| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a method nearly identical to PingV2Registry,
except it uses a POST request instead of a GET request. This is
so that registries that use a proxy that perform authentication on
POST requests but not GET requests (to allow for anonymous pulls)
are able to provide this functionality. Previously, using a GET request
meant there was no way to differentiate if the action being taken was
a push or pull and handle it differently, this allows that.
|
|\
| |
| | |
vendor: github.com/klauspost/compress v1.15.9
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
various fixes in zstd compression
- https://github.com/klauspost/compress/releases/tag/v1.15.9
- https://github.com/klauspost/compress/releases/tag/v1.15.8
- https://github.com/klauspost/compress/releases/tag/v1.15.7
- https://github.com/klauspost/compress/releases/tag/v1.15.6
- https://github.com/klauspost/compress/releases/tag/v1.15.5
- https://github.com/klauspost/compress/releases/tag/v1.15.4
- https://github.com/klauspost/compress/releases/tag/v1.15.3
- https://github.com/klauspost/compress/releases/tag/v1.15.2
full diff: https://github.com/klauspost/compress/compare/v1.15.1...v1.15.9
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
|\ \
| | |
| | | |
client: remove deprecated error-utilities
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It was only used in a single location, and only a "convenience" type,
not used to detect a specific error.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
These were deprecated in ee230d8fdda6a1901c2adc394b5fb8471ec7aa51,
which is in the 22.06 branch, so we can safely remove it from
master to have them removed in the release after that.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
|\ \ \
| | | |
| | | | |
replace pkg/system Sequential funcs with moby/sys/sequential
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Migrating these functions to allow them being shared between moby, docker/cli,
and containerd, and to allow using them without importing all of sys / system,
which (in containerd) also depends on hcsshim and more.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
|\ \ \
| | | |
| | | | |
ci: move buildkit tests to a dedicated workflow
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
|
|\ \ \ \
| | | | |
| | | | | |
Un-skip TestHealthCheckProcessKilled on Windows+containerd and stop health checks earlier upon container exit.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Prevent new health check probes from racing the task deletion. This may
have been a root cause of containers taking so long to stop on Windows.
Signed-off-by: Cory Snider <csnider@mirantis.com>
|
| | |_|/
| |/| |
| | | |
| | | | |
Signed-off-by: Cory Snider <csnider@mirantis.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
pkg/system: make IsAbs() platform-agnostic
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
filepath.IsAbs() will short-circuit on Linux/Unix, so having a single
implementation should not affect those platforms.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
|\ \ \ \
| | | | |
| | | | | |
validate: add additional validation on YAML files
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
see https://github.com/koalaman/shellcheck/wiki/SC2155
Looking at how these were used, I don't think we even need to
export them, so removing that.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
validate other YAML files, such as the ones used in the documentation,
and GitHub actions workflows, to prevent issues such as;
- 30295c1750714d26f3c8fc9c3451f11ac351f2be
- 8e8d9a36500fb07fa9d1b68539756b9a93d3509e
With this patch:
hack/validate/yamllint
Congratulations! yamllint config file formatted correctly
Congratulations! YAML files are formatted correctly
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Suppresses warnings like:
LANG=C.UTF-8 yamllint -c hack/validate/yamllint.yaml -f parsable .github/workflows/*.yml
.github/workflows/ci.yml:7:1: [warning] truthy value should be one of [false, true] (truthy)
.github/workflows/windows.yml:7:1: [warning] truthy value should be one of [false, true] (truthy)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Before:
10030:81 error line too long (89 > 80 characters) (line-length)
After:
api/swagger.yaml:10030:81: [error] line too long (89 > 80 characters) (line-length)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Don't make the file hidden, and add .yaml extension, so that editors
pick up the right formatting :)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
|/ / / /
| | | |
| | | |
| | | | |
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
|\ \ \ \
| |/ / /
|/| | | |
ci(windows): move windows-2019 to another workflow
|
|/ / /
| | |
| | |
| | | |
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
|
|\ \ \
| | | |
| | | | |
update containerd binary to v1.6.8
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
release notes: https://github.com/containerd/containerd/releases/tag/v1.6.8
full diff: https://github.com/containerd/containerd/compare/v1.6.7...v1.6.8
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
|\ \ \
| | | |
| | | | |
update runc to v1.1.4
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.4
full diff: https://github.com/opencontainers/runc/compare/v1.1.3...v1.1.4
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
|\ \ \
| | | |
| | | | |
ci: fix broken workflow
|
|/ / /
| | |
| | |
| | | |
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
|
|\ \ \
| |/ /
|/| | |
Upgrades buildx to 0.9.1
|
| | |
| | |
| | |
| | |
| | |
| | | |
v0.9.0 included regressions. Release notes: https://github.com/docker/buildx/releases/tag/v0.9.1
Signed-off-by: Ben Langfeld <blangfeld@powerhrg.com>
|
|\ \ \
| |/ /
|/| | |
vendor: github.com/moby/buildkit v0.10.4
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
release notes: https://github.com/moby/buildkit/releases/tag/v0.10.4
full diff: https://github.com/moby/buildkit/compare/8e2d9b9006ca...v0.10.4
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
|/ /
| |
| |
| | |
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
|\ \
| | |
| | | |
Refactor libcontainerd to minimize containerd RPCs
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We have integration tests which assert the invariant that a
GET /containers/{id}/json response lists only IDs of execs which are in
the Running state, according to GET /exec/{id}/json. The invariant could
be violated if those requests were to race the handling of the exec's
task-exit event. The coarse-grained locking of the container ExecStore
when starting an exec task was accidentally synchronizing
(*Daemon).ProcessEvent and (*Daemon).ContainerExecInspect to it just
enough to make it improbable for the integration tests to catch the
invariant violation on execs which exit immediately. Removing the
unnecessary locking made the underlying race condition more likely for
the tests to hit.
Maintain the invariant by deleting the exec from its container's
ExecCommands before clearing its Running flag. Additionally, fix other
potential data races with execs by ensuring that the ExecConfig lock is
held whenever a mutable field is read from or written to.
Signed-off-by: Cory Snider <csnider@mirantis.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Modifying the builtin Windows runtime to send the exited event
immediately upon the container's init process exiting, without first
waiting for the Compute System to shut down, perturbed the timings
enough to make TestWaitConditions flaky on that platform. Make
TestWaitConditions timing-independent by having the container wait
for input on STDIN before exiting.
Signed-off-by: Cory Snider <csnider@mirantis.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Attempting to delete the directory while another goroutine is
concurrently executing a CheckpointTo() can fail on Windows due to file
locking. As all callers of CheckpointTo() are required to hold the
container lock, holding the lock while deleting the directory ensures
that there will be no interference.
Signed-off-by: Cory Snider <csnider@mirantis.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The existing logic to handle container ID conflicts when attempting to
create a plugin container is not nearly as robust as the implementation
in daemon for user containers. Extract and refine the logic from daemon
and use it in the plugin executor.
Signed-off-by: Cory Snider <csnider@mirantis.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The containerd client is very chatty at the best of times. Because the
libcontained API is stateless and references containers and processes by
string ID for every method call, the implementation is essentially
forced to use the containerd client in a way which amplifies the number
of redundant RPCs invoked to perform any operation. The libcontainerd
remote implementation has to reload the containerd container, task
and/or process metadata for nearly every operation. This in turn
amplifies the number of context switches between dockerd and containerd
to perform any container operation or handle a containerd event,
increasing the load on the system which could otherwise be allocated to
workloads.
Overhaul the libcontainerd interface to reduce the impedance mismatch
with the containerd client so that the containerd client can be used
more efficiently. Split the API out into container, task and process
interfaces which the consumer is expected to retain so that
libcontainerd can retain state---especially the analogous containerd
client objects---without having to manage any state-store inside the
libcontainerd client.
Signed-off-by: Cory Snider <csnider@mirantis.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The OOMKilled flag on a container's state has historically behaved
rather unintuitively: it is updated on container exit to reflect whether
or not any process within the container has been OOM-killed during the
preceding run of the container. The OOMKilled flag would be set to true
when the container exits if any process within the container---including
execs---was OOM-killed at any time while the container was running,
whether or not the OOM-kill was the cause of the container exiting. The
flag is "sticky," persisting through the next start of the container;
only being cleared once the container exits without any processes having
been OOM-killed that run.
Alter the behavior of the OOMKilled flag such that it signals whether
any process in the container had been OOM-killed since the most recent
start of the container. Set the flag immediately upon any process being
OOM-killed, and clear it when the container transitions to the "running"
state.
There is an ulterior motive for this change. It reduces the amount of
state the libcontainerd client needs to keep track of and clean up on
container exit. It's one less place the client could leak memory if a
container was to be deleted without going through libcontainerd.
Signed-off-by: Cory Snider <csnider@mirantis.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The daemon.containerd.Exec call does not access or mutate the
container's ExecCommands store in any way, and locking the exec config
is sufficient to synchronize with the event-processing loop. Locking
the ExecCommands store while starting the exec process only serves to
block unrelated operations on the container for an extended period of
time.
Convert the Store struct's mutex to an unexported field to prevent this
from regressing in the future.
Signed-off-by: Cory Snider <csnider@mirantis.com>
|
|\ \ \ |
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
It was deprecated in edac92409a3b1d0cfb7f5c0e2d10b3bb71f27245, which
was part of 18.09 and up, so should be safe by now to remove this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
|\ \ \
| |_|/
|/| | |
daemon: getInspectData(): skip graphdriver data for snapshotters
|
| | |
| | |
| | |
| | |
| | |
| | | |
Use an early return if looking up metadata fails.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|