Move iptables check out of runtime init() to separate function

Due to the iptables package being `init`ed at start of the docker
runtime, this means the iptables --wait command listing all rules
is run, no matter if the command is simply "docker -h".  It makes
more sense to both locate the iptables command and check for the
wait flag support at the time iptables is actually used, as it
may not be used at all if certain network support is off/configured
differently.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
This commit is contained in:
Phil Estes 2015-01-20 18:05:39 -05:00
parent bfb4954a1f
commit 3ffffc0cff

View file

@ -24,6 +24,7 @@ const (
) )
var ( var (
iptablesPath string
supportsXlock = false supportsXlock = false
ErrIptablesNotFound = errors.New("Iptables not found") ErrIptablesNotFound = errors.New("Iptables not found")
) )
@ -43,8 +44,17 @@ func (e *ChainError) Error() string {
return fmt.Sprintf("Error iptables %s: %s", e.Chain, string(e.Output)) return fmt.Sprintf("Error iptables %s: %s", e.Chain, string(e.Output))
} }
func init() { func initCheck() error {
supportsXlock = exec.Command("iptables", "--wait", "-L", "-n").Run() == nil
if iptablesPath == "" {
path, err := exec.LookPath("iptables")
if err != nil {
return ErrIptablesNotFound
}
iptablesPath = path
supportsXlock = exec.Command(iptablesPath, "--wait", "-L", "-n").Run() == nil
}
return nil
} }
func NewChain(name, bridge string, table Table) (*Chain, error) { func NewChain(name, bridge string, table Table) (*Chain, error) {
@ -258,18 +268,17 @@ func Exists(args ...string) bool {
// Call 'iptables' system command, passing supplied arguments // Call 'iptables' system command, passing supplied arguments
func Raw(args ...string) ([]byte, error) { func Raw(args ...string) ([]byte, error) {
path, err := exec.LookPath("iptables")
if err != nil {
return nil, ErrIptablesNotFound
}
if err := initCheck(); err != nil {
return nil, err
}
if supportsXlock { if supportsXlock {
args = append([]string{"--wait"}, args...) args = append([]string{"--wait"}, args...)
} }
log.Debugf("%s, %v", path, args) log.Debugf("%s, %v", iptablesPath, args)
output, err := exec.Command(path, args...).CombinedOutput() output, err := exec.Command(iptablesPath, args...).CombinedOutput()
if err != nil { if err != nil {
return nil, fmt.Errorf("iptables failed: iptables %v: %s (%s)", strings.Join(args, " "), output, err) return nil, fmt.Errorf("iptables failed: iptables %v: %s (%s)", strings.Join(args, " "), output, err)
} }