In this method, the network was controlling the controller, and its
driver-registry. That really felt like two steps too far; let's just
move this method to the controller, so that it can stay, at least
_somewhat_ in control of its own, non-exported, properties.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When a network-create request does not specify any IPAM config, on
daemon restart the network needs to be restored with the previously
allocated subnet and gateway.
Those fields were copied from "ipamInfo" (state from the old network)
into "ipamConfig" (user-requested config).
Avoid that by checking for this situation in the IPAM allocation
function - if no subnet/gateway is specified, and there's a value
in "ipamInfo", use it.
Also eliminate some pointer shenanigans (so now my IDE can find the
assignment to Network.ipamInfo).
Signed-off-by: Rob Murray <rob.murray@docker.com>
These utilities are very handy to use in integration tests, too. Move
the package so it can be imported by them.
Signed-off-by: Cory Snider <csnider@mirantis.com>
These utilities are going to be needed elsewhere in the daemon to handle
netip values from API requests.
Signed-off-by: Cory Snider <csnider@mirantis.com>
Commit 380ded6 restored a now-unused endpoint count to the
store, so that when the daemon is downgraded it exists for
the old code to find.
But, on network deletion, the endpoint count was not loaded
from the store - so the delete code saw the wrong "index",
and logged a warning before deleting it anyway.
Use DeleteObject instead of DeleteObjectAtomic, so the old
index isn't checked.
Signed-off-by: Rob Murray <rob.murray@docker.com>
When running:
docker network create --ipv6 b46
docker run --rm -ti \
--network name=b46,driver-opt=com.docker.network.endpoint.sysctls=net.ipv6.conf.IFNAME.disable_ipv6=1 \
busybox
IPv6 is enabled in the container and the network, so an IPv6 address
will be allocated for the endpoint.
But, when the sysctl is applied, the IPv6 address will be removed
from the interface ... so, no unsolicited neighbour advertisement
should be (or can be) sent and, the endpoint should not be treated
as dual-stack when selecting a gateway endpoint and, if it is
selected as the gateway endpoint, setting up an IPv6 route via the
network will fail.
So, if the IPv6 address disappears after sysctls have been applied,
release the address and remove it from the endpoint's config.
Signed-off-by: Rob Murray <rob.murray@docker.com>
DNS is set up when the endpoint is joined to a network.
It was added in commit 4850c5f (Avoid duplicate entries in
/etc/hosts) then simplified in bcca214 (libnetwork: open-code
updating svc records) and seems to be related to setting up a
name on a swarm node that isn't running the container with the
endpoint.
But, all callers of Network.createEndpoint follow up with an
Endpoint.Join, which also sets up the DNS entry. Those callers are:
Network.createLoadBalancerSandbox
Network.CreateEndpoint
- called by Daemon.connectToNetwork
- called by Sandbox.setupDefaultGateway
- called by builder-net/executor.go: iface.init
None of them bail out before the Join for a Swarm case.
So, it looks like enough has changed that the createEndpoint code is
no longer needed (it predates the internal DNS server) ... remove it.
Signed-off-by: Rob Murray <rob.murray@docker.com>
On API v1.52 and newer, the GET /networks/{id} endpoint returns
statistics about the IPAM state for the subnets assigned to the network.
Signed-off-by: Cory Snider <csnider@mirantis.com>
Internally a network is represented by either a libnetwork.Network or a
swarmapi.Network. The daemon functions backing the API server map
these values to the Engine API network.Inspect type on demand. Since
they have to convert, the functions to get a list of networks have to
loop over the slice of Networks and append them to a slice of
network.Inspect values.
The function used to filter the list of networks by a user-supplied
predicate takes a []network.Inspect and returns a shorter slice.
Therefore the daemon functions backing the API server have to loop
through the list twice: once to convert, and again inside the
FilterNetworks function to delete networks from the slice which do not
match the filter predicate. Each time an item is deleted from a slice,
all items at higher indices need to be copied to lower indices in the
backing array to close the hole.
Replace FilterNetworks with a function that accepts a single
interface-valued network and returns a boolean. Amend libnetwork.Network
and write a thin adapter for swarmapi.Network so both implement the
aforementioned interface. The daemon functions can thus filter networks
before projecting the values into API structs, and can completely skip
over non-matching networks, which cuts down on a nontrivial amount of
copying.
Split the validation of the filter predicate from filter evaluation to
both make it more ergonomic to use inside loops, and to make invalid
states (a filter with an ill-formed predicate) unrepresentable.
Signed-off-by: Cory Snider <csnider@mirantis.com>
The IpamInfo.CopyTo function expected the caller to construct an
IpamInfo to copy to, but all callsites created an empty struct.
In addition, `CopyTo` would never return an error, so the error
return was redundant.
Replace it with a `Copy()` function, which makes it easier to
consume.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The IpamConf.CopyTo function expected the caller to construct an
IpamConf to copy to, but all callsites created an empty struct.
In addition, `CopyTo` would never return an error, so the error
return was redundant.
Replace it with a `Copy()` function, which makes it easier to
consume.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Define a type to help discovery, and update the signatures of
`ResolveName`, `Network.ResolveName`, and `Sandbox.ResolveName`
accordingly.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The stringid package is used in many places; while it's trivial
to implement a similar utility, let's just provide it as a utility
package in the client, removing the daemon-specific logic.
For integration tests, I opted to use the implementation in the
client, as those should not ideally not make assumptions about
the daemon implementation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
