From d98b117962a7178154e775b8b283744841a10e3b Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Tue, 30 Sep 2014 12:18:26 -0700 Subject: [PATCH 1/2] Add test for #8307. Docker-DCO-1.1-Signed-off-by: Jessica Frazelle (github: jfrazelle) --- integration-cli/docker_cli_daemon_test.go | 95 +++++++++++++++++++++++ 1 file changed, 95 insertions(+) diff --git a/integration-cli/docker_cli_daemon_test.go b/integration-cli/docker_cli_daemon_test.go index 9d238c15ee..42995def13 100644 --- a/integration-cli/docker_cli_daemon_test.go +++ b/integration-cli/docker_cli_daemon_test.go @@ -128,3 +128,98 @@ func TestDaemonStartBridgeWithoutIPAssociation(t *testing.T) { logDone("daemon - successful daemon start when bridge has no IP association") } + +func TestDaemonIptablesClean(t *testing.T) { + d := NewDaemon(t) + if err := d.StartWithBusybox(); err != nil { + t.Fatalf("Could not start daemon with busybox: %v", err) + } + defer d.Stop() + + if out, err := d.Cmd("run", "-d", "--name", "top", "-p", "80", "busybox:latest", "top"); err != nil { + t.Fatalf("Could not run top: %s, %v", out, err) + } + + // get output from iptables with container running + ipTablesSearchString := "tcp dpt:80" + ipTablesCmd := exec.Command("iptables", "-nvL") + out, _, err := runCommandWithOutput(ipTablesCmd) + if err != nil { + t.Fatalf("Could not run iptables -nvL: %s, %v", out, err) + } + + if !strings.Contains(out, ipTablesSearchString) { + t.Fatalf("iptables output should have contained %q, but was %q", ipTablesSearchString, out) + } + + if err := d.Stop(); err != nil { + t.Fatalf("Could not stop daemon: %v", err) + } + + // get output from iptables after restart + ipTablesCmd = exec.Command("iptables", "-nvL") + out, _, err = runCommandWithOutput(ipTablesCmd) + if err != nil { + t.Fatalf("Could not run iptables -nvL: %s, %v", out, err) + } + + if strings.Contains(out, ipTablesSearchString) { + t.Fatalf("iptables output should not have contained %q, but was %q", ipTablesSearchString, out) + } + + deleteAllContainers() + + logDone("run,iptables - iptables rules cleaned after daemon restart") +} + +func TestDaemonIptablesCreate(t *testing.T) { + d := NewDaemon(t) + if err := d.StartWithBusybox(); err != nil { + t.Fatalf("Could not start daemon with busybox: %v", err) + } + defer d.Stop() + + if out, err := d.Cmd("run", "-d", "--name", "top", "--restart=always", "-p", "80", "busybox:latest", "top"); err != nil { + t.Fatalf("Could not run top: %s, %v", out, err) + } + + // get output from iptables with container running + ipTablesSearchString := "tcp dpt:80" + ipTablesCmd := exec.Command("iptables", "-nvL") + out, _, err := runCommandWithOutput(ipTablesCmd) + if err != nil { + t.Fatalf("Could not run iptables -nvL: %s, %v", out, err) + } + + if !strings.Contains(out, ipTablesSearchString) { + t.Fatalf("iptables output should have contained %q, but was %q", ipTablesSearchString, out) + } + + if err := d.Restart(); err != nil { + t.Fatalf("Could not restart daemon: %v", err) + } + + // make sure the container is not running + runningOut, err := d.Cmd("inspect", "--format='{{.State.Running}}'", "top") + if err != nil { + t.Fatalf("Could not inspect on container: %s, %v", out, err) + } + if strings.TrimSpace(runningOut) != "true" { + t.Fatalf("Container should have been restarted after daemon restart. Status running should have been true but was: %q", strings.TrimSpace(runningOut)) + } + + // get output from iptables after restart + ipTablesCmd = exec.Command("iptables", "-nvL") + out, _, err = runCommandWithOutput(ipTablesCmd) + if err != nil { + t.Fatalf("Could not run iptables -nvL: %s, %v", out, err) + } + + if !strings.Contains(out, ipTablesSearchString) { + t.Fatalf("iptables output after restart should have contained %q, but was %q", ipTablesSearchString, out) + } + + deleteAllContainers() + + logDone("run,iptables - iptables rules for always restarted container created after daemon restart") +} From e171eda9989cb5d10e7fe14b258f239edb124541 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Thu, 16 Oct 2014 16:54:55 -0700 Subject: [PATCH 2/2] fix for iptables cleanup 8307 Docker-DCO-1.1-Signed-off-by: Jessica Frazelle (github: jfrazelle) --- daemon/container.go | 4 +++- engine/job.go | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/daemon/container.go b/daemon/container.go index a477f19f22..a972f8b712 100644 --- a/daemon/container.go +++ b/daemon/container.go @@ -527,7 +527,9 @@ func (container *Container) ReleaseNetwork() { } eng := container.daemon.eng - eng.Job("release_interface", container.ID).Run() + job := eng.Job("release_interface", container.ID) + job.SetenvBool("overrideShutdown", true) + job.Run() container.NetworkSettings = &NetworkSettings{} } diff --git a/engine/job.go b/engine/job.go index ecd9441ff5..6c11b13446 100644 --- a/engine/job.go +++ b/engine/job.go @@ -48,7 +48,7 @@ const ( // If the job returns a failure status, an error is returned // which includes the status. func (job *Job) Run() error { - if job.Eng.IsShutdown() { + if job.Eng.IsShutdown() && !job.GetenvBool("overrideShutdown") { return fmt.Errorf("engine is shutdown") } // FIXME: this is a temporary workaround to avoid Engine.Shutdown