luxolus
/
open-nomad
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

[bug] Return a spec on reconnect (#15214) 

client: fixed a bug where non-`docker` tasks with network isolation would leak network namespaces and iptables rules if the client was restarted while they were running
This commit is contained in:
Charlie Voiselle 2022-11-11 13:27:36 -05:00 committed by GitHub
parent 21237d8337
commit c73fb51d3a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.changelog/15214.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
client: fixed a bug where non-`docker` tasks with network isolation would leak network namespaces and iptables rules if the client was restarted while they were running
```

13
client/allocrunner/network_manager_linux.go
View File

@ -122,7 +122,18 @@ func (*defaultNetworkManager) CreateNetwork(allocID string, _ *drivers.NetworkCr
nsPath := path.Join(nsutil.NetNSRunDir, allocID) nsPath := path.Join(nsutil.NetNSRunDir, allocID)
_, err := os.Stat(nsPath) _, err := os.Stat(nsPath)
if err == nil { if err == nil {
return nil, false, nil // Let's return a spec that points to the tested nspath, but indicate
// that we didn't make the namespace. That will stop the network_hook
// from calling its networkConfigurator.Setup function in the reconnect
// case, but provide the spec value necessary for the network_hook's
// Postrun function to not fast exit.
spec := &drivers.NetworkIsolationSpec{
Mode: drivers.NetIsolationModeGroup,
Path: nsPath,
Labels: make(map[string]string),
}
return spec, false, nil
} }
} }
return nil, false, err return nil, false, err