moby
diff --git a/‎api/client/network/create.go‎
Lines changed: 3 additions & 0 deletions b/‎api/client/network/create.go‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎api/client/service/opts.go‎
Lines changed: 3 additions & 2 deletions b/‎api/client/service/opts.go‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎api/server/router/network/network_routes.go‎
Lines changed: 1 addition & 20 deletions b/‎api/server/router/network/network_routes.go‎
Lines changed: 1 addition & 20 deletions
diff --git a/‎container/container.go‎
Lines changed: 3 additions & 1 deletion b/‎container/container.go‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎daemon/cluster/cluster.go‎
Lines changed: 137 additions & 2 deletions b/‎daemon/cluster/cluster.go‎
Lines changed: 137 additions & 2 deletions
diff --git a/‎daemon/cluster/convert/network.go‎
Lines changed: 3 additions & 0 deletions b/‎daemon/cluster/convert/network.go‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎daemon/cluster/convert/service.go‎
Lines changed: 19 additions & 6 deletions b/‎daemon/cluster/convert/service.go‎
Lines changed: 19 additions & 6 deletions
diff --git a/‎daemon/cluster/convert/task.go‎
Lines changed: 6 additions & 0 deletions b/‎daemon/cluster/convert/task.go‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎daemon/cluster/executor/backend.go‎
Lines changed: 2 additions & 0 deletions b/‎daemon/cluster/executor/backend.go‎
Lines changed: 2 additions & 0 deletions
@@ -23,6 +23,7 @@ type createOptions struct {
 	labels     []string
 	internal   bool
 	ipv6       bool
+	attachable bool
 
 	ipamDriver  string
 	ipamSubnet  []string
@@ -55,6 +56,7 @@ func newCreateCommand(dockerCli *client.DockerCli) *cobra.Command {
 	flags.StringSliceVar(&opts.labels, "label", []string{}, "Set metadata on a network")
 	flags.BoolVar(&opts.internal, "internal", false, "Restrict external access to the network")
 	flags.BoolVar(&opts.ipv6, "ipv6", false, "Enable IPv6 networking")
+	flags.BoolVar(&opts.attachable, "attachable", false, "Enable manual container attachment")
 
 	flags.StringVar(&opts.ipamDriver, "ipam-driver", "default", "IP Address Management Driver")
 	flags.StringSliceVar(&opts.ipamSubnet, "subnet", []string{}, "Subnet in CIDR format that represents a network segment")
@@ -87,6 +89,7 @@ func runCreate(dockerCli *client.DockerCli, opts createOptions) error {
 		CheckDuplicate: true,
 		Internal:       opts.internal,
 		EnableIPv6:     opts.ipv6,
+		Attachable:     opts.attachable,
 		Labels:         runconfigopts.ConvertKVStringsToMap(opts.labels),
 	}
 
 
@@ -451,20 +451,21 @@ func (opts *serviceOptions) ToService() (swarm.ServiceSpec, error) {
 				Mounts:          opts.mounts.Value(),
 				StopGracePeriod: opts.stopGrace.Value(),
 			},
+			Networks:      convertNetworks(opts.networks),
 			Resources:     opts.resources.ToResourceRequirements(),
 			RestartPolicy: opts.restartPolicy.ToRestartPolicy(),
 			Placement: &swarm.Placement{
 				Constraints: opts.constraints,
 			},
 			LogDriver: opts.logDriver.toLogDriver(),
 		},
-		Mode: swarm.ServiceMode{},
+		Networks: convertNetworks(opts.networks),
+		Mode:     swarm.ServiceMode{},
 		UpdateConfig: &swarm.UpdateConfig{
 			Parallelism:   opts.update.parallelism,
 			Delay:         opts.update.delay,
 			FailureAction: opts.update.onFailure,
 		},
-		Networks:     convertNetworks(opts.networks),
 		EndpointSpec: opts.endpoint.ToEndpointSpec(),
 	}
 
 
@@ -2,7 +2,6 @@ package network
 
 import (
 	"encoding/json"
-	"fmt"
 	"net/http"
 
 	"golang.org/x/net/context"
@@ -11,7 +10,6 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/errors"
 	"github.com/docker/libnetwork"
 )
 
@@ -116,17 +114,7 @@ func (n *networkRouter) postNetworkConnect(ctx context.Context, w http.ResponseW
 		return err
 	}
 
-	nw, err := n.backend.FindNetwork(vars["id"])
-	if err != nil {
-		return err
-	}
-
-	if nw.Info().Dynamic() {
-		err := fmt.Errorf("operation not supported for swarm scoped networks")
-		return errors.NewRequestForbiddenError(err)
-	}
-
-	return n.backend.ConnectContainerToNetwork(connect.Container, nw.Name(), connect.EndpointConfig)
+	return n.backend.ConnectContainerToNetwork(connect.Container, vars["id"], connect.EndpointConfig)
 }
 
 func (n *networkRouter) postNetworkDisconnect(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
@@ -143,13 +131,6 @@ func (n *networkRouter) postNetworkDisconnect(ctx context.Context, w http.Respon
 		return err
 	}
 
-	nw, _ := n.backend.FindNetwork(vars["id"])
-
-	if nw != nil && nw.Info().Dynamic() {
-		err := fmt.Errorf("operation not supported for swarm scoped networks")
-		return errors.NewRequestForbiddenError(err)
-	}
-
 	return n.backend.DisconnectContainerFromNetwork(disconnect.Container, vars["id"], disconnect.Force)
 }
 
 
@@ -700,7 +700,9 @@ func (container *Container) BuildEndpointInfo(n libnetwork.Network, ep libnetwor
 	}
 
 	if _, ok := networkSettings.Networks[n.Name()]; !ok {
-		networkSettings.Networks[n.Name()] = new(networktypes.EndpointSettings)
+		networkSettings.Networks[n.Name()] = &network.EndpointSettings{
+			EndpointSettings: &networktypes.EndpointSettings{},
+		}
 	}
 	networkSettings.Networks[n.Name()].NetworkID = n.ID()
 	networkSettings.Networks[n.Name()].EndpointID = ep.ID()
 
@@ -16,6 +16,7 @@ import (
 	"github.com/Sirupsen/logrus"
 	apitypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
+	"github.com/docker/docker/api/types/network"
 	types "github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/daemon/cluster/convert"
 	executorpkg "github.com/docker/docker/daemon/cluster/executor"
@@ -126,6 +127,18 @@ type Cluster struct {
 	stop            bool
 	err             error
 	cancelDelay     func()
+	attachers       map[string]*attacher
+}
+
+// attacher manages the in-memory attachment state of a container
+// attachment to a global scope network managed by swarm manager. It
+// helps in identifying the attachment ID via the taskID and the
+// corresponding attachment configuration obtained from the manager.
+type attacher struct {
+	taskID       string
+	config       *network.NetworkingConfig
+	attachWaitCh chan *network.NetworkingConfig
+	detachWaitCh chan struct{}
 }
 
 type node struct {
@@ -154,6 +167,7 @@ func New(config Config) (*Cluster, error) {
 		config:      config,
 		configEvent: make(chan struct{}, 10),
 		runtimeRoot: config.RuntimeRoot,
+		attachers:   make(map[string]*attacher),
 	}
 
 	st, err := c.loadState()
@@ -1212,6 +1226,120 @@ func (c *Cluster) GetNetworks() ([]apitypes.NetworkResource, error) {
 	return networks, nil
 }
 
+func attacherKey(target, containerID string) string {
+	return containerID + ":" + target
+}
+
+// UpdateAttachment signals the attachment config to the attachment
+// waiter who is trying to start or attach the container to the
+// network.
+func (c *Cluster) UpdateAttachment(target, containerID string, config *network.NetworkingConfig) error {
+	c.RLock()
+	attacher, ok := c.attachers[attacherKey(target, containerID)]
+	c.RUnlock()
+	if !ok || attacher == nil {
+		return fmt.Errorf("could not find attacher for container %s to network %s", containerID, target)
+	}
+
+	attacher.attachWaitCh <- config
+	close(attacher.attachWaitCh)
+	return nil
+}
+
+// WaitForDetachment waits for the container to stop or detach from
+// the network.
+func (c *Cluster) WaitForDetachment(ctx context.Context, networkName, networkID, taskID, containerID string) error {
+	c.RLock()
+	attacher, ok := c.attachers[attacherKey(networkName, containerID)]
+	if !ok {
+		attacher, ok = c.attachers[attacherKey(networkID, containerID)]
+	}
+	if c.node == nil || c.node.Agent() == nil {
+		c.RUnlock()
+		return fmt.Errorf("invalid cluster node while waiting for detachment")
+	}
+
+	agent := c.node.Agent()
+	c.RUnlock()
+
+	if ok && attacher != nil && attacher.detachWaitCh != nil {
+		select {
+		case <-attacher.detachWaitCh:
+		case <-ctx.Done():
+			return ctx.Err()
+		}
+	}
+
+	return agent.ResourceAllocator().DetachNetwork(ctx, taskID)
+}
+
+// AttachNetwork generates an attachment request towards the manager.
+func (c *Cluster) AttachNetwork(target string, containerID string, addresses []string) (*network.NetworkingConfig, error) {
+	aKey := attacherKey(target, containerID)
+	c.Lock()
+	if c.node == nil || c.node.Agent() == nil {
+		c.Unlock()
+		return nil, fmt.Errorf("invalid cluster node while attaching to network")
+	}
+	if attacher, ok := c.attachers[aKey]; ok {
+		c.Unlock()
+		return attacher.config, nil
+	}
+
+	agent := c.node.Agent()
+	attachWaitCh := make(chan *network.NetworkingConfig)
+	detachWaitCh := make(chan struct{})
+	c.attachers[aKey] = &attacher{
+		attachWaitCh: attachWaitCh,
+		detachWaitCh: detachWaitCh,
+	}
+	c.Unlock()
+
+	ctx, cancel := c.getRequestContext()
+	defer cancel()
+
+	taskID, err := agent.ResourceAllocator().AttachNetwork(ctx, containerID, target, addresses)
+	if err != nil {
+		c.Lock()
+		delete(c.attachers, aKey)
+		c.Unlock()
+		return nil, fmt.Errorf("Could not attach to network %s: %v", target, err)
+	}
+
+	logrus.Debugf("Successfully attached to network %s with tid %s", target, taskID)
+
+	var config *network.NetworkingConfig
+	select {
+	case config = <-attachWaitCh:
+	case <-ctx.Done():
+		return nil, fmt.Errorf("attaching to network failed, make sure your network options are correct and check manager logs: %v", ctx.Err())
+	}
+
+	c.Lock()
+	c.attachers[aKey].taskID = taskID
+	c.attachers[aKey].config = config
+	c.Unlock()
+	return config, nil
+}
+
+// DetachNetwork unblocks the waiters waiting on WaitForDetachment so
+// that a request to detach can be generated towards the manager.
+func (c *Cluster) DetachNetwork(target string, containerID string) error {
+	aKey := attacherKey(target, containerID)
+
+	c.Lock()
+	attacher, ok := c.attachers[aKey]
+	delete(c.attachers, aKey)
+	c.Unlock()
+
+	if !ok {
+		return fmt.Errorf("could not find network attachment for container %s to network %s", containerID, target)
+	}
+
+	close(attacher.detachWaitCh)
+	return nil
+}
+
 // CreateNetwork creates a new cluster managed network.
 func (c *Cluster) CreateNetwork(s apitypes.NetworkCreateRequest) (string, error) {
 	c.RLock()
@@ -1262,7 +1390,14 @@ func (c *Cluster) RemoveNetwork(input string) error {
 }
 
 func (c *Cluster) populateNetworkID(ctx context.Context, client swarmapi.ControlClient, s *types.ServiceSpec) error {
-	for i, n := range s.Networks {
+	// Always prefer NetworkAttachmentConfigs from TaskTemplate
+	// but fallback to service spec for backward compatibility
+	networks := s.TaskTemplate.Networks
+	if len(networks) == 0 {
+		networks = s.Networks
+	}
+
+	for i, n := range networks {
 		apiNetwork, err := getNetwork(ctx, client, n.Target)
 		if err != nil {
 			if ln, _ := c.config.Backend.FindNetwork(n.Target); ln != nil && !ln.Info().Dynamic() {
@@ -1271,7 +1406,7 @@ func (c *Cluster) populateNetworkID(ctx context.Context, client swarmapi.Control
 			}
 			return err
 		}
-		s.Networks[i].Target = apiNetwork.ID
+		networks[i].Target = apiNetwork.ID
 	}
 	return nil
 }
 
@@ -27,6 +27,7 @@ func networkFromGRPC(n *swarmapi.Network) types.Network {
 			Spec: types.NetworkSpec{
 				IPv6Enabled: n.Spec.Ipv6Enabled,
 				Internal:    n.Spec.Internal,
+				Attachable:  n.Spec.Attachable,
 				IPAMOptions: ipamFromGRPC(n.Spec.IPAM),
 			},
 			IPAMOptions: ipamFromGRPC(n.IPAM),
@@ -155,6 +156,7 @@ func BasicNetworkFromGRPC(n swarmapi.Network) basictypes.NetworkResource {
 		EnableIPv6: spec.Ipv6Enabled,
 		IPAM:       ipam,
 		Internal:   spec.Internal,
+		Attachable: spec.Attachable,
 		Labels:     n.Spec.Annotations.Labels,
 	}
 
@@ -179,6 +181,7 @@ func BasicNetworkCreateToGRPC(create basictypes.NetworkCreateRequest) swarmapi.N
 		},
 		Ipv6Enabled: create.EnableIPv6,
 		Internal:    create.Internal,
+		Attachable:  create.Attachable,
 	}
 	if create.IPAM != nil {
 		ns.IPAM = &swarmapi.IPAMOptions{
 
@@ -15,10 +15,16 @@ func ServiceFromGRPC(s swarmapi.Service) types.Service {
 	spec := s.Spec
 	containerConfig := spec.Task.Runtime.(*swarmapi.TaskSpec_Container).Container
 
-	networks := make([]types.NetworkAttachmentConfig, 0, len(spec.Networks))
+	serviceNetworks := make([]types.NetworkAttachmentConfig, 0, len(spec.Networks))
 	for _, n := range spec.Networks {
-		networks = append(networks, types.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases})
+		serviceNetworks = append(serviceNetworks, types.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases})
 	}
+
+	taskNetworks := make([]types.NetworkAttachmentConfig, 0, len(spec.Task.Networks))
+	for _, n := range spec.Task.Networks {
+		taskNetworks = append(taskNetworks, types.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases})
+	}
+
 	service := types.Service{
 		ID: s.ID,
 
@@ -29,9 +35,10 @@ func ServiceFromGRPC(s swarmapi.Service) types.Service {
 				RestartPolicy: restartPolicyFromGRPC(s.Spec.Task.Restart),
 				Placement:     placementFromGRPC(s.Spec.Task.Placement),
 				LogDriver:     driverFromGRPC(s.Spec.Task.LogDriver),
+				Networks:      taskNetworks,
 			},
 
-			Networks:     networks,
+			Networks:     serviceNetworks,
 			EndpointSpec: endpointSpecFromGRPC(s.Spec.Endpoint),
 		},
 		Endpoint: endpointFromGRPC(s.Endpoint),
@@ -99,9 +106,14 @@ func ServiceSpecToGRPC(s types.ServiceSpec) (swarmapi.ServiceSpec, error) {
 		name = namesgenerator.GetRandomName(0)
 	}
 
-	networks := make([]*swarmapi.ServiceSpec_NetworkAttachmentConfig, 0, len(s.Networks))
+	serviceNetworks := make([]*swarmapi.NetworkAttachmentConfig, 0, len(s.Networks))
 	for _, n := range s.Networks {
-		networks = append(networks, &swarmapi.ServiceSpec_NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases})
+		serviceNetworks = append(serviceNetworks, &swarmapi.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases})
+	}
+
+	taskNetworks := make([]*swarmapi.NetworkAttachmentConfig, 0, len(s.TaskTemplate.Networks))
+	for _, n := range s.TaskTemplate.Networks {
+		taskNetworks = append(taskNetworks, &swarmapi.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases})
 	}
 
 	spec := swarmapi.ServiceSpec{
@@ -112,8 +124,9 @@ func ServiceSpecToGRPC(s types.ServiceSpec) (swarmapi.ServiceSpec, error) {
 		Task: swarmapi.TaskSpec{
 			Resources: resourcesToGRPC(s.TaskTemplate.Resources),
 			LogDriver: driverToGRPC(s.TaskTemplate.LogDriver),
+			Networks:  taskNetworks,
 		},
-		Networks: networks,
+		Networks: serviceNetworks,
 	}
 
 	containerSpec, err := containerToGRPC(s.TaskTemplate.ContainerSpec)
 
@@ -12,6 +12,11 @@ import (
 func TaskFromGRPC(t swarmapi.Task) types.Task {
 	containerConfig := t.Spec.Runtime.(*swarmapi.TaskSpec_Container).Container
 	containerStatus := t.Status.GetContainer()
+	networks := make([]types.NetworkAttachmentConfig, 0, len(t.Spec.Networks))
+	for _, n := range t.Spec.Networks {
+		networks = append(networks, types.NetworkAttachmentConfig{Target: n.Target, Aliases: n.Aliases})
+	}
+
 	task := types.Task{
 		ID:        t.ID,
 		ServiceID: t.ServiceID,
@@ -23,6 +28,7 @@ func TaskFromGRPC(t swarmapi.Task) types.Task {
 			RestartPolicy: restartPolicyFromGRPC(t.Spec.Restart),
 			Placement:     placementFromGRPC(t.Spec.Placement),
 			LogDriver:     driverFromGRPC(t.Spec.LogDriver),
+			Networks:      networks,
 		},
 		Status: types.TaskStatus{
 			State:   types.TaskState(strings.ToLower(t.Status.State.String())),
 
@@ -40,4 +40,6 @@ type Backend interface {
 	IsSwarmCompatible() error
 	SubscribeToEvents(since, until time.Time, filter filters.Args) ([]events.Message, chan interface{})
 	UnsubscribeFromEvents(listener chan interface{})
+	UpdateAttachment(string, string, string, *network.NetworkingConfig) error
+	WaitForDetachment(context.Context, string, string, string, string) error
 }
Original file line number	Diff line number	Diff line change
`@@ -700,7 +700,9 @@ func (container *Container) BuildEndpointInfo(n libnetwork.Network, ep libnetwor`
`700`	`700`	`}`
`701`	`701`
`702`	`702`	`if _, ok := networkSettings.Networks[n.Name()]; !ok {`
`703`		`- networkSettings.Networks[n.Name()] = new(networktypes.EndpointSettings)`
	`703`	`+ networkSettings.Networks[n.Name()] = &network.EndpointSettings{`
	`704`	`+ EndpointSettings: &networktypes.EndpointSettings{},`
	`705`	`+ }`
`704`	`706`	`}`
`705`	`707`	`networkSettings.Networks[n.Name()].NetworkID = n.ID()`
`706`	`708`	`networkSettings.Networks[n.Name()].EndpointID = ep.ID()`
Original file line number	Diff line number	Diff line change
`@@ -40,4 +40,6 @@ type Backend interface {`
`40`	`40`	`IsSwarmCompatible() error`
`41`	`41`	`SubscribeToEvents(since, until time.Time, filter filters.Args) ([]events.Message, chan interface{})`
`42`	`42`	`UnsubscribeFromEvents(listener chan interface{})`
	`43`	`+ UpdateAttachment(string, string, string, *network.NetworkingConfig) error`
	`44`	`+ WaitForDetachment(context.Context, string, string, string, string) error`
`43`	`45`	`}`