profile
viewpoint

push eventarkodg/moby

Arko Dasgupta

commit sha 30103d32553ba041b482da4712c9dbf308249a95

Convert HostGatewayIP to net.IP Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

push time in 4 days

Pull request review commentmoby/moby

Support host.docker.internal in dockerd on Linux

 func (daemon *Daemon) buildSandboxOptions(container *container.Container) ([]lib 			return nil, err 		} 		parts := strings.SplitN(extraHost, ":", 2)+		// If the IP Address is a string called "host-gateway", replace this+		// value with the IP address stored in the daemon level HostGatewayIP+		// config variable+		if parts[1] == network.HostGatewayName {+			if gateway := daemon.configStore.HostGatewayIP; net.ParseIP(gateway) != nil {+				parts[1] = gateway+			} else {+				logrus.Warnf("HostGatewayIP value %s is invalid", gateway)

there can be a case where default bridge is disabled and the HostGatewayIP is not set, in that case might be best to bail out ?

arkodg

comment created time in 4 days

Pull request review commentmoby/moby

Support host.docker.internal in dockerd on Linux

 func installCommonConfigFlags(conf *config.Config, flags *pflag.FlagSet) error { 	flags.Var(opts.NewListOptsRef(&conf.DNS, opts.ValidateIPAddress), "dns", "DNS server to use") 	flags.Var(opts.NewNamedListOptsRef("dns-opts", &conf.DNSOptions, nil), "dns-opt", "DNS options to use") 	flags.Var(opts.NewListOptsRef(&conf.DNSSearch, opts.ValidateDNSSearch), "dns-search", "DNS search domains to use")+	flags.StringVar(&conf.HostGatewayIP, "host-gateway-ip", "", "dockerd will resolve the IP Address to this IP "+

ack

arkodg

comment created time in 4 days

push eventarkodg/moby

Arko Dasgupta

commit sha 1d52cb3c5e4b909a34027b120d8d906c3a8420c0

Support host.docker.internal in dockerd on Linux Docker Desktop (on MAC and Windows hosts) allows containers running inside a Linux VM to connect to the host using the host.docker.internal DNS name, which is implemented by VPNkit (DNS proxy on the host) This PR allows containers to connect to Linux hosts by appending a special string "host-gateway" to --add-host e.g. "--add-host=host.docker.internal:host-gateway" which adds host.docker.internal DNS entry in /etc/hosts and maps it to host-gateway-ip This PR also add a daemon flag call host-gateway-ip which defaults to the default bridge IP Docker Desktop will need to set this field to the Host Proxy IP so DNS requests for host.docker.internal can be routed to VPNkit Addresses: https://github.com/docker/for-linux/issues/264 Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

push time in 5 days

pull request commentdocker/docker.github.io

Add algorithm label

@traci-morrison AFAIK we are not releasing a new version of Interlock for Novemeber (@euanh please correct me if I'm wrong) so we don't need to merge this yet

traci-morrison

comment created time in 6 days

pull request commentmoby/moby

Support host.docker.internal in dockerd on Linux

@tiborvass PTAL

arkodg

comment created time in 7 days

push eventarkodg/moby

Arko Dasgupta

commit sha ad495a290871b0c40c511c2f7849871aebe67b34

Support host.docker.internal in dockerd on Linux Docker Desktop (on MAC and Windows hosts) allows containers running inside a Linux VM to connect to the host using the host.docker.internal DNS name, which is implemented by VPNkit (DNS proxy on the host) This PR allows containers to connect to Linux hosts by appending a special string "host-gateway" to --add-host e.g. "--add-host=host.docker.internal:host-gateway" which adds host.docker.internal DNS entry in /etc/hosts and maps it to host-gateway-ip This PR also add a daemon flag call host-gateway-ip which defaults to the default bridge IP Docker Desktop will need to set this field to the Host Proxy IP so DNS requests for host.docker.internal can be routed to VPNkit Addresses: https://github.com/docker/for-linux/issues/264 Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

push time in 7 days

issue commentmoby/moby

Service which is deployed as part of a stack has an illegal character in its DNS name

changing the format now will disrupt legacy systems A workaround is to add ALIASES for the service in the compose file that does not use _ and circumvents the library check https://docs.docker.com/compose/compose-file/ has some examples for aliases

raehalme

comment created time in 7 days

push eventarkodg/moby

Arko Dasgupta

commit sha b566735504d3bf25d5a26337435d2b37f6b1fc69

Support host.docker.internal in dockerd on Linux Docker Desktop (on MAC and Windows hosts) allows containers running inside a Linux VM to connect to the host using the host.docker.internal DNS name, which is implemented by VPNkit (DNS proxy on the host) This PR allows containers to connect to Linux hosts by appending a special string "host-gateway" to --add-host e.g. "--add-host=host.docker.internal:host-gateway" which adds host.docker.internal DNS entry in /etc/hosts and maps it to host-gateway-ip This PR also add a daemon flag call host-gateway-ip which defaults to the default bridge IP Docker Desktop will need to set this field to the Host Proxy IP so DNS requests for host.docker.internal can be routed to VPNkit Addresses: https://github.com/docker/for-linux/issues/264 Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

push time in 8 days

pull request commentmoby/moby

Support host.docker.internal in dockerd on Linux

updated the PR , would appreciate suggestions for a better name, picked host-gateway as a placeholder

docker run -it --add-host=host-gateway alpine cat /etc/hosts
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
172.18.0.1	host.docker.internal
172.18.0.1	gateway.docker.internal
172.18.0.2	e25baec2305e
arkodg

comment created time in 11 days

push eventarkodg/moby

Arko Dasgupta

commit sha dd6d54b18deadc5537942177324fe132b10a1ede

Support host.docker.internal in dockerd on Linux Docker Desktop (on MAC and Windows hosts) allows containers running inside a Linux VM to connect to the host using the host.docker.internal DNS name, which is implemented by VPNkit (DNS proxy on the host) This PR allows containers to connect to Linux hosts by appending a special string "host-gateway" to --add-host which adds host.docker.internal DNS entry in /etc/hosts and maps it to host-gateway-ip This PR also add a daemon flag call host-gateway-ip which defaults to the default bridge IP Docker Desktop will need to set this field to the Host Proxy IP so DNS requests for host.docker.internal can be routed to VPNkit Addresses: https://github.com/docker/for-linux/issues/264 Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

push time in 11 days

fork arkodg/cli

The Docker CLI

fork in 11 days

issue commentmoby/moby

Proxy Protocol support in Swarm ingress

Its a different use case @danielecr . The solution for this issue is to create a global service and publish in host mode or run a Layer 7 proxy like traefik in host mode and route L7 traffic to the appropriate backend service

sandys

comment created time in 11 days

pull request commentdocker/libnetwork

Fix panic in drivers/overlay/encryption.go

@dani-docker updateNodeKey is called which fails since it cannot find proper key indices . This triggers the new code to be executed and the driver receive this event https://github.com/docker/libnetwork/blob/4420ee92f5b3b951f98a36b2bc8144a19b560a22/drivers/overlay/overlay.go#L340 and calls setKeys which resets the spis https://github.com/docker/libnetwork/blob/1f28166bb386cf9223d2d00a28382b0e474be314/drivers/overlay/encryption.go#L440 and checkEncryption will rebuild the spis if there is a new service that lands on that node

arkodg

comment created time in 11 days

pull request commentdocker/libnetwork

Updating IPAM config with results from HNS create network call.

@subbunori can you please update to latest 19.03 version and this fix should be present here are the commits in the 19.03 branch - https://github.com/docker/libnetwork/commits/bump_19.03

pradipd

comment created time in 12 days

pull request commentdocker/libnetwork

Fix panic in drivers/overlay/encryption.go

PTAL @dani-docker @selansen @euanh

arkodg

comment created time in 12 days

pull request commentdocker/libnetwork

Fix panic in drivers/overlay/encryption.go

Debug Logs

DEBU[2019-10-31T18:19:19.488287400Z] Adding key 5a857                             
DEBU[2019-10-31T18:19:19.488378800Z] Primary Key f6140                            
DEBU[2019-10-31T18:19:19.488410400Z] Remove Key e0599                             
DEBU[2019-10-31T18:19:19.488448600Z] Updating Keys. New: (key: 780b0, tag: 0xaf42), Primary: (key: 42428, tag: 0xaf40), Pruned: (key: 20839, tag: 0xaf3c) 
DEBU[2019-10-31T18:19:19.488518200Z] Current: [(key: 41474, tag: 0xaf38) (key: 57349, tag: 0xaf36) (key: 42428, tag: 0xaf40)] 
WARN[2019-10-31T18:19:19.488691700Z] Failed to update datapath keys in driver overlay: cannot find proper key indices while processing key update:(newIdx,priIdx,delIdx):(3, 2, -1) 
WARN[2019-10-31T18:19:19.488766000Z] Reconfiguring datapath keys for  overlay     
DEBU[2019-10-31T18:19:19.488930100Z] Initial encryption keys: [(key: 42428, tag: 0xaf40) (key: 70624, tag: 0xaf3e) (key: 780b0, tag: 0xaf42)] 

Subsequent Logs

DEBU[2019-10-31T18:19:39.454300900Z] Adding key 61b2c                             
DEBU[2019-10-31T18:19:39.454371400Z] Primary Key 5a857                            
DEBU[2019-10-31T18:19:39.454716600Z] Remove Key c2839                             
DEBU[2019-10-31T18:19:39.454791000Z] Updating Keys. New: (key: 2aa25, tag: 0xaf44), Primary: (key: 780b0, tag: 0xaf42), Pruned: (key: 70624, tag: 0xaf3e) 
DEBU[2019-10-31T18:19:39.454874200Z] Current: [(key: 42428, tag: 0xaf40) (key: 70624, tag: 0xaf3e) (key: 780b0, tag: 0xaf42)] 
DEBU[2019-10-31T18:19:39.455003400Z] Updated: [(key: 780b0, tag: 0xaf42) (key: 42428, tag: 0xaf40) (key: 2aa25, tag: 0xaf44)] 
arkodg

comment created time in 12 days

pull request commentdocker/libnetwork

Fix panic in drivers/overlay/encryption.go

@suwang48404 took your advice on reconfiguring keys in case of an update failure reducing the down time by 24hr (2 x 12h rotation intervals )

arkodg

comment created time in 12 days

push eventarkodg/libnetwork

Arko Dasgupta

commit sha 4420ee92f5b3b951f98a36b2bc8144a19b560a22

Fix panic in drivers/overlay/encryption.go Issue - "index out of range" panic in drivers/overlay/encryption.go:539 due to a mismatch in indices between curKeys and spis due to case where updateKeys might bail out due to an error and not update the spis Fix - Reconfigure keys when there is a key update failure Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

push time in 12 days

push eventarkodg/moby

Arko Dasgupta

commit sha 4d0dd06af3dd5a160c50026a45a32ce4e26ec36d

Bump Swarmkit to b0bc4017ad110cd20898d8c44be03c1e78e4e979 1. Includes: https://github.com/docker/swarmkit/pull/2892 2. Edited TestServiceWithDefaultAddressPoolInit to validate dynamic ingress network subnet Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

push time in 13 days

push eventarkodg/swarmkit

Arko Dasgupta

commit sha 4cd8450601d142cc0ac7c4450a9aed88dec33de4

Remove hardcoded IPAM Config subnet value for ingress network Fixes: https://docker.atlassian.net/browse/ENGORC-2651 Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com> (cherry picked from commit 9ccb20b27fa9a0e7b88800d7e196fa030da2a6a7) Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

push time in 13 days

pull request commentdocker/docker.github.io

Add the Network option

can we please revert the example config change @traci-morrison It will break the existing default functionality

traci-morrison

comment created time in 13 days

pull request commentdocker/libnetwork

Added API to set ephemeral port allocator range.

lets test the functionality end-to-end (add changes to Moby master, add integration tests in Moby) before we cherry-pick into master ?

suwang48404

comment created time in 14 days

issue commentdocker/for-linux

unregister_netdevice waiting for IO

Can you please share the exact cmds/steps performed ?

zakikhani

comment created time in 14 days

Pull request review commentdocker/docker.github.io

Add the Network option

 Interlock must contain at least one extension to service traffic. The following | `Labels` | map[string]string | Labels to add to the extension service | | `ContainerLabels` | map[string]string | Labels to be added to the extension service tasks | | `Constraints` | []string | One or more [constraints](https://docs.docker.com/engine/reference/commandline/service_create/#specify-service-constraints-constraint) to use when scheduling the extension service |+|`Network` | string | Allows the administrator to cherry-pick a list of networks that Interlock can connect to. If this option is not specified, the proxy-service can connect to all networks. | 
|`Networks` | string | Allows the administrator to cherry-pick a list of networks that Interlock can connect to. If this option is not specified, the proxy-service can connect to all networks. | 
traci-morrison

comment created time in 14 days

issue openeddocker/docker.github.io

Need to add secure-overlay to cluster_config table

File: ee/ucp/admin/configure/ucp-configuration-file.md

Need to add this to the UCP Cluster Config table secure-overlay (optional)/boolean Enables IPSec Network Encryption in Kubernetes

Reference - https://github.com/docker/orca/pull/17464

This needs to go live post the Nov patch release cc: @traci-morrison

created time in 15 days

pull request commentmoby/moby

Support host.docker.internal in dockerd on Linux

@tibor so what you are suggesting is a per container opt in strategy rather than a daemon level option since this usage is not the common-case Now desktop will need to spawn dockerd with --hosts-gateway-default-ip host-proxy-ip.

Because in dockerd the code would look like if gateway in add-hosts get IP from hosts-gateway-default-ip. (Desktop case) if hosts-gateway-default-ip == nil get IP from default bridge (dockerd running on host OS case)

wdyt @djs55

arkodg

comment created time in 15 days

issue openeddocker/docker.github.io

Support new label com.docker.lb.algorithm

File: ee/ucp/interlock/usage/labels-reference.md

https://github.com/docker/interlock/pull/296 introduced a new label - com.docker.lb.algorithm Now the user will be able to pick the load balancing algorithm by setting com.docker.lb.algorithm to round_robin | ip_hash | least_conn and if no label is set, round_robin will be used to decide the backend server

cc @traci-morrison

created time in 16 days

issue openeddocker/docker.github.io

Add the admin `Networks` option to Interlock config

File: ee/ucp/interlock/config/index.md

https://github.com/docker/interlock/pull/311 introduced a feature to allow the administrator to cherry-pick a list of Networks, Interlock can connect to . We need to add documentation for this feature

e.g.

[Extensions.default]
  ...
  ...
  ...
  Networks = ["testNet1", "testNet2"]

cc @traci-morrison

created time in 16 days

pull request commentdocker/libnetwork

resolver: less debug

@kolyshkin I'm just very reluctant to delete these logs

Can we add a compile time parameter / global const enableDebugLogs = false to reduce logging for now

kolyshkin

comment created time in 18 days

pull request commentdocker/engine

[19.03] Bump Swarmkit to f35d9100f2c6ac810cc8d7de6e8f93dcc7a42d29

bump @thaJeztah @andrewhsu

arkodg

comment created time in 20 days

pull request commentmoby/moby

Add TC to check dynamic subnet for ingress network

@andrewhsu there is some issue with the latest swarmkit refpoint, that needs to be triaged, just cherrypicking the ingress network fix has no problems https://github.com/docker/engine/pull/402

arkodg

comment created time in 20 days

pull request commentdocker/docker.github.io

FIx Type for HitlessServiceUpdate

cc @joeabbey

arkodg

comment created time in 21 days

pull request commentdocker/docker.github.io

FIx Type for HitlessServiceUpdate

PTAL @euanh

arkodg

comment created time in 21 days

PR opened docker/docker.github.io

FIx Type for HitlessServiceUpdate

<!--Thanks for your contribution. See CONTRIBUTING for this project's contribution guidelines. Remove these comments as you go.

DO NOT edit files and directories listed in _data/not_edited_here.yaml.
These are maintained in upstream repos and changes here will be lost.

Help us merge your changes more quickly by adding details and setting metadata
(such as labels, milestones, and reviewers) over at the right-hand side.-->

Proposed changes

<!--Tell us what you did and why-->

Unreleased project version (optional)

<!--If this change only applies to an unreleased version of a project, note that here and base your work on the vnext- branch for your project. If this doesn't apply to this PR, you can remove this whole section. Set a milestone if appropriate. -->

Related issues (optional)

<!--Refer to related PRs or issues: #1234, or 'Fixes #1234' or 'Closes #1234'. Or link to full URLs to issues or pull requests in other Github projects -->

+1 -1

0 comment

1 changed file

pr created time in 21 days

push eventarkodg/docker.github.io

Arko Dasgupta

commit sha c90f67c29577be0c1cbfcc3c7369e874902fceb6

FIx Type for HitlessServiceUpdate

view details

push time in 21 days

pull request commentdocker/libnetwork

resolver: less debug

@kolyshkin is there a way to ratelimit these logs

kolyshkin

comment created time in 22 days

issue commentdocker/for-linux

Failed to start Docker Application Container Engine after enabling ipv6

@ntopulos according to https://tools.ietf.org/html/rfc3849 2001:db8:1::/32 is a documentation only prefix and should not be used in production

ntopulos

comment created time in a month

issue commentdocker/for-linux

Failed to start Docker Application Container Engine after enabling ipv6

@ntopulos looks like

"fixed-cidr-v6": <>

is missing and for ipv6 should be a mandatory field Raised a docs issue : https://github.com/docker/docker.github.io/issues/9676

Docker does not support IPv6 NAT and so this field is needed https://docs.docker.com/v17.09/engine/userguide/networking/default_network/ipv6/#how-ipv6-works-on-docker has better details

We can leave this issue open to handle this error gracefully

ntopulos

comment created time in a month

issue openeddocker/docker.github.io

fixed-cidr-v6 field mandatory with "ipv6":true

When the user is enabling ipv6, it is mandatory for the fixed-cidr-v6 field to be specified

this page has better details https://docs.docker.com/v17.09/engine/userguide/networking/default_network/ipv6/#using-ndp-proxying

File: config/daemon/ipv6.md

created time in a month

issue openedfirewalld/firewalld

Docker does not work with FirewallBackend=nftables

The new version of firewalld introduced an option called FirewallBackend

# FirewallBackend
# Selects the firewall backend implementation.
# Choices are:
#       - nftables (default)
#       - iptables (iptables, ip6tables, ebtables and ipset)
FirewallBackend=nftables

What I'm noticing after playing around with this knob (and with Docker installed) is that FirewallBackend=nftables does not work but FirewallBackend=iptables does (for simple port-forwarding cases such as docker run --name test-nginx -p 8080:80 -d nginx)

Docker passes rules to firewalld via direct.passthrough (https://github.com/docker/libnetwork/blob/master/iptables/firewalld.go)

docker logs:

time="2019-10-17T01:35:53.138725010Z" level=debug msg="Firewalld passthrough: ipv4, [-t filter -C FORWARD -j DOCKER-ISOLATION]"
 time="2019-10-17T01:35:53.146033871Z" level=debug msg="Firewalld passthrough: ipv4, [-t nat -D PREROUTING -m addrtype --dst-type LOCAL -j DOCKER]"

firewalld logs:

2019-10-17 20:54:36 DEBUG1: direct.passthrough('ipv4', '-t','nat','-n','-L','DOCKER')
2019-10-17 20:54:36 DEBUG1: direct.passthrough('ipv4', '-t','nat','-N','DOCKER')
2019-10-17 20:54:36 DEBUG1: direct.passthrough('ipv4', '-t','filter','-n','-L','DOCKER')
2019-10-17 20:54:36 DEBUG1: direct.passthrough('ipv4', '-t','filter','-N','DOCKER')
2019-10-17 20:54:36 DEBUG1: direct.passthrough('ipv4', '-t','filter','-n','-L','DOCKER-ISOLATION-STAGE-1')
2019-10-17 20:54:36 DEBUG1: direct.passthrough('ipv4', '-t','filter','-N','DOCKER-ISOLATION-STAGE-1')
2019-10-17 20:54:36 DEBUG1: direct.passthrough('ipv4', '-t','filter','-n','-L','DOCKER-ISOLATION-STAGE-2')
2019-10-17 20:54:36 DEBUG1: direct.passthrough('ipv4', '-t','filter','-N','DOCKER-ISOLATION-STAGE-2')
2019-10-17 20:54:36 DEBUG1: direct.passthrough('ipv4', '-t','filter','-C','DOCKER-ISOLATION-STAGE-1','-j','RETURN')

and I do not see any errors in the logs

The version of iptables on the box is 1.8.2 and it uses the nft-backend

iptables --version
iptables v1.8.2 (nf_tables)

so technically this should work

trying to understand what extra plumbing is needed in docker or firewalld to get this to work

Thanks

created time in a month

issue commentmoby/moby

Proxy Protocol support in Swarm ingress

@kaysond just raised a docs update issue - https://github.com/docker/docker.github.io/issues/9652 with some info to help you out

The SRC-IP cannot be preserved with ingress networks since it does not support the dsr option but a workaround is to create a global service and publish in host mode More info in - https://docs.docker.com/engine/swarm/services/

sandys

comment created time in a month

issue commentdocker/docker.github.io

Add documentation for dsr option for Overlay Networks

cc: @thaJeztah

arkodg

comment created time in a month

issue openeddocker/docker.github.io

Add documentation for dsr option for Overlay Networks

https://github.com/docker/libnetwork/pull/2270 adds support to create a overlay network with DSR (direct server return) mode which does an L2 forward and skips a SNAT rewrite keeping the L3 headers intact

Usage docker network create -d overlay --opt dsr dsr-net

File: network/network-tutorial-overlay.md

created time in a month

pull request commentdocker/libnetwork

DOCKER-USER chain not created when IPTableEnable=false.

Some useful documentation in this area - https://docs.docker.com/network/iptables/

This wont take care of the cases where DOCKER-INGRESS is created if there are services running

IMHO a clean way to fix this could be to incorporate this flag into https://github.com/docker/libnetwork/blob/master/iptables/iptables.go and error out from functions such as NewChain or ProgramChain if the flag is disabled with an error saying iptables is disabled in config

suwang48404

comment created time in a month

PR closed docker/libnetwork

Reviewers
[WIP] Add DOCKER-USER chain when iptables=true is set ENGCORE-1114

This PR fixes the regression introduced by https://github.com/docker/libnetwork/pull/2339 to

  1. correctly insert the DOCKER-USER chain if iptables=true is set in the Daemon config
  2. To make sure DOCKER-USER is the first chain and DOCKER-INGRESS is the second chain in forwarding
  3. To make sure we do not create DOCKER-INGRESS and DOCKER-USER if iptables=false

All the logic has been moved to the bridge driver since EnableIPTables is a bridge specific configuration

Addresses : https://github.com/docker/for-linux/issues/810 ENGCORE-1114

Signed-off-by: Arko Dasgupta arko.dasgupta@docker.com

+86 -109

6 comments

8 changed files

arkodg

pr closed time in a month

pull request commentmoby/moby

Added option to change port allocation range for ephemeral service po…

@suwang48404 would help if you shared some examples using the moby dev shell

suwang48404

comment created time in a month

Pull request review commentdocker/libnetwork

Allowed libnetwork caller to set ephemeral port

 package portallocator import ( 	"errors" 	"fmt"+	"github.com/sirupsen/logrus" 	"net" 	"sync" ) -const (-	// DefaultPortRangeStart indicates the first port in port range-	DefaultPortRangeStart = 49153-	// DefaultPortRangeEnd indicates the last port in port range-	DefaultPortRangeEnd = 65535+var (+	// defaultPortRangeStart indicates the first port in port range+	defaultPortRangeStart = 49153+	// defaultPortRangeEnd indicates the last port in port range+	// consistent with default /proc/sys/net/ipv4/ip_local_port_range+	// upper bound on linux+	defaultPortRangeEnd = 60999 ) +func sanitizePortRange(start int, end int) (newStart, newEnd int, err error) {+	if start > defaultPortRangeEnd || end < defaultPortRangeStart || start > end {

why do we need start > defaultPortRangeEnd || end < defaultPortRangeStart

suwang48404

comment created time in a month

issue commentmoby/moby

No communication possible between hybrid cloud services (GCE, AWS) due to wrong advertised address

not sure why the PUBLIC-IP of the VM would change after a VM restart, if its a new VM it would need to rejoin the swarm

Thanks, can you please close this issue, since this was a misconfiguration issue

melaurent

comment created time in a month

Pull request review commentdocker/docker.github.io

Adding Known Issues to Release Notes

 compatibility reasons.  * Fix jsonfile logger: follow logs stuck when `max-size` is set and `max-file=1`. [docker/engine#378](https://github.com/docker/engine/pull/378) +### Known Issues++#### New++* `DOCKER-USER` iptables chain is missing for [docker/for-linux#810](https://github.com/docker/for-linux/issues/810).+  Users cannot perform additional container network traffic filtering on top of+  this iptables chain. You are not affected by this issue if you are not+  customizing iptable chains on top of `DOCKER-USER`.+     - **Workaround:** Insert the iptables chain after the docker daemon starts.+       Below is an example.+       ```+       iptables -N DOCKER-USER+       iptables -I FORWARD -j DOCKER-USER+       iptables -A DOCKER-USER -j RETURN+       ```++#### Existing++* In some circumstances, in large clusters, docker information might, as part of the Swarm section,+  include the error `code = ResourceExhausted desc = grpc: received message larger than+  max (5351376 vs. 4194304)`. This does not indicate any failure or misconfiguration by the user,+  and requires no response.+* Orchestrator port conflict can occur when redeploying all services as new. Due to many swarm manager+  requests in a short amount of time, some services are not able to receive traffic and are causing a `404`+  error after being deployed.+     - **Workaround:** restart all tasks via `docker service update --force`.++* Traffic cannot egress the HOST because of missing Iptables rules in the FORWARD chain+  The missing rules are :+     ```+     sbin/iptables --wait -C FORWARD -o docker_gwbridge -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

why do we need these, these have been fixed https://github.com/docker/orca/pull/17254

adrian-plata

comment created time in a month

pull request commentdocker/libnetwork

[19.03] revert controller: Check if IPTables is enabled for arrangeUserFilterRule

PTAL @selansen @mavenugo

thaJeztah

comment created time in a month

PR closed docker/libnetwork

Merge pull request #2466 from arkodg/revert-iptables-docker-user

Revert "Merge pull request #2339 from phyber/iptables-check"

(cherry picked from commit 90afbb01e1d8acacb505a092744ea42b9f167377) Signed-off-by: Arko Dasgupta arko.dasgupta@docker.com

+2 -32

0 comment

1 changed file

arkodg

pr closed time in a month

PR opened docker/libnetwork

Merge pull request #2466 from arkodg/revert-iptables-docker-user

Revert "Merge pull request #2339 from phyber/iptables-check"

(cherry picked from commit 90afbb01e1d8acacb505a092744ea42b9f167377) Signed-off-by: Arko Dasgupta arko.dasgupta@docker.com

+2 -32

0 comment

1 changed file

pr created time in a month

PR closed docker/libnetwork

Merge pull request #2466 from arkodg/revert-iptables-docker-user

Revert "Merge pull request #2339 from phyber/iptables-check"

(cherry picked from commit 90afbb01e1d8acacb505a092744ea42b9f167377) Signed-off-by: Arko Dasgupta arko.dasgupta@docker.com

+2 -32

0 comment

1 changed file

arkodg

pr closed time in a month

PR opened docker/libnetwork

Merge pull request #2466 from arkodg/revert-iptables-docker-user

Revert "Merge pull request #2339 from phyber/iptables-check"

(cherry picked from commit 90afbb01e1d8acacb505a092744ea42b9f167377) Signed-off-by: Arko Dasgupta arko.dasgupta@docker.com

+2 -32

0 comment

1 changed file

pr created time in a month

create barncharkodg/libnetwork

branch : bump_19.03

created branch time in a month

delete branch arkodg/libnetwork

delete branch : revert-iptables-docker-user

delete time in a month

pull request commentdocker/libnetwork

Revert "Merge pull request #2339 from phyber/iptables-check"

cc: @thaJeztah

arkodg

comment created time in a month

pull request commentdocker/libnetwork

Revert "Merge pull request #2339 from phyber/iptables-check"

PTAL @euanh @selansen

arkodg

comment created time in a month

push eventarkodg/libnetwork

Arko Dasgupta

commit sha 8db595c16cc600afa99eeb47e172f38bbab646ce

Revert "Merge pull request #2339 from phyber/iptables-check" This reverts commit 820deef78e53c49f13797a93537325a4b8d53014, reversing changes made to 19e372a98f736c48e65563db5d7a474fa42d94b4. Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

push time in a month

PR opened docker/libnetwork

Revert "Merge pull request #2339 from phyber/iptables-check"

This reverts commit 820deef78e53c49f13797a93537325a4b8d53014, reversing changes made to 19e372a98f736c48e65563db5d7a474fa42d94b4.

+2 -32

0 comment

1 changed file

pr created time in a month

create barncharkodg/libnetwork

branch : revert-iptables-docker-user

created branch time in a month

PR opened docker/engine

Bump SwarmKit to b0bc4017ad110cd20898d8c44be03c1e78e4e979
  1. Includes: https://github.com/docker/swarmkit/pull/2892

  2. Edited TestServiceWithDefaultAddressPoolInit to validate dynamic ingress network subnet

Signed-off-by: Arko Dasgupta arko.dasgupta@docker.com

<!-- Please make sure you've read and understood our contributing guidelines; https://github.com/moby/moby/blob/master/CONTRIBUTING.md

** Make sure all your commits include a signature generated with git commit -s **

For additional information on our contributing process, read our contributing guide https://docs.docker.com/opensource/code/

If this is a bug fix, make sure your description includes "fixes #xxxx", or "closes #xxxx"

Please provide the following information: -->

- What I did

- How I did it

- How to verify it

- Description for the changelog <!-- Write a short (one line) summary that describes the changes in this pull request for inclusion in the changelog: -->

- A picture of a cute animal (not mandatory but encouraged)

+9 -7

0 comment

3 changed files

pr created time in a month

create barncharkodg/moby

branch : 18.09

created branch time in a month

push eventarkodg/libnetwork

Arko Dasgupta

commit sha 1434743896e15fba23fda08bfc507f8d711bc580

Move arrangeIngressFilterRule to bridge driver Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

push time in a month

push eventarkodg/libnetwork

Arko Dasgupta

commit sha 083c739ab5792b0926e49488042a9b083882d554

Add DOCKER-USER chain when iptables=true is set This PR fixes the regression introduced by https://github.com/docker/libnetwork/pull/2339 to correctly insert the DOCKER-USER chain if iptables=true is set in the Daemon config Addresses : https://github.com/docker/for-linux/issues/810 Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

Arko Dasgupta

commit sha a8417b6011ff012c1812d94fb3f950d8c3a98152

Add TC for making sure DOCKER-USER exists Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

Arko Dasgupta

commit sha 57c08540535947540a25fed4c1071dc4f3c35d10

Move arrangeIngressFilterRule to bridge driver Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

push time in a month

create barncharkodg/libnetwork

branch : revert-2339-iptables-check

created branch time in a month

issue commentdocker/for-linux

DOCKER-USER iptables chain missing in 19.03.3

good catch, I usually edit the output of iptables-save where everything is an append , edited the above commands to reflect the fact that DOCKER-USER should get matched before other chains

dougburks

comment created time in a month

pull request commentdocker/engine

Bump Swarmkit to f35d9100f2c6ac810cc8d7de6e8f93dcc7a42d29

passed, which implies something in swarmkit master is causing the moby tests to go super slow

arkodg

comment created time in a month

pull request commentdocker/engine

Bump Swarmkit to f35d9100f2c6ac810cc8d7de6e8f93dcc7a42d29

PTAL @andrewhsu @thaJeztah

arkodg

comment created time in a month

PR opened docker/engine

Bump Swarmkit to f35d9100f2c6ac810cc8d7de6e8f93dcc7a42d29
  1. Includes: https://github.com/docker/swarmkit/pull/2891

  2. Edited TestServiceWithDefaultAddressPoolInit to validate dynamic ingress network subnet

Signed-off-by: Arko Dasgupta arko.dasgupta@docker.com

<!-- Please make sure you've read and understood our contributing guidelines; https://github.com/moby/moby/blob/master/CONTRIBUTING.md

** Make sure all your commits include a signature generated with git commit -s **

For additional information on our contributing process, read our contributing guide https://docs.docker.com/opensource/code/

If this is a bug fix, make sure your description includes "fixes #xxxx", or "closes #xxxx"

Please provide the following information: -->

- What I did

- How I did it

- How to verify it

- Description for the changelog <!-- Write a short (one line) summary that describes the changes in this pull request for inclusion in the changelog: -->

- A picture of a cute animal (not mandatory but encouraged)

+9 -7

0 comment

3 changed files

pr created time in a month

create barncharkodg/moby

branch : 19.03

created branch time in a month

issue commentdocker/for-linux

DOCKER-USER iptables chain missing in 19.03.3

@dougburks we are yet to make a decision We will be mentioning the issue in the Docker Docs soon with the above workaround. Thanks for highlighting this regression

dougburks

comment created time in a month

pull request commentdocker/libnetwork

Add DOCKER-USER chain when iptables=true is set

yah, I wanted to decide where to put the code before I added a TC, added one now

arkodg

comment created time in a month

push eventarkodg/libnetwork

Arko Dasgupta

commit sha 6df0cfd5637c8a7c6340d180759065feee5d7cf7

Add TC for making sure DOCKER-USER exists Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

push time in a month

pull request commentmoby/moby

Add TC to check dynamic subnet for ingress network

@thaJeztah I don't think its hanging but getting killed after the Jenkins Timeout of 2h, can we please extend it and retry

arkodg

comment created time in a month

Pull request review commentdocker/libnetwork

Add DOCKER-USER chain when iptables=true is set

 const ( 	vethLen                    = 7 	defaultContainerVethPrefix = "eth" 	maxAllocatePortAttempts    = 10+	userChain                  = "DOCKER-USER"

AFAIK from https://github.com/moby/moby/blob/ad1b781e44fa1e44b9e654e5078929aec56aed66/daemon/config/config_unix.go#L50 and https://github.com/docker/libnetwork/commit/9c6ab12376158c9f687f61463cf8c1429af17a05 EnableIPTables is specific to bridge

arkodg

comment created time in a month

Pull request review commentdocker/libnetwork

Add DOCKER-USER chain when iptables=true is set

 func (d *driver) configure(option map[string]interface{}) error { 		} 		// Make sure on firewall reload, first thing being re-played is chains creation 		iptables.OnReloaded(func() { logrus.Debugf("Recreating iptables chains on firewall reload"); setupIPChains(config) })++		// Add DOCKER-USER chain+		arrangeUserFilterRule()

AFAIK bridge is for linux only

arkodg

comment created time in a month

push eventarkodg/moby

Arko Dasgupta

commit sha f6313e54101bf03b4d85fb45de53a23242ab8540

Add TC to check dyanmic subnet for ingress network Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

Arko Dasgupta

commit sha 9d374472b352c0b151522e30a143b7491837dbe6

Bump Swarmkit to d509e31c1fda18ef8224ffd19a34b4aaaff7c4da Full comparison at - https://github.com/docker/swarmkit/compare/7dded76ec532741c1ad9736cd2bb6d6661f0a386...d509e31c1fda18ef8224ffd19a34b4aaaff7c4da?diff=unified https://github.com/docker/swarmkit/commit/d5df26594f5b74a9de41e376206c36abffc961fe Only update non-terminal tasks on node removal. https://github.com/docker/swarmkit/commit/f1fb59c9e831075160c58f10c71a333125e37c67 Merge pull request #2867 from dperny/orphan-fewer-tasks https://github.com/docker/swarmkit/commit/daf87201f686710974b282d4c0b0c8422e55dac9 Bump Golang 1.11.13 https://github.com/docker/swarmkit/commit/be528e80a841ae89e1bd7539201f12c4de496ab3 Bump Golang 1.12.9 https://github.com/docker/swarmkit/commit/43fac9c8049f7dd2ae42d87f60d2a88f86f63853 Update tests for new output with Go 1.12 https://github.com/docker/swarmkit/commit/42085d2f8e43a3ed90ed289d3f3ed3de57837100 YOLO see if this works https://github.com/docker/swarmkit/commit/958d149179db019aef3a065f23b35455b2dd54ca Merge pull request #2880 from thaJeztah/bump_golang https://github.com/docker/swarmkit/commit/9562ffc58d55bc9aad8445a84d4953d661cd91db Bump vendoring to match current docker/docker master https://github.com/docker/swarmkit/commit/e0f62d18ab5fcb3afc8b0ecdc6d33a020b8128c7 Merge pull request #2886 from dperny/bump-vendoring https://github.com/docker/swarmkit/commit/9ccb20b27fa9a0e7b88800d7e196fa030da2a6a7 Remove hardcoded IPAM config subnet value for ingress network https://github.com/docker/swarmkit/commit/a8bbe7de43b42fc3a8430819ed577e1218dc64aa Merge pull request #2890 from arkodg/remove-ingress-hardcoded-subnet https://github.com/docker/swarmkit/commit/a4e520aff16b607c0cf5558fbcfc0dc2cf41d9d8 Fix nil pointer deref in dump-snapshot --redacted https://github.com/docker/swarmkit/commit/8a69c0da0d0f002c4d6b4611aa4f1e40f5ccd659 Merge pull request #2897 from trapier/dump-snapshot-redacted-nil-deref https://github.com/docker/swarmkit/commit/dfe3c44f35c0d845ed3934c23e63aa7006eaac64 bump dustin/go-humanize v1.0.0 https://github.com/docker/swarmkit/commit/12eaba61051a1bac6803735a5c473e7c0ef5c23a bump beorn7/perks v1.0.1 https://github.com/docker/swarmkit/commit/8eb38c8c345ac7be26dfaf2bf7de16b1cb291f17 Merge pull request #2904 from thaJeztah/bump_beorn7_perks_1.0.1 https://github.com/docker/swarmkit/commit/d509e31c1fda18ef8224ffd19a34b4aaaff7c4da Merge pull request #2903 from thaJeztah/bump_go_humanize_1.0.0 Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

push time in a month

pull request commentdocker/libnetwork

Add DOCKER-USER chain when iptables=true is set

@selansen because this piece of code correctly deciphers whether enableIPTables is set or not and this is where we take care of fundamental things like enable ip_forwarding

arkodg

comment created time in a month

push eventarkodg/libnetwork

Arko Dasgupta

commit sha 85b7850f15c57e55ec50f434c9f0168eca34b41d

Add DOCKER-USER chain when iptables=true is set This PR fixes the regression introduced by https://github.com/docker/libnetwork/pull/2339 to correctly insert the DOCKER-USER chain if iptables=true is set in the Daemon config Addresses : https://github.com/docker/for-linux/issues/810 Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

push time in a month

pull request commentdocker/libnetwork

Add DOCKER-USER chain when iptables=true is set

PTAL @selansen @mavenugo @joeabbey

arkodg

comment created time in a month

PR opened docker/libnetwork

Add DOCKER-USER chain when iptables=true is set

This PR fixes the regression introduced by https://github.com/docker/libnetwork/pull/2339 to correctly insert the DOCKER-USER chain if iptables=true is set in the Daemon config

Signed-off-by: Arko Dasgupta arko.dasgupta@docker.com

+29 -79

0 comment

5 changed files

pr created time in a month

create barncharkodg/libnetwork

branch : fix-user-chain

created branch time in a month

issue commentdocker/for-linux

DOCKER-USER iptables chain missing in 19.03.3

@dougburks I can see reproduce this issue as well

Can you please add these rules manually for now before you insert your user rules

iptables -N DOCKER-USER
iptables -A FORWARD -j DOCKER-USER
iptables -A DOCKER-USER -j RETURN

Working on the fix right now

dougburks

comment created time in a month

Pull request review commentdocker/libnetwork

Fix panic in drivers/overlay/encryption.go

 func (d *driver) updateKeys(newKey, primary, pruneKey *key) error { 		} 	} +	d.secMapWalk(func(rIPs string, spis []*spi) ([]*spi, bool) {+		rIP := net.ParseIP(rIPs)+		return updateNodeKey(lIP, aIP, rIP, spis, d.keys, newIdx, priIdx, delIdx), false+	})+ 	if (newKey != nil && newIdx == -1) || 		(primary != nil && priIdx == -1) ||

@suwang48404 if we revert the append we will not be able to find the key in the slice when we get an update to delete the key, resulting in a similar error :)

arkodg

comment created time in a month

pull request commentdocker/libnetwork

Fix panic in drivers/overlay/encryption.go

@dani-docker this is part 1 of the solution. We need to eventually send a KeyConfiguration Notification similar to https://github.com/docker/libnetwork/blob/d8d4c8cf03d7d036a76d5470553cd8753e522a99/agent.go#L329 when the agent reconnects so that the decryption issue can be resolved in 1 key rotation interval and not 3 :)

arkodg

comment created time in a month

PR opened docker/libnetwork

Fix panic in drivers/overlay/encryption.go

Issue - "index out of range" panic in drivers/overlay/encryption.go:539 due to a mismatch in indices between curKeys and spis due to case where updateKeys might bail out error due to an error and not update the spis

Fix - Update the spis slice even in the case of an error

Signed-off-by: Arko Dasgupta arko.dasgupta@docker.com

+5 -5

0 comment

1 changed file

pr created time in a month

create barncharkodg/libnetwork

branch : fix-key-spi-panic

created branch time in a month

push eventarkodg/moby

Arko Dasgupta

commit sha d6e00a9f3a783cfe89657c1fa0b149de74434f9a

Add checks to fix LiveRestore TestCases Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

push time in a month

pull request commentmoby/moby

Support host.docker.internal in dockerd on Linux

@cpuguy83 the above PR attempts to route host-docker-internal to the Host, and so the default network's IP is a convenient way to retrieve that, AFAIK default network is always based off the bridge driver and not macvlan . In case the default bridge is disabled, these entries will not be added

arkodg

comment created time in a month

push eventarkodg/moby

Arko Dasgupta

commit sha 61b4e98cf9169e5ca088a1e38ee4168e5cba07a9

Add checks to fix LiveRestore TestCases Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

push time in a month

issue commentmoby/moby

validate net-alias config

TestConflictContainerNetworkAndLinks and TestConflictContainerNetworkHostAndLinks

andrewhsu

comment created time in a month

Pull request review commentmoby/moby

Support host.docker.internal in dockerd on Linux

 func installCommonConfigFlags(conf *config.Config, flags *pflag.FlagSet) error { 	flags.Var(opts.NewListOptsRef(&conf.DNS, opts.ValidateIPAddress), "dns", "DNS server to use") 	flags.Var(opts.NewNamedListOptsRef("dns-opts", &conf.DNSOptions, nil), "dns-opt", "DNS options to use") 	flags.Var(opts.NewListOptsRef(&conf.DNSSearch, opts.ValidateDNSSearch), "dns-search", "DNS search domains to use")+	flags.BoolVar(&conf.DNSResolveDockerHost, "dns-resolve-docker-host", true, "dockerd will resolve the host.docker.internal DNS name if set to true")

dns-resolve-docker-host=false (In Daemon config) && --add-host host.docker.internal=<some-IP> would address your concern

There is no ideal answer (I have raised the same questions), but apparently many developers want parity across OSs with the same Compose file and this PR attempts to do that

arkodg

comment created time in a month

Pull request review commentmoby/moby

Support host.docker.internal in dockerd on Linux

 func installCommonConfigFlags(conf *config.Config, flags *pflag.FlagSet) error { 	flags.Var(opts.NewListOptsRef(&conf.DNS, opts.ValidateIPAddress), "dns", "DNS server to use") 	flags.Var(opts.NewNamedListOptsRef("dns-opts", &conf.DNSOptions, nil), "dns-opt", "DNS options to use") 	flags.Var(opts.NewListOptsRef(&conf.DNSSearch, opts.ValidateDNSSearch), "dns-search", "DNS search domains to use")+	flags.BoolVar(&conf.DNSResolveDockerHost, "dns-resolve-docker-host", true, "dockerd will resolve the host.docker.internal DNS name if set to true")

@thaJeztah the hard coding can always be removed by setting dns-resolve-docker-host=false if someone wants to be change this

arkodg

comment created time in a month

push eventarkodg/moby

Kamil Domański

commit sha 186e22d26e7cf6e4d6f718257c653e496850914a

include IPv6 address of linked containers in /etc/hosts Signed-off-by: Kamil Domański <kamil@domanski.co>

view details

Brian Goff

commit sha a5f237c2b54177ffe45cf371461db1892e092452

Use FILE_SHARE_DELETE for log files on Windows. This fixes issues where one goroutine tries to delete or rename a file while another goroutine has the file open (e.g. a log reader). Signed-off-by: Brian Goff <cpuguy83@gmail.com>

view details

Sebastiaan van Stijn

commit sha 23457f05a9e15e2c9d78c0df407783ed1b1fc33b

Update mailmap and authors Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Akihiro Suda

commit sha 9adc7bb379a1c310b167c1c60e74b63713d381a9

Merge pull request #40020 from thaJeztah/update_mailmap_authors Update mailmap and authors

view details

Sebastiaan van Stijn

commit sha 48353e16fe4bc06764ceb6bced0fbe832803ede4

Temporarily switch docker-py to "master" The docker-py tests were broken, because the version of py-test that was used, used a dependency that had a new major release with a breaking change. Unfortunately, it was not pinned to a specific version, so when the dependency did the release, py-test broke; ``` 22:16:47 Traceback (most recent call last): 22:16:47 File "/usr/local/bin/pytest", line 10, in <module> 22:16:47 sys.exit(main()) 22:16:47 File "/usr/local/lib/python3.6/site-packages/_pytest/config/__init__.py", line 61, in main 22:16:47 config = _prepareconfig(args, plugins) 22:16:47 File "/usr/local/lib/python3.6/site-packages/_pytest/config/__init__.py", line 182, in _prepareconfig 22:16:47 config = get_config() 22:16:47 File "/usr/local/lib/python3.6/site-packages/_pytest/config/__init__.py", line 156, in get_config 22:16:47 pluginmanager.import_plugin(spec) 22:16:47 File "/usr/local/lib/python3.6/site-packages/_pytest/config/__init__.py", line 530, in import_plugin 22:16:47 __import__(importspec) 22:16:47 File "/usr/local/lib/python3.6/site-packages/_pytest/tmpdir.py", line 25, in <module> 22:16:47 class TempPathFactory(object): 22:16:47 File "/usr/local/lib/python3.6/site-packages/_pytest/tmpdir.py", line 35, in TempPathFactory 22:16:47 lambda p: Path(os.path.abspath(six.text_type(p))) 22:16:47 TypeError: attrib() got an unexpected keyword argument 'convert' ``` docker-py master has a fix for this (bumping the version of `py-test`), but it's not in a release yet, and the docker cli that's used in our CI is pinned to 17.06, which doesn't support building from a remote git repository from a specific git commit. To fix the immediate situation, this patch switches the docker-py tests to run from the master branch. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha a4a82bb0ee64f26760f31fdeb80ae4f80dbb1daf

Merge pull request #40030 from thaJeztah/bump_docker_py Temporarily switch docker-py to "master"

view details

Sebastiaan van Stijn

commit sha 97aa82d2c76cc7fef5920b3bf49e969c4b90faa4

integration-cli: prevent out of range in TestEventsContainerEvents Prevents the test from panicking; ``` --- FAIL: TestDockerSuite/TestEventsContainerEvents (1.19s) suite.go:65: test suite panicked: runtime error: slice bounds out of range [:5] with capacity 4 goroutine 3978 [running]: runtime/debug.Stack(0xc0026e3908, 0x1ad9bc0, 0xc0008100c0) /usr/local/go/src/runtime/debug/stack.go:24 +0x9d github.com/docker/docker/internal/test/suite.failOnPanic(0xc00185e600) /go/src/github.com/docker/docker/internal/test/suite/suite.go:65 +0x57 panic(0x1ad9bc0, 0xc0008100c0) /usr/local/go/src/runtime/panic.go:679 +0x1b2 github.com/docker/docker/integration-cli.(*DockerSuite).TestEventsContainerEvents(0x2f7d7a8, 0xc00185e600) /go/src/github.com/docker/docker/integration-cli/docker_cli_events_test.go:89 +0x3c5 reflect.Value.call(0xc0000c4f00, 0xc0008036c0, 0x13, 0x1bfd18b, 0x4, 0xc000e8df30, 0x2, 0x2, 0xc00075c618, 0x40d903, ...) /usr/local/go/src/reflect/value.go:460 +0x5f6 reflect.Value.Call(0xc0000c4f00, 0xc0008036c0, 0x13, 0xc00075c730, 0x2, 0x2, 0xf, 0x0, 0x0) /usr/local/go/src/reflect/value.go:321 +0xb4 github.com/docker/docker/internal/test/suite.Run.func2(0xc00185e600) /go/src/github.com/docker/docker/internal/test/suite/suite.go:57 +0x2c2 testing.tRunner(0xc00185e600, 0xc0008dbea0) /usr/local/go/src/testing/testing.go:909 +0xc9 created by testing.(*T).Run /usr/local/go/src/testing/testing.go:960 +0x350 ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Tibor Vass

commit sha 6ca3ec88ae9e1435abbed665ec598c00058659da

builder: remove legacy build's session handling This feature was used by docker build --stream and it was kept experimental. Users of this endpoint should enable BuildKit anyway by setting Version to BuilderBuildKit. Signed-off-by: Tibor Vass <tibor@docker.com>

view details

Tibor Vass

commit sha 3c548254a2720f2c02ae47daea264a71e357eb6b

Merge pull request #39983 from tiborvass/rm-legacy-build-session builder: remove legacy build's session handling

view details

Sebastiaan van Stijn

commit sha 5e7d0f0b47a21cc125eb1afc63c0de59f8fc1572

Merge pull request #40026 from thaJeztah/fix_TestEventsContainerEvents_panic integration-cli: prevent out of range in TestEventsContainerEvents

view details

Sebastiaan van Stijn

commit sha 5a703ccb469c1bd2c75d80ed9891c432078db316

bump docker-py to 4.1.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Evan Hazlett

commit sha 35ac4be5d5cceb95eab8037a02e6f8f3a0ec4288

add NewContainerOpts to libcontainerd.Create Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

view details

Sebastiaan van Stijn

commit sha 7019b60d0d6f3d69e6ccf481ca0a912905a9c1d7

Jenkinsfile: set repo and branch, to assist validate_diff() This is a continuation of 2a08f33166247da9d4c09d4c6c72cbb8119bf8df; When running CI in other repositories (e.g. Docker's downstream docker/engine repository), or other branches, the validation scripts were calculating the list of changes based on the wrong information. This lead to weird failures in CI in a branch where these values were not updated ':-) (CI on a pull request failed because it detected that new tests were added to the deprecated `integration-cli` test-suite, but the pull request did not actually make changes in that area). This patch uses environment variables set by Jenkins to sets the correct target repository (and branch) to compare to. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Kirill Kolyshkin

commit sha 3d0eb21ddb76bb1a6b963aa5f9748c95e37ac753

Merge pull request #40034 from thaJeztah/bump_docker_py_4.1.0 bump docker-py to 4.1.0

view details

Sebastiaan van Stijn

commit sha 37760f0c2b4f8c8f5124ca5cd1b74e08cbf73d1f

Merge pull request #39974 from cpuguy83/fix_windows_file_handles Use FILE_SHARE_DELETE for log files on Windows.

view details

Tõnis Tiigi

commit sha cd19a333c8cf592e776eedefea69e6e62cbb1cfa

Merge pull request #39837 from kdomanski/linked-ipv6 include IPv6 address of linked containers in /etc/hosts

view details

Sebastiaan van Stijn

commit sha ac51b18339e92bdd9cd5e02851d6505c30cf0d73

Re-run vndr to fix master Pull requests started failing because vendoring didn't match; ``` The result of vndr differs D vendor/golang.org/x/sync/singleflight/singleflight.go Please vendor your package with github.com/LK4D4/vndr. ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha 1ac36a6b30b71721dae5c47413d2c23ec52f0228

Merge pull request #40035 from thaJeztah/do_the_right_diff_do_the_right_diff Jenkinsfile: set repo and branch, to assist validate_diff()

view details

Tibor Vass

commit sha c5c6b23ee8f7d7fcb78a49588734c226d9a09fb6

Merge pull request #40037 from thaJeztah/fix_vendoring Re-run vndr to fix master

view details

Akihiro Suda

commit sha de5a67156b5eed287883958b60b0c08dacfc7332

Merge pull request #39082 from ehazlett/opts-for-create Add NewContainerOpts to libcontainerd.Create

view details

push time in a month

delete branch arkodg/libnetwork

delete branch : fix-flaky-tests

delete time in a month

push eventarkodg/moby

Evan Hazlett

commit sha 35ac4be5d5cceb95eab8037a02e6f8f3a0ec4288

add NewContainerOpts to libcontainerd.Create Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

view details

Akihiro Suda

commit sha de5a67156b5eed287883958b60b0c08dacfc7332

Merge pull request #39082 from ehazlett/opts-for-create Add NewContainerOpts to libcontainerd.Create

view details

Arko Dasgupta

commit sha f6313e54101bf03b4d85fb45de53a23242ab8540

Add TC to check dyanmic subnet for ingress network Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

Arko Dasgupta

commit sha 7431bb314459445032f11039e84bbc60f24918d9

Bump Swarmkit to a8bbe7de43b42fc3a8430819ed577e1218dc64aa full diff: docker/swarmkit@7dded76...a8bbe7d changes included: - docker/swarmkit#2867 Only update non-terminal tasks on node removal - related to docker/swarmkit#2806 Fix leaking task resources when nodes are deleted - docker/swarmkit#2880 Bump to golang 1.12.9 - docker/swarmkit#2886 Bump vendoring to match current docker/docker master - regenerates protobufs - docker/swarmkit#2890 Remove hardcoded IPAM config subnet value for ingress network - fixes [ENGORC-2651] Specifying --default-addr-pool for docker swarm init is not picked up by ingress network Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

push time in a month

push eventarkodg/libnetwork

Arko Dasgupta

commit sha 516d973d1103c588c64b7a9d3e0aa59c33ef7386

Fix flaky NetworkDB tests Fixed these tests : 1.TestNetworkDBIslands Addresses : https://github.com/docker/libnetwork/issues/2402 2.TestNetworkDBCRUDMediumCluster Addresses : https://github.com/docker/libnetwork/issues/2401 By : 1. Importing gotest.tools/poll to use poll.WaitOn Above function can be used to check a condition at regular intervals until a timeout is reached 2. Replacing Sleep with poll.WaitOn 2. Adding closeNetworkDBInstances to close remaining DBs Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>

view details

push time in a month

issue commentmoby/moby

RHEL 8 officially supported by docker-ce/docker-ee ?

There are no issues from a correctness perspective wrt Docker andiptables-nft (which RHEL 8 has installed) . But it has introduced some slowness due to the extra translation layer which I believe @unclejack was looking into (by possibly intelligently circumventing the iptables layer and using nft directly ), can't find the thread right now

taclano

comment created time in a month

more