Extra hosts (`extra_hosts` in compose-file, or `--hosts` in services) adds
custom host/ip mappings to the container's `/etc/hosts`.
The current implementation used a `map[string]string{}` as intermediate
storage, and sorted the results alphabetically when converting to a service-spec.
As a result, duplicate hosts were removed, and order of host/ip mappings was not
preserved (in case the compose-file used a list instead of a map).
According to the **host.conf(5)** man page (http://man7.org/linux/man-pages/man5/host.conf.5.html)
multi Valid values are on and off. If set to on, the resolver
library will return all valid addresses for a host that
appears in the /etc/hosts file, instead of only the first.
This is off by default, as it may cause a substantial
performance loss at sites with large hosts files.
Multiple entries for a host are allowed, and even required for some situations,
for example, to add mappings for IPv4 and IPv6 addreses for a host, as illustrated
by the example hosts file in the **hosts(5)** man page (http://man7.org/linux/man-pages/man5/hosts.5.html):
# The following lines are desirable for IPv4 capable hosts
127.0.0.1 localhost
# 127.0.1.1 is often used for the FQDN of the machine
127.0.1.1 thishost.mydomain.org thishost
192.168.1.10 foo.mydomain.org foo
192.168.1.13 bar.mydomain.org bar
146.82.138.7 master.debian.org master
209.237.226.90 www.opensource.org
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
This patch changes the intermediate storage format to use a `[]string`, and only
sorts entries if the input format in the compose file is a mapping. If the input
format is a list, the original sort-order is preserved.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `--host-add` flag adds a new `host:ip` mapping. Even though
adding an entry is idempotent (adding the same mapping multiple
times does not update the service's definition), it does not
_update_ an existing mapping with a new IP-address (multiple
IP-addresses can be defined for a host).
This patch removes the "or update" part from the flag's
description.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
and enable the new WarnUnmatchedDirective to warn if a nolint is unnecessary.
remove some unnecessary nolint
Signed-off-by: Daniel Nephin <dnephin@docker.com>
When deploying a stack from a compose file, the output did not show
that a secret or config was created. This patch adds messages for these.
Create a configuration file and compose file:
$ cat > config.yml <<EOF
hello: world
EOF
$ cat > secret.txt <<EOF
p@ssw0rd
EOF
$ cat > docker-compose.yml <<EOF
version: "3.3"
services:
test:
image: nginx:alpine
configs:
- source: myconfig
target: /my-config.yml
secrets:
- source: mysecret
target: /my-secret.txt
configs:
myconfig:
file: ./config.yml
secrets:
mysecret:
file: ./secret.txt
EOF
Before this patch is applied:
$ docker stack deploy -c docker-compose.yml example
Creating network example_default
Creating service example_test
After this patch is applied:
$ docker stack deploy -c docker-compose.yml example
Creating network example_default
Creating secret example_mysecret
Creating config example_myconfig
Creating service example_test
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Port mappings in `docker service ls` are quite verbose, and occupy a lot of
space when ranges of ports are published.
This patch improves the output by reconstructing ranges of ports.
Given the following service;
$ docker service create \
-p 60-61:60-61 \
-p 62:61 \
-p 80:80 \
-p 81:80 \
-p 90-95:90-95 \
-p 90-92:90-92/udp \
-p 93-96:93-96/udp \
--name foo \
nginx:alpine
Before this patch is applied:
$ docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
u1kwguv841qg foo replicated 1/1 nginx:alpine *:60->60/tcp,*:61->61/tcp,*:62->61/tcp,*:80->80/tcp,*:81->80/tcp,*:90->90/tcp,*:91->91/tcp,*:92->92/tcp,*:93->93/tcp,*:94->94/tcp,*:95->95/tcp,*:90->90/udp,*:91->91/udp,*:92->92/udp,*:93->93/udp,*:94->94/udp,*:95->95/udp,*:96->96/udp
After this patch is applied:
$ docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
u1kwguv841qg foo replicated 1/1 nginx:alpine *:60-62->60-61/tcp,*:80-81->80/tcp,*:90-95->90-95/tcp,*:90-96->90-96/udp
Additional enhancements can still be made, and marked as TODO in this change;
- combine non-consecutive ports mapped to a single port (`80->80`, `81->80`,
`84->80`, `86->80`, `87->80`); to be printed as `*:80-81,84,86-87->80`.
- combine `tcp` and `udp` mappings if their port-mapping is the same;
print `*:80-81->80-81/tcp+udp` instead of `*:80-81->80-81/tcp, *:80-81->80-81/udp`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Running `docker service ps --quiet` should print the
full, non-truncated ID, even if the `--no-trunc` option
is not set.
This patch disables truncation if the `--quiet` flag
is set.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `docker container stats` output has a column (`CONTAINER`), that shows either
the container _id_ or container _name_, depending on the arguments given.
For example, running `docker container stats foobar` shows:
CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
foobar 0.00% 1.938MiB / 1.952GiB 0.10% 782B / 0B 4.11MB / 0B 2
Whereas `docker container stats 67b2525d8ad1` (`67b2525d8ad1` being the ID for
container `foobar`) shows:
CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
67b2525d8ad1 0.00% 1.938MiB / 1.952GiB 0.10% 916B / 0B 4.11MB / 0B 2
This behavior is confusing.
This patch updates the default output format for `docker stats` to use separate
columns for container ID and container Name (similar to `docker container ls`).
With this patch applied, both commands show the same output:
$ docker container stats foobar
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
67b2525d8ad10bb236a49960e93c09993b0baabeef12c2d46cd5f4fbb6f4808c foobar 0.00% 1.938MiB / 1.952GiB 0.10% 1.25kB / 0B 4.11MB / 0B 2
$ docker container stats 67b2525d8ad1
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
67b2525d8ad10bb236a49960e93c09993b0baabeef12c2d46cd5f4fbb6f4808c foobar 0.00% 1.938MiB / 1.952GiB 0.10% 1.31kB / 0B 4.11MB / 0B 2
Users that want to use the old format can configure a custom format in the
cli configuration file (`~/.docker/config.json`);
on Linux:
{
"statsFormat" : "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.MemPerc}}\t{{.NetIO}}\t{{.BlockIO}}\t{{.PIDs}}"
}
on Windows:
{
"statsFormat" : "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.NetIO}}\t{{.BlockIO}}"
}
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The update includes bug fixes in gometalinter and updates to linters, which
discovered more linter problems.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
- Use `require` instead of `assert` when the assumption is "breaking" for the code
following. For example when asserting an error is not nil and then doing
`err.Error` on it ; if `err` is nil, the test will panic instead of fail.
- Use `assert.Len` when possible. The error message is better.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
This adds 'build' to types.go in order for projects that use docker/cli
to parse Docker Compose files to correctly retrieve `build` keys
Signed-off-by: Charlie Drage <charlie@charliedrage.com>
Commit 330a0035334871d92207b583c1c36d52a244753f added a `--detach=false` option
to various service-related commands, with the intent to make this the default in
a future version (17.09).
This patch changes the default to use "interactive" (non-detached), allowing
users to override this by setting the `--detach` option.
To prevent problems when connecting to older daemon versions (17.05 and below,
see commit db60f25561), the detach option is
ignored for those versions, and detach is always true.
Before this change, a warning was printed to announce the upcoming default:
$ docker service create nginx:alpine
saxiyn3pe559d753730zr0xer
Since --detach=false was not specified, tasks will be created in the background.
In a future release, --detach=false will become the default.
After this change, no warning is printed, but `--detach` is disabled;
$ docker service create nginx:alpine
y9jujwzozi0hwgj5yaadzliq6
overall progress: 1 out of 1 tasks
1/1: running [==================================================>]
verify: Service converged
Setting the `--detach` flag makes the cli use the pre-17.06 behavior:
$ docker service create --detach nginx:alpine
280hjnzy0wzje5o56gr22a46n
Running against a 17.03 daemon, without specifying the `--detach` flag;
$ docker service create nginx:alpine
kqheg7ogj0kszoa34g4p73i8q
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Some mild refactoring of the docker info command;
- Use `fmt.Fprinln()` instead of `fmt.Fprintf()` where possible
- Rename `fprintfIfNotEmpty()` to `fprintlnNonEmpty()`, and removed
return variables, because they were not used. `fprintlnNonEmpty()`
now uses fmt.Fprintln()` instead of `fmt.Fprintf()`, because
formatting was not used.
- Use `fprintlnNonEmpty()` to get rid of some `if` statements
- Extract printing Swarm-related information to a `printSwarmInfo()` function
- Change `Http Proxy` and `Https Proxy` to `HTTP Proxy` / `HTTPS Proxy`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
`docker stack deploy` keeps restarting services it doesn't need to (no changes)
because the entries' order gets randomized at some previous (de)serialization.
Maybe it would be worth looking into this at a higher level and ensure
all (de)serialization happens in an ordered collection.
This quick fix sorts secrets and configs (in place, mutably) which ensures the
same order for each run.
Based on
https://github.com/moby/moby/pull/30506
Fixes
https://github.com/moby/moby/issues/34746
Signed-off-by: Peter Nagy <xificurC@gmail.com>
Signed-off-by: French Ben <frenchben@docker.com>
Update for the test to capture the proper removal
Signed-off-by: French Ben <frenchben@docker.com>
Satisfy lint length limit
Signed-off-by: French Ben <frenchben@docker.com>
Updated e2e test
Signed-off-by: French Ben <frenchben@docker.com>
To keep on a consistent behaviour such as in docker-service-ps
if docker-stack-ps didn't find a given stack, the command line
should exit with exit code 1.
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
This patch fixes the following bug:
Running "docker image ls --digests" will add images digests
to the image table. However, when using "format" to display
images digests all of them are "<none>".
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Implement runRollback to not use runUpdate
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Add version tag and add flag quiet to suppress progress output
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Removed flags from warnDetachDefault
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Used command.Cli interface
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Add detach flag on rollback command
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Create a fakeClient for service commands
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Added unit test for rollback command
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Used command.Cli interface instead of *command.DockerCli in service commands
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Revert "Removed flags from warnDetachDefault"
This reverts commit 3e4f601c8a82cc2599a755dc693409bbc47917fc.
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Fixed test.NewFakeCli instanciation
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Removed unused receiver
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Replaced cli by dockerCli
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Revert "Removed unused receiver"
This reverts commit 604ef7c13df3d019949ca81d992db501114dafce.
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
Fixed last typo
Signed-off-by: Jimmy Leger <jimmy.leger@gmail.com>
* Setting "--human=true" changes "CreatedSince" format
* "CreatedAt" now displays the creation timestamp as
specified in the documents
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
The validation functions to test for the number of passed arguments did not
pluralize `argument(s)`, and used `argument(s)` in all cases.
This patch adds a simple `pluralize()` helper to improve this.
Before this change, `argument(s)` was used in all cases:
$ docker container ls foobar
"docker container ls" accepts no argument(s).
$ docker network create one two
"docker network create" requires exactly 1 argument(s).
$ docker network connect
"docker network connect" requires exactly 2 argument(s).
$ docker volume create one two
"docker volume create" requires at most 1 argument(s).
After this change, `argument(s)` is properly singularized or plurarized:
$ docker container ls foobar
"docker container ls" accepts no arguments.
$ docker network create one two
"docker network create" requires exactly 1 argument.
$ docker network connect
"docker network connect" requires exactly 2 arguments.
$ docker volume create one two
"docker volume create" requires at most 1 argument.
Test cases were updated accordingly.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This package will be deprecated/removed from `docker/docker/pkg` and
is mainly used for the cli format options. Let's import it and
maintain here.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
This builds (and depends) on https://github.com/moby/moby/pull/34087
Version 2:
- remove --ipc argument validation (it is now done by daemon)
- add/document 'none' value
- docs/reference/run.md: add a table with better modes description
- dockerd(8) typesetting fixes
Version 3:
- remove ipc mode tests from cli/command/container/opts_test.go
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
When re-deploying a stack without re-resolving the image digest,
the service's ContainerSpec was updated with the image-reference
as specified in the stack/compose file.
As a result, the image-digest that was resolved in a previous
deploy was overwritten, causing the service to be re-deployed.
This patch preserves the previously resolve image-digest
by copying it from the current service spec.
A unit test is also added to verify that the image information
in the service spec is not updated if QueryRegistry is disabled.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Some network environments may have NATs, proxies, or gateways which
kill idle connections. There are many Docker API operations which may
be idle for long periods of time (such as ContainerWait and ContainerAttach)
and may result in unexpected connection closures or hangs if TCP keepalives
are not used.
This patch updates the default HTTP transport used by the Docker client
package to enable TCP Keep-Alive with a keep-alive interval of 30 seconds.
It also sets a connect timeout of 30 seconds.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Ports that were picked from the ephemeral port range
were presented as `*:0->80/tcp`.
This patch changes the presentation to use the
actually assigned port, instead of the port specified
in `Endpoint.Spec` (which is always empty/zero (`0`))
Before this change;
ID NAME MODE REPLICAS IMAGE PORTS
5d44i665qj66 with-random-port replicated 1/1 nginx:alpine *:0->80/tcp
After this change;
ID NAME MODE REPLICAS IMAGE PORTS
5d44i665qj66 with-random-port replicated 1/1 nginx:alpine *:30000->80/tcp
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Change to enable volume name can be customized.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Change to enable volume name can be customized.
Remove unused debug info.
Address comments from Daniel and solve the lint error.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address Daniel's comments to print warning message when name of external volume is set in loader code.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address Daniel's comments to return error when external volume is set in loader code.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address Daniel's comments to return error when external volume is set in loader code.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Remove the case that specifying external volume name in full-example.yml.
More fix.
Add unit test.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address comments from Daniel, move the schema change to v3.4.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address comments from Sebastiaan. Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address comments from Misty.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
The "until" filter is supported by all object types, except for
volumes.
Before this patch, the "until" filter would attempted to be used for the volume
prune endpoint, resulting in an error being returned by the daemon, and
further prune endpoints (networks, images) to be skipped.
$ docker system prune --filter until=24h --filter label=label.foo=bar
WARNING! This will remove:
- all stopped containers
- all volumes not used by at least one container
- all networks not used by at least one container
- all dangling images
Are you sure you want to continue? [y/N] y
Error response from daemon: Invalid filter 'until'
Calling POST /v1.30/containers/prune?filters=%7B%22label%22%3A%7B%22label.foo%3D%3Dbar%22%3Atrue%7D%2C%22until%22%3A%7B%2224h%22%3Atrue%7D%7D
Calling POST /v1.30/volumes/prune?filters=%7B%22label%22%3A%7B%22label.foo%3D%3Dbar%22%3Atrue%7D%2C%22until%22%3A%7B%2224h%22%3Atrue%7D%7D
Handler for POST /v1.30/volumes/prune returned error: Invalid filter 'until'
Error response from daemon: Invalid filter 'until'
With this patch, an error is produced instead, preventing "partial" prune.
$ docker system prune --filter until=24h --filter label=foo==bar --volumes
ERROR: The "until" filter is not supported with "--volumes"
Note that `docker volume prune` does not have this problem, and produces an
error if the `until` filter is used;
$ docker volume prune --filter until=24h
WARNING! This will remove all volumes not used by at least one container.
Are you sure you want to continue? [y/N] y
Error response from daemon: Invalid filter 'until'
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Adapt "image prune" and "build cache prune" to have
the same signature as the other prune commands, so
that they can all be added to the "pruneFuncs" array.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit changes the order stacks and nodes are displayed.
For example, running "docker stack ls" is expected to
display the following list:
NAME SERVICES
service-1 1
service-2 1
service-10 1
However, currently this is what is printed:
NAME SERVICES
service-1 1
service-10 1
service-2 1
To fix this, "docker stack ls" and "docker node ls" are using
natural sorting to make it more human readable.
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
Also update gometalinter to use the official version. The update
found some new gosimple errors, which are fixed.
Also update the filewatcher script for the latest version of filewatcher.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
This:
* conflicts with --password (naturally)
* conflicts with the absence of --username (both can't be grabbed by the
stdin)
* strips a trailing newline off the password if it exists
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
When running `docker stack rm <some stack>` against an older daemon,
a warning was printed for "configs" being ignored;
WARNING: ignoring "configs" (requires API version 1.30, but the Docker daemon API version is 1.26)
Given that an old daemon cannot _have_ configs, there should not be
a need to warn, or _attempt_ to remove these resources.
This patch removes the warning, and skips fetching (and removing)
configs.
A check if _secrets_ are supported by the daemon is also added,
given that this would result in an error when attempted against
an older (pre 1.13) daemon.
There is one situation where this could lead to secrets or
configs being left behind; if the client is connecting to a
daemon that _does_ support secrets, configs, but the API version
is overridden using `DOCKER_API_VERSION`, no warning is printed,
and secrets and configs are not attempted to be removed.
Given that `DOCKER_API_VERSION` is regarded a feature for
debugging / "power users", it should be ok to ignore this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Yassine TIJANI <yasstij11@gmail.com>
moving the deffering of the close after the error checking
Signed-off-by: Yassine TIJANI <yasstij11@gmail.com>
fixing SIGSEGV when running containers
Signed-off-by: Yassine TIJANI <yasstij11@gmail.com>
The `err` variable was set in a loop, so only
the last result was taken into account to return
"failure" or not.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>