New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

--isolation for setting swarm service isolation mode #426

Merged
merged 2 commits into from Nov 17, 2017

Conversation

@simonferquel
Contributor

simonferquel commented Aug 7, 2017

fixes #414

- What I did
Added --isolation to service create/update and to compose files, to bypass default isolation mode on the host.
- How I did it
Updated dependencies to moby/moby and swarmkit (also had to depend on the logrus mega PR), added the flag in the service update/create cmd, passing the value accordingly
Updated the compose service struct and conversion to ServiceSpec accordingly
- How to verify it
Tests incoming
- Description for the changelog

  • Service creation and update supports --isolation flag (default, process, hyperv) for bypassing default isolation mode on the host
  • Isolation can also be set in compose files using the "isolation" property

Depends on #424

@codecov-io

This comment has been minimized.

Show comment
Hide comment
@codecov-io

codecov-io Aug 8, 2017

Codecov Report

Merging #426 into master will increase coverage by 0.53%.
The diff coverage is 69.23%.

@@            Coverage Diff             @@
##           master     #426      +/-   ##
==========================================
+ Coverage   50.75%   51.28%   +0.53%     
==========================================
  Files         216      216              
  Lines       17730    17743      +13     
==========================================
+ Hits         8998     9099     +101     
+ Misses       8276     8175     -101     
- Partials      456      469      +13

codecov-io commented Aug 8, 2017

Codecov Report

Merging #426 into master will increase coverage by 0.53%.
The diff coverage is 69.23%.

@@            Coverage Diff             @@
##           master     #426      +/-   ##
==========================================
+ Coverage   50.75%   51.28%   +0.53%     
==========================================
  Files         216      216              
  Lines       17730    17743      +13     
==========================================
+ Hits         8998     9099     +101     
+ Misses       8276     8175     -101     
- Partials      456      469      +13
@vdemeester

This comment has been minimized.

Show comment
Hide comment
@vdemeester

vdemeester Aug 22, 2017

Member

@simonferquel can you link PRs in swarmkit and moby related to this feature ? 👼

Member

vdemeester commented Aug 22, 2017

@simonferquel can you link PRs in swarmkit and moby related to this feature ? 👼

@simonferquel

This comment has been minimized.

Show comment
Hide comment
@simonferquel

simonferquel Sep 19, 2017

Contributor

PR on Swarmkit: docker/swarmkit#2342
PR on Moby: moby/moby#34424

Contributor

simonferquel commented Sep 19, 2017

PR on Swarmkit: docker/swarmkit#2342
PR on Moby: moby/moby#34424

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Nov 1, 2017

Member

moby/moby#34424 was merged, so this PR can be worked on again; @simonferquel can you do a rebase/revendor?

Member

thaJeztah commented Nov 1, 2017

moby/moby#34424 was merged, so this PR can be worked on again; @simonferquel can you do a rebase/revendor?

@simonferquel

This comment has been minimized.

Show comment
Hide comment
@simonferquel

simonferquel Nov 2, 2017

Contributor

Requires moby/moby#35382. in the mean time i'll add tests to improve coverage (mainly on update)

Contributor

simonferquel commented Nov 2, 2017

Requires moby/moby#35382. in the mean time i'll add tests to improve coverage (mainly on update)

Show outdated Hide outdated cli/command/service/opts_test.go Outdated
Show outdated Hide outdated cli/command/service/update.go Outdated
assert.Equal(t, container.IsolationProcess, spec.TaskTemplate.ContainerSpec.Isolation)
}
func TestUpdateIsolationInvalid(t *testing.T) {

This comment has been minimized.

@dnephin

dnephin Nov 2, 2017

Collaborator

I think this test needs to call updateService() otherwise it's only testing isolationOpt

@dnephin

dnephin Nov 2, 2017

Collaborator

I think this test needs to call updateService() otherwise it's only testing isolationOpt

This comment has been minimized.

@simonferquel

simonferquel Nov 2, 2017

Contributor

Ok, makes sense, I'll remove the test as opts is already tested and updateService won't be called if flags parsing fails

@simonferquel

simonferquel Nov 2, 2017

Contributor

Ok, makes sense, I'll remove the test as opts is already tested and updateService won't be called if flags parsing fails

Show outdated Hide outdated cli/compose/convert/service.go Outdated
Show outdated Hide outdated cli/compose/convert/service_test.go Outdated
Show outdated Hide outdated cli/compose/convert/service_test.go Outdated
Show outdated Hide outdated cli/command/service/opts.go Outdated
@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Nov 6, 2017

Member

This will also need;

Member

thaJeztah commented Nov 6, 2017

This will also need;

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Nov 8, 2017

Member

Also opened a moby bump in #679, which should bring in the required changes

Member

thaJeztah commented Nov 8, 2017

Also opened a moby bump in #679, which should bring in the required changes

@simonferquel

This comment has been minimized.

Show comment
Hide comment
@simonferquel

simonferquel Nov 14, 2017

Contributor

@thaJeztah sorry for the delay, it has been quite a busy time lately...
I will implement your feedback today.

Contributor

simonferquel commented Nov 14, 2017

@thaJeztah sorry for the delay, it has been quite a busy time lately...
I will implement your feedback today.

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Nov 14, 2017

Member

Thanks!

Member

thaJeztah commented Nov 14, 2017

Thanks!

@simonferquel simonferquel requested review from albers and mistyhacks as code owners Nov 14, 2017

@mistyhacks mistyhacks requested a review from gbarr01 Nov 14, 2017

Show outdated Hide outdated docs/reference/commandline/service_create.md Outdated
Show outdated Hide outdated docs/reference/commandline/service_create.md Outdated
@thaJeztah

Left some comments 😄

Show outdated Hide outdated cli/command/service/opts.go Outdated
Show outdated Hide outdated cli/compose/schema/schema_test.go Outdated
Show outdated Hide outdated docs/reference/commandline/service_create.md Outdated
Show outdated Hide outdated contrib/completion/zsh/_docker Outdated
Show outdated Hide outdated docs/reference/commandline/service_create.md Outdated
Show outdated Hide outdated docs/reference/commandline/service_create.md Outdated
Show outdated Hide outdated docs/reference/commandline/service_create.md Outdated
Show outdated Hide outdated docs/reference/commandline/service_create.md Outdated
Show outdated Hide outdated vendor.conf Outdated
Show outdated Hide outdated cli/command/service/opts.go Outdated
@albers

Thanks for also taking care for the completions.
Please adjust the changes to the existing completions for run --isolation and build --isolation, see review comments. If you think this is out of scope for a go developer, I can take over bash completion, just let me know.

@@ -3305,6 +3305,7 @@ _docker_service_update_and_create() {
--health-start-period
--health-timeout
--hostname
--isolation

This comment has been minimized.

@albers

albers Nov 15, 2017

Member

This option is Windows-specific. There is a way to selectively add the completion only when run against a daemon running on Windows, see https://github.com/docker/cli/blob/master/contrib/completion/bash/docker#L2456-L2458.

@albers

albers Nov 15, 2017

Member

This option is Windows-specific. There is a way to selectively add the completion only when run against a daemon running on Windows, see https://github.com/docker/cli/blob/master/contrib/completion/bash/docker#L2456-L2458.

This comment has been minimized.

@simonferquel

simonferquel Nov 15, 2017

Contributor

It is not: Your swarm master can be running Linux, but your cluster might contain Windows nodes and thus accept services with isolation set.

@simonferquel

simonferquel Nov 15, 2017

Contributor

It is not: Your swarm master can be running Linux, but your cluster might contain Windows nodes and thus accept services with isolation set.

This comment has been minimized.

@albers

albers Nov 15, 2017

Member

Ah yes, you're right.

@albers

albers Nov 15, 2017

Member

Ah yes, you're right.

This comment has been minimized.

@thaJeztah

thaJeztah Nov 15, 2017

Member

Ah, that keeps tripping me up as well 😅

@thaJeztah

thaJeztah Nov 15, 2017

Member

Ah, that keeps tripping me up as well 😅

Show outdated Hide outdated contrib/completion/bash/docker Outdated
@simonferquel

This comment has been minimized.

Show comment
Hide comment
@simonferquel

simonferquel Nov 15, 2017

Contributor

@albers completion for build and run is out of scope of this PR (this one is about isolation setting at the service level, completion scripts being a part of the whole lot). I'd prefer not to pollute this PR with that.

Contributor

simonferquel commented Nov 15, 2017

@albers completion for build and run is out of scope of this PR (this one is about isolation setting at the service level, completion scripts being a part of the whole lot). I'd prefer not to pollute this PR with that.

@albers

albers approved these changes Nov 15, 2017

Bash completion LGTM, thanks.

@albers completion for build and run is out of scope of this PR (this one is about isolation setting at the service level, completion scripts being a part of the whole lot). I'd prefer not to pollute this PR with that.

There seems to be a misunderstanding. I just mentioned the completions for build and run as examples how the completion for service create should look. I did not want you to touch them. Anyway, it's perfect now.

Show outdated Hide outdated cli/command/service/opts.go Outdated
@thaJeztah

one question, but otherwise I think this is ready to go after squashing

@simonferquel

This comment has been minimized.

Show comment
Hide comment
@simonferquel

simonferquel Nov 16, 2017

Contributor

Squashed & rebased

Contributor

simonferquel commented Nov 16, 2017

Squashed & rebased

Show outdated Hide outdated cli/compose/loader/loader.go Outdated
@thaJeztah

LGTM, thanks!

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah
Member

thaJeztah commented Nov 16, 2017

ping @vdemeester @dnephin PTAL

@dnephin

Just one small issue with the Compose support, otherwise looks good

Show outdated Hide outdated cli/command/service/opts.go Outdated
Show outdated Hide outdated cli/compose/types/types.go Outdated
@simonferquel

This comment has been minimized.

Show comment
Hide comment
@simonferquel

simonferquel Nov 17, 2017

Contributor

@dnephin I just reverted service options to use plain string type for isolation, and modified compose types to remove all traces of validation (removing transformIsolation). Should be ok now.

Contributor

simonferquel commented Nov 17, 2017

@dnephin I just reverted service options to use plain string type for isolation, and modified compose types to remove all traces of validation (removing transformIsolation). Should be ok now.

@simonferquel

This comment has been minimized.

Show comment
Hide comment
@simonferquel

simonferquel Nov 17, 2017

Contributor

Good catch @thaJeztah , fixed :)

Contributor

simonferquel commented Nov 17, 2017

Good catch @thaJeztah , fixed :)

@thaJeztah

still LGTM

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Nov 17, 2017

Member

Oh, actually; dang, test is failing:

--- FAIL: TestLoadV35 (0.00s)
	Error Trace:	loader_test.go:1473
	Error:      	Not equal: 
	            	expected: container.Isolation("process")
	            	received: string("process")
=== RUN   TestLoadV35InvalidIsolation
--- FAIL: TestLoadV35InvalidIsolation (0.00s)
	Error Trace:	loader_test.go:1490
	Error:      	Not equal: 
	            	expected: container.Isolation("invalid")
	            	received: string("invalid")
Member

thaJeztah commented Nov 17, 2017

Oh, actually; dang, test is failing:

--- FAIL: TestLoadV35 (0.00s)
	Error Trace:	loader_test.go:1473
	Error:      	Not equal: 
	            	expected: container.Isolation("process")
	            	received: string("process")
=== RUN   TestLoadV35InvalidIsolation
--- FAIL: TestLoadV35InvalidIsolation (0.00s)
	Error Trace:	loader_test.go:1490
	Error:      	Not equal: 
	            	expected: container.Isolation("invalid")
	            	received: string("invalid")
@@ -0,0 +1,544 @@
{

This comment has been minimized.

@thaJeztah

thaJeztah Nov 17, 2017

Member

Wondering what we did previous times when adding a new version; perhaps it's cleaner if there were two commits; one that adds a "pristine" compose 3.5 (exact copy of 3.4), and one commit that adds your changes

@thaJeztah

thaJeztah Nov 17, 2017

Member

Wondering what we did previous times when adding a new version; perhaps it's cleaner if there were two commits; one that adds a "pristine" compose 3.5 (exact copy of 3.4), and one commit that adds your changes

simonferquel added some commits Nov 17, 2017

Preparing for compose schema v3.5
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
Add isolation mode on service update/create and compose files
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
@vdemeester

LGTM 🐮

@vdemeester vdemeester merged commit 5e2be65 into docker:master Nov 17, 2017

8 checks passed

ci/circleci: cross Your tests passed on CircleCI!
Details
ci/circleci: lint Your tests passed on CircleCI!
Details
ci/circleci: shellcheck Your tests passed on CircleCI!
Details
ci/circleci: test Your tests passed on CircleCI!
Details
ci/circleci: validate Your tests passed on CircleCI!
Details
codecov/patch 69.23% of diff hit (target 50%)
Details
codecov/project 51.28% (+0.53%) compared to d981bfa
Details
dco-signed All commits are signed

@GordonTheTurtle GordonTheTurtle added this to the 17.12.0 milestone Nov 17, 2017

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Nov 17, 2017

Member

🍪

Member

thaJeztah commented Nov 17, 2017

🍪

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment