From a8ee4f136d3aa8895bdbb490abf3036e4e93cd04 Mon Sep 17 00:00:00 2001 From: Starnop Date: Wed, 7 Nov 2018 17:16:59 +0800 Subject: [PATCH] bugfix: use netNSPath dynamically Signed-off-by: Starnop --- cri/ocicni/cni_manager.go | 3 ++ cri/v1alpha2/cri.go | 83 +++++++++------------------------------ cri/v1alpha2/cri_types.go | 3 -- cri/v1alpha2/cri_utils.go | 10 ++--- 4 files changed, 27 insertions(+), 72 deletions(-) diff --git a/cri/ocicni/cni_manager.go b/cri/ocicni/cni_manager.go index e91f436f7a..dd88c65854 100644 --- a/cri/ocicni/cni_manager.go +++ b/cri/ocicni/cni_manager.go @@ -77,6 +77,9 @@ func (c *CniManager) SetUpPodNetwork(podNetwork *ocicni.PodNetwork) error { func (c *CniManager) TearDownPodNetwork(podNetwork *ocicni.PodNetwork) error { err := c.plugin.TearDownPod(*podNetwork) if err != nil { + if _, err = os.Stat(podNetwork.NetNS); err != nil { + return err + } return fmt.Errorf("failed to destroy network for sandbox %q: %v", podNetwork.ID, err) } return nil diff --git a/cri/v1alpha2/cri.go b/cri/v1alpha2/cri.go index 0f0520478e..073dd8b5cb 100644 --- a/cri/v1alpha2/cri.go +++ b/cri/v1alpha2/cri.go @@ -318,35 +318,13 @@ func (c *CriManager) RunPodSandbox(ctx context.Context, r *runtime.RunPodSandbox } // Step 4: Setup networking for the sandbox. - var netnsPath string networkNamespaceMode := config.GetLinux().GetSecurityContext().GetNamespaceOptions().GetNetwork() // If it is in host network, no need to configure the network of sandbox. if networkNamespaceMode != runtime.NamespaceMode_NODE { - netnsPath, err = c.setupPodNetwork(ctx, id, config) + err = c.setupPodNetwork(ctx, id, config) if err != nil { return nil, err } - defer func() { - // Teardown network if an error is returned. - if retErr != nil { - teardownNetErr := c.CniMgr.TearDownPodNetwork(&ocicni.PodNetwork{ - Name: config.GetMetadata().GetName(), - Namespace: config.GetMetadata().GetNamespace(), - ID: id, - NetNS: netnsPath, - PortMappings: toCNIPortMappings(config.GetPortMappings()), - }) - if teardownNetErr != nil { - logrus.Errorf("failed to destroy network for sandbox %q: %v", id, teardownNetErr) - } - } - }() - - // update the metadata of sandbox container after network had been set up successfully. - sandboxMeta.NetNSPath = netnsPath - if err := c.SandboxStore.Put(sandboxMeta); err != nil { - return nil, err - } } metrics.PodSuccessActionsCounter.WithLabelValues(label).Inc() @@ -390,36 +368,13 @@ func (c *CriManager) StartPodSandbox(ctx context.Context, r *runtime.StartPodSan sandboxMeta := res.(*SandboxMeta) // setup networking for the sandbox. - var netnsPath string networkNamespaceMode := sandboxMeta.Config.GetLinux().GetSecurityContext().GetNamespaceOptions().GetNetwork() // If it is in host network, no need to configure the network of sandbox. if networkNamespaceMode != runtime.NamespaceMode_NODE { - netnsPath, err = c.setupPodNetwork(ctx, podSandboxID, sandboxMeta.Config) + err = c.setupPodNetwork(ctx, podSandboxID, sandboxMeta.Config) if err != nil { return nil, err } - defer func() { - // Teardown network if an error is returned. - if err != nil { - teardownNetErr := c.CniMgr.TearDownPodNetwork(&ocicni.PodNetwork{ - Name: sandboxMeta.Config.GetMetadata().GetName(), - Namespace: sandboxMeta.Config.GetMetadata().GetNamespace(), - ID: podSandboxID, - NetNS: netnsPath, - PortMappings: toCNIPortMappings(sandboxMeta.Config.GetPortMappings()), - }) - if teardownNetErr != nil { - logrus.Errorf("failed to destroy network for sandbox %q: %v", podSandboxID, teardownNetErr) - } - } - }() - } - - // update sandboxMeta - sandboxMeta.NetNSPath = netnsPath - err = c.SandboxStore.Put(sandboxMeta) - if err != nil { - return nil, err } metrics.PodSuccessActionsCounter.WithLabelValues(label).Inc() @@ -477,23 +432,23 @@ func (c *CriManager) StopPodSandbox(ctx context.Context, r *runtime.StopPodSandb // Teardown network of the pod, if it is not in host network mode. if !hostNet { - _, err = os.Stat(sandboxMeta.NetNSPath) - // If the sandbox has been stopped, the corresponding network namespace will not exist. - if err == nil { - err = c.CniMgr.TearDownPodNetwork(&ocicni.PodNetwork{ - Name: metadata.GetName(), - Namespace: metadata.GetNamespace(), - ID: podSandboxID, - NetNS: sandboxMeta.NetNSPath, - PortMappings: toCNIPortMappings(sandboxMeta.Config.GetPortMappings()), - }) - if err != nil { - return nil, err - } - } else if !os.IsNotExist(err) { - return nil, fmt.Errorf("failed to stat network namespace file %s of sandbox %s: %v", sandboxMeta.NetNSPath, podSandboxID, err) + sandbox, err := c.ContainerMgr.Get(ctx, podSandboxID) + if err != nil { + return nil, fmt.Errorf("failed to get sandbox %q: %v", podSandboxID, err) + } + + netNSPath := containerNetns(sandbox) + err = c.CniMgr.TearDownPodNetwork(&ocicni.PodNetwork{ + Name: metadata.GetName(), + Namespace: metadata.GetNamespace(), + ID: podSandboxID, + NetNS: netNSPath, + PortMappings: toCNIPortMappings(sandboxMeta.Config.GetPortMappings()), + }) + if !os.IsNotExist(err) { + return nil, err } else { - logrus.Warnf("failed to find network namespace file %s of sandbox %s which may have been already stopped", sandboxMeta.NetNSPath, podSandboxID) + logrus.Warnf("failed to find network namespace file %s of sandbox %s which may have been already stopped", netNSPath, podSandboxID) } } @@ -607,7 +562,7 @@ func (c *CriManager) PodSandboxStatus(ctx context.Context, r *runtime.PodSandbox var ip string // No need to get ip for host network mode. if !hostNet { - ip, err = c.CniMgr.GetPodNetworkStatus(sandboxMeta.NetNSPath) + ip, err = c.CniMgr.GetPodNetworkStatus(containerNetns(sandbox)) if err != nil { // Maybe the pod has been stopped. logrus.Warnf("failed to get ip of sandbox %q: %v", podSandboxID, err) diff --git a/cri/v1alpha2/cri_types.go b/cri/v1alpha2/cri_types.go index 7096dbd0fc..6d276fe47e 100644 --- a/cri/v1alpha2/cri_types.go +++ b/cri/v1alpha2/cri_types.go @@ -12,9 +12,6 @@ type SandboxMeta struct { // Config is CRI sandbox config. Config *runtime.PodSandboxConfig - // NetNSPath is the network namespace used by the sandbox. - NetNSPath string - // Runtime is the runtime of sandbox Runtime string diff --git a/cri/v1alpha2/cri_utils.go b/cri/v1alpha2/cri_utils.go index 6f991cc489..baca1b3262 100644 --- a/cri/v1alpha2/cri_utils.go +++ b/cri/v1alpha2/cri_utils.go @@ -455,14 +455,14 @@ func setupSandboxFiles(sandboxRootDir string, config *runtime.PodSandboxConfig) // setupPodNetwork sets up the network of PodSandbox and return the netnsPath of PodSandbox // and do nothing when networkNamespaceMode equals runtime.NamespaceMode_NODE. -func (c *CriManager) setupPodNetwork(ctx context.Context, id string, config *runtime.PodSandboxConfig) (string, error) { +func (c *CriManager) setupPodNetwork(ctx context.Context, id string, config *runtime.PodSandboxConfig) error { container, err := c.ContainerMgr.Get(ctx, id) if err != nil { - return "", err + return err } netnsPath := containerNetns(container) if netnsPath == "" { - return "", fmt.Errorf("failed to find network namespace path for sandbox %q", id) + return fmt.Errorf("failed to find network namespace path for sandbox %q", id) } err = c.CniMgr.SetUpPodNetwork(&ocicni.PodNetwork{ @@ -473,10 +473,10 @@ func (c *CriManager) setupPodNetwork(ctx context.Context, id string, config *run PortMappings: toCNIPortMappings(config.GetPortMappings()), }) if err != nil { - return "", err + return err } - return netnsPath, nil + return nil } // Container related tool functions.