NetworkMode overwrites NetworkingConfig and cannot be omitted #2557
Comments
|
@hmahmood please triage. including it in Hardening sprint until more info is known. |
|
Looks like |
|
Targeted for hardening sprint by 10/21 |
|
@hmahmood , @mdubya66 it also looks like having the # create a network
curl --insecure --cert cert.pem --key key.pem -H "Content-Type: application/json" -d '{"Name": "alp-network"}' https://$IP:2376/networks/create
# create a container with NetworkMode set to bridge
curl --insecure --cert cert.pem --key key.pem -H "Content-Type: application/json" -d '{"Image": "alpine", "Cmd": ["ping", "127.0.0.1"], "NetworkMode": "bridge" }' https://$IP:2376/containers/create?name=test-alp-1
# start the container
curl --insecure --cert cert.pem --key key.pem -H "Content-Type: application/json" -X POST https://$IP:2376/containers/test-alp-1/start
# try to connect the container to the network
curl --insecure --cert cert.pem --key key.pem -H "Content-Type: application/json" -d '{"Container": "test-alp-1"}' https://$IP:2376/networks/alp-network/connect
# inspect networks
docker --tls network inspect alp-network
[
{
"Name": "alp-network",
"Id": "b9d960e7862bbe63e1a7cbdc0cc347758d192f16aae46e61be57886331d7ca61",
"Scope": "",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "",
"Options": {},
"Config": [
{
"Subnet": "172.24.0.0/16",
"Gateway": "172.24.0.1"
}
]
},
"Internal": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
docker --tls network inspect bridge
[
{
"Name": "bridge",
"Id": "00bf5a88c2e174545e39f738b6004c478c328338b6d45b0a67cef5d1f0e5552a",
"Scope": "",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "",
"Options": {},
"Config": [
{
"Subnet": "172.16.0.0/16",
"Gateway": "172.16.0.1"
}
]
},
"Internal": false,
"Containers": {
"573b7972c6d7920f6ecad37c9d47e62714bf53928aa1b8769055261f7498ab16": {
"Name": "test-alp-1",
"EndpointID": "573b7972c6d7920f6ecad37c9d47e62714bf53928aa1b8769055261f7498ab16",
"MacAddress": "",
"IPv4Address": "172.16.0.2/16",
"IPv6Address": ""
},
"84e3f7b54bff6f6abe1c300ebcd35d0187f3314756be0c35c70684f2ef57e11c": {
"Name": "mysql-mcm882_24166287599",
"EndpointID": "84e3f7b54bff6f6abe1c300ebcd35d0187f3314756be0c35c70684f2ef57e11c",
"MacAddress": "",
"IPv4Address": "172.16.0.3/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]The same code on docker host will have the |
|
@hmahmood, thanks for the update. I have confirmed that |
|
@jzt @shadjiiski @andrewtchin @hmahmood Due to https://github.com/vmware/vic/blob/master/lib/apiservers/engine/backends/container.go#L1342 so this rest api call does not work on vic (but it still works on regular docker). We need to explicitly specify the "HostConfig" in the form data, e.g. I think either (1) we should change the code such that an empty HostConfig is created with default values if not specified in the form-data, or (2) we just ask the customer to include HostConfig in their form data for the rest api calls. |
|
@chengwang86 I think it would be simple enough (and appropriate) to update our docker persona to provide a default |
|
This issue should be fixed after merging #3700 and fixing #3709. Then the only difference with regular docker is: our networkConfig would override networkmode, so the "networkmode" under vic becomes "alp-network" in all the four cases, whereas on regular docker the "networkmode" could still be "default" in case 2 and "bridge" in case 4. |
mdubya66
added
source/customer
…CreateConfig. This is needed when the client request is sent via docker rest api call without specifying HostConfig in the form data. See examples in vmware#2557. This fixes vmware#2557 and vmware#3709.
…CreateConfig. This is needed when the client request is sent via docker rest api call without specifying HostConfig in the form data. See examples in vmware#2557. This fixes vmware#2557 and vmware#3709.
…CreateConfig. This is needed when the client request is sent via docker rest api call without specifying HostConfig in the form data. See examples in vmware#2557. This fixes vmware#2557 and vmware#3709.
…CreateConfig. This is needed when the client request is sent via docker rest api call without specifying HostConfig in the form data. See examples in vmware#2557. This fixes vmware#2557 and vmware#3709.
|
@chengwang86 Can you please add a test to the PR for this case? |
…CreateConfig. This is needed when the client request is sent via docker rest api call without specifying HostConfig in the form data. See examples in vmware#2557. This fixes vmware#2557 and vmware#3709.
…CreateConfig. This is needed when the client request is sent via docker rest api call without specifying HostConfig in the form data. See examples in vmware#2557. This fixes vmware#2557 and vmware#3709.
… is nil when validating ContainerCreateConfig (#3831) * Add default (empty) HostConfig if it is nil when validating ContainerCreateConfig. This is needed when the client request is sent via docker rest api call without specifying HostConfig in the form data. See examples in #2557. This fixes #2557 and #3709. * move the validity check of config.Config to the beginning * Add a test for the scenario where the form data of the rest api call does not contain a HostConfig * correct test * change "Log To Console" to "Log"
I am trying to create a network via docker remote API on VIC and also attach some containers to this network during the network creation. In docker, there are two ways to achieve this: the old one is specifying the name of the network as a value for the NetworkMode property and the new one is providing a NetworkingConfig. These are also available on VIC, but there are a few major differences from traditional docker:
NetworkMode: bridge, it doesn't matter what networks I will specify in the NetworkingConfig, they will be ignored and the container will be attached to the bridge network onlyNetworkMode: nullis the same as providingNetworkMode: bridgeVIC Version: Jfrog bintray build 5316
Code on Docker
Code on VIC
Expected behavior:
4 containers, created, then started, all of them connected to the created
alp-network. This is the output of thedocker network inspectcommand on Docker host:docker network inspect alp-network [ { "Name": "alp-network", "Id": "ac7ffb0ce6dd980f283917e0fa5d362c07fb7a85b48cef303274af9f7bd1196e", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.18.0.0/16", "Gateway": "172.18.0.1/16" } ] }, "Internal": false, "Containers": { "1b1a163eb303ba476aecce876c02c8798b73ebdc9f890032c8b3a991ef8ef01f": { "Name": "alp-4", "EndpointID": "93cb10f3bd2a825a913a37c0f0f6f7fff86f2371e10c95d6d603bcb1b8780bb8", "MacAddress": "02:42:ac:12:00:05", "IPv4Address": "172.18.0.5/16", "IPv6Address": "" }, "35eba84af142580fb7ba0b61e8e09e5e8d98f44953ccf6429467509dd6c2c54c": { "Name": "test-alp-1", "EndpointID": "0645749ac7a4ddfc92b437826a500996797a380fbdc573c596a91f6d689736df", "MacAddress": "02:42:ac:12:00:02", "IPv4Address": "172.18.0.2/16", "IPv6Address": "" }, "dcd6d8283a3ebc011a1ae82563723143f5b78faafeaf9c7b0702bdcc94231c7a": { "Name": "test-alp-2", "EndpointID": "b849ae57568544621382ad701aed3309c54e7f08937a531770058f0b88dea591", "MacAddress": "02:42:ac:12:00:03", "IPv4Address": "172.18.0.3/16", "IPv6Address": "" }, "f3ef93d4229b7514b07dc7da20bab1653dae0b9b24bfb7707ab644d15782562e": { "Name": "test-alp-3", "EndpointID": "01ecc716d49ecc7a9b3192c871c790f110538f9cd85265f033f34f616d255985", "MacAddress": "02:42:ac:12:00:04", "IPv4Address": "172.18.0.4/16", "IPv6Address": "" } }, "Options": {}, "Labels": {} } ]Actual behavior:
Only three containers are created (alp-2 creation failed), only two of them are connected to the created network, the last one is connected to bridge:
The text was updated successfully, but these errors were encountered: