This repository has been archived by the owner on Mar 28, 2018. It is now read-only.
Networking: Adding Base Networking Support for CC using iproute2 #44
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: James Hunt <james.o.hunt@intel.com>
Signed-off-by: James Hunt <james.o.hunt@intel.com>
Signed-off-by: James Hunt <james.o.hunt@intel.com>
Signed-off-by: James Hunt <james.o.hunt@intel.com>
Support for a single network docker container
docker net=none and docker net=bridge
This commit includes support for
- Discovering the docker CNM created network interface
- its IPv4, IPv6 and MAC address
- Sending IP Configuration Parameters into the guest kernel
- Sending in the hostname to the guest kernel
- Creation of a single tap interface that can be used to
connect the VM to a single container network
- Configuration of the MAC address via QEMU
- Quick and dirty implementation that creates and integration
bridge and connects it to the container interface (veth)
and the tap interface (tap)
- Reprogramming of the veth MAC to one that does not conflict
with the MAC that is now assigned to the tap within the VM
Limitations:
IPv4+IPv6 containers are not supported due the kernel command
line limitations.
This implementation uses shell invocation vs netlink commands.
A future refined implementation will use netlink based interface
to configure networking.
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Ensure that argv[0] is set to to the name of the hook. This enables docker reexec code to handle the hook properly. Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Enable support for --net=none In this case no external networking is enabled. Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Free the network configuration parameters Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
| */ | ||
|
|
||
| if ( config->net.ip_address != NULL ) { | ||
| return ( g_strdup_printf("ip=%s:::%s:%s:%s:off::", |
There was a problem hiding this comment.
The plan to get a deafult gateway is use the namespace interface as well ? I've created an issue about this #55
* With the new code for networking libnetlink header is needed to build cc-oci-runtime, which is include in iproute2 package.
DOCS: Add iproute-dev dependency to build cc-oci-runtime
Signed-off-by: James Hunt <james.o.hunt@intel.com>
cc_oci_replace_string() was being called twice for @netdev@, @NETDEV_PARAMS@, @NetDevice@ and @NETDEVICE_PARAMS@. Signed-off-by: James Hunt <james.o.hunt@intel.com>
| static gboolean | ||
| cc_oci_tap_create(const gchar *tap) { | ||
| struct ifreq ifr; | ||
| int fd; |
There was a problem hiding this comment.
This needs a check like the following:
if (! tap) {
return false;
}
Add additional validation and documentation for internal functions. Fix some formatting issues Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Discover the first valid IPv4 enabled interface within the container namespace, connect it to the integration bridge and pass the IP address, subnet and the default gateway associated with this interface into the container using kernel command line parameters. If the container has multiple IPv4 enabled interfaces only the first interface will be discovered and added to the container. Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Networking - Default Gateway Support
mcastelino
changed the title
Latest ubuntu and hence travis does not support libnetlink. Remove the libnetlink depenency for now Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
Networking: Remove netlink dependency
|
LGTM. Tested and lookups and external connectivity now work for me. +1. |
|
Looks good to me as well. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Networking: Basic Networking Support
Support for a single network docker container. Support the default docker networks none and bridge.
This commit includes support for
bridge and connects it to the container interface (veth)
and the tap interface (tap)
Limitations:
Future Work:
This implementation uses shell invocation vs netlink commands.
A future refined implementation will use netlink based interface to configure networking.
Future implementation will use a cloud-init based configuration that allows for IPv4 and IPv6 support
Overall Flow
a. Create state file (include the PID)
b. Run hooks (sending PID to docker)
- Docker CNM now populate the namespace with networking
c. Create the network
d. Build the netcfg (key=value) concatenated network string
d. Send the netcfg to the child
e. From the child process, receive the netcfg blob, parse it and add it to the process arguments
f. From the child process, execve(qemu).
are needed to specify the tap interface(s) to be used by QEMU and to wait for the
values of the kernel networking
parameters
Note: In theory we can send the pid of the parent itself, but by doing so we may cause docker to record the pid somewhere, and this may cause issues elsewhere.