From 81eef17e38065e0c6e48a1596bc297e299528c66 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Mon, 18 Mar 2019 14:20:44 +0100
Subject: [PATCH] Return a warning when running in a two-manager setup

Running a cluster in a two-manager configuration effectively *doubles*
the chance of loosing control over the cluster (compared to running
in a single-manager setup). Users may have the assumption that having
two managers provides fault tolerance, so it's best to warn them if
they're using this configuration.

This patch adds a warning to the `info` response if Swarm is configured
with two managers:

    WARNING: Running Swarm in a two-manager configuration. This configuration provides
             no fault tolerance, and poses a high risk to loose control over the cluster.
             Refer to https://docs.docker.com/engine/swarm/admin_guide/ to configure the
             Swarm for fault-tolerance.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 api/server/router/system/system_routes.go |  1 +
 api/types/swarm/swarm.go                  |  2 ++
 daemon/cluster/swarm.go                   | 14 ++++++++++++++
 3 files changed, 17 insertions(+)

diff --git a/api/server/router/system/system_routes.go b/api/server/router/system/system_routes.go
index 365095159a..2d496a189c 100644
--- a/api/server/router/system/system_routes.go
+++ b/api/server/router/system/system_routes.go
@@ -50,6 +50,7 @@ func (s *systemRouter) getInfo(ctx context.Context, w http.ResponseWriter, r *ht
 	}
 	if s.cluster != nil {
 		info.Swarm = s.cluster.Info()
+		info.Warnings = append(info.Warnings, info.Swarm.Warnings...)
 	}
 
 	if versions.LessThan(httputils.VersionFromContext(ctx), "1.25") {
diff --git a/api/types/swarm/swarm.go b/api/types/swarm/swarm.go
index 484cd0be7f..b25f999646 100644
--- a/api/types/swarm/swarm.go
+++ b/api/types/swarm/swarm.go
@@ -209,6 +209,8 @@ type Info struct {
 	Managers       int `json:",omitempty"`
 
 	Cluster *ClusterInfo `json:",omitempty"`
+
+	Warnings []string `json:",omitempty"`
 }
 
 // Peer represents a peer.
diff --git a/daemon/cluster/swarm.go b/daemon/cluster/swarm.go
index 8cc172e9ce..18a909199a 100644
--- a/daemon/cluster/swarm.go
+++ b/daemon/cluster/swarm.go
@@ -459,6 +459,20 @@ func (c *Cluster) Info() types.Info {
 				}
 			}
 		}
+
+		switch info.LocalNodeState {
+		case types.LocalNodeStateInactive, types.LocalNodeStateLocked, types.LocalNodeStateError:
+			// nothing to do
+		default:
+			if info.Managers == 2 {
+				const warn string = `WARNING: Running Swarm in a two-manager configuration. This configuration provides
+         no fault tolerance, and poses a high risk to loose control over the cluster.
+         Refer to https://docs.docker.com/engine/swarm/admin_guide/ to configure the
+         Swarm for fault-tolerance.`
+
+				info.Warnings = append(info.Warnings, warn)
+			}
+		}
 	}
 
 	if state.swarmNode != nil {