automatic import of iSuladopeneuler24.03_LTS

author: CoprDistGit <infra@openeuler.org> 2024-09-03 03:24:28 +0000
committer: CoprDistGit <infra@openeuler.org> 2024-09-03 03:24:28 +0000
commit: e45819fcb4a96649a4030db7684f140d5ca46735 (patch)
tree: 544dac3e30a0448eabdc50add41aa3a18982d9f1 /0105-start-sandbox-before-setup-network-by-default.patch
parent: 1a71e3afebb4b43be63949dcc8e882fe7643f13b (diff)
1 files changed, 140 insertions, 0 deletions
diff --git a/0105-start-sandbox-before-setup-network-by-default.patch b/0105-start-sandbox-before-setup-network-by-default.patch
new file mode 100644
index 0000000..df5c44f
--- /dev/null
+++ b/0105-start-sandbox-before-setup-network-by-default.patch
@@ -0,0 +1,140 @@
+From e6b3528acff10fb2bc62e2da0c3754f1e36cbd54 Mon Sep 17 00:00:00 2001
+From: zhongtao <zhongtao17@huawei.com>
+Date: Wed, 5 Jun 2024 10:04:59 +0800
+Subject: [PATCH 105/108] start sandbox before setup network by default
+
+Signed-off-by: zhongtao <zhongtao17@huawei.com>
+---
+ src/daemon/common/cri/cri_helpers.cc          | 12 +++++++
+ src/daemon/common/cri/cri_helpers.h           |  3 ++
+ .../cri_pod_sandbox_manager_service.cc        | 34 +++++++++++++------
+ src/daemon/modules/spec/specs.c               |  2 +-
+ src/utils/cutils/utils_file.c                 |  2 +-
+ 5 files changed, 41 insertions(+), 12 deletions(-)
+
+diff --git a/src/daemon/common/cri/cri_helpers.cc b/src/daemon/common/cri/cri_helpers.cc
+index 68d569cc..8117403c 100644
+--- a/src/daemon/common/cri/cri_helpers.cc
++++ b/src/daemon/common/cri/cri_helpers.cc
+@@ -47,6 +47,8 @@ const std::string Constants::DOCKER_IMAGEID_PREFIX { "docker://" };
+ const std::string Constants::DOCKER_PULLABLE_IMAGEID_PREFIX { "docker-pullable://" };
+ const std::string Constants::RUNTIME_READY { "RuntimeReady" };
+ const std::string Constants::NETWORK_READY { "NetworkReady" };
++// Kata 2.x need create network namespace and setup network befoce run podsandbox
++const std::string Constants::NETWORK_SETUP_ANNOTATION_KEY { "cri.sandbox.network.setup.v2" };
+ const std::string Constants::POD_CHECKPOINT_KEY { "cri.sandbox.isulad.checkpoint" };
+ const std::string Constants::CONTAINER_TYPE_ANNOTATION_KEY { "io.kubernetes.cri.container-type" };
+ const std::string Constants::CONTAINER_NAME_ANNOTATION_KEY { "io.kubernetes.cri.container-name" };
+@@ -1140,4 +1142,14 @@ auto GetPodSELinuxLabelOpts(const std::string &selinuxLabel, Errors &error)
+     return fmtiSuladOpts(selinuxOpts, securityOptSep);
+ }
+ 
++bool SetupNetworkFirst(const std::map<std::string, std::string> &annotations)
++{
++    auto iter = annotations.find(CRIHelpers::Constants::NETWORK_SETUP_ANNOTATION_KEY);
++    if (iter == annotations.end()) {
++        return false;
++    }
++
++    return iter->second == std::string("true");
++}
++
+ } // namespace CRIHelpers
+diff --git a/src/daemon/common/cri/cri_helpers.h b/src/daemon/common/cri/cri_helpers.h
+index 5c450b32..11a80b45 100644
+--- a/src/daemon/common/cri/cri_helpers.h
++++ b/src/daemon/common/cri/cri_helpers.h
+@@ -49,6 +49,7 @@ public:
+     static const std::string DOCKER_PULLABLE_IMAGEID_PREFIX;
+     static const std::string RUNTIME_READY;
+     static const std::string NETWORK_READY;
++    static const std::string NETWORK_SETUP_ANNOTATION_KEY;
+     static const std::string POD_CHECKPOINT_KEY;
+     static const size_t MAX_CHECKPOINT_KEY_LEN { 250 };
+     static const std::string CONTAINER_TYPE_ANNOTATION_KEY;
+@@ -151,6 +152,8 @@ auto GetPodSELinuxLabelOpts(const std::string &selinuxLabel, Errors &error) -> s
+ auto GetlegacySeccompiSuladOpts(const std::string &seccompProfile, Errors &error) -> std::vector<iSuladOpt>;
+ 
+ auto GetSeccompiSuladOptsByPath(const char *dstpath, Errors &error) -> std::vector<iSuladOpt>;
++
++bool SetupNetworkFirst(const std::map<std::string, std::string> &annotations);
+ }; // namespace CRIHelpers
+ 
+ #endif // DAEMON_ENTRY_CRI_CRI_HELPERS_H
+diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+index af6b5fff..f852f4df 100644
+--- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
++++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc
+@@ -655,19 +655,33 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1alpha2::PodSandbox
+         }
+     }
+ 
+-    // Step 7: Setup networking for the sandbox.
+-    SetupSandboxNetwork(config, response_id, inspect_data, networkOptions, stdAnnos, network_setting_json, error);
+-    if (error.NotEmpty()) {
+-        goto cleanup_ns;
+-    }
++    // Step 7: According to the annotation and network namespace mode,
++    //         determine the order of start sandbox and setup network.
++    if (CRIHelpers::SetupNetworkFirst(stdAnnos)) {
++        // Step 7.1: Setup networking for the sandbox, and then start the sandbox container.
++        SetupSandboxNetwork(config, response_id, inspect_data, networkOptions, stdAnnos, network_setting_json, error);
++        if (error.NotEmpty()) {
++            goto cleanup_ns;
++        }
+ 
+-    // Step 8: Start the sandbox container.
+-    StartSandboxContainer(response_id, error);
+-    if (error.NotEmpty()) {
+-        goto cleanup_network;
++        StartSandboxContainer(response_id, error);
++        if (error.NotEmpty()) {
++            goto cleanup_network;
++        }
++    } else {
++        // Step 7.2: (Default)Start the sandbox container, and then setup networking for the sandbox.
++        StartSandboxContainer(response_id, error);
++        if (error.NotEmpty()) {
++            goto cleanup_ns;
++        }
++
++        SetupSandboxNetwork(config, response_id, inspect_data, networkOptions, stdAnnos, network_setting_json, error);
++        if (error.NotEmpty()) {
++            goto cleanup_ns;
++        }
+     }
+ 
+-    // Step 9: Save network settings json to disk
++    // Step 8: Save network settings json to disk
+     if (namespace_is_cni(inspect_data->host_config->network_mode)) {
+         Errors tmpErr;
+         UpdatePodSandboxNetworkSettings(response_id, network_setting_json, tmpErr);
+diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
+index 122f9992..f0538e26 100644
+--- a/src/daemon/modules/spec/specs.c
++++ b/src/daemon/modules/spec/specs.c
+@@ -1601,7 +1601,7 @@ static int merge_share_network_namespace(const oci_runtime_spec *oci_spec, const
+     int ret = 0;
+     char *ns_path = NULL;
+ 
+-    if (host_spec->network_mode == NULL) {
++    if (host_spec->network_mode == NULL || strlen(host_spec->network_mode) == 0) {
+         return 0;
+     }
+ 
+diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c
+index 6fc6852d..90bb156f 100644
+--- a/src/utils/cutils/utils_file.c
++++ b/src/utils/cutils/utils_file.c
+@@ -85,7 +85,7 @@ bool util_file_exists(const char *f)
+     struct stat buf;
+     int nret;
+ 
+-    if (f == NULL) {
++    if (f == NULL || strlen(f) == 0) {
+         return false;
+     }
+ 
+-- 
+2.25.1
+
author	CoprDistGit <infra@openeuler.org>	2024-09-03 03:24:28 +0000
committer	CoprDistGit <infra@openeuler.org>	2024-09-03 03:24:28 +0000
commit	e45819fcb4a96649a4030db7684f140d5ca46735 (patch)
tree	544dac3e30a0448eabdc50add41aa3a18982d9f1 /0105-start-sandbox-before-setup-network-by-default.patch
parent	1a71e3afebb4b43be63949dcc8e882fe7643f13b (diff)