vbatts/pkg
1
0
Fork 0
Code Pull requests Releases Activity

pkg: listeners: move Docker-specific semantics to docker/daemon*

Browse source 
Since there are other users of pkg/listeners, it doesn't make sense to
contain Docker-specific semantics and warnings inside it. To that end,
move the scary warning about -tlsverify and the libnetwork port
allocation code to CmdDaemon (where they belong). This helps massively
reduce the dependency tree for users of pkg/listeners.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
This commit is contained in:
Aleksa Sarai 2016-04-09 16:49:33 +10:00
parent a169fa0424
commit 31576ed72b
3 changed files with 14 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
listeners/listeners.go
View file

@ -1,24 +0,0 @@
package listeners
import (
"crypto/tls"
"net"
"github.com/Sirupsen/logrus"
"github.com/docker/go-connections/sockets"
)
func initTCPSocket(addr string, tlsConfig *tls.Config) (l net.Listener, err error) {
if tlsConfig == nil || tlsConfig.ClientAuth != tls.RequireAndVerifyClientCert {
// TODO: Move this outside pkg/listeners since it's Docker-specific.
// ... and slightly scary.
logrus.Warn("/!\\ DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\")
}
if l, err = sockets.NewTCPSocket(addr, tlsConfig); err != nil {
return nil, err
}
if err := allocateDaemonPort(addr); err != nil {
return nil, err
}
return
}

44
listeners/listeners_unix.go
View file

@ -11,19 +11,22 @@ import (
"github.com/Sirupsen/logrus" "github.com/Sirupsen/logrus"
"github.com/coreos/go-systemd/activation" "github.com/coreos/go-systemd/activation"
"github.com/docker/go-connections/sockets" "github.com/docker/go-connections/sockets"
"github.com/docker/libnetwork/portallocator"
) )
// Init creates new listeners for the server. // Init creates new listeners for the server.
func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) (ls []net.Listener, err error) { // TODO: Clean up the fact that socketGroup and tlsConfig aren't always used.
func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) ([]net.Listener, error) {
ls := []net.Listener{}
switch proto { switch proto {
case "fd": case "fd":
ls, err = listenFD(addr, tlsConfig) fds, err := listenFD(addr, tlsConfig)
if err != nil { if err != nil {
return nil, err return nil, err
} }
ls = append(ls, fds...)
case "tcp": case "tcp":
l, err := initTCPSocket(addr, tlsConfig) l, err := sockets.NewTCPSocket(addr, tlsConfig)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -38,7 +41,7 @@ func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) (ls []net.List
return nil, fmt.Errorf("invalid protocol format: %q", proto) return nil, fmt.Errorf("invalid protocol format: %q", proto)
} }
return return ls, nil
} }
// listenFD returns the specified socket activated files as a slice of // listenFD returns the specified socket activated files as a slice of
@ -89,34 +92,3 @@ func listenFD(addr string, tlsConfig *tls.Config) ([]net.Listener, error) {
} }
return []net.Listener{listeners[fdOffset]}, nil return []net.Listener{listeners[fdOffset]}, nil
} }
// allocateDaemonPort ensures that there are no containers
// that try to use any port allocated for the docker server.
// TODO: Move this outside pkg/listeners since it's Docker-specific, and requires
// libnetwork which increases the dependency tree quite drastically.
func allocateDaemonPort(addr string) error {
host, port, err := net.SplitHostPort(addr)
if err != nil {
return err
}
intPort, err := strconv.Atoi(port)
if err != nil {
return err
}
var hostIPs []net.IP
if parsedIP := net.ParseIP(host); parsedIP != nil {
hostIPs = append(hostIPs, parsedIP)
} else if hostIPs, err = net.LookupIP(host); err != nil {
return fmt.Errorf("failed to lookup %s address in host specification", host)
}
pa := portallocator.Get()
for _, hostIP := range hostIPs {
if _, err := pa.RequestPort(hostIP, "tcp", intPort); err != nil {
return fmt.Errorf("failed to allocate daemon listening port %d (err: %v)", intPort, err)
}
}
return nil
}

15
listeners/listeners_windows.go
View file

@ -7,13 +7,16 @@ import (
"strings" "strings"
"github.com/Microsoft/go-winio" "github.com/Microsoft/go-winio"
"github.com/docker/go-connections/sockets"
) )
// Init creates new listeners for the server. // Init creates new listeners for the server.
func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) (ls []net.Listener, err error) { func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) ([]net.Listener, error) {
ls := []net.Listener{}
switch proto { switch proto {
case "tcp": case "tcp":
l, err := initTCPSocket(addr, tlsConfig) l, err := sockets.NewTCPSocket(addr, tlsConfig)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -47,11 +50,5 @@ func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) (ls []net.List
return nil, fmt.Errorf("invalid protocol format: windows only supports tcp and npipe") return nil, fmt.Errorf("invalid protocol format: windows only supports tcp and npipe")
} }
return return ls, nil
}
// allocateDaemonPort ensures that there are no containers
// that try to use any port allocated for the docker server.
func allocateDaemonPort(addr string) error {
return nil
} }