Make DSR an overlay-specific driver "option"

Allow DSR to be a configurable option through a generic option to the overlay driver. On the one hand this approach makes sense insofar as only overlay networks can currently perform load balancing. On the other hand, this approach has several issues. First, should we create another type of swarm scope network, this will prevent it working. Second, the service core code is separate from the driver code and the driver code can't influence the core data structures. So the driver code can't set this option itself. Therefore, implementing in this way requires some hack code to test for this option in controller.NewNetwork. A more correct approach would be to make this a generic option for any network. Then the driver could ignore, reject or be unaware of the option depending on the chosen model. This would require changes to: * libnetwork - naturally * the docker API - to carry the option * swarmkit - to propagate the option * the docker CLI - to support the option * moby - to translate the API option into a libnetwork option Given the urgency of requests to address this issue, this approach will be saved for a future iteration. Signed-off-by: Chris Telfer <ctelfer@docker.com>
author: Chris Telfer <ctelfer@docker.com> 2018-10-09 10:04:31 -0400
committer: Chris Telfer <ctelfer@docker.com> 2018-10-11 14:13:19 -0400
commit: 013ca3bdf84182194d12c9cf637c33a82755813d (patch)
tree: 01a2a7492d6366f50af00729bac3c435edf462ec /libnetwork/service_linux.go
parent: 9a2464f4369679b46dc9b0217b57c5b151eaa62f (diff)
download: docker-013ca3bdf84182194d12c9cf637c33a82755813d.tar.gz
1 files changed, 8 insertions, 13 deletions
diff --git a/libnetwork/service_linux.go b/libnetwork/service_linux.go
index 5e9e0e03e0..451f760b61 100644
--- a/libnetwork/service_linux.go
+++ b/libnetwork/service_linux.go
@@ -142,7 +142,7 @@ func (n *network) addLBBackend(ip net.IP, lb *loadBalancer) {
 		}
 
 		logrus.Debugf("Creating service for vip %s fwMark %d ingressPorts %#v in sbox %.7s (%.7s)", lb.vip, lb.fwMark, lb.service.ingressPorts, sb.ID(), sb.ContainerID())
-		if err := invokeFWMarker(sb.Key(), lb.vip, lb.fwMark, lb.service.ingressPorts, eIP, false, n.ingress); err != nil {
+		if err := invokeFWMarker(sb.Key(), lb.vip, lb.fwMark, lb.service.ingressPorts, eIP, false, n.loadBalancerMode); err != nil {
 			logrus.Errorf("Failed to add firewall mark rule in sbox %.7s (%.7s): %v", sb.ID(), sb.ContainerID(), err)
 			return
 		}
@@ -158,7 +158,7 @@ func (n *network) addLBBackend(ip net.IP, lb *loadBalancer) {
 		Address:       ip,
 		Weight:        1,
 	}
-	if !n.ingress {
+	if n.loadBalancerMode == loadBalancerModeDSR {
 		d.ConnectionFlags = ipvs.ConnFwdDirectRoute
 	}
 
@@ -206,7 +206,7 @@ func (n *network) rmLBBackend(ip net.IP, lb *loadBalancer, rmService bool, fullR
 		Address:       ip,
 		Weight:        1,
 	}
-	if !n.ingress {
+	if n.loadBalancerMode == loadBalancerModeDSR {
 		d.ConnectionFlags = ipvs.ConnFwdDirectRoute
 	}
 
@@ -237,7 +237,7 @@ func (n *network) rmLBBackend(ip net.IP, lb *loadBalancer, rmService bool, fullR
 			}
 		}
 
-		if err := invokeFWMarker(sb.Key(), lb.vip, lb.fwMark, lb.service.ingressPorts, eIP, true, n.ingress); err != nil {
+		if err := invokeFWMarker(sb.Key(), lb.vip, lb.fwMark, lb.service.ingressPorts, eIP, true, n.loadBalancerMode); err != nil {
 			logrus.Errorf("Failed to delete firewall mark rule in sbox %.7s (%.7s): %v", sb.ID(), sb.ContainerID(), err)
 		}
 
@@ -572,7 +572,7 @@ func readPortsFromFile(fileName string) ([]*PortConfig, error) {
 
 // Invoke fwmarker reexec routine to mark vip destined packets with
 // the passed firewall mark.
-func invokeFWMarker(path string, vip net.IP, fwMark uint32, ingressPorts []*PortConfig, eIP *net.IPNet, isDelete bool, isIngress bool) error {
+func invokeFWMarker(path string, vip net.IP, fwMark uint32, ingressPorts []*PortConfig, eIP *net.IPNet, isDelete bool, lbMode string) error {
 	var ingressPortsFile string
 
 	if len(ingressPorts) != 0 {
@@ -590,14 +590,9 @@ func invokeFWMarker(path string, vip net.IP, fwMark uint32, ingressPorts []*Port
 		addDelOpt = "-D"
 	}
 
-	isIngressOpt := "false"
-	if isIngress {
-		isIngressOpt = "true"
-	}
-
 	cmd := &exec.Cmd{
 		Path:   reexec.Self(),
-		Args:   append([]string{"fwmarker"}, path, vip.String(), fmt.Sprintf("%d", fwMark), addDelOpt, ingressPortsFile, eIP.String(), isIngressOpt),
+		Args:   append([]string{"fwmarker"}, path, vip.String(), fmt.Sprintf("%d", fwMark), addDelOpt, ingressPortsFile, eIP.String(), lbMode),
 		Stdout: os.Stdout,
 		Stderr: os.Stderr,
 	}
@@ -656,8 +651,8 @@ func fwMarker() {
 		os.Exit(5)
 	}
 
-	isIngressOpt := os.Args[7]
-	if addDelOpt == "-A" && isIngressOpt == "true" {
+	lbMode := os.Args[7]
+	if addDelOpt == "-A" && lbMode == loadBalancerModeNAT {
 		eIP, subnet, err := net.ParseCIDR(os.Args[6])
 		if err != nil {
 			logrus.Errorf("Failed to parse endpoint IP %s: %v", os.Args[6], err)
author	Chris Telfer <ctelfer@docker.com>	2018-10-09 10:04:31 -0400
committer	Chris Telfer <ctelfer@docker.com>	2018-10-11 14:13:19 -0400
commit	013ca3bdf84182194d12c9cf637c33a82755813d (patch)
tree	01a2a7492d6366f50af00729bac3c435edf462ec /libnetwork/service_linux.go
parent	9a2464f4369679b46dc9b0217b57c5b151eaa62f (diff)
download	docker-013ca3bdf84182194d12c9cf637c33a82755813d.tar.gz