Do not use netns as ID or for entropy
ContainerID is now required so use that or generate random bytes. Fixes #5
This commit is contained in:
Eugene Yakubovich
@ -9,10 +9,10 @@ contid=$(docker run -d --net=none busybox:latest /bin/sleep 10000000)
|
||||
pid=$(docker inspect -f '{{ .State.Pid }}' $contid)
|
||||
netnspath=/proc/$pid/ns/net
|
||||
|
||||
./exec-plugins.sh add $netnspath
|
||||
./exec-plugins.sh add $contid $netnspath
|
||||
|
||||
function cleanup() {
|
||||
./exec-plugins.sh del $netnspath
|
||||
./exec-plugins.sh del $contid $netnspath
|
||||
docker kill $contid >/dev/null
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
@ -1,29 +1,36 @@
|
||||
#!/bin/bash -e
|
||||
#!/bin/bash
|
||||
|
||||
NETCONFPATH=${NETCONFPATH-/etc/cni/net.d}
|
||||
|
||||
function exec_plugins() {
|
||||
i=0
|
||||
netns=$2
|
||||
contid=$2
|
||||
netns=$3
|
||||
export CNI_COMMAND=$(echo $1 | tr '[:lower:]' '[:upper:]')
|
||||
export PATH=$CNI_PATH:$PATH
|
||||
export CNI_CONTAINERID=$contid
|
||||
export CNI_NETNS=$netns
|
||||
|
||||
for netconf in $(echo $NETCONFPATH/*.conf | sort); do
|
||||
name=$(jq -r '.name' <$netconf)
|
||||
plugin=$(jq -r '.type' <$netconf)
|
||||
export CNI_IFNAME=$(printf eth%d $i)
|
||||
|
||||
$plugin <$netconf >/dev/null
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "${name} : error executing $CNI_COMMAND"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
let "i=i+1"
|
||||
done
|
||||
}
|
||||
|
||||
if [ $# -ne 2 ]; then
|
||||
echo "Usage: $0 add|del NETNS-PATH"
|
||||
if [ $# -ne 3 ]; then
|
||||
echo "Usage: $0 add|del CONTAINER-ID NETNS-PATH"
|
||||
echo " Adds or deletes the container specified by NETNS-PATH to the networks"
|
||||
echo " specified in \$NETCONFPATH directory"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
exec_plugins $1 $2
|
||||
exec_plugins $1 $2 $3
|
||||
|
||||
@ -3,18 +3,18 @@
|
||||
# Run a command in a private network namespace
|
||||
# set up by CNI plugins
|
||||
|
||||
netnsname=$(printf '%x%x' $RANDOM $RANDOM)
|
||||
netnspath=/var/run/netns/$netnsname
|
||||
contid=$(printf '%x%x%x%x' $RANDOM $RANDOM $RANDOM $RANDOM)
|
||||
netnspath=/var/run/netns/$contid
|
||||
|
||||
ip netns add $netnsname
|
||||
ip netns exec $netnsname ip link set lo up
|
||||
./exec-plugins.sh add $netnspath
|
||||
ip netns add $contid
|
||||
ip netns exec $contid ip link set lo up
|
||||
./exec-plugins.sh add $contid $netnspath
|
||||
|
||||
|
||||
function cleanup() {
|
||||
./exec-plugins.sh del $netnspath
|
||||
ip netns delete $netnsname
|
||||
./exec-plugins.sh del $contid $netnspath
|
||||
ip netns delete $contid
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
ip netns exec $netnsname $@
|
||||
ip netns exec $contid $@
|
||||
|
||||
Reference in New Issue
Block a user