From 336199a877014143bac462e98cae7f59525a0556 Mon Sep 17 00:00:00 2001 From: Daniel Norberg Date: Tue, 8 Apr 2014 14:07:02 -0400 Subject: [PATCH 1/2] net: do not create -b/--bridge specified bridge If the bridge specified using -b/--bridge doesn't exist, fail instead of attempting to create it. This is consistent with the docker documentation on -b/--bridge: "Attach containers to a pre existing network bridge". It is also less surprising in an environment where the operator expected the bridge to be properly set up before docker starts and expects docker to fail fast if the bridge was not up instead of masking this error and coming up in some potentially broken state. With this patch, docker still creates docker0 if needed and no bridge was explicitly specified. Docker-DCO-1.1-Signed-off-by: Daniel Norberg (github: danielnorberg) --- runtime/networkdriver/bridge/driver.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/runtime/networkdriver/bridge/driver.go b/runtime/networkdriver/bridge/driver.go index f7c3bc6b01..092aa9a23f 100644 --- a/runtime/networkdriver/bridge/driver.go +++ b/runtime/networkdriver/bridge/driver.go @@ -68,12 +68,20 @@ func InitDriver(job *engine.Job) engine.Status { } bridgeIface = job.Getenv("BridgeIface") + usingDefaultBridge := false if bridgeIface == "" { + usingDefaultBridge = true bridgeIface = DefaultNetworkBridge } addr, err := networkdriver.GetIfaceAddr(bridgeIface) if err != nil { + // If we're not using the default bridge, fail without trying to create it + if !usingDefaultBridge { + job.Logf("bridge not found: %s", bridgeIface) + job.Error(err) + return engine.StatusErr + } // If the iface is not found, try to create it job.Logf("creating new bridge for %s", bridgeIface) if err := createBridge(bridgeIP); err != nil { From d4746d3ea0b8d4888b21b808237199ae22525b07 Mon Sep 17 00:00:00 2001 From: Daniel Norberg Date: Thu, 10 Apr 2014 11:15:56 -0400 Subject: [PATCH 2/2] bridge driver: clean up error returns Docker-DCO-1.1-Signed-off-by: Daniel Norberg (github: danielnorberg) --- runtime/networkdriver/bridge/driver.go | 46 +++++++++----------------- 1 file changed, 15 insertions(+), 31 deletions(-) diff --git a/runtime/networkdriver/bridge/driver.go b/runtime/networkdriver/bridge/driver.go index 092aa9a23f..b8568c7c40 100644 --- a/runtime/networkdriver/bridge/driver.go +++ b/runtime/networkdriver/bridge/driver.go @@ -79,21 +79,18 @@ func InitDriver(job *engine.Job) engine.Status { // If we're not using the default bridge, fail without trying to create it if !usingDefaultBridge { job.Logf("bridge not found: %s", bridgeIface) - job.Error(err) - return engine.StatusErr + return job.Error(err) } // If the iface is not found, try to create it job.Logf("creating new bridge for %s", bridgeIface) if err := createBridge(bridgeIP); err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } job.Logf("getting iface addr") addr, err = networkdriver.GetIfaceAddr(bridgeIface) if err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } network = addr.(*net.IPNet) } else { @@ -109,8 +106,7 @@ func InitDriver(job *engine.Job) engine.Status { // Configure iptables for link support if enableIPTables { if err := setupIPTables(addr, icc); err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } } @@ -123,15 +119,13 @@ func InitDriver(job *engine.Job) engine.Status { // We can always try removing the iptables if err := iptables.RemoveExistingChain("DOCKER"); err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } if enableIPTables { chain, err := iptables.NewChain("DOCKER", bridgeIface) if err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } portmapper.SetIptablesChain(chain) } @@ -148,8 +142,7 @@ func InitDriver(job *engine.Job) engine.Status { "link": LinkContainers, } { if err := job.Eng.Register(name, f); err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } } return engine.StatusOK @@ -310,8 +303,7 @@ func Allocate(job *engine.Job) engine.Status { ip, err = ipallocator.RequestIP(bridgeNetwork, nil) } if err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } out := engine.Env{} @@ -395,8 +387,7 @@ func AllocatePort(job *engine.Job) engine.Status { // host ip, proto, and host port hostPort, err = portallocator.RequestPort(ip, proto, hostPort) if err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } var ( @@ -414,9 +405,7 @@ func AllocatePort(job *engine.Job) engine.Status { if err := portmapper.Map(container, ip, hostPort); err != nil { portallocator.ReleasePort(ip, proto, hostPort) - - job.Error(err) - return engine.StatusErr + return job.Error(err) } network.PortMappings = append(network.PortMappings, host) @@ -425,8 +414,7 @@ func AllocatePort(job *engine.Job) engine.Status { out.SetInt("HostPort", hostPort) if _, err := out.WriteTo(job.Stdout); err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } return engine.StatusOK } @@ -453,11 +441,9 @@ func LinkContainers(job *engine.Job) engine.Status { "--dport", port, "-d", childIP, "-j", "ACCEPT"); !ignoreErrors && err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } else if len(output) != 0 { - job.Errorf("Error toggle iptables forward: %s", output) - return engine.StatusErr + return job.Errorf("Error toggle iptables forward: %s", output) } if output, err := iptables.Raw(action, "FORWARD", @@ -467,11 +453,9 @@ func LinkContainers(job *engine.Job) engine.Status { "--sport", port, "-d", parentIP, "-j", "ACCEPT"); !ignoreErrors && err != nil { - job.Error(err) - return engine.StatusErr + return job.Error(err) } else if len(output) != 0 { - job.Errorf("Error toggle iptables forward: %s", output) - return engine.StatusErr + return job.Errorf("Error toggle iptables forward: %s", output) } } return engine.StatusOK