Most modern distros have the limit for the maximum root keys at 1000000
but some do not. Because we are creating a new key for each container
we need to bump this up as the older distros are having this limit at
200.
Using 1000000 as the limit because that is that most distros are setting
this to now. If someone has this value configured over that we do not
change it.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: ca3e4545aa7d0da3a36fef41d85d02e9f2c4d15d
Component: engine
Its a minor thing but the daemon's output looks like this when there are
no containers to load:
```
INFO[0001] Loading containers: start.
INFO[0001] Loading containers: done.
```
That blank line (or more correctly, the \n) is unnecessary when
there are no containers to load since there is no `.` printed
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 478dd721ab7aca37264897b664dfa2ec953d7048
Component: engine
we store the active sandbox after daemon.containerd.Restore, but there
is a chance the `Restore` will set the container to exit see
(https://github.com/docker/docker/blob/master/libcontainerd/client_linux.go#L469).
so we should check if the container is really running before add it to
activesandbox.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
Upstream-commit: 78f3094518b1f3f498bd2629667877f9a87d452f
Component: engine
This patch introduces a new experimental engine-level plugin management
with a new API and command line. Plugins can be distributed via a Docker
registry, and their lifecycle is managed by the engine.
This makes plugins a first-class construct.
For more background, have a look at issue #20363.
Documentation is in a separate commit. If you want to understand how the
new plugin system works, you can start by reading the documentation.
Note: backwards compatibility with existing plugins is maintained,
albeit they won't benefit from the advantages of the new system.
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Upstream-commit: f37117045c5398fd3dca8016ea8ca0cb47e7312b
Component: engine
As described in our ROADMAP.md, introduce new Swarm management API
endpoints relying on swarmkit to deploy services. It currently vendors
docker/engine-api changes.
This PR is fully backward compatible (joining a Swarm is an optional
feature of the Engine, and existing commands are not impacted).
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: 534a90a99367af6f6bba1ddcc7eb07506e41f774
Component: engine
This flags enables full support of daemonless containers in docker. It
ensures that docker does not stop containers on shutdown or restore and
properly reconnects to the container when restarted.
This is not the default because of backwards compat but should be the
desired outcome for people running containers in prod.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: d705dab1b1bd0a946d647374325d61fac57736db
Component: engine
This is similar to network scopes where a volume can either be `local`
or `global`. A `global` volume is one that exists across the entire
cluster where as a `local` volume exists on a single engine.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 2f40b1b281a3be8f34d82a5170988ee46ea1f442
Component: engine
It feels better to test where it's required than listing everywhere it
is not required.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 72fefc0441d57b59f27bebdb144e0e35c0c63a0d
Component: engine
… and refactor a little bit some daemon on the way.
- Move `SearchRegistryForImages` to a new file (`daemon/search.go`) as
`daemon.go` is getting pretty big.
- `registry.Service` is now an interface (allowing us to decouple it a
little bit and thus unit test easily).
- Add some unit test for `SearchRegistryForImages`.
- Use UniqueExactMatch for search filters
- And use empty restore id for now in client.ContainerStart.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 636c276f67b3cd96a95dec2f6cfc419b7f219892
Component: engine
This fix tries to cover the issue raised in #22463 by adding
filter for events emitted by docker daemon so that user could
utilize filter to receive events of interest.
Documentations have been updated for this fix.
Additional tests have been added to cover the changes in this fix.
This fix fixes#22463.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 62014aaf9abeb4256cb66e7ae06bfdf5a77d1140
Component: engine
This fix tries to cover the issue raised in #22463 by emitting
events for docker daemon so that user could be notified by
scenarios like config reload, etc.
This fix adds the `daemon reload`, and events for docker daemon.
Additional tests have been added to cover the changes in this fix.
This fix fixes#22463.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 382c152a73dfa1d771334ffbe79759c5c3596144
Component: engine
The filtering is made server-side, and the following filters are
supported:
* is-official (boolean)
* is-automated (boolean)
* has-stars (integer)
Signed-off-by: Fabrizio Soppelsa <fsoppelsa@mirantis.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: e009ebdf4c0bf0ff64da8d48eefad63d0644de3e
Component: engine
This fix tries to address issues raised in #20936 and #22443
where `docker pull` or `docker push` fails because of the
concurrent connection failing.
Currently, the number of maximum concurrent connections is
controlled by `maxDownloadConcurrency` and `maxUploadConcurrency`
which are hardcoded to 3 and 5 respectively. Therefore, in
situations where network connections don't support multiple
downloads/uploads, failures may encounter for `docker push`
or `docker pull`.
This fix tries changes `maxDownloadConcurrency` and
`maxUploadConcurrency` to adjustable by passing
`--max-concurrent-uploads` and `--max-concurrent-downloads` to
`docker daemon` command.
The documentation related to docker daemon has been updated.
Additional test case have been added to cover the changes in this fix.
This fix fixes#20936. This fix fixes#22443.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 7368e41c07c21a1e2c6a49abecd1c2fc76404e49
Component: engine
This gives discovery a chance to initialize, particularly if the K/V
store being used is in a container.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 2dce79e05ab8f8fd22ca7b2f73121b2d7723f7cf
Component: engine
This flag can be set on disk if the daemon were to crash or error out
while trying to remove container in which case subsequent tries to
delete the container would all fail.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Upstream-commit: ce724731973159a4fcedf16d0996571684cc3843
Component: engine
For every docker load and save operations, it would log related
image events.
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
Upstream-commit: 06561057103441fe176910e12674d998b8561b75
Component: engine
commit 20a038eca68e4188e1cd812293aea8cb220cf08f changed
daemon configuration reloading to check if a value
was actually set, however, it checked for the wrong
property ("label" instead of "labels"), which resulted
in the labels only to be loaded from daemon.json if both
a "label" -and- a "labels" property was present.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 455858fc70e3b752fb2495bbdda368613e6587c2
Component: engine
This fix tries to fix the http panics caused by container deletion
with empty names in #22210.
The issue was because when an empty string was passed, `GetByName()`
tried to access the first element of the name string without checking
the length. A length check has been added.
A test case for #22210 has been added.
This fix fixes#22210.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 9d8071a74db20556d0fc1b6ef3270326b3583de9
Component: engine
This change allow to filter events that happened in the past
without waiting for future events. Example:
docker events --since -1h --until -30m
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 55053d3537100eaeaad9c83b43e31f22d14fde7b
Component: engine
Docker stats is not working when a container is using another container's network.
Upstream-commit: d648d40ace5440d1a3c8c9dbc1115d40ebcbae3c
Component: engine
Currently if you restart docker daemon, all the containers with restart
policy `on-failure` regardless of its `RestartCount` will be started,
this will make daemon cost more extra time for restart.
This commit will stop these containers to do unnecessary start on
daemon's restart.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Upstream-commit: 51e42e6ee01eb4b5c8c7678e2fc7be0f13ef6a68
Component: engine
This fix tries to fix the issue in #21848 where `docker stats` will not correctly
display the container stats in case the container reuse another container's
network stack.
The issue is that when `stats` is performed, the daemon will check for container
network setting's `SandboxID`. Unfortunately, for containers that reuse another
container's network stack (`NetworkMode.IsConnected()`), SandboxID is not assigned.
Therefore, the daemon thinks the id is invalid and remote API will never return.
This fix tries to resolve the SandboxID by iterating through connected containers
and identify the appropriate SandboxID.
A test case for `stats` remote API has been added to check if `stats` will return
within the timeout.
This fix fixes#21848.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: faf2b6f7aaca7f9ef400e227921b8125590fc9e5
Component: engine
This fix tries to fix the discrepancy between API and CLI on hostname
validation. Previously, the hostname validation was handled at the
CLI interface in runconfig/opts/parse.go and return an error if the
hostname is invalid. However, if an end user use the remote API to
pass the hostname, the error will not be returned immediately.
Instead the error will only be thrown out when the container creation
fails. This creates behavior discrepancy between API and CLI.
In this fix, the hostname validation was moved to
verifyContainerSettings so the behavior will be the same for API and
CLI.
After the change, since CLI does not handle the hostname validation
any more, the previous unit tests about hostname validation on CLI
in runconfig/opts/parse_test.go has to be updated as well because
there is no validation at this stage. All those unit tests are moved
to integration test TestRunTooLongHostname so that the hostname
validation is still properly covered as before.
Note: Since the hostname validation moved to API, the error message
changes from `invalid hostname format for --hostname:` to
`invalid hostname format:` as well because `--hostname` is passed
to CLI only.
This fix fixes#21595.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: ee4bd806ba6ccac0013eb812e7f30bfcfe12d22a
Component: engine
- Refactor generic and path based cleanup functions into a single function.
- Include aufs and zfs mounts in the mounts cleanup.
- Containers that receive exit event on restore don't require manual cleanup.
- Make missing sandbox id message a warning because currently sandboxes are always cleared on startup. libnetwork#975
- Don't unmount volumes for containers that don't have base path. Shouldn't be needed after #21372
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: 05cc737f5411a0effd299429140d031c4ad8dd05
Component: engine
