Commit Graph

610 Commits

Author SHA1 Message Date
Vincent Demeester d3d8379a16 Merge pull request #29806 from albers/fix-plugin-inspect-usage
Fix usage message of `plugin inspect`
2017-01-02 19:30:24 +01:00
Vincent Demeester b5bc69238c Remove deadcode from `service/opts.go`, `SecretOpt`
`SecretOpt` is in the `opts` package, this one is never used, so it's
dead code, removing it 👼.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-02 11:19:33 +01:00
Harald Albers 87fea846fc Fix usage message of `plugin inspect`
Signed-off-by: Harald Albers <github@albersweb.de>
2016-12-31 09:55:04 -08:00
Sebastiaan van Stijn edeb5b6e0d Update order of '--secret-rm' and '--secret-add'
When using both `--secret-rm` and `--secret-add` on `docker service update`,
`--secret-rm` was always performed last. This made it impossible to update
a secret that was already in use on a service (for example, to change
it's permissions, or mount-location inside the container).

This patch changes the order in which `rm` and `add` are performed,
allowing updating a secret in a single `docker service update`.

Before this change, the `rm` was always performed "last", so the secret
was always removed:

    $ echo "foo" | docker secret create foo -f -
    foo

    $ docker service create --name myservice --secret foo nginx:alpine
    62xjcr9sr0c2hvepdzqrn3ssn

    $ docker service update --secret-rm foo --secret-add source=foo,target=foo2 myservice
    myservice

    $ docker service inspect --format '{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}' myservice | jq .
    null

After this change, the `rm` is performed _first_, allowing users to
update a secret without updating the service _twice_;

    $ echo "foo" | docker secret create foo -f -
    1bllmvw3a1yaq3eixqw3f7bjl

    $ docker service create --name myservice --secret foo nginx:alpine
    lr6s3uoggli1x0hab78glpcxo

    $ docker service update --secret-rm foo --secret-add source=foo,target=foo2 myservice
    myservice

    $ docker service inspect --format '{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}' myservice | jq .

    [
      {
        "File": {
          "Name": "foo2",
          "UID": "0",
          "GID": "0",
          "Mode": 292
        },
        "SecretID": "tn9qiblgnuuut11eufquw5dev",
        "SecretName": "foo"
      }
    ]

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-12-31 14:55:29 +01:00
Tõnis Tiigi 1eedfcf0ce Merge pull request #29609 from dnephin/add-compose-file-package
Replace the vendored aanand/compose-file with a local copy
2016-12-29 15:12:59 -08:00
Sebastiaan van Stijn 2e880dd199 Merge pull request #29683 from vdemeester/runconfig-clean
Clean some stuff from runconfig that are cli only…
2016-12-29 17:42:08 +01:00
Vincent Demeester 734f695b29 Merge pull request #29687 from thaJeztah/cleanup-cli-command-container
Minor cleanups in cli/command/container
2016-12-29 09:31:46 +01:00
Daniel Nephin 48930c8bbf Read long description from a file.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2016-12-28 16:08:23 -05:00
Alexander Morozov 6b5ddb5cf8 Merge pull request #29313 from vdemeester/move-cli-config
Move package cliconfig to cli/config
2016-12-28 09:05:51 -08:00
Brian Goff 2a66659625 Merge pull request #29668 from dmcgowan/plugins-dct
Support Docker Content Trust for plugins
2016-12-28 10:43:32 -05:00
Doug Davis c27216af3d Merge pull request #29752 from allencloud/fix-nits-in-comments
fix nits in comments
2016-12-28 08:33:48 -05:00
Daniel Nephin 52c0157036 Replace vendor of aanand/compose-file with a local copy.
Add go-bindata for including the schema.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2016-12-27 16:17:24 -05:00
Derek McGowan fcaa89f296 Support for docker content trust for plugins
Add integration test for docker content trust

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-12-27 12:51:00 -08:00
Brian Goff d4404e6d1c Merge pull request #29666 from tonistiigi/client-deps
Clean up client binary dependencies
2016-12-27 15:01:24 -05:00
Brian Goff 0f686b1e45 Merge pull request #29716 from yongtang/28885-docker-stack-ps-all
Remove `docker stack ps -a` to match removal of `docker service/node ps -a`
2016-12-27 13:56:01 -05:00
allencloud 4e68d651b3 fix nits in comments
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-12-27 23:30:50 +08:00
Tonis Tiigi c41bfce39a Move builder cli helper functions to own pkg
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-12-26 18:53:22 -08:00
Tonis Tiigi bcc61e1300 Define PushResult in api types
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-12-26 18:53:22 -08:00
Yong Tang 65be5677bd Remove `docker stack ps -a` to match removal of `docker service/node ps -a`
In #28507 and #28885, `docker service/node ps -a` has been removed so that
information about slots are show up even without `-a` flag.

The output of `docker stack ps` reused the same output as `docker service/node ps`.
However, the `-a` was still there. It might make sense to remove `docker stack ps -a`
as well to bring consistency with `docker service/node ps`.

This fix is related to #28507, #28885, and #25983.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-12-26 13:47:43 -08:00
allencloud 3e7dca7900 split function out of command description scope
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-12-26 13:50:00 +08:00
Sebastiaan van Stijn f459796896 Minor cleanups in cli/command/container
This change does some minor cleanups in the
cli/command/container package;

- sort imports
- replace `fmt.Fprintf()` with `fmt.Fprintln()` if no formatting is used
- replace `fmt.Errorf()` with `errors.New()` if no formatting is used
- remove some redundant `else`'s

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-12-26 01:33:25 +01:00
Vincent Demeester bfe47a124a Move package cliconfig to cli/config
I felt it made more sence 👼

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-12-25 20:31:52 +01:00
Vincent Demeester 6726879382 Clean some stuff from runconfig that are cli only…
… or could be in `opts` package. Having `runconfig/opts` and `opts`
doesn't really make sense and make it difficult to know where to put
some code.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-12-24 13:16:00 +01:00
Tonis Tiigi 2825296deb Implement content addressability for plugins
Move plugins to shared distribution stack with images.

Create immutable plugin config that matches schema2 requirements.

Ensure data being pushed is same as pulled/created.

Store distribution artifacts in a blobstore.

Run init layer setup for every plugin start.

Fix breakouts from unsafe file accesses.

Add support for `docker plugin install --alias`

Uses normalized references for default names to avoid collisions when using default hosts/tags.

Some refactoring of the plugin manager to support the change, like removing the singleton manager and adding manager config struct.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2016-12-23 13:29:58 -08:00
Anusha Ragunathan ae76b43227 Merge pull request #29599 from anusha-ragunathan/refcount
Enforce zero plugin refcount during disable, not remove.
2016-12-22 15:38:54 -08:00
Anusha Ragunathan bf3250ae0a Enforce zero plugin refcount during disable.
When plugins have a positive refcount, they were not allowed to be
removed. However, plugins could still be disabled when volumes
referenced it and containers using them were running.

This change fixes that by enforcing plugin refcount during disable.
A "force" disable option is also added to ignore reference refcounting.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-12-22 13:26:53 -08:00
Yong Tang d04375bd4a Support multiple service IDs on "docker service ps"
This fix tries to address issue raised in 25228 to support
multiple service IDs on `docker service ps`.

Multiple IDs are allowed with `docker service ps ...`, and
related documentation has been updated.

A test has been added to cover the changes.

This fix fixes 25228.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-12-22 11:33:47 -08:00
Sebastiaan van Stijn 6c1299e819 Merge pull request #29314 from vdemeester/no-more-utils
Remove the utils package
2016-12-22 15:21:05 +01:00
Vincent Demeester ea51e6159f Merge pull request #29603 from mstanleyjones/docker_diff_improvements
Clarify what docker diff shows
2016-12-22 15:15:01 +01:00
Vincent Demeester 8cc02f31eb Merge pull request #29565 from yuexiao-wang/fix-typo-tls
Change tls to TLS
2016-12-22 12:10:09 +01:00
Brian Goff 9b17b8ea18 Merge pull request #29212 from yongtang/29185-docker-inspect
Fix `docker plugin inspect <unkown object>` issue on Windows
2016-12-21 15:47:17 -05:00
Brian Goff 63677ef495 Merge pull request #28714 from thaJeztah/move-logdriver-check-to-daemon
move check for supported drivers to daemon
2016-12-21 13:47:30 -05:00
Brian Goff b373d1b81e Merge pull request #29491 from yongtang/12162016-stats-error
Improve error output for `docker stats ...`
2016-12-21 13:19:20 -05:00
Brian Goff a4be350fb0 Merge pull request #29527 from allencloud/change-minor-mistake
change minor mistake of spelling
2016-12-21 13:15:00 -05:00
Yong Tang 86a07d3fec Fix `docker plugin inspect <unkown object>` issue on Windows
This fix is a follow up for comment:
https://github.com/docker/docker/pull/29186/files#r91277345

While #29186 addresses the issue of `docker inspect <unknown object>`
on Windows, it actually makes `docker plugin inspect <unknown object>`
out `object not found` on Windows as well. This is actually misleading
as plugin is not supported on Windows.

This fix reverted the change in #29186 while at the same time,
checks `not supported` in `docker inspect <unknown object>` so that
- `docker plugin inspect <unknown object>` returns `not supported` on Windows
- `docker inspect <unknown object>` returns `not found` on Windows

This fix is related to #29186 and #29185.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-12-20 21:05:10 -08:00
Misty Stanley-Jones 606a16a07d Clarify what docker diff shows
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2016-12-20 17:03:11 -08:00
Tibor Vass df760c86cf Merge pull request #29470 from cyli/ask-for-unlock-key-only-if-locked
Check if a swarm is locked before asking a user to enter their unlock key
2016-12-20 13:21:47 -08:00
yuexiao-wang 1e7c22c80a Change tls to TLS
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2016-12-20 22:08:07 +08:00
allencloud 3c8d009c7a change minor mistake of spelling
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-12-20 21:05:19 +08:00
Yong Tang 23ab849f06 Fix misleading default for `--replicas`
This fix tries to address the issue raised in 29291 where
the output of `--replicas` in `service create/update`:
```
      --replicas uint                    Number of tasks (default none)
```
is misleading. User might incorrectly assume the number of replicas
would be `0` (`none`) by default, while the actual default is `1`.

The issue comes from the fact that some of the default values are
from daemon and it is not possible for client to find out the default
value.

In this case, it might be better to just simply not displaying `(default none)`.

This fix returns "" for `Uint64Opt` so that `(default none)` is hidden.

In addition to `--replicas`, this fix also changes
`--restart-delay`, `--restart-max-attempts`, `--stop-grace-period`,
`--health-interval`, `--health-timeout`, and `--restart-window`
in a similiar fashion.

New Output:
```
      --health-interval duration         Time between running the check (ns|us|ms|s|m|h)
      --health-timeout duration          Maximum time to allow one check to run (ns|us|ms|s|m|h)
...
      --replicas uint                    Number of tasks
...
      --restart-delay duration           Delay between restart attempts (ns|us|ms|s|m|h)
      --restart-max-attempts uint        Maximum number of restarts before giving up
      --restart-window duration          Window used to evaluate the restart policy (ns|us|ms|s|m|h)
...
      --stop-grace-period duration       Time to wait before force killing a container (ns|us|ms|s|m|h)
```

The docs has been updated. Note the docs for help output of `service create/update`
is out of sync with the current master. This fix replace with the update-to-date
help output.

This fix fixes 29291.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-12-19 19:35:05 -08:00
Tibor Vass 285710d3c8 Merge pull request #29246 from thaJeztah/improve-swarm-check-in-inspect
Ignore certificate expiry error for top-level inspect
2016-12-19 15:37:53 -08:00
Tõnis Tiigi 91f9b72481 Merge pull request #29339 from dmcgowan/plugins-abstract-download-manager
Abstract layerstore from pull/push distribution code
2016-12-19 13:32:28 -08:00
Derek McGowan 476adcfd20 Abstract distribution interfaces from image specific types
Move configurations into a single file.
Abstract download manager in pull config.
Add supports for schema2 only and schema2 type checking.
Add interface for providing push layers.
Abstract image store to generically handle configurations.

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2016-12-19 10:55:00 -08:00
Sebastiaan van Stijn 8246c49498 remove client-side for supported logging drivers
The `docker logs` command performed a
client-side check if the container's
logging driver was supported.

Now that we allow the client to connect
to both "older" and "newer" daemon versions,
this check is best done daemon-side.

This patch remove the check on the client
side, and leaves validation to the daemon,
which should be the source of truth.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-12-19 14:30:01 +01:00
Sebastiaan van Stijn 1f57f07070 Improve validation for volume specs
The current validation only checked for the
number of elements in the volume-spec, however,
did not validate if the elements were empty.

Because of this, an empty volume-spec (""),
or volume spec only containing separators ("::")
would not be invalidated.

This adds a simple check for empty elements in
the volume-spec, and returns an error if
the spec is invalid.

A unit-test is also added to verify the behavior.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-12-19 01:50:08 +01:00
Sebastiaan van Stijn bc4590fd7d fix conversion of anonymous volumes in compose-file
the `convertVolumeToMount()` function did not take
anonymous volumes into account when converting
volume specifications to bind-mounts.

this resulted in the conversion to try to
look up an empty "source" volume, which
lead to an error;

    undefined volume:

this patch distinguishes "anonymous"
volumes from bind-mounts and named-volumes,
and skips further processing if no source
is defined (i.e. the volume is "anonymous").

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-12-18 16:50:32 +01:00
Sebastiaan van Stijn a3c24bf450 Merge pull request #28629 from yongtang/28581-secret-create-input
Add `--file` flag for `docker secret create` command
2016-12-18 03:04:10 +01:00
Yong Tang c6b3fcbe32 Improve error output for `docker stats ...`
While looking into `docker stats <c1> <c2> ...` I noticed that
the error output is quite long, especially if there are multiple errors:
```sh
ubuntu@ubuntu:~/docker$ docker stats nofound
: Error response from daemon: No such container: nofound
ubuntu@ubuntu:~/docker$ docker stats nofound foo bar
: Error response from daemon: No such container: nofound, : Error response from daemon: No such container: foo, : Error response from daemon: No such container: bar
```

There are several issues,
1. There is an extra `: ` at the beginning. That is because if container is not found,
the name will not be available from the daemon.
2. Multiple errors are concatenated with `, ` which will be quite long.

This fix:
1. Only prient out the error from daemon.
2. Multiple errors are printed out line by line.

Below is the new output:
```sh
ubuntu@ubuntu:~/docker$ docker stats nofound
Error response from daemon: No such container: nofound
ubuntu@ubuntu:~/docker$ docker stats nofound foo bar
Error response from daemon: No such container: nofound
Error response from daemon: No such container: foo
Error response from daemon: No such container: bar
```

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-12-17 16:51:11 -08:00
Sebastiaan van Stijn fc1222118d Merge pull request #29423 from unclejack/api_cli_integ_return
return directly without ifs in remaining packages
2016-12-17 21:30:47 +01:00
Ying Li e4102ce61e Before asking a user for the unlock key when they run `docker swarm unlock`, actually
check to see if the node is part of a swarm, and if so, if it is unlocked first.
If neither of these are true, abort the command.

Signed-off-by: Ying Li <ying.li@docker.com>
2016-12-16 17:16:55 -08:00