Skip to content

Disable iptables/ip6tables in two tests to remove conflict#48642

Merged
thaJeztah merged 1 commit intomoby:masterfrom
robmry:remove-iptables-conflict-between-tests
Oct 11, 2024
Merged

Disable iptables/ip6tables in two tests to remove conflict#48642
thaJeztah merged 1 commit intomoby:masterfrom
robmry:remove-iptables-conflict-between-tests

Conversation

@robmry
Copy link
Copy Markdown
Contributor

@robmry robmry commented Oct 11, 2024

- What I did

Fix a flaky test ...

TestAttachDisconnectLeak starts its own daemon with iptables disabled, but disabling ip6tables was missed when we enabled ip6tables by default.

TestNetworkStateCleanupOnDaemonStart also starts its own daemon, with iptables and ip6tables both enabled. It isn't trying to test anything iptables related.

These tests run in parallel, so they both modify ip6tables in the host namespace - and could break each other by adding/removing chains at awkward moments.

From a CI run ...

=== CONT  TestNetworkStateCleanupOnDaemonStart
=== CONT  TestAttachDisconnectLeak
=== CONT  TestStopContainerWithTimeoutCancel
=== CONT  TestRestartDaemonWithRestartingContainer
    daemon.go:318: [dc1726334a0ab] time="2024-10-11T11:05:22.627702530Z" level=debug msg="Request address PoolID:172.18.0.0/16 Bits: 65536, Unselected: 65534, Sequence: (0x80000000, 1)->(0x0, 2046)->(0x1, 1)->end Curr:0 Serial:false PrefAddress:172.18.0.1 "
[...]
    daemon.go:318: [dc1726334a0ab] time="2024-10-11T11:05:22.636698297Z" level=debug msg="Cleaning up old mountid : done."
    daemon.go:318: [dc1726334a0ab] failed to start daemon: Error initializing network controller: error creating default "bridge" network: add inter-network communication rule:  (iptables failed: ip6tables --wait -t filter -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2: ip6tables v1.8.9 (legacy): Couldn't load target `DOCKER-ISOLATION-STAGE-2':No such file or directory
    daemon.go:318: [dc1726334a0ab] 
    daemon.go:318: [dc1726334a0ab] Try `ip6tables -h' or 'ip6tables --help' for more information.
    daemon.go:318: [dc1726334a0ab]  (exit status 2))
    attach_test.go:80: [dc1726334a0ab] failed to start daemon with arguments [--data-root /go/src/github.com/docker/docker/bundles/test-integration/TestAttachDisconnectLeak/dc1726334a0ab/root --exec-root /tmp/dxr/dc1726334a0ab --pidfile /go/src/github.com/docker/docker/bundles/test-integration/TestAttachDisconnectLeak/dc1726334a0ab/docker.pid --userland-proxy=true --containerd-namespace dc1726334a0ab --containerd-plugins-namespace dc1726334a0abp --containerd /var/run/docker/containerd/containerd.sock --host unix:///tmp/docker-integration/dc1726334a0ab.sock --debug --storage-driver overlayfs --iptables=false] : [dc1726334a0ab] daemon exited during startup: exit status 1
--- FAIL: TestAttachDisconnectLeak (0.50s)

- How I did it

Disable iptables and ip6tables in both tests.

- How to verify it

n/a

- Description for the changelog

n/a

@robmry
Disable iptables/ip6tables in two tests to remove conflict
91f74c2 
TestAttachDisconnectLeak starts its own daemon with iptables disabled,
but disabling ip6tables was missed when we enabled ip6tables by default.

TestNetworkStateCleanupOnDaemonStart also starts its own daemon, with
iptables and ip6tables both enabled. It isn't trying to test anything
iptables related.

These tests run in parallel, so they both modify ip6tables in the host
namespace - and could break each other by adding/removing chains at
awkward moments.

Disable iptables and ip6tables in both tests.

Signed-off-by: Rob Murray <[email protected]>
@robmry robmry added area/testing kind/bugfix PR's that fix bugs labels Oct 11, 2024
@robmry robmry added this to the 28.0.0 milestone Oct 11, 2024
@robmry robmry self-assigned this Oct 11, 2024
@robmry robmry marked this pull request as ready for review October 11, 2024 14:57
@robmry robmry requested a review from akerouanton October 11, 2024 14:57
thaJeztah
thaJeztah approved these changes Oct 11, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@thaJeztah thaJeztah merged commit afc0fcc into moby:master Oct 11, 2024
@robmry robmry deleted the remove-iptables-conflict-between-tests branch October 14, 2024 08:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

@akerouanton akerouanton Awaiting requested review from akerouanton

Assignees

@robmry robmry

Labels

area/testing kind/bugfix PR's that fix bugs status/4-merge

Projects

None yet

Milestone

28.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@robmry @thaJeztah @akerouanton