And setup and teardown

Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>

pkg/os/os.go

@@ -31,6 +31,7 @@ type OS interface {
 	MkdirAll(path string, perm os.FileMode) error
 	RemoveAll(path string) error
 	OpenFifo(ctx context.Context, fn string, flag int, perm os.FileMode) (io.ReadWriteCloser, error)
+	Stat(name string) (os.FileInfo, error)
 }
 
 // RealOS is used to dispatch the real system level operations.
@@ -50,3 +51,8 @@ func (RealOS) RemoveAll(path string) error {
 func (RealOS) OpenFifo(ctx context.Context, fn string, flag int, perm os.FileMode) (io.ReadWriteCloser, error) {
 	return fifo.OpenFifo(ctx, fn, flag, perm)
 }
+
+// Stat will call os.Stat to get the status of the given file.
+func (RealOS) Stat(name string) (os.FileInfo, error) {
+	return os.Stat(name)
+}

pkg/server/sandbox_run.go

@@ -86,8 +86,6 @@ func (c *criContainerdService) RunPodSandbox(ctx context.Context, r *runtime.Run
 	// Use fixed rootfs path and sleep command.
 	const rootPath = "/"
 
-	// TODO(random-liu): [P0] Set up sandbox network with network plugin.
-
 	// Create sandbox container root directory.
 	// Prepare streaming named pipe.
 	sandboxRootDir := getSandboxRootDir(c.rootDir, id)
@@ -173,6 +171,24 @@ func (c *criContainerdService) RunPodSandbox(ctx context.Context, r *runtime.Run
 		}
 	}()
 
+	meta.NetNS = getNetworkNamespace(createResp.Pid)
+	if !config.GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostNetwork() {
+		// Setup network for sandbox.
+		// TODO(random-liu): [P2] Replace with permanent network namespace.
+		podName := config.GetMetadata().GetName()
+		if err = c.netPlugin.SetUpPod(meta.NetNS, config.GetMetadata().GetNamespace(), podName, id); err != nil {
+			return nil, fmt.Errorf("failed to setup network for sandbox %q: %v", id, err)
+		}
+		defer func() {
+			if retErr != nil {
+				// Teardown network if an error is returned.
+				if err := c.netPlugin.TearDownPod(meta.NetNS, config.GetMetadata().GetNamespace(), podName, id); err != nil {
+					glog.Errorf("failed to destroy network for sandbox %q: %v", id, err)
+				}
+			}
+		}()
+	}
+
 	// Start sandbox container in containerd.
 	if _, err := c.containerService.Start(ctx, &execution.StartRequest{ID: id}); err != nil {
 		return nil, fmt.Errorf("failed to start sandbox container %q: %v",
@@ -181,8 +197,6 @@ func (c *criContainerdService) RunPodSandbox(ctx context.Context, r *runtime.Run
 
 	// Add sandbox into sandbox store.
 	meta.CreatedAt = time.Now().UnixNano()
-	// TODO(random-liu): [P2] Replace with permanent network namespace.
-	meta.NetNS = getNetworkNamespace(createResp.Pid)
 	if err := c.sandboxStore.Create(meta); err != nil {
 		return nil, fmt.Errorf("failed to add sandbox metadata %+v into store: %v",
 			meta, err)

pkg/server/sandbox_status.go

@@ -59,11 +59,18 @@ func (c *criContainerdService) PodSandboxStatus(ctx context.Context, r *runtime.
 		state = runtime.PodSandboxState_SANDBOX_READY
 	}
 
-	return &runtime.PodSandboxStatusResponse{Status: toCRISandboxStatus(sandbox, state)}, nil
+	ip, err := c.netPlugin.GetContainerNetworkStatus(sandbox.NetNS, sandbox.Config.GetMetadata().GetNamespace(), sandbox.Config.GetMetadata().GetName(), id)
+	if err != nil {
+		// Ignore the error on network status
+		ip = ""
+		glog.V(4).Infof("GetContainerNetworkStatus returns error: %v", err)
+	}
+
+	return &runtime.PodSandboxStatusResponse{Status: toCRISandboxStatus(sandbox, state, ip)}, nil
 }
 
 // toCRISandboxStatus converts sandbox metadata into CRI pod sandbox status.
-func toCRISandboxStatus(meta *metadata.SandboxMetadata, state runtime.PodSandboxState) *runtime.PodSandboxStatus {
+func toCRISandboxStatus(meta *metadata.SandboxMetadata, state runtime.PodSandboxState, ip string) *runtime.PodSandboxStatus {
 	nsOpts := meta.Config.GetLinux().GetSecurityContext().GetNamespaceOptions()
 	netNS := meta.NetNS
 	if state == runtime.PodSandboxState_SANDBOX_NOTREADY {
@@ -79,8 +86,7 @@ func toCRISandboxStatus(meta *metadata.SandboxMetadata, state runtime.PodSandbox
 		Metadata:  meta.Config.GetMetadata(),
 		State:     state,
 		CreatedAt: meta.CreatedAt,
-		// TODO(random-liu): [P0] Get sandbox ip from network plugin.
+		Network:   &runtime.PodSandboxNetworkStatus{Ip: ip},
-		Network: &runtime.PodSandboxNetworkStatus{},
 		Linux: &runtime.LinuxPodSandboxStatus{
 			Namespaces: &runtime.Namespace{
 				// TODO(random-liu): Revendor new CRI version and get

pkg/server/sandbox_stop.go

@@ -18,6 +18,7 @@ package server
 
 import (
 	"fmt"
+	"os"
 
 	"github.com/golang/glog"
 	"golang.org/x/net/context"
@@ -45,6 +46,18 @@ func (c *criContainerdService) StopPodSandbox(ctx context.Context, r *runtime.St
 	// Use the full sandbox id.
 	id := sandbox.ID
 
+	// Teardown network for sandbox.
+	_, err = c.os.Stat(sandbox.NetNS)
+	if err == nil {
+		if teardownErr := c.netPlugin.TearDownPod(sandbox.NetNS, sandbox.Config.GetMetadata().GetNamespace(),
+			sandbox.Config.GetMetadata().GetName(), id); teardownErr != nil {
+			return nil, fmt.Errorf("failed to destroy network for sandbox %q: %v", id, teardownErr)
+		}
+	} else if !os.IsNotExist(err) { // It's ok for sandbox.NetNS to *not* exist
+		return nil, fmt.Errorf("failed to stat netns path for sandbox %q before tearing down the network: %v", id, err)
+	}
+	glog.V(2).Info("TearDown network for sandbox %q successfully", id)
+
 	// TODO(random-liu): [P1] Handle sandbox container graceful deletion.
 	// Delete the sandbox container from containerd.
 	_, err = c.containerService.Delete(ctx, &execution.DeleteRequest{ID: id})
@@ -52,7 +65,6 @@ func (c *criContainerdService) StopPodSandbox(ctx context.Context, r *runtime.St
 		return nil, fmt.Errorf("failed to delete sandbox container %q: %v", id, err)
 	}
 
-	// TODO(random-liu): [P0] Call network plugin to teardown network.
 	// TODO(random-liu): [P2] Stop all containers inside the sandbox.
 	return &runtime.StopPodSandboxResponse{}, nil
 }

pkg/server/service.go

@@ -20,6 +20,7 @@ import (
 	"fmt"
 
 	"github.com/docker/docker/pkg/truncindex"
+	"github.com/kubernetes-incubator/cri-o/pkg/ocicni"
 	"google.golang.org/grpc"
 
 	contentapi "github.com/containerd/containerd/api/services/content"
@@ -33,8 +34,6 @@ import (
 	imagesservice "github.com/containerd/containerd/services/images"
 	rootfsservice "github.com/containerd/containerd/services/rootfs"
 
-	"github.com/kubernetes-incubator/cri-o/pkg/ocicni"
-
 	"github.com/kubernetes-incubator/cri-containerd/pkg/metadata"
 	"github.com/kubernetes-incubator/cri-containerd/pkg/metadata/store"
 	osinterface "github.com/kubernetes-incubator/cri-containerd/pkg/os"