When re-deploying a stack without re-resolving the image digest,
the service's ContainerSpec was updated with the image-reference
as specified in the stack/compose file.
As a result, the image-digest that was resolved in a previous
deploy was overwritten, causing the service to be re-deployed.
This patch preserves the previously resolve image-digest
by copying it from the current service spec.
A unit test is also added to verify that the image information
in the service spec is not updated if QueryRegistry is disabled.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Some network environments may have NATs, proxies, or gateways which
kill idle connections. There are many Docker API operations which may
be idle for long periods of time (such as ContainerWait and ContainerAttach)
and may result in unexpected connection closures or hangs if TCP keepalives
are not used.
This patch updates the default HTTP transport used by the Docker client
package to enable TCP Keep-Alive with a keep-alive interval of 30 seconds.
It also sets a connect timeout of 30 seconds.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Ports that were picked from the ephemeral port range
were presented as `*:0->80/tcp`.
This patch changes the presentation to use the
actually assigned port, instead of the port specified
in `Endpoint.Spec` (which is always empty/zero (`0`))
Before this change;
ID NAME MODE REPLICAS IMAGE PORTS
5d44i665qj66 with-random-port replicated 1/1 nginx:alpine *:0->80/tcp
After this change;
ID NAME MODE REPLICAS IMAGE PORTS
5d44i665qj66 with-random-port replicated 1/1 nginx:alpine *:30000->80/tcp
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Change to enable volume name can be customized.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Change to enable volume name can be customized.
Remove unused debug info.
Address comments from Daniel and solve the lint error.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address Daniel's comments to print warning message when name of external volume is set in loader code.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address Daniel's comments to return error when external volume is set in loader code.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address Daniel's comments to return error when external volume is set in loader code.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Remove the case that specifying external volume name in full-example.yml.
More fix.
Add unit test.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address comments from Daniel, move the schema change to v3.4.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address comments from Sebastiaan. Signed-off-by: Liping Xue <lipingxue@gmail.com>
Address comments from Misty.
Signed-off-by: Liping Xue <lipingxue@gmail.com>
The "until" filter is supported by all object types, except for
volumes.
Before this patch, the "until" filter would attempted to be used for the volume
prune endpoint, resulting in an error being returned by the daemon, and
further prune endpoints (networks, images) to be skipped.
$ docker system prune --filter until=24h --filter label=label.foo=bar
WARNING! This will remove:
- all stopped containers
- all volumes not used by at least one container
- all networks not used by at least one container
- all dangling images
Are you sure you want to continue? [y/N] y
Error response from daemon: Invalid filter 'until'
Calling POST /v1.30/containers/prune?filters=%7B%22label%22%3A%7B%22label.foo%3D%3Dbar%22%3Atrue%7D%2C%22until%22%3A%7B%2224h%22%3Atrue%7D%7D
Calling POST /v1.30/volumes/prune?filters=%7B%22label%22%3A%7B%22label.foo%3D%3Dbar%22%3Atrue%7D%2C%22until%22%3A%7B%2224h%22%3Atrue%7D%7D
Handler for POST /v1.30/volumes/prune returned error: Invalid filter 'until'
Error response from daemon: Invalid filter 'until'
With this patch, an error is produced instead, preventing "partial" prune.
$ docker system prune --filter until=24h --filter label=foo==bar --volumes
ERROR: The "until" filter is not supported with "--volumes"
Note that `docker volume prune` does not have this problem, and produces an
error if the `until` filter is used;
$ docker volume prune --filter until=24h
WARNING! This will remove all volumes not used by at least one container.
Are you sure you want to continue? [y/N] y
Error response from daemon: Invalid filter 'until'
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Adapt "image prune" and "build cache prune" to have
the same signature as the other prune commands, so
that they can all be added to the "pruneFuncs" array.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit changes the order stacks and nodes are displayed.
For example, running "docker stack ls" is expected to
display the following list:
NAME SERVICES
service-1 1
service-2 1
service-10 1
However, currently this is what is printed:
NAME SERVICES
service-1 1
service-10 1
service-2 1
To fix this, "docker stack ls" and "docker node ls" are using
natural sorting to make it more human readable.
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
Also update gometalinter to use the official version. The update
found some new gosimple errors, which are fixed.
Also update the filewatcher script for the latest version of filewatcher.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
This:
* conflicts with --password (naturally)
* conflicts with the absence of --username (both can't be grabbed by the
stdin)
* strips a trailing newline off the password if it exists
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
When running `docker stack rm <some stack>` against an older daemon,
a warning was printed for "configs" being ignored;
WARNING: ignoring "configs" (requires API version 1.30, but the Docker daemon API version is 1.26)
Given that an old daemon cannot _have_ configs, there should not be
a need to warn, or _attempt_ to remove these resources.
This patch removes the warning, and skips fetching (and removing)
configs.
A check if _secrets_ are supported by the daemon is also added,
given that this would result in an error when attempted against
an older (pre 1.13) daemon.
There is one situation where this could lead to secrets or
configs being left behind; if the client is connecting to a
daemon that _does_ support secrets, configs, but the API version
is overridden using `DOCKER_API_VERSION`, no warning is printed,
and secrets and configs are not attempted to be removed.
Given that `DOCKER_API_VERSION` is regarded a feature for
debugging / "power users", it should be ok to ignore this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Yassine TIJANI <yasstij11@gmail.com>
moving the deffering of the close after the error checking
Signed-off-by: Yassine TIJANI <yasstij11@gmail.com>
fixing SIGSEGV when running containers
Signed-off-by: Yassine TIJANI <yasstij11@gmail.com>
The `err` variable was set in a loop, so only
the last result was taken into account to return
"failure" or not.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Split out a swarmCAOptions struct for options that are shared between
the ca and update commands.
Change the 'no trust root' message to an error.
Add some unit tests.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
If a task encounters an error, the interactive "service create" and
"service update" commands should show that error instead of showing a
stuck progress bar.
To validate:
docker service create --detach=false --name broken --restart-condition=none --replicas 3 busybox asdf
and
docker service create --detach=false --name broken --mode global --restart-condition none busybox asdf
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This was only showing tasks that belong to nodes that are currently up,
so that tasks on down nodes don't appear to be stuck. But this
unintentionally excludes tasks that haven't been assigned yet, so if a
task is stuck before assignment, for example because no nodes meet its
constraints, a progress bar won't even be shown. The check should only
apply to tasks that have a node assignment.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Running `docker inspect --format "{{.ID}} {{.Size}}" alpine` prints
sha256:651aa95985aa4a17a38ffcf71f598ec461924ca96865facc2c5782ef2d2be07f 3983636
While `docker inspect --format "{{.Id}} {{.Size}}" alpine` prints
sha256:651aa95985aa4a17a38ffcf71f598ec461924ca96865facc2c5782ef2d2be07f 3.983636e+06
This happens because "Id" is not a field of types.ImageInspect and thus
tryRawInspectFallback is called and converts the raw response into `interface{}`
using a JSON decoder. However, by default that decoder converts numbers into
`float64` unless `UseNumber` is set.
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
flags, including cert expiry, will be ignored, so warn if a user attempts
to use `docker swarm ca --cert-expiry` or something.
Signed-off-by: Ying Li <ying.li@docker.com>
This commit modifies config.json to allow for any proxies allowed in
build-args to be configured. These values will then be used
by default as build-args in docker build.
Signed-off-by: Dave Tucker <dt@docker.com>
Signed-off-by: zebrilee <zebrilee@gmail.com>
revert change on docker.go, set HasExperimental to true in cli.go
Signed-off-by: zebrilee <zebrilee@gmail.com>
This fix use `scope=swarm` for service related network inspect.
The purpose is that, in case multiple networks with the same
name exist in different scopes, it is still possible to obtain
the network for services.
This fix is related to moby/moby#33630 and docker/cli#167
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
If configs are declared for a service and pointing on an old
daemon, error out properly (instead of "page not found").
If there is no configs declared, don't call convertServiceConfigObjs
to avoid having an error.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Commit 78c204ef79 added
(f9bd8ec8b268581f93095c5a80679f0a8ff498bf in the moby repo)
a validation to prevent `--rollback` from being used
in combination with other flags that update the
service spec.
This validation was not taking into account that
some flags only affect the CLI behavior, and
are okay to be used when rolling back.
This patch updates the validation, and adds
`--quiet` and `--detach` to the list of allowed
flags.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `docker login -e` / `docker login --email` option was deprecated in
Docker 1.11 (https://github.com/moby/moby/releases/tag/v1.11.0) through
aee260d4eb3aa0fc86ee5038010b7bbc24512ae5 (April 2016), and when used has
been outputing a deprecation warning since;
Flag --email has been deprecated, will be removed in 17.06.
Originally this option was scheduled to be removed in docker 1.13, but
extended to docker 17.06 due to a change in our deprecation policy.
Given that only docker 1.10 and older use this flag (which is EOL, including
for CS versions, as of February 2017), will now be removed.
With this patch, `docker login` will now produce an Error if the flag
is used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
For stack compose files, use filepath.IsAbs instead of path.IsAbs, for
bind-mounted service volumes, because filepath.IsAbs handles Windows
paths, while path.IsAbs does not.
Signed-off-by: John Stephens <johnstep@docker.com>
The docker CLI matches objects either by ID _prefix_
or a full name match, but not partial name matches.
The correct order of resolution is;
- Full ID match (a name should not be able to mask an ID)
- Full name
- ID-prefix
This patch changes the way services are matched.
Also change to use the first matching service, if there's a
full match (by ID or Name) instead of continue looking for
other possible matches.
Error handling changed;
- Do not error early if multiple services were requested
and one or more services were not found. Print the
services that were not found after printing those that
_were_ found instead
- Print an error if ID-prefix matching is ambiguous
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn
Josh Hawn
Sebastiaan van Stijn
Vincent Demeester
Antonis Kalipetis
Liping Xue
Darren Stahl
Christophe Robin
khaled souf
Daniel Nephin
Alex Mavrogiannis
Boaz Shuster
Kenfe-Mickaël Laventure
Vincent Demeester
Ying Li
Tycho Andersen
Aaron Lehmann
Yassine TIJANI
Daniel Nephin
Victor Vieux
Arash Deshmeh
Harald Albers
Charlie Drage
Tonis Tiigi
Brian Goff
Dave Tucker
zebrilee
Yong Tang
Rogelio Canedo
Shukui Yang
Nishant Totla
John Stephens