Full diff
5c1218c956...c15b372ef2
Fixes a panic on concurrent read/write to a map.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 248aed5766ba330ab8cb2b10b03b6ce57dc64283)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* libnetwork#2121: Retry other external DNS servers on ServFail
* libnetwork#2125: Fix README flag and expose orphan network peers
* libnetwork#2126: Adding goreport card
* libnetwork#2130: Modify awk to use cut in check_ip_overlap
* libnetwork#2117: [Carry 1534] Improve scalabiltiy of bridge network isolation rules
Full changes: 2bf63300c5...5c1218c956
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
(cherry picked from commit b159da19734269c4a162763ebfa28dff07b703f3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This call was added as part of commit a042e5a20 and at the time was
useful. sandbox.DisableService() basically calls
endpoint.deleteServiceInfoFromCluster() for every endpoint in the
sandbox. However, with the libnetwork change, endpoint.sbLeave()
invokes endpoint.deleteServiceInfoFromCluster(). The releaseNetwork()
call invokes sandbox.Delete() immediately after
sandbox.DisableService(). The sandbox.Delete() in turn ultimately
invokes endpoint.sbLeave() for every endpoint in the sandbox which thus
removes the endpoint's load balancing entry via
endpoint.deleteServiceInfoFromCluster(). So the call to
sandbox.DisableService() is now redundant.
It is noteworthy that, while redundant, the presence of the call would
not cause errors. It would just be sub-optimal. The DisableService()
call would cause libnetwork to down-weight the load balancing entries
while the call to sandbox.Delete() would cause it to remove the entries
immediately afterwards. Aside from the wasted computation, the extra
call would also propagate an extra state change in the networkDB gossip
messages. So, overall, it is much better to just avoid the extra
overhead.
Signed-off-by: Chris Telfer <ctelfer@docker.com>
(cherry picked from commit c27417aa7de46daa415600b39fc8a9c411c8c493)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch allows endpoints to complete servicing connections while
being removed from a service. The fix is entirely within libnetwork
and requires no changes to the moby codebase proper. It operates
by initially down-weighting a container endpoint in the load balancer
to 0 while keeping the endpoint present in the load balancer. This
allows traffic to continue to flow to the endpoint while preventing new
connections from going to the endpoint. This allows the container
to complete requests during the "stop_grace_period" and then exit when
finished without interruption of service.
This change requires propagating the status of disabled service
endpoints via the networkDB. Accordingly, the patch includes both code
to generate and handle service update messages. It also augments the
service structure with a ServiceDisabled boolean to convey whether an
endpoint should ultimately be removed or just disabled. This,
naturally, required a rebuild of the protocol buffer code.
The protocol buffer encoding is designed to support additions of fields
to messages in a backwards-compatible manner. Protocol buffer
unmarshalling code automatically skips past any fields that it isn't
aware of. As a result, an older moby daemon without this fix can
receive and will process correctly networkDB messages from newer moby
daemons with this patch.
As it turns out, the additional field is simply a bool that is otherwise
irrelevent on networkDB create and delete events. So its absence in
older moby daemon processing has no impact. However, the fix leverages
the "update" networkDB message which was previously unused in
libnetwork. Although older libnetwork implementations parse the message
cleanly, they will see the message as unexpected and as such issue a log
at error level indicating the receipt of such.
Other than this there should be no other negative impact for use of this
patch in mixed environments. (Although older mobys won't be able to
gracefully downgrade connections on their nodes of course.)
Signed-off-by: Chris Telfer <ctelfer@docker.com>
(cherry picked from commit 50dbdeff9fd186bb0e9926996436e1f56529a831)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
error
local digest cache will be removed when error occured on push image
but it should not be removed if it is an auth error while on auth was
provided
https://github.com/moby/moby/issues/36309
Signed-off-by: 慕陶 <jihui.xjh@alibaba-inc.com>
(cherry picked from commit 8b387b165ab2eaab3f9fdac25caa186d05d236a0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit 0f5fe3f9cf17457761dab28473ece5a7c94f4a0c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test case checks that a container created before start
of the currently running dockerd can be exported (as reported
in #36561). To satisfy this condition, either a pre-existing
container is required, or a daemon restart after container
creation.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 6e7141c7a2c0de6fa3d6c9dcc56978a81f9d835e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit 7a7357dae1bccc ("LCOW: Implemented support for docker cp + build")
changed `container.BaseFS` from being a string (that could be empty but
can't lead to nil pointer dereference) to containerfs.ContainerFS,
which could be be `nil` and so nil dereference is at least theoretically
possible, which leads to panic (i.e. engine crashes).
Such a panic can be avoided by carefully analysing the source code in all
the places that dereference a variable, to make the variable can't be nil.
Practically, this analisys are impossible as code is constantly
evolving.
Still, we need to avoid panics and crashes. A good way to do so is to
explicitly check that a variable is non-nil, returning an error
otherwise. Even in case such a check looks absolutely redundant,
further changes to the code might make it useful, and having an
extra check is not a big price to pay to avoid a panic.
This commit adds such checks for all the places where it is not obvious
that container.BaseFS is not nil (which in this case means we do not
call daemon.Mount() a few lines earlier).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit d6ea46cedaca0098c15843c5254a337d087f5cd6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
In case ContainerExport() is called for an unmounted container, it leads
to a daemon panic as container.BaseFS, which is dereferenced here, is
nil.
To fix, do not rely on container.BaseFS; use the one returned from
rwlayer.Mount().
Fixes: 7a7357dae1bccc ("LCOW: Implemented support for docker cp + build")
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 81f6307eda44ab3a91de6e29304810a976161d74)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 834d0e262ac248191c09bcdb2b86ee92edb6aaf0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
I am not quite sure why but this test is sometimes failing like this:
> 15:21:41 --- FAIL: TestLinksEtcHostsContentMatch (0.53s)
> 15:21:41 assertions.go:226:
>
> Error Trace: links_linux_test.go:46
> 15:21:41
> Error: Not equal:
> 15:21:41
> expected: "127.0.0.1\tlocalhost\n::1\tlocalhost
> ip6-localhost
> ip6-loopback\nfe00::0\tip6-localnet\nff00::0\tip6-mcastprefix\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n172.17.0.2\tf53feb6df161\n"
> 15:21:41
> received: ""
To eliminate some possible failures (like ignoring stderr from `cat` or
its exit code), let's use container.Exec() to read a file from a container.
Fixes: e6bd20edcbf ("Migrate some integration-cli test to api tests")
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit ad2f88d8ccbd9dd0a8d9c4f96ece3956f60489df)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 038f3add5191240058c7a4154556553c5493ea44)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The TestAPIServiceUpdatePort test performs exactly
the same steps.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 36e1646e4f010ea033643c6df3d9c3dccc166ed2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 7ca971fb495e4de4aa4455964625974464d86920)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix addresses `expected` vs `actual` in integration tests
so that they match `assert.Equal(t, expected, actual)`
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 8a854e933b3dbb26cfce28b920cff61909412c6f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix migrates docker rm test in integration-cli
to api tests.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit ed58ba99fb28ceac56063b7f003f38b597ddef80)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix adds several improvement:
1. No need for explicit ContainerRemove as it has been handled in setupTest()
2. Added `container.WithImage` helper function and used it in commit tests.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 6ab465804b0b8cec6c5ac278a21151d49e34885d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix migrates export tests in integration-cli to api tests.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 4e702cf70d50ee5b0737270f27d9973fd3084c66)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a2517cbf62d75c48861337182aa841c5089f8ac4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix is a minor enhancement to replace several ContainerCreate with
helper funcs of `container.Create` in tests.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 6ad4720c78d6ac61a60a3e7ed1d0c0119c5d103e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix migrates events tests in integration-cli to api tests.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 3a749157d2c2b320fea49f7aa4d4eb634f52662f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix migrates config inspect test in integration-cli
to api test.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 4b99d782079dc390c2d8fb78f6973bbeee7d8a47)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Remove temp directories and close file loggers in container unit tests.
Signed-off-by: mnussbaum <michael.nussbaum@getbraintree.com>
(cherry picked from commit 07d5446fe27cb92d881df48be6e8a6510d9608b0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fixes an issue where the container LogPath was empty when the
non-blocking logging mode was enabled. This change sets the LogPath on
the container as soon as the path is generated, instead of setting the
LogPath on a logger struct and then attempting to pull it off that
logger at a later point. That attempt to pull the LogPath off the logger
was error prone since it assumed that the logger would only ever be a
single type.
Prior to this change docker inspect returned an empty string for
LogPath. This caused issues with tools that rely on docker inspect
output to discover container logs, e.g. Kubernetes.
This commit also removes some LogPath methods that are now unnecessary
and are never invoked.
Signed-off-by: junzhe and mnussbaum <code@getbraintree.com>
(cherry picked from commit 20ca612a59c45c0bd58c71c199a7ebd2a6bf1a9e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix migrates some secret create tests to api tests,
and remove redundant TestConfigCreate.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 99e28188507bbcb925b0c09df6b53cdd882d24c5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix moves helper functions containerIsStopped and
containerIsInState to integration/internal/container,
so that they could be used outside of integration/container.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit eda311c18f388ed4541dc44dcfba08cd4347a685)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We need to clean the resources created in some test cases, else
in some cases we'll get below error for other tests:
> FAIL: docker_experimental_network_test.go:37: DockerNetworkSuite.TestDockerNetworkMacvlanPersistance
> docker_experimental_network_test.go:44:
> ...
> Command: ip link add dm-dummy0 type dummy
> ExitCode: 2
> Error: exit status 2
> Stdout:
> Stderr: RTNETLINK answers: File exists
> ...
Logically, each test case should be independent, the failure of previous
test case should not have side-effect for the test cases followed.
Signed-off-by: Dennis Chen <dennis.chen@arm.com>
(cherry picked from commit 57d85e7e54f7d074af8c496cba43ee18d3815207)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix update docker-py so that containers from the tests run
could be cleaned up during teardown:
```diff
-ENV DOCKER_PY_COMMIT 5e28dcaace5f7b70cbe44c313b7a3b288fa38916
+ENV DOCKER_PY_COMMIT 8b246db271a85d6541dc458838627e89c683e42f
```
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 66935a0f64f0a72162fb3919c759f4f500b6c372)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix migrates several docker rm tests to api tests
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 6bd4f4801b244555213f0040b9885033e99d4ae8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix migrates volumes tests in integration-cli to api tests
in integration/
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit d896f87c0595134fa2f0787dad30b237815f233f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Darren Stahl <darst@microsoft.com>
(cherry picked from commit 1f28844d7869609f371ab2a7881e4488a79a7e27)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We have seen a panic when re-joining a node to a swarm cluster. The
cause of the issue is unknown, so we just need to add a test for nil
objects and log when we get the condition. Hopefully this can prevent
the crash and we can recover the config at a later time.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit 454128c6e82cded211c1412e3eb350b1f7533ee2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 5433ceb12ead305d8c85e8e27c4b4d842ef88ae0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
