Merge pull request #98 from qiangzii/master

add ipam-check tool; update ip relese; update ipamblock restore; update ipamblock attributes info;

Author: yongchuanzhou

Makefile

@@ -67,6 +67,7 @@ tools: vet fmt
 	$(BUILD_ENV) go build -ldflags "-w" -o $(TOOLS_BIN_DIR)/vxnet-client cmd/tools/vxnet-client/client.go
 	$(BUILD_ENV) go build -ldflags "-w" -o $(TOOLS_BIN_DIR)/patch-node cmd/tools/node-patch/patch.go
 	$(BUILD_ENV) go build -ldflags "-w" -o $(TOOLS_BIN_DIR)/dhcp-client cmd/tools/dhcp-client/client.go
+	$(BUILD_ENV) go build -ldflags "-w" -o $(TOOLS_BIN_DIR)/ipam-check cmd/tools/ipam-check/check.go
 
 deploy:
 	sed -i'' -e 's@image: .*@image: '"${IMG}"'@' config/${TARGET}/manager_image_patch.yaml

build/hostnic/Dockerfile

@@ -1,5 +1,6 @@
 FROM alpine
 RUN apk --no-cache add ca-certificates \
+    && apk --no-cache add ipvsadm \
     && update-ca-certificates 2>/dev/null || true
 WORKDIR /app
 ADD bin/hostnic .

build/hostnic/DockerfileWithBuilder

@@ -10,12 +10,14 @@ RUN CGO_ENABLED=0 GOOS=linux go build -ldflags "-w" -o ${CORE_BIN_DIR}/hostnic-c
     && CGO_ENABLED=0 GOOS=linux go build -ldflags "-w" -o ${TOOLS_BIN_DIR}/hostnic-client ./cmd/tools/hostnic-client/client.go \
     && CGO_ENABLED=0 GOOS=linux go build -ldflags "-w" -o ${TOOLS_BIN_DIR}/vxnet-client ./cmd/tools/vxnet-client/client.go \
     && CGO_ENABLED=0 GOOS=linux go build -ldflags "-w" -o ${TOOLS_BIN_DIR}/patch-node ./cmd/tools/node-patch/patch.go \
-    && CGO_ENABLED=0 GOOS=linux go build -ldflags "-w" -o $(TOOLS_BIN_DIR)/dhcp-client ./cmd/tools/dhcp-client/client.go
+    && CGO_ENABLED=0 GOOS=linux go build -ldflags "-w" -o $(TOOLS_BIN_DIR)/dhcp-client ./cmd/tools/dhcp-client/client.go \
+    && CGO_ENABLED=0 GOOS=linux go build -ldflags "-w" -o ${TOOLS_BIN_DIR}/ipam-check ./cmd/tools/ipam-check/check.go
 
 
 FROM alpine
 ARG CORE_BIN_DIR
 RUN apk --no-cache add ca-certificates \
+    && apk --no-cache add ipvsadm \
     && update-ca-certificates 2>/dev/null || true
 WORKDIR /app
 COPY --from=builder /hostnic-cni/${CORE_BIN_DIR} .

cmd/hostnic/hostnic.go

@@ -443,8 +443,14 @@ func cmdAdd(args *skel.CmdArgs) error {
 	}
 	klog.Infof("cmdAdd for %s load and check netconf success, conf=%+v", args.ContainerID, conf)
 
+	//get nodename
+	nodeName, err := os.Hostname()
+	if err != nil {
+		klog.Errorf("failed to get hostname: %v, ignore!", err)
+	}
+
 	// run the IPAM plugin and get back the config to apply
-	ipamMsg, result, err := ipam2.AddrAlloc(args)
+	ipamMsg, result, err := ipam2.AddrAlloc(args, nodeName)
 	if err != nil {
 		return fmt.Errorf("failed to alloc addr: %v", err)
 	}
@@ -582,12 +588,16 @@ func cmdDel(args *skel.CmdArgs) error {
 	if err != nil {
 		return fmt.Errorf("get nic and ip info for pod %s error: %v", podKey, err)
 	}
+
+	if ipamMsg.IP != "" {
+		klog.Infof("get ip info for pod %s success, ip: %v", podKey, ipamMsg.IP)
+	}
+
 	if ipamMsg.Nic == nil {
-		// not found db record,  just return
-		klog.Infof("not found db record for pod %s, skip cleanup!", podKey)
-		return nil
+		// not found db record and ip record, skip cleanup
+		klog.Infof("not found nic record for pod %s, try to clean up rules and release ip", podKey)
+		return cleanupRulesAndIP(args, ipamMsg)
 	}
-	klog.Infof(" get nic and ip info for pod %s success, ip: %v", podKey, ipamMsg.IP)
 
 	netns, err := ns.GetNS(args.Netns)
 	if err != nil {

cmd/hostnic/ipam/ipam.go

@@ -36,7 +36,7 @@ import (
 	"github.com/yunify/hostnic-cni/pkg/rpc"
 )
 
-func AddrAlloc(args *skel.CmdArgs) (*rpc.IPAMMessage, *current.Result, error) {
+func AddrAlloc(args *skel.CmdArgs, nodeName string) (*rpc.IPAMMessage, *current.Result, error) {
 	// conf := NetConf{}
 	// if err := json.Unmarshal(args.StdinData, &conf); err != nil {
 	// 	return nil, nil, fmt.Errorf("failed to unmarshal netconf %s", spew.Sdump(args))
@@ -63,6 +63,7 @@ func AddrAlloc(args *skel.CmdArgs) (*rpc.IPAMMessage, *current.Result, error) {
 				Containter: string(k8sArgs.K8S_POD_INFRA_CONTAINER_ID),
 				Netns:      args.Netns,
 				IfName:     args.IfName,
+				NodeName:   nodeName,
 			},
 		})
 	if err != nil {

cmd/tools/ipam-check/check.go

@@ -0,0 +1,214 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"os"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+
+	k8sinformers "k8s.io/client-go/informers"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/tools/clientcmd"
+
+	networkv1alpha1 "github.com/yunify/hostnic-cni/pkg/apis/network/v1alpha1"
+	clientset "github.com/yunify/hostnic-cni/pkg/client/clientset/versioned"
+	informers "github.com/yunify/hostnic-cni/pkg/client/informers/externalversions"
+	"github.com/yunify/hostnic-cni/pkg/constants"
+	"github.com/yunify/hostnic-cni/pkg/networkutils"
+	"github.com/yunify/hostnic-cni/pkg/rpc"
+	"github.com/yunify/hostnic-cni/pkg/signals"
+	"github.com/yunify/hostnic-cni/pkg/simple/client/network/ippool/ipam"
+)
+
+var kubeconfig string
+var delete, debug bool
+
+func usage() {
+	fmt.Println("This tool is used to check leak ip arp rules and release ip, it will list all leak ip arp rules on this instance by default, if you want to delete them, please use '-delete' flag")
+	flag.PrintDefaults()
+}
+
+func main() {
+	flag.StringVar(&kubeconfig, "kubeconfig", "/root/.kube/config", "Path to a kubeconfig. Only required if out-of-cluster.If not set, use the default path")
+	flag.BoolVar(&delete, "delete", false, "delete leak ip arp rules and release ip")
+	flag.BoolVar(&debug, "debug", false, "show debug info")
+	flag.Usage = usage
+	flag.Parse()
+
+	//get instance-id
+	instanceIDByte, err := os.ReadFile(constants.InstanceIDFile)
+	if err != nil {
+		fmt.Printf("failed to load instance-id: %v", err)
+		return
+	}
+	instanceID := strings.TrimSpace(string(instanceIDByte))
+	fmt.Println("get instanceID: ", instanceID)
+
+	// set up signals so we handle the first shutdown signals gracefully
+	stopCh := signals.SetupSignalHandler()
+
+	//client
+	cfg, err := clientcmd.BuildConfigFromFlags("", kubeconfig)
+	if err != nil {
+		fmt.Printf("Error building kubeconfig: %v", err)
+		return
+	}
+
+	k8sClient, err := kubernetes.NewForConfig(cfg)
+	if err != nil {
+		fmt.Printf("Error building kubernetes clientset: %v", err)
+		return
+	}
+
+	client, err := clientset.NewForConfig(cfg)
+	if err != nil {
+		fmt.Printf("Error building example clientset: %v", err)
+		return
+	}
+
+	k8sInformerFactory := k8sinformers.NewSharedInformerFactory(k8sClient, time.Second*10)
+	informerFactory := informers.NewSharedInformerFactory(client, time.Second*30)
+
+	ipamClient := ipam.NewIPAMClient(client, networkv1alpha1.IPPoolTypeLocal, informerFactory, k8sInformerFactory)
+
+	k8sInformerFactory.Start(stopCh)
+	informerFactory.Start(stopCh)
+
+	if err = ipamClient.Sync(stopCh); err != nil {
+		fmt.Printf("ipamclient sync error: %v", err)
+		return
+	}
+
+	//network tools for clean pod network
+	networkutils.SetupNetworkHelper()
+
+	//get all arp rules on the instance
+	rules, err := getArpRuleList()
+	if err != nil {
+		fmt.Printf("getArpRuleList failed: %v\n", err)
+		return
+	}
+	if debug {
+		fmt.Printf("all arp rules on instance %s: \n", instanceID)
+		for _, rule := range rules {
+			fmt.Printf("\t%s\n", rule.rule)
+		}
+	}
+	fmt.Printf("\n\n")
+
+	//get pods on the instance
+	podsMap, err := ipamClient.ListInstancePods(instanceID)
+	if err != nil {
+		fmt.Printf("ListInstancePods failed: %v\n", err)
+		return
+	}
+
+	//check and gather leak ip arp rules
+	rulesToClear := []arpReplyInfo{}
+	for _, rule := range rules {
+		if _, ok := podsMap[rule.ip]; !ok {
+			rulesToClear = append(rulesToClear, rule)
+		}
+	}
+
+	if len(rulesToClear) == 0 {
+		fmt.Printf("no leak ip arp rules found on instance %s\n\n", instanceID)
+		return
+	}
+
+	fmt.Printf("leak ip arp rules on instance %s: \n", instanceID)
+	for _, rule := range rulesToClear {
+		fmt.Printf("\t%s\n", rule.rule)
+	}
+	fmt.Printf("\n\n")
+
+	if !delete {
+		return
+	}
+
+	// delete leak ip arp rules and release ip
+	// should delete arp rules first, then release ip, or if release ip error,the rule will left but ip was released and will be allocated to other pod
+	fmt.Printf("going to delete leak ip arp rules and release ip\n\n")
+	for _, rule := range rulesToClear {
+		if err := clearArpReplyRule(rule); err != nil {
+			fmt.Printf("delete arp rule for leak ip %s error: %v, skip\n\n", rule.ip, err)
+			continue
+		}
+		fmt.Printf("delete arp rule for leak ip %s success\n", rule.ip)
+		if err := ipamClient.ReleaseByIP(rule.ip); err != nil {
+			fmt.Printf("release leak ip %s error: %v, skip\n\n", rule.ip, err)
+		}
+		fmt.Printf("release leak ip %s success\n\n", rule.ip)
+	}
+}
+
+// list arp rules
+type arpReplyInfo struct {
+	routeTableNum int32
+	ip            string
+	macAddr       string
+	rule          string
+}
+
+func getArpRuleList() (ruleList []arpReplyInfo, err error) {
+	//get all arp rules
+	ruleStr, err := networkutils.ListArpReply()
+	if err != nil {
+		return nil, fmt.Errorf("list arp rules error: %v", err)
+	}
+
+	//parse arp rules
+	return parseARPRules(ruleStr)
+}
+
+func parseARPRules(output string) (ruleList []arpReplyInfo, err error) {
+	lines := strings.Split(output, "\n")
+
+	ruleRegex := regexp.MustCompile(`-p ARP --logical-in (br_\d+) --arp-op Request --arp-ip-dst (\d+\.\d+\.\d+\.\d+) -j arpreply --arpreply-mac ([\da-fA-F:]+)`)
+
+	for _, line := range lines {
+		line = strings.TrimSpace(line)
+		if line == "" || strings.HasPrefix(line, "Bridge chain:") || strings.HasPrefix(line, "policy:") {
+			// skip empty line and header
+			continue
+		}
+
+		match := ruleRegex.FindStringSubmatch(line)
+		if len(match) > 3 {
+			logicalIn := match[1]
+			ip := match[2]
+			mac := match[3]
+
+			tableNumStr := strings.TrimPrefix(logicalIn, "br_")
+			tableNum, err := strconv.Atoi(tableNumStr)
+			if err != nil {
+				return nil, fmt.Errorf("parse tableNumStr %s error: %v", tableNumStr, err)
+			}
+
+			ruleList = append(ruleList, arpReplyInfo{
+				routeTableNum: int32(tableNum),
+				ip:            ip,
+				macAddr:       mac,
+				rule:          line,
+			})
+		}
+	}
+	return
+}
+
+// check and delete arp rules
+func clearArpReplyRule(item arpReplyInfo) error {
+	//delete arp rule
+	err := networkutils.NetworkHelper.CleanupPodNetwork(&rpc.HostNic{
+		RouteTableNum: item.routeTableNum,
+		HardwareAddr:  item.macAddr,
+	}, item.ip)
+	if err != nil && !strings.Contains(err.Error(), "rule does not exist") {
+		return fmt.Errorf("failed to delete ebtables rule %s: %s", item.rule, err)
+	}
+
+	return nil
+}

cmd/tools/ipam-client/client.go

@@ -142,7 +142,7 @@ func main() {
 				for _, block := range ippool.BrokenBlocks {
 					for ipStr, podNames := range block.IpToPods {
 						if len(podNames) > 1 {
-							fmt.Printf("\t\tip %s was allocated more than noce to pods %v\n", ipStr, podNames)
+							fmt.Printf("\t\tip %s was allocated more than once to pods %v\n", ipStr, podNames)
 						}
 					}
 

deploy/hostnic.yaml

@@ -481,7 +481,7 @@ spec:
                 fieldRef:
                   apiVersion: v1
                   fieldPath: metadata.namespace
-          image: qingcloud/hostnic-plus:v1.0.14
+          image: qingcloud/hostnic-plus:v1.0.15
           imagePullPolicy: IfNotPresent
           name: hostnic-node
           ports:
@@ -520,7 +520,7 @@ spec:
             - /app/install_hostnic.sh
           command:
             - /bin/sh
-          image: qingcloud/hostnic-plus:v1.0.14
+          image: qingcloud/hostnic-plus:v1.0.15
           imagePullPolicy: IfNotPresent
           name: hostnic-init
           resources: {}
@@ -595,7 +595,7 @@ spec:
     spec:
       containers:
         - name: hostnic-controller
-          image: qingcloud/hostnic-plus:v1.0.14
+          image: qingcloud/hostnic-plus:v1.0.15
           command:
             - /app/hostnic-controller
             - --v=5

pkg/allocator/allocator.go

@@ -218,7 +218,7 @@ func (a *Allocator) AllocHostNic(args *rpc.PodInfo) (*rpc.HostNic, error) {
 	}
 	nics, _, err := qcclient.QClient.CreateNicsAndAttach(vxnet, 1, nil, 1)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("create and attach nic failed: %v", err)
 	}
 	log.Infof("create and attach nic %s", getNicKey(nics[0]))