Commit graph

47112 commits

Author SHA1 Message Date
Sebastiaan van Stijn
94dc10378d
libnetwork: network.requestPoolHelper: slightly optimize order of checks
Check the preferredPool first, as other checks could be doing more
(such as locking, or validating / parsing). Also adding a note, as
it's unclear why we're ignoring invalid pools here.

The "invalid" conditions was added in [libnetwork#1095][1], which
moved code to reduce os-specific dependencies in the ipam package,
but also introduced a types.IsIPNetValid() function, which considers
"0.0.0.0/0" invalid, and added it to the condition to return early.

Unfortunately review does not mention this change, so there's no
context why. Possibly this was done to prevent errors further down
the line (when checking for overlaps), but returning an error here
instead would likely have avoided that as well, so we can only guess.

To make this code slightly more transparent, this patch also inlines
the "types.IsIPNetValid" function, as it's not used anywhere else,
and inlining it makes it more visible.

[1]: 5ca79d6b87 (diff-bdcd879439d041827d334846f9aba01de6e3683ed8fdd01e63917dae6df23846)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:57:24 +02:00
Sebastiaan van Stijn
67e2c1d482
libnetwork: network.requestPoolHelper: remove dead code
This code was only run if no preferred pool was specified, however,
since [libnetwork#1162][2], the function would already return early
if a preferred pools was set (and the overlap check to be skipped),
so this was now just dead code.

[2]: 9cc3385f44

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:57:24 +02:00
Sebastiaan van Stijn
ad68883c5a
libnetwork: network.requestPoolHelper: don't defer in a loop
This function intentionally holds a lock / lease on address-pools to
prevent trying the same pool repeatedly.

Let's try to make this logic slightly more transparent, and prevent
defining defers in a loop. Releasing all the pools in a singe defer
also allows us to get the network-name once, which prevents locking
and unlocking the network for each iteration.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:57:24 +02:00
Sebastiaan van Stijn
32fcde6d9e
libnetwork: network.IpamConfig, network.IpamInfo: name output vars
Both functions have multiple output vars with generic types, which made
it hard to grasp what's what.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:57:24 +02:00
Sebastiaan van Stijn
df03357d19
libnetwork/ipam: move PoolID.FromString() to a PoolIDFromString() func
This makes it easier to consume, without first having to create an empty
PoolID.

Performance is the same:

    BenchmarkPoolIDFromString-10   6100345   196.5 ns/op  112 B/op   3 allocs/op
    BenchmarkPoolIDFromString-10   6252750   192.0 ns/op  112 B/op   3 allocs/op

Note that I opted not to change the return-type to a pointer, as that seems
to perform less;

    BenchmarkPoolIDFromString-10   6252750   192.0 ns/op  112 B/op   3 allocs/op
    BenchmarkPoolIDFromString-10   5288682   226.6 ns/op  192 B/op   4 allocs/op

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:57:24 +02:00
Sebastiaan van Stijn
808fed550d
libnetwork/ipam: PoolID.String(): don't use fmt.Sprintf
As this function may be called repeatedly to convert to/from a string,
it may be worth optimizing it a bit. Adding a minimal Benchmark for
it as well.

Before/after:

    BenchmarkPoolIDToString-10   2842830   424.3 ns/op   232 B/op  12 allocs/op
    BenchmarkPoolIDToString-10   7176738   166.8 ns/op   112 B/op   7 allocs/op

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:57:24 +02:00
Sebastiaan van Stijn
87fc8c772b
libnetwork/ipam: Allocator.RequestPool: name args, output vars
network.requestPoolHelper and Allocator.RequestPool have many args and
output vars with generic types. Add names for them to make it easier to
grasp what's what.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:57:20 +02:00
Sebastiaan van Stijn
6dbc9c1c53
libnetwork/ipam: Allocator.RequestPool: mark options arg as unused
The options are unused, other than for debug-logging, which made it look
as if they were actually consumed anywhere, but they aren't.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:56:24 +02:00
Sebastiaan van Stijn
7047964bd6
libnetwork/ipam: Allocator.RequestPool: make parseErr only handle errors
This makes it slightly more readable to see what's returned in each of
the code-paths. Also move validation of pool/subpool earlier in the
function.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:56:24 +02:00
Sebastiaan van Stijn
821ef5cbaf
libnetwork/ipams/null: use consts for fixed values
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:56:22 +02:00
Sebastiaan van Stijn
05ef5559c3
pkg/plugins: override timeouts during tests
Some tests were testing non-existing plugins, but therefore triggered
the retry-loop, which times out after 15-30 seconds. Add some options
to allow overriding this timeout during tests.

Before:

    go test -v -run '^(TestGet|TestNewClientWithTimeout)$'
    === RUN   TestGet
    === RUN   TestGet/success
    === RUN   TestGet/not_implemented
    === RUN   TestGet/not_exists
    WARN[0000] Unable to locate plugin: vegetable, retrying in 1s
    WARN[0001] Unable to locate plugin: vegetable, retrying in 2s
    WARN[0003] Unable to locate plugin: vegetable, retrying in 4s
    WARN[0007] Unable to locate plugin: vegetable, retrying in 8s
    --- PASS: TestGet (15.02s)
        --- PASS: TestGet/success (0.00s)
        --- PASS: TestGet/not_implemented (0.00s)
        --- PASS: TestGet/not_exists (15.02s)
    === RUN   TestNewClientWithTimeout
        client_test.go:166: started remote plugin server listening on: http://127.0.0.1:36275
    WARN[0015] Unable to connect to plugin: 127.0.0.1:36275/Test.Echo: Post "http://127.0.0.1:36275/Test.Echo": context deadline exceeded (Client.Timeout exceeded while awaiting headers), retrying in 1s
    WARN[0017] Unable to connect to plugin: 127.0.0.1:36275/Test.Echo: Post "http://127.0.0.1:36275/Test.Echo": context deadline exceeded (Client.Timeout exceeded while awaiting headers), retrying in 2s
    WARN[0019] Unable to connect to plugin: 127.0.0.1:36275/Test.Echo: Post "http://127.0.0.1:36275/Test.Echo": net/http: request canceled (Client.Timeout exceeded while awaiting headers), retrying in 4s
    WARN[0024] Unable to connect to plugin: 127.0.0.1:36275/Test.Echo: Post "http://127.0.0.1:36275/Test.Echo": net/http: request canceled (Client.Timeout exceeded while awaiting headers), retrying in 8s
    --- PASS: TestNewClientWithTimeout (17.64s)
    PASS
    ok  	github.com/docker/docker/pkg/plugins	32.664s

After:

    go test -v -run '^(TestGet|TestNewClientWithTimeout)$'
    === RUN   TestGet
    === RUN   TestGet/success
    === RUN   TestGet/not_implemented
    === RUN   TestGet/not_exists
    WARN[0000] Unable to locate plugin: this-plugin-does-not-exist, retrying in 1s
    --- PASS: TestGet (1.00s)
        --- PASS: TestGet/success (0.00s)
        --- PASS: TestGet/not_implemented (0.00s)
        --- PASS: TestGet/not_exists (1.00s)
    === RUN   TestNewClientWithTimeout
        client_test.go:167: started remote plugin server listening on: http://127.0.0.1:45973
    --- PASS: TestNewClientWithTimeout (0.04s)
    PASS
    ok  	github.com/docker/docker/pkg/plugins	1.050s

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 15:41:11 +02:00
Sebastiaan van Stijn
63d477b20e
Merge pull request #46039 from thaJeztah/cleanup_bridge
libnetwork/drivers/bridge: assorted cleanups
2023-08-08 14:06:50 +02:00
Sebastiaan van Stijn
f9cae2acbe
Merge pull request #46165 from akerouanton/remove-api-CheckDuplicate-warning
api: Remove duplicated check on CheckDuplicate
2023-08-08 13:42:17 +02:00
Paweł Gronowski
6841a53d17
hack/test: Don't fail-fast before integration-cli
If TEST_INTEGRATION_FAIL_FAST is not set, run the integration-cli tests
even if integration tests failed.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-08-08 13:29:54 +02:00
Sebastiaan van Stijn
4ab4330677
Merge pull request #46080 from thaJeztah/pkg_plugin_cleanup_STEP2
pkg/plugins: some cleaning up (step 2)
2023-08-08 12:28:16 +02:00
Sebastiaan van Stijn
2aa24519da
ibnetwork/drivers/bridge: newLink: validate before creating
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 11:50:40 +02:00
Sebastiaan van Stijn
5d722b35d9
libnetwork/drivers/bridge: bridgeNetwork.getEndpoint(): move lock
Don't lock if there's no need to.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 11:50:39 +02:00
Sebastiaan van Stijn
eba15fe905
libnetwork/drivers/bridge: driver.link: don't defer in a loop
Collect a list of all the links we successfully enabled (if any), and
use a single defer to disable them.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 11:50:39 +02:00
Sebastiaan van Stijn
76b736c242
libnetwork/drivers/bridge: driver.link: name return var for defer handling
Name the return variable to prevent accidental shadowing of the error,
which is used in defers.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 11:50:39 +02:00
Sebastiaan van Stijn
ea5f21ceac
libnetwork/drivers/bridge: don't convert IP to string and back again
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 11:50:39 +02:00
Sebastiaan van Stijn
8b6203b613
libnetwork/drivers/bridge: link.Enable: don't register reload on error
Only register a reload function if we actually managed to enable the link.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 11:50:34 +02:00
Sebastiaan van Stijn
0f4ba145ee
libnetwork/drivers/bridge: link.Enable, link.Disable use iptables.Action
The iptables package has types defined for these actions; use them directly
instead of creating a string only to convert it to a known value.

As the linkContainers() function is only used internally, and with fixed
values, we can also remove the validation, and InvalidIPTablesCfgError
error, which is now unused.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 11:47:31 +02:00
Sebastiaan van Stijn
f2be77a5ab
Merge pull request #46058 from thaJeztah/cleanup_buildSandboxOptions
daemon: cleanup Daemon.buildSandboxOptions
2023-08-08 11:38:24 +02:00
Albin Kerouanton
40adb4317b
api: Remove duplicated check on CheckDuplicate
Partially revert commit 94b880f.

The CheckDuplicate field has been introduced in commit 2ab94e1. At that
time, this check was done in the network router. It was then moved to
the daemon package in commit 3ca2982. However, commit 94b880f duplicated
the logic into the network router for no apparent reason. Finally,
commit ab18718 made sure a 409 would be returned instead of a 500.

As this logic is first done by the daemon, the error -> warning
conversion can't happen because CheckDuplicate has to be true for the
daemon package to return an error. If it's false, the daemon proceed
with the network creation, set the Warning field of its return value and
return no error.

Thus, the CheckDuplicate logic in the api is removed and
libnetwork.NetworkNameError now implements the ErrConflict interface.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-08-08 10:00:02 +02:00
Sebastiaan van Stijn
3e52785aae
volume/drivers: use plugin Content-Type headers v1.2
The MediaType was changed twice in;

- b3b7eb2723 ("application/vnd.docker.plugins.v1+json"   -> "application/vnd.docker.plugins.v1.1+json")
- 54587d861d ("application/vnd.docker.plugins.v1.1+json" -> "application/vnd.docker.plugins.v1.2+json")

But the (integration) tests were still using the old version, so let's
use the VersionMimeType const that's defined, and use the updated version.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-07 20:38:54 +02:00
Sebastiaan van Stijn
481dde8b70
libnetwork: use plugin Content-Type headers v1.2
The MediaType was changed twice in;

- b3b7eb2723 ("application/vnd.docker.plugins.v1+json"   -> "application/vnd.docker.plugins.v1.1+json")
- 54587d861d ("application/vnd.docker.plugins.v1.1+json" -> "application/vnd.docker.plugins.v1.2+json")

But the (integration) tests were still using the old version, so let's
use the VersionMimeType const that's defined, and use the updated version.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-07 20:38:54 +02:00
Sebastiaan van Stijn
93b5c31541
integration-cli: use plugin Content-Type headers v1.2
The MediaType was changed twice in;

- b3b7eb2723 ("application/vnd.docker.plugins.v1+json"   -> "application/vnd.docker.plugins.v1.1+json")
- 54587d861d ("application/vnd.docker.plugins.v1.1+json" -> "application/vnd.docker.plugins.v1.2+json")

But the (integration) tests were still using the old version, so let's
use the VersionMimeType const that's defined, and use the updated version.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-07 20:38:54 +02:00
Sebastiaan van Stijn
b663c7c5c3
pkg/plugins: add convenience alias for VersionMimeType
Add an alias in the pkg/plugins package.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-07 20:38:51 +02:00
Sebastiaan van Stijn
4b19b2f4ba
Merge pull request #46004 from elezar/add-cdi-spec-dirs-to-info
Add CDISpecDirs to Info output
2023-08-07 20:14:06 +02:00
Sebastiaan van Stijn
b32c7594a5
Merge pull request #46056 from thaJeztah/daemon_cleanup_assorted
daemon: assorted cleanups
2023-08-07 10:51:25 +02:00
Brian Goff
b1c112d35e
Merge pull request #46157 from vvoland/pkg-plugins-racy 2023-08-05 10:46:00 -07:00
Sebastiaan van Stijn
4f9540f19f
daemon: remove some intermediate vars and some cleanup
Remove some intermediate vars, move vars closer to where they're used,
and introduce local var for `nw.Name()` to reduce some locking/unlocking in:

- `Daemon.allocateNetwork()`
- `Daemon.releaseNetwork()`
- `Daemon.connectToNetwork()`
- `Daemon.disconnectFromNetwork()`
- `Daemon.findAndAttachNetwork()`

Also un-wrapping some lines to make it slightly easier to read the conditions.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-05 10:44:21 +02:00
Sebastiaan van Stijn
8153a7760e
daemon: Daemon.tryDetachContainerFromClusterNetwork: cleanup
- Remove intermediate variable
- Optimize the order of checks in the condition; check for unmanaged containers
  first, before getting information about cluster state and network information.
- Simplify the log messages, as the error would already contain the same
  information about the network (name or ID) and container (ID), so would
  print the network ID twice:

    error detaching from network <ID>: could not find network attachment for container <ID> to network <name or ID>

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-05 10:44:21 +02:00
Sebastiaan van Stijn
a018bb1da7
daemon: Daemon.initializeNetworking: remove var declaration
The function was declaring an err variable which was shadowed. It was
intended for directly assigning to a struct field, but as this function
is directly mutating an existing object, and the err variable was declared
far away from its use, let's use an intermediate var for that to make it
slightly more atomic.

While at it, also combined two "if" branches.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-05 10:44:21 +02:00
Sebastiaan van Stijn
12d8029d56
daemon: Daemon.getNetworkedContainer: remove intermediate var
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-05 10:44:21 +02:00
Sebastiaan van Stijn
d1aa1979b4
daemon: buildEndpointInfo: minor refactor
store network.Name() in a variable to reduce repeatedly locking/unlocking
of the network (although this is very, very minimal in the grand scheme
of things).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-05 10:43:45 +02:00
Evan Lezar
7a59913b1a Add CDISpecDirs to Info output
This change adds the configured CDI spec directories to the
system info output.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2023-08-04 11:46:34 +02:00
Paweł Gronowski
0034a98eb1
pkg/plugins: Guard storage and unparallel racy tests
These tests were made parallel to speed up the execution, but this
turned out to be flaky, because they mutate some shared state.

The tests use shared `storage` variable without any synchronization.
However, adding synchronization is not enough in all cases, some tests
register the same plugin, so they can't be run in parallel to each
other.

This commit adds the synchronization around `storage` variable
modification and removes parallel from the tests where it's not enough.

Before:
```
$ go test -race -v . -count 1
...
--- FAIL: TestGet (15.02s)
    --- FAIL: TestGet/not_implemented (0.00s)
        testing.go:1446: race detected during execution of test
    testing.go:1446: race detected during execution of test
FAIL
FAIL    github.com/docker/docker/pkg/plugins    17.655s
FAIL
```

After:
```
$ go test -race -v . -count 1
ok      github.com/docker/docker/pkg/plugins    32.702s
```

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-08-04 11:22:41 +02:00
Brian Goff
eb3ace962d
Merge pull request #46130 from vvoland/ci-mobybin-sha 2023-08-03 11:25:49 -07:00
Brian Goff
25be5c9cfc
Merge pull request #46133 from thaJeztah/client_cleanup 2023-08-03 09:38:22 -07:00
Sebastiaan van Stijn
01a9c5b70e
Merge pull request #46144 from akerouanton/verifyNetworkingConfig-unneeded-error-wrapping
daemon: Remove unneeded error wrapping in verifyNetworkingConfig
2023-08-03 12:54:39 +02:00
Evan Lezar
bbb9255562 Skip CDI driver registration if CDISpecDirs is empty
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2023-08-03 12:21:44 +02:00
Evan Lezar
3b71197fb8 Set default CDI spec dirs after parsing args
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2023-08-03 12:21:44 +02:00
Albin Kerouanton
f3e62199ea
daemon: Remove unneeded error wrapping in verifyNetworkingConfig
This function is called by `daemon.containerCreate()` which is already
wrapping errors coming from `verifyNetworkingConfig()` with
`errdefs.InvalidParameter()`. So `verifyNetworkingConfig()` should only
return standard errors.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-08-03 11:21:52 +02:00
Paweł Gronowski
d7a9f15775
bakefile: Remove default value of DOCKER_GITCOMMIT
"HEAD" will still be used as a version if no DOCKER_COMMIT is provided
(for example when not running via `make`), but it won't prevent it being
set to the GITHUB_SHA variable when it's present.

This should fix `Git commit` reported by `docker version` for the
binaries generated by `moby-bin`.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-08-03 10:23:05 +02:00
Sebastiaan van Stijn
f576f568a3
Merge pull request #46055 from thaJeztah/daemon_cleanup_buildCreateEndpointOptions
daemon: cleanup buildCreateEndpointOptions
2023-08-02 19:49:26 +02:00
Sebastiaan van Stijn
9249e0b3f8
Merge pull request #46143 from thaJeztah/nonderscore
docs/api: remove stray underscore in version-history.md
2023-08-02 16:34:52 +02:00
Sebastiaan van Stijn
2b028dc55b
daemon: Daemon.buildSandboxOptions: use range when looping
Makes the code slightly more readable.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-02 16:14:16 +02:00
Sebastiaan van Stijn
33b4285eb1
daemon: Daemon.buildSandboxOptions: don't use PortBinding.GetCopy()
This code was initializing a new PortBinding, and creating a deep copy
for each binding. It's unclear what the intent was here, but at least
PortBinding.GetCopy() wasn't adding much value, as it created a new
PortBinding, [copying all values from the original][1], which includes
a [copy of IPAddresses in it][2]. Our original "template" did not have any
of that, so let's forego that, and just create new PortBindings as we go.

[1]: 454b6a7cf5/libnetwork/types/types.go (L110-L120)
[2]: 454b6a7cf5/libnetwork/types/types.go (L236-L244)

Benchmarking before/after;

    BenchmarkPortBindingCopy-10    166752   6230 ns/op  1600 B/op  100 allocs/op
    BenchmarkPortBindingNoCopy-10  226989   5056 ns/op  1600 B/op  100 allocs/op

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-02 16:14:16 +02:00
Sebastiaan van Stijn
ddb3d46533
daemon: Daemon.buildSandboxOptions: remove intermediate vars
These were not adding much, so just getting rid of them. Also added a
TODO to move this code to the type.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-02 16:14:16 +02:00