Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

client: support no_pivot_root in exec driver configuration #7149

Merged
merged 1 commit into from Feb 19, 2020
Merged

client: support no_pivot_root in exec driver configuration #7149

merged 1 commit into from Feb 19, 2020
+163 −78

Conversation

th0m
Copy link
Contributor

@th0m th0m commented Feb 13, 2020
edited

Adds a new no_pivot_root plugin option to the exec plugin.
It defaults to false, changing it to true will pass the NoPivotRoot configuration option to libcontainer which will fall back to using the msMoveRoot function for isolation.
This is useful for systems where the root is on a ramdisk.

Fixes #7136

@hashicorp-cla
Copy link

hashicorp-cla commented Feb 13, 2020
edited

CLA assistant check
All committers have signed the CLA.

@th0m th0m force-pushed the tlefebvre/no-pivot-root branch 4 times, most recently from d9a3df2 to 0d8ea8e Compare February 13, 2020 23:53
notnoop
notnoop reviewed Feb 13, 2020
View reviewed changes
Copy link
Contributor

@notnoop notnoop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you so much for your contribution. I love that the flag is a plugin flag rather than a task flag: this means that it can be controlled by nomad system administrator rather than have it be a developer concern. Also, good catch in updating executor proto and related client/server files.

I have a couple of suggestions inlined; I would love to add an integration test as well. Given current structure, it might be difficult to assert that executor does actually honor NoPivotRoot, but it's ok - a simple fully integration test is ok imo.

drivers/exec/driver.go Outdated
@@ -88,6 +93,9 @@ type Driver struct {
// event can be broadcast to all callers
eventer *eventer.Eventer

// config is the driver configuration set by the SetConfig RPC
config *Config
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

d.config might be nil in tests - hence one test failure. You may consider avoid using the pointer here.

Suggested change
config *Config
config Config

drivers/shared/executor/proto/executor.proto Outdated
repeated hashicorp.nomad.plugins.drivers.proto.Mount mounts = 11;
repeated hashicorp.nomad.plugins.drivers.proto.Device devices = 12;
hashicorp.nomad.plugins.drivers.proto.NetworkIsolationSpec network_isolation = 13;
bool no_pivot_root = 11;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would insert append this to the end as item 14. For backward compatibility, field numbers don't change once they are assigned.

@th0m
Copy link
Contributor Author

th0m commented Feb 14, 2020

Thanks for the review @notnoop. I'll add the integration test and address your comments.
This PR relates to issue #7136

@th0m th0m force-pushed the tlefebvre/no-pivot-root branch 2 times, most recently from e645242 to 56466e7 Compare February 14, 2020 22:14
@th0m
Copy link
Contributor Author

th0m commented Feb 14, 2020
edited

I added a test and addressed your comments @notnoop, let me know if that looks good and thanks again for the feedback!
I still have a failed build for lint-go which I think was due to the fact I am using protobuf 3.11.3, I downgraded to 3.6.1 which is what CI seems to be using and the make proto output lined up with what was in CI.

@th0m th0m marked this pull request as ready for review February 14, 2020 22:15
@th0m th0m requested a review from a team as a code owner February 14, 2020 22:15
@th0m
Copy link
Contributor Author

th0m commented Feb 14, 2020

All checks are green, looks like the protobuf downgrade before generating proto files fixed my lint-go build problem.

notnoop
notnoop approved these changes Feb 16, 2020
View reviewed changes
Copy link
Contributor

@notnoop notnoop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perfect, thank you so much. I made a minor doc suggestion but it's up to you - will merge on Monday.

website/pages/docs/drivers/exec.mdx Outdated Show resolved Hide resolved
jescalan
jescalan reviewed Feb 18, 2020
View reviewed changes
Copy link
Contributor

@jescalan jescalan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Documentation changes look good

@notnoop notnoop merged commit d799dfd into hashicorp:master Feb 19, 2020
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 17, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@notnoop notnoop notnoop approved these changes

@jescalan jescalan jescalan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Nomad exec driver does not support rootfs root partition
4 participants
@th0m @hashicorp-cla @notnoop @jescalan