diff options
| -rw-r--r-- | cmd/podman/common/netflags.go | 34 | ||||
| -rw-r--r-- | cmd/podman/pods/create.go | 28 | ||||
| -rw-r--r-- | docs/source/Tutorials.rst | 2 | ||||
| -rw-r--r-- | docs/source/markdown/podman-create.1.md | 2 | ||||
| -rw-r--r-- | docs/source/markdown/podman-run.1.md | 2 | ||||
| -rw-r--r-- | pkg/specgen/generate/container.go | 14 | ||||
| -rw-r--r-- | pkg/specgen/namespaces.go | 22 | ||||
| -rw-r--r-- | pkg/specgen/volumes.go | 1 | ||||
| -rw-r--r-- | test/apiv2/25-containersMore.at | 27 | ||||
| -rw-r--r-- | test/e2e/pod_create_test.go | 20 | ||||
| -rw-r--r-- | test/e2e/run_networking_test.go | 29 | ||||
| -rw-r--r-- | test/system/030-run.bats | 5 |
12 files changed, 108 insertions, 78 deletions
diff --git a/cmd/podman/common/netflags.go b/cmd/podman/common/netflags.go index 898d65bd0..cae52ccaa 100644 --- a/cmd/podman/common/netflags.go +++ b/cmd/podman/common/netflags.go @@ -59,8 +59,8 @@ func DefineNetFlags(cmd *cobra.Command) { _ = cmd.RegisterFlagCompletionFunc(macAddressFlagName, completion.AutocompleteNone) networkFlagName := "network" - netFlags.StringArray( - networkFlagName, []string{containerConfig.NetNS()}, + netFlags.String( + networkFlagName, containerConfig.NetNS(), "Connect a container to a network", ) _ = cmd.RegisterFlagCompletionFunc(networkFlagName, AutocompleteNetworks) @@ -194,29 +194,25 @@ func NetFlagsToNetOptions(cmd *cobra.Command) (*entities.NetOptions, error) { } if cmd.Flags().Changed("network") { - networks, err := cmd.Flags().GetStringArray("network") + network, err := cmd.Flags().GetString("network") if err != nil { return nil, err } - for i, network := range networks { - parts := strings.SplitN(network, ":", 2) - ns, cniNets, err := specgen.ParseNetworkNamespace(network) - if err != nil { - return nil, err - } - if i > 0 && (len(cniNets) == 0 || len(opts.CNINetworks) == 0) { - return nil, errors.Errorf("network conflict between type %s and %s", opts.Network.NSMode, ns.NSMode) - } + parts := strings.SplitN(network, ":", 2) - if len(parts) > 1 { - opts.NetworkOptions = make(map[string][]string) - opts.NetworkOptions[parts[0]] = strings.Split(parts[1], ",") - cniNets = nil - } - opts.Network = ns - opts.CNINetworks = append(opts.CNINetworks, cniNets...) + ns, cniNets, err := specgen.ParseNetworkNamespace(network) + if err != nil { + return nil, err + } + + if len(parts) > 1 { + opts.NetworkOptions = make(map[string][]string) + opts.NetworkOptions[parts[0]] = strings.Split(parts[1], ",") + cniNets = nil } + opts.Network = ns + opts.CNINetworks = cniNets } aliases, err := cmd.Flags().GetStringSlice("network-alias") diff --git a/cmd/podman/pods/create.go b/cmd/podman/pods/create.go index 5b0aa2fe4..d997ea344 100644 --- a/cmd/podman/pods/create.go +++ b/cmd/podman/pods/create.go @@ -171,7 +171,33 @@ func create(cmd *cobra.Command, args []string) error { if err != nil { return err } - + createOptions.Net.Network = specgen.Namespace{} + if cmd.Flag("network").Changed { + netInput, err := cmd.Flags().GetString("network") + if err != nil { + return err + } + parts := strings.SplitN(netInput, ":", 2) + + n := specgen.Namespace{} + switch { + case netInput == "bridge": + n.NSMode = specgen.Bridge + case netInput == "host": + n.NSMode = specgen.Host + case netInput == "slirp4netns", strings.HasPrefix(netInput, "slirp4netns:"): + n.NSMode = specgen.Slirp + if len(parts) > 1 { + createOptions.Net.NetworkOptions = make(map[string][]string) + createOptions.Net.NetworkOptions[parts[0]] = strings.Split(parts[1], ",") + } + default: + // Container and NS mode are presently unsupported + n.NSMode = specgen.Bridge + createOptions.Net.CNINetworks = strings.Split(netInput, ",") + } + createOptions.Net.Network = n + } if len(createOptions.Net.PublishPorts) > 0 { if !createOptions.Infra { return errors.Errorf("you must have an infra container to publish port bindings to the host") diff --git a/docs/source/Tutorials.rst b/docs/source/Tutorials.rst index 83818e3ae..e3e869d5b 100644 --- a/docs/source/Tutorials.rst +++ b/docs/source/Tutorials.rst @@ -2,7 +2,7 @@ Tutorials ========= -Here are a number of useful tutorials to get you up and running with Podman. If you are familiar with the Docker `Container Engine`_ the command in Podman_ should be quite familiar. If are brand new to containers, take a look at our `Introduction`. +Here are a number of useful tutorials to get you up and running with Podman. If you are familiar with the Docker `Container Engine`_ the command in Podman_ should be quite familiar. If you are brand new to containers, take a look at our `Introduction`. * `Basic Setup and Use of Podman <https://github.com/containers/podman/blob/master/docs/tutorials/podman_tutorial.md>`_: Learn how to setup Podman and perform some basic commands with the utility. * `Basic Setup and Use of Podman in a Rootless environment <https://github.com/containers/podman/blob/master/docs/tutorials/rootless_tutorial.md>`_: The steps required to setup rootless Podman are enumerated. diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 40200235c..96f4505ff 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -630,7 +630,7 @@ Valid _mode_ values are: - **none**: no networking; - **container:**_id_: reuse another container's network stack; - **host**: use the Podman host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure; -- **cni-network**: connect to a user-defined network, multiple networks should be comma-separated or they can be specified with multiple uses of the **--network** option; +- _network-id_: connect to a user-defined network, multiple networks should be comma separated; - **ns:**_path_: path to a network namespace to join; - **private**: create a new namespace for the container (default) - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options: diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 08c0e444e..9ab5deef7 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -656,7 +656,7 @@ Valid _mode_ values are: - **none**: no networking; - **container:**_id_: reuse another container's network stack; - **host**: use the Podman host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure; -- **cni-network**: connect to a user-defined network, multiple networks should be comma-separated or they can be specified with multiple uses of the **--network** option; +- _network-id_: connect to a user-defined network, multiple networks should be comma separated; - **ns:**_path_: path to a network namespace to join; - **private**: create a new namespace for the container (default) - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options: diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index 2ee8f2441..c7e62d185 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -257,7 +257,19 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat } } - return verifyContainerResources(s) + warnings, err := verifyContainerResources(s) + if err != nil { + return warnings, err + } + + // Warn on net=host/container/pod/none and port mappings. + if (s.NetNS.NSMode == specgen.Host || s.NetNS.NSMode == specgen.FromContainer || + s.NetNS.NSMode == specgen.FromPod || s.NetNS.NSMode == specgen.NoNetwork) && + len(s.PortMappings) > 0 { + warnings = append(warnings, "Port mappings have been discarded as one of the Host, Container, Pod, and None network modes are in use") + } + + return warnings, nil } // finishThrottleDevices takes the temporary representation of the throttle diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go index 11108a5c1..d15745fa0 100644 --- a/pkg/specgen/namespaces.go +++ b/pkg/specgen/namespaces.go @@ -27,19 +27,25 @@ const ( // Private indicates the namespace is private Private NamespaceMode = "private" // NoNetwork indicates no network namespace should - // be joined. loopback should still exists + // be joined. loopback should still exists. + // Only used with the network namespace, invalid otherwise. NoNetwork NamespaceMode = "none" // Bridge indicates that a CNI network stack - // should be used + // should be used. + // Only used with the network namespace, invalid otherwise. Bridge NamespaceMode = "bridge" // Slirp indicates that a slirp4netns network stack should - // be used + // be used. + // Only used with the network namespace, invalid otherwise. Slirp NamespaceMode = "slirp4netns" // KeepId indicates a user namespace to keep the owner uid inside - // of the namespace itself + // of the namespace itself. + // Only used with the user namespace, invalid otherwise. KeepID NamespaceMode = "keep-id" - // KeepId indicates to automatically create a user namespace + // Auto indicates to automatically create a user namespace. + // Only used with the user namespace, invalid otherwise. Auto NamespaceMode = "auto" + // DefaultKernelNamespaces is a comma-separated list of default kernel // namespaces. DefaultKernelNamespaces = "cgroup,ipc,net,uts" @@ -272,10 +278,16 @@ func ParseNetworkNamespace(ns string) (Namespace, []string, error) { toReturn.NSMode = Private case strings.HasPrefix(ns, "ns:"): split := strings.SplitN(ns, ":", 2) + if len(split) != 2 { + return toReturn, nil, errors.Errorf("must provide a path to a namespace when specifying ns:") + } toReturn.NSMode = Path toReturn.Value = split[1] case strings.HasPrefix(ns, "container:"): split := strings.SplitN(ns, ":", 2) + if len(split) != 2 { + return toReturn, nil, errors.Errorf("must provide name or ID or a container when specifying container:") + } toReturn.NSMode = FromContainer toReturn.Value = split[1] default: diff --git a/pkg/specgen/volumes.go b/pkg/specgen/volumes.go index 41efee3b3..a4f42d715 100644 --- a/pkg/specgen/volumes.go +++ b/pkg/specgen/volumes.go @@ -84,6 +84,7 @@ func GenVolumeMounts(volumeFlag []string) (map[string]spec.Mount, map[string]*Na return nil, nil, nil, err } } + // Do not check source dir for anonymous volumes if len(splitVol) > 1 { if len(src) == 0 { diff --git a/test/apiv2/25-containersMore.at b/test/apiv2/25-containersMore.at index e0e6f7222..4f6b80a5f 100644 --- a/test/apiv2/25-containersMore.at +++ b/test/apiv2/25-containersMore.at @@ -52,4 +52,31 @@ t POST libpod/containers/foo/unmount '' 204 t DELETE libpod/containers/foo?force=true 204 +podman run $IMAGE true + +t GET libpod/containers/json?last=1 200 \ + length=1 \ + .[0].Id~[0-9a-f]\\{64\\} \ + .[0].Image=$IMAGE \ + .[0].Command[0]="true" \ + .[0].State~\\\(exited\\\|stopped\\\) \ + .[0].ExitCode=0 \ + .[0].IsInfra=false + +cid=$(jq -r '.[0].Id' <<<"$output") + +t GET libpod/generate/$cid/kube 200 +like "$output" ".*apiVersion:.*" "Check generated kube yaml - apiVersion" +like "$output" ".*kind:\\sPod.*" "Check generated kube yaml - kind: Pod" +like "$output" ".*metadata:.*" "Check generated kube yaml - metadata" +like "$output" ".*spec:.*" "Check generated kube yaml - spec" + +t GET libpod/generate/$cid/kube?service=true 200 +like "$output" ".*apiVersion:.*" "Check generated kube yaml(service=true) - apiVersion" +like "$output" ".*kind:\\sPod.*" "Check generated kube yaml(service=true) - kind: Pod" +like "$output" ".*metadata:.*" "Check generated kube yaml(service=true) - metadata" +like "$output" ".*spec:.*" "Check generated kube yaml(service=true) - spec" +like "$output" ".*kind:\\sService.*" "Check generated kube yaml(service=true) - kind: Service" + +t DELETE libpod/containers/$cid 204 # vim: filetype=sh diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index ccfbcefae..be0a2f6f0 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -9,7 +9,6 @@ import ( "github.com/containers/podman/v2/pkg/rootless" . "github.com/containers/podman/v2/test/utils" - "github.com/containers/storage/pkg/stringid" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" ) @@ -477,23 +476,4 @@ entrypoint ["/fromimage"] Expect(status3.ExitCode()).To(Equal(0)) Expect(strings.Contains(status3.OutputToString(), "Degraded")).To(BeTrue()) }) - - It("podman create pod invalid network config", func() { - net1 := "n1" + stringid.GenerateNonCryptoID() - session := podmanTest.Podman([]string{"network", "create", net1}) - session.WaitWithDefaultTimeout() - defer podmanTest.removeCNINetwork(net1) - Expect(session.ExitCode()).To(BeZero()) - - session = podmanTest.Podman([]string{"pod", "create", "--network", "host", "--network", net1}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(125)) - Expect(session.ErrorToString()).To(ContainSubstring("host")) - Expect(session.ErrorToString()).To(ContainSubstring("bridge")) - - session = podmanTest.Podman([]string{"pod", "create", "--network", "container:abc"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(125)) - Expect(session.ErrorToString()).To(ContainSubstring("pods presently do not support network mode container")) - }) }) diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 1d416498c..3e80e953e 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -665,33 +665,4 @@ var _ = Describe("Podman run networking", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(BeZero()) }) - - It("podman run with multiple networks", func() { - net1 := "n1" + stringid.GenerateNonCryptoID() - session := podmanTest.Podman([]string{"network", "create", net1}) - session.WaitWithDefaultTimeout() - defer podmanTest.removeCNINetwork(net1) - Expect(session.ExitCode()).To(BeZero()) - - net2 := "n2" + stringid.GenerateNonCryptoID() - session = podmanTest.Podman([]string{"network", "create", net2}) - session.WaitWithDefaultTimeout() - defer podmanTest.removeCNINetwork(net2) - Expect(session.ExitCode()).To(BeZero()) - - run := podmanTest.Podman([]string{"run", "--network", net1, "--network", net2, ALPINE, "ip", "-o", "-4", "addr"}) - run.WaitWithDefaultTimeout() - Expect(run.ExitCode()).To(BeZero()) - Expect(len(run.OutputToStringArray())).To(Equal(3)) - Expect(run.OutputToString()).To(ContainSubstring("lo")) - Expect(run.OutputToString()).To(ContainSubstring("eth0")) - Expect(run.OutputToString()).To(ContainSubstring("eth1")) - - //invalid config network host and cni should fail - run = podmanTest.Podman([]string{"run", "--network", "host", "--network", net2, ALPINE, "ip", "-o", "-4", "addr"}) - run.WaitWithDefaultTimeout() - Expect(run.ExitCode()).To(Equal(125)) - Expect(run.ErrorToString()).To(ContainSubstring("host")) - Expect(run.ErrorToString()).To(ContainSubstring("bridge")) - }) }) diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 12df966e2..71831da10 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -532,4 +532,9 @@ json-file | f run_podman untag $IMAGE $newtag $newtag2 } +@test "podman run with --net=host and --port prints warning" { + run_podman run -d --rm -p 8080 --net=host $IMAGE ls > /dev/null + is "$output" ".*Port mappings have been discarded as one of the Host, Container, Pod, and None network modes are in use" +} + # vim: filetype=sh |