daemon: return an InvalidParameter error when ep settings are wrong #47159
Conversation
Since v25.0 (commit ff50388), we validate endpoint settings when containers are created, instead of doing so when containers are started. However, a container created prior to that release would still trigger validation error at start-time. In such case, the API returns a 500 status code because the Go error isn't wrapped into an InvalidParameter error. This is now fixed. Signed-off-by: Albin Kerouanton <albinker@gmail.com>
akerouanton
added
status/2-code-review
area/networking
area/daemon
kind/bugfix
Hm.. it's unexpected for an existing container to no longer start; can we add a migration step to fix the container when upgrading from a previous version? Similar to the migration step that was added in #46926 for the (now removed) logentries logging driver? |
|
@akerouanton or @robmry could one of you open a cherry-pick for the 25.0 branch? |
Discussed internally -- I don't think any existing container would no longer start. It's rather that, it's now impossible to create a container with an invalid container. When network config |
|
@akerouanton Did that container start in v24, or did it fail to start? (wondering if the validation rules changed between v24 and v25; perhaps the logic (validate on start) is the same, but if the validation rules changed 🤔) |
|
@thaJeztah There might be -- I'm waiting for more details on docker/for-linux#1481. If that's the case, I agree we need to either fix the validation or add some migration logic. I'll open a backport. |
|
This validation logic has another unintended side-effect for Docker Swarm users, I think. We have a Docker Swarm cluster with the wrong subnet config of 10.0.0.1/16. I think this needs to be cleaned up, but it would be nice to leave an upgrade path for everyone that has a cluster with a slightly broken (but working) config. |
|
@s4ke Thanks for reporting. Could you please open a ticket describing how this issue manifests, etc...? |
|
Is it in that case that swarm has a service with an invalid config stored, which now fails (i.e. if it tries to (re)create tasks from that config, it fails? 🤔 |
|
@thaJeztah Exactly that. I am currently in the process of recreating at least part of our clusters, but I think that we are not the only people running into this. Sadly we have had this error also in our swarmsible repo (https://github.com/neuroforgede/swarmsible), so anyone that is using this will have run into the same issue as the examples there were wrong, but that is not your problem :) |
|
Do you know what option is invalid? (curious if this is something we could adjust for if the container is created through the SwarmKit executor) |
|
You mean the exact field in the service spec? EDIT: just checked. The service spec nor the output of docker inspect does not mention anything regarding the subnet config. This issue stems from the ingress creation that was done wrong: |
- What I did
Since v25.0 (commit ff50388), we validate endpoint settings when containers are created, instead of doing so when containers are started. However, a container created prior to that release would still trigger validation error at start-time. In such case, the API returns a 500 status code because the Go error isn't wrapped into an InvalidParameter error. This is now fixed.
- How to verify it
- A picture of a cute animal (not mandatory but encouraged)