762a73bf7f
There are currently problems with "swarm init" and "swarm join" when an
explicit --listen-addr flag is not provided. swarmkit defaults to
finding the IP address associated with the default route, and in cloud
setups this is often the wrong choice.
Introduce a notion of "advertised address", with the client flag
--advertise-addr, and the daemon flag --swarm-default-advertise-addr to
provide a default. The default listening address is now 0.0.0.0, but a
valid advertised address must be detected or specified.
If no explicit advertised address is specified, error out if there is
more than one usable candidate IP address on the system. This requires a
user to explicitly choose instead of letting swarmkit make the wrong
choice. For the purposes of this autodetection, we ignore certain
interfaces that are unlikely to be relevant (currently docker*).
The user is also required to choose a listen address on swarm init if
they specify an explicit advertise address that is a hostname or an IP
address that's not local to the system. This is a requirement for
overlay networking.
Also support specifying interface names to --listen-addr,
--advertise-addr, and the daemon flag --swarm-default-advertise-addr.
This will fail if the interface has multiple IP addresses (unless it has
a single IPv4 address and a single IPv6 address - then we resolve the
tie in favor of IPv4).
This change also exposes the node's externally-reachable address in
docker info, as requested by #24017.
Make corresponding API and CLI docs changes.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit a0ccd0d42f
)
Signed-off-by: Tibor Vass <tibor@docker.com>
283 lines
5.5 KiB
Go
283 lines
5.5 KiB
Go
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"path/filepath"
|
|
"sync"
|
|
"testing"
|
|
|
|
"github.com/docker/docker/cliconfig"
|
|
"github.com/docker/docker/pkg/reexec"
|
|
"github.com/docker/engine-api/types/swarm"
|
|
"github.com/go-check/check"
|
|
)
|
|
|
|
func Test(t *testing.T) {
|
|
reexec.Init() // This is required for external graphdriver tests
|
|
|
|
if !isLocalDaemon {
|
|
fmt.Println("INFO: Testing against a remote daemon")
|
|
} else {
|
|
fmt.Println("INFO: Testing against a local daemon")
|
|
}
|
|
|
|
check.TestingT(t)
|
|
}
|
|
|
|
func init() {
|
|
check.Suite(&DockerSuite{})
|
|
}
|
|
|
|
type DockerSuite struct {
|
|
}
|
|
|
|
func (s *DockerSuite) TearDownTest(c *check.C) {
|
|
unpauseAllContainers()
|
|
deleteAllContainers()
|
|
deleteAllImages()
|
|
deleteAllVolumes()
|
|
deleteAllNetworks()
|
|
}
|
|
|
|
func init() {
|
|
check.Suite(&DockerRegistrySuite{
|
|
ds: &DockerSuite{},
|
|
})
|
|
}
|
|
|
|
type DockerRegistrySuite struct {
|
|
ds *DockerSuite
|
|
reg *testRegistryV2
|
|
d *Daemon
|
|
}
|
|
|
|
func (s *DockerRegistrySuite) SetUpTest(c *check.C) {
|
|
testRequires(c, DaemonIsLinux, RegistryHosting)
|
|
s.reg = setupRegistry(c, false, "", "")
|
|
s.d = NewDaemon(c)
|
|
}
|
|
|
|
func (s *DockerRegistrySuite) TearDownTest(c *check.C) {
|
|
if s.reg != nil {
|
|
s.reg.Close()
|
|
}
|
|
if s.d != nil {
|
|
s.d.Stop()
|
|
}
|
|
s.ds.TearDownTest(c)
|
|
}
|
|
|
|
func init() {
|
|
check.Suite(&DockerSchema1RegistrySuite{
|
|
ds: &DockerSuite{},
|
|
})
|
|
}
|
|
|
|
type DockerSchema1RegistrySuite struct {
|
|
ds *DockerSuite
|
|
reg *testRegistryV2
|
|
d *Daemon
|
|
}
|
|
|
|
func (s *DockerSchema1RegistrySuite) SetUpTest(c *check.C) {
|
|
testRequires(c, DaemonIsLinux, RegistryHosting, NotArm64)
|
|
s.reg = setupRegistry(c, true, "", "")
|
|
s.d = NewDaemon(c)
|
|
}
|
|
|
|
func (s *DockerSchema1RegistrySuite) TearDownTest(c *check.C) {
|
|
if s.reg != nil {
|
|
s.reg.Close()
|
|
}
|
|
if s.d != nil {
|
|
s.d.Stop()
|
|
}
|
|
s.ds.TearDownTest(c)
|
|
}
|
|
|
|
func init() {
|
|
check.Suite(&DockerRegistryAuthHtpasswdSuite{
|
|
ds: &DockerSuite{},
|
|
})
|
|
}
|
|
|
|
type DockerRegistryAuthHtpasswdSuite struct {
|
|
ds *DockerSuite
|
|
reg *testRegistryV2
|
|
d *Daemon
|
|
}
|
|
|
|
func (s *DockerRegistryAuthHtpasswdSuite) SetUpTest(c *check.C) {
|
|
testRequires(c, DaemonIsLinux, RegistryHosting)
|
|
s.reg = setupRegistry(c, false, "htpasswd", "")
|
|
s.d = NewDaemon(c)
|
|
}
|
|
|
|
func (s *DockerRegistryAuthHtpasswdSuite) TearDownTest(c *check.C) {
|
|
if s.reg != nil {
|
|
out, err := s.d.Cmd("logout", privateRegistryURL)
|
|
c.Assert(err, check.IsNil, check.Commentf(out))
|
|
s.reg.Close()
|
|
}
|
|
if s.d != nil {
|
|
s.d.Stop()
|
|
}
|
|
s.ds.TearDownTest(c)
|
|
}
|
|
|
|
func init() {
|
|
check.Suite(&DockerRegistryAuthTokenSuite{
|
|
ds: &DockerSuite{},
|
|
})
|
|
}
|
|
|
|
type DockerRegistryAuthTokenSuite struct {
|
|
ds *DockerSuite
|
|
reg *testRegistryV2
|
|
d *Daemon
|
|
}
|
|
|
|
func (s *DockerRegistryAuthTokenSuite) SetUpTest(c *check.C) {
|
|
testRequires(c, DaemonIsLinux, RegistryHosting)
|
|
s.d = NewDaemon(c)
|
|
}
|
|
|
|
func (s *DockerRegistryAuthTokenSuite) TearDownTest(c *check.C) {
|
|
if s.reg != nil {
|
|
out, err := s.d.Cmd("logout", privateRegistryURL)
|
|
c.Assert(err, check.IsNil, check.Commentf(out))
|
|
s.reg.Close()
|
|
}
|
|
if s.d != nil {
|
|
s.d.Stop()
|
|
}
|
|
s.ds.TearDownTest(c)
|
|
}
|
|
|
|
func (s *DockerRegistryAuthTokenSuite) setupRegistryWithTokenService(c *check.C, tokenURL string) {
|
|
if s == nil {
|
|
c.Fatal("registry suite isn't initialized")
|
|
}
|
|
s.reg = setupRegistry(c, false, "token", tokenURL)
|
|
}
|
|
|
|
func init() {
|
|
check.Suite(&DockerDaemonSuite{
|
|
ds: &DockerSuite{},
|
|
})
|
|
}
|
|
|
|
type DockerDaemonSuite struct {
|
|
ds *DockerSuite
|
|
d *Daemon
|
|
}
|
|
|
|
func (s *DockerDaemonSuite) SetUpTest(c *check.C) {
|
|
testRequires(c, DaemonIsLinux)
|
|
s.d = NewDaemon(c)
|
|
}
|
|
|
|
func (s *DockerDaemonSuite) TearDownTest(c *check.C) {
|
|
testRequires(c, DaemonIsLinux)
|
|
if s.d != nil {
|
|
s.d.Stop()
|
|
}
|
|
s.ds.TearDownTest(c)
|
|
}
|
|
|
|
const defaultSwarmPort = 2477
|
|
|
|
func init() {
|
|
check.Suite(&DockerSwarmSuite{
|
|
ds: &DockerSuite{},
|
|
})
|
|
}
|
|
|
|
type DockerSwarmSuite struct {
|
|
ds *DockerSuite
|
|
daemons []*SwarmDaemon
|
|
daemonsLock sync.Mutex // protect access to daemons
|
|
portIndex int
|
|
}
|
|
|
|
func (s *DockerSwarmSuite) SetUpTest(c *check.C) {
|
|
testRequires(c, DaemonIsLinux)
|
|
}
|
|
|
|
func (s *DockerSwarmSuite) AddDaemon(c *check.C, joinSwarm, manager bool) *SwarmDaemon {
|
|
d := &SwarmDaemon{
|
|
Daemon: NewDaemon(c),
|
|
port: defaultSwarmPort + s.portIndex,
|
|
}
|
|
d.listenAddr = fmt.Sprintf("0.0.0.0:%d", d.port)
|
|
err := d.StartWithBusybox("--iptables=false", "--swarm-default-advertise-addr=lo") // avoid networking conflicts
|
|
c.Assert(err, check.IsNil)
|
|
|
|
if joinSwarm == true {
|
|
if len(s.daemons) > 0 {
|
|
tokens := s.daemons[0].joinTokens(c)
|
|
token := tokens.Worker
|
|
if manager {
|
|
token = tokens.Manager
|
|
}
|
|
c.Assert(d.Join(swarm.JoinRequest{
|
|
RemoteAddrs: []string{s.daemons[0].listenAddr},
|
|
JoinToken: token,
|
|
}), check.IsNil)
|
|
} else {
|
|
c.Assert(d.Init(swarm.InitRequest{}), check.IsNil)
|
|
}
|
|
}
|
|
|
|
s.portIndex++
|
|
s.daemonsLock.Lock()
|
|
s.daemons = append(s.daemons, d)
|
|
s.daemonsLock.Unlock()
|
|
|
|
return d
|
|
}
|
|
|
|
func (s *DockerSwarmSuite) TearDownTest(c *check.C) {
|
|
testRequires(c, DaemonIsLinux)
|
|
s.daemonsLock.Lock()
|
|
for _, d := range s.daemons {
|
|
d.Stop()
|
|
}
|
|
s.daemons = nil
|
|
s.daemonsLock.Unlock()
|
|
|
|
s.portIndex = 0
|
|
s.ds.TearDownTest(c)
|
|
}
|
|
|
|
func init() {
|
|
check.Suite(&DockerTrustSuite{
|
|
ds: &DockerSuite{},
|
|
})
|
|
}
|
|
|
|
type DockerTrustSuite struct {
|
|
ds *DockerSuite
|
|
reg *testRegistryV2
|
|
not *testNotary
|
|
}
|
|
|
|
func (s *DockerTrustSuite) SetUpTest(c *check.C) {
|
|
testRequires(c, RegistryHosting, NotaryServerHosting)
|
|
s.reg = setupRegistry(c, false, "", "")
|
|
s.not = setupNotary(c)
|
|
}
|
|
|
|
func (s *DockerTrustSuite) TearDownTest(c *check.C) {
|
|
if s.reg != nil {
|
|
s.reg.Close()
|
|
}
|
|
if s.not != nil {
|
|
s.not.Close()
|
|
}
|
|
|
|
// Remove trusted keys and metadata after test
|
|
os.RemoveAll(filepath.Join(cliconfig.ConfigDir(), "trust"))
|
|
s.ds.TearDownTest(c)
|
|
}
|