Skip to content

Commit

Permalink
Merge pull request #23791 from Luap99/pasta-map-guest-addr
Browse files Browse the repository at this point in the history
libpod: make use of new pasta option from c/common
  • Loading branch information
openshift-merge-bot[bot] authored Sep 6, 2024
2 parents 2be86b7 + a1e6603 commit f22f4cf
Show file tree
Hide file tree
Showing 26 changed files with 254 additions and 119 deletions.
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ require (
github.com/checkpoint-restore/go-criu/v7 v7.1.1-0.20240728160228-a9064d7e053c
github.com/containernetworking/plugins v1.5.1
github.com/containers/buildah v1.37.0
github.com/containers/common v0.60.1-0.20240829105055-8483ef6022b4
github.com/containers/common v0.60.1-0.20240906123248-5298b838dcbd
github.com/containers/conmon v2.0.20+incompatible
github.com/containers/gvisor-tap-vsock v0.7.5
github.com/containers/image/v5 v5.32.1-0.20240806084436-e3e9287ca8e6
Expand Down Expand Up @@ -72,7 +72,7 @@ require (
go.etcd.io/bbolt v1.3.11
golang.org/x/crypto v0.27.0
golang.org/x/exp v0.0.0-20240823005443-9b4947da3948
golang.org/x/net v0.29.0
golang.org/x/net v0.28.0
golang.org/x/sync v0.8.0
golang.org/x/sys v0.25.0
golang.org/x/term v0.24.0
Expand Down
8 changes: 4 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -81,8 +81,8 @@ github.com/containernetworking/plugins v1.5.1 h1:T5ji+LPYjjgW0QM+KyrigZbLsZ8jaX+
github.com/containernetworking/plugins v1.5.1/go.mod h1:MIQfgMayGuHYs0XdNudf31cLLAC+i242hNm6KuDGqCM=
github.com/containers/buildah v1.37.0 h1:jvHwu1vIwIqnHyOSg9eef9Apdpry+5oWLrm43gdf8Rk=
github.com/containers/buildah v1.37.0/go.mod h1:MKd79tkluMf6vtH06SedhBQK5OB7E0pFVIuiTTw3dJk=
github.com/containers/common v0.60.1-0.20240829105055-8483ef6022b4 h1:Ybhbv5Dt0sditi2blwWX0nlmSGCfXejCQ+GvIoU1lCw=
github.com/containers/common v0.60.1-0.20240829105055-8483ef6022b4/go.mod h1:q4SarwqmM2pfrAauTrFQMtDTnGoPsNzcG5p5UxeHQgg=
github.com/containers/common v0.60.1-0.20240906123248-5298b838dcbd h1:eUzsKokkxMAxqBwCD1agfKf6lIZEQ/ayPru7Tb/oW9Y=
github.com/containers/common v0.60.1-0.20240906123248-5298b838dcbd/go.mod h1:f/n9w0F2lW52S3ppXjQlSVazsyNdilFZ80AyrFl4zn4=
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/gvisor-tap-vsock v0.7.5 h1:bTy4u3DOmmUPwurL6me2rsgfypAFDhyeJleUcQmBR/E=
Expand Down Expand Up @@ -605,8 +605,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo=
golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0=
golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
Expand Down
40 changes: 29 additions & 11 deletions libpod/container_internal_common.go
Original file line number Diff line number Diff line change
Expand Up @@ -2139,11 +2139,13 @@ func (c *Container) addResolvConf() error {
if len(networkNameServers) == 0 || networkBackend != string(types.Netavark) {
keepHostServers = true
}
// first add the nameservers from the networks status
nameservers = networkNameServers

// pasta and slirp4netns have a built in DNS forwarder.
nameservers = c.addSpecialDNS(nameservers)
if len(networkNameServers) > 0 {
// add the nameservers from the networks status
nameservers = networkNameServers
} else {
// pasta and slirp4netns have a built in DNS forwarder.
nameservers = c.addSpecialDNS(nameservers)
}
}

// Set DNS search domains
Expand Down Expand Up @@ -2306,8 +2308,13 @@ func (c *Container) addHosts() error {
}

var exclude []net.IP
var preferIP string
if c.pastaResult != nil {
exclude = c.pastaResult.IPAddresses
if len(c.pastaResult.MapGuestAddrIPs) > 0 {
// we used --map-guest-addr to setup pasta so prefer this address
preferIP = c.pastaResult.MapGuestAddrIPs[0]
}
} else if c.config.NetMode.IsBridge() {
// When running rootless we have to check the rootless netns ip addresses
// to not assign a ip that is already used in the rootless netns as it would
Expand All @@ -2316,16 +2323,27 @@ func (c *Container) addHosts() error {
info, err := c.runtime.network.RootlessNetnsInfo()
if err == nil {
exclude = info.IPAddresses
if len(info.MapGuestIps) > 0 {
// we used --map-guest-addr to setup pasta so prefer this address
preferIP = info.MapGuestIps[0]
}
}
}

hostContainersInternalIP := etchosts.GetHostContainersInternalIP(etchosts.HostContainersInternalOptions{
Conf: c.runtime.config,
NetStatus: c.state.NetworkStatus,
NetworkInterface: c.runtime.network,
Exclude: exclude,
PreferIP: preferIP,
})

return etchosts.New(&etchosts.Params{
BaseFile: baseHostFile,
ExtraHosts: c.config.HostAdd,
ContainerIPs: containerIPsEntries,
HostContainersInternalIP: etchosts.GetHostContainersInternalIPExcluding(
c.runtime.config, c.state.NetworkStatus, c.runtime.network, exclude),
TargetFile: targetFile,
BaseFile: baseHostFile,
ExtraHosts: c.config.HostAdd,
ContainerIPs: containerIPsEntries,
HostContainersInternalIP: hostContainersInternalIP,
TargetFile: targetFile,
})
}

Expand Down
14 changes: 9 additions & 5 deletions libpod/container_internal_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -617,12 +617,16 @@ func (c *Container) setCgroupsPath(g *generate.Generator) error {

// addSpecialDNS adds special dns servers for slirp4netns and pasta
func (c *Container) addSpecialDNS(nameservers []string) []string {
if c.pastaResult != nil {
switch {
case c.config.NetMode.IsBridge():
info, err := c.runtime.network.RootlessNetnsInfo()
if err == nil {
nameservers = append(nameservers, info.DnsForwardIps...)
}
case c.pastaResult != nil:
nameservers = append(nameservers, c.pastaResult.DNSForwardIPs...)
}

// slirp4netns has a built in DNS forwarder.
if c.config.NetMode.IsSlirp4netns() {
case c.config.NetMode.IsSlirp4netns():
// slirp4netns has a built in DNS forwarder.
slirp4netnsDNS, err := slirp4netns.GetDNS(c.slirp4netnsSubnet)
if err != nil {
logrus.Warn("Failed to determine Slirp4netns DNS: ", err.Error())
Expand Down
10 changes: 6 additions & 4 deletions test/system/505-networking-pasta.bats
Original file line number Diff line number Diff line change
Expand Up @@ -455,7 +455,7 @@ function pasta_test_do() {

# pasta is the default now so no need to set it
run_podman run --rm $IMAGE grep nameserver /etc/resolv.conf
assert "${lines[0]}" == "nameserver 169.254.0.1" "default dns forward server"
assert "${lines[0]}" == "nameserver 169.254.1.1" "default dns forward server"

run_podman run --rm --net=pasta:--dns-forward,198.51.100.1 \
$IMAGE nslookup 127.0.0.1 || :
Expand Down Expand Up @@ -835,7 +835,9 @@ EOF
run_podman '?' run --rm --network=$network $IMAGE grep host.containers.internal /etc/hosts
if [ "$status" -eq 0 ]; then
assert "$output" !~ "$pasta_ip" "pasta host ip must not be assigned ($network)"
assert "$host_ips" =~ "$(cut -f1 <<<$output)" "ip is one of the host ips ($network)"
# even more special we use a new --map-guest-addr pasta option and
# to map 169.254.1.2 to the host, https://github.com/containers/common/pull/2136
assert "$host_ips 169.254.1.2" =~ "$(cut -f1 <<<$output)" "ip is one of the host ips ($network)"
elif [ "$status" -eq 1 ]; then
# if only pasta ip then we cannot have a host.containers.internal entry
# make sure this fact is actually the case
Expand All @@ -848,6 +850,6 @@ EOF
run_podman network rm $netname

first_host_ip=$(head -n 1 <<<"$host_ips")
run_podman run --rm --network=pasta:-a,169.254.0.2,-g,169.254.0.1,-n,24 $IMAGE grep host.containers.internal /etc/hosts
assert "$output" =~ "^$first_host_ip" "uses host first ip"
run_podman run --rm --network=pasta:-a,192.168.0.2,-g,192.168.0.1,-n,24 $IMAGE grep host.containers.internal /etc/hosts
assert "$output" =~ "^($first_host_ip|169.254.1.2)" "uses first host ip or special 169.254.1.2 --map-guest-addr"
}
2 changes: 1 addition & 1 deletion vendor/github.com/containers/common/libimage/filters.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions vendor/github.com/containers/common/libimage/search.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 0 additions & 2 deletions vendor/github.com/containers/common/libnetwork/cni/run.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 6 additions & 4 deletions vendor/github.com/containers/common/libnetwork/etchosts/hosts.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

56 changes: 42 additions & 14 deletions vendor/github.com/containers/common/libnetwork/etchosts/ip.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

1 comment on commit f22f4cf

@packit-as-a-service
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

podman-next COPR build failed. @containers/packit-build please check.

Please sign in to comment.