From f68b85b86d000b28f8ce1d221d9b35ad7ec3d12c Mon Sep 17 00:00:00 2001 From: Nick Ethier Date: Mon, 6 Apr 2020 21:02:26 -0400 Subject: [PATCH 1/4] ar/bridge: ensure cni configuration is always loaded --- client/allocrunner/networking_bridge_linux.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/client/allocrunner/networking_bridge_linux.go b/client/allocrunner/networking_bridge_linux.go index 75e9612d1fea..ed7aeb60d5ee 100644 --- a/client/allocrunner/networking_bridge_linux.go +++ b/client/allocrunner/networking_bridge_linux.go @@ -148,7 +148,7 @@ func (b *bridgeNetworkConfigurator) Setup(ctx context.Context, alloc *structs.Al return fmt.Errorf("failed to initialize table forwarding rules: %v", err) } - if err := b.cni.Load(cni.WithConfListBytes(b.buildNomadNetConfig())); err != nil { + if err := b.ensureCNIInitialized(); err != nil { return err } @@ -176,9 +176,20 @@ func (b *bridgeNetworkConfigurator) Setup(ctx context.Context, alloc *structs.Al // Teardown calls the CNI plugins with the delete action func (b *bridgeNetworkConfigurator) Teardown(ctx context.Context, alloc *structs.Allocation, spec *drivers.NetworkIsolationSpec) error { + if err := b.ensureCNIInitialized(); err != nil { + return err + } + return b.cni.Remove(ctx, alloc.ID, spec.Path, cni.WithCapabilityPortMap(getPortMapping(alloc))) } +func (b *bridgeNetworkConfigurator) ensureCNIInitialized() error { + if b.cni.Status() == cni.ErrCNINotInitialized { + return b.cni.Load(cni.WithConfListBytes(b.buildNomadNetConfig())) + } + return nil +} + // getPortMapping builds a list of portMapping structs that are used as the // portmapping capability arguments for the portmap CNI plugin func getPortMapping(alloc *structs.Allocation) []cni.PortMapping { From b078d7855bef8bc839bf51f69778502bafd53f04 Mon Sep 17 00:00:00 2001 From: Nick Ethier Date: Mon, 6 Apr 2020 21:21:42 -0400 Subject: [PATCH 2/4] ar/bridge: better cni status err handling --- client/allocrunner/networking_bridge_linux.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/client/allocrunner/networking_bridge_linux.go b/client/allocrunner/networking_bridge_linux.go index ed7aeb60d5ee..e2a6df992fc1 100644 --- a/client/allocrunner/networking_bridge_linux.go +++ b/client/allocrunner/networking_bridge_linux.go @@ -184,10 +184,11 @@ func (b *bridgeNetworkConfigurator) Teardown(ctx context.Context, alloc *structs } func (b *bridgeNetworkConfigurator) ensureCNIInitialized() error { - if b.cni.Status() == cni.ErrCNINotInitialized { + err := b.cni.Status() + if err == cni.ErrCNINotInitialized { return b.cni.Load(cni.WithConfListBytes(b.buildNomadNetConfig())) } - return nil + return err } // getPortMapping builds a list of portMapping structs that are used as the From 18de6c4e417f89a651f2e6984997d229055e9851 Mon Sep 17 00:00:00 2001 From: Nick Ethier Date: Mon, 6 Apr 2020 21:44:01 -0400 Subject: [PATCH 3/4] ar/bridge: use cni.IsCNINotInitialized helper --- client/allocrunner/networking_bridge_linux.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/client/allocrunner/networking_bridge_linux.go b/client/allocrunner/networking_bridge_linux.go index e2a6df992fc1..af07ad1d990c 100644 --- a/client/allocrunner/networking_bridge_linux.go +++ b/client/allocrunner/networking_bridge_linux.go @@ -184,11 +184,11 @@ func (b *bridgeNetworkConfigurator) Teardown(ctx context.Context, alloc *structs } func (b *bridgeNetworkConfigurator) ensureCNIInitialized() error { - err := b.cni.Status() - if err == cni.ErrCNINotInitialized { + if err := b.cni.Status(); cni.IsCNINotInitialized(err) { return b.cni.Load(cni.WithConfListBytes(b.buildNomadNetConfig())) + } else { + return err } - return err } // getPortMapping builds a list of portMapping structs that are used as the From dd7d16ad7f608f4c6517df39013c51d802c01690 Mon Sep 17 00:00:00 2001 From: Michael Schurter Date: Mon, 6 Apr 2020 20:25:09 -0700 Subject: [PATCH 4/4] docs: add #7643 to changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fbbe636d4b47..05a7418d5a2d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -44,6 +44,7 @@ BUG FIXES: * client: Fixed a bug where a multi-task allocation maybe considered healthy despite a task restarting [[GH-7383](https://github.com/hashicorp/nomad/issues/7383)] * consul: Fixed a bug where modified Consul service definitions would not be updated [[GH-6459](https://github.com/hashicorp/nomad/issues/6459)] * connect: Fixed a bug where Connect enabled allocation would not stop after promotion [[GH-7540](https://github.com/hashicorp/nomad/issues/7540)] + * connect: Fixed a bug where restarting a client would prevent Connect enabled allocations from cleaning up properly [[GH-7643](https://github.com/hashicorp/nomad/issues/7643)] * driver/docker: Fixed handling of seccomp `security_opts` option [[GH-7554](https://github.com/hashicorp/nomad/issues/7554)] * driver/docker: Fixed a bug causing docker containers to use swap memory unexpectedly [[GH-7550](https://github.com/hashicorp/nomad/issues/7550)] * scheduler: Fixed a bug where changes to task group `shutdown_delay` were not persisted or displayed in plan output [[GH-7618](https://github.com/hashicorp/nomad/issues/7618)]