Commit graph

189 commits

Author SHA1 Message Date
Sebastiaan van Stijn
3b9f4395cf
libnetwork: remove InterfaceInfo interface
Use the only implementation (EndpointInterface) instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-20 19:08:21 +02:00
Albin Kerouanton
c22ec82477
libnet: Fix error capitalization
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-08-17 16:48:09 +02:00
Albin Kerouanton
42d34e40f9
libnet: Replace BadRequest with InvalidParameter
InvalidParameter is now compatible with errdefs.InvalidParameter. Thus,
these errors will now return a 400 status code instead of a 500.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-08-17 16:45:04 +02:00
Sebastiaan van Stijn
64c6f72988
libnetwork: remove Network interface
There's only one implementation; drop the interface and use the
concrete type instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-22 11:56:41 +02:00
Brian Goff
74da6a6363 Switch all logging to use containerd log pkg
This unifies our logging and allows us to propagate logging and trace
contexts together.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-06-24 00:23:44 +00:00
Cory Snider
befff0e13f libnetwork: remove more datastore scope plumbing
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-01-26 17:56:40 -05:00
Cory Snider
c71555f030 libnetwork: return concrete-typed *Endpoint
libnetwork.Endpoint is an interface with a single implementation.

https://github.com/golang/go/wiki/CodeReviewComments#interfaces

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-01-13 14:19:06 -05:00
Cory Snider
581f005aad libnetwork: don't embed mutex in endpoint
Embedded structs are part of the exported surface of a struct type.
Boxing a struct value into an interface value does not erase that;
any code could gain access to the embedded struct value with a simple
type assertion. The mutex is supposed to be a private implementation
detail, but *endpoint implements sync.Locker because the mutex is
embedded. Change the mutex to an unexported field so *endpoint no
longer spuriously implements the sync.Locker interface.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-01-13 14:19:06 -05:00
Cory Snider
0e91d2e0e9 libnetwork: return concrete-typed *Sandbox
Basically every exported method which takes a libnetwork.Sandbox
argument asserts that the value's concrete type is *sandbox. Passing any
other implementation of the interface is a runtime error! This interface
is a footgun, and clearly not necessary. Export and use the concrete
type instead.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-01-13 14:19:06 -05:00
Cory Snider
f96b9bf761 libnetwork: return concrete-typed *Controller
libnetwork.NetworkController is an interface with a single
implementation.

https://github.com/golang/go/wiki/CodeReviewComments#interfaces

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-01-13 14:09:37 -05:00
Cory Snider
ae09fe3da7 libnetwork: don't embed mutex in controller
Embedded structs are part of the exported surface of a struct type.
Boxing a struct value into an interface value does not erase that;
any code could gain access to the embedded struct value with a simple
type assertion. The mutex is supposed to be a private implementation
detail, but *controller implements sync.Locker because the mutex is
embedded.

    c, _ := libnetwork.New()
    c.(sync.Locker).Lock()

Change the mutex to an unexported field so *controller no longer
spuriously implements the sync.Locker interface.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-01-13 14:09:37 -05:00
Sebastiaan van Stijn
cd381aea56
libnetwork: fix empty-lines (revive)
libnetwork/etchosts/etchosts_test.go:167:54: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/osl/route_linux.go:185:74: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/osl/sandbox_linux_test.go:323:36: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/bitseq/sequence.go:412:48: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/datastore/datastore_test.go:67:46: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/datastore/mock_store.go:34:60: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/iptables/firewalld.go:202:44: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/iptables/firewalld_test.go:76:36: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/iptables/iptables.go:256:67: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/iptables/iptables.go:303:128: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/networkdb/cluster.go:183:72: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/ipams/null/null_test.go:44:38: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/drivers/macvlan/macvlan_store.go:45:52: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/ipam/allocator_test.go:1058:39: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/drivers/bridge/port_mapping.go:88:111: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/drivers/bridge/link.go:26:90: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/drivers/bridge/setup_ipv6_test.go:17:34: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/drivers/bridge/setup_ip_tables.go:392:4: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/drivers/bridge/bridge.go:804:50: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/drivers/overlay/ov_serf.go:183:29: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/drivers/overlay/ov_utils.go:81:64: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/drivers/overlay/peerdb.go:172:67: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/drivers/overlay/peerdb.go:209:67: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/drivers/overlay/peerdb.go:344:89: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/drivers/overlay/peerdb.go:436:63: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/drivers/overlay/overlay.go:183:36: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/drivers/overlay/encryption.go:69:28: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/drivers/overlay/ov_network.go:563:81: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/default_gateway.go:32:43: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/errors_test.go:9:40: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/service_common.go:184:64: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/endpoint.go:161:55: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/store.go:320:33: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/store_linux_test.go:11:38: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/sandbox.go:571:36: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/service_common.go:317:246: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/endpoint.go:550:17: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/sandbox_dns_unix.go:213:106: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/controller.go:676:85: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/agent.go:876:60: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/resolver.go:324:69: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/network.go:1153:92: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/network.go:1955:67: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/network.go:2235:9: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/libnetwork_internal_test.go:336:26: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/resolver_test.go:76:35: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/libnetwork_test.go:303:38: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/libnetwork_test.go:985:46: empty-lines: extra empty line at the end of a block (revive)
    libnetwork/ipam/allocator_test.go:1263:37: empty-lines: extra empty line at the start of a block (revive)
    libnetwork/errors_test.go:9:40: empty-lines: extra empty line at the end of a block (revive)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-26 19:21:58 +02:00
Sebastiaan van Stijn
4f08346686
fix formatting of "nolint" tags for go1.19
The correct formatting for machine-readable comments is;

    //<some alphanumeric identifier>:<options>[,<option>...][ // comment]

Which basically means:

- MUST NOT have a space before `<identifier>` (e.g. `nolint`)
- Identified MUST be alphanumeric
- MUST be followed by a colon
- MUST be followed by at least one `<option>`
- Optionally additional `<options>` (comma-separated)
- Optionally followed by a comment

Any other format will not be considered a machine-readable comment by `gofmt`,
and thus formatted as a regular comment. Note that this also means that a
`//nolint` (without anything after it) is considered invalid, same for `//#nosec`
(starts with a `#`).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-13 22:31:53 +02:00
Sebastiaan van Stijn
7b692a421b
libnetwork: remove more config bits related to external k/v stores
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-06 18:45:45 +01:00
Sebastiaan van Stijn
350e303c7f endpoint: remove redundant doUpdateHostsFile() function
The second (sandbox) argument was unused, and it was only
used in a single location, so we may as well inline the
check.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-09 22:38:34 +02:00
Brian Goff
4b981436fe Fixup libnetwork lint errors
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2021-06-01 23:48:32 +00:00
Brian Goff
a0a473125b Fix libnetwork imports
After moving libnetwork to this repo, we need to update all the import
paths for libnetwork to point to docker/docker/libnetwork instead of
docker/libnetwork.
This change implements that.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2021-06-01 21:51:23 +00:00
fanjiyun
a24e5f5fd4 reduce parameters for func JoinOptionPriority
Signed-off-by: fanjiyun <fan.jiyun@zte.com.cn>
2020-05-15 18:29:54 +08:00
Kamil Domański
c4fcd7059c etchosts: additionally include the container's IPv6 address if available
Signed-off-by: Kamil Domański <kamil@domanski.co>
2019-09-04 01:58:00 +02:00
Kamil Domański
226fde5cdd etchosts: allow adding multiple container ips
Signed-off-by: Kamil Domański <kamil@domanski.co>
2019-08-30 23:49:33 +02:00
Chris Telfer
ea2fa20859 Add endpoint load-balancing mode
This is the heart of the scalability change for services in libnetwork.
The present routing mesh adds load-balancing rules for a network to
every container connected to the network.  This newer approach creates a
load-balancing endpoint per network per node.  For every service on a
network, libnetwork assigns the VIP of the service to the endpoint's
interface as an alias.  This endpoint must have a unique IP address in
order to route return traffic to it.  Traffic destined for a service's
VIP arrives at the load-balancing endpoint on the VIP and from there,
Linux load balances it among backend destinations while SNATing said
traffic to the endpoint's unique IP address.

The net result of this scheme is that each node in a swarm need only
have one set of load balancing state per service instead of one per
container on the node.  This scheme is very similar to how services
currently operate on Windows nodes in libnetwork.  It (as with Windows
nodes) costs the use of extra IP addresses in a network (one per node)
and an extra network hop in the stack, although, always in the stack
local to the container.

In order to prevent existing deployments from suddenly failing if they
failed to allocate sufficient address space to include per-node
load-balancing endpoint IP addresses, this patch preserves the existing
functionality and activates the new functionality on a per-network
basis depending on whether the network has a load-balancing endpoint.
Eventually, moby should always set this option when creating new
networks and should only omit it for networks created as part of a swarm
that are not marked to use endpoint load balancing.

This patch also normalizes the code to treat "load" and "balancer"
as two separate words from the perspectives of variable/function naming.
This means that the 'b' in "balancer" must be capitalized.

Signed-off-by: Chris Telfer <ctelfer@docker.com>
2018-06-28 12:08:18 -04:00
Chris Telfer
c4d507b566 Remove non-service cluster info on sbLeave
The system should remove cluster service info including networkDB
entries and DNS entries for container endpoints that are not part of a
service as well as those that are part of a service.  This used to be
the normal sequence of operations but it moved to
sandbox.DisableService() in an effort to more gracefully handle endpoint
removal from a service (which proved insufficient).  Unfortunately
subsequent changes also removed the newly-mandetory call to
sandbox.DisableService() preventing proper cleanup for non-service
container endpoints.

Signed-off-by: Chris Telfer <ctelfer@docker.com>
2018-05-31 14:21:55 -04:00
Chris Telfer
147912afad Merge pull request #2132 from cziebuhr/2093-iface_order2
Improve interface order
2018-05-30 12:26:38 -04:00
Christoph Ziebuhr
40923e7353 Use ordered array instead of heap for sb.endpoints
Signed-off-by: Christoph Ziebuhr <chris@codefrickler.de>
2018-03-21 10:31:56 +01:00
Chris Telfer
7d7412f957 Gracefully remove LB endpoints from services
This patch attempts to allow endpoints to complete servicing connections
while being removed from a service.  The change adds a flag to the
endpoint.deleteServiceInfoFromCluster() method to indicate whether this
removal should fully remove connectivity through the load balancer
to the endpoint or should just disable directing further connections to
the endpoint.  If the flag is 'false', then the load balancer assigns
a weight of 0 to the endpoint but does not remove it as a linux load
balancing destination.  It does remove the endpoint as a docker load
balancing endpoint but tracks it in a special map of "disabled-but-not-
destroyed" load balancing endpoints.  This allows traffic to continue
flowing, at least under Linux.  If the flag is 'true', then the code
removes the endpoint entirely as a load balancing destination.

The sandbox.DisableService() method invokes deleteServiceInfoFromCluster()
with the flag sent to 'false', while the endpoint.sbLeave() method invokes
it with the flag set to 'true' to complete the removal on endpoint
finalization.  Renaming the endpoint invokes deleteServiceInfoFromCluster()
with the flag set to 'true' because renaming attempts to completely
remove and then re-add each endpoint service entry.

The controller.rmServiceBinding() method, which carries out the operation,
similarly gets a new flag for whether to fully remove the endpoint.  If
the flag is false, it does the job of moving the endpoint from the
load balancing set to the 'disabled' set.  It then removes or
de-weights the entry in the OS load balancing table via
network.rmLBBackend().  It removes the service entirely via said method
ONLY IF there are no more live or disabled load balancing endpoints.
Similarly network.addLBBackend() requires slight tweaking to properly
manage the disabled set.

Finally, this change requires propagating the status of disabled
service endpoints via the networkDB.  Accordingly, the patch includes
both code to generate and handle service update messages.  It also
augments the service structure with a ServiceDisabled boolean to convey
whether an endpoint should ultimately be removed or just disabled.
This, naturally, required a rebuild of the protocol buffer code as well.

Signed-off-by: Chris Telfer <ctelfer@docker.com>
2018-03-16 15:19:49 -04:00
abhi
5ab37a55a1 Delete service info from cluster when service is disabled
This PR contains a fix for moby/moby#30321. There was a moby/moby#31142
PR intending to fix the issue by adding a delay between disabling the
service in the cluster and the shutdown of the tasks. However
disabling the service was not deleting the service info in the cluster.
Added a fix to delete service info from cluster and verified using siege
to ensure there is zero downtime on rolling update of a service.

Signed-off-by: abhi <abhi@docker.com>
2018-01-09 13:53:00 -08:00
Pradip Dhara
a3c3a596dd PR feedback
Signed-off-by: Pradip Dhara <pradipd@microsoft.com>
2017-09-07 10:36:11 -07:00
Pradip Dhara
43360c627f Enabling ILB/ELB on windows using per-node, per-network LB endpoint.
Signed-off-by: Pradip Dhara <pradipd@microsoft.com>
2017-08-29 00:17:42 -07:00
Derek McGowan
710e0664c4 Update logrus to v1.0.1
Fix case sensitivity issue
Update docker and runc vendors

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2017-08-07 11:20:47 -07:00
Flavio Crisciani
39d2204896 Service discovery logic rework
changed the ipMap to SetMatrix to allow transient states
Compacted the addSvc and deleteSvc into a one single method
Updated the datastructure for backends to allow storing all the information needed
to cleanup properly during the cleanupServiceBindings
Removed the enable/disable Service logic that was racing with sbLeave/sbJoin logic
Add some debug logs to track further race conditions

Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
2017-06-11 20:49:29 -07:00
Alessandro Boch
25082206df Support configuration networks
- They are configuration-only networks which
  can be used to supply the configuration
  when creating regular networks.
- They do not get allocated and do net get plumbed.
  Drivers do not get to know about them.
- They can be removed, once no other network is
  using them.
- When user creates a network specifying a
  configuration network for the config, no
  other network specific configuration field
  is are accepted. User can only specify
  network operator fields (attachable, internal,...)
- They do not need to have a driver field, that
  field gets actually reset upon creation.

Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-05-11 11:37:18 -07:00
Alessandro Boch
b4e5078bd5 Make sure sbJoin programming rollback happens on each error
Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-04-17 10:58:14 -07:00
Alessandro Boch
23b43b1557 Remove gw endpoint on gw nw join failure
- Currently if the join fails, the gw endpoint becomes
  stale and stays connected to the gw network.
- Also fix sbJoin to do the cleanup in case
  setupDefaultGW() fails

Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-04-11 17:48:46 -07:00
Alessandro Boch
ab0ac83e89 Merge pull request #1670 from timchenxiaoyu/endpointtypo
fix endpoint error
2017-04-10 13:52:27 -07:00
Madhu Venugopal
56ae6ff330 Merge pull request #1687 from aboch/rnm
Fix rename for containers on swarm network
2017-03-30 07:32:55 -07:00
Alessandro Boch
ed935930b5 Fix rename for containers on swarm network
Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-03-16 14:09:26 -07:00
Alessandro Boch
dce60f5afb Remove enpoint state from cluster on join failure
Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-03-15 16:44:47 -07:00
timchenxiaoyu
c679b071f0 fix endpoint error
Signed-off-by: timchenxiaoyu <837829664@qq.com>
2017-03-02 18:21:08 +08:00
Madhu Venugopal
b6540296b0 Revert "Enable ping for service vip address"
This reverts commit ddc74ffced.

Signed-off-by: Madhu Venugopal <madhu@docker.com>
2016-11-21 03:30:27 -08:00
Santhosh Manohar
27500b1e35 Separate service LB & SD from network plumbing
Signed-off-by: Santhosh Manohar <santhosh@docker.com>
2016-11-17 13:09:14 -08:00
Jana Radhakrishnan
f681e896ae Merge pull request #1531 from daehyeok/logrus_formating
Fix logrus formatting
2016-11-08 13:23:39 -08:00
Daehyeok Mun
7f473c779a Refactoring logrus import and formatting
This fix tries to fix logrus formatting by removing `f` from
`logrus.[Error|Warn|Debug|Fatal|Panic|Info]f` when formatting string
is not present.
Also fix import name to use original project name 'logrus' instead of
'log'

Signed-off-by: Daehyeok Mun <daehyeok@gmail.com>
2016-11-08 12:42:41 -07:00
Alessandro Boch
0d32a1924e Check subnet overlap when programming of sandbox interface
Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-11-08 11:22:38 -08:00
Alessandro Boch
c5ca82daf4 Merge pull request #1519 from sanimej/newlb
Add sandbox API for task insertion to service LB and service discovery
2016-11-03 13:31:46 -07:00
Jana Radhakrishnan
ea579a4d0e Merge pull request #1477 from allencloud/fix-nits-in-comments
fix nits in comments and log
2016-11-02 09:58:18 -07:00
Jana Radhakrishnan
b1e753137f Merge pull request #1501 from sanimej/vip
Enable ping for service vip address
2016-11-02 09:45:14 -07:00
allencloud
a1ed5b7be2 fix nits in comments and log
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-10-29 19:35:18 +08:00
Santhosh Manohar
ddc74ffced Enable ping for service vip address
Signed-off-by: Santhosh Manohar <santhosh@docker.com>
2016-10-27 12:36:41 -07:00
Jana Radhakrishnan
fd70adfac5 Merge pull request #1494 from aboch/sipt
Do not update hosts file with internal networks endpoint IP
2016-10-26 13:00:22 -07:00
Santhosh Manohar
a7e1718800 Add sandbox API for task insertion to service LB and service discovery
Signed-off-by: Santhosh Manohar <santhosh@docker.com>
2016-10-25 05:41:44 -07:00