vendor: bump libnetwork bf2bd42abc0a3734f12b5ec724e571434e42c669 #40596
Conversation
|
Looks like CI is broken @StefanScherer
|
|
Lots of macvlan/ipvlan failures. |
thaJeztah
added
the
status/failing-ci
|
@lemrouch couple of things I've realized after looking at andWe might still want to keep the dummyParent in case |
|
@lemrouch Looking at andmoby/libnetwork@8d1f97e will be needed to be reworked to make sure we skip creating a gateway for an internal macvlan/ipvlan network only if an existing non-internal network exists |
Those tests are broken by design. They are basically saying: make sure isolated network is not isolated at all and can reach public ip address. |
Again, internal networks should not mess with default gateways as this will break routing via regular network. The test is wrong. |
but @lemrouch these are not internal networks, just a macvlan network with an empty parent |
|
also this err should not be nil, the test code looks fine to me but the err is |
fixes The above code tries to further separate the difference in meaning between empty Parent and internal network which can or cannot be the same unclear why the below test is failing |
It's test for internal network. That means there is no default gateway anymore.
|
|
@lemrouch you're right, it still does give a - timeoutCtx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
- defer cancel()
- _, err := container.Exec(timeoutCtx, client, id1, []string{"ping", "-c", "1", "-w", "1", "8.8.8.8"})
- // FIXME(vdemeester) check the time of error ?
- assert.Check(t, err != nil)
- assert.Check(t, timeoutCtx.Err() == context.DeadlineExceeded)
+ result, _ := container.Exec(ctx, client, id1, []string{"ping", "-c", "1", "8.8.8.8"})
+ assert.Check(t, strings.Contains(result.Combined(), "Network is unreachable"))which fixes the issue, will raise a PR for these soon |
moby#2419 and moby#2407 attempted to seperate out empty parent and internal for macvlan and ipvlan networks However it didnt pass the integration tests in moby moby/moby#40596 and exposed some more plumbing that needed to be done to make sure we seperate the two things If the -o parent is empty we create a dummylink and if internal is set we dont add a default gateway and make sure north-south communication cannot take place (only east-west / container-container can) Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>
moby#2419 and moby#2407 attempted to seperate out empty parent and internal for macvlan and ipvlan networks However it didnt pass the integration tests in moby moby/moby#40596 and exposed some more plumbing that needed to be done to make sure we seperate the two things If the -o parent is empty we create a dummylink and if internal is set we dont add a default gateway and make sure north-south communication cannot take place (only east-west / container-container can) Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>
moby#2419 and moby#2407 attempted to seperate out empty parent and internal for macvlan and ipvlan networks However it didnt pass the integration tests in moby moby/moby#40596 and exposed some more plumbing that needed to be done to make sure we separate the two things If the -o parent is empty we create a dummylink and if internal is set we dont add a default gateway and make sure north-south communication cannot take place (only east-west / container-container can) Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>
thaJeztah
force-pushed
the
bump_libnetwork
branch
from
84fcdd9
to
42ef405
Compare
thaJeztah
changed the title
thaJeztah
added
impact/changelog
and removed
status/failing-ci
|
Updated to current master, to include moby/libnetwork#2523, which should fix the CI failures |
|
still failing |
|
😢 @arkodg PTAL 🤗 |
There was a problem hiding this comment.
LGTM
I encountered a similar problem and fixed by this PR moby/libnetwork#2519
(included in this vendor)
|
@thaJeztah |
|
@arkodg ah, sorry, overlooked that one, thought it was being handled by the changes in libnetwork 👍 |
thaJeztah
force-pushed
the
bump_libnetwork
branch
from
42ef405
to
44c4f6f
Compare
|
@thaJeztah similar changes needed in |
full diff: moby/libnetwork@264bffc...bf2bd42 relevant changes: - moby/libnetwork#2407 Macvlan internal network should not change default gateway - fixes moby/libnetwork#2406 Internal macvlan network overrides default gateway - vendor godbus/dbus v5 - Fix InhibitIPv4 nil panic - Cleanup VFP during overlay network removal - fixes VFP leak in windows overlay network deletion Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
force-pushed
the
bump_libnetwork
branch
from
44c4f6f
to
e1710b4
Compare
|
d'oh! I saw that test and wanted to check it, but was in a hurry and forgot. Thanks! |
|
@thaJeztah: would like to see this in CE 19.03.8. Looks like the pattern for 19.03 is to backport from master. Would like to confirm intent to backport this for 19.03.8, as well as offer any assistance from Mirantis to help make it so. |
For libnetwork, the 19.03 branch vendors from the corresponding bump_v19.03 branch in libnetwork (and 18.09 from the bump_v18.09 libnetwork branch). I can open a bump PR for the 19.03 branch, or perhaps @SamWhited can update #40617 to get the latest changes from libnetwork |
|
@cpuguy83 @AkihiroSuda @arkodg this is green now, PTAL 👍 |
Wilco. |
|
@thaJeztah lets merge this PR |
|
Updated. Will take a look at any failures when CI finishes running. |
moby#2419 and moby#2407 attempted to seperate out empty parent and internal for macvlan and ipvlan networks However it didnt pass the integration tests in moby moby/moby#40596 and exposed some more plumbing that needed to be done to make sure we separate the two things If the -o parent is empty we create a dummylink and if internal is set we dont add a default gateway and make sure north-south communication cannot take place (only east-west / container-container can) Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>
moby/libnetwork#2419 and moby/libnetwork#2407 attempted to seperate out empty parent and internal for macvlan and ipvlan networks However it didnt pass the integration tests in moby moby#40596 and exposed some more plumbing that needed to be done to make sure we separate the two things If the -o parent is empty we create a dummylink and if internal is set we dont add a default gateway and make sure north-south communication cannot take place (only east-west / container-container can) Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>
full diff: moby/libnetwork@264bffc...bf2bd42
relevant changes:
this should be the last one listed in #39392 (comment) to be vendored, so
fixes #39392 on master
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)