vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

server: correctly set hostname

Browse source 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This commit is contained in:
Antonio Murdaca 2017-09-13 10:28:41 +02:00
parent 0c1383fd30
commit 9ec518491f
No known key found for this signature in database
GPG key ID: B2BEAD150DE936B9
6 changed files with 129 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
libkpod/container_server.go
View file

@ -335,6 +335,7 @@ func (c *ContainerServer) LoadSandbox(id string) error {
if err != nil { if err != nil {
return err return err
} }
sb.AddHostnamePath(m.Annotations[annotations.HostnamePath])
sb.AddIP(ip) sb.AddIP(ip)
// We add a netNS only if we can load a permanent one. // We add a netNS only if we can load a permanent one.

11
libkpod/sandbox/sandbox.go
View file

@ -151,6 +151,7 @@ type Sandbox struct {
privileged bool privileged bool
trusted bool trusted bool
resolvPath string resolvPath string
hostnamePath string
hostname string hostname string
portMappings []*hostport.PortMapping portMappings []*hostport.PortMapping
stopped bool stopped bool
@ -301,6 +302,16 @@ func (s *Sandbox) ResolvPath() string {
return s.resolvPath return s.resolvPath
} }
// AddHostnamePath adds the hostname path to the sandbox
func (s *Sandbox) AddHostnamePath(hostname string) {
s.hostnamePath = hostname
}
// HostnamePath retrieves the hostname path from a sandbox
func (s *Sandbox) HostnamePath() string {
return s.hostnamePath
}
// Hostname returns the hsotname of the sandbox // Hostname returns the hsotname of the sandbox
func (s *Sandbox) Hostname() string { func (s *Sandbox) Hostname() string {
return s.hostname return s.hostname

3
pkg/annotations/annotations.go
View file

@ -52,6 +52,9 @@ const (
// ResolvPath is the resolver configuration path annotation // ResolvPath is the resolver configuration path annotation
ResolvPath = "io.kubernetes.cri-o.ResolvPath" ResolvPath = "io.kubernetes.cri-o.ResolvPath"
// HostnamePath is the path to /etc/hostname to bind mount annotation
HostnamePath = "io.kubernetes.cri-o.HostnamePath"
// SandboxID is the sandbox ID annotation // SandboxID is the sandbox ID annotation
SandboxID = "io.kubernetes.cri-o.SandboxID" SandboxID = "io.kubernetes.cri-o.SandboxID"

13
server/container_create.go
View file

@ -818,18 +818,25 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
options = []string{"ro"} options = []string{"ro"}
} }
if sb.ResolvPath() != "" { if sb.ResolvPath() != "" {
// TODO: selinux
// label.Relabel(sb.ResolvPath(), container.MountLabel, shared)
// bind mount the pod resolver file // bind mount the pod resolver file
specgen.AddBindMount(sb.ResolvPath(), "/etc/resolv.conf", options) specgen.AddBindMount(sb.ResolvPath(), "/etc/resolv.conf", options)
} }
if sb.HostnamePath() != "" {
// TODO: selinux
specgen.AddBindMount(sb.HostnamePath(), "/etc/hostname", options)
}
// Bind mount /etc/hosts for host networking containers // Bind mount /etc/hosts for host networking containers
if hostNetwork(containerConfig) { if hostNetwork(containerConfig) {
specgen.AddBindMount("/etc/hosts", "/etc/hosts", options) specgen.AddBindMount("/etc/hosts", "/etc/hosts", options)
} }
if sb.Hostname() != "" { specgen.SetHostname(sb.Hostname())
specgen.SetHostname(sb.Hostname())
}
specgen.AddAnnotation(annotations.Name, containerName) specgen.AddAnnotation(annotations.Name, containerName)
specgen.AddAnnotation(annotations.ContainerID, containerID) specgen.AddAnnotation(annotations.ContainerID, containerID)

46
server/sandbox_run.go
View file

@ -3,6 +3,7 @@ package server
import ( import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"io/ioutil"
"os" "os"
"path" "path"
"path/filepath" "path/filepath"
@ -187,12 +188,6 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
g.SetProcessArgs([]string{s.config.PauseCommand}) g.SetProcessArgs([]string{s.config.PauseCommand})
} }
// set hostname
hostname := req.GetConfig().Hostname
if hostname != "" {
g.SetHostname(hostname)
}
// set DNS options // set DNS options
if req.GetConfig().GetDnsConfig() != nil { if req.GetConfig().GetDnsConfig() != nil {
dnsServers := req.GetConfig().GetDnsConfig().Servers dnsServers := req.GetConfig().GetDnsConfig().Servers
@ -208,6 +203,9 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
} }
return nil, err return nil, err
} }
// TODO: selinux
// label.Relabel(sb.ResolvPath(), container.MountLabel, shared)
g.AddBindMount(resolvPath, "/etc/resolv.conf", []string{"ro"}) g.AddBindMount(resolvPath, "/etc/resolv.conf", []string{"ro"})
} }
@ -301,6 +299,14 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
return nil, err return nil, err
} }
hostNetwork := req.GetConfig().GetLinux().GetSecurityContext().GetNamespaceOptions().HostNetwork
hostname, err := getHostname(id, req.GetConfig().Hostname, hostNetwork)
if err != nil {
return nil, err
}
g.SetHostname(hostname)
privileged := s.privilegedSandbox(req) privileged := s.privilegedSandbox(req)
trusted := s.trustedSandbox(req) trusted := s.trustedSandbox(req)
g.AddAnnotation(annotations.Metadata, string(metadataJSON)) g.AddAnnotation(annotations.Metadata, string(metadataJSON))
@ -399,8 +405,6 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
g.SetLinuxResourcesCPUShares(PodInfraCPUshares) g.SetLinuxResourcesCPUShares(PodInfraCPUshares)
hostNetwork := req.GetConfig().GetLinux().GetSecurityContext().GetNamespaceOptions().HostNetwork
// set up namespaces // set up namespaces
if hostNetwork { if hostNetwork {
err = g.RemoveLinuxNamespace("network") err = g.RemoveLinuxNamespace("network")
@ -456,6 +460,15 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
g.AddAnnotation(annotations.MountPoint, mountPoint) g.AddAnnotation(annotations.MountPoint, mountPoint)
g.SetRootPath(mountPoint) g.SetRootPath(mountPoint)
hostnamePath := fmt.Sprintf("%s/hostname", podContainer.RunDir)
if err := ioutil.WriteFile(hostnamePath, []byte(hostname+"\n"), 0644); err != nil {
return nil, err
}
// TODO: selinux relabel
g.AddBindMount(hostnamePath, "/etc/hostname", []string{"ro"})
g.AddAnnotation(annotations.HostnamePath, hostnamePath)
sb.AddHostnamePath(hostnamePath)
container, err := oci.NewContainer(id, containerName, podContainer.RunDir, logPath, sb.NetNs(), labels, kubeAnnotations, "", "", "", nil, id, false, false, false, sb.Privileged(), sb.Trusted(), podContainer.Dir, created, podContainer.Config.Config.StopSignal) container, err := oci.NewContainer(id, containerName, podContainer.RunDir, logPath, sb.NetNs(), labels, kubeAnnotations, "", "", "", nil, id, false, false, false, sb.Privileged(), sb.Trusted(), podContainer.Dir, created, podContainer.Config.Config.StopSignal)
if err != nil { if err != nil {
return nil, err return nil, err
@ -515,6 +528,23 @@ func convertPortMappings(in []*pb.PortMapping) []*hostport.PortMapping {
return out return out
} }
func getHostname(id, hostname string, hostNetwork bool) (string, error) {
if hostNetwork {
if hostname == "" {
h, err := os.Hostname()
if err != nil {
return "", err
}
hostname = h
}
} else {
if hostname == "" {
hostname = id[:12]
}
}
return hostname, nil
}
func (s *Server) setPodSandboxMountLabel(id, mountLabel string) error { func (s *Server) setPodSandboxMountLabel(id, mountLabel string) error {
storageMetadata, err := s.StorageRuntimeServer().GetContainerMetadata(id) storageMetadata, err := s.StorageRuntimeServer().GetContainerMetadata(id)
if err != nil { if err != nil {

66
test/network.bats
View file

@ -2,6 +2,72 @@
load helpers load helpers
@test "ensure correct hostname" {
start_crio
run crioctl pod run --config "$TESTDATA"/sandbox_config.json
echo "$output"
[ "$status" -eq 0 ]
pod_id="$output"
run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id"
echo "$output"
[ "$status" -eq 0 ]
ctr_id="$output"
run crioctl ctr start --id "$ctr_id"
echo "$output"
[ "$status" -eq 0 ]
run crioctl ctr execsync --id "$ctr_id" sh -c "hostname"
echo "$output"
[ "$status" -eq 0 ]
[[ "$output" =~ "crioctl_host" ]]
run crioctl ctr execsync --id "$ctr_id" sh -c "echo \$HOSTNAME"
echo "$output"
[ "$status" -eq 0 ]
[[ "$output" =~ "crioctl_host" ]]
run crioctl ctr execsync --id "$ctr_id" sh -c "cat /etc/hostname"
echo "$output"
[ "$status" -eq 0 ]
[[ "$output" =~ "crioctl_host" ]]
cleanup_ctrs
cleanup_pods
stop_crio
}
@test "ensure correct hostname for hostnetwork:true" {
start_crio
hostnetworkconfig=$(cat "$TESTDATA"/sandbox_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["linux"]["security_context"]["namespace_options"]["host_network"] = True; obj["annotations"] = {}; obj["hostname"] = ""; json.dump(obj, sys.stdout)')
echo "$hostnetworkconfig" > "$TESTDIR"/sandbox_hostnetwork_config.json
run crioctl pod run --config "$TESTDIR"/sandbox_hostnetwork_config.json
echo "$output"
[ "$status" -eq 0 ]
pod_id="$output"
run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id"
echo "$output"
[ "$status" -eq 0 ]
ctr_id="$output"
run crioctl ctr start --id "$ctr_id"
echo "$output"
[ "$status" -eq 0 ]
run crioctl ctr execsync --id "$ctr_id" sh -c "hostname"
echo "$output"
[ "$status" -eq 0 ]
[[ "$output" =~ "$HOSTNAME" ]]
run crioctl ctr execsync --id "$ctr_id" sh -c "echo \$HOSTNAME"
echo "$output"
[ "$status" -eq 0 ]
[[ "$output" =~ "$HOSTNAME" ]]
run crioctl ctr execsync --id "$ctr_id" sh -c "cat /etc/hostname"
echo "$output"
[ "$status" -eq 0 ]
[[ "$output" =~ "$HOSTNAME" ]]
cleanup_ctrs
cleanup_pods
stop_crio
}
@test "Check for valid pod netns CIDR" { @test "Check for valid pod netns CIDR" {
start_crio start_crio
run crioctl pod run --config "$TESTDATA"/sandbox_config.json run crioctl pod run --config "$TESTDATA"/sandbox_config.json