github.com/cwandrews/docker@v1.7.0/integration-cli/docker_cli_daemon_test.go (about) 1 // +build daemon 2 3 package main 4 5 import ( 6 "encoding/json" 7 "fmt" 8 "io/ioutil" 9 "net" 10 "os" 11 "os/exec" 12 "path/filepath" 13 "regexp" 14 "strconv" 15 "strings" 16 "time" 17 18 "github.com/docker/libnetwork/iptables" 19 "github.com/docker/libtrust" 20 "github.com/go-check/check" 21 ) 22 23 func (s *DockerDaemonSuite) TestDaemonRestartWithRunningContainersPorts(c *check.C) { 24 if err := s.d.StartWithBusybox(); err != nil { 25 c.Fatalf("Could not start daemon with busybox: %v", err) 26 } 27 28 if out, err := s.d.Cmd("run", "-d", "--name", "top1", "-p", "1234:80", "--restart", "always", "busybox:latest", "top"); err != nil { 29 c.Fatalf("Could not run top1: err=%v\n%s", err, out) 30 } 31 // --restart=no by default 32 if out, err := s.d.Cmd("run", "-d", "--name", "top2", "-p", "80", "busybox:latest", "top"); err != nil { 33 c.Fatalf("Could not run top2: err=%v\n%s", err, out) 34 } 35 36 testRun := func(m map[string]bool, prefix string) { 37 var format string 38 for cont, shouldRun := range m { 39 out, err := s.d.Cmd("ps") 40 if err != nil { 41 c.Fatalf("Could not run ps: err=%v\n%q", err, out) 42 } 43 if shouldRun { 44 format = "%scontainer %q is not running" 45 } else { 46 format = "%scontainer %q is running" 47 } 48 if shouldRun != strings.Contains(out, cont) { 49 c.Fatalf(format, prefix, cont) 50 } 51 } 52 } 53 54 testRun(map[string]bool{"top1": true, "top2": true}, "") 55 56 if err := s.d.Restart(); err != nil { 57 c.Fatalf("Could not restart daemon: %v", err) 58 } 59 testRun(map[string]bool{"top1": true, "top2": false}, "After daemon restart: ") 60 } 61 62 func (s *DockerDaemonSuite) TestDaemonRestartWithVolumesRefs(c *check.C) { 63 if err := s.d.StartWithBusybox(); err != nil { 64 c.Fatal(err) 65 } 66 67 if out, err := s.d.Cmd("run", "-d", "--name", "volrestarttest1", "-v", "/foo", "busybox"); err != nil { 68 c.Fatal(err, out) 69 } 70 if err := s.d.Restart(); err != nil { 71 c.Fatal(err) 72 } 73 if _, err := s.d.Cmd("run", "-d", "--volumes-from", "volrestarttest1", "--name", "volrestarttest2", "busybox", "top"); err != nil { 74 c.Fatal(err) 75 } 76 if out, err := s.d.Cmd("rm", "-fv", "volrestarttest2"); err != nil { 77 c.Fatal(err, out) 78 } 79 v, err := s.d.Cmd("inspect", "--format", "{{ json .Volumes }}", "volrestarttest1") 80 if err != nil { 81 c.Fatal(err) 82 } 83 volumes := make(map[string]string) 84 json.Unmarshal([]byte(v), &volumes) 85 if _, err := os.Stat(volumes["/foo"]); err != nil { 86 c.Fatalf("Expected volume to exist: %s - %s", volumes["/foo"], err) 87 } 88 } 89 90 func (s *DockerDaemonSuite) TestDaemonStartIptablesFalse(c *check.C) { 91 if err := s.d.Start("--iptables=false"); err != nil { 92 c.Fatalf("we should have been able to start the daemon with passing iptables=false: %v", err) 93 } 94 } 95 96 // Issue #8444: If docker0 bridge is modified (intentionally or unintentionally) and 97 // no longer has an IP associated, we should gracefully handle that case and associate 98 // an IP with it rather than fail daemon start 99 func (s *DockerDaemonSuite) TestDaemonStartBridgeWithoutIPAssociation(c *check.C) { 100 // rather than depending on brctl commands to verify docker0 is created and up 101 // let's start the daemon and stop it, and then make a modification to run the 102 // actual test 103 if err := s.d.Start(); err != nil { 104 c.Fatalf("Could not start daemon: %v", err) 105 } 106 if err := s.d.Stop(); err != nil { 107 c.Fatalf("Could not stop daemon: %v", err) 108 } 109 110 // now we will remove the ip from docker0 and then try starting the daemon 111 ipCmd := exec.Command("ip", "addr", "flush", "dev", "docker0") 112 stdout, stderr, _, err := runCommandWithStdoutStderr(ipCmd) 113 if err != nil { 114 c.Fatalf("failed to remove docker0 IP association: %v, stdout: %q, stderr: %q", err, stdout, stderr) 115 } 116 117 if err := s.d.Start(); err != nil { 118 warning := "**WARNING: Docker bridge network in bad state--delete docker0 bridge interface to fix" 119 c.Fatalf("Could not start daemon when docker0 has no IP address: %v\n%s", err, warning) 120 } 121 } 122 123 func (s *DockerDaemonSuite) TestDaemonIptablesClean(c *check.C) { 124 if err := s.d.StartWithBusybox(); err != nil { 125 c.Fatalf("Could not start daemon with busybox: %v", err) 126 } 127 128 if out, err := s.d.Cmd("run", "-d", "--name", "top", "-p", "80", "busybox:latest", "top"); err != nil { 129 c.Fatalf("Could not run top: %s, %v", out, err) 130 } 131 132 // get output from iptables with container running 133 ipTablesSearchString := "tcp dpt:80" 134 ipTablesCmd := exec.Command("iptables", "-nvL") 135 out, _, err := runCommandWithOutput(ipTablesCmd) 136 if err != nil { 137 c.Fatalf("Could not run iptables -nvL: %s, %v", out, err) 138 } 139 140 if !strings.Contains(out, ipTablesSearchString) { 141 c.Fatalf("iptables output should have contained %q, but was %q", ipTablesSearchString, out) 142 } 143 144 if err := s.d.Stop(); err != nil { 145 c.Fatalf("Could not stop daemon: %v", err) 146 } 147 148 // get output from iptables after restart 149 ipTablesCmd = exec.Command("iptables", "-nvL") 150 out, _, err = runCommandWithOutput(ipTablesCmd) 151 if err != nil { 152 c.Fatalf("Could not run iptables -nvL: %s, %v", out, err) 153 } 154 155 if strings.Contains(out, ipTablesSearchString) { 156 c.Fatalf("iptables output should not have contained %q, but was %q", ipTablesSearchString, out) 157 } 158 } 159 160 func (s *DockerDaemonSuite) TestDaemonIptablesCreate(c *check.C) { 161 if err := s.d.StartWithBusybox(); err != nil { 162 c.Fatalf("Could not start daemon with busybox: %v", err) 163 } 164 165 if out, err := s.d.Cmd("run", "-d", "--name", "top", "--restart=always", "-p", "80", "busybox:latest", "top"); err != nil { 166 c.Fatalf("Could not run top: %s, %v", out, err) 167 } 168 169 // get output from iptables with container running 170 ipTablesSearchString := "tcp dpt:80" 171 ipTablesCmd := exec.Command("iptables", "-nvL") 172 out, _, err := runCommandWithOutput(ipTablesCmd) 173 if err != nil { 174 c.Fatalf("Could not run iptables -nvL: %s, %v", out, err) 175 } 176 177 if !strings.Contains(out, ipTablesSearchString) { 178 c.Fatalf("iptables output should have contained %q, but was %q", ipTablesSearchString, out) 179 } 180 181 if err := s.d.Restart(); err != nil { 182 c.Fatalf("Could not restart daemon: %v", err) 183 } 184 185 // make sure the container is not running 186 runningOut, err := s.d.Cmd("inspect", "--format='{{.State.Running}}'", "top") 187 if err != nil { 188 c.Fatalf("Could not inspect on container: %s, %v", out, err) 189 } 190 if strings.TrimSpace(runningOut) != "true" { 191 c.Fatalf("Container should have been restarted after daemon restart. Status running should have been true but was: %q", strings.TrimSpace(runningOut)) 192 } 193 194 // get output from iptables after restart 195 ipTablesCmd = exec.Command("iptables", "-nvL") 196 out, _, err = runCommandWithOutput(ipTablesCmd) 197 if err != nil { 198 c.Fatalf("Could not run iptables -nvL: %s, %v", out, err) 199 } 200 201 if !strings.Contains(out, ipTablesSearchString) { 202 c.Fatalf("iptables output after restart should have contained %q, but was %q", ipTablesSearchString, out) 203 } 204 } 205 206 func (s *DockerDaemonSuite) TestDaemonLogLevelWrong(c *check.C) { 207 c.Assert(s.d.Start("--log-level=bogus"), check.NotNil, check.Commentf("Daemon shouldn't start with wrong log level")) 208 } 209 210 func (s *DockerDaemonSuite) TestDaemonLogLevelDebug(c *check.C) { 211 if err := s.d.Start("--log-level=debug"); err != nil { 212 c.Fatal(err) 213 } 214 content, _ := ioutil.ReadFile(s.d.logFile.Name()) 215 if !strings.Contains(string(content), `level=debug`) { 216 c.Fatalf(`Missing level="debug" in log file:\n%s`, string(content)) 217 } 218 } 219 220 func (s *DockerDaemonSuite) TestDaemonLogLevelFatal(c *check.C) { 221 // we creating new daemons to create new logFile 222 if err := s.d.Start("--log-level=fatal"); err != nil { 223 c.Fatal(err) 224 } 225 content, _ := ioutil.ReadFile(s.d.logFile.Name()) 226 if strings.Contains(string(content), `level=debug`) { 227 c.Fatalf(`Should not have level="debug" in log file:\n%s`, string(content)) 228 } 229 } 230 231 func (s *DockerDaemonSuite) TestDaemonFlagD(c *check.C) { 232 if err := s.d.Start("-D"); err != nil { 233 c.Fatal(err) 234 } 235 content, _ := ioutil.ReadFile(s.d.logFile.Name()) 236 if !strings.Contains(string(content), `level=debug`) { 237 c.Fatalf(`Should have level="debug" in log file using -D:\n%s`, string(content)) 238 } 239 } 240 241 func (s *DockerDaemonSuite) TestDaemonFlagDebug(c *check.C) { 242 if err := s.d.Start("--debug"); err != nil { 243 c.Fatal(err) 244 } 245 content, _ := ioutil.ReadFile(s.d.logFile.Name()) 246 if !strings.Contains(string(content), `level=debug`) { 247 c.Fatalf(`Should have level="debug" in log file using --debug:\n%s`, string(content)) 248 } 249 } 250 251 func (s *DockerDaemonSuite) TestDaemonFlagDebugLogLevelFatal(c *check.C) { 252 if err := s.d.Start("--debug", "--log-level=fatal"); err != nil { 253 c.Fatal(err) 254 } 255 content, _ := ioutil.ReadFile(s.d.logFile.Name()) 256 if !strings.Contains(string(content), `level=debug`) { 257 c.Fatalf(`Should have level="debug" in log file when using both --debug and --log-level=fatal:\n%s`, string(content)) 258 } 259 } 260 261 func (s *DockerDaemonSuite) TestDaemonAllocatesListeningPort(c *check.C) { 262 listeningPorts := [][]string{ 263 {"0.0.0.0", "0.0.0.0", "5678"}, 264 {"127.0.0.1", "127.0.0.1", "1234"}, 265 {"localhost", "127.0.0.1", "1235"}, 266 } 267 268 cmdArgs := []string{} 269 for _, hostDirective := range listeningPorts { 270 cmdArgs = append(cmdArgs, "--host", fmt.Sprintf("tcp://%s:%s", hostDirective[0], hostDirective[2])) 271 } 272 273 if err := s.d.StartWithBusybox(cmdArgs...); err != nil { 274 c.Fatalf("Could not start daemon with busybox: %v", err) 275 } 276 277 for _, hostDirective := range listeningPorts { 278 output, err := s.d.Cmd("run", "-p", fmt.Sprintf("%s:%s:80", hostDirective[1], hostDirective[2]), "busybox", "true") 279 if err == nil { 280 c.Fatalf("Container should not start, expected port already allocated error: %q", output) 281 } else if !strings.Contains(output, "port is already allocated") { 282 c.Fatalf("Expected port is already allocated error: %q", output) 283 } 284 } 285 } 286 287 func (s *DockerDaemonSuite) TestDaemonKeyGeneration(c *check.C) { 288 // TODO: skip or update for Windows daemon 289 os.Remove("/etc/docker/key.json") 290 if err := s.d.Start(); err != nil { 291 c.Fatalf("Could not start daemon: %v", err) 292 } 293 s.d.Stop() 294 295 k, err := libtrust.LoadKeyFile("/etc/docker/key.json") 296 if err != nil { 297 c.Fatalf("Error opening key file") 298 } 299 kid := k.KeyID() 300 // Test Key ID is a valid fingerprint (e.g. QQXN:JY5W:TBXI:MK3X:GX6P:PD5D:F56N:NHCS:LVRZ:JA46:R24J:XEFF) 301 if len(kid) != 59 { 302 c.Fatalf("Bad key ID: %s", kid) 303 } 304 } 305 306 func (s *DockerDaemonSuite) TestDaemonKeyMigration(c *check.C) { 307 // TODO: skip or update for Windows daemon 308 os.Remove("/etc/docker/key.json") 309 k1, err := libtrust.GenerateECP256PrivateKey() 310 if err != nil { 311 c.Fatalf("Error generating private key: %s", err) 312 } 313 if err := os.MkdirAll(filepath.Join(os.Getenv("HOME"), ".docker"), 0755); err != nil { 314 c.Fatalf("Error creating .docker directory: %s", err) 315 } 316 if err := libtrust.SaveKey(filepath.Join(os.Getenv("HOME"), ".docker", "key.json"), k1); err != nil { 317 c.Fatalf("Error saving private key: %s", err) 318 } 319 320 if err := s.d.Start(); err != nil { 321 c.Fatalf("Could not start daemon: %v", err) 322 } 323 s.d.Stop() 324 325 k2, err := libtrust.LoadKeyFile("/etc/docker/key.json") 326 if err != nil { 327 c.Fatalf("Error opening key file") 328 } 329 if k1.KeyID() != k2.KeyID() { 330 c.Fatalf("Key not migrated") 331 } 332 } 333 334 // GH#11320 - verify that the daemon exits on failure properly 335 // Note that this explicitly tests the conflict of {-b,--bridge} and {--bip} options as the means 336 // to get a daemon init failure; no other tests for -b/--bip conflict are therefore required 337 func (s *DockerDaemonSuite) TestDaemonExitOnFailure(c *check.C) { 338 //attempt to start daemon with incorrect flags (we know -b and --bip conflict) 339 if err := s.d.Start("--bridge", "nosuchbridge", "--bip", "1.1.1.1"); err != nil { 340 //verify we got the right error 341 if !strings.Contains(err.Error(), "Daemon exited and never started") { 342 c.Fatalf("Expected daemon not to start, got %v", err) 343 } 344 // look in the log and make sure we got the message that daemon is shutting down 345 runCmd := exec.Command("grep", "Error starting daemon", s.d.LogfileName()) 346 if out, _, err := runCommandWithOutput(runCmd); err != nil { 347 c.Fatalf("Expected 'Error starting daemon' message; but doesn't exist in log: %q, err: %v", out, err) 348 } 349 } else { 350 //if we didn't get an error and the daemon is running, this is a failure 351 c.Fatal("Conflicting options should cause the daemon to error out with a failure") 352 } 353 } 354 355 func (s *DockerDaemonSuite) TestDaemonBridgeExternal(c *check.C) { 356 d := s.d 357 err := d.Start("--bridge", "nosuchbridge") 358 c.Assert(err, check.NotNil, check.Commentf("--bridge option with an invalid bridge should cause the daemon to fail")) 359 defer d.Restart() 360 361 bridgeName := "external-bridge" 362 bridgeIp := "192.169.1.1/24" 363 _, bridgeIPNet, _ := net.ParseCIDR(bridgeIp) 364 365 out, err := createInterface(c, "bridge", bridgeName, bridgeIp) 366 c.Assert(err, check.IsNil, check.Commentf(out)) 367 defer deleteInterface(c, bridgeName) 368 369 err = d.StartWithBusybox("--bridge", bridgeName) 370 c.Assert(err, check.IsNil) 371 372 ipTablesSearchString := bridgeIPNet.String() 373 ipTablesCmd := exec.Command("iptables", "-t", "nat", "-nvL") 374 out, _, err = runCommandWithOutput(ipTablesCmd) 375 c.Assert(err, check.IsNil) 376 377 c.Assert(strings.Contains(out, ipTablesSearchString), check.Equals, true, 378 check.Commentf("iptables output should have contained %q, but was %q", 379 ipTablesSearchString, out)) 380 381 _, err = d.Cmd("run", "-d", "--name", "ExtContainer", "busybox", "top") 382 c.Assert(err, check.IsNil) 383 384 containerIp := d.findContainerIP("ExtContainer") 385 ip := net.ParseIP(containerIp) 386 c.Assert(bridgeIPNet.Contains(ip), check.Equals, true, 387 check.Commentf("Container IP-Address must be in the same subnet range : %s", 388 containerIp)) 389 } 390 391 func createInterface(c *check.C, ifType string, ifName string, ipNet string) (string, error) { 392 args := []string{"link", "add", "name", ifName, "type", ifType} 393 ipLinkCmd := exec.Command("ip", args...) 394 out, _, err := runCommandWithOutput(ipLinkCmd) 395 if err != nil { 396 return out, err 397 } 398 399 ifCfgCmd := exec.Command("ifconfig", ifName, ipNet, "up") 400 out, _, err = runCommandWithOutput(ifCfgCmd) 401 return out, err 402 } 403 404 func deleteInterface(c *check.C, ifName string) { 405 ifCmd := exec.Command("ip", "link", "delete", ifName) 406 out, _, err := runCommandWithOutput(ifCmd) 407 c.Assert(err, check.IsNil, check.Commentf(out)) 408 409 flushCmd := exec.Command("iptables", "-t", "nat", "--flush") 410 out, _, err = runCommandWithOutput(flushCmd) 411 c.Assert(err, check.IsNil, check.Commentf(out)) 412 413 flushCmd = exec.Command("iptables", "--flush") 414 out, _, err = runCommandWithOutput(flushCmd) 415 c.Assert(err, check.IsNil, check.Commentf(out)) 416 } 417 418 func (s *DockerDaemonSuite) TestDaemonBridgeIP(c *check.C) { 419 // TestDaemonBridgeIP Steps 420 // 1. Delete the existing docker0 Bridge 421 // 2. Set --bip daemon configuration and start the new Docker Daemon 422 // 3. Check if the bip config has taken effect using ifconfig and iptables commands 423 // 4. Launch a Container and make sure the IP-Address is in the expected subnet 424 // 5. Delete the docker0 Bridge 425 // 6. Restart the Docker Daemon (via defered action) 426 // This Restart takes care of bringing docker0 interface back to auto-assigned IP 427 428 defaultNetworkBridge := "docker0" 429 deleteInterface(c, defaultNetworkBridge) 430 431 d := s.d 432 433 bridgeIp := "192.169.1.1/24" 434 ip, bridgeIPNet, _ := net.ParseCIDR(bridgeIp) 435 436 err := d.StartWithBusybox("--bip", bridgeIp) 437 c.Assert(err, check.IsNil) 438 defer d.Restart() 439 440 ifconfigSearchString := ip.String() 441 ifconfigCmd := exec.Command("ifconfig", defaultNetworkBridge) 442 out, _, _, err := runCommandWithStdoutStderr(ifconfigCmd) 443 c.Assert(err, check.IsNil) 444 445 c.Assert(strings.Contains(out, ifconfigSearchString), check.Equals, true, 446 check.Commentf("ifconfig output should have contained %q, but was %q", 447 ifconfigSearchString, out)) 448 449 ipTablesSearchString := bridgeIPNet.String() 450 ipTablesCmd := exec.Command("iptables", "-t", "nat", "-nvL") 451 out, _, err = runCommandWithOutput(ipTablesCmd) 452 c.Assert(err, check.IsNil) 453 454 c.Assert(strings.Contains(out, ipTablesSearchString), check.Equals, true, 455 check.Commentf("iptables output should have contained %q, but was %q", 456 ipTablesSearchString, out)) 457 458 out, err = d.Cmd("run", "-d", "--name", "test", "busybox", "top") 459 c.Assert(err, check.IsNil) 460 461 containerIp := d.findContainerIP("test") 462 ip = net.ParseIP(containerIp) 463 c.Assert(bridgeIPNet.Contains(ip), check.Equals, true, 464 check.Commentf("Container IP-Address must be in the same subnet range : %s", 465 containerIp)) 466 deleteInterface(c, defaultNetworkBridge) 467 } 468 469 func (s *DockerDaemonSuite) TestDaemonRestartWithBridgeIPChange(c *check.C) { 470 if err := s.d.Start(); err != nil { 471 c.Fatalf("Could not start daemon: %v", err) 472 } 473 defer s.d.Restart() 474 if err := s.d.Stop(); err != nil { 475 c.Fatalf("Could not stop daemon: %v", err) 476 } 477 478 // now we will change the docker0's IP and then try starting the daemon 479 bridgeIP := "192.169.100.1/24" 480 _, bridgeIPNet, _ := net.ParseCIDR(bridgeIP) 481 482 ipCmd := exec.Command("ifconfig", "docker0", bridgeIP) 483 stdout, stderr, _, err := runCommandWithStdoutStderr(ipCmd) 484 if err != nil { 485 c.Fatalf("failed to change docker0's IP association: %v, stdout: %q, stderr: %q", err, stdout, stderr) 486 } 487 488 if err := s.d.Start("--bip", bridgeIP); err != nil { 489 c.Fatalf("Could not start daemon: %v", err) 490 } 491 492 //check if the iptables contains new bridgeIP MASQUERADE rule 493 ipTablesSearchString := bridgeIPNet.String() 494 ipTablesCmd := exec.Command("iptables", "-t", "nat", "-nvL") 495 out, _, err := runCommandWithOutput(ipTablesCmd) 496 if err != nil { 497 c.Fatalf("Could not run iptables -nvL: %s, %v", out, err) 498 } 499 if !strings.Contains(out, ipTablesSearchString) { 500 c.Fatalf("iptables output should have contained new MASQUERADE rule with IP %q, but was %q", ipTablesSearchString, out) 501 } 502 } 503 504 func (s *DockerDaemonSuite) TestDaemonBridgeFixedCidr(c *check.C) { 505 d := s.d 506 507 bridgeName := "external-bridge" 508 bridgeIp := "192.169.1.1/24" 509 510 out, err := createInterface(c, "bridge", bridgeName, bridgeIp) 511 c.Assert(err, check.IsNil, check.Commentf(out)) 512 defer deleteInterface(c, bridgeName) 513 514 args := []string{"--bridge", bridgeName, "--fixed-cidr", "192.169.1.0/30"} 515 err = d.StartWithBusybox(args...) 516 c.Assert(err, check.IsNil) 517 defer d.Restart() 518 519 for i := 0; i < 4; i++ { 520 cName := "Container" + strconv.Itoa(i) 521 out, err := d.Cmd("run", "-d", "--name", cName, "busybox", "top") 522 if err != nil { 523 c.Assert(strings.Contains(out, "no available ip addresses"), check.Equals, true, 524 check.Commentf("Could not run a Container : %s %s", err.Error(), out)) 525 } 526 } 527 } 528 529 func (s *DockerDaemonSuite) TestDaemonDefaultGatewayIPv4Implicit(c *check.C) { 530 defaultNetworkBridge := "docker0" 531 deleteInterface(c, defaultNetworkBridge) 532 533 d := s.d 534 535 bridgeIp := "192.169.1.1" 536 bridgeIpNet := fmt.Sprintf("%s/24", bridgeIp) 537 538 err := d.StartWithBusybox("--bip", bridgeIpNet) 539 c.Assert(err, check.IsNil) 540 defer d.Restart() 541 542 expectedMessage := fmt.Sprintf("default via %s dev", bridgeIp) 543 out, err := d.Cmd("run", "busybox", "ip", "-4", "route", "list", "0/0") 544 c.Assert(strings.Contains(out, expectedMessage), check.Equals, true, 545 check.Commentf("Implicit default gateway should be bridge IP %s, but default route was '%s'", 546 bridgeIp, strings.TrimSpace(out))) 547 deleteInterface(c, defaultNetworkBridge) 548 } 549 550 func (s *DockerDaemonSuite) TestDaemonDefaultGatewayIPv4Explicit(c *check.C) { 551 defaultNetworkBridge := "docker0" 552 deleteInterface(c, defaultNetworkBridge) 553 554 d := s.d 555 556 bridgeIp := "192.169.1.1" 557 bridgeIpNet := fmt.Sprintf("%s/24", bridgeIp) 558 gatewayIp := "192.169.1.254" 559 560 err := d.StartWithBusybox("--bip", bridgeIpNet, "--default-gateway", gatewayIp) 561 c.Assert(err, check.IsNil) 562 defer d.Restart() 563 564 expectedMessage := fmt.Sprintf("default via %s dev", gatewayIp) 565 out, err := d.Cmd("run", "busybox", "ip", "-4", "route", "list", "0/0") 566 c.Assert(strings.Contains(out, expectedMessage), check.Equals, true, 567 check.Commentf("Explicit default gateway should be %s, but default route was '%s'", 568 gatewayIp, strings.TrimSpace(out))) 569 deleteInterface(c, defaultNetworkBridge) 570 } 571 572 func (s *DockerDaemonSuite) TestDaemonIP(c *check.C) { 573 d := s.d 574 575 ipStr := "192.170.1.1/24" 576 ip, _, _ := net.ParseCIDR(ipStr) 577 args := []string{"--ip", ip.String()} 578 err := d.StartWithBusybox(args...) 579 c.Assert(err, check.IsNil) 580 defer d.Restart() 581 582 out, err := d.Cmd("run", "-d", "-p", "8000:8000", "busybox", "top") 583 c.Assert(err, check.NotNil, 584 check.Commentf("Running a container must fail with an invalid --ip option")) 585 c.Assert(strings.Contains(out, "Error starting userland proxy"), check.Equals, true) 586 587 ifName := "dummy" 588 out, err = createInterface(c, "dummy", ifName, ipStr) 589 c.Assert(err, check.IsNil, check.Commentf(out)) 590 defer deleteInterface(c, ifName) 591 592 _, err = d.Cmd("run", "-d", "-p", "8000:8000", "busybox", "top") 593 c.Assert(err, check.IsNil) 594 595 ipTablesCmd := exec.Command("iptables", "-t", "nat", "-nvL") 596 out, _, err = runCommandWithOutput(ipTablesCmd) 597 c.Assert(err, check.IsNil) 598 599 regex := fmt.Sprintf("DNAT.*%s.*dpt:8000", ip.String()) 600 matched, _ := regexp.MatchString(regex, out) 601 c.Assert(matched, check.Equals, true, 602 check.Commentf("iptables output should have contained %q, but was %q", regex, out)) 603 } 604 605 func (s *DockerDaemonSuite) TestDaemonICCPing(c *check.C) { 606 d := s.d 607 608 bridgeName := "external-bridge" 609 bridgeIp := "192.169.1.1/24" 610 611 out, err := createInterface(c, "bridge", bridgeName, bridgeIp) 612 c.Assert(err, check.IsNil, check.Commentf(out)) 613 defer deleteInterface(c, bridgeName) 614 615 args := []string{"--bridge", bridgeName, "--icc=false"} 616 err = d.StartWithBusybox(args...) 617 c.Assert(err, check.IsNil) 618 defer d.Restart() 619 620 ipTablesCmd := exec.Command("iptables", "-nvL", "FORWARD") 621 out, _, err = runCommandWithOutput(ipTablesCmd) 622 c.Assert(err, check.IsNil) 623 624 regex := fmt.Sprintf("DROP.*all.*%s.*%s", bridgeName, bridgeName) 625 matched, _ := regexp.MatchString(regex, out) 626 c.Assert(matched, check.Equals, true, 627 check.Commentf("iptables output should have contained %q, but was %q", regex, out)) 628 629 // Pinging another container must fail with --icc=false 630 pingContainers(c, d, true) 631 632 ipStr := "192.171.1.1/24" 633 ip, _, _ := net.ParseCIDR(ipStr) 634 ifName := "icc-dummy" 635 636 createInterface(c, "dummy", ifName, ipStr) 637 638 // But, Pinging external or a Host interface must succeed 639 pingCmd := fmt.Sprintf("ping -c 1 %s -W 1", ip.String()) 640 runArgs := []string{"--rm", "busybox", "sh", "-c", pingCmd} 641 _, err = d.Cmd("run", runArgs...) 642 c.Assert(err, check.IsNil) 643 } 644 645 func (s *DockerDaemonSuite) TestDaemonICCLinkExpose(c *check.C) { 646 d := s.d 647 648 bridgeName := "external-bridge" 649 bridgeIp := "192.169.1.1/24" 650 651 out, err := createInterface(c, "bridge", bridgeName, bridgeIp) 652 c.Assert(err, check.IsNil, check.Commentf(out)) 653 defer deleteInterface(c, bridgeName) 654 655 args := []string{"--bridge", bridgeName, "--icc=false"} 656 err = d.StartWithBusybox(args...) 657 c.Assert(err, check.IsNil) 658 defer d.Restart() 659 660 ipTablesCmd := exec.Command("iptables", "-nvL", "FORWARD") 661 out, _, err = runCommandWithOutput(ipTablesCmd) 662 c.Assert(err, check.IsNil) 663 664 regex := fmt.Sprintf("DROP.*all.*%s.*%s", bridgeName, bridgeName) 665 matched, _ := regexp.MatchString(regex, out) 666 c.Assert(matched, check.Equals, true, 667 check.Commentf("iptables output should have contained %q, but was %q", regex, out)) 668 669 out, err = d.Cmd("run", "-d", "--expose", "4567", "--name", "icc1", "busybox", "nc", "-l", "-p", "4567") 670 c.Assert(err, check.IsNil, check.Commentf(out)) 671 672 out, err = d.Cmd("run", "--link", "icc1:icc1", "busybox", "nc", "icc1", "4567") 673 c.Assert(err, check.IsNil, check.Commentf(out)) 674 } 675 676 func (s *DockerDaemonSuite) TestDaemonLinksIpTablesRulesWhenLinkAndUnlink(c *check.C) { 677 bridgeName := "external-bridge" 678 bridgeIp := "192.169.1.1/24" 679 680 out, err := createInterface(c, "bridge", bridgeName, bridgeIp) 681 c.Assert(err, check.IsNil, check.Commentf(out)) 682 defer deleteInterface(c, bridgeName) 683 684 args := []string{"--bridge", bridgeName, "--icc=false"} 685 err = s.d.StartWithBusybox(args...) 686 c.Assert(err, check.IsNil) 687 defer s.d.Restart() 688 689 _, err = s.d.Cmd("run", "-d", "--name", "child", "--publish", "8080:80", "busybox", "top") 690 c.Assert(err, check.IsNil) 691 _, err = s.d.Cmd("run", "-d", "--name", "parent", "--link", "child:http", "busybox", "top") 692 c.Assert(err, check.IsNil) 693 694 childIP := s.d.findContainerIP("child") 695 parentIP := s.d.findContainerIP("parent") 696 697 sourceRule := []string{"-i", bridgeName, "-o", bridgeName, "-p", "tcp", "-s", childIP, "--sport", "80", "-d", parentIP, "-j", "ACCEPT"} 698 destinationRule := []string{"-i", bridgeName, "-o", bridgeName, "-p", "tcp", "-s", parentIP, "--dport", "80", "-d", childIP, "-j", "ACCEPT"} 699 if !iptables.Exists("filter", "DOCKER", sourceRule...) || !iptables.Exists("filter", "DOCKER", destinationRule...) { 700 c.Fatal("Iptables rules not found") 701 } 702 703 s.d.Cmd("rm", "--link", "parent/http") 704 if iptables.Exists("filter", "DOCKER", sourceRule...) || iptables.Exists("filter", "DOCKER", destinationRule...) { 705 c.Fatal("Iptables rules should be removed when unlink") 706 } 707 708 s.d.Cmd("kill", "child") 709 s.d.Cmd("kill", "parent") 710 } 711 712 func (s *DockerDaemonSuite) TestDaemonUlimitDefaults(c *check.C) { 713 testRequires(c, NativeExecDriver) 714 715 if err := s.d.StartWithBusybox("--default-ulimit", "nofile=42:42", "--default-ulimit", "nproc=1024:1024"); err != nil { 716 c.Fatal(err) 717 } 718 719 out, err := s.d.Cmd("run", "--ulimit", "nproc=2048", "--name=test", "busybox", "/bin/sh", "-c", "echo $(ulimit -n); echo $(ulimit -p)") 720 if err != nil { 721 c.Fatal(out, err) 722 } 723 724 outArr := strings.Split(out, "\n") 725 if len(outArr) < 2 { 726 c.Fatalf("got unexpected output: %s", out) 727 } 728 nofile := strings.TrimSpace(outArr[0]) 729 nproc := strings.TrimSpace(outArr[1]) 730 731 if nofile != "42" { 732 c.Fatalf("expected `ulimit -n` to be `42`, got: %s", nofile) 733 } 734 if nproc != "2048" { 735 c.Fatalf("exepcted `ulimit -p` to be 2048, got: %s", nproc) 736 } 737 738 // Now restart daemon with a new default 739 if err := s.d.Restart("--default-ulimit", "nofile=43"); err != nil { 740 c.Fatal(err) 741 } 742 743 out, err = s.d.Cmd("start", "-a", "test") 744 if err != nil { 745 c.Fatal(err) 746 } 747 748 outArr = strings.Split(out, "\n") 749 if len(outArr) < 2 { 750 c.Fatalf("got unexpected output: %s", out) 751 } 752 nofile = strings.TrimSpace(outArr[0]) 753 nproc = strings.TrimSpace(outArr[1]) 754 755 if nofile != "43" { 756 c.Fatalf("expected `ulimit -n` to be `43`, got: %s", nofile) 757 } 758 if nproc != "2048" { 759 c.Fatalf("exepcted `ulimit -p` to be 2048, got: %s", nproc) 760 } 761 } 762 763 // #11315 764 func (s *DockerDaemonSuite) TestDaemonRestartRenameContainer(c *check.C) { 765 if err := s.d.StartWithBusybox(); err != nil { 766 c.Fatal(err) 767 } 768 769 if out, err := s.d.Cmd("run", "--name=test", "busybox"); err != nil { 770 c.Fatal(err, out) 771 } 772 773 if out, err := s.d.Cmd("rename", "test", "test2"); err != nil { 774 c.Fatal(err, out) 775 } 776 777 if err := s.d.Restart(); err != nil { 778 c.Fatal(err) 779 } 780 781 if out, err := s.d.Cmd("start", "test2"); err != nil { 782 c.Fatal(err, out) 783 } 784 } 785 786 func (s *DockerDaemonSuite) TestDaemonLoggingDriverDefault(c *check.C) { 787 if err := s.d.StartWithBusybox(); err != nil { 788 c.Fatal(err) 789 } 790 791 out, err := s.d.Cmd("run", "-d", "busybox", "echo", "testline") 792 if err != nil { 793 c.Fatal(out, err) 794 } 795 id := strings.TrimSpace(out) 796 797 if out, err := s.d.Cmd("wait", id); err != nil { 798 c.Fatal(out, err) 799 } 800 logPath := filepath.Join(s.d.folder, "graph", "containers", id, id+"-json.log") 801 802 if _, err := os.Stat(logPath); err != nil { 803 c.Fatal(err) 804 } 805 f, err := os.Open(logPath) 806 if err != nil { 807 c.Fatal(err) 808 } 809 var res struct { 810 Log string `json:"log"` 811 Stream string `json:"stream"` 812 Time time.Time `json:"time"` 813 } 814 if err := json.NewDecoder(f).Decode(&res); err != nil { 815 c.Fatal(err) 816 } 817 if res.Log != "testline\n" { 818 c.Fatalf("Unexpected log line: %q, expected: %q", res.Log, "testline\n") 819 } 820 if res.Stream != "stdout" { 821 c.Fatalf("Unexpected stream: %q, expected: %q", res.Stream, "stdout") 822 } 823 if !time.Now().After(res.Time) { 824 c.Fatalf("Log time %v in future", res.Time) 825 } 826 } 827 828 func (s *DockerDaemonSuite) TestDaemonLoggingDriverDefaultOverride(c *check.C) { 829 if err := s.d.StartWithBusybox(); err != nil { 830 c.Fatal(err) 831 } 832 833 out, err := s.d.Cmd("run", "-d", "--log-driver=none", "busybox", "echo", "testline") 834 if err != nil { 835 c.Fatal(out, err) 836 } 837 id := strings.TrimSpace(out) 838 839 if out, err := s.d.Cmd("wait", id); err != nil { 840 c.Fatal(out, err) 841 } 842 logPath := filepath.Join(s.d.folder, "graph", "containers", id, id+"-json.log") 843 844 if _, err := os.Stat(logPath); err == nil || !os.IsNotExist(err) { 845 c.Fatalf("%s shouldn't exits, error on Stat: %s", logPath, err) 846 } 847 } 848 849 func (s *DockerDaemonSuite) TestDaemonLoggingDriverNone(c *check.C) { 850 if err := s.d.StartWithBusybox("--log-driver=none"); err != nil { 851 c.Fatal(err) 852 } 853 854 out, err := s.d.Cmd("run", "-d", "busybox", "echo", "testline") 855 if err != nil { 856 c.Fatal(out, err) 857 } 858 id := strings.TrimSpace(out) 859 if out, err := s.d.Cmd("wait", id); err != nil { 860 c.Fatal(out, err) 861 } 862 863 logPath := filepath.Join(s.d.folder, "graph", "containers", id, id+"-json.log") 864 865 if _, err := os.Stat(logPath); err == nil || !os.IsNotExist(err) { 866 c.Fatalf("%s shouldn't exits, error on Stat: %s", logPath, err) 867 } 868 } 869 870 func (s *DockerDaemonSuite) TestDaemonLoggingDriverNoneOverride(c *check.C) { 871 if err := s.d.StartWithBusybox("--log-driver=none"); err != nil { 872 c.Fatal(err) 873 } 874 875 out, err := s.d.Cmd("run", "-d", "--log-driver=json-file", "busybox", "echo", "testline") 876 if err != nil { 877 c.Fatal(out, err) 878 } 879 id := strings.TrimSpace(out) 880 881 if out, err := s.d.Cmd("wait", id); err != nil { 882 c.Fatal(out, err) 883 } 884 logPath := filepath.Join(s.d.folder, "graph", "containers", id, id+"-json.log") 885 886 if _, err := os.Stat(logPath); err != nil { 887 c.Fatal(err) 888 } 889 f, err := os.Open(logPath) 890 if err != nil { 891 c.Fatal(err) 892 } 893 var res struct { 894 Log string `json:"log"` 895 Stream string `json:"stream"` 896 Time time.Time `json:"time"` 897 } 898 if err := json.NewDecoder(f).Decode(&res); err != nil { 899 c.Fatal(err) 900 } 901 if res.Log != "testline\n" { 902 c.Fatalf("Unexpected log line: %q, expected: %q", res.Log, "testline\n") 903 } 904 if res.Stream != "stdout" { 905 c.Fatalf("Unexpected stream: %q, expected: %q", res.Stream, "stdout") 906 } 907 if !time.Now().After(res.Time) { 908 c.Fatalf("Log time %v in future", res.Time) 909 } 910 } 911 912 func (s *DockerDaemonSuite) TestDaemonLoggingDriverNoneLogsError(c *check.C) { 913 if err := s.d.StartWithBusybox("--log-driver=none"); err != nil { 914 c.Fatal(err) 915 } 916 917 out, err := s.d.Cmd("run", "-d", "busybox", "echo", "testline") 918 if err != nil { 919 c.Fatal(out, err) 920 } 921 id := strings.TrimSpace(out) 922 out, err = s.d.Cmd("logs", id) 923 if err == nil { 924 c.Fatalf("Logs should fail with \"none\" driver") 925 } 926 if !strings.Contains(out, `"logs" command is supported only for "json-file" logging driver`) { 927 c.Fatalf("There should be error about non-json-file driver, got: %s", out) 928 } 929 } 930 931 func (s *DockerDaemonSuite) TestDaemonDots(c *check.C) { 932 if err := s.d.StartWithBusybox(); err != nil { 933 c.Fatal(err) 934 } 935 936 // Now create 4 containers 937 if _, err := s.d.Cmd("create", "busybox"); err != nil { 938 c.Fatalf("Error creating container: %q", err) 939 } 940 if _, err := s.d.Cmd("create", "busybox"); err != nil { 941 c.Fatalf("Error creating container: %q", err) 942 } 943 if _, err := s.d.Cmd("create", "busybox"); err != nil { 944 c.Fatalf("Error creating container: %q", err) 945 } 946 if _, err := s.d.Cmd("create", "busybox"); err != nil { 947 c.Fatalf("Error creating container: %q", err) 948 } 949 950 s.d.Stop() 951 952 s.d.Start("--log-level=debug") 953 s.d.Stop() 954 content, _ := ioutil.ReadFile(s.d.logFile.Name()) 955 if strings.Contains(string(content), "....") { 956 c.Fatalf("Debug level should not have ....\n%s", string(content)) 957 } 958 959 s.d.Start("--log-level=error") 960 s.d.Stop() 961 content, _ = ioutil.ReadFile(s.d.logFile.Name()) 962 if strings.Contains(string(content), "....") { 963 c.Fatalf("Error level should not have ....\n%s", string(content)) 964 } 965 966 s.d.Start("--log-level=info") 967 s.d.Stop() 968 content, _ = ioutil.ReadFile(s.d.logFile.Name()) 969 if !strings.Contains(string(content), "....") { 970 c.Fatalf("Info level should have ....\n%s", string(content)) 971 } 972 } 973 974 func (s *DockerDaemonSuite) TestDaemonUnixSockCleanedUp(c *check.C) { 975 dir, err := ioutil.TempDir("", "socket-cleanup-test") 976 if err != nil { 977 c.Fatal(err) 978 } 979 defer os.RemoveAll(dir) 980 981 sockPath := filepath.Join(dir, "docker.sock") 982 if err := s.d.Start("--host", "unix://"+sockPath); err != nil { 983 c.Fatal(err) 984 } 985 986 if _, err := os.Stat(sockPath); err != nil { 987 c.Fatal("socket does not exist") 988 } 989 990 if err := s.d.Stop(); err != nil { 991 c.Fatal(err) 992 } 993 994 if _, err := os.Stat(sockPath); err == nil || !os.IsNotExist(err) { 995 c.Fatal("unix socket is not cleaned up") 996 } 997 } 998 999 func (s *DockerDaemonSuite) TestDaemonWithWrongkey(c *check.C) { 1000 type Config struct { 1001 Crv string `json:"crv"` 1002 D string `json:"d"` 1003 Kid string `json:"kid"` 1004 Kty string `json:"kty"` 1005 X string `json:"x"` 1006 Y string `json:"y"` 1007 } 1008 1009 os.Remove("/etc/docker/key.json") 1010 if err := s.d.Start(); err != nil { 1011 c.Fatalf("Failed to start daemon: %v", err) 1012 } 1013 1014 if err := s.d.Stop(); err != nil { 1015 c.Fatalf("Could not stop daemon: %v", err) 1016 } 1017 1018 config := &Config{} 1019 bytes, err := ioutil.ReadFile("/etc/docker/key.json") 1020 if err != nil { 1021 c.Fatalf("Error reading key.json file: %s", err) 1022 } 1023 1024 // byte[] to Data-Struct 1025 if err := json.Unmarshal(bytes, &config); err != nil { 1026 c.Fatalf("Error Unmarshal: %s", err) 1027 } 1028 1029 //replace config.Kid with the fake value 1030 config.Kid = "VSAJ:FUYR:X3H2:B2VZ:KZ6U:CJD5:K7BX:ZXHY:UZXT:P4FT:MJWG:HRJ4" 1031 1032 // NEW Data-Struct to byte[] 1033 newBytes, err := json.Marshal(&config) 1034 if err != nil { 1035 c.Fatalf("Error Marshal: %s", err) 1036 } 1037 1038 // write back 1039 if err := ioutil.WriteFile("/etc/docker/key.json", newBytes, 0400); err != nil { 1040 c.Fatalf("Error ioutil.WriteFile: %s", err) 1041 } 1042 1043 defer os.Remove("/etc/docker/key.json") 1044 1045 if err := s.d.Start(); err == nil { 1046 c.Fatalf("It should not be successful to start daemon with wrong key: %v", err) 1047 } 1048 1049 content, _ := ioutil.ReadFile(s.d.logFile.Name()) 1050 1051 if !strings.Contains(string(content), "Public Key ID does not match") { 1052 c.Fatal("Missing KeyID message from daemon logs") 1053 } 1054 } 1055 1056 func (s *DockerDaemonSuite) TestDaemonRestartKillWait(c *check.C) { 1057 if err := s.d.StartWithBusybox(); err != nil { 1058 c.Fatalf("Could not start daemon with busybox: %v", err) 1059 } 1060 1061 out, err := s.d.Cmd("run", "-id", "busybox", "/bin/cat") 1062 if err != nil { 1063 c.Fatalf("Could not run /bin/cat: err=%v\n%s", err, out) 1064 } 1065 containerID := strings.TrimSpace(out) 1066 1067 if out, err := s.d.Cmd("kill", containerID); err != nil { 1068 c.Fatalf("Could not kill %s: err=%v\n%s", containerID, err, out) 1069 } 1070 1071 if err := s.d.Restart(); err != nil { 1072 c.Fatalf("Could not restart daemon: %v", err) 1073 } 1074 1075 errchan := make(chan error) 1076 go func() { 1077 if out, err := s.d.Cmd("wait", containerID); err != nil { 1078 errchan <- fmt.Errorf("%v:\n%s", err, out) 1079 } 1080 close(errchan) 1081 }() 1082 1083 select { 1084 case <-time.After(5 * time.Second): 1085 c.Fatal("Waiting on a stopped (killed) container timed out") 1086 case err := <-errchan: 1087 if err != nil { 1088 c.Fatal(err) 1089 } 1090 } 1091 } 1092 1093 // TestHttpsInfo connects via two-way authenticated HTTPS to the info endpoint 1094 func (s *DockerDaemonSuite) TestHttpsInfo(c *check.C) { 1095 const ( 1096 testDaemonHttpsAddr = "localhost:4271" 1097 ) 1098 1099 if err := s.d.Start("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-cert.pem", 1100 "--tlskey", "fixtures/https/server-key.pem", "-H", testDaemonHttpsAddr); err != nil { 1101 c.Fatalf("Could not start daemon with busybox: %v", err) 1102 } 1103 1104 //force tcp protocol 1105 host := fmt.Sprintf("tcp://%s", testDaemonHttpsAddr) 1106 daemonArgs := []string{"--host", host, "--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/client-cert.pem", "--tlskey", "fixtures/https/client-key.pem"} 1107 out, err := s.d.CmdWithArgs(daemonArgs, "info") 1108 if err != nil { 1109 c.Fatalf("Error Occurred: %s and output: %s", err, out) 1110 } 1111 } 1112 1113 // TestHttpsInfoRogueCert connects via two-way authenticated HTTPS to the info endpoint 1114 // by using a rogue client certificate and checks that it fails with the expected error. 1115 func (s *DockerDaemonSuite) TestHttpsInfoRogueCert(c *check.C) { 1116 const ( 1117 errBadCertificate = "remote error: bad certificate" 1118 testDaemonHttpsAddr = "localhost:4271" 1119 ) 1120 if err := s.d.Start("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-cert.pem", 1121 "--tlskey", "fixtures/https/server-key.pem", "-H", testDaemonHttpsAddr); err != nil { 1122 c.Fatalf("Could not start daemon with busybox: %v", err) 1123 } 1124 1125 //force tcp protocol 1126 host := fmt.Sprintf("tcp://%s", testDaemonHttpsAddr) 1127 daemonArgs := []string{"--host", host, "--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/client-rogue-cert.pem", "--tlskey", "fixtures/https/client-rogue-key.pem"} 1128 out, err := s.d.CmdWithArgs(daemonArgs, "info") 1129 if err == nil || !strings.Contains(out, errBadCertificate) { 1130 c.Fatalf("Expected err: %s, got instead: %s and output: %s", errBadCertificate, err, out) 1131 } 1132 } 1133 1134 // TestHttpsInfoRogueServerCert connects via two-way authenticated HTTPS to the info endpoint 1135 // which provides a rogue server certificate and checks that it fails with the expected error 1136 func (s *DockerDaemonSuite) TestHttpsInfoRogueServerCert(c *check.C) { 1137 const ( 1138 errCaUnknown = "x509: certificate signed by unknown authority" 1139 testDaemonRogueHttpsAddr = "localhost:4272" 1140 ) 1141 if err := s.d.Start("--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/server-rogue-cert.pem", 1142 "--tlskey", "fixtures/https/server-rogue-key.pem", "-H", testDaemonRogueHttpsAddr); err != nil { 1143 c.Fatalf("Could not start daemon with busybox: %v", err) 1144 } 1145 1146 //force tcp protocol 1147 host := fmt.Sprintf("tcp://%s", testDaemonRogueHttpsAddr) 1148 daemonArgs := []string{"--host", host, "--tlsverify", "--tlscacert", "fixtures/https/ca.pem", "--tlscert", "fixtures/https/client-rogue-cert.pem", "--tlskey", "fixtures/https/client-rogue-key.pem"} 1149 out, err := s.d.CmdWithArgs(daemonArgs, "info") 1150 if err == nil || !strings.Contains(out, errCaUnknown) { 1151 c.Fatalf("Expected err: %s, got instead: %s and output: %s", errCaUnknown, err, out) 1152 } 1153 } 1154 1155 func pingContainers(c *check.C, d *Daemon, expectFailure bool) { 1156 var dargs []string 1157 if d != nil { 1158 dargs = []string{"--host", d.sock()} 1159 } 1160 1161 args := append(dargs, "run", "-d", "--name", "container1", "busybox", "top") 1162 _, err := runCommand(exec.Command(dockerBinary, args...)) 1163 c.Assert(err, check.IsNil) 1164 1165 args = append(dargs, "run", "--rm", "--link", "container1:alias1", "busybox", "sh", "-c") 1166 pingCmd := "ping -c 1 %s -W 1" 1167 args = append(args, fmt.Sprintf(pingCmd, "alias1")) 1168 _, err = runCommand(exec.Command(dockerBinary, args...)) 1169 1170 if expectFailure { 1171 c.Assert(err, check.NotNil) 1172 } else { 1173 c.Assert(err, check.IsNil) 1174 } 1175 1176 args = append(dargs, "rm", "-f", "container1") 1177 runCommand(exec.Command(dockerBinary, args...)) 1178 } 1179 1180 func (s *DockerDaemonSuite) TestDaemonRestartWithSocketAsVolume(c *check.C) { 1181 c.Assert(s.d.StartWithBusybox(), check.IsNil) 1182 1183 socket := filepath.Join(s.d.folder, "docker.sock") 1184 1185 out, err := s.d.Cmd("run", "-d", "-v", socket+":/sock", "busybox") 1186 c.Assert(err, check.IsNil, check.Commentf("Output: %s", out)) 1187 c.Assert(s.d.Restart(), check.IsNil) 1188 } 1189 1190 func (s *DockerDaemonSuite) TestCleanupMountsAfterCrash(c *check.C) { 1191 c.Assert(s.d.StartWithBusybox(), check.IsNil) 1192 1193 out, err := s.d.Cmd("run", "-d", "busybox", "top") 1194 c.Assert(err, check.IsNil, check.Commentf("Output: %s", out)) 1195 id := strings.TrimSpace(out) 1196 c.Assert(s.d.cmd.Process.Signal(os.Kill), check.IsNil) 1197 c.Assert(s.d.Start(), check.IsNil) 1198 mountOut, err := exec.Command("mount").CombinedOutput() 1199 c.Assert(err, check.IsNil, check.Commentf("Output: %s", mountOut)) 1200 c.Assert(strings.Contains(string(mountOut), id), check.Equals, false, check.Commentf("Something mounted from older daemon start: %s", mountOut)) 1201 } 1202 1203 func (s *DockerDaemonSuite) TestRunContainerWithBridgeNone(c *check.C) { 1204 testRequires(c, NativeExecDriver) 1205 c.Assert(s.d.StartWithBusybox("-b", "none"), check.IsNil) 1206 1207 out, err := s.d.Cmd("run", "--rm", "busybox", "ip", "l") 1208 c.Assert(err, check.IsNil, check.Commentf("Output: %s", out)) 1209 c.Assert(strings.Contains(out, "eth0"), check.Equals, false, 1210 check.Commentf("There shouldn't be eth0 in container when network is disabled: %s", out)) 1211 } 1212 1213 func (s *DockerDaemonSuite) TestDaemonRestartWithContainerRunning(t *check.C) { 1214 if err := s.d.StartWithBusybox(); err != nil { 1215 t.Fatal(err) 1216 } 1217 if out, err := s.d.Cmd("run", "-ti", "-d", "--name", "test", "busybox"); err != nil { 1218 t.Fatal(out, err) 1219 } 1220 1221 if err := s.d.Restart(); err != nil { 1222 t.Fatal(err) 1223 } 1224 // Container 'test' should be removed without error 1225 if out, err := s.d.Cmd("rm", "test"); err != nil { 1226 t.Fatal(out, err) 1227 } 1228 } 1229 1230 func (s *DockerDaemonSuite) TestDaemonRestartCleanupNetns(c *check.C) { 1231 if err := s.d.StartWithBusybox(); err != nil { 1232 c.Fatal(err) 1233 } 1234 out, err := s.d.Cmd("run", "--name", "netns", "-d", "busybox", "top") 1235 if err != nil { 1236 c.Fatal(out, err) 1237 } 1238 if out, err := s.d.Cmd("stop", "netns"); err != nil { 1239 c.Fatal(out, err) 1240 } 1241 1242 // Construct netns file name from container id 1243 out = strings.TrimSpace(out) 1244 nsFile := out[:12] 1245 1246 // Test if the file still exists 1247 out, _, err = runCommandWithOutput(exec.Command("stat", "-c", "%n", "/var/run/docker/netns/"+nsFile)) 1248 out = strings.TrimSpace(out) 1249 c.Assert(err, check.IsNil, check.Commentf("Output: %s", out)) 1250 c.Assert(out, check.Equals, "/var/run/docker/netns/"+nsFile, check.Commentf("Output: %s", out)) 1251 1252 // Remove the container and restart the daemon 1253 if out, err := s.d.Cmd("rm", "netns"); err != nil { 1254 c.Fatal(out, err) 1255 } 1256 1257 if err := s.d.Restart(); err != nil { 1258 c.Fatal(err) 1259 } 1260 1261 // Test again and see now the netns file does not exist 1262 out, _, err = runCommandWithOutput(exec.Command("stat", "-c", "%n", "/var/run/docker/netns/"+nsFile)) 1263 out = strings.TrimSpace(out) 1264 c.Assert(err, check.Not(check.IsNil), check.Commentf("Output: %s", out)) 1265 // c.Assert(out, check.Equals, "", check.Commentf("Output: %s", out)) 1266 }