New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added support for swarm service isolation mode #34424

Merged
merged 1 commit into from Nov 1, 2017

Conversation

@simonferquel
Contributor

simonferquel commented Aug 7, 2017

- What I did
Added isolation field on swarm service creation / updates to enable setting hyperv/process isolation per service on Windows
- How I did it
Updated swarmkit (PR with isolation in containerspec), added the field in swarm.ContainerSpec and in convert logic, use it in the executor
- How to verify it
Missing a test for now (incoming)
- Description for the changelog
Isolation mode (default, process, hyperv) can be set on swarm services to bypass host node defaults

Depends on #34745, otherwise breaks CLI

SwarmKit changes:

docker/swarmkit@872861d...28f91d8

From that list; included in this bump are included:

@friism

This comment has been minimized.

Show comment
Hide comment
@friism

friism Aug 7, 2017

Contributor

Fixes #31616

Contributor

friism commented Aug 7, 2017

Fixes #31616

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Aug 7, 2017

Member

@simonferquel looks like you vendored using an older version of vndr; can you update to the current version, and run vndr again?

14:45:45 The result of vndr differs
14:45:45 
14:45:45 ?? vendor/github.com/docker/distribution/vendor.conf
14:45:45 ?? vendor/github.com/docker/libnetwork/vendor.conf
14:45:45 ?? vendor/github.com/docker/swarmkit/vendor.conf
14:45:45 ?? vendor/github.com/moby/buildkit/vendor.conf
14:45:45 ?? vendor/github.com/opencontainers/runc/vendor.conf
14:45:45 
14:45:45 Please vendor your package with github.com/LK4D4/vndr.
14:45:45 

Also, this needs an update of the swagger.yml, and the API version history; https://github.com/moby/moby/blob/master/docs/api/version-history.md

Member

thaJeztah commented Aug 7, 2017

@simonferquel looks like you vendored using an older version of vndr; can you update to the current version, and run vndr again?

14:45:45 The result of vndr differs
14:45:45 
14:45:45 ?? vendor/github.com/docker/distribution/vendor.conf
14:45:45 ?? vendor/github.com/docker/libnetwork/vendor.conf
14:45:45 ?? vendor/github.com/docker/swarmkit/vendor.conf
14:45:45 ?? vendor/github.com/moby/buildkit/vendor.conf
14:45:45 ?? vendor/github.com/opencontainers/runc/vendor.conf
14:45:45 
14:45:45 Please vendor your package with github.com/LK4D4/vndr.
14:45:45 

Also, this needs an update of the swagger.yml, and the API version history; https://github.com/moby/moby/blob/master/docs/api/version-history.md

@simonferquel

This comment has been minimized.

Show comment
Hide comment
@simonferquel

simonferquel Aug 8, 2017

Contributor

Swarm test suite is not executed on Windows. Can't write a usefull test on it. I'll just make a test putting an explicit "default" isolation mode, and will inspect service and container to check if it is not empty.

Contributor

simonferquel commented Aug 8, 2017

Swarm test suite is not executed on Windows. Can't write a usefull test on it. I'll just make a test putting an explicit "default" isolation mode, and will inspect service and container to check if it is not empty.

@@ -2260,7 +2260,9 @@ definitions:
ConfigName is the name of the config that this references, but this is just provided for
lookup/display purposes. The config in the reference will be identified by its ID.
type: "string"
Isolation:

This comment has been minimized.

@thaJeztah

thaJeztah Aug 8, 2017

Member

Shouldn't this go into TaskTemplate.ContainerSpec?

@thaJeztah

thaJeztah Aug 8, 2017

Member

Shouldn't this go into TaskTemplate.ContainerSpec?

This comment has been minimized.

@simonferquel

simonferquel Aug 8, 2017

Contributor

It is the case :)

@simonferquel

simonferquel Aug 8, 2017

Contributor

It is the case :)

This comment has been minimized.

@thaJeztah

thaJeztah Aug 8, 2017

Member

oh boy, you're right; It looked as if it was at the wrong indentation level, but you're right. Sorry, my mistake ha!

@thaJeztah

thaJeztah Aug 8, 2017

Member

oh boy, you're right; It looked as if it was at the wrong indentation level, but you're right. Sorry, my mistake ha!

@thaJeztah

left some notes

Show outdated Hide outdated api/swagger.yaml
Show outdated Hide outdated api/swagger.yaml
@simonferquel

This comment has been minimized.

Show comment
Hide comment
@simonferquel

simonferquel Aug 8, 2017

Contributor

@thaJeztah fixed the doc (used the same exact description and enum as on HostConfig)
We'll need to wait for docker/swarmkit#2342 to be merged, update once again the vendoring before merging this one

Contributor

simonferquel commented Aug 8, 2017

@thaJeztah fixed the doc (used the same exact description and enum as on HostConfig)
We'll need to wait for docker/swarmkit#2342 to be merged, update once again the vendoring before merging this one

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Aug 8, 2017

Member

@simonferquel you forgot this one; 967fe0c#r131908016 😇

Member

thaJeztah commented Aug 8, 2017

@simonferquel you forgot this one; 967fe0c#r131908016 😇

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Aug 17, 2017

Member

@simonferquel this needs a rebase

Member

thaJeztah commented Aug 17, 2017

@simonferquel this needs a rebase

@coolljt0725

This comment has been minimized.

Show comment
Hide comment
@coolljt0725

coolljt0725 Aug 22, 2017

Contributor

ping @simonferquel needs refactor to fix the conflict

Contributor

coolljt0725 commented Aug 22, 2017

ping @simonferquel needs refactor to fix the conflict

@simonferquel simonferquel requested review from dnephin and vdemeester as code owners Aug 28, 2017

@simonferquel

This comment has been minimized.

Show comment
Hide comment
@simonferquel

simonferquel Sep 6, 2017

Contributor

@thaJeztah, could you please update your review ?

Contributor

simonferquel commented Sep 6, 2017

@thaJeztah, could you please update your review ?

@thaJeztah

left some comments 😅

Show outdated Hide outdated docs/api/version-history.md
Show outdated Hide outdated integration-cli/daemon/daemon.go
@PatrickLang

This comment has been minimized.

Show comment
Hide comment
@PatrickLang

PatrickLang Oct 5, 2017

Can we revive this? With Windows Server version 1709 around the corner, it will be needed to run containers using the Windows Server 2016 base images. Windows versions have breaking kernel changes between them but --isolation=hyperv works around that by using the right kernel allowing a newer node to run older containers.

PatrickLang commented Oct 5, 2017

Can we revive this? With Windows Server version 1709 around the corner, it will be needed to run containers using the Windows Server 2016 base images. Windows versions have breaking kernel changes between them but --isolation=hyperv works around that by using the right kernel allowing a newer node to run older containers.

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Oct 5, 2017

Member

@PatrickLang this is waiting for docker/swarmkit#2342 in SwarmKit upstream

Member

thaJeztah commented Oct 5, 2017

@PatrickLang this is waiting for docker/swarmkit#2342 in SwarmKit upstream

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Oct 5, 2017

Member

It also involves an API change so cannot be backported without introducing a lot of problems

Member

thaJeztah commented Oct 5, 2017

It also involves an API change so cannot be backported without introducing a lot of problems

@simonferquel

This comment has been minimized.

Show comment
Hide comment
@simonferquel

simonferquel Oct 12, 2017

Contributor

Since the PR Swarmkit side has been merged, I rebased and refreshed this PR.
However, Isolation field on swarm side has moved from a free form string to an enum, with an explicit "Default" value, so I can't use the fact that I could have both and "default" valid strings to make a Linux integration kit.

What I want to do then, is to introduce more unit testing, that would hopefully cover all aspects of the PR

Contributor

simonferquel commented Oct 12, 2017

Since the PR Swarmkit side has been merged, I rebased and refreshed this PR.
However, Isolation field on swarm side has moved from a free form string to an enum, with an explicit "Default" value, so I can't use the fact that I could have both and "default" valid strings to make a Linux integration kit.

What I want to do then, is to introduce more unit testing, that would hopefully cover all aspects of the PR

@simonferquel

This comment has been minimized.

Show comment
Hide comment
@simonferquel

simonferquel Oct 12, 2017

Contributor

Done (made a bit of cleanup for reusing Isolation type instead of a free string, and added tests to make sure conversions and executors take the change into account)

Contributor

simonferquel commented Oct 12, 2017

Done (made a bit of cleanup for reusing Isolation type instead of a free string, and added tests to make sure conversions and executors take the change into account)

@simonferquel

This comment has been minimized.

Show comment
Hide comment
@simonferquel

simonferquel Oct 20, 2017

Contributor

I just rebased it to see if the plugin tests still fail. Overwise I think the needs/vendoring flag can be removed (the pr now references swarmkit master)

Contributor

simonferquel commented Oct 20, 2017

I just rebased it to see if the plugin tests still fail. Overwise I think the needs/vendoring flag can be removed (the pr now references swarmkit master)

@simonferquel

This comment has been minimized.

Show comment
Hide comment
@simonferquel

simonferquel Oct 24, 2017

Contributor

Hmm swarmkit vendoring update seem to have broken DockerSwarmSuite.TestSwarmVolumePlugin somehow. Not sure why, but I could use some help here...

Contributor

simonferquel commented Oct 24, 2017

Hmm swarmkit vendoring update seem to have broken DockerSwarmSuite.TestSwarmVolumePlugin somehow. Not sure why, but I could use some help here...

@simonferquel

This comment has been minimized.

Show comment
Hide comment
@simonferquel

simonferquel Oct 24, 2017

Contributor

Ok, found the reason of the test regression: error details are reported in a separate task status field now. Updated the test, amended my commit, waiting for test results.

Contributor

simonferquel commented Oct 24, 2017

Ok, found the reason of the test regression: error details are reported in a separate task status field now. Updated the test, amended my commit, waiting for test results.

@simonferquel

This comment has been minimized.

Show comment
Hide comment
@simonferquel

simonferquel Oct 24, 2017

Contributor

@thaJeztah could you update your review ? Want to make sure I did update the right swagger stuff.

Contributor

simonferquel commented Oct 24, 2017

@thaJeztah could you update your review ? Want to make sure I did update the right swagger stuff.

@thaJeztah

LGTM, but needs a minor rebase

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah
Member

thaJeztah commented Oct 30, 2017

ping @cpuguy83 @dnephin PTAL

@thaJeztah thaJeztah referenced this pull request Oct 30, 2017

Merged

Revendored Swarmkit #35326

Added support for swarm service isolation mode
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
@vieux

This comment has been minimized.

Show comment
Hide comment
@vieux

vieux Nov 1, 2017

Collaborator

LGTM ping @cpuguy83 @dnephin

Collaborator

vieux commented Nov 1, 2017

LGTM ping @cpuguy83 @dnephin

@cpuguy83

LGTM

@cpuguy83 cpuguy83 merged commit d91c5f4 into moby:master Nov 1, 2017

7 checks passed

dco-signed All commits are signed
experimental Jenkins build Docker-PRs-experimental 37562 has succeeded
Details
janky Jenkins build Docker-PRs 46259 has succeeded
Details
powerpc Jenkins build Docker-PRs-powerpc 6674 has succeeded
Details
vendor Jenkins build Docker-PRs-vendor 3879 has succeeded
Details
windowsRS1 Jenkins build Docker-PRs-WoW-RS1 17836 has succeeded
Details
z Jenkins build Docker-PRs-s390x 6471 has succeeded
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment