The `--host-add` flag adds a new `host:ip` mapping. Even though
adding an entry is idempotent (adding the same mapping multiple
times does not update the service's definition), it does not
_update_ an existing mapping with a new IP-address (multiple
IP-addresses can be defined for a host).
This patch removes the "or update" part from the flag's
description.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
and enable the new WarnUnmatchedDirective to warn if a nolint is unnecessary.
remove some unnecessary nolint
Signed-off-by: Daniel Nephin <dnephin@docker.com>
When deploying a stack from a compose file, the output did not show
that a secret or config was created. This patch adds messages for these.
Create a configuration file and compose file:
$ cat > config.yml <<EOF
hello: world
EOF
$ cat > secret.txt <<EOF
p@ssw0rd
EOF
$ cat > docker-compose.yml <<EOF
version: "3.3"
services:
test:
image: nginx:alpine
configs:
- source: myconfig
target: /my-config.yml
secrets:
- source: mysecret
target: /my-secret.txt
configs:
myconfig:
file: ./config.yml
secrets:
mysecret:
file: ./secret.txt
EOF
Before this patch is applied:
$ docker stack deploy -c docker-compose.yml example
Creating network example_default
Creating service example_test
After this patch is applied:
$ docker stack deploy -c docker-compose.yml example
Creating network example_default
Creating secret example_mysecret
Creating config example_myconfig
Creating service example_test
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Port mappings in `docker service ls` are quite verbose, and occupy a lot of
space when ranges of ports are published.
This patch improves the output by reconstructing ranges of ports.
Given the following service;
$ docker service create \
-p 60-61:60-61 \
-p 62:61 \
-p 80:80 \
-p 81:80 \
-p 90-95:90-95 \
-p 90-92:90-92/udp \
-p 93-96:93-96/udp \
--name foo \
nginx:alpine
Before this patch is applied:
$ docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
u1kwguv841qg foo replicated 1/1 nginx:alpine *:60->60/tcp,*:61->61/tcp,*:62->61/tcp,*:80->80/tcp,*:81->80/tcp,*:90->90/tcp,*:91->91/tcp,*:92->92/tcp,*:93->93/tcp,*:94->94/tcp,*:95->95/tcp,*:90->90/udp,*:91->91/udp,*:92->92/udp,*:93->93/udp,*:94->94/udp,*:95->95/udp,*:96->96/udp
After this patch is applied:
$ docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
u1kwguv841qg foo replicated 1/1 nginx:alpine *:60-62->60-61/tcp,*:80-81->80/tcp,*:90-95->90-95/tcp,*:90-96->90-96/udp
Additional enhancements can still be made, and marked as TODO in this change;
- combine non-consecutive ports mapped to a single port (`80->80`, `81->80`,
`84->80`, `86->80`, `87->80`); to be printed as `*:80-81,84,86-87->80`.
- combine `tcp` and `udp` mappings if their port-mapping is the same;
print `*:80-81->80-81/tcp+udp` instead of `*:80-81->80-81/tcp, *:80-81->80-81/udp`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Running `docker service ps --quiet` should print the
full, non-truncated ID, even if the `--no-trunc` option
is not set.
This patch disables truncation if the `--quiet` flag
is set.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `docker container stats` output has a column (`CONTAINER`), that shows either
the container _id_ or container _name_, depending on the arguments given.
For example, running `docker container stats foobar` shows:
CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
foobar 0.00% 1.938MiB / 1.952GiB 0.10% 782B / 0B 4.11MB / 0B 2
Whereas `docker container stats 67b2525d8ad1` (`67b2525d8ad1` being the ID for
container `foobar`) shows:
CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
67b2525d8ad1 0.00% 1.938MiB / 1.952GiB 0.10% 916B / 0B 4.11MB / 0B 2
This behavior is confusing.
This patch updates the default output format for `docker stats` to use separate
columns for container ID and container Name (similar to `docker container ls`).
With this patch applied, both commands show the same output:
$ docker container stats foobar
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
67b2525d8ad10bb236a49960e93c09993b0baabeef12c2d46cd5f4fbb6f4808c foobar 0.00% 1.938MiB / 1.952GiB 0.10% 1.25kB / 0B 4.11MB / 0B 2
$ docker container stats 67b2525d8ad1
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
67b2525d8ad10bb236a49960e93c09993b0baabeef12c2d46cd5f4fbb6f4808c foobar 0.00% 1.938MiB / 1.952GiB 0.10% 1.31kB / 0B 4.11MB / 0B 2
Users that want to use the old format can configure a custom format in the
cli configuration file (`~/.docker/config.json`);
on Linux:
{
"statsFormat" : "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.MemPerc}}\t{{.NetIO}}\t{{.BlockIO}}\t{{.PIDs}}"
}
on Windows:
{
"statsFormat" : "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.NetIO}}\t{{.BlockIO}}"
}
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The update includes bug fixes in gometalinter and updates to linters, which
discovered more linter problems.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
- Use `require` instead of `assert` when the assumption is "breaking" for the code
following. For example when asserting an error is not nil and then doing
`err.Error` on it ; if `err` is nil, the test will panic instead of fail.
- Use `assert.Len` when possible. The error message is better.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
This adds 'build' to types.go in order for projects that use docker/cli
to parse Docker Compose files to correctly retrieve `build` keys
Signed-off-by: Charlie Drage <charlie@charliedrage.com>
Commit 330a0035334871d92207b583c1c36d52a244753f added a `--detach=false` option
to various service-related commands, with the intent to make this the default in
a future version (17.09).
This patch changes the default to use "interactive" (non-detached), allowing
users to override this by setting the `--detach` option.
To prevent problems when connecting to older daemon versions (17.05 and below,
see commit db60f25561), the detach option is
ignored for those versions, and detach is always true.
Before this change, a warning was printed to announce the upcoming default:
$ docker service create nginx:alpine
saxiyn3pe559d753730zr0xer
Since --detach=false was not specified, tasks will be created in the background.
In a future release, --detach=false will become the default.
After this change, no warning is printed, but `--detach` is disabled;
$ docker service create nginx:alpine
y9jujwzozi0hwgj5yaadzliq6
overall progress: 1 out of 1 tasks
1/1: running [==================================================>]
verify: Service converged
Setting the `--detach` flag makes the cli use the pre-17.06 behavior:
$ docker service create --detach nginx:alpine
280hjnzy0wzje5o56gr22a46n
Running against a 17.03 daemon, without specifying the `--detach` flag;
$ docker service create nginx:alpine
kqheg7ogj0kszoa34g4p73i8q
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Some mild refactoring of the docker info command;
- Use `fmt.Fprinln()` instead of `fmt.Fprintf()` where possible
- Rename `fprintfIfNotEmpty()` to `fprintlnNonEmpty()`, and removed
return variables, because they were not used. `fprintlnNonEmpty()`
now uses fmt.Fprintln()` instead of `fmt.Fprintf()`, because
formatting was not used.
- Use `fprintlnNonEmpty()` to get rid of some `if` statements
- Extract printing Swarm-related information to a `printSwarmInfo()` function
- Change `Http Proxy` and `Https Proxy` to `HTTP Proxy` / `HTTPS Proxy`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
`docker stack deploy` keeps restarting services it doesn't need to (no changes)
because the entries' order gets randomized at some previous (de)serialization.
Maybe it would be worth looking into this at a higher level and ensure
all (de)serialization happens in an ordered collection.
This quick fix sorts secrets and configs (in place, mutably) which ensures the
same order for each run.
Based on
https://github.com/moby/moby/pull/30506
Fixes
https://github.com/moby/moby/issues/34746
Signed-off-by: Peter Nagy <xificurC@gmail.com>
Signed-off-by: French Ben <frenchben@docker.com>
Update for the test to capture the proper removal
Signed-off-by: French Ben <frenchben@docker.com>
Satisfy lint length limit
Signed-off-by: French Ben <frenchben@docker.com>
Updated e2e test
Signed-off-by: French Ben <frenchben@docker.com>
To keep on a consistent behaviour such as in docker-service-ps
if docker-stack-ps didn't find a given stack, the command line
should exit with exit code 1.
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
This patch fixes the following bug:
Running "docker image ls --digests" will add images digests
to the image table. However, when using "format" to display
images digests all of them are "<none>".
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Implement runRollback to not use runUpdate
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Add version tag and add flag quiet to suppress progress output
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Removed flags from warnDetachDefault
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Used command.Cli interface
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Add detach flag on rollback command
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Create a fakeClient for service commands
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Added unit test for rollback command
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Used command.Cli interface instead of *command.DockerCli in service commands
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Revert "Removed flags from warnDetachDefault"
This reverts commit 3e4f601c8a82cc2599a755dc693409bbc47917fc.
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Fixed test.NewFakeCli instanciation
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Removed unused receiver
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Replaced cli by dockerCli
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Revert "Removed unused receiver"
This reverts commit 604ef7c13df3d019949ca81d992db501114dafce.
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Fixed last typo
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
* Setting "--human=true" changes "CreatedSince" format
* "CreatedAt" now displays the creation timestamp as
specified in the documents
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
The validation functions to test for the number of passed arguments did not
pluralize `argument(s)`, and used `argument(s)` in all cases.
This patch adds a simple `pluralize()` helper to improve this.
Before this change, `argument(s)` was used in all cases:
$ docker container ls foobar
"docker container ls" accepts no argument(s).
$ docker network create one two
"docker network create" requires exactly 1 argument(s).
$ docker network connect
"docker network connect" requires exactly 2 argument(s).
$ docker volume create one two
"docker volume create" requires at most 1 argument(s).
After this change, `argument(s)` is properly singularized or plurarized:
$ docker container ls foobar
"docker container ls" accepts no arguments.
$ docker network create one two
"docker network create" requires exactly 1 argument.
$ docker network connect
"docker network connect" requires exactly 2 arguments.
$ docker volume create one two
"docker volume create" requires at most 1 argument.
Test cases were updated accordingly.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This package will be deprecated/removed from `docker/docker/pkg` and
is mainly used for the cli format options. Let's import it and
maintain here.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
This builds (and depends) on https://github.com/moby/moby/pull/34087
Version 2:
- remove --ipc argument validation (it is now done by daemon)
- add/document 'none' value
- docs/reference/run.md: add a table with better modes description
- dockerd(8) typesetting fixes
Version 3:
- remove ipc mode tests from cli/command/container/opts_test.go
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
When re-deploying a stack without re-resolving the image digest,
the service's ContainerSpec was updated with the image-reference
as specified in the stack/compose file.
As a result, the image-digest that was resolved in a previous
deploy was overwritten, causing the service to be re-deployed.
This patch preserves the previously resolve image-digest
by copying it from the current service spec.
A unit test is also added to verify that the image information
in the service spec is not updated if QueryRegistry is disabled.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Some network environments may have NATs, proxies, or gateways which
kill idle connections. There are many Docker API operations which may
be idle for long periods of time (such as ContainerWait and ContainerAttach)
and may result in unexpected connection closures or hangs if TCP keepalives
are not used.
This patch updates the default HTTP transport used by the Docker client
package to enable TCP Keep-Alive with a keep-alive interval of 30 seconds.
It also sets a connect timeout of 30 seconds.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Ports that were picked from the ephemeral port range
were presented as `*:0->80/tcp`.
This patch changes the presentation to use the
actually assigned port, instead of the port specified
in `Endpoint.Spec` (which is always empty/zero (`0`))
Before this change;
ID NAME MODE REPLICAS IMAGE PORTS
5d44i665qj66 with-random-port replicated 1/1 nginx:alpine *:0->80/tcp
After this change;
ID NAME MODE REPLICAS IMAGE PORTS
5d44i665qj66 with-random-port replicated 1/1 nginx:alpine *:30000->80/tcp
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Change to enable volume name can be customized.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Change to enable volume name can be customized.
Remove unused debug info.
Address comments from Daniel and solve the lint error.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address Daniel's comments to print warning message when name of external volume is set in loader code.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address Daniel's comments to return error when external volume is set in loader code.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address Daniel's comments to return error when external volume is set in loader code.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Remove the case that specifying external volume name in full-example.yml.
More fix.
Add unit test.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address comments from Daniel, move the schema change to v3.4.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address comments from Sebastiaan. Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address comments from Misty.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
The "until" filter is supported by all object types, except for
volumes.
Before this patch, the "until" filter would attempted to be used for the volume
prune endpoint, resulting in an error being returned by the daemon, and
further prune endpoints (networks, images) to be skipped.
$ docker system prune --filter until=24h --filter label=label.foo=bar
WARNING! This will remove:
- all stopped containers
- all volumes not used by at least one container
- all networks not used by at least one container
- all dangling images
Are you sure you want to continue? [y/N] y
Error response from daemon: Invalid filter 'until'
Calling POST /v1.30/containers/prune?filters=%7B%22label%22%3A%7B%22label.foo%3D%3Dbar%22%3Atrue%7D%2C%22until%22%3A%7B%2224h%22%3Atrue%7D%7D
Calling POST /v1.30/volumes/prune?filters=%7B%22label%22%3A%7B%22label.foo%3D%3Dbar%22%3Atrue%7D%2C%22until%22%3A%7B%2224h%22%3Atrue%7D%7D
Handler for POST /v1.30/volumes/prune returned error: Invalid filter 'until'
Error response from daemon: Invalid filter 'until'
With this patch, an error is produced instead, preventing "partial" prune.
$ docker system prune --filter until=24h --filter label=foo==bar --volumes
ERROR: The "until" filter is not supported with "--volumes"
Note that `docker volume prune` does not have this problem, and produces an
error if the `until` filter is used;
$ docker volume prune --filter until=24h
WARNING! This will remove all volumes not used by at least one container.
Are you sure you want to continue? [y/N] y
Error response from daemon: Invalid filter 'until'
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Adapt "image prune" and "build cache prune" to have
the same signature as the other prune commands, so
that they can all be added to the "pruneFuncs" array.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit changes the order stacks and nodes are displayed.
For example, running "docker stack ls" is expected to
display the following list:
NAME SERVICES
service-1 1
service-2 1
service-10 1
However, currently this is what is printed:
NAME SERVICES
service-1 1
service-10 1
service-2 1
To fix this, "docker stack ls" and "docker node ls" are using
natural sorting to make it more human readable.
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
Also update gometalinter to use the official version. The update
found some new gosimple errors, which are fixed.
Also update the filewatcher script for the latest version of filewatcher.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
This:
* conflicts with --password (naturally)
* conflicts with the absence of --username (both can't be grabbed by the
stdin)
* strips a trailing newline off the password if it exists
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
When running `docker stack rm <some stack>` against an older daemon,
a warning was printed for "configs" being ignored;
WARNING: ignoring "configs" (requires API version 1.30, but the Docker daemon API version is 1.26)
Given that an old daemon cannot _have_ configs, there should not be
a need to warn, or _attempt_ to remove these resources.
This patch removes the warning, and skips fetching (and removing)
configs.
A check if _secrets_ are supported by the daemon is also added,
given that this would result in an error when attempted against
an older (pre 1.13) daemon.
There is one situation where this could lead to secrets or
configs being left behind; if the client is connecting to a
daemon that _does_ support secrets, configs, but the API version
is overridden using `DOCKER_API_VERSION`, no warning is printed,
and secrets and configs are not attempted to be removed.
Given that `DOCKER_API_VERSION` is regarded a feature for
debugging / "power users", it should be ok to ignore this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Yassine TIJANI <yasstij11@gmail.com>
moving the deffering of the close after the error checking
Signed-off-by: Yassine TIJANI <yasstij11@gmail.com>
fixing SIGSEGV when running containers
Signed-off-by: Yassine TIJANI <yasstij11@gmail.com>
The `err` variable was set in a loop, so only
the last result was taken into account to return
"failure" or not.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Split out a swarmCAOptions struct for options that are shared between
the ca and update commands.
Change the 'no trust root' message to an error.
Add some unit tests.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
If a task encounters an error, the interactive "service create" and
"service update" commands should show that error instead of showing a
stuck progress bar.
To validate:
docker service create --detach=false --name broken --restart-condition=none --replicas 3 busybox asdf
and
docker service create --detach=false --name broken --mode global --restart-condition none busybox asdf
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This was only showing tasks that belong to nodes that are currently up,
so that tasks on down nodes don't appear to be stuck. But this
unintentionally excludes tasks that haven't been assigned yet, so if a
task is stuck before assignment, for example because no nodes meet its
constraints, a progress bar won't even be shown. The check should only
apply to tasks that have a node assignment.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Running `docker inspect --format "{{.ID}} {{.Size}}" alpine` prints
sha256:651aa95985aa4a17a38ffcf71f598ec461924ca96865facc2c5782ef2d2be07f 3983636
While `docker inspect --format "{{.Id}} {{.Size}}" alpine` prints
sha256:651aa95985aa4a17a38ffcf71f598ec461924ca96865facc2c5782ef2d2be07f 3.983636e+06
This happens because "Id" is not a field of types.ImageInspect and thus
tryRawInspectFallback is called and converts the raw response into `interface{}`
using a JSON decoder. However, by default that decoder converts numbers into
`float64` unless `UseNumber` is set.
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
flags, including cert expiry, will be ignored, so warn if a user attempts
to use `docker swarm ca --cert-expiry` or something.
Signed-off-by: Ying Li <ying.li@docker.com>
This commit modifies config.json to allow for any proxies allowed in
build-args to be configured. These values will then be used
by default as build-args in docker build.
Signed-off-by: Dave Tucker <dt@docker.com>
Signed-off-by: zebrilee <zebrilee@gmail.com>
revert change on docker.go, set HasExperimental to true in cli.go
Signed-off-by: zebrilee <zebrilee@gmail.com>
This fix use `scope=swarm` for service related network inspect.
The purpose is that, in case multiple networks with the same
name exist in different scopes, it is still possible to obtain
the network for services.
This fix is related to moby/moby#33630 and docker/cli#167
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
If configs are declared for a service and pointing on an old
daemon, error out properly (instead of "page not found").
If there is no configs declared, don't call convertServiceConfigObjs
to avoid having an error.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Commit 78c204ef79 added
(f9bd8ec8b268581f93095c5a80679f0a8ff498bf in the moby repo)
a validation to prevent `--rollback` from being used
in combination with other flags that update the
service spec.
This validation was not taking into account that
some flags only affect the CLI behavior, and
are okay to be used when rolling back.
This patch updates the validation, and adds
`--quiet` and `--detach` to the list of allowed
flags.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `docker login -e` / `docker login --email` option was deprecated in
Docker 1.11 (https://github.com/moby/moby/releases/tag/v1.11.0) through
aee260d4eb3aa0fc86ee5038010b7bbc24512ae5 (April 2016), and when used has
been outputing a deprecation warning since;
Flag --email has been deprecated, will be removed in 17.06.
Originally this option was scheduled to be removed in docker 1.13, but
extended to docker 17.06 due to a change in our deprecation policy.
Given that only docker 1.10 and older use this flag (which is EOL, including
for CS versions, as of February 2017), will now be removed.
With this patch, `docker login` will now produce an Error if the flag
is used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
For stack compose files, use filepath.IsAbs instead of path.IsAbs, for
bind-mounted service volumes, because filepath.IsAbs handles Windows
paths, while path.IsAbs does not.
Signed-off-by: John Stephens <johnstep@docker.com>
The docker CLI matches objects either by ID _prefix_
or a full name match, but not partial name matches.
The correct order of resolution is;
- Full ID match (a name should not be able to mask an ID)
- Full name
- ID-prefix
This patch changes the way services are matched.
Also change to use the first matching service, if there's a
full match (by ID or Name) instead of continue looking for
other possible matches.
Error handling changed;
- Do not error early if multiple services were requested
and one or more services were not found. Print the
services that were not found after printing those that
_were_ found instead
- Print an error if ID-prefix matching is ambiguous
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Volumes tend to carry important data and pruning them on `docker system
prune` can easily cause unwanted data loss.
Let's play it safe and not prune volumes on `system prune` by default,
and instead provide an option.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The current implementation of the ElectAuthServer doesn't handle well when the
default Registry server is not included in the response from the daemon Info
endpoint.
That leads to the storage and usage of the credentials for the default registry
(`https://index.docker.io/v1/`) under an empty string on the client config file.
Sample config file after a login via a Docker Daemon without Registry
information:
```json
{
"auths": {
"": {
"auth": "***"
}
}
}
```
That can lead to duplication of the password for the default registry and
authentication failures against the default registry if a pull/push is performed
without first authenticating via the misbehaving daemon.
Also, changes the output of the warning message from stdout to sdterr as
per dnephin suggestion.
Signed-off-by: Marcus Martins <marcus@docker.com>
be attached to special networks such as host and bridge. This fix brings
in the required changes to make sure the stack file accepts these
networks as well.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
If use docker attach command to attach to a stop container, it will return
"You cannot attach to a stopped container" error, it's ok, but when
attach to a running container, it(docker attach) use inspect to check
the container's state, if it pass the state check on the client side,
and then the container is stopped, docker attach command still attach to
the container and not exit.
Signed-off-by: Shukui Yang <yangshukui@huawei.com>
It has been refactored to a hijackedIOStreamer type which has several
methods which are used to prepare input and handle streaming the input
and output separately.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
The docker/client package was updated to support the updated Container
Wait API functionality. The run and start commands have been updated to
use the new wait features.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
This adds a pretty template for both inspect subcommands. For configs,
it's particularly useful because it's a way to expose the config payload
in the CLI in a non-base64-encoded way.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This command inserts a variable amount of padding in the log line:
padding := strings.Repeat(" ", f.padding-getMaxLength(task.Slot))
If the service is scaled up, or the slot numbers are noncontiguous, the
subtraction can underflow, causing a crash.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Michael Friis <friism@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This mess things up using the `Substitute` method from
outside (i.e. the error is nil but not nil kinda)
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
The `read_only` key in a composefile is not taken into account right
now. Now that services support `--read-only`, so should `stack deploy`
Ref: moby/moby#32994
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
responses to the CLI. In `node ls`, display only whether the nodes' TLS
info matches the cluster's TLS info, or whether the node needs cert rotation.
Signed-off-by: Ying Li <ying.li@docker.com>
Commit bb5dfdb8c5acd48f17498b111db360820a50baec added a
labels option to the docker-compose file format, but
added it to the 3.2 schema.
This patch moves the change to the 3.3 schema
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Colin Hebert <hebert.colin@gmail.com>
- The cli version defaults to "unknown-version" unless set via the VERSION env var
- The commit version can be overridden via GITCOMMIT env var
- The build time can be overridden via BUILDTIME env var
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
This is necessary in order to avoid execId leaks in the case where a
`docker exec -it` is run without a terminal available for the client.
You can reproduce this issue by running the following command many
times.
% nohup docker exec -it some_container true
The container `some_container` will have execIDs that will never
normally be cleaned up (because the client died before they were
started).
In addition, this patch adds a docker-inspect step to ensure that we
give "container does not exist" errors consistently.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
This is synonymous with `docker run --cidfile=FILE` and writes the digest of
the newly built image to the named file. This is intended to be used by build
systems which want to avoid tagging (perhaps because they are in CI or
otherwise want to avoid fixed names which can clash) by enabling e.g. Makefile
constructs like:
image.id: Dockerfile
docker build --iidfile=image.id .
do-some-more-stuff: image.id
do-stuff-with <image.id
Currently the only way to achieve this is to use `docker build -q` and capture
the stdout, but at the expense of losing the build output.
In non-silent mode (without `-q`) with API >= v1.29 the caller will now see a
`JSONMessage` with the `Aux` field containing a `types.BuildResult` in the
output stream for each image/layer produced during the build, with the final
one being the end product. Having all of the intermediate images might be
interesting in some cases.
In silent mode (with `-q`) there is no change, on success the only output will
be the resulting image digest as it was previosuly.
There was no wrapper to just output an Aux section without enclosing it in a
Progress, so add one here.
Added some tests to integration cli tests.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
This new flag will allow the configuration of an interface that
can be used for data path traffic to be isolated from control
plane traffic. This flag is simply percolated down to libnetwork
and will be used by all the global scope drivers (today overlay)
Negative test added for invalid flag arguments
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
swarmkit's API type. Make sure this parameter gets propagated to
swarmkit, and also add an extra option to the CLI when providing
external CAs to parse the CA cert from a file.
Signed-off-by: Ying Li <ying.li@docker.com>
These tests were caught in the crossfire of the transition to testify.
testify has a few subtle differences from the similar custom framework
it replaced:
- Error behaves differently
- Equal takes its arguments in a different order
This PR also takes the opportunity to use a few shorthands from testify,
such as Len, True, and False.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This avoids issues when copy/pasting between different shells on
different OSes, which may not all support `\` as a continuation
character.
Fixes#32725
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
Whitelist some existing offenders, and use a high limit for now.
This limit should decrese over time.
Signed-off-by: Daniel Nephin <dnephin@docker.com>