support config dns via network stanza

2021-01-24 16:20:41 +08:00 · 2021-01-24 16:20:41 +08:00 · e0abb30f66
commit e0abb30f66
parent f6de0b40d0
6 changed files with 526 additions and 23 deletions
--- a/containerd/driver.go
+++ b/containerd/driver.go
@ -31,6 +31,7 @@ import (
 	"github.com/hashicorp/nomad/client/stats"
 	"github.com/hashicorp/nomad/client/taskenv"
 	"github.com/hashicorp/nomad/drivers/shared/eventer"
+	"github.com/hashicorp/nomad/drivers/shared/resolvconf"
 	"github.com/hashicorp/nomad/plugins/base"
 	"github.com/hashicorp/nomad/plugins/drivers"
 	"github.com/hashicorp/nomad/plugins/shared/hclspec"
@ -229,7 +230,7 @@ func NewPlugin(logger log.Logger) drivers.DriverPlugin {
 	}
 }

-func (tc *TaskConfig) setVolumeMounts(cfg *drivers.TaskConfig) {
+func (tc *TaskConfig) setVolumeMounts(cfg *drivers.TaskConfig) error {
 	for _, m := range cfg.Mounts {
 		hm := Mount{
 			Type:    "bind",
@ -243,6 +244,21 @@ func (tc *TaskConfig) setVolumeMounts(cfg *drivers.TaskConfig) {

 		tc.Mounts = append(tc.Mounts, hm)
 	}
+
+	if cfg.DNS != nil {
+		dnsMount, err := resolvconf.GenerateDNSMount(cfg.TaskDir().Dir, cfg.DNS)
+		if err != nil {
+			return fmt.Errorf("failed to build mount for resolv.conf: %v", err)
+		}
+		tc.HostDNS = false
+		tc.Mounts = append(tc.Mounts, Mount{
+			Type:    "bind",
+			Target:  dnsMount.TaskPath,
+			Source:  dnsMount.HostPath,
+			Options: []string{"bind", "ro"},
+		})
+	}
+	return nil
 }

 // PluginInfo returns information describing the plugin.
@ -361,7 +377,9 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive
 		return nil, nil, fmt.Errorf("host_network and bridge network mode are mutually exclusive, and only one of them should be set")
 	}

-	driverConfig.setVolumeMounts(cfg)
+	if err := driverConfig.setVolumeMounts(cfg); err != nil {
+		return nil, nil, err
+	}

 	d.logger.Info("starting task", "driver_cfg", hclog.Fmt("%+v", driverConfig))
 	handle := drivers.NewTaskHandle(taskHandleVersion)
--- a/example/dns.nomad
+++ b/example/dns.nomad
@ -0,0 +1,29 @@
+
+job "dns" {
+  datacenters = ["dc1"]
+
+  group "dns-group" {
+
+    network {
+        dns {
+            servers = ["127.0.0.1", "127.0.0.2"]
+            searches = ["internal.corp"]
+            options = ["ndots:2"]
+        }
+    }
+
+    task "dns-task" {
+      driver = "containerd-driver"
+      config {
+        image           = "docker.io/library/ubuntu:16.04"
+        command         = "sleep"
+        args            = ["600s"]
+      }
+
+      resources {
+        cpu    = 500
+        memory = 256
+      }
+    }
+  }
+}
--- a/go.mod
+++ b/go.mod
@ -18,40 +18,29 @@ require (
 	github.com/coreos/go-iptables v0.4.3 // indirect
 	github.com/coreos/go-semver v0.3.0 // indirect
 	github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f // indirect
-	github.com/cyphar/filepath-securejoin v0.2.2 // indirect
-	github.com/docker/cli v0.0.0-20191202230238-13fb276442f5 // indirect
-	github.com/docker/docker v1.13.1 // indirect
 	github.com/docker/docker-credential-helpers v0.6.3 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect
-	github.com/fsouza/go-dockerclient v1.6.0 // indirect
 	github.com/gogo/googleapis v1.4.0 // indirect
 	github.com/google/uuid v1.1.2 // indirect
-	github.com/hashicorp/consul v1.6.2 // indirect
-	github.com/hashicorp/consul-template v0.23.0
+	github.com/gorhill/cronexpr v0.0.0-20180427100037-88b0669f7d75 // indirect
+	github.com/hashicorp/consul-template v0.25.1
 	github.com/hashicorp/go-envparse v0.0.0-20190703193109-150b3a2a4611 // indirect
-	github.com/hashicorp/go-getter v1.4.0 // indirect
-	github.com/hashicorp/go-hclog v0.10.0
-	github.com/hashicorp/go-plugin v1.0.1
+	github.com/hashicorp/go-hclog v0.12.0
+	github.com/hashicorp/go-plugin v1.0.2-0.20191004171845-809113480b55
 	github.com/hashicorp/go-uuid v1.0.1
 	github.com/hashicorp/hcl2 v0.0.0-20191002203319-fb75b3253c80 // indirect
-	github.com/hashicorp/nomad v0.10.1
-	github.com/hashicorp/nomad/api v0.0.0-20191203164002-b31573ae7206 // indirect
+	github.com/hashicorp/nomad v1.0.2
 	github.com/mitchellh/go-ps v0.0.0-20190716172923-621e5597135b // indirect
-	github.com/mrunalp/fileutils v0.0.0-20171103030105-7d4729fb3618 // indirect
-	github.com/opencontainers/runc v1.0.0-rc8.0.20190611121236-6cc515888830 // indirect
-	github.com/opencontainers/runtime-spec v1.0.2
-	github.com/opencontainers/selinux v1.3.1 // indirect
-	github.com/seccomp/libseccomp-golang v0.9.1 // indirect
-	github.com/shirou/gopsutil v2.19.11+incompatible // indirect
+	github.com/opencontainers/runtime-spec v1.0.3-0.20200728170252-4d89ac9fbff6
 	github.com/spf13/cobra v1.1.1
 	github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 // indirect
 	github.com/ugorji/go v1.1.7 // indirect
 	github.com/vbatts/tar-split v0.11.1 // indirect
-	github.com/zclconf/go-cty v1.1.1 // indirect
 	go4.org v0.0.0-20191010144846-132d2879e1e9 // indirect
 	google.golang.org/grpc v1.32.0 // indirect
+	istio.io/gogo-genproto v0.0.0-20190124151557-6d926a6e6feb // indirect
 )

 // use lower-case sirupsen
--- a/go.sum
+++ b/go.sum
--- a/tests/006-test-dns.sh
+++ b/tests/006-test-dns.sh
@ -0,0 +1,82 @@
+#!/bin/bash
+
+job_name=dns
+
+test_dns_nomad_job() {
+    pushd ~/go/src/github.com/Roblox/nomad-driver-containerd/example
+
+    echo "INFO: Starting nomad $job_name job using nomad-driver-containerd."
+    nomad job run $job_name.nomad
+
+    # Even though $(nomad job status) reports job status as "running"
+    # The actual container process might not be running yet.
+    # We need to wait for actual container to start running before trying exec.
+    echo "INFO: Wait for ${job_name} container to get into RUNNING state, before trying exec."
+    is_${job_name}_container_active
+
+    echo "INFO: Checking status of $job_name job."
+    job_status=$(nomad job status -short $job_name|grep Status|awk '{split($0,a,"="); print a[2]}'|tr -d ' ')
+    if [ "$job_status" != "running" ];then
+        echo "ERROR: Error in getting ${job_name} job status."
+        return 1
+    fi
+
+    echo "INFO: Checking servers info in /etc/resolv.conf."
+    output=$(nomad alloc exec -job ${job_name} cat /etc/resolv.conf)
+    for ip in 127.0.0.1 127.0.0.2 ; do
+        echo -e "$output" |grep "nameserver $ip" &>/dev/null
+        if [ $? -ne 0 ];then
+           echo "ERROR: nameserver $ip not found."
+           return 1
+        fi
+    done
+
+    echo "INFO: Checking searches info in /etc/resolv.conf."
+    echo -e "$output" |grep "search internal.corp" &>/dev/null
+    if [ $? -ne 0 ];then
+       echo "ERROR: 'search internal.corp' not found."
+       return 1
+    fi
+
+    echo "INFO: Checking options info in /etc/resolv.conf."
+    echo -e "$output" |grep "options ndots:2" &>/dev/null
+    if [ $? -ne 0 ];then
+        echo "ERROR: 'options ndots:2' not found."
+       return 1
+    fi
+
+    echo "INFO: Stopping nomad ${job_name} job."
+    nomad job stop ${job_name}
+    job_status=$(nomad job status -short ${job_name}|grep Status|awk '{split($0,a,"="); print a[2]}'|tr -d ' ')
+    if [ $job_status != "dead(stopped)" ];then
+        echo "ERROR: Error in stopping ${job_name} job."
+        exit 1
+    fi
+
+    echo "INFO: purge nomad ${job_name} job."
+    nomad job stop -purge ${job_name}
+    popd
+}
+
+is_dns_container_active() {
+        i="0"
+        while test $i -lt 5
+        do
+                sudo CONTAINERD_NAMESPACE=nomad ctr task ls|grep -q RUNNING
+                if [ $? -eq 0 ]; then
+                        echo "INFO: ${job_name} container is up and running"
+                        sleep 5s
+                        break
+                fi
+                echo "INFO: ${job_name} container is down, sleep for 4 seconds."
+                sleep 4s
+                i=$[$i+1]
+        done
+
+        if [ $i -ge 5 ]; then
+                echo "ERROR: ${job_name} container didn't come up. exit 1."
+                exit 1
+        fi
+}
+
+test_dns_nomad_job
--- a/tests/run_tests.sh
+++ b/tests/run_tests.sh
@ -2,11 +2,15 @@

 set -eo pipefail

-export NOMAD_VERSION=0.11.2
+export NOMAD_VERSION=1.0.2
 export CONTAINERD_VERSION=1.3.4
 export PATH=$PATH:/usr/local/go/bin
 export PATH=$PATH:/usr/local/bin
-export GOPATH=/home/circleci/go
+if [ -e /home/circleci ]; then
+	export GOPATH=/home/circleci/go
+else
+	export GOPATH=$HOME/go
+fi
 export GO_VERSION=1.14.3

 # Keeps track of overall pass/failure status of tests. Even if single test
@ -152,7 +156,7 @@ Documentation=https://nomadproject.io
 After=network.target

 [Service]
-ExecStart=/usr/local/bin/nomad agent -dev -config=/home/circleci/go/src/github.com/Roblox/nomad-driver-containerd/example/agent_tests.hcl -plugin-dir=/tmp/nomad-driver-containerd
+ExecStart=/usr/local/bin/nomad agent -dev -config=$GOPATH/src/github.com/Roblox/nomad-driver-containerd/example/agent_tests.hcl -plugin-dir=/tmp/nomad-driver-containerd
 KillMode=process
 Delegate=yes
 LimitNOFILE=1048576