libnet: Make sure network names are unique#46251
Merged
thaJeztah merged 1 commit intomoby:masterfrom Sep 12, 2023
Merged
Conversation
akerouanton
added
area/api
akerouanton
commented
Aug 17, 2023
akerouanton
force-pushed
the
libnet-forbid-duplicated-network-names
branch
from
f4bd1ba to
280795e
Compare
akerouanton
commented
Aug 18, 2023
akerouanton
commented
Aug 18, 2023
akerouanton
added a commit
to akerouanton/docker-py
that referenced
this pull request
Aug 19, 2023
moby/moby#46251 marks CheckDuplicate as deprecated. Any NetworkCreate request with a conflicting network name will now return an error. Signed-off-by: Albin Kerouanton <[email protected]>
akerouanton
added a commit
to akerouanton/docker-py
that referenced
this pull request
Aug 19, 2023
moby/moby#46251 marks CheckDuplicate as deprecated. Any NetworkCreate request with a conflicting network name will now return an error. Signed-off-by: Albin Kerouanton <[email protected]>
akerouanton
added a commit
to akerouanton/docker-py
that referenced
this pull request
Aug 19, 2023
moby/moby#46251 marks CheckDuplicate as deprecated. Any NetworkCreate request with a conflicting network name will now return an error. Signed-off-by: Albin Kerouanton <[email protected]>
akerouanton
added a commit
to akerouanton/docker-py
that referenced
this pull request
Aug 19, 2023
moby/moby#46251 marks CheckDuplicate as deprecated. Any NetworkCreate request with a conflicting network name will now return an error. Signed-off-by: Albin Kerouanton <[email protected]>
milas
pushed a commit
to docker/docker-py
that referenced
this pull request
Aug 21, 2023
integration: check_duplicate is now the default behavior moby/moby#46251 marks CheckDuplicate as deprecated. Any NetworkCreate request with a conflicting network name will now return an error. Signed-off-by: Albin Kerouanton <[email protected]>
1 task
akerouanton
force-pushed
the
libnet-forbid-duplicated-network-names
branch
from
280795e to
07dcf62
Compare
akerouanton
force-pushed
the
libnet-forbid-duplicated-network-names
branch
2 times, most recently
from
bcbec62 to
c8ba829
Compare
Member
Author
|
CI failed on a unrelated flake: |
thaJeztah
requested changes
Sep 11, 2023
akerouanton
force-pushed
the
libnet-forbid-duplicated-network-names
branch
from
c8ba829 to
fbb011e
Compare
thaJeztah
reviewed
Sep 11, 2023
akerouanton
force-pushed
the
libnet-forbid-duplicated-network-names
branch
from
fbb011e to
e77601b
Compare
thaJeztah
reviewed
Sep 11, 2023
| NetworkCreate: options, | ||
| Name: name, | ||
| } | ||
| if versions.LessThan(cli.version, "1.44") { |
Member
There was a problem hiding this comment.
Note to self; I'm actually wondering now if these checks we have in the client work, as we moved negotiating the API version to be as late as possible, which (I think) in this case could mean that we postpone it to cli.post (which calls cli.sendRequest, which calls cli.getAPIPath (which handles the negotiation)) 🙈
Member
There was a problem hiding this comment.
(It's probably fine to keep this as-is for now, as it looks like it's something to fix for other parts as well)
Member
There was a problem hiding this comment.
opened a PR to fix this issue;
thaJeztah
reviewed
Sep 11, 2023
thaJeztah
reviewed
Sep 11, 2023
| } | ||
|
|
||
| func TestForbidDuplicateNetworkNames(t *testing.T) { | ||
| skip.If(t, testEnv.DaemonInfo.OSType == "windows") |
Member
There was a problem hiding this comment.
Do you know why this didn't fail on Windows?
(didn't fail => why the test didn't work?)
Member
Author
There was a problem hiding this comment.
I force pushed my commit to check what's the error, and here it is:
=== Failed
=== FAIL: github.com/docker/docker/integration/network TestForbidDuplicateNetworkNames (0.01s)
network_test.go:266: [d46d27c88db30] failed to start daemon with arguments [--data-root D:\a\moby\moby\go\src\github.com\docker\docker\bundles\tmp\TestForbidDuplicateNetworkNames\d46d27c88db30\root --exec-root C:\Users\RUNNER~1\AppData\Local\Temp\dxr\d46d27c88db30 --pidfile D:\a\moby\moby\go\src\github.com\docker\docker\bundles\tmp\TestForbidDuplicateNetworkNames\d46d27c88db30\docker.pid --userland-proxy=true --containerd-namespace d46d27c88db30 --containerd-plugins-namespace d46d27c88db30p --containerd /var/run/docker/containerd/containerd.sock --host unix://C:\Users\RUNNER~1\AppData\Local\Temp\docker-integration\d46d27c88db30.sock --debug] : protocol not available
So, it's totally unrelated to this change. I'll create a follow-up PR addressing that.
Member
There was a problem hiding this comment.
Interesting; thanks!
(mostly commented because we have many tests with a skip, and for some nobody even remembers "why" 😂)
akerouanton
force-pushed
the
libnet-forbid-duplicated-network-names
branch
2 times, most recently
from
9b58911 to
a5c0d9b
Compare
Member
|
🙈 I think one of your other PRs conflicted; looks like this needs a rebase now (changes LGTM though) |
Fixes moby#18864, moby#20648, moby#33561, moby#40901. [This GH comment][1] makes clear network name uniqueness has never been enforced due to the eventually consistent nature of Classic Swarm datastores: > there is no guaranteed way to check for duplicates across a cluster of > docker hosts. And this is further confirmed by other comments made by @mrjana in that same issue, eg. [this one][2]: > we want to adopt a schema which can pave the way in the future for a > completely decentralized cluster of docker hosts (if scalability is > needed). This decentralized model is what Classic Swarm was trying to be. It's been superseded since then by Docker Swarm, which has a centralized control plane. To circumvent this drawback, the `NetworkCreate` endpoint accepts a `CheckDuplicate` flag. However it's not perfectly reliable as it won't catch concurrent requests. Due to this design decision, API clients like Compose have to implement workarounds to make sure names are really unique (eg. docker/compose#9585). And the daemon itself has seen a string of issues due to that decision, including some that aren't fixed to this day (for instance moby#40901): > The problem is, that if you specify a network for a container using > the ID, it will add that network to the container but it will then > change it to reference the network by using the name. To summarize, this "feature" is broken, has no practical use and is a source of pain for Docker users and API consumers. So let's just remove it for _all_ API versions. [1]: moby#18864 (comment) [2]: moby#18864 (comment) Signed-off-by: Albin Kerouanton <[email protected]>
akerouanton
force-pushed
the
libnet-forbid-duplicated-network-names
branch
from
a5c0d9b to
78479b1
Compare
neersighted
approved these changes
Sep 12, 2023
This was referenced Sep 12, 2023
This was referenced Nov 9, 2023
1 task
openstack-mirroring
pushed a commit
to openstack/kuryr-libnetwork
that referenced
this pull request
Sep 25, 2024
Docker has disallowed multiple networks with the same name: moby/moby#46251 Change-Id: I4e5979dcf15b5270a0fc47a204b3a63405663809
openstack-mirroring
pushed a commit
to openstack/openstack
that referenced
this pull request
Sep 25, 2024
* Update kuryr-libnetwork from branch 'master'
to a4b276cfff1b2d88a58fd6c6a1c99e3761984ebd
- Remove test_create_network_with_same_name
Docker has disallowed multiple networks with the same name:
moby/moby#46251
Change-Id: I4e5979dcf15b5270a0fc47a204b3a63405663809
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
- What I did
Fixes #18864, #20648, #33561, #40901 (and probably more).
This GH comment makes clear network name uniqueness has never been enforced due to the eventually consistent nature of Classic Swarm datastores:
And this is further confirmed by other comments made by @mrjana in that same issue, eg. this one:
This decentralized model is what Classic Swarm was trying to be. It's been superseded since then by Docker Swarm, which has a centralized control plane.
To circumvent this drawback, the
NetworkCreateendpoint accepts aCheckDuplicateflag. However it's not perfectly reliable as it won't catch concurrent requests.Due to this design decision, API clients like Compose have to implement workarounds to make sure names are really unique (eg. docker/compose#9585). And the daemon itself has seen a string of issues due to that decision, including some that aren't fixed to this day (for instance #40901):
To summarize, this "feature" is broken, has no practical use and is a source of pain for Docker users and API consumers. So let's just remove it for all API versions.
- A picture of a cute animal (not mandatory but encouraged)