From 6bb126ca0ce763ac3e7cc72737d2d23285f2b75a Mon Sep 17 00:00:00 2001 From: Tamilmani Manoharan Date: Fri, 3 Jan 2020 12:52:56 -0800 Subject: [PATCH 1/3] added config option for disabling iptable lock --- cni/netconfig.go | 1 + cni/network/network.go | 6 ++++++ iptables/iptables.go | 13 ++++++++++++- 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/cni/netconfig.go b/cni/netconfig.go index faa6801fbb..023c134e25 100644 --- a/cni/netconfig.go +++ b/cni/netconfig.go @@ -55,6 +55,7 @@ type NetworkConfig struct { MultiTenancy bool `json:"multiTenancy,omitempty"` EnableSnatOnHost bool `json:"enableSnatOnHost,omitempty"` EnableExactMatchForPodName bool `json:"enableExactMatchForPodName,omitempty"` + DisableIPTableLock bool `json:"disableIPTableLock,omitempty"` CNSUrl string `json:"cnsurl,omitempty"` Ipam struct { Type string `json:"type"` diff --git a/cni/network/network.go b/cni/network/network.go index da6e72a3a4..395e04c8d2 100644 --- a/cni/network/network.go +++ b/cni/network/network.go @@ -17,6 +17,7 @@ import ( "github.com/Azure/azure-container-networking/cns" "github.com/Azure/azure-container-networking/cns/cnsclient" "github.com/Azure/azure-container-networking/common" + "github.com/Azure/azure-container-networking/iptables" "github.com/Azure/azure-container-networking/log" "github.com/Azure/azure-container-networking/network" "github.com/Azure/azure-container-networking/platform" @@ -239,6 +240,7 @@ func (plugin *netPlugin) Add(args *cniSkel.CmdArgs) error { } } + iptables.DisableIPTableLock = nwCfg.DisableIPTableLock plugin.setCNIReportDetails(nwCfg, CNI_ADD, "") defer func() { @@ -587,6 +589,8 @@ func (plugin *netPlugin) Get(args *cniSkel.CmdArgs) error { log.Printf("[cni-net] Read network configuration %+v.", nwCfg) + iptables.DisableIPTableLock = nwCfg.DisableIPTableLock + // Parse Pod arguments. if k8sPodName, k8sNamespace, err = plugin.getPodInfo(args.Args); err != nil { return err @@ -665,6 +669,7 @@ func (plugin *netPlugin) Delete(args *cniSkel.CmdArgs) error { log.Printf("[cni-net] Read network configuration %+v.", nwCfg) + iptables.DisableIPTableLock = nwCfg.DisableIPTableLock plugin.setCNIReportDetails(nwCfg, CNI_DEL, "") // Parse Pod arguments. @@ -758,6 +763,7 @@ func (plugin *netPlugin) Update(args *cniSkel.CmdArgs) error { log.Printf("[cni-net] Read network configuration %+v.", nwCfg) + iptables.DisableIPTableLock = nwCfg.DisableIPTableLock plugin.setCNIReportDetails(nwCfg, CNI_UPDATE, "") defer func() { diff --git a/iptables/iptables.go b/iptables/iptables.go index b1988e50f3..a3d8d73373 100644 --- a/iptables/iptables.go +++ b/iptables/iptables.go @@ -55,9 +55,20 @@ const ( lockTimeout = 60 ) +var ( + DisableIPTableLock bool +) + // Run iptables command func runCmd(params string) error { - cmd := fmt.Sprintf("%s -w %d %s", iptables, lockTimeout, params) + var cmd string + + if DisableIPTableLock { + cmd = fmt.Sprintf("%s %s", iptables, params) + } else { + cmd = fmt.Sprintf("%s -w %d %s", iptables, lockTimeout, params) + } + if _, err := platform.ExecuteCommand(cmd); err != nil { return err } From feb3950d9da0dffd2bf3ef4125a7826f055d691d Mon Sep 17 00:00:00 2001 From: Tamilmani Manoharan Date: Fri, 3 Jan 2020 13:04:14 -0800 Subject: [PATCH 2/3] added log for iptable and ebtable version --- cni/network/network.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cni/network/network.go b/cni/network/network.go index 395e04c8d2..e87882919e 100644 --- a/cni/network/network.go +++ b/cni/network/network.go @@ -107,6 +107,10 @@ func (plugin *netPlugin) Start(config *common.PluginConfig) error { // Log platform information. log.Printf("[cni-net] Plugin %v version %v.", plugin.Name, plugin.Version) log.Printf("[cni-net] Running on %v", platform.GetOSInfo()) + out, err := platform.ExecuteCommand("iptables --version") + log.Printf("[cni-net] iptable version:%s, err:%v", out, err) + out, err = platform.ExecuteCommand("ebtables --version") + log.Printf("[cni-net] ebtable version %s, err:%v", out, err) common.LogNetworkInterfaces() // Initialize network manager. From 630531c629f36762d30bcb4420a969b3db89267d Mon Sep 17 00:00:00 2001 From: Tamilmani Manoharan Date: Fri, 3 Jan 2020 13:11:42 -0800 Subject: [PATCH 3/3] moved logging dependency package details to platform specific file --- cni/network/network.go | 5 +---- platform/os_linux.go | 9 +++++++++ platform/os_windows.go | 3 +++ 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/cni/network/network.go b/cni/network/network.go index e87882919e..8510c27d11 100644 --- a/cni/network/network.go +++ b/cni/network/network.go @@ -107,10 +107,7 @@ func (plugin *netPlugin) Start(config *common.PluginConfig) error { // Log platform information. log.Printf("[cni-net] Plugin %v version %v.", plugin.Name, plugin.Version) log.Printf("[cni-net] Running on %v", platform.GetOSInfo()) - out, err := platform.ExecuteCommand("iptables --version") - log.Printf("[cni-net] iptable version:%s, err:%v", out, err) - out, err = platform.ExecuteCommand("ebtables --version") - log.Printf("[cni-net] ebtable version %s, err:%v", out, err) + platform.PrintDependencyPackageDetails() common.LogNetworkInterfaces() // Initialize network manager. diff --git a/platform/os_linux.go b/platform/os_linux.go index 1a00609ddb..64d0837e92 100644 --- a/platform/os_linux.go +++ b/platform/os_linux.go @@ -149,3 +149,12 @@ func GetProcessNameByID(pidstr string) (string, error) { return out, nil } + +func PrintDependencyPackageDetails() { + out, err := ExecuteCommand("iptables --version") + out = strings.TrimSuffix(out, "\n") + log.Printf("[cni-net] iptable version:%s, err:%v", out, err) + out, err = ExecuteCommand("ebtables --version") + out = strings.TrimSuffix(out, "\n") + log.Printf("[cni-net] ebtable version %s, err:%v", out, err) +} diff --git a/platform/os_windows.go b/platform/os_windows.go index 0900e74462..d124a21d5e 100644 --- a/platform/os_windows.go +++ b/platform/os_windows.go @@ -226,3 +226,6 @@ func GetProcessNameByID(pidstr string) (string, error) { return "", fmt.Errorf("Process not found") } + +func PrintDependencyPackageDetails() { +}