Explicitly disallow network pluginv1 creation in swarm mode. #1894

anusha-ragunathan · 2017-01-24T20:18:19Z

In swarm mode, only network pluginv2 is supported; pluginv1 is not. When
the plugin support was re-enabled in 1.13.x, it inadvertently allowed
both pluginv1 and pluginv2. This commit fixes that.

Signed-off-by: Anusha Ragunathan anusha.ragunathan@docker.com

anusha-ragunathan · 2017-01-24T20:20:43Z

@mavenugo PTAL

mavenugo · 2017-01-24T21:04:40Z

LGTM

@aaronlehmann can you PTAL and also re-trigger the CI ?

dongluochen · 2017-01-24T21:24:44Z

manager/controlapi/common.go

@@ -87,5 +88,14 @@ func validateDriver(driver *api.Driver) error {
 		return grpc.Errorf(codes.InvalidArgument, "driver name: if driver is specified name is required")
 	}

+	p, err := pg.Get(driver.Name, pluginType, plugingetter.LOOKUP)
+	if err != nil {
+		return grpc.Errorf(codes.InvalidArgument, "error during plugin lookup")


Maybe better to provide driver.Name for debugging.

dongluochen · 2017-01-24T21:25:34Z

manager/controlapi/common.go

+	}
+
+	if p.IsV1() {
+		return grpc.Errorf(codes.InvalidArgument, "legacy plugins of type %s are not supported in swarm mode", pluginType)


Provide driver.Name in error message.

codecov-io · 2017-01-24T21:30:18Z

Current coverage is 55.33% (diff: 40.00%)

Merging #1894 into bump_v1.13.1 will decrease coverage by 2.92%

@@           bump_v1.13.1      #1894   diff @@
==============================================
  Files                58        102     +44   
  Lines              8927      17061   +8134   
  Methods               0          0           
  Messages              0          0           
  Branches              0          0           
==============================================
+ Hits               5201       9441   +4240   
- Misses             3160       6475   +3315   
- Partials            566       1145    +579

Powered by Codecov. Last update 0692326...5b73846

aaronlehmann · 2017-01-24T21:32:29Z

Why aren't v1 plugins supported? Is it just because the scheduler's plugin filter won't work correctly for these, or is there another reason? Does it apply to volume plugins as well?

nishanttotla

A node could have a v1 plugin running before it joins the Swarm, and it will also pass through the plugin filter IIUC. Is this not the case?

anusha-ragunathan · 2017-01-24T22:47:52Z

@aaronlehmann : Its specific to network plugins. moby/moby#29878 and moby/moby#30332 (comment) has some details. @mavenugo made the decision and I'll let him explain.

mavenugo · 2017-01-24T23:08:52Z

@aaronlehmann there are a few technical reasons and a few maintenance reasons.
There are a few pre-req details of the current design/situation in order to undestand the issue.

Plugin-v1 loads lazily. Only when the first network or volume is actually created on the daemon, the plugin is loaded.
As of 1.13.0, Swarmkit supports only Global-scoped network drivers and Local-scoped volume drivers.
Plugin filtering logic in swarmkit during service creation will filter out the nodes that doesnt have a particular plugin loaded.

The combination of the above 3 causes the technical issue at hand. When docker network create is done using a global-scoped network driver/plugin, it is handled just by the swarm manager at swarmkit and it retains the information in the raftstore. Only when the service is created with the said network, the network is scheduled to be created on a node where the task is scheduled. But since plugin-v1 is lazy loading, the plugin is not loaded on any node until the network is created. And since the filtering logic doesnt choose a node without the said plugin loaded, we end up in this dead heat. In order to solve this deadlock, we tried to use GetAllByCap() in SystemInfo path of daemon. But this function doesnt work well in this code path due to the way plugin-v1 is implemented and integrated with daemon and it failed on a few IT cases. Hence we decided not to use plugin-v1 to be pulled in SystemInfo.

From a maintenance standpoint, plugin-v1 had many daemon issues in the past and the major one was the fact that plugins can be loaded later than the actual container being used and it caused major headaches. Also, the plugins can be out of the box and can cause more issues. So, plugin-v2 is a welcome change.

Since 1.13.1 is the first time we are planning on supporting plugins in swarmkit, we feel that there is no point carrying an implementation that must be deprecated asap. Also, plugin-v2 is the recommended approach. Since it doesnt break any backward compatibility (being the first release of plugin support), I vote to not support plugin-v1 with swarmkit.

aaronlehmann · 2017-01-24T23:15:59Z

Thanks for the explanation. It makes technical sense to me now why v1 network plugins don't really work with swarmkit, but v1 volume plugins may work in some cases (if you happen to precreate the volumes on the nodes, or do something else to get the plugin to load).

However, based on this:

Since 1.13.1 is the first time we are planning on supporting plugins in swarmkit, we feel that there is no point carrying an implementation that must be deprecated asap. Also, plugin-v2 is the recommended approach. Since it doesnt break any backward compatibility (being the first release of plugin support), I vote to not support plugin-v1 with swarmkit.

...I wonder if it makes sense to disallow v1 volume plugins as well. It might be confusing that services that use v1 volume plugins only get scheduled to nodes that have the plugin loaded because of some external action, and it also might be confusing that v1 volume plugins are "supported" but v1 network plugins are not.

Then again, v1 volume plugins technically work in 1.13.0 (if you work around the plugin filter issues), so maybe removing that support in a patch release is not reasonable.

anusha-ragunathan · 2017-01-24T23:33:20Z

Yes, it is inconsistent (volume pluginv1 and network pluginv1 in swarm mode), but we should leave volume pluginv1 in swarm mode untouched in 1.13.x.

In swarm mode, only network pluginv2 is supported; pluginv1 is not. When the plugin support was re-enabled in 1.13.x, it inadvertently allowed both pluginv1 and pluginv2. This commit fixes that. Signed-off-by: Anusha Ragunathan <anusha.ragunathan@docker.com>

aaronlehmann · 2017-01-25T02:15:04Z

LGTM

dongluochen · 2017-01-25T02:17:35Z

LGTM

This fix updates SwarmKit to 78ae345 (from 037b491) The following issues in docker are related - Can not update service in host publish mode (moby#30199) (fixed) - Add `ReadonlyRootfs` in ContainerSpec for `--read-only` (moby#29972) (needed) - Explicitly disallow network pluginv1 creation in swarm mode (See discussion in moby/swarmkit/pull/1899, moby/swarmkit/pull/1894, and moby/pull/30332#issuecomment-274277948) This fix fixes moby#30199 Signed-off-by: Yong Tang <yong.tang.github@outlook.com>

dongluochen reviewed Jan 24, 2017

View reviewed changes

nishanttotla reviewed Jan 24, 2017

View reviewed changes

anusha-ragunathan force-pushed the disallow_nw_pv1 branch from 5b73846 to 0b0e2a4 Compare January 25, 2017 00:46

dongluochen merged commit b9f07cb into moby:bump_v1.13.1 Jan 25, 2017

mavenugo mentioned this pull request Jan 25, 2017

Explicitly disallow network pluginv1 creation in swarm mode. #1899

Merged

anusha-ragunathan deleted the disallow_nw_pv1 branch January 25, 2017 23:56

This was referenced Jan 29, 2017

Update SwarmKit to 78ae345f449ac69aa741c762df7e5f0020f70275 moby/moby#30548

Merged

Add --read-only for service create and service update moby/moby#30162

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Explicitly disallow network pluginv1 creation in swarm mode. #1894

Explicitly disallow network pluginv1 creation in swarm mode. #1894

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Explicitly disallow network pluginv1 creation in swarm mode. #1894

Explicitly disallow network pluginv1 creation in swarm mode. #1894

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Current coverage is 55.33% (diff: 40.00%)

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!