fix: check and repair pods. (#99)

cybwan · web-flow · commit 2d626c0246eb · 2025-04-11T14:18:17.000+08:00
diff --git a/Makefile b/Makefile
@@ -35,9 +35,9 @@ docker-build-xnet-ubuntu-22.04:
 docker-build-xnet-ubuntu-24.04:
 	docker buildx build --builder fsm --platform=$(DOCKER_BUILDX_PLATFORM) -o $(DOCKER_BUILDX_OUTPUT) -t $(CTR_REGISTRY)/xnet:ubuntu-24.04-$(CTR_TAG) -f dockerfiles/Dockerfile.ubuntu.24.04 --build-arg LDFLAGS=$(LDFLAGS) .
 
-.PHONY: docker-build-xnet-openeuler-22.03
-docker-build-bclinux-xnet-openeuler-22.03:
-docker-build-bclinux-xnet-openeuler-22.03:
+.PHONY: docker-build-xnet-bclinux-openeuler-22.03
+docker-build-xnet-bclinux-openeuler-22.03:
+docker-build-xnet-bclinux-openeuler-22.03:
 	docker buildx build --builder fsm --platform=$(DOCKER_BUILDX_PLATFORM) -o $(DOCKER_BUILDX_OUTPUT) -t $(CTR_REGISTRY)/xnet:openeuler-22.03-$(CTR_TAG) -f dockerfiles/Dockerfile.openeuler.22.03 --build-arg LDFLAGS=$(LDFLAGS) .
 
 TARGETS = xnet xnet-ubuntu-20.04 xnet-ubuntu-22.04 xnet-ubuntu-24.04
diff --git a/cmd/xctr/main.go b/cmd/xctr/main.go
@@ -132,7 +132,21 @@ func parseFlags() error {
 	}
 	if len(nodePathSysRun) > 0 {
 		volume.SysRun.HostPath = nodePathSysRun
-		volume.Netns.HostPath = path.Join(volume.SysRun.HostPath, `netns`)
+
+		netnsDir := path.Join(volume.SysRun.HostPath, `docker`, `netns`)
+		if _, err := os.ReadDir(netnsDir); err == nil {
+			volume.Netns = append(volume.Netns, netnsDir)
+		}
+
+		netnsDir = path.Join(volume.SysRun.HostPath, `netns`)
+		if _, err := os.ReadDir(netnsDir); err == nil {
+			volume.Netns = append(volume.Netns, netnsDir)
+		}
+
+		netnsDir = volume.SysProc.MountPath
+		if _, err := os.ReadDir(netnsDir); err == nil {
+			volume.Netns = append(volume.Netns, netnsDir)
+		}
 	}
 
 	return nil
diff --git a/pkg/k8s/informers/informers.go b/pkg/k8s/informers/informers.go
@@ -3,7 +3,6 @@ package informers
 import (
 	"errors"
 	"os"
-	"strings"
 	"testing"
 
 	"github.com/rs/zerolog/log"
@@ -53,11 +52,11 @@ func WithKubeClient(kubeClient kubernetes.Interface) InformerCollectionOption {
 		nsInformerFactory := informers.NewSharedInformerFactoryWithOptions(kubeClient, DefaultKubeEventResyncInterval, monitorNamespaceOption)
 		ic.informers[InformerKeyNamespace] = nsInformerFactory.Core().V1().Namespaces().Informer()
 
-		nodeName, err := os.Hostname()
-		if err != nil {
-			log.Fatal().Msg(err.Error())
+		nodeName := os.Getenv("NODE_NAME")
+		if len(nodeName) == 0 {
+			log.Fatal().Msg("missing NODE_NAME env")
 		}
-		nodeSelector := fields.OneTermEqualSelector("spec.nodeName", strings.ToLower(nodeName)).String()
+		nodeSelector := fields.OneTermEqualSelector("spec.nodeName", nodeName).String()
 
 		podNodeOption := informers.WithTweakListOptions(func(opt *metav1.ListOptions) {
 			opt.FieldSelector = nodeSelector
diff --git a/pkg/xnet/bpf/cli/wait.go b/pkg/xnet/bpf/cli/wait.go
@@ -56,8 +56,8 @@ func (a *waitCmd) run() error {
 					break
 				}
 			}
-			time.Sleep(time.Second * 2)
 		}
+		time.Sleep(time.Second * 2)
 	}
 	return nil
 }
diff --git a/pkg/xnet/cni/controller/hwaddr.go b/pkg/xnet/cni/controller/hwaddr.go
@@ -11,8 +11,7 @@ import (
 
 func (s *server) findHwAddrByPodIP(podIP string) (net.HardwareAddr, bool) {
 	var hwAddr net.HardwareAddr
-	netnsDirs := []string{volume.Netns.MountPath, volume.SysProc.MountPath}
-	for _, netnsDir := range netnsDirs {
+	for _, netnsDir := range volume.Netns {
 		rd, err := os.ReadDir(netnsDir)
 		if err != nil {
 			log.Debug().Err(err).Msg(netnsDir)
diff --git a/pkg/xnet/cni/controller/plugin.go b/pkg/xnet/cni/controller/plugin.go
@@ -58,8 +58,7 @@ func (s *server) CmdAdd(args *skel.CmdArgs) (err error) {
 		if len(args.IfName) != 0 {
 			return tc.AttachBPFProg(maps.SysMesh, args.IfName, true, true)
 		}
-		ifaces, _ := net.Interfaces()
-		for _, iface := range ifaces {
+		if iface, ifaceErr := net.InterfaceByName(podEth0); ifaceErr == nil {
 			if (iface.Flags&net.FlagLoopback) == 0 && (iface.Flags&net.FlagUp) != 0 {
 				return tc.AttachBPFProg(maps.SysMesh, iface.Name, true, true)
 			}
diff --git a/pkg/xnet/cni/controller/repair.go b/pkg/xnet/cni/controller/repair.go
@@ -15,11 +15,11 @@ import (
 )
 
 func (s *server) checkAndRepairPods() {
-	var repairFailPods map[string]string
 	for {
-		repairFailPods = s.doCheckAndRepairPods()
+		repairFailPods := s.doCheckAndRepairPods()
 		if len(repairFailPods) == 0 {
-			break
+			time.Sleep(time.Second * 10)
+			continue
 		}
 		for _, pod := range repairFailPods {
 			log.Error().Msgf(`fail to check and repair pod: %s`, pod)
@@ -40,8 +40,13 @@ func (s *server) doCheckAndRepairPods() map[string]string {
 		allPodsByAddr[pod.Status.PodIP] = fmt.Sprintf(`%s/%s`, pod.Namespace, pod.Name)
 	}
 
-	netnsDirs := []string{volume.Netns.MountPath, volume.SysProc.MountPath}
-	for _, netnsDir := range netnsDirs {
+	log.Debug().Msgf("monitoredPodsByAddr Count: %d", len(monitoredPodsByAddr))
+	log.Debug().Msgf("allPodsByAddr Count: %d", len(allPodsByAddr))
+
+	for _, netnsDir := range volume.Netns {
+		if len(monitoredPodsByAddr) == 0 {
+			break
+		}
 		rd, err := os.ReadDir(netnsDir)
 		if err != nil {
 			log.Debug().Err(err).Msg(netnsDir)
@@ -56,27 +61,27 @@ func (s *server) doCheckAndRepairPods() map[string]string {
 			}
 
 			if doErr := netNS.Do(func(_ ns.NetNS) error {
-				ifaces, ifaceErr := net.Interfaces()
-				if ifaceErr != nil {
-					log.Debug().Err(ifaceErr).Msg(nsName)
-					return nil
-				}
-				for _, iface := range ifaces {
+				if iface, ifaceErr := net.InterfaceByName(podEth0); ifaceErr == nil {
 					if (iface.Flags&net.FlagLoopback) == 0 && (iface.Flags&net.FlagUp) != 0 {
 						if addrs, addrErr := iface.Addrs(); addrErr == nil {
 							for _, addr := range addrs {
 								addrStr := addr.String()
 								addrStr = addrStr[0:strings.Index(addrStr, `/`)]
+								log.Debug().Msgf("netns Addr:%s %s", iface.Name, addrStr)
 								if pod, exists := monitoredPodsByAddr[addrStr]; exists {
+									log.Debug().Msgf("monitoredPodsByAddr:%s", addrStr)
 									if attachErr := tc.AttachBPFProg(maps.SysMesh, iface.Name, true, true); attachErr != nil {
 										return fmt.Errorf(`%s %s`, pod, attachErr.Error())
 									}
+									log.Debug().Msgf("monitoredPodsByAddr:%s attach success", addrStr)
 									delete(monitoredPodsByAddr, addrStr)
 									delete(allPodsByAddr, addrStr)
 								} else if pod, exists := allPodsByAddr[addrStr]; exists {
+									log.Debug().Msgf("allPodsByAddr:%s", addrStr)
 									if detachErr := tc.DetachBPFProg(maps.SysMesh, iface.Name, true, true); detachErr != nil {
 										return fmt.Errorf(`%s %s`, pod, detachErr.Error())
 									}
+									log.Debug().Msgf("allPodsByAddr:%s detach success", addrStr)
 									delete(allPodsByAddr, addrStr)
 								}
 							}
@@ -89,19 +94,18 @@ func (s *server) doCheckAndRepairPods() map[string]string {
 			}
 		}
 	}
+	log.Debug().Msgf("monitoredPodsByAddr Attach Fail Count: %d", len(monitoredPodsByAddr))
 	return monitoredPodsByAddr
 }
 
 func (s *server) checkAndResetPods() {
-	var resetFailPods map[string]string
+	retries := 3
 	for {
-		resetFailPods = s.doCheckAndResetPods()
-		if len(resetFailPods) == 0 {
+		_ = s.doCheckAndResetPods()
+		retries--
+		if retries < 0 {
 			break
 		}
-		for _, pod := range resetFailPods {
-			log.Error().Msgf(`fail to check and reset pod: %s`, pod)
-		}
 		time.Sleep(time.Second * 3)
 	}
 }
@@ -112,8 +116,12 @@ func (s *server) doCheckAndResetPods() map[string]string {
 	for _, pod := range pods {
 		allPodsByAddr[pod.Status.PodIP] = fmt.Sprintf(`%s/%s`, pod.Namespace, pod.Name)
 	}
-	netnsDirs := []string{volume.Netns.MountPath, volume.SysProc.MountPath}
-	for _, netnsDir := range netnsDirs {
+	log.Debug().Msgf("allPodsByAddr Count: %d", len(allPodsByAddr))
+
+	for _, netnsDir := range volume.Netns {
+		if len(allPodsByAddr) == 0 {
+			break
+		}
 		rd, err := os.ReadDir(netnsDir)
 		if err != nil {
 			log.Debug().Err(err).Msg(netnsDir)
@@ -128,21 +136,18 @@ func (s *server) doCheckAndResetPods() map[string]string {
 			}
 
 			if nsErr = netNS.Do(func(_ ns.NetNS) error {
-				ifaces, ifaceErr := net.Interfaces()
-				if ifaceErr != nil {
-					log.Debug().Err(ifaceErr).Msg(nsName)
-					return nil
-				}
-				for _, iface := range ifaces {
+				if iface, ifaceErr := net.InterfaceByName(podEth0); ifaceErr == nil {
 					if (iface.Flags&net.FlagLoopback) == 0 && (iface.Flags&net.FlagUp) != 0 {
 						if addrs, addrErr := iface.Addrs(); addrErr == nil {
 							for _, addr := range addrs {
 								addrStr := addr.String()
 								addrStr = addrStr[0:strings.Index(addrStr, `/`)]
+								log.Debug().Msgf("netns Addr:%s %s", iface.Name, addrStr)
 								if pod, exists := allPodsByAddr[addrStr]; exists {
 									if detachErr := tc.DetachBPFProg(maps.SysMesh, iface.Name, true, true); detachErr != nil {
 										return fmt.Errorf(`%s %s`, pod, detachErr.Error())
 									}
+									log.Debug().Msgf("allPodsByAddr:%s detach success", addrStr)
 									delete(allPodsByAddr, addrStr)
 								}
 							}
diff --git a/pkg/xnet/cni/controller/types.go b/pkg/xnet/cni/controller/types.go
@@ -12,6 +12,8 @@ const (
 
 	bridgeAclId   = uint16('b'<<8 | 'r')
 	bridgeAclFlag = uint8('c')
+
+	podEth0 = `eth0`
 )
 
 // Server CNI Server.
diff --git a/pkg/xnet/tc/tc.go b/pkg/xnet/tc/tc.go
@@ -238,8 +238,12 @@ func AttachBPFProg(sysId maps.SysID, dev string, ingress, egress bool) error {
 					if err := addBPFFilter(rtnl, uint32(iface.Index), HandleIngress, uint32(ingressProgFD)); err != nil {
 						log.Error().Msgf("add tc ingress filter error: %v", err)
 						return err
+					} else {
+						log.Debug().Msgf("tc ingress filter add success: %s", iface.Name)
 					}
 				}
+			} else {
+				log.Debug().Msgf("tc ingress filter exists: %s", iface.Name)
 			}
 		}
 
@@ -252,8 +256,12 @@ func AttachBPFProg(sysId maps.SysID, dev string, ingress, egress bool) error {
 					if err := addBPFFilter(rtnl, uint32(iface.Index), HandleEgress, uint32(egressProgFD)); err != nil {
 						log.Error().Msgf("add tc egress filter error: %v", err)
 						return err
+					} else {
+						log.Debug().Msgf("tc egress filter add success: %s", iface.Name)
 					}
 				}
+			} else {
+				log.Debug().Msgf("tc egress filter exists: %s", iface.Name)
 			}
 		}
 	}
diff --git a/pkg/xnet/volume/types.go b/pkg/xnet/volume/types.go
@@ -21,11 +21,6 @@ var (
 		MountPath: "/host/run",
 	}
 
-	Netns = HostMount{
-		HostPath:  "/var/run/netns",
-		MountPath: "/host/run/netns",
-	}
-
 	CniBin = HostMount{
 		HostPath:  "/bin",
 		MountPath: "/host/cni/bin",
@@ -36,4 +31,6 @@ var (
 		HostPath:  "/var/lib/rancher/k3s/agent/etc/cni/net.d", //k3s
 		MountPath: "/host/cni/net.d",
 	}
+
+	Netns = []string{}
 )

Original file line number	Diff line number	Diff line change
`@@ -56,8 +56,8 @@ func (a *waitCmd) run() error {`
`56`	`56`	`break`
`57`	`57`	`}`
`58`	`58`	`}`
`59`		`- time.Sleep(time.Second * 2)`
`60`	`59`	`}`
	`60`	`+ time.Sleep(time.Second * 2)`
`61`	`61`	`}`
`62`	`62`	`return nil`
`63`	`63`	`}`
Original file line number	Diff line number	Diff line change
`@@ -58,8 +58,7 @@ func (s server) CmdAdd(args skel.CmdArgs) (err error) {`
`58`	`58`	`if len(args.IfName) != 0 {`
`59`	`59`	`return tc.AttachBPFProg(maps.SysMesh, args.IfName, true, true)`
`60`	`60`	`}`
`61`		`- ifaces, _ := net.Interfaces()`
`62`		`- for _, iface := range ifaces {`
	`61`	`+ if iface, ifaceErr := net.InterfaceByName(podEth0); ifaceErr == nil {`
`63`	`62`	`if (iface.Flags&net.FlagLoopback) == 0 && (iface.Flags&net.FlagUp) != 0 {`
`64`	`63`	`return tc.AttachBPFProg(maps.SysMesh, iface.Name, true, true)`
`65`	`64`	`}`
Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,8 @@ const (`
`12`	`12`
`13`	`13`	`bridgeAclId = uint16('b'<<8 \| 'r')`
`14`	`14`	`bridgeAclFlag = uint8('c')`
	`15`	`+`
	`16`	+ podEth0 = `eth0`
`15`	`17`	`)`
`16`	`18`
`17`	`19`	`// Server CNI Server.`
Original file line number	Diff line number	Diff line change
`@@ -238,8 +238,12 @@ func AttachBPFProg(sysId maps.SysID, dev string, ingress, egress bool) error {`
`238`	`238`	`if err := addBPFFilter(rtnl, uint32(iface.Index), HandleIngress, uint32(ingressProgFD)); err != nil {`
`239`	`239`	`log.Error().Msgf("add tc ingress filter error: %v", err)`
`240`	`240`	`return err`
	`241`	`+ } else {`
	`242`	`+ log.Debug().Msgf("tc ingress filter add success: %s", iface.Name)`
`241`	`243`	`}`
`242`	`244`	`}`
	`245`	`+ } else {`
	`246`	`+ log.Debug().Msgf("tc ingress filter exists: %s", iface.Name)`
`243`	`247`	`}`
`244`	`248`	`}`
`245`	`249`
`@@ -252,8 +256,12 @@ func AttachBPFProg(sysId maps.SysID, dev string, ingress, egress bool) error {`
`252`	`256`	`if err := addBPFFilter(rtnl, uint32(iface.Index), HandleEgress, uint32(egressProgFD)); err != nil {`
`253`	`257`	`log.Error().Msgf("add tc egress filter error: %v", err)`
`254`	`258`	`return err`
	`259`	`+ } else {`
	`260`	`+ log.Debug().Msgf("tc egress filter add success: %s", iface.Name)`
`255`	`261`	`}`
`256`	`262`	`}`
	`263`	`+ } else {`
	`264`	`+ log.Debug().Msgf("tc egress filter exists: %s", iface.Name)`
`257`	`265`	`}`
`258`	`266`	`}`
`259`	`267`	`}`
Original file line number	Diff line number	Diff line change
`@@ -21,11 +21,6 @@ var (`
`21`	`21`	`MountPath: "/host/run",`
`22`	`22`	`}`
`23`	`23`
`24`		`- Netns = HostMount{`
`25`		`- HostPath: "/var/run/netns",`
`26`		`- MountPath: "/host/run/netns",`
`27`		`- }`
`28`		`-`
`29`	`24`	`CniBin = HostMount{`
`30`	`25`	`HostPath: "/bin",`
`31`	`26`	`MountPath: "/host/cni/bin",`
`@@ -36,4 +31,6 @@ var (`
`36`	`31`	`HostPath: "/var/lib/rancher/k3s/agent/etc/cni/net.d", //k3s`
`37`	`32`	`MountPath: "/host/cni/net.d",`
`38`	`33`	`}`
	`34`	`+`
	`35`	`+ Netns = []string{}`
`39`	`36`	`)`