Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow CRI-O to manage net, IPC and UTS namespaces using pinns #3048

Merged
merged 7 commits into from
Dec 21, 2019
Merged

Allow CRI-O to manage net, IPC and UTS namespaces using pinns #3048

merged 7 commits into from
Dec 21, 2019

Conversation

haircommander
Copy link
Member

This includes:
change the options ManageNetworkNSLifecycle to ManageNSLifecycle
add a new set of files: internal/lib/sandbox/namespaces* that takes care of namespace related functionality
create a generic NamespaceIface interface for interacting with all three kinds of namespaces
refactor some of runPodSandbox to reduce cyclomatic complexity
use pinns for managing

@openshift-ci-robot openshift-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. labels Dec 13, 2019
@openshift-ci-robot openshift-ci-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Dec 13, 2019
@haircommander haircommander mentioned this pull request Dec 13, 2019
Closed
@haircommander haircommander force-pushed the manage-ns-pinns branch 2 times, most recently from 6ef1bf2 to 937a9ee Compare December 13, 2019 19:59
@haircommander haircommander changed the title WIP Allow CRI-O to manage net, IPC and UTS namespaces using pinns Allow CRI-O to manage net, IPC and UTS namespaces using pinns Dec 13, 2019
@openshift-ci-robot openshift-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 13, 2019
@haircommander haircommander changed the title Allow CRI-O to manage net, IPC and UTS namespaces using pinns WIP Allow CRI-O to manage net, IPC and UTS namespaces using pinns Dec 13, 2019
@openshift-ci-robot openshift-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. dco-signoff: no Indicates the PR's author has not DCO signed all their commits. and removed dco-signoff: yes Indicates the PR's author has DCO signed all their commits. labels Dec 13, 2019
haircommander
haircommander commented Dec 13, 2019
View reviewed changes
internal/lib/sandbox/sandbox_test.go
@@ -242,193 +242,4 @@ var _ = t.Describe("Sandbox", func() {
Expect(err).NotTo(BeNil())
})
})

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO: update these tests

@codecov
Copy link

codecov bot commented Dec 13, 2019
edited

Codecov Report

Merging #3048 into master will decrease coverage by 0.69%.
The diff coverage is 38.24%.

@@            Coverage Diff            @@
##           master    #3048     +/-   ##
=========================================
- Coverage   46.35%   45.66%   -0.7%     
=========================================
  Files          89       90      +1     
  Lines        7346     7363     +17     
=========================================
- Hits         3405     3362     -43     
- Misses       3639     3710     +71     
+ Partials      302      291     -11

@openshift-ci-robot openshift-ci-robot added dco-signoff: yes Indicates the PR's author has DCO signed all their commits. and removed dco-signoff: no Indicates the PR's author has not DCO signed all their commits. labels Dec 14, 2019
@openshift-ci-robot openshift-ci-robot added dco-signoff: no Indicates the PR's author has not DCO signed all their commits. and removed dco-signoff: yes Indicates the PR's author has DCO signed all their commits. labels Dec 16, 2019
@haircommander
manage ns: Add unit tests
63f4d04 
Signed-off-by: Peter Hunt <pehunt@redhat.com>
saschagrunert
saschagrunert approved these changes Dec 20, 2019
View reviewed changes
Copy link
Member

@saschagrunert saschagrunert left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@openshift-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: haircommander, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

1 similar comment
@openshift-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: haircommander, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@haircommander
Copy link
Member Author

@giuseppe PTAL

@haircommander
Copy link
Member Author

/hold
missed some cases

@openshift-ci-robot openshift-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 20, 2019
@giuseppe
Copy link
Member

LGTM

@haircommander
remove container level NetNsPath()
db9236b 
Signed-off-by: Peter Hunt <pehunt@redhat.com>
@rhatdan
Copy link
Contributor

rhatdan commented Dec 20, 2019

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Dec 20, 2019
@haircommander
remove *Ns functions, as they're unneeded
8f88d53 
as well as refactor *NsJoin

Signed-off-by: Peter Hunt <pehunt@redhat.com>
@haircommander
Use sandbox managed namespaces in container create call
69cf730 
instead of using the infra pid unconditionally

Signed-off-by: Peter Hunt <pehunt@redhat.com>
@openshift-ci-robot openshift-ci-robot removed the lgtm Indicates that a PR is ready to be merged. label Dec 20, 2019
@haircommander
Copy link
Member Author

Added a couple more changes, as well as a TODO note that can be addressed here or in another PR.
/hold cancel

@openshift-ci-robot openshift-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 20, 2019
@haircommander
Copy link
Member Author

/retest

@saschagrunert
Copy link
Member

Hm, still
/lgtm
:)

@openshift-ci-robot openshift-ci-robot added lgtm Indicates that a PR is ready to be merged. labels Dec 20, 2019
@haircommander
Copy link
Member Author

/retest

@openshift-merge-robot openshift-merge-robot merged commit d7b886c into cri-o:master Dec 21, 2019
saschagrunert
saschagrunert reviewed Jan 8, 2020
View reviewed changes
internal/lib/container_server.go
Comment on lines +352 to +357
// If we can't load the IPC namespace
// because it's closed, we just set the sb ipcns
// pointer to nil. Otherwise we return an error.
if nsErr != nil && nsErr != sandbox.ErrClosedNS {
return nsErr
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@haircommander is there any use-case behind the check for closed namespaces? I'm not sure if we really need this. If the namespace is closed I assume that something went wrong and mark the sandbox as not-ready that it gets properly re-created.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hm good question. to be honest I just copied this from the old net ns managing code. There are fewer calls to close now though.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This might be the root cause that we tear down the local loopback interface when the namespace is not correctly set-up (referring to openshift/containernetworking-plugins#15 and https://bugzilla.redhat.com/show_bug.cgi?id=1754154#c11).

Ref: #3086

@sysrich sysrich mentioned this pull request Jan 10, 2020
Merged
@openshift-ci-robot openshift-ci-robot mentioned this pull request Apr 2, 2020
Closed
@PaulFurtado PaulFurtado mentioned this pull request Mar 30, 2021
Closed
@mikebrow mikebrow mentioned this pull request Jun 21, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saschagrunert saschagrunert saschagrunert approved these changes

@mrunalp mrunalp Awaiting requested review from mrunalp

@runcom runcom Awaiting requested review from runcom

@vrothberg vrothberg Awaiting requested review from vrothberg

@nalind nalind Awaiting requested review from nalind

Assignees

@saschagrunert saschagrunert

@rhatdan rhatdan

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. lgtm Indicates that a PR is ready to be merged. release-1.17 size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@haircommander @saschagrunert @openshift-ci-robot @giuseppe @rhatdan @openshift-merge-robot