mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Merge fix
This commit is contained in:
commit
0d2fb29537
20 changed files with 402 additions and 130 deletions
10
README.md
10
README.md
|
@ -35,7 +35,7 @@ for containerization, including Linux with [openvz](http://openvz.org), [vserver
|
|||
|
||||
Docker builds on top of these low-level primitives to offer developers a portable format and runtime environment that solves
|
||||
all 4 problems. Docker containers are small (and their transfer can be optimized with layers), they have basically zero memory and cpu overhead,
|
||||
the are completely portable and are designed from the ground up with an application-centric design.
|
||||
they are completely portable and are designed from the ground up with an application-centric design.
|
||||
|
||||
The best part: because docker operates at the OS level, it can still be run inside a VM!
|
||||
|
||||
|
@ -46,7 +46,7 @@ Docker does not require that you buy into a particular programming language, fra
|
|||
Is your application a unix process? Does it use files, tcp connections, environment variables, standard unix streams and command-line
|
||||
arguments as inputs and outputs? Then docker can run it.
|
||||
|
||||
Can your application's build be expressed a sequence of such commands? Then docker can build it.
|
||||
Can your application's build be expressed as a sequence of such commands? Then docker can build it.
|
||||
|
||||
|
||||
## Escape dependency hell
|
||||
|
@ -70,7 +70,7 @@ Docker solves dependency hell by giving the developer a simple way to express *a
|
|||
and streamline the process of assembling them. If this makes you think of [XKCD 927](http://xkcd.com/927/), don't worry. Docker doesn't
|
||||
*replace* your favorite packaging systems. It simply orchestrates their use in a simple and repeatable way. How does it do that? With layers.
|
||||
|
||||
Docker defines a build as running a sequence unix commands, one after the other, in the same container. Build commands modify the contents of the container
|
||||
Docker defines a build as running a sequence of unix commands, one after the other, in the same container. Build commands modify the contents of the container
|
||||
(usually by installing new files on the filesystem), the next command modifies it some more, etc. Since each build command inherits the result of the previous
|
||||
commands, the *order* in which the commands are executed expresses *dependencies*.
|
||||
|
||||
|
@ -293,7 +293,7 @@ a format that is self-describing and portable, so that any compliant runtime can
|
|||
|
||||
The spec for Standard Containers is currently a work in progress, but it is very straightforward. It mostly defines 1) an image format, 2) a set of standard operations, and 3) an execution environment.
|
||||
|
||||
A great analogy for this is the shipping container. Just like Standard Containers are a fundamental unit of software delivery, shipping containers (http://bricks.argz.com/ins/7823-1/12) are a fundamental unit of physical delivery.
|
||||
A great analogy for this is the shipping container. Just like how Standard Containers are a fundamental unit of software delivery, shipping containers (http://bricks.argz.com/ins/7823-1/12) are a fundamental unit of physical delivery.
|
||||
|
||||
### 1. STANDARD OPERATIONS
|
||||
|
||||
|
@ -321,7 +321,7 @@ Similarly, before Standard Containers, by the time a software component ran in p
|
|||
|
||||
### 5. INDUSTRIAL-GRADE DELIVERY
|
||||
|
||||
There are 17 million shipping containers in existence, packed with every physical good imaginable. Every single one of them can be loaded on the same boats, by the same cranes, in the same facilities, and sent anywhere in the World with incredible efficiency. It is embarrassing to think that a 30 ton shipment of coffee can safely travel half-way across the World in *less time* than it takes a software team to deliver its code from one datacenter to another sitting 10 miles away.
|
||||
There are 17 million shipping containers in existence, packed with every physical good imaginable. Every single one of them can be loaded onto the same boats, by the same cranes, in the same facilities, and sent anywhere in the World with incredible efficiency. It is embarrassing to think that a 30 ton shipment of coffee can safely travel half-way across the World in *less time* than it takes a software team to deliver its code from one datacenter to another sitting 10 miles away.
|
||||
|
||||
With Standard Containers we can put an end to that embarrassment, by making INDUSTRIAL-GRADE DELIVERY of software a reality.
|
||||
|
||||
|
|
32
api.go
32
api.go
|
@ -283,23 +283,17 @@ func postImagesCreate(srv *Server, w http.ResponseWriter, r *http.Request, vars
|
|||
|
||||
src := r.Form.Get("fromSrc")
|
||||
image := r.Form.Get("fromImage")
|
||||
repo := r.Form.Get("repo")
|
||||
tag := r.Form.Get("tag")
|
||||
repo := r.Form.Get("repo")
|
||||
|
||||
in, out, err := hijackServer(w)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer in.Close()
|
||||
fmt.Fprintf(out, "HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n")
|
||||
if image != "" { //pull
|
||||
registry := r.Form.Get("registry")
|
||||
if err := srv.ImagePull(image, tag, registry, out); err != nil {
|
||||
fmt.Fprintf(out, "Error: %s\n", err)
|
||||
if err := srv.ImagePull(image, tag, registry, w); err != nil {
|
||||
return err
|
||||
}
|
||||
} else { //import
|
||||
if err := srv.ImageImport(src, repo, tag, in, out); err != nil {
|
||||
fmt.Fprintf(out, "Error: %s\n", err)
|
||||
if err := srv.ImageImport(src, repo, tag, r.Body, w); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
|
@ -335,15 +329,9 @@ func postImagesInsert(srv *Server, w http.ResponseWriter, r *http.Request, vars
|
|||
}
|
||||
name := vars["name"]
|
||||
|
||||
in, out, err := hijackServer(w)
|
||||
if err != nil {
|
||||
if err := srv.ImageInsert(name, url, path, w); err != nil {
|
||||
return err
|
||||
}
|
||||
defer in.Close()
|
||||
fmt.Fprintf(out, "HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n")
|
||||
if err := srv.ImageInsert(name, url, path, out); err != nil {
|
||||
fmt.Fprintf(out, "Error: %s\n", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -358,15 +346,9 @@ func postImagesPush(srv *Server, w http.ResponseWriter, r *http.Request, vars ma
|
|||
}
|
||||
name := vars["name"]
|
||||
|
||||
in, out, err := hijackServer(w)
|
||||
if err != nil {
|
||||
if err := srv.ImagePush(name, registry, w); err != nil {
|
||||
return err
|
||||
}
|
||||
defer in.Close()
|
||||
fmt.Fprintf(out, "HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n")
|
||||
if err := srv.ImagePush(name, registry, out); err != nil {
|
||||
fmt.Fprintf(out, "Error: %s\n", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
49
api_test.go
49
api_test.go
|
@ -14,6 +14,7 @@ import (
|
|||
"net/http/httptest"
|
||||
"os"
|
||||
"path"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
)
|
||||
|
@ -587,45 +588,29 @@ func TestPostBuild(t *testing.T) {
|
|||
|
||||
srv := &Server{runtime: runtime}
|
||||
|
||||
stdin, stdinPipe := io.Pipe()
|
||||
stdout, stdoutPipe := io.Pipe()
|
||||
|
||||
c1 := make(chan struct{})
|
||||
go func() {
|
||||
defer close(c1)
|
||||
r := &hijackTester{
|
||||
ResponseRecorder: httptest.NewRecorder(),
|
||||
in: stdin,
|
||||
out: stdoutPipe,
|
||||
}
|
||||
|
||||
if err := postBuild(srv, r, nil, nil); err != nil {
|
||||
imgs, err := runtime.graph.All()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}()
|
||||
beginCount := len(imgs)
|
||||
|
||||
// Acknowledge hijack
|
||||
setTimeout(t, "hijack acknowledge timed out", 2*time.Second, func() {
|
||||
stdout.Read([]byte{})
|
||||
stdout.Read(make([]byte, 4096))
|
||||
})
|
||||
|
||||
setTimeout(t, "read/write assertion timed out", 2*time.Second, func() {
|
||||
if err := assertPipe("from docker-ut\n", "FROM docker-ut", stdout, stdinPipe, 15); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
})
|
||||
|
||||
// Close pipes (client disconnects)
|
||||
if err := closeWrap(stdin, stdinPipe, stdout, stdoutPipe); err != nil {
|
||||
req, err := http.NewRequest("POST", "/build", strings.NewReader(Dockerfile))
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Wait for build to finish, the client disconnected, therefore, Build finished his job
|
||||
setTimeout(t, "Waiting for CmdBuild timed out", 2*time.Second, func() {
|
||||
<-c1
|
||||
})
|
||||
r := httptest.NewRecorder()
|
||||
if err := postBuild(srv, r, req, nil); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
imgs, err = runtime.graph.All()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if len(imgs) != beginCount+3 {
|
||||
t.Fatalf("Expected %d images, %d found", beginCount+3, len(imgs))
|
||||
}
|
||||
}
|
||||
|
||||
func TestPostImagesCreate(t *testing.T) {
|
||||
|
|
21
commands.go
21
commands.go
|
@ -104,7 +104,7 @@ func (cli *DockerCli) CmdInsert(args ...string) error {
|
|||
v.Set("url", cmd.Arg(1))
|
||||
v.Set("path", cmd.Arg(2))
|
||||
|
||||
err := cli.hijack("POST", "/images/"+cmd.Arg(0)+"/insert?"+v.Encode(), false)
|
||||
err := cli.stream("POST", "/images/"+cmd.Arg(0)+"/insert?"+v.Encode(), nil, os.Stdout)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -587,7 +587,7 @@ func (cli *DockerCli) CmdImport(args ...string) error {
|
|||
v.Set("tag", tag)
|
||||
v.Set("fromSrc", src)
|
||||
|
||||
err := cli.hijack("POST", "/images/create?"+v.Encode(), false)
|
||||
err := cli.stream("POST", "/images/create?"+v.Encode(), os.Stdin, os.Stdout)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -644,7 +644,7 @@ func (cli *DockerCli) CmdPush(args ...string) error {
|
|||
|
||||
v := url.Values{}
|
||||
v.Set("registry", *registry)
|
||||
if err := cli.hijack("POST", "/images/"+name+"/push?"+v.Encode(), false); err != nil {
|
||||
if err := cli.stream("POST", "/images/"+name+"/push?"+v.Encode(), nil, os.Stdout); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
@ -675,7 +675,7 @@ func (cli *DockerCli) CmdPull(args ...string) error {
|
|||
v.Set("tag", *tag)
|
||||
v.Set("registry", *registry)
|
||||
|
||||
if err := cli.hijack("POST", "/images/create?"+v.Encode(), false); err != nil {
|
||||
if err := cli.stream("POST", "/images/create?"+v.Encode(), nil, os.Stdout); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
@ -880,7 +880,7 @@ func (cli *DockerCli) CmdExport(args ...string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
if err := cli.stream("GET", "/containers/"+cmd.Arg(0)+"/export"); err != nil {
|
||||
if err := cli.stream("GET", "/containers/"+cmd.Arg(0)+"/export", nil, os.Stdout); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
@ -1102,7 +1102,7 @@ func (cli *DockerCli) CmdRun(args ...string) error {
|
|||
if statusCode == 404 {
|
||||
v := url.Values{}
|
||||
v.Set("fromImage", config.Image)
|
||||
err = cli.hijack("POST", "/images/create?"+v.Encode(), false)
|
||||
err = cli.stream("POST", "/images/create?"+v.Encode(), nil, os.Stderr)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -1195,8 +1195,11 @@ func (cli *DockerCli) call(method, path string, data interface{}) ([]byte, int,
|
|||
return body, resp.StatusCode, nil
|
||||
}
|
||||
|
||||
func (cli *DockerCli) stream(method, path string) error {
|
||||
req, err := http.NewRequest(method, fmt.Sprintf("http://%s:%d%s", cli.host, cli.port, path), nil)
|
||||
func (cli *DockerCli) stream(method, path string, in io.Reader, out io.Writer) error {
|
||||
if (method == "POST" || method == "PUT") && in == nil {
|
||||
in = bytes.NewReader([]byte{})
|
||||
}
|
||||
req, err := http.NewRequest(method, fmt.Sprintf("http://%s:%d%s", cli.host, cli.port, path), in)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -1220,7 +1223,7 @@ func (cli *DockerCli) stream(method, path string) error {
|
|||
return fmt.Errorf("error: %s", body)
|
||||
}
|
||||
|
||||
if _, err := io.Copy(os.Stdout, resp.Body); err != nil {
|
||||
if _, err := io.Copy(out, resp.Body); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
|
|
@ -59,18 +59,13 @@ site:
|
|||
connect:
|
||||
@echo connecting dotcloud to www.docker.io website, make sure to use user 1
|
||||
@cd _build/website/ ; \
|
||||
dotcloud list ; \
|
||||
dotcloud connect dockerwebsite
|
||||
dotcloud connect dockerwebsite ;
|
||||
dotcloud list
|
||||
|
||||
push:
|
||||
@cd _build/website/ ; \
|
||||
dotcloud push
|
||||
|
||||
github-deploy: docs
|
||||
rm -fr github-deploy
|
||||
git clone ssh://git@github.com/dotcloud/docker github-deploy
|
||||
cd github-deploy && git checkout -f gh-pages && git rm -r * && rsync -avH ../_build/html/ ./ && touch .nojekyll && echo "docker.io" > CNAME && git add * && git commit -m "Updating docs"
|
||||
|
||||
$(VERSIONS):
|
||||
@echo "Hello world"
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ Docker Remote API
|
|||
|
||||
- The Remote API is replacing rcli
|
||||
- Default port in the docker deamon is 4243
|
||||
- The API tends to be REST, but for some complex commands, like attach or pull, the HTTP connection in hijacked to transport stdout stdin and stderr
|
||||
- The API tends to be REST, but for some complex commands, like attach or pull, the HTTP connection is hijacked to transport stdout stdin and stderr
|
||||
|
||||
2. Endpoints
|
||||
============
|
||||
|
@ -28,7 +28,7 @@ List containers
|
|||
|
||||
.. sourcecode:: http
|
||||
|
||||
GET /containers/ps?trunc_cmd=0&all=1&before=8dfafdbc3a40 HTTP/1.1
|
||||
GET /containers/ps?all=1&before=8dfafdbc3a40 HTTP/1.1
|
||||
|
||||
**Example response**:
|
||||
|
||||
|
|
|
@ -85,7 +85,7 @@ On top of being a runtime for LXC, Docker is the Registry client. It supports:
|
|||
5. Index returns true/false lettings registry know if it should proceed or error out
|
||||
6. Get the payload for all layers
|
||||
|
||||
It’s possible to run docker pull https://<registry>/repositories/samalba/busybox. In this case, docker bypasses the Index. However the security is not guaranteed (in case Registry A is corrupted) because there won’t be any checksum checks.
|
||||
It’s possible to run docker pull \https://<registry>/repositories/samalba/busybox. In this case, docker bypasses the Index. However the security is not guaranteed (in case Registry A is corrupted) because there won’t be any checksum checks.
|
||||
|
||||
Currently registry redirects to s3 urls for downloads, going forward all downloads need to be streamed through the registry. The Registry will then abstract the calls to S3 by a top-level class which implements sub-classes for S3 and local storage.
|
||||
|
||||
|
@ -245,8 +245,8 @@ API (pushing repos foo/bar):
|
|||
The Index has two main purposes (along with its fancy social features):
|
||||
|
||||
- Resolve short names (to avoid passing absolute URLs all the time)
|
||||
- username/projectname -> https://registry.docker.io/users/<username>/repositories/<projectname>/
|
||||
- team/projectname -> https://registry.docker.io/team/<team>/repositories/<projectname>/
|
||||
- username/projectname -> \https://registry.docker.io/users/<username>/repositories/<projectname>/
|
||||
- team/projectname -> \https://registry.docker.io/team/<team>/repositories/<projectname>/
|
||||
- Authenticate a user as a repos owner (for a central referenced repository)
|
||||
|
||||
3.1 Without an Index
|
||||
|
|
|
@ -58,7 +58,7 @@ Use the new image we just created and create a new container with network port 5
|
|||
.. code-block:: bash
|
||||
|
||||
docker logs $WEB_WORKER
|
||||
* Running on http://0.0.0.0:5000/
|
||||
* Running on \http://0.0.0.0:5000/
|
||||
|
||||
view the logs for the new container using the WEB_WORKER variable, and if everything worked as planned you should see the line "Running on http://0.0.0.0:5000/" in the log output.
|
||||
|
||||
|
@ -70,7 +70,7 @@ lookup the public-facing port which is NAT-ed store the private port used by the
|
|||
|
||||
.. code-block:: bash
|
||||
|
||||
curl http://`hostname`:$WEB_PORT
|
||||
curl \http://`hostname`:$WEB_PORT
|
||||
Hello world!
|
||||
|
||||
access the web app using curl. If everything worked as planned you should see the line "Hello world!" inside of your console.
|
||||
|
|
|
@ -15,7 +15,7 @@ Most frequently asked questions.
|
|||
|
||||
3. **Does Docker run on Mac OS X or Windows?**
|
||||
|
||||
Not at this time, Docker currently only runs on Linux, but you can use VirtualBox to run Docker in a virtual machine on your box, and get the best of both worlds. Check out the MacOSX_ and Windows_ intallation guides.
|
||||
Not at this time, Docker currently only runs on Linux, but you can use VirtualBox to run Docker in a virtual machine on your box, and get the best of both worlds. Check out the MacOSX_ and Windows_ installation guides.
|
||||
|
||||
4. **How do containers compare to virtual machines?**
|
||||
|
||||
|
@ -35,8 +35,8 @@ Most frequently asked questions.
|
|||
* `Ask questions on Stackoverflow`_
|
||||
* `Join the conversation on Twitter`_
|
||||
|
||||
.. _Windows: ../documentation/installation/windows.html
|
||||
.. _MacOSX: ../documentation/installation/macos.html
|
||||
.. _Windows: ../installation/windows/
|
||||
.. _MacOSX: ../installation/vagrant/
|
||||
.. _the repo: http://www.github.com/dotcloud/docker
|
||||
.. _IRC\: docker on freenode: irc://chat.freenode.net#docker
|
||||
.. _Github: http://www.github.com/dotcloud/docker
|
||||
|
|
|
@ -20,3 +20,4 @@ Contents:
|
|||
rackspace
|
||||
archlinux
|
||||
upgrading
|
||||
kernel
|
||||
|
|
149
docs/sources/installation/kernel.rst
Normal file
149
docs/sources/installation/kernel.rst
Normal file
|
@ -0,0 +1,149 @@
|
|||
.. _kernel:
|
||||
|
||||
Kernel Requirements
|
||||
===================
|
||||
|
||||
The officially supported kernel is the one recommended by the
|
||||
:ref:`ubuntu_linux` installation path. It is the one that most developers
|
||||
will use, and the one that receives the most attention from the core
|
||||
contributors. If you decide to go with a different kernel and hit a bug,
|
||||
please try to reproduce it with the official kernels first.
|
||||
|
||||
If for some reason you cannot or do not want to use the "official" kernels,
|
||||
here is some technical background about the features (both optional and
|
||||
mandatory) that docker needs to run successfully.
|
||||
|
||||
In short, you need kernel version 3.8 (or above), compiled to include
|
||||
`AUFS support <http://aufs.sourceforge.net/>`_. Of course, you need to
|
||||
enable cgroups and namespaces.
|
||||
|
||||
|
||||
Namespaces and Cgroups
|
||||
----------------------
|
||||
|
||||
You need to enable namespaces and cgroups, to the extend of what is needed
|
||||
to run LXC containers. Technically, while namespaces have been introduced
|
||||
in the early 2.6 kernels, we do not advise to try any kernel before 2.6.32
|
||||
to run LXC containers. Note that 2.6.32 has some documented issues regarding
|
||||
network namespace setup and teardown; those issues are not a risk if you
|
||||
run containers in a private environment, but can lead to denial-of-service
|
||||
attacks if you want to run untrusted code in your containers. For more details,
|
||||
see `[LP#720095 <https://bugs.launchpad.net/ubuntu/+source/linux/+bug/720095>`_.
|
||||
|
||||
Kernels 2.6.38, and every version since 3.2, have been deployed successfully
|
||||
to run containerized production workloads. Feature-wise, there is no huge
|
||||
improvement between 2.6.38 and up to 3.6 (as far as docker is concerned!).
|
||||
|
||||
Starting with version 3.7, the kernel has basic support for
|
||||
`Checkpoint/Restore In Userspace <http://criu.org/>`_, which is not used by
|
||||
docker at this point, but allows to suspend the state of a container to
|
||||
disk and resume it later.
|
||||
|
||||
Version 3.8 provides improvements in stability, which are deemed necessary
|
||||
for the operation of docker. Versions 3.2 to 3.5 have been shown to
|
||||
exhibit a reproducible bug (for more details, see issue
|
||||
`#407 <https://github.com/dotcloud/docker/issues/407>`_).
|
||||
|
||||
Version 3.8 also brings better support for the
|
||||
`setns() syscall <http://lwn.net/Articles/531381/>`_ -- but this should not
|
||||
be a concern since docker does not leverage on this feature for now.
|
||||
|
||||
If you want a technical overview about those concepts, you might
|
||||
want to check those articles on dotCloud's blog:
|
||||
`about namespaces <http://blog.dotcloud.com/under-the-hood-linux-kernels-on-dotcloud-part>`_
|
||||
and `about cgroups <http://blog.dotcloud.com/kernel-secrets-from-the-paas-garage-part-24-c>`_.
|
||||
|
||||
|
||||
Important Note About Pre-3.8 Kernels
|
||||
------------------------------------
|
||||
|
||||
As mentioned above, kernels before 3.8 are not stable when used with docker.
|
||||
In some circumstances, you will experience kernel "oopses", or even crashes.
|
||||
The symptoms include:
|
||||
|
||||
- a container being killed in the middle of an operation (e.g. an ``apt-get``
|
||||
command doesn't complete);
|
||||
- kernel messages including mentioning calls to ``mntput`` or
|
||||
``d_hash_and_lookup``;
|
||||
- kernel crash causing the machine to freeze for a few minutes, or even
|
||||
completely.
|
||||
|
||||
While it is still possible to use older kernels for development, it is
|
||||
really not advised to do so.
|
||||
|
||||
Docker checks the kernel version when it starts, and emits a warning if it
|
||||
detects something older than 3.8.
|
||||
|
||||
See issue `#407 <https://github.com/dotcloud/docker/issues/407>`_ for details.
|
||||
|
||||
|
||||
Extra Cgroup Controllers
|
||||
------------------------
|
||||
|
||||
Most control groups can be enabled or disabled individually. For instance,
|
||||
you can decide that you do not want to compile support for the CPU or memory
|
||||
controller. In some cases, the feature can be enabled or disabled at boot
|
||||
time. It is worth mentioning that some distributions (like Debian) disable
|
||||
"expensive" features, like the memory controller, because they can have
|
||||
a significant performance impact.
|
||||
|
||||
In the specific case of the memory cgroup, docker will detect if the cgroup
|
||||
is available or not. If it's not, it will print a warning, and it won't
|
||||
use the feature. If you want to enable that feature -- read on!
|
||||
|
||||
|
||||
Memory and Swap Accounting on Debian/Ubuntu
|
||||
-------------------------------------------
|
||||
|
||||
If you use Debian or Ubuntu kernels, and want to enable memory and swap
|
||||
accounting, you must add the following command-line parameters to your kernel::
|
||||
|
||||
cgroup_enable=memory swapaccount
|
||||
|
||||
On Debian or Ubuntu systems, if you use the default GRUB bootloader, you can
|
||||
add those parameters by editing ``/etc/default/grub`` and extending
|
||||
``GRUB_CMDLINE_LINUX``. Look for the following line::
|
||||
|
||||
GRUB_CMDLINE_LINUX=""
|
||||
|
||||
And replace it by the following one::
|
||||
|
||||
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount"
|
||||
|
||||
Then run ``update-grub``, and reboot.
|
||||
|
||||
|
||||
AUFS
|
||||
----
|
||||
|
||||
Docker currently relies on AUFS, an unioning filesystem.
|
||||
While AUFS is included in the kernels built by the Debian and Ubuntu
|
||||
distributions, is not part of the standard kernel. This means that if
|
||||
you decide to roll your own kernel, you will have to patch your
|
||||
kernel tree to add AUFS. The process is documented on
|
||||
`AUFS webpage <http://aufs.sourceforge.net/>`_.
|
||||
|
||||
Note: the AUFS patch is fairly intrusive, but for the record, people have
|
||||
successfully applied GRSEC and AUFS together, to obtain hardened production
|
||||
kernels.
|
||||
|
||||
If you want more information about that topic, there is an
|
||||
`article about AUFS on dotCloud's blog
|
||||
<http://blog.dotcloud.com/kernel-secrets-from-the-paas-garage-part-34-a>`_.
|
||||
|
||||
|
||||
BTRFS, ZFS, OverlayFS...
|
||||
------------------------
|
||||
|
||||
There is ongoing development on docker, to implement support for
|
||||
`BTRFS <http://en.wikipedia.org/wiki/Btrfs>`_
|
||||
(see github issue `#443 <https://github.com/dotcloud/docker/issues/443>`_).
|
||||
|
||||
People have also showed interest for `ZFS <http://en.wikipedia.org/wiki/ZFS>`_
|
||||
(using e.g. `ZFS-on-Linux <http://zfsonlinux.org/>`_) and OverlayFS.
|
||||
The latter is functionally close to AUFS, and it might end up being included
|
||||
in the stock kernel; so it's a strong candidate!
|
||||
|
||||
Would you like to `contribute
|
||||
<https://github.com/dotcloud/docker/blob/master/CONTRIBUTING.md>`_
|
||||
support for your favorite filesystem?
|
|
@ -15,4 +15,5 @@ Contents:
|
|||
basics
|
||||
workingwithrepository
|
||||
builder
|
||||
puppet
|
||||
|
||||
|
|
109
docs/sources/use/puppet.rst
Normal file
109
docs/sources/use/puppet.rst
Normal file
|
@ -0,0 +1,109 @@
|
|||
|
||||
.. _install_using_puppet:
|
||||
|
||||
Using Puppet
|
||||
=============
|
||||
|
||||
.. note::
|
||||
|
||||
Please note this is a community contributed installation path. The only 'official' installation is using the
|
||||
:ref:`ubuntu_linux` installation path. This version may sometimes be out of date.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
To use this guide you'll need a working installation of Puppet from `Puppetlabs <https://www.puppetlabs.com>`_ .
|
||||
|
||||
The module also currently uses the official PPA so only works with Ubuntu.
|
||||
|
||||
Installation
|
||||
------------
|
||||
|
||||
The module is available on the `Puppet Forge <https://forge.puppetlabs.com/garethr/docker/>`_
|
||||
and can be installed using the built-in module tool.
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
puppet module install garethr/docker
|
||||
|
||||
It can also be found on `GitHub <https://www.github.com/garethr/garethr-docker>`_
|
||||
if you would rather download the source.
|
||||
|
||||
Usage
|
||||
-----
|
||||
|
||||
The module provides a puppet class for installing docker and two defined types
|
||||
for managing images and containers.
|
||||
|
||||
Installation
|
||||
~~~~~~~~~~~~
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
include 'docker'
|
||||
|
||||
Images
|
||||
~~~~~~
|
||||
|
||||
The next step is probably to install a docker image, for this we have a
|
||||
defined type which can be used like so:
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
docker::image { 'base': }
|
||||
|
||||
This is equivalent to running:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
docker pull base
|
||||
|
||||
Note that it will only if the image of that name does not already exist.
|
||||
This is downloading a large binary so on first run can take a while.
|
||||
For that reason this define turns off the default 5 minute timeout
|
||||
for exec. Note that you can also remove images you no longer need with:
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
docker::image { 'base':
|
||||
ensure => 'absent',
|
||||
}
|
||||
|
||||
Containers
|
||||
~~~~~~~~~~
|
||||
|
||||
Now you have an image you can run commands within a container managed by
|
||||
docker.
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
docker::run { 'helloworld':
|
||||
image => 'base',
|
||||
command => '/bin/sh -c "while true; do echo hello world; sleep 1; done"',
|
||||
}
|
||||
|
||||
This is equivalent to running the following command, but under upstart:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
docker run -d base /bin/sh -c "while true; do echo hello world; sleep 1; done"
|
||||
|
||||
Run also contains a number of optional parameters:
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
docker::run { 'helloworld':
|
||||
image => 'base',
|
||||
command => '/bin/sh -c "while true; do echo hello world; sleep 1; done"',
|
||||
ports => ['4444', '4555'],
|
||||
volumes => ['/var/lib/counchdb', '/var/log'],
|
||||
volumes_from => '6446ea52fbc9',
|
||||
memory_limit => 10485760, # bytes
|
||||
username => 'example',
|
||||
hostname => 'example.com',
|
||||
env => ['FOO=BAR', 'FOO2=BAR2'],
|
||||
dns => ['8.8.8.8', '8.8.4.4'],
|
||||
}
|
||||
|
||||
Note that ports, env, dns and volumes can be set with either a single string
|
||||
or as above with an array of values.
|
BIN
docs/theme/docker/static/img/hiring_graphic.png
vendored
Normal file
BIN
docs/theme/docker/static/img/hiring_graphic.png
vendored
Normal file
Binary file not shown.
After Width: | Height: | Size: 6.8 KiB |
|
@ -127,6 +127,22 @@
|
|||
<h4>Repeatability</h4>
|
||||
<p>Because each container is isolated in its own filesystem, they behave the same regardless of where, when, and alongside what they run.</p>
|
||||
</section>
|
||||
<section class="contentblock">
|
||||
<div class="container">
|
||||
<div class="span2" style="margin-left: 0" >
|
||||
<a href="http://dotcloud.theresumator.com/apply/mWjkD4/Software-Engineer.html" title="Job description"><img src="static/img/hiring_graphic.png" width="140px" style="margin-top: 25px"></a>
|
||||
</div>
|
||||
<div class="span4" style="margin-left: 0">
|
||||
<h4>Do you think it is cool to hack on docker? Join us!</h4>
|
||||
<ul>
|
||||
<li>Work on open source</li>
|
||||
<li>Program in Go</li>
|
||||
</ul>
|
||||
<a href="http://dotcloud.theresumator.com/apply/mWjkD4/Software-Engineer.html" title="Job description">read more</a>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</section>
|
||||
</div>
|
||||
<div class="span6">
|
||||
<section class="contentblock">
|
||||
|
|
|
@ -175,7 +175,6 @@ func (r *Registry) GetRemoteTags(registries []string, repository string, token [
|
|||
}
|
||||
|
||||
func (r *Registry) GetRepositoryData(remote string) (*RepositoryData, error) {
|
||||
utils.Debugf("Pulling repository %s from %s\r\n", remote, auth.IndexServerAddress())
|
||||
repositoryTarget := auth.IndexServerAddress() + "/repositories/" + remote + "/images"
|
||||
|
||||
req, err := http.NewRequest("GET", repositoryTarget, nil)
|
||||
|
@ -327,10 +326,11 @@ func (r *Registry) PushImageJsonIndex(remote string, imgList []*ImgData, validat
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
utils.Debugf("json sent: %s\n", imgListJson)
|
||||
|
||||
req, err := http.NewRequest("PUT", auth.IndexServerAddress()+"/repositories/"+remote+"/", bytes.NewReader(imgListJson))
|
||||
var suffix string
|
||||
if validate {
|
||||
suffix = "images"
|
||||
}
|
||||
req, err := http.NewRequest("PUT", auth.IndexServerAddress()+"/repositories/"+remote+"/"+suffix, bytes.NewReader(imgListJson))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -362,6 +362,8 @@ func (r *Registry) PushImageJsonIndex(remote string, imgList []*ImgData, validat
|
|||
defer res.Body.Close()
|
||||
}
|
||||
|
||||
var tokens, endpoints []string
|
||||
if !validate {
|
||||
if res.StatusCode != 200 && res.StatusCode != 201 {
|
||||
errBody, err := ioutil.ReadAll(res.Body)
|
||||
if err != nil {
|
||||
|
@ -369,8 +371,6 @@ func (r *Registry) PushImageJsonIndex(remote string, imgList []*ImgData, validat
|
|||
}
|
||||
return nil, fmt.Errorf("Error: Status %d trying to push repository %s: %s", res.StatusCode, remote, errBody)
|
||||
}
|
||||
|
||||
var tokens []string
|
||||
if res.Header.Get("X-Docker-Token") != "" {
|
||||
tokens = res.Header["X-Docker-Token"]
|
||||
utils.Debugf("Auth token: %v", tokens)
|
||||
|
@ -378,13 +378,12 @@ func (r *Registry) PushImageJsonIndex(remote string, imgList []*ImgData, validat
|
|||
return nil, fmt.Errorf("Index response didn't contain an access token")
|
||||
}
|
||||
|
||||
var endpoints []string
|
||||
if res.Header.Get("X-Docker-Endpoints") != "" {
|
||||
endpoints = res.Header["X-Docker-Endpoints"]
|
||||
} else {
|
||||
return nil, fmt.Errorf("Index response didn't contain any endpoints")
|
||||
}
|
||||
|
||||
}
|
||||
if validate {
|
||||
if res.StatusCode != 204 {
|
||||
if errBody, err := ioutil.ReadAll(res.Body); err != nil {
|
||||
|
|
25
server.go
25
server.go
|
@ -2,6 +2,7 @@ package docker
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/dotcloud/docker/auth"
|
||||
"github.com/dotcloud/docker/registry"
|
||||
"github.com/dotcloud/docker/utils"
|
||||
"io"
|
||||
|
@ -67,6 +68,7 @@ func (srv *Server) ImagesSearch(term string) ([]ApiSearch, error) {
|
|||
}
|
||||
|
||||
func (srv *Server) ImageInsert(name, url, path string, out io.Writer) error {
|
||||
out = utils.NewWriteFlusher(out)
|
||||
img, err := srv.runtime.repositories.LookupImage(name)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -290,6 +292,7 @@ func (srv *Server) ContainerTag(name, repo, tag string, force bool) error {
|
|||
}
|
||||
|
||||
func (srv *Server) pullImage(out io.Writer, imgId, registry string, token []string) error {
|
||||
out = utils.NewWriteFlusher(out)
|
||||
history, err := srv.registry.GetRemoteHistory(imgId, registry, token)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -324,8 +327,9 @@ func (srv *Server) pullImage(out io.Writer, imgId, registry string, token []stri
|
|||
return nil
|
||||
}
|
||||
|
||||
func (srv *Server) pullRepository(stdout io.Writer, remote, askedTag string) error {
|
||||
utils.Debugf("Retrieving repository data")
|
||||
func (srv *Server) pullRepository(out io.Writer, remote, askedTag string) error {
|
||||
out = utils.NewWriteFlusher(out)
|
||||
fmt.Fprintf(out, "Pulling repository %s from %s\r\n", remote, auth.IndexServerAddress())
|
||||
repoData, err := srv.registry.GetRepositoryData(remote)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -362,18 +366,14 @@ func (srv *Server) pullRepository(stdout io.Writer, remote, askedTag string) err
|
|||
utils.Debugf("%s does not match %s, skipping", img.Tag, askedTag)
|
||||
continue
|
||||
}
|
||||
fmt.Fprintf(stdout, "Pulling image %s (%s) from %s\n", img.Id, img.Tag, remote)
|
||||
fmt.Fprintf(out, "Pulling image %s (%s) from %s\n", img.Id, img.Tag, remote)
|
||||
success := false
|
||||
for _, ep := range repoData.Endpoints {
|
||||
if err := srv.pullImage(stdout, img.Id, "https://"+ep+"/v1", repoData.Tokens); err != nil {
|
||||
fmt.Fprintf(stdout, "Error while retrieving image for tag: %s (%s); checking next endpoint\n", askedTag, err)
|
||||
if err := srv.pullImage(out, img.Id, "https://"+ep+"/v1", repoData.Tokens); err != nil {
|
||||
fmt.Fprintf(out, "Error while retrieving image for tag: %s (%s); checking next endpoint\n", askedTag, err)
|
||||
continue
|
||||
}
|
||||
if err := srv.runtime.repositories.Set(remote, img.Tag, img.Id, true); err != nil {
|
||||
return err
|
||||
}
|
||||
success = true
|
||||
delete(tagsList, img.Tag)
|
||||
break
|
||||
}
|
||||
if !success {
|
||||
|
@ -478,6 +478,7 @@ func (srv *Server) getImageList(localRepo map[string]string) ([]*registry.ImgDat
|
|||
}
|
||||
|
||||
func (srv *Server) pushRepository(out io.Writer, name string, localRepo map[string]string) error {
|
||||
out = utils.NewWriteFlusher(out)
|
||||
fmt.Fprintf(out, "Processing checksums\n")
|
||||
imgList, err := srv.getImageList(localRepo)
|
||||
if err != nil {
|
||||
|
@ -517,6 +518,7 @@ func (srv *Server) pushRepository(out io.Writer, name string, localRepo map[stri
|
|||
}
|
||||
|
||||
func (srv *Server) pushImage(out io.Writer, remote, imgId, ep string, token []string) error {
|
||||
out = utils.NewWriteFlusher(out)
|
||||
jsonRaw, err := ioutil.ReadFile(path.Join(srv.runtime.graph.Root, imgId, "json"))
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error while retreiving the path for {%s}: %s", imgId, err)
|
||||
|
@ -576,6 +578,7 @@ func (srv *Server) pushImage(out io.Writer, remote, imgId, ep string, token []st
|
|||
}
|
||||
|
||||
func (srv *Server) ImagePush(name, registry string, out io.Writer) error {
|
||||
out = utils.NewWriteFlusher(out)
|
||||
img, err := srv.runtime.graph.Get(name)
|
||||
if err != nil {
|
||||
fmt.Fprintf(out, "The push refers to a repository [%s] (len: %d)\n", name, len(srv.runtime.repositories.Repositories[name]))
|
||||
|
@ -612,7 +615,7 @@ func (srv *Server) ImageImport(src, repo, tag string, in io.Reader, out io.Write
|
|||
u.Host = src
|
||||
u.Path = ""
|
||||
}
|
||||
fmt.Fprintln(out, "Downloading from", u)
|
||||
fmt.Fprintf(out, "Downloading from %s\n", u)
|
||||
// Download with curl (pretty progress bar)
|
||||
// If curl is not available, fallback to http.Get()
|
||||
resp, err = utils.Download(u.String(), out)
|
||||
|
@ -631,7 +634,7 @@ func (srv *Server) ImageImport(src, repo, tag string, in io.Reader, out io.Write
|
|||
return err
|
||||
}
|
||||
}
|
||||
fmt.Fprintln(out, img.ShortId())
|
||||
fmt.Fprintf(out, "%s\n", img.ShortId())
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -2,9 +2,12 @@ package utils
|
|||
|
||||
import (
|
||||
"errors"
|
||||
"syscall"
|
||||
)
|
||||
|
||||
func uname() (*syscall.Utsname, error) {
|
||||
type Utsname struct {
|
||||
Release [65]byte
|
||||
}
|
||||
|
||||
func uname() (*Utsname, error) {
|
||||
return nil, errors.New("Kernel version detection is not available on darwin")
|
||||
}
|
||||
|
|
|
@ -4,7 +4,8 @@ import (
|
|||
"syscall"
|
||||
)
|
||||
|
||||
// FIXME: Move this to utils package
|
||||
type Utsname syscall.Utsname
|
||||
|
||||
func uname() (*syscall.Utsname, error) {
|
||||
uts := &syscall.Utsname{}
|
||||
|
||||
|
|
|
@ -104,7 +104,7 @@ func ProgressReader(r io.ReadCloser, size int, output io.Writer, template string
|
|||
if template == "" {
|
||||
template = "%v/%v (%v)"
|
||||
}
|
||||
return &progressReader{r, output, size, 0, 0, template}
|
||||
return &progressReader{r, NewWriteFlusher(output), size, 0, 0, template}
|
||||
}
|
||||
|
||||
// HumanDuration returns a human-readable approximation of a duration
|
||||
|
@ -530,3 +530,28 @@ func GetKernelVersion() (*KernelVersionInfo, error) {
|
|||
Flavor: flavor,
|
||||
}, nil
|
||||
}
|
||||
|
||||
type NopFlusher struct{}
|
||||
|
||||
func (f *NopFlusher) Flush() {}
|
||||
|
||||
type WriteFlusher struct {
|
||||
w io.Writer
|
||||
flusher http.Flusher
|
||||
}
|
||||
|
||||
func (wf *WriteFlusher) Write(b []byte) (n int, err error) {
|
||||
n, err = wf.w.Write(b)
|
||||
wf.flusher.Flush()
|
||||
return n, err
|
||||
}
|
||||
|
||||
func NewWriteFlusher(w io.Writer) *WriteFlusher {
|
||||
var flusher http.Flusher
|
||||
if f, ok := w.(http.Flusher); ok {
|
||||
flusher = f
|
||||
} else {
|
||||
flusher = &NopFlusher{}
|
||||
}
|
||||
return &WriteFlusher{w: w, flusher: flusher}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue