-
Notifications
You must be signed in to change notification settings - Fork 18.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cherry picks 1.12.1 #25637
Merged
Merged
Cherry picks 1.12.1 #25637
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tiborvass
force-pushed
the
cherry-picks-1.12.1
branch
from
August 11, 2016 22:17
dc517ac
to
5759650
Compare
tiborvass
force-pushed
the
bump_v1.12.1
branch
from
August 11, 2016 23:44
20c6271
to
6811254
Compare
It's too long to wait for reschedule. Signed-off-by: Alexander Morozov <lk4d4@docker.com> (cherry picked from commit 307b7b0) Signed-off-by: Tibor Vass <tibor@docker.com>
tiborvass
force-pushed
the
cherry-picks-1.12.1
branch
from
August 11, 2016 23:48
5759650
to
b98c8b6
Compare
Signed-off-by: Tibor Vass <tibor@docker.com>
This prevents unnecessary API call to containerd. Signed-off-by: Anusha Ragunathan <anusha@docker.com> (cherry picked from commit b867f6c) Signed-off-by: Tibor Vass <tibor@docker.com>
Fix moby#25046 Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp> (cherry picked from commit b1e71bd) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Anusha Ragunathan <anusha@docker.com> (cherry picked from commit 42abccb) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit f023004) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com> (cherry picked from commit f146f61) Signed-off-by: Tibor Vass <tibor@docker.com>
…bel{-add,-rm}' Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com> (cherry picked from commit ab95ec3) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: allencloud <allen.sun@daocloud.io> (cherry picked from commit ac13162) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: allencloud <allen.sun@daocloud.io> (cherry picked from commit 6c5988e) Signed-off-by: Tibor Vass <tibor@docker.com>
This fix tries to improve error messages when IP address autodetection fails, as is specified in 25141. Previously, error messages only indicate that multiple IPs exist when autodetection fails. In this fix, if one interface consists of multiple addresses or multiple interfaces consist of addresses, the error messages output the address names and interface names so that end user could take notice. This fix is verified manually. When multiple addresses exist on multiple interfaces: ``` $ sudo docker swarm init Error response from daemon: could not choose an IP address to advertise since this system has multiple addresses on different interfaces (192.168.186.128 on ens33 and 192.168.100.199 on eth10) - specify one with --advertise-addr ``` When multiple addresses exist on single interface: ``` $ sudo docker swarm init Error response from daemon: could not choose an IP address to advertise since this system has multiple addresses on interface ens33 (192.168.186.128 and 192.168.55.199) - specify one with --advertise-addr ``` This fix fixes 25141. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> (cherry picked from commit 59db010) Signed-off-by: Tibor Vass <tibor@docker.com>
`docker plugin remove` didnt actually remove plugin from disk. Fix that. Signed-off-by: Anusha Ragunathan <anusha@docker.com> (cherry picked from commit 5690730) Signed-off-by: Tibor Vass <tibor@docker.com>
This fix tries to address the issue raised in 25195 where external CA configurations are not present in `docker info`. This fix adds the output of external CAs in `docker info` in swarm mode. The test is done manually with: ``` docker run -p 8888:8888 -e CXFSSL_ADDRESS=0.0.0.0 -d fabric8/cfssl docker swarm init --external-ca protocol=cfssl,url=http://172.17.0.2:8888 ``` The `docker info` output: ``` Managers: 1 Nodes: 1 Orchestration: Task History Retention Limit: 5 Raft: Snapshot interval: 10000 Heartbeat tick: 1 Election tick: 3 Dispatcher: Heartbeat period: 5 seconds CA configuration: Expiry duration: 3 months External CAs: cfssl: https://172.17.0.2:8888 ``` This fix fixes 25195. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> (cherry picked from commit 995128e) Signed-off-by: Tibor Vass <tibor@docker.com>
On daemon restart the local volume driver will read options that it persisted to disk, however it was reading an incorrect path, causing volume options to be silently ignored after a daemon restart. Signed-off-by: Brian Goff <cpuguy83@gmail.com> (cherry picked from commit c560dd9) Signed-off-by: Tibor Vass <tibor@docker.com>
this change improves the instructions for swarm join-token and swarm init; - only print the join-token command for workers instead of for both managers and workers, to prevent users from copying the wrong command. An extra line is added to explain how to obtain the manager token. - print a message that a token was rotated sucesfully if '--rotate' is used. - add some extra white-space before / after the join commands, to make copy/pasting easier. this change also does some refactoring of join-token; - move flagname-constants together with other constants - use variables for selected role ("worker" / "manager") to prevent checking for them multiple times, and to keep the "worker" / "manager" sting centralized - add an extra blank line after "join-token" instructions this makes it easier to copy, and cleans up the code a tiny bit Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit ebebd41) Signed-off-by: Tibor Vass <tibor@docker.com>
Fixes moby#25331 Signed-off-by: Brian Goff <cpuguy83@gmail.com> (cherry picked from commit 63983f3) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Diogo Monica <diogo.monica@gmail.com> (cherry picked from commit a327c23) Signed-off-by: Tibor Vass <tibor@docker.com>
Printing off networks as part of --pretty was missing a newline, causing the next thing printed to be concatenated onto the end of the line. Added an empty println after all networks are printed. Signed-off-by: Drew Erny <drew.erny@docker.com> (cherry picked from commit 02ebaf3) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> (cherry picked from commit e3917c7) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Harald Albers <github@albersweb.de> (cherry picked from commit 46d3464) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Daniel Nephin <dnephin@docker.com> (cherry picked from commit fcde27e) Signed-off-by: Tibor Vass <tibor@docker.com>
This is intended as a minor fix for 1.12.1 so that task creation doesn't do unexpected things when the user supplies erroneous paths. In particular, because we're currently using hostConfig.Binds to setup mounts, if a user uses an absolute path for a volume mount source, or a non-absolute path for a bind mount source, the engine will do the opposite of what the user requested since all absolute paths are treated as binds and all non-absolute paths are treated as named volumes. Fixes moby#25253 Signed-off-by: Brian Goff <cpuguy83@gmail.com> (cherry picked from commit 38f8b0e) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Victor Vieux <vieux@docker.com> (cherry picked from commit 42360d1) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> (cherry picked from commit 9be0fb4) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Harald Albers <github@albersweb.de> (cherry picked from commit fa1b82e) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com> (cherry picked from commit 51f21a1) Signed-off-by: Tibor Vass <tibor@docker.com>
Fixes moby#25453 Signed-off-by: Dave Tucker <dt@docker.com> (cherry picked from commit 0e1fe45) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Harald Albers <github@albersweb.de> (cherry picked from commit 197f23d) Signed-off-by: Tibor Vass <tibor@docker.com>
Unlike `docker run -v..`, `docker service create --mount` does not allow bind-mounting non-existing host paths. This adds validation for the specified `source`, and produces an error if the path is not found on the host. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 84d5ab9) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Diogo Monica <diogo.monica@gmail.com> (cherry picked from commit d1244ab) Signed-off-by: Tibor Vass <tibor@docker.com>
This fix tries to address the issue in 25404 where updating environmental variable in `service update --env-add` will not work. The issue is because `--env-add` will only append the env, not update if the same env already exist. This fix tracks the env variable with a map and update if the variable is the same. An integration test has been added. This fix fixes 25404. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> (cherry picked from commit c6de8ad) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Victor Vieux <vieux@docker.com> (cherry picked from commit ab12ed4) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Dieter Reuter <dieter.reuter@me.com> (cherry picked from commit 6e76b7a) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Dieter Reuter <dieter.reuter@me.com> (cherry picked from commit 84ff895) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Dieter Reuter <dieter.reuter@me.com> (cherry picked from commit 430bf99) Signed-off-by: Tibor Vass <tibor@docker.com>
This adds the ability to have different profiles for individual distros and versions of the distro because they all ship with and depend on different versions of policy packages. The `selinux` dir contains the unmodified policy that is being used today. The `selinux-fedora` dir contains the new policy for fedora 24 with the changes for it to compile and work on the system. The fedora policy is from commit containers/container-selinux@4a6ce94 Signed-off-by: Michael Crosby <crosbymichael@gmail.com> (cherry picked from commit 32b1f26) Signed-off-by: Tibor Vass <tibor@docker.com>
In cases there are failures in task start, swarmkit might be trying to restart the task again in the same node which might keep failing. This creates a race where when a failed task is getting removed it might remove the associated network while another task for the same service or a different service but connected to the same network is proceeding with starting the container knowing that the network is still present. Fix this by reacting to `ErrNoSuchNetwork` error during container start by trying to recreate the managed networks. If they have been removed it will be recreated. If they are already present nothing bad will happen. Signed-off-by: Jana Radhakrishnan <mrjana@docker.com> (cherry picked from commit 117cef5) Signed-off-by: Tibor Vass <tibor@docker.com>
Only open_by_handle_at requires CAP_DAC_READ_SEARCH. This allows systemd to run with only `--cap-add SYS_ADMIN` rather than having to also add `--cap-add DAC_READ_SEARCH` as well which it does not really need. Signed-off-by: Justin Cormack <justin.cormack@docker.com> (cherry picked from commit c1ca124) Signed-off-by: Tibor Vass <tibor@docker.com>
* Fixes moby#25236 * Fixes moby#24789 * Fixes moby#25340 * Fixes moby#25130 * Fixes moby/libnetwork#1387 * Fix external DNS responses > 512 bytes getting dropped * Fix crash when remote plugin returns empty address string * Make service LB work from self * Fixed a few race-conditions Signed-off-by: Madhu Venugopal <madhu@docker.com> (cherry picked from commit 6645ff8) Signed-off-by: Tibor Vass <tibor@docker.com>
Docker 1.12 ships with an updated unit file on RPM based distros. Users that have local modifications to the unit file, or have a drop-in file installed may not automatically get the updated unit file, or get an error when starting docker. This adds a warning to the changelog, and instructions on how to resolve the issue. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 66b6566) Signed-off-by: Tibor Vass <tibor@docker.com>
This fix tries to address the issue raised in 25375 where `service update --publish-add` returns an error if the exact same value is repeated (idempotent). This fix use a map to filter out repeated port configs so that `--publish-add` does not error out. An integration test has been added. This fix fixes 25375. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> (cherry picked from commit b487497) Signed-off-by: Tibor Vass <tibor@docker.com>
This patch allows to only release the packages that were built and are present under the bundles/ directory instead of assuming packages exist for all distros enumerated in the contrib/builder/ directory. It also now adds support for armhf architecture for apt repositories. Signed-off-by: Tibor Vass <tibor@docker.com> (cherry picked from commit 2ff2e9a) Signed-off-by: Tibor Vass <tibor@docker.com>
With the latest OL7.2, selinux policy that is shipped might not be the latest for it to work or build with selinux policy for docker-1.12. To be able to achieve that here is what is done: 1. Added systemd_machined policy which is part of systemd. 2. Temporarily comment out unconfined_typebounds because the current OL7's selinux doesn't have unconfineduser selinux policy, to include this will be too much. Will revisit this once we have updated the selinux policy. Fixes: moby#24612 Signed-off-by: Thomas Tanaka <thomas.tanaka@oracle.com> (cherry picked from commit d6cae87) Signed-off-by: Tibor Vass <tibor@docker.com>
/proc/timer_list seems to leak information about the host. Here is an example from a busybox container running on docker+kubernetes. # cat /proc/timer_list | grep -i -e kube <ffff8800b8cc3db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kubelet/2497 <ffff880129ac3db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kube-proxy/3478 <ffff8800b1b77db0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kube-proxy/3470 <ffff8800bb6abdb0>, hrtimer_wakeup, S:01, futex_wait_queue_me, kubelet/2499 Signed-Off-By: Davanum Srinivas <davanum@gmail.com> Signed-off-by: Davanum Srinivas <davanum@gmail.com> (cherry picked from commit 03bd00b) Signed-off-by: Tibor Vass <tibor@docker.com>
tiborvass
force-pushed
the
cherry-picks-1.12.1
branch
from
August 12, 2016 00:57
e2e3d64
to
275b4a9
Compare
Signed-off-by: John Howard <jhoward@microsoft.com> (cherry picked from commit 03816ad) Signed-off-by: Tibor Vass <tibor@docker.com>
This is an attempt to fix the flaky test of TestSwarmNodeTaskListFilter in 25029. Basically this fix adds a check to wait until 3 containers has already up, before processing `node tasks ...`. This might fix 25029. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> (cherry picked from commit 63c0366) Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Anusha Ragunathan <anusha@docker.com> (cherry picked from commit 4d00908) Signed-off-by: Tibor Vass <tibor@docker.com>
tiborvass
force-pushed
the
cherry-picks-1.12.1
branch
from
August 12, 2016 02:40
275b4a9
to
a3f2c03
Compare
Signed-off-by: Santhosh Manohar <santhosh@docker.com> (cherry picked from commit b9c9fa2) Signed-off-by: Tibor Vass <tibor@docker.com>
LGTM |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
First I cherrypicked this:
Then I vendored swarmkit and engine-api here bdc0a24
And then cherrypicked and resolved some conflicts on the following:
docker info
docker node rm --force
docker ps --filter
with order by creation timedocker swarm join --advertise-addr
docker service {create,update} {-e,--env}
service update --env-add
issue