Commit Graph

1614 Commits

Author SHA1 Message Date
Sebastiaan van Stijn f61aab59f7
cli/command/plugin: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-25 15:42:07 +01:00
Sebastiaan van Stijn 9bdeb09ae9
cli/command/node: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-25 15:42:06 +01:00
Sebastiaan van Stijn f28c063e2f
cli/command/context: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-25 15:42:05 +01:00
Sebastiaan van Stijn 43795ec8f7
cli/command/manifest: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-25 15:42:04 +01:00
Sebastiaan van Stijn d14b5bff80
cli/command/image: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-25 15:41:55 +01:00
Sebastiaan van Stijn 76b47359cb
cli/command/context: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-25 15:41:50 +01:00
Sebastiaan van Stijn e946bf0804
cli/command/container: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-25 15:36:23 +01:00
Sebastiaan van Stijn bc1790c5c2
cli/command/config: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-25 15:36:08 +01:00
Sebastiaan van Stijn 8dc53344e0
cli/command/checkpoint: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-25 15:35:51 +01:00
Sebastiaan van Stijn df7adf4aa3
Merge pull request #3434 from howardjohn/json/unmarshal-pointer
Fix incorrect pointer inputs to `json.Unmarshal`
2022-02-25 12:06:10 +01:00
Sebastiaan van Stijn cb65bd4de8
Merge pull request #3436 from ndeloof/public_RunExec
publish RunExec for use by docker/compose
2022-02-25 11:43:13 +01:00
Sebastiaan van Stijn 1c5256d8e1
Merge pull request #3442 from thaJeztah/drop_kube_cleanup_test
update/remove various tests and options related to kubernetes support
2022-02-25 11:15:14 +01:00
CrazyMax e38e6c51ff
bring back and expose BuildKitEnabled func
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-02-24 17:57:56 +01:00
Sebastiaan van Stijn ee9d17caec
cli/context: update package documentation
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 17:53:21 +01:00
Sebastiaan van Stijn 242857dd81
update/remove various tests and options related to kubernetes support
Remove various tests and utilities related to testing kubernetes support

Also removing the Kubernetes and DefaultStackOrchestrator from CreateOptions
and UpdateOptions, instead updating the flags to not be bound to a variable.

This might break some consumers of those options, but given that they've become
non-functional, that's probably ok (otherwise they may ignore the deprecation
warning and end up with non-functional code).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 17:53:18 +01:00
Nicolas De Loof 2d268392d1
publish RunExec for use by docker/compose
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-02-24 16:31:24 +01:00
Sebastiaan van Stijn 467e650d4c
formatter: mark KubernetesEndpoint templating option as deprecated
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 13:36:01 +01:00
Sebastiaan van Stijn 6ea2767289
config: mark stackOrchestrator option as deprecated
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 13:35:03 +01:00
Sebastiaan van Stijn 16ece9bb82
system/version: remove dead-code
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 12:26:18 +01:00
Sebastiaan van Stijn 1924bc9f0f
stack/swarm: remove unneeded getStackServiceFilter()
It was now an alias for getStackFilter, so no longer needed

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 12:26:15 +01:00
Sebastiaan van Stijn cff010c61f
context export: remove docker context export --kubeconfig options
Removes the --kubeconfig flag, and the corresponding ExportOptions.Kubeconfig,
as well as special handling for kubeconfig export, as it's no longer used.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 12:26:09 +01:00
John Howard ee97fe95bc Fix incorrect pointer inputs to `json.Unmarshal`
See https://github.com/howardjohn/go-unmarshal-double-pointer for more
info on why this is not safe and how this is detected.

Signed-off-by: John Howard <howardjohn@google.com>
2022-02-22 13:08:37 -08:00
Nicolas De Loof 193ede9b12
remove obsolete mutli-orchestrator support
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-02-22 15:28:12 +01:00
Nicolas De Loof 1d48749c1c warn user kubernetes is deprecated and options won't be stored in context
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-02-22 13:47:34 +01:00
Nicolas De Loof 7b9580df51 Drop support for (archived) Compose-on-Kubernetes
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-02-22 13:47:34 +01:00
Sebastiaan van Stijn a7778806a0
cli/compose/schema: make version optional, default to "latest"
The compose spec (https://compose-spec.io) defines the version to be optional,
and implementations of the spec to check for supported attributes instead.

While this change does not switch the `docker stack` implementation to use the
compose-spec, it makes it function more similar. Previously, omitting a version
number would either produce an error (as the field was required), or switched
the handling to assume it was version 1.0 (which is deprecated).

With this change, compose files without a version number will be handled as
the latest version supported by `docker stack` (currently 3.10). This allows
users that work with docker-compose or docker compose (v2) to deploy their
compose file, without having to re-add a version number. Fields that are
not supported by stackes (schema 3.10) will still produce an error.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-18 12:26:04 +01:00
Sebastiaan van Stijn a9fd697737
cli/compose: add schema 3.10 (no changes with 3.9 yet)
Adding a copy of the 3.9 schema, with only the version-string changed.
This makes it easier to find changes since 3.9, which are added after
this.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-18 12:26:02 +01:00
Sebastiaan van Stijn d44eca129f
cli/compose/schema: Validate(): normalize version before validating
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-18 12:26:00 +01:00
Sebastiaan van Stijn bce65f0edc
builder: simplify error generation, and rephrase error/warning
With this change:

    echo 'FROM busybox' | DOCKER_BUILDKIT=1 docker build -
    ERROR: BuildKit is enabled but the buildx component is missing or broken.
           Install the buildx component to build images with BuildKit:
           https://docs.docker.com/go/buildx/

    echo 'FROM busybox' | docker build -
    DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
                Install the buildx component to build images with BuildKit:
                https://docs.docker.com/go/buildx/

    Sending build context to Docker daemon  2.048kB
    ...

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-03 10:38:05 +01:00
CrazyMax 4d8e45782b
builder: fallback to legacy
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-02-03 10:38:05 +01:00
CrazyMax 6fef143dbc
Set buildx as default builder
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-02-03 10:38:05 +01:00
Sebastiaan van Stijn 08a1ccc60a
Remove support for encrypted TLS private keys
> Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since
> it does not authenticate the ciphertext, it is vulnerable to padding oracle
> attacks that can let an attacker recover the plaintext

From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

This feature allowed using an encrypted private key with a supplied password,
but did not provide additional security as the encryption is known to be broken,
and the key is sitting next to the password in the filesystem. Users are recommended
to decrypt the private key, and store it un-encrypted to continue using it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-27 14:26:32 +01:00
Sebastiaan van Stijn 48cbe0bfa1
Merge pull request #3264 from coryb/fix-data-race
fix innocuous data-race when config.Load called in parallel
2022-01-27 10:26:56 +01:00
Amey Shrivastava dfb39e9e5f Fix Typos
This commit fixes spelling mistakes (typos) at a few places in the codebase.

Signed-off-by: Amey Shrivastava <72866602+AmeyShrivastava@users.noreply.github.com>
2021-12-20 01:49:19 +05:30
Silvin Lubecki ed86571bfa
Merge pull request #3256 from thaJeztah/cleanup_rootcommand
cli.SetupRootCommand(): minor cleanup
2021-12-08 11:31:59 +01:00
CrazyMax 4d93717ae5
ci: github actions test workflow
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2021-12-07 14:50:22 +01:00
Mathieu Champlon 8b85274d26 Fix typo
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
2021-11-05 18:10:51 +01:00
Sebastiaan van Stijn 3fb4fb83df
Merge pull request #3245 from thaJeztah/remove_stopsignal_default
create/run: remove default --stop-signal
2021-11-02 12:17:39 +01:00
Sebastiaan van Stijn 46f8c8b926
Merge pull request #3322 from samuelkarp/ensure-default-auth-config
registry: ensure default auth config has address
2021-10-15 12:59:56 +02:00
CrazyMax 75284bd1d1
Use goversioninfo to create Windows Version Info
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2021-10-11 16:54:22 +02:00
Samuel Karp 1f8cb1fbbd
registry: ensure default auth config has address
Signed-off-by: Samuel Karp <skarp@amazon.com>
(cherry picked from commit 42d1c02750)
Signed-off-by: Samuel Karp <skarp@amazon.com>
2021-10-04 11:36:13 -07:00
Sebastiaan van Stijn 214cd05aa1
create/run: remove default --stop-signal
The DefaultStopSignal const has been deprecated, because the daemon already
handles a default value. The current code did not actually send the default
value unless the flag was set, which also made the flag description incorrect,
because in that case, the _daemon's_ default would be used, which could
potentially be different as was specified here.

This patch removes the default value from the flag, leaving it to the daemon
to set a default.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-25 09:53:42 +02:00
Sebastiaan van Stijn e8fdc3c491
Merge pull request #3230 from thaJeztah/remove_seccomp_warning
info: skip client-side warning about seccomp profile on API >= 1.42
2021-08-24 22:04:58 +02:00
coryb b5f4a6e45f fix innocuous data-race when config.Load called in parallel
Locking was removed in https://github.com/docker/cli/pull/3025 which
allows for parallel calls to config.Load to modify global state.
The consequence in this case is innocuous, but it does trigger a
`DATA RACE` exception when tests run with `-race` option.

Signed-off-by: coryb <cbennett@netflix.com>
2021-08-21 13:27:23 -07:00
Alex Couture-Beil af1bb80c34 Enable ssh forwarding when building a remote target
- this fixes https://github.com/moby/buildkit/issues/2040 by enabling
ssh forwarding when a remote address is given on the command line, this
is a similar fix to https://github.com/docker/buildx/pull/581

Signed-off-by: Alex Couture-Beil <alex@earthly.dev>
2021-08-19 08:54:37 -07:00
Sebastiaan van Stijn 7e15d136bb
cli.SetupRootCommand(): minor cleanup
Had this in a branch locally, so thought I'd open as a PR

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-16 12:32:16 +02:00
Sebastiaan van Stijn 818564af51
cli/compose: use go1.16 native embed functionality for schemas
This allows us to drop the `//go:generate` and use of the github.com/mjibson/esc
utility.

worth noting that Go's native "embed" does not compress files. We could compress
these files as part of a build / validate step (which would add some complexity
when updating these files) if this is a concern, but not sure if the additional
complexity is warranted.

Comparing before/after sizes (see below);

    macOS: 54125840 - 54005264 = 120576 (+120.58 kB)
    Linux: 52393231 - 52277701 = 115530 (+115.53 kB)

Before:

    ls -l build/
    total 208736
    lrwxr-xr-x  1 sebastiaan  staff        19 Aug 15 09:36 docker@ -> docker-linux-amd64
    -rwxr-xr-x  1 sebastiaan  staff  54005264 Aug 15 09:35 docker-darwin-amd64*
    -rwxr-xr-x  1 sebastiaan  staff  52277701 Aug 15 09:36 docker-linux-amd64*

After:

    ls -l build/
    total 208960
    lrwxr-xr-x  1 sebastiaan  staff        18 Aug 15 09:32 docker@ -> docker-linux-amd64
    -rwxr-xr-x  1 sebastiaan  staff  54125840 Aug 15 09:31 docker-darwin-amd64*
    -rwxr-xr-x  1 sebastiaan  staff  52393231 Aug 15 09:32 docker-linux-amd64*

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-15 10:04:13 +02:00
Sebastiaan van Stijn fc85fe4eb8
vendor: update docker to current master (API v1.42)
full diff: 25917217ca...343665850e

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-12 13:24:05 +02:00
Sebastiaan van Stijn 847aef321e
build: fix AddDockerfileToBuildContext not de-referencing tar header template
Commit 73aef6edfe
modified archive.ReplaceFileTarWrapper to set the Name field in the tar header,
if the field was not set.

That change exposed an issue in how a Dockerfile from stdin was sent to the daemon.
When attempting to build using a build-context, and a Dockerfile from stdin, the
following happened:

```bash
mkdir build-stdin && cd build-stdin && echo hello > hello.txt

DOCKER_BUILDKIT=0 docker build --no-cache -t foo -f- . <<'EOF'
FROM alpine
COPY . .
EOF

Sending build context to Docker daemon  2.607kB
Error response from daemon: dockerfile parse error line 1: unknown instruction: .DOCKERIGNORE
```

Removing the `-t foo`, oddly lead to a different failure:

```bash
DOCKER_BUILDKIT=0 docker build --no-cache -f- . <<'EOF'
FROM alpine
COPY . .
EOF

Sending build context to Docker daemon  2.581kB
Error response from daemon: Cannot locate specified Dockerfile: .dockerfile.701d0d71fb1497d6a7ce
```

From the above, it looks like the tar headers got mangled, causing (in the first
case) the daemon to use the build-context tar as a plain-text file, and therefore
parsing it as Dockerfile, and in the second case, causing it to not being able to
find the Dockerfile in the context.

I noticed that both TarModifierFuncs were using the same `hdrTmpl` struct, which
looks to caused them to step on each other's toes. Changing them to each initialize
their own struct made the issue go away.

After this change:

```bash
DOCKER_BUILDKIT=0 docker build --no-cache -t foo -f- . <<'EOF'
FROM alpine
COPY . .
EOF
Sending build context to Docker daemon  2.607kB
Step 1/2 : FROM alpine
 ---> d4ff818577bc
Step 2/2 : COPY . .
 ---> 556f745e6938
Successfully built 556f745e6938
Successfully tagged foo:latest

DOCKER_BUILDKIT=0 docker build --no-cache -f- . <<'EOF'
FROM alpine
COPY . .
EOF

Sending build context to Docker daemon  2.607kB
Step 1/2 : FROM alpine
 ---> d4ff818577bc
Step 2/2 : COPY . .
 ---> aaaee43bec5e
Successfully built aaaee43bec5e
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-10 23:19:14 +02:00
Sebastiaan van Stijn 23ed50c10f
replace docker/pkg/signal with github.com/moby/sys/signal
The github.com/docker/docker/pkg/signal package was moved to a separate
module in moby/sys.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-09 19:15:46 +02:00
Sebastiaan van Stijn 8964595692
info: skip client-side warning about seccomp profile on API >= 1.42
This warning will be moved to the daemon-side, similar to how it returns
other warnings. There's work in progress to change the name of the default
profile, so we may need to backport this change to prevent existing clients
from printing an incorrect warning if they're connecting to a newer daemon.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-04 16:03:09 +02:00
Sebastiaan van Stijn 0b2eaa7f72
cli/command: don't use client.CustomHTTPHeaders(), and simplify asserts
It's the only use of this function, and it's better to check that
the client actually sends the header.

This also simplifies some asserts, and makes sure that "actual" and "expected"
are in the correct order.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 10:26:10 +02:00
Sebastiaan van Stijn 40c6b117e7
change TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e test
Golang uses a `sync.Once` when determining the proxy to use. This means
that it's not possible to test the proxy configuration in unit tests,
because the proxy configuration will be "fixated" the first time Golang
detects the proxy configuration.

This patch changes TestNewAPIClientFromFlagsWithHttpProxyEnv to an e2e
test so that we can verify the CLI picks up the proxy configuration.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 22:33:12 +02:00
Sebastiaan van Stijn 15535d4594
context: deprecate support for encrypted TLS private keys
> Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since
> it does not authenticate the ciphertext, it is vulnerable to padding oracle
> attacks that can let an attacker recover the plaintext

From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-28 14:42:45 +02:00
Sebastiaan van Stijn 2688f25eb7
cli/context: ignore linting warnings about RFC 1423 encryption
From https://go-review.googlesource.com/c/go/+/264159

> It's unfortunate that we don't implement PKCS#8 encryption so we can't
> recommend an alternative but PEM encryption is so broken that it's worth
> deprecating outright.

When linting on Go 1.16:

    cli/context/docker/load.go:69:6: SA1019: x509.IsEncryptedPEMBlock is deprecated: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.  (staticcheck)
            if x509.IsEncryptedPEMBlock(pemBlock) {
               ^
    cli/context/docker/load.go:70:20: SA1019: x509.DecryptPEMBlock is deprecated: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.  (staticcheck)
                keyBytes, err = x509.DecryptPEMBlock(pemBlock, []byte(c.TLSPassword))
                                ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-26 18:00:01 +02:00
Sebastiaan van Stijn 7a0dc924f9
Add support for ALL_PROXY
Support for ALL_PROXY as default build-arg was added recently in
buildkit and the classic builder.

This patch adds the `ALL_PROXY` environment variable to the list of
configurable proxy variables, and updates the documentation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-21 09:06:18 +02:00
Brian Goff 4ce521c503
info: print errors to stderr
Errors always need to go to stderr.
This also fixes a test in moby/moby's integration-cli which is checking
to see if errors connecting to the daemon are output on stderr.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-13 11:43:32 +02:00
Sebastiaan van Stijn d738e7c489
docker info: skip API connection if possible
The docker info output contains both "local" and "remote" (daemon-side) information.
The API endpoint to collect daemon information (`/info`) is known to be "heavy",
and (depending on what information is needed) not needed.

This patch checks if the template (`--format`) used requires information from the
daemon, and if not, omits making an API request.

This will improve performance if (for example), the current "context" is requested
from `docker info` or if only plugin information is requested.

Before:

    time docker info --format '{{range  .ClientInfo.Plugins}}Plugin: {{.Name}}, {{end}}'
    Plugin: buildx, Plugin: compose, Plugin: scan,

    ________________________________________________________
    Executed in  301.91 millis    fish           external
       usr time  168.64 millis   82.00 micros  168.56 millis
       sys time  113.72 millis  811.00 micros  112.91 millis

    time docker info --format '{{json .ClientInfo.Plugins}}'

    time docker info --format '{{.ClientInfo.Context}}'
    default

    ________________________________________________________
    Executed in  334.38 millis    fish           external
       usr time  177.23 millis   93.00 micros  177.13 millis
       sys time  124.90 millis  927.00 micros  123.97 millis

    docker context use remote-ssh-daemon
    time docker info --format '{{.ClientInfo.Context}}'
    remote-ssh-daemon

    ________________________________________________________
    Executed in    1.22 secs   fish           external
       usr time  116.93 millis  110.00 micros  116.82 millis
       sys time  144.36 millis  887.00 micros  143.47 millis

And daemon logs:

    Jul 06 12:42:12 remote-ssh-daemon dockerd[14377]: time="2021-07-06T12:42:12.139529947Z" level=debug msg="Calling HEAD /_ping"
    Jul 06 12:42:12 remote-ssh-daemon dockerd[14377]: time="2021-07-06T12:42:12.140772052Z" level=debug msg="Calling HEAD /_ping"
    Jul 06 12:42:12 remote-ssh-daemon dockerd[14377]: time="2021-07-06T12:42:12.163832016Z" level=debug msg="Calling GET /v1.41/info"

After:

    time ./build/docker info --format '{{range  .ClientInfo.Plugins}}Plugin: {{.Name}}, {{end}}'
    Plugin: buildx, Plugin: compose, Plugin: scan,

    ________________________________________________________
    Executed in  139.84 millis    fish           external
       usr time   76.53 millis   62.00 micros   76.46 millis
       sys time   69.25 millis  723.00 micros   68.53 millis

    time ./build/docker info --format '{{.ClientInfo.Context}}'
    default

    ________________________________________________________
    Executed in  136.94 millis    fish           external
       usr time   74.61 millis   74.00 micros   74.54 millis
       sys time   65.77 millis  858.00 micros   64.91 millis

    docker context use remote-ssh-daemon
    time ./build/docker info --format '{{.ClientInfo.Context}}'
    remote-ssh-daemon

    ________________________________________________________
    Executed in    1.02 secs   fish           external
       usr time   74.25 millis   76.00 micros   74.17 millis
       sys time   65.09 millis  643.00 micros   64.44 millis

And daemon logs:

    Jul 06 12:42:55 remote-ssh-daemon dockerd[14377]: time="2021-07-06T12:42:55.313654687Z" level=debug msg="Calling HEAD /_ping"
    Jul 06 12:42:55 remote-ssh-daemon dockerd[14377]: time="2021-07-06T12:42:55.314811624Z" level=debug msg="Calling HEAD /_ping"

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-06 17:04:34 +02:00
Mathieu Champlon a033cdf515 Deprecate Kubernetes context support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
2021-07-01 18:39:00 +02:00
Mathieu Champlon c05f0f5957 Deprecate Kubernetes stack support
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
2021-07-01 18:39:00 +02:00
Sebastiaan van Stijn 4a6fe51157
Merge pull request #2940 from thaJeztah/rollback_progress_bars
UX: don't reverse progress-bars when rolling back
2021-06-29 16:02:45 +02:00
Sebastiaan van Stijn 678c2fde98
UX: don't reverse progress-bars when rolling back
Commit 330a003533
introduced "synchronous" service update and rollback, using progress bars to show
current status for each task.

As part of that change, progress bars were "reversed" when doing a rollback, to
indicate that status was rolled back to a previous state.

Reversing direction is somewhat confusing, as progress bars now return to their
"initial" state to indicate it was "completed"; for an "automatic" rollback, this
may be somewhat clear (progress bars "move to the right", then "roll back" if the
update failed), but when doing a manual rollback, it feels counter-intuitive
(rolling back is the _expected_ outcome).

This patch removes the code to reverse the direction of progress-bars, and makes
progress-bars always move from left ("start") to right ("finished").

Before this patch
----------------------------------------

1. create a service with automatic rollback on failure

    $ docker service create --update-failure-action=rollback --name foo --tty --replicas=5 nginx:alpine
    9xi1w3mv5sqtyexsuh78qg0cb
    overall progress: 5 out of 5 tasks
    1/5: running   [==================================================>]
    2/5: running   [==================================================>]
    3/5: running   [==================================================>]
    4/5: running   [==================================================>]
    5/5: running   [==================================================>]
    verify: Waiting 2 seconds to verify that tasks are stable...

2. update the service, making it fail after 3 seconds

    $ docker service update --entrypoint="/bin/sh -c 'sleep 3; exit 1'" foo
    overall progress: rolling back update: 2 out of 5 tasks
    1/5: running   [==================================================>]
    2/5: running   [==================================================>]
    3/5: starting  [============================================>      ]
    4/5: running   [==================================================>]
    5/5: running   [==================================================>]

3. Once the service starts failing, automatic rollback is started; progress-bars now move in the reverse direction;

    overall progress: rolling back update: 3 out of 5 tasks
    1/5: ready     [===========>                                       ]
    2/5: ready     [===========>                                       ]
    3/5: running   [>                                                  ]
    4/5: running   [>                                                  ]
    5/5: running   [>                                                  ]

4. When the rollback is completed, the progressbars are at the "start" to indicate they completed;

    overall progress: rolling back update: 5 out of 5 tasks
    1/5: running   [>                                                  ]
    2/5: running   [>                                                  ]
    3/5: running   [>                                                  ]
    4/5: running   [>                                                  ]
    5/5: running   [>                                                  ]
    rollback: update rolled back due to failure or early termination of task bndiu8a998agr8s6sjlg9tnrw
    verify: Service converged

After this patch
----------------------------------------

Progress bars always go from left to right; also in a rollback situation;

After updating to the "faulty" entrypoint, task are deployed:

    $ docker service update --entrypoint="/bin/sh -c 'sleep 3; exit 1'" foo
    foo
    overall progress: 1 out of 5 tasks
    1/5:
    2/5: running   [==================================================>]
    3/5: ready     [======================================>            ]
    4/5:
    5/5:

Once tasks start failing, rollback is started, and presented the same as a regular
update; progress bars go from left to right;

    overall progress: rolling back update: 3 out of 5 tasks
    1/5: ready     [======================================>            ]
    2/5: starting  [============================================>      ]
    3/5: running   [==================================================>]
    4/5: running   [==================================================>]
    5/5: running   [==================================================>]
    rollback: update rolled back due to failure or early termination of task c11dxd7ud3d5pq8g45qkb4rjx

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-22 10:28:46 +02:00
Sebastiaan van Stijn a04c8210a6
vendor: github.com/docker/docker 25917217cab38eab40c3db0010b915258f4a8491
b0f5bc36fe..25917217ca

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-22 10:16:54 +02:00
Sebastiaan van Stijn 16131fb459
Slight cleanup/refactor of attachContainer
Return early in case there's an error, and declare variables closer
to where they're used.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-31 15:33:31 +02:00
Sebastiaan van Stijn 1142740996
Merge pull request #2972 from thaJeztah/ipv6_port_join
Use net.JoinHostPort() to fix formatting with IPv6 addresses
2021-05-25 14:58:47 +02:00
Sebastiaan van Stijn 6b4d2e83cd
Merge pull request #3103 from djs55/ignore_sigurg_darwin
Ignore SIGURG on Unix (including Darwin)
2021-05-25 12:29:14 +02:00
Silvin Lubecki e26409ebf1
Merge pull request #2986 from thaJeztah/ignore_nil_signals
ForwardAllSignals: check if channel is closed, and remove warning
2021-05-25 10:29:42 +02:00
David Scott cedaf44ea2 Ignore SIGURG on Darwin too
This extends #2929 to Darwin as well as Linux.

Running the example in https://github.com/golang/go/issues/37942
I see lots of:
```
dave@m1 sigurg % uname -ms
Darwin arm64

dave@m1 sigurg % go run main.go
received urgent I/O condition: 2021-05-21 16:03:03.482211 +0100 BST m=+0.014553751
received urgent I/O condition: 2021-05-21 16:03:03.507171 +0100 BST m=+0.039514459
```

Signed-off-by: David Scott <dave@recoil.org>
2021-05-24 19:37:53 +01:00
Silvin Lubecki 4623696725
Merge pull request #3077 from AkihiroSuda/silence-unhandleable-deprecated-warnings
printServerWarningsLegacy: silence "No kernel memory limit support"; silence "No oom kill disable support" on cgroup v2
2021-05-18 21:57:59 +02:00
Sebastiaan van Stijn 19c5aab404
Merge pull request #2990 from cpuguy83/fix_start_blocking
Fix `docker start` blocking on signal handling
2021-05-07 08:32:48 +02:00
Akihiro Suda 05ec0188fa
printServerWarningsLegacy: silence "No oom kill disable support" on cgroup v2
The warning should be ignored on cgroup v2 hosts.

Relevant: 8086443a44

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-05-04 19:35:07 +09:00
Akihiro Suda 731f52cfe8
printServerWarningsLegacy: silence "No kernel memory limit support"
The kernel memory limit is deprecated in Docker 20.10.0,
and its support was removed in runc v1.0.0-rc94.
So, this warning can be safely removed.

Relevant: b8ca7de823

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-05-04 19:17:11 +09:00
Sebastiaan van Stijn be327a4f0f
cli/config/configfile: various test cleanups
- use var/const blocks when declaring a list of variables
- use const where possible

TestCheckKubernetesConfigurationRaiseAnErrorOnInvalidValue:

- use keys when assigning values
- make sure test is dereferenced in the loop
- use subtests

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-30 10:03:51 +02:00
Sebastiaan van Stijn f3886f354a
Use designated test domains (RFC2606) in tests
Some tests were using domain names that were intended to be "fake", but are
actually registered domain names (such as mycorp.com).

Even though we were not actually making connections to these domains, it's
better to use domains that are designated for testing/examples in RFC2606:
https://tools.ietf.org/html/rfc2606

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-30 10:03:45 +02:00
Maximillian Fan Xavier 12370ad1f4
Add progress bar to copy into and from container
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Maximillian Fan Xavier <maximillianfx@gmail.com>
2021-04-24 13:24:19 +02:00
Sebastiaan van Stijn 168173a3f1
Use net.JoinHostPort() to fix formatting with IPv6 addresses
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-20 11:05:24 +02:00
Tonis Tiigi 8b822c9219 update windows resources generation
New solution is not hardcoded to amd64 but integrates
with the cross toolchain and support creating arm binaries.

Go has been updated so that ASLR works

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-04-06 00:20:59 -07:00
Sebastiaan van Stijn 09ddcffb2f
config.Load() remove unneeded locks
These were added in b83bc67136, but
I'm not sure why I added these; they're likely not needed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-03-25 21:45:14 +01:00
Sebastiaan van Stijn b83bc67136
config: print deprecation warning when falling back to ~/.dockercfg
Relates to the deprecation, added in 3c0a167ed5

The docker CLI up until v1.7.0 used the `~/.dockercfg` file to store credentials
after authenticating to a registry (`docker login`). Docker v1.7.0 replaced this
file with a new CLI configuration file, located in `~/.docker/config.json`. When
implementing the new configuration file, the old file (and file-format) was kept
as a fall-back, to assist existing users with migrating to the new file.

Given that the old file format encourages insecure storage of credentials
(credentials are stored unencrypted), and that no version of the CLI since
Docker v1.7.0 has created this file, the file is marked deprecated, and support
for this file will be removed in a future release.

This patch adds a deprecation warning, which is printed if the CLI falls back
to using the deprecated ~/.dockercfg file.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-03-08 16:13:02 +01:00
Brian Goff e1a7517514 Fix `docker start` blocking on signal handling
We refactorted `ForwardAllSignals` so it blocks but did not update the
call in `start` to call it in a goroutine.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2021-03-02 00:54:13 +00:00
Sebastiaan van Stijn 9342ec6b71
ForwardAllSignals: check if channel is closed, and remove warning
Commit fff164c22e modified ForwardAllSignals to
take `SIGURG` signals into account, which can be generated by the Go runtime
on Go 1.14 and up as an interrupt to support pre-emptable system calls on Linux.

With the updated code, the signal (`s`) would sometimes be `nil`, causing spurious
(but otherwise harmless) warnings to be printed;

    Unsupported signal: <nil>. Discarding.

To debug this issue, I patched v20.10.4 to handle `nil`, and added a debug line
to print the signal in all cases;

```patch
diff --git a/cli/command/container/signals.go b/cli/command/container/signals.go
index 06e4d9eb6..0cb53ef06 100644
--- a/cli/command/container/signals.go
+++ b/cli/command/container/signals.go
@@ -22,8 +22,9 @@ func ForwardAllSignals(ctx context.Context, cli command.Cli, cid string, sigc <-
                case <-ctx.Done():
                        return
                }
+               fmt.Fprintf(cli.Err(), "Signal: %v\n", s)

               if s == signal.SIGCHLD || s == signal.SIGPIPE {
```

When running a cross-compiled macOS binary with Go 1.13 (`make -f docker.Makefile binary-osx`):

    # regular "docker run" (note that the `<nil>` signal only happens "sometimes"):
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    Signal: <nil>

    # when cancelling with CTRL-C:
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    ^CSignal: interrupt
    Cloning into 'getting-started'...
    error: could not lock config file /git/getting-started/.git/config: No such file or directory
    fatal: could not set 'core.repositoryformatversion' to '0'
    Signal: <nil>
    Signal: <nil>

When running a macOS binary built with Go 1.15 (`DISABLE_WARN_OUTSIDE_CONTAINER=1 make binary`):

    # regular "docker run" (note that the `<nil>` signal only happens "sometimes"):
    # this is the same as on Go 1.13
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    Signal: <nil>

    # when cancelling with CTRL-C:
    ./build/docker run --rm alpine/git clone https://github.com/docker/getting-started.git
    Cloning into 'getting-started'...
    ^CSignal: interrupt
    Signal: urgent I/O condition
    Signal: urgent I/O condition
    fatal: --stdin requires a git repository
    fatal: index-pack failed
    Signal: <nil>
    Signal: <nil>

This patch checks if the channel is closed, and removes the warning (to prevent warnings if new
signals are added that are not in our known list of signals)

We should also consider updating `notfiyAllSignals()`, which currently forwards
_all_ signals (`signal.Notify(sigc)` without passing a list of signals), and
instead pass it "all signals _minus_ the signals we don't want forwarded":
35f023a7c2/cli/command/container/signals.go (L55)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-03-01 18:31:30 +01:00
Chris Crone 8c2872d2a3
context: Ensure context name is valid on import
Signed-off-by: Chris Crone <christopher.crone@docker.com>
(cherry picked from commit 9ecc69d17e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-02 13:51:15 +01:00
Chris Crone a2f0cf527b
context: Ensure import paths are valid
Signed-off-by: Chris Crone <christopher.crone@docker.com>
(cherry picked from commit 6f49197cab)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-02 13:51:12 +01:00
Silvin Lubecki 375faee9bc
Merge pull request #2939 from thaJeztah/fix_swarm_rollback_exitcode
Fix swarm rollback exitcode, and fix skipping verify step
2021-02-01 11:29:15 +01:00
Tibor Vass 8d199d5bba Use golang.org/x/sys/execabs
On Windows, the os/exec.{Command,CommandContext,LookPath} functions
resolve command names that have neither path separators nor file extension
(e.g., "git") by first looking in the current working directory before
looking in the PATH environment variable.
Go maintainers intended to match cmd.exe's historical behavior.

However, this is pretty much never the intended behavior and as an abundance of precaution
this patch prevents that when executing commands.
Example of commands that docker.exe may execute: `git`, `docker-buildx` (or other cli plugin), `docker-credential-wincred`, `docker`.

Note that this was prompted by the [Go 1.15.7 security fixes](https://blog.golang.org/path-security), but unlike in `go.exe`,
the windows path lookups in docker are not in a code path allowing remote code execution, thus there is no security impact on docker.

Signed-off-by: Tibor Vass <tibor@docker.com>
2021-01-26 17:18:04 +00:00
Sebastiaan van Stijn 104469be0b
service rollback: always verify state
Prior to this change, progressbars would sometimes be hidden, and the function
would return early. In addition, the direction of the progressbars would sometimes
be "incrementing" (similar to "docker service update"), and sometimes be "decrementing"
(to indicate a "rollback" is being performed).

This fix makes sure that we always proceed with the "verifying" step, and now
prints a message _after_ the verifying stage was completed;

    $ docker service rollback foo
    foo
    overall progress: rolling back update: 5 out of 5 tasks
    1/5: running   [>                                                  ]
    2/5: starting  [===========>                                       ]
    3/5: starting  [===========>                                       ]
    4/5: running   [>                                                  ]
    5/5: running   [>                                                  ]
    verify: Service converged
    rollback: rollback completed

    $ docker service rollback foo
    foo
    overall progress: rolling back update: 1 out of 1 tasks
    1/1: running   [>                                                  ]
    verify: Service converged
    rollback: rollback completed

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-19 14:47:30 +01:00
Sebastiaan van Stijn ce26a165b0
docker service rollback: fix non-zero exit code in some cases
Before this change:
--------------------------------------------

    $ docker service create --replicas=1 --name foo -p 8080:80 nginx:alpine
    t33qvykv8y0zbz266rxynsbo3
    overall progress: 1 out of 1 tasks
    1/1: running   [==================================================>]
    verify: Service converged

    $ echo $?
    0

    $ docker service update --replicas=5 foo
    foo
    overall progress: 5 out of 5 tasks
    1/5: running   [==================================================>]
    2/5: running   [==================================================>]
    3/5: running   [==================================================>]
    4/5: running   [==================================================>]
    5/5: running   [==================================================>]
    verify: Service converged

    $ echo $?
    0

    $ docker service rollback foo
    foo
    rollback: manually requested rollback
    overall progress: rolling back update: 1 out of 1 tasks
    1/1: running   [>                                                  ]
    verify: Service converged

    $ echo $?
    0

    $ docker service rollback foo
    foo
    service rolled back: rollback completed

    $ echo $?
    1

After this change:
--------------------------------------------

    $ docker service create --replicas=1 --name foo -p 8080:80 nginx:alpine
    t33qvykv8y0zbz266rxynsbo3
    overall progress: 1 out of 1 tasks
    1/1: running   [==================================================>]
    verify: Service converged

    $ echo $?
    0

    $ docker service update --replicas=5 foo
    foo
    overall progress: 5 out of 5 tasks
    1/5: running   [==================================================>]
    2/5: running   [==================================================>]
    3/5: running   [==================================================>]
    4/5: running   [==================================================>]
    5/5: running   [==================================================>]
    verify: Waiting 1 seconds to verify that tasks are stable...

    $ echo $?
    0

    $ docker service rollback foo
    foo
    rollback: manually requested rollback
    overall progress: rolling back update: 1 out of 1 tasks
    1/1: running   [>                                                  ]
    verify: Service converged

    $ echo $?
    0

    $ docker service rollback foo
    foo
    service rolled back: rollback completed

    $ echo $?
    0

    $ docker service ps foo
    ID             NAME      IMAGE          NODE             DESIRED STATE   CURRENT STATE           ERROR     PORTS
    4dt4ms4c5qfb   foo.1     nginx:alpine   docker-desktop   Running         Running 2 minutes ago

Remaining issues with reconciliation
--------------------------------------------

Note that both before, and after this change, the command sometimes terminates
early, and does not wait for the service to reconcile; this is most apparent
when rolling back is scaling up (so more tasks are deployed);

    $ docker service rollback foo
    foo
    service rolled back: rollback completed

    $ docker service rollback foo
    foo
    rollback: manually requested rollback
    overall progress: rolling back update: 1 out of 5 tasks
    1/5: pending   [=================================>                 ]
    2/5: running   [>                                                  ]
    3/5: pending   [=================================>                 ]
    4/5: pending   [=================================>                 ]
    5/5: pending   [=================================>                 ]
    service rolled back: rollback completed

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-19 14:47:28 +01:00
Silvin Lubecki 1e54c5d67c
Merge pull request #2934 from thaJeztah/fix_homedir_warning
cli/config: prevent warning if HOME is not set
2021-01-19 14:01:37 +01:00
Sebastiaan van Stijn c85a37dbb4
cli/config: prevent warning if HOME is not set
commit c2626a8270 replaced the use of
github.com/docker/docker/pkg/homedir with Golang's os.UserHomeDir().

This change was partially reverted in 7a279af43d
to account for situations where `$HOME` is not set.

In  situations where no configuration file is present in `~/.config/`, the CLI
falls back to looking for the (deprecated) `~/.dockercfg` configuration file,
which was still using `os.UserHomeDir()`, which produces an error/warning if
`$HOME` is not set.

This patch introduces a helper function and a global variable to get the user's
home-directory. The global variable is used to prevent repeatedly looking up
the user's information (which, depending on the setup can be a costly operation).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-18 17:47:00 +01:00
Sebastiaan van Stijn a49d70ca7f
Merge pull request #2927 from jimlinntu/fix_update_rollback_order
fix --update-order and --rollback-order flags
2021-01-18 17:26:47 +01:00
Jim Lin 26a6a724aa fix --update-order and --rollback-order flags
Signed-off-by: Jim Lin <b04705003@ntu.edu.tw>
2021-01-18 22:33:45 +08:00
Brian Goff fff164c22e Ignore SIGURG on Linux.
In go1.14+, SIGURG is used by the runtime to handle preemtable system
calls.
In practice this signal caught *frequently*.

For reference:

https://go.googlesource.com/proposal/+/master/design/24543-non-cooperative-preemption.md
https://github.com/golang/go/issues/37942

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2021-01-15 19:03:39 +00:00
Silvin Lubecki 2563f04c0a
Merge pull request #2918 from thaJeztah/fix_login_panic
Fix panic when failing to get DefaultAuthConfig
2021-01-08 11:22:53 +01:00
Sebastiaan van Stijn c2820a7e3b
Fix panic when failing to get DefaultAuthConfig
Commit f32731f902 fixed a potential panic
when an error was returned while trying to get existing credentials.

However, other code paths currently use the result of `GetDefaultAuthConfig()`
even in an error condition; this resulted in a panic, because a `nil` was
returned.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-07 22:11:29 +01:00
Sebastiaan van Stijn 2f20bf490e
Merge pull request #2885 from flant/fix-context-dockerfile-from-stdin-with-buildkit
Fix reading context and dockerfile from stdin with BuildKit
2021-01-06 14:30:51 +01:00
Alexey Igrychev fc9ca9a94a Fix reading context and dockerfile from stdin with BuildKit
Signed-off-by: Alexey Igrychev <alexey.igrychev@flant.com>
2020-12-14 13:40:48 +00:00
Sebastiaan van Stijn fa3e0bcdaf
Help link: remove color, add "bold" style, and white-space
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-14 14:28:29 +01:00
Tibor Vass 029ab0255a
Merge pull request #2857 from gtardif/help_guides_link
Help guides link
2020-12-07 15:34:45 -08:00
Djordje Lukic 9f9c4b7f3b Remove k8s.io/kubernetes dependency
We are only using the `IsPodReady` function that can be rewritten easily.

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2020-12-04 00:27:40 +01:00
Tibor Vass 40ec81a79a build: display [auth] output
Signed-off-by: Tibor Vass <tibor@docker.com>
2020-12-02 21:22:36 +00:00
Sebastiaan van Stijn 9a0a071d55 vendor: buildkit v0.8.0-rc2, docker
diffs:

- full diff: af34b94a78...6c0a036dce
- full diff: 4d1f260e84...v0.8.0-rc2

New dependencies:

- go.opencensus.io v0.22.3
- github.com/containerd/typeurl v1.0.1
- github.com/golang/groupcache 869f871628b6baa9cfbc11732cdf6546b17c1298

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-02 21:01:12 +00:00
Sebastiaan van Stijn 0e96d92567 vendor: golang.org/x/crypto c1f2f97bffc9c53fc40a1a28a5b460094c0050d9
full diff: 75b288015a...c1f2f97bff

relevant changes:

- pkcs12: document that we use the wrong PEM type
- pkcs12: drop PKCS#12 attributes with unknown OIDs
- ocsp: Improve documentation for ParseResponse and ParseResponseForCert

other changes (not in vendor);

- ssh: improve error message for KeyboardInteractiveChallenge
- ssh: remove slow unnecessary diffie-hellman-group-exchange primality check
- ssh/terminal: replace with a golang.org/x/term wrapper
    - Deprecates ssh/terminal in favor of golang.org/x/term
- ssh/terminal: add support for zos
- ssh/terminal: bump x/term dependency to fix js/nacl
- nacl/auth: use Size instead of KeySize for Sum output
- sha3: remove go:nocheckptr annotation

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-02 21:01:12 +00:00
Guillaume Tardif d7697f9c72 AdditionalHelpMessage set in command annotations, removed env var check
Signed-off-by: Guillaume Tardif <guillaume.tardif@gmail.com>
2020-12-02 16:01:53 +01:00
Guillaume Tardif 0ec9e434ed Additional help message is displayed in cyan
Signed-off-by: Guillaume Tardif <guillaume.tardif@gmail.com>
2020-12-01 17:32:08 +01:00
Guillaume Tardif 2369d9d126 Do not display help link if env var “DOCKER_HIDE_HELP_GUIDES” is set
Signed-off-by: Guillaume Tardif <guillaume.tardif@gmail.com>
2020-12-01 15:29:00 +01:00
Guillame Tardif dbd65f92c7 Display additional help message pointing to docs.docker.com guides.
Will display when user types `docker help` or `docker --help`, but not for `docker run --help`. 

Signed-off-by: Guillaume Tardif <guillaume.tardif@gmail.com>
2020-12-01 15:11:24 +01:00
Tibor Vass 5cc2396164
Merge pull request #2541 from znck/allow-ssh-flags
feat: allow ssh flag arguments
2020-11-17 11:20:04 -08:00
Sebastiaan van Stijn e3d93058fd
build: remove PersistentPreRunE hack for experimental --platform
This hack was added in an attempt to continue supporting the experimental
(non-buildkit) `--platform` option, by dynamically updating the API version
required if buildkit isn't enabled.

This hack didn't work, however, because at the moment the override is
added, the command is not yet attached to the "root" (`docker`) command,
and because of that, the command itself is the `root` command;
`cmd.Root()` returned the `build` command.

As a result, validation steps defined as `PersistentPreRunE` on the root
command were not executed, causing invalid flags/options to not producing
an error.

Attempts to use an alternative approach (for example, cobra supports both
a `PersistentPreRun` and `PersistentPreRunE`) did not work either, because
`PersistentPreRunE` takes precedence over `PersistentPreRun`, and only one
will be executed.

Now that `--platform` should be supported for other cases than just for
experimental (LCOW), let's remove the 'experimental' check, and just assume
it's supported for API v1.32 and up.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-11-16 14:58:11 +01:00
Sebastiaan van Stijn ae5899e2b0
cli/command/container/stats.go: fix goimports
cli/command/container/stats.go:159: File is not `goimports`-ed (goimports)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-11-10 17:47:57 +01:00
Sebastiaan van Stijn b07e921289
Merge pull request #2785 from bn4t/2784-use-waitgroup-instead-of-sleep
Wait on waitgroup instead of using time.Sleep
2020-11-06 21:29:11 +01:00
Tibor Vass 1d20b15adc
Merge pull request #2818 from thaJeztah/prevent_panic
GetDefaultAuthConfig: fix potential panic due to unhandled error
2020-10-29 14:43:01 -07:00
Sebastiaan van Stijn f32731f902
GetDefaultAuthConfig: fix potential panic due to unhandled error
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-29 01:42:35 +01:00
Sebastiaan van Stijn a40beedcc3
builder: print deprecation warning instead of failing for --stream
While performance will be worse, we can safely ignore the --stream
option when used, and print a deprecation warning instead of failing
the build.

With this patch:

    echo -e "FROM scratch\nLABEL foo=bar" | docker build --stream -
    DEPRECATED: The experimental --stream flag has been removed and the build context
                will be sent non-streaming. Enable BuildKit instead with DOCKER_BUILDKIT=1
                to stream build context, see https://docs.docker.com/go/buildkit/

    Sending build context to Docker daemon  2.048kB
    Step 1/2 : FROM scratch
     --->
    Step 2/2 : LABEL foo=bar
     ---> Running in 99e4021085b6
    Removing intermediate container 99e4021085b6
     ---> 1a7a41be241f
    Successfully built 1a7a41be241f

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-24 01:58:47 +02:00
Tibor Vass 7fedb0e54f
Merge pull request #2775 from thaJeztah/notabs
Replace tab with spaces in usage output
2020-10-22 12:40:42 -07:00
Sebastiaan van Stijn 9b3eef5218
Merge pull request #2755 from thaJeztah/dont_save_useragent
Config-file: remove User-Agent from config.json when saving
2020-10-15 22:17:59 +02:00
bn4t 53e2110fa3 Wait on waitgroup instead of using time.Sleep
Closes #2784
Signed-off-by: bn4t <me@bn4t.me>
2020-10-12 10:32:53 +02:00
Rahul Kadyan 7baac8c147
feat: allow ssh flag arguments
Signed-off-by: Rahul Kadyan <hi@znck.me>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-08 17:11:26 +02:00
Sebastiaan van Stijn 977d3ae046
Always enable experimental features
The CLI disabled experimental features by default, requiring users
to set a configuration option to enable them.

Disabling experimental features was a request from Enterprise users
that did not want experimental features to be accessible.

We are changing this policy, and now enable experimental features
by default. Experimental features may still change and/or removed,
and will be highlighted in the documentation and "usage" output.

For example, the `docker manifest inspect --help` output now shows:

    EXPERIMENTAL:
      docker manifest inspect is an experimental feature.

      Experimental features provide early access to product functionality. These features
      may change between releases without warning or can be removed entirely from a future
      release. Learn more about experimental features: https://docs.docker.com/go/experimental/

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-02 15:59:42 +02:00
Sebastiaan van Stijn 7f3717bd2a
Replace tab with spaces in usage output
All output of the usage / --help output uses spaces, and having a tab
in the output can be somewhat cumbersome (e.g. our YAML docs generator
doesn't like them, and copy/pasing the output in iTerm produces a warning).

This patch changes the output to use two spaces instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-02 15:41:17 +02:00
Sebastiaan van Stijn d9c36c2878
cli: print experimental message in usage output
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-02 15:30:52 +02:00
Sebastiaan van Stijn 3f19902eae
Config-file: remove User-Agent from config.json when saving
The config.json allows for setting custom HTTP headers, but given that
User-Agent is not customizable, we should remove it from the config before saving;

Before this change;

    $ cat ~/.docker/config.json
    {
        "auths": {
            "https://index.docker.io/v1/": {
                "auth": "<base64 auth>"
            }
        },
        "HttpHeaders": {
            "User-Agent": "Docker-Client/19.03.12 (linux)"
        }
    }

    $ docker logout
    {
        "auths": {},
        "HttpHeaders": {
            "User-Agent": "Docker-Client/19.03.12 (linux)"
        }
    }

After this change:

    $ cat ~/.docker/config.json
    {
        "auths": {
            "https://index.docker.io/v1/": {
                "auth": "<base64 auth>"
            }
        },
        "HttpHeaders": {
            "User-Agent": "Docker-Client/19.03.12 (linux)"
        }
    }

    $ docker logout
    Removing login credentials for https://index.docker.io/v1/

    $ cat ~/.docker/config.json
    {
        "auths": {}
    }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-01 15:04:39 +02:00
Sebastiaan van Stijn 2b1138c118
Fix initializing client modifying custom HTTPHeaders
When initializing the API client, the User-Agent was added to any custom
HTTPHeaders that were configured. However, because the map was not properly
dereferenced, the original map was modified, causing the User-Agent to also
be saved to config.json after `docker login` and `docker logout`:

Before this change;

    $ cat ~/.docker/config.json
    cat: can't open '/root/.docker/config.json': No such file or directory

    $ docker login -u myusername
    Password:
    ...
    Login Succeeded

    $ cat ~/.docker/config.json
    {
        "auths": {
            "https://index.docker.io/v1/": {
                "auth": "<base64 auth>"
            }
        },
        "HttpHeaders": {
            "User-Agent": "Docker-Client/19.03.12 (linux)"
        }
    }

    $ docker logout
    {
        "auths": {},
        "HttpHeaders": {
            "User-Agent": "Docker-Client/19.03.12 (linux)"
        }
    }

After this change:

    $ cat ~/.docker/config.json
    cat: can't open '/root/.docker/config.json': No such file or directory

    $ docker login -u myusername
    Password:
    ...
    Login Succeeded

    $ cat ~/.docker/config.json
    {
        "auths": {
            "https://index.docker.io/v1/": {
                "auth": "<base64 auth>"
            }
        }
    }

    $ docker logout
    Removing login credentials for https://index.docker.io/v1/

    $ cat ~/.docker/config.json
    {
        "auths": {}
    }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-29 17:24:07 +02:00
Sebastiaan van Stijn 0eb3cfd261
Add test-case for env with, and without =
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-23 20:33:48 +02:00
Jorge Vallecillo e7203bf81b Fix 2 typos
Consecutive occurrences of 'the'

Signed-off-by: Jorge Vallecillo <jorgevallecilloc@gmail.com>
2020-09-18 09:26:39 -06:00
Jennings Zhang 185d71262a
Subcommand `docker manifest rm`
Squashed commit of the following:

commit b9ef85e74833ba405f68cfc20989c69d64bac4e9
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Mon Sep 14 21:39:57 2020 -0400

    Fix bash completion

    https://github.com/docker/cli/pull/2449#pullrequestreview-488110510
    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit 8c46bd6e6ed151bb43865c8b1d79c00fd62e4345
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Sun Sep 13 01:48:12 2020 -0400

    Add tests for docker manifest rm

    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit 7e3d9a9bc60e44d96953093fa0b1bc3397ca7813
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Sun Sep 13 00:55:37 2020 -0400

    docker manifest rm multiple args

    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit 30466e28d28f6722053c5a232e99ddbae8222715
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Sun Sep 13 00:01:20 2020 -0400

    No need to search before Remove

    https://github.com/docker/cli/pull/2449#discussion_r485544044
    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit ccdc4ed0a620cf8c9ec6ecc6804d1a45f7c61be5
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Sat Sep 12 23:42:41 2020 -0400

    Completion should also handle --help

    https://github.com/docker/cli/pull/2449#discussion_r443140909
    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit ed260afa71a4f8feb6550f79692e47ad7430d786
Merge: 46c61d85e9 2955ece024
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Sat Sep 12 23:31:54 2020 -0400

    Merge branch 'master' into manifest-rm

commit 46c61d85e973cc9fdd28d42db9ecebe373e9b942
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Fri Apr 17 21:53:33 2020 -0400

    Remove extra space

    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit 6d31d26c10e8d395ab08561cdb9b29829bb4bd91
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Fri Apr 17 21:15:21 2020 -0400

    Bash completion for `docker manifest rm`

    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

commit 3c8c843deb2f751a5f51ee6fcaa75da2a4525d99
Author: Jennings Zhang <jenni_zh@protonmail.com>
Date:   Fri Apr 17 21:05:50 2020 -0400

    Frankenstein a `docker manifest rm` command

    Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>

Signed-off-by: Jennings Zhang <jenni_zh@protonmail.com>
2020-09-15 16:26:47 -04:00
Tibor Vass cec8723d8c
Merge pull request #2656 from thaJeztah/bump_buildkit
vendor: buildkit 4d1f260e8490ec438ab66e08bb105577aca0ce06
2020-09-10 17:43:42 -04:00
Tibor Vass 7836597b3d
Merge pull request #2712 from thaJeztah/carry_2660_ulimits
Add ulimits support to docker service and docker stack deploy (carry 2660)
2020-09-10 15:40:25 -04:00
Albin Kerouanton 940907951b
Support ulimits in docker stack deploy
This is related to moby/moby 40639.

Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-10 14:59:02 +02:00
Albin Kerouanton a9158bdc50
Add ulimits option to docker service create/update/inspect
This is related to moby/moby 40639.

Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-10 14:41:33 +02:00
Sebastiaan van Stijn 23660be600
Service cap-add/cap-drop: add special "RESET" value
This implements a special "RESET" value that can be used to reset the
list of capabilities to add/drop when updating a service.

Given the following service;

| CapDrop        | CapAdd        |
| -------------- | ------------- |
| CAP_SOME_CAP   |               |

When updating the service, and applying `--cap-drop RESET`, the "drop" list
is reset to its default:

| CapDrop        | CapAdd        |
| -------------- | ------------- |
|                |               |

When updating the service, and applying `--cap-drop RESET`, combined with
`--cap-add CAP_SOME_CAP` and `--cap-drop CAP_SOME_OTHER_CAP`:

| CapDrop        | CapAdd        |
| -------------- | ------------- |
| CAP_FOO_CAP    | CAP_SOME_CAP  |

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-10 11:14:38 +02:00
Sebastiaan van Stijn 7edc00d808
vendor: buildkit 4d1f260e8490ec438ab66e08bb105577aca0ce06
full diff: df35e9818d...4d1f260e84

- moby/buildkit#1551 session: track sessions with a group construct
- moby/buildkit#1534 secrets: allow providing secrets with env
- moby/buildkit#1533 git: support for token authentication
- moby/buildkit#1549 progressui: fix logs time formatting

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-09 15:19:02 +02:00
Sebastiaan van Stijn 95037299cb
Service cap-add/cap-drop: handle updates as "tri-state"
Adding/removing capabilities when updating a service is considered a tri-state;

- if the capability was previously "dropped", then remove it from "CapabilityDrop",
  but do NOT add it to "CapabilityAdd". However, if the capability was not yet in
  the service's "CapabilityDrop", then simply add it to the service's "CapabilityAdd"
- likewise, if the capability was previously "added", then remove it from
  "CapabilityAdd", but do NOT add it to "CapabilityDrop". If the capability was
  not yet in the service's "CapabilityAdd", then simply add it to the service's
  "CapabilityDrop".

In other words, given a service with the following:

| CapDrop        | CapAdd        |
| -------------- | ------------- |
| CAP_SOME_CAP   |               |

When updating the service, and applying `--cap-add CAP_SOME_CAP`, the previously
dropped capability is removed:

| CapDrop        | CapAdd        |
| -------------- | ------------- |
|                |               |

When updating the service a second time, applying `--cap-add CAP_SOME_CAP`,
capability is now added:

| CapDrop        | CapAdd        |
| -------------- | ------------- |
|                | CAP_SOME_CAP  |

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-08 14:42:39 +02:00
Sebastiaan van Stijn 190c64b415
Service cap-add/cap-drop: improve handling of combinations and special "ALL" value
When creating and updating services, we need to avoid unneeded service churn.

The interaction of separate lists to "add" and "drop" capabilities, a special
("ALL") capability, as well as a "relaxed" format for accepted capabilities
(case-insensitive, `CAP_` prefix optional) make this rather involved.

This patch updates how we handle `--cap-add` / `--cap-drop` when  _creating_ as
well as _updating_, with the following rules/assumptions applied:

- both existing (service spec) and new (values passed through flags or in
  the compose-file) are normalized and de-duplicated before use.
- the special "ALL" capability is equivalent to "all capabilities" and taken
  into account when normalizing capabilities. Combining "ALL" capabilities
  and other capabilities is therefore equivalent to just specifying "ALL".
- adding capabilities takes precedence over dropping, which means that if
  a capability is both set to be "dropped" and to be "added", it is removed
  from the list to "drop".
- the final lists should be sorted and normalized to reduce service churn
- no validation of capabilities is handled by the client. Validation is
  delegated to the daemon/server.

When deploying a service using a docker-compose file, the docker-compose file
is *mostly* handled as being "declarative". However, many of the issues outlined
above also apply to compose-files, so similar handling is applied to compose
files as well to prevent service churn.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-08 14:38:35 +02:00
Albin Kerouanton c6ec4e081e
service: Add --cap-add & --cap-drop to service cmds
Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
2020-09-08 14:24:55 +02:00
Olli Janatuinen 0db61ff6da
stack: Support cap_add and cap_drop on services
Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
2020-09-08 14:24:52 +02:00
Sebastiaan van Stijn dace8fdc75
formatter: reduce minimum width for columns in table-view
The tabwriter was configured to have a min-width for columns of 20 positions.
This seemed quite wide, and caused smaller columns to be printed with a large
gap between.

Before:

    docker container stats

    CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O           PIDS
    29184b3ae391        amazing_shirley     0.00%               800KiB / 1.944GiB     0.04%               1.44kB / 0B         0B / 0B             1
    403c101bad56        agitated_swartz     0.15%               34.31MiB / 1.944GiB   1.72%               10.2MB / 206kB      0B / 0B             51
    0dc4b7f6c6be        container2          0.00%               1.012MiB / 1.944GiB   0.05%               12.9kB / 0B         0B / 0B             5
    2d99abcc6f62        container99         0.00%               972KiB / 1.944GiB     0.05%               13kB / 0B           0B / 0B             5
    9f9aa90173ac        foo                 0.00%               820KiB / 1.944GiB     0.04%               13kB / 0B           0B / 0B             5

    docker container ls

    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
    29184b3ae391        docker-cli-dev      "ash"                    4 hours ago         Up 4 hours                              amazing_shirley
    403c101bad56        docker-dev:master   "hack/dind bash"         3 days ago          Up 3 days                               agitated_swartz
    0dc4b7f6c6be        nginx:alpine        "/docker-entrypoint.…"   4 days ago          Up 4 days           80/tcp              container2
    2d99abcc6f62        nginx:alpine        "/docker-entrypoint.…"   4 days ago          Up 4 days           80/tcp              container99
    9f9aa90173ac        nginx:alpine        "/docker-entrypoint.…"   4 days ago          Up 4 days           80/tcp              foo

    docker image ls

    REPOSITORY          TAG                    IMAGE ID            CREATED             SIZE
    docker-cli-dev      latest                 5f603caa04aa        4 hours ago         610MB
    docker-cli-native   latest                 9dd29f8d387b        4 hours ago         519MB
    docker-dev          master                 8132bf7a199e        3 days ago          2.02GB
    docker-dev          improve-build-errors   69e208994b3f        11 days ago         2.01GB
    docker-dev          refactor-idtools       69e208994b3f        11 days ago         2.01GB

After:

    docker container stats

    CONTAINER ID   NAME              CPU %     MEM USAGE / LIMIT     MEM %     NET I/O          BLOCK I/O   PIDS
    29184b3ae391   amazing_shirley   0.14%     5.703MiB / 1.944GiB   0.29%     1.44kB / 0B      0B / 0B     10
    403c101bad56   agitated_swartz   0.15%     56.97MiB / 1.944GiB   2.86%     10.2MB / 206kB   0B / 0B     51
    0dc4b7f6c6be   container2        0.00%     1016KiB / 1.944GiB    0.05%     12.9kB / 0B      0B / 0B     5
    2d99abcc6f62   container99       0.00%     956KiB / 1.944GiB     0.05%     13kB / 0B        0B / 0B     5
    9f9aa90173ac   foo               0.00%     980KiB / 1.944GiB     0.05%     13kB / 0B        0B / 0B     5

    docker container ls

    CONTAINER ID   IMAGE               COMMAND                  CREATED          STATUS          PORTS     NAMES
    29184b3ae391   docker-cli-dev      "ash"                    12 minutes ago   Up 12 minutes             amazing_shirley
    403c101bad56   docker-dev:master   "hack/dind bash"         3 days ago       Up 3 days                 agitated_swartz
    0dc4b7f6c6be   nginx:alpine        "/docker-entrypoint.…"   4 days ago       Up 4 days       80/tcp    container2
    2d99abcc6f62   nginx:alpine        "/docker-entrypoint.…"   4 days ago       Up 4 days       80/tcp    container99
    9f9aa90173ac   nginx:alpine        "/docker-entrypoint.…"   4 days ago       Up 4 days       80/tcp    foo

    docker image ls

    REPOSITORY          TAG                    IMAGE ID       CREATED         SIZE
    docker-cli-dev      latest                 5f603caa04aa   4 hours ago     610MB
    docker-cli-native   latest                 9dd29f8d387b   4 hours ago     519MB
    docker-dev          master                 8132bf7a199e   3 days ago      2.02GB
    docker-dev          improve-build-errors   69e208994b3f   11 days ago     2.01GB
    docker-dev          refactor-idtools       69e208994b3f   11 days ago     2.01GB

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-31 16:31:15 +02:00
Sebastiaan van Stijn b951b5b8c9
formatter: minor refactor to reduce needless conversions
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-28 23:09:27 +02:00
Tibor Vass 8fc038afe7
Merge pull request #2694 from thaJeztah/fix_vbomml_util
Replace vbom.ml/util with fvbommel/sortorder
2020-08-28 16:00:24 +02:00
Sebastiaan van Stijn 6703919c71
Replace vbom.ml/util with fvbommel/sortorder
The vanity domain is down, and the project has moved
to a new location.

vendor check started failing because of this:

    Collecting initial packages
    Download dependencies
    unrecognized import path "vbom.ml/util" (https fetch: Get https://vbom.ml/util?go-get=1: dial tcp: lookup vbom.ml on 169.254.169.254:53: no such host)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-28 15:35:42 +02:00
Brian Goff 612567cb21
Merge pull request #2678 from thaJeztah/fix_rm_force_exit_status
Return zero exit-code when force-removing non-existing containers
2020-08-27 14:40:08 -07:00
Sebastiaan van Stijn ca35f2973a
Merge pull request #2646 from horpto/patch-1
Add shorthand for --tail option
2020-08-17 17:19:03 +02:00
Sebastiaan van Stijn 9a071a993a
Return zero exit-code when force-removing non-existing containers
When using `docker rm` / `docker container rm` with the `-f` / `--force` option, attempts to remove non-existing containers should print a warning, but should return a zero exit code ("successful").

Currently, a non-zero exit code is returned, marking the removal as "failed";

	$ docker rm -fv 798c9471b695
	Error: No such container: 798c9471b695
	$ echo $?
	1

The command should match the behavior of `rm` / `rm -f`, with the exception that
a warning is printed (instead of silently ignored):

Running `rm` with `-f` silences output and returns a zero exit code:

    touch some-file && rm -f no-such-file some-file; echo exit code: $?; ls -la
    # exit code: 0
    # total 0
    # drwxr-xr-x    2 sebastiaan  staff    64 Aug 14 12:17 .
    # drwxr-xr-x  199 sebastiaan  staff  6368 Aug 14 12:13 ..

    mkdir some-directory && rm -rf no-such-directory some-directory; echo exit code: $?; ls -la
    # exit code: 0
    # total 0
    # drwxr-xr-x    2 sebastiaan  staff    64 Aug 14 12:17 .
    # drwxr-xr-x  199 sebastiaan  staff  6368 Aug 14 12:13 ..

Note that other reasons for a delete to fail should still result in a non-zero
exit code, matching the behavior of `rm`. For instance, in the example below,
the `rm` failed because directories can only be removed if the `-r` option is used;

    touch some-file && mkdir some-directory && rm -f some-directory no-such-file some-file; echo exit code: $?; ls -la
    # rm: some-directory: is a directory
    # exit code: 1
    # total 0
    # drwxr-xr-x    3 sebastiaan  staff    96 Aug 14 14:15 .
    # drwxr-xr-x  199 sebastiaan  staff  6368 Aug 14 12:13 ..
    # drwxr-xr-x    2 sebastiaan  staff    64 Aug 14 14:15 some-directory

This patch updates the `docker rm` / `docker container rm` command to not produce
an error when attempting to remove a missing containers, and instead only print
the error, but return a zero (0) exit code.

With this patch applied:

    docker create --name mycontainer busybox \
    && docker rm nosuchcontainer mycontainer; \
    echo exit code: $?; \
    docker ps -a --filter name=mycontainer
    # df23cc8573f00e97d6e948b48d9ea7d75ce3b4faaab4fe1d3458d3bfa451f39d
    # mycontainer
    # Error: No such container: nosuchcontainer
    # exit code: 0
    # CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-14 16:17:40 +02:00
horpto 0b7147a2a5 fix docs, completion and docker service
Signed-off-by: horpto <__Singleton__@hackerdom.ru>
2020-08-06 17:37:08 +03:00
Sebastiaan van Stijn 2fc608cea6
Fix order of processing of some xx-add/xx-rm service update flags
Combining `-add` and `-rm` flags on `docker service update` should
be usable to explicitly replace existing options. The current order
of processing did not allow this, causing the `-rm` flag to remove
properties that were specified in `-add`. This behavior was inconsistent
with (for example) `--host-add` and `--host-rm`.

This patch updates the behavior to first remove properties, then
add new properties.

Note that there's still some improvements to make, to make the removal
more granulas (e.g. to make `--label-rm label=some-value` only remove
the label if value matches `some-value`); these changes are left for
a follow-up.

Before this change:
-----------------------------

Create a service with two env-vars

```bash
docker service create --env FOO=bar --env BAR=baz  --name=test nginx:alpine
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Env }}' test | jq .
[
  "FOO=bar",
  "BAR=baz"
]
```

Update the service, with the intent to replace the value of `FOO` for a new value

```bash
docker service update  --env-rm FOO --env-add FOO=updated-foo test
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Env }}' test | jq .
[
  "BAR=baz"
]
```

Create a service with two labels

```bash
docker service create --label FOO=bar --label BAR=baz  --name=test nginx:alpine
docker service inspect --format '{{json .Spec.Labels }}' test | jq .
{
  "BAR": "baz",
  "FOO": "bar"
}
```

Update the service, with the intent to replace the value of `FOO` for a new value

```bash
docker service update  --label-rm FOO --label-add FOO=updated-foo test
docker service inspect --format '{{json .Spec.Labels }}' test | jq .
{
  "BAR": "baz"
}
```

Create a service with two container labels

```bash
docker service create --container-label FOO=bar --container-label BAR=baz  --name=test nginx:alpine
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Labels }}' test | jq .
{
  "BAR": "baz",
  "FOO": "bar"
}
```

Update the service, with the intent to replace the value of `FOO` for a new value

```bash
docker service update  --container-label-rm FOO --container-label-add FOO=updated-foo test
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Labels }}' test | jq .
{
  "BAR": "baz",
}
```

With this patch applied:
--------------------------------

Create a service with two env-vars

```bash
docker service create --env FOO=bar --env BAR=baz  --name=test nginx:alpine
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Env }}' test | jq .
[
  "FOO=bar",
  "BAR=baz"
]
```

Update the service, and replace the value of `FOO` for a new value

```bash
docker service update  --env-rm FOO --env-add FOO=updated-foo test
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Env }}' test | jq .
[
  "BAR=baz",
  "FOO=updated-foo"
]
```

Create a service with two labels

```bash
docker service create --label FOO=bar --label BAR=baz  --name=test nginx:alpine
docker service inspect --format '{{json .Spec.Labels }}' test | jq .
{
  "BAR": "baz",
  "FOO": "bar"
}
```

Update the service, and replace the value of `FOO` for a new value

```bash
docker service update  --label-rm FOO --label-add FOO=updated-foo test
docker service inspect --format '{{json .Spec.Labels }}' test | jq .
{
  "BAR": "baz",
  "FOO": "updated-foo"
}
```

Create a service with two container labels

```bash
docker service create --container-label FOO=bar --container-label BAR=baz  --name=test nginx:alpine
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Labels }}' test | jq .
{
  "BAR": "baz",
  "FOO": "bar"
}
```

Update the service, and replace the value of `FOO` for a new value

```bash
docker service update  --container-label-rm FOO --container-label-add FOO=updated-foo test
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Labels }}' test | jq .
{
  "BAR": "baz",
  "FOO": "updated-foo"
}
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-04 19:09:59 +02:00
Sebastiaan van Stijn 1d9ee72178
Merge pull request #2654 from tonistiigi/rosetta
support emulated version detection
2020-07-30 21:40:01 +02:00
Tonis Tiigi e531875ff0 support emulated version detection
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-07-30 11:38:29 -07:00
Albin Kerouanton 21da11c5fd
docker service inspect fails when TaskTemplate.Resources is nil
When doing `docker service inspect --pretty` on services without
`TaskTemplate.Resources` or `TaskTemplate.Resources.Limits`, the command
fails. This is due to a missing check on ResourceLimitPids().

This bug has been introduced by 395a6d560d
and produces following error message:

```
Template parsing error: template: :139:10: executing "" at <.ResourceLimitPids>: error calling ResourceLimitPids: runtime error: invalid memory address or nil pointer dereference
```

Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
2020-07-28 22:38:33 +02:00
horpto 04ab71457a Add shorthand for --tail option
I chose -n shorthand as it's similar with linux `tail` command.

Signed-off-by: Александр Менщиков <__Singleton__@hackerdom.ru>
2020-07-23 15:25:12 +03:00
Wang Yumu 1f907fb7ba Add DefaultAddressPools to docker info output #40388
Signed-off-by: Wang Yumu <37442693@qq.com>
2020-07-22 01:45:30 +08:00
Sebastiaan van Stijn 251861237a
Replace mattn/go-shellwords with google/shlex
Both libaries provide similar functionality. We're currently using
Google Shlex in more places, so prefering that one for now, but we
could decide to switch to mattn/go-shellwords in future if that
library is considered better (it looks to be more actively maintained,
but that may be related to it providing "more features").

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-20 10:20:42 +02:00
Brian Goff bece8cc41c
Merge pull request #2626 from thaJeztah/test_cleanup 2020-07-16 09:58:16 -07:00
Sebastiaan van Stijn 75ab44af6f
Fix ConfigFile.Save() replacing symlink with file
In situations where `~/.docker/config.json` was a symlink, saving
the file would replace the symlink with a file, instead of updating
the target file location;

    mkdir -p ~/.docker
    touch ~/real-config.json
    ln -s ~/real-config.json ~/.docker/config.json

    ls -la ~/.docker/config.json
    # lrwxrwxrwx 1 root root 22 Jun 23 12:34 /root/.docker/config.json -> /root/real-config.json

    docker login
    # Username: thajeztah
    # Password:

    # Login Succeeded

    ls -la ~/.docker/config.json
    -rw-r--r-- 1 root root 229 Jun 23 12:36 /root/.docker/config.json

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-16 11:35:41 +02:00
Sebastiaan van Stijn 0c2fe385bf
cli/formatter: reformat TestImageContext test cases
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-16 11:34:52 +02:00
Sebastiaan van Stijn d642de78f3
cli/command/formatter: remove deprecated compareMultipleValues() utility
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-16 11:34:50 +02:00
Silvin Lubecki e4e754bb74
Merge pull request #2595 from cpuguy83/handle_close_error_on_save
Handle errors on close in config file write.
2020-07-15 17:40:10 +02:00
Silvin Lubecki cae16e70b9
Merge pull request #2599 from thaJeztah/ignore_empty_configfile
config: ignore empty config file instead of printing warning
2020-07-09 15:27:29 +02:00
Sebastiaan van Stijn fde22be3ea
TestServiceUpdateResolveImageChanged: use subtests
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-06 14:58:40 +02:00
Sebastiaan van Stijn 732d8b51a8
un-wrap some code
The wrapping made the code harder to read (and in some cases destracted
from the actual code flow).

Some of these functions take too many arguments; instead of hiding that,
it probably better to make it apparent that something needs to be done
(and fix it :-)).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-06 14:55:17 +02:00
Sebastiaan van Stijn 47fce8f4bc
clean-up "resolve image" option logic
- change `validateResolveImageFlag()` to only perform _validation_,
  and not combine it with modifying the option.
- use a `switch` instead of `if` in `validateResolveImageFlag()`
- `deployServices()`: break up some `switch` cases to make them
  easier to read/understand the logic.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-06 14:55:08 +02:00
Sebastiaan van Stijn cce2f7fd9c
refactor opts tests
- TestParseRunAttach: use subtests to reduce cyclomatic complexity
- TestParseRunWithInvalidArgs: use subtests, and check if the expected
  error is returned.
- Removed parseMustError() as it was mostly redundant

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-01 14:45:47 +02:00
Brian Wieder a6cfbd2351 Added env-file flag to docker exec
Signed-off-by: Brian Wieder <brian@4wieders.com>
2020-06-29 18:32:44 -04:00
Silvin Lubecki e0654a584b
Merge pull request #2604 from thaJeztah/skip_on_mac
command/container: skip some tests on macOS
2020-06-26 16:05:58 +02:00
Sebastiaan van Stijn 1c31e193c0
command/container: skip some tests on macOS
These tests failed when running natively on macOS;

    unknown server OS: darwin

Skipping them, like we do on Windows

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-26 15:37:44 +02:00
Silvin Lubecki a03c2c65a1
Merge pull request #2581 from thaJeztah/config_simplify
config: remove redundant os.Stat()
2020-06-25 15:29:52 +02:00
Sebastiaan van Stijn 969580a887
config: ignore empty config file instead of printing warning
Before this change, a warning would be printed if the `~/.docker/config.json`
file was empty:

    mkdir -p ~/.docker && touch ~/.docker/config.json
    docker pull busybox
    WARNING: Error loading config file: /root/.docker/config.json: EOF
    Using default tag: latest
    ....

Given that we also accept an empty "JSON" file (`{}`), it should be
okay to ignore an empty file, as it's effectively a configuration file
with no custom options set.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-23 14:51:28 +02:00
Brian Goff d02173090f Handle errors on close in config file write.
I'm not sure if this fixes anything, however I have seen some weird
behavior on Windows where temp config files are left around and there
doesn't seem to be any errors reported.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-06-19 11:26:30 -07:00
Sebastiaan van Stijn 851eeb9639
Add support for pids limit in stacks (swarm)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-18 21:25:08 +02:00
Sebastiaan van Stijn 395a6d560d
Add support for --limit-pids on service create / update (swarm)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-18 21:25:02 +02:00
Sebastiaan van Stijn ba2a712ff0
Merge pull request #2583 from simonferquel/logout-config-out-of-sync2
Don't filter out registries to logout from with config file contents
2020-06-17 17:31:36 +02:00
Sebastiaan van Stijn a8df5e974e
Merge pull request #2580 from dominikbraun/2565-remove-image-images-alias
Remove 'images' alias from 'image ls' command
2020-06-16 00:09:41 +02:00
Sebastiaan van Stijn 077af8151f
Merge pull request #2578 from cpuguy83/anotate_os_version
Added support for setting OS version in docker manifest annotate.
2020-06-15 19:31:17 +02:00
Dominik Braun 1570025f00 Remove 'images' alias from 'image ls' command
Signed-off-by: Dominik Braun <Dominik.Braun@nbsp.de>

Remove assertion for 'images' alias of 'image ls'

Signed-off-by: Dominik Braun <Dominik.Braun@nbsp.de>
2020-06-15 17:48:43 +02:00
Simon Ferquel 6248f2fb6f Don't filter out registries to logout from with config file contents
Previously, if a registry AuthInfo was not present in the CLI config file, docker logout could not be used
to ask the credential helper to forget about it. It causes problem for people working with
multiple alternative config files, and it causes problems for cases like Docker Desktop w/ WSL 2, as
it uses the same win32 credential helper as the Windows CLI, but a different config file, leading to
bugs where I cannot logout from a registry from wsl2 if I logged in from Windows and vice-versa.

Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2020-06-15 14:29:37 +02:00
Sebastiaan van Stijn 0d57a400b3
vendor: docker/docker aaf470eca7b588aa19e6681bff8bf08d17be1bf2
full diff: 41ac6bef8d...aaf470eca7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-15 13:32:53 +02:00
Sebastiaan van Stijn 89089fb419
config: remove redundant os.Stat()
There's no need to perform an `os.Stat()` first, because
`os.Open()` also returns the same errors if the file does
not exist, or couldn't be opened for other reasons.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-15 11:08:56 +02:00
Sebastiaan van Stijn 494f30a1a5
config: fix error message using incorrect filename
Before:

    echo 'invalid-json' > ~/.dockercfg
    docker pull hello-world
    WARNING: Error loading config file: /root/.docker/config.json: Invalid Auth config file

After:

    echo 'invalid-json' > ~/.dockercfg
    docker pull hello-world
    WARNING: Error loading config file: /root/.dockercfg: Invalid Auth config file

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-12 22:30:10 +02:00
Saswat Bhattacharya bc5f102244 Added support for setting OS version in docker manifest annotate.
Signed-off-by: Saswat Bhattacharya <sas.saswat@gmail.com>
2020-06-12 12:04:03 -07:00
Sebastiaan van Stijn af2c31c4a7
Merge pull request #2572 from simonferquel/context-dont-loose-additional-fields
Don't loose additional metadata fields when read/writing contexts metadata
2020-06-12 10:59:23 +02:00
Tibor Vass 31822ff745
Merge pull request #2551 from cpuguy83/platform_on_create
Platform on create
2020-06-11 11:35:32 -07:00
Simon Ferquel 2ab4b4d536 Don't loose additional metadata fields
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2020-06-10 15:07:23 +02:00
Sebastiaan van Stijn a3af1f47da
Use consistent name for errors
This prevents inconsistent errors when using a symlink, or when renaming
the binary;

Before this change;

    ln -s $(which docker) toto
    ./toto rune
    docker: 'rune' is not a docker command.

    ./toto run daslkjadslkjdaslkj
    Unable to find image 'adslkjadslakdsj:latest' locally
    ./toto: Error response from daemon: pull access denied for adslkjadslakdsj, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.

After this change:

    ln -s $(which docker) toto
    ./toto rune
    docker: 'rune' is not a docker command.

    ./toto run daslkjadslkjdaslkj
    Unable to find image 'adslkjadslakdsj:latest' locally
    docker: Error response from daemon: pull access denied for adslkjadslakdsj, repository does not exist or may require 'docker login': denied: requested access to the resource is den>

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-09 16:24:35 +02:00
Sebastiaan van Stijn 8f14db8df2
Merge pull request #2555 from devisions/timestam_with_z_doc_upd
Explicit Z on logs timestamp examples
2020-06-04 17:53:52 +02:00
Tonis Tiigi d30970e3b1 ssh: avoid setting flags through hostname
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-05-28 20:08:35 +00:00
devisions 1183a3e6e7 Explicit Z on logs timestamp examples
Signed-off-by: devisions <marius.ileana@gmail.com>
2020-05-28 15:24:07 +03:00
Brian Goff ccd9d633bb Set platform on container create API.
Previously we only set the platform when performing a pull, which is
only initiated if pull always is set, or if the image reference does not
exist in the daemon.

The daemon now supports specifying which platform you wanted on
container create so it can validate the image reference is the platform
you thought you were getting.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-05-27 17:16:56 -07:00
Daniil Nikolenko cb010db830 Fix bug with panic when DOCKER_CLI_EXPERIMENTAL environment variable is incorrect
Signed-off-by: Daniil Nikolenko <qoo2p5@gmail.com>
2020-05-24 23:21:20 +03:00
Silvin Lubecki 54f766d240 Partially revert cf663b526a as it breaks the version negotiation with an older docker engine.
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2020-05-20 16:10:43 +02:00
Silvin Lubecki ce2a9faf1b
Merge pull request #2517 from thaJeztah/compose_file_build_extra_hosts
compose: add build.extra_hosts to v3.9 schema
2020-05-11 17:18:48 +02:00
Sebastiaan van Stijn 0c5f97ed72
compose: add build.extra_hosts to v3.9 schema
This is not currently used by the CLI, but can be used by
docker compose to bring parity on this feature with the
compose v2.4 schema.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-10 20:01:03 +02:00
Sebastiaan van Stijn bb7ef2cb3a
Update some uses of errors.Cause() to errors.Is()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-10 19:56:35 +02:00
Brian Goff f7185d27e1
Merge pull request #2161 from thaJeztah/config_dont_init
config: don't call homedir on init()
2020-05-07 11:20:40 -07:00
Silvin Lubecki 7cd6e893a1
Merge pull request #2500 from thaJeztah/version_context
Add "context" to "docker version" and "docker info"
2020-05-07 16:10:16 +02:00
Sebastiaan van Stijn 719169db63
Replace deprecated Cobra command.SetOutput() with command.SetOut()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-07 14:25:59 +02:00
Sebastiaan van Stijn bc938e4dea
docker info: add "context" to output
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-07 14:07:22 +02:00
Sebastiaan van Stijn 181e60499f
docker version: add "context" to output
This adds the currently selected "docker context" to the output
of "docker version", which allows users to see which context
is selected to produce the version output, and can be used (for
example), to set the prompt to the currently selected context:

(in `~/.bashrc`):

```bash
function docker_context_prompt() {
        PS1="context: $(docker version --format='{{.Client.Context}}')> "
}

PROMPT_COMMAND=docker_context_prompt
```

After reloading the `~/.bashrc`, the prompt now shows the currently selected
`docker context`:

```bash
$ source ~/.bashrc
context: default> docker context create --docker host=unix:///var/run/docker.sock my-context
my-context
Successfully created context "my-context"
context: default> docker context use my-context
my-context
Current context is now "my-context"
context: my-context> docker context use default
default
Current context is now "default"
context: default>
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-07 14:07:15 +02:00
Sebastiaan van Stijn 4f058143c7
Merge pull request #2262 from dperny/swarm-jobs
Add jobs support to CLI
2020-05-06 17:00:01 +02:00
Sebastiaan van Stijn 80a2256478
Swarm init: use local IPNetSliceValue
This flag type was not yet merged upstream, so instead of
using a fork of spf13/pflag, define the type locally, so that
we can vendor the upstream package again.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-04 16:30:50 +02:00
Silvin Lubecki 9387b99c36
Merge pull request #2376 from davidwtf/master
try http for docker manifest --insecure
2020-05-04 16:19:38 +02:00
Akihiro Suda dbc61787a7 info: print Cgroup Version
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-04-30 06:48:12 +09:00
Drew Erny 9375644e34 Add jobs support to CLI
* Added two new modes accepted by the `--mode` flag
  * `replicated-job` creates a replicated job
  * `global-job` creates a global job.
* When using `replicated-job` mode, the `replicas` flag sets the
  `TotalCompletions` parameter of the job. This is the total number of
  tasks that will run
* Added a new flag, `max-concurrent`, for use with `replicated-job`
  mode. This flag sets the `MaxConcurrent` parameter of the job, which
  is the maximum number of replicas the job will run simultaneously.
* When using `replicated-job` or `global-job` mode, using any of the
  update parameter flags will result in an error, as jobs cannot be
  updated in the traditional sense.
* Updated the `docker service ls` UI to include the completion status
  (completed vs total tasks) if the service is a job.
* Updated the progress bars UI for service creation and update to
  support jobs. For jobs, there is displayed a bar covering the overall
  progress of the job (the number of tasks completed over the total
  number of tasks to complete).
* Added documentation explaining the use of the new flags, and of jobs
  in general.

Signed-off-by: Drew Erny <derny@mirantis.com>
2020-04-24 11:22:10 -05:00
Sebastiaan van Stijn d0a80bf445
update docker, replace github.com/docker/pkg/term, github.com/docker/pkg/mount
These packages are now living in their own repository. Updating
docker/docker to replace the dependencies.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:16:13 +02:00
Sebastiaan van Stijn 8a30653ed5
config: don't call homedir on init()
This patch changes the package to lazily obtain the user's home-
directory on first use, instead of when initializing the package.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-21 17:25:22 +02:00
Silvin Lubecki 9fee14a814
Merge pull request #2432 from thaJeztah/network_prune_improve_message
improve "network prune" output to mention custom networks only
2020-04-21 17:06:42 +02:00
Silvin Lubecki ae66898200
Merge pull request #2424 from thaJeztah/lazy_feature_detection
cli: perform feature detection lazily
2020-04-15 16:42:26 +02:00
Sebastiaan van Stijn f88ae74135
Add "host-gateway" to tests for extra_hosts / --add-host
67ebcd6dcf added an exception for
the "host-gateway" magic value to the validation rules, but didn't
add thise value to any of the tests.

This patch adds the magic value to tests, to verify the validation
is skipped for this magic value.

Note that validation on the client side is "optional" and mostly
done to provide a more user-friendly error message for regular
values (IP-addresses).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-15 09:52:55 +02:00
Akihiro Suda a4a07c6430 calculateMemUsageUnixNoCache: subtract total_inactive_file, not cache
The new stat definition corresponds to containerd/CRI and cadvisor.

c1115d4e57/pkg/server/container_stats_list_unix.go (L106-L129)
307d1b1cb3

Fix https://github.com/moby/moby/issues/40727

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-04-11 08:13:21 +09:00
Sebastiaan van Stijn b39739123b
cli: perform feature detection lazily
- Perform feature detection when actually needed, instead of during
  initializing
- Version negotiation is performed either when making an API request,
  or when (e.g.) running `docker help` (to hide unsupported features)
- Use a 2 second timeout when 'pinging' the daemon; this should be
  sufficient for most cases, and when feature detection failed, the
  daemon will still perform validation (and produce an error if needed)
- context.WithTimeout doesn't currently work with ssh connections (connhelper),
  so we're only applying this timeout for tcp:// connections, otherwise
  keep the old behavior.

Before this change:

    time sh -c 'DOCKER_HOST=tcp://42.42.42.41:4242 docker help &> /dev/null'
    real   0m32.919s
    user   0m0.370s
    sys    0m0.227s

    time sh -c 'DOCKER_HOST=tcp://42.42.42.41:4242 docker context ls &> /dev/null'
    real   0m32.072s
    user   0m0.029s
    sys    0m0.023s

After this change:

    time sh -c 'DOCKER_HOST=tcp://42.42.42.41:4242 docker help &> /dev/null'
    real   0m 2.28s
    user   0m 0.03s
    sys    0m 0.03s

    time sh -c 'DOCKER_HOST=tcp://42.42.42.41:4242 docker context ls &> /dev/null'
    real   0m 0.13s
    user   0m 0.02s
    sys    0m 0.02s

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-10 16:33:21 +02:00
Sebastiaan van Stijn a88a1bea23
docker build: check experimental --platform on pre-run
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-10 16:33:15 +02:00
Sebastiaan van Stijn eb93a865ed
improve "network prune" output to mention custom networks only
The `docker network prune` command removes unused custom networks,
but built-in networks won't be removed. This patch updates the
message to mention that it's only removing custom networks.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-10 13:45:10 +02:00
Silvin Lubecki ad256ba023
Merge pull request #2426 from thaJeztah/fix_test_env
test: make sure environment vars are reset after tests
2020-04-09 17:39:24 +02:00
Sebastiaan van Stijn 19bcebd122
test: make sure environment vars are reset after tests
The trust tests were not resetting the environment after they
ran, which could result in tests following those tests to fail.

While at it, I also updated some other tests to use gotest.tools

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-09 13:40:45 +02:00
Sebastiaan van Stijn 650c717580
TestHistoryContext_CreatedSince: skip on non-UTC environments
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-09 13:38:52 +02:00
Tengfei Wang 83478fe7cb try http for docker manifest --insecure
Signed-off-by: Tengfei Wang <tfwang@alauda.io>
2020-03-24 23:42:33 +08:00
Dominik Braun 9d9568263f Replace 'numeric' with object in -q description
Signed-off-by: Dominik Braun <Dominik.Braun@nbsp.de>
2020-03-02 10:28:52 +01:00
Silvin Lubecki c3b48c5c9c
Merge pull request #2343 from thaJeztah/fix_prune_flag_description
Fix builder prune -a/--all flag description
2020-02-26 16:22:29 +01:00
Silvin Lubecki 30d6ee997b
Merge pull request #2357 from thaJeztah/gofmt_test
gofmt compose loader test
2020-02-26 15:23:57 +01:00
Sebastiaan van Stijn 2c0e93063b
bump gotest.tools v3.0.1 for compatibility with Go 1.14
full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-23 00:28:55 +01:00
Sebastiaan van Stijn 5ef0fa10de
gofmt compose loader test
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-22 18:22:27 +01:00
Sebastiaan van Stijn 11869fa42a
fix panic on single-character volumes
Before this change, this would cause a panic:

    docker run -it --rm -v 1:/1 alpine
    panic: runtime error: index out of range

    goroutine 1 [running]:
    github.com/docker/cli/cli/compose/loader.isFilePath(0xc42027e058, 0x1, 0x557dcb978c20)
    ...

After this change, a correct error is returned:

    docker run -it --rm -v 1:/1 alpine
    docker: Error response from daemon: create 1: volume name is too short, names should be at least two alphanumeric characters.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-21 01:38:52 +01:00
Sebastiaan van Stijn aad9d2c958
Fix builder prune -a/--all flag description
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-18 14:30:28 +01:00
Andrii Berehuliak 80b22064d1
Improve service tasks grouping on printing
When printing services' tasks with `docker service ps` command, tasks are grouped only by task slot.
This leads to interleaving tasks from different services when `docker service ps` is called with multiple services.

Besides this, global services do not have slots at all and printing tasks for them doesn't group and
doesn't properly indent tasks with \_.

With this patch all tasks are grouped by service ID, slot and node ID (relevant only for global services) and it fixes issue 533.

Before this patch:

```console
docker service ps a b c

ID                  NAME                              IMAGE               NODE                DESIRED STATE       CURRENT STATE                     ERROR               PORTS
xbzm6ed776yw        c.j1afavbqqhr21jvnid3nnfoyt       nginx:alpine        docker-desktop      Running             Running 5 seconds ago
4mcsovp8ckwn         \_ c.j1afavbqqhr21jvnid3nnfoyt   nginx:alpine        docker-desktop      Shutdown            Shutdown 6 seconds ago
qpcgdsx1r21a        b.1                               nginx:alpine        docker-desktop      Running             Running 2 seconds ago
kfjo1hly92l4        a.1                               nginx:alpine        docker-desktop      Running             Running 5 seconds ago
pubrerosvsw5        b.1                               nginx:alpine        docker-desktop      Shutdown            Shutdown 3 seconds ago
fu08gfi8tfyv        a.1                               nginx:alpine        docker-desktop      Shutdown            Shutdown 7 seconds ago
pu6qmgyoibq4        b.2                               nginx:alpine        docker-desktop      Running             Ready 1 second ago
tz1n4hjne6pk         \_ b.2                           nginx:alpine        docker-desktop      Shutdown            Shutdown less than a second ago
xq8dogqcbxd2        a.2                               nginx:alpine        docker-desktop      Running             Running 44 seconds ago
rm40lofzed0h        a.3                               nginx:alpine        docker-desktop      Running             Starting less than a second ago
sqqj2n9fpi82        b.3                               nginx:alpine        docker-desktop      Running             Running 5 seconds ago
prv3gymkvqk6         \_ b.3                           nginx:alpine        docker-desktop      Shutdown            Shutdown 6 seconds ago
qn7c7jmjuo76        a.3                               nginx:alpine        docker-desktop      Shutdown            Shutdown less than a second ago
wi9330mbabpg        a.4                               nginx:alpine        docker-desktop      Running             Running 2 seconds ago
p5oy6h7nkvc3         \_ a.4                           nginx:alpine        docker-desktop      Shutdown            Shutdown 3 seconds ago
```

After this patch:

```console
docker service ps a b c

ID                  NAME                              IMAGE               NODE                DESIRED STATE       CURRENT STATE             ERROR               PORTS
kfjo1hly92l4        a.1                               nginx:alpine        docker-desktop      Running             Running 32 seconds ago
fu08gfi8tfyv         \_ a.1                           nginx:alpine        docker-desktop      Shutdown            Shutdown 34 seconds ago
3pam0limnn24        a.2                               nginx:alpine        docker-desktop      Running             Running 23 seconds ago
xq8dogqcbxd2         \_ a.2                           nginx:alpine        docker-desktop      Shutdown            Shutdown 24 seconds ago
rm40lofzed0h        a.3                               nginx:alpine        docker-desktop      Running             Running 26 seconds ago
qn7c7jmjuo76         \_ a.3                           nginx:alpine        docker-desktop      Shutdown            Shutdown 27 seconds ago
wi9330mbabpg        a.4                               nginx:alpine        docker-desktop      Running             Running 29 seconds ago
p5oy6h7nkvc3         \_ a.4                           nginx:alpine        docker-desktop      Shutdown            Shutdown 30 seconds ago
qpcgdsx1r21a        b.1                               nginx:alpine        docker-desktop      Running             Running 29 seconds ago
pubrerosvsw5         \_ b.1                           nginx:alpine        docker-desktop      Shutdown            Shutdown 30 seconds ago
pu6qmgyoibq4        b.2                               nginx:alpine        docker-desktop      Running             Running 26 seconds ago
tz1n4hjne6pk         \_ b.2                           nginx:alpine        docker-desktop      Shutdown            Shutdown 27 seconds ago
sqqj2n9fpi82        b.3                               nginx:alpine        docker-desktop      Running             Running 32 seconds ago
prv3gymkvqk6         \_ b.3                           nginx:alpine        docker-desktop      Shutdown            Shutdown 33 seconds ago
xbzm6ed776yw        c.j1afavbqqhr21jvnid3nnfoyt       nginx:alpine        docker-desktop      Running             Running 32 seconds ago
4mcsovp8ckwn         \_ c.j1afavbqqhr21jvnid3nnfoyt   nginx:alpine        docker-desktop      Shutdown            Shutdown 33 seconds ago
```

Signed-off-by: Andrii Berehuliak <berkusandrew@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-17 14:47:12 +01:00
Sebastiaan van Stijn c84f95815d
Remove deprecated docker search --automated and --stars flags
The `docker search --automated` and `docker search --stars` options were
deprecated in release v1.12.0, and scheduled for removal in v17.09.

This patch removes the deprecated flags, in favor of their equivalent
`--filter` options (`docker search --filter=is-automated=<true|false>` and
`docker search --filter=stars=...`).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-13 17:19:54 +01:00
Silvin Lubecki 88cb93b063
Merge pull request #2303 from thaJeztah/revert_ssh_mux
revert "connhelper: use ssh multiplexing"
2020-02-13 15:15:25 +01:00
Sebastiaan van Stijn 9b549401b6
vendor: update docker to 58c2615208962a458ed94f4b6262eb27e5e021cd
full diff: a9507c6f76...58c2615208

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-12 18:45:12 +01:00
Sebastiaan van Stijn 8ef8547eb6
Merge pull request #2024 from rgulewich/1988-run-cgroupns-mode
docker run: specify cgroup namespace mode with --cgroupns
2020-02-11 11:16:05 +01:00
Simon Ferquel 17e651dc54 Add support for Kubernetes username/password auth
This is required for supporting some Kubernetes distributions such as
rancher/k3s.

It comes with a test case validating correct parsing of a k3s kubeconfig
file

Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2020-02-04 11:31:28 +01:00
Silvin Lubecki 5d0cf88394
Merge pull request #2220 from thaJeztah/push_all_flag
implement docker push -a/--all-tags
2020-01-30 16:27:16 +01:00
Sebastiaan van Stijn 2a08462deb
Revert "connhelper: add ssh multiplexing"
This reverts commit c04dd6e244.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-30 16:21:04 +01:00
Rob Gulewich 5ad1d4d4c8 docker run: specify cgroup namespace mode with --cgroupns
Signed-off-by: Rob Gulewich <rgulewich@netflix.com>
2020-01-29 22:50:37 +00:00
Sebastiaan van Stijn 9e620e990f
implement docker push -a/--all-tags
The `docker push` command up until [v0.9.1](https://github.com/moby/moby/blob/v0.9.1/api/client.go#L998)
always pushed all tags of a given image, so `docker push foo/bar` would push (e.g.)
all of  `foo/bar:latest`, `foo:/bar:v1`, `foo/bar:v1.0.0`.

Pushing all tags of an image was not desirable in many case, so docker v0.10.0
enhanced `docker push` to optionally specify a tag to push (`docker push foo/bar:v1`)
(see https://github.com/moby/moby/issues/3411 and the pull request that implemented
this: https://github.com/moby/moby/pull/4948).

This behavior exists up until today, and is confusing, because unlike other commands,
`docker push` does not default to use the `:latest` tag when omitted, but instead
makes it push "all tags of the image"

For example, in the following situation;

```
docker images

REPOSITORY          TAG                        IMAGE ID            CREATED             SIZE
thajeztah/myimage   latest                     b534869c81f0        41 hours ago        1.22MB
```

Running `docker push thajeztah/myimage` seemingly does the expected behavior (it
pushes `thajeztah/myimage:latest` to Docker Hub), however, it does not so for the
reason expected (`:latest` being the default tag), but because `:latest` happens
to be the only tag present for the `thajeztah/myimage` image.

If another tag exists for the image:

```
docker images

REPOSITORY          TAG                        IMAGE ID            CREATED             SIZE
thajeztah/myimage   latest                     b534869c81f0        41 hours ago        1.22MB
thajeztah/myimage   v1.0.0                     b534869c81f0        41 hours ago        1.22MB
```

Running the same command (`docker push thajeztah/myimage`) will push _both_ images
to Docker Hub.

> Note that the behavior described above is currently not (clearly) documented;
> the `docker push` reference documentation (https://docs.docker.com/engine/reference/commandline/push/)
does not mention that omitting the tag will push all tags

This patch changes the default behavior, and if no tag is specified, `:latest` is
assumed. To push _all_ tags, a new flag (`-a` / `--all-tags`) is added, similar
to the flag that's present on `docker pull`.

With this change:

- `docker push myname/myimage` will be the equivalent of `docker push myname/myimage:latest`
- to push all images, the user needs to set a flag (`--all-tags`), so `docker push --all-tags myname/myimage:latest`

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-28 16:21:06 +01:00
Sebastiaan van Stijn 97010520d4
bump mjibson/esc v0.2.0
full diff: https://github.com/mjibson/esc/compare/v0.1.0...v0.2.0

includes:

- mjibson/esc#51 Readdir Implementation - and covering with tests
- mjibson/esc#53 update go versions and golint import location
- mjibson/esc#58 Avoid unnecessary conversion and so pass with unconvert linter

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-27 17:40:56 +01:00
Sebastiaan van Stijn 8f5379b301
Update flag description for docker rm -v
The `-v` option removes anonymous volume only, and keeps
named volumes.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-25 13:54:23 +01:00
Sebastiaan van Stijn 7a0b138571
Merge pull request #2277 from zappy-shu/bump_mergo_v0.3.8
Bump mergo v0.3.8
2020-01-24 17:48:45 +01:00
Nick Adcock 4006c42e13 Added transforms for compose overrides
Added transforms for when merging compose overrides to preserve the
functionality that was broken by bumping mergo to v1.3.8

This includes:
- Special transform for ulimits so single overrides both soft/hard and
the reverse
- Special transform for service network configs so the override replaces
all aliases

Signed-off-by: Nick Adcock <nick.adcock@docker.com>
2020-01-24 15:52:36 +00:00
Sebastiaan van Stijn 94443920b1
Fix: docker push --quiet suppressing errors and exit code
Before this patch:

    docker push --quiet nosuchimage
    docker.io/library/nosuchimage

    echo $?
    0

With this patch applied:

    docker push --quiet nosuchimage:latest
    An image does not exist locally with the tag: nosuchimage

    echo $?
    1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-24 13:53:24 +01:00
Rahul Zoldyck 139af1f6d6
Add log-driver and options to service inspect "pretty" format
Signed-off-by: Rahul Zoldyck <rahulzoldyck@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-17 15:10:36 +01:00
Sebastiaan van Stijn e7f720b0a6
cli/config: fix formatting of comments
Comments should have a leading space unless the comment is
for special purposes (go:generate, nolint:)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-16 12:47:49 +01:00
Sebastiaan van Stijn 73dcf50d5a
cli/command: fix formatting of comments, and minor linting issues
Comments should have a leading space unless the comment is
for special purposes (go:generate, nolint:)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-16 12:47:12 +01:00
Aleksander Piotrowski c2c7503d49
Convert ports before parsing.
Refactor code to allow mixed notation with -p flag.

Signed-off-by: Aleksander Piotrowski <apiotrowski312@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-15 15:09:00 +01:00
Nick Adcock 154a1f6df8 Reverse order of long-form ports
Reverses the order long-form port options when converted to short-form
to correctly match the documentation and `docker service create`.

Post change `-p published=8111,target=8112` is the equivalent of
`8111:8112`

Signed-off-by: Nick Adcock <nick.adcock@docker.com>
2020-01-15 12:11:57 +00:00
Tonis Tiigi c04dd6e244 connhelper: add ssh multiplexing
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-01-09 10:14:59 -08:00
Silvin Lubecki af097b2618
Merge pull request #2228 from thaJeztah/config_permissions
config: preserve ownership and permissions on configfile
2020-01-09 15:26:54 +01:00
Sebastiaan van Stijn aef6b04a7c
Fix docker ps table headers with custom format and "split" or "join"
Update the list of overrides for table headers so that columns using split or
join will produce the correct table header.

Before this patch:

    docker ps --format='table {{split .Names "/"}}'
    [NAMES]
    [unruffled_mclean]
    [eloquent_meitner]
    [sleepy_grothendieck]

With this patch applied:

    docker ps --format='table {{split .Names "/"}}'
    NAMES
    [unruffled_mclean]
    [eloquent_meitner]
    [sleepy_grothendieck]

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-27 12:36:02 +01:00
Sebastiaan van Stijn 69f216f6e4
Fix docker ps --format with templating functions
Before this patch, using a template that used templating functions (such as
`lower` or `json`) caused the command to fail in the pre-processor step (in
`buildContainerListOptions`):

    docker ps --format='{{upper .Names}}'
    template: :1:8: executing "" at <.Names>: invalid value; expected string

This problem was due to the pre-processing using a different "context" type than
was used in the actual template, and custom functions to not be defined when
instantiating the Go template.

With this patch, using functions in templates works correctly:

    docker ps --format='{{upper .Names}}'
    MUSING_NEUMANN
    ELOQUENT_MEITNER

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-27 12:35:55 +01:00
Sebastiaan van Stijn b062726313
command/container: unify list tests in a single file
Move the remaining test with the others, and rename it from
`TestBuildContainerListOptions` to `TestContainerListBuildContainerListOptions`,
so that it has the same prefix as the other tests.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-20 14:59:43 +01:00
Sebastiaan van Stijn 22a291f703
config: preserve ownership and permissions on configfile
When running `docker login` or `docker logout`, the CLI updates
the configuration file by creating a temporary file, to replace
the old one (if exists).

When using `sudo`, this caused the file to be created as `root`,
making it inaccessible to the current user.

This patch updates the CLI to fetch permissions and ownership of
the existing configuration file, and applies those permissions
to the new file, so that it has the same permissions as the
existing file (if any).

Currently, only done for "Unix-y" systems (Mac, Linux), but
can be implemented for Windows in future if there's a need.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-17 09:57:33 +01:00
Sebastiaan van Stijn 43b2f52d0c
Remove "docker engine" subcommands
These subcommands were created to allow upgrading a Docker Community
engine to Docker Enterprise, but never really took off.

This patch removes the `docker engine` subcommands, as they added
quite some complexity / additional code.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-12 17:51:25 +01:00
Silvin Lubecki 0fd5c16ab9
Merge pull request #1936 from thaJeztah/bump_jwt_go
bump dgrijalva/jwt-go v3.2.0, docker/licencing 7c3de6a
2019-12-12 14:50:10 +01:00
Brian Goff 08eaead288
Merge pull request #2216 from thaJeztah/remove_dab_deploy
Remove experimental "deploy" from "dab" files
2019-12-10 11:00:34 -08:00
Sebastiaan van Stijn dd87cd9feb
bump github.com/dgrijalva/jwt-go v3.2.0, docker/licencing 7c3de6a4f59e9e70764ea6f6901cf17b88059789
full diff:

- a2c85815a7...v3.2.0
  - https://github.com/dgrijalva/jwt-go/blob/v3.2.0/VERSION_HISTORY.md
- 9781369abd...5f0f1276fe42dd721c1c093604995a9f758ace21

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-10 14:24:37 +01:00