Use ProcessExecutor for Docker container ACL setup instead of docker.exec()

2 files changed, 19 insertions, 12 deletions

diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java
index 4409fa63133..9e6f7a25ed8 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java
@@ -2,10 +2,12 @@
 package com.yahoo.vespa.hosted.node.admin.docker;
 
 import static com.yahoo.vespa.defaults.Defaults.getDefaults;
+
+import com.yahoo.collections.Pair;
+import com.yahoo.system.ProcessExecuter;
 import com.yahoo.vespa.hosted.dockerapi.Container;
 import com.yahoo.vespa.hosted.dockerapi.ContainerName;
 import com.yahoo.vespa.hosted.dockerapi.Docker;
-import com.yahoo.vespa.hosted.dockerapi.DockerExecTimeoutException;
 import com.yahoo.vespa.hosted.dockerapi.DockerImage;
 import com.yahoo.vespa.hosted.dockerapi.DockerImpl;
 import com.yahoo.vespa.hosted.dockerapi.DockerNetworkCreator;
@@ -83,10 +85,12 @@ public class DockerOperationsImpl implements DockerOperations {
 
     private final Docker docker;
     private final Environment environment;
+    private final ProcessExecuter processExecuter;
 
-    public DockerOperationsImpl(Docker docker, Environment environment) {
+    public DockerOperationsImpl(Docker docker, Environment environment, ProcessExecuter processExecuter) {
         this.docker = docker;
         this.environment = environment;
+        this.processExecuter = processExecuter;
     }
 
     // Returns empty if vespa version cannot be parsed.
@@ -267,22 +271,23 @@ public class DockerOperationsImpl implements DockerOperations {
                         containerName.asString()));
 
         final String[] wrappedCommand = Stream.concat(
-                Stream.of("nsenter", String.format("--net=/host/proc/%d/ns/net", containerPid), "--"),
+                Stream.of("sudo", "nsenter", String.format("--net=/host/proc/%d/ns/net", containerPid), "--"),
                 Stream.of(command))
         .toArray(String[]::new);
 
         try {
-            ProcessResult result = docker.executeInContainerAsRoot(new ContainerName("node-admin"), 60L, wrappedCommand);
-            if (! result.isSuccess()) {
-                String msg = String.format("Failed to execute %s in network namespace for %s (PID = %d)",
-                        Arrays.toString(wrappedCommand), containerName.asString(), containerPid);
+            Pair<Integer, String> result = processExecuter.exec(wrappedCommand);
+            if (result.getFirst() != 0) {
+                String msg = String.format(
+                        "Failed to execute %s in network namespace for %s (PID = %d), exit code: %d, output: %s",
+                        Arrays.toString(wrappedCommand), containerName.asString(), containerPid, result.getFirst(), result.getSecond());
                 logger.error(msg);
                 throw new RuntimeException(msg);
             }
-        } catch (DockerExecTimeoutException e) {
-            logger.warning(String.format("Timed out while executing %s in network namespace for %s (PID = %d)",
-                    Arrays.toString(wrappedCommand), containerName.asString(), containerPid));
-            throw e;
+        } catch (IOException e) {
+            logger.warning(String.format("IOException while executing %s in network namespace for %s (PID = %d)",
+                    Arrays.toString(wrappedCommand), containerName.asString(), containerPid), e);
+            throw new RuntimeException(e);
         }
     }
 
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/provider/ComponentsProviderImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/provider/ComponentsProviderImpl.java
index 7e8136403d8..99c78245b99 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/provider/ComponentsProviderImpl.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/provider/ComponentsProviderImpl.java
@@ -4,6 +4,8 @@ package com.yahoo.vespa.hosted.node.admin.provider;
 import com.google.inject.Inject;
 import com.yahoo.net.HostName;
 import static com.yahoo.vespa.defaults.Defaults.getDefaults;
+
+import com.yahoo.system.ProcessExecuter;
 import com.yahoo.vespa.hosted.dockerapi.ContainerName;
 import com.yahoo.vespa.hosted.dockerapi.Docker;
 import com.yahoo.vespa.hosted.dockerapi.metrics.MetricReceiverWrapper;
@@ -60,7 +62,7 @@ public class ComponentsProviderImpl implements ComponentsProvider {
         ConfigServerHttpRequestExecutor requestExecutor = ConfigServerHttpRequestExecutor.create(configServerHosts);
         Orchestrator orchestrator = new OrchestratorImpl(requestExecutor);
         NodeRepository nodeRepository = new NodeRepositoryImpl(requestExecutor, WEB_SERVICE_PORT, baseHostName);
-        DockerOperations dockerOperations = new DockerOperationsImpl(docker, environment);
+        DockerOperations dockerOperations = new DockerOperationsImpl(docker, environment, new ProcessExecuter());
 
         Optional<StorageMaintainer> storageMaintainer = environment.isRunningLocally() ?
                 Optional.empty() : Optional.of(new StorageMaintainer(docker, metricReceiver, environment, clock));