New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ports can be leaked when using host publishing mode for a service #33761

Closed
pradipd opened this Issue Jun 21, 2017 · 3 comments

Comments

Projects
None yet
5 participants
@pradipd
Contributor

pradipd commented Jun 21, 2017

Description
Ports can be leaked when using host publishing mode for a service.
If the if condition on Line 72 (https://github.com/docker/swarmkit/blob/master/manager/scheduler/nodeinfo.go#L72)
is true, then we exit removeTask without deleting the port from nodeInfo.usedHostPorts (Line 86).

Steps to reproduce the issue:
Note: I have only validated this repros on Windows. I can try linux later.

  1. docker swarm init --advertise-addr
  2. docker service create --name iis_1 --mode global --endpoint-mode dnsrr --publish mode=host,target=80,published=80 iis-site
  3. docker service rm iis_1
  4. docker service create --name iis_1 --mode global --endpoint-mode dnsrr --publish mode=host,target=80,published=80 iis-site

Describe the results you received:
Service doesn't start.
Docker inspect shows:
host-mode port already in use on 1 node

Describe the results you expected:
Service is successfully started.

Additional information you deem important (e.g. issue happens only occasionally):
I have only tried this on windows. Have not tried on linux.

Output of docker version:
I'm using latest (or close to latest) master.
Server:
Version: 17.06.0-dev
API version: 1.31 (minimum version 1.24)
Go version: go1.8.3
Git commit: 630b9a4-unsupported
Built: 06/20/2017 19:08:59
OS/Arch: windows/amd64
Experimental: false

Output of docker info:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 6
Server Version: 17.06.0-dev
Storage Driver: windowsfilter
Windows:
Logging Driver: json-file
Plugins:
Volume: local
Network: l2bridge l2tunnel nat null overlay transparent
Log: awslogs etwlogs fluentd json-file logentries splunk syslog
Swarm: active
NodeID: 8rzw06i66nplugide0gp8owrz
Is Manager: true
ClusterID: r9bwm4wavfs042lpurih8zwkj
Managers: 1
Nodes: 1
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 3
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Root Rotation In Progress: false
Node Address: 10.137.196.224
Manager Addresses:
10.137.196.224:2377
Default Isolation: process
Kernel Version: 10.0 16221 (16221.1000.amd64fre.rs_onecore_stack_sdn_dev1.170612-1700)
Operating System: Windows Server 2016 Standard
OSType: windows
Architecture: x86_64
CPUs: 12
Total Memory: 1.999GiB
Name: STSTAIR-EMJ7ORE
ID: AGWX:R2YA:QQC6:TU2U:5DYI:TJHN:3CIT:DUXG:56CX:EU4S:E25J:CVFP
Docker Root Dir: C:\ProgramData\docker
Debug Mode (client): false
Debug Mode (server): true
File Descriptors: -1
Goroutines: 129
System Time: 2017-06-20T23:18:18.5057094-07:00
EventsListeners: 0
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false

Additional environment details (AWS, VirtualBox, physical, etc.):
Windows

I have a potential fix at:
pradipd/swarmkit@4a3a8f0

I can submit a PR is you'd like.
Thanks,
Pradip

@pradipd

This comment has been minimized.

Show comment
Hide comment
Contributor

pradipd commented Jun 21, 2017

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah
Member

thaJeztah commented Jun 21, 2017

ping @aaronlehmann PTAL

@aaronlehmann

This comment has been minimized.

Show comment
Hide comment
@aaronlehmann

aaronlehmann Jun 21, 2017

Contributor

The proposed fix looks correct. Please do submit a PR.

Contributor

aaronlehmann commented Jun 21, 2017

The proposed fix looks correct. Please do submit a PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment