toolshed/docker-cli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,871 Commits 3 Branches 295 Tags
fcda625311f347e237f449a517b754e3f46cc28b
Commit Graph

1268 Commits

Author SHA1 Message Date
Jiri Popelka fcda625311 React to firewalld's reload/restart 
When firewalld (or iptables service) restarts/reloads,
all previously added docker firewall rules are flushed.

With firewalld we can react to its Reloaded() [1]
D-Bus signal and recreate the firewall rules.
Also when firewalld gets restarted (stopped & started)
we can catch the NameOwnerChanged signal [2].
To specify which signals we want to react to we use AddMatch [3].

Libvirt has been doing this for quite a long time now.

Docker changes firewall rules on basically 3 places.
1) daemon/networkdriver/portmapper/mapper.go - port mappings
   Portmapper fortunatelly keeps list of mapped ports,
   so we can easily recreate firewall rules on firewalld restart/reload
   New ReMapAll() function does that
2) daemon/networkdriver/bridge/driver.go
   When setting a bridge, basic firewall rules are created.
   This is done at once during start, it's parametrized and nowhere
   tracked so how can one know what and how to set it again when
   there's been firewalld restart/reload ?
   The only solution that came to my mind is using of closures [4],
   i.e. I keep list of references to closures (anonymous functions
   together with a referencing environment) and when there's firewalld
   restart/reload I re-call them in the same order.
3) links/links.go - linking containers
   Link is added in Enable() and removed in Disable().
   In Enable() we add a callback function, which creates the link,
   that's OK so far.
   It'd be ideal if we could remove the same function from
   the list in Disable(). Unfortunatelly that's not possible AFAICT,
   because we don't know the reference to that function
   at that moment, so we can only add a reference to function,
   which removes the link. That means that after creating and
   removing a link there are 2 functions in the list,
   one adding and one removing the link and after
   firewalld restart/reload both are called.
   It works, but it's far from ideal.

[1] https://jpopelka.fedorapeople.org/firewalld/doc/firewalld.dbus.html#FirewallD1.Signals.Reloaded
[2] http://dbus.freedesktop.org/doc/dbus-specification.html#bus-messages-name-owner-changed
[3] http://dbus.freedesktop.org/doc/dbus-specification.html#message-bus-routing-match-rules
[4] https://en.wikipedia.org/wiki/Closure_%28computer_programming%29

Signed-off-by: Jiri Popelka <jpopelka@redhat.com>
Upstream-commit: b052827e025267336f0d426df44ec536745821f8
Component: engine
 2015-04-20 13:02:09 +02:00
Jiri Popelka 8f2bd21917 Support for Firewalld 
Firewalld [1] is a firewall managing daemon with D-Bus interface.

What sort of problem are we trying to solve with this ?

Firewalld internally also executes iptables/ip6tables to change firewall settings.
It might happen on systems where both docker and firewalld are running
concurrently, that both of them try to call iptables at the same time.
The result is that the second one fails because the first one is holding a xtables lock.
One workaround is to use --wait/-w option in both
docker & firewalld when calling iptables.
It's already been done in both upstreams:
https://github.com/docker/docker/commit/b315c380f4acd65cc0428009702f99a266f96c59
https://github.com/t-woerner/firewalld/commit/b3b451d6f8946986b8f50c8bcddeef50ed7a5f8f
But it'd still be better if docker used firewalld when it's running.

Other problem the firewalld support would solve is that
iptables/firewalld service's restart flushes all firewall rules
previously added by docker.
See next patch for possible solution.

This patch utilizes firewalld's D-Bus interface.
If firewalld is running, we call direct.passthrough() [2] method instead
of executing iptables directly.
direct.passthrough() takes the same arguments as iptables tool itself
and passes them through to iptables tool.
It might be better to use other methods, like direct.addChain and
direct.addRule [3] so it'd be more intergrated with firewalld, but
that'd make the patch much bigger.
If firewalld is not running, everything works as before.

[1] http://www.firewalld.org/
[2] https://jpopelka.fedorapeople.org/firewalld/doc/firewalld.dbus.html#FirewallD1.direct.Methods.passthrough
[3] https://jpopelka.fedorapeople.org/firewalld/doc/firewalld.dbus.html#FirewallD1.direct.Methods.addChain
    https://jpopelka.fedorapeople.org/firewalld/doc/firewalld.dbus.html#FirewallD1.direct.Methods.addRule

Signed-off-by: Jiri Popelka <jpopelka@redhat.com>
Upstream-commit: 8301dcc6d702a97feeb968ee79ae381fd8a4997a
Component: engine
 2015-04-20 13:02:03 +02:00
Doug Davis 14bae8f05b Merge pull request #12358 from ZJU-SEL/remove_job_from_tag 
remove job from tag
Upstream-commit: b1d8ae3824d2902c86d63837b8d413952b546d62
Component: engine
 2015-04-19 16:02:28 -04:00
Brian Goff 9e36d6f575 Merge pull request #12432 from Mashimiao/optimize-code-to-clarify-loagic 
change code to clarify logic
Upstream-commit: 89092252f07604b7bc1f24fcf3314ed0d43916de
Component: engine
 2015-04-19 07:39:24 -04:00
Simei He dd5f4141fe remove job from tag 
Signed-off-by: Simei He <hesimei@zju.edu.cn>
Upstream-commit: 99f6309b97041bf82cc845340734dc8e47977c8a
Component: engine
 2015-04-19 18:36:56 +08:00
Megan Kostick 26d411e68d Updated message severity in graphdriver 
Signed-off-by: Megan Kostick <mkostick@us.ibm.com>
Upstream-commit: cdc63ce5d032de593fc2fd13997311b316c0103b
Component: engine
 2015-04-17 10:56:12 -07:00
Antonio Murdaca 105ea026b0 Remove job from restart 
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
Upstream-commit: e41192a3f8cbfbbfecde03f58a3b2be2b1afd836
Component: engine
 2015-04-16 18:50:24 +02:00
Yan Feng 6cf040802b Fix a typo in docker/daemon/state.go 
Signed-off-by: Yan Feng <yanfeng2@huawei.com>
Upstream-commit: 7e01ecc119ea3871058309a47a3f9cbf2a9483dd
Component: engine
 2015-04-16 10:56:15 -04:00
Ma Shimiao 00001e0281 optimize code to clarify logic 
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Upstream-commit: 93cdb0071be29cde5e9f5574926ae628ef4cfc41
Component: engine
 2015-04-16 19:56:25 +08:00
Jessie Frazelle 586b88bb0d Merge pull request #12423 from crosbymichael/idkbutitworks 
Ensure state is destroyed on daemont restart
Upstream-commit: 1899b2f41a73a6596ba167c9c710affde3dae550
Component: engine
 2015-04-15 21:19:38 -07:00
Brian Goff 884bdce09a Merge pull request #12253 from calavera/remove_job_from_start_and_create 
Remove engine.Job from Start and Create
Upstream-commit: de923f59b3860eba2c87e8a533b385ac5752243b
Component: engine
 2015-04-15 21:49:25 -04:00
Michael Crosby d0cae5a6bf Ensure state is destroyed on daemont restart 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: a5f7c4aa31fa1ee2a3bebf4d38f5fda7a4a28a0d
Component: engine
 2015-04-15 17:44:03 -07:00
Jessie Frazelle 9fa728d386 Merge pull request #12391 from ibuildthecloud/syslog-format 
Change syslog format and facility
Upstream-commit: 2e4d36ed80855375231501983f19616ba0238a84
Component: engine
 2015-04-15 14:47:12 -07:00
Darren Shepherd 78dcc43512 Change syslog format and facility 
This patch changes two things

1. Set facility to LOG_DAEMON
2. Remove ": " from tag so that the tag + pid become a single column in
   the log

Signed-off-by: Darren Shepherd <darren@rancher.com>
Upstream-commit: 05641ccffc5088a382fa3bfb21f1276ccb6c1fc0
Component: engine
 2015-04-15 12:46:43 -07:00
Brian Goff ab74fc7837 Merge pull request #12387 from x1022as/inspect-logpath 
Inspect show right LogPath in json-file driver
Upstream-commit: f0c60f7085ea124c2d3660fae17c1d2ab7e4abb0
Component: engine
 2015-04-15 14:28:39 -04:00
Brian Goff 79544ae835 Merge pull request #12139 from hqhq/hq_add_cpusest_mems2 
add support for cpuset.mems
Upstream-commit: 2ecccda1628388a6a29a2cd3bb40630f0afe5351
Component: engine
 2015-04-15 13:29:43 -04:00
David Calavera 234898b4e7 Decode container configurations into typed structures. 
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 767df67e3149b83255db0809f6543b449a4f652e
Component: engine
 2015-04-15 10:22:07 -07:00
Jessica Frazelle 72996be1fe try to modprobe bridge 
Signed-off-by: Jessica Frazelle <jess@docker.com>
Upstream-commit: b3867b889960604904a4afbab6450bb9528afe06
Component: engine
 2015-04-15 07:19:37 -07:00
Deng Guangxing e04ea19d11 Inspect show right LogPath in json-file driver 
Signed-off-by: Deng Guangxing <dengguangxing@huawei.com>
Upstream-commit: acf025ad1b806fd9b5eb3358a8e1d75c6aae890d
Component: engine
 2015-04-15 11:51:24 +08:00
Qiang Huang 4f6ebaa34e add support for cpuset.mems 
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 8077b2fb805c78cee642d8350df88227c6414960
Component: engine
 2015-04-15 09:33:46 +08:00
David Calavera fa70da1003 Remove engine.Job from Create action. 
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 98996a432e079d1434182ea1cf84e70c927da4c2
Component: engine
 2015-04-14 15:33:12 -07:00
David Calavera c44394bb9b Remove engine.Job from Start action. 
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 610c436e07388f4898020432b25939cc7104b894
Component: engine
 2015-04-14 15:33:12 -07:00
Phil Estes c444005c81 Merge pull request #12292 from cpuguy83/remove_commands_integration 
Remove commands integration
Upstream-commit: 2f0f04e8fa32a7f8d02b4a9078537f52887d8ab7
Component: engine
 2015-04-14 16:17:25 -04:00
Jessie Frazelle 61453daea9 Merge pull request #11999 from vbatts/vbatts-decide_storage 
graphdriver: prefer prior driver state
Upstream-commit: 74f4a88305c032365ea2611503d4673bf0b0b880
Component: engine
 2015-04-14 13:04:21 -07:00
Brian Goff 1adac1131b remove integration/utils setRaw funcs 
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 63331abbcadee3528f3e03f96cff1ca6a506cc9e
Component: engine
 2015-04-14 15:17:17 -04:00
Phil Estes 07f1e1bf7b Merge pull request #11992 from runcom/11923-refactor-utils-utils 
Refactor utils/utils, fixes #11923
Upstream-commit: fe53c277857ba77caf9189b1d6d095835c1b792c
Component: engine
 2015-04-14 12:01:23 -04:00
Vincent Batts 78acc699c1 graphdriver: prefer prior driver state 
Before this, a storage driver would be defaulted to based on the
priority list, and only print a warning if there is state from other
drivers.

This meant a reordering of priority list would "break" users in an
upgrade of docker, such that there images in the prior driver's state
were now invisible.

With this change, prior state is scanned, and if present that driver is
preferred.

As such, we can reorder the priority list, and after an upgrade,
existing installs with prior drivers can have a contiguous experience,
while fresh installs may default to a driver in the new priority list.

Ref: https://github.com/docker/docker/pull/11962#issuecomment-88274858

Signed-off-by: Vincent Batts <vbatts@redhat.com>
Upstream-commit: b68e161e5b76b5f622cf4fc226df46cbe314ea1e
Component: engine
 2015-04-13 21:37:55 -04:00
Megan Kostick 81dfdc7b63 Add detection for F2Fs and JFS 
Signed-off-by: Megan Kostick <mkostick@us.ibm.com>

Alphabetize FSMagic list to make more human-readable.

Signed-off-by: Megan Kostick <mkostick@us.ibm.com>
Upstream-commit: 7e2d05b4938c010bf15224bd2857e2dca92ec9b3
Component: engine
 2015-04-13 17:01:43 -07:00
Antonio Murdaca a4111cba55 Refactor utils/utils, fixes #11923 
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
Upstream-commit: c30a55f14dbbe3971ba0ac716ba69a60868f4490
Component: engine
 2015-04-14 01:37:36 +02:00
Michael Crosby 6165959ea5 Merge pull request #12025 from coolljt0725/add_exec_with_user 
Add docker exec run command as a different user and in privileged mode
Upstream-commit: 12f7db18309950785e873119edb03e0a1621e7a3
Component: engine
 2015-04-13 13:50:51 -07:00
David Calavera 7e81577a52 Log memory swap capabilities properly. 
Check whether the swap limit capabilities are disabled or not only when memory swap is set to greater than 0.

Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 7523beff41eca212794e902afa1a614b2672e245
Component: engine
 2015-04-13 11:56:59 -07:00
Evan Hazlett 9c2d3bf645 Merge pull request #12340 from crosbymichael/syslog-tags 
move syslog-tag to syslog.New function
Upstream-commit: 82256c2a54ec5b9aa822ab2130439c7f87591c16
Component: engine
 2015-04-13 14:51:00 -04:00
Evan Hazlett e120033d69 Merge pull request #12275 from LK4D4/pid_host_hell 
Get process list after PID 1 dead
Upstream-commit: 05433a4dabeb7204d6925606549ba79022f506d6
Component: engine
 2015-04-13 14:50:23 -04:00
Evan Hazlett dadf36eca6 Merge pull request #12293 from hqhq/hq_use_hostconfig 
use hostConfig in verifyDaemonSettings
Upstream-commit: a8e095b243355454d7f8269ad267f2d581fd52ac
Component: engine
 2015-04-13 14:34:35 -04:00
Evan Hazlett ff2ef2c440 Merge pull request #12300 from johngossman/master 
Added some error messages and tracing to bridge network initialization
Upstream-commit: 3434f64827dc5e69afa7161a9da24a9117e7990a
Component: engine
 2015-04-13 14:32:56 -04:00
Evan Hazlett 97f1b60257 Merge pull request #12301 from ewindisch/https_links 
Use HTTPS links for URLs in READMEs / comments / docs
Upstream-commit: 3509132a6e28caa18003298521c58746f490b57b
Component: engine
 2015-04-13 14:30:53 -04:00
Deng Guangxing 73f3660a47 move syslog-tag to syslog.New function 
Signed-off-by: Deng Guangxing <dengguangxing@huawei.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 4f91a333d5c9d66ce109c36e7261dbfd3382ebbf
Component: engine
 2015-04-13 11:24:18 -07:00
Michael Crosby 5fcbf06557 Merge pull request #12331 from coolljt0725/fix_panic_release_nil_interface 
Fix daemon panic when release a nil network interface
Upstream-commit: 9a0a4ac02f92f9fb21b88b9aeced103a0e5e3c4d
Component: engine
 2015-04-13 10:13:57 -07:00
Michael Crosby ccda6c3ec6 Merge pull request #12279 from runcom/remove-job-commit 
Remove job from commit
Upstream-commit: 33e83d05813207247ffcd0be0ccf6a6a7ad25b64
Component: engine
 2015-04-13 09:57:54 -07:00
Brian Goff b802ea45ca Merge pull request #12312 from runcom/remove-job-container-stats 
Remove job from container stats
Upstream-commit: 12eff0c26f9d7fb5f0b1f1cbb975b8892c2dc306
Component: engine
 2015-04-13 11:58:31 -04:00
Brian Goff 0118377dec Merge pull request #12313 from runcom/remove-job-export 
Remove job from export
Upstream-commit: a4f98d32258b8e209ab2702f0d0a092a7ffe15a2
Component: engine
 2015-04-13 11:57:55 -04:00
Alexander Morozov 416e9ff40b Merge pull request #12304 from runcom/remove-job-logs 
Remove job from logs
Upstream-commit: bfb487dc50e3b88b520678a9118bfb95891140cb
Component: engine
 2015-04-13 08:38:46 -07:00
Antonio Murdaca ebe83bc94c Remove job from export 
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
Upstream-commit: 6b737752e342e30dd20417b18c92c9b4e1c4f8da
Component: engine
 2015-04-13 15:27:45 +02:00
Lei Jitang a75ea8c667 Fix daemon panic when release a nil network interface 
Signed-off-by: Lei Jitang <leijitang@huawei.com>
Upstream-commit: 8b3548129220a8c79342a12717d87667927df4c9
Component: engine
 2015-04-13 20:24:10 +08:00
Antonio Murdaca b2c60bfa72 Remove jobs from stats 
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
Upstream-commit: 65a056345cec1b85bd41ed70ee814894709ee6c0
Component: engine
 2015-04-13 08:33:53 +02:00
Antonio Murdaca b3c5a7d38d Remove job from logs 
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
Upstream-commit: 91bfed604959c591a076c2e330cb3ded7443f504
Component: engine
 2015-04-13 08:25:31 +02:00
John Gossman 1c3dec21dc More review feedback addressed 
Signed-off-by: John Gossman <johngos@microsoft.com>
Upstream-commit: 80e9f6f83856b8e762f030d5e562f9e9f8d17233
Component: engine
 2015-04-12 16:26:37 -07:00
John Gossman 91af3b1937 Addressed feedback. Will squash after further review 
Signed-off-by: John Gossman <johngos@microsoft.com>
Upstream-commit: 4ce19da739ccdb8337c59f841e790255d21c6f50
Component: engine
 2015-04-12 15:49:29 -07:00
Antonio Murdaca b706b2d562 Remove engine from links 
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
Upstream-commit: 7560018541192ebdfe16e39515f9a04b44635d84
Component: engine
 2015-04-12 16:25:10 +02:00
Doug Davis 6b4495dbae Merge pull request #12305 from runcom/remove-job-exec-inspect 
Remove job from execInspect
Upstream-commit: a54fd325e6bd0c5a1c298deef48399fe6e59aa33
Component: engine
 2015-04-12 08:30:38 -04:00