The purpose of the `slirp-proxy` is to expose ports on the Mac or
Windows host. In d5bd7d690a we added
an additional `Listen` inside the VM for backwards compatibility
with software that expected to be able to listen on `0.0.0.0` in
one container and then access this easily from other containers
using an IP bound to the VM (instead of using a first-class network
to connect the containers or discovering a real IP of the host).
Before this patch we could only expose ports on if the Listen
succeeds on both the host and the VM. In practice this meant that
we could only expose ports on `0.0.0.0` and `127.0.0.1`; attempts
to expose ports on specific interfaces on the host would fail.
This patch treats the EADDRNOTAVAIL error from the Listen inside
the VM as a soft failure, and still attempts to Listen on the host.
If the Listen on the host fails it is still a hard failure.
This allows ports to be exposed on specific IPs used on the host.
Fixes [docker/pinata#5080]
Signed-off-by: David Scott <dave.scott@docker.com>
This log file has been removed and the contents are now in /var/log/messages
which we already collect.
Signed-off-by: David Scott <dave.scott@docker.com>
- Human readable df output
- Dramatically more history from Docker and syslog
- brctl doesn't output anything without 'show'
Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com>
Shutdown without this still seems pretty quick, and we are no longer
shutting down frequently for state changes, so I think this is a
reasonable change.
See #430
Signed-off-by: Justin Cormack <justin@specialbusservice.com>
This will make it fail correctly on old versions that are unsupported.
Allow override of download host.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
If the server side crashes and is restarted, this patch makes
tap-vsockd reconnect so the network is restored.
Signed-off-by: David Scott <dave.scott@docker.com>
This uses the new Alpine sysfs.conf service to allow config of sysfs.
Default file that sets transparent huge pages to only be used on request
to fix#368
Database setting available for user configuration.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Change the format of the registry value, create a credentials file
from the new value, and use that for the CIFS mount.
This should fix issues with password and usernames with un-usual characters in them.
Note this requires a matching change in the host app
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Docker needs 10s at least for containers to be allowed to shut down,
so allow 15s maximum between SIGTERM and SIGKILL.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This allows plain `swarm init` to work. We do not support multi
node clusters yet as there is no way to reqach this address from
externally at present.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Use `make DOCKER_VERSION=xxx` to override version. Note that
as install process and packaging may vary this may not work.
Use `make DOCKER_EXPERIMENTAL=0` to build from either release
binaries, if version is a final release or test binaries for
release candidates.
Building experimental is still the default.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This adds a new notify channel to the transfuse protocol. It is not
optional yet but could be made to be optional. A notify protocol and
notify channel are required because writing FUSE response messages to
the FUSE device has different semantics from writing asynchronous
notifications. In particular, response message writes only error on
malformed messages, do not take locks, and do not block. In contrast,
asynchronous notifications can error under normal conditions
(e.g. invalidating a cache entry that doesn't exist), can take locks
during the write call, and can block.
If responses and notifications occur in the same thread, the file system
can become deadlocked when syscalls lock resources waiting for a
response and a notification is written that blocks attempting to acquire
those same locks. The response that would unlock the contended lock
could be queued behind the notification write but the notification write
can't unblock until the response is written in the future. This patch
enables file systems to avoid that fate by offering a secondary channel
on which to send notifications.
Signed-off-by: David Sheets <dsheets@docker.com>
