swarmkit's API type. Make sure this parameter gets propagated to
swarmkit, and also add an extra option to the CLI when providing
external CAs to parse the CA cert from a file.
Signed-off-by: Ying Li <ying.li@docker.com>
Upstream-commit: b0401a71f7479a52b2670346e0d1e97cb68089a4
Component: engine
It was possible to see output like this:
"UpdateStatus": {
"State": "updating",
"StartedAt": "2017-04-14T17:10:03.226607162Z",
"CompletedAt": "1970-01-01T00:00:00Z",
"Message": "update in progress"
}
The timestamp fields were already changed to pointers, and left nil if
the timestamp value was zero. However the zero-value of a timestamp from
gRPC is different from the value Go considers to be zero. gRPC uses the
Unix epoch instead of Go's epoch. Therefore, check that the timestamp
does not match the Unix epoch.
Also, add " ago" to the timestamps as shown in "docker service inspect
--pretty", as they are shown as relative times.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 8a27758364a151d9497cbb507463e81898579c37
Component: engine
- Defined "normalized" type for Credential Spec and SELinux
- Added --credential-spec to docker service create & update
- SELinux is API only at the time
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Upstream-commit: 89a995a9d77cc4f95a29579e0a2b12cb3d805749
Component: engine
This parameter controls the order of operations when rolling out an
update task. Either the old task is stopped before starting the new one,
or the new task is started first, and the running tasks will briefly
overlap.
This commit adds Rollout to the API, and --update-order / --rollback-order
flags to the CLI.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 9b54994a8ada6ae15a4d2c3b925568e2061200ad
Component: engine
Server-side rollback can take advantage of the rollback-specific update
parameters, instead of being treated as a normal update that happens to
go back to a previous version of the spec.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: f9bd8ec8b268581f93095c5a80679f0a8ff498bf
Component: engine
endpointSpecFromGRPC and endpointFromGRPC do the exact same thing for
endpoint{,Spec}.Ports, let's extract that to a method.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: a620c0172c6f11c538b27a26fdb3e5cdd3bf2ff9
Component: engine
This adds support for placement preferences in Swarm services.
- Convert PlacementPreferences between GRPC API and HTTP API
- Add --placement-pref, --placement-pref-add and --placement-pref-rm to CLI
- Add support for placement preferences in service inspect --pretty
- Add integration test
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 17288c611a4f3f75ecb3bbb4533820b1836c55a6
Component: engine
This fix tries to address the issue raised in 25696 where
it was not possible to specify `--stop-signal` for `docker service create`
and `docker service update`, in order to use special signal to stop
the container.
This fix adds `--stop-signal` and update the `StopSignal` in `Config`
through `service create` and `service update`.
Related docs has been updated.
Integration test has been added.
This fix fixes 25696.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: c2d49ec214649b0025f7060429334893350fbaee
Component: engine
This fix tries to address the issue raised in 29972 where
it was not possible to specify `--read-only` for `docker service create`
and `docker service update`, in order to have the container's root file
system to be read only.
This fix adds `--read-only` and update the `ReadonlyRootfs` in `HostConfig`
through `service create` and `service update`.
Related docs has been updated.
Integration test has been added.
This fix fixes 29972.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 499a0dd43e50c6f253f8890f5c54ae99675b1e7e
Component: engine
Update swarmkit to 037b491.
As swarmkit switched to a newer gRPC version, this also involves
updating Docker's vendored gRPC, which in turn requires updating
containerd to a new version that has protobufs generated against this
gRPC version.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 3e987e1732ee5c51e95934afabba3fedfd16c4af
Component: engine
The `digest` data type, used throughout docker for image verification
and identity, has been broken out into `opencontainers/go-digest`. This
PR updates the dependencies and moves uses over to the new type.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Upstream-commit: 7a855799175b6b984886ef1cfa337d6df1d4c668
Component: engine
When UpdateStatus was not present, the empty values of the timestamps
would be present:
"UpdateStatus": {
"StartedAt": "0001-01-01T00:00:00Z",
"CompletedAt": "0001-01-01T00:00:00Z"
}
To fix this, make the timestamps pointers, so they can be set to nil
when they should not be shown.
Also make UpdateStatus itself a pointer, so an empty object does not
show up when there is no UpdateStatus.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 0e70d96a6813704498a3ce9cc2786648c84daa3a
Component: engine
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
use secret store interface instead of embedded secret data into container
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
Upstream-commit: bebd472e40cae91b548e983872a2665a5836ba43
Component: engine
Add api/cli support for adding host port PublishMode in services.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Upstream-commit: 14ac9f60d0174256e0713701ebffaf5ca827da71
Component: engine
This fix tries to address 27902 by adding a flag `--host`
to `docker service create` and `--host-add/--host-rm` to
`docker service update`, so that it is possible to
specify extra `host:ip` settings in `/etc/hosts`.
This fix adds `Hosts` in swarmkit's `ContainerSpec` so that it
is possible to specify extra hosts during service creation.
Related docs has been updated.
An integration test has been added.
This fix fixes 27902.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: ea9a23ccdbd3a861e4cfa3441482b448fd1c17a5
Component: engine
- Neither swarm init or swarm update should take an unlock key
- Add an autolock flag to turn on autolock
- Make the necessary docker api changes
- Add SwarmGetUnlockKey API call and use it when turning on autolock
- Add swarm unlock-key subcommand
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 0f9fc54df9274327ed22f4e07f0981a648e0278a
Component: engine
- use Filters instead of Filter for secret list
- UID, GID -> string
- getSecrets -> getSecretsByName
- updated test case for secrets with better source
- use golang.org/x/context instead of context
- for grpc conversion allocate with make
- check for nil with task.Spec.GetContainer()
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
Upstream-commit: b2e4c7f3b5b30fc6940768ec41836d708a48b463
Component: engine
- use /secrets for swarm secret create route
- do not specify omitempty for secret and secret reference
- simplify lookup for secret ids
- do not use pointer for secret grpc conversion
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
Upstream-commit: 189f89301e0abfee32447f2ca23dacd3a96de06d
Component: engine
- fix lint issues
- use errors pkg for wrapping errors
- cleanup on error when setting up secrets mount
- fix erroneous import
- remove unneeded switch for secret reference mode
- return single mount for secrets instead of slice
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
Upstream-commit: 857e60c2f943a09e3ec0ac0f236821b797935900
Component: engine
This fix tries to fix the issue raised in 24391 about allowing
custom DNS settings to service definition.
This fix adds `DNSConfig` (`Nameservers`, `Options`, `Search`) to
service definition, as well as `--dns`, `--dns-opt`, and `dns-search`
to `service create`.
An integration test has been added to cover the changes in this fix.
This fix fixes 24391.
A PR in swarmkit will be created separately.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 9e8adbecf505620a1cb3a840189b59450493a00b
Component: engine
Add the following options to "swarm init" and "swarm update":
- --max-snapshots: Retain this many old Raft snapshots in addition
to the latest one
- --snapshot-interval: Number of log entries between Raft snapshots
These options already existed in SwarmKit and the Docker API but were
never exposed in the CLI. I'm adding them here to fix this oversight.
--max-snapshots may be useful for debugging purposes and more
conservative users who want to store rolling backups of old versions of
the Raft state.
--snapshot-interval is most useful for performance tuning. The default
value of 10000 may not be ideal for some setups.
There is also a LogEntriesForSlowFollowers option that is not exposed. I
decided not to expose it along with these others because I don't think
it's generally useful (and I'm not sure what I would call the CLI flag).
But if people want, I can expose it for the sake of completeness.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 842d11f44cede2d7e9488e54f8ac8de89d8f4cd4
Component: engine
This fix tries to add `--tty` to `docker service create/update`. As was
specified in 25644, `TTY` flag has been added to SwarmKit and is
already vendored.
This fix add `--tty` to `docker service create/update`.
Related document has been updated.
Additional integration tests has been added.
This fix fixes 25644.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 599be5a551bbadf23d76677c7d54c338901781f6
Component: engine
