Support service network attachment changes#32062
Conversation
|
LGTM Might want to try stack deploy |
|
Tested this with I've added a commit that uses cc @dnephin |
There was a problem hiding this comment.
@aaronlehmann shouldn't we share the ctx context.Context here too ? 👼
There was a problem hiding this comment.
@aaronlehmann I would rather avoid the boolean arg and just pass the ClientVersion here, and handle the condition inside the func.
|
@aaronlehmann #31714 is merged now. pls rebase |
|
Code LGTM. Avoid filling deprecated |
f5886bd to
ba14cfa
Compare
|
Rebased and addressed comments. |
There was a problem hiding this comment.
Sorry, I'm -1 on this change and on #32060 in general. The engine API handles this already so that every client doesn't need to handle it.
I also don't think that the convert code should be making API calls.
There was a problem hiding this comment.
The client is preparing a spec here, which serves as configuration for the service. It's quite unexpected for the engine to be rewriting the spec before storing it. I see it as a analagous to docker compose up rewriting the compose file on disk.
In theory this change could be split out to a different PR, but I feel strongly that we shouldn't be relying on the engine to magically rewrite the service's configuration, which is supposed to be completely determined by the client. We're effectively overloading a field that's defined to contain a network ID, and saying that it's okay to put a network name there in certain cases, because that field will be rewritten before it's acted upon.
More details in #32060 (comment)
There was a problem hiding this comment.
If it's an issue, can we go ahead and split it out?
Also we can probably optimize this by hitting NetworkList with filters for the network names.
There was a problem hiding this comment.
I see it as a analagous to docker
compose uprewriting the compose file on disk.
I don't really see it that way. The user controlled data is the command line they run. Either way "something" takes the names they provide and turns them into IDs. What does it matter to the user if that's done in the client or the daemon?
If it's done in the client then every single API user has to duplicate the lookup logic.
Is there any practical advantage to doing it in the engine client vs the daemon (which is acting the swarmkit client)?
There was a problem hiding this comment.
The input is already a slice, why do we need to sort them?
If the order isn't relevant then the server which processes this data should perform a sort before operating on it.
There was a problem hiding this comment.
Arguably you have a point here. We sort these so that the manager won't see two tasks with the same set of networks as different. Right now the manager is doing a simple reflect.DeepEqual on the TaskSpec. Ideally, the manager would do this comparison in a smarter way. That said, an order-insensitive comparison might end up being inefficient. We might have to pay the overhead of sorting on every comparison. But reflect is very inefficient to begin with, so extra overhead from sorting may be comparatively small.
Since this would be a somewhat tangential change in swarmkit, I suggest that we leave in the sort for the moment, and consider removing the need for it through a separate change. Feel free to open an issue and assign it to me.
There was a problem hiding this comment.
Wouldn't also be less overhead for the server if the slice is pre-sorted, since it won't have to actually move anything around even if it does call sort?
There was a problem hiding this comment.
d.Cmd() needs to be deprecated, please use d.Command() which provides better errors messages and less verbose test cases.
There was a problem hiding this comment.
Could we pass in just the version string instead of the entire client?
I believe that's what was meant by #32062 (comment)
There was a problem hiding this comment.
Changed to pass the version string
There was a problem hiding this comment.
Context should be passed in (if it's going to be used), but I think we should be using names not ids here.
There was a problem hiding this comment.
It's necessary for this function to make API calls. Even if translation from network names to network IDs is done in the engine, as you prefer, it is done before the service is stored. When the service is retrieved from the manager NetworkAttachmentConfig.Target will contain an ID. If a user tries to remove a network by name, the name needs to be resolved to an ID so that the appropriate NetworkAttachmentConfig can be removed.
|
I tested manually on |
ba14cfa to
540217c
Compare
|
@aaronlehmann needs a rebase 👼 🙇 |
540217c to
ec010b4
Compare
|
Rebased |
|
ping @dnephin: Is the switch from submitting network names on the client side to using network IDs still a concern? The issue about client side vs. server side sorting is being handled in moby/swarmkit#2065, but I don't expect that will make 17.05 at this point. |
|
Started doing some testing Init swarm, create two networks, the second having the first one's ID as name (heh, Create a service, attaching to network by ID: That looks right 👍 I did notice this (network name nor ID is no longer in Remove the network from the service (looks OK); Doing again, but by "name"; Here also, the network name as specified by the user is not to be found: |
|
The original (as specified by the user) name of the network to not be included in the spec is a regression from 17.03/17.04. I think we should preserve both a name and an ID somewhere in the spec (ideally, in such a way that the relation is clear). edit I see the comment here https://github.com/docker/docker/pull/32062/files#diff-dc2678e1e65c05f198d9b84656ed2f00R139 that
|
|
Combine That's not correct; we should do |
|
FWIW, I did a similar change for "secrets"; #29802 |
Yes, if I run in docker 17.04, I see the network name in service inspect. I think that's useful information to have because as a used, I'd be interested in what networks my services are connected to |
Oh, I think this is because the old CLI code wrote to both the deprecated field and the non-deprecated field. The code in the engine that translates an ID to a name would only translate the non-deprecated field if both were present. So you would still see the name in the deprecated field. |
I'm talking about the API behavior, not the CLI behavior. And the PR doesn't change the API's behavior (to preserve backward compatibility), but I think it's better not to rely on this behavior and be explicit about submitting IDs in places that really should have IDs. |
2284638 to
4bcd9d3
Compare
|
@thaJeztah: I've updated the CLI to apply network removals before network additions. However, I noticed that for everything except secrets, we seem to use the opposite approach. So if you feel this is wrong, we should have a separate PR that fixes these cases. Feel free to open an issue. As for visibility of network names, the object model is defined so that tasks reference networks by IDs. The fact that a network name was appearing the spec before was an error caused by the daemon only rewriting one of the two fields the CLI inserted (another reason I'm not a fan of rewriting fields in the daemon). I propose that |
4bcd9d3 to
061fcb8
Compare
Actually, I decided to add it to this PR, since I realized |
Resolve networks IDs on the client side. Avoid filling in deprecated Spec.Networks field. Sort networks in the TaskSpec for update stability. Add an integration test for changing service networks. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This is the non-deprecated field, and the one that can be changed in a service update. Since old daemon versions don't allow migrating from one field to the other, make this conditional on the API version. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
061fcb8 to
56f1da7
Compare
|
thanks! that satisfies my concerns; not able to review code right now, but if it has enough LGTM's, don't let me stop this |
thaJeztah
left a comment
There was a problem hiding this comment.
LGTM, thanks!
As a follow up, we could consider adding the names to the "non-pretty" case as well, for people that want to use --format to print names 😃
…ments Support service network attachment changes
--network-addand--network-rmoptions todocker service updateSpec.NetworksfieldTaskSpecfor update stabilityFixes #28247
cc @dhiltgen @mavenugo @aluzzardi @yongtang