From 553828e4204ebb069055a00fc411d8e9920d4028 Mon Sep 17 00:00:00 2001 From: Gao feng Date: Thu, 21 Sep 2017 13:02:54 +0800 Subject: [PATCH] nslistener: save iptable rules of container into sharedir of vm docker use these iptable rules to implement port mapping, store these rules and hyperstart will restore them. Signed-off-by: Gao feng --- cli/network.go | 24 +++++++++++++++++++++++- cli/sandbox.go | 4 ++++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/cli/network.go b/cli/network.go index 62af9128..47691d67 100644 --- a/cli/network.go +++ b/cli/network.go @@ -4,6 +4,7 @@ import ( "encoding/gob" "fmt" "io" + "io/ioutil" "os" "os/exec" "strconv" @@ -257,11 +258,14 @@ func startNsListener(options runvOptions, vm *hypervisor.Vm) (err error) { } }() + env := append(os.Environ(), fmt.Sprintf("_RUNVNETNSPID=%d", options.withContainer.Pid)) + env = append(env, fmt.Sprintf("_RUNVCONTAINERID=%s", options.withContainer.ID)) cmd := exec.Cmd{ Path: path, Args: []string{"runv", "network-nslisten"}, - Env: append(os.Environ(), fmt.Sprintf("_RUNVNETNSPID=%d", options.withContainer.Pid)), + Env: env, ExtraFiles: []*os.File{childPipe}, + Dir: shareDirPath(vm), } if err = cmd.Start(); err != nil { glog.Errorf("start network-nslisten failed: %v", err) @@ -359,6 +363,24 @@ func doListen() { return } + containerId := os.Getenv("_RUNVCONTAINERID") + if containerId == "" { + glog.Error("cannot find container id env") + return + } + + out, err := exec.Command("iptables-save").Output() + if err != nil { + glog.Errorf("fail to execute iptables-save: %v", err) + return + } + + err = ioutil.WriteFile(fmt.Sprintf("./%s-iptables", containerId), out, 0644) + if err != nil { + glog.Errorf("fail to save iptables rule for %s: %v", containerId, err) + return + } + // This is a call back function. // Use to send netlink update informations to `runv create`. //netNs2Containerd := func(netlinkUpdate NetlinkUpdate) { diff --git a/cli/sandbox.go b/cli/sandbox.go index 59e54b15..312d4ff0 100644 --- a/cli/sandbox.go +++ b/cli/sandbox.go @@ -202,6 +202,10 @@ func sandboxPath(vm *hypervisor.Vm) string { return filepath.Join(hypervisor.BaseDir, vm.Id) } +func shareDirPath(vm *hypervisor.Vm) string { + return filepath.Join(hypervisor.BaseDir, vm.Id, hypervisor.ShareDirTag) +} + func setupHyperstartFunc(context *cli.Context) { libhyperstart.NewHyperstart = func(vmid, ctlSock, streamSock string, lastStreamSeq uint64, waitReady, paused bool) (libhyperstart.Hyperstart, error) { return newHyperstart(context, vmid, ctlSock, streamSock)