Merge pull request #8590 from jfrazelle/8307-iptables-d-restart-fix

On daemon shutdown iptables cleanup successfully
2014-11-03 18:29:51 -05:00 · 2014-11-03 18:29:51 -05:00 · b8ab729ae6
commit b8ab729ae6
parent a7dea37b78 e171eda998
3 changed files with 99 additions and 2 deletions
--- a/daemon/container.go
+++ b/daemon/container.go
@ -527,7 +527,9 @@ func (container *Container) ReleaseNetwork() {
 	}
 	eng := container.daemon.eng

-	eng.Job("release_interface", container.ID).Run()
+	job := eng.Job("release_interface", container.ID)
+	job.SetenvBool("overrideShutdown", true)
+	job.Run()
 	container.NetworkSettings = &NetworkSettings{}
 }

--- a/engine/job.go
+++ b/engine/job.go
@ -48,7 +48,7 @@ const (
 // If the job returns a failure status, an error is returned
 // which includes the status.
 func (job *Job) Run() error {
-	if job.Eng.IsShutdown() {
+	if job.Eng.IsShutdown() && !job.GetenvBool("overrideShutdown") {
 		return fmt.Errorf("engine is shutdown")
 	}
 	// FIXME: this is a temporary workaround to avoid Engine.Shutdown
--- a/integration-cli/docker_cli_daemon_test.go
+++ b/integration-cli/docker_cli_daemon_test.go
@ -128,3 +128,98 @@ func TestDaemonStartBridgeWithoutIPAssociation(t *testing.T) {

 	logDone("daemon - successful daemon start when bridge has no IP association")
 }
+
+func TestDaemonIptablesClean(t *testing.T) {
+	d := NewDaemon(t)
+	if err := d.StartWithBusybox(); err != nil {
+		t.Fatalf("Could not start daemon with busybox: %v", err)
+	}
+	defer d.Stop()
+
+	if out, err := d.Cmd("run", "-d", "--name", "top", "-p", "80", "busybox:latest", "top"); err != nil {
+		t.Fatalf("Could not run top: %s, %v", out, err)
+	}
+
+	// get output from iptables with container running
+	ipTablesSearchString := "tcp dpt:80"
+	ipTablesCmd := exec.Command("iptables", "-nvL")
+	out, _, err := runCommandWithOutput(ipTablesCmd)
+	if err != nil {
+		t.Fatalf("Could not run iptables -nvL: %s, %v", out, err)
+	}
+
+	if !strings.Contains(out, ipTablesSearchString) {
+		t.Fatalf("iptables output should have contained %q, but was %q", ipTablesSearchString, out)
+	}
+
+	if err := d.Stop(); err != nil {
+		t.Fatalf("Could not stop daemon: %v", err)
+	}
+
+	// get output from iptables after restart
+	ipTablesCmd = exec.Command("iptables", "-nvL")
+	out, _, err = runCommandWithOutput(ipTablesCmd)
+	if err != nil {
+		t.Fatalf("Could not run iptables -nvL: %s, %v", out, err)
+	}
+
+	if strings.Contains(out, ipTablesSearchString) {
+		t.Fatalf("iptables output should not have contained %q, but was %q", ipTablesSearchString, out)
+	}
+
+	deleteAllContainers()
+
+	logDone("run,iptables - iptables rules cleaned after daemon restart")
+}
+
+func TestDaemonIptablesCreate(t *testing.T) {
+	d := NewDaemon(t)
+	if err := d.StartWithBusybox(); err != nil {
+		t.Fatalf("Could not start daemon with busybox: %v", err)
+	}
+	defer d.Stop()
+
+	if out, err := d.Cmd("run", "-d", "--name", "top", "--restart=always", "-p", "80", "busybox:latest", "top"); err != nil {
+		t.Fatalf("Could not run top: %s, %v", out, err)
+	}
+
+	// get output from iptables with container running
+	ipTablesSearchString := "tcp dpt:80"
+	ipTablesCmd := exec.Command("iptables", "-nvL")
+	out, _, err := runCommandWithOutput(ipTablesCmd)
+	if err != nil {
+		t.Fatalf("Could not run iptables -nvL: %s, %v", out, err)
+	}
+
+	if !strings.Contains(out, ipTablesSearchString) {
+		t.Fatalf("iptables output should have contained %q, but was %q", ipTablesSearchString, out)
+	}
+
+	if err := d.Restart(); err != nil {
+		t.Fatalf("Could not restart daemon: %v", err)
+	}
+
+	// make sure the container is not running
+	runningOut, err := d.Cmd("inspect", "--format='{{.State.Running}}'", "top")
+	if err != nil {
+		t.Fatalf("Could not inspect on container: %s, %v", out, err)
+	}
+	if strings.TrimSpace(runningOut) != "true" {
+		t.Fatalf("Container should have been restarted after daemon restart. Status running should have been true but was: %q", strings.TrimSpace(runningOut))
+	}
+
+	// get output from iptables after restart
+	ipTablesCmd = exec.Command("iptables", "-nvL")
+	out, _, err = runCommandWithOutput(ipTablesCmd)
+	if err != nil {
+		t.Fatalf("Could not run iptables -nvL: %s, %v", out, err)
+	}
+
+	if !strings.Contains(out, ipTablesSearchString) {
+		t.Fatalf("iptables output after restart should have contained %q, but was %q", ipTablesSearchString, out)
+	}
+
+	deleteAllContainers()
+
+	logDone("run,iptables - iptables rules for always restarted container created after daemon restart")
+}