Commit Graph

1339 Commits

Author SHA1 Message Date
Tibor Vass cec8723d8c
Merge pull request #2656 from thaJeztah/bump_buildkit
vendor: buildkit 4d1f260e8490ec438ab66e08bb105577aca0ce06
2020-09-10 17:43:42 -04:00
Tibor Vass 7836597b3d
Merge pull request #2712 from thaJeztah/carry_2660_ulimits
Add ulimits support to docker service and docker stack deploy (carry 2660)
2020-09-10 15:40:25 -04:00
Albin Kerouanton 940907951b
Support ulimits in docker stack deploy
This is related to moby/moby 40639.

Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-10 14:59:02 +02:00
Albin Kerouanton a9158bdc50
Add ulimits option to docker service create/update/inspect
This is related to moby/moby 40639.

Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-10 14:41:33 +02:00
Sebastiaan van Stijn 23660be600
Service cap-add/cap-drop: add special "RESET" value
This implements a special "RESET" value that can be used to reset the
list of capabilities to add/drop when updating a service.

Given the following service;

| CapDrop        | CapAdd        |
| -------------- | ------------- |
| CAP_SOME_CAP   |               |

When updating the service, and applying `--cap-drop RESET`, the "drop" list
is reset to its default:

| CapDrop        | CapAdd        |
| -------------- | ------------- |
|                |               |

When updating the service, and applying `--cap-drop RESET`, combined with
`--cap-add CAP_SOME_CAP` and `--cap-drop CAP_SOME_OTHER_CAP`:

| CapDrop        | CapAdd        |
| -------------- | ------------- |
| CAP_FOO_CAP    | CAP_SOME_CAP  |

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-10 11:14:38 +02:00
Sebastiaan van Stijn 7edc00d808
vendor: buildkit 4d1f260e8490ec438ab66e08bb105577aca0ce06
full diff: df35e9818d...4d1f260e84

- moby/buildkit#1551 session: track sessions with a group construct
- moby/buildkit#1534 secrets: allow providing secrets with env
- moby/buildkit#1533 git: support for token authentication
- moby/buildkit#1549 progressui: fix logs time formatting

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-09 15:19:02 +02:00
Sebastiaan van Stijn 95037299cb
Service cap-add/cap-drop: handle updates as "tri-state"
Adding/removing capabilities when updating a service is considered a tri-state;

- if the capability was previously "dropped", then remove it from "CapabilityDrop",
  but do NOT add it to "CapabilityAdd". However, if the capability was not yet in
  the service's "CapabilityDrop", then simply add it to the service's "CapabilityAdd"
- likewise, if the capability was previously "added", then remove it from
  "CapabilityAdd", but do NOT add it to "CapabilityDrop". If the capability was
  not yet in the service's "CapabilityAdd", then simply add it to the service's
  "CapabilityDrop".

In other words, given a service with the following:

| CapDrop        | CapAdd        |
| -------------- | ------------- |
| CAP_SOME_CAP   |               |

When updating the service, and applying `--cap-add CAP_SOME_CAP`, the previously
dropped capability is removed:

| CapDrop        | CapAdd        |
| -------------- | ------------- |
|                |               |

When updating the service a second time, applying `--cap-add CAP_SOME_CAP`,
capability is now added:

| CapDrop        | CapAdd        |
| -------------- | ------------- |
|                | CAP_SOME_CAP  |

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-08 14:42:39 +02:00
Sebastiaan van Stijn 190c64b415
Service cap-add/cap-drop: improve handling of combinations and special "ALL" value
When creating and updating services, we need to avoid unneeded service churn.

The interaction of separate lists to "add" and "drop" capabilities, a special
("ALL") capability, as well as a "relaxed" format for accepted capabilities
(case-insensitive, `CAP_` prefix optional) make this rather involved.

This patch updates how we handle `--cap-add` / `--cap-drop` when  _creating_ as
well as _updating_, with the following rules/assumptions applied:

- both existing (service spec) and new (values passed through flags or in
  the compose-file) are normalized and de-duplicated before use.
- the special "ALL" capability is equivalent to "all capabilities" and taken
  into account when normalizing capabilities. Combining "ALL" capabilities
  and other capabilities is therefore equivalent to just specifying "ALL".
- adding capabilities takes precedence over dropping, which means that if
  a capability is both set to be "dropped" and to be "added", it is removed
  from the list to "drop".
- the final lists should be sorted and normalized to reduce service churn
- no validation of capabilities is handled by the client. Validation is
  delegated to the daemon/server.

When deploying a service using a docker-compose file, the docker-compose file
is *mostly* handled as being "declarative". However, many of the issues outlined
above also apply to compose-files, so similar handling is applied to compose
files as well to prevent service churn.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-08 14:38:35 +02:00
Albin Kerouanton c6ec4e081e
service: Add --cap-add & --cap-drop to service cmds
Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
2020-09-08 14:24:55 +02:00
Olli Janatuinen 0db61ff6da
stack: Support cap_add and cap_drop on services
Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
2020-09-08 14:24:52 +02:00
Sebastiaan van Stijn dace8fdc75
formatter: reduce minimum width for columns in table-view
The tabwriter was configured to have a min-width for columns of 20 positions.
This seemed quite wide, and caused smaller columns to be printed with a large
gap between.

Before:

    docker container stats

    CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O           PIDS
    29184b3ae391        amazing_shirley     0.00%               800KiB / 1.944GiB     0.04%               1.44kB / 0B         0B / 0B             1
    403c101bad56        agitated_swartz     0.15%               34.31MiB / 1.944GiB   1.72%               10.2MB / 206kB      0B / 0B             51
    0dc4b7f6c6be        container2          0.00%               1.012MiB / 1.944GiB   0.05%               12.9kB / 0B         0B / 0B             5
    2d99abcc6f62        container99         0.00%               972KiB / 1.944GiB     0.05%               13kB / 0B           0B / 0B             5
    9f9aa90173ac        foo                 0.00%               820KiB / 1.944GiB     0.04%               13kB / 0B           0B / 0B             5

    docker container ls

    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
    29184b3ae391        docker-cli-dev      "ash"                    4 hours ago         Up 4 hours                              amazing_shirley
    403c101bad56        docker-dev:master   "hack/dind bash"         3 days ago          Up 3 days                               agitated_swartz
    0dc4b7f6c6be        nginx:alpine        "/docker-entrypoint.…"   4 days ago          Up 4 days           80/tcp              container2
    2d99abcc6f62        nginx:alpine        "/docker-entrypoint.…"   4 days ago          Up 4 days           80/tcp              container99
    9f9aa90173ac        nginx:alpine        "/docker-entrypoint.…"   4 days ago          Up 4 days           80/tcp              foo

    docker image ls

    REPOSITORY          TAG                    IMAGE ID            CREATED             SIZE
    docker-cli-dev      latest                 5f603caa04aa        4 hours ago         610MB
    docker-cli-native   latest                 9dd29f8d387b        4 hours ago         519MB
    docker-dev          master                 8132bf7a199e        3 days ago          2.02GB
    docker-dev          improve-build-errors   69e208994b3f        11 days ago         2.01GB
    docker-dev          refactor-idtools       69e208994b3f        11 days ago         2.01GB

After:

    docker container stats

    CONTAINER ID   NAME              CPU %     MEM USAGE / LIMIT     MEM %     NET I/O          BLOCK I/O   PIDS
    29184b3ae391   amazing_shirley   0.14%     5.703MiB / 1.944GiB   0.29%     1.44kB / 0B      0B / 0B     10
    403c101bad56   agitated_swartz   0.15%     56.97MiB / 1.944GiB   2.86%     10.2MB / 206kB   0B / 0B     51
    0dc4b7f6c6be   container2        0.00%     1016KiB / 1.944GiB    0.05%     12.9kB / 0B      0B / 0B     5
    2d99abcc6f62   container99       0.00%     956KiB / 1.944GiB     0.05%     13kB / 0B        0B / 0B     5
    9f9aa90173ac   foo               0.00%     980KiB / 1.944GiB     0.05%     13kB / 0B        0B / 0B     5

    docker container ls

    CONTAINER ID   IMAGE               COMMAND                  CREATED          STATUS          PORTS     NAMES
    29184b3ae391   docker-cli-dev      "ash"                    12 minutes ago   Up 12 minutes             amazing_shirley
    403c101bad56   docker-dev:master   "hack/dind bash"         3 days ago       Up 3 days                 agitated_swartz
    0dc4b7f6c6be   nginx:alpine        "/docker-entrypoint.…"   4 days ago       Up 4 days       80/tcp    container2
    2d99abcc6f62   nginx:alpine        "/docker-entrypoint.…"   4 days ago       Up 4 days       80/tcp    container99
    9f9aa90173ac   nginx:alpine        "/docker-entrypoint.…"   4 days ago       Up 4 days       80/tcp    foo

    docker image ls

    REPOSITORY          TAG                    IMAGE ID       CREATED         SIZE
    docker-cli-dev      latest                 5f603caa04aa   4 hours ago     610MB
    docker-cli-native   latest                 9dd29f8d387b   4 hours ago     519MB
    docker-dev          master                 8132bf7a199e   3 days ago      2.02GB
    docker-dev          improve-build-errors   69e208994b3f   11 days ago     2.01GB
    docker-dev          refactor-idtools       69e208994b3f   11 days ago     2.01GB

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-31 16:31:15 +02:00
Sebastiaan van Stijn b951b5b8c9
formatter: minor refactor to reduce needless conversions
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-28 23:09:27 +02:00
Tibor Vass 8fc038afe7
Merge pull request #2694 from thaJeztah/fix_vbomml_util
Replace vbom.ml/util with fvbommel/sortorder
2020-08-28 16:00:24 +02:00
Sebastiaan van Stijn 6703919c71
Replace vbom.ml/util with fvbommel/sortorder
The vanity domain is down, and the project has moved
to a new location.

vendor check started failing because of this:

    Collecting initial packages
    Download dependencies
    unrecognized import path "vbom.ml/util" (https fetch: Get https://vbom.ml/util?go-get=1: dial tcp: lookup vbom.ml on 169.254.169.254:53: no such host)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-28 15:35:42 +02:00
Brian Goff 612567cb21
Merge pull request #2678 from thaJeztah/fix_rm_force_exit_status
Return zero exit-code when force-removing non-existing containers
2020-08-27 14:40:08 -07:00
Sebastiaan van Stijn ca35f2973a
Merge pull request #2646 from horpto/patch-1
Add shorthand for --tail option
2020-08-17 17:19:03 +02:00
Sebastiaan van Stijn 9a071a993a
Return zero exit-code when force-removing non-existing containers
When using `docker rm` / `docker container rm` with the `-f` / `--force` option, attempts to remove non-existing containers should print a warning, but should return a zero exit code ("successful").

Currently, a non-zero exit code is returned, marking the removal as "failed";

	$ docker rm -fv 798c9471b695
	Error: No such container: 798c9471b695
	$ echo $?
	1

The command should match the behavior of `rm` / `rm -f`, with the exception that
a warning is printed (instead of silently ignored):

Running `rm` with `-f` silences output and returns a zero exit code:

    touch some-file && rm -f no-such-file some-file; echo exit code: $?; ls -la
    # exit code: 0
    # total 0
    # drwxr-xr-x    2 sebastiaan  staff    64 Aug 14 12:17 .
    # drwxr-xr-x  199 sebastiaan  staff  6368 Aug 14 12:13 ..

    mkdir some-directory && rm -rf no-such-directory some-directory; echo exit code: $?; ls -la
    # exit code: 0
    # total 0
    # drwxr-xr-x    2 sebastiaan  staff    64 Aug 14 12:17 .
    # drwxr-xr-x  199 sebastiaan  staff  6368 Aug 14 12:13 ..

Note that other reasons for a delete to fail should still result in a non-zero
exit code, matching the behavior of `rm`. For instance, in the example below,
the `rm` failed because directories can only be removed if the `-r` option is used;

    touch some-file && mkdir some-directory && rm -f some-directory no-such-file some-file; echo exit code: $?; ls -la
    # rm: some-directory: is a directory
    # exit code: 1
    # total 0
    # drwxr-xr-x    3 sebastiaan  staff    96 Aug 14 14:15 .
    # drwxr-xr-x  199 sebastiaan  staff  6368 Aug 14 12:13 ..
    # drwxr-xr-x    2 sebastiaan  staff    64 Aug 14 14:15 some-directory

This patch updates the `docker rm` / `docker container rm` command to not produce
an error when attempting to remove a missing containers, and instead only print
the error, but return a zero (0) exit code.

With this patch applied:

    docker create --name mycontainer busybox \
    && docker rm nosuchcontainer mycontainer; \
    echo exit code: $?; \
    docker ps -a --filter name=mycontainer
    # df23cc8573f00e97d6e948b48d9ea7d75ce3b4faaab4fe1d3458d3bfa451f39d
    # mycontainer
    # Error: No such container: nosuchcontainer
    # exit code: 0
    # CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-14 16:17:40 +02:00
horpto 0b7147a2a5 fix docs, completion and docker service
Signed-off-by: horpto <__Singleton__@hackerdom.ru>
2020-08-06 17:37:08 +03:00
Sebastiaan van Stijn 2fc608cea6
Fix order of processing of some xx-add/xx-rm service update flags
Combining `-add` and `-rm` flags on `docker service update` should
be usable to explicitly replace existing options. The current order
of processing did not allow this, causing the `-rm` flag to remove
properties that were specified in `-add`. This behavior was inconsistent
with (for example) `--host-add` and `--host-rm`.

This patch updates the behavior to first remove properties, then
add new properties.

Note that there's still some improvements to make, to make the removal
more granulas (e.g. to make `--label-rm label=some-value` only remove
the label if value matches `some-value`); these changes are left for
a follow-up.

Before this change:
-----------------------------

Create a service with two env-vars

```bash
docker service create --env FOO=bar --env BAR=baz  --name=test nginx:alpine
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Env }}' test | jq .
[
  "FOO=bar",
  "BAR=baz"
]
```

Update the service, with the intent to replace the value of `FOO` for a new value

```bash
docker service update  --env-rm FOO --env-add FOO=updated-foo test
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Env }}' test | jq .
[
  "BAR=baz"
]
```

Create a service with two labels

```bash
docker service create --label FOO=bar --label BAR=baz  --name=test nginx:alpine
docker service inspect --format '{{json .Spec.Labels }}' test | jq .
{
  "BAR": "baz",
  "FOO": "bar"
}
```

Update the service, with the intent to replace the value of `FOO` for a new value

```bash
docker service update  --label-rm FOO --label-add FOO=updated-foo test
docker service inspect --format '{{json .Spec.Labels }}' test | jq .
{
  "BAR": "baz"
}
```

Create a service with two container labels

```bash
docker service create --container-label FOO=bar --container-label BAR=baz  --name=test nginx:alpine
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Labels }}' test | jq .
{
  "BAR": "baz",
  "FOO": "bar"
}
```

Update the service, with the intent to replace the value of `FOO` for a new value

```bash
docker service update  --container-label-rm FOO --container-label-add FOO=updated-foo test
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Labels }}' test | jq .
{
  "BAR": "baz",
}
```

With this patch applied:
--------------------------------

Create a service with two env-vars

```bash
docker service create --env FOO=bar --env BAR=baz  --name=test nginx:alpine
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Env }}' test | jq .
[
  "FOO=bar",
  "BAR=baz"
]
```

Update the service, and replace the value of `FOO` for a new value

```bash
docker service update  --env-rm FOO --env-add FOO=updated-foo test
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Env }}' test | jq .
[
  "BAR=baz",
  "FOO=updated-foo"
]
```

Create a service with two labels

```bash
docker service create --label FOO=bar --label BAR=baz  --name=test nginx:alpine
docker service inspect --format '{{json .Spec.Labels }}' test | jq .
{
  "BAR": "baz",
  "FOO": "bar"
}
```

Update the service, and replace the value of `FOO` for a new value

```bash
docker service update  --label-rm FOO --label-add FOO=updated-foo test
docker service inspect --format '{{json .Spec.Labels }}' test | jq .
{
  "BAR": "baz",
  "FOO": "updated-foo"
}
```

Create a service with two container labels

```bash
docker service create --container-label FOO=bar --container-label BAR=baz  --name=test nginx:alpine
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Labels }}' test | jq .
{
  "BAR": "baz",
  "FOO": "bar"
}
```

Update the service, and replace the value of `FOO` for a new value

```bash
docker service update  --container-label-rm FOO --container-label-add FOO=updated-foo test
docker service inspect --format '{{json .Spec.TaskTemplate.ContainerSpec.Labels }}' test | jq .
{
  "BAR": "baz",
  "FOO": "updated-foo"
}
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-04 19:09:59 +02:00
Sebastiaan van Stijn 1d9ee72178
Merge pull request #2654 from tonistiigi/rosetta
support emulated version detection
2020-07-30 21:40:01 +02:00
Tonis Tiigi e531875ff0 support emulated version detection
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-07-30 11:38:29 -07:00
Albin Kerouanton 21da11c5fd
docker service inspect fails when TaskTemplate.Resources is nil
When doing `docker service inspect --pretty` on services without
`TaskTemplate.Resources` or `TaskTemplate.Resources.Limits`, the command
fails. This is due to a missing check on ResourceLimitPids().

This bug has been introduced by 395a6d560d
and produces following error message:

```
Template parsing error: template: :139:10: executing "" at <.ResourceLimitPids>: error calling ResourceLimitPids: runtime error: invalid memory address or nil pointer dereference
```

Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
2020-07-28 22:38:33 +02:00
horpto 04ab71457a Add shorthand for --tail option
I chose -n shorthand as it's similar with linux `tail` command.

Signed-off-by: Александр Менщиков <__Singleton__@hackerdom.ru>
2020-07-23 15:25:12 +03:00
Wang Yumu 1f907fb7ba Add DefaultAddressPools to docker info output #40388
Signed-off-by: Wang Yumu <37442693@qq.com>
2020-07-22 01:45:30 +08:00
Sebastiaan van Stijn 251861237a
Replace mattn/go-shellwords with google/shlex
Both libaries provide similar functionality. We're currently using
Google Shlex in more places, so prefering that one for now, but we
could decide to switch to mattn/go-shellwords in future if that
library is considered better (it looks to be more actively maintained,
but that may be related to it providing "more features").

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-20 10:20:42 +02:00
Brian Goff bece8cc41c
Merge pull request #2626 from thaJeztah/test_cleanup 2020-07-16 09:58:16 -07:00
Sebastiaan van Stijn 75ab44af6f
Fix ConfigFile.Save() replacing symlink with file
In situations where `~/.docker/config.json` was a symlink, saving
the file would replace the symlink with a file, instead of updating
the target file location;

    mkdir -p ~/.docker
    touch ~/real-config.json
    ln -s ~/real-config.json ~/.docker/config.json

    ls -la ~/.docker/config.json
    # lrwxrwxrwx 1 root root 22 Jun 23 12:34 /root/.docker/config.json -> /root/real-config.json

    docker login
    # Username: thajeztah
    # Password:

    # Login Succeeded

    ls -la ~/.docker/config.json
    -rw-r--r-- 1 root root 229 Jun 23 12:36 /root/.docker/config.json

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-16 11:35:41 +02:00
Sebastiaan van Stijn 0c2fe385bf
cli/formatter: reformat TestImageContext test cases
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-16 11:34:52 +02:00
Sebastiaan van Stijn d642de78f3
cli/command/formatter: remove deprecated compareMultipleValues() utility
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-16 11:34:50 +02:00
Silvin Lubecki e4e754bb74
Merge pull request #2595 from cpuguy83/handle_close_error_on_save
Handle errors on close in config file write.
2020-07-15 17:40:10 +02:00
Silvin Lubecki cae16e70b9
Merge pull request #2599 from thaJeztah/ignore_empty_configfile
config: ignore empty config file instead of printing warning
2020-07-09 15:27:29 +02:00
Sebastiaan van Stijn fde22be3ea
TestServiceUpdateResolveImageChanged: use subtests
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-06 14:58:40 +02:00
Sebastiaan van Stijn 732d8b51a8
un-wrap some code
The wrapping made the code harder to read (and in some cases destracted
from the actual code flow).

Some of these functions take too many arguments; instead of hiding that,
it probably better to make it apparent that something needs to be done
(and fix it :-)).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-06 14:55:17 +02:00
Sebastiaan van Stijn 47fce8f4bc
clean-up "resolve image" option logic
- change `validateResolveImageFlag()` to only perform _validation_,
  and not combine it with modifying the option.
- use a `switch` instead of `if` in `validateResolveImageFlag()`
- `deployServices()`: break up some `switch` cases to make them
  easier to read/understand the logic.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-06 14:55:08 +02:00
Sebastiaan van Stijn cce2f7fd9c
refactor opts tests
- TestParseRunAttach: use subtests to reduce cyclomatic complexity
- TestParseRunWithInvalidArgs: use subtests, and check if the expected
  error is returned.
- Removed parseMustError() as it was mostly redundant

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-01 14:45:47 +02:00
Brian Wieder a6cfbd2351 Added env-file flag to docker exec
Signed-off-by: Brian Wieder <brian@4wieders.com>
2020-06-29 18:32:44 -04:00
Silvin Lubecki e0654a584b
Merge pull request #2604 from thaJeztah/skip_on_mac
command/container: skip some tests on macOS
2020-06-26 16:05:58 +02:00
Sebastiaan van Stijn 1c31e193c0
command/container: skip some tests on macOS
These tests failed when running natively on macOS;

    unknown server OS: darwin

Skipping them, like we do on Windows

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-26 15:37:44 +02:00
Silvin Lubecki a03c2c65a1
Merge pull request #2581 from thaJeztah/config_simplify
config: remove redundant os.Stat()
2020-06-25 15:29:52 +02:00
Sebastiaan van Stijn 969580a887
config: ignore empty config file instead of printing warning
Before this change, a warning would be printed if the `~/.docker/config.json`
file was empty:

    mkdir -p ~/.docker && touch ~/.docker/config.json
    docker pull busybox
    WARNING: Error loading config file: /root/.docker/config.json: EOF
    Using default tag: latest
    ....

Given that we also accept an empty "JSON" file (`{}`), it should be
okay to ignore an empty file, as it's effectively a configuration file
with no custom options set.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-23 14:51:28 +02:00
Brian Goff d02173090f Handle errors on close in config file write.
I'm not sure if this fixes anything, however I have seen some weird
behavior on Windows where temp config files are left around and there
doesn't seem to be any errors reported.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-06-19 11:26:30 -07:00
Sebastiaan van Stijn 851eeb9639
Add support for pids limit in stacks (swarm)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-18 21:25:08 +02:00
Sebastiaan van Stijn 395a6d560d
Add support for --limit-pids on service create / update (swarm)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-18 21:25:02 +02:00
Sebastiaan van Stijn ba2a712ff0
Merge pull request #2583 from simonferquel/logout-config-out-of-sync2
Don't filter out registries to logout from with config file contents
2020-06-17 17:31:36 +02:00
Sebastiaan van Stijn a8df5e974e
Merge pull request #2580 from dominikbraun/2565-remove-image-images-alias
Remove 'images' alias from 'image ls' command
2020-06-16 00:09:41 +02:00
Sebastiaan van Stijn 077af8151f
Merge pull request #2578 from cpuguy83/anotate_os_version
Added support for setting OS version in docker manifest annotate.
2020-06-15 19:31:17 +02:00
Dominik Braun 1570025f00 Remove 'images' alias from 'image ls' command
Signed-off-by: Dominik Braun <Dominik.Braun@nbsp.de>

Remove assertion for 'images' alias of 'image ls'

Signed-off-by: Dominik Braun <Dominik.Braun@nbsp.de>
2020-06-15 17:48:43 +02:00
Simon Ferquel 6248f2fb6f Don't filter out registries to logout from with config file contents
Previously, if a registry AuthInfo was not present in the CLI config file, docker logout could not be used
to ask the credential helper to forget about it. It causes problem for people working with
multiple alternative config files, and it causes problems for cases like Docker Desktop w/ WSL 2, as
it uses the same win32 credential helper as the Windows CLI, but a different config file, leading to
bugs where I cannot logout from a registry from wsl2 if I logged in from Windows and vice-versa.

Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2020-06-15 14:29:37 +02:00
Sebastiaan van Stijn 0d57a400b3
vendor: docker/docker aaf470eca7b588aa19e6681bff8bf08d17be1bf2
full diff: 41ac6bef8d...aaf470eca7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-15 13:32:53 +02:00
Sebastiaan van Stijn 89089fb419
config: remove redundant os.Stat()
There's no need to perform an `os.Stat()` first, because
`os.Open()` also returns the same errors if the file does
not exist, or couldn't be opened for other reasons.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-15 11:08:56 +02:00
Sebastiaan van Stijn 494f30a1a5
config: fix error message using incorrect filename
Before:

    echo 'invalid-json' > ~/.dockercfg
    docker pull hello-world
    WARNING: Error loading config file: /root/.docker/config.json: Invalid Auth config file

After:

    echo 'invalid-json' > ~/.dockercfg
    docker pull hello-world
    WARNING: Error loading config file: /root/.dockercfg: Invalid Auth config file

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-12 22:30:10 +02:00
Saswat Bhattacharya bc5f102244 Added support for setting OS version in docker manifest annotate.
Signed-off-by: Saswat Bhattacharya <sas.saswat@gmail.com>
2020-06-12 12:04:03 -07:00
Sebastiaan van Stijn af2c31c4a7
Merge pull request #2572 from simonferquel/context-dont-loose-additional-fields
Don't loose additional metadata fields when read/writing contexts metadata
2020-06-12 10:59:23 +02:00
Tibor Vass 31822ff745
Merge pull request #2551 from cpuguy83/platform_on_create
Platform on create
2020-06-11 11:35:32 -07:00
Simon Ferquel 2ab4b4d536 Don't loose additional metadata fields
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2020-06-10 15:07:23 +02:00
Sebastiaan van Stijn a3af1f47da
Use consistent name for errors
This prevents inconsistent errors when using a symlink, or when renaming
the binary;

Before this change;

    ln -s $(which docker) toto
    ./toto rune
    docker: 'rune' is not a docker command.

    ./toto run daslkjadslkjdaslkj
    Unable to find image 'adslkjadslakdsj:latest' locally
    ./toto: Error response from daemon: pull access denied for adslkjadslakdsj, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.

After this change:

    ln -s $(which docker) toto
    ./toto rune
    docker: 'rune' is not a docker command.

    ./toto run daslkjadslkjdaslkj
    Unable to find image 'adslkjadslakdsj:latest' locally
    docker: Error response from daemon: pull access denied for adslkjadslakdsj, repository does not exist or may require 'docker login': denied: requested access to the resource is den>

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-09 16:24:35 +02:00
Sebastiaan van Stijn 8f14db8df2
Merge pull request #2555 from devisions/timestam_with_z_doc_upd
Explicit Z on logs timestamp examples
2020-06-04 17:53:52 +02:00
Tonis Tiigi d30970e3b1 ssh: avoid setting flags through hostname
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-05-28 20:08:35 +00:00
devisions 1183a3e6e7 Explicit Z on logs timestamp examples
Signed-off-by: devisions <marius.ileana@gmail.com>
2020-05-28 15:24:07 +03:00
Brian Goff ccd9d633bb Set platform on container create API.
Previously we only set the platform when performing a pull, which is
only initiated if pull always is set, or if the image reference does not
exist in the daemon.

The daemon now supports specifying which platform you wanted on
container create so it can validate the image reference is the platform
you thought you were getting.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-05-27 17:16:56 -07:00
Daniil Nikolenko cb010db830 Fix bug with panic when DOCKER_CLI_EXPERIMENTAL environment variable is incorrect
Signed-off-by: Daniil Nikolenko <qoo2p5@gmail.com>
2020-05-24 23:21:20 +03:00
Silvin Lubecki 54f766d240 Partially revert cf663b526a as it breaks the version negotiation with an older docker engine.
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2020-05-20 16:10:43 +02:00
Silvin Lubecki ce2a9faf1b
Merge pull request #2517 from thaJeztah/compose_file_build_extra_hosts
compose: add build.extra_hosts to v3.9 schema
2020-05-11 17:18:48 +02:00
Sebastiaan van Stijn 0c5f97ed72
compose: add build.extra_hosts to v3.9 schema
This is not currently used by the CLI, but can be used by
docker compose to bring parity on this feature with the
compose v2.4 schema.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-10 20:01:03 +02:00
Sebastiaan van Stijn bb7ef2cb3a
Update some uses of errors.Cause() to errors.Is()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-10 19:56:35 +02:00
Brian Goff f7185d27e1
Merge pull request #2161 from thaJeztah/config_dont_init
config: don't call homedir on init()
2020-05-07 11:20:40 -07:00
Silvin Lubecki 7cd6e893a1
Merge pull request #2500 from thaJeztah/version_context
Add "context" to "docker version" and "docker info"
2020-05-07 16:10:16 +02:00
Sebastiaan van Stijn 719169db63
Replace deprecated Cobra command.SetOutput() with command.SetOut()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-07 14:25:59 +02:00
Sebastiaan van Stijn bc938e4dea
docker info: add "context" to output
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-07 14:07:22 +02:00
Sebastiaan van Stijn 181e60499f
docker version: add "context" to output
This adds the currently selected "docker context" to the output
of "docker version", which allows users to see which context
is selected to produce the version output, and can be used (for
example), to set the prompt to the currently selected context:

(in `~/.bashrc`):

```bash
function docker_context_prompt() {
        PS1="context: $(docker version --format='{{.Client.Context}}')> "
}

PROMPT_COMMAND=docker_context_prompt
```

After reloading the `~/.bashrc`, the prompt now shows the currently selected
`docker context`:

```bash
$ source ~/.bashrc
context: default> docker context create --docker host=unix:///var/run/docker.sock my-context
my-context
Successfully created context "my-context"
context: default> docker context use my-context
my-context
Current context is now "my-context"
context: my-context> docker context use default
default
Current context is now "default"
context: default>
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-07 14:07:15 +02:00
Sebastiaan van Stijn 4f058143c7
Merge pull request #2262 from dperny/swarm-jobs
Add jobs support to CLI
2020-05-06 17:00:01 +02:00
Sebastiaan van Stijn 80a2256478
Swarm init: use local IPNetSliceValue
This flag type was not yet merged upstream, so instead of
using a fork of spf13/pflag, define the type locally, so that
we can vendor the upstream package again.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-04 16:30:50 +02:00
Silvin Lubecki 9387b99c36
Merge pull request #2376 from davidwtf/master
try http for docker manifest --insecure
2020-05-04 16:19:38 +02:00
Akihiro Suda dbc61787a7 info: print Cgroup Version
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-04-30 06:48:12 +09:00
Drew Erny 9375644e34 Add jobs support to CLI
* Added two new modes accepted by the `--mode` flag
  * `replicated-job` creates a replicated job
  * `global-job` creates a global job.
* When using `replicated-job` mode, the `replicas` flag sets the
  `TotalCompletions` parameter of the job. This is the total number of
  tasks that will run
* Added a new flag, `max-concurrent`, for use with `replicated-job`
  mode. This flag sets the `MaxConcurrent` parameter of the job, which
  is the maximum number of replicas the job will run simultaneously.
* When using `replicated-job` or `global-job` mode, using any of the
  update parameter flags will result in an error, as jobs cannot be
  updated in the traditional sense.
* Updated the `docker service ls` UI to include the completion status
  (completed vs total tasks) if the service is a job.
* Updated the progress bars UI for service creation and update to
  support jobs. For jobs, there is displayed a bar covering the overall
  progress of the job (the number of tasks completed over the total
  number of tasks to complete).
* Added documentation explaining the use of the new flags, and of jobs
  in general.

Signed-off-by: Drew Erny <derny@mirantis.com>
2020-04-24 11:22:10 -05:00
Sebastiaan van Stijn d0a80bf445
update docker, replace github.com/docker/pkg/term, github.com/docker/pkg/mount
These packages are now living in their own repository. Updating
docker/docker to replace the dependencies.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:16:13 +02:00
Sebastiaan van Stijn 8a30653ed5
config: don't call homedir on init()
This patch changes the package to lazily obtain the user's home-
directory on first use, instead of when initializing the package.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-21 17:25:22 +02:00
Silvin Lubecki 9fee14a814
Merge pull request #2432 from thaJeztah/network_prune_improve_message
improve "network prune" output to mention custom networks only
2020-04-21 17:06:42 +02:00
Silvin Lubecki ae66898200
Merge pull request #2424 from thaJeztah/lazy_feature_detection
cli: perform feature detection lazily
2020-04-15 16:42:26 +02:00
Sebastiaan van Stijn f88ae74135
Add "host-gateway" to tests for extra_hosts / --add-host
67ebcd6dcf added an exception for
the "host-gateway" magic value to the validation rules, but didn't
add thise value to any of the tests.

This patch adds the magic value to tests, to verify the validation
is skipped for this magic value.

Note that validation on the client side is "optional" and mostly
done to provide a more user-friendly error message for regular
values (IP-addresses).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-15 09:52:55 +02:00
Akihiro Suda a4a07c6430 calculateMemUsageUnixNoCache: subtract total_inactive_file, not cache
The new stat definition corresponds to containerd/CRI and cadvisor.

c1115d4e57/pkg/server/container_stats_list_unix.go (L106-L129)
307d1b1cb3

Fix https://github.com/moby/moby/issues/40727

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-04-11 08:13:21 +09:00
Sebastiaan van Stijn b39739123b
cli: perform feature detection lazily
- Perform feature detection when actually needed, instead of during
  initializing
- Version negotiation is performed either when making an API request,
  or when (e.g.) running `docker help` (to hide unsupported features)
- Use a 2 second timeout when 'pinging' the daemon; this should be
  sufficient for most cases, and when feature detection failed, the
  daemon will still perform validation (and produce an error if needed)
- context.WithTimeout doesn't currently work with ssh connections (connhelper),
  so we're only applying this timeout for tcp:// connections, otherwise
  keep the old behavior.

Before this change:

    time sh -c 'DOCKER_HOST=tcp://42.42.42.41:4242 docker help &> /dev/null'
    real   0m32.919s
    user   0m0.370s
    sys    0m0.227s

    time sh -c 'DOCKER_HOST=tcp://42.42.42.41:4242 docker context ls &> /dev/null'
    real   0m32.072s
    user   0m0.029s
    sys    0m0.023s

After this change:

    time sh -c 'DOCKER_HOST=tcp://42.42.42.41:4242 docker help &> /dev/null'
    real   0m 2.28s
    user   0m 0.03s
    sys    0m 0.03s

    time sh -c 'DOCKER_HOST=tcp://42.42.42.41:4242 docker context ls &> /dev/null'
    real   0m 0.13s
    user   0m 0.02s
    sys    0m 0.02s

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-10 16:33:21 +02:00
Sebastiaan van Stijn a88a1bea23
docker build: check experimental --platform on pre-run
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-10 16:33:15 +02:00
Sebastiaan van Stijn eb93a865ed
improve "network prune" output to mention custom networks only
The `docker network prune` command removes unused custom networks,
but built-in networks won't be removed. This patch updates the
message to mention that it's only removing custom networks.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-10 13:45:10 +02:00
Silvin Lubecki ad256ba023
Merge pull request #2426 from thaJeztah/fix_test_env
test: make sure environment vars are reset after tests
2020-04-09 17:39:24 +02:00
Sebastiaan van Stijn 19bcebd122
test: make sure environment vars are reset after tests
The trust tests were not resetting the environment after they
ran, which could result in tests following those tests to fail.

While at it, I also updated some other tests to use gotest.tools

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-09 13:40:45 +02:00
Sebastiaan van Stijn 650c717580
TestHistoryContext_CreatedSince: skip on non-UTC environments
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-09 13:38:52 +02:00
Tengfei Wang 83478fe7cb try http for docker manifest --insecure
Signed-off-by: Tengfei Wang <tfwang@alauda.io>
2020-03-24 23:42:33 +08:00
Dominik Braun 9d9568263f Replace 'numeric' with object in -q description
Signed-off-by: Dominik Braun <Dominik.Braun@nbsp.de>
2020-03-02 10:28:52 +01:00
Silvin Lubecki c3b48c5c9c
Merge pull request #2343 from thaJeztah/fix_prune_flag_description
Fix builder prune -a/--all flag description
2020-02-26 16:22:29 +01:00
Silvin Lubecki 30d6ee997b
Merge pull request #2357 from thaJeztah/gofmt_test
gofmt compose loader test
2020-02-26 15:23:57 +01:00
Sebastiaan van Stijn 2c0e93063b
bump gotest.tools v3.0.1 for compatibility with Go 1.14
full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-23 00:28:55 +01:00
Sebastiaan van Stijn 5ef0fa10de
gofmt compose loader test
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-22 18:22:27 +01:00
Sebastiaan van Stijn 11869fa42a
fix panic on single-character volumes
Before this change, this would cause a panic:

    docker run -it --rm -v 1:/1 alpine
    panic: runtime error: index out of range

    goroutine 1 [running]:
    github.com/docker/cli/cli/compose/loader.isFilePath(0xc42027e058, 0x1, 0x557dcb978c20)
    ...

After this change, a correct error is returned:

    docker run -it --rm -v 1:/1 alpine
    docker: Error response from daemon: create 1: volume name is too short, names should be at least two alphanumeric characters.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-21 01:38:52 +01:00
Sebastiaan van Stijn aad9d2c958
Fix builder prune -a/--all flag description
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-18 14:30:28 +01:00
Andrii Berehuliak 80b22064d1
Improve service tasks grouping on printing
When printing services' tasks with `docker service ps` command, tasks are grouped only by task slot.
This leads to interleaving tasks from different services when `docker service ps` is called with multiple services.

Besides this, global services do not have slots at all and printing tasks for them doesn't group and
doesn't properly indent tasks with \_.

With this patch all tasks are grouped by service ID, slot and node ID (relevant only for global services) and it fixes issue 533.

Before this patch:

```console
docker service ps a b c

ID                  NAME                              IMAGE               NODE                DESIRED STATE       CURRENT STATE                     ERROR               PORTS
xbzm6ed776yw        c.j1afavbqqhr21jvnid3nnfoyt       nginx:alpine        docker-desktop      Running             Running 5 seconds ago
4mcsovp8ckwn         \_ c.j1afavbqqhr21jvnid3nnfoyt   nginx:alpine        docker-desktop      Shutdown            Shutdown 6 seconds ago
qpcgdsx1r21a        b.1                               nginx:alpine        docker-desktop      Running             Running 2 seconds ago
kfjo1hly92l4        a.1                               nginx:alpine        docker-desktop      Running             Running 5 seconds ago
pubrerosvsw5        b.1                               nginx:alpine        docker-desktop      Shutdown            Shutdown 3 seconds ago
fu08gfi8tfyv        a.1                               nginx:alpine        docker-desktop      Shutdown            Shutdown 7 seconds ago
pu6qmgyoibq4        b.2                               nginx:alpine        docker-desktop      Running             Ready 1 second ago
tz1n4hjne6pk         \_ b.2                           nginx:alpine        docker-desktop      Shutdown            Shutdown less than a second ago
xq8dogqcbxd2        a.2                               nginx:alpine        docker-desktop      Running             Running 44 seconds ago
rm40lofzed0h        a.3                               nginx:alpine        docker-desktop      Running             Starting less than a second ago
sqqj2n9fpi82        b.3                               nginx:alpine        docker-desktop      Running             Running 5 seconds ago
prv3gymkvqk6         \_ b.3                           nginx:alpine        docker-desktop      Shutdown            Shutdown 6 seconds ago
qn7c7jmjuo76        a.3                               nginx:alpine        docker-desktop      Shutdown            Shutdown less than a second ago
wi9330mbabpg        a.4                               nginx:alpine        docker-desktop      Running             Running 2 seconds ago
p5oy6h7nkvc3         \_ a.4                           nginx:alpine        docker-desktop      Shutdown            Shutdown 3 seconds ago
```

After this patch:

```console
docker service ps a b c

ID                  NAME                              IMAGE               NODE                DESIRED STATE       CURRENT STATE             ERROR               PORTS
kfjo1hly92l4        a.1                               nginx:alpine        docker-desktop      Running             Running 32 seconds ago
fu08gfi8tfyv         \_ a.1                           nginx:alpine        docker-desktop      Shutdown            Shutdown 34 seconds ago
3pam0limnn24        a.2                               nginx:alpine        docker-desktop      Running             Running 23 seconds ago
xq8dogqcbxd2         \_ a.2                           nginx:alpine        docker-desktop      Shutdown            Shutdown 24 seconds ago
rm40lofzed0h        a.3                               nginx:alpine        docker-desktop      Running             Running 26 seconds ago
qn7c7jmjuo76         \_ a.3                           nginx:alpine        docker-desktop      Shutdown            Shutdown 27 seconds ago
wi9330mbabpg        a.4                               nginx:alpine        docker-desktop      Running             Running 29 seconds ago
p5oy6h7nkvc3         \_ a.4                           nginx:alpine        docker-desktop      Shutdown            Shutdown 30 seconds ago
qpcgdsx1r21a        b.1                               nginx:alpine        docker-desktop      Running             Running 29 seconds ago
pubrerosvsw5         \_ b.1                           nginx:alpine        docker-desktop      Shutdown            Shutdown 30 seconds ago
pu6qmgyoibq4        b.2                               nginx:alpine        docker-desktop      Running             Running 26 seconds ago
tz1n4hjne6pk         \_ b.2                           nginx:alpine        docker-desktop      Shutdown            Shutdown 27 seconds ago
sqqj2n9fpi82        b.3                               nginx:alpine        docker-desktop      Running             Running 32 seconds ago
prv3gymkvqk6         \_ b.3                           nginx:alpine        docker-desktop      Shutdown            Shutdown 33 seconds ago
xbzm6ed776yw        c.j1afavbqqhr21jvnid3nnfoyt       nginx:alpine        docker-desktop      Running             Running 32 seconds ago
4mcsovp8ckwn         \_ c.j1afavbqqhr21jvnid3nnfoyt   nginx:alpine        docker-desktop      Shutdown            Shutdown 33 seconds ago
```

Signed-off-by: Andrii Berehuliak <berkusandrew@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-17 14:47:12 +01:00
Sebastiaan van Stijn c84f95815d
Remove deprecated docker search --automated and --stars flags
The `docker search --automated` and `docker search --stars` options were
deprecated in release v1.12.0, and scheduled for removal in v17.09.

This patch removes the deprecated flags, in favor of their equivalent
`--filter` options (`docker search --filter=is-automated=<true|false>` and
`docker search --filter=stars=...`).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-13 17:19:54 +01:00
Silvin Lubecki 88cb93b063
Merge pull request #2303 from thaJeztah/revert_ssh_mux
revert "connhelper: use ssh multiplexing"
2020-02-13 15:15:25 +01:00
Sebastiaan van Stijn 9b549401b6
vendor: update docker to 58c2615208962a458ed94f4b6262eb27e5e021cd
full diff: a9507c6f76...58c2615208

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-12 18:45:12 +01:00
Sebastiaan van Stijn 8ef8547eb6
Merge pull request #2024 from rgulewich/1988-run-cgroupns-mode
docker run: specify cgroup namespace mode with --cgroupns
2020-02-11 11:16:05 +01:00