Two changes were missing:
- On allocation of bridge ip was not passing canonical subnet
- Canonical subnet has to be passed on ip release
as well, otherwise ipallocator will attempt
ip release from a non registered nw
Signed-off-by: Alessandro Boch <aboch@docker.com>
Set the hairpin mode using the sysfs interface which
looks like it is working all the way to the oldest
of RHEL6.6 kernels.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
When fixed-cidrv6 is used, the allocation and release must happen from
the appropriate network. Allocation is done properly in createendpoint,
but the DeleteEndpoint wasnt taking care of this case.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
In preparation for the new update of vishvananda/netlink package
we need to bringup the host veth interface manually.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Some parts of the bridge driver code needs to use a different kernel
api or use the already existing apis in slightly different ways to
make the bridge driver work in RHEL/Centos 6.6. This PR provides
those fixes.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
- Currently both network and host bits in the subnet are passed
when requesting an address from ipallocator.
The way ip allocator determines the first available
IP is tainted when caller passes the subnet host bits.
- Verified this patch applied to libnetwork vendored in docker
fixes the issue when starting the daemon.
- Fixes#287
Signed-off-by: Alessandro Boch <aboch@docker.com>
* When userland-proxy is disabled, enable hairpin mode on the host-side of the veth
* When userland-proxy is enabled, fix the iptable rules appropriately
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Currently store makes use of a static isReservedNetwork check to decide
if a network needs to be stored in the distributed store or not. But it
is better if the check is not static, but be determined based on the
capability of the driver that backs the network.
Hence introducing a new capability mechanism to the driver which it can
express its capability during registration. Making use of first such
capability : Scope. This can be expanded in the future for more such cases.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
* Removed network from being marshalled (it is part of the key anyways)
* Reworked the watch function to handle container-id on endpoints
* Included ContainerInfo to be marshalled which needs to be synchronized
* Resolved multiple race issues by introducing data locks
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Currently we craete container mac address completely
randomly. But we probably need to generate based on
IP so that the mac address stays the same for a given
IP.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
- lock network struct before accessing config in NetworkCreate
- reorganize locks so that we lock only what needed and when needed
- conflict method really belongs to networkConfig not bridgeNetwork
Signed-off-by: Alessandro Boch <aboch@docker.com>
Currently sandbox code exposes bare structs
externally to the package. It is untenable
to continue this way and it becomes too
inflexible to use it to store internal state.
Changed all of them to use interfaces.
Also cleaned up a lot of boiler plate code
which needs to set into namespace.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Currently GenerateIfaceName is defined in bridge.go
and it specifically tries to only generate an interface
name only with `veth` prefix. Make it generic so that it
can accept a prefix and length of random bytes. Also
move it to netutils since it is useful to generate various
kinds of interface names using it.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
- To also return the configured exposed ports, besides the
port bindings; as now libnetwork/endpoint.go endpoint setters
separate the exposed ports and port binding configs.
Docker daemon will take care of aggregating the two sources
for presentation.
Signed-off-by: Alessandro Boch <aboch@docker.com>
- Also unexporting configuration structures in bridge
- Changes in dnet/network.go to set bridge name = network name
Signed-off-by: Alessandro Boch <aboch@docker.com>
Currently the driver api allows the driver to specify the
full interface name for the interface inside the container.
This is not appropriate since the driver does not have the full
view of the sandbox to correcly allocate an unambiguous interface
name. Instead with this PR the driver will be allowed to specify
a prefix for the name and libnetwork and sandbox layers will
disambiguate it with an appropriate suffix.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
- Package types to define the interfaces libnetwork errors
may implement, so that caller can categorize them.
Signed-off-by: Alessandro Boch <aboch@docker.com>
This is need to decouple types from netutils which has linux
dependencies. This way the client code which needs network types
can just pull in types package which makes client code platform
agnostic.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Refactored the driver api so that is aligns well with the design
of endpoint lifecycle becoming decoupled from the container lifecycle.
Introduced go interfaces to obtain address information during CreateEndpoint.
Go interfaces are also used to get data from driver during join.
This sort of deisgn hides the libnetwork specific type details from drivers.
Another adjustment is to provide a list of interfaces during CreateEndpoint. The
goal of this is many-fold:
* To indicate to the driver that IP address has been assigned by some other
entity (like a user wanting to use their own static IP for an endpoint/container)
and asking the driver to honor this. Driver may reject this configuration
and return an error but it may not try to allocate an IP address and override
the passed one.
* To indicate to the driver that IP address has already been allocated once
for this endpoint by an instance of the same driver in some docker host
in the cluster and this is merely a notification about that endpoint and the
allocated resources.
* In case the list of interfaces is empty the driver is required to allocate and
assign IP addresses for this endpoint.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
In the present code, each driver package provides a `New()` method
which constructs a driver of its type, which is then registered with
the controller.
However, this is not suitable for the `drivers/remote` package, since
it does not provide a (singleton) driver, but a mechanism for drivers
to be added dynamically. As a result, the implementation is oddly
dual-purpose, and a spurious `"remote"` driver is added to the
controller's list of available drivers.
Instead, it is better to provide the registration callback to each
package and let it register its own driver or drivers. That way, the
singleton driver packages can construct one and register it, and the
remote package can hook the callback up with whatever the dynamic
driver mechanism turns out to be.
NB there are some method signature changes; in particular to
controller.New, which can return an error if the built-in driver
packages fail to initialise.
Signed-off-by: Michael Bridgen <mikeb@squaremobius.net>
This commits brings in a functionality for remote drivers to register
with LibNetwork. The Built-In remote driver is responsible for the
actual "remote" plugin to be made available.
Having such a mechanism makes libnetwork core not dependent on any
external plugin mechanism and also the Libnetwork NB apis are free of
Driver interface.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
