[ARVADOS] created: bfd73917834d89e9e8c55b6bb4e05912741fbf8a

[Git user]

        at  bfd73917834d89e9e8c55b6bb4e05912741fbf8a (commit)


commit bfd73917834d89e9e8c55b6bb4e05912741fbf8a
Author: Peter Amstutz <peter.amstutz at curoverse.com>
Date:   Tue Mar 21 11:27:24 2017 -0400

    11255: Add -container-network-mode option.

diff --git a/services/crunch-run/crunchrun.go b/services/crunch-run/crunchrun.go
index 3b3cdf1..2274e61 100644
--- a/services/crunch-run/crunchrun.go
+++ b/services/crunch-run/crunchrun.go
@@ -114,6 +114,8 @@ type ContainerRunner struct {
 	// parent to be X" feature even on sites where the "specify
 	// cgroup parent" feature breaks.
 	setCgroupParent string
+
+	networkMode string
 }
 
 // SetupSignals sets up signal handling to gracefully terminate the underlying
@@ -563,6 +565,15 @@ func (runner *ContainerRunner) CreateContainer() error {
 	for k, v := range runner.Container.Environment {
 		runner.ContainerConfig.Env = append(runner.ContainerConfig.Env, k+"="+v)
 	}
+
+	runner.HostConfig = dockerclient.HostConfig{
+		Binds:        runner.Binds,
+		CgroupParent: runner.setCgroupParent,
+		LogConfig: dockerclient.LogConfig{
+			Type: "none",
+		},
+	}
+
 	if wantAPI := runner.Container.RuntimeConstraints.API; wantAPI != nil && *wantAPI {
 		tok, err := runner.ContainerToken()
 		if err != nil {
@@ -573,9 +584,17 @@ func (runner *ContainerRunner) CreateContainer() error {
 			"ARVADOS_API_HOST="+os.Getenv("ARVADOS_API_HOST"),
 			"ARVADOS_API_HOST_INSECURE="+os.Getenv("ARVADOS_API_HOST_INSECURE"),
 		)
-		runner.ContainerConfig.NetworkDisabled = false
+		if runner.networkMode == "host" || runner.networkMode == "force_host" {
+			runner.HostConfig.NetworkMode = "host"
+		} else {
+			runner.HostConfig.NetworkMode = "default"
+		}
 	} else {
-		runner.ContainerConfig.NetworkDisabled = true
+		if runner.networkMode == "force_host" {
+			runner.HostConfig.NetworkMode = "host"
+		} else {
+			runner.HostConfig.NetworkMode = "none"
+		}
 	}
 
 	var err error
@@ -584,14 +603,6 @@ func (runner *ContainerRunner) CreateContainer() error {
 		return fmt.Errorf("While creating container: %v", err)
 	}
 
-	runner.HostConfig = dockerclient.HostConfig{
-		Binds:        runner.Binds,
-		CgroupParent: runner.setCgroupParent,
-		LogConfig: dockerclient.LogConfig{
-			Type: "none",
-		},
-	}
-
 	return runner.AttachStreams()
 }
 
@@ -1037,6 +1048,12 @@ func main() {
 	cgroupParent := flag.String("cgroup-parent", "docker", "name of container's parent cgroup (ignored if -cgroup-parent-subsystem is used)")
 	cgroupParentSubsystem := flag.String("cgroup-parent-subsystem", "", "use current cgroup for given subsystem as parent cgroup for container")
 	caCertsPath := flag.String("ca-certs", "", "Path to TLS root certificates")
+	networkMode := flag.String("container-network-mode", "default",
+		`Set networking mode for container.  One of 'default', 'host', 'force_host':
+    	default: use "default" when API: true and "none" when API: false
+    	host: use "host" when API: true and "none" when API: false
+    	force_host: use "host" regardless of value of API
+        `)
 	flag.Parse()
 
 	containerId := flag.Arg(0)
@@ -1068,6 +1085,7 @@ func main() {
 	cr.statInterval = *statInterval
 	cr.cgroupRoot = *cgroupRoot
 	cr.expectCgroupParent = *cgroupParent
+	cr.networkMode = *networkMode
 	if *cgroupParentSubsystem != "" {
 		p := findCgroup(*cgroupParentSubsystem)
 		cr.setCgroupParent = p

-----------------------------------------------------------------------


hooks/post-receive
--