Merge pull request #35 from tiborvass/18.09-fix-network-buildkit

[18.09] builder: fix bridge networking when using buildkit

builder/builder-next/builder.go

@@ -37,6 +37,7 @@ func init() {
 type Opt struct {
  SessionManager *session.Manager
  Root string
+ NetnsRoot string
  Dist images.DistributionServices
  NetworkController libnetwork.NetworkController
 }

builder/builder-next/controller.go

@@ -90,7 +90,7 @@ func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) {
  return nil, err
  }
 
- exec, err := newExecutor(root, opt.NetworkController)
+ exec, err := newExecutor(root, opt.NetnsRoot, opt.NetworkController)
  if err != nil {
  return nil, err
  }

builder/builder-next/executor_unix.go

@@ -3,75 +3,60 @@
 package buildkit
 
 import (
- "fmt"
+ "os"
  "path/filepath"
+ "strconv"
  "sync"
 
  "github.com/docker/libnetwork"
  "github.com/moby/buildkit/executor"
  "github.com/moby/buildkit/executor/runcexecutor"
  "github.com/moby/buildkit/identity"
+ "github.com/moby/buildkit/solver/pb"
  "github.com/moby/buildkit/util/network"
- "github.com/pkg/errors"
- "github.com/sirupsen/logrus"
+ specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 
 const networkName = "bridge"
 
-func newExecutor(root string, net libnetwork.NetworkController) (executor.Executor, error) {
- // FIXME: fix bridge networking
- _ = bridgeProvider{}
+func newExecutor(root, netnsRoot string, net libnetwork.NetworkController) (executor.Executor, error) {
+ networkProviders := map[pb.NetMode]network.Provider{
+ pb.NetMode_UNSET: &bridgeProvider{NetworkController: net, netnsRoot: netnsRoot},
+ pb.NetMode_HOST: network.NewHostProvider(),
+ pb.NetMode_NONE: network.NewNoneProvider(),
+ }
  return runcexecutor.New(runcexecutor.Opt{
  Root: filepath.Join(root, "executor"),
  CommandCandidates: []string{"docker-runc", "runc"},
- }, nil)
+ }, networkProviders)
 }
 
 type bridgeProvider struct {
  libnetwork.NetworkController
+ netnsRoot string
 }
 
-func (p *bridgeProvider) NewInterface() (network.Interface, error) {
+func (p *bridgeProvider) New() (network.Namespace, error) {
  n, err := p.NetworkByName(networkName)
  if err != nil {
  return nil, err
  }
 
- iface := &lnInterface{ready: make(chan struct{})}
+ iface := &lnInterface{ready: make(chan struct{}), provider: p}
  iface.Once.Do(func() {
  go iface.init(p.NetworkController, n)
  })
 
  return iface, nil
 }
 
-func (p *bridgeProvider) Release(iface network.Interface) error {
- go func() {
- if err := p.release(iface); err != nil {
- logrus.Errorf("%s", err)
- }
- }()
- return nil
-}
-
-func (p *bridgeProvider) release(iface network.Interface) error {
- li, ok := iface.(*lnInterface)
- if !ok {
- return errors.Errorf("invalid interface %T", iface)
- }
- err := li.sbx.Delete()
- if err1 := li.ep.Delete(true); err1 != nil && err == nil {
- err = err1
- }
- return err
-}
-
 type lnInterface struct {
  ep libnetwork.Endpoint
  sbx libnetwork.Sandbox
  sync.Once
- err error
- ready chan struct{}
+ err error
+ ready chan struct{}
+ provider *bridgeProvider
 }
 
 func (iface *lnInterface) init(c libnetwork.NetworkController, n libnetwork.Network) {
@@ -99,14 +84,26 @@ func (iface *lnInterface) init(c libnetwork.NetworkController, n libnetwork.Netw
  iface.ep = ep
 }
 
-func (iface *lnInterface) Set(pid int) error {
+func (iface *lnInterface) Set(s *specs.Spec) {
  <-iface.ready
  if iface.err != nil {
- return iface.err
+ return
+ }
+ // attach netns to bridge within the container namespace, using reexec in a prestart hook
+ s.Hooks = &specs.Hooks{
+ Prestart: []specs.Hook{{
+ Path: filepath.Join("/proc", strconv.Itoa(os.Getpid()), "exe"),
+ Args: []string{"libnetwork-setkey", iface.sbx.ContainerID(), iface.provider.NetworkController.ID()},
+ }},
  }
- return iface.sbx.SetKey(fmt.Sprintf("/proc/%d/ns/net", pid))
 }
 
-func (iface *lnInterface) Remove(pid int) error {
- return nil
+func (iface *lnInterface) Close() error {
+ <-iface.ready
+ err := iface.sbx.Delete()
+ if iface.err != nil {
+ // iface.err takes precedence over cleanup errors
+ return iface.err
+ }
+ return err
 }

builder/builder-next/executor_windows.go

@@ -10,7 +10,7 @@ import (
  "github.com/moby/buildkit/executor"
 )
 
-func newExecutor(_ string, _ libnetwork.NetworkController) (executor.Executor, error) {
+func newExecutor(_, _ string, _ libnetwork.NetworkController) (executor.Executor, error) {
  return &winExecutor{}, nil
 }
 

cmd/dockerd/daemon.go

@@ -288,6 +288,7 @@ func newRouterOptions(config *config.Config, daemon *daemon.Daemon) (routerOptio
  bk, err := buildkit.New(buildkit.Opt{
  SessionManager: sm,
  Root: filepath.Join(config.Root, "buildkit"),
+ NetnsRoot: filepath.Join(config.ExecRoot, "netns"),
  Dist: daemon.DistributionServices(),
  NetworkController: daemon.NetworkController(),
  })

vendor.conf

@@ -26,7 +26,7 @@ github.com/imdario/mergo v0.3.6
 golang.org/x/sync 1d60e4601c6fd243af51cc01ddf169918a5407ca
 
 # buildkit
-github.com/moby/buildkit 49906c62925ed429ec9174a0b6869982967f1a39
+github.com/moby/buildkit e1cd06ad6b74e4b747306c4408c451b3b6d87a89
 github.com/tonistiigi/fsutil b19464cd1b6a00773b4f2eb7acf9c30426f9df42
 github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746
 github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7