libnetwork: implement Controller.setupOSLSandbox
osl.NewSandbox() always returns a nil interface on Windows (and other non-Linux platforms). This means that any code that these fields are always nil, and any code using these fields must be considered Linux-only; - libnetwork/Controller.defOsSbox - libnetwork/Sandbox.osSbox Ideally, these fields would live in Linux-only files, but they're referenced in various platform-neutral parts of the code, so let's start with moving the initialization code to Linux-only files. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
35456d2eb1
commit
95abde479a
4 changed files with 69 additions and 35 deletions
|
@ -92,9 +92,7 @@ type Controller struct {
|
||||||
svcRecords map[string]*svcInfo
|
svcRecords map[string]*svcInfo
|
||||||
nmap map[string]*netWatch
|
nmap map[string]*netWatch
|
||||||
serviceBindings map[serviceKey]*service
|
serviceBindings map[serviceKey]*service
|
||||||
defOsSbox osl.Sandbox
|
|
||||||
ingressSandbox *Sandbox
|
ingressSandbox *Sandbox
|
||||||
sboxOnce sync.Once
|
|
||||||
agent *nwAgent
|
agent *nwAgent
|
||||||
networkLocker *locker.Locker
|
networkLocker *locker.Locker
|
||||||
agentInitDone chan struct{}
|
agentInitDone chan struct{}
|
||||||
|
@ -102,6 +100,10 @@ type Controller struct {
|
||||||
keys []*types.EncryptionKey
|
keys []*types.EncryptionKey
|
||||||
DiagnosticServer *diagnostic.Server
|
DiagnosticServer *diagnostic.Server
|
||||||
mu sync.Mutex
|
mu sync.Mutex
|
||||||
|
|
||||||
|
// FIXME(thaJeztah): defOsSbox is always nil on non-Linux: move these fields to Linux-only files.
|
||||||
|
defOsSboxOnce sync.Once
|
||||||
|
defOsSbox osl.Sandbox
|
||||||
}
|
}
|
||||||
|
|
||||||
// New creates a new instance of network controller.
|
// New creates a new instance of network controller.
|
||||||
|
@ -937,38 +939,8 @@ func (c *Controller) NewSandbox(containerID string, options ...SandboxOption) (_
|
||||||
if err := sb.setupResolutionFiles(); err != nil {
|
if err := sb.setupResolutionFiles(); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
if err := c.setupOSLSandbox(sb); err != nil {
|
||||||
if sb.config.useDefaultSandBox {
|
return nil, err
|
||||||
var err error
|
|
||||||
c.sboxOnce.Do(func() {
|
|
||||||
c.defOsSbox, err = osl.NewSandbox(sb.Key(), false, false)
|
|
||||||
})
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
c.sboxOnce = sync.Once{}
|
|
||||||
return nil, fmt.Errorf("failed to create default sandbox: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
sb.osSbox = c.defOsSbox
|
|
||||||
}
|
|
||||||
|
|
||||||
if sb.osSbox == nil && !sb.config.useExternalKey {
|
|
||||||
var err error
|
|
||||||
if sb.osSbox, err = osl.NewSandbox(sb.Key(), !sb.config.useDefaultSandBox, false); err != nil {
|
|
||||||
return nil, fmt.Errorf("failed to create new osl sandbox: %v", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if sb.osSbox != nil {
|
|
||||||
// Apply operating specific knobs on the load balancer sandbox
|
|
||||||
err := sb.osSbox.InvokeFunc(func() {
|
|
||||||
sb.osSbox.ApplyOSTweaks(sb.oslTypes)
|
|
||||||
})
|
|
||||||
if err != nil {
|
|
||||||
log.G(context.TODO()).Errorf("Failed to apply performance tuning sysctls to the sandbox: %v", err)
|
|
||||||
}
|
|
||||||
// Keep this just so performance is not changed
|
|
||||||
sb.osSbox.ApplyOSTweaks(sb.oslTypes)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
c.mu.Lock()
|
c.mu.Lock()
|
||||||
|
|
|
@ -1,9 +1,15 @@
|
||||||
package libnetwork
|
package libnetwork
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"sync"
|
||||||
|
|
||||||
|
"github.com/containerd/containerd/log"
|
||||||
"github.com/docker/docker/libnetwork/iptables"
|
"github.com/docker/docker/libnetwork/iptables"
|
||||||
"github.com/docker/docker/libnetwork/netlabel"
|
"github.com/docker/docker/libnetwork/netlabel"
|
||||||
"github.com/docker/docker/libnetwork/options"
|
"github.com/docker/docker/libnetwork/options"
|
||||||
|
"github.com/docker/docker/libnetwork/osl"
|
||||||
)
|
)
|
||||||
|
|
||||||
// enabledIptablesVersions returns the iptables versions that are enabled
|
// enabledIptablesVersions returns the iptables versions that are enabled
|
||||||
|
@ -31,3 +37,54 @@ func (c *Controller) enabledIptablesVersions() []iptables.IPVersion {
|
||||||
}
|
}
|
||||||
return versions
|
return versions
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// getDefaultOSLSandbox returns the controller's default [osl.Sandbox]. It
|
||||||
|
// creates the sandbox if it does not yet exist.
|
||||||
|
func (c *Controller) getDefaultOSLSandbox(key string) (osl.Sandbox, error) {
|
||||||
|
var err error
|
||||||
|
c.defOsSboxOnce.Do(func() {
|
||||||
|
c.defOsSbox, err = osl.NewSandbox(key, false, false)
|
||||||
|
})
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
c.defOsSboxOnce = sync.Once{}
|
||||||
|
return nil, fmt.Errorf("failed to create default sandbox: %v", err)
|
||||||
|
}
|
||||||
|
return c.defOsSbox, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// setupOSLSandbox sets the sandbox [osl.Sandbox], and applies operating-
|
||||||
|
// specific configuration.
|
||||||
|
//
|
||||||
|
// Depending on the Sandbox settings, it may either use the Controller's
|
||||||
|
// default sandbox, or configure a new one.
|
||||||
|
func (c *Controller) setupOSLSandbox(sb *Sandbox) error {
|
||||||
|
if sb.config.useDefaultSandBox {
|
||||||
|
defSB, err := c.getDefaultOSLSandbox(sb.Key())
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
sb.osSbox = defSB
|
||||||
|
}
|
||||||
|
|
||||||
|
if sb.osSbox == nil && !sb.config.useExternalKey {
|
||||||
|
newSB, err := osl.NewSandbox(sb.Key(), !sb.config.useDefaultSandBox, false)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to create new osl sandbox: %v", err)
|
||||||
|
}
|
||||||
|
sb.osSbox = newSB
|
||||||
|
}
|
||||||
|
|
||||||
|
if sb.osSbox != nil {
|
||||||
|
// Apply operating specific knobs on the load balancer sandbox
|
||||||
|
err := sb.osSbox.InvokeFunc(func() {
|
||||||
|
sb.osSbox.ApplyOSTweaks(sb.oslTypes)
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
log.G(context.TODO()).Errorf("Failed to apply performance tuning sysctls to the sandbox: %v", err)
|
||||||
|
}
|
||||||
|
// Keep this just so performance is not changed
|
||||||
|
sb.osSbox.ApplyOSTweaks(sb.oslTypes)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
|
@ -6,3 +6,7 @@ package libnetwork
|
||||||
func (c *Controller) enabledIptablesVersions() []any {
|
func (c *Controller) enabledIptablesVersions() []any {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *Controller) setupOSLSandbox(_ *Sandbox) error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
|
@ -266,7 +266,8 @@ func (c *Controller) sandboxCleanup(activeSandboxes map[string]interface{}) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
c.sboxOnce.Do(func() {
|
// FIXME(thaJeztah): osSbox (and thus defOsSbox) is always nil on non-Linux: move this code to Linux-only files.
|
||||||
|
c.defOsSboxOnce.Do(func() {
|
||||||
c.defOsSbox = sb.osSbox
|
c.defOsSbox = sb.osSbox
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue