Add NetMode, UtsMode and IPCMode Namespaces support #64
Conversation
rhatdan
force-pushed
the
namespaces
branch
2 times, most recently
from
6e7646e to
8740e19
Compare
cmd/kpod/create.go
Outdated
| ip6Address string //ipv6 | ||
| ipAddress string //ip | ||
| labels map[string]string //label | ||
| linkLocalIP []string // link-local-ip |
There was a problem hiding this comment.
nit of a nit, gotta space after // in the comment for these 3, but not in the others. Yes my OCD is kicking in.
There was a problem hiding this comment.
I actually think we should just remove these comments, since they were just a helper to @baude to remember the link between the CLI option and the internal storage
| return nil | ||
| } | ||
|
|
||
| func addUTSNS(config *createConfig, g *generate.Generator) error { |
There was a problem hiding this comment.
will you be adding "IsContainer" functionality to this function too? If not, should this be renamed to remove rather than add?
There was a problem hiding this comment.
IsContainer is not valid for UTS, it only has host and Private (Default). UTS almost always follows with --net.
|
lots of unhappy tests atm. |
|
Yup, I have to make shm work properly. Taking all day to get close. |
rhatdan
force-pushed
the
namespaces
branch
7 times, most recently
from
a5d4ab3 to
f14145d
Compare
|
@TomSweeneyRedHat @baude @mheon @umohnani8 Tests finally pass, Please review this. I can break this up into a series of PRs if that is easier. |
libpod/container.go
Outdated
| @@ -384,7 +403,7 @@ func (c *Container) Init() (err error) { | |||
|
|
|||
| c.state.State = ContainerStateCreated | |||
|
|
|||
| if err := c.runtime.state.SaveContainer(c); err != nil { | |||
| if err := c.Save(); err != nil { | |||
| return errors.Wrapf(err, "error saving container %s state", c.ID()) | |||
There was a problem hiding this comment.
Just return err, the same error message here is being returned in Save() as well. This will just print out the same error message twice.
libpod/container.go
Outdated
| @@ -416,7 +435,7 @@ func (c *Container) Start() error { | |||
| return err | |||
| } | |||
|
|
|||
| if err := c.runtime.state.SaveContainer(c); err != nil { | |||
| if err := c.Save(); err != nil { | |||
| return errors.Wrapf(err, "error saving container %s state", c.ID()) | |||
libpod/container.go
Outdated
| @@ -501,7 +520,7 @@ func (c *Container) Mount(label string) (string, error) { | |||
| c.state.Mounted = true | |||
| c.config.MountLabel = mountLabel | |||
|
|
|||
| if err := c.runtime.state.SaveContainer(c); err != nil { | |||
| if err := c.Save(); err != nil { | |||
| return "", errors.Wrapf(err, "error saving container %s state", c.ID()) | |||
|
☔ The latest upstream changes (presumably ab62fe1) made this pull request unmergeable. Please resolve the merge conflicts. |
libpod/container.go
Outdated
| @@ -672,3 +691,11 @@ func (c *Container) isStopped() (bool, error) { | |||
| } | |||
| return c.state.State == ContainerStateStopped, nil | |||
| } | |||
|
|
|||
| // Save container state to the database | |||
| func (c *Container) Save() error { | |||
There was a problem hiding this comment.
Don't think this needs to be exposed. We should never need to call this from outside libpod.
rhatdan
force-pushed
the
namespaces
branch
3 times, most recently
from
ccc22a5 to
9d0b0ac
Compare
libpod/runtime_ctr.go
Outdated
| @@ -53,6 +60,27 @@ func (r *Runtime) NewContainer(spec *spec.Spec, options ...CtrCreateOption) (c * | |||
| } | |||
| }() | |||
|
|
|||
| shmdir := ctr.ShmDir() | |||
| if shmdir == "" { | |||
There was a problem hiding this comment.
Can you set ctr.config.ShmDir here to the new SHM you create? That way we preserve the path in the DB
There was a problem hiding this comment.
I am setting it about 5 rows below. ctr.config.ShmDir() return ctr.config.ShmDir,
libpod/runtime_ctr.go
Outdated
| } | ||
| g := generate.NewFromSpec(spec) | ||
| g.AddBindMount(shmdir, "/dev/shm", []string{"rw"}) | ||
| ctr.replaceSpec(g.Spec()) |
There was a problem hiding this comment.
Instead of using replaceSpec, can you do this in https://github.com/projectatomic/libpod/blob/master/libpod/container.go#L426-L431 - when we generate the runtime spec we're going to use? That will remove the need for replaceSpec and ensure that ctr.config.Spec is always the spec the user gave to us
cmd/kpod/create.go
Outdated
| if config.pidMode.IsHost() { | ||
| labelOpts = append(labelOpts, label.DisableSecOpt()...) | ||
| } | ||
| if config.pidMode.IsContainer() { |
There was a problem hiding this comment.
Can this be else-if? I think pid=host and pid= are exclusive
cmd/kpod/create.go
Outdated
| if config.ipcMode.IsHost() { | ||
| labelOpts = append(labelOpts, label.DisableSecOpt()...) | ||
| } | ||
| if config.ipcMode.IsContainer() { |
There was a problem hiding this comment.
Can this be else-if? I think host and container are exclusive
cmd/kpod/create.go
Outdated
| if ipcMode.IsHost() { | ||
| return "/dev/shm", nil | ||
| } | ||
| if ipcMode.IsContainer() { |
There was a problem hiding this comment.
No need other calls are returning.
| if netMode.IsNone() { | ||
| return libpod.ErrNotImplemented | ||
| } | ||
| if netMode.IsBridge() { |
There was a problem hiding this comment.
no need other calls are returning.
| if netMode.IsBridge() { | ||
| return libpod.ErrNotImplemented | ||
| } | ||
| if netMode.IsContainer() { |
There was a problem hiding this comment.
No need since others are returning.
|
☔ The latest upstream changes (presumably 1f9c894) made this pull request unmergeable. Please resolve the merge conflicts. |
rhatdan
force-pushed
the
namespaces
branch
2 times, most recently
from
caaae06 to
ce64196
Compare
|
@rhatdan, Travis isn't happy due to some unwanted whitespace. |
|
@mheon Now storing the list of mounts in the DB. So code less hacky and it seems to work, PTAL. |
| } | ||
| } | ||
| } | ||
| c.config.Mounts = []string{} |
There was a problem hiding this comment.
Since this is in c.config, it won't be saved
| @@ -471,6 +484,19 @@ func (c *Container) Start() error { | |||
| return err | |||
| } | |||
|
|
|||
| mounted, err := mount.Mounted(c.config.ShmDir) | |||
There was a problem hiding this comment.
I feel like we ought to make a generic Mount() function that ensures the container, SHM, and everything else are mounted and ready to go. But that can wait for another PR.
|
@rhatdan There's a DB schema version in sql_state.go since my DB versioning patch hit. Can you increment that from 1 to 2, to indicate a change has been made in database arrangement? |
|
Otherwise, LGTM. I don't know if Mounts should be in Config or State yet, but for now I think we're fine. |
|
Well mounts should not change after the container has been created. |
|
@bot retest please |
|
@mheon updated the schema version. |
Allow kpod create/run to create contianers in different network namespaces, uts namespaces and IPC Namespaces. This patch just handles the simple join the host, or another containers namespaces. Lots more work needed to full integrate --net Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
bot, retest this please |
|
LGTM |
|
📌 Commit 403d5da has been approved by |
|
⌛ Testing commit 403d5da with merge e810bf5... |
|
💔 Test failed - status-papr |
|
@rh-atomic-bot retry |
|
☀️ Test successful - status-papr |
travis: run with ginkgo -p instead of go test
github-actions
bot
added
the
locked - please file new issue/PR
No description provided.