diff options
author | Chris Telfer <ctelfer@docker.com> | 2018-10-09 10:04:31 -0400 |
---|---|---|
committer | Chris Telfer <ctelfer@docker.com> | 2018-10-11 14:13:19 -0400 |
commit | 013ca3bdf84182194d12c9cf637c33a82755813d (patch) | |
tree | 01a2a7492d6366f50af00729bac3c435edf462ec /libnetwork/service_linux.go | |
parent | 9a2464f4369679b46dc9b0217b57c5b151eaa62f (diff) | |
download | docker-013ca3bdf84182194d12c9cf637c33a82755813d.tar.gz |
Make DSR an overlay-specific driver "option"
Allow DSR to be a configurable option through a generic option to the
overlay driver. On the one hand this approach makes sense insofar as
only overlay networks can currently perform load balancing. On the
other hand, this approach has several issues. First, should we create
another type of swarm scope network, this will prevent it working.
Second, the service core code is separate from the driver code and the
driver code can't influence the core data structures. So the driver
code can't set this option itself. Therefore, implementing in this way
requires some hack code to test for this option in
controller.NewNetwork.
A more correct approach would be to make this a generic option for any
network. Then the driver could ignore, reject or be unaware of the option
depending on the chosen model. This would require changes to:
* libnetwork - naturally
* the docker API - to carry the option
* swarmkit - to propagate the option
* the docker CLI - to support the option
* moby - to translate the API option into a libnetwork option
Given the urgency of requests to address this issue, this approach will
be saved for a future iteration.
Signed-off-by: Chris Telfer <ctelfer@docker.com>
Diffstat (limited to 'libnetwork/service_linux.go')
-rw-r--r-- | libnetwork/service_linux.go | 21 |
1 files changed, 8 insertions, 13 deletions
diff --git a/libnetwork/service_linux.go b/libnetwork/service_linux.go index 5e9e0e03e0..451f760b61 100644 --- a/libnetwork/service_linux.go +++ b/libnetwork/service_linux.go @@ -142,7 +142,7 @@ func (n *network) addLBBackend(ip net.IP, lb *loadBalancer) { } logrus.Debugf("Creating service for vip %s fwMark %d ingressPorts %#v in sbox %.7s (%.7s)", lb.vip, lb.fwMark, lb.service.ingressPorts, sb.ID(), sb.ContainerID()) - if err := invokeFWMarker(sb.Key(), lb.vip, lb.fwMark, lb.service.ingressPorts, eIP, false, n.ingress); err != nil { + if err := invokeFWMarker(sb.Key(), lb.vip, lb.fwMark, lb.service.ingressPorts, eIP, false, n.loadBalancerMode); err != nil { logrus.Errorf("Failed to add firewall mark rule in sbox %.7s (%.7s): %v", sb.ID(), sb.ContainerID(), err) return } @@ -158,7 +158,7 @@ func (n *network) addLBBackend(ip net.IP, lb *loadBalancer) { Address: ip, Weight: 1, } - if !n.ingress { + if n.loadBalancerMode == loadBalancerModeDSR { d.ConnectionFlags = ipvs.ConnFwdDirectRoute } @@ -206,7 +206,7 @@ func (n *network) rmLBBackend(ip net.IP, lb *loadBalancer, rmService bool, fullR Address: ip, Weight: 1, } - if !n.ingress { + if n.loadBalancerMode == loadBalancerModeDSR { d.ConnectionFlags = ipvs.ConnFwdDirectRoute } @@ -237,7 +237,7 @@ func (n *network) rmLBBackend(ip net.IP, lb *loadBalancer, rmService bool, fullR } } - if err := invokeFWMarker(sb.Key(), lb.vip, lb.fwMark, lb.service.ingressPorts, eIP, true, n.ingress); err != nil { + if err := invokeFWMarker(sb.Key(), lb.vip, lb.fwMark, lb.service.ingressPorts, eIP, true, n.loadBalancerMode); err != nil { logrus.Errorf("Failed to delete firewall mark rule in sbox %.7s (%.7s): %v", sb.ID(), sb.ContainerID(), err) } @@ -572,7 +572,7 @@ func readPortsFromFile(fileName string) ([]*PortConfig, error) { // Invoke fwmarker reexec routine to mark vip destined packets with // the passed firewall mark. -func invokeFWMarker(path string, vip net.IP, fwMark uint32, ingressPorts []*PortConfig, eIP *net.IPNet, isDelete bool, isIngress bool) error { +func invokeFWMarker(path string, vip net.IP, fwMark uint32, ingressPorts []*PortConfig, eIP *net.IPNet, isDelete bool, lbMode string) error { var ingressPortsFile string if len(ingressPorts) != 0 { @@ -590,14 +590,9 @@ func invokeFWMarker(path string, vip net.IP, fwMark uint32, ingressPorts []*Port addDelOpt = "-D" } - isIngressOpt := "false" - if isIngress { - isIngressOpt = "true" - } - cmd := &exec.Cmd{ Path: reexec.Self(), - Args: append([]string{"fwmarker"}, path, vip.String(), fmt.Sprintf("%d", fwMark), addDelOpt, ingressPortsFile, eIP.String(), isIngressOpt), + Args: append([]string{"fwmarker"}, path, vip.String(), fmt.Sprintf("%d", fwMark), addDelOpt, ingressPortsFile, eIP.String(), lbMode), Stdout: os.Stdout, Stderr: os.Stderr, } @@ -656,8 +651,8 @@ func fwMarker() { os.Exit(5) } - isIngressOpt := os.Args[7] - if addDelOpt == "-A" && isIngressOpt == "true" { + lbMode := os.Args[7] + if addDelOpt == "-A" && lbMode == loadBalancerModeNAT { eIP, subnet, err := net.ParseCIDR(os.Args[6]) if err != nil { logrus.Errorf("Failed to parse endpoint IP %s: %v", os.Args[6], err) |