When creating and updating services, we need to avoid unneeded service churn.
The interaction of separate lists to "add" and "drop" capabilities, a special
("ALL") capability, as well as a "relaxed" format for accepted capabilities
(case-insensitive, `CAP_` prefix optional) make this rather involved.
This patch updates how we handle `--cap-add` / `--cap-drop` when _creating_ as
well as _updating_, with the following rules/assumptions applied:
- both existing (service spec) and new (values passed through flags or in
the compose-file) are normalized and de-duplicated before use.
- the special "ALL" capability is equivalent to "all capabilities" and taken
into account when normalizing capabilities. Combining "ALL" capabilities
and other capabilities is therefore equivalent to just specifying "ALL".
- adding capabilities takes precedence over dropping, which means that if
a capability is both set to be "dropped" and to be "added", it is removed
from the list to "drop".
- the final lists should be sorted and normalized to reduce service churn
- no validation of capabilities is handled by the client. Validation is
delegated to the daemon/server.
When deploying a service using a docker-compose file, the docker-compose file
is *mostly* handled as being "declarative". However, many of the issues outlined
above also apply to compose-files, so similar handling is applied to compose
files as well to prevent service churn.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This maps the `--template-driver` flag on secret and config creation.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
> Run an init inside the container that forwards signals and reaps
processes
This is supported on `run` and now on Swarm services too, so it's also
possible to have in on a composefile :).
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Since go 1.7, "context" is a standard package. Since go 1.9,
x/net/context merely provides some types aliased to those in
the standard context package.
The changes were performed by the following script:
for f in $(git ls-files \*.go | grep -v ^vendor/); do
sed -i 's|golang.org/x/net/context|context|' $f
goimports -w $f
for i in 1 2; do
awk '/^$/ {e=1; next;}
/\t"context"$/ {e=0;}
{if (e) {print ""; e=0}; print;}' < $f > $f.new && \
mv $f.new $f
goimports -w $f
done
done
[v2: do awk/goimports fixup twice]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Extra hosts (`extra_hosts` in compose-file, or `--hosts` in services) adds
custom host/ip mappings to the container's `/etc/hosts`.
The current implementation used a `map[string]string{}` as intermediate
storage, and sorted the results alphabetically when converting to a service-spec.
As a result, duplicate hosts were removed, and order of host/ip mappings was not
preserved (in case the compose-file used a list instead of a map).
According to the **host.conf(5)** man page (http://man7.org/linux/man-pages/man5/host.conf.5.html)
multi Valid values are on and off. If set to on, the resolver
library will return all valid addresses for a host that
appears in the /etc/hosts file, instead of only the first.
This is off by default, as it may cause a substantial
performance loss at sites with large hosts files.
Multiple entries for a host are allowed, and even required for some situations,
for example, to add mappings for IPv4 and IPv6 addreses for a host, as illustrated
by the example hosts file in the **hosts(5)** man page (http://man7.org/linux/man-pages/man5/hosts.5.html):
# The following lines are desirable for IPv4 capable hosts
127.0.0.1 localhost
# 127.0.1.1 is often used for the FQDN of the machine
127.0.1.1 thishost.mydomain.org thishost
192.168.1.10 foo.mydomain.org foo
192.168.1.13 bar.mydomain.org bar
146.82.138.7 master.debian.org master
209.237.226.90 www.opensource.org
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
This patch changes the intermediate storage format to use a `[]string`, and only
sorts entries if the input format in the compose file is a mapping. If the input
format is a list, the original sort-order is preserved.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
`docker stack deploy` keeps restarting services it doesn't need to (no changes)
because the entries' order gets randomized at some previous (de)serialization.
Maybe it would be worth looking into this at a higher level and ensure
all (de)serialization happens in an ordered collection.
This quick fix sorts secrets and configs (in place, mutably) which ensures the
same order for each run.
Based on
https://github.com/moby/moby/pull/30506
Fixes
https://github.com/moby/moby/issues/34746
Signed-off-by: Peter Nagy <xificurC@gmail.com>
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Change to enable volume name can be customized.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Change to enable volume name can be customized.
Remove unused debug info.
Address comments from Daniel and solve the lint error.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address Daniel's comments to print warning message when name of external volume is set in loader code.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address Daniel's comments to return error when external volume is set in loader code.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address Daniel's comments to return error when external volume is set in loader code.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Remove the case that specifying external volume name in full-example.yml.
More fix.
Add unit test.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address comments from Daniel, move the schema change to v3.4.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address comments from Sebastiaan. Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address comments from Misty.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Sebastiaan van Stijn
Albin Kerouanton
Olli Janatuinen
Silvin Lubecki
Drew Erny
Sune Keller
Vincent Demeester
Sebastiaan van Stijn
Joffrey F
Arash Deshmeh
Kir Kolyshkin
Daniel Nephin
Ethan Haynes
Renaud Gaubert
Ilya Sotkov
Simon Ferquel
pnagy
Li Yi
Vincent Demeester
Antonis Kalipetis
Liping Xue
Christophe Robin
Aaron Lehmann