopback is very slow, but can be used without any -pre-configuration of storage. It is strongly recommended that you do -not use loopback in production. Ensure your Engine daemon has a -`--storage-opt dm.thinpooldev` argument provided. - -###### Example: - -```bash -$ sudo dockerd --storage-opt dm.thinpooldev=/dev/mapper/thin-pool -``` - -##### `dm.directlvm_device` - -As an alternative to providing a thin pool as above, Docker can setup a block -device for you. - -###### Example: - -```bash -$ sudo dockerd --storage-opt dm.directlvm_device=/dev/xvdf -``` - -##### `dm.thinp_percent` - -Sets the percentage of passed in block device to use for storage. - -###### Example: - -```bash -$ sudo dockerd --storage-opt dm.thinp_percent=95 -``` - -##### `dm.thinp_metapercent` - -Sets the percentage of the passed in block device to use for metadata storage. - -###### Example: - -```bash -$ sudo dockerd --storage-opt dm.thinp_metapercent=1 -``` - -##### `dm.thinp_autoextend_threshold` - -Sets the value of the percentage of space used before `lvm` attempts to -autoextend the available space [100 = disabled] - -###### Example: - -```bash -$ sudo dockerd --storage-opt dm.thinp_autoextend_threshold=80 -``` - -##### `dm.thinp_autoextend_percent` - -Sets the value percentage value to increase the thin pool by when when `lvm` -attempts to autoextend the available space [100 = disabled] - -###### Example: - -```bash -$ sudo dockerd --storage-opt dm.thinp_autoextend_percent=20 -``` - - -##### `dm.basesize` - -Specifies the size to use when creating the base device, which limits the -size of images and containers. The default value is 10G. Note, thin devices -are inherently "sparse", so a 10G device which is mostly empty doesn't use -10 GB of space on the pool. However, the filesystem will use more space for -the empty case the larger the device is. - -The base device size can be increased at daemon restart which will allow -all future images and containers (based on those new images) to be of the -new base device size. - -###### Examples - -```bash -$ sudo dockerd --storage-opt dm.basesize=50G -``` - -This will increase the base device size to 50G. The Docker daemon will throw an -error if existing base device size is larger than 50G. A user can use -this option to expand the base device size however shrinking is not permitted. - -This value affects the system-wide "base" empty filesystem -that may already be initialized and inherited by pulled images. Typically, -a change to this value requires additional steps to take effect: - - ```bash -$ sudo service docker stop - -$ sudo rm -rf /var/lib/docker - -$ sudo service docker start -``` - - -##### `dm.loopdatasize` - -> **Note**: This option configures devicemapper loopback, which should not -> be used in production. - -Specifies the size to use when creating the loopback file for the -"data" device which is used for the thin pool. The default size is -100G. The file is sparse, so it will not initially take up this -much space. - -###### Example - -```bash -$ sudo dockerd --storage-opt dm.loopdatasize=200G -``` - -##### `dm.loopmetadatasize` - -> **Note**: This option configures devicemapper loopback, which should not -> be used in production. - -Specifies the size to use when creating the loopback file for the -"metadata" device which is used for the thin pool. The default size -is 2G. The file is sparse, so it will not initially take up -this much space. - -###### Example - -```bash -$ sudo dockerd --storage-opt dm.loopmetadatasize=4G -``` - -##### `dm.fs` - -Specifies the filesystem type to use for the base device. The supported -options are "ext4" and "xfs". The default is "xfs" - -###### Example - -```bash -$ sudo dockerd --storage-opt dm.fs=ext4 -``` - -##### `dm.mkfsarg` - -Specifies extra mkfs arguments to be used when creating the base device. - -###### Example - -```bash -$ sudo dockerd --storage-opt "dm.mkfsarg=-O ^has_journal" -``` - -##### `dm.mountopt` - -Specifies extra mount options used when mounting the thin devices. - -###### Example - -```bash -$ sudo dockerd --storage-opt dm.mountopt=nodiscard -``` - -##### `dm.datadev` - -(Deprecated, use `dm.thinpooldev`) - -Specifies a custom blockdevice to use for data for the thin pool. - -If using a block device for device mapper storage, ideally both `datadev` and -`metadatadev` should be specified to completely avoid using the loopback -device. - -###### Example - -```bash -$ sudo dockerd \ - --storage-opt dm.datadev=/dev/sdb1 \ - --storage-opt dm.metadatadev=/dev/sdc1 -``` - -##### `dm.metadatadev` - -(Deprecated, use `dm.thinpooldev`) - -Specifies a custom blockdevice to use for metadata for the thin pool. - -For best performance the metadata should be on a different spindle than the -data, or even better on an SSD. - -If setting up a new metadata pool it is required to be valid. This can be -achieved by zeroing the first 4k to indicate empty metadata, like this: - -```bash -$ dd if=/dev/zero of=$metadata_dev bs=4096 count=1 -``` - -###### Example - -```bash -$ sudo dockerd \ - --storage-opt dm.datadev=/dev/sdb1 \ - --storage-opt dm.metadatadev=/dev/sdc1 -``` - -##### `dm.blocksize` - -Specifies a custom blocksize to use for the thin pool. The default -blocksize is 64K. - -###### Example - -```bash -$ sudo dockerd --storage-opt dm.blocksize=512K -``` - -##### `dm.blkdiscard` - -Enables or disables the use of `blkdiscard` when removing devicemapper -devices. This is enabled by default (only) if using loopback devices and is -required to resparsify the loopback file on image/container removal. - -Disabling this on loopback can lead to *much* faster container removal -times, but will make the space used in `/var/lib/docker` directory not be -returned to the system for other use when containers are removed. - -###### Examples - -```bash -$ sudo dockerd --storage-opt dm.blkdiscard=false -``` - -##### `dm.override_udev_sync_check` - -Overrides the `udev` synchronization checks between `devicemapper` and `udev`. -`udev` is the device manager for the Linux kernel. - -To view the `udev` sync support of a Docker daemon that is using the -`devicemapper` driver, run: - -```bash -$ docker info -[...] -Udev Sync Supported: true -[...] -``` - -When `udev` sync support is `true`, then `devicemapper` and udev can -coordinate the activation and deactivation of devices for containers. - -When `udev` sync support is `false`, a race condition occurs between -the`devicemapper` and `udev` during create and cleanup. The race condition -results in errors and failures. (For information on these failures, see -[docker#4036](https://github.com/docker/docker/issues/4036)) - -To allow the `docker` daemon to start, regardless of `udev` sync not being -supported, set `dm.override_udev_sync_check` to true: - -```bash -$ sudo dockerd --storage-opt dm.override_udev_sync_check=true -``` - -When this value is `true`, the `devicemapper` continues and simply warns -you the errors are happening. - -> **Note**: The ideal is to pursue a `docker` daemon and environment that does -> support synchronizing with `udev`. For further discussion on this -> topic, see [docker#4036](https://github.com/docker/docker/issues/4036). -> Otherwise, set this flag for migrating existing Docker daemons to -> a daemon with a supported environment. - -##### `dm.use_deferred_removal` - -Enables use of deferred device removal if `libdm` and the kernel driver -support the mechanism. - -Deferred device removal means that if device is busy when devices are -being removed/deactivated, then a deferred removal is scheduled on -device. And devices automatically go away when last user of the device -exits. - -For example, when a container exits, its associated thin device is removed. -If that device has leaked into some other mount namespace and can't be -removed, the container exit still succeeds and this option causes the -system to schedule the device for deferred removal. It does not wait in a -loop trying to remove a busy device. - -###### Example - -```bash -$ sudo dockerd --storage-opt dm.use_deferred_removal=true -``` - -##### `dm.use_deferred_deletion` - -Enables use of deferred device deletion for thin pool devices. By default, -thin pool device deletion is synchronous. Before a container is deleted, -the Docker daemon removes any associated devices. If the storage driver -can not remove a device, the container deletion fails and daemon returns. - -```none -Error deleting container: Error response from daemon: Cannot destroy container -``` - -To avoid this failure, enable both deferred device deletion and deferred -device removal on the daemon. - -```bash -$ sudo dockerd \ - --storage-opt dm.use_deferred_deletion=true \ - --storage-opt dm.use_deferred_removal=true -``` - -With these two options enabled, if a device is busy when the driver is -deleting a container, the driver marks the device as deleted. Later, when -the device isn't in use, the driver deletes it. - -In general it should be safe to enable this option by default. It will help -when unintentional leaking of mount point happens across multiple mount -namespaces. - -##### `dm.min_free_space` - -Specifies the min free space percent in a thin pool require for new device -creation to succeed. This check applies to both free data space as well -as free metadata space. Valid values are from 0% - 99%. Value 0% disables -free space checking logic. If user does not specify a value for this option, -the Engine uses a default value of 10%. - -Whenever a new a thin pool device is created (during `docker pull` or during -container creation), the Engine checks if the minimum free space is -available. If sufficient space is unavailable, then device creation fails -and any relevant `docker` operation fails. - -To recover from this error, you must create more free space in the thin pool -to recover from the error. You can create free space by deleting some images -and containers from the thin pool. You can also add more storage to the thin -pool. - -To add more space to a LVM (logical volume management) thin pool, just add -more storage to the volume group container thin pool; this should automatically -resolve any errors. If your configuration uses loop devices, then stop the -Engine daemon, grow the size of loop files and restart the daemon to resolve -the issue. - -###### Example - -```bash -$ sudo dockerd --storage-opt dm.min_free_space=10% -``` - -##### `dm.xfs_nospace_max_retries` - -Specifies the maximum number of retries XFS should attempt to complete -IO when ENOSPC (no space) error is returned by underlying storage device. - -By default XFS retries infinitely for IO to finish and this can result -in unkillable process. To change this behavior one can set -xfs_nospace_max_retries to say 0 and XFS will not retry IO after getting -ENOSPC and will shutdown filesystem. - -###### Example - -```bash -$ sudo dockerd --storage-opt dm.xfs_nospace_max_retries=0 -``` - -#### ZFS options - -##### `zfs.fsname` - -Set zfs filesystem under which docker will create its own datasets. -By default docker will pick up the zfs filesystem where docker graph -(`/var/lib/docker`) is located. - -###### Example - -```bash -$ sudo dockerd -s zfs --storage-opt zfs.fsname=zroot/docker -``` - -#### Btrfs options - -##### `btrfs.min_space` - -Specifies the minimum size to use when creating the subvolume which is used -for containers. If user uses disk quota for btrfs when creating or running -a container with **--storage-opt size** option, docker should ensure the -**size** cannot be smaller than **btrfs.min_space**. - -###### Example - -```bash -$ sudo dockerd -s btrfs --storage-opt btrfs.min_space=10G -``` - -#### Overlay2 options - -##### `overlay2.override_kernel_check` - -Overrides the Linux kernel version check allowing overlay2. Support for -specifying multiple lower directories needed by overlay2 was added to the -Linux kernel in 4.0.0. However, some older kernel versions may be patched -to add multiple lower directory support for OverlayFS. This option should -only be used after verifying this support exists in the kernel. Applying -this option on a kernel without this support will cause failures on mount. - -### Docker runtime execution options - -The Docker daemon relies on a -[OCI](https://github.com/opencontainers/runtime-spec) compliant runtime -(invoked via the `containerd` daemon) as its interface to the Linux -kernel `namespaces`, `cgroups`, and `SELinux`. - -By default, the Docker daemon automatically starts `containerd`. If you want to -control `containerd` startup, manually start `containerd` and pass the path to -the `containerd` socket using the `--containerd` flag. For example: - -```bash -$ sudo dockerd --containerd /var/run/dev/docker-containerd.sock -``` - -Runtimes can be registered with the daemon either via the -configuration file or using the `--add-runtime` command line argument. - -The following is an example adding 2 runtimes via the configuration: - -```json -{ - "default-runtime": "runc", - "runtimes": { - "runc": { - "path": "runc" - }, - "custom": { - "path": "/usr/local/bin/my-runc-replacement", - "runtimeArgs": [ - "--debug" - ] - } - } -} -``` - -This is the same example via the command line: - -```bash -$ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-runc-replacement -``` - -> **Note**: Defining runtime arguments via the command line is not supported. - -#### Options for the runtime - -You can configure the runtime using options specified -with the `--exec-opt` flag. All the flag's options have the `native` prefix. A -single `native.cgroupdriver` option is available. - -The `native.cgroupdriver` option specifies the management of the container's -cgroups. You can only specify `cgroupfs` or `systemd`. If you specify -`systemd` and it is not available, the system errors out. If you omit the -`native.cgroupdriver` option,` cgroupfs` is used. - -This example sets the `cgroupdriver` to `systemd`: - -```bash -$ sudo dockerd --exec-opt native.cgroupdriver=systemd -``` - -Setting this option applies to all containers the daemon launches. - -Also Windows Container makes use of `--exec-opt` for special purpose. Docker user -can specify default container isolation technology with this, for example: - -```console -> dockerd --exec-opt isolation=hyperv -``` - -Will make `hyperv` the default isolation technology on Windows. If no isolation -value is specified on daemon start, on Windows client, the default is -`hyperv`, and on Windows server, the default is `process`. - -#### Daemon DNS options - -To set the DNS server for all Docker containers, use: - -```bash -$ sudo dockerd --dns 8.8.8.8 -``` - -To set the DNS search domain for all Docker containers, use: - -```bash -$ sudo dockerd --dns-search example.com -``` - -#### Allow push of nondistributable artifacts - -Some images (e.g., Windows base images) contain artifacts whose distribution is -restricted by license. When these images are pushed to a registry, restricted -artifacts are not included. - -To override this behavior for specific registries, use the -`--allow-nondistributable-artifacts` option in one of the following forms: - -* `--allow-nondistributable-artifacts myregistry:5000` tells the Docker daemon - to push nondistributable artifacts to myregistry:5000. -* `--allow-nondistributable-artifacts 10.1.0.0/16` tells the Docker daemon to - push nondistributable artifacts to all registries whose resolved IP address - is within the subnet described by the CIDR syntax. - -This option can be used multiple times. - -This option is useful when pushing images containing nondistributable artifacts -to a registry on an air-gapped network so hosts on that network can pull the -images without connecting to another server. - -> **Warning**: Nondistributable artifacts typically have restrictions on how -> and where they can be distributed and shared. Only use this feature to push -> artifacts to private registries and ensure that you are in compliance with -> any terms that cover redistributing nondistributable artifacts. - -#### Insecure registries - -Docker considers a private registry either secure or insecure. In the rest of -this section, *registry* is used for *private registry*, and `myregistry:5000` -is a placeholder example for a private registry. - -A secure registry uses TLS and a copy of its CA certificate is placed on the -Docker host at `/etc/docker/certs.d/myregistry:5000/ca.crt`. An insecure -registry is either not using TLS (i.e., listening on plain text HTTP), or is -using TLS with a CA certificate not known by the Docker daemon. The latter can -happen when the certificate was not found under -`/etc/docker/certs.d/myregistry:5000/`, or if the certificate verification -failed (i.e., wrong CA). - -By default, Docker assumes all, but local (see local registries below), -registries are secure. Communicating with an insecure registry is not possible -if Docker assumes that registry is secure. In order to communicate with an -insecure registry, the Docker daemon requires `--insecure-registry` in one of -the following two forms: - -* `--insecure-registry myregistry:5000` tells the Docker daemon that - myregistry:5000 should be considered insecure. -* `--insecure-registry 10.1.0.0/16` tells the Docker daemon that all registries - whose domain resolve to an IP address is part of the subnet described by the - CIDR syntax, should be considered insecure. - -The flag can be used multiple times to allow multiple registries to be marked -as insecure. - -If an insecure registry is not marked as insecure, `docker pull`, -`docker push`, and `docker search` will result in an error message prompting -the user to either secure or pass the `--insecure-registry` flag to the Docker -daemon as described above. - -Local registries, whose IP address falls in the 127.0.0.0/8 range, are -automatically marked as insecure as of Docker 1.3.2. It is not recommended to -rely on this, as it may change in the future. - -Enabling `--insecure-registry`, i.e., allowing un-encrypted and/or untrusted -communication, can be useful when running a local registry. However, -because its use creates security vulnerabilities it should ONLY be enabled for -testing purposes. For increased security, users should add their CA to their -system's list of trusted CAs instead of enabling `--insecure-registry`. - -##### Legacy Registries - -Operations against registries supporting only the legacy v1 protocol are -disabled by default. Specifically, the daemon will not attempt `push`, -`pull` and `login` to v1 registries. The exception to this is `search` -which can still be performed on v1 registries. - -Add `"disable-legacy-registry":false` to the [daemon configuration -file](#daemon-configuration-file), or set the -`--disable-legacy-registry=false` flag, if you need to interact with -registries that have not yet migrated to the v2 protocol. - -Interaction v1 registries will no longer be supported in Docker v17.12, -and the `disable-legacy-registry` configuration option will be removed. - -#### Running a Docker daemon behind an HTTPS_PROXY - -When running inside a LAN that uses an `HTTPS` proxy, the Docker Hub -certificates will be replaced by the proxy's certificates. These certificates -need to be added to your Docker host's configuration: - -1. Install the `ca-certificates` package for your distribution -2. Ask your network admin for the proxy's CA certificate and append them to - `/etc/pki/tls/certs/ca-bundle.crt` -3. Then start your Docker daemon with `HTTPS_PROXY=http://username:password@proxy:port/ dockerd`. - The `username:` and `password@` are optional - and are only needed if your - proxy is set up to require authentication. - -This will only add the proxy and authentication to the Docker daemon's requests - -your `docker build`s and running containers will need extra configuration to -use the proxy - -#### Default `ulimit` settings - -`--default-ulimit` allows you to set the default `ulimit` options to use for -all containers. It takes the same options as `--ulimit` for `docker run`. If -these defaults are not set, `ulimit` settings will be inherited, if not set on -`docker run`, from the Docker daemon. Any `--ulimit` options passed to -`docker run` will overwrite these defaults. - -Be careful setting `nproc` with the `ulimit` flag as `nproc` is designed by Linux to -set the maximum number of processes available to a user, not to a container. For details -please check the [run](run.md) reference. - -#### Node discovery - -The `--cluster-advertise` option specifies the `host:port` or `interface:port` -combination that this particular daemon instance should use when advertising -itself to the cluster. The daemon is reached by remote hosts through this value. -If you specify an interface, make sure it includes the IP address of the actual -Docker host. For Engine installation created through `docker-machine`, the -interface is typically `eth1`. - -The daemon uses [libkv](https://github.com/docker/libkv/) to advertise -the node within the cluster. Some key-value backends support mutual -TLS. To configure the client TLS settings used by the daemon can be configured -using the `--cluster-store-opt` flag, specifying the paths to PEM encoded -files. For example: - -```bash -$ sudo dockerd \ - --cluster-advertise 192.168.1.2:2376 \ - --cluster-store etcd://192.168.1.2:2379 \ - --cluster-store-opt kv.cacertfile=/path/to/ca.pem \ - --cluster-store-opt kv.certfile=/path/to/cert.pem \ - --cluster-store-opt kv.keyfile=/path/to/key.pem -``` - -The currently supported cluster store options are: - -| Option | Description | -|-----------------------|-------------| -| `discovery.heartbeat` | Specifies the heartbeat timer in seconds which is used by the daemon as a `keepalive` mechanism to make sure discovery module treats the node as alive in the cluster. If not configured, the default value is 20 seconds. | -| `discovery.ttl` | Specifies the TTL (time-to-live) in seconds which is used by the discovery module to timeout a node if a valid heartbeat is not received within the configured ttl value. If not configured, the default value is 60 seconds. | -| `kv.cacertfile` | Specifies the path to a local file with PEM encoded CA certificates to trust. | -| `kv.certfile` | Specifies the path to a local file with a PEM encoded certificate. This certificate is used as the client cert for communication with the Key/Value store. | -| `kv.keyfile` | Specifies the path to a local file with a PEM encoded private key. This private key is used as the client key for communication with the Key/Value store. | -| `kv.path` | Specifies the path in the Key/Value store. If not configured, the default value is 'docker/nodes'. | - -#### Access authorization - -Docker's access authorization can be extended by authorization plugins that your -organization can purchase or build themselves. You can install one or more -authorization plugins when you start the Docker `daemon` using the -`--authorization-plugin=PLUGIN_ID` option. - -```bash -$ sudo dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,... -``` - -The `PLUGIN_ID` value is either the plugin's name or a path to its specification -file. The plugin's implementation determines whether you can specify a name or -path. Consult with your Docker administrator to get information about the -plugins available to you. - -Once a plugin is installed, requests made to the `daemon` through the -command line or Docker's Engine API are allowed or denied by the plugin. -If you have multiple plugins installed, each plugin, in order, must -allow the request for it to complete. - -For information about how to create an authorization plugin, see [authorization -plugin](../../extend/plugins_authorization.md) section in the Docker extend section of this documentation. - - -#### Daemon user namespace options - -The Linux kernel [user namespace support](http://man7.org/linux/man-pages/man7/user_namespaces.7.html) provides additional security by enabling -a process, and therefore a container, to have a unique range of user and -group IDs which are outside the traditional user and group range utilized by -the host system. Potentially the most important security improvement is that, -by default, container processes running as the `root` user will have expected -administrative privilege (with some restrictions) inside the container but will -effectively be mapped to an unprivileged `uid` on the host. - -When user namespace support is enabled, Docker creates a single daemon-wide mapping -for all containers running on the same engine instance. The mappings will -utilize the existing subordinate user and group ID feature available on all modern -Linux distributions. -The [`/etc/subuid`](http://man7.org/linux/man-pages/man5/subuid.5.html) and -[`/etc/subgid`](http://man7.org/linux/man-pages/man5/subgid.5.html) files will be -read for the user, and optional group, specified to the `--userns-remap` -parameter. If you do not wish to specify your own user and/or group, you can -provide `default` as the value to this flag, and a user will be created on your behalf -and provided subordinate uid and gid ranges. This default user will be named -`dockremap`, and entries will be created for it in `/etc/passwd` and -`/etc/group` using your distro's standard user and group creation tools. - -> **Note**: The single mapping per-daemon restriction is in place for now -> because Docker shares image layers from its local cache across all -> containers running on the engine instance. Since file ownership must be -> the same for all containers sharing the same layer content, the decision -> was made to map the file ownership on `docker pull` to the daemon's user and -> group mappings so that there is no delay for running containers once the -> content is downloaded. This design preserves the same performance for `docker -> pull`, `docker push`, and container startup as users expect with -> user namespaces disabled. - -##### Start the daemon with user namespaces enabled - -To enable user namespace support, start the daemon with the -`--userns-remap` flag, which accepts values in the following formats: - - - uid - - uid:gid - - username - - username:groupname - -If numeric IDs are provided, translation back to valid user or group names -will occur so that the subordinate uid and gid information can be read, given -these resources are name-based, not id-based. If the numeric ID information -provided does not exist as entries in `/etc/passwd` or `/etc/group`, daemon -startup will fail with an error message. - -**Example: starting with default Docker user management:** - -```bash -$ sudo dockerd --userns-remap=default -``` - -When `default` is provided, Docker will create - or find the existing - user and group -named `dockremap`. If the user is created, and the Linux distribution has -appropriate support, the `/etc/subuid` and `/etc/subgid` files will be populated -with a contiguous 65536 length range of subordinate user and group IDs, starting -at an offset based on prior entries in those files. For example, Ubuntu will -create the following range, based on an existing user named `user1` already owning -the first 65536 range: - -```bash -$ cat /etc/subuid -user1:100000:65536 -dockremap:165536:65536 -``` - -If you have a preferred/self-managed user with subordinate ID mappings already -configured, you can provide that username or uid to the `--userns-remap` flag. -If you have a group that doesn't match the username, you may provide the `gid` -or group name as well; otherwise the username will be used as the group name -when querying the system for the subordinate group ID range. - -The output of `docker info` can be used to determine if the daemon is running -with user namespaces enabled or not. If the daemon is configured with user -namespaces, the Security Options entry in the response will list "userns" as -one of the enabled security features. - -##### Behavior differences when user namespaces are enabled - -When you start the Docker daemon with `--userns-remap`, Docker segregates the graph directory -where the images are stored by adding an extra directory with a name corresponding to the -remapped UID and GID. For example, if the remapped UID and GID begin with `165536`, all -images and containers running with that remap setting are located in `/var/lib/docker/165536.165536` -instead of `/var/lib/docker/`. - -In addition, the files and directories within the new directory, which correspond to -images and container layers, are also owned by the new UID and GID. To set the ownership -correctly, you need to re-pull the images and restart the containers after starting the -daemon with `--userns-remap`. - -##### Detailed information on `subuid`/`subgid` ranges - -Given potential advanced use of the subordinate ID ranges by power users, the -following paragraphs define how the Docker daemon currently uses the range entries -found within the subordinate range files. - -The simplest case is that only one contiguous range is defined for the -provided user or group. In this case, Docker will use that entire contiguous -range for the mapping of host uids and gids to the container process. This -means that the first ID in the range will be the remapped root user, and the -IDs above that initial ID will map host ID 1 through the end of the range. - -From the example `/etc/subuid` content shown above, the remapped root -user would be uid 165536. - -If the system administrator has set up multiple ranges for a single user or -group, the Docker daemon will read all the available ranges and use the -following algorithm to create the mapping ranges: - -1. The range segments found for the particular user will be sorted by *start ID* ascending. -2. Map segments will be created from each range in increasing value with a length matching the length of each segment. Therefore the range segment with the lowest numeric starting value will be equal to the remapped root, and continue up through host uid/gid equal to the range segment length. As an example, if the lowest segment starts at ID 1000 and has a length of 100, then a map of 1000 -> 0 (the remapped root) up through 1100 -> 100 will be created from this segment. If the next segment starts at ID 10000, then the next map will start with mapping 10000 -> 101 up to the length of this second segment. This will continue until no more segments are found in the subordinate files for this user. -3. If more than five range segments exist for a single user, only the first five will be utilized, matching the kernel's limitation of only five entries in `/proc/self/uid_map` and `proc/self/gid_map`. - -##### Disable user namespace for a container - -If you enable user namespaces on the daemon, all containers are started -with user namespaces enabled. In some situations you might want to disable -this feature for a container, for example, to start a privileged container (see -[user namespace known restrictions](#user-namespace-known-restrictions)). -To enable those advanced features for a specific container use `--userns=host` -in the `run/exec/create` command. -This option will completely disable user namespace mapping for the container's user. - -##### User namespace known restrictions - -The following standard Docker features are currently incompatible when -running a Docker daemon with user namespaces enabled: - - - sharing PID or NET namespaces with the host (`--pid=host` or `--net=host`) - - Using `--privileged` mode flag on `docker run` (unless also specifying `--userns=host`) - -In general, user namespaces are an advanced feature and will require -coordination with other capabilities. For example, if volumes are mounted from -the host, file ownership will have to be pre-arranged if the user or -administrator wishes the containers to have expected access to the volume -contents. Note that when using external volume or graph driver plugins, those -external software programs must be made aware of user and group mapping ranges -if they are to work seamlessly with user namespace support. - -Finally, while the `root` user inside a user namespaced container process has -many of the expected admin privileges that go along with being the superuser, the -Linux kernel has restrictions based on internal knowledge that this is a user namespaced -process. The most notable restriction that we are aware of at this time is the -inability to use `mknod`. Permission will be denied for device creation even as -container `root` inside a user namespace. - -### Miscellaneous options - -IP masquerading uses address translation to allow containers without a public -IP to talk to other machines on the Internet. This may interfere with some -network topologies and can be disabled with `--ip-masq=false`. - -Docker supports softlinks for the Docker data directory (`/var/lib/docker`) and -for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be -set like this: - - DOCKER_TMPDIR=/mnt/disk2/tmp /usr/local/bin/dockerd -D -g /var/lib/docker -H unix:// > /var/lib/docker-machine/docker.log 2>&1 - # or - export DOCKER_TMPDIR=/mnt/disk2/tmp - /usr/local/bin/dockerd -D -g /var/lib/docker -H unix:// > /var/lib/docker-machine/docker.log 2>&1 - -#### Default cgroup parent - -The `--cgroup-parent` option allows you to set the default cgroup parent -to use for containers. If this option is not set, it defaults to `/docker` for -fs cgroup driver and `system.slice` for systemd cgroup driver. - -If the cgroup has a leading forward slash (`/`), the cgroup is created -under the root cgroup, otherwise the cgroup is created under the daemon -cgroup. - -Assuming the daemon is running in cgroup `daemoncgroup`, -`--cgroup-parent=/foobar` creates a cgroup in -`/sys/fs/cgroup/memory/foobar`, whereas using `--cgroup-parent=foobar` -creates the cgroup in `/sys/fs/cgroup/memory/daemoncgroup/foobar` - -The systemd cgroup driver has different rules for `--cgroup-parent`. Systemd -represents hierarchy by slice and the name of the slice encodes the location in -the tree. So `--cgroup-parent` for systemd cgroups should be a slice name. A -name can consist of a dash-separated series of names, which describes the path -to the slice from the root slice. For example, `--cgroup-parent=user-a-b.slice` -means the memory cgroup for the container is created in -`/sys/fs/cgroup/memory/user.slice/user-a.slice/user-a-b.slice/docker-.scope`. - -This setting can also be set per container, using the `--cgroup-parent` -option on `docker create` and `docker run`, and takes precedence over -the `--cgroup-parent` option on the daemon. - -#### Daemon metrics - -The `--metrics-addr` option takes a tcp address to serve the metrics API. -This feature is still experimental, therefore, the daemon must be running in experimental -mode for this feature to work. - -To serve the metrics API on localhost:1337 you would specify `--metrics-addr 127.0.0.1:1337` -allowing you to make requests on the API at `127.0.0.1:1337/metrics` to receive metrics in the -[prometheus](https://prometheus.io/docs/instrumenting/exposition_formats/) format. - -If you are running a prometheus server you can add this address to your scrape configs -to have prometheus collect metrics on Docker. For more information -on prometheus you can view the website [here](https://prometheus.io/). - -```none -scrape_configs: - - job_name: 'docker' - static_configs: - - targets: ['127.0.0.1:1337'] -``` - -Please note that this feature is still marked as experimental as metrics and metric -names could change while this feature is still in experimental. Please provide -feedback on what you would like to see collected in the API. - -#### Daemon configuration file - -The `--config-file` option allows you to set any configuration option -for the daemon in a JSON format. This file uses the same flag names as keys, -except for flags that allow several entries, where it uses the plural -of the flag name, e.g., `labels` for the `label` flag. - -The options set in the configuration file must not conflict with options set -via flags. The docker daemon fails to start if an option is duplicated between -the file and the flags, regardless their value. We do this to avoid -silently ignore changes introduced in configuration reloads. -For example, the daemon fails to start if you set daemon labels -in the configuration file and also set daemon labels via the `--label` flag. -Options that are not present in the file are ignored when the daemon starts. - -##### On Linux - -The default location of the configuration file on Linux is -`/etc/docker/daemon.json`. The `--config-file` flag can be used to specify a - non-default location. - -This is a full example of the allowed configuration options on Linux: - -```json -{ - "authorization-plugins": [], - "data-root": "", - "dns": [], - "dns-opts": [], - "dns-search": [], - "exec-opts": [], - "exec-root": "", - "experimental": false, - "storage-driver": "", - "storage-opts": [], - "labels": [], - "live-restore": true, - "log-driver": "", - "log-opts": {}, - "mtu": 0, - "pidfile": "", - "cluster-store": "", - "cluster-store-opts": {}, - "cluster-advertise": "", - "max-concurrent-downloads": 3, - "max-concurrent-uploads": 5, - "default-shm-size": "64M", - "shutdown-timeout": 15, - "debug": true, - "hosts": [], - "log-level": "", - "tls": true, - "tlsverify": true, - "tlscacert": "", - "tlscert": "", - "tlskey": "", - "swarm-default-advertise-addr": "", - "api-cors-header": "", - "selinux-enabled": false, - "userns-remap": "", - "group": "", - "cgroup-parent": "", - "default-ulimits": {}, - "init": false, - "init-path": "/usr/libexec/docker-init", - "ipv6": false, - "iptables": false, - "ip-forward": false, - "ip-masq": false, - "userland-proxy": false, - "userland-proxy-path": "/usr/libexec/docker-proxy", - "ip": "0.0.0.0", - "bridge": "", - "bip": "", - "fixed-cidr": "", - "fixed-cidr-v6": "", - "default-gateway": "", - "default-gateway-v6": "", - "icc": false, - "raw-logs": false, - "allow-nondistributable-artifacts": [], - "registry-mirrors": [], - "seccomp-profile": "", - "insecure-registries": [], - "disable-legacy-registry": false, - "no-new-privileges": false, - "default-runtime": "runc", - "oom-score-adjust": -500, - "runtimes": { - "runc": { - "path": "runc" - }, - "custom": { - "path": "/usr/local/bin/my-runc-replacement", - "runtimeArgs": [ - "--debug" - ] - } - } -} -``` - -> **Note:** You cannot set options in `daemon.json` that have already been set on -> daemon startup as a flag. -> On systems that use `systemd` to start the Docker daemon, `-H` is already set, so -> you cannot use the `hosts` key in `daemon.json` to add listening addresses. -> See https://docs.docker.com/engine/admin/systemd/#custom-docker-daemon-options for how -> to accomplish this task with a systemd drop-in file. - -##### On Windows - -The default location of the configuration file on Windows is - `%programdata%\docker\config\daemon.json`. The `--config-file` flag can be - used to specify a non-default location. - -This is a full example of the allowed configuration options on Windows: - -```json -{ - "authorization-plugins": [], - "data-root": "", - "dns": [], - "dns-opts": [], - "dns-search": [], - "exec-opts": [], - "experimental": false, - "storage-driver": "", - "storage-opts": [], - "labels": [], - "log-driver": "", - "mtu": 0, - "pidfile": "", - "cluster-store": "", - "cluster-advertise": "", - "max-concurrent-downloads": 3, - "max-concurrent-uploads": 5, - "shutdown-timeout": 15, - "debug": true, - "hosts": [], - "log-level": "", - "tlsverify": true, - "tlscacert": "", - "tlscert": "", - "tlskey": "", - "swarm-default-advertise-addr": "", - "group": "", - "default-ulimits": {}, - "bridge": "", - "fixed-cidr": "", - "raw-logs": false, - "allow-nondistributable-artifacts": [], - "registry-mirrors": [], - "insecure-registries": [], - "disable-legacy-registry": false -} -``` - -#### Configuration reload behavior - -Some options can be reconfigured when the daemon is running without requiring -to restart the process. We use the `SIGHUP` signal in Linux to reload, and a global event -in Windows with the key `Global\docker-daemon-config-$PID`. The options can -be modified in the configuration file but still will check for conflicts with -the provided flags. The daemon fails to reconfigure itself -if there are conflicts, but it won't stop execution. - -The list of currently supported options that can be reconfigured is this: - -- `debug`: it changes the daemon to debug mode when set to true. -- `cluster-store`: it reloads the discovery store with the new address. -- `cluster-store-opts`: it uses the new options to reload the discovery store. -- `cluster-advertise`: it modifies the address advertised after reloading. -- `labels`: it replaces the daemon labels with a new set of labels. -- `live-restore`: Enables [keeping containers alive during daemon downtime](https://docs.docker.com/engine/admin/live-restore/). -- `max-concurrent-downloads`: it updates the max concurrent downloads for each pull. -- `max-concurrent-uploads`: it updates the max concurrent uploads for each push. -- `default-runtime`: it updates the runtime to be used if not is - specified at container creation. It defaults to "default" which is - the runtime shipped with the official docker packages. -- `runtimes`: it updates the list of available OCI runtimes that can - be used to run containers -- `authorization-plugin`: specifies the authorization plugins to use. -- `allow-nondistributable-artifacts`: Replaces the set of registries to which the daemon will push nondistributable artifacts with a new set of registries. -- `insecure-registries`: it replaces the daemon insecure registries with a new set of insecure registries. If some existing insecure registries in daemon's configuration are not in newly reloaded insecure resgitries, these existing ones will be removed from daemon's config. -- `registry-mirrors`: it replaces the daemon registry mirrors with a new set of registry mirrors. If some existing registry mirrors in daemon's configuration are not in newly reloaded registry mirrors, these existing ones will be removed from daemon's config. - -Updating and reloading the cluster configurations such as `--cluster-store`, -`--cluster-advertise` and `--cluster-store-opts` will take effect only if -these configurations were not previously configured. If `--cluster-store` -has been provided in flags and `cluster-advertise` not, `cluster-advertise` -can be added in the configuration file without accompanied by `--cluster-store`. -Configuration reload will log a warning message if it detects a change in -previously configured cluster configurations. - - -### Run multiple daemons - -> **Note:** Running multiple daemons on a single host is considered as "experimental". The user should be aware of -> unsolved problems. This solution may not work properly in some cases. Solutions are currently under development -> and will be delivered in the near future. - -This section describes how to run multiple Docker daemons on a single host. To -run multiple daemons, you must configure each daemon so that it does not -conflict with other daemons on the same host. You can set these options either -by providing them as flags, or by using a [daemon configuration file](#daemon-configuration-file). - -The following daemon options must be configured for each daemon: - -```none --b, --bridge= Attach containers to a network bridge ---exec-root=/var/run/docker Root of the Docker execdriver ---data-root=/var/lib/docker Root of persisted Docker data --p, --pidfile=/var/run/docker.pid Path to use for daemon PID file --H, --host=[] Daemon socket(s) to connect to ---iptables=true Enable addition of iptables rules ---config-file=/etc/docker/daemon.json Daemon configuration file ---tlscacert="~/.docker/ca.pem" Trust certs signed only by this CA ---tlscert="~/.docker/cert.pem" Path to TLS certificate file ---tlskey="~/.docker/key.pem" Path to TLS key file -``` - -When your daemons use different values for these flags, you can run them on the same host without any problems. -It is very important to properly understand the meaning of those options and to use them correctly. - -- The `-b, --bridge=` flag is set to `docker0` as default bridge network. It is created automatically when you install Docker. -If you are not using the default, you must create and configure the bridge manually or just set it to 'none': `--bridge=none` -- `--exec-root` is the path where the container state is stored. The default value is `/var/run/docker`. Specify the path for -your running daemon here. -- `--data-root` is the path where persisted data such as images, volumes, and -cluster state are stored. The default value is `/var/lib/docker`. To avoid any -conflict with other daemons, set this parameter separately for each daemon. -- `-p, --pidfile=/var/run/docker.pid` is the path where the process ID of the daemon is stored. Specify the path for your -pid file here. -- `--host=[]` specifies where the Docker daemon will listen for client connections. If unspecified, it defaults to `/var/run/docker.sock`. -- `--iptables=false` prevents the Docker daemon from adding iptables rules. If -multiple daemons manage iptables rules, they may overwrite rules set by another -daemon. Be aware that disabling this option requires you to manually add -iptables rules to expose container ports. If you prevent Docker from adding -iptables rules, Docker will also not add IP masquerading rules, even if you set -`--ip-masq` to `true`. Without IP masquerading rules, Docker containers will not be -able to connect to external hosts or the internet when using network other than -default bridge. -- `--config-file=/etc/docker/daemon.json` is the path where configuration file is stored. You can use it instead of -daemon flags. Specify the path for each daemon. -- `--tls*` Docker daemon supports `--tlsverify` mode that enforces encrypted and authenticated remote connections. -The `--tls*` options enable use of specific certificates for individual daemons. - -Example script for a separate “bootstrap” instance of the Docker daemon without network: - -```bash -$ sudo dockerd \ - -H unix:///var/run/docker-bootstrap.sock \ - -p /var/run/docker-bootstrap.pid \ - --iptables=false \ - --ip-masq=false \ - --bridge=none \ - --data-root=/var/lib/docker-bootstrap \ - --exec-root=/var/run/docker-bootstrap -``` diff --git a/components/engine/docs/reference/commandline/events.md b/components/engine/docs/reference/commandline/events.md deleted file mode 100644 index 71475b43ec..0000000000 --- a/components/engine/docs/reference/commandline/events.md +++ /dev/null @@ -1,345 +0,0 @@ ---- -title: "events" -description: "The events command description and usage" -keywords: "events, container, report" ---- - - - -# events - -```markdown -Usage: docker events [OPTIONS] - -Get real time events from the server - -Options: - -f, --filter value Filter output based on conditions provided (default []) - --format string Format the output using the given Go template - --help Print usage - --since string Show all events created since timestamp - --until string Stream events until this timestamp -``` - -## Description - -Use `docker events` to get real-time events from the server. These events differ -per Docker object type. - -### Object types - -#### Containers - -Docker containers report the following events: - -- `attach` -- `commit` -- `copy` -- `create` -- `destroy` -- `detach` -- `die` -- `exec_create` -- `exec_detach` -- `exec_start` -- `export` -- `health_status` -- `kill` -- `oom` -- `pause` -- `rename` -- `resize` -- `restart` -- `start` -- `stop` -- `top` -- `unpause` -- `update` - -#### Images - -Docker images report the following events: - -- `delete` -- `import` -- `load` -- `pull` -- `push` -- `save` -- `tag` -- `untag` - -#### Plugins - -Docker plugins report the following events: - -- `install` -- `enable` -- `disable` -- `remove` - -#### Volumes - -Docker volumes report the following events: - -- `create` -- `mount` -- `unmount` -- `destroy` - -#### Networks - -Docker networks report the following events: - -- `create` -- `connect` -- `disconnect` -- `destroy` - -#### Daemons - -Docker daemons report the following events: - -- `reload` - -### Limiting, filtering, and formatting the output - -#### Limit events by time - -The `--since` and `--until` parameters can be Unix timestamps, date formatted -timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed -relative to the client machine’s time. If you do not provide the `--since` option, -the command returns only new and/or live events. Supported formats for date -formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, -`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local -timezone on the client will be used if you do not provide either a `Z` or a -`+-00:00` timezone offset at the end of the timestamp. When providing Unix -timestamps enter seconds[.nanoseconds], where seconds is the number of seconds -that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap -seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a -fraction of a second no more than nine digits long. - -#### Filtering - -The filtering flag (`-f` or `--filter`) format is of "key=value". If you would -like to use multiple filters, pass multiple flags (e.g., -`--filter "foo=bar" --filter "bif=baz"`) - -Using the same filter multiple times will be handled as a *OR*; for example -`--filter container=588a23dac085 --filter container=a8f7720b8c22` will display -events for container 588a23dac085 *OR* container a8f7720b8c22 - -Using multiple filters will be handled as a *AND*; for example -`--filter container=588a23dac085 --filter event=start` will display events for -container container 588a23dac085 *AND* the event type is *start* - -The currently supported filters are: - -* container (`container=`) -* daemon (`daemon=`) -* event (`event=`) -* image (`image=`) -* label (`label=` or `label==`) -* network (`network=`) -* plugin (`plugin=`) -* type (`type=`) -* volume (`volume=`) - -#### Format - -If a format (`--format`) is specified, the given template will be executed -instead of the default -format. Go's [text/template](http://golang.org/pkg/text/template/) package -describes all the details of the format. - -If a format is set to `{{json .}}`, the events are streamed as valid JSON -Lines. For information about JSON Lines, please refer to http://jsonlines.org/ . - -## Examples - -### Basic example - -You'll need two shells for this example. - -**Shell 1: Listening for events:** - -```bash -$ docker events -``` - -**Shell 2: Start and Stop containers:** - -```bash -$ docker create --name test alpine:latest top -$ docker start test -$ docker stop test -``` - -**Shell 1: (Again .. now showing events):** - -```none -2017-01-05T00:35:58.859401177+08:00 container create 0fdb48addc82871eb34eb23a847cfd033dedd1a0a37bef2e6d9eb3870fc7ff37 (image=alpine:latest, name=test) -2017-01-05T00:36:04.703631903+08:00 network connect e2e1f5ceda09d4300f3a846f0acfaa9a8bb0d89e775eb744c5acecd60e0529e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) -2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) -2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) -2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) -``` - -To exit the `docker events` command, use `CTRL+C`. - -### Filter events by time - -You can filter the output by an absolute timestamp or relative time on the host -machine, using the following different time syntaxes: - -```bash -$ docker events --since 1483283804 -2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) -2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) -2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) -2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) -2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) -2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - -$ docker events --since '2017-01-05' -2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) -2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) -2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) -2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) -2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) -2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - -$ docker events --since '2013-09-03T15:49:29' -2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) -2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) -2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) -2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) -2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) -2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - -$ docker events --since '10m' -2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) -2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) -2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) -2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) -2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) -2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) -``` - -### Filter events by criteria - -The following commands show several different ways to filter the `docker event` -output. - -```bash -$ docker events --filter 'event=stop' - -2017-01-05T00:40:22.880175420+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) -2017-01-05T00:41:17.888104182+08:00 container stop 2a8f...4e78 (image=alpine, name=kickass_brattain) - -$ docker events --filter 'image=alpine' - -2017-01-05T00:41:55.784240236+08:00 container create d9cd...4d70 (image=alpine, name=happy_meitner) -2017-01-05T00:41:55.913156783+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner) -2017-01-05T00:42:01.106875249+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=15) -2017-01-05T00:42:11.111934041+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=9) -2017-01-05T00:42:11.119578204+08:00 container die d9cd...4d70 (exitCode=137, image=alpine, name=happy_meitner) -2017-01-05T00:42:11.173276611+08:00 container stop d9cd...4d70 (image=alpine, name=happy_meitner) - -$ docker events --filter 'container=test' - -2017-01-05T00:43:00.139719934+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) -2017-01-05T00:43:09.259951086+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) -2017-01-05T00:43:09.270102715+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) -2017-01-05T00:43:09.312556440+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - -$ docker events --filter 'container=test' --filter 'container=d9cdb1525ea8' - -2017-01-05T00:44:11.517071981+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) -2017-01-05T00:44:17.685870901+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner) -2017-01-05T00:44:29.757658470+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=9) -2017-01-05T00:44:29.767718510+08:00 container die 0fdb...ff37 (exitCode=137, image=alpine:latest, name=test) -2017-01-05T00:44:29.815798344+08:00 container destroy 0fdb...ff37 (image=alpine:latest, name=test) - -$ docker events --filter 'container=test' --filter 'event=stop' - -2017-01-05T00:46:13.664099505+08:00 container stop a9d1...e130 (image=alpine, name=test) - -$ docker events --filter 'type=volume' - -2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local) -2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562f...5025, destination=/foo, driver=local, propagation=rprivate) -2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562f...5025, driver=local) -2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local) - -$ docker events --filter 'type=network' - -2015-12-23T21:38:24.705709133Z network create 8b11...2c5b (name=test-event-network-local, type=bridge) -2015-12-23T21:38:25.119625123Z network connect 8b11...2c5b (name=test-event-network-local, container=b4be...c54e, type=bridge) - -$ docker events --filter 'container=container_1' --filter 'container=container_2' - -2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) -2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) -2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (imager=redis:2.8) -2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) - -$ docker events --filter 'type=volume' - -2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local) -2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, destination=/foo, driver=local, propagation=rprivate) -2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, driver=local) -2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local) - -$ docker events --filter 'type=network' - -2015-12-23T21:38:24.705709133Z network create 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, type=bridge) -2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge) - -$ docker events --filter 'type=plugin' - -2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) -2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) -``` - -### Format the output - -```bash -$ docker events --filter 'type=container' --format 'Type={{.Type}} Status={{.Status}} ID={{.ID}}' - -Type=container Status=create ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 -Type=container Status=attach ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 -Type=container Status=start ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 -Type=container Status=resize ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 -Type=container Status=die ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 -Type=container Status=destroy ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 -``` - -#### Format as JSON - -```none - $ docker events --format '{{json .}}' - - {"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. - {"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. - {"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e.. - {"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42.. - {"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. -``` diff --git a/components/engine/docs/reference/commandline/exec.md b/components/engine/docs/reference/commandline/exec.md deleted file mode 100644 index e2e5d607b9..0000000000 --- a/components/engine/docs/reference/commandline/exec.md +++ /dev/null @@ -1,99 +0,0 @@ ---- -title: "exec" -description: "The exec command description and usage" -keywords: "command, container, run, execute" ---- - - - -# exec - -```markdown -Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...] - -Run a command in a running container - -Options: - -d, --detach Detached mode: run command in the background - --detach-keys Override the key sequence for detaching a container - -e, --env=[] Set environment variables - --help Print usage - -i, --interactive Keep STDIN open even if not attached - --privileged Give extended privileges to the command - -t, --tty Allocate a pseudo-TTY - -u, --user Username or UID (format: [:]) -``` - -## Description - -The `docker exec` command runs a new command in a running container. - -The command started using `docker exec` only runs while the container's primary -process (`PID 1`) is running, and it is not restarted if the container is -restarted. - -COMMAND will run in the default directory of the container. It the -underlying image has a custom directory specified with the WORKDIR directive -in its Dockerfile, this will be used instead. - -COMMAND should be an executable, a chained or a quoted command -will not work. Example: `docker exec -ti my_container "echo a && echo b"` will -not work, but `docker exec -ti my_container sh -c "echo a && echo b"` will. - -## Examples - -### Run `docker exec` on a running container - -First, start a container. - -```bash -$ docker run --name ubuntu_bash --rm -i -t ubuntu bash -``` - -This will create a container named `ubuntu_bash` and start a Bash session. - -Next, execute a command on the container. - -```bash -$ docker exec -d ubuntu_bash touch /tmp/execWorks -``` - -This will create a new file `/tmp/execWorks` inside the running container -`ubuntu_bash`, in the background. - -Next, execute an interactive `bash` shell on the container. - -```bash -$ docker exec -it ubuntu_bash bash -``` - -This will create a new Bash session in the container `ubuntu_bash`. - -### Try to run `docker exec` on a paused container - -If the container is paused, then the `docker exec` command will fail with an error: - -```bash -$ docker pause test - -test - -$ docker ps - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -1ae3b36715d2 ubuntu:latest "bash" 17 seconds ago Up 16 seconds (Paused) test - -$ docker exec test ls - -FATA[0000] Error response from daemon: Container test is paused, unpause the container before exec - -$ echo $? -1 -``` diff --git a/components/engine/docs/reference/commandline/export.md b/components/engine/docs/reference/commandline/export.md deleted file mode 100644 index 9de509714a..0000000000 --- a/components/engine/docs/reference/commandline/export.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: "export" -description: "The export command description and usage" -keywords: "export, file, system, container" ---- - - - -# export - -```markdown -Usage: docker export [OPTIONS] CONTAINER - -Export a container's filesystem as a tar archive - -Options: - --help Print usage - -o, --output string Write to a file, instead of STDOUT -``` - -## Description - -The `docker export` command does not export the contents of volumes associated -with the container. If a volume is mounted on top of an existing directory in -the container, `docker export` will export the contents of the *underlying* -directory, not the contents of the volume. - -Refer to [Backup, restore, or migrate data volumes](https://docs.docker.com/engine/tutorials/dockervolumes/#backup-restore-or-migrate-data-volumes) -in the user guide for examples on exporting data in a volume. - -## Examples - -Each of these commands has the same result. - -```bash -$ docker export red_panda > latest.tar -``` - -```bash -$ docker export --output="latest.tar" red_panda -``` diff --git a/components/engine/docs/reference/commandline/history.md b/components/engine/docs/reference/commandline/history.md deleted file mode 100644 index 014ceddaf3..0000000000 --- a/components/engine/docs/reference/commandline/history.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -title: "history" -description: "The history command description and usage" -keywords: "docker, image, history" ---- - - - -# history - -```markdown -Usage: docker history [OPTIONS] IMAGE - -Show the history of an image - -Options: - --format string Pretty-print images using a Go template - --help Print usage - -H, --human Print sizes and dates in human readable format (default true) - --no-trunc Don't truncate output - -q, --quiet Only show numeric IDs -``` - - -## Examples - -To see how the `docker:latest` image was built: - -```bash -$ docker history docker - -IMAGE CREATED CREATED BY SIZE COMMENT -3e23a5875458 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B -8578938dd170 8 days ago /bin/sh -c dpkg-reconfigure locales && loc 1.245 MB -be51b77efb42 8 days ago /bin/sh -c apt-get update && apt-get install 338.3 MB -4b137612be55 6 weeks ago /bin/sh -c #(nop) ADD jessie.tar.xz in / 121 MB -750d58736b4b 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi : 2 weeks ago -: 2 weeks ago -: 2 weeks ago -: 2 weeks ago -: 3 weeks ago -: 3 weeks ago -: 3 weeks ago -``` diff --git a/components/engine/docs/reference/commandline/image.md b/components/engine/docs/reference/commandline/image.md deleted file mode 100644 index fef161aa99..0000000000 --- a/components/engine/docs/reference/commandline/image.md +++ /dev/null @@ -1,47 +0,0 @@ - ---- -title: "image" -description: "The image command description and usage" -keywords: "image" ---- - - - -# image - -```markdown -Usage: docker image COMMAND - -Manage images - -Options: - --help Print usage - -Commands: - build Build an image from a Dockerfile - history Show the history of an image - import Import the contents from a tarball to create a filesystem image - inspect Display detailed information on one or more images - load Load an image from a tar archive or STDIN - ls List images - prune Remove unused images - pull Pull an image or a repository from a registry - push Push an image or a repository to a registry - rm Remove one or more images - save Save one or more images to a tar archive (streamed to STDOUT by default) - tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE - -Run 'docker image COMMAND --help' for more information on a command. - -``` - -## Description - -Manage images. diff --git a/components/engine/docs/reference/commandline/image_prune.md b/components/engine/docs/reference/commandline/image_prune.md deleted file mode 100644 index f3b1545407..0000000000 --- a/components/engine/docs/reference/commandline/image_prune.md +++ /dev/null @@ -1,171 +0,0 @@ ---- -title: "image prune" -description: "Remove all stopped images" -keywords: "image, prune, delete, remove" ---- - - - -# image prune - -```markdown -Usage: docker image prune [OPTIONS] - -Remove unused images - -Options: - -a, --all Remove all unused images, not just dangling ones - --filter filter Provide filter values (e.g. 'until=') - -f, --force Do not prompt for confirmation - --help Print usage -``` - -## Description - -Remove all dangling images. If `-a` is specified, will also remove all images not referenced by any container. - -## Examples - -Example output: - -```bash -$ docker image prune -a - -WARNING! This will remove all images without at least one container associated to them. -Are you sure you want to continue? [y/N] y -Deleted Images: -untagged: alpine:latest -untagged: alpine@sha256:3dcdb92d7432d56604d4545cbd324b14e647b313626d99b889d0626de158f73a -deleted: sha256:4e38e38c8ce0b8d9041a9c4fefe786631d1416225e13b0bfe8cfa2321aec4bba -deleted: sha256:4fe15f8d0ae69e169824f25f1d4da3015a48feeeeebb265cd2e328e15c6a869f -untagged: alpine:3.3 -untagged: alpine@sha256:4fa633f4feff6a8f02acfc7424efd5cb3e76686ed3218abf4ca0fa4a2a358423 -untagged: my-jq:latest -deleted: sha256:ae67841be6d008a374eff7c2a974cde3934ffe9536a7dc7ce589585eddd83aff -deleted: sha256:34f6f1261650bc341eb122313372adc4512b4fceddc2a7ecbb84f0958ce5ad65 -deleted: sha256:cf4194e8d8db1cb2d117df33f2c75c0369c3a26d96725efb978cc69e046b87e7 -untagged: my-curl:latest -deleted: sha256:b2789dd875bf427de7f9f6ae001940073b3201409b14aba7e5db71f408b8569e -deleted: sha256:96daac0cb203226438989926fc34dd024f365a9a8616b93e168d303cfe4cb5e9 -deleted: sha256:5cbd97a14241c9cd83250d6b6fc0649833c4a3e84099b968dd4ba403e609945e -deleted: sha256:a0971c4015c1e898c60bf95781c6730a05b5d8a2ae6827f53837e6c9d38efdec -deleted: sha256:d8359ca3b681cc5396a4e790088441673ed3ce90ebc04de388bfcd31a0716b06 -deleted: sha256:83fc9ba8fb70e1da31dfcc3c88d093831dbd4be38b34af998df37e8ac538260c -deleted: sha256:ae7041a4cc625a9c8e6955452f7afe602b401f662671cea3613f08f3d9343b35 -deleted: sha256:35e0f43a37755b832f0bbea91a2360b025ee351d7309dae0d9737bc96b6d0809 -deleted: sha256:0af941dd29f00e4510195dd00b19671bc591e29d1495630e7e0f7c44c1e6a8c0 -deleted: sha256:9fc896fc2013da84f84e45b3096053eb084417b42e6b35ea0cce5a3529705eac -deleted: sha256:47cf20d8c26c46fff71be614d9f54997edacfe8d46d51769706e5aba94b16f2b -deleted: sha256:2c675ee9ed53425e31a13e3390bf3f539bf8637000e4bcfbb85ee03ef4d910a1 - -Total reclaimed space: 16.43 MB -``` - -### Filtering - -The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more -than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - -The currently supported filters are: - -* until (``) - only remove images created before given timestamp -* label (`label=`, `label==`, `label!=`, or `label!==`) - only remove images with (or without, in case `label!=...` is used) the specified labels. - -The `until` filter can be Unix timestamps, date formatted -timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed -relative to the daemon machine’s time. Supported formats for date -formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, -`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local -timezone on the daemon will be used if you do not provide either a `Z` or a -`+-00:00` timezone offset at the end of the timestamp. When providing Unix -timestamps enter seconds[.nanoseconds], where seconds is the number of seconds -that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap -seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a -fraction of a second no more than nine digits long. - -The `label` filter accepts two formats. One is the `label=...` (`label=` or `label==`), -which removes images with the specified labels. The other -format is the `label!=...` (`label!=` or `label!==`), which removes -images without the specified labels. - -The following removes images created before `2017-01-04T00:00:00`: - -```bash -$ docker images --format 'table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedAt}}\t{{.Size}}' -REPOSITORY TAG IMAGE ID CREATED AT SIZE -foo latest 2f287ac753da 2017-01-04 13:42:23 -0800 PST 3.98 MB -alpine latest 88e169ea8f46 2016-12-27 10:17:25 -0800 PST 3.98 MB -busybox latest e02e811dd08f 2016-10-07 14:03:58 -0700 PDT 1.09 MB - -$ docker image prune -a --force --filter "until=2017-01-04T00:00:00" - -Deleted Images: -untagged: alpine:latest -untagged: alpine@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 -untagged: busybox:latest -untagged: busybox@sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912 -deleted: sha256:e02e811dd08fd49e7f6032625495118e63f597eb150403d02e3238af1df240ba -deleted: sha256:e88b3f82283bc59d5e0df427c824e9f95557e661fcb0ea15fb0fb6f97760f9d9 - -Total reclaimed space: 1.093 MB - -$ docker images --format 'table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedAt}}\t{{.Size}}' - -REPOSITORY TAG IMAGE ID CREATED AT SIZE -foo latest 2f287ac753da 2017-01-04 13:42:23 -0800 PST 3.98 MB -``` - -The following removes images created more than 10 days (`240h`) ago: - -```bash -$ docker images - -REPOSITORY TAG IMAGE ID CREATED SIZE -foo latest 2f287ac753da 14 seconds ago 3.98 MB -alpine latest 88e169ea8f46 8 days ago 3.98 MB -debian jessie 7b0a06c805e8 2 months ago 123 MB -busybox latest e02e811dd08f 2 months ago 1.09 MB -golang 1.7.0 138c2e655421 4 months ago 670 MB - -$ docker image prune -a --force --filter "until=240h" - -Deleted Images: -untagged: golang:1.7.0 -untagged: golang@sha256:6765038c2b8f407fd6e3ecea043b44580c229ccfa2a13f6d85866cf2b4a9628e -deleted: sha256:138c2e6554219de65614d88c15521bfb2da674cbb0bf840de161f89ff4264b96 -deleted: sha256:ec353c2e1a673f456c4b78906d0d77f9d9456cfb5229b78c6a960bfb7496b76a -deleted: sha256:fe22765feaf3907526b4921c73ea6643ff9e334497c9b7e177972cf22f68ee93 -deleted: sha256:ff845959c80148421a5c3ae11cc0e6c115f950c89bc949646be55ed18d6a2912 -deleted: sha256:a4320831346648c03db64149eafc83092e2b34ab50ca6e8c13112388f25899a7 -deleted: sha256:4c76020202ee1d9709e703b7c6de367b325139e74eebd6b55b30a63c196abaf3 -deleted: sha256:d7afd92fb07236c8a2045715a86b7d5f0066cef025018cd3ca9a45498c51d1d6 -deleted: sha256:9e63c5bce4585dd7038d830a1f1f4e44cb1a1515b00e620ac718e934b484c938 -untagged: debian:jessie -untagged: debian@sha256:c1af755d300d0c65bb1194d24bce561d70c98a54fb5ce5b1693beb4f7988272f -deleted: sha256:7b0a06c805e8f23807fb8856621c60851727e85c7bcb751012c813f122734c8d -deleted: sha256:f96222d75c5563900bc4dd852179b720a0885de8f7a0619ba0ac76e92542bbc8 - -Total reclaimed space: 792.6 MB - -$ docker images - -REPOSITORY TAG IMAGE ID CREATED SIZE -foo latest 2f287ac753da About a minute ago 3.98 MB -alpine latest 88e169ea8f46 8 days ago 3.98 MB -busybox latest e02e811dd08f 2 months ago 1.09 MB -``` - -## Related commands - -* [system df](system_df.md) -* [container prune](container_prune.md) -* [volume prune](volume_prune.md) -* [network prune](network_prune.md) -* [system prune](system_prune.md) diff --git a/components/engine/docs/reference/commandline/images.md b/components/engine/docs/reference/commandline/images.md deleted file mode 100644 index 86a32aed27..0000000000 --- a/components/engine/docs/reference/commandline/images.md +++ /dev/null @@ -1,343 +0,0 @@ ---- -title: "images" -description: "The images command description and usage" -keywords: "list, docker, images" ---- - - - -# images - -```markdown -Usage: docker images [OPTIONS] [REPOSITORY[:TAG]] - -List images - -Options: - -a, --all Show all images (default hides intermediate images) - --digests Show digests - -f, --filter value Filter output based on conditions provided (default []) - - dangling=(true|false) - - label= or label== - - before=([:tag]||) - - since=([:tag]||) - - reference=(pattern of an image reference) - --format string Pretty-print images using a Go template - --help Print usage - --no-trunc Don't truncate output - -q, --quiet Only show numeric IDs -``` - -## Description - -The default `docker images` will show all top level -images, their repository and tags, and their size. - -Docker images have intermediate layers that increase reusability, -decrease disk usage, and speed up `docker build` by -allowing each step to be cached. These intermediate layers are not shown -by default. - -The `SIZE` is the cumulative space taken up by the image and all -its parent images. This is also the disk space used by the contents of the -Tar file created when you `docker save` an image. - -An image will be listed more than once if it has multiple repository names -or tags. This single image (identifiable by its matching `IMAGE ID`) -uses up the `SIZE` listed only once. - -## Examples - -### List the most recently created images - -```bash -$ docker images - -REPOSITORY TAG IMAGE ID CREATED SIZE - 77af4d6b9913 19 hours ago 1.089 GB -committ latest b6fa739cedf5 19 hours ago 1.089 GB - 78a85c484f71 19 hours ago 1.089 GB -docker latest 30557a29d5ab 20 hours ago 1.089 GB - 5ed6274db6ce 24 hours ago 1.089 GB -postgres 9 746b819f315e 4 days ago 213.4 MB -postgres 9.3 746b819f315e 4 days ago 213.4 MB -postgres 9.3.5 746b819f315e 4 days ago 213.4 MB -postgres latest 746b819f315e 4 days ago 213.4 MB -``` - -### List images by name and tag - -The `docker images` command takes an optional `[REPOSITORY[:TAG]]` argument -that restricts the list to images that match the argument. If you specify -`REPOSITORY`but no `TAG`, the `docker images` command lists all images in the -given repository. - -For example, to list all images in the "java" repository, run this command : - -```bash -$ docker images java - -REPOSITORY TAG IMAGE ID CREATED SIZE -java 8 308e519aac60 6 days ago 824.5 MB -java 7 493d82594c15 3 months ago 656.3 MB -java latest 2711b1d6f3aa 5 months ago 603.9 MB -``` - -The `[REPOSITORY[:TAG]]` value must be an "exact match". This means that, for example, -`docker images jav` does not match the image `java`. - -If both `REPOSITORY` and `TAG` are provided, only images matching that -repository and tag are listed. To find all local images in the "java" -repository with tag "8" you can use: - -```bash -$ docker images java:8 - -REPOSITORY TAG IMAGE ID CREATED SIZE -java 8 308e519aac60 6 days ago 824.5 MB -``` - -If nothing matches `REPOSITORY[:TAG]`, the list is empty. - -```bash -$ docker images java:0 - -REPOSITORY TAG IMAGE ID CREATED SIZE -``` - -### List the full length image IDs - -```bash -$ docker images --no-trunc - -REPOSITORY TAG IMAGE ID CREATED SIZE - sha256:77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB -committest latest sha256:b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB - sha256:78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB -docker latest sha256:30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB - sha256:0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB - sha256:18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB - sha256:f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB -tryout latest sha256:2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB - sha256:5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB -``` - -### List image digests - -Images that use the v2 or later format have a content-addressable identifier -called a `digest`. As long as the input used to generate the image is -unchanged, the digest value is predictable. To list image digest values, use -the `--digests` flag: - -```bash -$ docker images --digests -REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE -localhost:5000/test/busybox sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf 4986bf8c1536 9 weeks ago 2.43 MB -``` - -When pushing or pulling to a 2.0 registry, the `push` or `pull` command -output includes the image digest. You can `pull` using a digest value. You can -also reference by digest in `create`, `run`, and `rmi` commands, as well as the -`FROM` image reference in a Dockerfile. - -### Filtering - -The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more -than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - -The currently supported filters are: - -* dangling (boolean - true or false) -* label (`label=` or `label==`) -* before (`[:]`, `` or ``) - filter images created before given id or references -* since (`[:]`, `` or ``) - filter images created since given id or references -* reference (pattern of an image reference) - filter images whose reference matches the specified pattern - -#### Show untagged images (dangling) - -```bash -$ docker images --filter "dangling=true" - -REPOSITORY TAG IMAGE ID CREATED SIZE - 8abc22fbb042 4 weeks ago 0 B - 48e5f45168b9 4 weeks ago 2.489 MB - bf747efa0e2f 4 weeks ago 0 B - 980fe10e5736 12 weeks ago 101.4 MB - dea752e4e117 12 weeks ago 101.4 MB - 511136ea3c5a 8 months ago 0 B -``` - -This will display untagged images that are the leaves of the images tree (not -intermediary layers). These images occur when a new build of an image takes the -`repo:tag` away from the image ID, leaving it as `:` or untagged. -A warning will be issued if trying to remove an image when a container is presently -using it. By having this flag it allows for batch cleanup. - -You can use this in conjunction with `docker rmi ...`: - -```bash -$ docker rmi $(docker images -f "dangling=true" -q) - -8abc22fbb042 -48e5f45168b9 -bf747efa0e2f -980fe10e5736 -dea752e4e117 -511136ea3c5a -``` - -> **Note**: Docker warns you if any containers exist that are using these -> untagged images. - - -#### Show images with a given label - -The `label` filter matches images based on the presence of a `label` alone or a `label` and a -value. - -The following filter matches images with the `com.example.version` label regardless of its value. - -```bash -$ docker images --filter "label=com.example.version" - -REPOSITORY TAG IMAGE ID CREATED SIZE -match-me-1 latest eeae25ada2aa About a minute ago 188.3 MB -match-me-2 latest dea752e4e117 About a minute ago 188.3 MB -``` - -The following filter matches images with the `com.example.version` label with the `1.0` value. - -```bash -$ docker images --filter "label=com.example.version=1.0" - -REPOSITORY TAG IMAGE ID CREATED SIZE -match-me latest 511136ea3c5a About a minute ago 188.3 MB -``` - -In this example, with the `0.1` value, it returns an empty set because no matches were found. - -```bash -$ docker images --filter "label=com.example.version=0.1" -REPOSITORY TAG IMAGE ID CREATED SIZE -``` - -#### Filter images by time - -The `before` filter shows only images created before the image with -given id or reference. For example, having these images: - -```bash -$ docker images - -REPOSITORY TAG IMAGE ID CREATED SIZE -image1 latest eeae25ada2aa 4 minutes ago 188.3 MB -image2 latest dea752e4e117 9 minutes ago 188.3 MB -image3 latest 511136ea3c5a 25 minutes ago 188.3 MB -``` - -Filtering with `before` would give: - -```bash -$ docker images --filter "before=image1" - -REPOSITORY TAG IMAGE ID CREATED SIZE -image2 latest dea752e4e117 9 minutes ago 188.3 MB -image3 latest 511136ea3c5a 25 minutes ago 188.3 MB -``` - -Filtering with `since` would give: - -```bash -$ docker images --filter "since=image3" -REPOSITORY TAG IMAGE ID CREATED SIZE -image1 latest eeae25ada2aa 4 minutes ago 188.3 MB -image2 latest dea752e4e117 9 minutes ago 188.3 MB -``` - -#### Filter images by reference - -The `reference` filter shows only images whose reference matches -the specified pattern. - -```bash -$ docker images - -REPOSITORY TAG IMAGE ID CREATED SIZE -busybox latest e02e811dd08f 5 weeks ago 1.09 MB -busybox uclibc e02e811dd08f 5 weeks ago 1.09 MB -busybox musl 733eb3059dce 5 weeks ago 1.21 MB -busybox glibc 21c16b6787c6 5 weeks ago 4.19 MB -``` - -Filtering with `reference` would give: - -```bash -$ docker images --filter=reference='busy*:*libc' - -REPOSITORY TAG IMAGE ID CREATED SIZE -busybox uclibc e02e811dd08f 5 weeks ago 1.09 MB -busybox glibc 21c16b6787c6 5 weeks ago 4.19 MB -``` - -### Format the output - -The formatting option (`--format`) will pretty print container output -using a Go template. - -Valid placeholders for the Go template are listed below: - -| Placeholder | Description| -| ---- | ---- | -| `.ID` | Image ID | -| `.Repository` | Image repository | -| `.Tag` | Image tag | -| `.Digest` | Image digest | -| `.CreatedSince` | Elapsed time since the image was created | -| `.CreatedAt` | Time when the image was created | -| `.Size` | Image disk size | - -When using the `--format` option, the `image` command will either -output the data exactly as the template declares or, when using the -`table` directive, will include column headers as well. - -The following example uses a template without headers and outputs the -`ID` and `Repository` entries separated by a colon for all images: - -```bash -$ docker images --format "{{.ID}}: {{.Repository}}" - -77af4d6b9913: -b6fa739cedf5: committ -78a85c484f71: -30557a29d5ab: docker -5ed6274db6ce: -746b819f315e: postgres -746b819f315e: postgres -746b819f315e: postgres -746b819f315e: postgres -``` - -To list all images with their repository and tag in a table format you -can use: - -```bash -$ docker images --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}" - -IMAGE ID REPOSITORY TAG -77af4d6b9913 -b6fa739cedf5 committ latest -78a85c484f71 -30557a29d5ab docker latest -5ed6274db6ce -746b819f315e postgres 9 -746b819f315e postgres 9.3 -746b819f315e postgres 9.3.5 -746b819f315e postgres latest -``` diff --git a/components/engine/docs/reference/commandline/import.md b/components/engine/docs/reference/commandline/import.md deleted file mode 100644 index 57edf650c9..0000000000 --- a/components/engine/docs/reference/commandline/import.md +++ /dev/null @@ -1,89 +0,0 @@ ---- -title: "import" -description: "The import command description and usage" -keywords: "import, file, system, container" ---- - - - -# import - -```markdown -Usage: docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]] - -Import the contents from a tarball to create a filesystem image - -Options: - -c, --change value Apply Dockerfile instruction to the created image (default []) - --help Print usage - -m, --message string Set commit message for imported image -``` - -## Description - -You can specify a `URL` or `-` (dash) to take data directly from `STDIN`. The -`URL` can point to an archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) -containing a filesystem or to an individual file on the Docker host. If you -specify an archive, Docker untars it in the container relative to the `/` -(root). If you specify an individual file, you must specify the full path within -the host. To import from a remote location, specify a `URI` that begins with the -`http://` or `https://` protocol. - -The `--change` option will apply `Dockerfile` instructions to the image -that is created. -Supported `Dockerfile` instructions: -`CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` - -## Examples - -### Import from a remote location - -This will create a new untagged image. - -```bash -$ docker import http://example.com/exampleimage.tgz -``` - -### Import from a local file - -- Import to docker via pipe and `STDIN`. - - ```bash - $ cat exampleimage.tgz | docker import - exampleimagelocal:new - ``` - -- Import with a commit message. - - ```bash - $ cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new - ``` - -- Import to docker from a local archive. - - ```bash - $ docker import /path/to/exampleimage.tgz - ``` - -### Import from a local directory - -```bash -$ sudo tar -c . | docker import - exampleimagedir -``` - -### Import from a local directory with new configurations - -```bash -$ sudo tar -c . | docker import --change "ENV DEBUG true" - exampleimagedir -``` - -Note the `sudo` in this example – you must preserve -the ownership of the files (especially root ownership) during the -archiving with tar. If you are not root (or the sudo command) when you -tar, then the ownerships might not get preserved. diff --git a/components/engine/docs/reference/commandline/index.md b/components/engine/docs/reference/commandline/index.md deleted file mode 100644 index c000082fab..0000000000 --- a/components/engine/docs/reference/commandline/index.md +++ /dev/null @@ -1,184 +0,0 @@ ---- -title: "Docker commands" -description: "Docker's CLI command description and usage" -keywords: "Docker, Docker documentation, CLI, command line" -identifier: "smn_cli_guide" ---- - - - -# The Docker commands - -This section contains reference information on using Docker's command line -client. Each command has a reference page along with samples. If you are -unfamiliar with the command line, you should start by reading about how to [Use -the Docker command line](cli.md). - -You start the Docker daemon with the command line. How you start the daemon -affects your Docker containers. For that reason you should also make sure to -read the [`dockerd`](dockerd.md) reference page. - -## Commands by object - -### Docker management commands - -| Command | Description | -|:--------|:-------------------------------------------------------------------| -| [dockerd](dockerd.md) | Launch the Docker daemon | -| [info](info.md) | Display system-wide information | -| [inspect](inspect.md)| Return low-level information on a container or image | -| [version](version.md) | Show the Docker version information | - - -### Image commands - -| Command | Description | -|:--------|:-------------------------------------------------------------------| -| [build](build.md) | Build an image from a Dockerfile | -| [commit](commit.md) | Create a new image from a container's changes | -| [history](history.md) | Show the history of an image | -| [images](images.md) | List images | -| [import](import.md) | Import the contents from a tarball to create a filesystem image | -| [load](load.md) | Load an image from a tar archive or STDIN | -| [image prune](image_prune.md) | Remove unused images | -| [rmi](rmi.md) | Remove one or more images | -| [save](save.md) | Save images to a tar archive | -| [tag](tag.md) | Tag an image into a repository | - -### Container commands - -| Command | Description | -|:--------|:-------------------------------------------------------------------| -| [attach](attach.md) | Attach to a running container | -| [container prune](container_prune.md) | Remove all stopped containers | -| [cp](cp.md) | Copy files/folders from a container to a HOSTDIR or to STDOUT | -| [create](create.md) | Create a new container | -| [diff](diff.md) | Inspect changes on a container's filesystem | -| [events](events.md) | Get real time events from the server | -| [exec](exec.md) | Run a command in a running container | -| [export](export.md) | Export a container's filesystem as a tar archive | -| [kill](kill.md) | Kill a running container | -| [logs](logs.md) | Fetch the logs of a container | -| [pause](pause.md) | Pause all processes within a container | -| [port](port.md) | List port mappings or a specific mapping for the container | -| [ps](ps.md) | List containers | -| [rename](rename.md) | Rename a container | -| [restart](restart.md) | Restart a running container | -| [rm](rm.md) | Remove one or more containers | -| [run](run.md) | Run a command in a new container | -| [start](start.md) | Start one or more stopped containers | -| [stats](stats.md) | Display a live stream of container(s) resource usage statistics | -| [stop](stop.md) | Stop a running container | -| [top](top.md) | Display the running processes of a container | -| [unpause](unpause.md) | Unpause all processes within a container | -| [update](update.md) | Update configuration of one or more containers | -| [wait](wait.md) | Block until a container stops, then print its exit code | - -### Hub and registry commands - -| Command | Description | -|:--------|:-------------------------------------------------------------------| -| [login](login.md) | Register or log in to a Docker registry | -| [logout](logout.md) | Log out from a Docker registry | -| [pull](pull.md) | Pull an image or a repository from a Docker registry | -| [push](push.md) | Push an image or a repository to a Docker registry | -| [search](search.md) | Search the Docker Hub for images | - -### Network and connectivity commands - -| Command | Description | -|:--------|:-------------------------------------------------------------------| -| [network connect](network_connect.md) | Connect a container to a network | -| [network create](network_create.md) | Create a new network | -| [network disconnect](network_disconnect.md) | Disconnect a container from a network | -| [network inspect](network_inspect.md) | Display information about a network | -| [network ls](network_ls.md) | Lists all the networks the Engine `daemon` knows about | -| [network prune](network_prune.md) | Remove all unused networks | -| [network rm](network_rm.md) | Removes one or more networks | - -### Shared data volume commands - -| Command | Description | -|:--------|:-------------------------------------------------------------------| -| [volume create](volume_create.md) | Creates a new volume where containers can consume and store data | -| [volume inspect](volume_inspect.md) | Display information about a volume | -| [volume ls](volume_ls.md) | Lists all the volumes Docker knows about | -| [volume prune](volume_prune.md) | Remove all unused volumes | -| [volume rm](volume_rm.md) | Remove one or more volumes | - -### Swarm node commands - -| Command | Description | -|:--------|:-------------------------------------------------------------------| -| [node demote](node_demote.md) | Demotes an existing manager so that it is no longer a manager | -| [node inspect](node_inspect.md) | Inspect a node in the swarm | -| [node ls](node_ls.md) | List nodes in the swarm | -| [node promote](node_promote.md) | Promote a node that is pending a promotion to manager | -| [node ps](node_ps.md) | List tasks running on one or more nodes | -| [node rm](node_rm.md) | Remove one or more nodes from the swarm | -| [node update](node_update.md) | Update attributes for a node | - -### Swarm management commands - -| Command | Description | -|:--------|:-------------------------------------------------------------------| -| [swarm init](swarm_init.md) | Initialize a swarm | -| [swarm join](swarm_join.md) | Join a swarm as a manager node or worker node | -| [swarm leave](swarm_leave.md) | Remove the current node from the swarm | -| [swarm join-token](swarm_join_token.md) | Display or rotate join tokens | -| [swarm unlock](swarm_unlock.md) | Unlock swarm | -| [swarm unlock-key](swarm_unlock_key.md) | Manage the unlock key | -| [swarm update](swarm_update.md) | Update attributes of a swarm | - -### Swarm service commands - -| Command | Description | -|:--------|:-------------------------------------------------------------------| -| [service create](service_create.md) | Create a new service | -| [service inspect](service_inspect.md) | Inspect a service | -| [service logs](service_logs.md) | Fetch the logs of a service or task | -| [service ls](service_ls.md) | List services in the swarm | -| [service ps](service_ps.md) | List the tasks of a service | -| [service rm](service_rm.md) | Remove a service from the swarm | -| [service scale](service_scale.md) | Set the number of replicas for the desired state of the service | -| [service update](service_update.md) | Update the attributes of a service | - -### Swarm secret commands - -| Command | Description | -|:--------|:-------------------------------------------------------------------| -| [secret create](secret_create.md) | Create a secret from a file or STDIN as content | -| [secret inspect](service_inspect.md) | Inspect the specified secret | -| [secret ls](secret_ls.md) | List secrets in the swarm | -| [secret rm](secret_rm.md) | Remove the specified secrets from the swarm | - -### Swarm stack commands - -| Command | Description | -|:--------|:-------------------------------------------------------------------| -| [stack deploy](stack_deploy.md) | Deploy a new stack or update an existing stack | -| [stack ls](stack_ls.md) | List stacks in the swarm | -| [stack ps](stack_ps.md) | List the tasks in the stack | -| [stack rm](stack_rm.md) | Remove the stack from the swarm | -| [stack services](stack_services.md) | List the services in the stack | - -### Plugin commands - -| Command | Description | -|:--------|:-------------------------------------------------------------------| -| [plugin create](plugin_create.md) | Create a plugin from a rootfs and configuration | -| [plugin disable](plugin_disable.md) | Disable a plugin | -| [plugin enable](plugin_enable.md) | Enable a plugin | -| [plugin inspect](plugin_inspect.md) | Display detailed information on a plugin | -| [plugin install](plugin_install.md) | Install a plugin | -| [plugin ls](plugin_ls.md) | List plugins | -| [plugin push](plugin_push.md) | Push a plugin to a registry | -| [plugin rm](plugin_rm.md) | Remove a plugin | -| [plugin set](plugin_set.md) | Change settings for a plugin | diff --git a/components/engine/docs/reference/commandline/info.md b/components/engine/docs/reference/commandline/info.md deleted file mode 100644 index 9929c04af3..0000000000 --- a/components/engine/docs/reference/commandline/info.md +++ /dev/null @@ -1,245 +0,0 @@ ---- -title: "info" -description: "The info command description and usage" -keywords: "display, docker, information" ---- - - - -# info - -```markdown -Usage: docker info [OPTIONS] - -Display system-wide information - -Options: - -f, --format string Format the output using the given Go template - --help Print usage -``` - -## Description - -This command displays system wide information regarding the Docker installation. -Information displayed includes the kernel version, number of containers and images. -The number of images shown is the number of unique images. The same image tagged -under different names is counted only once. - -If a format is specified, the given template will be executed instead of the -default format. Go's [text/template](http://golang.org/pkg/text/template/) package -describes all the details of the format. - -Depending on the storage driver in use, additional information can be shown, such -as pool name, data file, metadata file, data space used, total data space, metadata -space used, and total metadata space. - -The data file is where the images are stored and the metadata file is where the -meta data regarding those images are stored. When run for the first time Docker -allocates a certain amount of data space and meta data space from the space -available on the volume where `/var/lib/docker` is mounted. - -## Examples - -### Show output - -The example below shows the output for a daemon running on Red Hat Enterprise Linux, -using the `devicemapper` storage driver. As can be seen in the output, additional -information about the `devicemapper` storage driver is shown: - -```bash -$ docker info - -Containers: 14 - Running: 3 - Paused: 1 - Stopped: 10 -Images: 52 -Server Version: 1.10.3 -Storage Driver: devicemapper - Pool Name: docker-202:2-25583803-pool - Pool Blocksize: 65.54 kB - Base Device Size: 10.74 GB - Backing Filesystem: xfs - Data file: /dev/loop0 - Metadata file: /dev/loop1 - Data Space Used: 1.68 GB - Data Space Total: 107.4 GB - Data Space Available: 7.548 GB - Metadata Space Used: 2.322 MB - Metadata Space Total: 2.147 GB - Metadata Space Available: 2.145 GB - Udev Sync Supported: true - Deferred Removal Enabled: false - Deferred Deletion Enabled: false - Deferred Deleted Device Count: 0 - Data loop file: /var/lib/docker/devicemapper/devicemapper/data - Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata - Library Version: 1.02.107-RHEL7 (2015-12-01) -Execution Driver: native-0.2 -Logging Driver: json-file -Plugins: - Volume: local - Network: null host bridge -Kernel Version: 3.10.0-327.el7.x86_64 -Operating System: Red Hat Enterprise Linux Server 7.2 (Maipo) -OSType: linux -Architecture: x86_64 -CPUs: 1 -Total Memory: 991.7 MiB -Name: ip-172-30-0-91.ec2.internal -ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S -Docker Root Dir: /var/lib/docker -Debug mode (client): false -Debug mode (server): false -Username: gordontheturtle -Registry: https://index.docker.io/v1/ -Insecure registries: - myinsecurehost:5000 - 127.0.0.0/8 -``` - -### Show debugging output - -Here is a sample output for a daemon running on Ubuntu, using the overlay2 -storage driver and a node that is part of a 2-node swarm: - -```bash -$ docker -D info - -Containers: 14 - Running: 3 - Paused: 1 - Stopped: 10 -Images: 52 -Server Version: 1.13.0 -Storage Driver: overlay2 - Backing Filesystem: extfs - Supports d_type: true - Native Overlay Diff: false -Logging Driver: json-file -Cgroup Driver: cgroupfs -Plugins: - Volume: local - Network: bridge host macvlan null overlay -Swarm: active - NodeID: rdjq45w1op418waxlairloqbm - Is Manager: true - ClusterID: te8kdyw33n36fqiz74bfjeixd - Managers: 1 - Nodes: 2 - Orchestration: - Task History Retention Limit: 5 - Raft: - Snapshot Interval: 10000 - Number of Old Snapshots to Retain: 0 - Heartbeat Tick: 1 - Election Tick: 3 - Dispatcher: - Heartbeat Period: 5 seconds - CA Configuration: - Expiry Duration: 3 months - Root Rotation In Progress: false - Node Address: 172.16.66.128 172.16.66.129 - Manager Addresses: - 172.16.66.128:2477 -Runtimes: runc -Default Runtime: runc -Init Binary: docker-init -containerd version: 8517738ba4b82aff5662c97ca4627e7e4d03b531 -runc version: ac031b5bf1cc92239461125f4c1ffb760522bbf2 -init version: N/A (expected: v0.13.0) -Security Options: - apparmor - seccomp - Profile: default -Kernel Version: 4.4.0-31-generic -Operating System: Ubuntu 16.04.1 LTS -OSType: linux -Architecture: x86_64 -CPUs: 2 -Total Memory: 1.937 GiB -Name: ubuntu -ID: H52R:7ZR6:EIIA:76JG:ORIY:BVKF:GSFU:HNPG:B5MK:APSC:SZ3Q:N326 -Docker Root Dir: /var/lib/docker -Debug Mode (client): true -Debug Mode (server): true - File Descriptors: 30 - Goroutines: 123 - System Time: 2016-11-12T17:24:37.955404361-08:00 - EventsListeners: 0 -Http Proxy: http://test:test@proxy.example.com:8080 -Https Proxy: https://test:test@proxy.example.com:8080 -No Proxy: localhost,127.0.0.1,docker-registry.somecorporation.com -Registry: https://index.docker.io/v1/ -WARNING: No swap limit support -Labels: - storage=ssd - staging=true -Experimental: false -Insecure Registries: - 127.0.0.0/8 -Registry Mirrors: - http://192.168.1.2/ - http://registry-mirror.example.com:5000/ -Live Restore Enabled: false -``` - -The global `-D` option causes all `docker` commands to output debug information. - -### Format the output - -You can also specify the output format: - -```bash -$ docker info --format '{{json .}}' - -{"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...} -``` - -### Run `docker info` on Windows - -Here is a sample output for a daemon running on Windows Server 2016: - -```none -E:\docker>docker info - -Containers: 1 - Running: 0 - Paused: 0 - Stopped: 1 -Images: 17 -Server Version: 1.13.0 -Storage Driver: windowsfilter - Windows: -Logging Driver: json-file -Plugins: - Volume: local - Network: nat null overlay -Swarm: inactive -Default Isolation: process -Kernel Version: 10.0 14393 (14393.206.amd64fre.rs1_release.160912-1937) -Operating System: Windows Server 2016 Datacenter -OSType: windows -Architecture: x86_64 -CPUs: 8 -Total Memory: 3.999 GiB -Name: WIN-V0V70C0LU5P -ID: NYMS:B5VK:UMSL:FVDZ:EWB5:FKVK:LPFL:FJMQ:H6FT:BZJ6:L2TD:XH62 -Docker Root Dir: C:\control -Debug Mode (client): false -Debug Mode (server): false -Registry: https://index.docker.io/v1/ -Insecure Registries: - 127.0.0.0/8 -Registry Mirrors: - http://192.168.1.2/ - http://registry-mirror.example.com:5000/ -Live Restore Enabled: false -``` diff --git a/components/engine/docs/reference/commandline/inspect.md b/components/engine/docs/reference/commandline/inspect.md deleted file mode 100644 index 9ce4f5f517..0000000000 --- a/components/engine/docs/reference/commandline/inspect.md +++ /dev/null @@ -1,122 +0,0 @@ ---- -title: "inspect" -description: "The inspect command description and usage" -keywords: "inspect, container, json" ---- - - - -# inspect - -```markdown -Usage: docker inspect [OPTIONS] NAME|ID [NAME|ID...] - -Return low-level information on Docker object(s) (e.g. container, image, volume, -network, node, service, or task) identified by name or ID - -Options: - -f, --format Format the output using the given Go template - --help Print usage - -s, --size Display total file sizes if the type is container - --type Return JSON for specified type -``` - -## Description - -Docker inspect provides detailed information on constructs controlled by Docker. - -By default, `docker inspect` will render results in a JSON array. - -## Request a custom response format (--format) - -If a format is specified, the given template will be executed for each result. - -Go's [text/template](http://golang.org/pkg/text/template/) package -describes all the details of the format. - -## Specify target type (--type) - -`--type container|image|node|network|secret|service|volume|task|plugin` - -The `docker inspect` command matches any type of object by either ID or name. -In some cases multiple type of objects (for example, a container and a volume) -exist with the same name, making the result ambigious. - -To restrict `docker inspect` to a specific type of object, use the `--type` -option. - -The following example inspects a _volume_ named "myvolume" - -```bash -$ docker inspect --type=volume myvolume -``` - -## Examples - -### Get an instance's IP address - -For the most part, you can pick out any field from the JSON in a fairly -straightforward manner. - -```bash -$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $INSTANCE_ID -``` - -### Get an instance's MAC address - -```bash -$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.MacAddress}}{{end}}' $INSTANCE_ID -``` - -### Get an instance's log path - -```bash -$ docker inspect --format='{{.LogPath}}' $INSTANCE_ID -``` - -### Get an instance's image name - -```bash -$ docker inspect --format='{{.Config.Image}}' $INSTANCE_ID -``` - -### List all port bindings - -You can loop over arrays and maps in the results to produce simple text -output: - -```bash -$ docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID -``` - -### Find a specific port mapping - -The `.Field` syntax doesn't work when the field name begins with a -number, but the template language's `index` function does. The -`.NetworkSettings.Ports` section contains a map of the internal port -mappings to a list of external address/port objects. To grab just the -numeric public port, you use `index` to find the specific port map, and -then `index` 0 contains the first object inside of that. Then we ask for -the `HostPort` field to get the public address. - -```bash -$ docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID -``` - -### Get a subsection in JSON format - -If you request a field which is itself a structure containing other -fields, by default you get a Go-style dump of the inner values. -Docker adds a template function, `json`, which can be applied to get -results in JSON format. - -```bash -$ docker inspect --format='{{json .Config}}' $INSTANCE_ID -``` diff --git a/components/engine/docs/reference/commandline/kill.md b/components/engine/docs/reference/commandline/kill.md deleted file mode 100644 index 97b15add9b..0000000000 --- a/components/engine/docs/reference/commandline/kill.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: "kill" -description: "The kill command description and usage" -keywords: "container, kill, signal" ---- - - - -# kill - -```markdown -Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...] - -Kill one or more running containers - -Options: - --help Print usage - -s, --signal string Signal to send to the container (default "KILL") -``` - -## Description - -The main process inside the container will be sent `SIGKILL`, or any -signal specified with option `--signal`. - -> **Note**: `ENTRYPOINT` and `CMD` in the *shell* form run as a subcommand of -> `/bin/sh -c`, which does not pass signals. This means that the executable is -> not the container’s PID 1 and does not receive Unix signals. diff --git a/components/engine/docs/reference/commandline/load.md b/components/engine/docs/reference/commandline/load.md deleted file mode 100644 index 3ce6c19e24..0000000000 --- a/components/engine/docs/reference/commandline/load.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: "load" -description: "The load command description and usage" -keywords: "stdin, tarred, repository" ---- - - - -# load - -```markdown -Usage: docker load [OPTIONS] - -Load an image from a tar archive or STDIN - -Options: - --help Print usage - -i, --input string Read from tar archive file, instead of STDIN. - The tarball may be compressed with gzip, bzip, or xz - -q, --quiet Suppress the load output but still outputs the imported images -``` -## Description - -`docker load` loads a tarred repository from a file or the standard input stream. -It restores both images and tags. - -## Examples - -```bash -$ docker images - -REPOSITORY TAG IMAGE ID CREATED SIZE - -$ docker load < busybox.tar.gz - -Loaded image: busybox:latest -$ docker images -REPOSITORY TAG IMAGE ID CREATED SIZE -busybox latest 769b9341d937 7 weeks ago 2.489 MB - -$ docker load --input fedora.tar - -Loaded image: fedora:rawhide - -Loaded image: fedora:20 - -$ docker images - -REPOSITORY TAG IMAGE ID CREATED SIZE -busybox latest 769b9341d937 7 weeks ago 2.489 MB -fedora rawhide 0d20aec6529d 7 weeks ago 387 MB -fedora 20 58394af37342 7 weeks ago 385.5 MB -fedora heisenbug 58394af37342 7 weeks ago 385.5 MB -fedora latest 58394af37342 7 weeks ago 385.5 MB -``` diff --git a/components/engine/docs/reference/commandline/login.md b/components/engine/docs/reference/commandline/login.md deleted file mode 100644 index 0b8e697281..0000000000 --- a/components/engine/docs/reference/commandline/login.md +++ /dev/null @@ -1,158 +0,0 @@ ---- -title: "login" -description: "The login command description and usage" -keywords: "registry, login, image" ---- - - - -# login - -```markdown -Usage: docker login [OPTIONS] [SERVER] - -Log in to a Docker registry. -If no server is specified, the default is defined by the daemon. - -Options: - --help Print usage - -p, --password string Password - -u, --username string Username -``` - -## Description - -Login to a registry. - -### Login to a self-hosted registry - -If you want to login to a self-hosted registry you can specify this by -adding the server name. - -```bash -$ docker login localhost:8080 -``` - -### Privileged user requirement - -`docker login` requires user to use `sudo` or be `root`, except when: - -1. connecting to a remote daemon, such as a `docker-machine` provisioned `docker engine`. -2. user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/security/security/#docker-daemon-attack-surface) for details. - -You can log into any public or private repository for which you have -credentials. When you log in, the command stores encoded credentials in -`$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows. - -### Credentials store - -The Docker Engine can keep user credentials in an external credentials store, -such as the native keychain of the operating system. Using an external store -is more secure than storing credentials in the Docker configuration file. - -To use a credentials store, you need an external helper program to interact -with a specific keychain or external store. Docker requires the helper -program to be in the client's host `$PATH`. - -This is the list of currently available credentials helpers and where -you can download them from: - -- D-Bus Secret Service: https://github.com/docker/docker-credential-helpers/releases -- Apple macOS keychain: https://github.com/docker/docker-credential-helpers/releases -- Microsoft Windows Credential Manager: https://github.com/docker/docker-credential-helpers/releases - -You need to specify the credentials store in `$HOME/.docker/config.json` -to tell the docker engine to use it. The value of the config property should be -the suffix of the program to use (i.e. everything after `docker-credential-`). -For example, to use `docker-credential-osxkeychain`: - -```json -{ - "credsStore": "osxkeychain" -} -``` - -If you are currently logged in, run `docker logout` to remove -the credentials from the file and run `docker login` again. - -### Credential helper protocol - -Credential helpers can be any program or script that follows a very simple protocol. -This protocol is heavily inspired by Git, but it differs in the information shared. - -The helpers always use the first argument in the command to identify the action. -There are only three possible values for that argument: `store`, `get`, and `erase`. - -The `store` command takes a JSON payload from the standard input. That payload carries -the server address, to identify the credential, the user name, and either a password -or an identity token. - -```json -{ - "ServerURL": "https://index.docker.io/v1", - "Username": "david", - "Secret": "passw0rd1" -} -``` - -If the secret being stored is an identity token, the Username should be set to -``. - -The `store` command can write error messages to `STDOUT` that the docker engine -will show if there was an issue. - -The `get` command takes a string payload from the standard input. That payload carries -the server address that the docker engine needs credentials for. This is -an example of that payload: `https://index.docker.io/v1`. - -The `get` command writes a JSON payload to `STDOUT`. Docker reads the user name -and password from this payload: - -```json -{ - "Username": "david", - "Secret": "passw0rd1" -} -``` - -The `erase` command takes a string payload from `STDIN`. That payload carries -the server address that the docker engine wants to remove credentials for. This is -an example of that payload: `https://index.docker.io/v1`. - -The `erase` command can write error messages to `STDOUT` that the docker engine -will show if there was an issue. - -### Credential helpers - -Credential helpers are similar to the credential store above, but act as the -designated programs to handle credentials for *specific registries*. The default -credential store (`credsStore` or the config file itself) will not be used for -operations concerning credentials of the specified registries. - -### Logging out - -If you are currently logged in, run `docker logout` to remove -the credentials from the default store. - -Credential helpers are specified in a similar way to `credsStore`, but -allow for multiple helpers to be configured at a time. Keys specify the -registry domain, and values specify the suffix of the program to use -(i.e. everything after `docker-credential-`). -For example: - -```json -{ - "credHelpers": { - "registry.example.com": "registryhelper", - "awesomereg.example.org": "hip-star", - "unicorn.example.io": "vcbait" - } -} -``` diff --git a/components/engine/docs/reference/commandline/logout.md b/components/engine/docs/reference/commandline/logout.md deleted file mode 100644 index 1e150eb848..0000000000 --- a/components/engine/docs/reference/commandline/logout.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -title: "logout" -description: "The logout command description and usage" -keywords: "logout, docker, registry" ---- - - - -# logout - -```markdown -Usage: docker logout [SERVER] - -Log out from a Docker registry. -If no server is specified, the default is defined by the daemon. - -Options: - --help Print usage -``` - -## Examples - -```bash -$ docker logout localhost:8080 -``` diff --git a/components/engine/docs/reference/commandline/logs.md b/components/engine/docs/reference/commandline/logs.md deleted file mode 100644 index 75f25f7657..0000000000 --- a/components/engine/docs/reference/commandline/logs.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: "logs" -description: "The logs command description and usage" -keywords: "logs, retrieve, docker" ---- - - - -# logs - -```markdown -Usage: docker logs [OPTIONS] CONTAINER - -Fetch the logs of a container - -Options: - --details Show extra details provided to logs - -f, --follow Follow log output - --help Print usage - --since string Show logs since timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes) - --tail string Number of lines to show from the end of the logs (default "all") - -t, --timestamps Show timestamps -``` - -## Description - -The `docker logs` command batch-retrieves logs present at the time of execution. - -> **Note**: this command is only functional for containers that are started with -> the `json-file` or `journald` logging driver. - -For more information about selecting and configuring logging drivers, refer to -[Configure logging drivers](https://docs.docker.com/engine/admin/logging/overview/). - -The `docker logs --follow` command will continue streaming the new output from -the container's `STDOUT` and `STDERR`. - -Passing a negative number or a non-integer to `--tail` is invalid and the -value is set to `all` in that case. - -The `docker logs --timestamps` command will add an [RFC3339Nano timestamp](https://golang.org/pkg/time/#pkg-constants) -, for example `2014-09-16T06:17:46.000000000Z`, to each -log entry. To ensure that the timestamps are aligned the -nano-second part of the timestamp will be padded with zero when necessary. - -The `docker logs --details` command will add on extra attributes, such as -environment variables and labels, provided to `--log-opt` when creating the -container. - -The `--since` option shows only the container logs generated after -a given date. You can specify the date as an RFC 3339 date, a UNIX -timestamp, or a Go duration string (e.g. `1m30s`, `3h`). Besides RFC3339 date -format you may also use RFC3339Nano, `2006-01-02T15:04:05`, -`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local -timezone on the client will be used if you do not provide either a `Z` or a -`+-00:00` timezone offset at the end of the timestamp. When providing Unix -timestamps enter seconds[.nanoseconds], where seconds is the number of seconds -that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap -seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a -fraction of a second no more than nine digits long. You can combine the -`--since` option with either or both of the `--follow` or `--tail` options. diff --git a/components/engine/docs/reference/commandline/network.md b/components/engine/docs/reference/commandline/network.md deleted file mode 100644 index 4555740dad..0000000000 --- a/components/engine/docs/reference/commandline/network.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: "network" -description: "The network command description and usage" -keywords: "network" ---- - - - -# network - -```markdown -Usage: docker network COMMAND - -Manage networks - -Options: - --help Print usage - -Commands: - connect Connect a container to a network - create Create a network - disconnect Disconnect a container from a network - inspect Display detailed information on one or more networks - ls List networks - prune Remove all unused networks - rm Remove one or more networks - -Run 'docker network COMMAND --help' for more information on a command. -``` - -## Description - -Manage networks. You can use subcommands to create, inspect, list, remove, -prune, connect, and disconnect networks. - -## Related commands - -* [network create](network_create.md) -* [network inspect](network_inspect.md) -* [network list](network_list.md) -* [network rm](network_rm.md) -* [network prune](network_prune.md) -* [network connect](network_connect.md) -* [network disconnect](network_disconnect.md) diff --git a/components/engine/docs/reference/commandline/network_connect.md b/components/engine/docs/reference/commandline/network_connect.md deleted file mode 100644 index ba01fc6add..0000000000 --- a/components/engine/docs/reference/commandline/network_connect.md +++ /dev/null @@ -1,117 +0,0 @@ ---- -title: "network connect" -description: "The network connect command description and usage" -keywords: "network, connect, user-defined" ---- - - - -# network connect - -```markdown -Usage: docker network connect [OPTIONS] NETWORK CONTAINER - -Connect a container to a network - -Options: - --alias value Add network-scoped alias for the container (default []) - --help Print usage - --ip string IPv4 address (e.g., 172.30.100.104) - --ip6 string IPv6 address (e.g., 2001:db8::33) - --link value Add link to another container (default []) - --link-local-ip value Add a link-local address for the container (default []) -``` - -## Description - -Connects a container to a network. You can connect a container by name -or by ID. Once connected, the container can communicate with other containers in -the same network. - -## Examples - -### Connect a running container to a network - -```bash -$ docker network connect multi-host-network container1 -``` - -### Connect a container to a network when it starts - -You can also use the `docker run --network=` option to start a container and immediately connect it to a network. - -```bash -$ docker run -itd --network=multi-host-network busybox -``` - -### Specify the IP address a container will use on a given network - -You can specify the IP address you want to be assigned to the container's interface. - -```bash -$ docker network connect --ip 10.10.36.122 multi-host-network container2 -``` - -### Use the legacy `--link` option - -You can use `--link` option to link another container with a preferred alias - -```bash -$ docker network connect --link container1:c1 multi-host-network container2 -``` - -### Create a network alias for a container - -`--alias` option can be used to resolve the container by another name in the network -being connected to. - -```bash -$ docker network connect --alias db --alias mysql multi-host-network container2 -``` - -### Network implications of stopping, pausing, or restarting containers - -You can pause, restart, and stop containers that are connected to a network. -A container connects to its configured networks when it runs. - -If specified, the container's IP address(es) is reapplied when a stopped -container is restarted. If the IP address is no longer available, the container -fails to start. One way to guarantee that the IP address is available is -to specify an `--ip-range` when creating the network, and choose the static IP -address(es) from outside that range. This ensures that the IP address is not -given to another container while this container is not on the network. - -```bash -$ docker network create --subnet 172.20.0.0/16 --ip-range 172.20.240.0/20 multi-host-network -``` - -```bash -$ docker network connect --ip 172.20.128.2 multi-host-network container2 -``` - -To verify the container is connected, use the `docker network inspect` command. Use `docker network disconnect` to remove a container from the network. - -Once connected in network, containers can communicate using only another -container's IP address or name. For `overlay` networks or custom plugins that -support multi-host connectivity, containers connected to the same multi-host -network but launched from different Engines can also communicate in this way. - -You can connect a container to one or more networks. The networks need not be the same type. For example, you can connect a single container bridge and overlay networks. - -## Related commands - -* [network inspect](network_inspect.md) -* [network create](network_create.md) -* [network disconnect](network_disconnect.md) -* [network ls](network_ls.md) -* [network rm](network_rm.md) -* [network prune](network_prune.md) -* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/) -* [Work with networks](https://docs.docker.com/engine/userguide/networking/work-with-networks/) diff --git a/components/engine/docs/reference/commandline/network_create.md b/components/engine/docs/reference/commandline/network_create.md deleted file mode 100644 index 099cc1439a..0000000000 --- a/components/engine/docs/reference/commandline/network_create.md +++ /dev/null @@ -1,227 +0,0 @@ ---- -title: "network create" -description: "The network create command description and usage" -keywords: "network, create" ---- - - - -# network create - -```markdown -Usage: docker network create [OPTIONS] NETWORK - -Create a network - -Options: - --attachable Enable manual container attachment - --ingress Specify the network provides the routing-mesh - --aux-address value Auxiliary IPv4 or IPv6 addresses used by Network - driver (default map[]) - -d, --driver string Driver to manage the Network (default "bridge") - --gateway value IPv4 or IPv6 Gateway for the master subnet (default []) - --help Print usage - --internal Restrict external access to the network - --ip-range value Allocate container ip from a sub-range (default []) - --ipam-driver string IP Address Management Driver (default "default") - --ipam-opt value Set IPAM driver specific options (default map[]) - --ipv6 Enable IPv6 networking - --label value Set metadata on a network (default []) - -o, --opt value Set driver specific options (default map[]) - --subnet value Subnet in CIDR format that represents a - network segment (default []) - --scope value Promote a network to swarm scope (value = [ local | swarm ]) - --config-only Creates a configuration only network - --config-from The name of the network from which copying the configuration -``` - -## Description - -Creates a new network. The `DRIVER` accepts `bridge` or `overlay` which are the -built-in network drivers. If you have installed a third party or your own custom -network driver you can specify that `DRIVER` here also. If you don't specify the -`--driver` option, the command automatically creates a `bridge` network for you. -When you install Docker Engine it creates a `bridge` network automatically. This -network corresponds to the `docker0` bridge that Engine has traditionally relied -on. When you launch a new container with `docker run` it automatically connects to -this bridge network. You cannot remove this default bridge network, but you can -create new ones using the `network create` command. - -```bash -$ docker network create -d bridge my-bridge-network -``` - -Bridge networks are isolated networks on a single Engine installation. If you -want to create a network that spans multiple Docker hosts each running an -Engine, you must create an `overlay` network. Unlike `bridge` networks, overlay -networks require some pre-existing conditions before you can create one. These -conditions are: - -* Access to a key-value store. Engine supports Consul, Etcd, and ZooKeeper (Distributed store) key-value stores. -* A cluster of hosts with connectivity to the key-value store. -* A properly configured Engine `daemon` on each host in the cluster. - -The `dockerd` options that support the `overlay` network are: - -* `--cluster-store` -* `--cluster-store-opt` -* `--cluster-advertise` - -To read more about these options and how to configure them, see ["*Get started -with multi-host network*"](https://docs.docker.com/engine/userguide/networking/get-started-overlay). - -While not required, it is a good idea to install Docker Swarm to -manage the cluster that makes up your network. Swarm provides sophisticated -discovery and server management tools that can assist your implementation. - -Once you have prepared the `overlay` network prerequisites you simply choose a -Docker host in the cluster and issue the following to create the network: - -```bash -$ docker network create -d overlay my-multihost-network -``` - -Network names must be unique. The Docker daemon attempts to identify naming -conflicts but this is not guaranteed. It is the user's responsibility to avoid -name conflicts. - -## Examples - -### Connect containers - -When you start a container, use the `--network` flag to connect it to a network. -This example adds the `busybox` container to the `mynet` network: - -```bash -$ docker run -itd --network=mynet busybox -``` - -If you want to add a container to a network after the container is already -running, use the `docker network connect` subcommand. - -You can connect multiple containers to the same network. Once connected, the -containers can communicate using only another container's IP address or name. -For `overlay` networks or custom plugins that support multi-host connectivity, -containers connected to the same multi-host network but launched from different -Engines can also communicate in this way. - -You can disconnect a container from a network using the `docker network -disconnect` command. - -### Specify advanced options - -When you create a network, Engine creates a non-overlapping subnetwork for the -network by default. This subnetwork is not a subdivision of an existing -network. It is purely for ip-addressing purposes. You can override this default -and specify subnetwork values directly using the `--subnet` option. On a -`bridge` network you can only create a single subnet: - -```bash -$ docker network create --driver=bridge --subnet=192.168.0.0/16 br0 -``` - -Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address` -options. - -```bash -$ docker network create \ - --driver=bridge \ - --subnet=172.28.0.0/16 \ - --ip-range=172.28.5.0/24 \ - --gateway=172.28.5.254 \ - br0 -``` - -If you omit the `--gateway` flag the Engine selects one for you from inside a -preferred pool. For `overlay` networks and for network driver plugins that -support it you can create multiple subnetworks. - -```bash -$ docker network create -d overlay \ - --subnet=192.168.0.0/16 \ - --subnet=192.170.0.0/16 \ - --gateway=192.168.0.100 \ - --gateway=192.170.0.100 \ - --ip-range=192.168.1.0/24 \ - --aux-address="my-router=192.168.1.5" --aux-address="my-switch=192.168.1.6" \ - --aux-address="my-printer=192.170.1.5" --aux-address="my-nas=192.170.1.6" \ - my-multihost-network -``` - -Be sure that your subnetworks do not overlap. If they do, the network create -fails and Engine returns an error. - -### Bridge driver options - -When creating a custom network, the default network driver (i.e. `bridge`) has -additional options that can be passed. The following are those options and the -equivalent docker daemon flags used for docker0 bridge: - -| Option | Equivalent | Description | -|--------------------------------------------------|-------------|-------------------------------------------------------| -| `com.docker.network.bridge.name` | - | bridge name to be used when creating the Linux bridge | -| `com.docker.network.bridge.enable_ip_masquerade` | `--ip-masq` | Enable IP masquerading | -| `com.docker.network.bridge.enable_icc` | `--icc` | Enable or Disable Inter Container Connectivity | -| `com.docker.network.bridge.host_binding_ipv4` | `--ip` | Default IP when binding container ports | -| `com.docker.network.driver.mtu` | `--mtu` | Set the containers network MTU | - -The following arguments can be passed to `docker network create` for any -network driver, again with their approximate equivalents to `docker daemon`. - -| Argument | Equivalent | Description | -|--------------|----------------|--------------------------------------------| -| `--gateway` | - | IPv4 or IPv6 Gateway for the master subnet | -| `--ip-range` | `--fixed-cidr` | Allocate IPs from a range | -| `--internal` | - | Restrict external access to the network | -| `--ipv6` | `--ipv6` | Enable IPv6 networking | -| `--subnet` | `--bip` | Subnet for network | - -For example, let's use `-o` or `--opt` options to specify an IP address binding -when publishing ports: - -```bash -$ docker network create \ - -o "com.docker.network.bridge.host_binding_ipv4"="172.19.0.1" \ - simple-network -``` - -### Network internal mode - -By default, when you connect a container to an `overlay` network, Docker also -connects a bridge network to it to provide external connectivity. If you want -to create an externally isolated `overlay` network, you can specify the -`--internal` option. - -### Network ingress mode - -You can create the network which will be used to provide the routing-mesh in the -swarm cluster. You do so by specifying `--ingress` when creating the network. Only -one ingress network can be created at the time. The network can be removed only -if no services depend on it. Any option available when creating a overlay network -is also available when creating the ingress network, besides the `--attachable` option. - -```bash -$ docker network create -d overlay \ - --subnet=10.11.0.0/16 \ - --ingress \ - --opt com.docker.network.mtu=9216 \ - --opt encrypted=true \ - my-ingress-network -``` - -## Related commands - -* [network inspect](network_inspect.md) -* [network connect](network_connect.md) -* [network disconnect](network_disconnect.md) -* [network ls](network_ls.md) -* [network rm](network_rm.md) -* [network prune](network_prune.md) -* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/) diff --git a/components/engine/docs/reference/commandline/network_disconnect.md b/components/engine/docs/reference/commandline/network_disconnect.md deleted file mode 100644 index e855894d27..0000000000 --- a/components/engine/docs/reference/commandline/network_disconnect.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: "network disconnect" -description: "The network disconnect command description and usage" -keywords: "network, disconnect, user-defined" ---- - - - -# network disconnect - -```markdown -Usage: docker network disconnect [OPTIONS] NETWORK CONTAINER - -Disconnect a container from a network - -Options: - -f, --force Force the container to disconnect from a network - --help Print usage -``` - -## Description - -Disconnects a container from a network. The container must be running to -disconnect it from the network. - -## Examples - -```bash - $ docker network disconnect multi-host-network container1 -``` - - -## Related commands - -* [network inspect](network_inspect.md) -* [network connect](network_connect.md) -* [network create](network_create.md) -* [network ls](network_ls.md) -* [network rm](network_rm.md) -* [network prune](network_prune.md) -* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/) diff --git a/components/engine/docs/reference/commandline/network_inspect.md b/components/engine/docs/reference/commandline/network_inspect.md deleted file mode 100644 index 1a856ddcb1..0000000000 --- a/components/engine/docs/reference/commandline/network_inspect.md +++ /dev/null @@ -1,307 +0,0 @@ ---- -title: "network inspect" -description: "The network inspect command description and usage" -keywords: "network, inspect, user-defined" ---- - - - -# network inspect - -```markdown -Usage: docker network inspect [OPTIONS] NETWORK [NETWORK...] - -Display detailed information on one or more networks - -Options: - -f, --format string Format the output using the given Go template - --help Print usage -``` - -## Description - -Returns information about one or more networks. By default, this command renders -all results in a JSON object. - -## Examples - -## Inspect the `bridge` network - -Connect two containers to the default `bridge` network: - -```bash -$ sudo docker run -itd --name=container1 busybox -f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27 - -$ sudo docker run -itd --name=container2 busybox -bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727 -``` - -The `network inspect` command shows the containers, by id, in its -results. For networks backed by multi-host network driver, such as Overlay, -this command also shows the container endpoints in other hosts in the -cluster. These endpoints are represented as "ep-{endpoint-id}" in the output. -However, for swarm mode networks, only the endpoints that are local to the -node are shown. - -You can specify an alternate format to execute a given -template for each result. Go's -[text/template](http://golang.org/pkg/text/template/) package describes all the -details of the format. - -```none -$ sudo docker network inspect bridge - -[ - { - "Name": "bridge", - "Id": "b2b1a2cba717161d984383fd68218cf70bbbd17d328496885f7c921333228b0f", - "Created": "2016-10-19T04:33:30.360899459Z", - "Scope": "local", - "Driver": "bridge", - "IPAM": { - "Driver": "default", - "Config": [ - { - "Subnet": "172.17.42.1/16", - "Gateway": "172.17.42.1" - } - ] - }, - "Internal": false, - "Containers": { - "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": { - "Name": "container2", - "EndpointID": "0aebb8fcd2b282abe1365979536f21ee4ceaf3ed56177c628eae9f706e00e019", - "MacAddress": "02:42:ac:11:00:02", - "IPv4Address": "172.17.0.2/16", - "IPv6Address": "" - }, - "f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27": { - "Name": "container1", - "EndpointID": "a00676d9c91a96bbe5bcfb34f705387a33d7cc365bac1a29e4e9728df92d10ad", - "MacAddress": "02:42:ac:11:00:01", - "IPv4Address": "172.17.0.1/16", - "IPv6Address": "" - } - }, - "Options": { - "com.docker.network.bridge.default_bridge": "true", - "com.docker.network.bridge.enable_icc": "true", - "com.docker.network.bridge.enable_ip_masquerade": "true", - "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", - "com.docker.network.bridge.name": "docker0", - "com.docker.network.driver.mtu": "1500" - }, - "Labels": {} - } -] -``` - -### Inspect a user-defined network - -Create and inspect a user-defined network: - -```bash -$ docker network create simple-network - -69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a -``` - -```none -$ docker network inspect simple-network - -[ - { - "Name": "simple-network", - "Id": "69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a", - "Created": "2016-10-19T04:33:30.360899459Z", - "Scope": "local", - "Driver": "bridge", - "IPAM": { - "Driver": "default", - "Config": [ - { - "Subnet": "172.22.0.0/16", - "Gateway": "172.22.0.1" - } - ] - }, - "Containers": {}, - "Options": {}, - "Labels": {} - } -] -``` - -### Inspect the `ingress` network - -For swarm mode overlay networks `network inspect` also shows the IP address and node name -of the peers. Peers are the nodes in the swarm cluster which have at least one task attached -to the network. Node name is of the format `-`. - -```none -$ docker network inspect ingress - -[ - { - "Name": "ingress", - "Id": "j0izitrut30h975vk4m1u5kk3", - "Created": "2016-11-08T06:49:59.803387552Z", - "Scope": "swarm", - "Driver": "overlay", - "EnableIPv6": false, - "IPAM": { - "Driver": "default", - "Options": null, - "Config": [ - { - "Subnet": "10.255.0.0/16", - "Gateway": "10.255.0.1" - } - ] - }, - "Internal": false, - "Attachable": false, - "Containers": { - "ingress-sbox": { - "Name": "ingress-endpoint", - "EndpointID": "40e002d27b7e5d75f60bc72199d8cae3344e1896abec5eddae9743755fe09115", - "MacAddress": "02:42:0a:ff:00:03", - "IPv4Address": "10.255.0.3/16", - "IPv6Address": "" - } - }, - "Options": { - "com.docker.network.driver.overlay.vxlanid_list": "256" - }, - "Labels": {}, - "Peers": [ - { - "Name": "net-1-1d22adfe4d5c", - "IP": "192.168.33.11" - }, - { - "Name": "net-2-d55d838b34af", - "IP": "192.168.33.12" - }, - { - "Name": "net-3-8473f8140bd9", - "IP": "192.168.33.13" - } - ] - } -] -``` - -### Using `verbose` option for `network inspect` - -`docker network inspect --verbose` for swarm mode overlay networks shows service-specific -details such as the service's VIP and port mappings. It also shows IPs of service tasks, -and the IPs of the nodes where the tasks are running. - -Following is an example output for a overlay network `ov1` that has one service `s1` -attached to. service `s1` in this case has three replicas. - -```bash -$ docker network inspect --verbose ov1 -[ - { - "Name": "ov1", - "Id": "ybmyjvao9vtzy3oorxbssj13b", - "Created": "2017-03-13T17:04:39.776106792Z", - "Scope": "swarm", - "Driver": "overlay", - "EnableIPv6": false, - "IPAM": { - "Driver": "default", - "Options": null, - "Config": [ - { - "Subnet": "10.0.0.0/24", - "Gateway": "10.0.0.1" - } - ] - }, - "Internal": false, - "Attachable": false, - "Containers": { - "020403bd88a15f60747fd25d1ad5fa1272eb740e8a97fc547d8ad07b2f721c5e": { - "Name": "s1.1.pjn2ik0sfgkfzed3h0s00gs9o", - "EndpointID": "ad16946f416562d658f3bb30b9830d73ad91ccf6feae44411269cd0ff674714e", - "MacAddress": "02:42:0a:00:00:04", - "IPv4Address": "10.0.0.4/24", - "IPv6Address": "" - } - }, - "Options": { - "com.docker.network.driver.overlay.vxlanid_list": "4097" - }, - "Labels": {}, - "Peers": [ - { - "Name": "net-3-5d3cfd30a58c", - "IP": "192.168.33.13" - }, - { - "Name": "net-1-6ecbc0040a73", - "IP": "192.168.33.11" - }, - { - "Name": "net-2-fb80208efd75", - "IP": "192.168.33.12" - } - ], - "Services": { - "s1": { - "VIP": "10.0.0.2", - "Ports": [], - "LocalLBIndex": 257, - "Tasks": [ - { - "Name": "s1.2.q4hcq2aiiml25ubtrtg4q1txt", - "EndpointID": "040879b027e55fb658e8b60ae3b87c6cdac7d291e86a190a3b5ac6567b26511a", - "EndpointIP": "10.0.0.5", - "Info": { - "Host IP": "192.168.33.11" - } - }, - { - "Name": "s1.3.yawl4cgkp7imkfx469kn9j6lm", - "EndpointID": "106edff9f120efe44068b834e1cddb5b39dd4a3af70211378b2f7a9e562bbad8", - "EndpointIP": "10.0.0.3", - "Info": { - "Host IP": "192.168.33.12" - } - }, - { - "Name": "s1.1.pjn2ik0sfgkfzed3h0s00gs9o", - "EndpointID": "ad16946f416562d658f3bb30b9830d73ad91ccf6feae44411269cd0ff674714e", - "EndpointIP": "10.0.0.4", - "Info": { - "Host IP": "192.168.33.13" - } - } - ] - } - } - } -] -``` - -## Related commands - -* [network disconnect ](network_disconnect.md) -* [network connect](network_connect.md) -* [network create](network_create.md) -* [network ls](network_ls.md) -* [network rm](network_rm.md) -* [network prune](network_prune.md) -* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/) diff --git a/components/engine/docs/reference/commandline/network_ls.md b/components/engine/docs/reference/commandline/network_ls.md deleted file mode 100644 index 8bb8a2c48a..0000000000 --- a/components/engine/docs/reference/commandline/network_ls.md +++ /dev/null @@ -1,250 +0,0 @@ ---- -title: "network ls" -description: "The network ls command description and usage" -keywords: "network, list, user-defined" ---- - - - -# docker network ls - -```markdown -Usage: docker network ls [OPTIONS] - -List networks - -Aliases: - ls, list - -Options: - -f, --filter filter Provide filter values (e.g. 'driver=bridge') - --format string Pretty-print networks using a Go template - --help Print usage - --no-trunc Do not truncate the output - -q, --quiet Only display network IDs -``` - -## Description - -Lists all the networks the Engine `daemon` knows about. This includes the -networks that span across multiple hosts in a cluster. - -## Examples - -### List all networks - -```bash -$ sudo docker network ls -NETWORK ID NAME DRIVER SCOPE -7fca4eb8c647 bridge bridge local -9f904ee27bf5 none null local -cf03ee007fb4 host host local -78b03ee04fc4 multi-host overlay swarm -``` - -Use the `--no-trunc` option to display the full network id: - -```bash -$ docker network ls --no-trunc -NETWORK ID NAME DRIVER SCOPE -18a2866682b85619a026c81b98a5e375bd33e1b0936a26cc497c283d27bae9b3 none null local -c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47 host host local -7b369448dccbf865d397c8d2be0cda7cf7edc6b0945f77d2529912ae917a0185 bridge bridge local -95e74588f40db048e86320c6526440c504650a1ff3e9f7d60a497c4d2163e5bd foo bridge local -63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 dev bridge local -``` - -### Filtering - -The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there -is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). -Multiple filter flags are combined as an `OR` filter. For example, -`-f type=custom -f type=builtin` returns both `custom` and `builtin` networks. - -The currently supported filters are: - -* driver -* id (network's id) -* label (`label=` or `label==`) -* name (network's name) -* scope (`swarm|global|local`) -* type (`custom|builtin`) - -#### Driver - -The `driver` filter matches networks based on their driver. - -The following example matches networks with the `bridge` driver: - -```bash -$ docker network ls --filter driver=bridge -NETWORK ID NAME DRIVER SCOPE -db9db329f835 test1 bridge local -f6e212da9dfd test2 bridge local -``` - -#### ID - -The `id` filter matches on all or part of a network's ID. - -The following filter matches all networks with an ID containing the -`63d1ff1f77b0...` string. - -```bash -$ docker network ls --filter id=63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 -NETWORK ID NAME DRIVER SCOPE -63d1ff1f77b0 dev bridge local -``` - -You can also filter for a substring in an ID as this shows: - -```bash -$ docker network ls --filter id=95e74588f40d -NETWORK ID NAME DRIVER SCOPE -95e74588f40d foo bridge local - -$ docker network ls --filter id=95e -NETWORK ID NAME DRIVER SCOPE -95e74588f40d foo bridge local -``` - -#### Label - -The `label` filter matches networks based on the presence of a `label` alone or a `label` and a -value. - -The following filter matches networks with the `usage` label regardless of its value. - -```bash -$ docker network ls -f "label=usage" -NETWORK ID NAME DRIVER SCOPE -db9db329f835 test1 bridge local -f6e212da9dfd test2 bridge local -``` - -The following filter matches networks with the `usage` label with the `prod` value. - -```bash -$ docker network ls -f "label=usage=prod" -NETWORK ID NAME DRIVER SCOPE -f6e212da9dfd test2 bridge local -``` - -#### Name - -The `name` filter matches on all or part of a network's name. - -The following filter matches all networks with a name containing the `foobar` string. - -```bash -$ docker network ls --filter name=foobar -NETWORK ID NAME DRIVER SCOPE -06e7eef0a170 foobar bridge local -``` - -You can also filter for a substring in a name as this shows: - -```bash -$ docker network ls --filter name=foo -NETWORK ID NAME DRIVER SCOPE -95e74588f40d foo bridge local -06e7eef0a170 foobar bridge local -``` - -#### Scope - -The `scope` filter matches networks based on their scope. - -The following example matches networks with the `swarm` scope: - -```bash -$ docker network ls --filter scope=swarm -NETWORK ID NAME DRIVER SCOPE -xbtm0v4f1lfh ingress overlay swarm -ic6r88twuu92 swarmnet overlay swarm -``` - -The following example matches networks with the `local` scope: - -```bash -$ docker network ls --filter scope=local -NETWORK ID NAME DRIVER SCOPE -e85227439ac7 bridge bridge local -0ca0e19443ed host host local -ca13cc149a36 localnet bridge local -f9e115d2de35 none null local -``` - -#### Type - -The `type` filter supports two values; `builtin` displays predefined networks -(`bridge`, `none`, `host`), whereas `custom` displays user defined networks. - -The following filter matches all user defined networks: - -```bash -$ docker network ls --filter type=custom -NETWORK ID NAME DRIVER SCOPE -95e74588f40d foo bridge local -63d1ff1f77b0 dev bridge local -``` - -By having this flag it allows for batch cleanup. For example, use this filter -to delete all user defined networks: - -```bash -$ docker network rm `docker network ls --filter type=custom -q` -``` - -A warning will be issued when trying to remove a network that has containers -attached. - -### Formatting - -The formatting options (`--format`) pretty-prints networks output -using a Go template. - -Valid placeholders for the Go template are listed below: - -Placeholder | Description --------------|------------------------------------------------------------------------------------------ -`.ID` | Network ID -`.Name` | Network name -`.Driver` | Network driver -`.Scope` | Network scope (local, global) -`.IPv6` | Whether IPv6 is enabled on the network or not. -`.Internal` | Whether the network is internal or not. -`.Labels` | All labels assigned to the network. -`.Label` | Value of a specific label for this network. For example `{{.Label "project.version"}}` -`.CreatedAt` | Time when the network was created - -When using the `--format` option, the `network ls` command will either -output the data exactly as the template declares or, when using the -`table` directive, includes column headers as well. - -The following example uses a template without headers and outputs the -`ID` and `Driver` entries separated by a colon for all networks: - -```bash -$ docker network ls --format "{{.ID}}: {{.Driver}}" -afaaab448eb2: bridge -d1584f8dc718: host -391df270dc66: null -``` - -## Related commands - -* [network disconnect ](network_disconnect.md) -* [network connect](network_connect.md) -* [network create](network_create.md) -* [network inspect](network_inspect.md) -* [network rm](network_rm.md) -* [network prune](network_prune.md) -* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/) diff --git a/components/engine/docs/reference/commandline/network_prune.md b/components/engine/docs/reference/commandline/network_prune.md deleted file mode 100644 index 9ef541061d..0000000000 --- a/components/engine/docs/reference/commandline/network_prune.md +++ /dev/null @@ -1,104 +0,0 @@ ---- -title: "network prune" -description: "Remove unused networks" -keywords: "network, prune, delete" ---- - -# network prune - -```markdown -Usage: docker network prune [OPTIONS] - -Remove all unused networks - -Options: - --filter filter Provide filter values (e.g. 'until=') - -f, --force Do not prompt for confirmation - --help Print usage -``` - -## Description - -Remove all unused networks. Unused networks are those which are not referenced -by any containers. - -## Examples - -```bash -$ docker network prune - -WARNING! This will remove all networks not used by at least one container. -Are you sure you want to continue? [y/N] y -Deleted Networks: -n1 -n2 -``` - -### Filtering - -The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more -than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - -The currently supported filters are: - -* until (``) - only remove networks created before given timestamp -* label (`label=`, `label==`, `label!=`, or `label!==`) - only remove networks with (or without, in case `label!=...` is used) the specified labels. - -The `until` filter can be Unix timestamps, date formatted -timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed -relative to the daemon machine’s time. Supported formats for date -formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, -`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local -timezone on the daemon will be used if you do not provide either a `Z` or a -`+-00:00` timezone offset at the end of the timestamp. When providing Unix -timestamps enter seconds[.nanoseconds], where seconds is the number of seconds -that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap -seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a -fraction of a second no more than nine digits long. - -The `label` filter accepts two formats. One is the `label=...` (`label=` or `label==`), -which removes networks with the specified labels. The other -format is the `label!=...` (`label!=` or `label!==`), which removes -networks without the specified labels. - -The following removes networks created more than 5 minutes ago. Note that -system networks such as `bridge`, `host`, and `none` will never be pruned: - -```none -$ docker network ls - -NETWORK ID NAME DRIVER SCOPE -7430df902d7a bridge bridge local -ea92373fd499 foo-1-day-ago bridge local -ab53663ed3c7 foo-1-min-ago bridge local -97b91972bc3b host host local -f949d337b1f5 none null local - -$ docker network prune --force --filter until=5m - -Deleted Networks: -foo-1-day-ago - -$ docker network ls - -NETWORK ID NAME DRIVER SCOPE -7430df902d7a bridge bridge local -ab53663ed3c7 foo-1-min-ago bridge local -97b91972bc3b host host local -f949d337b1f5 none null local -``` - -## Related commands - -* [network disconnect ](network_disconnect.md) -* [network connect](network_connect.md) -* [network create](network_create.md) -* [network ls](network_ls.md) -* [network inspect](network_inspect.md) -* [network rm](network_rm.md) -* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/) -* [system df](system_df.md) -* [container prune](container_prune.md) -* [image prune](image_prune.md) -* [volume prune](volume_prune.md) -* [system prune](system_prune.md) diff --git a/components/engine/docs/reference/commandline/network_rm.md b/components/engine/docs/reference/commandline/network_rm.md deleted file mode 100644 index aab487a044..0000000000 --- a/components/engine/docs/reference/commandline/network_rm.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: "network rm" -description: "the network rm command description and usage" -keywords: "network, rm, user-defined" ---- - - - -# network rm - -```markdown -Usage: docker network rm NETWORK [NETWORK...] - -Remove one or more networks - -Aliases: - rm, remove - -Options: - --help Print usage -``` - -## Description - -Removes one or more networks by name or identifier. To remove a network, -you must first disconnect any containers connected to it. - -## Examples - -### Remove a network - -To remove the network named 'my-network': - -```bash - $ docker network rm my-network -``` - -### Remove multiple networks - -To delete multiple networks in a single `docker network rm` command, provide -multiple network names or ids. The following example deletes a network with id -`3695c422697f` and a network named `my-network`: - -```bash - $ docker network rm 3695c422697f my-network -``` - -When you specify multiple networks, the command attempts to delete each in turn. -If the deletion of one network fails, the command continues to the next on the -list and tries to delete that. The command reports success or failure for each -deletion. - -## Related commands - -* [network disconnect ](network_disconnect.md) -* [network connect](network_connect.md) -* [network create](network_create.md) -* [network ls](network_ls.md) -* [network inspect](network_inspect.md) -* [network prune](network_prune.md) -* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/) diff --git a/components/engine/docs/reference/commandline/node.md b/components/engine/docs/reference/commandline/node.md deleted file mode 100644 index 3a7d4b3a76..0000000000 --- a/components/engine/docs/reference/commandline/node.md +++ /dev/null @@ -1,42 +0,0 @@ - ---- -title: "node" -description: "The node command description and usage" -keywords: "node" ---- - - - -# node - -```markdown -Usage: docker node COMMAND - -Manage Swarm nodes - -Options: - --help Print usage - -Commands: - demote Demote one or more nodes from manager in the swarm - inspect Display detailed information on one or more nodes - ls List nodes in the swarm - promote Promote one or more nodes to manager in the swarm - ps List tasks running on one or more nodes, defaults to current node - rm Remove one or more nodes from the swarm - update Update a node - -Run 'docker node COMMAND --help' for more information on a command. -``` - -## Description - -Manage nodes. - diff --git a/components/engine/docs/reference/commandline/node_demote.md b/components/engine/docs/reference/commandline/node_demote.md deleted file mode 100644 index e6e59d8945..0000000000 --- a/components/engine/docs/reference/commandline/node_demote.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: "node demote" -description: "The node demote command description and usage" -keywords: "node, demote" ---- - - - -# node demote - -```markdown -Usage: docker node demote NODE [NODE...] - -Demote one or more nodes from manager in the swarm - -Options: - --help Print usage - -``` - -## Description - -Demotes an existing manager so that it is no longer a manager. This command -targets a docker engine that is a manager in the swarm. - - -## Examples - -```bash -$ docker node demote -``` - -## Related commands - -* [node inspect](node_inspect.md) -* [node ls](node_ls.md) -* [node promote](node_promote.md) -* [node ps](node_ps.md) -* [node rm](node_rm.md) -* [node update](node_update.md) diff --git a/components/engine/docs/reference/commandline/node_inspect.md b/components/engine/docs/reference/commandline/node_inspect.md deleted file mode 100644 index 6ee9e17e6f..0000000000 --- a/components/engine/docs/reference/commandline/node_inspect.md +++ /dev/null @@ -1,167 +0,0 @@ ---- -title: "node inspect" -description: "The node inspect command description and usage" -keywords: "node, inspect" ---- - - - -# node inspect - -```markdown -Usage: docker node inspect [OPTIONS] self|NODE [NODE...] - -Display detailed information on one or more nodes - -Options: - -f, --format string Format the output using the given Go template - --help Print usage - --pretty Print the information in a human friendly format -``` - -## Description - -Returns information about a node. By default, this command renders all results -in a JSON array. You can specify an alternate format to execute a -given template for each result. Go's -[text/template](http://golang.org/pkg/text/template/) package describes all the -details of the format. - -## Examples - -### Inspect a node - -```none -$ docker node inspect swarm-manager - -[ -{ - "ID": "e216jshn25ckzbvmwlnh5jr3g", - "Version": { - "Index": 10 - }, - "CreatedAt": "2017-05-16T22:52:44.9910662Z", - "UpdatedAt": "2017-05-16T22:52:45.230878043Z", - "Spec": { - "Role": "manager", - "Availability": "active" - }, - "Description": { - "Hostname": "swarm-manager", - "Platform": { - "Architecture": "x86_64", - "OS": "linux" - }, - "Resources": { - "NanoCPUs": 1000000000, - "MemoryBytes": 1039843328 - }, - "Engine": { - "EngineVersion": "17.06.0-ce", - "Plugins": [ - { - "Type": "Volume", - "Name": "local" - }, - { - "Type": "Network", - "Name": "overlay" - }, - { - "Type": "Network", - "Name": "null" - }, - { - "Type": "Network", - "Name": "host" - }, - { - "Type": "Network", - "Name": "bridge" - }, - { - "Type": "Network", - "Name": "overlay" - } - ] - }, - "TLSInfo": { - "TrustRoot": "-----BEGIN CERTIFICATE-----\nMIIBazCCARCgAwIBAgIUOzgqU4tA2q5Yv1HnkzhSIwGyIBswCgYIKoZIzj0EAwIw\nEzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAyMDAyNDAwWhcNMzcwNDI3MDAy\nNDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABMbiAmET+HZyve35ujrnL2kOLBEQhFDZ5MhxAuYs96n796sFlfxTxC1lM/2g\nAh8DI34pm3JmHgZxeBPKUURJHKWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB\nAf8EBTADAQH/MB0GA1UdDgQWBBS3sjTJOcXdkls6WSY2rTx1KIJueTAKBggqhkjO\nPQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3\nzONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ==\n-----END CERTIFICATE-----\n", - "CertIssuerSubject": "MBMxETAPBgNVBAMTCHN3YXJtLWNh", - "CertIssuerPublicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ==" - } - }, - "Status": { - "State": "ready", - "Addr": "168.0.32.137" - }, - "ManagerStatus": { - "Leader": true, - "Reachability": "reachable", - "Addr": "168.0.32.137:2377" - } -} -] -``` - -### Specify an output format - -```none -$ docker node inspect --format '{{ .ManagerStatus.Leader }}' self - -false - -$ docker node inspect --pretty self -ID: e216jshn25ckzbvmwlnh5jr3g -Hostname: swarm-manager -Joined at: 2017-05-16 22:52:44.9910662 +0000 utc -Status: - State: Ready - Availability: Active - Address: 172.17.0.2 -Manager Status: - Address: 172.17.0.2:2377 - Raft Status: Reachable - Leader: Yes -Platform: - Operating System: linux - Architecture: x86_64 -Resources: - CPUs: 4 - Memory: 7.704 GiB -Plugins: - Network: overlay, bridge, null, host, overlay - Volume: local -Engine Version: 17.06.0-ce -TLS Info: - TrustRoot: ------BEGIN CERTIFICATE----- -MIIBazCCARCgAwIBAgIUOzgqU4tA2q5Yv1HnkzhSIwGyIBswCgYIKoZIzj0EAwIw -EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAyMDAyNDAwWhcNMzcwNDI3MDAy -NDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABMbiAmET+HZyve35ujrnL2kOLBEQhFDZ5MhxAuYs96n796sFlfxTxC1lM/2g -Ah8DI34pm3JmHgZxeBPKUURJHKWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB -Af8EBTADAQH/MB0GA1UdDgQWBBS3sjTJOcXdkls6WSY2rTx1KIJueTAKBggqhkjO -PQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3 -zONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ== ------END CERTIFICATE----- - - Issuer Public Key: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ== - Issuer Subject: MBMxETAPBgNVBAMTCHN3YXJtLWNh -``` - -## Related commands - -* [node demote](node_demote.md) -* [node ls](node_ls.md) -* [node promote](node_promote.md) -* [node ps](node_ps.md) -* [node rm](node_rm.md) -* [node update](node_update.md) diff --git a/components/engine/docs/reference/commandline/node_ls.md b/components/engine/docs/reference/commandline/node_ls.md deleted file mode 100644 index 2f9c2becdf..0000000000 --- a/components/engine/docs/reference/commandline/node_ls.md +++ /dev/null @@ -1,171 +0,0 @@ ---- -title: "node ls" -description: "The node ls command description and usage" -keywords: "node, list" ---- - - - -# node ls - -```markdown -Usage: docker node ls [OPTIONS] - -List nodes in the swarm - -Aliases: - ls, list - -Options: - -f, --filter filter Filter output based on conditions provided - --format string Pretty-print nodes using a Go template - --help Print usage - -q, --quiet Only display IDs -``` - -## Description - -Lists all the nodes that the Docker Swarm manager knows about. You can filter -using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section -for more information about available filter options. - -## Examples - -```bash -$ docker node ls - -ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS -1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active -38ciaotwjuritcdtn9npbnkuz swarm-worker1 Ready Active -e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader -``` -> **Note**: -> In the above example output, there is a hidden column of `.Self` that indicates if the -> node is the same node as the current docker daemon. A `*` (e.g., `e216jshn25ckzbvmwlnh5jr3g *`) -> means this node is the current docker daemon. - - -### Filtering - -The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more -than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - -The currently supported filters are: - -* [id](node_ls.md#id) -* [label](node_ls.md#label) -* [membership](node_ls.md#membership) -* [name](node_ls.md#name) -* [role](node_ls.md#role) - -#### id - -The `id` filter matches all or part of a node's id. - -```bash -$ docker node ls -f id=1 - -ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS -1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active -``` - -#### label - -The `label` filter matches nodes based on engine labels and on the presence of a `label` alone or a `label` and a value. Node labels are currently not used for filtering. - -The following filter matches nodes with the `foo` label regardless of its value. - -```bash -$ docker node ls -f "label=foo" - -ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS -1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active -``` - -#### membership - -The `membership` filter matches nodes based on the presence of a `membership` and a value -`accepted` or `pending`. - -The following filter matches nodes with the `membership` of `accepted`. - -```bash -$ docker node ls -f "membership=accepted" - -ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS -1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active -38ciaotwjuritcdtn9npbnkuz swarm-worker1 Ready Active -``` - -#### name - -The `name` filter matches on all or part of a node hostname. - -The following filter matches the nodes with a name equal to `swarm-master` string. - -```bash -$ docker node ls -f name=swarm-manager1 - -ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS -e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader -``` - -#### role - -The `role` filter matches nodes based on the presence of a `role` and a value `worker` or `manager`. - -The following filter matches nodes with the `manager` role. - -```bash -$ docker node ls -f "role=manager" - -ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS -e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader -``` - -### Formatting - -The formatting options (`--format`) pretty-prints nodes output -using a Go template. - -Valid placeholders for the Go template are listed below: - -Placeholder | Description ------------------|------------------------------------------------------------------------------------------ -`.ID` | Node ID -`.Self` | Node of the daemon (`true/false`, `true`indicates that the node is the same as current docker daemon) -`.Hostname` | Node hostname -`.Status` | Node status -`.Availability` | Node availability ("active", "pause", or "drain") -`.ManagerStatus` | Manager status of the node -`.TLSStatus` | TLS status of the node ("Ready", or "Needs Rotation" has TLS certificate signed by an old CA) - -When using the `--format` option, the `node ls` command will either -output the data exactly as the template declares or, when using the -`table` directive, includes column headers as well. - -The following example uses a template without headers and outputs the -`ID`, `Hostname`, and `TLS Status` entries separated by a colon for all nodes: - -```bash -$ docker node ls --format "{{.ID}}: {{.Hostname}} {{.TLSStatus}}" -e216jshn25ckzbvmwlnh5jr3g: swarm-manager1 Ready -35o6tiywb700jesrt3dmllaza: swarm-worker1 Needs Rotation -`` - - -## Related commands - -* [node demote](node_demote.md) -* [node inspect](node_inspect.md) -* [node promote](node_promote.md) -* [node ps](node_ps.md) -* [node rm](node_rm.md) -* [node update](node_update.md) diff --git a/components/engine/docs/reference/commandline/node_promote.md b/components/engine/docs/reference/commandline/node_promote.md deleted file mode 100644 index 1ebbe9550c..0000000000 --- a/components/engine/docs/reference/commandline/node_promote.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: "node promote" -description: "The node promote command description and usage" -keywords: "node, promote" ---- - - - -# node promote - -```markdown -Usage: docker node promote NODE [NODE...] - -Promote one or more nodes to manager in the swarm - -Options: - --help Print usage -``` - -## Description - -Promotes a node to manager. This command targets a docker engine that is a -manager in the swarm. - -## Examples - -```bash -$ docker node promote -``` - -## Related commands - -* [node demote](node_demote.md) -* [node inspect](node_inspect.md) -* [node ls](node_ls.md) -* [node ps](node_ps.md) -* [node rm](node_rm.md) -* [node update](node_update.md) diff --git a/components/engine/docs/reference/commandline/node_ps.md b/components/engine/docs/reference/commandline/node_ps.md deleted file mode 100644 index 0bf76e0d8e..0000000000 --- a/components/engine/docs/reference/commandline/node_ps.md +++ /dev/null @@ -1,148 +0,0 @@ ---- -title: "node ps" -description: "The node ps command description and usage" -keywords: node, tasks, ps -aliases: ["/engine/reference/commandline/node_tasks/"] ---- - - - -# node ps - -```markdown -Usage: docker node ps [OPTIONS] [NODE...] - -List tasks running on one or more nodes, defaults to current node. - -Options: - -f, --filter filter Filter output based on conditions provided - --format string Pretty-print tasks using a Go template - --help Print usage - --no-resolve Do not map IDs to Names - --no-trunc Do not truncate output - -q, --quiet Only display task IDs -``` - -## Description - -Lists all the tasks on a Node that Docker knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options. - -## Examples - -```bash -$ docker node ps swarm-manager1 -NAME IMAGE NODE DESIRED STATE CURRENT STATE -redis.1.7q92v0nr1hcgts2amcjyqg3pq redis:3.0.6 swarm-manager1 Running Running 5 hours -redis.6.b465edgho06e318egmgjbqo4o redis:3.0.6 swarm-manager1 Running Running 29 seconds -redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 5 seconds -redis.9.dkkual96p4bb3s6b10r7coxxt redis:3.0.6 swarm-manager1 Running Running 5 seconds -redis.10.0tgctg8h8cech4w0k0gwrmr23 redis:3.0.6 swarm-manager1 Running Running 5 seconds -``` - -### Filtering - -The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more -than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - -The currently supported filters are: - -* [name](#name) -* [id](#id) -* [label](#label) -* [desired-state](#desired-state) - -#### name - -The `name` filter matches on all or part of a task's name. - -The following filter matches all tasks with a name containing the `redis` string. - -```bash -$ docker node ps -f name=redis swarm-manager1 - -NAME IMAGE NODE DESIRED STATE CURRENT STATE -redis.1.7q92v0nr1hcgts2amcjyqg3pq redis:3.0.6 swarm-manager1 Running Running 5 hours -redis.6.b465edgho06e318egmgjbqo4o redis:3.0.6 swarm-manager1 Running Running 29 seconds -redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 5 seconds -redis.9.dkkual96p4bb3s6b10r7coxxt redis:3.0.6 swarm-manager1 Running Running 5 seconds -redis.10.0tgctg8h8cech4w0k0gwrmr23 redis:3.0.6 swarm-manager1 Running Running 5 seconds -``` - -#### id - -The `id` filter matches a task's id. - -```bash -$ docker node ps -f id=bg8c07zzg87di2mufeq51a2qp swarm-manager1 - -NAME IMAGE NODE DESIRED STATE CURRENT STATE -redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 5 seconds -``` - -#### label - -The `label` filter matches tasks based on the presence of a `label` alone or a `label` and a -value. - -The following filter matches tasks with the `usage` label regardless of its value. - -```bash -$ docker node ps -f "label=usage" - -NAME IMAGE NODE DESIRED STATE CURRENT STATE -redis.6.b465edgho06e318egmgjbqo4o redis:3.0.6 swarm-manager1 Running Running 10 minutes -redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 9 minutes -``` - - -#### desired-state - -The `desired-state` filter can take the values `running`, `shutdown`, or `accepted`. - - -### Formatting - -The formatting options (`--format`) pretty-prints tasks output -using a Go template. - -Valid placeholders for the Go template are listed below: - -Placeholder | Description -----------------|------------------------------------------------------------------------------------------ -`.Name` | Task name -`.Image` | Task image -`.Node` | Node ID -`.DesiredState` | Desired state of the task (`running`, `shutdown`, or `accepted`) -`.CurrentState` | Current state of the task -`.Error` | Error -`.Ports` | Task published ports - -When using the `--format` option, the `node ps` command will either -output the data exactly as the template declares or, when using the -`table` directive, includes column headers as well. - -The following example uses a template without headers and outputs the -`Name` and `Image` entries separated by a colon for all tasks: - -```bash -$ docker node ps --format "{{.Name}}: {{.Image}}" -top.1: busybox -top.2: busybox -top.3: busybox -``` - -## Related commands - -* [node demote](node_demote.md) -* [node inspect](node_inspect.md) -* [node ls](node_ls.md) -* [node promote](node_promote.md) -* [node rm](node_rm.md) -* [node update](node_update.md) diff --git a/components/engine/docs/reference/commandline/node_rm.md b/components/engine/docs/reference/commandline/node_rm.md deleted file mode 100644 index c2fdd4d156..0000000000 --- a/components/engine/docs/reference/commandline/node_rm.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -title: "node rm" -description: "The node rm command description and usage" -keywords: "node, remove" ---- - - - -# node rm - -```markdown -Usage: docker node rm [OPTIONS] NODE [NODE...] - -Remove one or more nodes from the swarm - -Aliases: - rm, remove - -Options: - -f, --force Force remove a node from the swarm - --help Print usage -``` - -## Description - -When run from a manager node, removes the specified nodes from a swarm. - - -## Examples - -### Remove a stopped node from the swarm - -```bash -$ docker node rm swarm-node-02 - -Node swarm-node-02 removed from swarm -``` -### Attempt to remove a running node from a swarm - -Removes the specified nodes from the swarm, but only if the nodes are in the -down state. If you attempt to remove an active node you will receive an error: - -```non -$ docker node rm swarm-node-03 - -Error response from daemon: rpc error: code = 9 desc = node swarm-node-03 is not -down and can't be removed -``` - -### Forcibly remove an inaccessible node from a swarm - -If you lose access to a worker node or need to shut it down because it has been -compromised or is not behaving as expected, you can use the `--force` option. -This may cause transient errors or interruptions, depending on the type of task -being run on the node. - -```bash -$ docker node rm --force swarm-node-03 - -Node swarm-node-03 removed from swarm -``` - -A manager node must be demoted to a worker node (using `docker node demote`) -before you can remove it from the swarm. - -## Related commands - -* [node demote](node_demote.md) -* [node inspect](node_inspect.md) -* [node ls](node_ls.md) -* [node promote](node_promote.md) -* [node ps](node_ps.md) -* [node update](node_update.md) diff --git a/components/engine/docs/reference/commandline/node_update.md b/components/engine/docs/reference/commandline/node_update.md deleted file mode 100644 index 11117c7a9b..0000000000 --- a/components/engine/docs/reference/commandline/node_update.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: "node update" -description: "The node update command description and usage" -keywords: "resources, update, dynamically" ---- - - - -# update - -```markdown -Usage: docker node update [OPTIONS] NODE - -Update a node - -Options: - --availability string Availability of the node ("active"|"pause"|"drain") - --help Print usage - --label-add value Add or update a node label (key=value) (default []) - --label-rm value Remove a node label if exists (default []) - --role string Role of the node ("worker"|"manager") -``` - -## Description - -Update metadata about a node, such as its availability, labels, or roles. - -## Examples - -### Add label metadata to a node - -Add metadata to a swarm node using node labels. You can specify a node label as -a key with an empty value: - -``` bash -$ docker node update --label-add foo worker1 -``` - -To add multiple labels to a node, pass the `--label-add` flag for each label: - -```bash -$ docker node update --label-add foo --label-add bar worker1 -``` - -When you [create a service](service_create.md), -you can use node labels as a constraint. A constraint limits the nodes where the -scheduler deploys tasks for a service. - -For example, to add a `type` label to identify nodes where the scheduler should -deploy message queue service tasks: - -``` bash -$ docker node update --label-add type=queue worker1 -``` - -The labels you set for nodes using `docker node update` apply only to the node -entity within the swarm. Do not confuse them with the docker daemon labels for -[dockerd](https://docs.docker.com/engine/userguide/labels-custom-metadata/#daemon-labels). - -For more information about labels, refer to [apply custom -metadata](https://docs.docker.com/engine/userguide/labels-custom-metadata/). - -## Related commands - -* [node demote](node_demote.md) -* [node inspect](node_inspect.md) -* [node ls](node_ls.md) -* [node promote](node_promote.md) -* [node ps](node_ps.md) -* [node rm](node_rm.md) diff --git a/components/engine/docs/reference/commandline/pause.md b/components/engine/docs/reference/commandline/pause.md deleted file mode 100644 index 5bb652b923..0000000000 --- a/components/engine/docs/reference/commandline/pause.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: "pause" -description: "The pause command description and usage" -keywords: "cgroups, container, suspend, SIGSTOP" ---- - - - -# pause - -```markdown -Usage: docker pause CONTAINER [CONTAINER...] - -Pause all processes within one or more containers - -Options: - --help Print usage -``` - -## Description - -The `docker pause` command suspends all processes in the specified containers. -On Linux, this uses the cgroups freezer. Traditionally, when suspending a process -the `SIGSTOP` signal is used, which is observable by the process being suspended. -With the cgroups freezer the process is unaware, and unable to capture, -that it is being suspended, and subsequently resumed. On Windows, only Hyper-V -containers can be paused. - -See the -[cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) -for further details. - -## Examples - -```bash -$ docker pause my_container -``` - -## Related commands - -* [unpause](unpause.md) diff --git a/components/engine/docs/reference/commandline/plugin.md b/components/engine/docs/reference/commandline/plugin.md deleted file mode 100644 index 75082477d1..0000000000 --- a/components/engine/docs/reference/commandline/plugin.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: "plugin" -description: "The plugin command description and usage" -keywords: "plugin" ---- - - - -# plugin - -```markdown -Usage: docker plugin COMMAND - -Manage plugins - -Options: - --help Print usage - -Commands: - create Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory. - disable Disable a plugin - enable Enable a plugin - inspect Display detailed information on one or more plugins - install Install a plugin - ls List plugins - push Push a plugin to a registry - rm Remove one or more plugins - set Change settings for a plugin - upgrade Upgrade an existing plugin - -Run 'docker plugin COMMAND --help' for more information on a command. - -``` - -## Description - -Manage plugins. diff --git a/components/engine/docs/reference/commandline/plugin_create.md b/components/engine/docs/reference/commandline/plugin_create.md deleted file mode 100644 index 5f16ac3e43..0000000000 --- a/components/engine/docs/reference/commandline/plugin_create.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: "plugin create" -description: "the plugin create command description and usage" -keywords: "plugin, create" ---- - - - -# plugin create - -```markdown -Usage: docker plugin create [OPTIONS] PLUGIN PLUGIN-DATA-DIR - -Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory. - -Options: - --compress Compress the context using gzip - --help Print usage -``` - -## Description - -Creates a plugin. Before creating the plugin, prepare the plugin's root filesystem as well as -[the config.json](../../extend/config.md) - -## Examples - -The following example shows how to create a sample `plugin`. - -```bash -$ ls -ls /home/pluginDir - -total 4 -4 -rw-r--r-- 1 root root 431 Nov 7 01:40 config.json -0 drwxr-xr-x 19 root root 420 Nov 7 01:40 rootfs - -$ docker plugin create plugin /home/pluginDir - -plugin - -$ docker plugin ls - -ID NAME TAG DESCRIPTION ENABLED -672d8144ec02 plugin latest A sample plugin for Docker false -``` - -The plugin can subsequently be enabled for local use or pushed to the public registry. - -## Related commands - -* [plugin disable](plugin_disable.md) -* [plugin enable](plugin_enable.md) -* [plugin inspect](plugin_inspect.md) -* [plugin install](plugin_install.md) -* [plugin ls](plugin_ls.md) -* [plugin push](plugin_push.md) -* [plugin rm](plugin_rm.md) -* [plugin set](plugin_set.md) -* [plugin upgrade](plugin_upgrade.md) diff --git a/components/engine/docs/reference/commandline/plugin_disable.md b/components/engine/docs/reference/commandline/plugin_disable.md deleted file mode 100644 index fa1327b0c7..0000000000 --- a/components/engine/docs/reference/commandline/plugin_disable.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: "plugin disable" -description: "the plugin disable command description and usage" -keywords: "plugin, disable" ---- - - - -# plugin disable - -```markdown -Usage: docker plugin disable [OPTIONS] PLUGIN - -Disable a plugin - -Options: - -f, --force Force the disable of an active plugin - --help Print usage -``` - -## Description - -Disables a plugin. The plugin must be installed before it can be disabled, -see [`docker plugin install`](plugin_install.md). Without the `-f` option, -a plugin that has references (e.g., volumes, networks) cannot be disabled. - -## Examples - -The following example shows that the `sample-volume-plugin` plugin is installed -and enabled: - -```bash -$ docker plugin ls - -ID NAME TAG DESCRIPTION ENABLED -69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker true -``` - -To disable the plugin, use the following command: - -```bash -$ docker plugin disable tiborvass/sample-volume-plugin - -tiborvass/sample-volume-plugin - -$ docker plugin ls - -ID NAME TAG DESCRIPTION ENABLED -69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker false -``` - -## Related commands - -* [plugin create](plugin_create.md) -* [plugin enable](plugin_enable.md) -* [plugin inspect](plugin_inspect.md) -* [plugin install](plugin_install.md) -* [plugin ls](plugin_ls.md) -* [plugin push](plugin_push.md) -* [plugin rm](plugin_rm.md) -* [plugin set](plugin_set.md) -* [plugin upgrade](plugin_upgrade.md) diff --git a/components/engine/docs/reference/commandline/plugin_enable.md b/components/engine/docs/reference/commandline/plugin_enable.md deleted file mode 100644 index 2098a115ad..0000000000 --- a/components/engine/docs/reference/commandline/plugin_enable.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: "plugin enable" -description: "the plugin enable command description and usage" -keywords: "plugin, enable" ---- - - - -# plugin enable - -```markdown -Usage: docker plugin enable [OPTIONS] PLUGIN - -Enable a plugin - -Options: - --help Print usage - --timeout int HTTP client timeout (in seconds) -``` - -## Description - -Enables a plugin. The plugin must be installed before it can be enabled, -see [`docker plugin install`](plugin_install.md). - -## Examples - -The following example shows that the `sample-volume-plugin` plugin is installed, -but disabled: - -```bash -$ docker plugin ls - -ID NAME TAG DESCRIPTION ENABLED -69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker false -``` - -To enable the plugin, use the following command: - -```bash -$ docker plugin enable tiborvass/sample-volume-plugin - -tiborvass/sample-volume-plugin - -$ docker plugin ls - -ID NAME TAG DESCRIPTION ENABLED -69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker true -``` - -## Related commands - -* [plugin create](plugin_create.md) -* [plugin disable](plugin_disable.md) -* [plugin inspect](plugin_inspect.md) -* [plugin install](plugin_install.md) -* [plugin ls](plugin_ls.md) -* [plugin push](plugin_push.md) -* [plugin rm](plugin_rm.md) -* [plugin set](plugin_set.md) -* [plugin upgrade](plugin_upgrade.md) diff --git a/components/engine/docs/reference/commandline/plugin_inspect.md b/components/engine/docs/reference/commandline/plugin_inspect.md deleted file mode 100644 index e1a6403343..0000000000 --- a/components/engine/docs/reference/commandline/plugin_inspect.md +++ /dev/null @@ -1,166 +0,0 @@ ---- -title: "plugin inspect" -description: "The plugin inspect command description and usage" -keywords: "plugin, inspect" ---- - - - -# plugin inspect - -```markdown -Usage: docker plugin inspect [OPTIONS] PLUGIN [PLUGIN...] - -Display detailed information on one or more plugins - -Options: - -f, --format string Format the output using the given Go template - --help Print usage -``` - -## Description - -Returns information about a plugin. By default, this command renders all results -in a JSON array. - -## Examples - - -```none -$ docker plugin inspect tiborvass/sample-volume-plugin:latest - -{ - "Id": "8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21", - "Name": "tiborvass/sample-volume-plugin:latest", - "PluginReference": "tiborvas/sample-volume-plugin:latest", - "Enabled": true, - "Config": { - "Mounts": [ - { - "Name": "", - "Description": "", - "Settable": null, - "Source": "/data", - "Destination": "/data", - "Type": "bind", - "Options": [ - "shared", - "rbind" - ] - }, - { - "Name": "", - "Description": "", - "Settable": null, - "Source": null, - "Destination": "/foobar", - "Type": "tmpfs", - "Options": null - } - ], - "Env": [ - "DEBUG=1" - ], - "Args": null, - "Devices": null - }, - "Manifest": { - "ManifestVersion": "v0", - "Description": "A test plugin for Docker", - "Documentation": "https://docs.docker.com/engine/extend/plugins/", - "Interface": { - "Types": [ - "docker.volumedriver/1.0" - ], - "Socket": "plugins.sock" - }, - "Entrypoint": [ - "plugin-sample-volume-plugin", - "/data" - ], - "Workdir": "", - "User": { - }, - "Network": { - "Type": "host" - }, - "Capabilities": null, - "Mounts": [ - { - "Name": "", - "Description": "", - "Settable": null, - "Source": "/data", - "Destination": "/data", - "Type": "bind", - "Options": [ - "shared", - "rbind" - ] - }, - { - "Name": "", - "Description": "", - "Settable": null, - "Source": null, - "Destination": "/foobar", - "Type": "tmpfs", - "Options": null - } - ], - "Devices": [ - { - "Name": "device", - "Description": "a host device to mount", - "Settable": null, - "Path": "/dev/cpu_dma_latency" - } - ], - "Env": [ - { - "Name": "DEBUG", - "Description": "If set, prints debug messages", - "Settable": null, - "Value": "1" - } - ], - "Args": { - "Name": "args", - "Description": "command line arguments", - "Settable": null, - "Value": [ - - ] - } - } -} -``` - -(output formatted for readability) - -### Formatting the output - -```bash -$ docker plugin inspect -f '{{.Id}}' tiborvass/sample-volume-plugin:latest - -8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21 -``` - -## Related commands - -* [plugin create](plugin_create.md) -* [plugin enable](plugin_enable.md) -* [plugin disable](plugin_disable.md) -* [plugin install](plugin_install.md) -* [plugin ls](plugin_ls.md) -* [plugin push](plugin_push.md) -* [plugin rm](plugin_rm.md) -* [plugin set](plugin_set.md) -* [plugin upgrade](plugin_upgrade.md) diff --git a/components/engine/docs/reference/commandline/plugin_install.md b/components/engine/docs/reference/commandline/plugin_install.md deleted file mode 100644 index 78d9a61b75..0000000000 --- a/components/engine/docs/reference/commandline/plugin_install.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: "plugin install" -description: "the plugin install command description and usage" -keywords: "plugin, install" ---- - - - -# plugin install - -```markdown -Usage: docker plugin install [OPTIONS] PLUGIN [KEY=VALUE...] - -Install a plugin - -Options: - --alias string Local name for plugin - --disable Do not enable the plugin on install - --disable-content-trust Skip image verification (default true) - --grant-all-permissions Grant all permissions necessary to run the plugin - --help Print usage -``` - -## Description - -Installs and enables a plugin. Docker looks first for the plugin on your Docker -host. If the plugin does not exist locally, then the plugin is pulled from -the registry. Note that the minimum required registry version to distribute -plugins is 2.3.0 - -## Examples - -The following example installs `vieus/sshfs` plugin and [sets](plugin_set.md) its -`DEBUG` environment variable to `1`. To install, `pull` the plugin from Docker -Hub and prompt the user to accept the list of privileges that the plugin needs, -set the plugin's parameters and enable the plugin. - -```bash -$ docker plugin install vieux/sshfs DEBUG=1 - -Plugin "vieux/sshfs" is requesting the following privileges: - - network: [host] - - device: [/dev/fuse] - - capabilities: [CAP_SYS_ADMIN] -Do you grant the above permissions? [y/N] y -vieux/sshfs -``` - -After the plugin is installed, it appears in the list of plugins: - -```bash -$ docker plugin ls - -ID NAME TAG DESCRIPTION ENABLED -69553ca1d123 vieux/sshfs latest sshFS plugin for Docker true -``` - -## Related commands - -* [plugin create](plugin_create.md) -* [plugin disable](plugin_disable.md) -* [plugin enable](plugin_enable.md) -* [plugin inspect](plugin_inspect.md) -* [plugin ls](plugin_ls.md) -* [plugin push](plugin_push.md) -* [plugin rm](plugin_rm.md) -* [plugin set](plugin_set.md) -* [plugin upgrade](plugin_upgrade.md) diff --git a/components/engine/docs/reference/commandline/plugin_ls.md b/components/engine/docs/reference/commandline/plugin_ls.md deleted file mode 100644 index 3ba29fee03..0000000000 --- a/components/engine/docs/reference/commandline/plugin_ls.md +++ /dev/null @@ -1,118 +0,0 @@ ---- -title: "plugin ls" -description: "The plugin ls command description and usage" -keywords: "plugin, list" ---- - - - -# plugin ls - -```markdown -Usage: docker plugin ls [OPTIONS] - -List plugins - -Aliases: - ls, list - -Options: - -f, --filter filter Provide filter values (e.g. 'enabled=true') - --format string Pretty-print plugins using a Go template - --help Print usage - --no-trunc Don't truncate output - -q, --quiet Only display plugin IDs -``` - -## Description - -Lists all the plugins that are currently installed. You can install plugins -using the [`docker plugin install`](plugin_install.md) command. -You can also filter using the `-f` or `--filter` flag. -Refer to the [filtering](#filtering) section for more information about available filter options. - -## Examples - -```bash -$ docker plugin ls - -ID NAME TAG DESCRIPTION ENABLED -69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker true -``` - -### Filtering - -The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more -than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - -The currently supported filters are: - -* enabled (boolean - true or false, 0 or 1) -* capability (string - currently `volumedriver`, `networkdriver`, `ipamdriver`, `logdriver`, `metricscollector`, or `authz`) - -#### enabled - -The `enabled` filter matches on plugins enabled or disabled. - -#### capability - -The `capability` filter matches on plugin capabilities. One plugin -might have multiple capabilities. Currently `volumedriver`, `networkdriver`, -`ipamdriver`, `logdriver`, `metricscollector`, and `authz` are supported capabilities. - -```bash -$ docker plugin install --disable tiborvass/no-remove - -tiborvass/no-remove - -$ docker plugin ls --filter enabled=true - -NAME TAG DESCRIPTION ENABLED -``` - -### Formatting - -The formatting options (`--format`) pretty-prints plugins output -using a Go template. - -Valid placeholders for the Go template are listed below: - -Placeholder | Description ----------------|------------------------------------------------------------------------------------------ -`.ID` | Plugin ID -`.Name` | Plugin name -`.Description` | Plugin description -`.Enabled` | Whether plugin is enabled or not -`.PluginReference` | The reference used to push/pull from a registry - -When using the `--format` option, the `plugin ls` command will either -output the data exactly as the template declares or, when using the -`table` directive, includes column headers as well. - -The following example uses a template without headers and outputs the -`ID` and `Name` entries separated by a colon for all plugins: - -```bash -$ docker plugin ls --format "{{.ID}}: {{.Name}}" - -4be01827a72e: tiborvass/no-remove -``` - -## Related commands - -* [plugin create](plugin_create.md) -* [plugin disable](plugin_disable.md) -* [plugin enable](plugin_enable.md) -* [plugin inspect](plugin_inspect.md) -* [plugin install](plugin_install.md) -* [plugin push](plugin_push.md) -* [plugin rm](plugin_rm.md) -* [plugin set](plugin_set.md) -* [plugin upgrade](plugin_upgrade.md) diff --git a/components/engine/docs/reference/commandline/plugin_push.md b/components/engine/docs/reference/commandline/plugin_push.md deleted file mode 100644 index f444ed4d4d..0000000000 --- a/components/engine/docs/reference/commandline/plugin_push.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: "plugin push" -description: "the plugin push command description and usage" -keywords: "plugin, push" ---- - - - -```markdown -Usage: docker plugin push [OPTIONS] PLUGIN[:TAG] - -Push a plugin to a registry - -Options: - --disable-content-trust Skip image signing (default true) - --help Print usage -``` - -## Description - -After you have created a plugin using `docker plugin create` and the plugin is -ready for distribution, use `docker plugin push` to share your images to Docker -Hub or a self-hosted registry. - -Registry credentials are managed by [docker login](login.md). - -## Examples - -The following example shows how to push a sample `user/plugin`. - -```bash -$ docker plugin ls - -ID NAME TAG DESCRIPTION ENABLED -69553ca1d456 user/plugin latest A sample plugin for Docker false - -$ docker plugin push user/plugin -``` - -## Related commands - -* [plugin create](plugin_create.md) -* [plugin disable](plugin_disable.md) -* [plugin enable](plugin_enable.md) -* [plugin inspect](plugin_inspect.md) -* [plugin install](plugin_install.md) -* [plugin ls](plugin_ls.md) -* [plugin rm](plugin_rm.md) -* [plugin set](plugin_set.md) -* [plugin upgrade](plugin_upgrade.md) diff --git a/components/engine/docs/reference/commandline/plugin_rm.md b/components/engine/docs/reference/commandline/plugin_rm.md deleted file mode 100644 index d599ed8fc1..0000000000 --- a/components/engine/docs/reference/commandline/plugin_rm.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: "plugin rm" -description: "the plugin rm command description and usage" -keywords: "plugin, rm" ---- - - - -# plugin rm - -```markdown -Usage: docker plugin rm [OPTIONS] PLUGIN [PLUGIN...] - -Remove one or more plugins - -Aliases: - rm, remove - -Options: - -f, --force Force the removal of an active plugin - --help Print usage -``` - -## Description - -Removes a plugin. You cannot remove a plugin if it is enabled, you must disable -a plugin using the [`docker plugin disable`](plugin_disable.md) before removing -it (or use --force, use of force is not recommended, since it can affect -functioning of running containers using the plugin). - -## Examples - -The following example disables and removes the `sample-volume-plugin:latest` -plugin: - -```bash -$ docker plugin disable tiborvass/sample-volume-plugin - -tiborvass/sample-volume-plugin - -$ docker plugin rm tiborvass/sample-volume-plugin:latest - -tiborvass/sample-volume-plugin -``` - -## Related commands - -* [plugin create](plugin_create.md) -* [plugin disable](plugin_disable.md) -* [plugin enable](plugin_enable.md) -* [plugin inspect](plugin_inspect.md) -* [plugin install](plugin_install.md) -* [plugin ls](plugin_ls.md) -* [plugin push](plugin_push.md) -* [plugin set](plugin_set.md) -* [plugin upgrade](plugin_upgrade.md) diff --git a/components/engine/docs/reference/commandline/plugin_set.md b/components/engine/docs/reference/commandline/plugin_set.md deleted file mode 100644 index ea7d92e735..0000000000 --- a/components/engine/docs/reference/commandline/plugin_set.md +++ /dev/null @@ -1,172 +0,0 @@ ---- -title: "plugin set" -description: "the plugin set command description and usage" -keywords: "plugin, set" ---- - - - -# plugin set - -```markdown -Usage: docker plugin set PLUGIN KEY=VALUE [KEY=VALUE...] - -Change settings for a plugin - -Options: - --help Print usage -``` - -## Description - -Change settings for a plugin. The plugin must be disabled. - -The settings currently supported are: - * env variables - * source of mounts - * path of devices - * args - -## What is settable ? - -Look at the plugin manifest, it's easy to see what fields are settable, -by looking at the `Settable` field. - -Here is an extract of a plugin manifest: - -``` -{ - "config": { - ... - "args": { - "name": "myargs", - "settable": ["value"], - "value": ["foo", "bar"] - }, - "env": [ - { - "name": "DEBUG", - "settable": ["value"], - "value": "0" - }, - { - "name": "LOGGING", - "value": "1" - } - ], - "devices": [ - { - "name": "mydevice", - "path": "/dev/foo", - "settable": ["path"] - } - ], - "mounts": [ - { - "destination": "/baz", - "name": "mymount", - "options": ["rbind"], - "settable": ["source"], - "source": "/foo", - "type": "bind" - } - ], - ... - } -} -``` - -In this example, we can see that the `value` of the `DEBUG` environment variable is settable, -the `source` of the `mymount` mount is also settable. Same for the `path` of `mydevice` and `value` of `myargs`. - -On the contrary, the `LOGGING` environment variable doesn't have any settable field, which implies that user cannot tweak it. - -## Examples - -### Change an environment variable - -The following example change the env variable `DEBUG` on the -`sample-volume-plugin` plugin. - -```bash -$ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin -[DEBUG=0] - -$ docker plugin set tiborvass/sample-volume-plugin DEBUG=1 - -$ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin -[DEBUG=1] -``` - -### Change the source of a mount - -The following example change the source of the `mymount` mount on -the `myplugin` plugin. - -```bash -$ docker plugin inspect -f '{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}' myplugin -/foo - -$ docker plugins set myplugin mymount.source=/bar - -$ docker plugin inspect -f '{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}' myplugin -/bar -``` - -> **Note**: Since only `source` is settable in `mymount`, -> `docker plugins set mymount=/bar myplugin` would work too. - -### Change a device path - -The following example change the path of the `mydevice` device on -the `myplugin` plugin. - -```bash -$ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$device.Path}}{{end}}' myplugin - -/dev/foo - -$ docker plugins set myplugin mydevice.path=/dev/bar - -$ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$device.Path}}{{end}}' myplugin - -/dev/bar -``` - -> **Note**: Since only `path` is settable in `mydevice`, -> `docker plugins set mydevice=/dev/bar myplugin` would work too. - -### Change the source of the arguments - -The following example change the value of the args on the `myplugin` plugin. - -```bash -$ docker plugin inspect -f '{{.Settings.Args}}' myplugin - -["foo", "bar"] - -$ docker plugins set myplugin myargs="foo bar baz" - -$ docker plugin inspect -f '{{.Settings.Args}}' myplugin - -["foo", "bar", "baz"] -``` - -## Related commands - -* [plugin create](plugin_create.md) -* [plugin disable](plugin_disable.md) -* [plugin enable](plugin_enable.md) -* [plugin inspect](plugin_inspect.md) -* [plugin install](plugin_install.md) -* [plugin ls](plugin_ls.md) -* [plugin push](plugin_push.md) -* [plugin rm](plugin_rm.md) -* [plugin upgrade](plugin_upgrade.md) diff --git a/components/engine/docs/reference/commandline/plugin_upgrade.md b/components/engine/docs/reference/commandline/plugin_upgrade.md deleted file mode 100644 index 8c79ebdabf..0000000000 --- a/components/engine/docs/reference/commandline/plugin_upgrade.md +++ /dev/null @@ -1,100 +0,0 @@ ---- -title: "plugin upgrade" -description: "the plugin upgrade command description and usage" -keywords: "plugin, upgrade" ---- - - - -# plugin upgrade - -```markdown -Usage: docker plugin upgrade [OPTIONS] PLUGIN [REMOTE] - -Upgrade a plugin - -Options: - --disable-content-trust Skip image verification (default true) - --grant-all-permissions Grant all permissions necessary to run the plugin - --help Print usage - --skip-remote-check Do not check if specified remote plugin matches existing plugin image -``` - -## Description - -Upgrades an existing plugin to the specified remote plugin image. If no remote -is specified, Docker will re-pull the current image and use the updated version. -All existing references to the plugin will continue to work. -The plugin must be disabled before running the upgrade. - -## Examples - -The following example installs `vieus/sshfs` plugin, uses it to create and use -a volume, then upgrades the plugin. - -```bash -$ docker plugin install vieux/sshfs DEBUG=1 - -Plugin "vieux/sshfs:next" is requesting the following privileges: - - network: [host] - - device: [/dev/fuse] - - capabilities: [CAP_SYS_ADMIN] -Do you grant the above permissions? [y/N] y -vieux/sshfs:next - -$ docker volume create -d vieux/sshfs:next -o sshcmd=root@1.2.3.4:/tmp/shared -o password=XXX sshvolume - -sshvolume - -$ docker run -it -v sshvolume:/data alpine sh -c "touch /data/hello" - -$ docker plugin disable -f vieux/sshfs:next - -viex/sshfs:next - -# Here docker volume ls doesn't show 'sshfsvolume', since the plugin is disabled -$ docker volume ls - -DRIVER VOLUME NAME - -$ docker plugin upgrade vieux/sshfs:next vieux/sshfs:next - -Plugin "vieux/sshfs:next" is requesting the following privileges: - - network: [host] - - device: [/dev/fuse] - - capabilities: [CAP_SYS_ADMIN] -Do you grant the above permissions? [y/N] y -Upgrade plugin vieux/sshfs:next to vieux/sshfs:next - -$ docker plugin enable vieux/sshfs:next - -viex/sshfs:next - -$ docker volume ls - -DRIVER VOLUME NAME -viuex/sshfs:next sshvolume - -$ docker run -it -v sshvolume:/data alpine sh -c "ls /data" - -hello -``` - -## Related commands - -* [plugin create](plugin_create.md) -* [plugin disable](plugin_disable.md) -* [plugin enable](plugin_enable.md) -* [plugin inspect](plugin_inspect.md) -* [plugin install](plugin_install.md) -* [plugin ls](plugin_ls.md) -* [plugin push](plugin_push.md) -* [plugin rm](plugin_rm.md) -* [plugin set](plugin_set.md) diff --git a/components/engine/docs/reference/commandline/port.md b/components/engine/docs/reference/commandline/port.md deleted file mode 100644 index c38763ea34..0000000000 --- a/components/engine/docs/reference/commandline/port.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: "port" -description: "The port command description and usage" -keywords: "port, mapping, container" ---- - - - -# port - -```markdown -Usage: docker port CONTAINER [PRIVATE_PORT[/PROTO]] - -List port mappings or a specific mapping for the container - -Options: - --help Print usage -``` - -## Examples - -### Show all mapped ports - -You can find out all the ports mapped by not specifying a `PRIVATE_PORT`, or -just a specific mapping: - -```bash -$ docker ps -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -b650456536c7 busybox:latest top 54 minutes ago Up 54 minutes 0.0.0.0:1234->9876/tcp, 0.0.0.0:4321->7890/tcp test -$ docker port test -7890/tcp -> 0.0.0.0:4321 -9876/tcp -> 0.0.0.0:1234 -$ docker port test 7890/tcp -0.0.0.0:4321 -$ docker port test 7890/udp -2014/06/24 11:53:36 Error: No public port '7890/udp' published for test -$ docker port test 7890 -0.0.0.0:4321 -``` diff --git a/components/engine/docs/reference/commandline/ps.md b/components/engine/docs/reference/commandline/ps.md deleted file mode 100644 index 51bab4834d..0000000000 --- a/components/engine/docs/reference/commandline/ps.md +++ /dev/null @@ -1,432 +0,0 @@ ---- -title: "ps" -description: "The ps command description and usage" -keywords: "container, running, list" ---- - - - -# ps - -```markdown -Usage: docker ps [OPTIONS] - -List containers - -Options: - -a, --all Show all containers (default shows just running) - -f, --filter value Filter output based on conditions provided (default []) - - ancestor=([:tag]||) - containers created from an image or a descendant. - - before=(|) - - expose=([/]|/[]) - - exited= an exit code of - - health=(starting|healthy|unhealthy|none) - - id= a container's ID - - isolation=(`default`|`process`|`hyperv`) (Windows daemon only) - - is-task=(true|false) - - label= or label== - - name= a container's name - - network=(|) - - publish=([/]|/[]) - - since=(|) - - status=(created|restarting|removing|running|paused|exited) - - volume=(|) - --format string Pretty-print containers using a Go template - --help Print usage - -n, --last int Show n last created containers (includes all states) (default -1) - -l, --latest Show the latest created container (includes all states) - --no-trunc Don't truncate output - -q, --quiet Only display numeric IDs - -s, --size Display total file sizes -``` - -## Examples - -### Prevent truncating output - -Running `docker ps --no-trunc` showing 2 linked containers. - -```bash -$ docker ps - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds 3300-3310/tcp webapp -d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db -``` - -### Show both running and stopped containers - -The `docker ps` command only shows running containers by default. To see all -containers, use the `-a` (or `--all`) flag: - -```bash -$ docker ps -a -``` - -`docker ps` groups exposed ports into a single range if possible. E.g., a -container that exposes TCP ports `100, 101, 102` displays `100-102/tcp` in -the `PORTS` column. - -### Filtering - -The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more -than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`) - -The currently supported filters are: - -* id (container's id) -* label (`label=` or `label==`) -* name (container's name) -* exited (int - the code of exited containers. Only useful with `--all`) -* status (`created|restarting|running|removing|paused|exited|dead`) -* ancestor (`[:]`, `` or ``) - filters containers that were created from the given image or a descendant. -* before (container's id or name) - filters containers created before given id or name -* since (container's id or name) - filters containers created since given id or name -* isolation (`default|process|hyperv`) (Windows daemon only) -* volume (volume name or mount point) - filters containers that mount volumes. -* network (network id or name) - filters containers connected to the provided network -* health (starting|healthy|unhealthy|none) - filters containers based on healthcheck status -* publish=(container's published port) - filters published ports by containers -* expose=(container's exposed port) - filters exposed ports by containers - -#### label - -The `label` filter matches containers based on the presence of a `label` alone or a `label` and a -value. - -The following filter matches containers with the `color` label regardless of its value. - -```bash -$ docker ps --filter "label=color" - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -673394ef1d4c busybox "top" 47 seconds ago Up 45 seconds nostalgic_shockley -d85756f57265 busybox "top" 52 seconds ago Up 51 seconds high_albattani -``` - -The following filter matches containers with the `color` label with the `blue` value. - -```bash -$ docker ps --filter "label=color=blue" - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -d85756f57265 busybox "top" About a minute ago Up About a minute high_albattani -``` - -#### name - -The `name` filter matches on all or part of a container's name. - -The following filter matches all containers with a name containing the `nostalgic_stallman` string. - -```bash -$ docker ps --filter "name=nostalgic_stallman" - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -9b6247364a03 busybox "top" 2 minutes ago Up 2 minutes nostalgic_stallman -``` - -You can also filter for a substring in a name as this shows: - -```bash -$ docker ps --filter "name=nostalgic" - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -715ebfcee040 busybox "top" 3 seconds ago Up 1 second i_am_nostalgic -9b6247364a03 busybox "top" 7 minutes ago Up 7 minutes nostalgic_stallman -673394ef1d4c busybox "top" 38 minutes ago Up 38 minutes nostalgic_shockley -``` - -#### exited - -The `exited` filter matches containers by exist status code. For example, to -filter for containers that have exited successfully: - -```bash -$ docker ps -a --filter 'exited=0' - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -ea09c3c82f6e registry:latest /srv/run.sh 2 weeks ago Exited (0) 2 weeks ago 127.0.0.1:5000->5000/tcp desperate_leakey -106ea823fe4e fedora:latest /bin/sh -c 'bash -l' 2 weeks ago Exited (0) 2 weeks ago determined_albattani -48ee228c9464 fedora:20 bash 2 weeks ago Exited (0) 2 weeks ago tender_torvalds -``` - -#### Filter by exit signal - -You can use a filter to locate containers that exited with status of `137` -meaning a `SIGKILL(9)` killed them. - -```none -$ docker ps -a --filter 'exited=137' - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -b3e1c0ed5bfe ubuntu:latest "sleep 1000" 12 seconds ago Exited (137) 5 seconds ago grave_kowalevski -a2eb5558d669 redis:latest "/entrypoint.sh redi 2 hours ago Exited (137) 2 hours ago sharp_lalande -``` - -Any of these events result in a `137` status: - -* the `init` process of the container is killed manually -* `docker kill` kills the container -* Docker daemon restarts which kills all running containers - -#### status - -The `status` filter matches containers by status. You can filter using -`created`, `restarting`, `running`, `removing`, `paused`, `exited` and `dead`. For example, -to filter for `running` containers: - -```bash -$ docker ps --filter status=running - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -715ebfcee040 busybox "top" 16 minutes ago Up 16 minutes i_am_nostalgic -d5c976d3c462 busybox "top" 23 minutes ago Up 23 minutes top -9b6247364a03 busybox "top" 24 minutes ago Up 24 minutes nostalgic_stallman -``` - -To filter for `paused` containers: - -```bash -$ docker ps --filter status=paused - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -673394ef1d4c busybox "top" About an hour ago Up About an hour (Paused) nostalgic_shockley -``` - -#### ancestor - -The `ancestor` filter matches containers based on its image or a descendant of -it. The filter supports the following image representation: - -- image -- image:tag -- image:tag@digest -- short-id -- full-id - -If you don't specify a `tag`, the `latest` tag is used. For example, to filter -for containers that use the latest `ubuntu` image: - -```bash -$ docker ps --filter ancestor=ubuntu - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -919e1179bdb8 ubuntu-c1 "top" About a minute ago Up About a minute admiring_lovelace -5d1e4a540723 ubuntu-c2 "top" About a minute ago Up About a minute admiring_sammet -82a598284012 ubuntu "top" 3 minutes ago Up 3 minutes sleepy_bose -bab2a34ba363 ubuntu "top" 3 minutes ago Up 3 minutes focused_yonath -``` - -Match containers based on the `ubuntu-c1` image which, in this case, is a child -of `ubuntu`: - -```bash -$ docker ps --filter ancestor=ubuntu-c1 - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -919e1179bdb8 ubuntu-c1 "top" About a minute ago Up About a minute admiring_lovelace -``` - -Match containers based on the `ubuntu` version `12.04.5` image: - -```bash -$ docker ps --filter ancestor=ubuntu:12.04.5 - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -82a598284012 ubuntu:12.04.5 "top" 3 minutes ago Up 3 minutes sleepy_bose -``` - -The following matches containers based on the layer `d0e008c6cf02` or an image -that have this layer in its layer stack. - -```bash -$ docker ps --filter ancestor=d0e008c6cf02 - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -82a598284012 ubuntu:12.04.5 "top" 3 minutes ago Up 3 minutes sleepy_bose -``` - -#### Create time - -##### before - -The `before` filter shows only containers created before the container with -given id or name. For example, having these containers created: - -```bash -$ docker ps - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -9c3527ed70ce busybox "top" 14 seconds ago Up 15 seconds desperate_dubinsky -4aace5031105 busybox "top" 48 seconds ago Up 49 seconds focused_hamilton -6e63f6ff38b0 busybox "top" About a minute ago Up About a minute distracted_fermat -``` - -Filtering with `before` would give: - -```bash -$ docker ps -f before=9c3527ed70ce - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -4aace5031105 busybox "top" About a minute ago Up About a minute focused_hamilton -6e63f6ff38b0 busybox "top" About a minute ago Up About a minute distracted_fermat -``` - -##### since - -The `since` filter shows only containers created since the container with given -id or name. For example, with the same containers as in `before` filter: - -```bash -$ docker ps -f since=6e63f6ff38b0 - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -9c3527ed70ce busybox "top" 10 minutes ago Up 10 minutes desperate_dubinsky -4aace5031105 busybox "top" 10 minutes ago Up 10 minutes focused_hamilton -``` - -#### volume - -The `volume` filter shows only containers that mount a specific volume or have -a volume mounted in a specific path: - -```bash -$ docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}" -CONTAINER ID MOUNTS -9c3527ed70ce remote-volume - -$ docker ps --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}" -CONTAINER ID MOUNTS -9c3527ed70ce remote-volume -``` - -#### network - -The `network` filter shows only containers that are connected to a network with -a given name or id. - -The following filter matches all containers that are connected to a network -with a name containing `net1`. - -```bash -$ docker run -d --net=net1 --name=test1 ubuntu top -$ docker run -d --net=net2 --name=test2 ubuntu top - -$ docker ps --filter network=net1 - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -9d4893ed80fe ubuntu "top" 10 minutes ago Up 10 minutes test1 -``` - -The network filter matches on both the network's name and id. The following -example shows all containers that are attached to the `net1` network, using -the network id as a filter; - -```bash -$ docker network inspect --format "{{.ID}}" net1 - -8c0b4110ae930dbe26b258de9bc34a03f98056ed6f27f991d32919bfe401d7c5 - -$ docker ps --filter network=8c0b4110ae930dbe26b258de9bc34a03f98056ed6f27f991d32919bfe401d7c5 - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -9d4893ed80fe ubuntu "top" 10 minutes ago Up 10 minutes test1 -``` - -#### publish and expose - -The `publish` and `expose` filters show only containers that have published or exposed port with a given port -number, port range, and/or protocol. The default protocol is `tcp` when not specified. - -The following filter matches all containers that have published port of 80: - -```bash -$ docker run -d --publish=80 busybox top -$ docker run -d --expose=8080 busybox top - -$ docker ps -a - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -9833437217a5 busybox "top" 5 seconds ago Up 4 seconds 8080/tcp dreamy_mccarthy -fc7e477723b7 busybox "top" 50 seconds ago Up 50 seconds 0.0.0.0:32768->80/tcp admiring_roentgen - -$ docker ps --filter publish=80 - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -fc7e477723b7 busybox "top" About a minute ago Up About a minute 0.0.0.0:32768->80/tcp admiring_roentgen -``` - -The following filter matches all containers that have exposed TCP port in the range of `8000-8080`: -```bash -$ docker ps --filter expose=8000-8080/tcp - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -9833437217a5 busybox "top" 21 seconds ago Up 19 seconds 8080/tcp dreamy_mccarthy -``` - -The following filter matches all containers that have exposed UDP port `80`: -```bash -$ docker ps --filter publish=80/udp - -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -``` - -### Formatting - -The formatting option (`--format`) pretty-prints container output using a Go -template. - -Valid placeholders for the Go template are listed below: - -Placeholder | Description ---------------|---------------------------------------------------------------------------------------------------- -`.ID` | Container ID -`.Image` | Image ID -`.Command` | Quoted command -`.CreatedAt` | Time when the container was created. -`.RunningFor` | Elapsed time since the container was started. -`.Ports` | Exposed ports. -`.Status` | Container status. -`.Size` | Container disk size. -`.Names` | Container names. -`.Labels` | All labels assigned to the container. -`.Label` | Value of a specific label for this container. For example `'{{.Label "com.docker.swarm.cpu"}}'` -`.Mounts` | Names of the volumes mounted in this container. -`.Networks` | Names of the networks attached to this container. - -When using the `--format` option, the `ps` command will either output the data -exactly as the template declares or, when using the `table` directive, includes -column headers as well. - -The following example uses a template without headers and outputs the `ID` and -`Command` entries separated by a colon for all running containers: - -```bash -$ docker ps --format "{{.ID}}: {{.Command}}" - -a87ecb4f327c: /bin/sh -c #(nop) MA -01946d9d34d8: /bin/sh -c #(nop) MA -c1d3b0166030: /bin/sh -c yum -y up -41d50ecd2f57: /bin/sh -c #(nop) MA -``` - -To list all running containers with their labels in a table format you can use: - -```bash -$ docker ps --format "table {{.ID}}\t{{.Labels}}" - -CONTAINER ID LABELS -a87ecb4f327c com.docker.swarm.node=ubuntu,com.docker.swarm.storage=ssd -01946d9d34d8 -c1d3b0166030 com.docker.swarm.node=debian,com.docker.swarm.cpu=6 -41d50ecd2f57 com.docker.swarm.node=fedora,com.docker.swarm.cpu=3,com.docker.swarm.storage=ssd -``` diff --git a/components/engine/docs/reference/commandline/pull.md b/components/engine/docs/reference/commandline/pull.md deleted file mode 100644 index 7bf3df8363..0000000000 --- a/components/engine/docs/reference/commandline/pull.md +++ /dev/null @@ -1,254 +0,0 @@ ---- -title: "pull" -description: "The pull command description and usage" -keywords: "pull, image, hub, docker" ---- - - - -# pull - -```markdown -Usage: docker pull [OPTIONS] NAME[:TAG|@DIGEST] - -Pull an image or a repository from a registry - -Options: - -a, --all-tags Download all tagged images in the repository - --disable-content-trust Skip image verification (default true) - --help Print usage -``` - -## Description - -Most of your images will be created on top of a base image from the -[Docker Hub](https://hub.docker.com) registry. - -[Docker Hub](https://hub.docker.com) contains many pre-built images that you -can `pull` and try without needing to define and configure your own. - -To download a particular image, or set of images (i.e., a repository), -use `docker pull`. - -### Proxy configuration - -If you are behind an HTTP proxy server, for example in corporate settings, -before open a connect to registry, you may need to configure the Docker -daemon's proxy settings, using the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` -environment variables. To set these environment variables on a host using -`systemd`, refer to the [control and configure Docker with systemd](https://docs.docker.com/engine/admin/systemd/#http-proxy) -for variables configuration. - -### Concurrent downloads - -By default the Docker daemon will pull three layers of an image at a time. -If you are on a low bandwidth connection this may cause timeout issues and you may want to lower -this via the `--max-concurrent-downloads` daemon option. See the -[daemon documentation](dockerd.md) for more details. - -## Examples - -### Pull an image from Docker Hub - -To download a particular image, or set of images (i.e., a repository), use -`docker pull`. If no tag is provided, Docker Engine uses the `:latest` tag as a -default. This command pulls the `debian:latest` image: - -```bash -$ docker pull debian - -Using default tag: latest -latest: Pulling from library/debian -fdd5d7827f33: Pull complete -a3ed95caeb02: Pull complete -Digest: sha256:e7d38b3517548a1c71e41bffe9c8ae6d6d29546ce46bf62159837aad072c90aa -Status: Downloaded newer image for debian:latest -``` - -Docker images can consist of multiple layers. In the example above, the image -consists of two layers; `fdd5d7827f33` and `a3ed95caeb02`. - -Layers can be reused by images. For example, the `debian:jessie` image shares -both layers with `debian:latest`. Pulling the `debian:jessie` image therefore -only pulls its metadata, but not its layers, because all layers are already -present locally: - -```bash -$ docker pull debian:jessie - -jessie: Pulling from library/debian -fdd5d7827f33: Already exists -a3ed95caeb02: Already exists -Digest: sha256:a9c958be96d7d40df920e7041608f2f017af81800ca5ad23e327bc402626b58e -Status: Downloaded newer image for debian:jessie -``` - -To see which images are present locally, use the [`docker images`](images.md) -command: - -```bash -$ docker images - -REPOSITORY TAG IMAGE ID CREATED SIZE -debian jessie f50f9524513f 5 days ago 125.1 MB -debian latest f50f9524513f 5 days ago 125.1 MB -``` - -Docker uses a content-addressable image store, and the image ID is a SHA256 -digest covering the image's configuration and layers. In the example above, -`debian:jessie` and `debian:latest` have the same image ID because they are -actually the *same* image tagged with different names. Because they are the -same image, their layers are stored only once and do not consume extra disk -space. - -For more information about images, layers, and the content-addressable store, -refer to [understand images, containers, and storage drivers](https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/). - - -### Pull an image by digest (immutable identifier) - -So far, you've pulled images by their name (and "tag"). Using names and tags is -a convenient way to work with images. When using tags, you can `docker pull` an -image again to make sure you have the most up-to-date version of that image. -For example, `docker pull ubuntu:14.04` pulls the latest version of the Ubuntu -14.04 image. - -In some cases you don't want images to be updated to newer versions, but prefer -to use a fixed version of an image. Docker enables you to pull an image by its -*digest*. When pulling an image by digest, you specify *exactly* which version -of an image to pull. Doing so, allows you to "pin" an image to that version, -and guarantee that the image you're using is always the same. - -To know the digest of an image, pull the image first. Let's pull the latest -`ubuntu:14.04` image from Docker Hub: - -```bash -$ docker pull ubuntu:14.04 - -14.04: Pulling from library/ubuntu -5a132a7e7af1: Pull complete -fd2731e4c50c: Pull complete -28a2f68d1120: Pull complete -a3ed95caeb02: Pull complete -Digest: sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 -Status: Downloaded newer image for ubuntu:14.04 -``` - -Docker prints the digest of the image after the pull has finished. In the example -above, the digest of the image is: - - sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 - -Docker also prints the digest of an image when *pushing* to a registry. This -may be useful if you want to pin to a version of the image you just pushed. - -A digest takes the place of the tag when pulling an image, for example, to -pull the above image by digest, run the following command: - -```bash -$ docker pull ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 - -sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2: Pulling from library/ubuntu -5a132a7e7af1: Already exists -fd2731e4c50c: Already exists -28a2f68d1120: Already exists -a3ed95caeb02: Already exists -Digest: sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 -Status: Downloaded newer image for ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 -``` - -Digest can also be used in the `FROM` of a Dockerfile, for example: - -```Dockerfile -FROM ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 -MAINTAINER some maintainer -``` - -> **Note**: Using this feature "pins" an image to a specific version in time. -> Docker will therefore not pull updated versions of an image, which may include -> security updates. If you want to pull an updated image, you need to change the -> digest accordingly. - - -### Pull from a different registry - -By default, `docker pull` pulls images from [Docker Hub](https://hub.docker.com). It is also possible to -manually specify the path of a registry to pull from. For example, if you have -set up a local registry, you can specify its path to pull from it. A registry -path is similar to a URL, but does not contain a protocol specifier (`https://`). - -The following command pulls the `testing/test-image` image from a local registry -listening on port 5000 (`myregistry.local:5000`): - -```bash -$ docker pull myregistry.local:5000/testing/test-image -``` - -Registry credentials are managed by [docker login](login.md). - -Docker uses the `https://` protocol to communicate with a registry, unless the -registry is allowed to be accessed over an insecure connection. Refer to the -[insecure registries](dockerd.md#insecure-registries) section for more information. - - -### Pull a repository with multiple images - -By default, `docker pull` pulls a *single* image from the registry. A repository -can contain multiple images. To pull all images from a repository, provide the -`-a` (or `--all-tags`) option when using `docker pull`. - -This command pulls all images from the `fedora` repository: - -```bash -$ docker pull --all-tags fedora - -Pulling repository fedora -ad57ef8d78d7: Download complete -105182bb5e8b: Download complete -511136ea3c5a: Download complete -73bd853d2ea5: Download complete -.... - -Status: Downloaded newer image for fedora -``` - -After the pull has completed use the `docker images` command to see the -images that were pulled. The example below shows all the `fedora` images -that are present locally: - -```bash -$ docker images fedora - -REPOSITORY TAG IMAGE ID CREATED SIZE -fedora rawhide ad57ef8d78d7 5 days ago 359.3 MB -fedora 20 105182bb5e8b 5 days ago 372.7 MB -fedora heisenbug 105182bb5e8b 5 days ago 372.7 MB -fedora latest 105182bb5e8b 5 days ago 372.7 MB -``` - -### Cancel a pull - -Killing the `docker pull` process, for example by pressing `CTRL-c` while it is -running in a terminal, will terminate the pull operation. - -```bash -$ docker pull fedora - -Using default tag: latest -latest: Pulling from library/fedora -a3ed95caeb02: Pulling fs layer -236608c7b546: Pulling fs layer -^C -``` - -> **Note**: Technically, the Engine terminates a pull operation when the -> connection between the Docker Engine daemon and the Docker Engine client -> initiating the pull is lost. If the connection with the Engine daemon is -> lost for other reasons than a manual interaction, the pull is also aborted. diff --git a/components/engine/docs/reference/commandline/push.md b/components/engine/docs/reference/commandline/push.md deleted file mode 100644 index 61c37139fd..0000000000 --- a/components/engine/docs/reference/commandline/push.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -title: "push" -description: "The push command description and usage" -keywords: "share, push, image" ---- - - - -# push - -```markdown -Usage: docker push [OPTIONS] NAME[:TAG] - -Push an image or a repository to a registry - -Options: - --disable-content-trust Skip image signing (default true) - --help Print usage -``` - -## Description - -Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com) -registry or to a self-hosted one. - -Refer to the [`docker tag`](tag.md) reference for more information about valid -image and tag names. - -Killing the `docker push` process, for example by pressing `CTRL-c` while it is -running in a terminal, terminates the push operation. - -Progress bars are shown during docker push, which show the uncompressed size. The -actual amount of data that's pushed will be compressed before sending, so the uploaded - size will not be reflected by the progress bar. - -Registry credentials are managed by [docker login](login.md). - -### Concurrent uploads - -By default the Docker daemon will push five layers of an image at a time. -If you are on a low bandwidth connection this may cause timeout issues and you may want to lower -this via the `--max-concurrent-uploads` daemon option. See the -[daemon documentation](dockerd.md) for more details. - -## Examples - -### Push a new image to a registry - -First save the new image by finding the container ID (using [`docker ps`](ps.md)) -and then committing it to a new image name. Note that only `a-z0-9-_.` are -allowed when naming images: - -```bash -$ docker commit c16378f943fe rhel-httpd -``` - -Now, push the image to the registry using the image ID. In this example the -registry is on host named `registry-host` and listening on port `5000`. To do -this, tag the image with the host name or IP address, and the port of the -registry: - -```bash -$ docker tag rhel-httpd registry-host:5000/myadmin/rhel-httpd - -$ docker push registry-host:5000/myadmin/rhel-httpd -``` - -Check that this worked by running: - -```bash -$ docker images -``` - -You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd` -listed. diff --git a/components/engine/docs/reference/commandline/rename.md b/components/engine/docs/reference/commandline/rename.md deleted file mode 100644 index 90268a2a2c..0000000000 --- a/components/engine/docs/reference/commandline/rename.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: "rename" -description: "The rename command description and usage" -keywords: "rename, docker, container" ---- - - - -# rename - -```markdown -Usage: docker rename CONTAINER NEW_NAME - -Rename a container - -Options: - --help Print usage -``` - -## Description - -The `docker rename` command renames a container. - -## Examples - -```bash -$ docker rename my_container my_new_container -``` diff --git a/components/engine/docs/reference/commandline/restart.md b/components/engine/docs/reference/commandline/restart.md deleted file mode 100644 index a2796afe33..0000000000 --- a/components/engine/docs/reference/commandline/restart.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -title: "restart" -description: "The restart command description and usage" -keywords: "restart, container, Docker" ---- - - - -# restart - -```markdown -Usage: docker restart [OPTIONS] CONTAINER [CONTAINER...] - -Restart one or more containers - -Options: - --help Print usage - -t, --time int Seconds to wait for stop before killing the container (default 10) -``` - -## Examples - -```bash -$ docker restart my_container -``` diff --git a/components/engine/docs/reference/commandline/rm.md b/components/engine/docs/reference/commandline/rm.md deleted file mode 100644 index 8ee5b2874d..0000000000 --- a/components/engine/docs/reference/commandline/rm.md +++ /dev/null @@ -1,100 +0,0 @@ ---- -title: "rm" -description: "The rm command description and usage" -keywords: "remove, Docker, container" ---- - - - -# rm - -```markdown -Usage: docker rm [OPTIONS] CONTAINER [CONTAINER...] - -Remove one or more containers - -Options: - -f, --force Force the removal of a running container (uses SIGKILL) - --help Print usage - -l, --link Remove the specified link - -v, --volumes Remove the volumes associated with the container -``` - -## Examples - -### Remove a container - -This will remove the container referenced under the link -`/redis`. - -```bash -$ docker rm /redis - -/redis -``` - -### Remove a link specified with `--link` on the default bridge network - -This will remove the underlying link between `/webapp` and the `/redis` -containers on the default bridge network, removing all network communication -between the two containers. This does not apply when `--link` is used with -user-specified networks. - -```bash -$ docker rm --link /webapp/redis - -/webapp/redis -``` - -### Force-remove a running container - -This command will force-remove a running container. - -```bash -$ docker rm --force redis - -redis -``` - -The main process inside the container referenced under the link `redis` will receive -`SIGKILL`, then the container will be removed. - -### Remove all stopped containers - -```bash -$ docker rm $(docker ps -a -q) -``` - -This command will delete all stopped containers. The command -`docker ps -a -q` will return all existing container IDs and pass them to -the `rm` command which will delete them. Any running containers will not be -deleted. - -### Remove a container and its volumes - -```bash -$ docker rm -v redis -redis -``` - -This command will remove the container and any volumes associated with it. -Note that if a volume was specified with a name, it will not be removed. - -### Remove a container and selectively remove volumes - -```bash -$ docker create -v awesome:/foo -v /bar --name hello redis -hello -$ docker rm -v hello -``` - -In this example, the volume for `/foo` will remain intact, but the volume for -`/bar` will be removed. The same behavior holds for volumes inherited with -`--volumes-from`. diff --git a/components/engine/docs/reference/commandline/rmi.md b/components/engine/docs/reference/commandline/rmi.md deleted file mode 100644 index 28e21d4398..0000000000 --- a/components/engine/docs/reference/commandline/rmi.md +++ /dev/null @@ -1,105 +0,0 @@ ---- -title: "rmi" -description: "The rmi command description and usage" -keywords: "remove, image, Docker" ---- - - - -# rmi - -```markdown -Usage: docker rmi [OPTIONS] IMAGE [IMAGE...] - -Remove one or more images - -Options: - -f, --force Force removal of the image - --help Print usage - --no-prune Do not delete untagged parents -``` - -## Examples - -You can remove an image using its short or long ID, its tag, or its digest. If -an image has one or more tag referencing it, you must remove all of them before -the image is removed. Digest references are removed automatically when an image -is removed by tag. - -```bash -$ docker images - -REPOSITORY TAG IMAGE ID CREATED SIZE -test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) -test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) -test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - -$ docker rmi fd484f19954f - -Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories, use -f to force -2013/12/11 05:47:16 Error: failed to remove one or more images - -$ docker rmi test1 - -Untagged: test1:latest - -$ docker rmi test2 - -Untagged: test2:latest - - -$ docker images - -REPOSITORY TAG IMAGE ID CREATED SIZE -test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - -$ docker rmi test - -Untagged: test:latest -Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 -``` - -If you use the `-f` flag and specify the image's short or long ID, then this -command untags and removes all images that match the specified ID. - -```bash -$ docker images - -REPOSITORY TAG IMAGE ID CREATED SIZE -test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) -test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) -test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - -$ docker rmi -f fd484f19954f - -Untagged: test1:latest -Untagged: test:latest -Untagged: test2:latest -Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 -``` - -An image pulled by digest has no tag associated with it: - -```bash -$ docker images --digests - -REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE -localhost:5000/test/busybox sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf 4986bf8c1536 9 weeks ago 2.43 MB -``` - -To remove an image using its digest: - -```bash -$ docker rmi localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf -Untagged: localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf -Deleted: 4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125 -Deleted: ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2 -Deleted: df7546f9f060a2268024c8a230d8639878585defcc1bc6f79d2728a13957871b -``` diff --git a/components/engine/docs/reference/commandline/run.md b/components/engine/docs/reference/commandline/run.md deleted file mode 100644 index 2216319415..0000000000 --- a/components/engine/docs/reference/commandline/run.md +++ /dev/null @@ -1,812 +0,0 @@ ---- -title: "run" -description: "The run command description and usage" -keywords: "run, command, container" ---- - - - -# run - -```markdown -Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] - -Run a command in a new container - -Options: - --add-host value Add a custom host-to-IP mapping (host:ip) (default []) - -a, --attach value Attach to STDIN, STDOUT or STDERR (default []) - --blkio-weight value Block IO (relative weight), between 10 and 1000 - --blkio-weight-device value Block IO weight (relative device weight) (default []) - --cap-add value Add Linux capabilities (default []) - --cap-drop value Drop Linux capabilities (default []) - --cgroup-parent string Optional parent cgroup for the container - --cidfile string Write the container ID to the file - --cpu-count int The number of CPUs available for execution by the container. - Windows daemon only. On Windows Server containers, this is - approximated as a percentage of total CPU usage. - --cpu-percent int Limit percentage of CPU available for execution - by the container. Windows daemon only. - The processor resource controls are mutually - exclusive, the order of precedence is CPUCount - first, then CPUShares, and CPUPercent last. - --cpu-period int Limit CPU CFS (Completely Fair Scheduler) period - --cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota - -c, --cpu-shares int CPU shares (relative weight) - --cpus NanoCPUs Number of CPUs (default 0.000) - --cpu-rt-period int Limit the CPU real-time period in microseconds - --cpu-rt-runtime int Limit the CPU real-time runtime in microseconds - --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) - --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) - -d, --detach Run container in background and print container ID - --detach-keys string Override the key sequence for detaching a container - --device value Add a host device to the container (default []) - --device-cgroup-rule value Add a rule to the cgroup allowed devices list - --device-read-bps value Limit read rate (bytes per second) from a device (default []) - --device-read-iops value Limit read rate (IO per second) from a device (default []) - --device-write-bps value Limit write rate (bytes per second) to a device (default []) - --device-write-iops value Limit write rate (IO per second) to a device (default []) - --disable-content-trust Skip image verification (default true) - --dns value Set custom DNS servers (default []) - --dns-option value Set DNS options (default []) - --dns-search value Set custom DNS search domains (default []) - --entrypoint string Overwrite the default ENTRYPOINT of the image - -e, --env value Set environment variables (default []) - --env-file value Read in a file of environment variables (default []) - --expose value Expose a port or a range of ports (default []) - --group-add value Add additional groups to join (default []) - --health-cmd string Command to run to check health - --health-interval duration Time between running the check (ns|us|ms|s|m|h) (default 0s) - --health-retries int Consecutive failures needed to report unhealthy - --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s) - --health-start-period duration Start period for the container to initialize before counting retries towards unstable (ns|us|ms|s|m|h) (default 0s) - --help Print usage - -h, --hostname string Container host name - --init Run an init inside the container that forwards signals and reaps processes - -i, --interactive Keep STDIN open even if not attached - --io-maxbandwidth string Maximum IO bandwidth limit for the system drive (Windows only) - (Windows only). The format is ``. - Unit is optional and can be `b` (bytes per second), - `k` (kilobytes per second), `m` (megabytes per second), - or `g` (gigabytes per second). If you omit the unit, - the system uses bytes per second. - --io-maxbandwidth and --io-maxiops are mutually exclusive options. - --io-maxiops uint Maximum IOps limit for the system drive (Windows only) - --ip string IPv4 address (e.g., 172.30.100.104) - --ip6 string IPv6 address (e.g., 2001:db8::33) - --ipc string IPC namespace to use - --isolation string Container isolation technology - --kernel-memory string Kernel memory limit - -l, --label value Set meta data on a container (default []) - --label-file value Read in a line delimited file of labels (default []) - --link value Add link to another container (default []) - --link-local-ip value Container IPv4/IPv6 link-local addresses (default []) - --log-driver string Logging driver for the container - --log-opt value Log driver options (default []) - --mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33) - -m, --memory string Memory limit - --memory-reservation string Memory soft limit - --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap - --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1) - --mount value Attach a filesystem mount to the container (default []) - --name string Assign a name to the container - --network-alias value Add network-scoped alias for the container (default []) - --network string Connect a container to a network - 'bridge': create a network stack on the default Docker bridge - 'none': no networking - 'container:': reuse another container's network stack - 'host': use the Docker host network stack - '|': connect to a user-defined network - --no-healthcheck Disable any container-specified HEALTHCHECK - --oom-kill-disable Disable OOM Killer - --oom-score-adj int Tune host's OOM preferences (-1000 to 1000) - --pid string PID namespace to use - --pids-limit int Tune container pids limit (set -1 for unlimited) - --privileged Give extended privileges to this container - -p, --publish value Publish a container's port(s) to the host (default []) - -P, --publish-all Publish all exposed ports to random ports - --read-only Mount the container's root filesystem as read only - --restart string Restart policy to apply when a container exits (default "no") - Possible values are : no, on-failure[:max-retry], always, unless-stopped - --rm Automatically remove the container when it exits - --runtime string Runtime to use for this container - --security-opt value Security Options (default []) - --shm-size bytes Size of /dev/shm - The format is ``. `number` must be greater than `0`. - Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), - or `g` (gigabytes). If you omit the unit, the system uses bytes. - --sig-proxy Proxy received signals to the process (default true) - --stop-signal string Signal to stop a container (default "SIGTERM") - --stop-timeout=10 Timeout (in seconds) to stop a container - --storage-opt value Storage driver options for the container (default []) - --sysctl value Sysctl options (default map[]) - --tmpfs value Mount a tmpfs directory (default []) - -t, --tty Allocate a pseudo-TTY - --ulimit value Ulimit options (default []) - -u, --user string Username or UID (format: [:]) - --userns string User namespace to use - 'host': Use the Docker host user namespace - '': Use the Docker daemon user namespace specified by `--userns-remap` option. - --uts string UTS namespace to use - -v, --volume value Bind mount a volume (default []). The format - is `[host-src:]container-dest[:]`. - The comma-delimited `options` are [rw|ro], - [z|Z], [[r]shared|[r]slave|[r]private], - [delegated|cached|consistent], and - [nocopy]. The 'host-src' is an absolute path - or a name value. - --volume-driver string Optional volume driver for the container - --volumes-from value Mount volumes from the specified container(s) (default []) - -w, --workdir string Working directory inside the container -``` - -## Description - -The `docker run` command first `creates` a writeable container layer over the -specified image, and then `starts` it using the specified command. That is, -`docker run` is equivalent to the API `/containers/create` then -`/containers/(id)/start`. A stopped container can be restarted with all its -previous changes intact using `docker start`. See `docker ps -a` to view a list -of all containers. - -The `docker run` command can be used in combination with `docker commit` to -[*change the command that a container runs*](commit.md). There is additional detailed information about `docker run` in the [Docker run reference](../run.md). - -For information on connecting a container to a network, see the ["*Docker network overview*"](https://docs.docker.com/engine/userguide/networking/). - -## Examples - -### Assign name and allocate pseudo-TTY (--name, -it) - -```bash -$ docker run --name test -it debian - -root@d6c0fe130dba:/# exit 13 -$ echo $? -13 -$ docker ps -a | grep test -d6c0fe130dba debian:7 "/bin/bash" 26 seconds ago Exited (13) 17 seconds ago test -``` - -This example runs a container named `test` using the `debian:latest` -image. The `-it` instructs Docker to allocate a pseudo-TTY connected to -the container's stdin; creating an interactive `bash` shell in the container. -In the example, the `bash` shell is quit by entering -`exit 13`. This exit code is passed on to the caller of -`docker run`, and is recorded in the `test` container's metadata. - -### Capture container ID (--cidfile) - -```bash -$ docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" -``` - -This will create a container and print `test` to the console. The `cidfile` -flag makes Docker attempt to create a new file and write the container ID to it. -If the file exists already, Docker will return an error. Docker will close this -file when `docker run` exits. - -### Full container capabilities (--privileged) - -```bash -$ docker run -t -i --rm ubuntu bash -root@bc338942ef20:/# mount -t tmpfs none /mnt -mount: permission denied -``` - -This will *not* work, because by default, most potentially dangerous kernel -capabilities are dropped; including `cap_sys_admin` (which is required to mount -filesystems). However, the `--privileged` flag will allow it to run: - -```bash -$ docker run -t -i --privileged ubuntu bash -root@50e3f57e16e6:/# mount -t tmpfs none /mnt -root@50e3f57e16e6:/# df -h -Filesystem Size Used Avail Use% Mounted on -none 1.9G 0 1.9G 0% /mnt -``` - -The `--privileged` flag gives *all* capabilities to the container, and it also -lifts all the limitations enforced by the `device` cgroup controller. In other -words, the container can then do almost everything that the host can do. This -flag exists to allow special use-cases, like running Docker within Docker. - -### Set working directory (-w) - -```bash -$ docker run -w /path/to/dir/ -i -t ubuntu pwd -``` - -The `-w` lets the command being executed inside directory given, here -`/path/to/dir/`. If the path does not exist it is created inside the container. - -### Set storage driver options per container - -```bash -$ docker run -it --storage-opt size=120G fedora /bin/bash -``` - -This (size) will allow to set the container rootfs size to 120G at creation time. -This option is only available for the `devicemapper`, `btrfs`, `overlay2`, -`windowsfilter` and `zfs` graph drivers. -For the `devicemapper`, `btrfs`, `windowsfilter` and `zfs` graph drivers, -user cannot pass a size less than the Default BaseFS Size. -For the `overlay2` storage driver, the size option is only available if the -backing fs is `xfs` and mounted with the `pquota` mount option. -Under these conditions, user can pass any size less then the backing fs size. - -### Mount tmpfs (--tmpfs) - -```bash -$ docker run -d --tmpfs /run:rw,noexec,nosuid,size=65536k my_image -``` - -The `--tmpfs` flag mounts an empty tmpfs into the container with the `rw`, -`noexec`, `nosuid`, `size=65536k` options. - -### Mount volume (-v, --read-only) - -```bash -$ docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd -``` - -The `-v` flag mounts the current working directory into the container. The `-w` -lets the command being executed inside the current working directory, by -changing into the directory to the value returned by `pwd`. So this -combination executes the command using the container, but inside the -current working directory. - -```bash -$ docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash -``` - -When the host directory of a bind-mounted volume doesn't exist, Docker -will automatically create this directory on the host for you. In the -example above, Docker will create the `/doesnt/exist` -folder before starting your container. - -```bash -$ docker run --read-only -v /icanwrite busybox touch /icanwrite/here -``` - -Volumes can be used in combination with `--read-only` to control where -a container writes files. The `--read-only` flag mounts the container's root -filesystem as read only prohibiting writes to locations other than the -specified volumes for the container. - -```bash -$ docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v /path/to/static-docker-binary:/usr/bin/docker busybox sh -``` - -By bind-mounting the docker unix socket and statically linked docker -binary (refer to [get the linux binary]( -https://docs.docker.com/engine/installation/binaries/#/get-the-linux-binary)), -you give the container the full access to create and manipulate the host's -Docker daemon. - -On Windows, the paths must be specified using Windows-style semantics. - -```powershell -PS C:\> docker run -v c:\foo:c:\dest microsoft/nanoserver cmd /s /c type c:\dest\somefile.txt -Contents of file - -PS C:\> docker run -v c:\foo:d: microsoft/nanoserver cmd /s /c type d:\somefile.txt -Contents of file -``` - -The following examples will fail when using Windows-based containers, as the -destination of a volume or bind-mount inside the container must be one of: -a non-existing or empty directory; or a drive other than C:. Further, the source -of a bind mount must be a local directory, not a file. - -```powershell -net use z: \\remotemachine\share -docker run -v z:\foo:c:\dest ... -docker run -v \\uncpath\to\directory:c:\dest ... -docker run -v c:\foo\somefile.txt:c:\dest ... -docker run -v c:\foo:c: ... -docker run -v c:\foo:c:\existing-directory-with-contents ... -``` - -For in-depth information about volumes, refer to [manage data in containers](https://docs.docker.com/engine/tutorials/dockervolumes/) - - -### Add bind-mounts or volumes using the --mount flag - -The `--mount` flag allows you to mount volumes, host-directories and `tmpfs` -mounts in a container. - -The `--mount` flag supports most options that are supported by the `-v` or the -`--volume` flag, but uses a different syntax. For in-depth information on the -`--mount` flag, and a comparison between `--volume` and `--mount`, refer to -the [service create command reference](service_create.md#add-bind-mounts-or-volumes). - -Even though there is no plan to deprecate `--volume`, usage of `--mount` is recommended. - -Examples: - -```bash -$ docker run --read-only --mount type=volume,target=/icanwrite busybox touch /icanwrite/here -``` - -```bash -$ docker run -t -i --mount type=bind,src=/data,dst=/data busybox sh -``` - -### Publish or expose port (-p, --expose) - -```bash -$ docker run -p 127.0.0.1:80:8080 ubuntu bash -``` - -This binds port `8080` of the container to port `80` on `127.0.0.1` of the host -machine. The [Docker User -Guide](https://docs.docker.com/engine/userguide/networking/default_network/dockerlinks/) -explains in detail how to manipulate ports in Docker. - -```bash -$ docker run --expose 80 ubuntu bash -``` - -This exposes port `80` of the container without publishing the port to the host -system's interfaces. - -### Set environment variables (-e, --env, --env-file) - -```bash -$ docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash -``` - -Use the `-e`, `--env`, and `--env-file` flags to set simple (non-array) -environment variables in the container you're running, or overwrite variables -that are defined in the Dockerfile of the image you're running. - -You can define the variable and its value when running the container: - -```bash -$ docker run --env VAR1=value1 --env VAR2=value2 ubuntu env | grep VAR -VAR1=value1 -VAR2=value2 -``` - -You can also use variables that you've exported to your local environment: - -```bash -export VAR1=value1 -export VAR2=value2 - -$ docker run --env VAR1 --env VAR2 ubuntu env | grep VAR -VAR1=value1 -VAR2=value2 -``` - -When running the command, the Docker CLI client checks the value the variable -has in your local environment and passes it to the container. -If no `=` is provided and that variable is not exported in your local -environment, the variable won't be set in the container. - -You can also load the environment variables from a file. This file should use -the syntax `=value` (which sets the variable to the given value) or -`` (which takes the value from the local environment), and `#` for comments. - -```bash -$ cat env.list -# This is a comment -VAR1=value1 -VAR2=value2 -USER - -$ docker run --env-file env.list ubuntu env | grep VAR -VAR1=value1 -VAR2=value2 -USER=denis -``` - -### Set metadata on container (-l, --label, --label-file) - -A label is a `key=value` pair that applies metadata to a container. To label a container with two labels: - -```bash -$ docker run -l my-label --label com.example.foo=bar ubuntu bash -``` - -The `my-label` key doesn't specify a value so the label defaults to an empty -string(`""`). To add multiple labels, repeat the label flag (`-l` or `--label`). - -The `key=value` must be unique to avoid overwriting the label value. If you -specify labels with identical keys but different values, each subsequent value -overwrites the previous. Docker uses the last `key=value` you supply. - -Use the `--label-file` flag to load multiple labels from a file. Delimit each -label in the file with an EOL mark. The example below loads labels from a -labels file in the current directory: - -```bash -$ docker run --label-file ./labels ubuntu bash -``` - -The label-file format is similar to the format for loading environment -variables. (Unlike environment variables, labels are not visible to processes -running inside a container.) The following example illustrates a label-file -format: - -```none -com.example.label1="a label" - -# this is a comment -com.example.label2=another\ label -com.example.label3 -``` - -You can load multiple label-files by supplying multiple `--label-file` flags. - -For additional information on working with labels, see [*Labels - custom -metadata in Docker*](https://docs.docker.com/engine/userguide/labels-custom-metadata/) in the Docker User -Guide. - -### Connect a container to a network (--network) - -When you start a container use the `--network` flag to connect it to a network. -This adds the `busybox` container to the `my-net` network. - -```bash -$ docker run -itd --network=my-net busybox -``` - -You can also choose the IP addresses for the container with `--ip` and `--ip6` -flags when you start the container on a user-defined network. - -```bash -$ docker run -itd --network=my-net --ip=10.10.9.75 busybox -``` - -If you want to add a running container to a network use the `docker network connect` subcommand. - -You can connect multiple containers to the same network. Once connected, the -containers can communicate easily need only another container's IP address -or name. For `overlay` networks or custom plugins that support multi-host -connectivity, containers connected to the same multi-host network but launched -from different Engines can also communicate in this way. - -> **Note**: Service discovery is unavailable on the default bridge network. -> Containers can communicate via their IP addresses by default. To communicate -> by name, they must be linked. - -You can disconnect a container from a network using the `docker network -disconnect` command. - -### Mount volumes from container (--volumes-from) - -```bash -$ docker run --volumes-from 777f7dc92da7 --volumes-from ba8c0c54f0f2:ro -i -t ubuntu pwd -``` - -The `--volumes-from` flag mounts all the defined volumes from the referenced -containers. Containers can be specified by repetitions of the `--volumes-from` -argument. The container ID may be optionally suffixed with `:ro` or `:rw` to -mount the volumes in read-only or read-write mode, respectively. By default, -the volumes are mounted in the same mode (read write or read only) as -the reference container. - -Labeling systems like SELinux require that proper labels are placed on volume -content mounted into a container. Without a label, the security system might -prevent the processes running inside the container from using the content. By -default, Docker does not change the labels set by the OS. - -To change the label in the container context, you can add either of two suffixes -`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file -objects on the shared volumes. The `z` option tells Docker that two containers -share the volume content. As a result, Docker labels the content with a shared -content label. Shared volume labels allow all containers to read/write content. -The `Z` option tells Docker to label the content with a private unshared label. -Only the current container can use a private volume. - -### Attach to STDIN/STDOUT/STDERR (-a) - -The `-a` flag tells `docker run` to bind to the container's `STDIN`, `STDOUT` -or `STDERR`. This makes it possible to manipulate the output and input as -needed. - -```bash -$ echo "test" | docker run -i -a stdin ubuntu cat - -``` - -This pipes data into a container and prints the container's ID by attaching -only to the container's `STDIN`. - -```bash -$ docker run -a stderr ubuntu echo test -``` - -This isn't going to print anything unless there's an error because we've -only attached to the `STDERR` of the container. The container's logs -still store what's been written to `STDERR` and `STDOUT`. - -```bash -$ cat somefile | docker run -i -a stdin mybuilder dobuild -``` - -This is how piping a file into a container could be done for a build. -The container's ID will be printed after the build is done and the build -logs could be retrieved using `docker logs`. This is -useful if you need to pipe a file or something else into a container and -retrieve the container's ID once the container has finished running. - -### Add host device to container (--device) - -```bash -$ docker run --device=/dev/sdc:/dev/xvdc \ - --device=/dev/sdd --device=/dev/zero:/dev/nulo \ - -i -t \ - ubuntu ls -l /dev/{xvdc,sdd,nulo} - -brw-rw---- 1 root disk 8, 2 Feb 9 16:05 /dev/xvdc -brw-rw---- 1 root disk 8, 3 Feb 9 16:05 /dev/sdd -crw-rw-rw- 1 root root 1, 5 Feb 9 16:05 /dev/nulo -``` - -It is often necessary to directly expose devices to a container. The `--device` -option enables that. For example, a specific block storage device or loop -device or audio device can be added to an otherwise unprivileged container -(without the `--privileged` flag) and have the application directly access it. - -By default, the container will be able to `read`, `write` and `mknod` these devices. -This can be overridden using a third `:rwm` set of options to each `--device` -flag: - -```bash -$ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc - -Command (m for help): q -$ docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk /dev/xvdc -You will not be able to write the partition table. - -Command (m for help): q - -$ docker run --device=/dev/sda:/dev/xvdc:rw --rm -it ubuntu fdisk /dev/xvdc - -Command (m for help): q - -$ docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk /dev/xvdc -fdisk: unable to open /dev/xvdc: Operation not permitted -``` - -> **Note**: `--device` cannot be safely used with ephemeral devices. Block devices -> that may be removed should not be added to untrusted containers with -> `--device`. - -### Restart policies (--restart) - -Use Docker's `--restart` to specify a container's *restart policy*. A restart -policy controls whether the Docker daemon restarts a container after exit. -Docker supports the following restart policies: - -| Policy | Result | -|:----------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `no` | Do not automatically restart the container when it exits. This is the default. | -| `failure` | Restart only if the container exits with a non-zero exit status. Optionally, limit the number of restart retries the Docker daemon attempts. | -| `always` | Always restart the container regardless of the exit status. When you specify always, the Docker daemon will try to restart the container indefinitely. The container will also always start on daemon startup, regardless of the current state of the container. | - -```bash -$ docker run --restart=always redis -``` - -This will run the `redis` container with a restart policy of **always** -so that if the container exits, Docker will restart it. - -More detailed information on restart policies can be found in the -[Restart Policies (--restart)](../run.md#restart-policies-restart) -section of the Docker run reference page. - -### Add entries to container hosts file (--add-host) - -You can add other hosts into a container's `/etc/hosts` file by using one or -more `--add-host` flags. This example adds a static address for a host named -`docker`: - -```bash -$ docker run --add-host=docker:10.180.0.1 --rm -it debian - -root@f38c87f2a42d:/# ping docker -PING docker (10.180.0.1): 48 data bytes -56 bytes from 10.180.0.1: icmp_seq=0 ttl=254 time=7.600 ms -56 bytes from 10.180.0.1: icmp_seq=1 ttl=254 time=30.705 ms -^C--- docker ping statistics --- -2 packets transmitted, 2 packets received, 0% packet loss -round-trip min/avg/max/stddev = 7.600/19.152/30.705/11.553 ms -``` - -Sometimes you need to connect to the Docker host from within your -container. To enable this, pass the Docker host's IP address to -the container using the `--add-host` flag. To find the host's address, -use the `ip addr show` command. - -The flags you pass to `ip addr show` depend on whether you are -using IPv4 or IPv6 networking in your containers. Use the following -flags for IPv4 address retrieval for a network device named `eth0`: - -```bash -$ HOSTIP=`ip -4 addr show scope global dev eth0 | grep inet | awk '{print \$2}' | cut -d / -f 1` -$ docker run --add-host=docker:${HOSTIP} --rm -it debian -``` - -For IPv6 use the `-6` flag instead of the `-4` flag. For other network -devices, replace `eth0` with the correct device name (for example `docker0` -for the bridge device). - -### Set ulimits in container (--ulimit) - -Since setting `ulimit` settings in a container requires extra privileges not -available in the default container, you can set these using the `--ulimit` flag. -`--ulimit` is specified with a soft and hard limit as such: -`=[:]`, for example: - -```bash -$ docker run --ulimit nofile=1024:1024 --rm debian sh -c "ulimit -n" -1024 -``` - -> **Note**: If you do not provide a `hard limit`, the `soft limit` will be used -> for both values. If no `ulimits` are set, they will be inherited from -> the default `ulimits` set on the daemon. `as` option is disabled now. -> In other words, the following script is not supported: -> -> ```bash -> $ docker run -it --ulimit as=1024 fedora /bin/bash` -> ``` - -The values are sent to the appropriate `syscall` as they are set. -Docker doesn't perform any byte conversion. Take this into account when setting the values. - -#### For `nproc` usage - -Be careful setting `nproc` with the `ulimit` flag as `nproc` is designed by Linux to set the -maximum number of processes available to a user, not to a container. For example, start four -containers with `daemon` user: - -```bash -$ docker run -d -u daemon --ulimit nproc=3 busybox top - -$ docker run -d -u daemon --ulimit nproc=3 busybox top - -$ docker run -d -u daemon --ulimit nproc=3 busybox top - -$ docker run -d -u daemon --ulimit nproc=3 busybox top -``` - -The 4th container fails and reports "[8] System error: resource temporarily unavailable" error. -This fails because the caller set `nproc=3` resulting in the first three containers using up -the three processes quota set for the `daemon` user. - -### Stop container with signal (--stop-signal) - -The `--stop-signal` flag sets the system call signal that will be sent to the container to exit. -This signal can be a valid unsigned number that matches a position in the kernel's syscall table, for instance 9, -or a signal name in the format SIGNAME, for instance SIGKILL. - -### Optional security options (--security-opt) - -On Windows, this flag can be used to specify the `credentialspec` option. -The `credentialspec` must be in the format `file://spec.txt` or `registry://keyname`. - -### Stop container with timeout (--stop-timeout) - -The `--stop-timeout` flag sets the timeout (in seconds) that a pre-defined (see `--stop-signal`) system call -signal that will be sent to the container to exit. After timeout elapses the container will be killed with SIGKILL. - -### Specify isolation technology for container (--isolation) - -This option is useful in situations where you are running Docker containers on -Windows. The `--isolation ` option sets a container's isolation technology. -On Linux, the only supported is the `default` option which uses -Linux namespaces. These two commands are equivalent on Linux: - -```bash -$ docker run -d busybox top -$ docker run -d --isolation default busybox top -``` - -On Windows, `--isolation` can take one of these values: - - -| Value | Description | -|:----------|:-------------------------------------------------------------------------------------------| -| `default` | Use the value specified by the Docker daemon's `--exec-opt` or system default (see below). | -| `process` | Shared-kernel namespace isolation (not supported on Windows client operating systems). | -| `hyperv` | Hyper-V hypervisor partition-based isolation. | - -The default isolation on Windows server operating systems is `process`. The default (and only supported) -isolation on Windows client operating systems is `hyperv`. An attempt to start a container on a client -operating system with `--isolation process` will fail. - -On Windows server, assuming the default configuration, these commands are equivalent -and result in `process` isolation: - -```PowerShell -PS C:\> docker run -d microsoft/nanoserver powershell echo process -PS C:\> docker run -d --isolation default microsoft/nanoserver powershell echo process -PS C:\> docker run -d --isolation process microsoft/nanoserver powershell echo process -``` - -If you have set the `--exec-opt isolation=hyperv` option on the Docker `daemon`, or -are running against a Windows client-based daemon, these commands are equivalent and -result in `hyperv` isolation: - -```PowerShell -PS C:\> docker run -d microsoft/nanoserver powershell echo hyperv -PS C:\> docker run -d --isolation default microsoft/nanoserver powershell echo hyperv -PS C:\> docker run -d --isolation hyperv microsoft/nanoserver powershell echo hyperv -``` - -### Specify hard limits on memory available to containers (-m, --memory) - -These parameters always set an upper limit on the memory available to the container. On Linux, this -is set on the cgroup and applications in a container can query it at `/sys/fs/cgroup/memory/memory.limit_in_bytes`. - -On Windows, this will affect containers differently depending on what type of isolation is used. - -- With `process` isolation, Windows will report the full memory of the host system, not the limit to applications running inside the container - ```powershell - docker run -it -m 2GB --isolation=process microsoft/nanoserver powershell Get-ComputerInfo *memory* - - CsTotalPhysicalMemory : 17064509440 - CsPhyicallyInstalledMemory : 16777216 - OsTotalVisibleMemorySize : 16664560 - OsFreePhysicalMemory : 14646720 - OsTotalVirtualMemorySize : 19154928 - OsFreeVirtualMemory : 17197440 - OsInUseVirtualMemory : 1957488 - OsMaxProcessMemorySize : 137438953344 - ``` -- With `hyperv` isolation, Windows will create a utility VM that is big enough to hold the memory limit, plus the minimal OS needed to host the container. That size is reported as "Total Physical Memory." - ```powershell - docker run -it -m 2GB --isolation=hyperv microsoft/nanoserver powershell Get-ComputerInfo *memory* - - CsTotalPhysicalMemory : 2683355136 - CsPhyicallyInstalledMemory : - OsTotalVisibleMemorySize : 2620464 - OsFreePhysicalMemory : 2306552 - OsTotalVirtualMemorySize : 2620464 - OsFreeVirtualMemory : 2356692 - OsInUseVirtualMemory : 263772 - OsMaxProcessMemorySize : 137438953344 - ``` - - -### Configure namespaced kernel parameters (sysctls) at runtime - -The `--sysctl` sets namespaced kernel parameters (sysctls) in the -container. For example, to turn on IP forwarding in the containers -network namespace, run this command: - -```bash -$ docker run --sysctl net.ipv4.ip_forward=1 someimage -``` - -> **Note**: Not all sysctls are namespaced. Docker does not support changing sysctls -> inside of a container that also modify the host system. As the kernel -> evolves we expect to see more sysctls become namespaced. - -#### Currently supported sysctls - -- `IPC Namespace`: - - ```none - kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced - Sysctls beginning with fs.mqueue.* - ``` - - If you use the `--ipc=host` option these sysctls will not be allowed. - -- `Network Namespace`: - - Sysctls beginning with net.* - - If you use the `--network=host` option using these sysctls will not be allowed. diff --git a/components/engine/docs/reference/commandline/save.md b/components/engine/docs/reference/commandline/save.md deleted file mode 100644 index cba7385e11..0000000000 --- a/components/engine/docs/reference/commandline/save.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: "save" -description: "The save command description and usage" -keywords: "tarred, repository, backup" ---- - - - -# save - -```markdown -Usage: docker save [OPTIONS] IMAGE [IMAGE...] - -Save one or more images to a tar archive (streamed to STDOUT by default) - -Options: - --help Print usage - -o, --output string Write to a file, instead of STDOUT -``` - -## Description - -Produces a tarred repository to the standard output stream. -Contains all parent layers, and all tags + versions, or specified `repo:tag`, for -each argument provided. - -## Examples - -### Create a backup that can then be used with `docker load`. - -```bash -$ docker save busybox > busybox.tar - -$ ls -sh busybox.tar - -2.7M busybox.tar - -$ docker save --output busybox.tar busybox - -$ ls -sh busybox.tar - -2.7M busybox.tar - -$ docker save -o fedora-all.tar fedora - -$ docker save -o fedora-latest.tar fedora:latest -``` - -### Cherry-pick particular tags - -You can even cherry-pick particular tags of an image repository. - -```bash -$ docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy -``` diff --git a/components/engine/docs/reference/commandline/search.md b/components/engine/docs/reference/commandline/search.md deleted file mode 100644 index f645c78603..0000000000 --- a/components/engine/docs/reference/commandline/search.md +++ /dev/null @@ -1,149 +0,0 @@ ---- -title: "search" -description: "The search command description and usage" -keywords: "search, hub, images" ---- - - - -# search - -```markdown -Usage: docker search [OPTIONS] TERM - -Search the Docker Hub for images - -Options: - -f, --filter value Filter output based on conditions provided (default []) - - is-automated=(true|false) - - is-official=(true|false) - - stars= - image has at least 'number' stars - --help Print usage - --limit int Max number of search results (default 25) - --no-trunc Don't truncate output -``` - -## Description - -Search [Docker Hub](https://hub.docker.com) for images - -See [*Find Public Images on Docker Hub*](https://docs.docker.com/engine/tutorials/dockerrepos/#searching-for-images) for -more details on finding shared images from the command line. - -> **Note**: Search queries return a maximum of 25 results. - -## Examples - -### Search images by name - -This example displays images with a name containing 'busybox': - -```none -$ docker search busybox - -NAME DESCRIPTION STARS OFFICIAL AUTOMATED -busybox Busybox base image. 316 [OK] -progrium/busybox 50 [OK] -radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] -odise/busybox-python 2 [OK] -azukiapp/busybox This image is meant to be used as the base... 2 [OK] -ofayau/busybox-jvm Prepare busybox to install a 32 bits JVM. 1 [OK] -shingonoide/archlinux-busybox Arch Linux, a lightweight and flexible Lin... 1 [OK] -odise/busybox-curl 1 [OK] -ofayau/busybox-libc32 Busybox with 32 bits (and 64 bits) libs 1 [OK] -peelsky/zulu-openjdk-busybox 1 [OK] -skomma/busybox-data Docker image suitable for data volume cont... 1 [OK] -elektritter/busybox-teamspeak Lightweight teamspeak3 container based on... 1 [OK] -socketplane/busybox 1 [OK] -oveits/docker-nginx-busybox This is a tiny NginX docker image based on... 0 [OK] -ggtools/busybox-ubuntu Busybox ubuntu version with extra goodies 0 [OK] -nikfoundas/busybox-confd Minimal busybox based distribution of confd 0 [OK] -openshift/busybox-http-app 0 [OK] -jllopis/busybox 0 [OK] -swyckoff/busybox 0 [OK] -powellquiring/busybox 0 [OK] -williamyeh/busybox-sh Docker image for BusyBox's sh 0 [OK] -simplexsys/busybox-cli-powered Docker busybox images, with a few often us... 0 [OK] -fhisamoto/busybox-java Busybox java 0 [OK] -scottabernethy/busybox 0 [OK] -marclop/busybox-solr -``` - -### Display non-truncated description (--no-trunc) - -This example displays images with a name containing 'busybox', -at least 3 stars and the description isn't truncated in the output: - -```bash -$ docker search --stars=3 --no-trunc busybox -NAME DESCRIPTION STARS OFFICIAL AUTOMATED -busybox Busybox base image. 325 [OK] -progrium/busybox 50 [OK] -radial/busyboxplus Full-chain, Internet enabled, busybox made from scratch. Comes in git and cURL flavors. 8 [OK] -``` - -### Limit search results (--limit) - -The flag `--limit` is the maximum number of results returned by a search. This value could -be in the range between 1 and 100. The default value of `--limit` is 25. - - -### Filtering - -The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more -than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`) - -The currently supported filters are: - -* stars (int - number of stars the image has) -* is-automated (true|false) - is the image automated or not -* is-official (true|false) - is the image official or not - - -#### stars - -This example displays images with a name containing 'busybox' and at -least 3 stars: - -```bash -$ docker search --filter stars=3 busybox - -NAME DESCRIPTION STARS OFFICIAL AUTOMATED -busybox Busybox base image. 325 [OK] -progrium/busybox 50 [OK] -radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] -``` - - -#### is-automated - -This example displays images with a name containing 'busybox' -and are automated builds: - -```bash -$ docker search --filter is-automated busybox - -NAME DESCRIPTION STARS OFFICIAL AUTOMATED -progrium/busybox 50 [OK] -radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] -``` - -#### is-official - -This example displays images with a name containing 'busybox', at least -3 stars and are official builds: - -```bash -$ docker search --filter "is-official=true" --filter "stars=3" busybox - -NAME DESCRIPTION STARS OFFICIAL AUTOMATED -progrium/busybox 50 [OK] -radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] -``` diff --git a/components/engine/docs/reference/commandline/secret.md b/components/engine/docs/reference/commandline/secret.md deleted file mode 100644 index 50734407ab..0000000000 --- a/components/engine/docs/reference/commandline/secret.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: "secret" -description: "The secret command description and usage" -keywords: "secret" ---- - - - -# secret - -```markdown -Usage: docker secret COMMAND - -Manage Docker secrets - -Options: - --help Print usage - -Commands: - create Create a secret from a file or STDIN as content - inspect Display detailed information on one or more secrets - ls List secrets - rm Remove one or more secrets - -Run 'docker secret COMMAND --help' for more information on a command. - -``` - -## Description - -Manage secrets. - -## Related commands - -* [secret create](secret_create.md) -* [secret inspect](secret_inspect.md) -* [secret list](secret_list.md) -* [secret rm](secret_rm.md) diff --git a/components/engine/docs/reference/commandline/secret_create.md b/components/engine/docs/reference/commandline/secret_create.md deleted file mode 100644 index e534dde553..0000000000 --- a/components/engine/docs/reference/commandline/secret_create.md +++ /dev/null @@ -1,99 +0,0 @@ ---- -title: "secret create" -description: "The secret create command description and usage" -keywords: ["secret, create"] ---- - - - -# secret create - -```Markdown -Usage: docker secret create [OPTIONS] SECRET file|- - -Create a secret from a file or STDIN as content - -Options: - --help Print usage - -l, --label list Secret labels (default []) -``` - -## Description - -Creates a secret using standard input or from a file for the secret content. You must run this command on a manager node. - -For detailed information about using secrets, refer to [manage sensitive data with Docker secrets](https://docs.docker.com/engine/swarm/secrets/). - -## Examples - -### Create a secret - -```bash -$ echo | docker secret create my_secret - - -onakdyv307se2tl7nl20anokv - -$ docker secret ls - -ID NAME CREATED UPDATED -onakdyv307se2tl7nl20anokv my_secret 6 seconds ago 6 seconds ago -``` - -### Create a secret with a file - -```bash -$ docker secret create my_secret ./secret.json - -dg426haahpi5ezmkkj5kyl3sn - -$ docker secret ls - -ID NAME CREATED UPDATED -dg426haahpi5ezmkkj5kyl3sn my_secret 7 seconds ago 7 seconds ago -``` - -### Create a secret with labels - -```bash -$ docker secret create --label env=dev \ - --label rev=20170324 \ - my_secret ./secret.json - -eo7jnzguqgtpdah3cm5srfb97 -``` - -```none -$ docker secret inspect my_secret - -[ - { - "ID": "eo7jnzguqgtpdah3cm5srfb97", - "Version": { - "Index": 17 - }, - "CreatedAt": "2017-03-24T08:15:09.735271783Z", - "UpdatedAt": "2017-03-24T08:15:09.735271783Z", - "Spec": { - "Name": "my_secret", - "Labels": { - "env": "dev", - "rev": "20170324" - } - } - } -] -``` - - -## Related commands - -* [secret inspect](secret_inspect.md) -* [secret ls](secret_ls.md) -* [secret rm](secret_rm.md) diff --git a/components/engine/docs/reference/commandline/secret_inspect.md b/components/engine/docs/reference/commandline/secret_inspect.md deleted file mode 100644 index cecf3c1ddc..0000000000 --- a/components/engine/docs/reference/commandline/secret_inspect.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -title: "secret inspect" -description: "The secret inspect command description and usage" -keywords: ["secret, inspect"] ---- - - - -# secret inspect - -```Markdown -Usage: docker secret inspect [OPTIONS] SECRET [SECRET...] - -Display detailed information on one or more secrets - -Options: - -f, --format string Format the output using the given Go template - --help Print usage -``` - -## Description - -Inspects the specified secret. This command has to be run targeting a manager -node. - -By default, this renders all results in a JSON array. If a format is specified, -the given template will be executed for each result. - -Go's [text/template](http://golang.org/pkg/text/template/) package -describes all the details of the format. - -For detailed information about using secrets, refer to [manage sensitive data with Docker secrets](https://docs.docker.com/engine/swarm/secrets/). - -## Examples - -### Inspect a secret by name or ID - -You can inspect a secret, either by its *name*, or *ID* - -For example, given the following secret: - -```bash -$ docker secret ls - -ID NAME CREATED UPDATED -eo7jnzguqgtpdah3cm5srfb97 my_secret 3 minutes ago 3 minutes ago -``` - -```none -$ docker secret inspect secret.json - -[ - { - "ID": "eo7jnzguqgtpdah3cm5srfb97", - "Version": { - "Index": 17 - }, - "CreatedAt": "2017-03-24T08:15:09.735271783Z", - "UpdatedAt": "2017-03-24T08:15:09.735271783Z", - "Spec": { - "Name": "my_secret", - "Labels": { - "env": "dev", - "rev": "20170324" - } - } - } -] -``` - -### Formatting - -You can use the --format option to obtain specific information about a -secret. The following example command outputs the creation time of the -secret. - -```bash -$ docker secret inspect --format='{{.CreatedAt}}' eo7jnzguqgtpdah3cm5srfb97 - -2017-03-24 08:15:09.735271783 +0000 UTC -``` - - -## Related commands - -* [secret create](secret_create.md) -* [secret ls](secret_ls.md) -* [secret rm](secret_rm.md) diff --git a/components/engine/docs/reference/commandline/secret_ls.md b/components/engine/docs/reference/commandline/secret_ls.md deleted file mode 100644 index 9b60227b8e..0000000000 --- a/components/engine/docs/reference/commandline/secret_ls.md +++ /dev/null @@ -1,157 +0,0 @@ ---- -title: "secret ls" -description: "The secret ls command description and usage" -keywords: ["secret, ls"] ---- - - - -# secret ls - -```Markdown -Usage: docker secret ls [OPTIONS] - -List secrets - -Aliases: - ls, list - -Options: - -f, --filter filter Filter output based on conditions provided - --format string Pretty-print secrets using a Go template - --help Print usage - -q, --quiet Only display IDs -``` - -## Description - -Run this command on a manager node to list the secrets in the swarm. - -For detailed information about using secrets, refer to [manage sensitive data with Docker secrets](https://docs.docker.com/engine/swarm/secrets/). - -## Examples - -```bash -$ docker secret ls - -ID NAME CREATED UPDATED -6697bflskwj1998km1gnnjr38 q5s5570vtvnimefos1fyeo2u2 6 weeks ago 6 weeks ago -9u9hk4br2ej0wgngkga6rp4hq my_secret 5 weeks ago 5 weeks ago -mem02h8n73mybpgqjf0kfi1n0 test_secret 3 seconds ago 3 seconds ago -``` - -### Filtering - -The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more -than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - -The currently supported filters are: - -* [id](secret_ls.md#id) (secret's ID) -* [label](secret_ls.md#label) (`label=` or `label==`) -* [name](secret_ls.md#name) (secret's name) - -#### id - -The `id` filter matches all or prefix of a secret's id. - -```bash -$ docker secret ls -f "id=6697bflskwj1998km1gnnjr38" - -ID NAME CREATED UPDATED -6697bflskwj1998km1gnnjr38 q5s5570vtvnimefos1fyeo2u2 6 weeks ago 6 weeks ago -``` - -#### label - -The `label` filter matches secrets based on the presence of a `label` alone or -a `label` and a value. - -The following filter matches all secrets with a `project` label regardless of -its value: - -```bash -$ docker secret ls --filter label=project - -ID NAME CREATED UPDATED -mem02h8n73mybpgqjf0kfi1n0 test_secret About an hour ago About an hour ago -``` - -The following filter matches only services with the `project` label with the -`project-a` value. - -```bash -$ docker service ls --filter label=project=test - -ID NAME CREATED UPDATED -mem02h8n73mybpgqjf0kfi1n0 test_secret About an hour ago About an hour ago -``` - -#### name - -The `name` filter matches on all or prefix of a secret's name. - -The following filter matches secret with a name containing a prefix of `test`. - -```bash -$ docker secret ls --filter name=test_secret - -ID NAME CREATED UPDATED -mem02h8n73mybpgqjf0kfi1n0 test_secret About an hour ago About an hour ago -``` - -### Format the output - -The formatting option (`--format`) pretty prints secrets output -using a Go template. - -Valid placeholders for the Go template are listed below: - -| Placeholder | Description | -| ------------ | ------------------------------------------------------------------------------------ | -| `.ID` | Secret ID | -| `.Name` | Secret name | -| `.CreatedAt` | Time when the secret was created | -| `.UpdatedAt` | Time when the secret was updated | -| `.Labels` | All labels assigned to the secret | -| `.Label` | Value of a specific label for this secret. For example `{{.Label "secret.ssh.key"}}` | - -When using the `--format` option, the `secret ls` command will either -output the data exactly as the template declares or, when using the -`table` directive, will include column headers as well. - -The following example uses a template without headers and outputs the -`ID` and `Name` entries separated by a colon for all images: - -```bash -$ docker secret ls --format "{{.ID}}: {{.Name}}" - -77af4d6b9913: secret-1 -b6fa739cedf5: secret-2 -78a85c484f71: secret-3 -``` - -To list all secrets with their name and created date in a table format you -can use: - -```bash -$ docker secret ls --format "table {{.ID}}\t{{.Name}}\t{{.CreatedAt}}" - -ID NAME CREATED -77af4d6b9913 secret-1 5 minutes ago -b6fa739cedf5 secret-2 3 hours ago -78a85c484f71 secret-3 10 days ago -``` - -## Related commands - -* [secret create](secret_create.md) -* [secret inspect](secret_inspect.md) -* [secret rm](secret_rm.md) diff --git a/components/engine/docs/reference/commandline/secret_rm.md b/components/engine/docs/reference/commandline/secret_rm.md deleted file mode 100644 index 1e10350f96..0000000000 --- a/components/engine/docs/reference/commandline/secret_rm.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: "secret rm" -description: "The secret rm command description and usage" -keywords: ["secret, rm"] ---- - - - -# secret rm - -```Markdown -Usage: docker secret rm SECRET [SECRET...] - -Remove one or more secrets - -Aliases: - rm, remove - -Options: - --help Print usage -``` - -## Description - -Removes the specified secrets from the swarm. This command has to be run -targeting a manager node. - -For detailed information about using secrets, refer to [manage sensitive data with Docker secrets](https://docs.docker.com/engine/swarm/secrets/). - -## Examples - -This example removes a secret: - -```bash -$ docker secret rm secret.json -sapth4csdo5b6wz2p5uimh5xg -``` - -> **Warning**: Unlike `docker rm`, this command does not ask for confirmation -> before removing a secret. - - -## Related commands - -* [secret create](secret_create.md) -* [secret inspect](secret_inspect.md) -* [secret ls](secret_ls.md) diff --git a/components/engine/docs/reference/commandline/service.md b/components/engine/docs/reference/commandline/service.md deleted file mode 100644 index 2c12c67648..0000000000 --- a/components/engine/docs/reference/commandline/service.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: "service" -description: "The service command description and usage" -keywords: "service" ---- - - - -# service - -```markdown -Usage: docker service COMMAND - -Manage services - -Options: - --help Print usage - -Commands: - create Create a new service - inspect Display detailed information on one or more services - logs Fetch the logs of a service or task - ls List services - ps List the tasks of one or more services - rm Remove one or more services - scale Scale one or multiple replicated services - update Update a service - -Run 'docker service COMMAND --help' for more information on a command. -``` - -## Description - -Manage services. - diff --git a/components/engine/docs/reference/commandline/service_create.md b/components/engine/docs/reference/commandline/service_create.md deleted file mode 100644 index 78faa98bf7..0000000000 --- a/components/engine/docs/reference/commandline/service_create.md +++ /dev/null @@ -1,846 +0,0 @@ ---- -title: "service create" -description: "The service create command description and usage" -keywords: "service, create" ---- - - - -# service create - -```Markdown -Usage: docker service create [OPTIONS] IMAGE [COMMAND] [ARG...] - -Create a new service - -Options: - --constraint list Placement constraints - --container-label list Container labels - -d, --detach Exit immediately instead of waiting for the service to converge (default true) - --dns list Set custom DNS servers - --dns-option list Set DNS options - --dns-search list Set custom DNS search domains - --endpoint-mode string Endpoint mode (vip or dnsrr) (default "vip") - --entrypoint command Overwrite the default ENTRYPOINT of the image - -e, --env list Set environment variables - --env-file list Read in a file of environment variables - --group list Set one or more supplementary user groups for the container - --health-cmd string Command to run to check health - --health-interval duration Time between running the check (ms|s|m|h) - --health-retries int Consecutive failures needed to report unhealthy - --health-start-period duration Start period for the container to initialize before counting retries towards unstable (ms|s|m|h) - --health-timeout duration Maximum time to allow one check to run (ms|s|m|h) - --help Print usage - --host list Set one or more custom host-to-IP mappings (host:ip) - --hostname string Container hostname - -l, --label list Service labels - --limit-cpu decimal Limit CPUs - --limit-memory bytes Limit Memory - --log-driver string Logging driver for service - --log-opt list Logging driver options - --mode string Service mode (replicated or global) (default "replicated") - --mount mount Attach a filesystem mount to the service - --name string Service name - --network list Network attachments - --no-healthcheck Disable any container-specified HEALTHCHECK - --placement-pref pref Add a placement preference - -p, --publish port Publish a port as a node port - -q, --quiet Suppress progress output - --read-only Mount the container's root filesystem as read only - --replicas uint Number of tasks - --reserve-cpu decimal Reserve CPUs - --reserve-memory bytes Reserve Memory - --restart-condition string Restart when condition is met ("none"|"on-failure"|"any") (default "any") - --restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h) (default 5s) - --restart-max-attempts uint Maximum number of restarts before giving up - --restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h) - --rollback-delay duration Delay between task rollbacks (ns|us|ms|s|m|h) (default 0s) - --rollback-failure-action string Action on rollback failure ("pause"|"continue") (default "pause") - --rollback-max-failure-ratio float Failure rate to tolerate during a rollback (default 0) - --rollback-monitor duration Duration after each task rollback to monitor for failure (ns|us|ms|s|m|h) (default 5s) - --rollback-order string Rollback order ("start-first"|"stop-first") (default "stop-first") - --rollback-parallelism uint Maximum number of tasks rolled back simultaneously (0 to roll back all at once) (default 1) - --secret secret Specify secrets to expose to the service - --stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) (default 10s) - --stop-signal string Signal to stop the container - -t, --tty Allocate a pseudo-TTY - --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) - --update-failure-action string Action on update failure ("pause"|"continue"|"rollback") (default "pause") - --update-max-failure-ratio float Failure rate to tolerate during an update (default 0) - --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 5s) - --update-order string Update order ("start-first"|"stop-first") (default "stop-first") - --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) - -u, --user string Username or UID (format: [:]) - --with-registry-auth Send registry authentication details to swarm agents - -w, --workdir string Working directory inside the container -``` - -## Description - -Creates a service as described by the specified parameters. You must run this -command on a manager node. - -## Examples - -### Create a service - -```bash -$ docker service create --name redis redis:3.0.6 - -dmu1ept4cxcfe8k8lhtux3ro3 - -$ docker service create --mode global --name redis2 redis:3.0.6 - -a8q9dasaafudfs8q8w32udass - -$ docker service ls - -ID NAME MODE REPLICAS IMAGE -dmu1ept4cxcf redis replicated 1/1 redis:3.0.6 -a8q9dasaafud redis2 global 1/1 redis:3.0.6 -``` - -### Create a service with 5 replica tasks (--replicas) - -Use the `--replicas` flag to set the number of replica tasks for a replicated -service. The following command creates a `redis` service with `5` replica tasks: - -```bash -$ docker service create --name redis --replicas=5 redis:3.0.6 - -4cdgfyky7ozwh3htjfw0d12qv -``` - -The above command sets the *desired* number of tasks for the service. Even -though the command returns immediately, actual scaling of the service may take -some time. The `REPLICAS` column shows both the *actual* and *desired* number -of replica tasks for the service. - -In the following example the desired state is `5` replicas, but the current -number of `RUNNING` tasks is `3`: - -```bash -$ docker service ls - -ID NAME MODE REPLICAS IMAGE -4cdgfyky7ozw redis replicated 3/5 redis:3.0.7 -``` - -Once all the tasks are created and `RUNNING`, the actual number of tasks is -equal to the desired number: - -```bash -$ docker service ls - -ID NAME MODE REPLICAS IMAGE -4cdgfyky7ozw redis replicated 5/5 redis:3.0.7 -``` - -### Create a service with secrets - -Use the `--secret` flag to give a container access to a -[secret](secret_create.md). - -Create a service specifying a secret: - -```bash -$ docker service create --name redis --secret secret.json redis:3.0.6 - -4cdgfyky7ozwh3htjfw0d12qv -``` - -Create a service specifying the secret, target, user/group ID and mode: - -```bash -$ docker service create --name redis \ - --secret source=ssh-key,target=ssh \ - --secret source=app-key,target=app,uid=1000,gid=1001,mode=0400 \ - redis:3.0.6 - -4cdgfyky7ozwh3htjfw0d12qv -``` - -Secrets are located in `/run/secrets` in the container. If no target is -specified, the name of the secret will be used as the in memory file in the -container. If a target is specified, that will be the filename. In the -example above, two files will be created: `/run/secrets/ssh` and -`/run/secrets/app` for each of the secret targets specified. - -### Create a service with a rolling update policy - -```bash -$ docker service create \ - --replicas 10 \ - --name redis \ - --update-delay 10s \ - --update-parallelism 2 \ - redis:3.0.6 -``` - -When you run a [service update](service_update.md), the scheduler updates a -maximum of 2 tasks at a time, with `10s` between updates. For more information, -refer to the [rolling updates -tutorial](https://docs.docker.com/engine/swarm/swarm-tutorial/rolling-update/). - -### Set environment variables (-e, --env) - -This sets environmental variables for all tasks in a service. For example: - -```bash -$ docker service create --name redis_2 --replicas 5 --env MYVAR=foo redis:3.0.6 -``` - -### Create a service with specific hostname (--hostname) - -This option sets the docker service containers hostname to a specific string. -For example: - -```bash -$ docker service create --name redis --hostname myredis redis:3.0.6 -``` - -### Set metadata on a service (-l, --label) - -A label is a `key=value` pair that applies metadata to a service. To label a -service with two labels: - -```bash -$ docker service create \ - --name redis_2 \ - --label com.example.foo="bar" - --label bar=baz \ - redis:3.0.6 -``` - -For more information about labels, refer to [apply custom -metadata](https://docs.docker.com/engine/userguide/labels-custom-metadata/). - -### Add bind-mounts or volumes - -Docker supports two different kinds of mounts, which allow containers to read to -or write from files or directories on other containers or the host operating -system. These types are _data volumes_ (often referred to simply as volumes) and -_bind-mounts_. - -Additionally, Docker supports `tmpfs` mounts. - -A **bind-mount** makes a file or directory on the host available to the -container it is mounted within. A bind-mount may be either read-only or -read-write. For example, a container might share its host's DNS information by -means of a bind-mount of the host's `/etc/resolv.conf` or a container might -write logs to its host's `/var/log/myContainerLogs` directory. If you use -bind-mounts and your host and containers have different notions of permissions, -access controls, or other such details, you will run into portability issues. - -A **named volume** is a mechanism for decoupling persistent data needed by your -container from the image used to create the container and from the host machine. -Named volumes are created and managed by Docker, and a named volume persists -even when no container is currently using it. Data in named volumes can be -shared between a container and the host machine, as well as between multiple -containers. Docker uses a _volume driver_ to create, manage, and mount volumes. -You can back up or restore volumes using Docker commands. - -A **tmpfs** mounts a tmpfs inside a container for volatile data. - -Consider a situation where your image starts a lightweight web server. You could -use that image as a base image, copy in your website's HTML files, and package -that into another image. Each time your website changed, you'd need to update -the new image and redeploy all of the containers serving your website. A better -solution is to store the website in a named volume which is attached to each of -your web server containers when they start. To update the website, you just -update the named volume. - -For more information about named volumes, see -[Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/). - -The following table describes options which apply to both bind-mounts and named -volumes in a service: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OptionRequiredDescription
types -

The type of mount, can be either volume, bind, or tmpfs. Defaults to volume if no type is specified. -

    -
  • volume: mounts a [managed volume](volume_create.md) into the container.
    • -
  • bind: bind-mounts a directory or file from the host into the container.
    • -
  • tmpfs: mount a tmpfs in the container
    • -

-
src or sourcefor type=bind only> -
    -
  • - type=volume: src is an optional way to specify the name of the volume (for example, src=my-volume). - If the named volume does not exist, it is automatically created. If no src is specified, the volume is - assigned a random name which is guaranteed to be unique on the host, but may not be unique cluster-wide. - A randomly-named volume has the same lifecycle as its container and is destroyed when the container - is destroyed (which is upon service update, or when scaling or re-balancing the service) -
    • -
  • - type=bind: src is required, and specifies an absolute path to the file or directory to bind-mount - (for example, src=/path/on/host/). An error is produced if the file or directory does not exist. -
    • -
  • - type=tmpfs: src is not supported. -
    • -
-

dst or destination or target

yes -

Mount path inside the container, for example /some/path/in/container/. - If the path does not exist in the container's filesystem, the Engine creates - a directory at the specified location before mounting the volume or bind-mount.

-

readonly or ro

 -

The Engine mounts binds and volumes read-write unless readonly option - is given when mounting the bind or volume. -

    -
  • true or 1 or no value: Mounts the bind or volume read-only.
    • -
  • false or 0: Mounts the bind or volume read-write.
    • -

-
consistency -

The consistency requirements for the mount; one of -

    -
  • default: Equivalent to consistent.
    • -
  • consistent: Full consistency. The container runtime and the host maintain an identical view of the mount at all times.
    • -
  • cached: The host's view of the mount is authoritative. There may be delays before updates made on the host are visible within a container.
    • -
  • delegated: The container runtime's view of the mount is authoritative. There may be delays before updates made in a container are are visible on the host.
    • -
-

-
- -#### Bind Propagation - -Bind propagation refers to whether or not mounts created within a given -bind-mount or named volume can be propagated to replicas of that mount. Consider -a mount point `/mnt`, which is also mounted on `/tmp`. The propation settings -control whether a mount on `/tmp/a` would also be available on `/mnt/a`. Each -propagation setting has a recursive counterpoint. In the case of recursion, -consider that `/tmp/a` is also mounted as `/foo`. The propagation settings -control whether `/mnt/a` and/or `/tmp/a` would exist. - -The `bind-propagation` option defaults to `rprivate` for both bind-mounts and -volume mounts, and is only configurable for bind-mounts. In other words, named -volumes do not support bind propagation. - -- **`shared`**: Sub-mounts of the original mount are exposed to replica mounts, - and sub-mounts of replica mounts are also propagated to the - original mount. -- **`slave`**: similar to a shared mount, but only in one direction. If the - original mount exposes a sub-mount, the replica mount can see it. - However, if the replica mount exposes a sub-mount, the original - mount cannot see it. -- **`private`**: The mount is private. Sub-mounts within it are not exposed to - replica mounts, and sub-mounts of replica mounts are not - exposed to the original mount. -- **`rshared`**: The same as shared, but the propagation also extends to and from - mount points nested within any of the original or replica mount - points. -- **`rslave`**: The same as `slave`, but the propagation also extends to and from - mount points nested within any of the original or replica mount - points. -- **`rprivate`**: The default. The same as `private`, meaning that no mount points - anywhere within the original or replica mount points propagate - in either direction. - -For more information about bind propagation, see the -[Linux kernel documentation for shared subtree](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt). - -#### Options for Named Volumes - -The following options can only be used for named volumes (`type=volume`); - - - - - - - - - - - - - - - - - - - - - - - -
OptionDescription
volume-driver -

Name of the volume-driver plugin to use for the volume. Defaults to - "local", to use the local volume driver to create the volume if the - volume does not exist.

-
volume-label - One or more custom metadata ("labels") to apply to the volume upon - creation. For example, - `volume-label=mylabel=hello-world,my-other-label=hello-mars`. For more - information about labels, refer to - apply custom metadata. -
volume-nocopy - By default, if you attach an empty volume to a container, and files or - directories already existed at the mount-path in the container (dst), - the Engine copies those files and directories into the volume, allowing - the host to access them. Set `volume-nocopy` to disables copying files - from the container's filesystem to the volume and mount the empty volume. - - A value is optional: - -
    -
  • true or 1: Default if you do not provide a value. Disables copying.
    • -
  • false or 0: Enables copying.
    • -
-
volume-opt - Options specific to a given volume driver, which will be passed to the - driver when creating the volume. Options are provided as a comma-separated - list of key/value pairs, for example, - volume-opt=some-option=some-value,volume-opt=some-other-option=some-other-value. - For available options for a given driver, refer to that driver's - documentation. -
- - -#### Options for tmpfs - -The following options can only be used for tmpfs mounts (`type=tmpfs`); - - - - - - - - - - - - - - - -
OptionDescription
tmpfs-sizeSize of the tmpfs mount in bytes. Unlimited by default in Linux.
tmpfs-modeFile mode of the tmpfs in octal. (e.g. "700" or "0700".) Defaults to "1777" in Linux.
- - -#### Differences between "--mount" and "--volume" - -The `--mount` flag supports most options that are supported by the `-v` -or `--volume` flag for `docker run`, with some important exceptions: - -- The `--mount` flag allows you to specify a volume driver and volume driver - options *per volume*, without creating the volumes in advance. In contrast, - `docker run` allows you to specify a single volume driver which is shared - by all volumes, using the `--volume-driver` flag. - -- The `--mount` flag allows you to specify custom metadata ("labels") for a volume, - before the volume is created. - -- When you use `--mount` with `type=bind`, the host-path must refer to an *existing* - path on the host. The path will not be created for you and the service will fail - with an error if the path does not exist. - -- The `--mount` flag does not allow you to relabel a volume with `Z` or `z` flags, - which are used for `selinux` labeling. - -#### Create a service using a named volume - -The following example creates a service that uses a named volume: - -```bash -$ docker service create \ - --name my-service \ - --replicas 3 \ - --mount type=volume,source=my-volume,destination=/path/in/container,volume-label="color=red",volume-label="shape=round" \ - nginx:alpine -``` - -For each replica of the service, the engine requests a volume named "my-volume" -from the default ("local") volume driver where the task is deployed. If the -volume does not exist, the engine creates a new volume and applies the "color" -and "shape" labels. - -When the task is started, the volume is mounted on `/path/in/container/` inside -the container. - -Be aware that the default ("local") volume is a locally scoped volume driver. -This means that depending on where a task is deployed, either that task gets a -*new* volume named "my-volume", or shares the same "my-volume" with other tasks -of the same service. Multiple containers writing to a single shared volume can -cause data corruption if the software running inside the container is not -designed to handle concurrent processes writing to the same location. Also take -into account that containers can be re-scheduled by the Swarm orchestrator and -be deployed on a different node. - -#### Create a service that uses an anonymous volume - -The following command creates a service with three replicas with an anonymous -volume on `/path/in/container`: - -```bash -$ docker service create \ - --name my-service \ - --replicas 3 \ - --mount type=volume,destination=/path/in/container \ - nginx:alpine -``` - -In this example, no name (`source`) is specified for the volume, so a new volume -is created for each task. This guarantees that each task gets its own volume, -and volumes are not shared between tasks. Anonymous volumes are removed after -the task using them is complete. - -#### Create a service that uses a bind-mounted host directory - -The following example bind-mounts a host directory at `/path/in/container` in -the containers backing the service: - -```bash -$ docker service create \ - --name my-service \ - --mount type=bind,source=/path/on/host,destination=/path/in/container \ - nginx:alpine -``` - -### Set service mode (--mode) - -The service mode determines whether this is a _replicated_ service or a _global_ -service. A replicated service runs as many tasks as specified, while a global -service runs on each active node in the swarm. - -The following command creates a global service: - -```bash -$ docker service create \ - --name redis_2 \ - --mode global \ - redis:3.0.6 -``` - -### Specify service constraints (--constraint) - -You can limit the set of nodes where a task can be scheduled by defining -constraint expressions. Multiple constraints find nodes that satisfy every -expression (AND match). Constraints can match node or Docker Engine labels as -follows: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
node attributematchesexample
node.idNode IDnode.id == 2ivku8v2gvtg4
node.hostnameNode hostnamenode.hostname != node-2
node.roleNode rolenode.role == manager
node.labelsuser defined node labelsnode.labels.security == high
engine.labelsDocker Engine's labelsengine.labels.operatingsystem == ubuntu 14.04
- - -`engine.labels` apply to Docker Engine labels like operating system, -drivers, etc. Swarm administrators add `node.labels` for operational purposes by -using the [`docker node update`](node_update.md) command. - -For example, the following limits tasks for the redis service to nodes where the -node type label equals queue: - -```bash -$ docker service create \ - --name redis_2 \ - --constraint 'node.labels.type == queue' \ - redis:3.0.6 -``` - -### Specify service placement preferences (--placement-pref) - -You can set up the service to divide tasks evenly over different categories of -nodes. One example of where this can be useful is to balance tasks over a set -of datacenters or availability zones. The example below illustrates this: - -```bash -$ docker service create \ - --replicas 9 \ - --name redis_2 \ - --placement-pref 'spread=node.labels.datacenter' \ - redis:3.0.6 -``` - -This uses `--placement-pref` with a `spread` strategy (currently the only -supported strategy) to spread tasks evenly over the values of the `datacenter` -node label. In this example, we assume that every node has a `datacenter` node -label attached to it. If there are three different values of this label among -nodes in the swarm, one third of the tasks will be placed on the nodes -associated with each value. This is true even if there are more nodes with one -value than another. For example, consider the following set of nodes: - -- Three nodes with `node.labels.datacenter=east` -- Two nodes with `node.labels.datacenter=south` -- One node with `node.labels.datacenter=west` - -Since we are spreading over the values of the `datacenter` label and the -service has 9 replicas, 3 replicas will end up in each datacenter. There are -three nodes associated with the value `east`, so each one will get one of the -three replicas reserved for this value. There are two nodes with the value -`south`, and the three replicas for this value will be divided between them, -with one receiving two replicas and another receiving just one. Finally, `west` -has a single node that will get all three replicas reserved for `west`. - -If the nodes in one category (for example, those with -`node.labels.datacenter=south`) can't handle their fair share of tasks due to -constraints or resource limitations, the extra tasks will be assigned to other -nodes instead, if possible. - -Both engine labels and node labels are supported by placement preferences. The -example above uses a node label, because the label is referenced with -`node.labels.datacenter`. To spread over the values of an engine label, use -`--placement-pref spread=engine.labels.`. - -It is possible to add multiple placement preferences to a service. This -establishes a hierarchy of preferences, so that tasks are first divided over -one category, and then further divided over additional categories. One example -of where this may be useful is dividing tasks fairly between datacenters, and -then splitting the tasks within each datacenter over a choice of racks. To add -multiple placement preferences, specify the `--placement-pref` flag multiple -times. The order is significant, and the placement preferences will be applied -in the order given when making scheduling decisions. - -The following example sets up a service with multiple placement preferences. -Tasks are spread first over the various datacenters, and then over racks -(as indicated by the respective labels): - -```bash -$ docker service create \ - --replicas 9 \ - --name redis_2 \ - --placement-pref 'spread=node.labels.datacenter' \ - --placement-pref 'spread=node.labels.rack' \ - redis:3.0.6 -``` - -When updating a service with `docker service update`, `--placement-pref-add` -appends a new placement preference after all existing placement preferences. -`--placement-pref-rm` removes an existing placement preference that matches the -argument. - -### Attach a service to an existing network (--network) - -You can use overlay networks to connect one or more services within the swarm. - -First, create an overlay network on a manager node the docker network create -command: - -```bash -$ docker network create --driver overlay my-network - -etjpu59cykrptrgw0z0hk5snf -``` - -After you create an overlay network in swarm mode, all manager nodes have -access to the network. - -When you create a service and pass the --network flag to attach the service to -the overlay network: - -```bash -$ docker service create \ - --replicas 3 \ - --network my-network \ - --name my-web \ - nginx - -716thylsndqma81j6kkkb5aus -``` - -The swarm extends my-network to each node running the service. - -Containers on the same network can access each other using -[service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery). - -### Publish service ports externally to the swarm (-p, --publish) - -You can publish service ports to make them available externally to the swarm -using the `--publish` flag: - -```bash -$ docker service create --publish : nginx -``` - -For example: - -```bash -$ docker service create --name my_web --replicas 3 --publish 8080:80 nginx -``` - -When you publish a service port, the swarm routing mesh makes the service -accessible at the target port on every node regardless if there is a task for -the service running on the node. For more information refer to -[Use swarm mode routing mesh](https://docs.docker.com/engine/swarm/ingress/). - -### Publish a port for TCP only or UDP only - -By default, when you publish a port, it is a TCP port. You can -specifically publish a UDP port instead of or in addition to a TCP port. When -you publish both TCP and UDP ports, Docker 1.12.2 and earlier require you to -add the suffix `/tcp` for TCP ports. Otherwise it is optional. - -#### TCP only - -The following two commands are equivalent. - -```bash -$ docker service create --name dns-cache -p 53:53 dns-cache - -$ docker service create --name dns-cache -p 53:53/tcp dns-cache -``` - -#### TCP and UDP - -```bash -$ docker service create --name dns-cache -p 53:53/tcp -p 53:53/udp dns-cache -``` - -#### UDP only - -```bash -$ docker service create --name dns-cache -p 53:53/udp dns-cache -``` - -### Create services using templates - -You can use templates for some flags of `service create`, using the syntax -provided by the Go's [text/template](http://golang.org/pkg/text/template/) package. - -The supported flags are the following : - -- `--hostname` -- `--mount` -- `--env` - -Valid placeholders for the Go template are listed below: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PlaceholderDescription
.Service.IDService ID
.Service.NameService name
.Service.LabelsService labels
.Node.IDNode ID
.Task.IDTask ID
.Task.NameTask name
.Task.SlotTask slot
- - -#### Template example - -In this example, we are going to set the template of the created containers based on the -service's name and the node's ID where it sits. - -```bash -$ docker service create --name hosttempl \ - --hostname="{{.Node.ID}}-{{.Service.Name}}"\ - busybox top - -va8ew30grofhjoychbr6iot8c - -$ docker service ps va8ew30grofhjoychbr6iot8c - -ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS -wo41w8hg8qan hosttempl.1 busybox:latest@sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912 2e7a8a9c4da2 Running Running about a minute ago - -$ docker inspect --format="{{.Config.Hostname}}" hosttempl.1.wo41w8hg8qanxwjwsg4kxpprj - -x3ti0erg11rjpg64m75kej2mz-hosttempl -``` - -## Related commands - -* [service inspect](service_inspect.md) -* [service logs](service_logs.md) -* [service ls](service_ls.md) -* [service rm](service_rm.md) -* [service scale](service_scale.md) -* [service ps](service_ps.md) -* [service update](service_update.md) - - diff --git a/components/engine/docs/reference/commandline/service_inspect.md b/components/engine/docs/reference/commandline/service_inspect.md deleted file mode 100644 index 24c593cec9..0000000000 --- a/components/engine/docs/reference/commandline/service_inspect.md +++ /dev/null @@ -1,170 +0,0 @@ ---- -title: "service inspect" -description: "The service inspect command description and usage" -keywords: "service, inspect" ---- - - - -# service inspect - -```Markdown -Usage: docker service inspect [OPTIONS] SERVICE [SERVICE...] - -Display detailed information on one or more services - -Options: - -f, --format string Format the output using the given Go template - --help Print usage - --pretty Print the information in a human friendly format -``` - -## Description - -Inspects the specified service. This command has to be run targeting a manager -node. - -By default, this renders all results in a JSON array. If a format is specified, -the given template will be executed for each result. - -Go's [text/template](http://golang.org/pkg/text/template/) package -describes all the details of the format. - -## Examples - -### Inspect a service by name or ID - -You can inspect a service, either by its *name*, or *ID* - -For example, given the following service; - -```bash -$ docker service ls -ID NAME MODE REPLICAS IMAGE -dmu1ept4cxcf redis replicated 3/3 redis:3.0.6 -``` - -Both `docker service inspect redis`, and `docker service inspect dmu1ept4cxcf` -produce the same result: - -```none -$ docker service inspect redis - -[ - { - "ID": "dmu1ept4cxcfe8k8lhtux3ro3", - "Version": { - "Index": 12 - }, - "CreatedAt": "2016-06-17T18:44:02.558012087Z", - "UpdatedAt": "2016-06-17T18:44:02.558012087Z", - "Spec": { - "Name": "redis", - "TaskTemplate": { - "ContainerSpec": { - "Image": "redis:3.0.6" - }, - "Resources": { - "Limits": {}, - "Reservations": {} - }, - "RestartPolicy": { - "Condition": "any", - "MaxAttempts": 0 - }, - "Placement": {} - }, - "Mode": { - "Replicated": { - "Replicas": 1 - } - }, - "UpdateConfig": {}, - "EndpointSpec": { - "Mode": "vip" - } - }, - "Endpoint": { - "Spec": {} - } - } -] -``` - -```bash -$ docker service inspect dmu1ept4cxcf - -[ - { - "ID": "dmu1ept4cxcfe8k8lhtux3ro3", - "Version": { - "Index": 12 - }, - ... - } -] -``` - -### Formatting - -You can print the inspect output in a human-readable format instead of the default -JSON output, by using the `--pretty` option: - -```bash -$ docker service inspect --pretty frontend - -ID: c8wgl7q4ndfd52ni6qftkvnnp -Name: frontend -Labels: - - org.example.projectname=demo-app -Service Mode: REPLICATED - Replicas: 5 -Placement: -UpdateConfig: - Parallelism: 0 - On failure: pause - Max failure ratio: 0 -ContainerSpec: - Image: nginx:alpine -Resources: -Networks: net1 -Endpoint Mode: vip -Ports: - PublishedPort = 4443 - Protocol = tcp - TargetPort = 443 - PublishMode = ingress -``` - -You can also use `--format pretty` for the same effect. - - -#### Find the number of tasks running as part of a service - -The `--format` option can be used to obtain specific information about a -service. For example, the following command outputs the number of replicas -of the "redis" service. - -```bash -$ docker service inspect --format='{{.Spec.Mode.Replicated.Replicas}}' redis - -10 -``` - - -## Related commands - -* [service create](service_create.md) -* [service logs](service_logs.md) -* [service ls](service_ls.md) -* [service rm](service_rm.md) -* [service scale](service_scale.md) -* [service ps](service_ps.md) -* [service update](service_update.md) diff --git a/components/engine/docs/reference/commandline/service_logs.md b/components/engine/docs/reference/commandline/service_logs.md deleted file mode 100644 index fd328d0f6d..0000000000 --- a/components/engine/docs/reference/commandline/service_logs.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: "service logs" -description: "The service logs command description and usage" -keywords: "service, task, logs" ---- - - - -# service logs - -```Markdown -Usage: docker service logs [OPTIONS] SERVICE|TASK - -Fetch the logs of a service or task - -Options: - -f, --follow Follow log output - --help Print usage - --no-resolve Do not map IDs to Names in output - --no-task-ids Do not include task IDs in output - --no-trunc Do not truncate output - --since string Show logs since timestamp - --tail string Number of lines to show from the end of the logs (default "all") - -t, --timestamps Show timestamps -``` - -## Description - -The `docker service logs` command batch-retrieves logs present at the time of execution. - -The `docker service logs` command can be used with either the name or ID of a -service, or with the ID of a task. If a service is passed, it will display logs -for all of the containers in that service. If a task is passed, it will only -display logs from that particular task. - -> **Note**: This command is only functional for services that are started with -> the `json-file` or `journald` logging driver. - -For more information about selecting and configuring logging drivers, refer to -[Configure logging drivers](https://docs.docker.com/engine/admin/logging/overview/). - -The `docker service logs --follow` command will continue streaming the new output from -the service's `STDOUT` and `STDERR`. - -Passing a negative number or a non-integer to `--tail` is invalid and the -value is set to `all` in that case. - -The `docker service logs --timestamps` command will add an [RFC3339Nano timestamp](https://golang.org/pkg/time/#pkg-constants) -, for example `2014-09-16T06:17:46.000000000Z`, to each -log entry. To ensure that the timestamps are aligned the -nano-second part of the timestamp will be padded with zero when necessary. - -The `docker service logs --details` command will add on extra attributes, such as -environment variables and labels, provided to `--log-opt` when creating the -service. - -The `--since` option shows only the service logs generated after -a given date. You can specify the date as an RFC 3339 date, a UNIX -timestamp, or a Go duration string (e.g. `1m30s`, `3h`). Besides RFC3339 date -format you may also use RFC3339Nano, `2006-01-02T15:04:05`, -`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local -timezone on the client will be used if you do not provide either a `Z` or a -`+-00:00` timezone offset at the end of the timestamp. When providing Unix -timestamps enter seconds[.nanoseconds], where seconds is the number of seconds -that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap -seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a -fraction of a second no more than nine digits long. You can combine the -`--since` option with either or both of the `--follow` or `--tail` options. - -## Related commands - -* [service create](service_create.md) -* [service inspect](service_inspect.md) -* [service ls](service_ls.md) -* [service rm](service_rm.md) -* [service scale](service_scale.md) -* [service ps](service_ps.md) -* [service update](service_update.md) diff --git a/components/engine/docs/reference/commandline/service_ls.md b/components/engine/docs/reference/commandline/service_ls.md deleted file mode 100644 index c222c04857..0000000000 --- a/components/engine/docs/reference/commandline/service_ls.md +++ /dev/null @@ -1,164 +0,0 @@ ---- -title: "service ls" -description: "The service ls command description and usage" -keywords: "service, ls" ---- - - - -# service ls - -```Markdown -Usage: docker service ls [OPTIONS] - -List services - -Aliases: - ls, list - -Options: - -f, --filter filter Filter output based on conditions provided - --format string Pretty-print services using a Go template - --help Print usage - -q, --quiet Only display IDs -``` - -## Description - -This command when run targeting a manager, lists services are running in the -swarm. - -## Examples - -On a manager node: - -```bash -$ docker service ls - -ID NAME MODE REPLICAS IMAGE -c8wgl7q4ndfd frontend replicated 5/5 nginx:alpine -dmu1ept4cxcf redis replicated 3/3 redis:3.0.6 -iwe3278osahj mongo global 7/7 mongo:3.3 -``` - -The `REPLICAS` column shows both the *actual* and *desired* number of tasks for -the service. - -### Filtering - -The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more -than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - -The currently supported filters are: - -* [id](service_ls.md#id) -* [label](service_ls.md#label) -* [mode](service_ls.md#mode) -* [name](service_ls.md#name) - -#### id - -The `id` filter matches all or part of a service's id. - -```bash -$ docker service ls -f "id=0bcjw" -ID NAME MODE REPLICAS IMAGE -0bcjwfh8ychr redis replicated 1/1 redis:3.0.6 -``` - -#### label - -The `label` filter matches services based on the presence of a `label` alone or -a `label` and a value. - -The following filter matches all services with a `project` label regardless of -its value: - -```bash -$ docker service ls --filter label=project -ID NAME MODE REPLICAS IMAGE -01sl1rp6nj5u frontend2 replicated 1/1 nginx:alpine -36xvvwwauej0 frontend replicated 5/5 nginx:alpine -74nzcxxjv6fq backend replicated 3/3 redis:3.0.6 -``` - -The following filter matches only services with the `project` label with the -`project-a` value. - -```bash -$ docker service ls --filter label=project=project-a -ID NAME MODE REPLICAS IMAGE -36xvvwwauej0 frontend replicated 5/5 nginx:alpine -74nzcxxjv6fq backend replicated 3/3 redis:3.0.6 -``` - -#### mode - -The `mode` filter matches on the mode (either `replicated` or `global`) of a service. - -The following filter matches only `global` services. - -```bash -$ docker service ls --filter mode=global -ID NAME MODE REPLICAS IMAGE -w7y0v2yrn620 top global 1/1 busybox -``` - -#### name - -The `name` filter matches on all or part of a service's name. - -The following filter matches services with a name containing `redis`. - -```bash -$ docker service ls --filter name=redis -ID NAME MODE REPLICAS IMAGE -0bcjwfh8ychr redis replicated 1/1 redis:3.0.6 -``` - -### Formatting - -The formatting options (`--format`) pretty-prints services output -using a Go template. - -Valid placeholders for the Go template are listed below: - -Placeholder | Description -------------|------------------------------------------------------------------------------------------ -`.ID` | Service ID -`.Name` | Service name -`.Mode` | Service mode (replicated, global) -`.Replicas` | Service replicas -`.Image` | Service image -`.Ports` | Service ports published in ingress mode - -When using the `--format` option, the `service ls` command will either -output the data exactly as the template declares or, when using the -`table` directive, includes column headers as well. - -The following example uses a template without headers and outputs the -`ID`, `Mode`, and `Replicas` entries separated by a colon for all services: - -```bash -$ docker service ls --format "{{.ID}}: {{.Mode}} {{.Replicas}}" - -0zmvwuiu3vue: replicated 10/10 -fm6uf97exkul: global 5/5 -``` - -## Related commands - -* [service create](service_create.md) -* [service inspect](service_inspect.md) -* [service logs](service_logs.md) -* [service rm](service_rm.md) -* [service scale](service_scale.md) -* [service ps](service_ps.md) -* [service update](service_update.md) diff --git a/components/engine/docs/reference/commandline/service_ps.md b/components/engine/docs/reference/commandline/service_ps.md deleted file mode 100644 index 51e8604c7e..0000000000 --- a/components/engine/docs/reference/commandline/service_ps.md +++ /dev/null @@ -1,194 +0,0 @@ ---- -title: "service ps" -description: "The service ps command description and usage" -keywords: "service, tasks, ps" -aliases: ["/engine/reference/commandline/service_tasks/"] ---- - - - -# service ps - -```Markdown -Usage: docker service ps [OPTIONS] SERVICE [SERVICE...] - -List the tasks of one or more services - -Options: - -f, --filter filter Filter output based on conditions provided - --format string Pretty-print tasks using a Go template - --help Print usage - --no-resolve Do not map IDs to Names - --no-trunc Do not truncate output - -q, --quiet Only display task IDs -``` - -## Description - -Lists the tasks that are running as part of the specified services. This command -has to be run targeting a manager node. - -## Examples - -### List the tasks that are part of a service - -The following command shows all the tasks that are part of the `redis` service: - -```bash -$ docker service ps redis - -ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS -0qihejybwf1x redis.1 redis:3.0.5 manager1 Running Running 8 seconds -bk658fpbex0d redis.2 redis:3.0.5 worker2 Running Running 9 seconds -5ls5s5fldaqg redis.3 redis:3.0.5 worker1 Running Running 9 seconds -8ryt076polmc redis.4 redis:3.0.5 worker1 Running Running 9 seconds -1x0v8yomsncd redis.5 redis:3.0.5 manager1 Running Running 8 seconds -71v7je3el7rr redis.6 redis:3.0.5 worker2 Running Running 9 seconds -4l3zm9b7tfr7 redis.7 redis:3.0.5 worker2 Running Running 9 seconds -9tfpyixiy2i7 redis.8 redis:3.0.5 worker1 Running Running 9 seconds -3w1wu13yupln redis.9 redis:3.0.5 manager1 Running Running 8 seconds -8eaxrb2fqpbn redis.10 redis:3.0.5 manager1 Running Running 8 seconds -``` - -In addition to _running_ tasks, the output also shows the task history. For -example, after updating the service to use the `redis:3.0.6` image, the output -may look like this: - -```bash -$ docker service ps redis - -ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS -50qe8lfnxaxk redis.1 redis:3.0.6 manager1 Running Running 6 seconds ago -ky2re9oz86r9 \_ redis.1 redis:3.0.5 manager1 Shutdown Shutdown 8 seconds ago -3s46te2nzl4i redis.2 redis:3.0.6 worker2 Running Running less than a second ago -nvjljf7rmor4 \_ redis.2 redis:3.0.6 worker2 Shutdown Rejected 23 seconds ago "No such image: redis@sha256:6…" -vtiuz2fpc0yb \_ redis.2 redis:3.0.5 worker2 Shutdown Shutdown 1 second ago -jnarweeha8x4 redis.3 redis:3.0.6 worker1 Running Running 3 seconds ago -vs448yca2nz4 \_ redis.3 redis:3.0.5 worker1 Shutdown Shutdown 4 seconds ago -jf1i992619ir redis.4 redis:3.0.6 worker1 Running Running 10 seconds ago -blkttv7zs8ee \_ redis.4 redis:3.0.5 worker1 Shutdown Shutdown 11 seconds ago -``` - -The number of items in the task history is determined by the -`--task-history-limit` option that was set when initializing the swarm. You can -change the task history retention limit using the -[`docker swarm update`](swarm_update.md) command. - -When deploying a service, docker resolves the digest for the service's -image, and pins the service to that digest. The digest is not shown by -default, but is printed if `--no-trunc` is used. The `--no-trunc` option -also shows the non-truncated task ID, and error-messages, as can be seen below; - -```bash -$ docker service ps --no-trunc redis - -ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS -50qe8lfnxaxksi9w2a704wkp7 redis.1 redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 manager1 Running Running 5 minutes ago -ky2re9oz86r9556i2szb8a8af \_ redis.1 redis:3.0.5@sha256:f8829e00d95672c48c60f468329d6693c4bdd28d1f057e755f8ba8b40008682e worker2 Shutdown Shutdown 5 minutes ago -bk658fpbex0d57cqcwoe3jthu redis.2 redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker2 Running Running 5 seconds -nvjljf7rmor4htv7l8rwcx7i7 \_ redis.2 redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker2 Shutdown Rejected 5 minutes ago "No such image: redis@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842" -``` - -### Filtering - -The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there -is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). -Multiple filter flags are combined as an `OR` filter. For example, -`-f name=redis.1 -f name=redis.7` returns both `redis.1` and `redis.7` tasks. - -The currently supported filters are: - -* [id](#id) -* [name](#name) -* [node](#node) -* [desired-state](#desired-state) - - -#### id - -The `id` filter matches on all or a prefix of a task's ID. - -```bash -$ docker service ps -f "id=8" redis - -ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS -8ryt076polmc redis.4 redis:3.0.6 worker1 Running Running 9 seconds -8eaxrb2fqpbn redis.10 redis:3.0.6 manager1 Running Running 8 seconds -``` - -#### name - -The `name` filter matches on task names. - -```bash -$ docker service ps -f "name=redis.1" redis -ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS -qihejybwf1x5 redis.1 redis:3.0.6 manager1 Running Running 8 seconds -``` - - -#### node - -The `node` filter matches on a node name or a node ID. - -```bash -$ docker service ps -f "node=manager1" redis -ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS -0qihejybwf1x redis.1 redis:3.0.6 manager1 Running Running 8 seconds -1x0v8yomsncd redis.5 redis:3.0.6 manager1 Running Running 8 seconds -3w1wu13yupln redis.9 redis:3.0.6 manager1 Running Running 8 seconds -8eaxrb2fqpbn redis.10 redis:3.0.6 manager1 Running Running 8 seconds -``` - -#### desired-state - -The `desired-state` filter can take the values `running`, `shutdown`, or `accepted`. - -### Formatting - -The formatting options (`--format`) pretty-prints tasks output -using a Go template. - -Valid placeholders for the Go template are listed below: - -Placeholder | Description -----------------|------------------------------------------------------------------------------------------ -`.ID` | Task ID -`.Name` | Task name -`.Image` | Task image -`.Node` | Node ID -`.DesiredState` | Desired state of the task (`running`, `shutdown`, or `accepted`) -`.CurrentState` | Current state of the task -`.Error` | Error -`.Ports` | Task published ports - -When using the `--format` option, the `service ps` command will either -output the data exactly as the template declares or, when using the -`table` directive, includes column headers as well. - -The following example uses a template without headers and outputs the -`Name` and `Image` entries separated by a colon for all tasks: - -```bash -$ docker service ps --format "{{.Name}}: {{.Image}}" top -top.1: busybox -top.2: busybox -top.3: busybox -``` - -## Related commands - -* [service create](service_create.md) -* [service inspect](service_inspect.md) -* [service logs](service_logs.md) -* [service ls](service_ls.md) -* [service rm](service_rm.md) -* [service scale](service_scale.md) -* [service update](service_update.md) diff --git a/components/engine/docs/reference/commandline/service_rm.md b/components/engine/docs/reference/commandline/service_rm.md deleted file mode 100644 index 448f2c3b24..0000000000 --- a/components/engine/docs/reference/commandline/service_rm.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: "service rm" -description: "The service rm command description and usage" -keywords: "service, rm" ---- - - - -# service rm - -```Markdown -Usage: docker service rm SERVICE [SERVICE...] - -Remove one or more services - -Aliases: - rm, remove - -Options: - --help Print usage -``` - -## Description - -Removes the specified services from the swarm. This command has to be run -targeting a manager node. - -## Examples - -Remove the `redis` service: - -```bash -$ docker service rm redis - -redis - -$ docker service ls - -ID NAME MODE REPLICAS IMAGE -``` - -> **Warning**: Unlike `docker rm`, this command does not ask for confirmation -> before removing a running service. - -## Related commands - -* [service create](service_create.md) -* [service inspect](service_inspect.md) -* [service logs](service_logs.md) -* [service ls](service_ls.md) -* [service scale](service_scale.md) -* [service ps](service_ps.md) -* [service update](service_update.md) diff --git a/components/engine/docs/reference/commandline/service_scale.md b/components/engine/docs/reference/commandline/service_scale.md deleted file mode 100644 index a3aef5fd34..0000000000 --- a/components/engine/docs/reference/commandline/service_scale.md +++ /dev/null @@ -1,104 +0,0 @@ ---- -title: "service scale" -description: "The service scale command description and usage" -keywords: "service, scale" ---- - - - -# service scale - -```markdown -Usage: docker service scale SERVICE=REPLICAS [SERVICE=REPLICAS...] - -Scale one or multiple replicated services - -Options: - --help Print usage -``` - -## Description - -The scale command enables you to scale one or more replicated services either up -or down to the desired number of replicas. This command cannot be applied on -services which are global mode. The command will return immediately, but the -actual scaling of the service may take some time. To stop all replicas of a -service while keeping the service active in the swarm you can set the scale to 0. - -## Examples - -### Scale a single service - -The following command scales the "frontend" service to 50 tasks. - -```bash -$ docker service scale frontend=50 - -frontend scaled to 50 -``` - -The following command tries to scale a global service to 10 tasks and returns an error. - -```bash -$ docker service create --mode global --name backend backend:latest - -b4g08uwuairexjub6ome6usqh - -$ docker service scale backend=10 - -backend: scale can only be used with replicated mode -``` - -Directly afterwards, run `docker service ls`, to see the actual number of -replicas. - -```bash -$ docker service ls --filter name=frontend - -ID NAME MODE REPLICAS IMAGE -3pr5mlvu3fh9 frontend replicated 15/50 nginx:alpine -``` - -You can also scale a service using the [`docker service update`](service_update.md) -command. The following commands are equivalent: - -```bash -$ docker service scale frontend=50 -$ docker service update --replicas=50 frontend -``` - -### Scale multiple services - -The `docker service scale` command allows you to set the desired number of -tasks for multiple services at once. The following example scales both the -backend and frontend services: - -```bash -$ docker service scale backend=3 frontend=5 - -backend scaled to 3 -frontend scaled to 5 - -$ docker service ls - -ID NAME MODE REPLICAS IMAGE -3pr5mlvu3fh9 frontend replicated 5/5 nginx:alpine -74nzcxxjv6fq backend replicated 3/3 redis:3.0.6 -``` - -## Related commands - -* [service create](service_create.md) -* [service inspect](service_inspect.md) -* [service logs](service_logs.md) -* [service ls](service_ls.md) -* [service rm](service_rm.md) -* [service ps](service_ps.md) -* [service update](service_update.md) diff --git a/components/engine/docs/reference/commandline/service_update.md b/components/engine/docs/reference/commandline/service_update.md deleted file mode 100644 index 93c5750eee..0000000000 --- a/components/engine/docs/reference/commandline/service_update.md +++ /dev/null @@ -1,265 +0,0 @@ ---- -title: "service update" -description: "The service update command description and usage" -keywords: "service, update" ---- - - - -# service update - -```Markdown -Usage: docker service update [OPTIONS] SERVICE - -Update a service - -Options: - --args command Service command args - --constraint-add list Add or update a placement constraint - --constraint-rm list Remove a constraint - --container-label-add list Add or update a container label - --container-label-rm list Remove a container label by its key - -d, --detach Exit immediately instead of waiting for the service to converge (default true) - --dns-add list Add or update a custom DNS server - --dns-option-add list Add or update a DNS option - --dns-option-rm list Remove a DNS option - --dns-rm list Remove a custom DNS server - --dns-search-add list Add or update a custom DNS search domain - --dns-search-rm list Remove a DNS search domain - --endpoint-mode string Endpoint mode (vip or dnsrr) - --entrypoint command Overwrite the default ENTRYPOINT of the image - --env-add list Add or update an environment variable - --env-rm list Remove an environment variable - --force Force update even if no changes require it - --group-add list Add an additional supplementary user group to the container - --group-rm list Remove a previously added supplementary user group from the container - --health-cmd string Command to run to check health - --health-interval duration Time between running the check (ms|s|m|h) - --health-retries int Consecutive failures needed to report unhealthy - --health-start-period duration Start period for the container to initialize before counting retries towards unstable (ms|s|m|h) - --health-timeout duration Maximum time to allow one check to run (ms|s|m|h) - --help Print usage - --host-add list Add or update a custom host-to-IP mapping (host:ip) - --host-rm list Remove a custom host-to-IP mapping (host:ip) - --hostname string Container hostname - --image string Service image tag - --label-add list Add or update a service label - --label-rm list Remove a label by its key - --limit-cpu decimal Limit CPUs - --limit-memory bytes Limit Memory - --log-driver string Logging driver for service - --log-opt list Logging driver options - --mount-add mount Add or update a mount on a service - --mount-rm list Remove a mount by its target path - --network-add list Add a network - --network-rm list Remove a network - --no-healthcheck Disable any container-specified HEALTHCHECK - --placement-pref-add pref Add a placement preference - --placement-pref-rm pref Remove a placement preference - --publish-add port Add or update a published port - --publish-rm port Remove a published port by its target port - -q, --quiet Suppress progress output - --read-only Mount the container's root filesystem as read only - --replicas uint Number of tasks - --reserve-cpu decimal Reserve CPUs - --reserve-memory bytes Reserve Memory - --restart-condition string Restart when condition is met ("none"|"on-failure"|"any") - --restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h) - --restart-max-attempts uint Maximum number of restarts before giving up - --restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h) - --rollback Rollback to previous specification - --rollback-delay duration Delay between task rollbacks (ns|us|ms|s|m|h) - --rollback-failure-action string Action on rollback failure ("pause"|"continue") - --rollback-max-failure-ratio float Failure rate to tolerate during a rollback - --rollback-monitor duration Duration after each task rollback to monitor for failure (ns|us|ms|s|m|h) - --rollback-order string Rollback order ("start-first"|"stop-first") (default "stop-first") - --rollback-parallelism uint Maximum number of tasks rolled back simultaneously (0 to roll back all at once) - --secret-add secret Add or update a secret on a service - --secret-rm list Remove a secret - --stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) - --stop-signal string Signal to stop the container - -t, --tty Allocate a pseudo-TTY - --update-delay duration Delay between updates (ns|us|ms|s|m|h) - --update-failure-action string Action on update failure ("pause"|"continue"|"rollback") - --update-max-failure-ratio float Failure rate to tolerate during an update - --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) - --update-order string Update order ("start-first"|"stop-first") - --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) - -u, --user string Username or UID (format: [:]) - --with-registry-auth Send registry authentication details to swarm agents - -w, --workdir string Working directory inside the container -``` - -## Description - -Updates a service as described by the specified parameters. This command has to be run targeting a manager node. -The parameters are the same as [`docker service create`](service_create.md). Please look at the description there -for further information. - -Normally, updating a service will only cause the service's tasks to be replaced with new ones if a change to the -service requires recreating the tasks for it to take effect. For example, only changing the -`--update-parallelism` setting will not recreate the tasks, because the individual tasks are not affected by this -setting. However, the `--force` flag will cause the tasks to be recreated anyway. This can be used to perform a -rolling restart without any changes to the service parameters. - -## Examples - -### Update a service - -```bash -$ docker service update --limit-cpu 2 redis -``` - -### Perform a rolling restart with no parameter changes - -```bash -$ docker service update --force --update-parallelism 1 --update-delay 30s redis -``` - -In this example, the `--force` flag causes the service's tasks to be shut down -and replaced with new ones even though none of the other parameters would -normally cause that to happen. The `--update-parallelism 1` setting ensures -that only one task is replaced at a time (this is the default behavior). The -`--update-delay 30s` setting introduces a 30 second delay between tasks, so -that the rolling restart happens gradually. - -### Add or remove mounts - -Use the `--mount-add` or `--mount-rm` options add or remove a service's bind-mounts -or volumes. - -The following example creates a service which mounts the `test-data` volume to -`/somewhere`. The next step updates the service to also mount the `other-volume` -volume to `/somewhere-else`volume, The last step unmounts the `/somewhere` mount -point, effectively removing the `test-data` volume. Each command returns the -service name. - -- The `--mount-add` flag takes the same parameters as the `--mount` flag on - `service create`. Refer to the [volumes and - bind-mounts](service_create.md#volumes-and-bind-mounts-mount) section in the - `service create` reference for details. - -- The `--mount-rm` flag takes the `target` path of the mount. - -```bash -$ docker service create \ - --name=myservice \ - --mount \ - type=volume,source=test-data,target=/somewhere \ - nginx:alpine \ - myservice - -myservice - -$ docker service update \ - --mount-add \ - type=volume,source=other-volume,target=/somewhere-else \ - myservice - -myservice - -$ docker service update --mount-rm /somewhere myservice - -myservice -``` - -### Rolling back to the previous version of a service - -Use the `--rollback` option to roll back to the previous version of the service. - -This will revert the service to the configuration that was in place before the most recent `docker service update` command. - -The following example updates the number of replicas for the service from 4 to 5, and then rolls back to the previous configuration. - -```bash -$ docker service update --replicas=5 web - -web - -$ docker service ls - -ID NAME MODE REPLICAS IMAGE -80bvrzp6vxf3 web replicated 0/5 nginx:alpine - -``` -Roll back the `web` service... - -```bash -$ docker service update --rollback web - -web - -$ docker service ls - -ID NAME MODE REPLICAS IMAGE -80bvrzp6vxf3 web replicated 0/4 nginx:alpine - -``` - -Other options can be combined with `--rollback` as well, for example, `--update-delay 0s` to execute the rollback without a delay between tasks: - -```bash -$ docker service update \ - --rollback \ - --update-delay 0s - web - -web - -``` - -Services can also be set up to roll back to the previous version automatically -when an update fails. To set up a service for automatic rollback, use -`--update-failure-action=rollback`. A rollback will be triggered if the fraction -of the tasks which failed to update successfully exceeds the value given with -`--update-max-failure-ratio`. - -The rate, parallelism, and other parameters of a rollback operation are -determined by the values passed with the following flags: - -- `--rollback-delay` -- `--rollback-failure-action` -- `--rollback-max-failure-ratio` -- `--rollback-monitor` -- `--rollback-parallelism` - -For example, a service set up with `--update-parallelism 1 --rollback-parallelism 3` -will update one task at a time during a normal update, but during a rollback, 3 -tasks at a time will get rolled back. These rollback parameters are respected both -during automatic rollbacks and for rollbacks initiated manually using `--rollback`. - -### Add or remove secrets - -Use the `--secret-add` or `--secret-rm` options add or remove a service's -secrets. - -The following example adds a secret named `ssh-2` and removes `ssh-1`: - -```bash -$ docker service update \ - --secret-add source=ssh-2,target=ssh-2 \ - --secret-rm ssh-1 \ - myservice -``` - -### Update services using templates - -Some flags of `service update` support the use of templating. -See [`service create`](./service_create.md#templating) for the reference. - -## Related commands - -* [service create](service_create.md) -* [service inspect](service_inspect.md) -* [service logs](service_logs.md) -* [service ls](service_ls.md) -* [service ps](service_ps.md) -* [service rm](service_rm.md) -* [service scale](service_scale.md) diff --git a/components/engine/docs/reference/commandline/stack.md b/components/engine/docs/reference/commandline/stack.md deleted file mode 100644 index 94e3e252f9..0000000000 --- a/components/engine/docs/reference/commandline/stack.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: "stack" -description: "The stack command description and usage" -keywords: "stack" ---- - - - -# stack - -```markdown -Usage: docker stack COMMAND - -Manage Docker stacks - -Options: - --help Print usage - -Commands: - deploy Deploy a new stack or update an existing stack - ls List stacks - ps List the tasks in the stack - rm Remove the stack - services List the services in the stack - -Run 'docker stack COMMAND --help' for more information on a command. -``` - -## Description - -Manage stacks. - diff --git a/components/engine/docs/reference/commandline/stack_deploy.md b/components/engine/docs/reference/commandline/stack_deploy.md deleted file mode 100644 index d57ef0f76c..0000000000 --- a/components/engine/docs/reference/commandline/stack_deploy.md +++ /dev/null @@ -1,107 +0,0 @@ ---- -title: "stack deploy" -description: "The stack deploy command description and usage" -keywords: "stack, deploy, up" ---- - - - -# stack deploy - -```markdown -Usage: docker stack deploy [OPTIONS] STACK - -Deploy a new stack or update an existing stack - -Aliases: - deploy, up - -Options: - --bundle-file string Path to a Distributed Application Bundle file - -c, --compose-file string Path to a Compose file - --help Print usage - --prune Prune services that are no longer referenced - --with-registry-auth Send registry authentication details to Swarm agents -``` - -## Description - -Create and update a stack from a `compose` or a `dab` file on the swarm. This command -has to be run targeting a manager node. - -## Examples - -### Compose file - -The `deploy` command supports compose file version `3.0` and above." - -```bash -$ docker stack deploy --compose-file docker-compose.yml vossibility - -Ignoring unsupported options: links - -Creating network vossibility_vossibility -Creating network vossibility_default -Creating service vossibility_nsqd -Creating service vossibility_logstash -Creating service vossibility_elasticsearch -Creating service vossibility_kibana -Creating service vossibility_ghollector -Creating service vossibility_lookupd -``` - -You can verify that the services were correctly created - -```bash -$ docker service ls - -ID NAME MODE REPLICAS IMAGE -29bv0vnlm903 vossibility_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 -4awt47624qwh vossibility_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 -4tjx9biia6fs vossibility_elasticsearch replicated 1/1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa -7563uuzr9eys vossibility_kibana replicated 1/1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 -9gc5m4met4he vossibility_logstash replicated 1/1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe -axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba -``` - -### DAB file - -```bash -$ docker stack deploy --bundle-file vossibility-stack.dab vossibility - -Loading bundle from vossibility-stack.dab -Creating service vossibility_elasticsearch -Creating service vossibility_kibana -Creating service vossibility_logstash -Creating service vossibility_lookupd -Creating service vossibility_nsqd -Creating service vossibility_vossibility-collector -``` - -You can verify that the services were correctly created: - -```bash -$ docker service ls - -ID NAME MODE REPLICAS IMAGE -29bv0vnlm903 vossibility_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 -4awt47624qwh vossibility_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 -4tjx9biia6fs vossibility_elasticsearch replicated 1/1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa -7563uuzr9eys vossibility_kibana replicated 1/1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 -9gc5m4met4he vossibility_logstash replicated 1/1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe -axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba -``` - -## Related commands - -* [stack ls](stack_ls.md) -* [stack ps](stack_ps.md) -* [stack rm](stack_rm.md) -* [stack services](stack_services.md) diff --git a/components/engine/docs/reference/commandline/stack_ls.md b/components/engine/docs/reference/commandline/stack_ls.md deleted file mode 100644 index 91349b6947..0000000000 --- a/components/engine/docs/reference/commandline/stack_ls.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: "stack ls" -description: "The stack ls command description and usage" -keywords: "stack, ls" ---- - - - -# stack ls - -```markdown -Usage: docker stack ls - -List stacks - -Aliases: - ls, list - -Options: - --help Print usage - --format string Pretty-print stacks using a Go template -``` - -## Description - -Lists the stacks. - -## Examples - -The following command shows all stacks and some additional information: - -```bash -$ docker stack ls - -ID SERVICES -vossibility-stack 6 -myapp 2 -``` - -### Formatting - -The formatting option (`--format`) pretty-prints stacks using a Go template. - -Valid placeholders for the Go template are listed below: - -| Placeholder | Description | -| ----------- | ------------------ | -| `.Name` | Stack name | -| `.Services` | Number of services | - -When using the `--format` option, the `stack ls` command either outputs -the data exactly as the template declares or, when using the -`table` directive, includes column headers as well. - -The following example uses a template without headers and outputs the -`Name` and `Services` entries separated by a colon for all stacks: - -```bash -$ docker stack ls --format "{{.Name}}: {{.Services}}" -web-server: 1 -web-cache: 4 -``` - -## Related commands - -* [stack deploy](stack_deploy.md) -* [stack ps](stack_ps.md) -* [stack rm](stack_rm.md) -* [stack services](stack_services.md) diff --git a/components/engine/docs/reference/commandline/stack_ps.md b/components/engine/docs/reference/commandline/stack_ps.md deleted file mode 100644 index 901b46b22d..0000000000 --- a/components/engine/docs/reference/commandline/stack_ps.md +++ /dev/null @@ -1,230 +0,0 @@ ---- -title: "stack ps" -description: "The stack ps command description and usage" -keywords: "stack, ps" ---- - - - -# stack ps - -```markdown -Usage: docker stack ps [OPTIONS] STACK - -List the tasks in the stack - -Options: - -f, --filter filter Filter output based on conditions provided - --format string Pretty-print tasks using a Go template - --help Print usage - --no-resolve Do not map IDs to Names - --no-trunc Do not truncate output - -q, --quiet Only display task IDs -``` - -## Description - -Lists the tasks that are running as part of the specified stack. This -command has to be run targeting a manager node. - -## Examples - -### List the tasks that are part of a stack - -The following command shows all the tasks that are part of the `voting` stack: - -```bash -$ docker stack ps voting -ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS -xim5bcqtgk1b voting_worker.1 dockersamples/examplevotingapp_worker:latest node2 Running Running 2 minutes ago -q7yik0ks1in6 voting_result.1 dockersamples/examplevotingapp_result:before node1 Running Running 2 minutes ago -rx5yo0866nfx voting_vote.1 dockersamples/examplevotingapp_vote:before node3 Running Running 2 minutes ago -tz6j82jnwrx7 voting_db.1 postgres:9.4 node1 Running Running 2 minutes ago -w48spazhbmxc voting_redis.1 redis:alpine node2 Running Running 3 minutes ago -6jj1m02freg1 voting_visualizer.1 dockersamples/visualizer:stable node1 Running Running 2 minutes ago -kqgdmededccb voting_vote.2 dockersamples/examplevotingapp_vote:before node2 Running Running 2 minutes ago -t72q3z038jeh voting_redis.2 redis:alpine node3 Running Running 3 minutes ago -``` - -### Filtering - -The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there -is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). -Multiple filter flags are combined as an `OR` filter. For example, -`-f name=redis.1 -f name=redis.7` returns both `redis.1` and `redis.7` tasks. - -The currently supported filters are: - -* [id](#id) -* [name](#name) -* [node](#node) -* [desired-state](#desired-state) - -#### id - -The `id` filter matches on all or a prefix of a task's ID. - -```bash -$ docker stack ps -f "id=t" voting -ID NAME IMAGE NODE DESIRED STATE CURRENTSTATE ERROR PORTS -tz6j82jnwrx7 voting_db.1 postgres:9.4 node1 Running Running 14 minutes ago -t72q3z038jeh voting_redis.2 redis:alpine node3 Running Running 14 minutes ago -``` - -#### name - -The `name` filter matches on task names. - -```bash -$ docker stack ps -f "name=voting_redis" voting -ID NAME IMAGE NODE DESIRED STATE CURRENTSTATE ERROR PORTS -w48spazhbmxc voting_redis.1 redis:alpine node2 Running Running 17 minutes ago -t72q3z038jeh voting_redis.2 redis:alpine node3 Running Running 17 minutes ago -``` - -#### node - -The `node` filter matches on a node name or a node ID. - -```bash -$ docker stack ps -f "node=node1" voting -ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS -q7yik0ks1in6 voting_result.1 dockersamples/examplevotingapp_result:before node1 Running Running 18 minutes ago -tz6j82jnwrx7 voting_db.1 postgres:9.4 node1 Running Running 18 minutes ago -6jj1m02freg1 voting_visualizer.1 dockersamples/visualizer:stable node1 Running Running 18 minutes ago -``` - -#### desired-state - -The `desired-state` filter can take the values `running`, `shutdown`, or `accepted`. - -```bash -$ docker stack ps -f "desired-state=running" voting -ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS -xim5bcqtgk1b voting_worker.1 dockersamples/examplevotingapp_worker:latest node2 Running Running 21 minutes ago -q7yik0ks1in6 voting_result.1 dockersamples/examplevotingapp_result:before node1 Running Running 21 minutes ago -rx5yo0866nfx voting_vote.1 dockersamples/examplevotingapp_vote:before node3 Running Running 21 minutes ago -tz6j82jnwrx7 voting_db.1 postgres:9.4 node1 Running Running 21 minutes ago -w48spazhbmxc voting_redis.1 redis:alpine node2 Running Running 21 minutes ago -6jj1m02freg1 voting_visualizer.1 dockersamples/visualizer:stable node1 Running Running 21 minutes ago -kqgdmededccb voting_vote.2 dockersamples/examplevotingapp_vote:before node2 Running Running 21 minutes ago -t72q3z038jeh voting_redis.2 redis:alpine node3 Running Running 21 minutes ago -``` - -### Formatting - -The formatting options (`--format`) pretty-prints tasks output using a Go template. - -Valid placeholders for the Go template are listed below: - -Placeholder | Description -----------------|------------------------------------------------------------------------------------------ -`.ID` | Task ID -`.Name` | Task name -`.Image` | Task image -`.Node` | Node ID -`.DesiredState` | Desired state of the task (`running`, `shutdown`, or `accepted`) -`.CurrentState` | Current state of the task -`.Error` | Error -`.Ports` | Task published ports - -When using the `--format` option, the `stack ps` command will either -output the data exactly as the template declares or, when using the -`table` directive, includes column headers as well. - -The following example uses a template without headers and outputs the -`Name` and `Image` entries separated by a colon for all tasks: - -```bash -$ docker stack ps --format "{{.Name}}: {{.Image}}" voting -voting_worker.1: dockersamples/examplevotingapp_worker:latest -voting_result.1: dockersamples/examplevotingapp_result:before -voting_vote.1: dockersamples/examplevotingapp_vote:before -voting_db.1: postgres:9.4 -voting_redis.1: redis:alpine -voting_visualizer.1: dockersamples/visualizer:stable -voting_vote.2: dockersamples/examplevotingapp_vote:before -voting_redis.2: redis:alpine -``` - -### Do not map IDs to Names - -The `--no-resolve` option shows IDs for task name, without mapping IDs to Names. - -```bash -$ docker stack ps --no-resolve voting -ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS -xim5bcqtgk1b 10z9fjfqzsxnezo4hb81p8mqg.1 dockersamples/examplevotingapp_worker:latest qaqt4nrzo775jrx6detglho01 Running Running 30 minutes ago -q7yik0ks1in6 hbxltua1na7mgqjnidldv5m65.1 dockersamples/examplevotingapp_result:before mxpaef1tlh23s052erw88a4w5 Running Running 30 minutes ago -rx5yo0866nfx qyprtqw1g5nrki557i974ou1d.1 dockersamples/examplevotingapp_vote:before kanqcxfajd1r16wlnqcblobmm Running Running 31 minutes ago -tz6j82jnwrx7 122f0xxngg17z52be7xspa72x.1 postgres:9.4 mxpaef1tlh23s052erw88a4w5 Running Running 31 minutes ago -w48spazhbmxc tg61x8myx563ueo3urmn1ic6m.1 redis:alpine qaqt4nrzo775jrx6detglho01 Running Running 31 minutes ago -6jj1m02freg1 8cqlyi444kzd3panjb7edh26v.1 dockersamples/visualizer:stable mxpaef1tlh23s052erw88a4w5 Running Running 31 minutes ago -kqgdmededccb qyprtqw1g5nrki557i974ou1d.2 dockersamples/examplevotingapp_vote:before qaqt4nrzo775jrx6detglho01 Running Running 31 minutes ago -t72q3z038jeh tg61x8myx563ueo3urmn1ic6m.2 redis:alpine kanqcxfajd1r16wlnqcblobmm Running Running 31 minutes ago -``` - -### Do not truncate output - -When deploying a service, docker resolves the digest for the service's -image, and pins the service to that digest. The digest is not shown by -default, but is printed if `--no-trunc` is used. The `--no-trunc` option -also shows the non-truncated task IDs, and error-messages, as can be seen below: - -```bash -$ docker stack ps --no-trunc voting -ID NAME IMAGE NODE DESIRED STATE CURREN STATE ERROR PORTS -xim5bcqtgk1bxqz91jzo4a1s5 voting_worker.1 dockersamples/examplevotingapp_worker:latest@sha256:3e4ddf59c15f432280a2c0679c4fc5a2ee5a797023c8ef0d3baf7b1385e9fed node2 Running Runnin 32 minutes ago -q7yik0ks1in6kv32gg6y6yjf7 voting_result.1 dockersamples/examplevotingapp_result:before@sha256:83b56996e930c292a6ae5187fda84dd6568a19d97cdb933720be15c757b7463 node1 Running Runnin 32 minutes ago -rx5yo0866nfxc58zf4irsss6n voting_vote.1 dockersamples/examplevotingapp_vote:before@sha256:8e64b182c87de902f2b72321c89b4af4e2b942d76d0b772532ff27ec4c6ebf6 node3 Running Runnin 32 minutes ago -tz6j82jnwrx7n2offljp3mn03 voting_db.1 postgres:9.4@sha256:6046af499eae34d2074c0b53f9a8b404716d415e4a03e68bc1d2f8064f2b027 node1 Running Runnin 32 minutes ago -w48spazhbmxcmbjfi54gs7x90 voting_redis.1 redis:alpine@sha256:9cd405cd1ec1410eaab064a1383d0d8854d1ef74a54e1e4a92fb4ec7bdc3ee7 node2 Running Runnin 32 minutes ago -6jj1m02freg1n3z9n1evrzsbl voting_visualizer.1 dockersamples/visualizer:stable@sha256:f924ad66c8e94b10baaf7bdb9cd491ef4e982a1d048a56a17e02bf5945401e5 node1 Running Runnin 32 minutes ago -kqgdmededccbhz2wuc0e9hx7g voting_vote.2 dockersamples/examplevotingapp_vote:before@sha256:8e64b182c87de902f2b72321c89b4af4e2b942d76d0b772532ff27ec4c6ebf6 node2 Running Runnin 32 minutes ago -t72q3z038jehe1wbh9gdum076 voting_redis.2 redis:alpine@sha256:9cd405cd1ec1410eaab064a1383d0d8854d1ef74a54e1e4a92fb4ec7bdc3ee7 node3 Running Runnin 32 minutes ago -``` - -### Only display task IDs - -The `-q ` or `--quiet` option only shows IDs of the tasks in the stack. -This example outputs all task IDs of the "voting" stack; - -```bash -$ docker stack ps -q voting -xim5bcqtgk1b -q7yik0ks1in6 -rx5yo0866nfx -tz6j82jnwrx7 -w48spazhbmxc -6jj1m02freg1 -kqgdmededccb -t72q3z038jeh -``` - -This option can be used to perform batch operations. For example, you can use -the task IDs as input for other commands, such as `docker inspect`. The -following example inspects all tasks of the "voting" stack; - -```bash -$ docker inspect $(docker stack ps -q voting) - -[ - { - "ID": "xim5bcqtgk1b1gk0krq1", - "Version": { -(...) -``` - -## Related commands - -* [stack deploy](stack_deploy.md) -* [stack ls](stack_ls.md) -* [stack rm](stack_rm.md) -* [stack services](stack_services.md) diff --git a/components/engine/docs/reference/commandline/stack_rm.md b/components/engine/docs/reference/commandline/stack_rm.md deleted file mode 100644 index a1854ae6f0..0000000000 --- a/components/engine/docs/reference/commandline/stack_rm.md +++ /dev/null @@ -1,78 +0,0 @@ ---- -title: "stack rm" -description: "The stack rm command description and usage" -keywords: "stack, rm, remove, down" ---- - - - -# stack rm - -```markdown -Usage: docker stack rm STACK [STACK...] - -Remove one or more stacks - -Aliases: - rm, remove, down - -Options: - --help Print usage -``` - -## Description - -Remove the stack from the swarm. This command has to be run targeting -a manager node. - -## Examples - -### Remove a stack - -This will remove the stack with the name `myapp`. Services, networks, and secrets associated with the stack will be removed. - -```bash -$ docker stack rm myapp - -Removing service myapp_redis -Removing service myapp_web -Removing service myapp_lb -Removing network myapp_default -Removing network myapp_frontend -``` - -### Remove multiple stacks - -This will remove all the specified stacks, `myapp` and `vossibility`. Services, networks, and secrets associated with all the specified stacks will be removed. - -```bash -$ docker stack rm myapp vossibility - -Removing service myapp_redis -Removing service myapp_web -Removing service myapp_lb -Removing network myapp_default -Removing network myapp_frontend -Removing service vossibility_nsqd -Removing service vossibility_logstash -Removing service vossibility_elasticsearch -Removing service vossibility_kibana -Removing service vossibility_ghollector -Removing service vossibility_lookupd -Removing network vossibility_default -Removing network vossibility_vossibility -``` - -## Related commands - -* [stack deploy](stack_deploy.md) -* [stack ls](stack_ls.md) -* [stack ps](stack_ps.md) -* [stack services](stack_services.md) diff --git a/components/engine/docs/reference/commandline/stack_services.md b/components/engine/docs/reference/commandline/stack_services.md deleted file mode 100644 index b45047d409..0000000000 --- a/components/engine/docs/reference/commandline/stack_services.md +++ /dev/null @@ -1,105 +0,0 @@ ---- -title: "stack services" -description: "The stack services command description and usage" -keywords: "stack, services" -advisory: "experimental" ---- - - - -# stack services (experimental) - -```markdown -Usage: docker stack services [OPTIONS] STACK - -List the services in the stack - -Options: - -f, --filter filter Filter output based on conditions provided - --format string Pretty-print services using a Go template - --help Print usage - -q, --quiet Only display IDs -``` - -## Description - -Lists the services that are running as part of the specified stack. This -command has to be run targeting a manager node. - -## Examples - -The following command shows all services in the `myapp` stack: - -```bash -$ docker stack services myapp - -ID NAME REPLICAS IMAGE COMMAND -7be5ei6sqeye myapp_web 1/1 nginx@sha256:23f809e7fd5952e7d5be065b4d3643fbbceccd349d537b62a123ef2201bc886f -dn7m7nhhfb9y myapp_db 1/1 mysql@sha256:a9a5b559f8821fe73d58c3606c812d1c044868d42c63817fa5125fd9d8b7b539 -``` - -### Filtering - -The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there -is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). -Multiple filter flags are combined as an `OR` filter. - -The following command shows both the `web` and `db` services: - -```bash -$ docker stack services --filter name=myapp_web --filter name=myapp_db myapp - -ID NAME REPLICAS IMAGE COMMAND -7be5ei6sqeye myapp_web 1/1 nginx@sha256:23f809e7fd5952e7d5be065b4d3643fbbceccd349d537b62a123ef2201bc886f -dn7m7nhhfb9y myapp_db 1/1 mysql@sha256:a9a5b559f8821fe73d58c3606c812d1c044868d42c63817fa5125fd9d8b7b539 -``` - -The currently supported filters are: - -* id / ID (`--filter id=7be5ei6sqeye`, or `--filter ID=7be5ei6sqeye`) -* name (`--filter name=myapp_web`) -* label (`--filter label=key=value`) - -### Formatting - -The formatting options (`--format`) pretty-prints services output -using a Go template. - -Valid placeholders for the Go template are listed below: - -Placeholder | Description -------------|------------------------------------------------------------------------------------------ -`.ID` | Service ID -`.Name` | Service name -`.Mode` | Service mode (replicated, global) -`.Replicas` | Service replicas -`.Image` | Service image - -When using the `--format` option, the `stack services` command will either -output the data exactly as the template declares or, when using the -`table` directive, includes column headers as well. - -The following example uses a template without headers and outputs the -`ID`, `Mode`, and `Replicas` entries separated by a colon for all services: - -```bash -$ docker stack services --format "{{.ID}}: {{.Mode}} {{.Replicas}}" - -0zmvwuiu3vue: replicated 10/10 -fm6uf97exkul: global 5/5 -``` - - -## Related commands - -* [stack deploy](stack_deploy.md) -* [stack ls](stack_ls.md) -* [stack ps](stack_ps.md) -* [stack rm](stack_rm.md) diff --git a/components/engine/docs/reference/commandline/start.md b/components/engine/docs/reference/commandline/start.md deleted file mode 100644 index aa672289ec..0000000000 --- a/components/engine/docs/reference/commandline/start.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: "start" -description: "The start command description and usage" -keywords: "Start, container, stopped" ---- - - - -# start - -```markdown -Usage: docker start [OPTIONS] CONTAINER [CONTAINER...] - -Start one or more stopped containers - -Options: - -a, --attach Attach STDOUT/STDERR and forward signals - --detach-keys string Override the key sequence for detaching a container - --help Print usage - -i, --interactive Attach container's STDIN -``` - -## Examples - -```bash -$ docker start my_container -``` diff --git a/components/engine/docs/reference/commandline/stats.md b/components/engine/docs/reference/commandline/stats.md deleted file mode 100644 index f5c058524d..0000000000 --- a/components/engine/docs/reference/commandline/stats.md +++ /dev/null @@ -1,140 +0,0 @@ ---- -title: "stats" -description: "The stats command description and usage" -keywords: "container, resource, statistics" ---- - - - -# stats - -```markdown -Usage: docker stats [OPTIONS] [CONTAINER...] - -Display a live stream of container(s) resource usage statistics - -Options: - -a, --all Show all containers (default shows just running) - --format string Pretty-print images using a Go template - --help Print usage - --no-stream Disable streaming stats and only pull the first result -``` - -## Description - -The `docker stats` command returns a live data stream for running containers. To limit data to one or more specific containers, specify a list of container names or ids separated by a space. You can specify a stopped container but stopped containers do not return any data. - -If you want more detailed information about a container's resource usage, use the `/containers/(id)/stats` API endpoint. - -## Examples - -Running `docker stats` on all running containers against a Linux daemon. - -```bash -$ docker stats -CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O -1285939c1fd3 0.07% 796 KiB / 64 MiB 1.21% 788 B / 648 B 3.568 MB / 512 KB -9c76f7834ae2 0.07% 2.746 MiB / 64 MiB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B -d1ea048f04e4 0.03% 4.583 MiB / 64 MiB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B -``` - -Running `docker stats` on multiple containers by name and id against a Linux daemon. - -```bash -$ docker stats fervent_panini 5acfcb1b4fd1 -CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O -5acfcb1b4fd1 0.00% 115.2 MiB/1.045 GiB 11.03% 1.422 kB/648 B -fervent_panini 0.02% 11.08 MiB/1.045 GiB 1.06% 648 B/648 B -``` - -Running `docker stats` with customized format on all (Running and Stopped) containers. - -```bash -$ docker stats --all --format "table {{.ID}}\t{{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}" -CONTAINER ID NAME CPU % MEM USAGE / LIMIT -c9dfa83f0317f87637d5b7e67aa4223337d947215c5a9947e697e4f7d3e0f834 ecstatic_noether 0.00% 56KiB / 15.57GiB -8f92d01cf3b29b4f5fca4cd33d907e05def7af5a3684711b20a2369d211ec67f stoic_goodall 0.07% 32.86MiB / 15.57GiB -38dd23dba00f307d53d040c1d18a91361bbdcccbf592315927d56cf13d8b7343 drunk_visvesvaraya 0.00% 0B / 0B -5a8b07ec4cc52823f3cbfdb964018623c1ba307bce2c057ccdbde5f4f6990833 big_heisenberg 0.00% 0B / 0B -``` - -`drunk_visvesvaraya` and `big_heisenberg` are stopped containers in the above example. - -Running `docker stats` on all running containers against a Windows daemon. - -```powershell -PS E:\> docker stats -CONTAINER CPU % PRIV WORKING SET NET I/O BLOCK I/O -09d3bb5b1604 6.61% 38.21 MiB 17.1 kB / 7.73 kB 10.7 MB / 3.57 MB -9db7aa4d986d 9.19% 38.26 MiB 15.2 kB / 7.65 kB 10.6 MB / 3.3 MB -3f214c61ad1d 0.00% 28.64 MiB 64 kB / 6.84 kB 4.42 MB / 6.93 MB -``` - -Running `docker stats` on multiple containers by name and id against a Windows daemon. - -```powershell -PS E:\> docker ps -a -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -3f214c61ad1d nanoserver "cmd" 2 minutes ago Up 2 minutes big_minsky -9db7aa4d986d windowsservercore "cmd" 2 minutes ago Up 2 minutes mad_wilson -09d3bb5b1604 windowsservercore "cmd" 2 minutes ago Up 2 minutes affectionate_easley - -PS E:\> docker stats 3f214c61ad1d mad_wilson -CONTAINER CPU % PRIV WORKING SET NET I/O BLOCK I/O -3f214c61ad1d 0.00% 46.25 MiB 76.3 kB / 7.92 kB 10.3 MB / 14.7 MB -mad_wilson 9.59% 40.09 MiB 27.6 kB / 8.81 kB 17 MB / 20.1 MB -``` - -### Formatting - -The formatting option (`--format`) pretty prints container output -using a Go template. - -Valid placeholders for the Go template are listed below: - -Placeholder | Description ------------- | -------------------------------------------- -`.Container` | Container name or ID (user input) -`.Name` | Container name -`.ID` | Container ID -`.CPUPerc` | CPU percentage -`.MemUsage` | Memory usage -`.NetIO` | Network IO -`.BlockIO` | Block IO -`.MemPerc` | Memory percentage (Not available on Windows) -`.PIDs` | Number of PIDs (Not available on Windows) - - -When using the `--format` option, the `stats` command either -outputs the data exactly as the template declares or, when using the -`table` directive, includes column headers as well. - -The following example uses a template without headers and outputs the -`Container` and `CPUPerc` entries separated by a colon for all images: - -```bash -$ docker stats --format "{{.Container}}: {{.CPUPerc}}" - -09d3bb5b1604: 6.61% -9db7aa4d986d: 9.19% -3f214c61ad1d: 0.00% -``` - -To list all containers statistics with their name, CPU percentage and memory -usage in a table format you can use: - -```bash -$ docker stats --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}" - -CONTAINER CPU % PRIV WORKING SET -1285939c1fd3 0.07% 796 KiB / 64 MiB -9c76f7834ae2 0.07% 2.746 MiB / 64 MiB -d1ea048f04e4 0.03% 4.583 MiB / 64 MiB -``` diff --git a/components/engine/docs/reference/commandline/stop.md b/components/engine/docs/reference/commandline/stop.md deleted file mode 100644 index dc00b38af5..0000000000 --- a/components/engine/docs/reference/commandline/stop.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: "stop" -description: "The stop command description and usage" -keywords: "stop, SIGKILL, SIGTERM" ---- - - - -# stop - -```markdown -Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] - -Stop one or more running containers - -Options: - --help Print usage - -t, --time int Seconds to wait for stop before killing it (default 10) -``` - -## Description - -The main process inside the container will receive `SIGTERM`, and after a grace -period, `SIGKILL`. - -## Examples - -```bash -$ docker stop my_container -``` diff --git a/components/engine/docs/reference/commandline/swarm.md b/components/engine/docs/reference/commandline/swarm.md deleted file mode 100644 index e8a8224f84..0000000000 --- a/components/engine/docs/reference/commandline/swarm.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: "swarm" -description: "The swarm command description and usage" -keywords: "swarm" ---- - - - -# swarm - -```markdown -Usage: docker swarm COMMAND - -Manage Swarm - -Options: - --help Print usage - -Commands: - ca Manage root CA - init Initialize a swarm - join Join a swarm as a node and/or manager - join-token Manage join tokens - leave Leave the swarm - unlock Unlock swarm - unlock-key Manage the unlock key - update Update the swarm - -Run 'docker swarm COMMAND --help' for more information on a command. -``` - -## Description - -Manage the swarm. diff --git a/components/engine/docs/reference/commandline/swarm_ca.md b/components/engine/docs/reference/commandline/swarm_ca.md deleted file mode 100644 index 4a9010c896..0000000000 --- a/components/engine/docs/reference/commandline/swarm_ca.md +++ /dev/null @@ -1,122 +0,0 @@ ---- -title: "swarm ca" -description: "The swarm ca command description and usage" -keywords: "swarm, ca" ---- - - - -# swarm ca - -```markdown -Usage: docker swarm ca [OPTIONS] - -Manage root CA - -Options: - --ca-cert pem-file Path to the PEM-formatted root CA certificate to use for the new cluster - --ca-key pem-file Path to the PEM-formatted root CA key to use for the new cluster - --cert-expiry duration Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s) - -d, --detach Exit immediately instead of waiting for the root rotation to converge - --external-ca external-ca Specifications of one or more certificate signing endpoints - --help Print usage - -q, --quiet Suppress progress output - --rotate Rotate the swarm CA - if no certificate or key are provided, new ones will be generated -``` - -## Description - -View or rotate the current swarm CA certificate. This command must target a manager node. - -## Examples - -Run the `docker swarm ca` command without any options to view the current root CA certificate -in PEM format. - -```bash -$ docker swarm ca ------BEGIN CERTIFICATE----- -MIIBazCCARCgAwIBAgIUJPzo67QC7g8Ebg2ansjkZ8CbmaswCgYIKoZIzj0EAwIw -EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAzMTcxMDAwWhcNMzcwNDI4MTcx -MDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABKL6/C0sihYEb935wVPRA8MqzPLn3jzou0OJRXHsCLcVExigrMdgmLCC+Va4 -+sJ+SLVO1eQbvLHH8uuDdF/QOU6jQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB -Af8EBTADAQH/MB0GA1UdDgQWBBSfUy5bjUnBAx/B0GkOBKp91XvxzjAKBggqhkjO -PQQDAgNJADBGAiEAnbvh0puOS5R/qvy1PMHY1iksYKh2acsGLtL/jAIvO4ACIQCi -lIwQqLkJ48SQqCjG1DBTSBsHmMSRT+6mE2My+Z3GKA== ------END CERTIFICATE----- -``` - -Pass the `--rotate` flag (and optionally a `--ca-cert`, along with a `--ca-key` or -`--external-ca` parameter flag), in order to rotate the current swarm root CA. - -``` -$ docker swarm ca --rotate -desired root digest: sha256:05da740cf2577a25224c53019e2cce99bcc5ba09664ad6bb2a9425d9ebd1b53e - rotated TLS certificates: [=========================> ] 1/2 nodes - rotated CA certificates: [> ] 0/2 nodes -``` - -Once the rotation os finished (all the progress bars have completed) the now-current -CA certificate will be printed: - -``` -$ docker swarm ca --rotate -desired root digest: sha256:05da740cf2577a25224c53019e2cce99bcc5ba09664ad6bb2a9425d9ebd1b53e - rotated TLS certificates: [==================================================>] 2/2 nodes - rotated CA certificates: [==================================================>] 2/2 nodes ------BEGIN CERTIFICATE----- -MIIBazCCARCgAwIBAgIUFynG04h5Rrl4lKyA4/E65tYKg8IwCgYIKoZIzj0EAwIw -EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTE2MDAxMDAwWhcNMzcwNTExMDAx -MDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABC2DuNrIETP7C7lfiEPk39tWaaU0I2RumUP4fX4+3m+87j0DU0CsemUaaOG6 -+PxHhGu2VXQ4c9pctPHgf7vWeVajQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB -Af8EBTADAQH/MB0GA1UdDgQWBBSEL02z6mCI3SmMDmITMr12qCRY2jAKBggqhkjO -PQQDAgNJADBGAiEA263Eb52+825EeNQZM0AME+aoH1319Zp9/J5ijILW+6ACIQCg -gyg5u9Iliel99l7SuMhNeLkrU7fXs+Of1nTyyM73ig== ------END CERTIFICATE----- -``` - -### `--rotate` - -Root CA Rotation is recommended if one or more of the swarm managers have been -compromised, so that those managers can no longer connect to or be trusted by -any other node in the cluster. - -Alternately, root CA rotation can be used to give control of the swarm CA -to an external CA, or to take control back from an external CA. - -The `--rotate` flag does not require any parameters to do a rotation, but you can -optionally specify a certificate and key, or a certificate and external CA URL, -and those will be used instead of an automatically-generated certificate/key pair. - -Because the root CA key should be kept secret, if provided it will not be visible -when viewing swarm any information via the CLI or API. - -The root CA rotation will not be completed until all registered nodes have -rotated their TLS certificates. If the rotation is not completing within a -reasonable amount of time, try running -`docker node ls --format {{.ID}} {{.Hostname}} {{.Status}} {{.TLSStatus}}` to -see if any nodes are down or otherwise unable to rotate TLS certificates. - - -### `--detach` - -Initiate the root CA rotation, but do not wait for the completion of or display the -progress of the rotation. - -## Related commands - -* [swarm init](swarm_init.md) -* [swarm join](swarm_join.md) -* [swarm join-token](swarm_join_token.md) -* [swarm leave](swarm_leave.md) -* [swarm unlock](swarm_unlock.md) -* [swarm unlock-key](swarm_unlock_key.md) diff --git a/components/engine/docs/reference/commandline/swarm_init.md b/components/engine/docs/reference/commandline/swarm_init.md deleted file mode 100644 index f011758a3a..0000000000 --- a/components/engine/docs/reference/commandline/swarm_init.md +++ /dev/null @@ -1,168 +0,0 @@ ---- -title: "swarm init" -description: "The swarm init command description and usage" -keywords: "swarm, init" ---- - - - -# swarm init - -```markdown -Usage: docker swarm init [OPTIONS] - -Initialize a swarm - -Options: - --advertise-addr string Advertised address (format: [:port]) - --autolock Enable manager autolocking (requiring an unlock key to start a stopped manager) - --availability string Availability of the node ("active"|"pause"|"drain") (default "active") - --cert-expiry duration Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s) - --data-path-addr string Address or interface to use for data path traffic (format: ) - --dispatcher-heartbeat duration Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s) - --external-ca external-ca Specifications of one or more certificate signing endpoints - --force-new-cluster Force create a new cluster from current state - --help Print usage - --listen-addr node-addr Listen address (format: [:port]) (default 0.0.0.0:2377) - --max-snapshots uint Number of additional Raft snapshots to retain - --snapshot-interval uint Number of log entries between Raft snapshots (default 10000) - --task-history-limit int Task history retention limit (default 5) -``` - -## Description - -Initialize a swarm. The docker engine targeted by this command becomes a manager -in the newly created single-node swarm. - -## Examples - -```bash -$ docker swarm init --advertise-addr 192.168.99.121 -Swarm initialized: current node (bvz81updecsj6wjz393c09vti) is now a manager. - -To add a worker to this swarm, run the following command: - - docker swarm join \ - --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx \ - 172.17.0.2:2377 - -To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions. -``` - -`docker swarm init` generates two random tokens, a worker token and a manager token. When you join -a new node to the swarm, the node joins as a worker or manager node based upon the token you pass -to [swarm join](swarm_join.md). - -After you create the swarm, you can display or rotate the token using -[swarm join-token](swarm_join_token.md). - -### `--autolock` - -This flag enables automatic locking of managers with an encryption key. The -private keys and data stored by all managers will be protected by the -encryption key printed in the output, and will not be accessible without it. -Thus, it is very important to store this key in order to activate a manager -after it restarts. The key can be passed to `docker swarm unlock` to reactivate -the manager. Autolock can be disabled by running -`docker swarm update --autolock=false`. After disabling it, the encryption key -is no longer required to start the manager, and it will start up on its own -without user intervention. - -### `--cert-expiry` - -This flag sets the validity period for node certificates. - -### `--dispatcher-heartbeat` - -This flag sets the frequency with which nodes are told to use as a -period to report their health. - -### `--external-ca` - -This flag sets up the swarm to use an external CA to issue node certificates. The value takes -the form `protocol=X,url=Y`. The value for `protocol` specifies what protocol should be used -to send signing requests to the external CA. Currently, the only supported value is `cfssl`. -The URL specifies the endpoint where signing requests should be submitted. - -### `--force-new-cluster` - -This flag forces an existing node that was part of a quorum that was lost to restart as a single node Manager without losing its data. - -### `--listen-addr` - -The node listens for inbound swarm manager traffic on this address. The default is to listen on -0.0.0.0:2377. It is also possible to specify a network interface to listen on that interface's -address; for example `--listen-addr eth0:2377`. - -Specifying a port is optional. If the value is a bare IP address or interface -name, the default port 2377 will be used. - -### `--advertise-addr` - -This flag specifies the address that will be advertised to other members of the -swarm for API access and overlay networking. If unspecified, Docker will check -if the system has a single IP address, and use that IP address with the -listening port (see `--listen-addr`). If the system has multiple IP addresses, -`--advertise-addr` must be specified so that the correct address is chosen for -inter-manager communication and overlay networking. - -It is also possible to specify a network interface to advertise that interface's address; -for example `--advertise-addr eth0:2377`. - -Specifying a port is optional. If the value is a bare IP address or interface -name, the default port 2377 will be used. - -### `--data-path-addr` - -This flag specifies the address that global scope network drivers will publish towards -other nodes in order to reach the containers running on this node. -Using this parameter it is then possible to separate the container's data traffic from the -management traffic of the cluster. -If unspecified, Docker will use the same IP address or interface that is used for the -advertise address. - -### `--task-history-limit` - -This flag sets up task history retention limit. - -### `--max-snapshots` - -This flag sets the number of old Raft snapshots to retain in addition to the -current Raft snapshots. By default, no old snapshots are retained. This option -may be used for debugging, or to store old snapshots of the swarm state for -disaster recovery purposes. - -### `--snapshot-interval` - -This flag specifies how many log entries to allow in between Raft snapshots. -Setting this to a higher number will trigger snapshots less frequently. -Snapshots compact the Raft log and allow for more efficient transfer of the -state to new managers. However, there is a performance cost to taking snapshots -frequently. - -### `--availability` - -This flag specifies the availability of the node at the time the node joins a master. -Possible availability values are `active`, `pause`, or `drain`. - -This flag is useful in certain situations. For example, a cluster may want to have -dedicated manager nodes that are not served as worker nodes. This could be achieved -by passing `--availability=drain` to `docker swarm init`. - - -## Related commands - -* [swarm ca](swarm_ca.md) -* [swarm join](swarm_join.md) -* [swarm join-token](swarm_join_token.md) -* [swarm leave](swarm_leave.md) -* [swarm unlock](swarm_unlock.md) -* [swarm unlock-key](swarm_unlock_key.md) -* [swarm update](swarm_update.md) diff --git a/components/engine/docs/reference/commandline/swarm_join.md b/components/engine/docs/reference/commandline/swarm_join.md deleted file mode 100644 index 8d2dfe6d00..0000000000 --- a/components/engine/docs/reference/commandline/swarm_join.md +++ /dev/null @@ -1,130 +0,0 @@ ---- -title: "swarm join" -description: "The swarm join command description and usage" -keywords: "swarm, join" ---- - - - -# swarm join - -```markdown -Usage: docker swarm join [OPTIONS] HOST:PORT - -Join a swarm as a node and/or manager - -Options: - --advertise-addr string Advertised address (format: [:port]) - --availability string Availability of the node ("active"|"pause"|"drain") (default "active") - --data-path-addr string Address or interface to use for data path traffic (format: ) - --help Print usage - --listen-addr node-addr Listen address (format: [:port]) (default 0.0.0.0:2377) - --token string Token for entry into the swarm -``` - -## Description - -Join a node to a swarm. The node joins as a manager node or worker node based upon the token you -pass with the `--token` flag. If you pass a manager token, the node joins as a manager. If you -pass a worker token, the node joins as a worker. - -## Examples - -### Join a node to swarm as a manager - -The example below demonstrates joining a manager node using a manager token. - -```bash -$ docker swarm join --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2 192.168.99.121:2377 -This node joined a swarm as a manager. -$ docker node ls -ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS -dkp8vy1dq1kxleu9g4u78tlag * manager2 Ready Active Reachable -dvfxp4zseq4s0rih1selh0d20 manager1 Ready Active Leader -``` - -A cluster should only have 3-7 managers at most, because a majority of managers must be available -for the cluster to function. Nodes that aren't meant to participate in this management quorum -should join as workers instead. Managers should be stable hosts that have static IP addresses. - -### Join a node to swarm as a worker - -The example below demonstrates joining a worker node using a worker token. - -```bash -$ docker swarm join --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx 192.168.99.121:2377 -This node joined a swarm as a worker. -$ docker node ls -ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS -7ln70fl22uw2dvjn2ft53m3q5 worker2 Ready Active -dkp8vy1dq1kxleu9g4u78tlag worker1 Ready Active Reachable -dvfxp4zseq4s0rih1selh0d20 * manager1 Ready Active Leader -``` - -### `--listen-addr value` - -If the node is a manager, it will listen for inbound swarm manager traffic on this -address. The default is to listen on 0.0.0.0:2377. It is also possible to specify a -network interface to listen on that interface's address; for example `--listen-addr eth0:2377`. - -Specifying a port is optional. If the value is a bare IP address, or interface -name, the default port 2377 will be used. - -This flag is generally not necessary when joining an existing swarm. - -### `--advertise-addr value` - -This flag specifies the address that will be advertised to other members of the -swarm for API access. If unspecified, Docker will check if the system has a -single IP address, and use that IP address with the listening port (see -`--listen-addr`). If the system has multiple IP addresses, `--advertise-addr` -must be specified so that the correct address is chosen for inter-manager -communication and overlay networking. - -It is also possible to specify a network interface to advertise that interface's address; -for example `--advertise-addr eth0:2377`. - -Specifying a port is optional. If the value is a bare IP address, or interface -name, the default port 2377 will be used. - -This flag is generally not necessary when joining an existing swarm. - -### `--data-path-addr` - -This flag specifies the address that global scope network drivers will publish towards -other nodes in order to reach the containers running on this node. -Using this parameter it is then possible to separate the container's data traffic from the -management traffic of the cluster. -If unspecified, Docker will use the same IP address or interface that is used for the -advertise address. - -### `--token string` - -Secret value required for nodes to join the swarm - -### `--availability` - -This flag specifies the availability of the node at the time the node joins a master. -Possible availability values are `active`, `pause`, or `drain`. - -This flag is useful in certain situations. For example, a cluster may want to have -dedicated manager nodes that are not served as worker nodes. This could be achieved -by passing `--availability=drain` to `docker swarm join`. - - -## Related commands - -* [swarm ca](swarm_ca.md) -* [swarm init](swarm_init.md) -* [swarm join-token](swarm_join_token.md) -* [swarm leave](swarm_leave.md) -* [swarm unlock](swarm_unlock.md) -* [swarm unlock-key](swarm_unlock_key.md) -* [swarm update](swarm_update.md) diff --git a/components/engine/docs/reference/commandline/swarm_join_token.md b/components/engine/docs/reference/commandline/swarm_join_token.md deleted file mode 100644 index 44d9cf3ec7..0000000000 --- a/components/engine/docs/reference/commandline/swarm_join_token.md +++ /dev/null @@ -1,115 +0,0 @@ ---- -title: "swarm join-token" -description: "The swarm join-token command description and usage" -keywords: "swarm, join-token" ---- - - - -# swarm join-token - -```markdown -Usage: docker swarm join-token [OPTIONS] (worker|manager) - -Manage join tokens - -Options: - --help Print usage - -q, --quiet Only display token - --rotate Rotate join token -``` - -## Description - -Join tokens are secrets that allow a node to join the swarm. There are two -different join tokens available, one for the worker role and one for the manager -role. You pass the token using the `--token` flag when you run -[swarm join](swarm_join.md). Nodes use the join token only when they join the -swarm. - -## Examples - -You can view or rotate the join tokens using `swarm join-token`. - -As a convenience, you can pass `worker` or `manager` as an argument to -`join-token` to print the full `docker swarm join` command to join a new node to -the swarm: - -```bash -$ docker swarm join-token worker -To add a worker to this swarm, run the following command: - - docker swarm join \ - --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx \ - 172.17.0.2:2377 - -$ docker swarm join-token manager -To add a manager to this swarm, run the following command: - - docker swarm join \ - --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2 \ - 172.17.0.2:2377 -``` - -Use the `--rotate` flag to generate a new join token for the specified role: - -```bash -$ docker swarm join-token --rotate worker -Successfully rotated worker join token. - -To add a worker to this swarm, run the following command: - - docker swarm join \ - --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-b30ljddcqhef9b9v4rs7mel7t \ - 172.17.0.2:2377 -``` - -After using `--rotate`, only the new token will be valid for joining with the specified role. - -The `-q` (or `--quiet`) flag only prints the token: - -```bash -$ docker swarm join-token -q worker - -SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-b30ljddcqhef9b9v4rs7mel7t -``` - -### `--rotate` - -Because tokens allow new nodes to join the swarm, you should keep them secret. -Be particularly careful with manager tokens since they allow new manager nodes -to join the swarm. A rogue manager has the potential to disrupt the operation of -your swarm. - -Rotate your swarm's join token if a token gets checked-in to version control, -stolen, or a node is compromised. You may also want to periodically rotate the -token to ensure any unknown token leaks do not allow a rogue node to join -the swarm. - -To rotate the join token and print the newly generated token, run -`docker swarm join-token --rotate` and pass the role: `manager` or `worker`. - -Rotating a join-token means that no new nodes will be able to join the swarm -using the old token. Rotation does not affect existing nodes in the swarm -because the join token is only used for authorizing new nodes joining the swarm. - -### `--quiet` - -Only print the token. Do not print a complete command for joining. - -## Related commands - -* [swarm ca](swarm_ca.md) -* [swarm init](swarm_init.md) -* [swarm join](swarm_join.md) -* [swarm leave](swarm_leave.md) -* [swarm unlock](swarm_unlock.md) -* [swarm unlock-key](swarm_unlock_key.md) -* [swarm update](swarm_update.md) diff --git a/components/engine/docs/reference/commandline/swarm_leave.md b/components/engine/docs/reference/commandline/swarm_leave.md deleted file mode 100644 index 1c898ea9a5..0000000000 --- a/components/engine/docs/reference/commandline/swarm_leave.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -title: "swarm leave" -description: "The swarm leave command description and usage" -keywords: "swarm, leave" ---- - - - -# swarm leave - -```markdown -Usage: docker swarm leave [OPTIONS] - -Leave the swarm - -Options: - -f, --force Force this node to leave the swarm, ignoring warnings - --help Print usage -``` - -## Description - -When you run this command on a worker, that worker leaves the swarm. - -You can use the `--force` option on a manager to remove it from the swarm. -However, this does not reconfigure the swarm to ensure that there are enough -managers to maintain a quorum in the swarm. The safe way to remove a manager -from a swarm is to demote it to a worker and then direct it to leave the quorum -without using `--force`. Only use `--force` in situations where the swarm will -no longer be used after the manager leaves, such as in a single-node swarm. - -## Examples - -Consider the following swarm, as seen from the manager: - -```bash -$ docker node ls -ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS -7ln70fl22uw2dvjn2ft53m3q5 worker2 Ready Active -dkp8vy1dq1kxleu9g4u78tlag worker1 Ready Active -dvfxp4zseq4s0rih1selh0d20 * manager1 Ready Active Leader -``` - -To remove `worker2`, issue the following command from `worker2` itself: - -```bash -$ docker swarm leave -Node left the default swarm. -``` - -The node will still appear in the node list, and marked as `down`. It no longer -affects swarm operation, but a long list of `down` nodes can clutter the node -list. To remove an inactive node from the list, use the [`node rm`](node_rm.md) -command. - -## Related commands - -* [swarm ca](swarm_ca.md) -* [node rm](node_rm.md) -* [swarm init](swarm_init.md) -* [swarm join](swarm_join.md) -* [swarm join-token](swarm_join_token.md) -* [swarm unlock](swarm_unlock.md) -* [swarm unlock-key](swarm_unlock_key.md) -* [swarm update](swarm_update.md) diff --git a/components/engine/docs/reference/commandline/swarm_unlock.md b/components/engine/docs/reference/commandline/swarm_unlock.md deleted file mode 100644 index d2f5fc4954..0000000000 --- a/components/engine/docs/reference/commandline/swarm_unlock.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: "swarm unlock" -description: "The swarm unlock command description and usage" -keywords: "swarm, unlock" ---- - - - -# swarm unlock - -```markdown -Usage: docker swarm unlock - -Unlock swarm - -Options: - --help Print usage -``` - -## Description - -Unlocks a locked manager using a user-supplied unlock key. This command must be -used to reactivate a manager after its Docker daemon restarts if the autolock -setting is turned on. The unlock key is printed at the time when autolock is -enabled, and is also available from the `docker swarm unlock-key` command. - -## Examples - -```bash -$ docker swarm unlock -Please enter unlock key: -``` - -## Related commands - -* [swarm ca](swarm_ca.md) -* [swarm init](swarm_init.md) -* [swarm join](swarm_join.md) -* [swarm join-token](swarm_join_token.md) -* [swarm leave](swarm_leave.md) -* [swarm unlock-key](swarm_unlock_key.md) -* [swarm update](swarm_update.md) diff --git a/components/engine/docs/reference/commandline/swarm_unlock_key.md b/components/engine/docs/reference/commandline/swarm_unlock_key.md deleted file mode 100644 index c0efd04922..0000000000 --- a/components/engine/docs/reference/commandline/swarm_unlock_key.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: "swarm unlock-key" -description: "The swarm unlock-keycommand description and usage" -keywords: "swarm, unlock-key" ---- - - - -# swarm unlock-key - -```markdown -Usage: docker swarm unlock-key [OPTIONS] - -Manage the unlock key - -Options: - --help Print usage - -q, --quiet Only display token - --rotate Rotate unlock key -``` - -## Description - -An unlock key is a secret key needed to unlock a manager after its Docker daemon -restarts. These keys are only used when the autolock feature is enabled for the -swarm. - -You can view or rotate the unlock key using `swarm unlock-key`. To view the key, -run the `docker swarm unlock-key` command without any arguments: - -## Examples - -```bash -$ docker swarm unlock-key - -To unlock a swarm manager after it restarts, run the `docker swarm unlock` -command and provide the following key: - - SWMKEY-1-fySn8TY4w5lKcWcJPIpKufejh9hxx5KYwx6XZigx3Q4 - -Please remember to store this key in a password manager, since without it you -will not be able to restart the manager. -``` - -Use the `--rotate` flag to rotate the unlock key to a new, randomly-generated -key: - -```bash -$ docker swarm unlock-key --rotate -Successfully rotated manager unlock key. - -To unlock a swarm manager after it restarts, run the `docker swarm unlock` -command and provide the following key: - - SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8 - -Please remember to store this key in a password manager, since without it you -will not be able to restart the manager. -``` - -The `-q` (or `--quiet`) flag only prints the key: - -```bash -$ docker swarm unlock-key -q -SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8 -``` - -### `--rotate` - -This flag rotates the unlock key, replacing it with a new randomly-generated -key. The old unlock key will no longer be accepted. - -### `--quiet` - -Only print the unlock key, without instructions. - -## Related commands - -* [swarm ca](swarm_ca.md) -* [swarm init](swarm_init.md) -* [swarm join](swarm_join.md) -* [swarm join-token](swarm_join_token.md) -* [swarm leave](swarm_leave.md) -* [swarm unlock](swarm_unlock.md) -* [swarm update](swarm_update.md) diff --git a/components/engine/docs/reference/commandline/swarm_update.md b/components/engine/docs/reference/commandline/swarm_update.md deleted file mode 100644 index 544ef381c0..0000000000 --- a/components/engine/docs/reference/commandline/swarm_update.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: "swarm update" -description: "The swarm update command description and usage" -keywords: "swarm, update" ---- - - - -# swarm update - -```markdown -Usage: docker swarm update [OPTIONS] - -Update the swarm - -Options: - --autolock Change manager autolocking setting (true|false) - --cert-expiry duration Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s) - --dispatcher-heartbeat duration Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s) - --external-ca external-ca Specifications of one or more certificate signing endpoints - --help Print usage - --max-snapshots uint Number of additional Raft snapshots to retain - --snapshot-interval uint Number of log entries between Raft snapshots (default 10000) - --task-history-limit int Task history retention limit (default 5) -``` - -## Description - -Updates a swarm with new parameter values. This command must target a manager node. - -## Examples - -```bash -$ docker swarm update --cert-expiry 720h -``` - -## Related commands - -* [swarm ca](swarm_ca.md) -* [swarm init](swarm_init.md) -* [swarm join](swarm_join.md) -* [swarm join-token](swarm_join_token.md) -* [swarm leave](swarm_leave.md) -* [swarm unlock](swarm_unlock.md) -* [swarm unlock-key](swarm_unlock_key.md) diff --git a/components/engine/docs/reference/commandline/system.md b/components/engine/docs/reference/commandline/system.md deleted file mode 100644 index 2484a4a987..0000000000 --- a/components/engine/docs/reference/commandline/system.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: "system" -description: "The system command description and usage" -keywords: "system" ---- - - - -# system - -```markdown -Usage: docker system COMMAND - -Manage Docker - -Options: - --help Print usage - -Commands: - df Show docker disk usage - events Get real time events from the server - info Display system-wide information - prune Remove unused data - -Run 'docker system COMMAND --help' for more information on a command. -``` - -## Description - -Manage Docker. diff --git a/components/engine/docs/reference/commandline/system_df.md b/components/engine/docs/reference/commandline/system_df.md deleted file mode 100644 index aedd9779e4..0000000000 --- a/components/engine/docs/reference/commandline/system_df.md +++ /dev/null @@ -1,140 +0,0 @@ ---- -title: "system df" -description: "The system df command description and usage" -keywords: "system, data, usage, disk" ---- - - - -# system df - -```markdown -Usage: docker system df [OPTIONS] - -Show docker filesystem usage - -Options: - --format string Pretty-print images using a Go template - --help Print usage - -v, --verbose Show detailed information on space usage -``` - -## Description - -The `docker system df` command displays information regarding the -amount of disk space used by the docker daemon. - -## Examples - -By default the command will just show a summary of the data used: - -```bash -$ docker system df - -TYPE TOTAL ACTIVE SIZE RECLAIMABLE -Images 5 2 16.43 MB 11.63 MB (70%) -Containers 2 0 212 B 212 B (100%) -Local Volumes 2 1 36 B 0 B (0%) -``` - -A more detailed view can be requested using the `-v, --verbose` flag: - -```bash -$ docker system df -v - -Images space usage: - -REPOSITORY TAG IMAGE ID CREATED SIZE SHARED SIZE UNIQUE SIZE CONTAINERS -my-curl latest b2789dd875bf 6 minutes ago 11 MB 11 MB 5 B 0 -my-jq latest ae67841be6d0 6 minutes ago 9.623 MB 8.991 MB 632.1 kB 0 - a0971c4015c1 6 minutes ago 11 MB 11 MB 0 B 0 -alpine latest 4e38e38c8ce0 9 weeks ago 4.799 MB 0 B 4.799 MB 1 -alpine 3.3 47cf20d8c26c 9 weeks ago 4.797 MB 4.797 MB 0 B 1 - -Containers space usage: - -CONTAINER ID IMAGE COMMAND LOCAL VOLUMES SIZE CREATED STATUS NAMES -4a7f7eebae0f alpine:latest "sh" 1 0 B 16 minutes ago Exited (0) 5 minutes ago hopeful_yalow -f98f9c2aa1ea alpine:3.3 "sh" 1 212 B 16 minutes ago Exited (0) 48 seconds ago anon-vol - -Local Volumes space usage: - -NAME LINKS SIZE -07c7bdf3e34ab76d921894c2b834f073721fccfbbcba792aa7648e3a7a664c2e 2 36 B -my-named-vol 0 0 B -``` - -* `SHARED SIZE` is the amount of space that an image shares with another one (i.e. their common data) -* `UNIQUE SIZE` is the amount of space that is only used by a given image -* `SIZE` is the virtual size of the image, it is the sum of `SHARED SIZE` and `UNIQUE SIZE` - -> **Note**: Network information is not shown because it doesn't consume the disk -> space. - -## Performance - -The `system df` command can be very resource-intensive. It traverses the -filesystem of every image, container, and volume in the system. You should be -careful running this command in systems with lots of images, containers, or -volumes or in systems where some images, containers, or volumes have very large -filesystems with many files. You should also be careful not to run this command -in systems where performance is critical. - -## Format the output - -The formatting option (`--format`) pretty prints the disk usage output -using a Go template. - -Valid placeholders for the Go template are listed below: - -| Placeholder | Description | -| -------------- | ------------------------------------------ | -| `.Type` | `Images`, `Containers` and `Local Volumes` | -| `.TotalCount` | Total number of items | -| `.Active` | Number of active items | -| `.Size` | Available size | -| `.Reclaimable` | Reclaimable size | - -When using the `--format` option, the `system df` command outputs -the data exactly as the template declares or, when using the -`table` directive, will include column headers as well. - -The following example uses a template without headers and outputs the -`Type` and `TotalCount` entries separated by a colon: - -```bash -$ docker system df --format "{{.Type}}: {{.TotalCount}}" - -Images: 2 -Containers: 4 -Local Volumes: 1 -``` - -To list the disk usage with size and reclaimable size in a table format you -can use: - -```bash -$ docker system df --format "table {{.Type}}\t{{.Size}}\t{{.Reclaimable}}" - -TYPE SIZE RECLAIMABLE -Images 2.547 GB 2.342 GB (91%) -Containers 0 B 0 B -Local Volumes 150.3 MB 150.3 MB (100%) - -``` - -**Note** the format option is meaningless when verbose is true. - -## Related commands -* [system prune](system_prune.md) -* [container prune](container_prune.md) -* [volume prune](volume_prune.md) -* [image prune](image_prune.md) -* [network prune](network_prune.md) diff --git a/components/engine/docs/reference/commandline/system_events.md b/components/engine/docs/reference/commandline/system_events.md deleted file mode 100644 index 76ef4de8f6..0000000000 --- a/components/engine/docs/reference/commandline/system_events.md +++ /dev/null @@ -1,345 +0,0 @@ ---- -title: "system events" -description: "The system events command description and usage" -keywords: "system, events, container, report" ---- - - - -# system events - -```markdown -Usage: docker system events [OPTIONS] - -Get real time events from the server - -Options: - -f, --filter value Filter output based on conditions provided (default []) - --format string Format the output using the given Go template - --help Print usage - --since string Show all events created since timestamp - --until string Stream events until this timestamp -``` - -## Description - -Use `docker system events` to get real-time events from the server. These -events differ per Docker object type. - -### Object types - -#### Containers - -Docker containers report the following events: - -- `attach` -- `commit` -- `copy` -- `create` -- `destroy` -- `detach` -- `die` -- `exec_create` -- `exec_detach` -- `exec_start` -- `export` -- `health_status` -- `kill` -- `oom` -- `pause` -- `rename` -- `resize` -- `restart` -- `start` -- `stop` -- `top` -- `unpause` -- `update` - -#### Images - -Docker images report the following events: - -- `delete` -- `import` -- `load` -- `pull` -- `push` -- `save` -- `tag` -- `untag` - -#### Plugins - -Docker plugins report the following events: - -- `install` -- `enable` -- `disable` -- `remove` - -#### Volumes - -Docker volumes report the following events: - -- `create` -- `mount` -- `unmount` -- `destroy` - -#### Networks - -Docker networks report the following events: - -- `create` -- `connect` -- `disconnect` -- `destroy` - -#### Daemons - -Docker daemons report the following events: - -- `reload` - -### Limiting, filtering, and formatting the output - -#### Limit events by time - -The `--since` and `--until` parameters can be Unix timestamps, date formatted -timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed -relative to the client machine’s time. If you do not provide the `--since` option, -the command returns only new and/or live events. Supported formats for date -formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, -`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local -timezone on the client will be used if you do not provide either a `Z` or a -`+-00:00` timezone offset at the end of the timestamp. When providing Unix -timestamps enter seconds[.nanoseconds], where seconds is the number of seconds -that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap -seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a -fraction of a second no more than nine digits long. - -#### Filtering - -The filtering flag (`-f` or `--filter`) format is of "key=value". If you would -like to use multiple filters, pass multiple flags (e.g., -`--filter "foo=bar" --filter "bif=baz"`) - -Using the same filter multiple times will be handled as a *OR*; for example -`--filter container=588a23dac085 --filter container=a8f7720b8c22` will display -events for container 588a23dac085 *OR* container a8f7720b8c22 - -Using multiple filters will be handled as a *AND*; for example -`--filter container=588a23dac085 --filter event=start` will display events for -container container 588a23dac085 *AND* the event type is *start* - -The currently supported filters are: - -* container (`container=`) -* daemon (`daemon=`) -* event (`event=`) -* image (`image=`) -* label (`label=` or `label==`) -* network (`network=`) -* plugin (`plugin=`) -* type (`type=`) -* volume (`volume=`) - -#### Format - -If a format (`--format`) is specified, the given template will be executed -instead of the default -format. Go's [text/template](http://golang.org/pkg/text/template/) package -describes all the details of the format. - -If a format is set to `{{json .}}`, the events are streamed as valid JSON -Lines. For information about JSON Lines, please refer to http://jsonlines.org/ . - -## Examples - -### Basic example - -You'll need two shells for this example. - -**Shell 1: Listening for events:** - -```bash -$ docker system events -``` - -**Shell 2: Start and Stop containers:** - -```bash -$ docker create --name test alpine:latest top -$ docker start test -$ docker stop test -``` - -**Shell 1: (Again .. now showing events):** - -```none -2017-01-05T00:35:58.859401177+08:00 container create 0fdb48addc82871eb34eb23a847cfd033dedd1a0a37bef2e6d9eb3870fc7ff37 (image=alpine:latest, name=test) -2017-01-05T00:36:04.703631903+08:00 network connect e2e1f5ceda09d4300f3a846f0acfaa9a8bb0d89e775eb744c5acecd60e0529e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) -2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) -2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) -2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) -``` - -To exit the `docker system events` command, use `CTRL+C`. - -### Filter events by time - -You can filter the output by an absolute timestamp or relative time on the host -machine, using the following different time syntaxes: - -```bash -$ docker system events --since 1483283804 -2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) -2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) -2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) -2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) -2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) -2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - -$ docker system events --since '2017-01-05' -2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) -2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) -2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) -2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) -2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) -2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - -$ docker system events --since '2013-09-03T15:49:29' -2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) -2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) -2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) -2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) -2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) -2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - -$ docker system events --since '10m' -2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) -2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) -2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) -2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) -2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) -2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) -2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) -``` - -### Filter events by criteria - -The following commands show several different ways to filter the `docker event` -output. - -```bash -$ docker system events --filter 'event=stop' - -2017-01-05T00:40:22.880175420+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) -2017-01-05T00:41:17.888104182+08:00 container stop 2a8f...4e78 (image=alpine, name=kickass_brattain) - -$ docker system events --filter 'image=alpine' - -2017-01-05T00:41:55.784240236+08:00 container create d9cd...4d70 (image=alpine, name=happy_meitner) -2017-01-05T00:41:55.913156783+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner) -2017-01-05T00:42:01.106875249+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=15) -2017-01-05T00:42:11.111934041+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=9) -2017-01-05T00:42:11.119578204+08:00 container die d9cd...4d70 (exitCode=137, image=alpine, name=happy_meitner) -2017-01-05T00:42:11.173276611+08:00 container stop d9cd...4d70 (image=alpine, name=happy_meitner) - -$ docker system events --filter 'container=test' - -2017-01-05T00:43:00.139719934+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) -2017-01-05T00:43:09.259951086+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) -2017-01-05T00:43:09.270102715+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) -2017-01-05T00:43:09.312556440+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - -$ docker system events --filter 'container=test' --filter 'container=d9cdb1525ea8' - -2017-01-05T00:44:11.517071981+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) -2017-01-05T00:44:17.685870901+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner) -2017-01-05T00:44:29.757658470+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=9) -2017-01-05T00:44:29.767718510+08:00 container die 0fdb...ff37 (exitCode=137, image=alpine:latest, name=test) -2017-01-05T00:44:29.815798344+08:00 container destroy 0fdb...ff37 (image=alpine:latest, name=test) - -$ docker system events --filter 'container=test' --filter 'event=stop' - -2017-01-05T00:46:13.664099505+08:00 container stop a9d1...e130 (image=alpine, name=test) - -$ docker system events --filter 'type=volume' - -2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local) -2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562f...5025, destination=/foo, driver=local, propagation=rprivate) -2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562f...5025, driver=local) -2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local) - -$ docker system events --filter 'type=network' - -2015-12-23T21:38:24.705709133Z network create 8b11...2c5b (name=test-event-network-local, type=bridge) -2015-12-23T21:38:25.119625123Z network connect 8b11...2c5b (name=test-event-network-local, container=b4be...c54e, type=bridge) - -$ docker system events --filter 'container=container_1' --filter 'container=container_2' - -2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) -2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) -2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (imager=redis:2.8) -2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) - -$ docker system events --filter 'type=volume' - -2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local) -2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, destination=/foo, driver=local, propagation=rprivate) -2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, driver=local) -2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local) - -$ docker system events --filter 'type=network' - -2015-12-23T21:38:24.705709133Z network create 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, type=bridge) -2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge) - -$ docker system events --filter 'type=plugin' - -2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) -2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) -``` - -### Format the output - -```bash -$ docker system events --filter 'type=container' --format 'Type={{.Type}} Status={{.Status}} ID={{.ID}}' - -Type=container Status=create ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 -Type=container Status=attach ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 -Type=container Status=start ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 -Type=container Status=resize ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 -Type=container Status=die ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 -Type=container Status=destroy ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 -``` - -#### Format as JSON - -```none - $ docker system events --format '{{json .}}' - - {"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. - {"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. - {"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e.. - {"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42.. - {"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. -``` diff --git a/components/engine/docs/reference/commandline/system_prune.md b/components/engine/docs/reference/commandline/system_prune.md deleted file mode 100644 index e09fec4d7f..0000000000 --- a/components/engine/docs/reference/commandline/system_prune.md +++ /dev/null @@ -1,110 +0,0 @@ ---- -title: "system prune" -description: "Remove unused data" -keywords: "system, prune, delete, remove" ---- - - - -# system prune - -```markdown -Usage: docker system prune [OPTIONS] - -Delete unused data - -Options: - -a, --all Remove all unused images not just dangling ones - --filter filter Provide filter values (e.g. 'until=') - -f, --force Do not prompt for confirmation - --help Print usage -``` - -## Description - -Remove all unused containers, volumes, networks and images (both dangling and unreferenced). - -## Examples - -```bash -$ docker system prune -a - -WARNING! This will remove: - - all stopped containers - - all volumes not used by at least one container - - all networks not used by at least one container - - all images without at least one container associated to them -Are you sure you want to continue? [y/N] y -Deleted Containers: -0998aa37185a1a7036b0e12cf1ac1b6442dcfa30a5c9650a42ed5010046f195b -73958bfb884fa81fa4cc6baf61055667e940ea2357b4036acbbe25a60f442a4d - -Deleted Volumes: -named-vol - -Deleted Images: -untagged: my-curl:latest -deleted: sha256:7d88582121f2a29031d92017754d62a0d1a215c97e8f0106c586546e7404447d -deleted: sha256:dd14a93d83593d4024152f85d7c63f76aaa4e73e228377ba1d130ef5149f4d8b -untagged: alpine:3.3 -deleted: sha256:695f3d04125db3266d4ab7bbb3c6b23aa4293923e762aa2562c54f49a28f009f -untagged: alpine:latest -deleted: sha256:ee4603260daafe1a8c2f3b78fd760922918ab2441cbb2853ed5c439e59c52f96 -deleted: sha256:9007f5987db353ec398a223bc5a135c5a9601798ba20a1abba537ea2f8ac765f -deleted: sha256:71fa90c8f04769c9721459d5aa0936db640b92c8c91c9b589b54abd412d120ab -deleted: sha256:bb1c3357b3c30ece26e6604aea7d2ec0ace4166ff34c3616701279c22444c0f3 -untagged: my-jq:latest -deleted: sha256:6e66d724542af9bc4c4abf4a909791d7260b6d0110d8e220708b09e4ee1322e1 -deleted: sha256:07b3fa89d4b17009eb3988dfc592c7d30ab3ba52d2007832dffcf6d40e3eda7f -deleted: sha256:3a88a5c81eb5c283e72db2dbc6d65cbfd8e80b6c89bb6e714cfaaa0eed99c548 - -Total reclaimed space: 13.5 MB -``` - -### Filtering - -The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more -than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - -The currently supported filters are: - -* until (``) - only remove containers, images, and networks created before given timestamp -* label (`label=`, `label==`, `label!=`, or `label!==`) - only remove containers, images, networks, and volumes with (or without, in case `label!=...` is used) the specified labels. - -The `until` filter can be Unix timestamps, date formatted -timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed -relative to the daemon machine’s time. Supported formats for date -formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, -`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local -timezone on the daemon will be used if you do not provide either a `Z` or a -`+-00:00` timezone offset at the end of the timestamp. When providing Unix -timestamps enter seconds[.nanoseconds], where seconds is the number of seconds -that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap -seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a -fraction of a second no more than nine digits long. - -The `label` filter accepts two formats. One is the `label=...` (`label=` or `label==`), -which removes containers, images, networks, and volumes with the specified labels. The other -format is the `label!=...` (`label!=` or `label!==`), which removes -containers, images, networks, and volumes without the specified labels. - -## Related commands - -* [volume create](volume_create.md) -* [volume ls](volume_ls.md) -* [volume inspect](volume_inspect.md) -* [volume rm](volume_rm.md) -* [volume prune](volume_prune.md) -* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/) -* [system df](system_df.md) -* [container prune](container_prune.md) -* [image prune](image_prune.md) -* [network prune](network_prune.md) -* [system prune](system_prune.md) diff --git a/components/engine/docs/reference/commandline/tag.md b/components/engine/docs/reference/commandline/tag.md deleted file mode 100644 index 5f9defd8a9..0000000000 --- a/components/engine/docs/reference/commandline/tag.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: "tag" -description: "The tag command description and usage" -keywords: "tag, name, image" ---- - - - -# tag - -```markdown -Usage: docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG] - -Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE - -Options: - --help Print usage -``` - -## Description - -An image name is made up of slash-separated name components, optionally prefixed -by a registry hostname. The hostname must comply with standard DNS rules, but -may not contain underscores. If a hostname is present, it may optionally be -followed by a port number in the format `:8080`. If not present, the command -uses Docker's public registry located at `registry-1.docker.io` by default. Name -components may contain lowercase letters, digits and separators. A separator -is defined as a period, one or two underscores, or one or more dashes. A name -component may not start or end with a separator. - -A tag name must be valid ASCII and may contain lowercase and uppercase letters, -digits, underscores, periods and dashes. A tag name may not start with a -period or a dash and may contain a maximum of 128 characters. - -You can group your images together using names and tags, and then upload them -to [*Share Images via Repositories*](https://docs.docker.com/engine/tutorials/dockerrepos/#/contributing-to-docker-hub). - -## Examples - -### Tag an image referenced by ID - -To tag a local image with ID "0e5574283393" into the "fedora" repository with -"version1.0": - -```bash -$ docker tag 0e5574283393 fedora/httpd:version1.0 -``` - -### Tag an image referenced by Name - -To tag a local image with name "httpd" into the "fedora" repository with -"version1.0": - -```bash -$ docker tag httpd fedora/httpd:version1.0 -``` - -Note that since the tag name is not specified, the alias is created for an -existing local version `httpd:latest`. - -### Tag an image referenced by Name and Tag - -To tag a local image with name "httpd" and tag "test" into the "fedora" -repository with "version1.0.test": - -```bash -$ docker tag httpd:test fedora/httpd:version1.0.test -``` - -### Tag an image for a private repository - -To push an image to a private registry and not the central Docker -registry you must tag it with the registry hostname and port (if needed). - -```bash -$ docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0 -``` diff --git a/components/engine/docs/reference/commandline/top.md b/components/engine/docs/reference/commandline/top.md deleted file mode 100644 index 0a04828775..0000000000 --- a/components/engine/docs/reference/commandline/top.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -title: "top" -description: "The top command description and usage" -keywords: "container, running, processes" ---- - - - -# top - -```markdown -Usage: docker top CONTAINER [ps OPTIONS] - -Display the running processes of a container - -Options: - --help Print usage -``` diff --git a/components/engine/docs/reference/commandline/unpause.md b/components/engine/docs/reference/commandline/unpause.md deleted file mode 100644 index 8915a43b40..0000000000 --- a/components/engine/docs/reference/commandline/unpause.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: "unpause" -description: "The unpause command description and usage" -keywords: "cgroups, suspend, container" ---- - - - -# unpause - -```markdown -Usage: docker unpause CONTAINER [CONTAINER...] - -Unpause all processes within one or more containers - -Options: - --help Print usage -``` - -## Description - -The `docker unpause` command un-suspends all processes in the specified containers. -On Linux, it does this using the cgroups freezer. - -See the -[cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) -for further details. - -## Examples - -```bash -$ docker unpause my_container -``` - -## Related commands - -* [pause](pause.md) diff --git a/components/engine/docs/reference/commandline/update.md b/components/engine/docs/reference/commandline/update.md deleted file mode 100644 index 935dc9bf36..0000000000 --- a/components/engine/docs/reference/commandline/update.md +++ /dev/null @@ -1,123 +0,0 @@ ---- -title: "update" -description: "The update command description and usage" -keywords: "resources, update, dynamically" ---- - - - -## update - -```markdown -Usage: docker update [OPTIONS] CONTAINER [CONTAINER...] - -Update configuration of one or more containers - -Options: - --blkio-weight uint16 Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0) - --cpu-period int Limit CPU CFS (Completely Fair Scheduler) period - --cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota - --cpu-rt-period int Limit the CPU real-time period in microseconds - --cpu-rt-runtime int Limit the CPU real-time runtime in microseconds - -c, --cpu-shares int CPU shares (relative weight) - --cpus decimal Number of CPUs (default 0.000) - --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) - --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) - --help Print usage - --kernel-memory string Kernel memory limit - -m, --memory string Memory limit - --memory-reservation string Memory soft limit - --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap - --restart string Restart policy to apply when a container exits -``` - -## Description - -The `docker update` command dynamically updates container configuration. -You can use this command to prevent containers from consuming too many -resources from their Docker host. With a single command, you can place -limits on a single container or on many. To specify more than one container, -provide space-separated list of container names or IDs. - -With the exception of the `--kernel-memory` option, you can specify these -options on a running or a stopped container. On kernel version older than -4.6, you can only update `--kernel-memory` on a stopped container or on -a running container with kernel memory initialized. - -## Examples - -The following sections illustrate ways to use this command. - -### Update a container's cpu-shares - -To limit a container's cpu-shares to 512, first identify the container -name or ID. You can use `docker ps` to find these values. You can also -use the ID returned from the `docker run` command. Then, do the following: - -```bash -$ docker update --cpu-shares 512 abebf7571666 -``` - -### Update a container with cpu-shares and memory - -To update multiple resource configurations for multiple containers: - -```bash -$ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse -``` - -### Update a container's kernel memory constraints - -You can update a container's kernel memory limit using the `--kernel-memory` -option. On kernel version older than 4.6, this option can be updated on a -running container only if the container was started with `--kernel-memory`. -If the container was started *without* `--kernel-memory` you need to stop -the container before updating kernel memory. - -For example, if you started a container with this command: - -```bash -$ docker run -dit --name test --kernel-memory 50M ubuntu bash -``` - -You can update kernel memory while the container is running: - -```bash -$ docker update --kernel-memory 80M test -``` - -If you started a container *without* kernel memory initialized: - -```bash -$ docker run -dit --name test2 --memory 300M ubuntu bash -``` - -Update kernel memory of running container `test2` will fail. You need to stop -the container before updating the `--kernel-memory` setting. The next time you -start it, the container uses the new value. - -Kernel version newer than (include) 4.6 does not have this limitation, you -can use `--kernel-memory` the same way as other options. - -### Update a container's restart policy - -You can change a container's restart policy on a running container. The new -restart policy takes effect instantly after you run `docker update` on a -container. - -To update restart policy for one or more containers: - -```bash -$ docker update --restart=on-failure:3 abebf7571666 hopeful_morse -``` - -Note that if the container is started with "--rm" flag, you cannot update the restart -policy for it. The `AutoRemove` and `RestartPolicy` are mutually exclusive for the -container. diff --git a/components/engine/docs/reference/commandline/version.md b/components/engine/docs/reference/commandline/version.md deleted file mode 100644 index b15d13b97f..0000000000 --- a/components/engine/docs/reference/commandline/version.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: "version" -description: "The version command description and usage" -keywords: "version, architecture, api" ---- - - - -# version - -```markdown -Usage: docker version [OPTIONS] - -Show the Docker version information - -Options: - -f, --format string Format the output using the given Go template - --help Print usage -``` - -## Description - -By default, this will render all version information in an easy to read -layout. If a format is specified, the given template will be executed instead. - -Go's [text/template](http://golang.org/pkg/text/template/) package -describes all the details of the format. - -## Examples - -### Default output - -```bash -$ docker version - -Client: -Version: 1.8.0 -API version: 1.20 -Go version: go1.4.2 -Git commit: f5bae0a -Built: Tue Jun 23 17:56:00 UTC 2015 -OS/Arch: linux/amd64 - -Server: -Version: 1.8.0 -API version: 1.20 -Go version: go1.4.2 -Git commit: f5bae0a -Built: Tue Jun 23 17:56:00 UTC 2015 -OS/Arch: linux/amd64 -``` - -### Get the server version - -```bash -$ docker version --format '{{.Server.Version}}' - -1.8.0 -``` - -### Dump raw JSON data - -```bash -$ docker version --format '{{json .}}' - -{"Client":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"},"ServerOK":true,"Server":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","KernelVersion":"3.13.2-gentoo","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"}} -``` diff --git a/components/engine/docs/reference/commandline/volume.md b/components/engine/docs/reference/commandline/volume.md deleted file mode 100644 index d5dd9c592f..0000000000 --- a/components/engine/docs/reference/commandline/volume.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: "volume" -description: "The volume command description and usage" -keywords: "volume" ---- - - - -# volume - -```markdown -Usage: docker volume COMMAND - -Manage volumes - -Options: - --help Print usage - -Commands: - create Create a volume - inspect Display detailed information on one or more volumes - ls List volumes - prune Remove all unused volumes - rm Remove one or more volumes - -Run 'docker volume COMMAND --help' for more information on a command. -``` - -## Description - -Manage volumes. You can use subcommands to create, inspect, list, remove, or -prune volumes. - -## Related commands - -* [volume create](volume_create.md) -* [volume inspect](volume_inspect.md) -* [volume list](volume_list.md) -* [volume rm](volume_rm.md) -* [volume prune](volume_prune.md) -* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/) diff --git a/components/engine/docs/reference/commandline/volume_create.md b/components/engine/docs/reference/commandline/volume_create.md deleted file mode 100644 index b1eed37b5c..0000000000 --- a/components/engine/docs/reference/commandline/volume_create.md +++ /dev/null @@ -1,125 +0,0 @@ ---- -title: "volume create" -description: "The volume create command description and usage" -keywords: "volume, create" ---- - - - -# volume create - -```markdown -Usage: docker volume create [OPTIONS] [VOLUME] - -Create a volume - -Options: - -d, --driver string Specify volume driver name (default "local") - --help Print usage - --label value Set metadata for a volume (default []) - -o, --opt value Set driver specific options (default map[]) -``` - -## Description - -Creates a new volume that containers can consume and store data in. If a name is -not specified, Docker generates a random name. - -## Examples - -Create a volume and then configure the container to use it: - -```bash -$ docker volume create hello - -hello - -$ docker run -d -v hello:/world busybox ls /world -``` - -The mount is created inside the container's `/world` directory. Docker does not -support relative paths for mount points inside the container. - -Multiple containers can use the same volume in the same time period. This is -useful if two containers need access to shared data. For example, if one -container writes and the other reads the data. - -Volume names must be unique among drivers. This means you cannot use the same -volume name with two different drivers. If you attempt this `docker` returns an -error: - -```none -A volume named "hello" already exists with the "some-other" driver. Choose a different volume name. -``` - -If you specify a volume name already in use on the current driver, Docker -assumes you want to re-use the existing volume and does not return an error. - -### Driver-specific options - -Some volume drivers may take options to customize the volume creation. Use the -`-o` or `--opt` flags to pass driver options: - -```bash -$ docker volume create --driver fake \ - --opt tardis=blue \ - --opt timey=wimey \ - foo -``` - -These options are passed directly to the volume driver. Options for -different volume drivers may do different things (or nothing at all). - -The built-in `local` driver on Windows does not support any options. - -The built-in `local` driver on Linux accepts options similar to the linux -`mount` command. You can provide multiple options by passing the `--opt` flag -multiple times. Some `mount` options (such as the `o` option) can take a -comma-separated list of options. Complete list of available mount options can be -found [here](http://man7.org/linux/man-pages/man8/mount.8.html). - -For example, the following creates a `tmpfs` volume called `foo` with a size of -100 megabyte and `uid` of 1000. - -```bash -$ docker volume create --driver local \ - --opt type=tmpfs \ - --opt device=tmpfs \ - --opt o=size=100m,uid=1000 \ - foo -``` - -Another example that uses `btrfs`: - -```bash -$ docker volume create --driver local \ - --opt type=btrfs \ - --opt device=/dev/sda2 \ - foo -``` - -Another example that uses `nfs` to mount the `/path/to/dir` in `rw` mode from -`192.168.1.1`: - -```bash -$ docker volume create --driver local \ - --opt type=nfs \ - --opt o=addr=192.168.1.1,rw \ - --opt device=:/path/to/dir \ - foo -``` - -## Related commands - -* [volume inspect](volume_inspect.md) -* [volume ls](volume_ls.md) -* [volume rm](volume_rm.md) -* [volume prune](volume_prune.md) -* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/) diff --git a/components/engine/docs/reference/commandline/volume_inspect.md b/components/engine/docs/reference/commandline/volume_inspect.md deleted file mode 100644 index bbdc6bd3ee..0000000000 --- a/components/engine/docs/reference/commandline/volume_inspect.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: "volume inspect" -description: "The volume inspect command description and usage" -keywords: "volume, inspect" ---- - - - -# volume inspect - -```markdown -Usage: docker volume inspect [OPTIONS] VOLUME [VOLUME...] - -Display detailed information on one or more volumes - -Options: - -f, --format string Format the output using the given Go template - --help Print usage -``` - -## Description - -Returns information about a volume. By default, this command renders all results -in a JSON array. You can specify an alternate format to execute a -given template for each result. Go's -[text/template](http://golang.org/pkg/text/template/) package describes all the -details of the format. - -## Examples - -```bash -$ docker volume create -85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d -$ docker volume inspect 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d -[ - { - "Name": "85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d", - "Driver": "local", - "Mountpoint": "/var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data", - "Status": null - } -] - -$ docker volume inspect --format '{{ .Mountpoint }}' 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d -/var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data -``` - -## Related commands - -* [volume create](volume_create.md) -* [volume ls](volume_ls.md) -* [volume rm](volume_rm.md) -* [volume prune](volume_prune.md) -* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/) diff --git a/components/engine/docs/reference/commandline/volume_ls.md b/components/engine/docs/reference/commandline/volume_ls.md deleted file mode 100644 index 713922d60f..0000000000 --- a/components/engine/docs/reference/commandline/volume_ls.md +++ /dev/null @@ -1,199 +0,0 @@ ---- -title: "volume ls" -description: "The volume ls command description and usage" -keywords: "volume, list" ---- - - - -# volume ls - -```markdown -Usage: docker volume ls [OPTIONS] - -List volumes - -Aliases: - ls, list - -Options: - -f, --filter value Provide filter values (e.g. 'dangling=true') (default []) - - dangling= a volume if referenced or not - - driver= a volume's driver name - - label= or label== - - name= a volume's name - --format string Pretty-print volumes using a Go template - --help Print usage - -q, --quiet Only display volume names -``` - -## Description - -List all the volumes known to Docker. You can filter using the `-f` or -`--filter` flag. Refer to the [filtering](#filtering) section for more -information about available filter options. - -## Examples - -### Create a volume -```bash -$ docker volume create rosemary - -rosemary - -$ docker volume create tyler - -tyler - -$ docker volume ls - -DRIVER VOLUME NAME -local rosemary -local tyler -``` - -### Filtering - -The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more -than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) - -The currently supported filters are: - -* dangling (boolean - true or false, 0 or 1) -* driver (a volume driver's name) -* label (`label=` or `label==`) -* name (a volume's name) - -#### dangling - -The `dangling` filter matches on all volumes not referenced by any containers - -```bash -$ docker run -d -v tyler:/tmpwork busybox - -f86a7dd02898067079c99ceacd810149060a70528eff3754d0b0f1a93bd0af18 -$ docker volume ls -f dangling=true -DRIVER VOLUME NAME -local rosemary -``` - -#### driver - -The `driver` filter matches volumes based on their driver. - -The following example matches volumes that are created with the `local` driver: - -```bash -$ docker volume ls -f driver=local - -DRIVER VOLUME NAME -local rosemary -local tyler -``` - -#### label - -The `label` filter matches volumes based on the presence of a `label` alone or -a `label` and a value. - -First, let's create some volumes to illustrate this; - -```bash -$ docker volume create the-doctor --label is-timelord=yes - -the-doctor -$ docker volume create daleks --label is-timelord=no - -daleks -``` - -The following example filter matches volumes with the `is-timelord` label -regardless of its value. - -```bash -$ docker volume ls --filter label=is-timelord - -DRIVER VOLUME NAME -local daleks -local the-doctor -``` - -As the above example demonstrates, both volumes with `is-timelord=yes`, and -`is-timelord=no` are returned. - -Filtering on both `key` *and* `value` of the label, produces the expected result: - -```bash -$ docker volume ls --filter label=is-timelord=yes - -DRIVER VOLUME NAME -local the-doctor -``` - -Specifying multiple label filter produces an "and" search; all conditions -should be met; - -```bash -$ docker volume ls --filter label=is-timelord=yes --filter label=is-timelord=no - -DRIVER VOLUME NAME -``` - -#### name - -The `name` filter matches on all or part of a volume's name. - -The following filter matches all volumes with a name containing the `rose` string. - -```bash -$ docker volume ls -f name=rose - -DRIVER VOLUME NAME -local rosemary -``` - -### Formatting - -The formatting options (`--format`) pretty-prints volumes output -using a Go template. - -Valid placeholders for the Go template are listed below: - -Placeholder | Description ---------------|------------------------------------------------------------------------------------------ -`.Name` | Network name -`.Driver` | Network driver -`.Scope` | Network scope (local, global) -`.Mountpoint` | Whether the network is internal or not. -`.Labels` | All labels assigned to the volume. -`.Label` | Value of a specific label for this volume. For example `{{.Label "project.version"}}` - -When using the `--format` option, the `volume ls` command will either -output the data exactly as the template declares or, when using the -`table` directive, includes column headers as well. - -The following example uses a template without headers and outputs the -`Name` and `Driver` entries separated by a colon for all volumes: - -```bash -$ docker volume ls --format "{{.Name}}: {{.Driver}}" - -vol1: local -vol2: local -vol3: local -``` - -## Related commands - -* [volume create](volume_create.md) -* [volume inspect](volume_inspect.md) -* [volume rm](volume_rm.md) -* [volume prune](volume_prune.md) -* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/) diff --git a/components/engine/docs/reference/commandline/volume_prune.md b/components/engine/docs/reference/commandline/volume_prune.md deleted file mode 100644 index 7a1ae76c69..0000000000 --- a/components/engine/docs/reference/commandline/volume_prune.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: "volume prune" -description: "Remove unused volumes" -keywords: "volume, prune, delete" ---- - - - -# volume prune - -```markdown -Usage: docker volume prune [OPTIONS] - -Remove all unused volumes - -Options: - --filter filter Provide filter values (e.g. 'label=