Commit Graph

13 Commits

Author SHA1 Message Date
Yong Tang b849aa6b95 Add `--read-only` for `service create` and `service update`
This fix tries to address the issue raised in 29972 where
it was not possible to specify `--read-only` for `docker service create`
and `docker service update`, in order to have the container's root file
system to be read only.

This fix adds `--read-only` and update the `ReadonlyRootfs` in `HostConfig`
through `service create` and `service update`.

Related docs has been updated.

Integration test has been added.

This fix fixes 29972.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-01-30 12:47:26 -08:00
Josh Hawn acda56d47c Add SecretUpdate method to client
closes #28678

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)

Update cli/command/service/update_test.go

Fixes test build error:

  secretAPIClientMock does not implement "github.com/docker/docker/client".SecretAPIClient (missing SecretUpdate method)

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2017-01-13 09:51:05 -08:00
Sebastiaan van Stijn edeb5b6e0d Update order of '--secret-rm' and '--secret-add'
When using both `--secret-rm` and `--secret-add` on `docker service update`,
`--secret-rm` was always performed last. This made it impossible to update
a secret that was already in use on a service (for example, to change
it's permissions, or mount-location inside the container).

This patch changes the order in which `rm` and `add` are performed,
allowing updating a secret in a single `docker service update`.

Before this change, the `rm` was always performed "last", so the secret
was always removed:

    $ echo "foo" | docker secret create foo -f -
    foo

    $ docker service create --name myservice --secret foo nginx:alpine
    62xjcr9sr0c2hvepdzqrn3ssn

    $ docker service update --secret-rm foo --secret-add source=foo,target=foo2 myservice
    myservice

    $ docker service inspect --format '{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}' myservice | jq .
    null

After this change, the `rm` is performed _first_, allowing users to
update a secret without updating the service _twice_;

    $ echo "foo" | docker secret create foo -f -
    1bllmvw3a1yaq3eixqw3f7bjl

    $ docker service create --name myservice --secret foo nginx:alpine
    lr6s3uoggli1x0hab78glpcxo

    $ docker service update --secret-rm foo --secret-add source=foo,target=foo2 myservice
    myservice

    $ docker service inspect --format '{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}' myservice | jq .

    [
      {
        "File": {
          "Name": "foo2",
          "UID": "0",
          "GID": "0",
          "Mode": 292
        },
        "SecretID": "tn9qiblgnuuut11eufquw5dev",
        "SecretName": "foo"
      }
    ]

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-12-31 14:55:29 +01:00
Vincent Demeester b4a6d83dc2 Make --publish-rm precedes --publish-add, so that add wins
`--publish-add 8081:81 --publish-add 8082:82 --publish-rm 80
--publish-rm 81/tcp --publish-rm 82/tcp` would thus result in 81 and
82 to be published.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-12-11 23:14:54 +01:00
Vincent Demeester 7fbc616b47 Remove --port and update --publish for services to support syntaxes
Add support for simple and complex syntax to `--publish` through the
use of `PortOpt`.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-12-11 23:14:54 +01:00
Yong Tang 8597e231a5 Return error for incorrect argument of `service update --publish-rm <TargetPort>`
Currently `--publish-rm` only accepts `<TargetPort>` or `<TargetPort>[/Protocol]`
though there are some confusions.

Since `--publish-add` accepts `<PublishedPort>:<TargetPort>[/Protocol]`, some user
may provide `--publish-rm 80:80`. However, there is no error checking so the incorrect
provided argument is ignored silently.

This fix adds the check to make sure `--publish-rm` only accepts `<TargetPort>[/Protocol]`
and returns error if the format is invalid.

The `--publish-rm` itself may needs to be revisited to have a better UI/UX experience,
see discussions on:
https://github.com/docker/swarmkit/issues/1396
https://github.com/docker/docker/issues/25200#issuecomment-236213242
https://github.com/docker/docker/issues/25338#issuecomment-240787002

This fix is short term measure so that end users are not misled by the silently ignored error
of `--publish-rm`.

This fix is related to (but is not a complete fix):
https://github.com/docker/swarmkit/issues/1396

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-12-01 17:46:53 -08:00
Jana Radhakrishnan 148dc157f6 Add support for host port PublishMode in services
Add api/cli support for adding host port PublishMode in services.

Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
2016-11-10 18:07:55 -08:00
Yong Tang 6f3ee9c568 Add flag `--host` to `service create` and `--host-add/--host-rm` to `service update`
This fix tries to address 27902 by adding a flag `--host`
to `docker service create` and `--host-add/--host-rm` to
`docker service update`, so that it is possible to
specify extra `host:ip` settings in `/etc/hosts`.

This fix adds `Hosts` in swarmkit's `ContainerSpec` so that it
is possible to specify extra hosts during service creation.

Related docs has been updated.

An integration test has been added.

This fix fixes 27902.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-10 10:20:24 -08:00
Yong Tang b38ca0f4c3 Add `--dns-option` to `docker run` and hide `--dns-opt`
This fix is a follow up to #27567 based on:
https://github.com/docker/docker/pull/27567#issuecomment-259295055

In #27567, `--dns-options` has been added to `service create/update`,
together with `--dns` and `--dns-search`. The `--dns-opt` was used
in `docker run`.

This fix add `--dns-option` (not `--dns-options`) to `docker run/create`, and hide
`--dns-opt`. It is still possible to use `--dns-opt` with
`docker run/create`, though it will not show up in help output.

This fix change `--dns-options`to --dns-option` for `docker service create`
and `docker service update`.

This fix also updates the docs and bash/zsh completion scripts.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-09 12:13:25 -08:00
Yong Tang 49e528e18a Add custom DNS settings to service update
This fix adds `--dns-add`, `--dns-rm`, `--dns-opt-add`, `--dns-opt-rm`,
`--dns-search-add` and `--dns-search-rm` to `service update`.

An integration test and a unit test have been added to cover the changes in this fix.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-08 15:41:32 -08:00
Kunal Kushwaha b8cf9a880e correct handling of volumes while service update.
Updating a service to replace a volume is handled properly now.
Fixes bug#25772

Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
2016-11-04 10:15:18 +09:00
Cezar Sa Espinola 87e916a171 Add --health-* commands to service create and update
A HealthConfig entry was added to the ContainerSpec associated with the
service being created or updated.

Signed-off-by: Cezar Sa Espinola <cezarsa@gmail.com>
2016-10-28 15:19:08 -02:00
Daniel Nephin 3bd1eb4b76 Move api/client -> cli/command
Using
  gomvpkg
     -from github.com/docker/docker/api/client
     -to github.com/docker/docker/cli/command
     -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}'

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2016-09-08 15:46:29 -04:00