This repository was archived by the owner on May 12, 2021. It is now read-only.
This repository was archived by the owner on May 12, 2021. It is now read-only.
shim v2 fail to run with cnm network #1788
Description
Description of problem
Fail to run shim v2 with bridged network, network use cnm mode.
# pouch run -d --runtime=kata-runtime docker.io/library/busybox:latest
Error: failed to run container de3522: {"message":"failed to create container(de35222f6e3c4288be95e8b78ddfd82ed71f5457093c9ed3bc3a0ac497330d2f) on containerd: failed to create task for container(de35222f6e3c4288be95e8b78ddfd82ed71f5457093c9ed3bc3a0ac497330d2f): exit status 1: stdout: , stderr: time=\"2019-06-12T15:47:20+08:00\" level=info msg=\"external key /proc/14245/ns/net\" \ntime=\"2019-06-12T15:47:20+08:00\" level=fatal msg=\"failed to add interface vethf6bce45 to sandbox: error renaming interface \"vethf6bce45\" to \"eth0\": file exists\" \n: unknown"}
From read libnetwork/kata code, and with help of @lifupan , finally I found the reason:
- kata create a new netns
- with
EnterNS, kata change netns to the created one. - when use cnm network mode, in pre-start hook, kata will re-exec libnetwork process
libnetwork-setkey, and send self pid to it. libnetwork use/proc/pid/ns/netto find the netns kata use , and set veth into the netns
v1/v2 shim use the same way to create network, v1 can successful because EnterNS changed both current thread and main thread 's netns. But use v2 shim , only changed current thread netns, main thread still use host netns, so it fails. So if we pass syscall.Gettid() to libnetwork, it will work.
Expected result
(replace this text with an explanation of what you thought would happen)
Actual result
(replace this text with details of what actually happened)