Browse Source

sysutils/docker-engine: Remove IPTables and disable bridge driver

master
Bernhard Fröhlich 2 months ago
parent
commit
b26181b5b4
Signed by: Bernhard Froehlich <decke@bluelife.at> GPG Key ID: 4DD88C3F9F3B8333

+ 23
- 13
sysutils/docker-engine/TODO View File

@@ -2,25 +2,35 @@
vendor/github.com/containerd/cgroups/memory.go:179:33: undefined: unix.SYS_EVENTFD2
vendor/github.com/containerd/cgroups/memory.go:179:55: undefined: unix.EFD_CLOEXEC

# github.com/docker/docker/vendor/github.com/docker/libnetwork/iptables
vendor/github.com/docker/libnetwork/iptables/conntrack.go:19:35: undefined: syscall.NETLINK_NETFILTER
vendor/github.com/docker/libnetwork/iptables/conntrack.go:57:8: filter.AddIP undefined (type *netlink.ConntrackFilter has no field or method AddIP)
vendor/github.com/docker/libnetwork/iptables/conntrack.go:57:15: undefined: netlink.ConntrackNatAnyIP
vendor/github.com/docker/libnetwork/iptables/conntrack.go:58:35: undefined: netlink.ConntrackTable

# github.com/docker/docker/daemon/graphdriver/zfs
daemon/graphdriver/zfs/zfs.go:417:37: undefined: unix.MNT_DETACH

# github.com/docker/docker/vendor/github.com/docker/libnetwork
vendor/github.com/docker/libnetwork/agent.go:448:25: n.getController().getLBIndex undefined (type *controller has no field or method getLBIndex)
vendor/github.com/docker/libnetwork/agent.go:633:32: too many arguments in call to c.addServiceBinding
have (string, string, string, string, string, net.IP, []*PortConfig, []string, []string, net.IP, string)
want (string, string, string, string, net.IP, []*PortConfig, []string, net.IP)
vendor/github.com/docker/libnetwork/agent.go:638:14: c.addContainerNameResolution undefined (type *controller has no field or method addContainerNameResolution)
vendor/github.com/docker/libnetwork/agent.go:719:32: too many arguments in call to c.rmServiceBinding
have (string, string, string, string, string, net.IP, []*PortConfig, []string, []string, net.IP, string, bool, bool)
want (string, string, string, string, net.IP, []*PortConfig, []string, net.IP)
vendor/github.com/docker/libnetwork/agent.go:724:15: c.delContainerNameResolution undefined (type *controller has no field or method delContainerNameResolution)
vendor/github.com/docker/libnetwork/agent.go:939:33: too many arguments in call to c.addServiceBinding
have (string, string, string, string, string, net.IP, []*PortConfig, []string, []string, net.IP, string)
want (string, string, string, string, net.IP, []*PortConfig, []string, net.IP)
vendor/github.com/docker/libnetwork/agent.go:945:15: c.addContainerNameResolution undefined (type *controller has no field or method addContainerNameResolution)
vendor/github.com/docker/libnetwork/agent.go:954:32: too many arguments in call to c.rmServiceBinding
have (string, string, string, string, string, net.IP, []*PortConfig, []string, []string, net.IP, string, bool, bool)
want (string, string, string, string, net.IP, []*PortConfig, []string, net.IP)
vendor/github.com/docker/libnetwork/agent.go:960:15: c.delContainerNameResolution undefined (type *controller has no field or method delContainerNameResolution)
vendor/github.com/docker/libnetwork/agent.go:973:31: too many arguments in call to c.rmServiceBinding
have (string, string, string, string, string, net.IP, []*PortConfig, []string, []string, net.IP, string, bool, bool)
want (string, string, string, string, net.IP, []*PortConfig, []string, net.IP)
vendor/github.com/docker/libnetwork/agent.go:973:31: too many errors

# github.com/docker/docker/vendor/github.com/opencontainers/runc/libcontainer/configs
vendor/github.com/opencontainers/runc/libcontainer/configs/config.go:128:11: undefined: Cgroup

# github.com/docker/docker/libcontainerd/supervisor
libcontainerd/supervisor/remote_daemon.go:84:3: r.setDefaults undefined (type *remote has no field or method setDefaults)
libcontainerd/supervisor/remote_daemon.go:193:20: undefined: containerdSysProcAttr
libcontainerd/supervisor/remote_daemon.go:239:5: r.stopDaemon undefined (type *remote has no field or method stopDaemon)
libcontainerd/supervisor/remote_daemon.go:245:4: r.platformCleanup undefined (type *remote has no field or method platformCleanup)
libcontainerd/supervisor/remote_daemon.go:320:5: r.killDaemon undefined (type *remote has no field or method killDaemon)

# github.com/docker/docker/daemon/stats
daemon/stats/collector_unix.go:22:33: undefined: system.GetClockTicks


+ 157
- 0
sysutils/docker-engine/files/patch-daemon_daemon__unix.go View File

@@ -0,0 +1,157 @@
--- daemon/daemon_unix.go.orig 2019-06-18 21:30:11 UTC
+++ daemon/daemon_unix.go
@@ -36,7 +36,7 @@ import (
volumemounts "github.com/docker/docker/volume/mounts"
"github.com/docker/libnetwork"
nwconfig "github.com/docker/libnetwork/config"
- "github.com/docker/libnetwork/drivers/bridge"
+ //"github.com/docker/libnetwork/drivers/bridge"
"github.com/docker/libnetwork/netlabel"
"github.com/docker/libnetwork/netutils"
"github.com/docker/libnetwork/options"
@@ -910,143 +910,12 @@ func driverOptions(config *config.Config) []nwconfig.O
}
func initBridgeDriver(controller libnetwork.NetworkController, config *config.Config) error {
- bridgeName := bridge.DefaultBridgeName
- if config.BridgeConfig.Iface != "" {
- bridgeName = config.BridgeConfig.Iface
- }
- netOption := map[string]string{
- bridge.BridgeName: bridgeName,
- bridge.DefaultBridge: strconv.FormatBool(true),
- netlabel.DriverMTU: strconv.Itoa(config.Mtu),
- bridge.EnableIPMasquerade: strconv.FormatBool(config.BridgeConfig.EnableIPMasq),
- bridge.EnableICC: strconv.FormatBool(config.BridgeConfig.InterContainerCommunication),
- }
-
- // --ip processing
- if config.BridgeConfig.DefaultIP != nil {
- netOption[bridge.DefaultBindingIP] = config.BridgeConfig.DefaultIP.String()
- }
-
- var (
- ipamV4Conf *libnetwork.IpamConf
- ipamV6Conf *libnetwork.IpamConf
- )
-
- ipamV4Conf = &libnetwork.IpamConf{AuxAddresses: make(map[string]string)}
-
- nwList, nw6List, err := netutils.ElectInterfaceAddresses(bridgeName)
- if err != nil {
- return errors.Wrap(err, "list bridge addresses failed")
- }
-
- nw := nwList[0]
- if len(nwList) > 1 && config.BridgeConfig.FixedCIDR != "" {
- _, fCIDR, err := net.ParseCIDR(config.BridgeConfig.FixedCIDR)
- if err != nil {
- return errors.Wrap(err, "parse CIDR failed")
- }
- // Iterate through in case there are multiple addresses for the bridge
- for _, entry := range nwList {
- if fCIDR.Contains(entry.IP) {
- nw = entry
- break
- }
- }
- }
-
- ipamV4Conf.PreferredPool = lntypes.GetIPNetCanonical(nw).String()
- hip, _ := lntypes.GetHostPartIP(nw.IP, nw.Mask)
- if hip.IsGlobalUnicast() {
- ipamV4Conf.Gateway = nw.IP.String()
- }
-
- if config.BridgeConfig.IP != "" {
- ipamV4Conf.PreferredPool = config.BridgeConfig.IP
- ip, _, err := net.ParseCIDR(config.BridgeConfig.IP)
- if err != nil {
- return err
- }
- ipamV4Conf.Gateway = ip.String()
- } else if bridgeName == bridge.DefaultBridgeName && ipamV4Conf.PreferredPool != "" {
- logrus.Infof("Default bridge (%s) is assigned with an IP address %s. Daemon option --bip can be used to set a preferred IP address", bridgeName, ipamV4Conf.PreferredPool)
- }
-
- if config.BridgeConfig.FixedCIDR != "" {
- _, fCIDR, err := net.ParseCIDR(config.BridgeConfig.FixedCIDR)
- if err != nil {
- return err
- }
-
- ipamV4Conf.SubPool = fCIDR.String()
- }
-
- if config.BridgeConfig.DefaultGatewayIPv4 != nil {
- ipamV4Conf.AuxAddresses["DefaultGatewayIPv4"] = config.BridgeConfig.DefaultGatewayIPv4.String()
- }
-
- var deferIPv6Alloc bool
- if config.BridgeConfig.FixedCIDRv6 != "" {
- _, fCIDRv6, err := net.ParseCIDR(config.BridgeConfig.FixedCIDRv6)
- if err != nil {
- return err
- }
-
- // In case user has specified the daemon flag --fixed-cidr-v6 and the passed network has
- // at least 48 host bits, we need to guarantee the current behavior where the containers'
- // IPv6 addresses will be constructed based on the containers' interface MAC address.
- // We do so by telling libnetwork to defer the IPv6 address allocation for the endpoints
- // on this network until after the driver has created the endpoint and returned the
- // constructed address. Libnetwork will then reserve this address with the ipam driver.
- ones, _ := fCIDRv6.Mask.Size()
- deferIPv6Alloc = ones <= 80
-
- if ipamV6Conf == nil {
- ipamV6Conf = &libnetwork.IpamConf{AuxAddresses: make(map[string]string)}
- }
- ipamV6Conf.PreferredPool = fCIDRv6.String()
-
- // In case the --fixed-cidr-v6 is specified and the current docker0 bridge IPv6
- // address belongs to the same network, we need to inform libnetwork about it, so
- // that it can be reserved with IPAM and it will not be given away to somebody else
- for _, nw6 := range nw6List {
- if fCIDRv6.Contains(nw6.IP) {
- ipamV6Conf.Gateway = nw6.IP.String()
- break
- }
- }
- }
-
- if config.BridgeConfig.DefaultGatewayIPv6 != nil {
- if ipamV6Conf == nil {
- ipamV6Conf = &libnetwork.IpamConf{AuxAddresses: make(map[string]string)}
- }
- ipamV6Conf.AuxAddresses["DefaultGatewayIPv6"] = config.BridgeConfig.DefaultGatewayIPv6.String()
- }
-
- v4Conf := []*libnetwork.IpamConf{ipamV4Conf}
- v6Conf := []*libnetwork.IpamConf{}
- if ipamV6Conf != nil {
- v6Conf = append(v6Conf, ipamV6Conf)
- }
- // Initialize default network on "bridge" with the same name
- _, err = controller.NewNetwork("bridge", "bridge", "",
- libnetwork.NetworkOptionEnableIPv6(config.BridgeConfig.EnableIPv6),
- libnetwork.NetworkOptionDriverOpts(netOption),
- libnetwork.NetworkOptionIpam("default", "", v4Conf, v6Conf, nil),
- libnetwork.NetworkOptionDeferIPv6Alloc(deferIPv6Alloc))
- if err != nil {
- return fmt.Errorf("Error creating default \"bridge\" network: %v", err)
- }
- return nil
+ return fmt.Errorf("Bridge network driver not supported on FreeBSD (yet)")
}
// Remove default bridge interface if present (--bridge=none use case)
func removeDefaultBridgeInterface() {
- if lnk, err := netlink.LinkByName(bridge.DefaultBridgeName); err == nil {
- if err := netlink.LinkDel(lnk); err != nil {
- logrus.Warnf("Failed to remove bridge interface (%s): %v", bridge.DefaultBridgeName, err)
- }
- }
+ return fmt.Errorf("Bridge network driver not supported on FreeBSD (yet)")
}
func setupInitLayer(idMapping *idtools.IdentityMapping) func(containerfs.ContainerFS) error {

+ 4
- 19
sysutils/docker-engine/files/patch-vendor_github.com_docker_libnetwork_portmapper_mapper__freebsd.go View File

@@ -1,13 +1,12 @@
--- vendor/github.com/docker/libnetwork/portmapper/mapper_freebsd.go.orig 2019-06-24 18:17:58 UTC
--- vendor/github.com/docker/libnetwork/portmapper/mapper_freebsd.go.orig 2019-06-24 18:33:51 UTC
+++ vendor/github.com/docker/libnetwork/portmapper/mapper_freebsd.go
@@ -0,0 +1,46 @@
@@ -0,0 +1,31 @@
+package portmapper
+
+import (
+ "net"
+ "sync"
+
+ "github.com/docker/libnetwork/iptables"
+ "github.com/docker/libnetwork/portallocator"
+)
+
@@ -22,28 +21,14 @@
+ proxyPath string
+
+ Allocator *portallocator.PortAllocator
+ chain *iptables.ChainInfo
+}
+
+// SetIptablesChain sets the specified chain into portmapper
+func (pm *PortMapper) SetIptablesChain(c *iptables.ChainInfo, bridgeName string) {
+ pm.chain = c
+ pm.bridgeName = bridgeName
+}
+
+// AppendForwardingTableEntry adds a port mapping to the forwarding table
+func (pm *PortMapper) AppendForwardingTableEntry(proto string, sourceIP net.IP, sourcePort int, containerIP string, containerPort int) error {
+ return pm.forward(iptables.Append, proto, sourceIP, sourcePort, containerIP, containerPort)
+ return nil
+}
+
+// DeleteForwardingTableEntry removes a port mapping from the forwarding table
+func (pm *PortMapper) DeleteForwardingTableEntry(proto string, sourceIP net.IP, sourcePort int, containerIP string, containerPort int) error {
+ return pm.forward(iptables.Delete, proto, sourceIP, sourcePort, containerIP, containerPort)
+}
+
+func (pm *PortMapper) forward(action iptables.Action, proto string, sourceIP net.IP, sourcePort int, containerIP string, containerPort int) error {
+ if pm.chain == nil {
+ return nil
+ }
+ return pm.chain.Forward(action, sourceIP, sourcePort, proto, containerIP, containerPort, pm.bridgeName)
+ return nil
+}

+ 15
- 0
sysutils/docker-engine/files/patch-vendor_github.com_docker_libnetwork_resolver__freebsd.go View File

@@ -0,0 +1,15 @@
--- vendor/github.com/docker/libnetwork/resolver_freebsd.go.orig 2019-06-24 19:16:48 UTC
+++ vendor/github.com/docker/libnetwork/resolver_freebsd.go
@@ -0,0 +1,12 @@
+package libnetwork
+
+import (
+ "fmt"
+)
+
+func init() {
+}
+
+func (r *resolver) setupIPTable() error {
+ return fmt.Errorf("IPTables not supported on FreeBSD")
+}

+ 8
- 0
sysutils/docker-engine/files/patch-vendor_github.com_docker_libnetwork_resolver__unix.go View File

@@ -0,0 +1,8 @@
--- vendor/github.com/docker/libnetwork/resolver_unix.go.orig 2019-06-18 21:30:11 UTC
+++ vendor/github.com/docker/libnetwork/resolver_unix.go
@@ -1,4 +1,4 @@
-// +build !windows
+// +build !freebsd
package libnetwork

+ 23
- 0
sysutils/docker-engine/files/patch-vendor_github.com_docker_swarmkit_node_node.go View File

@@ -0,0 +1,23 @@
--- vendor/github.com/docker/swarmkit/node/node.go.orig 2019-06-18 21:30:11 UTC
+++ vendor/github.com/docker/swarmkit/node/node.go
@@ -20,7 +20,6 @@ import (
"github.com/docker/docker/pkg/plugingetter"
"github.com/docker/go-metrics"
- "github.com/docker/libnetwork/drivers/overlay/overlayutils"
"github.com/docker/swarmkit/agent"
"github.com/docker/swarmkit/agent/exec"
"github.com/docker/swarmkit/api"
@@ -273,11 +272,7 @@ func (n *Node) currentRole() api.NodeRole {
// configVXLANUDPPort sets vxlan port in libnetwork
func configVXLANUDPPort(ctx context.Context, vxlanUDPPort uint32) {
- if err := overlayutils.ConfigVXLANUDPPort(vxlanUDPPort); err != nil {
- log.G(ctx).WithError(err).Error("failed to configure VXLAN UDP port")
- return
- }
- logrus.Infof("initialized VXLAN UDP port to %d ", vxlanUDPPort)
+ logrus.Infof("VXLAN UDP not supported on FreeBSD")
}
func (n *Node) run(ctx context.Context) (err error) {

Loading…
Cancel
Save