github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Do not attempt to retrieve IP from host network namespace

Browse Source 
Since sandboxes which use the host network have no network namespace path this
would result in an invalid invocation of nsenter.

Rework the fetching of the sandbox to take this into account and also avoid
trying to get an IP when the network plugin is not yet ready.

Fixes #245.

Signed-off-by: Ian Campbell <ijc@docker.com>
This commit is contained in:
Ian Campbell 2017-09-19 15:05:13 +01:00
parent 437131299b
commit 9c3c38d9ab
1 changed files with 36 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
pkg/server/sandbox_status.go
View File

@ -58,19 +58,10 @@ func (c *criContainerdService) PodSandboxStatus(ctx context.Context, r *runtime.
state = runtime.PodSandboxState_SANDBOX_READY state = runtime.PodSandboxState_SANDBOX_READY
} }
} }
config := sandbox.Config
podNetwork := ocicni.PodNetwork{ ip, err := c.getIP(sandbox)
Name: config.GetMetadata().GetName(),
Namespace: config.GetMetadata().GetNamespace(),
ID: id,
NetNS: sandbox.NetNSPath,
PortMappings: toCNIPortMappings(config.GetPortMappings()),
}
ip, err := c.netPlugin.GetPodNetworkStatus(podNetwork)
if err != nil { if err != nil {
// Ignore the error on network status return nil, fmt.Errorf("failed to get sandbox ip: %v", err)
ip = ""
glog.V(4).Infof("GetPodNetworkStatus returns error: %v", err)
} }
createdAt := sandbox.Container.Info().CreatedAt createdAt := sandbox.Container.Info().CreatedAt
@ -78,6 +69,39 @@ func (c *criContainerdService) PodSandboxStatus(ctx context.Context, r *runtime.
return &runtime.PodSandboxStatusResponse{Status: status}, nil return &runtime.PodSandboxStatusResponse{Status: status}, nil
} }
func (c *criContainerdService) getIP(sandbox sandboxstore.Sandbox) (string, error) {
config := sandbox.Config
if config.GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostNetwork() {
// For sandboxes using the host network we are not
// responsible for reporting the IP.
return "", nil
}
if err := c.netPlugin.Status(); err != nil {
// If the network is not ready then there is nothing to report.
glog.V(4).Infof("getIP: unable to get sandbox %q network status: network plugin not ready.", sandbox.ID)
return "", nil
}
podNetwork := ocicni.PodNetwork{
Name: config.GetMetadata().GetName(),
Namespace: config.GetMetadata().GetNamespace(),
ID: sandbox.ID,
NetNS: sandbox.NetNSPath,
PortMappings: toCNIPortMappings(config.GetPortMappings()),
}
ip, err := c.netPlugin.GetPodNetworkStatus(podNetwork)
if err == nil {
return ip, nil
}
// Ignore the error on network status
glog.V(4).Infof("getIP: failed to read sandbox %q IP from plugin: %v", sandbox.ID, err)
return "", nil
}
// toCRISandboxStatus converts sandbox metadata into CRI pod sandbox status. // toCRISandboxStatus converts sandbox metadata into CRI pod sandbox status.
func toCRISandboxStatus(meta sandboxstore.Metadata, state runtime.PodSandboxState, createdAt time.Time, ip string) *runtime.PodSandboxStatus { func toCRISandboxStatus(meta sandboxstore.Metadata, state runtime.PodSandboxState, createdAt time.Time, ip string) *runtime.PodSandboxStatus {
nsOpts := meta.Config.GetLinux().GetSecurityContext().GetNamespaceOptions() nsOpts := meta.Config.GetLinux().GetSecurityContext().GetNamespaceOptions()