Browse code
Turn off service discovery when icc==false
- Turn off built-in service discovery on docker0 bridge
when icc is false
Signed-off-by: Alessandro Boch <aboch@docker.com>
Alessandro Boch authored on 2015/10/23 00:41:50Showing 2 changed files
| ... | ... |
@@ -777,7 +777,7 @@ func (container *Container) updateNetwork() error {
|
| 777 | 777 |
return nil |
| 778 | 778 |
} |
| 779 | 779 |
|
| 780 |
-func (container *Container) buildCreateEndpointOptions() ([]libnetwork.EndpointOption, error) {
|
|
| 780 |
+func (container *Container) buildCreateEndpointOptions(n libnetwork.Network) ([]libnetwork.EndpointOption, error) {
|
|
| 781 | 781 |
var ( |
| 782 | 782 |
portSpecs = make(nat.PortSet) |
| 783 | 783 |
bindings = make(nat.PortMap) |
| ... | ... |
@@ -855,6 +855,10 @@ func (container *Container) buildCreateEndpointOptions() ([]libnetwork.EndpointO |
| 855 | 855 |
createOptions = append(createOptions, libnetwork.EndpointOptionGeneric(genericOption)) |
| 856 | 856 |
} |
| 857 | 857 |
|
| 858 |
+ if n.Name() == "bridge" && !container.daemon.config().Bridge.InterContainerCommunication {
|
|
| 859 |
+ createOptions = append(createOptions, libnetwork.CreateOptionAnonymous()) |
|
| 860 |
+ } |
|
| 861 |
+ |
|
| 858 | 862 |
return createOptions, nil |
| 859 | 863 |
} |
| 860 | 864 |
|
| ... | ... |
@@ -944,7 +948,7 @@ func (container *Container) connectToNetwork(idOrName string, updateSettings boo |
| 944 | 944 |
return err |
| 945 | 945 |
} |
| 946 | 946 |
|
| 947 |
- createOptions, err := container.buildCreateEndpointOptions() |
|
| 947 |
+ createOptions, err := container.buildCreateEndpointOptions(n) |
|
| 948 | 948 |
if err != nil {
|
| 949 | 949 |
return err |
| 950 | 950 |
} |
| ... | ... |
@@ -384,3 +384,80 @@ func (s *DockerNetworkSuite) TestDockerNetworkDriverOptions(c *check.C) {
|
| 384 | 384 |
dockerCmd(c, "network", "rm", "testopt") |
| 385 | 385 |
|
| 386 | 386 |
} |
| 387 |
+ |
|
| 388 |
+func (s *DockerDaemonSuite) TestDockerNetworkDiscoveryICCFalse(c *check.C) {
|
|
| 389 |
+ // When icc == false, containers' etc/hosts should not be populated with containers' names |
|
| 390 |
+ hostsFile := "/etc/hosts" |
|
| 391 |
+ bridgeName := "external-bridge" |
|
| 392 |
+ bridgeIP := "192.169.255.254/24" |
|
| 393 |
+ out, err := createInterface(c, "bridge", bridgeName, bridgeIP) |
|
| 394 |
+ c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 395 |
+ defer deleteInterface(c, bridgeName) |
|
| 396 |
+ |
|
| 397 |
+ err = s.d.StartWithBusybox("--bridge", bridgeName, "--icc=false")
|
|
| 398 |
+ c.Assert(err, check.IsNil) |
|
| 399 |
+ defer s.d.Restart() |
|
| 400 |
+ |
|
| 401 |
+ // run two containers and store first container's etc/hosts content |
|
| 402 |
+ out, err = s.d.Cmd("run", "-d", "busybox", "top")
|
|
| 403 |
+ c.Assert(err, check.IsNil) |
|
| 404 |
+ cid1 := strings.TrimSpace(out) |
|
| 405 |
+ defer s.d.Cmd("stop", cid1)
|
|
| 406 |
+ |
|
| 407 |
+ hosts, err := s.d.Cmd("exec", cid1, "cat", hostsFile)
|
|
| 408 |
+ c.Assert(err, checker.IsNil) |
|
| 409 |
+ |
|
| 410 |
+ out, err = s.d.Cmd("run", "-d", "busybox", "top")
|
|
| 411 |
+ c.Assert(err, check.IsNil) |
|
| 412 |
+ cid2 := strings.TrimSpace(out) |
|
| 413 |
+ |
|
| 414 |
+ // verify first container's etc/hosts file has not changed after spawning second container |
|
| 415 |
+ hostsPost, err := s.d.Cmd("exec", cid1, "cat", hostsFile)
|
|
| 416 |
+ c.Assert(err, checker.IsNil) |
|
| 417 |
+ c.Assert(string(hosts), checker.Equals, string(hostsPost), |
|
| 418 |
+ check.Commentf("Unexpected %s change on second container creation", hostsFile))
|
|
| 419 |
+ |
|
| 420 |
+ // stop container 2 and verify first container's etc/hosts has not changed |
|
| 421 |
+ _, err = s.d.Cmd("stop", cid2)
|
|
| 422 |
+ c.Assert(err, check.IsNil) |
|
| 423 |
+ |
|
| 424 |
+ hostsPost, err = s.d.Cmd("exec", cid1, "cat", hostsFile)
|
|
| 425 |
+ c.Assert(err, checker.IsNil) |
|
| 426 |
+ c.Assert(string(hosts), checker.Equals, string(hostsPost), |
|
| 427 |
+ check.Commentf("Unexpected %s change on second container creation", hostsFile))
|
|
| 428 |
+ |
|
| 429 |
+ // but discovery is on when connecting to non default bridge network |
|
| 430 |
+ network := "anotherbridge" |
|
| 431 |
+ out, err = s.d.Cmd("network", "create", network)
|
|
| 432 |
+ c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 433 |
+ defer s.d.Cmd("network", "rm", network)
|
|
| 434 |
+ |
|
| 435 |
+ out, err = s.d.Cmd("network", "connect", network, cid1)
|
|
| 436 |
+ c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 437 |
+ |
|
| 438 |
+ hostsPost, err = s.d.Cmd("exec", cid1, "cat", hostsFile)
|
|
| 439 |
+ c.Assert(err, checker.IsNil) |
|
| 440 |
+ c.Assert(string(hosts), checker.Equals, string(hostsPost), |
|
| 441 |
+ check.Commentf("Unexpected %s change on second network connection", hostsFile))
|
|
| 442 |
+ |
|
| 443 |
+ cName := "container3" |
|
| 444 |
+ out, err = s.d.Cmd("run", "-d", "--net", network, "--name", cName, "busybox", "top")
|
|
| 445 |
+ c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 446 |
+ cid3 := strings.TrimSpace(out) |
|
| 447 |
+ defer s.d.Cmd("stop", cid3)
|
|
| 448 |
+ |
|
| 449 |
+ // container1 etc/hosts file should contain an entry for the third container |
|
| 450 |
+ hostsPost, err = s.d.Cmd("exec", cid1, "cat", hostsFile)
|
|
| 451 |
+ c.Assert(err, checker.IsNil) |
|
| 452 |
+ c.Assert(string(hostsPost), checker.Contains, cName, |
|
| 453 |
+ check.Commentf("Container 1 %s file does not contain entries for named container %q: %s", hostsFile, cName, string(hostsPost)))
|
|
| 454 |
+ |
|
| 455 |
+ // on container3 disconnect, first container's etc/hosts should go back to original form |
|
| 456 |
+ out, err = s.d.Cmd("network", "disconnect", network, cid3)
|
|
| 457 |
+ c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 458 |
+ |
|
| 459 |
+ hostsPost, err = s.d.Cmd("exec", cid1, "cat", hostsFile)
|
|
| 460 |
+ c.Assert(err, checker.IsNil) |
|
| 461 |
+ c.Assert(string(hosts), checker.Equals, string(hostsPost), |
|
| 462 |
+ check.Commentf("Unexpected %s content after disconnecting from second network", hostsFile))
|
|
| 463 |
+} |