![]() I saw a rare race during the first few calls to iptables module where some of them would reenter initCheck() after the first call to it already changed iptablesPath, but before the rest of the function completed (in particular the long execs into testing for availability of --wait flag and determining iptables version), resulting in failure of one or more of iptables calls that did not use --wait and were concurrent. To fix the problem, this change gathers all one-time initialization into a single function under a sync.Once instead of using a global variable as a "done initializing" flag before initialization is done. sync.Once guarantees all concurrent calls will block until the first one completes. In addition, it turns out that GetVersion(), called from initCheck(), used Raw() which called back into initCheck() via raw(), which did not cause a problem in the earlier implementation but deadlocked when initialization became strict. This was changed to use a direct call, similar to initialization of supportsXlock. Signed-off-by: Max Timchenko <max@maxvt.com> |
||
---|---|---|
.. | ||
api | ||
bitseq | ||
client | ||
cluster | ||
cmd | ||
config | ||
datastore | ||
discoverapi | ||
docs | ||
driverapi | ||
drivers | ||
drvregistry | ||
etchosts | ||
hostdiscovery | ||
idm | ||
ipam | ||
ipamapi | ||
ipams | ||
ipamutils | ||
iptables | ||
ipvs | ||
netlabel | ||
netutils | ||
networkdb | ||
ns | ||
options | ||
osl | ||
portallocator | ||
portmapper | ||
resolvconf | ||
test/integration | ||
testutils | ||
types | ||
vendor | ||
.dockerignore | ||
.gitignore | ||
agent.go | ||
agent.pb.go | ||
agent.proto | ||
CHANGELOG.md | ||
circle.yml | ||
controller.go | ||
default_gateway.go | ||
default_gateway_freebsd.go | ||
default_gateway_linux.go | ||
default_gateway_solaris.go | ||
default_gateway_windows.go | ||
Dockerfile.build | ||
drivers_experimental_linux.go | ||
drivers_freebsd.go | ||
drivers_ipam.go | ||
drivers_linux.go | ||
drivers_solaris.go | ||
drivers_windows.go | ||
endpoint.go | ||
endpoint_cnt.go | ||
endpoint_info.go | ||
endpoint_info_unix.go | ||
endpoint_info_windows.go | ||
error.go | ||
errors_test.go | ||
libnetwork_internal_test.go | ||
libnetwork_linux_test.go | ||
libnetwork_test.go | ||
LICENSE | ||
machines | ||
MAINTAINERS | ||
Makefile | ||
network.go | ||
network_unix.go | ||
network_windows.go | ||
README.md | ||
resolver.go | ||
resolver_unix.go | ||
resolver_windows.go | ||
ROADMAP.md | ||
sandbox.go | ||
sandbox_dns_unix.go | ||
sandbox_dns_windows.go | ||
sandbox_externalkey.go | ||
sandbox_externalkey_solaris.go | ||
sandbox_externalkey_unix.go | ||
sandbox_externalkey_windows.go | ||
sandbox_store.go | ||
sandbox_test.go | ||
service.go | ||
service_common.go | ||
service_linux.go | ||
service_unsupported.go | ||
service_windows.go | ||
store.go | ||
store_linux_test.go | ||
store_test.go | ||
support.sh | ||
Vagrantfile | ||
vendor.conf | ||
wrapmake.sh |
libnetwork - networking for containers
Libnetwork provides a native Go implementation for connecting containers
The goal of libnetwork is to deliver a robust Container Network Model that provides a consistent programming interface and the required network abstractions for applications.
Design
Please refer to the design for more information.
Using libnetwork
There are many networking solutions available to suit a broad range of use-cases. libnetwork uses a driver / plugin model to support all of these solutions while abstracting the complexity of the driver implementations by exposing a simple and consistent Network Model to users.
func main() {
if reexec.Init() {
return
}
// Select and configure the network driver
networkType := "bridge"
// Create a new controller instance
driverOptions := options.Generic{}
genericOption := make(map[string]interface{})
genericOption[netlabel.GenericData] = driverOptions
controller, err := libnetwork.New(config.OptionDriverConfig(networkType, genericOption))
if err != nil {
log.Fatalf("libnetwork.New: %s", err)
}
// Create a network for containers to join.
// NewNetwork accepts Variadic optional arguments that libnetwork and Drivers can use.
network, err := controller.NewNetwork(networkType, "network1", "")
if err != nil {
log.Fatalf("controller.NewNetwork: %s", err)
}
// For each new container: allocate IP and interfaces. The returned network
// settings will be used for container infos (inspect and such), as well as
// iptables rules for port publishing. This info is contained or accessible
// from the returned endpoint.
ep, err := network.CreateEndpoint("Endpoint1")
if err != nil {
log.Fatalf("network.CreateEndpoint: %s", err)
}
// Create the sandbox for the container.
// NewSandbox accepts Variadic optional arguments which libnetwork can use.
sbx, err := controller.NewSandbox("container1",
libnetwork.OptionHostname("test"),
libnetwork.OptionDomainname("docker.io"))
if err != nil {
log.Fatalf("controller.NewSandbox: %s", err)
}
// A sandbox can join the endpoint via the join api.
err = ep.Join(sbx)
if err != nil {
log.Fatalf("ep.Join: %s", err)
}
// libnetwork client can check the endpoint's operational data via the Info() API
epInfo, err := ep.DriverInfo()
if err != nil {
log.Fatalf("ep.DriverInfo: %s", err)
}
macAddress, ok := epInfo[netlabel.MacAddress]
if !ok {
log.Fatalf("failed to get mac address from endpoint info")
}
fmt.Printf("Joined endpoint %s (%s) to sandbox %s (%s)\n", ep.Name(), macAddress, sbx.ContainerID(), sbx.Key())
}
Future
Please refer to roadmap for more information.
Contributing
Want to hack on libnetwork? Docker's contributions guidelines apply.
Copyright and license
Code and documentation copyright 2015 Docker, inc. Code released under the Apache 2.0 license. Docs released under Creative commons.