From dff4c6b328d165bf8c18b57965b90467669c6aa5 Mon Sep 17 00:00:00 2001
From: Mathieu Rohon <mathieu.rohon@gmail.com>
Date: Fri, 4 Aug 2017 17:56:18 +0200
Subject: [PATCH] Skydive: allow access to netns for skydive agents

This access is now mandatory for skydive.
It allows to add netns info to the topology, and to
attach interfaces to their netns if needed.

Closes-Bug: #1710627
Change-Id: I41cc1fd0fdeae0757a2c4e3e310ec6375da0b8cf
---
 ansible/roles/skydive/defaults/main.yml               | 2 ++
 ansible/roles/skydive/handlers/main.yml               | 1 +
 ansible/roles/skydive/tasks/config.yml                | 1 +
 ansible/roles/skydive/templates/skydive-agent.conf.j2 | 3 +++
 4 files changed, 7 insertions(+)

diff --git a/ansible/roles/skydive/defaults/main.yml b/ansible/roles/skydive/defaults/main.yml
index 3d9b96d254..82a74fc5e2 100644
--- a/ansible/roles/skydive/defaults/main.yml
+++ b/ansible/roles/skydive/defaults/main.yml
@@ -16,10 +16,12 @@ skydive_services:
     group: skydive-agent
     enabled: true
     image: "{{ skydive_agent_image_full }}"
+    privileged: True
     volumes:
       - "{{ node_config_directory }}/skydive-agent/:{{ container_config_directory }}/:ro"
       - "/etc/localtime:/etc/localtime:ro"
       - "/var/run/openvswitch/db.sock:/var/run/openvswitch/db.sock:ro"
+      - "/var/run/netns:/host/run:shared"
       - "kolla_logs:/var/log/kolla/"
 
 ####################
diff --git a/ansible/roles/skydive/handlers/main.yml b/ansible/roles/skydive/handlers/main.yml
index af6386e231..353f9e87d0 100644
--- a/ansible/roles/skydive/handlers/main.yml
+++ b/ansible/roles/skydive/handlers/main.yml
@@ -32,6 +32,7 @@
     common_options: "{{ docker_common_options }}"
     name: "{{ service.container_name }}"
     image: "{{ service.image }}"
+    privileged: "{{ service.privileged }}"
     volumes: "{{ service.volumes }}"
   when:
     - action != "config"
diff --git a/ansible/roles/skydive/tasks/config.yml b/ansible/roles/skydive/tasks/config.yml
index 0ebcce2ba4..e22ad196ee 100644
--- a/ansible/roles/skydive/tasks/config.yml
+++ b/ansible/roles/skydive/tasks/config.yml
@@ -41,6 +41,7 @@
     common_options: "{{ docker_common_options }}"
     name: "{{ item.value.container_name }}"
     image: "{{ item.value.image }}"
+    privileged: "{{ item.value.privileged | default(False) }}"
     volumes: "{{ item.value.volumes }}"
   register: check_skydive_containers
   when:
diff --git a/ansible/roles/skydive/templates/skydive-agent.conf.j2 b/ansible/roles/skydive/templates/skydive-agent.conf.j2
index 8985b11b68..1f6ec118a5 100644
--- a/ansible/roles/skydive/templates/skydive-agent.conf.j2
+++ b/ansible/roles/skydive/templates/skydive-agent.conf.j2
@@ -52,3 +52,6 @@ agent:
       - ovsdb
 {% endif %}
 
+netns:
+  run_path: /host/run
+