Move remaining pod-namespace operations out of the main process

Author: danwinship

pkg/network/node/cniserver/cniserver.go

@@ -52,6 +52,10 @@ const CNIServerRunDir string = "/var/run/openshift-sdn"
 const CNIServerSocketName string = "cni-server.sock"
 const CNIServerSocketPath string = CNIServerRunDir + "/" + CNIServerSocketName
 
+// Config file containing MTU, and default full path
+const CNIMTUFileName string = "mtu"
+const CNIMTUFilePath string = CNIServerRunDir + "/" + CNIMTUFileName
+
 // Explicit type for CNI commands the server handles
 type CNICommand string
 
@@ -80,6 +84,8 @@ type PodRequest struct {
 	SandboxID string
 	// kernel network namespace path
 	Netns string
+	// for an ADD request, the host side of the created veth
+	HostVeth string
 	// Channel for returning the operation result to the CNIServer
 	Result chan *PodResult
 }
@@ -207,6 +213,11 @@ func cniRequestToPodRequest(r *http.Request) (*PodRequest, error) {
 		return nil, fmt.Errorf("missing CNI_NETNS")
 	}
 
+	req.HostVeth, ok = cr.Env["OSDN_HOSTVETH"]
+	if !ok && req.Command == CNI_ADD {
+		return nil, fmt.Errorf("missing OSDN_HOSTVETH")
+	}
+
 	cniArgs, err := gatherCNIArgs(cr.Env)
 	if err != nil {
 		return nil, err

pkg/network/node/pod.go

@@ -5,7 +5,9 @@ package node
 import (
 	"encoding/json"
 	"fmt"
+	"io/ioutil"
 	"net"
+	"os"
 	"path/filepath"
 	"strconv"
 	"sync"
@@ -36,9 +38,6 @@ import (
 	"github.com/containernetworking/cni/pkg/invoke"
 	cnitypes "github.com/containernetworking/cni/pkg/types"
 	cni020 "github.com/containernetworking/cni/pkg/types/020"
-	cnicurrent "github.com/containernetworking/cni/pkg/types/current"
-	"github.com/containernetworking/plugins/pkg/ip"
-	"github.com/containernetworking/plugins/pkg/ipam"
 	"github.com/containernetworking/plugins/pkg/ns"
 
 	"github.com/vishvananda/netlink"
@@ -179,6 +178,11 @@ func (m *podManager) Start(rundir string, localSubnetCIDR string, clusterNetwork
 		return err
 	}
 
+	err = ioutil.WriteFile(filepath.Join(rundir, cniserver.CNIMTUFileName), []byte(fmt.Sprintf("%d", m.mtu)), os.FileMode(0444))
+	if err != nil {
+		return fmt.Errorf("could not write MTU file: %v", err)
+	}
+
 	go m.processCNIRequests()
 
 	m.cniServer = cniserver.NewCNIServer(rundir)
@@ -385,6 +389,8 @@ func maybeAddMacvlan(pod *kapi.Pod, netns string) error {
 		}
 	}
 
+	// Note that this use of ns is safe because it doesn't call Do() or WithNetNSPath()
+
 	podNs, err := ns.GetNS(netns)
 	if err != nil {
 		return fmt.Errorf("could not open netns %q", netns)
@@ -403,17 +409,7 @@ func maybeAddMacvlan(pod *kapi.Pod, netns string) error {
 	if err != nil {
 		return fmt.Errorf("failed to create macvlan interface: %v", err)
 	}
-	return podNs.Do(func(netns ns.NetNS) error {
-		l, err := netlink.LinkByName("macvlan0")
-		if err != nil {
-			return fmt.Errorf("failed to find macvlan interface: %v", err)
-		}
-		err = netlink.LinkSetUp(l)
-		if err != nil {
-			return fmt.Errorf("failed to set macvlan interface up: %v", err)
-		}
-		return nil
-	})
+	return nil
 }
 
 func createIPAMArgs(netnsPath string, action cniserver.CNICommand, id string) *invoke.Args {
@@ -540,61 +536,6 @@ func (m *podManager) setup(req *cniserver.PodRequest) (cnitypes.Result, *running
 		}
 	}
 
-	var hostVethName string
-	err = ns.WithNetNSPath(req.Netns, func(hostNS ns.NetNS) error {
-		hostVeth, contVeth, err := ip.SetupVeth(podInterfaceName, int(m.mtu), hostNS)
-		if err != nil {
-			return fmt.Errorf("failed to create container veth: %v", err)
-		}
-		// Force a consistent MAC address based on the IP address
-		if err := ip.SetHWAddrByIP(podInterfaceName, podIP, nil); err != nil {
-			return fmt.Errorf("failed to set pod interface MAC address: %v", err)
-		}
-		// refetch to get hardware address and other properties
-		tmp, err := net.InterfaceByIndex(contVeth.Index)
-		if err != nil {
-			return fmt.Errorf("failed to fetch container veth: %v", err)
-		}
-		contVeth = *tmp
-
-		// Clear out gateway to prevent ConfigureIface from adding the cluster
-		// subnet via the gateway
-		ipamResult.IP4.Gateway = nil
-		result030, err := cnicurrent.NewResultFromResult(ipamResult)
-		if err != nil {
-			return fmt.Errorf("failed to convert IPAM: %v", err)
-		}
-		// Add a sandbox interface record which ConfigureInterface expects.
-		// The only interface we report is the pod interface.
-		result030.Interfaces = []*cnicurrent.Interface{
-			{
-				Name:    podInterfaceName,
-				Mac:     contVeth.HardwareAddr.String(),
-				Sandbox: req.Netns,
-			},
-		}
-		intPtr := 0
-		result030.IPs[0].Interface = &intPtr
-
-		if err = ipam.ConfigureIface(podInterfaceName, result030); err != nil {
-			return fmt.Errorf("failed to configure container IPAM: %v", err)
-		}
-
-		lo, err := netlink.LinkByName("lo")
-		if err == nil {
-			err = netlink.LinkSetUp(lo)
-		}
-		if err != nil {
-			return fmt.Errorf("failed to configure container loopback: %v", err)
-		}
-
-		hostVethName = hostVeth.Name
-		return nil
-	})
-	if err != nil {
-		return nil, nil, err
-	}
-
 	vnid, err := m.policy.GetVNID(req.PodNamespace)
 	if err != nil {
 		return nil, nil, err
@@ -604,11 +545,11 @@ func (m *podManager) setup(req *cniserver.PodRequest) (cnitypes.Result, *running
 		return nil, nil, err
 	}
 
-	ofport, err := m.ovs.SetUpPod(req.SandboxID, hostVethName, podIP, vnid)
+	ofport, err := m.ovs.SetUpPod(req.SandboxID, req.HostVeth, podIP, vnid)
 	if err != nil {
 		return nil, nil, err
 	}
-	if err := setupPodBandwidth(m.ovs, pod, hostVethName, req.SandboxID); err != nil {
+	if err := setupPodBandwidth(m.ovs, pod, req.HostVeth, req.SandboxID); err != nil {
 		return nil, nil, err
 	}
 

pkg/network/sdn-cni-plugin/openshift-sdn.go

@@ -11,6 +11,7 @@ import (
 	"net"
 	"net/http"
 	"os"
+	"strconv"
 	"strings"
 	"time"
 
@@ -19,15 +20,22 @@ import (
 	"github.com/containernetworking/cni/pkg/skel"
 	"github.com/containernetworking/cni/pkg/types"
 	"github.com/containernetworking/cni/pkg/types/020"
+	"github.com/containernetworking/cni/pkg/types/current"
 	"github.com/containernetworking/cni/pkg/version"
+	"github.com/containernetworking/plugins/pkg/ip"
+	"github.com/containernetworking/plugins/pkg/ipam"
+	"github.com/containernetworking/plugins/pkg/ns"
+
+	"github.com/vishvananda/netlink"
 )
 
 type cniPlugin struct {
 	socketPath string
+	hostNS     ns.NetNS
 }
 
-func NewCNIPlugin(socketPath string) *cniPlugin {
-	return &cniPlugin{socketPath: socketPath}
+func NewCNIPlugin(socketPath string, hostNS ns.NetNS) *cniPlugin {
+	return &cniPlugin{socketPath: socketPath, hostNS: hostNS}
 }
 
 // Create and fill a CNIRequest with this plugin's environment and stdin which
@@ -63,7 +71,11 @@ func (p *cniPlugin) doCNI(url string, req *cniserver.CNIRequest) ([]byte, error)
 		},
 	}
 
-	resp, err := client.Post(url, "application/json", bytes.NewReader(data))
+	var resp *http.Response
+	err = p.hostNS.Do(func(ns.NetNS) error {
+		resp, err = client.Post(url, "application/json", bytes.NewReader(data))
+		return err
+	})
 	if err != nil {
 		return nil, fmt.Errorf("failed to send CNI request: %v", err)
 	}
@@ -81,10 +93,27 @@ func (p *cniPlugin) doCNI(url string, req *cniserver.CNIRequest) ([]byte, error)
 	return body, nil
 }
 
+func readMTU() (int, error) {
+	bytes, err := ioutil.ReadFile(cniserver.CNIMTUFilePath)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return -1, fmt.Errorf("OpenShift SDN network process is not (yet?) available")
+		} else {
+			return -1, fmt.Errorf("could not read MTU file: %v", err)
+		}
+	}
+	mtu, err := strconv.ParseUint(string(bytes), 10, 0)
+	if err != nil {
+		return -1, fmt.Errorf("could not parse MTU value %q", string(bytes))
+	}
+	return int(mtu), nil
+}
+
 // Send the ADD command environment and config to the CNI server, returning
 // the IPAM result to the caller
-func (p *cniPlugin) CmdAdd(args *skel.CmdArgs) (types.Result, error) {
-	body, err := p.doCNI("http://dummy/", newCNIRequest(args))
+func (p *cniPlugin) doCNIServerAdd(req *cniserver.CNIRequest, hostVeth string) (types.Result, error) {
+	req.Env["OSDN_HOSTVETH"] = hostVeth
+	body, err := p.doCNI("http://dummy/", req)
 	if err != nil {
 		return nil, err
 	}
@@ -99,24 +128,111 @@ func (p *cniPlugin) CmdAdd(args *skel.CmdArgs) (types.Result, error) {
 	return result, nil
 }
 
-// Send the ADD command environment and config to the CNI server, printing
-// the IPAM result to stdout when called as a CNI plugin
-func (p *cniPlugin) skelCmdAdd(args *skel.CmdArgs) error {
-	result, err := p.CmdAdd(args)
+func (p *cniPlugin) testCmdAdd(args *skel.CmdArgs) (types.Result, error) {
+	return p.doCNIServerAdd(newCNIRequest(args), "dummy0")
+}
+
+func (p *cniPlugin) CmdAdd(args *skel.CmdArgs) error {
+	req := newCNIRequest(args)
+	ifname := req.Env["CNI_IFNAME"]
+	netns := req.Env["CNI_NETNS"]
+	if ifname == "" || netns == "" {
+		return fmt.Errorf("CNI request did not include required environment variables")
+	}
+
+	mtu, err := readMTU()
+	if err != nil {
+		return err
+	}
+
+	var hostVeth, contVeth net.Interface
+	err = ns.WithNetNSPath(netns, func(hostNS ns.NetNS) error {
+		hostVeth, contVeth, err = ip.SetupVeth(ifname, mtu, hostNS)
+		if err != nil {
+			return fmt.Errorf("failed to create container veth: %v", err)
+		}
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+	result, err := p.doCNIServerAdd(req, hostVeth.Name)
+	if err != nil {
+		return err
+	}
+
+	result030, err := current.NewResultFromResult(result)
+	if err != nil {
+		return fmt.Errorf("failed to convert IPAM result: %v", err)
+	}
+
+	if len(result030.IPs) != 1 || result030.IPs[0].Version != "4" {
+		return fmt.Errorf("unexpected IPAM result from CNIServer")
+	}
+
+	// Clear out gateway to prevent ConfigureIface from adding the cluster
+	// subnet via the gateway
+	result030.IPs[0].Gateway = nil
+	// Add a sandbox interface record which ConfigureInterface expects.
+	// The only interface we report is the pod interface.
+	result030.Interfaces = []*current.Interface{
+		{
+			Name:    ifname,
+			Mac:     contVeth.HardwareAddr.String(),
+			Sandbox: netns,
+		},
+	}
+	index := 0
+	result030.IPs[0].Interface = &index
+
+	err = ns.WithNetNSPath(netns, func(ns.NetNS) error {
+		// Set up eth0
+		if err := ip.SetHWAddrByIP(ifname, result030.IPs[0].Address.IP, nil); err != nil {
+			return fmt.Errorf("failed to set pod interface MAC address: %v", err)
+		}
+		if err := ipam.ConfigureIface(ifname, result030); err != nil {
+			return fmt.Errorf("failed to configure container IPAM: %v", err)
+		}
+
+		// Set up lo
+		link, err := netlink.LinkByName("lo")
+		if err == nil {
+			err = netlink.LinkSetUp(link)
+		}
+		if err != nil {
+			return fmt.Errorf("failed to configure container loopback: %v", err)
+		}
+
+		// Set up macvlan0 (if it exists)
+		link, err = netlink.LinkByName("macvlan0")
+		if err == nil {
+			err = netlink.LinkSetUp(link)
+			if err != nil {
+				return fmt.Errorf("failed to configure macvlan device: %v", err)
+			}
+		}
+
+		return nil
+	})
 	if err != nil {
 		return err
 	}
+
 	return result.Print()
 }
 
-// Send the DEL command environment and config to the CNI server
 func (p *cniPlugin) CmdDel(args *skel.CmdArgs) error {
 	_, err := p.doCNI("http://dummy/", newCNIRequest(args))
 	return err
 }
 
 func main() {
 	rand.Seed(time.Now().UTC().UnixNano())
-	p := NewCNIPlugin(cniserver.CNIServerSocketPath)
-	skel.PluginMain(p.skelCmdAdd, p.CmdDel, version.Legacy)
+	hostNS, err := ns.GetCurrentNS()
+	if err != nil {
+		panic(fmt.Sprintf("could not get current kernel netns: %v", err))
+	}
+	defer hostNS.Close()
+	p := NewCNIPlugin(cniserver.CNIServerSocketPath, hostNS)
+	skel.PluginMain(p.CmdAdd, p.CmdDel, version.Legacy)
 }