profile
viewpoint
Kirill Kolyshkin kolyshkin @docker East Renton Highlands, WA, USA

pull request commentmoby/moby

logger/gelf: use compression level 0 by default

OK, some more testing showed that using gelf-compression-level: 0 is not making things better, dockerd CPU usage stays about the same, and the CPU profiles collected with pprof does not differ much from each other. Changing gelf-compression-type to none changes things dramatically (as described in earlier comments).

Apparently that happens since most of the CPU time is spent not on compression itself, but rather go runtime (allocation and garbage collection). Looks like gzipping a lot of small data objects is inefficient.

Given the fact that the support for uncompressed input has only made its way to logstash very recently (see https://github.com/moby/moby/pull/40101#issuecomment-553047340), we can't change the default to be gelf-compression-type: none without the risk of breaking users.

Seems like the only option left is to recommend disabling gelf compression in docs.

kolyshkin

comment created time in 4 hours

pull request commentmoby/moby

logger/gelf: use compression level 0 by default

Took a while to figure out how to test it. Here's how:

LOGSTASH_VERSION=7.3.1
docker run --rm -it -p 127.0.0.1:12201:12201/udp docker.elastic.co/logstash/logstash:${LOGSTASH_VERSION} bin/logstash -e 'input { gelf {} }'
# in another terminal window
docker run --rm --log-driver=gelf --log-opt=gelf-address=udp://127.0.0.1:12201 --log-opt=gelf-compression-type=gzip --log-opt=gelf-compression-level=0 alpine echo hahaha

Using the above test, found out that

  • gelf-compression-type=none is not working with logstash < 7.4.0 (7.3.1 was tested)
  • gelf-compression-type=none works with logstash >= 7.4.0 (7.4.2 was tested)
  • gelf-compression-type=gzip --log-opt=gelf-compression-level=0 works with all versions (7.3.1 and 7.4.2 were tested)
kolyshkin

comment created time in 5 hours

pull request commentmoby/moby

logger/gelf: use compression level 0 by default

So, the "Compression: none" only works since logstash-input-gelf 3.3.0 (https://rubygems.org/gems/logstash-input-gelf/versions/3.3.0), which is included in logstash 7.4.0, released Oct 1, 2019 (https://www.elastic.co/guide/en/logstash/7.4/logstash-7-4-0.html).

This means we can't disable compression now since I'm afraid many users still haven't updated logstash to >= 7.4.

Now we need to check whether setting "compression-level: 0" works with older logstash

kolyshkin

comment created time in 11 hours

pull request commentlogstash-plugins/logstash-input-gelf

Update gelfd dependecy to allow uncompressed input

This made its way to logstash 7.4, released Oct 1, 2019 https://www.elastic.co/guide/en/logstash/7.4/logstash-7-4-0.html

ptqa

comment created time in 11 hours

issue commentlogstash-plugins/logstash-input-gelf

I suggest to append some note in Gelf input plugin documentation: only UDP + gzipped message support

Information about plugin only accepting gzipped input was added in https://github.com/logstash-plugins/logstash-input-gelf/pull/28

The fix to this input plugin to accept uncompressed input was merged in #48, so it is fixed in 3.3.0 release: https://github.com/logstash-plugins/logstash-input-gelf/commit/76c111f32160c5c92c6f440d7ac5f73af68e57f7

This issue can be closed now.

harobed

comment created time in 11 hours

pull request commentmoby/moby

Adding the ability to configure default capabilities

@burnMyDread I think you need to rebase this on top of the current master first.

burnMyDread

comment created time in 3 days

pull request commentmoby/moby

Check for OS Type and skip within the test

Hey @vikramhh, can you please add some prefix to this PR (and maybe commit as well). The current subject ("Check for OS Type and skip within the test") looks way too generic.

I suggest volume plugin tests: or something like that

vikramhh

comment created time in 3 days

pull request commentmoby/moby

Move package versions to ARGs in Dockerfile

Left a few comments. The last commit is marked as WIP, so marking the whole PR as WIP for now.

thaJeztah

comment created time in 3 days

Pull request review commentmoby/moby

Move package versions to ARGs in Dockerfile

 RUN --mount=type=cache,target=/root/.cache/go-build \         && GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \            go build -buildmode=pie -o /build/registry-v2 github.com/docker/distribution/cmd/registry \         && case $(dpkg --print-architecture) in \-               amd64|ppc64*|s390x) \+               amd64|armhf|ppc64*|s390x) \

I can't understand why this is change in this commit

thaJeztah

comment created time in 3 days

Pull request review commentmoby/moby

Move package versions to ARGs in Dockerfile

 #!/bin/sh -: ${VNDR_COMMIT:=f5ab8fc5fb64d66b5c6e55a0bcb58b2e92362fa0}- install_vndr() {+	: "${VNDR_COMMIT?}"+	: "${PREFIX?}"+ 	echo "Install vndr version $VNDR_COMMIT" 	git clone https://github.com/LK4D4/vndr.git "$GOPATH/src/github.com/LK4D4/vndr"-	cd "$GOPATH/src/github.com/LK4D4/vndr"+	cd "$GOPATH/src/github.com/LK4D4/vndr" || return

There's no need to have this || return, since we do set -e in hack/dockerfile/install/install.sh.

Same in other places.

thaJeztah

comment created time in 3 days

pull request commentmoby/moby

logger/gelf: use no compression by default

@ingshtrom the alternative is to set compression level to 0. In this case, no compression is performed but the data is still wrapped in gzip format.

Is it possible that you test that change?

kolyshkin

comment created time in 4 days

push eventkolyshkin/moby

Hannes Ljungberg

commit sha 4d09fab232ed282d020afbe1e0935b53379df4ad

Update service networks documentation The previous description stated that an array of names / ids could be passed when the API in reality expects objects in the form of NetworkAttachmentConfig. This is fixed by updating the description and adding a definition for NetworkAttachmentConfig. Signed-off-by: Hannes Ljungberg <hannes@5monkeys.se>

view details

Daniel Black

commit sha 7b4b940470ee34c96bf434b810e4cd5ca2e68182

/containers/{id}/json missing Platform To match ContainerJSONBase api/types/types.go Signed-off-by: Daniel Black <daniel@linux.ibm.com>

view details

Sebastiaan van Stijn

commit sha 6756f5f378d0f4f9efbda50fabb5bfdef2e5c4a7

API: update docs that /session left experimental in V1.39 The `/session` endpoint left experimental in API V1.39 through 239047c2d36706f2826b0a9bc115e0a08b1c3d27 and 01c9e7082eba71cbe60ce2e47acb9aad2c83c7ef, but the API reference was not updated accordingly. This updates the API documentation to match the change. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Tibor Vass

commit sha fbdd437d295595e88466b33a550a8707b9ebb709

daemon/config: fix filter type in BuildKit GC config For backwards compatibility, the old incorrect object format for builder.GC.Rule.Filter still works but is deprecated in favor of array of strings akin to what needs to be passed on the CLI. Signed-off-by: Tibor Vass <tibor@docker.com>

view details

Tibor Vass

commit sha 85733620ebea3da75abe7d732043354aa0883f8a

daemon/config: add MarshalJSON for future proofing If anything marshals the daemon config now or in the future this commit ensures the correct canonical form for the builder GC policies' filters. Signed-off-by: Tibor Vass <tibor@docker.com>

view details

Justen Martin

commit sha 3b49bd1d840d64ec603333eae28655b9ff5edc0c

replaced call to deprecated grpc method WithDialer with WithContextDialer Signed-off-by: Justen Martin <jmart@the-coder.com>

view details

Brian Goff

commit sha bef73d8b0721ae60dfc6ab6875328ffa9adbda49

Wait for c8d process exit instead of polling API In the containerd supervisor, instead of polling the healthcheck API every 500 milliseconds we can just wait for the process to exit. Signed-off-by: Brian Goff <cpuguy83@gmail.com>

view details

Brian Goff

commit sha 1e000435e60da678f3cb44ce4e5153d70328742c

Merge pull request #40096 from cpuguy83/c8d_no_healthcheck_loop Wait for c8d process exit instead of polling API

view details

Sebastiaan van Stijn

commit sha 05469b5fa2b48cf20cd0137ca8c45645b63049ff

daemon: add "isWindows" const Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha 301a2fbeca2a4285335946c4a914b05f71cbb978

builder/dockerfile/mockbackend_test.go: suppress SA9005 (staticcheck) ``` builder/dockerfile/mockbackend_test.go:107:21: SA9005: struct doesn't have any exported fields, nor custom marshaling (staticcheck) return json.Marshal(rawImage(*i)) ^ ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha 94647b5d8609b28ba807ec41b3ed198838dcaecf

graphdriver/aufs: SA4021: x = append(y) is equivalent to x = y (staticcheck) ``` daemon/graphdriver/aufs/aufs_test.go:746:8: SA4021: x = append(y) is equivalent to x = y (staticcheck) ids = append(ids[2:]) ^ ``` Also pre-allocating the ids slice while we're at it. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha ec1fd4b1b0401fad3d03654c16057712aff34e29

distribution: SA4021: x = append(y) is equivalent to x = y (staticcheck) ``` distribution/push_v2_test.go:552:29: SA4021: x = append(y) is equivalent to x = y (staticcheck) return nil, errcode.Errors(append([]error{errcode.ErrorCodeUnauthorized.WithMessage("unauthorized")})) ^ ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha 5f47cef514acba3d0fa0856064057d4c7f218c31

fix nolint comments for SA1019: filters.ToParamWithVersion is deprecated The old nolint comment didn't seem to work anymore; ``` client/container_list.go:39:22: SA1019: filters.ToParamWithVersion is deprecated: do not use in any new code; use ToJSON instead (staticcheck) client/events.go:94:22: SA1019: filters.ToParamWithVersion is deprecated: do not use in any new code; use ToJSON instead (staticcheck) client/image_list.go:28:22: SA1019: filters.ToParamWithVersion is deprecated: do not use in any new code; use ToJSON instead (staticcheck) ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha 1f7beb85949c4c31b3b5874510531021d5a2b45b

daemon/events/testutils: remove redundant variable Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha 04fcb6cfbf0d3419891af82e26d963f22b248fa4

pkg/jsonmessage: fix SA1006: printf-style function with no arguments Also fixed some incorrectly formatted comments ``` pkg/jsonmessage/jsonmessage.go:180:20: SA1006: printf-style function with dynamic format string and no further arguments should use print-style function instead (staticcheck) fmt.Fprintf(out, endl) ^ ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha cba180cac9de350dc5cf9ab9036401e6f44ff339

graphdriver/btrfs: SA4003: no value of type uint64 is less than 0 (staticcheck) ``` daemon/graphdriver/btrfs/btrfs.go:609:5: SA4003: no value of type uint64 is less than 0 (staticcheck) if driver.options.size <= 0 { ^ ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha 6d9c219c549ba9e6b48e945dce3c9e4e64214850

daemon: S1033: unnecessary guard around call to delete (gosimple) ``` daemon/container_operations.go:787:2: S1033: unnecessary guard around call to delete (gosimple) if _, ok := container.NetworkSettings.Networks[n.ID()]; ok { ^ ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha af3bbcc00ceb0197bd22c46666affcf1a9724479

aufs: SA4011: did you mean to break out of the outer loop? (staticcheck) As caught by staticcheck (after disabling the default exclusion rules); Based on the comment, this break was indeed meant to break the loop and return the error. ``` daemon/graphdriver/aufs/mount.go:54:4: SA4011: ineffective break statement. Did you mean to break out of the outer loop? (staticcheck) break ^ ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha 4840fd895328da757bd67b6be212f86cae8f93eb

pkg/mount: SA4011: ineffective break statement (staticcheck) ``` pkg/mount/mountinfo_linux.go:93:5: SA4011: ineffective break statement. Did you mean to break out of the outer loop? (staticcheck) break ^ ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha 47502344b9aab6919f0b426e037b68e899735abd

golangci-lint: update exclusion rules for todo's Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

push time in 4 days

pull request commentmoby/moby

Update README.md

@SREELAKSHMI-NAYATH can you please sign your commit?

SREELAKSHMI-NAYATH

comment created time in 4 days

pull request commentmoby/moby

Bump Golang 1.13.4

Rerun CI since it failed earlier because the golang image was not available at the time

tao12345666333

comment created time in 4 days

issue commentmoby/moby

Flaky test: TestCreateServiceConfigFileMode

Got a different failure on s390 (https://github.com/moby/moby/pull/40194)

[2019-11-08T20:17:13.312Z] === Failed [2019-11-08T20:17:13.312Z] === FAIL: s390x.integration.service TestCreateServiceConfigFileMode (8.89s) [2019-11-08T20:17:13.312Z] create_test.go:329: assertion failed: 2 (int) != 1 (int)

kolyshkin

comment created time in 4 days

pull request commentmoby/moby

overlay[2] graphdriver: Fix/improve overlayfs support check for rootless

fixed bad import statement (my system still had old github.com/Sirupsen/logrus)

kolyshkin

comment created time in 4 days

push eventkolyshkin/moby

Yong Tang

commit sha f09dc2f4fc68c0e622797404763b757739b79aaa

Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid This fix tries to address the issue raised in 39353 where docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid. The issue was that, mapping to `/etc/sub[u,g]id` in docker does not allow numeric ID. This fix fixes the issue by probing other combinations (uid:groupname, username:gid, uid:gid) when normal username:groupname fails. This fix fixes 39353. Signed-off-by: Yong Tang <yong.tang.github@outlook.com>

view details

Sebastiaan van Stijn

commit sha 9cf349d0f80d2399cdfad0321e0f181c2e7efa17

bump libnetwork 90afbb01e1d8acacb505a092744ea42b9f167377 full diff: https://github.com/docker/libnetwork/compare/0025177e3dabbe0de151be0957dcaff149d43536...90afbb01e1d8acacb505a092744ea42b9f167377 includes: - docker/libnetwork#/2459 Fix Error Check in NewNetwork - docker/libnetwork#/2466 Revert "Merge pull request #2339 from phyber/iptables-check" - reverts docker/libnetwork#/2339 controller: Check if IPTables is enabled for arrangeUserFilterRule - re-opens docker/libnetwork#2158 dockerd when run with --iptables=false modifies iptables by adding DOCKER-USER - re-opens moby/moby#35777 With iptables=false dockerd still creates DOCKER-USER chain and rules - re-opens docker/for-linux#136 dockerd --iptables=false adds DOCKER-USER chain and modify FORWARD chain anyway Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha 1a88e0255496ca8a5ffa70e845da43381c7fc8ea

Merge pull request #39764 from yongtang/39353-subgid-subuid Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid

view details

Tibor Vass

commit sha 36ffe9edc2b37a5154633f3fbc260217114039d4

Merge pull request #40192 from thaJeztah/bump_libnetwork bump libnetwork 90afbb01e1d8acacb505a092744ea42b9f167377

view details

Kir Kolyshkin

commit sha d5687079ad8ad27c467ef5c8758a73c519b45d9b

overlay: move supportsMultipleLowerDir to utils This moves supportsMultipleLowerDir() to overlayutils so it can be used from both overlay and overlay2. The only changes made were: * replace logger with logrus * don't use workDirName mergedDirName constants * add mnt var to improve readability a bit This is a preparation for the next commit. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 649e4c88899878c9cdf9036f6bc7d62e2b39c04b

Fix/improve overlay support check Before this commit, overlay check was performed by looking for `overlay` in /proc/filesystem. This obviously might not work for rootless Docker (fs is there, but one can't use it as non-root). This commit changes the check to perform the actual mount, by reusing the code previously written to check for multiple lower dirs support. The old check is removed from both drivers, as well as the additional check for the multiple lower dirs support in overlay2 since it's now a part of the main check. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 4 days

pull request commentmoby/moby

Improve rootless Docker overlay support detection

There is already code like this in overlay2, please see #35527

I suggest to reuse that code instead. We can add an option to try multiple lower dirs, move the code into overlayutils, and use it from both overlay and overlay2.

Here it is: https://github.com/moby/moby/pull/40194

Caligatio

comment created time in 5 days

pull request commentmoby/moby

overlay[2] graphdriver: Fix/improve overlayfs support check for rootless

@Caligatio could you test this?

@thaJeztah @dmcgowan PTAL

kolyshkin

comment created time in 5 days

PR opened moby/moby

Reviewers
overlay[2] graphdriver: Fix/improve overlayfs support check for rootless

Inspired by https://github.com/moby/moby/pull/40131

Overlay check is performed by looking for overlay in /proc/filesystem. This obviously might not work for rootless Docker (fs is there, but one can't use it as non-root, for example, see https://github.com/docker-library/docker/issues/193).

This PR changes the check to perform the actual mount, by reusing the code previously written to check for multiple lower dirs support. The old check is removed from both drivers, as well as the additional check for the multiple lower dirs support in overlay2 since it's now a part of the main check.

The PR is split into two commits for the sake of easier review.

  • First commit moves the supportsMultipleLowerDir to overlayutils with minimal modifications
  • Second commit renames it to SupportsOverlay(), makes the multiple lower dir check optional, and makes both overlay and overlay2 use the new check.

PS nice LOC reduction:

 daemon/graphdriver/overlay/overlay.go           | 37 +++++--------------------------------
 daemon/graphdriver/overlay2/check.go            | 32 --------------------------------
 daemon/graphdriver/overlay2/overlay.go          | 47 +++++------------------------------------------
 daemon/graphdriver/overlayutils/overlayutils.go | 44 ++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 54 insertions(+), 106 deletions(-)

fixes https://github.com/docker/for-linux/issues/836

+54 -106

0 comment

4 changed files

pr created time in 5 days

push eventkolyshkin/moby

lzhfromustc

commit sha 49fbb9c9854ff18ad9304f435c7c6722b0b4cfdb

registry: add a critical section to protect authTransport.modReq Signed-off-by: Ziheng Liu <lzhfromustc@gmail.com>

view details

Ziheng Liu

commit sha 6233217a31395b69aa814c7d3db5cf844eb87437

integration/internal/container: fix a goroutine leak bug by adding 1 buffer Signed-off-by: Ziheng Liu <lzhfromustc@gmail.com>

view details

Kir Kolyshkin

commit sha 9d4e81e8bf0d52a063c46a3dc826f7e85068b07d

hack/validate/vendor: print diff for modified files In case some files were modified (rather than merely added or removed), we're curious to see the diff for those. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 4be12ad3d04aefe6d5822d426813b33d2d4f9a7e

hack/validate/vendor: shellcheck fixes The export statement is definitely not needed. The rest is obvious. > In hack/validate/vendor line 3: > export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" > ^-- SC2155: Declare and assign separately to avoid masking return values. > > > In hack/validate/vendor line 43: > if ls -d vendor/$f > /dev/null 2>&1; then > ^-- SC2086: Double quote to prevent globbing and word splitting. > > > In hack/validate/vendor line 44: > found=$(find vendor/$f -iregex '.*LICENSE.*' -or -iregex '.*COPYRIGHT.*' -or -iregex '.*COPYING.*' | wc -l) > ^-- SC2086: Double quote to prevent globbing and word splitting. > > > In hack/validate/vendor line 45: > if [ $found -eq 0 ]; then > ^-- SC2086: Double quote to prevent globbing and word splitting. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 57910190288c71242d914c292930a496d05f30cb

hack/validate/vendor: simplify looking for license It was suggested that we use '.*\(COPYING\|LICENSE\|COPYRIGHT\).*' as an argument to `find -iregex`, and this is how it all started. Next thing, there is no COPYRIGHT in any of the vendored packages, so it can be removed for good. Next, we should not look too deep inside the package directory, as the license should be in its root directory, so add `-maxdepth 1` to `find`. This should also speed things up. Finally, since we're not using the recursion feature of `find`, it can be replaced with `echo | grep`. While at it, * avoid temporary $pkgs variable as it is only used once; * replace `ls -d "vendor/$f" > /dev/null 2>&1` with `test -d`. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Sam Whited

commit sha b96a0c775400821d80972619fbfe6a2070f3e9ba

Add daemon options required by buildkit tests Signed-off-by: Sam Whited <sam@samwhited.com>

view details

Sebastiaan van Stijn

commit sha 31abc6c089eb5acc8161f480335b33b12564a565

Merge pull request #40177 from SamWhited/buildkit_test_options Add daemon options required by buildkit tests

view details

Sam Whited

commit sha 0c9b232bf5263ab896637b394308510c4cfbd45d

Remove unused GlobalFlags Signed-off-by: Sam Whited <sam@samwhited.com>

view details

Akihiro Suda

commit sha 65523469c7e6f100230ba500c1d28516ea6bd384

Merge pull request #40187 from SamWhited/remove_global_args Remove unused GlobalFlags

view details

Kirill Kolyshkin

commit sha 154cf042fdc35801d280ae2d67128cdcd561b6a2

Merge pull request #40144 from lzhfromustc/GL_outputDone integration/internal/container: fix a goroutine leak bug

view details

Tõnis Tiigi

commit sha fee149e723dff096cb77cfa28f0eabc7b3830990

Merge pull request #40143 from lzhfromustc/IFP_modReq registry: add a critical section to protect authTransport.modReq

view details

Sebastiaan van Stijn

commit sha e9bd017b680cf3eb05d8db21500979ac22969658

Merge pull request #40148 from kolyshkin/vendor-diff hack/validate/vendor: print diff for modified files

view details

Kir Kolyshkin

commit sha 6b40f7c2406260e189749c0201f1786dc59e80e5

overlay: move supportsMultipleLowerDir to utils This moves supportsMultipleLowerDir() to overlayutils so it can be used from both overlay and overlay2. The only changes made were: * replace logger with logrus * don't use workDirName mergedDirName constants * add mnt var to improve readability a bit This is a preparation for the next commit. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 8c3a366edc1412676a56e48f808b56ce8e64cb2f

Fix/improve overlay support check Before this commit, overlay check was performed by looking for `overlay` in /proc/filesystem. This obviously might not work for rootless Docker (fs is there, but one can't use it as non-root). This commit changes the check to perform the actual mount, by reusing the code previously written to check for multiple lower dirs support. The old check is removed from both drivers, as well as the additional check for the multiple lower dirs support in overlay2 since it's now a part of the main check. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 5 days

create barnchkolyshkin/moby

branch : rootless-overlay

created branch time in 5 days

pull request commentmoby/moby

Improve rootless Docker overlay support detection

@Caligatio do you want to work on that ^^^^^?

Caligatio

comment created time in 5 days

pull request commentmoby/moby

Improve rootless Docker overlay support detection

There is already code like this in overlay2, please see https://github.com/moby/moby/pull/35527

I suggest to reuse that code instead. We can add an option to try multiple lower dirs, move the code into overlayutils, and use it from both overlay and overlay2.

Caligatio

comment created time in 5 days

push eventmoby/moby

Ziheng Liu

commit sha 6233217a31395b69aa814c7d3db5cf844eb87437

integration/internal/container: fix a goroutine leak bug by adding 1 buffer Signed-off-by: Ziheng Liu <lzhfromustc@gmail.com>

view details

Kirill Kolyshkin

commit sha 154cf042fdc35801d280ae2d67128cdcd561b6a2

Merge pull request #40144 from lzhfromustc/GL_outputDone integration/internal/container: fix a goroutine leak bug

view details

push time in 5 days

PR merged moby/moby

integration/internal/container: fix a goroutine leak bug area/testing kind/bugfix status/2-code-review

- What I did Avoid a goroutine leak bug by changing an unbuffered channel into a channel with 1 buffer. In the code below, if select chooses case <-ctx.Done(), then the child goroutine will be blocked at outputDone <- err and leaked. https://github.com/moby/moby/blob/a09e6e323e55e1a9b21df9c2c555f5668df3ac9b/integration/internal/container/exec.go#L60-L77

- How to verify it The change in this patch is very safe: the case err := <-outputDone in the parent goroutine will still be blocked until outputDone <- err is executed, but outputDone <- err will never be blocked. This fix is similar to https://github.com/kubernetes/kubernetes/pull/5316

- Description for the changelog NONE

+1 -1

0 comment

1 changed file

lzhfromustc

pr closed time in 5 days

pull request commentmoby/moby

registry: add a critical section to protect authTransport.modReq

@tiborvass PTAL

lzhfromustc

comment created time in 5 days

pull request commentmoby/moby

refactored integration/service/instead_test.go to ues unique resource…

@jmartin84 can you please sign your commit? Something like

git commit --amend -s
git push -f jmartin84 unique-names-intergration-service-inspect-test

should do it

jmartin84

comment created time in 5 days

pull request commentmoby/moby

logger/gelf: use no compression by default

Hmm, actually, compress/flate is only used by gelf for compression level constants; for the actual compression, either compress/gzip or compress/zlib is used. Default is gzip, and gzip apparently uses flate, and gelf sets the level to 1 by default, so as far as I understand this fast flate algo is actually used.

Even with all this, it still takes lots of CPU.

So, I think the best course of action would be to disable compression.

kolyshkin

comment created time in 5 days

pull request commentmoby/moby

logger/gelf: use no compression by default

Well, default compression is level 6 and not level 1:

case level == DefaultCompression:
	level = 6

I also found out that pkg/deflate has a separate "fast" implementation that is used for level==1.

So, we should at least set the default to be level 1.

kolyshkin

comment created time in 5 days

pull request commentdocker/cli

Allow the external CAs to be removed entirely using the CLI

Perhaps --no-external-ca or --remove-external-ca?

cyli

comment created time in 5 days

push eventmoby/moby

Sebastiaan van Stijn

commit sha 3df4f86f21fbcae3535e2231828dce16a1940dbb

swagger: fix "generated code" comment not in correct format As described in https://golang.org/s/generatedcode, Go has a formalized format that should be used to indicate that a file is generated. Matching that format helps linters to skip generated files; From https://golang.org/s/generatedcode (https://github.com/golang/go/issues/13560#issuecomment-288457920); > Generated files are marked by a line of text that matches the regular expression, in Go syntax: > > ^// Code generated .* DO NOT EDIT\.$ > > The `.*` means the tool can put whatever folderol it wants in there, but the comment > must be a single line and must start with `Code generated` and end with `DO NOT EDIT.`, > with a period. > > The text may appear anywhere in the file. This patch updates the template used for our generated types to match that format. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha c511db70ed39f344f41ea8773cc9264a1eeddfda

api/types: re-generate with new template Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha 6186e9fe8794660d669f19a2e2ba7127321b817f

hack/make/.go-autogen: fix "generated code" comment not in correct format As described in https://golang.org/s/generatedcode, Go has a formalized format that should be used to indicate that a file is generated. Matching that format helps linters to skip generated files; From https://golang.org/s/generatedcode (https://github.com/golang/go/issues/13560#issuecomment-288457920); > Generated files are marked by a line of text that matches the regular expression, in Go syntax: > > ^// Code generated .* DO NOT EDIT\.$ > > The `.*` means the tool can put whatever folderol it wants in there, but the comment > must be a single line and must start with `Code generated` and end with `DO NOT EDIT.`, > with a period. > > The text may appear anywhere in the file. This patch updates the autogenerated code to match that format. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Kirill Kolyshkin

commit sha c36460c437c8c515c543dd31afcbb5c2a9f5dd48

Merge pull request #40077 from thaJeztah/fix_autogen_detection Update "auto-generate" comments to improve detection by linters

view details

push time in 7 days

PR merged moby/moby

Reviewers
Update "auto-generate" comments to improve detection by linters area/testing process/cherry-pick status/2-code-review

As described in https://golang.org/s/generatedcode, Go has a formalized format that should be used to indicate that a file is generated.

Matching that format helps linters to skip generated files;

From https://golang.org/s/generatedcode (https://github.com/golang/go/issues/13560#issuecomment-288457920);

Generated files are marked by a line of text that matches the regular expression, in Go syntax:

^// Code generated .* DO NOT EDIT.$

The .* means the tool can put whatever folderol it wants in there, but the comment must be a single line and must start with Code generated and end with DO NOT EDIT., with a period.

The text may appear anywhere in the file.

This patch updates the autogenerated code to match that format.

+11 -20

4 comments

10 changed files

thaJeztah

pr closed time in 7 days

push eventmoby/moby

Sebastiaan van Stijn

commit sha 9a7e96b5b7e97e034ce7bb0f1e7788d1bd881c7f

Rename "v1" to "statsV1" follow-up to 27552ceb15bca544820229e574427d4c1d6ef585, where this was left as a review comment, but the PR was already merged. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Kirill Kolyshkin

commit sha 76dbd884d3f1a02dc193305d2ac5824bcd3e4f0f

Merge pull request #40167 from thaJeztah/stats_alias Rename "v1" to "statsV1"

view details

push time in 8 days

PR merged moby/moby

Rename "v1" to "statsV1" area/runtime kind/refactor status/2-code-review

follow-up to 27552ceb15bca544820229e574427d4c1d6ef585 (https://github.com/moby/moby/pull/40154), where this was left as a review comment, but the PR was already merged.

+5 -5

3 comments

2 changed files

thaJeztah

pr closed time in 8 days

pull request commentmoby/moby

Rename "v1" to "statsV1"

hmm why not just stats? Mentioning repeatedly that we have indeed imported v1 of the package in question during every use of it seems kinda excessive (and reminds me of Hungarian notation in Win :cry:).

thaJeztah

comment created time in 8 days

push eventmoby/moby

Sam Whited

commit sha d6a91ca71c655f71c171e375b787c9c8b361c19e

Rename DCO check param in Jenkinsfile Previously it was a negative parameter for skiping the DCO check, but this is different from other checks. It was requested that I change this in #40023 but I'm factoring it out as an unrelated change. Signed-off-by: Sam Whited <sam@samwhited.com>

view details

Kirill Kolyshkin

commit sha 7cde98488c2cfd7c3bc5a4a9044047cdab596663

Merge pull request #40159 from SamWhited/jenkins_dco_var_name Rename DCO check param in Jenkinsfile

view details

push time in 8 days

PR merged moby/moby

Rename DCO check param in Jenkinsfile area/testing process/cherry-pick status/2-code-review

Previously it was a negative parameter for skiping the DCO check, but this is different from other checks. It was requested that I change this in #40023 by @thaJeztah but I'm factoring it out into a new PR to reduce the diff size since this is an unrelated change.

EDIT: left off the DCO to check that this works (and it does). Definitely not just because I forgot it as usual.

+4 -4

2 comments

1 changed file

SamWhited

pr closed time in 8 days

issue commentmoby/moby

Dockerd eats too much RAM

@dperny PTAL ^^^

goetas

comment created time in 8 days

issue openeddocker/docker.github.io

config/containers/runmetrics: rm lxc reference

File: config/containers/runmetrics.md

Looks like this doc is referring to LXC which is for quite some time is not part of docker. I think such references are to be removed.

created time in 8 days

issue commentmoby/moby

Dockerd eats too much RAM

Here's the graph (generated from the 002 profile, they look similar). Unfortunately I don't know this codebase good enough to figure out what is going on, but it is clear from the pic who is using the most memory. Yet, it's about 3.5GB rather than 11GB (I guess the rest is not garbage collected yet?)

image

goetas

comment created time in 8 days

issue closedmoby/moby

Abnormal RAM consumption by dockerd when using fluentd

Description

When you start a simple container that cycles logs and sends them to fluentd, dockerd starts consuming a lot of RAM. Consumption occurs before buffer overflow, as seen in the dockerd logs.

Based on the #1 and #2 sources, the default fluentd buffer size is 1 MB, but the 'dockerd' consumption grows to 900 MB. If you limit the buffer to, for example, 512 KB (by setting --log-opt fluentd-buffer-limit=512kb), then dockerd grows to 530 MB.

The fluentd buffer size may simply be specified in kilobytes rather than bytes. The unit of measure, unfortunately, is not specified in the logs:

error="fluent#appendBuffer: Buffer full, limit 1048576"

Steps to reproduce the issue:

  1. Simply run td-agent (fluentd) on localhost and next container:
id=$(
  sudo \
    docker run \
      --rm \
      --detach \
      --log-driver fluentd \
      --log-opt mode=non-blocking \
      --log-opt fluentd-address=localhost:24224 \
      --log-opt fluentd-async-connect=true \
      --log-opt fluentd-sub-second-precision=true \
      alpine \
      /usr/bin/yes crashme
)

sleep 30
sudo docker kill ${id}

Describe the results you received:

See at screencast:

Please note that dockerd does not release RAM after the container is stopped.

github

Describe the results you expected:

dockerd should not consume so much RAM

Additional information you deem important (e.g. issue happens only occasionally):

Output of docker version:

Client: Docker Engine - Community
 Version:           19.03.2
 API version:       1.40
 Go version:        go1.12.8
 Git commit:        6a30dfc
 Built:             Thu Aug 29 05:29:11 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.2
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.8
  Git commit:       6a30dfc
  Built:            Thu Aug 29 05:27:45 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.6
  GitCommit:        894b81a4b802e4eb2a91d1ce216b8817763c29fb
 runc:
  Version:          1.0.0-rc8
  GitCommit:        425e105d5a03fabd737a126ad93d62a9eeede87f
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Output of docker info:

Client:
 Debug Mode: false

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 2
 Server Version: 19.03.2
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
 runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f
 init version: fec3683
 Security Options:
  apparmor
  seccomp
   Profile: default
 Kernel Version: 4.15.0-1051-aws
 Operating System: Ubuntu 18.04.1 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 1.91GiB
 Name: test
 ID: XYTA:N6SY:IYSU:ANM6:LQRH:AN75:MPS6:TKUK:LGB5:WQBU:NGCR:J775
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Additional environment details (AWS, VirtualBox, physical, etc.):

t3.small instance on AWS.

closed time in 12 days

abra7134

issue commentmoby/moby

Abnormal RAM consumption by dockerd when using fluentd

Unable to repro, no reply from the reporter, closing.

@abra7134 feel free to reopen!

abra7134

comment created time in 12 days

pull request commentdocker/cli

Stack: Support cap_add, cap_drop and privileged on services

@olljanat this needs a rebase

olljanat

comment created time in 13 days

Pull request review commentmoby/moby

bump containerd/cgroups 5fbad35c2a7e855762d3c60f2e474ffcad0d470a

 package types // import "github.com/docker/docker/libcontainerd/types" import ( 	"time" -	"github.com/containerd/cgroups"+	v1 "github.com/containerd/cgroups/stats/v1"

ditto

thaJeztah

comment created time in 13 days

Pull request review commentmoby/moby

bump containerd/cgroups 5fbad35c2a7e855762d3c60f2e474ffcad0d470a

 import ( 	"strings" 	"time" -	containerd_cgroups "github.com/containerd/cgroups"+	v1 "github.com/containerd/cgroups/stats/v1"

this is kinda weird to call this v1. maybe just cgroups?

thaJeztah

comment created time in 13 days

Pull request review commentdocker/cli

kubernetes/conversion_test: use test-builders package

 func withPort(port swarm.PortConfig) func(*swarm.Service) { 	} } -func withStatus(running, desired uint64) func(*swarm.Service) {-	return func(service *swarm.Service) {-		service.ServiceStatus = &swarm.ServiceStatus{-			RunningTasks: running,-			DesiredTasks: desired,-		}-	}-}--func makeSwarmService(t *testing.T, service, id string, opts ...func(*swarm.Service)) swarm.Service {+func makeSwarmService(t *testing.T, name, id string, opts ...func(*swarm.Service)) swarm.Service { 	t.Helper()-	s := swarm.Service{-		ID: id,-		Spec: swarm.ServiceSpec{-			Annotations: swarm.Annotations{-				Name: service,-			},-			TaskTemplate: swarm.TaskSpec{-				ContainerSpec: &swarm.ContainerSpec{-					Image: "image",-				},-			},-		},-	}-	for _, o := range opts {-		o(&s)-	}-	return s+	options := append([]func(*swarm.Service){}, ServiceID(id), ServiceName(name), ServiceImage("image"))

Appending to an empty slice does not make sense to me. Easier to write as

options := []func(*swarm.Service){ServiceID(id), ServiceName(name), ServiceImage("image")}
thaJeztah

comment created time in 13 days

Pull request review commentdocker/cli

kubernetes/conversion_test: use test-builders package

 import ( // Any number of service builder functions can be passed to augment it. // Currently, only ServiceName is implemented func Service(builders ...func(*swarm.Service)) *swarm.Service {-	service := &swarm.Service{-		ID: "serviceID",-		Spec: swarm.ServiceSpec{-			Annotations: swarm.Annotations{-				Name: "defaultServiceName",-			},-			EndpointSpec: &swarm.EndpointSpec{},-		},-	}+	service := &swarm.Service{}+	ServiceID("serviceID")+	ServiceName("defaultServiceName")

I don't understand this part. You call a function that returns a function and then you discard its result, meaning you never call the function returned.

Should be something like

ServiceID("serviceID")(service)
ServiceName("defaultServiceName")(service)
thaJeztah

comment created time in 13 days

Pull request review commentdocker/cli

kubernetes/conversion_test: use test-builders package

 import ( // Any number of service builder functions can be passed to augment it. // Currently, only ServiceName is implemented

Not really in scope of this PR, but this comment line seems obsoleted. Since commit dea478b851 which added it (and the mentioned ServiceName()), we got 535af2d868 which adds ServicePort(), ServiceImage() etc.

thaJeztah

comment created time in 13 days

issue commentmoby/moby

Abnormal RAM consumption by dockerd when using fluentd

I was unable to repro using the above repro steps (with docker-ce 19.03 and td-agent 3.5.0 on a CentOS 7).

What I did is:

wget http://packages.treasuredata.com.s3.amazonaws.com/3/redhat/7/x86_64/td-agent-3.5.0-0.el7.x86_64.rpm
yum install td-agent-3.5.0-0.el7.x86_64.rpm
systemctl start td-agent
systemctl status td-agent # make sure it's running
ss -lnp4 # make sure fluentd port is 24224

and then ran the above repro. I can see dockerd, ruby, and yes in top output and they all use some considerable CPU time, but I don't see any noticeable RSS grow.

@abra7134 can you repro this on a clean instance? If yes, please provide detailed steps, maybe I'm missing something.

abra7134

comment created time in 14 days

pull request commentmoby/moby

hack/validate/vendor: print diff for modified files

Should we add NOTICE? IIUC, the notice is the actual copyright/licensing information, and having a license file is merely for convenience

  1. Currently, we don't have any packages that fail validation (i.e. they all either container COPYING or LICENSE in some way).

  2. Let's have a look,

$ grep -vEc '^$|^#' vendor.conf 
118
$ find vendor -name NOTICE\* | wc -l
13

...out of 118 packages that moby/moby currently vendors, only 13 packages contain NOTICE, and about half of those NOTICEs only contain a copyright statement but not any licensing information. I guess the aim of this check we are actually checking for licensing terms (to make sure it's compatible with moby's own licensing terms) not copyright.

kolyshkin

comment created time in 14 days

pull request commentmoby/moby

hack/validate/vendor: print diff for modified files

@thaJeztah first two commits remain the same (so you won't have to re-review), the only change is I added the third one with validate_vendor_used as you suggested.

kolyshkin

comment created time in 14 days

Pull request review commentmoby/moby

hack/validate/vendor: print diff for modified files

 validate_vendor_diff(){ validate_vendor_used() { 	pkgs=$(mawk '/^[a-zA-Z0-9]/ { print $1 }' < vendor.conf) 	for f in $pkgs; do-	if ls -d vendor/$f  > /dev/null 2>&1; then-		found=$(find vendor/$f -iregex '.*LICENSE.*' -or -iregex '.*COPYRIGHT.*' -or -iregex '.*COPYING.*' | wc -l)-		if [ $found -eq 0 ]; then+	if ls -d "vendor/$f"  > /dev/null 2>&1; then+		found=$(find "vendor/$f" -iregex '.*LICENSE.*' -or -iregex '.*COPYRIGHT.*' -or -iregex '.*COPYING.*' | wc -l)

added a commit optimizing it

kolyshkin

comment created time in 14 days

push eventkolyshkin/moby

Kir Kolyshkin

commit sha 57910190288c71242d914c292930a496d05f30cb

hack/validate/vendor: simplify looking for license It was suggested that we use '.*\(COPYING\|LICENSE\|COPYRIGHT\).*' as an argument to `find -iregex`, and this is how it all started. Next thing, there is no COPYRIGHT in any of the vendored packages, so it can be removed for good. Next, we should not look too deep inside the package directory, as the license should be in its root directory, so add `-maxdepth 1` to `find`. This should also speed things up. Finally, since we're not using the recursion feature of `find`, it can be replaced with `echo | grep`. While at it, * avoid temporary $pkgs variable as it is only used once; * replace `ls -d "vendor/$f" > /dev/null 2>&1` with `test -d`. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 14 days

Pull request review commentmoby/moby

hack/validate/vendor: print diff for modified files

 validate_vendor_diff(){ validate_vendor_used() { 	pkgs=$(mawk '/^[a-zA-Z0-9]/ { print $1 }' < vendor.conf) 	for f in $pkgs; do-	if ls -d vendor/$f  > /dev/null 2>&1; then-		found=$(find vendor/$f -iregex '.*LICENSE.*' -or -iregex '.*COPYRIGHT.*' -or -iregex '.*COPYING.*' | wc -l)-		if [ $found -eq 0 ]; then+	if ls -d "vendor/$f"  > /dev/null 2>&1; then+		found=$(find "vendor/$f" -iregex '.*LICENSE.*' -or -iregex '.*COPYRIGHT.*' -or -iregex '.*COPYING.*' | wc -l)

I resisted the urge to rewrite this, yes.

Alsop, .* at the beginning and the end is not needed.

kolyshkin

comment created time in 15 days

PR opened moby/moby

Reviewers
hack/validate/vendor: print diff for modified files

In case some files were modified (rather than merely added or removed), we're curious to see the diff for those.

Idea-by: @thaJeztah

While at it, fix some shellcheck warnings.

+8 -4

0 comment

1 changed file

pr created time in 15 days

create barnchkolyshkin/moby

branch : vendor-diff

created branch time in 15 days

pull request commentdocker/cli

build static binaries with -tags osusergo

OK since moby/moby#40134 is merged, I assume this one can be closed.

thaJeztah

comment created time in 15 days

PR opened docker/engine

Bump golang 1.12.12
+4 -4

0 comment

4 changed files

pr created time in 15 days

create barnchkolyshkin/moby

branch : 19.03-go1.12.12

created branch time in 15 days

PR closed moby/moby

[WIP] bump go-swagger to 0.21.1 + golang 1.13 fix area/testing kind/bugfix

This includes the following fix:

  • https://github.com/go-swagger/go-swagger/pull/2059

to avoid swagger panic:

panic: object has no key "default"

when it is compiled by golang 1.13

  • v2: add go mod download since vendor is no more
  • v3: add GO111MODULE=on
  • v4: run go build for local package, remove go mod download
  • v5: move GO111MODULE=on to right before go build
+6 -4

3 comments

2 changed files

kolyshkin

pr closed time in 15 days

pull request commentmoby/moby

Revert "homedir: add cgo or osusergo buildtag constraints for unix"

How about we add another build tag that could be enabled for building in musl or dynamic binaries in glibc if osusergo shouldn't be used? It seems risky to allow this panic in one of the default cases if the comment is not seen.

So are you suggesting something like i_am_aware_static_linking_has_dark_avenues build tag? I guess that won't work -- people will just set it everywhere without much understanding about the subject.

There's already a warning from a linker, which should not be ignored. We can even make it an error if we add -extldflags -Wl,--fatal-warnings.

kolyshkin

comment created time in 18 days

Pull request review commentmoby/moby

Make binary output targets use own build cmd

 endif  DOCKER_RUN_DOCKER := $(DOCKER_FLAGS) "$(DOCKER_IMAGE)" +DOCKER_BUILD_ARGS += --build-arg=GO_VERSION+BUILD_OPTS := ${BUILD_APT_MIRROR} ${DOCKER_BUILD_ARGS} ${DOCKER_BUILD_OPTS} -f "$(DOCKERFILE)"+ifdef USE_BUILDX+BUILD_OPTS += $(BUILDX_BUILD_EXTRA_OPTS)+BUILD_CMD := $(BUILDX) build+else+BUILD_CMD := $(DOCKER) build+endif++# This is used for the legacy "build" target and anything still depending on it+BUILD_CROSS =+ifdef DOCKER_CROSS+BUILD_CROSS = --build-arg CROSS=$(DOCKER_CROSS)+endif+ifdef DOCKER_CROSSPLATFORMS+BUILD_CROSS = --build-arg CROSS=true+endif+ default: binary  all: build ## validate all checks, build linux binaries, run all tests\ncross build non-linux binaries and generate archives 	$(DOCKER_RUN_DOCKER) bash -c 'hack/validate/default && hack/make.sh' -binary: DOCKER_BUILD_ARGS += --output=bundles/ --target=binary-binary: build ## build the linux binaries+binary: ## build staticly linked linux binaries+dynbinary: ## build dynmically linked linux binaries

typo: dynmically

Can you please fix both in the first commit?

cpuguy83

comment created time in 18 days

Pull request review commentmoby/moby

Make binary output targets use own build cmd

 endif  DOCKER_RUN_DOCKER := $(DOCKER_FLAGS) "$(DOCKER_IMAGE)" +DOCKER_BUILD_ARGS += --build-arg=GO_VERSION+BUILD_OPTS := ${BUILD_APT_MIRROR} ${DOCKER_BUILD_ARGS} ${DOCKER_BUILD_OPTS} -f "$(DOCKERFILE)"+ifdef USE_BUILDX+BUILD_OPTS += $(BUILDX_BUILD_EXTRA_OPTS)+BUILD_CMD := $(BUILDX) build+else+BUILD_CMD := $(DOCKER) build+endif++# This is used for the legacy "build" target and anything still depending on it+BUILD_CROSS =+ifdef DOCKER_CROSS+BUILD_CROSS = --build-arg CROSS=$(DOCKER_CROSS)+endif+ifdef DOCKER_CROSSPLATFORMS+BUILD_CROSS = --build-arg CROSS=true+endif++VERSION_AUTOGEN_ARGS = --build-arg VERSION --build-arg DOCKER_GITCOMMIT --build-arg PRODUCT --build-arg PLATFORM --build-arg DEFAULT_PRODUCT_LICENSE+ default: binary  all: build ## validate all checks, build linux binaries, run all tests\ncross build non-linux binaries and generate archives 	$(DOCKER_RUN_DOCKER) bash -c 'hack/validate/default && hack/make.sh' -binary: DOCKER_BUILD_ARGS += --output=bundles/ --target=binary-binary: build ## build the linux binaries+binary: ## build staticly linked linux binaries

Oh, now I see -- you introduce a typo in the first commit, and fix it in the second one.

cpuguy83

comment created time in 18 days

Pull request review commentmoby/moby

Make binary output targets use own build cmd

 endif  DOCKER_RUN_DOCKER := $(DOCKER_FLAGS) "$(DOCKER_IMAGE)" +DOCKER_BUILD_ARGS += --build-arg=GO_VERSION+BUILD_OPTS := ${BUILD_APT_MIRROR} ${DOCKER_BUILD_ARGS} ${DOCKER_BUILD_OPTS} -f "$(DOCKERFILE)"+ifdef USE_BUILDX+BUILD_OPTS += $(BUILDX_BUILD_EXTRA_OPTS)+BUILD_CMD := $(BUILDX) build+else+BUILD_CMD := $(DOCKER) build+endif++# This is used for the legacy "build" target and anything still depending on it+BUILD_CROSS =+ifdef DOCKER_CROSS+BUILD_CROSS = --build-arg CROSS=$(DOCKER_CROSS)+endif+ifdef DOCKER_CROSSPLATFORMS+BUILD_CROSS = --build-arg CROSS=true+endif++VERSION_AUTOGEN_ARGS = --build-arg VERSION --build-arg DOCKER_GITCOMMIT --build-arg PRODUCT --build-arg PLATFORM --build-arg DEFAULT_PRODUCT_LICENSE+ default: binary  all: build ## validate all checks, build linux binaries, run all tests\ncross build non-linux binaries and generate archives 	$(DOCKER_RUN_DOCKER) bash -c 'hack/validate/default && hack/make.sh' -binary: DOCKER_BUILD_ARGS += --output=bundles/ --target=binary-binary: build ## build the linux binaries+binary: ## build staticly linked linux binaries

@cpuguy83 I don't see it fixed; still says staticly.

cpuguy83

comment created time in 18 days

pull request commentdocker/libnetwork

resolver: less debug

is there a way to ratelimit these logs

@arkodg in fact some logs are already rate-limited; see https://github.com/docker/libnetwork/pull/1062.

But in this case it does not make sense to rate-limit the logs, since every line provide different information (different names or IPs), so if you try to rate-limit, you'll end up seeing only some of them, which does not make sense.

IOW, it makes sense to rate-limit a warning message like we ran out of disk space (if it may appear too frequent), but it does not make sense to rate-limit a message like processing query %s (as %s is different every time).

Or maybe I don't quite understand your proposal; can you elaborate?

kolyshkin

comment created time in 18 days

pull request commentdocker/cli

config: don't call homedir on init()

Actually; let me make one small change, and don't attempt to set the dir if it's non-empty (which could be if a user of this package calls SetDir() before Dir()

I don't like this change -- now you have two "run once" guards, and they are scattered.

Maybe it's better to rewrite Dir() to encapsulate setConfigDir(), i.e. the same way that user.Current is written (except there's no need to do a copy a string being returned)?

https://github.com/golang/go/blob/46e0d724b3f14fd0d350123bbf101e815b493791/src/os/user/lookup.go#L9-L28

thaJeztah

comment created time in 18 days

issue commentOWASP/Amass

Upgrading from 3.1.10 to 3.2.2 fails

you should remove v from any v2.* and v3.* tags preceding v3.2.2

I mean, replacing the tags, as in v2.6.0 -> 2.6.0.

geeknik

comment created time in 18 days

issue commentOWASP/Amass

Upgrading from 3.1.10 to 3.2.2 fails

export GO111MODULE=on
go get -v -u github.com/OWASP/Amass/v3

should work

@caffix to get rid of module github.com/OWASP/Amass@latest found (v2.6.0+incompatible), but does not contain package error, I guess you should remove v from any v2.* and v3.* tags preceding v3.2.2, as those are not semver conformant and thus go is stuck.

geeknik

comment created time in 18 days

delete branch kolyshkin/Amass

delete branch : fix-gomod-semver

delete time in 18 days

issue commentOWASP/Amass

Can't build example app

Once a release is tagged, that is

kolyshkin

comment created time in 19 days

issue commentOWASP/Amass

Can't build example app

Fixed by #299

kolyshkin

comment created time in 19 days

issue closedOWASP/Amass

Can't build example app

Taking an example from https://github.com/OWASP/Amass/blob/c9f40430e379aa94673013d92aaf95eb04aa1fbb/examples/minimal.go and building it out of tree is impossible due to mixed semver/non-semver dependencies. Please find complete reproducers below.

Try 1: use go run

$ mkdir try1 && cd try1
$ wget https://raw.githubusercontent.com/OWASP/Amass/c9f40430e379aa94673013d92aaf95eb04aa1fbb/examples/minimal.go
$ export GO111MODULE=on
$ go run minimal.go 
build command-line-arguments: cannot load github.com/OWASP/Amass/config: module github.com/OWASP/Amass@latest found (v2.6.0+incompatible), but does not contain package github.com/OWASP/Amass/config

NOTE: I am puzzled as to why v2.6.0 is used here, maybe it's because this is the first version that added go.mod?

NOTE: when looking at the tags for this package, I see a mix of ones in the form of X.Y.Z and vX.Y.Z.

Try 2: use go mod

Using the above example as a base, let's try to add go.mod file:

$ go mod init ex.am/ple
go: creating new go.mod: module ex.am/ple
$ go mod tidy
ex.am/ple imports
	github.com/OWASP/Amass/config: module github.com/OWASP/Amass@latest found (v2.6.0+incompatible), but does not contain package github.com/OWASP/Amass/config
ex.am/ple imports
	github.com/OWASP/Amass/enum: module github.com/OWASP/Amass@latest found (v2.6.0+incompatible), but does not contain package github.com/OWASP/Amass/enum
ex.am/ple imports
	github.com/OWASP/Amass/services: module github.com/OWASP/Amass@latest found (v2.6.0+incompatible), but does not contain package github.com/OWASP/Amass/services

Try 3: pin version

Using the above example as a base, let's try to pin version to v3.2.1:

$ cat go.mod 
module ex.am/ple

go 1.13
$ go mod edit -require github.com/OWASP/Amass@v3.2.1
$ cat go.mod
module ex.am/ple

go 1.13

require github.com/OWASP/Amass v3.2.1
$ go mod tidy
go: finding github.com/OWASP/Amass v3.2.1
go: finding github.com/OWASP/Amass v3.2.1
go: errors parsing go.mod:
/home/kir/tmp/try1/go.mod:5: require github.com/OWASP/Amass: version "v3.2.1" invalid: module contains a go.mod file, so major version must be compatible: should be v0 or v1, not v3

NOTE: I believe it happens because this package is not conformant to semver requirements (see more detailed description and the proposed fix at https://github.com/OWASP/Amass/pull/299).

Try 4: abandon go.mod and try using vendor/ subdir.

From a clean slate:

$ export GO111MODULE=off
$ cd $GOPATH
$ mkdir -p ex.am/ple && cd ex.am/ple
$ wget https://raw.githubusercontent.com/OWASP/Amass/c9f40430e379aa94673013d92aaf95eb04aa1fbb/examples/minimal.go
$ export GO111MODULE=off
$ # FIXME: provide instructions to populate vendor/ subdir
$ go build .
vendor/github.com/prometheus/client_golang/prometheus/desc.go:22:2: cannot find package "github.com/cespare/xxhash/v2" in any of:
	${GOPATH}/vendor/github.com/cespare/xxhash/v2 (vendor tree)
	/snap/go/4668/src/github.com/cespare/xxhash/v2 (from $GOROOT)
	${GOPATH}/src/github.com/cespare/xxhash/v2 (from $GOPATH)

This fails because https://github.com/cespare/xxhash is already using v2 semver suffix and old vendoring tools can't work with it.

closed time in 19 days

kolyshkin

pull request commentOWASP/Amass

Fix semver conformance

@caffix thanks for fast tracking this. Can you please tag a release with this fix (otherwise it still won't work)?

kolyshkin

comment created time in 19 days

issue openedOWASP/Amass

Can't build example app

Taking an example from https://github.com/OWASP/Amass/blob/c9f40430e379aa94673013d92aaf95eb04aa1fbb/examples/minimal.go and building it out of tree is impossible due to mixed semver/non-semver dependencies. Please find complete reproducers below.

Try 1: use go run

$ mkdir try1 && cd try1
$ wget https://raw.githubusercontent.com/OWASP/Amass/c9f40430e379aa94673013d92aaf95eb04aa1fbb/examples/minimal.go
$ export GO111MODULE=on
$ go run minimal.go 
build command-line-arguments: cannot load github.com/OWASP/Amass/config: module github.com/OWASP/Amass@latest found (v2.6.0+incompatible), but does not contain package github.com/OWASP/Amass/config

NOTE: I am puzzled as to why v2.6.0 is used here, maybe it's because this is the first version that added go.mod?

NOTE: when looking at the tags for this package, I see a mix of ones in the form of X.Y.Z and vX.Y.Z.

Try 2: use go mod

Using the above example as a base, let's try to add go.mod file:

$ go mod init ex.am/ple
go: creating new go.mod: module ex.am/ple
$ go mod tidy
ex.am/ple imports
	github.com/OWASP/Amass/config: module github.com/OWASP/Amass@latest found (v2.6.0+incompatible), but does not contain package github.com/OWASP/Amass/config
ex.am/ple imports
	github.com/OWASP/Amass/enum: module github.com/OWASP/Amass@latest found (v2.6.0+incompatible), but does not contain package github.com/OWASP/Amass/enum
ex.am/ple imports
	github.com/OWASP/Amass/services: module github.com/OWASP/Amass@latest found (v2.6.0+incompatible), but does not contain package github.com/OWASP/Amass/services

Try 3: pin version

Using the above example as a base, let's try to pin version to v3.2.1:

$ cat go.mod 
module ex.am/ple

go 1.13
$ go mod edit -require github.com/OWASP/Amass@v3.2.1
$ cat go.mod
module ex.am/ple

go 1.13

require github.com/OWASP/Amass v3.2.1
$ go mod tidy
go: finding github.com/OWASP/Amass v3.2.1
go: finding github.com/OWASP/Amass v3.2.1
go: errors parsing go.mod:
/home/kir/tmp/try1/go.mod:5: require github.com/OWASP/Amass: version "v3.2.1" invalid: module contains a go.mod file, so major version must be compatible: should be v0 or v1, not v3

NOTE: I believe it happens because this package is not conformant to semver requirements (see more detailed description and the proposed fix at https://github.com/OWASP/Amass/pull/299).

Try 4: abandon go.mod and try using vendor/ subdir.

From a clean slate:

$ mkdir try4 && cd try4
$ wget https://raw.githubusercontent.com/OWASP/Amass/c9f40430e379aa94673013d92aaf95eb04aa1fbb/examples/minimal.go
$ export GO111MODULE=off

(to be continued)

created time in 19 days

pull request commentOWASP/Amass

Fix semver conformance

This makes go mod works with the package.

The alternative to this, I guess, is not to prefix tags with v, but I haven't tried it.

kolyshkin

comment created time in 19 days

PR opened OWASP/Amass

Fix semver conformance

Since the project uses go modules and semantic versioning (i.e. version tags begin with 'v'), the module name should have a v3 suffix as per https://github.com/golang/go/wiki/Modules#semantic-import-versioning and other similar docs.

This allows using this package from others (let me know if you need an example).

NOTE: Except for the go.mod change, this commit was generated by the following shell script:

for f in $(git grep -l -F '"github.com/OWASP/Amass/' | grep -E '\.go$'); do
  sed -i 's|"github.com/OWASP/Amass/|"github.com/OWASP/Amass/v3/|' $f;
  goimports -w $f;
done
+376 -376

0 comment

99 changed files

pr created time in 19 days

created tagkolyshkin/Amass

tagv3.2.2

In-depth Attack Surface Mapping and Asset Discovery

created time in 19 days

create barnchkolyshkin/Amass

branch : fix-gomod-semver

created branch time in 19 days

fork kolyshkin/Amass

In-depth Attack Surface Mapping and Asset Discovery

https://www.owasp.org/index.php/OWASP_Amass_Project

fork in 19 days

pull request commentmoby/moby

Revert "homedir: add cgo or osusergo buildtag constraints for unix"

@tonistiigi PTAL (as per @tiborvass you wanted #39994 in the first place)

kolyshkin

comment created time in 19 days

push eventkolyshkin/moby

Kir Kolyshkin

commit sha 7ef475fc1698e34b1ffe0f666021060e566abf94

pkg/homedir: clarify Get() docs wrt static linking This clarifies comments about static linking made in commit a8608b5b67c. 1. There are two ways to create a static binary, one is to disable cgo, the other is to set linker flags. When cgo is disabled, there is no need to use osusergo build tag. 2. osusergo only needs to be set when linking against glibc. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 19 days

pull request commentmoby/moby

Revert "homedir: add cgo or osusergo buildtag constraints for unix"

  1. static binary is being built (e.g. go build is run with -extldflags -static)
  2. go build links the binary against glibc ... ...while items 2 and 3 do not result in any build tags being set or unset

Let me elaborate on this one.

It's a de-facto convention to set static_build build tag in such case, but it's entirely voluntarily (this might change in the future, see https://github.com/golang/go/issues/26492), so we can't rely on it.

Even if we could, item 3 is still here.

kolyshkin

comment created time in 19 days

push eventkolyshkin/moby

Kir Kolyshkin

commit sha 80e338a18db0acce00653a176d82a567eafb0c79

Revert "homedir: add cgo or osusergo buildtag constraints for unix" TL;DR: there is no way to do this right. We do know that in some combination of build tags set (or unset), linker flags, environment variables, and libc implementation, this package won't work right. In fact, there is one specific combination: 1. `CGO_ENABLED=1` (or unset) 2. static binary is being built (e.g. `go build` is run with `-extldflags -static`) 3. `go build` links the binary against glibc 4. `osusergo` is not set This particular combination results in the following legitimate linker warning: > cgo_lookup_unix.go: warning: Using 'getpwuid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking If this warning is ignored and the resulting binary is used on a system with files from a different glibc version (or without those files), it could result in a segfault. The commit being reverted tried to guard against such possibility, but the problem is, we can only use build tags to account for items 1 and 4 from the above list, while items 2 and 3 do not result in any build tags being set or unset, making this guard excessive. Remove it. This reverts commit 023b072288eab3c9e768d4aeeb917f27f06034c7. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 19 days

PR opened moby/moby

Revert "homedir: add cgo or osusergo buildtag constraints for unix"

This reverts #39994.

TL;DR: there is no way to do this right.

We do know that in some combination of build tags set (or unset), linker flags, environment variables, and libc version, this package won't work right. In fact, there is one specific combination:

  1. CGO_ENABLED=1 (or unset)
  2. static binary is being built (e.g. go build is run with -extldflags -static)
  3. go build links the binary against glibc
  4. osusergo is not set

This particular combination results in the following legitimate linker warning:

cgo_lookup_unix.go: warning: Using 'getpwuid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking

If this warning is ignored and the resulting binary is used on a system with files from a different glibc version (or without those files), it could result in a segfault.

The commit being reverted tried to guard against such possibility, but the problem is, we can only use build tags to account for items 1 and 4 from the above list, while items 2 and 3 do not result in any build tags being set or unset, making this guard excessive.

Remove it.

This reverts commit 023b072288eab3c9e768d4aeeb917f27f06034c7.

@tiborvass @thaJeztah @cpuguy83 PTAL

+1 -1

0 comment

1 changed file

pr created time in 19 days

push eventkolyshkin/moby

Kir Kolyshkin

commit sha 449c5be4fa21492dc743b89794db189caf08280c

Revert "homedir: add cgo or osusergo buildtag constraints for unix" TL;DR: there is no way to do this right. We do know that in some combination of build tags set (or unset), linker flags, environment variables, and libc version, this package won't work right. In fact, there is one specific combination: 1. `CGO_ENABLED=1` (or unset) 2. static binary is being build (e.g. `go build` is run with `-extldflags -static`) 3. `go build` links the binary against glibc 4. `osusergo` is not set This particular combination result in the following legitimate linker warning: > cgo_lookup_unix.go: warning: Using 'getpwuid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking If this warning is ignored and the resulting binary is used on a system with files from a different glibc version (or without those files), it could result in a segfault. The commit being reverted tried to guard against such possibility, but the problem is, we can only use build tags to account for items 1 and 4 from the above list, while items 2 and 3 do not result in any build tags being set or unset, making this guard excessive. Remove it. This reverts commit 023b072288eab3c9e768d4aeeb917f27f06034c7. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

push time in 19 days

create barnchkolyshkin/moby

branch : homedir-osusergo

created branch time in 19 days

pull request commentdocker/cli

build static binaries with -tags osusergo

So, in case we would want to use CGO for static binary, we need to add osusergo but also netgo and static_build tags. IOW:

diff --git a/scripts/build/binary b/scripts/build/binary
index 41c4196cc..3440dfcf6 100755
--- a/scripts/build/binary
+++ b/scripts/build/binary
@@ -8,7 +8,8 @@ set -eu -o pipefail
 source ./scripts/build/.variables
 
 echo "Building statically linked $TARGET"
-export CGO_ENABLED=0
-go build -o "${TARGET}" --ldflags "${LDFLAGS}" "${SOURCE}"
+LDFLAGS="-extldflags -static $LDFLAGS"
+TAGS="-tags netgo,osusergo,static_build"
+go build -o "${TARGET}" ${TAGS} --ldflags "${LDFLAGS}" "${SOURCE}"
 
 ln -sf "$(basename "${TARGET}")" build/docker

but for now I don't see a reason to do that ([re-]enable CGO for static build)

thaJeztah

comment created time in 19 days

pull request commentdocker/cli

build static binaries with -tags osusergo

IOW, if you're not having below errors, adding osusergo and netgo does not make sense.

github.com/docker/cli/cmd/docker

/tmp/go-link-243080483/000024.o: In function pluginOpen': /build/go/parts/built/build/src/plugin/plugin_dlopen.go:19: warning: Using 'dlopen' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /tmp/go-link-243080483/000019.o: In functionmygetgrouplist': /build/go/parts/built/build/src/os/user/getgrouplist_unix.go:16: warning: Using 'getgrouplist' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /tmp/go-link-243080483/000018.o: In function mygetgrgid_r': /build/go/parts/built/build/src/os/user/cgo_lookup_unix.go:38: warning: Using 'getgrgid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /tmp/go-link-243080483/000018.o: In functionmygetgrnam_r': /build/go/parts/built/build/src/os/user/cgo_lookup_unix.go:43: warning: Using 'getgrnam_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /tmp/go-link-243080483/000018.o: In function mygetpwnam_r': /build/go/parts/built/build/src/os/user/cgo_lookup_unix.go:33: warning: Using 'getpwnam_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /tmp/go-link-243080483/000018.o: In functionmygetpwuid_r': /build/go/parts/built/build/src/os/user/cgo_lookup_unix.go:28: warning: Using 'getpwuid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /tmp/go-link-243080483/000004.o: In function `_cgo_26061493d47f_C2func_getaddrinfo': /tmp/go-build/cgo-gcc-prolog:58: warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking

thaJeztah

comment created time in 19 days

pull request commentdocker/cli

config: don't call homedir on init()

The homedir.Get() function can call out to external applications to get user information.

Can you elaborate on this?

My $0.02: since golang 1.8 or so user.Current() result is cached.

thaJeztah

comment created time in 19 days

Pull request review commentdocker/cli

Fix-up (gometalinter) linting config

   "Vendor": true,   "Deadline": "2m",   "Sort": ["linter", "severity", "path", "line"],-  "Exclude": [+  "Skip": [       "cli/compose/schema/bindata.go",       "cli/command/stack/kubernetes/api/openapi",       "cli/command/stack/kubernetes/api/client",       ".*generated.*",-      "parameter .* always receives"+      "vendor"+  ],+  "Exclude": [+    "parameter .* always receives",+    "_esc(Dir|FS|FSString|FSMustString) is unused"

the commit message does not explain where this line is coming from

thaJeztah

comment created time in 19 days

pull request commentdocker/cli

Fix-up (gometalinter) linting config

side note: why don't we switch to golangci-lint instead?

thaJeztah

comment created time in 19 days

pull request commentdocker/cli

build static binaries with -tags osusergo

So unless we want to try enabling cgo for a static build, i'd rather close this one

thaJeztah

comment created time in 19 days

pull request commentdocker/cli

build static binaries with -tags osusergo

  1. Since CGO is explicitly disabled here for a static build, technically this build tag is not needed. Doesn't hurt to have it, but it's essentially a no-op when CGO=0 is set.

  2. If we still want to add this, we might also add netgo.

thaJeztah

comment created time in 19 days

issue commentdocker/for-linux

yum install docker failing

@rlupo06 Maybe you need to upgrade your centos system first, as in yum update.

After you do it, can you please report the output of rpm -q centos-release and try upgrading docker-ce again?

rlupo06

comment created time in 20 days

Pull request review commentdocker/engine

[18.09 backport] Add TC to check dynamic subnet for ingress network

 func TestServiceWithDefaultAddressPoolInit(t *testing.T) { 	assert.NilError(t, err) 	t.Logf("%s: NetworkInspect: %+v", t.Name(), out) 	assert.Assert(t, len(out.IPAM.Config) > 0)+	assert.Equal(t, out.IPAM.Config[0].Subnet, "20.20.1.0/24")++	// Also inspect ingress network and make sure its in the same subnet+	out, err = cli.NetworkInspect(ctx, "ingress", types.NetworkInspectOptions{Verbose: true})

or just commit 56a68c15f8a093b1761e77a74d8b7acdfbcb30a2

thaJeztah

comment created time in 20 days

Pull request review commentdocker/engine

[18.09 backport] Add TC to check dynamic subnet for ingress network

 func TestServiceWithDefaultAddressPoolInit(t *testing.T) { 	assert.NilError(t, err) 	t.Logf("%s: NetworkInspect: %+v", t.Name(), out) 	assert.Assert(t, len(out.IPAM.Config) > 0)+	assert.Equal(t, out.IPAM.Config[0].Subnet, "20.20.1.0/24")++	// Also inspect ingress network and make sure its in the same subnet+	out, err = cli.NetworkInspect(ctx, "ingress", types.NetworkInspectOptions{Verbose: true})

I guess s/ctx/context.Background()/ or backport moby/moby#38557

thaJeztah

comment created time in 21 days

Pull request review commentdocker/engine

[18.09 backport] Add TC to check dynamic subnet for ingress network

 func TestServiceWithDefaultAddressPoolInit(t *testing.T) { 	assert.NilError(t, err) 	t.Logf("%s: NetworkInspect: %+v", t.Name(), out) 	assert.Assert(t, len(out.IPAM.Config) > 0)+	assert.Equal(t, out.IPAM.Config[0].Subnet, "20.20.1.0/24")++	// Also inspect ingress network and make sure its in the same subnet+	out, err = cli.NetworkInspect(ctx, "ingress", types.NetworkInspectOptions{Verbose: true})

[2019-10-23T17:08:36.806Z] integration/network/service_test.go:369:32:warning: undeclared name: ctx (gosimple)

thaJeztah

comment created time in 21 days

pull request commentdocker/engine

[18.09 backport] Add TC to check dynamic subnet for ingress network

[2019-10-23T17:08:36.806Z] integration/network/service_test.go:369:32:warning: undeclared name: ctx (gosimple)

thaJeztah

comment created time in 21 days

pull request commentdocker/cli

[18.09 backport] bump dependencies

Rebased to current head (50c4621fc82a4fc979829d9d876282a97ec0cc1e), minor conflict in vendor.conf because of #2080 being merged, resolved manually

thaJeztah

comment created time in 21 days

more