[ARVADOS] created: 6ec5886c0f758745a2205b0d94e6e83efcff0d48

Git user git at public.curoverse.com
Wed Mar 22 12:26:54 EDT 2017


        at  6ec5886c0f758745a2205b0d94e6e83efcff0d48 (commit)


commit 6ec5886c0f758745a2205b0d94e6e83efcff0d48
Author: Peter Amstutz <peter.amstutz at curoverse.com>
Date:   Tue Mar 21 11:27:24 2017 -0400

    11255: Add -container-enable-networking and -container-network-mode options.

diff --git a/services/crunch-run/crunchrun.go b/services/crunch-run/crunchrun.go
index 3b3cdf1..f398d43 100644
--- a/services/crunch-run/crunchrun.go
+++ b/services/crunch-run/crunchrun.go
@@ -114,6 +114,9 @@ type ContainerRunner struct {
 	// parent to be X" feature even on sites where the "specify
 	// cgroup parent" feature breaks.
 	setCgroupParent string
+
+	enableNetwork string
+	networkMode   string
 }
 
 // SetupSignals sets up signal handling to gracefully terminate the underlying
@@ -563,6 +566,15 @@ func (runner *ContainerRunner) CreateContainer() error {
 	for k, v := range runner.Container.Environment {
 		runner.ContainerConfig.Env = append(runner.ContainerConfig.Env, k+"="+v)
 	}
+
+	runner.HostConfig = dockerclient.HostConfig{
+		Binds:        runner.Binds,
+		CgroupParent: runner.setCgroupParent,
+		LogConfig: dockerclient.LogConfig{
+			Type: "none",
+		},
+	}
+
 	if wantAPI := runner.Container.RuntimeConstraints.API; wantAPI != nil && *wantAPI {
 		tok, err := runner.ContainerToken()
 		if err != nil {
@@ -573,9 +585,13 @@ func (runner *ContainerRunner) CreateContainer() error {
 			"ARVADOS_API_HOST="+os.Getenv("ARVADOS_API_HOST"),
 			"ARVADOS_API_HOST_INSECURE="+os.Getenv("ARVADOS_API_HOST_INSECURE"),
 		)
-		runner.ContainerConfig.NetworkDisabled = false
+		runner.HostConfig.NetworkMode = runner.networkMode
 	} else {
-		runner.ContainerConfig.NetworkDisabled = true
+		if runner.enableNetwork == "always" {
+			runner.HostConfig.NetworkMode = runner.networkMode
+		} else {
+			runner.HostConfig.NetworkMode = "none"
+		}
 	}
 
 	var err error
@@ -584,14 +600,6 @@ func (runner *ContainerRunner) CreateContainer() error {
 		return fmt.Errorf("While creating container: %v", err)
 	}
 
-	runner.HostConfig = dockerclient.HostConfig{
-		Binds:        runner.Binds,
-		CgroupParent: runner.setCgroupParent,
-		LogConfig: dockerclient.LogConfig{
-			Type: "none",
-		},
-	}
-
 	return runner.AttachStreams()
 }
 
@@ -1037,6 +1045,14 @@ func main() {
 	cgroupParent := flag.String("cgroup-parent", "docker", "name of container's parent cgroup (ignored if -cgroup-parent-subsystem is used)")
 	cgroupParentSubsystem := flag.String("cgroup-parent-subsystem", "", "use current cgroup for given subsystem as parent cgroup for container")
 	caCertsPath := flag.String("ca-certs", "", "Path to TLS root certificates")
+	enableNetwork := flag.String("container-enable-networking", "default",
+		`Specify if networking should be enabled for container.  One of 'default', 'always':
+    	default: only enable networking if container requests it.
+    	always:  containers always have networking enabled
+        `)
+	networkMode := flag.String("container-network-mode", "default",
+		`Set networking mode for container.  Corresponds to Docker network mode (--net).
+        `)
 	flag.Parse()
 
 	containerId := flag.Arg(0)
@@ -1068,6 +1084,8 @@ func main() {
 	cr.statInterval = *statInterval
 	cr.cgroupRoot = *cgroupRoot
 	cr.expectCgroupParent = *cgroupParent
+	cr.enableNetwork = *enableNetwork
+	cr.networkMode = *networkMode
 	if *cgroupParentSubsystem != "" {
 		p := findCgroup(*cgroupParentSubsystem)
 		cr.setCgroupParent = p

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list