daemon.NewDaemon(): fix network feature detection on first start

[thaJeztah]

Commit 483aa62 (#43130) introduced a regression, causing spurious warnings to be shown when starting a daemon for the first time after a fresh install:

docker info
...
WARNING: IPv4 forwarding is disabled
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

The information shown is incorrect, as checking the corresponding options on the system, shows that these options are available:

cat /proc/sys/net/ipv4/ip_forward
1
cat /proc/sys/net/bridge/bridge-nf-call-iptables
1
cat /proc/sys/net/bridge/bridge-nf-call-ip6tables
1

The reason this is failing is because the daemon itself reconfigures those options during networking initialization in configureIPForwarding();

moby/libnetwork/drivers/bridge/setup_ip_forwarding.go

Lines 14 to 25 in cf45952

	const (
	ipv4ForwardConf = "/proc/sys/net/ipv4/ip_forward"
	ipv4ForwardConfPerm = 0644
	)
	func configureIPForwarding(enable bool) error {
	var val byte
	if enable {
	val = '1'
	}
	return os.WriteFile(ipv4ForwardConf, []byte{val, '\n'}, ipv4ForwardConfPerm)
	}

Network initialization happens in the daemon.restore() function within daemon.NewDaemon():

moby/daemon/daemon.go

Lines 475 to 478 in cf45952

	// Note that we cannot initialize the network controller earlier, as it
	// needs to know if there's active sandboxes (running containers).
	if err = daemon.initNetworkController(activeSandboxes); err != nil {
	return fmt.Errorf("Error initializing network controller: %v", err)

However, 483aa62 moved detection of features earlier in the daemon.NewDaemon() function, and collects the system information (d.RawSysInfo()) before we enter daemon.restore();

moby/daemon/daemon.go

Lines 1008 to 1011 in cf45952

	sysInfo := d.RawSysInfo()
	for _, w := range sysInfo.Warnings {
	logrus.Warn(w)
	}

For optimization (collecting the system information comes at a cost), those results are cached on the daemon, and will only be performed once (using a sync.Once).

This patch:

• introduces a getSysInfo() utility, which collects system information without caching the results
• uses getSysInfo() to collect the preliminary information needed at that point in the daemon's lifecycle.
• moves printing warnings to the end of daemon.NewDaemon(), after all information can be read correctly.

- A picture of a cute animal (not mandatory but encouraged)

[thaJeztah]

Ah, dang, or course it helps if you stage all files

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
	modified:   daemon/daemon_windows.go

[neersighted]

LGTM

[corhere]

[thaJeztah]

Thanks! Bringing this one in 👍

[thaJeztah]

Thanks! Bringing this one in 👍

[skepticoitusInteruptus]

Good job, @thaJeztah 🥇

"…causing spurious warnings to be shown…"

Given that #43674 uses similar wording in its description, I'm hoping this fixes that issue's spurious "WARNING: Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap." too.