Move the cni lock file into the cni config dir

Commit(fe3faa5) introduced a lock file for network create/rm calls. There is a problem with the location of the lock file. The lock file was stored in the tmpdir. Running multiple podman network create/remove commands in parallel with different tmpdirs made the lockfile inaccessible to the other process, and so parallel read/write operations to the cni config directory continued to occur. This scenario happened frequently during the e2e tests and caused some flakes. Fixes containers#9041 Signed-off-by: Paul Holzinger <[email protected]>
iwita · Jan 26, 2021 · 659f44c · 659f44c
1 parent adc42d9
commit 659f44c
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 5 deletions.
diff --git a/libpod/network/create.go b/libpod/network/create.go
@@ -23,7 +23,7 @@ func Create(name string, options entities.NetworkCreateOptions, runtimeConfig *c
 		return nil, err
 	}
 	// Acquire a lock for CNI
-	l, err := acquireCNILock(filepath.Join(runtimeConfig.Engine.TmpDir, LockFileName))
+	l, err := acquireCNILock(runtimeConfig)
 	if err != nil {
 		return nil, err
 	}

diff --git a/libpod/network/lock.go b/libpod/network/lock.go
@@ -1,15 +1,24 @@
 package network
 
 import (
+	"os"
+	"path/filepath"
+
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/storage"
 )
 
 // acquireCNILock gets a lock that should be used in create and
 // delete cases to avoid unwanted collisions in network names.
 // TODO this uses a file lock and should be converted to shared memory
 // when we have a more general shared memory lock in libpod
-func acquireCNILock(lockPath string) (*CNILock, error) {
-	l, err := storage.GetLockfile(lockPath)
+func acquireCNILock(config *config.Config) (*CNILock, error) {
+	cniDir := GetCNIConfDir(config)
+	err := os.MkdirAll(cniDir, 0755)
+	if err != nil {
+		return nil, err
+	}
+	l, err := storage.GetLockfile(filepath.Join(cniDir, LockFileName))
 	if err != nil {
 		return nil, err
 	}

diff --git a/libpod/network/network.go b/libpod/network/network.go
@@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"net"
 	"os"
-	"path/filepath"
 
 	"github.com/containernetworking/cni/pkg/types"
 	"github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator"
@@ -172,7 +171,7 @@ func ValidateUserNetworkIsAvailable(config *config.Config, userNet *net.IPNet) e
 // RemoveNetwork removes a given network by name.  If the network has container associated with it, that
 // must be handled outside the context of this.
 func RemoveNetwork(config *config.Config, name string) error {
-	l, err := acquireCNILock(filepath.Join(config.Engine.TmpDir, LockFileName))
+	l, err := acquireCNILock(config)
 	if err != nil {
 		return err
 	}