Commit graph

1359 commits

Author SHA1 Message Date
Brian Goff
2d05f91e62 Fix error message on firewalld init
If firewalld is not installed (or I suppose not running), firewalld was
producing an error in the daemon init logs, even though firewalld is not
required for iptables stuff to function.
The firewalld library code was also logging directly to logrus instead
of returning errors.

Moved logging code higher up in the stack and changed firewalld code to
return errors where appropriate.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-05-08 15:51:44 -04:00
Tianon Gravi
a50705d3d6 Move WriteFlusher out of utils into ioutils
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-05-08 12:33:33 -06:00
Jessie Frazelle
eef8989683 Merge pull request #12270 from burnison/11294-shortidfallback
Only use fallback to short IDs when obvious.
2015-05-07 17:02:58 -07:00
Jessie Frazelle
88c612a22d Merge pull request #12318 from aarondav/best-effort-iptables-lock
Do our best not to invoke iptables concurrently if --wait is unsupported
2015-05-07 17:00:26 -07:00
Jessie Frazelle
c754d1e989 Merge pull request #13059 from burke/no-fsync-on-temp-archive
Remove fsync in archive.NewTempArchive
2015-05-07 16:16:52 -07:00
Jessie Frazelle
09abf3b879 Merge pull request #12165 from icecrime/optional_userland_proxy
Optional userland proxy
2015-05-07 14:01:16 -07:00
Burke Libbey
a080d36f70 Remove Sync() call in NewTempArchive:
This makes the "Buffering to disk" part of `docker push` 70% faster in
my use-case (having already applied #12833).

fsync'ing here serves no valuable purpose: if the drive's operation is
interrupted, so it the program's, and this archive has no value other
than the immediate and transient one.

Signed-off-by: Burke Libbey <burke.libbey@shopify.com>
2015-05-07 12:58:12 -04:00
Burke Libbey
5ba8c22385 ino and dev must both match for a file to be identical.
This case is triggered frequently on ZFS.

Signed-off-by: Burke Libbey <burke.libbey@shopify.com>
2015-05-05 11:06:54 -04:00
Arnaud Porterie
baa5a896a2 Add --userland-proxy daemon flag
The `--userland-proxy` daemon flag makes it possible to rely on hairpin
NAT and additional iptables routes instead of userland proxy for port
publishing and inter-container communication.

Usage of the userland proxy remains the default as hairpin NAT is
unsupported by older kernels.

Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
2015-05-04 16:07:45 -07:00
1bf233b404 Merge pull request #12190 from rhvgoyal/deferred-removal
Devicemapper: Provide deferred device removal capability
2015-05-04 14:22:52 -07:00
Phil Estes
b445413337 Merge pull request #12718 from Microsoft/10662-mkdirall
Windows: Volume path aware mkdirall
2015-05-04 15:51:56 -04:00
David Calavera
6c37313b87 Merge pull request #12769 from calavera/git_build_fragment
Use git url fragment to specify build reference and dir context.
2015-05-04 12:48:24 -07:00
Tibor Vass
3f16acda91 Merge pull request #12954 from vdemeester/11595-pkg-ioutils-coverage
More test on pkg/ioutils (coverage)
2015-05-04 14:57:58 -04:00
Vincent Demeester
6b59e983e3 Add more ioutils tests.
Closes #11595

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-05-04 19:56:10 +02:00
David Calavera
99c755ad1d Use git url fragment to specify reference and dir context.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-05-04 09:28:06 -07:00
Sebastiaan van Stijn
d67fbb1516 Merge pull request #11034 from HuKeping/oom_kill_disable
enable cgroups memory.oom_control
2015-05-04 11:53:05 -04:00
unclejack
8d6a9f7755 Merge pull request #12943 from tianon/go-patricia-v2
Update go-patricia to 2.1.0
2015-05-04 16:28:03 +03:00
HuKeping
cf1886e04b Feature: option for disable OOM killer
Add cgroup support for disable OOM killer.

Signed-off-by: Hu Keping <hukeping@huawei.com>
2015-05-04 21:11:29 +08:00
Doug Davis
04f24878fb Merge pull request #12888 from jmzwcn/patch-3
`docker images` friendly duration gets unfriendly after a while
2015-05-03 11:09:25 -04:00
Daniel Zhang
7a9788fb68 docker images friendly duration gets unfriendly after a while
fix #12852
Signed-off-by: Daniel Zhang <jmzwcn@gmail.com>
2015-05-03 21:19:18 +08:00
Tianon Gravi
ff0cdf0b19 Update go-patricia to 2.1.0
This includes a fix for the minor v2 API change introduced by 341a37095f. 👍

Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-05-02 23:25:57 -06:00
Tianon Gravi
d05398f1e9 Finally remove our copy of "archive/tar" now that Go 1.4 is the minimum!
IT'S ABOUT TIME. 🎉

Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-05-01 16:01:10 -06:00
Alexander Morozov
112ff23e41 Fix race in FirewalldInit
It was possible that signalHandler won't start because connections is
not assigned.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-05-01 13:35:54 -07:00
Michael Crosby
d3d6eed2b3 Merge pull request #12841 from Mashimiao/use-CustomSize-to-replace-intToString
use CustomSize replace intToString
2015-04-30 17:24:41 -07:00
Michael Crosby
6c996d544f Merge pull request #12900 from gaurav-gosec/master
Make use of iptablesPath variable which has the path of iptables, instea...
2015-04-30 16:12:03 -07:00
jhowardmsft
aa589b5288 Windows: mkdirall volume path aware
Signed-off-by: jhowardmsft <jhoward@microsoft.com>
2015-04-30 11:59:42 -07:00
Tibor Vass
2bbd2f8dd0 Merge pull request #12771 from runcom/say-bye-to-engine
Remove engine
2015-04-30 12:18:16 -04:00
Brian Goff
d461ce8fc7 Merge pull request #12664 from Mashimiao/sysinfo-support-ipv4_forward-check
sysinfo: add IPv4Forwarding check
2015-04-30 11:44:44 -04:00
Gaurav
23db1c36a6 Make use of iptablesPath variable which has the path of iptables, instead of using string iptables directly
Signed-off-by: Gaurav <gaurav.gosec@gmail.com>
2015-04-30 18:22:12 +05:30
Antonio Murdaca
1bf50b564c Remove engine mechanism
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
2015-04-30 01:35:16 +02:00
Aaron Davidson
81e1cdca21 Do our best not to invoke iptables concurrently if --wait is unsupported
We encountered a situation where concurrent invocations of the docker daemon on a machine with an older version of iptables led to nondeterministic errors related to simultaenous invocations of iptables.

While this is best resolved by upgrading iptables itself, the particular situation would have been avoided if the docker daemon simply took care not to concurrently invoke iptables. Of course, external processes could also cause iptables to fail in this way, but invoking docker in parallel seems like a pretty common case.

Signed-off-by: Aaron Davidson <aaron@databricks.com>
2015-04-29 14:40:25 -07:00
Vincent Demeester
861cba008d Add coverage on pkg/fileutils
Should fix #11598

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-04-29 16:27:12 +02:00
Ma Shimiao
57ef2a843d use CustomSize replace intToString
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2015-04-29 08:30:25 +08:00
buddhamagnet
c09e1131bc add support for exclusion rules in dockerignore
Signed-off-by: Dave Goodchild <buddhamagnet@gmail.com>
2015-04-28 18:56:45 +01:00
Burke Libbey
a423e54ba4 archive: Optimize ChangesDirs on Linux
If we tear through a few layers of abstraction, we can get at the inodes
contained in a directory without having to stat all the files. This
allows us to eliminate identical files much earlier in the changelist
generation process.

Signed-off-by: Burke Libbey <burke@libbey.me>
2015-04-27 21:26:13 -04:00
Brian Goff
f71e128a11 Merge pull request #11882 from hqhq/hq_warn_device_cg
add devices cgroup check as hard requirement
2015-04-27 18:42:57 -04:00
Phil Estes
af12b74084 Merge pull request #12828 from tdmackey/trivial-spelling
trivial: typo cleanup
2015-04-27 17:05:46 -04:00
David Mackey
b590208498 trivial: typo cleanup
Signed-off-by: David Mackey <tdmackey@booleanhaiku.com>
2015-04-27 13:35:08 -07:00
Antonio Murdaca
2026dbd41d Small if err cleaning
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
2015-04-27 21:50:33 +02:00
Antonio Murdaca
f023195a1e Replace json.Unmarshal with json.Decoder().Decode()
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
2015-04-26 15:02:01 +02:00
Vincent Demeester
bf4bc7f97f Add coverage on pkg/archive
Add tests on:
- changes.go
- archive.go
- wrap.go

Should fix #11603 as the coverage is now 81.2% on the ``pkg/archive``
package. There is still room for improvement though :).

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-04-24 17:03:33 +02:00
Qiang Huang
4f08c0481c simplify memory limit check
If memory cgroup is mounted, memory limit is always supported,
no need to check if these files are exist.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-04-24 08:43:44 +08:00
Qiang Huang
c0dc426757 add devices cgroup check and errors
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-04-24 08:37:59 +08:00
Tibor Vass
1ad5a79e51 Merge pull request #9397 from jpopelka/9395-firewalld
Firewalld support
2015-04-23 16:58:08 -04:00
Ma Shimiao
533ef6cee7 sysinfo: add IPv4Forwarding check
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2015-04-23 12:19:46 +08:00
Brian Goff
5ee10f9ad5 Merge pull request #12543 from vdemeester/11584-pkg-stdcopy-test-coverage
Add some stdcopy_test (coverage)
2015-04-22 22:03:15 -04:00
Qiang Huang
456cb5df54 remove redundant warning
And warning is not supposed to have a prefix WARNING.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-04-22 08:15:00 +08:00
Vivek Goyal
e2bca8900c devicemapper: Create a method to get device info with deferred remove field
Deferred reove functionality was added to library later. So in old version
of library it did not report deferred_remove field. 

Create a new function which also gets deferred_remove field and it will be
called only on newer version of library. 

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2015-04-21 18:14:59 -04:00
Vivek Goyal
48536e29e5 devicemapper: Create helpers to cancel deferred deactivation
If a device has been scheduled for deferred deactivation and container
is started again and we need to activate device again, we need to cancel
the deferred deactivation which is already scheduled on the device.

Create a method for the same.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2015-04-21 18:14:59 -04:00
Vivek Goyal
64ffdbc701 devicemapper: Add helper functions to allow deferred device removal
A lot of time device mapper devices leak across mount namespace which docker
does not know about and when docker tries to deactivate/delete device,
operation fails as device is open in some mount namespace.

Create a mechanism where one can defer the device deactivation/deletion
so that docker operation does not fail and device automatically goes
away when last reference to it is dropped.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2015-04-21 18:14:59 -04:00