Commit graph

1206 commits

Author SHA1 Message Date
Patrick Hemmer
21fc078476 Support hairpin NAT
This re-applies commit b39d02b with additional iptables rules to solve the issue with containers routing back into themselves.

The previous issue with this attempt was that the DNAT rule would send traffic back into the container it came from. When this happens you have 2 issues.
1) reverse path filtering. The container is going to see the traffic coming in from the outside and it's going to have a source address of itself. So reverse path filtering will kick in and drop the packet.
2) direct return mismatch. Assuming you turned reverse path filtering off, when the packet comes back in, it's goign to have a source address of itself, thus when the reply traffic is sent, it's going to have a source address of itself. But the original packet was sent to the host IP address, so the traffic will be dropped because it's coming from an address which the original traffic was not sent to (and likely with an incorrect port as well).

The solution to this is to masquerade the traffic when it gets routed back into the origin container. However for this to work you need to enable hairpin mode on the bridge port, otherwise the kernel will just drop the traffic.
The hairpin mode set is part of libcontainer, while the MASQ change is part of docker.

This reverts commit 63c303eecdbaf4dc7967fd51b82cd447c778cecc.

Docker-DCO-1.1-Signed-off-by: Patrick Hemmer <patrick.hemmer@gmail.com> (github: phemmer)
2014-11-03 23:09:08 -05:00
Vincent Batts
8f30e895b2 pkg/mount: include optional field
one linux, the optional field designates the sharedsubtree information,
if any.

Signed-off-by: Vincent Batts <vbatts@redhat.com>
2014-11-03 22:05:04 -05:00
Tibor Vass
98e403702a Merge pull request #8863 from vbatts/vbatts-archive_stat
./pkg/archive: clean up Stat_t assertion
2014-11-03 19:14:39 -05:00
Vincent Batts
3a2c49a3d9 pkg/mount: adding fields supported by freebsd
Signed-off-by: Vincent Batts <vbatts@redhat.com>
2014-11-03 14:01:50 -05:00
Vincent Batts
3894be0339 pkg/mount: testing for linux sharedsubtree mounts
* shared
* shared/slave
* unbindable
* private

Signed-off-by: Vincent Batts <vbatts@redhat.com>
2014-10-31 15:31:34 -04:00
Erik Hollensbe
3816c2f723 pkg/proxy: Bump the maximum size of a UDP packet.
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
2014-10-31 18:56:07 +00:00
Vincent Batts
9775fc4473 pkg/mount: add more sharesubtree options
Signed-off-by: Vincent Batts <vbatts@redhat.com>
2014-10-31 13:29:35 -04:00
Victor Vieux
afbc7f550b Merge pull request #8867 from vbatts/vbatts-relocate_mount_operation
mount: move the MakePrivate to pkg/mount
2014-10-30 16:39:20 -07:00
Vincent Batts
aaada9057d mount: move the MakePrivate to pkg/mount
The logic is unrelated to graphdriver.

Signed-off-by: Vincent Batts <vbatts@redhat.com>
2014-10-30 17:04:56 -04:00
Vincent Batts
b4b52c87b2 ./pkg/archive: clean up Stat_t assertion
inspired by @tonistiigi comment
(https://github.com/docker/docker/pull/8046/files#r19579960)

Signed-off-by: Vincent Batts <vbatts@redhat.com>
2014-10-30 16:50:33 -04:00
unclejack
f76adff303 pkg/reexec: move reexec code to a new package
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
2014-10-30 14:48:30 +02:00
74b38deaa9 archive: cleanup and more information
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2014-10-29 14:52:59 -04:00
4a2fb0ab3d archive: example app for diffing directories
By default is a demo of file differences, but can be used to create a
tar of changes between an old and new path.

Signed-off-by: Vincent Batts <vbatts@redhat.com>
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2014-10-29 14:52:59 -04:00
Vincent Batts
b17f754fff archive: preserve hardlinks in Tar and Untar
* integration test for preserving hardlinks

Signed-off-by: Vincent Batts <vbatts@redhat.com>
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2014-10-29 14:52:52 -04:00
Tibor Vass
0f0aef0590 Merge pull request #8352 from zachborboa/patch-1
Fix typo
2014-10-28 22:39:05 -04:00
Solomon Hykes
16a2259c32 Merge pull request #8198 from jfrazelle/add-jessie-to-various-maintainers
Adding self to various maintainers files.
2014-10-28 19:35:28 -07:00
Josh Hawn
f70214084c Exclude .wh..wh.* AUFS metadata on layer export
In an effort to make layer content 'stable' between import
and export from two different graph drivers, we must resolve
an issue where AUFS produces metadata files in its layers
which other drivers explicitly ignore when importing.

The issue presents itself like this:

    - Generate a layer using AUFS
    - On commit of that container, the new stored layer contains
      AUFS metadata files/dirs. The stored layer content has some
      tarsum value: '1234567'
    - `docker save` that image to a USB drive and `docker load`
      into another docker engine instance which uses another
      graph driver, say 'btrfs'
    - On load, this graph driver explicitly ignores any AUFS metadata
      that it encounters. The stored layer content now has some
      different tarsum value: 'abcdefg'.

The only (apparent) useful aufs metadata to keep are the psuedo link
files located at `/.wh..wh.plink/`. Thes files hold information at the
RW layer about hard linked files between this layer and another layer.
The other graph drivers make sure to copy up these psuedo linked files
but I've tested out a few different situations and it seems that this
is unnecessary (In my test, AUFS already copies up the other hard linked
files to the RW layer).

This changeset adds explicit exclusion of the AUFS metadata files and
directories (NOTE: not the whiteout files!) on commit of a container
using the AUFS storage driver.

Also included is a change to the archive package. It now explicitly
ignores the root directory from being included in the resulting tar archive
for 2 reasons: 1) it's unnecessary. 2) It's another difference between
what other graph drivers produce when exporting a layer to a tar archive.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2014-10-28 10:14:05 -07:00
Victor Vieux
61b6781d59 update sysinfo to logrus
Signed-off-by: Victor Vieux <vieux@docker.com>
2014-10-27 18:59:02 +00:00
Jessie Frazelle
77437c3984 Merge pull request #8782 from shuai-z/rm-clean
removed redundant Clean
2014-10-27 09:23:10 -07:00
Jessie Frazelle
89f1e164e4 Merge pull request #8770 from LK4D4/logrus_support
Logrus support
2014-10-27 09:05:24 -07:00
Tibor Vass
0e52ddae8f Merge pull request #8641 from vbatts/vbatts-archive_test_and_benchmark
archive: tests and benchmarks for hardlinks
2014-10-27 09:55:19 -04:00
shuai-z
0ed7e5e7de removed redundant Clean
The doc (or src) says: The result is Cleaned.

http://golang.org/pkg/path/filepath/#Join

Signed-off-by: shuai-z <zs.broccoli@gmail.com>
2014-10-26 13:55:29 +08:00
Alexandr Morozov
015f966a1b Mass gofmt
Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
2014-10-24 15:11:48 -07:00
Alexandr Morozov
7dae3e3de3 Remove pkg/log
Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
2014-10-24 15:03:24 -07:00
Alexandr Morozov
712a6554ce Use logrus everywhere for logging
Fixed #8761

Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
2014-10-24 15:03:06 -07:00
Vincent Batts
396f1dd125 archive: tests and benchmarks for hardlinks
Adding moar information, so benchmark comparisons can be moar
comparative.

Signed-off-by: Vincent Batts <vbatts@redhat.com>
2014-10-24 08:58:31 -04:00
Andrea Luzzardi
8e63996484 Add MemInfo to the system pkg.
MemInfo provides a simple API to get memory information from the
system.

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2014-10-22 14:05:45 -07:00
Tibor Vass
460ef61c01 Merge pull request #8423 from unclejack/lint_changes
lint changes part 1
2014-10-21 12:15:58 -04:00
Zach Borboa
6aeaba297c Fix typo
Signed-off-by: Zach Borboa <zachborboa@gmail.com>
2014-10-20 18:46:39 -07:00
Brian Goff
b81a28fa8b Make container.Copy support volumes
Fixes #1992

Right now when you `docker cp` a path which is in a volume, the cp
itself works, however you end up getting files that are in the
container's fs rather than the files in the volume (which is not in the
container's fs).
This makes it so when you `docker cp` a path that is in a volume it
follows the volume to the real path on the host.

archive.go has been modified so that when you do `docker cp mydata:/foo
.`, and /foo is the volume, the outputed folder is called "foo" instead
of the volume ID (because we are telling it to tar up
`/var/lib/docker/vfs/dir/<some id>` and not "foo", but the user would be
expecting "foo", not the ID

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2014-10-20 20:23:01 -04:00
Srini Brahmaroutu
ab81bfc8f5 Adding capability to filter by name, id or status to list containers api
Closes #7599

Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
2014-10-20 18:33:20 +00:00
Alexandr Morozov
9ac922face Merge pull request #8238 from vbatts/vbatts-daemon_timestamps
daemon logging: unifying output and timestamps
2014-10-16 15:55:49 -07:00
Michael Crosby
a2c9b3762b Merge pull request #8380 from cpuguy83/moar_names
Add more names
2014-10-16 14:04:15 -07:00
Victor Vieux
16f6e4744a add BytesSize in pkg/units
Signed-off-by: Victor Vieux <vieux@docker.com>
2014-10-14 03:54:32 +00:00
unclejack
68c42446a1 pkg/graphdb: some linting
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
2014-10-06 22:57:27 +03:00
unclejack
730301be76 pkg/timeutils: lint and add comments
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
2014-10-06 22:27:56 +03:00
unclejack
bce8f57f1b pkg/units: lint
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
2014-10-06 22:19:41 +03:00
unclejack
d250fdea61 pkg/truncindex: lint and add comments
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
2014-10-06 22:00:58 +03:00
unclejack
6f66d8a30f pkg/version: lint and add comments 2014-10-06 18:41:53 +03:00
Brian Goff
1a8f9d9989 Add more names
Docker-DCO-1.1-Signed-off-by: Brian Goff <bgoff@cpuguy83-mbp.home> (github: cpuguy83)
2014-10-03 10:17:42 -04:00
Michael Crosby
63363f2d49 Merge pull request #8350 from erikh/add_erikh_maintainer_proxy
Add erikh as maintainer of pkg/proxy
2014-10-01 15:50:41 -07:00
Erik Hollensbe
773d3ad712 Add erikh as maintainer of pkg/proxy
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
2014-10-01 15:37:46 -07:00
Rafe Colton
bd898dfb55 Move archive package into pkg/archive
Now that the archive package does not depend on any docker-specific
packages, only those in pkg and vendor, it can be safely moved into pkg.

Signed-off-by: Rafe Colton <rafael.colton@gmail.com>
2014-09-29 23:23:36 -07:00
Rafe Colton
fdc594e811 Move Matches() file path matching function into pkg/fileutils
This is the second of two steps to break the archive package's
dependence on utils so that archive may be moved into pkg. `Matches()`
is also a good candidate pkg in that it is small, concise, and not
specific to docker internals

Signed-off-by: Rafe Colton <rafael.colton@gmail.com>
2014-09-29 23:21:41 -07:00
Rafe Colton
32cc6ab501 Move Go() promise-like func from utils to pkg/promise
This is the first of two steps to break the archive package's dependence
on utils so that archive may be moved into pkg.  Also, the `Go()`
function is small, concise, and not specific to the docker internals, so
it is a good candidate for pkg.

Signed-off-by: Rafe Colton <rafael.colton@gmail.com>
2014-09-29 23:16:27 -07:00
Jessica Frazelle
56d6d5888c Adding self to various maintainers files.
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jess@docker.com> (github: jfrazelle)
2014-09-29 15:43:07 -07:00
Vincent Batts
d53bedb1b7 daemon logging: unifying output and timestamps
A little refactor of the ./pkg/log so engine can have a logger instance

Signed-off-by: Vincent Batts <vbatts@redhat.com>
2014-09-26 14:44:46 -04:00
Derek McGowan
6a33e70bd5 pkg/tarsum: fix panic with dynamic buffer
When read is called on a tarsum with a two different read sizes, specifically the second call larger than the first, the dynamic buffer does not get reallocated causing a slice read error.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2014-09-25 15:58:35 -07:00
Alexandr Morozov
56483ba9b4 Test for jsonlog.WriteLog
Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
2014-09-23 19:19:25 +04:00
Alexandr Morozov
4b052e7192 Benchmark for jsonlog.WriteLog
Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
2014-09-23 18:24:18 +04:00