Avoid errors: ip conflict and ip address already in use #8445
Conversation
|
we should run a full CI see if this breaks some tests, thanks. |
yuyangbj
force-pushed
the
networking-issue
branch
from
6ec8b2e to
4e6a4ab
Compare
| @@ -161,6 +161,7 @@ func (s *Scope) reserveEndpointIP(e *Endpoint) error { | |||
| e.ip = eip | |||
| return nil | |||
| } | |||
| err = fmt.Errorf("No available IP address in current network %s", s.name) | |||
There was a problem hiding this comment.
What is the reason to throw a new error here?
| @@ -1096,13 +1096,14 @@ func (c *ContainerBackend) containerStart(op trace.Operation, name string, hostC | |||
| handle = bindRes.Payload.Handle | |||
| endpoints = bindRes.Payload.Endpoints | |||
|
|
|||
| // due to issue 8405, 7128 and 8052, we will not clear out assigned IP address besides container is removed | |||
There was a problem hiding this comment.
This unbind() happens during error, so we should keep the undo here?
There was a problem hiding this comment.
I assume here we have assigned an IP address here, so we do not release the IP address even though it is not started.
There was a problem hiding this comment.
Since each exited container would keep an IP, should we inform users to reap exited containers to avoid ip exhausting?
There was a problem hiding this comment.
We inform users when there is no available ip, see line 164
| @@ -1263,7 +1264,7 @@ func (c *ContainerBackend) containerStop(op trace.Operation, name string, second | |||
| } | |||
|
|
|||
| operation := func() error { | |||
| return c.containerProxy.Stop(op, vc, name, seconds, true) | |||
| return c.containerProxy.Stop(op, vc, name, seconds, false) | |||
There was a problem hiding this comment.
What is logic from true -> false here?
There was a problem hiding this comment.
It is using to determine if we need to call unbindContainer.
yuyangbj
force-pushed
the
networking-issue
branch
8 times, most recently
from
a9180b8 to
2cf9a22
Compare
| @@ -1412,6 +1412,71 @@ func (c *Context) deleteScope(s *Scope) { | |||
| delete(c.scopes, s.Name()) | |||
| } | |||
|
|
|||
| func (c *Context) UpdateContainerNameInScope(h *exec.Handle) error { | |||
There was a problem hiding this comment.
Please add some comments about this api
| // name | ||
| c.containers[h.ExecConfig.Name] = con | ||
| // aliases | ||
| for k, v := range newAliases { |
There was a problem hiding this comment.
Since c.removeAliases is invoked in line 1455, there is no need to check if con exists or not in the for loop?
| @@ -1412,6 +1412,71 @@ func (c *Context) deleteScope(s *Scope) { | |||
| delete(c.scopes, s.Name()) | |||
| } | |||
|
|
|||
| func (c *Context) UpdateContainerNameInScope(h *exec.Handle) error { | |||
There was a problem hiding this comment.
Per discussion, please remove stop/start containers in the rename test case.
| @@ -513,6 +516,7 @@ func (handler *ContainersHandlersImpl) RenameContainerHandler(params containers. | |||
| } | |||
|
|
|||
| h = h.Rename(op, params.Name) | |||
| handler.netCtx.UpdateContainerNameInScope(h) | |||
There was a problem hiding this comment.
Are there any other cases to call this UpdateContainerNameInScope function besides h.Rename?
There was a problem hiding this comment.
No, this is a new method for rename ops.
If the container VM is operated from vSphere client, in some cases VIC will allocate duplicate IP address for cVMs. For example: when the first cVM is poweroff from VC, the assigned IP address will be released, but the guestinfo is still saving the assigned IP address for VC HA or migration functionality; the second cVM will be assigned the first cVM ip address, when the first cVM is powered on from VC, these two cVMs are using same IP address. Another related error scenario is the docker network inspect will not show container endpoint if cVM is powered on from vSphere.
yuyangbj
force-pushed
the
networking-issue
branch
from
2cf9a22 to
0d71696
Compare
If the container VM is operated from vSphere client, in some cases
VIC will allocate duplicate IP address for cVMs. For example: when
the first cVM is poweroff from VC, the assigned IP address will be
released, but the guestinfo is still saving the assigned IP address
for VC HA or migration functionality; the second cVM will be assigned
the first cVM ip address, when the first cVM is powered on from VC,
these two cVMs are using same IP address.
Another related error scenario is the docker network inspect will not
show container endpoint if cVM is powered on from vSphere.
[full ci]
Fixes #8405 #7128 #8052