Accepting request 545292 from Virtualization:containers
This is an update of the Docker package, mostly just including packaging fixes. It also drops all of the v1.10.x migration logic we added a while ago. The delete request for docker-image-migrator was submitted in parallel. OBS-URL: https://build.opensuse.org/request/show/545292 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=64
This commit is contained in:
commit
a75507162a
@ -1,6 +0,0 @@
|
||||
*** WARNING ***
|
||||
|
||||
Disabling previously installed (experimental) plugins. The original plugin file
|
||||
is still available under /var/lib/docker/plugins/_plugins.json.old. This
|
||||
configuration style is no longer supported by Docker after v1.13.0 (and will
|
||||
cause it to fail to start).
|
@ -1,28 +0,0 @@
|
||||
*** WARNING ***
|
||||
|
||||
The docker service has not been restarted.
|
||||
|
||||
In the migration from docker<1.10.0 to docker>=1.10.0, the Docker image format
|
||||
has changed to be completely content-addressible. This results in several positive
|
||||
improvements to image operations (better caching during builds mainly). However,
|
||||
the migration operation may take several hours if you have a lot of large images
|
||||
on a Docker host. In order to ensure that you have minimum downtime, the docker
|
||||
service has not been restarted as it will trigger this migration. You may either
|
||||
restart this service at a time of your choosing or manually run the separate
|
||||
migration tool (which will not cause downtime for your Docker daemon).
|
||||
|
||||
You can run the migration with this command, which will exit after the migration
|
||||
has been completed:
|
||||
|
||||
$ %{_libexecdir}/docker-image-migrator/do-image-migration-v1to2.sh
|
||||
|
||||
Because the migrator requires information about the storage driver used by Docker,
|
||||
the migration script will source %{_sysconfdir}/sysconfig/docker and use \$DOCKER_OPTS as
|
||||
arguments to the migrator. If this automated migration fails, it will be re-attempted
|
||||
with every known storage driver. In addition, the script accepts arguments which
|
||||
will simiarly be appended to the set of arguments (after \$DOCKER_OPTS) to the
|
||||
migrator.
|
||||
|
||||
Restarting docker without running this separate migration tool, WILL CAUSE DOWNTIME,
|
||||
BECAUSE DOCKER WILL RUN THE MIGRATION ON FIRST START AND YOU WILL BE UNABLE TO START
|
||||
ANY CONTAINERS OR USE ANY DOCKER COMMANDS (EVEN CONTAINERS WITH RESTART POLICIES ACTIVE):
|
@ -1,3 +1,22 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 23 13:48:08 UTC 2017 - rbrown@suse.com
|
||||
|
||||
- Replace references to /var/adm/fillup-templates with new
|
||||
%_fillupdir macro (boo#1069468)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 14 22:39:56 UTC 2017 - asarai@suse.com
|
||||
|
||||
- Remove migration code for the v1.9.x -> v1.10.x migration. This has been
|
||||
around for a while, and we no longer support migrating from such an old
|
||||
version "nicely". Docker still has migration code that will run on
|
||||
first-boot, we are merely removing all of the "nice" warnings which tell
|
||||
users how to avoid issues during an upgrade that ocurred more than a year
|
||||
ago.
|
||||
- Drop un-needed files:
|
||||
- docker-plugin-message.txt
|
||||
- docker-update-message.txt
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 7 16:47:01 UTC 2017 - asarai@suse.com
|
||||
|
||||
@ -34,7 +53,7 @@ Mon Oct 16 11:06:22 UTC 2017 - asarai@suse.com
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 9 11:36:59 UTC 2017 - asarai@suse.com
|
||||
|
||||
- Update to Docker v17.07-ce. Upstream changelog:
|
||||
- Update to Docker v17.07-ce (bsc#1069758). Upstream changelog:
|
||||
https://github.com/docker/docker-ce/releases/tag/v17.06.0-ce
|
||||
https://github.com/docker/docker-ce/releases/tag/v17.07.0-ce
|
||||
- Removed no-longer needed patches.
|
||||
|
77
docker.spec
77
docker.spec
@ -17,12 +17,14 @@
|
||||
# nodebuginfo
|
||||
|
||||
|
||||
%global docker_store %{_localstatedir}/lib/docker
|
||||
%global docker_migration_testfile %{docker_store}/.suse-image-migration-v1to2-complete
|
||||
%global docker_migration_warnfile %{docker_store}/docker-update-message.txt
|
||||
%global docker_plugin_warnfile %{docker_store}/docker-plugin-message.txt
|
||||
%define docker_graph %{docker_store}/graph
|
||||
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
|
||||
# Where important update information will be stored, such that an administrator
|
||||
# is guaranteed to see the relevant warning.
|
||||
%define update_messages %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}
|
||||
|
||||
#Compat macro for new _fillupdir macro introduced in Nov 2017
|
||||
%if ! %{defined _fillupdir}
|
||||
%define _fillupdir /var/adm/fillup-templates
|
||||
%endif
|
||||
|
||||
# Used when generating the "build" information for Docker version. The value of
|
||||
# git_commit_epoch is unused here (we use SOURCE_DATE_EPOCH, which rpm
|
||||
@ -32,12 +34,6 @@
|
||||
%define git_version 87847530f717
|
||||
%define git_commit_epoch 1508266293
|
||||
|
||||
# When upgrading to a new version requires the service not to be restarted
|
||||
# Due to a long migration process update last_migration_version to the new version
|
||||
# that will first perform the migration, last time this was needed was version
|
||||
# 1.10.1
|
||||
%global last_migration_version 1.10.1
|
||||
|
||||
Name: docker
|
||||
Version: 17.07.0_ce
|
||||
Release: 0
|
||||
@ -54,8 +50,6 @@ Source6: docker-rpmlintrc
|
||||
Source7: README_SUSE.md
|
||||
Source8: docker-audit.rules
|
||||
Source9: tests.sh
|
||||
Source50: docker-update-message.txt
|
||||
Source51: docker-plugin-message.txt
|
||||
# SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers
|
||||
# which is not snapshotted when images are committed. Note that if you modify
|
||||
# this patch, please also modify the patch in the suse-secrets-v<version>
|
||||
@ -124,8 +118,6 @@ Requires: xz >= 4.9
|
||||
Requires(post): %fillup_prereq
|
||||
Requires(post): udev
|
||||
Requires(post): shadow
|
||||
# Not necessary, but must be installed to have a smooth upgrade.
|
||||
Recommends: docker-image-migrator
|
||||
# Not necessary, but must be installed when the underlying system is
|
||||
# configured to use lvm and the user doesn't explicitly provide a
|
||||
# different storage-driver than devicemapper
|
||||
@ -342,7 +334,7 @@ install -d %{buildroot}%{go_contribdir}
|
||||
install -d %{buildroot}%{_bindir}
|
||||
install -D -m755 components/cli/build/docker %{buildroot}/%{_bindir}/docker
|
||||
install -D -m755 components/engine/bundles/latest/dynbinary-daemon/dockerd %{buildroot}/%{_bindir}/dockerd
|
||||
install -d %{buildroot}/%{_prefix}/lib/docker
|
||||
install -d %{buildroot}/%{_localstatedir}/lib/docker
|
||||
install -Dd -m 0755 \
|
||||
%{buildroot}%{_sysconfdir}/init.d \
|
||||
%{buildroot}%{_sbindir}
|
||||
@ -370,7 +362,7 @@ install -D -m 0644 %{SOURCE3} %{buildroot}%{_udevrulesdir}/80-%{name}.rules
|
||||
install -D -m 0640 %{SOURCE8} %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.rules
|
||||
|
||||
# sysconfig file
|
||||
install -D -m 644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.docker
|
||||
install -D -m 644 %{SOURCE4} %{buildroot}%{_fillupdir}/sysconfig.docker
|
||||
|
||||
# install manpages (using the ones from the engine)
|
||||
install -d %{buildroot}%{_mandir}/man1
|
||||
@ -380,54 +372,13 @@ install -p -m 644 components/cli/man/man5/Dockerfile.5 %{buildroot}%{_mandir}/ma
|
||||
install -d %{buildroot}%{_mandir}/man8
|
||||
install -p -m 644 components/cli/man/man8/*.8 %{buildroot}%{_mandir}/man8
|
||||
|
||||
install -D -m 0644 %{SOURCE50} %{buildroot}%{docker_migration_warnfile}
|
||||
install -D -m 0644 %{SOURCE51} %{buildroot}%{docker_plugin_warnfile}
|
||||
|
||||
%fdupes %{buildroot}
|
||||
|
||||
%pre
|
||||
# TODO: Remove this code in the near future.
|
||||
# In order to make sure we don't print a scary warning when we shouldn't we
|
||||
# need to test these things (in this order):
|
||||
# 1. Check that %%{_localstatedir}/lib/docker actually exists (docker daemon has run).
|
||||
# 2. Check that the migrator has *not* finished.
|
||||
# 3. Check that %%{_localstatedir}/lib/docker/graph exists (this is a <=1.9.1 thing, but
|
||||
# will stick around if it has been migrated -- which is why we need the
|
||||
# MIGRATION_TESTFILE check).
|
||||
# 4. Check that there are images in the graph/ directory.
|
||||
if [[ -x %{_bindir}/docker && -d "%{docker_store}" && -n "$(find "%{docker_graph}" -maxdepth 1 -type d 2>/dev/null | grep -Ev '_tmp|^%{docker_graph}$')" ]]; then
|
||||
# Check if currently installed version of docker is old enough to need migration.
|
||||
CURRENT_DOCKER_VERSION=$(docker -v | sed 's/^.*[^0-9]\([0-9]*\.[0-9]*\.[0-9]*\).*$/\1/')
|
||||
# This variable will contain the current docker version if migration is needed otherwise it will contain the upgrade point.
|
||||
# Next time the docker package needs to be upgraded without restarting the service increase the 1.10.1 to the new version.
|
||||
NEED_UPGRADE_VERSION=$(echo -e "$CURRENT_DOCKER_VERSION\n%{last_migration_version}" | sort -V | head -1)
|
||||
|
||||
if [[ $CURRENT_DOCKER_VERSION == $NEED_UPGRADE_VERSION ]]; then
|
||||
touch %{docker_migration_testfile}
|
||||
fi
|
||||
fi
|
||||
|
||||
getent group docker >/dev/null || groupadd -r docker
|
||||
%service_add_pre %{name}.service
|
||||
|
||||
%post
|
||||
if [ -e %{docker_migration_testfile} ]; then
|
||||
cat %{docker_migration_warnfile} >> /var/adm/update-messages/docker-%{version}-%{release}
|
||||
else
|
||||
if [ -e %{docker_migration_warnfile} ]; then
|
||||
rm %{docker_migration_warnfile}
|
||||
fi
|
||||
fi
|
||||
|
||||
# TODO: Remove this code in the near future.
|
||||
# If plugins.json is present, docker will fail to start. It should be noted
|
||||
# that this was not supported by us, as it was only experimental at the time.
|
||||
# But handle this migration anyway. https://github.com/docker/docker/releases/tag/v1.13.0
|
||||
if [ -e /var/lib/docker/plugins/plugins.json ];then
|
||||
cat %{docker_plugin_warnfile} >> /var/adm/update-messages/docker-%{version}-%{release}
|
||||
mv /var/lib/docker/plugins/plugins.json /var/lib/docker/plugins/_plugins.json.old
|
||||
fi
|
||||
|
||||
%service_add_post %{name}.service
|
||||
%{fillup_only -n docker}
|
||||
|
||||
@ -435,10 +386,6 @@ fi
|
||||
%service_del_preun %{name}.service
|
||||
|
||||
%postun
|
||||
if [ -e %{docker_migration_testfile} ]; then
|
||||
rm %{docker_migration_testfile}
|
||||
export DISABLE_RESTART_ON_UPDATE=yes
|
||||
fi
|
||||
%service_del_postun %{name}.service
|
||||
|
||||
%files
|
||||
@ -450,8 +397,8 @@ fi
|
||||
%{_unitdir}/%{name}.service
|
||||
%config %{_sysconfdir}/audit/rules.d/%{name}.rules
|
||||
%{_udevrulesdir}/80-%{name}.rules
|
||||
%{_localstatedir}/adm/fillup-templates/sysconfig.docker
|
||||
%{_localstatedir}/lib/docker/
|
||||
%{_fillupdir}/sysconfig.docker
|
||||
%dir %{_localstatedir}/lib/docker/
|
||||
%{_mandir}/man1/docker-*.1%{ext_man}
|
||||
%{_mandir}/man1/docker.1%{ext_man}
|
||||
%{_mandir}/man5/Dockerfile.5%{ext_man}
|
||||
|
@ -70,5 +70,5 @@ index 84b7eb352f1a..dc3a48bfe47a 100644
|
||||
return errors.Wrap(err, "error setting ownership for secret")
|
||||
}
|
||||
--
|
||||
2.14.2
|
||||
2.15.0
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From afb202611a8330e0b3a7900aa2d68b7cc1d489fe Mon Sep 17 00:00:00 2001
|
||||
From 7c03750568cb9b67b763cd03f92ce45c567ca043 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Wed, 8 Mar 2017 11:43:29 +1100
|
||||
Subject: [PATCH 2/2] SUSE: implement SUSE container secrets
|
||||
@ -13,8 +13,8 @@ MAKES BUILDS NOT ENTIRELY REPRODUCIBLE.
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
daemon/start.go | 5 +
|
||||
daemon/suse_secrets.go | 328 +++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 333 insertions(+)
|
||||
daemon/suse_secrets.go | 331 +++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 336 insertions(+)
|
||||
create mode 100644 daemon/suse_secrets.go
|
||||
|
||||
diff --git a/daemon/start.go b/daemon/start.go
|
||||
@ -35,10 +35,10 @@ index 55438cf2c45f..7dfa6cd1d055 100644
|
||||
return err
|
||||
diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go
|
||||
new file mode 100644
|
||||
index 000000000000..b09ad96f01b0
|
||||
index 000000000000..b6914adf09ce
|
||||
--- /dev/null
|
||||
+++ b/daemon/suse_secrets.go
|
||||
@@ -0,0 +1,328 @@
|
||||
@@ -0,0 +1,331 @@
|
||||
+/*
|
||||
+ * suse-secrets: patch for Docker to implement SUSE secrets
|
||||
+ * Copyright (C) 2017 SUSE LLC.
|
||||
@ -94,6 +94,9 @@ index 000000000000..b09ad96f01b0
|
||||
+}
|
||||
+
|
||||
+func (s SuseFakeFile) id() string {
|
||||
+ // NOTE: It is _very_ important that this string always has a prefix of
|
||||
+ // "suse". This is how we can ensure that we can operate on
|
||||
+ // SecretReferences with a confidence that it was made by us.
|
||||
+ return fmt.Sprintf("suse_%s_%s", digest.FromBytes(s.Data).Hex(), s.Path)
|
||||
+}
|
||||
+
|
||||
@ -113,7 +116,7 @@ index 000000000000..b09ad96f01b0
|
||||
+ // mapped).
|
||||
+ ctrUser := idtools.IDPair{UID: s.Uid, GID: s.Gid}
|
||||
+ hostUser := idMaps.RootPair()
|
||||
+ if user, err := idMaps.ToHost(ctrUser); err != nil {
|
||||
+ if user, err := idMaps.ToHost(ctrUser); err == nil {
|
||||
+ hostUser = user
|
||||
+ }
|
||||
+
|
||||
@ -368,5 +371,5 @@ index 000000000000..b09ad96f01b0
|
||||
+ return nil
|
||||
+}
|
||||
--
|
||||
2.14.2
|
||||
2.15.0
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user