Moves NetNS to Config from JailerConfig #155
Conversation
xibz
requested review from
kzys,
nmeyerhans,
samuelkarp,
mxpv,
IRCody and
sipsma
machine.go
Outdated
| @@ -296,6 +291,12 @@ func NewMachine(ctx context.Context, cfg Config, opts ...Opt) (*Machine, error) | |||
| m.machineConfig = cfg.MachineCfg | |||
| m.Cfg = cfg | |||
|
|
|||
| m.Handlers.FcInit = m.Handlers.FcInit.Swap(NewSetupNetworkHandler(m.netNSPath())) | |||
There was a problem hiding this comment.
This should probably only happen if m.netNSPath() != ""
There was a problem hiding this comment.
Refactored. No longer uses handler to enter netns
machine.go
Outdated
| @@ -296,6 +291,12 @@ func NewMachine(ctx context.Context, cfg Config, opts ...Opt) (*Machine, error) | |||
| m.machineConfig = cfg.MachineCfg | |||
| m.Cfg = cfg | |||
|
|
|||
| m.Handlers.FcInit = m.Handlers.FcInit.Swap(NewSetupNetworkHandler(m.netNSPath())) | |||
|
|
|||
| for _, opt := range opts { | |||
There was a problem hiding this comment.
Why'd you want to move the opts down here?
There was a problem hiding this comment.
I moved them down because that's generally where they belong. They usually are towards the end of a function, but I found that we were adding things to the NewMachine function which could stomp over any option that was provided. So I moved it down for safety purposes to avoid stomping over user overrides.
There was a problem hiding this comment.
Can you do that in a separate commit? It's unrelated to the subject of this commit (and PR).
There was a problem hiding this comment.
Just removed altogether. I'll go ahead and create a separate PR for this.
|
I'm not sure this addresses the original issue in firecracker-microvm/firecracker-containerd#305 Even if you override the handler to use a different netns path than what is returned by So the only way this will actually work is if the handler gets overridden with the exact default value that is returned in What's the downside of the other suggestion I mentioned in the other PR to just set the |
Because we use the I'll have to think about this a little more. I didn't see that |
Okay, I can see there being value in finding a way to unite the JailerCfg of the machine w/ firecracker-containerd's jailer instead of having firecracker-containerd mangle the handler setup of the machine entirely by itself, but I get that's kind of a monumental effort right now. What I think matters for this change is that there is only one place for users of the SDK to externally specify the netns path (which keeps the complication for users to the possible minimum). What do you think about moving the |
|
@sipsma - I messaged you a little bit ago with that same suggestion :p |
Sorry, I'm on plane wifi right now; github pages load after a minute or two but Chime hangs indefinitely at "Connecting..." :-) This is also what I suggested as the fallback in the original comment on the other PR, so are there any concerns with it? If not then sounds good to me! |
xibz
force-pushed
the
netns-handler
branch
2 times, most recently
from
2cc4ba3 to
4d0484b
Compare
xibz
changed the title
xibz
force-pushed
the
netns-handler
branch
4 times, most recently
from
a98f0e7 to
6c079fa
Compare
machine.go
Outdated
| jailerProvidedNetNS := m.Cfg.JailerCfg.netNSPath() != "" | ||
| isDefaultNetNSPath := m.Cfg.NetNS == m.defaultNetNSPath() | ||
| startCmd := m.cmd.Start | ||
|
|
||
| var err error | ||
| if hasNetNS && !jailerProvidedNetNS { | ||
| if isDefaultNetNSPath { | ||
| // If the VM needs to be started in a netns but no jailer netns was configured, | ||
| // start the vmm child process in the netns directly here. |
There was a problem hiding this comment.
This check should result in us only spinning up the VMM process directly in the netns when the jailer is not going to do it for us, so something like
hasNetNS := m.netNSPath() != ""
hasJailer := m.Cfg.JailerCfg != nil
...
if hasNetNS && !hasJailer {
...
}
I don't think just checking whether the path is the default works because it's actually very much in the realm of possibility that the user specifies a custom NetNS value that happens to be the same as the default (the path is /var/run/netns/<VMID> which is just the standard location for putting netns mounts + the VMID, which the user can also optionally specify in the machine Cfg).
machine.go
Outdated
| @@ -151,6 +155,7 @@ func (cfg *Config) Validate() error { | |||
| return nil | |||
| } | |||
|
|
|||
| // ValidateNetwork . | |||
There was a problem hiding this comment.
Nit: please write the doc comment.
There was a problem hiding this comment.
Removed. Shouldn't have added that :p
This change moves the NetNS field from the JailerConfig to the Config. This makes the most sense since net namespaces are not subject to only jailers, but can be used generally as well. Signed-off-by: xibz <impactbchang@gmail.com>
The current network namespace parameter nested in the JailerConfig parameter requires specifying the entire jailer configuration, which is not convenient and doesn't allow using the noop jailer with a network namespace. To overcome this limitation, add a new NetNS parameter to the CreateVM request. See also a similar change in firecracker-microvm/firecracker-go-sdk#155. Signed-off-by: Georgiy Lebedev <lebedev.gk@phystech.edu>
The current network namespace parameter nested in the JailerConfig parameter requires specifying the entire jailer configuration, which is not convenient and doesn't allow using the noop jailer with a network namespace. To overcome this limitation, add a new NetNS parameter to the CreateVM request. See also a similar change in firecracker-microvm/firecracker-go-sdk#155. Signed-off-by: Georgiy Lebedev <lebedev.gk@phystech.edu>
This change moves the NetNS field from the JailerConfig to the Config.
This makes the most sense since net namespaces are not subject to only
jailers, but can be used generally as well.
Signed-off-by: xibz impactbchang@gmail.com
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.