Merge pull request #2511 from daeseokyoun/handle-network-host

raise an error for binding specific ports in 'host' mode of network

Author: gtardif

docker/api/container.py

@@ -523,6 +523,8 @@ def create_host_config(self, *args, **kwargs):
                 - ``container:<name|id>`` Reuse another container's network
                   stack.
                 - ``host`` Use the host network stack.
+                  This mode is incompatible with ``port_bindings``.
+
             oom_kill_disable (bool): Whether to disable OOM killer.
             oom_score_adj (int): An integer value containing the score given
                 to the container in order to tune OOM killer preferences.
@@ -531,7 +533,8 @@ def create_host_config(self, *args, **kwargs):
             pids_limit (int): Tune a container's pids limit. Set ``-1`` for
                 unlimited.
             port_bindings (dict): See :py:meth:`create_container`
-                    for more information.
+                for more information.
+                Imcompatible with ``host`` in ``network_mode``.
             privileged (bool): Give extended privileges to this container.
             publish_all_ports (bool): Publish all ports to the host.
             read_only (bool): Mount the container's root filesystem as read

docker/models/containers.py

@@ -649,6 +649,7 @@ def run(self, image, command=None, stdout=True, stderr=False,
                 - ``container:<name|id>`` Reuse another container's network
                   stack.
                 - ``host`` Use the host network stack.
+                  This mode is incompatible with ``ports``.
 
                 Incompatible with ``network``.
             oom_kill_disable (bool): Whether to disable OOM killer.
@@ -682,6 +683,7 @@ def run(self, image, command=None, stdout=True, stderr=False,
                   to a single container port. For example,
                   ``{'1111/tcp': [1234, 4567]}``.
 
+                Imcompatible with ``host`` in ``network_mode``.
             privileged (bool): Give extended privileges to this container.
             publish_all_ports (bool): Publish all ports to the host.
             read_only (bool): Mount the container's root filesystem as read

docker/types/containers.py

@@ -334,6 +334,11 @@ def __init__(self, version, binds=None, port_bindings=None,
         if dns_search:
             self['DnsSearch'] = dns_search
 
+        if network_mode is 'host' and port_bindings is not None:
+            raise host_config_incompatible_error(
+                'network_mode', 'host', 'port_bindings'
+            )
+
         if network_mode:
             self['NetworkMode'] = network_mode
         elif network_mode is None:
@@ -664,6 +669,13 @@ def host_config_value_error(param, param_value):
     return ValueError(error_msg.format(param, param_value))
 
 
+def host_config_incompatible_error(param, param_value, incompatible_param):
+    error_msg = 'Incompatible {1} in {0} is not compatible with {2}'
+    return errors.InvalidArgument(
+        error_msg.format(param, param_value, incompatible_param)
+    )
+
+
 class ContainerConfig(dict):
     def __init__(
         self, version, image, command, hostname=None, user=None, detach=False,