1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Commit graph

375 commits

Author SHA1 Message Date
qq690388648
1cb9b0745c replace the os.Stdout with stdout to adapt platform
Signed-off-by: Sun Gengze <690388648@qq.com>
2015-12-30 18:24:02 +08:00
David Calavera
8e034802b7 Remove usage of pkg sockets and tlsconfig.
- Use the ones provided by docker/go-connections, they are a drop in replacement.
- Remove pkg/sockets from docker.
- Keep pkg/tlsconfig because libnetwork still needs it and there is a
  circular dependency issue.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-29 19:27:12 -05:00
Daniel Nephin
f5916b10ae Remove the graph driver from the daemon, move it into the layer store.
Support restoreCustomImage for windows with a new interface to extract
the graph driver from the LayerStore.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2015-12-28 12:55:48 -05:00
David Calavera
27220ecc6b Move timeutils functions to the only places where they are used.
- Move time json marshaling to the jsonlog package: this is a docker
  internal hack that we should not promote as a library.
- Move Timestamp encoding/decoding functions to the API types: This is
  only used there. It could be a standalone library but I don't this
it's worth having a separated repo for this. It could introduce more
complexity than it solves.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-15 14:56:14 -05:00
Liron Levin
75c353f0ad Docker authorization plug-in infrastructure enables extending the functionality of the Docker daemon with respect to user authorization. The infrastructure enables registering a set of external authorization plug-in. Each plug-in receives information about the user and the request and decides whether to allow or deny the request. Only in case all plug-ins allow accessing the resource the access is granted.
Each plug-in operates as a separate service, and registers with Docker
through general (plug-ins API)
[https://blog.docker.com/2015/06/extending-docker-with-plugins/]. No
Docker daemon recompilation is required in order to add / remove an
authentication plug-in. Each plug-in is notified twice for each
operation: 1) before the operation is performed and, 2) before the
response is returned to the client. The plug-ins can modify the response
that is returned to the client.

The authorization depends on the authorization effort that takes place
in parallel [https://github.com/docker/docker/issues/13697].

This is the official issue of the authorization effort:
https://github.com/docker/docker/issues/14674

(Here)[https://github.com/rhatdan/docker-rbac] you can find an open
document that discusses a default RBAC plug-in for Docker.

Signed-off-by: Liron Levin <liron@twistlock.com>
Added container create flow test and extended the verification for ps
2015-12-08 17:34:15 +02:00
Alexander Morozov
ca5795cef8 Remove usage of listenbuffer package
It actually adds nothing to queuing requests.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-30 09:04:55 -08:00
Alex Crawford
a8b84cd8fb Revert "Return listenbuffer behavior"
This reverts commit 281a48d092.

Signed-off-by: Alex Crawford <alex.crawford@coreos.com>
2015-11-24 18:32:57 -08:00
Tianon Gravi
e54c4517a7 Fix "./docker" package name on freebsd
This fixes "can't load package: package ./docker: found packages client.go (main) and daemon_freebsd.go (docker)"

Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-11-17 09:38:19 -08:00
Antonio Murdaca
7929888214 Remove deprecated cli flags
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-11-15 10:40:01 +01:00
David Calavera
58b270c338 Merge pull request from vdemeester/hope-it-does-not-broke-everything-again
Another try at dockerversion placeholder for library import
2015-11-09 13:15:50 -08:00
Vincent Demeester
8054a30387 dockerversion placeholder for library import
- Add a *version* file placeholder.
- Update autogen and builds to use it and an autogen build flag

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-11-09 19:32:46 +01:00
David Calavera
3b5fac462d Remove LXC support.
The LXC driver was deprecated in Docker 1.8.
Following the deprecation rules, we can remove a deprecated feature
after two major releases. LXC won't be supported anymore starting on Docker 1.10.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-11-05 17:09:57 -05:00
Brian Goff
b78ca243d9 Revert "dockerversion placeholder for library-import"
This reverts commit d5cd032a86.

Commit caused issues on systems with case-insensitive filesystems.
Revert for now

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-10-27 21:23:53 -04:00
Vincent Demeester
d5cd032a86 dockerversion placeholder for library-import
- Move autogen/dockerversion to version
- Update autogen and "builds" to use this package and a build flag

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-10-27 20:36:07 +01:00
Lei Jitang
fbb01b8162 Make default tls host work
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-10-19 21:17:37 +08:00
Alexandre Beslic
4ea3ff7061 Merge pull request from mavenugo/ipam
Vendoring libnetwork for the pluggable IPAM driver support
2015-10-13 14:41:19 -07:00
Madhu Venugopal
cc6aece1fd IPAM API & UX
introduced --subnet, --ip-range and --gateway options in docker network
command. Also, user can allocate driver specific ip-address if any using
the --aux-address option.
Supports multiple subnets per network and also sharing ip range
across networks if the network-driver and ipam-driver supports it.
Example, Bridge driver doesnt support sharing same ip range across
networks.

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2015-10-13 11:03:03 -07:00
Antonio Murdaca
08c5f52d70 Merge pull request from coolljt0725/fix_16927
Fix docker daemon exit immediately after starting without -H option closes 
2015-10-12 17:24:42 +02:00
Lei Jitang
e38767e197 Fix docker daemon exit immediately after starting without -H option closes
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-10-12 04:49:25 -04:00
Doug Davis
ba973f2d74 Remove used param on ParseHost
The first param on opts.ParseHost() wasn't being used for anything.

Once we get rid of that param we can then also clean-up some code
that calls ParseHost() because the param that was passed in wasn't
being used for anything else.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-10-11 20:45:17 -07:00
Sebastiaan van Stijn
c45ad0b02d Merge pull request from SvenDowideit/make-windows-default-to-use-2376
Default the tcp port to 2376 if tls is on, and 2375 if not
2015-10-11 15:35:04 -07:00
Sven Dowideit
50f0906007 Default the tcp port to 2376 if tls is on, and 2375 if not
Refactor so that the Host flag validation doesn't destroy the user's input,
and then post process the flags when we know the TLS options

Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2015-10-09 17:48:03 -07:00
Jess Frazelle
b50a88cfd7 Merge pull request from dhiltgen/discovery_tls
Add TLS support for discovery backend
2015-10-08 14:21:06 -07:00
Jess Frazelle
b5d914188e Merge pull request from coolljt0725/use_consistent_command_description
Use consistent command description
2015-10-08 12:01:16 -07:00
Lei Jitang
2b0927c9ac Use consistent command description
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-10-08 08:46:21 -04:00
Daniel Hiltgen
124792a871 Add TLS support for discovery backend
This leverages recent additions to libkv enabling client
authentication via TLS so the discovery back-end can be locked
down with mutual TLS.  Example usage:

    docker daemon [other args] \
        --cluster-advertise 192.168.122.168:2376 \
        --cluster-store etcd://192.168.122.168:2379 \
        --cluster-store-opt kv.cacertfile=/path/to/ca.pem \
        --cluster-store-opt kv.certfile=/path/to/cert.pem \
        --cluster-store-opt kv.keyfile=/path/to/key.pem

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2015-10-07 16:01:00 -07:00
Alexander Morozov
281a48d092 Return listenbuffer behavior
Now we're start to serve early, but all Accept calls are intercepted by
listenbuffer or systemd socket.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-10-07 14:18:42 -07:00
Vincent Demeester
80f2e3f0c6 Merge pull request from LK4D4/fix_volume_socket
Allocate resources for server API before daemon creation
2015-10-05 20:48:41 +02:00
Alexander Morozov
5eda566f93 Allocate resources for server API before daemon creation
It prevents occupying of those resources (ports, unix-sockets) by
containers.
Also fixed false-positive test for that case.

Fix 

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-10-05 09:32:08 -07:00
Antonio Murdaca
14e8898648 Fix man and commandline docs
- missing help option in `docs/reference/commandline/*.md` (some files
  have it, the other I fixed didn't)
- missing `[OPTIONS]` in Usage description
- missing options
- formatting
- start/stop idempotence

Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
2015-10-04 21:22:27 +02:00
David Calavera
da982cf551 Separate API router from server.
Implement basic interfaces to write custom routers that can be plugged
to the server. Remove server coupling with the daemon.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-09-29 19:43:03 -04:00
Tibor Vass
b08f071e18 Revert "Merge pull request from duglin/ContextualizeEvents"
Although having a request ID available throughout the codebase is very
valuable, the impact of requiring a Context as an argument to every
function in the codepath of an API request, is too significant and was
not properly understood at the time of the review.

Furthermore, mixing API-layer code with non-API-layer code makes the
latter usable only by API-layer code (one that has a notion of Context).

This reverts commit de41640435, reversing
changes made to 7daeecd42d.

Signed-off-by: Tibor Vass <tibor@docker.com>

Conflicts:
	api/server/container.go
	builder/internals.go
	daemon/container_unix.go
	daemon/create.go
2015-09-29 14:26:51 -04:00
Tibor Vass
79c31f4b13 Revert "Merge pull request from calavera/context_per_request"
This reverts commit ff92f45be4, reversing
changes made to 80e31df3b6.

Reverting to make the next revert easier.

Signed-off-by: Tibor Vass <tibor@docker.com>
2015-09-29 13:40:46 -04:00
David Calavera
27c76522de Define a context per request.
Avoid creating a global context object that will be used while the daemon is running.

Not only this object won't ever be garbage collected, but it won't ever be used for anything else than creating other contexts in each request. I think it's a bad practive to have something like this sprawling aroud the code.

This change removes that global object and initializes a context in the cases we don't have already one, like shutting down the server.
This also removes a bunch of context arguments from functions that did nothing with it.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-09-24 18:44:53 -04:00
Doug Davis
26b1064967 Add context.RequestID to event stream
This PR adds a "request ID" to each event generated, the 'docker events'
stream now looks like this:

```
2015-09-10T15:02:50.000000000-07:00 [reqid: c01e3534ddca] de7c5d4ca927253cf4e978ee9c4545161e406e9b5a14617efb52c658b249174a: (from ubuntu) create
```
Note the `[reqID: c01e3534ddca]` part, that's new.

Each HTTP request will generate its own unique ID. So, if you do a
`docker build` you'll see a series of events all with the same reqID.
This allow for log processing tools to determine which events are all related
to the same http request.

I didn't propigate the context to all possible funcs in the daemon,
I decided to just do the ones that needed it in order to get the reqID
into the events. I'd like to have people review this direction first, and
if we're ok with it then I'll make sure we're consistent about when
we pass around the context - IOW, make sure that all funcs at the same level
have a context passed in even if they don't call the log funcs - this will
ensure we're consistent w/o passing it around for all calls unnecessarily.

ping @icecrime @calavera @crosbymichael

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-09-24 11:56:37 -07:00
Tibor Vass
01670bec48 Merge pull request from coolljt0725/show_help_all_the_time
Clean up: show usage when global --help present
2015-09-23 18:58:19 -04:00
Lei Jitang
4d55877e27 Clean up: show usage when global --help present
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-09-23 05:17:03 -04:00
Sally O'Malley
e41753678d docker restarts running OR stopped containers, docs edit rm "running"
Signed-off-by: Sally O'Malley <somalley@redhat.com>
2015-09-20 09:16:27 -04:00
Lei Jitang
ee6b81faf2 Docs: correct the description of docker cp
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-09-20 18:02:28 +08:00
Kunal Kushwaha
44da5c3de2 "docker network" missing from docker --help
Fixed issues related to network subcommand tests
- "network" in exempted list of short help check
- Condition for exact test modified to meet experimental commands
- Sorting of commands done in flags_experimental

Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
2015-09-04 15:34:17 +09:00
Brian Goff
b3b7eb2723 Add volume API/CLI
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-08-26 13:37:52 -04:00
Jessie Frazelle
ecff4badcd Merge pull request from WeiZhang555/golint-stdcopy-system
fix golint warnings/errors on pkg/system and pkg/stdcopy
2015-08-21 14:27:59 -07:00
Marius Sturm
e904cbec03 Initialize LogConfig in daemon mode
Signed-off-by: Marius Sturm <marius@graylog.com>
2015-08-15 18:06:03 +02:00
Zhang Wei
7e420ad850 fix golint warnings/errors on pkg/system and pkg/stdcopy
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2015-08-13 18:47:13 +08:00
Harald Albers
ceb11d9660 Remove -h flag from completion and daemon reference
All docker subcommands support `-h` as an alias for `--help`
unless they have `-h` aliased to something else like `docker run`,
which uses `-h` for `--hostname`.

`-h` is not included in the help messages of the commands, though.

It ist visible in
* reference: only in `docker daemon` reference,
  see output of `grep -Rse --help=false docs`
* man pages: only in `docker` man page
  see output of `grep -RF '**-h**' man`

For consistency reasons, this commit removes `-h` as an alias for
`--help` from the reference page, man page and the bash completion.

Signed-off-by: Harald Albers <github@albersweb.de>
2015-08-11 07:30:58 -07:00
Veres Lajos
5146232723 typofix - https://github.com/vlajos/misspell_fixer
Signed-off-by: Veres Lajos <vlajos@gmail.com>
2015-08-07 23:25:49 +01:00
Ankush Agarwal
4d212f7853 Add test to check if subcommands are sorted
Signed-off-by: Ankush Agarwal <ankushagarwal11@gmail.com>
2015-08-07 01:34:21 -07:00
David Calavera
07c45e499d Remove key file when migration fails.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-08-03 15:29:54 -07:00
Alexander Morozov
75c082c4b2 Merge pull request from Microsoft/10662-daemonconfiglocation
Windows: [TP3] Move daemon config directory
2015-07-30 12:56:52 -07:00
John Howard
9ed4400baf Windows: Move daemon config directory
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-30 12:39:19 -07:00