diff options
-rw-r--r-- | Makefile | 8 | ||||
-rw-r--r-- | cmd/podman/root.go | 1 | ||||
-rw-r--r-- | cmd/podman/system/connection/add.go | 13 | ||||
-rw-r--r-- | contrib/msi/podman.wxs | 5 | ||||
-rw-r--r-- | contrib/spec/podman.spec.in | 1 | ||||
-rw-r--r-- | docs/source/markdown/podman-create.1.md | 1 | ||||
-rw-r--r-- | docs/source/markdown/podman-run.1.md | 12 | ||||
-rw-r--r-- | libpod/container_internal_linux.go | 2 | ||||
-rw-r--r-- | libpod/events/config.go | 2 | ||||
-rw-r--r-- | libpod/events/events.go | 2 | ||||
-rw-r--r-- | libpod/networking_linux.go | 16 | ||||
-rw-r--r-- | libpod/runtime_img.go | 13 | ||||
-rw-r--r-- | pkg/bindings/connection.go | 10 | ||||
-rw-r--r-- | pkg/network/network.go | 9 | ||||
-rw-r--r-- | test/apiv2/35-networks.at | 28 | ||||
-rw-r--r-- | test/e2e/run_networking_test.go | 16 |
16 files changed, 124 insertions, 15 deletions
@@ -305,7 +305,7 @@ testunit: libpodimage ## Run unittest on the built image localunit: test/goecho/goecho varlink_generate hack/check_root.sh make localunit rm -rf ${COVERAGE_PATH} && mkdir -p ${COVERAGE_PATH} - ginkgo \ + $(GOBIN)/ginkgo \ -r \ $(TESTFLAGS) \ --skipPackage test/e2e,pkg/apparmor,test/endpoint,pkg/bindings,hack \ @@ -321,16 +321,16 @@ localunit: test/goecho/goecho varlink_generate .PHONY: ginkgo ginkgo: - ginkgo -v $(TESTFLAGS) -tags "$(BUILDTAGS)" $(GINKGOTIMEOUT) -cover -flakeAttempts 3 -progress -trace -noColor -nodes 3 -debug test/e2e/. hack/. + $(GOBIN)/ginkgo -v $(TESTFLAGS) -tags "$(BUILDTAGS)" $(GINKGOTIMEOUT) -cover -flakeAttempts 3 -progress -trace -noColor -nodes 3 -debug test/e2e/. hack/. .PHONY: ginkgo-remote ginkgo-remote: - ginkgo -v $(TESTFLAGS) -tags "$(REMOTETAGS)" $(GINKGOTIMEOUT) -cover -flakeAttempts 3 -progress -trace -noColor test/e2e/. + $(GOBIN)/ginkgo -v $(TESTFLAGS) -tags "$(REMOTETAGS)" $(GINKGOTIMEOUT) -cover -flakeAttempts 3 -progress -trace -noColor test/e2e/. .PHONY: endpoint ifneq (,$(findstring varlink,$(BUILDTAGS))) endpoint: - ginkgo -v $(TESTFLAGS) -tags "$(BUILDTAGS)" $(GINKGOTIMEOUT) -cover -flakeAttempts 3 -progress -trace -noColor -debug test/endpoint/. + $(GOBIN)/ginkgo -v $(TESTFLAGS) -tags "$(BUILDTAGS)" $(GINKGOTIMEOUT) -cover -flakeAttempts 3 -progress -trace -noColor -debug test/endpoint/. endpoint: endif diff --git a/cmd/podman/root.go b/cmd/podman/root.go index 2aa7267c2..dd9c75ece 100644 --- a/cmd/podman/root.go +++ b/cmd/podman/root.go @@ -290,6 +290,7 @@ func resolveDestination() (string, string) { cfg, err := config.ReadCustomConfig() if err != nil { + logrus.Warning(errors.Wrap(err, "unable to read local containers.conf")) return registry.DefaultAPIAddress(), "" } diff --git a/cmd/podman/system/connection/add.go b/cmd/podman/system/connection/add.go index 89cea10ca..af13b970c 100644 --- a/cmd/podman/system/connection/add.go +++ b/cmd/podman/system/connection/add.go @@ -124,6 +124,7 @@ func add(cmd *cobra.Command, args []string) error { cfg.Engine.ServiceDestinations = map[string]config.Destination{ args[0]: dst, } + cfg.Engine.ActiveService = args[0] } else { cfg.Engine.ServiceDestinations[args[0]] = dst } @@ -181,12 +182,20 @@ func getUDS(cmd *cobra.Command, uri *url.URL) (string, error) { authMethods = append(authMethods, ssh.PublicKeysCallback(a.Signers)) } - config := &ssh.ClientConfig{ + if len(authMethods) == 0 { + pass, err := terminal.ReadPassword(fmt.Sprintf("%s's login password:", uri.User.Username())) + if err != nil { + return "", err + } + authMethods = append(authMethods, ssh.Password(string(pass))) + } + + cfg := &ssh.ClientConfig{ User: uri.User.Username(), Auth: authMethods, HostKeyCallback: ssh.InsecureIgnoreHostKey(), } - dial, err := ssh.Dial("tcp", uri.Host, config) + dial, err := ssh.Dial("tcp", uri.Host, cfg) if err != nil { return "", errors.Wrapf(err, "failed to connect to %q", uri.Host) } diff --git a/contrib/msi/podman.wxs b/contrib/msi/podman.wxs index c2c2cea4f..ff8160a53 100644 --- a/contrib/msi/podman.wxs +++ b/contrib/msi/podman.wxs @@ -24,8 +24,7 @@ <CreateFolder/> </Component> <Component Id="MainExecutable" Guid="73752F94-6589-4C7B-ABED-39D655A19714"> - <File Id="520C6E17-77A2-4F41-9611-30FA763A0702" Name="podman-remote-windows.exe" Source="bin/podman-remote-windows.exe"/> - <File Id="A14218A0-4180-44AC-B109-7C63B3099DCA" Name="podman.bat" Source="podman.bat" KeyPath="yes"/> + <File Id="520C6E17-77A2-4F41-9611-30FA763A0702" Name="podman.exe" Source="bin/podman-remote-windows.exe" KeyPath="yes"/> </Component> </Directory> </Directory> @@ -33,7 +32,7 @@ </Directory> <Property Id="setx" Value="setx.exe"/> - <CustomAction Id="ChangePath" ExeCommand="PATH "%PATH%;[INSTALLDIR] "" Property="setx" Execute="deferred" Impersonate="yes" Return="check"/> + <CustomAction Id="ChangePath" ExeCommand="PATH "%PATH%;[INSTALLDIR]"" Property="setx" Execute="deferred" Impersonate="yes" Return="check"/> <Feature Id="Complete" Level="1"> <ComponentRef Id="INSTALLDIR_Component"/> diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index 2411eaabc..363aa60d7 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -91,6 +91,7 @@ Recommends: container-selinux Recommends: slirp4netns Recommends: fuse-overlayfs %endif +Recommends: xz # vendored libraries # awk '{print "Provides: bundled(golang("$1")) = "$2}' vendor.conf | sort diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index f65c52e29..9df76e48e 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -563,6 +563,7 @@ Valid values are: - `private`: create a new namespace for the container (default) - `slirp4netns[:OPTIONS,...]`: use slirp4netns to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options: - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false. + - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`). - **enable_ipv6=true|false**: Enable IPv6. Default is false. (Required for `outbound_addr6`). - **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only). - **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to. diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 976cdd88b..799cd1408 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -570,9 +570,15 @@ Valid _mode_ values are: - **ns:**_path_: path to a network namespace to join; - `private`: create a new namespace for the container (default) - **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options: - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default. - **port_handler=slirp4netns**: Use the slirp4netns port forwarding. - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default to false. + - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false. + - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`). + - **enable_ipv6=true|false**: Enable IPv6. Default is false. (Required for `outbound_addr6`). + - **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only). + - **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to. + - **outbound_addr6=INTERFACE**: Specify the outbound interface slirp should bind to (ipv6 traffic only). + - **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp should bind to. + - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default. + - **port_handler=slirp4netns**: Use the slirp4netns port forwarding. **--network-alias**=*alias* diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index e2bc4e50f..fdee3877c 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -626,7 +626,7 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro Destination: "/sys/fs/cgroup/systemd", Type: "bind", Source: "/sys/fs/cgroup/systemd", - Options: []string{"bind", "nodev", "noexec", "nosuid", "rslave"}, + Options: []string{"bind", "nodev", "noexec", "nosuid", "rprivate"}, } g.AddMount(systemdMnt) g.AddLinuxMaskedPaths("/sys/fs/cgroup/systemd/release_agent") diff --git a/libpod/events/config.go b/libpod/events/config.go index c34408e63..bb35c03c0 100644 --- a/libpod/events/config.go +++ b/libpod/events/config.go @@ -101,6 +101,8 @@ const ( Attach Status = "attach" // AutoUpdate ... AutoUpdate Status = "auto-update" + // Build ... + Build Status = "build" // Checkpoint ... Checkpoint Status = "checkpoint" // Cleanup ... diff --git a/libpod/events/events.go b/libpod/events/events.go index 0253b1ee5..722c9595e 100644 --- a/libpod/events/events.go +++ b/libpod/events/events.go @@ -127,6 +127,8 @@ func StringToStatus(name string) (Status, error) { switch name { case Attach.String(): return Attach, nil + case Build.String(): + return Build, nil case Checkpoint.String(): return Checkpoint, nil case Cleanup.String(): diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index ed8f82c46..6f266e5d6 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -171,6 +171,7 @@ type slirpFeatures struct { HasMTU bool HasEnableSandbox bool HasEnableSeccomp bool + HasCIDR bool HasOutboundAddr bool HasIPv6 bool } @@ -199,6 +200,7 @@ func checkSlirpFlags(path string) (*slirpFeatures, error) { HasMTU: strings.Contains(string(out), "--mtu"), HasEnableSandbox: strings.Contains(string(out), "--enable-sandbox"), HasEnableSeccomp: strings.Contains(string(out), "--enable-seccomp"), + HasCIDR: strings.Contains(string(out), "--cidr"), HasOutboundAddr: strings.Contains(string(out), "--outbound-addr"), HasIPv6: strings.Contains(string(out), "--enable-ipv6"), }, nil @@ -227,6 +229,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error { havePortMapping := len(ctr.Config().PortMappings) > 0 logPath := filepath.Join(ctr.runtime.config.Engine.TmpDir, fmt.Sprintf("slirp4netns-%s.log", ctr.config.ID)) + cidr := "" isSlirpHostForward := false disableHostLoopback := true enableIPv6 := false @@ -240,6 +243,12 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error { option, value := parts[0], parts[1] switch option { + case "cidr": + ipv4, _, err := net.ParseCIDR(value) + if err != nil || ipv4.To4() == nil { + return errors.Errorf("invalid cidr %q", value) + } + cidr = value case "port_handler": switch value { case "slirp4netns": @@ -309,6 +318,13 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error { cmdArgs = append(cmdArgs, "--enable-seccomp") } + if cidr != "" { + if !slirpFeatures.HasCIDR { + return errors.Errorf("cidr not supported") + } + cmdArgs = append(cmdArgs, fmt.Sprintf("--cidr=%s", cidr)) + } + if enableIPv6 { if !slirpFeatures.HasIPv6 { return errors.Errorf("enable_ipv6 not supported") diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go index 4b5129f44..a95cd1d7a 100644 --- a/libpod/runtime_img.go +++ b/libpod/runtime_img.go @@ -17,6 +17,7 @@ import ( "github.com/containers/image/v5/oci/layout" "github.com/containers/image/v5/types" "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/events" "github.com/containers/podman/v2/libpod/image" "github.com/containers/podman/v2/pkg/util" "github.com/containers/storage" @@ -150,9 +151,21 @@ func removeStorageContainers(ctrIDs []string, store storage.Store) error { return nil } +// newBuildEvent creates a new event based on completion of a built image +func (r *Runtime) newImageBuildCompleteEvent(idOrName string) { + e := events.NewEvent(events.Build) + e.Type = events.Image + e.Name = idOrName + if err := r.eventer.Write(e); err != nil { + logrus.Errorf("unable to write build event: %q", err) + } +} + // Build adds the runtime to the imagebuildah call func (r *Runtime) Build(ctx context.Context, options imagebuildah.BuildOptions, dockerfiles ...string) (string, reference.Canonical, error) { id, ref, err := imagebuildah.BuildDockerfiles(ctx, r.store, options, dockerfiles...) + // Write event for build completion + r.newImageBuildCompleteEvent(id) return id, ref, err } diff --git a/pkg/bindings/connection.go b/pkg/bindings/connection.go index e820e1c8b..ef9644de8 100644 --- a/pkg/bindings/connection.go +++ b/pkg/bindings/connection.go @@ -180,8 +180,9 @@ func pingNewConnection(ctx context.Context) error { } func sshClient(_url *url.URL, secure bool, passPhrase string, identity string) (Connection, error) { + // if you modify the authmethods or their conditionals, you will also need to make similar + // changes in the client (currently cmd/podman/system/connection/add getUDS). authMethods := []ssh.AuthMethod{} - if len(identity) > 0 { auth, err := terminal.PublicKey(identity, []byte(passPhrase)) if err != nil { @@ -205,6 +206,13 @@ func sshClient(_url *url.URL, secure bool, passPhrase string, identity string) ( if pw, found := _url.User.Password(); found { authMethods = append(authMethods, ssh.Password(pw)) } + if len(authMethods) == 0 { + pass, err := terminal.ReadPassword("Login password:") + if err != nil { + return Connection{}, err + } + authMethods = append(authMethods, ssh.Password(string(pass))) + } callback := ssh.InsecureIgnoreHostKey() if secure { diff --git a/pkg/network/network.go b/pkg/network/network.go index b24c72f5f..db625da56 100644 --- a/pkg/network/network.go +++ b/pkg/network/network.go @@ -137,6 +137,15 @@ func networkIntersect(n1, n2 *net.IPNet) bool { // ValidateUserNetworkIsAvailable returns via an error if a network is available // to be used func ValidateUserNetworkIsAvailable(config *config.Config, userNet *net.IPNet) error { + if len(userNet.IP) == 0 || len(userNet.Mask) == 0 { + return errors.Errorf("network %s's ip or mask cannot be empty", userNet.String()) + } + + ones, bit := userNet.Mask.Size() + if ones == 0 || bit == 0 { + return errors.Errorf("network %s's mask is invalid", userNet.String()) + } + networks, err := GetNetworksFromFilesystem(config) if err != nil { return err diff --git a/test/apiv2/35-networks.at b/test/apiv2/35-networks.at index fff3f3b1f..4c032c072 100644 --- a/test/apiv2/35-networks.at +++ b/test/apiv2/35-networks.at @@ -3,6 +3,32 @@ # network-related tests # -t GET /networks/non-existing-network 404 +t GET networks/non-existing-network 404 \ + .cause='network not found' + +if root; then + t POST libpod/networks/create?name=network1 '' 200 \ + .Filename~.*/network1\\.conflist + + # --data '{"Subnet":{"IP":"10.10.254.0","Mask":[255,255,255,0]}}' + t POST libpod/networks/create?name=network2 '"Subnet":{"IP":"10.10.254.0","Mask":[255,255,255,0]}' 200 \ + .Filename~.*/network2\\.conflist + + # test for empty mask + t POST libpod/networks/create '"Subnet":{"IP":"10.10.1.0","Mask":[]}' 500 \ + .cause~'.*cannot be empty' + # test for invalid mask + t POST libpod/networks/create '"Subnet":{"IP":"10.10.1.0","Mask":[0,255,255,0]}' 500 \ + .cause~'.*mask is invalid' + + # clean the network + t DELETE libpod/networks/network1 200 \ + .[0].Name~network1 \ + .[0].Err=null + t DELETE libpod/networks/network2 200 \ + .[0].Name~network2 \ + .[0].Err=null + +fi # vim: filetype=sh diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index d735217d6..83befe730 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -293,6 +293,22 @@ var _ = Describe("Podman run networking", func() { Expect(session.ExitCode()).To(Equal(0)) }) + It("podman run slirp4netns network with different cidr", func() { + slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"}) + Expect(slirp4netnsHelp.ExitCode()).To(Equal(0)) + + networkConfiguration := "slirp4netns:cidr=192.168.0.0/24,allow_host_loopback=true" + session := podmanTest.Podman([]string{"run", "--network", networkConfiguration, ALPINE, "ping", "-c1", "192.168.0.2"}) + session.Wait(30) + + if strings.Contains(slirp4netnsHelp.OutputToString(), "cidr") { + Expect(session.ExitCode()).To(Equal(0)) + } else { + Expect(session.ExitCode()).ToNot(Equal(0)) + Expect(session.ErrorToString()).To(ContainSubstring("cidr not supported")) + } + }) + It("podman run network bind to 127.0.0.1", func() { slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"}) Expect(slirp4netnsHelp.ExitCode()).To(Equal(0)) |