ar: isolate network actions performed by client
This commit is contained in:
Nick Ethier
parent
dc29b679b4
commit
88793e92b6
|
|
@ -152,9 +152,17 @@ func newNetworkConfigurator(log hclog.Logger, alloc *structs.Allocation, config
|
|||
|
||||
switch {
|
||||
case netMode == "bridge":
|
||||
return newBridgeNetworkConfigurator(log, config.BridgeNetworkName, config.BridgeNetworkAllocSubnet, config.CNIPath, ignorePortMappingHostIP)
|
||||
c, err := newBridgeNetworkConfigurator(log, config.BridgeNetworkName, config.BridgeNetworkAllocSubnet, config.CNIPath, ignorePortMappingHostIP)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &synchronizedNetworkConfigurator{c}, nil
|
||||
case strings.HasPrefix(netMode, "cni/"):
|
||||
return newCNINetworkConfigurator(log, config.CNIPath, config.CNIInterfacePrefix, config.CNIConfigDir, netMode[4:], ignorePortMappingHostIP)
|
||||
c, err := newCNINetworkConfigurator(log, config.CNIPath, config.CNIInterfacePrefix, config.CNIConfigDir, netMode[4:], ignorePortMappingHostIP)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &synchronizedNetworkConfigurator{c}, nil
|
||||
default:
|
||||
return &hostNetworkConfigurator{}, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package allocrunner
|
|||
|
||||
import (
|
||||
"context"
|
||||
"sync"
|
||||
|
||||
"github.com/hashicorp/nomad/nomad/structs"
|
||||
"github.com/hashicorp/nomad/plugins/drivers"
|
||||
|
|
@ -25,3 +26,26 @@ func (h *hostNetworkConfigurator) Setup(context.Context, *structs.Allocation, *d
|
|||
func (h *hostNetworkConfigurator) Teardown(context.Context, *structs.Allocation, *drivers.NetworkIsolationSpec) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// networkingGlobalMutex is used by a synchronizedNetworkConfigurator to serialize
|
||||
// network operations done by the client to prevent race conditions when manipulating
|
||||
// iptables rules
|
||||
var networkingGlobalMutex sync.Mutex
|
||||
|
||||
// synchronizedNetworkConfigurator wraps a NetworkConfigurator to provide serialized access to network
|
||||
// operations performed by the client
|
||||
type synchronizedNetworkConfigurator struct {
|
||||
nc NetworkConfigurator
|
||||
}
|
||||
|
||||
func (s *synchronizedNetworkConfigurator) Setup(ctx context.Context, allocation *structs.Allocation, spec *drivers.NetworkIsolationSpec) (*structs.AllocNetworkStatus, error) {
|
||||
networkingGlobalMutex.Lock()
|
||||
defer networkingGlobalMutex.Unlock()
|
||||
return s.nc.Setup(ctx, allocation, spec)
|
||||
}
|
||||
|
||||
func (s *synchronizedNetworkConfigurator) Teardown(ctx context.Context, allocation *structs.Allocation, spec *drivers.NetworkIsolationSpec) error {
|
||||
networkingGlobalMutex.Lock()
|
||||
defer networkingGlobalMutex.Unlock()
|
||||
return s.nc.Teardown(ctx, allocation, spec)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue