Commit Graph

800 Commits

Author SHA1 Message Date
Tibor Vass 3dfacb55a4
build: only show buildkit-specific flags if buildkit is enabled
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit bbd01fe3df)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-12 00:16:48 +02:00
Akihiro Suda e942084530
build: add SSH agent socket forwarder (`docker build --ssh $SSHMOUNTID=$SSH_AUTH_SOCK`)
Unlike `docker build --secret`, `docker build --ssh` allows the build container to
use SSH keys with passphrases.

  $ eval $(ssh-agent)
  $ ssh-add ~/.ssh/id_rsa
  (Input your passphrase here)
  $ docker build --ssh default=$SSH_AUTH_SOCK ...

This feature requires the daemon with `CapExecMountSSH` build capability (moby/moby#37973) .

Currently, the official Dockerfile frontend does not provide the syntax for using the SSH forwarder.

However, the experimental `RUN --mount=type=ssh` syntax can be enabled by using
the Dockerfile frontend image built with the `BUILDTAGS="dfrunmount dfssh"`, via the `# syntax =` "shebang".

The Dockerfile for the Dockerfile frontend is available at  github.com/moby/buildkit/frontend/dockerfile/cmd/dockerfile-frontend)
The pre-built image is also available as `tonistiigi/dockerfile:ssh20181002` .

An example Dockerfile with `RUN --mount=type=ssh`:

  # syntax = tonistiigi/dockerfile:ssh20181002
  FROM alpine
  RUN apk add --no-cache openssh-client
  RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
  RUN --mount=type=ssh ssh git@gitlab.com | tee /hello
  # "Welcome to GitLab, @GITLAB_USERNAME_ASSOCIATED_WITH_SSHKEY" should be printed here

More info available at moby/buildkit#608, moby/buildkit#655

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
(cherry picked from commit db7399a016)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-12 00:16:42 +02:00
Akihiro Suda 50f529fa47
bump up buildkit
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
(cherry picked from commit 846c38cbd7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-10-12 00:16:38 +02:00
Sebastiaan van Stijn 4280972d65
Merge pull request #1402 from AkihiroSuda/fix-kill-warning-1809
[18.09] backport connhelper: try sending SIGTERM before SIGKILL
2018-10-04 16:53:57 +02:00
Daniel Hiltgen 92932647d3 Add test coverage for display only with hub licenses
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2018-10-02 11:21:22 -07:00
Daniel Hiltgen dee37936e5 Fix panic in display only case for license
Prior refactoring passes missed a corner case.

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2018-10-02 10:24:16 -07:00
Daniel Hiltgen f2b2061cc3 Remove unused helath check func
During the refactoring for 18.09 the activate/update flows no longer
restart the engine explicitly but let the user do that when they're ready,
so the health check logic is no longer required.

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2018-10-01 15:12:09 -07:00
Akihiro Suda 4925fd9c34 connhelper: try sending SIGTERM before SIGKILL
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
(cherry picked from commit acbb0eb6da)
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-09-30 10:01:20 +09:00
Daniel Hiltgen c12e23a4c1 Refine how metadata dir is handled
This is a follow up PR to #1381 to address some of the review comments
we didn't get to.

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2018-09-28 14:14:13 -07:00
Andrew Hsu a7488d1bcd use gotest.tools/fs for TestActivateExpiredLicenseDryRun
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
2018-09-28 20:50:43 +00:00
Daniel Hiltgen 5a97a93ae1 Expose licensing details before loading
Help the user understand which license they're about
to load in case they have multiple licenses they need to
figure out.

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2018-09-28 20:50:43 +00:00
Sebastiaan van Stijn 0b11120060
Merge pull request #1394 from thaJeztah/18.09_backport_
[18.09] backport fix substitution with non-empty env-var
2018-09-26 15:33:01 +02:00
Silvin Lubecki e57b20642d
Merge pull request #1342 from tonistiigi/1809-fix-os-race
[18.09] backport connhelper: fix cmd.Wait() race
2018-09-26 15:30:00 +02:00
Sebastiaan van Stijn b8702b8a9a
Fix substitution with non-empty env-var
Due to a typo, substitution would not work if the given
environment-variable was set.

Given the following docker compose file;

```yaml
version: "3.7"

services:
  app:
    image: nginx:${version:-latest}
```

Deploying a stack with `$version` set would ignore the `$version`
environment variable, and use the default value instead;

```bash
version=alpine docker stack deploy -c docker-compose.yml foobar

Creating network foobar_default
Creating service foobar_app

docker service ls

ID                  NAME                MODE                REPLICAS            IMAGE               PORTS
rskkjxe6sm0w        foobar_app          replicated          1/1                 nginx:latest
```

This patch also fixes "soft default" not detecting empty environment variables,
only non-set environment variables.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ec3daea021)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-09-26 15:20:15 +02:00
Tibor Vass 9de1318e36 system/df: allow -v with --format
This allows to provide more information for build cache disk usage.

Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit a90b99edfc)
Signed-off-by: Tibor Vass <tibor@docker.com>
2018-09-22 01:33:03 +00:00
Andrew Hsu 19e1ab273e
Merge pull request #1381 from dhiltgen/revamp_18.09
[18.09] `docker engine` updates
2018-09-21 15:12:54 -07:00
Daniel Hiltgen 6004d74b1f Fix lint glitches
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2018-09-21 11:01:17 -07:00
Daniel Hiltgen f250152bf4 Review comments
Address code review comemnts and purge additional dead code.

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2018-09-20 12:01:20 -07:00
Christy Norman f9d666b057
fix insecure manifest inspect with restrictive certs perms
If, for some reason, the certs directory has permissions that are
inaccessible by docker, we should still be able to fetch manifests using
the `insecure` flag.

Since the cli doesn't access the engine's list of insecure registries,
the registry client should make a singleton list of the registry being queried with the
`insecure` flag.

Closes #1358

Signed-off-by: Christy Norman <christy@linux.vnet.ibm.com>
(cherry picked from commit d57adbc034)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-09-20 19:53:10 +02:00
Daniel Hiltgen 342afe44fb Refined engine implementations
Adapt the CLI to the host install model for 18.09.

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2018-09-19 20:10:31 -07:00
Michael Crosby cfec8027ed Install binaries on host for upgrade
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2018-09-19 19:06:28 -07:00
John Howard dd2f13bed4
LCOW: --platform on import (already in API)
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit b55a0b681f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-09-14 14:26:39 +02:00
Daniel Hiltgen 3597d75281
Prefix engine repo with store
The official access point for the Q3 engine images will
be prefixed by store.

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-09-12 13:43:04 +02:00
Vincent Demeester 5673816fec
Merge pull request #1364 from thaJeztah/18.09-backport_contains-containerized
[18.09] backport: remove containerizedengine package dependency from docker/cli/command…
2018-09-12 08:55:12 +02:00
Vincent Demeester fc3dc8f058
Remove containerizedengine package dependency from docker/cli/command…
… this removes a whole lot of dependencies from people depending on docker/cli…

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 2d344b2f61)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-09-11 17:01:02 +02:00
Vincent Demeester 2a46a3d46c
Add `docker engine` commands only on Linux…
… this is, for now, the only platform that is supported

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit a3a955f204)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-09-11 16:57:54 +02:00
Akihiro Suda b2cf18ac2e connhelper: fix cmd.Wait() race
Fix #1336

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
(cherry picked from commit a22853e64d)
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-09-05 16:03:41 -07:00
Tibor Vass 3c37d6a034 system df: show table output for build cache
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit ca608c2302)
Signed-off-by: Tibor Vass <tibor@docker.com>
2018-09-05 03:33:30 +00:00
Tibor Vass 9d43f1ed48 build: add options to builder prune
This patch adds --filter, --keep-storage, --all and --force to builder prune.

Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit c806eb49c9)
Signed-off-by: Tibor Vass <tibor@docker.com>
2018-09-05 03:33:30 +00:00
Daniel Hiltgen 68be7cb376 Expose product license in info output
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2018-08-28 20:10:09 -07:00
Sebastiaan van Stijn a500c394df
Move "session" support out of experimental for API 1.39 and up
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-08-22 00:51:19 +02:00
Sebastiaan van Stijn 60c75fda67
Remove "experimental" annotations for buildkit
BuildKit can now be enabled without the daemon having
experimental features enabled.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-08-22 00:38:59 +02:00
Sebastiaan van Stijn 3c27ce21c9
Use warnings provided by daemon
Warnings are now generated by the daemon, and returned as
part of the /info API response.

If warnings are returned by the daemon; use those instead
of generating them locally.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-08-21 22:29:57 +02:00
selansen 587a94c935 Global Default Address Pool feature support
This feature brings new attribute/option for swarm init command.
default-addr-pool will take string input which can be in below format.
"CIDR,CIDR,CIDR...:SUBNET-SIZE".
Signed-off-by: selansen <elango.siva@docker.com>
2018-08-21 14:34:00 -04:00
Anda Xu acf43b62b5 vendor dependency
Signed-off-by: Anda Xu <anda.xu@docker.com>
2018-08-20 15:32:25 -07:00
Anda Xu ef09ca8987 enable buildkit as builder from daemon; no env var needs to be set
Signed-off-by: Anda Xu <anda.xu@docker.com>
2018-08-20 11:59:39 -07:00
Daniel Hiltgen fd2f1b3b66 Add engine commands built on containerd
This new collection of commands supports initializing a local
engine using containerd, updating that engine, and activating
the EE product

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2018-08-20 09:42:05 -07:00
mmacy c11acddfb5 [WIP] fix trust inspect typo 'AdminstrativeKeys'
Signed-off-by: mmacy <marsma@microsoft.com>
2018-08-19 17:57:04 -07:00
Andrew Hsu f472a1a480
Merge pull request #1296 from tiborvass/build-progress-flag-no-api-requirement
build: Remove API requirement for --progress as it is CLI only
2018-08-17 18:31:25 -07:00
Andrew Hsu b3d8c5deda
Merge pull request #1295 from tiborvass/cmd-builder-prune-no-options
builder: Implement `builder prune` to prune build cache
2018-08-17 18:28:37 -07:00
Tibor Vass 50f918801f build: Remove API requirement for --progress as it is CLI only
Signed-off-by: Tibor Vass <tibor@docker.com>
2018-08-17 16:24:02 +00:00
Tibor Vass f597f2d026 Add new `builder` subcommand and implement `builder prune` to prune build cache.
This patch adds a new builder subcommand, allowing to add more builder-related
commands in the future. Unfortunately `build` expects an argument so could not
be used as a subcommand.

This also implements `docker builder prune`, which is needed to prune the builder
cache manually without having to call `docker system prune`.

Today when relying on the legacy builder, users are able to prune dangling images
(used as build cache) by running `docker image prune`. This patch allows the
same usecase with buildkit.

Signed-off-by: Tibor Vass <tibor@docker.com>
2018-08-17 15:18:18 +00:00
Tibor Vass c4c4825591 build: implement build secrets with buildkit
This patch implements `docker build --secret id=mysecret,src=/secret/file`
for buildkit frontends that request the mysecret secret.

It is currently implemented in the tonistiigi/dockerfile:secrets20180808
frontend via RUN --mount=type=secret,id=mysecret

Signed-off-by: Tibor Vass <tibor@docker.com>
2018-08-17 14:01:32 +00:00
Tibor Vass 964173997d
Merge pull request #1276 from tiborvass/buildkit-progress-flag
build: change --console=[auto,false,true] to --progress=[auto,plain,tty]
2018-08-15 20:42:47 -07:00
Brian Goff e92614a175
Merge pull request #1014 from AkihiroSuda/connhelper-sshonly
support SSH connection
2018-08-14 15:12:06 -07:00
Arash Deshmeh 340e4ee8e5 refactor stack ps tests to table-driven
Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com>
2018-08-10 15:13:45 -04:00
Silvin 3a3e720f91
Merge pull request #1283 from adshmh/refactor-trust-revoke-tests
refactor trust revoke command unit tests
2018-08-10 11:03:58 +02:00
Vincent Demeester 560b0cd863
Merge pull request #1280 from adshmh/refactor-trust-inspect-tests
refactor trust inspect command unit tests
2018-08-10 10:37:53 +02:00
Arash Deshmeh 984d76b9dd refactored trust revoke command unit tests to use table-driven style
Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com>
2018-08-09 15:58:54 -04:00
Arash Deshmeh f8f0d72cf9 refactor trust inspect command unit tests to table-driven style
Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com>
2018-08-08 13:50:00 -04:00