Fix related to bug: https://github.com/docker/for-linux/issues/348
We should perform updateToStore(ep) after n.addEndpoint or do update twice,
otherwise response from network plugin will not be written to KV storage.
This results in container creation with broken network config.
Signed-off-by: Siarhei Rasiukevich <raskintech@gmail.com>
* Update dependencies to match moby master; add new sub-dependencies
as necessary.
* Update moby to latest
* Update gocapability
This moves gocapability beyond the version vendored in moby;
presumably the code which requires this particular version
is not used in moby and is removed by vndr. Moby will need
to be updated as well.
Signed-off-by: Euan Harris <euan.harris@docker.com>
moby/moby commit b27f70d45 wraps the ErrNotFound error returned when
a plugin cannot be found, to include a backtrace. This changes the
type of the error, so contoller.loadDriver no longer converts it to a
libnetwork plugin.NotFoundError. This causes a couple of tests which
inspect the return type to fail; most code only checks whether the
error is non-nil and is not affected by the change in type.
Signed-off-by: Euan Harris <euan.harris@docker.com>
Add a test to confirm that the pool allocator will iterate through all
the pools even if some earlier ones were freed before coming back to
previously allocated pools.
Signed-off-by: Chris Telfer <ctelfer@docker.com>
This commit prevents subnets from being reused at least initially,
instead favoring to cycle through them as we do with addresses within a
subnet.
Signed-off-by: Chris Telfer <ctelfer@docker.com>
Commit b64997ea prevented data corruption due to simultaneous
driver.CreateNetwork()/driver.DeleteNetwork() by holding the network
lock through the read/modify part of the operation. However, part of
the DeleteNetwork operation entails sending a message to the peerDB to
tell that goroutine to flush entries on deletion. This can lead to a
deadlock where:
* driver.DeleteNetwork() starts and acquires driver.Lock()
* peerDB receives some other request (e.g. EventNotify) and blocks
on driver.Lock()
* driver.DeleteNetwork() attempts a peerDB flush and blocks waiting
on the synchronous peerDB operation channel
This patch fixes the issue by deferring the peerDB flush operation until
after DeleteNetwork() unlocks driver.Lock(). Commit b64997ea only
modified CreateNetwork() and DeleteNetwork() and the critical section
that driver.Lock() protects in CreateNetwork() does not perform any
peerDB notifications or other locks of driver data structures. So this
solution should be a complete fix for any regressions introduced in
b64997ea.
Signed-off-by: Chris Telfer <ctelfer@docker.com>
Make sure that iptables operations on ingress
are serialized.
Before 2 racing routines trying to create the ingress chain
were allowed and one was failing reporting the chain as
already existing.
The lock guarantees that this condition does not happen anymore
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
The system should remove cluster service info including networkDB
entries and DNS entries for container endpoints that are not part of a
service as well as those that are part of a service. This used to be
the normal sequence of operations but it moved to
sandbox.DisableService() in an effort to more gracefully handle endpoint
removal from a service (which proved insufficient). Unfortunately
subsequent changes also removed the newly-mandetory call to
sandbox.DisableService() preventing proper cleanup for non-service
container endpoints.
Signed-off-by: Chris Telfer <ctelfer@docker.com>
Use net.splitHostPort() instead of our own logic in func (p *PortBinding)
FromString(s string) error. This means that IPv6 literals, including
IPv4 in IPv6 literals, can now be parsed from the string form of
PortBindings. Zoned addresses do not work - net.splitHostPort() parses
them but net.ParseIP() cannot and returns an error. This is ok because
we do not have a slot to store the zone name in PortBinding anyway.
Signed-off-by: Euan Harris <euan.harris@docker.com>
