In Docker provider 'networks' appends new nets to the default bridge

[hashibot]

This issue was originally opened by @fdebonneval as hashicorp/terraform#12095. It was migrated here as part of the provider split. The original body of the issue is below.

---

Hi there, I hope this issue have not already been reported, I took a look and did not find duplicate.
Anyway, thanks for telling me if it is an expected behavior or a genuine issue to fix.

Terraform Version

# terraform --version Terraform v0.8.7

Affected Resource(s)

• docker networks

Terraform Configuration Files

provider "docker" {
    host = "unix:///var/run/docker.sock"
}

resource "docker_container" "alpine" {
  name = "foo"
  image = "alpine:latest"
  command = ["ip", "a"]
  networks = ["tf-net"]
}

Debug Output

The docker logs of the container returns

[...]
44: eth0@if45: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
    link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.3/16 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe11:3/64 scope link tentative
       valid_lft forever preferred_lft forever
46: eth1@if47: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
    link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.2/16 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe12:2/64 scope link tentative
       valid_lft forever preferred_lft fore

Also Docker inspect of the created container :

[...]
"Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "8eac1874812a79759249b97e8aba68f20256e5f772a5bdcc033271d0120b86a4",
                    "EndpointID": "",
                    "Gateway": "",
                    "IPAddress": "",
                    "IPPrefixLen": 0,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": ""
                },
                "tf-net": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [
                        "9c3bf9a9296d"
                    ],
                    "NetworkID": "71ce9a1e51eaa9a6098881c946f5099bccebe2728158f44ce374213ee9041cb8",
                    "EndpointID": "",
                    "Gateway": "",
                    "IPAddress": "",
                    "IPPrefixLen": 0,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": ""
                }
            }
[...]

Expected Behavior

With only one network in the list, I would expect only one 'eth0' interface inside the running container

Actual Behavior

I get the default bridge and the network from the list.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. On a docker host
2. Define a .tf file from the example above
3. The run an apply docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/tf --workdir /tf hashicorp/terraform:light apply

[efpe]

This is still happening with version v0.10.8.
Workaround is to run a local-exec script from the resource:

resource "docker_container" "asd" {
[...]
  networks = [ "${docker_network.net1.id}", "othernetwork" ]
  provisioner "local-exec" {
    command = "/usr/bin/docker network disconnect ${var.default_network_name} ${docker_container.asd.name}"
  }
}

[efpe]

Any news on this?

[mavogel]

@efpe when I'm done with the swarm approach, I'll take a look at the other issues. No ETA atm

[efpe]

@mavogel great to hear the issues is picked up :) Thanks!

[mkeeler]

Another thing I found as a work around was to put one of the networks in the "network_mode" configuration so:

networks = ["net1", "net2"]
network_mode = "net1"

This basically causes terraform to attach the container to "net1" during the creation of the container and then "attach" to the rest of the networks post-create. Doing a second "attach" when its already attached seems to be a no-op with docker.

[bhuisgen]

Please see my fix 587988c in PR #92 to fix this provider bug.

[mavogel]

as @bhuisgen denotes his commit fixes the bug 👍 It will come with the upcoming release 1.1.0 of the provider.

the config

provider "docker" {
  version = "1.1.0"
  host    = "unix:///var/run/docker.sock"
}

resource "docker_image" "alpine" {
  name         = "alpine:latest"
  keep_locally = true
}

resource "docker_container" "alpine" {
  name     = "foo"
  image    = "${docker_image.alpine.latest}"
  command  = ["ip", "a"]
  networks = ["tf-net"]
}

and he following steps

# use the current master branch
# for mac
$ go build -o terraform-provider-docker_v1.1.0 && mv -f terraform-provider-docker_v1.1.0 ~/.terraform.d/plugins/darwin_amd64
$ docker network create tf-net
$ terraform apply

result in

"Networks": {
                "tf-net": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [
                        "f9ee6e24549b"
                    ],
                    "NetworkID": "d4d2a6aa3c7411c913bd10a0232d915f307521bdd60d4cac9653aff3f159e4cb",
                    "EndpointID": "",
                    "Gateway": "",
                    "IPAddress": "",
                    "IPPrefixLen": 0,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "",
                    "DriverOpts": null
                }
            }