Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make rootless-cni setup more robust #10865

Merged
merged 1 commit into from
Jul 8, 2021
Merged

Make rootless-cni setup more robust #10865

merged 1 commit into from
Jul 8, 2021

Conversation

Luap99
Copy link
Member

@Luap99 Luap99 commented Jul 6, 2021

The rootless cni namespace needs a valid /etc/resolv.conf file. On some
distros is a symlink to somewhere under /run. Because the kernel will
follow the symlink before mounting, it is not possible to mount a file
at exactly /etc/resolv.conf. We have to ensure that the link target will
be available in the rootless cni mount ns.

Fixes #10855

Also fixed a bug in the /var/lib/cni directory lookup logic. It used
filepath.Base instead of filepath.Dir and thus looping infinitely.

Fixes #10857

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 6, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Luap99

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 6, 2021
@Luap99 Luap99 mentioned this pull request Jul 6, 2021
Closed
vrothberg
vrothberg reviewed Jul 6, 2021
View reviewed changes
Copy link
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LGTM. Could you add tests? #10857 looks like we could add it to the compose tests.

@Luap99
Copy link
Member Author

Luap99 commented Jul 6, 2021

I cannot test this properly. Both fixes require changes to the host and I never want to change /etc/resolv.conf or remove /var/lib/cni since tests can run in CI and on developer machines.

@vrothberg
Copy link
Member

I cannot test this properly. Both fixes require changes to the host and I never want to change /etc/resolv.conf or remove /var/lib/cni since tests can run in CI and on developer machines.

We could limit the test to only run in CI. I think there are more such cases. CI sets an env variable that we could use to run the tests only if set.

@Luap99
Copy link
Member Author

Luap99 commented Jul 6, 2021

Well, I guess we can run rm -rf /var/lib/cni in the CI setup script. However I do not want to modify /etc/resolv.conf as I think it is to dangerous, the VM could end up without name resolution if something goes wrong.

Anyway this is not a compose bug, every test with rootless cni will catch this, e.g. compose, integration and system test will all fail when the host setup is "wrong".

@Luap99
Make rootless-cni setup more robust
2c7c679 
The rootless cni namespace needs a valid /etc/resolv.conf file. On some
distros is a symlink to somewhere under /run. Because the kernel will
follow the symlink before mounting, it is not possible to mount a file
at exactly /etc/resolv.conf. We have to ensure that the link target will
be available in the rootless cni mount ns.

Fixes containers#10855

Also fixed a bug in the /var/lib/cni directory lookup logic. It used
`filepath.Base` instead of `filepath.Dir` and thus looping infinitely.

Fixes containers#10857

[NO TESTS NEEDED]

Signed-off-by: Paul Holzinger <[email protected]>
@mheon
Copy link
Member

mheon commented Jul 6, 2021

Changes LGTM

vrothberg
vrothberg reviewed Jul 8, 2021
View reviewed changes
Copy link
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jul 8, 2021
@openshift-merge-robot openshift-merge-robot merged commit 48d4903 into containers:main Jul 8, 2021
@Luap99 Luap99 deleted the rootless-cni branch July 8, 2021 09:13
@Luap99 Luap99 mentioned this pull request Jul 14, 2021
Closed
@AkihiroSuda
Copy link
Collaborator

Can we cherry-pick this to v3.2?
So that we can easily cherry-pick #10936

@AkihiroSuda AkihiroSuda mentioned this pull request Jul 15, 2021
Merged
@Luap99
Copy link
Member Author

Luap99 commented Jul 15, 2021

Can we cherry-pick this to v3.2?
So that we can easily cherry-pick #10936

Yes, that is the plan.

@Luap99 Luap99 mentioned this pull request Jul 15, 2021
Merged
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 22, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@vrothberg vrothberg vrothberg left review comments

Assignees

@vrothberg vrothberg

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
5 participants
@Luap99 @vrothberg @mheon @AkihiroSuda @openshift-merge-robot