Description:
Kill docker-containerd continuously, and use kill -SIGUSR1 <dockerpid>
to check docker callstacks. And we will find that event
handler: startEventsMonitor or handleEventStream will exit.
This will only happen when system is busy, containerd need more time to
startup, and the monitor gorotine maybe exit.
Signed-off-by: Wentao Zhang <zhangwentao234@huawei.com>
(cherry picked from commit 02ce73f62e73e78a4ec29b29fb2ba552221fe885)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
`ConnectToNetwork` is modfying the container but is not locking the
object.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 4d0888e32bccfd8c0f27a7b66b2a5607d42e2698)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Original PR message:
releaseableLayer includes automatic handling for creating a read/write layer and mounting it on a call to Mount(), but then does not correspondingly unmount the layer before trying to delete it, which will fail for some graphdrivers. Commit on a releaseable layer also leaks the tarstream for the layer. To fix this, the stream close is deferred in Commit and releaseRWLayer now correctly handles unmounting the layer before trying to delete it. In addition, the changes include better error handling in Release() to make sure that errors are returned to the caller for failures on read/write layers instead of being ignored.# Please enter the commit message for your changes. Lines starting
Cherry-Pick note:
This version of the change was edited to merge with docker-ce 17.06, which did not include the releasableLayer.Commit code, requiring that part of the merge to be removed.
(cherry picked from commit 1d457999c4540aacda68f834bdb3c6f220ce3fd5)
Signed-off-by: Stefan Wernli <swernli@ntdev.microsoft.com>
Starting 17.06 swarm service create supports service creates with predefined
networks like host and bridge. Due to the nature of the feature, swarm manager
has a swarm scope predefined networks in addition to local scoped
predefined networks on all nodes. However network inspects for swarm scoped
predefined networks was not possible. The fix adds support for network inspect
for swarm scoped predefined networks.
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
(cherry picked from commit 5bfefb2d3662fa066ddf0d0e10cac93ee70f7ae8)
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit fc48b5529dca3907ade273921a14906be796e333)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Justin Menga <justin.menga@gmail.com>
(cherry picked from commit 0fd5a0bab79f20f910cb7551ec34158a32e05f5a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Do not change pause state when restoring container's
status, or status in docker will be different with
status in runc.
Signed-off-by: Fengtu Wang <wangfengtu@huawei.com>
(cherry picked from commit 977c4046fd2147d7c04f4b513a94138013ca0dd6)
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
Specifically, none of the graphdrivers are supposed to return a
not-exist type of error on remove (or at least that's how they are
currently handled).
Found that AUFS still had one case where a not-exist error could escape,
when checking if the directory is mounted we call a `Statfs` on the
path.
This fixes AUFS to not return an error in this case, but also
double-checks at the daemon level on layer remove that the error is not
a `not-exist` type of error.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit d42dbdd3d48d0134f8bba7ead92a7067791dffab)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
With docker-17.06.0 some images pulled do not extract properly. Some files don't appear in correct directories. This may or may not cause the pull to fail. These images can't be pushed or saved. 17.06 is the first version of Docker built with go1.8.
Cause
There are multiple updates to the tar package in go1.8.
https://go-review.googlesource.com/c/32234/ disables using "prefix" field when new tar archives are being written. Prefix field was previously set when a record in the archive used a path longer than 100 bytes.
Another change https://go-review.googlesource.com/c/31444/ makes the reader ignore the "prefix" field value if the record is in GNU format. GNU format defines that same area should be used for access and modified times. If the "prefix" field is not read, a file will only be extracted by the basename.
The problem is that with a previous version of the golang archive package headers could be written, that use the prefix field while at the same time setting the header format to GNU. This happens when numeric fields are big enough that they can not be written as octal strings and need to be written in binary. Usually, this shouldn't happen: uid, gid, devmajor, devminor can use up to 7 bytes, size and timestamp can use 11. If one of the records does overflow it switches the whole writer to GNU mode and all next files will be saved in GNU format.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>(cherry picked from commit 4a3cfda45e37b81211fbfbf0c45dbe64860a3ad0)
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
GetTasks can call GetService and GetNode with the read lock held. These
methods try to aquire the read side of the same lock. According to the
sync package documentation, this is not safe:
> If a goroutine holds a RWMutex for reading, it must not expect this or
> any other goroutine to be able to also take the read lock until the
> first read lock is released. In particular, this prohibits recursive
> read locking. This is to ensure that the lock eventually becomes
> available; a blocked Lock call excludes new readers from acquiring the
> lock.
Fix GetTasks to use the lower-level getService and getNode methods
instead. Also, use lockedManagerAction to simplify GetTasks.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit bd4f66c8f1f6ad4a2f228a957f293bc157e13d9c)
The docs did not mention when this information
was set, and what the `-1` value indicated.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 194f635ce7d097f550986bc3169ab59158f5aa68)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Also fix bad reference to ServiceSpec.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit ea1d14a189d62df34427b037a6d043ae3028760b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The swagger.yml defined these endpoints to return
a "ServiceSpec" instead of a "SecretSpec".
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f6954bea9f28c62c50b88c895968045cf801aa81)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This documents the Service privileges
API changes, that were added in:
091b5e68ea735bf4e8ece708bbc8c413a32eab73
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d0a8e73e7b60f61db0c3799643aaccbbf33f3601)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Description:
1. start a container with restart=always.
`docker run -d --restart=always ubuntu sleep 3`
2. container init process exits.
3. use `docker pause <id>` to pause this container.
if the pause action is before cgroup data is removed and after the init process died.
`Pause` operation will success to write cgroup data, but actually do not freeze any process.
And then docker received pause event and stateExit event from
containerd, the docker state will be Running(paused), but the container
is free running.
Then we can not remove it, stop it , pause it and unpause it.
Signed-off-by: Wentao Zhang <zhangwentao234@huawei.com>
(cherry picked from commit fe1b4cfba6320793373c5397641d743d9fe94cf8)
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
The case where we are trying to do a remount with changed filesystem specific options was missing,
we need to call `mount` as well here to change those options.
See #33844 for where we need this, as we change `tmpfs` options.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit 3a1ab5b479ce843648cf676fbaaf2bec9e040dce)
Signed-off-by: Ying <ying.li@docker.com>
