En

Docker官网普通更新(2017-11-02)

来源:Docker官网 发布日期:2017-11-02 阅读次数:310 评论:0

基本信息

发布日期:2017-11-02(官方当地时间)

更新类型:普通更新

更新版本:17.06.2-ee-5

感知时间:2019-12-05 19:41:37

风险等级:未知

情报贡献:TSRC

更新标题

Docker官网版本更新,17.06.2-ee-5版本发布

更新详情



Important notes about this release



Starting with Docker EE 17.06.2-ee-5, Ubuntu, SLES, RHEL packages are also available
for IBM Power using the ppc64le architecture.


Docker EE 17.06.2-ee-5 now enables the telemetry plugin
by default on all supported Linux distributions. For more details, including how to
opt out, see the documentation.



Client


Set APIVersion on the client, even when Ping fails docker/cli#546


Logging


Fix “raw” mode with the Splunk logging driver moby/moby#34520


Networking


Disable hostname lookup to speed up check if chain chain exists docker/libnetwork#1974
Handle cleanup DNS for attachable container to prevent leak in name resolution docker/libnetwork#1989


Packaging


Add telemetry plugin for all linux distributions
Fix install of docker-ee on RHEL7 s390x by removing dependency on container-selinux


Runtime


Automatically set may_detach_mounts=1 on startup moby/moby#34886
Fallback to use naive diff driver if enable CONFIG_OVERLAY_FS_REDIRECT_DIR moby/moby#34342
Set selinux label on local volumes from mounts API moby/moby#34684
Close pipe in overlay2 graphdriver moby/moby#34863
Relabel config files moby/moby#34732
Add support for Windows version filtering on pull of docker image moby/moby#35090


Swarm mode


Increase gRPC request timeout to 20 seconds for sending snapshots to prevent context deadline exceeded errors docker/swarmkit#2391
When a node is removed, delete all of its attachment tasks so networks used by those tasks can be removed docker/swarmkit#2414


Known issues


It’s recommended that users create overlay networks with /24 blocks (the default) of 256 IP addresses when networks are used by services created using VIP-based endpoint-mode (the default). This is because of limitations with Docker Swarm moby/moby#30820. Users should not work around this by increasing the IP block size. To work around this limitation, either use dnsrr endpoint-mode or use multiple smaller overlay networks.
Docker may experience IP exhaustion if many tasks are assigned to a single overlay network, for example if many services are attached to that network or because services on the network are scaled to many replicas. The problem may also manifest when tasks are rescheduled because of node failures. In case of node failure, Docker currently waits 24h to release overlay IP addresses. The problem can be diagnosed by looking for failed to allocate network IP for task messages in the Docker logs.
SELinux enablement is not supported for containers on IBM Z on RHEL because of missing Red Hat package.
If a container is spawned on node A, using the same IP of a container destroyed
on nodeB within 5 min from the time that it exit, the container on node A is
not reachable until one of these 2 conditions happens:



Container on A sends a packet out,
The timer that cleans the arp entry in the overlay namespace is triggered (around 5 minutes).


As a workaround, send at least a packet out from each container like
(ping, GARP, etc).

软件描述

Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的镜像中,然后发布到任何流行的 Linux或Windows 机器上,也可以实现虚拟化。容器是完全使用沙箱机制,相互之间不会有任何接口。 [1]

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入