From 9c3c38d9ab069b87200b5a0834768d66a7832d32 Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Tue, 19 Sep 2017 15:05:13 +0100 Subject: [PATCH] Do not attempt to retrieve IP from host network namespace Since sandboxes which use the host network have no network namespace path this would result in an invalid invocation of nsenter. Rework the fetching of the sandbox to take this into account and also avoid trying to get an IP when the network plugin is not yet ready. Fixes #245. Signed-off-by: Ian Campbell --- pkg/server/sandbox_status.go | 48 +++++++++++++++++++++++++++--------- 1 file changed, 36 insertions(+), 12 deletions(-) diff --git a/pkg/server/sandbox_status.go b/pkg/server/sandbox_status.go index 2e84cedc7..ae1e2c275 100644 --- a/pkg/server/sandbox_status.go +++ b/pkg/server/sandbox_status.go @@ -58,19 +58,10 @@ func (c *criContainerdService) PodSandboxStatus(ctx context.Context, r *runtime. state = runtime.PodSandboxState_SANDBOX_READY } } - config := sandbox.Config - podNetwork := ocicni.PodNetwork{ - Name: config.GetMetadata().GetName(), - Namespace: config.GetMetadata().GetNamespace(), - ID: id, - NetNS: sandbox.NetNSPath, - PortMappings: toCNIPortMappings(config.GetPortMappings()), - } - ip, err := c.netPlugin.GetPodNetworkStatus(podNetwork) + + ip, err := c.getIP(sandbox) if err != nil { - // Ignore the error on network status - ip = "" - glog.V(4).Infof("GetPodNetworkStatus returns error: %v", err) + return nil, fmt.Errorf("failed to get sandbox ip: %v", err) } createdAt := sandbox.Container.Info().CreatedAt @@ -78,6 +69,39 @@ func (c *criContainerdService) PodSandboxStatus(ctx context.Context, r *runtime. return &runtime.PodSandboxStatusResponse{Status: status}, nil } +func (c *criContainerdService) getIP(sandbox sandboxstore.Sandbox) (string, error) { + config := sandbox.Config + + if config.GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostNetwork() { + // For sandboxes using the host network we are not + // responsible for reporting the IP. + return "", nil + } + + if err := c.netPlugin.Status(); err != nil { + // If the network is not ready then there is nothing to report. + glog.V(4).Infof("getIP: unable to get sandbox %q network status: network plugin not ready.", sandbox.ID) + return "", nil + } + + podNetwork := ocicni.PodNetwork{ + Name: config.GetMetadata().GetName(), + Namespace: config.GetMetadata().GetNamespace(), + ID: sandbox.ID, + NetNS: sandbox.NetNSPath, + PortMappings: toCNIPortMappings(config.GetPortMappings()), + } + + ip, err := c.netPlugin.GetPodNetworkStatus(podNetwork) + if err == nil { + return ip, nil + } + + // Ignore the error on network status + glog.V(4).Infof("getIP: failed to read sandbox %q IP from plugin: %v", sandbox.ID, err) + return "", nil +} + // toCRISandboxStatus converts sandbox metadata into CRI pod sandbox status. func toCRISandboxStatus(meta sandboxstore.Metadata, state runtime.PodSandboxState, createdAt time.Time, ip string) *runtime.PodSandboxStatus { nsOpts := meta.Config.GetLinux().GetSecurityContext().GetNamespaceOptions()