Create a V2 Docker plugin

[bboreham]

Fixes #2397 #2816 #2651 #2805

Build the plugin via make v2plugin; requires Docker 1.13.1 (1.13.0 does not work)

This branch is based on top of the docker-swarm branch used in #2721 to get the extra entry-points, although it doesn't seem to make any difference.

Items outstanding:

• Connecting up peers - currently you have to weave connect to test
• Docker don't support --pid=host on v2 plugins; need another way to do the arp settings on the bridge
• No access to the Docker socket inside the plugin, so the hack to do arp settings on the veth doesn't work
• No access to the Docker socket inside the plugin, so need to persist anything we are told on network creation (e.g. the multicast option)
• weave status does work for the router, but doesn't see the plugin
• weave launch should detect if this plugin is installed and exit with error
• Better UX for troubleshooting - can't do docker logs to see what went wrong

[sgammill]

@bboreham Hello, can you give an update on the status of weave net in docker swarm-mode since moby/swarmkit#1876 has happened and docker engine is now at 1.13.1-rc1? Thanks.

[brb]

@sgammill I verified that the blocking issue moby/moby#30024 got resolved, and Weave Net Plugin v2 works with Docker Swarmkit (distributed with 1.31.1-rc1).

However, to make it usable to an end user, more work needs to be done (see the outstanding items in the PR description).

[marccarre]

• shfmt-ed launch.sh to please make lint in CircleCI.

• Added DOCKERHUB_USER to plugin's name (more convenient for development, and prob. what we want ultimately?)

• Bind-mounted /proc, which should help passing ARP settings:

  "mounts": [
    {
      "destination": "/procmount",
      "type": "proc",
      "source": "proc"
    }
  ],
  

  Manual testing:

  $ sudo docker-runc exec 512af90f342f16dddebc7b7245985d5eb67557e76798b4033eed2ff7adaa4eb5 cat /proc/sys/net/ipv4/neigh/weave/ucast_solicit
  3
  $ cat /proc/sys/net/ipv4/neigh/weave/ucast_solicit
  3
  # echo 1 > /proc/sys/net/ipv4/neigh/weave/ucast_solicit
  $ cat /proc/sys/net/ipv4/neigh/weave/ucast_solicit
  1
  $ sudo docker-runc exec 512af90f342f16dddebc7b7245985d5eb67557e76798b4033eed2ff7adaa4eb5 cat /proc/sys/net/ipv4/neigh/weave/ucast_solicit 
  1
  

• Tried to bind-mount /var/lib/weave and /var/log/weave in various ways, in order to respectively persist data and logs, in a way which makes them accessible to the host (reload data if container gets destroyed, ease of debugging, etc.), but faced issues. I'm probably missing something obvious.

[awh]

Documentation changes:

modified plugin

[awh]

Documentation changes:

modified plugin

[marccarre]

Note that, given:

• we use Docker 1.13.1 in this branch, and
• because of docker kill weaveproxy hangs indefinitely moby/moby#31447,

tests 335 and 620 currently fail (time out).

[weaveworksbot]

Documentation changes:

modified plugin

[bboreham]

@panga note you can now install our "latest" build from DockerHub, via docker plugin install weaveworks/net-plugin

[Multiply]

@bboreham Any documentation publicly available?

[bboreham]

@Multiply we're working on it. If your swarm is up and running, and you install as above, next step is:

docker network create --driver=weaveworks/net-plugin --attachable mynetworkname

then

docker run --net=mynetworkname ...

everything else is automagic 🙂

[Multiply]

@bboreham Sweet. I'll give it a spin over the weekend. I think it'll be more or less plug and play with our current development and testing setups.

[Multiply]

I should be able to define it using docker-compose v2/v3 and have it create the needed network plugin for us, if it doesn't already exist, as long as they installed the plugin beforehand, I assume.

Would be even sweeter if it could also automatically install the plugin if its not available. (I haven't looked much into the documentation, so it might already be like this?)

[bboreham]

One thing is, when the plugin installs, Docker asks you whether you want to grant the necessary permissions (which is a good thing for knowledgeable users):

$ docker plugin install weaveworks/net-plugin
Plugin "weaveworks/net-plugin" is requesting the following privileges:
 - network: [host]
 - mount: [/proc/]
 - mount: [/var/run/docker.sock]
 - mount: [/var/lib/]
 - mount: [/etc/]
 - capabilities: [CAP_SYS_ADMIN CAP_NET_ADMIN]
Do you grant the above permissions? [y/N]

Looking at Docker's plugin docs there is a --grant-all-permissions flag.

Nothing in the compose docs about installing plugins.

[jpe42]

@bboreham I was able to install the plugin, but when trying to create a network I get the following error:

> docker plugin ls
ID                  NAME                           DESCRIPTION                   ENABLED
667779c5ab70        weaveworks/net-plugin:latest   Weave Net plugin for Docker   true
81bd50710a37        rexray/ebs:latest              REX-Ray for Amazon EBS        true

> docker network create --driver=weaveworks/net-plugin --attachable mynetworkname
Error response from daemon: could not resolve driver weaveworks/net-plugin in registry

> docker version
Client:
 Version:      17.04.0-ce
 API version:  1.28
 Go version:   go1.7.5
 Git commit:   4845c56
 Built:        Mon Apr  3 18:07:42 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.04.0-ce
 API version:  1.28 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   4845c56
 Built:        Mon Apr  3 18:07:42 2017
 OS/Arch:      linux/amd64
 Experimental: false

[brb]

@jamespedwards42 you should pass the whole name of the driver when creating a network, i.e.: docker network create --driver=weaveworks/net-plugin:latest --attachable mynetworkname

[jpe42]

@brb Same isssue:

> docker network create --driver=weaveworks/net-plugin:latest --attachable mynetworkname
Error response from daemon: could not resolve driver weaveworks/net-plugin:latest in registry

[brb]

@jamespedwards42 Could you do the following:

• Check whether weaver process is running (ps aux | grep weaver).
• Provide docker logs (journalctl -r -u docker.service if you run systemd).

[jpe42]

@brb I restarted the docker service and then ran the create network command for the logs capture; pasted on pastebin.

> ps aux | grep weaver
root      5068  0.0  0.0  12944   960 pts/0    S+   13:13   0:00 grep --color=auto weaver

> journalctl -r -u docker.service
https://pastebin.com/sxjr0kyC

[brb]

That's weird.

Mind running docker plugin disable weaveworks/net-plugin:latest && docker plugin enable weaveworks/net-plugin:latest? If the problem persists, please provide the docker.service logs again. Thanks.

[jpe42]

@brb ha! awesome that got it.... I restarted a server and the issue came back, so I had to disable/enable again. I'm guessing that needs to be done anytime the engine is restarted.

@Multiply I was able to confirm that it works with docker stack deploy against a docker compose file. It created the non-existing network for me:

networks:
  my-weave-network:
    driver: weaveworks/net-plugin:latest
    ipam:
      driver: default
      config:
        -
          subnet: 10.0.0.0/24

[brb]

I'm guessing that needs to be done anytime the engine is restarted.

I've just tried rebooting machine / restarting the engine - the plugin came back properly w/o disable / enable.

[jpe42]

@brb I just went through 4 hosts and had the same issue after restarts on all of them.

> docker network create --driver=weaveworks/net-plugin:latest --attachable mynetworkname
Error response from daemon: could not resolve driver weaveworks/net-plugin:latest in registry

> docker plugin disable weaveworks/net-plugin:latest weaveworks/net-plugin:latest

> docker plugin enable weaveworks/net-plugin:latest weaveworks/net-plugin:latest

> docker network create --driver=weaveworks/net-plugin:latest --attachable mynetworkname
mc9pap4xanv1f94cuxdmsgek7

logs after restart: https://pastebin.com/B4ngjtnt

[brb]

@jamespedwards42 Thanks. Found the issue (#2906).