Browse code
daemon: propagate exec-root to libnetwork-setkey
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Akihiro Suda authored on 2018/09/15 00:21:43Showing 6 changed files
- daemon/oci_linux.go
- hack/dockerfile/install/proxy.installer
- internal/test/daemon/daemon.go
- vendor.conf
- vendor/github.com/docker/libnetwork/config/config.go
- vendor/github.com/docker/libnetwork/sandbox_externalkey_unix.go
| ... | ... |
@@ -809,7 +809,7 @@ func (daemon *Daemon) createSpec(c *container.Container) (retSpec *specs.Spec, e |
| 809 | 809 |
s.Hooks = &specs.Hooks{
|
| 810 | 810 |
Prestart: []specs.Hook{{
|
| 811 | 811 |
Path: target, |
| 812 |
- Args: []string{"libnetwork-setkey", c.ID, daemon.netController.ID()},
|
|
| 812 |
+ Args: []string{"libnetwork-setkey", "-exec-root=" + daemon.configStore.GetExecRoot(), c.ID, daemon.netController.ID()},
|
|
| 813 | 813 |
}}, |
| 814 | 814 |
} |
| 815 | 815 |
} |
| ... | ... |
@@ -3,7 +3,7 @@ |
| 3 | 3 |
# LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When |
| 4 | 4 |
# updating the binary version, consider updating github.com/docker/libnetwork |
| 5 | 5 |
# in vendor.conf accordingly |
| 6 |
-LIBNETWORK_COMMIT=36d3bed0e9f4b3c8c66df9bd45278bb90b33e911 |
|
| 6 |
+LIBNETWORK_COMMIT=20461b8539336a4b5fcf551a86dd24ebae211984 |
|
| 7 | 7 |
|
| 8 | 8 |
install_proxy() {
|
| 9 | 9 |
case "$1" in |
| ... | ... |
@@ -111,12 +111,13 @@ func New(t testingT, ops ...func(*Daemon)) *Daemon {
|
| 111 | 111 |
} |
| 112 | 112 |
} |
| 113 | 113 |
d := &Daemon{
|
| 114 |
- id: id, |
|
| 115 |
- Folder: daemonFolder, |
|
| 116 |
- Root: daemonRoot, |
|
| 117 |
- storageDriver: storageDriver, |
|
| 118 |
- userlandProxy: userlandProxy, |
|
| 119 |
- execRoot: filepath.Join(os.TempDir(), "docker-execroot", id), |
|
| 114 |
+ id: id, |
|
| 115 |
+ Folder: daemonFolder, |
|
| 116 |
+ Root: daemonRoot, |
|
| 117 |
+ storageDriver: storageDriver, |
|
| 118 |
+ userlandProxy: userlandProxy, |
|
| 119 |
+ // dxr stands for docker-execroot (shortened for avoiding unix(7) path length limitation) |
|
| 120 |
+ execRoot: filepath.Join(os.TempDir(), "dxr", id), |
|
| 120 | 121 |
dockerdBinary: defaultDockerdBinary, |
| 121 | 122 |
swarmListenAddr: defaultSwarmListenAddr, |
| 122 | 123 |
SwarmPort: DefaultSwarmPort, |
| ... | ... |
@@ -37,7 +37,7 @@ github.com/mitchellh/hashstructure 2bca23e0e452137f789efbc8610126fd8b94f73b |
| 37 | 37 |
#get libnetwork packages |
| 38 | 38 |
|
| 39 | 39 |
# When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy accordingly |
| 40 |
-github.com/docker/libnetwork 36d3bed0e9f4b3c8c66df9bd45278bb90b33e911 |
|
| 40 |
+github.com/docker/libnetwork 20461b8539336a4b5fcf551a86dd24ebae211984 |
|
| 41 | 41 |
github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9 |
| 42 | 42 |
github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 |
| 43 | 43 |
github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec |
| ... | ... |
@@ -35,6 +35,7 @@ type DaemonCfg struct {
|
| 35 | 35 |
Debug bool |
| 36 | 36 |
Experimental bool |
| 37 | 37 |
DataDir string |
| 38 |
+ ExecRoot string |
|
| 38 | 39 |
DefaultNetwork string |
| 39 | 40 |
DefaultDriver string |
| 40 | 41 |
Labels []string |
| ... | ... |
@@ -217,6 +218,7 @@ func OptionDataDir(dataDir string) Option {
|
| 217 | 217 |
// OptionExecRoot function returns an option setter for exec root folder |
| 218 | 218 |
func OptionExecRoot(execRoot string) Option {
|
| 219 | 219 |
return func(c *Config) {
|
| 220 |
+ c.Daemon.ExecRoot = execRoot |
|
| 220 | 221 |
osl.SetBasePath(execRoot) |
| 221 | 222 |
} |
| 222 | 223 |
} |
| ... | ... |
@@ -4,24 +4,30 @@ package libnetwork |
| 4 | 4 |
|
| 5 | 5 |
import ( |
| 6 | 6 |
"encoding/json" |
| 7 |
+ "flag" |
|
| 7 | 8 |
"fmt" |
| 8 | 9 |
"io" |
| 9 | 10 |
"io/ioutil" |
| 10 | 11 |
"net" |
| 11 | 12 |
"os" |
| 13 |
+ "path/filepath" |
|
| 12 | 14 |
|
| 13 | 15 |
"github.com/docker/libnetwork/types" |
| 14 | 16 |
"github.com/opencontainers/runc/libcontainer/configs" |
| 15 | 17 |
"github.com/sirupsen/logrus" |
| 16 | 18 |
) |
| 17 | 19 |
|
| 18 |
-const udsBase = "/run/docker/libnetwork/" |
|
| 19 |
-const success = "success" |
|
| 20 |
+const ( |
|
| 21 |
+ execSubdir = "libnetwork" |
|
| 22 |
+ defaultExecRoot = "/run/docker" |
|
| 23 |
+ success = "success" |
|
| 24 |
+) |
|
| 20 | 25 |
|
| 21 | 26 |
// processSetKeyReexec is a private function that must be called only on an reexec path |
| 22 | 27 |
// It expects 3 args { [0] = "libnetwork-setkey", [1] = <container-id>, [2] = <controller-id> }
|
| 23 | 28 |
// It also expects configs.HookState as a json string in <stdin> |
| 24 | 29 |
// Refer to https://github.com/opencontainers/runc/pull/160/ for more information |
| 30 |
+// The docker exec-root can be specified as "-exec-root" flag. The default value is "/run/docker". |
|
| 25 | 31 |
func processSetKeyReexec() {
|
| 26 | 32 |
var err error |
| 27 | 33 |
|
| ... | ... |
@@ -32,12 +38,17 @@ func processSetKeyReexec() {
|
| 32 | 32 |
} |
| 33 | 33 |
}() |
| 34 | 34 |
|
| 35 |
- // expecting 3 args {[0]="libnetwork-setkey", [1]=<container-id>, [2]=<controller-id> }
|
|
| 36 |
- if len(os.Args) < 3 {
|
|
| 37 |
- err = fmt.Errorf("Re-exec expects 3 args, received : %d", len(os.Args))
|
|
| 35 |
+ execRoot := flag.String("exec-root", defaultExecRoot, "docker exec root")
|
|
| 36 |
+ flag.Parse() |
|
| 37 |
+ |
|
| 38 |
+ // expecting 3 os.Args {[0]="libnetwork-setkey", [1]=<container-id>, [2]=<controller-id> }
|
|
| 39 |
+ // (i.e. expecting 2 flag.Args()) |
|
| 40 |
+ args := flag.Args() |
|
| 41 |
+ if len(args) < 2 {
|
|
| 42 |
+ err = fmt.Errorf("Re-exec expects 2 args (after parsing flags), received : %d", len(args))
|
|
| 38 | 43 |
return |
| 39 | 44 |
} |
| 40 |
- containerID := os.Args[1] |
|
| 45 |
+ containerID, controllerID := args[0], args[1] |
|
| 41 | 46 |
|
| 42 | 47 |
// We expect configs.HookState as a json string in <stdin> |
| 43 | 48 |
stateBuf, err := ioutil.ReadAll(os.Stdin) |
| ... | ... |
@@ -49,18 +60,17 @@ func processSetKeyReexec() {
|
| 49 | 49 |
return |
| 50 | 50 |
} |
| 51 | 51 |
|
| 52 |
- controllerID := os.Args[2] |
|
| 53 |
- |
|
| 54 |
- err = SetExternalKey(controllerID, containerID, fmt.Sprintf("/proc/%d/ns/net", state.Pid))
|
|
| 52 |
+ err = SetExternalKey(controllerID, containerID, fmt.Sprintf("/proc/%d/ns/net", state.Pid), *execRoot)
|
|
| 55 | 53 |
} |
| 56 | 54 |
|
| 57 | 55 |
// SetExternalKey provides a convenient way to set an External key to a sandbox |
| 58 |
-func SetExternalKey(controllerID string, containerID string, key string) error {
|
|
| 56 |
+func SetExternalKey(controllerID string, containerID string, key string, execRoot string) error {
|
|
| 59 | 57 |
keyData := setKeyData{
|
| 60 | 58 |
ContainerID: containerID, |
| 61 | 59 |
Key: key} |
| 62 | 60 |
|
| 63 |
- c, err := net.Dial("unix", udsBase+controllerID+".sock")
|
|
| 61 |
+ uds := filepath.Join(execRoot, execSubdir, controllerID+".sock") |
|
| 62 |
+ c, err := net.Dial("unix", uds)
|
|
| 64 | 63 |
if err != nil {
|
| 65 | 64 |
return err |
| 66 | 65 |
} |
| ... | ... |
@@ -102,10 +112,15 @@ func processReturn(r io.Reader) error {
|
| 102 | 102 |
} |
| 103 | 103 |
|
| 104 | 104 |
func (c *controller) startExternalKeyListener() error {
|
| 105 |
+ execRoot := defaultExecRoot |
|
| 106 |
+ if v := c.Config().Daemon.ExecRoot; v != "" {
|
|
| 107 |
+ execRoot = v |
|
| 108 |
+ } |
|
| 109 |
+ udsBase := filepath.Join(execRoot, execSubdir) |
|
| 105 | 110 |
if err := os.MkdirAll(udsBase, 0600); err != nil {
|
| 106 | 111 |
return err |
| 107 | 112 |
} |
| 108 |
- uds := udsBase + c.id + ".sock" |
|
| 113 |
+ uds := filepath.Join(udsBase, c.id+".sock") |
|
| 109 | 114 |
l, err := net.Listen("unix", uds)
|
| 110 | 115 |
if err != nil {
|
| 111 | 116 |
return err |