Do not attempt to retrieve IP from host network namespace

Since sandboxes which use the host network have no network namespace path this would result in an invalid invocation of nsenter. Rework the fetching of the sandbox to take this into account and also avoid trying to get an IP when the network plugin is not yet ready. Fixes #245. Signed-off-by: Ian Campbell <ijc@docker.com>
2017-09-19 15:05:13 +01:00 · 2017-09-19 15:05:13 +01:00 · 9c3c38d9ab
commit 9c3c38d9ab
parent 437131299b
1 changed files with 36 additions and 12 deletions
--- a/pkg/server/sandbox_status.go
+++ b/pkg/server/sandbox_status.go
@ -58,19 +58,10 @@ func (c *criContainerdService) PodSandboxStatus(ctx context.Context, r *runtime.
 			state = runtime.PodSandboxState_SANDBOX_READY
 		}
 	}
-	config := sandbox.Config
-	podNetwork := ocicni.PodNetwork{
-		Name:         config.GetMetadata().GetName(),
-		Namespace:    config.GetMetadata().GetNamespace(),
-		ID:           id,
-		NetNS:        sandbox.NetNSPath,
-		PortMappings: toCNIPortMappings(config.GetPortMappings()),
-	}
-	ip, err := c.netPlugin.GetPodNetworkStatus(podNetwork)
+
+	ip, err := c.getIP(sandbox)
 	if err != nil {
-		// Ignore the error on network status
-		ip = ""
-		glog.V(4).Infof("GetPodNetworkStatus returns error: %v", err)
+		return nil, fmt.Errorf("failed to get sandbox ip: %v", err)
 	}

 	createdAt := sandbox.Container.Info().CreatedAt
@ -78,6 +69,39 @@ func (c *criContainerdService) PodSandboxStatus(ctx context.Context, r *runtime.
 	return &runtime.PodSandboxStatusResponse{Status: status}, nil
 }

+func (c *criContainerdService) getIP(sandbox sandboxstore.Sandbox) (string, error) {
+	config := sandbox.Config
+
+	if config.GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostNetwork() {
+		// For sandboxes using the host network we are not
+		// responsible for reporting the IP.
+		return "", nil
+	}
+
+	if err := c.netPlugin.Status(); err != nil {
+		// If the network is not ready then there is nothing to report.
+		glog.V(4).Infof("getIP: unable to get sandbox %q network status: network plugin not ready.", sandbox.ID)
+		return "", nil
+	}
+
+	podNetwork := ocicni.PodNetwork{
+		Name:         config.GetMetadata().GetName(),
+		Namespace:    config.GetMetadata().GetNamespace(),
+		ID:           sandbox.ID,
+		NetNS:        sandbox.NetNSPath,
+		PortMappings: toCNIPortMappings(config.GetPortMappings()),
+	}
+
+	ip, err := c.netPlugin.GetPodNetworkStatus(podNetwork)
+	if err == nil {
+		return ip, nil
+	}
+
+	// Ignore the error on network status
+	glog.V(4).Infof("getIP: failed to read sandbox %q IP from plugin: %v", sandbox.ID, err)
+	return "", nil
+}
+
 // toCRISandboxStatus converts sandbox metadata into CRI pod sandbox status.
 func toCRISandboxStatus(meta sandboxstore.Metadata, state runtime.PodSandboxState, createdAt time.Time, ip string) *runtime.PodSandboxStatus {
 	nsOpts := meta.Config.GetLinux().GetSecurityContext().GetNamespaceOptions()