2016-04-13 20:53:41 -04:00
|
|
|
package libnetwork
|
|
|
|
|
2016-05-25 01:46:18 -04:00
|
|
|
import (
|
2016-06-24 19:37:14 -04:00
|
|
|
"fmt"
|
2016-05-25 01:46:18 -04:00
|
|
|
"net"
|
|
|
|
"sync"
|
2017-06-06 19:04:50 -04:00
|
|
|
|
2021-04-05 20:24:47 -04:00
|
|
|
"github.com/docker/docker/libnetwork/internal/setmatrix"
|
2016-05-25 01:46:18 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
// A global monotonic counter to assign firewall marks to
|
|
|
|
// services.
|
|
|
|
fwMarkCtr uint32 = 256
|
|
|
|
fwMarkCtrMu sync.Mutex
|
|
|
|
)
|
2016-05-08 03:48:04 -04:00
|
|
|
|
2016-06-24 19:37:14 -04:00
|
|
|
type portConfigs []*PortConfig
|
|
|
|
|
|
|
|
func (p portConfigs) String() string {
|
|
|
|
if len(p) == 0 {
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
|
|
|
pc := p[0]
|
|
|
|
str := fmt.Sprintf("%d:%d/%s", pc.PublishedPort, pc.TargetPort, PortConfig_Protocol_name[int32(pc.Protocol)])
|
|
|
|
for _, pc := range p[1:] {
|
|
|
|
str = str + fmt.Sprintf(",%d:%d/%s", pc.PublishedPort, pc.TargetPort, PortConfig_Protocol_name[int32(pc.Protocol)])
|
|
|
|
}
|
|
|
|
|
|
|
|
return str
|
|
|
|
}
|
|
|
|
|
|
|
|
type serviceKey struct {
|
|
|
|
id string
|
|
|
|
ports string
|
|
|
|
}
|
|
|
|
|
2016-04-13 20:53:41 -04:00
|
|
|
type service struct {
|
2016-05-25 01:46:18 -04:00
|
|
|
name string // Service Name
|
|
|
|
id string // Service ID
|
2016-04-13 20:53:41 -04:00
|
|
|
|
2016-05-25 01:46:18 -04:00
|
|
|
// Map of loadbalancers for the service one-per attached
|
|
|
|
// network. It is keyed with network ID.
|
|
|
|
loadBalancers map[string]*loadBalancer
|
2016-05-31 02:55:51 -04:00
|
|
|
|
|
|
|
// List of ingress ports exposed by the service
|
2016-06-24 19:37:14 -04:00
|
|
|
ingressPorts portConfigs
|
2016-05-31 02:55:51 -04:00
|
|
|
|
2016-08-19 20:50:37 -04:00
|
|
|
// Service aliases
|
|
|
|
aliases []string
|
|
|
|
|
2017-06-06 19:04:50 -04:00
|
|
|
// This maps tracks for each IP address the list of endpoints ID
|
|
|
|
// associated with it. At stable state the endpoint ID expected is 1
|
|
|
|
// but during transition and service change it is possible to have
|
|
|
|
// temporary more than 1
|
2018-07-16 20:34:20 -04:00
|
|
|
ipToEndpoint setmatrix.SetMatrix
|
2017-06-06 19:04:50 -04:00
|
|
|
|
|
|
|
deleted bool
|
|
|
|
|
2016-05-25 01:46:18 -04:00
|
|
|
sync.Mutex
|
2016-04-13 20:53:41 -04:00
|
|
|
}
|
|
|
|
|
2017-06-06 19:04:50 -04:00
|
|
|
// assignIPToEndpoint inserts the mapping between the IP and the endpoint identifier
|
|
|
|
// returns true if the mapping was not present, false otherwise
|
|
|
|
// returns also the number of endpoints associated to the IP
|
|
|
|
func (s *service) assignIPToEndpoint(ip, eID string) (bool, int) {
|
|
|
|
return s.ipToEndpoint.Insert(ip, eID)
|
|
|
|
}
|
|
|
|
|
|
|
|
// removeIPToEndpoint removes the mapping between the IP and the endpoint identifier
|
|
|
|
// returns true if the mapping was deleted, false otherwise
|
|
|
|
// returns also the number of endpoints associated to the IP
|
|
|
|
func (s *service) removeIPToEndpoint(ip, eID string) (bool, int) {
|
|
|
|
return s.ipToEndpoint.Remove(ip, eID)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *service) printIPToEndpoint(ip string) (string, bool) {
|
|
|
|
return s.ipToEndpoint.String(ip)
|
|
|
|
}
|
|
|
|
|
Gracefully remove LB endpoints from services
This patch attempts to allow endpoints to complete servicing connections
while being removed from a service. The change adds a flag to the
endpoint.deleteServiceInfoFromCluster() method to indicate whether this
removal should fully remove connectivity through the load balancer
to the endpoint or should just disable directing further connections to
the endpoint. If the flag is 'false', then the load balancer assigns
a weight of 0 to the endpoint but does not remove it as a linux load
balancing destination. It does remove the endpoint as a docker load
balancing endpoint but tracks it in a special map of "disabled-but-not-
destroyed" load balancing endpoints. This allows traffic to continue
flowing, at least under Linux. If the flag is 'true', then the code
removes the endpoint entirely as a load balancing destination.
The sandbox.DisableService() method invokes deleteServiceInfoFromCluster()
with the flag sent to 'false', while the endpoint.sbLeave() method invokes
it with the flag set to 'true' to complete the removal on endpoint
finalization. Renaming the endpoint invokes deleteServiceInfoFromCluster()
with the flag set to 'true' because renaming attempts to completely
remove and then re-add each endpoint service entry.
The controller.rmServiceBinding() method, which carries out the operation,
similarly gets a new flag for whether to fully remove the endpoint. If
the flag is false, it does the job of moving the endpoint from the
load balancing set to the 'disabled' set. It then removes or
de-weights the entry in the OS load balancing table via
network.rmLBBackend(). It removes the service entirely via said method
ONLY IF there are no more live or disabled load balancing endpoints.
Similarly network.addLBBackend() requires slight tweaking to properly
manage the disabled set.
Finally, this change requires propagating the status of disabled
service endpoints via the networkDB. Accordingly, the patch includes
both code to generate and handle service update messages. It also
augments the service structure with a ServiceDisabled boolean to convey
whether an endpoint should ultimately be removed or just disabled.
This, naturally, required a rebuild of the protocol buffer code as well.
Signed-off-by: Chris Telfer <ctelfer@docker.com>
2018-02-14 17:04:23 -05:00
|
|
|
type lbBackend struct {
|
|
|
|
ip net.IP
|
|
|
|
disabled bool
|
|
|
|
}
|
|
|
|
|
2016-05-25 01:46:18 -04:00
|
|
|
type loadBalancer struct {
|
|
|
|
vip net.IP
|
|
|
|
fwMark uint32
|
2016-04-13 20:53:41 -04:00
|
|
|
|
2016-05-25 01:46:18 -04:00
|
|
|
// Map of backend IPs backing this loadbalancer on this
|
|
|
|
// network. It is keyed with endpoint ID.
|
Gracefully remove LB endpoints from services
This patch attempts to allow endpoints to complete servicing connections
while being removed from a service. The change adds a flag to the
endpoint.deleteServiceInfoFromCluster() method to indicate whether this
removal should fully remove connectivity through the load balancer
to the endpoint or should just disable directing further connections to
the endpoint. If the flag is 'false', then the load balancer assigns
a weight of 0 to the endpoint but does not remove it as a linux load
balancing destination. It does remove the endpoint as a docker load
balancing endpoint but tracks it in a special map of "disabled-but-not-
destroyed" load balancing endpoints. This allows traffic to continue
flowing, at least under Linux. If the flag is 'true', then the code
removes the endpoint entirely as a load balancing destination.
The sandbox.DisableService() method invokes deleteServiceInfoFromCluster()
with the flag sent to 'false', while the endpoint.sbLeave() method invokes
it with the flag set to 'true' to complete the removal on endpoint
finalization. Renaming the endpoint invokes deleteServiceInfoFromCluster()
with the flag set to 'true' because renaming attempts to completely
remove and then re-add each endpoint service entry.
The controller.rmServiceBinding() method, which carries out the operation,
similarly gets a new flag for whether to fully remove the endpoint. If
the flag is false, it does the job of moving the endpoint from the
load balancing set to the 'disabled' set. It then removes or
de-weights the entry in the OS load balancing table via
network.rmLBBackend(). It removes the service entirely via said method
ONLY IF there are no more live or disabled load balancing endpoints.
Similarly network.addLBBackend() requires slight tweaking to properly
manage the disabled set.
Finally, this change requires propagating the status of disabled
service endpoints via the networkDB. Accordingly, the patch includes
both code to generate and handle service update messages. It also
augments the service structure with a ServiceDisabled boolean to convey
whether an endpoint should ultimately be removed or just disabled.
This, naturally, required a rebuild of the protocol buffer code as well.
Signed-off-by: Chris Telfer <ctelfer@docker.com>
2018-02-14 17:04:23 -05:00
|
|
|
backEnds map[string]*lbBackend
|
2016-05-31 02:55:51 -04:00
|
|
|
|
|
|
|
// Back pointer to service to which the loadbalancer belongs.
|
|
|
|
service *service
|
2017-08-29 02:35:31 -04:00
|
|
|
sync.Mutex
|
2016-04-13 20:53:41 -04:00
|
|
|
}
|