moby: D4M 17.04.0-ce-rc2-mac6 (16165): Volume labels no longer accepted in stack file

Description Docker stack deploy throws errors when encountering volume labels. This error surfaced when I upgraded to 17.04.0-ce-rc2-mac6 (16165). Rolling back to stable fixes the problem. I’ve opened this issue in the D4M project, and they diagnosed it as a docker/docker issue.

docker stack deploy --with-registry-auth -c docker-compose.yml my_app
1 error(s) decoding:
invalid spec: /var/run/docker.sock:/var/run/docker.sock:z: unknown option: z

The previous version of Beta worked, as does the current version of Stable. Version 17.03.1-ce-mac5 (16048) Channel: stable b18e2a50cc

Documentation still shows volume labels as a supported feature: https://docs.docker.com/engine/tutorials/dockervolumes/#volume-labels

Steps to reproduce the issue: The following docker command should be able to launch a stack with volumes that have volume labels

docker stack deploy -c docker-compose.yml my_app e.g.

services:
  # Docker Swarm visualizer
  # See https://docs.docker.com/engine/tutorials/dockervolumes/#volume-labels for info on the ":z"
  viz:
    image: manomarks/visualizer
    ports:
      - 8081:8080
    networks:
      - jenkins-net
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:z
    deploy:
      placement:
        constraints: [node.role==manager]

Describe the results you received: 1 error(s) decoding:

invalid spec: /var/run/docker.sock:/var/run/docker.sock:z: unknown option: z

Describe the results you expected: A successfully deployed stack

Additional information you deem important (e.g. issue happens only occasionally):

Issue raised in 2 other forums, I was directed to raise the issue here: https://github.com/docker/editions/issues/1006 https://github.com/docker/for-mac/issues/1519

Output of docker version:

Client:
 Version:      17.04.0-ce
 API version:  1.28
 Go version:   go1.7.5
 Git commit:   4845c56
 Built:        Wed Apr  5 06:06:36 2017
 OS/Arch:      darwin/amd64

Server:
 Version:      17.04.0-ce
 API version:  1.28 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   4845c56
 Built:        Tue Apr  4 00:37:25 2017
 OS/Arch:      linux/amd64
 Experimental: true

Output of docker info:

Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 17.04.0-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host ipvlan macvlan null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary:
containerd version: 422e31ce907fd9c3833a38d7b8fdd023e5a76e73
runc version: 9c2d8d184e5da67c95d601382adf14862e4f2228
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.9.19-moby
Operating System: Alpine Linux v3.5
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 1.952GiB
Name: moby
ID: 2OCU:DGH2:6HS3:YPAB:LUEB:MZ7S:FUYZ:SVI6:R2FE:Z4EY:5LWQ:7VCR
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 16
 Goroutines: 26
 System Time: 2017-04-12T22:26:58.076470584Z
 EventsListeners: 1
No Proxy: *.local, 169.254/16
Registry: https://index.docker.io/v1/
Experimental: true
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

briandonaldson@Br

Additional environment details (AWS, VirtualBox, physical, etc.): OSX 10.12.4, Macbook Pro 15"

About this issue

  • Original URL
  • State: open
  • Created 7 years ago
  • Comments: 18 (11 by maintainers)

Most upvoted comments

Oh yes, you are right. We don’t support selinux relabeling in swarm mode.

+4
cpuguy83 on Apr 13, 2017

@stevvooe It was a conscious decision to not support these at the time because it actually modifies the host path.

+3
cpuguy83 on May 11, 2017

For config, use swarm configs: https://docs.docker.com/engine/swarm/configs/

For logs; make sure the container sends logs to stdout/stderr, so that they’re captured by docker’s logging drivers

+2
thaJeztah on Jan 28, 2021

@thaJeztah What is the best practice for larger non-config mounts (such as the TSDB for prometheus?) I generally prefer bind mounts to volumes due to the simplicity of working with them but it seems like it will be necessary to switch to a volume when working with persistent storage in docker swarm services.

@cpuguy83 Can you elaborate on the background of the decision not to support SELinux tags in services?

+1
ducttapecoder-vt on Mar 1, 2021

I recently updated my D4M and noticed the “invalid spec” error again.

$ docker version
Client:
 Version:      17.06.0-ce
 API version:  1.26 (downgraded from 1.30)
 Go version:   go1.8.3
 Git commit:   02c1d87
 Built:        Fri Jun 23 21:31:53 2017
 OS/Arch:      darwin/amd64
+1
briantd on Jun 30, 2017
Read more comments on GitHub
← moby: curl fails inside container on https connection
moby: Daemon can't be started after swarm certificates expire →