diff --git a/cni/netconfig.go b/cni/netconfig.go index faa6801fbb..023c134e25 100644 --- a/cni/netconfig.go +++ b/cni/netconfig.go @@ -55,6 +55,7 @@ type NetworkConfig struct { MultiTenancy bool `json:"multiTenancy,omitempty"` EnableSnatOnHost bool `json:"enableSnatOnHost,omitempty"` EnableExactMatchForPodName bool `json:"enableExactMatchForPodName,omitempty"` + DisableIPTableLock bool `json:"disableIPTableLock,omitempty"` CNSUrl string `json:"cnsurl,omitempty"` Ipam struct { Type string `json:"type"` diff --git a/cni/network/network.go b/cni/network/network.go index da6e72a3a4..8510c27d11 100644 --- a/cni/network/network.go +++ b/cni/network/network.go @@ -17,6 +17,7 @@ import ( "github.com/Azure/azure-container-networking/cns" "github.com/Azure/azure-container-networking/cns/cnsclient" "github.com/Azure/azure-container-networking/common" + "github.com/Azure/azure-container-networking/iptables" "github.com/Azure/azure-container-networking/log" "github.com/Azure/azure-container-networking/network" "github.com/Azure/azure-container-networking/platform" @@ -106,6 +107,7 @@ func (plugin *netPlugin) Start(config *common.PluginConfig) error { // Log platform information. log.Printf("[cni-net] Plugin %v version %v.", plugin.Name, plugin.Version) log.Printf("[cni-net] Running on %v", platform.GetOSInfo()) + platform.PrintDependencyPackageDetails() common.LogNetworkInterfaces() // Initialize network manager. @@ -239,6 +241,7 @@ func (plugin *netPlugin) Add(args *cniSkel.CmdArgs) error { } } + iptables.DisableIPTableLock = nwCfg.DisableIPTableLock plugin.setCNIReportDetails(nwCfg, CNI_ADD, "") defer func() { @@ -587,6 +590,8 @@ func (plugin *netPlugin) Get(args *cniSkel.CmdArgs) error { log.Printf("[cni-net] Read network configuration %+v.", nwCfg) + iptables.DisableIPTableLock = nwCfg.DisableIPTableLock + // Parse Pod arguments. if k8sPodName, k8sNamespace, err = plugin.getPodInfo(args.Args); err != nil { return err @@ -665,6 +670,7 @@ func (plugin *netPlugin) Delete(args *cniSkel.CmdArgs) error { log.Printf("[cni-net] Read network configuration %+v.", nwCfg) + iptables.DisableIPTableLock = nwCfg.DisableIPTableLock plugin.setCNIReportDetails(nwCfg, CNI_DEL, "") // Parse Pod arguments. @@ -758,6 +764,7 @@ func (plugin *netPlugin) Update(args *cniSkel.CmdArgs) error { log.Printf("[cni-net] Read network configuration %+v.", nwCfg) + iptables.DisableIPTableLock = nwCfg.DisableIPTableLock plugin.setCNIReportDetails(nwCfg, CNI_UPDATE, "") defer func() { diff --git a/iptables/iptables.go b/iptables/iptables.go index b1988e50f3..a3d8d73373 100644 --- a/iptables/iptables.go +++ b/iptables/iptables.go @@ -55,9 +55,20 @@ const ( lockTimeout = 60 ) +var ( + DisableIPTableLock bool +) + // Run iptables command func runCmd(params string) error { - cmd := fmt.Sprintf("%s -w %d %s", iptables, lockTimeout, params) + var cmd string + + if DisableIPTableLock { + cmd = fmt.Sprintf("%s %s", iptables, params) + } else { + cmd = fmt.Sprintf("%s -w %d %s", iptables, lockTimeout, params) + } + if _, err := platform.ExecuteCommand(cmd); err != nil { return err } diff --git a/platform/os_linux.go b/platform/os_linux.go index 1a00609ddb..64d0837e92 100644 --- a/platform/os_linux.go +++ b/platform/os_linux.go @@ -149,3 +149,12 @@ func GetProcessNameByID(pidstr string) (string, error) { return out, nil } + +func PrintDependencyPackageDetails() { + out, err := ExecuteCommand("iptables --version") + out = strings.TrimSuffix(out, "\n") + log.Printf("[cni-net] iptable version:%s, err:%v", out, err) + out, err = ExecuteCommand("ebtables --version") + out = strings.TrimSuffix(out, "\n") + log.Printf("[cni-net] ebtable version %s, err:%v", out, err) +} diff --git a/platform/os_windows.go b/platform/os_windows.go index 0900e74462..d124a21d5e 100644 --- a/platform/os_windows.go +++ b/platform/os_windows.go @@ -226,3 +226,6 @@ func GetProcessNameByID(pidstr string) (string, error) { return "", fmt.Errorf("Process not found") } + +func PrintDependencyPackageDetails() { +}