Commit Graph

9371 Commits

Author SHA1 Message Date
Derek McGowan fcaa89f296 Support for docker content trust for plugins
Add integration test for docker content trust

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-12-27 12:51:00 -08:00
Brian Goff d4404e6d1c Merge pull request #29666 from tonistiigi/client-deps
Clean up client binary dependencies
2016-12-27 15:01:24 -05:00
Brian Goff 0f686b1e45 Merge pull request #29716 from yongtang/28885-docker-stack-ps-all
Remove `docker stack ps -a` to match removal of `docker service/node ps -a`
2016-12-27 13:56:01 -05:00
allencloud 4e68d651b3 fix nits in comments
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-12-27 23:30:50 +08:00
Tonis Tiigi c41bfce39a Move builder cli helper functions to own pkg
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-12-26 18:53:22 -08:00
Tonis Tiigi bcc61e1300 Define PushResult in api types
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-12-26 18:53:22 -08:00
Yong Tang 65be5677bd Remove `docker stack ps -a` to match removal of `docker service/node ps -a`
In #28507 and #28885, `docker service/node ps -a` has been removed so that
information about slots are show up even without `-a` flag.

The output of `docker stack ps` reused the same output as `docker service/node ps`.
However, the `-a` was still there. It might make sense to remove `docker stack ps -a`
as well to bring consistency with `docker service/node ps`.

This fix is related to #28507, #28885, and #25983.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-12-26 13:47:43 -08:00
allencloud 3e7dca7900 split function out of command description scope
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-12-26 13:50:00 +08:00
Sebastiaan van Stijn f459796896 Minor cleanups in cli/command/container
This change does some minor cleanups in the
cli/command/container package;

- sort imports
- replace `fmt.Fprintf()` with `fmt.Fprintln()` if no formatting is used
- replace `fmt.Errorf()` with `errors.New()` if no formatting is used
- remove some redundant `else`'s

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-12-26 01:33:25 +01:00
Vincent Demeester d29175b73c Move package cliconfig to cli/config
I felt it made more sence 👼

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-12-25 20:31:52 +01:00
Vincent Demeester bfe47a124a Move package cliconfig to cli/config
I felt it made more sence 👼

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-12-25 20:31:52 +01:00
Vincent Demeester 6726879382 Clean some stuff from runconfig that are cli only…
… or could be in `opts` package. Having `runconfig/opts` and `opts`
doesn't really make sense and make it difficult to know where to put
some code.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-12-24 13:16:00 +01:00
Tonis Tiigi 66f7194250 Implement content addressability for plugins
Move plugins to shared distribution stack with images.

Create immutable plugin config that matches schema2 requirements.

Ensure data being pushed is same as pulled/created.

Store distribution artifacts in a blobstore.

Run init layer setup for every plugin start.

Fix breakouts from unsafe file accesses.

Add support for `docker plugin install --alias`

Uses normalized references for default names to avoid collisions when using default hosts/tags.

Some refactoring of the plugin manager to support the change, like removing the singleton manager and adding manager config struct.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2016-12-23 13:29:58 -08:00
Tonis Tiigi 2825296deb Implement content addressability for plugins
Move plugins to shared distribution stack with images.

Create immutable plugin config that matches schema2 requirements.

Ensure data being pushed is same as pulled/created.

Store distribution artifacts in a blobstore.

Run init layer setup for every plugin start.

Fix breakouts from unsafe file accesses.

Add support for `docker plugin install --alias`

Uses normalized references for default names to avoid collisions when using default hosts/tags.

Some refactoring of the plugin manager to support the change, like removing the singleton manager and adding manager config struct.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2016-12-23 13:29:58 -08:00
Anusha Ragunathan ae76b43227 Merge pull request #29599 from anusha-ragunathan/refcount
Enforce zero plugin refcount during disable, not remove.
2016-12-22 15:38:54 -08:00
Anusha Ragunathan 4b933cc26d Merge pull request #29599 from anusha-ragunathan/refcount
Enforce zero plugin refcount during disable, not remove.
2016-12-22 15:38:54 -08:00
Anusha Ragunathan bf3250ae0a Enforce zero plugin refcount during disable.
When plugins have a positive refcount, they were not allowed to be
removed. However, plugins could still be disabled when volumes
referenced it and containers using them were running.

This change fixes that by enforcing plugin refcount during disable.
A "force" disable option is also added to ignore reference refcounting.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-12-22 13:26:53 -08:00
Anusha Ragunathan fa7cceeb4a Enforce zero plugin refcount during disable.
When plugins have a positive refcount, they were not allowed to be
removed. However, plugins could still be disabled when volumes
referenced it and containers using them were running.

This change fixes that by enforcing plugin refcount during disable.
A "force" disable option is also added to ignore reference refcounting.

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-12-22 13:26:53 -08:00
Yong Tang d04375bd4a Support multiple service IDs on "docker service ps"
This fix tries to address issue raised in 25228 to support
multiple service IDs on `docker service ps`.

Multiple IDs are allowed with `docker service ps ...`, and
related documentation has been updated.

A test has been added to cover the changes.

This fix fixes 25228.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-12-22 11:33:47 -08:00
Sebastiaan van Stijn 6c1299e819 Merge pull request #29314 from vdemeester/no-more-utils
Remove the utils package
2016-12-22 15:21:05 +01:00
Vincent Demeester ea51e6159f Merge pull request #29603 from mstanleyjones/docker_diff_improvements
Clarify what docker diff shows
2016-12-22 15:15:01 +01:00
Vincent Demeester 3f9924077a Merge pull request #29565 from yuexiao-wang/fix-typo-tls
Change tls to TLS
2016-12-22 12:10:09 +01:00
Vincent Demeester 8cc02f31eb Merge pull request #29565 from yuexiao-wang/fix-typo-tls
Change tls to TLS
2016-12-22 12:10:09 +01:00
Brian Goff 9b17b8ea18 Merge pull request #29212 from yongtang/29185-docker-inspect
Fix `docker plugin inspect <unkown object>` issue on Windows
2016-12-21 15:47:17 -05:00
Brian Goff 63677ef495 Merge pull request #28714 from thaJeztah/move-logdriver-check-to-daemon
move check for supported drivers to daemon
2016-12-21 13:47:30 -05:00
Brian Goff b373d1b81e Merge pull request #29491 from yongtang/12162016-stats-error
Improve error output for `docker stats ...`
2016-12-21 13:19:20 -05:00
Brian Goff fe406bb866 Merge pull request #29527 from allencloud/change-minor-mistake
change minor mistake of spelling
2016-12-21 13:15:00 -05:00
Brian Goff a4be350fb0 Merge pull request #29527 from allencloud/change-minor-mistake
change minor mistake of spelling
2016-12-21 13:15:00 -05:00
WANG Yuexiao fe5937d0a7 Remove unused var 'errTLSConfigUnavailable' (#29626)
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2016-12-21 06:41:14 -05:00
Yong Tang 86a07d3fec Fix `docker plugin inspect <unkown object>` issue on Windows
This fix is a follow up for comment:
https://github.com/docker/docker/pull/29186/files#r91277345

While #29186 addresses the issue of `docker inspect <unknown object>`
on Windows, it actually makes `docker plugin inspect <unknown object>`
out `object not found` on Windows as well. This is actually misleading
as plugin is not supported on Windows.

This fix reverted the change in #29186 while at the same time,
checks `not supported` in `docker inspect <unknown object>` so that
- `docker plugin inspect <unknown object>` returns `not supported` on Windows
- `docker inspect <unknown object>` returns `not found` on Windows

This fix is related to #29186 and #29185.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-12-20 21:05:10 -08:00
Misty Stanley-Jones 606a16a07d Clarify what docker diff shows
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2016-12-20 17:03:11 -08:00
Tibor Vass df760c86cf Merge pull request #29470 from cyli/ask-for-unlock-key-only-if-locked
Check if a swarm is locked before asking a user to enter their unlock key
2016-12-20 13:21:47 -08:00
yuexiao-wang d044b55ee0 Change tls to TLS
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2016-12-20 22:08:07 +08:00
yuexiao-wang 1e7c22c80a Change tls to TLS
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2016-12-20 22:08:07 +08:00
allencloud 693328f346 change minor mistake of spelling
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-12-20 21:05:19 +08:00
allencloud 3c8d009c7a change minor mistake of spelling
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-12-20 21:05:19 +08:00
Yong Tang 23ab849f06 Fix misleading default for `--replicas`
This fix tries to address the issue raised in 29291 where
the output of `--replicas` in `service create/update`:
```
      --replicas uint                    Number of tasks (default none)
```
is misleading. User might incorrectly assume the number of replicas
would be `0` (`none`) by default, while the actual default is `1`.

The issue comes from the fact that some of the default values are
from daemon and it is not possible for client to find out the default
value.

In this case, it might be better to just simply not displaying `(default none)`.

This fix returns "" for `Uint64Opt` so that `(default none)` is hidden.

In addition to `--replicas`, this fix also changes
`--restart-delay`, `--restart-max-attempts`, `--stop-grace-period`,
`--health-interval`, `--health-timeout`, and `--restart-window`
in a similiar fashion.

New Output:
```
      --health-interval duration         Time between running the check (ns|us|ms|s|m|h)
      --health-timeout duration          Maximum time to allow one check to run (ns|us|ms|s|m|h)
...
      --replicas uint                    Number of tasks
...
      --restart-delay duration           Delay between restart attempts (ns|us|ms|s|m|h)
      --restart-max-attempts uint        Maximum number of restarts before giving up
      --restart-window duration          Window used to evaluate the restart policy (ns|us|ms|s|m|h)
...
      --stop-grace-period duration       Time to wait before force killing a container (ns|us|ms|s|m|h)
```

The docs has been updated. Note the docs for help output of `service create/update`
is out of sync with the current master. This fix replace with the update-to-date
help output.

This fix fixes 29291.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-12-19 19:35:05 -08:00
Tibor Vass 285710d3c8 Merge pull request #29246 from thaJeztah/improve-swarm-check-in-inspect
Ignore certificate expiry error for top-level inspect
2016-12-19 15:37:53 -08:00
Tõnis Tiigi 91f9b72481 Merge pull request #29339 from dmcgowan/plugins-abstract-download-manager
Abstract layerstore from pull/push distribution code
2016-12-19 13:32:28 -08:00
Derek McGowan 476adcfd20 Abstract distribution interfaces from image specific types
Move configurations into a single file.
Abstract download manager in pull config.
Add supports for schema2 only and schema2 type checking.
Add interface for providing push layers.
Abstract image store to generically handle configurations.

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2016-12-19 10:55:00 -08:00
Sebastiaan van Stijn 8246c49498 remove client-side for supported logging drivers
The `docker logs` command performed a
client-side check if the container's
logging driver was supported.

Now that we allow the client to connect
to both "older" and "newer" daemon versions,
this check is best done daemon-side.

This patch remove the check on the client
side, and leaves validation to the daemon,
which should be the source of truth.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-12-19 14:30:01 +01:00
Sebastiaan van Stijn 1f57f07070 Improve validation for volume specs
The current validation only checked for the
number of elements in the volume-spec, however,
did not validate if the elements were empty.

Because of this, an empty volume-spec (""),
or volume spec only containing separators ("::")
would not be invalidated.

This adds a simple check for empty elements in
the volume-spec, and returns an error if
the spec is invalid.

A unit-test is also added to verify the behavior.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-12-19 01:50:08 +01:00
Sebastiaan van Stijn bc4590fd7d fix conversion of anonymous volumes in compose-file
the `convertVolumeToMount()` function did not take
anonymous volumes into account when converting
volume specifications to bind-mounts.

this resulted in the conversion to try to
look up an empty "source" volume, which
lead to an error;

    undefined volume:

this patch distinguishes "anonymous"
volumes from bind-mounts and named-volumes,
and skips further processing if no source
is defined (i.e. the volume is "anonymous").

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-12-18 16:50:32 +01:00
Sebastiaan van Stijn a3c24bf450 Merge pull request #28629 from yongtang/28581-secret-create-input
Add `--file` flag for `docker secret create` command
2016-12-18 03:04:10 +01:00
Yong Tang c6b3fcbe32 Improve error output for `docker stats ...`
While looking into `docker stats <c1> <c2> ...` I noticed that
the error output is quite long, especially if there are multiple errors:
```sh
ubuntu@ubuntu:~/docker$ docker stats nofound
: Error response from daemon: No such container: nofound
ubuntu@ubuntu:~/docker$ docker stats nofound foo bar
: Error response from daemon: No such container: nofound, : Error response from daemon: No such container: foo, : Error response from daemon: No such container: bar
```

There are several issues,
1. There is an extra `: ` at the beginning. That is because if container is not found,
the name will not be available from the daemon.
2. Multiple errors are concatenated with `, ` which will be quite long.

This fix:
1. Only prient out the error from daemon.
2. Multiple errors are printed out line by line.

Below is the new output:
```sh
ubuntu@ubuntu:~/docker$ docker stats nofound
Error response from daemon: No such container: nofound
ubuntu@ubuntu:~/docker$ docker stats nofound foo bar
Error response from daemon: No such container: nofound
Error response from daemon: No such container: foo
Error response from daemon: No such container: bar
```

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-12-17 16:51:11 -08:00
Sebastiaan van Stijn fc1222118d Merge pull request #29423 from unclejack/api_cli_integ_return
return directly without ifs in remaining packages
2016-12-17 21:30:47 +01:00
Ying Li e4102ce61e Before asking a user for the unlock key when they run `docker swarm unlock`, actually
check to see if the node is part of a swarm, and if so, if it is unlocked first.
If neither of these are true, abort the command.

Signed-off-by: Ying Li <ying.li@docker.com>
2016-12-16 17:16:55 -08:00
Tõnis Tiigi 368e309073 Merge pull request #29456 from cpuguy83/fix_client_events_race
Fixes a race condition in client events monitoring
2016-12-16 17:07:43 -08:00
Vincent Demeester 15bcbad07a Merge pull request #29003 from dnephin/pkg-compose-transform
Move composefile -> engine api type conversion to `cli/compose/convert`
2016-12-16 23:34:41 +01:00
Daniel Nephin c4ea22972f Move pkg to cli/compose/convert
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2016-12-16 12:27:31 -05:00