Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Feb 24, 2020. It is now read-only.

network: do not automatically add default* networks when custom ones are specified #3685

Merged
merged 2 commits into from
Jul 10, 2017
Merged

network: do not automatically add default* networks when custom ones are specified #3685

merged 2 commits into from
Jul 10, 2017

Conversation

@fabiokung
Copy link
Contributor

@fabiokung fabiokung commented May 20, 2017
edited by lucab
Loading

BREAKING: do not automatically add default* networks when custom ones are specified

Currently, a network named "default" (or "default-restricted") is always added to Pods, even when --net=custom1,custom2,... was passed in. E.g.:

$ rkt --insecure-options=image run docker://alpine --net=custom1 --exec /bin/sh -- -c "ip link show"
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: eth0@if91: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc tbf state UP
    link/ether 0a:58:c0:a8:02:03 brd ff:ff:ff:ff:ff:ff
5: eth1@if92: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
    link/ether e2:a1:b3:c1:e7:24 brd ff:ff:ff:ff:ff:ff

The container in that case should only have lo and eth0, not eth1.

The current behavior (a default network is always added) is not what is specified on docs (Documentation/networking/overview.md):

**Note**: The default network must be explicitly listed in order to be loaded when `--net=n1,n2,...` is specified with a list of network names.

Example: If you want default networking and two more networks you need to pass `--net=default,net1,net2`.

Signed-off-by: Fabio Kung [email protected]

@ghost
Copy link

ghost commented May 20, 2017

Can one of the admins verify this patch?

@fabiokung
Copy link
Contributor Author

Fixes #3598 and #3605

Note that I can't simply name the custom network default or default-restricted, since I have multiple network definitions and need to pick a different one for each container at runtime.

@fabiokung fabiokung mentioned this pull request May 20, 2017
Closed
@fabiokung fabiokung force-pushed the no-default-network branch from 7259af2 to c6b803b Compare May 23, 2017 01:29
@fabiokung
Copy link
Contributor Author

ping @squeed, I was told you are usually interested on CNI-related changes

lucab
lucab suggested changes Jun 12, 2017
View reviewed changes
networking/podenv.go
return nil, err
}
netSlice := make([]activeNet, 0, len(nets))
for _, net := range nets {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Iterating over this map may discard the original order. This is a behavioral change compared to existing code and I don't think this is really what you want (even though you probably won't notice this often at runtime). Should we just directly receive an array here without post-processing?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah, you are right!

The logic here can become very complex. We either use the order defined by .conf file names on disk, with some other logic to merge contents from /etc/rkt/net.d and what's built into stage1, or we use the order from the command line, but it is unclear what to do for --net=all.

Thoughts?

@lucab
Copy link
Member

lucab commented Jun 12, 2017

I went through a bit of code and tickets history, and I now tend to agree with @fabiokung opinion that the current logic is more like an unwanted artifact of several iterations (especially #1216 (comment)).

I'm fine with taking this PR to change the current behavior, and I left some comments inline. I still think this is a breaking change though which should be called out in the release notes.

@lucab lucab changed the title only add the default network when there are no user networks specified network do not automatically add default* networks when custom ones are specified Jun 12, 2017
@lucab lucab changed the title network do not automatically add default* networks when custom ones are specified network: do not automatically add default* networks when custom ones are specified Jun 12, 2017
@fabiokung fabiokung force-pushed the no-default-network branch from c6b803b to eb8db86 Compare June 19, 2017 15:22
@fabiokung fabiokung mentioned this pull request Jun 19, 2017
Open
@fabiokung
Copy link
Contributor Author

fabiokung commented Jun 19, 2017
edited
Loading

@lucab I added some bits to preserve ordering from filenames. This should look more like the previous behavior.

Adding tests for this is non-trivial ATM (there are no tests for this part of the codebase afaict 😞. EDIT: I lied, there are some tests in test/rkt_net_nspawn_test.go), so I'd rather get it merged with some manual testing, reviews, and necessary docs. I filled #3720 as a followup.

@lucab lucab added this to the 1.28.0 milestone Jun 19, 2017
fabiokung added 2 commits June 22, 2017 12:38
@fabiokung
network: hierarchical loader for configs, custom defaults
e32c3d4 
**BREAKING**

Let builtin network configurations (e.g.: default and
default-restricted) in the default stage1 image be overriden by custom
images.

This allows users to specify --net=custom1,default and have the default
network come from builtin configurations. Users can also provide a
custom network named default to override what's builtin, as needed.

Fixes rkt#3598 and rkt#3605, a default network is only added to containers
when --net is empty (no custom networks), or when default or
default-restricted were explicitly specified.

For backwards compatibility, the order in which networks will be applied
is define by their config file names. This allows some control on what
is eth0, eth1, etc. inside pods, with filenames like Z01-custom.conf,
N15-default.conf, ...

Signed-off-by: Fabio Kung <[email protected]>
@fabiokung
test: TestNetOverride only needs one --net
d8ea9a0 
Now that the network loader respects the filename order, --net=all
was causing the default networks to be added as eth0, instead of the
desired custom network

Signed-off-by: Fabio Kung <[email protected]>
@fabiokung fabiokung force-pushed the no-default-network branch from f6250c4 to d8ea9a0 Compare June 22, 2017 19:38
@lucab
Copy link
Member

lucab commented Jul 10, 2017

Thanks, LGTM!

@lucab lucab merged commit 2f6e2cb into rkt:master Jul 10, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@lucab lucab lucab approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area/networking kind/API break reviewed/lgtm

Projects

None yet

Milestone

1.28.0

Development

Successfully merging this pull request may close these issues.

2 participants

@fabiokung @lucab