Stale sandbox could be a result of stress tests on ungraceful
restarts such as #17984
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: 423b55c4b4aaaa55188b3aeca2b6b2005b19e7ea
Component: engine
There is an extreme corner case where when the daemon
panics at the same time as a container is stopping
and cleaning up the sandbox and the sandbox may have been
left with an inconsistent state. This libnetwork vendoring
fixes that case.
Vendoring in libnetwork @ 5305ea570b85d61dd0fd261cd7e1680da1884678
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Upstream-commit: 79cffa5ce4a71b29eed66e26c1fb7f153be5c045
Component: engine
This updates the vendored docker/distribution to the current master
branch.
Note the following changes:
- The manifest package was split into manifest/schema1. Most references
to the manifest package in the engine needed to be updated to use
schema1 instead.
- Validation functions in api/v2 were replaced by the
distribution/reference package. The engine code has been updated to
use the reference package for validation where necessary. A future PR
will change the engine to use the types defined in
distribution/reference more comprehensively.
- The reference package explicitly allows double _ characters in
repository names. registry_test.go was updated for this.
- TestPullFailsWithAlteredManifest was corrupting the manifest JSON, now
that the schema1 package unmarshals the correct payload. The test is
being changed to modify the JSON without affecting its length, which
allows the pull to succeed to the point where digest validation
happens.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 257c59251bd9a03aea4f3188a8160c54f37950ae
Component: engine
Also picked up a minor typo fix
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: 2361edbcea22113aea639a3d74edb35791fd8aef
Component: engine
This carries fixes for
- Internal racy /etc/hosts updates within container during SD
- Renable SD service record watch after cluster-store restarts
- Fix to allow remote IPAM driver to return no IP if the user prefers
- Fix to allow --fixed-cidr and --bip to be in same range
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: 52df87ac2b83693a48efcdc7167575449f122e25
Component: engine
The latest libkv uses a different etcd library. Unfortunately
that library uses some funky import paths, so I've added a new cleanup
routine for our vendor scripts to be able to normalize the imports
to be consistent with how imports work in this tree.
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
Upstream-commit: 7078e7ddf42ad0beeb61e82cb1544d74def98adf
Component: engine
Pick up name regexp change in distribution to allow matching of hostnames as a valid component of a repository.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: b5b0da5fec235df864f5d84292b277aee80e5e3a
Component: engine
* Moving Network Remote APIs out of experimental
* --net can now accept user created networks using network drivers/plugins
* Removed the experimental services concept and --default-network option
* Neccessary backend changes to accomodate multiple networks per container
* Integration Tests
Signed-off-by: David Calavera <david.calavera@gmail.com>
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: 2ab94e11a2a8499088a72ab27fd09e897d8c810a
Component: engine
This commit brings in end to end integration of Docker Discovery with
libnetwork multi-host networking.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: 956fbccdaa52e3dedac53b039671de1fd7f54d02
Component: engine
Use `pkg/discovery` to provide nodes discovery between daemon instances.
The functionality is driven by two different command-line flags: the
experimental `--cluster-store` (previously `--kv-store`) and
`--cluster-advertise`. It can be used in two ways by interested
components:
1. Externally by calling the `/info` API and examining the cluster store
field. The `pkg/discovery` package can then be used to hit the same
endpoint and watch for appearing or disappearing nodes. That is the
method that will for example be used by Swarm.
2. Internally by using the `Daemon.discoveryWatcher` instance. That is
the method that will for example be used by libnetwork.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Upstream-commit: 7d193ef1f3b5fcd6aa55b7376116e2617be12e06
Component: engine
- Libnetwork brings in :
* Default Gateway as a service for network drivers
* Persistence for local scoped networks using libkv
* BATS based Multi-host Integration-test infra and end-to-end tests
* libnetwork fixes for zookeeper and etcd backend
- Libkv upgrade brings in :
* boltdb support for local kv persistence
* other general bug fixes
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: 59a000ec7fc31ef4dedc526ef77e70af24f39585
Component: engine
Pull in version e5fea92a6c8a5968bdb8005bf959c6e23113b689
Fixes libnetwork regressions that stopped drivers that set routes from working.
Pulls in libnetwork PRs #546#543
Signed-off-by: Tom Denham <tom@tomdee.co.uk>
Upstream-commit: 499ade011685732728c9fd1ee2d7d5fe4a9a6a76
Component: engine
To fix an issue with experimental multihost networking.
git hash: 00a92f066e628e4c6d50979c070df377575aad18
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Upstream-commit: a803148bbac87aec183be38502991bb779196560
Component: engine
Changes include :
* libnetwork support for userns
* driver api change to have 1 interface per endpoint
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: d0e0c13b603efaff14c0269d19ac7e3710307fab
Component: engine
+ Fix a couple of bugs introduced by previous vendoring:
- in bitseq which prevents to use experimental overlay networking
- in docker service ls cli o/p
+ Add missing http subrouter for newly introduced sandboxes
+ Fix fragmentation issue on vxlan header addition for overlay network driver
+ Remove libnetwork test code utilities from vendoring
Signed-off-by: Alessandro Boch <aboch@docker.com>
Upstream-commit: 4d648f924af93b6429d566120a65cb441fee692a
Component: engine
Main changes in this vendoring are to allow user name space integration in docker.
And it includes major fix for network namespace handling
Signed-off-by: Alessandro Boch <aboch@docker.com>
Signed-off-by: Alessandro Boch <aboch@docker.com>
Upstream-commit: 414dfbf681d956c11c83d9b7598962a1294f2c5d
Component: engine
Update the distribution version to include sanitize URL fix
Fixes#15875
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: b1c1f42bccccef5fc407c3bec7d25a60f91af035
Component: engine
- Because of a bug, all the statically preallocated
bridge networks have /24 as network mask.
Signed-off-by: Alessandro Boch <aboch@docker.com>
Upstream-commit: dab0447ae0c6d1355cf4708743973121cd55462a
Component: engine
Use updated notary to pick up updates from security review
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: d594c6fcd8fbe295a87cfc2af70456be4e58c24d
Component: engine
