Skip to content

Commit

Permalink
docker: add option to force hostname for linstor
Browse files Browse the repository at this point in the history 
Add a new environment variable that, if set, forces the LINSTOR components
to run with a specific hostname.

This may be useful in an environment where we don't have complete control over
the names of the created containers, such as kubernetes. While LINSTOR is
capable of dealing with changing hostnames, it does lead to weird issues later:

* LINSTOR names connections based on the peers uname. If that uname is changed,
  LINSTOR tries to update the resource, but renaming the connection does not
  always work.
* For TLS to work, we use the peer name as the name to validate in the
  certificate. However, if the name is not under our control, it is hard to
  generate a certificate that is valid for the names.
* Some external components such as monitoring and so on also rely on the
  peer name to generate useful output.

So in order to have a stable hostname for LINSTOR and DRBD, we add an option to
start LINSTOR in a new UTS namespace with the forced hostname set.

We use a new UTS namespace because if we would just force the hostname to be
set in all cases, we potentially override the "root" namespace if the
container is started in the host network. We do not want to make unneeded
changes to the host, so using a new UTS namespace is the simplest solution.

Using unshare with a new UTS namespace also means that the created namespace
is automatically removed once the LINSTOR processes exits.

We also update the await-election tool: this now uses execve() to run the
command when not running the leader election. This means that in case a
satellite is started, the entry.sh script will become PID 1 in the container.
This in turn makes the unshare()-d process PID 1, which is nice, as now
docker|kubectl exec'ing into the container will also put us into the same
namespace, so all drbdadm commands will work as expected.

Signed-off-by: Moritz Wanzenböck <[email protected]>
  • Loading branch information
@WanzenBug @JoelColledge
WanzenBug authored and JoelColledge committed Feb 16, 2024
1 parent 2e98c14 commit 6bc1ca9
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
2 changes: 1 addition & 1 deletion dockerfiles/piraeus-server/VERSION.env
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
LINSTOR_VERSION=1.26.0-1
SHORT_VERSION="$(echo "${LINSTOR_VERSION}" | grep -oE '^[^-]+')"
K8S_AWAIT_ELECTION_VERSION=v0.3.1
K8S_AWAIT_ELECTION_VERSION=v0.4.1
7 changes: 6 additions & 1 deletion dockerfiles/piraeus-server/entry.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,13 @@ try_import_key /etc/linstor/https-pem /etc/linstor/https/keystore.jks /etc/linst

case $1 in
startSatellite)
declare -a EXEC_PREFIX
if [ -n "$LB_FORCE_NODE_NAME" ]; then
EXEC_PREFIX+=(unshare --uts -- sh -ec 'hostname "$LB_FORCE_NODE_NAME"; exec "$@"' --)
fi

shift
exec /usr/share/linstor-server/bin/Satellite --logs=/var/log/linstor-satellite --config-directory=/etc/linstor --skip-hostname-check "$@"
exec "${EXEC_PREFIX[@]}" /usr/share/linstor-server/bin/Satellite --logs=/var/log/linstor-satellite --config-directory=/etc/linstor "$@"
;;
startController)
shift
Expand Down

0 comments on commit 6bc1ca9

Please sign in to comment.