Barrel should not return 502 bad gateway error when failed

[jasonjoo2010]

Background

Currently, the barrel will return a bad gateway error to the client when failed. For example, when it failed to allocate a new address when creating a container with a fixed-ip label, it will show a bad gateway error.

Related code:

func writeErrorResponse(res http.ResponseWriter, logger utils.Logger, err error, label string) {
	logger.Errorf("%s failed %v", label, err)
	if err := utils.WriteBadGateWayResponse(
		res,
		utils.HTTPSimpleMessageResponseBody{
			Message: label + " error",
		},
	); err != nil {
		logger.Errorf("write %s error response failed %v", label, err)
	}
}

Logging:

Aug 25 19:02:51 bash[23490]: time="2021-08-25 19:02:51" level=info msg="Ran out of existing affine blocks for host"
Aug 25 19:02:51 bash[23490]: time="2021-08-25 19:02:51" level=info msg="Auto-assigned 0 out of 1 IPv4s: []" 
Aug 25 19:02:51 bash[23490]: time="2021-08-25 19:02:51" level=error msg="[containerCreateHandler::Handle] check and request fixed-ip failed Unexpected number of assigned IP addresses. A single address should be assigned. Got []"

But the error message is not explicit to read on the client-side:

Error response from daemon: check and request fixed-ip error

Improvement

The Barrel should be compatible with the docker client and act like a normal dockerd.

Extra

Actually, it's not my first time helping others (like QA colleagues) and I have already found it's difficult to identify the root cause. I am recalling my memory of it, if I made it, I will update it here.

Update:

I have recalled it. On day QA came to ask me why he kept getting an error The requested subnet must match the CIDR of a configured Calico IP Pool when creating new containers using the calico network in his own test cluster.

It looked like the subnet was not right in the configuration. But after confirming this and others, it wasn't the cause. And I created a new one with calico, it worked normally. That really confused me. After spending time to reading code and logs, I found the problem finally. The related code was:

	f := false
	networkName := ""
	for _, p := range pools.Items {
		if nid, ok := p.Annotations[dockerLabelPrefix+"network.ID"]; ok && nid == request.NetworkID {
			f = true
			networkName = p.ObjectMeta.Name
			log.Debugf("Find ippool : %v\n", p.Name)
			break
		}
	}
	if !f {
		log.Errorln(types.ErrCIDRNotInPool)
		return nil, types.ErrCIDRNotInPool
	}

Though I didn't know how it happened, the network.ID didn't match that in the configuration of docker. So the error message was totally misleading. I suggest we output appropriate and explicit logs at least or good to have a more explicit error message.

[jasonjoo2010]

The details and docs can refer: https://github.com/moby/moby/blob/master/docs/api/v1.41.yaml

And it would be better to give a more specific cause in the error description.

[jschwinger233]

Right, just need to figure out the response of dockerd on the moment when libnetwork fails to fetch an IP.

[nyanpassu]

understand, 502 was designed to distinguish errors of proxy from errors of dockerd, it is ok for a http request but will cause error for docker client, i'll make it compatible with docker client.