Added config option for disabling iptable lock (Azure#470)

* added config option for disabling iptable lock * added log for iptable and ebtable version * moved logging dependency package details to platform specific file

Author: tamilmani1989

cni/netconfig.go

@@ -55,6 +55,7 @@ type NetworkConfig struct {
 MultiTenancy bool `json:"multiTenancy,omitempty"`
 EnableSnatOnHost bool `json:"enableSnatOnHost,omitempty"`
 EnableExactMatchForPodName bool `json:"enableExactMatchForPodName,omitempty"`
+DisableIPTableLock bool `json:"disableIPTableLock,omitempty"`
 CNSUrl string `json:"cnsurl,omitempty"`
 Ipam struct {
 Type string `json:"type"`

cni/network/network.go

@@ -17,6 +17,7 @@ import (
 "github.com/Azure/azure-container-networking/cns"
 "github.com/Azure/azure-container-networking/cns/cnsclient"
 "github.com/Azure/azure-container-networking/common"
+"github.com/Azure/azure-container-networking/iptables"
 "github.com/Azure/azure-container-networking/log"
 "github.com/Azure/azure-container-networking/network"
 "github.com/Azure/azure-container-networking/platform"
@@ -106,6 +107,7 @@ func (plugin *netPlugin) Start(config *common.PluginConfig) error {
 // Log platform information.
 log.Printf("[cni-net] Plugin %v version %v.", plugin.Name, plugin.Version)
 log.Printf("[cni-net] Running on %v", platform.GetOSInfo())
+platform.PrintDependencyPackageDetails()
 common.LogNetworkInterfaces()
 
 // Initialize network manager.
@@ -239,6 +241,7 @@ func (plugin *netPlugin) Add(args *cniSkel.CmdArgs) error {
 }
 }
 
+iptables.DisableIPTableLock = nwCfg.DisableIPTableLock
 plugin.setCNIReportDetails(nwCfg, CNI_ADD, "")
 
 defer func() {
@@ -587,6 +590,8 @@ func (plugin *netPlugin) Get(args *cniSkel.CmdArgs) error {
 
 log.Printf("[cni-net] Read network configuration %+v.", nwCfg)
 
+iptables.DisableIPTableLock = nwCfg.DisableIPTableLock
+
 // Parse Pod arguments.
 if k8sPodName, k8sNamespace, err = plugin.getPodInfo(args.Args); err != nil {
 return err
@@ -665,6 +670,7 @@ func (plugin *netPlugin) Delete(args *cniSkel.CmdArgs) error {
 
 log.Printf("[cni-net] Read network configuration %+v.", nwCfg)
 
+iptables.DisableIPTableLock = nwCfg.DisableIPTableLock
 plugin.setCNIReportDetails(nwCfg, CNI_DEL, "")
 
 // Parse Pod arguments.
@@ -758,6 +764,7 @@ func (plugin *netPlugin) Update(args *cniSkel.CmdArgs) error {
 
 log.Printf("[cni-net] Read network configuration %+v.", nwCfg)
 
+iptables.DisableIPTableLock = nwCfg.DisableIPTableLock
 plugin.setCNIReportDetails(nwCfg, CNI_UPDATE, "")
 
 defer func() {

iptables/iptables.go

@@ -55,9 +55,20 @@ const (
 lockTimeout = 60
 )
 
+var (
+DisableIPTableLock bool
+)
+
 // Run iptables command
 func runCmd(params string) error {
-cmd := fmt.Sprintf("%s -w %d %s", iptables, lockTimeout, params)
+var cmd string
+
+if DisableIPTableLock {
+cmd = fmt.Sprintf("%s %s", iptables, params)
+} else {
+cmd = fmt.Sprintf("%s -w %d %s", iptables, lockTimeout, params)
+}
+
 if _, err := platform.ExecuteCommand(cmd); err != nil {
 return err
 }

platform/os_linux.go

@@ -149,3 +149,12 @@ func GetProcessNameByID(pidstr string) (string, error) {
 
 return out, nil
 }
+
+func PrintDependencyPackageDetails() {
+out, err := ExecuteCommand("iptables --version")
+out = strings.TrimSuffix(out, "\n")
+log.Printf("[cni-net] iptable version:%s, err:%v", out, err)
+out, err = ExecuteCommand("ebtables --version")
+out = strings.TrimSuffix(out, "\n")
+log.Printf("[cni-net] ebtable version %s, err:%v", out, err)
+}

platform/os_windows.go

@@ -226,3 +226,6 @@ func GetProcessNameByID(pidstr string) (string, error) {
 
 return "", fmt.Errorf("Process not found")
 }
+
+func PrintDependencyPackageDetails() {
+}