From e6b3528acff10fb2bc62e2da0c3754f1e36cbd54 Mon Sep 17 00:00:00 2001 From: zhongtao Date: Wed, 5 Jun 2024 10:04:59 +0800 Subject: [PATCH 105/108] start sandbox before setup network by default Signed-off-by: zhongtao --- src/daemon/common/cri/cri_helpers.cc | 12 +++++++ src/daemon/common/cri/cri_helpers.h | 3 ++ .../cri_pod_sandbox_manager_service.cc | 34 +++++++++++++------ src/daemon/modules/spec/specs.c | 2 +- src/utils/cutils/utils_file.c | 2 +- 5 files changed, 41 insertions(+), 12 deletions(-) diff --git a/src/daemon/common/cri/cri_helpers.cc b/src/daemon/common/cri/cri_helpers.cc index 68d569cc..8117403c 100644 --- a/src/daemon/common/cri/cri_helpers.cc +++ b/src/daemon/common/cri/cri_helpers.cc @@ -47,6 +47,8 @@ const std::string Constants::DOCKER_IMAGEID_PREFIX { "docker://" }; const std::string Constants::DOCKER_PULLABLE_IMAGEID_PREFIX { "docker-pullable://" }; const std::string Constants::RUNTIME_READY { "RuntimeReady" }; const std::string Constants::NETWORK_READY { "NetworkReady" }; +// Kata 2.x need create network namespace and setup network befoce run podsandbox +const std::string Constants::NETWORK_SETUP_ANNOTATION_KEY { "cri.sandbox.network.setup.v2" }; const std::string Constants::POD_CHECKPOINT_KEY { "cri.sandbox.isulad.checkpoint" }; const std::string Constants::CONTAINER_TYPE_ANNOTATION_KEY { "io.kubernetes.cri.container-type" }; const std::string Constants::CONTAINER_NAME_ANNOTATION_KEY { "io.kubernetes.cri.container-name" }; @@ -1140,4 +1142,14 @@ auto GetPodSELinuxLabelOpts(const std::string &selinuxLabel, Errors &error) return fmtiSuladOpts(selinuxOpts, securityOptSep); } +bool SetupNetworkFirst(const std::map &annotations) +{ + auto iter = annotations.find(CRIHelpers::Constants::NETWORK_SETUP_ANNOTATION_KEY); + if (iter == annotations.end()) { + return false; + } + + return iter->second == std::string("true"); +} + } // namespace CRIHelpers diff --git a/src/daemon/common/cri/cri_helpers.h b/src/daemon/common/cri/cri_helpers.h index 5c450b32..11a80b45 100644 --- a/src/daemon/common/cri/cri_helpers.h +++ b/src/daemon/common/cri/cri_helpers.h @@ -49,6 +49,7 @@ public: static const std::string DOCKER_PULLABLE_IMAGEID_PREFIX; static const std::string RUNTIME_READY; static const std::string NETWORK_READY; + static const std::string NETWORK_SETUP_ANNOTATION_KEY; static const std::string POD_CHECKPOINT_KEY; static const size_t MAX_CHECKPOINT_KEY_LEN { 250 }; static const std::string CONTAINER_TYPE_ANNOTATION_KEY; @@ -151,6 +152,8 @@ auto GetPodSELinuxLabelOpts(const std::string &selinuxLabel, Errors &error) -> s auto GetlegacySeccompiSuladOpts(const std::string &seccompProfile, Errors &error) -> std::vector; auto GetSeccompiSuladOptsByPath(const char *dstpath, Errors &error) -> std::vector; + +bool SetupNetworkFirst(const std::map &annotations); }; // namespace CRIHelpers #endif // DAEMON_ENTRY_CRI_CRI_HELPERS_H diff --git a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc index af6b5fff..f852f4df 100644 --- a/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc +++ b/src/daemon/entry/cri/v1alpha/cri_pod_sandbox_manager_service.cc @@ -655,19 +655,33 @@ auto PodSandboxManagerService::RunPodSandbox(const runtime::v1alpha2::PodSandbox } } - // Step 7: Setup networking for the sandbox. - SetupSandboxNetwork(config, response_id, inspect_data, networkOptions, stdAnnos, network_setting_json, error); - if (error.NotEmpty()) { - goto cleanup_ns; - } + // Step 7: According to the annotation and network namespace mode, + // determine the order of start sandbox and setup network. + if (CRIHelpers::SetupNetworkFirst(stdAnnos)) { + // Step 7.1: Setup networking for the sandbox, and then start the sandbox container. + SetupSandboxNetwork(config, response_id, inspect_data, networkOptions, stdAnnos, network_setting_json, error); + if (error.NotEmpty()) { + goto cleanup_ns; + } - // Step 8: Start the sandbox container. - StartSandboxContainer(response_id, error); - if (error.NotEmpty()) { - goto cleanup_network; + StartSandboxContainer(response_id, error); + if (error.NotEmpty()) { + goto cleanup_network; + } + } else { + // Step 7.2: (Default)Start the sandbox container, and then setup networking for the sandbox. + StartSandboxContainer(response_id, error); + if (error.NotEmpty()) { + goto cleanup_ns; + } + + SetupSandboxNetwork(config, response_id, inspect_data, networkOptions, stdAnnos, network_setting_json, error); + if (error.NotEmpty()) { + goto cleanup_ns; + } } - // Step 9: Save network settings json to disk + // Step 8: Save network settings json to disk if (namespace_is_cni(inspect_data->host_config->network_mode)) { Errors tmpErr; UpdatePodSandboxNetworkSettings(response_id, network_setting_json, tmpErr); diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c index 122f9992..f0538e26 100644 --- a/src/daemon/modules/spec/specs.c +++ b/src/daemon/modules/spec/specs.c @@ -1601,7 +1601,7 @@ static int merge_share_network_namespace(const oci_runtime_spec *oci_spec, const int ret = 0; char *ns_path = NULL; - if (host_spec->network_mode == NULL) { + if (host_spec->network_mode == NULL || strlen(host_spec->network_mode) == 0) { return 0; } diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c index 6fc6852d..90bb156f 100644 --- a/src/utils/cutils/utils_file.c +++ b/src/utils/cutils/utils_file.c @@ -85,7 +85,7 @@ bool util_file_exists(const char *f) struct stat buf; int nret; - if (f == NULL) { + if (f == NULL || strlen(f) == 0) { return false; } -- 2.25.1