[25.0] daemon: rename: don't reload endpoint from datastore #47196
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
akerouanton
added
status/2-code-review
area/networking
area/daemon
kind/bugfix
akerouanton
changed the title
thaJeztah
reviewed
Jan 23, 2024
| @@ -1276,8 +1276,8 @@ func (n *Network) EndpointByName(name string) (*Endpoint, error) { | |||
| return e, nil | |||
| } | |||
|
|
|||
| // EndpointByID returns the Endpoint which has the passed id. If not found, | |||
| // the error ErrNoSuchEndpoint is returned. | |||
| // EndpointByID should *never* be called as it's going to create a 2nd instance of an Endpoint. The first one lives in | |||
There was a problem hiding this comment.
🫠🫠🫠 So I guess we must delete this function in a follow-up?
corhere
requested changes
Jan 23, 2024
|
yeah, let's move to draft for now |
akerouanton
force-pushed
the
25.0-fix-multiple-rename-error
branch
from
dd873e1
to
eab40d1
Compare
Commit 8b7af1d added some code to update the DNSNames of all endpoints attached to a sandbox by loading a new instance of each affected endpoints from the datastore through a call to `Network.EndpointByID()`. This method then calls `Network.getEndpointFromStore()`, that in turn calls `store.GetObject()`, which then calls `cache.get()`, which calls `o.CopyTo(kvObject)`. This effectively creates a fresh new instance of an Endpoint. However, endpoints are already kept in memory by Sandbox, meaning we now have two in-memory instances of the same Endpoint. As it turns out, libnetwork is built around the idea that no two objects representing the same thing should leave in-memory, otherwise breaking mutex locking and optimistic locking (as both instances will have a drifting version tracking ID -- dbIndex in libnetwork parliance). In this specific case, this bug materializes by container rename failing when applied a second time for a given container. An integration test is added to make sure this won't happen again. Signed-off-by: Albin Kerouanton <albinker@gmail.com> (cherry picked from commit 80c44b4) Signed-off-by: Albin Kerouanton <albinker@gmail.com>
akerouanton
force-pushed
the
25.0-fix-multiple-rename-error
branch
from
eab40d1
to
5295e88
Compare
corhere
approved these changes
Jan 23, 2024
robmry
approved these changes
Jan 23, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
- What I did
Commit 8b7af1d added some code to update the DNSNames of all endpoints attached to a sandbox by loading a new instance of each affected endpoints from the datastore through a call to
Network.EndpointByID().This method then calls
Network.getEndpointFromStore(), that in turn callsstore.GetObject(), which then callscache.get(), which callso.CopyTo(kvObject). This effectively creates a fresh new instance of an Endpoint. However, endpoints are already kept in memory by Sandbox, meaning we now have two in-memory instances of the same Endpoint.As it turns out, libnetwork is built around the idea that no two objects representing the same thing should leave in-memory, otherwise breaking mutex locking and optimistic locking (as both instances will have a drifting version tracking ID -- dbIndex in libnetwork parliance).
In this specific case, this bug materializes by container rename failing when applied a second time for a given container. An integration test is added to make sure this doesn't happen in the future.
- How I did it
This is a quick-fix; instead of loading endpoints through
Network.EndpointByID(),Sandbox.getEndpoint()was made public and is now used. I also added a comment onNetwork.EndpointByID()saying this method should never be used -- and actually it should be removed in a follow-up.We should also probably look more closely to the way the datastore, its caching layer, etc... are used and implemented. (see this comment: #47195 (comment)).
- How to verify it
I added an integration test to test that
docker renamecan be called multiple times for the same container.- Description for the changelog