an [abandoned] attempt to slice out the docker/docker/pkg package
bc71145164
When firewalld (or iptables service) restarts/reloads, all previously added docker firewall rules are flushed. With firewalld we can react to its Reloaded() [1] D-Bus signal and recreate the firewall rules. Also when firewalld gets restarted (stopped & started) we can catch the NameOwnerChanged signal [2]. To specify which signals we want to react to we use AddMatch [3]. Libvirt has been doing this for quite a long time now. Docker changes firewall rules on basically 3 places. 1) daemon/networkdriver/portmapper/mapper.go - port mappings Portmapper fortunatelly keeps list of mapped ports, so we can easily recreate firewall rules on firewalld restart/reload New ReMapAll() function does that 2) daemon/networkdriver/bridge/driver.go When setting a bridge, basic firewall rules are created. This is done at once during start, it's parametrized and nowhere tracked so how can one know what and how to set it again when there's been firewalld restart/reload ? The only solution that came to my mind is using of closures [4], i.e. I keep list of references to closures (anonymous functions together with a referencing environment) and when there's firewalld restart/reload I re-call them in the same order. 3) links/links.go - linking containers Link is added in Enable() and removed in Disable(). In Enable() we add a callback function, which creates the link, that's OK so far. It'd be ideal if we could remove the same function from the list in Disable(). Unfortunatelly that's not possible AFAICT, because we don't know the reference to that function at that moment, so we can only add a reference to function, which removes the link. That means that after creating and removing a link there are 2 functions in the list, one adding and one removing the link and after firewalld restart/reload both are called. It works, but it's far from ideal. [1] https://jpopelka.fedorapeople.org/firewalld/doc/firewalld.dbus.html#FirewallD1.Signals.Reloaded [2] http://dbus.freedesktop.org/doc/dbus-specification.html#bus-messages-name-owner-changed [3] http://dbus.freedesktop.org/doc/dbus-specification.html#message-bus-routing-match-rules [4] https://en.wikipedia.org/wiki/Closure_%28computer_programming%29 Signed-off-by: Jiri Popelka <jpopelka@redhat.com> |
||
|---|---|---|
| archive | ||
| broadcastwriter | ||
| chrootarchive | ||
| devicemapper | ||
| directory | ||
| etchosts | ||
| fileutils | ||
| graphdb | ||
| homedir | ||
| httputils | ||
| ioutils | ||
| iptables | ||
| jsonlog | ||
| jsonmessage | ||
| listenbuffer | ||
| mflag | ||
| mount | ||
| namesgenerator | ||
| parsers | ||
| pidfile | ||
| pools | ||
| progressreader | ||
| promise | ||
| proxy | ||
| pubsub | ||
| reexec | ||
| requestdecorator | ||
| resolvconf | ||
| signal | ||
| stdcopy | ||
| streamformatter | ||
| stringid | ||
| stringutils | ||
| symlink | ||
| sysinfo | ||
| system | ||
| systemd | ||
| tailfile | ||
| tarsum | ||
| term | ||
| timeoutconn | ||
| timeutils | ||
| truncindex | ||
| ulimit | ||
| units | ||
| urlutil | ||
| version | ||
| README.md | ||
pkg/ is a collection of utility packages used by the Docker project without being specific to its internals.
Utility packages are kept separate from the docker core codebase to keep it as small and concise as possible. If some utilities grow larger and their APIs stabilize, they may be moved to their own repository under the Docker organization, to facilitate re-use by other projects. However that is not the priority.
The directory pkg is named after the same directory in the camlistore project. Since Brad is a core
Go maintainer, we thought it made sense to copy his methods for organizing Go code :) Thanks Brad!
Because utility packages are small and neatly separated from the rest of the codebase, they are a good place to start for aspiring maintainers and contributors. Get in touch if you want to help maintain them!