Added config option for disabling iptable lock (#470)

* added config option for disabling iptable lock

* added log for iptable and ebtable version

* moved logging dependency package details to platform specific file

cni/netconfig.go

@@ -55,6 +55,7 @@ type NetworkConfig struct {
 	MultiTenancy               bool     `json:"multiTenancy,omitempty"`
 	EnableSnatOnHost           bool     `json:"enableSnatOnHost,omitempty"`
 	EnableExactMatchForPodName bool     `json:"enableExactMatchForPodName,omitempty"`
+	DisableIPTableLock         bool     `json:"disableIPTableLock,omitempty"`
 	CNSUrl                     string   `json:"cnsurl,omitempty"`
 	Ipam                       struct {
 		Type          string `json:"type"`

cni/network/network.go

@@ -17,6 +17,7 @@ import (
 	"github.com/Azure/azure-container-networking/cns"
 	"github.com/Azure/azure-container-networking/cns/cnsclient"
 	"github.com/Azure/azure-container-networking/common"
+	"github.com/Azure/azure-container-networking/iptables"
 	"github.com/Azure/azure-container-networking/log"
 	"github.com/Azure/azure-container-networking/network"
 	"github.com/Azure/azure-container-networking/platform"
@@ -106,6 +107,7 @@ func (plugin *netPlugin) Start(config *common.PluginConfig) error {
 	// Log platform information.
 	log.Printf("[cni-net] Plugin %v version %v.", plugin.Name, plugin.Version)
 	log.Printf("[cni-net] Running on %v", platform.GetOSInfo())
+	platform.PrintDependencyPackageDetails()
 	common.LogNetworkInterfaces()
 
 	// Initialize network manager.
@@ -239,6 +241,7 @@ func (plugin *netPlugin) Add(args *cniSkel.CmdArgs) error {
 		}
 	}
 
+	iptables.DisableIPTableLock = nwCfg.DisableIPTableLock
 	plugin.setCNIReportDetails(nwCfg, CNI_ADD, "")
 
 	defer func() {
@@ -587,6 +590,8 @@ func (plugin *netPlugin) Get(args *cniSkel.CmdArgs) error {
 
 	log.Printf("[cni-net] Read network configuration %+v.", nwCfg)
 
+	iptables.DisableIPTableLock = nwCfg.DisableIPTableLock
+
 	// Parse Pod arguments.
 	if k8sPodName, k8sNamespace, err = plugin.getPodInfo(args.Args); err != nil {
 		return err
@@ -665,6 +670,7 @@ func (plugin *netPlugin) Delete(args *cniSkel.CmdArgs) error {
 
 	log.Printf("[cni-net] Read network configuration %+v.", nwCfg)
 
+	iptables.DisableIPTableLock = nwCfg.DisableIPTableLock
 	plugin.setCNIReportDetails(nwCfg, CNI_DEL, "")
 
 	// Parse Pod arguments.
@@ -758,6 +764,7 @@ func (plugin *netPlugin) Update(args *cniSkel.CmdArgs) error {
 
 	log.Printf("[cni-net] Read network configuration %+v.", nwCfg)
 
+	iptables.DisableIPTableLock = nwCfg.DisableIPTableLock
 	plugin.setCNIReportDetails(nwCfg, CNI_UPDATE, "")
 
 	defer func() {

iptables/iptables.go

@@ -55,9 +55,20 @@ const (
 	lockTimeout = 60
 )
 
+var (
+	DisableIPTableLock bool
+)
+
 // Run iptables command
 func runCmd(params string) error {
-	cmd := fmt.Sprintf("%s -w %d %s", iptables, lockTimeout, params)
+	var cmd string
+
+	if DisableIPTableLock {
+		cmd = fmt.Sprintf("%s %s", iptables, params)
+	} else {
+		cmd = fmt.Sprintf("%s -w %d %s", iptables, lockTimeout, params)
+	}
+
 	if _, err := platform.ExecuteCommand(cmd); err != nil {
 		return err
 	}

platform/os_linux.go

@@ -149,3 +149,12 @@ func GetProcessNameByID(pidstr string) (string, error) {
 
 	return out, nil
 }
+
+func PrintDependencyPackageDetails() {
+	out, err := ExecuteCommand("iptables --version")
+	out = strings.TrimSuffix(out, "\n")
+	log.Printf("[cni-net] iptable version:%s, err:%v", out, err)
+	out, err = ExecuteCommand("ebtables --version")
+	out = strings.TrimSuffix(out, "\n")
+	log.Printf("[cni-net] ebtable version %s, err:%v", out, err)
+}

platform/os_windows.go

@@ -226,3 +226,6 @@ func GetProcessNameByID(pidstr string) (string, error) {
 
 	return "", fmt.Errorf("Process not found")
 }
+
+func PrintDependencyPackageDetails() {
+}