From 571af915d59d2fa68eb10cf0ec3cf9cd85b1eef2 Mon Sep 17 00:00:00 2001 From: Rob Murray Date: Thu, 8 Feb 2024 17:40:54 +0000 Subject: [PATCH] Don't enforce new validation rules for existing networks Non-swarm networks created before network-creation-time validation was added in 25.0.0 continued working, because the checks are not re-run. But, swarm creates networks when needed (with 'agent=true'), to ensure they exist on each agent - ignoring the NetworkNameError that says the network already existed. By ignoring validation errors on creation of a network with agent=true, pre-existing swarm networks with IPAM config that would fail the new checks will continue to work too. New swarm (overlay) networks are still validated, because they are initially created with 'agent=false'. Signed-off-by: Rob Murray --- daemon/network.go | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/daemon/network.go b/daemon/network.go index d2d9dd27fc..9fcf6b1fd6 100644 --- a/daemon/network.go +++ b/daemon/network.go @@ -332,7 +332,27 @@ func (daemon *Daemon) createNetwork(cfg *config.Config, create types.NetworkCrea } if err := network.ValidateIPAM(create.IPAM, create.EnableIPv6); err != nil { - return nil, errdefs.InvalidParameter(err) + if agent { + // This function is called with agent=false for all networks. For swarm-scoped + // networks, the configuration is validated but ManagerRedirectError is returned + // and the network is not created. Then, each time a swarm-scoped network is + // needed, this function is called again with agent=true. + // + // Non-swarm networks created before ValidateIPAM was introduced continue to work + // as they did before-upgrade, even if they would fail the new checks on creation + // (for example, by having host-bits set in their subnet). Those networks are not + // seen again here. + // + // By dropping errors for agent networks, existing swarm-scoped networks also + // continue to behave as they did before upgrade - but new networks are still + // validated. + log.G(context.TODO()).WithFields(log.Fields{ + "error": err, + "network": create.Name, + }).Warn("Continuing with validation errors in agent IPAM") + } else { + return nil, errdefs.InvalidParameter(err) + } } if create.IPAM != nil {