bugfix: use netNSPath dynamically

Signed-off-by: Starnop <[email protected]>
AliyunContainerService · Nov 7, 2018 · a8ee4f1 · a8ee4f1
1 parent a8ee96e
commit a8ee4f1
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 72 deletions.
diff --git a/cri/ocicni/cni_manager.go b/cri/ocicni/cni_manager.go
@@ -77,6 +77,9 @@ func (c *CniManager) SetUpPodNetwork(podNetwork *ocicni.PodNetwork) error {
 func (c *CniManager) TearDownPodNetwork(podNetwork *ocicni.PodNetwork) error {
 	err := c.plugin.TearDownPod(*podNetwork)
 	if err != nil {
+		if _, err = os.Stat(podNetwork.NetNS); err != nil {
+			return err
+		}
 		return fmt.Errorf("failed to destroy network for sandbox %q: %v", podNetwork.ID, err)
 	}
 	return nil

diff --git a/cri/v1alpha2/cri.go b/cri/v1alpha2/cri.go
@@ -318,35 +318,13 @@ func (c *CriManager) RunPodSandbox(ctx context.Context, r *runtime.RunPodSandbox
 	}
 
 	// Step 4: Setup networking for the sandbox.
-	var netnsPath string
 	networkNamespaceMode := config.GetLinux().GetSecurityContext().GetNamespaceOptions().GetNetwork()
 	// If it is in host network, no need to configure the network of sandbox.
 	if networkNamespaceMode != runtime.NamespaceMode_NODE {
-		netnsPath, err = c.setupPodNetwork(ctx, id, config)
+		err = c.setupPodNetwork(ctx, id, config)
 		if err != nil {
 			return nil, err
 		}
-		defer func() {
-			// Teardown network if an error is returned.
-			if retErr != nil {
-				teardownNetErr := c.CniMgr.TearDownPodNetwork(&ocicni.PodNetwork{
-					Name:         config.GetMetadata().GetName(),
-					Namespace:    config.GetMetadata().GetNamespace(),
-					ID:           id,
-					NetNS:        netnsPath,
-					PortMappings: toCNIPortMappings(config.GetPortMappings()),
-				})
-				if teardownNetErr != nil {
-					logrus.Errorf("failed to destroy network for sandbox %q: %v", id, teardownNetErr)
-				}
-			}
-		}()
-
-		// update the metadata of sandbox container after network had been set up successfully.
-		sandboxMeta.NetNSPath = netnsPath
-		if err := c.SandboxStore.Put(sandboxMeta); err != nil {
-			return nil, err
-		}
 	}
 
 	metrics.PodSuccessActionsCounter.WithLabelValues(label).Inc()
@@ -390,36 +368,13 @@ func (c *CriManager) StartPodSandbox(ctx context.Context, r *runtime.StartPodSan
 	sandboxMeta := res.(*SandboxMeta)
 
 	// setup networking for the sandbox.
-	var netnsPath string
 	networkNamespaceMode := sandboxMeta.Config.GetLinux().GetSecurityContext().GetNamespaceOptions().GetNetwork()
 	// If it is in host network, no need to configure the network of sandbox.
 	if networkNamespaceMode != runtime.NamespaceMode_NODE {
-		netnsPath, err = c.setupPodNetwork(ctx, podSandboxID, sandboxMeta.Config)
+		err = c.setupPodNetwork(ctx, podSandboxID, sandboxMeta.Config)
 		if err != nil {
 			return nil, err
 		}
-		defer func() {
-			// Teardown network if an error is returned.
-			if err != nil {
-				teardownNetErr := c.CniMgr.TearDownPodNetwork(&ocicni.PodNetwork{
-					Name:         sandboxMeta.Config.GetMetadata().GetName(),
-					Namespace:    sandboxMeta.Config.GetMetadata().GetNamespace(),
-					ID:           podSandboxID,
-					NetNS:        netnsPath,
-					PortMappings: toCNIPortMappings(sandboxMeta.Config.GetPortMappings()),
-				})
-				if teardownNetErr != nil {
-					logrus.Errorf("failed to destroy network for sandbox %q: %v", podSandboxID, teardownNetErr)
-				}
-			}
-		}()
-	}
-
-	// update sandboxMeta
-	sandboxMeta.NetNSPath = netnsPath
-	err = c.SandboxStore.Put(sandboxMeta)
-	if err != nil {
-		return nil, err
 	}
 
 	metrics.PodSuccessActionsCounter.WithLabelValues(label).Inc()
@@ -477,23 +432,23 @@ func (c *CriManager) StopPodSandbox(ctx context.Context, r *runtime.StopPodSandb
 
 	// Teardown network of the pod, if it is not in host network mode.
 	if !hostNet {
-		_, err = os.Stat(sandboxMeta.NetNSPath)
-		// If the sandbox has been stopped, the corresponding network namespace will not exist.
-		if err == nil {
-			err = c.CniMgr.TearDownPodNetwork(&ocicni.PodNetwork{
-				Name:         metadata.GetName(),
-				Namespace:    metadata.GetNamespace(),
-				ID:           podSandboxID,
-				NetNS:        sandboxMeta.NetNSPath,
-				PortMappings: toCNIPortMappings(sandboxMeta.Config.GetPortMappings()),
-			})
-			if err != nil {
-				return nil, err
-			}
-		} else if !os.IsNotExist(err) {
-			return nil, fmt.Errorf("failed to stat network namespace file %s of sandbox %s: %v", sandboxMeta.NetNSPath, podSandboxID, err)
+		sandbox, err := c.ContainerMgr.Get(ctx, podSandboxID)
+		if err != nil {
+			return nil, fmt.Errorf("failed to get sandbox %q: %v", podSandboxID, err)
+		}
+
+		netNSPath := containerNetns(sandbox)
+		err = c.CniMgr.TearDownPodNetwork(&ocicni.PodNetwork{
+			Name:         metadata.GetName(),
+			Namespace:    metadata.GetNamespace(),
+			ID:           podSandboxID,
+			NetNS:        netNSPath,
+			PortMappings: toCNIPortMappings(sandboxMeta.Config.GetPortMappings()),
+		})
+		if !os.IsNotExist(err) {
+			return nil, err
 		} else {
-			logrus.Warnf("failed to find network namespace file %s of sandbox %s which may have been already stopped", sandboxMeta.NetNSPath, podSandboxID)
+			logrus.Warnf("failed to find network namespace file %s of sandbox %s which may have been already stopped", netNSPath, podSandboxID)
 		}
 	}
 
@@ -607,7 +562,7 @@ func (c *CriManager) PodSandboxStatus(ctx context.Context, r *runtime.PodSandbox
 	var ip string
 	// No need to get ip for host network mode.
 	if !hostNet {
-		ip, err = c.CniMgr.GetPodNetworkStatus(sandboxMeta.NetNSPath)
+		ip, err = c.CniMgr.GetPodNetworkStatus(containerNetns(sandbox))
 		if err != nil {
 			// Maybe the pod has been stopped.
 			logrus.Warnf("failed to get ip of sandbox %q: %v", podSandboxID, err)

diff --git a/cri/v1alpha2/cri_types.go b/cri/v1alpha2/cri_types.go
@@ -12,9 +12,6 @@ type SandboxMeta struct {
 	// Config is CRI sandbox config.
 	Config *runtime.PodSandboxConfig
 
-	// NetNSPath is the network namespace used by the sandbox.
-	NetNSPath string
-
 	// Runtime is the runtime of sandbox
 	Runtime string
 

diff --git a/cri/v1alpha2/cri_utils.go b/cri/v1alpha2/cri_utils.go
@@ -455,14 +455,14 @@ func setupSandboxFiles(sandboxRootDir string, config *runtime.PodSandboxConfig)
 
 // setupPodNetwork sets up the network of PodSandbox and return the netnsPath of PodSandbox
 // and do nothing when networkNamespaceMode equals runtime.NamespaceMode_NODE.
-func (c *CriManager) setupPodNetwork(ctx context.Context, id string, config *runtime.PodSandboxConfig) (string, error) {
+func (c *CriManager) setupPodNetwork(ctx context.Context, id string, config *runtime.PodSandboxConfig) error {
 	container, err := c.ContainerMgr.Get(ctx, id)
 	if err != nil {
-		return "", err
+		return err
 	}
 	netnsPath := containerNetns(container)
 	if netnsPath == "" {
-		return "", fmt.Errorf("failed to find network namespace path for sandbox %q", id)
+		return fmt.Errorf("failed to find network namespace path for sandbox %q", id)
 	}
 
 	err = c.CniMgr.SetUpPodNetwork(&ocicni.PodNetwork{
@@ -473,10 +473,10 @@ func (c *CriManager) setupPodNetwork(ctx context.Context, id string, config *run
 		PortMappings: toCNIPortMappings(config.GetPortMappings()),
 	})
 	if err != nil {
-		return "", err
+		return err
 	}
 
-	return netnsPath, nil
+	return nil
 }
 
 // Container related tool functions.