From 69257aa85cc5aabca2ea63ff16e9c3cbbb54ebad Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Thu, 22 Feb 2018 17:23:22 +0100 Subject: [PATCH 1/2] sandbox net: set netns closed after actaully closing it Umount/Remove below can go wrong and next calls to NetNsRemove would trigger: 481 Feb 22 14:37:35 ip-172-31-48-190.ec2.internal atomic-openshift-node[88937]: E0222 14:37:35.291692 88937 remote_runtime.g o:115] StopPodSandbox "200a062985ebfda2bbdb1b5d724005d4a0c1be54f277a4de52f9f101d9c43db6" from runtime service failed: rpc error: code = Unknown desc = close /var/run/netns/k8s_psql-1-tht5r_bingli328usyu727s_6a7b8edc-174d-11e8-9e8f-0a46c474dfe0_ 0-dda1c649: file already closed Signed-off-by: Antonio Murdaca --- lib/sandbox/sandbox.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/sandbox/sandbox.go b/lib/sandbox/sandbox.go index a12a96ef..0b590586 100644 --- a/lib/sandbox/sandbox.go +++ b/lib/sandbox/sandbox.go @@ -485,6 +485,8 @@ func (s *Sandbox) NetNsRemove() error { return err } + s.netns.closed = true + if s.netns.restored { // we got namespaces in the form of // /var/run/netns/cni-0d08effa-06eb-a963-f51a-e2b0eceffc5d @@ -505,6 +507,5 @@ func (s *Sandbox) NetNsRemove() error { } } - s.netns.closed = true return nil } From 0fe2aa6e2fff0fed8f986818eb2169b3f57be08f Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Thu, 22 Feb 2018 17:24:57 +0100 Subject: [PATCH 2/2] sandbox_stop: close/remove the netns _after_ stopping the containers Signed-off-by: Antonio Murdaca --- server/sandbox_stop.go | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/server/sandbox_stop.go b/server/sandbox_stop.go index 31e51694..5bd24d15 100644 --- a/server/sandbox_stop.go +++ b/server/sandbox_stop.go @@ -49,13 +49,6 @@ func (s *Server) StopPodSandbox(ctx context.Context, req *pb.StopPodSandboxReque return resp, nil } - // Clean up sandbox networking and close its network namespace. - hostNetwork := sb.NetNsPath() == "" - s.networkStop(hostNetwork, sb) - if err := sb.NetNsRemove(); err != nil { - return nil, err - } - podInfraContainer := sb.InfraContainer() containers := sb.Containers().List() containers = append(containers, podInfraContainer) @@ -77,6 +70,13 @@ func (s *Server) StopPodSandbox(ctx context.Context, req *pb.StopPodSandboxReque s.ContainerStateToDisk(c) } + // Clean up sandbox networking and close its network namespace. + hostNetwork := sb.NetNsPath() == "" + s.networkStop(hostNetwork, sb) + if err := sb.NetNsRemove(); err != nil { + return nil, err + } + if err := label.ReleaseLabel(sb.ProcessLabel()); err != nil { return nil, err } @@ -97,6 +97,7 @@ func (s *Server) StopPodSandbox(ctx context.Context, req *pb.StopPodSandboxReque } } } + if err := s.StorageRuntimeServer().StopContainer(sb.ID()); err != nil && errors.Cause(err) != storage.ErrContainerUnknown { logrus.Warnf("failed to stop sandbox container in pod sandbox %s: %v", sb.ID(), err) }