Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cherry picks 1.12.1 #25637

Merged
merged 51 commits into from
Aug 12, 2016
Merged

Cherry picks 1.12.1 #25637

merged 51 commits into from
Aug 12, 2016

Conversation

tiborvass
Copy link
Contributor

@tiborvass tiborvass commented Aug 11, 2016

First I cherrypicked this:

  • #25237
    • 307b7b0 integration: drain node before stop in TestApiSwarmForceNewCluster

Then I vendored swarmkit and engine-api here bdc0a24

And then cherrypicked and resolved some conflicts on the following:

It's too long to wait for reschedule.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
(cherry picked from commit 307b7b0)
Signed-off-by: Tibor Vass <tibor@docker.com>
Tibor Vass and others added 22 commits August 11, 2016 17:56
Signed-off-by: Tibor Vass <tibor@docker.com>
This prevents unnecessary API call to containerd.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit b867f6c)
Signed-off-by: Tibor Vass <tibor@docker.com>
Fix moby#25046

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
(cherry picked from commit b1e71bd)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 42abccb)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f023004)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
(cherry picked from commit f146f61)
Signed-off-by: Tibor Vass <tibor@docker.com>
…bel{-add,-rm}'

Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
(cherry picked from commit ab95ec3)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: allencloud <allen.sun@daocloud.io>
(cherry picked from commit ac13162)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: allencloud <allen.sun@daocloud.io>
(cherry picked from commit 6c5988e)
Signed-off-by: Tibor Vass <tibor@docker.com>
This fix tries to improve error messages when IP address
autodetection fails, as is specified in 25141.

Previously, error messages only indicate that multiple IPs
exist when autodetection fails. In this fix, if one
interface consists of multiple addresses or multiple
interfaces consist of addresses, the error messages output
the address names and interface names so that end user could
take notice.

This fix is verified manually.
When multiple addresses exist on multiple interfaces:
```
$ sudo docker swarm init
Error response from daemon: could not choose an IP address
to advertise since this system has multiple addresses on different
interfaces (192.168.186.128 on ens33 and 192.168.100.199 on eth10)
 - specify one with --advertise-addr
```
When multiple addresses exist on single interface:
```
$ sudo docker swarm init
Error response from daemon: could not choose an IP address
to advertise since this system has multiple addresses
on interface ens33 (192.168.186.128 and 192.168.55.199)
- specify one with --advertise-addr
```

This fix fixes 25141.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 59db010)
Signed-off-by: Tibor Vass <tibor@docker.com>
`docker plugin remove` didnt actually remove plugin from disk. Fix that.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 5690730)
Signed-off-by: Tibor Vass <tibor@docker.com>
This fix tries to address the issue raised in 25195 where external
CA configurations are not present in `docker info`.

This fix adds the output of external CAs in `docker info` in swarm
mode.

The test is done manually with:
```
docker run -p 8888:8888 -e CXFSSL_ADDRESS=0.0.0.0 -d fabric8/cfssl
docker swarm init --external-ca protocol=cfssl,url=http://172.17.0.2:8888
```

The `docker info` output:
```
 Managers: 1
 Nodes: 1
 Orchestration:
  Task History Retention Limit: 5
 Raft:
  Snapshot interval: 10000
  Heartbeat tick: 1
  Election tick: 3
 Dispatcher:
  Heartbeat period: 5 seconds
 CA configuration:
  Expiry duration: 3 months
  External CAs:
    cfssl: https://172.17.0.2:8888
```

This fix fixes 25195.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 995128e)
Signed-off-by: Tibor Vass <tibor@docker.com>
On daemon restart the local volume driver will read options that it
persisted to disk, however it was reading an incorrect path, causing
volume options to be silently ignored after a daemon restart.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit c560dd9)
Signed-off-by: Tibor Vass <tibor@docker.com>
this change improves the instructions for
swarm join-token and swarm init;

- only print the join-token command for workers
  instead of for both managers and workers, to
  prevent users from copying the wrong command.
  An extra line is added to explain how to obtain
  the manager token.
- print a message that a token was rotated
  sucesfully if '--rotate' is used.
- add some extra white-space before / after
  the join commands, to make copy/pasting
  easier.

this change also does some refactoring of join-token;

- move flagname-constants together with other constants
- use variables for selected role ("worker" / "manager")
  to prevent checking for them multiple times, and to
  keep the "worker" / "manager" sting centralized
- add an extra blank line after "join-token" instructions
  this makes it easier to copy, and cleans up the
  code a tiny bit

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ebebd41)
Signed-off-by: Tibor Vass <tibor@docker.com>
Fixes moby#25331

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 63983f3)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Diogo Monica <diogo.monica@gmail.com>
(cherry picked from commit a327c23)
Signed-off-by: Tibor Vass <tibor@docker.com>
Printing off networks as part of --pretty was missing a newline, causing
the next thing printed to be concatenated onto the end of the line.
Added an empty println after all networks are printed.

Signed-off-by: Drew Erny <drew.erny@docker.com>
(cherry picked from commit 02ebaf3)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit e3917c7)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 46d3464)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit fcde27e)
Signed-off-by: Tibor Vass <tibor@docker.com>
This is intended as a minor fix for 1.12.1 so that task creation doesn't
do unexpected things when the user supplies erroneous paths.

In particular, because we're currently using hostConfig.Binds to setup
mounts, if a user uses an absolute path for a volume mount source, or a
non-absolute path for a bind mount source, the engine will do the
opposite of what the user requested since all absolute paths are
treated as binds and all non-absolute paths are treated as named
volumes.

Fixes moby#25253

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 38f8b0e)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Victor Vieux <vieux@docker.com>
(cherry picked from commit 42360d1)
Signed-off-by: Tibor Vass <tibor@docker.com>
tonistiigi and others added 21 commits August 11, 2016 17:56
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 9be0fb4)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit fa1b82e)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit 51f21a1)
Signed-off-by: Tibor Vass <tibor@docker.com>
Fixes moby#25453

Signed-off-by: Dave Tucker <dt@docker.com>
(cherry picked from commit 0e1fe45)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 197f23d)
Signed-off-by: Tibor Vass <tibor@docker.com>
Unlike `docker run -v..`, `docker service create --mount`
does not allow bind-mounting non-existing host paths.

This adds validation for the specified `source`, and
produces an error if the path is not found on the
host.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 84d5ab9)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Diogo Monica <diogo.monica@gmail.com>
(cherry picked from commit d1244ab)
Signed-off-by: Tibor Vass <tibor@docker.com>
This fix tries to address the issue in 25404 where updating environmental
variable in `service update --env-add` will not work.

The issue is because `--env-add` will only append the env, not update if
the same env already exist.

This fix tracks the env variable with a map and update if the variable
is the same.

An integration test has been added.

This fix fixes 25404.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit c6de8ad)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Victor Vieux <vieux@docker.com>
(cherry picked from commit ab12ed4)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Dieter Reuter <dieter.reuter@me.com>
(cherry picked from commit 6e76b7a)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Dieter Reuter <dieter.reuter@me.com>
(cherry picked from commit 84ff895)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Dieter Reuter <dieter.reuter@me.com>
(cherry picked from commit 430bf99)
Signed-off-by: Tibor Vass <tibor@docker.com>
This adds the ability to have different profiles for individual distros
and versions of the distro because they all ship with and depend on
different versions of policy packages.

The `selinux` dir contains the unmodified policy that is being used
today.  The `selinux-fedora` dir contains the new policy for fedora 24
with the changes for it to compile and work on the system.

The fedora policy is from commit
containers/container-selinux@4a6ce94

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
(cherry picked from commit 32b1f26)
Signed-off-by: Tibor Vass <tibor@docker.com>
In cases there are failures in task start, swarmkit might be trying to
restart the task again in the same node which might keep failing. This
creates a race where when a failed task is getting removed it might
remove the associated network while another task for the same service
or a different service but connected to the same network is proceeding
with starting the container knowing that the network is still
present. Fix this by reacting to `ErrNoSuchNetwork` error during
container start by trying to recreate the managed networks. If they
have been removed it will be recreated. If they are already present
nothing bad will happen.

Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
(cherry picked from commit 117cef5)
Signed-off-by: Tibor Vass <tibor@docker.com>
Only open_by_handle_at requires CAP_DAC_READ_SEARCH.

This allows systemd to run with only `--cap-add SYS_ADMIN`
rather than having to also add `--cap-add DAC_READ_SEARCH`
as well which it does not really need.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit c1ca124)
Signed-off-by: Tibor Vass <tibor@docker.com>
* Fixes moby#25236
* Fixes moby#24789
* Fixes moby#25340
* Fixes moby#25130
* Fixes moby/libnetwork#1387
* Fix external DNS responses > 512 bytes getting dropped
* Fix crash when remote plugin returns empty address string
* Make service LB work from self
* Fixed a few race-conditions

Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit 6645ff8)
Signed-off-by: Tibor Vass <tibor@docker.com>
Docker 1.12 ships with an updated unit file on RPM
based distros. Users that have local modifications
to the unit file, or have a drop-in file installed
may not automatically get the updated unit file,
or get an error when starting docker.

This adds a warning to the changelog, and instructions
on how to resolve the issue.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 66b6566)
Signed-off-by: Tibor Vass <tibor@docker.com>
This fix tries to address the issue raised in 25375 where
`service update --publish-add` returns an error if the exact
same value is repeated (idempotent).

This fix use a map to filter out repeated port configs so
that `--publish-add` does not error out.

An integration test has been added.

This fix fixes 25375.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit b487497)
Signed-off-by: Tibor Vass <tibor@docker.com>
This patch allows to only release the packages that were built and are
present under the bundles/ directory instead of assuming packages exist
for all distros enumerated in the contrib/builder/ directory.

It also now adds support for armhf architecture for apt repositories.

Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 2ff2e9a)
Signed-off-by: Tibor Vass <tibor@docker.com>
With the latest OL7.2, selinux policy that is shipped
might not be the latest for it to work or build with
selinux policy for docker-1.12.

To be able to achieve that here is what is done:
1. Added systemd_machined policy which is part of systemd.
2. Temporarily comment out unconfined_typebounds because the
current OL7's selinux doesn't have unconfineduser selinux policy,
to include this will be too much. Will revisit this once we have
updated the selinux policy.

Fixes: moby#24612

Signed-off-by: Thomas Tanaka <thomas.tanaka@oracle.com>
(cherry picked from commit d6cae87)
Signed-off-by: Tibor Vass <tibor@docker.com>
/proc/timer_list seems to leak information about the host. Here is
an example from a busybox container running on docker+kubernetes.

 # cat /proc/timer_list | grep -i -e kube
 <ffff8800b8cc3db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kubelet/2497
 <ffff880129ac3db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kube-proxy/3478
 <ffff8800b1b77db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kube-proxy/3470
 <ffff8800bb6abdb0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kubelet/2499

Signed-Off-By: Davanum Srinivas <davanum@gmail.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
(cherry picked from commit 03bd00b)
Signed-off-by: Tibor Vass <tibor@docker.com>
John Howard and others added 3 commits August 11, 2016 19:39
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit 03816ad)
Signed-off-by: Tibor Vass <tibor@docker.com>
This is an attempt to fix the flaky test of TestSwarmNodeTaskListFilter in 25029.

Basically this fix adds a check to wait until 3 containers has already up,
before processing `node tasks ...`.

This might fix 25029.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 63c0366)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 4d00908)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Santhosh Manohar <santhosh@docker.com>
(cherry picked from commit b9c9fa2)
Signed-off-by: Tibor Vass <tibor@docker.com>
@tonistiigi
Copy link
Member

LGTM

@tiborvass tiborvass merged commit 5dc0715 into moby:bump_v1.12.1 Aug 12, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.