mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Overlay driver to check for chain presence
- When creating and programming the global overlay chain, gracefully handle the case where the chain already exists. Today the driver logs an Error and does not attempt to insert the return rule if the chain is already present. Signed-off-by: Alessandro Boch <aboch@docker.com>
This commit is contained in:
parent
089c5ab18a
commit
cf65861f59
1 changed files with 10 additions and 6 deletions
|
@ -21,14 +21,18 @@ func chainExists(cname string) bool {
|
|||
}
|
||||
|
||||
func setupGlobalChain() {
|
||||
if err := iptables.RawCombinedOutput("-N", globalChain); err != nil {
|
||||
logrus.Errorf("could not create global overlay chain: %v", err)
|
||||
return
|
||||
// Because of an ungraceful shutdown, chain could already be present
|
||||
if !chainExists(globalChain) {
|
||||
if err := iptables.RawCombinedOutput("-N", globalChain); err != nil {
|
||||
logrus.Errorf("could not create global overlay chain: %v", err)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if err := iptables.RawCombinedOutput("-A", globalChain, "-j", "RETURN"); err != nil {
|
||||
logrus.Errorf("could not install default return chain in the overlay global chain: %v", err)
|
||||
return
|
||||
if !iptables.Exists(iptables.Filter, globalChain, "-j", "RETURN") {
|
||||
if err := iptables.RawCombinedOutput("-A", globalChain, "-j", "RETURN"); err != nil {
|
||||
logrus.Errorf("could not install default return chain in the overlay global chain: %v", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue