Skip to content

Commit

Permalink
Merge pull request #2643 from /issues/2632-cni-no-check-alive
Browse files Browse the repository at this point in the history 
Don't release CNI-allocated IP address when container dies
  • Loading branch information
@awh
awh committed Nov 22, 2016
2 parents a6edd40 + 9cc9891 commit 664ba87
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 7 deletions.
10 changes: 5 additions & 5 deletions ipam/allocator.go
View file
Expand Up @@ -322,7 +322,7 @@ func (alloc *Allocator) Claim(ident string, cidr address.CIDR, isContainer, noEr
// ContainerDied called from the updater interface. Async.
func (alloc *Allocator) ContainerDied(ident string) {
alloc.actionChan <- func() {
if alloc.hasOwned(ident) {
if alloc.hasOwnedByContainer(ident) {
alloc.debugln("Container", ident, "died; noting to remove later")
alloc.dead[ident] = alloc.now()
}
Expand All @@ -335,7 +335,7 @@ func (alloc *Allocator) ContainerDied(ident string) {
// ContainerDestroyed called from the updater interface. Async.
func (alloc *Allocator) ContainerDestroyed(ident string) {
alloc.actionChan <- func() {
if alloc.hasOwned(ident) {
if alloc.hasOwnedByContainer(ident) {
alloc.debugln("Container", ident, "destroyed; removing addresses")
alloc.delete(ident)
delete(alloc.dead, ident)
Expand Down Expand Up @@ -996,9 +996,9 @@ func (alloc *Allocator) persistOwned() {

// Owned addresses

func (alloc *Allocator) hasOwned(ident string) bool {
_, b := alloc.owned[ident]
return b
func (alloc *Allocator) hasOwnedByContainer(ident string) bool {
d, b := alloc.owned[ident]
return b && d.IsContainer
}

// NB: addr must not be owned by ident already
Expand Down
6 changes: 4 additions & 2 deletions test/830_cni_plugin_test.sh
View file
Expand Up @@ -45,7 +45,7 @@ C2IP=$(container_ip $HOST1 c2)
assert_raises "exec_on $HOST1 c1 $PING $C2IP"
assert_raises "exec_on $HOST1 c2 $PING $C1IP"

# Now remove and start a new container to see if IP address re-use breaks things
# Now remove and start a new container to see if anything breaks
docker_on $HOST1 rm -f c2

C3=$(docker_on $HOST1 run --net=none --name=c3 -dt $SMALL_IMAGE /bin/sh)
Expand All @@ -56,7 +56,9 @@ EOF

C3IP=$(container_ip $HOST1 c3)

assert_raises "exec_on $HOST1 c1 $PING $C2IP"
# CNI shouldn't re-use the address until we call DEL
assert_raises "[ $C2IP != $C3IP ]"
assert_raises "exec_on $HOST1 c1 $PING $C3IP"


# Ensure existing containers can reclaim their IP addresses after CNI has been used -- see #2548
Expand Down

0 comments on commit 664ba87

Please sign in to comment.