Merge pull request #33388 from cpuguy83/go1.7.6
[17.03.3] Bump go version to 1.7.6
diff --git a/VERSION b/VERSION
index bc606d7..47f5060 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-17.03.2-ce-rc1
+17.03.2-ce
diff --git a/daemon/logger/jsonfilelog/jsonfilelog.go b/daemon/logger/jsonfilelog/jsonfilelog.go
index a429a08..fa6f9bf 100644
--- a/daemon/logger/jsonfilelog/jsonfilelog.go
+++ b/daemon/logger/jsonfilelog/jsonfilelog.go
@@ -7,6 +7,7 @@
"bytes"
"encoding/json"
"fmt"
+ "io"
"strconv"
"sync"
@@ -15,6 +16,7 @@
"github.com/docker/docker/daemon/logger/loggerutils"
"github.com/docker/docker/pkg/jsonlog"
"github.com/docker/go-units"
+ "github.com/pkg/errors"
)
// Name is the name of the file that the jsonlogger logs to.
@@ -22,11 +24,13 @@
// JSONFileLogger is Logger implementation for default Docker logging.
type JSONFileLogger struct {
- buf *bytes.Buffer
+ extra []byte // json-encoded extra attributes
+
+ mu sync.RWMutex
+ buf *bytes.Buffer // avoids allocating a new buffer on each call to `Log()`
+ closed bool
writer *loggerutils.RotateFileWriter
- mu sync.Mutex
readers map[*logger.LogWatcher]struct{} // stores the active log followers
- extra []byte // json-encoded extra attributes
}
func init() {
@@ -85,32 +89,43 @@
// Log converts logger.Message to jsonlog.JSONLog and serializes it to file.
func (l *JSONFileLogger) Log(msg *logger.Message) error {
+ l.mu.Lock()
+ err := writeMessageBuf(l.writer, msg, l.extra, l.buf)
+ l.buf.Reset()
+ l.mu.Unlock()
+ return err
+}
+
+func writeMessageBuf(w io.Writer, m *logger.Message, extra json.RawMessage, buf *bytes.Buffer) error {
+ if err := marshalMessage(m, extra, buf); err != nil {
+ return err
+ }
+ if _, err := w.Write(buf.Bytes()); err != nil {
+ return errors.Wrap(err, "error writing log entry")
+ }
+ return nil
+}
+
+func marshalMessage(msg *logger.Message, extra json.RawMessage, buf *bytes.Buffer) error {
timestamp, err := jsonlog.FastTimeMarshalJSON(msg.Timestamp)
if err != nil {
return err
}
- l.mu.Lock()
- logline := msg.Line
+ logLine := msg.Line
if !msg.Partial {
- logline = append(msg.Line, '\n')
+ logLine = append(msg.Line, '\n')
}
err = (&jsonlog.JSONLogs{
- Log: logline,
+ Log: logLine,
Stream: msg.Source,
Created: timestamp,
- RawAttrs: l.extra,
- }).MarshalJSONBuf(l.buf)
+ RawAttrs: extra,
+ }).MarshalJSONBuf(buf)
if err != nil {
- l.mu.Unlock()
- return err
+ return errors.Wrap(err, "error writing log message to buffer")
}
-
- l.buf.WriteByte('\n')
- _, err = l.writer.Write(l.buf.Bytes())
- l.buf.Reset()
- l.mu.Unlock()
-
- return err
+ err = buf.WriteByte('\n')
+ return errors.Wrap(err, "error finalizing log buffer")
}
// ValidateLogOpt looks for json specific log options max-file & max-size.
diff --git a/daemon/logger/jsonfilelog/read.go b/daemon/logger/jsonfilelog/read.go
index 30d533f..25cd1f7 100644
--- a/daemon/logger/jsonfilelog/read.go
+++ b/daemon/logger/jsonfilelog/read.go
@@ -3,7 +3,6 @@
import (
"bytes"
"encoding/json"
- "errors"
"fmt"
"io"
"os"
@@ -18,6 +17,7 @@
"github.com/docker/docker/pkg/ioutils"
"github.com/docker/docker/pkg/jsonlog"
"github.com/docker/docker/pkg/tailfile"
+ "github.com/pkg/errors"
)
const maxJSONDecodeRetry = 20000
@@ -48,10 +48,11 @@
func (l *JSONFileLogger) readLogs(logWatcher *logger.LogWatcher, config logger.ReadConfig) {
defer close(logWatcher.Msg)
- // lock so the read stream doesn't get corrupted due to rotations or other log data written while we read
+ // lock so the read stream doesn't get corrupted due to rotations or other log data written while we open these files
// This will block writes!!!
- l.mu.Lock()
+ l.mu.RLock()
+ // TODO it would be nice to move a lot of this reader implementation to the rotate logger object
pth := l.writer.LogPath()
var files []io.ReadSeeker
for i := l.writer.MaxFiles(); i > 1; i-- {
@@ -59,25 +60,36 @@
if err != nil {
if !os.IsNotExist(err) {
logWatcher.Err <- err
- break
+ l.mu.RUnlock()
+ return
}
continue
}
defer f.Close()
-
files = append(files, f)
}
latestFile, err := os.Open(pth)
if err != nil {
- logWatcher.Err <- err
- l.mu.Unlock()
+ logWatcher.Err <- errors.Wrap(err, "error opening latest log file")
+ l.mu.RUnlock()
return
}
defer latestFile.Close()
+ latestChunk, err := newSectionReader(latestFile)
+
+ // Now we have the reader sectioned, all fd's opened, we can unlock.
+ // New writes/rotates will not affect seeking through these files
+ l.mu.RUnlock()
+
+ if err != nil {
+ logWatcher.Err <- err
+ return
+ }
+
if config.Tail != 0 {
- tailer := ioutils.MultiReadSeeker(append(files, latestFile)...)
+ tailer := ioutils.MultiReadSeeker(append(files, latestChunk)...)
tailFile(tailer, logWatcher, config.Tail, config.Since)
}
@@ -88,29 +100,32 @@
}
}
- if !config.Follow {
- if err := latestFile.Close(); err != nil {
- logrus.Errorf("Error closing file: %v", err)
- }
- l.mu.Unlock()
+ if !config.Follow || l.closed {
return
}
- if config.Tail >= 0 {
- latestFile.Seek(0, os.SEEK_END)
- }
+ notifyRotate := l.writer.NotifyRotate()
+ defer l.writer.NotifyRotateEvict(notifyRotate)
+ l.mu.Lock()
l.readers[logWatcher] = struct{}{}
l.mu.Unlock()
- notifyRotate := l.writer.NotifyRotate()
followLogs(latestFile, logWatcher, notifyRotate, config.Since)
l.mu.Lock()
delete(l.readers, logWatcher)
l.mu.Unlock()
+}
- l.writer.NotifyRotateEvict(notifyRotate)
+func newSectionReader(f *os.File) (*io.SectionReader, error) {
+ // seek to the end to get the size
+ // we'll leave this at the end of the file since section reader does not advance the reader
+ size, err := f.Seek(0, os.SEEK_END)
+ if err != nil {
+ return nil, errors.Wrap(err, "error getting current file size")
+ }
+ return io.NewSectionReader(f, 0, size), nil
}
func tailFile(f io.ReadSeeker, logWatcher *logger.LogWatcher, tail int, since time.Time) {
diff --git a/docs/extend/legacy_plugins.md b/docs/extend/legacy_plugins.md
index 901a40a..d838561 100644
--- a/docs/extend/legacy_plugins.md
+++ b/docs/extend/legacy_plugins.md
@@ -87,7 +87,8 @@
Plugin | Description
------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- [Twistlock AuthZ Broker](https://github.com/twistlock/authz) | A basic extendable authorization plugin that runs directly on the host or inside a container. This plugin allows you to define user policies that it evaluates during authorization. Basic authorization is provided if Docker daemon is started with the --tlsverify flag (username is extracted from the certificate common name).
+[Casbin AuthZ Plugin](https://github.com/casbin/casbin-authz-plugin) | An authorization plugin based on [Casbin](https://github.com/casbin/casbin), which supports access control models like ACL, RBAC, ABAC. The access control model can be customized. The policy can be persisted into file or DB.
+[Twistlock AuthZ Broker](https://github.com/twistlock/authz) | A basic extendable authorization plugin that runs directly on the host or inside a container. This plugin allows you to define user policies that it evaluates during authorization. Basic authorization is provided if Docker daemon is started with the --tlsverify flag (username is extracted from the certificate common name).
## Troubleshooting a plugin
diff --git a/hack/dockerfile/binaries-commits b/hack/dockerfile/binaries-commits
index 8547b45..d50df12 100755
--- a/hack/dockerfile/binaries-commits
+++ b/hack/dockerfile/binaries-commits
@@ -4,7 +4,7 @@
# When updating RUNC_COMMIT, also update runc in vendor.conf accordingly
RUNC_COMMIT=54296cf40ad8143b62dbcaa1d90e520a2136ddfe
-CONTAINERD_COMMIT=4ab9917febca54791c5f071a9d1f404867857fcc
+CONTAINERD_COMMIT=6c463891b1ad274d505ae3bb738e530d1df2b3c7
TINI_COMMIT=949e6facb77383876aeff8a6944dde66b3089574
LIBNETWORK_COMMIT=0f534354b813003a754606689722fe253101bc4e
VNDR_COMMIT=f56bd4504b4fad07a357913687fb652ee54bb3b0
diff --git a/vendor.conf b/vendor.conf
index 399b6e6..e217220 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -97,7 +97,7 @@
github.com/docker/docker-credential-helpers f72c04f1d8e71959a6d103f808c50ccbad79b9fd
# containerd
-github.com/docker/containerd 4ab9917febca54791c5f071a9d1f404867857fcc
+github.com/docker/containerd 6c463891b1ad274d505ae3bb738e530d1df2b3c7
github.com/tonistiigi/fifo 1405643975692217d6720f8b54aeee1bf2cd5cf4
# cluster