Browse code
Merge pull request #41977 from thaJeztah/20.10_backport_minor_fixes
[20.10 backport] assorted small fixes, docs changes, and contrib
Tibor Vass authored on 2021/02/19 05:29:07Showing 9 changed files
- api/swagger.yaml
- contrib/check-config.sh
- daemon/daemon_unix.go
- docs/api/v1.37.yaml
- docs/api/v1.38.yaml
- docs/api/v1.39.yaml
- docs/api/v1.40.yaml
- docs/api/v1.41.yaml
- integration-cli/docker_cli_run_unix_test.go
| ... | ... |
@@ -7310,7 +7310,7 @@ paths: |
| 7310 | 7310 |
|
| 7311 | 7311 |
|
| 7312 | 7312 |
For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
|
| 7313 |
- the query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
|
|
| 7313 |
+ query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
|
|
| 7314 | 7314 |
|
| 7315 | 7315 |
|
| 7316 | 7316 |
[Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg) |
| ... | ... |
@@ -155,18 +155,22 @@ echo |
| 155 | 155 |
echo 'Generally Necessary:' |
| 156 | 156 |
|
| 157 | 157 |
echo -n '- ' |
| 158 |
-cgroupSubsystemDir="$(awk '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)[, ]/ && $3 == "cgroup" { print $2 }' /proc/mounts | head -n1)"
|
|
| 159 |
-cgroupDir="$(dirname "$cgroupSubsystemDir")" |
|
| 160 |
-if [ -d "$cgroupDir/cpu" ] || [ -d "$cgroupDir/cpuacct" ] || [ -d "$cgroupDir/cpuset" ] || [ -d "$cgroupDir/devices" ] || [ -d "$cgroupDir/freezer" ] || [ -d "$cgroupDir/memory" ]; then |
|
| 161 |
- echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]" |
|
| 158 |
+if [ "$(stat -f -c %t /sys/fs/cgroup 2> /dev/null)" = '63677270' ]; then |
|
| 159 |
+ echo "$(wrap_good 'cgroup hierarchy' 'cgroupv2')" |
|
| 162 | 160 |
else |
| 163 |
- if [ "$cgroupSubsystemDir" ]; then |
|
| 164 |
- echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupSubsystemDir]" |
|
| 161 |
+ cgroupSubsystemDir="$(awk '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)[, ]/ && $3 == "cgroup" { print $2 }' /proc/mounts | head -n1)"
|
|
| 162 |
+ cgroupDir="$(dirname "$cgroupSubsystemDir")" |
|
| 163 |
+ if [ -d "$cgroupDir/cpu" ] || [ -d "$cgroupDir/cpuacct" ] || [ -d "$cgroupDir/cpuset" ] || [ -d "$cgroupDir/devices" ] || [ -d "$cgroupDir/freezer" ] || [ -d "$cgroupDir/memory" ]; then |
|
| 164 |
+ echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]" |
|
| 165 | 165 |
else |
| 166 |
- wrap_bad 'cgroup hierarchy' 'nonexistent??' |
|
| 166 |
+ if [ "$cgroupSubsystemDir" ]; then |
|
| 167 |
+ echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupSubsystemDir]" |
|
| 168 |
+ else |
|
| 169 |
+ wrap_bad 'cgroup hierarchy' 'nonexistent??' |
|
| 170 |
+ fi |
|
| 171 |
+ EXITCODE=1 |
|
| 172 |
+ echo " $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)" |
|
| 167 | 173 |
fi |
| 168 |
- EXITCODE=1 |
|
| 169 |
- echo " $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)" |
|
| 170 | 174 |
fi |
| 171 | 175 |
|
| 172 | 176 |
if [ "$(cat /sys/module/apparmor/parameters/enabled 2> /dev/null)" = 'Y' ]; then |
| ... | ... |
@@ -192,9 +196,9 @@ flags=( |
| 192 | 192 |
CGROUPS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED CPUSETS MEMCG |
| 193 | 193 |
KEYS |
| 194 | 194 |
VETH BRIDGE BRIDGE_NETFILTER |
| 195 |
- NF_NAT_IPV4 IP_NF_FILTER IP_NF_TARGET_MASQUERADE |
|
| 195 |
+ IP_NF_FILTER IP_NF_TARGET_MASQUERADE |
|
| 196 | 196 |
NETFILTER_XT_MATCH_{ADDRTYPE,CONNTRACK,IPVS}
|
| 197 |
- IP_NF_NAT NF_NAT NF_NAT_NEEDED |
|
| 197 |
+ IP_NF_NAT NF_NAT |
|
| 198 | 198 |
|
| 199 | 199 |
# required for bind-mounting /dev/mqueue into containers |
| 200 | 200 |
POSIX_MQUEUE |
| ... | ... |
@@ -204,6 +208,14 @@ if [ "$kernelMajor" -lt 4 ] || ([ "$kernelMajor" -eq 4 ] && [ "$kernelMinor" -lt |
| 204 | 204 |
check_flags DEVPTS_MULTIPLE_INSTANCES |
| 205 | 205 |
fi |
| 206 | 206 |
|
| 207 |
+if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 1 ]; then |
|
| 208 |
+ check_flags NF_NAT_IPV4 |
|
| 209 |
+fi |
|
| 210 |
+ |
|
| 211 |
+if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 2 ]; then |
|
| 212 |
+ check_flags NF_NAT_NEEDED |
|
| 213 |
+fi |
|
| 214 |
+ |
|
| 207 | 215 |
echo |
| 208 | 216 |
|
| 209 | 217 |
echo 'Optional Features:' |
| ... | ... |
@@ -218,13 +230,21 @@ echo 'Optional Features:' |
| 218 | 218 |
check_flags CGROUP_PIDS |
| 219 | 219 |
} |
| 220 | 220 |
{
|
| 221 |
- CODE=${EXITCODE}
|
|
| 222 |
- check_flags MEMCG_SWAP MEMCG_SWAP_ENABLED |
|
| 223 |
- if [ -e /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes ]; then |
|
| 221 |
+ check_flags MEMCG_SWAP |
|
| 222 |
+ # Kernel v5.8+ removes MEMCG_SWAP_ENABLED. |
|
| 223 |
+ if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 8 ]; then |
|
| 224 |
+ CODE=${EXITCODE}
|
|
| 225 |
+ check_flags MEMCG_SWAP_ENABLED |
|
| 226 |
+ # FIXME this check is cgroupv1-specific |
|
| 227 |
+ if [ -e /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes ]; then |
|
| 228 |
+ echo " $(wrap_color '(cgroup swap accounting is currently enabled)' bold black)" |
|
| 229 |
+ EXITCODE=${CODE}
|
|
| 230 |
+ elif is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then |
|
| 231 |
+ echo " $(wrap_color '(cgroup swap accounting is currently not enabled, you can enable it by setting boot option "swapaccount=1")' bold black)" |
|
| 232 |
+ fi |
|
| 233 |
+ else |
|
| 234 |
+ # Kernel v5.8+ enables swap accounting by default. |
|
| 224 | 235 |
echo " $(wrap_color '(cgroup swap accounting is currently enabled)' bold black)" |
| 225 |
- EXITCODE=${CODE}
|
|
| 226 |
- elif is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then |
|
| 227 |
- echo " $(wrap_color '(cgroup swap accounting is currently not enabled, you can enable it by setting boot option "swapaccount=1")' bold black)" |
|
| 228 | 236 |
fi |
| 229 | 237 |
} |
| 230 | 238 |
{
|
| ... | ... |
@@ -263,8 +283,12 @@ else |
| 263 | 263 |
netprio=CGROUP_NET_PRIO |
| 264 | 264 |
fi |
| 265 | 265 |
|
| 266 |
+if [ "$kernelMajor" -lt 5 ]; then |
|
| 267 |
+ check_flags IOSCHED_CFQ CFQ_GROUP_IOSCHED |
|
| 268 |
+fi |
|
| 269 |
+ |
|
| 266 | 270 |
flags=( |
| 267 |
- BLK_CGROUP BLK_DEV_THROTTLING IOSCHED_CFQ CFQ_GROUP_IOSCHED |
|
| 271 |
+ BLK_CGROUP BLK_DEV_THROTTLING |
|
| 268 | 272 |
CGROUP_PERF |
| 269 | 273 |
CGROUP_HUGETLB |
| 270 | 274 |
NET_CLS_CGROUP $netprio |
| ... | ... |
@@ -299,7 +323,10 @@ echo " - \"$(wrap_color 'overlay' blue)\":" |
| 299 | 299 |
check_flags VXLAN BRIDGE_VLAN_FILTERING | sed 's/^/ /' |
| 300 | 300 |
echo ' Optional (for encrypted networks):' |
| 301 | 301 |
check_flags CRYPTO CRYPTO_AEAD CRYPTO_GCM CRYPTO_SEQIV CRYPTO_GHASH \ |
| 302 |
- XFRM XFRM_USER XFRM_ALGO INET_ESP INET_XFRM_MODE_TRANSPORT | sed 's/^/ /' |
|
| 302 |
+ XFRM XFRM_USER XFRM_ALGO INET_ESP | sed 's/^/ /' |
|
| 303 |
+if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 3 ]; then |
|
| 304 |
+ check_flags INET_XFRM_MODE_TRANSPORT | sed 's/^/ /' |
|
| 305 |
+fi |
|
| 303 | 306 |
echo " - \"$(wrap_color 'ipvlan' blue)\":" |
| 304 | 307 |
check_flags IPVLAN | sed 's/^/ /' |
| 305 | 308 |
echo " - \"$(wrap_color 'macvlan' blue)\":" |
| ... | ... |
@@ -461,7 +461,7 @@ func verifyPlatformContainerResources(resources *containertypes.Resources, sysIn |
| 461 | 461 |
resources.MemoryReservation = 0 |
| 462 | 462 |
} |
| 463 | 463 |
if resources.MemoryReservation > 0 && resources.MemoryReservation < linuxMinMemory {
|
| 464 |
- return warnings, fmt.Errorf("Minimum memory reservation allowed is 4MB")
|
|
| 464 |
+ return warnings, fmt.Errorf("Minimum memory reservation allowed is 6MB")
|
|
| 465 | 465 |
} |
| 466 | 466 |
if resources.Memory > 0 && resources.MemoryReservation > 0 && resources.Memory < resources.MemoryReservation {
|
| 467 | 467 |
return warnings, fmt.Errorf("Minimum memory limit can not be less than memory reservation limit, see usage")
|
| ... | ... |
@@ -6196,7 +6196,7 @@ paths: |
| 6196 | 6196 |
|
| 6197 | 6197 |
|
| 6198 | 6198 |
For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
|
| 6199 |
- the query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
|
|
| 6199 |
+ query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
|
|
| 6200 | 6200 |
|
| 6201 | 6201 |
|
| 6202 | 6202 |
[Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg) |
| ... | ... |
@@ -6257,7 +6257,7 @@ paths: |
| 6257 | 6257 |
|
| 6258 | 6258 |
|
| 6259 | 6259 |
For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
|
| 6260 |
- the query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
|
|
| 6260 |
+ query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
|
|
| 6261 | 6261 |
|
| 6262 | 6262 |
|
| 6263 | 6263 |
[Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg) |
| ... | ... |
@@ -7004,7 +7004,7 @@ paths: |
| 7004 | 7004 |
|
| 7005 | 7005 |
|
| 7006 | 7006 |
For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
|
| 7007 |
- the query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
|
|
| 7007 |
+ query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
|
|
| 7008 | 7008 |
|
| 7009 | 7009 |
|
| 7010 | 7010 |
[Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg) |
| ... | ... |
@@ -7142,7 +7142,7 @@ paths: |
| 7142 | 7142 |
|
| 7143 | 7143 |
|
| 7144 | 7144 |
For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
|
| 7145 |
- the query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
|
|
| 7145 |
+ query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
|
|
| 7146 | 7146 |
|
| 7147 | 7147 |
|
| 7148 | 7148 |
[Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg) |
| ... | ... |
@@ -7310,7 +7310,7 @@ paths: |
| 7310 | 7310 |
|
| 7311 | 7311 |
|
| 7312 | 7312 |
For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
|
| 7313 |
- the query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
|
|
| 7313 |
+ query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
|
|
| 7314 | 7314 |
|
| 7315 | 7315 |
|
| 7316 | 7316 |
[Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg) |
| ... | ... |
@@ -697,7 +697,7 @@ func (s *DockerSuite) TestRunWithMemoryReservationInvalid(c *testing.T) {
|
| 697 | 697 |
assert.Assert(c, strings.Contains(strings.TrimSpace(out), expected), "run container should fail with invalid memory reservation") |
| 698 | 698 |
out, _, err = dockerCmdWithError("run", "--memory-reservation", "1k", "busybox", "true")
|
| 699 | 699 |
assert.ErrorContains(c, err, "") |
| 700 |
- expected = "Minimum memory reservation allowed is 4MB" |
|
| 700 |
+ expected = "Minimum memory reservation allowed is 6MB" |
|
| 701 | 701 |
assert.Assert(c, strings.Contains(strings.TrimSpace(out), expected), "run container should fail with invalid memory reservation") |
| 702 | 702 |
} |
| 703 | 703 |
|