Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cnitool: fix default CNI directory on Windows and add extra checks. #942

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

aznashwan
Copy link

No description provided.

@aznashwan
Copy link
Author

aznashwan commented Jan 9, 2023

Note that the only new validation logic which may introduce extra constraints is this new filepath.IsAbs() check, but I can't think of a usecase where one might want to use a relative path instead of an absolute path.

I'm also open to any better suggestions for the Windows default path than this default from containerd.

@coveralls
Copy link

coveralls commented Jan 10, 2023

Coverage Status

Coverage: 72.359%. Remained the same when pulling 289c64b on aznashwan:fix-default-windows-confdir into 6a43fb5 on containernetworking:main.

@aznashwan
Copy link
Author

Note that the only new validation logic which may introduce extra constraints is this new filepath.IsAbs() check

FWIW I have switched to using filepath.Abs() to bring it in line with the rest of the code.

I've also compared the pre and post-patch behavior on Linux:

### Pre-patch:
# Relative paths work:
$ NETCONFPATH=../../../../etc/cni/net.d/ ./cnitool check nonexistent-net /var/run/netns/testing 
no net configuration with name "nonexistent-net" in ../../../../etc/cni/net.d/  # correct 

# Setting a nonexistent directory will only claim there are no net configurations:
$ NETCONFPATH=/nonexistent/path ./cnitool check nonexistent-net /var/run/netns/testing 
no net configurations found in /nonexistent/path

# Setting a nonexistent relative directory will also only claim there are no net configurations:
$ NETCONFPATH=./nonexistent/relative/path ./cnitool check nonexistent-net /var/run/netns/testing 
no net configurations found in ./nonexistent/relative/path

### Post-patch:
# Relative paths still work:
$ NETCONFPATH=../../../../etc/cni/net.d/ ./cnitool check nonexistent-net /var/run/netns/testing 
no net configuration with name "nonexistent-net" in /etc/cni/net.d  # correct

# Setting a nonexistent directory will error out with a clear message:
$ NETCONFPATH=/nonexistent/path ./cnitool check nonexistent-net /var/run/netns/testing 
the provided CNI config path ($NETCONFPATH) does not exist: "/nonexistent/path"

# Setting a nonexistent relative directory will also error out with a clear message:
$ NETCONFPATH=./nonexistent/relative/path ./cnitool check nonexistent-net /var/run/netns/testing 
the provided CNI config path ($NETCONFPATH) does not exist: "/home/nashu/cni/cnitool/nonexistent/relative/path"

// NOTE: this is the most reasonable default as most CNI setups on Windows
// will have been made using the helper script in the containerd repo.
// https://github.com/containerd/containerd/blob/main/script/setup/install-cni-windows
DefaultNetDir = "C:\\Program Files\\containerd\\cni\\conf"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aznashwan this seems containerd specific, but CNI is used by more than just containerd. If each CRI implementation has its own default directory, should this be a list of default dirs that get tried in sequence?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the huge delay, I must've somehow missed this notification when it happened.

seems containerd specific

Correct.

CNI is used by more than just containerd

Correct, but generally not really Windows (at least when I was involved in CNI porting efforts on Windows a whole year ago).

Back then, the vast majority of k8s/docker setups on Windows directly installed containerd from their build scripts in the main containerd/containerd repo, so it seemed like the most reasonable choice...

I'm not sure whether there is a "standardised way" to install k8s on Windows nowadays, but I'm willing to bet it uses containerd with this default.

Plus at the end of the day this path is configurable via an env var, so the C:\Program Files\containerd\cni\conf default isn't preventing anyone from using cnitool, and it's certainly a hell of a lot saner of a default on Windows than /etc/cni/net.d 🤣

@MikeZappa87
Copy link
Contributor

@aznashwan is this still required?

@aznashwan
Copy link
Author

aznashwan commented Nov 23, 2024

@MikeZappa87

is this still required?

While I have't worked with Windows CNIs in over 1 year or so, this patch still looks relevant for anyone wanting to run cnitool on Windows (not sure how relevant that is nowadays however).

I've just rebased the PR FWIW.

…ory.

Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants