Updating IPAM config with results from HNS create network call.

[pradipd]

In windows HNS manages IPAM. If the user does not specify a subnet, HNS will choose one
for them. However, in order for the IPAM to show up in the output of "docker inspect",
we need to update the network IPAMv4Config field.

Signed-off-by: Pradip Dhara pradipd@microsoft.com

[pradipd]

This is a fix for moby/moby#38358. However, this is a fix for only the original issue. I.e. The default docker NAT network is missing.

This root cause is that when the user does not specify a subnet, windows (HNS) will chose one for them. However, we do not show the subnet/gateway in the output of docker inspect. However, the subnet and gateway are present and will work. Unfortunately any scripts that parse the output of "docker inspect nat" will fail.

Another simpler way to repro this issue is:
On windows server 2019.
docker network create -d nat mynat
docker inspect mynat

The output of docker inspect mynat will show
"Config": [ { "Subnet": "0.0.0.0/0" } ]

[pradipd]

Regarding the solution, I investigated @arkodg's suggesting of using docker's ipam and getting rid of the window's ipam plugin (https://github.com/docker/libnetwork/blob/master/ipams/windowsipam/windowsipam.go).
It may be possible to make that work (pradipd/moby@4a8e6fc) but it still requires some more investigation. And, I was told it may not work on server 2016. So, I went with this approach of updating the network object from the driver. I realize that this may not be ideal, however, I don't think we are the first to need the driver to update the network configuration:
https://github.com/pradipd/moby/blob/master/vendor/github.com/docker/libnetwork/controller.go#L836
We could also follow that model. But, I felt the callback was cleaner.

[pradipd]

@arkodg @mavenugo PTAL.

[arkodg]

@pradipd, would it be possible to add an API to HNS to GET a free subnet or even check if a subnet is free or not (Windows IPAM in libnetwork could pass some random value), then there would be a clear separation between the Driver and the Network

[pradipd]

Sorry for the delayed response. I was OOF.

[pradipd]

@arkodg: Adding an API would require us to backport the change to 2016. I don't think this issue is important enough to backport to 2016. There are workarounds that can unblock users.

[pradipd]

Oops. Sorry. Did not mean to resolve conversation. Will try and reopen

[arkodg]

@pradipd is it possible to use this CMD or the underlying API - https://docs.microsoft.com/en-us/powershell/module/ipamserver/find-ipamfreeaddress?view=win10-ps

[pradipd]

No. That API is for a different windows server role/feature that is not involved with HNS. I.e. that API is for when you setup your Windows Server as a DHCP server.

[selansen]

Could you pls rebase and submit again?
latest code base fixes the CI failure .

[daschott]

@pradipd @arkodg @selansen is there anything else needed here?

[selansen]

LGTM

[selansen]

@arkodg PTAL .

[arkodg]

Can we make this generic to ipv4 and ipv6

[pradipd]

I just undid that change based off feedback from @selansen . Windows wasn't using it, so, we decided we can add it later when we (or some other driver) needs it.

[pradipd]

I mean windows wasn't passing any IPv6 data in using UpdateIpamConfig()

[selansen]

I still stick by my comment. if we are not using it, we dont need it. It will confuse everyone who is looking into the code after few months wondering why is this code exists if we are not using it.

[selansen]

Thanks a lot @arkodg @pradipd

[subbunori]

Hi, How to know if this change is release in latest docker enterprise version?

[arkodg]

@subbunori can you please update to latest 19.03 version and this fix should be present
here are the commits in the 19.03 branch - https://github.com/docker/libnetwork/commits/bump_19.03