Commit graph

1616 commits

Author SHA1 Message Date
Tibor Vass
bf04de9ef4 Merge pull request #16940 from coolljt0725/default_tls_host
Make default tls host work
2015-10-21 14:02:22 -04:00
Alexander Morozov
795370d737 Merge pull request #17035 from estesp/fix-build-dir-perms
Correct build-time directory creation with user namespaced daemon
2015-10-20 08:57:19 -07:00
Phil Estes
e8282c4e9d Correct build-time directory creation with user namespaced daemon
This fixes errors in ownership on directory creation during build that
can cause inaccessible files depending on the paths in the Dockerfile
and non-existing directories in the starting image.

Add tests for the mkdir variants in pkg/idtools

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-10-20 08:59:48 -04:00
Jess Frazelle
a45713d529 Merge pull request #17088 from Microsoft/sjw/archive_hang_fix
Fixing hang in archive.CopyFileWithTar with invalid dst
2015-10-19 17:18:25 -07:00
Stefan J. Wernli
f05813a1ea Fixing hang in archive.CopyWithTar with invalid dst
Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2015-10-19 11:56:05 -07:00
Lei Jitang
6159d85e26 Make default tls host work
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-10-19 21:17:37 +08:00
Jan-Gerd Tenberge
2e3a391376 Fix spelling error, add Noether and Euler
Signed-off-by: Jan-Gerd Tenberge <janten@gmail.com>
2015-10-19 01:14:39 +02:00
3cd97bbcb0 Merge pull request #16960 from pydima/9283_consider_hard_links_in_image_size
Consider hardlinks in image size.
2015-10-17 14:22:33 -04:00
Sebastiaan van Stijn
66d082cec7 Merge pull request #17056 from vdemeester/16756-integration-cli-checkers-api-build
Vendoring new go-check checkers and use checker for docker_api_build_test.go
2015-10-17 08:50:51 -07:00
Vincent Demeester
4538373791 Vendoring shakers library and update go-check
The shakers library defines a bunch of go-check checkers to ease
writing tests.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-10-17 14:28:08 +02:00
Dmitry Vorobev
f6ec5ae6ee Fixes #9283. Consider hardlinks in image size.
Based on #8984. This patch fixes behavior when image size calculation
didn't consider hardlinks.

Signed-off-by: Dmitry Vorobev <dimahabr@gmail.com>
2015-10-17 12:24:05 +02:00
Antonio Murdaca
bc78380707 Merge pull request #16950 from cpuguy83/support_ipv6_in_host_parser
Allow API to bind to ipv6 addresses
2015-10-17 00:20:49 +02:00
9158522b8a Merge pull request #16932 from c0b/fix-race-16924
Fix race #16924 [panic: runtime error: slice bounds out of range] docker daemon crash of racing
2015-10-15 18:05:05 -05:00
John Howard
a81f89aa9d Windows: [TP4] docker kill handling
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-10-13 16:04:49 -07:00
Derek Ch
c45a95b9c0 fix a race crash when building with "ADD some-broken.tar.xz ..."
The race is between pools.Put which calls buf.Reset and exec.Cmd
doing io.Copy from the buffer; it caused a runtime crash, as
described in #16924:

``` docker-daemon cat the-tarball.xz | xz -d -c -q | docker-untar /path/to/... (aufs ) ```

When docker-untar side fails (like try to set xattr on aufs, or a broken
tar), invokeUnpack will be responsible to exhaust all input, otherwise
`xz` will be write pending for ever.

this change add a receive only channel to cmdStream, and will close it
to notify it's now safe to close the input stream;

in CmdStream the change to use Stdin / Stdout / Stderr keeps the
code simple, os/exec.Cmd will spawn goroutines and call io.Copy automatically.

the CmdStream is actually called in the same file only, change it
lowercase to mark as private.

[...]
INFO[0000] Docker daemon                                 commit=0a8c2e3 execdriver=native-0.2 graphdriver=aufs version=1.8.2

DEBU[0006] Calling POST /build
INFO[0006] POST /v1.20/build?cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&memory=0&memswap=0&rm=1&t=gentoo-x32&ulimits=null
DEBU[0008] [BUILDER] Cache miss
DEBU[0009] Couldn't untar /home/lib-docker-v1.8.2-tmp/tmp/docker-build316710953/stage3-x32-20151004.tar.xz to /home/lib-docker-v1.8.2-tmp/aufs/mnt/d909abb87150463939c13e8a349b889a72d9b14f0cfcab42a8711979be285537: Untar re-exec error: exit status 1: output: operation not supported
DEBU[0009] CopyFileWithTar(/home/lib-docker-v1.8.2-tmp/tmp/docker-build316710953/stage3-x32-20151004.tar.xz, /home/lib-docker-v1.8.2-tmp/aufs/mnt/d909abb87150463939c13e8a349b889a72d9b14f0cfcab42a8711979be285537/)
panic: runtime error: slice bounds out of range

goroutine 42 [running]:
bufio.(*Reader).fill(0xc208187800)
    /usr/local/go/src/bufio/bufio.go:86 +0x2db
bufio.(*Reader).WriteTo(0xc208187800, 0x7ff39602d150, 0xc2083f11a0, 0x508000, 0x0, 0x0)
    /usr/local/go/src/bufio/bufio.go:449 +0x27e
io.Copy(0x7ff39602d150, 0xc2083f11a0, 0x7ff3960261f8, 0xc208187800, 0x0, 0x0, 0x0)
    /usr/local/go/src/io/io.go:354 +0xb2
github.com/docker/docker/pkg/archive.func·006()
    /go/src/github.com/docker/docker/pkg/archive/archive.go:817 +0x71
created by github.com/docker/docker/pkg/archive.CmdStream
    /go/src/github.com/docker/docker/pkg/archive/archive.go:819 +0x1ec

goroutine 1 [chan receive]:
main.(*DaemonCli).CmdDaemon(0xc20809da30, 0xc20800a020, 0xd, 0xd, 0x0, 0x0)
    /go/src/github.com/docker/docker/docker/daemon.go:289 +0x1781
reflect.callMethod(0xc208140090, 0xc20828fce0)
    /usr/local/go/src/reflect/value.go:605 +0x179
reflect.methodValueCall(0xc20800a020, 0xd, 0xd, 0x1, 0xc208140090, 0x0, 0x0, 0xc208140090, 0x0, 0x45343f, ...)
    /usr/local/go/src/reflect/asm_amd64.s:29 +0x36
github.com/docker/docker/cli.(*Cli).Run(0xc208129fb0, 0xc20800a010, 0xe, 0xe, 0x0, 0x0)
    /go/src/github.com/docker/docker/cli/cli.go:89 +0x38e
main.main()
    /go/src/github.com/docker/docker/docker/docker.go:69 +0x428

goroutine 5 [syscall]:
os/signal.loop()
    /usr/local/go/src/os/signal/signal_unix.go:21 +0x1f
created by os/signal.init·1
    /usr/local/go/src/os/signal/signal_unix.go:27 +0x35

Signed-off-by: Derek Ch <denc716@gmail.com>
2015-10-13 15:58:06 -07:00
John Howard
831c2e7a7b Windows: Fix AV in build due to userns
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-10-13 14:02:25 -07:00
Brian Goff
a0d269a779 Merge pull request #16963 from Microsoft/10662-kill-partone
Windows: Enable kill (part one)
2015-10-13 13:02:58 -04:00
John Howard
7dd3b006cb Windows: Enable kill (part one)
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-10-13 08:42:47 -07:00
Daniel Dao
154434f5a2 add labels/env log option for jsonfile
this allows jsonfile logger to collect extra metadata from containers with
`--log-opt labels=label1,label2 --log-opt env=env1,env2`.

Extra attributes are saved into `attrs` attributes for each log data.

Signed-off-by: Daniel Dao <dqminh@cloudflare.com>
2015-10-12 21:12:46 +02:00
Brian Goff
19561b96d5 Allow API to bind to ipv6 addresses
Use `net.SplitHostPort` which supports ipv6 rather than relying on
splitting on `:`

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-10-12 13:55:27 -04:00
Phil Estes
5b56e85c9d Merge pull request #16947 from Microsoft/jjh/daemon-broken-on-master
Windows: Daemon broken on master
2015-10-12 13:40:02 -04:00
John Howard
27658887e9 Windows: Daemon broken on master
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-10-12 09:11:19 -07:00
Phil Estes
2ca1c23a5d Correct mismatched function names (UID() and Gid())
All the go-lint work forced any existing "Uid" -> "UID", but seems to
not have the same rules for Gid, so stat package has calls UID() and
Gid().

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-10-12 10:58:33 -04:00
Sebastiaan van Stijn
54df0b606e Merge pull request #16618 from abronan/fix_discovery_pkg_readme
Fix discovery package README with the right --cluster* flags
2015-10-11 12:05:07 -07:00
Phil Estes
e118299052 Add user namespace (mapping) support to the Docker engine
Adds support for the daemon to handle user namespace maps as a
per-daemon setting.

Support for handling uid/gid mapping is added to the builder,
archive/unarchive packages and functions, all graphdrivers (except
Windows), and the test suite is updated to handle user namespace daemon
rootgraph changes.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-10-09 17:47:37 -04:00
Phil Estes
5e8012caca Add utility/support package for user namespace support
The `pkg/idtools` package supports the creation of user(s) for
retrieving /etc/sub{u,g}id ranges and creation of the UID/GID mappings
provided to clone() to add support for user namespaces in Docker.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-10-09 17:44:47 -04:00
Jess Frazelle
dade93d00f Merge pull request #16644 from dhiltgen/discovery_tls
Add TLS support for discovery backend
2015-10-08 14:21:06 -07:00
Jess Frazelle
07e78dc3cc Merge pull request #16803 from tiborvass/pkg-broadcaster
Move types from progressreader and broadcastwriter to broadcaster
2015-10-08 13:51:08 -07:00
Jess Frazelle
790b9791fd Merge pull request #13777 from cpuguy83/graphdriver_extpoints
Create extpoint for graphdrivers
2015-10-08 13:46:42 -07:00
Vincent Demeester
54a199952b Merge pull request #16781 from brahmaroutu/pkg_integration_timeout
timeouts causing tests to fail differently. GCCGO CI.
2015-10-08 22:02:22 +02:00
Jess Frazelle
880844e210 Merge pull request #16581 from fgimenez/11584-stdcopy-test-coverage
Added test coverage to StdCopy closes #11584
2015-10-08 12:53:25 -07:00
Srini Brahmaroutu
0a9741c6cb Timeouts are causing tests to fail differently. GCCGO CI.
Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
2015-10-08 15:14:56 +00:00
Daniel Hiltgen
125510e009 Add TLS support for discovery backend
This leverages recent additions to libkv enabling client
authentication via TLS so the discovery back-end can be locked
down with mutual TLS.  Example usage:

    docker daemon [other args] \
        --cluster-advertise 192.168.122.168:2376 \
        --cluster-store etcd://192.168.122.168:2379 \
        --cluster-store-opt kv.cacertfile=/path/to/ca.pem \
        --cluster-store-opt kv.certfile=/path/to/cert.pem \
        --cluster-store-opt kv.keyfile=/path/to/key.pem

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2015-10-07 16:01:00 -07:00
Alexander Morozov
2861b2e52f Merge pull request #16818 from runcom/rmi-perf
graph: add parent img refcount for faster rmi
2015-10-07 10:45:49 -07:00
Antonio Murdaca
8f009df876 graph: add parent img refcount for faster rmi
also fix a typo in pkg/truncindex package comment

Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
2015-10-07 19:09:44 +02:00
Alexander Morozov
d3aed6260a Merge pull request #16381 from rhvgoyal/deferred_deletion
devicemapper: Implement deferred deletion capability
2015-10-07 09:27:41 -07:00
Tibor Vass
2d6672b0e1 Move types from progressreader and broadcastwriter to broadcaster
progressreader.Broadcaster becomes broadcaster.Buffered and
broadcastwriter.Writer becomes broadcaster.Unbuffered.

The package broadcastwriter is thus renamed to broadcaster.

Signed-off-by: Tibor Vass <tibor@docker.com>
2015-10-06 22:20:07 -04:00
Brian Goff
7ddde13c00 Merge pull request #16147 from tiborvass/refactor-builder
Refactor builder with new Go interfaces
2015-10-06 20:36:07 -04:00
Tibor Vass
e5a4257fa7 Abstract builder and implement server-side dockerfile builder
This patch creates interfaces in builder/ for building Docker images.
It is a first step in a series of patches to remove the daemon
dependency on builder and later allow a client-side Dockerfile builder
as well as potential builder plugins.

It is needed because we cannot remove the /build API endpoint, so we
need to keep the server-side Dockerfile builder, but we also want to
reuse the same Dockerfile parser and evaluator for both server-side and
client-side.

builder/dockerfile/ and api/server/builder.go contain implementations
of those interfaces as a refactoring of the current code.

Signed-off-by: Tibor Vass <tibor@docker.com>
2015-10-06 19:10:19 -04:00
Vivek Goyal
30047b6365 devmapper: Implement deferred deletion functionality
Finally here is the patch to implement deferred deletion functionality.
Deferred deleted devices are marked as "Deleted" in device meta file. 

First we try to delete the device and only if deletion fails and user has
enabled deferred deletion, device is marked for deferred deletion.

When docker starts up again, we go through list of deleted devices and
try to delete these again.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2015-10-06 17:37:21 -04:00
Antonio Murdaca
4ebc358c68 bump libcontainer to 902c012e85cdae6bb68d8c7a0df69a42f818ce96
Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
2015-10-06 17:55:09 +02:00
Vincent Demeester
6cf9826537 Remove use of testify mock and testify vendored lib
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-10-05 08:43:34 +02:00
Doug Davis
fdc3d2821e Merge pull request #16582 from vdemeester/16360-dockerCmd-raceytests
Fix TestDockerCmd*Timeout racey tests
2015-10-02 20:45:41 -04:00
Jess Frazelle
0d6442725c Merge pull request #16733 from MHBauer/perjury
remove testify asserts from pkg/discovery
2015-10-02 16:04:56 -07:00
Morgan Bauer
890fa18dc5 remove testify asserts from pkg/discovery
Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
2015-10-02 13:05:15 -07:00
Jess Frazelle
911628c5ae Merge pull request #16490 from Microsoft/10662-mtimefix
Fixed file modified time not changing on windows
2015-10-02 12:06:03 -07:00
Jess Frazelle
2de02bc741 Merge pull request #16159 from runcom/validate-cpuset-cpus
Validate --cpuset-cpus, --cpuset-mems
2015-10-02 11:30:46 -07:00
Jess Frazelle
5978f60a59 Merge pull request #16367 from Morgy93/names-generator
Added some adjectives and names
2015-10-02 11:29:09 -07:00
Jess Frazelle
34f6a8d666 Merge pull request #16470 from tonistiigi/fix-aufs-opq
Add basic support for .wh..wh..opq
2015-10-02 11:28:33 -07:00
Jess Frazelle
edd768c3a8 Merge pull request #16594 from Microsoft/sjw/unc-build-fix
Windows: Fixing longpath hanlding of UNC paths.
2015-10-02 11:24:27 -07:00