Browse code
Display a warn message when there is binding ports and net mode is host
When a container is created if "--network" is set to "host" all the
ports in the container are bound to the host.
Thus, adding "-p" or "--publish" to the command-line is meaningless.
Unlike "docker run" and "docker create", "docker service create" sends
an error message when network mode is host and port bindings are given
This patch however suggests to send a warning message to the client when
such a case occurs.
The warning message is added to "warnings" which are returned from
"verifyPlatformContainerSettings".
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
Boaz Shuster authored on 2017/11/15 23:44:49Showing 2 changed files
| ... | ... |
@@ -333,6 +333,16 @@ func (daemon *Daemon) verifyContainerSettings(platform string, hostConfig *conta |
| 333 | 333 |
return nil, errors.Errorf("invalid isolation '%s' on %s", hostConfig.Isolation, runtime.GOOS)
|
| 334 | 334 |
} |
| 335 | 335 |
|
| 336 |
+ var ( |
|
| 337 |
+ err error |
|
| 338 |
+ warnings []string |
|
| 339 |
+ ) |
|
| 336 | 340 |
// Now do platform-specific verification |
| 337 |
- return verifyPlatformContainerSettings(daemon, hostConfig, config, update) |
|
| 341 |
+ if warnings, err = verifyPlatformContainerSettings(daemon, hostConfig, config, update); err != nil {
|
|
| 342 |
+ return warnings, err |
|
| 343 |
+ } |
|
| 344 |
+ if hostConfig.NetworkMode.IsHost() && len(hostConfig.PortBindings) > 0 {
|
|
| 345 |
+ warnings = append(warnings, "Published ports are discarded when using host network mode") |
|
| 346 |
+ } |
|
| 347 |
+ return warnings, err |
|
| 338 | 348 |
} |
| 339 | 349 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,44 @@ |
| 0 |
+// +build linux freebsd |
|
| 1 |
+ |
|
| 2 |
+package daemon |
|
| 3 |
+ |
|
| 4 |
+import ( |
|
| 5 |
+ "testing" |
|
| 6 |
+ |
|
| 7 |
+ "github.com/docker/docker/api/types" |
|
| 8 |
+ containertypes "github.com/docker/docker/api/types/container" |
|
| 9 |
+ "github.com/docker/docker/daemon/config" |
|
| 10 |
+ "github.com/docker/go-connections/nat" |
|
| 11 |
+ "github.com/stretchr/testify/require" |
|
| 12 |
+) |
|
| 13 |
+ |
|
| 14 |
+// TestContainerWarningHostAndPublishPorts that a warning is returned when setting network mode to host and specifying published ports. |
|
| 15 |
+// This should not be tested on Windows because Windows doesn't support "host" network mode. |
|
| 16 |
+func TestContainerWarningHostAndPublishPorts(t *testing.T) {
|
|
| 17 |
+ testCases := []struct {
|
|
| 18 |
+ ports nat.PortMap |
|
| 19 |
+ warnings []string |
|
| 20 |
+ }{
|
|
| 21 |
+ {ports: nat.PortMap{}},
|
|
| 22 |
+ {ports: nat.PortMap{
|
|
| 23 |
+ "8080": []nat.PortBinding{{HostPort: "8989"}},
|
|
| 24 |
+ }, warnings: []string{"Published ports are discarded when using host network mode"}},
|
|
| 25 |
+ } |
|
| 26 |
+ |
|
| 27 |
+ for _, tc := range testCases {
|
|
| 28 |
+ hostConfig := &containertypes.HostConfig{
|
|
| 29 |
+ Runtime: "runc", |
|
| 30 |
+ NetworkMode: "host", |
|
| 31 |
+ PortBindings: tc.ports, |
|
| 32 |
+ } |
|
| 33 |
+ cs := &config.Config{
|
|
| 34 |
+ CommonUnixConfig: config.CommonUnixConfig{
|
|
| 35 |
+ Runtimes: map[string]types.Runtime{"runc": {}},
|
|
| 36 |
+ }, |
|
| 37 |
+ } |
|
| 38 |
+ d := &Daemon{configStore: cs}
|
|
| 39 |
+ wrns, err := d.verifyContainerSettings("", hostConfig, &containertypes.Config{}, false)
|
|
| 40 |
+ require.NoError(t, err) |
|
| 41 |
+ require.Equal(t, tc.warnings, wrns) |
|
| 42 |
+ } |
|
| 43 |
+} |