From e89a5e5e91476102a471797fc2a81aa2f0f2b3fb Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Tue, 1 Aug 2017 14:26:13 +0100 Subject: [PATCH 01/11] Update Dockerfiles to use Debian stretch The main gain here is that they all use exactly the same distro; previously arm64 was using Ubuntu Xenial because Debian jessie was too old. Does not seem that we can change any of the downloaded dependencies still, as eg libseccomp is still not the version we are using. Signed-off-by: Justin Cormack --- Dockerfile | 8 ++++++-- Dockerfile.aarch64 | 33 +++++++++++++++++++++++---------- Dockerfile.armhf | 8 ++++++-- Dockerfile.ppc64le | 8 ++++++-- Dockerfile.s390x | 8 ++++++-- Dockerfile.simple | 2 +- 6 files changed, 48 insertions(+), 19 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8b89729af6..cdd3960dd7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,7 +23,7 @@ # the case. Therefore, you don't have to disable it anymore. # -FROM debian:jessie +FROM debian:stretch # allow replacing httpredir or deb mirror ARG APT_MIRROR=deb.debian.org @@ -54,8 +54,9 @@ RUN apt-get update && apt-get install -y \ libnl-3-dev \ libprotobuf-c0-dev \ libprotobuf-dev \ - libsystemd-journal-dev \ + libsystemd-dev \ libtool \ + libudev-dev \ mercurial \ net-tools \ pkg-config \ @@ -64,8 +65,10 @@ RUN apt-get update && apt-get install -y \ python-dev \ python-mock \ python-pip \ + python-setuptools \ python-websocket \ tar \ + thin-provisioning-tools \ vim \ vim-common \ xfsprogs \ @@ -85,6 +88,7 @@ RUN cd /usr/local/lvm2 \ --build="$(gcc -print-multiarch)" \ --enable-static_link \ --enable-pkgconfig \ + --enable-udev_sync \ && make -C include \ && make -C libdm install_device-mapper diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index a15a3fe6a0..bb4b93fdf1 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -15,14 +15,20 @@ # the case. Therefore, you don't have to disable it anymore. # -FROM aarch64/ubuntu:xenial +FROM arm64v8/debian:stretch + +# allow replacing httpredir or deb mirror +ARG APT_MIRROR=deb.debian.org +RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list # Packaged dependencies RUN apt-get update && apt-get install -y \ apparmor \ + apt-utils \ aufs-tools \ automake \ bash-completion \ + bsdmainutils \ btrfs-tools \ build-essential \ cmake \ @@ -32,26 +38,34 @@ RUN apt-get update && apt-get install -y \ g++ \ gcc \ git \ + golang \ iptables \ jq \ + less \ libapparmor-dev \ - libc6-dev \ libcap-dev \ + libnl-3-dev \ + libprotobuf-c0-dev \ + libprotobuf-dev \ libsystemd-dev \ - libyaml-dev \ + libtool \ + libudev-dev \ mercurial \ net-tools \ - parallel \ pkg-config \ + protobuf-compiler \ + protobuf-c-compiler \ python-dev \ python-mock \ python-pip \ python-setuptools \ python-websocket \ - golang-go \ - iproute2 \ - iputils-ping \ + tar \ + thin-provisioning-tools \ + vim \ vim-common \ + xfsprogs \ + zip \ --no-install-recommends # Get lvm2 sources to build statically linked devmapper library @@ -66,6 +80,7 @@ RUN cd /usr/local/lvm2 \ --build="$(gcc -print-multiarch)" \ --enable-static_link \ --enable-pkgconfig \ + --enable-udev_sync \ && make -C include \ && make -C libdm install_device-mapper @@ -86,9 +101,7 @@ RUN set -x \ # Install Go # We don't have official binary golang 1.7.5 tarballs for ARM64, either for Go or -# bootstrap, so we use golang-go (1.6) as bootstrap to build Go from source code. -# We don't use the official ARMv6 released binaries as a GOROOT_BOOTSTRAP, because -# not all ARM64 platforms support 32-bit mode. 32-bit mode is optional for ARMv8. +# bootstrap, so we use Debian golang (1.7) as bootstrap to build Go from source code. # IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored ENV GO_VERSION 1.8.3 RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index ff78234ad7..fea5227382 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -15,7 +15,7 @@ # the case. Therefore, you don't have to disable it anymore. # -FROM armhf/debian:jessie +FROM arm32v7/debian:stretch # allow replacing httpredir or deb mirror ARG APT_MIRROR=deb.debian.org @@ -39,16 +39,19 @@ RUN apt-get update && apt-get install -y \ net-tools \ libapparmor-dev \ libcap-dev \ - libsystemd-journal-dev \ + libsystemd-dev \ libtool \ + libudev-dev \ mercurial \ pkg-config \ python-dev \ python-mock \ python-pip \ + python-setuptools \ python-websocket \ xfsprogs \ tar \ + thin-provisioning-tools \ vim-common \ --no-install-recommends \ && pip install awscli==1.10.15 @@ -65,6 +68,7 @@ RUN cd /usr/local/lvm2 \ --build="$(gcc -print-multiarch)" \ --enable-static_link \ --enable-pkgconfig \ + --enable-udev_sync \ && make -C include \ && make -C libdm install_device-mapper diff --git a/Dockerfile.ppc64le b/Dockerfile.ppc64le index 171fbfa726..62c9fe412c 100644 --- a/Dockerfile.ppc64le +++ b/Dockerfile.ppc64le @@ -15,7 +15,7 @@ # the case. Therefore, you don't have to disable it anymore. # -FROM ppc64le/debian:jessie +FROM ppc64le/debian:stretch # allow replacing httpredir or deb mirror ARG APT_MIRROR=deb.debian.org @@ -40,16 +40,19 @@ RUN apt-get update && apt-get install -y \ net-tools \ libapparmor-dev \ libcap-dev \ - libsystemd-journal-dev \ + libsystemd-dev \ libtool \ + libudev-dev \ mercurial \ pkg-config \ python-dev \ python-mock \ python-pip \ + python-setuptools \ python-websocket \ xfsprogs \ tar \ + thin-provisioning-tools \ vim-common \ --no-install-recommends @@ -65,6 +68,7 @@ RUN cd /usr/local/lvm2 \ --build="$(gcc -print-multiarch)" \ --enable-static_link \ --enable-pkgconfig \ + --enable-udev_sync \ && make -C include \ && make -C libdm install_device-mapper diff --git a/Dockerfile.s390x b/Dockerfile.s390x index eb99853185..3306949a0e 100644 --- a/Dockerfile.s390x +++ b/Dockerfile.s390x @@ -15,7 +15,7 @@ # the case. Therefore, you don't have to disable it anymore. # -FROM s390x/debian:jessie +FROM s390x/debian:stretch # Packaged dependencies RUN apt-get update && apt-get install -y \ @@ -36,16 +36,19 @@ RUN apt-get update && apt-get install -y \ net-tools \ libapparmor-dev \ libcap-dev \ - libsystemd-journal-dev \ + libsystemd-dev \ libtool \ + libudev-dev \ mercurial \ pkg-config \ python-dev \ python-mock \ python-pip \ + python-setuptools \ python-websocket \ xfsprogs \ tar \ + thin-provisioning-tools \ vim-common \ --no-install-recommends @@ -76,6 +79,7 @@ RUN cd /usr/local/lvm2 \ --build="$(gcc -print-multiarch)" \ --enable-static_link \ --enable-pkgconfig \ + --enable-udev_sync \ && make -C include \ && make -C libdm install_device-mapper diff --git a/Dockerfile.simple b/Dockerfile.simple index f84f3c565c..cdbc242a75 100644 --- a/Dockerfile.simple +++ b/Dockerfile.simple @@ -5,7 +5,7 @@ # This represents the bare minimum required to build and test Docker. -FROM debian:jessie +FROM debian:stretch # allow replacing httpredir or deb mirror ARG APT_MIRROR=deb.debian.org From 84f1c054e66d3999aaf2751062cda8a77925b7ae Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 18 Aug 2017 12:48:55 +0300 Subject: [PATCH 02/11] devmapper gd: disable for static build Static build with devmapper is impossible now since libudev is required and no static version of libudev is available (as static libraries are not supported by systemd which udev is part of). This should not hurt anyone as "[t]he primary user of static builds is the Editions, and docker in docker via the containers, and none of those use device mapper". Also, since the need for static libdevmapper is gone, there is no need to self-compile libdevmapper -- let's use the one from Debian Stretch. Signed-off-by: Kir Kolyshkin --- Dockerfile | 17 +---------------- Dockerfile.aarch64 | 17 +---------------- Dockerfile.armhf | 18 +----------------- Dockerfile.ppc64le | 17 +---------------- Dockerfile.s390x | 17 +---------------- .../register/register_devicemapper.go | 2 +- pkg/devicemapper/devmapper_wrapper_static.go | 6 ------ 7 files changed, 6 insertions(+), 88 deletions(-) delete mode 100644 pkg/devicemapper/devmapper_wrapper_static.go diff --git a/Dockerfile b/Dockerfile index cdd3960dd7..81ae6f3ccc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -51,6 +51,7 @@ RUN apt-get update && apt-get install -y \ less \ libapparmor-dev \ libcap-dev \ + libdevmapper-dev \ libnl-3-dev \ libprotobuf-c0-dev \ libprotobuf-dev \ @@ -76,22 +77,6 @@ RUN apt-get update && apt-get install -y \ --no-install-recommends \ && pip install awscli==1.10.15 -# Get lvm2 sources to build statically linked devmapper library -ENV LVM2_VERSION 2.02.168 -RUN mkdir -p /usr/local/lvm2 \ - && curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \ - | tar -xzC /usr/local/lvm2 --strip-components=1 - -# Compile and install (only the needed library) -RUN cd /usr/local/lvm2 \ - && ./configure \ - --build="$(gcc -print-multiarch)" \ - --enable-static_link \ - --enable-pkgconfig \ - --enable-udev_sync \ - && make -C include \ - && make -C libdm install_device-mapper - # Install seccomp: the version shipped upstream is too old ENV SECCOMP_VERSION 2.3.2 RUN set -x \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index bb4b93fdf1..97b749e4e3 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -44,6 +44,7 @@ RUN apt-get update && apt-get install -y \ less \ libapparmor-dev \ libcap-dev \ + libdevmapper-dev \ libnl-3-dev \ libprotobuf-c0-dev \ libprotobuf-dev \ @@ -68,22 +69,6 @@ RUN apt-get update && apt-get install -y \ zip \ --no-install-recommends -# Get lvm2 sources to build statically linked devmapper library -ENV LVM2_VERSION 2.02.168 -RUN mkdir -p /usr/local/lvm2 \ - && curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \ - | tar -xzC /usr/local/lvm2 --strip-components=1 - -# Compile and install (only the needed library) -RUN cd /usr/local/lvm2 \ - && ./configure \ - --build="$(gcc -print-multiarch)" \ - --enable-static_link \ - --enable-pkgconfig \ - --enable-udev_sync \ - && make -C include \ - && make -C libdm install_device-mapper - # Install seccomp: the version shipped upstream is too old ENV SECCOMP_VERSION 2.3.2 RUN set -x \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index fea5227382..7582880475 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -39,6 +39,7 @@ RUN apt-get update && apt-get install -y \ net-tools \ libapparmor-dev \ libcap-dev \ + libdevmapper-dev \ libsystemd-dev \ libtool \ libudev-dev \ @@ -56,23 +57,6 @@ RUN apt-get update && apt-get install -y \ --no-install-recommends \ && pip install awscli==1.10.15 -# Get lvm2 sources to build statically linked devmapper library -ENV LVM2_VERSION 2.02.168 -RUN mkdir -p /usr/local/lvm2 \ - && curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \ - | tar -xzC /usr/local/lvm2 --strip-components=1 - -# Compile and install (only the needed library) -RUN cd /usr/local/lvm2 \ - && ./configure \ - --build="$(gcc -print-multiarch)" \ - --enable-static_link \ - --enable-pkgconfig \ - --enable-udev_sync \ - && make -C include \ - && make -C libdm install_device-mapper - - # Install Go # IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored ENV GO_VERSION 1.8.3 diff --git a/Dockerfile.ppc64le b/Dockerfile.ppc64le index 62c9fe412c..88f19933c3 100644 --- a/Dockerfile.ppc64le +++ b/Dockerfile.ppc64le @@ -40,6 +40,7 @@ RUN apt-get update && apt-get install -y \ net-tools \ libapparmor-dev \ libcap-dev \ + libdevmapper-dev \ libsystemd-dev \ libtool \ libudev-dev \ @@ -56,22 +57,6 @@ RUN apt-get update && apt-get install -y \ vim-common \ --no-install-recommends -# Get lvm2 sources to build statically linked devmapper library -ENV LVM2_VERSION 2.02.168 -RUN mkdir -p /usr/local/lvm2 \ - && curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \ - | tar -xzC /usr/local/lvm2 --strip-components=1 - -# Compile and install (only the needed library) -RUN cd /usr/local/lvm2 \ - && ./configure \ - --build="$(gcc -print-multiarch)" \ - --enable-static_link \ - --enable-pkgconfig \ - --enable-udev_sync \ - && make -C include \ - && make -C libdm install_device-mapper - # Install seccomp: the version shipped upstream is too old ENV SECCOMP_VERSION 2.3.2 RUN set -x \ diff --git a/Dockerfile.s390x b/Dockerfile.s390x index 3306949a0e..8d628c7588 100644 --- a/Dockerfile.s390x +++ b/Dockerfile.s390x @@ -36,6 +36,7 @@ RUN apt-get update && apt-get install -y \ net-tools \ libapparmor-dev \ libcap-dev \ + libdevmapper-dev \ libsystemd-dev \ libtool \ libudev-dev \ @@ -67,22 +68,6 @@ RUN set -x \ ) \ && rm -rf "$SECCOMP_PATH" -# Get lvm2 sources to build statically linked devmapper library -ENV LVM2_VERSION 2.02.168 -RUN mkdir -p /usr/local/lvm2 \ - && curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \ - | tar -xzC /usr/local/lvm2 --strip-components=1 - -# Compile and install (only the needed library) -RUN cd /usr/local/lvm2 \ - && ./configure \ - --build="$(gcc -print-multiarch)" \ - --enable-static_link \ - --enable-pkgconfig \ - --enable-udev_sync \ - && make -C include \ - && make -C libdm install_device-mapper - # IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored ENV GO_VERSION 1.8.3 RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" \ diff --git a/daemon/graphdriver/register/register_devicemapper.go b/daemon/graphdriver/register/register_devicemapper.go index bb2e9ef541..09dfb71eb7 100644 --- a/daemon/graphdriver/register/register_devicemapper.go +++ b/daemon/graphdriver/register/register_devicemapper.go @@ -1,4 +1,4 @@ -// +build !exclude_graphdriver_devicemapper,linux +// +build !exclude_graphdriver_devicemapper,!static_build,linux package register diff --git a/pkg/devicemapper/devmapper_wrapper_static.go b/pkg/devicemapper/devmapper_wrapper_static.go deleted file mode 100644 index cf7f26a4c6..0000000000 --- a/pkg/devicemapper/devmapper_wrapper_static.go +++ /dev/null @@ -1,6 +0,0 @@ -// +build linux,cgo,static_build - -package devicemapper - -// #cgo pkg-config: --static devmapper -import "C" From 771256b305c8c06fca5eb1d041b60fbe093c0e1b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 21 Aug 2017 17:52:43 +0300 Subject: [PATCH 03/11] TestRunSeccompProfileAllow32Bit: fix Since the update to Debian Stretch, this test fails. The reason is dynamic binary, which requires i386 ld.so for loading (and apparently it is no longer installed by default): > root@09d4b173c3dc:/go/src/github.com/docker/docker# file exit32-test > exit32-test: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, BuildID[sha1]=a0d3d6cb59788453b983f65f8dc6ac52920147b6, stripped > root@09d4b173c3dc:/go/src/github.com/docker/docker# ls -l /lib/ld-linux.so.2 > ls: cannot access '/lib/ld-linux.so.2': No such file or directory To fix, just add -static. Interestingly, ldd can'f figure it out. > root@a324f8edfcaa:/go/src/github.com/docker/docker# ldd exit32-test > not a dynamic executable Other tools (e.g. objdump) also show it's a dynamic binary. While at it, remove the extra "id" argument (a copy-paste error I guess). Signed-off-by: Kir Kolyshkin --- integration-cli/docker_cli_run_unix_test.go | 2 +- integration-cli/fixtures_linux_daemon_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/integration-cli/docker_cli_run_unix_test.go b/integration-cli/docker_cli_run_unix_test.go index 2176f0b020..380450ca04 100644 --- a/integration-cli/docker_cli_run_unix_test.go +++ b/integration-cli/docker_cli_run_unix_test.go @@ -1060,7 +1060,7 @@ func (s *DockerSuite) TestRunSeccompProfileAllow32Bit(c *check.C) { testRequires(c, SameHostDaemon, seccompEnabled, IsAmd64) ensureSyscallTest(c) - icmd.RunCommand(dockerBinary, "run", "syscall-test", "exit32-test", "id").Assert(c, icmd.Success) + icmd.RunCommand(dockerBinary, "run", "syscall-test", "exit32-test").Assert(c, icmd.Success) } // TestRunSeccompAllowSetrlimit checks that 'docker run debian:jessie ulimit -v 1048510' succeeds. diff --git a/integration-cli/fixtures_linux_daemon_test.go b/integration-cli/fixtures_linux_daemon_test.go index 1508762060..6ac4511215 100644 --- a/integration-cli/fixtures_linux_daemon_test.go +++ b/integration-cli/fixtures_linux_daemon_test.go @@ -57,7 +57,7 @@ func ensureSyscallTest(c *check.C) { } if runtime.GOOS == "linux" && runtime.GOARCH == "amd64" { - out, err := exec.Command(gcc, "-s", "-m32", "-nostdlib", "../contrib/syscall-test/exit32.s", "-o", tmp+"/"+"exit32-test").CombinedOutput() + out, err := exec.Command(gcc, "-s", "-m32", "-nostdlib", "-static", "../contrib/syscall-test/exit32.s", "-o", tmp+"/"+"exit32-test").CombinedOutput() c.Assert(err, checker.IsNil, check.Commentf(string(out))) } From ce2a0120c1925492a9bb7f6339cdbf716a4c50e0 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 22 Aug 2017 15:10:55 +0300 Subject: [PATCH 04/11] Dockerfiles: fix test-docker-py Presumably after switch to debian-stretch as a base, the following errors happens in Jenkins: 10:48:03 ---> Making bundle: test-docker-py (in bundles/17.06.0-dev/test-docker-py) 10:48:03 ---> Making bundle: .integration-daemon-start (in bundles/17.06.0-dev/test-docker-py) 10:48:03 Using test binary docker 10:48:03 # DOCKER_EXPERIMENTAL is set: starting daemon with experimental features enabled! 10:48:03 /etc/init.d/apparmor: 130: /etc/init.d/apparmor: systemd-detect-virt: not found 10:48:03 Starting AppArmor profiles:Warning from stdin (line 1): /sbin/apparmor_parser: cannot use or update cache, disable, or force-complain via stdin 10:48:03 Warning failed to create cache: (null) 10:48:03 . 10:48:03 INFO: Waiting for daemon to start... 10:48:03 Starting dockerd 10:48:05 . 10:48:06 Traceback (most recent call last): 10:48:06 File "/usr/local/lib/python2.7/dist-packages/_pytest/config.py", line 320, in _importconftest 10:48:06 mod = conftestpath.pyimport() 10:48:06 File "/usr/local/lib/python2.7/dist-packages/py/_path/local.py", line 662, in pyimport 10:48:06 __import__(modname) 10:48:06 File "/docker-py/tests/integration/conftest.py", line 6, in 10:48:06 import docker.errors 10:48:06 File "/docker-py/docker/__init__.py", line 2, in 10:48:06 from .api import APIClient 10:48:06 File "/docker-py/docker/api/__init__.py", line 2, in 10:48:06 from .client import APIClient 10:48:06 File "/docker-py/docker/api/client.py", line 6, in 10:48:06 import requests 10:48:06 ImportError: No module named requests 10:48:06 ERROR: could not load /docker-py/tests/integration/conftest.py 10:48:06 and 00:38:55 File "/docker-py/docker/transport/ssladapter.py", line 21, in 00:38:55 from backports.ssl_match_hostname import match_hostname 00:38:55 ImportError: No module named backports.ssl_match_hostname 00:38:55 ERROR: could not load /docker-py/tests/integration/conftest.py To fix, install the missing python modules. Signed-off-by: Kir Kolyshkin --- Dockerfile | 3 +++ Dockerfile.aarch64 | 4 +++- Dockerfile.armhf | 3 +++ Dockerfile.ppc64le | 3 +++ Dockerfile.s390x | 3 +++ 5 files changed, 15 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 81ae6f3ccc..0d8dd52481 100644 --- a/Dockerfile +++ b/Dockerfile @@ -63,11 +63,14 @@ RUN apt-get update && apt-get install -y \ pkg-config \ protobuf-compiler \ protobuf-c-compiler \ + python-backports.ssl-match-hostname \ python-dev \ python-mock \ python-pip \ + python-requests \ python-setuptools \ python-websocket \ + python-wheel \ tar \ thin-provisioning-tools \ vim \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 97b749e4e3..630f8b8cba 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -56,11 +56,14 @@ RUN apt-get update && apt-get install -y \ pkg-config \ protobuf-compiler \ protobuf-c-compiler \ + python-backports.ssl-match-hostname \ python-dev \ python-mock \ python-pip \ + python-requests \ python-setuptools \ python-websocket \ + python-wheel \ tar \ thin-provisioning-tools \ vim \ @@ -128,7 +131,6 @@ ENV DOCKER_PY_COMMIT a962578e515185cf06506050b2200c0b81aa84ef RUN git clone https://github.com/docker/docker-py.git /docker-py \ && cd /docker-py \ && git checkout -q $DOCKER_PY_COMMIT \ - && pip install wheel \ && pip install docker-pycreds==0.2.1 \ && pip install -r test-requirements.txt diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 7582880475..1f703f29bb 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -45,11 +45,14 @@ RUN apt-get update && apt-get install -y \ libudev-dev \ mercurial \ pkg-config \ + python-backports.ssl-match-hostname \ python-dev \ python-mock \ python-pip \ + python-requests \ python-setuptools \ python-websocket \ + python-wheel \ xfsprogs \ tar \ thin-provisioning-tools \ diff --git a/Dockerfile.ppc64le b/Dockerfile.ppc64le index 88f19933c3..865d293516 100644 --- a/Dockerfile.ppc64le +++ b/Dockerfile.ppc64le @@ -46,11 +46,14 @@ RUN apt-get update && apt-get install -y \ libudev-dev \ mercurial \ pkg-config \ + python-backports.ssl-match-hostname \ python-dev \ python-mock \ python-pip \ + python-requests \ python-setuptools \ python-websocket \ + python-wheel \ xfsprogs \ tar \ thin-provisioning-tools \ diff --git a/Dockerfile.s390x b/Dockerfile.s390x index 8d628c7588..aa1e555286 100644 --- a/Dockerfile.s390x +++ b/Dockerfile.s390x @@ -42,11 +42,14 @@ RUN apt-get update && apt-get install -y \ libudev-dev \ mercurial \ pkg-config \ + python-backports.ssl-match-hostname \ python-dev \ python-mock \ python-pip \ + python-requests \ python-setuptools \ python-websocket \ + python-wheel \ xfsprogs \ tar \ thin-provisioning-tools \ From 6b01bc5adb1255cb48e22e755ab86fd2c3305211 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 23 Aug 2017 15:10:48 +0300 Subject: [PATCH 05/11] devmapper: don't create too new xfs Since the update to Debian Stretch, devmapper unit test fails. One reason is, the combination of somewhat old (less than 3.16) kernel and relatively new xfsprogs leads to creating a filesystem which is not supported by the kernel: > [12206.467518] XFS (dm-1): Superblock has unknown read-only compatible features (0x1) enabled. > [12206.472046] XFS (dm-1): Attempted to mount read-only compatible filesystem read-write. > Filesystem can only be safely mounted read only. > [12206.472079] XFS (dm-1): SB validate failed with error 22. Ideally, that would be automatically and implicitly handled by xfsprogs. In real life, we have to take care about it here. Sigh. Signed-off-by: Kir Kolyshkin --- daemon/graphdriver/devmapper/deviceset.go | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/daemon/graphdriver/devmapper/deviceset.go b/daemon/graphdriver/devmapper/deviceset.go index 4b50d95368..a933b7414f 100644 --- a/daemon/graphdriver/devmapper/deviceset.go +++ b/daemon/graphdriver/devmapper/deviceset.go @@ -25,6 +25,7 @@ import ( "github.com/docker/docker/pkg/loopback" "github.com/docker/docker/pkg/mount" "github.com/docker/docker/pkg/parsers" + "github.com/docker/docker/pkg/parsers/kernel" units "github.com/docker/go-units" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" @@ -572,14 +573,20 @@ func determineDefaultFS() string { return "ext4" } +// mkfsOptions tries to figure out whether some additional mkfs options are required +func mkfsOptions(fs string) []string { + if fs == "xfs" && !kernel.CheckKernelVersion(3, 16, 0) { + // For kernels earlier than 3.16 (and newer xfsutils), + // some xfs features need to be explicitly disabled. + return []string{"-m", "crc=0,finobt=0"} + } + + return []string{} +} + func (devices *DeviceSet) createFilesystem(info *devInfo) (err error) { devname := info.DevName() - args := []string{} - args = append(args, devices.mkfsArgs...) - - args = append(args, devname) - if devices.filesystem == "" { devices.filesystem = determineDefaultFS() } @@ -587,7 +594,11 @@ func (devices *DeviceSet) createFilesystem(info *devInfo) (err error) { return err } - logrus.Infof("devmapper: Creating filesystem %s on device %s", devices.filesystem, info.Name()) + args := mkfsOptions(devices.filesystem) + args = append(args, devices.mkfsArgs...) + args = append(args, devname) + + logrus.Infof("devmapper: Creating filesystem %s on device %s, mkfs args: %v", devices.filesystem, info.Name(), args) defer func() { if err != nil { logrus.Infof("devmapper: Error while creating filesystem %s on device %s: %v", devices.filesystem, info.Name(), err) From 46833ee1c353c247e3ef817a08d5a35a2a43bdf3 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 22 Aug 2017 00:55:20 +0300 Subject: [PATCH 06/11] devmapper: show dmesg if mount fails If mount fails, the reason might be right there in the kernel log ring buffer. Let's include it in the error message, it might be of great help. Signed-off-by: Kir Kolyshkin --- daemon/graphdriver/devmapper/deviceset.go | 5 +++-- pkg/dmesg/dmesg_linux.go | 20 ++++++++++++++++++++ pkg/dmesg/dmesg_linux_test.go | 9 +++++++++ 3 files changed, 32 insertions(+), 2 deletions(-) create mode 100644 pkg/dmesg/dmesg_linux.go create mode 100644 pkg/dmesg/dmesg_linux_test.go diff --git a/daemon/graphdriver/devmapper/deviceset.go b/daemon/graphdriver/devmapper/deviceset.go index a933b7414f..ca43b30a08 100644 --- a/daemon/graphdriver/devmapper/deviceset.go +++ b/daemon/graphdriver/devmapper/deviceset.go @@ -21,6 +21,7 @@ import ( "github.com/docker/docker/daemon/graphdriver" "github.com/docker/docker/dockerversion" "github.com/docker/docker/pkg/devicemapper" + "github.com/docker/docker/pkg/dmesg" "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/loopback" "github.com/docker/docker/pkg/mount" @@ -1199,7 +1200,7 @@ func (devices *DeviceSet) growFS(info *devInfo) error { options = joinMountOptions(options, devices.mountOptions) if err := mount.Mount(info.DevName(), fsMountPoint, devices.BaseDeviceFilesystem, options); err != nil { - return fmt.Errorf("Error mounting '%s' on '%s': %s", info.DevName(), fsMountPoint, err) + return fmt.Errorf("Error mounting '%s' on '%s': %s\n%v", info.DevName(), fsMountPoint, err, string(dmesg.Dmesg(256))) } defer unix.Unmount(fsMountPoint, unix.MNT_DETACH) @@ -2390,7 +2391,7 @@ func (devices *DeviceSet) MountDevice(hash, path, mountLabel string) error { options = joinMountOptions(options, label.FormatMountLabel("", mountLabel)) if err := mount.Mount(info.DevName(), path, fstype, options); err != nil { - return fmt.Errorf("devmapper: Error mounting '%s' on '%s': %s", info.DevName(), path, err) + return fmt.Errorf("devmapper: Error mounting '%s' on '%s': %s\n%v", info.DevName(), path, err, string(dmesg.Dmesg(256))) } if fstype == "xfs" && devices.xfsNospaceRetries != "" { diff --git a/pkg/dmesg/dmesg_linux.go b/pkg/dmesg/dmesg_linux.go new file mode 100644 index 0000000000..7df7f3d436 --- /dev/null +++ b/pkg/dmesg/dmesg_linux.go @@ -0,0 +1,20 @@ +// +build linux + +package dmesg + +import ( + "unsafe" + + "golang.org/x/sys/unix" +) + +// Dmesg returns last messages from the kernel log, up to size bytes +func Dmesg(size int) []byte { + t := uintptr(3) // SYSLOG_ACTION_READ_ALL + b := make([]byte, size) + amt, _, err := unix.Syscall(unix.SYS_SYSLOG, t, uintptr(unsafe.Pointer(&b[0])), uintptr(len(b))) + if err != 0 { + return []byte{} + } + return b[:amt] +} diff --git a/pkg/dmesg/dmesg_linux_test.go b/pkg/dmesg/dmesg_linux_test.go new file mode 100644 index 0000000000..c5028aac1d --- /dev/null +++ b/pkg/dmesg/dmesg_linux_test.go @@ -0,0 +1,9 @@ +package dmesg + +import ( + "testing" +) + +func TestDmesg(t *testing.T) { + t.Logf("dmesg output follows:\n%v", string(Dmesg(512))) +} From c21245c9200ab39a9219b28f8185573b78a55074 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 23 Aug 2017 14:00:51 +0300 Subject: [PATCH 07/11] devmapper: tell why xfs is not supported Instead of providing a generic message listing all possible reasons why xfs is not available on the system, let's be specific. Signed-off-by: Kir Kolyshkin --- daemon/graphdriver/devmapper/deviceset.go | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/daemon/graphdriver/devmapper/deviceset.go b/daemon/graphdriver/devmapper/deviceset.go index ca43b30a08..deb8c87d1f 100644 --- a/daemon/graphdriver/devmapper/deviceset.go +++ b/daemon/graphdriver/devmapper/deviceset.go @@ -535,11 +535,11 @@ func (devices *DeviceSet) activateDeviceIfNeeded(info *devInfo, ignoreDeleted bo return devicemapper.ActivateDevice(devices.getPoolDevName(), info.Name(), info.DeviceID, info.Size) } -// Return true only if kernel supports xfs and mkfs.xfs is available -func xfsSupported() bool { +// xfsSupported checks if xfs is supported, returns nil if it is, otherwise an error +func xfsSupported() error { // Make sure mkfs.xfs is available if _, err := exec.LookPath("mkfs.xfs"); err != nil { - return false + return err // error text is descriptive enough } // Check if kernel supports xfs filesystem or not. @@ -547,30 +547,31 @@ func xfsSupported() bool { f, err := os.Open("/proc/filesystems") if err != nil { - logrus.Warnf("devmapper: Could not check if xfs is supported: %v", err) - return false + return errors.Wrapf(err, "error checking for xfs support") } defer f.Close() s := bufio.NewScanner(f) for s.Scan() { if strings.HasSuffix(s.Text(), "\txfs") { - return true + return nil } } if err := s.Err(); err != nil { - logrus.Warnf("devmapper: Could not check if xfs is supported: %v", err) + return errors.Wrapf(err, "error checking for xfs support") } - return false + + return errors.New(`kernel does not support xfs, or "modprobe xfs" failed`) } func determineDefaultFS() string { - if xfsSupported() { + err := xfsSupported() + if err == nil { return "xfs" } - logrus.Warn("devmapper: XFS is not supported in your system. Either the kernel doesn't support it or mkfs.xfs is not in your PATH. Defaulting to ext4 filesystem") + logrus.Warnf("devmapper: XFS is not supported in your system (%v). Defaulting to ext4 filesystem", err) return "ext4" } From 7439d360fd567e063b8e9c4174a5c21b9fbc06aa Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 7 Sep 2017 18:32:49 -0700 Subject: [PATCH 08/11] Fix test-docker-py on some arches When running 'make all' on armhf, I got this: > ---> Making bundle: .integration-daemon-start (in bundles/17.06.0-dev/test-docker-py) > Using test binary docker > INFO: Waiting for daemon to start... > Starting dockerd > . > Traceback (most recent call last): > File "/usr/local/lib/python2.7/dist-packages/_pytest/config.py", line > 320, in _importconftest > mod = conftestpath.pyimport() > File "/usr/local/lib/python2.7/dist-packages/py/_path/local.py", line > 662, in pyimport > __import__(modname) > File "/docker-py/tests/integration/conftest.py", line 6, in > import docker.errors > File "/docker-py/docker/__init__.py", line 2, in > from .api import APIClient > File "/docker-py/docker/api/__init__.py", line 2, in > from .client import APIClient > File "/docker-py/docker/api/client.py", line 11, in > from .build import BuildApiMixin > File "/docker-py/docker/api/build.py", line 6, in > from .. import auth > File "/docker-py/docker/auth.py", line 6, in > import dockerpycreds > ImportError: No module named dockerpycreds > ERROR: could not load /docker-py/tests/integration/conftest.py The fix for this was already provided by commit 0ec8f56a3 and commit c7c923594, but for some reason it did not made its way to Dockerfiles for all architectures. While at it, remove excessive comments. Signed-off-by: Kir Kolyshkin --- Dockerfile | 3 --- Dockerfile.aarch64 | 4 +--- Dockerfile.armhf | 2 ++ Dockerfile.ppc64le | 2 ++ Dockerfile.s390x | 2 ++ 5 files changed, 7 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0d8dd52481..0e7ee047a7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -149,9 +149,6 @@ RUN set -x \ # Get the "docker-py" source so we can run their integration tests ENV DOCKER_PY_COMMIT a962578e515185cf06506050b2200c0b81aa84ef # To run integration tests docker-pycreds is required. -# Before running the integration tests conftest.py is -# loaded which results in loads auth.py that -# imports the docker-pycreds module. RUN git clone https://github.com/docker/docker-py.git /docker-py \ && cd /docker-py \ && git checkout -q $DOCKER_PY_COMMIT \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 630f8b8cba..dfe2b0f33e 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -125,9 +125,7 @@ RUN set -x \ # Get the "docker-py" source so we can run their integration tests ENV DOCKER_PY_COMMIT a962578e515185cf06506050b2200c0b81aa84ef -# Before running the integration tests conftest.py is -# loaded which results in loads auth.py that -# imports the docker-pycreds module. +# To run integration tests docker-pycreds is required. RUN git clone https://github.com/docker/docker-py.git /docker-py \ && cd /docker-py \ && git checkout -q $DOCKER_PY_COMMIT \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 1f703f29bb..9b0cfe00da 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -118,9 +118,11 @@ RUN set -x \ # Get the "docker-py" source so we can run their integration tests ENV DOCKER_PY_COMMIT a962578e515185cf06506050b2200c0b81aa84ef +# To run integration tests docker-pycreds is required. RUN git clone https://github.com/docker/docker-py.git /docker-py \ && cd /docker-py \ && git checkout -q $DOCKER_PY_COMMIT \ + && pip install docker-pycreds==0.2.1 \ && pip install -r test-requirements.txt # Set user.email so crosbymichael's in-container merge commits go smoothly diff --git a/Dockerfile.ppc64le b/Dockerfile.ppc64le index 865d293516..f83196a1b4 100644 --- a/Dockerfile.ppc64le +++ b/Dockerfile.ppc64le @@ -117,9 +117,11 @@ RUN set -x \ # Get the "docker-py" source so we can run their integration tests ENV DOCKER_PY_COMMIT a962578e515185cf06506050b2200c0b81aa84ef +# To run integration tests docker-pycreds is required. RUN git clone https://github.com/docker/docker-py.git /docker-py \ && cd /docker-py \ && git checkout -q $DOCKER_PY_COMMIT \ + && pip install docker-pycreds==0.2.1 \ && pip install -r test-requirements.txt # Set user.email so crosbymichael's in-container merge commits go smoothly diff --git a/Dockerfile.s390x b/Dockerfile.s390x index aa1e555286..a3de760ef8 100644 --- a/Dockerfile.s390x +++ b/Dockerfile.s390x @@ -110,9 +110,11 @@ RUN set -x \ # Get the "docker-py" source so we can run their integration tests ENV DOCKER_PY_COMMIT a962578e515185cf06506050b2200c0b81aa84ef +# To run integration tests docker-pycreds is required. RUN git clone https://github.com/docker/docker-py.git /docker-py \ && cd /docker-py \ && git checkout -q $DOCKER_PY_COMMIT \ + && pip install docker-pycreds==0.2.1 \ && pip install -r test-requirements.txt # Set user.email so crosbymichael's in-container merge commits go smoothly From b569f57890d4cad132be437e5dac55130b6c76e9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 1 Sep 2017 19:16:54 +0300 Subject: [PATCH 09/11] overlay gd: fix build for 32-bit ARM This commit reverts a hunk of commit 2f5f0af3f ("Add unconvert linter") and adds a hint for unconvert linter to ignore excessive conversion as it is required on 32-bit platforms (e.g. armhf). The exact error on armhf is this: 19:06:45 ---> Making bundle: dynbinary (in bundles/17.06.0-dev/dynbinary) 19:06:48 Building: bundles/17.06.0-dev/dynbinary-daemon/dockerd-17.06.0-dev 19:10:58 # github.com/docker/docker/daemon/graphdriver/overlay 19:10:58 daemon/graphdriver/overlay/copy.go:161: cannot use stat.Atim.Sec (type int32) as type int64 in argument to time.Unix 19:10:58 daemon/graphdriver/overlay/copy.go:161: cannot use stat.Atim.Nsec (type int32) as type int64 in argument to time.Unix 19:10:58 daemon/graphdriver/overlay/copy.go:162: cannot use stat.Mtim.Sec (type int32) as type int64 in argument to time.Unix 19:10:58 daemon/graphdriver/overlay/copy.go:162: cannot use stat.Mtim.Nsec (type int32) as type int64 in argument to time.Unix Signed-off-by: Kir Kolyshkin --- daemon/graphdriver/overlay/copy.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/daemon/graphdriver/overlay/copy.go b/daemon/graphdriver/overlay/copy.go index 8c35b91ddc..f7e35e2bd3 100644 --- a/daemon/graphdriver/overlay/copy.go +++ b/daemon/graphdriver/overlay/copy.go @@ -157,9 +157,10 @@ func copyDir(srcDir, dstDir string, flags copyFlags) error { } // system.Chtimes doesn't support a NOFOLLOW flag atm + // nolint: unconvert if !isSymlink { - aTime := time.Unix(stat.Atim.Sec, stat.Atim.Nsec) - mTime := time.Unix(stat.Mtim.Sec, stat.Mtim.Nsec) + aTime := time.Unix(int64(stat.Atim.Sec), int64(stat.Atim.Nsec)) + mTime := time.Unix(int64(stat.Mtim.Sec), int64(stat.Mtim.Nsec)) if err := system.Chtimes(dstPath, aTime, mTime); err != nil { return err } From 1bc93bff221bd30e80f776cc620a8937314569ef Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 18 Sep 2017 08:47:55 -0700 Subject: [PATCH 10/11] TestLogsFollowSlowStdoutConsumer: fix for slow ARM We run our CI on Scaleway C1 machine, which is pretty slow, including I/O. This test was failing on it, as it tried to write 100000 lines of log very fast, and the loggerCloseTimeout (defined and used in container/monitor.go) prevents the daemon to finish writing it within this time frame, Reducing the size to 150000 characters (75000 lines) should help avoiding hitting it, without compromising the test case itself. Alternatively, we could have increased the timeout further. It was originally set to 1s (commit b6a42673a) and later increased 10x (commit c0391bf55). Please let me know if you want me to go that way. Signed-off-by: Kir Kolyshkin --- integration-cli/docker_cli_logs_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/integration-cli/docker_cli_logs_test.go b/integration-cli/docker_cli_logs_test.go index 4f14634b82..0209f456dd 100644 --- a/integration-cli/docker_cli_logs_test.go +++ b/integration-cli/docker_cli_logs_test.go @@ -214,14 +214,15 @@ func (s *DockerSuite) TestLogsSinceFutureFollow(c *check.C) { func (s *DockerSuite) TestLogsFollowSlowStdoutConsumer(c *check.C) { // TODO Windows: Fix this test for TP5. testRequires(c, DaemonIsLinux) - out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", `usleep 600000;yes X | head -c 200000`) + expected := 150000 + out, _ := dockerCmd(c, "run", "-d", "busybox", "/bin/sh", "-c", fmt.Sprintf("usleep 600000; yes X | head -c %d", expected)) id := strings.TrimSpace(out) stopSlowRead := make(chan bool) go func() { - exec.Command(dockerBinary, "wait", id).Run() + dockerCmd(c, "wait", id) stopSlowRead <- true }() @@ -239,7 +240,6 @@ func (s *DockerSuite) TestLogsFollowSlowStdoutConsumer(c *check.C) { c.Assert(err, checker.IsNil) actual := bytes1 + bytes2 - expected := 200000 c.Assert(actual, checker.Equals, expected) } From 14f0a1888f92667f82bea548bfa2fe4a890a75e8 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 28 Aug 2017 15:22:09 +0300 Subject: [PATCH 11/11] integration-cli/docker_cli_logs_test.go: Wait() To avoid a zombie apocalypse, use cmd.Wait() to properly finish the processes we spawn by Start(). Found while investigating DockerSuite.TestLogsFollowSlowStdoutConsumer failure on ARM (see https://github.com/moby/moby/pull/34550#issuecomment-324937936). [v2: don't expect no error from Wait() when process is killed] Signed-off-by: Kir Kolyshkin --- integration-cli/docker_cli_logs_test.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/integration-cli/docker_cli_logs_test.go b/integration-cli/docker_cli_logs_test.go index 0209f456dd..d9523bffcc 100644 --- a/integration-cli/docker_cli_logs_test.go +++ b/integration-cli/docker_cli_logs_test.go @@ -239,6 +239,8 @@ func (s *DockerSuite) TestLogsFollowSlowStdoutConsumer(c *check.C) { bytes2, err := ConsumeWithSpeed(stdout, 32*1024, 0, nil) c.Assert(err, checker.IsNil) + c.Assert(logCmd.Wait(), checker.IsNil) + actual := bytes1 + bytes2 c.Assert(actual, checker.Equals, expected) } @@ -288,6 +290,7 @@ func (s *DockerSuite) TestLogsFollowGoroutinesWithStdout(c *check.C) { c.Assert(<-chErr, checker.IsNil) c.Assert(cmd.Process.Kill(), checker.IsNil) r.Close() + cmd.Wait() // NGoroutines is not updated right away, so we need to wait before failing c.Assert(waitForGoroutines(nroutines), checker.IsNil) } @@ -303,6 +306,7 @@ func (s *DockerSuite) TestLogsFollowGoroutinesNoOutput(c *check.C) { c.Assert(cmd.Start(), checker.IsNil) time.Sleep(200 * time.Millisecond) c.Assert(cmd.Process.Kill(), checker.IsNil) + cmd.Wait() // NGoroutines is not updated right away, so we need to wait before failing c.Assert(waitForGoroutines(nroutines), checker.IsNil)