Skip to content

Proper handling sandbox options#2232

Merged
ctelfer merged 2 commits intomoby:masterfrom
fcrisciani:ubuntu-dns
Jul 25, 2018
Merged

Proper handling sandbox options#2232
ctelfer merged 2 commits intomoby:masterfrom
fcrisciani:ubuntu-dns

Conversation

@fcrisciani
Copy link

@fcrisciani fcrisciani commented Jul 13, 2018

  • Restructure common to pkg directory to be more compliant with the golang directory structure
  • Use the resolv.conf passed from the daemon

Addresses: #2187
Moby side: moby/moby#37485

@fcrisciani fcrisciani force-pushed the ubuntu-dns branch 6 times, most recently from 8c60cca to bddac4c Compare July 13, 2018 18:33
@fcrisciani fcrisciani requested review from abhi and ctelfer July 13, 2018 18:47
@ctelfer
Copy link
Contributor

ctelfer commented Jul 13, 2018

Hey. Definitely a change that Docker engine needs. But not sure on the details, fwiw.

First: I'm 50/50 on splitting out the utility libraries in "common/" to separate sub-packages. Of course I'm not really clear on why "common/" is split out as it is. What makes "caller", "setmatrix" and now "procfs" special? Maybe they should all just go to the top level? Or maybe other stand-alones should go in "internal/"? Hrmm...

Second: you have a procfs_linux.go but no procfs_unimplemented.go. Probably need that.

Third: is checking for a particular binary running the right way to do this? K8s is mainly doing it to issue a warning so that's "safe" in a sense. But transparently substituting in libnetwork doesn't seem robust. Maybe we should do what k8s is doing even more so: require the user to provide an option for a default resolv.conf file when starting up the engine. Libnetwork does have (sandbox) options to specify the source of the resolv.conf file already, so this wouldn't necessarily mean a libnetwork change at all. It could just be a moby change. (We could still do the warning if systemd-resolverd is detected and the resolv.conf option isn't overridden.)

@fcrisciani
Copy link
Author

replying to the concerns:

  1. the 3 utilities are not sharing anything that reason them to be within the same package. The folder internal holds also the meaning of disallowing the use of the library outside of this project.

  2. that only if the procfs code is used by files that are, in this case, compiled also for non linux OS. Compilations succeed because in this commit procfs is already being called by a file named _linux

  3. Will have to check such option that you are mentioning. For what I can see there, the resolv.conf is hardcoded in the get, that's why I added there the fix.

@fcrisciani
Copy link
Author

but I definitely see how undesirable is doing it for each sandbox creation

package procfs

/*
Copyright 2015 The Kubernetes Authors.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the copyright needed?
cc @thaJeztah for advice

Internal directory is designed to contain libraries
that are exclusively used by this project

Signed-off-by: Flavio Crisciani <[email protected]>
@fcrisciani fcrisciani changed the title Ubuntu 18.04 DNS [WIP] Ubuntu 18.04 DNS Jul 17, 2018
@fcrisciani fcrisciani force-pushed the ubuntu-dns branch 3 times, most recently from e718e88 to 6950ccf Compare July 17, 2018 18:41
@fcrisciani fcrisciani changed the title [WIP] Ubuntu 18.04 DNS Proper handling sandbox options Jul 17, 2018
@fcrisciani
Copy link
Author

@abhi @ctelfer can you guys take anther look? on the description I added the moby side of it

Copy link
Contributor

@ctelfer ctelfer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM -- (minor nit)

// This is for the host mode networking
if sb.config.originHostsPath != "" {
if sb.config.useDefaultSandBox && len(sb.config.extraHosts) == 0 {
if err := copyFile(sb.config.originHostsPath, sb.config.hostsPath); err != nil && !os.IsNotExist(err) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit -- assumes that if the condition holds true that originHostsPath has also been set. This is true in the moby patch of course, but is unclear from just reading the libnetwork code. Suggest at least putting a comment on OptionUseDefaultSandbox() to say that one must also add OptionOriginHostsPath() or one or more OptionExtraHost() options or expect an error. Same for OptionOriginResolvConfPath() and OptionDNS()/OptionDNSSearch()/OptionDNSOptions()...

Leverage what is it passed from the daemon
Fix check about the host networking

Signed-off-by: Flavio Crisciani <[email protected]>
@fcrisciani
Copy link
Author

@ctelfer added comments requested, feel free to merge if they look ok

@ctelfer ctelfer merged commit c3a682c into moby:master Jul 25, 2018
@fcrisciani fcrisciani deleted the ubuntu-dns branch July 25, 2018 17:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants