ar: isolate network actions performed by client
This commit is contained in:
Nick Ethier
parent
dc29b679b4
commit
88793e92b6
|
|
@ -152,9 +152,17 @@ func newNetworkConfigurator(log hclog.Logger, alloc *structs.Allocation, config
|
||||||
|
|
||||||
switch {
|
switch {
|
||||||
case netMode == "bridge":
|
case netMode == "bridge":
|
||||||
return newBridgeNetworkConfigurator(log, config.BridgeNetworkName, config.BridgeNetworkAllocSubnet, config.CNIPath, ignorePortMappingHostIP)
|
c, err := newBridgeNetworkConfigurator(log, config.BridgeNetworkName, config.BridgeNetworkAllocSubnet, config.CNIPath, ignorePortMappingHostIP)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return &synchronizedNetworkConfigurator{c}, nil
|
||||||
case strings.HasPrefix(netMode, "cni/"):
|
case strings.HasPrefix(netMode, "cni/"):
|
||||||
return newCNINetworkConfigurator(log, config.CNIPath, config.CNIInterfacePrefix, config.CNIConfigDir, netMode[4:], ignorePortMappingHostIP)
|
c, err := newCNINetworkConfigurator(log, config.CNIPath, config.CNIInterfacePrefix, config.CNIConfigDir, netMode[4:], ignorePortMappingHostIP)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return &synchronizedNetworkConfigurator{c}, nil
|
||||||
default:
|
default:
|
||||||
return &hostNetworkConfigurator{}, nil
|
return &hostNetworkConfigurator{}, nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@ package allocrunner
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"sync"
|
||||||
|
|
||||||
"github.com/hashicorp/nomad/nomad/structs"
|
"github.com/hashicorp/nomad/nomad/structs"
|
||||||
"github.com/hashicorp/nomad/plugins/drivers"
|
"github.com/hashicorp/nomad/plugins/drivers"
|
||||||
|
|
@ -25,3 +26,26 @@ func (h *hostNetworkConfigurator) Setup(context.Context, *structs.Allocation, *d
|
||||||
func (h *hostNetworkConfigurator) Teardown(context.Context, *structs.Allocation, *drivers.NetworkIsolationSpec) error {
|
func (h *hostNetworkConfigurator) Teardown(context.Context, *structs.Allocation, *drivers.NetworkIsolationSpec) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// networkingGlobalMutex is used by a synchronizedNetworkConfigurator to serialize
|
||||||
|
// network operations done by the client to prevent race conditions when manipulating
|
||||||
|
// iptables rules
|
||||||
|
var networkingGlobalMutex sync.Mutex
|
||||||
|
|
||||||
|
// synchronizedNetworkConfigurator wraps a NetworkConfigurator to provide serialized access to network
|
||||||
|
// operations performed by the client
|
||||||
|
type synchronizedNetworkConfigurator struct {
|
||||||
|
nc NetworkConfigurator
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *synchronizedNetworkConfigurator) Setup(ctx context.Context, allocation *structs.Allocation, spec *drivers.NetworkIsolationSpec) (*structs.AllocNetworkStatus, error) {
|
||||||
|
networkingGlobalMutex.Lock()
|
||||||
|
defer networkingGlobalMutex.Unlock()
|
||||||
|
return s.nc.Setup(ctx, allocation, spec)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *synchronizedNetworkConfigurator) Teardown(ctx context.Context, allocation *structs.Allocation, spec *drivers.NetworkIsolationSpec) error {
|
||||||
|
networkingGlobalMutex.Lock()
|
||||||
|
defer networkingGlobalMutex.Unlock()
|
||||||
|
return s.nc.Teardown(ctx, allocation, spec)
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue