diff --git a/hack/vendor.sh b/hack/vendor.sh index 6add2c4fcb..632dc1e77a 100755 --- a/hack/vendor.sh +++ b/hack/vendor.sh @@ -65,7 +65,7 @@ clone git github.com/RackSec/srslog 365bf33cd9acc21ae1c355209865f17228ca534e clone git github.com/imdario/mergo 0.2.1 #get libnetwork packages -clone git github.com/docker/libnetwork 9fc9609b49d79b8a90ca24e3a63f2a3c09f5e29b +clone git github.com/docker/libnetwork 7ba98d93bd24a04c4a096bf119e9791257631060 clone git github.com/docker/go-events afb2b9f2c23f33ada1a22b03651775fdc65a5089 clone git github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 clone git github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec @@ -139,7 +139,7 @@ clone git github.com/docker/docker-credential-helpers v0.3.0 clone git github.com/docker/containerd v0.2.4 # cluster -clone git github.com/docker/swarmkit a2abe794f7a1cfe0ed376fbc7c107ab3d6cf7705 +clone git github.com/docker/swarmkit e239bc901fd6f5c85b36904e89f1b64c8c0635f2 clone git github.com/golang/mock bd3c8e81be01eef76d4b503f5e687d2d1354d2d9 clone git github.com/gogo/protobuf 43a2e0b1c32252bfbbdf81f7faa7a88fb3fa4028 clone git github.com/cloudflare/cfssl b895b0549c0ff676f92cf09ba971ae02bb41367b diff --git a/vendor/src/github.com/docker/libnetwork/network.go b/vendor/src/github.com/docker/libnetwork/network.go index 2cd857a462..9f5a3088be 100644 --- a/vendor/src/github.com/docker/libnetwork/network.go +++ b/vendor/src/github.com/docker/libnetwork/network.go @@ -1054,6 +1054,12 @@ func delNameToIP(svcMap map[string][]net.IP, name string, epIP net.IP) { } func (n *network) addSvcRecords(name string, epIP net.IP, epIPv6 net.IP, ipMapUpdate bool) { + // Do not add service names for ingress network as this is a + // routing only network + if n.ingress { + return + } + c := n.getController() c.Lock() defer c.Unlock() @@ -1081,6 +1087,12 @@ func (n *network) addSvcRecords(name string, epIP net.IP, epIPv6 net.IP, ipMapUp } func (n *network) deleteSvcRecords(name string, epIP net.IP, epIPv6 net.IP, ipMapUpdate bool) { + // Do not delete service names from ingress network as this is a + // routing only network + if n.ingress { + return + } + c := n.getController() c.Lock() defer c.Unlock() diff --git a/vendor/src/github.com/docker/libnetwork/networkdb/cluster.go b/vendor/src/github.com/docker/libnetwork/networkdb/cluster.go index 37bb3536f4..fc6ac698d8 100644 --- a/vendor/src/github.com/docker/libnetwork/networkdb/cluster.go +++ b/vendor/src/github.com/docker/libnetwork/networkdb/cluster.go @@ -112,14 +112,20 @@ func (nDB *NetworkDB) clusterInit() error { nDB.networkBroadcasts = &memberlist.TransmitLimitedQueue{ NumNodes: func() int { - return len(nDB.nodes) + nDB.RLock() + num := len(nDB.nodes) + nDB.RUnlock() + return num }, RetransmitMult: config.RetransmitMult, } nDB.nodeBroadcasts = &memberlist.TransmitLimitedQueue{ NumNodes: func() int { - return len(nDB.nodes) + nDB.RLock() + num := len(nDB.nodes) + nDB.RUnlock() + return num }, RetransmitMult: config.RetransmitMult, } diff --git a/vendor/src/github.com/docker/swarmkit/manager/controlapi/service.go b/vendor/src/github.com/docker/swarmkit/manager/controlapi/service.go index e7bfe17283..0552a9faed 100644 --- a/vendor/src/github.com/docker/swarmkit/manager/controlapi/service.go +++ b/vendor/src/github.com/docker/swarmkit/manager/controlapi/service.go @@ -161,6 +161,24 @@ func validateEndpointSpec(epSpec *api.EndpointSpec) error { return nil } +func (s *Server) validateNetworks(networks []*api.ServiceSpec_NetworkAttachmentConfig) error { + for _, na := range networks { + var network *api.Network + s.store.View(func(tx store.ReadTx) { + network = store.FindNetwork(tx, na.Target) + }) + if network == nil { + continue + } + if _, ok := network.Spec.Annotations.Labels["com.docker.swarm.internal"]; ok { + return grpc.Errorf(codes.InvalidArgument, + "Service cannot be explicitly attached to %q network which is a swarm internal network", + network.Spec.Annotations.Name) + } + } + return nil +} + func validateServiceSpec(spec *api.ServiceSpec) error { if spec == nil { return grpc.Errorf(codes.InvalidArgument, errInvalidArgument.Error()) @@ -247,6 +265,10 @@ func (s *Server) CreateService(ctx context.Context, request *api.CreateServiceRe return nil, err } + if err := s.validateNetworks(request.Spec.Networks); err != nil { + return nil, err + } + if err := s.checkPortConflicts(request.Spec, ""); err != nil { return nil, err } diff --git a/vendor/src/github.com/docker/swarmkit/manager/state/store/networks.go b/vendor/src/github.com/docker/swarmkit/manager/state/store/networks.go index 74d65c4e07..547120c0d8 100644 --- a/vendor/src/github.com/docker/swarmkit/manager/state/store/networks.go +++ b/vendor/src/github.com/docker/swarmkit/manager/state/store/networks.go @@ -183,6 +183,22 @@ func FindNetworks(tx ReadTx, by By) ([]*api.Network, error) { return networkList, err } +// FindNetwork is a utility function which returns the first +// network for which the target string matches the ID, or +// the name or the ID prefix. +func FindNetwork(tx ReadTx, target string) *api.Network { + if n := GetNetwork(tx, target); n != nil { + return n + } + if list, err := FindNetworks(tx, ByName(target)); err == nil && len(list) == 1 { + return list[0] + } + if list, err := FindNetworks(tx, ByIDPrefix(target)); err == nil && len(list) == 1 { + return list[0] + } + return nil +} + type networkIndexerByID struct{} func (ni networkIndexerByID) FromArgs(args ...interface{}) ([]byte, error) {