- When invoked from docker, endpoint.Statistics() returns
the statistics of the host's interfaces.
Issue is tracked down to ioutil.ReadFile(). For some
reason even if invoked from inside the sandbox netns,
it ends up reading the stats file from the default netns,
when invoked from docker.
If same operation is run from inside a dedicated binary,
it works as expected.
- Replacing it with exec.Command("cat", <file>) solves the issue
Signed-off-by: Alessandro Boch <aboch@docker.com>
Currently container can join one endpoint when it is started.
More endpoints can be attached at a later point in time. But
when that happens this attachment should only have meaning
only as long as the container is alive. The attachment should
lose it's meaning when the container goes away. Cuurently there
is no way for the container management code to tell libnetwork
to detach the container from all attached endpoints. This PR
provides an additional API `LeaveAll` which adds this
functionality,
To facilitate this and make the sanbox lifecycle consistent
some slight changes have been made to the behavior of sandbox
management code. The sandbox is no longer destroyed when the
last endpoint is detached from the container. Instead the sandbox
ie kept alive and can only be destroyed with a `LeaveAll` call.
This gives better control of sandbox lifecycle by the container
management code and the sandbox doesn't get destroyed from under
the carpet while the container is still using it.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Add support to add/delete neighbor entries to
the sandbox. Both L3 and L2(fdb) neighbor table additions
are supported.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Calling GC() without ever creating a network namespace (sandbox on
Linux) will hang as the GC loop is not running (and therefore the
channel is not being listened to).
Tested via Docker that this corrects a daemon shutdown error if the
daemon is started and stopped without any containers or networks being
created while the daemon is up.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Added support to add a bridge the same way as any other
interface into the namespace. The only difference is linux
does not support creating the bridge in one namespace and
moving it into another namespace. So for a bridge the sandbox
code also does the creation of the bridge inside the sandbox.
Also added an optional argument to interface which can now
select one of the already existing interfaces as it's master.
For this option to succeed the master interface should be of type
bridge.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Currently sandbox code exposes bare structs
externally to the package. It is untenable
to continue this way and it becomes too
inflexible to use it to store internal state.
Changed all of them to use interfaces.
Also cleaned up a lot of boiler plate code
which needs to set into namespace.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Right now the namespace paths are cleaned up every
garbage collection period. But if the daemon is restarted
before all the namespace paths of removed containers are
garbage collected they will remain there forever. The fix
is to provide a GC() api so that garbage collection can be
triggered immediately.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Sandbox needs unset gateway methods to cleanup
gateway settings to enable smooth transition
of the sandbox between endpoints.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Without this they don't have the desired effect.
The default when creating these types of routes with ip route add is link - the old setting of universe was just wrong.
Signed-off-by: Tom Denham <tom.denham@metaswitch.com>
Instead of sleeping reworked the code to use recurring ticks.
Also cleaned up unnecessary defers.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Loopback interface was s not brought up when wemoved
to clone method of creating namespace. e. Adding it.
Also taking care of PR R comments.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
This PR attempts to work around bugs present in kernel
version 3.18-4.0.1 relating to namespace creation
and destruction. This fix attempts to avoid certain
systemmcalls to not get in the kkernel bug path as well
as lazily garbage collecting the name paths when they are removed.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
The networkNamespace will record all interfaces joined into this sandbox.
While RremoveInterface func does't remove the leaved interfaces.
Signed-off-by: junxu <xujun@cmss.chinamobile.com>
Currently the driver api allows the driver to specify the
full interface name for the interface inside the container.
This is not appropriate since the driver does not have the full
view of the sandbox to correcly allocate an unambiguous interface
name. Instead with this PR the driver will be allowed to specify
a prefix for the name and libnetwork and sandbox layers will
disambiguate it with an appropriate suffix.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
This is need to decouple types from netutils which has linux
dependencies. This way the client code which needs network types
can just pull in types package which makes client code platform
agnostic.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
It may happen that the application (docker) may exit ungracefully
exit without calling leaves on endpoint and may result in stale
namespace files. So if a sandbox is created with the same key
attempt to cleanup the file if it exists before creating the
sandbox.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Change namespace path to be /var/run/docker/netns since
/var/run/netns is being used by iproute2 and it is mounted
as MS_SHARED which causes some complications during integration.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
- Refactored the Join/Leave code so they are synchronized across multiple go-routines
- Added parallel test coverage to test mult-thread access to Join/Leave
- Updated sandbox code to revert back to caller namespace when removing interfaces
- Changed the netns path to /var/run/netns so the cleanup is simpler on machine
reboot scenario
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
container config.
- Added JoinOption processing for extra /etc/hosts record.
- Added support for updating /etc/hosts entries of other containers.
- Added sandbox support for adding a sandbox without the OS level create.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
- Removed sandbox key argument for CreateEndpoint.
- Refactored bridge driver code to remove sandbox key.
- Fixed bridge driver code for gaps in ipv6 behavior
observed during docker integration.
- Updated test code, readme code, README.md according
api change.
- Fixed some sandbox issues while testing docker ipv6
integration.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
- setGatewayIP() => programGateway() becsause it is
causing confusion with setGateway() and setGatewayIPv6()
Signed-off-by: Alessandro Boch <aboch@docker.com>
- Move SanboxInfo and Interface structures in sandbox package
(changed it to Info as per golint)
- Move UUID to new internal pkg types
- Updated .gitignore to ignore IDE project files
Signed-off-by: Alessandro Boch <aboch@docker.com>
