Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Service registration for IPv6 docker addresses (Fixes #3785) #3790

Merged
merged 7 commits into from
Feb 6, 2018
Merged

Service registration for IPv6 docker addresses (Fixes #3785) #3790

merged 7 commits into from
Feb 6, 2018

Conversation

42wim
Copy link
Contributor

@42wim 42wim commented Jan 24, 2018

This adds a use_ipv6_address boolean which allows IPv6 docker containers to be registered using the service stanza.

An example job on how to configure this can be seen below. Documentation has been updated too.

job "example" {
  datacenters = ["dc1"]
  group "cache" {

    task "redis" {
      driver = "docker"

      config {
        image = "redis:3.2"
        use_ipv6_address = true
        # No port map required!
      }

      resources {
        cpu    = 500 # 500 MHz
        memory = 256 # 256MB
        network {
          mbits = 10
        }
      }

      service {
        name = "ipv6-redis"
        port = 6379
        address_mode = "driver"
        check {
          name     = "ipv6-redis-check"
          type     = "tcp"
          interval = "10s"
          timeout  = "2s"
          port     = 6379
          address_mode = "driver"
        }
      }
    }
  }
}

@42wim 42wim mentioned this pull request Jan 30, 2018
Closed
schmichael
schmichael reviewed Jan 31, 2018
View reviewed changes
Copy link
Member

@schmichael schmichael left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great PR! Are you able to add a test to docker_test.go or does that require properly configuring ipv6 and dockerd on the host running the tests?

website/source/docs/drivers/docker.html.md Outdated
@@ -355,6 +355,11 @@ The `docker` driver supports the following configuration in the job spec. Only
]
}
```
* `use_ipv6_address` - (Optional) `true` or `false` (default). Use IPv6 Address
will use the containers IPv6 address (GlobalIPv6Address) when registering service checks and using
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use the container's IPv6 address (GlobalIPv6Address in Docker) when registering ...

client/driver/docker.go Outdated
@@ -884,6 +888,9 @@ func (d *DockerDriver) detectIP(c *docker.Container) (string, bool) {
}

ip = net.IPAddress
if d.driverConfig.UseIPv6Address {
ip = net.GlobalIPv6Address
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, it seems like we probably want to set auto = true here as well. While this complicates the already unfortunately confusing advertise = "auto" logic, I think it will do what users expect by automatically advertising the routable address for the container when it's possible to discover it.

Perhaps a better question is: It should be exceedingly rare that someone wants use_ipv6_address = true and advertise = "host", correct?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(this has been addressed; leaving for historical purposes)

website/source/docs/job-specification/service.html.md Outdated
@@ -104,6 +104,9 @@ does not automatically enable service discovery.
`address_mode="driver"`. Numeric ports may be used when in driver addressing
mode.

Docker and IPv6 containers: This setting is required if you want to register
the port of the (IPv6) service. See [below for examples.](#IPv6 docker containers)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we set auto=true when use_ipv6_address=true this will no longer be necessary.

website/source/docs/job-specification/service.html.md Outdated
@@ -463,6 +477,62 @@ In this case Nomad doesn't need to assign Redis any host ports. The `service`
and `check` stanzas can both specify the port number to advertise and check
directly since Nomad isn't managing any port assignments.

### IPv6 docker containers
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

docker -> Docker

@schmichael
Copy link
Member

Discussed it internally and unless you have some concerns I think setting auto=true when advertising an IPv6 address is desired.

Since Nomad only uses this address in service advertisements and checks:

  1. Document that use_ipv6_address is only allowed with auto or container mode and has no effect otherwise
  2. Change the name to be advertise_ipv6_address to make it clear it only affects the service {...} stanza

@42wim
Copy link
Contributor Author

42wim commented Jan 31, 2018
edited
Loading

Regarding the docker_test, yes it needs ipv6=true and fixed-cidr-v6 settings to dockerd.

Well the downside of using address_mode="auto" is that you need to specify a lot of extra config.
I think the address_mode=driver is easier to understand.

But setting auto=true doesn't exclude the address_mode=driver config from working.

See below for both examples.
Which of those examples do you want as the example in the documentation ? or both ?

task "foo" {
      driver = "docker"
      config {
           advertise_ipv6_address = true
      }
      service {
        address_mode = "driver"
        name = "myservice"
        port = 80
        check {
            address_mode = "driver"
            type     = "http"
            path     = "/"
            port     = 80
            interval = "10s"
            timeout  = "2s"
        }
      }
}

task "foo" {
      driver = "docker"
      config {
          advertise_ipv6_address = true
          port_map {
               http = 80
          }
      }
      resources {
        ....
        network {
          port "http" {}
        }
      }
      service {
        name = "myservice"
        port = "http"
        check {
            address_mode = "driver"
            type     = "http"
            path     = "/"
            port     = "http"
            interval = "10s"
            timeout  = "2s"
        }
      }
}

@42wim
* Change use_ipv6_address to advertise_ipv6_address.
dea460b 
* Set autoadvertise to true.
* Update documentation.
@42wim
Copy link
Contributor Author

42wim commented Jan 31, 2018

Updated with the changes from your feedback.
For now with 2 examples :)

schmichael
schmichael reviewed Feb 1, 2018
View reviewed changes
Copy link
Member

@schmichael schmichael left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So no hope of a portable test?

website/source/docs/job-specification/service.html.md Outdated
The [Docker](/docs/drivers/docker.html#use_ipv6_address) driver support the
`use_ipv6_address` parameter in it's configuration.
For the `service`stanza is no explicit `address_mode` required.
Services default to the `auto` address mode.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Services will automatically advertise the IPv6 address when advertise_ipv6_address is used.

@42wim
Copy link
Contributor Author

42wim commented Feb 1, 2018
edited
Loading

So I've added some extra commits.

  • Update documentation with your latest feedback
  • IPv6 support to travis docker, -cross my fingers-
  • A test which checks the AutoAdvertise and the returned IP.
    The returned IP is only prefix checked, because were not sure what IP docker will use for the container, but we can be pretty sure it's something out of 2001:db8:1::242:ac11:0/112

On my local vagrant setup this test works, we'll see if travis succeeds.

@schmichael
Copy link
Member

Looks fantastic! Thanks for sticking with this @42wim! I pushed a small test tweak to skip the test on hosts without IPv6 enabled but otherwise will merge once Travis goes green again!

@schmichael schmichael merged commit 0a806f6 into hashicorp:master Feb 6, 2018
@schmichael
Copy link
Member

💥 Merged 🎈 Thanks again @42wim!

schmichael added a commit to schmichael/nomad that referenced this pull request Feb 14, 2018
@schmichael
Add changelog entry for hashicorp#3790
ff26185
@tsujp
Copy link

tsujp commented Oct 1, 2019
edited
Loading

Whoops I appear to have commented on the PR instead of the issue, please find my comment on the issue for this PR here #3785

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 30, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@schmichael schmichael schmichael left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@42wim @schmichael @tsujp